Host 195.37.245.209
Germany
Verein zur Foerderung eines Deutschen Forschungsnetzes e.V.
  • CheckMK monitoring endpoint publicly available
    IP: 195.37.245.209
    Port: 6556
    First seen 2024-09-10 17:12
    Last seen 2024-12-22 00:56
    Open for 102 days

    • Severity: high
      Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe56836301d7eb71

      Found public CheckMk agent:
Version: 1.5.0p25
AgentOS: linux
Hostname: sarpedon
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
OnlyFrom: 

Found process list through CheckMk:
(root,189460,12584,00:01:36/39-14:34:39,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29
(root,0,0,00:00:01/39-14:34:39,2) [kthreadd]
(root,0,0,00:00:00/39-14:34:39,3) [rcu_gp]
(root,0,0,00:00:00/39-14:34:39,4) [rcu_par_gp]
(root,0,0,00:00:00/39-14:34:39,5) [slub_flushwq]
(root,0,0,00:00:00/39-14:34:39,7) [kworker/0:0H-events_highpri]
(root,0,0,00:00:00/39-14:34:39,9) [mm_percpu_wq]
(root,0,0,00:00:00/39-14:34:39,10) [rcu_tasks_kthre]
(root,0,0,00:00:00/39-14:34:39,11) [rcu_tasks_rude_]
(root,0,0,00:00:00/39-14:34:39,12) [rcu_tasks_trace]
(root,0,0,00:01:14/39-14:34:39,13) [ksoftirqd/0]
(root,0,0,01:45:18/39-14:34:39,14) [rcu_preempt]
(root,0,0,00:00:15/39-14:34:39,15) [migration/0]
(root,0,0,00:00:00/39-14:34:39,16) [idle_inject/0]
(root,0,0,00:00:00/39-14:34:39,18) [cpuhp/0]
(root,0,0,00:00:00/39-14:34:39,19) [cpuhp/1]
(root,0,0,00:00:00/39-14:34:39,20) [idle_inject/1]
(root,0,0,00:00:15/39-14:34:39,21) [migration/1]
(root,0,0,00:01:05/39-14:34:39,22) [ksoftirqd/1]
(root,0,0,00:00:00/39-14:34:39,24) [kworker/1:0H-events_highpri]
(root,0,0,00:00:00/39-14:34:39,25) [cpuhp/2]
(root,0,0,00:00:00/39-14:34:39,26) [idle_inject/2]
(root,0,0,00:00:12/39-14:34:39,27) [migration/2]
(root,0,0,01:14:06/39-14:34:39,28) [ksoftirqd/2]
(root,0,0,00:00:00/39-14:34:39,30) [kworker/2:0H-events_highpri]
(root,0,0,00:00:00/39-14:34:39,31) [cpuhp/3]
(root,0,0,00:00:00/39-14:34:39,32) [idle_inject/3]
(root,0,0,00:00:14/39-14:34:39,33) [migration/3]
(root,0,0,00:03:31/39-14:34:39,34) [ksoftirqd/3]
(root,0,0,00:00:00/39-14:34:39,36) [kworker/3:0H-events_highpri]
(root,0,0,00:00:00/39-14:34:39,39) [kdevtmpfs]
(root,0,0,00:00:00/39-14:34:39,40) [netns]
(root,0,0,00:00:00/39-14:34:39,41) [inet_frag_wq]
(root,0,0,00:00:09/39-14:34:39,42) [kauditd]
(root,0,0,00:00:00/39-14:34:39,43) [khungtaskd]
(root,0,0,00:00:00/39-14:34:39,44) [oom_reaper]
(root,0,0,00:00:00/39-14:34:39,45) [writeback]
(root,0,0,00:01:56/39-14:34:39,46) [kcompactd0]
(root,0,0,00:00:00/39-14:34:39,47) [ksmd]
(root,0,0,00:01:57/39-14:34:39,48) [khugepaged]
(root,0,0,00:00:00/39-14:34:39,74) [kintegrityd]
(root,0,0,00:00:00/39-14:34:39,75) [kblockd]
(root,0,0,00:00:00/39-14:34:39,76) [blkcg_punt_bio]
(root,0,0,00:00:00/39-14:34:39,78) [tpm_dev_wq]
(root,0,0,00:00:00/39-14:34:39,79) [edac-poller]
(root,0,0,00:00:00/39-14:34:39,80) [devfreq_wq]
(root,0,0,00:00:00/39-14:34:39,110) [watchdogd]
(root,0,0,00:00:08/39-14:34:39,111) [kworker/2:1H-kblockd]
(root,0,0,00:00:02/39-14:34:39,112) [kswapd0]
(root,0,0,00:00:00/39-14:34:38,114) [kthrotld]
(root,0,0,00:00:00/39-14:34:38,115) [mld]
(root,0,0,00:00:00/39-14:34:38,116) [ipv6_addrconf]
(root,0,0,00:00:17/39-14:34:38,117) [kworker/1:1H-kblockd]
(root,0,0,00:00:00/39-14:34:38,122) [kstrp]
(root,0,0,00:00:00/39-14:34:38,123) [zswap-shrink]
(root,0,0,00:00:00/39-14:34:38,124) [kworker/u9:0]
(root,0,0,00:00:00/39-14:34:38,129) [charger_manager]
(root,0,0,00:00:08/39-14:34:37,172) [kworker/3:1H-kblockd]
(root,0,0,00:00:09/39-14:34:37,175) [kworker/0:1H-kblockd]
(root,0,0,00:00:00/39-14:34:37,205) [kaluad]
(root,0,0,00:00:00/39-14:34:37,250) [kmpath_rdacd]
(root,0,0,00:00:00/39-14:34:37,293) [kmpathd]
(root,0,0,00:00:00/39-14:34:37,294) [kmpath_handlerd]
(root,0,0,00:00:00/39-14:34:37,342) [ata_sff]
(root,0,0,00:00:00/39-14:34:36,343) [scsi_eh_0]
(root,0,0,00:00:00/39-14:34:36,344) [scsi_tmf_0]
(root,0,0,00:00:00/39-14:34:36,345) [scsi_eh_1]
(root,0,0,00:00:00/39-14:34:36,346) [scsi_tmf_1]
(root,0,0,00:01:05/39-14:34:34,366) [jbd2/vda1-8]
(root,0,0,00:00:00/39-14:34:34,367) [ext4-rsv-conver]
(root,38604,7788,00:00:54/39-14:34:22,440) /usr/lib/systemd/systemd-journald
(root,53164,9480,00:00:04/39-14:34:21,456) /usr/lib/systemd/systemd-udevd
(root,8624,6716,00:00:59/39-14:34:19,491) /usr/sbin/haveged -w 1024 -v 0 -F
(root,13476,1628,00:00:19/39-14:33:45,512) /sbin/auditd
(messagebus,22936,5548,00:01:45/39-14:33:45,518) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
(root,38748,8524,00:01:01/39-14:33:45,531) /usr/lib/systemd/systemd-logind
(root,20556,5000,00:00:00/39-14:33:45,541) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground
(root,31876,16108,00:00:03/39-14:33:44,626) /usr/sbin/wickedd --systemd --foreground
(root,31896,16848,00:00:00/39-14:33:44,627) /usr/sbin/wickedd-nanny --systemd --foreground
(root,548616,32972,00:00:44/39-14:33:30,1172) python3 /services/inst/nemo-exportd/bin/nemo-exportd
(root,37016,26404,00:00:00/39-14:33:30,1185) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion
(root,21172,4576,00:03:45/39-14:33:29,1194) /usr/sbin/xinetd -stayalive -dontfork
(root,2984,1744,00:00:00/39-14:33:29,1197) /sbin/agetty -o -p -- \u --noclear tty1 linux
(syslogtunnel,40568,10524,00:00:00/39-14:33:29,1199) /usr/lib/systemd/systemd --user
(cm-ssh,40568,10520,00:00:00/39-14:33:29,1200) /usr/lib/systemd/systemd --user
(checkmk,40560,10484,00:00:00/39-14:33:29,1201) /usr/lib/systemd/systemd --user
(root,448968,8396,00:00:50/39-14:33:29,1202) /usr/sbin/rsyslogd -n -iNONE
(ntp,20660,6052,00:05:23/39-14:33:29,1204) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf
(root,2516,672,00:00:00/39-14:33:29,1206) bpfilter_umh
(root,26204,8212,00:00:16/39-14:33:29,1214) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups
(ntp,22048,4188,00:00:00/39-14:33:29,1215) ntpd: asynchronous dns resolver
(spot,299616,183128,2-02:58:29/39-14:33:29,1221) /usr/bin/python3.11 /usr/bin/spot
(cm-ssh,48532,3192,00:00:00/39-14:33:28,1228) (sd-pam)
(checkmk,48532,3192,00:00:00/39-14:33:28,1229) (sd-pam)
(syslogtunnel,48532,3192,00:00:00/39-14:33:28,1245) (sd-pam)
(root,24216,5344,00:00:13/39-14:33:27,1325) /usr/lib/postfix/bin//master -w
(postfix,24292,8260,00:00:02/39-14:33:27,1327) qmgr -l -t fifo -u
(root,8964,2668,00:00:05/39-14:33:26,1354) /usr/sbin/cron -n
(root,698484,82656,00:51:44/39-14:33:20,1375) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion
(spot,225728,66924,00:17:03/39-14:33:06,1380) /usr/bin/python3.11 /usr/bin/spot
(root,0,0,00:00:01/01:57:28,2674) [kworker/0:2-events]
(root,0,0,00:00:00/38:09,5528) [kworker/1:2-events]
(root,0,0,00:00:00/03:56,7221) [kworker/3:0-events]
(root,0,0,00:00:00/01:31:44,9266) [kworker/u8:0-flush-253:0]
(root,6656,3488,00:00:00/00:00,9712) /bin/bash /usr/bin/check_mk_agent
(root,13744,3376,00:00:00/00:00,9730) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000
(root,11644,964,00:00:00/00:00,9731) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) /
(root,0,0,00:00:00/22:57,12385) [kworker/0:0]
(postfix,24244,8292,00:00:00/01:58,13685) pickup -l -t fifo -u
(root,0,0,00:00:00/02:05:30,15256) [kworker/u8:2-ext4-rsv-conversion]
(root,35308,10012,00:00:00/33-12:24:22,15389) sshd: cm-ssh [priv]
(cm-ssh,35308,5508,00:01:51/33-12:24:21,15391) sshd: cm-ssh
(root,0,0,00:00:00/01:50,15706) [kworker/1:1-ata_sff]
(root,35308,10072,00:00:00/23-13:53:00,16975) sshd: syslogtunnel [priv]
(syslogtunnel,35308,5588,00:01:22/23-13:52:59,16977) sshd: syslogtunnel
(root,0,0,00:00:00/12:32,18644) [kworker/3:1-cgroup_destroy]
(root,0,0,00:00:00/42:58,19043) [kworker/3:2-cgroup_destroy]
(root,0,0,00:00:00/10:20,24965) [kworker/2:0-events]
(root,0,0,00:00:00/18:51,29419) [kworker/2:2-cgroup_destroy]
(postfix,44628,9272,00:00:01/33-19:10:07,30472) tlsmgr -l -t unix -u
(root,0,0,00:00:00/07:03,31013) [kworker/1:0-ata_sff]

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff
    altname enp0s18
    altname ens18
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff
    altname enp0s19
    altname ens19
[end_iplink]
      Found on 2024-12-22 00:56

    • Severity: high
      Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe56836326672eec

      Found public CheckMk agent:
Version: 1.5.0p25
AgentOS: linux
Hostname: sarpedon
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
OnlyFrom: 

Found process list through CheckMk:
(root,189460,12576,00:01:26/37-14:01:10,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29
(root,0,0,00:00:01/37-14:01:10,2) [kthreadd]
(root,0,0,00:00:00/37-14:01:10,3) [rcu_gp]
(root,0,0,00:00:00/37-14:01:10,4) [rcu_par_gp]
(root,0,0,00:00:00/37-14:01:10,5) [slub_flushwq]
(root,0,0,00:00:00/37-14:01:10,7) [kworker/0:0H-events_highpri]
(root,0,0,00:00:00/37-14:01:10,9) [mm_percpu_wq]
(root,0,0,00:00:00/37-14:01:10,10) [rcu_tasks_kthre]
(root,0,0,00:00:00/37-14:01:10,11) [rcu_tasks_rude_]
(root,0,0,00:00:00/37-14:01:10,12) [rcu_tasks_trace]
(root,0,0,00:01:09/37-14:01:10,13) [ksoftirqd/0]
(root,0,0,01:39:42/37-14:01:10,14) [rcu_preempt]
(root,0,0,00:00:14/37-14:01:10,15) [migration/0]
(root,0,0,00:00:00/37-14:01:10,16) [idle_inject/0]
(root,0,0,00:00:00/37-14:01:10,18) [cpuhp/0]
(root,0,0,00:00:00/37-14:01:10,19) [cpuhp/1]
(root,0,0,00:00:00/37-14:01:10,20) [idle_inject/1]
(root,0,0,00:00:14/37-14:01:10,21) [migration/1]
(root,0,0,00:01:00/37-14:01:10,22) [ksoftirqd/1]
(root,0,0,00:00:00/37-14:01:10,24) [kworker/1:0H-events_highpri]
(root,0,0,00:00:00/37-14:01:10,25) [cpuhp/2]
(root,0,0,00:00:00/37-14:01:10,26) [idle_inject/2]
(root,0,0,00:00:11/37-14:01:10,27) [migration/2]
(root,0,0,01:10:40/37-14:01:10,28) [ksoftirqd/2]
(root,0,0,00:00:00/37-14:01:10,30) [kworker/2:0H-events_highpri]
(root,0,0,00:00:00/37-14:01:10,31) [cpuhp/3]
(root,0,0,00:00:00/37-14:01:10,32) [idle_inject/3]
(root,0,0,00:00:14/37-14:01:10,33) [migration/3]
(root,0,0,00:03:20/37-14:01:10,34) [ksoftirqd/3]
(root,0,0,00:00:00/37-14:01:10,36) [kworker/3:0H-events_highpri]
(root,0,0,00:00:00/37-14:01:10,39) [kdevtmpfs]
(root,0,0,00:00:00/37-14:01:10,40) [netns]
(root,0,0,00:00:00/37-14:01:10,41) [inet_frag_wq]
(root,0,0,00:00:08/37-14:01:10,42) [kauditd]
(root,0,0,00:00:00/37-14:01:10,43) [khungtaskd]
(root,0,0,00:00:00/37-14:01:10,44) [oom_reaper]
(root,0,0,00:00:00/37-14:01:10,45) [writeback]
(root,0,0,00:01:50/37-14:01:10,46) [kcompactd0]
(root,0,0,00:00:00/37-14:01:10,47) [ksmd]
(root,0,0,00:01:50/37-14:01:10,48) [khugepaged]
(root,0,0,00:00:00/37-14:01:10,74) [kintegrityd]
(root,0,0,00:00:00/37-14:01:10,75) [kblockd]
(root,0,0,00:00:00/37-14:01:10,76) [blkcg_punt_bio]
(root,0,0,00:00:00/37-14:01:10,78) [tpm_dev_wq]
(root,0,0,00:00:00/37-14:01:10,79) [edac-poller]
(root,0,0,00:00:00/37-14:01:10,80) [devfreq_wq]
(root,0,0,00:00:00/37-14:01:10,110) [watchdogd]
(root,0,0,00:00:07/37-14:01:10,111) [kworker/2:1H-kblockd]
(root,0,0,00:00:02/37-14:01:10,112) [kswapd0]
(root,0,0,00:00:00/37-14:01:09,114) [kthrotld]
(root,0,0,00:00:00/37-14:01:09,115) [mld]
(root,0,0,00:00:00/37-14:01:09,116) [ipv6_addrconf]
(root,0,0,00:00:16/37-14:01:09,117) [kworker/1:1H-kblockd]
(root,0,0,00:00:00/37-14:01:09,122) [kstrp]
(root,0,0,00:00:00/37-14:01:09,123) [zswap-shrink]
(root,0,0,00:00:00/37-14:01:09,124) [kworker/u9:0]
(root,0,0,00:00:00/37-14:01:09,129) [charger_manager]
(root,0,0,00:00:08/37-14:01:08,172) [kworker/3:1H-kblockd]
(root,0,0,00:00:08/37-14:01:08,175) [kworker/0:1H-kblockd]
(root,0,0,00:00:00/37-14:01:08,205) [kaluad]
(root,0,0,00:00:00/37-14:01:08,250) [kmpath_rdacd]
(root,0,0,00:00:00/37-14:01:08,293) [kmpathd]
(root,0,0,00:00:00/37-14:01:08,294) [kmpath_handlerd]
(root,0,0,00:00:00/37-14:01:08,342) [ata_sff]
(root,0,0,00:00:00/37-14:01:07,343) [scsi_eh_0]
(root,0,0,00:00:00/37-14:01:07,344) [scsi_tmf_0]
(root,0,0,00:00:00/37-14:01:07,345) [scsi_eh_1]
(root,0,0,00:00:00/37-14:01:07,346) [scsi_tmf_1]
(root,0,0,00:01:01/37-14:01:05,366) [jbd2/vda1-8]
(root,0,0,00:00:00/37-14:01:05,367) [ext4-rsv-conver]
(root,38604,7788,00:00:48/37-14:00:53,440) /usr/lib/systemd/systemd-journald
(root,53164,9480,00:00:04/37-14:00:52,456) /usr/lib/systemd/systemd-udevd
(root,8624,6716,00:00:56/37-14:00:50,491) /usr/sbin/haveged -w 1024 -v 0 -F
(root,13476,1628,00:00:17/37-14:00:16,512) /sbin/auditd
(messagebus,22936,5548,00:01:32/37-14:00:16,518) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
(root,38748,8524,00:00:54/37-14:00:16,531) /usr/lib/systemd/systemd-logind
(root,20556,5000,00:00:00/37-14:00:16,541) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground
(root,31876,16108,00:00:03/37-14:00:15,626) /usr/sbin/wickedd --systemd --foreground
(root,31896,16848,00:00:00/37-14:00:15,627) /usr/sbin/wickedd-nanny --systemd --foreground
(root,548616,32972,00:00:42/37-14:00:01,1172) python3 /services/inst/nemo-exportd/bin/nemo-exportd
(root,37016,26404,00:00:00/37-14:00:01,1185) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion
(root,21172,4576,00:03:32/37-14:00:00,1194) /usr/sbin/xinetd -stayalive -dontfork
(root,2984,1744,00:00:00/37-14:00:00,1197) /sbin/agetty -o -p -- \u --noclear tty1 linux
(syslogtunnel,40568,10524,00:00:00/37-14:00:00,1199) /usr/lib/systemd/systemd --user
(cm-ssh,40568,10520,00:00:00/37-14:00:00,1200) /usr/lib/systemd/systemd --user
(checkmk,40560,10484,00:00:00/37-14:00:00,1201) /usr/lib/systemd/systemd --user
(root,448968,8396,00:00:46/37-14:00:00,1202) /usr/sbin/rsyslogd -n -iNONE
(ntp,20660,6052,00:05:06/37-14:00:00,1204) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf
(root,2516,672,00:00:00/37-14:00:00,1206) bpfilter_umh
(root,26204,8212,00:00:14/37-14:00:00,1214) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups
(ntp,22048,4188,00:00:00/37-14:00:00,1215) ntpd: asynchronous dns resolver
(spot,296272,182112,1-23:13:41/37-14:00:00,1221) /usr/bin/python3.11 /usr/bin/spot
(cm-ssh,48532,3192,00:00:00/37-13:59:59,1228) (sd-pam)
(checkmk,48532,3192,00:00:00/37-13:59:59,1229) (sd-pam)
(syslogtunnel,48532,3192,00:00:00/37-13:59:59,1245) (sd-pam)
(root,24216,5344,00:00:12/37-13:59:58,1325) /usr/lib/postfix/bin//master -w
(postfix,24292,8260,00:00:02/37-13:59:58,1327) qmgr -l -t fifo -u
(root,8964,2668,00:00:05/37-13:59:57,1354) /usr/sbin/cron -n
(root,698484,82412,00:49:05/37-13:59:51,1375) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion
(spot,224704,66044,00:16:08/37-13:59:37,1380) /usr/bin/python3.11 /usr/bin/spot
(root,0,0,00:00:00/00:46,2838) [kworker/3:1-events]
(root,0,0,00:00:00/00:11,4583) [kworker/u8:1-flush-253:0]
(root,6656,3488,00:00:00/00:00,5704) /bin/bash /usr/bin/check_mk_agent
(root,13744,3508,00:00:00/00:00,5722) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000
(root,11644,964,00:00:00/00:00,5723) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) /
(root,0,0,00:00:00/10:10,10610) [kworker/1:2-ata_sff]
(root,0,0,00:00:00/01:35:00,13355) [kworker/3:0-cgroup_destroy]
(root,35308,10012,00:00:00/31-11:50:53,15389) sshd: cm-ssh [priv]
(cm-ssh,35308,5508,00:01:44/31-11:50:52,15391) sshd: cm-ssh
(root,0,0,00:00:00/07:52,16397) [kworker/u8:0-ext4-rsv-conversion]
(root,35308,10072,00:00:00/21-13:19:31,16975) sshd: syslogtunnel [priv]
(syslogtunnel,35308,5588,00:01:14/21-13:19:30,16977) sshd: syslogtunnel
(root,0,0,00:00:00/01:43:12,17446) [kworker/0:2-events]
(root,0,0,00:00:00/06:53,18386) [kworker/3:2-events]
(root,0,0,00:00:00/37:49,19242) [kworker/u8:2-ext4-rsv-conversion]
(root,0,0,00:00:00/51:42,21022) [kworker/1:1-events]
(postfix,24244,8204,00:00:00/01:30:32,22497) pickup -l -t fifo -u
(root,0,0,00:00:00/19:08,23807) [kworker/2:0-events]
(root,0,0,00:00:00/04:59,26762) [kworker/1:0-ata_sff]
(root,0,0,00:00:00/17:06,26953) [kworker/0:1-cgroup_destroy]
(postfix,44628,9272,00:00:01/31-18:36:38,30472) tlsmgr -l -t unix -u
(root,0,0,00:00:02/01:47:12,32596) [kworker/2:1-events]

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff
    altname enp0s18
    altname ens18
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff
    altname enp0s19
    altname ens19
[end_iplink]
      Found on 2024-12-20 00:23

    • Severity: high
      Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363df0233ab

      Found public CheckMk agent:
Version: 1.5.0p25
AgentOS: linux
Hostname: sarpedon
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
OnlyFrom: 

Found process list through CheckMk:
(root,189460,12576,00:01:22/35-15:15:25,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29
(root,0,0,00:00:00/35-15:15:25,2) [kthreadd]
(root,0,0,00:00:00/35-15:15:25,3) [rcu_gp]
(root,0,0,00:00:00/35-15:15:25,4) [rcu_par_gp]
(root,0,0,00:00:00/35-15:15:25,5) [slub_flushwq]
(root,0,0,00:00:00/35-15:15:25,7) [kworker/0:0H-events_highpri]
(root,0,0,00:00:00/35-15:15:25,9) [mm_percpu_wq]
(root,0,0,00:00:00/35-15:15:25,10) [rcu_tasks_kthre]
(root,0,0,00:00:00/35-15:15:25,11) [rcu_tasks_rude_]
(root,0,0,00:00:00/35-15:15:25,12) [rcu_tasks_trace]
(root,0,0,00:01:05/35-15:15:25,13) [ksoftirqd/0]
(root,0,0,01:34:29/35-15:15:25,14) [rcu_preempt]
(root,0,0,00:00:13/35-15:15:25,15) [migration/0]
(root,0,0,00:00:00/35-15:15:25,16) [idle_inject/0]
(root,0,0,00:00:00/35-15:15:25,18) [cpuhp/0]
(root,0,0,00:00:00/35-15:15:25,19) [cpuhp/1]
(root,0,0,00:00:00/35-15:15:25,20) [idle_inject/1]
(root,0,0,00:00:14/35-15:15:25,21) [migration/1]
(root,0,0,00:00:57/35-15:15:25,22) [ksoftirqd/1]
(root,0,0,00:00:00/35-15:15:25,24) [kworker/1:0H-events_highpri]
(root,0,0,00:00:00/35-15:15:25,25) [cpuhp/2]
(root,0,0,00:00:00/35-15:15:25,26) [idle_inject/2]
(root,0,0,00:00:11/35-15:15:25,27) [migration/2]
(root,0,0,01:07:41/35-15:15:25,28) [ksoftirqd/2]
(root,0,0,00:00:00/35-15:15:25,30) [kworker/2:0H-events_highpri]
(root,0,0,00:00:00/35-15:15:25,31) [cpuhp/3]
(root,0,0,00:00:00/35-15:15:25,32) [idle_inject/3]
(root,0,0,00:00:13/35-15:15:25,33) [migration/3]
(root,0,0,00:03:11/35-15:15:25,34) [ksoftirqd/3]
(root,0,0,00:00:00/35-15:15:25,36) [kworker/3:0H-events_highpri]
(root,0,0,00:00:00/35-15:15:25,39) [kdevtmpfs]
(root,0,0,00:00:00/35-15:15:25,40) [netns]
(root,0,0,00:00:00/35-15:15:25,41) [inet_frag_wq]
(root,0,0,00:00:07/35-15:15:25,42) [kauditd]
(root,0,0,00:00:00/35-15:15:25,43) [khungtaskd]
(root,0,0,00:00:00/35-15:15:25,44) [oom_reaper]
(root,0,0,00:00:00/35-15:15:25,45) [writeback]
(root,0,0,00:01:45/35-15:15:25,46) [kcompactd0]
(root,0,0,00:00:00/35-15:15:25,47) [ksmd]
(root,0,0,00:01:43/35-15:15:25,48) [khugepaged]
(root,0,0,00:00:00/35-15:15:25,74) [kintegrityd]
(root,0,0,00:00:00/35-15:15:25,75) [kblockd]
(root,0,0,00:00:00/35-15:15:25,76) [blkcg_punt_bio]
(root,0,0,00:00:00/35-15:15:25,78) [tpm_dev_wq]
(root,0,0,00:00:00/35-15:15:25,79) [edac-poller]
(root,0,0,00:00:00/35-15:15:25,80) [devfreq_wq]
(root,0,0,00:00:00/35-15:15:25,110) [watchdogd]
(root,0,0,00:00:07/35-15:15:25,111) [kworker/2:1H-kblockd]
(root,0,0,00:00:02/35-15:15:25,112) [kswapd0]
(root,0,0,00:00:00/35-15:15:24,114) [kthrotld]
(root,0,0,00:00:00/35-15:15:24,115) [mld]
(root,0,0,00:00:00/35-15:15:24,116) [ipv6_addrconf]
(root,0,0,00:00:15/35-15:15:24,117) [kworker/1:1H-kblockd]
(root,0,0,00:00:00/35-15:15:24,122) [kstrp]
(root,0,0,00:00:00/35-15:15:24,123) [zswap-shrink]
(root,0,0,00:00:00/35-15:15:24,124) [kworker/u9:0]
(root,0,0,00:00:00/35-15:15:24,129) [charger_manager]
(root,0,0,00:00:07/35-15:15:23,172) [kworker/3:1H-kblockd]
(root,0,0,00:00:08/35-15:15:23,175) [kworker/0:1H-kblockd]
(root,0,0,00:00:00/35-15:15:23,205) [kaluad]
(root,0,0,00:00:00/35-15:15:23,250) [kmpath_rdacd]
(root,0,0,00:00:00/35-15:15:23,293) [kmpathd]
(root,0,0,00:00:00/35-15:15:23,294) [kmpath_handlerd]
(root,0,0,00:00:00/35-15:15:23,342) [ata_sff]
(root,0,0,00:00:00/35-15:15:22,343) [scsi_eh_0]
(root,0,0,00:00:00/35-15:15:22,344) [scsi_tmf_0]
(root,0,0,00:00:00/35-15:15:22,345) [scsi_eh_1]
(root,0,0,00:00:00/35-15:15:22,346) [scsi_tmf_1]
(root,0,0,00:00:58/35-15:15:20,366) [jbd2/vda1-8]
(root,0,0,00:00:00/35-15:15:20,367) [ext4-rsv-conver]
(root,38604,7788,00:00:46/35-15:15:08,440) /usr/lib/systemd/systemd-journald
(root,53164,9480,00:00:04/35-15:15:07,456) /usr/lib/systemd/systemd-udevd
(root,8624,6716,00:00:53/35-15:15:05,491) /usr/sbin/haveged -w 1024 -v 0 -F
(root,13476,1628,00:00:16/35-15:14:31,512) /sbin/auditd
(messagebus,22936,5548,00:01:28/35-15:14:31,518) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
(root,38748,8524,00:00:51/35-15:14:31,531) /usr/lib/systemd/systemd-logind
(root,20556,5000,00:00:00/35-15:14:31,541) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground
(root,31876,16108,00:00:03/35-15:14:30,626) /usr/sbin/wickedd --systemd --foreground
(root,31896,16848,00:00:00/35-15:14:30,627) /usr/sbin/wickedd-nanny --systemd --foreground
(root,548616,32960,00:00:40/35-15:14:16,1172) python3 /services/inst/nemo-exportd/bin/nemo-exportd
(root,37016,26404,00:00:00/35-15:14:16,1185) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion
(root,21172,4576,00:03:21/35-15:14:15,1194) /usr/sbin/xinetd -stayalive -dontfork
(root,2984,1744,00:00:00/35-15:14:15,1197) /sbin/agetty -o -p -- \u --noclear tty1 linux
(syslogtunnel,40568,10524,00:00:00/35-15:14:15,1199) /usr/lib/systemd/systemd --user
(cm-ssh,40568,10520,00:00:00/35-15:14:15,1200) /usr/lib/systemd/systemd --user
(checkmk,40560,10484,00:00:00/35-15:14:15,1201) /usr/lib/systemd/systemd --user
(root,448968,8396,00:00:44/35-15:14:15,1202) /usr/sbin/rsyslogd -n -iNONE
(ntp,20660,6052,00:04:50/35-15:14:15,1204) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf
(root,2516,672,00:00:00/35-15:14:15,1206) bpfilter_umh
(root,26204,8212,00:00:13/35-15:14:15,1214) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups
(ntp,22048,4188,00:00:00/35-15:14:15,1215) ntpd: asynchronous dns resolver
(spot,293528,180016,1-20:13:03/35-15:14:15,1221) /usr/bin/python3.11 /usr/bin/spot
(cm-ssh,48532,3192,00:00:00/35-15:14:14,1228) (sd-pam)
(checkmk,48532,3192,00:00:00/35-15:14:14,1229) (sd-pam)
(syslogtunnel,48532,3192,00:00:00/35-15:14:14,1245) (sd-pam)
(root,24216,5344,00:00:11/35-15:14:13,1325) /usr/lib/postfix/bin//master -w
(postfix,24292,8260,00:00:02/35-15:14:13,1327) qmgr -l -t fifo -u
(root,8964,2668,00:00:04/35-15:14:12,1354) /usr/sbin/cron -n
(root,698228,81996,00:46:34/35-15:14:06,1375) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion
(spot,223680,64164,00:15:16/35-15:13:52,1380) /usr/bin/python3.11 /usr/bin/spot
(root,0,0,00:00:00/00:54,4297) [kworker/1:2-ata_sff]
(root,6656,3484,00:00:00/00:00,6959) /bin/bash /usr/bin/check_mk_agent
(root,13744,3384,00:00:00/00:00,6977) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000
(root,11644,952,00:00:00/00:00,6978) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) /
(root,0,0,00:00:00/57:59,7081) [kworker/1:1-events]
(root,0,0,00:00:00/01:07:07,10630) [kworker/u8:2-ext4-rsv-conversion]
(root,35308,10012,00:00:00/29-13:05:08,15389) sshd: cm-ssh [priv]
(cm-ssh,35308,5508,00:01:38/29-13:05:07,15391) sshd: cm-ssh
(root,0,0,00:00:00/04:50:41,15974) [kworker/u8:1-writeback]
(postfix,24244,8228,00:00:00/01:26:33,16513) pickup -l -t fifo -u
(root,35308,10072,00:00:00/19-14:33:46,16975) sshd: syslogtunnel [priv]
(syslogtunnel,35308,5588,00:01:07/19-14:33:45,16977) sshd: syslogtunnel
(root,0,0,00:00:00/06:06,17230) [kworker/1:0-ata_sff]
(root,0,0,00:00:00/52:06,19051) [kworker/0:0-events]
(root,0,0,00:00:00/21:17,25607) [kworker/2:2-cgroup_destroy]
(root,0,0,00:00:00/02:08:58,25943) [kworker/3:1]
(root,0,0,00:00:00/03:38,27958) [kworker/2:0-events]
(root,0,0,00:00:00/02:37:27,29889) [kworker/3:0-events]
(postfix,44628,9272,00:00:01/29-19:50:53,30472) tlsmgr -l -t unix -u
(root,0,0,00:00:00/01:45:56,31877) [kworker/0:1-events]
(root,0,0,00:00:00/28:53,32365) [kworker/2:1-events]

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff
    altname enp0s18
    altname ens18
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff
    altname enp0s19
    altname ens19
[end_iplink]
      Found on 2024-12-18 01:37

    • Severity: high
      Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363bb66da82

      Found public CheckMk agent:
Version: 1.5.0p25
AgentOS: linux
Hostname: sarpedon
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
OnlyFrom: 

Found process list through CheckMk:
(root,189460,12576,00:01:18/33-12:58:53,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29
(root,0,0,00:00:00/33-12:58:53,2) [kthreadd]
(root,0,0,00:00:00/33-12:58:53,3) [rcu_gp]
(root,0,0,00:00:00/33-12:58:53,4) [rcu_par_gp]
(root,0,0,00:00:00/33-12:58:53,5) [slub_flushwq]
(root,0,0,00:00:00/33-12:58:53,7) [kworker/0:0H-events_highpri]
(root,0,0,00:00:00/33-12:58:53,9) [mm_percpu_wq]
(root,0,0,00:00:00/33-12:58:53,10) [rcu_tasks_kthre]
(root,0,0,00:00:00/33-12:58:53,11) [rcu_tasks_rude_]
(root,0,0,00:00:00/33-12:58:53,12) [rcu_tasks_trace]
(root,0,0,00:01:01/33-12:58:53,13) [ksoftirqd/0]
(root,0,0,01:29:04/33-12:58:53,14) [rcu_preempt]
(root,0,0,00:00:12/33-12:58:53,15) [migration/0]
(root,0,0,00:00:00/33-12:58:53,16) [idle_inject/0]
(root,0,0,00:00:00/33-12:58:53,18) [cpuhp/0]
(root,0,0,00:00:00/33-12:58:53,19) [cpuhp/1]
(root,0,0,00:00:00/33-12:58:53,20) [idle_inject/1]
(root,0,0,00:00:13/33-12:58:53,21) [migration/1]
(root,0,0,00:00:53/33-12:58:53,22) [ksoftirqd/1]
(root,0,0,00:00:00/33-12:58:53,24) [kworker/1:0H-events_highpri]
(root,0,0,00:00:00/33-12:58:53,25) [cpuhp/2]
(root,0,0,00:00:00/33-12:58:53,26) [idle_inject/2]
(root,0,0,00:00:10/33-12:58:53,27) [migration/2]
(root,0,0,01:04:48/33-12:58:53,28) [ksoftirqd/2]
(root,0,0,00:00:00/33-12:58:53,30) [kworker/2:0H-events_highpri]
(root,0,0,00:00:00/33-12:58:53,31) [cpuhp/3]
(root,0,0,00:00:00/33-12:58:53,32) [idle_inject/3]
(root,0,0,00:00:12/33-12:58:53,33) [migration/3]
(root,0,0,00:03:01/33-12:58:53,34) [ksoftirqd/3]
(root,0,0,00:00:00/33-12:58:53,36) [kworker/3:0H-events_highpri]
(root,0,0,00:00:00/33-12:58:53,39) [kdevtmpfs]
(root,0,0,00:00:00/33-12:58:53,40) [netns]
(root,0,0,00:00:00/33-12:58:53,41) [inet_frag_wq]
(root,0,0,00:00:07/33-12:58:53,42) [kauditd]
(root,0,0,00:00:00/33-12:58:53,43) [khungtaskd]
(root,0,0,00:00:00/33-12:58:53,44) [oom_reaper]
(root,0,0,00:00:00/33-12:58:53,45) [writeback]
(root,0,0,00:01:38/33-12:58:53,46) [kcompactd0]
(root,0,0,00:00:00/33-12:58:53,47) [ksmd]
(root,0,0,00:01:37/33-12:58:53,48) [khugepaged]
(root,0,0,00:00:00/33-12:58:53,74) [kintegrityd]
(root,0,0,00:00:00/33-12:58:53,75) [kblockd]
(root,0,0,00:00:00/33-12:58:53,76) [blkcg_punt_bio]
(root,0,0,00:00:00/33-12:58:53,78) [tpm_dev_wq]
(root,0,0,00:00:00/33-12:58:53,79) [edac-poller]
(root,0,0,00:00:00/33-12:58:53,80) [devfreq_wq]
(root,0,0,00:00:00/33-12:58:53,110) [watchdogd]
(root,0,0,00:00:07/33-12:58:53,111) [kworker/2:1H-kblockd]
(root,0,0,00:00:02/33-12:58:53,112) [kswapd0]
(root,0,0,00:00:00/33-12:58:52,114) [kthrotld]
(root,0,0,00:00:00/33-12:58:52,115) [mld]
(root,0,0,00:00:00/33-12:58:52,116) [ipv6_addrconf]
(root,0,0,00:00:14/33-12:58:52,117) [kworker/1:1H-kblockd]
(root,0,0,00:00:00/33-12:58:52,122) [kstrp]
(root,0,0,00:00:00/33-12:58:52,123) [zswap-shrink]
(root,0,0,00:00:00/33-12:58:52,124) [kworker/u9:0]
(root,0,0,00:00:00/33-12:58:52,129) [charger_manager]
(root,0,0,00:00:07/33-12:58:51,172) [kworker/3:1H-kblockd]
(root,0,0,00:00:07/33-12:58:51,175) [kworker/0:1H-kblockd]
(root,0,0,00:00:00/33-12:58:51,205) [kaluad]
(root,0,0,00:00:00/33-12:58:51,250) [kmpath_rdacd]
(root,0,0,00:00:00/33-12:58:51,293) [kmpathd]
(root,0,0,00:00:00/33-12:58:51,294) [kmpath_handlerd]
(root,0,0,00:00:00/33-12:58:51,342) [ata_sff]
(root,0,0,00:00:00/33-12:58:50,343) [scsi_eh_0]
(root,0,0,00:00:00/33-12:58:50,344) [scsi_tmf_0]
(root,0,0,00:00:00/33-12:58:50,345) [scsi_eh_1]
(root,0,0,00:00:00/33-12:58:50,346) [scsi_tmf_1]
(root,0,0,00:00:54/33-12:58:48,366) [jbd2/vda1-8]
(root,0,0,00:00:00/33-12:58:48,367) [ext4-rsv-conver]
(root,38604,7788,00:00:44/33-12:58:36,440) /usr/lib/systemd/systemd-journald
(root,53164,9480,00:00:03/33-12:58:35,456) /usr/lib/systemd/systemd-udevd
(root,8624,6716,00:00:50/33-12:58:33,491) /usr/sbin/haveged -w 1024 -v 0 -F
(root,13476,1628,00:00:16/33-12:57:59,512) /sbin/auditd
(messagebus,22936,5548,00:01:25/33-12:57:59,518) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
(root,38748,8524,00:00:49/33-12:57:59,531) /usr/lib/systemd/systemd-logind
(root,20556,5000,00:00:00/33-12:57:59,541) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground
(root,31876,16108,00:00:03/33-12:57:58,626) /usr/sbin/wickedd --systemd --foreground
(root,31896,16848,00:00:00/33-12:57:58,627) /usr/sbin/wickedd-nanny --systemd --foreground
(root,0,0,00:00:00/01:50:32,727) [kworker/u8:2-ext4-rsv-conversion]
(root,548360,32524,00:00:38/33-12:57:44,1172) python3 /services/inst/nemo-exportd/bin/nemo-exportd
(root,37016,26404,00:00:00/33-12:57:44,1185) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion
(root,21172,4576,00:03:08/33-12:57:43,1194) /usr/sbin/xinetd -stayalive -dontfork
(root,2984,1744,00:00:00/33-12:57:43,1197) /sbin/agetty -o -p -- \u --noclear tty1 linux
(syslogtunnel,40568,10524,00:00:00/33-12:57:43,1199) /usr/lib/systemd/systemd --user
(cm-ssh,40568,10520,00:00:00/33-12:57:43,1200) /usr/lib/systemd/systemd --user
(checkmk,40560,10484,00:00:00/33-12:57:43,1201) /usr/lib/systemd/systemd --user
(root,448968,8444,00:00:42/33-12:57:43,1202) /usr/sbin/rsyslogd -n -iNONE
(ntp,20660,6052,00:04:34/33-12:57:43,1204) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf
(root,2516,672,00:00:00/33-12:57:43,1206) bpfilter_umh
(root,26204,8212,00:00:13/33-12:57:43,1214) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups
(ntp,22048,4188,00:00:00/33-12:57:43,1215) ntpd: asynchronous dns resolver
(spot,293240,179988,1-17:43:48/33-12:57:43,1221) /usr/bin/python3.11 /usr/bin/spot
(cm-ssh,48532,3192,00:00:00/33-12:57:42,1228) (sd-pam)
(checkmk,48532,3192,00:00:00/33-12:57:42,1229) (sd-pam)
(syslogtunnel,48532,3192,00:00:00/33-12:57:42,1245) (sd-pam)
(root,24216,5344,00:00:11/33-12:57:41,1325) /usr/lib/postfix/bin//master -w
(postfix,24292,8260,00:00:02/33-12:57:41,1327) qmgr -l -t fifo -u
(root,8964,2668,00:00:04/33-12:57:40,1354) /usr/sbin/cron -n
(root,697972,81828,00:43:52/33-12:57:34,1375) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion
(spot,222656,63272,00:14:26/33-12:57:20,1380) /usr/bin/python3.11 /usr/bin/spot
(root,0,0,00:00:00/52:15,3524) [kworker/2:2-events]
(root,0,0,00:00:00/05:52,3850) [kworker/1:1-ata_sff]
(root,0,0,00:00:00/05:32,7073) [kworker/u8:1-flush-253:0]
(root,0,0,00:00:00/31:48,7957) [kworker/1:0-ata_sff]
(postfix,24244,8272,00:00:00/01:10:56,13877) pickup -l -t fifo -u
(root,35308,10012,00:00:00/27-10:48:36,15389) sshd: cm-ssh [priv]
(cm-ssh,35308,5508,00:01:31/27-10:48:35,15391) sshd: cm-ssh
(root,35308,10072,00:00:00/17-12:17:14,16975) sshd: syslogtunnel [priv]
(syslogtunnel,35308,5588,00:01:00/17-12:17:13,16977) sshd: syslogtunnel
(root,0,0,00:00:00/01:29:10,18088) [kworker/3:2-cgroup_destroy]
(root,0,0,00:00:00/22:34,19428) [kworker/0:2-events]
(root,0,0,00:00:03/01:58:50,24863) [kworker/2:1-events]
(root,0,0,00:00:00/00:39,25067) [kworker/1:2-events]
(root,6656,3488,00:00:00/00:00,28632) /bin/bash /usr/bin/check_mk_agent
(root,13744,3524,00:00:00/00:00,28650) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000
(root,11644,964,00:00:00/00:00,28651) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) /
(root,0,0,00:00:02/02:21:08,29457) [kworker/3:0-events]
(postfix,44628,9316,00:00:01/27-17:34:21,30472) tlsmgr -l -t unix -u
(root,0,0,00:00:00/30:01,31017) [kworker/0:1-events]

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff
    altname enp0s18
    altname ens18
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff
    altname enp0s19
    altname ens19
[end_iplink]
      Found on 2024-12-15 23:21

    • Severity: high
      Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe56836360a04666

      Found public CheckMk agent:
Version: 1.5.0p25
AgentOS: linux
Hostname: sarpedon
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
OnlyFrom: 

Found process list through CheckMk:
(root,189460,12576,00:01:15/31-12:36:02,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29
(root,0,0,00:00:00/31-12:36:02,2) [kthreadd]
(root,0,0,00:00:00/31-12:36:02,3) [rcu_gp]
(root,0,0,00:00:00/31-12:36:02,4) [rcu_par_gp]
(root,0,0,00:00:00/31-12:36:02,5) [slub_flushwq]
(root,0,0,00:00:00/31-12:36:02,7) [kworker/0:0H-events_highpri]
(root,0,0,00:00:00/31-12:36:02,9) [mm_percpu_wq]
(root,0,0,00:00:00/31-12:36:02,10) [rcu_tasks_kthre]
(root,0,0,00:00:00/31-12:36:02,11) [rcu_tasks_rude_]
(root,0,0,00:00:00/31-12:36:02,12) [rcu_tasks_trace]
(root,0,0,00:00:57/31-12:36:02,13) [ksoftirqd/0]
(root,0,0,01:23:49/31-12:36:02,14) [rcu_preempt]
(root,0,0,00:00:11/31-12:36:02,15) [migration/0]
(root,0,0,00:00:00/31-12:36:02,16) [idle_inject/0]
(root,0,0,00:00:00/31-12:36:02,18) [cpuhp/0]
(root,0,0,00:00:00/31-12:36:02,19) [cpuhp/1]
(root,0,0,00:00:00/31-12:36:02,20) [idle_inject/1]
(root,0,0,00:00:12/31-12:36:02,21) [migration/1]
(root,0,0,00:00:50/31-12:36:02,22) [ksoftirqd/1]
(root,0,0,00:00:00/31-12:36:02,24) [kworker/1:0H-events_highpri]
(root,0,0,00:00:00/31-12:36:02,25) [cpuhp/2]
(root,0,0,00:00:00/31-12:36:02,26) [idle_inject/2]
(root,0,0,00:00:09/31-12:36:02,27) [migration/2]
(root,0,0,01:01:42/31-12:36:02,28) [ksoftirqd/2]
(root,0,0,00:00:00/31-12:36:02,30) [kworker/2:0H-events_highpri]
(root,0,0,00:00:00/31-12:36:02,31) [cpuhp/3]
(root,0,0,00:00:00/31-12:36:02,32) [idle_inject/3]
(root,0,0,00:00:11/31-12:36:02,33) [migration/3]
(root,0,0,00:02:50/31-12:36:02,34) [ksoftirqd/3]
(root,0,0,00:00:00/31-12:36:02,36) [kworker/3:0H-events_highpri]
(root,0,0,00:00:00/31-12:36:02,39) [kdevtmpfs]
(root,0,0,00:00:00/31-12:36:02,40) [netns]
(root,0,0,00:00:00/31-12:36:02,41) [inet_frag_wq]
(root,0,0,00:00:07/31-12:36:02,42) [kauditd]
(root,0,0,00:00:00/31-12:36:02,43) [khungtaskd]
(root,0,0,00:00:00/31-12:36:02,44) [oom_reaper]
(root,0,0,00:00:00/31-12:36:02,45) [writeback]
(root,0,0,00:01:32/31-12:36:02,46) [kcompactd0]
(root,0,0,00:00:00/31-12:36:02,47) [ksmd]
(root,0,0,00:01:31/31-12:36:02,48) [khugepaged]
(root,0,0,00:00:00/31-12:36:02,74) [kintegrityd]
(root,0,0,00:00:00/31-12:36:02,75) [kblockd]
(root,0,0,00:00:00/31-12:36:02,76) [blkcg_punt_bio]
(root,0,0,00:00:00/31-12:36:02,78) [tpm_dev_wq]
(root,0,0,00:00:00/31-12:36:02,79) [edac-poller]
(root,0,0,00:00:00/31-12:36:02,80) [devfreq_wq]
(root,0,0,00:00:00/31-12:36:02,110) [watchdogd]
(root,0,0,00:00:06/31-12:36:02,111) [kworker/2:1H-kblockd]
(root,0,0,00:00:02/31-12:36:02,112) [kswapd0]
(root,0,0,00:00:00/31-12:36:01,114) [kthrotld]
(root,0,0,00:00:00/31-12:36:01,115) [mld]
(root,0,0,00:00:00/31-12:36:01,116) [ipv6_addrconf]
(root,0,0,00:00:13/31-12:36:01,117) [kworker/1:1H-kblockd]
(root,0,0,00:00:00/31-12:36:01,122) [kstrp]
(root,0,0,00:00:00/31-12:36:01,123) [zswap-shrink]
(root,0,0,00:00:00/31-12:36:01,124) [kworker/u9:0]
(root,0,0,00:00:00/31-12:36:01,129) [charger_manager]
(root,0,0,00:00:07/31-12:36:00,172) [kworker/3:1H-kblockd]
(root,0,0,00:00:07/31-12:36:00,175) [kworker/0:1H-kblockd]
(root,0,0,00:00:00/31-12:36:00,205) [kaluad]
(root,0,0,00:00:00/31-12:36:00,250) [kmpath_rdacd]
(root,0,0,00:00:00/31-12:36:00,293) [kmpathd]
(root,0,0,00:00:00/31-12:36:00,294) [kmpath_handlerd]
(root,0,0,00:00:00/31-12:36:00,342) [ata_sff]
(root,0,0,00:00:00/31-12:35:59,343) [scsi_eh_0]
(root,0,0,00:00:00/31-12:35:59,344) [scsi_tmf_0]
(root,0,0,00:00:00/31-12:35:59,345) [scsi_eh_1]
(root,0,0,00:00:00/31-12:35:59,346) [scsi_tmf_1]
(root,0,0,00:00:51/31-12:35:57,366) [jbd2/vda1-8]
(root,0,0,00:00:00/31-12:35:57,367) [ext4-rsv-conver]
(root,38604,7788,00:00:42/31-12:35:45,440) /usr/lib/systemd/systemd-journald
(root,53164,9480,00:00:03/31-12:35:44,456) /usr/lib/systemd/systemd-udevd
(root,8624,6716,00:00:47/31-12:35:42,491) /usr/sbin/haveged -w 1024 -v 0 -F
(root,13476,1628,00:00:15/31-12:35:08,512) /sbin/auditd
(messagebus,22936,5548,00:01:21/31-12:35:08,518) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
(root,38748,8524,00:00:47/31-12:35:08,531) /usr/lib/systemd/systemd-logind
(root,20556,5000,00:00:00/31-12:35:08,541) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground
(root,31876,16108,00:00:03/31-12:35:07,626) /usr/sbin/wickedd --systemd --foreground
(root,31896,16848,00:00:00/31-12:35:07,627) /usr/sbin/wickedd-nanny --systemd --foreground
(root,0,0,00:00:00/52:42,843) [kworker/u8:2-writeback]
(root,548360,31484,00:00:35/31-12:34:53,1172) python3 /services/inst/nemo-exportd/bin/nemo-exportd
(root,37016,26404,00:00:00/31-12:34:53,1185) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion
(root,21172,4576,00:02:55/31-12:34:52,1194) /usr/sbin/xinetd -stayalive -dontfork
(root,2984,1744,00:00:00/31-12:34:52,1197) /sbin/agetty -o -p -- \u --noclear tty1 linux
(syslogtunnel,40568,10524,00:00:00/31-12:34:52,1199) /usr/lib/systemd/systemd --user
(cm-ssh,40568,10520,00:00:00/31-12:34:52,1200) /usr/lib/systemd/systemd --user
(checkmk,40560,10484,00:00:00/31-12:34:52,1201) /usr/lib/systemd/systemd --user
(root,448968,8444,00:00:40/31-12:34:52,1202) /usr/sbin/rsyslogd -n -iNONE
(ntp,20660,6052,00:04:17/31-12:34:52,1204) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf
(root,2516,672,00:00:00/31-12:34:52,1206) bpfilter_umh
(root,26204,8212,00:00:12/31-12:34:52,1214) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups
(ntp,22048,4188,00:00:00/31-12:34:52,1215) ntpd: asynchronous dns resolver
(spot,286744,173792,1-15:26:25/31-12:34:52,1221) /usr/bin/python3.11 /usr/bin/spot
(cm-ssh,48532,3192,00:00:00/31-12:34:51,1228) (sd-pam)
(checkmk,48532,3192,00:00:00/31-12:34:51,1229) (sd-pam)
(syslogtunnel,48532,3192,00:00:00/31-12:34:51,1245) (sd-pam)
(root,24216,5344,00:00:10/31-12:34:50,1325) /usr/lib/postfix/bin//master -w
(postfix,24292,8260,00:00:02/31-12:34:50,1327) qmgr -l -t fifo -u
(root,8964,2668,00:00:04/31-12:34:49,1354) /usr/sbin/cron -n
(root,697972,81512,00:41:14/31-12:34:43,1375) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion
(spot,221632,61380,00:13:36/31-12:34:29,1380) /usr/bin/python3.11 /usr/bin/spot
(root,0,0,00:00:02/03:49:24,5886) [kworker/3:1-events]
(root,0,0,00:00:02/03:26:53,8787) [kworker/0:2-events]
(root,0,0,00:00:00/07:21,9978) [kworker/3:0-events]
(root,0,0,00:00:01/51:48,11542) [kworker/2:0-events]
(root,35308,10012,00:00:00/25-10:25:45,15389) sshd: cm-ssh [priv]
(cm-ssh,35308,5508,00:01:24/25-10:25:44,15391) sshd: cm-ssh
(root,0,0,00:00:00/01:02:40,16327) [kworker/u8:0-writeback]
(root,35308,10072,00:00:00/15-11:54:23,16975) sshd: syslogtunnel [priv]
(syslogtunnel,35308,5588,00:00:53/15-11:54:22,16977) sshd: syslogtunnel
(root,0,0,00:00:00/08:26,24941) [kworker/1:2-ata_sff]
(postfix,24244,8232,00:00:00/01:10:02,25164) pickup -l -t fifo -u
(root,6656,3488,00:00:00/00:00,26593) /bin/bash /usr/bin/check_mk_agent
(root,13744,3448,00:00:00/00:00,26611) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000
(root,11644,960,00:00:00/00:00,26612) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) /
(root,0,0,00:00:00/29:25,29649) [kworker/2:2-events]
(root,0,0,00:00:00/03:16,29982) [kworker/1:1-ata_sff]
(postfix,44628,9316,00:00:01/25-17:11:30,30472) tlsmgr -l -t unix -u
(root,0,0,00:00:00/29:12,31543) [kworker/1:0-events]
(root,0,0,00:00:00/04:41:21,31966) [kworker/0:0-events]

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff
    altname enp0s18
    altname ens18
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff
    altname enp0s19
    altname ens19
[end_iplink]
      Found on 2024-12-13 22:58

    • Severity: high
      Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363b82a4eb3

      Found public CheckMk agent:
Version: 1.5.0p25
AgentOS: linux
Hostname: sarpedon
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
OnlyFrom: 

Found process list through CheckMk:
(root,189460,12576,00:01:12/29-13:04:57,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29
(root,0,0,00:00:00/29-13:04:57,2) [kthreadd]
(root,0,0,00:00:00/29-13:04:57,3) [rcu_gp]
(root,0,0,00:00:00/29-13:04:57,4) [rcu_par_gp]
(root,0,0,00:00:00/29-13:04:57,5) [slub_flushwq]
(root,0,0,00:00:00/29-13:04:57,7) [kworker/0:0H-events_highpri]
(root,0,0,00:00:00/29-13:04:57,9) [mm_percpu_wq]
(root,0,0,00:00:00/29-13:04:57,10) [rcu_tasks_kthre]
(root,0,0,00:00:00/29-13:04:57,11) [rcu_tasks_rude_]
(root,0,0,00:00:00/29-13:04:57,12) [rcu_tasks_trace]
(root,0,0,00:00:53/29-13:04:57,13) [ksoftirqd/0]
(root,0,0,01:18:42/29-13:04:57,14) [rcu_preempt]
(root,0,0,00:00:11/29-13:04:57,15) [migration/0]
(root,0,0,00:00:00/29-13:04:57,16) [idle_inject/0]
(root,0,0,00:00:00/29-13:04:57,18) [cpuhp/0]
(root,0,0,00:00:00/29-13:04:57,19) [cpuhp/1]
(root,0,0,00:00:00/29-13:04:57,20) [idle_inject/1]
(root,0,0,00:00:11/29-13:04:57,21) [migration/1]
(root,0,0,00:00:46/29-13:04:57,22) [ksoftirqd/1]
(root,0,0,00:00:00/29-13:04:57,24) [kworker/1:0H-events_highpri]
(root,0,0,00:00:00/29-13:04:57,25) [cpuhp/2]
(root,0,0,00:00:00/29-13:04:57,26) [idle_inject/2]
(root,0,0,00:00:09/29-13:04:57,27) [migration/2]
(root,0,0,00:58:02/29-13:04:57,28) [ksoftirqd/2]
(root,0,0,00:00:00/29-13:04:57,30) [kworker/2:0H-events_highpri]
(root,0,0,00:00:00/29-13:04:57,31) [cpuhp/3]
(root,0,0,00:00:00/29-13:04:57,32) [idle_inject/3]
(root,0,0,00:00:11/29-13:04:57,33) [migration/3]
(root,0,0,00:02:40/29-13:04:57,34) [ksoftirqd/3]
(root,0,0,00:00:00/29-13:04:57,36) [kworker/3:0H-events_highpri]
(root,0,0,00:00:00/29-13:04:57,39) [kdevtmpfs]
(root,0,0,00:00:00/29-13:04:57,40) [netns]
(root,0,0,00:00:00/29-13:04:57,41) [inet_frag_wq]
(root,0,0,00:00:06/29-13:04:57,42) [kauditd]
(root,0,0,00:00:00/29-13:04:57,43) [khungtaskd]
(root,0,0,00:00:00/29-13:04:57,44) [oom_reaper]
(root,0,0,00:00:00/29-13:04:57,45) [writeback]
(root,0,0,00:01:26/29-13:04:57,46) [kcompactd0]
(root,0,0,00:00:00/29-13:04:57,47) [ksmd]
(root,0,0,00:01:25/29-13:04:57,48) [khugepaged]
(root,0,0,00:00:00/29-13:04:57,74) [kintegrityd]
(root,0,0,00:00:00/29-13:04:57,75) [kblockd]
(root,0,0,00:00:00/29-13:04:57,76) [blkcg_punt_bio]
(root,0,0,00:00:00/29-13:04:57,78) [tpm_dev_wq]
(root,0,0,00:00:00/29-13:04:57,79) [edac-poller]
(root,0,0,00:00:00/29-13:04:57,80) [devfreq_wq]
(root,0,0,00:00:00/29-13:04:57,110) [watchdogd]
(root,0,0,00:00:06/29-13:04:57,111) [kworker/2:1H-kblockd]
(root,0,0,00:00:02/29-13:04:57,112) [kswapd0]
(root,0,0,00:00:00/29-13:04:56,114) [kthrotld]
(root,0,0,00:00:00/29-13:04:56,115) [mld]
(root,0,0,00:00:00/29-13:04:56,116) [ipv6_addrconf]
(root,0,0,00:00:12/29-13:04:56,117) [kworker/1:1H-kblockd]
(root,0,0,00:00:00/29-13:04:56,122) [kstrp]
(root,0,0,00:00:00/29-13:04:56,123) [zswap-shrink]
(root,0,0,00:00:00/29-13:04:56,124) [kworker/u9:0]
(root,0,0,00:00:00/29-13:04:56,129) [charger_manager]
(root,0,0,00:00:06/29-13:04:55,172) [kworker/3:1H-kblockd]
(root,0,0,00:00:06/29-13:04:55,175) [kworker/0:1H-kblockd]
(root,0,0,00:00:00/29-13:04:55,205) [kaluad]
(root,0,0,00:00:00/29-13:04:55,250) [kmpath_rdacd]
(root,0,0,00:00:00/29-13:04:55,293) [kmpathd]
(root,0,0,00:00:00/29-13:04:55,294) [kmpath_handlerd]
(root,0,0,00:00:00/29-13:04:55,342) [ata_sff]
(root,0,0,00:00:00/29-13:04:54,343) [scsi_eh_0]
(root,0,0,00:00:00/29-13:04:54,344) [scsi_tmf_0]
(root,0,0,00:00:00/29-13:04:54,345) [scsi_eh_1]
(root,0,0,00:00:00/29-13:04:54,346) [scsi_tmf_1]
(root,0,0,00:00:48/29-13:04:52,366) [jbd2/vda1-8]
(root,0,0,00:00:00/29-13:04:52,367) [ext4-rsv-conver]
(root,38604,7788,00:00:40/29-13:04:40,440) /usr/lib/systemd/systemd-journald
(root,53164,9480,00:00:03/29-13:04:39,456) /usr/lib/systemd/systemd-udevd
(root,8624,6716,00:00:44/29-13:04:37,491) /usr/sbin/haveged -w 1024 -v 0 -F
(root,13476,1628,00:00:14/29-13:04:03,512) /sbin/auditd
(messagebus,22936,5548,00:01:18/29-13:04:03,518) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
(root,38748,8524,00:00:45/29-13:04:03,531) /usr/lib/systemd/systemd-logind
(root,20556,5000,00:00:00/29-13:04:03,541) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground
(root,31876,16108,00:00:03/29-13:04:02,626) /usr/sbin/wickedd --systemd --foreground
(root,31896,16848,00:00:00/29-13:04:02,627) /usr/sbin/wickedd-nanny --systemd --foreground
(root,548360,31484,00:00:33/29-13:03:48,1172) python3 /services/inst/nemo-exportd/bin/nemo-exportd
(root,37016,26404,00:00:00/29-13:03:48,1185) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion
(root,21172,4572,00:02:41/29-13:03:47,1194) /usr/sbin/xinetd -stayalive -dontfork
(root,2984,1744,00:00:00/29-13:03:47,1197) /sbin/agetty -o -p -- \u --noclear tty1 linux
(syslogtunnel,40568,10524,00:00:00/29-13:03:47,1199) /usr/lib/systemd/systemd --user
(cm-ssh,40568,10520,00:00:00/29-13:03:47,1200) /usr/lib/systemd/systemd --user
(checkmk,40560,10484,00:00:00/29-13:03:47,1201) /usr/lib/systemd/systemd --user
(root,448968,8444,00:00:38/29-13:03:47,1202) /usr/sbin/rsyslogd -n -iNONE
(ntp,20660,6052,00:04:01/29-13:03:47,1204) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf
(root,2516,672,00:00:00/29-13:03:47,1206) bpfilter_umh
(root,26204,8212,00:00:12/29-13:03:47,1214) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups
(ntp,22048,4188,00:00:00/29-13:03:47,1215) ntpd: asynchronous dns resolver
(spot,291548,178800,1-12:56:30/29-13:03:47,1221) /usr/bin/python3.11 /usr/bin/spot
(cm-ssh,48532,3192,00:00:00/29-13:03:46,1228) (sd-pam)
(checkmk,48532,3192,00:00:00/29-13:03:46,1229) (sd-pam)
(syslogtunnel,48532,3192,00:00:00/29-13:03:46,1245) (sd-pam)
(root,24216,5344,00:00:09/29-13:03:45,1325) /usr/lib/postfix/bin//master -w
(postfix,24292,8260,00:00:02/29-13:03:45,1327) qmgr -l -t fifo -u
(root,8964,2668,00:00:04/29-13:03:44,1354) /usr/sbin/cron -n
(root,697576,81132,00:38:38/29-13:03:38,1375) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion
(spot,220608,60496,00:12:52/29-13:03:24,1380) /usr/bin/python3.11 /usr/bin/spot
(root,0,0,00:00:00/06:48,3727) [kworker/2:1]
(root,0,0,00:00:00/06:44,3949) [kworker/u8:1-flush-253:0]
(root,0,0,00:00:00/10:19:11,6101) [kworker/0:2-events]
(root,0,0,00:00:00/05:43,7065) [kworker/1:2-ata_sff]
(root,0,0,00:00:00/02:12:04,8802) [kworker/u8:0]
(root,0,0,00:00:00/28:45,12543) [kworker/3:2-events]
(root,0,0,00:00:00/27:09,13387) [kworker/2:0-events]
(root,0,0,00:00:00/01:31:58,14764) [kworker/3:0-events]
(root,35308,10012,00:00:00/23-10:54:40,15389) sshd: cm-ssh [priv]
(cm-ssh,35308,5508,00:01:18/23-10:54:39,15391) sshd: cm-ssh
(root,35308,10072,00:00:00/13-12:23:18,16975) sshd: syslogtunnel [priv]
(syslogtunnel,35308,5588,00:00:46/13-12:23:17,16977) sshd: syslogtunnel
(root,0,0,00:00:00/00:32,20153) [kworker/1:1-ata_sff]
(root,0,0,00:00:01/05:47:30,20264) [kworker/0:1-events]
(root,6656,3484,00:00:00/00:00,21532) /bin/bash /usr/bin/check_mk_agent
(root,13744,3384,00:00:00/00:00,21550) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000
(root,11644,964,00:00:00/00:00,21551) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) /
(postfix,24244,8172,00:00:00/20:43,28504) pickup -l -t fifo -u
(root,0,0,00:00:07/15:24:03,29407) [kworker/1:0-events]
(postfix,44628,9316,00:00:01/23-17:40:25,30472) tlsmgr -l -t unix -u

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff
    altname enp0s18
    altname ens18
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff
    altname enp0s19
    altname ens19
[end_iplink]
      Found on 2024-12-11 23:27

    • Severity: high
      Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363b390e959

      Found public CheckMk agent:
Version: 1.5.0p25
AgentOS: linux
Hostname: sarpedon
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
OnlyFrom: 

