Host 212.201.193.138
Germany
Verein zur Foerderung eines Deutschen Forschungsnetzes e.V.
Software information
squid 2.5.STABLE12
tcp/8080
-
CheckMK monitoring endpoint publicly available
An open CheckMK agent is publicly available.
This could leak sensitive information such as :
- Process list ( maybe credentials )
- Network interfaces
- Running services
- Firewall rules
- Internal OS configuration
https://docs.checkmk.com/latest/en/wato_monitoringagents.html
First seen 2024-09-10 00:29
Last seen 2024-12-22 00:47
Open for 103 days-
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363b6c21e00Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189460,12584,00:01:36/39-14:25:30,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:01/39-14:25:30,2) [kthreadd] (root,0,0,00:00:00/39-14:25:30,3) [rcu_gp] (root,0,0,00:00:00/39-14:25:30,4) [rcu_par_gp] (root,0,0,00:00:00/39-14:25:30,5) [slub_flushwq] (root,0,0,00:00:00/39-14:25:30,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/39-14:25:30,9) [mm_percpu_wq] (root,0,0,00:00:00/39-14:25:30,10) [rcu_tasks_kthre] (root,0,0,00:00:00/39-14:25:30,11) [rcu_tasks_rude_] (root,0,0,00:00:00/39-14:25:30,12) [rcu_tasks_trace] (root,0,0,00:01:14/39-14:25:30,13) [ksoftirqd/0] (root,0,0,01:45:16/39-14:25:30,14) [rcu_preempt] (root,0,0,00:00:15/39-14:25:30,15) [migration/0] (root,0,0,00:00:00/39-14:25:30,16) [idle_inject/0] (root,0,0,00:00:00/39-14:25:30,18) [cpuhp/0] (root,0,0,00:00:00/39-14:25:30,19) [cpuhp/1] (root,0,0,00:00:00/39-14:25:30,20) [idle_inject/1] (root,0,0,00:00:15/39-14:25:30,21) [migration/1] (root,0,0,00:01:05/39-14:25:30,22) [ksoftirqd/1] (root,0,0,00:00:00/39-14:25:30,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/39-14:25:30,25) [cpuhp/2] (root,0,0,00:00:00/39-14:25:30,26) [idle_inject/2] (root,0,0,00:00:12/39-14:25:30,27) [migration/2] (root,0,0,01:14:04/39-14:25:30,28) [ksoftirqd/2] (root,0,0,00:00:00/39-14:25:30,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/39-14:25:30,31) [cpuhp/3] (root,0,0,00:00:00/39-14:25:30,32) [idle_inject/3] (root,0,0,00:00:14/39-14:25:30,33) [migration/3] (root,0,0,00:03:31/39-14:25:30,34) [ksoftirqd/3] (root,0,0,00:00:00/39-14:25:30,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/39-14:25:30,39) [kdevtmpfs] (root,0,0,00:00:00/39-14:25:30,40) [netns] (root,0,0,00:00:00/39-14:25:30,41) [inet_frag_wq] (root,0,0,00:00:09/39-14:25:30,42) [kauditd] (root,0,0,00:00:00/39-14:25:30,43) [khungtaskd] (root,0,0,00:00:00/39-14:25:30,44) [oom_reaper] (root,0,0,00:00:00/39-14:25:30,45) [writeback] (root,0,0,00:01:56/39-14:25:30,46) [kcompactd0] (root,0,0,00:00:00/39-14:25:30,47) [ksmd] (root,0,0,00:01:57/39-14:25:30,48) [khugepaged] (root,0,0,00:00:00/39-14:25:30,74) [kintegrityd] (root,0,0,00:00:00/39-14:25:30,75) [kblockd] (root,0,0,00:00:00/39-14:25:30,76) [blkcg_punt_bio] (root,0,0,00:00:00/39-14:25:30,78) [tpm_dev_wq] (root,0,0,00:00:00/39-14:25:30,79) [edac-poller] (root,0,0,00:00:00/39-14:25:30,80) [devfreq_wq] (root,0,0,00:00:00/39-14:25:30,110) [watchdogd] (root,0,0,00:00:08/39-14:25:30,111) [kworker/2:1H-kblockd] (root,0,0,00:00:02/39-14:25:30,112) [kswapd0] (root,0,0,00:00:00/39-14:25:29,114) [kthrotld] (root,0,0,00:00:00/39-14:25:29,115) [mld] (root,0,0,00:00:00/39-14:25:29,116) [ipv6_addrconf] (root,0,0,00:00:17/39-14:25:29,117) [kworker/1:1H-kblockd] (root,0,0,00:00:00/39-14:25:29,122) [kstrp] (root,0,0,00:00:00/39-14:25:29,123) [zswap-shrink] (root,0,0,00:00:00/39-14:25:29,124) [kworker/u9:0] (root,0,0,00:00:00/39-14:25:29,129) [charger_manager] (root,0,0,00:00:08/39-14:25:28,172) [kworker/3:1H-kblockd] (root,0,0,00:00:09/39-14:25:28,175) [kworker/0:1H-kblockd] (root,0,0,00:00:00/39-14:25:28,205) [kaluad] (root,0,0,00:00:00/39-14:25:28,250) [kmpath_rdacd] (root,0,0,00:00:00/39-14:25:28,293) [kmpathd] (root,0,0,00:00:00/39-14:25:28,294) [kmpath_handlerd] (root,0,0,00:00:00/39-14:25:28,342) [ata_sff] (root,0,0,00:00:00/39-14:25:27,343) [scsi_eh_0] (root,0,0,00:00:00/39-14:25:27,344) [scsi_tmf_0] (root,0,0,00:00:00/39-14:25:27,345) [scsi_eh_1] (root,0,0,00:00:00/39-14:25:27,346) [scsi_tmf_1] (root,0,0,00:01:05/39-14:25:25,366) [jbd2/vda1-8] (root,0,0,00:00:00/39-14:25:25,367) [ext4-rsv-conver] (root,38604,7788,00:00:54/39-14:25:13,440) /usr/lib/systemd/systemd-journald (root,53164,9480,00:00:04/39-14:25:12,456) /usr/lib/systemd/systemd-udevd (root,8624,6716,00:00:59/39-14:25:10,491) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1628,00:00:19/39-14:24:36,512) /sbin/auditd (messagebus,22936,5548,00:01:45/39-14:24:36,518) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8524,00:01:01/39-14:24:36,531) /usr/lib/systemd/systemd-logind (root,20556,5000,00:00:00/39-14:24:36,541) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31876,16108,00:00:03/39-14:24:35,626) /usr/sbin/wickedd --systemd --foreground (root,31896,16848,00:00:00/39-14:24:35,627) /usr/sbin/wickedd-nanny --systemd --foreground (root,548616,32972,00:00:44/39-14:24:21,1172) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26404,00:00:00/39-14:24:21,1185) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4576,00:03:45/39-14:24:20,1194) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1744,00:00:00/39-14:24:20,1197) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40568,10524,00:00:00/39-14:24:20,1199) /usr/lib/systemd/systemd --user (cm-ssh,40568,10520,00:00:00/39-14:24:20,1200) /usr/lib/systemd/systemd --user (checkmk,40560,10484,00:00:00/39-14:24:20,1201) /usr/lib/systemd/systemd --user (root,448968,8396,00:00:50/39-14:24:20,1202) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6052,00:05:23/39-14:24:20,1204) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,672,00:00:00/39-14:24:20,1206) bpfilter_umh (root,26204,8212,00:00:16/39-14:24:20,1214) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4188,00:00:00/39-14:24:20,1215) ntpd: asynchronous dns resolver (spot,299968,183228,2-02:57:22/39-14:24:20,1221) /usr/bin/python3.11 /usr/bin/spot (cm-ssh,48532,3192,00:00:00/39-14:24:19,1228) (sd-pam) (checkmk,48532,3192,00:00:00/39-14:24:19,1229) (sd-pam) (syslogtunnel,48532,3192,00:00:00/39-14:24:19,1245) (sd-pam) (root,24216,5344,00:00:13/39-14:24:18,1325) /usr/lib/postfix/bin//master -w (postfix,24292,8260,00:00:02/39-14:24:18,1327) qmgr -l -t fifo -u (root,8964,2668,00:00:05/39-14:24:17,1354) /usr/sbin/cron -n (root,698484,82652,00:51:44/39-14:24:11,1375) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,225728,66924,00:17:03/39-14:23:57,1380) /usr/bin/python3.11 /usr/bin/spot (root,0,0,00:00:00/01:48:19,2674) [kworker/0:2-events] (root,0,0,00:00:00/08:17,5167) [kworker/1:0-ata_sff] (root,0,0,00:00:00/29:00,5528) [kworker/1:2-events] (postfix,24244,8212,00:00:00/01:32:54,5634) pickup -l -t fifo -u (root,0,0,00:00:00/01:22:35,9266) [kworker/u8:0-ext4-rsv-conversion] (root,0,0,00:00:00/13:48,12385) [kworker/0:0] (root,0,0,00:00:00/25:49,12533) [kworker/3:0-cgroup_destroy] (root,0,0,00:00:00/01:56:21,15256) [kworker/u8:2-flush-253:0] (root,35308,10012,00:00:00/33-12:15:13,15389) sshd: cm-ssh [priv] (cm-ssh,35308,5508,00:01:51/33-12:15:12,15391) sshd: cm-ssh (root,6656,3488,00:00:00/00:01,16272) /bin/bash /usr/bin/check_mk_agent (root,13744,3488,00:00:00/00:00,16290) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,952,00:00:00/00:00,16291) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,35308,10072,00:00:00/23-13:43:51,16975) sshd: syslogtunnel [priv] (syslogtunnel,35308,5588,00:01:22/23-13:43:50,16977) sshd: syslogtunnel (root,0,0,00:00:00/03:23,18644) [kworker/3:1-mm_percpu_wq] (root,0,0,00:00:00/33:49,19043) [kworker/3:2-events] (root,0,0,00:00:00/03:04,22559) [kworker/1:1-ata_sff] (root,0,0,00:00:00/01:11,24965) [kworker/2:0-events] (root,0,0,00:00:00/31:49,28762) [kworker/2:1-events] (root,0,0,00:00:00/09:42,29419) [kworker/2:2-events] (postfix,44628,9272,00:00:01/33-19:00:58,30472) tlsmgr -l -t unix -u Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-12-22 00:47 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe5683630431e0bdFound public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189460,12576,00:01:26/37-14:35:01,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:01/37-14:35:01,2) [kthreadd] (root,0,0,00:00:00/37-14:35:01,3) [rcu_gp] (root,0,0,00:00:00/37-14:35:01,4) [rcu_par_gp] (root,0,0,00:00:00/37-14:35:01,5) [slub_flushwq] (root,0,0,00:00:00/37-14:35:01,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/37-14:35:01,9) [mm_percpu_wq] (root,0,0,00:00:00/37-14:35:01,10) [rcu_tasks_kthre] (root,0,0,00:00:00/37-14:35:01,11) [rcu_tasks_rude_] (root,0,0,00:00:00/37-14:35:01,12) [rcu_tasks_trace] (root,0,0,00:01:09/37-14:35:01,13) [ksoftirqd/0] (root,0,0,01:39:46/37-14:35:01,14) [rcu_preempt] (root,0,0,00:00:14/37-14:35:01,15) [migration/0] (root,0,0,00:00:00/37-14:35:01,16) [idle_inject/0] (root,0,0,00:00:00/37-14:35:01,18) [cpuhp/0] (root,0,0,00:00:00/37-14:35:01,19) [cpuhp/1] (root,0,0,00:00:00/37-14:35:01,20) [idle_inject/1] (root,0,0,00:00:14/37-14:35:01,21) [migration/1] (root,0,0,00:01:01/37-14:35:01,22) [ksoftirqd/1] (root,0,0,00:00:00/37-14:35:01,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/37-14:35:01,25) [cpuhp/2] (root,0,0,00:00:00/37-14:35:01,26) [idle_inject/2] (root,0,0,00:00:11/37-14:35:01,27) [migration/2] (root,0,0,01:10:43/37-14:35:01,28) [ksoftirqd/2] (root,0,0,00:00:00/37-14:35:01,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/37-14:35:01,31) [cpuhp/3] (root,0,0,00:00:00/37-14:35:01,32) [idle_inject/3] (root,0,0,00:00:14/37-14:35:01,33) [migration/3] (root,0,0,00:03:20/37-14:35:01,34) [ksoftirqd/3] (root,0,0,00:00:00/37-14:35:01,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/37-14:35:01,39) [kdevtmpfs] (root,0,0,00:00:00/37-14:35:01,40) [netns] (root,0,0,00:00:00/37-14:35:01,41) [inet_frag_wq] (root,0,0,00:00:08/37-14:35:01,42) [kauditd] (root,0,0,00:00:00/37-14:35:01,43) [khungtaskd] (root,0,0,00:00:00/37-14:35:01,44) [oom_reaper] (root,0,0,00:00:00/37-14:35:01,45) [writeback] (root,0,0,00:01:50/37-14:35:01,46) [kcompactd0] (root,0,0,00:00:00/37-14:35:01,47) [ksmd] (root,0,0,00:01:50/37-14:35:01,48) [khugepaged] (root,0,0,00:00:00/37-14:35:01,74) [kintegrityd] (root,0,0,00:00:00/37-14:35:01,75) [kblockd] (root,0,0,00:00:00/37-14:35:01,76) [blkcg_punt_bio] (root,0,0,00:00:00/37-14:35:01,78) [tpm_dev_wq] (root,0,0,00:00:00/37-14:35:01,79) [edac-poller] (root,0,0,00:00:00/37-14:35:01,80) [devfreq_wq] (root,0,0,00:00:00/37-14:35:01,110) [watchdogd] (root,0,0,00:00:07/37-14:35:01,111) [kworker/2:1H-kblockd] (root,0,0,00:00:02/37-14:35:01,112) [kswapd0] (root,0,0,00:00:00/37-14:35:00,114) [kthrotld] (root,0,0,00:00:00/37-14:35:00,115) [mld] (root,0,0,00:00:00/37-14:35:00,116) [ipv6_addrconf] (root,0,0,00:00:16/37-14:35:00,117) [kworker/1:1H-kblockd] (root,0,0,00:00:00/37-14:35:00,122) [kstrp] (root,0,0,00:00:00/37-14:35:00,123) [zswap-shrink] (root,0,0,00:00:00/37-14:35:00,124) [kworker/u9:0] (root,0,0,00:00:00/37-14:35:00,129) [charger_manager] (root,0,0,00:00:08/37-14:34:59,172) [kworker/3:1H-kblockd] (root,0,0,00:00:08/37-14:34:59,175) [kworker/0:1H-kblockd] (root,0,0,00:00:00/37-14:34:59,205) [kaluad] (root,0,0,00:00:00/37-14:34:59,250) [kmpath_rdacd] (root,0,0,00:00:00/37-14:34:59,293) [kmpathd] (root,0,0,00:00:00/37-14:34:59,294) [kmpath_handlerd] (root,0,0,00:00:00/37-14:34:59,342) [ata_sff] (root,0,0,00:00:00/37-14:34:58,343) [scsi_eh_0] (root,0,0,00:00:00/37-14:34:58,344) [scsi_tmf_0] (root,0,0,00:00:00/37-14:34:58,345) [scsi_eh_1] (root,0,0,00:00:00/37-14:34:58,346) [scsi_tmf_1] (root,0,0,00:01:01/37-14:34:56,366) [jbd2/vda1-8] (root,0,0,00:00:00/37-14:34:56,367) [ext4-rsv-conver] (root,38604,7788,00:00:49/37-14:34:44,440) /usr/lib/systemd/systemd-journald (root,53164,9480,00:00:04/37-14:34:43,456) /usr/lib/systemd/systemd-udevd (root,8624,6716,00:00:56/37-14:34:41,491) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1628,00:00:17/37-14:34:07,512) /sbin/auditd (messagebus,22936,5548,00:01:33/37-14:34:07,518) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8524,00:00:54/37-14:34:07,531) /usr/lib/systemd/systemd-logind (root,20556,5000,00:00:00/37-14:34:07,541) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31876,16108,00:00:03/37-14:34:06,626) /usr/sbin/wickedd --systemd --foreground (root,31896,16848,00:00:00/37-14:34:06,627) /usr/sbin/wickedd-nanny --systemd --foreground (root,0,0,00:00:00/05:47,758) [kworker/0:0] (root,548616,32972,00:00:42/37-14:33:52,1172) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26404,00:00:00/37-14:33:52,1185) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4576,00:03:32/37-14:33:51,1194) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1744,00:00:00/37-14:33:51,1197) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40568,10524,00:00:00/37-14:33:51,1199) /usr/lib/systemd/systemd --user (cm-ssh,40568,10520,00:00:00/37-14:33:51,1200) /usr/lib/systemd/systemd --user (checkmk,40560,10484,00:00:00/37-14:33:51,1201) /usr/lib/systemd/systemd --user (root,448968,8396,00:00:46/37-14:33:51,1202) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6052,00:05:06/37-14:33:51,1204) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,672,00:00:00/37-14:33:51,1206) bpfilter_umh (root,26204,8212,00:00:14/37-14:33:51,1214) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4188,00:00:00/37-14:33:51,1215) ntpd: asynchronous dns resolver (spot,296272,182112,1-23:15:59/37-14:33:51,1221) /usr/bin/python3.11 /usr/bin/spot (cm-ssh,48532,3192,00:00:00/37-14:33:50,1228) (sd-pam) (checkmk,48532,3192,00:00:00/37-14:33:50,1229) (sd-pam) (syslogtunnel,48532,3192,00:00:00/37-14:33:50,1245) (sd-pam) (root,24216,5344,00:00:12/37-14:33:49,1325) /usr/lib/postfix/bin//master -w (postfix,24292,8260,00:00:02/37-14:33:49,1327) qmgr -l -t fifo -u (root,8964,2668,00:00:05/37-14:33:48,1354) /usr/sbin/cron -n (root,698484,82412,00:49:07/37-14:33:42,1375) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,224704,66048,00:16:09/37-14:33:28,1380) /usr/bin/python3.11 /usr/bin/spot (postfix,24244,8276,00:00:00/24:18,2990) pickup -l -t fifo -u (root,0,0,00:00:00/24:18,2994) [kworker/3:0-events] (root,0,0,00:00:00/22:11,8515) [kworker/2:0] (root,0,0,00:00:00/11:57,13120) [kworker/3:2-events] (root,0,0,00:00:00/02:31,14638) [kworker/1:2-ata_sff] (root,35308,10012,00:00:00/31-12:24:44,15389) sshd: cm-ssh [priv] (cm-ssh,35308,5508,00:01:44/31-12:24:43,15391) sshd: cm-ssh (root,0,0,00:00:00/41:43,16397) [kworker/u8:0-ext4-rsv-conversion] (root,35308,10072,00:00:00/21-13:53:22,16975) sshd: syslogtunnel [priv] (syslogtunnel,35308,5588,00:01:14/21-13:53:21,16977) sshd: syslogtunnel (root,0,0,00:00:00/02:17:03,17446) [kworker/0:2-events] (root,0,0,00:00:01/01:25:33,21022) [kworker/1:1-events] (root,6656,3488,00:00:00/00:00,22682) /bin/bash /usr/bin/check_mk_agent (root,13744,3380,00:00:00/00:00,22700) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,22701) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:00/17:41,24350) [kworker/u8:1-writeback] (root,0,0,00:00:00/07:44,27455) [kworker/1:0-ata_sff] (postfix,44628,9272,00:00:01/31-19:10:29,30472) tlsmgr -l -t unix -u (root,0,0,00:00:02/02:21:03,32596) [kworker/2:1-events] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-12-20 00:57 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe56836312556081Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189460,12576,00:01:22/35-15:20:22,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/35-15:20:22,2) [kthreadd] (root,0,0,00:00:00/35-15:20:22,3) [rcu_gp] (root,0,0,00:00:00/35-15:20:22,4) [rcu_par_gp] (root,0,0,00:00:00/35-15:20:22,5) [slub_flushwq] (root,0,0,00:00:00/35-15:20:22,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/35-15:20:22,9) [mm_percpu_wq] (root,0,0,00:00:00/35-15:20:22,10) [rcu_tasks_kthre] (root,0,0,00:00:00/35-15:20:22,11) [rcu_tasks_rude_] (root,0,0,00:00:00/35-15:20:22,12) [rcu_tasks_trace] (root,0,0,00:01:05/35-15:20:22,13) [ksoftirqd/0] (root,0,0,01:34:30/35-15:20:22,14) [rcu_preempt] (root,0,0,00:00:13/35-15:20:22,15) [migration/0] (root,0,0,00:00:00/35-15:20:22,16) [idle_inject/0] (root,0,0,00:00:00/35-15:20:22,18) [cpuhp/0] (root,0,0,00:00:00/35-15:20:22,19) [cpuhp/1] (root,0,0,00:00:00/35-15:20:22,20) [idle_inject/1] (root,0,0,00:00:14/35-15:20:22,21) [migration/1] (root,0,0,00:00:57/35-15:20:22,22) [ksoftirqd/1] (root,0,0,00:00:00/35-15:20:22,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/35-15:20:22,25) [cpuhp/2] (root,0,0,00:00:00/35-15:20:22,26) [idle_inject/2] (root,0,0,00:00:11/35-15:20:22,27) [migration/2] (root,0,0,01:07:42/35-15:20:22,28) [ksoftirqd/2] (root,0,0,00:00:00/35-15:20:22,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/35-15:20:22,31) [cpuhp/3] (root,0,0,00:00:00/35-15:20:22,32) [idle_inject/3] (root,0,0,00:00:13/35-15:20:22,33) [migration/3] (root,0,0,00:03:11/35-15:20:22,34) [ksoftirqd/3] (root,0,0,00:00:00/35-15:20:22,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/35-15:20:22,39) [kdevtmpfs] (root,0,0,00:00:00/35-15:20:22,40) [netns] (root,0,0,00:00:00/35-15:20:22,41) [inet_frag_wq] (root,0,0,00:00:07/35-15:20:22,42) [kauditd] (root,0,0,00:00:00/35-15:20:22,43) [khungtaskd] (root,0,0,00:00:00/35-15:20:22,44) [oom_reaper] (root,0,0,00:00:00/35-15:20:22,45) [writeback] (root,0,0,00:01:45/35-15:20:22,46) [kcompactd0] (root,0,0,00:00:00/35-15:20:22,47) [ksmd] (root,0,0,00:01:43/35-15:20:22,48) [khugepaged] (root,0,0,00:00:00/35-15:20:22,74) [kintegrityd] (root,0,0,00:00:00/35-15:20:22,75) [kblockd] (root,0,0,00:00:00/35-15:20:22,76) [blkcg_punt_bio] (root,0,0,00:00:00/35-15:20:22,78) [tpm_dev_wq] (root,0,0,00:00:00/35-15:20:22,79) [edac-poller] (root,0,0,00:00:00/35-15:20:22,80) [devfreq_wq] (root,0,0,00:00:00/35-15:20:22,110) [watchdogd] (root,0,0,00:00:07/35-15:20:22,111) [kworker/2:1H-kblockd] (root,0,0,00:00:02/35-15:20:22,112) [kswapd0] (root,0,0,00:00:00/35-15:20:21,114) [kthrotld] (root,0,0,00:00:00/35-15:20:21,115) [mld] (root,0,0,00:00:00/35-15:20:21,116) [ipv6_addrconf] (root,0,0,00:00:15/35-15:20:21,117) [kworker/1:1H-kblockd] (root,0,0,00:00:00/35-15:20:21,122) [kstrp] (root,0,0,00:00:00/35-15:20:21,123) [zswap-shrink] (root,0,0,00:00:00/35-15:20:21,124) [kworker/u9:0] (root,0,0,00:00:00/35-15:20:21,129) [charger_manager] (root,0,0,00:00:07/35-15:20:20,172) [kworker/3:1H-kblockd] (root,0,0,00:00:08/35-15:20:20,175) [kworker/0:1H-kblockd] (root,0,0,00:00:00/35-15:20:20,205) [kaluad] (root,0,0,00:00:00/35-15:20:20,250) [kmpath_rdacd] (root,0,0,00:00:00/35-15:20:20,293) [kmpathd] (root,0,0,00:00:00/35-15:20:20,294) [kmpath_handlerd] (root,0,0,00:00:00/35-15:20:20,342) [ata_sff] (root,0,0,00:00:00/35-15:20:19,343) [scsi_eh_0] (root,0,0,00:00:00/35-15:20:19,344) [scsi_tmf_0] (root,0,0,00:00:00/35-15:20:19,345) [scsi_eh_1] (root,0,0,00:00:00/35-15:20:19,346) [scsi_tmf_1] (root,0,0,00:00:58/35-15:20:17,366) [jbd2/vda1-8] (root,0,0,00:00:00/35-15:20:17,367) [ext4-rsv-conver] (root,38604,7788,00:00:46/35-15:20:05,440) /usr/lib/systemd/systemd-journald (root,53164,9480,00:00:04/35-15:20:04,456) /usr/lib/systemd/systemd-udevd (root,8624,6716,00:00:53/35-15:20:02,491) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1628,00:00:16/35-15:19:28,512) /sbin/auditd (messagebus,22936,5548,00:01:28/35-15:19:28,518) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8524,00:00:51/35-15:19:28,531) /usr/lib/systemd/systemd-logind (root,20556,5000,00:00:00/35-15:19:28,541) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31876,16108,00:00:03/35-15:19:27,626) /usr/sbin/wickedd --systemd --foreground (root,31896,16848,00:00:00/35-15:19:27,627) /usr/sbin/wickedd-nanny --systemd --foreground (root,548616,32960,00:00:40/35-15:19:13,1172) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26404,00:00:00/35-15:19:13,1185) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4576,00:03:21/35-15:19:12,1194) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1744,00:00:00/35-15:19:12,1197) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40568,10524,00:00:00/35-15:19:12,1199) /usr/lib/systemd/systemd --user (cm-ssh,40568,10520,00:00:00/35-15:19:12,1200) /usr/lib/systemd/systemd --user (checkmk,40560,10484,00:00:00/35-15:19:12,1201) /usr/lib/systemd/systemd --user (root,448968,8396,00:00:44/35-15:19:12,1202) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6052,00:04:50/35-15:19:12,1204) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,672,00:00:00/35-15:19:12,1206) bpfilter_umh (root,26204,8212,00:00:13/35-15:19:12,1214) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4188,00:00:00/35-15:19:12,1215) ntpd: asynchronous dns resolver (spot,293944,180120,1-20:13:19/35-15:19:12,1221) /usr/bin/python3.11 /usr/bin/spot (cm-ssh,48532,3192,00:00:00/35-15:19:11,1228) (sd-pam) (checkmk,48532,3192,00:00:00/35-15:19:11,1229) (sd-pam) (syslogtunnel,48532,3192,00:00:00/35-15:19:11,1245) (sd-pam) (root,24216,5344,00:00:11/35-15:19:10,1325) /usr/lib/postfix/bin//master -w (postfix,24292,8260,00:00:02/35-15:19:10,1327) qmgr -l -t fifo -u (root,8964,2668,00:00:04/35-15:19:09,1354) /usr/sbin/cron -n (root,698228,81996,00:46:34/35-15:19:03,1375) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,223680,64164,00:15:16/35-15:18:49,1380) /usr/bin/python3.11 /usr/bin/spot (root,0,0,00:00:00/05:51,4297) [kworker/1:2-events] (root,0,0,00:00:00/01:02:56,7081) [kworker/1:1-ata_sff] (root,0,0,00:00:00/01:12:04,10630) [kworker/u8:2-ext4-rsv-conversion] (root,35308,10012,00:00:00/29-13:10:05,15389) sshd: cm-ssh [priv] (cm-ssh,35308,5508,00:01:38/29-13:10:04,15391) sshd: cm-ssh (root,0,0,00:00:00/04:55:38,15974) [kworker/u8:1-flush-253:0] (postfix,24244,8228,00:00:00/01:31:30,16513) pickup -l -t fifo -u (root,35308,10072,00:00:00/19-14:38:43,16975) sshd: syslogtunnel [priv] (syslogtunnel,35308,5588,00:01:07/19-14:38:42,16977) sshd: syslogtunnel (root,0,0,00:00:00/57:03,19051) [kworker/0:0-events] (root,0,0,00:00:00/00:49,20339) [kworker/3:2-events] (root,0,0,00:00:00/00:40,20978) [kworker/1:0-ata_sff] (root,6656,3488,00:00:00/00:00,21789) /bin/bash /usr/bin/check_mk_agent (root,6656,1824,00:00:00/00:00,21830) /bin/bash /usr/bin/check_mk_agent (root,6656,2016,00:00:00/00:00,21831) /bin/bash /usr/bin/check_mk_agent (root,4480,1192,00:00:00/00:00,21832) awk /:/ { c[$4]++; } END { for (x in c) { print x, c[x]; } } (root,2728,860,00:00:00/00:00,21833) timeout 5 cat /proc/net/tcp /proc/net/tcp6 (root,2676,1356,00:00:00/00:00,21834) cat /proc/net/tcp /proc/net/tcp6 (root,6656,3484,00:00:00/00:00,21835) /bin/bash /usr/bin/check_mk_agent (root,13744,3368,00:00:00/00:00,21853) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,952,00:00:00/00:00,21854) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:00/02:13:55,25943) [kworker/3:1-cgroup_destroy] (root,0,0,00:00:00/08:35,27958) [kworker/2:0-events] (root,0,0,00:00:00/02:42:24,29889) [kworker/3:0-events] (postfix,44628,9272,00:00:01/29-19:55:50,30472) tlsmgr -l -t unix -u (root,0,0,00:00:00/01:50:53,31877) [kworker/0:1-events] (root,0,0,00:00:00/33:50,32365) [kworker/2:1-events] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-12-18 01:42 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363250f812eFound public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189460,12576,00:01:22/35-10:26:25,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/35-10:26:25,2) [kthreadd] (root,0,0,00:00:00/35-10:26:25,3) [rcu_gp] (root,0,0,00:00:00/35-10:26:25,4) [rcu_par_gp] (root,0,0,00:00:00/35-10:26:25,5) [slub_flushwq] (root,0,0,00:00:00/35-10:26:25,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/35-10:26:25,9) [mm_percpu_wq] (root,0,0,00:00:00/35-10:26:25,10) [rcu_tasks_kthre] (root,0,0,00:00:00/35-10:26:25,11) [rcu_tasks_rude_] (root,0,0,00:00:00/35-10:26:25,12) [rcu_tasks_trace] (root,0,0,00:01:04/35-10:26:25,13) [ksoftirqd/0] (root,0,0,01:33:57/35-10:26:25,14) [rcu_preempt] (root,0,0,00:00:13/35-10:26:25,15) [migration/0] (root,0,0,00:00:00/35-10:26:25,16) [idle_inject/0] (root,0,0,00:00:00/35-10:26:25,18) [cpuhp/0] (root,0,0,00:00:00/35-10:26:25,19) [cpuhp/1] (root,0,0,00:00:00/35-10:26:25,20) [idle_inject/1] (root,0,0,00:00:13/35-10:26:25,21) [migration/1] (root,0,0,00:00:56/35-10:26:25,22) [ksoftirqd/1] (root,0,0,00:00:00/35-10:26:25,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/35-10:26:25,25) [cpuhp/2] (root,0,0,00:00:00/35-10:26:25,26) [idle_inject/2] (root,0,0,00:00:11/35-10:26:25,27) [migration/2] (root,0,0,01:07:22/35-10:26:25,28) [ksoftirqd/2] (root,0,0,00:00:00/35-10:26:25,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/35-10:26:25,31) [cpuhp/3] (root,0,0,00:00:00/35-10:26:25,32) [idle_inject/3] (root,0,0,00:00:13/35-10:26:25,33) [migration/3] (root,0,0,00:03:09/35-10:26:25,34) [ksoftirqd/3] (root,0,0,00:00:00/35-10:26:25,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/35-10:26:25,39) [kdevtmpfs] (root,0,0,00:00:00/35-10:26:25,40) [netns] (root,0,0,00:00:00/35-10:26:25,41) [inet_frag_wq] (root,0,0,00:00:07/35-10:26:25,42) [kauditd] (root,0,0,00:00:00/35-10:26:25,43) [khungtaskd] (root,0,0,00:00:00/35-10:26:25,44) [oom_reaper] (root,0,0,00:00:00/35-10:26:25,45) [writeback] (root,0,0,00:01:44/35-10:26:25,46) [kcompactd0] (root,0,0,00:00:00/35-10:26:25,47) [ksmd] (root,0,0,00:01:43/35-10:26:25,48) [khugepaged] (root,0,0,00:00:00/35-10:26:25,74) [kintegrityd] (root,0,0,00:00:00/35-10:26:25,75) [kblockd] (root,0,0,00:00:00/35-10:26:25,76) [blkcg_punt_bio] (root,0,0,00:00:00/35-10:26:25,78) [tpm_dev_wq] (root,0,0,00:00:00/35-10:26:25,79) [edac-poller] (root,0,0,00:00:00/35-10:26:25,80) [devfreq_wq] (root,0,0,00:00:00/35-10:26:25,110) [watchdogd] (root,0,0,00:00:07/35-10:26:25,111) [kworker/2:1H-kblockd] (root,0,0,00:00:02/35-10:26:25,112) [kswapd0] (root,0,0,00:00:00/35-10:26:24,114) [kthrotld] (root,0,0,00:00:00/35-10:26:24,115) [mld] (root,0,0,00:00:00/35-10:26:24,116) [ipv6_addrconf] (root,0,0,00:00:15/35-10:26:24,117) [kworker/1:1H-kblockd] (root,0,0,00:00:00/35-10:26:24,122) [kstrp] (root,0,0,00:00:00/35-10:26:24,123) [zswap-shrink] (root,0,0,00:00:00/35-10:26:24,124) [kworker/u9:0] (root,0,0,00:00:00/35-10:26:24,129) [charger_manager] (root,0,0,00:00:07/35-10:26:23,172) [kworker/3:1H-kblockd] (root,0,0,00:00:08/35-10:26:23,175) [kworker/0:1H-kblockd] (root,0,0,00:00:00/35-10:26:23,205) [kaluad] (root,0,0,00:00:00/35-10:26:23,250) [kmpath_rdacd] (root,0,0,00:00:00/35-10:26:23,293) [kmpathd] (root,0,0,00:00:00/35-10:26:23,294) [kmpath_handlerd] (root,0,0,00:00:00/35-10:26:23,342) [ata_sff] (root,0,0,00:00:00/35-10:26:22,343) [scsi_eh_0] (root,0,0,00:00:00/35-10:26:22,344) [scsi_tmf_0] (root,0,0,00:00:00/35-10:26:22,345) [scsi_eh_1] (root,0,0,00:00:00/35-10:26:22,346) [scsi_tmf_1] (root,0,0,00:00:57/35-10:26:20,366) [jbd2/vda1-8] (root,0,0,00:00:00/35-10:26:20,367) [ext4-rsv-conver] (root,38604,7788,00:00:46/35-10:26:08,440) /usr/lib/systemd/systemd-journald (root,53164,9480,00:00:04/35-10:26:07,456) /usr/lib/systemd/systemd-udevd (root,8624,6716,00:00:53/35-10:26:05,491) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1628,00:00:16/35-10:25:31,512) /sbin/auditd (messagebus,22936,5548,00:01:28/35-10:25:31,518) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8524,00:00:51/35-10:25:31,531) /usr/lib/systemd/systemd-logind (root,20556,5000,00:00:00/35-10:25:31,541) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31876,16108,00:00:03/35-10:25:30,626) /usr/sbin/wickedd --systemd --foreground (root,31896,16848,00:00:00/35-10:25:30,627) /usr/sbin/wickedd-nanny --systemd --foreground (root,548616,32960,00:00:40/35-10:25:16,1172) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26404,00:00:00/35-10:25:16,1185) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4576,00:03:17/35-10:25:15,1194) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1744,00:00:00/35-10:25:15,1197) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40568,10524,00:00:00/35-10:25:15,1199) /usr/lib/systemd/systemd --user (cm-ssh,40568,10520,00:00:00/35-10:25:15,1200) /usr/lib/systemd/systemd --user (checkmk,40560,10484,00:00:00/35-10:25:15,1201) /usr/lib/systemd/systemd --user (root,448968,8396,00:00:44/35-10:25:15,1202) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6052,00:04:49/35-10:25:15,1204) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,672,00:00:00/35-10:25:15,1206) bpfilter_umh (root,26204,8212,00:00:13/35-10:25:15,1214) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4188,00:00:00/35-10:25:15,1215) ntpd: asynchronous dns resolver (spot,293432,179992,1-19:58:01/35-10:25:15,1221) /usr/bin/python3.11 /usr/bin/spot (cm-ssh,48532,3192,00:00:00/35-10:25:14,1228) (sd-pam) (checkmk,48532,3192,00:00:00/35-10:25:14,1229) (sd-pam) (syslogtunnel,48532,3192,00:00:00/35-10:25:14,1245) (sd-pam) (root,24216,5344,00:00:11/35-10:25:13,1325) /usr/lib/postfix/bin//master -w (postfix,24292,8260,00:00:02/35-10:25:13,1327) qmgr -l -t fifo -u (root,8964,2668,00:00:04/35-10:25:12,1354) /usr/sbin/cron -n (root,698228,81996,00:46:19/35-10:25:06,1375) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,223680,63888,00:15:12/35-10:24:52,1380) /usr/bin/python3.11 /usr/bin/spot (root,0,0,00:00:00/02:48:03,1553) [kworker/u8:2-ext4-rsv-conversion] (root,0,0,00:00:00/07:39,3748) [kworker/1:1-ata_sff] (root,0,0,00:00:01/01:46:35,4663) [kworker/2:0-events] (root,0,0,00:00:00/01:38:47,7712) [kworker/0:0-events] (postfix,24244,8116,00:00:00/01:37:45,8514) pickup -l -t fifo -u (root,0,0,00:00:00/02:26,14058) [kworker/1:0-ata_sff] (root,35308,10012,00:00:00/29-08:16:08,15389) sshd: cm-ssh [priv] (cm-ssh,35308,5508,00:01:37/29-08:16:07,15391) sshd: cm-ssh (root,0,0,00:00:00/03:55:59,15570) [kworker/3:2-events] (root,0,0,00:00:00/01:41,15974) [kworker/u8:1-writeback] (root,0,0,00:00:02/05:05:17,16785) [kworker/1:2-events] (root,35308,10072,00:00:00/19-09:44:46,16975) sshd: syslogtunnel [priv] (syslogtunnel,35308,5588,00:01:07/19-09:44:45,16977) sshd: syslogtunnel (root,0,0,00:00:04/06:57:30,17319) [kworker/2:1-cgroup_destroy] (root,0,0,00:00:00/00:53,18176) [kworker/2:2] (root,0,0,00:00:00/33:04,18769) [kworker/u8:0] (root,0,0,00:00:00/02:09:33,18986) [kworker/0:2-events] (root,6656,3480,00:00:00/00:00,19978) /bin/bash /usr/bin/check_mk_agent (root,13744,3368,00:00:00/00:00,19996) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,960,00:00:00/00:00,19997) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:00/03:03:06,23549) [kworker/3:1] (postfix,44628,9272,00:00:01/29-15:01:53,30472) tlsmgr -l -t unix -u Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-12-17 20:48 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363f94835c8Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189460,12576,00:01:18/33-12:56:07,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/33-12:56:07,2) [kthreadd] (root,0,0,00:00:00/33-12:56:07,3) [rcu_gp] (root,0,0,00:00:00/33-12:56:07,4) [rcu_par_gp] (root,0,0,00:00:00/33-12:56:07,5) [slub_flushwq] (root,0,0,00:00:00/33-12:56:07,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/33-12:56:07,9) [mm_percpu_wq] (root,0,0,00:00:00/33-12:56:07,10) [rcu_tasks_kthre] (root,0,0,00:00:00/33-12:56:07,11) [rcu_tasks_rude_] (root,0,0,00:00:00/33-12:56:07,12) [rcu_tasks_trace] (root,0,0,00:01:01/33-12:56:07,13) [ksoftirqd/0] (root,0,0,01:29:04/33-12:56:07,14) [rcu_preempt] (root,0,0,00:00:12/33-12:56:07,15) [migration/0] (root,0,0,00:00:00/33-12:56:07,16) [idle_inject/0] (root,0,0,00:00:00/33-12:56:07,18) [cpuhp/0] (root,0,0,00:00:00/33-12:56:07,19) [cpuhp/1] (root,0,0,00:00:00/33-12:56:07,20) [idle_inject/1] (root,0,0,00:00:13/33-12:56:07,21) [migration/1] (root,0,0,00:00:53/33-12:56:07,22) [ksoftirqd/1] (root,0,0,00:00:00/33-12:56:07,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/33-12:56:07,25) [cpuhp/2] (root,0,0,00:00:00/33-12:56:07,26) [idle_inject/2] (root,0,0,00:00:10/33-12:56:07,27) [migration/2] (root,0,0,01:04:48/33-12:56:07,28) [ksoftirqd/2] (root,0,0,00:00:00/33-12:56:07,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/33-12:56:07,31) [cpuhp/3] (root,0,0,00:00:00/33-12:56:07,32) [idle_inject/3] (root,0,0,00:00:12/33-12:56:07,33) [migration/3] (root,0,0,00:03:01/33-12:56:07,34) [ksoftirqd/3] (root,0,0,00:00:00/33-12:56:07,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/33-12:56:07,39) [kdevtmpfs] (root,0,0,00:00:00/33-12:56:07,40) [netns] (root,0,0,00:00:00/33-12:56:07,41) [inet_frag_wq] (root,0,0,00:00:07/33-12:56:07,42) [kauditd] (root,0,0,00:00:00/33-12:56:07,43) [khungtaskd] (root,0,0,00:00:00/33-12:56:07,44) [oom_reaper] (root,0,0,00:00:00/33-12:56:07,45) [writeback] (root,0,0,00:01:38/33-12:56:07,46) [kcompactd0] (root,0,0,00:00:00/33-12:56:07,47) [ksmd] (root,0,0,00:01:37/33-12:56:07,48) [khugepaged] (root,0,0,00:00:00/33-12:56:07,74) [kintegrityd] (root,0,0,00:00:00/33-12:56:07,75) [kblockd] (root,0,0,00:00:00/33-12:56:07,76) [blkcg_punt_bio] (root,0,0,00:00:00/33-12:56:07,78) [tpm_dev_wq] (root,0,0,00:00:00/33-12:56:07,79) [edac-poller] (root,0,0,00:00:00/33-12:56:07,80) [devfreq_wq] (root,0,0,00:00:00/33-12:56:07,110) [watchdogd] (root,0,0,00:00:07/33-12:56:07,111) [kworker/2:1H-kblockd] (root,0,0,00:00:02/33-12:56:07,112) [kswapd0] (root,0,0,00:00:00/33-12:56:06,114) [kthrotld] (root,0,0,00:00:00/33-12:56:06,115) [mld] (root,0,0,00:00:00/33-12:56:06,116) [ipv6_addrconf] (root,0,0,00:00:14/33-12:56:06,117) [kworker/1:1H-kblockd] (root,0,0,00:00:00/33-12:56:06,122) [kstrp] (root,0,0,00:00:00/33-12:56:06,123) [zswap-shrink] (root,0,0,00:00:00/33-12:56:06,124) [kworker/u9:0] (root,0,0,00:00:00/33-12:56:06,129) [charger_manager] (root,0,0,00:00:07/33-12:56:05,172) [kworker/3:1H-kblockd] (root,0,0,00:00:07/33-12:56:05,175) [kworker/0:1H-kblockd] (root,0,0,00:00:00/33-12:56:05,205) [kaluad] (root,0,0,00:00:00/33-12:56:05,250) [kmpath_rdacd] (root,0,0,00:00:00/33-12:56:05,293) [kmpathd] (root,0,0,00:00:00/33-12:56:05,294) [kmpath_handlerd] (root,0,0,00:00:00/33-12:56:05,342) [ata_sff] (root,0,0,00:00:00/33-12:56:04,343) [scsi_eh_0] (root,0,0,00:00:00/33-12:56:04,344) [scsi_tmf_0] (root,0,0,00:00:00/33-12:56:04,345) [scsi_eh_1] (root,0,0,00:00:00/33-12:56:04,346) [scsi_tmf_1] (root,0,0,00:00:54/33-12:56:02,366) [jbd2/vda1-8] (root,0,0,00:00:00/33-12:56:02,367) [ext4-rsv-conver] (root,38604,7788,00:00:44/33-12:55:50,440) /usr/lib/systemd/systemd-journald (root,53164,9480,00:00:03/33-12:55:49,456) /usr/lib/systemd/systemd-udevd (root,8624,6716,00:00:50/33-12:55:47,491) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1628,00:00:16/33-12:55:13,512) /sbin/auditd (messagebus,22936,5548,00:01:25/33-12:55:13,518) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8524,00:00:49/33-12:55:13,531) /usr/lib/systemd/systemd-logind (root,20556,5000,00:00:00/33-12:55:13,541) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31876,16108,00:00:03/33-12:55:12,626) /usr/sbin/wickedd --systemd --foreground (root,31896,16848,00:00:00/33-12:55:12,627) /usr/sbin/wickedd-nanny --systemd --foreground (root,0,0,00:00:00/01:47:46,727) [kworker/u8:2-ext4-rsv-conversion] (root,548360,32524,00:00:38/33-12:54:58,1172) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26404,00:00:00/33-12:54:58,1185) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4576,00:03:08/33-12:54:57,1194) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1744,00:00:00/33-12:54:57,1197) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40568,10524,00:00:00/33-12:54:57,1199) /usr/lib/systemd/systemd --user (cm-ssh,40568,10520,00:00:00/33-12:54:57,1200) /usr/lib/systemd/systemd --user (checkmk,40560,10484,00:00:00/33-12:54:57,1201) /usr/lib/systemd/systemd --user (root,448968,8444,00:00:42/33-12:54:57,1202) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6052,00:04:34/33-12:54:57,1204) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,672,00:00:00/33-12:54:57,1206) bpfilter_umh (root,26204,8212,00:00:13/33-12:54:57,1214) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4188,00:00:00/33-12:54:57,1215) ntpd: asynchronous dns resolver (spot,293272,179996,1-17:43:40/33-12:54:57,1221) /usr/bin/python3.11 /usr/bin/spot (cm-ssh,48532,3192,00:00:00/33-12:54:56,1228) (sd-pam) (checkmk,48532,3192,00:00:00/33-12:54:56,1229) (sd-pam) (syslogtunnel,48532,3192,00:00:00/33-12:54:56,1245) (sd-pam) (root,24216,5344,00:00:11/33-12:54:55,1325) /usr/lib/postfix/bin//master -w (postfix,24292,8260,00:00:02/33-12:54:55,1327) qmgr -l -t fifo -u (root,8964,2668,00:00:04/33-12:54:54,1354) /usr/sbin/cron -n (root,697972,81828,00:43:52/33-12:54:48,1375) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,222656,63272,00:14:25/33-12:54:34,1380) /usr/bin/python3.11 /usr/bin/spot (root,0,0,00:00:00/49:29,3524) [kworker/2:2-events] (root,0,0,00:00:00/03:06,3850) [kworker/1:1-ata_sff] (root,0,0,00:00:00/02:46,7073) [kworker/u8:1-writeback] (root,0,0,00:00:00/29:02,7957) [kworker/1:0-events] (root,6656,3488,00:00:00/00:00,11414) /bin/bash /usr/bin/check_mk_agent (root,6656,1824,00:00:00/00:00,11495) /bin/bash /usr/bin/check_mk_agent (root,6656,2016,00:00:00/00:00,11496) /bin/bash /usr/bin/check_mk_agent (root,4480,1152,00:00:00/00:00,11497) awk /:/ { c[$4]++; } END { for (x in c) { print x, c[x]; } } (root,2728,768,00:00:00/00:00,11498) timeout 5 cat /proc/net/tcp /proc/net/tcp6 (root,2680,656,00:00:00/00:00,11499) cat /proc/net/tcp /proc/net/tcp6 (root,6656,3480,00:00:00/00:00,11500) /bin/bash /usr/bin/check_mk_agent (root,6656,3476,00:00:00/00:00,11501) /bin/bash /usr/bin/check_mk_agent (root,13744,3416,00:00:00/00:00,11538) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,11539) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (postfix,24244,8272,00:00:00/01:08:10,13877) pickup -l -t fifo -u (root,0,0,00:00:00/18:09,14111) [kworker/u8:0-ext4-rsv-conversion] (root,35308,10012,00:00:00/27-10:45:50,15389) sshd: cm-ssh [priv] (cm-ssh,35308,5508,00:01:31/27-10:45:49,15391) sshd: cm-ssh (root,0,0,00:00:00/08:16,16673) [kworker/1:2-ata_sff] (root,35308,10072,00:00:00/17-12:14:28,16975) sshd: syslogtunnel [priv] (syslogtunnel,35308,5588,00:01:00/17-12:14:27,16977) sshd: syslogtunnel (root,0,0,00:00:00/01:26:24,18088) [kworker/3:2-cgroup_destroy] (root,0,0,00:00:00/19:48,19428) [kworker/0:2-events] (root,0,0,00:00:03/01:56:04,24863) [kworker/2:1-events] (root,0,0,00:00:01/02:18:22,29457) [kworker/3:0-events] (postfix,44628,9316,00:00:01/27-17:31:35,30472) tlsmgr -l -t unix -u (root,0,0,00:00:00/27:15,31017) [kworker/0:1-events] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-12-15 23:18 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363370d014fFound public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189460,12576,00:01:15/31-12:05:06,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/31-12:05:06,2) [kthreadd] (root,0,0,00:00:00/31-12:05:06,3) [rcu_gp] (root,0,0,00:00:00/31-12:05:06,4) [rcu_par_gp] (root,0,0,00:00:00/31-12:05:06,5) [slub_flushwq] (root,0,0,00:00:00/31-12:05:06,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/31-12:05:06,9) [mm_percpu_wq] (root,0,0,00:00:00/31-12:05:06,10) [rcu_tasks_kthre] (root,0,0,00:00:00/31-12:05:06,11) [rcu_tasks_rude_] (root,0,0,00:00:00/31-12:05:06,12) [rcu_tasks_trace] (root,0,0,00:00:57/31-12:05:06,13) [ksoftirqd/0] (root,0,0,01:23:45/31-12:05:06,14) [rcu_preempt] (root,0,0,00:00:11/31-12:05:06,15) [migration/0] (root,0,0,00:00:00/31-12:05:06,16) [idle_inject/0] (root,0,0,00:00:00/31-12:05:06,18) [cpuhp/0] (root,0,0,00:00:00/31-12:05:06,19) [cpuhp/1] (root,0,0,00:00:00/31-12:05:06,20) [idle_inject/1] (root,0,0,00:00:12/31-12:05:06,21) [migration/1] (root,0,0,00:00:50/31-12:05:06,22) [ksoftirqd/1] (root,0,0,00:00:00/31-12:05:06,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/31-12:05:06,25) [cpuhp/2] (root,0,0,00:00:00/31-12:05:06,26) [idle_inject/2] (root,0,0,00:00:09/31-12:05:06,27) [migration/2] (root,0,0,01:01:37/31-12:05:06,28) [ksoftirqd/2] (root,0,0,00:00:00/31-12:05:06,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/31-12:05:06,31) [cpuhp/3] (root,0,0,00:00:00/31-12:05:06,32) [idle_inject/3] (root,0,0,00:00:11/31-12:05:06,33) [migration/3] (root,0,0,00:02:50/31-12:05:06,34) [ksoftirqd/3] (root,0,0,00:00:00/31-12:05:06,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/31-12:05:06,39) [kdevtmpfs] (root,0,0,00:00:00/31-12:05:06,40) [netns] (root,0,0,00:00:00/31-12:05:06,41) [inet_frag_wq] (root,0,0,00:00:07/31-12:05:06,42) [kauditd] (root,0,0,00:00:00/31-12:05:06,43) [khungtaskd] (root,0,0,00:00:00/31-12:05:06,44) [oom_reaper] (root,0,0,00:00:00/31-12:05:06,45) [writeback] (root,0,0,00:01:32/31-12:05:06,46) [kcompactd0] (root,0,0,00:00:00/31-12:05:06,47) [ksmd] (root,0,0,00:01:31/31-12:05:06,48) [khugepaged] (root,0,0,00:00:00/31-12:05:06,74) [kintegrityd] (root,0,0,00:00:00/31-12:05:06,75) [kblockd] (root,0,0,00:00:00/31-12:05:06,76) [blkcg_punt_bio] (root,0,0,00:00:00/31-12:05:06,78) [tpm_dev_wq] (root,0,0,00:00:00/31-12:05:06,79) [edac-poller] (root,0,0,00:00:00/31-12:05:06,80) [devfreq_wq] (root,0,0,00:00:00/31-12:05:06,110) [watchdogd] (root,0,0,00:00:06/31-12:05:06,111) [kworker/2:1H-kblockd] (root,0,0,00:00:02/31-12:05:06,112) [kswapd0] (root,0,0,00:00:00/31-12:05:05,114) [kthrotld] (root,0,0,00:00:00/31-12:05:05,115) [mld] (root,0,0,00:00:00/31-12:05:05,116) [ipv6_addrconf] (root,0,0,00:00:13/31-12:05:05,117) [kworker/1:1H-kblockd] (root,0,0,00:00:00/31-12:05:05,122) [kstrp] (root,0,0,00:00:00/31-12:05:05,123) [zswap-shrink] (root,0,0,00:00:00/31-12:05:05,124) [kworker/u9:0] (root,0,0,00:00:00/31-12:05:05,129) [charger_manager] (root,0,0,00:00:07/31-12:05:04,172) [kworker/3:1H-kblockd] (root,0,0,00:00:07/31-12:05:04,175) [kworker/0:1H-kblockd] (root,0,0,00:00:00/31-12:05:04,205) [kaluad] (root,0,0,00:00:00/31-12:05:04,250) [kmpath_rdacd] (root,0,0,00:00:00/31-12:05:04,293) [kmpathd] (root,0,0,00:00:00/31-12:05:04,294) [kmpath_handlerd] (root,0,0,00:00:00/31-12:05:04,342) [ata_sff] (root,0,0,00:00:00/31-12:05:03,343) [scsi_eh_0] (root,0,0,00:00:00/31-12:05:03,344) [scsi_tmf_0] (root,0,0,00:00:00/31-12:05:03,345) [scsi_eh_1] (root,0,0,00:00:00/31-12:05:03,346) [scsi_tmf_1] (root,0,0,00:00:51/31-12:05:01,366) [jbd2/vda1-8] (root,0,0,00:00:00/31-12:05:01,367) [ext4-rsv-conver] (root,38604,7788,00:00:42/31-12:04:49,440) /usr/lib/systemd/systemd-journald (root,53164,9480,00:00:03/31-12:04:48,456) /usr/lib/systemd/systemd-udevd (root,8624,6716,00:00:47/31-12:04:46,491) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1628,00:00:15/31-12:04:12,512) /sbin/auditd (messagebus,22936,5548,00:01:21/31-12:04:12,518) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8524,00:00:47/31-12:04:12,531) /usr/lib/systemd/systemd-logind (root,20556,5000,00:00:00/31-12:04:12,541) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31876,16108,00:00:03/31-12:04:11,626) /usr/sbin/wickedd --systemd --foreground (root,31896,16848,00:00:00/31-12:04:11,627) /usr/sbin/wickedd-nanny --systemd --foreground (root,0,0,00:00:00/21:46,843) [kworker/u8:2] (root,548360,31484,00:00:35/31-12:03:57,1172) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26404,00:00:00/31-12:03:57,1185) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4576,00:02:54/31-12:03:56,1194) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1744,00:00:00/31-12:03:56,1197) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40568,10524,00:00:00/31-12:03:56,1199) /usr/lib/systemd/systemd --user (cm-ssh,40568,10520,00:00:00/31-12:03:56,1200) /usr/lib/systemd/systemd --user (checkmk,40560,10484,00:00:00/31-12:03:56,1201) /usr/lib/systemd/systemd --user (root,448968,8444,00:00:40/31-12:03:56,1202) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6052,00:04:17/31-12:03:56,1204) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,672,00:00:00/31-12:03:56,1206) bpfilter_umh (root,26204,8212,00:00:12/31-12:03:56,1214) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4188,00:00:00/31-12:03:56,1215) ntpd: asynchronous dns resolver (spot,286744,173792,1-15:24:54/31-12:03:56,1221) /usr/bin/python3.11 /usr/bin/spot (cm-ssh,48532,3192,00:00:00/31-12:03:55,1228) (sd-pam) (checkmk,48532,3192,00:00:00/31-12:03:55,1229) (sd-pam) (syslogtunnel,48532,3192,00:00:00/31-12:03:55,1245) (sd-pam) (root,24216,5344,00:00:10/31-12:03:54,1325) /usr/lib/postfix/bin//master -w (postfix,24292,8260,00:00:02/31-12:03:54,1327) qmgr -l -t fifo -u (root,8964,2668,00:00:04/31-12:03:53,1354) /usr/sbin/cron -n (root,697972,81512,00:41:12/31-12:03:47,1375) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,221632,61108,00:13:36/31-12:03:33,1380) /usr/bin/python3.11 /usr/bin/spot (root,0,0,00:00:00/13:19,3360) [kworker/3:2-cgroup_destroy] (root,0,0,00:00:00/03:26,4955) [kworker/1:2-events] (root,0,0,00:00:01/03:18:28,5886) [kworker/3:1-events] (root,0,0,00:00:01/02:55:57,8787) [kworker/0:2-events] (root,6764,3604,00:00:00/00:01,11329) /bin/bash /usr/bin/check_mk_agent (root,0,0,00:00:00/20:52,11542) [kworker/2:0-events] (root,15108,10464,00:00:00/00:00,11572) python ././remotecheck (root,6656,3480,00:00:00/00:00,11573) /bin/bash /usr/bin/check_mk_agent (root,13744,3516,00:00:00/00:00,11591) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,11592) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,6160,3020,00:00:00/00:00,11593) /bin/bash /services/monitoring/checks/enabled/check_gateway_sensornet (root,35308,10012,00:00:00/25-09:54:49,15389) sshd: cm-ssh [priv] (cm-ssh,35308,5508,00:01:24/25-09:54:48,15391) sshd: cm-ssh (root,0,0,00:00:00/31:44,16327) [kworker/u8:0-writeback] (root,35308,10072,00:00:00/15-11:23:27,16975) sshd: syslogtunnel [priv] (syslogtunnel,35308,5588,00:00:53/15-11:23:26,16977) sshd: syslogtunnel (root,0,0,00:00:00/08:37,21948) [kworker/1:0-ata_sff] (postfix,24244,8232,00:00:00/39:06,25164) pickup -l -t fifo -u (root,0,0,00:00:10/13:12:18,25226) [kworker/2:1-events] (root,0,0,00:00:01/01:05:43,27329) [kworker/1:1-ata_sff] (postfix,44628,9316,00:00:01/25-16:40:34,30472) tlsmgr -l -t unix -u (root,0,0,00:00:00/04:10:25,31966) [kworker/0:0-events] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-12-13 22:27 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363abd4a69fFound public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189460,12576,00:01:12/29-13:16:54,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/29-13:16:54,2) [kthreadd] (root,0,0,00:00:00/29-13:16:54,3) [rcu_gp] (root,0,0,00:00:00/29-13:16:54,4) [rcu_par_gp] (root,0,0,00:00:00/29-13:16:54,5) [slub_flushwq] (root,0,0,00:00:00/29-13:16:54,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/29-13:16:54,9) [mm_percpu_wq] (root,0,0,00:00:00/29-13:16:54,10) [rcu_tasks_kthre] (root,0,0,00:00:00/29-13:16:54,11) [rcu_tasks_rude_] (root,0,0,00:00:00/29-13:16:54,12) [rcu_tasks_trace] (root,0,0,00:00:53/29-13:16:54,13) [ksoftirqd/0] (root,0,0,01:18:43/29-13:16:54,14) [rcu_preempt] (root,0,0,00:00:11/29-13:16:54,15) [migration/0] (root,0,0,00:00:00/29-13:16:54,16) [idle_inject/0] (root,0,0,00:00:00/29-13:16:54,18) [cpuhp/0] (root,0,0,00:00:00/29-13:16:54,19) [cpuhp/1] (root,0,0,00:00:00/29-13:16:54,20) [idle_inject/1] (root,0,0,00:00:11/29-13:16:54,21) [migration/1] (root,0,0,00:00:46/29-13:16:54,22) [ksoftirqd/1] (root,0,0,00:00:00/29-13:16:54,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/29-13:16:54,25) [cpuhp/2] (root,0,0,00:00:00/29-13:16:54,26) [idle_inject/2] (root,0,0,00:00:09/29-13:16:54,27) [migration/2] (root,0,0,00:58:04/29-13:16:54,28) [ksoftirqd/2] (root,0,0,00:00:00/29-13:16:54,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/29-13:16:54,31) [cpuhp/3] (root,0,0,00:00:00/29-13:16:54,32) [idle_inject/3] (root,0,0,00:00:11/29-13:16:54,33) [migration/3] (root,0,0,00:02:40/29-13:16:54,34) [ksoftirqd/3] (root,0,0,00:00:00/29-13:16:54,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/29-13:16:54,39) [kdevtmpfs] (root,0,0,00:00:00/29-13:16:54,40) [netns] (root,0,0,00:00:00/29-13:16:54,41) [inet_frag_wq] (root,0,0,00:00:06/29-13:16:54,42) [kauditd] (root,0,0,00:00:00/29-13:16:54,43) [khungtaskd] (root,0,0,00:00:00/29-13:16:54,44) [oom_reaper] (root,0,0,00:00:00/29-13:16:54,45) [writeback] (root,0,0,00:01:26/29-13:16:54,46) [kcompactd0] (root,0,0,00:00:00/29-13:16:54,47) [ksmd] (root,0,0,00:01:25/29-13:16:54,48) [khugepaged] (root,0,0,00:00:00/29-13:16:54,74) [kintegrityd] (root,0,0,00:00:00/29-13:16:54,75) [kblockd] (root,0,0,00:00:00/29-13:16:54,76) [blkcg_punt_bio] (root,0,0,00:00:00/29-13:16:54,78) [tpm_dev_wq] (root,0,0,00:00:00/29-13:16:54,79) [edac-poller] (root,0,0,00:00:00/29-13:16:54,80) [devfreq_wq] (root,0,0,00:00:00/29-13:16:54,110) [watchdogd] (root,0,0,00:00:06/29-13:16:54,111) [kworker/2:1H-kblockd] (root,0,0,00:00:02/29-13:16:54,112) [kswapd0] (root,0,0,00:00:00/29-13:16:53,114) [kthrotld] (root,0,0,00:00:00/29-13:16:53,115) [mld] (root,0,0,00:00:00/29-13:16:53,116) [ipv6_addrconf] (root,0,0,00:00:12/29-13:16:53,117) [kworker/1:1H-kblockd] (root,0,0,00:00:00/29-13:16:53,122) [kstrp] (root,0,0,00:00:00/29-13:16:53,123) [zswap-shrink] (root,0,0,00:00:00/29-13:16:53,124) [kworker/u9:0] (root,0,0,00:00:00/29-13:16:53,129) [charger_manager] (root,0,0,00:00:06/29-13:16:52,172) [kworker/3:1H-kblockd] (root,0,0,00:00:06/29-13:16:52,175) [kworker/0:1H-kblockd] (root,0,0,00:00:00/29-13:16:52,205) [kaluad] (root,0,0,00:00:00/29-13:16:52,250) [kmpath_rdacd] (root,0,0,00:00:00/29-13:16:52,293) [kmpathd] (root,0,0,00:00:00/29-13:16:52,294) [kmpath_handlerd] (root,0,0,00:00:00/29-13:16:52,342) [ata_sff] (root,0,0,00:00:00/29-13:16:51,343) [scsi_eh_0] (root,0,0,00:00:00/29-13:16:51,344) [scsi_tmf_0] (root,0,0,00:00:00/29-13:16:51,345) [scsi_eh_1] (root,0,0,00:00:00/29-13:16:51,346) [scsi_tmf_1] (root,0,0,00:00:48/29-13:16:49,366) [jbd2/vda1-8] (root,0,0,00:00:00/29-13:16:49,367) [ext4-rsv-conver] (root,38604,7788,00:00:40/29-13:16:37,440) /usr/lib/systemd/systemd-journald (root,53164,9480,00:00:03/29-13:16:36,456) /usr/lib/systemd/systemd-udevd (root,8624,6716,00:00:44/29-13:16:34,491) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1628,00:00:14/29-13:16:00,512) /sbin/auditd (messagebus,22936,5548,00:01:18/29-13:16:00,518) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8524,00:00:45/29-13:16:00,531) /usr/lib/systemd/systemd-logind (root,20556,5000,00:00:00/29-13:16:00,541) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31876,16108,00:00:03/29-13:15:59,626) /usr/sbin/wickedd --systemd --foreground (root,31896,16848,00:00:00/29-13:15:59,627) /usr/sbin/wickedd-nanny --systemd --foreground (root,0,0,00:00:00/07:17,902) [kworker/1:2-ata_sff] (root,548360,31484,00:00:33/29-13:15:45,1172) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26404,00:00:00/29-13:15:45,1185) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4572,00:02:41/29-13:15:44,1194) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1744,00:00:00/29-13:15:44,1197) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40568,10524,00:00:00/29-13:15:44,1199) /usr/lib/systemd/systemd --user (cm-ssh,40568,10520,00:00:00/29-13:15:44,1200) /usr/lib/systemd/systemd --user (checkmk,40560,10484,00:00:00/29-13:15:44,1201) /usr/lib/systemd/systemd --user (root,448968,8444,00:00:38/29-13:15:44,1202) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6052,00:04:01/29-13:15:44,1204) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,672,00:00:00/29-13:15:44,1206) bpfilter_umh (root,26204,8212,00:00:12/29-13:15:44,1214) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4188,00:00:00/29-13:15:44,1215) ntpd: asynchronous dns resolver (spot,291644,178824,1-12:57:01/29-13:15:44,1221) /usr/bin/python3.11 /usr/bin/spot (cm-ssh,48532,3192,00:00:00/29-13:15:43,1228) (sd-pam) (checkmk,48532,3192,00:00:00/29-13:15:43,1229) (sd-pam) (syslogtunnel,48532,3192,00:00:00/29-13:15:43,1245) (sd-pam) (root,24216,5344,00:00:09/29-13:15:42,1325) /usr/lib/postfix/bin//master -w (postfix,24292,8260,00:00:02/29-13:15:42,1327) qmgr -l -t fifo -u (root,8964,2668,00:00:04/29-13:15:41,1354) /usr/sbin/cron -n (root,697576,81132,00:38:39/29-13:15:35,1375) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,220608,60496,00:12:53/29-13:15:21,1380) /usr/bin/python3.11 /usr/bin/spot (root,0,0,00:00:00/18:45,3727) [kworker/2:1] (root,0,0,00:00:00/18:41,3949) [kworker/u8:1-writeback] (root,0,0,00:00:00/10:31:08,6101) [kworker/0:2-events] (root,0,0,00:00:00/02:24:01,8802) [kworker/u8:0] (root,0,0,00:00:00/04:20,10360) [kworker/2:2-events] (root,0,0,00:00:00/40:42,12543) [kworker/3:2-events] (root,0,0,00:00:00/39:06,13387) [kworker/2:0-events] (root,35308,10012,00:00:00/23-11:06:37,15389) sshd: cm-ssh [priv] (cm-ssh,35308,5508,00:01:18/23-11:06:36,15391) sshd: cm-ssh (root,35308,10072,00:00:00/13-12:35:15,16975) sshd: syslogtunnel [priv] (syslogtunnel,35308,5588,00:00:46/13-12:35:14,16977) sshd: syslogtunnel (root,0,0,00:00:01/05:59:27,20264) [kworker/0:1-events] (root,0,0,00:00:00/02:06,21615) [kworker/1:1-events] (root,0,0,00:00:00/11:34,22560) [kworker/3:1-events] (postfix,24244,8172,00:00:00/32:40,28504) pickup -l -t fifo -u (root,0,0,00:00:07/15:36:00,29407) [kworker/1:0-ata_sff] (postfix,44628,9316,00:00:01/23-17:52:22,30472) tlsmgr -l -t unix -u (root,6656,3492,00:00:00/00:00,30563) /bin/bash /usr/bin/check_mk_agent (root,13744,3464,00:00:00/00:00,30581) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,30582) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-12-11 23:39 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe5683638d103ec7Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189460,12576,00:01:08/27-13:20:47,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/27-13:20:47,2) [kthreadd] (root,0,0,00:00:00/27-13:20:47,3) [rcu_gp] (root,0,0,00:00:00/27-13:20:47,4) [rcu_par_gp] (root,0,0,00:00:00/27-13:20:47,5) [slub_flushwq] (root,0,0,00:00:00/27-13:20:47,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/27-13:20:47,9) [mm_percpu_wq] (root,0,0,00:00:00/27-13:20:47,10) [rcu_tasks_kthre] (root,0,0,00:00:00/27-13:20:47,11) [rcu_tasks_rude_] (root,0,0,00:00:00/27-13:20:47,12) [rcu_tasks_trace] (root,0,0,00:00:50/27-13:20:47,13) [ksoftirqd/0] (root,0,0,01:13:36/27-13:20:47,14) [rcu_preempt] (root,0,0,00:00:10/27-13:20:47,15) [migration/0] (root,0,0,00:00:00/27-13:20:47,16) [idle_inject/0] (root,0,0,00:00:00/27-13:20:47,18) [cpuhp/0] (root,0,0,00:00:00/27-13:20:47,19) [cpuhp/1] (root,0,0,00:00:00/27-13:20:47,20) [idle_inject/1] (root,0,0,00:00:10/27-13:20:47,21) [migration/1] (root,0,0,00:00:43/27-13:20:47,22) [ksoftirqd/1] (root,0,0,00:00:00/27-13:20:47,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/27-13:20:47,25) [cpuhp/2] (root,0,0,00:00:00/27-13:20:47,26) [idle_inject/2] (root,0,0,00:00:08/27-13:20:47,27) [migration/2] (root,0,0,00:55:22/27-13:20:47,28) [ksoftirqd/2] (root,0,0,00:00:00/27-13:20:47,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/27-13:20:47,31) [cpuhp/3] (root,0,0,00:00:00/27-13:20:47,32) [idle_inject/3] (root,0,0,00:00:10/27-13:20:47,33) [migration/3] (root,0,0,00:02:31/27-13:20:47,34) [ksoftirqd/3] (root,0,0,00:00:00/27-13:20:47,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/27-13:20:47,39) [kdevtmpfs] (root,0,0,00:00:00/27-13:20:47,40) [netns] (root,0,0,00:00:00/27-13:20:47,41) [inet_frag_wq] (root,0,0,00:00:06/27-13:20:47,42) [kauditd] (root,0,0,00:00:00/27-13:20:47,43) [khungtaskd] (root,0,0,00:00:00/27-13:20:47,44) [oom_reaper] (root,0,0,00:00:00/27-13:20:47,45) [writeback] (root,0,0,00:01:21/27-13:20:47,46) [kcompactd0] (root,0,0,00:00:00/27-13:20:47,47) [ksmd] (root,0,0,00:01:19/27-13:20:47,48) [khugepaged] (root,0,0,00:00:00/27-13:20:47,74) [kintegrityd] (root,0,0,00:00:00/27-13:20:47,75) [kblockd] (root,0,0,00:00:00/27-13:20:47,76) [blkcg_punt_bio] (root,0,0,00:00:00/27-13:20:47,78) [tpm_dev_wq] (root,0,0,00:00:00/27-13:20:47,79) [edac-poller] (root,0,0,00:00:00/27-13:20:47,80) [devfreq_wq] (root,0,0,00:00:00/27-13:20:47,110) [watchdogd] (root,0,0,00:00:05/27-13:20:47,111) [kworker/2:1H-kblockd] (root,0,0,00:00:02/27-13:20:47,112) [kswapd0] (root,0,0,00:00:00/27-13:20:46,114) [kthrotld] (root,0,0,00:00:00/27-13:20:46,115) [mld] (root,0,0,00:00:00/27-13:20:46,116) [ipv6_addrconf] (root,0,0,00:00:11/27-13:20:46,117) [kworker/1:1H-kblockd] (root,0,0,00:00:00/27-13:20:46,122) [kstrp] (root,0,0,00:00:00/27-13:20:46,123) [zswap-shrink] (root,0,0,00:00:00/27-13:20:46,124) [kworker/u9:0] (root,0,0,00:00:00/27-13:20:46,129) [charger_manager] (root,0,0,00:00:06/27-13:20:45,172) [kworker/3:1H-kblockd] (root,0,0,00:00:06/27-13:20:45,175) [kworker/0:1H-kblockd] (root,0,0,00:00:00/27-13:20:45,205) [kaluad] (root,0,0,00:00:00/27-13:20:45,250) [kmpath_rdacd] (root,0,0,00:00:00/27-13:20:45,293) [kmpathd] (root,0,0,00:00:00/27-13:20:45,294) [kmpath_handlerd] (root,0,0,00:00:00/27-13:20:45,342) [ata_sff] (root,0,0,00:00:00/27-13:20:44,343) [scsi_eh_0] (root,0,0,00:00:00/27-13:20:44,344) [scsi_tmf_0] (root,0,0,00:00:00/27-13:20:44,345) [scsi_eh_1] (root,0,0,00:00:00/27-13:20:44,346) [scsi_tmf_1] (root,0,0,00:00:44/27-13:20:42,366) [jbd2/vda1-8] (root,0,0,00:00:00/27-13:20:42,367) [ext4-rsv-conver] (root,38604,7788,00:00:38/27-13:20:30,440) /usr/lib/systemd/systemd-journald (root,53164,9480,00:00:03/27-13:20:29,456) /usr/lib/systemd/systemd-udevd (root,8624,6716,00:00:41/27-13:20:27,491) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1628,00:00:14/27-13:19:53,512) /sbin/auditd (messagebus,22936,5548,00:01:14/27-13:19:53,518) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8520,00:00:43/27-13:19:53,531) /usr/lib/systemd/systemd-logind (root,20556,5000,00:00:00/27-13:19:53,541) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31876,16108,00:00:03/27-13:19:52,626) /usr/sbin/wickedd --systemd --foreground (root,31896,16848,00:00:00/27-13:19:52,627) /usr/sbin/wickedd-nanny --systemd --foreground (root,548360,31484,00:00:31/27-13:19:38,1172) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26404,00:00:00/27-13:19:38,1185) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4572,00:02:33/27-13:19:37,1194) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1744,00:00:00/27-13:19:37,1197) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40568,10524,00:00:00/27-13:19:37,1199) /usr/lib/systemd/systemd --user (cm-ssh,40568,10520,00:00:00/27-13:19:37,1200) /usr/lib/systemd/systemd --user (checkmk,40560,10484,00:00:00/27-13:19:37,1201) /usr/lib/systemd/systemd --user (root,448968,8444,00:00:36/27-13:19:37,1202) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6052,00:03:45/27-13:19:37,1204) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,672,00:00:00/27-13:19:37,1206) bpfilter_umh (root,26204,8212,00:00:11/27-13:19:37,1214) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4188,00:00:00/27-13:19:37,1215) ntpd: asynchronous dns resolver (spot,289992,176652,1-10:36:47/27-13:19:37,1221) /usr/bin/python3.11 /usr/bin/spot (cm-ssh,48532,3192,00:00:00/27-13:19:36,1228) (sd-pam) (checkmk,48532,3192,00:00:00/27-13:19:36,1229) (sd-pam) (syslogtunnel,48532,3192,00:00:00/27-13:19:36,1245) (sd-pam) (root,24216,5344,00:00:09/27-13:19:35,1325) /usr/lib/postfix/bin//master -w (postfix,24292,8260,00:00:01/27-13:19:35,1327) qmgr -l -t fifo -u (root,8964,2668,00:00:03/27-13:19:34,1354) /usr/sbin/cron -n (root,697064,80568,00:36:04/27-13:19:28,1375) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,219584,58616,00:11:34/27-13:19:14,1380) /usr/bin/python3.11 /usr/bin/spot (root,0,0,00:00:00/02:34:19,1639) [kworker/3:1-events] (root,0,0,00:00:00/07:54,8451) [kworker/u8:2-writeback] (root,0,0,00:00:00/05:13,13512) [kworker/1:3-events] (postfix,24244,8148,00:00:00/58:33,14566) pickup -l -t fifo -u (root,35308,10012,00:00:00/21-11:10:30,15389) sshd: cm-ssh [priv] (cm-ssh,35308,5508,00:01:11/21-11:10:29,15391) sshd: cm-ssh (root,0,0,00:00:00/57:29,16439) [kworker/u8:1-ext4-rsv-conversion] (root,35308,10072,00:00:00/11-12:39:08,16975) sshd: syslogtunnel [priv] (syslogtunnel,35308,5588,00:00:40/11-12:39:07,16977) sshd: syslogtunnel (root,0,0,00:00:01/05:30:54,18730) [kworker/0:0-events] (root,0,0,00:00:00/33:57,20552) [kworker/2:1] (root,0,0,00:00:00/55:20,23802) [kworker/0:1] (root,0,0,00:00:00/12:35,26286) [kworker/1:1-ata_sff] (root,0,0,00:00:00/00:11,27852) [kworker/1:0-ata_sff] (root,0,0,00:00:00/42:49,27932) [kworker/2:2-events] (root,6656,3484,00:00:00/00:00,28642) /bin/bash /usr/bin/check_mk_agent (root,13744,3384,00:00:00/00:00,28660) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,28661) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (postfix,44628,9316,00:00:00/21-17:56:15,30472) tlsmgr -l -t unix -u (root,0,0,00:00:00/02:27:14,32261) [kworker/3:0-cgroup_destroy] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-12-09 23:42 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe5683633557a946Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189460,12816,00:01:04/25-12:24:15,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/25-12:24:15,2) [kthreadd] (root,0,0,00:00:00/25-12:24:15,3) [rcu_gp] (root,0,0,00:00:00/25-12:24:15,4) [rcu_par_gp] (root,0,0,00:00:00/25-12:24:15,5) [slub_flushwq] (root,0,0,00:00:00/25-12:24:15,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/25-12:24:15,9) [mm_percpu_wq] (root,0,0,00:00:00/25-12:24:15,10) [rcu_tasks_kthre] (root,0,0,00:00:00/25-12:24:15,11) [rcu_tasks_rude_] (root,0,0,00:00:00/25-12:24:15,12) [rcu_tasks_trace] (root,0,0,00:00:46/25-12:24:15,13) [ksoftirqd/0] (root,0,0,01:08:11/25-12:24:15,14) [rcu_preempt] (root,0,0,00:00:09/25-12:24:15,15) [migration/0] (root,0,0,00:00:00/25-12:24:15,16) [idle_inject/0] (root,0,0,00:00:00/25-12:24:15,18) [cpuhp/0] (root,0,0,00:00:00/25-12:24:15,19) [cpuhp/1] (root,0,0,00:00:00/25-12:24:15,20) [idle_inject/1] (root,0,0,00:00:10/25-12:24:15,21) [migration/1] (root,0,0,00:00:40/25-12:24:15,22) [ksoftirqd/1] (root,0,0,00:00:00/25-12:24:15,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/25-12:24:15,25) [cpuhp/2] (root,0,0,00:00:00/25-12:24:15,26) [idle_inject/2] (root,0,0,00:00:08/25-12:24:15,27) [migration/2] (root,0,0,00:52:00/25-12:24:15,28) [ksoftirqd/2] (root,0,0,00:00:00/25-12:24:15,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/25-12:24:15,31) [cpuhp/3] (root,0,0,00:00:00/25-12:24:15,32) [idle_inject/3] (root,0,0,00:00:09/25-12:24:15,33) [migration/3] (root,0,0,00:02:20/25-12:24:15,34) [ksoftirqd/3] (root,0,0,00:00:00/25-12:24:15,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/25-12:24:15,39) [kdevtmpfs] (root,0,0,00:00:00/25-12:24:15,40) [netns] (root,0,0,00:00:00/25-12:24:15,41) [inet_frag_wq] (root,0,0,00:00:06/25-12:24:15,42) [kauditd] (root,0,0,00:00:00/25-12:24:15,43) [khungtaskd] (root,0,0,00:00:00/25-12:24:15,44) [oom_reaper] (root,0,0,00:00:00/25-12:24:15,45) [writeback] (root,0,0,00:01:14/25-12:24:15,46) [kcompactd0] (root,0,0,00:00:00/25-12:24:15,47) [ksmd] (root,0,0,00:01:13/25-12:24:15,48) [khugepaged] (root,0,0,00:00:00/25-12:24:15,74) [kintegrityd] (root,0,0,00:00:00/25-12:24:15,75) [kblockd] (root,0,0,00:00:00/25-12:24:15,76) [blkcg_punt_bio] (root,0,0,00:00:00/25-12:24:15,78) [tpm_dev_wq] (root,0,0,00:00:00/25-12:24:15,79) [edac-poller] (root,0,0,00:00:00/25-12:24:15,80) [devfreq_wq] (root,0,0,00:00:00/25-12:24:15,110) [watchdogd] (root,0,0,00:00:05/25-12:24:15,111) [kworker/2:1H-kblockd] (root,0,0,00:00:01/25-12:24:15,112) [kswapd0] (root,0,0,00:00:00/25-12:24:14,114) [kthrotld] (root,0,0,00:00:00/25-12:24:14,115) [mld] (root,0,0,00:00:00/25-12:24:14,116) [ipv6_addrconf] (root,0,0,00:00:10/25-12:24:14,117) [kworker/1:1H-kblockd] (root,0,0,00:00:00/25-12:24:14,122) [kstrp] (root,0,0,00:00:00/25-12:24:14,123) [zswap-shrink] (root,0,0,00:00:00/25-12:24:14,124) [kworker/u9:0] (root,0,0,00:00:00/25-12:24:14,129) [charger_manager] (root,0,0,00:00:05/25-12:24:13,172) [kworker/3:1H-kblockd] (root,0,0,00:00:05/25-12:24:13,175) [kworker/0:1H-kblockd] (root,0,0,00:00:00/25-12:24:13,205) [kaluad] (root,0,0,00:00:00/25-12:24:13,250) [kmpath_rdacd] (root,0,0,00:00:00/25-12:24:13,293) [kmpathd] (root,0,0,00:00:00/25-12:24:13,294) [kmpath_handlerd] (root,0,0,00:00:00/25-12:24:13,342) [ata_sff] (root,0,0,00:00:00/25-12:24:12,343) [scsi_eh_0] (root,0,0,00:00:00/25-12:24:12,344) [scsi_tmf_0] (root,0,0,00:00:00/25-12:24:12,345) [scsi_eh_1] (root,0,0,00:00:00/25-12:24:12,346) [scsi_tmf_1] (root,0,0,00:00:40/25-12:24:10,366) [jbd2/vda1-8] (root,0,0,00:00:00/25-12:24:10,367) [ext4-rsv-conver] (root,38604,7876,00:00:36/25-12:23:58,440) /usr/lib/systemd/systemd-journald (root,53164,9544,00:00:03/25-12:23:57,456) /usr/lib/systemd/systemd-udevd (root,8624,6756,00:00:38/25-12:23:55,491) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1628,00:00:13/25-12:23:21,512) /sbin/auditd (messagebus,22936,5640,00:01:10/25-12:23:21,518) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8556,00:00:40/25-12:23:21,531) /usr/lib/systemd/systemd-logind (root,20556,5076,00:00:00/25-12:23:21,541) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31876,16156,00:00:03/25-12:23:20,626) /usr/sbin/wickedd --systemd --foreground (root,31896,16912,00:00:00/25-12:23:20,627) /usr/sbin/wickedd-nanny --systemd --foreground (root,548104,30844,00:00:29/25-12:23:06,1172) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26512,00:00:00/25-12:23:06,1185) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4572,00:02:19/25-12:23:05,1194) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1744,00:00:00/25-12:23:05,1197) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40568,10564,00:00:00/25-12:23:05,1199) /usr/lib/systemd/systemd --user (cm-ssh,40568,10520,00:00:00/25-12:23:05,1200) /usr/lib/systemd/systemd --user (checkmk,40560,10484,00:00:00/25-12:23:05,1201) /usr/lib/systemd/systemd --user (root,448968,8552,00:00:34/25-12:23:05,1202) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6064,00:03:28/25-12:23:05,1204) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,672,00:00:00/25-12:23:05,1206) bpfilter_umh (root,26204,8300,00:00:11/25-12:23:05,1214) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4188,00:00:00/25-12:23:05,1215) ntpd: asynchronous dns resolver (spot,301616,188308,1-08:00:01/25-12:23:05,1221) /usr/bin/python3.11 /usr/bin/spot (cm-ssh,48532,3192,00:00:00/25-12:23:04,1228) (sd-pam) (checkmk,48532,3192,00:00:00/25-12:23:04,1229) (sd-pam) (syslogtunnel,48532,3192,00:00:00/25-12:23:04,1245) (sd-pam) (root,24216,5348,00:00:08/25-12:23:03,1325) /usr/lib/postfix/bin//master -w (postfix,24292,8260,00:00:01/25-12:23:03,1327) qmgr -l -t fifo -u (root,8964,2668,00:00:03/25-12:23:02,1354) /usr/sbin/cron -n (root,694116,77804,00:33:22/25-12:22:56,1375) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,218560,57992,00:10:07/25-12:22:42,1380) /usr/bin/python3.11 /usr/bin/spot (root,0,0,00:00:00/01:12,2194) [kworker/2:0] (root,6656,3480,00:00:00/00:00,3776) /bin/bash /usr/bin/check_mk_agent (root,13744,3460,00:00:00/00:00,3794) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,3795) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:00/01:42:30,15018) [kworker/0:2-events] (root,35308,10012,00:00:00/19-10:13:58,15389) sshd: cm-ssh [priv] (cm-ssh,35308,5508,00:01:04/19-10:13:57,15391) sshd: cm-ssh (root,0,0,00:00:00/27:44,16003) [kworker/0:0-cgroup_destroy] (root,0,0,00:00:00/08:13,16319) [kworker/1:2-ata_sff] (root,35308,10072,00:00:00/9-11:42:36,16975) sshd: syslogtunnel [priv] (syslogtunnel,35308,5588,00:00:33/9-11:42:35,16977) sshd: syslogtunnel (root,0,0,00:00:00/08:16:26,17512) [kworker/u8:2-ext4-rsv-conversion] (root,0,0,00:00:01/06:41:16,18263) [kworker/3:2-events] (root,0,0,00:00:05/05:26:50,21123) [kworker/2:1-events] (root,0,0,00:00:00/47:59,22566) [kworker/2:2-cgroup_destroy] (root,0,0,00:00:00/16:18,25316) [kworker/u8:0-writeback] (root,0,0,00:00:00/14:29,30275) [kworker/3:0-events] (postfix,44628,9372,00:00:00/19-16:59:43,30472) tlsmgr -l -t unix -u (postfix,24244,8260,00:00:00/22:55,30743) pickup -l -t fifo -u (root,0,0,00:00:00/03:03,30801) [kworker/1:0-ata_sff] (root,0,0,00:00:01/02:43:52,31732) [kworker/1:1-events] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-12-07 22:46 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe56836374626524Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189460,12808,00:01:00/23-12:11:01,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/23-12:11:01,2) [kthreadd] (root,0,0,00:00:00/23-12:11:01,3) [rcu_gp] (root,0,0,00:00:00/23-12:11:01,4) [rcu_par_gp] (root,0,0,00:00:00/23-12:11:01,5) [slub_flushwq] (root,0,0,00:00:00/23-12:11:01,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/23-12:11:01,9) [mm_percpu_wq] (root,0,0,00:00:00/23-12:11:01,10) [rcu_tasks_kthre] (root,0,0,00:00:00/23-12:11:01,11) [rcu_tasks_rude_] (root,0,0,00:00:00/23-12:11:01,12) [rcu_tasks_trace] (root,0,0,00:00:42/23-12:11:01,13) [ksoftirqd/0] (root,0,0,01:02:35/23-12:11:01,14) [rcu_preempt] (root,0,0,00:00:08/23-12:11:01,15) [migration/0] (root,0,0,00:00:00/23-12:11:01,16) [idle_inject/0] (root,0,0,00:00:00/23-12:11:01,18) [cpuhp/0] (root,0,0,00:00:00/23-12:11:01,19) [cpuhp/1] (root,0,0,00:00:00/23-12:11:01,20) [idle_inject/1] (root,0,0,00:00:09/23-12:11:01,21) [migration/1] (root,0,0,00:00:37/23-12:11:01,22) [ksoftirqd/1] (root,0,0,00:00:00/23-12:11:01,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/23-12:11:01,25) [cpuhp/2] (root,0,0,00:00:00/23-12:11:01,26) [idle_inject/2] (root,0,0,00:00:07/23-12:11:01,27) [migration/2] (root,0,0,00:47:20/23-12:11:01,28) [ksoftirqd/2] (root,0,0,00:00:00/23-12:11:01,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/23-12:11:01,31) [cpuhp/3] (root,0,0,00:00:00/23-12:11:01,32) [idle_inject/3] (root,0,0,00:00:08/23-12:11:01,33) [migration/3] (root,0,0,00:02:09/23-12:11:01,34) [ksoftirqd/3] (root,0,0,00:00:00/23-12:11:01,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/23-12:11:01,39) [kdevtmpfs] (root,0,0,00:00:00/23-12:11:01,40) [netns] (root,0,0,00:00:00/23-12:11:01,41) [inet_frag_wq] (root,0,0,00:00:05/23-12:11:01,42) [kauditd] (root,0,0,00:00:00/23-12:11:01,43) [khungtaskd] (root,0,0,00:00:00/23-12:11:01,44) [oom_reaper] (root,0,0,00:00:00/23-12:11:01,45) [writeback] (root,0,0,00:01:08/23-12:11:01,46) [kcompactd0] (root,0,0,00:00:00/23-12:11:01,47) [ksmd] (root,0,0,00:01:07/23-12:11:01,48) [khugepaged] (root,0,0,00:00:00/23-12:11:01,74) [kintegrityd] (root,0,0,00:00:00/23-12:11:01,75) [kblockd] (root,0,0,00:00:00/23-12:11:01,76) [blkcg_punt_bio] (root,0,0,00:00:00/23-12:11:01,78) [tpm_dev_wq] (root,0,0,00:00:00/23-12:11:01,79) [edac-poller] (root,0,0,00:00:00/23-12:11:01,80) [devfreq_wq] (root,0,0,00:00:00/23-12:11:01,110) [watchdogd] (root,0,0,00:00:04/23-12:11:01,111) [kworker/2:1H-kblockd] (root,0,0,00:00:01/23-12:11:01,112) [kswapd0] (root,0,0,00:00:00/23-12:11:00,114) [kthrotld] (root,0,0,00:00:00/23-12:11:00,115) [mld] (root,0,0,00:00:00/23-12:11:00,116) [ipv6_addrconf] (root,0,0,00:00:10/23-12:11:00,117) [kworker/1:1H-kblockd] (root,0,0,00:00:00/23-12:11:00,122) [kstrp] (root,0,0,00:00:00/23-12:11:00,123) [zswap-shrink] (root,0,0,00:00:00/23-12:11:00,124) [kworker/u9:0] (root,0,0,00:00:00/23-12:11:00,129) [charger_manager] (root,0,0,00:00:05/23-12:10:59,172) [kworker/3:1H-kblockd] (root,0,0,00:00:05/23-12:10:59,175) [kworker/0:1H-kblockd] (root,0,0,00:00:00/23-12:10:59,205) [kaluad] (root,0,0,00:00:00/23-12:10:59,250) [kmpath_rdacd] (root,0,0,00:00:00/23-12:10:59,293) [kmpathd] (root,0,0,00:00:00/23-12:10:59,294) [kmpath_handlerd] (root,0,0,00:00:00/23-12:10:59,342) [ata_sff] (root,0,0,00:00:00/23-12:10:58,343) [scsi_eh_0] (root,0,0,00:00:00/23-12:10:58,344) [scsi_tmf_0] (root,0,0,00:00:00/23-12:10:58,345) [scsi_eh_1] (root,0,0,00:00:00/23-12:10:58,346) [scsi_tmf_1] (root,0,0,00:00:36/23-12:10:56,366) [jbd2/vda1-8] (root,0,0,00:00:00/23-12:10:56,367) [ext4-rsv-conver] (root,38604,7876,00:00:33/23-12:10:44,440) /usr/lib/systemd/systemd-journald (root,53164,9544,00:00:02/23-12:10:43,456) /usr/lib/systemd/systemd-udevd (root,8624,6756,00:00:35/23-12:10:41,491) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1628,00:00:12/23-12:10:07,512) /sbin/auditd (messagebus,22936,5640,00:01:06/23-12:10:07,518) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8556,00:00:38/23-12:10:07,531) /usr/lib/systemd/systemd-logind (root,20556,5076,00:00:00/23-12:10:07,541) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31876,16156,00:00:03/23-12:10:06,626) /usr/sbin/wickedd --systemd --foreground (root,31896,16912,00:00:00/23-12:10:06,627) /usr/sbin/wickedd-nanny --systemd --foreground (root,548104,30324,00:00:26/23-12:09:52,1172) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26512,00:00:00/23-12:09:52,1185) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4572,00:02:07/23-12:09:51,1194) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1744,00:00:00/23-12:09:51,1197) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40568,10564,00:00:00/23-12:09:51,1199) /usr/lib/systemd/systemd --user (cm-ssh,40568,10520,00:00:00/23-12:09:51,1200) /usr/lib/systemd/systemd --user (checkmk,40560,10484,00:00:00/23-12:09:51,1201) /usr/lib/systemd/systemd --user (root,448968,8552,00:00:32/23-12:09:51,1202) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6064,00:03:11/23-12:09:51,1204) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,672,00:00:00/23-12:09:51,1206) bpfilter_umh (root,26204,8300,00:00:10/23-12:09:51,1214) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4188,00:00:00/23-12:09:51,1215) ntpd: asynchronous dns resolver (spot,285612,172760,1-05:33:35/23-12:09:51,1221) /usr/bin/python3.11 /usr/bin/spot (cm-ssh,48532,3192,00:00:00/23-12:09:50,1228) (sd-pam) (checkmk,48532,3192,00:00:00/23-12:09:50,1229) (sd-pam) (syslogtunnel,48532,3192,00:00:00/23-12:09:50,1245) (sd-pam) (root,24216,5348,00:00:07/23-12:09:49,1325) /usr/lib/postfix/bin//master -w (postfix,24292,8260,00:00:01/23-12:09:49,1327) qmgr -l -t fifo -u (root,8964,2668,00:00:03/23-12:09:48,1354) /usr/sbin/cron -n (root,693860,77148,00:30:39/23-12:09:42,1375) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,217536,55844,00:08:41/23-12:09:28,1380) /usr/bin/python3.11 /usr/bin/spot (root,6656,3488,00:00:00/00:00,3223) /bin/bash /usr/bin/check_mk_agent (root,13744,3384,00:00:00/00:00,3241) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,3242) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:00/08:08,4164) [kworker/1:0-ata_sff] (root,0,0,00:00:00/27:37,6049) [kworker/0:0] (root,0,0,00:00:00/03:38:43,6466) [kworker/u8:0-ext4-rsv-conversion] (root,0,0,00:00:00/01:01:26,7973) [kworker/0:1-events] (root,35308,10012,00:00:00/17-10:00:44,15389) sshd: cm-ssh [priv] (cm-ssh,35308,5508,00:00:58/17-10:00:43,15391) sshd: cm-ssh (root,0,0,00:00:00/41:04,15454) [kworker/3:0-cgroup_destroy] (root,0,0,00:00:00/14:03,16186) [kworker/2:2] (root,0,0,00:00:00/02:55:04,16672) [kworker/3:2-events] (root,35308,10072,00:00:00/7-11:29:22,16975) sshd: syslogtunnel [priv] (syslogtunnel,35308,5588,00:00:25/7-11:29:21,16977) sshd: syslogtunnel (root,0,0,00:00:00/04:40,17043) [kworker/u8:1-writeback] (root,0,0,00:00:02/02:41:43,21755) [kworker/2:0-events] (root,0,0,00:00:00/02:56,21800) [kworker/1:1-ata_sff] (root,0,0,00:00:00/32:40,22020) [kworker/u8:2-ext4-rsv-conversion] (postfix,24244,8160,00:00:00/31:29,28146) pickup -l -t fifo -u (root,0,0,00:00:00/01:15:35,30106) [kworker/1:2-mm_percpu_wq] (postfix,44628,9372,00:00:00/17-16:46:29,30472) tlsmgr -l -t unix -u (root,0,0,00:00:00/00:41,31932) [kworker/3:1] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-12-05 22:33 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe56836347aac53eFound public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189460,12808,00:00:57/21-12:19:36,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/21-12:19:36,2) [kthreadd] (root,0,0,00:00:00/21-12:19:36,3) [rcu_gp] (root,0,0,00:00:00/21-12:19:36,4) [rcu_par_gp] (root,0,0,00:00:00/21-12:19:36,5) [slub_flushwq] (root,0,0,00:00:00/21-12:19:36,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/21-12:19:36,9) [mm_percpu_wq] (root,0,0,00:00:00/21-12:19:36,10) [rcu_tasks_kthre] (root,0,0,00:00:00/21-12:19:36,11) [rcu_tasks_rude_] (root,0,0,00:00:00/21-12:19:36,12) [rcu_tasks_trace] (root,0,0,00:00:39/21-12:19:36,13) [ksoftirqd/0] (root,0,0,00:57:15/21-12:19:36,14) [rcu_preempt] (root,0,0,00:00:08/21-12:19:36,15) [migration/0] (root,0,0,00:00:00/21-12:19:36,16) [idle_inject/0] (root,0,0,00:00:00/21-12:19:36,18) [cpuhp/0] (root,0,0,00:00:00/21-12:19:36,19) [cpuhp/1] (root,0,0,00:00:00/21-12:19:36,20) [idle_inject/1] (root,0,0,00:00:08/21-12:19:36,21) [migration/1] (root,0,0,00:00:34/21-12:19:36,22) [ksoftirqd/1] (root,0,0,00:00:00/21-12:19:36,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/21-12:19:36,25) [cpuhp/2] (root,0,0,00:00:00/21-12:19:36,26) [idle_inject/2] (root,0,0,00:00:06/21-12:19:36,27) [migration/2] (root,0,0,00:43:25/21-12:19:36,28) [ksoftirqd/2] (root,0,0,00:00:00/21-12:19:36,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/21-12:19:36,31) [cpuhp/3] (root,0,0,00:00:00/21-12:19:36,32) [idle_inject/3] (root,0,0,00:00:08/21-12:19:36,33) [migration/3] (root,0,0,00:01:59/21-12:19:36,34) [ksoftirqd/3] (root,0,0,00:00:00/21-12:19:36,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/21-12:19:36,39) [kdevtmpfs] (root,0,0,00:00:00/21-12:19:36,40) [netns] (root,0,0,00:00:00/21-12:19:36,41) [inet_frag_wq] (root,0,0,00:00:05/21-12:19:36,42) [kauditd] (root,0,0,00:00:00/21-12:19:36,43) [khungtaskd] (root,0,0,00:00:00/21-12:19:36,44) [oom_reaper] (root,0,0,00:00:00/21-12:19:36,45) [writeback] (root,0,0,00:01:03/21-12:19:36,46) [kcompactd0] (root,0,0,00:00:00/21-12:19:36,47) [ksmd] (root,0,0,00:01:02/21-12:19:36,48) [khugepaged] (root,0,0,00:00:00/21-12:19:36,74) [kintegrityd] (root,0,0,00:00:00/21-12:19:36,75) [kblockd] (root,0,0,00:00:00/21-12:19:36,76) [blkcg_punt_bio] (root,0,0,00:00:00/21-12:19:36,78) [tpm_dev_wq] (root,0,0,00:00:00/21-12:19:36,79) [edac-poller] (root,0,0,00:00:00/21-12:19:36,80) [devfreq_wq] (root,0,0,00:00:00/21-12:19:36,110) [watchdogd] (root,0,0,00:00:04/21-12:19:36,111) [kworker/2:1H-kblockd] (root,0,0,00:00:01/21-12:19:36,112) [kswapd0] (root,0,0,00:00:00/21-12:19:35,114) [kthrotld] (root,0,0,00:00:00/21-12:19:35,115) [mld] (root,0,0,00:00:00/21-12:19:35,116) [ipv6_addrconf] (root,0,0,00:00:09/21-12:19:35,117) [kworker/1:1H-kblockd] (root,0,0,00:00:00/21-12:19:35,122) [kstrp] (root,0,0,00:00:00/21-12:19:35,123) [zswap-shrink] (root,0,0,00:00:00/21-12:19:35,124) [kworker/u9:0] (root,0,0,00:00:00/21-12:19:35,129) [charger_manager] (root,0,0,00:00:04/21-12:19:34,172) [kworker/3:1H-kblockd] (root,0,0,00:00:04/21-12:19:34,175) [kworker/0:1H-kblockd] (root,0,0,00:00:00/21-12:19:34,205) [kaluad] (root,0,0,00:00:00/21-12:19:34,250) [kmpath_rdacd] (root,0,0,00:00:00/21-12:19:34,293) [kmpathd] (root,0,0,00:00:00/21-12:19:34,294) [kmpath_handlerd] (root,0,0,00:00:00/21-12:19:34,342) [ata_sff] (root,0,0,00:00:00/21-12:19:33,343) [scsi_eh_0] (root,0,0,00:00:00/21-12:19:33,344) [scsi_tmf_0] (root,0,0,00:00:00/21-12:19:33,345) [scsi_eh_1] (root,0,0,00:00:00/21-12:19:33,346) [scsi_tmf_1] (root,0,0,00:00:33/21-12:19:31,366) [jbd2/vda1-8] (root,0,0,00:00:00/21-12:19:31,367) [ext4-rsv-conver] (root,38604,7876,00:00:31/21-12:19:19,440) /usr/lib/systemd/systemd-journald (root,53164,9544,00:00:02/21-12:19:18,456) /usr/lib/systemd/systemd-udevd (root,8624,6756,00:00:32/21-12:19:16,491) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1628,00:00:11/21-12:18:42,512) /sbin/auditd (messagebus,22936,5640,00:01:02/21-12:18:42,518) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8556,00:00:36/21-12:18:42,531) /usr/lib/systemd/systemd-logind (root,20556,5076,00:00:00/21-12:18:42,541) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31876,16156,00:00:03/21-12:18:41,626) /usr/sbin/wickedd --systemd --foreground (root,31896,16912,00:00:00/21-12:18:41,627) /usr/sbin/wickedd-nanny --systemd --foreground (root,548104,29804,00:00:24/21-12:18:27,1172) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26512,00:00:00/21-12:18:27,1185) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4572,00:01:58/21-12:18:26,1194) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1744,00:00:00/21-12:18:26,1197) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40568,10564,00:00:00/21-12:18:26,1199) /usr/lib/systemd/systemd --user (cm-ssh,40568,10520,00:00:00/21-12:18:26,1200) /usr/lib/systemd/systemd --user (checkmk,40560,10484,00:00:00/21-12:18:26,1201) /usr/lib/systemd/systemd --user (root,448968,8552,00:00:30/21-12:18:26,1202) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6064,00:02:55/21-12:18:26,1204) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,672,00:00:00/21-12:18:26,1206) bpfilter_umh (root,26204,8300,00:00:09/21-12:18:26,1214) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4188,00:00:00/21-12:18:26,1215) ntpd: asynchronous dns resolver (spot,285132,171860,1-03:12:24/21-12:18:26,1221) /usr/bin/python3.11 /usr/bin/spot (cm-ssh,48532,3192,00:00:00/21-12:18:25,1228) (sd-pam) (checkmk,48532,3192,00:00:00/21-12:18:25,1229) (sd-pam) (syslogtunnel,48532,3192,00:00:00/21-12:18:25,1245) (sd-pam) (root,24216,5348,00:00:07/21-12:18:24,1325) /usr/lib/postfix/bin//master -w (postfix,24292,8260,00:00:01/21-12:18:24,1327) qmgr -l -t fifo -u (root,8964,2668,00:00:02/21-12:18:23,1354) /usr/sbin/cron -n (root,693604,76796,00:28:00/21-12:18:17,1375) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,216512,54956,00:07:21/21-12:18:03,1380) /usr/bin/python3.11 /usr/bin/spot (root,0,0,00:00:01/01:00:19,1511) [kworker/2:0-events] (root,0,0,00:00:00/04:11,2878) [kworker/1:2-ata_sff] (root,0,0,00:00:00/41:18,10019) [kworker/0:2-events] (root,0,0,00:00:03/06:39:18,10383) [kworker/1:0-events] (root,6656,3444,00:00:00/00:00,12315) /bin/bash /usr/bin/check_mk_agent (root,6656,3488,00:00:00/00:00,12370) /bin/bash /usr/bin/check_mk_agent (root,6656,1828,00:00:00/00:00,12372) /bin/bash /usr/bin/check_mk_agent (root,6656,1956,00:00:00/00:00,12373) /bin/bash /usr/bin/check_mk_agent (root,4480,1184,00:00:00/00:00,12374) awk /:/ { c[$4]++; } END { for (x in c) { print x, c[x]; } } (root,2728,848,00:00:00/00:00,12375) timeout 5 cat /proc/net/tcp /proc/net/tcp6 (root,2680,664,00:00:00/00:00,12378) cat /proc/net/tcp /proc/net/tcp6 (root,13744,3504,00:00:00/00:00,12394) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,12395) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,35308,10012,00:00:00/15-10:09:19,15389) sshd: cm-ssh [priv] (cm-ssh,35308,5508,00:00:51/15-10:09:18,15391) sshd: cm-ssh (root,35308,10072,00:00:00/5-11:37:57,16975) sshd: syslogtunnel [priv] (syslogtunnel,35308,5588,00:00:19/5-11:37:56,16977) sshd: syslogtunnel (root,0,0,00:00:00/01:26:06,16980) [kworker/2:1-events] (root,0,0,00:00:00/02:10:34,18687) [kworker/0:1-events] (root,0,0,00:00:00/01:51:27,20036) [kworker/3:0] (root,0,0,00:00:00/09:22,21970) [kworker/1:1-ata_sff] (root,0,0,00:00:00/02:54:36,28374) [kworker/u8:2-ext4-rsv-conversion] (root,0,0,00:00:00/06:18,29696) [kworker/u8:1-flush-253:0] (root,0,0,00:00:01/06:50:53,30433) [kworker/3:1-events] (postfix,44628,9372,00:00:00/15-16:55:04,30472) tlsmgr -l -t unix -u (postfix,24244,8260,00:00:00/01:01:56,30884) pickup -l -t fifo -u Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-12-03 22:41 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe5683632db0992dFound