Host 195.37.245.210
Germany
Verein zur Foerderung eines Deutschen Forschungsnetzes e.V.
-
CheckMK monitoring endpoint publicly available
An open CheckMK agent is publicly available.
This could leak sensitive information such as :
- Process list ( maybe credentials )
- Network interfaces
- Running services
- Firewall rules
- Internal OS configuration
https://docs.checkmk.com/latest/en/wato_monitoringagents.html
First seen 2024-09-09 18:26
Last seen 2024-12-22 00:59
Open for 103 days-
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe5683633d32e6e8Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189460,12584,00:01:36/39-14:37:28,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:01/39-14:37:28,2) [kthreadd] (root,0,0,00:00:00/39-14:37:28,3) [rcu_gp] (root,0,0,00:00:00/39-14:37:28,4) [rcu_par_gp] (root,0,0,00:00:00/39-14:37:28,5) [slub_flushwq] (root,0,0,00:00:00/39-14:37:28,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/39-14:37:28,9) [mm_percpu_wq] (root,0,0,00:00:00/39-14:37:28,10) [rcu_tasks_kthre] (root,0,0,00:00:00/39-14:37:28,11) [rcu_tasks_rude_] (root,0,0,00:00:00/39-14:37:28,12) [rcu_tasks_trace] (root,0,0,00:01:15/39-14:37:28,13) [ksoftirqd/0] (root,0,0,01:45:18/39-14:37:28,14) [rcu_preempt] (root,0,0,00:00:15/39-14:37:28,15) [migration/0] (root,0,0,00:00:00/39-14:37:28,16) [idle_inject/0] (root,0,0,00:00:00/39-14:37:28,18) [cpuhp/0] (root,0,0,00:00:00/39-14:37:28,19) [cpuhp/1] (root,0,0,00:00:00/39-14:37:28,20) [idle_inject/1] (root,0,0,00:00:15/39-14:37:28,21) [migration/1] (root,0,0,00:01:05/39-14:37:28,22) [ksoftirqd/1] (root,0,0,00:00:00/39-14:37:28,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/39-14:37:28,25) [cpuhp/2] (root,0,0,00:00:00/39-14:37:28,26) [idle_inject/2] (root,0,0,00:00:12/39-14:37:28,27) [migration/2] (root,0,0,01:14:06/39-14:37:28,28) [ksoftirqd/2] (root,0,0,00:00:00/39-14:37:28,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/39-14:37:28,31) [cpuhp/3] (root,0,0,00:00:00/39-14:37:28,32) [idle_inject/3] (root,0,0,00:00:14/39-14:37:28,33) [migration/3] (root,0,0,00:03:31/39-14:37:28,34) [ksoftirqd/3] (root,0,0,00:00:00/39-14:37:28,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/39-14:37:28,39) [kdevtmpfs] (root,0,0,00:00:00/39-14:37:28,40) [netns] (root,0,0,00:00:00/39-14:37:28,41) [inet_frag_wq] (root,0,0,00:00:09/39-14:37:28,42) [kauditd] (root,0,0,00:00:00/39-14:37:28,43) [khungtaskd] (root,0,0,00:00:00/39-14:37:28,44) [oom_reaper] (root,0,0,00:00:00/39-14:37:28,45) [writeback] (root,0,0,00:01:56/39-14:37:28,46) [kcompactd0] (root,0,0,00:00:00/39-14:37:28,47) [ksmd] (root,0,0,00:01:57/39-14:37:28,48) [khugepaged] (root,0,0,00:00:00/39-14:37:28,74) [kintegrityd] (root,0,0,00:00:00/39-14:37:28,75) [kblockd] (root,0,0,00:00:00/39-14:37:28,76) [blkcg_punt_bio] (root,0,0,00:00:00/39-14:37:28,78) [tpm_dev_wq] (root,0,0,00:00:00/39-14:37:28,79) [edac-poller] (root,0,0,00:00:00/39-14:37:28,80) [devfreq_wq] (root,0,0,00:00:00/39-14:37:28,110) [watchdogd] (root,0,0,00:00:08/39-14:37:28,111) [kworker/2:1H-kblockd] (root,0,0,00:00:02/39-14:37:28,112) [kswapd0] (root,0,0,00:00:00/39-14:37:27,114) [kthrotld] (root,0,0,00:00:00/39-14:37:27,115) [mld] (root,0,0,00:00:00/39-14:37:27,116) [ipv6_addrconf] (root,0,0,00:00:17/39-14:37:27,117) [kworker/1:1H-kblockd] (root,0,0,00:00:00/39-14:37:27,122) [kstrp] (root,0,0,00:00:00/39-14:37:27,123) [zswap-shrink] (root,0,0,00:00:00/39-14:37:27,124) [kworker/u9:0] (root,0,0,00:00:00/39-14:37:27,129) [charger_manager] (root,0,0,00:00:08/39-14:37:26,172) [kworker/3:1H-kblockd] (root,0,0,00:00:09/39-14:37:26,175) [kworker/0:1H-kblockd] (root,0,0,00:00:00/39-14:37:26,205) [kaluad] (root,0,0,00:00:00/39-14:37:26,250) [kmpath_rdacd] (root,0,0,00:00:00/39-14:37:26,293) [kmpathd] (root,0,0,00:00:00/39-14:37:26,294) [kmpath_handlerd] (root,0,0,00:00:00/39-14:37:26,342) [ata_sff] (root,0,0,00:00:00/39-14:37:25,343) [scsi_eh_0] (root,0,0,00:00:00/39-14:37:25,344) [scsi_tmf_0] (root,0,0,00:00:00/39-14:37:25,345) [scsi_eh_1] (root,0,0,00:00:00/39-14:37:25,346) [scsi_tmf_1] (root,0,0,00:01:05/39-14:37:23,366) [jbd2/vda1-8] (root,0,0,00:00:00/39-14:37:23,367) [ext4-rsv-conver] (root,38604,7788,00:00:54/39-14:37:11,440) /usr/lib/systemd/systemd-journald (root,53164,9480,00:00:04/39-14:37:10,456) /usr/lib/systemd/systemd-udevd (root,8624,6716,00:00:59/39-14:37:08,491) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1628,00:00:19/39-14:36:34,512) /sbin/auditd (messagebus,22936,5548,00:01:45/39-14:36:34,518) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8524,00:01:01/39-14:36:34,531) /usr/lib/systemd/systemd-logind (root,20556,5000,00:00:00/39-14:36:34,541) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31876,16108,00:00:03/39-14:36:33,626) /usr/sbin/wickedd --systemd --foreground (root,31896,16848,00:00:00/39-14:36:33,627) /usr/sbin/wickedd-nanny --systemd --foreground (root,548616,32972,00:00:44/39-14:36:19,1172) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26404,00:00:00/39-14:36:19,1185) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4576,00:03:45/39-14:36:18,1194) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1744,00:00:00/39-14:36:18,1197) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40568,10524,00:00:00/39-14:36:18,1199) /usr/lib/systemd/systemd --user (cm-ssh,40568,10520,00:00:00/39-14:36:18,1200) /usr/lib/systemd/systemd --user (checkmk,40560,10484,00:00:00/39-14:36:18,1201) /usr/lib/systemd/systemd --user (root,448968,8396,00:00:50/39-14:36:18,1202) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6052,00:05:23/39-14:36:18,1204) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,672,00:00:00/39-14:36:18,1206) bpfilter_umh (root,26204,8212,00:00:16/39-14:36:18,1214) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4188,00:00:00/39-14:36:18,1215) ntpd: asynchronous dns resolver (spot,299344,183060,2-02:58:46/39-14:36:18,1221) /usr/bin/python3.11 /usr/bin/spot (cm-ssh,48532,3192,00:00:00/39-14:36:17,1228) (sd-pam) (checkmk,48532,3192,00:00:00/39-14:36:17,1229) (sd-pam) (syslogtunnel,48532,3192,00:00:00/39-14:36:17,1245) (sd-pam) (root,24216,5344,00:00:13/39-14:36:16,1325) /usr/lib/postfix/bin//master -w (postfix,24292,8260,00:00:02/39-14:36:16,1327) qmgr -l -t fifo -u (root,8964,2668,00:00:05/39-14:36:15,1354) /usr/sbin/cron -n (root,698484,82656,00:51:44/39-14:36:09,1375) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,225728,66924,00:17:03/39-14:35:55,1380) /usr/bin/python3.11 /usr/bin/spot (root,0,0,00:00:01/02:00:17,2674) [kworker/0:2-events] (root,0,0,00:00:00/40:58,5528) [kworker/1:2-events] (root,0,0,00:00:00/06:45,7221) [kworker/3:0-events] (root,0,0,00:00:00/01:34:33,9266) [kworker/u8:0-flush-253:0] (root,6656,3484,00:00:00/00:00,10480) /bin/bash /usr/bin/check_mk_agent (root,13744,3500,00:00:00/00:00,10498) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,10499) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:00/02:46,10883) [kworker/0:1] (root,0,0,00:00:00/25:46,12385) [kworker/0:0-cgroup_destroy] (postfix,24244,8292,00:00:00/04:47,13685) pickup -l -t fifo -u (root,0,0,00:00:00/02:08:19,15256) [kworker/u8:2-ext4-rsv-conversion] (root,35308,10012,00:00:00/33-12:27:11,15389) sshd: cm-ssh [priv] (cm-ssh,35308,5508,00:01:51/33-12:27:10,15391) sshd: cm-ssh (root,0,0,00:00:00/04:39,15706) [kworker/1:1-ata_sff] (root,35308,10072,00:00:00/23-13:55:49,16975) sshd: syslogtunnel [priv] (syslogtunnel,35308,5588,00:01:22/23-13:55:48,16977) sshd: syslogtunnel (root,0,0,00:00:00/45:47,19043) [kworker/3:2-cgroup_destroy] (root,0,0,00:00:00/13:09,24965) [kworker/2:0-events] (root,0,0,00:00:00/21:40,29419) [kworker/2:2-cgroup_destroy] (postfix,44628,9272,00:00:01/33-19:12:56,30472) tlsmgr -l -t unix -u (root,0,0,00:00:00/09:52,31013) [kworker/1:0-ata_sff] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-12-22 00:59 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363fc8602f1Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189460,12576,00:01:26/37-14:12:33,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:01/37-14:12:33,2) [kthreadd] (root,0,0,00:00:00/37-14:12:33,3) [rcu_gp] (root,0,0,00:00:00/37-14:12:33,4) [rcu_par_gp] (root,0,0,00:00:00/37-14:12:33,5) [slub_flushwq] (root,0,0,00:00:00/37-14:12:33,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/37-14:12:33,9) [mm_percpu_wq] (root,0,0,00:00:00/37-14:12:33,10) [rcu_tasks_kthre] (root,0,0,00:00:00/37-14:12:33,11) [rcu_tasks_rude_] (root,0,0,00:00:00/37-14:12:33,12) [rcu_tasks_trace] (root,0,0,00:01:09/37-14:12:33,13) [ksoftirqd/0] (root,0,0,01:39:43/37-14:12:33,14) [rcu_preempt] (root,0,0,00:00:14/37-14:12:33,15) [migration/0] (root,0,0,00:00:00/37-14:12:33,16) [idle_inject/0] (root,0,0,00:00:00/37-14:12:33,18) [cpuhp/0] (root,0,0,00:00:00/37-14:12:33,19) [cpuhp/1] (root,0,0,00:00:00/37-14:12:33,20) [idle_inject/1] (root,0,0,00:00:14/37-14:12:33,21) [migration/1] (root,0,0,00:01:01/37-14:12:33,22) [ksoftirqd/1] (root,0,0,00:00:00/37-14:12:33,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/37-14:12:33,25) [cpuhp/2] (root,0,0,00:00:00/37-14:12:33,26) [idle_inject/2] (root,0,0,00:00:11/37-14:12:33,27) [migration/2] (root,0,0,01:10:41/37-14:12:33,28) [ksoftirqd/2] (root,0,0,00:00:00/37-14:12:33,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/37-14:12:33,31) [cpuhp/3] (root,0,0,00:00:00/37-14:12:33,32) [idle_inject/3] (root,0,0,00:00:14/37-14:12:33,33) [migration/3] (root,0,0,00:03:20/37-14:12:33,34) [ksoftirqd/3] (root,0,0,00:00:00/37-14:12:33,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/37-14:12:33,39) [kdevtmpfs] (root,0,0,00:00:00/37-14:12:33,40) [netns] (root,0,0,00:00:00/37-14:12:33,41) [inet_frag_wq] (root,0,0,00:00:08/37-14:12:33,42) [kauditd] (root,0,0,00:00:00/37-14:12:33,43) [khungtaskd] (root,0,0,00:00:00/37-14:12:33,44) [oom_reaper] (root,0,0,00:00:00/37-14:12:33,45) [writeback] (root,0,0,00:01:50/37-14:12:33,46) [kcompactd0] (root,0,0,00:00:00/37-14:12:33,47) [ksmd] (root,0,0,00:01:50/37-14:12:33,48) [khugepaged] (root,0,0,00:00:00/37-14:12:33,74) [kintegrityd] (root,0,0,00:00:00/37-14:12:33,75) [kblockd] (root,0,0,00:00:00/37-14:12:33,76) [blkcg_punt_bio] (root,0,0,00:00:00/37-14:12:33,78) [tpm_dev_wq] (root,0,0,00:00:00/37-14:12:33,79) [edac-poller] (root,0,0,00:00:00/37-14:12:33,80) [devfreq_wq] (root,0,0,00:00:00/37-14:12:33,110) [watchdogd] (root,0,0,00:00:07/37-14:12:33,111) [kworker/2:1H-kblockd] (root,0,0,00:00:02/37-14:12:33,112) [kswapd0] (root,0,0,00:00:00/37-14:12:32,114) [kthrotld] (root,0,0,00:00:00/37-14:12:32,115) [mld] (root,0,0,00:00:00/37-14:12:32,116) [ipv6_addrconf] (root,0,0,00:00:16/37-14:12:32,117) [kworker/1:1H-kblockd] (root,0,0,00:00:00/37-14:12:32,122) [kstrp] (root,0,0,00:00:00/37-14:12:32,123) [zswap-shrink] (root,0,0,00:00:00/37-14:12:32,124) [kworker/u9:0] (root,0,0,00:00:00/37-14:12:32,129) [charger_manager] (root,0,0,00:00:08/37-14:12:31,172) [kworker/3:1H-kblockd] (root,0,0,00:00:08/37-14:12:31,175) [kworker/0:1H-kblockd] (root,0,0,00:00:00/37-14:12:31,205) [kaluad] (root,0,0,00:00:00/37-14:12:31,250) [kmpath_rdacd] (root,0,0,00:00:00/37-14:12:31,293) [kmpathd] (root,0,0,00:00:00/37-14:12:31,294) [kmpath_handlerd] (root,0,0,00:00:00/37-14:12:31,342) [ata_sff] (root,0,0,00:00:00/37-14:12:30,343) [scsi_eh_0] (root,0,0,00:00:00/37-14:12:30,344) [scsi_tmf_0] (root,0,0,00:00:00/37-14:12:30,345) [scsi_eh_1] (root,0,0,00:00:00/37-14:12:30,346) [scsi_tmf_1] (root,0,0,00:01:01/37-14:12:28,366) [jbd2/vda1-8] (root,0,0,00:00:00/37-14:12:28,367) [ext4-rsv-conver] (root,38604,7788,00:00:48/37-14:12:16,440) /usr/lib/systemd/systemd-journald (root,53164,9480,00:00:04/37-14:12:15,456) /usr/lib/systemd/systemd-udevd (root,8624,6716,00:00:56/37-14:12:13,491) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1628,00:00:17/37-14:11:39,512) /sbin/auditd (messagebus,22936,5548,00:01:32/37-14:11:39,518) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8524,00:00:54/37-14:11:39,531) /usr/lib/systemd/systemd-logind (root,20556,5000,00:00:00/37-14:11:39,541) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31876,16108,00:00:03/37-14:11:38,626) /usr/sbin/wickedd --systemd --foreground (root,31896,16848,00:00:00/37-14:11:38,627) /usr/sbin/wickedd-nanny --systemd --foreground (root,548616,32972,00:00:42/37-14:11:24,1172) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26404,00:00:00/37-14:11:24,1185) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4576,00:03:32/37-14:11:23,1194) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1744,00:00:00/37-14:11:23,1197) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40568,10524,00:00:00/37-14:11:23,1199) /usr/lib/systemd/systemd --user (cm-ssh,40568,10520,00:00:00/37-14:11:23,1200) /usr/lib/systemd/systemd --user (checkmk,40560,10484,00:00:00/37-14:11:23,1201) /usr/lib/systemd/systemd --user (root,448968,8396,00:00:46/37-14:11:23,1202) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6052,00:05:06/37-14:11:23,1204) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,672,00:00:00/37-14:11:23,1206) bpfilter_umh (root,26204,8212,00:00:14/37-14:11:23,1214) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4188,00:00:00/37-14:11:23,1215) ntpd: asynchronous dns resolver (spot,296512,182172,1-23:14:28/37-14:11:23,1221) /usr/bin/python3.11 /usr/bin/spot (cm-ssh,48532,3192,00:00:00/37-14:11:22,1228) (sd-pam) (checkmk,48532,3192,00:00:00/37-14:11:22,1229) (sd-pam) (syslogtunnel,48532,3192,00:00:00/37-14:11:22,1245) (sd-pam) (root,24216,5344,00:00:12/37-14:11:21,1325) /usr/lib/postfix/bin//master -w (postfix,24292,8260,00:00:02/37-14:11:21,1327) qmgr -l -t fifo -u (root,8964,2668,00:00:05/37-14:11:20,1354) /usr/sbin/cron -n (root,698484,82412,00:49:06/37-14:11:14,1375) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,224704,66044,00:16:09/37-14:11:00,1380) /usr/bin/python3.11 /usr/bin/spot (root,0,0,00:00:00/12:09,2838) [kworker/3:1-events] (postfix,24244,8276,00:00:00/01:50,2990) pickup -l -t fifo -u (root,0,0,00:00:00/01:50,2994) [kworker/3:0-events] (root,0,0,00:00:00/00:49,4338) [kworker/1:2-ata_sff] (root,0,0,00:00:00/11:34,4583) [kworker/u8:1-ext4-rsv-conversion] (root,6656,3512,00:00:00/00:00,7590) /bin/bash /usr/bin/check_mk_agent (root,6656,3484,00:00:00/00:00,7710) /bin/bash /usr/bin/check_mk_agent (root,6656,1844,00:00:00/00:00,7722) /bin/bash /usr/bin/check_mk_agent (root,25444,8892,00:00:00/00:00,7725) postconf -c /etc/postfix (root,5280,804,00:00:00/00:00,7726) grep ^multi_instance_directories (root,11644,964,00:00:00/00:00,7727) sed s/.*=[[:space:]]*//g (root,13744,3416,00:00:00/00:00,7735) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,7736) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:00/10:03,10180) [kworker/2:2-events] (root,35308,10012,00:00:00/31-12:02:16,15389) sshd: cm-ssh [priv] (cm-ssh,35308,5508,00:01:44/31-12:02:15,15391) sshd: cm-ssh (root,0,0,00:00:00/19:15,16397) [kworker/u8:0-ext4-rsv-conversion] (root,35308,10072,00:00:00/21-13:30:54,16975) sshd: syslogtunnel [priv] (syslogtunnel,35308,5588,00:01:14/21-13:30:53,16977) sshd: syslogtunnel (root,0,0,00:00:00/01:54:35,17446) [kworker/0:2-events] (root,0,0,00:00:00/18:16,18386) [kworker/3:2-cgroup_destroy] (root,0,0,00:00:00/01:03:05,21022) [kworker/1:1-events] (root,0,0,00:00:00/06:00,21821) [kworker/1:0-ata_sff] (root,0,0,00:00:00/28:29,26953) [kworker/0:1-cgroup_destroy] (root,0,0,00:00:00/04:14,27235) [kworker/u8:2-writeback] (postfix,44628,9272,00:00:01/31-18:48:01,30472) tlsmgr -l -t unix -u (root,0,0,00:00:02/01:58:35,32596) [kworker/2:1-events] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-12-20 00:34 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe5683634adddce5Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189460,12576,00:01:22/35-15:25:01,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/35-15:25:01,2) [kthreadd] (root,0,0,00:00:00/35-15:25:01,3) [rcu_gp] (root,0,0,00:00:00/35-15:25:01,4) [rcu_par_gp] (root,0,0,00:00:00/35-15:25:01,5) [slub_flushwq] (root,0,0,00:00:00/35-15:25:01,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/35-15:25:01,9) [mm_percpu_wq] (root,0,0,00:00:00/35-15:25:01,10) [rcu_tasks_kthre] (root,0,0,00:00:00/35-15:25:01,11) [rcu_tasks_rude_] (root,0,0,00:00:00/35-15:25:01,12) [rcu_tasks_trace] (root,0,0,00:01:05/35-15:25:01,13) [ksoftirqd/0] (root,0,0,01:34:30/35-15:25:01,14) [rcu_preempt] (root,0,0,00:00:13/35-15:25:01,15) [migration/0] (root,0,0,00:00:00/35-15:25:01,16) [idle_inject/0] (root,0,0,00:00:00/35-15:25:01,18) [cpuhp/0] (root,0,0,00:00:00/35-15:25:01,19) [cpuhp/1] (root,0,0,00:00:00/35-15:25:01,20) [idle_inject/1] (root,0,0,00:00:14/35-15:25:01,21) [migration/1] (root,0,0,00:00:57/35-15:25:01,22) [ksoftirqd/1] (root,0,0,00:00:00/35-15:25:01,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/35-15:25:01,25) [cpuhp/2] (root,0,0,00:00:00/35-15:25:01,26) [idle_inject/2] (root,0,0,00:00:11/35-15:25:01,27) [migration/2] (root,0,0,01:07:42/35-15:25:01,28) [ksoftirqd/2] (root,0,0,00:00:00/35-15:25:01,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/35-15:25:01,31) [cpuhp/3] (root,0,0,00:00:00/35-15:25:01,32) [idle_inject/3] (root,0,0,00:00:13/35-15:25:01,33) [migration/3] (root,0,0,00:03:11/35-15:25:01,34) [ksoftirqd/3] (root,0,0,00:00:00/35-15:25:01,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/35-15:25:01,39) [kdevtmpfs] (root,0,0,00:00:00/35-15:25:01,40) [netns] (root,0,0,00:00:00/35-15:25:01,41) [inet_frag_wq] (root,0,0,00:00:07/35-15:25:01,42) [kauditd] (root,0,0,00:00:00/35-15:25:01,43) [khungtaskd] (root,0,0,00:00:00/35-15:25:01,44) [oom_reaper] (root,0,0,00:00:00/35-15:25:01,45) [writeback] (root,0,0,00:01:45/35-15:25:01,46) [kcompactd0] (root,0,0,00:00:00/35-15:25:01,47) [ksmd] (root,0,0,00:01:43/35-15:25:01,48) [khugepaged] (root,0,0,00:00:00/35-15:25:01,74) [kintegrityd] (root,0,0,00:00:00/35-15:25:01,75) [kblockd] (root,0,0,00:00:00/35-15:25:01,76) [blkcg_punt_bio] (root,0,0,00:00:00/35-15:25:01,78) [tpm_dev_wq] (root,0,0,00:00:00/35-15:25:01,79) [edac-poller] (root,0,0,00:00:00/35-15:25:01,80) [devfreq_wq] (root,0,0,00:00:00/35-15:25:01,110) [watchdogd] (root,0,0,00:00:07/35-15:25:01,111) [kworker/2:1H-kblockd] (root,0,0,00:00:02/35-15:25:01,112) [kswapd0] (root,0,0,00:00:00/35-15:25:00,114) [kthrotld] (root,0,0,00:00:00/35-15:25:00,115) [mld] (root,0,0,00:00:00/35-15:25:00,116) [ipv6_addrconf] (root,0,0,00:00:15/35-15:25:00,117) [kworker/1:1H-kblockd] (root,0,0,00:00:00/35-15:25:00,122) [kstrp] (root,0,0,00:00:00/35-15:25:00,123) [zswap-shrink] (root,0,0,00:00:00/35-15:25:00,124) [kworker/u9:0] (root,0,0,00:00:00/35-15:25:00,129) [charger_manager] (root,0,0,00:00:07/35-15:24:59,172) [kworker/3:1H-kblockd] (root,0,0,00:00:08/35-15:24:59,175) [kworker/0:1H-kblockd] (root,0,0,00:00:00/35-15:24:59,205) [kaluad] (root,0,0,00:00:00/35-15:24:59,250) [kmpath_rdacd] (root,0,0,00:00:00/35-15:24:59,293) [kmpathd] (root,0,0,00:00:00/35-15:24:59,294) [kmpath_handlerd] (root,0,0,00:00:00/35-15:24:59,342) [ata_sff] (root,0,0,00:00:00/35-15:24:58,343) [scsi_eh_0] (root,0,0,00:00:00/35-15:24:58,344) [scsi_tmf_0] (root,0,0,00:00:00/35-15:24:58,345) [scsi_eh_1] (root,0,0,00:00:00/35-15:24:58,346) [scsi_tmf_1] (root,0,0,00:00:58/35-15:24:56,366) [jbd2/vda1-8] (root,0,0,00:00:00/35-15:24:56,367) [ext4-rsv-conver] (root,38604,7788,00:00:46/35-15:24:44,440) /usr/lib/systemd/systemd-journald (root,53164,9480,00:00:04/35-15:24:43,456) /usr/lib/systemd/systemd-udevd (root,8624,6716,00:00:53/35-15:24:41,491) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1628,00:00:16/35-15:24:07,512) /sbin/auditd (messagebus,22936,5548,00:01:28/35-15:24:07,518) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8524,00:00:51/35-15:24:07,531) /usr/lib/systemd/systemd-logind (root,20556,5000,00:00:00/35-15:24:07,541) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31876,16108,00:00:03/35-15:24:06,626) /usr/sbin/wickedd --systemd --foreground (root,31896,16848,00:00:00/35-15:24:06,627) /usr/sbin/wickedd-nanny --systemd --foreground (root,548616,32960,00:00:40/35-15:23:52,1172) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26404,00:00:00/35-15:23:52,1185) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4576,00:03:21/35-15:23:51,1194) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1744,00:00:00/35-15:23:51,1197) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40568,10524,00:00:00/35-15:23:51,1199) /usr/lib/systemd/systemd --user (cm-ssh,40568,10520,00:00:00/35-15:23:51,1200) /usr/lib/systemd/systemd --user (checkmk,40560,10484,00:00:00/35-15:23:51,1201) /usr/lib/systemd/systemd --user (root,448968,8396,00:00:44/35-15:23:51,1202) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6052,00:04:50/35-15:23:51,1204) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,672,00:00:00/35-15:23:51,1206) bpfilter_umh (root,26204,8212,00:00:13/35-15:23:51,1214) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4188,00:00:00/35-15:23:51,1215) ntpd: asynchronous dns resolver (spot,293864,180100,1-20:13:33/35-15:23:51,1221) /usr/bin/python3.11 /usr/bin/spot (cm-ssh,48532,3192,00:00:00/35-15:23:50,1228) (sd-pam) (checkmk,48532,3192,00:00:00/35-15:23:50,1229) (sd-pam) (syslogtunnel,48532,3192,00:00:00/35-15:23:50,1245) (sd-pam) (root,24216,5344,00:00:11/35-15:23:49,1325) /usr/lib/postfix/bin//master -w (postfix,24292,8260,00:00:02/35-15:23:49,1327) qmgr -l -t fifo -u (root,8964,2668,00:00:04/35-15:23:48,1354) /usr/sbin/cron -n (root,698228,81996,00:46:35/35-15:23:42,1375) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,223680,64168,00:15:16/35-15:23:28,1380) /usr/bin/python3.11 /usr/bin/spot (root,0,0,00:00:00/00:09,4119) [kworker/1:1-ata_sff] (root,0,0,00:00:00/10:30,4297) [kworker/1:2-events] (root,6656,3488,00:00:00/00:00,4742) /bin/bash /usr/bin/check_mk_agent (root,13744,3500,00:00:00/00:00,4760) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,4761) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:00/01:16:43,10630) [kworker/u8:2-ext4-rsv-conversion] (root,35308,10012,00:00:00/29-13:14:44,15389) sshd: cm-ssh [priv] (cm-ssh,35308,5508,00:01:38/29-13:14:43,15391) sshd: cm-ssh (root,0,0,00:00:00/05:00:17,15974) [kworker/u8:1-writeback] (postfix,24244,8228,00:00:00/01:36:09,16513) pickup -l -t fifo -u (root,35308,10072,00:00:00/19-14:43:22,16975) sshd: syslogtunnel [priv] (syslogtunnel,35308,5588,00:01:07/19-14:43:21,16977) sshd: syslogtunnel (root,0,0,00:00:00/01:01:42,19051) [kworker/0:0-events] (root,0,0,00:00:00/05:28,20339) [kworker/3:2-events] (root,0,0,00:00:00/05:19,20978) [kworker/1:0-ata_sff] (root,0,0,00:00:00/13:14,27958) [kworker/2:0-events] (root,0,0,00:00:00/02:47:03,29889) [kworker/3:0-events] (postfix,44628,9272,00:00:01/29-20:00:29,30472) tlsmgr -l -t unix -u (root,0,0,00:00:00/01:55:32,31877) [kworker/0:1-events] (root,0,0,00:00:00/38:29,32365) [kworker/2:1-events] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-12-18 01:47 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe5683630d8c1592Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189460,12576,00:01:18/33-13:30:36,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/33-13:30:36,2) [kthreadd] (root,0,0,00:00:00/33-13:30:36,3) [rcu_gp] (root,0,0,00:00:00/33-13:30:36,4) [rcu_par_gp] (root,0,0,00:00:00/33-13:30:36,5) [slub_flushwq] (root,0,0,00:00:00/33-13:30:36,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/33-13:30:36,9) [mm_percpu_wq] (root,0,0,00:00:00/33-13:30:36,10) [rcu_tasks_kthre] (root,0,0,00:00:00/33-13:30:36,11) [rcu_tasks_rude_] (root,0,0,00:00:00/33-13:30:36,12) [rcu_tasks_trace] (root,0,0,00:01:01/33-13:30:36,13) [ksoftirqd/0] (root,0,0,01:29:08/33-13:30:36,14) [rcu_preempt] (root,0,0,00:00:12/33-13:30:36,15) [migration/0] (root,0,0,00:00:00/33-13:30:36,16) [idle_inject/0] (root,0,0,00:00:00/33-13:30:36,18) [cpuhp/0] (root,0,0,00:00:00/33-13:30:36,19) [cpuhp/1] (root,0,0,00:00:00/33-13:30:36,20) [idle_inject/1] (root,0,0,00:00:13/33-13:30:36,21) [migration/1] (root,0,0,00:00:54/33-13:30:36,22) [ksoftirqd/1] (root,0,0,00:00:00/33-13:30:36,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/33-13:30:36,25) [cpuhp/2] (root,0,0,00:00:00/33-13:30:36,26) [idle_inject/2] (root,0,0,00:00:10/33-13:30:36,27) [migration/2] (root,0,0,01:04:51/33-13:30:36,28) [ksoftirqd/2] (root,0,0,00:00:00/33-13:30:36,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/33-13:30:36,31) [cpuhp/3] (root,0,0,00:00:00/33-13:30:36,32) [idle_inject/3] (root,0,0,00:00:12/33-13:30:36,33) [migration/3] (root,0,0,00:03:01/33-13:30:36,34) [ksoftirqd/3] (root,0,0,00:00:00/33-13:30:36,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/33-13:30:36,39) [kdevtmpfs] (root,0,0,00:00:00/33-13:30:36,40) [netns] (root,0,0,00:00:00/33-13:30:36,41) [inet_frag_wq] (root,0,0,00:00:07/33-13:30:36,42) [kauditd] (root,0,0,00:00:00/33-13:30:36,43) [khungtaskd] (root,0,0,00:00:00/33-13:30:36,44) [oom_reaper] (root,0,0,00:00:00/33-13:30:36,45) [writeback] (root,0,0,00:01:38/33-13:30:36,46) [kcompactd0] (root,0,0,00:00:00/33-13:30:36,47) [ksmd] (root,0,0,00:01:37/33-13:30:36,48) [khugepaged] (root,0,0,00:00:00/33-13:30:36,74) [kintegrityd] (root,0,0,00:00:00/33-13:30:36,75) [kblockd] (root,0,0,00:00:00/33-13:30:36,76) [blkcg_punt_bio] (root,0,0,00:00:00/33-13:30:36,78) [tpm_dev_wq] (root,0,0,00:00:00/33-13:30:36,79) [edac-poller] (root,0,0,00:00:00/33-13:30:36,80) [devfreq_wq] (root,0,0,00:00:00/33-13:30:36,110) [watchdogd] (root,0,0,00:00:07/33-13:30:36,111) [kworker/2:1H-kblockd] (root,0,0,00:00:02/33-13:30:36,112) [kswapd0] (root,0,0,00:00:00/33-13:30:35,114) [kthrotld] (root,0,0,00:00:00/33-13:30:35,115) [mld] (root,0,0,00:00:00/33-13:30:35,116) [ipv6_addrconf] (root,0,0,00:00:14/33-13:30:35,117) [kworker/1:1H-kblockd] (root,0,0,00:00:00/33-13:30:35,122) [kstrp] (root,0,0,00:00:00/33-13:30:35,123) [zswap-shrink] (root,0,0,00:00:00/33-13:30:35,124) [kworker/u9:0] (root,0,0,00:00:00/33-13:30:35,129) [charger_manager] (root,0,0,00:00:07/33-13:30:34,172) [kworker/3:1H-kblockd] (root,0,0,00:00:07/33-13:30:34,175) [kworker/0:1H-kblockd] (root,0,0,00:00:00/33-13:30:34,205) [kaluad] (root,0,0,00:00:00/33-13:30:34,250) [kmpath_rdacd] (root,0,0,00:00:00/33-13:30:34,293) [kmpathd] (root,0,0,00:00:00/33-13:30:34,294) [kmpath_handlerd] (root,0,0,00:00:00/33-13:30:34,342) [ata_sff] (root,0,0,00:00:00/33-13:30:33,343) [scsi_eh_0] (root,0,0,00:00:00/33-13:30:33,344) [scsi_tmf_0] (root,0,0,00:00:00/33-13:30:33,345) [scsi_eh_1] (root,0,0,00:00:00/33-13:30:33,346) [scsi_tmf_1] (root,0,0,00:00:54/33-13:30:31,366) [jbd2/vda1-8] (root,0,0,00:00:00/33-13:30:31,367) [ext4-rsv-conver] (root,38604,7788,00:00:44/33-13:30:19,440) /usr/lib/systemd/systemd-journald (root,53164,9480,00:00:03/33-13:30:18,456) /usr/lib/systemd/systemd-udevd (root,8624,6716,00:00:50/33-13:30:16,491) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1628,00:00:16/33-13:29:42,512) /sbin/auditd (messagebus,22936,5548,00:01:25/33-13:29:42,518) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8524,00:00:49/33-13:29:42,531) /usr/lib/systemd/systemd-logind (root,20556,5000,00:00:00/33-13:29:42,541) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31876,16108,00:00:03/33-13:29:41,626) /usr/sbin/wickedd --systemd --foreground (root,31896,16848,00:00:00/33-13:29:41,627) /usr/sbin/wickedd-nanny --systemd --foreground (root,0,0,00:00:00/02:22:15,727) [kworker/u8:2-events_unbound] (root,548360,32524,00:00:38/33-13:29:27,1172) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26404,00:00:00/33-13:29:27,1185) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4576,00:03:09/33-13:29:26,1194) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1744,00:00:00/33-13:29:26,1197) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40568,10524,00:00:00/33-13:29:26,1199) /usr/lib/systemd/systemd --user (cm-ssh,40568,10520,00:00:00/33-13:29:26,1200) /usr/lib/systemd/systemd --user (checkmk,40560,10484,00:00:00/33-13:29:26,1201) /usr/lib/systemd/systemd --user (root,448968,8444,00:00:42/33-13:29:26,1202) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6052,00:04:34/33-13:29:26,1204) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,672,00:00:00/33-13:29:26,1206) bpfilter_umh (root,26204,8212,00:00:13/33-13:29:26,1214) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4188,00:00:00/33-13:29:26,1215) ntpd: asynchronous dns resolver (spot,292792,179876,1-17:45:30/33-13:29:26,1221) /usr/bin/python3.11 /usr/bin/spot (cm-ssh,48532,3192,00:00:00/33-13:29:25,1228) (sd-pam) (checkmk,48532,3192,00:00:00/33-13:29:25,1229) (sd-pam) (syslogtunnel,48532,3192,00:00:00/33-13:29:25,1245) (sd-pam) (root,24216,5344,00:00:11/33-13:29:24,1325) /usr/lib/postfix/bin//master -w (postfix,24292,8260,00:00:02/33-13:29:24,1327) qmgr -l -t fifo -u (root,8964,2668,00:00:04/33-13:29:23,1354) /usr/sbin/cron -n (root,697972,81832,00:43:53/33-13:29:17,1375) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,222656,63536,00:14:26/33-13:29:03,1380) /usr/bin/python3.11 /usr/bin/spot (postfix,24244,8284,00:00:00/02:36,2257) pickup -l -t fifo -u (root,0,0,00:00:00/02:21,3835) [kworker/u8:0] (root,0,0,00:00:00/02:21,3836) [kworker/3:1-cgroup_destroy] (root,0,0,00:00:00/37:15,7073) [kworker/u8:1-flush-253:0] (root,0,0,00:00:00/01:15,10122) [kworker/1:0-ata_sff] (root,0,0,00:00:00/06:26,12958) [kworker/1:1-events] (root,35308,10012,00:00:00/27-11:20:19,15389) sshd: cm-ssh [priv] (cm-ssh,35308,5508,00:01:31/27-11:20:18,15391) sshd: cm-ssh (root,35308,10072,00:00:00/17-12:48:57,16975) sshd: syslogtunnel [priv] (syslogtunnel,35308,5588,00:01:00/17-12:48:56,16977) sshd: syslogtunnel (root,0,0,00:00:00/02:00:53,18088) [kworker/3:2-inet_frag_wq] (root,6656,3488,00:00:00/00:01,18336) /bin/bash /usr/bin/check_mk_agent (root,13744,3424,00:00:00/00:00,18354) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,18355) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:00/54:17,19428) [kworker/0:2-events] (root,0,0,00:00:04/02:30:33,24863) [kworker/2:1-events] (root,0,0,00:00:00/32:22,25067) [kworker/1:2-ata_sff] (root,0,0,00:00:02/02:52:51,29457) [kworker/3:0-events] (postfix,44628,9316,00:00:01/27-18:06:04,30472) tlsmgr -l -t unix -u (root,0,0,00:00:00/01:01:44,31017) [kworker/0:1-events] (root,0,0,00:00:00/30:55,31459) [kworker/2:0] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-12-15 23:52 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363dade3d79Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189460,12576,00:01:15/31-13:43:28,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/31-13:43:28,2) [kthreadd] (root,0,0,00:00:00/31-13:43:28,3) [rcu_gp] (root,0,0,00:00:00/31-13:43:28,4) [rcu_par_gp] (root,0,0,00:00:00/31-13:43:28,5) [slub_flushwq] (root,0,0,00:00:00/31-13:43:28,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/31-13:43:28,9) [mm_percpu_wq] (root,0,0,00:00:00/31-13:43:28,10) [rcu_tasks_kthre] (root,0,0,00:00:00/31-13:43:28,11) [rcu_tasks_rude_] (root,0,0,00:00:00/31-13:43:28,12) [rcu_tasks_trace] (root,0,0,00:00:58/31-13:43:28,13) [ksoftirqd/0] (root,0,0,01:23:57/31-13:43:28,14) [rcu_preempt] (root,0,0,00:00:12/31-13:43:28,15) [migration/0] (root,0,0,00:00:00/31-13:43:28,16) [idle_inject/0] (root,0,0,00:00:00/31-13:43:28,18) [cpuhp/0] (root,0,0,00:00:00/31-13:43:28,19) [cpuhp/1] (root,0,0,00:00:00/31-13:43:28,20) [idle_inject/1] (root,0,0,00:00:12/31-13:43:28,21) [migration/1] (root,0,0,00:00:50/31-13:43:28,22) [ksoftirqd/1] (root,0,0,00:00:00/31-13:43:28,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/31-13:43:28,25) [cpuhp/2] (root,0,0,00:00:00/31-13:43:28,26) [idle_inject/2] (root,0,0,00:00:09/31-13:43:28,27) [migration/2] (root,0,0,01:01:48/31-13:43:28,28) [ksoftirqd/2] (root,0,0,00:00:00/31-13:43:28,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/31-13:43:28,31) [cpuhp/3] (root,0,0,00:00:00/31-13:43:28,32) [idle_inject/3] (root,0,0,00:00:11/31-13:43:28,33) [migration/3] (root,0,0,00:02:51/31-13:43:28,34) [ksoftirqd/3] (root,0,0,00:00:00/31-13:43:28,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/31-13:43:28,39) [kdevtmpfs] (root,0,0,00:00:00/31-13:43:28,40) [netns] (root,0,0,00:00:00/31-13:43:28,41) [inet_frag_wq] (root,0,0,00:00:07/31-13:43:28,42) [kauditd] (root,0,0,00:00:00/31-13:43:28,43) [khungtaskd] (root,0,0,00:00:00/31-13:43:28,44) [oom_reaper] (root,0,0,00:00:00/31-13:43:28,45) [writeback] (root,0,0,00:01:32/31-13:43:28,46) [kcompactd0] (root,0,0,00:00:00/31-13:43:28,47) [ksmd] (root,0,0,00:01:31/31-13:43:28,48) [khugepaged] (root,0,0,00:00:00/31-13:43:28,74) [kintegrityd] (root,0,0,00:00:00/31-13:43:28,75) [kblockd] (root,0,0,00:00:00/31-13:43:28,76) [blkcg_punt_bio] (root,0,0,00:00:00/31-13:43:28,78) [tpm_dev_wq] (root,0,0,00:00:00/31-13:43:28,79) [edac-poller] (root,0,0,00:00:00/31-13:43:28,80) [devfreq_wq] (root,0,0,00:00:00/31-13:43:28,110) [watchdogd] (root,0,0,00:00:06/31-13:43:28,111) [kworker/2:1H-kblockd] (root,0,0,00:00:02/31-13:43:28,112) [kswapd0] (root,0,0,00:00:00/31-13:43:27,114) [kthrotld] (root,0,0,00:00:00/31-13:43:27,115) [mld] (root,0,0,00:00:00/31-13:43:27,116) [ipv6_addrconf] (root,0,0,00:00:13/31-13:43:27,117) [kworker/1:1H-kblockd] (root,0,0,00:00:00/31-13:43:27,122) [kstrp] (root,0,0,00:00:00/31-13:43:27,123) [zswap-shrink] (root,0,0,00:00:00/31-13:43:27,124) [kworker/u9:0] (root,0,0,00:00:00/31-13:43:27,129) [charger_manager] (root,0,0,00:00:07/31-13:43:26,172) [kworker/3:1H-kblockd] (root,0,0,00:00:07/31-13:43:26,175) [kworker/0:1H-kblockd] (root,0,0,00:00:00/31-13:43:26,205) [kaluad] (root,0,0,00:00:00/31-13:43:26,250) [kmpath_rdacd] (root,0,0,00:00:00/31-13:43:26,293) [kmpathd] (root,0,0,00:00:00/31-13:43:26,294) [kmpath_handlerd] (root,0,0,00:00:00/31-13:43:26,342) [ata_sff] (root,0,0,00:00:00/31-13:43:25,343) [scsi_eh_0] (root,0,0,00:00:00/31-13:43:25,344) [scsi_tmf_0] (root,0,0,00:00:00/31-13:43:25,345) [scsi_eh_1] (root,0,0,00:00:00/31-13:43:25,346) [scsi_tmf_1] (root,0,0,00:00:51/31-13:43:23,366) [jbd2/vda1-8] (root,0,0,00:00:00/31-13:43:23,367) [ext4-rsv-conver] (root,38604,7788,00:00:42/31-13:43:11,440) /usr/lib/systemd/systemd-journald (root,53164,9480,00:00:03/31-13:43:10,456) /usr/lib/systemd/systemd-udevd (root,8624,6716,00:00:47/31-13:43:08,491) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1628,00:00:15/31-13:42:34,512) /sbin/auditd (messagebus,22936,5548,00:01:22/31-13:42:34,518) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8524,00:00:47/31-13:42:34,531) /usr/lib/systemd/systemd-logind (root,20556,5000,00:00:00/31-13:42:34,541) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31876,16108,00:00:03/31-13:42:33,626) /usr/sbin/wickedd --systemd --foreground (root,31896,16848,00:00:00/31-13:42:33,627) /usr/sbin/wickedd-nanny --systemd --foreground (root,548360,31484,00:00:35/31-13:42:19,1172) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26404,00:00:00/31-13:42:19,1185) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4576,00:02:57/31-13:42:18,1194) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1744,00:00:00/31-13:42:18,1197) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40568,10524,00:00:00/31-13:42:18,1199) /usr/lib/systemd/systemd --user (cm-ssh,40568,10520,00:00:00/31-13:42:18,1200) /usr/lib/systemd/systemd --user (checkmk,40560,10484,00:00:00/31-13:42:18,1201) /usr/lib/systemd/systemd --user (root,448968,8444,00:00:40/31-13:42:18,1202) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6052,00:04:18/31-13:42:18,1204) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,672,00:00:00/31-13:42:18,1206) bpfilter_umh (root,26204,8212,00:00:12/31-13:42:18,1214) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4188,00:00:00/31-13:42:18,1215) ntpd: asynchronous dns resolver (spot,286584,173752,1-15:29:42/31-13:42:18,1221) /usr/bin/python3.11 /usr/bin/spot (cm-ssh,48532,3192,00:00:00/31-13:42:17,1228) (sd-pam) (checkmk,48532,3192,00:00:00/31-13:42:17,1229) (sd-pam) (syslogtunnel,48532,3192,00:00:00/31-13:42:17,1245) (sd-pam) (root,24216,5344,00:00:10/31-13:42:16,1325) /usr/lib/postfix/bin//master -w (postfix,24292,8260,00:00:02/31-13:42:16,1327) qmgr -l -t fifo -u (root,8964,2668,00:00:04/31-13:42:15,1354) /usr/sbin/cron -n (root,697972,81512,00:41:18/31-13:42:09,1375) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,221632,61380,00:13:37/31-13:41:55,1380) /usr/bin/python3.11 /usr/bin/spot (root,0,0,00:00:00/03:13,9372) [kworker/1:0-ata_sff] (root,0,0,00:00:03/01:59:14,11542) [kworker/2:0-events] (root,35308,10012,00:00:00/25-11:33:11,15389) sshd: cm-ssh [priv] (cm-ssh,35308,5508,00:01:24/25-11:33:10,15391) sshd: cm-ssh (root,0,0,00:00:00/02:10:06,16327) [kworker/u8:0-ext4-rsv-conversion] (root,35308,10072,00:00:00/15-13:01:49,16975) sshd: syslogtunnel [priv] (syslogtunnel,35308,5588,00:00:53/15-13:01:48,16977) sshd: syslogtunnel (root,0,0,00:00:00/08:25,20275) [kworker/1:2-events] (root,0,0,00:00:00/01:05:30,22377) [kworker/0:1-events] (root,0,0,00:00:00/59:41,24430) [kworker/3:0-events] (root,0,0,00:00:00/29:59,25324) [kworker/3:1] (root,0,0,00:00:00/07:55,28354) [kworker/0:0-events] (postfix,24244,8252,00:00:00/37:23,28439) pickup -l -t fifo -u (root,0,0,00:00:00/01:36:51,29649) [kworker/2:2-cgroup_destroy] (root,0,0,00:00:00/00:26,29868) [kworker/2:1-events] (postfix,44628,9316,00:00:01/25-18:18:56,30472) tlsmgr -l -t unix -u (root,0,0,00:00:00/00:09,30973) [kworker/u8:2-writeback] (root,0,0,00:00:00/18:49,31624) [kworker/1:1-ata_sff] (root,0,0,00:00:00/50:39,31712) [kworker/u8:1-ext4-rsv-conversion] (root,6656,3488,00:00:00/00:00,32239) /bin/bash /usr/bin/check_mk_agent (root,13744,3524,00:00:00/00:00,32257) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,32258) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-12-14 00:05 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363b13d1514Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189460,12576,00:01:12/29-14:42:04,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/29-14:42:04,2) [kthreadd] (root,0,0,00:00:00/29-14:42:04,3) [rcu_gp] (root,0,0,00:00:00/29-14:42:04,4) [rcu_par_gp] (root,0,0,00:00:00/29-14:42:04,5) [slub_flushwq] (root,0,0,00:00:00/29-14:42:04,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/29-14:42:04,9) [mm_percpu_wq] (root,0,0,00:00:00/29-14:42:04,10) [rcu_tasks_kthre] (root,0,0,00:00:00/29-14:42:04,11) [rcu_tasks_rude_] (root,0,0,00:00:00/29-14:42:04,12) [rcu_tasks_trace] (root,0,0,00:00:53/29-14:42:04,13) [ksoftirqd/0] (root,0,0,01:18:54/29-14:42:04,14) [rcu_preempt] (root,0,0,00:00:11/29-14:42:04,15) [migration/0] (root,0,0,00:00:00/29-14:42:04,16) [idle_inject/0] (root,0,0,00:00:00/29-14:42:04,18) [cpuhp/0] (root,0,0,00:00:00/29-14:42:04,19) [cpuhp/1] (root,0,0,00:00:00/29-14:42:04,20) [idle_inject/1] (root,0,0,00:00:11/29-14:42:04,21) [migration/1] (root,0,0,00:00:46/29-14:42:04,22) [ksoftirqd/1] (root,0,0,00:00:00/29-14:42:04,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/29-14:42:04,25) [cpuhp/2] (root,0,0,00:00:00/29-14:42:04,26) [idle_inject/2] (root,0,0,00:00:09/29-14:42:04,27) [migration/2] (root,0,0,00:58:16/29-14:42:04,28) [ksoftirqd/2] (root,0,0,00:00:00/29-14:42:04,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/29-14:42:04,31) [cpuhp/3] (root,0,0,00:00:00/29-14:42:04,32) [idle_inject/3] (root,0,0,00:00:11/29-14:42:04,33) [migration/3] (root,0,0,00:02:40/29-14:42:04,34) [ksoftirqd/3] (root,0,0,00:00:00/29-14:42:04,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/29-14:42:04,39) [kdevtmpfs] (root,0,0,00:00:00/29-14:42:04,40) [netns] (root,0,0,00:00:00/29-14:42:04,41) [inet_frag_wq] (root,0,0,00:00:06/29-14:42:04,42) [kauditd] (root,0,0,00:00:00/29-14:42:04,43) [khungtaskd] (root,0,0,00:00:00/29-14:42:04,44) [oom_reaper] (root,0,0,00:00:00/29-14:42:04,45) [writeback] (root,0,0,00:01:27/29-14:42:04,46) [kcompactd0] (root,0,0,00:00:00/29-14:42:04,47) [ksmd] (root,0,0,00:01:25/29-14:42:04,48) [khugepaged] (root,0,0,00:00:00/29-14:42:04,74) [kintegrityd] (root,0,0,00:00:00/29-14:42:04,75) [kblockd] (root,0,0,00:00:00/29-14:42:04,76) [blkcg_punt_bio] (root,0,0,00:00:00/29-14:42:04,78) [tpm_dev_wq] (root,0,0,00:00:00/29-14:42:04,79) [edac-poller] (root,0,0,00:00:00/29-14:42:04,80) [devfreq_wq] (root,0,0,00:00:00/29-14:42:04,110) [watchdogd] (root,0,0,00:00:06/29-14:42:04,111) [kworker/2:1H-kblockd] (root,0,0,00:00:02/29-14:42:04,112) [kswapd0] (root,0,0,00:00:00/29-14:42:03,114) [kthrotld] (root,0,0,00:00:00/29-14:42:03,115) [mld] (root,0,0,00:00:00/29-14:42:03,116) [ipv6_addrconf] (root,0,0,00:00:12/29-14:42:03,117) [kworker/1:1H-kblockd] (root,0,0,00:00:00/29-14:42:03,122) [kstrp] (root,0,0,00:00:00/29-14:42:03,123) [zswap-shrink] (root,0,0,00:00:00/29-14:42:03,124) [kworker/u9:0] (root,0,0,00:00:00/29-14:42:03,129) [charger_manager] (root,0,0,00:00:06/29-14:42:02,172) [kworker/3:1H-kblockd] (root,0,0,00:00:06/29-14:42:02,175) [kworker/0:1H-kblockd] (root,0,0,00:00:00/29-14:42:02,205) [kaluad] (root,0,0,00:00:00/29-14:42:02,250) [kmpath_rdacd] (root,0,0,00:00:00/29-14:42:02,293) [kmpathd] (root,0,0,00:00:00/29-14:42:02,294) [kmpath_handlerd] (root,0,0,00:00:00/29-14:42:02,342) [ata_sff] (root,0,0,00:00:00/29-14:42:01,343) [scsi_eh_0] (root,0,0,00:00:00/29-14:42:01,344) [scsi_tmf_0] (root,0,0,00:00:00/29-14:42:01,345) [scsi_eh_1] (root,0,0,00:00:00/29-14:42:01,346) [scsi_tmf_1] (root,0,0,00:00:48/29-14:41:59,366) [jbd2/vda1-8] (root,0,0,00:00:00/29-14:41:59,367) [ext4-rsv-conver] (root,38604,7788,00:00:40/29-14:41:47,440) /usr/lib/systemd/systemd-journald (root,53164,9480,00:00:03/29-14:41:46,456) /usr/lib/systemd/systemd-udevd (root,8624,6716,00:00:44/29-14:41:44,491) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1628,00:00:14/29-14:41:10,512) /sbin/auditd (messagebus,22936,5548,00:01:18/29-14:41:10,518) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8524,00:00:45/29-14:41:10,531) /usr/lib/systemd/systemd-logind (root,20556,5000,00:00:00/29-14:41:10,541) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31876,16108,00:00:03/29-14:41:09,626) /usr/sbin/wickedd --systemd --foreground (root,31896,16848,00:00:00/29-14:41:09,627) /usr/sbin/wickedd-nanny --systemd --foreground (root,0,0,00:00:00/39:29,931) [kworker/3:1-events] (root,548360,31484,00:00:33/29-14:40:55,1172) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26404,00:00:00/29-14:40:55,1185) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4572,00:02:42/29-14:40:54,1194) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1744,00:00:00/29-14:40:54,1197) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40568,10524,00:00:00/29-14:40:54,1199) /usr/lib/systemd/systemd --user (cm-ssh,40568,10520,00:00:00/29-14:40:54,1200) /usr/lib/systemd/systemd --user (checkmk,40560,10484,00:00:00/29-14:40:54,1201) /usr/lib/systemd/systemd --user (root,448968,8444,00:00:38/29-14:40:54,1202) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6052,00:04:02/29-14:40:54,1204) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,672,00:00:00/29-14:40:54,1206) bpfilter_umh (root,26204,8212,00:00:12/29-14:40:54,1214) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4188,00:00:00/29-14:40:54,1215) ntpd: asynchronous dns resolver (spot,291564,178804,1-13:01:06/29-14:40:54,1221) /usr/bin/python3.11 /usr/bin/spot (cm-ssh,48532,3192,00:00:00/29-14:40:53,1228) (sd-pam) (checkmk,48532,3192,00:00:00/29-14:40:53,1229) (sd-pam) (syslogtunnel,48532,3192,00:00:00/29-14:40:53,1245) (sd-pam) (root,24216,5344,00:00:09/29-14:40:52,1325) /usr/lib/postfix/bin//master -w (postfix,24292,8260,00:00:02/29-14:40:52,1327) qmgr -l -t fifo -u (root,8964,2668,00:00:04/29-14:40:51,1354) /usr/sbin/cron -n (root,697576,81148,00:38:44/29-14:40:45,1375) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,220608,60500,00:12:54/29-14:40:31,1380) /usr/bin/python3.11 /usr/bin/spot (root,0,0,00:00:00/10:29,3903) [kworker/0:2-events] (root,0,0,00:00:00/01:43:51,3949) [kworker/u8:1-writeback] (root,0,0,00:00:00/01:14:41,4092) [kworker/3:0-events] (root,0,0,00:00:00/09:27,6756) [kworker/1:2-ata_sff] (root,6656,3488,00:00:00/00:00,6760) /bin/bash /usr/bin/check_mk_agent (root,13744,3404,00:00:00/00:00,6778) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,6779) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:00/03:49:11,8802) [kworker/u8:0] (root,0,0,00:00:00/01:29:30,10360) [kworker/2:2-events] (root,0,0,00:00:01/01:21:57,10395) [kworker/2:0-events] (postfix,24244,8204,00:00:00/17:45,14984) pickup -l -t fifo -u (root,35308,10012,00:00:00/23-12:31:47,15389) sshd: cm-ssh [priv] (cm-ssh,35308,5508,00:01:18/23-12:31:46,15391) sshd: cm-ssh (root,35308,10072,00:00:00/13-14:00:25,16975) sshd: syslogtunnel [priv] (syslogtunnel,35308,5588,00:00:47/13-14:00:24,16977) sshd: syslogtunnel (root,0,0,00:00:02/07:24:37,20264) [kworker/0:1-events] (root,0,0,00:00:01/01:27:16,21615) [kworker/1:1-ata_sff] (root,0,0,00:00:00/04:14,25239) [kworker/1:0-events] (postfix,44628,9316,00:00:01/23-19:17:32,30472) tlsmgr -l -t unix -u Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-12-12 01:04 