Found process list through CheckMk:
(root,189460,12576,00:01:08/27-13:18:10,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29
(root,0,0,00:00:00/27-13:18:10,2) [kthreadd]
(root,0,0,00:00:00/27-13:18:10,3) [rcu_gp]
(root,0,0,00:00:00/27-13:18:10,4) [rcu_par_gp]
(root,0,0,00:00:00/27-13:18:10,5) [slub_flushwq]
(root,0,0,00:00:00/27-13:18:10,7) [kworker/0:0H-events_highpri]
(root,0,0,00:00:00/27-13:18:10,9) [mm_percpu_wq]
(root,0,0,00:00:00/27-13:18:10,10) [rcu_tasks_kthre]
(root,0,0,00:00:00/27-13:18:10,11) [rcu_tasks_rude_]
(root,0,0,00:00:00/27-13:18:10,12) [rcu_tasks_trace]
(root,0,0,00:00:50/27-13:18:10,13) [ksoftirqd/0]
(root,0,0,01:13:35/27-13:18:10,14) [rcu_preempt]
(root,0,0,00:00:10/27-13:18:10,15) [migration/0]
(root,0,0,00:00:00/27-13:18:10,16) [idle_inject/0]
(root,0,0,00:00:00/27-13:18:10,18) [cpuhp/0]
(root,0,0,00:00:00/27-13:18:10,19) [cpuhp/1]
(root,0,0,00:00:00/27-13:18:10,20) [idle_inject/1]
(root,0,0,00:00:10/27-13:18:10,21) [migration/1]
(root,0,0,00:00:43/27-13:18:10,22) [ksoftirqd/1]
(root,0,0,00:00:00/27-13:18:10,24) [kworker/1:0H-events_highpri]
(root,0,0,00:00:00/27-13:18:10,25) [cpuhp/2]
(root,0,0,00:00:00/27-13:18:10,26) [idle_inject/2]
(root,0,0,00:00:08/27-13:18:10,27) [migration/2]
(root,0,0,00:55:22/27-13:18:10,28) [ksoftirqd/2]
(root,0,0,00:00:00/27-13:18:10,30) [kworker/2:0H-events_highpri]
(root,0,0,00:00:00/27-13:18:10,31) [cpuhp/3]
(root,0,0,00:00:00/27-13:18:10,32) [idle_inject/3]
(root,0,0,00:00:10/27-13:18:10,33) [migration/3]
(root,0,0,00:02:31/27-13:18:10,34) [ksoftirqd/3]
(root,0,0,00:00:00/27-13:18:10,36) [kworker/3:0H-events_highpri]
(root,0,0,00:00:00/27-13:18:10,39) [kdevtmpfs]
(root,0,0,00:00:00/27-13:18:10,40) [netns]
(root,0,0,00:00:00/27-13:18:10,41) [inet_frag_wq]
(root,0,0,00:00:06/27-13:18:10,42) [kauditd]
(root,0,0,00:00:00/27-13:18:10,43) [khungtaskd]
(root,0,0,00:00:00/27-13:18:10,44) [oom_reaper]
(root,0,0,00:00:00/27-13:18:10,45) [writeback]
(root,0,0,00:01:21/27-13:18:10,46) [kcompactd0]
(root,0,0,00:00:00/27-13:18:10,47) [ksmd]
(root,0,0,00:01:19/27-13:18:10,48) [khugepaged]
(root,0,0,00:00:00/27-13:18:10,74) [kintegrityd]
(root,0,0,00:00:00/27-13:18:10,75) [kblockd]
(root,0,0,00:00:00/27-13:18:10,76) [blkcg_punt_bio]
(root,0,0,00:00:00/27-13:18:10,78) [tpm_dev_wq]
(root,0,0,00:00:00/27-13:18:10,79) [edac-poller]
(root,0,0,00:00:00/27-13:18:10,80) [devfreq_wq]
(root,0,0,00:00:00/27-13:18:10,110) [watchdogd]
(root,0,0,00:00:05/27-13:18:10,111) [kworker/2:1H-kblockd]
(root,0,0,00:00:02/27-13:18:10,112) [kswapd0]
(root,0,0,00:00:00/27-13:18:09,114) [kthrotld]
(root,0,0,00:00:00/27-13:18:09,115) [mld]
(root,0,0,00:00:00/27-13:18:09,116) [ipv6_addrconf]
(root,0,0,00:00:11/27-13:18:09,117) [kworker/1:1H-kblockd]
(root,0,0,00:00:00/27-13:18:09,122) [kstrp]
(root,0,0,00:00:00/27-13:18:09,123) [zswap-shrink]
(root,0,0,00:00:00/27-13:18:09,124) [kworker/u9:0]
(root,0,0,00:00:00/27-13:18:09,129) [charger_manager]
(root,0,0,00:00:06/27-13:18:08,172) [kworker/3:1H-kblockd]
(root,0,0,00:00:06/27-13:18:08,175) [kworker/0:1H-kblockd]
(root,0,0,00:00:00/27-13:18:08,205) [kaluad]
(root,0,0,00:00:00/27-13:18:08,250) [kmpath_rdacd]
(root,0,0,00:00:00/27-13:18:08,293) [kmpathd]
(root,0,0,00:00:00/27-13:18:08,294) [kmpath_handlerd]
(root,0,0,00:00:00/27-13:18:08,342) [ata_sff]
(root,0,0,00:00:00/27-13:18:07,343) [scsi_eh_0]
(root,0,0,00:00:00/27-13:18:07,344) [scsi_tmf_0]
(root,0,0,00:00:00/27-13:18:07,345) [scsi_eh_1]
(root,0,0,00:00:00/27-13:18:07,346) [scsi_tmf_1]
(root,0,0,00:00:44/27-13:18:05,366) [jbd2/vda1-8]
(root,0,0,00:00:00/27-13:18:05,367) [ext4-rsv-conver]
(root,38604,7788,00:00:38/27-13:17:53,440) /usr/lib/systemd/systemd-journald
(root,53164,9480,00:00:03/27-13:17:52,456) /usr/lib/systemd/systemd-udevd
(root,8624,6716,00:00:41/27-13:17:50,491) /usr/sbin/haveged -w 1024 -v 0 -F
(root,13476,1628,00:00:14/27-13:17:16,512) /sbin/auditd
(messagebus,22936,5548,00:01:14/27-13:17:16,518) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
(root,38748,8520,00:00:43/27-13:17:16,531) /usr/lib/systemd/systemd-logind
(root,20556,5000,00:00:00/27-13:17:16,541) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground
(root,31876,16108,00:00:03/27-13:17:15,626) /usr/sbin/wickedd --systemd --foreground
(root,31896,16848,00:00:00/27-13:17:15,627) /usr/sbin/wickedd-nanny --systemd --foreground
(root,548360,31484,00:00:31/27-13:17:01,1172) python3 /services/inst/nemo-exportd/bin/nemo-exportd
(root,37016,26404,00:00:00/27-13:17:01,1185) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion
(root,21172,4572,00:02:33/27-13:17:00,1194) /usr/sbin/xinetd -stayalive -dontfork
(root,2984,1744,00:00:00/27-13:17:00,1197) /sbin/agetty -o -p -- \u --noclear tty1 linux
(syslogtunnel,40568,10524,00:00:00/27-13:17:00,1199) /usr/lib/systemd/systemd --user
(cm-ssh,40568,10520,00:00:00/27-13:17:00,1200) /usr/lib/systemd/systemd --user
(checkmk,40560,10484,00:00:00/27-13:17:00,1201) /usr/lib/systemd/systemd --user
(root,448968,8444,00:00:36/27-13:17:00,1202) /usr/sbin/rsyslogd -n -iNONE
(ntp,20660,6052,00:03:45/27-13:17:00,1204) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf
(root,2516,672,00:00:00/27-13:17:00,1206) bpfilter_umh
(root,26204,8212,00:00:11/27-13:17:00,1214) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups
(ntp,22048,4188,00:00:00/27-13:17:00,1215) ntpd: asynchronous dns resolver
(spot,290136,176688,1-10:36:39/27-13:17:00,1221) /usr/bin/python3.11 /usr/bin/spot
(cm-ssh,48532,3192,00:00:00/27-13:16:59,1228) (sd-pam)
(checkmk,48532,3192,00:00:00/27-13:16:59,1229) (sd-pam)
(syslogtunnel,48532,3192,00:00:00/27-13:16:59,1245) (sd-pam)
(root,24216,5344,00:00:09/27-13:16:58,1325) /usr/lib/postfix/bin//master -w
(postfix,24292,8260,00:00:01/27-13:16:58,1327) qmgr -l -t fifo -u
(root,8964,2668,00:00:03/27-13:16:57,1354) /usr/sbin/cron -n
(root,697064,80568,00:36:03/27-13:16:51,1375) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion
(spot,219584,58616,00:11:34/27-13:16:37,1380) /usr/bin/python3.11 /usr/bin/spot
(root,0,0,00:00:00/02:31:42,1639) [kworker/3:1-events]
(root,0,0,00:00:00/05:17,8451) [kworker/u8:2-writeback]
(root,0,0,00:00:00/20:19,9624) [kworker/1:0-events]
(root,0,0,00:00:00/04:45,9934) [kworker/1:2-events_freezable_power_]
(root,0,0,00:00:00/02:36,13512) [kworker/1:3-events]
(postfix,24244,8148,00:00:00/55:56,14566) pickup -l -t fifo -u
(root,35308,10012,00:00:00/21-11:07:53,15389) sshd: cm-ssh [priv]
(cm-ssh,35308,5508,00:01:11/21-11:07:52,15391) sshd: cm-ssh
(root,0,0,00:00:00/54:52,16439) [kworker/u8:1-ext4-rsv-conversion]
(root,35308,10072,00:00:00/11-12:36:31,16975) sshd: syslogtunnel [priv]
(syslogtunnel,35308,5588,00:00:40/11-12:36:30,16977) sshd: syslogtunnel
(root,0,0,00:00:01/05:28:17,18730) [kworker/0:0-events]
(root,6656,3488,00:00:00/00:00,20360) /bin/bash /usr/bin/check_mk_agent
(root,13744,3488,00:00:00/00:00,20378) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000
(root,11644,952,00:00:00/00:00,20379) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) /
(root,0,0,00:00:00/31:20,20552) [kworker/2:1]
(root,0,0,00:00:00/52:43,23802) [kworker/0:1]
(root,0,0,00:00:00/09:58,26286) [kworker/1:1-ata_sff]
(root,0,0,00:00:00/40:12,27932) [kworker/2:2-events]
(postfix,44628,9316,00:00:00/21-17:53:38,30472) tlsmgr -l -t unix -u
(root,0,0,00:00:00/02:24:37,32261) [kworker/3:0-cgroup_destroy]

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff
    altname enp0s18
    altname ens18
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff
    altname enp0s19
    altname ens19
[end_iplink]
      Found on 2024-12-09 23:40

    • Severity: high
      Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363f657d3b8

      Found public CheckMk agent:
Version: 1.5.0p25
AgentOS: linux
Hostname: sarpedon
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
OnlyFrom: 

Found process list through CheckMk:
(root,189460,12816,00:01:04/25-13:06:55,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29
(root,0,0,00:00:00/25-13:06:55,2) [kthreadd]
(root,0,0,00:00:00/25-13:06:55,3) [rcu_gp]
(root,0,0,00:00:00/25-13:06:55,4) [rcu_par_gp]
(root,0,0,00:00:00/25-13:06:55,5) [slub_flushwq]
(root,0,0,00:00:00/25-13:06:55,7) [kworker/0:0H-events_highpri]
(root,0,0,00:00:00/25-13:06:55,9) [mm_percpu_wq]
(root,0,0,00:00:00/25-13:06:55,10) [rcu_tasks_kthre]
(root,0,0,00:00:00/25-13:06:55,11) [rcu_tasks_rude_]
(root,0,0,00:00:00/25-13:06:55,12) [rcu_tasks_trace]
(root,0,0,00:00:46/25-13:06:55,13) [ksoftirqd/0]
(root,0,0,01:08:16/25-13:06:55,14) [rcu_preempt]
(root,0,0,00:00:09/25-13:06:55,15) [migration/0]
(root,0,0,00:00:00/25-13:06:55,16) [idle_inject/0]
(root,0,0,00:00:00/25-13:06:55,18) [cpuhp/0]
(root,0,0,00:00:00/25-13:06:55,19) [cpuhp/1]
(root,0,0,00:00:00/25-13:06:55,20) [idle_inject/1]
(root,0,0,00:00:10/25-13:06:55,21) [migration/1]
(root,0,0,00:00:40/25-13:06:55,22) [ksoftirqd/1]
(root,0,0,00:00:00/25-13:06:55,24) [kworker/1:0H-events_highpri]
(root,0,0,00:00:00/25-13:06:55,25) [cpuhp/2]
(root,0,0,00:00:00/25-13:06:55,26) [idle_inject/2]
(root,0,0,00:00:08/25-13:06:55,27) [migration/2]
(root,0,0,00:52:04/25-13:06:55,28) [ksoftirqd/2]
(root,0,0,00:00:00/25-13:06:55,30) [kworker/2:0H-events_highpri]
(root,0,0,00:00:00/25-13:06:55,31) [cpuhp/3]
(root,0,0,00:00:00/25-13:06:55,32) [idle_inject/3]
(root,0,0,00:00:09/25-13:06:55,33) [migration/3]
(root,0,0,00:02:21/25-13:06:55,34) [ksoftirqd/3]
(root,0,0,00:00:00/25-13:06:55,36) [kworker/3:0H-events_highpri]
(root,0,0,00:00:00/25-13:06:55,39) [kdevtmpfs]
(root,0,0,00:00:00/25-13:06:55,40) [netns]
(root,0,0,00:00:00/25-13:06:55,41) [inet_frag_wq]
(root,0,0,00:00:06/25-13:06:55,42) [kauditd]
(root,0,0,00:00:00/25-13:06:55,43) [khungtaskd]
(root,0,0,00:00:00/25-13:06:55,44) [oom_reaper]
(root,0,0,00:00:00/25-13:06:55,45) [writeback]
(root,0,0,00:01:14/25-13:06:55,46) [kcompactd0]
(root,0,0,00:00:00/25-13:06:55,47) [ksmd]
(root,0,0,00:01:14/25-13:06:55,48) [khugepaged]
(root,0,0,00:00:00/25-13:06:55,74) [kintegrityd]
(root,0,0,00:00:00/25-13:06:55,75) [kblockd]
(root,0,0,00:00:00/25-13:06:55,76) [blkcg_punt_bio]
(root,0,0,00:00:00/25-13:06:55,78) [tpm_dev_wq]
(root,0,0,00:00:00/25-13:06:55,79) [edac-poller]
(root,0,0,00:00:00/25-13:06:55,80) [devfreq_wq]
(root,0,0,00:00:00/25-13:06:55,110) [watchdogd]
(root,0,0,00:00:05/25-13:06:55,111) [kworker/2:1H-kblockd]
(root,0,0,00:00:01/25-13:06:55,112) [kswapd0]
(root,0,0,00:00:00/25-13:06:54,114) [kthrotld]
(root,0,0,00:00:00/25-13:06:54,115) [mld]
(root,0,0,00:00:00/25-13:06:54,116) [ipv6_addrconf]
(root,0,0,00:00:11/25-13:06:54,117) [kworker/1:1H-kblockd]
(root,0,0,00:00:00/25-13:06:54,122) [kstrp]
(root,0,0,00:00:00/25-13:06:54,123) [zswap-shrink]
(root,0,0,00:00:00/25-13:06:54,124) [kworker/u9:0]
(root,0,0,00:00:00/25-13:06:54,129) [charger_manager]
(root,0,0,00:00:05/25-13:06:53,172) [kworker/3:1H-kblockd]
(root,0,0,00:00:05/25-13:06:53,175) [kworker/0:1H-kblockd]
(root,0,0,00:00:00/25-13:06:53,205) [kaluad]
(root,0,0,00:00:00/25-13:06:53,250) [kmpath_rdacd]
(root,0,0,00:00:00/25-13:06:53,293) [kmpathd]
(root,0,0,00:00:00/25-13:06:53,294) [kmpath_handlerd]
(root,0,0,00:00:00/25-13:06:53,342) [ata_sff]
(root,0,0,00:00:00/25-13:06:52,343) [scsi_eh_0]
(root,0,0,00:00:00/25-13:06:52,344) [scsi_tmf_0]
(root,0,0,00:00:00/25-13:06:52,345) [scsi_eh_1]
(root,0,0,00:00:00/25-13:06:52,346) [scsi_tmf_1]
(root,0,0,00:00:40/25-13:06:50,366) [jbd2/vda1-8]
(root,0,0,00:00:00/25-13:06:50,367) [ext4-rsv-conver]
(root,38604,7876,00:00:36/25-13:06:38,440) /usr/lib/systemd/systemd-journald
(root,53164,9544,00:00:03/25-13:06:37,456) /usr/lib/systemd/systemd-udevd
(root,8624,6756,00:00:38/25-13:06:35,491) /usr/sbin/haveged -w 1024 -v 0 -F
(root,13476,1628,00:00:13/25-13:06:01,512) /sbin/auditd
(messagebus,22936,5640,00:01:10/25-13:06:01,518) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
(root,38748,8556,00:00:40/25-13:06:01,531) /usr/lib/systemd/systemd-logind
(root,20556,5076,00:00:00/25-13:06:01,541) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground
(root,31876,16156,00:00:03/25-13:06:00,626) /usr/sbin/wickedd --systemd --foreground
(root,31896,16912,00:00:00/25-13:06:00,627) /usr/sbin/wickedd-nanny --systemd --foreground
(root,548104,30844,00:00:29/25-13:05:46,1172) python3 /services/inst/nemo-exportd/bin/nemo-exportd
(root,37016,26512,00:00:00/25-13:05:46,1185) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion
(root,21172,4572,00:02:19/25-13:05:45,1194) /usr/sbin/xinetd -stayalive -dontfork
(root,2984,1744,00:00:00/25-13:05:45,1197) /sbin/agetty -o -p -- \u --noclear tty1 linux
(syslogtunnel,40568,10564,00:00:00/25-13:05:45,1199) /usr/lib/systemd/systemd --user
(cm-ssh,40568,10520,00:00:00/25-13:05:45,1200) /usr/lib/systemd/systemd --user
(checkmk,40560,10484,00:00:00/25-13:05:45,1201) /usr/lib/systemd/systemd --user
(root,448968,8552,00:00:34/25-13:05:45,1202) /usr/sbin/rsyslogd -n -iNONE
(ntp,20660,6064,00:03:28/25-13:05:45,1204) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf
(root,2516,672,00:00:00/25-13:05:45,1206) bpfilter_umh
(root,26204,8300,00:00:11/25-13:05:45,1214) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups
(ntp,22048,4188,00:00:00/25-13:05:45,1215) ntpd: asynchronous dns resolver
(spot,301856,188368,1-08:02:10/25-13:05:45,1221) /usr/bin/python3.11 /usr/bin/spot
(cm-ssh,48532,3192,00:00:00/25-13:05:44,1228) (sd-pam)
(checkmk,48532,3192,00:00:00/25-13:05:44,1229) (sd-pam)
(syslogtunnel,48532,3192,00:00:00/25-13:05:44,1245) (sd-pam)
(root,24216,5348,00:00:08/25-13:05:43,1325) /usr/lib/postfix/bin//master -w
(postfix,24292,8260,00:00:01/25-13:05:43,1327) qmgr -l -t fifo -u
(root,8964,2668,00:00:03/25-13:05:42,1354) /usr/sbin/cron -n
(root,694116,77808,00:33:25/25-13:05:36,1375) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion
(spot,218560,57992,00:10:09/25-13:05:22,1380) /usr/bin/python3.11 /usr/bin/spot
(root,0,0,00:00:00/04:11,3014) [kworker/1:0-ata_sff]
(root,0,0,00:00:00/36:30,7950) [kworker/2:2-cgroup_destroy]
(root,0,0,00:00:00/02:08,14356) [kworker/2:0-events]
(root,0,0,00:00:00/02:25:10,15018) [kworker/0:2-events]
(root,35308,10012,00:00:00/19-10:56:38,15389) sshd: cm-ssh [priv]
(cm-ssh,35308,5508,00:01:05/19-10:56:37,15391) sshd: cm-ssh
(root,0,0,00:00:00/29:42,16404) [kworker/0:1-events]
(root,35308,10072,00:00:00/9-12:25:16,16975) sshd: syslogtunnel [priv]
(syslogtunnel,35308,5588,00:00:33/9-12:25:15,16977) sshd: syslogtunnel
(root,0,0,00:00:00/09:23,17007) [kworker/1:2-ata_sff]
(root,0,0,00:00:00/08:59:06,17512) [kworker/u8:2-ext4-rsv-conversion]
(root,0,0,00:00:01/07:23:56,18263) [kworker/3:2-events]
(root,0,0,00:00:05/06:09:30,21123) [kworker/2:1-events]
(root,6656,3488,00:00:00/00:01,21197) /bin/bash /usr/bin/check_mk_agent
(root,6656,3484,00:00:00/00:00,21260) /bin/bash /usr/bin/check_mk_agent
(root,13744,3420,00:00:00/00:00,21280) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000
(root,11644,916,00:00:00/00:00,21281) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) /
(root,0,0,00:00:00/58:58,25316) [kworker/u8:0-flush-253:0]
(postfix,44628,9372,00:00:00/19-17:42:23,30472) tlsmgr -l -t unix -u
(postfix,24244,8260,00:00:00/01:05:35,30743) pickup -l -t fifo -u
(root,0,0,00:00:00/22:51,31436) [kworker/3:1]
(root,0,0,00:00:02/03:26:32,31732) [kworker/1:1-events]

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff
    altname enp0s18
    altname ens18
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff
    altname enp0s19
    altname ens19
[end_iplink]
      Found on 2024-12-07 23:29

    • Severity: high
      Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe56836367d47466

      Found public CheckMk agent:
Version: 1.5.0p25
AgentOS: linux
Hostname: sarpedon
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
OnlyFrom: 

Found process list through CheckMk:
(root,189460,12812,00:01:01/23-13:17:40,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29
(root,0,0,00:00:00/23-13:17:40,2) [kthreadd]
(root,0,0,00:00:00/23-13:17:40,3) [rcu_gp]
(root,0,0,00:00:00/23-13:17:40,4) [rcu_par_gp]
(root,0,0,00:00:00/23-13:17:40,5) [slub_flushwq]
(root,0,0,00:00:00/23-13:17:40,7) [kworker/0:0H-events_highpri]
(root,0,0,00:00:00/23-13:17:40,9) [mm_percpu_wq]
(root,0,0,00:00:00/23-13:17:40,10) [rcu_tasks_kthre]
(root,0,0,00:00:00/23-13:17:40,11) [rcu_tasks_rude_]
(root,0,0,00:00:00/23-13:17:40,12) [rcu_tasks_trace]
(root,0,0,00:00:42/23-13:17:40,13) [ksoftirqd/0]
(root,0,0,01:02:43/23-13:17:40,14) [rcu_preempt]
(root,0,0,00:00:08/23-13:17:40,15) [migration/0]
(root,0,0,00:00:00/23-13:17:40,16) [idle_inject/0]
(root,0,0,00:00:00/23-13:17:40,18) [cpuhp/0]
(root,0,0,00:00:00/23-13:17:40,19) [cpuhp/1]
(root,0,0,00:00:00/23-13:17:40,20) [idle_inject/1]
(root,0,0,00:00:09/23-13:17:40,21) [migration/1]
(root,0,0,00:00:37/23-13:17:40,22) [ksoftirqd/1]
(root,0,0,00:00:00/23-13:17:40,24) [kworker/1:0H-events_highpri]
(root,0,0,00:00:00/23-13:17:40,25) [cpuhp/2]
(root,0,0,00:00:00/23-13:17:40,26) [idle_inject/2]
(root,0,0,00:00:07/23-13:17:40,27) [migration/2]
(root,0,0,00:47:27/23-13:17:40,28) [ksoftirqd/2]
(root,0,0,00:00:00/23-13:17:40,30) [kworker/2:0H-events_highpri]
(root,0,0,00:00:00/23-13:17:40,31) [cpuhp/3]
(root,0,0,00:00:00/23-13:17:40,32) [idle_inject/3]
(root,0,0,00:00:08/23-13:17:40,33) [migration/3]
(root,0,0,00:02:10/23-13:17:40,34) [ksoftirqd/3]
(root,0,0,00:00:00/23-13:17:40,36) [kworker/3:0H-events_highpri]
(root,0,0,00:00:00/23-13:17:40,39) [kdevtmpfs]
(root,0,0,00:00:00/23-13:17:40,40) [netns]
(root,0,0,00:00:00/23-13:17:40,41) [inet_frag_wq]
(root,0,0,00:00:05/23-13:17:40,42) [kauditd]
(root,0,0,00:00:00/23-13:17:40,43) [khungtaskd]
(root,0,0,00:00:00/23-13:17:40,44) [oom_reaper]
(root,0,0,00:00:00/23-13:17:40,45) [writeback]
(root,0,0,00:01:09/23-13:17:40,46) [kcompactd0]
(root,0,0,00:00:00/23-13:17:40,47) [ksmd]
(root,0,0,00:01:08/23-13:17:40,48) [khugepaged]
(root,0,0,00:00:00/23-13:17:40,74) [kintegrityd]
(root,0,0,00:00:00/23-13:17:40,75) [kblockd]
(root,0,0,00:00:00/23-13:17:40,76) [blkcg_punt_bio]
(root,0,0,00:00:00/23-13:17:40,78) [tpm_dev_wq]
(root,0,0,00:00:00/23-13:17:40,79) [edac-poller]
(root,0,0,00:00:00/23-13:17:40,80) [devfreq_wq]
(root,0,0,00:00:00/23-13:17:40,110) [watchdogd]
(root,0,0,00:00:04/23-13:17:40,111) [kworker/2:1H-kblockd]
(root,0,0,00:00:01/23-13:17:40,112) [kswapd0]
(root,0,0,00:00:00/23-13:17:39,114) [kthrotld]
(root,0,0,00:00:00/23-13:17:39,115) [mld]
(root,0,0,00:00:00/23-13:17:39,116) [ipv6_addrconf]
(root,0,0,00:00:10/23-13:17:39,117) [kworker/1:1H-kblockd]
(root,0,0,00:00:00/23-13:17:39,122) [kstrp]
(root,0,0,00:00:00/23-13:17:39,123) [zswap-shrink]
(root,0,0,00:00:00/23-13:17:39,124) [kworker/u9:0]
(root,0,0,00:00:00/23-13:17:39,129) [charger_manager]
(root,0,0,00:00:05/23-13:17:38,172) [kworker/3:1H-kblockd]
(root,0,0,00:00:05/23-13:17:38,175) [kworker/0:1H-kblockd]
(root,0,0,00:00:00/23-13:17:38,205) [kaluad]
(root,0,0,00:00:00/23-13:17:38,250) [kmpath_rdacd]
(root,0,0,00:00:00/23-13:17:38,293) [kmpathd]
(root,0,0,00:00:00/23-13:17:38,294) [kmpath_handlerd]
(root,0,0,00:00:00/23-13:17:38,342) [ata_sff]
(root,0,0,00:00:00/23-13:17:37,343) [scsi_eh_0]
(root,0,0,00:00:00/23-13:17:37,344) [scsi_tmf_0]
(root,0,0,00:00:00/23-13:17:37,345) [scsi_eh_1]
(root,0,0,00:00:00/23-13:17:37,346) [scsi_tmf_1]
(root,0,0,00:00:37/23-13:17:35,366) [jbd2/vda1-8]
(root,0,0,00:00:00/23-13:17:35,367) [ext4-rsv-conver]
(root,38604,7876,00:00:34/23-13:17:23,440) /usr/lib/systemd/systemd-journald
(root,53164,9544,00:00:02/23-13:17:22,456) /usr/lib/systemd/systemd-udevd
(root,8624,6756,00:00:35/23-13:17:20,491) /usr/sbin/haveged -w 1024 -v 0 -F
(root,13476,1628,00:00:12/23-13:16:46,512) /sbin/auditd
(messagebus,22936,5640,00:01:07/23-13:16:46,518) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
(root,38748,8556,00:00:38/23-13:16:46,531) /usr/lib/systemd/systemd-logind
(root,20556,5076,00:00:00/23-13:16:46,541) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground
(root,31876,16156,00:00:03/23-13:16:45,626) /usr/sbin/wickedd --systemd --foreground
(root,31896,16912,00:00:00/23-13:16:45,627) /usr/sbin/wickedd-nanny --systemd --foreground
(root,548104,30324,00:00:26/23-13:16:31,1172) python3 /services/inst/nemo-exportd/bin/nemo-exportd
(root,37016,26512,00:00:00/23-13:16:31,1185) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion
(root,21172,4572,00:02:08/23-13:16:30,1194) /usr/sbin/xinetd -stayalive -dontfork
(root,2984,1744,00:00:00/23-13:16:30,1197) /sbin/agetty -o -p -- \u --noclear tty1 linux
(syslogtunnel,40568,10564,00:00:00/23-13:16:30,1199) /usr/lib/systemd/systemd --user
(cm-ssh,40568,10520,00:00:00/23-13:16:30,1200) /usr/lib/systemd/systemd --user
(checkmk,40560,10484,00:00:00/23-13:16:30,1201) /usr/lib/systemd/systemd --user
(root,448968,8552,00:00:32/23-13:16:30,1202) /usr/sbin/rsyslogd -n -iNONE
(ntp,20660,6064,00:03:12/23-13:16:30,1204) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf
(root,2516,672,00:00:00/23-13:16:30,1206) bpfilter_umh
(root,26204,8300,00:00:10/23-13:16:30,1214) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups
(ntp,22048,4188,00:00:00/23-13:16:30,1215) ntpd: asynchronous dns resolver
(spot,285596,172756,1-05:36:58/23-13:16:30,1221) /usr/bin/python3.11 /usr/bin/spot
(cm-ssh,48532,3192,00:00:00/23-13:16:29,1228) (sd-pam)
(checkmk,48532,3192,00:00:00/23-13:16:29,1229) (sd-pam)
(syslogtunnel,48532,3192,00:00:00/23-13:16:29,1245) (sd-pam)
(root,24216,5348,00:00:07/23-13:16:28,1325) /usr/lib/postfix/bin//master -w
(postfix,24292,8260,00:00:01/23-13:16:28,1327) qmgr -l -t fifo -u
(root,8964,2668,00:00:03/23-13:16:27,1354) /usr/sbin/cron -n
(root,693860,77156,00:30:43/23-13:16:21,1375) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion
(spot,217536,55852,00:08:42/23-13:16:07,1380) /usr/bin/python3.11 /usr/bin/spot
(root,0,0,00:00:00/47:16,3891) [kworker/u8:2-ext4-rsv-conversion]
(root,6656,3492,00:00:00/00:00,4006) /bin/bash /usr/bin/check_mk_agent
(root,6656,3488,00:00:00/00:00,4052) /bin/bash /usr/bin/check_mk_agent
(root,13744,3364,00:00:00/00:00,4070) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000
(root,11644,964,00:00:00/00:00,4071) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) /
(root,0,0,00:00:00/39:10,7143) [kworker/u8:1-writeback]
(root,0,0,00:00:00/02:08:05,7973) [kworker/0:1-events]
(root,35308,10012,00:00:00/17-11:07:23,15389) sshd: cm-ssh [priv]
(cm-ssh,35308,5508,00:00:58/17-11:07:22,15391) sshd: cm-ssh
(root,0,0,00:00:00/07:19,16533) [kworker/1:1-ata_sff]
(root,0,0,00:00:01/04:01:43,16672) [kworker/3:2-events]
(root,35308,10072,00:00:00/7-12:36:01,16975) sshd: syslogtunnel [priv]
(syslogtunnel,35308,5588,00:00:26/7-12:36:00,16977) sshd: syslogtunnel
(root,0,0,00:00:00/05:59,19831) [kworker/2:1-events]
(root,0,0,00:00:00/12:51,26295) [kworker/0:2-events]
(root,0,0,00:00:00/26:33,27140) [kworker/2:2-events]
(postfix,24244,8160,00:00:00/01:38:08,28146) pickup -l -t fifo -u
(root,0,0,00:00:01/02:22:14,30106) [kworker/1:2-events]
(root,0,0,00:00:00/02:09,30408) [kworker/1:0-ata_sff]
(postfix,44628,9372,00:00:00/17-17:53:08,30472) tlsmgr -l -t unix -u
(root,0,0,00:00:00/01:07:20,31932) [kworker/3:1]

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff
    altname enp0s18
    altname ens18
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff
    altname enp0s19
    altname ens19
[end_iplink]
      Found on 2024-12-05 23:39

    • Severity: high
      Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe56836337eed994

      Found public CheckMk agent:
Version: 1.5.0p25
AgentOS: linux
Hostname: sarpedon
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
OnlyFrom: 

Found process list through CheckMk:
(root,189460,12808,00:00:57/21-13:34:23,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29
(root,0,0,00:00:00/21-13:34:23,2) [kthreadd]
(root,0,0,00:00:00/21-13:34:23,3) [rcu_gp]
(root,0,0,00:00:00/21-13:34:23,4) [rcu_par_gp]
(root,0,0,00:00:00/21-13:34:23,5) [slub_flushwq]
(root,0,0,00:00:00/21-13:34:23,7) [kworker/0:0H-events_highpri]
(root,0,0,00:00:00/21-13:34:23,9) [mm_percpu_wq]
(root,0,0,00:00:00/21-13:34:23,10) [rcu_tasks_kthre]
(root,0,0,00:00:00/21-13:34:23,11) [rcu_tasks_rude_]
(root,0,0,00:00:00/21-13:34:23,12) [rcu_tasks_trace]
(root,0,0,00:00:39/21-13:34:23,13) [ksoftirqd/0]
(root,0,0,00:57:24/21-13:34:23,14) [rcu_preempt]
(root,0,0,00:00:08/21-13:34:23,15) [migration/0]
(root,0,0,00:00:00/21-13:34:23,16) [idle_inject/0]
(root,0,0,00:00:00/21-13:34:23,18) [cpuhp/0]
(root,0,0,00:00:00/21-13:34:23,19) [cpuhp/1]
(root,0,0,00:00:00/21-13:34:23,20) [idle_inject/1]
(root,0,0,00:00:08/21-13:34:23,21) [migration/1]
(root,0,0,00:00:34/21-13:34:23,22) [ksoftirqd/1]
(root,0,0,00:00:00/21-13:34:23,24) [kworker/1:0H-events_highpri]
(root,0,0,00:00:00/21-13:34:23,25) [cpuhp/2]
(root,0,0,00:00:00/21-13:34:23,26) [idle_inject/2]
(root,0,0,00:00:06/21-13:34:23,27) [migration/2]
(root,0,0,00:43:34/21-13:34:23,28) [ksoftirqd/2]
(root,0,0,00:00:00/21-13:34:23,30) [kworker/2:0H-events_highpri]
(root,0,0,00:00:00/21-13:34:23,31) [cpuhp/3]
(root,0,0,00:00:00/21-13:34:23,32) [idle_inject/3]
(root,0,0,00:00:08/21-13:34:23,33) [migration/3]
(root,0,0,00:02:00/21-13:34:23,34) [ksoftirqd/3]
(root,0,0,00:00:00/21-13:34:23,36) [kworker/3:0H-events_highpri]
(root,0,0,00:00:00/21-13:34:23,39) [kdevtmpfs]
(root,0,0,00:00:00/21-13:34:23,40) [netns]
(root,0,0,00:00:00/21-13:34:23,41) [inet_frag_wq]
(root,0,0,00:00:05/21-13:34:23,42) [kauditd]
(root,0,0,00:00:00/21-13:34:23,43) [khungtaskd]
(root,0,0,00:00:00/21-13:34:23,44) [oom_reaper]
(root,0,0,00:00:00/21-13:34:23,45) [writeback]
(root,0,0,00:01:03/21-13:34:23,46) [kcompactd0]
(root,0,0,00:00:00/21-13:34:23,47) [ksmd]
(root,0,0,00:01:02/21-13:34:23,48) [khugepaged]
(root,0,0,00:00:00/21-13:34:23,74) [kintegrityd]
(root,0,0,00:00:00/21-13:34:23,75) [kblockd]
(root,0,0,00:00:00/21-13:34:23,76) [blkcg_punt_bio]
(root,0,0,00:00:00/21-13:34:23,78) [tpm_dev_wq]
(root,0,0,00:00:00/21-13:34:23,79) [edac-poller]
(root,0,0,00:00:00/21-13:34:23,80) [devfreq_wq]
(root,0,0,00:00:00/21-13:34:23,110) [watchdogd]
(root,0,0,00:00:04/21-13:34:23,111) [kworker/2:1H-kblockd]
(root,0,0,00:00:01/21-13:34:23,112) [kswapd0]
(root,0,0,00:00:00/21-13:34:22,114) [kthrotld]
(root,0,0,00:00:00/21-13:34:22,115) [mld]
(root,0,0,00:00:00/21-13:34:22,116) [ipv6_addrconf]
(root,0,0,00:00:09/21-13:34:22,117) [kworker/1:1H-kblockd]
(root,0,0,00:00:00/21-13:34:22,122) [kstrp]
(root,0,0,00:00:00/21-13:34:22,123) [zswap-shrink]
(root,0,0,00:00:00/21-13:34:22,124) [kworker/u9:0]
(root,0,0,00:00:00/21-13:34:22,129) [charger_manager]
(root,0,0,00:00:04/21-13:34:21,172) [kworker/3:1H-kblockd]
(root,0,0,00:00:04/21-13:34:21,175) [kworker/0:1H-kblockd]
(root,0,0,00:00:00/21-13:34:21,205) [kaluad]
(root,0,0,00:00:00/21-13:34:21,250) [kmpath_rdacd]
(root,0,0,00:00:00/21-13:34:21,293) [kmpathd]
(root,0,0,00:00:00/21-13:34:21,294) [kmpath_handlerd]
(root,0,0,00:00:00/21-13:34:21,342) [ata_sff]
(root,0,0,00:00:00/21-13:34:20,343) [scsi_eh_0]
(root,0,0,00:00:00/21-13:34:20,344) [scsi_tmf_0]
(root,0,0,00:00:00/21-13:34:20,345) [scsi_eh_1]
(root,0,0,00:00:00/21-13:34:20,346) [scsi_tmf_1]
(root,0,0,00:00:33/21-13:34:18,366) [jbd2/vda1-8]
(root,0,0,00:00:00/21-13:34:18,367) [ext4-rsv-conver]
(root,38604,7876,00:00:31/21-13:34:06,440) /usr/lib/systemd/systemd-journald
(root,53164,9544,00:00:02/21-13:34:05,456) /usr/lib/systemd/systemd-udevd
(root,8624,6756,00:00:32/21-13:34:03,491) /usr/sbin/haveged -w 1024 -v 0 -F
(root,13476,1628,00:00:11/21-13:33:29,512) /sbin/auditd
(messagebus,22936,5640,00:01:03/21-13:33:29,518) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
(root,38748,8556,00:00:36/21-13:33:29,531) /usr/lib/systemd/systemd-logind
(root,20556,5076,00:00:00/21-13:33:29,541) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground
(root,31876,16156,00:00:03/21-13:33:28,626) /usr/sbin/wickedd --systemd --foreground
(root,31896,16912,00:00:00/21-13:33:28,627) /usr/sbin/wickedd-nanny --systemd --foreground
(root,548104,29804,00:00:24/21-13:33:14,1172) python3 /services/inst/nemo-exportd/bin/nemo-exportd
(root,37016,26512,00:00:00/21-13:33:14,1185) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion
(root,21172,4572,00:01:59/21-13:33:13,1194) /usr/sbin/xinetd -stayalive -dontfork
(root,2984,1744,00:00:00/21-13:33:13,1197) /sbin/agetty -o -p -- \u --noclear tty1 linux
(syslogtunnel,40568,10564,00:00:00/21-13:33:13,1199) /usr/lib/systemd/systemd --user
(cm-ssh,40568,10520,00:00:00/21-13:33:13,1200) /usr/lib/systemd/systemd --user
(checkmk,40560,10484,00:00:00/21-13:33:13,1201) /usr/lib/systemd/systemd --user
(root,448968,8552,00:00:30/21-13:33:13,1202) /usr/sbin/rsyslogd -n -iNONE
(ntp,20660,6064,00:02:55/21-13:33:13,1204) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf
(root,2516,672,00:00:00/21-13:33:13,1206) bpfilter_umh
(root,26204,8300,00:00:09/21-13:33:13,1214) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups
(ntp,22048,4188,00:00:00/21-13:33:13,1215) ntpd: asynchronous dns resolver
(spot,285532,171960,1-03:16:35/21-13:33:13,1221) /usr/bin/python3.11 /usr/bin/spot
(cm-ssh,48532,3192,00:00:00/21-13:33:12,1228) (sd-pam)
(checkmk,48532,3192,00:00:00/21-13:33:12,1229) (sd-pam)
(syslogtunnel,48532,3192,00:00:00/21-13:33:12,1245) (sd-pam)
(root,24216,5348,00:00:07/21-13:33:11,1325) /usr/lib/postfix/bin//master -w
(postfix,24292,8260,00:00:01/21-13:33:11,1327) qmgr -l -t fifo -u
(root,8964,2668,00:00:02/21-13:33:10,1354) /usr/sbin/cron -n
(root,693604,76796,00:28:04/21-13:33:04,1375) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion
(spot,216512,54956,00:07:23/21-13:32:50,1380) /usr/bin/python3.11 /usr/bin/spot
(root,0,0,00:00:02/02:15:06,1511) [kworker/2:0-events]
(root,0,0,00:00:00/47:49,3242) [kworker/1:2-events]
(root,0,0,00:00:00/13:07,3967) [kworker/0:1-events]
(postfix,24244,8180,00:00:00/36:41,7480) pickup -l -t fifo -u
(root,0,0,00:00:00/19:25,9645) [kworker/2:1]
(root,0,0,00:00:00/01:09,11851) [kworker/1:1-ata_sff]
(root,35308,10012,00:00:00/15-11:24:06,15389) sshd: cm-ssh [priv]
(cm-ssh,35308,5508,00:00:51/15-11:24:05,15391) sshd: cm-ssh
(root,0,0,00:00:00/25:45,15943) [kworker/3:2-events]
(root,6656,3476,00:00:00/00:00,16972) /bin/bash /usr/bin/check_mk_agent
(root,35308,10072,00:00:00/5-12:52:44,16975) sshd: syslogtunnel [priv]
(syslogtunnel,35308,5588,00:00:19/5-12:52:43,16977) sshd: syslogtunnel
(root,6656,3480,00:00:00/00:00,16998) /bin/bash /usr/bin/check_mk_agent
(root,13744,3500,00:00:00/00:00,17036) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000
(root,11644,968,00:00:00/00:00,17037) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) /
(root,6656,1820,00:00:00/00:00,17039) /bin/bash /usr/bin/check_mk_agent
(root,6656,2012,00:00:00/00:00,17040) /bin/bash /usr/bin/check_mk_agent
(root,4480,1044,00:00:00/00:00,17041) awk  /:/ { c[$4]++; } END { for (x in c) { print x, c[x]; } }
(root,2728,860,00:00:00/00:00,17042) timeout 5 cat /proc/net/tcp /proc/net/tcp6
(root,0,0,00:00:00/01:04:46,20180) [kworker/0:0-events]
(root,0,0,00:00:00/01:11:32,27154) [kworker/u8:0-writeback]
(root,0,0,00:00:00/04:09:23,28374) [kworker/u8:2-ext4-rsv-conversion]
(root,0,0,00:00:00/06:20,28466) [kworker/1:0-ata_sff]
(root,0,0,00:00:01/08:05:40,30433) [kworker/3:1-events]
(postfix,44628,9372,00:00:00/15-18:09:51,30472) tlsmgr -l -t unix -u

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff
    altname enp0s18
    altname ens18
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff
    altname enp0s19
    altname ens19
[end_iplink]
      Found on 2024-12-03 23:56

    • Severity: high
      Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363c3ca35f7

      Found public CheckMk agent:
Version: 1.5.0p25
AgentOS: linux
Hostname: sarpedon
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
OnlyFrom: 

Found process list through CheckMk:
(root,189460,12828,00:00:53/19-12:52:39,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29
(root,0,0,00:00:00/19-12:52:39,2) [kthreadd]
(root,0,0,00:00:00/19-12:52:39,3) [rcu_gp]
(root,0,0,00:00:00/19-12:52:39,4) [rcu_par_gp]
(root,0,0,00:00:00/19-12:52:39,5) [slub_flushwq]
(root,0,0,00:00:00/19-12:52:39,7) [kworker/0:0H-events_highpri]
(root,0,0,00:00:00/19-12:52:39,9) [mm_percpu_wq]
(root,0,0,00:00:00/19-12:52:39,10) [rcu_tasks_kthre]
(root,0,0,00:00:00/19-12:52:39,11) [rcu_tasks_rude_]
(root,0,0,00:00:00/19-12:52:39,12) [rcu_tasks_trace]
(root,0,0,00:00:35/19-12:52:39,13) [ksoftirqd/0]
(root,0,0,00:52:03/19-12:52:39,14) [rcu_preempt]
(root,0,0,00:00:07/19-12:52:39,15) [migration/0]
(root,0,0,00:00:00/19-12:52:39,16) [idle_inject/0]
(root,0,0,00:00:00/19-12:52:39,18) [cpuhp/0]
(root,0,0,00:00:00/19-12:52:39,19) [cpuhp/1]
(root,0,0,00:00:00/19-12:52:39,20) [idle_inject/1]
(root,0,0,00:00:07/19-12:52:39,21) [migration/1]
(root,0,0,00:00:31/19-12:52:39,22) [ksoftirqd/1]
(root,0,0,00:00:00/19-12:52:39,24) [kworker/1:0H-events_highpri]
(root,0,0,00:00:00/19-12:52:39,25) [cpuhp/2]
(root,0,0,00:00:00/19-12:52:39,26) [idle_inject/2]
(root,0,0,00:00:06/19-12:52:39,27) [migration/2]
(root,0,0,00:38:53/19-12:52:39,28) [ksoftirqd/2]
(root,0,0,00:00:00/19-12:52:39,30) [kworker/2:0H-events_highpri]
(root,0,0,00:00:00/19-12:52:39,31) [cpuhp/3]
(root,0,0,00:00:00/19-12:52:39,32) [idle_inject/3]
(root,0,0,00:00:07/19-12:52:39,33) [migration/3]
(root,0,0,00:01:48/19-12:52:39,34) [ksoftirqd/3]
(root,0,0,00:00:00/19-12:52:39,36) [kworker/3:0H-events_highpri]
(root,0,0,00:00:00/19-12:52:39,39) [kdevtmpfs]
(root,0,0,00:00:00/19-12:52:39,40) [netns]
(root,0,0,00:00:00/19-12:52:39,41) [inet_frag_wq]
(root,0,0,00:00:05/19-12:52:39,42) [kauditd]
(root,0,0,00:00:00/19-12:52:39,43) [khungtaskd]
(root,0,0,00:00:00/19-12:52:39,44) [oom_reaper]
(root,0,0,00:00:00/19-12:52:39,45) [writeback]
(root,0,0,00:00:56/19-12:52:39,46) [kcompactd0]
(root,0,0,00:00:00/19-12:52:39,47) [ksmd]
(root,0,0,00:00:57/19-12:52:39,48) [khugepaged]
(root,0,0,00:00:00/19-12:52:39,74) [kintegrityd]
(root,0,0,00:00:00/19-12:52:39,75) [kblockd]
(root,0,0,00:00:00/19-12:52:39,76) [blkcg_punt_bio]
(root,0,0,00:00:00/19-12:52:39,78) [tpm_dev_wq]
(root,0,0,00:00:00/19-12:52:39,79) [edac-poller]
(root,0,0,00:00:00/19-12:52:39,80) [devfreq_wq]
(root,0,0,00:00:00/19-12:52:39,110) [watchdogd]
(root,0,0,00:00:03/19-12:52:39,111) [kworker/2:1H-kblockd]
(root,0,0,00:00:01/19-12:52:39,112) [kswapd0]
(root,0,0,00:00:00/19-12:52:38,114) [kthrotld]
(root,0,0,00:00:00/19-12:52:38,115) [mld]
(root,0,0,00:00:00/19-12:52:38,116) [ipv6_addrconf]
(root,0,0,00:00:08/19-12:52:38,117) [kworker/1:1H-kblockd]
(root,0,0,00:00:00/19-12:52:38,122) [kstrp]
(root,0,0,00:00:00/19-12:52:38,123) [zswap-shrink]
(root,0,0,00:00:00/19-12:52:38,124) [kworker/u9:0]
(root,0,0,00:00:00/19-12:52:38,129) [charger_manager]
(root,0,0,00:00:04/19-12:52:37,172) [kworker/3:1H-kblockd]
(root,0,0,00:00:04/19-12:52:37,175) [kworker/0:1H-kblockd]
(root,0,0,00:00:00/19-12:52:37,205) [kaluad]
(root,0,0,00:00:00/19-12:52:37,250) [kmpath_rdacd]
(root,0,0,00:00:00/19-12:52:37,293) [kmpathd]
(root,0,0,00:00:00/19-12:52:37,294) [kmpath_handlerd]
(root,0,0,00:00:00/19-12:52:37,342) [ata_sff]
(root,0,0,00:00:00/19-12:52:36,343) [scsi_eh_0]
(root,0,0,00:00:00/19-12:52:36,344) [scsi_tmf_0]
(root,0,0,00:00:00/19-12:52:36,345) [scsi_eh_1]
(root,0,0,00:00:00/19-12:52:36,346) [scsi_tmf_1]
(root,0,0,00:00:29/19-12:52:34,366) [jbd2/vda1-8]
(root,0,0,00:00:00/19-12:52:34,367) [ext4-rsv-conver]
(root,38604,7876,00:00:29/19-12:52:22,440) /usr/lib/systemd/systemd-journald
(root,53164,9648,00:00:02/19-12:52:21,456) /usr/lib/systemd/systemd-udevd
(root,8624,6760,00:00:29/19-12:52:19,491) /usr/sbin/haveged -w 1024 -v 0 -F
(root,13476,1628,00:00:10/19-12:51:45,512) /sbin/auditd
(messagebus,22936,5672,00:00:58/19-12:51:45,518) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
(root,38748,8556,00:00:33/19-12:51:45,531) /usr/lib/systemd/systemd-logind
(root,20556,5140,00:00:00/19-12:51:45,541) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground
(root,31876,16220,00:00:03/19-12:51:44,626) /usr/sbin/wickedd --systemd --foreground
(root,31896,16976,00:00:00/19-12:51:44,627) /usr/sbin/wickedd-nanny --systemd --foreground
(root,548104,29812,00:00:22/19-12:51:30,1172) python3 /services/inst/nemo-exportd/bin/nemo-exportd
(root,37016,26512,00:00:00/19-12:51:30,1185) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion
(root,21172,4572,00:01:48/19-12:51:29,1194) /usr/sbin/xinetd -stayalive -dontfork
(root,2984,1744,00:00:00/19-12:51:29,1197) /sbin/agetty -o -p -- \u --noclear tty1 linux
(syslogtunnel,40568,10564,00:00:00/19-12:51:29,1199) /usr/lib/systemd/systemd --user
(cm-ssh,40568,10520,00:00:00/19-12:51:29,1200) /usr/lib/systemd/systemd --user
(checkmk,40560,10484,00:00:00/19-12:51:29,1201) /usr/lib/systemd/systemd --user
(root,448968,8552,00:00:28/19-12:51:29,1202) /usr/sbin/rsyslogd -n -iNONE
(ntp,20660,6112,00:02:39/19-12:51:29,1204) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf
(root,2516,672,00:00:00/19-12:51:29,1206) bpfilter_umh
(root,26204,8300,00:00:09/19-12:51:29,1214) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups
(ntp,22048,4236,00:00:00/19-12:51:29,1215) ntpd: asynchronous dns resolver
(spot,284828,171784,1-01:00:42/19-12:51:29,1221) /usr/bin/python3.11 /usr/bin/spot
(cm-ssh,48532,3192,00:00:00/19-12:51:28,1228) (sd-pam)
(checkmk,48532,3192,00:00:00/19-12:51:28,1229) (sd-pam)
(syslogtunnel,48532,3192,00:00:00/19-12:51:28,1245) (sd-pam)
(root,24216,5348,00:00:06/19-12:51:27,1325) /usr/lib/postfix/bin//master -w
(postfix,24292,8260,00:00:01/19-12:51:27,1327) qmgr -l -t fifo -u
(root,8964,2668,00:00:02/19-12:51:26,1354) /usr/sbin/cron -n
(root,692836,75756,00:25:22/19-12:51:20,1375) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion
(spot,215488,53048,00:06:33/19-12:51:06,1380) /usr/bin/python3.11 /usr/bin/spot
(root,0,0,00:00:00/06:24,1389) [kworker/1:2-ata_sff]
(root,0,0,00:00:00/01:06:26,3881) [kworker/0:0]
(root,0,0,00:00:01/04:54:03,3898) [kworker/3:2-events]
(root,0,0,00:00:00/01:25:17,5253) [kworker/u8:2-writeback]
(root,0,0,00:00:00/48:19,5674) [kworker/3:1]
(root,0,0,00:00:00/47:56,7240) [kworker/1:1-events]
(root,0,0,00:00:00/01:14,14977) [kworker/1:0-ata_sff]
(root,35308,10012,00:00:00/13-10:42:22,15389) sshd: cm-ssh [priv]
(cm-ssh,35308,5508,00:00:44/13-10:42:21,15391) sshd: cm-ssh
(root,35308,10072,00:00:00/3-12:11:00,16975) sshd: syslogtunnel [priv]
(syslogtunnel,35308,5588,00:00:12/3-12:10:59,16977) sshd: syslogtunnel
(root,0,0,00:00:00/04:04:18,17740) [kworker/u8:1-flush-253:0]
(root,0,0,00:00:02/02:38:31,19370) [kworker/2:0-events]
(root,6764,3604,00:00:00/00:01,20133) /bin/bash /usr/bin/check_mk_agent
(root,6656,3492,00:00:00/00:00,20238) /bin/bash /usr/bin/check_mk_agent
(root,6292,3188,00:00:00/00:00,20245) /bin/bash ././spot.bash
(root,13744,3516,00:00:00/00:00,20272) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000
(root,11644,960,00:00:00/00:00,20274) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) /
(root,0,0,00:00:00/10:49,21913) [kworker/2:2-events]
(postfix,24244,8204,00:00:00/15:55,22577) pickup -l -t fifo -u
(root,0,0,00:00:00/01:18:41,26126) [kworker/0:2-events]
(postfix,44628,9416,00:00:00/13-17:28:07,30472) tlsmgr -l -t unix -u

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff
    altname enp0s18
    altname ens18
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff
    altname enp0s19
    altname ens19
[end_iplink]
      Found on 2024-12-01 23:14

    • Severity: high
      Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe56836338ce6e48

      Found public CheckMk agent:
Version: 1.5.0p25
AgentOS: linux
Hostname: sarpedon
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
OnlyFrom: 

Found process list through CheckMk:
(root,189460,12824,00:00:49/17-13:10:02,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29
(root,0,0,00:00:00/17-13:10:02,2) [kthreadd]
(root,0,0,00:00:00/17-13:10:02,3) [rcu_gp]
(root,0,0,00:00:00/17-13:10:02,4) [rcu_par_gp]
(root,0,0,00:00:00/17-13:10:02,5) [slub_flushwq]
(root,0,0,00:00:00/17-13:10:02,7) [kworker/0:0H-events_highpri]
(root,0,0,00:00:00/17-13:10:02,9) [mm_percpu_wq]
(root,0,0,00:00:00/17-13:10:02,10) [rcu_tasks_kthre]
(root,0,0,00:00:00/17-13:10:02,11) [rcu_tasks_rude_]
(root,0,0,00:00:00/17-13:10:02,12) [rcu_tasks_trace]
(root,0,0,00:00:32/17-13:10:02,13) [ksoftirqd/0]
(root,0,0,00:46:58/17-13:10:02,14) [rcu_preempt]
(root,0,0,00:00:06/17-13:10:02,15) [migration/0]
(root,0,0,00:00:00/17-13:10:02,16) [idle_inject/0]
(root,0,0,00:00:00/17-13:10:02,18) [cpuhp/0]
(root,0,0,00:00:00/17-13:10:02,19) [cpuhp/1]
(root,0,0,00:00:00/17-13:10:02,20) [idle_inject/1]
(root,0,0,00:00:07/17-13:10:02,21) [migration/1]
(root,0,0,00:00:28/17-13:10:02,22) [ksoftirqd/1]
(root,0,0,00:00:00/17-13:10:02,24) [kworker/1:0H-events_highpri]
(root,0,0,00:00:00/17-13:10:02,25) [cpuhp/2]
(root,0,0,00:00:00/17-13:10:02,26) [idle_inject/2]
(root,0,0,00:00:05/17-13:10:02,27) [migration/2]
(root,0,0,00:35:45/17-13:10:02,28) [ksoftirqd/2]
(root,0,0,00:00:00/17-13:10:02,30) [kworker/2:0H-events_highpri]
(root,0,0,00:00:00/17-13:10:02,31) [cpuhp/3]
(root,0,0,00:00:00/17-13:10:02,32) [idle_inject/3]
(root,0,0,00:00:06/17-13:10:02,33) [migration/3]
(root,0,0,00:01:39/17-13:10:02,34) [ksoftirqd/3]
(root,0,0,00:00:00/17-13:10:02,36) [kworker/3:0H-events_highpri]
(root,0,0,00:00:00/17-13:10:02,39) [kdevtmpfs]
(root,0,0,00:00:00/17-13:10:02,40) [netns]
(root,0,0,00:00:00/17-13:10:02,41) [inet_frag_wq]
(root,0,0,00:00:04/17-13:10:02,42) [kauditd]
(root,0,0,00:00:00/17-13:10:02,43) [khungtaskd]
(root,0,0,00:00:00/17-13:10:02,44) [oom_reaper]
(root,0,0,00:00:00/17-13:10:02,45) [writeback]
(root,0,0,00:00:51/17-13:10:02,46) [kcompactd0]
(root,0,0,00:00:00/17-13:10:02,47) [ksmd]
(root,0,0,00:00:51/17-13:10:02,48) [khugepaged]
(root,0,0,00:00:00/17-13:10:02,74) [kintegrityd]
(root,0,0,00:00:00/17-13:10:02,75) [kblockd]
(root,0,0,00:00:00/17-13:10:02,76) [blkcg_punt_bio]
(root,0,0,00:00:00/17-13:10:02,78) [tpm_dev_wq]
(root,0,0,00:00:00/17-13:10:02,79) [edac-poller]
(root,0,0,00:00:00/17-13:10:02,80) [devfreq_wq]
(root,0,0,00:00:00/17-13:10:02,110) [watchdogd]
(root,0,0,00:00:03/17-13:10:02,111) [kworker/2:1H-kblockd]
(root,0,0,00:00:01/17-13:10:02,112) [kswapd0]
(root,0,0,00:00:00/17-13:10:01,114) [kthrotld]
(root,0,0,00:00:00/17-13:10:01,115) [mld]
(root,0,0,00:00:00/17-13:10:01,116) [ipv6_addrconf]
(root,0,0,00:00:07/17-13:10:01,117) [kworker/1:1H-kblockd]
(root,0,0,00:00:00/17-13:10:01,122) [kstrp]
(root,0,0,00:00:00/17-13:10:01,123) [zswap-shrink]
(root,0,0,00:00:00/17-13:10:01,124) [kworker/u9:0]
(root,0,0,00:00:00/17-13:10:01,129) [charger_manager]
(root,0,0,00:00:03/17-13:10:00,172) [kworker/3:1H-kblockd]
(root,0,0,00:00:03/17-13:10:00,175) [kworker/0:1H-kblockd]
(root,0,0,00:00:00/17-13:10:00,205) [kaluad]
(root,0,0,00:00:00/17-13:10:00,250) [kmpath_rdacd]
(root,0,0,00:00:00/17-13:10:00,293) [kmpathd]
(root,0,0,00:00:00/17-13:10:00,294) [kmpath_handlerd]
(root,0,0,00:00:00/17-13:10:00,342) [ata_sff]
(root,0,0,00:00:00/17-13:09:59,343) [scsi_eh_0]
(root,0,0,00:00:00/17-13:09:59,344) [scsi_tmf_0]
(root,0,0,00:00:00/17-13:09:59,345) [scsi_eh_1]
(root,0,0,00:00:00/17-13:09:59,346) [scsi_tmf_1]
(root,0,0,00:00:26/17-13:09:57,366) [jbd2/vda1-8]
(root,0,0,00:00:00/17-13:09:57,367) [ext4-rsv-conver]
(root,38604,7876,00:00:27/17-13:09:45,440) /usr/lib/systemd/systemd-journald
(root,53164,9648,00:00:02/17-13:09:44,456) /usr/lib/systemd/systemd-udevd
(root,8624,6760,00:00:26/17-13:09:42,491) /usr/sbin/haveged -w 1024 -v 0 -F
(root,13476,1628,00:00:10/17-13:09:08,512) /sbin/auditd
(messagebus,22936,5672,00:00:54/17-13:09:08,518) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
(root,38748,8556,00:00:31/17-13:09:08,531) /usr/lib/systemd/systemd-logind
(root,20556,5140,00:00:00/17-13:09:08,541) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground
(root,31876,16220,00:00:03/17-13:09:07,626) /usr/sbin/wickedd --systemd --foreground
(root,31896,16976,00:00:00/17-13:09:07,627) /usr/sbin/wickedd-nanny --systemd --foreground
(root,547848,29016,00:00:19/17-13:08:53,1172) python3 /services/inst/nemo-exportd/bin/nemo-exportd
(root,37016,26512,00:00:00/17-13:08:53,1185) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion
(root,21172,4572,00:01:36/17-13:08:52,1194) /usr/sbin/xinetd -stayalive -dontfork
(root,2984,1744,00:00:00/17-13:08:52,1197) /sbin/agetty -o -p -- \u --noclear tty1 linux
(syslogtunnel,40568,10564,00:00:00/17-13:08:52,1199) /usr/lib/systemd/systemd --user
(cm-ssh,40568,10520,00:00:00/17-13:08:52,1200) /usr/lib/systemd/systemd --user
(checkmk,40560,10484,00:00:00/17-13:08:52,1201) /usr/lib/systemd/systemd --user
(root,448968,8552,00:00:26/17-13:08:52,1202) /usr/sbin/rsyslogd -n -iNONE
(ntp,20660,6112,00:02:22/17-13:08:52,1204) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf
(root,2516,672,00:00:00/17-13:08:52,1206) bpfilter_umh
(root,26204,8300,00:00:08/17-13:08:52,1214) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups
(ntp,22048,4236,00:00:00/17-13:08:52,1215) ntpd: asynchronous dns resolver
(spot,285612,171980,23:04:47/17-13:08:52,1221) /usr/bin/python3.11 /usr/bin/spot
(cm-ssh,48532,3192,00:00:00/17-13:08:51,1228) (sd-pam)
(checkmk,48532,3192,00:00:00/17-13:08:51,1229) (sd-pam)
(syslogtunnel,48532,3192,00:00:00/17-13:08:51,1245) (sd-pam)
(root,24216,5348,00:00:05/17-13:08:50,1325) /usr/lib/postfix/bin//master -w
(postfix,24292,8260,00:00:01/17-13:08:50,1327) qmgr -l -t fifo -u
(root,8964,2668,00:00:02/17-13:08:49,1354) /usr/sbin/cron -n
(root,692236,75412,00:22:47/17-13:08:43,1375) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion
(spot,214464,51012,00:05:52/17-13:08:29,1380) /usr/bin/python3.11 /usr/bin/spot
(root,0,0,00:00:03/02:26:47,3299) [kworker/2:0-events]
(root,0,0,00:00:00/36:14,6422) [kworker/0:2-events]
(root,0,0,00:00:00/08:16,9703) [kworker/1:0-ata_sff]
(postfix,24244,8240,00:00:00/55:10,9878) pickup -l -t fifo -u
(root,0,0,00:00:00/03:04,12034) [kworker/1:1-ata_sff]
(root,35308,10012,00:00:00/11-10:59:45,15389) sshd: cm-ssh [priv]
(cm-ssh,35308,5508,00:00:38/11-10:59:44,15391) sshd: cm-ssh
(root,35308,10072,00:00:00/1-12:28:23,16975) sshd: syslogtunnel [priv]
(syslogtunnel,35308,5588,00:00:05/1-12:28:22,16977) sshd: syslogtunnel
(root,0,0,00:00:00/23:48,19748) [kworker/2:2-events]
(root,0,0,00:00:02/04:53:37,19752) [kworker/1:2-events]
(root,0,0,00:00:00/01:27:09,19953) [kworker/u8:0-ext4-rsv-conversion]
(root,0,0,00:00:01/04:11:21,24312) [kworker/0:0-events]
(root,0,0,00:00:00/07:15:08,28658) [kworker/u8:1-flush-253:0]
(root,0,0,00:00:00/05:31,29069) [kworker/3:2]
(root,6764,3616,00:00:00/00:01,29331) /bin/bash /usr/bin/check_mk_agent
(root,6656,3476,00:00:00/00:00,29484) /bin/bash /usr/bin/check_mk_agent
(root,6292,3188,00:00:00/00:00,29518) /bin/bash ././spot.bash
(root,13744,3504,00:00:00/00:00,29521) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000
(root,11644,964,00:00:00/00:00,29523) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) /
(postfix,44628,9416,00:00:00/11-17:45:30,30472) tlsmgr -l -t unix -u
(root,0,0,00:00:01/02:57:11,32305) [kworker/3:1-events]

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff
    altname enp0s18
    altname ens18
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff
    altname enp0s19
    altname ens19
[end_iplink]
      Found on 2024-11-29 23:32

    • Severity: high
      Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe5683638d1dcdb2

      Found public CheckMk agent:
Version: 1.5.0p25
AgentOS: linux
Hostname: sarpedon
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
OnlyFrom: 