public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189460,12828,00:00:53/19-12:09:06,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/19-12:09:06,2) [kthreadd] (root,0,0,00:00:00/19-12:09:06,3) [rcu_gp] (root,0,0,00:00:00/19-12:09:06,4) [rcu_par_gp] (root,0,0,00:00:00/19-12:09:06,5) [slub_flushwq] (root,0,0,00:00:00/19-12:09:06,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/19-12:09:06,9) [mm_percpu_wq] (root,0,0,00:00:00/19-12:09:06,10) [rcu_tasks_kthre] (root,0,0,00:00:00/19-12:09:06,11) [rcu_tasks_rude_] (root,0,0,00:00:00/19-12:09:06,12) [rcu_tasks_trace] (root,0,0,00:00:35/19-12:09:06,13) [ksoftirqd/0] (root,0,0,00:51:58/19-12:09:06,14) [rcu_preempt] (root,0,0,00:00:07/19-12:09:06,15) [migration/0] (root,0,0,00:00:00/19-12:09:06,16) [idle_inject/0] (root,0,0,00:00:00/19-12:09:06,18) [cpuhp/0] (root,0,0,00:00:00/19-12:09:06,19) [cpuhp/1] (root,0,0,00:00:00/19-12:09:06,20) [idle_inject/1] (root,0,0,00:00:07/19-12:09:06,21) [migration/1] (root,0,0,00:00:31/19-12:09:06,22) [ksoftirqd/1] (root,0,0,00:00:00/19-12:09:06,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/19-12:09:06,25) [cpuhp/2] (root,0,0,00:00:00/19-12:09:06,26) [idle_inject/2] (root,0,0,00:00:06/19-12:09:06,27) [migration/2] (root,0,0,00:38:49/19-12:09:06,28) [ksoftirqd/2] (root,0,0,00:00:00/19-12:09:06,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/19-12:09:06,31) [cpuhp/3] (root,0,0,00:00:00/19-12:09:06,32) [idle_inject/3] (root,0,0,00:00:07/19-12:09:06,33) [migration/3] (root,0,0,00:01:48/19-12:09:06,34) [ksoftirqd/3] (root,0,0,00:00:00/19-12:09:06,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/19-12:09:06,39) [kdevtmpfs] (root,0,0,00:00:00/19-12:09:06,40) [netns] (root,0,0,00:00:00/19-12:09:06,41) [inet_frag_wq] (root,0,0,00:00:05/19-12:09:06,42) [kauditd] (root,0,0,00:00:00/19-12:09:06,43) [khungtaskd] (root,0,0,00:00:00/19-12:09:06,44) [oom_reaper] (root,0,0,00:00:00/19-12:09:06,45) [writeback] (root,0,0,00:00:56/19-12:09:06,46) [kcompactd0] (root,0,0,00:00:00/19-12:09:06,47) [ksmd] (root,0,0,00:00:57/19-12:09:06,48) [khugepaged] (root,0,0,00:00:00/19-12:09:06,74) [kintegrityd] (root,0,0,00:00:00/19-12:09:06,75) [kblockd] (root,0,0,00:00:00/19-12:09:06,76) [blkcg_punt_bio] (root,0,0,00:00:00/19-12:09:06,78) [tpm_dev_wq] (root,0,0,00:00:00/19-12:09:06,79) [edac-poller] (root,0,0,00:00:00/19-12:09:06,80) [devfreq_wq] (root,0,0,00:00:00/19-12:09:06,110) [watchdogd] (root,0,0,00:00:03/19-12:09:06,111) [kworker/2:1H-kblockd] (root,0,0,00:00:01/19-12:09:06,112) [kswapd0] (root,0,0,00:00:00/19-12:09:05,114) [kthrotld] (root,0,0,00:00:00/19-12:09:05,115) [mld] (root,0,0,00:00:00/19-12:09:05,116) [ipv6_addrconf] (root,0,0,00:00:08/19-12:09:05,117) [kworker/1:1H-kblockd] (root,0,0,00:00:00/19-12:09:05,122) [kstrp] (root,0,0,00:00:00/19-12:09:05,123) [zswap-shrink] (root,0,0,00:00:00/19-12:09:05,124) [kworker/u9:0] (root,0,0,00:00:00/19-12:09:05,129) [charger_manager] (root,0,0,00:00:04/19-12:09:04,172) [kworker/3:1H-kblockd] (root,0,0,00:00:04/19-12:09:04,175) [kworker/0:1H-kblockd] (root,0,0,00:00:00/19-12:09:04,205) [kaluad] (root,0,0,00:00:00/19-12:09:04,250) [kmpath_rdacd] (root,0,0,00:00:00/19-12:09:04,293) [kmpathd] (root,0,0,00:00:00/19-12:09:04,294) [kmpath_handlerd] (root,0,0,00:00:00/19-12:09:04,342) [ata_sff] (root,0,0,00:00:00/19-12:09:03,343) [scsi_eh_0] (root,0,0,00:00:00/19-12:09:03,344) [scsi_tmf_0] (root,0,0,00:00:00/19-12:09:03,345) [scsi_eh_1] (root,0,0,00:00:00/19-12:09:03,346) [scsi_tmf_1] (root,0,0,00:00:29/19-12:09:01,366) [jbd2/vda1-8] (root,0,0,00:00:00/19-12:09:01,367) [ext4-rsv-conver] (root,38604,7876,00:00:29/19-12:08:49,440) /usr/lib/systemd/systemd-journald (root,53164,9648,00:00:02/19-12:08:48,456) /usr/lib/systemd/systemd-udevd (root,8624,6760,00:00:29/19-12:08:46,491) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1628,00:00:10/19-12:08:12,512) /sbin/auditd (messagebus,22936,5672,00:00:58/19-12:08:12,518) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8556,00:00:33/19-12:08:12,531) /usr/lib/systemd/systemd-logind (root,20556,5140,00:00:00/19-12:08:12,541) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31876,16220,00:00:03/19-12:08:11,626) /usr/sbin/wickedd --systemd --foreground (root,31896,16976,00:00:00/19-12:08:11,627) /usr/sbin/wickedd-nanny --systemd --foreground (root,548104,29812,00:00:22/19-12:07:57,1172) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26512,00:00:00/19-12:07:57,1185) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4572,00:01:47/19-12:07:56,1194) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1744,00:00:00/19-12:07:56,1197) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40568,10564,00:00:00/19-12:07:56,1199) /usr/lib/systemd/systemd --user (cm-ssh,40568,10520,00:00:00/19-12:07:56,1200) /usr/lib/systemd/systemd --user (checkmk,40560,10484,00:00:00/19-12:07:56,1201) /usr/lib/systemd/systemd --user (root,448968,8552,00:00:28/19-12:07:56,1202) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6112,00:02:39/19-12:07:56,1204) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,672,00:00:00/19-12:07:56,1206) bpfilter_umh (root,26204,8300,00:00:09/19-12:07:56,1214) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4236,00:00:00/19-12:07:56,1215) ntpd: asynchronous dns resolver (spot,284668,171744,1-00:58:44/19-12:07:56,1221) /usr/bin/python3.11 /usr/bin/spot (cm-ssh,48532,3192,00:00:00/19-12:07:55,1228) (sd-pam) (checkmk,48532,3192,00:00:00/19-12:07:55,1229) (sd-pam) (syslogtunnel,48532,3192,00:00:00/19-12:07:55,1245) (sd-pam) (root,24216,5348,00:00:06/19-12:07:54,1325) /usr/lib/postfix/bin//master -w (postfix,24292,8260,00:00:01/19-12:07:54,1327) qmgr -l -t fifo -u (root,8964,2668,00:00:02/19-12:07:53,1354) /usr/sbin/cron -n (root,692836,75756,00:25:20/19-12:07:47,1375) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,215488,53048,00:06:32/19-12:07:33,1380) /usr/bin/python3.11 /usr/bin/spot (root,0,0,00:00:00/22:53,3881) [kworker/0:0] (root,0,0,00:00:00/04:10:30,3898) [kworker/3:2-events] (root,0,0,00:00:00/41:44,5253) [kworker/u8:2-writeback] (postfix,24244,8216,00:00:00/01:12:26,5612) pickup -l -t fifo -u (root,0,0,00:00:00/04:46,5674) [kworker/3:1] (root,0,0,00:00:00/01:11:49,7188) [kworker/1:2-ata_sff] (root,0,0,00:00:00/04:23,7240) [kworker/1:1-events] (root,0,0,00:00:00/01:00:04,9395) [kworker/3:0-cgroup_destroy] (root,35308,10012,00:00:00/13-09:58:49,15389) sshd: cm-ssh [priv] (cm-ssh,35308,5508,00:00:44/13-09:58:48,15391) sshd: cm-ssh (root,35308,10072,00:00:00/3-11:27:27,16975) sshd: syslogtunnel [priv] (syslogtunnel,35308,5588,00:00:12/3-11:27:26,16977) sshd: syslogtunnel (root,0,0,00:00:00/03:20:45,17740) [kworker/u8:1-ext4-rsv-conversion] (root,0,0,00:00:02/01:54:58,19370) [kworker/2:0-events] (root,0,0,00:00:00/09:33,23001) [kworker/1:0-ata_sff] (root,0,0,00:00:00/35:08,26126) [kworker/0:2-events] (root,0,0,00:00:00/01:30:42,26674) [kworker/2:1-events] (root,6656,3484,00:00:00/00:00,27541) /bin/bash /usr/bin/check_mk_agent (root,6656,1820,00:00:00/00:00,27582) /bin/bash /usr/bin/check_mk_agent (root,6656,2012,00:00:00/00:00,27583) /bin/bash /usr/bin/check_mk_agent (root,4480,1056,00:00:00/00:00,27584) awk /:/ { c[$4]++; } END { for (x in c) { print x, c[x]; } } (root,2728,820,00:00:00/00:00,27585) timeout 5 cat /proc/net/tcp /proc/net/tcp6 (root,2676,1384,00:00:00/00:00,27586) cat /proc/net/tcp /proc/net/tcp6 (root,6656,3492,00:00:00/00:00,27587) /bin/bash /usr/bin/check_mk_agent (root,13744,3492,00:00:00/00:00,27605) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,27606) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (postfix,44628,9416,00:00:00/13-16:44:34,30472) tlsmgr -l -t unix -u Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-12-01 22:31 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe5683635104b933Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189460,12824,00:00:49/17-11:40:31,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/17-11:40:31,2) [kthreadd] (root,0,0,00:00:00/17-11:40:31,3) [rcu_gp] (root,0,0,00:00:00/17-11:40:31,4) [rcu_par_gp] (root,0,0,00:00:00/17-11:40:31,5) [slub_flushwq] (root,0,0,00:00:00/17-11:40:31,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/17-11:40:31,9) [mm_percpu_wq] (root,0,0,00:00:00/17-11:40:31,10) [rcu_tasks_kthre] (root,0,0,00:00:00/17-11:40:31,11) [rcu_tasks_rude_] (root,0,0,00:00:00/17-11:40:31,12) [rcu_tasks_trace] (root,0,0,00:00:32/17-11:40:31,13) [ksoftirqd/0] (root,0,0,00:46:47/17-11:40:31,14) [rcu_preempt] (root,0,0,00:00:06/17-11:40:31,15) [migration/0] (root,0,0,00:00:00/17-11:40:31,16) [idle_inject/0] (root,0,0,00:00:00/17-11:40:31,18) [cpuhp/0] (root,0,0,00:00:00/17-11:40:31,19) [cpuhp/1] (root,0,0,00:00:00/17-11:40:31,20) [idle_inject/1] (root,0,0,00:00:06/17-11:40:31,21) [migration/1] (root,0,0,00:00:28/17-11:40:31,22) [ksoftirqd/1] (root,0,0,00:00:00/17-11:40:31,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/17-11:40:31,25) [cpuhp/2] (root,0,0,00:00:00/17-11:40:31,26) [idle_inject/2] (root,0,0,00:00:05/17-11:40:31,27) [migration/2] (root,0,0,00:35:34/17-11:40:31,28) [ksoftirqd/2] (root,0,0,00:00:00/17-11:40:31,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/17-11:40:31,31) [cpuhp/3] (root,0,0,00:00:00/17-11:40:31,32) [idle_inject/3] (root,0,0,00:00:06/17-11:40:31,33) [migration/3] (root,0,0,00:01:38/17-11:40:31,34) [ksoftirqd/3] (root,0,0,00:00:00/17-11:40:31,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/17-11:40:31,39) [kdevtmpfs] (root,0,0,00:00:00/17-11:40:31,40) [netns] (root,0,0,00:00:00/17-11:40:31,41) [inet_frag_wq] (root,0,0,00:00:04/17-11:40:31,42) [kauditd] (root,0,0,00:00:00/17-11:40:31,43) [khungtaskd] (root,0,0,00:00:00/17-11:40:31,44) [oom_reaper] (root,0,0,00:00:00/17-11:40:31,45) [writeback] (root,0,0,00:00:51/17-11:40:31,46) [kcompactd0] (root,0,0,00:00:00/17-11:40:31,47) [ksmd] (root,0,0,00:00:51/17-11:40:31,48) [khugepaged] (root,0,0,00:00:00/17-11:40:31,74) [kintegrityd] (root,0,0,00:00:00/17-11:40:31,75) [kblockd] (root,0,0,00:00:00/17-11:40:31,76) [blkcg_punt_bio] (root,0,0,00:00:00/17-11:40:31,78) [tpm_dev_wq] (root,0,0,00:00:00/17-11:40:31,79) [edac-poller] (root,0,0,00:00:00/17-11:40:31,80) [devfreq_wq] (root,0,0,00:00:00/17-11:40:31,110) [watchdogd] (root,0,0,00:00:03/17-11:40:31,111) [kworker/2:1H-kblockd] (root,0,0,00:00:01/17-11:40:31,112) [kswapd0] (root,0,0,00:00:00/17-11:40:30,114) [kthrotld] (root,0,0,00:00:00/17-11:40:30,115) [mld] (root,0,0,00:00:00/17-11:40:30,116) [ipv6_addrconf] (root,0,0,00:00:07/17-11:40:30,117) [kworker/1:1H-kblockd] (root,0,0,00:00:00/17-11:40:30,122) [kstrp] (root,0,0,00:00:00/17-11:40:30,123) [zswap-shrink] (root,0,0,00:00:00/17-11:40:30,124) [kworker/u9:0] (root,0,0,00:00:00/17-11:40:30,129) [charger_manager] (root,0,0,00:00:03/17-11:40:29,172) [kworker/3:1H-kblockd] (root,0,0,00:00:03/17-11:40:29,175) [kworker/0:1H-kblockd] (root,0,0,00:00:00/17-11:40:29,205) [kaluad] (root,0,0,00:00:00/17-11:40:29,250) [kmpath_rdacd] (root,0,0,00:00:00/17-11:40:29,293) [kmpathd] (root,0,0,00:00:00/17-11:40:29,294) [kmpath_handlerd] (root,0,0,00:00:00/17-11:40:29,342) [ata_sff] (root,0,0,00:00:00/17-11:40:28,343) [scsi_eh_0] (root,0,0,00:00:00/17-11:40:28,344) [scsi_tmf_0] (root,0,0,00:00:00/17-11:40:28,345) [scsi_eh_1] (root,0,0,00:00:00/17-11:40:28,346) [scsi_tmf_1] (root,0,0,00:00:26/17-11:40:26,366) [jbd2/vda1-8] (root,0,0,00:00:00/17-11:40:26,367) [ext4-rsv-conver] (root,38604,7876,00:00:27/17-11:40:14,440) /usr/lib/systemd/systemd-journald (root,53164,9648,00:00:02/17-11:40:13,456) /usr/lib/systemd/systemd-udevd (root,8624,6760,00:00:26/17-11:40:11,491) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1628,00:00:10/17-11:39:37,512) /sbin/auditd (messagebus,22936,5672,00:00:54/17-11:39:37,518) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8556,00:00:31/17-11:39:37,531) /usr/lib/systemd/systemd-logind (root,20556,5140,00:00:00/17-11:39:37,541) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31876,16220,00:00:03/17-11:39:36,626) /usr/sbin/wickedd --systemd --foreground (root,31896,16976,00:00:00/17-11:39:36,627) /usr/sbin/wickedd-nanny --systemd --foreground (root,547848,29016,00:00:19/17-11:39:22,1172) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26512,00:00:00/17-11:39:22,1185) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4572,00:01:34/17-11:39:21,1194) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1744,00:00:00/17-11:39:21,1197) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40568,10564,00:00:00/17-11:39:21,1199) /usr/lib/systemd/systemd --user (cm-ssh,40568,10520,00:00:00/17-11:39:21,1200) /usr/lib/systemd/systemd --user (checkmk,40560,10484,00:00:00/17-11:39:21,1201) /usr/lib/systemd/systemd --user (root,448968,8552,00:00:26/17-11:39:21,1202) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6112,00:02:22/17-11:39:21,1204) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,672,00:00:00/17-11:39:21,1206) bpfilter_umh (root,26204,8300,00:00:08/17-11:39:21,1214) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4236,00:00:00/17-11:39:21,1215) ntpd: asynchronous dns resolver (spot,284844,171788,23:00:52/17-11:39:21,1221) /usr/bin/python3.11 /usr/bin/spot (cm-ssh,48532,3192,00:00:00/17-11:39:20,1228) (sd-pam) (checkmk,48532,3192,00:00:00/17-11:39:20,1229) (sd-pam) (syslogtunnel,48532,3192,00:00:00/17-11:39:20,1245) (sd-pam) (root,24216,5348,00:00:05/17-11:39:19,1325) /usr/lib/postfix/bin//master -w (postfix,24292,8260,00:00:01/17-11:39:19,1327) qmgr -l -t fifo -u (root,8964,2668,00:00:02/17-11:39:18,1354) /usr/sbin/cron -n (root,692236,75412,00:22:42/17-11:39:12,1375) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,214464,51008,00:05:50/17-11:38:58,1380) /usr/bin/python3.11 /usr/bin/spot (root,0,0,00:00:00/01:09:24,1650) [kworker/0:2] (postfix,24244,8232,00:00:00/01:05:43,1982) pickup -l -t fifo -u (root,0,0,00:00:00/08:22,2985) [kworker/u8:2-flush-253:0] (root,0,0,00:00:01/57:16,3299) [kworker/2:0-events] (root,6656,3492,00:00:00/00:00,6995) /bin/bash /usr/bin/check_mk_agent (root,6656,3508,00:00:00/00:00,7015) /bin/bash /usr/bin/check_mk_agent (root,6656,2016,00:00:00/00:00,7043) /bin/bash /usr/bin/check_mk_agent (root,13744,3484,00:00:00/00:00,7048) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,7049) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:00/14:29,9304) [kworker/2:1-events] (root,0,0,00:00:00/06:58,12932) [kworker/1:1-ata_sff] (root,35308,10012,00:00:00/11-09:30:14,15389) sshd: cm-ssh [priv] (cm-ssh,35308,5508,00:00:38/11-09:30:13,15391) sshd: cm-ssh (root,35308,10072,00:00:00/1-10:58:52,16975) sshd: syslogtunnel [priv] (syslogtunnel,35308,5588,00:00:05/1-10:58:51,16977) sshd: syslogtunnel (root,0,0,00:00:01/03:24:06,19752) [kworker/1:2-events] (root,0,0,00:00:00/02:41:50,24312) [kworker/0:0-events] (root,0,0,00:00:00/05:45:37,28658) [kworker/u8:1-ext4-rsv-conversion] (root,0,0,00:00:00/02:04:31,28779) [kworker/3:2-events] (postfix,44628,9416,00:00:00/11-16:15:59,30472) tlsmgr -l -t unix -u (root,0,0,00:00:00/01:45,32071) [kworker/1:0-ata_sff] (root,0,0,00:00:00/01:27:40,32305) [kworker/3:1-events] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-11-29 22:02 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe5683639675dd3aFound public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189460,12824,00:00:45/15-13:52:27,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/15-13:52:27,2) [kthreadd] (root,0,0,00:00:00/15-13:52:27,3) [rcu_gp] (root,0,0,00:00:00/15-13:52:27,4) [rcu_par_gp] (root,0,0,00:00:00/15-13:52:27,5) [slub_flushwq] (root,0,0,00:00:00/15-13:52:27,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/15-13:52:27,9) [mm_percpu_wq] (root,0,0,00:00:00/15-13:52:27,10) [rcu_tasks_kthre] (root,0,0,00:00:00/15-13:52:27,11) [rcu_tasks_rude_] (root,0,0,00:00:00/15-13:52:27,12) [rcu_tasks_trace] (root,0,0,00:00:29/15-13:52:27,13) [ksoftirqd/0] (root,0,0,00:41:49/15-13:52:27,14) [rcu_preempt] (root,0,0,00:00:05/15-13:52:27,15) [migration/0] (root,0,0,00:00:00/15-13:52:27,16) [idle_inject/0] (root,0,0,00:00:00/15-13:52:27,18) [cpuhp/0] (root,0,0,00:00:00/15-13:52:27,19) [cpuhp/1] (root,0,0,00:00:00/15-13:52:27,20) [idle_inject/1] (root,0,0,00:00:06/15-13:52:27,21) [migration/1] (root,0,0,00:00:25/15-13:52:27,22) [ksoftirqd/1] (root,0,0,00:00:00/15-13:52:27,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/15-13:52:27,25) [cpuhp/2] (root,0,0,00:00:00/15-13:52:27,26) [idle_inject/2] (root,0,0,00:00:05/15-13:52:27,27) [migration/2] (root,0,0,00:32:21/15-13:52:27,28) [ksoftirqd/2] (root,0,0,00:00:00/15-13:52:27,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/15-13:52:27,31) [cpuhp/3] (root,0,0,00:00:00/15-13:52:27,32) [idle_inject/3] (root,0,0,00:00:05/15-13:52:27,33) [migration/3] (root,0,0,00:01:29/15-13:52:27,34) [ksoftirqd/3] (root,0,0,00:00:00/15-13:52:27,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/15-13:52:27,39) [kdevtmpfs] (root,0,0,00:00:00/15-13:52:27,40) [netns] (root,0,0,00:00:00/15-13:52:27,41) [inet_frag_wq] (root,0,0,00:00:04/15-13:52:27,42) [kauditd] (root,0,0,00:00:00/15-13:52:27,43) [khungtaskd] (root,0,0,00:00:00/15-13:52:27,44) [oom_reaper] (root,0,0,00:00:00/15-13:52:27,45) [writeback] (root,0,0,00:00:46/15-13:52:27,46) [kcompactd0] (root,0,0,00:00:00/15-13:52:27,47) [ksmd] (root,0,0,00:00:46/15-13:52:27,48) [khugepaged] (root,0,0,00:00:00/15-13:52:27,74) [kintegrityd] (root,0,0,00:00:00/15-13:52:27,75) [kblockd] (root,0,0,00:00:00/15-13:52:27,76) [blkcg_punt_bio] (root,0,0,00:00:00/15-13:52:27,78) [tpm_dev_wq] (root,0,0,00:00:00/15-13:52:27,79) [edac-poller] (root,0,0,00:00:00/15-13:52:27,80) [devfreq_wq] (root,0,0,00:00:00/15-13:52:27,110) [watchdogd] (root,0,0,00:00:03/15-13:52:27,111) [kworker/2:1H-kblockd] (root,0,0,00:00:01/15-13:52:27,112) [kswapd0] (root,0,0,00:00:00/15-13:52:26,114) [kthrotld] (root,0,0,00:00:00/15-13:52:26,115) [mld] (root,0,0,00:00:00/15-13:52:26,116) [ipv6_addrconf] (root,0,0,00:00:06/15-13:52:26,117) [kworker/1:1H-kblockd] (root,0,0,00:00:00/15-13:52:26,122) [kstrp] (root,0,0,00:00:00/15-13:52:26,123) [zswap-shrink] (root,0,0,00:00:00/15-13:52:26,124) [kworker/u9:0] (root,0,0,00:00:00/15-13:52:26,129) [charger_manager] (root,0,0,00:00:03/15-13:52:25,172) [kworker/3:1H-kblockd] (root,0,0,00:00:03/15-13:52:25,175) [kworker/0:1H-kblockd] (root,0,0,00:00:00/15-13:52:25,205) [kaluad] (root,0,0,00:00:00/15-13:52:25,250) [kmpath_rdacd] (root,0,0,00:00:00/15-13:52:25,293) [kmpathd] (root,0,0,00:00:00/15-13:52:25,294) [kmpath_handlerd] (root,0,0,00:00:00/15-13:52:25,342) [ata_sff] (root,0,0,00:00:00/15-13:52:24,343) [scsi_eh_0] (root,0,0,00:00:00/15-13:52:24,344) [scsi_tmf_0] (root,0,0,00:00:00/15-13:52:24,345) [scsi_eh_1] (root,0,0,00:00:00/15-13:52:24,346) [scsi_tmf_1] (root,0,0,00:00:23/15-13:52:22,366) [jbd2/vda1-8] (root,0,0,00:00:00/15-13:52:22,367) [ext4-rsv-conver] (root,38604,7876,00:00:24/15-13:52:10,440) /usr/lib/systemd/systemd-journald (root,53164,9648,00:00:01/15-13:52:09,456) /usr/lib/systemd/systemd-udevd (root,8624,6760,00:00:23/15-13:52:07,491) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1628,00:00:09/15-13:51:33,512) /sbin/auditd (messagebus,22936,5672,00:00:49/15-13:51:33,518) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8540,00:00:28/15-13:51:33,531) /usr/lib/systemd/systemd-logind (root,0,0,00:00:00/56:04,539) [kworker/0:2] (root,20556,5140,00:00:00/15-13:51:33,541) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31876,16220,00:00:03/15-13:51:32,626) /usr/sbin/wickedd --systemd --foreground (root,31896,16976,00:00:00/15-13:51:32,627) /usr/sbin/wickedd-nanny --systemd --foreground (root,547848,27976,00:00:17/15-13:51:18,1172) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26512,00:00:00/15-13:51:18,1185) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4572,00:01:24/15-13:51:17,1194) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1744,00:00:00/15-13:51:17,1197) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40568,10564,00:00:00/15-13:51:17,1199) /usr/lib/systemd/systemd --user (cm-ssh,40568,10520,00:00:00/15-13:51:17,1200) /usr/lib/systemd/systemd --user (checkmk,40560,10484,00:00:00/15-13:51:17,1201) /usr/lib/systemd/systemd --user (root,448968,8584,00:00:24/15-13:51:17,1202) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6112,00:02:06/15-13:51:17,1204) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,672,00:00:00/15-13:51:17,1206) bpfilter_umh (root,26204,8300,00:00:07/15-13:51:17,1214) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4236,00:00:00/15-13:51:17,1215) ntpd: asynchronous dns resolver (spot,285108,171296,20:57:09/15-13:51:17,1221) /usr/bin/python3.11 /usr/bin/spot (cm-ssh,48532,3192,00:00:00/15-13:51:16,1228) (sd-pam) (checkmk,48532,3192,00:00:00/15-13:51:16,1229) (sd-pam) (syslogtunnel,48532,3192,00:00:00/15-13:51:16,1245) (sd-pam) (root,24216,5348,00:00:05/15-13:51:15,1325) /usr/lib/postfix/bin//master -w (postfix,24292,8260,00:00:01/15-13:51:15,1327) qmgr -l -t fifo -u (root,8964,2668,00:00:02/15-13:51:14,1354) /usr/sbin/cron -n (root,691980,74872,00:20:10/15-13:51:08,1375) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,213440,49188,00:05:10/15-13:50:54,1380) /usr/bin/python3.11 /usr/bin/spot (postfix,24244,8144,00:00:00/19:35,7227) pickup -l -t fifo -u (root,35308,10012,00:00:00/8-05:47:21,8747) sshd: syslogtunnel [priv] (syslogtunnel,35308,5532,00:00:29/8-05:47:21,8749) sshd: syslogtunnel (root,0,0,00:00:00/44:45,10498) [kworker/3:0-events] (root,0,0,00:00:01/01:07:23,10640) [kworker/2:2-events] (root,0,0,00:00:00/02:06,11645) [kworker/1:2-ata_sff] (root,0,0,00:00:00/07:18,15260) [kworker/1:0-ata_sff] (root,35308,10012,00:00:00/9-11:42:10,15389) sshd: cm-ssh [priv] (cm-ssh,35308,5508,00:00:31/9-11:42:09,15391) sshd: cm-ssh (root,0,0,00:00:00/43:38,16028) [kworker/1:1-events] (root,6656,3484,00:00:00/00:00,24749) /bin/bash /usr/bin/check_mk_agent (root,13744,3372,00:00:00/00:00,24767) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,24768) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:00/05:29,25460) [kworker/2:0] (root,0,0,00:00:00/01:18:33,26890) [kworker/0:1-events] (root,0,0,00:00:00/21:43,28652) [kworker/u8:0-writeback] (postfix,44628,9416,00:00:00/9-18:27:55,30472) tlsmgr -l -t unix -u (root,0,0,00:00:00/01:13:44,30764) [kworker/u8:2-ext4-rsv-conversion] (root,0,0,00:00:01/05:41:45,31041) [kworker/3:2-events] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-11-28 00:14 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe56836336e64463Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189460,12812,00:00:40/13-13:57:55,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/13-13:57:55,2) [kthreadd] (root,0,0,00:00:00/13-13:57:55,3) [rcu_gp] (root,0,0,00:00:00/13-13:57:55,4) [rcu_par_gp] (root,0,0,00:00:00/13-13:57:55,5) [slub_flushwq] (root,0,0,00:00:00/13-13:57:55,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/13-13:57:55,9) [mm_percpu_wq] (root,0,0,00:00:00/13-13:57:55,10) [rcu_tasks_kthre] (root,0,0,00:00:00/13-13:57:55,11) [rcu_tasks_rude_] (root,0,0,00:00:00/13-13:57:55,12) [rcu_tasks_trace] (root,0,0,00:00:25/13-13:57:55,13) [ksoftirqd/0] (root,0,0,00:36:35/13-13:57:55,14) [rcu_preempt] (root,0,0,00:00:05/13-13:57:55,15) [migration/0] (root,0,0,00:00:00/13-13:57:55,16) [idle_inject/0] (root,0,0,00:00:00/13-13:57:55,18) [cpuhp/0] (root,0,0,00:00:00/13-13:57:55,19) [cpuhp/1] (root,0,0,00:00:00/13-13:57:55,20) [idle_inject/1] (root,0,0,00:00:05/13-13:57:55,21) [migration/1] (root,0,0,00:00:22/13-13:57:55,22) [ksoftirqd/1] (root,0,0,00:00:00/13-13:57:55,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/13-13:57:55,25) [cpuhp/2] (root,0,0,00:00:00/13-13:57:55,26) [idle_inject/2] (root,0,0,00:00:04/13-13:57:55,27) [migration/2] (root,0,0,00:28:51/13-13:57:55,28) [ksoftirqd/2] (root,0,0,00:00:00/13-13:57:55,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/13-13:57:55,31) [cpuhp/3] (root,0,0,00:00:00/13-13:57:55,32) [idle_inject/3] (root,0,0,00:00:05/13-13:57:55,33) [migration/3] (root,0,0,00:01:19/13-13:57:55,34) [ksoftirqd/3] (root,0,0,00:00:00/13-13:57:55,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/13-13:57:55,39) [kdevtmpfs] (root,0,0,00:00:00/13-13:57:55,40) [netns] (root,0,0,00:00:00/13-13:57:55,41) [inet_frag_wq] (root,0,0,00:00:04/13-13:57:55,42) [kauditd] (root,0,0,00:00:00/13-13:57:55,43) [khungtaskd] (root,0,0,00:00:00/13-13:57:55,44) [oom_reaper] (root,0,0,00:00:00/13-13:57:55,45) [writeback] (root,0,0,00:00:40/13-13:57:55,46) [kcompactd0] (root,0,0,00:00:00/13-13:57:55,47) [ksmd] (root,0,0,00:00:40/13-13:57:55,48) [khugepaged] (root,0,0,00:00:00/13-13:57:55,74) [kintegrityd] (root,0,0,00:00:00/13-13:57:55,75) [kblockd] (root,0,0,00:00:00/13-13:57:55,76) [blkcg_punt_bio] (root,0,0,00:00:00/13-13:57:55,78) [tpm_dev_wq] (root,0,0,00:00:00/13-13:57:55,79) [edac-poller] (root,0,0,00:00:00/13-13:57:55,80) [devfreq_wq] (root,0,0,00:00:00/13-13:57:55,110) [watchdogd] (root,0,0,00:00:02/13-13:57:55,111) [kworker/2:1H-kblockd] (root,0,0,00:00:01/13-13:57:55,112) [kswapd0] (root,0,0,00:00:00/13-13:57:54,114) [kthrotld] (root,0,0,00:00:00/13-13:57:54,115) [mld] (root,0,0,00:00:00/13-13:57:54,116) [ipv6_addrconf] (root,0,0,00:00:05/13-13:57:54,117) [kworker/1:1H-kblockd] (root,0,0,00:00:00/13-13:57:54,122) [kstrp] (root,0,0,00:00:00/13-13:57:54,123) [zswap-shrink] (root,0,0,00:00:00/13-13:57:54,124) [kworker/u9:0] (root,0,0,00:00:00/13-13:57:54,129) [charger_manager] (root,0,0,00:00:02/13-13:57:53,172) [kworker/3:1H-kblockd] (root,0,0,00:00:03/13-13:57:53,175) [kworker/0:1H-kblockd] (root,0,0,00:00:00/13-13:57:53,205) [kaluad] (root,0,0,00:00:00/13-13:57:53,250) [kmpath_rdacd] (root,0,0,00:00:00/13-13:57:53,293) [kmpathd] (root,0,0,00:00:00/13-13:57:53,294) [kmpath_handlerd] (root,0,0,00:00:00/13-13:57:53,342) [ata_sff] (root,0,0,00:00:00/13-13:57:52,343) [scsi_eh_0] (root,0,0,00:00:00/13-13:57:52,344) [scsi_tmf_0] (root,0,0,00:00:00/13-13:57:52,345) [scsi_eh_1] (root,0,0,00:00:00/13-13:57:52,346) [scsi_tmf_1] (root,0,0,00:00:20/13-13:57:50,366) [jbd2/vda1-8] (root,0,0,00:00:00/13-13:57:50,367) [ext4-rsv-conver] (root,38604,7876,00:00:22/13-13:57:38,440) /usr/lib/systemd/systemd-journald (root,53164,9648,00:00:01/13-13:57:37,456) /usr/lib/systemd/systemd-udevd (root,8624,6760,00:00:20/13-13:57:35,491) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1628,00:00:08/13-13:57:01,512) /sbin/auditd (messagebus,22936,5672,00:00:45/13-13:57:01,518) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8536,00:00:25/13-13:57:01,531) /usr/lib/systemd/systemd-logind (root,20556,5140,00:00:00/13-13:57:01,541) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31876,16220,00:00:03/13-13:57:00,626) /usr/sbin/wickedd --systemd --foreground (root,31896,16976,00:00:00/13-13:57:00,627) /usr/sbin/wickedd-nanny --systemd --foreground (root,547848,27716,00:00:15/13-13:56:46,1172) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26512,00:00:00/13-13:56:46,1185) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4572,00:01:12/13-13:56:45,1194) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1744,00:00:00/13-13:56:45,1197) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40568,10564,00:00:00/13-13:56:45,1199) /usr/lib/systemd/systemd --user (cm-ssh,40568,10520,00:00:00/13-13:56:45,1200) /usr/lib/systemd/systemd --user (checkmk,40560,10484,00:00:00/13-13:56:45,1201) /usr/lib/systemd/systemd --user (root,448968,8584,00:00:21/13-13:56:45,1202) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6112,00:01:50/13-13:56:45,1204) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,672,00:00:00/13-13:56:45,1206) bpfilter_umh (root,26204,8300,00:00:07/13-13:56:45,1214) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4236,00:00:00/13-13:56:45,1215) ntpd: asynchronous dns resolver (spot,286548,171584,18:14:13/13-13:56:45,1221) /usr/bin/python3.11 /usr/bin/spot (cm-ssh,48532,3192,00:00:00/13-13:56:44,1228) (sd-pam) (checkmk,48532,3192,00:00:00/13-13:56:44,1229) (sd-pam) (syslogtunnel,48532,3192,00:00:00/13-13:56:44,1245) (sd-pam) (root,24216,5348,00:00:04/13-13:56:43,1325) /usr/lib/postfix/bin//master -w (postfix,24292,8260,00:00:00/13-13:56:43,1327) qmgr -l -t fifo -u (root,8964,2668,00:00:01/13-13:56:42,1354) /usr/sbin/cron -n (root,691980,74552,00:17:33/13-13:56:36,1375) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,212416,47904,00:04:29/13-13:56:22,1380) /usr/bin/python3.11 /usr/bin/spot (root,0,0,00:00:00/35:56,2659) [kworker/2:0-events] (root,0,0,00:00:00/17:10,3454) [kworker/1:1-ata_sff] (root,6656,3480,00:00:00/00:00,4066) /bin/bash /usr/bin/check_mk_agent (root,13744,3524,00:00:00/00:00,4084) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,960,00:00:00/00:00,4085) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:04/03:54:33,4939) [kworker/2:2-events] (root,35308,10012,00:00:00/6-05:52:49,8747) sshd: syslogtunnel [priv] (syslogtunnel,35308,5532,00:00:22/6-05:52:49,8749) sshd: syslogtunnel (root,0,0,00:00:00/06:47,10657) [kworker/1:0-ata_sff] (root,0,0,00:00:00/40:56,13988) [kworker/0:0-events] (root,35308,10012,00:00:00/7-11:47:38,15389) sshd: cm-ssh [priv] (cm-ssh,35308,5508,00:00:25/7-11:47:37,15391) sshd: cm-ssh (postfix,24244,8212,00:00:00/46:57,19097) pickup -l -t fifo -u (root,0,0,00:00:00/01:01:23,23451) [kworker/3:1-mm_percpu_wq] (root,0,0,00:00:00/01:31:43,24348) [kworker/u8:1-ext4-rsv-conversion] (root,0,0,00:00:00/01:37,29549) [kworker/1:2-events] (postfix,44628,9416,00:00:00/7-18:33:23,30472) tlsmgr -l -t unix -u (root,0,0,00:00:00/51:10,31001) [kworker/0:2-events] (root,0,0,00:00:00/19:33,31497) [kworker/u8:2-flush-253:0] (root,0,0,00:00:01/04:25:13,31777) [kworker/3:0-events] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-11-26 00:20 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363a7391829Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189460,12812,00:00:35/11-12:05:47,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/11-12:05:47,2) [kthreadd] (root,0,0,00:00:00/11-12:05:47,3) [rcu_gp] (root,0,0,00:00:00/11-12:05:47,4) [rcu_par_gp] (root,0,0,00:00:00/11-12:05:47,5) [slub_flushwq] (root,0,0,00:00:00/11-12:05:47,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/11-12:05:47,9) [mm_percpu_wq] (root,0,0,00:00:00/11-12:05:47,10) [rcu_tasks_kthre] (root,0,0,00:00:00/11-12:05:47,11) [rcu_tasks_rude_] (root,0,0,00:00:00/11-12:05:47,12) [rcu_tasks_trace] (root,0,0,00:00:20/11-12:05:47,13) [ksoftirqd/0] (root,0,0,00:30:36/11-12:05:47,14) [rcu_preempt] (root,0,0,00:00:04/11-12:05:47,15) [migration/0] (root,0,0,00:00:00/11-12:05:47,16) [idle_inject/0] (root,0,0,00:00:00/11-12:05:47,18) [cpuhp/0] (root,0,0,00:00:00/11-12:05:47,19) [cpuhp/1] (root,0,0,00:00:00/11-12:05:47,20) [idle_inject/1] (root,0,0,00:00:04/11-12:05:47,21) [migration/1] (root,0,0,00:00:17/11-12:05:47,22) [ksoftirqd/1] (root,0,0,00:00:00/11-12:05:47,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/11-12:05:47,25) [cpuhp/2] (root,0,0,00:00:00/11-12:05:47,26) [idle_inject/2] (root,0,0,00:00:03/11-12:05:47,27) [migration/2] (root,0,0,00:24:06/11-12:05:47,28) [ksoftirqd/2] (root,0,0,00:00:00/11-12:05:47,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/11-12:05:47,31) [cpuhp/3] (root,0,0,00:00:00/11-12:05:47,32) [idle_inject/3] (root,0,0,00:00:04/11-12:05:47,33) [migration/3] (root,0,0,00:01:05/11-12:05:47,34) [ksoftirqd/3] (root,0,0,00:00:00/11-12:05:47,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/11-12:05:47,39) [kdevtmpfs] (root,0,0,00:00:00/11-12:05:47,40) [netns] (root,0,0,00:00:00/11-12:05:47,41) [inet_frag_wq] (root,0,0,00:00:03/11-12:05:47,42) [kauditd] (root,0,0,00:00:00/11-12:05:47,43) [khungtaskd] (root,0,0,00:00:00/11-12:05:47,44) [oom_reaper] (root,0,0,00:00:00/11-12:05:47,45) [writeback] (root,0,0,00:00:33/11-12:05:47,46) [kcompactd0] (root,0,0,00:00:00/11-12:05:47,47) [ksmd] (root,0,0,00:00:34/11-12:05:47,48) [khugepaged] (root,0,0,00:00:00/11-12:05:47,74) [kintegrityd] (root,0,0,00:00:00/11-12:05:47,75) [kblockd] (root,0,0,00:00:00/11-12:05:47,76) [blkcg_punt_bio] (root,0,0,00:00:00/11-12:05:47,78) [tpm_dev_wq] (root,0,0,00:00:00/11-12:05:47,79) [edac-poller] (root,0,0,00:00:00/11-12:05:47,80) [devfreq_wq] (root,0,0,00:00:00/11-12:05:47,110) [watchdogd] (root,0,0,00:00:02/11-12:05:47,111) [kworker/2:1H-kblockd] (root,0,0,00:00:00/11-12:05:47,112) [kswapd0] (root,0,0,00:00:00/11-12:05:46,114) [kthrotld] (root,0,0,00:00:00/11-12:05:46,115) [mld] (root,0,0,00:00:00/11-12:05:46,116) [ipv6_addrconf] (root,0,0,00:00:04/11-12:05:46,117) [kworker/1:1H-kblockd] (root,0,0,00:00:00/11-12:05:46,122) [kstrp] (root,0,0,00:00:00/11-12:05:46,123) [zswap-shrink] (root,0,0,00:00:00/11-12:05:46,124) [kworker/u9:0] (root,0,0,00:00:00/11-12:05:46,129) [charger_manager] (root,0,0,00:00:02/11-12:05:45,172) [kworker/3:1H-kblockd] (root,0,0,00:00:02/11-12:05:45,175) [kworker/0:1H-kblockd] (root,0,0,00:00:00/11-12:05:45,205) [kaluad] (root,0,0,00:00:00/11-12:05:45,250) [kmpath_rdacd] (root,0,0,00:00:00/11-12:05:45,293) [kmpathd] (root,0,0,00:00:00/11-12:05:45,294) [kmpath_handlerd] (root,0,0,00:00:00/11-12:05:45,342) [ata_sff] (root,0,0,00:00:00/11-12:05:44,343) [scsi_eh_0] (root,0,0,00:00:00/11-12:05:44,344) [scsi_tmf_0] (root,0,0,00:00:00/11-12:05:44,345) [scsi_eh_1] (root,0,0,00:00:00/11-12:05:44,346) [scsi_tmf_1] (root,0,0,00:00:17/11-12:05:42,366) [jbd2/vda1-8] (root,0,0,00:00:00/11-12:05:42,367) [ext4-rsv-conver] (root,38604,7900,00:00:19/11-12:05:30,440) /usr/lib/systemd/systemd-journald (root,53164,9680,00:00:01/11-12:05:29,456) /usr/lib/systemd/systemd-udevd (root,8624,6760,00:00:17/11-12:05:27,491) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1636,00:00:07/11-12:04:53,512) /sbin/auditd (messagebus,22936,5672,00:00:39/11-12:04:53,518) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8548,00:00:22/11-12:04:53,531) /usr/lib/systemd/systemd-logind (root,20556,5140,00:00:00/11-12:04:53,541) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31876,16220,00:00:03/11-12:04:52,626) /usr/sbin/wickedd --systemd --foreground (root,31896,16976,00:00:00/11-12:04:52,627) /usr/sbin/wickedd-nanny --systemd --foreground (root,6656,3488,00:00:00/00:00,820) /bin/bash /usr/bin/check_mk_agent (root,13744,3516,00:00:00/00:00,838) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,839) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,547848,27724,00:00:13/11-12:04:38,1172) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26512,00:00:00/11-12:04:38,1185) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4572,00:01:00/11-12:04:37,1194) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1744,00:00:00/11-12:04:37,1197) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40568,10564,00:00:00/11-12:04:37,1199) /usr/lib/systemd/systemd --user (cm-ssh,40568,10520,00:00:00/11-12:04:37,1200) /usr/lib/systemd/systemd --user (checkmk,40560,10484,00:00:00/11-12:04:37,1201) /usr/lib/systemd/systemd --user (root,448968,9084,00:00:18/11-12:04:37,1202) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6224,00:01:32/11-12:04:37,1204) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,672,00:00:00/11-12:04:37,1206) bpfilter_umh (root,26204,8300,00:00:06/11-12:04:37,1214) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4236,00:00:00/11-12:04:37,1215) ntpd: asynchronous dns resolver (spot,285508,171320,14:15:07/11-12:04:37,1221) /usr/bin/python3.11 /usr/bin/spot (cm-ssh,48532,3192,00:00:00/11-12:04:36,1228) (sd-pam) (checkmk,48532,3192,00:00:00/11-12:04:36,1229) (sd-pam) (syslogtunnel,48532,3192,00:00:00/11-12:04:36,1245) (sd-pam) (root,24216,5348,00:00:03/11-12:04:35,1325) /usr/lib/postfix/bin//master -w (postfix,24292,8260,00:00:00/11-12:04:35,1327) qmgr -l -t fifo -u (root,8964,2668,00:00:01/11-12:04:34,1354) /usr/sbin/cron -n (root,691724,74148,00:14:48/11-12:04:28,1375) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,211392,46340,00:03:45/11-12:04:14,1380) /usr/bin/python3.11 /usr/bin/spot (root,0,0,00:00:01/01:14:17,1935) [kworker/2:0-events] (postfix,24244,8236,00:00:00/55:34,2309) pickup -l -t fifo -u (root,0,0,00:00:00/09:27:56,4619) [kworker/u8:0-ext4-rsv-conversion] (root,0,0,00:00:00/09:06,6064) [kworker/1:2-ata_sff] (root,0,0,00:00:00/09:03,6242) [kworker/3:1] (root,35308,10012,00:00:00/4-04:00:41,8747) sshd: syslogtunnel [priv] (syslogtunnel,35308,5532,00:00:14/4-04:00:41,8749) sshd: syslogtunnel (root,0,0,00:00:00/37:42,9247) [kworker/0:1-events] (root,0,0,00:00:00/02:45:07,10972) [kworker/0:2-cgroup_destroy] (root,35308,10012,00:00:00/5-09:55:30,15389) sshd: cm-ssh [priv] (cm-ssh,35308,5508,00:00:18/5-09:55:29,15391) sshd: cm-ssh (root,0,0,00:00:00/01:31:00,16718) [kworker/2:2-events] (root,0,0,00:00:00/01:10:06,18633) [kworker/3:2-events] (root,0,0,00:00:00/03:56,19471) [kworker/1:0-ata_sff] (root,0,0,00:00:01/02:13:37,21671) [kworker/1:1-events] (root,0,0,00:00:00/00:52,30124) [kworker/0:0-cgroup_destroy] (postfix,44628,9464,00:00:00/5-16:41:15,30472) tlsmgr -l -t unix -u (root,0,0,00:00:00/01:46:53,31970) [kworker/u8:2-flush-253:0] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-11-23 22:27 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe5683636514cf31Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189460,12808,00:00:30/9-12:39:50,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/9-12:39:50,2) [kthreadd] (root,0,0,00:00:00/9-12:39:50,3) [rcu_gp] (root,0,0,00:00:00/9-12:39:50,4) [rcu_par_gp] (root,0,0,00:00:00/9-12:39:50,5) [slub_flushwq] (root,0,0,00:00:00/9-12:39:50,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/9-12:39:50,9) [mm_percpu_wq] (root,0,0,00:00:00/9-12:39:50,10) [rcu_tasks_kthre] (root,0,0,00:00:00/9-12:39:50,11) [rcu_tasks_rude_] (root,0,0,00:00:00/9-12:39:50,12) [rcu_tasks_trace] (root,0,0,00:00:16/9-12:39:50,13) [ksoftirqd/0] (root,0,0,00:25:13/9-12:39:50,14) [rcu_preempt] (root,0,0,00:00:03/9-12:39:50,15) [migration/0] (root,0,0,00:00:00/9-12:39:50,16) [idle_inject/0] (root,0,0,00:00:00/9-12:39:50,18) [cpuhp/0] (root,0,0,00:00:00/9-12:39:50,19) [cpuhp/1] (root,0,0,00:00:00/9-12:39:50,20) [idle_inject/1] (root,0,0,00:00:03/9-12:39:50,21) [migration/1] (root,0,0,00:00:14/9-12:39:50,22) [ksoftirqd/1] (root,0,0,00:00:00/9-12:39:50,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/9-12:39:50,25) [cpuhp/2] (root,0,0,00:00:00/9-12:39:50,26) [idle_inject/2] (root,0,0,00:00:03/9-12:39:50,27) [migration/2] (root,0,0,00:20:14/9-12:39:50,28) [ksoftirqd/2] (root,0,0,00:00:00/9-12:39:50,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/9-12:39:50,31) [cpuhp/3] (root,0,0,00:00:00/9-12:39:50,32) [idle_inject/3] (root,0,0,00:00:03/9-12:39:50,33) [migration/3] (root,0,0,00:00:54/9-12:39:50,34) [ksoftirqd/3] (root,0,0,00:00:00/9-12:39:50,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/9-12:39:50,39) [kdevtmpfs] (root,0,0,00:00:00/9-12:39:50,40) [netns] (root,0,0,00:00:00/9-12:39:50,41) [inet_frag_wq] (root,0,0,00:00:03/9-12:39:50,42) [kauditd] (root,0,0,00:00:00/9-12:39:50,43) [khungtaskd] (root,0,0,00:00:00/9-12:39:50,44) [oom_reaper] (root,0,0,00:00:00/9-12:39:50,45) [writeback] (root,0,0,00:00:27/9-12:39:50,46) [kcompactd0] (root,0,0,00:00:00/9-12:39:50,47) [ksmd] (root,0,0,00:00:28/9-12:39:50,48) [khugepaged] (root,0,0,00:00:00/9-12:39:50,74) [kintegrityd] (root,0,0,00:00:00/9-12:39:50,75) [kblockd] (root,0,0,00:00:00/9-12:39:50,76) [blkcg_punt_bio] (root,0,0,00:00:00/9-12:39:50,78) [tpm_dev_wq] (root,0,0,00:00:00/9-12:39:50,79) [edac-poller] (root,0,0,00:00:00/9-12:39:50,80) [devfreq_wq] (root,0,0,00:00:00/9-12:39:50,110) [watchdogd] (root,0,0,00:00:01/9-12:39:50,111) [kworker/2:1H-kblockd] (root,0,0,00:00:00/9-12:39:50,112) [kswapd0] (root,0,0,00:00:00/9-12:39:49,114) [kthrotld] (root,0,0,00:00:00/9-12:39:49,115) [mld] (root,0,0,00:00:00/9-12:39:49,116) [ipv6_addrconf] (root,0,0,00:00:04/9-12:39:49,117) [kworker/1:1H-kblockd] (root,0,0,00:00:00/9-12:39:49,122) [kstrp] (root,0,0,00:00:00/9-12:39:49,123) [zswap-shrink] (root,0,0,00:00:00/9-12:39:49,124) [kworker/u9:0] (root,0,0,00:00:00/9-12:39:49,129) [charger_manager] (root,0,0,00:00:02/9-12:39:48,172) [kworker/3:1H-kblockd] (root,0,0,00:00:02/9-12:39:48,175) [kworker/0:1H-kblockd] (root,0,0,00:00:00/9-12:39:48,205) [kaluad] (root,0,0,00:00:00/9-12:39:48,250) [kmpath_rdacd] (root,0,0,00:00:00/9-12:39:48,293) [kmpathd] (root,0,0,00:00:00/9-12:39:48,294) [kmpath_handlerd] (root,0,0,00:00:00/9-12:39:48,342) [ata_sff] (root,0,0,00:00:00/9-12:39:47,343) [scsi_eh_0] (root,0,0,00:00:00/9-12:39:47,344) [scsi_tmf_0] (root,0,0,00:00:00/9-12:39:47,345) [scsi_eh_1] (root,0,0,00:00:00/9-12:39:47,346) [scsi_tmf_1] (root,0,0,00:00:14/9-12:39:45,366) [jbd2/vda1-8] (root,0,0,00:00:00/9-12:39:45,367) [ext4-rsv-conver] (root,38604,7900,00:00:16/9-12:39:33,440) /usr/lib/systemd/systemd-journald (root,53164,9680,00:00:01/9-12:39:32,456) /usr/lib/systemd/systemd-udevd (root,8624,6760,00:00:14/9-12:39:30,491) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1636,00:00:06/9-12:38:56,512) /sbin/auditd (messagebus,22936,5672,00:00:33/9-12:38:56,518) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8544,00:00:19/9-12:38:56,531) /usr/lib/systemd/systemd-logind (root,20556,5140,00:00:00/9-12:38:56,541) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31876,16220,00:00:03/9-12:38:55,626) /usr/sbin/wickedd --systemd --foreground (root,31896,16976,00:00:00/9-12:38:55,627) /usr/sbin/wickedd-nanny --systemd --foreground (root,547592,26656,00:00:11/9-12:38:41,1172) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26512,00:00:00/9-12:38:41,1185) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4568,00:00:50/9-12:38:40,1194) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1744,00:00:00/9-12:38:40,1197) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40568,10564,00:00:00/9-12:38:40,1199) /usr/lib/systemd/systemd --user (cm-ssh,40568,10520,00:00:00/9-12:38:40,1200) /usr/lib/systemd/systemd --user (checkmk,40560,10484,00:00:00/9-12:38:40,1201) /usr/lib/systemd/systemd --user (root,448968,8820,00:00:16/9-12:38:40,1202) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6224,00:01:16/9-12:38:40,1204) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,672,00:00:00/9-12:38:40,1206) bpfilter_umh (root,26204,8300,00:00:05/9-12:38:40,1214) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4236,00:00:00/9-12:38:40,1215) ntpd: asynchronous dns resolver (spot,282804,169204,11:08:39/9-12:38:40,1221) /usr/bin/python3.11 /usr/bin/spot (cm-ssh,48532,3192,00:00:00/9-12:38:39,1228) (sd-pam) (checkmk,48532,3192,00:00:00/9-12:38:39,1229) (sd-pam) (syslogtunnel,48532,3192,00:00:00/9-12:38:39,1245) (sd-pam) (root,24216,5348,00:00:02/9-12:38:38,1325) /usr/lib/postfix/bin//master -w (postfix,24292,8260,00:00:00/9-12:38:38,1327) qmgr -l -t fifo -u (root,8964,2668,00:00:01/9-12:38:37,1354) /usr/sbin/cron -n (root,691336,73816,00:12:15/9-12:38:31,1375) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,210368,45328,00:03:05/9-12:38:17,1380) /usr/bin/python3.11 /usr/bin/spot (root,0,0,00:00:00/04:25:54,1575) [kworker/u8:1-ext4-rsv-conversion] (root,0,0,00:00:03/04:06:57,2819) [kworker/2:2-events] (root,0,0,00:00:00/08:15,6061) [kworker/1:0-events] (root,0,0,00:00:00/28:59,8610) [kworker/1:2-ata_sff] (root,35308,10012,00:00:00/2-04:34:44,8747) sshd: syslogtunnel [priv] (syslogtunnel,35308,5532,00:00:07/2-04:34:44,8749) sshd: syslogtunnel (root,0,0,00:00:00/03:02,13421) [kworker/1:1-ata_sff] (root,35308,10012,00:00:00/3-10:29:33,15389) sshd: cm-ssh [priv] (cm-ssh,35308,5508,00:00:11/3-10:29:32,15391) sshd: cm-ssh (root,0,0,00:00:00/01:52,15939) [kworker/2:1-cgroup_destroy] (root,0,0,00:00:00/01:19,16117) [kworker/u8:0-flush-253:0] (root,6656,3488,00:00:00/00:00,17476) /bin/bash /usr/bin/check_mk_agent (root,13744,3408,00:00:00/00:00,17494) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,17495) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:00/01:10:32,17809) [kworker/3:1-events] (root,0,0,00:00:00/01:54:55,22141) [kworker/3:0-events] (root,0,0,00:00:00/50:51,25498) [kworker/0:1-events] (postfix,24244,8308,00:00:00/11:25,28263) pickup -l -t fifo -u (root,0,0,00:00:00/41:08,28962) [kworker/0:0-events] (postfix,44628,9464,00:00:00/3-17:15:18,30472) tlsmgr -l -t unix -u (root,0,0,00:00:00/31:57,30993) [kworker/u8:2-ext4-rsv-conversion] (root,0,0,00:00:00/21:35,31342) [kworker/2:0-cgroup_destroy] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-11-21 23:02 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363292bb534Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189460,12768,00:00:24/7-12:25:33,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/7-12:25:33,2) [kthreadd] (root,0,0,00:00:00/7-12:25:33,3) [rcu_gp] (root,0,0,00:00:00/7-12:25:33,4) [rcu_par_gp] (root,0,0,00:00:00/7-12:25:33,5) [slub_flushwq] (root,0,0,00:00:00/7-12:25:33,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/7-12:25:33,9) [mm_percpu_wq] (root,0,0,00:00:00/7-12:25:33,10) [rcu_tasks_kthre] (root,0,0,00:00:00/7-12:25:33,11) [rcu_tasks_rude_] (root,0,0,00:00:00/7-12:25:33,12) [rcu_tasks_trace] (root,0,0,00:00:13/7-12:25:33,13) [ksoftirqd/0] (root,0,0,00:19:45/7-12:25:33,14) [rcu_preempt] (root,0,0,00:00:02/7-12:25:33,15) [migration/0] (root,0,0,00:00:00/7-12:25:33,16) [idle_inject/0] (root,0,0,00:00:00/7-12:25:33,18) [cpuhp/0] (root,0,0,00:00:00/7-12:25:33,19) [cpuhp/1] (root,0,0,00:00:00/7-12:25:33,20) [idle_inject/1] (root,0,0,00:00:03/7-12:25:33,21) [migration/1] (root,0,0,00:00:11/7-12:25:33,22) [ksoftirqd/1] (root,0,0,00:00:00/7-12:25:33,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/7-12:25:33,25) [cpuhp/2] (root,0,0,00:00:00/7-12:25:33,26) [idle_inject/2] (root,0,0,00:00:02/7-12:25:33,27) [migration/2] (root,0,0,00:15:52/7-12:25:33,28) [ksoftirqd/2] (root,0,0,00:00:00/7-12:25:33,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/7-12:25:33,31) [cpuhp/3] (root,0,0,00:00:00/7-12:25:33,32) [idle_inject/3] (root,0,0,00:00:03/7-12:25:33,33) [migration/3] (root,0,0,00:00:42/7-12:25:33,34) [ksoftirqd/3] (root,0,0,00:00:00/7-12:25:33,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/7-12:25:33,39) [kdevtmpfs] (root,0,0,00:00:00/7-12:25:33,40) [netns] (root,0,0,00:00:00/7-12:25:33,41) [inet_frag_wq] (root,0,0,00:00:02/7-12:25:33,42) [kauditd] (root,0,0,00:00:00/7-12:25:33,43) [khungtaskd] (root,0,0,00:00:00/7-12:25:33,44) [oom_reaper] (root,0,0,00:00:00/7-12:25:33,45) [writeback] (root,0,0,00:00:22/7-12:25:33,46) [kcompactd0] (root,0,0,00:00:00/7-12:25:33,47) [ksmd] (root,0,0,00:00:22/7-12:25:33,48) [khugepaged] (root,0,0,00:00:00/7-12:25:33,74) [kintegrityd] (root,0,0,00:00:00/7-12:25:33,75) [kblockd] (root,0,0,00:00:00/7-12:25:33,76) [blkcg_punt_bio] (root,0,0,00:00:00/7-12:25:33,78) [tpm_dev_wq] (root,0,0,00:00:00/7-12:25:33,79) [edac-poller] (root,0,0,00:00:00/7-12:25:33,80) [devfreq_wq] (root,0,0,00:00:00/7-12:25:33,110) [watchdogd] (root,0,0,00:00:01/7-12:25:33,111) [kworker/2:1H-kblockd] (root,0,0,00:00:00/7-12:25:33,112) [kswapd0] (root,0,0,00:00:00/7-12:25:32,114) [kthrotld] (root,0,0,00:00:00/7-12:25:32,115) [mld] (root,0,0,00:00:00/7-12:25:32,116) [ipv6_addrconf] (root,0,0,00:00:03/7-12:25:32,117) [kworker/1:1H-kblockd] (root,0,0,00:00:00/7-12:25:32,122) [kstrp] (root,0,0,00:00:00/7-12:25:32,123) [zswap-shrink] (root,0,0,00:00:00/7-12:25:32,124) [kworker/u9:0] (root,0,0,00:00:00/7-12:25:32,129) [charger_manager] (root,0,0,00:00:01/7-12:25:31,172) [kworker/3:1H-kblockd] (root,0,0,00:00:01/7-12:25:31,175) [kworker/0:1H-kblockd] (root,0,0,00:00:00/7-12:25:31,205) [kaluad] (root,0,0,00:00:00/7-12:25:31,250) [kmpath_rdacd] (root,0,0,00:00:00/7-12:25:31,293) [kmpathd] (root,0,0,00:00:00/7-12:25:31,294) [kmpath_handlerd] (root,0,0,00:00:00/7-12:25:31,342) [ata_sff] (root,0,0,00:00:00/7-12:25:30,343) [scsi_eh_0] (root,0,0,00:00:00/7-12:25:30,344) [scsi_tmf_0] (root,0,0,00:00:00/7-12:25:30,345) [scsi_eh_1] (root,0,0,00:00:00/7-12:25:30,346) [scsi_tmf_1] (root,0,0,00:00:11/7-12:25:28,366) [jbd2/vda1-8] (root,0,0,00:00:00/7-12:25:28,367) [ext4-rsv-conver] (root,38604,7900,00:00:13/7-12:25:16,440) /usr/lib/systemd/systemd-journald (root,53164,9680,00:00:01/7-12:25:15,456) /usr/lib/systemd/systemd-udevd (root,8624,6760,00:00:11/7-12:25:13,491) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1636,00:00:04/7-12:24:39,512) /sbin/auditd (messagebus,22936,5672,00:00:26/7-12:24:39,518) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8540,00:00:15/7-12:24:39,531) /usr/lib/systemd/systemd-logind (root,20556,5140,00:00:00/7-12:24:39,541) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,0,0,00:00:00/09:39,589) [kworker/u8:0-flush-253:0] (root,31876,16220,00:00:03/7-12:24:38,626) /usr/sbin/wickedd --systemd --foreground (root,31896,16976,00:00:00/7-12:24:38,627) /usr/sbin/wickedd-nanny --systemd --foreground (root,547592,25356,00:00:08/7-12:24:24,1172) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26512,00:00:00/7-12:24:24,1185) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4568,00:00:39/7-12:24:23,1194) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1744,00:00:00/7-12:24:23,1197) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40568,10564,00:00:00/7-12:24:23,1199) /usr/lib/systemd/systemd --user (cm-ssh,40568,10520,00:00:00/7-12:24:23,1200) /usr/lib/systemd/systemd --user (checkmk,40560,10484,00:00:00/7-12:24:23,1201) /usr/lib/systemd/systemd --user (root,448968,8820,00:00:13/7-12:24:23,1202) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6224,00:00:59/7-12:24:23,1204) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,672,00:00:00/7-12:24:23,1206) bpfilter_umh (root,26204,8300,00:00:04/7-12:24:23,1214) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4236,00:00:00/7-12:24:23,1215) ntpd: asynchronous dns resolver (spot,283988,169500,08:31:12/7-12:24:23,1221) /usr/bin/python3.11 /usr/bin/spot (cm-ssh,48532,3192,00:00:00/7-12:24:22,1228) (sd-pam) (checkmk,48532,3192,00:00:00/7-12:24:22,1229) (sd-pam) (syslogtunnel,48532,3192,00:00:00/7-12:24:22,1245) (sd-pam) (root,24216,5348,00:00:02/7-12:24:21,1325) /usr/lib/postfix/bin//master -w (postfix,24292,8260,00:00:00/7-12:24:21,1327) qmgr -l -t fifo -u (root,8964,2668,00:00:01/7-12:24:20,1354) /usr/sbin/cron -n (root,691080,73620,00:09:38/7-12:24:14,1375) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,209344,43780,00:02:24/7-12:24:00,1380) /usr/bin/python3.11 /usr/bin/spot (root,0,0,00:00:00/35:12,1729) [kworker/0:2-events] (root,0,0,00:00:00/27:59,3298) [kworker/2:1-events] (root,0,0,00:00:00/02:44,6632) [kworker/1:2-ata_sff] (root,0,0,00:00:00/01:04:28,7055) [kworker/3:2-events] (root,0,0,00:00:00/42:34,8300) [kworker/3:1-events] (root,35308,10012,00:00:00/04:20:27,8747) sshd: syslogtunnel [priv] (syslogtunnel,35308,5532,00:00:00/04:20:27,8749) sshd: syslogtunnel (root,0,0,00:00:00/07:55,10530) [kworker/1:1-ata_sff] (root,35308,10012,00:00:00/1-10:15:16,15389) sshd: cm-ssh [priv] (cm-ssh,35308,5508,00:00:04/1-10:15:15,15391) sshd: cm-ssh (root,0,0,00:00:00/06:34,17554) [kworker/0:1-events] (postfix,24244,8324,00:00:00/18:57,18194) pickup -l -t fifo -u (root,0,0,00:00:00/32:12,18809) [kworker/u8:1-ext4-rsv-conversion] (root,6656,3492,00:00:00/00:00,19910) /bin/bash /usr/bin/check_mk_agent (root,13744,3420,00:00:00/00:00,19928) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,19929) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:00/39:03,21988) [kworker/1:0-events] (postfix,44628,9464,00:00:00/1-17:01:01,30472) tlsmgr -l -t unix -u (root,0,0,00:00:00/10:09,30892) [kworker/2:2] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-11-19 22:47 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363d48eceb2Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189460,12768,00:00:18/5-13:00:15,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/5-13:00:15,2) [kthreadd] (root,0,0,00:00:00/5-13:00:15,3) [rcu_gp] (root,0,0,00:00:00/5-13:00:15,4) [rcu_par_gp] (root,0,0,00:00:00/5-13:00:15,5) [slub_flushwq] (root,0,0,00:00:00/5-13:00:15,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/5-13:00:15,9) [mm_percpu_wq] (root,0,0,00:00:00/5-13:00:15,10) [rcu_tasks_kthre] (root,0,0,00:00:00/5-13:00:15,11) [rcu_tasks_rude_] (root,0,0,00:00:00/5-13:00:15,12) [rcu_tasks_trace] (root,0,0,00:00:08/5-13:00:15,13) [ksoftirqd/0] (root,0,0,00:14:25/5-13:00:15,14) [rcu_preempt] (root,0,0,00:00:02/5-13:00:15,15) [migration/0] (root,0,0,00:00:00/5-13:00:15,16) [idle_inject/0] (root,0,0,00:00:00/5-13:00:15,18) [cpuhp/0] (root,0,0,00:00:00/5-13:00:15,19) [cpuhp/1] (root,0,0,00:00:00/5-13:00:15,20) [idle_inject/1] (root,0,0,00:00:02/5-13:00:15,21) [migration/1] (root,0,0,00:00:07/5-13:00:15,22) [ksoftirqd/1] (root,0,0,00:00:00/5-13:00:15,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/5-13:00:15,25) [cpuhp/2] (root,0,0,00:00:00/5-13:00:15,26) [idle_inject/2] (root,0,0,00:00:01/5-13:00:15,27) [migration/2] (root,0,0,00:11:54/5-13:00:15,28) [ksoftirqd/2] (root,0,0,00:00:00/5-13:00:15,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/5-13:00:15,31) [cpuhp/3] (root,0,0,00:00:00/5-13:00:15,32) [idle_inject/3] (root,0,0,00:00:02/5-13:00:15,33) [migration/3] (root,0,0,00:00:30/5-13:00:15,34) [ksoftirqd/3] (root,0,0,00:00:00/5-13:00:15,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/5-13:00:15,39) [kdevtmpfs] (root,0,0,00:00:00/5-13:00:15,40) [netns] (root,0,0,00:00:00/5-13:00:15,41) [inet_frag_wq] (root,0,0,00:00:01/5-13:00:15,42) [kauditd] (root,0,0,00:00:00/5-13:00:15,43) [khungtaskd] (root,0,0,00:00:00/5-13:00:15,44) [oom_reaper] (root,0,0,00:00:00/5-13:00:15,45) [writeback] (root,0,0,00:00:14/5-13:00:15,46) [kcompactd0] (root,0,0,00:00:00/5-13:00:15,47) [ksmd] (root,0,0,00:00:15/5-13:00:15,48) [khugepaged] (root,0,0,00:00:00/5-13:00:15,74) [kintegrityd] (root,0,0,00:00:00/5-13:00:15,75) [kblockd] (root,0,0,00:00:00/5-13:00:15,76) [blkcg_punt_bio] (root,0,0,00:00:00/5-13:00:15,78) [tpm_dev_wq] (root,0,0,00:00:00/5-13:00:15,79) [edac-poller] (root,0,0,00:00:00/5-13:00:15,80) [devfreq_wq] (root,0,0,00:00:00/5-13:00:15,110) [watchdogd] (root,0,0,00:00:01/5-13:00:15,111) [kworker/2:1H-kblockd] (root,0,0,00:00:00/5-13:00:15,112) [kswapd0] (root,0,0,00:00:00/5-13:00:14,114) [kthrotld] (root,0,0,00:00:00/5-13:00:14,115) [mld] (root,0,0,00:00:00/5-13:00:14,116) [ipv6_addrconf] (root,0,0,00:00:02/5-13:00:14,117) [kworker/1:1H-kblockd] (root,0,0,00:00:00/5-13:00:14,122) [kstrp] (root,0,0,00:00:00/5-13:00:14,123) [zswap-shrink] (root,0,0,00:00:00/5-13:00:14,124) [kworker/u9:0] (root,0,0,00:00:00/5-13:00:14,129) [charger_manager] (root,0,0,00:00:01/5-13:00:13,172) [kworker/3:1H-kblockd] (root,0,0,00:00:01/5-13:00:13,175) [kworker/0:1H-kblockd] (root,0,0,00:00:00/5-13:00:13,205) [kaluad] (root,0,0,00:00:00/5-13:00:13,250) [kmpath_rdacd] (root,0,0,00:00:00/5-13:00:13,293) [kmpathd] (root,0,0,00:00:00/5-13:00:13,294) [kmpath_handlerd] (root,0,0,00:00:00/5-13:00:13,342) [ata_sff] (root,0,0,00:00:00/5-13:00:12,343) [scsi_eh_0] (root,0,0,00:00:00/5-13:00:12,344) [scsi_tmf_0] (root,0,0,00:00:00/5-13:00:12,345) [scsi_eh_1] (root,0,0,00:00:00/5-13:00:12,346) [scsi_tmf_1] (root,0,0,00:00:08/5-13:00:10,366) [jbd2/vda1-8] (root,0,0,00:00:00/5-13:00:10,367) [ext4-rsv-conver] (root,38604,7544,00:00:09/5-12:59:58,440) /usr/lib/systemd/systemd-journald (root,53164,9776,00:00:00/5-12:59:57,456) /usr/lib/systemd/systemd-udevd (root,8624,6760,00:00:08/5-12:59:55,491) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1652,00:00:03/5-12:59:21,512) /sbin/auditd (messagebus,22936,5824,00:00:20/5-12:59:21,518) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8544,00:00:11/5-12:59:21,531) /usr/lib/systemd/systemd-logind (root,20556,6104,00:00:00/5-12:59:21,541) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31876,17312,00:00:03/5-12:59:20,626) /usr/sbin/wickedd --systemd --foreground (root,31896,17960,00:00:00/5-12:59:20,627) /usr/sbin/wickedd-nanny --systemd --foreground (root,547592,25572,00:00:06/5-12:59:06,1172) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26748,00:00:00/5-12:59:06,1185) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4568,00:00:28/5-12:59:05,1194) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1756,00:00:00/5-12:59:05,1197) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40568,10564,00:00:00/5-12:59:05,1199) /usr/lib/systemd/systemd --user (cm-ssh,40568,10520,00:00:00/5-12:59:05,1200) /usr/lib/systemd/systemd --user (checkmk,40560,10484,00:00:00/5-12:59:05,1201) /usr/lib/systemd/systemd --user (root,448968,8640,00:00:10/5-12:59:05,1202) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6484,00:00:43/5-12:59:05,1204) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,672,00:00:00/5-12:59:05,1206) bpfilter_umh (root,26204,8340,00:00:03/5-12:59:05,1214) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4384,00:00:00/5-12:59:05,1215) ntpd: asynchronous dns resolver (spot,275976,163692,06:04:21/5-12:59:05,1221) /usr/bin/python3.11 /usr/bin/spot (cm-ssh,48532,3192,00:00:00/5-12:59:04,1228) (sd-pam) (checkmk,48532,3192,00:00:00/5-12:59:04,1229) (sd-pam) (syslogtunnel,48532,3192,00:00:00/5-12:59:04,1245) (sd-pam) (root,24216,5348,00:00:01/5-12:59:03,1325) /usr/lib/postfix/bin//master -w (postfix,24292,8260,00:00:00/5-12:59:03,1327) qmgr -l -t fifo -u (root,8964,2668,00:00:00/5-12:59:02,1354) /usr/sbin/cron -n (root,691080,73464,00:07:02/5-12:58:56,1375) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,208320,42496,00:01:45/5-12:58:42,1380) /usr/bin/python3.11 /usr/bin/spot (root,0,0,00:00:00/08:14,1570) [kworker/1:0-ata_sff] (root,35308,10024,00:00:00/3-14:51:51,4679) sshd: syslogtunnel [priv] (syslogtunnel,35308,5592,00:00:12/3-14:51:51,4681) sshd: syslogtunnel (root,35308,10044,00:00:00/3-14:51:36,4686) sshd: cm-ssh [priv] (cm-ssh,35308,5396,00:00:10/3-14:51:36,4688) sshd: cm-ssh (postfix,24244,8244,00:00:00/01:14:30,12637) pickup -l -t fifo -u (root,0,0,00:00:00/03:03,14974) [kworker/1:1-ata_sff] (root,0,0,00:00:00/26:20,17810) [kworker/3:1-events] (root,0,0,00:00:00/01:04:37,19563) [kworker/0:0-cgroup_destroy] (root,0,0,00:00:00/00:27,22337) [kworker/0:1] (root,0,0,00:00:03/03:20:41,22417) [kworker/2:2-events] (root,6656,3488,00:00:00/00:00,25351) /bin/bash /usr/bin/check_mk_agent (root,13744,3504,00:00:00/00:00,25369) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,952,00:00:00/00:00,25370) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:00/04:51:54,26136) [kworker/u8:1-events_unbound] (root,0,0,00:00:01/01:31:16,28062) [kworker/1:2-events] (root,0,0,00:00:00/02:38:07,28891) [kworker/3:2-cgroup_destroy] (root,0,0,00:00:00/01:01:54,30976) [kworker/u8:0-writeback] (root,0,0,00:00:00/02:08:14,31879) [kworker/0:2-events] (root,0,0,00:00:00/08:59,32749) [kworker/2:1-events] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-11-17 23:22 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363861cfa77Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189460,12768,00:00:13/3-14:53:23,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/3-14:53:23,2) [kthreadd] (root,0,0,00:00:00/3-14:53:23,3) [rcu_gp] (root,0,0,00:00:00/3-14:53:23,4) [rcu_par_gp] (root,0,0,00:00:00/3-14:53:23,5) [slub_flushwq] (root,0,0,00:00:00/3-14:53:23,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/3-14:53:23,9) [mm_percpu_wq] (root,0,0,00:00:00/3-14:53:23,10) [rcu_tasks_kthre] (root,0,0,00:00:00/3-14:53:23,11) [rcu_tasks_rude_] (root,0,0,00:00:00/3-14:53:23,12) [rcu_tasks_trace] (root,0,0,00:00:05/3-14:53:23,13) [ksoftirqd/0] (root,0,0,00:09:28/3-14:53:23,14) [rcu_preempt] (root,0,0,00:00:01/3-14:53:23,15) [migration/0] (root,0,0,00:00:00/3-14:53:23,16) [idle_inject/0] (root,0,0,00:00:00/3-14:53:23,18) [cpuhp/0] (root,0,0,00:00:00/3-14:53:23,19) [cpuhp/1] (root,0,0,00:00:00/3-14:53:23,20) [idle_inject/1] (root,0,0,00:00:01/3-14:53:23,21) [migration/1] (root,0,0,00:00:05/3-14:53:23,22) [ksoftirqd/1] (root,0,0,00:00:00/3-14:53:23,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/3-14:53:23,25) [cpuhp/2] (root,0,0,00:00:00/3-14:53:23,26) [idle_inject/2] (root,0,0,00:00:01/3-14:53:23,27) [migration/2] (root,0,0,00:07:59/3-14:53:23,28) [ksoftirqd/2] (root,0,0,00:00:00/3-14:53:23,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/3-14:53:23,31) [cpuhp/3] (root,0,0,00:00:00/3-14:53:23,32) [idle_inject/3] (root,0,0,00:00:01/3-14:53:23,33) [migration/3] (root,0,0,00:00:20/3-14:53:23,34) [ksoftirqd/3] (root,0,0,00:00:00/3-14:53:23,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/3-14:53:23,39) [kdevtmpfs] (root,0,0,00:00:00/3-14:53:23,40) [netns] (root,0,0,00:00:00/3-14:53:23,41) [inet_frag_wq] (root,0,0,00:00:01/3-14:53:23,42) [kauditd] (root,0,0,00:00:00/3-14:53:23,43) [khungtaskd] (root,0,0,00:00:00/3-14:53:23,44) [oom_reaper] (root,0,0,00:00:00/3-14:53:23,45) [writeback] (root,0,0,00:00:09/3-14:53:23,46) [kcompactd0] (root,0,0,00:00:00/3-14:53:23,47) [ksmd] (root,0,0,00:00:10/3-14:53:23,48) [khugepaged] (root,0,0,00:00:00/3-14:53:23,74) [kintegrityd] (root,0,0,00:00:00/3-14:53:23,75) [kblockd] (root,0,0,00:00:00/3-14:53:23,76) [blkcg_punt_bio] (root,0,0,00:00:00/3-14:53:23,78) [tpm_dev_wq] (root,0,0,00:00:00/3-14:53:23,79) [edac-poller] (root,0,0,00:00:00/3-14:53:23,80) [devfreq_wq] (root,0,0,00:00:00/3-14:53:23,110) [watchdogd] (root,0,0,00:00:00/3-14:53:23,111) [kworker/2:1H-kblockd] (root,0,0,00:00:00/3-14:53:23,112) [kswapd0] (root,0,0,00:00:00/3-14:53:22,114) [kthrotld] (root,0,0,00:00:00/3-14:53:22,115) [mld] (root,0,0,00:00:00/3-14:53:22,116) [ipv6_addrconf] (root,0,0,00:00:01/3-14:53:22,117) [kworker/1:1H-kblockd] (root,0,0,00:00:00/3-14:53:22,122) [kstrp] (root,0,0,00:00:00/3-14:53:22,123) [zswap-shrink] (root,0,0,00:00:00/3-14:53:22,124) [kworker/u9:0] (root,0,0,00:00:00/3-14:53:22,129) [charger_manager] (root,0,0,00:00:00/3-14:53:21,172) [kworker/3:1H-kblockd] (root,0,0,00:00:00/3-14:53:21,175) [kworker/0:1H-kblockd] (root,0,0,00:00:00/3-14:53:21,205) [kaluad] (root,0,0,00:00:00/3-14:53:21,250) [kmpath_rdacd] (root,0,0,00:00:00/3-14:53:21,293) [kmpathd] (root,0,0,00:00:00/3-14:53:21,294) [kmpath_handlerd] (root,0,0,00:00:00/3-14:53:21,342) [ata_sff] (root,0,0,00:00:00/3-14:53:20,343) [scsi_eh_0] (root,0,0,00:00:00/3-14:53:20,344) [scsi_tmf_0] (root,0,0,00:00:00/3-14:53:20,345) [scsi_eh_1] (root,0,0,00:00:00/3-14:53:20,346) [scsi_tmf_1] (root,0,0,00:00:05/3-14:53:18,366) [jbd2/vda1-8] (root,0,0,00:00:00/3-14:53:18,367) [ext4-rsv-conver] (root,38604,7544,00:00:07/3-14:53:06,440) /usr/lib/systemd/systemd-journald (root,53164,9776,00:00:00/3-14:53:05,456) /usr/lib/systemd/systemd-udevd (root,8624,6760,00:00:05/3-14:53:03,491) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1652,00:00:02/3-14:52:29,512) /sbin/auditd (messagebus,22936,5824,00:00:14/3-14:52:29,518) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8540,00:00:08/3-14:52:29,531) /usr/lib/systemd/systemd-logind (root,20556,6104,00:00:00/3-14:52:29,541) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31876,17312,00:00:03/3-14:52:28,626) /usr/sbin/wickedd --systemd --foreground (root,31896,17960,00:00:00/3-14:52:28,627) /usr/sbin/wickedd-nanny --systemd --foreground (root,547336,24748,00:00:04/3-14:52:14,1172) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26748,00:00:00/3-14:52:14,1185) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4568,00:00:17/3-14:52:13,1194) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1756,00:00:00/3-14:52:13,1197) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40568,10564,00:00:00/3-14:52:13,1199) /usr/lib/systemd/systemd --user (cm-ssh,40568,10520,00:00:00/3-14:52:13,1200) /usr/lib/systemd/systemd --user (checkmk,40560,10484,00:00:00/3-14:52:13,1201) /usr/lib/systemd/systemd --user (root,448968,8640,00:00:07/3-14:52:13,1202) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6484,00:00:28/3-14:52:13,1204) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,672,00:00:00/3-14:52:13,1206) bpfilter_umh (root,26204,8340,00:00:02/3-14:52:13,1214) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4384,00:00:00/3-14:52:13,1215) ntpd: asynchronous dns resolver (spot,274668,163268,04:11:35/3-14:52:13,1221) /usr/bin/python3.11 /usr/bin/spot (cm-ssh,48532,3192,00:00:00/3-14:52:12,1228) (sd-pam) (checkmk,48532,3192,00:00:00/3-14:52:12,1229) (sd-pam) (syslogtunnel,48532,3192,00:00:00/3-14:52:12,1245) (sd-pam) (root,0,0,00:00:00/00:08,1284) [kworker/2:1] (root,24216,5348,00:00:01/3-14:52:11,1325) /usr/lib/postfix/bin//master -w (postfix,24292,8260,00:00:00/3-14:52:11,1327) qmgr -l -t fifo -u (root,8964,2668,00:00:00/3-14:52:10,1354) /usr/sbin/cron -n (root,689544,71904,00:04:38/3-14:52:04,1375) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,207296,41148,00:01:10/3-14:51:50,1380) /usr/bin/python3.11 /usr/bin/spot (root,0,0,00:00:00/49:25,1655) [kworker/0:1-events] (root,6656,3492,00:00:00/00:00,2006) /bin/bash /usr/bin/check_mk_agent (root,13744,3460,00:00:00/00:00,2024) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,2025) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:04/03:24:45,3235) [kworker/2:0-events] (root,35308,10024,00:00:00/1-16:44:59,4679) sshd: syslogtunnel [priv] (syslogtunnel,35308,5592,00:00:05/1-16:44:59,4681) sshd: syslogtunnel (root,35308,10044,00:00:00/1-16:44:44,4686) sshd: cm-ssh [priv] (cm-ssh,35308,5396,00:00:05/1-16:44:44,4688) sshd: cm-ssh (root,0,0,00:00:00/02:02:33,4707) [kworker/0:2-events] (root,0,0,00:00:00/04:16,8411) [kworker/1:0-ata_sff] (root,0,0,00:00:00/01:19:33,13597) [kworker/2:2-cgroup_destroy] (root,0,0,00:00:01/02:50:24,13813) [kworker/3:2-events] (postfix,24244,8164,00:00:00/09:33,13818) pickup -l -t fifo -u (root,0,0,00:00:00/09:28,14073) [kworker/1:2-ata_sff] (root,0,0,00:00:01/01:11:42,19322) [kworker/1:1-events] (root,0,0,00:00:00/01:10:02,25346) [kworker/u8:0-writeback] (root,0,0,00:00:00/05:00:00,30146) [kworker/u8:2] (root,0,0,00:00:00/23:35,30663) [kworker/3:1-events] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-11-16 01:15 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe56836311e59e05Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189460,12692,00:00:13/3-10:07:26,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/3-10:07:26,2) [kthreadd] (root,0,0,00:00:00/3-10:07:26,3) [rcu_gp] (root,0,0,00:00:00/3-10:07:26,4) [rcu_par_gp] (root,0,0,00:00:00/3-10:07:26,5) [slub_flushwq] (root,0,0,00:00:00/3-10:07:26,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/3-10:07:26,9) [mm_percpu_wq] (root,0,0,00:00:00/3-10:07:26,10) [rcu_tasks_kthre] (root,0,0,00:00:00/3-10:07:26,11) [rcu_tasks_rude_] (root,0,0,00:00:00/3-10:07:26,12) [rcu_tasks_trace] (root,0,0,00:00:05/3-10:07:26,13) [ksoftirqd/0] (root,0,0,00:08:54/3-10:07:26,14) [rcu_preempt] (root,0,0,00:00:01/3-10:07:26,15) [migration/0] (root,0,0,00:00:00/3-10:07:26,16) [idle_inject/0] (root,0,0,00:00:00/3-10:07:26,18) [cpuhp/0] (root,0,0,00:00:00/3-10:07:26,19) [cpuhp/1] (root,0,0,00:00:00/3-10:07:26,20) [idle_inject/1] (root,0,0,00:00:01/3-10:07:26,21) [migration/1] (root,0,0,00:00:04/3-10:07:26,22) [ksoftirqd/1] (root,0,0,00:00:00/3-10:07:26,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/3-10:07:26,25) [cpuhp/2] (root,0,0,00:00:00/3-10:07:26,26) [idle_inject/2] (root,0,0,00:00:01/3-10:07:26,27) [migration/2] (root,0,0,00:07:26/3-10:07:26,28) [ksoftirqd/2] (root,0,0,00:00:00/3-10:07:26,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/3-10:07:26,31) [cpuhp/3] (root,0,0,00:00:00/3-10:07:26,32) [idle_inject/3] (root,0,0,00:00:01/3-10:07:26,33) [migration/3] (root,0,0,00:00:18/3-10:07:26,34) [ksoftirqd/3] (root,0,0,00:00:00/3-10:07:26,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/3-10:07:26,39) [kdevtmpfs] (root,0,0,00:00:00/3-10:07:26,40) [netns] (root,0,0,00:00:00/3-10:07:26,41) [inet_frag_wq] (root,0,0,00:00:01/3-10:07:26,42) [kauditd] (root,0,0,00:00:00/3-10:07:26,43) [khungtaskd] (root,0,0,00:00:00/3-10:07:26,44) [oom_reaper] (root,0,0,00:00:00/3-10:07:26,45) [writeback] (root,0,0,00:00:09/3-10:07:26,46) [kcompactd0] (root,0,0,00:00:00/3-10:07:26,47) [ksmd] (root,0,0,00:00:10/3-10:07:26,48) [khugepaged] (root,0,0,00:00:00/3-10:07:26,74) [kintegrityd] (root,0,0,00:00:00/3-10:07:26,75) [kblockd] (root,0,0,00:00:00/3-10:07:26,76) [blkcg_punt_bio] (root,0,0,00:00:00/3-10:07:26,78) [tpm_dev_wq] (root,0,0,00:00:00/3-10:07:26,79) [edac-poller] (root,0,0,00:00:00/3-10:07:26,80) [devfreq_wq] (root,0,0,00:00:00/3-10:07:26,110) [watchdogd] (root,0,0,00:00:00/3-10:07:26,111) [kworker/2:1H-kblockd] (root,0,0,00:00:00/3-10:07:26,112) [kswapd0] (root,0,0,00:00:00/3-10:07:25,114) [kthrotld] (root,0,0,00:00:00/3-10:07:25,115) [mld] (root,0,0,00:00:00/3-10:07:25,116) [ipv6_addrconf] (root,0,0,00:00:01/3-10:07:25,117) [kworker/1:1H-kblockd] (root,0,0,00:00:00/3-10:07:25,122) [kstrp] (root,0,0,00:00:00/3-10:07:25,123) [zswap-shrink] (root,0,0,00:00:00/3-10:07:25,124) [kworker/u9:0] (root,0,0,00:00:00/3-10:07:25,129) [charger_manager] (root,0,0,00:00:00/3-10:07:24,172) [kworker/3:1H-kblockd] (root,0,0,00:00:00/3-10:07:24,175) [kworker/0:1H-kblockd] (root,0,0,00:00:00/3-10:07:24,205) [kaluad] (root,0,0,00:00:00/3-10:07:24,250) [kmpath_rdacd] (root,0,0,00:00:00/3-10:07:24,293) [kmpathd] (root,0,0,00:00:00/3-10:07:24,294) [kmpath_handlerd] (root,0,0,00:00:00/3-10:07:24,342) [ata_sff] (root,0,0,00:00:00/3-10:07:23,343) [scsi_eh_0] (root,0,0,00:00:00/3-10:07:23,344) [scsi_tmf_0] (root,0,0,00:00:00/3-10:07:23,345) [scsi_eh_1] (root,0,0,00:00:00/3-10:07:23,346) [scsi_tmf_1] (root,0,0,00:00:05/3-10:07:21,366) [jbd2/vda1-8] (root,0,0,00:00:00/3-10:07:21,367) [ext4-rsv-conver] (root,38604,7544,00:00:06/3-10:07:09,440) /usr/lib/systemd/systemd-journald (root,53164,9776,00:00:00/3-10:07:08,456) /usr/lib/systemd/systemd-udevd (root,8624,6760,00:00:05/3-10:07:06,491) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1652,00:00:02/3-10:06:32,512) /sbin/auditd (messagebus,22936,5824,00:00:13/3-10:06:32,518) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8536,00:00:07/3-10:06:32,531) /usr/lib/systemd/systemd-logind (root,20556,6104,00:00:00/3-10:06:32,541) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31876,17312,00:00:03/3-10:06:31,626) /usr/sbin/wickedd --systemd --foreground (root,31896,17960,00:00:00/3-10:06:31,627) /usr/sbin/wickedd-nanny --systemd --foreground (root,0,0,00:00:00/02:55:18,646) [kworker/0:1-events] (root,0,0,00:00:00/06:41,871) [kworker/1:1-ata_sff] (root,547336,24748,00:00:04/3-10:06:17,1172) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26748,00:00:00/3-10:06:17,1185) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4568,00:00:13/3-10:06:16,1194) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1756,00:00:00/3-10:06:16,1197) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40568,10564,00:00:00/3-10:06:16,1199) /usr/lib/systemd/systemd --user (cm-ssh,40568,10520,00:00:00/3-10:06:16,1200) /usr/lib/systemd/systemd --user (checkmk,40560,10484,00:00:00/3-10:06:16,1201) /usr/lib/systemd/systemd --user (root,448724,8116,00:00:07/3-10:06:16,1202) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6484,00:00:26/3-10:06:16,1204) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,672,00:00:00/3-10:06:16,1206) bpfilter_umh (root,26204,8340,00:00:02/3-10:06:16,1214) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4384,00:00:00/3-10:06:16,1215) ntpd: asynchronous dns resolver (spot,275132,163376,03:58:23/3-10:06:16,1221) /usr/bin/python3.11 /usr/bin/spot (cm-ssh,48532,3192,00:00:00/3-10:06:15,1228) (sd-pam) (checkmk,48532,3192,00:00:00/3-10:06:15,1229) (sd-pam) (syslogtunnel,48532,3192,00:00:00/3-10:06:15,1245) (sd-pam) (root,24216,5348,00:00:01/3-10:06:14,1325) /usr/lib/postfix/bin//master -w (postfix,24292,8260,00:00:00/3-10:06:14,1327) qmgr -l -t fifo -u (root,8964,2668,00:00:00/3-10:06:13,1354) /usr/sbin/cron -n (root,689544,71892,00:04:23/3-10:06:07,1375) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,207296,41140,00:01:06/3-10:05:53,1380) /usr/bin/python3.11 /usr/bin/spot (root,0,0,00:00:00/01:30,2499) [kworker/1:2-ata_sff] (root,0,0,00:00:00/00:30,2876) [kworker/2:1] (root,6656,3488,00:00:00/00:00,3442) /bin/bash /usr/bin/check_mk_agent (root,13744,3496,00:00:00/00:00,3460) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,3461) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:01/01:12:48,4451) [kworker/2:0-events] (root,35308,10024,00:00:00/1-11:59:02,4679) sshd: syslogtunnel [priv] (syslogtunnel,35308,5592,00:00:05/1-11:59:02,4681) sshd: syslogtunnel (root,35308,10044,00:00:00/1-11:58:47,4686) sshd: cm-ssh [priv] (cm-ssh,35308,5396,00:00:04/1-11:58:47,4688) sshd: cm-ssh (root,0,0,00:00:00/47:27,14204) [kworker/3:0-events] (root,0,0,00:00:00/34:07,21819) [kworker/u8:0-flush-253:0] (postfix,24244,8240,00:00:00/23:49,25675) pickup -l -t fifo -u (root,0,0,00:00:00/03:29:20,29034) [kworker/3:1-events] (root,0,0,00:00:00/14:03,30146) [kworker/u8:2] (root,0,0,00:00:02/04:41:42,31380) [kworker/2:2-cgroup_destroy] (root,0,0,00:00:00/01:50:26,32039) [kworker/1:0-events] (root,0,0,00:00:00/09:06,32292) [kworker/0:2] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-11-15 20:29 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363a8dd520eFound public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189460,12672,00:00:07/1-13:46:33,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/1-13:46:33,2) [kthreadd] (root,0,0,00:00:00/1-13:46:33,3) [rcu_gp] (root,0,0,00:00:00/1-13:46:33,4) [rcu_par_gp] (root,0,0,00:00:00/1-13:46:33,5) [slub_flushwq] (root,0,0,00:00:00/1-13:46:33,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/1-13:46:33,9) [mm_percpu_wq] (root,0,0,00:00:00/1-13:46:33,10) [rcu_tasks_kthre] (root,0,0,00:00:00/1-13:46:33,11) [rcu_tasks_rude_] (root,0,0,00:00:00/1-13:46:33,12) [rcu_tasks_trace] (root,0,0,00:00:02/1-13:46:33,13) [ksoftirqd/0] (root,0,0,00:04:04/1-13:46:33,14) [rcu_preempt] (root,0,0,00:00:00/1-13:46:33,15) [migration/0] (root,0,0,00:00:00/1-13:46:33,16) [idle_inject/0] (root,0,0,00:00:00/1-13:46:33,18) [cpuhp/0] (root,0,0,00:00:00/1-13:46:33,19) [cpuhp/1] (root,0,0,00:00:00/1-13:46:33,20) [idle_inject/1] (root,0,0,00:00:00/1-13:46:33,21) [migration/1] (root,0,0,00:00:02/1-13:46:33,22) [ksoftirqd/1] (root,0,0,00:00:00/1-13:46:33,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/1-13:46:33,25) [cpuhp/2] (root,0,0,00:00:00/1-13:46:33,26) [idle_inject/2] (root,0,0,00:00:00/1-13:46:33,27) [migration/2] (root,0,0,00:03:20/1-13:46:33,28) [ksoftirqd/2] (root,0,0,00:00:00/1-13:46:33,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/1-13:46:33,31) [cpuhp/3] (root,0,0,00:00:00/1-13:46:33,32) [idle_inject/3] (root,0,0,00:00:00/1-13:46:33,33) [migration/3] (root,0,0,00:00:08/1-13:46:33,34) [ksoftirqd/3] (root,0,0,00:00:00/1-13:46:33,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/1-13:46:33,39) [kdevtmpfs] (root,0,0,00:00:00/1-13:46:33,40) [netns] (root,0,0,00:00:00/1-13:46:33,41) [inet_frag_wq] (root,0,0,00:00:00/1-13:46:33,42) [kauditd] (root,0,0,00:00:00/1-13:46:33,43) [khungtaskd] (root,0,0,00:00:00/1-13:46:33,44) [oom_reaper] (root,0,0,00:00:00/1-13:46:33,45) [writeback] (root,0,0,00:00:04/1-13:46:33,46) [kcompactd0] (root,0,0,00:00:00/1-13:46:33,47) [ksmd] (root,0,0,00:00:04/1-13:46:33,48) [khugepaged] (root,0,0,00:00:00/1-13:46:33,74) [kintegrityd] (root,0,0,00:00:00/1-13:46:33,75) [kblockd] (root,0,0,00:00:00/1-13:46:33,76) [blkcg_punt_bio] (root,0,0,00:00:00/1-13:46:33,78) [tpm_dev_wq] (root,0,0,00:00:00/1-13:46:33,79) [edac-poller] (root,0,0,00:00:00/1-13:46:33,80) [devfreq_wq] (root,0,0,00:00:00/1-13:46:33,110) [watchdogd] (root,0,0,00:00:00/1-13:46:33,111) [kworker/2:1H-kblockd] (root,0,0,00:00:00/1-13:46:33,112) [kswapd0] (root,0,0,00:00:00/1-13:46:32,114) [kthrotld] (root,0,0,00:00:00/1-13:46:32,115) [mld] (root,0,0,00:00:00/1-13:46:32,116) [ipv6_addrconf] (root,0,0,00:00:00/1-13:46:32,117) [kworker/1:1H-kblockd] (root,0,0,00:00:00/1-13:46:32,122) [kstrp] (root,0,0,00:00:00/1-13:46:32,123) [zswap-shrink] (root,0,0,00:00:00/1-13:46:32,124) [kworker/u9:0] (root,0,0,00:00:00/1-13:46:32,129) [charger_manager] (root,0,0,00:00:00/1-13:46:31,172) [kworker/3:1H-kblockd] (root,0,0,00:00:00/1-13:46:31,175) [kworker/0:1H-kblockd] (root,0,0,00:00:00/1-13:46:31,205) [kaluad] (root,0,0,00:00:00/1-13:46:31,250) [kmpath_rdacd] (root,0,0,00:00:00/1-13:46:31,293) [kmpathd] (root,0,0,00:00:00/1-13:46:31,294) [kmpath_handlerd] (root,0,0,00:00:00/1-13:46:31,342) [ata_sff] (root,0,0,00:00:00/1-13:46:30,343) [scsi_eh_0] (root,0,0,00:00:00/1-13:46:30,344) [scsi_tmf_0] (root,0,0,00:00:00/1-13:46:30,345) [scsi_eh_1] (root,0,0,00:00:00/1-13:46:30,346) [scsi_tmf_1] (root,0,0,00:00:02/1-13:46:28,366) [jbd2/vda1-8] (root,0,0,00:00:00/1-13:46:28,367) [ext4-rsv-conver] (root,38604,7544,00:00:03/1-13:46:16,440) /usr/lib/systemd/systemd-journald (root,53164,9776,00:00:00/1-13:46:15,456) /usr/lib/systemd/systemd-udevd (root,8624,6760,00:00:02/1-13:46:13,491) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1652,00:00:01/1-13:45:39,512) /sbin/auditd (messagebus,22936,5824,00:00:06/1-13:45:39,518) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8508,00:00:03/1-13:45:39,531) /usr/lib/systemd/systemd-logind (root,20556,6104,00:00:00/1-13:45:39,541) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31876,17312,00:00:03/1-13:45:38,626) /usr/sbin/wickedd --systemd --foreground (root,31896,17960,00:00:00/1-13:45:38,627) /usr/sbin/wickedd-nanny --systemd --foreground (root,547336,24220,00:00:02/1-13:45:24,1172) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26748,00:00:00/1-13:45:24,1185) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4568,00:00:06/1-13:45:23,1194) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1756,00:00:00/1-13:45:23,1197) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40568,10564,00:00:00/1-13:45:23,1199) /usr/lib/systemd/systemd --user (cm-ssh,40568,10520,00:00:00/1-13:45:23,1200) /usr/lib/systemd/systemd --user (checkmk,40560,10484,00:00:00/1-13:45:23,1201) /usr/lib/systemd/systemd --user (root,448724,7840,00:00:03/1-13:45:23,1202) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6484,00:00:12/1-13:45:23,1204) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,672,00:00:00/1-13:45:23,1206) bpfilter_umh (root,26204,8340,00:00:01/1-13:45:23,1214) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4384,00:00:00/1-13:45:23,1215) ntpd: asynchronous dns resolver (spot,199092,161692,01:45:50/1-13:45:23,1221) /usr/bin/python3.11 /usr/bin/spot (cm-ssh,48532,3192,00:00:00/1-13:45:22,1228) (sd-pam) (checkmk,48532,3192,00:00:00/1-13:45:22,1229) (sd-pam) (syslogtunnel,48532,3192,00:00:00/1-13:45:22,1245) (sd-pam) (root,24216,5348,00:00:00/1-13:45:21,1325) /usr/lib/postfix/bin//master -w (postfix,24292,8260,00:00:00/1-13:45:21,1327) qmgr -l -t fifo -u (root,8964,2668,00:00:00/1-13:45:20,1354) /usr/sbin/cron -n (root,35308,9992,00:00:00/1-13:45:16,1368) sshd: syslogtunnel [priv] (syslogtunnel,35308,5400,00:00:05/1-13:45:16,1371) sshd: syslogtunnel (root,689288,71280,00:02:02/1-13:45:14,1375) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,206272,40784,00:00:32/1-13:45:00,1380) /usr/bin/python3.11 /usr/bin/spot (root,35308,9976,00:00:00/1-13:44:41,1434) sshd: cm-ssh [priv] (cm-ssh,35308,5468,00:00:04/1-13:44:41,1436) sshd: cm-ssh (root,0,0,00:00:04/08:10:58,3139) [kworker/1:0-events] (root,0,0,00:00:01/05:34:52,3220) [kworker/3:2-events] (root,0,0,00:00:00/00:25,5103) [kworker/2:1-events] (root,0,0,00:00:00/38:11,6236) [kworker/u8:2-flush-253:0] (root,0,0,00:00:00/11:19,6942) [kworker/2:2-events] (root,6656,3484,00:00:00/00:00,7164) /bin/bash /usr/bin/check_mk_agent (root,13744,3504,00:00:00/00:00,7182) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,7183) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (postfix,24244,8168,00:00:00/01:04:46,8239) pickup -l -t fifo -u (root,0,0,00:00:00/21:35,9251) [kworker/0:2-events] (root,0,0,00:00:00/09:16,12180) [kworker/1:2-ata_sff] (root,0,0,00:00:00/04:06,24011) [kworker/1:1-ata_sff] (root,0,0,00:00:00/44:07,27345) [kworker/3:0-events] (root,0,0,00:00:00/01:08:35,28896) [kworker/0:0-events] (root,0,0,00:00:00/01:08:15,29594) [kworker/u8:1] (root,0,0,00:00:00/25:12,32356) [kworker/2:0-events] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-11-14 00:08 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe5683634cb502f8Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189584,12368,00:03:07/62-13:52:51,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:01/62-13:52:51,2) [kthreadd] (root,0,0,00:00:00/62-13:52:51,3) [rcu_gp] (root,0,0,00:00:00/62-13:52:51,4) [rcu_par_gp] (root,0,0,00:00:00/62-13:52:51,5) [slub_flushwq] (root,0,0,00:00:00/62-13:52:51,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/62-13:52:51,9) [mm_percpu_wq] (root,0,0,00:00:00/62-13:52:51,10) [rcu_tasks_kthre] (root,0,0,00:00:00/62-13:52:51,11) [rcu_tasks_rude_] (root,0,0,00:00:00/62-13:52:51,12) [rcu_tasks_trace] (root,0,0,00:01:52/62-13:52:51,13) [ksoftirqd/0] (root,0,0,02:54:10/62-13:52:51,14) [rcu_preempt] (root,0,0,00:00:23/62-13:52:51,15) [migration/0] (root,0,0,00:00:00/62-13:52:51,16) [idle_inject/0] (root,0,0,00:00:00/62-13:52:51,18) [cpuhp/0] (root,0,0,00:00:00/62-13:52:51,19) [cpuhp/1] (root,0,0,00:00:00/62-13:52:51,20) [idle_inject/1] (root,0,0,00:00:23/62-13:52:51,21) [migration/1] (root,0,0,00:01:33/62-13:52:51,22) [ksoftirqd/1] (root,0,0,00:00:00/62-13:52:51,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/62-13:52:51,25) [cpuhp/2] (root,0,0,00:00:00/62-13:52:51,26) [idle_inject/2] (root,0,0,00:00:17/62-13:52:51,27) [migration/2] (root,0,0,01:53:31/62-13:52:51,28) [ksoftirqd/2] (root,0,0,00:00:00/62-13:52:51,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/62-13:52:51,31) [cpuhp/3] (root,0,0,00:00:00/62-13:52:51,32) [idle_inject/3] (root,0,0,00:00:22/62-13:52:51,33) [migration/3] (root,0,0,00:05:43/62-13:52:51,34) [ksoftirqd/3] (root,0,0,00:00:00/62-13:52:51,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/62-13:52:51,40) [kdevtmpfs] (root,0,0,00:00:00/62-13:52:51,41) [netns] (root,0,0,00:00:00/62-13:52:51,42) [inet_frag_wq] (root,0,0,00:00:22/62-13:52:51,43) [kauditd] (root,0,0,00:00:00/62-13:52:51,44) [khungtaskd] (root,0,0,00:00:00/62-13:52:51,45) [oom_reaper] (root,0,0,00:00:00/62-13:52:51,46) [writeback] (root,0,0,00:03:11/62-13:52:51,47) [kcompactd0] (root,0,0,00:00:00/62-13:52:51,48) [ksmd] (root,0,0,00:03:27/62-13:52:51,49) [khugepaged] (root,0,0,00:00:00/62-13:52:51,75) [kintegrityd] (root,0,0,00:00:00/62-13:52:51,76) [kblockd] (root,0,0,00:00:00/62-13:52:51,77) [blkcg_punt_bio] (root,0,0,00:00:00/62-13:52:51,79) [tpm_dev_wq] (root,0,0,00:00:00/62-13:52:51,80) [edac-poller] (root,0,0,00:00:00/62-13:52:51,81) [devfreq_wq] (root,0,0,00:00:00/62-13:52:51,110) [watchdogd] (root,0,0,00:00:05/62-13:52:51,111) [kswapd0] (root,0,0,00:00:16/62-13:52:51,113) [kworker/2:1H-kblockd] (root,0,0,00:00:00/62-13:52:49,115) [kthrotld] (root,0,0,00:00:00/62-13:52:49,116) [mld] (root,0,0,00:00:00/62-13:52:49,117) [ipv6_addrconf] (root,0,0,00:00:16/62-13:52:49,118) [kworker/0:1H-kblockd] (root,0,0,00:00:00/62-13:52:49,123) [kstrp] (root,0,0,00:00:00/62-13:52:49,124) [zswap-shrink] (root,0,0,00:00:00/62-13:52:49,125) [kworker/u9:0] (root,0,0,00:00:00/62-13:52:49,130) [charger_manager] (root,0,0,00:00:18/62-13:52:49,172) [kworker/1:1H-kblockd] (root,0,0,00:00:27/62-13:52:49,177) [kworker/3:1H-kblockd] (root,0,0,00:00:00/62-13:52:48,239) [kaluad] (root,0,0,00:00:00/62-13:52:48,258) [kmpath_rdacd] (root,0,0,00:00:00/62-13:52:48,304) [kmpathd] (root,0,0,00:00:00/62-13:52:48,305) [kmpath_handlerd] (root,0,0,00:00:00/62-13:52:47,342) [ata_sff] (root,0,0,00:00:00/62-13:52:47,343) [scsi_eh_0] (root,0,0,00:00:00/62-13:52:47,344) [scsi_tmf_0] (root,0,0,00:00:00/62-13:52:47,345) [scsi_eh_1] (root,0,0,00:00:00/62-13:52:47,346) [scsi_tmf_1] (root,0,0,00:01:59/62-13:52:44,366) [jbd2/vda1-8] (root,0,0,00:00:00/62-13:52:44,367) [ext4-rsv-conver] (root,38604,7852,00:01:47/62-13:52:32,440) /usr/lib/systemd/systemd-journald (root,53296,9324,00:00:07/62-13:52:31,454) /usr/lib/systemd/systemd-udevd (root,8624,6128,00:01:36/62-13:52:29,492) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1584,00:00:39/62-13:51:58,511) /sbin/auditd (messagebus,22932,5400,00:03:34/62-13:51:57,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38880,8288,00:02:01/62-13:51:57,530) /usr/lib/systemd/systemd-logind (root,20556,4152,00:00:00/62-13:51:57,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31704,15472,00:00:03/62-13:51:55,611) /usr/sbin/wickedd --systemd --foreground (root,31900,15904,00:00:00/62-13:51:55,616) /usr/sbin/wickedd-nanny --systemd --foreground (root,549384,31628,00:01:13/62-13:51:41,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,25404,00:00:00/62-13:51:41,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4512,00:06:04/62-13:51:41,1337) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1796,00:00:00/62-13:51:41,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40564,10436,00:00:00/62-13:51:41,1341) /usr/lib/systemd/systemd --user (cm-ssh,40560,10636,00:00:00/62-13:51:41,1342) /usr/lib/systemd/systemd --user (checkmk,40568,10492,00:00:00/62-13:51:41,1343) /usr/lib/systemd/systemd --user (root,449060,7988,00:01:56/62-13:51:41,1345) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,5712,00:08:52/62-13:51:41,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,656,00:00:00/62-13:51:41,1352) bpfilter_umh (root,26204,8096,00:00:33/62-13:51:41,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,3940,00:00:00/62-13:51:41,1359) ntpd: asynchronous dns resolver (spot,362752,213580,3-11:07:52/62-13:51:40,1368) /usr/bin/python3.11 /usr/bin/spot (syslogtunnel,48528,3180,00:00:00/62-13:51:40,1371) (sd-pam) (checkmk,48528,3180,00:00:00/62-13:51:40,1372) (sd-pam) (cm-ssh,48528,3180,00:00:00/62-13:51:40,1373) (sd-pam) (root,24216,5256,00:00:22/62-13:51:38,1468) /usr/lib/postfix/bin//master -w (postfix,24292,8228,00:00:04/62-13:51:38,1470) qmgr -l -t fifo -u (root,8964,2656,00:00:08/62-13:51:38,1485) /usr/sbin/cron -n (root,699464,78300,01:26:26/62-13:51:32,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,0,0,00:00:00/01:27:26,1818) [kworker/1:0-events] (spot,236992,82964,00:31:55/62-13:51:20,1995) /usr/bin/python3.11 /usr/bin/spot (root,0,0,00:00:00/42:46,2406) [kworker/u8:0-ext4-rsv-conversion] (postfix,44628,9104,00:00:02/56-19:26:55,2557) tlsmgr -l -t unix -u (root,0,0,00:00:00/03:17,3650) [kworker/u8:1-writeback] (root,0,0,00:00:00/38:18,9738) [kworker/0:2-events] (root,35304,10040,00:00:00/24-14:19:50,10512) sshd: syslogtunnel [priv] (syslogtunnel,35304,5440,00:01:32/24-14:19:49,10514) sshd: syslogtunnel (root,0,0,00:00:00/01:22,11889) [kworker/0:0-events] (root,0,0,00:00:00/01:40:53,12427) [kworker/u8:2-ext4-rsv-conversion] (root,0,0,00:00:00/50:36,14894) [kworker/1:1] (root,0,0,00:00:00/09:45,15929) [kworker/3:2-ata_sff] (root,0,0,00:00:01/02:53:29,19079) [kworker/2:2-events] (postfix,24244,8252,00:00:00/01:02:22,21014) pickup -l -t fifo -u (root,6656,3492,00:00:00/00:00,21547) /bin/bash /usr/bin/check_mk_agent (root,13744,3464,00:00:00/00:00,21565) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,936,00:00:00/00:00,21566) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:00/06:20,25190) [kworker/2:1-events] (root,0,0,00:00:00/01:12:01,25290) [kworker/3:1-events] (root,0,0,00:00:00/01:10:15,30822) [kworker/0:1-events] (root,35308,10028,00:00:00/24-15:06:03,30945) sshd: cm-ssh [priv] (cm-ssh,35308,5584,00:01:22/24-15:06:02,30947) sshd: cm-ssh (root,0,0,00:00:00/04:35,31573) [kworker/3:0-ata_sff] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-11-12 00:41 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe5683635468a391Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189584,12392,00:02:58/60-13:56:53,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:01/60-13:56:53,2) [kthreadd] (root,0,0,00:00:00/60-13:56:53,3) [rcu_gp] (root,0,0,00:00:00/60-13:56:53,4) [rcu_par_gp] (root,0,0,00:00:00/60-13:56:53,5) [slub_flushwq] (root,0,0,00:00:00/60-13:56:53,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/60-13:56:53,9) [mm_percpu_wq] (root,0,0,00:00:00/60-13:56:53,10) [rcu_tasks_kthre] (root,0,0,00:00:00/60-13:56:53,11) [rcu_tasks_rude_] (root,0,0,00:00:00/60-13:56:53,12) [rcu_tasks_trace] (root,0,0,00:01:48/60-13:56:53,13) [ksoftirqd/0] (root,0,0,02:49:04/60-13:56:53,14) [rcu_preempt] (root,0,0,00:00:23/60-13:56:53,15) [migration/0] (root,0,0,00:00:00/60-13:56:53,16) [idle_inject/0] (root,0,0,00:00:00/60-13:56:53,18) [cpuhp/0] (root,0,0,00:00:00/60-13:56:53,19) [cpuhp/1] (root,0,0,00:00:00/60-13:56:53,20) [idle_inject/1] (root,0,0,00:00:23/60-13:56:53,21) [migration/1] (root,0,0,00:01:30/60-13:56:53,22) [ksoftirqd/1] (root,0,0,00:00:00/60-13:56:53,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/60-13:56:53,25) [cpuhp/2] (root,0,0,00:00:00/60-13:56:53,26) [idle_inject/2] (root,0,0,00:00:17/60-13:56:53,27) [migration/2] (root,0,0,01:49:35/60-13:56:53,28) [ksoftirqd/2] (root,0,0,00:00:00/60-13:56:53,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/60-13:56:53,31) [cpuhp/3] (root,0,0,00:00:00/60-13:56:53,32) [idle_inject/3] (root,0,0,00:00:21/60-13:56:53,33) [migration/3] (root,0,0,00:05:33/60-13:56:53,34) [ksoftirqd/3] (root,0,0,00:00:00/60-13:56:53,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/60-13:56:53,40) [kdevtmpfs] (root,0,0,00:00:00/60-13:56:53,41) [netns] (root,0,0,00:00:00/60-13:56:53,42) [inet_frag_wq] (root,0,0,00:00:21/60-13:56:53,43) [kauditd] (root,0,0,00:00:00/60-13:56:53,44) [khungtaskd] (root,0,0,00:00:00/60-13:56:53,45) [oom_reaper] (root,0,0,00:00:00/60-13:56:53,46) [writeback] (root,0,0,00:03:04/60-13:56:53,47) [kcompactd0] (root,0,0,00:00:00/60-13:56:53,48) [ksmd] (root,0,0,00:03:20/60-13:56:53,49) [khugepaged] (root,0,0,00:00:00/60-13:56:53,75) [kintegrityd] (root,0,0,00:00:00/60-13:56:53,76) [kblockd] (root,0,0,00:00:00/60-13:56:53,77) [blkcg_punt_bio] (root,0,0,00:00:00/60-13:56:53,79) [tpm_dev_wq] (root,0,0,00:00:00/60-13:56:53,80) [edac-poller] (root,0,0,00:00:00/60-13:56:53,81) [devfreq_wq] (root,0,0,00:00:00/60-13:56:53,110) [watchdogd] (root,0,0,00:00:04/60-13:56:53,111) [kswapd0] (root,0,0,00:00:15/60-13:56:53,113) [kworker/2:1H-kblockd] (root,0,0,00:00:00/60-13:56:51,115) [kthrotld] (root,0,0,00:00:00/60-13:56:51,116) [mld] (root,0,0,00:00:00/60-13:56:51,117) [ipv6_addrconf] (root,0,0,00:00:16/60-13:56:51,118) [kworker/0:1H-kblockd] (root,0,0,00:00:00/60-13:56:51,123) [kstrp] (root,0,0,00:00:00/60-13:56:51,124) [zswap-shrink] (root,0,0,00:00:00/60-13:56:51,125) [kworker/u9:0] (root,0,0,00:00:00/60-13:56:51,130) [charger_manager] (root,0,0,00:00:18/60-13:56:51,172) [kworker/1:1H-kblockd] (root,0,0,00:00:26/60-13:56:51,177) [kworker/3:1H-kblockd] (root,0,0,00:00:00/60-13:56:50,239) [kaluad] (root,0,0,00:00:00/60-13:56:50,258) [kmpath_rdacd] (root,0,0,00:00:00/60-13:56:50,304) [kmpathd] (root,0,0,00:00:00/60-13:56:50,305) [kmpath_handlerd] (root,0,0,00:00:00/60-13:56:49,342) [ata_sff] (root,0,0,00:00:00/60-13:56:49,343) [scsi_eh_0] (root,0,0,00:00:00/60-13:56:49,344) [scsi_tmf_0] (root,0,0,00:00:00/60-13:56:49,345) [scsi_eh_1] (root,0,0,00:00:00/60-13:56:49,346) [scsi_tmf_1] (root,0,0,00:01:56/60-13:56:46,366) [jbd2/vda1-8] (root,0,0,00:00:00/60-13:56:46,367) [ext4-rsv-conver] (root,38604,7852,00:01:43/60-13:56:34,440) /usr/lib/systemd/systemd-journald (root,53296,9420,00:00:06/60-13:56:33,454) /usr/lib/systemd/systemd-udevd (root,8624,6128,00:01:33/60-13:56:31,492) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1588,00:00:37/60-13:56:00,511) /sbin/auditd (messagebus,22932,5400,00:03:24/60-13:55:59,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,6656,3492,00:00:00/00:00,529) /bin/bash /usr/bin/check_mk_agent (root,38748,8268,00:01:55/60-13:55:59,530) /usr/lib/systemd/systemd-logind (root,20556,4468,00:00:00/60-13:55:59,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,13744,3404,00:00:00/00:00,549) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,550) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,31704,15800,00:00:03/60-13:55:57,611) /usr/sbin/wickedd --systemd --foreground (root,31900,16232,00:00:00/60-13:55:57,616) /usr/sbin/wickedd-nanny --systemd --foreground (root,549384,31636,00:01:11/60-13:55:43,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,25404,00:00:00/60-13:55:43,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4512,00:05:54/60-13:55:43,1337) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1796,00:00:00/60-13:55:43,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40564,10436,00:00:00/60-13:55:43,1341) /usr/lib/systemd/systemd --user (cm-ssh,40560,10636,00:00:00/60-13:55:43,1342) /usr/lib/systemd/systemd --user (checkmk,40568,10492,00:00:00/60-13:55:43,1343) /usr/lib/systemd/systemd --user (root,449060,8208,00:01:51/60-13:55:43,1345) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,5712,00:08:36/60-13:55:43,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,656,00:00:00/60-13:55:43,1352) bpfilter_umh (root,26204,8096,00:00:31/60-13:55:43,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,3940,00:00:00/60-13:55:43,1359) ntpd: asynchronous dns resolver (spot,362416,213512,3-08:28:49/60-13:55:42,1368) /usr/bin/python3.11 /usr/bin/spot (syslogtunnel,48528,3180,00:00:00/60-13:55:42,1371) (sd-pam) (checkmk,48528,3180,00:00:00/60-13:55:42,1372) (sd-pam) (cm-ssh,48528,3180,00:00:00/60-13:55:42,1373) (sd-pam) (root,24216,5260,00:00:21/60-13:55:40,1468) /usr/lib/postfix/bin//master -w (postfix,24292,8228,00:00:04/60-13:55:40,1470) qmgr -l -t fifo -u (root,8964,2656,00:00:08/60-13:55:40,1485) /usr/sbin/cron -n (root,699208,80092,01:23:45/60-13:55:34,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,235968,82040,00:31:05/60-13:55:22,1995) /usr/bin/python3.11 /usr/bin/spot (postfix,44628,9136,00:00:02/54-19:30:57,2557) tlsmgr -l -t unix -u (postfix,24244,8152,00:00:00/01:27:25,8849) pickup -l -t fifo -u (root,0,0,00:00:00/10:14,9258) [kworker/2:2-events] (root,35304,10040,00:00:00/22-14:23:52,10512) sshd: syslogtunnel [priv] (syslogtunnel,35304,5440,00:01:24/22-14:23:51,10514) sshd: syslogtunnel (root,0,0,00:00:00/02:15:33,12806) [kworker/u8:1-writeback] (root,0,0,00:00:01/01:52:57,13124) [kworker/3:2-events] (root,0,0,00:00:00/08:39,13312) [kworker/3:0-ata_sff] (root,0,0,00:00:00/01:35:57,15347) [kworker/2:0-events] (root,0,0,00:00:00/19:28,17961) [kworker/u8:0-ext4-rsv-conversion] (root,0,0,00:00:00/26:52,20158) [kworker/1:1-cgroup_destroy] (root,0,0,00:00:00/01:57:31,22406) [kworker/1:2-cgroup_destroy] (root,0,0,00:00:00/53:02,24113) [kworker/0:2-events] (root,0,0,00:00:00/03:27,24278) [kworker/3:1-ata_sff] (root,0,0,00:00:00/03:08,25821) [kworker/1:0-events] (root,0,0,00:00:00/01:00:11,28903) [kworker/0:1-events] (root,35308,10028,00:00:00/22-15:10:05,30945) sshd: cm-ssh [priv] (cm-ssh,35308,5584,00:01:15/22-15:10:04,30947) sshd: cm-ssh Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-11-10 00:45 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe56836390514afbFound public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189584,14416,00:02:49/58-13:30:43,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:01/58-13:30:43,2) [kthreadd] (root,0,0,00:00:00/58-13:30:43,3) [rcu_gp] (root,0,0,00:00:00/58-13:30:43,4) [rcu_par_gp] (root,0,0,00:00:00/58-13:30:43,5) [slub_flushwq] (root,0,0,00:00:00/58-13:30:43,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/58-13:30:43,9) [mm_percpu_wq] (root,0,0,00:00:00/58-13:30:43,10) [rcu_tasks_kthre] (root,0,0,00:00:00/58-13:30:43,11) [rcu_tasks_rude_] (root,0,0,00:00:00/58-13:30:43,12) [rcu_tasks_trace] (root,0,0,00:01:44/58-13:30:43,13) [ksoftirqd/0] (root,0,0,02:43:50/58-13:30:43,14) [rcu_preempt] (root,0,0,00:00:22/58-13:30:43,15) [migration/0] (root,0,0,00:00:00/58-13:30:43,16) [idle_inject/0] (root,0,0,00:00:00/58-13:30:43,18) [cpuhp/0] (root,0,0,00:00:00/58-13:30:43,19) [cpuhp/1] (root,0,0,00:00:00/58-13:30:43,20) [idle_inject/1] (root,0,0,00:00:22/58-13:30:43,21) [migration/1] (root,0,0,00:01:26/58-13:30:43,22) [ksoftirqd/1] (root,0,0,00:00:00/58-13:30:43,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/58-13:30:43,25) [cpuhp/2] (root,0,0,00:00:00/58-13:30:43,26) [idle_inject/2] (root,0,0,00:00:16/58-13:30:43,27) [migration/2] (root,0,0,01:44:41/58-13:30:43,28) [ksoftirqd/2] (root,0,0,00:00:00/58-13:30:43,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/58-13:30:43,31) [cpuhp/3] (root,0,0,00:00:00/58-13:30:43,32) [idle_inject/3] (root,0,0,00:00:20/58-13:30:43,33) [migration/3] (root,0,0,00:05:20/58-13:30:43,34) [ksoftirqd/3] (root,0,0,00:00:00/58-13:30:43,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/58-13:30:43,40) [kdevtmpfs] (root,0,0,00:00:00/58-13:30:43,41) [netns] (root,0,0,00:00:00/58-13:30:43,42) [inet_frag_wq] (root,0,0,00:00:20/58-13:30:43,43) [kauditd] (root,0,0,00:00:00/58-13:30:43,44) [khungtaskd] (root,0,0,00:00:00/58-13:30:43,45) [oom_reaper] (root,0,0,00:00:00/58-13:30:43,46) [writeback] (root,0,0,00:02:59/58-13:30:43,47) [kcompactd0] (root,0,0,00:00:00/58-13:30:43,48) [ksmd] (root,0,0,00:03:14/58-13:30:43,49) [khugepaged] (root,0,0,00:00:00/58-13:30:43,75) [kintegrityd] (root,0,0,00:00:00/58-13:30:43,76) [kblockd] (root,0,0,00:00:00/58-13:30:43,77) [blkcg_punt_bio] (root,0,0,00:00:00/58-13:30:43,79) [tpm_dev_wq] (root,0,0,00:00:00/58-13:30:43,80) [edac-poller] (root,0,0,00:00:00/58-13:30:43,81) [devfreq_wq] (root,0,0,00:00:00/58-13:30:43,110) [watchdogd] (root,0,0,00:00:04/58-13:30:43,111) [kswapd0] (root,0,0,00:00:15/58-13:30:43,113) [kworker/2:1H-kblockd] (root,0,0,00:00:00/58-13:30:41,115) [kthrotld] (root,0,0,00:00:00/58-13:30:41,116) [mld] (root,0,0,00:00:00/58-13:30:41,117) [ipv6_addrconf] (root,0,0,00:00:16/58-13:30:41,118) [kworker/0:1H-kblockd] (root,0,0,00:00:00/58-13:30:41,123) [kstrp] (root,0,0,00:00:00/58-13:30:41,124) [zswap-shrink] (root,0,0,00:00:00/58-13:30:41,125) [kworker/u9:0] (root,0,0,00:00:00/58-13:30:41,130) [charger_manager] (root,0,0,00:00:17/58-13:30:41,172) [kworker/1:1H-kblockd] (root,0,0,00:00:25/58-13:30:41,177) [kworker/3:1H-kblockd] (root,0,0,00:00:00/58-13:30:40,239) [kaluad] (root,0,0,00:00:00/58-13:30:40,258) [kmpath_rdacd] (root,0,0,00:00:00/58-13:30:40,304) [kmpathd] (root,0,0,00:00:00/58-13:30:40,305) [kmpath_handlerd] (root,0,0,00:00:00/58-13:30:39,342) [ata_sff] (root,0,0,00:00:00/58-13:30:39,343) [scsi_eh_0] (root,0,0,00:00:00/58-13:30:39,344) [scsi_tmf_0] (root,0,0,00:00:00/58-13:30:39,345) [scsi_eh_1] (root,0,0,00:00:00/58-13:30:39,346) [scsi_tmf_1] (root,0,0,00:01:52/58-13:30:36,366) [jbd2/vda1-8] (root,0,0,00:00:00/58-13:30:36,367) [ext4-rsv-conver] (root,38604,7852,00:01:38/58-13:30:24,440) /usr/lib/systemd/systemd-journald (root,53296,9420,00:00:06/58-13:30:23,454) /usr/lib/systemd/systemd-udevd (root,8624,6128,00:01:30/58-13:30:21,492) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1588,00:00:35/58-13:29:50,511) /sbin/auditd (messagebus,22932,5400,00:03:12/58-13:29:49,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8256,00:01:49/58-13:29:49,530) /usr/lib/systemd/systemd-logind (root,20556,4468,00:00:00/58-13:29:49,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31704,15800,00:00:03/58-13:29:47,611) /usr/sbin/wickedd --systemd --foreground (root,31900,16232,00:00:00/58-13:29:47,616) /usr/sbin/wickedd-nanny --systemd --foreground (root,0,0,00:00:00/01:12:04,788) [kworker/3:0-events] (root,549128,31272,00:01:09/58-13:29:33,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,25404,00:00:00/58-13:29:33,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4512,00:05:43/58-13:29:33,1337) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1796,00:00:00/58-13:29:33,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40564,10436,00:00:00/58-13:29:33,1341) /usr/lib/systemd/systemd --user (cm-ssh,40560,10636,00:00:00/58-13:29:33,1342) /usr/lib/systemd/systemd --user (checkmk,40568,10492,00:00:00/58-13:29:33,1343) /usr/lib/systemd/systemd --user (root,449060,8312,00:01:47/58-13:29:33,1345) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,5712,00:08:20/58-13:29:33,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,656,00:00:00/58-13:29:33,1352) bpfilter_umh (root,26204,8096,00:00:30/58-13:29:33,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,3940,00:00:00/58-13:29:33,1359) ntpd: asynchronous dns resolver (spot,363168,214440,3-05:22:39/58-13:29:32,1368) /usr/bin/python3.11 /usr/bin/spot (syslogtunnel,48528,3180,00:00:00/58-13:29:32,1371) (sd-pam) (checkmk,48528,3180,00:00:00/58-13:29:32,1372) (sd-pam) (cm-ssh,48528,3180,00:00:00/58-13:29:32,1373) (sd-pam) (root,24216,5260,00:00:20/58-13:29:30,1468) /usr/lib/postfix/bin//master -w (postfix,24292,8228,00:00:04/58-13:29:30,1470) qmgr -l -t fifo -u (root,8964,2656,00:00:08/58-13:29:30,1485) /usr/sbin/cron -n (root,698952,79684,01:21:00/58-13:29:24,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,234944,80364,00:30:17/58-13:29:12,1995) /usr/bin/python3.11 /usr/bin/spot (postfix,44628,9136,00:00:02/52-19:04:47,2557) tlsmgr -l -t unix -u (root,0,0,00:00:00/01:18:18,6651) [kworker/u8:2-ext4-rsv-conversion] (root,35304,10040,00:00:00/20-13:57:42,10512) sshd: syslogtunnel [priv] (syslogtunnel,35304,5440,00:01:17/20-13:57:41,10514) sshd: syslogtunnel (root,0,0,00:00:00/04:38,12633) [kworker/3:2-ata_sff] (root,0,0,00:00:00/03:55,15884) [kworker/u8:1-writeback] (root,0,0,00:00:01/02:53:19,16568) [kworker/2:2-events] (root,0,0,00:00:00/01:06:31,19316) [kworker/0:0-cgroup_destroy] (root,0,0,00:00:00/27:20,19469) [kworker/1:0] (root,0,0,00:00:00/48:08,19788) [kworker/1:1-events] (postfix,24244,8272,00:00:00/01:23:06,20776) pickup -l -t fifo -u (root,0,0,00:00:00/02:04,21124) [kworker/2:1-events] (root,0,0,00:00:00/02:41:17,22600) [kworker/u8:0-ext4-rsv-conversion] (root,0,0,00:00:00/11:20,23059) [kworker/2:0-events] (root,0,0,00:00:00/02:32:41,26097) [kworker/0:2-events] (root,0,0,00:00:00/09:48,28430) [kworker/3:1-ata_sff] (root,6656,3492,00:00:00/00:00,29135) /bin/bash /usr/bin/check_mk_agent (root,0,0,00:00:00/00:00,29176) [check_mk_agent] <defunct> (root,6656,3400,00:00:00/00:00,29181) /bin/bash /usr/bin/check_mk_agent (root,13744,3376,00:00:00/00:00,29199) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,29200) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,35308,10028,00:00:00/20-14:43:55,30945) sshd: cm-ssh [priv] (cm-ssh,35308,5584,00:01:09/20-14:43:54,30947) sshd: cm-ssh Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-11-08 00:19 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363de6e6f0fFound public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189584,12464,00:02:18/47-10:10:43,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:01/47-10:10:43,2) [kthreadd] (root,0,0,00:00:00/47-10:10:43,3) [rcu_gp] (root,0,0,00:00:00/47-10:10:43,4) [rcu_par_gp] (root,0,0,00:00:00/47-10:10:43,5) [slub_flushwq] (root,0,0,00:00:00/47-10:10:43,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/47-10:10:43,9) [mm_percpu_wq] (root,0,0,00:00:00/47-10:10:43,10) [rcu_tasks_kthre] (root,0,0,00:00:00/47-10:10:43,11) [rcu_tasks_rude_] (root,0,0,00:00:00/47-10:10:43,12) [rcu_tasks_trace] (root,0,0,00:01:26/47-10:10:43,13) [ksoftirqd/0] (root,0,0,02:15:27/47-10:10:43,14) [rcu_preempt] (root,0,0,00:00:18/47-10:10:43,15) [migration/0] (root,0,0,00:00:00/47-10:10:43,16) [idle_inject/0] (root,0,0,00:00:00/47-10:10:43,18) [cpuhp/0] (root,0,0,00:00:00/47-10:10:43,19) [cpuhp/1] (root,0,0,00:00:00/47-10:10:43,20) [idle_inject/1] (root,0,0,00:00:18/47-10:10:43,21) [migration/1] (root,0,0,00:01:10/47-10:10:43,22) [ksoftirqd/1] (root,0,0,00:00:00/47-10:10:43,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/47-10:10:43,25) [cpuhp/2] (root,0,0,00:00:00/47-10:10:43,26) [idle_inject/2] (root,0,0,00:00:13/47-10:10:43,27) [migration/2] (root,0,0,01:27:23/47-10:10:43,28) [ksoftirqd/2] (root,0,0,00:00:00/47-10:10:43,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/47-10:10:43,31) [cpuhp/3] (root,0,0,00:00:00/47-10:10:43,32) [idle_inject/3] (root,0,0,00:00:17/47-10:10:43,33) [migration/3] (root,0,0,00:04:29/47-10:10:43,34) [ksoftirqd/3] (root,0,0,00:00:00/47-10:10:43,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/47-10:10:43,40) [kdevtmpfs] (root,0,0,00:00:00/47-10:10:43,41) [netns] (root,0,0,00:00:00/47-10:10:43,42) [inet_frag_wq] (root,0,0,00:00:16/47-10:10:43,43) [kauditd] (root,0,0,00:00:00/47-10:10:43,44) [khungtaskd] (root,0,0,00:00:00/47-10:10:43,45) [oom_reaper] (root,0,0,00:00:00/47-10:10:43,46) [writeback] (root,0,0,00:02:28/47-10:10:43,47) [kcompactd0] (root,0,0,00:00:00/47-10:10:43,48) [ksmd] (root,0,0,00:02:36/47-10:10:43,49) [khugepaged] (root,0,0,00:00:00/47-10:10:43,75) [kintegrityd] (root,0,0,00:00:00/47-10:10:43,76) [kblockd] (root,0,0,00:00:00/47-10:10:43,77) [blkcg_punt_bio] (root,0,0,00:00:00/47-10:10:43,79) [tpm_dev_wq] (root,0,0,00:00:00/47-10:10:43,80) [edac-poller] (root,0,0,00:00:00/47-10:10:43,81) [devfreq_wq] (root,0,0,00:00:00/47-10:10:43,110) [watchdogd] (root,0,0,00:00:03/47-10:10:43,111) [kswapd0] (root,0,0,00:00:12/47-10:10:43,113) [kworker/2:1H-kblockd] (root,0,0,00:00:00/47-10:10:41,115) [kthrotld] (root,0,0,00:00:00/47-10:10:41,116) [mld] (root,0,0,00:00:00/47-10:10:41,117) [ipv6_addrconf] (root,0,0,00:00:13/47-10:10:41,118) [kworker/0:1H-kblockd] (root,0,0,00:00:00/47-10:10:41,123) [kstrp] (root,0,0,00:00:00/47-10:10:41,124) [zswap-shrink] (root,0,0,00:00:00/47-10:10:41,125) [kworker/u9:0] (root,0,0,00:00:00/47-10:10:41,130) [charger_manager] (root,0,0,00:00:14/47-10:10:41,172) [kworker/1:1H-kblockd] (root,0,0,00:00:21/47-10:10:41,177) [kworker/3:1H-kblockd] (root,0,0,00:00:00/47-10:10:40,239) [kaluad] (root,0,0,00:00:00/47-10:10:40,258) [kmpath_rdacd] (root,0,0,00:00:00/47-10:10:40,304) [kmpathd] (root,0,0,00:00:00/47-10:10:40,305) [kmpath_handlerd] (root,0,0,00:00:00/47-10:10:39,342) [ata_sff] (root,0,0,00:00:00/47-10:10:39,343) [scsi_eh_0] (root,0,0,00:00:00/47-10:10:39,344) [scsi_tmf_0] (root,0,0,00:00:00/47-10:10:39,345) [scsi_eh_1] (root,0,0,00:00:00/47-10:10:39,346) [scsi_tmf_1] (root,0,0,00:01:34/47-10:10:36,366) [jbd2/vda1-8] (root,0,0,00:00:00/47-10:10:36,367) [ext4-rsv-conver] (root,38604,7856,00:01:20/47-10:10:24,440) /usr/lib/systemd/systemd-journald (root,53296,9444,00:00:05/47-10:10:23,454) /usr/lib/systemd/systemd-udevd (root,8624,6132,00:01:14/47-10:10:21,492) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1588,00:00:28/47-10:09:50,511) /sbin/auditd (messagebus,22932,5408,00:02:35/47-10:09:49,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8252,00:01:28/47-10:09:49,530) /usr/lib/systemd/systemd-logind (root,20556,4508,00:00:00/47-10:09:49,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31704,15832,00:00:03/47-10:09:47,611) /usr/sbin/wickedd --systemd --foreground (root,31900,16268,00:00:00/47-10:09:47,616) /usr/sbin/wickedd-nanny --systemd --foreground (root,548872,30852,00:00:56/47-10:09:33,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,25672,00:00:00/47-10:09:33,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4512,00:04:41/47-10:09:33,1337) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1796,00:00:00/47-10:09:33,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40564,10436,00:00:00/47-10:09:33,1341) /usr/lib/systemd/systemd --user (cm-ssh,40560,10636,00:00:00/47-10:09:33,1342) /usr/lib/systemd/systemd --user (checkmk,40568,10492,00:00:00/47-10:09:33,1343) /usr/lib/systemd/systemd --user (root,449060,8312,00:01:30/47-10:09:33,1345) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,5716,00:06:51/47-10:09:33,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,656,00:00:00/47-10:09:33,1352) bpfilter_umh (root,26204,8096,00:00:24/47-10:09:33,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,3944,00:00:00/47-10:09:33,1359) ntpd: asynchronous dns resolver (spot,361472,212092,2-16:32:29/47-10:09:32,1368) /usr/bin/python3.11 /usr/bin/spot (syslogtunnel,48528,3180,00:00:00/47-10:09:32,1371) (sd-pam) (checkmk,48528,3180,00:00:00/47-10:09:32,1372) (sd-pam) (cm-ssh,48528,3180,00:00:00/47-10:09:32,1373) (sd-pam) (root,24216,5260,00:00:16/47-10:09:30,1468) /usr/lib/postfix/bin//master -w (postfix,24292,8228,00:00:03/47-10:09:30,1470) qmgr -l -t fifo -u (root,8964,2656,00:00:06/47-10:09:30,1485) /usr/sbin/cron -n (root,697508,79200,01:05:56/47-10:09:24,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,229824,73016,00:25:42/47-10:09:12,1995) /usr/bin/python3.11 /usr/bin/spot (postfix,44628,9184,00:00:01/41-15:44:47,2557) tlsmgr -l -t unix -u (root,35304,10040,00:00:00/9-10:37:42,10512) sshd: syslogtunnel [priv] (syslogtunnel,35304,5440,00:00:37/9-10:37:41,10514) sshd: syslogtunnel (root,0,0,00:00:00/06:55:02,11605) [kworker/2:2-events] (root,0,0,00:00:00/01:03:12,13061) [kworker/0:1-cgroup_destroy] (root,0,0,00:00:00/55:37,13506) [kworker/3:0-events] (postfix,24244,8276,00:00:00/51:44,14013) pickup -l -t fifo -u (root,0,0,00:00:00/48:18,14515) [kworker/u8:2-flush-253:0] (root,0,0,00:00:00/38:34,15451) [kworker/1:1-events] (root,0,0,00:00:00/28:43,15985) [kworker/2:1-events] (root,0,0,00:00:00/23:45,16474) [kworker/1:2-cgroup_destroy] (root,0,0,00:00:00/23:40,16475) [kworker/u8:1-flush-253:0] (root,0,0,00:00:00/08:57,17651) [kworker/3:2-ata_sff] (root,0,0,00:00:00/04:00,18521) [kworker/1:0] (root,0,0,00:00:00/03:45,18522) [kworker/3:1-ata_sff] (root,6656,3484,00:00:00/00:00,24180) /bin/bash /usr/bin/check_mk_agent (root,13744,3504,00:00:00/00:00,24198) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,24199) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:00/04:21:02,29068) [kworker/0:0-events] (root,35308,10028,00:00:00/9-11:23:55,30945) sshd: cm-ssh [priv] (cm-ssh,35308,5584,00:00:33/9-11:23:54,30947) sshd: cm-ssh Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-10-27 20:59 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe56836385531ea6Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189584,12432,00:02:13/45-09:19:44,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:01/45-09:19:44,2) [kthreadd] (root,0,0,00:00:00/45-09:19:44,3) [rcu_gp] (root,0,0,00:00:00/45-09:19:44,4) [rcu_par_gp] (root,0,0,00:00:00/45-09:19:44,5) [slub_flushwq] (root,0,0,00:00:00/45-09:19:44,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/45-09:19:44,9) [mm_percpu_wq] (root,0,0,00:00:00/45-09:19:44,10) [rcu_tasks_kthre] (root,0,0,00:00:00/45-09:19:44,11) [rcu_tasks_rude_] (root,0,0,00:00:00/45-09:19:44,12) [rcu_tasks_trace] (root,0,0,00:01:23/45-09:19:44,13) [ksoftirqd/0] (root,0,0,02:10:09/45-09:19:44,14) [rcu_preempt] (root,0,0,00:00:17/45-09:19:44,15) [migration/0] (root,0,0,00:00:00/45-09:19:44,16) [idle_inject/0] (root,0,0,00:00:00/45-09:19:44,18) [cpuhp/0] (root,0,0,00:00:00/45-09:19:44,19) [cpuhp/1] (root,0,0,00:00:00/45-09:19:44,20) [idle_inject/1] (root,0,0,00:00:17/45-09:19:44,21) [migration/1] (root,0,0,00:01:08/45-09:19:44,22) [ksoftirqd/1] (root,0,0,00:00:00/45-09:19:44,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/45-09:19:44,25) [cpuhp/2] (root,0,0,00:00:00/45-09:19:44,26) [idle_inject/2] (root,0,0,00:00:13/45-09:19:44,27) [migration/2] (root,0,0,01:24:56/45-09:19:44,28) [ksoftirqd/2] (root,0,0,00:00:00/45-09:19:44,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/45-09:19:44,31) [cpuhp/3] (root,0,0,00:00:00/45-09:19:44,32) [idle_inject/3] (root,0,0,00:00:16/45-09:19:44,33) [migration/3] (root,0,0,00:04:20/45-09:19:44,34) [ksoftirqd/3] (root,0,0,00:00:00/45-09:19:44,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/45-09:19:44,40) [kdevtmpfs] (root,0,0,00:00:00/45-09:19:44,41) [netns] (root,0,0,00:00:00/45-09:19:44,42) [inet_frag_wq] (root,0,0,00:00:16/45-09:19:44,43) [kauditd] (root,0,0,00:00:00/45-09:19:44,44) [khungtaskd] (root,0,0,00:00:00/45-09:19:44,45) [oom_reaper] (root,0,0,00:00:00/45-09:19:44,46) [writeback] (root,0,0,00:02:22/45-09:19:44,47) [kcompactd0] (root,0,0,00:00:00/45-09:19:44,48) [ksmd] (root,0,0,00:02:30/45-09:19:44,49) [khugepaged] (root,0,0,00:00:00/45-09:19:44,75) [kintegrityd] (root,0,0,00:00:00/45-09:19:44,76) [kblockd] (root,0,0,00:00:00/45-09:19:44,77) [blkcg_punt_bio] (root,0,0,00:00:00/45-09:19:44,79) [tpm_dev_wq] (root,0,0,00:00:00/45-09:19:44,80) [edac-poller] (root,0,0,00:00:00/45-09:19:44,81) [devfreq_wq] (root,0,0,00:00:00/45-09:19:44,110) [watchdogd] (root,0,0,00:00:03/45-09:19:44,111) [kswapd0] (root,0,0,00:00:12/45-09:19:44,113) [kworker/2:1H-kblockd] (root,0,0,00:00:00/45-09:19:42,115) [kthrotld] (root,0,0,00:00:00/45-09:19:42,116) [mld] (root,0,0,00:00:00/45-09:19:42,117) [ipv6_addrconf] (root,0,0,00:00:12/45-09:19:42,118) [kworker/0:1H-kblockd] (root,0,0,00:00:00/45-09:19:42,123) [kstrp] (root,0,0,00:00:00/45-09:19:42,124) [zswap-shrink] (root,0,0,00:00:00/45-09:19:42,125) [kworker/u9:0] (root,0,0,00:00:00/45-09:19:42,130) [charger_manager] (root,0,0,00:00:14/45-09:19:42,172) [kworker/1:1H-kblockd] (root,0,0,00:00:20/45-09:19:42,177) [kworker/3:1H-kblockd] (root,0,0,00:00:00/45-09:19:41,239) [kaluad] (root,0,0,00:00:00/45-09:19:41,258) [kmpath_rdacd] (root,0,0,00:00:00/45-09:19:41,304) [kmpathd] (root,0,0,00:00:00/45-09:19:41,305) [kmpath_handlerd] (root,0,0,00:00:00/45-09:19:40,342) [ata_sff] (root,0,0,00:00:00/45-09:19:40,343) [scsi_eh_0] (root,0,0,00:00:00/45-09:19:40,344) [scsi_tmf_0] (root,0,0,00:00:00/45-09:19:40,345) [scsi_eh_1] (root,0,0,00:00:00/45-09:19:40,346) [scsi_tmf_1] (root,0,0,00:01:30/45-09:19:37,366) [jbd2/vda1-8] (root,0,0,00:00:00/45-09:19:37,367) [ext4-rsv-conver] (root,38604,7856,00:01:17/45-09:19:25,440) /usr/lib/systemd/systemd-journald (root,53296,9444,00:00:05/45-09:19:24,454) /usr/lib/systemd/systemd-udevd (root,8624,6132,00:01:11/45-09:19:22,492) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1588,00:00:27/45-09:18:51,511) /sbin/auditd (messagebus,22932,5408,00:02:30/45-09:18:50,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8252,00:01:25/45-09:18:50,530) /usr/lib/systemd/systemd-logind (root,20556,4508,00:00:00/45-09:18:50,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31704,15832,00:00:03/45-09:18:48,611) /usr/sbin/wickedd --systemd --foreground (root,31900,16268,00:00:00/45-09:18:48,616) /usr/sbin/wickedd-nanny --systemd --foreground (root,548872,30852,00:00:54/45-09:18:34,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,25672,00:00:00/45-09:18:34,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4512,00:04:30/45-09:18:34,1337) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1796,00:00:00/45-09:18:34,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40564,10436,00:00:00/45-09:18:34,1341) /usr/lib/systemd/systemd --user (cm-ssh,40560,10636,00:00:00/45-09:18:34,1342) /usr/lib/systemd/systemd --user (checkmk,40568,10492,00:00:00/45-09:18:34,1343) /usr/lib/systemd/systemd --user (root,449060,8452,00:01:27/45-09:18:34,1345) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,5716,00:06:34/45-09:18:34,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,656,00:00:00/45-09:18:34,1352) bpfilter_umh (root,26204,8096,00:00:23/45-09:18:34,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,3944,00:00:00/45-09:18:34,1359) ntpd: asynchronous dns resolver (spot,362176,206224,2-14:21:46/45-09:18:33,1368) /usr/bin/python3.11 /usr/bin/spot (syslogtunnel,48528,3180,00:00:00/45-09:18:33,1371) (sd-pam) (checkmk,48528,3180,00:00:00/45-09:18:33,1372) (sd-pam) (cm-ssh,48528,3180,00:00:00/45-09:18:33,1373) (sd-pam) (root,24216,5260,00:00:16/45-09:18:31,1468) /usr/lib/postfix/bin//master -w (postfix,24292,8228,00:00:03/45-09:18:31,1470) qmgr -l -t fifo -u (root,8964,2656,00:00:06/45-09:18:31,1485) /usr/sbin/cron -n (root,697508,78828,01:03:09/45-09:18:25,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,0,0,00:00:00/05:14,1870) [kworker/3:1-ata_sff] (spot,228800,71504,00:24:44/45-09:18:13,1995) /usr/bin/python3.11 /usr/bin/spot (postfix,44628,9184,00:00:01/39-14:53:48,2557) tlsmgr -l -t unix -u (root,0,0,00:00:01/02:35:42,7922) [kworker/3:0-events] (root,0,0,00:00:00/02:43:13,9329) [kworker/2:2-events] (root,35304,10040,00:00:00/7-09:46:43,10512) sshd: syslogtunnel [priv] (syslogtunnel,35304,5440,00:00:29/7-09:46:42,10514) sshd: syslogtunnel (root,0,0,00:00:00/01:48:00,12941) [kworker/u8:0-ext4-rsv-conversion] (root,0,0,00:00:00/00:03,16213) [kworker/3:2-ata_sff] (root,6764,3600,00:00:00/00:01,16346) /bin/bash /usr/bin/check_mk_agent (root,6292,3124,00:00:00/00:01,16473) /bin/bash ././mk_inventory.linux (root,43872,23728,00:00:00/00:01,16477) rpm -qa --qf %{NAME}\t%{VERSION}\t%{ARCH}\trpm\t%{RELEASE}\t%{SUMMARY}\t-\n (root,6656,3484,00:00:00/00:00,16530) /bin/bash /usr/bin/check_mk_agent (root,13744,3408,00:00:00/00:00,16548) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,16549) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:00/01:03:46,17763) [kworker/0:1-events] (root,0,0,00:00:00/01:03:45,17764) [kworker/u8:1-flush-253:0] (root,0,0,00:00:00/33:58,20152) [kworker/2:1-mm_percpu_wq] (root,0,0,00:00:00/23:53,20841) [kworker/1:1-events] (postfix,24244,8140,00:00:00/22:40,20864) pickup -l -t fifo -u (root,0,0,00:00:00/14:00,21866) [kworker/1:0] (root,0,0,00:00:00/09:00,23049) [kworker/0:2-events] (root,35308,10028,00:00:00/7-10:32:56,30945) sshd: cm-ssh [priv] (cm-ssh,35308,5584,00:00:27/7-10:32:55,30947) sshd: cm-ssh Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-10-25 20:08 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363f6aced24Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189584,12432,00:02:07/43-09:37:39,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:01/43-09:37:39,2) [kthreadd] (root,0,0,00:00:00/43-09:37:39,3) [rcu_gp] (root,0,0,00:00:00/43-09:37:39,4) [rcu_par_gp] (root,0,0,00:00:00/43-09:37:39,5) [slub_flushwq] (root,0,0,00:00:00/43-09:37:39,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/43-09:37:39,9) [mm_percpu_wq] (root,0,0,00:00:00/43-09:37:39,10) [rcu_tasks_kthre] (root,0,0,00:00:00/43-09:37:39,11) [rcu_tasks_rude_] (root,0,0,00:00:00/43-09:37:39,12) [rcu_tasks_trace] (root,0,0,00:01:19/43-09:37:39,13) [ksoftirqd/0] (root,0,0,02:04:41/43-09:37:39,14) [rcu_preempt] (root,0,0,00:00:16/43-09:37:39,15) [migration/0] (root,0,0,00:00:00/43-09:37:39,16) [idle_inject/0] (root,0,0,00:00:00/43-09:37:39,18) [cpuhp/0] (root,0,0,00:00:00/43-09:37:39,19) [cpuhp/1] (root,0,0,00:00:00/43-09:37:39,20) [idle_inject/1] (root,0,0,00:00:16/43-09:37:39,21) [migration/1] (root,0,0,00:01:05/43-09:37:39,22) [ksoftirqd/1] (root,0,0,00:00:00/43-09:37:39,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/43-09:37:39,25) [cpuhp/2] (root,0,0,00:00:00/43-09:37:39,26) [idle_inject/2] (root,0,0,00:00:12/43-09:37:39,27) [migration/2] (root,0,0,01:22:05/43-09:37:39,28) [ksoftirqd/2] (root,0,0,00:00:00/43-09:37:39,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/43-09:37:39,31) [cpuhp/3] (root,0,0,00:00:00/43-09:37:39,32) [idle_inject/3] (root,0,0,00:00:15/43-09:37:39,33) [migration/3] (root,0,0,00:04:11/43-09:37:39,34) [ksoftirqd/3] (root,0,0,00:00:00/43-09:37:39,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/43-09:37:39,40) [kdevtmpfs] (root,0,0,00:00:00/43-09:37:39,41) [netns] (root,0,0,00:00:00/43-09:37:39,42) [inet_frag_wq] (root,0,0,00:00:15/43-09:37:39,43) [kauditd] (root,0,0,00:00:00/43-09:37:39,44) [khungtaskd] (root,0,0,00:00:00/43-09:37:39,45) [oom_reaper] (root,0,0,00:00:00/43-09:37:39,46) [writeback] (root,0,0,00:02:17/43-09:37:39,47) [kcompactd0] (root,0,0,00:00:00/43-09:37:39,48) [ksmd] (root,0,0,00:02:23/43-09:37:39,49) [khugepaged] (root,0,0,00:00:00/43-09:37:39,75) [kintegrityd] (root,0,0,00:00:00/43-09:37:39,76) [kblockd] (root,0,0,00:00:00/43-09:37:39,77) [blkcg_punt_bio] (root,0,0,00:00:00/43-09:37:39,79) [tpm_dev_wq] (root,0,0,00:00:00/43-09:37:39,80) [edac-poller] (root,0,0,00:00:00/43-09:37:39,81) [devfreq_wq] (root,0,0,00:00:00/43-09:37:39,110) [watchdogd] (root,0,0,00:00:03/43-09:37:39,111) [kswapd0] (root,0,0,00:00:11/43-09:37:39,113) [kworker/2:1H-kblockd] (root,0,0,00:00:00/43-09:37:37,115) [kthrotld] (root,0,0,00:00:00/43-09:37:37,116) [mld] (root,0,0,00:00:00/43-09:37:37,117) [ipv6_addrconf] (root,0,0,00:00:12/43-09:37:37,118) [kworker/0:1H-kblockd] (root,0,0,00:00:00/43-09:37:37,123) [kstrp] (root,0,0,00:00:00/43-09:37:37,124) [zswap-shrink] (root,0,0,00:00:00/43-09:37:37,125) [kworker/u9:0] (root,0,0,00:00:00/43-09:37:37,130) [charger_manager] (root,0,0,00:00:13/43-09:37:37,172) [kworker/1:1H-kblockd] (root,0,0,00:00:19/43-09:37:37,177) [kworker/3:1H-kblockd] (root,0,0,00:00:00/43-09:37:36,239) [kaluad] (root,0,0,00:00:00/43-09:37:36,258) [kmpath_rdacd] (root,0,0,00:00:00/43-09:37:36,304) [kmpathd] (root,0,0,00:00:00/43-09:37:36,305) [kmpath_handlerd] (root,0,0,00:00:00/43-09:37:35,342) [ata_sff] (root,0,0,00:00:00/43-09:37:35,343) [scsi_eh_0] (root,0,0,00:00:00/43-09:37:35,344) [scsi_tmf_0] (root,0,0,00:00:00/43-09:37:35,345) [scsi_eh_1] (root,0,0,00:00:00/43-09:37:35,346) [scsi_tmf_1] (root,0,0,00:01:26/43-09:37:32,366) [jbd2/vda1-8] (root,0,0,00:00:00/43-09:37:32,367) [ext4-rsv-conver] (root,38604,7856,00:01:14/43-09:37:20,440) /usr/lib/systemd/systemd-journald (root,53296,9444,00:00:05/43-09:37:19,454) /usr/lib/systemd/systemd-udevd (root,8624,6132,00:01:08/43-09:37:17,492) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1588,00:00:26/43-09:36:46,511) /sbin/auditd (messagebus,22932,5408,00:02:24/43-09:36:45,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8252,00:01:21/43-09:36:45,530) /usr/lib/systemd/systemd-logind (root,20556,4508,00:00:00/43-09:36:45,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31704,15832,00:00:03/43-09:36:43,611) /usr/sbin/wickedd --systemd --foreground (root,31900,16268,00:00:00/43-09:36:43,616) /usr/sbin/wickedd-nanny --systemd --foreground (root,0,0,00:00:00/01:52,1291) [kworker/3:0-ata_sff] (root,548616,30208,00:00:51/43-09:36:29,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,25672,00:00:00/43-09:36:29,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4512,00:04:18/43-09:36:29,1337) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1796,00:00:00/43-09:36:29,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40564,10436,00:00:00/43-09:36:29,1341) /usr/lib/systemd/systemd --user (cm-ssh,40560,10636,00:00:00/43-09:36:29,1342) /usr/lib/systemd/systemd --user (checkmk,40568,10492,00:00:00/43-09:36:29,1343) /usr/lib/systemd/systemd --user (root,449060,8452,00:01:25/43-09:36:29,1345) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,5716,00:06:17/43-09:36:29,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,656,00:00:00/43-09:36:29,1352) bpfilter_umh (root,26204,8096,00:00:22/43-09:36:29,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,3944,00:00:00/43-09:36:29,1359) ntpd: asynchronous dns resolver (spot,361760,206120,2-12:07:54/43-09:36:28,1368) /usr/bin/python3.11 /usr/bin/spot (syslogtunnel,48528,3180,00:00:00/43-09:36:28,1371) (sd-pam) (checkmk,48528,3180,00:00:00/43-09:36:28,1372) (sd-pam) (cm-ssh,48528,3180,00:00:00/43-09:36:28,1373) (sd-pam) (root,24216,5260,00:00:15/43-09:36:26,1468) /usr/lib/postfix/bin//master -w (postfix,24292,8228,00:00:03/43-09:36:26,1470) qmgr -l -t fifo -u (root,8964,2656,00:00:06/43-09:36:26,1485) /usr/sbin/cron -n (root,697508,76760,01:00:22/43-09:36:20,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,227776,70160,00:23:45/43-09:36:08,1995) /usr/bin/python3.11 /usr/bin/spot (postfix,44628,9184,00:00:01/37-15:11:43,2557) tlsmgr -l -t unix -u (root,6656,3488,00:00:00/00:00,8281) /bin/bash /usr/bin/check_mk_agent (root,13744,3520,00:00:00/00:00,8299) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,968,00:00:00/00:00,8300) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,35304,10040,00:00:00/5-10:04:38,10512) sshd: syslogtunnel [priv] (syslogtunnel,35304,5440,00:00:22/5-10:04:37,10514) sshd: syslogtunnel (root,0,0,00:00:00/31:52,13819) [kworker/0:2-events] (root,0,0,00:00:00/50:54,13961) [kworker/u8:2-flush-253:0] (root,0,0,00:00:00/07:05,15728) [kworker/3:1-ata_sff] (root,0,0,00:00:00/02:09:20,15885) [kworker/1:1-events] (root,0,0,00:00:00/06:50,16939) [kworker/u8:0-ext4-rsv-conversion] (root,0,0,00:00:00/01:45:00,17828) [kworker/1:2-events] (root,0,0,00:00:00/01:35:13,18669) [kworker/0:0-cgroup_destroy] (root,0,0,00:00:00/27:49,21017) [kworker/3:2-events] (postfix,24244,8284,00:00:00/01:02:21,29072) pickup -l -t fifo -u (root,0,0,00:00:00/12:15,30419) [kworker/2:2] (root,35308,10028,00:00:00/5-10:50:51,30945) sshd: cm-ssh [priv] (cm-ssh,35308,5584,00:00:20/5-10:50:50,30947) sshd: cm-ssh (root,0,0,00:00:00/01:01:10,31069) [kworker/2:1-events] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-10-23 20:26 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe5683633123ea2fFound