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363d3fd7a07Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189460,12576,00:01:08/27-14:44:31,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/27-14:44:31,2) [kthreadd] (root,0,0,00:00:00/27-14:44:31,3) [rcu_gp] (root,0,0,00:00:00/27-14:44:31,4) [rcu_par_gp] (root,0,0,00:00:00/27-14:44:31,5) [slub_flushwq] (root,0,0,00:00:00/27-14:44:31,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/27-14:44:31,9) [mm_percpu_wq] (root,0,0,00:00:00/27-14:44:31,10) [rcu_tasks_kthre] (root,0,0,00:00:00/27-14:44:31,11) [rcu_tasks_rude_] (root,0,0,00:00:00/27-14:44:31,12) [rcu_tasks_trace] (root,0,0,00:00:50/27-14:44:31,13) [ksoftirqd/0] (root,0,0,01:13:45/27-14:44:31,14) [rcu_preempt] (root,0,0,00:00:10/27-14:44:31,15) [migration/0] (root,0,0,00:00:00/27-14:44:31,16) [idle_inject/0] (root,0,0,00:00:00/27-14:44:31,18) [cpuhp/0] (root,0,0,00:00:00/27-14:44:31,19) [cpuhp/1] (root,0,0,00:00:00/27-14:44:31,20) [idle_inject/1] (root,0,0,00:00:10/27-14:44:31,21) [migration/1] (root,0,0,00:00:44/27-14:44:31,22) [ksoftirqd/1] (root,0,0,00:00:00/27-14:44:31,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/27-14:44:31,25) [cpuhp/2] (root,0,0,00:00:00/27-14:44:31,26) [idle_inject/2] (root,0,0,00:00:08/27-14:44:31,27) [migration/2] (root,0,0,00:55:29/27-14:44:31,28) [ksoftirqd/2] (root,0,0,00:00:00/27-14:44:31,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/27-14:44:31,31) [cpuhp/3] (root,0,0,00:00:00/27-14:44:31,32) [idle_inject/3] (root,0,0,00:00:10/27-14:44:31,33) [migration/3] (root,0,0,00:02:32/27-14:44:31,34) [ksoftirqd/3] (root,0,0,00:00:00/27-14:44:31,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/27-14:44:31,39) [kdevtmpfs] (root,0,0,00:00:00/27-14:44:31,40) [netns] (root,0,0,00:00:00/27-14:44:31,41) [inet_frag_wq] (root,0,0,00:00:06/27-14:44:31,42) [kauditd] (root,0,0,00:00:00/27-14:44:31,43) [khungtaskd] (root,0,0,00:00:00/27-14:44:31,44) [oom_reaper] (root,0,0,00:00:00/27-14:44:31,45) [writeback] (root,0,0,00:01:21/27-14:44:31,46) [kcompactd0] (root,0,0,00:00:00/27-14:44:31,47) [ksmd] (root,0,0,00:01:19/27-14:44:31,48) [khugepaged] (root,0,0,00:00:00/27-14:44:31,74) [kintegrityd] (root,0,0,00:00:00/27-14:44:31,75) [kblockd] (root,0,0,00:00:00/27-14:44:31,76) [blkcg_punt_bio] (root,0,0,00:00:00/27-14:44:31,78) [tpm_dev_wq] (root,0,0,00:00:00/27-14:44:31,79) [edac-poller] (root,0,0,00:00:00/27-14:44:31,80) [devfreq_wq] (root,0,0,00:00:00/27-14:44:31,110) [watchdogd] (root,0,0,00:00:05/27-14:44:31,111) [kworker/2:1H-kblockd] (root,0,0,00:00:02/27-14:44:31,112) [kswapd0] (root,0,0,00:00:00/27-14:44:30,114) [kthrotld] (root,0,0,00:00:00/27-14:44:30,115) [mld] (root,0,0,00:00:00/27-14:44:30,116) [ipv6_addrconf] (root,0,0,00:00:11/27-14:44:30,117) [kworker/1:1H-kblockd] (root,0,0,00:00:00/27-14:44:30,122) [kstrp] (root,0,0,00:00:00/27-14:44:30,123) [zswap-shrink] (root,0,0,00:00:00/27-14:44:30,124) [kworker/u9:0] (root,0,0,00:00:00/27-14:44:30,129) [charger_manager] (root,0,0,00:00:06/27-14:44:29,172) [kworker/3:1H-kblockd] (root,0,0,00:00:06/27-14:44:29,175) [kworker/0:1H-kblockd] (root,0,0,00:00:00/27-14:44:29,205) [kaluad] (root,0,0,00:00:00/27-14:44:29,250) [kmpath_rdacd] (root,0,0,00:00:00/27-14:44:29,293) [kmpathd] (root,0,0,00:00:00/27-14:44:29,294) [kmpath_handlerd] (root,0,0,00:00:00/27-14:44:29,342) [ata_sff] (root,0,0,00:00:00/27-14:44:28,343) [scsi_eh_0] (root,0,0,00:00:00/27-14:44:28,344) [scsi_tmf_0] (root,0,0,00:00:00/27-14:44:28,345) [scsi_eh_1] (root,0,0,00:00:00/27-14:44:28,346) [scsi_tmf_1] (root,0,0,00:00:45/27-14:44:26,366) [jbd2/vda1-8] (root,0,0,00:00:00/27-14:44:26,367) [ext4-rsv-conver] (root,38604,7788,00:00:38/27-14:44:14,440) /usr/lib/systemd/systemd-journald (root,53164,9480,00:00:03/27-14:44:13,456) /usr/lib/systemd/systemd-udevd (root,8624,6716,00:00:41/27-14:44:11,491) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1628,00:00:14/27-14:43:37,512) /sbin/auditd (messagebus,22936,5548,00:01:14/27-14:43:37,518) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8520,00:00:43/27-14:43:37,531) /usr/lib/systemd/systemd-logind (root,20556,5000,00:00:00/27-14:43:37,541) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,0,0,00:00:00/00:59,584) [kworker/1:0-ata_sff] (root,31876,16108,00:00:03/27-14:43:36,626) /usr/sbin/wickedd --systemd --foreground (root,31896,16848,00:00:00/27-14:43:36,627) /usr/sbin/wickedd-nanny --systemd --foreground (root,548360,31484,00:00:31/27-14:43:22,1172) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26404,00:00:00/27-14:43:22,1185) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4572,00:02:34/27-14:43:21,1194) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1744,00:00:00/27-14:43:21,1197) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40568,10524,00:00:00/27-14:43:21,1199) /usr/lib/systemd/systemd --user (cm-ssh,40568,10520,00:00:00/27-14:43:21,1200) /usr/lib/systemd/systemd --user (checkmk,40560,10484,00:00:00/27-14:43:21,1201) /usr/lib/systemd/systemd --user (root,448968,8444,00:00:36/27-14:43:21,1202) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6052,00:03:46/27-14:43:21,1204) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,672,00:00:00/27-14:43:21,1206) bpfilter_umh (root,26204,8212,00:00:11/27-14:43:21,1214) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4188,00:00:00/27-14:43:21,1215) ntpd: asynchronous dns resolver (spot,290056,176668,1-10:40:57/27-14:43:21,1221) /usr/bin/python3.11 /usr/bin/spot (cm-ssh,48532,3192,00:00:00/27-14:43:20,1228) (sd-pam) (checkmk,48532,3192,00:00:00/27-14:43:20,1229) (sd-pam) (syslogtunnel,48532,3192,00:00:00/27-14:43:20,1245) (sd-pam) (root,24216,5344,00:00:09/27-14:43:19,1325) /usr/lib/postfix/bin//master -w (postfix,24292,8260,00:00:01/27-14:43:19,1327) qmgr -l -t fifo -u (root,8964,2668,00:00:03/27-14:43:18,1354) /usr/sbin/cron -n (root,697064,80568,00:36:08/27-14:43:12,1375) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,219584,58620,00:11:36/27-14:42:58,1380) /usr/bin/python3.11 /usr/bin/spot (root,0,0,00:00:01/03:58:03,1639) [kworker/3:1-events] (postfix,24244,8288,00:00:00/42:13,4237) pickup -l -t fifo -u (root,0,0,00:00:00/09:48,5127) [kworker/0:2] (root,6656,3488,00:00:00/00:00,5793) /bin/bash /usr/bin/check_mk_agent (root,13744,3432,00:00:00/00:00,5811) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,960,00:00:00/00:00,5812) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:00/53:03,7755) [kworker/3:2-cgroup_destroy] (root,0,0,00:00:00/01:31:38,8451) [kworker/u8:2-ext4-rsv-conversion] (root,0,0,00:00:00/06:11,12518) [kworker/1:2-ata_sff] (root,35308,10012,00:00:00/21-12:34:14,15389) sshd: cm-ssh [priv] (cm-ssh,35308,5508,00:01:11/21-12:34:13,15391) sshd: cm-ssh (root,0,0,00:00:00/37:18,15445) [kworker/1:1-events] (root,0,0,00:00:00/17:16,16162) [kworker/0:1-events] (root,35308,10072,00:00:00/11-14:02:52,16975) sshd: syslogtunnel [priv] (syslogtunnel,35308,5588,00:00:40/11-14:02:51,16977) sshd: syslogtunnel (root,0,0,00:00:00/26:09,19174) [kworker/u8:1-writeback] (root,0,0,00:00:00/24:23,24768) [kworker/2:0-events] (root,0,0,00:00:00/02:42,27446) [kworker/3:0] (root,0,0,00:00:02/02:06:33,27932) [kworker/2:2-events] (postfix,44628,9316,00:00:00/21-19:19:59,30472) tlsmgr -l -t unix -u Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-12-10 01:06 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363cc3f9341Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189460,12816,00:01:04/25-14:30:03,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/25-14:30:03,2) [kthreadd] (root,0,0,00:00:00/25-14:30:03,3) [rcu_gp] (root,0,0,00:00:00/25-14:30:03,4) [rcu_par_gp] (root,0,0,00:00:00/25-14:30:03,5) [slub_flushwq] (root,0,0,00:00:00/25-14:30:03,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/25-14:30:03,9) [mm_percpu_wq] (root,0,0,00:00:00/25-14:30:03,10) [rcu_tasks_kthre] (root,0,0,00:00:00/25-14:30:03,11) [rcu_tasks_rude_] (root,0,0,00:00:00/25-14:30:03,12) [rcu_tasks_trace] (root,0,0,00:00:46/25-14:30:03,13) [ksoftirqd/0] (root,0,0,01:08:27/25-14:30:03,14) [rcu_preempt] (root,0,0,00:00:09/25-14:30:03,15) [migration/0] (root,0,0,00:00:00/25-14:30:03,16) [idle_inject/0] (root,0,0,00:00:00/25-14:30:03,18) [cpuhp/0] (root,0,0,00:00:00/25-14:30:03,19) [cpuhp/1] (root,0,0,00:00:00/25-14:30:03,20) [idle_inject/1] (root,0,0,00:00:10/25-14:30:03,21) [migration/1] (root,0,0,00:00:40/25-14:30:03,22) [ksoftirqd/1] (root,0,0,00:00:00/25-14:30:03,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/25-14:30:03,25) [cpuhp/2] (root,0,0,00:00:00/25-14:30:03,26) [idle_inject/2] (root,0,0,00:00:08/25-14:30:03,27) [migration/2] (root,0,0,00:52:18/25-14:30:03,28) [ksoftirqd/2] (root,0,0,00:00:00/25-14:30:03,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/25-14:30:03,31) [cpuhp/3] (root,0,0,00:00:00/25-14:30:03,32) [idle_inject/3] (root,0,0,00:00:09/25-14:30:03,33) [migration/3] (root,0,0,00:02:22/25-14:30:03,34) [ksoftirqd/3] (root,0,0,00:00:00/25-14:30:03,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/25-14:30:03,39) [kdevtmpfs] (root,0,0,00:00:00/25-14:30:03,40) [netns] (root,0,0,00:00:00/25-14:30:03,41) [inet_frag_wq] (root,0,0,00:00:06/25-14:30:03,42) [kauditd] (root,0,0,00:00:00/25-14:30:03,43) [khungtaskd] (root,0,0,00:00:00/25-14:30:03,44) [oom_reaper] (root,0,0,00:00:00/25-14:30:03,45) [writeback] (root,0,0,00:01:15/25-14:30:03,46) [kcompactd0] (root,0,0,00:00:00/25-14:30:03,47) [ksmd] (root,0,0,00:01:14/25-14:30:03,48) [khugepaged] (root,0,0,00:00:00/25-14:30:03,74) [kintegrityd] (root,0,0,00:00:00/25-14:30:03,75) [kblockd] (root,0,0,00:00:00/25-14:30:03,76) [blkcg_punt_bio] (root,0,0,00:00:00/25-14:30:03,78) [tpm_dev_wq] (root,0,0,00:00:00/25-14:30:03,79) [edac-poller] (root,0,0,00:00:00/25-14:30:03,80) [devfreq_wq] (root,0,0,00:00:00/25-14:30:03,110) [watchdogd] (root,0,0,00:00:05/25-14:30:03,111) [kworker/2:1H-kblockd] (root,0,0,00:00:01/25-14:30:03,112) [kswapd0] (root,0,0,00:00:00/25-14:30:02,114) [kthrotld] (root,0,0,00:00:00/25-14:30:02,115) [mld] (root,0,0,00:00:00/25-14:30:02,116) [ipv6_addrconf] (root,0,0,00:00:11/25-14:30:02,117) [kworker/1:1H-kblockd] (root,0,0,00:00:00/25-14:30:02,122) [kstrp] (root,0,0,00:00:00/25-14:30:02,123) [zswap-shrink] (root,0,0,00:00:00/25-14:30:02,124) [kworker/u9:0] (root,0,0,00:00:00/25-14:30:02,129) [charger_manager] (root,0,0,00:00:05/25-14:30:01,172) [kworker/3:1H-kblockd] (root,0,0,00:00:05/25-14:30:01,175) [kworker/0:1H-kblockd] (root,0,0,00:00:00/25-14:30:01,205) [kaluad] (root,0,0,00:00:00/25-14:30:01,250) [kmpath_rdacd] (root,0,0,00:00:00/25-14:30:01,293) [kmpathd] (root,0,0,00:00:00/25-14:30:01,294) [kmpath_handlerd] (root,0,0,00:00:00/25-14:30:01,342) [ata_sff] (root,0,0,00:00:00/25-14:30:00,343) [scsi_eh_0] (root,0,0,00:00:00/25-14:30:00,344) [scsi_tmf_0] (root,0,0,00:00:00/25-14:30:00,345) [scsi_eh_1] (root,0,0,00:00:00/25-14:30:00,346) [scsi_tmf_1] (root,0,0,00:00:41/25-14:29:58,366) [jbd2/vda1-8] (root,0,0,00:00:00/25-14:29:58,367) [ext4-rsv-conver] (root,38604,7876,00:00:36/25-14:29:46,440) /usr/lib/systemd/systemd-journald (root,53164,9544,00:00:03/25-14:29:45,456) /usr/lib/systemd/systemd-udevd (root,8624,6756,00:00:38/25-14:29:43,491) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1628,00:00:13/25-14:29:09,512) /sbin/auditd (messagebus,22936,5640,00:01:11/25-14:29:09,518) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8556,00:00:41/25-14:29:09,531) /usr/lib/systemd/systemd-logind (root,20556,5076,00:00:00/25-14:29:09,541) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31876,16156,00:00:03/25-14:29:08,626) /usr/sbin/wickedd --systemd --foreground (root,31896,16912,00:00:00/25-14:29:08,627) /usr/sbin/wickedd-nanny --systemd --foreground (root,548104,30844,00:00:29/25-14:28:54,1172) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26512,00:00:00/25-14:28:54,1185) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4572,00:02:22/25-14:28:53,1194) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1744,00:00:00/25-14:28:53,1197) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40568,10564,00:00:00/25-14:28:53,1199) /usr/lib/systemd/systemd --user (cm-ssh,40568,10520,00:00:00/25-14:28:53,1200) /usr/lib/systemd/systemd --user (checkmk,40560,10484,00:00:00/25-14:28:53,1201) /usr/lib/systemd/systemd --user (root,448968,8552,00:00:34/25-14:28:53,1202) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6064,00:03:29/25-14:28:53,1204) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,672,00:00:00/25-14:28:53,1206) bpfilter_umh (root,26204,8300,00:00:11/25-14:28:53,1214) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4188,00:00:00/25-14:28:53,1215) ntpd: asynchronous dns resolver (spot,301616,188308,1-08:06:30/25-14:28:53,1221) /usr/bin/python3.11 /usr/bin/spot (cm-ssh,48532,3192,00:00:00/25-14:28:52,1228) (sd-pam) (checkmk,48532,3192,00:00:00/25-14:28:52,1229) (sd-pam) (syslogtunnel,48532,3192,00:00:00/25-14:28:52,1245) (sd-pam) (root,24216,5348,00:00:08/25-14:28:51,1325) /usr/lib/postfix/bin//master -w (postfix,24292,8260,00:00:01/25-14:28:51,1327) qmgr -l -t fifo -u (root,8964,2668,00:00:03/25-14:28:50,1354) /usr/sbin/cron -n (root,694116,77808,00:33:30/25-14:28:44,1375) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,218560,57996,00:10:11/25-14:28:30,1380) /usr/bin/python3.11 /usr/bin/spot (root,0,0,00:00:00/04:19,4602) [kworker/1:1-ata_sff] (root,0,0,00:00:00/35:26,6090) [kworker/1:0-events] (root,0,0,00:00:00/37:09,6321) [kworker/u8:0-writeback] (root,0,0,00:00:00/03:55,6556) [kworker/0:0-events_power_efficient] (root,0,0,00:00:00/01:25:16,14356) [kworker/2:0-events] (root,35308,10012,00:00:00/19-12:19:46,15389) sshd: cm-ssh [priv] (cm-ssh,35308,5508,00:01:05/19-12:19:45,15391) sshd: cm-ssh (root,0,0,00:00:01/01:52:50,16404) [kworker/0:1-events] (root,35308,10072,00:00:00/9-13:48:24,16975) sshd: syslogtunnel [priv] (syslogtunnel,35308,5588,00:00:33/9-13:48:23,16977) sshd: syslogtunnel (root,0,0,00:00:00/10:22:14,17512) [kworker/u8:2-flush-253:0] (postfix,24244,8240,00:00:00/48:39,17853) pickup -l -t fifo -u (root,0,0,00:00:00/10:42,18061) [kworker/3:0] (root,0,0,00:00:07/07:32:38,21123) [kworker/2:1-events] (root,0,0,00:00:00/09:29,22721) [kworker/1:2-events] (root,6656,3488,00:00:00/00:00,24448) /bin/bash /usr/bin/check_mk_agent (root,13744,3420,00:00:00/00:00,24466) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,24467) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (postfix,44628,9372,00:00:00/19-19:05:31,30472) tlsmgr -l -t unix -u (root,0,0,00:00:00/17:19,30755) [kworker/3:1-events] (root,0,0,00:00:00/24:00,31934) [kworker/0:2-cgroup_destroy] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-12-08 00:52 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363f5794558Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189460,12812,00:01:01/23-14:36:57,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/23-14:36:57,2) [kthreadd] (root,0,0,00:00:00/23-14:36:57,3) [rcu_gp] (root,0,0,00:00:00/23-14:36:57,4) [rcu_par_gp] (root,0,0,00:00:00/23-14:36:57,5) [slub_flushwq] (root,0,0,00:00:00/23-14:36:57,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/23-14:36:57,9) [mm_percpu_wq] (root,0,0,00:00:00/23-14:36:57,10) [rcu_tasks_kthre] (root,0,0,00:00:00/23-14:36:57,11) [rcu_tasks_rude_] (root,0,0,00:00:00/23-14:36:57,12) [rcu_tasks_trace] (root,0,0,00:00:43/23-14:36:57,13) [ksoftirqd/0] (root,0,0,01:02:52/23-14:36:57,14) [rcu_preempt] (root,0,0,00:00:08/23-14:36:57,15) [migration/0] (root,0,0,00:00:00/23-14:36:57,16) [idle_inject/0] (root,0,0,00:00:00/23-14:36:57,18) [cpuhp/0] (root,0,0,00:00:00/23-14:36:57,19) [cpuhp/1] (root,0,0,00:00:00/23-14:36:57,20) [idle_inject/1] (root,0,0,00:00:09/23-14:36:57,21) [migration/1] (root,0,0,00:00:37/23-14:36:57,22) [ksoftirqd/1] (root,0,0,00:00:00/23-14:36:57,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/23-14:36:57,25) [cpuhp/2] (root,0,0,00:00:00/23-14:36:57,26) [idle_inject/2] (root,0,0,00:00:07/23-14:36:57,27) [migration/2] (root,0,0,00:47:39/23-14:36:57,28) [ksoftirqd/2] (root,0,0,00:00:00/23-14:36:57,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/23-14:36:57,31) [cpuhp/3] (root,0,0,00:00:00/23-14:36:57,32) [idle_inject/3] (root,0,0,00:00:08/23-14:36:57,33) [migration/3] (root,0,0,00:02:10/23-14:36:57,34) [ksoftirqd/3] (root,0,0,00:00:00/23-14:36:57,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/23-14:36:57,39) [kdevtmpfs] (root,0,0,00:00:00/23-14:36:57,40) [netns] (root,0,0,00:00:00/23-14:36:57,41) [inet_frag_wq] (root,0,0,00:00:05/23-14:36:57,42) [kauditd] (root,0,0,00:00:00/23-14:36:57,43) [khungtaskd] (root,0,0,00:00:00/23-14:36:57,44) [oom_reaper] (root,0,0,00:00:00/23-14:36:57,45) [writeback] (root,0,0,00:01:09/23-14:36:57,46) [kcompactd0] (root,0,0,00:00:00/23-14:36:57,47) [ksmd] (root,0,0,00:01:08/23-14:36:57,48) [khugepaged] (root,0,0,00:00:00/23-14:36:57,74) [kintegrityd] (root,0,0,00:00:00/23-14:36:57,75) [kblockd] (root,0,0,00:00:00/23-14:36:57,76) [blkcg_punt_bio] (root,0,0,00:00:00/23-14:36:57,78) [tpm_dev_wq] (root,0,0,00:00:00/23-14:36:57,79) [edac-poller] (root,0,0,00:00:00/23-14:36:57,80) [devfreq_wq] (root,0,0,00:00:00/23-14:36:57,110) [watchdogd] (root,0,0,00:00:04/23-14:36:57,111) [kworker/2:1H-kblockd] (root,0,0,00:00:01/23-14:36:57,112) [kswapd0] (root,0,0,00:00:00/23-14:36:56,114) [kthrotld] (root,0,0,00:00:00/23-14:36:56,115) [mld] (root,0,0,00:00:00/23-14:36:56,116) [ipv6_addrconf] (root,0,0,00:00:10/23-14:36:56,117) [kworker/1:1H-kblockd] (root,0,0,00:00:00/23-14:36:56,122) [kstrp] (root,0,0,00:00:00/23-14:36:56,123) [zswap-shrink] (root,0,0,00:00:00/23-14:36:56,124) [kworker/u9:0] (root,0,0,00:00:00/23-14:36:56,129) [charger_manager] (root,0,0,00:00:05/23-14:36:55,172) [kworker/3:1H-kblockd] (root,0,0,00:00:05/23-14:36:55,175) [kworker/0:1H-kblockd] (root,0,0,00:00:00/23-14:36:55,205) [kaluad] (root,0,0,00:00:00/23-14:36:55,250) [kmpath_rdacd] (root,0,0,00:00:00/23-14:36:55,293) [kmpathd] (root,0,0,00:00:00/23-14:36:55,294) [kmpath_handlerd] (root,0,0,00:00:00/23-14:36:55,342) [ata_sff] (root,0,0,00:00:00/23-14:36:54,343) [scsi_eh_0] (root,0,0,00:00:00/23-14:36:54,344) [scsi_tmf_0] (root,0,0,00:00:00/23-14:36:54,345) [scsi_eh_1] (root,0,0,00:00:00/23-14:36:54,346) [scsi_tmf_1] (root,0,0,00:00:37/23-14:36:52,366) [jbd2/vda1-8] (root,0,0,00:00:00/23-14:36:52,367) [ext4-rsv-conver] (root,38604,7876,00:00:34/23-14:36:40,440) /usr/lib/systemd/systemd-journald (root,53164,9544,00:00:02/23-14:36:39,456) /usr/lib/systemd/systemd-udevd (root,8624,6756,00:00:35/23-14:36:37,491) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1628,00:00:12/23-14:36:03,512) /sbin/auditd (messagebus,22936,5640,00:01:07/23-14:36:03,518) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8556,00:00:38/23-14:36:03,531) /usr/lib/systemd/systemd-logind (root,20556,5076,00:00:00/23-14:36:03,541) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31876,16156,00:00:03/23-14:36:02,626) /usr/sbin/wickedd --systemd --foreground (root,31896,16912,00:00:00/23-14:36:02,627) /usr/sbin/wickedd-nanny --systemd --foreground (root,548104,30324,00:00:26/23-14:35:48,1172) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26512,00:00:00/23-14:35:48,1185) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4572,00:02:09/23-14:35:47,1194) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1744,00:00:00/23-14:35:47,1197) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40568,10564,00:00:00/23-14:35:47,1199) /usr/lib/systemd/systemd --user (cm-ssh,40568,10520,00:00:00/23-14:35:47,1200) /usr/lib/systemd/systemd --user (checkmk,40560,10484,00:00:00/23-14:35:47,1201) /usr/lib/systemd/systemd --user (root,448968,8552,00:00:32/23-14:35:47,1202) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6064,00:03:12/23-14:35:47,1204) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,672,00:00:00/23-14:35:47,1206) bpfilter_umh (root,26204,8300,00:00:10/23-14:35:47,1214) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4188,00:00:00/23-14:35:47,1215) ntpd: asynchronous dns resolver (spot,285580,172752,1-05:41:11/23-14:35:47,1221) /usr/bin/python3.11 /usr/bin/spot (cm-ssh,48532,3192,00:00:00/23-14:35:46,1228) (sd-pam) (checkmk,48532,3192,00:00:00/23-14:35:46,1229) (sd-pam) (syslogtunnel,48532,3192,00:00:00/23-14:35:46,1245) (sd-pam) (root,24216,5348,00:00:07/23-14:35:45,1325) /usr/lib/postfix/bin//master -w (postfix,24292,8260,00:00:01/23-14:35:45,1327) qmgr -l -t fifo -u (root,8964,2668,00:00:03/23-14:35:44,1354) /usr/sbin/cron -n (root,693860,77156,00:30:48/23-14:35:38,1375) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,217536,55852,00:08:45/23-14:35:24,1380) /usr/bin/python3.11 /usr/bin/spot (root,0,0,00:00:00/12:50,4265) [kworker/u8:2-flush-253:0] (root,0,0,00:00:00/01:18:31,7327) [kworker/0:0-events] (root,0,0,00:00:00/03:27:22,7973) [kworker/0:1-events] (root,0,0,00:00:00/11:09,11498) [kworker/3:1-events] (root,0,0,00:00:00/18:35,13370) [kworker/u8:1-writeback] (root,35308,10012,00:00:00/17-12:26:40,15389) sshd: cm-ssh [priv] (cm-ssh,35308,5508,00:00:58/17-12:26:39,15391) sshd: cm-ssh (postfix,24244,8204,00:00:00/01:17:21,15690) pickup -l -t fifo -u (root,0,0,00:00:00/04:26,15975) [kworker/2:0-events] (root,0,0,00:00:01/05:21:00,16672) [kworker/3:2-events] (root,35308,10072,00:00:00/7-13:55:18,16975) sshd: syslogtunnel [priv] (syslogtunnel,35308,5588,00:00:26/7-13:55:17,16977) sshd: syslogtunnel (root,0,0,00:00:01/01:25:16,19831) [kworker/2:1-events] (root,0,0,00:00:00/17:45,21438) [kworker/2:2-cgroup_destroy] (root,0,0,00:00:00/03:37,24035) [kworker/1:0-ata_sff] (root,0,0,00:00:00/14:00,26077) [kworker/1:1-events] (root,0,0,00:00:00/08:47,26329) [kworker/1:2-ata_sff] (postfix,44628,9372,00:00:00/17-19:12:25,30472) tlsmgr -l -t unix -u (root,6656,3484,00:00:00/00:01,31003) /bin/bash /usr/bin/check_mk_agent (root,13744,3380,00:00:00/00:00,31021) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,31022) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-12-06 00:59 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363dae837e1Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189460,12808,00:00:57/21-14:31:28,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/21-14:31:28,2) [kthreadd] (root,0,0,00:00:00/21-14:31:28,3) [rcu_gp] (root,0,0,00:00:00/21-14:31:28,4) [rcu_par_gp] (root,0,0,00:00:00/21-14:31:28,5) [slub_flushwq] (root,0,0,00:00:00/21-14:31:28,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/21-14:31:28,9) [mm_percpu_wq] (root,0,0,00:00:00/21-14:31:28,10) [rcu_tasks_kthre] (root,0,0,00:00:00/21-14:31:28,11) [rcu_tasks_rude_] (root,0,0,00:00:00/21-14:31:28,12) [rcu_tasks_trace] (root,0,0,00:00:39/21-14:31:28,13) [ksoftirqd/0] (root,0,0,00:57:31/21-14:31:28,14) [rcu_preempt] (root,0,0,00:00:08/21-14:31:28,15) [migration/0] (root,0,0,00:00:00/21-14:31:28,16) [idle_inject/0] (root,0,0,00:00:00/21-14:31:28,18) [cpuhp/0] (root,0,0,00:00:00/21-14:31:28,19) [cpuhp/1] (root,0,0,00:00:00/21-14:31:28,20) [idle_inject/1] (root,0,0,00:00:08/21-14:31:28,21) [migration/1] (root,0,0,00:00:34/21-14:31:28,22) [ksoftirqd/1] (root,0,0,00:00:00/21-14:31:28,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/21-14:31:28,25) [cpuhp/2] (root,0,0,00:00:00/21-14:31:28,26) [idle_inject/2] (root,0,0,00:00:06/21-14:31:28,27) [migration/2] (root,0,0,00:43:41/21-14:31:28,28) [ksoftirqd/2] (root,0,0,00:00:00/21-14:31:28,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/21-14:31:28,31) [cpuhp/3] (root,0,0,00:00:00/21-14:31:28,32) [idle_inject/3] (root,0,0,00:00:08/21-14:31:28,33) [migration/3] (root,0,0,00:02:00/21-14:31:28,34) [ksoftirqd/3] (root,0,0,00:00:00/21-14:31:28,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/21-14:31:28,39) [kdevtmpfs] (root,0,0,00:00:00/21-14:31:28,40) [netns] (root,0,0,00:00:00/21-14:31:28,41) [inet_frag_wq] (root,0,0,00:00:05/21-14:31:28,42) [kauditd] (root,0,0,00:00:00/21-14:31:28,43) [khungtaskd] (root,0,0,00:00:00/21-14:31:28,44) [oom_reaper] (root,0,0,00:00:00/21-14:31:28,45) [writeback] (root,0,0,00:01:03/21-14:31:28,46) [kcompactd0] (root,0,0,00:00:00/21-14:31:28,47) [ksmd] (root,0,0,00:01:02/21-14:31:28,48) [khugepaged] (root,0,0,00:00:00/21-14:31:28,74) [kintegrityd] (root,0,0,00:00:00/21-14:31:28,75) [kblockd] (root,0,0,00:00:00/21-14:31:28,76) [blkcg_punt_bio] (root,0,0,00:00:00/21-14:31:28,78) [tpm_dev_wq] (root,0,0,00:00:00/21-14:31:28,79) [edac-poller] (root,0,0,00:00:00/21-14:31:28,80) [devfreq_wq] (root,0,0,00:00:00/21-14:31:28,110) [watchdogd] (root,0,0,00:00:04/21-14:31:28,111) [kworker/2:1H-kblockd] (root,0,0,00:00:01/21-14:31:28,112) [kswapd0] (root,0,0,00:00:00/21-14:31:27,114) [kthrotld] (root,0,0,00:00:00/21-14:31:27,115) [mld] (root,0,0,00:00:00/21-14:31:27,116) [ipv6_addrconf] (root,0,0,00:00:09/21-14:31:27,117) [kworker/1:1H-kblockd] (root,0,0,00:00:00/21-14:31:27,122) [kstrp] (root,0,0,00:00:00/21-14:31:27,123) [zswap-shrink] (root,0,0,00:00:00/21-14:31:27,124) [kworker/u9:0] (root,0,0,00:00:00/21-14:31:27,129) [charger_manager] (root,0,0,00:00:04/21-14:31:26,172) [kworker/3:1H-kblockd] (root,0,0,00:00:04/21-14:31:26,175) [kworker/0:1H-kblockd] (root,0,0,00:00:00/21-14:31:26,205) [kaluad] (root,0,0,00:00:00/21-14:31:26,250) [kmpath_rdacd] (root,0,0,00:00:00/21-14:31:26,293) [kmpathd] (root,0,0,00:00:00/21-14:31:26,294) [kmpath_handlerd] (root,0,0,00:00:00/21-14:31:26,342) [ata_sff] (root,0,0,00:00:00/21-14:31:25,343) [scsi_eh_0] (root,0,0,00:00:00/21-14:31:25,344) [scsi_tmf_0] (root,0,0,00:00:00/21-14:31:25,345) [scsi_eh_1] (root,0,0,00:00:00/21-14:31:25,346) [scsi_tmf_1] (root,0,0,00:00:33/21-14:31:23,366) [jbd2/vda1-8] (root,0,0,00:00:00/21-14:31:23,367) [ext4-rsv-conver] (root,38604,7876,00:00:31/21-14:31:11,440) /usr/lib/systemd/systemd-journald (root,53164,9544,00:00:02/21-14:31:10,456) /usr/lib/systemd/systemd-udevd (root,8624,6756,00:00:32/21-14:31:08,491) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1628,00:00:11/21-14:30:34,512) /sbin/auditd (messagebus,22936,5640,00:01:03/21-14:30:34,518) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8556,00:00:36/21-14:30:34,531) /usr/lib/systemd/systemd-logind (root,20556,5076,00:00:00/21-14:30:34,541) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31876,16156,00:00:03/21-14:30:33,626) /usr/sbin/wickedd --systemd --foreground (root,31896,16912,00:00:00/21-14:30:33,627) /usr/sbin/wickedd-nanny --systemd --foreground (root,548104,29804,00:00:24/21-14:30:19,1172) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26512,00:00:00/21-14:30:19,1185) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4572,00:02:00/21-14:30:18,1194) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1744,00:00:00/21-14:30:18,1197) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40568,10564,00:00:00/21-14:30:18,1199) /usr/lib/systemd/systemd --user (cm-ssh,40568,10520,00:00:00/21-14:30:18,1200) /usr/lib/systemd/systemd --user (checkmk,40560,10484,00:00:00/21-14:30:18,1201) /usr/lib/systemd/systemd --user (root,448968,8552,00:00:30/21-14:30:18,1202) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6064,00:02:56/21-14:30:18,1204) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,672,00:00:00/21-14:30:18,1206) bpfilter_umh (root,26204,8300,00:00:09/21-14:30:18,1214) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4188,00:00:00/21-14:30:18,1215) ntpd: asynchronous dns resolver (spot,285148,171864,1-03:19:43/21-14:30:18,1221) /usr/bin/python3.11 /usr/bin/spot (cm-ssh,48532,3192,00:00:00/21-14:30:17,1228) (sd-pam) (checkmk,48532,3192,00:00:00/21-14:30:17,1229) (sd-pam) (syslogtunnel,48532,3192,00:00:00/21-14:30:17,1245) (sd-pam) (root,24216,5348,00:00:07/21-14:30:16,1325) /usr/lib/postfix/bin//master -w (postfix,24292,8260,00:00:01/21-14:30:16,1327) qmgr -l -t fifo -u (root,8964,2668,00:00:02/21-14:30:15,1354) /usr/sbin/cron -n (root,693604,76796,00:28:07/21-14:30:09,1375) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,216512,54960,00:07:25/21-14:29:55,1380) /usr/bin/python3.11 /usr/bin/spot (root,0,0,00:00:03/03:12:11,1511) [kworker/2:0-events] (root,0,0,00:00:00/53:35,1699) [kworker/u8:1-ext4-rsv-conversion] (root,0,0,00:00:01/01:44:54,3242) [kworker/1:2-ata_sff] (root,0,0,00:00:00/01:09,3890) [kworker/1:0-events] (root,0,0,00:00:00/01:10:12,3967) [kworker/0:1-events] (postfix,24244,8180,00:00:00/01:33:46,7480) pickup -l -t fifo -u (root,6656,3488,00:00:00/00:00,7681) /bin/bash /usr/bin/check_mk_agent (root,13744,3528,00:00:00/00:00,7699) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,968,00:00:00/00:00,7700) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:00/44:42,8023) [kworker/3:0] (root,0,0,00:00:00/19:13,10807) [kworker/u8:0-writeback] (root,0,0,00:00:00/06:33,14577) [kworker/2:1-events] (root,0,0,00:00:00/06:21,15330) [kworker/1:1-ata_sff] (root,35308,10012,00:00:00/15-12:21:11,15389) sshd: cm-ssh [priv] (cm-ssh,35308,5508,00:00:51/15-12:21:10,15391) sshd: cm-ssh (root,35308,10072,00:00:00/5-13:49:49,16975) sshd: syslogtunnel [priv] (syslogtunnel,35308,5588,00:00:19/5-13:49:48,16977) sshd: syslogtunnel (root,0,0,00:00:00/25:39,20907) [kworker/0:2] (root,0,0,00:00:02/09:02:45,30433) [kworker/3:1-events] (postfix,44628,9372,00:00:00/15-19:06:56,30472) tlsmgr -l -t unix -u Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-12-04 00:53 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe56836394b1d98fFound public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189460,12828,00:00:53/19-15:10:14,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/19-15:10:14,2) [kthreadd] (root,0,0,00:00:00/19-15:10:14,3) [rcu_gp] (root,0,0,00:00:00/19-15:10:14,4) [rcu_par_gp] (root,0,0,00:00:00/19-15:10:14,5) [slub_flushwq] (root,0,0,00:00:00/19-15:10:14,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/19-15:10:14,9) [mm_percpu_wq] (root,0,0,00:00:00/19-15:10:14,10) [rcu_tasks_kthre] (root,0,0,00:00:00/19-15:10:14,11) [rcu_tasks_rude_] (root,0,0,00:00:00/19-15:10:14,12) [rcu_tasks_trace] (root,0,0,00:00:36/19-15:10:14,13) [ksoftirqd/0] (root,0,0,00:52:21/19-15:10:14,14) [rcu_preempt] (root,0,0,00:00:07/19-15:10:14,15) [migration/0] (root,0,0,00:00:00/19-15:10:14,16) [idle_inject/0] (root,0,0,00:00:00/19-15:10:14,18) [cpuhp/0] (root,0,0,00:00:00/19-15:10:14,19) [cpuhp/1] (root,0,0,00:00:00/19-15:10:14,20) [idle_inject/1] (root,0,0,00:00:07/19-15:10:14,21) [migration/1] (root,0,0,00:00:31/19-15:10:14,22) [ksoftirqd/1] (root,0,0,00:00:00/19-15:10:14,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/19-15:10:14,25) [cpuhp/2] (root,0,0,00:00:00/19-15:10:14,26) [idle_inject/2] (root,0,0,00:00:06/19-15:10:14,27) [migration/2] (root,0,0,00:39:11/19-15:10:14,28) [ksoftirqd/2] (root,0,0,00:00:00/19-15:10:14,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/19-15:10:14,31) [cpuhp/3] (root,0,0,00:00:00/19-15:10:14,32) [idle_inject/3] (root,0,0,00:00:07/19-15:10:14,33) [migration/3] (root,0,0,00:01:49/19-15:10:14,34) [ksoftirqd/3] (root,0,0,00:00:00/19-15:10:14,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/19-15:10:14,39) [kdevtmpfs] (root,0,0,00:00:00/19-15:10:14,40) [netns] (root,0,0,00:00:00/19-15:10:14,41) [inet_frag_wq] (root,0,0,00:00:05/19-15:10:14,42) [kauditd] (root,0,0,00:00:00/19-15:10:14,43) [khungtaskd] (root,0,0,00:00:00/19-15:10:14,44) [oom_reaper] (root,0,0,00:00:00/19-15:10:14,45) [writeback] (root,0,0,00:00:57/19-15:10:14,46) [kcompactd0] (root,0,0,00:00:00/19-15:10:14,47) [ksmd] (root,0,0,00:00:57/19-15:10:14,48) [khugepaged] (root,0,0,00:00:00/19-15:10:14,74) [kintegrityd] (root,0,0,00:00:00/19-15:10:14,75) [kblockd] (root,0,0,00:00:00/19-15:10:14,76) [blkcg_punt_bio] (root,0,0,00:00:00/19-15:10:14,78) [tpm_dev_wq] (root,0,0,00:00:00/19-15:10:14,79) [edac-poller] (root,0,0,00:00:00/19-15:10:14,80) [devfreq_wq] (root,0,0,00:00:00/19-15:10:14,110) [watchdogd] (root,0,0,00:00:03/19-15:10:14,111) [kworker/2:1H-kblockd] (root,0,0,00:00:01/19-15:10:14,112) [kswapd0] (root,0,0,00:00:00/19-15:10:13,114) [kthrotld] (root,0,0,00:00:00/19-15:10:13,115) [mld] (root,0,0,00:00:00/19-15:10:13,116) [ipv6_addrconf] (root,0,0,00:00:08/19-15:10:13,117) [kworker/1:1H-kblockd] (root,0,0,00:00:00/19-15:10:13,122) [kstrp] (root,0,0,00:00:00/19-15:10:13,123) [zswap-shrink] (root,0,0,00:00:00/19-15:10:13,124) [kworker/u9:0] (root,0,0,00:00:00/19-15:10:13,129) [charger_manager] (root,0,0,00:00:04/19-15:10:12,172) [kworker/3:1H-kblockd] (root,0,0,00:00:04/19-15:10:12,175) [kworker/0:1H-kblockd] (root,0,0,00:00:00/19-15:10:12,205) [kaluad] (root,0,0,00:00:00/19-15:10:12,250) [kmpath_rdacd] (root,0,0,00:00:00/19-15:10:12,293) [kmpathd] (root,0,0,00:00:00/19-15:10:12,294) [kmpath_handlerd] (root,0,0,00:00:00/19-15:10:12,342) [ata_sff] (root,0,0,00:00:00/19-15:10:11,343) [scsi_eh_0] (root,0,0,00:00:00/19-15:10:11,344) [scsi_tmf_0] (root,0,0,00:00:00/19-15:10:11,345) [scsi_eh_1] (root,0,0,00:00:00/19-15:10:11,346) [scsi_tmf_1] (root,0,0,00:00:29/19-15:10:09,366) [jbd2/vda1-8] (root,0,0,00:00:00/19-15:10:09,367) [ext4-rsv-conver] (root,38604,7876,00:00:29/19-15:09:57,440) /usr/lib/systemd/systemd-journald (root,53164,9648,00:00:02/19-15:09:56,456) /usr/lib/systemd/systemd-udevd (root,8624,6760,00:00:29/19-15:09:54,491) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1628,00:00:11/19-15:09:20,512) /sbin/auditd (messagebus,22936,5672,00:00:58/19-15:09:20,518) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8556,00:00:33/19-15:09:20,531) /usr/lib/systemd/systemd-logind (root,20556,5140,00:00:00/19-15:09:20,541) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31876,16220,00:00:03/19-15:09:19,626) /usr/sbin/wickedd --systemd --foreground (root,31896,16976,00:00:00/19-15:09:19,627) /usr/sbin/wickedd-nanny --systemd --foreground (root,548104,29812,00:00:22/19-15:09:05,1172) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26512,00:00:00/19-15:09:05,1185) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4572,00:01:49/19-15:09:04,1194) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1744,00:00:00/19-15:09:04,1197) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40568,10564,00:00:00/19-15:09:04,1199) /usr/lib/systemd/systemd --user (cm-ssh,40568,10520,00:00:00/19-15:09:04,1200) /usr/lib/systemd/systemd --user (checkmk,40560,10484,00:00:00/19-15:09:04,1201) /usr/lib/systemd/systemd --user (root,448968,8552,00:00:28/19-15:09:04,1202) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6112,00:02:40/19-15:09:04,1204) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,672,00:00:00/19-15:09:04,1206) bpfilter_umh (root,26204,8300,00:00:09/19-15:09:04,1214) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4236,00:00:00/19-15:09:04,1215) ntpd: asynchronous dns resolver (spot,284684,171748,1-01:06:28/19-15:09:04,1221) /usr/bin/python3.11 /usr/bin/spot (cm-ssh,48532,3192,00:00:00/19-15:09:03,1228) (sd-pam) (checkmk,48532,3192,00:00:00/19-15:09:03,1229) (sd-pam) (syslogtunnel,48532,3192,00:00:00/19-15:09:03,1245) (sd-pam) (root,24216,5348,00:00:06/19-15:09:02,1325) /usr/lib/postfix/bin//master -w (postfix,24292,8260,00:00:01/19-15:09:02,1327) qmgr -l -t fifo -u (root,8964,2668,00:00:02/19-15:09:01,1354) /usr/sbin/cron -n (root,692836,75760,00:25:30/19-15:08:55,1375) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,215488,53056,00:06:35/19-15:08:41,1380) /usr/bin/python3.11 /usr/bin/spot (root,0,0,00:00:01/07:11:38,3898) [kworker/3:2-events] (root,0,0,00:00:00/02:11:52,4121) [kworker/u8:0-flush-253:0] (postfix,24244,8224,00:00:00/53:25,8017) pickup -l -t fifo -u (root,6656,3492,00:00:00/00:00,8394) /bin/bash /usr/bin/check_mk_agent (root,6656,3480,00:00:00/00:00,8444) /bin/bash /usr/bin/check_mk_agent (root,6656,1828,00:00:00/00:00,8445) /bin/bash /usr/bin/check_mk_agent (root,6656,2020,00:00:00/00:00,8446) /bin/bash /usr/bin/check_mk_agent (root,4480,1168,00:00:00/00:00,8447) awk /:/ { c[$4]++; } END { for (x in c) { print x, c[x]; } } (root,2728,820,00:00:00/00:00,8448) timeout 5 cat /proc/net/tcp /proc/net/tcp6 (root,2680,740,00:00:00/00:00,8451) cat /proc/net/tcp /proc/net/tcp6 (root,13744,3416,00:00:00/00:00,8467) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,8468) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:00/30:59,12709) [kworker/2:1-events] (root,0,0,00:00:00/19:29,14635) [kworker/1:0-events] (root,0,0,00:00:00/09:06,14902) [kworker/1:1-ata_sff] (root,35308,10012,00:00:00/13-12:59:57,15389) sshd: cm-ssh [priv] (cm-ssh,35308,5508,00:00:45/13-12:59:56,15391) sshd: cm-ssh (root,35308,10072,00:00:00/3-14:28:35,16975) sshd: syslogtunnel [priv] (syslogtunnel,35308,5588,00:00:12/3-14:28:34,16977) sshd: syslogtunnel (root,0,0,00:00:00/01:02:22,20923) [kworker/u8:2-ext4-rsv-conversion] (root,0,0,00:00:00/01:39:19,22032) [kworker/3:0-cgroup_destroy] (root,0,0,00:00:00/01:26:50,22794) [kworker/0:1] (root,0,0,00:00:01/01:39:07,23007) [kworker/2:2-events] (root,0,0,00:00:01/03:36:16,26126) [kworker/0:2-events] (root,0,0,00:00:00/04:00,26393) [kworker/3:1-events] (root,0,0,00:00:00/03:54,27444) [kworker/1:2-ata_sff] (postfix,44628,9416,00:00:00/13-19:45:42,30472) tlsmgr -l -t unix -u Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-12-02 01:32 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363b0e0a498Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189460,12824,00:00:49/17-14:28:47,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/17-14:28:47,2) [kthreadd] (root,0,0,00:00:00/17-14:28:47,3) [rcu_gp] (root,0,0,00:00:00/17-14:28:47,4) [rcu_par_gp] (root,0,0,00:00:00/17-14:28:47,5) [slub_flushwq] (root,0,0,00:00:00/17-14:28:47,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/17-14:28:47,9) [mm_percpu_wq] (root,0,0,00:00:00/17-14:28:47,10) [rcu_tasks_kthre] (root,0,0,00:00:00/17-14:28:47,11) [rcu_tasks_rude_] (root,0,0,00:00:00/17-14:28:47,12) [rcu_tasks_trace] (root,0,0,00:00:33/17-14:28:47,13) [ksoftirqd/0] (root,0,0,00:47:09/17-14:28:47,14) [rcu_preempt] (root,0,0,00:00:06/17-14:28:47,15) [migration/0] (root,0,0,00:00:00/17-14:28:47,16) [idle_inject/0] (root,0,0,00:00:00/17-14:28:47,18) [cpuhp/0] (root,0,0,00:00:00/17-14:28:47,19) [cpuhp/1] (root,0,0,00:00:00/17-14:28:47,20) [idle_inject/1] (root,0,0,00:00:07/17-14:28:47,21) [migration/1] (root,0,0,00:00:28/17-14:28:47,22) [ksoftirqd/1] (root,0,0,00:00:00/17-14:28:47,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/17-14:28:47,25) [cpuhp/2] (root,0,0,00:00:00/17-14:28:47,26) [idle_inject/2] (root,0,0,00:00:05/17-14:28:47,27) [migration/2] (root,0,0,00:35:58/17-14:28:47,28) [ksoftirqd/2] (root,0,0,00:00:00/17-14:28:47,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/17-14:28:47,31) [cpuhp/3] (root,0,0,00:00:00/17-14:28:47,32) [idle_inject/3] (root,0,0,00:00:06/17-14:28:47,33) [migration/3] (root,0,0,00:01:40/17-14:28:47,34) [ksoftirqd/3] (root,0,0,00:00:00/17-14:28:47,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/17-14:28:47,39) [kdevtmpfs] (root,0,0,00:00:00/17-14:28:47,40) [netns] (root,0,0,00:00:00/17-14:28:47,41) [inet_frag_wq] (root,0,0,00:00:04/17-14:28:47,42) [kauditd] (root,0,0,00:00:00/17-14:28:47,43) [khungtaskd] (root,0,0,00:00:00/17-14:28:47,44) [oom_reaper] (root,0,0,00:00:00/17-14:28:47,45) [writeback] (root,0,0,00:00:51/17-14:28:47,46) [kcompactd0] (root,0,0,00:00:00/17-14:28:47,47) [ksmd] (root,0,0,00:00:51/17-14:28:47,48) [khugepaged] (root,0,0,00:00:00/17-14:28:47,74) [kintegrityd] (root,0,0,00:00:00/17-14:28:47,75) [kblockd] (root,0,0,00:00:00/17-14:28:47,76) [blkcg_punt_bio] (root,0,0,00:00:00/17-14:28:47,78) [tpm_dev_wq] (root,0,0,00:00:00/17-14:28:47,79) [edac-poller] (root,0,0,00:00:00/17-14:28:47,80) [devfreq_wq] (root,0,0,00:00:00/17-14:28:47,110) [watchdogd] (root,0,0,00:00:03/17-14:28:47,111) [kworker/2:1H-kblockd] (root,0,0,00:00:01/17-14:28:47,112) [kswapd0] (root,0,0,00:00:00/17-14:28:46,114) [kthrotld] (root,0,0,00:00:00/17-14:28:46,115) [mld] (root,0,0,00:00:00/17-14:28:46,116) [ipv6_addrconf] (root,0,0,00:00:07/17-14:28:46,117) [kworker/1:1H-kblockd] (root,0,0,00:00:00/17-14:28:46,122) [kstrp] (root,0,0,00:00:00/17-14:28:46,123) [zswap-shrink] (root,0,0,00:00:00/17-14:28:46,124) [kworker/u9:0] (root,0,0,00:00:00/17-14:28:46,129) [charger_manager] (root,0,0,00:00:03/17-14:28:45,172) [kworker/3:1H-kblockd] (root,0,0,00:00:03/17-14:28:45,175) [kworker/0:1H-kblockd] (root,0,0,00:00:00/17-14:28:45,205) [kaluad] (root,0,0,00:00:00/17-14:28:45,250) [kmpath_rdacd] (root,0,0,00:00:00/17-14:28:45,293) [kmpathd] (root,0,0,00:00:00/17-14:28:45,294) [kmpath_handlerd] (root,0,0,00:00:00/17-14:28:45,342) [ata_sff] (root,0,0,00:00:00/17-14:28:44,343) [scsi_eh_0] (root,0,0,00:00:00/17-14:28:44,344) [scsi_tmf_0] (root,0,0,00:00:00/17-14:28:44,345) [scsi_eh_1] (root,0,0,00:00:00/17-14:28:44,346) [scsi_tmf_1] (root,0,0,00:00:26/17-14:28:42,366) [jbd2/vda1-8] (root,0,0,00:00:00/17-14:28:42,367) [ext4-rsv-conver] (root,38604,7876,00:00:27/17-14:28:30,440) /usr/lib/systemd/systemd-journald (root,53164,9648,00:00:02/17-14:28:29,456) /usr/lib/systemd/systemd-udevd (root,8624,6760,00:00:26/17-14:28:27,491) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1628,00:00:10/17-14:27:53,512) /sbin/auditd (messagebus,22936,5672,00:00:54/17-14:27:53,518) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,0,0,00:00:00/04:00,521) [kworker/1:2-ata_sff] (root,38748,8556,00:00:31/17-14:27:53,531) /usr/lib/systemd/systemd-logind (root,20556,5140,00:00:00/17-14:27:53,541) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31876,16220,00:00:03/17-14:27:52,626) /usr/sbin/wickedd --systemd --foreground (root,31896,16976,00:00:00/17-14:27:52,627) /usr/sbin/wickedd-nanny --systemd --foreground (root,547848,29016,00:00:19/17-14:27:38,1172) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26512,00:00:00/17-14:27:38,1185) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4572,00:01:38/17-14:27:37,1194) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1744,00:00:00/17-14:27:37,1197) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40568,10564,00:00:00/17-14:27:37,1199) /usr/lib/systemd/systemd --user (cm-ssh,40568,10520,00:00:00/17-14:27:37,1200) /usr/lib/systemd/systemd --user (checkmk,40560,10484,00:00:00/17-14:27:37,1201) /usr/lib/systemd/systemd --user (root,448968,8552,00:00:26/17-14:27:37,1202) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6112,00:02:23/17-14:27:37,1204) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,672,00:00:00/17-14:27:37,1206) bpfilter_umh (root,26204,8300,00:00:08/17-14:27:37,1214) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4236,00:00:00/17-14:27:37,1215) ntpd: asynchronous dns resolver (spot,284812,171780,23:08:21/17-14:27:37,1221) /usr/bin/python3.11 /usr/bin/spot (cm-ssh,48532,3192,00:00:00/17-14:27:36,1228) (sd-pam) (checkmk,48532,3192,00:00:00/17-14:27:36,1229) (sd-pam) (syslogtunnel,48532,3192,00:00:00/17-14:27:36,1245) (sd-pam) (root,24216,5348,00:00:05/17-14:27:35,1325) /usr/lib/postfix/bin//master -w (postfix,24292,8260,00:00:01/17-14:27:35,1327) qmgr -l -t fifo -u (root,8964,2668,00:00:02/17-14:27:34,1354) /usr/sbin/cron -n (root,692236,75412,00:22:52/17-14:27:28,1375) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,214464,51284,00:05:53/17-14:27:14,1380) /usr/bin/python3.11 /usr/bin/spot (root,0,0,00:00:00/09:12,1406) [kworker/1:1-ata_sff] (root,0,0,00:00:00/01:54:59,6422) [kworker/0:2-events] (root,0,0,00:00:01/47:20,14661) [kworker/2:2-events] (root,35308,10012,00:00:00/11-12:18:30,15389) sshd: cm-ssh [priv] (cm-ssh,35308,5508,00:00:38/11-12:18:29,15391) sshd: cm-ssh (root,35308,10072,00:00:00/1-13:47:08,16975) sshd: syslogtunnel [priv] (syslogtunnel,35308,5588,00:00:05/1-13:47:07,16977) sshd: syslogtunnel (postfix,24244,8200,00:00:00/33:50,18919) pickup -l -t fifo -u (root,0,0,00:00:00/01:05:51,22787) [kworker/3:0-events] (root,0,0,00:00:02/05:30:06,24312) [kworker/0:0-events] (root,0,0,00:00:00/01:05:25,26541) [kworker/u8:2-writeback] (root,0,0,00:00:01/55:52,28099) [kworker/1:0-events] (root,0,0,00:00:00/08:33:53,28658) [kworker/u8:1-flush-253:0] (postfix,44628,9416,00:00:00/11-19:04:15,30472) tlsmgr -l -t unix -u (root,6656,3488,00:00:00/00:00,30635) /bin/bash /usr/bin/check_mk_agent (root,13744,3488,00:00:00/00:00,30653) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,30654) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:00/41:00,32239) [kworker/2:1] (root,0,0,00:00:01/04:15:56,32305) [kworker/3:1-events] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-11-30 00:50 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe5683630bff055dFound public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189460,12824,00:00:45/15-14:34:57,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/15-14:34:57,2) [kthreadd] (root,0,0,00:00:00/15-14:34:57,3) [rcu_gp] (root,0,0,00:00:00/15-14:34:57,4) [rcu_par_gp] (root,0,0,00:00:00/15-14:34:57,5) [slub_flushwq] (root,0,0,00:00:00/15-14:34:57,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/15-14:34:57,9) [mm_percpu_wq] (root,0,0,00:00:00/15-14:34:57,10) [rcu_tasks_kthre] (root,0,0,00:00:00/15-14:34:57,11) [rcu_tasks_rude_] (root,0,0,00:00:00/15-14:34:57,12) [rcu_tasks_trace] (root,0,0,00:00:29/15-14:34:57,13) [ksoftirqd/0] (root,0,0,00:41:54/15-14:34:57,14) [rcu_preempt] (root,0,0,00:00:05/15-14:34:57,15) [migration/0] (root,0,0,00:00:00/15-14:34:57,16) [idle_inject/0] (root,0,0,00:00:00/15-14:34:57,18) [cpuhp/0] (root,0,0,00:00:00/15-14:34:57,19) [cpuhp/1] (root,0,0,00:00:00/15-14:34:57,20) [idle_inject/1] (root,0,0,00:00:06/15-14:34:57,21) [migration/1] (root,0,0,00:00:25/15-14:34:57,22) [ksoftirqd/1] (root,0,0,00:00:00/15-14:34:57,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/15-14:34:57,25) [cpuhp/2] (root,0,0,00:00:00/15-14:34:57,26) [idle_inject/2] (root,0,0,00:00:05/15-14:34:57,27) [migration/2] (root,0,0,00:32:26/15-14:34:57,28) [ksoftirqd/2] (root,0,0,00:00:00/15-14:34:57,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/15-14:34:57,31) [cpuhp/3] (root,0,0,00:00:00/15-14:34:57,32) [idle_inject/3] (root,0,0,00:00:06/15-14:34:57,33) [migration/3] (root,0,0,00:01:30/15-14:34:57,34) [ksoftirqd/3] (root,0,0,00:00:00/15-14:34:57,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/15-14:34:57,39) [kdevtmpfs] (root,0,0,00:00:00/15-14:34:57,40) [netns] (root,0,0,00:00:00/15-14:34:57,41) [inet_frag_wq] (root,0,0,00:00:04/15-14:34:57,42) [kauditd] (root,0,0,00:00:00/15-14:34:57,43) [khungtaskd] (root,0,0,00:00:00/15-14:34:57,44) [oom_reaper] (root,0,0,00:00:00/15-14:34:57,45) [writeback] (root,0,0,00:00:46/15-14:34:57,46) [kcompactd0] (root,0,0,00:00:00/15-14:34:57,47) [ksmd] (root,0,0,00:00:46/15-14:34:57,48) [khugepaged] (root,0,0,00:00:00/15-14:34:57,74) [kintegrityd] (root,0,0,00:00:00/15-14:34:57,75) [kblockd] (root,0,0,00:00:00/15-14:34:57,76) [blkcg_punt_bio] (root,0,0,00:00:00/15-14:34:57,78) [tpm_dev_wq] (root,0,0,00:00:00/15-14:34:57,79) [edac-poller] (root,0,0,00:00:00/15-14:34:57,80) [devfreq_wq] (root,0,0,00:00:00/15-14:34:57,110) [watchdogd] (root,0,0,00:00:03/15-14:34:57,111) [kworker/2:1H-kblockd] (root,0,0,00:00:01/15-14:34:57,112) [kswapd0] (root,0,0,00:00:00/15-14:34:56,114) [kthrotld] (root,0,0,00:00:00/15-14:34:56,115) [mld] (root,0,0,00:00:00/15-14:34:56,116) [ipv6_addrconf] (root,0,0,00:00:06/15-14:34:56,117) [kworker/1:1H-kblockd] (root,0,0,00:00:00/15-14:34:56,122) [kstrp] (root,0,0,00:00:00/15-14:34:56,123) [zswap-shrink] (root,0,0,00:00:00/15-14:34:56,124) [kworker/u9:0] (root,0,0,00:00:00/15-14:34:56,129) [charger_manager] (root,0,0,00:00:03/15-14:34:55,172) [kworker/3:1H-kblockd] (root,0,0,00:00:03/15-14:34:55,175) [kworker/0:1H-kblockd] (root,0,0,00:00:00/15-14:34:55,205) [kaluad] (root,0,0,00:00:00/15-14:34:55,250) [kmpath_rdacd] (root,0,0,00:00:00/15-14:34:55,293) [kmpathd] (root,0,0,00:00:00/15-14:34:55,294) [kmpath_handlerd] (root,0,0,00:00:00/15-14:34:55,342) [ata_sff] (root,0,0,00:00:00/15-14:34:54,343) [scsi_eh_0] (root,0,0,00:00:00/15-14:34:54,344) [scsi_tmf_0] (root,0,0,00:00:00/15-14:34:54,345) [scsi_eh_1] (root,0,0,00:00:00/15-14:34:54,346) [scsi_tmf_1] (root,0,0,00:00:23/15-14:34:52,366) [jbd2/vda1-8] (root,0,0,00:00:00/15-14:34:52,367) [ext4-rsv-conver] (root,38604,7876,00:00:24/15-14:34:40,440) /usr/lib/systemd/systemd-journald (root,53164,9648,00:00:01/15-14:34:39,456) /usr/lib/systemd/systemd-udevd (root,8624,6760,00:00:23/15-14:34:37,491) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1628,00:00:09/15-14:34:03,512) /sbin/auditd (messagebus,22936,5672,00:00:50/15-14:34:03,518) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8544,00:00:28/15-14:34:03,531) /usr/lib/systemd/systemd-logind (root,20556,5140,00:00:00/15-14:34:03,541) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31876,16220,00:00:03/15-14:34:02,626) /usr/sbin/wickedd --systemd --foreground (root,31896,16976,00:00:00/15-14:34:02,627) /usr/sbin/wickedd-nanny --systemd --foreground (root,547848,27976,00:00:17/15-14:33:48,1172) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26512,00:00:00/15-14:33:48,1185) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4572,00:01:25/15-14:33:47,1194) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1744,00:00:00/15-14:33:47,1197) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40568,10564,00:00:00/15-14:33:47,1199) /usr/lib/systemd/systemd --user (cm-ssh,40568,10520,00:00:00/15-14:33:47,1200) /usr/lib/systemd/systemd --user (checkmk,40560,10484,00:00:00/15-14:33:47,1201) /usr/lib/systemd/systemd --user (root,448968,8584,00:00:24/15-14:33:47,1202) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6112,00:02:06/15-14:33:47,1204) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,672,00:00:00/15-14:33:47,1206) bpfilter_umh (root,26204,8300,00:00:07/15-14:33:47,1214) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4236,00:00:00/15-14:33:47,1215) ntpd: asynchronous dns resolver (spot,285204,171320,20:59:46/15-14:33:47,1221) /usr/bin/python3.11 /usr/bin/spot (cm-ssh,48532,3192,00:00:00/15-14:33:46,1228) (sd-pam) (checkmk,48532,3192,00:00:00/15-14:33:46,1229) (sd-pam) (syslogtunnel,48532,3192,00:00:00/15-14:33:46,1245) (sd-pam) (root,24216,5348,00:00:05/15-14:33:45,1325) /usr/lib/postfix/bin//master -w (postfix,24292,8260,00:00:01/15-14:33:45,1327) qmgr -l -t fifo -u (root,8964,2668,00:00:02/15-14:33:44,1354) /usr/sbin/cron -n (root,691980,74872,00:20:13/15-14:33:38,1375) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,213440,49188,00:05:10/15-14:33:24,1380) /usr/bin/python3.11 /usr/bin/spot (root,0,0,00:00:00/14:10,3117) [kworker/2:1] (root,0,0,00:00:00/08:19,3436) [kworker/1:0-ata_sff] (postfix,24244,8144,00:00:00/01:02:05,7227) pickup -l -t fifo -u (root,0,0,00:00:00/19:48,8654) [kworker/0:2] (root,35308,10012,00:00:00/8-06:29:51,8747) sshd: syslogtunnel [priv] (syslogtunnel,35308,5532,00:00:29/8-06:29:51,8749) sshd: syslogtunnel (root,0,0,00:00:00/07:06,9870) [kworker/u8:0-writeback] (root,0,0,00:00:00/01:27:15,10498) [kworker/3:0-events] (root,0,0,00:00:02/01:49:53,10640) [kworker/2:2-events] (root,0,0,00:00:00/37:04,13513) [kworker/u8:1-flush-253:0] (root,6656,3484,00:00:00/00:00,14329) /bin/bash /usr/bin/check_mk_agent (root,6656,3488,00:00:00/00:00,14346) /bin/bash /usr/bin/check_mk_agent (root,6656,2008,00:00:00/00:00,14371) /bin/bash /usr/bin/check_mk_agent (root,13744,3504,00:00:00/00:00,14387) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,14388) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:00/36:39,15321) [kworker/3:1-cgroup_destroy] (root,35308,10012,00:00:00/9-12:24:40,15389) sshd: cm-ssh [priv] (cm-ssh,35308,5508,00:00:31/9-12:24:39,15391) sshd: cm-ssh (root,0,0,00:00:01/01:26:08,16028) [kworker/1:1-events] (root,0,0,00:00:00/03:06,26720) [kworker/1:2-ata_sff] (root,0,0,00:00:01/02:01:03,26890) [kworker/0:1-events] (postfix,44628,9416,00:00:00/9-19:10:25,30472) tlsmgr -l -t unix -u Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-11-28 00:57 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363a3368fb5Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189460,12812,00:00:40/13-14:05:08,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/13-14:05:08,2) [kthreadd] (root,0,0,00:00:00/13-14:05:08,3) [rcu_gp] (root,0,0,00:00:00/13-14:05:08,4) [rcu_par_gp] (root,0,0,00:00:00/13-14:05:08,5) [slub_flushwq] (root,0,0,00:00:00/13-14:05:08,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/13-14:05:08,9) [mm_percpu_wq] (root,0,0,00:00:00/13-14:05:08,10) [rcu_tasks_kthre] (root,0,0,00:00:00/13-14:05:08,11) [rcu_tasks_rude_] (root,0,0,00:00:00/13-14:05:08,12) [rcu_tasks_trace] (root,0,0,00:00:25/13-14:05:08,13) [ksoftirqd/0] (root,0,0,00:36:36/13-14:05:08,14) [rcu_preempt] (root,0,0,00:00:05/13-14:05:08,15) [migration/0] (root,0,0,00:00:00/13-14:05:08,16) [idle_inject/0] (root,0,0,00:00:00/13-14:05:08,18) [cpuhp/0] (root,0,0,00:00:00/13-14:05:08,19) [cpuhp/1] (root,0,0,00:00:00/13-14:05:08,20) [idle_inject/1] (root,0,0,00:00:05/13-14:05:08,21) [migration/1] (root,0,0,00:00:22/13-14:05:08,22) [ksoftirqd/1] (root,0,0,00:00:00/13-14:05:08,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/13-14:05:08,25) [cpuhp/2] (root,0,0,00:00:00/13-14:05:08,26) [idle_inject/2] (root,0,0,00:00:04/13-14:05:08,27) [migration/2] (root,0,0,00:28:52/13-14:05:08,28) [ksoftirqd/2] (root,0,0,00:00:00/13-14:05:08,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/13-14:05:08,31) [cpuhp/3] (root,0,0,00:00:00/13-14:05:08,32) [idle_inject/3] (root,0,0,00:00:05/13-14:05:08,33) [migration/3] (root,0,0,00:01:19/13-14:05:08,34) [ksoftirqd/3] (root,0,0,00:00:00/13-14:05:08,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/13-14:05:08,39) [kdevtmpfs] (root,0,0,00:00:00/13-14:05:08,40) [netns] (root,0,0,00:00:00/13-14:05:08,41) [inet_frag_wq] (root,0,0,00:00:04/13-14:05:08,42) [kauditd] (root,0,0,00:00:00/13-14:05:08,43) [khungtaskd] (root,0,0,00:00:00/13-14:05:08,44) [oom_reaper] (root,0,0,00:00:00/13-14:05:08,45) [writeback] (root,0,0,00:00:40/13-14:05:08,46) [kcompactd0] (root,0,0,00:00:00/13-14:05:08,47) [ksmd] (root,0,0,00:00:40/13-14:05:08,48) [khugepaged] (root,0,0,00:00:00/13-14:05:08,74) [kintegrityd] (root,0,0,00:00:00/13-14:05:08,75) [kblockd] (root,0,0,00:00:00/13-14:05:08,76) [blkcg_punt_bio] (root,0,0,00:00:00/13-14:05:08,78) [tpm_dev_wq] (root,0,0,00:00:00/13-14:05:08,79) [edac-poller] (root,0,0,00:00:00/13-14:05:08,80) [devfreq_wq] (root,0,0,00:00:00/13-14:05:08,110) [watchdogd] (root,0,0,00:00:02/13-14:05:08,111) [kworker/2:1H-kblockd] (root,0,0,00:00:01/13-14:05:08,112) [kswapd0] (root,0,0,00:00:00/13-14:05:07,114) [kthrotld] (root,0,0,00:00:00/13-14:05:07,115) [mld] (root,0,0,00:00:00/13-14:05:07,116) [ipv6_addrconf] (root,0,0,00:00:05/13-14:05:07,117) [kworker/1:1H-kblockd] (root,0,0,00:00:00/13-14:05:07,122) [kstrp] (root,0,0,00:00:00/13-14:05:07,123) [zswap-shrink] (root,0,0,00:00:00/13-14:05:07,124) [kworker/u9:0] (root,0,0,00:00:00/13-14:05:07,129) [charger_manager] (root,0,0,00:00:02/13-14:05:06,172) [kworker/3:1H-kblockd] (root,0,0,00:00:03/13-14:05:06,175) [kworker/0:1H-kblockd] (root,0,0,00:00:00/13-14:05:06,205) [kaluad] (root,0,0,00:00:00/13-14:05:06,250) [kmpath_rdacd] (root,0,0,00:00:00/13-14:05:06,293) [kmpathd] (root,0,0,00:00:00/13-14:05:06,294) [kmpath_handlerd] (root,0,0,00:00:00/13-14:05:06,342) [ata_sff] (root,0,0,00:00:00/13-14:05:05,343) [scsi_eh_0] (root,0,0,00:00:00/13-14:05:05,344) [scsi_tmf_0] (root,0,0,00:00:00/13-14:05:05,345) [scsi_eh_1] (root,0,0,00:00:00/13-14:05:05,346) [scsi_tmf_1] (root,0,0,00:00:20/13-14:05:03,366) [jbd2/vda1-8] (root,0,0,00:00:00/13-14:05:03,367) [ext4-rsv-conver] (root,38604,7876,00:00:22/13-14:04:51,440) /usr/lib/systemd/systemd-journald (root,53164,9648,00:00:01/13-14:04:50,456) /usr/lib/systemd/systemd-udevd (root,8624,6760,00:00:20/13-14:04:48,491) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1628,00:00:08/13-14:04:14,512) /sbin/auditd (messagebus,22936,5672,00:00:45/13-14:04:14,518) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8536,00:00:25/13-14:04:14,531) /usr/lib/systemd/systemd-logind (root,20556,5140,00:00:00/13-14:04:14,541) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31876,16220,00:00:03/13-14:04:13,626) /usr/sbin/wickedd --systemd --foreground (root,31896,16976,00:00:00/13-14:04:13,627) /usr/sbin/wickedd-nanny --systemd --foreground (root,547848,27716,00:00:15/13-14:03:59,1172) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26512,00:00:00/13-14:03:59,1185) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4572,00:01:13/13-14:03:58,1194) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1744,00:00:00/13-14:03:58,1197) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40568,10564,00:00:00/13-14:03:58,1199) /usr/lib/systemd/systemd --user (cm-ssh,40568,10520,00:00:00/13-14:03:58,1200) /usr/lib/systemd/systemd --user (checkmk,40560,10484,00:00:00/13-14:03:58,1201) /usr/lib/systemd/systemd --user (root,448968,8584,00:00:21/13-14:03:58,1202) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6112,00:01:50/13-14:03:58,1204) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,672,00:00:00/13-14:03:58,1206) bpfilter_umh (root,26204,8300,00:00:07/13-14:03:58,1214) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4236,00:00:00/13-14:03:58,1215) ntpd: asynchronous dns resolver (spot,286660,171612,18:14:43/13-14:03:58,1221) /usr/bin/python3.11 /usr/bin/spot (cm-ssh,48532,3192,00:00:00/13-14:03:57,1228) (sd-pam) (checkmk,48532,3192,00:00:00/13-14:03:57,1229) (sd-pam) (syslogtunnel,48532,3192,00:00:00/13-14:03:57,1245) (sd-pam) (root,24216,5348,00:00:04/13-14:03:56,1325) /usr/lib/postfix/bin//master -w (postfix,24292,8260,00:00:00/13-14:03:56,1327) qmgr -l -t fifo -u (root,8964,2668,00:00:01/13-14:03:55,1354) /usr/sbin/cron -n (root,691980,74552,00:17:34/13-14:03:49,1375) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,212416,47904,00:04:29/13-14:03:35,1380) /usr/bin/python3.11 /usr/bin/spot (root,0,0,00:00:00/43:09,2659) [kworker/2:0-events] (root,0,0,00:00:00/24:23,3454) [kworker/1:1-ata_sff] (root,6656,3492,00:00:00/00:00,4753) /bin/bash /usr/bin/check_mk_agent (root,6656,3488,00:00:00/00:00,4777) /bin/bash /usr/bin/check_mk_agent (root,13744,3512,00:00:00/00:00,4812) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,4813) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,6656,1828,00:00:00/00:00,4814) /bin/bash /usr/bin/check_mk_agent (root,6656,2020,00:00:00/00:00,4815) /bin/bash /usr/bin/check_mk_agent (root,4480,1068,00:00:00/00:00,4816) awk /:/ { c[$4]++; } END { for (x in c) { print x, c[x]; } } (root,2728,820,00:00:00/00:00,4817) timeout 5 cat /proc/net/tcp /proc/net/tcp6 (root,0,0,00:00:04/04:01:46,4939) [kworker/2:2-events] (root,35308,10012,00:00:00/6-06:00:02,8747) sshd: syslogtunnel [priv] (syslogtunnel,35308,5532,00:00:22/6-06:00:02,8749) sshd: syslogtunnel (root,0,0,00:00:00/48:09,13988) [kworker/0:0-events] (root,35308,10012,00:00:00/7-11:54:51,15389) sshd: cm-ssh [priv] (cm-ssh,35308,5508,00:00:25/7-11:54:50,15391) sshd: cm-ssh (root,0,0,00:00:00/03:37,17507) [kworker/1:0-ata_sff] (postfix,24244,8212,00:00:00/54:10,19097) pickup -l -t fifo -u (root,0,0,00:00:00/01:08:36,23451) [kworker/3:1-events] (root,0,0,00:00:00/01:38:56,24348) [kworker/u8:1-ext4-rsv-conversion] (root,0,0,00:00:00/08:50,29549) [kworker/1:2-events] (postfix,44628,9416,00:00:00/7-18:40:36,30472) tlsmgr -l -t unix -u (root,0,0,00:00:00/58:23,31001) [kworker/0:2-events] (root,0,0,00:00:00/26:46,31497) [kworker/u8:2-flush-253:0] (root,0,0,00:00:01/04:32:26,31777) [kworker/3:0-events] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-11-26 00:27 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363767b14c1Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189460,12812,00:00:35/11-11:43:19,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/11-11:43:19,2) [kthreadd] (root,0,0,00:00:00/11-11:43:19,3) [rcu_gp] (root,0,0,00:00:00/11-11:43:19,4) [rcu_par_gp] (root,0,0,00:00:00/11-11:43:19,5) [slub_flushwq] (root,0,0,00:00:00/11-11:43:19,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/11-11:43:19,9) [mm_percpu_wq] (root,0,0,00:00:00/11-11:43:19,10) [rcu_tasks_kthre] (root,0,0,00:00:00/11-11:43:19,11) [rcu_tasks_rude_] (root,0,0,00:00:00/11-11:43:19,12) [rcu_tasks_trace] (root,0,0,00:00:20/11-11:43:19,13) [ksoftirqd/0] (root,0,0,00:30:33/11-11:43:19,14) [rcu_preempt] (root,0,0,00:00:04/11-11:43:19,15) [migration/0] (root,0,0,00:00:00/11-11:43:19,16) [idle_inject/0] (root,0,0,00:00:00/11-11:43:19,18) [cpuhp/0] (root,0,0,00:00:00/11-11:43:19,19) [cpuhp/1] (root,0,0,00:00:00/11-11:43:19,20) [idle_inject/1] (root,0,0,00:00:04/11-11:43:19,21) [migration/1] (root,0,0,00:00:17/11-11:43:19,22) [ksoftirqd/1] (root,0,0,00:00:00/11-11:43:19,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/11-11:43:19,25) [cpuhp/2] (root,0,0,00:00:00/11-11:43:19,26) [idle_inject/2] (root,0,0,00:00:03/11-11:43:19,27) [migration/2] (root,0,0,00:24:03/11-11:43:19,28) [ksoftirqd/2] (root,0,0,00:00:00/11-11:43:19,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/11-11:43:19,31) [cpuhp/3] (root,0,0,00:00:00/11-11:43:19,32) [idle_inject/3] (root,0,0,00:00:04/11-11:43:19,33) [migration/3] (root,0,0,00:01:05/11-11:43:19,34) [ksoftirqd/3] (root,0,0,00:00:00/11-11:43:19,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/11-11:43:19,39) [kdevtmpfs] (root,0,0,00:00:00/11-11:43:19,40) [netns] (root,0,0,00:00:00/11-11:43:19,41) [inet_frag_wq] (root,0,0,00:00:03/11-11:43:19,42) [kauditd] (root,0,0,00:00:00/11-11:43:19,43) [khungtaskd] (root,0,0,00:00:00/11-11:43:19,44) [oom_reaper] (root,0,0,00:00:00/11-11:43:19,45) [writeback] (root,0,0,00:00:33/11-11:43:19,46) [kcompactd0] (root,0,0,00:00:00/11-11:43:19,47) [ksmd] (root,0,0,00:00:34/11-11:43:19,48) [khugepaged] (root,0,0,00:00:00/11-11:43:19,74) [kintegrityd] (root,0,0,00:00:00/11-11:43:19,75) [kblockd] (root,0,0,00:00:00/11-11:43:19,76) [blkcg_punt_bio] (root,0,0,00:00:00/11-11:43:19,78) [tpm_dev_wq] (root,0,0,00:00:00/11-11:43:19,79) [edac-poller] (root,0,0,00:00:00/11-11:43:19,80) [devfreq_wq] (root,0,0,00:00:00/11-11:43:19,110) [watchdogd] (root,0,0,00:00:02/11-11:43:19,111) [kworker/2:1H-kblockd] (root,0,0,00:00:00/11-11:43:19,112) [kswapd0] (root,0,0,00:00:00/11-11:43:18,114) [kthrotld] (root,0,0,00:00:00/11-11:43:18,115) [mld] (root,0,0,00:00:00/11-11:43:18,116) [ipv6_addrconf] (root,0,0,00:00:04/11-11:43:18,117) [kworker/1:1H-kblockd] (root,0,0,00:00:00/11-11:43:18,122) [kstrp] (root,0,0,00:00:00/11-11:43:18,123) [zswap-shrink] (root,0,0,00:00:00/11-11:43:18,124) [kworker/u9:0] (root,0,0,00:00:00/11-11:43:18,129) [charger_manager] (root,0,0,00:00:02/11-11:43:17,172) [kworker/3:1H-kblockd] (root,0,0,00:00:02/11-11:43:17,175) [kworker/0:1H-kblockd] (root,0,0,00:00:00/11-11:43:17,205) [kaluad] (root,0,0,00:00:00/11-11:43:17,250) [kmpath_rdacd] (root,0,0,00:00:00/11-11:43:17,293) [kmpathd] (root,0,0,00:00:00/11-11:43:17,294) [kmpath_handlerd] (root,0,0,00:00:00/11-11:43:17,342) [ata_sff] (root,0,0,00:00:00/11-11:43:16,343) [scsi_eh_0] (root,0,0,00:00:00/11-11:43:16,344) [scsi_tmf_0] (root,0,0,00:00:00/11-11:43:16,345) [scsi_eh_1] (root,0,0,00:00:00/11-11:43:16,346) [scsi_tmf_1] (root,0,0,00:00:17/11-11:43:14,366) [jbd2/vda1-8] (root,0,0,00:00:00/11-11:43:14,367) [ext4-rsv-conver] (root,38604,7900,00:00:19/11-11:43:02,440) /usr/lib/systemd/systemd-journald (root,53164,9680,00:00:01/11-11:43:01,456) /usr/lib/systemd/systemd-udevd (root,8624,6760,00:00:17/11-11:42:59,491) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1636,00:00:07/11-11:42:25,512) /sbin/auditd (messagebus,22936,5672,00:00:39/11-11:42:25,518) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8548,00:00:22/11-11:42:25,531) /usr/lib/systemd/systemd-logind (root,20556,5140,00:00:00/11-11:42:25,541) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31876,16220,00:00:03/11-11:42:24,626) /usr/sbin/wickedd --systemd --foreground (root,31896,16976,00:00:00/11-11:42:24,627) /usr/sbin/wickedd-nanny --systemd --foreground (root,547848,27724,00:00:13/11-11:42:10,1172) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26512,00:00:00/11-11:42:10,1185) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4572,00:00:59/11-11:42:09,1194) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1744,00:00:00/11-11:42:09,1197) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40568,10564,00:00:00/11-11:42:09,1199) /usr/lib/systemd/systemd --user (cm-ssh,40568,10520,00:00:00/11-11:42:09,1200) /usr/lib/systemd/systemd --user (checkmk,40560,10484,00:00:00/11-11:42:09,1201) /usr/lib/systemd/systemd --user (root,448968,9084,00:00:18/11-11:42:09,1202) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6224,00:01:32/11-11:42:09,1204) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,672,00:00:00/11-11:42:09,1206) bpfilter_umh (root,26204,8300,00:00:06/11-11:42:09,1214) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4236,00:00:00/11-11:42:09,1215) ntpd: asynchronous dns resolver (spot,285828,171400,14:13:34/11-11:42:09,1221) /usr/bin/python3.11 /usr/bin/spot (cm-ssh,48532,3192,00:00:00/11-11:42:08,1228) (sd-pam) (checkmk,48532,3192,00:00:00/11-11:42:08,1229) (sd-pam) (syslogtunnel,48532,3192,00:00:00/11-11:42:08,1245) (sd-pam) (root,24216,5348,00:00:03/11-11:42:07,1325) /usr/lib/postfix/bin//master -w (postfix,24292,8260,00:00:00/11-11:42:07,1327) qmgr -l -t fifo -u (root,8964,2668,00:00:01/11-11:42:06,1354) /usr/sbin/cron -n (root,691724,74148,00:14:47/11-11:42:00,1375) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,211392,46340,00:03:45/11-11:41:46,1380) /usr/bin/python3.11 /usr/bin/spot (root,0,0,00:00:00/51:49,1935) [kworker/2:0-events] (postfix,24244,8236,00:00:00/33:06,2309) pickup -l -t fifo -u (root,0,0,00:00:00/09:05:28,4619) [kworker/u8:0-ext4-rsv-conversion] (root,35308,10012,00:00:00/4-03:38:13,8747) sshd: syslogtunnel [priv] (syslogtunnel,35308,5532,00:00:14/4-03:38:13,8749) sshd: syslogtunnel (root,0,0,00:00:00/15:14,9247) [kworker/0:1-events] (root,0,0,00:00:00/02:22:39,10972) [kworker/0:2-events] (root,0,0,00:00:00/02:11,13585) [kworker/1:0-ata_sff] (root,35308,10012,00:00:00/5-09:33:02,15389) sshd: cm-ssh [priv] (cm-ssh,35308,5508,00:00:18/5-09:33:01,15391) sshd: cm-ssh (root,0,0,00:00:00/01:08:32,16718) [kworker/2:2-events] (root,0,0,00:00:00/47:38,18633) [kworker/3:2-events] (root,0,0,00:00:01/01:51:09,21671) [kworker/1:1-events] (root,6764,3604,00:00:00/00:00,22303) /bin/bash /usr/bin/check_mk_agent (root,6656,3488,00:00:00/00:00,22471) /bin/bash /usr/bin/check_mk_agent (root,6292,3188,00:00:00/00:00,22473) /bin/bash ././spot.bash (root,6656,3476,00:00:00/00:00,22515) /bin/bash /usr/bin/check_mk_agent (root,13744,3428,00:00:00/00:00,22516) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,22517) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:00/07:24,28128) [kworker/1:2-ata_sff] (root,0,0,00:00:00/07:01,29635) [kworker/3:1-events] (postfix,44628,9464,00:00:00/5-16:18:47,30472) tlsmgr -l -t unix -u (root,0,0,00:00:00/01:24:25,31970) [kworker/u8:2-flush-253:0] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-11-23 22:05 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe56836307be3aaeFound public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189460,12768,00:00:30/9-11:36:32,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/9-11:36:32,2) [kthreadd] (root,0,0,00:00:00/9-11:36:32,3) [rcu_gp] (root,0,0,00:00:00/9-11:36:32,4) [rcu_par_gp] (root,0,0,00:00:00/9-11:36:32,5) [slub_flushwq] (root,0,0,00:00:00/9-11:36:32,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/9-11:36:32,9) [mm_percpu_wq] (root,0,0,00:00:00/9-11:36:32,10) [rcu_tasks_kthre] (root,0,0,00:00:00/9-11:36:32,11) [rcu_tasks_rude_] (root,0,0,00:00:00/9-11:36:32,12) [rcu_tasks_trace] (root,0,0,00:00:16/9-11:36:32,13) [ksoftirqd/0] (root,0,0,00:25:05/9-11:36:32,14) [rcu_preempt] (root,0,0,00:00:03/9-11:36:32,15) [migration/0] (root,0,0,00:00:00/9-11:36:32,16) [idle_inject/0] (root,0,0,00:00:00/9-11:36:32,18) [cpuhp/0] (root,0,0,00:00:00/9-11:36:32,19) [cpuhp/1] (root,0,0,00:00:00/9-11:36:32,20) [idle_inject/1] (root,0,0,00:00:03/9-11:36:32,21) [migration/1] (root,0,0,00:00:14/9-11:36:32,22) [ksoftirqd/1] (root,0,0,00:00:00/9-11:36:32,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/9-11:36:32,25) [cpuhp/2] (root,0,0,00:00:00/9-11:36:32,26) [idle_inject/2] (root,0,0,00:00:03/9-11:36:32,27) [migration/2] (root,0,0,00:20:07/9-11:36:32,28) [ksoftirqd/2] (root,0,0,00:00:00/9-11:36:32,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/9-11:36:32,31) [cpuhp/3] (root,0,0,00:00:00/9-11:36:32,32) [idle_inject/3] (root,0,0,00:00:03/9-11:36:32,33) [migration/3] (root,0,0,00:00:53/9-11:36:32,34) [ksoftirqd/3] (root,0,0,00:00:00/9-11:36:32,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/9-11:36:32,39) [kdevtmpfs] (root,0,0,00:00:00/9-11:36:32,40) [netns] (root,0,0,00:00:00/9-11:36:32,41) [inet_frag_wq] (root,0,0,00:00:03/9-11:36:32,42) [kauditd] (root,0,0,00:00:00/9-11:36:32,43) [khungtaskd] (root,0,0,00:00:00/9-11:36:32,44) [oom_reaper] (root,0,0,00:00:00/9-11:36:32,45) [writeback] (root,0,0,00:00:27/9-11:36:32,46) [kcompactd0] (root,0,0,00:00:00/9-11:36:32,47) [ksmd] (root,0,0,00:00:28/9-11:36:32,48) [khugepaged] (root,0,0,00:00:00/9-11:36:32,74) [kintegrityd] (root,0,0,00:00:00/9-11:36:32,75) [kblockd] (root,0,0,00:00:00/9-11:36:32,76) [blkcg_punt_bio] (root,0,0,00:00:00/9-11:36:32,78) [tpm_dev_wq] (root,0,0,00:00:00/9-11:36:32,79) [edac-poller] (root,0,0,00:00:00/9-11:36:32,80) [devfreq_wq] (root,0,0,00:00:00/9-11:36:32,110) [watchdogd] (root,0,0,00:00:01/9-11:36:32,111) [kworker/2:1H-kblockd] (root,0,0,00:00:00/9-11:36:32,112) [kswapd0] (root,0,0,00:00:00/9-11:36:31,114) [kthrotld] (root,0,0,00:00:00/9-11:36:31,115) [mld] (root,0,0,00:00:00/9-11:36:31,116) [ipv6_addrconf] (root,0,0,00:00:04/9-11:36:31,117) [kworker/1:1H-kblockd] (root,0,0,00:00:00/9-11:36:31,122) [kstrp] (root,0,0,00:00:00/9-11:36:31,123) [zswap-shrink] (root,0,0,00:00:00/9-11:36:31,124) [kworker/u9:0] (root,0,0,00:00:00/9-11:36:31,129) [charger_manager] (root,0,0,00:00:02/9-11:36:30,172) [kworker/3:1H-kblockd] (root,0,0,00:00:02/9-11:36:30,175) [kworker/0:1H-kblockd] (root,0,0,00:00:00/9-11:36:30,205) [kaluad] (root,0,0,00:00:00/9-11:36:30,250) [kmpath_rdacd] (root,0,0,00:00:00/9-11:36:30,293) [kmpathd] (root,0,0,00:00:00/9-11:36:30,294) [kmpath_handlerd] (root,0,0,00:00:00/9-11:36:30,342) [ata_sff] (root,0,0,00:00:00/9-11:36:29,343) [scsi_eh_0] (root,0,0,00:00:00/9-11:36:29,344) [scsi_tmf_0] (root,0,0,00:00:00/9-11:36:29,345) [scsi_eh_1] (root,0,0,00:00:00/9-11:36:29,346) [scsi_tmf_1] (root,0,0,00:00:14/9-11:36:27,366) [jbd2/vda1-8] (root,0,0,00:00:00/9-11:36:27,367) [ext4-rsv-conver] (root,38604,7900,00:00:16/9-11:36:15,440) /usr/lib/systemd/systemd-journald (root,53164,9680,00:00:01/9-11:36:14,456) /usr/lib/systemd/systemd-udevd (root,8624,6760,00:00:14/9-11:36:12,491) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1636,00:00:06/9-11:35:38,512) /sbin/auditd (messagebus,22936,5672,00:00:33/9-11:35:38,518) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8544,00:00:18/9-11:35:38,531) /usr/lib/systemd/systemd-logind (root,20556,5140,00:00:00/9-11:35:38,541) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31876,16220,00:00:03/9-11:35:37,626) /usr/sbin/wickedd --systemd --foreground (root,31896,16976,00:00:00/9-11:35:37,627) /usr/sbin/wickedd-nanny --systemd --foreground (root,547592,26656,00:00:10/9-11:35:23,1172) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26512,00:00:00/9-11:35:23,1185) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4568,00:00:49/9-11:35:22,1194) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1744,00:00:00/9-11:35:22,1197) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40568,10564,00:00:00/9-11:35:22,1199) /usr/lib/systemd/systemd --user (cm-ssh,40568,10520,00:00:00/9-11:35:22,1200) /usr/lib/systemd/systemd --user (checkmk,40560,10484,00:00:00/9-11:35:22,1201) /usr/lib/systemd/systemd --user (root,448968,8820,00:00:16/9-11:35:22,1202) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6224,00:01:15/9-11:35:22,1204) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,672,00:00:00/9-11:35:22,1206) bpfilter_umh (root,26204,8300,00:00:05/9-11:35:22,1214) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4236,00:00:00/9-11:35:22,1215) ntpd: asynchronous dns resolver (spot,283204,169304,11:05:01/9-11:35:22,1221) /usr/bin/python3.11 /usr/bin/spot (cm-ssh,48532,3192,00:00:00/9-11:35:21,1228) (sd-pam) (checkmk,48532,3192,00:00:00/9-11:35:21,1229) (sd-pam) (syslogtunnel,48532,3192,00:00:00/9-11:35:21,1245) (sd-pam) (root,24216,5348,00:00:02/9-11:35:20,1325) /usr/lib/postfix/bin//master -w (postfix,24292,8260,00:00:00/9-11:35:20,1327) qmgr -l -t fifo -u (root,8964,2668,00:00:01/9-11:35:19,1354) /usr/sbin/cron -n (root,691336,73768,00:12:12/9-11:35:13,1375) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,210368,45064,00:03:04/9-11:34:59,1380) /usr/bin/python3.11 /usr/bin/spot (root,0,0,00:00:00/03:22:36,1575) [kworker/u8:1-flush-253:0] (root,0,0,00:00:02/03:03:39,2819) [kworker/2:2-events] (root,0,0,00:00:00/02:53:58,3398) [kworker/0:2-events] (root,0,0,00:00:00/02:00,4318) [kworker/1:1-ata_sff] (root,0,0,00:00:00/02:09:54,8580) [kworker/0:0] (root,35308,10012,00:00:00/2-03:31:26,8747) sshd: syslogtunnel [priv] (syslogtunnel,35308,5532,00:00:07/2-03:31:26,8749) sshd: syslogtunnel (root,6656,3476,00:00:00/00:00,13447) /bin/bash /usr/bin/check_mk_agent (root,6656,1820,00:00:00/00:00,13488) /bin/bash /usr/bin/check_mk_agent (root,6656,2012,00:00:00/00:00,13489) /bin/bash /usr/bin/check_mk_agent (root,4480,1188,00:00:00/00:00,13490) awk /:/ { c[$4]++; } END { for (x in c) { print x, c[x]; } } (root,2728,824,00:00:00/00:00,13491) timeout 5 cat /proc/net/tcp /proc/net/tcp6 (root,2680,704,00:00:00/00:00,13492) cat /proc/net/tcp /proc/net/tcp6 (root,6656,3448,00:00:00/00:00,13493) /bin/bash /usr/bin/check_mk_agent (root,13744,3420,00:00:00/00:00,13511) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,13512) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:00/01:11:07,13880) [kworker/2:1-events] (root,35308,10012,00:00:00/3-09:26:15,15389) sshd: cm-ssh [priv] (cm-ssh,35308,5508,00:00:11/3-09:26:14,15391) sshd: cm-ssh (root,0,0,00:00:00/07:14,17809) [kworker/3:1-events] (root,0,0,00:00:00/07:13,17830) [kworker/1:2-events] (root,0,0,00:00:00/51:37,22141) [kworker/3:0-events] (postfix,24244,8192,00:00:00/48:11,22236) pickup -l -t fifo -u (root,0,0,00:00:00/04:56:34,26857) [kworker/u8:0-ext4-rsv-conversion] (postfix,44628,9464,00:00:00/3-16:12:00,30472) tlsmgr -l -t unix -u (root,0,0,00:00:01/04:00:40,30834) [kworker/1:0-events] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-11-21 21:58 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe5683635266422aFound public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189460,12768,00:00:24/7-15:14:50,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/7-15:14:50,2) [kthreadd] (root,0,0,00:00:00/7-15:14:50,3) [rcu_gp] (root,0,0,00:00:00/7-15:14:50,4) [rcu_par_gp] (root,0,0,00:00:00/7-15:14:50,5) [slub_flushwq] (root,0,0,00:00:00/7-15:14:50,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/7-15:14:50,9) [mm_percpu_wq] (root,0,0,00:00:00/7-15:14:50,10) [rcu_tasks_kthre] (root,0,0,00:00:00/7-15:14:50,11) [rcu_tasks_rude_] (root,0,0,00:00:00/7-15:14:50,12) [rcu_tasks_trace] (root,0,0,00:00:13/7-15:14:50,13) [ksoftirqd/0] (root,0,0,00:20:07/7-15:14:50,14) [rcu_preempt] (root,0,0,00:00:02/7-15:14:50,15) [migration/0] (root,0,0,00:00:00/7-15:14:50,16) [idle_inject/0] (root,0,0,00:00:00/7-15:14:50,18) [cpuhp/0] (root,0,0,00:00:00/7-15:14:50,19) [cpuhp/1] (root,0,0,00:00:00/7-15:14:50,20) [idle_inject/1] (root,0,0,00:00:03/7-15:14:50,21) [migration/1] (root,0,0,00:00:11/7-15:14:50,22) [ksoftirqd/1] (root,0,0,00:00:00/7-15:14:50,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/7-15:14:50,25) [cpuhp/2] (root,0,0,00:00:00/7-15:14:50,26) [idle_inject/2] (root,0,0,00:00:02/7-15:14:50,27) [migration/2] (root,0,0,00:16:15/7-15:14:50,28) [ksoftirqd/2] (root,0,0,00:00:00/7-15:14:50,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/7-15:14:50,31) [cpuhp/3] (root,0,0,00:00:00/7-15:14:50,32) [idle_inject/3] (root,0,0,00:00:03/7-15:14:50,33) [migration/3] (root,0,0,00:00:43/7-15:14:50,34) [ksoftirqd/3] (root,0,0,00:00:00/7-15:14:50,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/7-15:14:50,39) [kdevtmpfs] (root,0,0,00:00:00/7-15:14:50,40) [netns] (root,0,0,00:00:00/7-15:14:50,41) [inet_frag_wq] (root,0,0,00:00:02/7-15:14:50,42) [kauditd] (root,0,0,00:00:00/7-15:14:50,43) [khungtaskd] (root,0,0,00:00:00/7-15:14:50,44) [oom_reaper] (root,0,0,00:00:00/7-15:14:50,45) [writeback] (root,0,0,00:00:22/7-15:14:50,46) [kcompactd0] (root,0,0,00:00:00/7-15:14:50,47) [ksmd] (root,0,0,00:00:23/7-15:14:50,48) [khugepaged] (root,0,0,00:00:00/7-15:14:50,74) [kintegrityd] (root,0,0,00:00:00/7-15:14:50,75) [kblockd] (root,0,0,00:00:00/7-15:14:50,76) [blkcg_punt_bio] (root,0,0,00:00:00/7-15:14:50,78) [tpm_dev_wq] (root,0,0,00:00:00/7-15:14:50,79) [edac-poller] (root,0,0,00:00:00/7-15:14:50,80) [devfreq_wq] (root,0,0,00:00:00/7-15:14:50,110) [watchdogd] (root,0,0,00:00:01/7-15:14:50,111) [kworker/2:1H-kblockd] (root,0,0,00:00:00/7-15:14:50,112) [kswapd0] (root,0,0,00:00:00/7-15:14:49,114) [kthrotld] (root,0,0,00:00:00/7-15:14:49,115) [mld] (root,0,0,00:00:00/7-15:14:49,116) [ipv6_addrconf] (root,0,0,00:00:03/7-15:14:49,117) [kworker/1:1H-kblockd] (root,0,0,00:00:00/7-15:14:49,122) [kstrp] (root,0,0,00:00:00/7-15:14:49,123) [zswap-shrink] (root,0,0,00:00:00/7-15:14:49,124) [kworker/u9:0] (root,0,0,00:00:00/7-15:14:49,129) [charger_manager] (root,0,0,00:00:01/7-15:14:48,172) [kworker/3:1H-kblockd] (root,0,0,00:00:01/7-15:14:48,175) [kworker/0:1H-kblockd] (root,0,0,00:00:00/7-15:14:48,205) [kaluad] (root,0,0,00:00:00/7-15:14:48,250) [kmpath_rdacd] (root,0,0,00:00:00/7-15:14:48,293) [kmpathd] (root,0,0,00:00:00/7-15:14:48,294) [kmpath_handlerd] (root,0,0,00:00:00/7-15:14:48,342) [ata_sff] (root,0,0,00:00:00/7-15:14:47,343) [scsi_eh_0] (root,0,0,00:00:00/7-15:14:47,344) [scsi_tmf_0] (root,0,0,00:00:00/7-15:14:47,345) [scsi_eh_1] (root,0,0,00:00:00/7-15:14:47,346) [scsi_tmf_1] (root,0,0,00:00:11/7-15:14:45,366) [jbd2/vda1-8] (root,0,0,00:00:00/7-15:14:45,367) [ext4-rsv-conver] (root,38604,7900,00:00:13/7-15:14:33,440) /usr/lib/systemd/systemd-journald (root,53164,9680,00:00:01/7-15:14:32,456) /usr/lib/systemd/systemd-udevd (root,8624,6760,00:00:11/7-15:14:30,491) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1636,00:00:04/7-15:13:56,512) /sbin/auditd (messagebus,22936,5672,00:00:27/7-15:13:56,518) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8540,00:00:15/7-15:13:56,531) /usr/lib/systemd/systemd-logind (root,20556,5140,00:00:00/7-15:13:56,541) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31876,16220,00:00:03/7-15:13:55,626) /usr/sbin/wickedd --systemd --foreground (root,31896,16976,00:00:00/7-15:13:55,627) /usr/sbin/wickedd-nanny --systemd --foreground (root,0,0,00:00:00/01:28:41,776) [kworker/3:0-events] (root,547592,25356,00:00:08/7-15:13:41,1172) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26512,00:00:00/7-15:13:41,1185) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4568,00:00:42/7-15:13:40,1194) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1744,00:00:00/7-15:13:40,1197) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40568,10564,00:00:00/7-15:13:40,1199) /usr/lib/systemd/systemd --user (cm-ssh,40568,10520,00:00:00/7-15:13:40,1200) /usr/lib/systemd/systemd --user (checkmk,40560,10484,00:00:00/7-15:13:40,1201) /usr/lib/systemd/systemd --user (root,448968,8820,00:00:13/7-15:13:40,1202) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6224,00:01:00/7-15:13:40,1204) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,672,00:00:00/7-15:13:40,1206) bpfilter_umh (root,26204,8300,00:00:04/7-15:13:40,1214) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4236,00:00:00/7-15:13:40,1215) ntpd: asynchronous dns resolver (spot,284532,169636,08:44:19/7-15:13:40,1221) /usr/bin/python3.11 /usr/bin/spot (cm-ssh,48532,3192,00:00:00/7-15:13:39,1228) (sd-pam) (checkmk,48532,3192,00:00:00/7-15:13:39,1229) (sd-pam) (syslogtunnel,48532,3192,00:00:00/7-15:13:39,1245) (sd-pam) (root,24216,5348,00:00:02/7-15:13:38,1325) /usr/lib/postfix/bin//master -w (postfix,24292,8260,00:00:00/7-15:13:38,1327) qmgr -l -t fifo -u (root,8964,2668,00:00:01/7-15:13:37,1354) /usr/sbin/cron -n (root,691080,73620,00:09:47/7-15:13:31,1375) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,209344,43792,00:02:27/7-15:13:17,1380) /usr/bin/python3.11 /usr/bin/spot (postfix,24244,8216,00:00:00/01:28:10,3178) pickup -l -t fifo -u (root,0,0,00:00:00/01:58,5380) [kworker/u8:2-writeback] (root,0,0,00:00:01/03:53:45,7055) [kworker/3:2-events] (root,0,0,00:00:00/01:01:29,7981) [kworker/u8:0-ext4-rsv-conversion] (root,0,0,00:00:00/00:49,8681) [kworker/1:0-ata_sff] (root,35308,10012,00:00:00/07:09:44,8747) sshd: syslogtunnel [priv] (syslogtunnel,35308,5532,00:00:01/07:09:44,8749) sshd: syslogtunnel (root,0,0,00:00:00/17:53,10528) [kworker/2:1-events] (root,0,0,00:00:00/17:52,10529) [kworker/u8:1-ext4-rsv-conversion] (root,6656,3488,00:00:00/00:00,11661) /bin/bash /usr/bin/check_mk_agent (root,13744,3368,00:00:00/00:00,11679) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,11680) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:00/59:37,13261) [kworker/0:2] (root,35308,10012,00:00:00/1-13:04:33,15389) sshd: cm-ssh [priv] (cm-ssh,35308,5508,00:00:05/1-13:04:32,15391) sshd: cm-ssh (root,0,0,00:00:00/05:59,20353) [kworker/1:2-ata_sff] (root,0,0,00:00:00/01:13:55,23924) [kworker/0:0-events] (root,0,0,00:00:00/47:29,24194) [kworker/1:1-events] (postfix,44628,9464,00:00:00/1-19:50:18,30472) tlsmgr -l -t unix -u (root,0,0,00:00:00/37:06,31725) [kworker/2:2-events] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-11-20 01:37 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe5683637e4a0008Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189460,12768,00:00:18/5-14:22:21,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/5-14:22:21,2) [kthreadd] (root,0,0,00:00:00/5-14:22:21,3) [rcu_gp] (root,0,0,00:00:00/5-14:22:21,4) [rcu_par_gp] (root,0,0,00:00:00/5-14:22:21,5) [slub_flushwq] (root,0,0,00:00:00/5-14:22:21,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/5-14:22:21,9) [mm_percpu_wq] (root,0,0,00:00:00/5-14:22:21,10) [rcu_tasks_kthre] (root,0,0,00:00:00/5-14:22:21,11) [rcu_tasks_rude_] (root,0,0,00:00:00/5-14:22:21,12) [rcu_tasks_trace] (root,0,0,00:00:09/5-14:22:21,13) [ksoftirqd/0] (root,0,0,00:14:35/5-14:22:21,14) [rcu_preempt] (root,0,0,00:00:02/5-14:22:21,15) [migration/0] (root,0,0,00:00:00/5-14:22:21,16) [idle_inject/0] (root,0,0,00:00:00/5-14:22:21,18) [cpuhp/0] (root,0,0,00:00:00/5-14:22:21,19) [cpuhp/1] (root,0,0,00:00:00/5-14:22:21,20) [idle_inject/1] (root,0,0,00:00:02/5-14:22:21,21) [migration/1] (root,0,0,00:00:08/5-14:22:21,22) [ksoftirqd/1] (root,0,0,00:00:00/5-14:22:21,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/5-14:22:21,25) [cpuhp/2] (root,0,0,00:00:00/5-14:22:21,26) [idle_inject/2] (root,0,0,00:00:01/5-14:22:21,27) [migration/2] (root,0,0,00:12:06/5-14:22:21,28) [ksoftirqd/2] (root,0,0,00:00:00/5-14:22:21,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/5-14:22:21,31) [cpuhp/3] (root,0,0,00:00:00/5-14:22:21,32) [idle_inject/3] (root,0,0,00:00:02/5-14:22:21,33) [migration/3] (root,0,0,00:00:31/5-14:22:21,34) [ksoftirqd/3] (root,0,0,00:00:00/5-14:22:21,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/5-14:22:21,39) [kdevtmpfs] (root,0,0,00:00:00/5-14:22:21,40) [netns] (root,0,0,00:00:00/5-14:22:21,41) [inet_frag_wq] (root,0,0,00:00:01/5-14:22:21,42) [kauditd] (root,0,0,00:00:00/5-14:22:21,43) [khungtaskd] (root,0,0,00:00:00/5-14:22:21,44) [oom_reaper] (root,0,0,00:00:00/5-14:22:21,45) [writeback] (root,0,0,00:00:15/5-14:22:21,46) [kcompactd0] (root,0,0,00:00:00/5-14:22:21,47) [ksmd] (root,0,0,00:00:16/5-14:22:21,48) [khugepaged] (root,0,0,00:00:00/5-14:22:21,74) [kintegrityd] (root,0,0,00:00:00/5-14:22:21,75) [kblockd] (root,0,0,00:00:00/5-14:22:21,76) [blkcg_punt_bio] (root,0,0,00:00:00/5-14:22:21,78) [tpm_dev_wq] (root,0,0,00:00:00/5-14:22:21,79) [edac-poller] (root,0,0,00:00:00/5-14:22:21,80) [devfreq_wq] (root,0,0,00:00:00/5-14:22:21,110) [watchdogd] (root,0,0,00:00:01/5-14:22:21,111) [kworker/2:1H-kblockd] (root,0,0,00:00:00/5-14:22:21,112) [kswapd0] (root,0,0,00:00:00/5-14:22:20,114) [kthrotld] (root,0,0,00:00:00/5-14:22:20,115) [mld] (root,0,0,00:00:00/5-14:22:20,116) [ipv6_addrconf] (root,0,0,00:00:02/5-14:22:20,117) [kworker/1:1H-kblockd] (root,0,0,00:00:00/5-14:22:20,122) [kstrp] (root,0,0,00:00:00/5-14:22:20,123) [zswap-shrink] (root,0,0,00:00:00/5-14:22:20,124) [kworker/u9:0] (root,0,0,00:00:00/5-14:22:20,129) [charger_manager] (root,0,0,00:00:01/5-14:22:19,172) [kworker/3:1H-kblockd] (root,0,0,00:00:01/5-14:22:19,175) [kworker/0:1H-kblockd] (root,0,0,00:00:00/5-14:22:19,205) [kaluad] (root,0,0,00:00:00/5-14:22:19,250) [kmpath_rdacd] (root,0,0,00:00:00/5-14:22:19,293) [kmpathd] (root,0,0,00:00:00/5-14:22:19,294) [kmpath_handlerd] (root,0,0,00:00:00/5-14:22:19,342) [ata_sff] (root,0,0,00:00:00/5-14:22:18,343) [scsi_eh_0] (root,0,0,00:00:00/5-14:22:18,344) [scsi_tmf_0] (root,0,0,00:00:00/5-14:22:18,345) [scsi_eh_1] (root,0,0,00:00:00/5-14:22:18,346) [scsi_tmf_1] (root,0,0,00:00:08/5-14:22:16,366) [jbd2/vda1-8] (root,0,0,00:00:00/5-14:22:16,367) [ext4-rsv-conver] (root,38604,7544,00:00:10/5-14:22:04,440) /usr/lib/systemd/systemd-journald (root,53164,9776,00:00:00/5-14:22:03,456) /usr/lib/systemd/systemd-udevd (root,8624,6760,00:00:08/5-14:22:01,491) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1652,00:00:03/5-14:21:27,512) /sbin/auditd (messagebus,22936,5824,00:00:20/5-14:21:27,518) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8544,00:00:11/5-14:21:27,531) /usr/lib/systemd/systemd-logind (root,20556,6104,00:00:00/5-14:21:27,541) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31876,17312,00:00:03/5-14:21:26,626) /usr/sbin/wickedd --systemd --foreground (root,31896,17960,00:00:00/5-14:21:26,627) /usr/sbin/wickedd-nanny --systemd --foreground (root,547592,25572,00:00:06/5-14:21:12,1172) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26748,00:00:00/5-14:21:12,1185) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4568,00:00:30/5-14:21:11,1194) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1756,00:00:00/5-14:21:11,1197) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40568,10564,00:00:00/5-14:21:11,1199) /usr/lib/systemd/systemd --user (cm-ssh,40568,10520,00:00:00/5-14:21:11,1200) /usr/lib/systemd/systemd --user (checkmk,40560,10484,00:00:00/5-14:21:11,1201) /usr/lib/systemd/systemd --user (root,448968,8640,00:00:10/5-14:21:11,1202) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6484,00:00:43/5-14:21:11,1204) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,672,00:00:00/5-14:21:11,1206) bpfilter_umh (root,26204,8340,00:00:03/5-14:21:11,1214) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4384,00:00:00/5-14:21:11,1215) ntpd: asynchronous dns resolver (spot,276056,163712,06:08:17/5-14:21:11,1221) /usr/bin/python3.11 /usr/bin/spot (cm-ssh,48532,3192,00:00:00/5-14:21:10,1228) (sd-pam) (checkmk,48532,3192,00:00:00/5-14:21:10,1229) (sd-pam) (syslogtunnel,48532,3192,00:00:00/5-14:21:10,1245) (sd-pam) (root,24216,5348,00:00:01/5-14:21:09,1325) /usr/lib/postfix/bin//master -w (postfix,24292,8260,00:00:00/5-14:21:09,1327) qmgr -l -t fifo -u (root,8964,2668,00:00:00/5-14:21:08,1354) /usr/sbin/cron -n (root,691080,73464,00:07:06/5-14:21:02,1375) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,208320,42500,00:01:46/5-14:20:48,1380) /usr/bin/python3.11 /usr/bin/spot (root,0,0,00:00:00/09:29,3243) [kworker/u8:1-writeback] (root,0,0,00:00:00/24:24,4281) [kworker/u8:2] (root,35308,10024,00:00:00/3-16:13:57,4679) sshd: syslogtunnel [priv] (syslogtunnel,35308,5592,00:00:12/3-16:13:57,4681) sshd: syslogtunnel (root,35308,10044,00:00:00/3-16:13:42,4686) sshd: cm-ssh [priv] (cm-ssh,35308,5396,00:00:11/3-16:13:42,4688) sshd: cm-ssh (root,0,0,00:00:00/05:26,7623) [kworker/3:2-events] (postfix,24244,8216,00:00:00/56:33,11162) pickup -l -t fifo -u (root,0,0,00:00:00/02:08,11640) [kworker/1:2-events] (root,0,0,00:00:00/26:39,16093) [kworker/2:0-events] (root,0,0,00:00:00/01:48:26,17810) [kworker/3:1-events] (root,0,0,00:00:00/22:54,18198) [kworker/1:1-events] (root,0,0,00:00:00/07:20,24345) [kworker/1:0-ata_sff] (root,0,0,00:00:00/52:27,29441) [kworker/0:0-events] (root,6656,3484,00:00:00/00:00,30486) /bin/bash /usr/bin/check_mk_agent (root,13744,3520,00:00:00/00:00,30504) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,968,00:00:00/00:00,30505) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:01/03:30:20,31879) [kworker/0:2-events] (root,0,0,00:00:02/01:31:05,32749) [kworker/2:1-events] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-11-18 00:44 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363990d5d54Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189460,12768,00:00:13/3-15:15:18,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/3-15:15:18,2) [kthreadd] (root,0,0,00:00:00/3-15:15:18,3) [rcu_gp] (root,0,0,00:00:00/3-15:15:18,4) [rcu_par_gp] (root,0,0,00:00:00/3-15:15:18,5) [slub_flushwq] (root,0,0,00:00:00/3-15:15:18,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/3-15:15:18,9) [mm_percpu_wq] (root,0,0,00:00:00/3-15:15:18,10) [rcu_tasks_kthre] (root,0,0,00:00:00/3-15:15:18,11) [rcu_tasks_rude_] (root,0,0,00:00:00/3-15:15:18,12) [rcu_tasks_trace] (root,0,0,00:00:06/3-15:15:18,13) [ksoftirqd/0] (root,0,0,00:09:30/3-15:15:18,14) [rcu_preempt] (root,0,0,00:00:01/3-15:15:18,15) [migration/0] (root,0,0,00:00:00/3-15:15:18,16) [idle_inject/0] (root,0,0,00:00:00/3-15:15:18,18) [cpuhp/0] (root,0,0,00:00:00/3-15:15:18,19) [cpuhp/1] (root,0,0,00:00:00/3-15:15:18,20) [idle_inject/1] (root,0,0,00:00:01/3-15:15:18,21) [migration/1] (root,0,0,00:00:05/3-15:15:18,22) [ksoftirqd/1] (root,0,0,00:00:00/3-15:15:18,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/3-15:15:18,25) [cpuhp/2] (root,0,0,00:00:00/3-15:15:18,26) [idle_inject/2] (root,0,0,00:00:01/3-15:15:18,27) [migration/2] (root,0,0,00:08:02/3-15:15:18,28) [ksoftirqd/2] (root,0,0,00:00:00/3-15:15:18,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/3-15:15:18,31) [cpuhp/3] (root,0,0,00:00:00/3-15:15:18,32) [idle_inject/3] (root,0,0,00:00:01/3-15:15:18,33) [migration/3] (root,0,0,00:00:20/3-15:15:18,34) [ksoftirqd/3] (root,0,0,00:00:00/3-15:15:18,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/3-15:15:18,39) [kdevtmpfs] (root,0,0,00:00:00/3-15:15:18,40) [netns] (root,0,0,00:00:00/3-15:15:18,41) [inet_frag_wq] (root,0,0,00:00:01/3-15:15:18,42) [kauditd] (root,0,0,00:00:00/3-15:15:18,43) [khungtaskd] (root,0,0,00:00:00/3-15:15:18,44) [oom_reaper] (root,0,0,00:00:00/3-15:15:18,45) [writeback] (root,0,0,00:00:09/3-15:15:18,46) [kcompactd0] (root,0,0,00:00:00/3-15:15:18,47) [ksmd] (root,0,0,00:00:10/3-15:15:18,48) [khugepaged] (root,0,0,00:00:00/3-15:15:18,74) [kintegrityd] (root,0,0,00:00:00/3-15:15:18,75) [kblockd] (root,0,0,00:00:00/3-15:15:18,76) [blkcg_punt_bio] (root,0,0,00:00:00/3-15:15:18,78) [tpm_dev_wq] (root,0,0,00:00:00/3-15:15:18,79) [edac-poller] (root,0,0,00:00:00/3-15:15:18,80) [devfreq_wq] (root,0,0,00:00:00/3-15:15:18,110) [watchdogd] (root,0,0,00:00:00/3-15:15:18,111) [kworker/2:1H-kblockd] (root,0,0,00:00:00/3-15:15:18,112) [kswapd0] (root,0,0,00:00:00/3-15:15:17,114) [kthrotld] (root,0,0,00:00:00/3-15:15:17,115) [mld] (root,0,0,00:00:00/3-15:15:17,116) [ipv6_addrconf] (root,0,0,00:00:01/3-15:15:17,117) [kworker/1:1H-kblockd] (root,0,0,00:00:00/3-15:15:17,122) [kstrp] (root,0,0,00:00:00/3-15:15:17,123) [zswap-shrink] (root,0,0,00:00:00/3-15:15:17,124) [kworker/u9:0] (root,0,0,00:00:00/3-15:15:17,129) [charger_manager] (root,0,0,00:00:00/3-15:15:16,172) [kworker/3:1H-kblockd] (root,0,0,00:00:00/3-15:15:16,175) [kworker/0:1H-kblockd] (root,0,0,00:00:00/3-15:15:16,205) [kaluad] (root,0,0,00:00:00/3-15:15:16,250) [kmpath_rdacd] (root,0,0,00:00:00/3-15:15:16,293) [kmpathd] (root,0,0,00:00:00/3-15:15:16,294) [kmpath_handlerd] (root,0,0,00:00:00/3-15:15:16,342) [ata_sff] (root,0,0,00:00:00/3-15:15:15,343) [scsi_eh_0] (root,0,0,00:00:00/3-15:15:15,344) [scsi_tmf_0] (root,0,0,00:00:00/3-15:15:15,345) [scsi_eh_1] (root,0,0,00:00:00/3-15:15:15,346) [scsi_tmf_1] (root,0,0,00:00:05/3-15:15:13,366) [jbd2/vda1-8] (root,0,0,00:00:00/3-15:15:13,367) [ext4-rsv-conver] (root,38604,7544,00:00:07/3-15:15:01,440) /usr/lib/systemd/systemd-journald (root,53164,9776,00:00:00/3-15:15:00,456) /usr/lib/systemd/systemd-udevd (root,8624,6760,00:00:05/3-15:14:58,491) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1652,00:00:02/3-15:14:24,512) /sbin/auditd (messagebus,22936,5824,00:00:14/3-15:14:24,518) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8540,00:00:08/3-15:14:24,531) /usr/lib/systemd/systemd-logind (root,20556,6104,00:00:00/3-15:14:24,541) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31876,17312,00:00:03/3-15:14:23,626) /usr/sbin/wickedd --systemd --foreground (root,31896,17960,00:00:00/3-15:14:23,627) /usr/sbin/wickedd-nanny --systemd --foreground (root,547336,24748,00:00:04/3-15:14:09,1172) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26748,00:00:00/3-15:14:09,1185) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4568,00:00:18/3-15:14:08,1194) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1756,00:00:00/3-15:14:08,1197) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40568,10564,00:00:00/3-15:14:08,1199) /usr/lib/systemd/systemd --user (cm-ssh,40568,10520,00:00:00/3-15:14:08,1200) /usr/lib/systemd/systemd --user (checkmk,40560,10484,00:00:00/3-15:14:08,1201) /usr/lib/systemd/systemd --user (root,448968,8640,00:00:07/3-15:14:08,1202) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6484,00:00:28/3-15:14:08,1204) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,672,00:00:00/3-15:14:08,1206) bpfilter_umh (root,26204,8340,00:00:02/3-15:14:08,1214) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4384,00:00:00/3-15:14:08,1215) ntpd: asynchronous dns resolver (spot,273644,162244,04:12:24/3-15:14:08,1221) /usr/bin/python3.11 /usr/bin/spot (cm-ssh,48532,3192,00:00:00/3-15:14:07,1228) (sd-pam) (checkmk,48532,3192,00:00:00/3-15:14:07,1229) (sd-pam) (syslogtunnel,48532,3192,00:00:00/3-15:14:07,1245) (sd-pam) (root,0,0,00:00:00/22:03,1284) [kworker/2:1] (root,24216,5348,00:00:01/3-15:14:06,1325) /usr/lib/postfix/bin//master -w (postfix,24292,8260,00:00:00/3-15:14:06,1327) qmgr -l -t fifo -u (root,8964,2668,00:00:00/3-15:14:05,1354) /usr/sbin/cron -n (root,689544,71904,00:04:39/3-15:13:59,1375) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,207296,41156,00:01:10/3-15:13:45,1380) /usr/bin/python3.11 /usr/bin/spot (root,0,0,00:00:00/01:11:20,1655) [kworker/0:1-events] (root,0,0,00:00:04/03:46:40,3235) [kworker/2:0-events] (root,35308,10024,00:00:00/1-17:06:54,4679) sshd: syslogtunnel [priv] (syslogtunnel,35308,5592,00:00:05/1-17:06:54,4681) sshd: syslogtunnel (root,35308,10044,00:00:00/1-17:06:39,4686) sshd: cm-ssh [priv] (cm-ssh,35308,5396,00:00:05/1-17:06:39,4688) sshd: cm-ssh (root,0,0,00:00:00/02:24:28,4707) [kworker/0:2-events] (postfix,24244,8164,00:00:00/31:28,13818) pickup -l -t fifo -u (root,0,0,00:00:01/01:33:37,19322) [kworker/1:1-events] (root,0,0,00:00:00/01:31:57,25346) [kworker/u8:0-writeback] (root,0,0,00:00:00/00:14,25711) [kworker/1:2-ata_sff] (root,0,0,00:00:00/10:16,26463) [kworker/3:0-events] (root,0,0,00:00:00/05:27,28129) [kworker/1:0-ata_sff] (root,6656,3484,00:00:00/00:00,28421) /bin/bash /usr/bin/check_mk_agent (root,13744,3432,00:00:00/00:00,28439) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,28440) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:00/05:21:55,30146) [kworker/u8:2] (root,0,0,00:00:00/45:30,30663) [kworker/3:1-events] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-11-16 01:37 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363053de891Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189460,12672,00:00:07/1-14:29:01,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/1-14:29:01,2) [kthreadd] (root,0,0,00:00:00/1-14:29:01,3) [rcu_gp] (root,0,0,00:00:00/1-14:29:01,4) [rcu_par_gp] (root,0,0,00:00:00/1-14:29:01,5) [slub_flushwq] (root,0,0,00:00:00/1-14:29:01,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/1-14:29:01,9) [mm_percpu_wq] (root,0,0,00:00:00/1-14:29:01,10) [rcu_tasks_kthre] (root,0,0,00:00:00/1-14:29:01,11) [rcu_tasks_rude_] (root,0,0,00:00:00/1-14:29:01,12) [rcu_tasks_trace] (root,0,0,00:00:02/1-14:29:01,13) [ksoftirqd/0] (root,0,0,00:04:09/1-14:29:01,14) [rcu_preempt] (root,0,0,00:00:00/1-14:29:01,15) [migration/0] (root,0,0,00:00:00/1-14:29:01,16) [idle_inject/0] (root,0,0,00:00:00/1-14:29:01,18) [cpuhp/0] (root,0,0,00:00:00/1-14:29:01,19) [cpuhp/1] (root,0,0,00:00:00/1-14:29:01,20) [idle_inject/1] (root,0,0,00:00:00/1-14:29:01,21) [migration/1] (root,0,0,00:00:02/1-14:29:01,22) [ksoftirqd/1] (root,0,0,00:00:00/1-14:29:01,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/1-14:29:01,25) [cpuhp/2] (root,0,0,00:00:00/1-14:29:01,26) [idle_inject/2] (root,0,0,00:00:00/1-14:29:01,27) [migration/2] (root,0,0,00:03:26/1-14:29:01,28) [ksoftirqd/2] (root,0,0,00:00:00/1-14:29:01,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/1-14:29:01,31) [cpuhp/3] (root,0,0,00:00:00/1-14:29:01,32) [idle_inject/3] (root,0,0,00:00:00/1-14:29:01,33) [migration/3] (root,0,0,00:00:08/1-14:29:01,34) [ksoftirqd/3] (root,0,0,00:00:00/1-14:29:01,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/1-14:29:01,39) [kdevtmpfs] (root,0,0,00:00:00/1-14:29:01,40) [netns] (root,0,0,00:00:00/1-14:29:01,41) [inet_frag_wq] (root,0,0,00:00:00/1-14:29:01,42) [kauditd] (root,0,0,00:00:00/1-14:29:01,43) [khungtaskd] (root,0,0,00:00:00/1-14:29:01,44) [oom_reaper] (root,0,0,00:00:00/1-14:29:01,45) [writeback] (root,0,0,00:00:04/1-14:29:01,46) [kcompactd0] (root,0,0,00:00:00/1-14:29:01,47) [ksmd] (root,0,0,00:00:04/1-14:29:01,48) [khugepaged] (root,0,0,00:00:00/1-14:29:01,74) [kintegrityd] (root,0,0,00:00:00/1-14:29:01,75) [kblockd] (root,0,0,00:00:00/1-14:29:01,76) [blkcg_punt_bio] (root,0,0,00:00:00/1-14:29:01,78) [tpm_dev_wq] (root,0,0,00:00:00/1-14:29:01,79) [edac-poller] (root,0,0,00:00:00/1-14:29:01,80) [devfreq_wq] (root,0,0,00:00:00/1-14:29:01,110) [watchdogd] (root,0,0,00:00:00/1-14:29:01,111) [kworker/2:1H-kblockd] (root,0,0,00:00:00/1-14:29:01,112) [kswapd0] (root,0,0,00:00:00/1-14:29:00,114) [kthrotld] (root,0,0,00:00:00/1-14:29:00,115) [mld] (root,0,0,00:00:00/1-14:29:00,116) [ipv6_addrconf] (root,0,0,00:00:00/1-14:29:00,117) [kworker/1:1H-kblockd] (root,0,0,00:00:00/1-14:29:00,122) [kstrp] (root,0,0,00:00:00/1-14:29:00,123) [zswap-shrink] (root,0,0,00:00:00/1-14:29:00,124) [kworker/u9:0] (root,0,0,00:00:00/1-14:29:00,129) [charger_manager] (root,0,0,00:00:00/1-14:28:59,172) [kworker/3:1H-kblockd] (root,0,0,00:00:00/1-14:28:59,175) [kworker/0:1H-kblockd] (root,0,0,00:00:00/1-14:28:59,205) [kaluad] (root,0,0,00:00:00/1-14:28:59,250) [kmpath_rdacd] (root,0,0,00:00:00/1-14:28:59,293) [kmpathd] (root,0,0,00:00:00/1-14:28:59,294) [kmpath_handlerd] (root,0,0,00:00:00/1-14:28:59,342) [ata_sff] (root,0,0,00:00:00/1-14:28:58,343) [scsi_eh_0] (root,0,0,00:00:00/1-14:28:58,344) [scsi_tmf_0] (root,0,0,00:00:00/1-14:28:58,345) [scsi_eh_1] (root,0,0,00:00:00/1-14:28:58,346) [scsi_tmf_1] (root,0,0,00:00:02/1-14:28:56,366) [jbd2/vda1-8] (root,0,0,00:00:00/1-14:28:56,367) [ext4-rsv-conver] (root,38604,7544,00:00:03/1-14:28:44,440) /usr/lib/systemd/systemd-journald (root,53164,9776,00:00:00/1-14:28:43,456) /usr/lib/systemd/systemd-udevd (root,8624,6760,00:00:02/1-14:28:41,491) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1652,00:00:01/1-14:28:07,512) /sbin/auditd (messagebus,22936,5824,00:00:07/1-14:28:07,518) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8508,00:00:03/1-14:28:07,531) /usr/lib/systemd/systemd-logind (root,20556,6104,00:00:00/1-14:28:07,541) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31876,17312,00:00:03/1-14:28:06,626) /usr/sbin/wickedd --systemd --foreground (root,31896,17960,00:00:00/1-14:28:06,627) /usr/sbin/wickedd-nanny --systemd --foreground (root,547336,24220,00:00:02/1-14:27:52,1172) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26748,00:00:00/1-14:27:52,1185) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4568,00:00:07/1-14:27:51,1194) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1756,00:00:00/1-14:27:51,1197) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40568,10564,00:00:00/1-14:27:51,1199) /usr/lib/systemd/systemd --user (cm-ssh,40568,10520,00:00:00/1-14:27:51,1200) /usr/lib/systemd/systemd --user (checkmk,40560,10484,00:00:00/1-14:27:51,1201) /usr/lib/systemd/systemd --user (root,448724,7840,00:00:03/1-14:27:51,1202) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6484,00:00:12/1-14:27:51,1204) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,672,00:00:00/1-14:27:51,1206) bpfilter_umh (root,26204,8340,00:00:01/1-14:27:51,1214) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4384,00:00:00/1-14:27:51,1215) ntpd: asynchronous dns resolver (spot,198836,161644,01:47:30/1-14:27:51,1221) /usr/bin/python3.11 /usr/bin/spot (cm-ssh,48532,3192,00:00:00/1-14:27:50,1228) (sd-pam) (checkmk,48532,3192,00:00:00/1-14:27:50,1229) (sd-pam) (syslogtunnel,48532,3192,00:00:00/1-14:27:50,1245) (sd-pam) (root,24216,5348,00:00:00/1-14:27:49,1325) /usr/lib/postfix/bin//master -w (postfix,24292,8260,00:00:00/1-14:27:49,1327) qmgr -l -t fifo -u (root,8964,2668,00:00:00/1-14:27:48,1354) /usr/sbin/cron -n (root,35308,9992,00:00:00/1-14:27:44,1368) sshd: syslogtunnel [priv] (syslogtunnel,35308,5400,00:00:05/1-14:27:44,1371) sshd: syslogtunnel (root,689288,71288,00:02:04/1-14:27:42,1375) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,206272,40784,00:00:32/1-14:27:28,1380) /usr/bin/python3.11 /usr/bin/spot (root,35308,9976,00:00:00/1-14:27:09,1434) sshd: cm-ssh [priv] (cm-ssh,35308,5468,00:00:04/1-14:27:09,1436) sshd: cm-ssh (root,0,0,00:00:00/35:54,4324) [kworker/3:1-events] (root,0,0,00:00:00/01:08,9053) [kworker/0:1-events] (root,0,0,00:00:00/01:04:03,9251) [kworker/0:2-cgroup_destroy] (root,0,0,00:00:00/10:14,9695) [kworker/1:2-ata_sff] (root,0,0,00:00:00/25:48,10983) [kworker/1:1-events] (root,0,0,00:00:00/25:42,11248) [kworker/u8:0-flush-253:0] (root,6656,3484,00:00:00/00:00,12176) /bin/bash /usr/bin/check_mk_agent (root,13744,3488,00:00:00/00:00,12194) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,968,00:00:00/00:00,12195) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:00/08:09,17050) [kworker/3:0-events] (postfix,24244,8184,00:00:00/07:09,18869) pickup -l -t fifo -u (root,0,0,00:00:00/05:04,21402) [kworker/1:0-ata_sff] (root,0,0,00:00:00/15:17,23650) [kworker/2:1] (root,0,0,00:00:00/01:51:03,28896) [kworker/0:0-events] (root,0,0,00:00:00/01:50:43,29594) [kworker/u8:1] (root,0,0,00:00:01/01:07:40,32356) [kworker/2:0-events] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-11-14 00:51 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe56836336b2ebcdFound public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189584,12368,00:03:07/62-14:00:44,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:01/62-14:00:44,2) [kthreadd] (root,0,0,00:00:00/62-14:00:44,3) [rcu_gp] (root,0,0,00:00:00/62-14:00:44,4) [rcu_par_gp] (root,0,0,00:00:00/62-14:00:44,5) [slub_flushwq] (root,0,0,00:00:00/62-14:00:44,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/62-14:00:44,9) [mm_percpu_wq] (root,0,0,00:00:00/62-14:00:44,10) [rcu_tasks_kthre] (root,0,0,00:00:00/62-14:00:44,11) [rcu_tasks_rude_] (root,0,0,00:00:00/62-14:00:44,12) [rcu_tasks_trace] (root,0,0,00:01:52/62-14:00:44,13) [ksoftirqd/0] (root,0,0,02:54:11/62-14:00:44,14) [rcu_preempt] (root,0,0,00:00:23/62-14:00:44,15) [migration/0] (root,0,0,00:00:00/62-14:00:44,16) [idle_inject/0] (root,0,0,00:00:00/62-14:00:44,18) [cpuhp/0] (root,0,0,00:00:00/62-14:00:44,19) [cpuhp/1] (root,0,0,00:00:00/62-14:00:44,20) [idle_inject/1] (root,0,0,00:00:23/62-14:00:44,21) [migration/1] (root,0,0,00:01:33/62-14:00:44,22) [ksoftirqd/1] (root,0,0,00:00:00/62-14:00:44,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/62-14:00:44,25) [cpuhp/2] (root,0,0,00:00:00/62-14:00:44,26) [idle_inject/2] (root,0,0,00:00:17/62-14:00:44,27) [migration/2] (root,0,0,01:53:33/62-14:00:44,28) [ksoftirqd/2] (root,0,0,00:00:00/62-14:00:44,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/62-14:00:44,31) [cpuhp/3] (root,0,0,00:00:00/62-14:00:44,32) [idle_inject/3] (root,0,0,00:00:22/62-14:00:44,33) [migration/3] (root,0,0,00:05:43/62-14:00:44,34) [ksoftirqd/3] (root,0,0,00:00:00/62-14:00:44,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/62-14:00:44,40) [kdevtmpfs] (root,0,0,00:00:00/62-14:00:44,41) [netns] (root,0,0,00:00:00/62-14:00:44,42) [inet_frag_wq] (root,0,0,00:00:22/62-14:00:44,43) [kauditd] (root,0,0,00:00:00/62-14:00:44,44) [khungtaskd] (root,0,0,00:00:00/62-14:00:44,45) [oom_reaper] (root,0,0,00:00:00/62-14:00:44,46) [writeback] (root,0,0,00:03:11/62-14:00:44,47) [kcompactd0] (root,0,0,00:00:00/62-14:00:44,48) [ksmd] (root,0,0,00:03:27/62-14:00:44,49) [khugepaged] (root,0,0,00:00:00/62-14:00:44,75) [kintegrityd] (root,0,0,00:00:00/62-14:00:44,76) [kblockd] (root,0,0,00:00:00/62-14:00:44,77) [blkcg_punt_bio] (root,0,0,00:00:00/62-14:00:44,79) [tpm_dev_wq] (root,0,0,00:00:00/62-14:00:44,80) [edac-poller] (root,0,0,00:00:00/62-14:00:44,81) [devfreq_wq] (root,0,0,00:00:00/62-14:00:44,110) [watchdogd] (root,0,0,00:00:05/62-14:00:44,111) [kswapd0] (root,0,0,00:00:16/62-14:00:44,113) [kworker/2:1H-kblockd] (root,0,0,00:00:00/62-14:00:42,115) [kthrotld] (root,0,0,00:00:00/62-14:00:42,116) [mld] (root,0,0,00:00:00/62-14:00:42,117) [ipv6_addrconf] (root,0,0,00:00:16/62-14:00:42,118) [kworker/0:1H-kblockd] (root,0,0,00:00:00/62-14:00:42,123) [kstrp] (root,0,0,00:00:00/62-14:00:42,124) [zswap-shrink] (root,0,0,00:00:00/62-14:00:42,125) [kworker/u9:0] (root,0,0,00:00:00/62-14:00:42,130) [charger_manager] (root,0,0,00:00:18/62-14:00:42,172) [kworker/1:1H-kblockd] (root,0,0,00:00:27/62-14:00:42,177) [kworker/3:1H-kblockd] (root,0,0,00:00:00/62-14:00:41,239) [kaluad] (root,0,0,00:00:00/62-14:00:41,258) [kmpath_rdacd] (root,0,0,00:00:00/62-14:00:41,304) [kmpathd] (root,0,0,00:00:00/62-14:00:41,305) [kmpath_handlerd] (root,0,0,00:00:00/62-14:00:40,342) [ata_sff] (root,0,0,00:00:00/62-14:00:40,343) [scsi_eh_0] (root,0,0,00:00:00/62-14:00:40,344) [scsi_tmf_0] (root,0,0,00:00:00/62-14:00:40,345) [scsi_eh_1] (root,0,0,00:00:00/62-14:00:40,346) [scsi_tmf_1] (root,0,0,00:01:59/62-14:00:37,366) [jbd2/vda1-8] (root,0,0,00:00:00/62-14:00:37,367) [ext4-rsv-conver] (root,38604,7852,00:01:47/62-14:00:25,440) /usr/lib/systemd/systemd-journald (root,53296,9324,00:00:07/62-14:00:24,454) /usr/lib/systemd/systemd-udevd (root,8624,6128,00:01:36/62-14:00:22,492) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1584,00:00:39/62-13:59:51,511) /sbin/auditd (messagebus,22932,5400,00:03:34/62-13:59:50,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38880,8288,00:02:01/62-13:59:50,530) /usr/lib/systemd/systemd-logind (root,20556,4152,00:00:00/62-13:59:50,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31704,15472,00:00:03/62-13:59:48,611) /usr/sbin/wickedd --systemd --foreground (root,31900,15904,00:00:00/62-13:59:48,616) /usr/sbin/wickedd-nanny --systemd --foreground (root,549384,31628,00:01:13/62-13:59:34,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,25404,00:00:00/62-13:59:34,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4512,00:06:04/62-13:59:34,1337) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1796,00:00:00/62-13:59:34,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40564,10436,00:00:00/62-13:59:34,1341) /usr/lib/systemd/systemd --user (cm-ssh,40560,10636,00:00:00/62-13:59:34,1342) /usr/lib/systemd/systemd --user (checkmk,40568,10492,00:00:00/62-13:59:34,1343) /usr/lib/systemd/systemd --user (root,449060,7988,00:01:56/62-13:59:34,1345) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,5712,00:08:52/62-13:59:34,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,656,00:00:00/62-13:59:34,1352) bpfilter_umh (root,26204,8096,00:00:33/62-13:59:34,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,3940,00:00:00/62-13:59:34,1359) ntpd: asynchronous dns resolver (spot,362784,213588,3-11:08:27/62-13:59:33,1368) /usr/bin/python3.11 /usr/bin/spot (syslogtunnel,48528,3180,00:00:00/62-13:59:33,1371) (sd-pam) (checkmk,48528,3180,00:00:00/62-13:59:33,1372) (sd-pam) (cm-ssh,48528,3180,00:00:00/62-13:59:33,1373) (sd-pam) (root,24216,5256,00:00:22/62-13:59:31,1468) /usr/lib/postfix/bin//master -w (postfix,24292,8228,00:00:04/62-13:59:31,1470) qmgr -l -t fifo -u (root,8964,2656,00:00:08/62-13:59:31,1485) /usr/sbin/cron -n (root,699464,78300,01:26:27/62-13:59:25,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,0,0,00:00:00/01:35:19,1818) [kworker/1:0-events] (spot,236992,82964,00:31:55/62-13:59:13,1995) /usr/bin/python3.11 /usr/bin/spot (postfix,44628,9104,00:00:02/56-19:34:48,2557) tlsmgr -l -t unix -u (root,0,0,00:00:00/11:10,3650) [kworker/u8:1-writeback] (root,0,0,00:00:00/04:18,6230) [kworker/2:0] (root,35304,10040,00:00:00/24-14:27:43,10512) sshd: syslogtunnel [priv] (syslogtunnel,35304,5440,00:01:32/24-14:27:42,10514) sshd: syslogtunnel (root,0,0,00:00:00/09:15,11889) [kworker/0:0-events] (root,0,0,00:00:00/01:48:46,12427) [kworker/u8:2-ext4-rsv-conversion] (root,0,0,00:00:00/02:05,14279) [kworker/3:0-ata_sff] (root,0,0,00:00:00/58:29,14894) [kworker/1:1] (root,0,0,00:00:01/03:01:22,19079) [kworker/2:2-events] (postfix,24244,8252,00:00:00/01:10:15,21014) pickup -l -t fifo -u (root,6656,3484,00:00:00/00:00,22052) /bin/bash /usr/bin/check_mk_agent (root,13744,3408,00:00:00/00:00,22070) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,952,00:00:00/00:00,22071) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:00/07:15,24140) [kworker/3:2-ata_sff] (root,0,0,00:00:00/14:13,25190) [kworker/2:1-cgroup_destroy] (root,0,0,00:00:00/01:19:54,25290) [kworker/3:1-events] (root,0,0,00:00:00/01:18:08,30822) [kworker/0:1-events] (root,35308,10028,00:00:00/24-15:13:56,30945) sshd: cm-ssh [priv] (cm-ssh,35308,5584,00:01:22/24-15:13:55,30947) sshd: cm-ssh Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-11-12 00:49 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363d576fa55Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189584,12392,00:02:58/60-11:32:27,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:01/60-11:32:27,2) [kthreadd] (root,0,0,00:00:00/60-11:32:27,3) [rcu_gp] (root,0,0,00:00:00/60-11:32:27,4) [rcu_par_gp] (root,0,0,00:00:00/60-11:32:27,5) [slub_flushwq] (root,0,0,00:00:00/60-11:32:27,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/60-11:32:27,9) [mm_percpu_wq] (root,0,0,00:00:00/60-11:32:27,10) [rcu_tasks_kthre] (root,0,0,00:00:00/60-11:32:27,11) [rcu_tasks_rude_] (root,0,0,00:00:00/60-11:32:27,12) [rcu_tasks_trace] (root,0,0,00:01:48/60-11:32:27,13) [ksoftirqd/0] (root,0,0,02:48:49/60-11:32:27,14) [rcu_preempt] (root,0,0,00:00:23/60-11:32:27,15) [migration/0] (root,0,0,00:00:00/60-11:32:27,16) [idle_inject/0] (root,0,0,00:00:00/60-11:32:27,18) [cpuhp/0] (root,0,0,00:00:00/60-11:32:27,19) [cpuhp/1] (root,0,0,00:00:00/60-11:32:27,20) [idle_inject/1] (root,0,0,00:00:23/60-11:32:27,21) [migration/1] (root,0,0,00:01:29/60-11:32:27,22) [ksoftirqd/1] (root,0,0,00:00:00/60-11:32:27,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/60-11:32:27,25) [cpuhp/2] (root,0,0,00:00:00/60-11:32:27,26) [idle_inject/2] (root,0,0,00:00:17/60-11:32:27,27) [migration/2] (root,0,0,01:49:21/60-11:32:27,28) [ksoftirqd/2] (root,0,0,00:00:00/60-11:32:27,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/60-11:32:27,31) [cpuhp/3] (root,0,0,00:00:00/60-11:32:27,32) [idle_inject/3] (root,0,0,00:00:21/60-11:32:27,33) [migration/3] (root,0,0,00:05:32/60-11:32:27,34) [ksoftirqd/3] (root,0,0,00:00:00/60-11:32:27,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/60-11:32:27,40) [kdevtmpfs] (root,0,0,00:00:00/60-11:32:27,41) [netns] (root,0,0,00:00:00/60-11:32:27,42) [inet_frag_wq] (root,0,0,00:00:21/60-11:32:27,43) [kauditd] (root,0,0,00:00:00/60-11:32:27,44) [khungtaskd] (root,0,0,00:00:00/60-11:32:27,45) [oom_reaper] (root,0,0,00:00:00/60-11:32:27,46) [writeback] (root,0,0,00:03:04/60-11:32:27,47) [kcompactd0] (root,0,0,00:00:00/60-11:32:27,48) [ksmd] (root,0,0,00:03:20/60-11:32:27,49) [khugepaged] (root,0,0,00:00:00/60-11:32:27,75) [kintegrityd] (root,0,0,00:00:00/60-11:32:27,76) [kblockd] (root,0,0,00:00:00/60-11:32:27,77) [blkcg_punt_bio] (root,0,0,00:00:00/60-11:32:27,79) [tpm_dev_wq] (root,0,0,00:00:00/60-11:32:27,80) [edac-poller] (root,0,0,00:00:00/60-11:32:27,81) [devfreq_wq] (root,0,0,00:00:00/60-11:32:27,110) [watchdogd] (root,0,0,00:00:04/60-11:32:27,111) [kswapd0] (root,0,0,00:00:15/60-11:32:27,113) [kworker/2:1H-kblockd] (root,0,0,00:00:00/60-11:32:25,115) [kthrotld] (root,0,0,00:00:00/60-11:32:25,116) [mld] (root,0,0,00:00:00/60-11:32:25,117) [ipv6_addrconf] (root,0,0,00:00:16/60-11:32:25,118) [kworker/0:1H-kblockd] (root,0,0,00:00:00/60-11:32:25,123) [kstrp] (root,0,0,00:00:00/60-11:32:25,124) [zswap-shrink] (root,0,0,00:00:00/60-11:32:25,125) [kworker/u9:0] (root,0,0,00:00:00/60-11:32:25,130) [charger_manager] (root,0,0,00:00:18/60-11:32:25,172) [kworker/1:1H-kblockd] (root,0,0,00:00:26/60-11:32:25,177) [kworker/3:1H-kblockd] (root,0,0,00:00:00/60-11:32:24,239) [kaluad] (root,0,0,00:00:00/60-11:32:24,258) [kmpath_rdacd] (root,0,0,00:00:00/60-11:32:24,304) [kmpathd] (root,0,0,00:00:00/60-11:32:24,305) [kmpath_handlerd] (root,0,0,00:00:00/60-11:32:23,342) [ata_sff] (root,0,0,00:00:00/60-11:32:23,343) [scsi_eh_0] (root,0,0,00:00:00/60-11:32:23,344) [scsi_tmf_0] (root,0,0,00:00:00/60-11:32:23,345) [scsi_eh_1] (root,0,0,00:00:00/60-11:32:23,346) [scsi_tmf_1] (root,0,0,00:01:56/60-11:32:20,366) [jbd2/vda1-8] (root,0,0,00:00:00/60-11:32:20,367) [ext4-rsv-conver] (root,38604,7852,00:01:43/60-11:32:08,440) /usr/lib/systemd/systemd-journald (root,53296,9420,00:00:06/60-11:32:07,454) /usr/lib/systemd/systemd-udevd (root,8624,6128,00:01:33/60-11:32:05,492) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1588,00:00:37/60-11:31:34,511) /sbin/auditd (messagebus,22932,5400,00:03:23/60-11:31:33,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8256,00:01:55/60-11:31:33,530) /usr/lib/systemd/systemd-logind (root,20556,4468,00:00:00/60-11:31:33,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31704,15800,00:00:03/60-11:31:31,611) /usr/sbin/wickedd --systemd --foreground (root,31900,16232,00:00:00/60-11:31:31,616) /usr/sbin/wickedd-nanny --systemd --foreground (root,549384,31636,00:01:11/60-11:31:17,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,25404,00:00:00/60-11:31:17,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4512,00:05:52/60-11:31:17,1337) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1796,00:00:00/60-11:31:17,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40564,10436,00:00:00/60-11:31:17,1341) /usr/lib/systemd/systemd --user (cm-ssh,40560,10636,00:00:00/60-11:31:17,1342) /usr/lib/systemd/systemd --user (checkmk,40568,10492,00:00:00/60-11:31:17,1343) /usr/lib/systemd/systemd --user (root,449060,8208,00:01:51/60-11:31:17,1345) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,5712,00:08:36/60-11:31:17,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,656,00:00:00/60-11:31:17,1352) bpfilter_umh (root,26204,8096,00:00:31/60-11:31:17,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,3940,00:00:00/60-11:31:17,1359) ntpd: asynchronous dns resolver (spot,362208,213460,3-08:20:54/60-11:31:16,1368) /usr/bin/python3.11 /usr/bin/spot (syslogtunnel,48528,3180,00:00:00/60-11:31:16,1371) (sd-pam) (checkmk,48528,3180,00:00:00/60-11:31:16,1372) (sd-pam) (cm-ssh,48528,3180,00:00:00/60-11:31:16,1373) (sd-pam) (root,24216,5260,00:00:21/60-11:31:14,1468) /usr/lib/postfix/bin//master -w (postfix,24292,8228,00:00:04/60-11:31:14,1470) qmgr -l -t fifo -u (root,8964,2656,00:00:08/60-11:31:14,1485) /usr/sbin/cron -n (root,699208,78092,01:23:37/60-11:31:08,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,235968,82036,00:31:02/60-11:30:56,1995) /usr/bin/python3.11 /usr/bin/spot (postfix,44628,9136,00:00:02/54-17:06:31,2557) tlsmgr -l -t unix -u (root,0,0,00:00:00/18:10,3474) [kworker/2:2-events] (root,0,0,00:00:00/01:57:04,4301) [kworker/u8:0-ext4-rsv-conversion] (root,0,0,00:00:00/25:18,5269) [kworker/1:2-events] (root,35304,10040,00:00:00/22-11:59:26,10512) sshd: syslogtunnel [priv] (syslogtunnel,35304,5440,00:01:24/22-11:59:25,10514) sshd: syslogtunnel (root,0,0,00:00:00/10:01,11321) [kworker/3:2-ata_sff] (root,6656,3484,00:00:00/00:00,15781) /bin/bash /usr/bin/check_mk_agent (root,13744,3532,00:00:00/00:00,15799) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,960,00:00:00/00:00,15800) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:00/08:38,16122) [kworker/0:0-cgroup_destroy] (postfix,24244,8276,00:00:00/43:04,18926) pickup -l -t fifo -u (root,0,0,00:00:00/03:47:05,23571) [kworker/u8:2-flush-253:0] (root,0,0,00:00:00/06:16,25987) [kworker/1:1-events] (root,0,0,00:00:00/41:10,28209) [kworker/3:1-events] (root,0,0,00:00:00/20:31,29474) [kworker/0:2-events] (root,35308,10028,00:00:00/22-12:45:39,30945) sshd: cm-ssh [priv] (cm-ssh,35308,5584,00:01:15/22-12:45:38,30947) sshd: cm-ssh (root,0,0,00:00:00/04:51,31494) [kworker/3:0-ata_sff] (root,0,0,00:00:00/46:32,32443) [kworker/2:0-events] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-11-09 22:21 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363a80b38c0Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189584,14416,00:02:49/58-13:32:00,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:01/58-13:32:00,2) [kthreadd] (root,0,0,00:00:00/58-13:32:00,3) [rcu_gp] (root,0,0,00:00:00/58-13:32:00,4) [rcu_par_gp] (root,0,0,00:00:00/58-13:32:00,5) [slub_flushwq] (root,0,0,00:00:00/58-13:32:00,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/58-13:32:00,9) [mm_percpu_wq] (root,0,0,00:00:00/58-13:32:00,10) [rcu_tasks_kthre] (root,0,0,00:00:00/58-13:32:00,11) [rcu_tasks_rude_] (root,0,0,00:00:00/58-13:32:00,12) [rcu_tasks_trace] (root,0,0,00:01:44/58-13:32:00,13) [ksoftirqd/0] (root,0,0,02:43:50/58-13:32:00,14) [rcu_preempt] (root,0,0,00:00:22/58-13:32:00,15) [migration/0] (root,0,0,00:00:00/58-13:32:00,16) [idle_inject/0] (root,0,0,00:00:00/58-13:32:00,18) [cpuhp/0] (root,0,0,00:00:00/58-13:32:00,19) [cpuhp/1] (root,0,0,00:00:00/58-13:32:00,20) [idle_inject/1] (root,0,0,00:00:22/58-13:32:00,21) [migration/1] (root,0,0,00:01:26/58-13:32:00,22) [ksoftirqd/1] (root,0,0,00:00:00/58-13:32:00,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/58-13:32:00,25) [cpuhp/2] (root,0,0,00:00:00/58-13:32:00,26) [idle_inject/2] (root,0,0,00:00:16/58-13:32:00,27) [migration/2] (root,0,0,01:44:41/58-13:32:00,28) [ksoftirqd/2] (root,0,0,00:00:00/58-13:32:00,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/58-13:32:00,31) [cpuhp/3] (root,0,0,00:00:00/58-13:32:00,32) [idle_inject/3] (root,0,0,00:00:20/58-13:32:00,33) [migration/3] (root,0,0,00:05:20/58-13:32:00,34) [ksoftirqd/3] (root,0,0,00:00:00/58-13:32:00,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/58-13:32:00,40) [kdevtmpfs] (root,0,0,00:00:00/58-13:32:00,41) [netns] (root,0,0,00:00:00/58-13:32:00,42) [inet_frag_wq] (root,0,0,00:00:20/58-13:32:00,43) [kauditd] (root,0,0,00:00:00/58-13:32:00,44) [khungtaskd] (root,0,0,00:00:00/58-13:32:00,45) [oom_reaper] (root,0,0,00:00:00/58-13:32:00,46) [writeback] (root,0,0,00:02:59/58-13:32:00,47) [kcompactd0] (root,0,0,00:00:00/58-13:32:00,48) [ksmd] (root,0,0,00:03:14/58-13:32:00,49) [khugepaged] (root,0,0,00:00:00/58-13:32:00,75) [kintegrityd] (root,0,0,00:00:00/58-13:32:00,76) [kblockd] (root,0,0,00:00:00/58-13:32:00,77) [blkcg_punt_bio] (root,0,0,00:00:00/58-13:32:00,79) [tpm_dev_wq] (root,0,0,00:00:00/58-13:32:00,80) [edac-poller] (root,0,0,00:00:00/58-13:32:00,81) [devfreq_wq] (root,0,0,00:00:00/58-13:32:00,110) [watchdogd] (root,0,0,00:00:04/58-13:32:00,111) [kswapd0] (root,0,0,00:00:15/58-13:32:00,113) [kworker/2:1H-kblockd] (root,0,0,00:00:00/58-13:31:58,115) [kthrotld] (root,0,0,00:00:00/58-13:31:58,116) [mld] (root,0,0,00:00:00/58-13:31:58,117) [ipv6_addrconf] (root,0,0,00:00:16/58-13:31:58,118) [kworker/0:1H-kblockd] (root,0,0,00:00:00/58-13:31:58,123) [kstrp] (root,0,0,00:00:00/58-13:31:58,124) [zswap-shrink] (root,0,0,00:00:00/58-13:31:58,125) [kworker/u9:0] (root,0,0,00:00:00/58-13:31:58,130) [charger_manager] (root,0,0,00:00:17/58-13:31:58,172) [kworker/1:1H-kblockd] (root,0,0,00:00:25/58-13:31:58,177) [kworker/3:1H-kblockd] (root,0,0,00:00:00/58-13:31:57,239) [kaluad] (root,0,0,00:00:00/58-13:31:57,258) [kmpath_rdacd] (root,0,0,00:00:00/58-13:31:57,304) [kmpathd] (root,0,0,00:00:00/58-13:31:57,305) [kmpath_handlerd] (root,0,0,00:00:00/58-13:31:56,342) [ata_sff] (root,0,0,00:00:00/58-13:31:56,343) [scsi_eh_0] (root,0,0,00:00:00/58-13:31:56,344) [scsi_tmf_0] (root,0,0,00:00:00/58-13:31:56,345) [scsi_eh_1] (root,0,0,00:00:00/58-13:31:56,346) [scsi_tmf_1] (root,0,0,00:01:52/58-13:31:53,366) [jbd2/vda1-8] (root,0,0,00:00:00/58-13:31:53,367) [ext4-rsv-conver] (root,38604,7852,00:01:38/58-13:31:41,440) /usr/lib/systemd/systemd-journald (root,53296,9420,00:00:06/58-13:31:40,454) /usr/lib/systemd/systemd-udevd (root,8624,6128,00:01:30/58-13:31:38,492) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1588,00:00:35/58-13:31:07,511) /sbin/auditd (messagebus,22932,5400,00:03:12/58-13:31:06,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8256,00:01:49/58-13:31:06,530) /usr/lib/systemd/systemd-logind (root,20556,4468,00:00:00/58-13:31:06,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31704,15800,00:00:03/58-13:31:04,611) /usr/sbin/wickedd --systemd --foreground (root,31900,16232,00:00:00/58-13:31:04,616) /usr/sbin/wickedd-nanny --systemd --foreground (root,0,0,00:00:00/01:13:21,788) [kworker/3:0-events] (root,549128,31272,00:01:09/58-13:30:50,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,25404,00:00:00/58-13:30:50,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4512,00:05:43/58-13:30:50,1337) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1796,00:00:00/58-13:30:50,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40564,10436,00:00:00/58-13:30:50,1341) /usr/lib/systemd/systemd --user (cm-ssh,40560,10636,00:00:00/58-13:30:50,1342) /usr/lib/systemd/systemd --user (checkmk,40568,10492,00:00:00/58-13:30:50,1343) /usr/lib/systemd/systemd --user (root,449060,8312,00:01:47/58-13:30:50,1345) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,5712,00:08:20/58-13:30:50,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,656,00:00:00/58-13:30:50,1352) bpfilter_umh (root,26204,8096,00:00:30/58-13:30:50,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,3940,00:00:00/58-13:30:50,1359) ntpd: asynchronous dns resolver (spot,363184,214444,3-05:22:44/58-13:30:49,1368) /usr/bin/python3.11 /usr/bin/spot (syslogtunnel,48528,3180,00:00:00/58-13:30:49,1371) (sd-pam) (checkmk,48528,3180,00:00:00/58-13:30:49,1372) (sd-pam) (cm-ssh,48528,3180,00:00:00/58-13:30:49,1373) (sd-pam) (root,24216,5260,00:00:20/58-13:30:47,1468) /usr/lib/postfix/bin//master -w (postfix,24292,8228,00:00:04/58-13:30:47,1470) qmgr -l -t fifo -u (root,8964,2656,00:00:08/58-13:30:47,1485) /usr/sbin/cron -n (root,698952,79684,01:21:00/58-13:30:41,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,234944,80364,00:30:17/58-13:30:29,1995) /usr/bin/python3.11 /usr/bin/spot (postfix,44628,9136,00:00:02/52-19:06:04,2557) tlsmgr -l -t unix -u (root,6656,3488,00:00:00/00:00,5037) /bin/bash /usr/bin/check_mk_agent (root,6656,3488,00:00:00/00:00,5064) /bin/bash /usr/bin/check_mk_agent (root,13744,3528,00:00:00/00:00,5099) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,5101) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:00/01:19:35,6651) [kworker/u8:2-ext4-rsv-conversion] (root,35304,10040,00:00:00/20-13:58:59,10512) sshd: syslogtunnel [priv] (syslogtunnel,35304,5440,00:01:17/20-13:58:58,10514) sshd: syslogtunnel (root,0,0,00:00:00/05:55,12633) [kworker/3:2-ata_sff] (root,0,0,00:00:00/05:12,15884) [kworker/u8:1-flush-253:0] (root,0,0,00:00:01/02:54:36,16568) [kworker/2:2-events] (root,0,0,00:00:00/01:07:48,19316) [kworker/0:0-cgroup_destroy] (root,0,0,00:00:00/28:37,19469) [kworker/1:0] (root,0,0,00:00:00/49:25,19788) [kworker/1:1-events] (postfix,24244,8272,00:00:00/01:24:23,20776) pickup -l -t fifo -u (root,0,0,00:00:00/03:21,21124) [kworker/2:1-events] (root,0,0,00:00:00/02:42:34,22600) [kworker/u8:0-ext4-rsv-conversion] (root,0,0,00:00:00/12:37,23059) [kworker/2:0-events] (root,0,0,00:00:00/02:33:58,26097) [kworker/0:2-events] (root,35308,10028,00:00:00/20-14:45:12,30945) sshd: cm-ssh [priv] (cm-ssh,35308,5584,00:01:09/20-14:45:11,30947) sshd: cm-ssh (root,0,0,00:00:00/00:44,30952) [kworker/3:1-ata_sff] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-11-08 00:20 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363584f6cc4Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189584,12392,00:02:39/56-13:06:52,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:01/56-13:06:52,2) [kthreadd] (root,0,0,00:00:00/56-13:06:52,3) [rcu_gp] (root,0,0,00:00:00/56-13:06:52,4) [rcu_par_gp] (root,0,0,00:00:00/56-13:06:52,5) [slub_flushwq] (root,0,0,00:00:00/56-13:06:52,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/56-13:06:52,9) [mm_percpu_wq] (root,0,0,00:00:00/56-13:06:52,10) [rcu_tasks_kthre] (root,0,0,00:00:00/56-13:06:52,11) [rcu_tasks_rude_] (root,0,0,00:00:00/56-13:06:52,12) [rcu_tasks_trace] (root,0,0,00:01:41/56-13:06:52,13) [ksoftirqd/0] (root,0,0,02:38:28/56-13:06:52,14) [rcu_preempt] (root,0,0,00:00:21/56-13:06:52,15) [migration/0] (root,0,0,00:00:00/56-13:06:52,16) [idle_inject/0] (root,0,0,00:00:00/56-13:06:52,18) [cpuhp/0] (root,0,0,00:00:00/56-13:06:52,19) [cpuhp/1] (root,0,0,00:00:00/56-13:06:52,20) [idle_inject/1] (root,0,0,00:00:21/56-13:06:52,21) [migration/1] (root,0,0,00:01:23/56-13:06:52,22) [ksoftirqd/1] (root,0,0,00:00:00/56-13:06:52,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/56-13:06:52,25) [cpuhp/2] (root,0,0,00:00:00/56-13:06:52,26) [idle_inject/2] (root,0,0,00:00:16/56-13:06:52,27) [migration/2] (root,0,0,01:40:16/56-13:06:52,28) [ksoftirqd/2] (root,0,0,00:00:00/56-13:06:52,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/56-13:06:52,31) [cpuhp/3] (root,0,0,00:00:00/56-13:06:52,32) [idle_inject/3] (root,0,0,00:00:20/56-13:06:52,33) [migration/3] (root,0,0,00:05:09/56-13:06:52,34) [ksoftirqd/3] (root,0,0,00:00:00/56-13:06:52,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/56-13:06:52,40) [kdevtmpfs] (root,0,0,00:00:00/56-13:06:52,41) [netns] (root,0,0,00:00:00/56-13:06:52,42) [inet_frag_wq] (root,0,0,00:00:19/56-13:06:52,43) [kauditd] (root,0,0,00:00:00/56-13:06:52,44) [khungtaskd] (root,0,0,00:00:00/56-13:06:52,45) [oom_reaper] (root,0,0,00:00:00/56-13:06:52,46) [writeback] (root,0,0,00:02:53/56-13:06:52,47) [kcompactd0] (root,0,0,00:00:00/56-13:06:52,48) [ksmd] (root,0,0,00:03:07/56-13:06:52,49) [khugepaged] (root,0,0,00:00:00/56-13:06:52,75) [kintegrityd] (root,0,0,00:00:00/56-13:06:52,76) [kblockd] (root,0,0,00:00:00/56-13:06:52,77) [blkcg_punt_bio] (root,0,0,00:00:00/56-13:06:52,79) [tpm_dev_wq] (root,0,0,00:00:00/56-13:06:52,80) [edac-poller] (root,0,0,00:00:00/56-13:06:52,81) [devfreq_wq] (root,0,0,00:00:00/56-13:06:52,110) [watchdogd] (root,0,0,00:00:04/56-13:06:52,111) [kswapd0] (root,0,0,00:00:14/56-13:06:52,113) [kworker/2:1H-kblockd] (root,0,0,00:00:00/56-13:06:50,115) [kthrotld] (root,0,0,00:00:00/56-13:06:50,116) [mld] (root,0,0,00:00:00/56-13:06:50,117) [ipv6_addrconf] (root,0,0,00:00:15/56-13:06:50,118) [kworker/0:1H-kblockd] (root,0,0,00:00:00/56-13:06:50,123) [kstrp] (root,0,0,00:00:00/56-13:06:50,124) [zswap-shrink] (root,0,0,00:00:00/56-13:06:50,125) [kworker/u9:0] (root,0,0,00:00:00/56-13:06:50,130) [charger_manager] (root,0,0,00:00:17/56-13:06:50,172) [kworker/1:1H-kblockd] (root,0,0,00:00:25/56-13:06:50,177) [kworker/3:1H-kblockd] (root,0,0,00:00:00/56-13:06:49,239) [kaluad] (root,0,0,00:00:00/56-13:06:49,258) [kmpath_rdacd] (root,0,0,00:00:00/56-13:06:49,304) [kmpathd] (root,0,0,00:00:00/56-13:06:49,305) [kmpath_handlerd] (root,0,0,00:00:00/56-13:06:48,342) [ata_sff] (root,0,0,00:00:00/56-13:06:48,343) [scsi_eh_0] (root,0,0,00:00:00/56-13:06:48,344) [scsi_tmf_0] (root,0,0,00:00:00/56-13:06:48,345) [scsi_eh_1] (root,0,0,00:00:00/56-13:06:48,346) [scsi_tmf_1] (root,0,0,00:01:49/56-13:06:45,366) [jbd2/vda1-8] (root,0,0,00:00:00/56-13:06:45,367) [ext4-rsv-conver] (root,38604,7852,00:01:33/56-13:06:33,440) /usr/lib/systemd/systemd-journald (root,53296,9420,00:00:06/56-13:06:32,454) /usr/lib/systemd/systemd-udevd (root,8624,6128,00:01:27/56-13:06:30,492) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1588,00:00:32/56-13:05:59,511) /sbin/auditd (messagebus,22932,5400,00:03:00/56-13:05:58,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8256,00:01:42/56-13:05:58,530) /usr/lib/systemd/systemd-logind (root,20556,4468,00:00:00/56-13:05:58,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31704,15800,00:00:03/56-13:05:56,611) /usr/sbin/wickedd --systemd --foreground (root,31900,16232,00:00:00/56-13:05:56,616) /usr/sbin/wickedd-nanny --systemd --foreground (root,0,0,00:00:00/14:56,734) [kworker/3:1-mm_percpu_wq] (root,549128,31272,00:01:07/56-13:05:42,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,25404,00:00:00/56-13:05:42,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4512,00:05:34/56-13:05:42,1337) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1796,00:00:00/56-13:05:42,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40564,10436,00:00:00/56-13:05:42,1341) /usr/lib/systemd/systemd --user (cm-ssh,40560,10636,00:00:00/56-13:05:42,1342) /usr/lib/systemd/systemd --user (checkmk,40568,10492,00:00:00/56-13:05:42,1343) /usr/lib/systemd/systemd --user (root,449060,8312,00:01:42/56-13:05:42,1345) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,5712,00:08:04/56-13:05:42,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,656,00:00:00/56-13:05:42,1352) bpfilter_umh (root,26204,8096,00:00:28/56-13:05:42,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,3940,00:00:00/56-13:05:42,1359) ntpd: asynchronous dns resolver (spot,364800,215644,3-02:26:00/56-13:05:41,1368) /usr/bin/python3.11 /usr/bin/spot (syslogtunnel,48528,3180,00:00:00/56-13:05:41,1371) (sd-pam) (checkmk,48528,3180,00:00:00/56-13:05:41,1372) (sd-pam) (cm-ssh,48528,3180,00:00:00/56-13:05:41,1373) (sd-pam) (root,24216,5260,00:00:20/56-13:05:39,1468) /usr/lib/postfix/bin//master -w (postfix,24292,8228,00:00:03/56-13:05:39,1470) qmgr -l -t fifo -u (root,8964,2656,00:00:07/56-13:05:39,1485) /usr/sbin/cron -n (root,698412,79180,01:18:12/56-13:05:33,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,233920,79172,00:29:29/56-13:05:21,1995) /usr/bin/python3.11 /usr/bin/spot (root,0,0,00:00:00/04:33,2435) [kworker/3:2-ata_sff] (postfix,44628,9136,00:00:02/50-18:40:56,2557) tlsmgr -l -t unix -u (root,0,0,00:00:00/57:14,8106) [kworker/2:2-mm_percpu_wq] (root,0,0,00:00:00/02:27,8133) [kworker/1:1] (root,35304,10040,00:00:00/18-13:33:51,10512) sshd: syslogtunnel [priv] (syslogtunnel,35304,5440,00:01:09/18-13:33:50,10514) sshd: syslogtunnel (root,0,0,00:00:00/09:46,15574) [kworker/3:0-ata_sff] (root,6656,3488,00:00:00/00:01,16677) /bin/bash /usr/bin/check_mk_agent (root,13744,3500,00:00:00/00:00,16695) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,952,00:00:00/00:00,16696) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:00/20:20,19547) [kworker/2:0] (root,0,0,00:00:00/35:16,22117) [kworker/u8:2-events_unbound] (root,0,0,00:00:00/52:28,26920) [kworker/0:1-events] (root,0,0,00:00:00/31:42,28840) [kworker/1:2-cgroup_destroy] (postfix,24244,8200,00:00:00/01:21:06,30136) pickup -l -t fifo -u (root,0,0,00:00:00/43:51,30502) [kworker/0:0] (root,0,0,00:00:00/03:53:52,30582) [kworker/u8:1-writeback] (root,35308,10028,00:00:00/18-14:20:04,30945) sshd: cm-ssh [priv] (cm-ssh,35308,5584,00:01:02/18-14:20:03,30947) sshd: cm-ssh (root,0,0,00:00:00/16:02,31168) [kworker/1:0-events] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-11-05 23:55 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363082addb5Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189584,12392,00:02:34/54-13:23:45,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:01/54-13:23:45,2) [kthreadd] (root,0,0,00:00:00/54-13:23:45,3) [rcu_gp] (root,0,0,00:00:00/54-13:23:45,4) [rcu_par_gp] (root,0,0,00:00:00/54-13:23:45,5) [slub_flushwq] (root,0,0,00:00:00/54-13:23:45,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/54-13:23:45,9) [mm_percpu_wq] (root,0,0,00:00:00/54-13:23:45,10) [rcu_tasks_kthre] (root,0,0,00:00:00/54-13:23:45,11) [rcu_tasks_rude_] (root,0,0,00:00:00/54-13:23:45,12) [rcu_tasks_trace] (root,0,0,00:01:37/54-13:23:45,13) [ksoftirqd/0] (root,0,0,02:33:20/54-13:23:45,14) [rcu_preempt] (root,0,0,00:00:21/54-13:23:45,15) [migration/0] (root,0,0,00:00:00/54-13:23:45,16) [idle_inject/0] (root,0,0,00:00:00/54-13:23:45,18) [cpuhp/0] (root,0,0,00:00:00/54-13:23:45,19) [cpuhp/1] (root,0,0,00:00:00/54-13:23:45,20) [idle_inject/1] (root,0,0,00:00:21/54-13:23:45,21) [migration/1] (root,0,0,00:01:20/54-13:23:45,22) [ksoftirqd/1] (root,0,0,00:00:00/54-13:23:45,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/54-13:23:45,25) [cpuhp/2] (root,0,0,00:00:00/54-13:23:45,26) [idle_inject/2] (root,0,0,00:00:15/54-13:23:45,27) [migration/2] (root,0,0,01:36:38/54-13:23:45,28) [ksoftirqd/2] (root,0,0,00:00:00/54-13:23:45,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/54-13:23:45,31) [cpuhp/3] (root,0,0,00:00:00/54-13:23:45,32) [idle_inject/3] (root,0,0,00:00:19/54-13:23:45,33) [migration/3] (root,0,0,00:04:59/54-13:23:45,34) [ksoftirqd/3] (root,0,0,00:00:00/54-13:23:45,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/54-13:23:45,40) [kdevtmpfs] (root,0,0,00:00:00/54-13:23:45,41) [netns] (root,0,0,00:00:00/54-13:23:45,42) [inet_frag_wq] (root,0,0,00:00:18/54-13:23:45,43) [kauditd] (root,0,0,00:00:00/54-13:23:45,44) [khungtaskd] (root,0,0,00:00:00/54-13:23:45,45) [oom_reaper] (root,0,0,00:00:00/54-13:23:45,46) [writeback] (root,0,0,00:02:47/54-13:23:45,47) [kcompactd0] (root,0,0,00:00:00/54-13:23:45,48) [ksmd] (root,0,0,00:03:02/54-13:23:45,49) [khugepaged] (root,0,0,00:00:00/54-13:23:45,75) [kintegrityd] (root,0,0,00:00:00/54-13:23:45,76) [kblockd] (root,0,0,00:00:00/54-13:23:45,77) [blkcg_punt_bio] (root,0,0,00:00:00/54-13:23:45,79) [tpm_dev_wq] (root,0,0,00:00:00/54-13:23:45,80) [edac-poller] (root,0,0,00:00:00/54-13:23:45,81) [devfreq_wq] (root,0,0,00:00:00/54-13:23:45,110) [watchdogd] (root,0,0,00:00:04/54-13:23:45,111) [kswapd0] (root,0,0,00:00:14/54-13:23:45,113) [kworker/2:1H-kblockd] (root,0,0,00:00:00/54-13:23:43,115) [kthrotld] (root,0,0,00:00:00/54-13:23:43,116) [mld] (root,0,0,00:00:00/54-13:23:43,117) [ipv6_addrconf] (root,0,0,00:00:15/54-13:23:43,118) [kworker/0:1H-kblockd] (root,0,0,00:00:00/54-13:23:43,123) [kstrp] (root,0,0,00:00:00/54-13:23:43,124) [zswap-shrink] (root,0,0,00:00:00/54-13:23:43,125) [kworker/u9:0] (root,0,0,00:00:00/54-13:23:43,130) [charger_manager] (root,0,0,00:00:16/54-13:23:43,172) [kworker/1:1H-kblockd] (root,0,0,00:00:24/54-13:23:43,177) [kworker/3:1H-kblockd] (root,0,0,00:00:00/54-13:23:42,239) [kaluad] (root,0,0,00:00:00/54-13:23:42,258) [kmpath_rdacd] (root,0,0,00:00:00/54-13:23:42,304) [kmpathd] (root,0,0,00:00:00/54-13:23:42,305) [kmpath_handlerd] (root,0,0,00:00:00/54-13:23:41,342) [ata_sff] (root,0,0,00:00:00/54-13:23:41,343) [scsi_eh_0] (root,0,0,00:00:00/54-13:23:41,344) [scsi_tmf_0] (root,0,0,00:00:00/54-13:23:41,345) [scsi_eh_1] (root,0,0,00:00:00/54-13:23:41,346) [scsi_tmf_1] (root,0,0,00:01:46/54-13:23:38,366) [jbd2/vda1-8] (root,0,0,00:00:00/54-13:23:38,367) [ext4-rsv-conver] (root,38604,7852,00:01:30/54-13:23:26,440) /usr/lib/systemd/systemd-journald (root,53296,9420,00:00:06/54-13:23:25,454) /usr/lib/systemd/systemd-udevd (root,8624,6128,00:01:24/54-13:23:23,492) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1588,00:00:31/54-13:22:52,511) /sbin/auditd (messagebus,22932,5400,00:02:53/54-13:22:51,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8256,00:01:38/54-13:22:51,530) /usr/lib/systemd/systemd-logind (root,20556,4468,00:00:00/54-13:22:51,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31704,15800,00:00:03/54-13:22:49,611) /usr/sbin/wickedd --systemd --foreground (root,31900,16232,00:00:00/54-13:22:49,616) /usr/sbin/wickedd-nanny --systemd --foreground (root,549128,31272,00:01:04/54-13:22:35,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,25404,00:00:00/54-13:22:35,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4512,00:05:23/54-13:22:35,1337) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1796,00:00:00/54-13:22:35,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40564,10436,00:00:00/54-13:22:35,1341) /usr/lib/systemd/systemd --user (cm-ssh,40560,10636,00:00:00/54-13:22:35,1342) /usr/lib/systemd/systemd --user (checkmk,40568,10492,00:00:00/54-13:22:35,1343) /usr/lib/systemd/systemd --user (root,449060,8312,00:01:39/54-13:22:35,1345) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,5712,00:07:48/54-13:22:35,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,656,00:00:00/54-13:22:35,1352) bpfilter_umh (root,26204,8096,00:00:27/54-13:22:35,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,3940,00:00:00/54-13:22:35,1359) ntpd: asynchronous dns resolver (spot,364976,215736,2-23:36:58/54-13:22:34,1368) /usr/bin/python3.11 /usr/bin/spot (syslogtunnel,48528,3180,00:00:00/54-13:22:34,1371) (sd-pam) (checkmk,48528,3180,00:00:00/54-13:22:34,1372) (sd-pam) (cm-ssh,48528,3180,00:00:00/54-13:22:34,1373) (sd-pam) (root,24216,5260,00:00:19/54-13:22:32,1468) /usr/lib/postfix/bin//master -w (postfix,24292,8228,00:00:03/54-13:22:32,1470) qmgr -l -t fifo -u (root,8964,2656,00:00:07/54-13:22:32,1485) /usr/sbin/cron -n (root,698412,79068,01:15:30/54-13:22:26,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,232896,77756,00:28:44/54-13:22:14,1995) /usr/bin/python3.11 /usr/bin/spot (postfix,44628,9160,00:00:02/48-18:57:49,2557) tlsmgr -l -t unix -u (root,6656,3484,00:00:00/00:00,4535) /bin/bash /usr/bin/check_mk_agent (root,13744,3420,00:00:00/00:00,4553) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,4554) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:00/01:42:25,7540) [kworker/u8:2-flush-253:0] (root,0,0,00:00:00/11:55,8836) [kworker/3:2-events] (root,35304,10040,00:00:00/16-13:50:44,10512) sshd: syslogtunnel [priv] (syslogtunnel,35304,5440,00:01:02/16-13:50:43,10514) sshd: syslogtunnel (root,0,0,00:00:00/01:53:03,12007) [kworker/2:2] (root,0,0,00:00:01/03:27:27,13020) [kworker/0:1-events] (postfix,24244,8220,00:00:00/18:56,18539) pickup -l -t fifo -u (root,0,0,00:00:00/06:45,18973) [kworker/3:1-ata_sff] (root,0,0,00:00:00/01:11:21,20021) [kworker/0:2-events] (root,0,0,00:00:00/02:40:13,25166) [kworker/2:1-events] (root,0,0,00:00:00/47:31,27549) [kworker/u8:0-flush-253:0] (root,0,0,00:00:00/47:31,27550) [kworker/1:0-events] (root,0,0,00:00:00/02:24:41,29849) [kworker/1:2-events] (root,35308,10028,00:00:00/16-14:36:57,30945) sshd: cm-ssh [priv] (cm-ssh,35308,5584,00:00:56/16-14:36:56,30947) sshd: cm-ssh (root,0,0,00:00:00/01:33,32392) [kworker/3:0-ata_sff] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-11-04 00:12 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363dbb7cd04Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189584,12460,00:02:13/45-12:26:37,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:01/45-12:26:37,2) [kthreadd] (root,0,0,00:00:00/45-12:26:37,3) [rcu_gp] (root,0,0,00:00:00/45-12:26:37,4) [rcu_par_gp] (root,0,0,00:00:00/45-12:26:37,5) [slub_flushwq] (root,0,0,00:00:00/45-12:26:37,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/45-12:26:37,9) [mm_percpu_wq] (root,0,0,00:00:00/45-12:26:37,10) [rcu_tasks_kthre] (root,0,0,00:00:00/45-12:26:37,11) [rcu_tasks_rude_] (root,0,0,00:00:00/45-12:26:37,12) [rcu_tasks_trace] (root,0,0,00:01:23/45-12:26:37,13) [ksoftirqd/0] (root,0,0,02:10:33/45-12:26:37,14) [rcu_preempt] (root,0,0,00:00:17/45-12:26:37,15) [migration/0] (root,0,0,00:00:00/45-12:26:37,16) [idle_inject/0] (root,0,0,00:00:00/45-12:26:37,18) [cpuhp/0] (root,0,0,00:00:00/45-12:26:37,19) [cpuhp/1] (root,0,0,00:00:00/45-12:26:37,20) [idle_inject/1] (root,0,0,00:00:17/45-12:26:37,21) [migration/1] (root,0,0,00:01:08/45-12:26:37,22) [ksoftirqd/1] (root,0,0,00:00:00/45-12:26:37,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/45-12:26:37,25) [cpuhp/2] (root,0,0,00:00:00/45-12:26:37,26) [idle_inject/2] (root,0,0,00:00:13/45-12:26:37,27) [migration/2] (root,0,0,01:25:12/45-12:26:37,28) [ksoftirqd/2] (root,0,0,00:00:00/45-12:26:37,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/45-12:26:37,31) [cpuhp/3] (root,0,0,00:00:00/45-12:26:37,32) [idle_inject/3] (root,0,0,00:00:16/45-12:26:37,33) [migration/3] (root,0,0,00:04:21/45-12:26:37,34) [ksoftirqd/3] (root,0,0,00:00:00/45-12:26:37,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/45-12:26:37,40) [kdevtmpfs] (root,0,0,00:00:00/45-12:26:37,41) [netns] (root,0,0,00:00:00/45-12:26:37,42) [inet_frag_wq] (root,0,0,00:00:16/45-12:26:37,43) [kauditd] (root,0,0,00:00:00/45-12:26:37,44) [khungtaskd] (root,0,0,00:00:00/45-12:26:37,45) [oom_reaper] (root,0,0,00:00:00/45-12:26:37,46) [writeback] (root,0,0,00:02:23/45-12:26:37,47) [kcompactd0] (root,0,0,00:00:00/45-12:26:37,48) [ksmd] (root,0,0,00:02:30/45-12:26:37,49) [khugepaged] (root,0,0,00:00:00/45-12:26:37,75) [kintegrityd] (root,0,0,00:00:00/45-12:26:37,76) [kblockd] (root,0,0,00:00:00/45-12:26:37,77) [blkcg_punt_bio] (root,0,0,00:00:00/45-12:26:37,79) [tpm_dev_wq] (root,0,0,00:00:00/45-12:26:37,80) [edac-poller] (root,0,0,00:00:00/45-12:26:37,81) [devfreq_wq] (root,0,0,00:00:00/45-12:26:37,110) [watchdogd] (root,0,0,00:00:03/45-12:26:37,111) [kswapd0] (root,0,0,00:00:12/45-12:26:37,113) [kworker/2:1H-kblockd] (root,0,0,00:00:00/45-12:26:35,115) [kthrotld] (root,0,0,00:00:00/45-12:26:35,116) [mld] (root,0,0,00:00:00/45-12:26:35,117) [ipv6_addrconf] (root,0,0,00:00:12/45-12:26:35,118) [kworker/0:1H-kblockd] (root,0,0,00:00:00/45-12:26:35,123) [kstrp] (root,0,0,00:00:00/45-12:26:35,124) [zswap-shrink] (root,0,0,00:00:00/45-12:26:35,125) [kworker/u9:0] (root,0,0,00:00:00/45-12:26:35,130) [charger_manager] (root,0,0,00:00:14/45-12:26:35,172) [kworker/1:1H-kblockd] (root,0,0,00:00:20/45-12:26:35,177) [kworker/3:1H-kblockd] (root,0,0,00:00:00/45-12:26:34,239) [kaluad] (root,0,0,00:00:00/45-12:26:34,258) [kmpath_rdacd] (root,0,0,00:00:00/45-12:26:34,304) [kmpathd] (root,0,0,00:00:00/45-12:26:34,305) [kmpath_handlerd] (root,0,0,00:00:00/45-12:26:33,342) [ata_sff] (root,0,0,00:00:00/45-12:26:33,343) [scsi_eh_0] (root,0,0,00:00:00/45-12:26:33,344) [scsi_tmf_0] (root,0,0,00:00:00/45-12:26:33,345) [scsi_eh_1] (root,0,0,00:00:00/45-12:26:33,346) [scsi_tmf_1] (root,0,0,00:01:30/45-12:26:30,366) [jbd2/vda1-8] (root,0,0,00:00:00/45-12:26:30,367) [ext4-rsv-conver] (root,38604,7856,00:01:17/45-12:26:18,440) /usr/lib/systemd/systemd-journald (root,53296,9444,00:00:05/45-12:26:17,454) /usr/lib/systemd/systemd-udevd (root,8624,6132,00:01:11/45-12:26:15,492) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1588,00:00:27/45-12:25:44,511) /sbin/auditd (messagebus,22932,5408,00:02:30/45-12:25:43,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8252,00:01:25/45-12:25:43,530) /usr/lib/systemd/systemd-logind (root,20556,4508,00:00:00/45-12:25:43,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31704,15832,00:00:03/45-12:25:41,611) /usr/sbin/wickedd --systemd --foreground (root,31900,16268,00:00:00/45-12:25:41,616) /usr/sbin/wickedd-nanny --systemd --foreground (root,548872,30852,00:00:54/45-12:25:27,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,25672,00:00:00/45-12:25:27,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4512,00:04:34/45-12:25:27,1337) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1796,00:00:00/45-12:25:27,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40564,10436,00:00:00/45-12:25:27,1341) /usr/lib/systemd/systemd --user (cm-ssh,40560,10636,00:00:00/45-12:25:27,1342) /usr/lib/systemd/systemd --user (checkmk,40568,10492,00:00:00/45-12:25:27,1343) /usr/lib/systemd/systemd --user (root,449060,8452,00:01:28/45-12:25:27,1345) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,5716,00:06:36/45-12:25:27,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,656,00:00:00/45-12:25:27,1352) bpfilter_umh (root,26204,8096,00:00:23/45-12:25:27,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,3944,00:00:00/45-12:25:27,1359) ntpd: asynchronous dns resolver (spot,361840,206140,2-14:31:36/45-12:25:26,1368) /usr/bin/python3.11 /usr/bin/spot (syslogtunnel,48528,3180,00:00:00/45-12:25:26,1371) (sd-pam) (checkmk,48528,3180,00:00:00/45-12:25:26,1372) (sd-pam) (cm-ssh,48528,3180,00:00:00/45-12:25:26,1373) (sd-pam) (root,24216,5260,00:00:16/45-12:25:24,1468) /usr/lib/postfix/bin//master -w (postfix,24292,8228,00:00:03/45-12:25:24,1470) qmgr -l -t fifo -u (root,8964,2656,00:00:06/45-12:25:24,1485) /usr/sbin/cron -n (root,697508,78836,01:03:20/45-12:25:18,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,228800,71512,00:24:48/45-12:25:06,1995) /usr/bin/python3.11 /usr/bin/spot (root,0,0,00:00:00/24:48,2530) [kworker/u8:2-ext4-rsv-conversion] (postfix,44628,9184,00:00:01/39-18:00:41,2557) tlsmgr -l -t unix -u (root,0,0,00:00:00/24:37,3883) [kworker/2:0-cgroup_destroy] (root,0,0,00:00:00/01:40:13,7467) [kworker/1:1-events] (postfix,24244,8216,00:00:00/09:26,9742) pickup -l -t fifo -u (root,0,0,00:00:00/39:45,9975) [kworker/2:2-events] (root,35304,10040,00:00:00/7-12:53:36,10512) sshd: syslogtunnel [priv] (syslogtunnel,35304,5440,00:00:30/7-12:53:35,10514) sshd: syslogtunnel (root,0,0,00:00:00/54:48,13466) [kworker/1:2] (root,0,0,00:00:00/00:08,14356) [kworker/3:2-ata_sff] (root,6656,3480,00:00:00/00:00,14991) /bin/bash /usr/bin/check_mk_agent (root,13744,3528,00:00:00/00:00,15009) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,15010) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:00/29:42,16113) [kworker/0:1] (root,0,0,00:00:01/03:15:53,23049) [kworker/0:2-events] (root,0,0,00:00:00/05:21,29379) [kworker/3:1-ata_sff] (root,0,0,00:00:00/04:26,30660) [kworker/2:1-events] (root,35308,10028,00:00:00/7-13:39:49,30945) sshd: cm-ssh [priv] (cm-ssh,35308,5584,00:00:27/7-13:39:48,30947) sshd: cm-ssh (root,0,0,00:00:00/01:12:47,31141) [kworker/3:0-events] (root,0,0,00:00:00/02:25:23,32405) [kworker/u8:1-flush-253:0] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-10-25 23:15 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe5683636922e72dFound public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189584,12432,00:02:08/43-12:39:25,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:01/43-12:39:25,2) [kthreadd] (root,0,0,00:00:00/43-12:39:25,3) [rcu_gp] (root,0,0,00:00:00/43-12:39:25,4) [rcu_par_gp] (root,0,0,00:00:00/43-12:39:25,5) [slub_flushwq] (root,0,0,00:00:00/43-12:39:25,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/43-12:39:25,9) [mm_percpu_wq] (root,0,0,00:00:00/43-12:39:25,10) [rcu_tasks_kthre] (root,0,0,00:00:00/43-12:39:25,11) [rcu_tasks_rude_] (root,0,0,00:00:00/43-12:39:25,12) [rcu_tasks_trace] (root,0,0,00:01:19/43-12:39:25,13) [ksoftirqd/0] (root,0,0,02:05:05/43-12:39:25,14) [rcu_preempt] (root,0,0,00:00:16/43-12:39:25,15) [migration/0] (root,0,0,00:00:00/43-12:39:25,16) [idle_inject/0] (root,0,0,00:00:00/43-12:39:25,18) [cpuhp/0] (root,0,0,00:00:00/43-12:39:25,19) [cpuhp/1] (root,0,0,00:00:00/43-12:39:25,20) [idle_inject/1] (root,0,0,00:00:16/43-12:39:25,21) [migration/1] (root,0,0,00:01:05/43-12:39:25,22) [ksoftirqd/1] (root,0,0,00:00:00/43-12:39:25,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/43-12:39:25,25) [cpuhp/2] (root,0,0,00:00:00/43-12:39:25,26) [idle_inject/2] (root,0,0,00:00:12/43-12:39:25,27) [migration/2] (root,0,0,01:22:25/43-12:39:25,28) [ksoftirqd/2] (root,0,0,00:00:00/43-12:39:25,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/43-12:39:25,31) [cpuhp/3] (root,0,0,00:00:00/43-12:39:25,32) [idle_inject/3] (root,0,0,00:00:15/43-12:39:25,33) [migration/3] (root,0,0,00:04:12/43-12:39:25,34) [ksoftirqd/3] (root,0,0,00:00:00/43-12:39:25,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/43-12:39:25,40) [kdevtmpfs] (root,0,0,00:00:00/43-12:39:25,41) [netns] (root,0,0,00:00:00/43-12:39:25,42) [inet_frag_wq] (root,0,0,00:00:15/43-12:39:25,43) [kauditd] (root,0,0,00:00:00/43-12:39:25,44) [khungtaskd] (root,0,0,00:00:00/43-12:39:25,45) [oom_reaper] (root,0,0,00:00:00/43-12:39:25,46) [writeback] (root,0,0,00:02:17/43-12:39:25,47) [kcompactd0] (root,0,0,00:00:00/43-12:39:25,48) [ksmd] (root,0,0,00:02:24/43-12:39:25,49) [khugepaged] (root,0,0,00:00:00/43-12:39:25,75) [kintegrityd] (root,0,0,00:00:00/43-12:39:25,76) [kblockd] (root,0,0,00:00:00/43-12:39:25,77) [blkcg_punt_bio] (root,0,0,00:00:00/43-12:39:25,79) [tpm_dev_wq] (root,0,0,00:00:00/43-12:39:25,80) [edac-poller] (root,0,0,00:00:00/43-12:39:25,81) [devfreq_wq] (root,0,0,00:00:00/43-12:39:25,110) [watchdogd] (root,0,0,00:00:03/43-12:39:25,111) [kswapd0] (root,0,0,00:00:11/43-12:39:25,113) [kworker/2:1H-kblockd] (root,0,0,00:00:00/43-12:39:23,115) [kthrotld] (root,0,0,00:00:00/43-12:39:23,116) [mld] (root,0,0,00:00:00/43-12:39:23,117) [ipv6_addrconf] (root,0,0,00:00:12/43-12:39:23,118) [kworker/0:1H-kblockd] (root,0,0,00:00:00/43-12:39:23,123) [kstrp] (root,0,0,00:00:00/43-12:39:23,124) [zswap-shrink] (root,0,0,00:00:00/43-12:39:23,125) [kworker/u9:0] (root,0,0,00:00:00/43-12:39:23,130) [charger_manager] (root,0,0,00:00:13/43-12:39:23,172) [kworker/1:1H-kblockd] (root,0,0,00:00:19/43-12:39:23,177) [kworker/3:1H-kblockd] (root,0,0,00:00:00/43-12:39:22,239) [kaluad] (root,0,0,00:00:00/43-12:39:22,258) [kmpath_rdacd] (root,0,0,00:00:00/43-12:39:22,304) [kmpathd] (root,0,0,00:00:00/43-12:39:22,305) [kmpath_handlerd] (root,0,0,00:00:00/43-12:39:21,342) [ata_sff] (root,0,0,00:00:00/43-12:39:21,343) [scsi_eh_0] (root,0,0,00:00:00/43-12:39:21,344) [scsi_tmf_0] (root,0,0,00:00:00/43-12:39:21,345) [scsi_eh_1] (root,0,0,00:00:00/43-12:39:21,346) [scsi_tmf_1] (root,0,0,00:01:27/43-12:39:18,366) [jbd2/vda1-8] (root,0,0,00:00:00/43-12:39:18,367) [ext4-rsv-conver] (root,38604,7856,00:01:15/43-12:39:06,440) /usr/lib/systemd/systemd-journald (root,53296,9444,00:00:05/43-12:39:05,454) /usr/lib/systemd/systemd-udevd (root,8624,6132,00:01:08/43-12:39:03,492) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1588,00:00:26/43-12:38:32,511) /sbin/auditd (messagebus,22932,5408,00:02:24/43-12:38:31,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8252,00:01:22/43-12:38:31,530) /usr/lib/systemd/systemd-logind (root,20556,4508,00:00:00/43-12:38:31,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31704,15832,00:00:03/43-12:38:29,611) /usr/sbin/wickedd --systemd --foreground (root,31900,16268,00:00:00/43-12:38:29,616) /usr/sbin/wickedd-nanny --systemd --foreground (root,0,0,00:00:00/11:51,883) [kworker/2:0-events] (root,548872,30852,00:00:51/43-12:38:15,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,25672,00:00:00/43-12:38:15,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4512,00:04:21/43-12:38:15,1337) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1796,00:00:00/43-12:38:15,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40564,10436,00:00:00/43-12:38:15,1341) /usr/lib/systemd/systemd --user (cm-ssh,40560,10636,00:00:00/43-12:38:15,1342) /usr/lib/systemd/systemd --user (checkmk,40568,10492,00:00:00/43-12:38:15,1343) /usr/lib/systemd/systemd --user (root,449060,8452,00:01:25/43-12:38:15,1345) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,5716,00:06:19/43-12:38:15,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,656,00:00:00/43-12:38:15,1352) bpfilter_umh (root,26204,8096,00:00:22/43-12:38:15,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,3944,00:00:00/43-12:38:15,1359) ntpd: asynchronous dns resolver (spot,361712,206108,2-12:16:51/43-12:38:14,1368) /usr/bin/python3.11 /usr/bin/spot (syslogtunnel,48528,3180,00:00:00/43-12:38:14,1371) (sd-pam) (checkmk,48528,3180,00:00:00/43-12:38:14,1372) (sd-pam) (cm-ssh,48528,3180,00:00:00/43-12:38:14,1373) (sd-pam) (root,24216,5260,00:00:15/43-12:38:12,1468) /usr/lib/postfix/bin//master -w (postfix,24292,8228,00:00:03/43-12:38:12,1470) qmgr -l -t fifo -u (root,8964,2656,00:00:06/43-12:38:12,1485) /usr/sbin/cron -n (root,697508,78760,01:00:33/43-12:38:06,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,227776,70172,00:23:49/43-12:37:54,1995) /usr/bin/python3.11 /usr/bin/spot (postfix,44628,9184,00:00:01/37-18:13:29,2557) tlsmgr -l -t unix -u (root,6656,3484,00:00:00/00:00,2677) /bin/bash /usr/bin/check_mk_agent (root,13744,3432,00:00:00/00:00,2695) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,2696) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:00/02:10:43,8260) [kworker/0:1] (root,0,0,00:00:00/07:14,8317) [kworker/3:2-ata_sff] (root,35304,10040,00:00:00/5-13:06:24,10512) sshd: syslogtunnel [priv] (syslogtunnel,35304,5440,00:00:22/5-13:06:23,10514) sshd: syslogtunnel (root,0,0,00:00:00/31:51,11196) [kworker/2:1-events] (root,0,0,00:00:00/02:30:12,12041) [kworker/1:0-events] (root,0,0,00:00:01/03:33:38,13819) [kworker/0:2-events] (root,0,0,00:00:00/27:37,19317) [kworker/u8:2-flush-253:0] (root,0,0,00:00:00/02:20:25,21552) [kworker/1:1] (postfix,24244,8252,00:00:00/43:57,22335) pickup -l -t fifo -u (root,0,0,00:00:00/43:04,23914) [kworker/u8:0-flush-253:0] (root,0,0,00:00:00/02:03,27607) [kworker/3:1-ata_sff] (root,0,0,00:00:01/01:40:39,30519) [kworker/3:0-events] (root,35308,10028,00:00:00/5-13:52:37,30945) sshd: cm-ssh [priv] (cm-ssh,35308,5584,00:00:20/5-13:52:36,30947) sshd: cm-ssh Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-10-23 23:28 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363ad110786Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189584,12432,00:02:03/41-12:59:12,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:01/41-12:59:12,2) [kthreadd] (root,0,0,00:00:00/41-12:59:12,3) [rcu_gp] (root,0,0,00:00:00/41-12:59:12,4) [rcu_par_gp] (root,0,0,00:00:00/41-12:59:12,5) [slub_flushwq] (root,0,0,00:00:00/41-12:59:12,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/41-12:59:12,9) [mm_percpu_wq] (root,0,0,00:00:00/41-12:59:12,10) [rcu_tasks_kthre] (root,0,0,00:00:00/41-12:59:12,11) [rcu_tasks_rude_] (root,0,0,00:00:00/41-12:59:12,12) [rcu_tasks_trace] (root,0,0,00:01:16/41-12:59:12,13) [ksoftirqd/0] (root,0,0,01:59:14/41-12:59:12,14) [rcu_preempt] (root,0,0,00:00:15/41-12:59:12,15) [migration/0] (root,0,0,00:00:00/41-12:59:12,16) [idle_inject/0] (root,0,0,00:00:00/41-12:59:12,18) [cpuhp/0] (root,0,0,00:00:00/41-12:59:12,19) [cpuhp/1] (root,0,0,00:00:00/41-12:59:12,20) [idle_inject/1] (root,0,0,00:00:16/41-12:59:12,21) [migration/1] (root,0,0,00:01:02/41-12:59:12,22) [ksoftirqd/1] (root,0,0,00:00:00/41-12:59:12,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/41-12:59:12,25) [cpuhp/2] (root,0,0,00:00:00/41-12:59:12,26) [idle_inject/2] (root,0,0,00:00:12/41-12:59:12,27) [migration/2] (root,0,0,01:18:28/41-12:59:12,28) [ksoftirqd/2] (root,0,0,00:00:00/41-12:59:12,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/41-12:59:12,31) [cpuhp/3] (root,0,0,00:00:00/41-12:59:12,32) [idle_inject/3] (root,0,0,00:00:15/41-12:59:12,33) [migration/3] (root,0,0,00:03:59/41-12:59:12,34) [ksoftirqd/3] (root,0,0,00:00:00/41-12:59:12,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/41-12:59:12,40) [kdevtmpfs] (root,0,0,00:00:00/41-12:59:12,41) [netns] (root,0,0,00:00:00/41-12:59:12,42) [inet_frag_wq] (root,0,0,00:00:14/41-12:59:12,43) [kauditd] (root,0,0,00:00:00/41-12:59:12,44) [khungtaskd] (root,0,0,00:00:00/41-12:59:12,45) [oom_reaper] (root,0,0,00:00:00/41-12:59:12,46) [writeback] (root,0,0,00:02:11/41-12:59:12,47) [kcompactd0] (root,0,0,00:00:00/41-12:59:12,48) [ksmd] (root,0,0,00:02:17/41-12:59:12,49) [khugepaged] (root,0,0,00:00:00/41-12:59:12,75) [kintegrityd] (root,0,0,00:00:00/41-12:59:12,76) [kblockd] (root,0,0,00:00:00/41-12:59:12,77) [blkcg_punt_bio] (root,0,0,00:00:00/41-12:59:12,79) [tpm_dev_wq] (root,0,0,00:00:00/41-12:59:12,80) [edac-poller] (root,0,0,00:00:00/41-12:59:12,81) [devfreq_wq] (root,0,0,00:00:00/41-12:59:12,110) [watchdogd] (root,0,0,00:00:03/41-12:59:12,111) [kswapd0] (root,0,0,00:00:11/41-12:59:12,113) [kworker/2:1H-kblockd] (root,0,0,00:00:00/41-12:59:10,115) [kthrotld] (root,0,0,00:00:00/41-12:59:10,116) [mld] (root,0,0,00:00:00/41-12:59:10,117) [ipv6_addrconf] (root,0,0,00:00:11/41-12:59:10,118) [kworker/0:1H-kblockd] (root,0,0,00:00:00/41-12:59:10,123) [kstrp] (root,0,0,00:00:00/41-12:59:10,124) [zswap-shrink] (root,0,0,00:00:00/41-12:59:10,125) [kworker/u9:0] (root,0,0,00:00:00/41-12:59:10,130) [charger_manager] (root,0,0,00:00:13/41-12:59:10,172) [kworker/1:1H-kblockd] (root,0,0,00:00:18/41-12:59:10,177) [kworker/3:1H-kblockd] (root,0,0,00:00:00/41-12:59:09,239) [kaluad] (root,0,0,00:00:00/41-12:59:09,258) [kmpath_rdacd] (root,0,0,00:00:00/41-12:59:09,304) [kmpathd] (root,0,0,00:00:00/41-12:59:09,305) [kmpath_handlerd] (root,0,0,00:00:00/41-12:59:08,342) [ata_sff] (root,0,0,00:00:00/41-12:59:08,343) [scsi_eh_0] (root,0,0,00:00:00/41-12:59:08,344) [scsi_tmf_0] (root,0,0,00:00:00/41-12:59:08,345) [scsi_eh_1] (root,0,0,00:00:00/41-12:59:08,346) [scsi_tmf_1] (root,0,0,00:01:23/41-12:59:05,366) [jbd2/vda1-8] (root,0,0,00:00:00/41-12:59:05,367) [ext4-rsv-conver] (root,38604,7856,00:01:12/41-12:58:53,440) /usr/lib/systemd/systemd-journald (root,53296,9444,00:00:04/41-12:58:52,454) /usr/lib/systemd/systemd-udevd (root,8624,6132,00:01:05/41-12:58:50,492) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1588,00:00:25/41-12:58:19,511) /sbin/auditd (messagebus,22932,5408,00:02:19/41-12:58:18,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8252,00:01:18/41-12:58:18,530) /usr/lib/systemd/systemd-logind (root,20556,4508,00:00:00/41-12:58:18,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31704,15832,00:00:03/41-12:58:16,611) /usr/sbin/wickedd --systemd --foreground (root,31900,16268,00:00:00/41-12:58:16,616) /usr/sbin/wickedd-nanny --systemd --foreground (root,548616,30208,00:00:49/41-12:58:02,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,25672,00:00:00/41-12:58:02,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4512,00:04:09/41-12:58:02,1337) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1796,00:00:00/41-12:58:02,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40564,10436,00:00:00/41-12:58:02,1341) /usr/lib/systemd/systemd --user (cm-ssh,40560,10636,00:00:00/41-12:58:02,1342) /usr/lib/systemd/systemd --user (checkmk,40568,10492,00:00:00/41-12:58:02,1343) /usr/lib/systemd/systemd --user (root,449060,8448,00:01:22/41-12:58:02,1345) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,5716,00:06:01/41-12:58:02,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,656,00:00:00/41-12:58:02,1352) bpfilter_umh (root,26204,8096,00:00:21/41-12:58:02,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,3944,00:00:00/41-12:58:02,1359) ntpd: asynchronous dns resolver (spot,361936,206164,2-09:30:43/41-12:58:01,1368) /usr/bin/python3.11 /usr/bin/spot (syslogtunnel,48528,3180,00:00:00/41-12:58:01,1371) (sd-pam) (checkmk,48528,3180,00:00:00/41-12:58:01,1372) (sd-pam) (cm-ssh,48528,3180,00:00:00/41-12:58:01,1373) (sd-pam) (root,24216,5260,00:00:14/41-12:57:59,1468) /usr/lib/postfix/bin//master -w (postfix,24292,8228,00:00:02/41-12:57:59,1470) qmgr -l -t fifo -u (root,8964,2656,00:00:05/41-12:57:59,1485) /usr/sbin/cron -n (root,697108,76400,00:57:43/41-12:57:53,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,226752,68932,00:22:49/41-12:57:41,1995) /usr/bin/python3.11 /usr/bin/spot (postfix,44628,9184,00:00:01/35-18:33:16,2557) tlsmgr -l -t unix -u (root,0,0,00:00:00/01:46:48,3309) [kworker/u8:2-flush-253:0] (root,0,0,00:00:00/24:25,4186) [kworker/0:0] (root,35304,10040,00:00:00/3-13:26:11,10512) sshd: syslogtunnel [priv] (syslogtunnel,35304,5440,00:00:15/3-13:26:10,10514) sshd: syslogtunnel (postfix,24244,8308,00:00:00/01:25:41,11997) pickup -l -t fifo -u (root,0,0,00:00:00/05:47,12259) [kworker/3:1-events] (root,0,0,00:00:00/01:07:33,15424) [kworker/0:2-mm_percpu_wq] (root,0,0,00:00:02/10:23:52,16954) [kworker/2:1-mm_percpu_wq] (root,0,0,00:00:01/03:02:54,18031) [kworker/1:2-cgroup_destroy] (root,0,0,00:00:00/29:09,21069) [kworker/2:2] (root,0,0,00:00:00/10:01,23332) [kworker/1:1-events] (root,0,0,00:00:00/36:54,23469) [kworker/3:2-ata_sff] (root,0,0,00:00:00/27:25,25841) [kworker/u8:1-flush-253:0] (root,0,0,00:00:00/00:34,26953) [kworker/3:0-ata_sff] (root,0,0,00:00:00/00:33,27124) [kworker/1:0-mm_percpu_wq] (root,6656,3488,00:00:00/00:00,28816) /bin/bash /usr/bin/check_mk_agent (root,13744,3368,00:00:00/00:00,28834) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,916,00:00:00/00:00,28835) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,35308,10028,00:00:00/3-14:12:24,30945) sshd: cm-ssh [priv] (cm-ssh,35308,5584,00:00:14/3-14:12:23,30947) sshd: cm-ssh Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-10-21 23:47 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363c284eb60Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189584,12624,00:01:57/39-13:05:05,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:01/39-13:05:05,2) [kthreadd] (root,0,0,00:00:00/39-13:05:05,3) [rcu_gp] (root,0,0,00:00:00/39-13:05:05,4) [rcu_par_gp] (root,0,0,00:00:00/39-13:05:05,5) [slub_flushwq] (root,0,0,00:00:00/39-13:05:05,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/39-13:05:05,9) [mm_percpu_wq] (root,0,0,00:00:00/39-13:05:05,10) [rcu_tasks_kthre] (root,0,0,00:00:00/39-13:05:05,11) [rcu_tasks_rude_] (root,0,0,00:00:00/39-13:05:05,12) [rcu_tasks_trace] (root,0,0,00:01:12/39-13:05:05,13) [ksoftirqd/0] (root,0,0,01:53:31/39-13:05:05,14) [rcu_preempt] (root,0,0,00:00:15/39-13:05:05,15) [migration/0] (root,0,0,00:00:00/39-13:05:05,16) [idle_inject/0] (root,0,0,00:00:00/39-13:05:05,18) [cpuhp/0] (root,0,0,00:00:00/39-13:05:05,19) [cpuhp/1] (root,0,0,00:00:00/39-13:05:05,20) [idle_inject/1] (root,0,0,00:00:15/39-13:05:05,21) [migration/1] (root,0,0,00:00:59/39-13:05:05,22) [ksoftirqd/1] (root,0,0,00:00:00/39-13:05:05,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/39-13:05:05,25) [cpuhp/2] (root,0,0,00:00:00/39-13:05:05,26) [idle_inject/2] (root,0,0,00:00:11/39-13:05:05,27) [migration/2] (root,0,0,01:13:54/39-13:05:05,28) [ksoftirqd/2] (root,0,0,00:00:00/39-13:05:05,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/39-13:05:05,31) [cpuhp/3] (root,0,0,00:00:00/39-13:05:05,32) [idle_inject/3] (root,0,0,00:00:14/39-13:05:05,33) [migration/3] (root,0,0,00:03:47/39-13:05:05,34) [ksoftirqd/3] (root,0,0,00:00:00/39-13:05:05,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/39-13:05:05,40) [kdevtmpfs] (root,0,0,00:00:00/39-13:05:05,41) [netns] (root,0,0,00:00:00/39-13:05:05,42) [inet_frag_wq] (root,0,0,00:00:14/39-13:05:05,43) [kauditd] (root,0,0,00:00:00/39-13:05:05,44) [khungtaskd] (root,0,0,00:00:00/39-13:05:05,45) [oom_reaper] (root,0,0,00:00:00/39-13:05:05,46) [writeback] (root,0,0,00:02:04/39-13:05:05,47) [kcompactd0] (root,0,0,00:00:00/39-13:05:05,48) [ksmd] (root,0,0,00:02:09/39-13:05:05,49) [khugepaged] (root,0,0,00:00:00/39-13:05:05,75) [kintegrityd] (root,0,0,00:00:00/39-13:05:05,76) [kblockd] (root,0,0,00:00:00/39-13:05:05,77) [blkcg_punt_bio] (root,0,0,00:00:00/39-13:05:05,79) [tpm_dev_wq] (root,0,0,00:00:00/39-13:05:05,80) [edac-poller] (root,0,0,00:00:00/39-13:05:05,81) [devfreq_wq] (root,0,0,00:00:00/39-13:05:05,110) [watchdogd] (root,0,0,00:00:02/39-13:05:05,111) [kswapd0] (root,0,0,00:00:10/39-13:05:05,113) [kworker/2:1H-kblockd] (root,0,0,00:00:00/39-13:05:03,115) [kthrotld] (root,0,0,00:00:00/39-13:05:03,116) [mld] (root,0,0,00:00:00/39-13:05:03,117) [ipv6_addrconf] (root,0,0,00:00:11/39-13:05:03,118) [kworker/0:1H-kblockd] (root,0,0,00:00:00/39-13:05:03,123) [kstrp] (root,0,0,00:00:00/39-13:05:03,124) [zswap-shrink] (root,0,0,00:00:00/39-13:05:03,125) [kworker/u9:0] (root,0,0,00:00:00/39-13:05:03,130) [charger_manager] (root,0,0,00:00:12/39-13:05:03,172) [kworker/1:1H-kblockd] (root,0,0,00:00:17/39-13:05:03,177) [kworker/3:1H-kblockd] (root,0,0,00:00:00/39-13:05:02,239) [kaluad] (root,0,0,00:00:00/39-13:05:02,258) [kmpath_rdacd] (root,0,0,00:00:00/39-13:05:02,304) [kmpathd] (root,0,0,00:00:00/39-13:05:02,305) [kmpath_handlerd] (root,0,0,00:00:00/39-13:05:01,342) [ata_sff] (root,0,0,00:00:00/39-13:05:01,343) [scsi_eh_0] (root,0,0,00:00:00/39-13:05:01,344) [scsi_tmf_0] (root,0,0,00:00:00/39-13:05:01,345) [scsi_eh_1] (root,0,0,00:00:00/39-13:05:01,346) [scsi_tmf_1] (root,0,0,00:01:19/39-13:04:58,366) [jbd2/vda1-8] (root,0,0,00:00:00/39-13:04:58,367) [ext4-rsv-conver] (root,38604,7924,00:01:09/39-13:04:46,440) /usr/lib/systemd/systemd-journald (root,53296,9640,00:00:04/39-13:04:45,454) /usr/lib/systemd/systemd-udevd (root,8624,6172,00:01:02/39-13:04:43,492) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1600,00:00:24/39-13:04:12,511) /sbin/auditd (messagebus,22932,5436,00:02:12/39-13:04:11,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8316,00:01:15/39-13:04:11,530) /usr/lib/systemd/systemd-logind (root,20556,4536,00:00:00/39-13:04:11,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31704,15860,00:00:03/39-13:04:09,611) /usr/sbin/wickedd --systemd --foreground (root,31900,16308,00:00:00/39-13:04:09,616) /usr/sbin/wickedd-nanny --systemd --foreground (root,548616,30300,00:00:47/39-13:03:55,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,25876,00:00:00/39-13:03:55,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4536,00:03:57/39-13:03:55,1337) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1812,00:00:00/39-13:03:55,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40564,10520,00:00:00/39-13:03:55,1341) /usr/lib/systemd/systemd --user (cm-ssh,40560,10652,00:00:00/39-13:03:55,1342) /usr/lib/systemd/systemd --user (checkmk,40568,10560,00:00:00/39-13:03:55,1343) /usr/lib/systemd/systemd --user (root,449060,8596,00:01:19/39-13:03:55,1345) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,5840,00:05:44/39-13:03:55,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,656,00:00:00/39-13:03:55,1352) bpfilter_umh (root,26204,8116,00:00:20/39-13:03:55,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4016,00:00:00/39-13:03:55,1359) ntpd: asynchronous dns resolver (spot,360976,198220,2-07:21:46/39-13:03:54,1368) /usr/bin/python3.11 /usr/bin/spot (syslogtunnel,48528,3192,00:00:00/39-13:03:54,1371) (sd-pam) (checkmk,48528,3192,00:00:00/39-13:03:54,1372) (sd-pam) (cm-ssh,48528,3192,00:00:00/39-13:03:54,1373) (sd-pam) (root,24216,5260,00:00:14/39-13:03:52,1468) /usr/lib/postfix/bin//master -w (postfix,24292,8228,00:00:02/39-13:03:52,1470) qmgr -l -t fifo -u (root,8964,2656,00:00:05/39-13:03:52,1485) /usr/sbin/cron -n (root,697108,76496,00:54:52/39-13:03:46,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,225728,67440,00:21:45/39-13:03:34,1995) /usr/bin/python3.11 /usr/bin/spot (root,0,0,00:00:00/07:52,2077) [kworker/3:0-ata_sff] (postfix,44628,9244,00:00:01/33-18:39:09,2557) tlsmgr -l -t unix -u (root,0,0,00:00:00/02:08:02,3019) [kworker/1:2-events] (root,0,0,00:00:00/20:34,6192) [kworker/2:2-events] (root,0,0,00:00:00/01:21:06,8710) [kworker/0:2-events] (root,35304,10040,00:00:00/1-13:32:04,10512) sshd: syslogtunnel [priv] (syslogtunnel,35304,5440,00:00:07/1-13:32:03,10514) sshd: syslogtunnel (postfix,24244,8232,00:00:00/12:22,11858) pickup -l -t fifo -u (root,0,0,00:00:00/02:53:18,12444) [kworker/u8:2-flush-253:0] (root,0,0,00:00:01/01:53:32,15998) [kworker/2:1-events] (root,0,0,00:00:00/18:15,17829) [kworker/3:2-events] (root,0,0,00:00:00/01:18:15,18830) [kworker/u8:1-ext4-rsv-conversion] (root,0,0,00:00:00/25:07,21979) [kworker/0:1-events] (root,0,0,00:00:00/02:41,22374) [kworker/3:1-ata_sff] (root,35308,10028,00:00:00/1-14:18:17,30945) sshd: cm-ssh [priv] (cm-ssh,35308,5584,00:00:07/1-14:18:16,30947) sshd: cm-ssh (root,0,0,00:00:00/01:07:14,31080) [kworker/1:0] (root,6656,3484,00:00:00/00:00,32243) /bin/bash /usr/bin/check_mk_agent (root,13744,3336,00:00:00/00:00,32261) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,32262) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-10-19 23:53 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe5683639b8bcb87Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189584,12624,00:01:51/37-12:41:14,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:01/37-12:41:14,2) [kthreadd] (root,0,0,00:00:00/37-12:41:14,3) [rcu_gp] (root,0,0,00:00:00/37-12:41:14,4) [rcu_par_gp] (root,0,0,00:00:00/37-12:41:14,5) [slub_flushwq] (root,0,0,00:00:00/37-12:41:14,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/37-12:41:14,9) [mm_percpu_wq] (root,0,0,00:00:00/37-12:41:14,10) [rcu_tasks_kthre] (root,0,0,00:00:00/37-12:41:14,11) [rcu_tasks_rude_] (root,0,0,00:00:00/37-12:41:14,12) [rcu_tasks_trace] (root,0,0,00:01:07/37-12:41:14,13) [ksoftirqd/0] (root,0,0,01:47:22/37-12:41:14,14) [rcu_preempt] (root,0,0,00:00:14/37-12:41:14,15) [migration/0] (root,0,0,00:00:00/37-12:41:14,16) [idle_inject/0] (root,0,0,00:00:00/37-12:41:14,18) [cpuhp/0] (root,0,0,00:00:00/37-12:41:14,19) [cpuhp/1] (root,0,0,00:00:00/37-12:41:14,20) [idle_inject/1] (root,0,0,00:00:14/37-12:41:14,21) [migration/1] (root,0,0,00:00:55/37-12:41:14,22) [ksoftirqd/1] (root,0,0,00:00:00/37-12:41:14,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/37-12:41:14,25) [cpuhp/2] (root,0,0,00:00:00/37-12:41:14,26) [idle_inject/2] (root,0,0,00:00:10/37-12:41:14,27) [migration/2] (root,0,0,01:07:53/37-12:41:14,28) [ksoftirqd/2] (root,0,0,00:00:00/37-12:41:14,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/37-12:41:14,31) [cpuhp/3] (root,0,0,00:00:00/37-12:41:14,32) [idle_inject/3] (root,0,0,00:00:13/37-12:41:14,33) [migration/3] (root,0,0,00:03:29/37-12:41:14,34) [ksoftirqd/3] (root,0,0,00:00:00/37-12:41:14,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/37-12:41:14,40) [kdevtmpfs] (root,0,0,00:00:00/37-12:41:14,41) [netns] (root,0,0,00:00:00/37-12:41:14,42) [inet_frag_wq] (root,0,0,00:00:13/37-12:41:14,43) [kauditd] (root,0,0,00:00:00/37-12:41:14,44) [khungtaskd] (root,0,0,00:00:00/37-12:41:14,45) [oom_reaper] (root,0,0,00:00:00/37-12:41:14,46) [writeback] (root,0,0,00:01:58/37-12:41:14,47) [kcompactd0] (root,0,0,00:00:00/37-12:41:14,48) [ksmd] (root,0,0,00:02:02/37-12:41:14,49) [khugepaged] (root,0,0,00:00:00/37-12:41:14,75) [kintegrityd] (root,0,0,00:00:00/37-12:41:14,76) [kblockd] (root,0,0,00:00:00/37-12:41:14,77) [blkcg_punt_bio] (root,0,0,00:00:00/37-12:41:14,79) [tpm_dev_wq] (root,0,0,00:00:00/37-12:41:14,80) [edac-poller] (root,0,0,00:00:00/37-12:41:14,81) [devfreq_wq] (root,0,0,00:00:00/37-12:41:14,110) [watchdogd] (root,0,0,00:00:02/37-12:41:14,111) [kswapd0] (root,0,0,00:00:10/37-12:41:14,113) [kworker/2:1H-kblockd] (root,0,0,00:00:00/37-12:41:12,115) [kthrotld] (root,0,0,00:00:00/37-12:41:12,116) [mld] (root,0,0,00:00:00/37-12:41:12,117) [ipv6_addrconf] (root,0,0,00:00:10/37-12:41:12,118) [kworker/0:1H-kblockd] (root,0,0,00:00:00/37-12:41:12,123) [kstrp] (root,0,0,00:00:00/37-12:41:12,124) [zswap-shrink] (root,0,0,00:00:00/37-12:41:12,125) [kworker/u9:0] (root,0,0,00:00:00/37-12:41:12,130) [charger_manager] (root,0,0,00:00:11/37-12:41:12,172) [kworker/1:1H-kblockd] (root,0,0,00:00:16/37-12:41:12,177) [kworker/3:1H-kblockd] (root,0,0,00:00:00/37-12:41:11,239) [kaluad] (root,0,0,00:00:00/37-12:41:11,258) [kmpath_rdacd] (root,0,0,00:00:00/37-12:41:11,304) [kmpathd] (root,0,0,00:00:00/37-12:41:11,305) [kmpath_handlerd] (root,0,0,00:00:00/37-12:41:10,342) [ata_sff] (root,0,0,00:00:00/37-12:41:10,343) [scsi_eh_0] (root,0,0,00:00:00/37-12:41:10,344) [scsi_tmf_0] (root,0,0,00:00:00/37-12:41:10,345) [scsi_eh_1] (root,0,0,00:00:00/37-12:41:10,346) [scsi_tmf_1] (root,0,0,00:01:15/37-12:41:07,366) [jbd2/vda1-8] (root,0,0,00:00:00/37-12:41:07,367) [ext4-rsv-conver] (root,38604,7924,00:01:01/37-12:40:55,440) /usr/lib/systemd/systemd-journald (root,53296,9640,00:00:04/37-12:40:54,454) /usr/lib/systemd/systemd-udevd (root,8624,6172,00:00:58/37-12:40:52,492) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1600,00:00:22/37-12:40:21,511) /sbin/auditd (messagebus,22932,5436,00:02:06/37-12:40:20,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8316,00:01:11/37-12:40:20,530) /usr/lib/systemd/systemd-logind (root,20556,4536,00:00:00/37-12:40:20,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31704,15860,00:00:03/37-12:40:18,611) /usr/sbin/wickedd --systemd --foreground (root,31900,16308,00:00:00/37-12:40:18,616) /usr/sbin/wickedd-nanny --systemd --foreground (root,548616,30292,00:00:44/37-12:40:04,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,25876,00:00:00/37-12:40:04,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4536,00:03:44/37-12:40:04,1337) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1812,00:00:00/37-12:40:04,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40564,10520,00:00:00/37-12:40:04,1341) /usr/lib/systemd/systemd --user (cm-ssh,40560,10652,00:00:00/37-12:40:04,1342) /usr/lib/systemd/systemd --user (checkmk,40568,10560,00:00:00/37-12:40:04,1343) /usr/lib/systemd/systemd --user (root,449060,8372,00:00:58/37-12:40:04,1345) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,5840,00:05:25/37-12:40:04,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,656,00:00:00/37-12:40:04,1352) bpfilter_umh (root,26204,8116,00:00:19/37-12:40:04,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4016,00:00:00/37-12:40:04,1359) ntpd: asynchronous dns resolver (spot,362432,198608,2-04:22:36/37-12:40:03,1368) /usr/bin/python3.11 /usr/bin/spot (syslogtunnel,48528,3192,00:00:00/37-12:40:03,1371) (sd-pam) (checkmk,48528,3192,00:00:00/37-12:40:03,1372) (sd-pam) (cm-ssh,48528,3192,00:00:00/37-12:40:03,1373) (sd-pam) (root,24216,5260,00:00:13/37-12:40:01,1468) /usr/lib/postfix/bin//master -w (postfix,24292,8228,00:00:02/37-12:40:01,1470) qmgr -l -t fifo -u (root,8964,2656,00:00:05/37-12:40:01,1485) /usr/sbin/cron -n (root,35304,10076,00:00:00/37-12:39:58,1516) sshd: syslogtunnel [priv] (syslogtunnel,35304,5504,00:02:19/37-12:39:57,1527) sshd: syslogtunnel (root,696596,77960,00:51:56/37-12:39:55,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,224704,66204,00:20:41/37-12:39:43,1995) /usr/bin/python3.11 /usr/bin/spot (postfix,44628,9244,00:00:01/31-18:15:18,2557) tlsmgr -l -t unix -u (root,0,0,00:00:00/57:50,2691) [kworker/u8:1-ext4-rsv-conversion] (root,35308,10108,00:00:00/37-12:39:18,3216) sshd: cm-ssh [priv] (cm-ssh,35308,5492,00:02:04/37-12:39:18,3218) sshd: cm-ssh (root,0,0,00:00:00/05:21,9730) [kworker/3:0-ata_sff] (root,0,0,00:00:00/21:33,10083) [kworker/1:2-mm_percpu_wq] (root,0,0,00:00:00/02:04:53,18233) [kworker/u8:0-writeback] (root,0,0,00:00:01/02:38:36,19177) [kworker/0:2-events] (root,0,0,00:00:00/01:30:38,19789) [kworker/0:1-cgroup_destroy] (root,0,0,00:00:00/00:08,21009) [kworker/3:1-ata_sff] (root,6656,3480,00:00:00/00:00,21572) /bin/bash /usr/bin/check_mk_agent (root,13744,3416,00:00:00/00:00,21590) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,21591) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:00/01:20:59,24321) [kworker/2:1-mm_percpu_wq] (root,0,0,00:00:00/01:44:14,26865) [kworker/1:0-cgroup_destroy] (root,0,0,00:00:00/12:17,27095) [kworker/2:0-events] (postfix,24244,8148,00:00:00/10:24,28767) pickup -l -t fifo -u (root,0,0,00:00:02/04:19:34,32737) [kworker/3:2-events] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-10-17 23:29 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363ee8852e2Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189452,12620,00:01:46/35-14:31:41,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:01/35-14:31:41,2) [kthreadd] (root,0,0,00:00:00/35-14:31:41,3) [rcu_gp] (root,0,0,00:00:00/35-14:31:41,4) [rcu_par_gp] (root,0,0,00:00:00/35-14:31:41,5) [slub_flushwq] (root,0,0,00:00:00/35-14:31:41,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/35-14:31:41,9) [mm_percpu_wq] (root,0,0,00:00:00/35-14:31:41,10) [rcu_tasks_kthre] (root,0,0,00:00:00/35-14:31:41,11) [rcu_tasks_rude_] (root,0,0,00:00:00/35-14:31:41,12) [rcu_tasks_trace] (root,0,0,00:01:04/35-14:31:41,13) [ksoftirqd/0] (root,0,0,01:42:19/35-14:31:41,14) [rcu_preempt] (root,0,0,00:00:13/35-14:31:41,15) [migration/0] (root,0,0,00:00:00/35-14:31:41,16) [idle_inject/0] (root,0,0,00:00:00/35-14:31:41,18) [cpuhp/0] (root,0,0,00:00:00/35-14:31:41,19) [cpuhp/1] (root,0,0,00:00:00/35-14:31:41,20) [idle_inject/1] (root,0,0,00:00:13/35-14:31:41,21) [migration/1] (root,0,0,00:00:52/35-14:31:41,22) [ksoftirqd/1] (root,0,0,00:00:00/35-14:31:41,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/35-14:31:41,25) [cpuhp/2] (root,0,0,00:00:00/35-14:31:41,26) [idle_inject/2] (root,0,0,00:00:10/35-14:31:41,27) [migration/2] (root,0,0,01:05:12/35-14:31:41,28) [ksoftirqd/2] (root,0,0,00:00:00/35-14:31:41,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/35-14:31:41,31) [cpuhp/3] (root,0,0,00:00:00/35-14:31:41,32) [idle_inject/3] (root,0,0,00:00:12/35-14:31:41,33) [migration/3] (root,0,0,00:03:21/35-14:31:41,34) [ksoftirqd/3] (root,0,0,00:00:00/35-14:31:41,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/35-14:31:41,40) [kdevtmpfs] (root,0,0,00:00:00/35-14:31:41,41) [netns] (root,0,0,00:00:00/35-14:31:41,42) [inet_frag_wq] (root,0,0,00:00:12/35-14:31:41,43) [kauditd] (root,0,0,00:00:00/35-14:31:41,44) [khungtaskd] (root,0,0,00:00:00/35-14:31:41,45) [oom_reaper] (root,0,0,00:00:00/35-14:31:41,46) [writeback] (root,0,0,00:01:52/35-14:31:41,47) [kcompactd0] (root,0,0,00:00:00/35-14:31:41,48) [ksmd] (root,0,0,00:01:56/35-14:31:41,49) [khugepaged] (root,0,0,00:00:00/35-14:31:41,75) [kintegrityd] (root,0,0,00:00:00/35-14:31:41,76) [kblockd] (root,0,0,00:00:00/35-14:31:41,77) [blkcg_punt_bio] (root,0,0,00:00:00/35-14:31:41,79) [tpm_dev_wq] (root,0,0,00:00:00/35-14:31:41,80) [edac-poller] (root,0,0,00:00:00/35-14:31:41,81) [devfreq_wq] (root,0,0,00:00:00/35-14:31:41,110) [watchdogd] (root,0,0,00:00:02/35-14:31:41,111) [kswapd0] (root,0,0,00:00:09/35-14:31:41,113) [kworker/2:1H-kblockd] (root,0,0,00:00:00/35-14:31:39,115) [kthrotld] (root,0,0,00:00:00/35-14:31:39,116) [mld] (root,0,0,00:00:00/35-14:31:39,117) [ipv6_addrconf] (root,0,0,00:00:10/35-14:31:39,118) [kworker/0:1H-kblockd] (root,0,0,00:00:00/35-14:31:39,123) [kstrp] (root,0,0,00:00:00/35-14:31:39,124) [zswap-shrink] (root,0,0,00:00:00/35-14:31:39,125) [kworker/u9:0] (root,0,0,00:00:00/35-14:31:39,130) [charger_manager] (root,0,0,00:00:10/35-14:31:39,172) [kworker/1:1H-kblockd] (root,0,0,00:00:16/35-14:31:39,177) [kworker/3:1H-kblockd] (root,0,0,00:00:00/35-14:31:38,239) [kaluad] (root,0,0,00:00:00/35-14:31:38,258) [kmpath_rdacd] (root,0,0,00:00:00/35-14:31:38,304) [kmpathd] (root,0,0,00:00:00/35-14:31:38,305) [kmpath_handlerd] (root,0,0,00:00:00/35-14:31:37,342) [ata_sff] (root,0,0,00:00:00/35-14:31:37,343) [scsi_eh_0] (root,0,0,00:00:00/35-14:31:37,344) [scsi_tmf_0] (root,0,0,00:00:00/35-14:31:37,345) [scsi_eh_1] (root,0,0,00:00:00/35-14:31:37,346) [scsi_tmf_1] (root,0,0,00:01:11/35-14:31:34,366) [jbd2/vda1-8] (root,0,0,00:00:00/35-14:31:34,367) [ext4-rsv-conver] (root,38604,7924,00:00:58/35-14:31:22,440) /usr/lib/systemd/systemd-journald (root,53296,9640,00:00:04/35-14:31:21,454) /usr/lib/systemd/systemd-udevd (root,0,0,00:00:00/10:55,485) [kworker/0:2-events] (root,8624,6172,00:00:56/35-14:31:19,492) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1600,00:00:21/35-14:30:48,511) /sbin/auditd (messagebus,22932,5436,00:01:59/35-14:30:47,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8316,00:01:07/35-14:30:47,530) /usr/lib/systemd/systemd-logind (root,20556,4536,00:00:00/35-14:30:47,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31704,15860,00:00:03/35-14:30:45,611) /usr/sbin/wickedd --systemd --foreground (root,31900,16308,00:00:00/35-14:30:45,616) /usr/sbin/wickedd-nanny --systemd --foreground (root,0,0,00:00:00/01:04:53,633) [kworker/u8:1-flush-253:0] (root,548616,30252,00:00:42/35-14:30:31,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,25876,00:00:00/35-14:30:31,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4536,00:03:35/35-14:30:31,1337) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1812,00:00:00/35-14:30:31,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40564,10520,00:00:00/35-14:30:31,1341) /usr/lib/systemd/systemd --user (cm-ssh,40560,10652,00:00:00/35-14:30:31,1342) /usr/lib/systemd/systemd --user (checkmk,40568,10560,00:00:00/35-14:30:31,1343) /usr/lib/systemd/systemd --user (root,449060,8372,00:00:55/35-14:30:31,1345) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,5840,00:05:09/35-14:30:31,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,656,00:00:00/35-14:30:31,1352) bpfilter_umh (root,26204,8116,00:00:18/35-14:30:31,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4016,00:00:00/35-14:30:31,1359) ntpd: asynchronous dns resolver (spot,361008,198248,2-02:20:07/35-14:30:30,1368) /usr/bin/python3.11 /usr/bin/spot (syslogtunnel,48528,3192,00:00:00/35-14:30:30,1371) (sd-pam) (checkmk,48528,3192,00:00:00/35-14:30:30,1372) (sd-pam) (cm-ssh,48528,3192,00:00:00/35-14:30:30,1373) (sd-pam) (root,24216,5260,00:00:12/35-14:30:28,1468) /usr/lib/postfix/bin//master -w (postfix,24292,8228,00:00:02/35-14:30:28,1470) qmgr -l -t fifo -u (root,8964,2656,00:00:04/35-14:30:28,1485) /usr/sbin/cron -n (root,35304,10076,00:00:00/35-14:30:25,1516) sshd: syslogtunnel [priv] (syslogtunnel,35304,5504,00:02:13/35-14:30:24,1527) sshd: syslogtunnel (root,696596,77900,00:49:18/35-14:30:22,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,0,0,00:00:01/02:39:53,1719) [kworker/2:2-events] (spot,223680,64864,00:19:43/35-14:30:10,1995) /usr/bin/python3.11 /usr/bin/spot (postfix,44628,9244,00:00:01/29-20:05:45,2557) tlsmgr -l -t unix -u (root,0,0,00:00:00/01:25,3161) [kworker/3:1-ata_sff] (root,35308,10108,00:00:00/35-14:29:45,3216) sshd: cm-ssh [priv] (cm-ssh,35308,5492,00:01:58/35-14:29:45,3218) sshd: cm-ssh (root,6656,3480,00:00:00/00:00,7439) /bin/bash /usr/bin/check_mk_agent (root,13744,3424,00:00:00/00:00,7457) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,7458) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:00/01:37:04,11281) [kworker/0:1-events] (root,0,0,00:00:00/06:36,16037) [kworker/3:0-events] (root,0,0,00:00:00/35:39,16207) [kworker/1:2-events] (postfix,24244,8160,00:00:00/42:37,18195) pickup -l -t fifo -u (root,0,0,00:00:00/03:47:35,19269) [kworker/u8:2-ext4-rsv-conversion] (root,0,0,00:00:00/01:49:40,20934) [kworker/1:1-events] (root,0,0,00:00:00/15:30,21129) [kworker/2:0-events] (root,0,0,00:00:03/11:48,31160) [kworker/3:2-events] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-10-16 01:20 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe5683631202546aFound