Found process list through CheckMk:
(root,189460,12824,00:00:45/15-13:30:07,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29
(root,0,0,00:00:00/15-13:30:07,2) [kthreadd]
(root,0,0,00:00:00/15-13:30:07,3) [rcu_gp]
(root,0,0,00:00:00/15-13:30:07,4) [rcu_par_gp]
(root,0,0,00:00:00/15-13:30:07,5) [slub_flushwq]
(root,0,0,00:00:00/15-13:30:07,7) [kworker/0:0H-events_highpri]
(root,0,0,00:00:00/15-13:30:07,9) [mm_percpu_wq]
(root,0,0,00:00:00/15-13:30:07,10) [rcu_tasks_kthre]
(root,0,0,00:00:00/15-13:30:07,11) [rcu_tasks_rude_]
(root,0,0,00:00:00/15-13:30:07,12) [rcu_tasks_trace]
(root,0,0,00:00:29/15-13:30:07,13) [ksoftirqd/0]
(root,0,0,00:41:46/15-13:30:07,14) [rcu_preempt]
(root,0,0,00:00:05/15-13:30:07,15) [migration/0]
(root,0,0,00:00:00/15-13:30:07,16) [idle_inject/0]
(root,0,0,00:00:00/15-13:30:07,18) [cpuhp/0]
(root,0,0,00:00:00/15-13:30:07,19) [cpuhp/1]
(root,0,0,00:00:00/15-13:30:07,20) [idle_inject/1]
(root,0,0,00:00:06/15-13:30:07,21) [migration/1]
(root,0,0,00:00:25/15-13:30:07,22) [ksoftirqd/1]
(root,0,0,00:00:00/15-13:30:07,24) [kworker/1:0H-events_highpri]
(root,0,0,00:00:00/15-13:30:07,25) [cpuhp/2]
(root,0,0,00:00:00/15-13:30:07,26) [idle_inject/2]
(root,0,0,00:00:05/15-13:30:07,27) [migration/2]
(root,0,0,00:32:18/15-13:30:07,28) [ksoftirqd/2]
(root,0,0,00:00:00/15-13:30:07,30) [kworker/2:0H-events_highpri]
(root,0,0,00:00:00/15-13:30:07,31) [cpuhp/3]
(root,0,0,00:00:00/15-13:30:07,32) [idle_inject/3]
(root,0,0,00:00:05/15-13:30:07,33) [migration/3]
(root,0,0,00:01:29/15-13:30:07,34) [ksoftirqd/3]
(root,0,0,00:00:00/15-13:30:07,36) [kworker/3:0H-events_highpri]
(root,0,0,00:00:00/15-13:30:07,39) [kdevtmpfs]
(root,0,0,00:00:00/15-13:30:07,40) [netns]
(root,0,0,00:00:00/15-13:30:07,41) [inet_frag_wq]
(root,0,0,00:00:04/15-13:30:07,42) [kauditd]
(root,0,0,00:00:00/15-13:30:07,43) [khungtaskd]
(root,0,0,00:00:00/15-13:30:07,44) [oom_reaper]
(root,0,0,00:00:00/15-13:30:07,45) [writeback]
(root,0,0,00:00:46/15-13:30:07,46) [kcompactd0]
(root,0,0,00:00:00/15-13:30:07,47) [ksmd]
(root,0,0,00:00:46/15-13:30:07,48) [khugepaged]
(root,0,0,00:00:00/15-13:30:07,74) [kintegrityd]
(root,0,0,00:00:00/15-13:30:07,75) [kblockd]
(root,0,0,00:00:00/15-13:30:07,76) [blkcg_punt_bio]
(root,0,0,00:00:00/15-13:30:07,78) [tpm_dev_wq]
(root,0,0,00:00:00/15-13:30:07,79) [edac-poller]
(root,0,0,00:00:00/15-13:30:07,80) [devfreq_wq]
(root,0,0,00:00:00/15-13:30:07,110) [watchdogd]
(root,0,0,00:00:03/15-13:30:07,111) [kworker/2:1H-kblockd]
(root,0,0,00:00:01/15-13:30:07,112) [kswapd0]
(root,0,0,00:00:00/15-13:30:06,114) [kthrotld]
(root,0,0,00:00:00/15-13:30:06,115) [mld]
(root,0,0,00:00:00/15-13:30:06,116) [ipv6_addrconf]
(root,0,0,00:00:06/15-13:30:06,117) [kworker/1:1H-kblockd]
(root,0,0,00:00:00/15-13:30:06,122) [kstrp]
(root,0,0,00:00:00/15-13:30:06,123) [zswap-shrink]
(root,0,0,00:00:00/15-13:30:06,124) [kworker/u9:0]
(root,0,0,00:00:00/15-13:30:06,129) [charger_manager]
(root,0,0,00:00:03/15-13:30:05,172) [kworker/3:1H-kblockd]
(root,0,0,00:00:03/15-13:30:05,175) [kworker/0:1H-kblockd]
(root,0,0,00:00:00/15-13:30:05,205) [kaluad]
(root,0,0,00:00:00/15-13:30:05,250) [kmpath_rdacd]
(root,0,0,00:00:00/15-13:30:05,293) [kmpathd]
(root,0,0,00:00:00/15-13:30:05,294) [kmpath_handlerd]
(root,0,0,00:00:00/15-13:30:05,342) [ata_sff]
(root,0,0,00:00:00/15-13:30:04,343) [scsi_eh_0]
(root,0,0,00:00:00/15-13:30:04,344) [scsi_tmf_0]
(root,0,0,00:00:00/15-13:30:04,345) [scsi_eh_1]
(root,0,0,00:00:00/15-13:30:04,346) [scsi_tmf_1]
(root,0,0,00:00:23/15-13:30:02,366) [jbd2/vda1-8]
(root,0,0,00:00:00/15-13:30:02,367) [ext4-rsv-conver]
(root,38604,7876,00:00:24/15-13:29:50,440) /usr/lib/systemd/systemd-journald
(root,53164,9648,00:00:01/15-13:29:49,456) /usr/lib/systemd/systemd-udevd
(root,8624,6760,00:00:23/15-13:29:47,491) /usr/sbin/haveged -w 1024 -v 0 -F
(root,13476,1628,00:00:09/15-13:29:13,512) /sbin/auditd
(messagebus,22936,5672,00:00:49/15-13:29:13,518) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
(root,38748,8540,00:00:28/15-13:29:13,531) /usr/lib/systemd/systemd-logind
(root,0,0,00:00:00/33:44,539) [kworker/0:2]
(root,20556,5140,00:00:00/15-13:29:13,541) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground
(root,31876,16220,00:00:03/15-13:29:12,626) /usr/sbin/wickedd --systemd --foreground
(root,31896,16976,00:00:00/15-13:29:12,627) /usr/sbin/wickedd-nanny --systemd --foreground
(root,547848,27976,00:00:17/15-13:28:58,1172) python3 /services/inst/nemo-exportd/bin/nemo-exportd
(root,37016,26512,00:00:00/15-13:28:58,1185) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion
(root,21172,4572,00:01:24/15-13:28:57,1194) /usr/sbin/xinetd -stayalive -dontfork
(root,2984,1744,00:00:00/15-13:28:57,1197) /sbin/agetty -o -p -- \u --noclear tty1 linux
(syslogtunnel,40568,10564,00:00:00/15-13:28:57,1199) /usr/lib/systemd/systemd --user
(cm-ssh,40568,10520,00:00:00/15-13:28:57,1200) /usr/lib/systemd/systemd --user
(checkmk,40560,10484,00:00:00/15-13:28:57,1201) /usr/lib/systemd/systemd --user
(root,448968,8584,00:00:24/15-13:28:57,1202) /usr/sbin/rsyslogd -n -iNONE
(ntp,20660,6112,00:02:06/15-13:28:57,1204) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf
(root,2516,672,00:00:00/15-13:28:57,1206) bpfilter_umh
(root,26204,8300,00:00:07/15-13:28:57,1214) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups
(ntp,22048,4236,00:00:00/15-13:28:57,1215) ntpd: asynchronous dns resolver
(spot,285076,171288,20:55:49/15-13:28:57,1221) /usr/bin/python3.11 /usr/bin/spot
(cm-ssh,48532,3192,00:00:00/15-13:28:56,1228) (sd-pam)
(checkmk,48532,3192,00:00:00/15-13:28:56,1229) (sd-pam)
(syslogtunnel,48532,3192,00:00:00/15-13:28:56,1245) (sd-pam)
(root,24216,5348,00:00:05/15-13:28:55,1325) /usr/lib/postfix/bin//master -w
(postfix,24292,8260,00:00:01/15-13:28:55,1327) qmgr -l -t fifo -u
(root,8964,2668,00:00:02/15-13:28:54,1354) /usr/sbin/cron -n
(root,691980,74872,00:20:09/15-13:28:48,1375) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion
(spot,213440,49184,00:05:10/15-13:28:34,1380) /usr/bin/python3.11 /usr/bin/spot
(root,0,0,00:00:00/05:42,3353) [kworker/1:0-ata_sff]
(postfix,24244,8220,00:00:00/01:37:20,7356) pickup -l -t fifo -u
(root,35308,10012,00:00:00/8-05:25:01,8747) sshd: syslogtunnel [priv]
(syslogtunnel,35308,5532,00:00:29/8-05:25:01,8749) sshd: syslogtunnel
(root,0,0,00:00:00/22:25,10498) [kworker/3:0-events]
(root,0,0,00:00:00/45:03,10640) [kworker/2:2-events]
(root,0,0,00:00:00/16:48,12886) [kworker/2:0]
(root,35308,10012,00:00:00/9-11:19:50,15389) sshd: cm-ssh [priv]
(cm-ssh,35308,5508,00:00:31/9-11:19:49,15391) sshd: cm-ssh
(root,0,0,00:00:00/21:18,16028) [kworker/1:1-events]
(root,0,0,00:00:00/00:32,23211) [kworker/1:2-ata_sff]
(root,6656,3488,00:00:00/00:00,25158) /bin/bash /usr/bin/check_mk_agent
(root,13744,3416,00:00:00/00:00,25176) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000
(root,11644,960,00:00:00/00:00,25177) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) /
(root,0,0,00:00:00/26:47,26061) [kworker/u8:1-flush-253:0]
(root,0,0,00:00:00/56:13,26890) [kworker/0:1-events]
(postfix,44628,9416,00:00:00/9-18:05:35,30472) tlsmgr -l -t unix -u
(root,0,0,00:00:00/51:24,30764) [kworker/u8:2-ext4-rsv-conversion]
(root,0,0,00:00:01/05:19:25,31041) [kworker/3:2-events]

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff
    altname enp0s18
    altname ens18
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff
    altname enp0s19
    altname ens19
[end_iplink]
      Found on 2024-11-27 23:52

    • Severity: high
      Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363e9f0b1fe

      Found public CheckMk agent:
Version: 1.5.0p25
AgentOS: linux
Hostname: sarpedon
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
OnlyFrom: 

Found process list through CheckMk:
(root,189460,12812,00:00:40/13-13:52:46,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29
(root,0,0,00:00:00/13-13:52:46,2) [kthreadd]
(root,0,0,00:00:00/13-13:52:46,3) [rcu_gp]
(root,0,0,00:00:00/13-13:52:46,4) [rcu_par_gp]
(root,0,0,00:00:00/13-13:52:46,5) [slub_flushwq]
(root,0,0,00:00:00/13-13:52:46,7) [kworker/0:0H-events_highpri]
(root,0,0,00:00:00/13-13:52:46,9) [mm_percpu_wq]
(root,0,0,00:00:00/13-13:52:46,10) [rcu_tasks_kthre]
(root,0,0,00:00:00/13-13:52:46,11) [rcu_tasks_rude_]
(root,0,0,00:00:00/13-13:52:46,12) [rcu_tasks_trace]
(root,0,0,00:00:25/13-13:52:46,13) [ksoftirqd/0]
(root,0,0,00:36:35/13-13:52:46,14) [rcu_preempt]
(root,0,0,00:00:05/13-13:52:46,15) [migration/0]
(root,0,0,00:00:00/13-13:52:46,16) [idle_inject/0]
(root,0,0,00:00:00/13-13:52:46,18) [cpuhp/0]
(root,0,0,00:00:00/13-13:52:46,19) [cpuhp/1]
(root,0,0,00:00:00/13-13:52:46,20) [idle_inject/1]
(root,0,0,00:00:05/13-13:52:46,21) [migration/1]
(root,0,0,00:00:22/13-13:52:46,22) [ksoftirqd/1]
(root,0,0,00:00:00/13-13:52:46,24) [kworker/1:0H-events_highpri]
(root,0,0,00:00:00/13-13:52:46,25) [cpuhp/2]
(root,0,0,00:00:00/13-13:52:46,26) [idle_inject/2]
(root,0,0,00:00:04/13-13:52:46,27) [migration/2]
(root,0,0,00:28:51/13-13:52:46,28) [ksoftirqd/2]
(root,0,0,00:00:00/13-13:52:46,30) [kworker/2:0H-events_highpri]
(root,0,0,00:00:00/13-13:52:46,31) [cpuhp/3]
(root,0,0,00:00:00/13-13:52:46,32) [idle_inject/3]
(root,0,0,00:00:05/13-13:52:46,33) [migration/3]
(root,0,0,00:01:19/13-13:52:46,34) [ksoftirqd/3]
(root,0,0,00:00:00/13-13:52:46,36) [kworker/3:0H-events_highpri]
(root,0,0,00:00:00/13-13:52:46,39) [kdevtmpfs]
(root,0,0,00:00:00/13-13:52:46,40) [netns]
(root,0,0,00:00:00/13-13:52:46,41) [inet_frag_wq]
(root,0,0,00:00:04/13-13:52:46,42) [kauditd]
(root,0,0,00:00:00/13-13:52:46,43) [khungtaskd]
(root,0,0,00:00:00/13-13:52:46,44) [oom_reaper]
(root,0,0,00:00:00/13-13:52:46,45) [writeback]
(root,0,0,00:00:40/13-13:52:46,46) [kcompactd0]
(root,0,0,00:00:00/13-13:52:46,47) [ksmd]
(root,0,0,00:00:40/13-13:52:46,48) [khugepaged]
(root,0,0,00:00:00/13-13:52:46,74) [kintegrityd]
(root,0,0,00:00:00/13-13:52:46,75) [kblockd]
(root,0,0,00:00:00/13-13:52:46,76) [blkcg_punt_bio]
(root,0,0,00:00:00/13-13:52:46,78) [tpm_dev_wq]
(root,0,0,00:00:00/13-13:52:46,79) [edac-poller]
(root,0,0,00:00:00/13-13:52:46,80) [devfreq_wq]
(root,0,0,00:00:00/13-13:52:46,110) [watchdogd]
(root,0,0,00:00:02/13-13:52:46,111) [kworker/2:1H-kblockd]
(root,0,0,00:00:01/13-13:52:46,112) [kswapd0]
(root,0,0,00:00:00/13-13:52:45,114) [kthrotld]
(root,0,0,00:00:00/13-13:52:45,115) [mld]
(root,0,0,00:00:00/13-13:52:45,116) [ipv6_addrconf]
(root,0,0,00:00:05/13-13:52:45,117) [kworker/1:1H-kblockd]
(root,0,0,00:00:00/13-13:52:45,122) [kstrp]
(root,0,0,00:00:00/13-13:52:45,123) [zswap-shrink]
(root,0,0,00:00:00/13-13:52:45,124) [kworker/u9:0]
(root,0,0,00:00:00/13-13:52:45,129) [charger_manager]
(root,0,0,00:00:02/13-13:52:44,172) [kworker/3:1H-kblockd]
(root,0,0,00:00:03/13-13:52:44,175) [kworker/0:1H-kblockd]
(root,0,0,00:00:00/13-13:52:44,205) [kaluad]
(root,0,0,00:00:00/13-13:52:44,250) [kmpath_rdacd]
(root,0,0,00:00:00/13-13:52:44,293) [kmpathd]
(root,0,0,00:00:00/13-13:52:44,294) [kmpath_handlerd]
(root,0,0,00:00:00/13-13:52:44,342) [ata_sff]
(root,0,0,00:00:00/13-13:52:43,343) [scsi_eh_0]
(root,0,0,00:00:00/13-13:52:43,344) [scsi_tmf_0]
(root,0,0,00:00:00/13-13:52:43,345) [scsi_eh_1]
(root,0,0,00:00:00/13-13:52:43,346) [scsi_tmf_1]
(root,0,0,00:00:20/13-13:52:41,366) [jbd2/vda1-8]
(root,0,0,00:00:00/13-13:52:41,367) [ext4-rsv-conver]
(root,38604,7876,00:00:22/13-13:52:29,440) /usr/lib/systemd/systemd-journald
(root,53164,9648,00:00:01/13-13:52:28,456) /usr/lib/systemd/systemd-udevd
(root,8624,6760,00:00:20/13-13:52:26,491) /usr/sbin/haveged -w 1024 -v 0 -F
(root,13476,1628,00:00:08/13-13:51:52,512) /sbin/auditd
(messagebus,22936,5672,00:00:45/13-13:51:52,518) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
(root,38748,8536,00:00:25/13-13:51:52,531) /usr/lib/systemd/systemd-logind
(root,20556,5140,00:00:00/13-13:51:52,541) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground
(root,31876,16220,00:00:03/13-13:51:51,626) /usr/sbin/wickedd --systemd --foreground
(root,31896,16976,00:00:00/13-13:51:51,627) /usr/sbin/wickedd-nanny --systemd --foreground
(root,547848,27716,00:00:15/13-13:51:37,1172) python3 /services/inst/nemo-exportd/bin/nemo-exportd
(root,37016,26512,00:00:00/13-13:51:37,1185) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion
(root,21172,4572,00:01:12/13-13:51:36,1194) /usr/sbin/xinetd -stayalive -dontfork
(root,2984,1744,00:00:00/13-13:51:36,1197) /sbin/agetty -o -p -- \u --noclear tty1 linux
(syslogtunnel,40568,10564,00:00:00/13-13:51:36,1199) /usr/lib/systemd/systemd --user
(cm-ssh,40568,10520,00:00:00/13-13:51:36,1200) /usr/lib/systemd/systemd --user
(checkmk,40560,10484,00:00:00/13-13:51:36,1201) /usr/lib/systemd/systemd --user
(root,448968,8584,00:00:21/13-13:51:36,1202) /usr/sbin/rsyslogd -n -iNONE
(ntp,20660,6112,00:01:50/13-13:51:36,1204) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf
(root,2516,672,00:00:00/13-13:51:36,1206) bpfilter_umh
(root,26204,8300,00:00:07/13-13:51:36,1214) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups
(ntp,22048,4236,00:00:00/13-13:51:36,1215) ntpd: asynchronous dns resolver
(spot,286676,171616,18:13:51/13-13:51:36,1221) /usr/bin/python3.11 /usr/bin/spot
(cm-ssh,48532,3192,00:00:00/13-13:51:35,1228) (sd-pam)
(checkmk,48532,3192,00:00:00/13-13:51:35,1229) (sd-pam)
(syslogtunnel,48532,3192,00:00:00/13-13:51:35,1245) (sd-pam)
(root,24216,5348,00:00:04/13-13:51:34,1325) /usr/lib/postfix/bin//master -w
(postfix,24292,8260,00:00:00/13-13:51:34,1327) qmgr -l -t fifo -u
(root,8964,2668,00:00:01/13-13:51:33,1354) /usr/sbin/cron -n
(root,691980,74552,00:17:33/13-13:51:27,1375) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion
(spot,212416,47904,00:04:29/13-13:51:13,1380) /usr/bin/python3.11 /usr/bin/spot
(root,0,0,00:00:00/30:47,2659) [kworker/2:0-events]
(root,0,0,00:00:00/12:01,3454) [kworker/1:1-events]
(root,0,0,00:00:04/03:49:24,4939) [kworker/2:2-events]
(root,35308,10012,00:00:00/6-05:47:40,8747) sshd: syslogtunnel [priv]
(syslogtunnel,35308,5532,00:00:22/6-05:47:40,8749) sshd: syslogtunnel
(root,0,0,00:00:00/01:38,10657) [kworker/1:0-ata_sff]
(root,0,0,00:00:00/35:47,13988) [kworker/0:0-events]
(root,35308,10012,00:00:00/7-11:42:29,15389) sshd: cm-ssh [priv]
(cm-ssh,35308,5508,00:00:25/7-11:42:28,15391) sshd: cm-ssh
(root,6656,3488,00:00:00/00:00,16113) /bin/bash /usr/bin/check_mk_agent
(root,6656,3484,00:00:00/00:00,16114) /bin/bash /usr/bin/check_mk_agent
(root,13744,3364,00:00:00/00:00,16145) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000
(root,11644,964,00:00:00/00:00,16146) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) /
(postfix,24244,8212,00:00:00/41:48,19097) pickup -l -t fifo -u
(root,0,0,00:00:00/56:14,23451) [kworker/3:1-events]
(root,0,0,00:00:00/06:51,24026) [kworker/1:2-ata_sff]
(root,0,0,00:00:00/01:26:34,24348) [kworker/u8:1-ext4-rsv-conversion]
(postfix,44628,9416,00:00:00/7-18:28:14,30472) tlsmgr -l -t unix -u
(root,0,0,00:00:00/46:01,31001) [kworker/0:2-events]
(root,0,0,00:00:00/14:24,31497) [kworker/u8:2-flush-253:0]
(root,0,0,00:00:01/04:20:04,31777) [kworker/3:0-events]

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff
    altname enp0s18
    altname ens18
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff
    altname enp0s19
    altname ens19
[end_iplink]
      Found on 2024-11-26 00:14

    • Severity: high
      Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe56836326f8e2a9

      Found public CheckMk agent:
Version: 1.5.0p25
AgentOS: linux
Hostname: sarpedon
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
OnlyFrom: 

Found process list through CheckMk:
(root,189460,12812,00:00:35/11-12:57:55,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29
(root,0,0,00:00:00/11-12:57:55,2) [kthreadd]
(root,0,0,00:00:00/11-12:57:55,3) [rcu_gp]
(root,0,0,00:00:00/11-12:57:55,4) [rcu_par_gp]
(root,0,0,00:00:00/11-12:57:55,5) [slub_flushwq]
(root,0,0,00:00:00/11-12:57:55,7) [kworker/0:0H-events_highpri]
(root,0,0,00:00:00/11-12:57:55,9) [mm_percpu_wq]
(root,0,0,00:00:00/11-12:57:55,10) [rcu_tasks_kthre]
(root,0,0,00:00:00/11-12:57:55,11) [rcu_tasks_rude_]
(root,0,0,00:00:00/11-12:57:55,12) [rcu_tasks_trace]
(root,0,0,00:00:20/11-12:57:55,13) [ksoftirqd/0]
(root,0,0,00:30:43/11-12:57:55,14) [rcu_preempt]
(root,0,0,00:00:04/11-12:57:55,15) [migration/0]
(root,0,0,00:00:00/11-12:57:55,16) [idle_inject/0]
(root,0,0,00:00:00/11-12:57:55,18) [cpuhp/0]
(root,0,0,00:00:00/11-12:57:55,19) [cpuhp/1]
(root,0,0,00:00:00/11-12:57:55,20) [idle_inject/1]
(root,0,0,00:00:04/11-12:57:55,21) [migration/1]
(root,0,0,00:00:17/11-12:57:55,22) [ksoftirqd/1]
(root,0,0,00:00:00/11-12:57:55,24) [kworker/1:0H-events_highpri]
(root,0,0,00:00:00/11-12:57:55,25) [cpuhp/2]
(root,0,0,00:00:00/11-12:57:55,26) [idle_inject/2]
(root,0,0,00:00:03/11-12:57:55,27) [migration/2]
(root,0,0,00:24:11/11-12:57:55,28) [ksoftirqd/2]
(root,0,0,00:00:00/11-12:57:55,30) [kworker/2:0H-events_highpri]
(root,0,0,00:00:00/11-12:57:55,31) [cpuhp/3]
(root,0,0,00:00:00/11-12:57:55,32) [idle_inject/3]
(root,0,0,00:00:04/11-12:57:55,33) [migration/3]
(root,0,0,00:01:05/11-12:57:55,34) [ksoftirqd/3]
(root,0,0,00:00:00/11-12:57:55,36) [kworker/3:0H-events_highpri]
(root,0,0,00:00:00/11-12:57:55,39) [kdevtmpfs]
(root,0,0,00:00:00/11-12:57:55,40) [netns]
(root,0,0,00:00:00/11-12:57:55,41) [inet_frag_wq]
(root,0,0,00:00:03/11-12:57:55,42) [kauditd]
(root,0,0,00:00:00/11-12:57:55,43) [khungtaskd]
(root,0,0,00:00:00/11-12:57:55,44) [oom_reaper]
(root,0,0,00:00:00/11-12:57:55,45) [writeback]
(root,0,0,00:00:33/11-12:57:55,46) [kcompactd0]
(root,0,0,00:00:00/11-12:57:55,47) [ksmd]
(root,0,0,00:00:34/11-12:57:55,48) [khugepaged]
(root,0,0,00:00:00/11-12:57:55,74) [kintegrityd]
(root,0,0,00:00:00/11-12:57:55,75) [kblockd]
(root,0,0,00:00:00/11-12:57:55,76) [blkcg_punt_bio]
(root,0,0,00:00:00/11-12:57:55,78) [tpm_dev_wq]
(root,0,0,00:00:00/11-12:57:55,79) [edac-poller]
(root,0,0,00:00:00/11-12:57:55,80) [devfreq_wq]
(root,0,0,00:00:00/11-12:57:55,110) [watchdogd]
(root,0,0,00:00:02/11-12:57:55,111) [kworker/2:1H-kblockd]
(root,0,0,00:00:00/11-12:57:55,112) [kswapd0]
(root,0,0,00:00:00/11-12:57:54,114) [kthrotld]
(root,0,0,00:00:00/11-12:57:54,115) [mld]
(root,0,0,00:00:00/11-12:57:54,116) [ipv6_addrconf]
(root,0,0,00:00:04/11-12:57:54,117) [kworker/1:1H-kblockd]
(root,0,0,00:00:00/11-12:57:54,122) [kstrp]
(root,0,0,00:00:00/11-12:57:54,123) [zswap-shrink]
(root,0,0,00:00:00/11-12:57:54,124) [kworker/u9:0]
(root,0,0,00:00:00/11-12:57:54,129) [charger_manager]
(root,0,0,00:00:02/11-12:57:53,172) [kworker/3:1H-kblockd]
(root,0,0,00:00:02/11-12:57:53,175) [kworker/0:1H-kblockd]
(root,0,0,00:00:00/11-12:57:53,205) [kaluad]
(root,0,0,00:00:00/11-12:57:53,250) [kmpath_rdacd]
(root,0,0,00:00:00/11-12:57:53,293) [kmpathd]
(root,0,0,00:00:00/11-12:57:53,294) [kmpath_handlerd]
(root,0,0,00:00:00/11-12:57:53,342) [ata_sff]
(root,0,0,00:00:00/11-12:57:52,343) [scsi_eh_0]
(root,0,0,00:00:00/11-12:57:52,344) [scsi_tmf_0]
(root,0,0,00:00:00/11-12:57:52,345) [scsi_eh_1]
(root,0,0,00:00:00/11-12:57:52,346) [scsi_tmf_1]
(root,0,0,00:00:17/11-12:57:50,366) [jbd2/vda1-8]
(root,0,0,00:00:00/11-12:57:50,367) [ext4-rsv-conver]
(root,38604,7900,00:00:19/11-12:57:38,440) /usr/lib/systemd/systemd-journald
(root,53164,9680,00:00:01/11-12:57:37,456) /usr/lib/systemd/systemd-udevd
(root,8624,6760,00:00:17/11-12:57:35,491) /usr/sbin/haveged -w 1024 -v 0 -F
(root,13476,1636,00:00:07/11-12:57:01,512) /sbin/auditd
(messagebus,22936,5672,00:00:39/11-12:57:01,518) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
(root,38748,8548,00:00:22/11-12:57:01,531) /usr/lib/systemd/systemd-logind
(root,20556,5140,00:00:00/11-12:57:01,541) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground
(root,31876,16220,00:00:03/11-12:57:00,626) /usr/sbin/wickedd --systemd --foreground
(root,31896,16976,00:00:00/11-12:57:00,627) /usr/sbin/wickedd-nanny --systemd --foreground
(root,547848,27724,00:00:13/11-12:56:46,1172) python3 /services/inst/nemo-exportd/bin/nemo-exportd
(root,37016,26512,00:00:00/11-12:56:46,1185) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion
(root,21172,4572,00:01:00/11-12:56:45,1194) /usr/sbin/xinetd -stayalive -dontfork
(root,2984,1744,00:00:00/11-12:56:45,1197) /sbin/agetty -o -p -- \u --noclear tty1 linux
(syslogtunnel,40568,10564,00:00:00/11-12:56:45,1199) /usr/lib/systemd/systemd --user
(cm-ssh,40568,10520,00:00:00/11-12:56:45,1200) /usr/lib/systemd/systemd --user
(checkmk,40560,10484,00:00:00/11-12:56:45,1201) /usr/lib/systemd/systemd --user
(root,448968,9084,00:00:18/11-12:56:45,1202) /usr/sbin/rsyslogd -n -iNONE
(ntp,20660,6224,00:01:32/11-12:56:45,1204) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf
(root,2516,672,00:00:00/11-12:56:45,1206) bpfilter_umh
(root,26204,8300,00:00:06/11-12:56:45,1214) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups
(ntp,22048,4236,00:00:00/11-12:56:45,1215) ntpd: asynchronous dns resolver
(spot,285332,171276,14:18:37/11-12:56:45,1221) /usr/bin/python3.11 /usr/bin/spot
(cm-ssh,48532,3192,00:00:00/11-12:56:44,1228) (sd-pam)
(checkmk,48532,3192,00:00:00/11-12:56:44,1229) (sd-pam)
(syslogtunnel,48532,3192,00:00:00/11-12:56:44,1245) (sd-pam)
(root,24216,5348,00:00:03/11-12:56:43,1325) /usr/lib/postfix/bin//master -w
(postfix,24292,8260,00:00:00/11-12:56:43,1327) qmgr -l -t fifo -u
(root,8964,2668,00:00:01/11-12:56:42,1354) /usr/sbin/cron -n
(root,691724,74148,00:14:51/11-12:56:36,1375) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion
(spot,211392,46608,00:03:46/11-12:56:22,1380) /usr/bin/python3.11 /usr/bin/spot
(root,6656,3488,00:00:00/00:00,3267) /bin/bash /usr/bin/check_mk_agent
(root,6656,3480,00:00:00/00:00,3292) /bin/bash /usr/bin/check_mk_agent
(root,6656,3488,00:00:00/00:00,3302) /bin/bash /usr/bin/check_mk_agent
(root,13744,3500,00:00:00/00:00,3317) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000
(root,11644,952,00:00:00/00:00,3318) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) /
(root,0,0,00:00:00/09:21,3737) [kworker/1:2-ata_sff]
(root,0,0,00:00:00/10:20:04,4619) [kworker/u8:0-ext4-rsv-conversion]
(root,0,0,00:00:00/01:01:11,6242) [kworker/3:1]
(postfix,24244,8200,00:00:00/07:37,7853) pickup -l -t fifo -u
(root,35308,10012,00:00:00/4-04:52:49,8747) sshd: syslogtunnel [priv]
(syslogtunnel,35308,5532,00:00:15/4-04:52:49,8749) sshd: syslogtunnel
(root,0,0,00:00:00/01:29:50,9247) [kworker/0:1-events]
(root,0,0,00:00:00/28:24,11036) [kworker/2:1-events]
(root,35308,10012,00:00:00/5-10:47:38,15389) sshd: cm-ssh [priv]
(cm-ssh,35308,5508,00:00:18/5-10:47:37,15391) sshd: cm-ssh
(root,0,0,00:00:00/02:23:08,16718) [kworker/2:2-events]
(root,0,0,00:00:00/04:11,18508) [kworker/1:0-ata_sff]
(root,0,0,00:00:00/02:02:14,18633) [kworker/3:2-events]
(root,0,0,00:00:02/03:05:45,21671) [kworker/1:1-events]
(root,0,0,00:00:00/01:31,27030) [kworker/2:0-events]
(root,0,0,00:00:00/32:32,30297) [kworker/0:2-events]
(postfix,44628,9464,00:00:00/5-17:33:23,30472) tlsmgr -l -t unix -u
(root,0,0,00:00:00/02:39:01,31970) [kworker/u8:2-writeback]

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff
    altname enp0s18
    altname ens18
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff
    altname enp0s19
    altname ens19
[end_iplink]
      Found on 2024-11-23 23:20

    • Severity: high
      Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363d143738b

      Found public CheckMk agent:
Version: 1.5.0p25
AgentOS: linux
Hostname: sarpedon
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
OnlyFrom: 

Found process list through CheckMk:
(root,189460,12812,00:00:30/9-13:30:27,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29
(root,0,0,00:00:00/9-13:30:27,2) [kthreadd]
(root,0,0,00:00:00/9-13:30:27,3) [rcu_gp]
(root,0,0,00:00:00/9-13:30:27,4) [rcu_par_gp]
(root,0,0,00:00:00/9-13:30:27,5) [slub_flushwq]
(root,0,0,00:00:00/9-13:30:27,7) [kworker/0:0H-events_highpri]
(root,0,0,00:00:00/9-13:30:27,9) [mm_percpu_wq]
(root,0,0,00:00:00/9-13:30:27,10) [rcu_tasks_kthre]
(root,0,0,00:00:00/9-13:30:27,11) [rcu_tasks_rude_]
(root,0,0,00:00:00/9-13:30:27,12) [rcu_tasks_trace]
(root,0,0,00:00:16/9-13:30:27,13) [ksoftirqd/0]
(root,0,0,00:25:19/9-13:30:27,14) [rcu_preempt]
(root,0,0,00:00:03/9-13:30:27,15) [migration/0]
(root,0,0,00:00:00/9-13:30:27,16) [idle_inject/0]
(root,0,0,00:00:00/9-13:30:27,18) [cpuhp/0]
(root,0,0,00:00:00/9-13:30:27,19) [cpuhp/1]
(root,0,0,00:00:00/9-13:30:27,20) [idle_inject/1]
(root,0,0,00:00:03/9-13:30:27,21) [migration/1]
(root,0,0,00:00:14/9-13:30:27,22) [ksoftirqd/1]
(root,0,0,00:00:00/9-13:30:27,24) [kworker/1:0H-events_highpri]
(root,0,0,00:00:00/9-13:30:27,25) [cpuhp/2]
(root,0,0,00:00:00/9-13:30:27,26) [idle_inject/2]
(root,0,0,00:00:03/9-13:30:27,27) [migration/2]
(root,0,0,00:20:19/9-13:30:27,28) [ksoftirqd/2]
(root,0,0,00:00:00/9-13:30:27,30) [kworker/2:0H-events_highpri]
(root,0,0,00:00:00/9-13:30:27,31) [cpuhp/3]
(root,0,0,00:00:00/9-13:30:27,32) [idle_inject/3]
(root,0,0,00:00:03/9-13:30:27,33) [migration/3]
(root,0,0,00:00:54/9-13:30:27,34) [ksoftirqd/3]
(root,0,0,00:00:00/9-13:30:27,36) [kworker/3:0H-events_highpri]
(root,0,0,00:00:00/9-13:30:27,39) [kdevtmpfs]
(root,0,0,00:00:00/9-13:30:27,40) [netns]
(root,0,0,00:00:00/9-13:30:27,41) [inet_frag_wq]
(root,0,0,00:00:03/9-13:30:27,42) [kauditd]
(root,0,0,00:00:00/9-13:30:27,43) [khungtaskd]
(root,0,0,00:00:00/9-13:30:27,44) [oom_reaper]
(root,0,0,00:00:00/9-13:30:27,45) [writeback]
(root,0,0,00:00:27/9-13:30:27,46) [kcompactd0]
(root,0,0,00:00:00/9-13:30:27,47) [ksmd]
(root,0,0,00:00:29/9-13:30:27,48) [khugepaged]
(root,0,0,00:00:00/9-13:30:27,74) [kintegrityd]
(root,0,0,00:00:00/9-13:30:27,75) [kblockd]
(root,0,0,00:00:00/9-13:30:27,76) [blkcg_punt_bio]
(root,0,0,00:00:00/9-13:30:27,78) [tpm_dev_wq]
(root,0,0,00:00:00/9-13:30:27,79) [edac-poller]
(root,0,0,00:00:00/9-13:30:27,80) [devfreq_wq]
(root,0,0,00:00:00/9-13:30:27,110) [watchdogd]
(root,0,0,00:00:01/9-13:30:27,111) [kworker/2:1H-kblockd]
(root,0,0,00:00:00/9-13:30:27,112) [kswapd0]
(root,0,0,00:00:00/9-13:30:26,114) [kthrotld]
(root,0,0,00:00:00/9-13:30:26,115) [mld]
(root,0,0,00:00:00/9-13:30:26,116) [ipv6_addrconf]
(root,0,0,00:00:04/9-13:30:26,117) [kworker/1:1H-kblockd]
(root,0,0,00:00:00/9-13:30:26,122) [kstrp]
(root,0,0,00:00:00/9-13:30:26,123) [zswap-shrink]
(root,0,0,00:00:00/9-13:30:26,124) [kworker/u9:0]
(root,0,0,00:00:00/9-13:30:26,129) [charger_manager]
(root,0,0,00:00:02/9-13:30:25,172) [kworker/3:1H-kblockd]
(root,0,0,00:00:02/9-13:30:25,175) [kworker/0:1H-kblockd]
(root,0,0,00:00:00/9-13:30:25,205) [kaluad]
(root,0,0,00:00:00/9-13:30:25,250) [kmpath_rdacd]
(root,0,0,00:00:00/9-13:30:25,293) [kmpathd]
(root,0,0,00:00:00/9-13:30:25,294) [kmpath_handlerd]
(root,0,0,00:00:00/9-13:30:25,342) [ata_sff]
(root,0,0,00:00:00/9-13:30:24,343) [scsi_eh_0]
(root,0,0,00:00:00/9-13:30:24,344) [scsi_tmf_0]
(root,0,0,00:00:00/9-13:30:24,345) [scsi_eh_1]
(root,0,0,00:00:00/9-13:30:24,346) [scsi_tmf_1]
(root,0,0,00:00:14/9-13:30:22,366) [jbd2/vda1-8]
(root,0,0,00:00:00/9-13:30:22,367) [ext4-rsv-conver]
(root,38604,7900,00:00:16/9-13:30:10,440) /usr/lib/systemd/systemd-journald
(root,53164,9680,00:00:01/9-13:30:09,456) /usr/lib/systemd/systemd-udevd
(root,8624,6760,00:00:14/9-13:30:07,491) /usr/sbin/haveged -w 1024 -v 0 -F
(root,13476,1636,00:00:06/9-13:29:33,512) /sbin/auditd
(messagebus,22936,5672,00:00:33/9-13:29:33,518) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
(root,38748,8544,00:00:19/9-13:29:33,531) /usr/lib/systemd/systemd-logind
(root,20556,5140,00:00:00/9-13:29:33,541) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground
(root,31876,16220,00:00:03/9-13:29:32,626) /usr/sbin/wickedd --systemd --foreground
(root,31896,16976,00:00:00/9-13:29:32,627) /usr/sbin/wickedd-nanny --systemd --foreground
(root,547592,26656,00:00:11/9-13:29:18,1172) python3 /services/inst/nemo-exportd/bin/nemo-exportd
(root,37016,26512,00:00:00/9-13:29:18,1185) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion
(root,21172,4568,00:00:50/9-13:29:17,1194) /usr/sbin/xinetd -stayalive -dontfork
(root,2984,1744,00:00:00/9-13:29:17,1197) /sbin/agetty -o -p -- \u --noclear tty1 linux
(syslogtunnel,40568,10564,00:00:00/9-13:29:17,1199) /usr/lib/systemd/systemd --user
(cm-ssh,40568,10520,00:00:00/9-13:29:17,1200) /usr/lib/systemd/systemd --user
(checkmk,40560,10484,00:00:00/9-13:29:17,1201) /usr/lib/systemd/systemd --user
(root,448968,8820,00:00:16/9-13:29:17,1202) /usr/sbin/rsyslogd -n -iNONE
(ntp,20660,6224,00:01:16/9-13:29:17,1204) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf
(root,2516,672,00:00:00/9-13:29:17,1206) bpfilter_umh
(root,26204,8300,00:00:05/9-13:29:17,1214) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups
(ntp,22048,4236,00:00:00/9-13:29:17,1215) ntpd: asynchronous dns resolver
(spot,282756,169192,11:11:26/9-13:29:17,1221) /usr/bin/python3.11 /usr/bin/spot
(cm-ssh,48532,3192,00:00:00/9-13:29:16,1228) (sd-pam)
(checkmk,48532,3192,00:00:00/9-13:29:16,1229) (sd-pam)
(syslogtunnel,48532,3192,00:00:00/9-13:29:16,1245) (sd-pam)
(root,24216,5348,00:00:02/9-13:29:15,1325) /usr/lib/postfix/bin//master -w
(postfix,24292,8260,00:00:00/9-13:29:15,1327) qmgr -l -t fifo -u
(root,8964,2668,00:00:01/9-13:29:14,1354) /usr/sbin/cron -n
(root,691336,73820,00:12:18/9-13:29:08,1375) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion
(spot,210368,45328,00:03:06/9-13:28:54,1380) /usr/bin/python3.11 /usr/bin/spot
(root,0,0,00:00:04/04:57:34,2819) [kworker/2:2-events]
(root,0,0,00:00:00/58:52,6061) [kworker/1:0-events]
(root,0,0,00:00:00/02:40,8026) [kworker/2:0]
(root,35308,10012,00:00:00/2-05:25:21,8747) sshd: syslogtunnel [priv]
(syslogtunnel,35308,5532,00:00:08/2-05:25:21,8749) sshd: syslogtunnel
(root,0,0,00:00:00/01:47,11619) [kworker/1:1-ata_sff]
(root,0,0,00:00:00/31:54,12858) [kworker/3:2]
(root,35308,10012,00:00:00/3-11:20:10,15389) sshd: cm-ssh [priv]
(cm-ssh,35308,5508,00:00:11/3-11:20:09,15391) sshd: cm-ssh
(root,0,0,00:00:00/52:29,15939) [kworker/2:1-events]
(root,0,0,00:00:00/51:56,16117) [kworker/u8:0-flush-253:0]
(root,6656,3484,00:00:00/00:00,20010) /bin/bash /usr/bin/check_mk_agent
(root,13744,3512,00:00:00/00:00,20038) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000
(root,11644,964,00:00:00/00:00,20039) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) /
(root,0,0,00:00:00/02:45:32,22141) [kworker/3:0-events]
(root,0,0,00:00:00/40:25,22486) [kworker/u8:1]
(root,0,0,00:00:00/01:41:28,25498) [kworker/0:1-events]
(root,0,0,00:00:00/07:37,26656) [kworker/0:2-events]
(postfix,24244,8308,00:00:00/01:02:02,28263) pickup -l -t fifo -u
(root,0,0,00:00:00/06:59,28459) [kworker/1:2-ata_sff]
(postfix,44628,9464,00:00:00/3-18:05:55,30472) tlsmgr -l -t unix -u

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff
    altname enp0s18
    altname ens18
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff
    altname enp0s19
    altname ens19
[end_iplink]
      Found on 2024-11-21 23:52

    • Severity: high
      Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe5683635a9b83b8

      Found public CheckMk agent:
Version: 1.5.0p25
AgentOS: linux
Hostname: sarpedon
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
OnlyFrom: 

Found process list through CheckMk:
(root,189460,12768,00:00:24/7-12:29:49,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29
(root,0,0,00:00:00/7-12:29:49,2) [kthreadd]
(root,0,0,00:00:00/7-12:29:49,3) [rcu_gp]
(root,0,0,00:00:00/7-12:29:49,4) [rcu_par_gp]
(root,0,0,00:00:00/7-12:29:49,5) [slub_flushwq]
(root,0,0,00:00:00/7-12:29:49,7) [kworker/0:0H-events_highpri]
(root,0,0,00:00:00/7-12:29:49,9) [mm_percpu_wq]
(root,0,0,00:00:00/7-12:29:49,10) [rcu_tasks_kthre]
(root,0,0,00:00:00/7-12:29:49,11) [rcu_tasks_rude_]
(root,0,0,00:00:00/7-12:29:49,12) [rcu_tasks_trace]
(root,0,0,00:00:13/7-12:29:49,13) [ksoftirqd/0]
(root,0,0,00:19:46/7-12:29:49,14) [rcu_preempt]
(root,0,0,00:00:02/7-12:29:49,15) [migration/0]
(root,0,0,00:00:00/7-12:29:49,16) [idle_inject/0]
(root,0,0,00:00:00/7-12:29:49,18) [cpuhp/0]
(root,0,0,00:00:00/7-12:29:49,19) [cpuhp/1]
(root,0,0,00:00:00/7-12:29:49,20) [idle_inject/1]
(root,0,0,00:00:03/7-12:29:49,21) [migration/1]
(root,0,0,00:00:11/7-12:29:49,22) [ksoftirqd/1]
(root,0,0,00:00:00/7-12:29:49,24) [kworker/1:0H-events_highpri]
(root,0,0,00:00:00/7-12:29:49,25) [cpuhp/2]
(root,0,0,00:00:00/7-12:29:49,26) [idle_inject/2]
(root,0,0,00:00:02/7-12:29:49,27) [migration/2]
(root,0,0,00:15:53/7-12:29:49,28) [ksoftirqd/2]
(root,0,0,00:00:00/7-12:29:49,30) [kworker/2:0H-events_highpri]
(root,0,0,00:00:00/7-12:29:49,31) [cpuhp/3]
(root,0,0,00:00:00/7-12:29:49,32) [idle_inject/3]
(root,0,0,00:00:03/7-12:29:49,33) [migration/3]
(root,0,0,00:00:42/7-12:29:49,34) [ksoftirqd/3]
(root,0,0,00:00:00/7-12:29:49,36) [kworker/3:0H-events_highpri]
(root,0,0,00:00:00/7-12:29:49,39) [kdevtmpfs]
(root,0,0,00:00:00/7-12:29:49,40) [netns]
(root,0,0,00:00:00/7-12:29:49,41) [inet_frag_wq]
(root,0,0,00:00:02/7-12:29:49,42) [kauditd]
(root,0,0,00:00:00/7-12:29:49,43) [khungtaskd]
(root,0,0,00:00:00/7-12:29:49,44) [oom_reaper]
(root,0,0,00:00:00/7-12:29:49,45) [writeback]
(root,0,0,00:00:22/7-12:29:49,46) [kcompactd0]
(root,0,0,00:00:00/7-12:29:49,47) [ksmd]
(root,0,0,00:00:22/7-12:29:49,48) [khugepaged]
(root,0,0,00:00:00/7-12:29:49,74) [kintegrityd]
(root,0,0,00:00:00/7-12:29:49,75) [kblockd]
(root,0,0,00:00:00/7-12:29:49,76) [blkcg_punt_bio]
(root,0,0,00:00:00/7-12:29:49,78) [tpm_dev_wq]
(root,0,0,00:00:00/7-12:29:49,79) [edac-poller]
(root,0,0,00:00:00/7-12:29:49,80) [devfreq_wq]
(root,0,0,00:00:00/7-12:29:49,110) [watchdogd]
(root,0,0,00:00:01/7-12:29:49,111) [kworker/2:1H-kblockd]
(root,0,0,00:00:00/7-12:29:49,112) [kswapd0]
(root,0,0,00:00:00/7-12:29:48,114) [kthrotld]
(root,0,0,00:00:00/7-12:29:48,115) [mld]
(root,0,0,00:00:00/7-12:29:48,116) [ipv6_addrconf]
(root,0,0,00:00:03/7-12:29:48,117) [kworker/1:1H-kblockd]
(root,0,0,00:00:00/7-12:29:48,122) [kstrp]
(root,0,0,00:00:00/7-12:29:48,123) [zswap-shrink]
(root,0,0,00:00:00/7-12:29:48,124) [kworker/u9:0]
(root,0,0,00:00:00/7-12:29:48,129) [charger_manager]
(root,0,0,00:00:01/7-12:29:47,172) [kworker/3:1H-kblockd]
(root,0,0,00:00:01/7-12:29:47,175) [kworker/0:1H-kblockd]
(root,0,0,00:00:00/7-12:29:47,205) [kaluad]
(root,0,0,00:00:00/7-12:29:47,250) [kmpath_rdacd]
(root,0,0,00:00:00/7-12:29:47,293) [kmpathd]
(root,0,0,00:00:00/7-12:29:47,294) [kmpath_handlerd]
(root,0,0,00:00:00/7-12:29:47,342) [ata_sff]
(root,0,0,00:00:00/7-12:29:46,343) [scsi_eh_0]
(root,0,0,00:00:00/7-12:29:46,344) [scsi_tmf_0]
(root,0,0,00:00:00/7-12:29:46,345) [scsi_eh_1]
(root,0,0,00:00:00/7-12:29:46,346) [scsi_tmf_1]
(root,0,0,00:00:11/7-12:29:44,366) [jbd2/vda1-8]
(root,0,0,00:00:00/7-12:29:44,367) [ext4-rsv-conver]
(root,38604,7900,00:00:13/7-12:29:32,440) /usr/lib/systemd/systemd-journald
(root,53164,9680,00:00:01/7-12:29:31,456) /usr/lib/systemd/systemd-udevd
(root,8624,6760,00:00:11/7-12:29:29,491) /usr/sbin/haveged -w 1024 -v 0 -F
(root,13476,1636,00:00:04/7-12:28:55,512) /sbin/auditd
(messagebus,22936,5672,00:00:26/7-12:28:55,518) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
(root,38748,8540,00:00:15/7-12:28:55,531) /usr/lib/systemd/systemd-logind
(root,20556,5140,00:00:00/7-12:28:55,541) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground
(root,0,0,00:00:00/13:55,589) [kworker/u8:0-writeback]
(root,31876,16220,00:00:03/7-12:28:54,626) /usr/sbin/wickedd --systemd --foreground
(root,31896,16976,00:00:00/7-12:28:54,627) /usr/sbin/wickedd-nanny --systemd --foreground
(root,547592,25356,00:00:08/7-12:28:40,1172) python3 /services/inst/nemo-exportd/bin/nemo-exportd
(root,37016,26512,00:00:00/7-12:28:40,1185) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion
(root,21172,4568,00:00:39/7-12:28:39,1194) /usr/sbin/xinetd -stayalive -dontfork
(root,2984,1744,00:00:00/7-12:28:39,1197) /sbin/agetty -o -p -- \u --noclear tty1 linux
(syslogtunnel,40568,10564,00:00:00/7-12:28:39,1199) /usr/lib/systemd/systemd --user
(cm-ssh,40568,10520,00:00:00/7-12:28:39,1200) /usr/lib/systemd/systemd --user
(checkmk,40560,10484,00:00:00/7-12:28:39,1201) /usr/lib/systemd/systemd --user
(root,448968,8820,00:00:13/7-12:28:39,1202) /usr/sbin/rsyslogd -n -iNONE
(ntp,20660,6224,00:00:59/7-12:28:39,1204) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf
(root,2516,672,00:00:00/7-12:28:39,1206) bpfilter_umh
(root,26204,8300,00:00:04/7-12:28:39,1214) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups
(ntp,22048,4236,00:00:00/7-12:28:39,1215) ntpd: asynchronous dns resolver
(spot,284148,169540,08:31:31/7-12:28:39,1221) /usr/bin/python3.11 /usr/bin/spot
(cm-ssh,48532,3192,00:00:00/7-12:28:38,1228) (sd-pam)
(checkmk,48532,3192,00:00:00/7-12:28:38,1229) (sd-pam)
(syslogtunnel,48532,3192,00:00:00/7-12:28:38,1245) (sd-pam)
(root,24216,5348,00:00:02/7-12:28:37,1325) /usr/lib/postfix/bin//master -w
(postfix,24292,8260,00:00:00/7-12:28:37,1327) qmgr -l -t fifo -u
(root,8964,2668,00:00:01/7-12:28:36,1354) /usr/sbin/cron -n
(root,691080,73620,00:09:38/7-12:28:30,1375) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion
(spot,209344,43784,00:02:24/7-12:28:16,1380) /usr/bin/python3.11 /usr/bin/spot
(root,0,0,00:00:00/39:28,1729) [kworker/0:2-events]
(root,0,0,00:00:00/32:15,3298) [kworker/2:1-events]
(root,0,0,00:00:00/07:00,6632) [kworker/1:2-ata_sff]
(root,0,0,00:00:00/01:08:44,7055) [kworker/3:2-events]
(root,0,0,00:00:00/46:50,8300) [kworker/3:1-events]
(root,35308,10012,00:00:00/04:24:43,8747) sshd: syslogtunnel [priv]
(syslogtunnel,35308,5532,00:00:00/04:24:43,8749) sshd: syslogtunnel
(root,6656,3484,00:00:00/00:00,10918) /bin/bash /usr/bin/check_mk_agent
(root,6656,1824,00:00:00/00:00,10984) /bin/bash /usr/bin/check_mk_agent
(root,6656,2016,00:00:00/00:00,10985) /bin/bash /usr/bin/check_mk_agent
(root,4480,1048,00:00:00/00:00,10986) awk  /:/ { c[$4]++; } END { for (x in c) { print x, c[x]; } }
(root,2728,776,00:00:00/00:00,10987) timeout 5 cat /proc/net/tcp /proc/net/tcp6
(root,2680,696,00:00:00/00:00,10988) cat /proc/net/tcp /proc/net/tcp6
(root,6656,3476,00:00:00/00:00,10989) /bin/bash /usr/bin/check_mk_agent
(root,13744,3384,00:00:00/00:00,11007) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000
(root,11644,964,00:00:00/00:00,11008) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) /
(root,35308,10012,00:00:00/1-10:19:32,15389) sshd: cm-ssh [priv]
(cm-ssh,35308,5508,00:00:04/1-10:19:31,15391) sshd: cm-ssh
(root,0,0,00:00:00/10:50,17554) [kworker/0:1-events]
(postfix,24244,8324,00:00:00/23:13,18194) pickup -l -t fifo -u
(root,0,0,00:00:00/36:28,18809) [kworker/u8:1-ext4-rsv-conversion]
(root,0,0,00:00:00/43:19,21988) [kworker/1:0-events]
(postfix,44628,9464,00:00:00/1-17:05:17,30472) tlsmgr -l -t unix -u
(root,0,0,00:00:00/14:25,30892) [kworker/2:2]
(root,0,0,00:00:00/01:49,32541) [kworker/1:1-ata_sff]

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff
    altname enp0s18
    altname ens18
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff
    altname enp0s19
    altname ens19
[end_iplink]
      Found on 2024-11-19 22:52

    • Severity: high
      Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363bc3b73da

      Found public CheckMk agent:
Version: 1.5.0p25
AgentOS: linux
Hostname: sarpedon
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
OnlyFrom: 

Found process list through CheckMk:
(root,189460,12768,00:00:18/5-11:30:51,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29
(root,0,0,00:00:00/5-11:30:51,2) [kthreadd]
(root,0,0,00:00:00/5-11:30:51,3) [rcu_gp]
(root,0,0,00:00:00/5-11:30:51,4) [rcu_par_gp]
(root,0,0,00:00:00/5-11:30:51,5) [slub_flushwq]
(root,0,0,00:00:00/5-11:30:51,7) [kworker/0:0H-events_highpri]
(root,0,0,00:00:00/5-11:30:51,9) [mm_percpu_wq]
(root,0,0,00:00:00/5-11:30:51,10) [rcu_tasks_kthre]
(root,0,0,00:00:00/5-11:30:51,11) [rcu_tasks_rude_]
(root,0,0,00:00:00/5-11:30:51,12) [rcu_tasks_trace]
(root,0,0,00:00:08/5-11:30:51,13) [ksoftirqd/0]
(root,0,0,00:14:14/5-11:30:51,14) [rcu_preempt]
(root,0,0,00:00:02/5-11:30:51,15) [migration/0]
(root,0,0,00:00:00/5-11:30:51,16) [idle_inject/0]
(root,0,0,00:00:00/5-11:30:51,18) [cpuhp/0]
(root,0,0,00:00:00/5-11:30:51,19) [cpuhp/1]
(root,0,0,00:00:00/5-11:30:51,20) [idle_inject/1]
(root,0,0,00:00:02/5-11:30:51,21) [migration/1]
(root,0,0,00:00:07/5-11:30:51,22) [ksoftirqd/1]
(root,0,0,00:00:00/5-11:30:51,24) [kworker/1:0H-events_highpri]
(root,0,0,00:00:00/5-11:30:51,25) [cpuhp/2]
(root,0,0,00:00:00/5-11:30:51,26) [idle_inject/2]
(root,0,0,00:00:01/5-11:30:51,27) [migration/2]
(root,0,0,00:11:45/5-11:30:51,28) [ksoftirqd/2]
(root,0,0,00:00:00/5-11:30:51,30) [kworker/2:0H-events_highpri]
(root,0,0,00:00:00/5-11:30:51,31) [cpuhp/3]
(root,0,0,00:00:00/5-11:30:51,32) [idle_inject/3]
(root,0,0,00:00:02/5-11:30:51,33) [migration/3]
(root,0,0,00:00:29/5-11:30:51,34) [ksoftirqd/3]
(root,0,0,00:00:00/5-11:30:51,36) [kworker/3:0H-events_highpri]
(root,0,0,00:00:00/5-11:30:51,39) [kdevtmpfs]
(root,0,0,00:00:00/5-11:30:51,40) [netns]
(root,0,0,00:00:00/5-11:30:51,41) [inet_frag_wq]
(root,0,0,00:00:01/5-11:30:51,42) [kauditd]
(root,0,0,00:00:00/5-11:30:51,43) [khungtaskd]
(root,0,0,00:00:00/5-11:30:51,44) [oom_reaper]
(root,0,0,00:00:00/5-11:30:51,45) [writeback]
(root,0,0,00:00:14/5-11:30:51,46) [kcompactd0]
(root,0,0,00:00:00/5-11:30:51,47) [ksmd]
(root,0,0,00:00:15/5-11:30:51,48) [khugepaged]
(root,0,0,00:00:00/5-11:30:51,74) [kintegrityd]
(root,0,0,00:00:00/5-11:30:51,75) [kblockd]
(root,0,0,00:00:00/5-11:30:51,76) [blkcg_punt_bio]
(root,0,0,00:00:00/5-11:30:51,78) [tpm_dev_wq]
(root,0,0,00:00:00/5-11:30:51,79) [edac-poller]
(root,0,0,00:00:00/5-11:30:51,80) [devfreq_wq]
(root,0,0,00:00:00/5-11:30:51,110) [watchdogd]
(root,0,0,00:00:01/5-11:30:51,111) [kworker/2:1H-kblockd]
(root,0,0,00:00:00/5-11:30:51,112) [kswapd0]
(root,0,0,00:00:00/5-11:30:50,114) [kthrotld]
(root,0,0,00:00:00/5-11:30:50,115) [mld]
(root,0,0,00:00:00/5-11:30:50,116) [ipv6_addrconf]
(root,0,0,00:00:02/5-11:30:50,117) [kworker/1:1H-kblockd]
(root,0,0,00:00:00/5-11:30:50,122) [kstrp]
(root,0,0,00:00:00/5-11:30:50,123) [zswap-shrink]
(root,0,0,00:00:00/5-11:30:50,124) [kworker/u9:0]
(root,0,0,00:00:00/5-11:30:50,129) [charger_manager]
(root,0,0,00:00:01/5-11:30:49,172) [kworker/3:1H-kblockd]
(root,0,0,00:00:01/5-11:30:49,175) [kworker/0:1H-kblockd]
(root,0,0,00:00:00/5-11:30:49,205) [kaluad]
(root,0,0,00:00:00/5-11:30:49,250) [kmpath_rdacd]
(root,0,0,00:00:00/5-11:30:49,293) [kmpathd]
(root,0,0,00:00:00/5-11:30:49,294) [kmpath_handlerd]
(root,0,0,00:00:00/5-11:30:49,342) [ata_sff]
(root,0,0,00:00:00/5-11:30:48,343) [scsi_eh_0]
(root,0,0,00:00:00/5-11:30:48,344) [scsi_tmf_0]
(root,0,0,00:00:00/5-11:30:48,345) [scsi_eh_1]
(root,0,0,00:00:00/5-11:30:48,346) [scsi_tmf_1]
(root,0,0,00:00:08/5-11:30:46,366) [jbd2/vda1-8]
(root,0,0,00:00:00/5-11:30:46,367) [ext4-rsv-conver]
(root,38604,7544,00:00:09/5-11:30:34,440) /usr/lib/systemd/systemd-journald
(root,53164,9776,00:00:00/5-11:30:33,456) /usr/lib/systemd/systemd-udevd
(root,8624,6760,00:00:08/5-11:30:31,491) /usr/sbin/haveged -w 1024 -v 0 -F
(root,13476,1652,00:00:03/5-11:29:57,512) /sbin/auditd
(messagebus,22936,5824,00:00:19/5-11:29:57,518) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
(root,38748,8540,00:00:11/5-11:29:57,531) /usr/lib/systemd/systemd-logind
(root,20556,6104,00:00:00/5-11:29:57,541) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground
(root,31876,17312,00:00:03/5-11:29:56,626) /usr/sbin/wickedd --systemd --foreground
(root,31896,17960,00:00:00/5-11:29:56,627) /usr/sbin/wickedd-nanny --systemd --foreground
(root,547592,25572,00:00:06/5-11:29:42,1172) python3 /services/inst/nemo-exportd/bin/nemo-exportd
(root,37016,26748,00:00:00/5-11:29:42,1185) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion
(root,21172,4568,00:00:27/5-11:29:41,1194) /usr/sbin/xinetd -stayalive -dontfork
(root,2984,1756,00:00:00/5-11:29:41,1197) /sbin/agetty -o -p -- \u --noclear tty1 linux
(syslogtunnel,40568,10564,00:00:00/5-11:29:41,1199) /usr/lib/systemd/systemd --user
(cm-ssh,40568,10520,00:00:00/5-11:29:41,1200) /usr/lib/systemd/systemd --user
(checkmk,40560,10484,00:00:00/5-11:29:41,1201) /usr/lib/systemd/systemd --user
(root,448968,8640,00:00:10/5-11:29:41,1202) /usr/sbin/rsyslogd -n -iNONE
(ntp,20660,6484,00:00:42/5-11:29:41,1204) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf
(root,2516,672,00:00:00/5-11:29:41,1206) bpfilter_umh
(root,26204,8340,00:00:03/5-11:29:41,1214) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups
(ntp,22048,4384,00:00:00/5-11:29:41,1215) ntpd: asynchronous dns resolver
(spot,276008,163700,05:59:55/5-11:29:41,1221) /usr/bin/python3.11 /usr/bin/spot
(cm-ssh,48532,3192,00:00:00/5-11:29:40,1228) (sd-pam)
(checkmk,48532,3192,00:00:00/5-11:29:40,1229) (sd-pam)
(syslogtunnel,48532,3192,00:00:00/5-11:29:40,1245) (sd-pam)
(root,24216,5348,00:00:01/5-11:29:39,1325) /usr/lib/postfix/bin//master -w
(postfix,24292,8260,00:00:00/5-11:29:39,1327) qmgr -l -t fifo -u
(root,8964,2668,00:00:00/5-11:29:38,1354) /usr/sbin/cron -n
(root,691080,73440,00:06:57/5-11:29:32,1375) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion
(spot,208320,42484,00:01:44/5-11:29:18,1380) /usr/bin/python3.11 /usr/bin/spot
(root,6656,3492,00:00:00/00:01,2315) /bin/bash /usr/bin/check_mk_agent
(root,6656,1828,00:00:00/00:00,2411) /bin/bash /usr/bin/check_mk_agent
(root,6656,2020,00:00:00/00:00,2412) /bin/bash /usr/bin/check_mk_agent
(root,4480,1016,00:00:00/00:00,2413) awk  /:/ { c[$4]++; } END { for (x in c) { print x, c[x]; } }
(root,2728,816,00:00:00/00:00,2415) timeout 5 cat /proc/net/tcp /proc/net/tcp6
(root,2680,712,00:00:00/00:00,2416) cat /proc/net/tcp /proc/net/tcp6
(root,6656,3480,00:00:00/00:00,2421) /bin/bash /usr/bin/check_mk_agent
(root,13744,3496,00:00:00/00:00,2444) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000
(root,11644,968,00:00:00/00:00,2445) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) /
(root,0,0,00:00:00/21:44,4430) [kworker/0:0-events]
(root,35308,10024,00:00:00/3-13:22:27,4679) sshd: syslogtunnel [priv]
(syslogtunnel,35308,5592,00:00:12/3-13:22:27,4681) sshd: syslogtunnel
(root,35308,10044,00:00:00/3-13:22:12,4686) sshd: cm-ssh [priv]
(cm-ssh,35308,5396,00:00:10/3-13:22:12,4688) sshd: cm-ssh
(root,0,0,00:00:00/07:02,7039) [kworker/1:1-ata_sff]
(root,0,0,00:00:05/12:00:34,13342) [kworker/1:0-events]
(root,0,0,00:00:01/01:51:17,22417) [kworker/2:2-events]
(root,0,0,00:00:00/01:51:13,22418) [kworker/u8:2-flush-253:0]
(root,0,0,00:00:00/03:22:30,26136) [kworker/u8:1-ext4-rsv-conversion]
(postfix,24244,8272,00:00:00/01:25:10,27452) pickup -l -t fifo -u
(root,0,0,00:00:00/05:02:26,27907) [kworker/3:1-cgroup_destroy]
(root,0,0,00:00:00/01:52,28062) [kworker/1:2-ata_sff]
(root,0,0,00:00:00/01:08:43,28891) [kworker/3:2-events]
(root,0,0,00:00:00/55:57,29918) [kworker/2:0]
(root,0,0,00:00:00/38:50,31879) [kworker/0:2-events]

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff
    altname enp0s18
    altname ens18
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff
    altname enp0s19
    altname ens19
[end_iplink]
      Found on 2024-11-17 21:53

    • Severity: high
      Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363511c3714

      Found public CheckMk agent:
Version: 1.5.0p25
AgentOS: linux
Hostname: sarpedon
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
OnlyFrom: 

Found process list through CheckMk:
(root,189460,12768,00:00:13/3-15:12:30,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29
(root,0,0,00:00:00/3-15:12:30,2) [kthreadd]
(root,0,0,00:00:00/3-15:12:30,3) [rcu_gp]
(root,0,0,00:00:00/3-15:12:30,4) [rcu_par_gp]
(root,0,0,00:00:00/3-15:12:30,5) [slub_flushwq]
(root,0,0,00:00:00/3-15:12:30,7) [kworker/0:0H-events_highpri]
(root,0,0,00:00:00/3-15:12:30,9) [mm_percpu_wq]
(root,0,0,00:00:00/3-15:12:30,10) [rcu_tasks_kthre]
(root,0,0,00:00:00/3-15:12:30,11) [rcu_tasks_rude_]
(root,0,0,00:00:00/3-15:12:30,12) [rcu_tasks_trace]
(root,0,0,00:00:05/3-15:12:30,13) [ksoftirqd/0]
(root,0,0,00:09:30/3-15:12:30,14) [rcu_preempt]
(root,0,0,00:00:01/3-15:12:30,15) [migration/0]
(root,0,0,00:00:00/3-15:12:30,16) [idle_inject/0]
(root,0,0,00:00:00/3-15:12:30,18) [cpuhp/0]
(root,0,0,00:00:00/3-15:12:30,19) [cpuhp/1]
(root,0,0,00:00:00/3-15:12:30,20) [idle_inject/1]
(root,0,0,00:00:01/3-15:12:30,21) [migration/1]
(root,0,0,00:00:05/3-15:12:30,22) [ksoftirqd/1]
(root,0,0,00:00:00/3-15:12:30,24) [kworker/1:0H-events_highpri]
(root,0,0,00:00:00/3-15:12:30,25) [cpuhp/2]
(root,0,0,00:00:00/3-15:12:30,26) [idle_inject/2]
(root,0,0,00:00:01/3-15:12:30,27) [migration/2]
(root,0,0,00:08:01/3-15:12:30,28) [ksoftirqd/2]
(root,0,0,00:00:00/3-15:12:30,30) [kworker/2:0H-events_highpri]
(root,0,0,00:00:00/3-15:12:30,31) [cpuhp/3]
(root,0,0,00:00:00/3-15:12:30,32) [idle_inject/3]
(root,0,0,00:00:01/3-15:12:30,33) [migration/3]
(root,0,0,00:00:20/3-15:12:30,34) [ksoftirqd/3]
(root,0,0,00:00:00/3-15:12:30,36) [kworker/3:0H-events_highpri]
(root,0,0,00:00:00/3-15:12:30,39) [kdevtmpfs]
(root,0,0,00:00:00/3-15:12:30,40) [netns]
(root,0,0,00:00:00/3-15:12:30,41) [inet_frag_wq]
(root,0,0,00:00:01/3-15:12:30,42) [kauditd]
(root,0,0,00:00:00/3-15:12:30,43) [khungtaskd]
(root,0,0,00:00:00/3-15:12:30,44) [oom_reaper]
(root,0,0,00:00:00/3-15:12:30,45) [writeback]
(root,0,0,00:00:09/3-15:12:30,46) [kcompactd0]
(root,0,0,00:00:00/3-15:12:30,47) [ksmd]
(root,0,0,00:00:10/3-15:12:30,48) [khugepaged]
(root,0,0,00:00:00/3-15:12:30,74) [kintegrityd]
(root,0,0,00:00:00/3-15:12:30,75) [kblockd]
(root,0,0,00:00:00/3-15:12:30,76) [blkcg_punt_bio]
(root,0,0,00:00:00/3-15:12:30,78) [tpm_dev_wq]
(root,0,0,00:00:00/3-15:12:30,79) [edac-poller]
(root,0,0,00:00:00/3-15:12:30,80) [devfreq_wq]
(root,0,0,00:00:00/3-15:12:30,110) [watchdogd]
(root,0,0,00:00:00/3-15:12:30,111) [kworker/2:1H-kblockd]
(root,0,0,00:00:00/3-15:12:30,112) [kswapd0]
(root,0,0,00:00:00/3-15:12:29,114) [kthrotld]
(root,0,0,00:00:00/3-15:12:29,115) [mld]
(root,0,0,00:00:00/3-15:12:29,116) [ipv6_addrconf]
(root,0,0,00:00:01/3-15:12:29,117) [kworker/1:1H-kblockd]
(root,0,0,00:00:00/3-15:12:29,122) [kstrp]
(root,0,0,00:00:00/3-15:12:29,123) [zswap-shrink]
(root,0,0,00:00:00/3-15:12:29,124) [kworker/u9:0]
(root,0,0,00:00:00/3-15:12:29,129) [charger_manager]
(root,0,0,00:00:00/3-15:12:28,172) [kworker/3:1H-kblockd]
(root,0,0,00:00:00/3-15:12:28,175) [kworker/0:1H-kblockd]
(root,0,0,00:00:00/3-15:12:28,205) [kaluad]
(root,0,0,00:00:00/3-15:12:28,250) [kmpath_rdacd]
(root,0,0,00:00:00/3-15:12:28,293) [kmpathd]
(root,0,0,00:00:00/3-15:12:28,294) [kmpath_handlerd]
(root,0,0,00:00:00/3-15:12:28,342) [ata_sff]
(root,0,0,00:00:00/3-15:12:27,343) [scsi_eh_0]
(root,0,0,00:00:00/3-15:12:27,344) [scsi_tmf_0]
(root,0,0,00:00:00/3-15:12:27,345) [scsi_eh_1]
(root,0,0,00:00:00/3-15:12:27,346) [scsi_tmf_1]
(root,0,0,00:00:05/3-15:12:25,366) [jbd2/vda1-8]
(root,0,0,00:00:00/3-15:12:25,367) [ext4-rsv-conver]
(root,38604,7544,00:00:07/3-15:12:13,440) /usr/lib/systemd/systemd-journald
(root,53164,9776,00:00:00/3-15:12:12,456) /usr/lib/systemd/systemd-udevd
(root,8624,6760,00:00:05/3-15:12:10,491) /usr/sbin/haveged -w 1024 -v 0 -F
(root,13476,1652,00:00:02/3-15:11:36,512) /sbin/auditd
(messagebus,22936,5824,00:00:14/3-15:11:36,518) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
(root,38748,8540,00:00:08/3-15:11:36,531) /usr/lib/systemd/systemd-logind
(root,20556,6104,00:00:00/3-15:11:36,541) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground
(root,31876,17312,00:00:03/3-15:11:35,626) /usr/sbin/wickedd --systemd --foreground
(root,31896,17960,00:00:00/3-15:11:35,627) /usr/sbin/wickedd-nanny --systemd --foreground
(root,547336,24748,00:00:04/3-15:11:21,1172) python3 /services/inst/nemo-exportd/bin/nemo-exportd
(root,37016,26748,00:00:00/3-15:11:21,1185) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion
(root,21172,4568,00:00:18/3-15:11:20,1194) /usr/sbin/xinetd -stayalive -dontfork
(root,2984,1756,00:00:00/3-15:11:20,1197) /sbin/agetty -o -p -- \u --noclear tty1 linux
(syslogtunnel,40568,10564,00:00:00/3-15:11:20,1199) /usr/lib/systemd/systemd --user
(cm-ssh,40568,10520,00:00:00/3-15:11:20,1200) /usr/lib/systemd/systemd --user
(checkmk,40560,10484,00:00:00/3-15:11:20,1201) /usr/lib/systemd/systemd --user
(root,448968,8640,00:00:07/3-15:11:20,1202) /usr/sbin/rsyslogd -n -iNONE
(ntp,20660,6484,00:00:28/3-15:11:20,1204) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf
(root,2516,672,00:00:00/3-15:11:20,1206) bpfilter_umh
(root,26204,8340,00:00:02/3-15:11:20,1214) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups
(ntp,22048,4384,00:00:00/3-15:11:20,1215) ntpd: asynchronous dns resolver
(spot,273804,162284,04:12:18/3-15:11:20,1221) /usr/bin/python3.11 /usr/bin/spot
(cm-ssh,48532,3192,00:00:00/3-15:11:19,1228) (sd-pam)
(checkmk,48532,3192,00:00:00/3-15:11:19,1229) (sd-pam)
(syslogtunnel,48532,3192,00:00:00/3-15:11:19,1245) (sd-pam)
(root,0,0,00:00:00/19:15,1284) [kworker/2:1]
(root,24216,5348,00:00:01/3-15:11:18,1325) /usr/lib/postfix/bin//master -w
(postfix,24292,8260,00:00:00/3-15:11:18,1327) qmgr -l -t fifo -u
(root,8964,2668,00:00:00/3-15:11:17,1354) /usr/sbin/cron -n
(root,689544,71904,00:04:39/3-15:11:11,1375) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion
(spot,207296,41156,00:01:10/3-15:10:57,1380) /usr/bin/python3.11 /usr/bin/spot
(root,0,0,00:00:00/01:08:32,1655) [kworker/0:1-events]
(root,0,0,00:00:04/03:43:52,3235) [kworker/2:0-events]
(root,35308,10024,00:00:00/1-17:04:06,4679) sshd: syslogtunnel [priv]
(syslogtunnel,35308,5592,00:00:05/1-17:04:06,4681) sshd: syslogtunnel
(root,35308,10044,00:00:00/1-17:03:51,4686) sshd: cm-ssh [priv]
(cm-ssh,35308,5396,00:00:05/1-17:03:51,4688) sshd: cm-ssh
(root,0,0,00:00:00/02:21:40,4707) [kworker/0:2-events]
(root,6656,3480,00:00:00/00:00,11577) /bin/bash /usr/bin/check_mk_agent
(root,13744,3408,00:00:00/00:00,11595) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000
(root,11644,964,00:00:00/00:00,11596) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) /
(postfix,24244,8164,00:00:00/28:40,13818) pickup -l -t fifo -u
(root,0,0,00:00:01/01:30:49,19322) [kworker/1:1-events]
(root,0,0,00:00:00/01:29:09,25346) [kworker/u8:0-flush-253:0]
(root,0,0,00:00:00/07:49,25518) [kworker/1:2-ata_sff]
(root,0,0,00:00:00/07:28,26463) [kworker/3:0-events]
(root,0,0,00:00:00/02:39,28129) [kworker/1:0-ata_sff]
(root,0,0,00:00:00/05:19:07,30146) [kworker/u8:2]
(root,0,0,00:00:00/42:42,30663) [kworker/3:1-events]