public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189584,12432,00:02:03/41-12:07:33,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:01/41-12:07:33,2) [kthreadd] (root,0,0,00:00:00/41-12:07:33,3) [rcu_gp] (root,0,0,00:00:00/41-12:07:33,4) [rcu_par_gp] (root,0,0,00:00:00/41-12:07:33,5) [slub_flushwq] (root,0,0,00:00:00/41-12:07:33,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/41-12:07:33,9) [mm_percpu_wq] (root,0,0,00:00:00/41-12:07:33,10) [rcu_tasks_kthre] (root,0,0,00:00:00/41-12:07:33,11) [rcu_tasks_rude_] (root,0,0,00:00:00/41-12:07:33,12) [rcu_tasks_trace] (root,0,0,00:01:15/41-12:07:33,13) [ksoftirqd/0] (root,0,0,01:59:08/41-12:07:33,14) [rcu_preempt] (root,0,0,00:00:15/41-12:07:33,15) [migration/0] (root,0,0,00:00:00/41-12:07:33,16) [idle_inject/0] (root,0,0,00:00:00/41-12:07:33,18) [cpuhp/0] (root,0,0,00:00:00/41-12:07:33,19) [cpuhp/1] (root,0,0,00:00:00/41-12:07:33,20) [idle_inject/1] (root,0,0,00:00:16/41-12:07:33,21) [migration/1] (root,0,0,00:01:02/41-12:07:33,22) [ksoftirqd/1] (root,0,0,00:00:00/41-12:07:33,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/41-12:07:33,25) [cpuhp/2] (root,0,0,00:00:00/41-12:07:33,26) [idle_inject/2] (root,0,0,00:00:12/41-12:07:33,27) [migration/2] (root,0,0,01:18:23/41-12:07:33,28) [ksoftirqd/2] (root,0,0,00:00:00/41-12:07:33,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/41-12:07:33,31) [cpuhp/3] (root,0,0,00:00:00/41-12:07:33,32) [idle_inject/3] (root,0,0,00:00:15/41-12:07:33,33) [migration/3] (root,0,0,00:03:58/41-12:07:33,34) [ksoftirqd/3] (root,0,0,00:00:00/41-12:07:33,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/41-12:07:33,40) [kdevtmpfs] (root,0,0,00:00:00/41-12:07:33,41) [netns] (root,0,0,00:00:00/41-12:07:33,42) [inet_frag_wq] (root,0,0,00:00:14/41-12:07:33,43) [kauditd] (root,0,0,00:00:00/41-12:07:33,44) [khungtaskd] (root,0,0,00:00:00/41-12:07:33,45) [oom_reaper] (root,0,0,00:00:00/41-12:07:33,46) [writeback] (root,0,0,00:02:11/41-12:07:33,47) [kcompactd0] (root,0,0,00:00:00/41-12:07:33,48) [ksmd] (root,0,0,00:02:16/41-12:07:33,49) [khugepaged] (root,0,0,00:00:00/41-12:07:33,75) [kintegrityd] (root,0,0,00:00:00/41-12:07:33,76) [kblockd] (root,0,0,00:00:00/41-12:07:33,77) [blkcg_punt_bio] (root,0,0,00:00:00/41-12:07:33,79) [tpm_dev_wq] (root,0,0,00:00:00/41-12:07:33,80) [edac-poller] (root,0,0,00:00:00/41-12:07:33,81) [devfreq_wq] (root,0,0,00:00:00/41-12:07:33,110) [watchdogd] (root,0,0,00:00:03/41-12:07:33,111) [kswapd0] (root,0,0,00:00:11/41-12:07:33,113) [kworker/2:1H-kblockd] (root,0,0,00:00:00/41-12:07:31,115) [kthrotld] (root,0,0,00:00:00/41-12:07:31,116) [mld] (root,0,0,00:00:00/41-12:07:31,117) [ipv6_addrconf] (root,0,0,00:00:11/41-12:07:31,118) [kworker/0:1H-kblockd] (root,0,0,00:00:00/41-12:07:31,123) [kstrp] (root,0,0,00:00:00/41-12:07:31,124) [zswap-shrink] (root,0,0,00:00:00/41-12:07:31,125) [kworker/u9:0] (root,0,0,00:00:00/41-12:07:31,130) [charger_manager] (root,0,0,00:00:12/41-12:07:31,172) [kworker/1:1H-kblockd] (root,0,0,00:00:18/41-12:07:31,177) [kworker/3:1H-kblockd] (root,0,0,00:00:00/41-12:07:30,239) [kaluad] (root,0,0,00:00:00/41-12:07:30,258) [kmpath_rdacd] (root,0,0,00:00:00/41-12:07:30,304) [kmpathd] (root,0,0,00:00:00/41-12:07:30,305) [kmpath_handlerd] (root,0,0,00:00:00/41-12:07:29,342) [ata_sff] (root,0,0,00:00:00/41-12:07:29,343) [scsi_eh_0] (root,0,0,00:00:00/41-12:07:29,344) [scsi_tmf_0] (root,0,0,00:00:00/41-12:07:29,345) [scsi_eh_1] (root,0,0,00:00:00/41-12:07:29,346) [scsi_tmf_1] (root,0,0,00:01:23/41-12:07:26,366) [jbd2/vda1-8] (root,0,0,00:00:00/41-12:07:26,367) [ext4-rsv-conver] (root,38604,7856,00:01:12/41-12:07:14,440) /usr/lib/systemd/systemd-journald (root,53296,9444,00:00:04/41-12:07:13,454) /usr/lib/systemd/systemd-udevd (root,8624,6132,00:01:05/41-12:07:11,492) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1588,00:00:25/41-12:06:40,511) /sbin/auditd (messagebus,22932,5408,00:02:18/41-12:06:39,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8252,00:01:18/41-12:06:39,530) /usr/lib/systemd/systemd-logind (root,20556,4508,00:00:00/41-12:06:39,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31704,15832,00:00:03/41-12:06:37,611) /usr/sbin/wickedd --systemd --foreground (root,31900,16268,00:00:00/41-12:06:37,616) /usr/sbin/wickedd-nanny --systemd --foreground (root,548616,30208,00:00:49/41-12:06:23,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,25672,00:00:00/41-12:06:23,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4512,00:04:08/41-12:06:23,1337) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1796,00:00:00/41-12:06:23,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40564,10436,00:00:00/41-12:06:23,1341) /usr/lib/systemd/systemd --user (cm-ssh,40560,10636,00:00:00/41-12:06:23,1342) /usr/lib/systemd/systemd --user (checkmk,40568,10492,00:00:00/41-12:06:23,1343) /usr/lib/systemd/systemd --user (root,449060,8448,00:01:22/41-12:06:23,1345) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,5716,00:06:01/41-12:06:23,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,656,00:00:00/41-12:06:23,1352) bpfilter_umh (root,26204,8096,00:00:21/41-12:06:23,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,3944,00:00:00/41-12:06:23,1359) ntpd: asynchronous dns resolver (spot,361904,206156,2-09:28:12/41-12:06:22,1368) /usr/bin/python3.11 /usr/bin/spot (syslogtunnel,48528,3180,00:00:00/41-12:06:22,1371) (sd-pam) (checkmk,48528,3180,00:00:00/41-12:06:22,1372) (sd-pam) (cm-ssh,48528,3180,00:00:00/41-12:06:22,1373) (sd-pam) (root,24216,5260,00:00:14/41-12:06:20,1468) /usr/lib/postfix/bin//master -w (postfix,24292,8228,00:00:02/41-12:06:20,1470) qmgr -l -t fifo -u (root,8964,2656,00:00:05/41-12:06:20,1485) /usr/sbin/cron -n (root,697108,76384,00:57:40/41-12:06:14,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,226752,68932,00:22:48/41-12:06:02,1995) /usr/bin/python3.11 /usr/bin/spot (postfix,44628,9184,00:00:01/35-17:41:37,2557) tlsmgr -l -t unix -u (root,0,0,00:00:00/01:18:37,2589) [kworker/3:0-events] (root,0,0,00:00:00/55:09,3309) [kworker/u8:2-flush-253:0] (root,0,0,00:00:00/00:48,8034) [kworker/3:1-ata_sff] (root,35304,10040,00:00:00/3-12:34:32,10512) sshd: syslogtunnel [priv] (syslogtunnel,35304,5440,00:00:14/3-12:34:31,10514) sshd: syslogtunnel (postfix,24244,8308,00:00:00/34:02,11997) pickup -l -t fifo -u (root,6656,3484,00:00:00/00:00,12436) /bin/bash /usr/bin/check_mk_agent (root,13744,3416,00:00:00/00:00,12454) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,12455) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:00/15:54,15423) [kworker/u8:0] (root,0,0,00:00:00/15:54,15424) [kworker/0:2-events] (root,0,0,00:00:01/09:32:13,16954) [kworker/2:1-events] (root,0,0,00:00:00/02:11:15,18031) [kworker/1:2-events] (root,0,0,00:00:00/02:06:32,20231) [kworker/0:0-events] (root,0,0,00:00:00/11:05,25066) [kworker/2:0-events] (root,35308,10028,00:00:00/3-13:20:45,30945) sshd: cm-ssh [priv] (cm-ssh,35308,5584,00:00:14/3-13:20:44,30947) sshd: cm-ssh (root,0,0,00:00:00/06:21,32237) [kworker/1:1] (root,0,0,00:00:00/06:01,32511) [kworker/3:2-ata_sff] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-10-21 22:56 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe56836312acdda1Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189584,12624,00:01:57/39-11:18:59,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:01/39-11:18:59,2) [kthreadd] (root,0,0,00:00:00/39-11:18:59,3) [rcu_gp] (root,0,0,00:00:00/39-11:18:59,4) [rcu_par_gp] (root,0,0,00:00:00/39-11:18:59,5) [slub_flushwq] (root,0,0,00:00:00/39-11:18:59,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/39-11:18:59,9) [mm_percpu_wq] (root,0,0,00:00:00/39-11:18:59,10) [rcu_tasks_kthre] (root,0,0,00:00:00/39-11:18:59,11) [rcu_tasks_rude_] (root,0,0,00:00:00/39-11:18:59,12) [rcu_tasks_trace] (root,0,0,00:01:12/39-11:18:59,13) [ksoftirqd/0] (root,0,0,01:53:14/39-11:18:59,14) [rcu_preempt] (root,0,0,00:00:15/39-11:18:59,15) [migration/0] (root,0,0,00:00:00/39-11:18:59,16) [idle_inject/0] (root,0,0,00:00:00/39-11:18:59,18) [cpuhp/0] (root,0,0,00:00:00/39-11:18:59,19) [cpuhp/1] (root,0,0,00:00:00/39-11:18:59,20) [idle_inject/1] (root,0,0,00:00:15/39-11:18:59,21) [migration/1] (root,0,0,00:00:58/39-11:18:59,22) [ksoftirqd/1] (root,0,0,00:00:00/39-11:18:59,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/39-11:18:59,25) [cpuhp/2] (root,0,0,00:00:00/39-11:18:59,26) [idle_inject/2] (root,0,0,00:00:11/39-11:18:59,27) [migration/2] (root,0,0,01:13:28/39-11:18:59,28) [ksoftirqd/2] (root,0,0,00:00:00/39-11:18:59,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/39-11:18:59,31) [cpuhp/3] (root,0,0,00:00:00/39-11:18:59,32) [idle_inject/3] (root,0,0,00:00:14/39-11:18:59,33) [migration/3] (root,0,0,00:03:45/39-11:18:59,34) [ksoftirqd/3] (root,0,0,00:00:00/39-11:18:59,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/39-11:18:59,40) [kdevtmpfs] (root,0,0,00:00:00/39-11:18:59,41) [netns] (root,0,0,00:00:00/39-11:18:59,42) [inet_frag_wq] (root,0,0,00:00:14/39-11:18:59,43) [kauditd] (root,0,0,00:00:00/39-11:18:59,44) [khungtaskd] (root,0,0,00:00:00/39-11:18:59,45) [oom_reaper] (root,0,0,00:00:00/39-11:18:59,46) [writeback] (root,0,0,00:02:04/39-11:18:59,47) [kcompactd0] (root,0,0,00:00:00/39-11:18:59,48) [ksmd] (root,0,0,00:02:09/39-11:18:59,49) [khugepaged] (root,0,0,00:00:00/39-11:18:59,75) [kintegrityd] (root,0,0,00:00:00/39-11:18:59,76) [kblockd] (root,0,0,00:00:00/39-11:18:59,77) [blkcg_punt_bio] (root,0,0,00:00:00/39-11:18:59,79) [tpm_dev_wq] (root,0,0,00:00:00/39-11:18:59,80) [edac-poller] (root,0,0,00:00:00/39-11:18:59,81) [devfreq_wq] (root,0,0,00:00:00/39-11:18:59,110) [watchdogd] (root,0,0,00:00:02/39-11:18:59,111) [kswapd0] (root,0,0,00:00:10/39-11:18:59,113) [kworker/2:1H-kblockd] (root,0,0,00:00:00/39-11:18:57,115) [kthrotld] (root,0,0,00:00:00/39-11:18:57,116) [mld] (root,0,0,00:00:00/39-11:18:57,117) [ipv6_addrconf] (root,0,0,00:00:11/39-11:18:57,118) [kworker/0:1H-kblockd] (root,0,0,00:00:00/39-11:18:57,123) [kstrp] (root,0,0,00:00:00/39-11:18:57,124) [zswap-shrink] (root,0,0,00:00:00/39-11:18:57,125) [kworker/u9:0] (root,0,0,00:00:00/39-11:18:57,130) [charger_manager] (root,0,0,00:00:12/39-11:18:57,172) [kworker/1:1H-kblockd] (root,0,0,00:00:17/39-11:18:57,177) [kworker/3:1H-kblockd] (root,0,0,00:00:00/39-11:18:56,239) [kaluad] (root,0,0,00:00:00/39-11:18:56,258) [kmpath_rdacd] (root,0,0,00:00:00/39-11:18:56,304) [kmpathd] (root,0,0,00:00:00/39-11:18:56,305) [kmpath_handlerd] (root,0,0,00:00:00/39-11:18:55,342) [ata_sff] (root,0,0,00:00:00/39-11:18:55,343) [scsi_eh_0] (root,0,0,00:00:00/39-11:18:55,344) [scsi_tmf_0] (root,0,0,00:00:00/39-11:18:55,345) [scsi_eh_1] (root,0,0,00:00:00/39-11:18:55,346) [scsi_tmf_1] (root,0,0,00:01:18/39-11:18:52,366) [jbd2/vda1-8] (root,0,0,00:00:00/39-11:18:52,367) [ext4-rsv-conver] (root,38604,7924,00:01:08/39-11:18:40,440) /usr/lib/systemd/systemd-journald (root,53296,9640,00:00:04/39-11:18:39,454) /usr/lib/systemd/systemd-udevd (root,8624,6172,00:01:02/39-11:18:37,492) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1600,00:00:24/39-11:18:06,511) /sbin/auditd (messagebus,22932,5436,00:02:12/39-11:18:05,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8316,00:01:15/39-11:18:05,530) /usr/lib/systemd/systemd-logind (root,20556,4536,00:00:00/39-11:18:05,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31704,15860,00:00:03/39-11:18:03,611) /usr/sbin/wickedd --systemd --foreground (root,31900,16308,00:00:00/39-11:18:03,616) /usr/sbin/wickedd-nanny --systemd --foreground (root,548616,30300,00:00:46/39-11:17:49,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,25876,00:00:00/39-11:17:49,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4536,00:03:55/39-11:17:49,1337) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1812,00:00:00/39-11:17:49,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40564,10520,00:00:00/39-11:17:49,1341) /usr/lib/systemd/systemd --user (cm-ssh,40560,10652,00:00:00/39-11:17:49,1342) /usr/lib/systemd/systemd --user (checkmk,40568,10560,00:00:00/39-11:17:49,1343) /usr/lib/systemd/systemd --user (root,449060,8596,00:01:19/39-11:17:49,1345) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,5840,00:05:43/39-11:17:49,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,656,00:00:00/39-11:17:49,1352) bpfilter_umh (root,26204,8116,00:00:20/39-11:17:49,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4016,00:00:00/39-11:17:49,1359) ntpd: asynchronous dns resolver (spot,361232,198308,2-07:16:26/39-11:17:48,1368) /usr/bin/python3.11 /usr/bin/spot (syslogtunnel,48528,3192,00:00:00/39-11:17:48,1371) (sd-pam) (checkmk,48528,3192,00:00:00/39-11:17:48,1372) (sd-pam) (cm-ssh,48528,3192,00:00:00/39-11:17:48,1373) (sd-pam) (root,24216,5260,00:00:14/39-11:17:46,1468) /usr/lib/postfix/bin//master -w (postfix,24292,8228,00:00:02/39-11:17:46,1470) qmgr -l -t fifo -u (root,8964,2656,00:00:05/39-11:17:46,1485) /usr/sbin/cron -n (root,697108,78496,00:54:45/39-11:17:40,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,225728,67424,00:21:43/39-11:17:28,1995) /usr/bin/python3.11 /usr/bin/spot (root,0,0,00:00:00/05:31,2150) [kworker/3:0-ata_sff] (postfix,44628,9244,00:00:01/33-16:53:03,2557) tlsmgr -l -t unix -u (root,0,0,00:00:00/21:56,3019) [kworker/1:2-events] (root,35304,10040,00:00:00/1-11:45:58,10512) sshd: syslogtunnel [priv] (syslogtunnel,35304,5440,00:00:07/1-11:45:57,10514) sshd: syslogtunnel (root,0,0,00:00:00/36:38,11867) [kworker/3:2-events] (root,0,0,00:00:00/01:07:12,12444) [kworker/u8:2-ext4-rsv-conversion] (root,0,0,00:00:00/35:55,15181) [kworker/0:1-events] (root,0,0,00:00:00/07:26,15955) [kworker/u8:0-writeback] (root,0,0,00:00:00/07:26,15966) [kworker/1:0-events] (root,0,0,00:00:00/07:26,15998) [kworker/2:1-events] (root,0,0,00:00:01/02:09:17,16553) [kworker/0:0-events] (root,0,0,00:00:00/00:20,23200) [kworker/3:1-ata_sff] (root,6656,3492,00:00:00/00:00,25359) /bin/bash /usr/bin/check_mk_agent (root,6656,1828,00:00:00/00:00,25400) /bin/bash /usr/bin/check_mk_agent (root,6656,2020,00:00:00/00:00,25401) /bin/bash /usr/bin/check_mk_agent (root,4480,1168,00:00:00/00:00,25402) awk /:/ { c[$4]++; } END { for (x in c) { print x, c[x]; } } (root,2728,828,00:00:00/00:00,25403) timeout 5 cat /proc/net/tcp /proc/net/tcp6 (root,2680,652,00:00:00/00:00,25404) cat /proc/net/tcp /proc/net/tcp6 (root,6656,3488,00:00:00/00:00,25405) /bin/bash /usr/bin/check_mk_agent (root,13744,3500,00:00:00/00:00,25423) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,968,00:00:00/00:00,25424) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,35308,10028,00:00:00/1-12:32:11,30945) sshd: cm-ssh [priv] (cm-ssh,35308,5584,00:00:06/1-12:32:10,30947) sshd: cm-ssh (postfix,24244,8232,00:00:00/06:20,31794) pickup -l -t fifo -u (root,0,0,00:00:00/01:31:48,32470) [kworker/2:2-cgroup_destroy] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-10-19 22:07 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363ceeb03c1Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189584,12624,00:01:51/37-10:53:17,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:01/37-10:53:17,2) [kthreadd] (root,0,0,00:00:00/37-10:53:17,3) [rcu_gp] (root,0,0,00:00:00/37-10:53:17,4) [rcu_par_gp] (root,0,0,00:00:00/37-10:53:17,5) [slub_flushwq] (root,0,0,00:00:00/37-10:53:17,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/37-10:53:17,9) [mm_percpu_wq] (root,0,0,00:00:00/37-10:53:17,10) [rcu_tasks_kthre] (root,0,0,00:00:00/37-10:53:17,11) [rcu_tasks_rude_] (root,0,0,00:00:00/37-10:53:17,12) [rcu_tasks_trace] (root,0,0,00:01:07/37-10:53:17,13) [ksoftirqd/0] (root,0,0,01:47:09/37-10:53:17,14) [rcu_preempt] (root,0,0,00:00:14/37-10:53:17,15) [migration/0] (root,0,0,00:00:00/37-10:53:17,16) [idle_inject/0] (root,0,0,00:00:00/37-10:53:17,18) [cpuhp/0] (root,0,0,00:00:00/37-10:53:17,19) [cpuhp/1] (root,0,0,00:00:00/37-10:53:17,20) [idle_inject/1] (root,0,0,00:00:14/37-10:53:17,21) [migration/1] (root,0,0,00:00:55/37-10:53:17,22) [ksoftirqd/1] (root,0,0,00:00:00/37-10:53:17,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/37-10:53:17,25) [cpuhp/2] (root,0,0,00:00:00/37-10:53:17,26) [idle_inject/2] (root,0,0,00:00:10/37-10:53:17,27) [migration/2] (root,0,0,01:07:43/37-10:53:17,28) [ksoftirqd/2] (root,0,0,00:00:00/37-10:53:17,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/37-10:53:17,31) [cpuhp/3] (root,0,0,00:00:00/37-10:53:17,32) [idle_inject/3] (root,0,0,00:00:13/37-10:53:17,33) [migration/3] (root,0,0,00:03:29/37-10:53:17,34) [ksoftirqd/3] (root,0,0,00:00:00/37-10:53:17,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/37-10:53:17,40) [kdevtmpfs] (root,0,0,00:00:00/37-10:53:17,41) [netns] (root,0,0,00:00:00/37-10:53:17,42) [inet_frag_wq] (root,0,0,00:00:13/37-10:53:17,43) [kauditd] (root,0,0,00:00:00/37-10:53:17,44) [khungtaskd] (root,0,0,00:00:00/37-10:53:17,45) [oom_reaper] (root,0,0,00:00:00/37-10:53:17,46) [writeback] (root,0,0,00:01:57/37-10:53:17,47) [kcompactd0] (root,0,0,00:00:00/37-10:53:17,48) [ksmd] (root,0,0,00:02:02/37-10:53:17,49) [khugepaged] (root,0,0,00:00:00/37-10:53:17,75) [kintegrityd] (root,0,0,00:00:00/37-10:53:17,76) [kblockd] (root,0,0,00:00:00/37-10:53:17,77) [blkcg_punt_bio] (root,0,0,00:00:00/37-10:53:17,79) [tpm_dev_wq] (root,0,0,00:00:00/37-10:53:17,80) [edac-poller] (root,0,0,00:00:00/37-10:53:17,81) [devfreq_wq] (root,0,0,00:00:00/37-10:53:17,110) [watchdogd] (root,0,0,00:00:02/37-10:53:17,111) [kswapd0] (root,0,0,00:00:10/37-10:53:17,113) [kworker/2:1H-kblockd] (root,0,0,00:00:00/37-10:53:15,115) [kthrotld] (root,0,0,00:00:00/37-10:53:15,116) [mld] (root,0,0,00:00:00/37-10:53:15,117) [ipv6_addrconf] (root,0,0,00:00:10/37-10:53:15,118) [kworker/0:1H-kblockd] (root,0,0,00:00:00/37-10:53:15,123) [kstrp] (root,0,0,00:00:00/37-10:53:15,124) [zswap-shrink] (root,0,0,00:00:00/37-10:53:15,125) [kworker/u9:0] (root,0,0,00:00:00/37-10:53:15,130) [charger_manager] (root,0,0,00:00:11/37-10:53:15,172) [kworker/1:1H-kblockd] (root,0,0,00:00:16/37-10:53:15,177) [kworker/3:1H-kblockd] (root,0,0,00:00:00/37-10:53:14,239) [kaluad] (root,0,0,00:00:00/37-10:53:14,258) [kmpath_rdacd] (root,0,0,00:00:00/37-10:53:14,304) [kmpathd] (root,0,0,00:00:00/37-10:53:14,305) [kmpath_handlerd] (root,0,0,00:00:00/37-10:53:13,342) [ata_sff] (root,0,0,00:00:00/37-10:53:13,343) [scsi_eh_0] (root,0,0,00:00:00/37-10:53:13,344) [scsi_tmf_0] (root,0,0,00:00:00/37-10:53:13,345) [scsi_eh_1] (root,0,0,00:00:00/37-10:53:13,346) [scsi_tmf_1] (root,0,0,00:01:14/37-10:53:10,366) [jbd2/vda1-8] (root,0,0,00:00:00/37-10:53:10,367) [ext4-rsv-conver] (root,38604,7924,00:01:01/37-10:52:58,440) /usr/lib/systemd/systemd-journald (root,53296,9640,00:00:04/37-10:52:57,454) /usr/lib/systemd/systemd-udevd (root,8624,6172,00:00:58/37-10:52:55,492) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1600,00:00:22/37-10:52:24,511) /sbin/auditd (messagebus,22932,5436,00:02:06/37-10:52:23,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8316,00:01:11/37-10:52:23,530) /usr/lib/systemd/systemd-logind (root,20556,4536,00:00:00/37-10:52:23,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31704,15860,00:00:03/37-10:52:21,611) /usr/sbin/wickedd --systemd --foreground (root,31900,16308,00:00:00/37-10:52:21,616) /usr/sbin/wickedd-nanny --systemd --foreground (root,0,0,00:00:00/02:30:17,669) [kworker/2:0-events] (root,548616,30292,00:00:44/37-10:52:07,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,25876,00:00:00/37-10:52:07,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4536,00:03:42/37-10:52:07,1337) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1812,00:00:00/37-10:52:07,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40564,10520,00:00:00/37-10:52:07,1341) /usr/lib/systemd/systemd --user (cm-ssh,40560,10652,00:00:00/37-10:52:07,1342) /usr/lib/systemd/systemd --user (checkmk,40568,10560,00:00:00/37-10:52:07,1343) /usr/lib/systemd/systemd --user (root,449060,8372,00:00:58/37-10:52:07,1345) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,5840,00:05:24/37-10:52:07,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,656,00:00:00/37-10:52:07,1352) bpfilter_umh (root,26204,8116,00:00:19/37-10:52:07,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4016,00:00:00/37-10:52:07,1359) ntpd: asynchronous dns resolver (spot,362272,198568,2-04:16:45/37-10:52:06,1368) /usr/bin/python3.11 /usr/bin/spot (syslogtunnel,48528,3192,00:00:00/37-10:52:06,1371) (sd-pam) (checkmk,48528,3192,00:00:00/37-10:52:06,1372) (sd-pam) (cm-ssh,48528,3192,00:00:00/37-10:52:06,1373) (sd-pam) (root,24216,5260,00:00:13/37-10:52:04,1468) /usr/lib/postfix/bin//master -w (postfix,24292,8228,00:00:02/37-10:52:04,1470) qmgr -l -t fifo -u (root,8964,2656,00:00:05/37-10:52:04,1485) /usr/sbin/cron -n (root,35304,10076,00:00:00/37-10:52:01,1516) sshd: syslogtunnel [priv] (syslogtunnel,35304,5504,00:02:19/37-10:52:00,1527) sshd: syslogtunnel (root,0,0,00:00:00/46:27,1530) [kworker/u8:2-ext4-rsv-conversion] (root,696596,75960,00:51:50/37-10:51:58,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,224704,66200,00:20:39/37-10:51:46,1995) /usr/bin/python3.11 /usr/bin/spot (postfix,44628,9244,00:00:01/31-16:27:21,2557) tlsmgr -l -t unix -u (root,35308,10108,00:00:00/37-10:51:21,3216) sshd: cm-ssh [priv] (cm-ssh,35308,5492,00:02:04/37-10:51:21,3218) sshd: cm-ssh (root,0,0,00:00:00/01:58:36,4224) [kworker/0:0-events] (postfix,24244,8256,00:00:00/02:31,4691) pickup -l -t fifo -u (root,0,0,00:00:00/01:09,11741) [kworker/3:0-ata_sff] (root,6656,3488,00:00:00/00:00,15656) /bin/bash /usr/bin/check_mk_agent (root,13744,3520,00:00:00/00:00,15674) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,968,00:00:00/00:00,15675) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:00/16:56,18233) [kworker/u8:0-flush-253:0] (root,0,0,00:00:00/50:39,19177) [kworker/0:2-events] (root,0,0,00:00:00/06:20,22712) [kworker/3:1-ata_sff] (root,0,0,00:00:00/01:04:16,24929) [kworker/2:1-events] (root,0,0,00:00:00/05:16,26910) [kworker/1:1] (root,0,0,00:00:00/01:13:20,31156) [kworker/1:2-events] (root,0,0,00:00:01/02:31:37,32737) [kworker/3:2-events] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-10-17 21:42 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363f2bb7923Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189452,12620,00:01:46/35-13:17:12,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:01/35-13:17:12,2) [kthreadd] (root,0,0,00:00:00/35-13:17:12,3) [rcu_gp] (root,0,0,00:00:00/35-13:17:12,4) [rcu_par_gp] (root,0,0,00:00:00/35-13:17:12,5) [slub_flushwq] (root,0,0,00:00:00/35-13:17:12,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/35-13:17:12,9) [mm_percpu_wq] (root,0,0,00:00:00/35-13:17:12,10) [rcu_tasks_kthre] (root,0,0,00:00:00/35-13:17:12,11) [rcu_tasks_rude_] (root,0,0,00:00:00/35-13:17:12,12) [rcu_tasks_trace] (root,0,0,00:01:04/35-13:17:12,13) [ksoftirqd/0] (root,0,0,01:42:07/35-13:17:12,14) [rcu_preempt] (root,0,0,00:00:13/35-13:17:12,15) [migration/0] (root,0,0,00:00:00/35-13:17:12,16) [idle_inject/0] (root,0,0,00:00:00/35-13:17:12,18) [cpuhp/0] (root,0,0,00:00:00/35-13:17:12,19) [cpuhp/1] (root,0,0,00:00:00/35-13:17:12,20) [idle_inject/1] (root,0,0,00:00:13/35-13:17:12,21) [migration/1] (root,0,0,00:00:52/35-13:17:12,22) [ksoftirqd/1] (root,0,0,00:00:00/35-13:17:12,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/35-13:17:12,25) [cpuhp/2] (root,0,0,00:00:00/35-13:17:12,26) [idle_inject/2] (root,0,0,00:00:10/35-13:17:12,27) [migration/2] (root,0,0,01:04:59/35-13:17:12,28) [ksoftirqd/2] (root,0,0,00:00:00/35-13:17:12,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/35-13:17:12,31) [cpuhp/3] (root,0,0,00:00:00/35-13:17:12,32) [idle_inject/3] (root,0,0,00:00:12/35-13:17:12,33) [migration/3] (root,0,0,00:03:20/35-13:17:12,34) [ksoftirqd/3] (root,0,0,00:00:00/35-13:17:12,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/35-13:17:12,40) [kdevtmpfs] (root,0,0,00:00:00/35-13:17:12,41) [netns] (root,0,0,00:00:00/35-13:17:12,42) [inet_frag_wq] (root,0,0,00:00:12/35-13:17:12,43) [kauditd] (root,0,0,00:00:00/35-13:17:12,44) [khungtaskd] (root,0,0,00:00:00/35-13:17:12,45) [oom_reaper] (root,0,0,00:00:00/35-13:17:12,46) [writeback] (root,0,0,00:01:52/35-13:17:12,47) [kcompactd0] (root,0,0,00:00:00/35-13:17:12,48) [ksmd] (root,0,0,00:01:56/35-13:17:12,49) [khugepaged] (root,0,0,00:00:00/35-13:17:12,75) [kintegrityd] (root,0,0,00:00:00/35-13:17:12,76) [kblockd] (root,0,0,00:00:00/35-13:17:12,77) [blkcg_punt_bio] (root,0,0,00:00:00/35-13:17:12,79) [tpm_dev_wq] (root,0,0,00:00:00/35-13:17:12,80) [edac-poller] (root,0,0,00:00:00/35-13:17:12,81) [devfreq_wq] (root,0,0,00:00:00/35-13:17:12,110) [watchdogd] (root,0,0,00:00:02/35-13:17:12,111) [kswapd0] (root,0,0,00:00:09/35-13:17:12,113) [kworker/2:1H-kblockd] (root,0,0,00:00:00/35-13:17:10,115) [kthrotld] (root,0,0,00:00:00/35-13:17:10,116) [mld] (root,0,0,00:00:00/35-13:17:10,117) [ipv6_addrconf] (root,0,0,00:00:10/35-13:17:10,118) [kworker/0:1H-kblockd] (root,0,0,00:00:00/35-13:17:10,123) [kstrp] (root,0,0,00:00:00/35-13:17:10,124) [zswap-shrink] (root,0,0,00:00:00/35-13:17:10,125) [kworker/u9:0] (root,0,0,00:00:00/35-13:17:10,130) [charger_manager] (root,0,0,00:00:10/35-13:17:10,172) [kworker/1:1H-kblockd] (root,0,0,00:00:16/35-13:17:10,177) [kworker/3:1H-kblockd] (root,0,0,00:00:00/35-13:17:09,239) [kaluad] (root,0,0,00:00:00/35-13:17:09,258) [kmpath_rdacd] (root,0,0,00:00:00/35-13:17:09,304) [kmpathd] (root,0,0,00:00:00/35-13:17:09,305) [kmpath_handlerd] (root,0,0,00:00:00/35-13:17:08,342) [ata_sff] (root,0,0,00:00:00/35-13:17:08,343) [scsi_eh_0] (root,0,0,00:00:00/35-13:17:08,344) [scsi_tmf_0] (root,0,0,00:00:00/35-13:17:08,345) [scsi_eh_1] (root,0,0,00:00:00/35-13:17:08,346) [scsi_tmf_1] (root,0,0,00:01:11/35-13:17:05,366) [jbd2/vda1-8] (root,0,0,00:00:00/35-13:17:05,367) [ext4-rsv-conver] (root,38604,7924,00:00:58/35-13:16:53,440) /usr/lib/systemd/systemd-journald (root,53296,9640,00:00:04/35-13:16:52,454) /usr/lib/systemd/systemd-udevd (root,8624,6172,00:00:56/35-13:16:50,492) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1600,00:00:21/35-13:16:19,511) /sbin/auditd (messagebus,22932,5436,00:01:59/35-13:16:18,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8316,00:01:07/35-13:16:18,530) /usr/lib/systemd/systemd-logind (root,20556,4536,00:00:00/35-13:16:18,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31704,15860,00:00:03/35-13:16:16,611) /usr/sbin/wickedd --systemd --foreground (root,31900,16308,00:00:00/35-13:16:16,616) /usr/sbin/wickedd-nanny --systemd --foreground (root,548616,30252,00:00:42/35-13:16:02,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,25876,00:00:00/35-13:16:02,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4536,00:03:33/35-13:16:02,1337) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1812,00:00:00/35-13:16:02,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40564,10520,00:00:00/35-13:16:02,1341) /usr/lib/systemd/systemd --user (cm-ssh,40560,10652,00:00:00/35-13:16:02,1342) /usr/lib/systemd/systemd --user (checkmk,40568,10560,00:00:00/35-13:16:02,1343) /usr/lib/systemd/systemd --user (root,449060,8372,00:00:55/35-13:16:02,1345) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,5840,00:05:08/35-13:16:02,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,656,00:00:00/35-13:16:02,1352) bpfilter_umh (root,26204,8116,00:00:18/35-13:16:02,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4016,00:00:00/35-13:16:02,1359) ntpd: asynchronous dns resolver (spot,361472,198364,2-02:16:33/35-13:16:01,1368) /usr/bin/python3.11 /usr/bin/spot (syslogtunnel,48528,3192,00:00:00/35-13:16:01,1371) (sd-pam) (checkmk,48528,3192,00:00:00/35-13:16:01,1372) (sd-pam) (cm-ssh,48528,3192,00:00:00/35-13:16:01,1373) (sd-pam) (root,24216,5260,00:00:12/35-13:15:59,1468) /usr/lib/postfix/bin//master -w (postfix,24292,8228,00:00:02/35-13:15:59,1470) qmgr -l -t fifo -u (root,8964,2656,00:00:04/35-13:15:59,1485) /usr/sbin/cron -n (root,35304,10076,00:00:00/35-13:15:56,1516) sshd: syslogtunnel [priv] (syslogtunnel,35304,5504,00:02:12/35-13:15:55,1527) sshd: syslogtunnel (root,696596,77900,00:49:13/35-13:15:53,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,0,0,00:00:00/01:25:24,1719) [kworker/2:2-events] (spot,223680,64860,00:19:41/35-13:15:41,1995) /usr/bin/python3.11 /usr/bin/spot (postfix,24244,8268,00:00:00/01:08:12,2275) pickup -l -t fifo -u (postfix,44628,9244,00:00:01/29-18:51:16,2557) tlsmgr -l -t unix -u (root,35308,10108,00:00:00/35-13:15:16,3216) sshd: cm-ssh [priv] (cm-ssh,35308,5492,00:01:58/35-13:15:16,3218) sshd: cm-ssh (root,0,0,00:00:00/02:53:53,3274) [kworker/0:2-events] (root,0,0,00:00:00/09:55,3382) [kworker/3:2-ata_sff] (root,6656,3484,00:00:00/00:00,3444) /bin/bash /usr/bin/check_mk_agent (root,6656,1820,00:00:00/00:00,3485) /bin/bash /usr/bin/check_mk_agent (root,6656,2012,00:00:00/00:00,3486) /bin/bash /usr/bin/check_mk_agent (root,4480,1068,00:00:00/00:00,3487) awk /:/ { c[$4]++; } END { for (x in c) { print x, c[x]; } } (root,2728,816,00:00:00/00:00,3488) timeout 5 cat /proc/net/tcp /proc/net/tcp6 (root,2680,736,00:00:00/00:00,3489) cat /proc/net/tcp /proc/net/tcp6 (root,6656,3476,00:00:00/00:00,3490) /bin/bash /usr/bin/check_mk_agent (root,13744,3508,00:00:00/00:00,3508) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,3509) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:00/01:00:27,7965) [kworker/1:2-cgroup_destroy] (root,0,0,00:00:00/26:44,8586) [kworker/2:0] (root,0,0,00:00:00/22:35,11281) [kworker/0:1-events] (root,0,0,00:00:00/02:33:06,19269) [kworker/u8:2-ext4-rsv-conversion] (root,0,0,00:00:00/35:11,20934) [kworker/1:1-events] (root,0,0,00:00:00/04:45,21127) [kworker/3:0-events] (root,0,0,00:00:00/46:15,21426) [kworker/3:1-ata_sff] (root,0,0,00:00:00/14:06,26671) [kworker/u8:0-flush-253:0] (root,0,0,00:00:00/00:52,31979) [kworker/1:0-events] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-10-16 00:05 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe56836327016479Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189452,12724,00:01:39/33-11:22:36,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:01/33-11:22:36,2) [kthreadd] (root,0,0,00:00:00/33-11:22:36,3) [rcu_gp] (root,0,0,00:00:00/33-11:22:36,4) [rcu_par_gp] (root,0,0,00:00:00/33-11:22:36,5) [slub_flushwq] (root,0,0,00:00:00/33-11:22:36,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/33-11:22:36,9) [mm_percpu_wq] (root,0,0,00:00:00/33-11:22:36,10) [rcu_tasks_kthre] (root,0,0,00:00:00/33-11:22:36,11) [rcu_tasks_rude_] (root,0,0,00:00:00/33-11:22:36,12) [rcu_tasks_trace] (root,0,0,00:01:01/33-11:22:36,13) [ksoftirqd/0] (root,0,0,01:36:33/33-11:22:36,14) [rcu_preempt] (root,0,0,00:00:12/33-11:22:36,15) [migration/0] (root,0,0,00:00:00/33-11:22:36,16) [idle_inject/0] (root,0,0,00:00:00/33-11:22:36,18) [cpuhp/0] (root,0,0,00:00:00/33-11:22:36,19) [cpuhp/1] (root,0,0,00:00:00/33-11:22:36,20) [idle_inject/1] (root,0,0,00:00:12/33-11:22:36,21) [migration/1] (root,0,0,00:00:50/33-11:22:36,22) [ksoftirqd/1] (root,0,0,00:00:00/33-11:22:36,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/33-11:22:36,25) [cpuhp/2] (root,0,0,00:00:00/33-11:22:36,26) [idle_inject/2] (root,0,0,00:00:09/33-11:22:36,27) [migration/2] (root,0,0,01:01:38/33-11:22:36,28) [ksoftirqd/2] (root,0,0,00:00:00/33-11:22:36,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/33-11:22:36,31) [cpuhp/3] (root,0,0,00:00:00/33-11:22:36,32) [idle_inject/3] (root,0,0,00:00:12/33-11:22:36,33) [migration/3] (root,0,0,00:03:10/33-11:22:36,34) [ksoftirqd/3] (root,0,0,00:00:00/33-11:22:36,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/33-11:22:36,40) [kdevtmpfs] (root,0,0,00:00:00/33-11:22:36,41) [netns] (root,0,0,00:00:00/33-11:22:36,42) [inet_frag_wq] (root,0,0,00:00:12/33-11:22:36,43) [kauditd] (root,0,0,00:00:00/33-11:22:36,44) [khungtaskd] (root,0,0,00:00:00/33-11:22:36,45) [oom_reaper] (root,0,0,00:00:00/33-11:22:36,46) [writeback] (root,0,0,00:01:45/33-11:22:36,47) [kcompactd0] (root,0,0,00:00:00/33-11:22:36,48) [ksmd] (root,0,0,00:01:49/33-11:22:36,49) [khugepaged] (root,0,0,00:00:00/33-11:22:36,75) [kintegrityd] (root,0,0,00:00:00/33-11:22:36,76) [kblockd] (root,0,0,00:00:00/33-11:22:36,77) [blkcg_punt_bio] (root,0,0,00:00:00/33-11:22:36,79) [tpm_dev_wq] (root,0,0,00:00:00/33-11:22:36,80) [edac-poller] (root,0,0,00:00:00/33-11:22:36,81) [devfreq_wq] (root,0,0,00:00:00/33-11:22:36,110) [watchdogd] (root,0,0,00:00:02/33-11:22:36,111) [kswapd0] (root,0,0,00:00:09/33-11:22:36,113) [kworker/2:1H-kblockd] (root,0,0,00:00:00/33-11:22:34,115) [kthrotld] (root,0,0,00:00:00/33-11:22:34,116) [mld] (root,0,0,00:00:00/33-11:22:34,117) [ipv6_addrconf] (root,0,0,00:00:09/33-11:22:34,118) [kworker/0:1H-kblockd] (root,0,0,00:00:00/33-11:22:34,123) [kstrp] (root,0,0,00:00:00/33-11:22:34,124) [zswap-shrink] (root,0,0,00:00:00/33-11:22:34,125) [kworker/u9:0] (root,0,0,00:00:00/33-11:22:34,130) [charger_manager] (root,0,0,00:00:10/33-11:22:34,172) [kworker/1:1H-kblockd] (root,0,0,00:00:15/33-11:22:34,177) [kworker/3:1H-kblockd] (root,0,0,00:00:00/33-11:22:33,239) [kaluad] (root,0,0,00:00:00/33-11:22:33,258) [kmpath_rdacd] (root,0,0,00:00:00/33-11:22:33,304) [kmpathd] (root,0,0,00:00:00/33-11:22:33,305) [kmpath_handlerd] (root,0,0,00:00:00/33-11:22:32,342) [ata_sff] (root,0,0,00:00:00/33-11:22:32,343) [scsi_eh_0] (root,0,0,00:00:00/33-11:22:32,344) [scsi_tmf_0] (root,0,0,00:00:00/33-11:22:32,345) [scsi_eh_1] (root,0,0,00:00:00/33-11:22:32,346) [scsi_tmf_1] (root,0,0,00:01:07/33-11:22:29,366) [jbd2/vda1-8] (root,0,0,00:00:00/33-11:22:29,367) [ext4-rsv-conver] (root,38604,7944,00:00:54/33-11:22:17,440) /usr/lib/systemd/systemd-journald (root,53296,9712,00:00:03/33-11:22:16,454) /usr/lib/systemd/systemd-udevd (root,8624,6212,00:00:52/33-11:22:14,492) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1616,00:00:20/33-11:21:43,511) /sbin/auditd (messagebus,22932,5632,00:01:52/33-11:21:42,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8332,00:01:03/33-11:21:42,530) /usr/lib/systemd/systemd-logind (root,20556,4624,00:00:00/33-11:21:42,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31704,15948,00:00:03/33-11:21:40,611) /usr/sbin/wickedd --systemd --foreground (root,31900,16404,00:00:00/33-11:21:40,616) /usr/sbin/wickedd-nanny --systemd --foreground (root,548360,29300,00:00:39/33-11:21:26,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,25908,00:00:00/33-11:21:26,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4536,00:03:21/33-11:21:26,1337) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1812,00:00:00/33-11:21:26,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40564,10520,00:00:00/33-11:21:26,1341) /usr/lib/systemd/systemd --user (cm-ssh,40560,10652,00:00:00/33-11:21:26,1342) /usr/lib/systemd/systemd --user (checkmk,40568,10560,00:00:00/33-11:21:26,1343) /usr/lib/systemd/systemd --user (root,449060,8496,00:00:51/33-11:21:26,1345) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,5856,00:04:51/33-11:21:26,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,656,00:00:00/33-11:21:26,1352) bpfilter_umh (root,26204,8128,00:00:17/33-11:21:26,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4032,00:00:00/33-11:21:26,1359) ntpd: asynchronous dns resolver (spot,362096,200280,2-00:13:58/33-11:21:25,1368) /usr/bin/python3.11 /usr/bin/spot (syslogtunnel,48528,3192,00:00:00/33-11:21:25,1371) (sd-pam) (checkmk,48528,3192,00:00:00/33-11:21:25,1372) (sd-pam) (cm-ssh,48528,3192,00:00:00/33-11:21:25,1373) (sd-pam) (root,24216,5260,00:00:11/33-11:21:23,1468) /usr/lib/postfix/bin//master -w (postfix,24292,8228,00:00:02/33-11:21:23,1470) qmgr -l -t fifo -u (root,8964,2656,00:00:04/33-11:21:23,1485) /usr/sbin/cron -n (root,35304,10076,00:00:00/33-11:21:20,1516) sshd: syslogtunnel [priv] (syslogtunnel,35304,5504,00:02:05/33-11:21:19,1527) sshd: syslogtunnel (root,694036,73228,00:46:20/33-11:21:17,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,222656,63348,00:18:40/33-11:21:05,1995) /usr/bin/python3.11 /usr/bin/spot (postfix,44628,9244,00:00:01/27-16:56:40,2557) tlsmgr -l -t unix -u (root,0,0,00:00:00/01:14,2771) [kworker/1:1-events] (postfix,24244,8240,00:00:00/01:14:36,2889) pickup -l -t fifo -u (root,0,0,00:00:00/38:28,2925) [kworker/3:2-events] (root,35308,10108,00:00:00/33-11:20:40,3216) sshd: cm-ssh [priv] (cm-ssh,35308,5492,00:01:51/33-11:20:40,3218) sshd: cm-ssh (root,0,0,00:00:00/10:39,3424) [kworker/2:0] (root,0,0,00:00:00/01:01:28,3437) [kworker/0:2-mm_percpu_wq] (root,0,0,00:00:00/10:13,4932) [kworker/u8:1] (root,6656,3492,00:00:00/00:00,7524) /bin/bash /usr/bin/check_mk_agent (root,13744,3384,00:00:00/00:00,7542) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,7543) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:00/07:59,11813) [kworker/1:2-events] (root,0,0,00:00:00/07:19,12631) [kworker/3:0-ata_sff] (root,0,0,00:00:00/03:11:19,15338) [kworker/1:0-events] (root,0,0,00:00:01/03:07:59,15620) [kworker/2:2-events] (root,0,0,00:00:00/21:15,22539) [kworker/u8:2-flush-253:0] (root,0,0,00:00:00/44:45,26155) [kworker/0:0-events] (root,0,0,00:00:00/02:08,31796) [kworker/3:1-ata_sff] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-10-13 22:11 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe56836329755ce0Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189452,12724,00:01:32/31-09:19:13,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/31-09:19:13,2) [kthreadd] (root,0,0,00:00:00/31-09:19:13,3) [rcu_gp] (root,0,0,00:00:00/31-09:19:13,4) [rcu_par_gp] (root,0,0,00:00:00/31-09:19:13,5) [slub_flushwq] (root,0,0,00:00:00/31-09:19:13,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/31-09:19:13,9) [mm_percpu_wq] (root,0,0,00:00:00/31-09:19:13,10) [rcu_tasks_kthre] (root,0,0,00:00:00/31-09:19:13,11) [rcu_tasks_rude_] (root,0,0,00:00:00/31-09:19:13,12) [rcu_tasks_trace] (root,0,0,00:00:58/31-09:19:13,13) [ksoftirqd/0] (root,0,0,01:30:55/31-09:19:13,14) [rcu_preempt] (root,0,0,00:00:12/31-09:19:13,15) [migration/0] (root,0,0,00:00:00/31-09:19:13,16) [idle_inject/0] (root,0,0,00:00:00/31-09:19:13,18) [cpuhp/0] (root,0,0,00:00:00/31-09:19:13,19) [cpuhp/1] (root,0,0,00:00:00/31-09:19:13,20) [idle_inject/1] (root,0,0,00:00:12/31-09:19:13,21) [migration/1] (root,0,0,00:00:47/31-09:19:13,22) [ksoftirqd/1] (root,0,0,00:00:00/31-09:19:13,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/31-09:19:13,25) [cpuhp/2] (root,0,0,00:00:00/31-09:19:13,26) [idle_inject/2] (root,0,0,00:00:09/31-09:19:13,27) [migration/2] (root,0,0,00:58:11/31-09:19:13,28) [ksoftirqd/2] (root,0,0,00:00:00/31-09:19:13,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/31-09:19:13,31) [cpuhp/3] (root,0,0,00:00:00/31-09:19:13,32) [idle_inject/3] (root,0,0,00:00:11/31-09:19:13,33) [migration/3] (root,0,0,00:03:00/31-09:19:13,34) [ksoftirqd/3] (root,0,0,00:00:00/31-09:19:13,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/31-09:19:13,40) [kdevtmpfs] (root,0,0,00:00:00/31-09:19:13,41) [netns] (root,0,0,00:00:00/31-09:19:13,42) [inet_frag_wq] (root,0,0,00:00:11/31-09:19:13,43) [kauditd] (root,0,0,00:00:00/31-09:19:13,44) [khungtaskd] (root,0,0,00:00:00/31-09:19:13,45) [oom_reaper] (root,0,0,00:00:00/31-09:19:13,46) [writeback] (root,0,0,00:01:39/31-09:19:13,47) [kcompactd0] (root,0,0,00:00:00/31-09:19:13,48) [ksmd] (root,0,0,00:01:42/31-09:19:13,49) [khugepaged] (root,0,0,00:00:00/31-09:19:13,75) [kintegrityd] (root,0,0,00:00:00/31-09:19:13,76) [kblockd] (root,0,0,00:00:00/31-09:19:13,77) [blkcg_punt_bio] (root,0,0,00:00:00/31-09:19:13,79) [tpm_dev_wq] (root,0,0,00:00:00/31-09:19:13,80) [edac-poller] (root,0,0,00:00:00/31-09:19:13,81) [devfreq_wq] (root,0,0,00:00:00/31-09:19:13,110) [watchdogd] (root,0,0,00:00:02/31-09:19:13,111) [kswapd0] (root,0,0,00:00:08/31-09:19:13,113) [kworker/2:1H-kblockd] (root,0,0,00:00:00/31-09:19:11,115) [kthrotld] (root,0,0,00:00:00/31-09:19:11,116) [mld] (root,0,0,00:00:00/31-09:19:11,117) [ipv6_addrconf] (root,0,0,00:00:08/31-09:19:11,118) [kworker/0:1H-kblockd] (root,0,0,00:00:00/31-09:19:11,123) [kstrp] (root,0,0,00:00:00/31-09:19:11,124) [zswap-shrink] (root,0,0,00:00:00/31-09:19:11,125) [kworker/u9:0] (root,0,0,00:00:00/31-09:19:11,130) [charger_manager] (root,0,0,00:00:09/31-09:19:11,172) [kworker/1:1H-kblockd] (root,0,0,00:00:14/31-09:19:11,177) [kworker/3:1H-kblockd] (root,0,0,00:00:00/31-09:19:10,239) [kaluad] (root,0,0,00:00:00/31-09:19:10,258) [kmpath_rdacd] (root,0,0,00:00:00/31-09:19:10,304) [kmpathd] (root,0,0,00:00:00/31-09:19:10,305) [kmpath_handlerd] (root,0,0,00:00:00/31-09:19:09,342) [ata_sff] (root,0,0,00:00:00/31-09:19:09,343) [scsi_eh_0] (root,0,0,00:00:00/31-09:19:09,344) [scsi_tmf_0] (root,0,0,00:00:00/31-09:19:09,345) [scsi_eh_1] (root,0,0,00:00:00/31-09:19:09,346) [scsi_tmf_1] (root,0,0,00:01:03/31-09:19:06,366) [jbd2/vda1-8] (root,0,0,00:00:00/31-09:19:06,367) [ext4-rsv-conver] (root,38604,7944,00:00:50/31-09:18:54,440) /usr/lib/systemd/systemd-journald (root,53296,9712,00:00:03/31-09:18:53,454) /usr/lib/systemd/systemd-udevd (root,8624,6212,00:00:49/31-09:18:51,492) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1616,00:00:18/31-09:18:20,511) /sbin/auditd (messagebus,22932,5632,00:01:43/31-09:18:19,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8332,00:00:58/31-09:18:19,530) /usr/lib/systemd/systemd-logind (root,20556,4624,00:00:00/31-09:18:19,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31704,15948,00:00:03/31-09:18:17,611) /usr/sbin/wickedd --systemd --foreground (root,31900,16404,00:00:00/31-09:18:17,616) /usr/sbin/wickedd-nanny --systemd --foreground (root,548360,29300,00:00:37/31-09:18:03,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,25908,00:00:00/31-09:18:03,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4536,00:03:08/31-09:18:03,1337) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1812,00:00:00/31-09:18:03,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40564,10520,00:00:00/31-09:18:03,1341) /usr/lib/systemd/systemd --user (cm-ssh,40560,10652,00:00:00/31-09:18:03,1342) /usr/lib/systemd/systemd --user (checkmk,40568,10560,00:00:00/31-09:18:03,1343) /usr/lib/systemd/systemd --user (root,449060,8496,00:00:48/31-09:18:03,1345) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,5856,00:04:33/31-09:18:03,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,656,00:00:00/31-09:18:03,1352) bpfilter_umh (root,26204,8128,00:00:16/31-09:18:03,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4032,00:00:00/31-09:18:03,1359) ntpd: asynchronous dns resolver (spot,361856,200220,1-21:56:29/31-09:18:02,1368) /usr/bin/python3.11 /usr/bin/spot (syslogtunnel,48528,3192,00:00:00/31-09:18:02,1371) (sd-pam) (checkmk,48528,3192,00:00:00/31-09:18:02,1372) (sd-pam) (cm-ssh,48528,3192,00:00:00/31-09:18:02,1373) (sd-pam) (root,24216,5260,00:00:11/31-09:18:00,1468) /usr/lib/postfix/bin//master -w (postfix,24292,8228,00:00:02/31-09:18:00,1470) qmgr -l -t fifo -u (root,8964,2656,00:00:04/31-09:18:00,1485) /usr/sbin/cron -n (root,35304,10076,00:00:00/31-09:17:57,1516) sshd: syslogtunnel [priv] (syslogtunnel,35304,5504,00:01:57/31-09:17:56,1527) sshd: syslogtunnel (root,693780,74896,00:43:28/31-09:17:54,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,221632,61972,00:17:34/31-09:17:42,1995) /usr/bin/python3.11 /usr/bin/spot (postfix,44628,9244,00:00:01/25-14:53:17,2557) tlsmgr -l -t unix -u (root,35308,10108,00:00:00/31-09:17:17,3216) sshd: cm-ssh [priv] (cm-ssh,35308,5492,00:01:44/31-09:17:17,3218) sshd: cm-ssh (root,0,0,00:00:00/01:19:45,6292) [kworker/0:0-cgroup_destroy] (root,0,0,00:00:01/04:18:54,6579) [kworker/3:0-events] (postfix,24244,8164,00:00:00/01:13:13,6806) pickup -l -t fifo -u (root,0,0,00:00:00/01:09:44,7310) [kworker/1:2-cgroup_destroy] (root,0,0,00:00:00/56:25,8637) [kworker/1:1-events] (root,0,0,00:00:00/26:28,11246) [kworker/2:2-mm_percpu_wq] (root,0,0,00:00:00/14:27:49,11736) [kworker/u8:1-ext4-rsv-conversion] (root,0,0,00:00:00/09:56,14409) [kworker/0:2-mm_percpu_wq] (root,0,0,00:00:00/09:51,14410) [kworker/3:1-ata_sff] (root,0,0,00:00:00/09:31,14640) [kworker/u8:0-flush-253:0] (root,0,0,00:00:00/04:41,17906) [kworker/3:2-ata_sff] (root,0,0,00:00:00/03:18,22942) [kworker/1:0-events] (root,6764,3608,00:00:00/00:01,31492) /bin/bash /usr/bin/check_mk_agent (root,6292,3116,00:00:00/00:01,31619) /bin/bash ././mk_inventory.linux (root,43076,22876,00:00:00/00:01,31623) rpm -qa --qf %{NAME}\t%{VERSION}\t%{ARCH}\trpm\t%{RELEASE}\t%{SUMMARY}\t-\n (root,6656,3516,00:00:00/00:01,31680) /bin/bash /usr/bin/check_mk_agent (root,6656,3484,00:00:00/00:00,31712) /bin/bash /usr/bin/check_mk_agent (root,6656,1828,00:00:00/00:00,31799) /bin/bash /usr/bin/check_mk_agent (root,6656,2020,00:00:00/00:00,31800) /bin/bash /usr/bin/check_mk_agent (root,4480,1036,00:00:00/00:00,31801) awk /:/ { c[$4]++; } END { for (x in c) { print x, c[x]; } } (root,2728,772,00:00:00/00:00,31802) timeout 5 cat /proc/net/tcp /proc/net/tcp6 (root,2676,1204,00:00:00/00:00,31803) cat /proc/net/tcp /proc/net/tcp6 (root,6656,3484,00:00:00/00:00,31823) /bin/bash /usr/bin/check_mk_agent (root,13744,3528,00:00:00/00:00,31845) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,31846) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,6656,1912,00:00:00/00:00,31847) /bin/bash /usr/bin/check_mk_agent (root,0,0,00:00:00/02:16:01,32212) [kworker/2:0-events] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-10-11 20:07 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363fae6202bFound public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189452,12724,00:01:25/29-11:06:28,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/29-11:06:28,2) [kthreadd] (root,0,0,00:00:00/29-11:06:28,3) [rcu_gp] (root,0,0,00:00:00/29-11:06:28,4) [rcu_par_gp] (root,0,0,00:00:00/29-11:06:28,5) [slub_flushwq] (root,0,0,00:00:00/29-11:06:28,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/29-11:06:28,9) [mm_percpu_wq] (root,0,0,00:00:00/29-11:06:28,10) [rcu_tasks_kthre] (root,0,0,00:00:00/29-11:06:28,11) [rcu_tasks_rude_] (root,0,0,00:00:00/29-11:06:28,12) [rcu_tasks_trace] (root,0,0,00:00:54/29-11:06:28,13) [ksoftirqd/0] (root,0,0,01:25:23/29-11:06:28,14) [rcu_preempt] (root,0,0,00:00:11/29-11:06:28,15) [migration/0] (root,0,0,00:00:00/29-11:06:28,16) [idle_inject/0] (root,0,0,00:00:00/29-11:06:28,18) [cpuhp/0] (root,0,0,00:00:00/29-11:06:28,19) [cpuhp/1] (root,0,0,00:00:00/29-11:06:28,20) [idle_inject/1] (root,0,0,00:00:11/29-11:06:28,21) [migration/1] (root,0,0,00:00:44/29-11:06:28,22) [ksoftirqd/1] (root,0,0,00:00:00/29-11:06:28,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/29-11:06:28,25) [cpuhp/2] (root,0,0,00:00:00/29-11:06:28,26) [idle_inject/2] (root,0,0,00:00:08/29-11:06:28,27) [migration/2] (root,0,0,00:54:26/29-11:06:28,28) [ksoftirqd/2] (root,0,0,00:00:00/29-11:06:28,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/29-11:06:28,31) [cpuhp/3] (root,0,0,00:00:00/29-11:06:28,32) [idle_inject/3] (root,0,0,00:00:10/29-11:06:28,33) [migration/3] (root,0,0,00:02:49/29-11:06:28,34) [ksoftirqd/3] (root,0,0,00:00:00/29-11:06:28,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/29-11:06:28,40) [kdevtmpfs] (root,0,0,00:00:00/29-11:06:28,41) [netns] (root,0,0,00:00:00/29-11:06:28,42) [inet_frag_wq] (root,0,0,00:00:10/29-11:06:28,43) [kauditd] (root,0,0,00:00:00/29-11:06:28,44) [khungtaskd] (root,0,0,00:00:00/29-11:06:28,45) [oom_reaper] (root,0,0,00:00:00/29-11:06:28,46) [writeback] (root,0,0,00:01:34/29-11:06:28,47) [kcompactd0] (root,0,0,00:00:00/29-11:06:28,48) [ksmd] (root,0,0,00:01:35/29-11:06:28,49) [khugepaged] (root,0,0,00:00:00/29-11:06:28,75) [kintegrityd] (root,0,0,00:00:00/29-11:06:28,76) [kblockd] (root,0,0,00:00:00/29-11:06:28,77) [blkcg_punt_bio] (root,0,0,00:00:00/29-11:06:28,79) [tpm_dev_wq] (root,0,0,00:00:00/29-11:06:28,80) [edac-poller] (root,0,0,00:00:00/29-11:06:28,81) [devfreq_wq] (root,0,0,00:00:00/29-11:06:28,110) [watchdogd] (root,0,0,00:00:02/29-11:06:28,111) [kswapd0] (root,0,0,00:00:08/29-11:06:28,113) [kworker/2:1H-kblockd] (root,0,0,00:00:00/29-11:06:26,115) [kthrotld] (root,0,0,00:00:00/29-11:06:26,116) [mld] (root,0,0,00:00:00/29-11:06:26,117) [ipv6_addrconf] (root,0,0,00:00:08/29-11:06:26,118) [kworker/0:1H-kblockd] (root,0,0,00:00:00/29-11:06:26,123) [kstrp] (root,0,0,00:00:00/29-11:06:26,124) [zswap-shrink] (root,0,0,00:00:00/29-11:06:26,125) [kworker/u9:0] (root,0,0,00:00:00/29-11:06:26,130) [charger_manager] (root,0,0,00:00:09/29-11:06:26,172) [kworker/1:1H-kblockd] (root,0,0,00:00:13/29-11:06:26,177) [kworker/3:1H-kblockd] (root,0,0,00:00:00/29-11:06:25,239) [kaluad] (root,0,0,00:00:00/29-11:06:25,258) [kmpath_rdacd] (root,0,0,00:00:00/29-11:06:25,304) [kmpathd] (root,0,0,00:00:00/29-11:06:25,305) [kmpath_handlerd] (root,0,0,00:00:00/29-11:06:24,342) [ata_sff] (root,0,0,00:00:00/29-11:06:24,343) [scsi_eh_0] (root,0,0,00:00:00/29-11:06:24,344) [scsi_tmf_0] (root,0,0,00:00:00/29-11:06:24,345) [scsi_eh_1] (root,0,0,00:00:00/29-11:06:24,346) [scsi_tmf_1] (root,0,0,00:00:59/29-11:06:21,366) [jbd2/vda1-8] (root,0,0,00:00:00/29-11:06:21,367) [ext4-rsv-conver] (root,38604,7944,00:00:47/29-11:06:09,440) /usr/lib/systemd/systemd-journald (root,53296,9712,00:00:03/29-11:06:08,454) /usr/lib/systemd/systemd-udevd (root,8624,6212,00:00:46/29-11:06:06,492) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1616,00:00:17/29-11:05:35,511) /sbin/auditd (messagebus,22932,5632,00:01:35/29-11:05:34,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8332,00:00:54/29-11:05:34,530) /usr/lib/systemd/systemd-logind (root,20556,4624,00:00:00/29-11:05:34,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31704,15948,00:00:03/29-11:05:32,611) /usr/sbin/wickedd --systemd --foreground (root,31900,16404,00:00:00/29-11:05:32,616) /usr/sbin/wickedd-nanny --systemd --foreground (root,548360,29300,00:00:34/29-11:05:18,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,25908,00:00:00/29-11:05:18,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4536,00:02:59/29-11:05:18,1337) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1812,00:00:00/29-11:05:18,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40564,10520,00:00:00/29-11:05:18,1341) /usr/lib/systemd/systemd --user (cm-ssh,40560,10652,00:00:00/29-11:05:18,1342) /usr/lib/systemd/systemd --user (checkmk,40568,10560,00:00:00/29-11:05:18,1343) /usr/lib/systemd/systemd --user (root,449060,8644,00:00:45/29-11:05:18,1345) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,5856,00:04:16/29-11:05:18,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,656,00:00:00/29-11:05:18,1352) bpfilter_umh (root,26204,8128,00:00:14/29-11:05:18,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4032,00:00:00/29-11:05:18,1359) ntpd: asynchronous dns resolver (spot,361552,200104,1-19:42:21/29-11:05:17,1368) /usr/bin/python3.11 /usr/bin/spot (syslogtunnel,48528,3192,00:00:00/29-11:05:17,1371) (sd-pam) (checkmk,48528,3192,00:00:00/29-11:05:17,1372) (sd-pam) (cm-ssh,48528,3192,00:00:00/29-11:05:17,1373) (sd-pam) (root,24216,5260,00:00:10/29-11:05:15,1468) /usr/lib/postfix/bin//master -w (postfix,24292,8228,00:00:02/29-11:05:15,1470) qmgr -l -t fifo -u (root,8964,2656,00:00:04/29-11:05:15,1485) /usr/sbin/cron -n (root,35304,10076,00:00:00/29-11:05:12,1516) sshd: syslogtunnel [priv] (syslogtunnel,35304,5504,00:01:50/29-11:05:11,1527) sshd: syslogtunnel (root,693524,74428,00:40:43/29-11:05:09,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,0,0,00:00:00/20:55,1780) [kworker/2:2] (spot,220608,60744,00:16:34/29-11:04:57,1995) /usr/bin/python3.11 /usr/bin/spot (postfix,44628,9244,00:00:01/23-16:40:32,2557) tlsmgr -l -t unix -u (root,35308,10108,00:00:00/29-11:04:32,3216) sshd: cm-ssh [priv] (cm-ssh,35308,5492,00:01:37/29-11:04:32,3218) sshd: cm-ssh (root,0,0,00:00:00/02:36:08,5369) [kworker/1:2-events] (root,6656,3480,00:00:00/00:00,6308) /bin/bash /usr/bin/check_mk_agent (root,13744,3412,00:00:00/00:00,6326) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,6327) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:00/33:45,7616) [kworker/1:0-cgroup_destroy] (root,0,0,00:00:00/02:13:41,9463) [kworker/0:2-cgroup_destroy] (root,0,0,00:00:00/44:40,9946) [kworker/u8:1-flush-253:0] (root,0,0,00:00:00/04:51,11744) [kworker/0:0] (root,0,0,00:00:00/01:13:44,16583) [kworker/3:2-mm_percpu_wq] (root,0,0,00:00:00/01:12:37,20379) [kworker/2:1-events] (root,0,0,00:00:00/30:31,22291) [kworker/0:1-events] (postfix,24244,8236,00:00:00/02:20,24925) pickup -l -t fifo -u (root,0,0,00:00:00/01:55,27937) [kworker/3:0-ata_sff] (root,0,0,00:00:00/01:35,31224) [kworker/1:1-events] (root,0,0,00:00:00/03:11:20,31631) [kworker/u8:0-ext4-rsv-conversion] (root,0,0,00:00:00/07:06,32746) [kworker/3:1-ata_sff] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-10-09 21:55 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363a54cca1fFound public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189452,12724,00:01:18/27-11:54:10,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/27-11:54:10,2) [kthreadd] (root,0,0,00:00:00/27-11:54:10,3) [rcu_gp] (root,0,0,00:00:00/27-11:54:10,4) [rcu_par_gp] (root,0,0,00:00:00/27-11:54:10,5) [slub_flushwq] (root,0,0,00:00:00/27-11:54:10,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/27-11:54:10,9) [mm_percpu_wq] (root,0,0,00:00:00/27-11:54:10,10) [rcu_tasks_kthre] (root,0,0,00:00:00/27-11:54:10,11) [rcu_tasks_rude_] (root,0,0,00:00:00/27-11:54:10,12) [rcu_tasks_trace] (root,0,0,00:00:51/27-11:54:10,13) [ksoftirqd/0] (root,0,0,01:20:02/27-11:54:10,14) [rcu_preempt] (root,0,0,00:00:10/27-11:54:10,15) [migration/0] (root,0,0,00:00:00/27-11:54:10,16) [idle_inject/0] (root,0,0,00:00:00/27-11:54:10,18) [cpuhp/0] (root,0,0,00:00:00/27-11:54:10,19) [cpuhp/1] (root,0,0,00:00:00/27-11:54:10,20) [idle_inject/1] (root,0,0,00:00:10/27-11:54:10,21) [migration/1] (root,0,0,00:00:42/27-11:54:10,22) [ksoftirqd/1] (root,0,0,00:00:00/27-11:54:10,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/27-11:54:10,25) [cpuhp/2] (root,0,0,00:00:00/27-11:54:10,26) [idle_inject/2] (root,0,0,00:00:08/27-11:54:10,27) [migration/2] (root,0,0,00:51:28/27-11:54:10,28) [ksoftirqd/2] (root,0,0,00:00:00/27-11:54:10,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/27-11:54:10,31) [cpuhp/3] (root,0,0,00:00:00/27-11:54:10,32) [idle_inject/3] (root,0,0,00:00:10/27-11:54:10,33) [migration/3] (root,0,0,00:02:41/27-11:54:10,34) [ksoftirqd/3] (root,0,0,00:00:00/27-11:54:10,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/27-11:54:10,40) [kdevtmpfs] (root,0,0,00:00:00/27-11:54:10,41) [netns] (root,0,0,00:00:00/27-11:54:10,42) [inet_frag_wq] (root,0,0,00:00:09/27-11:54:10,43) [kauditd] (root,0,0,00:00:00/27-11:54:10,44) [khungtaskd] (root,0,0,00:00:00/27-11:54:10,45) [oom_reaper] (root,0,0,00:00:00/27-11:54:10,46) [writeback] (root,0,0,00:01:28/27-11:54:10,47) [kcompactd0] (root,0,0,00:00:00/27-11:54:10,48) [ksmd] (root,0,0,00:01:29/27-11:54:10,49) [khugepaged] (root,0,0,00:00:00/27-11:54:10,75) [kintegrityd] (root,0,0,00:00:00/27-11:54:10,76) [kblockd] (root,0,0,00:00:00/27-11:54:10,77) [blkcg_punt_bio] (root,0,0,00:00:00/27-11:54:10,79) [tpm_dev_wq] (root,0,0,00:00:00/27-11:54:10,80) [edac-poller] (root,0,0,00:00:00/27-11:54:10,81) [devfreq_wq] (root,0,0,00:00:00/27-11:54:10,110) [watchdogd] (root,0,0,00:00:02/27-11:54:10,111) [kswapd0] (root,0,0,00:00:07/27-11:54:10,113) [kworker/2:1H-kblockd] (root,0,0,00:00:00/27-11:54:08,115) [kthrotld] (root,0,0,00:00:00/27-11:54:08,116) [mld] (root,0,0,00:00:00/27-11:54:08,117) [ipv6_addrconf] (root,0,0,00:00:07/27-11:54:08,118) [kworker/0:1H-kblockd] (root,0,0,00:00:00/27-11:54:08,123) [kstrp] (root,0,0,00:00:00/27-11:54:08,124) [zswap-shrink] (root,0,0,00:00:00/27-11:54:08,125) [kworker/u9:0] (root,0,0,00:00:00/27-11:54:08,130) [charger_manager] (root,0,0,00:00:08/27-11:54:08,172) [kworker/1:1H-kblockd] (root,0,0,00:00:12/27-11:54:08,177) [kworker/3:1H-kblockd] (root,0,0,00:00:00/27-11:54:07,239) [kaluad] (root,0,0,00:00:00/27-11:54:07,258) [kmpath_rdacd] (root,0,0,00:00:00/27-11:54:07,304) [kmpathd] (root,0,0,00:00:00/27-11:54:07,305) [kmpath_handlerd] (root,0,0,00:00:00/27-11:54:06,342) [ata_sff] (root,0,0,00:00:00/27-11:54:06,343) [scsi_eh_0] (root,0,0,00:00:00/27-11:54:06,344) [scsi_tmf_0] (root,0,0,00:00:00/27-11:54:06,345) [scsi_eh_1] (root,0,0,00:00:00/27-11:54:06,346) [scsi_tmf_1] (root,0,0,00:00:55/27-11:54:03,366) [jbd2/vda1-8] (root,0,0,00:00:00/27-11:54:03,367) [ext4-rsv-conver] (root,38604,7944,00:00:43/27-11:53:51,440) /usr/lib/systemd/systemd-journald (root,53296,9712,00:00:03/27-11:53:50,454) /usr/lib/systemd/systemd-udevd (root,8624,6212,00:00:43/27-11:53:48,492) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1616,00:00:15/27-11:53:17,511) /sbin/auditd (messagebus,22932,5632,00:01:26/27-11:53:16,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8328,00:00:49/27-11:53:16,530) /usr/lib/systemd/systemd-logind (root,20556,4624,00:00:00/27-11:53:16,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31704,15948,00:00:03/27-11:53:14,611) /usr/sbin/wickedd --systemd --foreground (root,31900,16404,00:00:00/27-11:53:14,616) /usr/sbin/wickedd-nanny --systemd --foreground (root,548104,28512,00:00:32/27-11:53:00,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,25908,00:00:00/27-11:53:00,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4536,00:02:48/27-11:53:00,1337) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1812,00:00:00/27-11:53:00,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40564,10520,00:00:00/27-11:53:00,1341) /usr/lib/systemd/systemd --user (cm-ssh,40560,10652,00:00:00/27-11:53:00,1342) /usr/lib/systemd/systemd --user (checkmk,40568,10560,00:00:00/27-11:53:00,1343) /usr/lib/systemd/systemd --user (root,449060,8644,00:00:41/27-11:53:00,1345) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,5856,00:03:59/27-11:53:00,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,656,00:00:00/27-11:53:00,1352) bpfilter_umh (root,26204,8128,00:00:13/27-11:53:00,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4032,00:00:00/27-11:53:00,1359) ntpd: asynchronous dns resolver (spot,296048,195024,1-17:08:56/27-11:52:59,1368) /usr/bin/python3.11 /usr/bin/spot (syslogtunnel,48528,3192,00:00:00/27-11:52:59,1371) (sd-pam) (checkmk,48528,3192,00:00:00/27-11:52:59,1372) (sd-pam) (cm-ssh,48528,3192,00:00:00/27-11:52:59,1373) (sd-pam) (root,24216,5260,00:00:09/27-11:52:57,1468) /usr/lib/postfix/bin//master -w (postfix,24292,8228,00:00:01/27-11:52:57,1470) qmgr -l -t fifo -u (root,8964,2656,00:00:03/27-11:52:57,1485) /usr/sbin/cron -n (root,35304,10076,00:00:00/27-11:52:54,1516) sshd: syslogtunnel [priv] (root,0,0,00:00:00/13:43,1520) [kworker/2:1-cgroup_destroy] (syslogtunnel,35304,5504,00:01:42/27-11:52:53,1527) sshd: syslogtunnel (root,693268,72056,00:38:01/27-11:52:51,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,0,0,00:00:00/01:00:00,1861) [kworker/0:2-mm_percpu_wq] (spot,219584,59120,00:15:33/27-11:52:39,1995) /usr/bin/python3.11 /usr/bin/spot (root,0,0,00:00:00/04:25,2311) [kworker/2:2] (postfix,44628,9244,00:00:00/21-17:28:14,2557) tlsmgr -l -t unix -u (root,35308,10108,00:00:00/27-11:52:14,3216) sshd: cm-ssh [priv] (cm-ssh,35308,5492,00:01:31/27-11:52:14,3218) sshd: cm-ssh (root,0,0,00:00:00/22:19,4690) [kworker/u8:1] (root,0,0,00:00:00/01:21:26,6602) [kworker/2:0-events] (root,0,0,00:00:00/56:59,7994) [kworker/1:0-events] (root,0,0,00:00:00/01:57,11119) [kworker/0:0-events] (root,0,0,00:00:00/10:04,13920) [kworker/3:2-ata_sff] (root,6656,3492,00:00:00/00:00,20788) /bin/bash /usr/bin/check_mk_agent (root,13744,3508,00:00:00/00:00,20806) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,20807) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:00/41:55,21505) [kworker/u8:2-writeback] (root,0,0,00:00:00/16:46,22103) [kworker/0:1-events] (root,0,0,00:00:00/15:15,28201) [kworker/3:0-events] (postfix,24244,8264,00:00:00/01:11:49,28642) pickup -l -t fifo -u (root,0,0,00:00:00/47:47,32123) [kworker/1:1-events] (root,0,0,00:00:00/04:52,32305) [kworker/3:1-ata_sff] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-10-07 22:42 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe56836304c35bc7Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189452,12712,00:01:10/25-10:57:25,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/25-10:57:25,2) [kthreadd] (root,0,0,00:00:00/25-10:57:25,3) [rcu_gp] (root,0,0,00:00:00/25-10:57:25,4) [rcu_par_gp] (root,0,0,00:00:00/25-10:57:25,5) [slub_flushwq] (root,0,0,00:00:00/25-10:57:25,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/25-10:57:25,9) [mm_percpu_wq] (root,0,0,00:00:00/25-10:57:25,10) [rcu_tasks_kthre] (root,0,0,00:00:00/25-10:57:25,11) [rcu_tasks_rude_] (root,0,0,00:00:00/25-10:57:25,12) [rcu_tasks_trace] (root,0,0,00:00:48/25-10:57:25,13) [ksoftirqd/0] (root,0,0,01:14:27/25-10:57:25,14) [rcu_preempt] (root,0,0,00:00:09/25-10:57:25,15) [migration/0] (root,0,0,00:00:00/25-10:57:25,16) [idle_inject/0] (root,0,0,00:00:00/25-10:57:25,18) [cpuhp/0] (root,0,0,00:00:00/25-10:57:25,19) [cpuhp/1] (root,0,0,00:00:00/25-10:57:25,20) [idle_inject/1] (root,0,0,00:00:09/25-10:57:25,21) [migration/1] (root,0,0,00:00:39/25-10:57:25,22) [ksoftirqd/1] (root,0,0,00:00:00/25-10:57:25,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/25-10:57:25,25) [cpuhp/2] (root,0,0,00:00:00/25-10:57:25,26) [idle_inject/2] (root,0,0,00:00:07/25-10:57:25,27) [migration/2] (root,0,0,00:48:34/25-10:57:25,28) [ksoftirqd/2] (root,0,0,00:00:00/25-10:57:25,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/25-10:57:25,31) [cpuhp/3] (root,0,0,00:00:00/25-10:57:25,32) [idle_inject/3] (root,0,0,00:00:09/25-10:57:25,33) [migration/3] (root,0,0,00:02:30/25-10:57:25,34) [ksoftirqd/3] (root,0,0,00:00:00/25-10:57:25,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/25-10:57:25,40) [kdevtmpfs] (root,0,0,00:00:00/25-10:57:25,41) [netns] (root,0,0,00:00:00/25-10:57:25,42) [inet_frag_wq] (root,0,0,00:00:08/25-10:57:25,43) [kauditd] (root,0,0,00:00:00/25-10:57:25,44) [khungtaskd] (root,0,0,00:00:00/25-10:57:25,45) [oom_reaper] (root,0,0,00:00:00/25-10:57:25,46) [writeback] (root,0,0,00:01:21/25-10:57:25,47) [kcompactd0] (root,0,0,00:00:00/25-10:57:25,48) [ksmd] (root,0,0,00:01:23/25-10:57:25,49) [khugepaged] (root,0,0,00:00:00/25-10:57:25,75) [kintegrityd] (root,0,0,00:00:00/25-10:57:25,76) [kblockd] (root,0,0,00:00:00/25-10:57:25,77) [blkcg_punt_bio] (root,0,0,00:00:00/25-10:57:25,79) [tpm_dev_wq] (root,0,0,00:00:00/25-10:57:25,80) [edac-poller] (root,0,0,00:00:00/25-10:57:25,81) [devfreq_wq] (root,0,0,00:00:00/25-10:57:25,110) [watchdogd] (root,0,0,00:00:01/25-10:57:25,111) [kswapd0] (root,0,0,00:00:07/25-10:57:25,113) [kworker/2:1H-kblockd] (root,0,0,00:00:00/25-10:57:23,115) [kthrotld] (root,0,0,00:00:00/25-10:57:23,116) [mld] (root,0,0,00:00:00/25-10:57:23,117) [ipv6_addrconf] (root,0,0,00:00:07/25-10:57:23,118) [kworker/0:1H-kblockd] (root,0,0,00:00:00/25-10:57:23,123) [kstrp] (root,0,0,00:00:00/25-10:57:23,124) [zswap-shrink] (root,0,0,00:00:00/25-10:57:23,125) [kworker/u9:0] (root,0,0,00:00:00/25-10:57:23,130) [charger_manager] (root,0,0,00:00:07/25-10:57:23,172) [kworker/1:1H-kblockd] (root,0,0,00:00:11/25-10:57:23,177) [kworker/3:1H-kblockd] (root,0,0,00:00:00/25-10:57:22,239) [kaluad] (root,0,0,00:00:00/25-10:57:22,258) [kmpath_rdacd] (root,0,0,00:00:00/25-10:57:22,304) [kmpathd] (root,0,0,00:00:00/25-10:57:22,305) [kmpath_handlerd] (root,0,0,00:00:00/25-10:57:21,342) [ata_sff] (root,0,0,00:00:00/25-10:57:21,343) [scsi_eh_0] (root,0,0,00:00:00/25-10:57:21,344) [scsi_tmf_0] (root,0,0,00:00:00/25-10:57:21,345) [scsi_eh_1] (root,0,0,00:00:00/25-10:57:21,346) [scsi_tmf_1] (root,0,0,00:00:51/25-10:57:18,366) [jbd2/vda1-8] (root,0,0,00:00:00/25-10:57:18,367) [ext4-rsv-conver] (root,38604,7992,00:00:39/25-10:57:06,440) /usr/lib/systemd/systemd-journald (root,53296,9748,00:00:03/25-10:57:05,454) /usr/lib/systemd/systemd-udevd (root,8624,6244,00:00:40/25-10:57:03,492) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1652,00:00:14/25-10:56:32,511) /sbin/auditd (messagebus,22932,5912,00:01:17/25-10:56:31,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8392,00:00:44/25-10:56:31,530) /usr/lib/systemd/systemd-logind (root,20556,5900,00:00:00/25-10:56:31,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31704,17292,00:00:03/25-10:56:29,611) /usr/sbin/wickedd --systemd --foreground (root,31900,17856,00:00:00/25-10:56:29,616) /usr/sbin/wickedd-nanny --systemd --foreground (root,548104,29508,00:00:30/25-10:56:15,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26660,00:00:00/25-10:56:15,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4536,00:02:35/25-10:56:15,1337) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1856,00:00:00/25-10:56:15,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40564,10520,00:00:00/25-10:56:15,1341) /usr/lib/systemd/systemd --user (cm-ssh,40560,10652,00:00:00/25-10:56:15,1342) /usr/lib/systemd/systemd --user (checkmk,40568,10560,00:00:00/25-10:56:15,1343) /usr/lib/systemd/systemd --user (root,449060,9120,00:00:37/25-10:56:15,1345) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6340,00:03:41/25-10:56:15,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,656,00:00:00/25-10:56:15,1352) bpfilter_umh (root,26204,8212,00:00:12/25-10:56:15,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4368,00:00:00/25-10:56:15,1359) ntpd: asynchronous dns resolver (spot,296176,191476,1-14:52:10/25-10:56:14,1368) /usr/bin/python3.11 /usr/bin/spot (syslogtunnel,48528,3192,00:00:00/25-10:56:14,1371) (sd-pam) (checkmk,48528,3192,00:00:00/25-10:56:14,1372) (sd-pam) (cm-ssh,48528,3192,00:00:00/25-10:56:14,1373) (sd-pam) (root,24216,5268,00:00:08/25-10:56:12,1468) /usr/lib/postfix/bin//master -w (postfix,24292,8244,00:00:01/25-10:56:12,1470) qmgr -l -t fifo -u (root,8964,2656,00:00:03/25-10:56:12,1485) /usr/sbin/cron -n (root,35304,10076,00:00:00/25-10:56:09,1516) sshd: syslogtunnel [priv] (syslogtunnel,35304,5504,00:01:34/25-10:56:08,1527) sshd: syslogtunnel (root,693268,73792,00:35:13/25-10:56:06,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,0,0,00:00:00/02:02,1678) [kworker/0:0] (spot,217536,57776,00:14:33/25-10:55:54,1995) /usr/bin/python3.11 /usr/bin/spot (postfix,44628,9292,00:00:00/19-16:31:29,2557) tlsmgr -l -t unix -u (root,0,0,00:00:00/03:27:24,3065) [kworker/0:1-cgroup_destroy] (root,35308,10108,00:00:00/25-10:55:29,3216) sshd: cm-ssh [priv] (cm-ssh,35308,5492,00:01:25/25-10:55:29,3218) sshd: cm-ssh (root,0,0,00:00:00/40:44,5871) [kworker/3:1-mm_percpu_wq] (root,0,0,00:00:00/00:34,6647) [kworker/u8:0] (root,0,0,00:00:00/02:38:52,8363) [kworker/u8:1-ext4-rsv-conversion] (root,6656,3488,00:00:00/00:00,8505) /bin/bash /usr/bin/check_mk_agent (root,6656,1824,00:00:00/00:00,8546) /bin/bash /usr/bin/check_mk_agent (root,6656,2016,00:00:00/00:00,8547) /bin/bash /usr/bin/check_mk_agent (root,4480,1036,00:00:00/00:00,8548) awk /:/ { c[$4]++; } END { for (x in c) { print x, c[x]; } } (root,2728,772,00:00:00/00:00,8549) timeout 5 cat /proc/net/tcp /proc/net/tcp6 (root,2680,708,00:00:00/00:00,8550) cat /proc/net/tcp /proc/net/tcp6 (root,6656,3476,00:00:00/00:00,8551) /bin/bash /usr/bin/check_mk_agent (root,13744,3368,00:00:00/00:00,8569) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,8570) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:00/02:23:55,10636) [kworker/1:2-cgroup_destroy] (root,0,0,00:00:00/01:08:35,14592) [kworker/0:2-events] (root,0,0,00:00:00/09:35,16294) [kworker/3:2-ata_sff] (root,0,0,00:00:00/01:45:38,16766) [kworker/u8:2-writeback] (postfix,24244,8260,00:00:00/36:09,17284) pickup -l -t fifo -u (root,0,0,00:00:00/08:07,18946) [kworker/1:1-events] (root,0,0,00:00:00/01:17:33,23197) [kworker/2:0-events] (root,0,0,00:00:00/04:25,28759) [kworker/3:0-ata_sff] (root,0,0,00:00:00/32:03,31512) [kworker/2:1-cgroup_destroy] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-10-05 21:46 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe5683635b11af32Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189452,12712,00:01:03/23-12:44:55,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/23-12:44:55,2) [kthreadd] (root,0,0,00:00:00/23-12:44:55,3) [rcu_gp] (root,0,0,00:00:00/23-12:44:55,4) [rcu_par_gp] (root,0,0,00:00:00/23-12:44:55,5) [slub_flushwq] (root,0,0,00:00:00/23-12:44:55,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/23-12:44:55,9) [mm_percpu_wq] (root,0,0,00:00:00/23-12:44:55,10) [rcu_tasks_kthre] (root,0,0,00:00:00/23-12:44:55,11) [rcu_tasks_rude_] (root,0,0,00:00:00/23-12:44:55,12) [rcu_tasks_trace] (root,0,0,00:00:45/23-12:44:55,13) [ksoftirqd/0] (root,0,0,01:09:05/23-12:44:55,14) [rcu_preempt] (root,0,0,00:00:09/23-12:44:55,15) [migration/0] (root,0,0,00:00:00/23-12:44:55,16) [idle_inject/0] (root,0,0,00:00:00/23-12:44:55,18) [cpuhp/0] (root,0,0,00:00:00/23-12:44:55,19) [cpuhp/1] (root,0,0,00:00:00/23-12:44:55,20) [idle_inject/1] (root,0,0,00:00:09/23-12:44:55,21) [migration/1] (root,0,0,00:00:37/23-12:44:55,22) [ksoftirqd/1] (root,0,0,00:00:00/23-12:44:55,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/23-12:44:55,25) [cpuhp/2] (root,0,0,00:00:00/23-12:44:55,26) [idle_inject/2] (root,0,0,00:00:07/23-12:44:55,27) [migration/2] (root,0,0,00:45:31/23-12:44:55,28) [ksoftirqd/2] (root,0,0,00:00:00/23-12:44:55,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/23-12:44:55,31) [cpuhp/3] (root,0,0,00:00:00/23-12:44:55,32) [idle_inject/3] (root,0,0,00:00:08/23-12:44:55,33) [migration/3] (root,0,0,00:02:21/23-12:44:55,34) [ksoftirqd/3] (root,0,0,00:00:00/23-12:44:55,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/23-12:44:55,40) [kdevtmpfs] (root,0,0,00:00:00/23-12:44:55,41) [netns] (root,0,0,00:00:00/23-12:44:55,42) [inet_frag_wq] (root,0,0,00:00:07/23-12:44:55,43) [kauditd] (root,0,0,00:00:00/23-12:44:55,44) [khungtaskd] (root,0,0,00:00:00/23-12:44:55,45) [oom_reaper] (root,0,0,00:00:00/23-12:44:55,46) [writeback] (root,0,0,00:01:15/23-12:44:55,47) [kcompactd0] (root,0,0,00:00:00/23-12:44:55,48) [ksmd] (root,0,0,00:01:17/23-12:44:55,49) [khugepaged] (root,0,0,00:00:00/23-12:44:55,75) [kintegrityd] (root,0,0,00:00:00/23-12:44:55,76) [kblockd] (root,0,0,00:00:00/23-12:44:55,77) [blkcg_punt_bio] (root,0,0,00:00:00/23-12:44:55,79) [tpm_dev_wq] (root,0,0,00:00:00/23-12:44:55,80) [edac-poller] (root,0,0,00:00:00/23-12:44:55,81) [devfreq_wq] (root,0,0,00:00:00/23-12:44:55,110) [watchdogd] (root,0,0,00:00:01/23-12:44:55,111) [kswapd0] (root,0,0,00:00:06/23-12:44:55,113) [kworker/2:1H-kblockd] (root,0,0,00:00:00/23-12:44:53,115) [kthrotld] (root,0,0,00:00:00/23-12:44:53,116) [mld] (root,0,0,00:00:00/23-12:44:53,117) [ipv6_addrconf] (root,0,0,00:00:06/23-12:44:53,118) [kworker/0:1H-kblockd] (root,0,0,00:00:00/23-12:44:53,123) [kstrp] (root,0,0,00:00:00/23-12:44:53,124) [zswap-shrink] (root,0,0,00:00:00/23-12:44:53,125) [kworker/u9:0] (root,0,0,00:00:00/23-12:44:53,130) [charger_manager] (root,0,0,00:00:07/23-12:44:53,172) [kworker/1:1H-kblockd] (root,0,0,00:00:10/23-12:44:53,177) [kworker/3:1H-kblockd] (root,0,0,00:00:00/23-12:44:52,239) [kaluad] (root,0,0,00:00:00/23-12:44:52,258) [kmpath_rdacd] (root,0,0,00:00:00/23-12:44:52,304) [kmpathd] (root,0,0,00:00:00/23-12:44:52,305) [kmpath_handlerd] (root,0,0,00:00:00/23-12:44:51,342) [ata_sff] (root,0,0,00:00:00/23-12:44:51,343) [scsi_eh_0] (root,0,0,00:00:00/23-12:44:51,344) [scsi_tmf_0] (root,0,0,00:00:00/23-12:44:51,345) [scsi_eh_1] (root,0,0,00:00:00/23-12:44:51,346) [scsi_tmf_1] (root,0,0,00:00:47/23-12:44:48,366) [jbd2/vda1-8] (root,0,0,00:00:00/23-12:44:48,367) [ext4-rsv-conver] (root,38604,7992,00:00:35/23-12:44:36,440) /usr/lib/systemd/systemd-journald (root,53296,9748,00:00:02/23-12:44:35,454) /usr/lib/systemd/systemd-udevd (root,8624,6244,00:00:37/23-12:44:33,492) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1652,00:00:12/23-12:44:02,511) /sbin/auditd (messagebus,22932,5912,00:01:08/23-12:44:01,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8392,00:00:39/23-12:44:01,530) /usr/lib/systemd/systemd-logind (root,20556,5900,00:00:00/23-12:44:01,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31704,17292,00:00:03/23-12:43:59,611) /usr/sbin/wickedd --systemd --foreground (root,31900,17856,00:00:00/23-12:43:59,616) /usr/sbin/wickedd-nanny --systemd --foreground (root,548104,28468,00:00:27/23-12:43:45,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26660,00:00:00/23-12:43:45,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4536,00:02:27/23-12:43:45,1337) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1856,00:00:00/23-12:43:45,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40564,10520,00:00:00/23-12:43:45,1341) /usr/lib/systemd/systemd --user (cm-ssh,40560,10652,00:00:00/23-12:43:45,1342) /usr/lib/systemd/systemd --user (checkmk,40568,10560,00:00:00/23-12:43:45,1343) /usr/lib/systemd/systemd --user (root,449060,9120,00:00:33/23-12:43:45,1345) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6340,00:03:25/23-12:43:45,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,656,00:00:00/23-12:43:45,1352) bpfilter_umh (root,26204,8212,00:00:10/23-12:43:45,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4368,00:00:00/23-12:43:45,1359) ntpd: asynchronous dns resolver (spot,291760,178036,1-12:31:49/23-12:43:44,1368) /usr/bin/python3.11 /usr/bin/spot (syslogtunnel,48528,3192,00:00:00/23-12:43:44,1371) (sd-pam) (checkmk,48528,3192,00:00:00/23-12:43:44,1372) (sd-pam) (cm-ssh,48528,3192,00:00:00/23-12:43:44,1373) (sd-pam) (root,24216,5268,00:00:08/23-12:43:42,1468) /usr/lib/postfix/bin//master -w (postfix,24292,8244,00:00:01/23-12:43:42,1470) qmgr -l -t fifo -u (root,8964,2656,00:00:03/23-12:43:42,1485) /usr/sbin/cron -n (root,35304,10076,00:00:00/23-12:43:39,1516) sshd: syslogtunnel [priv] (syslogtunnel,35304,5504,00:01:27/23-12:43:38,1527) sshd: syslogtunnel (root,692644,75248,00:32:33/23-12:43:36,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,217536,56548,00:13:35/23-12:43:24,1995) /usr/bin/python3.11 /usr/bin/spot (postfix,44628,9292,00:00:00/17-18:18:59,2557) tlsmgr -l -t unix -u (root,35308,10108,00:00:00/23-12:42:59,3216) sshd: cm-ssh [priv] (cm-ssh,35308,5492,00:01:18/23-12:42:59,3218) sshd: cm-ssh (root,0,0,00:00:00/52:53,3867) [kworker/0:0-events] (root,0,0,00:00:00/18:24,3961) [kworker/1:2-events] (root,0,0,00:00:00/01:01:19,4103) [kworker/u8:1-flush-253:0] (root,0,0,00:00:00/05:26:30,4562) [kworker/u8:0-flush-253:0] (root,0,0,00:00:00/09:32,6492) [kworker/3:2-ata_sff] (root,0,0,00:00:00/09:31,6663) [kworker/0:2-events] (root,0,0,00:00:00/37:30,14029) [kworker/2:1-events] (root,0,0,00:00:00/01:14:50,18134) [kworker/2:2-events] (root,0,0,00:00:00/35:28,18665) [kworker/3:1-events] (postfix,24244,8168,00:00:00/01:05:24,18770) pickup -l -t fifo -u (root,6656,3492,00:00:00/00:00,20300) /bin/bash /usr/bin/check_mk_agent (root,13744,3404,00:00:00/00:00,20318) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,968,00:00:00/00:00,20319) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:00/12:25,28637) [kworker/1:1] (root,0,0,00:00:00/04:21,29474) [kworker/3:0-ata_sff] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-10-03 23:33 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe5683638fcec7dcFound public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189452,12688,00:00:54/21-12:00:01,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/21-12:00:01,2) [kthreadd] (root,0,0,00:00:00/21-12:00:01,3) [rcu_gp] (root,0,0,00:00:00/21-12:00:01,4) [rcu_par_gp] (root,0,0,00:00:00/21-12:00:01,5) [slub_flushwq] (root,0,0,00:00:00/21-12:00:01,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/21-12:00:01,9) [mm_percpu_wq] (root,0,0,00:00:00/21-12:00:01,10) [rcu_tasks_kthre] (root,0,0,00:00:00/21-12:00:01,11) [rcu_tasks_rude_] (root,0,0,00:00:00/21-12:00:01,12) [rcu_tasks_trace] (root,0,0,00:00:41/21-12:00:01,13) [ksoftirqd/0] (root,0,0,01:03:19/21-12:00:01,14) [rcu_preempt] (root,0,0,00:00:08/21-12:00:01,15) [migration/0] (root,0,0,00:00:00/21-12:00:01,16) [idle_inject/0] (root,0,0,00:00:00/21-12:00:01,18) [cpuhp/0] (root,0,0,00:00:00/21-12:00:01,19) [cpuhp/1] (root,0,0,00:00:00/21-12:00:01,20) [idle_inject/1] (root,0,0,00:00:08/21-12:00:01,21) [migration/1] (root,0,0,00:00:34/21-12:00:01,22) [ksoftirqd/1] (root,0,0,00:00:00/21-12:00:01,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/21-12:00:01,25) [cpuhp/2] (root,0,0,00:00:00/21-12:00:01,26) [idle_inject/2] (root,0,0,00:00:06/21-12:00:01,27) [migration/2] (root,0,0,00:42:37/21-12:00:01,28) [ksoftirqd/2] (root,0,0,00:00:00/21-12:00:01,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/21-12:00:01,31) [cpuhp/3] (root,0,0,00:00:00/21-12:00:01,32) [idle_inject/3] (root,0,0,00:00:08/21-12:00:01,33) [migration/3] (root,0,0,00:02:11/21-12:00:01,34) [ksoftirqd/3] (root,0,0,00:00:00/21-12:00:01,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/21-12:00:01,40) [kdevtmpfs] (root,0,0,00:00:00/21-12:00:01,41) [netns] (root,0,0,00:00:00/21-12:00:01,42) [inet_frag_wq] (root,0,0,00:00:06/21-12:00:01,43) [kauditd] (root,0,0,00:00:00/21-12:00:01,44) [khungtaskd] (root,0,0,00:00:00/21-12:00:01,45) [oom_reaper] (root,0,0,00:00:00/21-12:00:01,46) [writeback] (root,0,0,00:01:09/21-12:00:01,47) [kcompactd0] (root,0,0,00:00:00/21-12:00:01,48) [ksmd] (root,0,0,00:01:10/21-12:00:01,49) [khugepaged] (root,0,0,00:00:00/21-12:00:01,75) [kintegrityd] (root,0,0,00:00:00/21-12:00:01,76) [kblockd] (root,0,0,00:00:00/21-12:00:01,77) [blkcg_punt_bio] (root,0,0,00:00:00/21-12:00:01,79) [tpm_dev_wq] (root,0,0,00:00:00/21-12:00:01,80) [edac-poller] (root,0,0,00:00:00/21-12:00:01,81) [devfreq_wq] (root,0,0,00:00:00/21-12:00:01,110) [watchdogd] (root,0,0,00:00:01/21-12:00:01,111) [kswapd0] (root,0,0,00:00:05/21-12:00:01,113) [kworker/2:1H-kblockd] (root,0,0,00:00:00/21-11:59:59,115) [kthrotld] (root,0,0,00:00:00/21-11:59:59,116) [mld] (root,0,0,00:00:00/21-11:59:59,117) [ipv6_addrconf] (root,0,0,00:00:06/21-11:59:59,118) [kworker/0:1H-kblockd] (root,0,0,00:00:00/21-11:59:59,123) [kstrp] (root,0,0,00:00:00/21-11:59:59,124) [zswap-shrink] (root,0,0,00:00:00/21-11:59:59,125) [kworker/u9:0] (root,0,0,00:00:00/21-11:59:59,130) [charger_manager] (root,0,0,00:00:06/21-11:59:59,172) [kworker/1:1H-kblockd] (root,0,0,00:00:09/21-11:59:59,177) [kworker/3:1H-kblockd] (root,0,0,00:00:00/21-11:59:58,239) [kaluad] (root,0,0,00:00:00/21-11:59:58,258) [kmpath_rdacd] (root,0,0,00:00:00/21-11:59:58,304) [kmpathd] (root,0,0,00:00:00/21-11:59:58,305) [kmpath_handlerd] (root,0,0,00:00:00/21-11:59:57,342) [ata_sff] (root,0,0,00:00:00/21-11:59:57,343) [scsi_eh_0] (root,0,0,00:00:00/21-11:59:57,344) [scsi_tmf_0] (root,0,0,00:00:00/21-11:59:57,345) [scsi_eh_1] (root,0,0,00:00:00/21-11:59:57,346) [scsi_tmf_1] (root,0,0,00:00:43/21-11:59:54,366) [jbd2/vda1-8] (root,0,0,00:00:00/21-11:59:54,367) [ext4-rsv-conver] (root,38604,7992,00:00:30/21-11:59:42,440) /usr/lib/systemd/systemd-journald (root,53296,9748,00:00:02/21-11:59:41,454) /usr/lib/systemd/systemd-udevd (root,0,0,00:00:00/01:02:42,461) [kworker/3:0-events_freezable_power_] (root,8624,6244,00:00:34/21-11:59:39,492) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1652,00:00:10/21-11:59:08,511) /sbin/auditd (messagebus,22932,5912,00:00:57/21-11:59:07,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8392,00:00:33/21-11:59:07,530) /usr/lib/systemd/systemd-logind (root,20556,5900,00:00:00/21-11:59:07,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31704,17292,00:00:03/21-11:59:05,611) /usr/sbin/wickedd --systemd --foreground (root,31900,17856,00:00:00/21-11:59:05,616) /usr/sbin/wickedd-nanny --systemd --foreground (postfix,24244,8220,00:00:00/42:22,1289) pickup -l -t fifo -u (root,548104,28468,00:00:25/21-11:58:51,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26660,00:00:00/21-11:58:51,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4536,00:02:15/21-11:58:51,1337) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1856,00:00:00/21-11:58:51,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40564,10520,00:00:00/21-11:58:51,1341) /usr/lib/systemd/systemd --user (cm-ssh,40560,10652,00:00:00/21-11:58:51,1342) /usr/lib/systemd/systemd --user (checkmk,40568,10560,00:00:00/21-11:58:51,1343) /usr/lib/systemd/systemd --user (root,449156,8812,00:00:29/21-11:58:51,1345) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6340,00:03:07/21-11:58:51,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,656,00:00:00/21-11:58:51,1352) bpfilter_umh (root,26204,8212,00:00:09/21-11:58:51,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4368,00:00:00/21-11:58:51,1359) ntpd: asynchronous dns resolver (spot,313404,199396,1-09:51:54/21-11:58:50,1368) /usr/bin/python3.11 /usr/bin/spot (syslogtunnel,48528,3192,00:00:00/21-11:58:50,1371) (sd-pam) (checkmk,48528,3192,00:00:00/21-11:58:50,1372) (sd-pam) (cm-ssh,48528,3192,00:00:00/21-11:58:50,1373) (sd-pam) (root,24216,5268,00:00:07/21-11:58:48,1468) /usr/lib/postfix/bin//master -w (postfix,24292,8244,00:00:01/21-11:58:48,1470) qmgr -l -t fifo -u (root,8964,2656,00:00:03/21-11:58:48,1485) /usr/sbin/cron -n (root,35304,10076,00:00:00/21-11:58:45,1516) sshd: syslogtunnel [priv] (syslogtunnel,35304,5504,00:01:19/21-11:58:44,1527) sshd: syslogtunnel (root,692388,72908,00:29:44/21-11:58:42,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,216512,55044,00:12:31/21-11:58:30,1995) /usr/bin/python3.11 /usr/bin/spot (postfix,44628,9292,00:00:00/15-17:34:05,2557) tlsmgr -l -t unix -u (root,35308,10108,00:00:00/21-11:58:05,3216) sshd: cm-ssh [priv] (cm-ssh,35308,5492,00:01:11/21-11:58:05,3218) sshd: cm-ssh (root,0,0,00:00:00/00:27,3921) [kworker/3:2-ata_sff] (root,6656,3484,00:00:00/00:00,4784) /bin/bash /usr/bin/check_mk_agent (root,6656,1820,00:00:00/00:00,4825) /bin/bash /usr/bin/check_mk_agent (root,6656,2012,00:00:00/00:00,4826) /bin/bash /usr/bin/check_mk_agent (root,4480,1048,00:00:00/00:00,4827) awk /:/ { c[$4]++; } END { for (x in c) { print x, c[x]; } } (root,2728,824,00:00:00/00:00,4828) timeout 5 cat /proc/net/tcp /proc/net/tcp6 (root,2676,1300,00:00:00/00:00,4829) cat /proc/net/tcp /proc/net/tcp6 (root,6656,3488,00:00:00/00:00,4830) /bin/bash /usr/bin/check_mk_agent (root,13744,3368,00:00:00/00:00,4848) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,956,00:00:00/00:00,4849) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:00/41:50,5347) [kworker/1:2-events] (root,0,0,00:00:00/01:19:20,6565) [kworker/0:0] (root,0,0,00:00:00/01:18:38,9313) [kworker/u8:2-ext4-rsv-conversion] (root,0,0,00:00:00/05:37,13299) [kworker/3:1-ata_sff] (root,0,0,00:00:00/21:51,14476) [kworker/u8:1-writeback] (root,0,0,00:00:01/02:30:31,17228) [kworker/0:1-events] (root,0,0,00:00:00/30:27,17661) [kworker/1:1-events] (root,0,0,00:00:00/01:13:42,22368) [kworker/2:0-cgroup_destroy] (root,0,0,00:00:01/03:38:36,29790) [kworker/2:2-events] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-10-01 22:48 