public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189452,12724,00:01:39/33-13:07:43,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:01/33-13:07:43,2) [kthreadd] (root,0,0,00:00:00/33-13:07:43,3) [rcu_gp] (root,0,0,00:00:00/33-13:07:43,4) [rcu_par_gp] (root,0,0,00:00:00/33-13:07:43,5) [slub_flushwq] (root,0,0,00:00:00/33-13:07:43,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/33-13:07:43,9) [mm_percpu_wq] (root,0,0,00:00:00/33-13:07:43,10) [rcu_tasks_kthre] (root,0,0,00:00:00/33-13:07:43,11) [rcu_tasks_rude_] (root,0,0,00:00:00/33-13:07:43,12) [rcu_tasks_trace] (root,0,0,00:01:01/33-13:07:43,13) [ksoftirqd/0] (root,0,0,01:36:48/33-13:07:43,14) [rcu_preempt] (root,0,0,00:00:12/33-13:07:43,15) [migration/0] (root,0,0,00:00:00/33-13:07:43,16) [idle_inject/0] (root,0,0,00:00:00/33-13:07:43,18) [cpuhp/0] (root,0,0,00:00:00/33-13:07:43,19) [cpuhp/1] (root,0,0,00:00:00/33-13:07:43,20) [idle_inject/1] (root,0,0,00:00:12/33-13:07:43,21) [migration/1] (root,0,0,00:00:50/33-13:07:43,22) [ksoftirqd/1] (root,0,0,00:00:00/33-13:07:43,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/33-13:07:43,25) [cpuhp/2] (root,0,0,00:00:00/33-13:07:43,26) [idle_inject/2] (root,0,0,00:00:09/33-13:07:43,27) [migration/2] (root,0,0,01:01:59/33-13:07:43,28) [ksoftirqd/2] (root,0,0,00:00:00/33-13:07:43,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/33-13:07:43,31) [cpuhp/3] (root,0,0,00:00:00/33-13:07:43,32) [idle_inject/3] (root,0,0,00:00:12/33-13:07:43,33) [migration/3] (root,0,0,00:03:12/33-13:07:43,34) [ksoftirqd/3] (root,0,0,00:00:00/33-13:07:43,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/33-13:07:43,40) [kdevtmpfs] (root,0,0,00:00:00/33-13:07:43,41) [netns] (root,0,0,00:00:00/33-13:07:43,42) [inet_frag_wq] (root,0,0,00:00:12/33-13:07:43,43) [kauditd] (root,0,0,00:00:00/33-13:07:43,44) [khungtaskd] (root,0,0,00:00:00/33-13:07:43,45) [oom_reaper] (root,0,0,00:00:00/33-13:07:43,46) [writeback] (root,0,0,00:01:46/33-13:07:43,47) [kcompactd0] (root,0,0,00:00:00/33-13:07:43,48) [ksmd] (root,0,0,00:01:49/33-13:07:43,49) [khugepaged] (root,0,0,00:00:00/33-13:07:43,75) [kintegrityd] (root,0,0,00:00:00/33-13:07:43,76) [kblockd] (root,0,0,00:00:00/33-13:07:43,77) [blkcg_punt_bio] (root,0,0,00:00:00/33-13:07:43,79) [tpm_dev_wq] (root,0,0,00:00:00/33-13:07:43,80) [edac-poller] (root,0,0,00:00:00/33-13:07:43,81) [devfreq_wq] (root,0,0,00:00:00/33-13:07:43,110) [watchdogd] (root,0,0,00:00:02/33-13:07:43,111) [kswapd0] (root,0,0,00:00:09/33-13:07:43,113) [kworker/2:1H-kblockd] (root,0,0,00:00:00/33-13:07:41,115) [kthrotld] (root,0,0,00:00:00/33-13:07:41,116) [mld] (root,0,0,00:00:00/33-13:07:41,117) [ipv6_addrconf] (root,0,0,00:00:09/33-13:07:41,118) [kworker/0:1H-kblockd] (root,0,0,00:00:00/33-13:07:41,123) [kstrp] (root,0,0,00:00:00/33-13:07:41,124) [zswap-shrink] (root,0,0,00:00:00/33-13:07:41,125) [kworker/u9:0] (root,0,0,00:00:00/33-13:07:41,130) [charger_manager] (root,0,0,00:00:10/33-13:07:41,172) [kworker/1:1H-kblockd] (root,0,0,00:00:15/33-13:07:41,177) [kworker/3:1H-kblockd] (root,0,0,00:00:00/33-13:07:40,239) [kaluad] (root,0,0,00:00:00/33-13:07:40,258) [kmpath_rdacd] (root,0,0,00:00:00/33-13:07:40,304) [kmpathd] (root,0,0,00:00:00/33-13:07:40,305) [kmpath_handlerd] (root,0,0,00:00:00/33-13:07:39,342) [ata_sff] (root,0,0,00:00:00/33-13:07:39,343) [scsi_eh_0] (root,0,0,00:00:00/33-13:07:39,344) [scsi_tmf_0] (root,0,0,00:00:00/33-13:07:39,345) [scsi_eh_1] (root,0,0,00:00:00/33-13:07:39,346) [scsi_tmf_1] (root,0,0,00:01:07/33-13:07:36,366) [jbd2/vda1-8] (root,0,0,00:00:00/33-13:07:36,367) [ext4-rsv-conver] (root,38604,7944,00:00:54/33-13:07:24,440) /usr/lib/systemd/systemd-journald (root,53296,9712,00:00:03/33-13:07:23,454) /usr/lib/systemd/systemd-udevd (root,8624,6212,00:00:53/33-13:07:21,492) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1616,00:00:20/33-13:06:50,511) /sbin/auditd (messagebus,22932,5632,00:01:52/33-13:06:49,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8332,00:01:03/33-13:06:49,530) /usr/lib/systemd/systemd-logind (root,20556,4624,00:00:00/33-13:06:49,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31704,15948,00:00:03/33-13:06:47,611) /usr/sbin/wickedd --systemd --foreground (root,31900,16404,00:00:00/33-13:06:47,616) /usr/sbin/wickedd-nanny --systemd --foreground (root,548360,29300,00:00:39/33-13:06:33,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,25908,00:00:00/33-13:06:33,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4536,00:03:24/33-13:06:33,1337) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1812,00:00:00/33-13:06:33,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40564,10520,00:00:00/33-13:06:33,1341) /usr/lib/systemd/systemd --user (cm-ssh,40560,10652,00:00:00/33-13:06:33,1342) /usr/lib/systemd/systemd --user (checkmk,40568,10560,00:00:00/33-13:06:33,1343) /usr/lib/systemd/systemd --user (root,449060,8496,00:00:52/33-13:06:33,1345) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,5856,00:04:51/33-13:06:33,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,656,00:00:00/33-13:06:33,1352) bpfilter_umh (root,26204,8128,00:00:17/33-13:06:33,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4032,00:00:00/33-13:06:33,1359) ntpd: asynchronous dns resolver (spot,361264,200060,2-00:19:05/33-13:06:32,1368) /usr/bin/python3.11 /usr/bin/spot (syslogtunnel,48528,3192,00:00:00/33-13:06:32,1371) (sd-pam) (checkmk,48528,3192,00:00:00/33-13:06:32,1372) (sd-pam) (cm-ssh,48528,3192,00:00:00/33-13:06:32,1373) (sd-pam) (root,24216,5260,00:00:11/33-13:06:30,1468) /usr/lib/postfix/bin//master -w (postfix,24292,8228,00:00:02/33-13:06:30,1470) qmgr -l -t fifo -u (root,8964,2656,00:00:04/33-13:06:30,1485) /usr/sbin/cron -n (root,35304,10076,00:00:00/33-13:06:27,1516) sshd: syslogtunnel [priv] (syslogtunnel,35304,5504,00:02:05/33-13:06:26,1527) sshd: syslogtunnel (root,694036,73228,00:46:26/33-13:06:24,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,0,0,00:00:00/20:25,1600) [kworker/3:0-events] (spot,222656,63352,00:18:43/33-13:06:12,1995) /usr/bin/python3.11 /usr/bin/spot (postfix,44628,9244,00:00:01/27-18:41:47,2557) tlsmgr -l -t unix -u (root,35308,10108,00:00:00/33-13:05:47,3216) sshd: cm-ssh [priv] (cm-ssh,35308,5492,00:01:51/33-13:05:47,3218) sshd: cm-ssh (root,0,0,00:00:00/32:42,4095) [kworker/2:0-cgroup_destroy] (root,0,0,00:00:00/26:22,7631) [kworker/u8:0-ext4-rsv-conversion] (root,0,0,00:00:00/04:52,8286) [kworker/3:2-ata_sff] (root,0,0,00:00:02/04:53:06,15620) [kworker/2:2-events] (root,0,0,00:00:00/10:02,16144) [kworker/3:1-ata_sff] (root,0,0,00:00:00/17:10,16920) [kworker/u8:2-writeback] (root,0,0,00:00:00/09:28,18362) [kworker/0:2-cgroup_destroy] (root,0,0,00:00:00/02:45,19454) [kworker/2:1-events] (root,0,0,00:00:00/01:32:47,21273) [kworker/0:1-events] (root,0,0,00:00:00/22:46,22988) [kworker/1:2-cgroup_destroy] (postfix,24244,8228,00:00:00/01:19:38,25034) pickup -l -t fifo -u (root,0,0,00:00:00/01:19:26,25667) [kworker/1:0-events] (root,6656,3480,00:00:00/00:00,30583) /bin/bash /usr/bin/check_mk_agent (root,13744,3384,00:00:00/00:00,30601) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,30602) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-10-13 23:56 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363ea23425aFound public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189452,12724,00:01:33/31-13:05:42,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/31-13:05:42,2) [kthreadd] (root,0,0,00:00:00/31-13:05:42,3) [rcu_gp] (root,0,0,00:00:00/31-13:05:42,4) [rcu_par_gp] (root,0,0,00:00:00/31-13:05:42,5) [slub_flushwq] (root,0,0,00:00:00/31-13:05:42,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/31-13:05:42,9) [mm_percpu_wq] (root,0,0,00:00:00/31-13:05:42,10) [rcu_tasks_kthre] (root,0,0,00:00:00/31-13:05:42,11) [rcu_tasks_rude_] (root,0,0,00:00:00/31-13:05:42,12) [rcu_tasks_trace] (root,0,0,00:00:58/31-13:05:42,13) [ksoftirqd/0] (root,0,0,01:31:28/31-13:05:42,14) [rcu_preempt] (root,0,0,00:00:12/31-13:05:42,15) [migration/0] (root,0,0,00:00:00/31-13:05:42,16) [idle_inject/0] (root,0,0,00:00:00/31-13:05:42,18) [cpuhp/0] (root,0,0,00:00:00/31-13:05:42,19) [cpuhp/1] (root,0,0,00:00:00/31-13:05:42,20) [idle_inject/1] (root,0,0,00:00:12/31-13:05:42,21) [migration/1] (root,0,0,00:00:47/31-13:05:42,22) [ksoftirqd/1] (root,0,0,00:00:00/31-13:05:42,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/31-13:05:42,25) [cpuhp/2] (root,0,0,00:00:00/31-13:05:42,26) [idle_inject/2] (root,0,0,00:00:09/31-13:05:42,27) [migration/2] (root,0,0,00:58:56/31-13:05:42,28) [ksoftirqd/2] (root,0,0,00:00:00/31-13:05:42,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/31-13:05:42,31) [cpuhp/3] (root,0,0,00:00:00/31-13:05:42,32) [idle_inject/3] (root,0,0,00:00:11/31-13:05:42,33) [migration/3] (root,0,0,00:03:03/31-13:05:42,34) [ksoftirqd/3] (root,0,0,00:00:00/31-13:05:42,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/31-13:05:42,40) [kdevtmpfs] (root,0,0,00:00:00/31-13:05:42,41) [netns] (root,0,0,00:00:00/31-13:05:42,42) [inet_frag_wq] (root,0,0,00:00:11/31-13:05:42,43) [kauditd] (root,0,0,00:00:00/31-13:05:42,44) [khungtaskd] (root,0,0,00:00:00/31-13:05:42,45) [oom_reaper] (root,0,0,00:00:00/31-13:05:42,46) [writeback] (root,0,0,00:01:40/31-13:05:42,47) [kcompactd0] (root,0,0,00:00:00/31-13:05:42,48) [ksmd] (root,0,0,00:01:43/31-13:05:42,49) [khugepaged] (root,0,0,00:00:00/31-13:05:42,75) [kintegrityd] (root,0,0,00:00:00/31-13:05:42,76) [kblockd] (root,0,0,00:00:00/31-13:05:42,77) [blkcg_punt_bio] (root,0,0,00:00:00/31-13:05:42,79) [tpm_dev_wq] (root,0,0,00:00:00/31-13:05:42,80) [edac-poller] (root,0,0,00:00:00/31-13:05:42,81) [devfreq_wq] (root,0,0,00:00:00/31-13:05:42,110) [watchdogd] (root,0,0,00:00:02/31-13:05:42,111) [kswapd0] (root,0,0,00:00:08/31-13:05:42,113) [kworker/2:1H-kblockd] (root,0,0,00:00:00/31-13:05:40,115) [kthrotld] (root,0,0,00:00:00/31-13:05:40,116) [mld] (root,0,0,00:00:00/31-13:05:40,117) [ipv6_addrconf] (root,0,0,00:00:09/31-13:05:40,118) [kworker/0:1H-kblockd] (root,0,0,00:00:00/31-13:05:40,123) [kstrp] (root,0,0,00:00:00/31-13:05:40,124) [zswap-shrink] (root,0,0,00:00:00/31-13:05:40,125) [kworker/u9:0] (root,0,0,00:00:00/31-13:05:40,130) [charger_manager] (root,0,0,00:00:09/31-13:05:40,172) [kworker/1:1H-kblockd] (root,0,0,00:00:14/31-13:05:40,177) [kworker/3:1H-kblockd] (root,0,0,00:00:00/31-13:05:39,239) [kaluad] (root,0,0,00:00:00/31-13:05:39,258) [kmpath_rdacd] (root,0,0,00:00:00/31-13:05:39,304) [kmpathd] (root,0,0,00:00:00/31-13:05:39,305) [kmpath_handlerd] (root,0,0,00:00:00/31-13:05:38,342) [ata_sff] (root,0,0,00:00:00/31-13:05:38,343) [scsi_eh_0] (root,0,0,00:00:00/31-13:05:38,344) [scsi_tmf_0] (root,0,0,00:00:00/31-13:05:38,345) [scsi_eh_1] (root,0,0,00:00:00/31-13:05:38,346) [scsi_tmf_1] (root,0,0,00:01:03/31-13:05:35,366) [jbd2/vda1-8] (root,0,0,00:00:00/31-13:05:35,367) [ext4-rsv-conver] (root,38604,7944,00:00:51/31-13:05:23,440) /usr/lib/systemd/systemd-journald (root,53296,9712,00:00:03/31-13:05:22,454) /usr/lib/systemd/systemd-udevd (root,8624,6212,00:00:49/31-13:05:20,492) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1616,00:00:18/31-13:04:49,511) /sbin/auditd (messagebus,22932,5632,00:01:44/31-13:04:48,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8332,00:00:59/31-13:04:48,530) /usr/lib/systemd/systemd-logind (root,20556,4624,00:00:00/31-13:04:48,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31704,15948,00:00:03/31-13:04:46,611) /usr/sbin/wickedd --systemd --foreground (root,31900,16404,00:00:00/31-13:04:46,616) /usr/sbin/wickedd-nanny --systemd --foreground (root,548360,29300,00:00:37/31-13:04:32,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,25908,00:00:00/31-13:04:32,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4536,00:03:12/31-13:04:32,1337) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1812,00:00:00/31-13:04:32,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40564,10520,00:00:00/31-13:04:32,1341) /usr/lib/systemd/systemd --user (cm-ssh,40560,10652,00:00:00/31-13:04:32,1342) /usr/lib/systemd/systemd --user (checkmk,40568,10560,00:00:00/31-13:04:32,1343) /usr/lib/systemd/systemd --user (root,449060,8496,00:00:48/31-13:04:32,1345) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,5856,00:04:35/31-13:04:32,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,656,00:00:00/31-13:04:32,1352) bpfilter_umh (root,26204,8128,00:00:16/31-13:04:32,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4032,00:00:00/31-13:04:32,1359) ntpd: asynchronous dns resolver (spot,362336,200328,1-22:10:35/31-13:04:31,1368) /usr/bin/python3.11 /usr/bin/spot (syslogtunnel,48528,3192,00:00:00/31-13:04:31,1371) (sd-pam) (checkmk,48528,3192,00:00:00/31-13:04:31,1372) (sd-pam) (cm-ssh,48528,3192,00:00:00/31-13:04:31,1373) (sd-pam) (root,24216,5260,00:00:11/31-13:04:29,1468) /usr/lib/postfix/bin//master -w (postfix,24292,8228,00:00:02/31-13:04:29,1470) qmgr -l -t fifo -u (root,8964,2656,00:00:04/31-13:04:29,1485) /usr/sbin/cron -n (root,35304,10076,00:00:00/31-13:04:26,1516) sshd: syslogtunnel [priv] (syslogtunnel,35304,5504,00:01:58/31-13:04:25,1527) sshd: syslogtunnel (root,693780,72896,00:43:43/31-13:04:23,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,0,0,00:00:00/03:57,1852) [kworker/3:0-ata_sff] (spot,221632,61988,00:17:41/31-13:04:11,1995) /usr/bin/python3.11 /usr/bin/spot (postfix,44628,9244,00:00:01/25-18:39:46,2557) tlsmgr -l -t unix -u (root,0,0,00:00:00/10:06,2865) [kworker/u8:2-writeback] (root,35308,10108,00:00:00/31-13:03:46,3216) sshd: cm-ssh [priv] (cm-ssh,35308,5492,00:01:45/31-13:03:46,3218) sshd: cm-ssh (root,0,0,00:00:00/09:10,6836) [kworker/3:2-ata_sff] (root,0,0,00:00:00/18:14:18,11736) [kworker/u8:1-ext4-rsv-conversion] (root,0,0,00:00:00/07:41,15172) [kworker/0:2-events] (root,0,0,00:00:00/21:05,18883) [kworker/1:1-events] (root,6656,3488,00:00:00/00:00,19150) /bin/bash /usr/bin/check_mk_agent (root,13744,3412,00:00:00/00:00,19168) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,19169) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:01/03:26:14,22602) [kworker/2:1-events] (root,0,0,00:00:00/01:53:43,23881) [kworker/1:2-events] (root,0,0,00:00:00/34:26,27419) [kworker/2:2-events] (root,0,0,00:00:01/02:28:51,28641) [kworker/0:1-events] (root,0,0,00:00:00/24:43,31518) [kworker/3:1-events] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-10-11 23:54 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363264e913eFound public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189452,12724,00:01:25/29-13:04:29,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/29-13:04:29,2) [kthreadd] (root,0,0,00:00:00/29-13:04:29,3) [rcu_gp] (root,0,0,00:00:00/29-13:04:29,4) [rcu_par_gp] (root,0,0,00:00:00/29-13:04:29,5) [slub_flushwq] (root,0,0,00:00:00/29-13:04:29,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/29-13:04:29,9) [mm_percpu_wq] (root,0,0,00:00:00/29-13:04:29,10) [rcu_tasks_kthre] (root,0,0,00:00:00/29-13:04:29,11) [rcu_tasks_rude_] (root,0,0,00:00:00/29-13:04:29,12) [rcu_tasks_trace] (root,0,0,00:00:55/29-13:04:29,13) [ksoftirqd/0] (root,0,0,01:25:38/29-13:04:29,14) [rcu_preempt] (root,0,0,00:00:11/29-13:04:29,15) [migration/0] (root,0,0,00:00:00/29-13:04:29,16) [idle_inject/0] (root,0,0,00:00:00/29-13:04:29,18) [cpuhp/0] (root,0,0,00:00:00/29-13:04:29,19) [cpuhp/1] (root,0,0,00:00:00/29-13:04:29,20) [idle_inject/1] (root,0,0,00:00:11/29-13:04:29,21) [migration/1] (root,0,0,00:00:45/29-13:04:29,22) [ksoftirqd/1] (root,0,0,00:00:00/29-13:04:29,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/29-13:04:29,25) [cpuhp/2] (root,0,0,00:00:00/29-13:04:29,26) [idle_inject/2] (root,0,0,00:00:08/29-13:04:29,27) [migration/2] (root,0,0,00:54:42/29-13:04:29,28) [ksoftirqd/2] (root,0,0,00:00:00/29-13:04:29,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/29-13:04:29,31) [cpuhp/3] (root,0,0,00:00:00/29-13:04:29,32) [idle_inject/3] (root,0,0,00:00:10/29-13:04:29,33) [migration/3] (root,0,0,00:02:50/29-13:04:29,34) [ksoftirqd/3] (root,0,0,00:00:00/29-13:04:29,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/29-13:04:29,40) [kdevtmpfs] (root,0,0,00:00:00/29-13:04:29,41) [netns] (root,0,0,00:00:00/29-13:04:29,42) [inet_frag_wq] (root,0,0,00:00:10/29-13:04:29,43) [kauditd] (root,0,0,00:00:00/29-13:04:29,44) [khungtaskd] (root,0,0,00:00:00/29-13:04:29,45) [oom_reaper] (root,0,0,00:00:00/29-13:04:29,46) [writeback] (root,0,0,00:01:34/29-13:04:29,47) [kcompactd0] (root,0,0,00:00:00/29-13:04:29,48) [ksmd] (root,0,0,00:01:36/29-13:04:29,49) [khugepaged] (root,0,0,00:00:00/29-13:04:29,75) [kintegrityd] (root,0,0,00:00:00/29-13:04:29,76) [kblockd] (root,0,0,00:00:00/29-13:04:29,77) [blkcg_punt_bio] (root,0,0,00:00:00/29-13:04:29,79) [tpm_dev_wq] (root,0,0,00:00:00/29-13:04:29,80) [edac-poller] (root,0,0,00:00:00/29-13:04:29,81) [devfreq_wq] (root,0,0,00:00:00/29-13:04:29,110) [watchdogd] (root,0,0,00:00:02/29-13:04:29,111) [kswapd0] (root,0,0,00:00:08/29-13:04:29,113) [kworker/2:1H-kblockd] (root,0,0,00:00:00/29-13:04:27,115) [kthrotld] (root,0,0,00:00:00/29-13:04:27,116) [mld] (root,0,0,00:00:00/29-13:04:27,117) [ipv6_addrconf] (root,0,0,00:00:08/29-13:04:27,118) [kworker/0:1H-kblockd] (root,0,0,00:00:00/29-13:04:27,123) [kstrp] (root,0,0,00:00:00/29-13:04:27,124) [zswap-shrink] (root,0,0,00:00:00/29-13:04:27,125) [kworker/u9:0] (root,0,0,00:00:00/29-13:04:27,130) [charger_manager] (root,0,0,00:00:09/29-13:04:27,172) [kworker/1:1H-kblockd] (root,0,0,00:00:13/29-13:04:27,177) [kworker/3:1H-kblockd] (root,0,0,00:00:00/29-13:04:26,239) [kaluad] (root,0,0,00:00:00/29-13:04:26,258) [kmpath_rdacd] (root,0,0,00:00:00/29-13:04:26,304) [kmpathd] (root,0,0,00:00:00/29-13:04:26,305) [kmpath_handlerd] (root,0,0,00:00:00/29-13:04:25,342) [ata_sff] (root,0,0,00:00:00/29-13:04:25,343) [scsi_eh_0] (root,0,0,00:00:00/29-13:04:25,344) [scsi_tmf_0] (root,0,0,00:00:00/29-13:04:25,345) [scsi_eh_1] (root,0,0,00:00:00/29-13:04:25,346) [scsi_tmf_1] (root,0,0,00:00:59/29-13:04:22,366) [jbd2/vda1-8] (root,0,0,00:00:00/29-13:04:22,367) [ext4-rsv-conver] (root,38604,7944,00:00:47/29-13:04:10,440) /usr/lib/systemd/systemd-journald (root,53296,9712,00:00:03/29-13:04:09,454) /usr/lib/systemd/systemd-udevd (root,8624,6212,00:00:46/29-13:04:07,492) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1616,00:00:17/29-13:03:36,511) /sbin/auditd (messagebus,22932,5632,00:01:35/29-13:03:35,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8332,00:00:54/29-13:03:35,530) /usr/lib/systemd/systemd-logind (root,20556,4624,00:00:00/29-13:03:35,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31704,15948,00:00:03/29-13:03:33,611) /usr/sbin/wickedd --systemd --foreground (root,31900,16404,00:00:00/29-13:03:33,616) /usr/sbin/wickedd-nanny --systemd --foreground (root,548360,29300,00:00:35/29-13:03:19,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,25908,00:00:00/29-13:03:19,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4536,00:03:01/29-13:03:19,1337) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1812,00:00:00/29-13:03:19,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40564,10520,00:00:00/29-13:03:19,1341) /usr/lib/systemd/systemd --user (cm-ssh,40560,10652,00:00:00/29-13:03:19,1342) /usr/lib/systemd/systemd --user (checkmk,40568,10560,00:00:00/29-13:03:19,1343) /usr/lib/systemd/systemd --user (root,449060,8644,00:00:45/29-13:03:19,1345) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,5856,00:04:17/29-13:03:19,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,656,00:00:00/29-13:03:19,1352) bpfilter_umh (root,26204,8128,00:00:14/29-13:03:19,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4032,00:00:00/29-13:03:19,1359) ntpd: asynchronous dns resolver (spot,361168,200008,1-19:48:10/29-13:03:18,1368) /usr/bin/python3.11 /usr/bin/spot (syslogtunnel,48528,3192,00:00:00/29-13:03:18,1371) (sd-pam) (checkmk,48528,3192,00:00:00/29-13:03:18,1372) (sd-pam) (cm-ssh,48528,3192,00:00:00/29-13:03:18,1373) (sd-pam) (root,24216,5260,00:00:10/29-13:03:16,1468) /usr/lib/postfix/bin//master -w (postfix,24292,8228,00:00:02/29-13:03:16,1470) qmgr -l -t fifo -u (root,8964,2656,00:00:04/29-13:03:16,1485) /usr/sbin/cron -n (root,35304,10076,00:00:00/29-13:03:13,1516) sshd: syslogtunnel [priv] (syslogtunnel,35304,5504,00:01:50/29-13:03:12,1527) sshd: syslogtunnel (root,693524,74428,00:40:50/29-13:03:10,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,220608,60744,00:16:37/29-13:02:58,1995) /usr/bin/python3.11 /usr/bin/spot (postfix,44628,9244,00:00:01/23-18:38:33,2557) tlsmgr -l -t unix -u (root,0,0,00:00:00/27:37,2706) [kworker/u8:0-ext4-rsv-conversion] (root,35308,10108,00:00:00/29-13:02:33,3216) sshd: cm-ssh [priv] (cm-ssh,35308,5492,00:01:38/29-13:02:33,3218) sshd: cm-ssh (root,0,0,00:00:00/06:10,3972) [kworker/u8:2-writeback] (root,0,0,00:00:00/05:47,4803) [kworker/3:0-ata_sff] (postfix,24244,8232,00:00:00/20:17,5297) pickup -l -t fifo -u (root,0,0,00:00:01/01:28:47,11915) [kworker/3:2-events] (root,0,0,00:00:00/02:28,13161) [kworker/1:0-events] (root,0,0,00:00:00/18:29,14664) [kworker/0:0] (root,0,0,00:00:00/00:37,20952) [kworker/3:1-ata_sff] (root,0,0,00:00:01/02:28:32,22291) [kworker/0:1-events] (root,6656,3488,00:00:00/00:00,23007) /bin/bash /usr/bin/check_mk_agent (root,13744,3512,00:00:00/00:00,23025) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,23026) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:00/37:50,25890) [kworker/2:0] (root,0,0,00:00:00/01:00:48,28994) [kworker/1:2-cgroup_destroy] (root,0,0,00:00:00/01:16:58,29505) [kworker/2:1-events] (root,0,0,00:00:00/15:18,30310) [kworker/1:1-events] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-10-09 23:53 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe56836327cb8904Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189452,12724,00:01:18/27-13:08:42,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/27-13:08:42,2) [kthreadd] (root,0,0,00:00:00/27-13:08:42,3) [rcu_gp] (root,0,0,00:00:00/27-13:08:42,4) [rcu_par_gp] (root,0,0,00:00:00/27-13:08:42,5) [slub_flushwq] (root,0,0,00:00:00/27-13:08:42,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/27-13:08:42,9) [mm_percpu_wq] (root,0,0,00:00:00/27-13:08:42,10) [rcu_tasks_kthre] (root,0,0,00:00:00/27-13:08:42,11) [rcu_tasks_rude_] (root,0,0,00:00:00/27-13:08:42,12) [rcu_tasks_trace] (root,0,0,00:00:52/27-13:08:42,13) [ksoftirqd/0] (root,0,0,01:20:10/27-13:08:42,14) [rcu_preempt] (root,0,0,00:00:10/27-13:08:42,15) [migration/0] (root,0,0,00:00:00/27-13:08:42,16) [idle_inject/0] (root,0,0,00:00:00/27-13:08:42,18) [cpuhp/0] (root,0,0,00:00:00/27-13:08:42,19) [cpuhp/1] (root,0,0,00:00:00/27-13:08:42,20) [idle_inject/1] (root,0,0,00:00:10/27-13:08:42,21) [migration/1] (root,0,0,00:00:42/27-13:08:42,22) [ksoftirqd/1] (root,0,0,00:00:00/27-13:08:42,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/27-13:08:42,25) [cpuhp/2] (root,0,0,00:00:00/27-13:08:42,26) [idle_inject/2] (root,0,0,00:00:08/27-13:08:42,27) [migration/2] (root,0,0,00:51:34/27-13:08:42,28) [ksoftirqd/2] (root,0,0,00:00:00/27-13:08:42,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/27-13:08:42,31) [cpuhp/3] (root,0,0,00:00:00/27-13:08:42,32) [idle_inject/3] (root,0,0,00:00:10/27-13:08:42,33) [migration/3] (root,0,0,00:02:41/27-13:08:42,34) [ksoftirqd/3] (root,0,0,00:00:00/27-13:08:42,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/27-13:08:42,40) [kdevtmpfs] (root,0,0,00:00:00/27-13:08:42,41) [netns] (root,0,0,00:00:00/27-13:08:42,42) [inet_frag_wq] (root,0,0,00:00:09/27-13:08:42,43) [kauditd] (root,0,0,00:00:00/27-13:08:42,44) [khungtaskd] (root,0,0,00:00:00/27-13:08:42,45) [oom_reaper] (root,0,0,00:00:00/27-13:08:42,46) [writeback] (root,0,0,00:01:28/27-13:08:42,47) [kcompactd0] (root,0,0,00:00:00/27-13:08:42,48) [ksmd] (root,0,0,00:01:29/27-13:08:42,49) [khugepaged] (root,0,0,00:00:00/27-13:08:42,75) [kintegrityd] (root,0,0,00:00:00/27-13:08:42,76) [kblockd] (root,0,0,00:00:00/27-13:08:42,77) [blkcg_punt_bio] (root,0,0,00:00:00/27-13:08:42,79) [tpm_dev_wq] (root,0,0,00:00:00/27-13:08:42,80) [edac-poller] (root,0,0,00:00:00/27-13:08:42,81) [devfreq_wq] (root,0,0,00:00:00/27-13:08:42,110) [watchdogd] (root,0,0,00:00:02/27-13:08:42,111) [kswapd0] (root,0,0,00:00:07/27-13:08:42,113) [kworker/2:1H-kblockd] (root,0,0,00:00:00/27-13:08:40,115) [kthrotld] (root,0,0,00:00:00/27-13:08:40,116) [mld] (root,0,0,00:00:00/27-13:08:40,117) [ipv6_addrconf] (root,0,0,00:00:07/27-13:08:40,118) [kworker/0:1H-kblockd] (root,0,0,00:00:00/27-13:08:40,123) [kstrp] (root,0,0,00:00:00/27-13:08:40,124) [zswap-shrink] (root,0,0,00:00:00/27-13:08:40,125) [kworker/u9:0] (root,0,0,00:00:00/27-13:08:40,130) [charger_manager] (root,0,0,00:00:08/27-13:08:40,172) [kworker/1:1H-kblockd] (root,0,0,00:00:12/27-13:08:40,177) [kworker/3:1H-kblockd] (root,0,0,00:00:00/27-13:08:39,239) [kaluad] (root,0,0,00:00:00/27-13:08:39,258) [kmpath_rdacd] (root,0,0,00:00:00/27-13:08:39,304) [kmpathd] (root,0,0,00:00:00/27-13:08:39,305) [kmpath_handlerd] (root,0,0,00:00:00/27-13:08:38,342) [ata_sff] (root,0,0,00:00:00/27-13:08:38,343) [scsi_eh_0] (root,0,0,00:00:00/27-13:08:38,344) [scsi_tmf_0] (root,0,0,00:00:00/27-13:08:38,345) [scsi_eh_1] (root,0,0,00:00:00/27-13:08:38,346) [scsi_tmf_1] (root,0,0,00:00:55/27-13:08:35,366) [jbd2/vda1-8] (root,0,0,00:00:00/27-13:08:35,367) [ext4-rsv-conver] (root,38604,7944,00:00:43/27-13:08:23,440) /usr/lib/systemd/systemd-journald (root,53296,9712,00:00:03/27-13:08:22,454) /usr/lib/systemd/systemd-udevd (root,8624,6212,00:00:43/27-13:08:20,492) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1616,00:00:15/27-13:07:49,511) /sbin/auditd (messagebus,22932,5632,00:01:26/27-13:07:48,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8328,00:00:49/27-13:07:48,530) /usr/lib/systemd/systemd-logind (root,20556,4624,00:00:00/27-13:07:48,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31704,15948,00:00:03/27-13:07:46,611) /usr/sbin/wickedd --systemd --foreground (root,31900,16404,00:00:00/27-13:07:46,616) /usr/sbin/wickedd-nanny --systemd --foreground (root,548104,28776,00:00:32/27-13:07:32,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,25908,00:00:00/27-13:07:32,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4536,00:02:49/27-13:07:32,1337) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1812,00:00:00/27-13:07:32,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40564,10520,00:00:00/27-13:07:32,1341) /usr/lib/systemd/systemd --user (cm-ssh,40560,10652,00:00:00/27-13:07:32,1342) /usr/lib/systemd/systemd --user (checkmk,40568,10560,00:00:00/27-13:07:32,1343) /usr/lib/systemd/systemd --user (root,449060,8644,00:00:41/27-13:07:32,1345) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,5856,00:04:00/27-13:07:32,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,656,00:00:00/27-13:07:32,1352) bpfilter_umh (root,26204,8128,00:00:13/27-13:07:32,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4032,00:00:00/27-13:07:32,1359) ntpd: asynchronous dns resolver (spot,295920,194972,1-17:12:32/27-13:07:31,1368) /usr/bin/python3.11 /usr/bin/spot (syslogtunnel,48528,3192,00:00:00/27-13:07:31,1371) (sd-pam) (checkmk,48528,3192,00:00:00/27-13:07:31,1372) (sd-pam) (cm-ssh,48528,3192,00:00:00/27-13:07:31,1373) (sd-pam) (root,6656,3484,00:00:00/00:01,1408) /bin/bash /usr/bin/check_mk_agent (root,13744,3492,00:00:00/00:01,1426) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:01,1427) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,24216,5260,00:00:09/27-13:07:29,1468) /usr/lib/postfix/bin//master -w (postfix,24292,8228,00:00:01/27-13:07:29,1470) qmgr -l -t fifo -u (root,8964,2656,00:00:03/27-13:07:29,1485) /usr/sbin/cron -n (root,35304,10076,00:00:00/27-13:07:26,1516) sshd: syslogtunnel [priv] (syslogtunnel,35304,5504,00:01:42/27-13:07:25,1527) sshd: syslogtunnel (root,693268,72064,00:38:05/27-13:07:23,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,219584,59132,00:15:35/27-13:07:11,1995) /usr/bin/python3.11 /usr/bin/spot (postfix,44628,9244,00:00:00/21-18:42:46,2557) tlsmgr -l -t unix -u (root,35308,10108,00:00:00/27-13:06:46,3216) sshd: cm-ssh [priv] (cm-ssh,35308,5492,00:01:31/27-13:06:46,3218) sshd: cm-ssh (root,0,0,00:00:00/01:36:51,4690) [kworker/u8:1-ext4-rsv-conversion] (root,0,0,00:00:00/07:29,4886) [kworker/1:0-events] (root,0,0,00:00:00/06:46,8133) [kworker/3:1-ata_sff] (postfix,24244,8176,00:00:00/46:16,10198) pickup -l -t fifo -u (root,0,0,00:00:00/13:44,14310) [kworker/0:0-cgroup_destroy] (root,0,0,00:00:00/01:56:27,21505) [kworker/u8:2-writeback] (root,0,0,00:00:00/01:31:18,22103) [kworker/0:1-events] (root,0,0,00:00:00/01:12:49,24824) [kworker/2:1-events] (root,0,0,00:00:00/10:36,24846) [kworker/2:0-events] (root,0,0,00:00:01/01:29:47,28201) [kworker/3:0-mm_percpu_wq] (root,0,0,00:00:00/41:47,28567) [kworker/1:1-events] (root,0,0,00:00:00/01:34,29528) [kworker/3:2-ata_sff] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-10-07 23:57 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe5683639fe4ebbdFound public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189452,12712,00:01:11/25-12:53:30,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/25-12:53:30,2) [kthreadd] (root,0,0,00:00:00/25-12:53:30,3) [rcu_gp] (root,0,0,00:00:00/25-12:53:30,4) [rcu_par_gp] (root,0,0,00:00:00/25-12:53:30,5) [slub_flushwq] (root,0,0,00:00:00/25-12:53:30,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/25-12:53:30,9) [mm_percpu_wq] (root,0,0,00:00:00/25-12:53:30,10) [rcu_tasks_kthre] (root,0,0,00:00:00/25-12:53:30,11) [rcu_tasks_rude_] (root,0,0,00:00:00/25-12:53:30,12) [rcu_tasks_trace] (root,0,0,00:00:48/25-12:53:30,13) [ksoftirqd/0] (root,0,0,01:14:44/25-12:53:30,14) [rcu_preempt] (root,0,0,00:00:09/25-12:53:30,15) [migration/0] (root,0,0,00:00:00/25-12:53:30,16) [idle_inject/0] (root,0,0,00:00:00/25-12:53:30,18) [cpuhp/0] (root,0,0,00:00:00/25-12:53:30,19) [cpuhp/1] (root,0,0,00:00:00/25-12:53:30,20) [idle_inject/1] (root,0,0,00:00:09/25-12:53:30,21) [migration/1] (root,0,0,00:00:39/25-12:53:30,22) [ksoftirqd/1] (root,0,0,00:00:00/25-12:53:30,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/25-12:53:30,25) [cpuhp/2] (root,0,0,00:00:00/25-12:53:30,26) [idle_inject/2] (root,0,0,00:00:07/25-12:53:30,27) [migration/2] (root,0,0,00:48:51/25-12:53:30,28) [ksoftirqd/2] (root,0,0,00:00:00/25-12:53:30,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/25-12:53:30,31) [cpuhp/3] (root,0,0,00:00:00/25-12:53:30,32) [idle_inject/3] (root,0,0,00:00:09/25-12:53:30,33) [migration/3] (root,0,0,00:02:31/25-12:53:30,34) [ksoftirqd/3] (root,0,0,00:00:00/25-12:53:30,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/25-12:53:30,40) [kdevtmpfs] (root,0,0,00:00:00/25-12:53:30,41) [netns] (root,0,0,00:00:00/25-12:53:30,42) [inet_frag_wq] (root,0,0,00:00:08/25-12:53:30,43) [kauditd] (root,0,0,00:00:00/25-12:53:30,44) [khungtaskd] (root,0,0,00:00:00/25-12:53:30,45) [oom_reaper] (root,0,0,00:00:00/25-12:53:30,46) [writeback] (root,0,0,00:01:21/25-12:53:30,47) [kcompactd0] (root,0,0,00:00:00/25-12:53:30,48) [ksmd] (root,0,0,00:01:23/25-12:53:30,49) [khugepaged] (root,0,0,00:00:00/25-12:53:30,75) [kintegrityd] (root,0,0,00:00:00/25-12:53:30,76) [kblockd] (root,0,0,00:00:00/25-12:53:30,77) [blkcg_punt_bio] (root,0,0,00:00:00/25-12:53:30,79) [tpm_dev_wq] (root,0,0,00:00:00/25-12:53:30,80) [edac-poller] (root,0,0,00:00:00/25-12:53:30,81) [devfreq_wq] (root,0,0,00:00:00/25-12:53:30,110) [watchdogd] (root,0,0,00:00:01/25-12:53:30,111) [kswapd0] (root,0,0,00:00:07/25-12:53:30,113) [kworker/2:1H-kblockd] (root,0,0,00:00:00/25-12:53:28,115) [kthrotld] (root,0,0,00:00:00/25-12:53:28,116) [mld] (root,0,0,00:00:00/25-12:53:28,117) [ipv6_addrconf] (root,0,0,00:00:07/25-12:53:28,118) [kworker/0:1H-kblockd] (root,0,0,00:00:00/25-12:53:28,123) [kstrp] (root,0,0,00:00:00/25-12:53:28,124) [zswap-shrink] (root,0,0,00:00:00/25-12:53:28,125) [kworker/u9:0] (root,0,0,00:00:00/25-12:53:28,130) [charger_manager] (root,0,0,00:00:07/25-12:53:28,172) [kworker/1:1H-kblockd] (root,0,0,00:00:11/25-12:53:28,177) [kworker/3:1H-kblockd] (root,0,0,00:00:00/25-12:53:27,239) [kaluad] (root,0,0,00:00:00/25-12:53:27,258) [kmpath_rdacd] (root,0,0,00:00:00/25-12:53:27,304) [kmpathd] (root,0,0,00:00:00/25-12:53:27,305) [kmpath_handlerd] (root,0,0,00:00:00/25-12:53:26,342) [ata_sff] (root,0,0,00:00:00/25-12:53:26,343) [scsi_eh_0] (root,0,0,00:00:00/25-12:53:26,344) [scsi_tmf_0] (root,0,0,00:00:00/25-12:53:26,345) [scsi_eh_1] (root,0,0,00:00:00/25-12:53:26,346) [scsi_tmf_1] (root,0,0,00:00:51/25-12:53:23,366) [jbd2/vda1-8] (root,0,0,00:00:00/25-12:53:23,367) [ext4-rsv-conver] (root,38604,7992,00:00:39/25-12:53:11,440) /usr/lib/systemd/systemd-journald (root,53296,9748,00:00:03/25-12:53:10,454) /usr/lib/systemd/systemd-udevd (root,8624,6244,00:00:40/25-12:53:08,492) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1652,00:00:14/25-12:52:37,511) /sbin/auditd (messagebus,22932,5912,00:01:17/25-12:52:36,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8392,00:00:44/25-12:52:36,530) /usr/lib/systemd/systemd-logind (root,20556,5900,00:00:00/25-12:52:36,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31704,17292,00:00:03/25-12:52:34,611) /usr/sbin/wickedd --systemd --foreground (root,31900,17856,00:00:00/25-12:52:34,616) /usr/sbin/wickedd-nanny --systemd --foreground (root,0,0,00:00:00/02:13,710) [kworker/0:0-events] (root,548104,29508,00:00:30/25-12:52:20,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26660,00:00:00/25-12:52:20,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4536,00:02:37/25-12:52:20,1337) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1856,00:00:00/25-12:52:20,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40564,10520,00:00:00/25-12:52:20,1341) /usr/lib/systemd/systemd --user (cm-ssh,40560,10652,00:00:00/25-12:52:20,1342) /usr/lib/systemd/systemd --user (checkmk,40568,10560,00:00:00/25-12:52:20,1343) /usr/lib/systemd/systemd --user (root,449060,9120,00:00:37/25-12:52:20,1345) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6340,00:03:42/25-12:52:20,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,656,00:00:00/25-12:52:20,1352) bpfilter_umh (root,26204,8212,00:00:12/25-12:52:20,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4368,00:00:00/25-12:52:20,1359) ntpd: asynchronous dns resolver (spot,296112,191500,1-14:58:07/25-12:52:19,1368) /usr/bin/python3.11 /usr/bin/spot (syslogtunnel,48528,3192,00:00:00/25-12:52:19,1371) (sd-pam) (checkmk,48528,3192,00:00:00/25-12:52:19,1372) (sd-pam) (cm-ssh,48528,3192,00:00:00/25-12:52:19,1373) (sd-pam) (root,24216,5268,00:00:09/25-12:52:17,1468) /usr/lib/postfix/bin//master -w (postfix,24292,8244,00:00:01/25-12:52:17,1470) qmgr -l -t fifo -u (root,8964,2656,00:00:03/25-12:52:17,1485) /usr/sbin/cron -n (root,35304,10076,00:00:00/25-12:52:14,1516) sshd: syslogtunnel [priv] (syslogtunnel,35304,5504,00:01:35/25-12:52:13,1527) sshd: syslogtunnel (root,693268,73792,00:35:21/25-12:52:11,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,218560,57872,00:14:36/25-12:51:59,1995) /usr/bin/python3.11 /usr/bin/spot (postfix,44628,9292,00:00:00/19-18:27:34,2557) tlsmgr -l -t unix -u (root,35308,10108,00:00:00/25-12:51:34,3216) sshd: cm-ssh [priv] (cm-ssh,35308,5492,00:01:25/25-12:51:34,3218) sshd: cm-ssh (root,0,0,00:00:00/01:09,4073) [kworker/3:1-ata_sff] (root,6656,3488,00:00:00/00:00,9550) /bin/bash /usr/bin/check_mk_agent (root,13744,3500,00:00:00/00:00,9576) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,9577) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:00/01:15:02,11861) [kworker/u8:0-ext4-rsv-conversion] (root,0,0,00:00:00/08:13,15928) [kworker/1:2-cgroup_destroy] (root,0,0,00:00:00/48:22,16699) [kworker/2:2-events] (root,0,0,00:00:00/39:23,17398) [kworker/2:1-events] (root,0,0,00:00:00/14:18,20983) [kworker/0:1-cgroup_destroy] (root,0,0,00:00:00/01:52:10,21873) [kworker/1:0-events] (root,0,0,00:00:00/06:20,22152) [kworker/3:0-ata_sff] (root,0,0,00:00:00/01:01:43,22713) [kworker/u8:1-writeback] (root,0,0,00:00:01/01:34:33,27643) [kworker/3:2-events] (root,0,0,00:00:00/01:00:25,28674) [kworker/0:2-events] (postfix,24244,8204,00:00:00/52:09,32576) pickup -l -t fifo -u Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-10-05 23:42 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe56836325cd33bfFound public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189452,12712,00:01:03/23-12:39:04,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/23-12:39:04,2) [kthreadd] (root,0,0,00:00:00/23-12:39:04,3) [rcu_gp] (root,0,0,00:00:00/23-12:39:04,4) [rcu_par_gp] (root,0,0,00:00:00/23-12:39:04,5) [slub_flushwq] (root,0,0,00:00:00/23-12:39:04,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/23-12:39:04,9) [mm_percpu_wq] (root,0,0,00:00:00/23-12:39:04,10) [rcu_tasks_kthre] (root,0,0,00:00:00/23-12:39:04,11) [rcu_tasks_rude_] (root,0,0,00:00:00/23-12:39:04,12) [rcu_tasks_trace] (root,0,0,00:00:45/23-12:39:04,13) [ksoftirqd/0] (root,0,0,01:09:05/23-12:39:04,14) [rcu_preempt] (root,0,0,00:00:09/23-12:39:04,15) [migration/0] (root,0,0,00:00:00/23-12:39:04,16) [idle_inject/0] (root,0,0,00:00:00/23-12:39:04,18) [cpuhp/0] (root,0,0,00:00:00/23-12:39:04,19) [cpuhp/1] (root,0,0,00:00:00/23-12:39:04,20) [idle_inject/1] (root,0,0,00:00:09/23-12:39:04,21) [migration/1] (root,0,0,00:00:37/23-12:39:04,22) [ksoftirqd/1] (root,0,0,00:00:00/23-12:39:04,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/23-12:39:04,25) [cpuhp/2] (root,0,0,00:00:00/23-12:39:04,26) [idle_inject/2] (root,0,0,00:00:07/23-12:39:04,27) [migration/2] (root,0,0,00:45:30/23-12:39:04,28) [ksoftirqd/2] (root,0,0,00:00:00/23-12:39:04,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/23-12:39:04,31) [cpuhp/3] (root,0,0,00:00:00/23-12:39:04,32) [idle_inject/3] (root,0,0,00:00:08/23-12:39:04,33) [migration/3] (root,0,0,00:02:21/23-12:39:04,34) [ksoftirqd/3] (root,0,0,00:00:00/23-12:39:04,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/23-12:39:04,40) [kdevtmpfs] (root,0,0,00:00:00/23-12:39:04,41) [netns] (root,0,0,00:00:00/23-12:39:04,42) [inet_frag_wq] (root,0,0,00:00:07/23-12:39:04,43) [kauditd] (root,0,0,00:00:00/23-12:39:04,44) [khungtaskd] (root,0,0,00:00:00/23-12:39:04,45) [oom_reaper] (root,0,0,00:00:00/23-12:39:04,46) [writeback] (root,0,0,00:01:15/23-12:39:04,47) [kcompactd0] (root,0,0,00:00:00/23-12:39:04,48) [ksmd] (root,0,0,00:01:17/23-12:39:04,49) [khugepaged] (root,0,0,00:00:00/23-12:39:04,75) [kintegrityd] (root,0,0,00:00:00/23-12:39:04,76) [kblockd] (root,0,0,00:00:00/23-12:39:04,77) [blkcg_punt_bio] (root,0,0,00:00:00/23-12:39:04,79) [tpm_dev_wq] (root,0,0,00:00:00/23-12:39:04,80) [edac-poller] (root,0,0,00:00:00/23-12:39:04,81) [devfreq_wq] (root,0,0,00:00:00/23-12:39:04,110) [watchdogd] (root,0,0,00:00:01/23-12:39:04,111) [kswapd0] (root,0,0,00:00:06/23-12:39:04,113) [kworker/2:1H-kblockd] (root,0,0,00:00:00/23-12:39:02,115) [kthrotld] (root,0,0,00:00:00/23-12:39:02,116) [mld] (root,0,0,00:00:00/23-12:39:02,117) [ipv6_addrconf] (root,0,0,00:00:06/23-12:39:02,118) [kworker/0:1H-kblockd] (root,0,0,00:00:00/23-12:39:02,123) [kstrp] (root,0,0,00:00:00/23-12:39:02,124) [zswap-shrink] (root,0,0,00:00:00/23-12:39:02,125) [kworker/u9:0] (root,0,0,00:00:00/23-12:39:02,130) [charger_manager] (root,0,0,00:00:07/23-12:39:02,172) [kworker/1:1H-kblockd] (root,0,0,00:00:10/23-12:39:02,177) [kworker/3:1H-kblockd] (root,0,0,00:00:00/23-12:39:01,239) [kaluad] (root,0,0,00:00:00/23-12:39:01,258) [kmpath_rdacd] (root,0,0,00:00:00/23-12:39:01,304) [kmpathd] (root,0,0,00:00:00/23-12:39:01,305) [kmpath_handlerd] (root,0,0,00:00:00/23-12:39:00,342) [ata_sff] (root,0,0,00:00:00/23-12:39:00,343) [scsi_eh_0] (root,0,0,00:00:00/23-12:39:00,344) [scsi_tmf_0] (root,0,0,00:00:00/23-12:39:00,345) [scsi_eh_1] (root,0,0,00:00:00/23-12:39:00,346) [scsi_tmf_1] (root,0,0,00:00:47/23-12:38:57,366) [jbd2/vda1-8] (root,0,0,00:00:00/23-12:38:57,367) [ext4-rsv-conver] (root,38604,7992,00:00:35/23-12:38:45,440) /usr/lib/systemd/systemd-journald (root,53296,9748,00:00:02/23-12:38:44,454) /usr/lib/systemd/systemd-udevd (root,8624,6244,00:00:37/23-12:38:42,492) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1652,00:00:12/23-12:38:11,511) /sbin/auditd (messagebus,22932,5912,00:01:08/23-12:38:10,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8392,00:00:39/23-12:38:10,530) /usr/lib/systemd/systemd-logind (root,20556,5900,00:00:00/23-12:38:10,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31704,17292,00:00:03/23-12:38:08,611) /usr/sbin/wickedd --systemd --foreground (root,31900,17856,00:00:00/23-12:38:08,616) /usr/sbin/wickedd-nanny --systemd --foreground (root,548104,28468,00:00:27/23-12:37:54,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26660,00:00:00/23-12:37:54,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4536,00:02:26/23-12:37:54,1337) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1856,00:00:00/23-12:37:54,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40564,10520,00:00:00/23-12:37:54,1341) /usr/lib/systemd/systemd --user (cm-ssh,40560,10652,00:00:00/23-12:37:54,1342) /usr/lib/systemd/systemd --user (checkmk,40568,10560,00:00:00/23-12:37:54,1343) /usr/lib/systemd/systemd --user (root,449060,9120,00:00:33/23-12:37:54,1345) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6340,00:03:25/23-12:37:54,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,656,00:00:00/23-12:37:54,1352) bpfilter_umh (root,26204,8212,00:00:10/23-12:37:54,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4368,00:00:00/23-12:37:54,1359) ntpd: asynchronous dns resolver (spot,291728,178028,1-12:31:31/23-12:37:53,1368) /usr/bin/python3.11 /usr/bin/spot (syslogtunnel,48528,3192,00:00:00/23-12:37:53,1371) (sd-pam) (checkmk,48528,3192,00:00:00/23-12:37:53,1372) (sd-pam) (cm-ssh,48528,3192,00:00:00/23-12:37:53,1373) (sd-pam) (root,24216,5268,00:00:08/23-12:37:51,1468) /usr/lib/postfix/bin//master -w (postfix,24292,8244,00:00:01/23-12:37:51,1470) qmgr -l -t fifo -u (root,8964,2656,00:00:03/23-12:37:51,1485) /usr/sbin/cron -n (root,35304,10076,00:00:00/23-12:37:48,1516) sshd: syslogtunnel [priv] (syslogtunnel,35304,5504,00:01:27/23-12:37:47,1527) sshd: syslogtunnel (root,692644,73248,00:32:33/23-12:37:45,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,217536,56548,00:13:35/23-12:37:33,1995) /usr/bin/python3.11 /usr/bin/spot (postfix,44628,9292,00:00:00/17-18:13:08,2557) tlsmgr -l -t unix -u (root,35308,10108,00:00:00/23-12:37:08,3216) sshd: cm-ssh [priv] (cm-ssh,35308,5492,00:01:18/23-12:37:08,3218) sshd: cm-ssh (root,0,0,00:00:00/47:02,3867) [kworker/0:0-events] (root,0,0,00:00:00/12:33,3961) [kworker/1:2-events] (root,0,0,00:00:00/55:28,4103) [kworker/u8:1-flush-253:0] (root,0,0,00:00:00/05:20:39,4562) [kworker/u8:0-flush-253:0] (root,0,0,00:00:00/03:41,6492) [kworker/3:2-ata_sff] (root,0,0,00:00:00/03:40,6663) [kworker/0:2-events] (root,0,0,00:00:00/31:39,14029) [kworker/2:1-events] (root,0,0,00:00:00/19:12,15545) [kworker/0:1-cgroup_destroy] (root,0,0,00:00:00/01:08:59,18134) [kworker/2:2-events] (root,0,0,00:00:00/29:37,18665) [kworker/3:1-events] (postfix,24244,8168,00:00:00/59:33,18770) pickup -l -t fifo -u (root,0,0,00:00:00/08:53,19362) [kworker/3:0-ata_sff] (root,6656,3492,00:00:00/00:00,20959) /bin/bash /usr/bin/check_mk_agent (root,6656,3480,00:00:00/00:00,20979) /bin/bash /usr/bin/check_mk_agent (root,13744,3532,00:00:00/00:00,21017) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,956,00:00:00/00:00,21018) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:00/06:34,28637) [kworker/1:1] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-10-03 23:27 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe5683631c393e20Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189452,12688,00:00:54/21-12:48:23,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/21-12:48:23,2) [kthreadd] (root,0,0,00:00:00/21-12:48:23,3) [rcu_gp] (root,0,0,00:00:00/21-12:48:23,4) [rcu_par_gp] (root,0,0,00:00:00/21-12:48:23,5) [slub_flushwq] (root,0,0,00:00:00/21-12:48:23,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/21-12:48:23,9) [mm_percpu_wq] (root,0,0,00:00:00/21-12:48:23,10) [rcu_tasks_kthre] (root,0,0,00:00:00/21-12:48:23,11) [rcu_tasks_rude_] (root,0,0,00:00:00/21-12:48:23,12) [rcu_tasks_trace] (root,0,0,00:00:41/21-12:48:23,13) [ksoftirqd/0] (root,0,0,01:03:26/21-12:48:23,14) [rcu_preempt] (root,0,0,00:00:08/21-12:48:23,15) [migration/0] (root,0,0,00:00:00/21-12:48:23,16) [idle_inject/0] (root,0,0,00:00:00/21-12:48:23,18) [cpuhp/0] (root,0,0,00:00:00/21-12:48:23,19) [cpuhp/1] (root,0,0,00:00:00/21-12:48:23,20) [idle_inject/1] (root,0,0,00:00:08/21-12:48:23,21) [migration/1] (root,0,0,00:00:34/21-12:48:23,22) [ksoftirqd/1] (root,0,0,00:00:00/21-12:48:23,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/21-12:48:23,25) [cpuhp/2] (root,0,0,00:00:00/21-12:48:23,26) [idle_inject/2] (root,0,0,00:00:06/21-12:48:23,27) [migration/2] (root,0,0,00:42:43/21-12:48:23,28) [ksoftirqd/2] (root,0,0,00:00:00/21-12:48:23,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/21-12:48:23,31) [cpuhp/3] (root,0,0,00:00:00/21-12:48:23,32) [idle_inject/3] (root,0,0,00:00:08/21-12:48:23,33) [migration/3] (root,0,0,00:02:11/21-12:48:23,34) [ksoftirqd/3] (root,0,0,00:00:00/21-12:48:23,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/21-12:48:23,40) [kdevtmpfs] (root,0,0,00:00:00/21-12:48:23,41) [netns] (root,0,0,00:00:00/21-12:48:23,42) [inet_frag_wq] (root,0,0,00:00:06/21-12:48:23,43) [kauditd] (root,0,0,00:00:00/21-12:48:23,44) [khungtaskd] (root,0,0,00:00:00/21-12:48:23,45) [oom_reaper] (root,0,0,00:00:00/21-12:48:23,46) [writeback] (root,0,0,00:01:09/21-12:48:23,47) [kcompactd0] (root,0,0,00:00:00/21-12:48:23,48) [ksmd] (root,0,0,00:01:10/21-12:48:23,49) [khugepaged] (root,0,0,00:00:00/21-12:48:23,75) [kintegrityd] (root,0,0,00:00:00/21-12:48:23,76) [kblockd] (root,0,0,00:00:00/21-12:48:23,77) [blkcg_punt_bio] (root,0,0,00:00:00/21-12:48:23,79) [tpm_dev_wq] (root,0,0,00:00:00/21-12:48:23,80) [edac-poller] (root,0,0,00:00:00/21-12:48:23,81) [devfreq_wq] (root,0,0,00:00:00/21-12:48:23,110) [watchdogd] (root,0,0,00:00:01/21-12:48:23,111) [kswapd0] (root,0,0,00:00:05/21-12:48:23,113) [kworker/2:1H-kblockd] (root,0,0,00:00:00/21-12:48:21,115) [kthrotld] (root,0,0,00:00:00/21-12:48:21,116) [mld] (root,0,0,00:00:00/21-12:48:21,117) [ipv6_addrconf] (root,0,0,00:00:06/21-12:48:21,118) [kworker/0:1H-kblockd] (root,0,0,00:00:00/21-12:48:21,123) [kstrp] (root,0,0,00:00:00/21-12:48:21,124) [zswap-shrink] (root,0,0,00:00:00/21-12:48:21,125) [kworker/u9:0] (root,0,0,00:00:00/21-12:48:21,130) [charger_manager] (root,0,0,00:00:06/21-12:48:21,172) [kworker/1:1H-kblockd] (root,0,0,00:00:09/21-12:48:21,177) [kworker/3:1H-kblockd] (root,0,0,00:00:00/21-12:48:20,239) [kaluad] (root,0,0,00:00:00/21-12:48:20,258) [kmpath_rdacd] (root,0,0,00:00:00/21-12:48:20,304) [kmpathd] (root,0,0,00:00:00/21-12:48:20,305) [kmpath_handlerd] (root,0,0,00:00:00/21-12:48:19,342) [ata_sff] (root,0,0,00:00:00/21-12:48:19,343) [scsi_eh_0] (root,0,0,00:00:00/21-12:48:19,344) [scsi_tmf_0] (root,0,0,00:00:00/21-12:48:19,345) [scsi_eh_1] (root,0,0,00:00:00/21-12:48:19,346) [scsi_tmf_1] (root,0,0,00:00:43/21-12:48:16,366) [jbd2/vda1-8] (root,0,0,00:00:00/21-12:48:16,367) [ext4-rsv-conver] (root,38604,7992,00:00:30/21-12:48:04,440) /usr/lib/systemd/systemd-journald (root,53296,9748,00:00:02/21-12:48:03,454) /usr/lib/systemd/systemd-udevd (root,0,0,00:00:01/01:51:04,461) [kworker/3:0-events] (root,8624,6244,00:00:34/21-12:48:01,492) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1652,00:00:10/21-12:47:30,511) /sbin/auditd (messagebus,22932,5912,00:00:58/21-12:47:29,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8392,00:00:33/21-12:47:29,530) /usr/lib/systemd/systemd-logind (root,20556,5900,00:00:00/21-12:47:29,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31704,17292,00:00:03/21-12:47:27,611) /usr/sbin/wickedd --systemd --foreground (root,31900,17856,00:00:00/21-12:47:27,616) /usr/sbin/wickedd-nanny --systemd --foreground (root,0,0,00:00:00/07:19,1269) [kworker/3:2-ata_sff] (postfix,24244,8220,00:00:00/01:30:44,1289) pickup -l -t fifo -u (root,548104,28468,00:00:25/21-12:47:13,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26660,00:00:00/21-12:47:13,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4536,00:02:16/21-12:47:13,1337) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1856,00:00:00/21-12:47:13,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40564,10520,00:00:00/21-12:47:13,1341) /usr/lib/systemd/systemd --user (cm-ssh,40560,10652,00:00:00/21-12:47:13,1342) /usr/lib/systemd/systemd --user (checkmk,40568,10560,00:00:00/21-12:47:13,1343) /usr/lib/systemd/systemd --user (root,449156,8812,00:00:29/21-12:47:13,1345) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6340,00:03:07/21-12:47:13,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,656,00:00:00/21-12:47:13,1352) bpfilter_umh (root,26204,8212,00:00:09/21-12:47:13,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4368,00:00:00/21-12:47:13,1359) ntpd: asynchronous dns resolver (spot,313548,199424,1-09:54:55/21-12:47:12,1368) /usr/bin/python3.11 /usr/bin/spot (syslogtunnel,48528,3192,00:00:00/21-12:47:12,1371) (sd-pam) (checkmk,48528,3192,00:00:00/21-12:47:12,1372) (sd-pam) (cm-ssh,48528,3192,00:00:00/21-12:47:12,1373) (sd-pam) (root,24216,5268,00:00:07/21-12:47:10,1468) /usr/lib/postfix/bin//master -w (postfix,24292,8244,00:00:01/21-12:47:10,1470) qmgr -l -t fifo -u (root,8964,2656,00:00:03/21-12:47:10,1485) /usr/sbin/cron -n (root,35304,10076,00:00:00/21-12:47:07,1516) sshd: syslogtunnel [priv] (syslogtunnel,35304,5504,00:01:19/21-12:47:06,1527) sshd: syslogtunnel (root,692388,74908,00:29:47/21-12:47:04,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,216512,55044,00:12:32/21-12:46:52,1995) /usr/bin/python3.11 /usr/bin/spot (postfix,44628,9292,00:00:00/15-18:22:27,2557) tlsmgr -l -t unix -u (root,35308,10108,00:00:00/21-12:46:27,3216) sshd: cm-ssh [priv] (cm-ssh,35308,5492,00:01:12/21-12:46:27,3218) sshd: cm-ssh (root,0,0,00:00:00/20:51,3360) [kworker/2:0-events_power_efficient] (root,0,0,00:00:00/06:37,3491) [kworker/1:2-events] (root,0,0,00:00:00/47:25,6922) [kworker/0:2-events] (root,0,0,00:00:00/02:07:00,9313) [kworker/u8:2-ext4-rsv-conversion] (root,0,0,00:00:00/01:10:13,14476) [kworker/u8:1-writeback] (root,0,0,00:00:00/02:06,16487) [kworker/3:1-ata_sff] (root,0,0,00:00:00/01:18:49,17661) [kworker/1:1-cgroup_destroy] (root,0,0,00:00:00/12:21,18332) [kworker/0:1] (root,0,0,00:00:00/00:57,20656) [kworker/1:0] (root,6656,3480,00:00:00/00:00,24499) /bin/bash /usr/bin/check_mk_agent (root,13744,3460,00:00:00/00:00,24517) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,952,00:00:00/00:00,24518) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:01/04:26:58,29790) [kworker/2:2-events] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-10-01 23:37 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe56836338b7f4d7Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189452,12688,00:00:44/19-11:57:07,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/19-11:57:07,2) [kthreadd] (root,0,0,00:00:00/19-11:57:07,3) [rcu_gp] (root,0,0,00:00:00/19-11:57:07,4) [rcu_par_gp] (root,0,0,00:00:00/19-11:57:07,5) [slub_flushwq] (root,0,0,00:00:00/19-11:57:07,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/19-11:57:07,9) [mm_percpu_wq] (root,0,0,00:00:00/19-11:57:07,10) [rcu_tasks_kthre] (root,0,0,00:00:00/19-11:57:07,11) [rcu_tasks_rude_] (root,0,0,00:00:00/19-11:57:07,12) [rcu_tasks_trace] (root,0,0,00:00:37/19-11:57:07,13) [ksoftirqd/0] (root,0,0,00:57:11/19-11:57:07,14) [rcu_preempt] (root,0,0,00:00:07/19-11:57:07,15) [migration/0] (root,0,0,00:00:00/19-11:57:07,16) [idle_inject/0] (root,0,0,00:00:00/19-11:57:07,18) [cpuhp/0] (root,0,0,00:00:00/19-11:57:07,19) [cpuhp/1] (root,0,0,00:00:00/19-11:57:07,20) [idle_inject/1] (root,0,0,00:00:07/19-11:57:07,21) [migration/1] (root,0,0,00:00:31/19-11:57:07,22) [ksoftirqd/1] (root,0,0,00:00:00/19-11:57:07,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/19-11:57:07,25) [cpuhp/2] (root,0,0,00:00:00/19-11:57:07,26) [idle_inject/2] (root,0,0,00:00:05/19-11:57:07,27) [migration/2] (root,0,0,00:39:08/19-11:57:07,28) [ksoftirqd/2] (root,0,0,00:00:00/19-11:57:07,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/19-11:57:07,31) [cpuhp/3] (root,0,0,00:00:00/19-11:57:07,32) [idle_inject/3] (root,0,0,00:00:07/19-11:57:07,33) [migration/3] (root,0,0,00:01:58/19-11:57:07,34) [ksoftirqd/3] (root,0,0,00:00:00/19-11:57:07,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/19-11:57:07,40) [kdevtmpfs] (root,0,0,00:00:00/19-11:57:07,41) [netns] (root,0,0,00:00:00/19-11:57:07,42) [inet_frag_wq] (root,0,0,00:00:05/19-11:57:07,43) [kauditd] (root,0,0,00:00:00/19-11:57:07,44) [khungtaskd] (root,0,0,00:00:00/19-11:57:07,45) [oom_reaper] (root,0,0,00:00:00/19-11:57:07,46) [writeback] (root,0,0,00:01:02/19-11:57:07,47) [kcompactd0] (root,0,0,00:00:00/19-11:57:07,48) [ksmd] (root,0,0,00:01:03/19-11:57:07,49) [khugepaged] (root,0,0,00:00:00/19-11:57:07,75) [kintegrityd] (root,0,0,00:00:00/19-11:57:07,76) [kblockd] (root,0,0,00:00:00/19-11:57:07,77) [blkcg_punt_bio] (root,0,0,00:00:00/19-11:57:07,79) [tpm_dev_wq] (root,0,0,00:00:00/19-11:57:07,80) [edac-poller] (root,0,0,00:00:00/19-11:57:07,81) [devfreq_wq] (root,0,0,00:00:00/19-11:57:07,110) [watchdogd] (root,0,0,00:00:01/19-11:57:07,111) [kswapd0] (root,0,0,00:00:05/19-11:57:07,113) [kworker/2:1H-kblockd] (root,0,0,00:00:00/19-11:57:05,115) [kthrotld] (root,0,0,00:00:00/19-11:57:05,116) [mld] (root,0,0,00:00:00/19-11:57:05,117) [ipv6_addrconf] (root,0,0,00:00:05/19-11:57:05,118) [kworker/0:1H-kblockd] (root,0,0,00:00:00/19-11:57:05,123) [kstrp] (root,0,0,00:00:00/19-11:57:05,124) [zswap-shrink] (root,0,0,00:00:00/19-11:57:05,125) [kworker/u9:0] (root,0,0,00:00:00/19-11:57:05,130) [charger_manager] (root,0,0,00:00:05/19-11:57:05,172) [kworker/1:1H-kblockd] (root,0,0,00:00:08/19-11:57:05,177) [kworker/3:1H-kblockd] (root,0,0,00:00:00/19-11:57:04,239) [kaluad] (root,0,0,00:00:00/19-11:57:04,258) [kmpath_rdacd] (root,0,0,00:00:00/19-11:57:04,304) [kmpathd] (root,0,0,00:00:00/19-11:57:04,305) [kmpath_handlerd] (root,0,0,00:00:00/19-11:57:03,342) [ata_sff] (root,0,0,00:00:00/19-11:57:03,343) [scsi_eh_0] (root,0,0,00:00:00/19-11:57:03,344) [scsi_tmf_0] (root,0,0,00:00:00/19-11:57:03,345) [scsi_eh_1] (root,0,0,00:00:00/19-11:57:03,346) [scsi_tmf_1] (root,0,0,00:00:38/19-11:57:00,366) [jbd2/vda1-8] (root,0,0,00:00:00/19-11:57:00,367) [ext4-rsv-conver] (root,38604,7616,00:00:25/19-11:56:48,440) /usr/lib/systemd/systemd-journald (root,53296,9748,00:00:02/19-11:56:47,454) /usr/lib/systemd/systemd-udevd (root,8624,6244,00:00:31/19-11:56:45,492) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1652,00:00:08/19-11:56:14,511) /sbin/auditd (messagebus,22932,5912,00:00:45/19-11:56:13,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8392,00:00:26/19-11:56:13,530) /usr/lib/systemd/systemd-logind (root,20556,6040,00:00:00/19-11:56:13,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31704,17436,00:00:03/19-11:56:11,611) /usr/sbin/wickedd --systemd --foreground (root,31900,18000,00:00:00/19-11:56:11,616) /usr/sbin/wickedd-nanny --systemd --foreground (root,547848,27472,00:00:23/19-11:55:57,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26660,00:00:00/19-11:55:57,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4536,00:02:04/19-11:55:57,1337) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1856,00:00:00/19-11:55:57,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40564,10520,00:00:00/19-11:55:57,1341) /usr/lib/systemd/systemd --user (cm-ssh,40560,10652,00:00:00/19-11:55:57,1342) /usr/lib/systemd/systemd --user (checkmk,40568,10560,00:00:00/19-11:55:57,1343) /usr/lib/systemd/systemd --user (root,449156,8812,00:00:24/19-11:55:57,1345) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6340,00:02:49/19-11:55:57,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,656,00:00:00/19-11:55:57,1352) bpfilter_umh (root,26204,8212,00:00:07/19-11:55:57,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4368,00:00:00/19-11:55:57,1359) ntpd: asynchronous dns resolver (spot,314316,199628,1-07:01:14/19-11:55:56,1368) /usr/bin/python3.11 /usr/bin/spot (syslogtunnel,48528,3192,00:00:00/19-11:55:56,1371) (sd-pam) (checkmk,48528,3192,00:00:00/19-11:55:56,1372) (sd-pam) (cm-ssh,48528,3192,00:00:00/19-11:55:56,1373) (sd-pam) (root,24216,5268,00:00:06/19-11:55:54,1468) /usr/lib/postfix/bin//master -w (postfix,24292,8244,00:00:01/19-11:55:54,1470) qmgr -l -t fifo -u (root,8964,2656,00:00:02/19-11:55:54,1485) /usr/sbin/cron -n (root,35304,10076,00:00:00/19-11:55:51,1516) sshd: syslogtunnel [priv] (syslogtunnel,35304,5504,00:01:10/19-11:55:50,1527) sshd: syslogtunnel (root,618656,73492,00:26:52/19-11:55:48,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,0,0,00:00:00/07:24,1678) [kworker/3:1-events] (spot,215488,53708,00:11:18/19-11:55:36,1995) /usr/bin/python3.11 /usr/bin/spot (postfix,44628,9336,00:00:00/13-17:31:11,2557) tlsmgr -l -t unix -u (root,35308,10108,00:00:00/19-11:55:11,3216) sshd: cm-ssh [priv] (cm-ssh,35308,5492,00:01:04/19-11:55:11,3218) sshd: cm-ssh (root,0,0,00:00:01/02:11:55,3324) [kworker/3:0-ata_sff] (root,0,0,00:00:00/06:45:46,5852) [kworker/u8:2-ext4-rsv-conversion] (root,0,0,00:00:00/15:12,10933) [kworker/2:1-cgroup_destroy] (root,0,0,00:00:00/02:07:51,12961) [kworker/2:0-events] (root,0,0,00:00:00/45:18,17258) [kworker/1:0-events] (root,0,0,00:00:00/02:38,21404) [kworker/2:2] (root,0,0,00:00:00/02:13,22212) [kworker/3:2-ata_sff] (root,0,0,00:00:00/02:03:35,23780) [kworker/0:1-events] (root,0,0,00:00:00/01:01:48,25296) [kworker/u8:0-flush-253:0] (root,0,0,00:00:00/01:31:42,29630) [kworker/1:2-events] (root,0,0,00:00:00/01:21:22,29670) [kworker/0:2-events] (postfix,24244,8268,00:00:00/01:00:23,29784) pickup -l -t fifo -u (root,6656,3476,00:00:00/00:00,31513) /bin/bash /usr/bin/check_mk_agent (root,13744,3464,00:00:00/00:00,31531) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,948,00:00:00/00:00,31532) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-09-29 22:45 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe5683633034658aFound public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189452,12680,00:00:33/17-11:44:23,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/17-11:44:23,2) [kthreadd] (root,0,0,00:00:00/17-11:44:23,3) [rcu_gp] (root,0,0,00:00:00/17-11:44:23,4) [rcu_par_gp] (root,0,0,00:00:00/17-11:44:23,5) [slub_flushwq] (root,0,0,00:00:00/17-11:44:23,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/17-11:44:23,9) [mm_percpu_wq] (root,0,0,00:00:00/17-11:44:23,10) [rcu_tasks_kthre] (root,0,0,00:00:00/17-11:44:23,11) [rcu_tasks_rude_] (root,0,0,00:00:00/17-11:44:23,12) [rcu_tasks_trace] (root,0,0,00:00:32/17-11:44:23,13) [ksoftirqd/0] (root,0,0,00:50:13/17-11:44:23,14) [rcu_preempt] (root,0,0,00:00:06/17-11:44:23,15) [migration/0] (root,0,0,00:00:00/17-11:44:23,16) [idle_inject/0] (root,0,0,00:00:00/17-11:44:23,18) [cpuhp/0] (root,0,0,00:00:00/17-11:44:23,19) [cpuhp/1] (root,0,0,00:00:00/17-11:44:23,20) [idle_inject/1] (root,0,0,00:00:06/17-11:44:23,21) [migration/1] (root,0,0,00:00:27/17-11:44:23,22) [ksoftirqd/1] (root,0,0,00:00:00/17-11:44:23,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/17-11:44:23,25) [cpuhp/2] (root,0,0,00:00:00/17-11:44:23,26) [idle_inject/2] (root,0,0,00:00:05/17-11:44:23,27) [migration/2] (root,0,0,00:33:35/17-11:44:23,28) [ksoftirqd/2] (root,0,0,00:00:00/17-11:44:23,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/17-11:44:23,31) [cpuhp/3] (root,0,0,00:00:00/17-11:44:23,32) [idle_inject/3] (root,0,0,00:00:06/17-11:44:23,33) [migration/3] (root,0,0,00:01:40/17-11:44:23,34) [ksoftirqd/3] (root,0,0,00:00:00/17-11:44:23,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/17-11:44:23,40) [kdevtmpfs] (root,0,0,00:00:00/17-11:44:23,41) [netns] (root,0,0,00:00:00/17-11:44:23,42) [inet_frag_wq] (root,0,0,00:00:03/17-11:44:23,43) [kauditd] (root,0,0,00:00:00/17-11:44:23,44) [khungtaskd] (root,0,0,00:00:00/17-11:44:23,45) [oom_reaper] (root,0,0,00:00:00/17-11:44:23,46) [writeback] (root,0,0,00:00:54/17-11:44:23,47) [kcompactd0] (root,0,0,00:00:00/17-11:44:23,48) [ksmd] (root,0,0,00:00:56/17-11:44:23,49) [khugepaged] (root,0,0,00:00:00/17-11:44:23,75) [kintegrityd] (root,0,0,00:00:00/17-11:44:23,76) [kblockd] (root,0,0,00:00:00/17-11:44:23,77) [blkcg_punt_bio] (root,0,0,00:00:00/17-11:44:23,79) [tpm_dev_wq] (root,0,0,00:00:00/17-11:44:23,80) [edac-poller] (root,0,0,00:00:00/17-11:44:23,81) [devfreq_wq] (root,0,0,00:00:00/17-11:44:23,110) [watchdogd] (root,0,0,00:00:01/17-11:44:23,111) [kswapd0] (root,0,0,00:00:04/17-11:44:23,113) [kworker/2:1H-kblockd] (root,0,0,00:00:00/17-11:44:21,115) [kthrotld] (root,0,0,00:00:00/17-11:44:21,116) [mld] (root,0,0,00:00:00/17-11:44:21,117) [ipv6_addrconf] (root,0,0,00:00:04/17-11:44:21,118) [kworker/0:1H-kblockd] (root,0,0,00:00:00/17-11:44:21,123) [kstrp] (root,0,0,00:00:00/17-11:44:21,124) [zswap-shrink] (root,0,0,00:00:00/17-11:44:21,125) [kworker/u9:0] (root,0,0,00:00:00/17-11:44:21,130) [charger_manager] (root,0,0,00:00:05/17-11:44:21,172) [kworker/1:1H-kblockd] (root,0,0,00:00:07/17-11:44:21,177) [kworker/3:1H-kblockd] (root,0,0,00:00:00/17-11:44:20,239) [kaluad] (root,0,0,00:00:00/17-11:44:20,258) [kmpath_rdacd] (root,0,0,00:00:00/17-11:44:20,304) [kmpathd] (root,0,0,00:00:00/17-11:44:20,305) [kmpath_handlerd] (root,0,0,00:00:00/17-11:44:19,342) [ata_sff] (root,0,0,00:00:00/17-11:44:19,343) [scsi_eh_0] (root,0,0,00:00:00/17-11:44:19,344) [scsi_tmf_0] (root,0,0,00:00:00/17-11:44:19,345) [scsi_eh_1] (root,0,0,00:00:00/17-11:44:19,346) [scsi_tmf_1] (root,0,0,00:00:34/17-11:44:16,366) [jbd2/vda1-8] (root,0,0,00:00:00/17-11:44:16,367) [ext4-rsv-conver] (root,38604,7616,00:00:19/17-11:44:04,440) /usr/lib/systemd/systemd-journald (root,53296,9748,00:00:02/17-11:44:03,454) /usr/lib/systemd/systemd-udevd (root,8624,6244,00:00:27/17-11:44:01,492) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1652,00:00:06/17-11:43:30,511) /sbin/auditd (messagebus,22932,5912,00:00:31/17-11:43:29,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8388,00:00:18/17-11:43:29,530) /usr/lib/systemd/systemd-logind (root,20556,6040,00:00:00/17-11:43:29,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31704,17436,00:00:03/17-11:43:27,611) /usr/sbin/wickedd --systemd --foreground (root,31900,18000,00:00:00/17-11:43:27,616) /usr/sbin/wickedd-nanny --systemd --foreground (root,547848,27472,00:00:20/17-11:43:13,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26660,00:00:00/17-11:43:13,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4536,00:01:50/17-11:43:13,1337) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1856,00:00:00/17-11:43:13,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40564,10520,00:00:00/17-11:43:13,1341) /usr/lib/systemd/systemd --user (cm-ssh,40560,10652,00:00:00/17-11:43:13,1342) /usr/lib/systemd/systemd --user (checkmk,40568,10560,00:00:00/17-11:43:13,1343) /usr/lib/systemd/systemd --user (root,448964,9120,00:00:19/17-11:43:13,1345) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6340,00:02:29/17-11:43:13,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,656,00:00:00/17-11:43:13,1352) bpfilter_umh (root,26204,8212,00:00:04/17-11:43:13,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4368,00:00:00/17-11:43:13,1359) ntpd: asynchronous dns resolver (spot,315260,199864,1-02:57:31/17-11:43:12,1368) /usr/bin/python3.11 /usr/bin/spot (syslogtunnel,48528,3192,00:00:00/17-11:43:12,1371) (sd-pam) (checkmk,48528,3192,00:00:00/17-11:43:12,1372) (sd-pam) (cm-ssh,48528,3192,00:00:00/17-11:43:12,1373) (sd-pam) (root,24216,5268,00:00:06/17-11:43:10,1468) /usr/lib/postfix/bin//master -w (postfix,24292,8244,00:00:01/17-11:43:10,1470) qmgr -l -t fifo -u (root,8964,2656,00:00:02/17-11:43:10,1485) /usr/sbin/cron -n (root,35304,10076,00:00:00/17-11:43:07,1516) sshd: syslogtunnel [priv] (syslogtunnel,35304,5504,00:01:01/17-11:43:06,1527) sshd: syslogtunnel (root,618256,71112,00:23:54/17-11:43:04,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,214464,51668,00:10:00/17-11:42:52,1995) /usr/bin/python3.11 /usr/bin/spot (root,0,0,00:00:00/10:21,1998) [kworker/1:0-cgroup_destroy] (postfix,44628,9336,00:00:00/11-17:18:27,2557) tlsmgr -l -t unix -u (root,0,0,00:00:00/29:55,2865) [kworker/0:0-events] (root,35308,10108,00:00:00/17-11:42:27,3216) sshd: cm-ssh [priv] (cm-ssh,35308,5492,00:00:57/17-11:42:27,3218) sshd: cm-ssh (root,0,0,00:00:00/24:05,7010) [kworker/1:1-events] (root,0,0,00:00:00/08:55,8608) [kworker/3:2-ata_sff] (root,6656,3488,00:00:00/00:00,11847) /bin/bash /usr/bin/check_mk_agent (root,13744,3488,00:00:00/00:00,11865) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,11866) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:00/15:16,12959) [kworker/2:2] (root,0,0,00:00:00/54:03,14908) [kworker/u8:1-ext4-rsv-conversion] (root,0,0,00:00:00/02:07:06,15458) [kworker/0:1-events] (postfix,24244,8324,00:00:00/01:09:36,18468) pickup -l -t fifo -u (root,0,0,00:00:01/02:04:57,19474) [kworker/2:0-events] (root,0,0,00:00:00/32:35,23140) [kworker/u8:0-writeback] (root,0,0,00:00:00/19:18,25716) [kworker/3:0-ata_sff] (root,0,0,00:00:00/04:02,26584) [kworker/1:2] (root,0,0,00:00:00/03:42,27288) [kworker/3:1-events] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-09-27 22:33 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe56836343b7c0b7Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189452,12680,00:00:23/15-09:44:15,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/15-09:44:15,2) [kthreadd] (root,0,0,00:00:00/15-09:44:15,3) [rcu_gp] (root,0,0,00:00:00/15-09:44:15,4) [rcu_par_gp] (root,0,0,00:00:00/15-09:44:15,5) [slub_flushwq] (root,0,0,00:00:00/15-09:44:15,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/15-09:44:15,9) [mm_percpu_wq] (root,0,0,00:00:00/15-09:44:15,10) [rcu_tasks_kthre] (root,0,0,00:00:00/15-09:44:15,11) [rcu_tasks_rude_] (root,0,0,00:00:00/15-09:44:15,12) [rcu_tasks_trace] (root,0,0,00:00:27/15-09:44:15,13) [ksoftirqd/0] (root,0,0,00:43:06/15-09:44:15,14) [rcu_preempt] (root,0,0,00:00:05/15-09:44:15,15) [migration/0] (root,0,0,00:00:00/15-09:44:15,16) [idle_inject/0] (root,0,0,00:00:00/15-09:44:15,18) [cpuhp/0] (root,0,0,00:00:00/15-09:44:15,19) [cpuhp/1] (root,0,0,00:00:00/15-09:44:15,20) [idle_inject/1] (root,0,0,00:00:05/15-09:44:15,21) [migration/1] (root,0,0,00:00:23/15-09:44:15,22) [ksoftirqd/1] (root,0,0,00:00:00/15-09:44:15,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/15-09:44:15,25) [cpuhp/2] (root,0,0,00:00:00/15-09:44:15,26) [idle_inject/2] (root,0,0,00:00:04/15-09:44:15,27) [migration/2] (root,0,0,00:27:59/15-09:44:15,28) [ksoftirqd/2] (root,0,0,00:00:00/15-09:44:15,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/15-09:44:15,31) [cpuhp/3] (root,0,0,00:00:00/15-09:44:15,32) [idle_inject/3] (root,0,0,00:00:05/15-09:44:15,33) [migration/3] (root,0,0,00:01:23/15-09:44:15,34) [ksoftirqd/3] (root,0,0,00:00:00/15-09:44:15,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/15-09:44:15,40) [kdevtmpfs] (root,0,0,00:00:00/15-09:44:15,41) [netns] (root,0,0,00:00:00/15-09:44:15,42) [inet_frag_wq] (root,0,0,00:00:01/15-09:44:15,43) [kauditd] (root,0,0,00:00:00/15-09:44:15,44) [khungtaskd] (root,0,0,00:00:00/15-09:44:15,45) [oom_reaper] (root,0,0,00:00:00/15-09:44:15,46) [writeback] (root,0,0,00:00:47/15-09:44:15,47) [kcompactd0] (root,0,0,00:00:00/15-09:44:15,48) [ksmd] (root,0,0,00:00:49/15-09:44:15,49) [khugepaged] (root,0,0,00:00:00/15-09:44:15,75) [kintegrityd] (root,0,0,00:00:00/15-09:44:15,76) [kblockd] (root,0,0,00:00:00/15-09:44:15,77) [blkcg_punt_bio] (root,0,0,00:00:00/15-09:44:15,79) [tpm_dev_wq] (root,0,0,00:00:00/15-09:44:15,80) [edac-poller] (root,0,0,00:00:00/15-09:44:15,81) [devfreq_wq] (root,0,0,00:00:00/15-09:44:15,110) [watchdogd] (root,0,0,00:00:01/15-09:44:15,111) [kswapd0] (root,0,0,00:00:04/15-09:44:15,113) [kworker/2:1H-kblockd] (root,0,0,00:00:00/15-09:44:13,115) [kthrotld] (root,0,0,00:00:00/15-09:44:13,116) [mld] (root,0,0,00:00:00/15-09:44:13,117) [ipv6_addrconf] (root,0,0,00:00:04/15-09:44:13,118) [kworker/0:1H-kblockd] (root,0,0,00:00:00/15-09:44:13,123) [kstrp] (root,0,0,00:00:00/15-09:44:13,124) [zswap-shrink] (root,0,0,00:00:00/15-09:44:13,125) [kworker/u9:0] (root,0,0,00:00:00/15-09:44:13,130) [charger_manager] (root,0,0,00:00:04/15-09:44:13,172) [kworker/1:1H-kblockd] (root,0,0,00:00:06/15-09:44:13,177) [kworker/3:1H-kblockd] (root,0,0,00:00:00/15-09:44:12,239) [kaluad] (root,0,0,00:00:00/15-09:44:12,258) [kmpath_rdacd] (root,0,0,00:00:00/15-09:44:12,304) [kmpathd] (root,0,0,00:00:00/15-09:44:12,305) [kmpath_handlerd] (root,0,0,00:00:00/15-09:44:11,342) [ata_sff] (root,0,0,00:00:00/15-09:44:11,343) [scsi_eh_0] (root,0,0,00:00:00/15-09:44:11,344) [scsi_tmf_0] (root,0,0,00:00:00/15-09:44:11,345) [scsi_eh_1] (root,0,0,00:00:00/15-09:44:11,346) [scsi_tmf_1] (root,0,0,00:00:29/15-09:44:08,366) [jbd2/vda1-8] (root,0,0,00:00:00/15-09:44:08,367) [ext4-rsv-conver] (root,38604,7616,00:00:13/15-09:43:56,440) /usr/lib/systemd/systemd-journald (root,53296,9748,00:00:01/15-09:43:55,454) /usr/lib/systemd/systemd-udevd (root,8624,6244,00:00:23/15-09:43:53,492) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1652,00:00:04/15-09:43:22,511) /sbin/auditd (messagebus,22932,5912,00:00:18/15-09:43:21,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8388,00:00:11/15-09:43:21,530) /usr/lib/systemd/systemd-logind (root,20556,6040,00:00:00/15-09:43:21,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31704,17436,00:00:03/15-09:43:19,611) /usr/sbin/wickedd --systemd --foreground (root,31900,18000,00:00:00/15-09:43:19,616) /usr/sbin/wickedd-nanny --systemd --foreground (root,547848,26432,00:00:18/15-09:43:05,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26660,00:00:00/15-09:43:05,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4536,00:01:35/15-09:43:05,1337) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1856,00:00:00/15-09:43:05,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40564,10520,00:00:00/15-09:43:05,1341) /usr/lib/systemd/systemd --user (cm-ssh,40560,10652,00:00:00/15-09:43:05,1342) /usr/lib/systemd/systemd --user (checkmk,40568,10560,00:00:00/15-09:43:05,1343) /usr/lib/systemd/systemd --user (root,448964,8856,00:00:14/15-09:43:05,1345) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6340,00:02:10/15-09:43:05,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,656,00:00:00/15-09:43:05,1352) bpfilter_umh (root,26204,8212,00:00:03/15-09:43:05,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4368,00:00:00/15-09:43:05,1359) ntpd: asynchronous dns resolver (spot,314252,199600,22:08:18/15-09:43:04,1368) /usr/bin/python3.11 /usr/bin/spot (syslogtunnel,48528,3192,00:00:00/15-09:43:04,1371) (sd-pam) (checkmk,48528,3192,00:00:00/15-09:43:04,1372) (sd-pam) (cm-ssh,48528,3192,00:00:00/15-09:43:04,1373) (sd-pam) (root,24216,5268,00:00:05/15-09:43:02,1468) /usr/lib/postfix/bin//master -w (postfix,24292,8244,00:00:01/15-09:43:02,1470) qmgr -l -t fifo -u (root,8964,2656,00:00:02/15-09:43:02,1485) /usr/sbin/cron -n (root,35304,10076,00:00:00/15-09:42:59,1516) sshd: syslogtunnel [priv] (syslogtunnel,35304,5504,00:00:52/15-09:42:58,1527) sshd: syslogtunnel (root,617868,70916,00:20:52/15-09:42:56,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,212416,49856,00:08:39/15-09:42:44,1995) /usr/bin/python3.11 /usr/bin/spot (postfix,44628,9336,00:00:00/9-15:18:19,2557) tlsmgr -l -t unix -u (root,0,0,00:00:00/00:29,2634) [kworker/3:0-ata_sff] (root,0,0,00:00:00/02:07:52,2845) [kworker/0:2-events] (root,35308,10108,00:00:00/15-09:42:19,3216) sshd: cm-ssh [priv] (cm-ssh,35308,5492,00:00:49/15-09:42:19,3218) sshd: cm-ssh (root,0,0,00:00:00/21:15,3282) [kworker/3:1-events] (root,6656,3488,00:00:00/00:00,5652) /bin/bash /usr/bin/check_mk_agent (root,13744,3508,00:00:00/00:00,5670) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,5671) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:00/01:42:58,6932) [kworker/2:2-events] (root,0,0,00:00:00/40:44,9389) [kworker/1:1] (root,0,0,00:00:00/32:25,13705) [kworker/u8:2-writeback] (root,0,0,00:00:00/05:40,19187) [kworker/3:2-ata_sff] (postfix,24244,8280,00:00:00/01:11:21,20164) pickup -l -t fifo -u (root,0,0,00:00:00/05:51:22,21313) [kworker/0:0-events] (root,0,0,00:00:00/04:09,22233) [kworker/u8:1-ext4-rsv-conversion] (root,0,0,00:00:01/05:26:32,24128) [kworker/1:2-events] (root,0,0,00:00:00/02:32:41,29013) [kworker/2:0-events] (root,0,0,00:00:00/04:35:34,31205) [kworker/u8:0-ext4-rsv-conversion] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-09-25 20:32 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe5683635ef7b7a2Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189452,12680,00:00:20/13-11:18:35,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/13-11:18:35,2) [kthreadd] (root,0,0,00:00:00/13-11:18:35,3) [rcu_gp] (root,0,0,00:00:00/13-11:18:35,4) [rcu_par_gp] (root,0,0,00:00:00/13-11:18:35,5) [slub_flushwq] (root,0,0,00:00:00/13-11:18:35,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/13-11:18:35,9) [mm_percpu_wq] (root,0,0,00:00:00/13-11:18:35,10) [rcu_tasks_kthre] (root,0,0,00:00:00/13-11:18:35,11) [rcu_tasks_rude_] (root,0,0,00:00:00/13-11:18:35,12) [rcu_tasks_trace] (root,0,0,00:00:23/13-11:18:35,13) [ksoftirqd/0] (root,0,0,00:37:02/13-11:18:35,14) [rcu_preempt] (root,0,0,00:00:05/13-11:18:35,15) [migration/0] (root,0,0,00:00:00/13-11:18:35,16) [idle_inject/0] (root,0,0,00:00:00/13-11:18:35,18) [cpuhp/0] (root,0,0,00:00:00/13-11:18:35,19) [cpuhp/1] (root,0,0,00:00:00/13-11:18:35,20) [idle_inject/1] (root,0,0,00:00:05/13-11:18:35,21) [migration/1] (root,0,0,00:00:19/13-11:18:35,22) [ksoftirqd/1] (root,0,0,00:00:00/13-11:18:35,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/13-11:18:35,25) [cpuhp/2] (root,0,0,00:00:00/13-11:18:35,26) [idle_inject/2] (root,0,0,00:00:03/13-11:18:35,27) [migration/2] (root,0,0,00:24:20/13-11:18:35,28) [ksoftirqd/2] (root,0,0,00:00:00/13-11:18:35,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/13-11:18:35,31) [cpuhp/3] (root,0,0,00:00:00/13-11:18:35,32) [idle_inject/3] (root,0,0,00:00:04/13-11:18:35,33) [migration/3] (root,0,0,00:01:10/13-11:18:35,34) [ksoftirqd/3] (root,0,0,00:00:00/13-11:18:35,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/13-11:18:35,40) [kdevtmpfs] (root,0,0,00:00:00/13-11:18:35,41) [netns] (root,0,0,00:00:00/13-11:18:35,42) [inet_frag_wq] (root,0,0,00:00:01/13-11:18:35,43) [kauditd] (root,0,0,00:00:00/13-11:18:35,44) [khungtaskd] (root,0,0,00:00:00/13-11:18:35,45) [oom_reaper] (root,0,0,00:00:00/13-11:18:35,46) [writeback] (root,0,0,00:00:41/13-11:18:35,47) [kcompactd0] (root,0,0,00:00:00/13-11:18:35,48) [ksmd] (root,0,0,00:00:43/13-11:18:35,49) [khugepaged] (root,0,0,00:00:00/13-11:18:35,75) [kintegrityd] (root,0,0,00:00:00/13-11:18:35,76) [kblockd] (root,0,0,00:00:00/13-11:18:35,77) [blkcg_punt_bio] (root,0,0,00:00:00/13-11:18:35,79) [tpm_dev_wq] (root,0,0,00:00:00/13-11:18:35,80) [edac-poller] (root,0,0,00:00:00/13-11:18:35,81) [devfreq_wq] (root,0,0,00:00:00/13-11:18:35,110) [watchdogd] (root,0,0,00:00:01/13-11:18:35,111) [kswapd0] (root,0,0,00:00:03/13-11:18:35,113) [kworker/2:1H-kblockd] (root,0,0,00:00:00/13-11:18:33,115) [kthrotld] (root,0,0,00:00:00/13-11:18:33,116) [mld] (root,0,0,00:00:00/13-11:18:33,117) [ipv6_addrconf] (root,0,0,00:00:03/13-11:18:33,118) [kworker/0:1H-kblockd] (root,0,0,00:00:00/13-11:18:33,123) [kstrp] (root,0,0,00:00:00/13-11:18:33,124) [zswap-shrink] (root,0,0,00:00:00/13-11:18:33,125) [kworker/u9:0] (root,0,0,00:00:00/13-11:18:33,130) [charger_manager] (root,0,0,00:00:03/13-11:18:33,172) [kworker/1:1H-kblockd] (root,0,0,00:00:05/13-11:18:33,177) [kworker/3:1H-kblockd] (root,0,0,00:00:00/13-11:18:32,239) [kaluad] (root,0,0,00:00:00/13-11:18:32,258) [kmpath_rdacd] (root,0,0,00:00:00/13-11:18:32,304) [kmpathd] (root,0,0,00:00:00/13-11:18:32,305) [kmpath_handlerd] (root,0,0,00:00:00/13-11:18:31,342) [ata_sff] (root,0,0,00:00:00/13-11:18:31,343) [scsi_eh_0] (root,0,0,00:00:00/13-11:18:31,344) [scsi_tmf_0] (root,0,0,00:00:00/13-11:18:31,345) [scsi_eh_1] (root,0,0,00:00:00/13-11:18:31,346) [scsi_tmf_1] (root,0,0,00:00:25/13-11:18:28,366) [jbd2/vda1-8] (root,0,0,00:00:00/13-11:18:28,367) [ext4-rsv-conver] (root,38604,7616,00:00:12/13-11:18:16,440) /usr/lib/systemd/systemd-journald (root,53296,9748,00:00:01/13-11:18:15,454) /usr/lib/systemd/systemd-udevd (root,8624,6244,00:00:20/13-11:18:13,492) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1652,00:00:03/13-11:17:42,511) /sbin/auditd (messagebus,22932,5912,00:00:16/13-11:17:41,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8388,00:00:10/13-11:17:41,530) /usr/lib/systemd/systemd-logind (root,20556,6040,00:00:00/13-11:17:41,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31704,17436,00:00:03/13-11:17:39,611) /usr/sbin/wickedd --systemd --foreground (root,31900,18000,00:00:00/13-11:17:39,616) /usr/sbin/wickedd-nanny --systemd --foreground (root,547848,26172,00:00:15/13-11:17:25,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26660,00:00:00/13-11:17:25,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4536,00:01:23/13-11:17:25,1337) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1856,00:00:00/13-11:17:25,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40564,10520,00:00:00/13-11:17:25,1341) /usr/lib/systemd/systemd --user (cm-ssh,40560,10652,00:00:00/13-11:17:25,1342) /usr/lib/systemd/systemd --user (checkmk,40568,10560,00:00:00/13-11:17:25,1343) /usr/lib/systemd/systemd --user (root,448964,8856,00:00:13/13-11:17:25,1345) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6340,00:01:53/13-11:17:25,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,656,00:00:00/13-11:17:25,1352) bpfilter_umh (root,26204,8212,00:00:02/13-11:17:25,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4368,00:00:00/13-11:17:25,1359) ntpd: asynchronous dns resolver (spot,305980,189864,18:32:20/13-11:17:24,1368) /usr/bin/python3.11 /usr/bin/spot (syslogtunnel,48528,3192,00:00:00/13-11:17:24,1371) (sd-pam) (checkmk,48528,3192,00:00:00/13-11:17:24,1372) (sd-pam) (cm-ssh,48528,3192,00:00:00/13-11:17:24,1373) (sd-pam) (root,24216,5268,00:00:04/13-11:17:22,1468) /usr/lib/postfix/bin//master -w (postfix,24292,8244,00:00:00/13-11:17:22,1470) qmgr -l -t fifo -u (root,8964,2656,00:00:01/13-11:17:22,1485) /usr/sbin/cron -n (root,35304,10076,00:00:00/13-11:17:19,1516) sshd: syslogtunnel [priv] (syslogtunnel,35304,5504,00:00:45/13-11:17:18,1527) sshd: syslogtunnel (root,617868,70668,00:18:08/13-11:17:16,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,212416,48308,00:07:27/13-11:17:04,1995) /usr/bin/python3.11 /usr/bin/spot (postfix,44628,9336,00:00:00/7-16:52:39,2557) tlsmgr -l -t unix -u (root,35308,10108,00:00:00/13-11:16:39,3216) sshd: cm-ssh [priv] (cm-ssh,35308,5492,00:00:43/13-11:16:39,3218) sshd: cm-ssh (root,0,0,00:00:00/00:55,3649) [kworker/3:2-ata_sff] (root,0,0,00:00:00/00:17,5639) [kworker/2:2-cgroup_destroy] (root,6656,3480,00:00:00/00:00,6757) /bin/bash /usr/bin/check_mk_agent (root,13744,3368,00:00:00/00:00,6775) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,6776) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (postfix,24244,8192,00:00:00/01:27:35,11458) pickup -l -t fifo -u (root,0,0,00:00:00/24:50,14919) [kworker/1:0-events] (root,0,0,00:00:00/01:13:28,16390) [kworker/u8:1-ext4-rsv-conversion] (root,0,0,00:00:00/06:08,17181) [kworker/3:1-ata_sff] (root,0,0,00:00:00/12:41,21914) [kworker/1:1-cgroup_destroy] (root,0,0,00:00:00/01:01:49,25621) [kworker/2:0-events] (root,0,0,00:00:00/06:45:48,26936) [kworker/2:1-events] (root,0,0,00:00:00/11:18,27887) [kworker/3:0-events] (root,0,0,00:00:01/06:21:22,29222) [kworker/0:0-events] (root,0,0,00:00:00/05:55:14,30927) [kworker/u8:0-flush-253:0] (root,0,0,00:00:00/49:30,31978) [kworker/0:1-events] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-09-23 22:07 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363ec278cc1Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189452,12680,00:00:18/11-11:54:33,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/11-11:54:33,2) [kthreadd] (root,0,0,00:00:00/11-11:54:33,3) [rcu_gp] (root,0,0,00:00:00/11-11:54:33,4) [rcu_par_gp] (root,0,0,00:00:00/11-11:54:33,5) [slub_flushwq] (root,0,0,00:00:00/11-11:54:33,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/11-11:54:33,9) [mm_percpu_wq] (root,0,0,00:00:00/11-11:54:33,10) [rcu_tasks_kthre] (root,0,0,00:00:00/11-11:54:33,11) [rcu_tasks_rude_] (root,0,0,00:00:00/11-11:54:33,12) [rcu_tasks_trace] (root,0,0,00:00:20/11-11:54:33,13) [ksoftirqd/0] (root,0,0,00:31:35/11-11:54:33,14) [rcu_preempt] (root,0,0,00:00:04/11-11:54:33,15) [migration/0] (root,0,0,00:00:00/11-11:54:33,16) [idle_inject/0] (root,0,0,00:00:00/11-11:54:33,18) [cpuhp/0] (root,0,0,00:00:00/11-11:54:33,19) [cpuhp/1] (root,0,0,00:00:00/11-11:54:33,20) [idle_inject/1] (root,0,0,00:00:04/11-11:54:33,21) [migration/1] (root,0,0,00:00:16/11-11:54:33,22) [ksoftirqd/1] (root,0,0,00:00:00/11-11:54:33,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/11-11:54:33,25) [cpuhp/2] (root,0,0,00:00:00/11-11:54:33,26) [idle_inject/2] (root,0,0,00:00:03/11-11:54:33,27) [migration/2] (root,0,0,00:21:02/11-11:54:33,28) [ksoftirqd/2] (root,0,0,00:00:00/11-11:54:33,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/11-11:54:33,31) [cpuhp/3] (root,0,0,00:00:00/11-11:54:33,32) [idle_inject/3] (root,0,0,00:00:04/11-11:54:33,33) [migration/3] (root,0,0,00:01:00/11-11:54:33,34) [ksoftirqd/3] (root,0,0,00:00:00/11-11:54:33,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/11-11:54:33,40) [kdevtmpfs] (root,0,0,00:00:00/11-11:54:33,41) [netns] (root,0,0,00:00:00/11-11:54:33,42) [inet_frag_wq] (root,0,0,00:00:01/11-11:54:33,43) [kauditd] (root,0,0,00:00:00/11-11:54:33,44) [khungtaskd] (root,0,0,00:00:00/11-11:54:33,45) [oom_reaper] (root,0,0,00:00:00/11-11:54:33,46) [writeback] (root,0,0,00:00:34/11-11:54:33,47) [kcompactd0] (root,0,0,00:00:00/11-11:54:33,48) [ksmd] (root,0,0,00:00:37/11-11:54:33,49) [khugepaged] (root,0,0,00:00:00/11-11:54:33,75) [kintegrityd] (root,0,0,00:00:00/11-11:54:33,76) [kblockd] (root,0,0,00:00:00/11-11:54:33,77) [blkcg_punt_bio] (root,0,0,00:00:00/11-11:54:33,79) [tpm_dev_wq] (root,0,0,00:00:00/11-11:54:33,80) [edac-poller] (root,0,0,00:00:00/11-11:54:33,81) [devfreq_wq] (root,0,0,00:00:00/11-11:54:33,110) [watchdogd] (root,0,0,00:00:00/11-11:54:33,111) [kswapd0] (root,0,0,00:00:02/11-11:54:33,113) [kworker/2:1H-kblockd] (root,0,0,00:00:00/11-11:54:31,115) [kthrotld] (root,0,0,00:00:00/11-11:54:31,116) [mld] (root,0,0,00:00:00/11-11:54:31,117) [ipv6_addrconf] (root,0,0,00:00:03/11-11:54:31,118) [kworker/0:1H-kblockd] (root,0,0,00:00:00/11-11:54:31,123) [kstrp] (root,0,0,00:00:00/11-11:54:31,124) [zswap-shrink] (root,0,0,00:00:00/11-11:54:31,125) [kworker/u9:0] (root,0,0,00:00:00/11-11:54:31,130) [charger_manager] (root,0,0,00:00:03/11-11:54:31,172) [kworker/1:1H-kblockd] (root,0,0,00:00:05/11-11:54:31,177) [kworker/3:1H-kblockd] (root,0,0,00:00:00/11-11:54:30,239) [kaluad] (root,0,0,00:00:00/11-11:54:30,258) [kmpath_rdacd] (root,0,0,00:00:00/11-11:54:30,304) [kmpathd] (root,0,0,00:00:00/11-11:54:30,305) [kmpath_handlerd] (root,0,0,00:00:00/11-11:54:29,342) [ata_sff] (root,0,0,00:00:00/11-11:54:29,343) [scsi_eh_0] (root,0,0,00:00:00/11-11:54:29,344) [scsi_tmf_0] (root,0,0,00:00:00/11-11:54:29,345) [scsi_eh_1] (root,0,0,00:00:00/11-11:54:29,346) [scsi_tmf_1] (root,0,0,00:00:21/11-11:54:26,366) [jbd2/vda1-8] (root,0,0,00:00:00/11-11:54:26,367) [ext4-rsv-conver] (root,38604,7616,00:00:10/11-11:54:14,440) /usr/lib/systemd/systemd-journald (root,53296,9772,00:00:01/11-11:54:13,454) /usr/lib/systemd/systemd-udevd (root,8624,6244,00:00:17/11-11:54:11,492) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1652,00:00:03/11-11:53:40,511) /sbin/auditd (messagebus,22932,5912,00:00:14/11-11:53:39,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8380,00:00:08/11-11:53:39,530) /usr/lib/systemd/systemd-logind (root,20556,6040,00:00:00/11-11:53:39,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31704,17436,00:00:03/11-11:53:37,611) /usr/sbin/wickedd --systemd --foreground (root,31900,18000,00:00:00/11-11:53:37,616) /usr/sbin/wickedd-nanny --systemd --foreground (root,547592,25104,00:00:13/11-11:53:23,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26660,00:00:00/11-11:53:23,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4536,00:01:11/11-11:53:23,1337) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1856,00:00:00/11-11:53:23,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40564,10520,00:00:00/11-11:53:23,1341) /usr/lib/systemd/systemd --user (cm-ssh,40560,10652,00:00:00/11-11:53:23,1342) /usr/lib/systemd/systemd --user (checkmk,40568,10560,00:00:00/11-11:53:23,1343) /usr/lib/systemd/systemd --user (root,448964,8880,00:00:11/11-11:53:23,1345) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6340,00:01:37/11-11:53:23,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,656,00:00:00/11-11:53:23,1352) bpfilter_umh (root,26204,8212,00:00:02/11-11:53:23,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4368,00:00:00/11-11:53:23,1359) ntpd: asynchronous dns resolver (spot,293372,179204,15:28:07/11-11:53:22,1368) /usr/bin/python3.11 /usr/bin/spot (syslogtunnel,48528,3192,00:00:00/11-11:53:22,1371) (sd-pam) (checkmk,48528,3192,00:00:00/11-11:53:22,1372) (sd-pam) (cm-ssh,48528,3192,00:00:00/11-11:53:22,1373) (sd-pam) (root,24216,5268,00:00:03/11-11:53:20,1468) /usr/lib/postfix/bin//master -w (postfix,24292,8244,00:00:00/11-11:53:20,1470) qmgr -l -t fifo -u (root,8964,2656,00:00:01/11-11:53:20,1485) /usr/sbin/cron -n (root,35304,10076,00:00:00/11-11:53:17,1516) sshd: syslogtunnel [priv] (syslogtunnel,35304,5504,00:00:39/11-11:53:16,1527) sshd: syslogtunnel (root,617612,72248,00:15:28/11-11:53:14,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,210368,47020,00:06:17/11-11:53:02,1995) /usr/bin/python3.11 /usr/bin/spot (postfix,44628,9380,00:00:00/5-17:28:37,2557) tlsmgr -l -t unix -u (root,35308,10108,00:00:00/11-11:52:37,3216) sshd: cm-ssh [priv] (cm-ssh,35308,5492,00:00:36/11-11:52:37,3218) sshd: cm-ssh (root,0,0,00:00:00/26:32,4699) [kworker/3:2-ata_sff] (root,0,0,00:00:03/22:03:06,7785) [kworker/2:1-events] (root,0,0,00:00:00/05:48,8992) [kworker/3:0-events] (root,0,0,00:00:00/02:15:55,12699) [kworker/u8:0-ext4-rsv-conversion] (postfix,24244,8224,00:00:00/44:24,13066) pickup -l -t fifo -u (root,0,0,00:00:00/04:51:40,19628) [kworker/0:1-events] (root,0,0,00:00:00/04:27:13,20763) [kworker/1:0-events] (root,0,0,00:00:00/12:44,24598) [kworker/u8:1-flush-253:0] (root,0,0,00:00:00/03:51:16,24825) [kworker/2:0-cgroup_destroy] (root,0,0,00:00:01/03:26:56,28099) [kworker/1:2-events] (root,0,0,00:00:00/00:36,28318) [kworker/3:1-ata_sff] (root,0,0,00:00:01/03:02:47,29792) [kworker/0:0-events] (root,6656,3484,00:00:00/00:00,30057) /bin/bash /usr/bin/check_mk_agent (root,13744,3456,00:00:00/00:00,30075) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,30076) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-09-21 22:43 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe5683631514c4daFound public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189452,12636,00:00:15/9-12:18:52,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/9-12:18:52,2) [kthreadd] (root,0,0,00:00:00/9-12:18:52,3) [rcu_gp] (root,0,0,00:00:00/9-12:18:52,4) [rcu_par_gp] (root,0,0,00:00:00/9-12:18:52,5) [slub_flushwq] (root,0,0,00:00:00/9-12:18:52,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/9-12:18:52,9) [mm_percpu_wq] (root,0,0,00:00:00/9-12:18:52,10) [rcu_tasks_kthre] (root,0,0,00:00:00/9-12:18:52,11) [rcu_tasks_rude_] (root,0,0,00:00:00/9-12:18:52,12) [rcu_tasks_trace] (root,0,0,00:00:17/9-12:18:52,13) [ksoftirqd/0] (root,0,0,00:25:51/9-12:18:52,14) [rcu_preempt] (root,0,0,00:00:03/9-12:18:52,15) [migration/0] (root,0,0,00:00:00/9-12:18:52,16) [idle_inject/0] (root,0,0,00:00:00/9-12:18:52,18) [cpuhp/0] (root,0,0,00:00:00/9-12:18:52,19) [cpuhp/1] (root,0,0,00:00:00/9-12:18:52,20) [idle_inject/1] (root,0,0,00:00:03/9-12:18:52,21) [migration/1] (root,0,0,00:00:14/9-12:18:52,22) [ksoftirqd/1] (root,0,0,00:00:00/9-12:18:52,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/9-12:18:52,25) [cpuhp/2] (root,0,0,00:00:00/9-12:18:52,26) [idle_inject/2] (root,0,0,00:00:02/9-12:18:52,27) [migration/2] (root,0,0,00:17:29/9-12:18:52,28) [ksoftirqd/2] (root,0,0,00:00:00/9-12:18:52,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/9-12:18:52,31) [cpuhp/3] (root,0,0,00:00:00/9-12:18:52,32) [idle_inject/3] (root,0,0,00:00:03/9-12:18:52,33) [migration/3] (root,0,0,00:00:49/9-12:18:52,34) [ksoftirqd/3] (root,0,0,00:00:00/9-12:18:52,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/9-12:18:52,40) [kdevtmpfs] (root,0,0,00:00:00/9-12:18:52,41) [netns] (root,0,0,00:00:00/9-12:18:52,42) [inet_frag_wq] (root,0,0,00:00:01/9-12:18:52,43) [kauditd] (root,0,0,00:00:00/9-12:18:52,44) [khungtaskd] (root,0,0,00:00:00/9-12:18:52,45) [oom_reaper] (root,0,0,00:00:00/9-12:18:52,46) [writeback] (root,0,0,00:00:28/9-12:18:52,47) [kcompactd0] (root,0,0,00:00:00/9-12:18:52,48) [ksmd] (root,0,0,00:00:31/9-12:18:52,49) [khugepaged] (root,0,0,00:00:00/9-12:18:52,75) [kintegrityd] (root,0,0,00:00:00/9-12:18:52,76) [kblockd] (root,0,0,00:00:00/9-12:18:52,77) [blkcg_punt_bio] (root,0,0,00:00:00/9-12:18:52,79) [tpm_dev_wq] (root,0,0,00:00:00/9-12:18:52,80) [edac-poller] (root,0,0,00:00:00/9-12:18:52,81) [devfreq_wq] (root,0,0,00:00:00/9-12:18:52,110) [watchdogd] (root,0,0,00:00:00/9-12:18:52,111) [kswapd0] (root,0,0,00:00:02/9-12:18:52,113) [kworker/2:1H-kblockd] (root,0,0,00:00:00/9-12:18:50,115) [kthrotld] (root,0,0,00:00:00/9-12:18:50,116) [mld] (root,0,0,00:00:00/9-12:18:50,117) [ipv6_addrconf] (root,0,0,00:00:02/9-12:18:50,118) [kworker/0:1H-kblockd] (root,0,0,00:00:00/9-12:18:50,123) [kstrp] (root,0,0,00:00:00/9-12:18:50,124) [zswap-shrink] (root,0,0,00:00:00/9-12:18:50,125) [kworker/u9:0] (root,0,0,00:00:00/9-12:18:50,130) [charger_manager] (root,0,0,00:00:02/9-12:18:50,172) [kworker/1:1H-kblockd] (root,0,0,00:00:04/9-12:18:50,177) [kworker/3:1H-kblockd] (root,0,0,00:00:00/9-12:18:49,239) [kaluad] (root,0,0,00:00:00/9-12:18:49,258) [kmpath_rdacd] (root,0,0,00:00:00/9-12:18:49,304) [kmpathd] (root,0,0,00:00:00/9-12:18:49,305) [kmpath_handlerd] (root,0,0,00:00:00/9-12:18:48,342) [ata_sff] (root,0,0,00:00:00/9-12:18:48,343) [scsi_eh_0] (root,0,0,00:00:00/9-12:18:48,344) [scsi_tmf_0] (root,0,0,00:00:00/9-12:18:48,345) [scsi_eh_1] (root,0,0,00:00:00/9-12:18:48,346) [scsi_tmf_1] (root,0,0,00:00:17/9-12:18:45,366) [jbd2/vda1-8] (root,0,0,00:00:00/9-12:18:45,367) [ext4-rsv-conver] (root,38604,7616,00:00:08/9-12:18:33,440) /usr/lib/systemd/systemd-journald (root,53296,9772,00:00:01/9-12:18:32,454) /usr/lib/systemd/systemd-udevd (root,8624,6244,00:00:14/9-12:18:30,492) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1652,00:00:02/9-12:17:59,511) /sbin/auditd (messagebus,22932,5912,00:00:12/9-12:17:58,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8368,00:00:07/9-12:17:58,530) /usr/lib/systemd/systemd-logind (root,20556,6040,00:00:00/9-12:17:58,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31704,17436,00:00:03/9-12:17:56,611) /usr/sbin/wickedd --systemd --foreground (root,31900,18000,00:00:00/9-12:17:56,616) /usr/sbin/wickedd-nanny --systemd --foreground (root,0,0,00:00:00/32:03,1190) [kworker/u8:1-flush-253:0] (root,547592,24840,00:00:10/9-12:17:42,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26660,00:00:00/9-12:17:42,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4536,00:01:02/9-12:17:42,1337) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1856,00:00:00/9-12:17:42,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40564,10520,00:00:00/9-12:17:42,1341) /usr/lib/systemd/systemd --user (cm-ssh,40560,10652,00:00:00/9-12:17:42,1342) /usr/lib/systemd/systemd --user (checkmk,40568,10560,00:00:00/9-12:17:42,1343) /usr/lib/systemd/systemd --user (root,448964,8880,00:00:09/9-12:17:42,1345) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6340,00:01:20/9-12:17:42,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,656,00:00:00/9-12:17:42,1352) bpfilter_umh (root,26204,8212,00:00:01/9-12:17:42,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4368,00:00:00/9-12:17:42,1359) ntpd: asynchronous dns resolver (spot,293152,179972,12:21:22/9-12:17:41,1368) /usr/bin/python3.11 /usr/bin/spot (syslogtunnel,48528,3192,00:00:00/9-12:17:41,1371) (sd-pam) (checkmk,48528,3192,00:00:00/9-12:17:41,1372) (sd-pam) (cm-ssh,48528,3192,00:00:00/9-12:17:41,1373) (sd-pam) (root,24216,5268,00:00:03/9-12:17:39,1468) /usr/lib/postfix/bin//master -w (postfix,24292,8244,00:00:00/9-12:17:39,1470) qmgr -l -t fifo -u (root,8964,2656,00:00:01/9-12:17:39,1485) /usr/sbin/cron -n (root,35304,10076,00:00:00/9-12:17:36,1516) sshd: syslogtunnel [priv] (syslogtunnel,35304,5504,00:00:32/9-12:17:35,1527) sshd: syslogtunnel (root,617356,69960,00:12:44/9-12:17:33,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,209344,45996,00:05:08/9-12:17:21,1995) /usr/bin/python3.11 /usr/bin/spot (postfix,44628,9380,00:00:00/3-17:52:56,2557) tlsmgr -l -t unix -u (root,35308,10108,00:00:00/9-12:16:56,3216) sshd: cm-ssh [priv] (cm-ssh,35308,5492,00:00:30/9-12:16:56,3218) sshd: cm-ssh (root,0,0,00:00:00/01:08:05,4425) [kworker/2:2-events] (root,0,0,00:00:00/02:10:11,9613) [kworker/1:0-events] (root,0,0,00:00:00/03:11:26,11212) [kworker/2:0-cgroup_destroy] (root,0,0,00:00:01/01:16:17,12819) [kworker/3:1-events] (root,6656,3512,00:00:00/00:00,14030) /bin/bash /usr/bin/check_mk_agent (root,13744,3532,00:00:00/00:00,14048) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,14049) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:00/04:37:02,14915) [kworker/u8:2-ext4-rsv-conversion] (root,0,0,00:00:01/04:23:29,15893) [kworker/0:0-events] (postfix,24244,8268,00:00:00/01:30:31,17707) pickup -l -t fifo -u (root,0,0,00:00:00/08:50,18028) [kworker/3:0-ata_sff] (root,0,0,00:00:00/01:58:00,20227) [kworker/0:1] (root,0,0,00:00:02/07:36:56,26887) [kworker/1:2-events] (root,0,0,00:00:00/03:40,30753) [kworker/3:2-events] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-09-19 23:07 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363132c9f2fFound public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189452,12636,00:00:12/7-12:10:18,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/7-12:10:18,2) [kthreadd] (root,0,0,00:00:00/7-12:10:18,3) [rcu_gp] (root,0,0,00:00:00/7-12:10:18,4) [rcu_par_gp] (root,0,0,00:00:00/7-12:10:18,5) [slub_flushwq] (root,0,0,00:00:00/7-12:10:18,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/7-12:10:18,9) [mm_percpu_wq] (root,0,0,00:00:00/7-12:10:18,10) [rcu_tasks_kthre] (root,0,0,00:00:00/7-12:10:18,11) [rcu_tasks_rude_] (root,0,0,00:00:00/7-12:10:18,12) [rcu_tasks_trace] (root,0,0,00:00:13/7-12:10:18,13) [ksoftirqd/0] (root,0,0,00:19:58/7-12:10:18,14) [rcu_preempt] (root,0,0,00:00:02/7-12:10:18,15) [migration/0] (root,0,0,00:00:00/7-12:10:18,16) [idle_inject/0] (root,0,0,00:00:00/7-12:10:18,18) [cpuhp/0] (root,0,0,00:00:00/7-12:10:18,19) [cpuhp/1] (root,0,0,00:00:00/7-12:10:18,20) [idle_inject/1] (root,0,0,00:00:03/7-12:10:18,21) [migration/1] (root,0,0,00:00:10/7-12:10:18,22) [ksoftirqd/1] (root,0,0,00:00:00/7-12:10:18,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/7-12:10:18,25) [cpuhp/2] (root,0,0,00:00:00/7-12:10:18,26) [idle_inject/2] (root,0,0,00:00:02/7-12:10:18,27) [migration/2] (root,0,0,00:13:14/7-12:10:18,28) [ksoftirqd/2] (root,0,0,00:00:00/7-12:10:18,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/7-12:10:18,31) [cpuhp/3] (root,0,0,00:00:00/7-12:10:18,32) [idle_inject/3] (root,0,0,00:00:02/7-12:10:18,33) [migration/3] (root,0,0,00:00:37/7-12:10:18,34) [ksoftirqd/3] (root,0,0,00:00:00/7-12:10:18,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/7-12:10:18,40) [kdevtmpfs] (root,0,0,00:00:00/7-12:10:18,41) [netns] (root,0,0,00:00:00/7-12:10:18,42) [inet_frag_wq] (root,0,0,00:00:00/7-12:10:18,43) [kauditd] (root,0,0,00:00:00/7-12:10:18,44) [khungtaskd] (root,0,0,00:00:00/7-12:10:18,45) [oom_reaper] (root,0,0,00:00:00/7-12:10:18,46) [writeback] (root,0,0,00:00:22/7-12:10:18,47) [kcompactd0] (root,0,0,00:00:00/7-12:10:18,48) [ksmd] (root,0,0,00:00:24/7-12:10:18,49) [khugepaged] (root,0,0,00:00:00/7-12:10:18,75) [kintegrityd] (root,0,0,00:00:00/7-12:10:18,76) [kblockd] (root,0,0,00:00:00/7-12:10:18,77) [blkcg_punt_bio] (root,0,0,00:00:00/7-12:10:18,79) [tpm_dev_wq] (root,0,0,00:00:00/7-12:10:18,80) [edac-poller] (root,0,0,00:00:00/7-12:10:18,81) [devfreq_wq] (root,0,0,00:00:00/7-12:10:18,110) [watchdogd] (root,0,0,00:00:00/7-12:10:18,111) [kswapd0] (root,0,0,00:00:01/7-12:10:18,113) [kworker/2:1H-kblockd] (root,0,0,00:00:00/7-12:10:16,115) [kthrotld] (root,0,0,00:00:00/7-12:10:16,116) [mld] (root,0,0,00:00:00/7-12:10:16,117) [ipv6_addrconf] (root,0,0,00:00:01/7-12:10:16,118) [kworker/0:1H-kblockd] (root,0,0,00:00:00/7-12:10:16,123) [kstrp] (root,0,0,00:00:00/7-12:10:16,124) [zswap-shrink] (root,0,0,00:00:00/7-12:10:16,125) [kworker/u9:0] (root,0,0,00:00:00/7-12:10:16,130) [charger_manager] (root,0,0,00:00:02/7-12:10:16,172) [kworker/1:1H-kblockd] (root,0,0,00:00:03/7-12:10:16,177) [kworker/3:1H-kblockd] (root,0,0,00:00:00/7-12:10:15,239) [kaluad] (root,0,0,00:00:00/7-12:10:15,258) [kmpath_rdacd] (root,0,0,00:00:00/7-12:10:15,304) [kmpathd] (root,0,0,00:00:00/7-12:10:15,305) [kmpath_handlerd] (root,0,0,00:00:00/7-12:10:14,342) [ata_sff] (root,0,0,00:00:00/7-12:10:14,343) [scsi_eh_0] (root,0,0,00:00:00/7-12:10:14,344) [scsi_tmf_0] (root,0,0,00:00:00/7-12:10:14,345) [scsi_eh_1] (root,0,0,00:00:00/7-12:10:14,346) [scsi_tmf_1] (root,0,0,00:00:13/7-12:10:11,366) [jbd2/vda1-8] (root,0,0,00:00:00/7-12:10:11,367) [ext4-rsv-conver] (root,38604,7616,00:00:07/7-12:09:59,440) /usr/lib/systemd/systemd-journald (root,53296,9772,00:00:01/7-12:09:58,454) /usr/lib/systemd/systemd-udevd (root,8624,6244,00:00:11/7-12:09:56,492) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1652,00:00:02/7-12:09:25,511) /sbin/auditd (messagebus,22932,5912,00:00:09/7-12:09:24,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8360,00:00:05/7-12:09:24,530) /usr/lib/systemd/systemd-logind (root,20556,6040,00:00:00/7-12:09:24,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,0,0,00:00:00/18:48,599) [kworker/1:2] (root,31704,17436,00:00:03/7-12:09:22,611) /usr/sbin/wickedd --systemd --foreground (root,31900,18000,00:00:00/7-12:09:22,616) /usr/sbin/wickedd-nanny --systemd --foreground (root,547592,23800,00:00:08/7-12:09:08,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26660,00:00:00/7-12:09:08,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4536,00:00:47/7-12:09:08,1337) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1856,00:00:00/7-12:09:08,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40564,10520,00:00:00/7-12:09:08,1341) /usr/lib/systemd/systemd --user (cm-ssh,40560,10652,00:00:00/7-12:09:08,1342) /usr/lib/systemd/systemd --user (checkmk,40568,10560,00:00:00/7-12:09:08,1343) /usr/lib/systemd/systemd --user (root,448964,8880,00:00:08/7-12:09:08,1345) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6340,00:01:02/7-12:09:08,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,656,00:00:00/7-12:09:08,1352) bpfilter_umh (root,26204,8212,00:00:01/7-12:09:08,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4368,00:00:00/7-12:09:08,1359) ntpd: asynchronous dns resolver (spot,290636,176860,09:12:19/7-12:09:07,1368) /usr/bin/python3.11 /usr/bin/spot (syslogtunnel,48528,3192,00:00:00/7-12:09:07,1371) (sd-pam) (checkmk,48528,3192,00:00:00/7-12:09:07,1372) (sd-pam) (cm-ssh,48528,3192,00:00:00/7-12:09:07,1373) (sd-pam) (root,24216,5268,00:00:02/7-12:09:05,1468) /usr/lib/postfix/bin//master -w (postfix,24292,8244,00:00:00/7-12:09:05,1470) qmgr -l -t fifo -u (root,8964,2656,00:00:01/7-12:09:05,1485) /usr/sbin/cron -n (root,35304,10076,00:00:00/7-12:09:02,1516) sshd: syslogtunnel [priv] (syslogtunnel,35304,5504,00:00:25/7-12:09:01,1527) sshd: syslogtunnel (root,617356,71812,00:09:57/7-12:08:59,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,209344,44436,00:03:54/7-12:08:47,1995) /usr/bin/python3.11 /usr/bin/spot (root,0,0,00:00:00/04:57,2294) [kworker/3:0-ata_sff] (postfix,44628,9380,00:00:00/1-17:44:22,2557) tlsmgr -l -t unix -u (root,35308,10108,00:00:00/7-12:08:22,3216) sshd: cm-ssh [priv] (cm-ssh,35308,5492,00:00:23/7-12:08:22,3218) sshd: cm-ssh (postfix,24244,8216,00:00:00/03:56,5947) pickup -l -t fifo -u (root,0,0,00:00:01/08:55:31,6969) [kworker/0:2-events] (root,0,0,00:00:00/01:40:06,12808) [kworker/u8:0-ext4-rsv-conversion] (root,0,0,00:00:00/01:47:10,17990) [kworker/2:0-events] (root,0,0,00:00:01/06:20:29,18376) [kworker/2:2-events] (root,0,0,00:00:00/58:28,20009) [kworker/u8:2-writeback] (root,6656,3488,00:00:00/00:00,21954) /bin/bash /usr/bin/check_mk_agent (root,13744,3416,00:00:00/00:00,21972) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,21973) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:00/10:08,22435) [kworker/3:1-events] (root,0,0,00:00:00/01:12:24,22475) [kworker/3:2-ata_sff] (root,0,0,00:00:00/29:44,26012) [kworker/0:0-events] (root,0,0,00:00:00/52:25,27803) [kworker/1:1-events] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-09-17 22:59 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe56836365332d8bFound public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189452,12636,00:00:09/5-11:14:24,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/5-11:14:24,2) [kthreadd] (root,0,0,00:00:00/5-11:14:24,3) [rcu_gp] (root,0,0,00:00:00/5-11:14:24,4) [rcu_par_gp] (root,0,0,00:00:00/5-11:14:24,5) [slub_flushwq] (root,0,0,00:00:00/5-11:14:24,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/5-11:14:24,9) [mm_percpu_wq] (root,0,0,00:00:00/5-11:14:24,10) [rcu_tasks_kthre] (root,0,0,00:00:00/5-11:14:24,11) [rcu_tasks_rude_] (root,0,0,00:00:00/5-11:14:24,12) [rcu_tasks_trace] (root,0,0,00:00:09/5-11:14:24,13) [ksoftirqd/0] (root,0,0,00:14:05/5-11:14:24,14) [rcu_preempt] (root,0,0,00:00:01/5-11:14:24,15) [migration/0] (root,0,0,00:00:00/5-11:14:24,16) [idle_inject/0] (root,0,0,00:00:00/5-11:14:24,18) [cpuhp/0] (root,0,0,00:00:00/5-11:14:24,19) [cpuhp/1] (root,0,0,00:00:00/5-11:14:24,20) [idle_inject/1] (root,0,0,00:00:02/5-11:14:24,21) [migration/1] (root,0,0,00:00:07/5-11:14:24,22) [ksoftirqd/1] (root,0,0,00:00:00/5-11:14:24,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/5-11:14:24,25) [cpuhp/2] (root,0,0,00:00:00/5-11:14:24,26) [idle_inject/2] (root,0,0,00:00:01/5-11:14:24,27) [migration/2] (root,0,0,00:09:09/5-11:14:24,28) [ksoftirqd/2] (root,0,0,00:00:00/5-11:14:24,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/5-11:14:24,31) [cpuhp/3] (root,0,0,00:00:00/5-11:14:24,32) [idle_inject/3] (root,0,0,00:00:02/5-11:14:24,33) [migration/3] (root,0,0,00:00:25/5-11:14:24,34) [ksoftirqd/3] (root,0,0,00:00:00/5-11:14:24,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/5-11:14:24,40) [kdevtmpfs] (root,0,0,00:00:00/5-11:14:24,41) [netns] (root,0,0,00:00:00/5-11:14:24,42) [inet_frag_wq] (root,0,0,00:00:00/5-11:14:24,43) [kauditd] (root,0,0,00:00:00/5-11:14:24,44) [khungtaskd] (root,0,0,00:00:00/5-11:14:24,45) [oom_reaper] (root,0,0,00:00:00/5-11:14:24,46) [writeback] (root,0,0,00:00:15/5-11:14:24,47) [kcompactd0] (root,0,0,00:00:00/5-11:14:24,48) [ksmd] (root,0,0,00:00:16/5-11:14:24,49) [khugepaged] (root,0,0,00:00:00/5-11:14:24,75) [kintegrityd] (root,0,0,00:00:00/5-11:14:24,76) [kblockd] (root,0,0,00:00:00/5-11:14:24,77) [blkcg_punt_bio] (root,0,0,00:00:00/5-11:14:24,79) [tpm_dev_wq] (root,0,0,00:00:00/5-11:14:24,80) [edac-poller] (root,0,0,00:00:00/5-11:14:24,81) [devfreq_wq] (root,0,0,00:00:00/5-11:14:24,110) [watchdogd] (root,0,0,00:00:00/5-11:14:24,111) [kswapd0] (root,0,0,00:00:01/5-11:14:24,113) [kworker/2:1H-kblockd] (root,0,0,00:00:00/5-11:14:22,115) [kthrotld] (root,0,0,00:00:00/5-11:14:22,116) [mld] (root,0,0,00:00:00/5-11:14:22,117) [ipv6_addrconf] (root,0,0,00:00:01/5-11:14:22,118) [kworker/0:1H-kblockd] (root,0,0,00:00:00/5-11:14:22,123) [kstrp] (root,0,0,00:00:00/5-11:14:22,124) [zswap-shrink] (root,0,0,00:00:00/5-11:14:22,125) [kworker/u9:0] (root,0,0,00:00:00/5-11:14:22,130) [charger_manager] (root,0,0,00:00:01/5-11:14:22,172) [kworker/1:1H-kblockd] (root,0,0,00:00:02/5-11:14:22,177) [kworker/3:1H-kblockd] (root,0,0,00:00:00/5-11:14:21,239) [kaluad] (root,0,0,00:00:00/5-11:14:21,258) [kmpath_rdacd] (root,0,0,00:00:00/5-11:14:21,304) [kmpathd] (root,0,0,00:00:00/5-11:14:21,305) [kmpath_handlerd] (root,0,0,00:00:00/5-11:14:20,342) [ata_sff] (root,0,0,00:00:00/5-11:14:20,343) [scsi_eh_0] (root,0,0,00:00:00/5-11:14:20,344) [scsi_tmf_0] (root,0,0,00:00:00/5-11:14:20,345) [scsi_eh_1] (root,0,0,00:00:00/5-11:14:20,346) [scsi_tmf_1] (root,0,0,00:00:09/5-11:14:17,366) [jbd2/vda1-8] (root,0,0,00:00:00/5-11:14:17,367) [ext4-rsv-conver] (root,38604,7616,00:00:05/5-11:14:05,440) /usr/lib/systemd/systemd-journald (root,53296,9868,00:00:00/5-11:14:04,454) /usr/lib/systemd/systemd-udevd (root,8624,6244,00:00:08/5-11:14:02,492) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1652,00:00:01/5-11:13:31,511) /sbin/auditd (messagebus,22932,5912,00:00:07/5-11:13:30,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8360,00:00:04/5-11:13:30,530) /usr/lib/systemd/systemd-logind (root,20556,6064,00:00:00/5-11:13:30,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31704,17460,00:00:03/5-11:13:28,611) /usr/sbin/wickedd --systemd --foreground (root,31900,18024,00:00:00/5-11:13:28,616) /usr/sbin/wickedd-nanny --systemd --foreground (root,547592,23628,00:00:06/5-11:13:14,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26736,00:00:00/5-11:13:14,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4536,00:00:33/5-11:13:14,1337) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1856,00:00:00/5-11:13:14,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40564,10520,00:00:00/5-11:13:14,1341) /usr/lib/systemd/systemd --user (cm-ssh,40560,10652,00:00:00/5-11:13:14,1342) /usr/lib/systemd/systemd --user (checkmk,40568,10560,00:00:00/5-11:13:14,1343) /usr/lib/systemd/systemd --user (root,448964,8616,00:00:06/5-11:13:14,1345) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6344,00:00:43/5-11:13:14,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,656,00:00:00/5-11:13:14,1352) bpfilter_umh (root,26204,8212,00:00:01/5-11:13:14,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4372,00:00:00/5-11:13:14,1359) ntpd: asynchronous dns resolver (spot,212396,174684,06:13:57/5-11:13:13,1368) /usr/bin/python3.11 /usr/bin/spot (syslogtunnel,48528,3192,00:00:00/5-11:13:13,1371) (sd-pam) (checkmk,48528,3192,00:00:00/5-11:13:13,1372) (sd-pam) (cm-ssh,48528,3192,00:00:00/5-11:13:13,1373) (sd-pam) (root,24216,5268,00:00:01/5-11:13:11,1468) /usr/lib/postfix/bin//master -w (postfix,24292,8244,00:00:00/5-11:13:11,1470) qmgr -l -t fifo -u (root,8964,2656,00:00:00/5-11:13:11,1485) /usr/sbin/cron -n (root,35304,10076,00:00:00/5-11:13:08,1516) sshd: syslogtunnel [priv] (syslogtunnel,35304,5504,00:00:18/5-11:13:07,1527) sshd: syslogtunnel (root,617100,71456,00:07:07/5-11:13:05,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,0,0,00:00:00/03:19,1947) [kworker/1:1-events] (spot,207296,43148,00:02:45/5-11:12:53,1995) /usr/bin/python3.11 /usr/bin/spot (root,35308,10108,00:00:00/5-11:12:28,3216) sshd: cm-ssh [priv] (cm-ssh,35308,5492,00:00:16/5-11:12:28,3218) sshd: cm-ssh (root,0,0,00:00:03/07:18:41,7244) [kworker/3:2-events] (root,0,0,00:00:00/51:53,11231) [kworker/u8:0-writeback] (root,0,0,00:00:00/00:09,16277) [kworker/3:0-ata_sff] (root,6656,3484,00:00:00/00:00,17032) /bin/bash /usr/bin/check_mk_agent (root,13744,3384,00:00:00/00:00,17050) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,17051) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:00/01:31:46,18387) [kworker/1:0-cgroup_destroy] (root,0,0,00:00:00/47:51,18842) [kworker/0:0-events] (root,0,0,00:00:00/03:54:55,19129) [kworker/0:1-events] (root,0,0,00:00:00/03:33:00,20908) [kworker/2:1-events] (postfix,24244,8264,00:00:00/01:09:02,21538) pickup -l -t fifo -u (root,0,0,00:00:00/02:15:49,25521) [kworker/1:2-events] (root,0,0,00:00:00/05:20,27417) [kworker/3:1-ata_sff] (root,0,0,00:00:00/08:07:37,28908) [kworker/u8:2-writeback] (root,0,0,00:00:00/14:59,31575) [kworker/2:2-events] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-09-15 22:03 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe5683631ffabdcbFound public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189452,12636,00:00:07/3-12:00:47,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/3-12:00:47,2) [kthreadd] (root,0,0,00:00:00/3-12:00:47,3) [rcu_gp] (root,0,0,00:00:00/3-12:00:47,4) [rcu_par_gp] (root,0,0,00:00:00/3-12:00:47,5) [slub_flushwq] (root,0,0,00:00:00/3-12:00:47,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/3-12:00:47,9) [mm_percpu_wq] (root,0,0,00:00:00/3-12:00:47,10) [rcu_tasks_kthre] (root,0,0,00:00:00/3-12:00:47,11) [rcu_tasks_rude_] (root,0,0,00:00:00/3-12:00:47,12) [rcu_tasks_trace] (root,0,0,00:00:05/3-12:00:47,13) [ksoftirqd/0] (root,0,0,00:08:57/3-12:00:47,14) [rcu_preempt] (root,0,0,00:00:01/3-12:00:47,15) [migration/0] (root,0,0,00:00:00/3-12:00:47,16) [idle_inject/0] (root,0,0,00:00:00/3-12:00:47,18) [cpuhp/0] (root,0,0,00:00:00/3-12:00:47,19) [cpuhp/1] (root,0,0,00:00:00/3-12:00:47,20) [idle_inject/1] (root,0,0,00:00:01/3-12:00:47,21) [migration/1] (root,0,0,00:00:05/3-12:00:47,22) [ksoftirqd/1] (root,0,0,00:00:00/3-12:00:47,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/3-12:00:47,25) [cpuhp/2] (root,0,0,00:00:00/3-12:00:47,26) [idle_inject/2] (root,0,0,00:00:01/3-12:00:47,27) [migration/2] (root,0,0,00:06:02/3-12:00:47,28) [ksoftirqd/2] (root,0,0,00:00:00/3-12:00:47,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/3-12:00:47,31) [cpuhp/3] (root,0,0,00:00:00/3-12:00:47,32) [idle_inject/3] (root,0,0,00:00:01/3-12:00:47,33) [migration/3] (root,0,0,00:00:16/3-12:00:47,34) [ksoftirqd/3] (root,0,0,00:00:00/3-12:00:47,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/3-12:00:47,40) [kdevtmpfs] (root,0,0,00:00:00/3-12:00:47,41) [netns] (root,0,0,00:00:00/3-12:00:47,42) [inet_frag_wq] (root,0,0,00:00:00/3-12:00:47,43) [kauditd] (root,0,0,00:00:00/3-12:00:47,44) [khungtaskd] (root,0,0,00:00:00/3-12:00:47,45) [oom_reaper] (root,0,0,00:00:00/3-12:00:47,46) [writeback] (root,0,0,00:00:09/3-12:00:47,47) [kcompactd0] (root,0,0,00:00:00/3-12:00:47,48) [ksmd] (root,0,0,00:00:10/3-12:00:47,49) [khugepaged] (root,0,0,00:00:00/3-12:00:47,75) [kintegrityd] (root,0,0,00:00:00/3-12:00:47,76) [kblockd] (root,0,0,00:00:00/3-12:00:47,77) [blkcg_punt_bio] (root,0,0,00:00:00/3-12:00:47,79) [tpm_dev_wq] (root,0,0,00:00:00/3-12:00:47,80) [edac-poller] (root,0,0,00:00:00/3-12:00:47,81) [devfreq_wq] (root,0,0,00:00:00/3-12:00:47,110) [watchdogd] (root,0,0,00:00:00/3-12:00:47,111) [kswapd0] (root,0,0,00:00:00/3-12:00:47,113) [kworker/2:1H-kblockd] (root,0,0,00:00:00/3-12:00:45,115) [kthrotld] (root,0,0,00:00:00/3-12:00:45,116) [mld] (root,0,0,00:00:00/3-12:00:45,117) [ipv6_addrconf] (root,0,0,00:00:00/3-12:00:45,118) [kworker/0:1H-kblockd] (root,0,0,00:00:00/3-12:00:45,123) [kstrp] (root,0,0,00:00:00/3-12:00:45,124) [zswap-shrink] (root,0,0,00:00:00/3-12:00:45,125) [kworker/u9:0] (root,0,0,00:00:00/3-12:00:45,130) [charger_manager] (root,0,0,00:00:00/3-12:00:45,172) [kworker/1:1H-kblockd] (root,0,0,00:00:01/3-12:00:45,177) [kworker/3:1H-kblockd] (root,0,0,00:00:00/3-12:00:44,239) [kaluad] (root,0,0,00:00:00/3-12:00:44,258) [kmpath_rdacd] (root,0,0,00:00:00/3-12:00:44,304) [kmpathd] (root,0,0,00:00:00/3-12:00:44,305) [kmpath_handlerd] (root,0,0,00:00:00/3-12:00:43,342) [ata_sff] (root,0,0,00:00:00/3-12:00:43,343) [scsi_eh_0] (root,0,0,00:00:00/3-12:00:43,344) [scsi_tmf_0] (root,0,0,00:00:00/3-12:00:43,345) [scsi_eh_1] (root,0,0,00:00:00/3-12:00:43,346) [scsi_tmf_1] (root,0,0,00:00:05/3-12:00:40,366) [jbd2/vda1-8] (root,0,0,00:00:00/3-12:00:40,367) [ext4-rsv-conver] (root,38604,7616,00:00:03/3-12:00:28,440) /usr/lib/systemd/systemd-journald (root,53296,9868,00:00:00/3-12:00:27,454) /usr/lib/systemd/systemd-udevd (root,8624,6244,00:00:05/3-12:00:25,492) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1652,00:00:00/3-11:59:54,511) /sbin/auditd (messagebus,22932,5912,00:00:04/3-11:59:53,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8356,00:00:02/3-11:59:53,530) /usr/lib/systemd/systemd-logind (root,20556,6064,00:00:00/3-11:59:53,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31704,17460,00:00:03/3-11:59:51,611) /usr/sbin/wickedd --systemd --foreground (root,31900,18024,00:00:00/3-11:59:51,616) /usr/sbin/wickedd-nanny --systemd --foreground (root,547336,22784,00:00:04/3-11:59:37,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26736,00:00:00/3-11:59:37,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,0,0,00:00:00/48:23,1333) [kworker/0:1-events] (root,21172,4536,00:00:22/3-11:59:37,1337) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1856,00:00:00/3-11:59:37,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40564,10520,00:00:00/3-11:59:37,1341) /usr/lib/systemd/systemd --user (cm-ssh,40560,10652,00:00:00/3-11:59:37,1342) /usr/lib/systemd/systemd --user (checkmk,40568,10560,00:00:00/3-11:59:37,1343) /usr/lib/systemd/systemd --user (root,448964,8096,00:00:04/3-11:59:37,1345) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6344,00:00:27/3-11:59:37,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,656,00:00:00/3-11:59:37,1352) bpfilter_umh (root,26204,8212,00:00:00/3-11:59:37,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4372,00:00:00/3-11:59:37,1359) ntpd: asynchronous dns resolver (spot,206140,169236,04:01:58/3-11:59:36,1368) /usr/bin/python3.11 /usr/bin/spot (syslogtunnel,48528,3192,00:00:00/3-11:59:36,1371) (sd-pam) (checkmk,48528,3192,00:00:00/3-11:59:36,1372) (sd-pam) (cm-ssh,48528,3192,00:00:00/3-11:59:36,1373) (sd-pam) (root,24216,5268,00:00:01/3-11:59:34,1468) /usr/lib/postfix/bin//master -w (postfix,24292,8244,00:00:00/3-11:59:34,1470) qmgr -l -t fifo -u (root,8964,2656,00:00:00/3-11:59:34,1485) /usr/sbin/cron -n (root,35304,10076,00:00:00/3-11:59:31,1516) sshd: syslogtunnel [priv] (syslogtunnel,35304,5504,00:00:11/3-11:59:30,1527) sshd: syslogtunnel (root,615820,69940,00:04:34/3-11:59:28,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,206272,41868,00:01:48/3-11:59:16,1995) /usr/bin/python3.11 /usr/bin/spot (root,0,0,00:00:01/07:27:28,2276) [kworker/1:2-events] (root,0,0,00:00:00/38:23,2497) [kworker/3:2-events] (root,0,0,00:00:00/07:14,3025) [kworker/3:0-ata_sff] (root,35308,10108,00:00:00/3-11:58:51,3216) sshd: cm-ssh [priv] (cm-ssh,35308,5492,00:00:10/3-11:58:51,3218) sshd: cm-ssh (root,0,0,00:00:00/01:07:43,4067) [kworker/1:1] (root,0,0,00:00:01/07:11:25,5266) [kworker/2:1-events] (postfix,24244,8260,00:00:00/37:16,6052) pickup -l -t fifo -u (root,0,0,00:00:00/34:22,13330) [kworker/u8:2-ext4-rsv-conversion] (root,0,0,00:00:00/03:20:06,13615) [kworker/2:2] (root,0,0,00:00:00/02:04,22442) [kworker/3:1-ata_sff] (root,0,0,00:00:00/23:50,27113) [kworker/u8:1-flush-253:0] (root,0,0,00:00:00/23:39,28172) [kworker/0:2-events] (root,6656,3516,00:00:00/00:00,31204) /bin/bash /usr/bin/check_mk_agent (root,6656,3484,00:00:00/00:00,31268) /bin/bash /usr/bin/check_mk_agent (root,13744,3452,00:00:00/00:00,31288) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,960,00:00:00/00:00,31289) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-09-13 22:49 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363bd287884Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189452,12636,00:00:04/1-11:51:07,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/1-11:51:07,2) [kthreadd] (root,0,0,00:00:00/1-11:51:07,3) [rcu_gp] (root,0,0,00:00:00/1-11:51:07,4) [rcu_par_gp] (root,0,0,00:00:00/1-11:51:07,5) [slub_flushwq] (root,0,0,00:00:00/1-11:51:07,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/1-11:51:07,9) [mm_percpu_wq] (root,0,0,00:00:00/1-11:51:07,10) [rcu_tasks_kthre] (root,0,0,00:00:00/1-11:51:07,11) [rcu_tasks_rude_] (root,0,0,00:00:00/1-11:51:07,12) [rcu_tasks_trace] (root,0,0,00:00:02/1-11:51:07,13) [ksoftirqd/0] (root,0,0,00:03:57/1-11:51:07,14) [rcu_preempt] (root,0,0,00:00:00/1-11:51:07,15) [migration/0] (root,0,0,00:00:00/1-11:51:07,16) [idle_inject/0] (root,0,0,00:00:00/1-11:51:07,18) [cpuhp/0] (root,0,0,00:00:00/1-11:51:07,19) [cpuhp/1] (root,0,0,00:00:00/1-11:51:07,20) [idle_inject/1] (root,0,0,00:00:00/1-11:51:07,21) [migration/1] (root,0,0,00:00:02/1-11:51:07,22) [ksoftirqd/1] (root,0,0,00:00:00/1-11:51:07,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/1-11:51:07,25) [cpuhp/2] (root,0,0,00:00:00/1-11:51:07,26) [idle_inject/2] (root,0,0,00:00:00/1-11:51:07,27) [migration/2] (root,0,0,00:02:32/1-11:51:07,28) [ksoftirqd/2] (root,0,0,00:00:00/1-11:51:07,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/1-11:51:07,31) [cpuhp/3] (root,0,0,00:00:00/1-11:51:07,32) [idle_inject/3] (root,0,0,00:00:00/1-11:51:07,33) [migration/3] (root,0,0,00:00:08/1-11:51:07,34) [ksoftirqd/3] (root,0,0,00:00:00/1-11:51:07,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/1-11:51:07,40) [kdevtmpfs] (root,0,0,00:00:00/1-11:51:07,41) [netns] (root,0,0,00:00:00/1-11:51:07,42) [inet_frag_wq] (root,0,0,00:00:00/1-11:51:07,43) [kauditd] (root,0,0,00:00:00/1-11:51:07,44) [khungtaskd] (root,0,0,00:00:00/1-11:51:07,45) [oom_reaper] (root,0,0,00:00:00/1-11:51:07,46) [writeback] (root,0,0,00:00:04/1-11:51:07,47) [kcompactd0] (root,0,0,00:00:00/1-11:51:07,48) [ksmd] (root,0,0,00:00:04/1-11:51:07,49) [khugepaged] (root,0,0,00:00:00/1-11:51:07,75) [kintegrityd] (root,0,0,00:00:00/1-11:51:07,76) [kblockd] (root,0,0,00:00:00/1-11:51:07,77) [blkcg_punt_bio] (root,0,0,00:00:00/1-11:51:07,79) [tpm_dev_wq] (root,0,0,00:00:00/1-11:51:07,80) [edac-poller] (root,0,0,00:00:00/1-11:51:07,81) [devfreq_wq] (root,0,0,00:00:00/1-11:51:07,110) [watchdogd] (root,0,0,00:00:00/1-11:51:07,111) [kswapd0] (root,0,0,00:00:00/1-11:51:07,113) [kworker/2:1H-kblockd] (root,0,0,00:00:00/1-11:51:05,115) [kthrotld] (root,0,0,00:00:00/1-11:51:05,116) [mld] (root,0,0,00:00:00/1-11:51:05,117) [ipv6_addrconf] (root,0,0,00:00:00/1-11:51:05,118) [kworker/0:1H-kblockd] (root,0,0,00:00:00/1-11:51:05,123) [kstrp] (root,0,0,00:00:00/1-11:51:05,124) [zswap-shrink] (root,0,0,00:00:00/1-11:51:05,125) [kworker/u9:0] (root,0,0,00:00:00/1-11:51:05,130) [charger_manager] (root,0,0,00:00:00/1-11:51:05,172) [kworker/1:1H-kblockd] (root,0,0,00:00:00/1-11:51:05,177) [kworker/3:1H-kblockd] (root,0,0,00:00:00/1-11:51:04,239) [kaluad] (root,0,0,00:00:00/1-11:51:04,258) [kmpath_rdacd] (root,0,0,00:00:00/1-11:51:04,304) [kmpathd] (root,0,0,00:00:00/1-11:51:04,305) [kmpath_handlerd] (root,0,0,00:00:00/1-11:51:03,342) [ata_sff] (root,0,0,00:00:00/1-11:51:03,343) [scsi_eh_0] (root,0,0,00:00:00/1-11:51:03,344) [scsi_tmf_0] (root,0,0,00:00:00/1-11:51:03,345) [scsi_eh_1] (root,0,0,00:00:00/1-11:51:03,346) [scsi_tmf_1] (root,0,0,00:00:02/1-11:51:00,366) [jbd2/vda1-8] (root,0,0,00:00:00/1-11:51:00,367) [ext4-rsv-conver] (root,38604,7616,00:00:01/1-11:50:48,440) /usr/lib/systemd/systemd-journald (root,53296,9868,00:00:00/1-11:50:47,454) /usr/lib/systemd/systemd-udevd (root,8624,6244,00:00:02/1-11:50:45,492) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1652,00:00:00/1-11:50:14,511) /sbin/auditd (messagebus,22932,5912,00:00:02/1-11:50:13,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8332,00:00:01/1-11:50:13,530) /usr/lib/systemd/systemd-logind (root,20556,6064,00:00:00/1-11:50:13,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31704,17460,00:00:03/1-11:50:11,611) /usr/sbin/wickedd --systemd --foreground (root,31900,18024,00:00:00/1-11:50:11,616) /usr/sbin/wickedd-nanny --systemd --foreground (root,547336,22256,00:00:01/1-11:49:57,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26736,00:00:00/1-11:49:57,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4536,00:00:08/1-11:49:57,1337) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1856,00:00:00/1-11:49:57,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40564,10520,00:00:00/1-11:49:57,1341) /usr/lib/systemd/systemd --user (cm-ssh,40560,10652,00:00:00/1-11:49:57,1342) /usr/lib/systemd/systemd --user (checkmk,40568,10560,00:00:00/1-11:49:57,1343) /usr/lib/systemd/systemd --user (root,448964,8096,00:00:02/1-11:49:57,1345) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6344,00:00:12/1-11:49:57,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,656,00:00:00/1-11:49:57,1352) bpfilter_umh (root,26204,8212,00:00:00/1-11:49:57,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4372,00:00:00/1-11:49:57,1359) ntpd: asynchronous dns resolver (spot,204716,167860,01:59:15/1-11:49:56,1368) /usr/bin/python3.11 /usr/bin/spot (syslogtunnel,48528,3192,00:00:00/1-11:49:56,1371) (sd-pam) (checkmk,48528,3192,00:00:00/1-11:49:56,1372) (sd-pam) (cm-ssh,48528,3192,00:00:00/1-11:49:56,1373) (sd-pam) (root,24216,5268,00:00:00/1-11:49:54,1468) /usr/lib/postfix/bin//master -w (postfix,24292,8244,00:00:00/1-11:49:54,1470) qmgr -l -t fifo -u (root,8964,2656,00:00:00/1-11:49:54,1485) /usr/sbin/cron -n (root,35304,10076,00:00:00/1-11:49:51,1516) sshd: syslogtunnel [priv] (syslogtunnel,35304,5504,00:00:05/1-11:49:50,1527) sshd: syslogtunnel (root,615564,69636,00:02:02/1-11:49:48,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,206272,41340,00:00:49/1-11:49:36,1995) /usr/bin/python3.11 /usr/bin/spot (root,35308,10108,00:00:00/1-11:49:11,3216) sshd: cm-ssh [priv] (cm-ssh,35308,5492,00:00:04/1-11:49:11,3218) sshd: cm-ssh (root,0,0,00:00:00/02:15,10989) [kworker/3:2-events] (postfix,24244,8224,00:00:00/49:32,12603) pickup -l -t fifo -u (root,0,0,00:00:00/00:29,17596) [kworker/0:0-events] (root,0,0,00:00:00/28:11,17872) [kworker/3:1-ata_sff] (root,0,0,00:00:00/01:54:17,18327) [kworker/u8:2-writeback] (root,6656,3488,00:00:00/00:00,21132) /bin/bash /usr/bin/check_mk_agent (root,6656,1824,00:00:00/00:00,21173) /bin/bash /usr/bin/check_mk_agent (root,6656,2016,00:00:00/00:00,21174) /bin/bash /usr/bin/check_mk_agent (root,4480,1044,00:00:00/00:00,21175) awk /:/ { c[$4]++; } END { for (x in c) { print x, c[x]; } } (root,2728,840,00:00:00/00:00,21176) timeout 5 cat /proc/net/tcp /proc/net/tcp6 (root,2676,1384,00:00:00/00:00,21177) cat /proc/net/tcp /proc/net/tcp6 (root,6656,3484,00:00:00/00:00,21178) /bin/bash /usr/bin/check_mk_agent (root,13744,3416,00:00:00/00:00,21196) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,21197) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:00/11:25,22269) [kworker/0:2-events] (root,0,0,00:00:00/59:46,22963) [kworker/u8:1-ext4-rsv-conversion] (root,0,0,00:00:00/01:17:37,24470) [kworker/2:1-events] (root,0,0,00:00:06/05:50:29,25188) [kworker/1:2-events] (root,0,0,00:00:00/04:01:18,25538) [kworker/1:1] (root,0,0,00:00:00/01:50:27,25963) [kworker/2:0-events] (root,0,0,00:00:00/03:06:58,31079) [kworker/0:1-events] (root,0,0,00:00:00/07:27,31982) [kworker/3:0-ata_sff] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-09-11 22:39 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe5683638090be66Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189460,12476,00:00:07/3-15:20:42,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/3-15:20:42,2) [kthreadd] (root,0,0,00:00:00/3-15:20:42,3) [rcu_gp] (root,0,0,00:00:00/3-15:20:42,4) [rcu_par_gp] (root,0,0,00:00:00/3-15:20:42,5) [slub_flushwq] (root,0,0,00:00:00/3-15:20:42,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/3-15:20:42,9) [mm_percpu_wq] (root,0,0,00:00:00/3-15:20:42,10) [rcu_tasks_kthre] (root,0,0,00:00:00/3-15:20:42,11) [rcu_tasks_rude_] (root,0,0,00:00:00/3-15:20:42,12) [rcu_tasks_trace] (root,0,0,00:00:09/3-15:20:42,13) [ksoftirqd/0] (root,0,0,00:13:02/3-15:20:42,14) [rcu_preempt] (root,0,0,00:00:01/3-15:20:42,15) [migration/0] (root,0,0,00:00:00/3-15:20:42,16) [idle_inject/0] (root,0,0,00:00:00/3-15:20:42,18) [cpuhp/0] (root,0,0,00:00:00/3-15:20:42,19) [cpuhp/1] (root,0,0,00:00:00/3-15:20:42,20) [idle_inject/1] (root,0,0,00:00:01/3-15:20:42,21) [migration/1] (root,0,0,00:00:07/3-15:20:42,22) [ksoftirqd/1] (root,0,0,00:00:00/3-15:20:42,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/3-15:20:42,25) [cpuhp/2] (root,0,0,00:00:00/3-15:20:42,26) [idle_inject/2] (root,0,0,00:00:01/3-15:20:42,27) [migration/2] (root,0,0,00:13:00/3-15:20:42,28) [ksoftirqd/2] (root,0,0,00:00:00/3-15:20:42,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/3-15:20:42,31) [cpuhp/3] (root,0,0,00:00:00/3-15:20:42,32) [idle_inject/3] (root,0,0,00:00:01/3-15:20:42,33) [migration/3] (root,0,0,00:00:35/3-15:20:42,34) [ksoftirqd/3] (root,0,0,00:00:00/3-15:20:42,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/3-15:20:42,41) [kdevtmpfs] (root,0,0,00:00:00/3-15:20:42,42) [netns] (root,0,0,00:00:00/3-15:20:42,43) [inet_frag_wq] (root,0,0,00:00:00/3-15:20:42,44) [kauditd] (root,0,0,00:00:00/3-15:20:42,46) [khungtaskd] (root,0,0,00:00:00/3-15:20:42,47) [oom_reaper] (root,0,0,00:00:00/3-15:20:42,48) [writeback] (root,0,0,00:00:15/3-15:20:42,49) [kcompactd0] (root,0,0,00:00:00/3-15:20:42,50) [ksmd] (root,0,0,00:00:11/3-15:20:42,51) [khugepaged] (root,0,0,00:00:00/3-15:20:42,76) [kintegrityd] (root,0,0,00:00:00/3-15:20:42,77) [kblockd] (root,0,0,00:00:00/3-15:20:42,78) [blkcg_punt_bio] (root,0,0,00:00:00/3-15:20:42,80) [tpm_dev_wq] (root,0,0,00:00:00/3-15:20:42,81) [edac-poller] (root,0,0,00:00:00/3-15:20:42,82) [devfreq_wq] (root,0,0,00:00:00/3-15:20:42,111) [watchdogd] (root,0,0,00:00:01/3-15:20:42,113) [kworker/1:1H-kblockd] (root,0,0,00:00:00/3-15:20:42,114) [kswapd0] (root,0,0,00:00:00/3-15:20:41,116) [kthrotld] (root,0,0,00:00:00/3-15:20:41,117) [mld] (root,0,0,00:00:00/3-15:20:41,118) [ipv6_addrconf] (root,0,0,00:00:01/3-15:20:41,119) [kworker/3:1H-kblockd] (root,0,0,00:00:00/3-15:20:41,124) [kstrp] (root,0,0,00:00:00/3-15:20:41,125) [zswap-shrink] (root,0,0,00:00:00/3-15:20:41,126) [kworker/u9:0] (root,0,0,00:00:00/3-15:20:41,131) [charger_manager] (root,0,0,00:00:01/3-15:20:41,173) [kworker/0:1H-kblockd] (root,0,0,00:00:01/3-15:20:41,177) [kworker/2:1H-kblockd] (root,0,0,00:00:00/3-15:20:41,190) [kaluad] (root,0,0,00:00:00/3-15:20:41,197) [kmpath_rdacd] (root,0,0,00:00:00/3-15:20:41,210) [kmpathd] (root,0,0,00:00:00/3-15:20:41,212) [kmpath_handlerd] (root,0,0,00:00:00/3-15:20:41,335) [ata_sff] (root,0,0,00:00:00/3-15:20:41,336) [scsi_eh_0] (root,0,0,00:00:00/3-15:20:41,337) [scsi_tmf_0] (root,0,0,00:00:00/3-15:20:41,338) [scsi_eh_1] (root,0,0,00:00:00/3-15:20:41,341) [scsi_tmf_1] (root,0,0,00:00:08/3-15:20:40,365) [jbd2/vda1-8] (root,0,0,00:00:00/3-15:20:40,366) [ext4-rsv-conver] (root,38604,7720,00:00:04/3-15:20:38,435) /usr/lib/systemd/systemd-journald (root,52912,9276,00:00:00/3-15:20:38,452) /usr/lib/systemd/systemd-udevd (root,8624,6920,00:00:07/3-15:20:38,490) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1648,00:00:01/3-15:20:37,509) /sbin/auditd (messagebus,22940,5852,00:00:05/3-15:20:37,515) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38756,8376,00:00:03/3-15:20:37,522) /usr/lib/systemd/systemd-logind (root,20556,6136,00:00:00/3-15:20:37,525) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31704,17424,00:00:03/3-15:20:37,612) /usr/sbin/wickedd --systemd --foreground (root,31904,17884,00:00:00/3-15:20:37,613) /usr/sbin/wickedd-nanny --systemd --foreground (root,547336,24716,00:00:04/3-15:20:26,2070) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26892,00:00:00/3-15:20:26,2082) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4524,00:00:20/3-15:20:26,2094) /usr/sbin/xinetd -stayalive -dontfork (root,448724,10192,00:00:05/3-15:20:26,2096) /usr/sbin/rsyslogd -n -iNONE (root,2984,1756,00:00:00/3-15:20:26,2097) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40568,10592,00:00:00/3-15:20:26,2098) /usr/lib/systemd/systemd --user (cm-ssh,40560,10476,00:00:00/3-15:20:26,2099) /usr/lib/systemd/systemd --user (checkmk,40564,10532,00:00:00/3-15:20:26,2100) /usr/lib/systemd/systemd --user (ntp,20660,6368,00:00:36/3-15:20:26,2104) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,644,00:00:00/3-15:20:26,2106) bpfilter_umh (root,26204,8300,00:00:00/3-15:20:26,2109) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4396,00:00:00/3-15:20:26,2113) ntpd: asynchronous dns resolver (spot,226404,187408,08:28:41/3-15:20:26,2118) /usr/bin/python3.11 /usr/bin/spot (checkmk,48544,3180,00:00:00/3-15:20:26,2121) (sd-pam) (cm-ssh,48544,3180,00:00:00/3-15:20:26,2122) (sd-pam) (syslogtunnel,48544,3180,00:00:00/3-15:20:26,2123) (sd-pam) (root,24216,5416,00:00:01/3-15:20:25,2222) /usr/lib/postfix/bin//master -w (postfix,24292,8260,00:00:00/3-15:20:25,2224) qmgr -l -t fifo -u (root,8956,2652,00:00:00/3-15:20:25,2246) /usr/sbin/cron -n (root,616308,69032,00:05:50/3-15:20:25,2261) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,207296,41464,00:02:31/3-15:20:23,2272) /usr/bin/python3.11 /usr/bin/spot (root,35308,9940,00:00:00/3-15:20:20,2320) sshd: cm-ssh [priv] (cm-ssh,35308,5384,00:00:13/3-15:20:20,2322) sshd: cm-ssh (root,35308,9992,00:00:00/3-15:20:16,2329) sshd: syslogtunnel [priv] (syslogtunnel,35308,5312,00:00:15/3-15:20:16,2331) sshd: syslogtunnel (root,0,0,00:00:00/02:27:27,3663) [kworker/0:0] (root,0,0,00:00:00/01:09:13,4011) [kworker/0:2-events] (root,0,0,00:00:00/01:05:05,10069) [kworker/u8:2-writeback] (root,0,0,00:00:00/04:17,11792) [kworker/3:0-ata_sff] (postfix,24244,8240,00:00:00/39:04,13051) pickup -l -t fifo -u (root,0,0,00:00:00/03:54:01,13520) [kworker/2:1-cgroup_destroy] (root,0,0,00:00:00/36:09,14875) [kworker/1:0-events] (root,0,0,00:00:00/04:04:49,16689) [kworker/1:1-events] (postfix,44628,9388,00:00:00/19:41:21,18145) tlsmgr -l -t unix -u (root,0,0,00:00:00/02:05:03,20649) [kworker/u8:1-ext4-rsv-conversion] (root,0,0,00:00:01/02:03:36,21904) [kworker/3:1-events] (root,0,0,00:00:00/09:27,27337) [kworker/3:2-ata_sff] (root,0,0,00:00:00/02:38:18,28204) [kworker/2:0-events] (root,6656,3484,00:00:00/00:00,31239) /bin/bash /usr/bin/check_mk_agent (root,13744,3488,00:00:00/00:00,31257) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,968,00:00:00/00:00,31258) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-09-10 00:26 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363c1c85db2Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189460,12472,00:00:07/3-09:20:41,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/3-09:20:41,2) [kthreadd] (root,0,0,00:00:00/3-09:20:41,3) [rcu_gp] (root,0,0,00:00:00/3-09:20:41,4) [rcu_par_gp] (root,0,0,00:00:00/3-09:20:41,5) [slub_flushwq] (root,0,0,00:00:00/3-09:20:41,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/3-09:20:41,9) [mm_percpu_wq] (root,0,0,00:00:00/3-09:20:41,10) [rcu_tasks_kthre] (root,0,0,00:00:00/3-09:20:41,11) [rcu_tasks_rude_] (root,0,0,00:00:00/3-09:20:41,12) [rcu_tasks_trace] (root,0,0,00:00:09/3-09:20:41,13) [ksoftirqd/0] (root,0,0,00:12:17/3-09:20:41,14) [rcu_preempt] (root,0,0,00:00:01/3-09:20:41,15) [migration/0] (root,0,0,00:00:00/3-09:20:41,16) [idle_inject/0] (root,0,0,00:00:00/3-09:20:41,18) [cpuhp/0] (root,0,0,00:00:00/3-09:20:41,19) [cpuhp/1] (root,0,0,00:00:00/3-09:20:41,20) [idle_inject/1] (root,0,0,00:00:01/3-09:20:41,21) [migration/1] (root,0,0,00:00:06/3-09:20:41,22) [ksoftirqd/1] (root,0,0,00:00:00/3-09:20:41,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/3-09:20:41,25) [cpuhp/2] (root,0,0,00:00:00/3-09:20:41,26) [idle_inject/2] (root,0,0,00:00:01/3-09:20:41,27) [migration/2] (root,0,0,00:12:29/3-09:20:41,28) [ksoftirqd/2] (root,0,0,00:00:00/3-09:20:41,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/3-09:20:41,31) [cpuhp/3] (root,0,0,00:00:00/3-09:20:41,32) [idle_inject/3] (root,0,0,00:00:01/3-09:20:41,33) [migration/3] (root,0,0,00:00:34/3-09:20:41,34) [ksoftirqd/3] (root,0,0,00:00:00/3-09:20:41,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/3-09:20:41,41) [kdevtmpfs] (root,0,0,00:00:00/3-09:20:41,42) [netns] (root,0,0,00:00:00/3-09:20:41,43) [inet_frag_wq] (root,0,0,00:00:00/3-09:20:41,44) [kauditd] (root,0,0,00:00:00/3-09:20:41,46) [khungtaskd] (root,0,0,00:00:00/3-09:20:41,47) [oom_reaper] (root,0,0,00:00:00/3-09:20:41,48) [writeback] (root,0,0,00:00:14/3-09:20:41,49) [kcompactd0] (root,0,0,00:00:00/3-09:20:41,50) [ksmd] (root,0,0,00:00:11/3-09:20:41,51) [khugepaged] (root,0,0,00:00:00/3-09:20:41,76) [kintegrityd] (root,0,0,00:00:00/3-09:20:41,77) [kblockd] (root,0,0,00:00:00/3-09:20:41,78) [blkcg_punt_bio] (root,0,0,00:00:00/3-09:20:41,80) [tpm_dev_wq] (root,0,0,00:00:00/3-09:20:41,81) [edac-poller] (root,0,0,00:00:00/3-09:20:41,82) [devfreq_wq] (root,0,0,00:00:00/3-09:20:41,111) [watchdogd] (root,0,0,00:00:01/3-09:20:41,113) [kworker/1:1H-kblockd] (root,0,0,00:00:00/3-09:20:41,114) [kswapd0] (root,0,0,00:00:00/3-09:20:40,116) [kthrotld] (root,0,0,00:00:00/3-09:20:40,117) [mld] (root,0,0,00:00:00/3-09:20:40,118) [ipv6_addrconf] (root,0,0,00:00:01/3-09:20:40,119) [kworker/3:1H-kblockd] (root,0,0,00:00:00/3-09:20:40,124) [kstrp] (root,0,0,00:00:00/3-09:20:40,125) [zswap-shrink] (root,0,0,00:00:00/3-09:20:40,126) [kworker/u9:0] (root,0,0,00:00:00/3-09:20:40,131) [charger_manager] (root,0,0,00:00:01/3-09:20:40,173) [kworker/0:1H-kblockd] (root,0,0,00:00:01/3-09:20:40,177) [kworker/2:1H-kblockd] (root,0,0,00:00:00/3-09:20:40,190) [kaluad] (root,0,0,00:00:00/3-09:20:40,197) [kmpath_rdacd] (root,0,0,00:00:00/3-09:20:40,210) [kmpathd] (root,0,0,00:00:00/3-09:20:40,212) [kmpath_handlerd] (root,0,0,00:00:00/3-09:20:40,335) [ata_sff] (root,0,0,00:00:00/3-09:20:40,336) [scsi_eh_0] (root,0,0,00:00:00/3-09:20:40,337) [scsi_tmf_0] (root,0,0,00:00:00/3-09:20:40,338) [scsi_eh_1] (root,0,0,00:00:00/3-09:20:40,341) [scsi_tmf_1] (root,0,0,00:00:07/3-09:20:39,365) [jbd2/vda1-8] (root,0,0,00:00:00/3-09:20:39,366) [ext4-rsv-conver] (root,38604,7720,00:00:04/3-09:20:37,435) /usr/lib/systemd/systemd-journald (root,52912,9276,00:00:00/3-09:20:37,452) /usr/lib/systemd/systemd-udevd (root,8624,6920,00:00:06/3-09:20:37,490) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1648,00:00:01/3-09:20:36,509) /sbin/auditd (messagebus,22940,5852,00:00:05/3-09:20:36,515) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38756,8376,00:00:03/3-09:20:36,522) /usr/lib/systemd/systemd-logind (root,20556,6136,00:00:00/3-09:20:36,525) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31704,17424,00:00:03/3-09:20:36,612) /usr/sbin/wickedd --systemd --foreground (root,31904,17884,00:00:00/3-09:20:36,613) /usr/sbin/wickedd-nanny --systemd --foreground (root,547336,24208,00:00:04/3-09:20:25,2070) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26892,00:00:00/3-09:20:25,2082) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4524,00:00:18/3-09:20:25,2094) /usr/sbin/xinetd -stayalive -dontfork (root,448724,10192,00:00:04/3-09:20:25,2096) /usr/sbin/rsyslogd -n -iNONE (root,2984,1756,00:00:00/3-09:20:25,2097) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40568,10592,00:00:00/3-09:20:25,2098) /usr/lib/systemd/systemd --user (cm-ssh,40560,10476,00:00:00/3-09:20:25,2099) /usr/lib/systemd/systemd --user (checkmk,40564,10532,00:00:00/3-09:20:25,2100) /usr/lib/systemd/systemd --user (ntp,20660,6368,00:00:34/3-09:20:25,2104) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,644,00:00:00/3-09:20:25,2106) bpfilter_umh (root,26204,8300,00:00:00/3-09:20:25,2109) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4396,00:00:00/3-09:20:25,2113) ntpd: asynchronous dns resolver (spot,226372,187400,07:59:50/3-09:20:25,2118) /usr/bin/python3.11 /usr/bin/spot (checkmk,48544,3180,00:00:00/3-09:20:25,2121) (sd-pam) (cm-ssh,48544,3180,00:00:00/3-09:20:25,2122) (sd-pam) (syslogtunnel,48544,3180,00:00:00/3-09:20:25,2123) (sd-pam) (root,24216,5416,00:00:01/3-09:20:24,2222) /usr/lib/postfix/bin//master -w (postfix,24292,8260,00:00:00/3-09:20:24,2224) qmgr -l -t fifo -u (root,8956,2652,00:00:00/3-09:20:24,2246) /usr/sbin/cron -n (root,616308,68968,00:05:29/3-09:20:24,2261) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,207296,41440,00:02:24/3-09:20:22,2272) /usr/bin/python3.11 /usr/bin/spot (root,35308,9940,00:00:00/3-09:20:19,2320) sshd: cm-ssh [priv] (cm-ssh,35308,5384,00:00:13/3-09:20:19,2322) sshd: cm-ssh (root,35308,9992,00:00:00/3-09:20:15,2329) sshd: syslogtunnel [priv] (syslogtunnel,35308,5312,00:00:14/3-09:20:15,2331) sshd: syslogtunnel (root,0,0,00:00:00/02:21:40,6348) [kworker/0:1-events] (root,0,0,00:00:00/45:36,11248) [kworker/u8:1-ext4-rsv-conversion] (root,0,0,00:00:01/03:19:24,14254) [kworker/3:0-events] (root,0,0,00:00:00/02:00:40,15103) [kworker/u8:0-ext4-rsv-conversion] (postfix,44628,9388,00:00:00/13:41:20,18145) tlsmgr -l -t unix -u (root,0,0,00:00:00/13:23,22601) [kworker/1:2] (root,0,0,00:00:00/07:26,24455) [kworker/3:1-ata_sff] (root,0,0,00:00:00/02:15,26008) [kworker/3:2-ata_sff] (root,0,0,00:00:00/01:06,26411) [kworker/u8:2-ext4-rsv-conversion] (root,6656,3488,00:00:00/00:00,26914) /bin/bash /usr/bin/check_mk_agent (root,13744,3524,00:00:00/00:00,26932) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,960,00:00:00/00:00,26933) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:00/06:43:17,27078) [kworker/2:2-events] (root,0,0,00:00:00/01:27:55,29310) [kworker/0:0] (root,0,0,00:00:00/02:42:58,31109) [kworker/1:1-events] (postfix,24244,8236,00:00:00/01:19:19,31692) pickup -l -t fifo -u (root,0,0,00:00:00/01:17:22,32111) [kworker/2:1-events] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-09-09 18:26
Domain summary
No record