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff
    altname enp0s18
    altname ens18
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff
    altname enp0s19
    altname ens19
[end_iplink]
      Found on 2024-11-16 01:34

    • Severity: high
      Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363f9bbaf1f

      Found public CheckMk agent:
Version: 1.5.0p25
AgentOS: linux
Hostname: sarpedon
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
OnlyFrom: 

Found process list through CheckMk:
(root,189460,12672,00:00:07/1-14:09:39,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29
(root,0,0,00:00:00/1-14:09:39,2) [kthreadd]
(root,0,0,00:00:00/1-14:09:39,3) [rcu_gp]
(root,0,0,00:00:00/1-14:09:39,4) [rcu_par_gp]
(root,0,0,00:00:00/1-14:09:39,5) [slub_flushwq]
(root,0,0,00:00:00/1-14:09:39,7) [kworker/0:0H-events_highpri]
(root,0,0,00:00:00/1-14:09:39,9) [mm_percpu_wq]
(root,0,0,00:00:00/1-14:09:39,10) [rcu_tasks_kthre]
(root,0,0,00:00:00/1-14:09:39,11) [rcu_tasks_rude_]
(root,0,0,00:00:00/1-14:09:39,12) [rcu_tasks_trace]
(root,0,0,00:00:02/1-14:09:39,13) [ksoftirqd/0]
(root,0,0,00:04:07/1-14:09:39,14) [rcu_preempt]
(root,0,0,00:00:00/1-14:09:39,15) [migration/0]
(root,0,0,00:00:00/1-14:09:39,16) [idle_inject/0]
(root,0,0,00:00:00/1-14:09:39,18) [cpuhp/0]
(root,0,0,00:00:00/1-14:09:39,19) [cpuhp/1]
(root,0,0,00:00:00/1-14:09:39,20) [idle_inject/1]
(root,0,0,00:00:00/1-14:09:39,21) [migration/1]
(root,0,0,00:00:02/1-14:09:39,22) [ksoftirqd/1]
(root,0,0,00:00:00/1-14:09:39,24) [kworker/1:0H-events_highpri]
(root,0,0,00:00:00/1-14:09:39,25) [cpuhp/2]
(root,0,0,00:00:00/1-14:09:39,26) [idle_inject/2]
(root,0,0,00:00:00/1-14:09:39,27) [migration/2]
(root,0,0,00:03:23/1-14:09:39,28) [ksoftirqd/2]
(root,0,0,00:00:00/1-14:09:39,30) [kworker/2:0H-events_highpri]
(root,0,0,00:00:00/1-14:09:39,31) [cpuhp/3]
(root,0,0,00:00:00/1-14:09:39,32) [idle_inject/3]
(root,0,0,00:00:00/1-14:09:39,33) [migration/3]
(root,0,0,00:00:08/1-14:09:39,34) [ksoftirqd/3]
(root,0,0,00:00:00/1-14:09:39,36) [kworker/3:0H-events_highpri]
(root,0,0,00:00:00/1-14:09:39,39) [kdevtmpfs]
(root,0,0,00:00:00/1-14:09:39,40) [netns]
(root,0,0,00:00:00/1-14:09:39,41) [inet_frag_wq]
(root,0,0,00:00:00/1-14:09:39,42) [kauditd]
(root,0,0,00:00:00/1-14:09:39,43) [khungtaskd]
(root,0,0,00:00:00/1-14:09:39,44) [oom_reaper]
(root,0,0,00:00:00/1-14:09:39,45) [writeback]
(root,0,0,00:00:04/1-14:09:39,46) [kcompactd0]
(root,0,0,00:00:00/1-14:09:39,47) [ksmd]
(root,0,0,00:00:04/1-14:09:39,48) [khugepaged]
(root,0,0,00:00:00/1-14:09:39,74) [kintegrityd]
(root,0,0,00:00:00/1-14:09:39,75) [kblockd]
(root,0,0,00:00:00/1-14:09:39,76) [blkcg_punt_bio]
(root,0,0,00:00:00/1-14:09:39,78) [tpm_dev_wq]
(root,0,0,00:00:00/1-14:09:39,79) [edac-poller]
(root,0,0,00:00:00/1-14:09:39,80) [devfreq_wq]
(root,0,0,00:00:00/1-14:09:39,110) [watchdogd]
(root,0,0,00:00:00/1-14:09:39,111) [kworker/2:1H-kblockd]
(root,0,0,00:00:00/1-14:09:39,112) [kswapd0]
(root,0,0,00:00:00/1-14:09:38,114) [kthrotld]
(root,0,0,00:00:00/1-14:09:38,115) [mld]
(root,0,0,00:00:00/1-14:09:38,116) [ipv6_addrconf]
(root,0,0,00:00:00/1-14:09:38,117) [kworker/1:1H-kblockd]
(root,0,0,00:00:00/1-14:09:38,122) [kstrp]
(root,0,0,00:00:00/1-14:09:38,123) [zswap-shrink]
(root,0,0,00:00:00/1-14:09:38,124) [kworker/u9:0]
(root,0,0,00:00:00/1-14:09:38,129) [charger_manager]
(root,0,0,00:00:00/1-14:09:37,172) [kworker/3:1H-kblockd]
(root,0,0,00:00:00/1-14:09:37,175) [kworker/0:1H-kblockd]
(root,0,0,00:00:00/1-14:09:37,205) [kaluad]
(root,0,0,00:00:00/1-14:09:37,250) [kmpath_rdacd]
(root,0,0,00:00:00/1-14:09:37,293) [kmpathd]
(root,0,0,00:00:00/1-14:09:37,294) [kmpath_handlerd]
(root,0,0,00:00:00/1-14:09:37,342) [ata_sff]
(root,0,0,00:00:00/1-14:09:36,343) [scsi_eh_0]
(root,0,0,00:00:00/1-14:09:36,344) [scsi_tmf_0]
(root,0,0,00:00:00/1-14:09:36,345) [scsi_eh_1]
(root,0,0,00:00:00/1-14:09:36,346) [scsi_tmf_1]
(root,0,0,00:00:02/1-14:09:34,366) [jbd2/vda1-8]
(root,0,0,00:00:00/1-14:09:34,367) [ext4-rsv-conver]
(root,38604,7544,00:00:03/1-14:09:22,440) /usr/lib/systemd/systemd-journald
(root,53164,9776,00:00:00/1-14:09:21,456) /usr/lib/systemd/systemd-udevd
(root,8624,6760,00:00:02/1-14:09:19,491) /usr/sbin/haveged -w 1024 -v 0 -F
(root,13476,1652,00:00:01/1-14:08:45,512) /sbin/auditd
(messagebus,22936,5824,00:00:07/1-14:08:45,518) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
(root,38748,8508,00:00:03/1-14:08:45,531) /usr/lib/systemd/systemd-logind
(root,20556,6104,00:00:00/1-14:08:45,541) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground
(root,31876,17312,00:00:03/1-14:08:44,626) /usr/sbin/wickedd --systemd --foreground
(root,31896,17960,00:00:00/1-14:08:44,627) /usr/sbin/wickedd-nanny --systemd --foreground
(root,547336,24220,00:00:02/1-14:08:30,1172) python3 /services/inst/nemo-exportd/bin/nemo-exportd
(root,37016,26748,00:00:00/1-14:08:30,1185) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion
(root,21172,4568,00:00:07/1-14:08:29,1194) /usr/sbin/xinetd -stayalive -dontfork
(root,2984,1756,00:00:00/1-14:08:29,1197) /sbin/agetty -o -p -- \u --noclear tty1 linux
(syslogtunnel,40568,10564,00:00:00/1-14:08:29,1199) /usr/lib/systemd/systemd --user
(cm-ssh,40568,10520,00:00:00/1-14:08:29,1200) /usr/lib/systemd/systemd --user
(checkmk,40560,10484,00:00:00/1-14:08:29,1201) /usr/lib/systemd/systemd --user
(root,448724,7840,00:00:03/1-14:08:29,1202) /usr/sbin/rsyslogd -n -iNONE
(ntp,20660,6484,00:00:12/1-14:08:29,1204) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf
(root,2516,672,00:00:00/1-14:08:29,1206) bpfilter_umh
(root,26204,8340,00:00:01/1-14:08:29,1214) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups
(ntp,22048,4384,00:00:00/1-14:08:29,1215) ntpd: asynchronous dns resolver
(spot,199060,161700,01:46:44/1-14:08:29,1221) /usr/bin/python3.11 /usr/bin/spot
(cm-ssh,48532,3192,00:00:00/1-14:08:28,1228) (sd-pam)
(checkmk,48532,3192,00:00:00/1-14:08:28,1229) (sd-pam)
(syslogtunnel,48532,3192,00:00:00/1-14:08:28,1245) (sd-pam)
(root,24216,5348,00:00:00/1-14:08:27,1325) /usr/lib/postfix/bin//master -w
(postfix,24292,8260,00:00:00/1-14:08:27,1327) qmgr -l -t fifo -u
(root,8964,2668,00:00:00/1-14:08:26,1354) /usr/sbin/cron -n
(root,35308,9992,00:00:00/1-14:08:22,1368) sshd: syslogtunnel [priv]
(syslogtunnel,35308,5400,00:00:05/1-14:08:22,1371) sshd: syslogtunnel
(root,689288,71288,00:02:03/1-14:08:20,1375) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion
(spot,206272,40784,00:00:32/1-14:08:06,1380) /usr/bin/python3.11 /usr/bin/spot
(root,35308,9976,00:00:00/1-14:07:47,1434) sshd: cm-ssh [priv]
(cm-ssh,35308,5468,00:00:04/1-14:07:47,1436) sshd: cm-ssh
(root,6656,3484,00:00:00/00:00,1985) /bin/bash /usr/bin/check_mk_agent
(root,13744,3528,00:00:00/00:00,2003) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000
(root,11644,964,00:00:00/00:00,2004) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) /
(root,0,0,00:00:05/08:34:04,3139) [kworker/1:0-ata_sff]
(root,0,0,00:00:00/16:32,4324) [kworker/3:1-events]
(postfix,24244,8168,00:00:00/01:27:52,8239) pickup -l -t fifo -u
(root,0,0,00:00:00/44:41,9251) [kworker/0:2-events]
(root,0,0,00:00:00/06:26,10983) [kworker/1:1-events]
(root,0,0,00:00:00/06:20,11248) [kworker/u8:0-writeback]
(root,0,0,00:00:00/13:11,17764) [kworker/2:2]
(root,0,0,00:00:00/01:07:13,27345) [kworker/3:0-events]
(root,0,0,00:00:00/01:31:41,28896) [kworker/0:0-events]
(root,0,0,00:00:00/01:31:21,29594) [kworker/u8:1]
(root,0,0,00:00:00/01:15,29799) [kworker/1:2-ata_sff]
(root,0,0,00:00:00/48:18,32356) [kworker/2:0-events]

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff
    altname enp0s18
    altname ens18
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff
    altname enp0s19
    altname ens19
[end_iplink]
      Found on 2024-11-14 00:31

    • Severity: high
      Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe5683637a9f503e

      Found public CheckMk agent:
Version: 1.5.0p25
AgentOS: linux
Hostname: sarpedon
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
OnlyFrom: 

Found process list through CheckMk:
(root,189584,12368,00:03:07/62-13:28:19,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29
(root,0,0,00:00:01/62-13:28:19,2) [kthreadd]
(root,0,0,00:00:00/62-13:28:19,3) [rcu_gp]
(root,0,0,00:00:00/62-13:28:19,4) [rcu_par_gp]
(root,0,0,00:00:00/62-13:28:19,5) [slub_flushwq]
(root,0,0,00:00:00/62-13:28:19,7) [kworker/0:0H-events_highpri]
(root,0,0,00:00:00/62-13:28:19,9) [mm_percpu_wq]
(root,0,0,00:00:00/62-13:28:19,10) [rcu_tasks_kthre]
(root,0,0,00:00:00/62-13:28:19,11) [rcu_tasks_rude_]
(root,0,0,00:00:00/62-13:28:19,12) [rcu_tasks_trace]
(root,0,0,00:01:52/62-13:28:19,13) [ksoftirqd/0]
(root,0,0,02:54:08/62-13:28:19,14) [rcu_preempt]
(root,0,0,00:00:23/62-13:28:19,15) [migration/0]
(root,0,0,00:00:00/62-13:28:19,16) [idle_inject/0]
(root,0,0,00:00:00/62-13:28:19,18) [cpuhp/0]
(root,0,0,00:00:00/62-13:28:19,19) [cpuhp/1]
(root,0,0,00:00:00/62-13:28:19,20) [idle_inject/1]
(root,0,0,00:00:23/62-13:28:19,21) [migration/1]
(root,0,0,00:01:33/62-13:28:19,22) [ksoftirqd/1]
(root,0,0,00:00:00/62-13:28:19,24) [kworker/1:0H-events_highpri]
(root,0,0,00:00:00/62-13:28:19,25) [cpuhp/2]
(root,0,0,00:00:00/62-13:28:19,26) [idle_inject/2]
(root,0,0,00:00:17/62-13:28:19,27) [migration/2]
(root,0,0,01:53:29/62-13:28:19,28) [ksoftirqd/2]
(root,0,0,00:00:00/62-13:28:19,30) [kworker/2:0H-events_highpri]
(root,0,0,00:00:00/62-13:28:19,31) [cpuhp/3]
(root,0,0,00:00:00/62-13:28:19,32) [idle_inject/3]
(root,0,0,00:00:22/62-13:28:19,33) [migration/3]
(root,0,0,00:05:43/62-13:28:19,34) [ksoftirqd/3]
(root,0,0,00:00:00/62-13:28:19,36) [kworker/3:0H-events_highpri]
(root,0,0,00:00:00/62-13:28:19,40) [kdevtmpfs]
(root,0,0,00:00:00/62-13:28:19,41) [netns]
(root,0,0,00:00:00/62-13:28:19,42) [inet_frag_wq]
(root,0,0,00:00:22/62-13:28:19,43) [kauditd]
(root,0,0,00:00:00/62-13:28:19,44) [khungtaskd]
(root,0,0,00:00:00/62-13:28:19,45) [oom_reaper]
(root,0,0,00:00:00/62-13:28:19,46) [writeback]
(root,0,0,00:03:11/62-13:28:19,47) [kcompactd0]
(root,0,0,00:00:00/62-13:28:19,48) [ksmd]
(root,0,0,00:03:27/62-13:28:19,49) [khugepaged]
(root,0,0,00:00:00/62-13:28:19,75) [kintegrityd]
(root,0,0,00:00:00/62-13:28:19,76) [kblockd]
(root,0,0,00:00:00/62-13:28:19,77) [blkcg_punt_bio]
(root,0,0,00:00:00/62-13:28:19,79) [tpm_dev_wq]
(root,0,0,00:00:00/62-13:28:19,80) [edac-poller]
(root,0,0,00:00:00/62-13:28:19,81) [devfreq_wq]
(root,0,0,00:00:00/62-13:28:19,110) [watchdogd]
(root,0,0,00:00:05/62-13:28:19,111) [kswapd0]
(root,0,0,00:00:16/62-13:28:19,113) [kworker/2:1H-kblockd]
(root,0,0,00:00:00/62-13:28:17,115) [kthrotld]
(root,0,0,00:00:00/62-13:28:17,116) [mld]
(root,0,0,00:00:00/62-13:28:17,117) [ipv6_addrconf]
(root,0,0,00:00:16/62-13:28:17,118) [kworker/0:1H-kblockd]
(root,0,0,00:00:00/62-13:28:17,123) [kstrp]
(root,0,0,00:00:00/62-13:28:17,124) [zswap-shrink]
(root,0,0,00:00:00/62-13:28:17,125) [kworker/u9:0]
(root,0,0,00:00:00/62-13:28:17,130) [charger_manager]
(root,0,0,00:00:18/62-13:28:17,172) [kworker/1:1H-kblockd]
(root,0,0,00:00:27/62-13:28:17,177) [kworker/3:1H-kblockd]
(root,0,0,00:00:00/62-13:28:16,239) [kaluad]
(root,0,0,00:00:00/62-13:28:16,258) [kmpath_rdacd]
(root,0,0,00:00:00/62-13:28:16,304) [kmpathd]
(root,0,0,00:00:00/62-13:28:16,305) [kmpath_handlerd]
(root,0,0,00:00:00/62-13:28:15,342) [ata_sff]
(root,0,0,00:00:00/62-13:28:15,343) [scsi_eh_0]
(root,0,0,00:00:00/62-13:28:15,344) [scsi_tmf_0]
(root,0,0,00:00:00/62-13:28:15,345) [scsi_eh_1]
(root,0,0,00:00:00/62-13:28:15,346) [scsi_tmf_1]
(root,0,0,00:01:59/62-13:28:12,366) [jbd2/vda1-8]
(root,0,0,00:00:00/62-13:28:12,367) [ext4-rsv-conver]
(root,38604,7852,00:01:47/62-13:28:00,440) /usr/lib/systemd/systemd-journald
(root,53296,9324,00:00:07/62-13:27:59,454) /usr/lib/systemd/systemd-udevd
(root,8624,6128,00:01:36/62-13:27:57,492) /usr/sbin/haveged -w 1024 -v 0 -F
(root,13476,1584,00:00:39/62-13:27:26,511) /sbin/auditd
(messagebus,22932,5400,00:03:34/62-13:27:25,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
(root,38880,8288,00:02:01/62-13:27:25,530) /usr/lib/systemd/systemd-logind
(root,20556,4152,00:00:00/62-13:27:25,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground
(root,31704,15472,00:00:03/62-13:27:23,611) /usr/sbin/wickedd --systemd --foreground
(root,31900,15904,00:00:00/62-13:27:23,616) /usr/sbin/wickedd-nanny --systemd --foreground
(root,549384,31628,00:01:13/62-13:27:09,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd
(root,37016,25404,00:00:00/62-13:27:09,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion
(root,21172,4512,00:06:04/62-13:27:09,1337) /usr/sbin/xinetd -stayalive -dontfork
(root,2984,1796,00:00:00/62-13:27:09,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux
(syslogtunnel,40564,10436,00:00:00/62-13:27:09,1341) /usr/lib/systemd/systemd --user
(cm-ssh,40560,10636,00:00:00/62-13:27:09,1342) /usr/lib/systemd/systemd --user
(checkmk,40568,10492,00:00:00/62-13:27:09,1343) /usr/lib/systemd/systemd --user
(root,449060,7988,00:01:56/62-13:27:09,1345) /usr/sbin/rsyslogd -n -iNONE
(ntp,20660,5712,00:08:52/62-13:27:09,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf
(root,2516,656,00:00:00/62-13:27:09,1352) bpfilter_umh
(root,26204,8096,00:00:33/62-13:27:09,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups
(ntp,22048,3940,00:00:00/62-13:27:09,1359) ntpd: asynchronous dns resolver
(spot,362800,213588,3-11:06:09/62-13:27:08,1368) /usr/bin/python3.11 /usr/bin/spot
(syslogtunnel,48528,3180,00:00:00/62-13:27:08,1371) (sd-pam)
(checkmk,48528,3180,00:00:00/62-13:27:08,1372) (sd-pam)
(cm-ssh,48528,3180,00:00:00/62-13:27:08,1373) (sd-pam)
(root,24216,5256,00:00:22/62-13:27:06,1468) /usr/lib/postfix/bin//master -w
(postfix,24292,8228,00:00:04/62-13:27:06,1470) qmgr -l -t fifo -u
(root,8964,2656,00:00:08/62-13:27:06,1485) /usr/sbin/cron -n
(root,699464,78300,01:26:25/62-13:27:00,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion
(root,0,0,00:00:00/01:02:54,1818) [kworker/1:0-events]
(spot,236992,82964,00:31:54/62-13:26:48,1995) /usr/bin/python3.11 /usr/bin/spot
(root,0,0,00:00:00/18:14,2406) [kworker/u8:0-flush-253:0]
(root,6656,3480,00:00:00/00:00,2444) /bin/bash /usr/bin/check_mk_agent
(root,13744,3488,00:00:00/00:00,2462) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000
(root,11644,964,00:00:00/00:00,2463) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) /
(postfix,44628,9104,00:00:02/56-19:02:23,2557) tlsmgr -l -t unix -u
(root,0,0,00:00:00/16:15,5538) [kworker/2:1-cgroup_destroy]
(root,0,0,00:00:00/05:59,9287) [kworker/3:2-ata_sff]
(root,0,0,00:00:00/13:46,9738) [kworker/0:2-cgroup_destroy]
(root,35304,10040,00:00:00/24-13:55:18,10512) sshd: syslogtunnel [priv]
(syslogtunnel,35304,5440,00:01:32/24-13:55:17,10514) sshd: syslogtunnel
(root,0,0,00:00:00/01:16:21,12427) [kworker/u8:2-ext4-rsv-conversion]
(root,0,0,00:00:00/26:04,14894) [kworker/1:1]
(root,0,0,00:00:01/02:28:57,19079) [kworker/2:2-events]
(postfix,24244,8252,00:00:00/37:50,21014) pickup -l -t fifo -u
(root,0,0,00:00:00/47:29,25290) [kworker/3:1-events_freezable_power_]
(root,0,0,00:00:00/01:23,28169) [kworker/2:0]
(root,0,0,00:00:00/00:49,30620) [kworker/3:0-ata_sff]
(root,0,0,00:00:00/45:43,30822) [kworker/0:1-events]
(root,35308,10028,00:00:00/24-14:41:31,30945) sshd: cm-ssh [priv]
(cm-ssh,35308,5584,00:01:22/24-14:41:30,30947) sshd: cm-ssh

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff
    altname enp0s18
    altname ens18
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff
    altname enp0s19
    altname ens19
[end_iplink]
      Found on 2024-11-12 00:17

    • Severity: high
      Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363048d85e7

      Found public CheckMk agent:
Version: 1.5.0p25
AgentOS: linux
Hostname: sarpedon
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
OnlyFrom: 

Found process list through CheckMk:
(root,189584,12392,00:02:58/60-14:10:13,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29
(root,0,0,00:00:01/60-14:10:13,2) [kthreadd]
(root,0,0,00:00:00/60-14:10:13,3) [rcu_gp]
(root,0,0,00:00:00/60-14:10:13,4) [rcu_par_gp]
(root,0,0,00:00:00/60-14:10:13,5) [slub_flushwq]
(root,0,0,00:00:00/60-14:10:13,7) [kworker/0:0H-events_highpri]
(root,0,0,00:00:00/60-14:10:13,9) [mm_percpu_wq]
(root,0,0,00:00:00/60-14:10:13,10) [rcu_tasks_kthre]
(root,0,0,00:00:00/60-14:10:13,11) [rcu_tasks_rude_]
(root,0,0,00:00:00/60-14:10:13,12) [rcu_tasks_trace]
(root,0,0,00:01:48/60-14:10:13,13) [ksoftirqd/0]
(root,0,0,02:49:06/60-14:10:13,14) [rcu_preempt]
(root,0,0,00:00:23/60-14:10:13,15) [migration/0]
(root,0,0,00:00:00/60-14:10:13,16) [idle_inject/0]
(root,0,0,00:00:00/60-14:10:13,18) [cpuhp/0]
(root,0,0,00:00:00/60-14:10:13,19) [cpuhp/1]
(root,0,0,00:00:00/60-14:10:13,20) [idle_inject/1]
(root,0,0,00:00:23/60-14:10:13,21) [migration/1]
(root,0,0,00:01:30/60-14:10:13,22) [ksoftirqd/1]
(root,0,0,00:00:00/60-14:10:13,24) [kworker/1:0H-events_highpri]
(root,0,0,00:00:00/60-14:10:13,25) [cpuhp/2]
(root,0,0,00:00:00/60-14:10:13,26) [idle_inject/2]
(root,0,0,00:00:17/60-14:10:13,27) [migration/2]
(root,0,0,01:49:36/60-14:10:13,28) [ksoftirqd/2]
(root,0,0,00:00:00/60-14:10:13,30) [kworker/2:0H-events_highpri]
(root,0,0,00:00:00/60-14:10:13,31) [cpuhp/3]
(root,0,0,00:00:00/60-14:10:13,32) [idle_inject/3]
(root,0,0,00:00:21/60-14:10:13,33) [migration/3]
(root,0,0,00:05:33/60-14:10:13,34) [ksoftirqd/3]
(root,0,0,00:00:00/60-14:10:13,36) [kworker/3:0H-events_highpri]
(root,0,0,00:00:00/60-14:10:13,40) [kdevtmpfs]
(root,0,0,00:00:00/60-14:10:13,41) [netns]
(root,0,0,00:00:00/60-14:10:13,42) [inet_frag_wq]
(root,0,0,00:00:21/60-14:10:13,43) [kauditd]
(root,0,0,00:00:00/60-14:10:13,44) [khungtaskd]
(root,0,0,00:00:00/60-14:10:13,45) [oom_reaper]
(root,0,0,00:00:00/60-14:10:13,46) [writeback]
(root,0,0,00:03:05/60-14:10:13,47) [kcompactd0]
(root,0,0,00:00:00/60-14:10:13,48) [ksmd]
(root,0,0,00:03:21/60-14:10:13,49) [khugepaged]
(root,0,0,00:00:00/60-14:10:13,75) [kintegrityd]
(root,0,0,00:00:00/60-14:10:13,76) [kblockd]
(root,0,0,00:00:00/60-14:10:13,77) [blkcg_punt_bio]
(root,0,0,00:00:00/60-14:10:13,79) [tpm_dev_wq]
(root,0,0,00:00:00/60-14:10:13,80) [edac-poller]
(root,0,0,00:00:00/60-14:10:13,81) [devfreq_wq]
(root,0,0,00:00:00/60-14:10:13,110) [watchdogd]
(root,0,0,00:00:04/60-14:10:13,111) [kswapd0]
(root,0,0,00:00:15/60-14:10:13,113) [kworker/2:1H-kblockd]
(root,0,0,00:00:00/60-14:10:11,115) [kthrotld]
(root,0,0,00:00:00/60-14:10:11,116) [mld]
(root,0,0,00:00:00/60-14:10:11,117) [ipv6_addrconf]
(root,0,0,00:00:16/60-14:10:11,118) [kworker/0:1H-kblockd]
(root,0,0,00:00:00/60-14:10:11,123) [kstrp]
(root,0,0,00:00:00/60-14:10:11,124) [zswap-shrink]
(root,0,0,00:00:00/60-14:10:11,125) [kworker/u9:0]
(root,0,0,00:00:00/60-14:10:11,130) [charger_manager]
(root,0,0,00:00:18/60-14:10:11,172) [kworker/1:1H-kblockd]
(root,0,0,00:00:26/60-14:10:11,177) [kworker/3:1H-kblockd]
(root,0,0,00:00:00/60-14:10:10,239) [kaluad]
(root,0,0,00:00:00/60-14:10:10,258) [kmpath_rdacd]
(root,0,0,00:00:00/60-14:10:10,304) [kmpathd]
(root,0,0,00:00:00/60-14:10:10,305) [kmpath_handlerd]
(root,0,0,00:00:00/60-14:10:09,342) [ata_sff]
(root,0,0,00:00:00/60-14:10:09,343) [scsi_eh_0]
(root,0,0,00:00:00/60-14:10:09,344) [scsi_tmf_0]
(root,0,0,00:00:00/60-14:10:09,345) [scsi_eh_1]
(root,0,0,00:00:00/60-14:10:09,346) [scsi_tmf_1]
(root,0,0,00:01:56/60-14:10:06,366) [jbd2/vda1-8]
(root,0,0,00:00:00/60-14:10:06,367) [ext4-rsv-conver]
(root,38604,7852,00:01:43/60-14:09:54,440) /usr/lib/systemd/systemd-journald
(root,53296,9420,00:00:06/60-14:09:53,454) /usr/lib/systemd/systemd-udevd
(root,8624,6128,00:01:33/60-14:09:51,492) /usr/sbin/haveged -w 1024 -v 0 -F
(root,13476,1588,00:00:37/60-14:09:20,511) /sbin/auditd
(messagebus,22932,5400,00:03:24/60-14:09:19,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
(root,38748,8268,00:01:55/60-14:09:19,530) /usr/lib/systemd/systemd-logind
(root,20556,4468,00:00:00/60-14:09:19,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground
(root,31704,15800,00:00:03/60-14:09:17,611) /usr/sbin/wickedd --systemd --foreground
(root,31900,16232,00:00:00/60-14:09:17,616) /usr/sbin/wickedd-nanny --systemd --foreground
(root,549384,31636,00:01:11/60-14:09:03,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd
(root,37016,25404,00:00:00/60-14:09:03,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion
(root,21172,4512,00:05:54/60-14:09:03,1337) /usr/sbin/xinetd -stayalive -dontfork
(root,2984,1796,00:00:00/60-14:09:03,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux
(syslogtunnel,40564,10436,00:00:00/60-14:09:03,1341) /usr/lib/systemd/systemd --user
(cm-ssh,40560,10636,00:00:00/60-14:09:03,1342) /usr/lib/systemd/systemd --user
(checkmk,40568,10492,00:00:00/60-14:09:03,1343) /usr/lib/systemd/systemd --user
(root,449060,8208,00:01:51/60-14:09:03,1345) /usr/sbin/rsyslogd -n -iNONE
(ntp,20660,5712,00:08:36/60-14:09:03,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf
(root,2516,656,00:00:00/60-14:09:03,1352) bpfilter_umh
(root,26204,8096,00:00:31/60-14:09:03,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups
(ntp,22048,3940,00:00:00/60-14:09:03,1359) ntpd: asynchronous dns resolver
(spot,362416,213512,3-08:29:27/60-14:09:02,1368) /usr/bin/python3.11 /usr/bin/spot
(syslogtunnel,48528,3180,00:00:00/60-14:09:02,1371) (sd-pam)
(checkmk,48528,3180,00:00:00/60-14:09:02,1372) (sd-pam)
(cm-ssh,48528,3180,00:00:00/60-14:09:02,1373) (sd-pam)
(root,24216,5260,00:00:21/60-14:09:00,1468) /usr/lib/postfix/bin//master -w
(postfix,24292,8228,00:00:04/60-14:09:00,1470) qmgr -l -t fifo -u
(root,8964,2656,00:00:08/60-14:09:00,1485) /usr/sbin/cron -n
(root,699208,78092,01:23:46/60-14:08:54,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion
(spot,235968,82040,00:31:05/60-14:08:42,1995) /usr/bin/python3.11 /usr/bin/spot
(postfix,44628,9136,00:00:02/54-19:44:17,2557) tlsmgr -l -t unix -u
(root,0,0,00:00:00/04:42,7686) [kworker/0:0]
(root,0,0,00:00:00/23:34,9258) [kworker/2:2-events]
(root,35304,10040,00:00:00/22-14:37:12,10512) sshd: syslogtunnel [priv]
(syslogtunnel,35304,5440,00:01:24/22-14:37:11,10514) sshd: syslogtunnel
(root,0,0,00:00:00/02:28:53,12806) [kworker/u8:1-ext4-rsv-conversion]
(root,0,0,00:00:01/02:06:17,13124) [kworker/3:2-events]
(root,0,0,00:00:00/01:14,14712) [kworker/3:0-ata_sff]
(root,0,0,00:00:00/01:49:17,15347) [kworker/2:0-events]
(postfix,24244,8244,00:00:00/00:41,16450) pickup -l -t fifo -u
(root,6656,3488,00:00:00/00:00,17938) /bin/bash /usr/bin/check_mk_agent
(root,13744,3384,00:00:00/00:00,17956) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000
(root,11644,964,00:00:00/00:00,17957) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) /
(root,0,0,00:00:00/32:48,17961) [kworker/u8:0-flush-253:0]
(root,0,0,00:00:00/40:12,20158) [kworker/1:1-events]
(root,0,0,00:00:00/01:06:22,24113) [kworker/0:2-events]
(root,0,0,00:00:00/16:28,25821) [kworker/1:0-events]
(root,0,0,00:00:00/01:13:31,28903) [kworker/0:1-cgroup_destroy]
(root,35308,10028,00:00:00/22-15:23:25,30945) sshd: cm-ssh [priv]
(cm-ssh,35308,5584,00:01:15/22-15:23:24,30947) sshd: cm-ssh
(root,0,0,00:00:00/06:24,31426) [kworker/3:1-ata_sff]

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff
    altname enp0s18
    altname ens18
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff
    altname enp0s19
    altname ens19
[end_iplink]
      Found on 2024-11-10 00:58

    • Severity: high
      Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe56836313c14f1e

      Found public CheckMk agent:
Version: 1.5.0p25
AgentOS: linux
Hostname: sarpedon
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
OnlyFrom: 

Found process list through CheckMk:
(root,189584,14416,00:02:49/58-14:25:56,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29
(root,0,0,00:00:01/58-14:25:56,2) [kthreadd]
(root,0,0,00:00:00/58-14:25:56,3) [rcu_gp]
(root,0,0,00:00:00/58-14:25:56,4) [rcu_par_gp]
(root,0,0,00:00:00/58-14:25:56,5) [slub_flushwq]
(root,0,0,00:00:00/58-14:25:56,7) [kworker/0:0H-events_highpri]
(root,0,0,00:00:00/58-14:25:56,9) [mm_percpu_wq]
(root,0,0,00:00:00/58-14:25:56,10) [rcu_tasks_kthre]
(root,0,0,00:00:00/58-14:25:56,11) [rcu_tasks_rude_]
(root,0,0,00:00:00/58-14:25:56,12) [rcu_tasks_trace]
(root,0,0,00:01:44/58-14:25:56,13) [ksoftirqd/0]
(root,0,0,02:43:57/58-14:25:56,14) [rcu_preempt]
(root,0,0,00:00:22/58-14:25:56,15) [migration/0]
(root,0,0,00:00:00/58-14:25:56,16) [idle_inject/0]
(root,0,0,00:00:00/58-14:25:56,18) [cpuhp/0]
(root,0,0,00:00:00/58-14:25:56,19) [cpuhp/1]
(root,0,0,00:00:00/58-14:25:56,20) [idle_inject/1]
(root,0,0,00:00:22/58-14:25:56,21) [migration/1]
(root,0,0,00:01:26/58-14:25:56,22) [ksoftirqd/1]
(root,0,0,00:00:00/58-14:25:56,24) [kworker/1:0H-events_highpri]
(root,0,0,00:00:00/58-14:25:56,25) [cpuhp/2]
(root,0,0,00:00:00/58-14:25:56,26) [idle_inject/2]
(root,0,0,00:00:16/58-14:25:56,27) [migration/2]
(root,0,0,01:44:51/58-14:25:56,28) [ksoftirqd/2]
(root,0,0,00:00:00/58-14:25:56,30) [kworker/2:0H-events_highpri]
(root,0,0,00:00:00/58-14:25:56,31) [cpuhp/3]
(root,0,0,00:00:00/58-14:25:56,32) [idle_inject/3]
(root,0,0,00:00:20/58-14:25:56,33) [migration/3]
(root,0,0,00:05:21/58-14:25:56,34) [ksoftirqd/3]
(root,0,0,00:00:00/58-14:25:56,36) [kworker/3:0H-events_highpri]
(root,0,0,00:00:00/58-14:25:56,40) [kdevtmpfs]
(root,0,0,00:00:00/58-14:25:56,41) [netns]
(root,0,0,00:00:00/58-14:25:56,42) [inet_frag_wq]
(root,0,0,00:00:20/58-14:25:56,43) [kauditd]
(root,0,0,00:00:00/58-14:25:56,44) [khungtaskd]
(root,0,0,00:00:00/58-14:25:56,45) [oom_reaper]
(root,0,0,00:00:00/58-14:25:56,46) [writeback]
(root,0,0,00:02:59/58-14:25:56,47) [kcompactd0]
(root,0,0,00:00:00/58-14:25:56,48) [ksmd]
(root,0,0,00:03:14/58-14:25:56,49) [khugepaged]
(root,0,0,00:00:00/58-14:25:56,75) [kintegrityd]
(root,0,0,00:00:00/58-14:25:56,76) [kblockd]
(root,0,0,00:00:00/58-14:25:56,77) [blkcg_punt_bio]
(root,0,0,00:00:00/58-14:25:56,79) [tpm_dev_wq]
(root,0,0,00:00:00/58-14:25:56,80) [edac-poller]
(root,0,0,00:00:00/58-14:25:56,81) [devfreq_wq]
(root,0,0,00:00:00/58-14:25:56,110) [watchdogd]
(root,0,0,00:00:04/58-14:25:56,111) [kswapd0]
(root,0,0,00:00:15/58-14:25:56,113) [kworker/2:1H-kblockd]
(root,0,0,00:00:00/58-14:25:54,115) [kthrotld]
(root,0,0,00:00:00/58-14:25:54,116) [mld]
(root,0,0,00:00:00/58-14:25:54,117) [ipv6_addrconf]
(root,0,0,00:00:16/58-14:25:54,118) [kworker/0:1H-kblockd]
(root,0,0,00:00:00/58-14:25:54,123) [kstrp]
(root,0,0,00:00:00/58-14:25:54,124) [zswap-shrink]
(root,0,0,00:00:00/58-14:25:54,125) [kworker/u9:0]
(root,0,0,00:00:00/58-14:25:54,130) [charger_manager]
(root,0,0,00:00:17/58-14:25:54,172) [kworker/1:1H-kblockd]
(root,0,0,00:00:25/58-14:25:54,177) [kworker/3:1H-kblockd]
(root,0,0,00:00:00/58-14:25:53,239) [kaluad]
(root,0,0,00:00:00/58-14:25:53,258) [kmpath_rdacd]
(root,0,0,00:00:00/58-14:25:53,304) [kmpathd]
(root,0,0,00:00:00/58-14:25:53,305) [kmpath_handlerd]
(root,0,0,00:00:00/58-14:25:52,342) [ata_sff]
(root,0,0,00:00:00/58-14:25:52,343) [scsi_eh_0]
(root,0,0,00:00:00/58-14:25:52,344) [scsi_tmf_0]
(root,0,0,00:00:00/58-14:25:52,345) [scsi_eh_1]
(root,0,0,00:00:00/58-14:25:52,346) [scsi_tmf_1]
(root,0,0,00:01:52/58-14:25:49,366) [jbd2/vda1-8]
(root,0,0,00:00:00/58-14:25:49,367) [ext4-rsv-conver]
(root,38604,7852,00:01:38/58-14:25:37,440) /usr/lib/systemd/systemd-journald
(root,53296,9420,00:00:06/58-14:25:36,454) /usr/lib/systemd/systemd-udevd
(root,8624,6128,00:01:30/58-14:25:34,492) /usr/sbin/haveged -w 1024 -v 0 -F
(root,13476,1588,00:00:35/58-14:25:03,511) /sbin/auditd
(messagebus,22932,5400,00:03:13/58-14:25:02,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
(root,38748,8256,00:01:49/58-14:25:02,530) /usr/lib/systemd/systemd-logind
(root,20556,4468,00:00:00/58-14:25:02,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground
(root,31704,15800,00:00:03/58-14:25:00,611) /usr/sbin/wickedd --systemd --foreground
(root,31900,16232,00:00:00/58-14:25:00,616) /usr/sbin/wickedd-nanny --systemd --foreground
(root,549128,31272,00:01:09/58-14:24:46,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd
(root,37016,25404,00:00:00/58-14:24:46,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion
(root,21172,4512,00:05:44/58-14:24:46,1337) /usr/sbin/xinetd -stayalive -dontfork
(root,2984,1796,00:00:00/58-14:24:46,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux
(syslogtunnel,40564,10436,00:00:00/58-14:24:46,1341) /usr/lib/systemd/systemd --user
(cm-ssh,40560,10636,00:00:00/58-14:24:46,1342) /usr/lib/systemd/systemd --user
(checkmk,40568,10492,00:00:00/58-14:24:46,1343) /usr/lib/systemd/systemd --user
(root,449060,8312,00:01:47/58-14:24:46,1345) /usr/sbin/rsyslogd -n -iNONE
(ntp,20660,5712,00:08:21/58-14:24:46,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf
(root,2516,656,00:00:00/58-14:24:46,1352) bpfilter_umh
(root,26204,8096,00:00:30/58-14:24:46,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups
(ntp,22048,3940,00:00:00/58-14:24:46,1359) ntpd: asynchronous dns resolver
(spot,363680,214596,3-05:26:59/58-14:24:45,1368) /usr/bin/python3.11 /usr/bin/spot
(syslogtunnel,48528,3180,00:00:00/58-14:24:45,1371) (sd-pam)
(checkmk,48528,3180,00:00:00/58-14:24:45,1372) (sd-pam)
(cm-ssh,48528,3180,00:00:00/58-14:24:45,1373) (sd-pam)
(root,24216,5260,00:00:20/58-14:24:43,1468) /usr/lib/postfix/bin//master -w
(postfix,24292,8228,00:00:04/58-14:24:43,1470) qmgr -l -t fifo -u
(root,8964,2656,00:00:08/58-14:24:43,1485) /usr/sbin/cron -n
(root,698952,79684,01:21:03/58-14:24:37,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion
(spot,234944,80364,00:30:17/58-14:24:25,1995) /usr/bin/python3.11 /usr/bin/spot
(postfix,44628,9136,00:00:02/52-20:00:00,2557) tlsmgr -l -t unix -u
(root,0,0,00:00:00/07:06,3048) [kworker/2:2-events]
(root,6656,3488,00:00:00/00:00,8869) /bin/bash /usr/bin/check_mk_agent
(root,13744,3436,00:00:00/00:00,8887) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000
(root,11644,952,00:00:00/00:00,8888) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) /
(root,35304,10040,00:00:00/20-14:52:55,10512) sshd: syslogtunnel [priv]
(syslogtunnel,35304,5440,00:01:17/20-14:52:54,10514) sshd: syslogtunnel
(postfix,24244,8144,00:00:00/38:14,12925) pickup -l -t fifo -u
(root,0,0,00:00:00/43:26,18745) [kworker/0:1-events]
(root,0,0,00:00:00/36:33,19023) [kworker/1:0-events]
(root,0,0,00:00:00/23:31,19227) [kworker/3:1-events]
(root,0,0,00:00:00/02:47,20983) [kworker/3:0-ata_sff]
(root,0,0,00:00:00/57:17,21124) [kworker/2:1-events]
(root,0,0,00:00:00/09:35,25238) [kworker/u8:2-flush-253:0]
(root,0,0,00:00:01/03:27:54,26097) [kworker/0:2-cgroup_destroy]
(root,0,0,00:00:00/18:05,28268) [kworker/1:1-events]
(root,0,0,00:00:00/17:57,28459) [kworker/u8:1-flush-253:0]
(root,0,0,00:00:00/01:23,29635) [kworker/0:0-events]
(root,35308,10028,00:00:00/20-15:39:08,30945) sshd: cm-ssh [priv]
(cm-ssh,35308,5584,00:01:09/20-15:39:07,30947) sshd: cm-ssh
(root,0,0,00:00:00/07:58,31754) [kworker/3:2-ata_sff]

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff
    altname enp0s18
    altname ens18
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff
    altname enp0s19
    altname ens19
[end_iplink]
      Found on 2024-11-08 01:14

    • Severity: high
      Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363e63fd061

      Found public CheckMk agent:
Version: 1.5.0p25
AgentOS: linux
Hostname: sarpedon
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
OnlyFrom: 

Found process list through CheckMk:
(root,189584,12392,00:02:39/56-13:57:16,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29
(root,0,0,00:00:01/56-13:57:16,2) [kthreadd]
(root,0,0,00:00:00/56-13:57:16,3) [rcu_gp]
(root,0,0,00:00:00/56-13:57:16,4) [rcu_par_gp]
(root,0,0,00:00:00/56-13:57:16,5) [slub_flushwq]
(root,0,0,00:00:00/56-13:57:16,7) [kworker/0:0H-events_highpri]
(root,0,0,00:00:00/56-13:57:16,9) [mm_percpu_wq]
(root,0,0,00:00:00/56-13:57:16,10) [rcu_tasks_kthre]
(root,0,0,00:00:00/56-13:57:16,11) [rcu_tasks_rude_]
(root,0,0,00:00:00/56-13:57:16,12) [rcu_tasks_trace]
(root,0,0,00:01:41/56-13:57:16,13) [ksoftirqd/0]
(root,0,0,02:38:34/56-13:57:16,14) [rcu_preempt]
(root,0,0,00:00:21/56-13:57:16,15) [migration/0]
(root,0,0,00:00:00/56-13:57:16,16) [idle_inject/0]
(root,0,0,00:00:00/56-13:57:16,18) [cpuhp/0]
(root,0,0,00:00:00/56-13:57:16,19) [cpuhp/1]
(root,0,0,00:00:00/56-13:57:16,20) [idle_inject/1]
(root,0,0,00:00:21/56-13:57:16,21) [migration/1]
(root,0,0,00:01:23/56-13:57:16,22) [ksoftirqd/1]
(root,0,0,00:00:00/56-13:57:16,24) [kworker/1:0H-events_highpri]
(root,0,0,00:00:00/56-13:57:16,25) [cpuhp/2]
(root,0,0,00:00:00/56-13:57:16,26) [idle_inject/2]
(root,0,0,00:00:16/56-13:57:16,27) [migration/2]
(root,0,0,01:40:23/56-13:57:16,28) [ksoftirqd/2]
(root,0,0,00:00:00/56-13:57:16,30) [kworker/2:0H-events_highpri]
(root,0,0,00:00:00/56-13:57:16,31) [cpuhp/3]
(root,0,0,00:00:00/56-13:57:16,32) [idle_inject/3]
(root,0,0,00:00:20/56-13:57:16,33) [migration/3]
(root,0,0,00:05:09/56-13:57:16,34) [ksoftirqd/3]
(root,0,0,00:00:00/56-13:57:16,36) [kworker/3:0H-events_highpri]
(root,0,0,00:00:00/56-13:57:16,40) [kdevtmpfs]
(root,0,0,00:00:00/56-13:57:16,41) [netns]
(root,0,0,00:00:00/56-13:57:16,42) [inet_frag_wq]
(root,0,0,00:00:19/56-13:57:16,43) [kauditd]
(root,0,0,00:00:00/56-13:57:16,44) [khungtaskd]
(root,0,0,00:00:00/56-13:57:16,45) [oom_reaper]
(root,0,0,00:00:00/56-13:57:16,46) [writeback]
(root,0,0,00:02:53/56-13:57:16,47) [kcompactd0]
(root,0,0,00:00:00/56-13:57:16,48) [ksmd]
(root,0,0,00:03:08/56-13:57:16,49) [khugepaged]
(root,0,0,00:00:00/56-13:57:16,75) [kintegrityd]
(root,0,0,00:00:00/56-13:57:16,76) [kblockd]
(root,0,0,00:00:00/56-13:57:16,77) [blkcg_punt_bio]
(root,0,0,00:00:00/56-13:57:16,79) [tpm_dev_wq]
(root,0,0,00:00:00/56-13:57:16,80) [edac-poller]
(root,0,0,00:00:00/56-13:57:16,81) [devfreq_wq]
(root,0,0,00:00:00/56-13:57:16,110) [watchdogd]
(root,0,0,00:00:04/56-13:57:16,111) [kswapd0]
(root,0,0,00:00:14/56-13:57:16,113) [kworker/2:1H-kblockd]
(root,0,0,00:00:00/56-13:57:14,115) [kthrotld]
(root,0,0,00:00:00/56-13:57:14,116) [mld]
(root,0,0,00:00:00/56-13:57:14,117) [ipv6_addrconf]
(root,0,0,00:00:15/56-13:57:14,118) [kworker/0:1H-kblockd]
(root,0,0,00:00:00/56-13:57:14,123) [kstrp]
(root,0,0,00:00:00/56-13:57:14,124) [zswap-shrink]
(root,0,0,00:00:00/56-13:57:14,125) [kworker/u9:0]
(root,0,0,00:00:00/56-13:57:14,130) [charger_manager]
(root,0,0,00:00:17/56-13:57:14,172) [kworker/1:1H-kblockd]
(root,0,0,00:00:25/56-13:57:14,177) [kworker/3:1H-kblockd]
(root,0,0,00:00:00/56-13:57:13,239) [kaluad]
(root,0,0,00:00:00/56-13:57:13,258) [kmpath_rdacd]
(root,0,0,00:00:00/56-13:57:13,304) [kmpathd]
(root,0,0,00:00:00/56-13:57:13,305) [kmpath_handlerd]
(root,0,0,00:00:00/56-13:57:12,342) [ata_sff]
(root,0,0,00:00:00/56-13:57:12,343) [scsi_eh_0]
(root,0,0,00:00:00/56-13:57:12,344) [scsi_tmf_0]
(root,0,0,00:00:00/56-13:57:12,345) [scsi_eh_1]
(root,0,0,00:00:00/56-13:57:12,346) [scsi_tmf_1]
(root,0,0,00:01:49/56-13:57:09,366) [jbd2/vda1-8]
(root,0,0,00:00:00/56-13:57:09,367) [ext4-rsv-conver]
(root,38604,7852,00:01:33/56-13:56:57,440) /usr/lib/systemd/systemd-journald
(root,53296,9420,00:00:06/56-13:56:56,454) /usr/lib/systemd/systemd-udevd
(root,8624,6128,00:01:27/56-13:56:54,492) /usr/sbin/haveged -w 1024 -v 0 -F
(root,13476,1588,00:00:32/56-13:56:23,511) /sbin/auditd
(messagebus,22932,5400,00:03:00/56-13:56:22,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
(root,38748,8256,00:01:42/56-13:56:22,530) /usr/lib/systemd/systemd-logind
(root,20556,4468,00:00:00/56-13:56:22,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground
(root,31704,15800,00:00:03/56-13:56:20,611) /usr/sbin/wickedd --systemd --foreground
(root,31900,16232,00:00:00/56-13:56:20,616) /usr/sbin/wickedd-nanny --systemd --foreground
(root,549128,31272,00:01:07/56-13:56:06,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd
(root,37016,25404,00:00:00/56-13:56:06,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion
(root,21172,4512,00:05:35/56-13:56:06,1337) /usr/sbin/xinetd -stayalive -dontfork
(root,2984,1796,00:00:00/56-13:56:06,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux
(syslogtunnel,40564,10436,00:00:00/56-13:56:06,1341) /usr/lib/systemd/systemd --user
(cm-ssh,40560,10636,00:00:00/56-13:56:06,1342) /usr/lib/systemd/systemd --user
(checkmk,40568,10492,00:00:00/56-13:56:06,1343) /usr/lib/systemd/systemd --user
(root,449060,8312,00:01:42/56-13:56:06,1345) /usr/sbin/rsyslogd -n -iNONE
(ntp,20660,5712,00:08:04/56-13:56:06,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf
(root,2516,656,00:00:00/56-13:56:06,1352) bpfilter_umh
(root,26204,8096,00:00:28/56-13:56:06,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups
(ntp,22048,3940,00:00:00/56-13:56:06,1359) ntpd: asynchronous dns resolver
(spot,364848,215656,3-02:29:59/56-13:56:05,1368) /usr/bin/python3.11 /usr/bin/spot
(syslogtunnel,48528,3180,00:00:00/56-13:56:05,1371) (sd-pam)
(checkmk,48528,3180,00:00:00/56-13:56:05,1372) (sd-pam)
(cm-ssh,48528,3180,00:00:00/56-13:56:05,1373) (sd-pam)
(root,24216,5260,00:00:20/56-13:56:03,1468) /usr/lib/postfix/bin//master -w
(postfix,24292,8228,00:00:03/56-13:56:03,1470) qmgr -l -t fifo -u
(root,8964,2656,00:00:07/56-13:56:03,1485) /usr/sbin/cron -n
(root,698412,77180,01:18:15/56-13:55:57,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion
(spot,233920,79172,00:29:30/56-13:55:45,1995) /usr/bin/python3.11 /usr/bin/spot
(postfix,44628,9136,00:00:02/50-19:31:20,2557) tlsmgr -l -t unix -u
(root,0,0,00:00:00/05:13,4585) [kworker/1:1-events]
(root,0,0,00:00:00/44:27,6586) [kworker/1:2-events]
(root,0,0,00:00:00/20:02,9914) [kworker/2:0-mm_percpu_wq]
(root,35304,10040,00:00:00/18-14:24:15,10512) sshd: syslogtunnel [priv]
(syslogtunnel,35304,5440,00:01:09/18-14:24:14,10514) sshd: syslogtunnel
(root,0,0,00:00:00/42:15,11848) [kworker/0:2-events]
(root,0,0,00:00:00/03:05,15438) [kworker/3:1-ata_sff]
(postfix,24244,8236,00:00:00/31:26,15810) pickup -l -t fifo -u
(root,0,0,00:00:00/30:29,20853) [kworker/u8:0-ext4-rsv-conversion]
(root,0,0,00:00:00/30:28,21031) [kworker/2:1-events]
(root,0,0,00:00:00/10:54,21048) [kworker/u8:1-writeback]
(root,0,0,00:00:00/08:17,28016) [kworker/3:2-ata_sff]
(root,0,0,00:00:00/07:17,29432) [kworker/0:1-cgroup_destroy]
(root,0,0,00:00:00/29:01,29448) [kworker/3:0-events]
(root,35308,10028,00:00:00/18-15:10:28,30945) sshd: cm-ssh [priv]
(cm-ssh,35308,5584,00:01:03/18-15:10:27,30947) sshd: cm-ssh
(root,6656,3488,00:00:00/00:00,31397) /bin/bash /usr/bin/check_mk_agent
(root,13744,3500,00:00:00/00:00,31415) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000
(root,11644,964,00:00:00/00:00,31416) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) /

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff
    altname enp0s18
    altname ens18
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff
    altname enp0s19
    altname ens19
[end_iplink]
      Found on 2024-11-06 00:45

    • Severity: high
      Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363b8a5e6c2

      Found public CheckMk agent:
Version: 1.5.0p25
AgentOS: linux
Hostname: sarpedon
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
OnlyFrom: 

Found process list through CheckMk:
(root,189584,12392,00:02:30/52-15:54:45,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29
(root,0,0,00:00:01/52-15:54:45,2) [kthreadd]
(root,0,0,00:00:00/52-15:54:45,3) [rcu_gp]
(root,0,0,00:00:00/52-15:54:45,4) [rcu_par_gp]
(root,0,0,00:00:00/52-15:54:45,5) [slub_flushwq]
(root,0,0,00:00:00/52-15:54:45,7) [kworker/0:0H-events_highpri]
(root,0,0,00:00:00/52-15:54:45,9) [mm_percpu_wq]
(root,0,0,00:00:00/52-15:54:45,10) [rcu_tasks_kthre]
(root,0,0,00:00:00/52-15:54:45,11) [rcu_tasks_rude_]
(root,0,0,00:00:00/52-15:54:45,12) [rcu_tasks_trace]
(root,0,0,00:01:34/52-15:54:45,13) [ksoftirqd/0]
(root,0,0,02:28:35/52-15:54:45,14) [rcu_preempt]
(root,0,0,00:00:20/52-15:54:45,15) [migration/0]
(root,0,0,00:00:00/52-15:54:45,16) [idle_inject/0]
(root,0,0,00:00:00/52-15:54:45,18) [cpuhp/0]
(root,0,0,00:00:00/52-15:54:45,19) [cpuhp/1]
(root,0,0,00:00:00/52-15:54:45,20) [idle_inject/1]
(root,0,0,00:00:20/52-15:54:45,21) [migration/1]
(root,0,0,00:01:17/52-15:54:45,22) [ksoftirqd/1]
(root,0,0,00:00:00/52-15:54:45,24) [kworker/1:0H-events_highpri]
(root,0,0,00:00:00/52-15:54:45,25) [cpuhp/2]
(root,0,0,00:00:00/52-15:54:45,26) [idle_inject/2]
(root,0,0,00:00:15/52-15:54:45,27) [migration/2]
(root,0,0,01:33:48/52-15:54:45,28) [ksoftirqd/2]
(root,0,0,00:00:00/52-15:54:45,30) [kworker/2:0H-events_highpri]
(root,0,0,00:00:00/52-15:54:45,31) [cpuhp/3]
(root,0,0,00:00:00/52-15:54:45,32) [idle_inject/3]
(root,0,0,00:00:18/52-15:54:45,33) [migration/3]
(root,0,0,00:04:51/52-15:54:45,34) [ksoftirqd/3]
(root,0,0,00:00:00/52-15:54:45,36) [kworker/3:0H-events_highpri]
(root,0,0,00:00:00/52-15:54:45,40) [kdevtmpfs]
(root,0,0,00:00:00/52-15:54:45,41) [netns]
(root,0,0,00:00:00/52-15:54:45,42) [inet_frag_wq]
(root,0,0,00:00:18/52-15:54:45,43) [kauditd]
(root,0,0,00:00:00/52-15:54:45,44) [khungtaskd]
(root,0,0,00:00:00/52-15:54:45,45) [oom_reaper]
(root,0,0,00:00:00/52-15:54:45,46) [writeback]
(root,0,0,00:02:42/52-15:54:45,47) [kcompactd0]
(root,0,0,00:00:00/52-15:54:45,48) [ksmd]
(root,0,0,00:02:55/52-15:54:45,49) [khugepaged]
(root,0,0,00:00:00/52-15:54:45,75) [kintegrityd]
(root,0,0,00:00:00/52-15:54:45,76) [kblockd]
(root,0,0,00:00:00/52-15:54:45,77) [blkcg_punt_bio]
(root,0,0,00:00:00/52-15:54:45,79) [tpm_dev_wq]
(root,0,0,00:00:00/52-15:54:45,80) [edac-poller]
(root,0,0,00:00:00/52-15:54:45,81) [devfreq_wq]
(root,0,0,00:00:00/52-15:54:45,110) [watchdogd]
(root,0,0,00:00:04/52-15:54:45,111) [kswapd0]
(root,0,0,00:00:13/52-15:54:45,113) [kworker/2:1H-kblockd]
(root,0,0,00:00:00/52-15:54:43,115) [kthrotld]
(root,0,0,00:00:00/52-15:54:43,116) [mld]
(root,0,0,00:00:00/52-15:54:43,117) [ipv6_addrconf]
(root,0,0,00:00:14/52-15:54:43,118) [kworker/0:1H-kblockd]
(root,0,0,00:00:00/52-15:54:43,123) [kstrp]
(root,0,0,00:00:00/52-15:54:43,124) [zswap-shrink]
(root,0,0,00:00:00/52-15:54:43,125) [kworker/u9:0]
(root,0,0,00:00:00/52-15:54:43,130) [charger_manager]
(root,0,0,00:00:16/52-15:54:43,172) [kworker/1:1H-kblockd]
(root,0,0,00:00:23/52-15:54:43,177) [kworker/3:1H-kblockd]
(root,0,0,00:00:00/52-15:54:42,239) [kaluad]
(root,0,0,00:00:00/52-15:54:42,258) [kmpath_rdacd]
(root,0,0,00:00:00/52-15:54:42,304) [kmpathd]
(root,0,0,00:00:00/52-15:54:42,305) [kmpath_handlerd]
(root,0,0,00:00:00/52-15:54:41,342) [ata_sff]
(root,0,0,00:00:00/52-15:54:41,343) [scsi_eh_0]
(root,0,0,00:00:00/52-15:54:41,344) [scsi_tmf_0]
(root,0,0,00:00:00/52-15:54:41,345) [scsi_eh_1]
(root,0,0,00:00:00/52-15:54:41,346) [scsi_tmf_1]
(root,0,0,00:01:43/52-15:54:38,366) [jbd2/vda1-8]
(root,0,0,00:00:00/52-15:54:38,367) [ext4-rsv-conver]
(root,38604,7852,00:01:27/52-15:54:26,440) /usr/lib/systemd/systemd-journald
(root,53296,9420,00:00:06/52-15:54:25,454) /usr/lib/systemd/systemd-udevd
(root,8624,6128,00:01:22/52-15:54:23,492) /usr/sbin/haveged -w 1024 -v 0 -F
(root,13476,1588,00:00:30/52-15:53:52,511) /sbin/auditd
(messagebus,22932,5400,00:02:49/52-15:53:51,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
(root,38748,8256,00:01:36/52-15:53:51,530) /usr/lib/systemd/systemd-logind
(root,20556,4468,00:00:00/52-15:53:51,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground
(root,31704,15800,00:00:03/52-15:53:49,611) /usr/sbin/wickedd --systemd --foreground
(root,31900,16232,00:00:00/52-15:53:49,616) /usr/sbin/wickedd-nanny --systemd --foreground
(root,549128,31272,00:01:02/52-15:53:35,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd
(root,37016,25404,00:00:00/52-15:53:35,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion
(root,21172,4512,00:05:13/52-15:53:35,1337) /usr/sbin/xinetd -stayalive -dontfork
(root,2984,1796,00:00:00/52-15:53:35,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux
(syslogtunnel,40564,10436,00:00:00/52-15:53:35,1341) /usr/lib/systemd/systemd --user
(cm-ssh,40560,10636,00:00:00/52-15:53:35,1342) /usr/lib/systemd/systemd --user
(checkmk,40568,10492,00:00:00/52-15:53:35,1343) /usr/lib/systemd/systemd --user
(root,449060,8312,00:01:37/52-15:53:35,1345) /usr/sbin/rsyslogd -n -iNONE
(ntp,20660,5712,00:07:33/52-15:53:35,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf
(root,2516,656,00:00:00/52-15:53:35,1352) bpfilter_umh
(root,26204,8096,00:00:26/52-15:53:35,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups
(ntp,22048,3940,00:00:00/52-15:53:35,1359) ntpd: asynchronous dns resolver
(spot,364848,215204,2-21:22:54/52-15:53:34,1368) /usr/bin/python3.11 /usr/bin/spot
(syslogtunnel,48528,3180,00:00:00/52-15:53:34,1371) (sd-pam)
(checkmk,48528,3180,00:00:00/52-15:53:34,1372) (sd-pam)
(cm-ssh,48528,3180,00:00:00/52-15:53:34,1373) (sd-pam)
(root,24216,5260,00:00:18/52-15:53:32,1468) /usr/lib/postfix/bin//master -w
(postfix,24292,8228,00:00:03/52-15:53:32,1470) qmgr -l -t fifo -u
(root,8964,2656,00:00:07/52-15:53:32,1485) /usr/sbin/cron -n
(root,698412,76580,01:12:59/52-15:53:26,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion
(spot,231872,76564,00:28:02/52-15:53:14,1995) /usr/bin/python3.11 /usr/bin/spot
(root,0,0,00:00:00/11:51,2522) [kworker/2:0]
(postfix,44628,9160,00:00:01/46-21:28:49,2557) tlsmgr -l -t unix -u
(root,0,0,00:00:00/28:24,3702) [kworker/u8:1]
(root,0,0,00:00:00/38:42,4023) [kworker/1:1-events]
(root,0,0,00:00:00/05:07,5804) [kworker/u8:0]
(root,35304,10040,00:00:00/14-16:21:44,10512) sshd: syslogtunnel [priv]
(syslogtunnel,35304,5440,00:00:55/14-16:21:43,10514) sshd: syslogtunnel
(root,0,0,00:00:00/04:03,11388) [kworker/3:1-ata_sff]
(root,0,0,00:00:00/09:13,17783) [kworker/3:0-ata_sff]
(root,0,0,00:00:00/55:15,19117) [kworker/0:2-cgroup_destroy]
(postfix,24244,8240,00:00:00/01:31:48,20593) pickup -l -t fifo -u
(root,0,0,00:00:00/36:01,21080) [kworker/u8:2-flush-253:0]
(root,0,0,00:00:00/00:56,21317) [kworker/1:0]
(root,0,0,00:00:04/02:24:07,22310) [kworker/3:2-events]
(root,0,0,00:00:00/01:20:48,28950) [kworker/0:0-events]
(root,6656,3512,00:00:00/00:00,30397) /bin/bash /usr/bin/check_mk_agent
(root,6656,3488,00:00:00/00:00,30491) /bin/bash /usr/bin/check_mk_agent
(root,13744,3416,00:00:00/00:00,30516) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000
(root,11644,964,00:00:00/00:00,30517) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) /
(root,0,0,00:00:00/01:00:42,30609) [kworker/1:2-cgroup_destroy]
(root,35308,10028,00:00:00/14-17:07:57,30945) sshd: cm-ssh [priv]
(cm-ssh,35308,5584,00:00:50/14-17:07:56,30947) sshd: cm-ssh
(root,0,0,00:00:01/02:09:52,31163) [kworker/2:1-events]

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff
    altname enp0s18
    altname ens18
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff
    altname enp0s19
    altname ens19
[end_iplink]
      Found on 2024-11-02 02:43

    • Severity: high
      Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe56836336a462cb

      Found public CheckMk agent:
Version: 1.5.0p25
AgentOS: linux
Hostname: sarpedon
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
OnlyFrom: 

Found process list through CheckMk:
(root,189584,12464,00:02:18/47-12:30:52,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29
(root,0,0,00:00:01/47-12:30:52,2) [kthreadd]
(root,0,0,00:00:00/47-12:30:52,3) [rcu_gp]
(root,0,0,00:00:00/47-12:30:52,4) [rcu_par_gp]
(root,0,0,00:00:00/47-12:30:52,5) [slub_flushwq]
(root,0,0,00:00:00/47-12:30:52,7) [kworker/0:0H-events_highpri]
(root,0,0,00:00:00/47-12:30:52,9) [mm_percpu_wq]
(root,0,0,00:00:00/47-12:30:52,10) [rcu_tasks_kthre]
(root,0,0,00:00:00/47-12:30:52,11) [rcu_tasks_rude_]
(root,0,0,00:00:00/47-12:30:52,12) [rcu_tasks_trace]
(root,0,0,00:01:26/47-12:30:52,13) [ksoftirqd/0]
(root,0,0,02:15:44/47-12:30:52,14) [rcu_preempt]
(root,0,0,00:00:18/47-12:30:52,15) [migration/0]
(root,0,0,00:00:00/47-12:30:52,16) [idle_inject/0]
(root,0,0,00:00:00/47-12:30:52,18) [cpuhp/0]
(root,0,0,00:00:00/47-12:30:52,19) [cpuhp/1]
(root,0,0,00:00:00/47-12:30:52,20) [idle_inject/1]
(root,0,0,00:00:18/47-12:30:52,21) [migration/1]
(root,0,0,00:01:10/47-12:30:52,22) [ksoftirqd/1]
(root,0,0,00:00:00/47-12:30:52,24) [kworker/1:0H-events_highpri]
(root,0,0,00:00:00/47-12:30:52,25) [cpuhp/2]
(root,0,0,00:00:00/47-12:30:52,26) [idle_inject/2]
(root,0,0,00:00:13/47-12:30:52,27) [migration/2]
(root,0,0,01:27:36/47-12:30:52,28) [ksoftirqd/2]
(root,0,0,00:00:00/47-12:30:52,30) [kworker/2:0H-events_highpri]
(root,0,0,00:00:00/47-12:30:52,31) [cpuhp/3]
(root,0,0,00:00:00/47-12:30:52,32) [idle_inject/3]
(root,0,0,00:00:17/47-12:30:52,33) [migration/3]
(root,0,0,00:04:30/47-12:30:52,34) [ksoftirqd/3]
(root,0,0,00:00:00/47-12:30:52,36) [kworker/3:0H-events_highpri]
(root,0,0,00:00:00/47-12:30:52,40) [kdevtmpfs]
(root,0,0,00:00:00/47-12:30:52,41) [netns]
(root,0,0,00:00:00/47-12:30:52,42) [inet_frag_wq]
(root,0,0,00:00:16/47-12:30:52,43) [kauditd]
(root,0,0,00:00:00/47-12:30:52,44) [khungtaskd]
(root,0,0,00:00:00/47-12:30:52,45) [oom_reaper]
(root,0,0,00:00:00/47-12:30:52,46) [writeback]
(root,0,0,00:02:28/47-12:30:52,47) [kcompactd0]
(root,0,0,00:00:00/47-12:30:52,48) [ksmd]
(root,0,0,00:02:37/47-12:30:52,49) [khugepaged]
(root,0,0,00:00:00/47-12:30:52,75) [kintegrityd]
(root,0,0,00:00:00/47-12:30:52,76) [kblockd]
(root,0,0,00:00:00/47-12:30:52,77) [blkcg_punt_bio]
(root,0,0,00:00:00/47-12:30:52,79) [tpm_dev_wq]
(root,0,0,00:00:00/47-12:30:52,80) [edac-poller]
(root,0,0,00:00:00/47-12:30:52,81) [devfreq_wq]
(root,0,0,00:00:00/47-12:30:52,110) [watchdogd]
(root,0,0,00:00:03/47-12:30:52,111) [kswapd0]
(root,0,0,00:00:12/47-12:30:52,113) [kworker/2:1H-kblockd]
(root,0,0,00:00:00/47-12:30:50,115) [kthrotld]
(root,0,0,00:00:00/47-12:30:50,116) [mld]
(root,0,0,00:00:00/47-12:30:50,117) [ipv6_addrconf]
(root,0,0,00:00:13/47-12:30:50,118) [kworker/0:1H-kblockd]
(root,0,0,00:00:00/47-12:30:50,123) [kstrp]
(root,0,0,00:00:00/47-12:30:50,124) [zswap-shrink]
(root,0,0,00:00:00/47-12:30:50,125) [kworker/u9:0]
(root,0,0,00:00:00/47-12:30:50,130) [charger_manager]
(root,0,0,00:00:14/47-12:30:50,172) [kworker/1:1H-kblockd]
(root,0,0,00:00:21/47-12:30:50,177) [kworker/3:1H-kblockd]
(root,0,0,00:00:00/47-12:30:49,239) [kaluad]
(root,0,0,00:00:00/47-12:30:49,258) [kmpath_rdacd]
(root,0,0,00:00:00/47-12:30:49,304) [kmpathd]
(root,0,0,00:00:00/47-12:30:49,305) [kmpath_handlerd]
(root,0,0,00:00:00/47-12:30:48,342) [ata_sff]
(root,0,0,00:00:00/47-12:30:48,343) [scsi_eh_0]
(root,0,0,00:00:00/47-12:30:48,344) [scsi_tmf_0]
(root,0,0,00:00:00/47-12:30:48,345) [scsi_eh_1]
(root,0,0,00:00:00/47-12:30:48,346) [scsi_tmf_1]
(root,0,0,00:01:34/47-12:30:45,366) [jbd2/vda1-8]
(root,0,0,00:00:00/47-12:30:45,367) [ext4-rsv-conver]
(root,38604,7856,00:01:20/47-12:30:33,440) /usr/lib/systemd/systemd-journald
(root,53296,9444,00:00:05/47-12:30:32,454) /usr/lib/systemd/systemd-udevd
(root,8624,6132,00:01:14/47-12:30:30,492) /usr/sbin/haveged -w 1024 -v 0 -F
(root,13476,1588,00:00:28/47-12:29:59,511) /sbin/auditd
(messagebus,22932,5408,00:02:36/47-12:29:58,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
(root,38748,8252,00:01:28/47-12:29:58,530) /usr/lib/systemd/systemd-logind
(root,20556,4508,00:00:00/47-12:29:58,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground
(root,31704,15832,00:00:03/47-12:29:56,611) /usr/sbin/wickedd --systemd --foreground
(root,31900,16268,00:00:00/47-12:29:56,616) /usr/sbin/wickedd-nanny --systemd --foreground
(root,548872,30852,00:00:56/47-12:29:42,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd
(root,37016,25672,00:00:00/47-12:29:42,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion
(root,21172,4512,00:04:43/47-12:29:42,1337) /usr/sbin/xinetd -stayalive -dontfork
(root,2984,1796,00:00:00/47-12:29:42,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux
(syslogtunnel,40564,10436,00:00:00/47-12:29:42,1341) /usr/lib/systemd/systemd --user
(cm-ssh,40560,10636,00:00:00/47-12:29:42,1342) /usr/lib/systemd/systemd --user
(checkmk,40568,10492,00:00:00/47-12:29:42,1343) /usr/lib/systemd/systemd --user
(root,449060,8312,00:01:30/47-12:29:42,1345) /usr/sbin/rsyslogd -n -iNONE
(ntp,20660,5716,00:06:52/47-12:29:42,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf
(root,2516,656,00:00:00/47-12:29:42,1352) bpfilter_umh
(root,26204,8096,00:00:24/47-12:29:42,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups
(ntp,22048,3944,00:00:00/47-12:29:42,1359) ntpd: asynchronous dns resolver
(spot,361520,212104,2-16:38:47/47-12:29:41,1368) /usr/bin/python3.11 /usr/bin/spot
(syslogtunnel,48528,3180,00:00:00/47-12:29:41,1371) (sd-pam)
(checkmk,48528,3180,00:00:00/47-12:29:41,1372) (sd-pam)
(cm-ssh,48528,3180,00:00:00/47-12:29:41,1373) (sd-pam)
(root,24216,5260,00:00:16/47-12:29:39,1468) /usr/lib/postfix/bin//master -w
(postfix,24292,8228,00:00:03/47-12:29:39,1470) qmgr -l -t fifo -u
(root,8964,2656,00:00:06/47-12:29:39,1485) /usr/sbin/cron -n
(root,697508,79208,01:06:04/47-12:29:33,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion
(spot,229824,73032,00:25:44/47-12:29:21,1995) /usr/bin/python3.11 /usr/bin/spot
(postfix,44628,9184,00:00:01/41-18:04:56,2557) tlsmgr -l -t unix -u
(root,0,0,00:00:00/04:35,4674) [kworker/2:2-events]
(root,0,0,00:00:00/03:48,6320) [kworker/3:2-ata_sff]
(root,35304,10040,00:00:00/9-12:57:51,10512) sshd: syslogtunnel [priv]
(syslogtunnel,35304,5440,00:00:37/9-12:57:50,10514) sshd: syslogtunnel
(root,0,0,00:00:01/01:47:34,11812) [kworker/3:0-events]
(root,0,0,00:00:00/18:28,14111) [kworker/0:1-cgroup_destroy]
(root,0,0,00:00:00/02:58:43,15451) [kworker/1:1-events]
(root,0,0,00:00:00/02:48:52,15985) [kworker/2:1-events]
(root,0,0,00:00:00/02:24:09,18521) [kworker/1:0]
(root,0,0,00:00:00/49:33,18614) [kworker/u8:1-writeback]
(root,6656,3488,00:00:00/00:00,18731) /bin/bash /usr/bin/check_mk_agent
(root,13744,3384,00:00:00/00:00,18749) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000
(root,11644,952,00:00:00/00:00,18750) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) /
(root,0,0,00:00:00/17:52,21827) [kworker/u8:0-events_unbound]
(root,0,0,00:00:00/09:01,22252) [kworker/3:1-ata_sff]
(root,0,0,00:00:01/06:41:11,29068) [kworker/0:0-events]
(root,35308,10028,00:00:00/9-13:44:04,30945) sshd: cm-ssh [priv]
(cm-ssh,35308,5584,00:00:34/9-13:44:03,30947) sshd: cm-ssh
(root,0,0,00:00:00/14:58,31645) [kworker/2:0-cgroup_destroy]
(postfix,24244,8200,00:00:00/01:31:49,32130) pickup -l -t fifo -u

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff
    altname enp0s18
    altname ens18
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff
    altname enp0s19
    altname ens19
[end_iplink]
      Found on 2024-10-27 23:19

    • Severity: high
      Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe56836354d11318

      Found public CheckMk agent:
Version: 1.5.0p25
AgentOS: linux
Hostname: sarpedon
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
OnlyFrom: 

Found process list through CheckMk:
(root,189584,12432,00:02:13/45-10:23:10,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29
(root,0,0,00:00:01/45-10:23:10,2) [kthreadd]
(root,0,0,00:00:00/45-10:23:10,3) [rcu_gp]
(root,0,0,00:00:00/45-10:23:10,4) [rcu_par_gp]
(root,0,0,00:00:00/45-10:23:10,5) [slub_flushwq]
(root,0,0,00:00:00/45-10:23:10,7) [kworker/0:0H-events_highpri]
(root,0,0,00:00:00/45-10:23:10,9) [mm_percpu_wq]
(root,0,0,00:00:00/45-10:23:10,10) [rcu_tasks_kthre]
(root,0,0,00:00:00/45-10:23:10,11) [rcu_tasks_rude_]
(root,0,0,00:00:00/45-10:23:10,12) [rcu_tasks_trace]
(root,0,0,00:01:23/45-10:23:10,13) [ksoftirqd/0]
(root,0,0,02:10:18/45-10:23:10,14) [rcu_preempt]
(root,0,0,00:00:17/45-10:23:10,15) [migration/0]
(root,0,0,00:00:00/45-10:23:10,16) [idle_inject/0]
(root,0,0,00:00:00/45-10:23:10,18) [cpuhp/0]
(root,0,0,00:00:00/45-10:23:10,19) [cpuhp/1]
(root,0,0,00:00:00/45-10:23:10,20) [idle_inject/1]
(root,0,0,00:00:17/45-10:23:10,21) [migration/1]
(root,0,0,00:01:08/45-10:23:10,22) [ksoftirqd/1]
(root,0,0,00:00:00/45-10:23:10,24) [kworker/1:0H-events_highpri]
(root,0,0,00:00:00/45-10:23:10,25) [cpuhp/2]
(root,0,0,00:00:00/45-10:23:10,26) [idle_inject/2]
(root,0,0,00:00:13/45-10:23:10,27) [migration/2]
(root,0,0,01:25:02/45-10:23:10,28) [ksoftirqd/2]
(root,0,0,00:00:00/45-10:23:10,30) [kworker/2:0H-events_highpri]
(root,0,0,00:00:00/45-10:23:10,31) [cpuhp/3]
(root,0,0,00:00:00/45-10:23:10,32) [idle_inject/3]
(root,0,0,00:00:16/45-10:23:10,33) [migration/3]
(root,0,0,00:04:21/45-10:23:10,34) [ksoftirqd/3]
(root,0,0,00:00:00/45-10:23:10,36) [kworker/3:0H-events_highpri]
(root,0,0,00:00:00/45-10:23:10,40) [kdevtmpfs]
(root,0,0,00:00:00/45-10:23:10,41) [netns]
(root,0,0,00:00:00/45-10:23:10,42) [inet_frag_wq]
(root,0,0,00:00:16/45-10:23:10,43) [kauditd]
(root,0,0,00:00:00/45-10:23:10,44) [khungtaskd]
(root,0,0,00:00:00/45-10:23:10,45) [oom_reaper]
(root,0,0,00:00:00/45-10:23:10,46) [writeback]
(root,0,0,00:02:23/45-10:23:10,47) [kcompactd0]
(root,0,0,00:00:00/45-10:23:10,48) [ksmd]
(root,0,0,00:02:30/45-10:23:10,49) [khugepaged]
(root,0,0,00:00:00/45-10:23:10,75) [kintegrityd]
(root,0,0,00:00:00/45-10:23:10,76) [kblockd]
(root,0,0,00:00:00/45-10:23:10,77) [blkcg_punt_bio]
(root,0,0,00:00:00/45-10:23:10,79) [tpm_dev_wq]
(root,0,0,00:00:00/45-10:23:10,80) [edac-poller]
(root,0,0,00:00:00/45-10:23:10,81) [devfreq_wq]
(root,0,0,00:00:00/45-10:23:10,110) [watchdogd]
(root,0,0,00:00:03/45-10:23:10,111) [kswapd0]
(root,0,0,00:00:12/45-10:23:10,113) [kworker/2:1H-kblockd]
(root,0,0,00:00:00/45-10:23:08,115) [kthrotld]
(root,0,0,00:00:00/45-10:23:08,116) [mld]
(root,0,0,00:00:00/45-10:23:08,117) [ipv6_addrconf]
(root,0,0,00:00:12/45-10:23:08,118) [kworker/0:1H-kblockd]
(root,0,0,00:00:00/45-10:23:08,123) [kstrp]
(root,0,0,00:00:00/45-10:23:08,124) [zswap-shrink]
(root,0,0,00:00:00/45-10:23:08,125) [kworker/u9:0]
(root,0,0,00:00:00/45-10:23:08,130) [charger_manager]
(root,0,0,00:00:14/45-10:23:08,172) [kworker/1:1H-kblockd]
(root,0,0,00:00:20/45-10:23:08,177) [kworker/3:1H-kblockd]
(root,0,0,00:00:00/45-10:23:07,239) [kaluad]
(root,0,0,00:00:00/45-10:23:07,258) [kmpath_rdacd]
(root,0,0,00:00:00/45-10:23:07,304) [kmpathd]
(root,0,0,00:00:00/45-10:23:07,305) [kmpath_handlerd]
(root,0,0,00:00:00/45-10:23:06,342) [ata_sff]
(root,0,0,00:00:00/45-10:23:06,343) [scsi_eh_0]
(root,0,0,00:00:00/45-10:23:06,344) [scsi_tmf_0]
(root,0,0,00:00:00/45-10:23:06,345) [scsi_eh_1]
(root,0,0,00:00:00/45-10:23:06,346) [scsi_tmf_1]
(root,0,0,00:01:30/45-10:23:03,366) [jbd2/vda1-8]
(root,0,0,00:00:00/45-10:23:03,367) [ext4-rsv-conver]
(root,38604,7856,00:01:17/45-10:22:51,440) /usr/lib/systemd/systemd-journald
(root,53296,9444,00:00:05/45-10:22:50,454) /usr/lib/systemd/systemd-udevd
(root,8624,6132,00:01:11/45-10:22:48,492) /usr/sbin/haveged -w 1024 -v 0 -F
(root,13476,1588,00:00:27/45-10:22:17,511) /sbin/auditd
(messagebus,22932,5408,00:02:30/45-10:22:16,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
(root,38748,8252,00:01:25/45-10:22:16,530) /usr/lib/systemd/systemd-logind
(root,20556,4508,00:00:00/45-10:22:16,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground
(root,31704,15832,00:00:03/45-10:22:14,611) /usr/sbin/wickedd --systemd --foreground
(root,31900,16268,00:00:00/45-10:22:14,616) /usr/sbin/wickedd-nanny --systemd --foreground
(root,548872,30852,00:00:54/45-10:22:00,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd
(root,37016,25672,00:00:00/45-10:22:00,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion
(root,21172,4512,00:04:31/45-10:22:00,1337) /usr/sbin/xinetd -stayalive -dontfork
(root,2984,1796,00:00:00/45-10:22:00,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux
(syslogtunnel,40564,10436,00:00:00/45-10:22:00,1341) /usr/lib/systemd/systemd --user
(cm-ssh,40560,10636,00:00:00/45-10:22:00,1342) /usr/lib/systemd/systemd --user
(checkmk,40568,10492,00:00:00/45-10:22:00,1343) /usr/lib/systemd/systemd --user
(root,449060,8452,00:01:28/45-10:22:00,1345) /usr/sbin/rsyslogd -n -iNONE
(ntp,20660,5716,00:06:35/45-10:22:00,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf
(root,2516,656,00:00:00/45-10:22:00,1352) bpfilter_umh
(root,26204,8096,00:00:23/45-10:22:00,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups
(ntp,22048,3944,00:00:00/45-10:22:00,1359) ntpd: asynchronous dns resolver
(spot,362512,206304,2-14:25:03/45-10:21:59,1368) /usr/bin/python3.11 /usr/bin/spot
(syslogtunnel,48528,3180,00:00:00/45-10:21:59,1371) (sd-pam)
(checkmk,48528,3180,00:00:00/45-10:21:59,1372) (sd-pam)
(cm-ssh,48528,3180,00:00:00/45-10:21:59,1373) (sd-pam)
(root,24216,5260,00:00:16/45-10:21:57,1468) /usr/lib/postfix/bin//master -w
(postfix,24292,8228,00:00:03/45-10:21:57,1470) qmgr -l -t fifo -u
(root,8964,2656,00:00:06/45-10:21:57,1485) /usr/sbin/cron -n
(root,697508,78828,01:03:13/45-10:21:51,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion
(spot,228800,71508,00:24:45/45-10:21:39,1995) /usr/bin/python3.11 /usr/bin/spot
(postfix,44628,9184,00:00:01/39-15:57:14,2557) tlsmgr -l -t unix -u
(root,0,0,00:00:02/03:39:08,7922) [kworker/3:0-events]
(root,0,0,00:00:00/06:24,8555) [kworker/3:1-ata_sff]
(root,0,0,00:00:01/03:46:39,9329) [kworker/2:2-events]
(root,35304,10040,00:00:00/7-10:50:09,10512) sshd: syslogtunnel [priv]
(syslogtunnel,35304,5440,00:00:30/7-10:50:08,10514) sshd: syslogtunnel
(root,0,0,00:00:00/41:59,12120) [kworker/1:2-events]
(root,0,0,00:00:00/32:00,13999) [kworker/1:0]
(postfix,24244,8140,00:00:00/01:26:06,20864) pickup -l -t fifo -u
(root,0,0,00:00:00/01:13,22818) [kworker/3:2-ata_sff]
(root,0,0,00:00:00/01:12:26,23049) [kworker/0:2-events]
(root,6656,3476,00:00:00/00:00,26054) /bin/bash /usr/bin/check_mk_agent
(root,13744,3412,00:00:00/00:00,26072) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000
(root,11644,964,00:00:00/00:00,26073) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) /
(root,0,0,00:00:00/11:19,27540) [kworker/u8:0-flush-253:0]
(root,0,0,00:00:00/27:05,27729) [kworker/0:0-events]
(root,0,0,00:00:00/46:58,30490) [kworker/2:0]
(root,35308,10028,00:00:00/7-11:36:22,30945) sshd: cm-ssh [priv]
(cm-ssh,35308,5584,00:00:27/7-11:36:21,30947) sshd: cm-ssh
(root,0,0,00:00:00/21:56,32405) [kworker/u8:1-ext4-rsv-conversion]

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff
    altname enp0s18
    altname ens18
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff
    altname enp0s19
    altname ens19
[end_iplink]
      Found on 2024-10-25 21:11

    • Severity: high
      Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe5683637086a424

      Found public CheckMk agent:
Version: 1.5.0p25
AgentOS: linux
Hostname: sarpedon
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
OnlyFrom: 

Found process list through CheckMk:
(root,189584,12432,00:02:08/43-11:08:35,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29
(root,0,0,00:00:01/43-11:08:35,2) [kthreadd]
(root,0,0,00:00:00/43-11:08:35,3) [rcu_gp]
(root,0,0,00:00:00/43-11:08:35,4) [rcu_par_gp]
(root,0,0,00:00:00/43-11:08:35,5) [slub_flushwq]
(root,0,0,00:00:00/43-11:08:35,7) [kworker/0:0H-events_highpri]
(root,0,0,00:00:00/43-11:08:35,9) [mm_percpu_wq]
(root,0,0,00:00:00/43-11:08:35,10) [rcu_tasks_kthre]
(root,0,0,00:00:00/43-11:08:35,11) [rcu_tasks_rude_]
(root,0,0,00:00:00/43-11:08:35,12) [rcu_tasks_trace]
(root,0,0,00:01:19/43-11:08:35,13) [ksoftirqd/0]
(root,0,0,02:04:54/43-11:08:35,14) [rcu_preempt]
(root,0,0,00:00:16/43-11:08:35,15) [migration/0]
(root,0,0,00:00:00/43-11:08:35,16) [idle_inject/0]
(root,0,0,00:00:00/43-11:08:35,18) [cpuhp/0]
(root,0,0,00:00:00/43-11:08:35,19) [cpuhp/1]
(root,0,0,00:00:00/43-11:08:35,20) [idle_inject/1]
(root,0,0,00:00:16/43-11:08:35,21) [migration/1]
(root,0,0,00:01:05/43-11:08:35,22) [ksoftirqd/1]
(root,0,0,00:00:00/43-11:08:35,24) [kworker/1:0H-events_highpri]
(root,0,0,00:00:00/43-11:08:35,25) [cpuhp/2]
(root,0,0,00:00:00/43-11:08:35,26) [idle_inject/2]
(root,0,0,00:00:12/43-11:08:35,27) [migration/2]
(root,0,0,01:22:15/43-11:08:35,28) [ksoftirqd/2]
(root,0,0,00:00:00/43-11:08:35,30) [kworker/2:0H-events_highpri]
(root,0,0,00:00:00/43-11:08:35,31) [cpuhp/3]
(root,0,0,00:00:00/43-11:08:35,32) [idle_inject/3]
(root,0,0,00:00:15/43-11:08:35,33) [migration/3]
(root,0,0,00:04:12/43-11:08:35,34) [ksoftirqd/3]
(root,0,0,00:00:00/43-11:08:35,36) [kworker/3:0H-events_highpri]
(root,0,0,00:00:00/43-11:08:35,40) [kdevtmpfs]
(root,0,0,00:00:00/43-11:08:35,41) [netns]
(root,0,0,00:00:00/43-11:08:35,42) [inet_frag_wq]
(root,0,0,00:00:15/43-11:08:35,43) [kauditd]
(root,0,0,00:00:00/43-11:08:35,44) [khungtaskd]
(root,0,0,00:00:00/43-11:08:35,45) [oom_reaper]
(root,0,0,00:00:00/43-11:08:35,46) [writeback]
(root,0,0,00:02:17/43-11:08:35,47) [kcompactd0]
(root,0,0,00:00:00/43-11:08:35,48) [ksmd]
(root,0,0,00:02:23/43-11:08:35,49) [khugepaged]
(root,0,0,00:00:00/43-11:08:35,75) [kintegrityd]
(root,0,0,00:00:00/43-11:08:35,76) [kblockd]
(root,0,0,00:00:00/43-11:08:35,77) [blkcg_punt_bio]
(root,0,0,00:00:00/43-11:08:35,79) [tpm_dev_wq]
(root,0,0,00:00:00/43-11:08:35,80) [edac-poller]
(root,0,0,00:00:00/43-11:08:35,81) [devfreq_wq]
(root,0,0,00:00:00/43-11:08:35,110) [watchdogd]
(root,0,0,00:00:03/43-11:08:35,111) [kswapd0]
(root,0,0,00:00:11/43-11:08:35,113) [kworker/2:1H-kblockd]
(root,0,0,00:00:00/43-11:08:33,115) [kthrotld]
(root,0,0,00:00:00/43-11:08:33,116) [mld]
(root,0,0,00:00:00/43-11:08:33,117) [ipv6_addrconf]
(root,0,0,00:00:12/43-11:08:33,118) [kworker/0:1H-kblockd]
(root,0,0,00:00:00/43-11:08:33,123) [kstrp]
(root,0,0,00:00:00/43-11:08:33,124) [zswap-shrink]
(root,0,0,00:00:00/43-11:08:33,125) [kworker/u9:0]
(root,0,0,00:00:00/43-11:08:33,130) [charger_manager]
(root,0,0,00:00:13/43-11:08:33,172) [kworker/1:1H-kblockd]
(root,0,0,00:00:19/43-11:08:33,177) [kworker/3:1H-kblockd]
(root,0,0,00:00:00/43-11:08:32,239) [kaluad]
(root,0,0,00:00:00/43-11:08:32,258) [kmpath_rdacd]
(root,0,0,00:00:00/43-11:08:32,304) [kmpathd]
(root,0,0,00:00:00/43-11:08:32,305) [kmpath_handlerd]
(root,0,0,00:00:00/43-11:08:31,342) [ata_sff]
(root,0,0,00:00:00/43-11:08:31,343) [scsi_eh_0]
(root,0,0,00:00:00/43-11:08:31,344) [scsi_tmf_0]
(root,0,0,00:00:00/43-11:08:31,345) [scsi_eh_1]
(root,0,0,00:00:00/43-11:08:31,346) [scsi_tmf_1]
(root,0,0,00:01:27/43-11:08:28,366) [jbd2/vda1-8]
(root,0,0,00:00:00/43-11:08:28,367) [ext4-rsv-conver]
(root,38604,7856,00:01:14/43-11:08:16,440) /usr/lib/systemd/systemd-journald
(root,53296,9444,00:00:05/43-11:08:15,454) /usr/lib/systemd/systemd-udevd
(root,8624,6132,00:01:08/43-11:08:13,492) /usr/sbin/haveged -w 1024 -v 0 -F
(root,13476,1588,00:00:26/43-11:07:42,511) /sbin/auditd
(messagebus,22932,5408,00:02:24/43-11:07:41,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
(root,38748,8252,00:01:21/43-11:07:41,530) /usr/lib/systemd/systemd-logind
(root,20556,4508,00:00:00/43-11:07:41,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground
(root,31704,15832,00:00:03/43-11:07:39,611) /usr/sbin/wickedd --systemd --foreground
(root,31900,16268,00:00:00/43-11:07:39,616) /usr/sbin/wickedd-nanny --systemd --foreground
(root,548616,30208,00:00:51/43-11:07:25,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd
(root,37016,25672,00:00:00/43-11:07:25,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion
(root,21172,4512,00:04:20/43-11:07:25,1337) /usr/sbin/xinetd -stayalive -dontfork
(root,2984,1796,00:00:00/43-11:07:25,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux
(syslogtunnel,40564,10436,00:00:00/43-11:07:25,1341) /usr/lib/systemd/systemd --user
(cm-ssh,40560,10636,00:00:00/43-11:07:25,1342) /usr/lib/systemd/systemd --user
(checkmk,40568,10492,00:00:00/43-11:07:25,1343) /usr/lib/systemd/systemd --user
(root,449060,8452,00:01:25/43-11:07:25,1345) /usr/sbin/rsyslogd -n -iNONE
(ntp,20660,5716,00:06:18/43-11:07:25,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf
(root,2516,656,00:00:00/43-11:07:25,1352) bpfilter_umh
(root,26204,8096,00:00:22/43-11:07:25,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups
(ntp,22048,3944,00:00:00/43-11:07:25,1359) ntpd: asynchronous dns resolver
(spot,361872,206144,2-12:12:31/43-11:07:24,1368) /usr/bin/python3.11 /usr/bin/spot
(syslogtunnel,48528,3180,00:00:00/43-11:07:24,1371) (sd-pam)
(checkmk,48528,3180,00:00:00/43-11:07:24,1372) (sd-pam)
(cm-ssh,48528,3180,00:00:00/43-11:07:24,1373) (sd-pam)
(root,24216,5260,00:00:15/43-11:07:22,1468) /usr/lib/postfix/bin//master -w
(postfix,24292,8228,00:00:03/43-11:07:22,1470) qmgr -l -t fifo -u
(root,8964,2656,00:00:06/43-11:07:22,1485) /usr/sbin/cron -n
(root,697508,76760,01:00:28/43-11:07:16,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion
(spot,227776,70164,00:23:47/43-11:07:04,1995) /usr/bin/python3.11 /usr/bin/spot
(postfix,44628,9184,00:00:01/37-16:42:39,2557) tlsmgr -l -t unix -u
(root,6656,3484,00:00:00/00:00,6365) /bin/bash /usr/bin/check_mk_agent
(root,13744,3388,00:00:00/00:00,6383) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000
(root,11644,960,00:00:00/00:00,6384) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) /
(root,0,0,00:00:00/39:53,8260) [kworker/0:1]
(root,0,0,00:00:00/15:34,9062) [kworker/2:0]
(root,35304,10040,00:00:00/5-11:35:34,10512) sshd: syslogtunnel [priv]
(syslogtunnel,35304,5440,00:00:22/5-11:35:33,10514) sshd: syslogtunnel
(root,0,0,00:00:00/59:22,12041) [kworker/1:0-events]
(root,0,0,00:00:00/02:02:48,13819) [kworker/0:2-events]
(postfix,24244,8304,00:00:00/53:12,13890) pickup -l -t fifo -u
(root,0,0,00:00:00/01:37:46,16939) [kworker/u8:0-ext4-rsv-conversion]
(root,0,0,00:00:00/01:07:15,17327) [kworker/u8:2-writeback]
(root,0,0,00:00:00/04:36,19686) [kworker/3:1-ata_sff]
(root,0,0,00:00:01/01:58:45,21017) [kworker/3:2-ata_sff]
(root,0,0,00:00:00/49:35,21552) [kworker/1:1]
(root,0,0,00:00:00/09:49,30519) [kworker/3:0-events]
(root,35308,10028,00:00:00/5-12:21:47,30945) sshd: cm-ssh [priv]
(cm-ssh,35308,5584,00:00:20/5-12:21:46,30947) sshd: cm-ssh
(root,0,0,00:00:00/02:32:06,31069) [kworker/2:1-events]

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff
    altname enp0s18
    altname ens18
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff
    altname enp0s19
    altname ens19
[end_iplink]
      Found on 2024-10-23 21:57

    • Severity: high
      Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe56836364a933da

      Found public CheckMk agent:
Version: 1.5.0p25
AgentOS: linux
Hostname: sarpedon
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
OnlyFrom: 

Found process list through CheckMk:
(root,189584,12432,00:02:02/41-10:32:36,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29
(root,0,0,00:00:01/41-10:32:36,2) [kthreadd]
(root,0,0,00:00:00/41-10:32:36,3) [rcu_gp]
(root,0,0,00:00:00/41-10:32:36,4) [rcu_par_gp]
(root,0,0,00:00:00/41-10:32:36,5) [slub_flushwq]
(root,0,0,00:00:00/41-10:32:36,7) [kworker/0:0H-events_highpri]
(root,0,0,00:00:00/41-10:32:36,9) [mm_percpu_wq]
(root,0,0,00:00:00/41-10:32:36,10) [rcu_tasks_kthre]
(root,0,0,00:00:00/41-10:32:36,11) [rcu_tasks_rude_]
(root,0,0,00:00:00/41-10:32:36,12) [rcu_tasks_trace]
(root,0,0,00:01:15/41-10:32:36,13) [ksoftirqd/0]
(root,0,0,01:58:56/41-10:32:36,14) [rcu_preempt]
(root,0,0,00:00:15/41-10:32:36,15) [migration/0]
(root,0,0,00:00:00/41-10:32:36,16) [idle_inject/0]
(root,0,0,00:00:00/41-10:32:36,18) [cpuhp/0]
(root,0,0,00:00:00/41-10:32:36,19) [cpuhp/1]
(root,0,0,00:00:00/41-10:32:36,20) [idle_inject/1]
(root,0,0,00:00:15/41-10:32:36,21) [migration/1]
(root,0,0,00:01:01/41-10:32:36,22) [ksoftirqd/1]
(root,0,0,00:00:00/41-10:32:36,24) [kworker/1:0H-events_highpri]
(root,0,0,00:00:00/41-10:32:36,25) [cpuhp/2]
(root,0,0,00:00:00/41-10:32:36,26) [idle_inject/2]
(root,0,0,00:00:12/41-10:32:36,27) [migration/2]
(root,0,0,01:18:12/41-10:32:36,28) [ksoftirqd/2]
(root,0,0,00:00:00/41-10:32:36,30) [kworker/2:0H-events_highpri]
(root,0,0,00:00:00/41-10:32:36,31) [cpuhp/3]
(root,0,0,00:00:00/41-10:32:36,32) [idle_inject/3]
(root,0,0,00:00:15/41-10:32:36,33) [migration/3]
(root,0,0,00:03:58/41-10:32:36,34) [ksoftirqd/3]
(root,0,0,00:00:00/41-10:32:36,36) [kworker/3:0H-events_highpri]
(root,0,0,00:00:00/41-10:32:36,40) [kdevtmpfs]
(root,0,0,00:00:00/41-10:32:36,41) [netns]
(root,0,0,00:00:00/41-10:32:36,42) [inet_frag_wq]
(root,0,0,00:00:14/41-10:32:36,43) [kauditd]
(root,0,0,00:00:00/41-10:32:36,44) [khungtaskd]
(root,0,0,00:00:00/41-10:32:36,45) [oom_reaper]
(root,0,0,00:00:00/41-10:32:36,46) [writeback]
(root,0,0,00:02:11/41-10:32:36,47) [kcompactd0]
(root,0,0,00:00:00/41-10:32:36,48) [ksmd]
(root,0,0,00:02:16/41-10:32:36,49) [khugepaged]
(root,0,0,00:00:00/41-10:32:36,75) [kintegrityd]
(root,0,0,00:00:00/41-10:32:36,76) [kblockd]
(root,0,0,00:00:00/41-10:32:36,77) [blkcg_punt_bio]
(root,0,0,00:00:00/41-10:32:36,79) [tpm_dev_wq]
(root,0,0,00:00:00/41-10:32:36,80) [edac-poller]
(root,0,0,00:00:00/41-10:32:36,81) [devfreq_wq]
(root,0,0,00:00:00/41-10:32:36,110) [watchdogd]
(root,0,0,00:00:03/41-10:32:36,111) [kswapd0]
(root,0,0,00:00:11/41-10:32:36,113) [kworker/2:1H-kblockd]
(root,0,0,00:00:00/41-10:32:34,115) [kthrotld]
(root,0,0,00:00:00/41-10:32:34,116) [mld]
(root,0,0,00:00:00/41-10:32:34,117) [ipv6_addrconf]
(root,0,0,00:00:11/41-10:32:34,118) [kworker/0:1H-kblockd]
(root,0,0,00:00:00/41-10:32:34,123) [kstrp]
(root,0,0,00:00:00/41-10:32:34,124) [zswap-shrink]
(root,0,0,00:00:00/41-10:32:34,125) [kworker/u9:0]
(root,0,0,00:00:00/41-10:32:34,130) [charger_manager]
(root,0,0,00:00:12/41-10:32:34,172) [kworker/1:1H-kblockd]
(root,0,0,00:00:18/41-10:32:34,177) [kworker/3:1H-kblockd]
(root,0,0,00:00:00/41-10:32:33,239) [kaluad]
(root,0,0,00:00:00/41-10:32:33,258) [kmpath_rdacd]
(root,0,0,00:00:00/41-10:32:33,304) [kmpathd]
(root,0,0,00:00:00/41-10:32:33,305) [kmpath_handlerd]
(root,0,0,00:00:00/41-10:32:32,342) [ata_sff]
(root,0,0,00:00:00/41-10:32:32,343) [scsi_eh_0]
(root,0,0,00:00:00/41-10:32:32,344) [scsi_tmf_0]
(root,0,0,00:00:00/41-10:32:32,345) [scsi_eh_1]
(root,0,0,00:00:00/41-10:32:32,346) [scsi_tmf_1]
(root,0,0,00:01:22/41-10:32:29,366) [jbd2/vda1-8]
(root,0,0,00:00:00/41-10:32:29,367) [ext4-rsv-conver]
(root,38604,7856,00:01:11/41-10:32:17,440) /usr/lib/systemd/systemd-journald
(root,53296,9444,00:00:04/41-10:32:16,454) /usr/lib/systemd/systemd-udevd
(root,8624,6132,00:01:05/41-10:32:14,492) /usr/sbin/haveged -w 1024 -v 0 -F
(root,13476,1588,00:00:25/41-10:31:43,511) /sbin/auditd
(messagebus,22932,5408,00:02:18/41-10:31:42,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
(root,38748,8252,00:01:18/41-10:31:42,530) /usr/lib/systemd/systemd-logind
(root,20556,4508,00:00:00/41-10:31:42,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground
(root,31704,15832,00:00:03/41-10:31:40,611) /usr/sbin/wickedd --systemd --foreground
(root,31900,16268,00:00:00/41-10:31:40,616) /usr/sbin/wickedd-nanny --systemd --foreground
(root,548616,30208,00:00:49/41-10:31:26,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd
(root,37016,25672,00:00:00/41-10:31:26,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion
(root,21172,4512,00:04:07/41-10:31:26,1337) /usr/sbin/xinetd -stayalive -dontfork
(root,2984,1796,00:00:00/41-10:31:26,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux
(syslogtunnel,40564,10436,00:00:00/41-10:31:26,1341) /usr/lib/systemd/systemd --user
(cm-ssh,40560,10636,00:00:00/41-10:31:26,1342) /usr/lib/systemd/systemd --user
(checkmk,40568,10492,00:00:00/41-10:31:26,1343) /usr/lib/systemd/systemd --user
(root,449060,8448,00:01:22/41-10:31:26,1345) /usr/sbin/rsyslogd -n -iNONE
(ntp,20660,5716,00:06:00/41-10:31:26,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf
(root,2516,656,00:00:00/41-10:31:26,1352) bpfilter_umh
(root,26204,8096,00:00:21/41-10:31:26,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups
(ntp,22048,3944,00:00:00/41-10:31:26,1359) ntpd: asynchronous dns resolver
(spot,361712,206108,2-09:23:26/41-10:31:25,1368) /usr/bin/python3.11 /usr/bin/spot
(syslogtunnel,48528,3180,00:00:00/41-10:31:25,1371) (sd-pam)
(checkmk,48528,3180,00:00:00/41-10:31:25,1372) (sd-pam)
(cm-ssh,48528,3180,00:00:00/41-10:31:25,1373) (sd-pam)
(root,0,0,00:00:00/01:14:15,1398) [kworker/1:0-events]
(root,24216,5260,00:00:14/41-10:31:23,1468) /usr/lib/postfix/bin//master -w
(postfix,24292,8228,00:00:02/41-10:31:23,1470) qmgr -l -t fifo -u
(root,8964,2656,00:00:05/41-10:31:23,1485) /usr/sbin/cron -n
(root,697108,76360,00:57:34/41-10:31:17,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion
(spot,226752,68928,00:22:46/41-10:31:05,1995) /usr/bin/python3.11 /usr/bin/spot
(postfix,44628,9184,00:00:01/35-16:06:40,2557) tlsmgr -l -t unix -u
(root,6656,3484,00:00:00/00:00,3540) /bin/bash /usr/bin/check_mk_agent
(root,6656,1820,00:00:00/00:00,3581) /bin/bash /usr/bin/check_mk_agent
(root,6656,2012,00:00:00/00:00,3582) /bin/bash /usr/bin/check_mk_agent
(root,4480,1048,00:00:00/00:00,3583) awk  /:/ { c[$4]++; } END { for (x in c) { print x, c[x]; } }
(root,2728,780,00:00:00/00:00,3584) timeout 5 cat /proc/net/tcp /proc/net/tcp6
(root,2676,1208,00:00:00/00:00,3585) cat /proc/net/tcp /proc/net/tcp6
(root,6656,3488,00:00:00/00:00,3586) /bin/bash /usr/bin/check_mk_agent
(root,13744,3376,00:00:00/00:00,3604) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000
(root,11644,964,00:00:00/00:00,3605) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) /
(root,0,0,00:00:00/09:37,8459) [kworker/3:1-ata_sff]
(postfix,24244,8272,00:00:00/39:09,8568) pickup -l -t fifo -u
(root,35304,10040,00:00:00/3-10:59:35,10512) sshd: syslogtunnel [priv]
(syslogtunnel,35304,5440,00:00:14/3-10:59:34,10514) sshd: syslogtunnel
(root,0,0,00:00:00/45:48,15370) [kworker/u8:1-flush-253:0]
(root,0,0,00:00:01/07:57:16,16954) [kworker/2:1-events]
(root,0,0,00:00:00/05:50,17760) [kworker/u8:2-writeback]
(root,0,0,00:00:00/36:18,18031) [kworker/1:2-events]
(root,0,0,00:00:00/31:35,20231) [kworker/0:0-events]
(root,0,0,00:00:00/01:09:23,21301) [kworker/0:2-events]
(root,0,0,00:00:00/04:27,21973) [kworker/3:0-ata_sff]
(root,0,0,00:00:01/03:31:58,27369) [kworker/3:2-events]
(root,0,0,00:00:00/12:32,29732) [kworker/2:0-events]
(root,35308,10028,00:00:00/3-11:45:48,30945) sshd: cm-ssh [priv]
(cm-ssh,35308,5584,00:00:13/3-11:45:47,30947) sshd: cm-ssh

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff
    altname enp0s18
    altname ens18
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff
    altname enp0s19
    altname ens19
[end_iplink]
      Found on 2024-10-21 21:21

    • Severity: high
      Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363d8229576

      Found public CheckMk agent:
Version: 1.5.0p25
AgentOS: linux
Hostname: sarpedon
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
OnlyFrom: 

Found process list through CheckMk:
(root,189584,12624,00:01:57/39-11:33:48,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29
(root,0,0,00:00:01/39-11:33:48,2) [kthreadd]
(root,0,0,00:00:00/39-11:33:48,3) [rcu_gp]
(root,0,0,00:00:00/39-11:33:48,4) [rcu_par_gp]
(root,0,0,00:00:00/39-11:33:48,5) [slub_flushwq]
(root,0,0,00:00:00/39-11:33:48,7) [kworker/0:0H-events_highpri]
(root,0,0,00:00:00/39-11:33:48,9) [mm_percpu_wq]
(root,0,0,00:00:00/39-11:33:48,10) [rcu_tasks_kthre]
(root,0,0,00:00:00/39-11:33:48,11) [rcu_tasks_rude_]
(root,0,0,00:00:00/39-11:33:48,12) [rcu_tasks_trace]
(root,0,0,00:01:12/39-11:33:48,13) [ksoftirqd/0]
(root,0,0,01:53:16/39-11:33:48,14) [rcu_preempt]
(root,0,0,00:00:15/39-11:33:48,15) [migration/0]
(root,0,0,00:00:00/39-11:33:48,16) [idle_inject/0]
(root,0,0,00:00:00/39-11:33:48,18) [cpuhp/0]
(root,0,0,00:00:00/39-11:33:48,19) [cpuhp/1]
(root,0,0,00:00:00/39-11:33:48,20) [idle_inject/1]
(root,0,0,00:00:15/39-11:33:48,21) [migration/1]
(root,0,0,00:00:59/39-11:33:48,22) [ksoftirqd/1]
(root,0,0,00:00:00/39-11:33:48,24) [kworker/1:0H-events_highpri]
(root,0,0,00:00:00/39-11:33:48,25) [cpuhp/2]
(root,0,0,00:00:00/39-11:33:48,26) [idle_inject/2]
(root,0,0,00:00:11/39-11:33:48,27) [migration/2]
(root,0,0,01:13:33/39-11:33:48,28) [ksoftirqd/2]
(root,0,0,00:00:00/39-11:33:48,30) [kworker/2:0H-events_highpri]
(root,0,0,00:00:00/39-11:33:48,31) [cpuhp/3]
(root,0,0,00:00:00/39-11:33:48,32) [idle_inject/3]
(root,0,0,00:00:14/39-11:33:48,33) [migration/3]
(root,0,0,00:03:45/39-11:33:48,34) [ksoftirqd/3]
(root,0,0,00:00:00/39-11:33:48,36) [kworker/3:0H-events_highpri]
(root,0,0,00:00:00/39-11:33:48,40) [kdevtmpfs]
(root,0,0,00:00:00/39-11:33:48,41) [netns]
(root,0,0,00:00:00/39-11:33:48,42) [inet_frag_wq]
(root,0,0,00:00:14/39-11:33:48,43) [kauditd]
(root,0,0,00:00:00/39-11:33:48,44) [khungtaskd]
(root,0,0,00:00:00/39-11:33:48,45) [oom_reaper]
(root,0,0,00:00:00/39-11:33:48,46) [writeback]
(root,0,0,00:02:04/39-11:33:48,47) [kcompactd0]
(root,0,0,00:00:00/39-11:33:48,48) [ksmd]
(root,0,0,00:02:09/39-11:33:48,49) [khugepaged]
(root,0,0,00:00:00/39-11:33:48,75) [kintegrityd]
(root,0,0,00:00:00/39-11:33:48,76) [kblockd]
(root,0,0,00:00:00/39-11:33:48,77) [blkcg_punt_bio]
(root,0,0,00:00:00/39-11:33:48,79) [tpm_dev_wq]
(root,0,0,00:00:00/39-11:33:48,80) [edac-poller]
(root,0,0,00:00:00/39-11:33:48,81) [devfreq_wq]
(root,0,0,00:00:00/39-11:33:48,110) [watchdogd]
(root,0,0,00:00:02/39-11:33:48,111) [kswapd0]
(root,0,0,00:00:10/39-11:33:48,113) [kworker/2:1H-kblockd]
(root,0,0,00:00:00/39-11:33:46,115) [kthrotld]
(root,0,0,00:00:00/39-11:33:46,116) [mld]
(root,0,0,00:00:00/39-11:33:46,117) [ipv6_addrconf]
(root,0,0,00:00:11/39-11:33:46,118) [kworker/0:1H-kblockd]
(root,0,0,00:00:00/39-11:33:46,123) [kstrp]
(root,0,0,00:00:00/39-11:33:46,124) [zswap-shrink]
(root,0,0,00:00:00/39-11:33:46,125) [kworker/u9:0]
(root,0,0,00:00:00/39-11:33:46,130) [charger_manager]
(root,0,0,00:00:12/39-11:33:46,172) [kworker/1:1H-kblockd]
(root,0,0,00:00:17/39-11:33:46,177) [kworker/3:1H-kblockd]
(root,0,0,00:00:00/39-11:33:45,239) [kaluad]
(root,0,0,00:00:00/39-11:33:45,258) [kmpath_rdacd]
(root,0,0,00:00:00/39-11:33:45,304) [kmpathd]
(root,0,0,00:00:00/39-11:33:45,305) [kmpath_handlerd]
(root,0,0,00:00:00/39-11:33:44,342) [ata_sff]
(root,0,0,00:00:00/39-11:33:44,343) [scsi_eh_0]
(root,0,0,00:00:00/39-11:33:44,344) [scsi_tmf_0]
(root,0,0,00:00:00/39-11:33:44,345) [scsi_eh_1]
(root,0,0,00:00:00/39-11:33:44,346) [scsi_tmf_1]
(root,0,0,00:01:18/39-11:33:41,366) [jbd2/vda1-8]
(root,0,0,00:00:00/39-11:33:41,367) [ext4-rsv-conver]
(root,38604,7924,00:01:08/39-11:33:29,440) /usr/lib/systemd/systemd-journald
(root,53296,9640,00:00:04/39-11:33:28,454) /usr/lib/systemd/systemd-udevd
(root,8624,6172,00:01:02/39-11:33:26,492) /usr/sbin/haveged -w 1024 -v 0 -F
(root,13476,1600,00:00:24/39-11:32:55,511) /sbin/auditd
(messagebus,22932,5436,00:02:12/39-11:32:54,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
(root,38748,8316,00:01:15/39-11:32:54,530) /usr/lib/systemd/systemd-logind
(root,20556,4536,00:00:00/39-11:32:54,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground
(root,31704,15860,00:00:03/39-11:32:52,611) /usr/sbin/wickedd --systemd --foreground
(root,31900,16308,00:00:00/39-11:32:52,616) /usr/sbin/wickedd-nanny --systemd --foreground
(root,548616,30300,00:00:47/39-11:32:38,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd
(root,37016,25876,00:00:00/39-11:32:38,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion
(root,21172,4536,00:03:55/39-11:32:38,1337) /usr/sbin/xinetd -stayalive -dontfork
(root,2984,1812,00:00:00/39-11:32:38,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux
(syslogtunnel,40564,10520,00:00:00/39-11:32:38,1341) /usr/lib/systemd/systemd --user
(cm-ssh,40560,10652,00:00:00/39-11:32:38,1342) /usr/lib/systemd/systemd --user
(checkmk,40568,10560,00:00:00/39-11:32:38,1343) /usr/lib/systemd/systemd --user
(root,449060,8596,00:01:19/39-11:32:38,1345) /usr/sbin/rsyslogd -n -iNONE
(ntp,20660,5840,00:05:43/39-11:32:38,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf
(root,2516,656,00:00:00/39-11:32:38,1352) bpfilter_umh
(root,26204,8116,00:00:20/39-11:32:38,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups
(ntp,22048,4016,00:00:00/39-11:32:38,1359) ntpd: asynchronous dns resolver
(spot,361424,198356,2-07:17:15/39-11:32:37,1368) /usr/bin/python3.11 /usr/bin/spot
(syslogtunnel,48528,3192,00:00:00/39-11:32:37,1371) (sd-pam)
(checkmk,48528,3192,00:00:00/39-11:32:37,1372) (sd-pam)
(cm-ssh,48528,3192,00:00:00/39-11:32:37,1373) (sd-pam)
(root,24216,5260,00:00:14/39-11:32:35,1468) /usr/lib/postfix/bin//master -w
(postfix,24292,8228,00:00:02/39-11:32:35,1470) qmgr -l -t fifo -u
(root,8964,2656,00:00:05/39-11:32:35,1485) /usr/sbin/cron -n
(root,697108,76496,00:54:46/39-11:32:29,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion
(spot,225728,67424,00:21:43/39-11:32:17,1995) /usr/bin/python3.11 /usr/bin/spot
(postfix,44628,9244,00:00:01/33-17:07:52,2557) tlsmgr -l -t unix -u
(root,0,0,00:00:00/36:45,3019) [kworker/1:2-events]
(root,0,0,00:00:00/04:46,7299) [kworker/3:1-ata_sff]
(root,35304,10040,00:00:00/1-12:00:47,10512) sshd: syslogtunnel [priv]
(syslogtunnel,35304,5440,00:00:07/1-12:00:46,10514) sshd: syslogtunnel
(root,0,0,00:00:00/51:27,11867) [kworker/3:2-ata_sff]
(root,0,0,00:00:00/01:22:01,12444) [kworker/u8:2-ext4-rsv-conversion]
(root,0,0,00:00:00/50:44,15181) [kworker/0:1-events]
(root,0,0,00:00:00/22:15,15955) [kworker/u8:0-flush-253:0]
(root,0,0,00:00:00/22:15,15966) [kworker/1:0-events]
(root,0,0,00:00:00/22:15,15998) [kworker/2:1-events]
(root,0,0,00:00:01/02:24:06,16553) [kworker/0:0-events]
(root,0,0,00:00:00/09:59,18227) [kworker/3:0-events]
(root,6656,3444,00:00:00/00:01,25138) /bin/bash /usr/bin/check_mk_agent
(root,6656,1824,00:00:00/00:01,25179) /bin/bash /usr/bin/check_mk_agent
(root,6656,1952,00:00:00/00:01,25180) /bin/bash /usr/bin/check_mk_agent
(root,4480,1160,00:00:00/00:01,25181) awk  /:/ { c[$4]++; } END { for (x in c) { print x, c[x]; } }
(root,2728,860,00:00:00/00:01,25182) timeout 5 cat /proc/net/tcp /proc/net/tcp6
(root,2680,736,00:00:00/00:01,25183) cat /proc/net/tcp /proc/net/tcp6
(root,6656,3484,00:00:00/00:01,25184) /bin/bash /usr/bin/check_mk_agent
(root,13744,3416,00:00:00/00:00,25202) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000
(root,11644,956,00:00:00/00:00,25203) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) /
(root,35308,10028,00:00:00/1-12:47:00,30945) sshd: cm-ssh [priv]
(cm-ssh,35308,5584,00:00:06/1-12:46:59,30947) sshd: cm-ssh
(postfix,24244,8232,00:00:00/21:09,31794) pickup -l -t fifo -u
(root,0,0,00:00:00/01:46:37,32470) [kworker/2:2-cgroup_destroy]

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff
    altname enp0s18
    altname ens18
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff
    altname enp0s19
    altname ens19
[end_iplink]
      Found on 2024-10-19 22:22

    • Severity: high
      Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363198f798b

      Found public CheckMk agent:
Version: 1.5.0p25
AgentOS: linux
Hostname: sarpedon
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
OnlyFrom: 

Found process list through CheckMk:
(root,189584,12624,00:01:51/37-10:38:22,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29
(root,0,0,00:00:01/37-10:38:22,2) [kthreadd]
(root,0,0,00:00:00/37-10:38:22,3) [rcu_gp]
(root,0,0,00:00:00/37-10:38:22,4) [rcu_par_gp]
(root,0,0,00:00:00/37-10:38:22,5) [slub_flushwq]
(root,0,0,00:00:00/37-10:38:22,7) [kworker/0:0H-events_highpri]
(root,0,0,00:00:00/37-10:38:22,9) [mm_percpu_wq]
(root,0,0,00:00:00/37-10:38:22,10) [rcu_tasks_kthre]
(root,0,0,00:00:00/37-10:38:22,11) [rcu_tasks_rude_]
(root,0,0,00:00:00/37-10:38:22,12) [rcu_tasks_trace]
(root,0,0,00:01:07/37-10:38:22,13) [ksoftirqd/0]
(root,0,0,01:47:07/37-10:38:22,14) [rcu_preempt]
(root,0,0,00:00:14/37-10:38:22,15) [migration/0]
(root,0,0,00:00:00/37-10:38:22,16) [idle_inject/0]
(root,0,0,00:00:00/37-10:38:22,18) [cpuhp/0]
(root,0,0,00:00:00/37-10:38:22,19) [cpuhp/1]
(root,0,0,00:00:00/37-10:38:22,20) [idle_inject/1]
(root,0,0,00:00:14/37-10:38:22,21) [migration/1]
(root,0,0,00:00:55/37-10:38:22,22) [ksoftirqd/1]
(root,0,0,00:00:00/37-10:38:22,24) [kworker/1:0H-events_highpri]
(root,0,0,00:00:00/37-10:38:22,25) [cpuhp/2]
(root,0,0,00:00:00/37-10:38:22,26) [idle_inject/2]
(root,0,0,00:00:10/37-10:38:22,27) [migration/2]
(root,0,0,01:07:42/37-10:38:22,28) [ksoftirqd/2]
(root,0,0,00:00:00/37-10:38:22,30) [kworker/2:0H-events_highpri]
(root,0,0,00:00:00/37-10:38:22,31) [cpuhp/3]
(root,0,0,00:00:00/37-10:38:22,32) [idle_inject/3]
(root,0,0,00:00:13/37-10:38:22,33) [migration/3]
(root,0,0,00:03:29/37-10:38:22,34) [ksoftirqd/3]
(root,0,0,00:00:00/37-10:38:22,36) [kworker/3:0H-events_highpri]
(root,0,0,00:00:00/37-10:38:22,40) [kdevtmpfs]
(root,0,0,00:00:00/37-10:38:22,41) [netns]
(root,0,0,00:00:00/37-10:38:22,42) [inet_frag_wq]
(root,0,0,00:00:13/37-10:38:22,43) [kauditd]
(root,0,0,00:00:00/37-10:38:22,44) [khungtaskd]
(root,0,0,00:00:00/37-10:38:22,45) [oom_reaper]
(root,0,0,00:00:00/37-10:38:22,46) [writeback]
(root,0,0,00:01:57/37-10:38:22,47) [kcompactd0]
(root,0,0,00:00:00/37-10:38:22,48) [ksmd]
(root,0,0,00:02:02/37-10:38:22,49) [khugepaged]
(root,0,0,00:00:00/37-10:38:22,75) [kintegrityd]
(root,0,0,00:00:00/37-10:38:22,76) [kblockd]
(root,0,0,00:00:00/37-10:38:22,77) [blkcg_punt_bio]
(root,0,0,00:00:00/37-10:38:22,79) [tpm_dev_wq]
(root,0,0,00:00:00/37-10:38:22,80) [edac-poller]
(root,0,0,00:00:00/37-10:38:22,81) [devfreq_wq]
(root,0,0,00:00:00/37-10:38:22,110) [watchdogd]
(root,0,0,00:00:02/37-10:38:22,111) [kswapd0]
(root,0,0,00:00:10/37-10:38:22,113) [kworker/2:1H-kblockd]
(root,0,0,00:00:00/37-10:38:20,115) [kthrotld]
(root,0,0,00:00:00/37-10:38:20,116) [mld]
(root,0,0,00:00:00/37-10:38:20,117) [ipv6_addrconf]
(root,0,0,00:00:10/37-10:38:20,118) [kworker/0:1H-kblockd]
(root,0,0,00:00:00/37-10:38:20,123) [kstrp]
(root,0,0,00:00:00/37-10:38:20,124) [zswap-shrink]
(root,0,0,00:00:00/37-10:38:20,125) [kworker/u9:0]
(root,0,0,00:00:00/37-10:38:20,130) [charger_manager]
(root,0,0,00:00:11/37-10:38:20,172) [kworker/1:1H-kblockd]
(root,0,0,00:00:16/37-10:38:20,177) [kworker/3:1H-kblockd]
(root,0,0,00:00:00/37-10:38:19,239) [kaluad]
(root,0,0,00:00:00/37-10:38:19,258) [kmpath_rdacd]
(root,0,0,00:00:00/37-10:38:19,304) [kmpathd]
(root,0,0,00:00:00/37-10:38:19,305) [kmpath_handlerd]
(root,0,0,00:00:00/37-10:38:18,342) [ata_sff]
(root,0,0,00:00:00/37-10:38:18,343) [scsi_eh_0]
(root,0,0,00:00:00/37-10:38:18,344) [scsi_tmf_0]
(root,0,0,00:00:00/37-10:38:18,345) [scsi_eh_1]
(root,0,0,00:00:00/37-10:38:18,346) [scsi_tmf_1]
(root,0,0,00:01:14/37-10:38:15,366) [jbd2/vda1-8]
(root,0,0,00:00:00/37-10:38:15,367) [ext4-rsv-conver]
(root,38604,7924,00:01:01/37-10:38:03,440) /usr/lib/systemd/systemd-journald
(root,53296,9640,00:00:04/37-10:38:02,454) /usr/lib/systemd/systemd-udevd
(root,8624,6172,00:00:58/37-10:38:00,492) /usr/sbin/haveged -w 1024 -v 0 -F
(root,13476,1600,00:00:22/37-10:37:29,511) /sbin/auditd
(messagebus,22932,5436,00:02:06/37-10:37:28,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
(root,38748,8316,00:01:11/37-10:37:28,530) /usr/lib/systemd/systemd-logind
(root,20556,4536,00:00:00/37-10:37:28,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground
(root,31704,15860,00:00:03/37-10:37:26,611) /usr/sbin/wickedd --systemd --foreground
(root,31900,16308,00:00:00/37-10:37:26,616) /usr/sbin/wickedd-nanny --systemd --foreground
(root,0,0,00:00:00/02:15:22,669) [kworker/2:0-events]
(root,0,0,00:00:00/16:31,1287) [kworker/u8:1-ext4-rsv-conversion]
(root,548616,30292,00:00:44/37-10:37:12,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd
(root,37016,25876,00:00:00/37-10:37:12,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion
(root,21172,4536,00:03:42/37-10:37:12,1337) /usr/sbin/xinetd -stayalive -dontfork
(root,2984,1812,00:00:00/37-10:37:12,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux
(syslogtunnel,40564,10520,00:00:00/37-10:37:12,1341) /usr/lib/systemd/systemd --user
(cm-ssh,40560,10652,00:00:00/37-10:37:12,1342) /usr/lib/systemd/systemd --user
(checkmk,40568,10560,00:00:00/37-10:37:12,1343) /usr/lib/systemd/systemd --user
(root,449060,8372,00:00:57/37-10:37:12,1345) /usr/sbin/rsyslogd -n -iNONE
(ntp,20660,5840,00:05:24/37-10:37:12,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf
(root,2516,656,00:00:00/37-10:37:12,1352) bpfilter_umh
(root,26204,8116,00:00:19/37-10:37:12,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups
(ntp,22048,4016,00:00:00/37-10:37:12,1359) ntpd: asynchronous dns resolver
(spot,361968,198492,2-04:16:01/37-10:37:11,1368) /usr/bin/python3.11 /usr/bin/spot
(syslogtunnel,48528,3192,00:00:00/37-10:37:11,1371) (sd-pam)
(checkmk,48528,3192,00:00:00/37-10:37:11,1372) (sd-pam)
(cm-ssh,48528,3192,00:00:00/37-10:37:11,1373) (sd-pam)
(root,24216,5260,00:00:13/37-10:37:09,1468) /usr/lib/postfix/bin//master -w
(postfix,24292,8228,00:00:02/37-10:37:09,1470) qmgr -l -t fifo -u
(root,8964,2656,00:00:05/37-10:37:09,1485) /usr/sbin/cron -n
(root,35304,10076,00:00:00/37-10:37:06,1516) sshd: syslogtunnel [priv]
(syslogtunnel,35304,5504,00:02:19/37-10:37:05,1527) sshd: syslogtunnel
(root,0,0,00:00:00/31:32,1530) [kworker/u8:2-ext4-rsv-conversion]
(root,696596,75960,00:51:49/37-10:37:03,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion
(spot,224704,66200,00:20:38/37-10:36:51,1995) /usr/bin/python3.11 /usr/bin/spot
(postfix,44628,9244,00:00:01/31-16:12:26,2557) tlsmgr -l -t unix -u
(root,35308,10108,00:00:00/37-10:36:26,3216) sshd: cm-ssh [priv]
(cm-ssh,35308,5492,00:02:04/37-10:36:26,3218) sshd: cm-ssh
(root,0,0,00:00:00/01:43:41,4224) [kworker/0:0-events]
(postfix,24244,8176,00:00:00/01:27:39,11352) pickup -l -t fifo -u
(root,0,0,00:00:00/01:25:36,11965) [kworker/1:0-events]
(root,0,0,00:00:00/02:01,18233) [kworker/u8:0-writeback]
(root,0,0,00:00:00/35:44,19177) [kworker/0:2-events]
(root,0,0,00:00:00/01:48,19429) [kworker/3:1-ata_sff]
(root,0,0,00:00:00/49:21,24929) [kworker/2:1-events]
(root,6656,3484,00:00:00/00:00,25751) /bin/bash /usr/bin/check_mk_agent
(root,13744,3432,00:00:00/00:00,25769) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000
(root,11644,968,00:00:00/00:00,25770) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) /
(root,0,0,00:00:00/07:00,28649) [kworker/3:0-ata_sff]
(root,0,0,00:00:00/58:25,31156) [kworker/1:2-events]
(root,0,0,00:00:01/02:16:42,32737) [kworker/3:2-events]

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff
    altname enp0s18
    altname ens18
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff
    altname enp0s19
    altname ens19
[end_iplink]
      Found on 2024-10-17 21:27

    • Severity: high
      Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe5683632cc2bab3

      Found public CheckMk agent:
Version: 1.5.0p25
AgentOS: linux
Hostname: sarpedon
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
OnlyFrom: 

Found process list through CheckMk:
(root,189452,12620,00:01:46/35-14:05:41,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29
(root,0,0,00:00:01/35-14:05:41,2) [kthreadd]
(root,0,0,00:00:00/35-14:05:41,3) [rcu_gp]
(root,0,0,00:00:00/35-14:05:41,4) [rcu_par_gp]
(root,0,0,00:00:00/35-14:05:41,5) [slub_flushwq]
(root,0,0,00:00:00/35-14:05:41,7) [kworker/0:0H-events_highpri]
(root,0,0,00:00:00/35-14:05:41,9) [mm_percpu_wq]
(root,0,0,00:00:00/35-14:05:41,10) [rcu_tasks_kthre]
(root,0,0,00:00:00/35-14:05:41,11) [rcu_tasks_rude_]
(root,0,0,00:00:00/35-14:05:41,12) [rcu_tasks_trace]
(root,0,0,00:01:04/35-14:05:41,13) [ksoftirqd/0]
(root,0,0,01:42:13/35-14:05:41,14) [rcu_preempt]
(root,0,0,00:00:13/35-14:05:41,15) [migration/0]
(root,0,0,00:00:00/35-14:05:41,16) [idle_inject/0]
(root,0,0,00:00:00/35-14:05:41,18) [cpuhp/0]
(root,0,0,00:00:00/35-14:05:41,19) [cpuhp/1]
(root,0,0,00:00:00/35-14:05:41,20) [idle_inject/1]
(root,0,0,00:00:13/35-14:05:41,21) [migration/1]
(root,0,0,00:00:52/35-14:05:41,22) [ksoftirqd/1]
(root,0,0,00:00:00/35-14:05:41,24) [kworker/1:0H-events_highpri]
(root,0,0,00:00:00/35-14:05:41,25) [cpuhp/2]
(root,0,0,00:00:00/35-14:05:41,26) [idle_inject/2]
(root,0,0,00:00:10/35-14:05:41,27) [migration/2]
(root,0,0,01:05:03/35-14:05:41,28) [ksoftirqd/2]
(root,0,0,00:00:00/35-14:05:41,30) [kworker/2:0H-events_highpri]
(root,0,0,00:00:00/35-14:05:41,31) [cpuhp/3]
(root,0,0,00:00:00/35-14:05:41,32) [idle_inject/3]
(root,0,0,00:00:12/35-14:05:41,33) [migration/3]
(root,0,0,00:03:21/35-14:05:41,34) [ksoftirqd/3]
(root,0,0,00:00:00/35-14:05:41,36) [kworker/3:0H-events_highpri]
(root,0,0,00:00:00/35-14:05:41,40) [kdevtmpfs]
(root,0,0,00:00:00/35-14:05:41,41) [netns]
(root,0,0,00:00:00/35-14:05:41,42) [inet_frag_wq]
(root,0,0,00:00:12/35-14:05:41,43) [kauditd]
(root,0,0,00:00:00/35-14:05:41,44) [khungtaskd]
(root,0,0,00:00:00/35-14:05:41,45) [oom_reaper]
(root,0,0,00:00:00/35-14:05:41,46) [writeback]
(root,0,0,00:01:52/35-14:05:41,47) [kcompactd0]
(root,0,0,00:00:00/35-14:05:41,48) [ksmd]
(root,0,0,00:01:56/35-14:05:41,49) [khugepaged]
(root,0,0,00:00:00/35-14:05:41,75) [kintegrityd]
(root,0,0,00:00:00/35-14:05:41,76) [kblockd]
(root,0,0,00:00:00/35-14:05:41,77) [blkcg_punt_bio]
(root,0,0,00:00:00/35-14:05:41,79) [tpm_dev_wq]
(root,0,0,00:00:00/35-14:05:41,80) [edac-poller]
(root,0,0,00:00:00/35-14:05:41,81) [devfreq_wq]
(root,0,0,00:00:00/35-14:05:41,110) [watchdogd]
(root,0,0,00:00:02/35-14:05:41,111) [kswapd0]
(root,0,0,00:00:09/35-14:05:41,113) [kworker/2:1H-kblockd]
(root,0,0,00:00:00/35-14:05:39,115) [kthrotld]
(root,0,0,00:00:00/35-14:05:39,116) [mld]
(root,0,0,00:00:00/35-14:05:39,117) [ipv6_addrconf]
(root,0,0,00:00:10/35-14:05:39,118) [kworker/0:1H-kblockd]
(root,0,0,00:00:00/35-14:05:39,123) [kstrp]
(root,0,0,00:00:00/35-14:05:39,124) [zswap-shrink]
(root,0,0,00:00:00/35-14:05:39,125) [kworker/u9:0]
(root,0,0,00:00:00/35-14:05:39,130) [charger_manager]
(root,0,0,00:00:10/35-14:05:39,172) [kworker/1:1H-kblockd]
(root,0,0,00:00:16/35-14:05:39,177) [kworker/3:1H-kblockd]
(root,0,0,00:00:00/35-14:05:38,239) [kaluad]
(root,0,0,00:00:00/35-14:05:38,258) [kmpath_rdacd]
(root,0,0,00:00:00/35-14:05:38,304) [kmpathd]
(root,0,0,00:00:00/35-14:05:38,305) [kmpath_handlerd]
(root,0,0,00:00:00/35-14:05:37,342) [ata_sff]
(root,0,0,00:00:00/35-14:05:37,343) [scsi_eh_0]
(root,0,0,00:00:00/35-14:05:37,344) [scsi_tmf_0]
(root,0,0,00:00:00/35-14:05:37,345) [scsi_eh_1]
(root,0,0,00:00:00/35-14:05:37,346) [scsi_tmf_1]
(root,0,0,00:01:11/35-14:05:34,366) [jbd2/vda1-8]
(root,0,0,00:00:00/35-14:05:34,367) [ext4-rsv-conver]
(root,38604,7924,00:00:58/35-14:05:22,440) /usr/lib/systemd/systemd-journald
(root,53296,9640,00:00:04/35-14:05:21,454) /usr/lib/systemd/systemd-udevd
(root,8624,6172,00:00:56/35-14:05:19,492) /usr/sbin/haveged -w 1024 -v 0 -F
(root,13476,1600,00:00:21/35-14:04:48,511) /sbin/auditd
(messagebus,22932,5436,00:01:59/35-14:04:47,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
(root,38748,8316,00:01:07/35-14:04:47,530) /usr/lib/systemd/systemd-logind
(root,20556,4536,00:00:00/35-14:04:47,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground
(root,31704,15860,00:00:03/35-14:04:45,611) /usr/sbin/wickedd --systemd --foreground
(root,31900,16308,00:00:00/35-14:04:45,616) /usr/sbin/wickedd-nanny --systemd --foreground
(root,0,0,00:00:00/38:53,633) [kworker/u8:1-writeback]
(root,548616,30252,00:00:42/35-14:04:31,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd
(root,37016,25876,00:00:00/35-14:04:31,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion
(root,21172,4536,00:03:34/35-14:04:31,1337) /usr/sbin/xinetd -stayalive -dontfork
(root,2984,1812,00:00:00/35-14:04:31,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux
(syslogtunnel,40564,10520,00:00:00/35-14:04:31,1341) /usr/lib/systemd/systemd --user
(cm-ssh,40560,10652,00:00:00/35-14:04:31,1342) /usr/lib/systemd/systemd --user
(checkmk,40568,10560,00:00:00/35-14:04:31,1343) /usr/lib/systemd/systemd --user
(root,449060,8372,00:00:55/35-14:04:31,1345) /usr/sbin/rsyslogd -n -iNONE
(ntp,20660,5840,00:05:09/35-14:04:31,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf
(root,2516,656,00:00:00/35-14:04:31,1352) bpfilter_umh
(root,26204,8116,00:00:18/35-14:04:31,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups
(ntp,22048,4016,00:00:00/35-14:04:31,1359) ntpd: asynchronous dns resolver
(spot,361472,198364,2-02:18:33/35-14:04:30,1368) /usr/bin/python3.11 /usr/bin/spot
(syslogtunnel,48528,3192,00:00:00/35-14:04:30,1371) (sd-pam)
(checkmk,48528,3192,00:00:00/35-14:04:30,1372) (sd-pam)
(cm-ssh,48528,3192,00:00:00/35-14:04:30,1373) (sd-pam)
(root,24216,5260,00:00:12/35-14:04:28,1468) /usr/lib/postfix/bin//master -w
(postfix,24292,8228,00:00:02/35-14:04:28,1470) qmgr -l -t fifo -u
(root,8964,2656,00:00:04/35-14:04:28,1485) /usr/sbin/cron -n
(root,35304,10076,00:00:00/35-14:04:25,1516) sshd: syslogtunnel [priv]
(syslogtunnel,35304,5504,00:02:12/35-14:04:24,1527) sshd: syslogtunnel
(root,696596,77900,00:49:16/35-14:04:22,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion
(root,0,0,00:00:01/02:13:53,1719) [kworker/2:2-events]
(spot,223680,64860,00:19:42/35-14:04:10,1995) /usr/bin/python3.11 /usr/bin/spot
(postfix,44628,9244,00:00:01/29-19:39:45,2557) tlsmgr -l -t unix -u
(root,35308,10108,00:00:00/35-14:03:45,3216) sshd: cm-ssh [priv]
(cm-ssh,35308,5492,00:01:58/35-14:03:45,3218) sshd: cm-ssh
(root,0,0,00:00:00/01:21,9309) [kworker/3:1-ata_sff]
(root,0,0,00:00:00/01:11:04,11281) [kworker/0:1-events]
(root,6656,3488,00:00:00/00:00,14936) /bin/bash /usr/bin/check_mk_agent
(root,13744,3372,00:00:00/00:00,14954) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000
(root,11644,964,00:00:00/00:00,14955) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) /
(root,0,0,00:00:00/09:39,16207) [kworker/1:2-events]
(postfix,24244,8160,00:00:00/16:37,18195) pickup -l -t fifo -u
(root,0,0,00:00:00/03:21:35,19269) [kworker/u8:2-ext4-rsv-conversion]
(root,0,0,00:00:00/01:23:40,20934) [kworker/1:1-events]
(root,0,0,00:00:00/53:14,21127) [kworker/3:0-events]
(root,0,0,00:00:00/23:24,25651) [kworker/2:0]
(root,0,0,00:00:00/06:32,27726) [kworker/3:2-ata_sff]
(root,0,0,00:00:00/14:08,29321) [kworker/0:0-events]

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff
    altname enp0s18
    altname ens18
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff
    altname enp0s19
    altname ens19
[end_iplink]
      Found on 2024-10-16 00:54

    • Severity: high
      Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363e398c2b0

      Found public CheckMk agent:
Version: 1.5.0p25
AgentOS: linux
Hostname: sarpedon
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
OnlyFrom: 

Found process list through CheckMk:
(root,189452,12724,00:01:39/33-12:47:45,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29
(root,0,0,00:00:01/33-12:47:45,2) [kthreadd]
(root,0,0,00:00:00/33-12:47:45,3) [rcu_gp]
(root,0,0,00:00:00/33-12:47:45,4) [rcu_par_gp]
(root,0,0,00:00:00/33-12:47:45,5) [slub_flushwq]
(root,0,0,00:00:00/33-12:47:45,7) [kworker/0:0H-events_highpri]
(root,0,0,00:00:00/33-12:47:45,9) [mm_percpu_wq]
(root,0,0,00:00:00/33-12:47:45,10) [rcu_tasks_kthre]
(root,0,0,00:00:00/33-12:47:45,11) [rcu_tasks_rude_]
(root,0,0,00:00:00/33-12:47:45,12) [rcu_tasks_trace]
(root,0,0,00:01:01/33-12:47:45,13) [ksoftirqd/0]
(root,0,0,01:36:45/33-12:47:45,14) [rcu_preempt]
(root,0,0,00:00:12/33-12:47:45,15) [migration/0]
(root,0,0,00:00:00/33-12:47:45,16) [idle_inject/0]
(root,0,0,00:00:00/33-12:47:45,18) [cpuhp/0]
(root,0,0,00:00:00/33-12:47:45,19) [cpuhp/1]
(root,0,0,00:00:00/33-12:47:45,20) [idle_inject/1]
(root,0,0,00:00:12/33-12:47:45,21) [migration/1]
(root,0,0,00:00:50/33-12:47:45,22) [ksoftirqd/1]
(root,0,0,00:00:00/33-12:47:45,24) [kworker/1:0H-events_highpri]
(root,0,0,00:00:00/33-12:47:45,25) [cpuhp/2]
(root,0,0,00:00:00/33-12:47:45,26) [idle_inject/2]
(root,0,0,00:00:09/33-12:47:45,27) [migration/2]
(root,0,0,01:01:53/33-12:47:45,28) [ksoftirqd/2]
(root,0,0,00:00:00/33-12:47:45,30) [kworker/2:0H-events_highpri]
(root,0,0,00:00:00/33-12:47:45,31) [cpuhp/3]
(root,0,0,00:00:00/33-12:47:45,32) [idle_inject/3]
(root,0,0,00:00:12/33-12:47:45,33) [migration/3]
(root,0,0,00:03:11/33-12:47:45,34) [ksoftirqd/3]
(root,0,0,00:00:00/33-12:47:45,36) [kworker/3:0H-events_highpri]
(root,0,0,00:00:00/33-12:47:45,40) [kdevtmpfs]
(root,0,0,00:00:00/33-12:47:45,41) [netns]
(root,0,0,00:00:00/33-12:47:45,42) [inet_frag_wq]
(root,0,0,00:00:12/33-12:47:45,43) [kauditd]
(root,0,0,00:00:00/33-12:47:45,44) [khungtaskd]
(root,0,0,00:00:00/33-12:47:45,45) [oom_reaper]
(root,0,0,00:00:00/33-12:47:45,46) [writeback]
(root,0,0,00:01:46/33-12:47:45,47) [kcompactd0]
(root,0,0,00:00:00/33-12:47:45,48) [ksmd]
(root,0,0,00:01:49/33-12:47:45,49) [khugepaged]
(root,0,0,00:00:00/33-12:47:45,75) [kintegrityd]
(root,0,0,00:00:00/33-12:47:45,76) [kblockd]
(root,0,0,00:00:00/33-12:47:45,77) [blkcg_punt_bio]
(root,0,0,00:00:00/33-12:47:45,79) [tpm_dev_wq]
(root,0,0,00:00:00/33-12:47:45,80) [edac-poller]
(root,0,0,00:00:00/33-12:47:45,81) [devfreq_wq]
(root,0,0,00:00:00/33-12:47:45,110) [watchdogd]
(root,0,0,00:00:02/33-12:47:45,111) [kswapd0]
(root,0,0,00:00:09/33-12:47:45,113) [kworker/2:1H-kblockd]
(root,0,0,00:00:00/33-12:47:43,115) [kthrotld]
(root,0,0,00:00:00/33-12:47:43,116) [mld]
(root,0,0,00:00:00/33-12:47:43,117) [ipv6_addrconf]
(root,0,0,00:00:09/33-12:47:43,118) [kworker/0:1H-kblockd]
(root,0,0,00:00:00/33-12:47:43,123) [kstrp]
(root,0,0,00:00:00/33-12:47:43,124) [zswap-shrink]
(root,0,0,00:00:00/33-12:47:43,125) [kworker/u9:0]
(root,0,0,00:00:00/33-12:47:43,130) [charger_manager]
(root,0,0,00:00:10/33-12:47:43,172) [kworker/1:1H-kblockd]
(root,0,0,00:00:15/33-12:47:43,177) [kworker/3:1H-kblockd]
(root,0,0,00:00:00/33-12:47:42,239) [kaluad]
(root,0,0,00:00:00/33-12:47:42,258) [kmpath_rdacd]
(root,0,0,00:00:00/33-12:47:42,304) [kmpathd]
(root,0,0,00:00:00/33-12:47:42,305) [kmpath_handlerd]
(root,0,0,00:00:00/33-12:47:41,342) [ata_sff]
(root,0,0,00:00:00/33-12:47:41,343) [scsi_eh_0]
(root,0,0,00:00:00/33-12:47:41,344) [scsi_tmf_0]
(root,0,0,00:00:00/33-12:47:41,345) [scsi_eh_1]
(root,0,0,00:00:00/33-12:47:41,346) [scsi_tmf_1]
(root,0,0,00:01:07/33-12:47:38,366) [jbd2/vda1-8]
(root,0,0,00:00:00/33-12:47:38,367) [ext4-rsv-conver]
(root,38604,7944,00:00:54/33-12:47:26,440) /usr/lib/systemd/systemd-journald
(root,53296,9712,00:00:03/33-12:47:25,454) /usr/lib/systemd/systemd-udevd
(root,8624,6212,00:00:52/33-12:47:23,492) /usr/sbin/haveged -w 1024 -v 0 -F
(root,13476,1616,00:00:20/33-12:46:52,511) /sbin/auditd
(messagebus,22932,5632,00:01:52/33-12:46:51,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
(root,38748,8332,00:01:03/33-12:46:51,530) /usr/lib/systemd/systemd-logind
(root,20556,4624,00:00:00/33-12:46:51,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground
(root,31704,15948,00:00:03/33-12:46:49,611) /usr/sbin/wickedd --systemd --foreground
(root,31900,16404,00:00:00/33-12:46:49,616) /usr/sbin/wickedd-nanny --systemd --foreground
(root,548360,29300,00:00:39/33-12:46:35,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd
(root,37016,25908,00:00:00/33-12:46:35,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion
(root,21172,4536,00:03:23/33-12:46:35,1337) /usr/sbin/xinetd -stayalive -dontfork
(root,2984,1812,00:00:00/33-12:46:35,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux
(syslogtunnel,40564,10520,00:00:00/33-12:46:35,1341) /usr/lib/systemd/systemd --user
(cm-ssh,40560,10652,00:00:00/33-12:46:35,1342) /usr/lib/systemd/systemd --user
(checkmk,40568,10560,00:00:00/33-12:46:35,1343) /usr/lib/systemd/systemd --user
(root,449060,8496,00:00:51/33-12:46:35,1345) /usr/sbin/rsyslogd -n -iNONE
(ntp,20660,5856,00:04:51/33-12:46:35,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf
(root,2516,656,00:00:00/33-12:46:35,1352) bpfilter_umh
(root,26204,8128,00:00:17/33-12:46:35,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups
(ntp,22048,4032,00:00:00/33-12:46:35,1359) ntpd: asynchronous dns resolver
(spot,361024,199972,2-00:18:07/33-12:46:34,1368) /usr/bin/python3.11 /usr/bin/spot
(syslogtunnel,48528,3192,00:00:00/33-12:46:34,1371) (sd-pam)
(checkmk,48528,3192,00:00:00/33-12:46:34,1372) (sd-pam)
(cm-ssh,48528,3192,00:00:00/33-12:46:34,1373) (sd-pam)
(root,24216,5260,00:00:11/33-12:46:32,1468) /usr/lib/postfix/bin//master -w
(postfix,24292,8228,00:00:02/33-12:46:32,1470) qmgr -l -t fifo -u
(root,8964,2656,00:00:04/33-12:46:32,1485) /usr/sbin/cron -n
(root,35304,10076,00:00:00/33-12:46:29,1516) sshd: syslogtunnel [priv]
(syslogtunnel,35304,5504,00:02:05/33-12:46:28,1527) sshd: syslogtunnel
(root,694036,73228,00:46:25/33-12:46:26,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion
(root,0,0,00:00:00/00:27,1600) [kworker/3:0-events]
(spot,222656,63352,00:18:42/33-12:46:14,1995) /usr/bin/python3.11 /usr/bin/spot
(root,0,0,00:00:00/19:51,2466) [kworker/3:1-ata_sff]
(postfix,44628,9244,00:00:01/27-18:21:49,2557) tlsmgr -l -t unix -u
(root,35308,10108,00:00:00/33-12:45:49,3216) sshd: cm-ssh [priv]
(cm-ssh,35308,5492,00:01:51/33-12:45:49,3218) sshd: cm-ssh
(root,6656,3488,00:00:00/00:00,3889) /bin/bash /usr/bin/check_mk_agent
(root,6656,3484,00:00:00/00:00,3909) /bin/bash /usr/bin/check_mk_agent
(root,6656,2012,00:00:00/00:00,3934) /bin/bash /usr/bin/check_mk_agent
(root,13744,3408,00:00:00/00:00,3942) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000
(root,11644,964,00:00:00/00:00,3943) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) /
(root,0,0,00:00:00/12:44,4095) [kworker/2:0]
(root,0,0,00:00:00/19:20,4794) [kworker/1:1-cgroup_destroy]
(root,0,0,00:00:00/35:58,7410) [kworker/u8:1-events_unbound]
(root,0,0,00:00:00/06:24,7631) [kworker/u8:0-writeback]
(root,0,0,00:00:00/05:38,11576) [kworker/3:2-ata_sff]
(root,0,0,00:00:01/04:33:08,15620) [kworker/2:2-events]
(root,0,0,00:00:00/52:41,17463) [kworker/0:0]
(root,0,0,00:00:00/01:12:49,21273) [kworker/0:1-events]
(root,0,0,00:00:00/02:48,22988) [kworker/1:2-cgroup_destroy]
(postfix,24244,8228,00:00:00/59:40,25034) pickup -l -t fifo -u
(root,0,0,00:00:00/59:28,25667) [kworker/1:0-events]

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff
    altname enp0s18
    altname ens18
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff
    altname enp0s19
    altname ens19
[end_iplink]
      Found on 2024-10-13 23:36

    • Severity: high
      Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363549f65c3

      Found public CheckMk agent:
Version: 1.5.0p25
AgentOS: linux
Hostname: sarpedon
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
OnlyFrom: 

Found process list through CheckMk:
(root,189452,12724,00:01:33/31-12:18:36,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29
(root,0,0,00:00:00/31-12:18:36,2) [kthreadd]
(root,0,0,00:00:00/31-12:18:36,3) [rcu_gp]
(root,0,0,00:00:00/31-12:18:36,4) [rcu_par_gp]
(root,0,0,00:00:00/31-12:18:36,5) [slub_flushwq]
(root,0,0,00:00:00/31-12:18:36,7) [kworker/0:0H-events_highpri]
(root,0,0,00:00:00/31-12:18:36,9) [mm_percpu_wq]
(root,0,0,00:00:00/31-12:18:36,10) [rcu_tasks_kthre]
(root,0,0,00:00:00/31-12:18:36,11) [rcu_tasks_rude_]
(root,0,0,00:00:00/31-12:18:36,12) [rcu_tasks_trace]
(root,0,0,00:00:58/31-12:18:36,13) [ksoftirqd/0]
(root,0,0,01:31:21/31-12:18:36,14) [rcu_preempt]
(root,0,0,00:00:12/31-12:18:36,15) [migration/0]
(root,0,0,00:00:00/31-12:18:36,16) [idle_inject/0]
(root,0,0,00:00:00/31-12:18:36,18) [cpuhp/0]
(root,0,0,00:00:00/31-12:18:36,19) [cpuhp/1]
(root,0,0,00:00:00/31-12:18:36,20) [idle_inject/1]
(root,0,0,00:00:12/31-12:18:36,21) [migration/1]
(root,0,0,00:00:47/31-12:18:36,22) [ksoftirqd/1]
(root,0,0,00:00:00/31-12:18:36,24) [kworker/1:0H-events_highpri]
(root,0,0,00:00:00/31-12:18:36,25) [cpuhp/2]
(root,0,0,00:00:00/31-12:18:36,26) [idle_inject/2]
(root,0,0,00:00:09/31-12:18:36,27) [migration/2]
(root,0,0,00:58:45/31-12:18:36,28) [ksoftirqd/2]
(root,0,0,00:00:00/31-12:18:36,30) [kworker/2:0H-events_highpri]
(root,0,0,00:00:00/31-12:18:36,31) [cpuhp/3]
(root,0,0,00:00:00/31-12:18:36,32) [idle_inject/3]
(root,0,0,00:00:11/31-12:18:36,33) [migration/3]
(root,0,0,00:03:02/31-12:18:36,34) [ksoftirqd/3]
(root,0,0,00:00:00/31-12:18:36,36) [kworker/3:0H-events_highpri]
(root,0,0,00:00:00/31-12:18:36,40) [kdevtmpfs]
(root,0,0,00:00:00/31-12:18:36,41) [netns]
(root,0,0,00:00:00/31-12:18:36,42) [inet_frag_wq]
(root,0,0,00:00:11/31-12:18:36,43) [kauditd]
(root,0,0,00:00:00/31-12:18:36,44) [khungtaskd]
(root,0,0,00:00:00/31-12:18:36,45) [oom_reaper]
(root,0,0,00:00:00/31-12:18:36,46) [writeback]
(root,0,0,00:01:40/31-12:18:36,47) [kcompactd0]
(root,0,0,00:00:00/31-12:18:36,48) [ksmd]
(root,0,0,00:01:43/31-12:18:36,49) [khugepaged]
(root,0,0,00:00:00/31-12:18:36,75) [kintegrityd]
(root,0,0,00:00:00/31-12:18:36,76) [kblockd]
(root,0,0,00:00:00/31-12:18:36,77) [blkcg_punt_bio]
(root,0,0,00:00:00/31-12:18:36,79) [tpm_dev_wq]
(root,0,0,00:00:00/31-12:18:36,80) [edac-poller]
(root,0,0,00:00:00/31-12:18:36,81) [devfreq_wq]
(root,0,0,00:00:00/31-12:18:36,110) [watchdogd]
(root,0,0,00:00:02/31-12:18:36,111) [kswapd0]
(root,0,0,00:00:08/31-12:18:36,113) [kworker/2:1H-kblockd]
(root,0,0,00:00:00/31-12:18:34,115) [kthrotld]
(root,0,0,00:00:00/31-12:18:34,116) [mld]
(root,0,0,00:00:00/31-12:18:34,117) [ipv6_addrconf]
(root,0,0,00:00:09/31-12:18:34,118) [kworker/0:1H-kblockd]
(root,0,0,00:00:00/31-12:18:34,123) [kstrp]
(root,0,0,00:00:00/31-12:18:34,124) [zswap-shrink]
(root,0,0,00:00:00/31-12:18:34,125) [kworker/u9:0]
(root,0,0,00:00:00/31-12:18:34,130) [charger_manager]
(root,0,0,00:00:09/31-12:18:34,172) [kworker/1:1H-kblockd]
(root,0,0,00:00:14/31-12:18:34,177) [kworker/3:1H-kblockd]
(root,0,0,00:00:00/31-12:18:33,239) [kaluad]
(root,0,0,00:00:00/31-12:18:33,258) [kmpath_rdacd]
(root,0,0,00:00:00/31-12:18:33,304) [kmpathd]
(root,0,0,00:00:00/31-12:18:33,305) [kmpath_handlerd]
(root,0,0,00:00:00/31-12:18:32,342) [ata_sff]
(root,0,0,00:00:00/31-12:18:32,343) [scsi_eh_0]
(root,0,0,00:00:00/31-12:18:32,344) [scsi_tmf_0]
(root,0,0,00:00:00/31-12:18:32,345) [scsi_eh_1]
(root,0,0,00:00:00/31-12:18:32,346) [scsi_tmf_1]
(root,0,0,00:01:03/31-12:18:29,366) [jbd2/vda1-8]
(root,0,0,00:00:00/31-12:18:29,367) [ext4-rsv-conver]
(root,38604,7944,00:00:51/31-12:18:17,440) /usr/lib/systemd/systemd-journald
(root,53296,9712,00:00:03/31-12:18:16,454) /usr/lib/systemd/systemd-udevd
(root,8624,6212,00:00:49/31-12:18:14,492) /usr/sbin/haveged -w 1024 -v 0 -F
(root,13476,1616,00:00:18/31-12:17:43,511) /sbin/auditd
(messagebus,22932,5632,00:01:44/31-12:17:42,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
(root,38748,8332,00:00:59/31-12:17:42,530) /usr/lib/systemd/systemd-logind
(root,20556,4624,00:00:00/31-12:17:42,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground
(root,31704,15948,00:00:03/31-12:17:40,611) /usr/sbin/wickedd --systemd --foreground
(root,31900,16404,00:00:00/31-12:17:40,616) /usr/sbin/wickedd-nanny --systemd --foreground
(root,548360,29300,00:00:37/31-12:17:26,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd
(root,37016,25908,00:00:00/31-12:17:26,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion
(root,21172,4536,00:03:11/31-12:17:26,1337) /usr/sbin/xinetd -stayalive -dontfork
(root,2984,1812,00:00:00/31-12:17:26,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux
(syslogtunnel,40564,10520,00:00:00/31-12:17:26,1341) /usr/lib/systemd/systemd --user
(cm-ssh,40560,10652,00:00:00/31-12:17:26,1342) /usr/lib/systemd/systemd --user
(checkmk,40568,10560,00:00:00/31-12:17:26,1343) /usr/lib/systemd/systemd --user
(root,449060,8496,00:00:48/31-12:17:26,1345) /usr/sbin/rsyslogd -n -iNONE
(ntp,20660,5856,00:04:34/31-12:17:26,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf
(root,2516,656,00:00:00/31-12:17:26,1352) bpfilter_umh
(root,26204,8128,00:00:16/31-12:17:26,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups
(ntp,22048,4032,00:00:00/31-12:17:26,1359) ntpd: asynchronous dns resolver
(spot,362000,200256,1-22:07:34/31-12:17:25,1368) /usr/bin/python3.11 /usr/bin/spot
(syslogtunnel,48528,3192,00:00:00/31-12:17:25,1371) (sd-pam)
(checkmk,48528,3192,00:00:00/31-12:17:25,1372) (sd-pam)
(cm-ssh,48528,3192,00:00:00/31-12:17:25,1373) (sd-pam)
(root,24216,5260,00:00:11/31-12:17:23,1468) /usr/lib/postfix/bin//master -w
(postfix,24292,8228,00:00:02/31-12:17:23,1470) qmgr -l -t fifo -u
(root,8964,2656,00:00:04/31-12:17:23,1485) /usr/sbin/cron -n
(root,35304,10076,00:00:00/31-12:17:20,1516) sshd: syslogtunnel [priv]
(syslogtunnel,35304,5504,00:01:58/31-12:17:19,1527) sshd: syslogtunnel
(root,693780,74896,00:43:40/31-12:17:17,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion
(spot,221632,61980,00:17:39/31-12:17:05,1995) /usr/bin/python3.11 /usr/bin/spot
(root,0,0,00:00:00/01:06:25,2437) [kworker/u8:2-writeback]
(postfix,44628,9244,00:00:01/25-17:52:40,2557) tlsmgr -l -t unix -u
(root,35308,10108,00:00:00/31-12:16:40,3216) sshd: cm-ssh [priv]
(cm-ssh,35308,5492,00:01:45/31-12:16:40,3218) sshd: cm-ssh
(root,0,0,00:00:00/01:11:01,5312) [kworker/3:1-ata_sff]
(root,0,0,00:00:00/08:45,6139) [kworker/3:2-events]
(root,0,0,00:00:00/44:14,8658) [kworker/1:0-cgroup_destroy]
(root,0,0,00:00:00/00:48,9918) [kworker/1:1-events]
(root,0,0,00:00:00/17:27:12,11736) [kworker/u8:1-ext4-rsv-conversion]
(root,6656,3484,00:00:00/00:00,14228) /bin/bash /usr/bin/check_mk_agent
(root,13744,3364,00:00:00/00:00,14246) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000
(root,11644,964,00:00:00/00:00,14247) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) /
(root,0,0,00:00:01/02:39:08,22602) [kworker/2:1-events]
(root,0,0,00:00:00/01:06:37,23881) [kworker/1:2-events]
(postfix,24244,8268,00:00:00/52:28,25794) pickup -l -t fifo -u
(root,0,0,00:00:00/01:00:55,27771) [kworker/0:0]
(root,0,0,00:00:00/01:41:45,28641) [kworker/0:1-events]
(root,0,0,00:00:00/10:47,30686) [kworker/2:0-events]
(root,0,0,00:00:00/03:34,31542) [kworker/3:0-ata_sff]

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff
    altname enp0s18
    altname ens18
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff
    altname enp0s19
    altname ens19
[end_iplink]
      Found on 2024-10-11 23:07

    • Severity: high
      Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe5683633aa30468

      Found public CheckMk agent:
Version: 1.5.0p25
AgentOS: linux
Hostname: sarpedon
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
OnlyFrom: 

Found process list through CheckMk:
(root,189452,12724,00:01:25/29-12:28:19,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29
(root,0,0,00:00:00/29-12:28:19,2) [kthreadd]
(root,0,0,00:00:00/29-12:28:19,3) [rcu_gp]
(root,0,0,00:00:00/29-12:28:19,4) [rcu_par_gp]
(root,0,0,00:00:00/29-12:28:19,5) [slub_flushwq]
(root,0,0,00:00:00/29-12:28:19,7) [kworker/0:0H-events_highpri]
(root,0,0,00:00:00/29-12:28:19,9) [mm_percpu_wq]
(root,0,0,00:00:00/29-12:28:19,10) [rcu_tasks_kthre]
(root,0,0,00:00:00/29-12:28:19,11) [rcu_tasks_rude_]
(root,0,0,00:00:00/29-12:28:19,12) [rcu_tasks_trace]
(root,0,0,00:00:55/29-12:28:19,13) [ksoftirqd/0]
(root,0,0,01:25:33/29-12:28:19,14) [rcu_preempt]
(root,0,0,00:00:11/29-12:28:19,15) [migration/0]
(root,0,0,00:00:00/29-12:28:19,16) [idle_inject/0]
(root,0,0,00:00:00/29-12:28:19,18) [cpuhp/0]
(root,0,0,00:00:00/29-12:28:19,19) [cpuhp/1]
(root,0,0,00:00:00/29-12:28:19,20) [idle_inject/1]
(root,0,0,00:00:11/29-12:28:19,21) [migration/1]
(root,0,0,00:00:45/29-12:28:19,22) [ksoftirqd/1]
(root,0,0,00:00:00/29-12:28:19,24) [kworker/1:0H-events_highpri]
(root,0,0,00:00:00/29-12:28:19,25) [cpuhp/2]
(root,0,0,00:00:00/29-12:28:19,26) [idle_inject/2]
(root,0,0,00:00:08/29-12:28:19,27) [migration/2]
(root,0,0,00:54:38/29-12:28:19,28) [ksoftirqd/2]
(root,0,0,00:00:00/29-12:28:19,30) [kworker/2:0H-events_highpri]
(root,0,0,00:00:00/29-12:28:19,31) [cpuhp/3]
(root,0,0,00:00:00/29-12:28:19,32) [idle_inject/3]
(root,0,0,00:00:10/29-12:28:19,33) [migration/3]
(root,0,0,00:02:50/29-12:28:19,34) [ksoftirqd/3]
(root,0,0,00:00:00/29-12:28:19,36) [kworker/3:0H-events_highpri]
(root,0,0,00:00:00/29-12:28:19,40) [kdevtmpfs]
(root,0,0,00:00:00/29-12:28:19,41) [netns]
(root,0,0,00:00:00/29-12:28:19,42) [inet_frag_wq]
(root,0,0,00:00:10/29-12:28:19,43) [kauditd]
(root,0,0,00:00:00/29-12:28:19,44) [khungtaskd]
(root,0,0,00:00:00/29-12:28:19,45) [oom_reaper]
(root,0,0,00:00:00/29-12:28:19,46) [writeback]
(root,0,0,00:01:34/29-12:28:19,47) [kcompactd0]
(root,0,0,00:00:00/29-12:28:19,48) [ksmd]
(root,0,0,00:01:36/29-12:28:19,49) [khugepaged]
(root,0,0,00:00:00/29-12:28:19,75) [kintegrityd]
(root,0,0,00:00:00/29-12:28:19,76) [kblockd]
(root,0,0,00:00:00/29-12:28:19,77) [blkcg_punt_bio]
(root,0,0,00:00:00/29-12:28:19,79) [tpm_dev_wq]
(root,0,0,00:00:00/29-12:28:19,80) [edac-poller]
(root,0,0,00:00:00/29-12:28:19,81) [devfreq_wq]
(root,0,0,00:00:00/29-12:28:19,110) [watchdogd]
(root,0,0,00:00:02/29-12:28:19,111) [kswapd0]
(root,0,0,00:00:08/29-12:28:19,113) [kworker/2:1H-kblockd]
(root,0,0,00:00:00/29-12:28:17,115) [kthrotld]
(root,0,0,00:00:00/29-12:28:17,116) [mld]
(root,0,0,00:00:00/29-12:28:17,117) [ipv6_addrconf]
(root,0,0,00:00:08/29-12:28:17,118) [kworker/0:1H-kblockd]
(root,0,0,00:00:00/29-12:28:17,123) [kstrp]
(root,0,0,00:00:00/29-12:28:17,124) [zswap-shrink]
(root,0,0,00:00:00/29-12:28:17,125) [kworker/u9:0]
(root,0,0,00:00:00/29-12:28:17,130) [charger_manager]
(root,0,0,00:00:09/29-12:28:17,172) [kworker/1:1H-kblockd]
(root,0,0,00:00:13/29-12:28:17,177) [kworker/3:1H-kblockd]
(root,0,0,00:00:00/29-12:28:16,239) [kaluad]
(root,0,0,00:00:00/29-12:28:16,258) [kmpath_rdacd]
(root,0,0,00:00:00/29-12:28:16,304) [kmpathd]
(root,0,0,00:00:00/29-12:28:16,305) [kmpath_handlerd]
(root,0,0,00:00:00/29-12:28:15,342) [ata_sff]
(root,0,0,00:00:00/29-12:28:15,343) [scsi_eh_0]
(root,0,0,00:00:00/29-12:28:15,344) [scsi_tmf_0]
(root,0,0,00:00:00/29-12:28:15,345) [scsi_eh_1]
(root,0,0,00:00:00/29-12:28:15,346) [scsi_tmf_1]
(root,0,0,00:00:59/29-12:28:12,366) [jbd2/vda1-8]
(root,0,0,00:00:00/29-12:28:12,367) [ext4-rsv-conver]
(root,38604,7944,00:00:47/29-12:28:00,440) /usr/lib/systemd/systemd-journald
(root,53296,9712,00:00:03/29-12:27:59,454) /usr/lib/systemd/systemd-udevd
(root,8624,6212,00:00:46/29-12:27:57,492) /usr/sbin/haveged -w 1024 -v 0 -F
(root,13476,1616,00:00:17/29-12:27:26,511) /sbin/auditd
(messagebus,22932,5632,00:01:35/29-12:27:25,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
(root,38748,8332,00:00:54/29-12:27:25,530) /usr/lib/systemd/systemd-logind
(root,20556,4624,00:00:00/29-12:27:25,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground
(root,31704,15948,00:00:03/29-12:27:23,611) /usr/sbin/wickedd --systemd --foreground
(root,31900,16404,00:00:00/29-12:27:23,616) /usr/sbin/wickedd-nanny --systemd --foreground
(root,548360,29300,00:00:34/29-12:27:09,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd
(root,37016,25908,00:00:00/29-12:27:09,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion
(root,21172,4536,00:03:00/29-12:27:09,1337) /usr/sbin/xinetd -stayalive -dontfork
(root,2984,1812,00:00:00/29-12:27:09,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux
(syslogtunnel,40564,10520,00:00:00/29-12:27:09,1341) /usr/lib/systemd/systemd --user
(cm-ssh,40560,10652,00:00:00/29-12:27:09,1342) /usr/lib/systemd/systemd --user
(checkmk,40568,10560,00:00:00/29-12:27:09,1343) /usr/lib/systemd/systemd --user
(root,449060,8644,00:00:45/29-12:27:09,1345) /usr/sbin/rsyslogd -n -iNONE
(ntp,20660,5856,00:04:17/29-12:27:09,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf
(root,2516,656,00:00:00/29-12:27:09,1352) bpfilter_umh
(root,26204,8128,00:00:14/29-12:27:09,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups
(ntp,22048,4032,00:00:00/29-12:27:09,1359) ntpd: asynchronous dns resolver
(spot,361264,200068,1-19:46:37/29-12:27:08,1368) /usr/bin/python3.11 /usr/bin/spot
(syslogtunnel,48528,3192,00:00:00/29-12:27:08,1371) (sd-pam)
(checkmk,48528,3192,00:00:00/29-12:27:08,1372) (sd-pam)
(cm-ssh,48528,3192,00:00:00/29-12:27:08,1373) (sd-pam)
(root,24216,5260,00:00:10/29-12:27:06,1468) /usr/lib/postfix/bin//master -w
(postfix,24292,8228,00:00:02/29-12:27:06,1470) qmgr -l -t fifo -u
(root,8964,2656,00:00:04/29-12:27:06,1485) /usr/sbin/cron -n
(root,35304,10076,00:00:00/29-12:27:03,1516) sshd: syslogtunnel [priv]
(syslogtunnel,35304,5504,00:01:50/29-12:27:02,1527) sshd: syslogtunnel
(root,693524,74428,00:40:48/29-12:27:00,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion
(spot,220608,60744,00:16:36/29-12:26:48,1995) /usr/bin/python3.11 /usr/bin/spot
(postfix,44628,9244,00:00:01/23-18:02:23,2557) tlsmgr -l -t unix -u
(root,35308,10108,00:00:00/29-12:26:23,3216) sshd: cm-ssh [priv]
(cm-ssh,35308,5492,00:01:38/29-12:26:23,3218) sshd: cm-ssh
(root,0,0,00:00:00/05:57,4759) [kworker/3:1-ata_sff]
(root,0,0,00:00:00/31:05,7629) [kworker/u8:2-flush-253:0]
(root,0,0,00:00:00/01:10:00,9799) [kworker/1:0-cgroup_destroy]
(root,0,0,00:00:00/52:37,11915) [kworker/3:2-events]
(root,0,0,00:00:00/01:20:12,18169) [kworker/0:2-events]
(root,0,0,00:00:01/01:52:22,22291) [kworker/0:1-events]
(postfix,24244,8236,00:00:00/01:24:11,24925) pickup -l -t fifo -u
(root,0,0,00:00:00/43:17,25049) [kworker/u8:1-ext4-rsv-conversion]
(root,0,0,00:00:00/01:40,25890) [kworker/2:0]
(root,0,0,00:00:00/00:44,27945) [kworker/3:0-ata_sff]
(root,0,0,00:00:00/08:09,28474) [kworker/2:2-events]
(root,0,0,00:00:00/24:38,28994) [kworker/1:2-events]
(root,0,0,00:00:00/40:48,29505) [kworker/2:1-events]
(root,6656,3488,00:00:00/00:00,30183) /bin/bash /usr/bin/check_mk_agent
(root,13744,3384,00:00:00/00:00,30201) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000
(root,11644,960,00:00:00/00:00,30202) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) /

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff
    altname enp0s18
    altname ens18
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff
    altname enp0s19
    altname ens19
[end_iplink]
      Found on 2024-10-09 23:17

    • Severity: high
      Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363de4503fe

      Found public CheckMk agent:
Version: 1.5.0p25
AgentOS: linux
Hostname: sarpedon
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
OnlyFrom: 

Found process list through CheckMk:
(root,189452,12724,00:01:18/27-13:02:58,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29
(root,0,0,00:00:00/27-13:02:58,2) [kthreadd]
(root,0,0,00:00:00/27-13:02:58,3) [rcu_gp]
(root,0,0,00:00:00/27-13:02:58,4) [rcu_par_gp]
(root,0,0,00:00:00/27-13:02:58,5) [slub_flushwq]
(root,0,0,00:00:00/27-13:02:58,7) [kworker/0:0H-events_highpri]
(root,0,0,00:00:00/27-13:02:58,9) [mm_percpu_wq]
(root,0,0,00:00:00/27-13:02:58,10) [rcu_tasks_kthre]
(root,0,0,00:00:00/27-13:02:58,11) [rcu_tasks_rude_]
(root,0,0,00:00:00/27-13:02:58,12) [rcu_tasks_trace]
(root,0,0,00:00:51/27-13:02:58,13) [ksoftirqd/0]
(root,0,0,01:20:09/27-13:02:58,14) [rcu_preempt]
(root,0,0,00:00:10/27-13:02:58,15) [migration/0]
(root,0,0,00:00:00/27-13:02:58,16) [idle_inject/0]
(root,0,0,00:00:00/27-13:02:58,18) [cpuhp/0]
(root,0,0,00:00:00/27-13:02:58,19) [cpuhp/1]
(root,0,0,00:00:00/27-13:02:58,20) [idle_inject/1]
(root,0,0,00:00:10/27-13:02:58,21) [migration/1]
(root,0,0,00:00:42/27-13:02:58,22) [ksoftirqd/1]
(root,0,0,00:00:00/27-13:02:58,24) [kworker/1:0H-events_highpri]
(root,0,0,00:00:00/27-13:02:58,25) [cpuhp/2]
(root,0,0,00:00:00/27-13:02:58,26) [idle_inject/2]
(root,0,0,00:00:08/27-13:02:58,27) [migration/2]
(root,0,0,00:51:33/27-13:02:58,28) [ksoftirqd/2]
(root,0,0,00:00:00/27-13:02:58,30) [kworker/2:0H-events_highpri]
(root,0,0,00:00:00/27-13:02:58,31) [cpuhp/3]
(root,0,0,00:00:00/27-13:02:58,32) [idle_inject/3]
(root,0,0,00:00:10/27-13:02:58,33) [migration/3]
(root,0,0,00:02:41/27-13:02:58,34) [ksoftirqd/3]
(root,0,0,00:00:00/27-13:02:58,36) [kworker/3:0H-events_highpri]
(root,0,0,00:00:00/27-13:02:58,40) [kdevtmpfs]
(root,0,0,00:00:00/27-13:02:58,41) [netns]
(root,0,0,00:00:00/27-13:02:58,42) [inet_frag_wq]
(root,0,0,00:00:09/27-13:02:58,43) [kauditd]
(root,0,0,00:00:00/27-13:02:58,44) [khungtaskd]
(root,0,0,00:00:00/27-13:02:58,45) [oom_reaper]
(root,0,0,00:00:00/27-13:02:58,46) [writeback]
(root,0,0,00:01:28/27-13:02:58,47) [kcompactd0]
(root,0,0,00:00:00/27-13:02:58,48) [ksmd]
(root,0,0,00:01:29/27-13:02:58,49) [khugepaged]
(root,0,0,00:00:00/27-13:02:58,75) [kintegrityd]
(root,0,0,00:00:00/27-13:02:58,76) [kblockd]
(root,0,0,00:00:00/27-13:02:58,77) [blkcg_punt_bio]
(root,0,0,00:00:00/27-13:02:58,79) [tpm_dev_wq]
(root,0,0,00:00:00/27-13:02:58,80) [edac-poller]
(root,0,0,00:00:00/27-13:02:58,81) [devfreq_wq]
(root,0,0,00:00:00/27-13:02:58,110) [watchdogd]
(root,0,0,00:00:02/27-13:02:58,111) [kswapd0]
(root,0,0,00:00:07/27-13:02:58,113) [kworker/2:1H-kblockd]
(root,0,0,00:00:00/27-13:02:56,115) [kthrotld]
(root,0,0,00:00:00/27-13:02:56,116) [mld]
(root,0,0,00:00:00/27-13:02:56,117) [ipv6_addrconf]
(root,0,0,00:00:07/27-13:02:56,118) [kworker/0:1H-kblockd]
(root,0,0,00:00:00/27-13:02:56,123) [kstrp]
(root,0,0,00:00:00/27-13:02:56,124) [zswap-shrink]
(root,0,0,00:00:00/27-13:02:56,125) [kworker/u9:0]
(root,0,0,00:00:00/27-13:02:56,130) [charger_manager]
(root,0,0,00:00:08/27-13:02:56,172) [kworker/1:1H-kblockd]
(root,0,0,00:00:12/27-13:02:56,177) [kworker/3:1H-kblockd]
(root,0,0,00:00:00/27-13:02:55,239) [kaluad]
(root,0,0,00:00:00/27-13:02:55,258) [kmpath_rdacd]
(root,0,0,00:00:00/27-13:02:55,304) [kmpathd]
(root,0,0,00:00:00/27-13:02:55,305) [kmpath_handlerd]
(root,0,0,00:00:00/27-13:02:54,342) [ata_sff]
(root,0,0,00:00:00/27-13:02:54,343) [scsi_eh_0]
(root,0,0,00:00:00/27-13:02:54,344) [scsi_tmf_0]
(root,0,0,00:00:00/27-13:02:54,345) [scsi_eh_1]
(root,0,0,00:00:00/27-13:02:54,346) [scsi_tmf_1]
(root,0,0,00:00:55/27-13:02:51,366) [jbd2/vda1-8]
(root,0,0,00:00:00/27-13:02:51,367) [ext4-rsv-conver]
(root,38604,7944,00:00:43/27-13:02:39,440) /usr/lib/systemd/systemd-journald
(root,53296,9712,00:00:03/27-13:02:38,454) /usr/lib/systemd/systemd-udevd
(root,8624,6212,00:00:43/27-13:02:36,492) /usr/sbin/haveged -w 1024 -v 0 -F
(root,13476,1616,00:00:15/27-13:02:05,511) /sbin/auditd
(messagebus,22932,5632,00:01:26/27-13:02:04,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
(root,38748,8328,00:00:49/27-13:02:04,530) /usr/lib/systemd/systemd-logind
(root,20556,4624,00:00:00/27-13:02:04,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground
(root,31704,15948,00:00:03/27-13:02:02,611) /usr/sbin/wickedd --systemd --foreground
(root,31900,16404,00:00:00/27-13:02:02,616) /usr/sbin/wickedd-nanny --systemd --foreground
(root,548104,28776,00:00:32/27-13:01:48,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd
(root,37016,25908,00:00:00/27-13:01:48,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion
(root,21172,4536,00:02:49/27-13:01:48,1337) /usr/sbin/xinetd -stayalive -dontfork
(root,2984,1812,00:00:00/27-13:01:48,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux
(syslogtunnel,40564,10520,00:00:00/27-13:01:48,1341) /usr/lib/systemd/systemd --user
(cm-ssh,40560,10652,00:00:00/27-13:01:48,1342) /usr/lib/systemd/systemd --user
(checkmk,40568,10560,00:00:00/27-13:01:48,1343) /usr/lib/systemd/systemd --user
(root,449060,8644,00:00:41/27-13:01:48,1345) /usr/sbin/rsyslogd -n -iNONE
(ntp,20660,5856,00:04:00/27-13:01:48,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf
(root,2516,656,00:00:00/27-13:01:48,1352) bpfilter_umh
(root,26204,8128,00:00:13/27-13:01:48,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups
(ntp,22048,4032,00:00:00/27-13:01:48,1359) ntpd: asynchronous dns resolver
(spot,296080,195012,1-17:12:17/27-13:01:47,1368) /usr/bin/python3.11 /usr/bin/spot
(syslogtunnel,48528,3192,00:00:00/27-13:01:47,1371) (sd-pam)
(checkmk,48528,3192,00:00:00/27-13:01:47,1372) (sd-pam)
(cm-ssh,48528,3192,00:00:00/27-13:01:47,1373) (sd-pam)
(root,24216,5260,00:00:09/27-13:01:45,1468) /usr/lib/postfix/bin//master -w
(postfix,24292,8228,00:00:01/27-13:01:45,1470) qmgr -l -t fifo -u
(root,8964,2656,00:00:03/27-13:01:45,1485) /usr/sbin/cron -n
(root,35304,10076,00:00:00/27-13:01:42,1516) sshd: syslogtunnel [priv]
(syslogtunnel,35304,5504,00:01:42/27-13:01:41,1527) sshd: syslogtunnel
(root,693268,72064,00:38:05/27-13:01:39,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion
(spot,219584,59132,00:15:34/27-13:01:27,1995) /usr/bin/python3.11 /usr/bin/spot
(postfix,44628,9244,00:00:00/21-18:37:02,2557) tlsmgr -l -t unix -u
(root,35308,10108,00:00:00/27-13:01:02,3216) sshd: cm-ssh [priv]
(cm-ssh,35308,5492,00:01:31/27-13:01:02,3218) sshd: cm-ssh
(root,0,0,00:00:00/01:31:07,4690) [kworker/u8:1-ext4-rsv-conversion]
(root,0,0,00:00:00/01:45,4886) [kworker/1:0-events]
(root,0,0,00:00:00/01:02,8133) [kworker/3:1-ata_sff]
(postfix,24244,8176,00:00:00/40:32,10198) pickup -l -t fifo -u
(root,0,0,00:00:00/57:50,13876) [kworker/2:2-cgroup_destroy]
(root,6656,3488,00:00:00/00:00,14189) /bin/bash /usr/bin/check_mk_agent
(root,6656,1824,00:00:00/00:00,14256) /bin/bash /usr/bin/check_mk_agent
(root,6656,2016,00:00:00/00:00,14257) /bin/bash /usr/bin/check_mk_agent
(root,4480,1048,00:00:00/00:00,14258) awk  /:/ { c[$4]++; } END { for (x in c) { print x, c[x]; } }
(root,2728,804,00:00:00/00:00,14259) timeout 5 cat /proc/net/tcp /proc/net/tcp6
(root,2544,1212,00:00:00/00:00,14260) cat /proc/net/tcp /proc/net/tcp6
(root,6656,3480,00:00:00/00:00,14261) /bin/bash /usr/bin/check_mk_agent
(root,13744,3532,00:00:00/00:00,14279) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000
(root,11644,964,00:00:00/00:00,14280) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) /
(root,0,0,00:00:00/08:00,14310) [kworker/0:0-cgroup_destroy]
(root,0,0,00:00:00/06:13,18691) [kworker/3:2-ata_sff]
(root,0,0,00:00:00/01:50:43,21505) [kworker/u8:2-writeback]
(root,0,0,00:00:00/01:25:34,22103) [kworker/0:1-events]
(root,0,0,00:00:00/23:35,23590) [kworker/1:2-cgroup_destroy]
(root,0,0,00:00:00/01:07:05,24824) [kworker/2:1-events]
(root,0,0,00:00:00/04:52,24846) [kworker/2:0-events]
(root,0,0,00:00:01/01:24:03,28201) [kworker/3:0-events]
(root,0,0,00:00:00/36:03,28567) [kworker/1:1-events]

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff
    altname enp0s18
    altname ens18
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff
    altname enp0s19
    altname ens19
[end_iplink]
      Found on 2024-10-07 23:51

    • Severity: high
      Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363c880ab42

      Found public CheckMk agent:
Version: 1.5.0p25
AgentOS: linux
Hostname: sarpedon
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
OnlyFrom: 

Found process list through CheckMk:
(root,189452,12712,00:01:11/25-12:46:04,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29
(root,0,0,00:00:00/25-12:46:04,2) [kthreadd]
(root,0,0,00:00:00/25-12:46:04,3) [rcu_gp]
(root,0,0,00:00:00/25-12:46:04,4) [rcu_par_gp]
(root,0,0,00:00:00/25-12:46:04,5) [slub_flushwq]
(root,0,0,00:00:00/25-12:46:04,7) [kworker/0:0H-events_highpri]
(root,0,0,00:00:00/25-12:46:04,9) [mm_percpu_wq]
(root,0,0,00:00:00/25-12:46:04,10) [rcu_tasks_kthre]
(root,0,0,00:00:00/25-12:46:04,11) [rcu_tasks_rude_]
(root,0,0,00:00:00/25-12:46:04,12) [rcu_tasks_trace]
(root,0,0,00:00:48/25-12:46:04,13) [ksoftirqd/0]
(root,0,0,01:14:43/25-12:46:04,14) [rcu_preempt]
(root,0,0,00:00:09/25-12:46:04,15) [migration/0]
(root,0,0,00:00:00/25-12:46:04,16) [idle_inject/0]
(root,0,0,00:00:00/25-12:46:04,18) [cpuhp/0]
(root,0,0,00:00:00/25-12:46:04,19) [cpuhp/1]
(root,0,0,00:00:00/25-12:46:04,20) [idle_inject/1]
(root,0,0,00:00:09/25-12:46:04,21) [migration/1]
(root,0,0,00:00:39/25-12:46:04,22) [ksoftirqd/1]
(root,0,0,00:00:00/25-12:46:04,24) [kworker/1:0H-events_highpri]
(root,0,0,00:00:00/25-12:46:04,25) [cpuhp/2]
(root,0,0,00:00:00/25-12:46:04,26) [idle_inject/2]
(root,0,0,00:00:07/25-12:46:04,27) [migration/2]
(root,0,0,00:48:49/25-12:46:04,28) [ksoftirqd/2]
(root,0,0,00:00:00/25-12:46:04,30) [kworker/2:0H-events_highpri]
(root,0,0,00:00:00/25-12:46:04,31) [cpuhp/3]
(root,0,0,00:00:00/25-12:46:04,32) [idle_inject/3]
(root,0,0,00:00:09/25-12:46:04,33) [migration/3]
(root,0,0,00:02:31/25-12:46:04,34) [ksoftirqd/3]
(root,0,0,00:00:00/25-12:46:04,36) [kworker/3:0H-events_highpri]
(root,0,0,00:00:00/25-12:46:04,40) [kdevtmpfs]
(root,0,0,00:00:00/25-12:46:04,41) [netns]
(root,0,0,00:00:00/25-12:46:04,42) [inet_frag_wq]
(root,0,0,00:00:08/25-12:46:04,43) [kauditd]
(root,0,0,00:00:00/25-12:46:04,44) [khungtaskd]
(root,0,0,00:00:00/25-12:46:04,45) [oom_reaper]
(root,0,0,00:00:00/25-12:46:04,46) [writeback]
(root,0,0,00:01:21/25-12:46:04,47) [kcompactd0]
(root,0,0,00:00:00/25-12:46:04,48) [ksmd]
(root,0,0,00:01:23/25-12:46:04,49) [khugepaged]
(root,0,0,00:00:00/25-12:46:04,75) [kintegrityd]
(root,0,0,00:00:00/25-12:46:04,76) [kblockd]
(root,0,0,00:00:00/25-12:46:04,77) [blkcg_punt_bio]
(root,0,0,00:00:00/25-12:46:04,79) [tpm_dev_wq]
(root,0,0,00:00:00/25-12:46:04,80) [edac-poller]
(root,0,0,00:00:00/25-12:46:04,81) [devfreq_wq]
(root,0,0,00:00:00/25-12:46:04,110) [watchdogd]
(root,0,0,00:00:01/25-12:46:04,111) [kswapd0]
(root,0,0,00:00:07/25-12:46:04,113) [kworker/2:1H-kblockd]
(root,0,0,00:00:00/25-12:46:02,115) [kthrotld]
(root,0,0,00:00:00/25-12:46:02,116) [mld]
(root,0,0,00:00:00/25-12:46:02,117) [ipv6_addrconf]
(root,0,0,00:00:07/25-12:46:02,118) [kworker/0:1H-kblockd]
(root,0,0,00:00:00/25-12:46:02,123) [kstrp]
(root,0,0,00:00:00/25-12:46:02,124) [zswap-shrink]
(root,0,0,00:00:00/25-12:46:02,125) [kworker/u9:0]
(root,0,0,00:00:00/25-12:46:02,130) [charger_manager]
(root,0,0,00:00:07/25-12:46:02,172) [kworker/1:1H-kblockd]
(root,0,0,00:00:11/25-12:46:02,177) [kworker/3:1H-kblockd]
(root,0,0,00:00:00/25-12:46:01,239) [kaluad]
(root,0,0,00:00:00/25-12:46:01,258) [kmpath_rdacd]
(root,0,0,00:00:00/25-12:46:01,304) [kmpathd]
(root,0,0,00:00:00/25-12:46:01,305) [kmpath_handlerd]
(root,0,0,00:00:00/25-12:46:00,342) [ata_sff]
(root,0,0,00:00:00/25-12:46:00,343) [scsi_eh_0]
(root,0,0,00:00:00/25-12:46:00,344) [scsi_tmf_0]
(root,0,0,00:00:00/25-12:46:00,345) [scsi_eh_1]
(root,0,0,00:00:00/25-12:46:00,346) [scsi_tmf_1]
(root,0,0,00:00:51/25-12:45:57,366) [jbd2/vda1-8]
(root,0,0,00:00:00/25-12:45:57,367) [ext4-rsv-conver]
(root,38604,7992,00:00:39/25-12:45:45,440) /usr/lib/systemd/systemd-journald
(root,53296,9748,00:00:03/25-12:45:44,454) /usr/lib/systemd/systemd-udevd
(root,8624,6244,00:00:40/25-12:45:42,492) /usr/sbin/haveged -w 1024 -v 0 -F
(root,13476,1652,00:00:14/25-12:45:11,511) /sbin/auditd
(messagebus,22932,5912,00:01:17/25-12:45:10,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
(root,38748,8392,00:00:44/25-12:45:10,530) /usr/lib/systemd/systemd-logind
(root,20556,5900,00:00:00/25-12:45:10,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground
(root,31704,17292,00:00:03/25-12:45:08,611) /usr/sbin/wickedd --systemd --foreground
(root,31900,17856,00:00:00/25-12:45:08,616) /usr/sbin/wickedd-nanny --systemd --foreground
(root,548104,29508,00:00:30/25-12:44:54,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd
(root,37016,26660,00:00:00/25-12:44:54,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion
(root,21172,4536,00:02:37/25-12:44:54,1337) /usr/sbin/xinetd -stayalive -dontfork
(root,2984,1856,00:00:00/25-12:44:54,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux
(syslogtunnel,40564,10520,00:00:00/25-12:44:54,1341) /usr/lib/systemd/systemd --user
(cm-ssh,40560,10652,00:00:00/25-12:44:54,1342) /usr/lib/systemd/systemd --user
(checkmk,40568,10560,00:00:00/25-12:44:54,1343) /usr/lib/systemd/systemd --user
(root,449060,9120,00:00:37/25-12:44:54,1345) /usr/sbin/rsyslogd -n -iNONE
(ntp,20660,6340,00:03:42/25-12:44:54,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf
(root,2516,656,00:00:00/25-12:44:54,1352) bpfilter_umh
(root,26204,8212,00:00:12/25-12:44:54,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups
(ntp,22048,4368,00:00:00/25-12:44:54,1359) ntpd: asynchronous dns resolver
(spot,296192,191532,1-14:57:46/25-12:44:53,1368) /usr/bin/python3.11 /usr/bin/spot
(syslogtunnel,48528,3192,00:00:00/25-12:44:53,1371) (sd-pam)
(checkmk,48528,3192,00:00:00/25-12:44:53,1372) (sd-pam)
(cm-ssh,48528,3192,00:00:00/25-12:44:53,1373) (sd-pam)
(root,24216,5268,00:00:09/25-12:44:51,1468) /usr/lib/postfix/bin//master -w
(postfix,24292,8244,00:00:01/25-12:44:51,1470) qmgr -l -t fifo -u
(root,8964,2656,00:00:03/25-12:44:51,1485) /usr/sbin/cron -n
(root,35304,10076,00:00:00/25-12:44:48,1516) sshd: syslogtunnel [priv]
(syslogtunnel,35304,5504,00:01:35/25-12:44:47,1527) sshd: syslogtunnel
(root,693268,75792,00:35:20/25-12:44:45,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion
(spot,218560,57872,00:14:36/25-12:44:33,1995) /usr/bin/python3.11 /usr/bin/spot
(postfix,44628,9292,00:00:00/19-18:20:08,2557) tlsmgr -l -t unix -u
(root,35308,10108,00:00:00/25-12:44:08,3216) sshd: cm-ssh [priv]
(cm-ssh,35308,5492,00:01:25/25-12:44:08,3218) sshd: cm-ssh
(root,0,0,00:00:00/04:07,3732) [kworker/3:1-ata_sff]
(root,0,0,00:00:00/09:17,6944) [kworker/3:0-ata_sff]
(root,0,0,00:00:00/01:07:36,11861) [kworker/u8:0-writeback]
(root,0,0,00:00:00/00:47,15928) [kworker/1:2]
(root,0,0,00:00:00/40:56,16699) [kworker/2:2-events]
(root,0,0,00:00:00/31:57,17398) [kworker/2:1-events]
(root,6656,3492,00:00:00/00:00,17956) /bin/bash /usr/bin/check_mk_agent
(root,13744,3380,00:00:00/00:00,17974) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000
(root,11644,968,00:00:00/00:00,17975) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) /
(root,0,0,00:00:00/06:52,20983) [kworker/0:1-events]
(root,0,0,00:00:00/01:44:44,21873) [kworker/1:0-events]
(root,0,0,00:00:00/54:17,22713) [kworker/u8:1-ext4-rsv-conversion]
(root,0,0,00:00:00/12:45,23862) [kworker/1:1-cgroup_destroy]
(root,0,0,00:00:01/01:27:07,27643) [kworker/3:2-events]
(root,0,0,00:00:00/52:59,28674) [kworker/0:2-events]
(postfix,24244,8204,00:00:00/44:43,32576) pickup -l -t fifo -u

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff
    altname enp0s18
    altname ens18
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff
    altname enp0s19
    altname ens19
[end_iplink]
      Found on 2024-10-05 23:34

    • Severity: high
      Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe56836341783b07

      Found public CheckMk agent:
Version: 1.5.0p25
AgentOS: linux
Hostname: sarpedon
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
OnlyFrom: 

Found process list through CheckMk:
(root,189452,12712,00:01:03/23-12:54:07,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29
(root,0,0,00:00:00/23-12:54:07,2) [kthreadd]
(root,0,0,00:00:00/23-12:54:07,3) [rcu_gp]
(root,0,0,00:00:00/23-12:54:07,4) [rcu_par_gp]
(root,0,0,00:00:00/23-12:54:07,5) [slub_flushwq]
(root,0,0,00:00:00/23-12:54:07,7) [kworker/0:0H-events_highpri]
(root,0,0,00:00:00/23-12:54:07,9) [mm_percpu_wq]
(root,0,0,00:00:00/23-12:54:07,10) [rcu_tasks_kthre]
(root,0,0,00:00:00/23-12:54:07,11) [rcu_tasks_rude_]
(root,0,0,00:00:00/23-12:54:07,12) [rcu_tasks_trace]
(root,0,0,00:00:45/23-12:54:07,13) [ksoftirqd/0]
(root,0,0,01:09:06/23-12:54:07,14) [rcu_preempt]
(root,0,0,00:00:09/23-12:54:07,15) [migration/0]
(root,0,0,00:00:00/23-12:54:07,16) [idle_inject/0]
(root,0,0,00:00:00/23-12:54:07,18) [cpuhp/0]
(root,0,0,00:00:00/23-12:54:07,19) [cpuhp/1]
(root,0,0,00:00:00/23-12:54:07,20) [idle_inject/1]
(root,0,0,00:00:09/23-12:54:07,21) [migration/1]
(root,0,0,00:00:37/23-12:54:07,22) [ksoftirqd/1]
(root,0,0,00:00:00/23-12:54:07,24) [kworker/1:0H-events_highpri]
(root,0,0,00:00:00/23-12:54:07,25) [cpuhp/2]
(root,0,0,00:00:00/23-12:54:07,26) [idle_inject/2]
(root,0,0,00:00:07/23-12:54:07,27) [migration/2]
(root,0,0,00:45:32/23-12:54:07,28) [ksoftirqd/2]
(root,0,0,00:00:00/23-12:54:07,30) [kworker/2:0H-events_highpri]
(root,0,0,00:00:00/23-12:54:07,31) [cpuhp/3]
(root,0,0,00:00:00/23-12:54:07,32) [idle_inject/3]
(root,0,0,00:00:08/23-12:54:07,33) [migration/3]
(root,0,0,00:02:21/23-12:54:07,34) [ksoftirqd/3]
(root,0,0,00:00:00/23-12:54:07,36) [kworker/3:0H-events_highpri]
(root,0,0,00:00:00/23-12:54:07,40) [kdevtmpfs]
(root,0,0,00:00:00/23-12:54:07,41) [netns]
(root,0,0,00:00:00/23-12:54:07,42) [inet_frag_wq]
(root,0,0,00:00:07/23-12:54:07,43) [kauditd]
(root,0,0,00:00:00/23-12:54:07,44) [khungtaskd]
(root,0,0,00:00:00/23-12:54:07,45) [oom_reaper]
(root,0,0,00:00:00/23-12:54:07,46) [writeback]
(root,0,0,00:01:15/23-12:54:07,47) [kcompactd0]
(root,0,0,00:00:00/23-12:54:07,48) [ksmd]
(root,0,0,00:01:17/23-12:54:07,49) [khugepaged]
(root,0,0,00:00:00/23-12:54:07,75) [kintegrityd]
(root,0,0,00:00:00/23-12:54:07,76) [kblockd]
(root,0,0,00:00:00/23-12:54:07,77) [blkcg_punt_bio]
(root,0,0,00:00:00/23-12:54:07,79) [tpm_dev_wq]
(root,0,0,00:00:00/23-12:54:07,80) [edac-poller]
(root,0,0,00:00:00/23-12:54:07,81) [devfreq_wq]
(root,0,0,00:00:00/23-12:54:07,110) [watchdogd]
(root,0,0,00:00:01/23-12:54:07,111) [kswapd0]
(root,0,0,00:00:06/23-12:54:07,113) [kworker/2:1H-kblockd]
(root,0,0,00:00:00/23-12:54:05,115) [kthrotld]
(root,0,0,00:00:00/23-12:54:05,116) [mld]
(root,0,0,00:00:00/23-12:54:05,117) [ipv6_addrconf]
(root,0,0,00:00:06/23-12:54:05,118) [kworker/0:1H-kblockd]
(root,0,0,00:00:00/23-12:54:05,123) [kstrp]
(root,0,0,00:00:00/23-12:54:05,124) [zswap-shrink]
(root,0,0,00:00:00/23-12:54:05,125) [kworker/u9:0]
(root,0,0,00:00:00/23-12:54:05,130) [charger_manager]
(root,0,0,00:00:07/23-12:54:05,172) [kworker/1:1H-kblockd]
(root,0,0,00:00:10/23-12:54:05,177) [kworker/3:1H-kblockd]
(root,0,0,00:00:00/23-12:54:04,239) [kaluad]
(root,0,0,00:00:00/23-12:54:04,258) [kmpath_rdacd]
(root,0,0,00:00:00/23-12:54:04,304) [kmpathd]
(root,0,0,00:00:00/23-12:54:04,305) [kmpath_handlerd]
(root,0,0,00:00:00/23-12:54:03,342) [ata_sff]
(root,0,0,00:00:00/23-12:54:03,343) [scsi_eh_0]
(root,0,0,00:00:00/23-12:54:03,344) [scsi_tmf_0]
(root,0,0,00:00:00/23-12:54:03,345) [scsi_eh_1]
(root,0,0,00:00:00/23-12:54:03,346) [scsi_tmf_1]
(root,0,0,00:00:47/23-12:54:00,366) [jbd2/vda1-8]
(root,0,0,00:00:00/23-12:54:00,367) [ext4-rsv-conver]
(root,38604,7992,00:00:35/23-12:53:48,440) /usr/lib/systemd/systemd-journald
(root,53296,9748,00:00:02/23-12:53:47,454) /usr/lib/systemd/systemd-udevd
(root,8624,6244,00:00:37/23-12:53:45,492) /usr/sbin/haveged -w 1024 -v 0 -F
(root,13476,1652,00:00:12/23-12:53:14,511) /sbin/auditd
(messagebus,22932,5912,00:01:08/23-12:53:13,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
(root,38748,8392,00:00:39/23-12:53:13,530) /usr/lib/systemd/systemd-logind
(root,20556,5900,00:00:00/23-12:53:13,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground
(root,31704,17292,00:00:03/23-12:53:11,611) /usr/sbin/wickedd --systemd --foreground
(root,31900,17856,00:00:00/23-12:53:11,616) /usr/sbin/wickedd-nanny --systemd --foreground
(root,548104,28468,00:00:27/23-12:52:57,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd
(root,37016,26660,00:00:00/23-12:52:57,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion
(root,21172,4536,00:02:27/23-12:52:57,1337) /usr/sbin/xinetd -stayalive -dontfork
(root,2984,1856,00:00:00/23-12:52:57,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux
(syslogtunnel,40564,10520,00:00:00/23-12:52:57,1341) /usr/lib/systemd/systemd --user
(cm-ssh,40560,10652,00:00:00/23-12:52:57,1342) /usr/lib/systemd/systemd --user
(checkmk,40568,10560,00:00:00/23-12:52:57,1343) /usr/lib/systemd/systemd --user
(root,449060,9120,00:00:33/23-12:52:57,1345) /usr/sbin/rsyslogd -n -iNONE
(ntp,20660,6340,00:03:25/23-12:52:57,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf
(root,2516,656,00:00:00/23-12:52:57,1352) bpfilter_umh
(root,26204,8212,00:00:10/23-12:52:57,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups
(ntp,22048,4368,00:00:00/23-12:52:57,1359) ntpd: asynchronous dns resolver
(spot,291920,178088,1-12:32:22/23-12:52:56,1368) /usr/bin/python3.11 /usr/bin/spot
(syslogtunnel,48528,3192,00:00:00/23-12:52:56,1371) (sd-pam)
(checkmk,48528,3192,00:00:00/23-12:52:56,1372) (sd-pam)
(cm-ssh,48528,3192,00:00:00/23-12:52:56,1373) (sd-pam)
(root,24216,5268,00:00:08/23-12:52:54,1468) /usr/lib/postfix/bin//master -w
(postfix,24292,8244,00:00:01/23-12:52:54,1470) qmgr -l -t fifo -u
(root,8964,2656,00:00:03/23-12:52:54,1485) /usr/sbin/cron -n
(root,35304,10076,00:00:00/23-12:52:51,1516) sshd: syslogtunnel [priv]
(syslogtunnel,35304,5504,00:01:27/23-12:52:50,1527) sshd: syslogtunnel
(root,692644,75248,00:32:34/23-12:52:48,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion
(spot,217536,56548,00:13:35/23-12:52:36,1995) /usr/bin/python3.11 /usr/bin/spot
(postfix,44628,9292,00:00:00/17-18:28:11,2557) tlsmgr -l -t unix -u
(root,35308,10108,00:00:00/23-12:52:11,3216) sshd: cm-ssh [priv]
(cm-ssh,35308,5492,00:01:18/23-12:52:11,3218) sshd: cm-ssh
(root,0,0,00:00:00/01:02:05,3867) [kworker/0:0-events]
(root,0,0,00:00:00/27:36,3961) [kworker/1:2-events]
(root,0,0,00:00:00/01:10:31,4103) [kworker/u8:1-writeback]
(root,0,0,00:00:00/05:35:42,4562) [kworker/u8:0-flush-253:0]
(root,0,0,00:00:00/18:43,6663) [kworker/0:2-events]
(root,0,0,00:00:00/46:42,14029) [kworker/2:1-events]
(root,0,0,00:00:00/03:10,16238) [kworker/3:0-ata_sff]
(root,0,0,00:00:00/01:24:02,18134) [kworker/2:2-events]
(root,0,0,00:00:00/44:40,18665) [kworker/3:1-events]
(postfix,24244,8168,00:00:00/01:14:36,18770) pickup -l -t fifo -u
(root,0,0,00:00:00/08:21,25097) [kworker/3:2-ata_sff]
(root,0,0,00:00:00/21:37,28637) [kworker/1:1]
(root,6656,3484,00:00:00/00:00,30231) /bin/bash /usr/bin/check_mk_agent
(root,13744,3520,00:00:00/00:00,30249) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000
(root,11644,956,00:00:00/00:00,30250) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) /

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff
    altname enp0s18
    altname ens18
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff
    altname enp0s19
    altname ens19
[end_iplink]
      Found on 2024-10-03 23:42

    • Severity: high
      Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe5683630bafb4e4

      Found public CheckMk agent:
Version: 1.5.0p25
AgentOS: linux
Hostname: sarpedon
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
OnlyFrom: 

Found process list through CheckMk:
(root,189452,12688,00:00:54/21-12:55:59,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29
(root,0,0,00:00:00/21-12:55:59,2) [kthreadd]
(root,0,0,00:00:00/21-12:55:59,3) [rcu_gp]
(root,0,0,00:00:00/21-12:55:59,4) [rcu_par_gp]
(root,0,0,00:00:00/21-12:55:59,5) [slub_flushwq]
(root,0,0,00:00:00/21-12:55:59,7) [kworker/0:0H-events_highpri]
(root,0,0,00:00:00/21-12:55:59,9) [mm_percpu_wq]
(root,0,0,00:00:00/21-12:55:59,10) [rcu_tasks_kthre]
(root,0,0,00:00:00/21-12:55:59,11) [rcu_tasks_rude_]
(root,0,0,00:00:00/21-12:55:59,12) [rcu_tasks_trace]
(root,0,0,00:00:41/21-12:55:59,13) [ksoftirqd/0]
(root,0,0,01:03:27/21-12:55:59,14) [rcu_preempt]
(root,0,0,00:00:08/21-12:55:59,15) [migration/0]
(root,0,0,00:00:00/21-12:55:59,16) [idle_inject/0]
(root,0,0,00:00:00/21-12:55:59,18) [cpuhp/0]
(root,0,0,00:00:00/21-12:55:59,19) [cpuhp/1]
(root,0,0,00:00:00/21-12:55:59,20) [idle_inject/1]
(root,0,0,00:00:08/21-12:55:59,21) [migration/1]
(root,0,0,00:00:34/21-12:55:59,22) [ksoftirqd/1]
(root,0,0,00:00:00/21-12:55:59,24) [kworker/1:0H-events_highpri]
(root,0,0,00:00:00/21-12:55:59,25) [cpuhp/2]
(root,0,0,00:00:00/21-12:55:59,26) [idle_inject/2]
(root,0,0,00:00:06/21-12:55:59,27) [migration/2]
(root,0,0,00:42:43/21-12:55:59,28) [ksoftirqd/2]
(root,0,0,00:00:00/21-12:55:59,30) [kworker/2:0H-events_highpri]
(root,0,0,00:00:00/21-12:55:59,31) [cpuhp/3]
(root,0,0,00:00:00/21-12:55:59,32) [idle_inject/3]
(root,0,0,00:00:08/21-12:55:59,33) [migration/3]
(root,0,0,00:02:11/21-12:55:59,34) [ksoftirqd/3]
(root,0,0,00:00:00/21-12:55:59,36) [kworker/3:0H-events_highpri]
(root,0,0,00:00:00/21-12:55:59,40) [kdevtmpfs]
(root,0,0,00:00:00/21-12:55:59,41) [netns]
(root,0,0,00:00:00/21-12:55:59,42) [inet_frag_wq]
(root,0,0,00:00:06/21-12:55:59,43) [kauditd]
(root,0,0,00:00:00/21-12:55:59,44) [khungtaskd]
(root,0,0,00:00:00/21-12:55:59,45) [oom_reaper]
(root,0,0,00:00:00/21-12:55:59,46) [writeback]
(root,0,0,00:01:09/21-12:55:59,47) [kcompactd0]
(root,0,0,00:00:00/21-12:55:59,48) [ksmd]
(root,0,0,00:01:10/21-12:55:59,49) [khugepaged]
(root,0,0,00:00:00/21-12:55:59,75) [kintegrityd]
(root,0,0,00:00:00/21-12:55:59,76) [kblockd]
(root,0,0,00:00:00/21-12:55:59,77) [blkcg_punt_bio]
(root,0,0,00:00:00/21-12:55:59,79) [tpm_dev_wq]
(root,0,0,00:00:00/21-12:55:59,80) [edac-poller]
(root,0,0,00:00:00/21-12:55:59,81) [devfreq_wq]
(root,0,0,00:00:00/21-12:55:59,110) [watchdogd]
(root,0,0,00:00:01/21-12:55:59,111) [kswapd0]
(root,0,0,00:00:05/21-12:55:59,113) [kworker/2:1H-kblockd]
(root,0,0,00:00:00/21-12:55:57,115) [kthrotld]
(root,0,0,00:00:00/21-12:55:57,116) [mld]
(root,0,0,00:00:00/21-12:55:57,117) [ipv6_addrconf]
(root,0,0,00:00:06/21-12:55:57,118) [kworker/0:1H-kblockd]
(root,0,0,00:00:00/21-12:55:57,123) [kstrp]
(root,0,0,00:00:00/21-12:55:57,124) [zswap-shrink]
(root,0,0,00:00:00/21-12:55:57,125) [kworker/u9:0]
(root,0,0,00:00:00/21-12:55:57,130) [charger_manager]
(root,0,0,00:00:06/21-12:55:57,172) [kworker/1:1H-kblockd]
(root,0,0,00:00:09/21-12:55:57,177) [kworker/3:1H-kblockd]
(root,0,0,00:00:00/21-12:55:56,239) [kaluad]
(root,0,0,00:00:00/21-12:55:56,258) [kmpath_rdacd]
(root,0,0,00:00:00/21-12:55:56,304) [kmpathd]
(root,0,0,00:00:00/21-12:55:56,305) [kmpath_handlerd]
(root,0,0,00:00:00/21-12:55:55,342) [ata_sff]
(root,0,0,00:00:00/21-12:55:55,343) [scsi_eh_0]
(root,0,0,00:00:00/21-12:55:55,344) [scsi_tmf_0]
(root,0,0,00:00:00/21-12:55:55,345) [scsi_eh_1]
(root,0,0,00:00:00/21-12:55:55,346) [scsi_tmf_1]
(root,0,0,00:00:43/21-12:55:52,366) [jbd2/vda1-8]
(root,0,0,00:00:00/21-12:55:52,367) [ext4-rsv-conver]
(root,38604,7992,00:00:30/21-12:55:40,440) /usr/lib/systemd/systemd-journald
(root,53296,9748,00:00:02/21-12:55:39,454) /usr/lib/systemd/systemd-udevd
(root,0,0,00:00:01/01:58:40,461) [kworker/3:0-events]
(root,8624,6244,00:00:34/21-12:55:37,492) /usr/sbin/haveged -w 1024 -v 0 -F
(root,13476,1652,00:00:10/21-12:55:06,511) /sbin/auditd
(messagebus,22932,5912,00:00:58/21-12:55:05,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
(root,38748,8392,00:00:33/21-12:55:05,530) /usr/lib/systemd/systemd-logind
(root,20556,5900,00:00:00/21-12:55:05,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground
(root,31704,17292,00:00:03/21-12:55:03,611) /usr/sbin/wickedd --systemd --foreground
(root,31900,17856,00:00:00/21-12:55:03,616) /usr/sbin/wickedd-nanny --systemd --foreground
(postfix,24244,8220,00:00:00/01:38:20,1289) pickup -l -t fifo -u
(root,548104,28468,00:00:25/21-12:54:49,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd
(root,37016,26660,00:00:00/21-12:54:49,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion
(root,21172,4536,00:02:16/21-12:54:49,1337) /usr/sbin/xinetd -stayalive -dontfork
(root,2984,1856,00:00:00/21-12:54:49,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux
(syslogtunnel,40564,10520,00:00:00/21-12:54:49,1341) /usr/lib/systemd/systemd --user
(cm-ssh,40560,10652,00:00:00/21-12:54:49,1342) /usr/lib/systemd/systemd --user
(checkmk,40568,10560,00:00:00/21-12:54:49,1343) /usr/lib/systemd/systemd --user
(root,449156,8812,00:00:29/21-12:54:49,1345) /usr/sbin/rsyslogd -n -iNONE
(ntp,20660,6340,00:03:07/21-12:54:49,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf
(root,2516,656,00:00:00/21-12:54:49,1352) bpfilter_umh
(root,26204,8212,00:00:09/21-12:54:49,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups
(ntp,22048,4368,00:00:00/21-12:54:49,1359) ntpd: asynchronous dns resolver
(spot,313916,199516,1-09:55:22/21-12:54:48,1368) /usr/bin/python3.11 /usr/bin/spot
(syslogtunnel,48528,3192,00:00:00/21-12:54:48,1371) (sd-pam)
(checkmk,48528,3192,00:00:00/21-12:54:48,1372) (sd-pam)
(cm-ssh,48528,3192,00:00:00/21-12:54:48,1373) (sd-pam)
(root,24216,5268,00:00:07/21-12:54:46,1468) /usr/lib/postfix/bin//master -w
(postfix,24292,8244,00:00:01/21-12:54:46,1470) qmgr -l -t fifo -u
(root,8964,2656,00:00:03/21-12:54:46,1485) /usr/sbin/cron -n
(root,35304,10076,00:00:00/21-12:54:43,1516) sshd: syslogtunnel [priv]
(syslogtunnel,35304,5504,00:01:19/21-12:54:42,1527) sshd: syslogtunnel
(root,692388,74908,00:29:47/21-12:54:40,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion
(spot,216512,55044,00:12:32/21-12:54:28,1995) /usr/bin/python3.11 /usr/bin/spot
(postfix,44628,9292,00:00:00/15-18:30:03,2557) tlsmgr -l -t unix -u
(root,35308,10108,00:00:00/21-12:54:03,3216) sshd: cm-ssh [priv]
(cm-ssh,35308,5492,00:01:12/21-12:54:03,3218) sshd: cm-ssh
(root,0,0,00:00:00/28:27,3360) [kworker/2:0-events]
(root,0,0,00:00:00/14:13,3491) [kworker/1:2-events]
(root,0,0,00:00:00/55:01,6922) [kworker/0:2-events]
(root,0,0,00:00:00/04:32,8901) [kworker/3:2-ata_sff]
(root,0,0,00:00:00/02:14:36,9313) [kworker/u8:2-ext4-rsv-conversion]
(root,0,0,00:00:00/01:17:49,14476) [kworker/u8:1-events_unbound]
(root,0,0,00:00:00/09:42,16487) [kworker/3:1-ata_sff]
(root,0,0,00:00:00/19:57,18332) [kworker/0:1]
(root,0,0,00:00:00/08:33,20656) [kworker/1:0]
(root,0,0,00:00:00/00:04,25731) [kworker/2:1-events]
(root,6656,3488,00:00:00/00:00,26072) /bin/bash /usr/bin/check_mk_agent
(root,13744,3532,00:00:00/00:00,26090) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000
(root,11644,960,00:00:00/00:00,26091) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) /
(root,0,0,00:00:01/04:34:34,29790) [kworker/2:2-cgroup_destroy]

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff
    altname enp0s18
    altname ens18
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff
    altname enp0s19
    altname ens19
[end_iplink]
      Found on 2024-10-01 23:44

    • Severity: high
      Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363597c8213

      Found public CheckMk agent:
Version: 1.5.0p25
AgentOS: linux
Hostname: sarpedon
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
OnlyFrom: 

Found process list through CheckMk:
(root,189452,12688,00:00:44/19-12:57:14,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29
(root,0,0,00:00:00/19-12:57:14,2) [kthreadd]
(root,0,0,00:00:00/19-12:57:14,3) [rcu_gp]
(root,0,0,00:00:00/19-12:57:14,4) [rcu_par_gp]
(root,0,0,00:00:00/19-12:57:14,5) [slub_flushwq]
(root,0,0,00:00:00/19-12:57:14,7) [kworker/0:0H-events_highpri]
(root,0,0,00:00:00/19-12:57:14,9) [mm_percpu_wq]
(root,0,0,00:00:00/19-12:57:14,10) [rcu_tasks_kthre]
(root,0,0,00:00:00/19-12:57:14,11) [rcu_tasks_rude_]
(root,0,0,00:00:00/19-12:57:14,12) [rcu_tasks_trace]
(root,0,0,00:00:38/19-12:57:14,13) [ksoftirqd/0]
(root,0,0,00:57:22/19-12:57:14,14) [rcu_preempt]
(root,0,0,00:00:07/19-12:57:14,15) [migration/0]
(root,0,0,00:00:00/19-12:57:14,16) [idle_inject/0]
(root,0,0,00:00:00/19-12:57:14,18) [cpuhp/0]
(root,0,0,00:00:00/19-12:57:14,19) [cpuhp/1]
(root,0,0,00:00:00/19-12:57:14,20) [idle_inject/1]
(root,0,0,00:00:07/19-12:57:14,21) [migration/1]
(root,0,0,00:00:31/19-12:57:14,22) [ksoftirqd/1]
(root,0,0,00:00:00/19-12:57:14,24) [kworker/1:0H-events_highpri]
(root,0,0,00:00:00/19-12:57:14,25) [cpuhp/2]
(root,0,0,00:00:00/19-12:57:14,26) [idle_inject/2]
(root,0,0,00:00:05/19-12:57:14,27) [migration/2]
(root,0,0,00:39:19/19-12:57:14,28) [ksoftirqd/2]
(root,0,0,00:00:00/19-12:57:14,30) [kworker/2:0H-events_highpri]
(root,0,0,00:00:00/19-12:57:14,31) [cpuhp/3]
(root,0,0,00:00:00/19-12:57:14,32) [idle_inject/3]
(root,0,0,00:00:07/19-12:57:14,33) [migration/3]
(root,0,0,00:01:59/19-12:57:14,34) [ksoftirqd/3]
(root,0,0,00:00:00/19-12:57:14,36) [kworker/3:0H-events_highpri]
(root,0,0,00:00:00/19-12:57:14,40) [kdevtmpfs]
(root,0,0,00:00:00/19-12:57:14,41) [netns]
(root,0,0,00:00:00/19-12:57:14,42) [inet_frag_wq]
(root,0,0,00:00:05/19-12:57:14,43) [kauditd]
(root,0,0,00:00:00/19-12:57:14,44) [khungtaskd]
(root,0,0,00:00:00/19-12:57:14,45) [oom_reaper]
(root,0,0,00:00:00/19-12:57:14,46) [writeback]
(root,0,0,00:01:02/19-12:57:14,47) [kcompactd0]
(root,0,0,00:00:00/19-12:57:14,48) [ksmd]
(root,0,0,00:01:03/19-12:57:14,49) [khugepaged]
(root,0,0,00:00:00/19-12:57:14,75) [kintegrityd]
(root,0,0,00:00:00/19-12:57:14,76) [kblockd]
(root,0,0,00:00:00/19-12:57:14,77) [blkcg_punt_bio]
(root,0,0,00:00:00/19-12:57:14,79) [tpm_dev_wq]
(root,0,0,00:00:00/19-12:57:14,80) [edac-poller]
(root,0,0,00:00:00/19-12:57:14,81) [devfreq_wq]
(root,0,0,00:00:00/19-12:57:14,110) [watchdogd]
(root,0,0,00:00:01/19-12:57:14,111) [kswapd0]
(root,0,0,00:00:05/19-12:57:14,113) [kworker/2:1H-kblockd]
(root,0,0,00:00:00/19-12:57:12,115) [kthrotld]
(root,0,0,00:00:00/19-12:57:12,116) [mld]
(root,0,0,00:00:00/19-12:57:12,117) [ipv6_addrconf]
(root,0,0,00:00:05/19-12:57:12,118) [kworker/0:1H-kblockd]
(root,0,0,00:00:00/19-12:57:12,123) [kstrp]
(root,0,0,00:00:00/19-12:57:12,124) [zswap-shrink]
(root,0,0,00:00:00/19-12:57:12,125) [kworker/u9:0]
(root,0,0,00:00:00/19-12:57:12,130) [charger_manager]
(root,0,0,00:00:06/19-12:57:12,172) [kworker/1:1H-kblockd]
(root,0,0,00:00:09/19-12:57:12,177) [kworker/3:1H-kblockd]
(root,0,0,00:00:00/19-12:57:11,239) [kaluad]
(root,0,0,00:00:00/19-12:57:11,258) [kmpath_rdacd]
(root,0,0,00:00:00/19-12:57:11,304) [kmpathd]
(root,0,0,00:00:00/19-12:57:11,305) [kmpath_handlerd]
(root,0,0,00:00:00/19-12:57:10,342) [ata_sff]
(root,0,0,00:00:00/19-12:57:10,343) [scsi_eh_0]
(root,0,0,00:00:00/19-12:57:10,344) [scsi_tmf_0]
(root,0,0,00:00:00/19-12:57:10,345) [scsi_eh_1]
(root,0,0,00:00:00/19-12:57:10,346) [scsi_tmf_1]
(root,0,0,00:00:39/19-12:57:07,366) [jbd2/vda1-8]
(root,0,0,00:00:00/19-12:57:07,367) [ext4-rsv-conver]
(root,38604,7616,00:00:25/19-12:56:55,440) /usr/lib/systemd/systemd-journald
(root,53296,9748,00:00:02/19-12:56:54,454) /usr/lib/systemd/systemd-udevd
(root,8624,6244,00:00:31/19-12:56:52,492) /usr/sbin/haveged -w 1024 -v 0 -F
(root,13476,1652,00:00:08/19-12:56:21,511) /sbin/auditd
(messagebus,22932,5912,00:00:45/19-12:56:20,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
(root,38748,8392,00:00:26/19-12:56:20,530) /usr/lib/systemd/systemd-logind
(root,20556,6040,00:00:00/19-12:56:20,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground
(root,31704,17436,00:00:03/19-12:56:18,611) /usr/sbin/wickedd --systemd --foreground
(root,31900,18000,00:00:00/19-12:56:18,616) /usr/sbin/wickedd-nanny --systemd --foreground
(root,547848,27472,00:00:23/19-12:56:04,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd
(root,37016,26660,00:00:00/19-12:56:04,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion
(root,21172,4536,00:02:05/19-12:56:04,1337) /usr/sbin/xinetd -stayalive -dontfork
(root,2984,1856,00:00:00/19-12:56:04,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux
(syslogtunnel,40564,10520,00:00:00/19-12:56:04,1341) /usr/lib/systemd/systemd --user
(cm-ssh,40560,10652,00:00:00/19-12:56:04,1342) /usr/lib/systemd/systemd --user
(checkmk,40568,10560,00:00:00/19-12:56:04,1343) /usr/lib/systemd/systemd --user
(root,449156,8812,00:00:25/19-12:56:04,1345) /usr/sbin/rsyslogd -n -iNONE
(ntp,20660,6340,00:02:49/19-12:56:04,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf
(root,2516,656,00:00:00/19-12:56:04,1352) bpfilter_umh
(root,26204,8212,00:00:07/19-12:56:04,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups
(ntp,22048,4368,00:00:00/19-12:56:04,1359) ntpd: asynchronous dns resolver
(spot,314044,199560,1-07:06:47/19-12:56:03,1368) /usr/bin/python3.11 /usr/bin/spot
(syslogtunnel,48528,3192,00:00:00/19-12:56:03,1371) (sd-pam)
(checkmk,48528,3192,00:00:00/19-12:56:03,1372) (sd-pam)
(cm-ssh,48528,3192,00:00:00/19-12:56:03,1373) (sd-pam)
(root,24216,5268,00:00:06/19-12:56:01,1468) /usr/lib/postfix/bin//master -w
(postfix,24292,8244,00:00:01/19-12:56:01,1470) qmgr -l -t fifo -u
(root,8964,2656,00:00:02/19-12:56:01,1485) /usr/sbin/cron -n
(root,35304,10076,00:00:00/19-12:55:58,1516) sshd: syslogtunnel [priv]
(syslogtunnel,35304,5504,00:01:10/19-12:55:57,1527) sshd: syslogtunnel
(root,618656,71492,00:26:56/19-12:55:55,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion
(spot,215488,53708,00:11:20/19-12:55:43,1995) /usr/bin/python3.11 /usr/bin/spot
(postfix,44628,9336,00:00:00/13-18:31:18,2557) tlsmgr -l -t unix -u
(root,35308,10108,00:00:00/19-12:55:18,3216) sshd: cm-ssh [priv]
(cm-ssh,35308,5492,00:01:05/19-12:55:18,3218) sshd: cm-ssh
(root,0,0,00:00:00/49:56,4244) [kworker/0:0-events]
(root,0,0,00:00:00/04:15,5008) [kworker/u8:1]
(root,0,0,00:00:00/31:13,7171) [kworker/3:2-events]
(root,0,0,00:00:00/47:32,10508) [kworker/2:2-events]
(root,0,0,00:00:01/03:07:58,12961) [kworker/2:0-mm_percpu_wq]
(root,0,0,00:00:00/36:57,15979) [kworker/u8:2-ext4-rsv-conversion]
(root,0,0,00:00:00/10:06,16908) [kworker/0:2-events]
(root,0,0,00:00:00/10:05,16909) [kworker/u8:0-flush-253:0]
(root,0,0,00:00:00/01:45:25,17258) [kworker/1:0-mm_percpu_wq]
(postfix,24244,8296,00:00:00/20:26,18563) pickup -l -t fifo -u
(root,0,0,00:00:00/00:04,21706) [kworker/3:1-ata_sff]
(root,0,0,00:00:00/00:01,21707) [python] <defunct>
(root,6656,3488,00:00:00/00:01,21740) /bin/bash /usr/bin/check_mk_agent
(root,6656,1824,00:00:00/00:01,21781) /bin/bash /usr/bin/check_mk_agent
(root,6656,2016,00:00:00/00:01,21782) /bin/bash /usr/bin/check_mk_agent
(root,4480,1116,00:00:00/00:01,21783) awk  /:/ { c[$4]++; } END { for (x in c) { print x, c[x]; } }
(root,2728,872,00:00:00/00:01,21784) timeout 5 cat /proc/net/tcp /proc/net/tcp6
(root,2680,736,00:00:00/00:01,21785) cat /proc/net/tcp /proc/net/tcp6
(root,6656,3484,00:00:00/00:01,21786) /bin/bash /usr/bin/check_mk_agent
(root,13744,3368,00:00:00/00:00,21804) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000
(root,11644,964,00:00:00/00:00,21805) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) /
(root,0,0,00:00:00/07:29,29017) [kworker/1:1]
(root,0,0,00:00:00/05:16,32535) [kworker/3:0-ata_sff]

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff
    altname enp0s18
    altname ens18
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff
    altname enp0s19
    altname ens19
[end_iplink]
      Found on 2024-09-29 23:45

    • Severity: high
      Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe56836363538a15

      Found public CheckMk agent:
Version: 1.5.0p25
AgentOS: linux
Hostname: sarpedon
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
OnlyFrom: 

Found process list through CheckMk:
(root,189452,12680,00:00:33/17-12:57:02,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29
(root,0,0,00:00:00/17-12:57:02,2) [kthreadd]
(root,0,0,00:00:00/17-12:57:02,3) [rcu_gp]
(root,0,0,00:00:00/17-12:57:02,4) [rcu_par_gp]
(root,0,0,00:00:00/17-12:57:02,5) [slub_flushwq]
(root,0,0,00:00:00/17-12:57:02,7) [kworker/0:0H-events_highpri]
(root,0,0,00:00:00/17-12:57:02,9) [mm_percpu_wq]
(root,0,0,00:00:00/17-12:57:02,10) [rcu_tasks_kthre]
(root,0,0,00:00:00/17-12:57:02,11) [rcu_tasks_rude_]
(root,0,0,00:00:00/17-12:57:02,12) [rcu_tasks_trace]
(root,0,0,00:00:33/17-12:57:02,13) [ksoftirqd/0]
(root,0,0,00:50:24/17-12:57:02,14) [rcu_preempt]
(root,0,0,00:00:06/17-12:57:02,15) [migration/0]
(root,0,0,00:00:00/17-12:57:02,16) [idle_inject/0]
(root,0,0,00:00:00/17-12:57:02,18) [cpuhp/0]
(root,0,0,00:00:00/17-12:57:02,19) [cpuhp/1]
(root,0,0,00:00:00/17-12:57:02,20) [idle_inject/1]
(root,0,0,00:00:06/17-12:57:02,21) [migration/1]
(root,0,0,00:00:27/17-12:57:02,22) [ksoftirqd/1]
(root,0,0,00:00:00/17-12:57:02,24) [kworker/1:0H-events_highpri]
(root,0,0,00:00:00/17-12:57:02,25) [cpuhp/2]
(root,0,0,00:00:00/17-12:57:02,26) [idle_inject/2]
(root,0,0,00:00:05/17-12:57:02,27) [migration/2]
(root,0,0,00:33:47/17-12:57:02,28) [ksoftirqd/2]
(root,0,0,00:00:00/17-12:57:02,30) [kworker/2:0H-events_highpri]
(root,0,0,00:00:00/17-12:57:02,31) [cpuhp/3]
(root,0,0,00:00:00/17-12:57:02,32) [idle_inject/3]
(root,0,0,00:00:06/17-12:57:02,33) [migration/3]
(root,0,0,00:01:41/17-12:57:02,34) [ksoftirqd/3]
(root,0,0,00:00:00/17-12:57:02,36) [kworker/3:0H-events_highpri]
(root,0,0,00:00:00/17-12:57:02,40) [kdevtmpfs]
(root,0,0,00:00:00/17-12:57:02,41) [netns]
(root,0,0,00:00:00/17-12:57:02,42) [inet_frag_wq]
(root,0,0,00:00:03/17-12:57:02,43) [kauditd]
(root,0,0,00:00:00/17-12:57:02,44) [khungtaskd]
(root,0,0,00:00:00/17-12:57:02,45) [oom_reaper]
(root,0,0,00:00:00/17-12:57:02,46) [writeback]
(root,0,0,00:00:55/17-12:57:02,47) [kcompactd0]
(root,0,0,00:00:00/17-12:57:02,48) [ksmd]
(root,0,0,00:00:56/17-12:57:02,49) [khugepaged]
(root,0,0,00:00:00/17-12:57:02,75) [kintegrityd]
(root,0,0,00:00:00/17-12:57:02,76) [kblockd]
(root,0,0,00:00:00/17-12:57:02,77) [blkcg_punt_bio]
(root,0,0,00:00:00/17-12:57:02,79) [tpm_dev_wq]
(root,0,0,00:00:00/17-12:57:02,80) [edac-poller]
(root,0,0,00:00:00/17-12:57:02,81) [devfreq_wq]
(root,0,0,00:00:00/17-12:57:02,110) [watchdogd]
(root,0,0,00:00:01/17-12:57:02,111) [kswapd0]
(root,0,0,00:00:04/17-12:57:02,113) [kworker/2:1H-kblockd]
(root,0,0,00:00:00/17-12:57:00,115) [kthrotld]
(root,0,0,00:00:00/17-12:57:00,116) [mld]
(root,0,0,00:00:00/17-12:57:00,117) [ipv6_addrconf]
(root,0,0,00:00:04/17-12:57:00,118) [kworker/0:1H-kblockd]
(root,0,0,00:00:00/17-12:57:00,123) [kstrp]
(root,0,0,00:00:00/17-12:57:00,124) [zswap-shrink]
(root,0,0,00:00:00/17-12:57:00,125) [kworker/u9:0]
(root,0,0,00:00:00/17-12:57:00,130) [charger_manager]
(root,0,0,00:00:05/17-12:57:00,172) [kworker/1:1H-kblockd]
(root,0,0,00:00:08/17-12:57:00,177) [kworker/3:1H-kblockd]
(root,0,0,00:00:00/17-12:56:59,239) [kaluad]
(root,0,0,00:00:00/17-12:56:59,258) [kmpath_rdacd]
(root,0,0,00:00:00/17-12:56:59,304) [kmpathd]
(root,0,0,00:00:00/17-12:56:59,305) [kmpath_handlerd]
(root,0,0,00:00:00/17-12:56:58,342) [ata_sff]
(root,0,0,00:00:00/17-12:56:58,343) [scsi_eh_0]
(root,0,0,00:00:00/17-12:56:58,344) [scsi_tmf_0]
(root,0,0,00:00:00/17-12:56:58,345) [scsi_eh_1]
(root,0,0,00:00:00/17-12:56:58,346) [scsi_tmf_1]
(root,0,0,00:00:34/17-12:56:55,366) [jbd2/vda1-8]
(root,0,0,00:00:00/17-12:56:55,367) [ext4-rsv-conver]
(root,38604,7616,00:00:19/17-12:56:43,440) /usr/lib/systemd/systemd-journald
(root,53296,9748,00:00:02/17-12:56:42,454) /usr/lib/systemd/systemd-udevd
(root,8624,6244,00:00:27/17-12:56:40,492) /usr/sbin/haveged -w 1024 -v 0 -F
(root,13476,1652,00:00:06/17-12:56:09,511) /sbin/auditd
(messagebus,22932,5912,00:00:31/17-12:56:08,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
(root,38748,8388,00:00:18/17-12:56:08,530) /usr/lib/systemd/systemd-logind
(root,20556,6040,00:00:00/17-12:56:08,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground
(root,31704,17436,00:00:03/17-12:56:06,611) /usr/sbin/wickedd --systemd --foreground
(root,31900,18000,00:00:00/17-12:56:06,616) /usr/sbin/wickedd-nanny --systemd --foreground
(root,547848,27472,00:00:20/17-12:55:52,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd
(root,37016,26660,00:00:00/17-12:55:52,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion
(root,21172,4536,00:01:51/17-12:55:52,1337) /usr/sbin/xinetd -stayalive -dontfork
(root,2984,1856,00:00:00/17-12:55:52,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux
(syslogtunnel,40564,10520,00:00:00/17-12:55:52,1341) /usr/lib/systemd/systemd --user
(cm-ssh,40560,10652,00:00:00/17-12:55:52,1342) /usr/lib/systemd/systemd --user
(checkmk,40568,10560,00:00:00/17-12:55:52,1343) /usr/lib/systemd/systemd --user
(root,448964,9120,00:00:19/17-12:55:52,1345) /usr/sbin/rsyslogd -n -iNONE
(ntp,20660,6340,00:02:30/17-12:55:52,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf
(root,2516,656,00:00:00/17-12:55:52,1352) bpfilter_umh
(root,26204,8212,00:00:04/17-12:55:52,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups
(ntp,22048,4368,00:00:00/17-12:55:52,1359) ntpd: asynchronous dns resolver
(spot,315500,199924,1-03:05:12/17-12:55:51,1368) /usr/bin/python3.11 /usr/bin/spot
(syslogtunnel,48528,3192,00:00:00/17-12:55:51,1371) (sd-pam)
(checkmk,48528,3192,00:00:00/17-12:55:51,1372) (sd-pam)
(cm-ssh,48528,3192,00:00:00/17-12:55:51,1373) (sd-pam)
(root,24216,5268,00:00:06/17-12:55:49,1468) /usr/lib/postfix/bin//master -w
(postfix,24292,8244,00:00:01/17-12:55:49,1470) qmgr -l -t fifo -u
(root,8964,2656,00:00:02/17-12:55:49,1485) /usr/sbin/cron -n
(root,35304,10076,00:00:00/17-12:55:46,1516) sshd: syslogtunnel [priv]
(syslogtunnel,35304,5504,00:01:01/17-12:55:45,1527) sshd: syslogtunnel
(root,618256,73120,00:23:58/17-12:55:43,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion
(root,0,0,00:00:00/16:18,1721) [kworker/3:1-events]
(spot,214464,51672,00:10:02/17-12:55:31,1995) /usr/bin/python3.11 /usr/bin/spot
(postfix,44628,9336,00:00:00/11-18:31:06,2557) tlsmgr -l -t unix -u
(root,0,0,00:00:00/08:08,2711) [kworker/2:1-cgroup_destroy]
(root,35308,10108,00:00:00/17-12:55:06,3216) sshd: cm-ssh [priv]
(cm-ssh,35308,5492,00:00:57/17-12:55:06,3218) sshd: cm-ssh
(root,0,0,00:00:00/15:41,3936) [kworker/u8:2-ext4-rsv-conversion]
(root,0,0,00:00:00/25:02,6092) [kworker/0:2-mm_percpu_wq]
(root,0,0,00:00:00/14:28,9322) [kworker/0:1]
(root,0,0,00:00:00/05:55,13680) [kworker/3:0-ata_sff]
(root,0,0,00:00:00/33:31,15869) [kworker/1:1]
(root,0,0,00:00:00/55:24,17782) [kworker/1:2-mm_percpu_wq]
(root,0,0,00:00:01/03:17:36,19474) [kworker/2:0-mm_percpu_wq]
(root,0,0,00:00:00/01:03:46,21562) [kworker/u8:0-ext4-rsv-conversion]
(root,0,0,00:00:00/01:33,26111) [kworker/2:2-events]
(root,0,0,00:00:00/00:44,27757) [kworker/3:2-ata_sff]
(root,0,0,00:00:00/00:41,27758) [kworker/u8:1-writeback]
(postfix,24244,8224,00:00:00/42:11,29850) pickup -l -t fifo -u
(root,6656,3488,00:00:00/00:01,31521) /bin/bash /usr/bin/check_mk_agent
(root,6656,1828,00:00:00/00:01,31562) /bin/bash /usr/bin/check_mk_agent
(root,6656,2020,00:00:00/00:01,31563) /bin/bash /usr/bin/check_mk_agent
(root,4480,1060,00:00:00/00:01,31564) awk  /:/ { c[$4]++; } END { for (x in c) { print x, c[x]; } }
(root,2728,792,00:00:00/00:01,31565) timeout 5 cat /proc/net/tcp /proc/net/tcp6
(root,2680,708,00:00:00/00:01,31566) cat /proc/net/tcp /proc/net/tcp6
(root,6656,3492,00:00:00/00:00,31567) /bin/bash /usr/bin/check_mk_agent
(root,13744,3368,00:00:00/00:00,31585) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000
(root,11644,960,00:00:00/00:00,31586) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) /

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff
    altname enp0s18
    altname ens18
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff
    altname enp0s19
    altname ens19
[end_iplink]
      Found on 2024-09-27 23:45

    • Severity: high
      Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe5683633216053f

      Found public CheckMk agent:
Version: 1.5.0p25
AgentOS: linux
Hostname: sarpedon
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
OnlyFrom: 

Found process list through CheckMk:
(root,189452,12680,00:00:23/15-13:01:01,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29
(root,0,0,00:00:00/15-13:01:01,2) [kthreadd]
(root,0,0,00:00:00/15-13:01:01,3) [rcu_gp]
(root,0,0,00:00:00/15-13:01:01,4) [rcu_par_gp]
(root,0,0,00:00:00/15-13:01:01,5) [slub_flushwq]
(root,0,0,00:00:00/15-13:01:01,7) [kworker/0:0H-events_highpri]
(root,0,0,00:00:00/15-13:01:01,9) [mm_percpu_wq]
(root,0,0,00:00:00/15-13:01:01,10) [rcu_tasks_kthre]
(root,0,0,00:00:00/15-13:01:01,11) [rcu_tasks_rude_]
(root,0,0,00:00:00/15-13:01:01,12) [rcu_tasks_trace]
(root,0,0,00:00:28/15-13:01:01,13) [ksoftirqd/0]
(root,0,0,00:43:35/15-13:01:01,14) [rcu_preempt]
(root,0,0,00:00:05/15-13:01:01,15) [migration/0]
(root,0,0,00:00:00/15-13:01:01,16) [idle_inject/0]
(root,0,0,00:00:00/15-13:01:01,18) [cpuhp/0]
(root,0,0,00:00:00/15-13:01:01,19) [cpuhp/1]
(root,0,0,00:00:00/15-13:01:01,20) [idle_inject/1]
(root,0,0,00:00:06/15-13:01:01,21) [migration/1]
(root,0,0,00:00:23/15-13:01:01,22) [ksoftirqd/1]
(root,0,0,00:00:00/15-13:01:01,24) [kworker/1:0H-events_highpri]
(root,0,0,00:00:00/15-13:01:01,25) [cpuhp/2]
(root,0,0,00:00:00/15-13:01:01,26) [idle_inject/2]
(root,0,0,00:00:04/15-13:01:01,27) [migration/2]
(root,0,0,00:28:31/15-13:01:01,28) [ksoftirqd/2]
(root,0,0,00:00:00/15-13:01:01,30) [kworker/2:0H-events_highpri]
(root,0,0,00:00:00/15-13:01:01,31) [cpuhp/3]
(root,0,0,00:00:00/15-13:01:01,32) [idle_inject/3]
(root,0,0,00:00:05/15-13:01:01,33) [migration/3]
(root,0,0,00:01:24/15-13:01:01,34) [ksoftirqd/3]
(root,0,0,00:00:00/15-13:01:01,36) [kworker/3:0H-events_highpri]
(root,0,0,00:00:00/15-13:01:01,40) [kdevtmpfs]
(root,0,0,00:00:00/15-13:01:01,41) [netns]
(root,0,0,00:00:00/15-13:01:01,42) [inet_frag_wq]
(root,0,0,00:00:01/15-13:01:01,43) [kauditd]
(root,0,0,00:00:00/15-13:01:01,44) [khungtaskd]
(root,0,0,00:00:00/15-13:01:01,45) [oom_reaper]
(root,0,0,00:00:00/15-13:01:01,46) [writeback]
(root,0,0,00:00:48/15-13:01:01,47) [kcompactd0]
(root,0,0,00:00:00/15-13:01:01,48) [ksmd]
(root,0,0,00:00:50/15-13:01:01,49) [khugepaged]
(root,0,0,00:00:00/15-13:01:01,75) [kintegrityd]
(root,0,0,00:00:00/15-13:01:01,76) [kblockd]
(root,0,0,00:00:00/15-13:01:01,77) [blkcg_punt_bio]
(root,0,0,00:00:00/15-13:01:01,79) [tpm_dev_wq]
(root,0,0,00:00:00/15-13:01:01,80) [edac-poller]
(root,0,0,00:00:00/15-13:01:01,81) [devfreq_wq]
(root,0,0,00:00:00/15-13:01:01,110) [watchdogd]
(root,0,0,00:00:01/15-13:01:01,111) [kswapd0]
(root,0,0,00:00:04/15-13:01:01,113) [kworker/2:1H-kblockd]
(root,0,0,00:00:00/15-13:00:59,115) [kthrotld]
(root,0,0,00:00:00/15-13:00:59,116) [mld]
(root,0,0,00:00:00/15-13:00:59,117) [ipv6_addrconf]
(root,0,0,00:00:04/15-13:00:59,118) [kworker/0:1H-kblockd]
(root,0,0,00:00:00/15-13:00:59,123) [kstrp]
(root,0,0,00:00:00/15-13:00:59,124) [zswap-shrink]
(root,0,0,00:00:00/15-13:00:59,125) [kworker/u9:0]
(root,0,0,00:00:00/15-13:00:59,130) [charger_manager]
(root,0,0,00:00:04/15-13:00:59,172) [kworker/1:1H-kblockd]
(root,0,0,00:00:06/15-13:00:59,177) [kworker/3:1H-kblockd]
(root,0,0,00:00:00/15-13:00:58,239) [kaluad]
(root,0,0,00:00:00/15-13:00:58,258) [kmpath_rdacd]
(root,0,0,00:00:00/15-13:00:58,304) [kmpathd]
(root,0,0,00:00:00/15-13:00:58,305) [kmpath_handlerd]
(root,0,0,00:00:00/15-13:00:57,342) [ata_sff]
(root,0,0,00:00:00/15-13:00:57,343) [scsi_eh_0]
(root,0,0,00:00:00/15-13:00:57,344) [scsi_tmf_0]
(root,0,0,00:00:00/15-13:00:57,345) [scsi_eh_1]
(root,0,0,00:00:00/15-13:00:57,346) [scsi_tmf_1]
(root,0,0,00:00:29/15-13:00:54,366) [jbd2/vda1-8]
(root,0,0,00:00:00/15-13:00:54,367) [ext4-rsv-conver]
(root,38604,7616,00:00:14/15-13:00:42,440) /usr/lib/systemd/systemd-journald
(root,53296,9748,00:00:01/15-13:00:41,454) /usr/lib/systemd/systemd-udevd
(root,8624,6244,00:00:24/15-13:00:39,492) /usr/sbin/haveged -w 1024 -v 0 -F
(root,13476,1652,00:00:04/15-13:00:08,511) /sbin/auditd
(messagebus,22932,5912,00:00:19/15-13:00:07,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
(root,38748,8388,00:00:12/15-13:00:07,530) /usr/lib/systemd/systemd-logind
(root,20556,6040,00:00:00/15-13:00:07,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground
(root,31704,17436,00:00:03/15-13:00:05,611) /usr/sbin/wickedd --systemd --foreground
(root,31900,18000,00:00:00/15-13:00:05,616) /usr/sbin/wickedd-nanny --systemd --foreground
(root,547848,26432,00:00:18/15-12:59:51,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd
(root,37016,26660,00:00:00/15-12:59:51,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion
(root,21172,4536,00:01:38/15-12:59:51,1337) /usr/sbin/xinetd -stayalive -dontfork
(root,2984,1856,00:00:00/15-12:59:51,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux
(syslogtunnel,40564,10520,00:00:00/15-12:59:51,1341) /usr/lib/systemd/systemd --user
(cm-ssh,40560,10652,00:00:00/15-12:59:51,1342) /usr/lib/systemd/systemd --user
(checkmk,40568,10560,00:00:00/15-12:59:51,1343) /usr/lib/systemd/systemd --user
(root,448964,8856,00:00:14/15-12:59:51,1345) /usr/sbin/rsyslogd -n -iNONE
(ntp,20660,6340,00:02:12/15-12:59:51,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf
(root,2516,656,00:00:00/15-12:59:51,1352) bpfilter_umh
(root,26204,8212,00:00:03/15-12:59:51,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups
(ntp,22048,4368,00:00:00/15-12:59:51,1359) ntpd: asynchronous dns resolver
(spot,314348,199636,22:23:38/15-12:59:50,1368) /usr/bin/python3.11 /usr/bin/spot
(syslogtunnel,48528,3192,00:00:00/15-12:59:50,1371) (sd-pam)
(checkmk,48528,3192,00:00:00/15-12:59:50,1372) (sd-pam)
(cm-ssh,48528,3192,00:00:00/15-12:59:50,1373) (sd-pam)
(root,24216,5268,00:00:05/15-12:59:48,1468) /usr/lib/postfix/bin//master -w
(postfix,24292,8244,00:00:01/15-12:59:48,1470) qmgr -l -t fifo -u
(root,8964,2656,00:00:02/15-12:59:48,1485) /usr/sbin/cron -n
(root,35304,10076,00:00:00/15-12:59:45,1516) sshd: syslogtunnel [priv]
(syslogtunnel,35304,5504,00:00:53/15-12:59:44,1527) sshd: syslogtunnel
(root,617868,72916,00:21:04/15-12:59:42,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion
(spot,213440,49872,00:08:45/15-12:59:30,1995) /usr/bin/python3.11 /usr/bin/spot
(root,0,0,00:00:01/02:17:46,2076) [kworker/2:0-events]
(postfix,44628,9336,00:00:00/9-18:35:05,2557) tlsmgr -l -t unix -u
(root,0,0,00:00:02/05:24:38,2845) [kworker/0:2-events]
(root,35308,10108,00:00:00/15-12:59:05,3216) sshd: cm-ssh [priv]
(cm-ssh,35308,5492,00:00:50/15-12:59:05,3218) sshd: cm-ssh
(root,0,0,00:00:00/29:05,3630) [kworker/2:1-events]
(root,0,0,00:00:00/10:28,5722) [kworker/3:0-ata_sff]
(root,0,0,00:00:00/00:07,8737) [kworker/3:2-ata_sff]
(root,6656,3484,00:00:00/00:00,9083) /bin/bash /usr/bin/check_mk_agent
(root,6656,1820,00:00:00/00:00,9124) /bin/bash /usr/bin/check_mk_agent
(root,6656,2012,00:00:00/00:00,9125) /bin/bash /usr/bin/check_mk_agent
(root,4480,1012,00:00:00/00:00,9126) awk  /:/ { c[$4]++; } END { for (x in c) { print x, c[x]; } }
(root,2728,820,00:00:00/00:00,9127) timeout 5 cat /proc/net/tcp /proc/net/tcp6
(root,2680,664,00:00:00/00:00,9128) cat /proc/net/tcp /proc/net/tcp6
(root,6656,3492,00:00:00/00:00,9129) /bin/bash /usr/bin/check_mk_agent
(root,13744,3420,00:00:00/00:00,9147) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000
(root,11644,964,00:00:00/00:00,9148) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) /
(root,0,0,00:00:00/02:04:15,9961) [kworker/u8:2-ext4-rsv-conversion]
(root,0,0,00:00:00/01:48:37,11304) [kworker/1:1-events]
(root,0,0,00:00:00/51:52,15580) [kworker/1:0]
(root,0,0,00:00:00/09:08:08,21313) [kworker/0:0-events]
(root,0,0,00:00:00/05:17,22803) [kworker/3:1-events]
(root,0,0,00:00:00/01:18:37,26431) [kworker/u8:1-writeback]
(postfix,24244,8212,00:00:00/01:08:00,28252) pickup -l -t fifo -u

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff
    altname enp0s18
    altname ens18
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff
    altname enp0s19
    altname ens19
[end_iplink]
      Found on 2024-09-25 23:49

    • Severity: high
      Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe5683636a6bcbcf

      Found public CheckMk agent:
Version: 1.5.0p25
AgentOS: linux
Hostname: sarpedon
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
OnlyFrom: 

Found process list through CheckMk:
(root,189452,12680,00:00:20/13-13:05:45,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29
(root,0,0,00:00:00/13-13:05:45,2) [kthreadd]
(root,0,0,00:00:00/13-13:05:45,3) [rcu_gp]
(root,0,0,00:00:00/13-13:05:45,4) [rcu_par_gp]
(root,0,0,00:00:00/13-13:05:45,5) [slub_flushwq]
(root,0,0,00:00:00/13-13:05:45,7) [kworker/0:0H-events_highpri]
(root,0,0,00:00:00/13-13:05:45,9) [mm_percpu_wq]
(root,0,0,00:00:00/13-13:05:45,10) [rcu_tasks_kthre]
(root,0,0,00:00:00/13-13:05:45,11) [rcu_tasks_rude_]
(root,0,0,00:00:00/13-13:05:45,12) [rcu_tasks_trace]
(root,0,0,00:00:24/13-13:05:45,13) [ksoftirqd/0]
(root,0,0,00:37:19/13-13:05:45,14) [rcu_preempt]
(root,0,0,00:00:05/13-13:05:45,15) [migration/0]
(root,0,0,00:00:00/13-13:05:45,16) [idle_inject/0]
(root,0,0,00:00:00/13-13:05:45,18) [cpuhp/0]
(root,0,0,00:00:00/13-13:05:45,19) [cpuhp/1]
(root,0,0,00:00:00/13-13:05:45,20) [idle_inject/1]
(root,0,0,00:00:05/13-13:05:45,21) [migration/1]
(root,0,0,00:00:20/13-13:05:45,22) [ksoftirqd/1]
(root,0,0,00:00:00/13-13:05:45,24) [kworker/1:0H-events_highpri]
(root,0,0,00:00:00/13-13:05:45,25) [cpuhp/2]
(root,0,0,00:00:00/13-13:05:45,26) [idle_inject/2]
(root,0,0,00:00:03/13-13:05:45,27) [migration/2]
(root,0,0,00:24:39/13-13:05:45,28) [ksoftirqd/2]
(root,0,0,00:00:00/13-13:05:45,30) [kworker/2:0H-events_highpri]
(root,0,0,00:00:00/13-13:05:45,31) [cpuhp/3]
(root,0,0,00:00:00/13-13:05:45,32) [idle_inject/3]
(root,0,0,00:00:05/13-13:05:45,33) [migration/3]
(root,0,0,00:01:11/13-13:05:45,34) [ksoftirqd/3]
(root,0,0,00:00:00/13-13:05:45,36) [kworker/3:0H-events_highpri]
(root,0,0,00:00:00/13-13:05:45,40) [kdevtmpfs]
(root,0,0,00:00:00/13-13:05:45,41) [netns]
(root,0,0,00:00:00/13-13:05:45,42) [inet_frag_wq]
(root,0,0,00:00:01/13-13:05:45,43) [kauditd]
(root,0,0,00:00:00/13-13:05:45,44) [khungtaskd]
(root,0,0,00:00:00/13-13:05:45,45) [oom_reaper]
(root,0,0,00:00:00/13-13:05:45,46) [writeback]
(root,0,0,00:00:41/13-13:05:45,47) [kcompactd0]
(root,0,0,00:00:00/13-13:05:45,48) [ksmd]
(root,0,0,00:00:44/13-13:05:45,49) [khugepaged]
(root,0,0,00:00:00/13-13:05:45,75) [kintegrityd]
(root,0,0,00:00:00/13-13:05:45,76) [kblockd]
(root,0,0,00:00:00/13-13:05:45,77) [blkcg_punt_bio]
(root,0,0,00:00:00/13-13:05:45,79) [tpm_dev_wq]
(root,0,0,00:00:00/13-13:05:45,80) [edac-poller]
(root,0,0,00:00:00/13-13:05:45,81) [devfreq_wq]
(root,0,0,00:00:00/13-13:05:45,110) [watchdogd]
(root,0,0,00:00:01/13-13:05:45,111) [kswapd0]
(root,0,0,00:00:03/13-13:05:45,113) [kworker/2:1H-kblockd]
(root,0,0,00:00:00/13-13:05:43,115) [kthrotld]
(root,0,0,00:00:00/13-13:05:43,116) [mld]
(root,0,0,00:00:00/13-13:05:43,117) [ipv6_addrconf]
(root,0,0,00:00:03/13-13:05:43,118) [kworker/0:1H-kblockd]
(root,0,0,00:00:00/13-13:05:43,123) [kstrp]
(root,0,0,00:00:00/13-13:05:43,124) [zswap-shrink]
(root,0,0,00:00:00/13-13:05:43,125) [kworker/u9:0]
(root,0,0,00:00:00/13-13:05:43,130) [charger_manager]
(root,0,0,00:00:04/13-13:05:43,172) [kworker/1:1H-kblockd]
(root,0,0,00:00:05/13-13:05:43,177) [kworker/3:1H-kblockd]
(root,0,0,00:00:00/13-13:05:42,239) [kaluad]
(root,0,0,00:00:00/13-13:05:42,258) [kmpath_rdacd]
(root,0,0,00:00:00/13-13:05:42,304) [kmpathd]
(root,0,0,00:00:00/13-13:05:42,305) [kmpath_handlerd]
(root,0,0,00:00:00/13-13:05:41,342) [ata_sff]
(root,0,0,00:00:00/13-13:05:41,343) [scsi_eh_0]
(root,0,0,00:00:00/13-13:05:41,344) [scsi_tmf_0]
(root,0,0,00:00:00/13-13:05:41,345) [scsi_eh_1]
(root,0,0,00:00:00/13-13:05:41,346) [scsi_tmf_1]
(root,0,0,00:00:25/13-13:05:38,366) [jbd2/vda1-8]
(root,0,0,00:00:00/13-13:05:38,367) [ext4-rsv-conver]
(root,38604,7616,00:00:12/13-13:05:26,440) /usr/lib/systemd/systemd-journald
(root,53296,9748,00:00:01/13-13:05:25,454) /usr/lib/systemd/systemd-udevd
(root,8624,6244,00:00:21/13-13:05:23,492) /usr/sbin/haveged -w 1024 -v 0 -F
(root,13476,1652,00:00:03/13-13:04:52,511) /sbin/auditd
(messagebus,22932,5912,00:00:16/13-13:04:51,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
(root,38748,8388,00:00:10/13-13:04:51,530) /usr/lib/systemd/systemd-logind
(root,20556,6040,00:00:00/13-13:04:51,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground
(root,31704,17436,00:00:03/13-13:04:49,611) /usr/sbin/wickedd --systemd --foreground
(root,31900,18000,00:00:00/13-13:04:49,616) /usr/sbin/wickedd-nanny --systemd --foreground
(root,547848,26172,00:00:15/13-13:04:35,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd
(root,37016,26660,00:00:00/13-13:04:35,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion
(root,21172,4536,00:01:25/13-13:04:35,1337) /usr/sbin/xinetd -stayalive -dontfork
(root,2984,1856,00:00:00/13-13:04:35,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux
(syslogtunnel,40564,10520,00:00:00/13-13:04:35,1341) /usr/lib/systemd/systemd --user
(cm-ssh,40560,10652,00:00:00/13-13:04:35,1342) /usr/lib/systemd/systemd --user
(checkmk,40568,10560,00:00:00/13-13:04:35,1343) /usr/lib/systemd/systemd --user
(root,448964,8856,00:00:13/13-13:04:35,1345) /usr/sbin/rsyslogd -n -iNONE
(ntp,20660,6340,00:01:54/13-13:04:35,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf
(root,2516,656,00:00:00/13-13:04:35,1352) bpfilter_umh
(root,26204,8212,00:00:02/13-13:04:35,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups
(ntp,22048,4368,00:00:00/13-13:04:35,1359) ntpd: asynchronous dns resolver
(spot,305340,189704,18:43:55/13-13:04:34,1368) /usr/bin/python3.11 /usr/bin/spot
(syslogtunnel,48528,3192,00:00:00/13-13:04:34,1371) (sd-pam)
(checkmk,48528,3192,00:00:00/13-13:04:34,1372) (sd-pam)
(cm-ssh,48528,3192,00:00:00/13-13:04:34,1373) (sd-pam)
(root,24216,5268,00:00:04/13-13:04:32,1468) /usr/lib/postfix/bin//master -w
(postfix,24292,8244,00:00:00/13-13:04:32,1470) qmgr -l -t fifo -u
(root,8964,2656,00:00:01/13-13:04:32,1485) /usr/sbin/cron -n
(root,35304,10076,00:00:00/13-13:04:29,1516) sshd: syslogtunnel [priv]
(syslogtunnel,35304,5504,00:00:46/13-13:04:28,1527) sshd: syslogtunnel
(root,617868,72668,00:18:15/13-13:04:26,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion
(spot,212416,48320,00:07:30/13-13:04:14,1995) /usr/bin/python3.11 /usr/bin/spot
(postfix,44628,9336,00:00:00/7-18:39:49,2557) tlsmgr -l -t unix -u
(root,0,0,00:00:00/09:30,2894) [kworker/3:1-ata_sff]
(root,35308,10108,00:00:00/13-13:03:49,3216) sshd: cm-ssh [priv]
(cm-ssh,35308,5492,00:00:43/13-13:03:49,3218) sshd: cm-ssh
(root,0,0,00:00:00/01:47:27,5639) [kworker/2:2-cgroup_destroy]
(root,6656,3488,00:00:00/00:00,10600) /bin/bash /usr/bin/check_mk_agent
(root,13744,3504,00:00:00/00:00,10618) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000
(root,11644,960,00:00:00/00:00,10619) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) /
(root,0,0,00:00:00/21:09,14597) [kworker/0:1-cgroup_destroy]
(root,0,0,00:00:01/02:12:00,14919) [kworker/1:0-events]
(root,0,0,00:00:00/35:27,15998) [kworker/3:2-events]
(root,0,0,00:00:00/03:00:38,16390) [kworker/u8:1-writeback]
(root,0,0,00:00:00/01:59:51,21914) [kworker/1:1-cgroup_destroy]
(root,0,0,00:00:00/43:57,22455) [kworker/u8:0-ext4-rsv-conversion]
(root,0,0,00:00:00/04:20,22599) [kworker/3:0-ata_sff]
(postfix,24244,8228,00:00:00/01:34:41,24772) pickup -l -t fifo -u
(root,0,0,00:00:01/02:48:59,25621) [kworker/2:0-events]
(root,0,0,00:00:00/01:23:11,29874) [kworker/0:2-events]

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff
    altname enp0s18
    altname ens18
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff
    altname enp0s19
    altname ens19
[end_iplink]
      Found on 2024-09-23 23:54

    • Severity: high
      Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe5683638b9454af

      Found public CheckMk agent:
Version: 1.5.0p25
AgentOS: linux
Hostname: sarpedon
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
OnlyFrom: 

Found process list through CheckMk:
(root,189452,12680,00:00:18/11-12:50:54,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29
(root,0,0,00:00:00/11-12:50:54,2) [kthreadd]
(root,0,0,00:00:00/11-12:50:54,3) [rcu_gp]
(root,0,0,00:00:00/11-12:50:54,4) [rcu_par_gp]
(root,0,0,00:00:00/11-12:50:54,5) [slub_flushwq]
(root,0,0,00:00:00/11-12:50:54,7) [kworker/0:0H-events_highpri]
(root,0,0,00:00:00/11-12:50:54,9) [mm_percpu_wq]
(root,0,0,00:00:00/11-12:50:54,10) [rcu_tasks_kthre]
(root,0,0,00:00:00/11-12:50:54,11) [rcu_tasks_rude_]
(root,0,0,00:00:00/11-12:50:54,12) [rcu_tasks_trace]
(root,0,0,00:00:20/11-12:50:54,13) [ksoftirqd/0]
(root,0,0,00:31:42/11-12:50:54,14) [rcu_preempt]
(root,0,0,00:00:04/11-12:50:54,15) [migration/0]
(root,0,0,00:00:00/11-12:50:54,16) [idle_inject/0]
(root,0,0,00:00:00/11-12:50:54,18) [cpuhp/0]
(root,0,0,00:00:00/11-12:50:54,19) [cpuhp/1]
(root,0,0,00:00:00/11-12:50:54,20) [idle_inject/1]
(root,0,0,00:00:04/11-12:50:54,21) [migration/1]
(root,0,0,00:00:17/11-12:50:54,22) [ksoftirqd/1]
(root,0,0,00:00:00/11-12:50:54,24) [kworker/1:0H-events_highpri]
(root,0,0,00:00:00/11-12:50:54,25) [cpuhp/2]
(root,0,0,00:00:00/11-12:50:54,26) [idle_inject/2]
(root,0,0,00:00:03/11-12:50:54,27) [migration/2]
(root,0,0,00:21:10/11-12:50:54,28) [ksoftirqd/2]
(root,0,0,00:00:00/11-12:50:54,30) [kworker/2:0H-events_highpri]
(root,0,0,00:00:00/11-12:50:54,31) [cpuhp/3]
(root,0,0,00:00:00/11-12:50:54,32) [idle_inject/3]
(root,0,0,00:00:04/11-12:50:54,33) [migration/3]
(root,0,0,00:01:00/11-12:50:54,34) [ksoftirqd/3]
(root,0,0,00:00:00/11-12:50:54,36) [kworker/3:0H-events_highpri]
(root,0,0,00:00:00/11-12:50:54,40) [kdevtmpfs]
(root,0,0,00:00:00/11-12:50:54,41) [netns]
(root,0,0,00:00:00/11-12:50:54,42) [inet_frag_wq]
(root,0,0,00:00:01/11-12:50:54,43) [kauditd]
(root,0,0,00:00:00/11-12:50:54,44) [khungtaskd]
(root,0,0,00:00:00/11-12:50:54,45) [oom_reaper]
(root,0,0,00:00:00/11-12:50:54,46) [writeback]
(root,0,0,00:00:34/11-12:50:54,47) [kcompactd0]
(root,0,0,00:00:00/11-12:50:54,48) [ksmd]
(root,0,0,00:00:37/11-12:50:54,49) [khugepaged]
(root,0,0,00:00:00/11-12:50:54,75) [kintegrityd]
(root,0,0,00:00:00/11-12:50:54,76) [kblockd]
(root,0,0,00:00:00/11-12:50:54,77) [blkcg_punt_bio]
(root,0,0,00:00:00/11-12:50:54,79) [tpm_dev_wq]
(root,0,0,00:00:00/11-12:50:54,80) [edac-poller]
(root,0,0,00:00:00/11-12:50:54,81) [devfreq_wq]
(root,0,0,00:00:00/11-12:50:54,110) [watchdogd]
(root,0,0,00:00:00/11-12:50:54,111) [kswapd0]
(root,0,0,00:00:02/11-12:50:54,113) [kworker/2:1H-kblockd]
(root,0,0,00:00:00/11-12:50:52,115) [kthrotld]
(root,0,0,00:00:00/11-12:50:52,116) [mld]
(root,0,0,00:00:00/11-12:50:52,117) [ipv6_addrconf]
(root,0,0,00:00:03/11-12:50:52,118) [kworker/0:1H-kblockd]
(root,0,0,00:00:00/11-12:50:52,123) [kstrp]
(root,0,0,00:00:00/11-12:50:52,124) [zswap-shrink]
(root,0,0,00:00:00/11-12:50:52,125) [kworker/u9:0]
(root,0,0,00:00:00/11-12:50:52,130) [charger_manager]
(root,0,0,00:00:03/11-12:50:52,172) [kworker/1:1H-kblockd]
(root,0,0,00:00:05/11-12:50:52,177) [kworker/3:1H-kblockd]
(root,0,0,00:00:00/11-12:50:51,239) [kaluad]
(root,0,0,00:00:00/11-12:50:51,258) [kmpath_rdacd]
(root,0,0,00:00:00/11-12:50:51,304) [kmpathd]
(root,0,0,00:00:00/11-12:50:51,305) [kmpath_handlerd]
(root,0,0,00:00:00/11-12:50:50,342) [ata_sff]
(root,0,0,00:00:00/11-12:50:50,343) [scsi_eh_0]
(root,0,0,00:00:00/11-12:50:50,344) [scsi_tmf_0]
(root,0,0,00:00:00/11-12:50:50,345) [scsi_eh_1]
(root,0,0,00:00:00/11-12:50:50,346) [scsi_tmf_1]
(root,0,0,00:00:21/11-12:50:47,366) [jbd2/vda1-8]
(root,0,0,00:00:00/11-12:50:47,367) [ext4-rsv-conver]
(root,38604,7616,00:00:10/11-12:50:35,440) /usr/lib/systemd/systemd-journald
(root,53296,9772,00:00:01/11-12:50:34,454) /usr/lib/systemd/systemd-udevd
(root,8624,6244,00:00:17/11-12:50:32,492) /usr/sbin/haveged -w 1024 -v 0 -F
(root,13476,1652,00:00:03/11-12:50:01,511) /sbin/auditd
(messagebus,22932,5912,00:00:14/11-12:50:00,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
(root,38748,8380,00:00:08/11-12:50:00,530) /usr/lib/systemd/systemd-logind
(root,20556,6040,00:00:00/11-12:50:00,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground
(root,31704,17436,00:00:03/11-12:49:58,611) /usr/sbin/wickedd --systemd --foreground
(root,31900,18000,00:00:00/11-12:49:58,616) /usr/sbin/wickedd-nanny --systemd --foreground
(root,547592,25104,00:00:13/11-12:49:44,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd
(root,37016,26660,00:00:00/11-12:49:44,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion
(root,21172,4536,00:01:13/11-12:49:44,1337) /usr/sbin/xinetd -stayalive -dontfork
(root,2984,1856,00:00:00/11-12:49:44,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux
(syslogtunnel,40564,10520,00:00:00/11-12:49:44,1341) /usr/lib/systemd/systemd --user
(cm-ssh,40560,10652,00:00:00/11-12:49:44,1342) /usr/lib/systemd/systemd --user
(checkmk,40568,10560,00:00:00/11-12:49:44,1343) /usr/lib/systemd/systemd --user
(root,448964,8880,00:00:11/11-12:49:44,1345) /usr/sbin/rsyslogd -n -iNONE
(ntp,20660,6340,00:01:38/11-12:49:44,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf
(root,2516,656,00:00:00/11-12:49:44,1352) bpfilter_umh
(root,26204,8212,00:00:02/11-12:49:44,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups
(ntp,22048,4368,00:00:00/11-12:49:44,1359) ntpd: asynchronous dns resolver
(spot,292316,178940,15:31:42/11-12:49:43,1368) /usr/bin/python3.11 /usr/bin/spot
(syslogtunnel,48528,3192,00:00:00/11-12:49:43,1371) (sd-pam)
(checkmk,48528,3192,00:00:00/11-12:49:43,1372) (sd-pam)
(cm-ssh,48528,3192,00:00:00/11-12:49:43,1373) (sd-pam)
(root,24216,5268,00:00:03/11-12:49:41,1468) /usr/lib/postfix/bin//master -w
(postfix,24292,8244,00:00:00/11-12:49:41,1470) qmgr -l -t fifo -u
(root,8964,2656,00:00:01/11-12:49:41,1485) /usr/sbin/cron -n
(root,35304,10076,00:00:00/11-12:49:38,1516) sshd: syslogtunnel [priv]
(syslogtunnel,35304,5504,00:00:39/11-12:49:37,1527) sshd: syslogtunnel
(root,617612,72248,00:15:31/11-12:49:35,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion
(spot,211392,47288,00:06:18/11-12:49:23,1995) /usr/bin/python3.11 /usr/bin/spot
(postfix,44628,9380,00:00:00/5-18:24:58,2557) tlsmgr -l -t unix -u
(root,35308,10108,00:00:00/11-12:48:58,3216) sshd: cm-ssh [priv]
(cm-ssh,35308,5492,00:00:36/11-12:48:58,3218) sshd: cm-ssh
(root,0,0,00:00:00/44:06,5235) [kworker/2:2-events]
(root,0,0,00:00:00/10:16,6963) [kworker/3:2-ata_sff]
(root,0,0,00:00:03/22:59:27,7785) [kworker/2:1-events]
(postfix,24244,8284,00:00:00/00:40,12836) pickup -l -t fifo -u
(root,0,0,00:00:00/23:33,14236) [kworker/u8:2-ext4-rsv-conversion]
(root,6656,3476,00:00:00/00:00,17255) /bin/bash /usr/bin/check_mk_agent
(root,13744,3492,00:00:00/00:00,17273) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000
(root,11644,964,00:00:00/00:00,17274) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) /
(root,0,0,00:00:00/05:48:01,19628) [kworker/0:1-events]
(root,0,0,00:00:00/05:23:34,20763) [kworker/1:0-events]
(root,0,0,00:00:00/05:04,23666) [kworker/3:0-ata_sff]
(root,0,0,00:00:00/01:09:05,24598) [kworker/u8:1-writeback]
(root,0,0,00:00:01/04:23:17,28099) [kworker/1:2-events]
(root,0,0,00:00:00/56:57,28318) [kworker/3:1-events]
(root,0,0,00:00:01/03:59:08,29792) [kworker/0:0-events]

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff
    altname enp0s18
    altname ens18
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff
    altname enp0s19
    altname ens19
[end_iplink]
      Found on 2024-09-21 23:39

    • Severity: high
      Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363f96bee00

      Found public CheckMk agent:
Version: 1.5.0p25
AgentOS: linux
Hostname: sarpedon
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
OnlyFrom: 

Found process list through CheckMk:
(root,189452,12636,00:00:15/9-09:45:56,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29
(root,0,0,00:00:00/9-09:45:56,2) [kthreadd]
(root,0,0,00:00:00/9-09:45:56,3) [rcu_gp]
(root,0,0,00:00:00/9-09:45:56,4) [rcu_par_gp]
(root,0,0,00:00:00/9-09:45:56,5) [slub_flushwq]
(root,0,0,00:00:00/9-09:45:56,7) [kworker/0:0H-events_highpri]
(root,0,0,00:00:00/9-09:45:56,9) [mm_percpu_wq]
(root,0,0,00:00:00/9-09:45:56,10) [rcu_tasks_kthre]
(root,0,0,00:00:00/9-09:45:56,11) [rcu_tasks_rude_]
(root,0,0,00:00:00/9-09:45:56,12) [rcu_tasks_trace]
(root,0,0,00:00:16/9-09:45:56,13) [ksoftirqd/0]
(root,0,0,00:25:31/9-09:45:56,14) [rcu_preempt]
(root,0,0,00:00:03/9-09:45:56,15) [migration/0]
(root,0,0,00:00:00/9-09:45:56,16) [idle_inject/0]
(root,0,0,00:00:00/9-09:45:56,18) [cpuhp/0]
(root,0,0,00:00:00/9-09:45:56,19) [cpuhp/1]
(root,0,0,00:00:00/9-09:45:56,20) [idle_inject/1]
(root,0,0,00:00:03/9-09:45:56,21) [migration/1]
(root,0,0,00:00:13/9-09:45:56,22) [ksoftirqd/1]
(root,0,0,00:00:00/9-09:45:56,24) [kworker/1:0H-events_highpri]
(root,0,0,00:00:00/9-09:45:56,25) [cpuhp/2]
(root,0,0,00:00:00/9-09:45:56,26) [idle_inject/2]
(root,0,0,00:00:02/9-09:45:56,27) [migration/2]
(root,0,0,00:17:06/9-09:45:56,28) [ksoftirqd/2]
(root,0,0,00:00:00/9-09:45:56,30) [kworker/2:0H-events_highpri]
(root,0,0,00:00:00/9-09:45:56,31) [cpuhp/3]
(root,0,0,00:00:00/9-09:45:56,32) [idle_inject/3]
(root,0,0,00:00:03/9-09:45:56,33) [migration/3]
(root,0,0,00:00:48/9-09:45:56,34) [ksoftirqd/3]
(root,0,0,00:00:00/9-09:45:56,36) [kworker/3:0H-events_highpri]
(root,0,0,00:00:00/9-09:45:56,40) [kdevtmpfs]
(root,0,0,00:00:00/9-09:45:56,41) [netns]
(root,0,0,00:00:00/9-09:45:56,42) [inet_frag_wq]
(root,0,0,00:00:01/9-09:45:56,43) [kauditd]
(root,0,0,00:00:00/9-09:45:56,44) [khungtaskd]
(root,0,0,00:00:00/9-09:45:56,45) [oom_reaper]
(root,0,0,00:00:00/9-09:45:56,46) [writeback]
(root,0,0,00:00:28/9-09:45:56,47) [kcompactd0]
(root,0,0,00:00:00/9-09:45:56,48) [ksmd]
(root,0,0,00:00:31/9-09:45:56,49) [khugepaged]
(root,0,0,00:00:00/9-09:45:56,75) [kintegrityd]
(root,0,0,00:00:00/9-09:45:56,76) [kblockd]
(root,0,0,00:00:00/9-09:45:56,77) [blkcg_punt_bio]
(root,0,0,00:00:00/9-09:45:56,79) [tpm_dev_wq]
(root,0,0,00:00:00/9-09:45:56,80) [edac-poller]
(root,0,0,00:00:00/9-09:45:56,81) [devfreq_wq]
(root,0,0,00:00:00/9-09:45:56,110) [watchdogd]
(root,0,0,00:00:00/9-09:45:56,111) [kswapd0]
(root,0,0,00:00:02/9-09:45:56,113) [kworker/2:1H-kblockd]
(root,0,0,00:00:00/9-09:45:54,115) [kthrotld]
(root,0,0,00:00:00/9-09:45:54,116) [mld]
(root,0,0,00:00:00/9-09:45:54,117) [ipv6_addrconf]
(root,0,0,00:00:02/9-09:45:54,118) [kworker/0:1H-kblockd]
(root,0,0,00:00:00/9-09:45:54,123) [kstrp]
(root,0,0,00:00:00/9-09:45:54,124) [zswap-shrink]
(root,0,0,00:00:00/9-09:45:54,125) [kworker/u9:0]
(root,0,0,00:00:00/9-09:45:54,130) [charger_manager]
(root,0,0,00:00:02/9-09:45:54,172) [kworker/1:1H-kblockd]
(root,0,0,00:00:04/9-09:45:54,177) [kworker/3:1H-kblockd]
(root,0,0,00:00:00/9-09:45:53,239) [kaluad]
(root,0,0,00:00:00/9-09:45:53,258) [kmpath_rdacd]
(root,0,0,00:00:00/9-09:45:53,304) [kmpathd]
(root,0,0,00:00:00/9-09:45:53,305) [kmpath_handlerd]
(root,0,0,00:00:00/9-09:45:52,342) [ata_sff]
(root,0,0,00:00:00/9-09:45:52,343) [scsi_eh_0]
(root,0,0,00:00:00/9-09:45:52,344) [scsi_tmf_0]
(root,0,0,00:00:00/9-09:45:52,345) [scsi_eh_1]
(root,0,0,00:00:00/9-09:45:52,346) [scsi_tmf_1]
(root,0,0,00:00:17/9-09:45:49,366) [jbd2/vda1-8]
(root,0,0,00:00:00/9-09:45:49,367) [ext4-rsv-conver]
(root,38604,7616,00:00:08/9-09:45:37,440) /usr/lib/systemd/systemd-journald
(root,53296,9772,00:00:01/9-09:45:36,454) /usr/lib/systemd/systemd-udevd
(root,8624,6244,00:00:14/9-09:45:34,492) /usr/sbin/haveged -w 1024 -v 0 -F
(root,13476,1652,00:00:02/9-09:45:03,511) /sbin/auditd
(messagebus,22932,5912,00:00:11/9-09:45:02,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
(root,38748,8368,00:00:07/9-09:45:02,530) /usr/lib/systemd/systemd-logind
(root,20556,6040,00:00:00/9-09:45:02,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground
(root,31704,17436,00:00:03/9-09:45:00,611) /usr/sbin/wickedd --systemd --foreground
(root,31900,18000,00:00:00/9-09:45:00,616) /usr/sbin/wickedd-nanny --systemd --foreground
(root,547592,24840,00:00:10/9-09:44:46,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd
(root,37016,26660,00:00:00/9-09:44:46,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion
(root,21172,4536,00:00:59/9-09:44:46,1337) /usr/sbin/xinetd -stayalive -dontfork
(root,2984,1856,00:00:00/9-09:44:46,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux
(syslogtunnel,40564,10520,00:00:00/9-09:44:46,1341) /usr/lib/systemd/systemd --user
(cm-ssh,40560,10652,00:00:00/9-09:44:46,1342) /usr/lib/systemd/systemd --user
(checkmk,40568,10560,00:00:00/9-09:44:46,1343) /usr/lib/systemd/systemd --user
(root,448964,8880,00:00:09/9-09:44:46,1345) /usr/sbin/rsyslogd -n -iNONE
(ntp,20660,6340,00:01:19/9-09:44:46,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf
(root,2516,656,00:00:00/9-09:44:46,1352) bpfilter_umh
(root,26204,8212,00:00:01/9-09:44:46,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups
(ntp,22048,4368,00:00:00/9-09:44:46,1359) ntpd: asynchronous dns resolver
(spot,293952,180200,12:10:23/9-09:44:45,1368) /usr/bin/python3.11 /usr/bin/spot
(syslogtunnel,48528,3192,00:00:00/9-09:44:45,1371) (sd-pam)
(checkmk,48528,3192,00:00:00/9-09:44:45,1372) (sd-pam)
(cm-ssh,48528,3192,00:00:00/9-09:44:45,1373) (sd-pam)
(root,24216,5268,00:00:03/9-09:44:43,1468) /usr/lib/postfix/bin//master -w
(postfix,24292,8244,00:00:00/9-09:44:43,1470) qmgr -l -t fifo -u
(root,8964,2656,00:00:01/9-09:44:43,1485) /usr/sbin/cron -n
(root,35304,10076,00:00:00/9-09:44:40,1516) sshd: syslogtunnel [priv]
(syslogtunnel,35304,5504,00:00:31/9-09:44:39,1527) sshd: syslogtunnel
(root,617356,71948,00:12:35/9-09:44:37,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion
(spot,209344,45712,00:05:04/9-09:44:25,1995) /usr/bin/python3.11 /usr/bin/spot
(postfix,44628,9380,00:00:00/3-15:20:00,2557) tlsmgr -l -t unix -u
(root,35308,10108,00:00:00/9-09:44:00,3216) sshd: cm-ssh [priv]
(cm-ssh,35308,5492,00:00:30/9-09:44:00,3218) sshd: cm-ssh
(root,0,0,00:00:00/04:39:46,8172) [kworker/2:2-events]
(root,0,0,00:00:00/16:44,10860) [kworker/3:1-events]
(root,0,0,00:00:00/38:30,11212) [kworker/2:0-events]
(root,0,0,00:00:00/06:23,12262) [kworker/3:0-ata_sff]
(root,0,0,00:00:00/03:04:09,14431) [kworker/u8:0-writeback]
(root,0,0,00:00:00/02:04:06,14915) [kworker/u8:2-ext4-rsv-conversion]
(root,0,0,00:00:00/14:12,15432) [kworker/0:2-events]
(root,0,0,00:00:00/01:50:33,15893) [kworker/0:0-events]
(postfix,24244,8200,00:00:00/37:38,19776) pickup -l -t fifo -u
(root,0,0,00:00:00/50:27,22079) [kworker/1:1]
(root,0,0,00:00:01/05:04:00,26887) [kworker/1:2-events]
(root,0,0,00:00:00/01:10,27010) [kworker/3:2-ata_sff]
(root,6656,3488,00:00:00/00:00,32326) /bin/bash /usr/bin/check_mk_agent
(root,13744,3364,00:00:00/00:00,32344) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000
(root,11644,968,00:00:00/00:00,32345) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) /

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff
    altname enp0s18
    altname ens18
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff
    altname enp0s19
    altname ens19
[end_iplink]
      Found on 2024-09-19 20:34

    • Severity: high
      Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe5683639e0c0a0d

      Found public CheckMk agent:
Version: 1.5.0p25
AgentOS: linux
Hostname: sarpedon
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
OnlyFrom: 

Found process list through CheckMk:
(root,189452,12636,00:00:12/7-11:10:33,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29
(root,0,0,00:00:00/7-11:10:33,2) [kthreadd]
(root,0,0,00:00:00/7-11:10:33,3) [rcu_gp]
(root,0,0,00:00:00/7-11:10:33,4) [rcu_par_gp]
(root,0,0,00:00:00/7-11:10:33,5) [slub_flushwq]
(root,0,0,00:00:00/7-11:10:33,7) [kworker/0:0H-events_highpri]
(root,0,0,00:00:00/7-11:10:33,9) [mm_percpu_wq]
(root,0,0,00:00:00/7-11:10:33,10) [rcu_tasks_kthre]
(root,0,0,00:00:00/7-11:10:33,11) [rcu_tasks_rude_]
(root,0,0,00:00:00/7-11:10:33,12) [rcu_tasks_trace]
(root,0,0,00:00:12/7-11:10:33,13) [ksoftirqd/0]
(root,0,0,00:19:49/7-11:10:33,14) [rcu_preempt]
(root,0,0,00:00:02/7-11:10:33,15) [migration/0]
(root,0,0,00:00:00/7-11:10:33,16) [idle_inject/0]
(root,0,0,00:00:00/7-11:10:33,18) [cpuhp/0]
(root,0,0,00:00:00/7-11:10:33,19) [cpuhp/1]
(root,0,0,00:00:00/7-11:10:33,20) [idle_inject/1]
(root,0,0,00:00:03/7-11:10:33,21) [migration/1]
(root,0,0,00:00:10/7-11:10:33,22) [ksoftirqd/1]
(root,0,0,00:00:00/7-11:10:33,24) [kworker/1:0H-events_highpri]
(root,0,0,00:00:00/7-11:10:33,25) [cpuhp/2]
(root,0,0,00:00:00/7-11:10:33,26) [idle_inject/2]
(root,0,0,00:00:02/7-11:10:33,27) [migration/2]
(root,0,0,00:13:00/7-11:10:33,28) [ksoftirqd/2]
(root,0,0,00:00:00/7-11:10:33,30) [kworker/2:0H-events_highpri]
(root,0,0,00:00:00/7-11:10:33,31) [cpuhp/3]
(root,0,0,00:00:00/7-11:10:33,32) [idle_inject/3]
(root,0,0,00:00:02/7-11:10:33,33) [migration/3]
(root,0,0,00:00:36/7-11:10:33,34) [ksoftirqd/3]
(root,0,0,00:00:00/7-11:10:33,36) [kworker/3:0H-events_highpri]
(root,0,0,00:00:00/7-11:10:33,40) [kdevtmpfs]
(root,0,0,00:00:00/7-11:10:33,41) [netns]
(root,0,0,00:00:00/7-11:10:33,42) [inet_frag_wq]
(root,0,0,00:00:00/7-11:10:33,43) [kauditd]
(root,0,0,00:00:00/7-11:10:33,44) [khungtaskd]
(root,0,0,00:00:00/7-11:10:33,45) [oom_reaper]
(root,0,0,00:00:00/7-11:10:33,46) [writeback]
(root,0,0,00:00:22/7-11:10:33,47) [kcompactd0]
(root,0,0,00:00:00/7-11:10:33,48) [ksmd]
(root,0,0,00:00:24/7-11:10:33,49) [khugepaged]
(root,0,0,00:00:00/7-11:10:33,75) [kintegrityd]
(root,0,0,00:00:00/7-11:10:33,76) [kblockd]
(root,0,0,00:00:00/7-11:10:33,77) [blkcg_punt_bio]
(root,0,0,00:00:00/7-11:10:33,79) [tpm_dev_wq]
(root,0,0,00:00:00/7-11:10:33,80) [edac-poller]
(root,0,0,00:00:00/7-11:10:33,81) [devfreq_wq]
(root,0,0,00:00:00/7-11:10:33,110) [watchdogd]
(root,0,0,00:00:00/7-11:10:33,111) [kswapd0]
(root,0,0,00:00:01/7-11:10:33,113) [kworker/2:1H-kblockd]
(root,0,0,00:00:00/7-11:10:31,115) [kthrotld]
(root,0,0,00:00:00/7-11:10:31,116) [mld]
(root,0,0,00:00:00/7-11:10:31,117) [ipv6_addrconf]
(root,0,0,00:00:01/7-11:10:31,118) [kworker/0:1H-kblockd]
(root,0,0,00:00:00/7-11:10:31,123) [kstrp]
(root,0,0,00:00:00/7-11:10:31,124) [zswap-shrink]
(root,0,0,00:00:00/7-11:10:31,125) [kworker/u9:0]
(root,0,0,00:00:00/7-11:10:31,130) [charger_manager]
(root,0,0,00:00:02/7-11:10:31,172) [kworker/1:1H-kblockd]
(root,0,0,00:00:03/7-11:10:31,177) [kworker/3:1H-kblockd]
(root,0,0,00:00:00/7-11:10:30,239) [kaluad]
(root,0,0,00:00:00/7-11:10:30,258) [kmpath_rdacd]
(root,0,0,00:00:00/7-11:10:30,304) [kmpathd]
(root,0,0,00:00:00/7-11:10:30,305) [kmpath_handlerd]
(root,0,0,00:00:00/7-11:10:29,342) [ata_sff]
(root,0,0,00:00:00/7-11:10:29,343) [scsi_eh_0]
(root,0,0,00:00:00/7-11:10:29,344) [scsi_tmf_0]
(root,0,0,00:00:00/7-11:10:29,345) [scsi_eh_1]
(root,0,0,00:00:00/7-11:10:29,346) [scsi_tmf_1]
(root,0,0,00:00:13/7-11:10:26,366) [jbd2/vda1-8]
(root,0,0,00:00:00/7-11:10:26,367) [ext4-rsv-conver]
(root,38604,7616,00:00:07/7-11:10:14,440) /usr/lib/systemd/systemd-journald
(root,53296,9772,00:00:01/7-11:10:13,454) /usr/lib/systemd/systemd-udevd
(root,8624,6244,00:00:11/7-11:10:11,492) /usr/sbin/haveged -w 1024 -v 0 -F
(root,13476,1652,00:00:01/7-11:09:40,511) /sbin/auditd
(messagebus,22932,5912,00:00:09/7-11:09:39,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
(root,38748,8360,00:00:05/7-11:09:39,530) /usr/lib/systemd/systemd-logind
(root,20556,6040,00:00:00/7-11:09:39,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground
(root,31704,17436,00:00:03/7-11:09:37,611) /usr/sbin/wickedd --systemd --foreground
(root,31900,18000,00:00:00/7-11:09:37,616) /usr/sbin/wickedd-nanny --systemd --foreground
(root,547592,23800,00:00:08/7-11:09:23,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd
(root,37016,26660,00:00:00/7-11:09:23,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion
(root,21172,4536,00:00:46/7-11:09:23,1337) /usr/sbin/xinetd -stayalive -dontfork
(root,2984,1856,00:00:00/7-11:09:23,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux
(syslogtunnel,40564,10520,00:00:00/7-11:09:23,1341) /usr/lib/systemd/systemd --user
(cm-ssh,40560,10652,00:00:00/7-11:09:23,1342) /usr/lib/systemd/systemd --user
(checkmk,40568,10560,00:00:00/7-11:09:23,1343) /usr/lib/systemd/systemd --user
(root,448964,8880,00:00:07/7-11:09:23,1345) /usr/sbin/rsyslogd -n -iNONE
(ntp,20660,6340,00:01:01/7-11:09:23,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf
(root,2516,656,00:00:00/7-11:09:23,1352) bpfilter_umh
(root,26204,8212,00:00:01/7-11:09:23,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups
(ntp,22048,4368,00:00:00/7-11:09:23,1359) ntpd: asynchronous dns resolver
(spot,290476,176820,09:07:35/7-11:09:22,1368) /usr/bin/python3.11 /usr/bin/spot
(syslogtunnel,48528,3192,00:00:00/7-11:09:22,1371) (sd-pam)
(checkmk,48528,3192,00:00:00/7-11:09:22,1372) (sd-pam)
(cm-ssh,48528,3192,00:00:00/7-11:09:22,1373) (sd-pam)
(root,24216,5268,00:00:02/7-11:09:20,1468) /usr/lib/postfix/bin//master -w
(postfix,24292,8244,00:00:00/7-11:09:20,1470) qmgr -l -t fifo -u
(root,8964,2656,00:00:00/7-11:09:20,1485) /usr/sbin/cron -n
(root,35304,10076,00:00:00/7-11:09:17,1516) sshd: syslogtunnel [priv]
(syslogtunnel,35304,5504,00:00:25/7-11:09:16,1527) sshd: syslogtunnel
(root,617356,71808,00:09:54/7-11:09:14,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion
(spot,208320,44428,00:03:52/7-11:09:02,1995) /usr/bin/python3.11 /usr/bin/spot
(postfix,44628,9380,00:00:00/1-16:44:37,2557) tlsmgr -l -t unix -u
(root,35308,10108,00:00:00/7-11:08:37,3216) sshd: cm-ssh [priv]
(cm-ssh,35308,5492,00:00:23/7-11:08:37,3218) sshd: cm-ssh
(root,0,0,00:00:01/07:55:46,6969) [kworker/0:2-events]
(root,0,0,00:00:00/02:58:42,8452) [kworker/1:2-events]
(root,0,0,00:00:00/07:28,9208) [kworker/3:0-ata_sff]
(root,0,0,00:00:00/40:21,12808) [kworker/u8:0-ext4-rsv-conversion]
(root,6656,3488,00:00:00/00:00,13988) /bin/bash /usr/bin/check_mk_agent
(root,13744,3376,00:00:00/00:00,14006) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000
(root,11644,964,00:00:00/00:00,14007) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) /
(root,0,0,00:00:00/06:16:24,14219) [kworker/0:1]
(root,0,0,00:00:00/47:25,17990) [kworker/2:0-events]
(root,0,0,00:00:01/05:20:44,18376) [kworker/2:2-events]
(root,0,0,00:00:00/12:39,22475) [kworker/3:2-events]
(root,0,0,00:00:00/28:43,25953) [kworker/u8:1-writeback]
(root,0,0,00:00:00/01:53:00,26083) [kworker/1:1]
(postfix,24244,8296,00:00:00/44:15,29149) pickup -l -t fifo -u
(root,0,0,00:00:00/02:16,32239) [kworker/3:1-ata_sff]

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff
    altname enp0s18
    altname ens18
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff
    altname enp0s19
    altname ens19
[end_iplink]
      Found on 2024-09-17 21:59

    • Severity: high
      Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe5683636362f0ce

      Found public CheckMk agent:
Version: 1.5.0p25
AgentOS: linux
Hostname: sarpedon
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
OnlyFrom: 

Found process list through CheckMk:
(root,189452,12636,00:00:09/5-12:33:07,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29
(root,0,0,00:00:00/5-12:33:07,2) [kthreadd]
(root,0,0,00:00:00/5-12:33:07,3) [rcu_gp]
(root,0,0,00:00:00/5-12:33:07,4) [rcu_par_gp]
(root,0,0,00:00:00/5-12:33:07,5) [slub_flushwq]
(root,0,0,00:00:00/5-12:33:07,7) [kworker/0:0H-events_highpri]
(root,0,0,00:00:00/5-12:33:07,9) [mm_percpu_wq]
(root,0,0,00:00:00/5-12:33:07,10) [rcu_tasks_kthre]
(root,0,0,00:00:00/5-12:33:07,11) [rcu_tasks_rude_]
(root,0,0,00:00:00/5-12:33:07,12) [rcu_tasks_trace]
(root,0,0,00:00:09/5-12:33:07,13) [ksoftirqd/0]
(root,0,0,00:14:15/5-12:33:07,14) [rcu_preempt]
(root,0,0,00:00:02/5-12:33:07,15) [migration/0]
(root,0,0,00:00:00/5-12:33:07,16) [idle_inject/0]
(root,0,0,00:00:00/5-12:33:07,18) [cpuhp/0]
(root,0,0,00:00:00/5-12:33:07,19) [cpuhp/1]
(root,0,0,00:00:00/5-12:33:07,20) [idle_inject/1]
(root,0,0,00:00:02/5-12:33:07,21) [migration/1]
(root,0,0,00:00:07/5-12:33:07,22) [ksoftirqd/1]
(root,0,0,00:00:00/5-12:33:07,24) [kworker/1:0H-events_highpri]
(root,0,0,00:00:00/5-12:33:07,25) [cpuhp/2]
(root,0,0,00:00:00/5-12:33:07,26) [idle_inject/2]
(root,0,0,00:00:01/5-12:33:07,27) [migration/2]
(root,0,0,00:09:20/5-12:33:07,28) [ksoftirqd/2]
(root,0,0,00:00:00/5-12:33:07,30) [kworker/2:0H-events_highpri]
(root,0,0,00:00:00/5-12:33:07,31) [cpuhp/3]
(root,0,0,00:00:00/5-12:33:07,32) [idle_inject/3]
(root,0,0,00:00:02/5-12:33:07,33) [migration/3]
(root,0,0,00:00:25/5-12:33:07,34) [ksoftirqd/3]
(root,0,0,00:00:00/5-12:33:07,36) [kworker/3:0H-events_highpri]
(root,0,0,00:00:00/5-12:33:07,40) [kdevtmpfs]
(root,0,0,00:00:00/5-12:33:07,41) [netns]
(root,0,0,00:00:00/5-12:33:07,42) [inet_frag_wq]
(root,0,0,00:00:00/5-12:33:07,43) [kauditd]
(root,0,0,00:00:00/5-12:33:07,44) [khungtaskd]
(root,0,0,00:00:00/5-12:33:07,45) [oom_reaper]
(root,0,0,00:00:00/5-12:33:07,46) [writeback]
(root,0,0,00:00:15/5-12:33:07,47) [kcompactd0]
(root,0,0,00:00:00/5-12:33:07,48) [ksmd]
(root,0,0,00:00:16/5-12:33:07,49) [khugepaged]
(root,0,0,00:00:00/5-12:33:07,75) [kintegrityd]
(root,0,0,00:00:00/5-12:33:07,76) [kblockd]
(root,0,0,00:00:00/5-12:33:07,77) [blkcg_punt_bio]
(root,0,0,00:00:00/5-12:33:07,79) [tpm_dev_wq]
(root,0,0,00:00:00/5-12:33:07,80) [edac-poller]
(root,0,0,00:00:00/5-12:33:07,81) [devfreq_wq]
(root,0,0,00:00:00/5-12:33:07,110) [watchdogd]
(root,0,0,00:00:00/5-12:33:07,111) [kswapd0]
(root,0,0,00:00:01/5-12:33:07,113) [kworker/2:1H-kblockd]
(root,0,0,00:00:00/5-12:33:05,115) [kthrotld]
(root,0,0,00:00:00/5-12:33:05,116) [mld]
(root,0,0,00:00:00/5-12:33:05,117) [ipv6_addrconf]
(root,0,0,00:00:01/5-12:33:05,118) [kworker/0:1H-kblockd]
(root,0,0,00:00:00/5-12:33:05,123) [kstrp]
(root,0,0,00:00:00/5-12:33:05,124) [zswap-shrink]
(root,0,0,00:00:00/5-12:33:05,125) [kworker/u9:0]
(root,0,0,00:00:00/5-12:33:05,130) [charger_manager]
(root,0,0,00:00:01/5-12:33:05,172) [kworker/1:1H-kblockd]
(root,0,0,00:00:02/5-12:33:05,177) [kworker/3:1H-kblockd]
(root,0,0,00:00:00/5-12:33:04,239) [kaluad]
(root,0,0,00:00:00/5-12:33:04,258) [kmpath_rdacd]
(root,0,0,00:00:00/5-12:33:04,304) [kmpathd]
(root,0,0,00:00:00/5-12:33:04,305) [kmpath_handlerd]
(root,0,0,00:00:00/5-12:33:03,342) [ata_sff]
(root,0,0,00:00:00/5-12:33:03,343) [scsi_eh_0]
(root,0,0,00:00:00/5-12:33:03,344) [scsi_tmf_0]
(root,0,0,00:00:00/5-12:33:03,345) [scsi_eh_1]
(root,0,0,00:00:00/5-12:33:03,346) [scsi_tmf_1]
(root,0,0,00:00:09/5-12:33:00,366) [jbd2/vda1-8]
(root,0,0,00:00:00/5-12:33:00,367) [ext4-rsv-conver]
(root,38604,7616,00:00:05/5-12:32:48,440) /usr/lib/systemd/systemd-journald
(root,53296,9868,00:00:00/5-12:32:47,454) /usr/lib/systemd/systemd-udevd
(root,8624,6244,00:00:08/5-12:32:45,492) /usr/sbin/haveged -w 1024 -v 0 -F
(root,13476,1652,00:00:01/5-12:32:14,511) /sbin/auditd
(messagebus,22932,5912,00:00:07/5-12:32:13,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
(root,38748,8360,00:00:04/5-12:32:13,530) /usr/lib/systemd/systemd-logind
(root,20556,6064,00:00:00/5-12:32:13,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground
(root,31704,17460,00:00:03/5-12:32:11,611) /usr/sbin/wickedd --systemd --foreground
(root,31900,18024,00:00:00/5-12:32:11,616) /usr/sbin/wickedd-nanny --systemd --foreground
(root,547592,23628,00:00:06/5-12:31:57,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd
(root,37016,26736,00:00:00/5-12:31:57,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion
(root,21172,4536,00:00:34/5-12:31:57,1337) /usr/sbin/xinetd -stayalive -dontfork
(root,2984,1856,00:00:00/5-12:31:57,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux
(syslogtunnel,40564,10520,00:00:00/5-12:31:57,1341) /usr/lib/systemd/systemd --user
(cm-ssh,40560,10652,00:00:00/5-12:31:57,1342) /usr/lib/systemd/systemd --user
(checkmk,40568,10560,00:00:00/5-12:31:57,1343) /usr/lib/systemd/systemd --user
(root,448964,8616,00:00:06/5-12:31:57,1345) /usr/sbin/rsyslogd -n -iNONE
(ntp,20660,6344,00:00:44/5-12:31:57,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf
(root,2516,656,00:00:00/5-12:31:57,1352) bpfilter_umh
(root,26204,8212,00:00:01/5-12:31:57,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups
(ntp,22048,4372,00:00:00/5-12:31:57,1359) ntpd: asynchronous dns resolver
(spot,212044,174596,06:17:55/5-12:31:56,1368) /usr/bin/python3.11 /usr/bin/spot
(syslogtunnel,48528,3192,00:00:00/5-12:31:56,1371) (sd-pam)
(checkmk,48528,3192,00:00:00/5-12:31:56,1372) (sd-pam)
(cm-ssh,48528,3192,00:00:00/5-12:31:56,1373) (sd-pam)
(root,24216,5268,00:00:01/5-12:31:54,1468) /usr/lib/postfix/bin//master -w
(postfix,24292,8244,00:00:00/5-12:31:54,1470) qmgr -l -t fifo -u
(root,8964,2656,00:00:00/5-12:31:54,1485) /usr/sbin/cron -n
(root,35304,10076,00:00:00/5-12:31:51,1516) sshd: syslogtunnel [priv]
(syslogtunnel,35304,5504,00:00:18/5-12:31:50,1527) sshd: syslogtunnel
(root,617100,69512,00:07:11/5-12:31:48,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion
(spot,208320,43148,00:02:46/5-12:31:36,1995) /usr/bin/python3.11 /usr/bin/spot
(root,35308,10108,00:00:00/5-12:31:11,3216) sshd: cm-ssh [priv]
(cm-ssh,35308,5492,00:00:17/5-12:31:11,3218) sshd: cm-ssh
(root,0,0,00:00:00/04:52,4407) [kworker/u8:1]
(root,0,0,00:00:00/04:52,4408) [kworker/2:0-events]
(root,0,0,00:00:00/21:20,4816) [kworker/u8:0-flush-253:0]
(root,0,0,00:00:00/37:50,12853) [kworker/1:0-events]
(postfix,24244,8228,00:00:00/47:40,15243) pickup -l -t fifo -u
(root,0,0,00:00:00/01:03,16813) [kworker/3:1-ata_sff]
(root,0,0,00:00:00/02:06:34,18842) [kworker/0:0-events]
(root,0,0,00:00:00/01:08:29,19687) [kworker/3:0-events]
(root,0,0,00:00:01/04:51:43,20908) [kworker/2:1-events]
(root,6656,3488,00:00:00/00:00,21034) /bin/bash /usr/bin/check_mk_agent
(root,6656,3484,00:00:00/00:00,21075) /bin/bash /usr/bin/check_mk_agent
(root,6656,1824,00:00:00/00:00,21095) /bin/bash /usr/bin/check_mk_agent
(root,6656,2016,00:00:00/00:00,21096) /bin/bash /usr/bin/check_mk_agent
(root,4480,1044,00:00:00/00:00,21098) awk  /:/ { c[$4]++; } END { for (x in c) { print x, c[x]; } }
(root,2728,772,00:00:00/00:00,21099) timeout 5 cat /proc/net/tcp /proc/net/tcp6
(root,2680,656,00:00:00/00:00,21103) cat /proc/net/tcp /proc/net/tcp6
(root,13744,3452,00:00:00/00:00,21111) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000
(root,11644,964,00:00:00/00:00,21112) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) /
(root,0,0,00:00:00/26:47,24590) [kworker/0:2-events]
(root,0,0,00:00:01/03:34:32,25521) [kworker/1:2-events]
(root,0,0,00:00:00/09:26:20,28908) [kworker/u8:2-events_unbound]
(root,0,0,00:00:00/06:14,31007) [kworker/3:2-ata_sff]
(root,0,0,00:00:00/01:33:42,31575) [kworker/2:2-inet_frag_wq]

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff
    altname enp0s18
    altname ens18
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff
    altname enp0s19
    altname ens19
[end_iplink]
      Found on 2024-09-15 23:21

    • Severity: high
      Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe56836369fa5e73

      Found public CheckMk agent:
Version: 1.5.0p25
AgentOS: linux
Hostname: sarpedon
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
OnlyFrom: 

Found process list through CheckMk:
(root,189452,12636,00:00:07/3-11:26:04,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29
(root,0,0,00:00:00/3-11:26:04,2) [kthreadd]
(root,0,0,00:00:00/3-11:26:04,3) [rcu_gp]
(root,0,0,00:00:00/3-11:26:04,4) [rcu_par_gp]
(root,0,0,00:00:00/3-11:26:04,5) [slub_flushwq]
(root,0,0,00:00:00/3-11:26:04,7) [kworker/0:0H-events_highpri]
(root,0,0,00:00:00/3-11:26:04,9) [mm_percpu_wq]
(root,0,0,00:00:00/3-11:26:04,10) [rcu_tasks_kthre]
(root,0,0,00:00:00/3-11:26:04,11) [rcu_tasks_rude_]
(root,0,0,00:00:00/3-11:26:04,12) [rcu_tasks_trace]
(root,0,0,00:00:05/3-11:26:04,13) [ksoftirqd/0]
(root,0,0,00:08:53/3-11:26:04,14) [rcu_preempt]
(root,0,0,00:00:01/3-11:26:04,15) [migration/0]
(root,0,0,00:00:00/3-11:26:04,16) [idle_inject/0]
(root,0,0,00:00:00/3-11:26:04,18) [cpuhp/0]
(root,0,0,00:00:00/3-11:26:04,19) [cpuhp/1]
(root,0,0,00:00:00/3-11:26:04,20) [idle_inject/1]
(root,0,0,00:00:01/3-11:26:04,21) [migration/1]
(root,0,0,00:00:05/3-11:26:04,22) [ksoftirqd/1]
(root,0,0,00:00:00/3-11:26:04,24) [kworker/1:0H-events_highpri]
(root,0,0,00:00:00/3-11:26:04,25) [cpuhp/2]
(root,0,0,00:00:00/3-11:26:04,26) [idle_inject/2]
(root,0,0,00:00:01/3-11:26:04,27) [migration/2]
(root,0,0,00:06:00/3-11:26:04,28) [ksoftirqd/2]
(root,0,0,00:00:00/3-11:26:04,30) [kworker/2:0H-events_highpri]
(root,0,0,00:00:00/3-11:26:04,31) [cpuhp/3]
(root,0,0,00:00:00/3-11:26:04,32) [idle_inject/3]
(root,0,0,00:00:01/3-11:26:04,33) [migration/3]
(root,0,0,00:00:16/3-11:26:04,34) [ksoftirqd/3]
(root,0,0,00:00:00/3-11:26:04,36) [kworker/3:0H-events_highpri]
(root,0,0,00:00:00/3-11:26:04,40) [kdevtmpfs]
(root,0,0,00:00:00/3-11:26:04,41) [netns]
(root,0,0,00:00:00/3-11:26:04,42) [inet_frag_wq]
(root,0,0,00:00:00/3-11:26:04,43) [kauditd]
(root,0,0,00:00:00/3-11:26:04,44) [khungtaskd]
(root,0,0,00:00:00/3-11:26:04,45) [oom_reaper]
(root,0,0,00:00:00/3-11:26:04,46) [writeback]
(root,0,0,00:00:09/3-11:26:04,47) [kcompactd0]
(root,0,0,00:00:00/3-11:26:04,48) [ksmd]
(root,0,0,00:00:10/3-11:26:04,49) [khugepaged]
(root,0,0,00:00:00/3-11:26:04,75) [kintegrityd]
(root,0,0,00:00:00/3-11:26:04,76) [kblockd]
(root,0,0,00:00:00/3-11:26:04,77) [blkcg_punt_bio]
(root,0,0,00:00:00/3-11:26:04,79) [tpm_dev_wq]
(root,0,0,00:00:00/3-11:26:04,80) [edac-poller]
(root,0,0,00:00:00/3-11:26:04,81) [devfreq_wq]
(root,0,0,00:00:00/3-11:26:04,110) [watchdogd]
(root,0,0,00:00:00/3-11:26:04,111) [kswapd0]
(root,0,0,00:00:00/3-11:26:04,113) [kworker/2:1H-kblockd]
(root,0,0,00:00:00/3-11:26:02,115) [kthrotld]
(root,0,0,00:00:00/3-11:26:02,116) [mld]
(root,0,0,00:00:00/3-11:26:02,117) [ipv6_addrconf]
(root,0,0,00:00:00/3-11:26:02,118) [kworker/0:1H-kblockd]
(root,0,0,00:00:00/3-11:26:02,123) [kstrp]
(root,0,0,00:00:00/3-11:26:02,124) [zswap-shrink]
(root,0,0,00:00:00/3-11:26:02,125) [kworker/u9:0]
(root,0,0,00:00:00/3-11:26:02,130) [charger_manager]
(root,0,0,00:00:00/3-11:26:02,172) [kworker/1:1H-kblockd]
(root,0,0,00:00:01/3-11:26:02,177) [kworker/3:1H-kblockd]
(root,0,0,00:00:00/3-11:26:01,239) [kaluad]
(root,0,0,00:00:00/3-11:26:01,258) [kmpath_rdacd]
(root,0,0,00:00:00/3-11:26:01,304) [kmpathd]
(root,0,0,00:00:00/3-11:26:01,305) [kmpath_handlerd]
(root,0,0,00:00:00/3-11:26:00,342) [ata_sff]
(root,0,0,00:00:00/3-11:26:00,343) [scsi_eh_0]
(root,0,0,00:00:00/3-11:26:00,344) [scsi_tmf_0]
(root,0,0,00:00:00/3-11:26:00,345) [scsi_eh_1]
(root,0,0,00:00:00/3-11:26:00,346) [scsi_tmf_1]
(root,0,0,00:00:05/3-11:25:57,366) [jbd2/vda1-8]
(root,0,0,00:00:00/3-11:25:57,367) [ext4-rsv-conver]
(root,38604,7616,00:00:03/3-11:25:45,440) /usr/lib/systemd/systemd-journald
(root,53296,9868,00:00:00/3-11:25:44,454) /usr/lib/systemd/systemd-udevd
(root,8624,6244,00:00:05/3-11:25:42,492) /usr/sbin/haveged -w 1024 -v 0 -F
(root,13476,1652,00:00:00/3-11:25:11,511) /sbin/auditd
(messagebus,22932,5912,00:00:04/3-11:25:10,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
(root,38748,8356,00:00:02/3-11:25:10,530) /usr/lib/systemd/systemd-logind
(root,20556,6064,00:00:00/3-11:25:10,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground
(root,31704,17460,00:00:03/3-11:25:08,611) /usr/sbin/wickedd --systemd --foreground
(root,31900,18024,00:00:00/3-11:25:08,616) /usr/sbin/wickedd-nanny --systemd --foreground
(root,0,0,00:00:00/13:40,1306) [kworker/u8:0]
(root,547336,22784,00:00:04/3-11:24:54,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd
(root,37016,26736,00:00:00/3-11:24:54,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion
(root,0,0,00:00:00/13:40,1333) [kworker/0:1-events]
(root,21172,4536,00:00:21/3-11:24:54,1337) /usr/sbin/xinetd -stayalive -dontfork
(root,2984,1856,00:00:00/3-11:24:54,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux
(syslogtunnel,40564,10520,00:00:00/3-11:24:54,1341) /usr/lib/systemd/systemd --user
(cm-ssh,40560,10652,00:00:00/3-11:24:54,1342) /usr/lib/systemd/systemd --user
(checkmk,40568,10560,00:00:00/3-11:24:54,1343) /usr/lib/systemd/systemd --user
(root,448964,8096,00:00:04/3-11:24:54,1345) /usr/sbin/rsyslogd -n -iNONE
(ntp,20660,6344,00:00:27/3-11:24:54,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf
(root,2516,656,00:00:00/3-11:24:54,1352) bpfilter_umh
(root,26204,8212,00:00:00/3-11:24:54,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups
(ntp,22048,4372,00:00:00/3-11:24:54,1359) ntpd: asynchronous dns resolver
(spot,205724,169132,04:00:58/3-11:24:53,1368) /usr/bin/python3.11 /usr/bin/spot
(syslogtunnel,48528,3192,00:00:00/3-11:24:53,1371) (sd-pam)
(checkmk,48528,3192,00:00:00/3-11:24:53,1372) (sd-pam)
(cm-ssh,48528,3192,00:00:00/3-11:24:53,1373) (sd-pam)
(root,24216,5268,00:00:01/3-11:24:51,1468) /usr/lib/postfix/bin//master -w
(postfix,24292,8244,00:00:00/3-11:24:51,1470) qmgr -l -t fifo -u
(root,8964,2656,00:00:00/3-11:24:51,1485) /usr/sbin/cron -n
(root,35304,10076,00:00:00/3-11:24:48,1516) sshd: syslogtunnel [priv]
(syslogtunnel,35304,5504,00:00:11/3-11:24:47,1527) sshd: syslogtunnel
(root,615564,69936,00:04:32/3-11:24:45,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion
(spot,206272,41868,00:01:48/3-11:24:33,1995) /usr/bin/python3.11 /usr/bin/spot
(root,0,0,00:00:01/06:52:45,2276) [kworker/1:2-events]
(root,0,0,00:00:00/03:40,2497) [kworker/3:2-ata_sff]
(root,35308,10108,00:00:00/3-11:24:08,3216) sshd: cm-ssh [priv]
(cm-ssh,35308,5492,00:00:10/3-11:24:08,3218) sshd: cm-ssh
(root,0,0,00:00:00/33:00,4067) [kworker/1:1]
(root,0,0,00:00:01/06:36:42,5266) [kworker/2:1-events]
(postfix,24244,8260,00:00:00/02:33,6052) pickup -l -t fifo -u
(root,6656,3492,00:00:00/00:00,12634) /bin/bash /usr/bin/check_mk_agent
(root,13744,3376,00:00:00/00:00,12652) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000
(root,11644,960,00:00:00/00:00,12653) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) /
(root,0,0,00:00:00/02:45:23,13615) [kworker/2:2]
(root,0,0,00:00:00/45:10,15073) [kworker/3:0-events]
(root,0,0,00:00:00/08:50,17542) [kworker/3:1-ata_sff]
(root,0,0,00:00:00/51:38,22015) [kworker/u8:1-events_unbound]
(root,0,0,00:00:02/16:29:58,28478) [kworker/0:0-cgroup_destroy]

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff
    altname enp0s18
    altname ens18
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff
    altname enp0s19
    altname ens19
[end_iplink]
      Found on 2024-09-13 22:14

    • Severity: high
      Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363985ddfe2

      Found public CheckMk agent:
Version: 1.5.0p25
AgentOS: linux
Hostname: sarpedon
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
OnlyFrom: 

Found process list through CheckMk:
(root,189452,12636,00:00:04/1-13:23:27,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29
(root,0,0,00:00:00/1-13:23:27,2) [kthreadd]
(root,0,0,00:00:00/1-13:23:27,3) [rcu_gp]
(root,0,0,00:00:00/1-13:23:27,4) [rcu_par_gp]
(root,0,0,00:00:00/1-13:23:27,5) [slub_flushwq]
(root,0,0,00:00:00/1-13:23:27,7) [kworker/0:0H-events_highpri]
(root,0,0,00:00:00/1-13:23:27,9) [mm_percpu_wq]
(root,0,0,00:00:00/1-13:23:27,10) [rcu_tasks_kthre]
(root,0,0,00:00:00/1-13:23:27,11) [rcu_tasks_rude_]
(root,0,0,00:00:00/1-13:23:27,12) [rcu_tasks_trace]
(root,0,0,00:00:02/1-13:23:27,13) [ksoftirqd/0]
(root,0,0,00:04:07/1-13:23:27,14) [rcu_preempt]
(root,0,0,00:00:00/1-13:23:27,15) [migration/0]
(root,0,0,00:00:00/1-13:23:27,16) [idle_inject/0]
(root,0,0,00:00:00/1-13:23:27,18) [cpuhp/0]
(root,0,0,00:00:00/1-13:23:27,19) [cpuhp/1]
(root,0,0,00:00:00/1-13:23:27,20) [idle_inject/1]
(root,0,0,00:00:00/1-13:23:27,21) [migration/1]
(root,0,0,00:00:02/1-13:23:27,22) [ksoftirqd/1]
(root,0,0,00:00:00/1-13:23:27,24) [kworker/1:0H-events_highpri]
(root,0,0,00:00:00/1-13:23:27,25) [cpuhp/2]
(root,0,0,00:00:00/1-13:23:27,26) [idle_inject/2]
(root,0,0,00:00:00/1-13:23:27,27) [migration/2]
(root,0,0,00:02:39/1-13:23:27,28) [ksoftirqd/2]
(root,0,0,00:00:00/1-13:23:27,30) [kworker/2:0H-events_highpri]
(root,0,0,00:00:00/1-13:23:27,31) [cpuhp/3]
(root,0,0,00:00:00/1-13:23:27,32) [idle_inject/3]
(root,0,0,00:00:00/1-13:23:27,33) [migration/3]
(root,0,0,00:00:08/1-13:23:27,34) [ksoftirqd/3]
(root,0,0,00:00:00/1-13:23:27,36) [kworker/3:0H-events_highpri]
(root,0,0,00:00:00/1-13:23:27,40) [kdevtmpfs]
(root,0,0,00:00:00/1-13:23:27,41) [netns]
(root,0,0,00:00:00/1-13:23:27,42) [inet_frag_wq]
(root,0,0,00:00:00/1-13:23:27,43) [kauditd]
(root,0,0,00:00:00/1-13:23:27,44) [khungtaskd]
(root,0,0,00:00:00/1-13:23:27,45) [oom_reaper]
(root,0,0,00:00:00/1-13:23:27,46) [writeback]
(root,0,0,00:00:04/1-13:23:27,47) [kcompactd0]
(root,0,0,00:00:00/1-13:23:27,48) [ksmd]
(root,0,0,00:00:05/1-13:23:27,49) [khugepaged]
(root,0,0,00:00:00/1-13:23:27,75) [kintegrityd]
(root,0,0,00:00:00/1-13:23:27,76) [kblockd]
(root,0,0,00:00:00/1-13:23:27,77) [blkcg_punt_bio]
(root,0,0,00:00:00/1-13:23:27,79) [tpm_dev_wq]
(root,0,0,00:00:00/1-13:23:27,80) [edac-poller]
(root,0,0,00:00:00/1-13:23:27,81) [devfreq_wq]
(root,0,0,00:00:00/1-13:23:27,110) [watchdogd]
(root,0,0,00:00:00/1-13:23:27,111) [kswapd0]
(root,0,0,00:00:00/1-13:23:27,113) [kworker/2:1H-kblockd]
(root,0,0,00:00:00/1-13:23:25,115) [kthrotld]
(root,0,0,00:00:00/1-13:23:25,116) [mld]
(root,0,0,00:00:00/1-13:23:25,117) [ipv6_addrconf]
(root,0,0,00:00:00/1-13:23:25,118) [kworker/0:1H-kblockd]
(root,0,0,00:00:00/1-13:23:25,123) [kstrp]
(root,0,0,00:00:00/1-13:23:25,124) [zswap-shrink]
(root,0,0,00:00:00/1-13:23:25,125) [kworker/u9:0]
(root,0,0,00:00:00/1-13:23:25,130) [charger_manager]
(root,0,0,00:00:00/1-13:23:25,172) [kworker/1:1H-kblockd]
(root,0,0,00:00:00/1-13:23:25,177) [kworker/3:1H-kblockd]
(root,0,0,00:00:00/1-13:23:24,239) [kaluad]
(root,0,0,00:00:00/1-13:23:24,258) [kmpath_rdacd]
(root,0,0,00:00:00/1-13:23:24,304) [kmpathd]
(root,0,0,00:00:00/1-13:23:24,305) [kmpath_handlerd]
(root,0,0,00:00:00/1-13:23:23,342) [ata_sff]
(root,0,0,00:00:00/1-13:23:23,343) [scsi_eh_0]
(root,0,0,00:00:00/1-13:23:23,344) [scsi_tmf_0]
(root,0,0,00:00:00/1-13:23:23,345) [scsi_eh_1]
(root,0,0,00:00:00/1-13:23:23,346) [scsi_tmf_1]
(root,0,0,00:00:02/1-13:23:20,366) [jbd2/vda1-8]
(root,0,0,00:00:00/1-13:23:20,367) [ext4-rsv-conver]
(root,38604,7616,00:00:01/1-13:23:08,440) /usr/lib/systemd/systemd-journald
(root,53296,9868,00:00:00/1-13:23:07,454) /usr/lib/systemd/systemd-udevd
(root,8624,6244,00:00:02/1-13:23:05,492) /usr/sbin/haveged -w 1024 -v 0 -F
(root,13476,1652,00:00:00/1-13:22:34,511) /sbin/auditd
(messagebus,22932,5912,00:00:02/1-13:22:33,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
(root,38748,8332,00:00:01/1-13:22:33,530) /usr/lib/systemd/systemd-logind
(root,20556,6064,00:00:00/1-13:22:33,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground
(root,31704,17460,00:00:03/1-13:22:31,611) /usr/sbin/wickedd --systemd --foreground
(root,31900,18024,00:00:00/1-13:22:31,616) /usr/sbin/wickedd-nanny --systemd --foreground
(root,547336,22256,00:00:01/1-13:22:17,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd
(root,37016,26736,00:00:00/1-13:22:17,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion
(root,21172,4536,00:00:10/1-13:22:17,1337) /usr/sbin/xinetd -stayalive -dontfork
(root,2984,1856,00:00:00/1-13:22:17,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux
(syslogtunnel,40564,10520,00:00:00/1-13:22:17,1341) /usr/lib/systemd/systemd --user
(cm-ssh,40560,10652,00:00:00/1-13:22:17,1342) /usr/lib/systemd/systemd --user
(checkmk,40568,10560,00:00:00/1-13:22:17,1343) /usr/lib/systemd/systemd --user
(root,448964,8096,00:00:02/1-13:22:17,1345) /usr/sbin/rsyslogd -n -iNONE
(ntp,20660,6344,00:00:12/1-13:22:17,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf
(root,2516,656,00:00:00/1-13:22:17,1352) bpfilter_umh
(root,26204,8212,00:00:00/1-13:22:17,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups
(ntp,22048,4372,00:00:00/1-13:22:17,1359) ntpd: asynchronous dns resolver
(spot,204620,167836,02:01:39/1-13:22:16,1368) /usr/bin/python3.11 /usr/bin/spot
(syslogtunnel,48528,3192,00:00:00/1-13:22:16,1371) (sd-pam)
(checkmk,48528,3192,00:00:00/1-13:22:16,1372) (sd-pam)
(cm-ssh,48528,3192,00:00:00/1-13:22:16,1373) (sd-pam)
(root,24216,5268,00:00:00/1-13:22:14,1468) /usr/lib/postfix/bin//master -w
(postfix,24292,8244,00:00:00/1-13:22:14,1470) qmgr -l -t fifo -u
(root,8964,2656,00:00:00/1-13:22:14,1485) /usr/sbin/cron -n
(root,35304,10076,00:00:00/1-13:22:11,1516) sshd: syslogtunnel [priv]
(syslogtunnel,35304,5504,00:00:05/1-13:22:10,1527) sshd: syslogtunnel
(root,615564,67636,00:02:07/1-13:22:08,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion
(root,0,0,00:00:00/01:16:37,1585) [kworker/u8:0-writeback]
(spot,206272,41348,00:00:51/1-13:21:56,1995) /usr/bin/python3.11 /usr/bin/spot
(root,0,0,00:00:00/06:23,2553) [kworker/3:0-ata_sff]
(root,35308,10108,00:00:00/1-13:21:31,3216) sshd: cm-ssh [priv]
(cm-ssh,35308,5492,00:00:04/1-13:21:31,3218) sshd: cm-ssh
(postfix,24244,8204,00:00:00/41:49,5964) pickup -l -t fifo -u
(root,0,0,00:00:01/01:34:35,10989) [kworker/3:2-events]
(root,0,0,00:00:00/59:30,11820) [kworker/2:2-events]
(root,0,0,00:00:00/01:32:49,17596) [kworker/0:0-events]
(root,0,0,00:00:00/26:30,22620) [kworker/1:0]
(root,0,0,00:00:00/02:32:06,22963) [kworker/u8:1-ext4-rsv-conversion]
(root,0,0,00:00:00/01:12,23475) [kworker/3:1-ata_sff]
(root,0,0,00:00:07/07:22:49,25188) [kworker/1:2-events]
(root,0,0,00:00:00/15:33,27435) [kworker/2:0-events]
(root,6656,3484,00:00:00/00:00,29466) /bin/bash /usr/bin/check_mk_agent
(root,13744,3528,00:00:00/00:00,29484) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000
(root,11644,964,00:00:00/00:00,29485) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) /
(root,0,0,00:00:01/04:39:18,31079) [kworker/0:1-events]

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff
    altname enp0s18
    altname ens18
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff
    altname enp0s19
    altname ens19
[end_iplink]
      Found on 2024-09-12 00:12

    • Severity: high
      Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363183400e4

      Found public CheckMk agent:
Version: 1.5.0p25
AgentOS: linux
Hostname: sarpedon
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
OnlyFrom: 

Found process list through CheckMk:
(root,41988,12392,00:00:02/06:24:11,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29
(root,0,0,00:00:00/06:24:11,2) [kthreadd]
(root,0,0,00:00:00/06:24:11,3) [rcu_gp]
(root,0,0,00:00:00/06:24:11,4) [rcu_par_gp]
(root,0,0,00:00:00/06:24:11,5) [slub_flushwq]
(root,0,0,00:00:00/06:24:11,7) [kworker/0:0H-events_highpri]
(root,0,0,00:00:00/06:24:11,9) [mm_percpu_wq]
(root,0,0,00:00:00/06:24:11,10) [rcu_tasks_kthre]
(root,0,0,00:00:00/06:24:11,11) [rcu_tasks_rude_]
(root,0,0,00:00:00/06:24:11,12) [rcu_tasks_trace]
(root,0,0,00:00:00/06:24:11,13) [ksoftirqd/0]
(root,0,0,00:00:46/06:24:11,14) [rcu_preempt]
(root,0,0,00:00:00/06:24:11,15) [migration/0]
(root,0,0,00:00:00/06:24:11,16) [idle_inject/0]
(root,0,0,00:00:00/06:24:11,18) [cpuhp/0]
(root,0,0,00:00:00/06:24:11,19) [cpuhp/1]
(root,0,0,00:00:00/06:24:11,20) [idle_inject/1]
(root,0,0,00:00:00/06:24:11,21) [migration/1]
(root,0,0,00:00:00/06:24:11,22) [ksoftirqd/1]
(root,0,0,00:00:00/06:24:11,24) [kworker/1:0H-events_highpri]
(root,0,0,00:00:00/06:24:11,25) [cpuhp/2]
(root,0,0,00:00:00/06:24:11,26) [idle_inject/2]
(root,0,0,00:00:00/06:24:11,27) [migration/2]
(root,0,0,00:00:26/06:24:11,28) [ksoftirqd/2]
(root,0,0,00:00:00/06:24:11,30) [kworker/2:0H-events_highpri]
(root,0,0,00:00:00/06:24:11,31) [cpuhp/3]
(root,0,0,00:00:00/06:24:11,32) [idle_inject/3]
(root,0,0,00:00:00/06:24:11,33) [migration/3]
(root,0,0,00:00:01/06:24:11,34) [ksoftirqd/3]
(root,0,0,00:00:00/06:24:11,36) [kworker/3:0H-events_highpri]
(root,0,0,00:00:00/06:24:11,40) [kdevtmpfs]
(root,0,0,00:00:00/06:24:11,41) [netns]
(root,0,0,00:00:00/06:24:11,42) [inet_frag_wq]
(root,0,0,00:00:00/06:24:11,43) [kauditd]
(root,0,0,00:00:00/06:24:11,44) [khungtaskd]
(root,0,0,00:00:00/06:24:11,45) [oom_reaper]
(root,0,0,00:00:00/06:24:11,46) [writeback]
(root,0,0,00:00:00/06:24:11,47) [kcompactd0]
(root,0,0,00:00:00/06:24:11,48) [ksmd]
(root,0,0,00:00:00/06:24:11,49) [khugepaged]
(root,0,0,00:00:00/06:24:11,75) [kintegrityd]
(root,0,0,00:00:00/06:24:11,76) [kblockd]
(root,0,0,00:00:00/06:24:11,77) [blkcg_punt_bio]
(root,0,0,00:00:00/06:24:11,79) [tpm_dev_wq]
(root,0,0,00:00:00/06:24:11,80) [edac-poller]
(root,0,0,00:00:00/06:24:11,81) [devfreq_wq]
(root,0,0,00:00:00/06:24:11,110) [watchdogd]
(root,0,0,00:00:00/06:24:11,111) [kswapd0]
(root,0,0,00:00:00/06:24:11,113) [kworker/2:1H-kblockd]
(root,0,0,00:00:00/06:24:09,115) [kthrotld]
(root,0,0,00:00:00/06:24:09,116) [mld]
(root,0,0,00:00:00/06:24:09,117) [ipv6_addrconf]
(root,0,0,00:00:00/06:24:09,118) [kworker/0:1H-kblockd]
(root,0,0,00:00:00/06:24:09,123) [kstrp]
(root,0,0,00:00:00/06:24:09,124) [zswap-shrink]
(root,0,0,00:00:00/06:24:09,125) [kworker/u9:0]
(root,0,0,00:00:00/06:24:09,130) [charger_manager]
(root,0,0,00:00:00/06:24:09,172) [kworker/1:1H-kblockd]
(root,0,0,00:00:00/06:24:09,177) [kworker/3:1H-kblockd]
(root,0,0,00:00:00/06:24:08,239) [kaluad]
(root,0,0,00:00:00/06:24:08,258) [kmpath_rdacd]
(root,0,0,00:00:00/06:24:08,304) [kmpathd]
(root,0,0,00:00:00/06:24:08,305) [kmpath_handlerd]
(root,0,0,00:00:00/06:24:07,342) [ata_sff]
(root,0,0,00:00:00/06:24:07,343) [scsi_eh_0]
(root,0,0,00:00:00/06:24:07,344) [scsi_tmf_0]
(root,0,0,00:00:00/06:24:07,345) [scsi_eh_1]
(root,0,0,00:00:00/06:24:07,346) [scsi_tmf_1]
(root,0,0,00:00:00/06:24:04,366) [jbd2/vda1-8]
(root,0,0,00:00:00/06:24:04,367) [ext4-rsv-conver]
(root,38604,7616,00:00:00/06:23:52,440) /usr/lib/systemd/systemd-journald
(root,53296,9868,00:00:00/06:23:51,454) /usr/lib/systemd/systemd-udevd
(root,8624,6244,00:00:00/06:23:49,492) /usr/sbin/haveged -w 1024 -v 0 -F
(root,13476,1652,00:00:00/06:23:18,511) /sbin/auditd
(messagebus,22932,5904,00:00:00/06:23:17,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
(root,38748,8292,00:00:00/06:23:17,530) /usr/lib/systemd/systemd-logind
(root,20556,6064,00:00:00/06:23:17,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground
(root,31704,17460,00:00:03/06:23:15,611) /usr/sbin/wickedd --systemd --foreground
(root,31900,18024,00:00:00/06:23:15,616) /usr/sbin/wickedd-nanny --systemd --foreground
(root,547336,21996,00:00:00/06:23:01,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd
(root,37016,26736,00:00:00/06:23:01,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion
(root,21172,4536,00:00:00/06:23:01,1337) /usr/sbin/xinetd -stayalive -dontfork
(root,2984,1856,00:00:00/06:23:01,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux
(syslogtunnel,40564,10520,00:00:00/06:23:01,1341) /usr/lib/systemd/systemd --user
(cm-ssh,40560,10652,00:00:00/06:23:01,1342) /usr/lib/systemd/systemd --user
(checkmk,40568,10560,00:00:00/06:23:01,1343) /usr/lib/systemd/systemd --user
(root,448724,7512,00:00:01/06:23:01,1345) /usr/sbin/rsyslogd -n -iNONE
(ntp,20660,6344,00:00:02/06:23:01,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf
(root,2516,656,00:00:00/06:23:01,1352) bpfilter_umh
(root,26204,8212,00:00:00/06:23:01,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups
(ntp,22048,4372,00:00:00/06:23:01,1359) ntpd: asynchronous dns resolver
(spot,182764,145596,00:36:54/06:23:00,1368) /usr/bin/python3.11 /usr/bin/spot
(syslogtunnel,48528,3192,00:00:00/06:23:00,1371) (sd-pam)
(checkmk,48528,3192,00:00:00/06:23:00,1372) (sd-pam)
(cm-ssh,48528,3192,00:00:00/06:23:00,1373) (sd-pam)
(root,24216,5268,00:00:00/06:22:58,1468) /usr/lib/postfix/bin//master -w
(postfix,24292,8244,00:00:00/06:22:58,1470) qmgr -l -t fifo -u
(root,8964,2656,00:00:00/06:22:58,1485) /usr/sbin/cron -n
(root,35304,10076,00:00:00/06:22:55,1516) sshd: syslogtunnel [priv]
(syslogtunnel,35304,5504,00:00:01/06:22:54,1527) sshd: syslogtunnel
(root,615308,67448,00:00:25/06:22:52,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion
(spot,206272,41040,00:00:17/06:22:40,1995) /usr/bin/python3.11 /usr/bin/spot
(root,35308,10108,00:00:00/06:22:15,3216) sshd: cm-ssh [priv]
(cm-ssh,35308,5492,00:00:00/06:22:15,3218) sshd: cm-ssh
(root,0,0,00:00:00/01:45:00,5399) [kworker/2:0-events]
(root,0,0,00:00:00/01:34:03,8314) [kworker/u8:2-ext4-rsv-conversion]
(postfix,24244,8136,00:00:00/01:23:46,10784) pickup -l -t fifo -u
(root,0,0,00:00:00/01:05:12,14053) [kworker/1:1-cgroup_destroy]
(root,0,0,00:00:00/54:35,16543) [kworker/u8:0-writeback]
(root,0,0,00:00:00/54:35,16544) [kworker/1:0-events]
(root,0,0,00:00:00/33:25,21024) [kworker/0:2]
(root,0,0,00:00:00/22:57,24335) [kworker/2:2-events]
(root,0,0,00:00:00/14:55,26151) [kworker/3:1-events]
(root,0,0,00:00:00/09:42,27855) [kworker/3:0-ata_sff]
(root,0,0,00:00:00/04:32,29763) [kworker/3:2-ata_sff]
(root,0,0,00:00:00/01:57,30040) [kworker/1:2]
(root,6656,3492,00:00:00/00:00,30225) /bin/bash /usr/bin/check_mk_agent
(root,13744,3356,00:00:00/00:00,30243) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000
(root,11644,964,00:00:00/00:00,30244) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) /
(root,0,0,00:00:00/02:15:52,30613) [kworker/0:1-events]

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff
    altname enp0s18
    altname ens18
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff
    altname enp0s19
    altname ens19
[end_iplink]
      Found on 2024-09-10 17:12
    Create report
Domain summary
No record

© 2024 LeakIX
About LeakIX - Credits - Take-down and blacklist requests - Security issues - Terms and conditions - Cookie policy - Legal notice