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363246ba7e5Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189452,12688,00:00:44/19-12:12:02,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/19-12:12:02,2) [kthreadd] (root,0,0,00:00:00/19-12:12:02,3) [rcu_gp] (root,0,0,00:00:00/19-12:12:02,4) [rcu_par_gp] (root,0,0,00:00:00/19-12:12:02,5) [slub_flushwq] (root,0,0,00:00:00/19-12:12:02,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/19-12:12:02,9) [mm_percpu_wq] (root,0,0,00:00:00/19-12:12:02,10) [rcu_tasks_kthre] (root,0,0,00:00:00/19-12:12:02,11) [rcu_tasks_rude_] (root,0,0,00:00:00/19-12:12:02,12) [rcu_tasks_trace] (root,0,0,00:00:37/19-12:12:02,13) [ksoftirqd/0] (root,0,0,00:57:13/19-12:12:02,14) [rcu_preempt] (root,0,0,00:00:07/19-12:12:02,15) [migration/0] (root,0,0,00:00:00/19-12:12:02,16) [idle_inject/0] (root,0,0,00:00:00/19-12:12:02,18) [cpuhp/0] (root,0,0,00:00:00/19-12:12:02,19) [cpuhp/1] (root,0,0,00:00:00/19-12:12:02,20) [idle_inject/1] (root,0,0,00:00:07/19-12:12:02,21) [migration/1] (root,0,0,00:00:31/19-12:12:02,22) [ksoftirqd/1] (root,0,0,00:00:00/19-12:12:02,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/19-12:12:02,25) [cpuhp/2] (root,0,0,00:00:00/19-12:12:02,26) [idle_inject/2] (root,0,0,00:00:05/19-12:12:02,27) [migration/2] (root,0,0,00:39:10/19-12:12:02,28) [ksoftirqd/2] (root,0,0,00:00:00/19-12:12:02,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/19-12:12:02,31) [cpuhp/3] (root,0,0,00:00:00/19-12:12:02,32) [idle_inject/3] (root,0,0,00:00:07/19-12:12:02,33) [migration/3] (root,0,0,00:01:58/19-12:12:02,34) [ksoftirqd/3] (root,0,0,00:00:00/19-12:12:02,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/19-12:12:02,40) [kdevtmpfs] (root,0,0,00:00:00/19-12:12:02,41) [netns] (root,0,0,00:00:00/19-12:12:02,42) [inet_frag_wq] (root,0,0,00:00:05/19-12:12:02,43) [kauditd] (root,0,0,00:00:00/19-12:12:02,44) [khungtaskd] (root,0,0,00:00:00/19-12:12:02,45) [oom_reaper] (root,0,0,00:00:00/19-12:12:02,46) [writeback] (root,0,0,00:01:02/19-12:12:02,47) [kcompactd0] (root,0,0,00:00:00/19-12:12:02,48) [ksmd] (root,0,0,00:01:03/19-12:12:02,49) [khugepaged] (root,0,0,00:00:00/19-12:12:02,75) [kintegrityd] (root,0,0,00:00:00/19-12:12:02,76) [kblockd] (root,0,0,00:00:00/19-12:12:02,77) [blkcg_punt_bio] (root,0,0,00:00:00/19-12:12:02,79) [tpm_dev_wq] (root,0,0,00:00:00/19-12:12:02,80) [edac-poller] (root,0,0,00:00:00/19-12:12:02,81) [devfreq_wq] (root,0,0,00:00:00/19-12:12:02,110) [watchdogd] (root,0,0,00:00:01/19-12:12:02,111) [kswapd0] (root,0,0,00:00:05/19-12:12:02,113) [kworker/2:1H-kblockd] (root,0,0,00:00:00/19-12:12:00,115) [kthrotld] (root,0,0,00:00:00/19-12:12:00,116) [mld] (root,0,0,00:00:00/19-12:12:00,117) [ipv6_addrconf] (root,0,0,00:00:05/19-12:12:00,118) [kworker/0:1H-kblockd] (root,0,0,00:00:00/19-12:12:00,123) [kstrp] (root,0,0,00:00:00/19-12:12:00,124) [zswap-shrink] (root,0,0,00:00:00/19-12:12:00,125) [kworker/u9:0] (root,0,0,00:00:00/19-12:12:00,130) [charger_manager] (root,0,0,00:00:05/19-12:12:00,172) [kworker/1:1H-kblockd] (root,0,0,00:00:08/19-12:12:00,177) [kworker/3:1H-kblockd] (root,0,0,00:00:00/19-12:11:59,239) [kaluad] (root,0,0,00:00:00/19-12:11:59,258) [kmpath_rdacd] (root,0,0,00:00:00/19-12:11:59,304) [kmpathd] (root,0,0,00:00:00/19-12:11:59,305) [kmpath_handlerd] (root,0,0,00:00:00/19-12:11:58,342) [ata_sff] (root,0,0,00:00:00/19-12:11:58,343) [scsi_eh_0] (root,0,0,00:00:00/19-12:11:58,344) [scsi_tmf_0] (root,0,0,00:00:00/19-12:11:58,345) [scsi_eh_1] (root,0,0,00:00:00/19-12:11:58,346) [scsi_tmf_1] (root,0,0,00:00:38/19-12:11:55,366) [jbd2/vda1-8] (root,0,0,00:00:00/19-12:11:55,367) [ext4-rsv-conver] (root,38604,7616,00:00:25/19-12:11:43,440) /usr/lib/systemd/systemd-journald (root,53296,9748,00:00:02/19-12:11:42,454) /usr/lib/systemd/systemd-udevd (root,8624,6244,00:00:31/19-12:11:40,492) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1652,00:00:08/19-12:11:09,511) /sbin/auditd (messagebus,22932,5912,00:00:45/19-12:11:08,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8392,00:00:26/19-12:11:08,530) /usr/lib/systemd/systemd-logind (root,20556,6040,00:00:00/19-12:11:08,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31704,17436,00:00:03/19-12:11:06,611) /usr/sbin/wickedd --systemd --foreground (root,31900,18000,00:00:00/19-12:11:06,616) /usr/sbin/wickedd-nanny --systemd --foreground (root,547848,27472,00:00:23/19-12:10:52,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26660,00:00:00/19-12:10:52,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4536,00:02:04/19-12:10:52,1337) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1856,00:00:00/19-12:10:52,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40564,10520,00:00:00/19-12:10:52,1341) /usr/lib/systemd/systemd --user (cm-ssh,40560,10652,00:00:00/19-12:10:52,1342) /usr/lib/systemd/systemd --user (checkmk,40568,10560,00:00:00/19-12:10:52,1343) /usr/lib/systemd/systemd --user (root,449156,8812,00:00:24/19-12:10:52,1345) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6340,00:02:49/19-12:10:52,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,656,00:00:00/19-12:10:52,1352) bpfilter_umh (root,26204,8212,00:00:07/19-12:10:52,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4368,00:00:00/19-12:10:52,1359) ntpd: asynchronous dns resolver (spot,314892,199772,1-07:02:44/19-12:10:51,1368) /usr/bin/python3.11 /usr/bin/spot (syslogtunnel,48528,3192,00:00:00/19-12:10:51,1371) (sd-pam) (checkmk,48528,3192,00:00:00/19-12:10:51,1372) (sd-pam) (cm-ssh,48528,3192,00:00:00/19-12:10:51,1373) (sd-pam) (root,24216,5268,00:00:06/19-12:10:49,1468) /usr/lib/postfix/bin//master -w (postfix,24292,8244,00:00:01/19-12:10:49,1470) qmgr -l -t fifo -u (root,8964,2656,00:00:02/19-12:10:49,1485) /usr/sbin/cron -n (root,35304,10076,00:00:00/19-12:10:46,1516) sshd: syslogtunnel [priv] (syslogtunnel,35304,5504,00:01:10/19-12:10:45,1527) sshd: syslogtunnel (root,618656,73492,00:26:53/19-12:10:43,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,0,0,00:00:00/22:19,1678) [kworker/3:1-events] (spot,215488,53708,00:11:19/19-12:10:31,1995) /usr/bin/python3.11 /usr/bin/spot (postfix,44628,9336,00:00:00/13-17:46:06,2557) tlsmgr -l -t unix -u (root,35308,10108,00:00:00/19-12:10:06,3216) sshd: cm-ssh [priv] (cm-ssh,35308,5492,00:01:04/19-12:10:06,3218) sshd: cm-ssh (root,0,0,00:00:00/04:44,4244) [kworker/0:0-events] (root,0,0,00:00:00/07:00:41,5852) [kworker/u8:2-ext4-rsv-conversion] (root,0,0,00:00:00/02:20,10508) [kworker/2:2-events] (root,0,0,00:00:00/11:02,11634) [kworker/2:1-cgroup_destroy] (root,0,0,00:00:00/01:35,11713) [kworker/3:0-ata_sff] (root,0,0,00:00:00/02:22:46,12961) [kworker/2:0-events] (root,0,0,00:00:00/00:38,14005) [kworker/u8:1-writeback] (root,6656,3484,00:00:00/00:00,16651) /bin/bash /usr/bin/check_mk_agent (root,13744,3520,00:00:00/00:00,16669) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,16670) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:00/01:00:13,17258) [kworker/1:0-events] (root,0,0,00:00:00/02:18:30,23780) [kworker/0:1-cgroup_destroy] (root,0,0,00:00:00/01:16:43,25296) [kworker/u8:0-ext4-rsv-conversion] (root,0,0,00:00:00/01:46:37,29630) [kworker/1:2-events] (root,0,0,00:00:00/01:36:17,29670) [kworker/0:2-events] (postfix,24244,8268,00:00:00/01:15:18,29784) pickup -l -t fifo -u (root,0,0,00:00:00/06:45,30258) [kworker/3:2-ata_sff] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-09-29 23:00 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363fc429bd6Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189452,12680,00:00:32/17-10:59:09,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/17-10:59:09,2) [kthreadd] (root,0,0,00:00:00/17-10:59:09,3) [rcu_gp] (root,0,0,00:00:00/17-10:59:09,4) [rcu_par_gp] (root,0,0,00:00:00/17-10:59:09,5) [slub_flushwq] (root,0,0,00:00:00/17-10:59:09,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/17-10:59:09,9) [mm_percpu_wq] (root,0,0,00:00:00/17-10:59:09,10) [rcu_tasks_kthre] (root,0,0,00:00:00/17-10:59:09,11) [rcu_tasks_rude_] (root,0,0,00:00:00/17-10:59:09,12) [rcu_tasks_trace] (root,0,0,00:00:32/17-10:59:09,13) [ksoftirqd/0] (root,0,0,00:50:06/17-10:59:09,14) [rcu_preempt] (root,0,0,00:00:06/17-10:59:09,15) [migration/0] (root,0,0,00:00:00/17-10:59:09,16) [idle_inject/0] (root,0,0,00:00:00/17-10:59:09,18) [cpuhp/0] (root,0,0,00:00:00/17-10:59:09,19) [cpuhp/1] (root,0,0,00:00:00/17-10:59:09,20) [idle_inject/1] (root,0,0,00:00:06/17-10:59:09,21) [migration/1] (root,0,0,00:00:27/17-10:59:09,22) [ksoftirqd/1] (root,0,0,00:00:00/17-10:59:09,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/17-10:59:09,25) [cpuhp/2] (root,0,0,00:00:00/17-10:59:09,26) [idle_inject/2] (root,0,0,00:00:05/17-10:59:09,27) [migration/2] (root,0,0,00:33:28/17-10:59:09,28) [ksoftirqd/2] (root,0,0,00:00:00/17-10:59:09,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/17-10:59:09,31) [cpuhp/3] (root,0,0,00:00:00/17-10:59:09,32) [idle_inject/3] (root,0,0,00:00:06/17-10:59:09,33) [migration/3] (root,0,0,00:01:40/17-10:59:09,34) [ksoftirqd/3] (root,0,0,00:00:00/17-10:59:09,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/17-10:59:09,40) [kdevtmpfs] (root,0,0,00:00:00/17-10:59:09,41) [netns] (root,0,0,00:00:00/17-10:59:09,42) [inet_frag_wq] (root,0,0,00:00:03/17-10:59:09,43) [kauditd] (root,0,0,00:00:00/17-10:59:09,44) [khungtaskd] (root,0,0,00:00:00/17-10:59:09,45) [oom_reaper] (root,0,0,00:00:00/17-10:59:09,46) [writeback] (root,0,0,00:00:54/17-10:59:09,47) [kcompactd0] (root,0,0,00:00:00/17-10:59:09,48) [ksmd] (root,0,0,00:00:56/17-10:59:09,49) [khugepaged] (root,0,0,00:00:00/17-10:59:09,75) [kintegrityd] (root,0,0,00:00:00/17-10:59:09,76) [kblockd] (root,0,0,00:00:00/17-10:59:09,77) [blkcg_punt_bio] (root,0,0,00:00:00/17-10:59:09,79) [tpm_dev_wq] (root,0,0,00:00:00/17-10:59:09,80) [edac-poller] (root,0,0,00:00:00/17-10:59:09,81) [devfreq_wq] (root,0,0,00:00:00/17-10:59:09,110) [watchdogd] (root,0,0,00:00:01/17-10:59:09,111) [kswapd0] (root,0,0,00:00:04/17-10:59:09,113) [kworker/2:1H-kblockd] (root,0,0,00:00:00/17-10:59:07,115) [kthrotld] (root,0,0,00:00:00/17-10:59:07,116) [mld] (root,0,0,00:00:00/17-10:59:07,117) [ipv6_addrconf] (root,0,0,00:00:04/17-10:59:07,118) [kworker/0:1H-kblockd] (root,0,0,00:00:00/17-10:59:07,123) [kstrp] (root,0,0,00:00:00/17-10:59:07,124) [zswap-shrink] (root,0,0,00:00:00/17-10:59:07,125) [kworker/u9:0] (root,0,0,00:00:00/17-10:59:07,130) [charger_manager] (root,0,0,00:00:05/17-10:59:07,172) [kworker/1:1H-kblockd] (root,0,0,00:00:07/17-10:59:07,177) [kworker/3:1H-kblockd] (root,0,0,00:00:00/17-10:59:06,239) [kaluad] (root,0,0,00:00:00/17-10:59:06,258) [kmpath_rdacd] (root,0,0,00:00:00/17-10:59:06,304) [kmpathd] (root,0,0,00:00:00/17-10:59:06,305) [kmpath_handlerd] (root,0,0,00:00:00/17-10:59:05,342) [ata_sff] (root,0,0,00:00:00/17-10:59:05,343) [scsi_eh_0] (root,0,0,00:00:00/17-10:59:05,344) [scsi_tmf_0] (root,0,0,00:00:00/17-10:59:05,345) [scsi_eh_1] (root,0,0,00:00:00/17-10:59:05,346) [scsi_tmf_1] (root,0,0,00:00:34/17-10:59:02,366) [jbd2/vda1-8] (root,0,0,00:00:00/17-10:59:02,367) [ext4-rsv-conver] (root,38604,7616,00:00:19/17-10:58:50,440) /usr/lib/systemd/systemd-journald (root,53296,9748,00:00:02/17-10:58:49,454) /usr/lib/systemd/systemd-udevd (root,8624,6244,00:00:27/17-10:58:47,492) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1652,00:00:06/17-10:58:16,511) /sbin/auditd (messagebus,22932,5912,00:00:31/17-10:58:15,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8388,00:00:18/17-10:58:15,530) /usr/lib/systemd/systemd-logind (root,20556,6040,00:00:00/17-10:58:15,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31704,17436,00:00:03/17-10:58:13,611) /usr/sbin/wickedd --systemd --foreground (root,31900,18000,00:00:00/17-10:58:13,616) /usr/sbin/wickedd-nanny --systemd --foreground (root,547848,27472,00:00:20/17-10:57:59,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26660,00:00:00/17-10:57:59,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4536,00:01:49/17-10:57:59,1337) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1856,00:00:00/17-10:57:59,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40564,10520,00:00:00/17-10:57:59,1341) /usr/lib/systemd/systemd --user (cm-ssh,40560,10652,00:00:00/17-10:57:59,1342) /usr/lib/systemd/systemd --user (checkmk,40568,10560,00:00:00/17-10:57:59,1343) /usr/lib/systemd/systemd --user (root,448964,9120,00:00:19/17-10:57:59,1345) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6340,00:02:29/17-10:57:59,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,656,00:00:00/17-10:57:59,1352) bpfilter_umh (root,26204,8212,00:00:04/17-10:57:59,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4368,00:00:00/17-10:57:59,1359) ntpd: asynchronous dns resolver (spot,315548,199936,1-02:52:22/17-10:57:58,1368) /usr/bin/python3.11 /usr/bin/spot (syslogtunnel,48528,3192,00:00:00/17-10:57:58,1371) (sd-pam) (checkmk,48528,3192,00:00:00/17-10:57:58,1372) (sd-pam) (cm-ssh,48528,3192,00:00:00/17-10:57:58,1373) (sd-pam) (root,24216,5268,00:00:06/17-10:57:56,1468) /usr/lib/postfix/bin//master -w (postfix,24292,8244,00:00:01/17-10:57:56,1470) qmgr -l -t fifo -u (root,8964,2656,00:00:02/17-10:57:56,1485) /usr/sbin/cron -n (root,35304,10076,00:00:00/17-10:57:53,1516) sshd: syslogtunnel [priv] (syslogtunnel,35304,5504,00:01:01/17-10:57:52,1527) sshd: syslogtunnel (root,618256,71104,00:23:51/17-10:57:50,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,213440,51668,00:09:59/17-10:57:38,1995) /usr/bin/python3.11 /usr/bin/spot (postfix,44628,9336,00:00:00/11-16:33:13,2557) tlsmgr -l -t unix -u (root,35308,10108,00:00:00/17-10:57:13,3216) sshd: cm-ssh [priv] (cm-ssh,35308,5492,00:00:57/17-10:57:13,3218) sshd: cm-ssh (root,0,0,00:00:00/01:51,5463) [kworker/2:2] (root,0,0,00:00:00/00:00,7798) [kworker/3:1] (root,6656,3488,00:00:00/00:00,7849) /bin/bash /usr/bin/check_mk_agent (root,13744,3372,00:00:00/00:00,7867) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,7868) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:00/27:28,8974) [kworker/0:2] (root,0,0,00:00:00/17:21,12175) [kworker/u8:2-writeback] (root,0,0,00:00:00/08:49,14908) [kworker/u8:1-flush-253:0] (root,0,0,00:00:00/08:49,14912) [kworker/1:2] (root,0,0,00:00:00/01:21:52,15458) [kworker/0:1-events] (postfix,24244,8324,00:00:00/24:22,18468) pickup -l -t fifo -u (root,0,0,00:00:00/01:19:43,19474) [kworker/2:0-events] (root,0,0,00:00:00/05:11,23988) [kworker/3:2-ata_sff] (root,0,0,00:00:00/32:02,27061) [kworker/2:1-cgroup_destroy] (root,0,0,00:00:01/03:20:09,27733) [kworker/1:0-events] (root,0,0,00:00:00/20:45,29544) [kworker/3:0-events] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-09-27 21:47 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363aa7a7abdFound public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189452,12680,00:00:23/15-10:28:26,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/15-10:28:26,2) [kthreadd] (root,0,0,00:00:00/15-10:28:26,3) [rcu_gp] (root,0,0,00:00:00/15-10:28:26,4) [rcu_par_gp] (root,0,0,00:00:00/15-10:28:26,5) [slub_flushwq] (root,0,0,00:00:00/15-10:28:26,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/15-10:28:26,9) [mm_percpu_wq] (root,0,0,00:00:00/15-10:28:26,10) [rcu_tasks_kthre] (root,0,0,00:00:00/15-10:28:26,11) [rcu_tasks_rude_] (root,0,0,00:00:00/15-10:28:26,12) [rcu_tasks_trace] (root,0,0,00:00:27/15-10:28:26,13) [ksoftirqd/0] (root,0,0,00:43:12/15-10:28:26,14) [rcu_preempt] (root,0,0,00:00:05/15-10:28:26,15) [migration/0] (root,0,0,00:00:00/15-10:28:26,16) [idle_inject/0] (root,0,0,00:00:00/15-10:28:26,18) [cpuhp/0] (root,0,0,00:00:00/15-10:28:26,19) [cpuhp/1] (root,0,0,00:00:00/15-10:28:26,20) [idle_inject/1] (root,0,0,00:00:06/15-10:28:26,21) [migration/1] (root,0,0,00:00:23/15-10:28:26,22) [ksoftirqd/1] (root,0,0,00:00:00/15-10:28:26,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/15-10:28:26,25) [cpuhp/2] (root,0,0,00:00:00/15-10:28:26,26) [idle_inject/2] (root,0,0,00:00:04/15-10:28:26,27) [migration/2] (root,0,0,00:28:04/15-10:28:26,28) [ksoftirqd/2] (root,0,0,00:00:00/15-10:28:26,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/15-10:28:26,31) [cpuhp/3] (root,0,0,00:00:00/15-10:28:26,32) [idle_inject/3] (root,0,0,00:00:05/15-10:28:26,33) [migration/3] (root,0,0,00:01:23/15-10:28:26,34) [ksoftirqd/3] (root,0,0,00:00:00/15-10:28:26,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/15-10:28:26,40) [kdevtmpfs] (root,0,0,00:00:00/15-10:28:26,41) [netns] (root,0,0,00:00:00/15-10:28:26,42) [inet_frag_wq] (root,0,0,00:00:01/15-10:28:26,43) [kauditd] (root,0,0,00:00:00/15-10:28:26,44) [khungtaskd] (root,0,0,00:00:00/15-10:28:26,45) [oom_reaper] (root,0,0,00:00:00/15-10:28:26,46) [writeback] (root,0,0,00:00:47/15-10:28:26,47) [kcompactd0] (root,0,0,00:00:00/15-10:28:26,48) [ksmd] (root,0,0,00:00:49/15-10:28:26,49) [khugepaged] (root,0,0,00:00:00/15-10:28:26,75) [kintegrityd] (root,0,0,00:00:00/15-10:28:26,76) [kblockd] (root,0,0,00:00:00/15-10:28:26,77) [blkcg_punt_bio] (root,0,0,00:00:00/15-10:28:26,79) [tpm_dev_wq] (root,0,0,00:00:00/15-10:28:26,80) [edac-poller] (root,0,0,00:00:00/15-10:28:26,81) [devfreq_wq] (root,0,0,00:00:00/15-10:28:26,110) [watchdogd] (root,0,0,00:00:01/15-10:28:26,111) [kswapd0] (root,0,0,00:00:04/15-10:28:26,113) [kworker/2:1H-kblockd] (root,0,0,00:00:00/15-10:28:24,115) [kthrotld] (root,0,0,00:00:00/15-10:28:24,116) [mld] (root,0,0,00:00:00/15-10:28:24,117) [ipv6_addrconf] (root,0,0,00:00:04/15-10:28:24,118) [kworker/0:1H-kblockd] (root,0,0,00:00:00/15-10:28:24,123) [kstrp] (root,0,0,00:00:00/15-10:28:24,124) [zswap-shrink] (root,0,0,00:00:00/15-10:28:24,125) [kworker/u9:0] (root,0,0,00:00:00/15-10:28:24,130) [charger_manager] (root,0,0,00:00:04/15-10:28:24,172) [kworker/1:1H-kblockd] (root,0,0,00:00:06/15-10:28:24,177) [kworker/3:1H-kblockd] (root,0,0,00:00:00/15-10:28:23,239) [kaluad] (root,0,0,00:00:00/15-10:28:23,258) [kmpath_rdacd] (root,0,0,00:00:00/15-10:28:23,304) [kmpathd] (root,0,0,00:00:00/15-10:28:23,305) [kmpath_handlerd] (root,0,0,00:00:00/15-10:28:22,342) [ata_sff] (root,0,0,00:00:00/15-10:28:22,343) [scsi_eh_0] (root,0,0,00:00:00/15-10:28:22,344) [scsi_tmf_0] (root,0,0,00:00:00/15-10:28:22,345) [scsi_eh_1] (root,0,0,00:00:00/15-10:28:22,346) [scsi_tmf_1] (root,0,0,00:00:29/15-10:28:19,366) [jbd2/vda1-8] (root,0,0,00:00:00/15-10:28:19,367) [ext4-rsv-conver] (root,0,0,00:00:00/08:21,431) [kworker/3:2-ata_sff] (root,38604,7616,00:00:13/15-10:28:07,440) /usr/lib/systemd/systemd-journald (root,53296,9748,00:00:01/15-10:28:06,454) /usr/lib/systemd/systemd-udevd (root,8624,6244,00:00:24/15-10:28:04,492) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1652,00:00:04/15-10:27:33,511) /sbin/auditd (messagebus,22932,5912,00:00:18/15-10:27:32,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8388,00:00:11/15-10:27:32,530) /usr/lib/systemd/systemd-logind (root,20556,6040,00:00:00/15-10:27:32,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31704,17436,00:00:03/15-10:27:30,611) /usr/sbin/wickedd --systemd --foreground (root,31900,18000,00:00:00/15-10:27:30,616) /usr/sbin/wickedd-nanny --systemd --foreground (root,547848,26432,00:00:18/15-10:27:16,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26660,00:00:00/15-10:27:16,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4536,00:01:35/15-10:27:16,1337) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1856,00:00:00/15-10:27:16,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40564,10520,00:00:00/15-10:27:16,1341) /usr/lib/systemd/systemd --user (cm-ssh,40560,10652,00:00:00/15-10:27:16,1342) /usr/lib/systemd/systemd --user (checkmk,40568,10560,00:00:00/15-10:27:16,1343) /usr/lib/systemd/systemd --user (root,448964,8856,00:00:14/15-10:27:16,1345) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6340,00:02:11/15-10:27:16,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,656,00:00:00/15-10:27:16,1352) bpfilter_umh (root,26204,8212,00:00:03/15-10:27:16,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4368,00:00:00/15-10:27:16,1359) ntpd: asynchronous dns resolver (spot,314140,199584,22:11:42/15-10:27:15,1368) /usr/bin/python3.11 /usr/bin/spot (syslogtunnel,48528,3192,00:00:00/15-10:27:15,1371) (sd-pam) (checkmk,48528,3192,00:00:00/15-10:27:15,1372) (sd-pam) (cm-ssh,48528,3192,00:00:00/15-10:27:15,1373) (sd-pam) (root,24216,5268,00:00:05/15-10:27:13,1468) /usr/lib/postfix/bin//master -w (postfix,24292,8244,00:00:01/15-10:27:13,1470) qmgr -l -t fifo -u (root,8964,2656,00:00:02/15-10:27:13,1485) /usr/sbin/cron -n (root,35304,10076,00:00:00/15-10:27:10,1516) sshd: syslogtunnel [priv] (syslogtunnel,35304,5504,00:00:53/15-10:27:09,1527) sshd: syslogtunnel (root,617868,70916,00:20:55/15-10:27:07,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,212416,49856,00:08:41/15-10:26:55,1995) /usr/bin/python3.11 /usr/bin/spot (postfix,44628,9336,00:00:00/9-16:02:30,2557) tlsmgr -l -t unix -u (root,0,0,00:00:01/02:52:03,2845) [kworker/0:2-events] (root,35308,10108,00:00:00/15-10:26:30,3216) sshd: cm-ssh [priv] (cm-ssh,35308,5492,00:00:49/15-10:26:30,3218) sshd: cm-ssh (root,0,0,00:00:00/01:05:26,3282) [kworker/3:1-events] (root,0,0,00:00:00/34:51,6286) [kworker/1:0-events] (root,0,0,00:00:00/02:27:09,6932) [kworker/2:2-events] (root,0,0,00:00:00/01:16:36,13705) [kworker/u8:2-flush-253:0] (root,0,0,00:00:00/03:10,14499) [kworker/3:0-ata_sff] (postfix,24244,8228,00:00:00/15:29,16017) pickup -l -t fifo -u (root,0,0,00:00:00/06:35:33,21313) [kworker/0:0-events] (root,0,0,00:00:00/48:20,22233) [kworker/u8:1-ext4-rsv-conversion] (root,6656,3488,00:00:00/00:00,23820) /bin/bash /usr/bin/check_mk_agent (root,13744,3368,00:00:00/00:00,23838) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,940,00:00:00/00:00,23839) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:01/06:10:43,24128) [kworker/1:2-events] (root,0,0,00:00:00/22:32,27262) [kworker/2:1-events_power_efficient] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-09-25 21:17 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363a33c63f8Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189452,12680,00:00:20/13-09:46:45,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/13-09:46:45,2) [kthreadd] (root,0,0,00:00:00/13-09:46:45,3) [rcu_gp] (root,0,0,00:00:00/13-09:46:45,4) [rcu_par_gp] (root,0,0,00:00:00/13-09:46:45,5) [slub_flushwq] (root,0,0,00:00:00/13-09:46:45,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/13-09:46:45,9) [mm_percpu_wq] (root,0,0,00:00:00/13-09:46:45,10) [rcu_tasks_kthre] (root,0,0,00:00:00/13-09:46:45,11) [rcu_tasks_rude_] (root,0,0,00:00:00/13-09:46:45,12) [rcu_tasks_trace] (root,0,0,00:00:23/13-09:46:45,13) [ksoftirqd/0] (root,0,0,00:36:48/13-09:46:45,14) [rcu_preempt] (root,0,0,00:00:04/13-09:46:45,15) [migration/0] (root,0,0,00:00:00/13-09:46:45,16) [idle_inject/0] (root,0,0,00:00:00/13-09:46:45,18) [cpuhp/0] (root,0,0,00:00:00/13-09:46:45,19) [cpuhp/1] (root,0,0,00:00:00/13-09:46:45,20) [idle_inject/1] (root,0,0,00:00:05/13-09:46:45,21) [migration/1] (root,0,0,00:00:19/13-09:46:45,22) [ksoftirqd/1] (root,0,0,00:00:00/13-09:46:45,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/13-09:46:45,25) [cpuhp/2] (root,0,0,00:00:00/13-09:46:45,26) [idle_inject/2] (root,0,0,00:00:03/13-09:46:45,27) [migration/2] (root,0,0,00:24:07/13-09:46:45,28) [ksoftirqd/2] (root,0,0,00:00:00/13-09:46:45,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/13-09:46:45,31) [cpuhp/3] (root,0,0,00:00:00/13-09:46:45,32) [idle_inject/3] (root,0,0,00:00:04/13-09:46:45,33) [migration/3] (root,0,0,00:01:09/13-09:46:45,34) [ksoftirqd/3] (root,0,0,00:00:00/13-09:46:45,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/13-09:46:45,40) [kdevtmpfs] (root,0,0,00:00:00/13-09:46:45,41) [netns] (root,0,0,00:00:00/13-09:46:45,42) [inet_frag_wq] (root,0,0,00:00:01/13-09:46:45,43) [kauditd] (root,0,0,00:00:00/13-09:46:45,44) [khungtaskd] (root,0,0,00:00:00/13-09:46:45,45) [oom_reaper] (root,0,0,00:00:00/13-09:46:45,46) [writeback] (root,0,0,00:00:40/13-09:46:45,47) [kcompactd0] (root,0,0,00:00:00/13-09:46:45,48) [ksmd] (root,0,0,00:00:43/13-09:46:45,49) [khugepaged] (root,0,0,00:00:00/13-09:46:45,75) [kintegrityd] (root,0,0,00:00:00/13-09:46:45,76) [kblockd] (root,0,0,00:00:00/13-09:46:45,77) [blkcg_punt_bio] (root,0,0,00:00:00/13-09:46:45,79) [tpm_dev_wq] (root,0,0,00:00:00/13-09:46:45,80) [edac-poller] (root,0,0,00:00:00/13-09:46:45,81) [devfreq_wq] (root,0,0,00:00:00/13-09:46:45,110) [watchdogd] (root,0,0,00:00:01/13-09:46:45,111) [kswapd0] (root,0,0,00:00:03/13-09:46:45,113) [kworker/2:1H-kblockd] (root,0,0,00:00:00/13-09:46:43,115) [kthrotld] (root,0,0,00:00:00/13-09:46:43,116) [mld] (root,0,0,00:00:00/13-09:46:43,117) [ipv6_addrconf] (root,0,0,00:00:03/13-09:46:43,118) [kworker/0:1H-kblockd] (root,0,0,00:00:00/13-09:46:43,123) [kstrp] (root,0,0,00:00:00/13-09:46:43,124) [zswap-shrink] (root,0,0,00:00:00/13-09:46:43,125) [kworker/u9:0] (root,0,0,00:00:00/13-09:46:43,130) [charger_manager] (root,0,0,00:00:03/13-09:46:43,172) [kworker/1:1H-kblockd] (root,0,0,00:00:05/13-09:46:43,177) [kworker/3:1H-kblockd] (root,0,0,00:00:00/13-09:46:42,239) [kaluad] (root,0,0,00:00:00/13-09:46:42,258) [kmpath_rdacd] (root,0,0,00:00:00/13-09:46:42,304) [kmpathd] (root,0,0,00:00:00/13-09:46:42,305) [kmpath_handlerd] (root,0,0,00:00:00/13-09:46:41,342) [ata_sff] (root,0,0,00:00:00/13-09:46:41,343) [scsi_eh_0] (root,0,0,00:00:00/13-09:46:41,344) [scsi_tmf_0] (root,0,0,00:00:00/13-09:46:41,345) [scsi_eh_1] (root,0,0,00:00:00/13-09:46:41,346) [scsi_tmf_1] (root,0,0,00:00:25/13-09:46:38,366) [jbd2/vda1-8] (root,0,0,00:00:00/13-09:46:38,367) [ext4-rsv-conver] (root,38604,7616,00:00:12/13-09:46:26,440) /usr/lib/systemd/systemd-journald (root,53296,9748,00:00:01/13-09:46:25,454) /usr/lib/systemd/systemd-udevd (root,8624,6244,00:00:20/13-09:46:23,492) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1652,00:00:03/13-09:45:52,511) /sbin/auditd (messagebus,22932,5912,00:00:16/13-09:45:51,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8388,00:00:10/13-09:45:51,530) /usr/lib/systemd/systemd-logind (root,20556,6040,00:00:00/13-09:45:51,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31704,17436,00:00:03/13-09:45:49,611) /usr/sbin/wickedd --systemd --foreground (root,31900,18000,00:00:00/13-09:45:49,616) /usr/sbin/wickedd-nanny --systemd --foreground (root,547848,26172,00:00:15/13-09:45:35,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26660,00:00:00/13-09:45:35,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4536,00:01:21/13-09:45:35,1337) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1856,00:00:00/13-09:45:35,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40564,10520,00:00:00/13-09:45:35,1341) /usr/lib/systemd/systemd --user (cm-ssh,40560,10652,00:00:00/13-09:45:35,1342) /usr/lib/systemd/systemd --user (checkmk,40568,10560,00:00:00/13-09:45:35,1343) /usr/lib/systemd/systemd --user (root,448964,8856,00:00:13/13-09:45:35,1345) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6340,00:01:53/13-09:45:35,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,656,00:00:00/13-09:45:35,1352) bpfilter_umh (root,26204,8212,00:00:02/13-09:45:35,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4368,00:00:00/13-09:45:35,1359) ntpd: asynchronous dns resolver (spot,305964,189860,18:22:20/13-09:45:34,1368) /usr/bin/python3.11 /usr/bin/spot (syslogtunnel,48528,3192,00:00:00/13-09:45:34,1371) (sd-pam) (checkmk,48528,3192,00:00:00/13-09:45:34,1372) (sd-pam) (cm-ssh,48528,3192,00:00:00/13-09:45:34,1373) (sd-pam) (root,24216,5268,00:00:04/13-09:45:32,1468) /usr/lib/postfix/bin//master -w (postfix,24292,8244,00:00:00/13-09:45:32,1470) qmgr -l -t fifo -u (root,8964,2656,00:00:01/13-09:45:32,1485) /usr/sbin/cron -n (root,35304,10076,00:00:00/13-09:45:29,1516) sshd: syslogtunnel [priv] (syslogtunnel,35304,5504,00:00:45/13-09:45:28,1527) sshd: syslogtunnel (root,617868,72648,00:18:02/13-09:45:26,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,211392,48300,00:07:24/13-09:45:14,1995) /usr/bin/python3.11 /usr/bin/spot (postfix,44628,9336,00:00:00/7-15:20:49,2557) tlsmgr -l -t unix -u (root,35308,10108,00:00:00/13-09:44:49,3216) sshd: cm-ssh [priv] (cm-ssh,35308,5492,00:00:42/13-09:44:49,3218) sshd: cm-ssh (root,0,0,00:00:00/42:58,3936) [kworker/2:2-events] (root,0,0,00:00:00/01:56:37,9135) [kworker/1:2-events] (root,0,0,00:00:00/07:39,9458) [kworker/3:0-events] (root,0,0,00:00:00/01:43:42,12158) [kworker/1:1] (postfix,24244,8232,00:00:00/01:35:50,16575) pickup -l -t fifo -u (root,0,0,00:00:00/01:19:13,23096) [kworker/u8:2-writeback] (root,0,0,00:00:00/02:29,25638) [kworker/3:2-ata_sff] (root,0,0,00:00:00/05:13:58,26936) [kworker/2:1-events] (root,0,0,00:00:00/05:01:49,27779) [kworker/0:2-events] (root,0,0,00:00:00/04:49:32,29222) [kworker/0:0-events] (root,0,0,00:00:00/38:49,29797) [kworker/3:1-ata_sff] (root,0,0,00:00:00/04:23:24,30927) [kworker/u8:0-ext4-rsv-conversion] (root,6656,3492,00:00:00/00:00,31510) /bin/bash /usr/bin/check_mk_agent (root,13744,3488,00:00:00/00:00,31528) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,960,00:00:00/00:00,31529) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-09-23 20:35 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363aeb77c4aFound public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189452,12680,00:00:18/11-11:40:28,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/11-11:40:28,2) [kthreadd] (root,0,0,00:00:00/11-11:40:28,3) [rcu_gp] (root,0,0,00:00:00/11-11:40:28,4) [rcu_par_gp] (root,0,0,00:00:00/11-11:40:28,5) [slub_flushwq] (root,0,0,00:00:00/11-11:40:28,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/11-11:40:28,9) [mm_percpu_wq] (root,0,0,00:00:00/11-11:40:28,10) [rcu_tasks_kthre] (root,0,0,00:00:00/11-11:40:28,11) [rcu_tasks_rude_] (root,0,0,00:00:00/11-11:40:28,12) [rcu_tasks_trace] (root,0,0,00:00:20/11-11:40:28,13) [ksoftirqd/0] (root,0,0,00:31:34/11-11:40:28,14) [rcu_preempt] (root,0,0,00:00:04/11-11:40:28,15) [migration/0] (root,0,0,00:00:00/11-11:40:28,16) [idle_inject/0] (root,0,0,00:00:00/11-11:40:28,18) [cpuhp/0] (root,0,0,00:00:00/11-11:40:28,19) [cpuhp/1] (root,0,0,00:00:00/11-11:40:28,20) [idle_inject/1] (root,0,0,00:00:04/11-11:40:28,21) [migration/1] (root,0,0,00:00:16/11-11:40:28,22) [ksoftirqd/1] (root,0,0,00:00:00/11-11:40:28,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/11-11:40:28,25) [cpuhp/2] (root,0,0,00:00:00/11-11:40:28,26) [idle_inject/2] (root,0,0,00:00:03/11-11:40:28,27) [migration/2] (root,0,0,00:21:01/11-11:40:28,28) [ksoftirqd/2] (root,0,0,00:00:00/11-11:40:28,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/11-11:40:28,31) [cpuhp/3] (root,0,0,00:00:00/11-11:40:28,32) [idle_inject/3] (root,0,0,00:00:04/11-11:40:28,33) [migration/3] (root,0,0,00:01:00/11-11:40:28,34) [ksoftirqd/3] (root,0,0,00:00:00/11-11:40:28,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/11-11:40:28,40) [kdevtmpfs] (root,0,0,00:00:00/11-11:40:28,41) [netns] (root,0,0,00:00:00/11-11:40:28,42) [inet_frag_wq] (root,0,0,00:00:01/11-11:40:28,43) [kauditd] (root,0,0,00:00:00/11-11:40:28,44) [khungtaskd] (root,0,0,00:00:00/11-11:40:28,45) [oom_reaper] (root,0,0,00:00:00/11-11:40:28,46) [writeback] (root,0,0,00:00:34/11-11:40:28,47) [kcompactd0] (root,0,0,00:00:00/11-11:40:28,48) [ksmd] (root,0,0,00:00:37/11-11:40:28,49) [khugepaged] (root,0,0,00:00:00/11-11:40:28,75) [kintegrityd] (root,0,0,00:00:00/11-11:40:28,76) [kblockd] (root,0,0,00:00:00/11-11:40:28,77) [blkcg_punt_bio] (root,0,0,00:00:00/11-11:40:28,79) [tpm_dev_wq] (root,0,0,00:00:00/11-11:40:28,80) [edac-poller] (root,0,0,00:00:00/11-11:40:28,81) [devfreq_wq] (root,0,0,00:00:00/11-11:40:28,110) [watchdogd] (root,0,0,00:00:00/11-11:40:28,111) [kswapd0] (root,0,0,00:00:02/11-11:40:28,113) [kworker/2:1H-kblockd] (root,0,0,00:00:00/11-11:40:26,115) [kthrotld] (root,0,0,00:00:00/11-11:40:26,116) [mld] (root,0,0,00:00:00/11-11:40:26,117) [ipv6_addrconf] (root,0,0,00:00:03/11-11:40:26,118) [kworker/0:1H-kblockd] (root,0,0,00:00:00/11-11:40:26,123) [kstrp] (root,0,0,00:00:00/11-11:40:26,124) [zswap-shrink] (root,0,0,00:00:00/11-11:40:26,125) [kworker/u9:0] (root,0,0,00:00:00/11-11:40:26,130) [charger_manager] (root,0,0,00:00:03/11-11:40:26,172) [kworker/1:1H-kblockd] (root,0,0,00:00:05/11-11:40:26,177) [kworker/3:1H-kblockd] (root,0,0,00:00:00/11-11:40:25,239) [kaluad] (root,0,0,00:00:00/11-11:40:25,258) [kmpath_rdacd] (root,0,0,00:00:00/11-11:40:25,304) [kmpathd] (root,0,0,00:00:00/11-11:40:25,305) [kmpath_handlerd] (root,0,0,00:00:00/11-11:40:24,342) [ata_sff] (root,0,0,00:00:00/11-11:40:24,343) [scsi_eh_0] (root,0,0,00:00:00/11-11:40:24,344) [scsi_tmf_0] (root,0,0,00:00:00/11-11:40:24,345) [scsi_eh_1] (root,0,0,00:00:00/11-11:40:24,346) [scsi_tmf_1] (root,0,0,00:00:21/11-11:40:21,366) [jbd2/vda1-8] (root,0,0,00:00:00/11-11:40:21,367) [ext4-rsv-conver] (root,38604,7616,00:00:10/11-11:40:09,440) /usr/lib/systemd/systemd-journald (root,53296,9772,00:00:01/11-11:40:08,454) /usr/lib/systemd/systemd-udevd (root,8624,6244,00:00:17/11-11:40:06,492) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1652,00:00:03/11-11:39:35,511) /sbin/auditd (messagebus,22932,5912,00:00:14/11-11:39:34,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8380,00:00:08/11-11:39:34,530) /usr/lib/systemd/systemd-logind (root,20556,6040,00:00:00/11-11:39:34,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31704,17436,00:00:03/11-11:39:32,611) /usr/sbin/wickedd --systemd --foreground (root,31900,18000,00:00:00/11-11:39:32,616) /usr/sbin/wickedd-nanny --systemd --foreground (root,547592,25104,00:00:13/11-11:39:18,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26660,00:00:00/11-11:39:18,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4536,00:01:11/11-11:39:18,1337) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1856,00:00:00/11-11:39:18,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40564,10520,00:00:00/11-11:39:18,1341) /usr/lib/systemd/systemd --user (cm-ssh,40560,10652,00:00:00/11-11:39:18,1342) /usr/lib/systemd/systemd --user (checkmk,40568,10560,00:00:00/11-11:39:18,1343) /usr/lib/systemd/systemd --user (root,448964,8880,00:00:11/11-11:39:18,1345) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6340,00:01:37/11-11:39:18,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,656,00:00:00/11-11:39:18,1352) bpfilter_umh (root,26204,8212,00:00:02/11-11:39:18,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4368,00:00:00/11-11:39:18,1359) ntpd: asynchronous dns resolver (spot,293420,179216,15:27:11/11-11:39:17,1368) /usr/bin/python3.11 /usr/bin/spot (syslogtunnel,48528,3192,00:00:00/11-11:39:17,1371) (sd-pam) (checkmk,48528,3192,00:00:00/11-11:39:17,1372) (sd-pam) (cm-ssh,48528,3192,00:00:00/11-11:39:17,1373) (sd-pam) (root,24216,5268,00:00:03/11-11:39:15,1468) /usr/lib/postfix/bin//master -w (postfix,24292,8244,00:00:00/11-11:39:15,1470) qmgr -l -t fifo -u (root,8964,2656,00:00:01/11-11:39:15,1485) /usr/sbin/cron -n (root,35304,10076,00:00:00/11-11:39:12,1516) sshd: syslogtunnel [priv] (syslogtunnel,35304,5504,00:00:39/11-11:39:11,1527) sshd: syslogtunnel (root,617612,72248,00:15:27/11-11:39:09,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,210368,47020,00:06:17/11-11:38:57,1995) /usr/bin/python3.11 /usr/bin/spot (postfix,44628,9380,00:00:00/5-17:14:32,2557) tlsmgr -l -t unix -u (root,35308,10108,00:00:00/11-11:38:32,3216) sshd: cm-ssh [priv] (cm-ssh,35308,5492,00:00:36/11-11:38:32,3218) sshd: cm-ssh (root,0,0,00:00:00/12:27,4699) [kworker/3:2-events] (root,0,0,00:00:03/21:49:01,7785) [kworker/2:1-events] (root,0,0,00:00:00/02:01:50,12699) [kworker/u8:0-ext4-rsv-conversion] (postfix,24244,8224,00:00:00/30:19,13066) pickup -l -t fifo -u (root,0,0,00:00:00/02:11:57,15461) [kworker/u8:2-flush-253:0] (root,0,0,00:00:00/02:06,16020) [kworker/3:0-ata_sff] (root,0,0,00:00:00/04:37:35,19628) [kworker/0:1-events] (root,0,0,00:00:00/04:13:08,20763) [kworker/1:0-events] (root,6656,3476,00:00:00/00:00,21742) /bin/bash /usr/bin/check_mk_agent (root,13744,3420,00:00:00/00:00,21760) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,956,00:00:00/00:00,21761) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:00/03:37:11,24825) [kworker/2:0-cgroup_destroy] (root,0,0,00:00:00/07:17,27262) [kworker/3:1-ata_sff] (root,0,0,00:00:00/03:12:51,28099) [kworker/1:2-events] (root,0,0,00:00:01/02:48:42,29792) [kworker/0:0-events] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-09-21 22:29 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363df4b4f2aFound public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189452,12636,00:00:15/9-11:46:14,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/9-11:46:14,2) [kthreadd] (root,0,0,00:00:00/9-11:46:14,3) [rcu_gp] (root,0,0,00:00:00/9-11:46:14,4) [rcu_par_gp] (root,0,0,00:00:00/9-11:46:14,5) [slub_flushwq] (root,0,0,00:00:00/9-11:46:14,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/9-11:46:14,9) [mm_percpu_wq] (root,0,0,00:00:00/9-11:46:14,10) [rcu_tasks_kthre] (root,0,0,00:00:00/9-11:46:14,11) [rcu_tasks_rude_] (root,0,0,00:00:00/9-11:46:14,12) [rcu_tasks_trace] (root,0,0,00:00:17/9-11:46:14,13) [ksoftirqd/0] (root,0,0,00:25:47/9-11:46:14,14) [rcu_preempt] (root,0,0,00:00:03/9-11:46:14,15) [migration/0] (root,0,0,00:00:00/9-11:46:14,16) [idle_inject/0] (root,0,0,00:00:00/9-11:46:14,18) [cpuhp/0] (root,0,0,00:00:00/9-11:46:14,19) [cpuhp/1] (root,0,0,00:00:00/9-11:46:14,20) [idle_inject/1] (root,0,0,00:00:03/9-11:46:14,21) [migration/1] (root,0,0,00:00:14/9-11:46:14,22) [ksoftirqd/1] (root,0,0,00:00:00/9-11:46:14,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/9-11:46:14,25) [cpuhp/2] (root,0,0,00:00:00/9-11:46:14,26) [idle_inject/2] (root,0,0,00:00:02/9-11:46:14,27) [migration/2] (root,0,0,00:17:25/9-11:46:14,28) [ksoftirqd/2] (root,0,0,00:00:00/9-11:46:14,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/9-11:46:14,31) [cpuhp/3] (root,0,0,00:00:00/9-11:46:14,32) [idle_inject/3] (root,0,0,00:00:03/9-11:46:14,33) [migration/3] (root,0,0,00:00:49/9-11:46:14,34) [ksoftirqd/3] (root,0,0,00:00:00/9-11:46:14,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/9-11:46:14,40) [kdevtmpfs] (root,0,0,00:00:00/9-11:46:14,41) [netns] (root,0,0,00:00:00/9-11:46:14,42) [inet_frag_wq] (root,0,0,00:00:01/9-11:46:14,43) [kauditd] (root,0,0,00:00:00/9-11:46:14,44) [khungtaskd] (root,0,0,00:00:00/9-11:46:14,45) [oom_reaper] (root,0,0,00:00:00/9-11:46:14,46) [writeback] (root,0,0,00:00:28/9-11:46:14,47) [kcompactd0] (root,0,0,00:00:00/9-11:46:14,48) [ksmd] (root,0,0,00:00:31/9-11:46:14,49) [khugepaged] (root,0,0,00:00:00/9-11:46:14,75) [kintegrityd] (root,0,0,00:00:00/9-11:46:14,76) [kblockd] (root,0,0,00:00:00/9-11:46:14,77) [blkcg_punt_bio] (root,0,0,00:00:00/9-11:46:14,79) [tpm_dev_wq] (root,0,0,00:00:00/9-11:46:14,80) [edac-poller] (root,0,0,00:00:00/9-11:46:14,81) [devfreq_wq] (root,0,0,00:00:00/9-11:46:14,110) [watchdogd] (root,0,0,00:00:00/9-11:46:14,111) [kswapd0] (root,0,0,00:00:02/9-11:46:14,113) [kworker/2:1H-kblockd] (root,0,0,00:00:00/9-11:46:12,115) [kthrotld] (root,0,0,00:00:00/9-11:46:12,116) [mld] (root,0,0,00:00:00/9-11:46:12,117) [ipv6_addrconf] (root,0,0,00:00:02/9-11:46:12,118) [kworker/0:1H-kblockd] (root,0,0,00:00:00/9-11:46:12,123) [kstrp] (root,0,0,00:00:00/9-11:46:12,124) [zswap-shrink] (root,0,0,00:00:00/9-11:46:12,125) [kworker/u9:0] (root,0,0,00:00:00/9-11:46:12,130) [charger_manager] (root,0,0,00:00:02/9-11:46:12,172) [kworker/1:1H-kblockd] (root,0,0,00:00:04/9-11:46:12,177) [kworker/3:1H-kblockd] (root,0,0,00:00:00/9-11:46:11,239) [kaluad] (root,0,0,00:00:00/9-11:46:11,258) [kmpath_rdacd] (root,0,0,00:00:00/9-11:46:11,304) [kmpathd] (root,0,0,00:00:00/9-11:46:11,305) [kmpath_handlerd] (root,0,0,00:00:00/9-11:46:10,342) [ata_sff] (root,0,0,00:00:00/9-11:46:10,343) [scsi_eh_0] (root,0,0,00:00:00/9-11:46:10,344) [scsi_tmf_0] (root,0,0,00:00:00/9-11:46:10,345) [scsi_eh_1] (root,0,0,00:00:00/9-11:46:10,346) [scsi_tmf_1] (root,0,0,00:00:17/9-11:46:07,366) [jbd2/vda1-8] (root,0,0,00:00:00/9-11:46:07,367) [ext4-rsv-conver] (root,38604,7616,00:00:08/9-11:45:55,440) /usr/lib/systemd/systemd-journald (root,53296,9772,00:00:01/9-11:45:54,454) /usr/lib/systemd/systemd-udevd (root,8624,6244,00:00:14/9-11:45:52,492) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1652,00:00:02/9-11:45:21,511) /sbin/auditd (messagebus,22932,5912,00:00:12/9-11:45:20,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8368,00:00:07/9-11:45:20,530) /usr/lib/systemd/systemd-logind (root,20556,6040,00:00:00/9-11:45:20,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31704,17436,00:00:03/9-11:45:18,611) /usr/sbin/wickedd --systemd --foreground (root,31900,18000,00:00:00/9-11:45:18,616) /usr/sbin/wickedd-nanny --systemd --foreground (root,547592,24840,00:00:10/9-11:45:04,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26660,00:00:00/9-11:45:04,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4536,00:01:01/9-11:45:04,1337) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1856,00:00:00/9-11:45:04,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40564,10520,00:00:00/9-11:45:04,1341) /usr/lib/systemd/systemd --user (cm-ssh,40560,10652,00:00:00/9-11:45:04,1342) /usr/lib/systemd/systemd --user (checkmk,40568,10560,00:00:00/9-11:45:04,1343) /usr/lib/systemd/systemd --user (root,448964,8880,00:00:09/9-11:45:04,1345) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6340,00:01:20/9-11:45:04,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,656,00:00:00/9-11:45:04,1352) bpfilter_umh (root,26204,8212,00:00:01/9-11:45:04,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4368,00:00:00/9-11:45:04,1359) ntpd: asynchronous dns resolver (spot,293808,180164,12:19:11/9-11:45:03,1368) /usr/bin/python3.11 /usr/bin/spot (syslogtunnel,48528,3192,00:00:00/9-11:45:03,1371) (sd-pam) (checkmk,48528,3192,00:00:00/9-11:45:03,1372) (sd-pam) (cm-ssh,48528,3192,00:00:00/9-11:45:03,1373) (sd-pam) (root,24216,5268,00:00:03/9-11:45:01,1468) /usr/lib/postfix/bin//master -w (postfix,24292,8244,00:00:00/9-11:45:01,1470) qmgr -l -t fifo -u (root,8964,2656,00:00:01/9-11:45:01,1485) /usr/sbin/cron -n (root,35304,10076,00:00:00/9-11:44:58,1516) sshd: syslogtunnel [priv] (syslogtunnel,35304,5504,00:00:32/9-11:44:57,1527) sshd: syslogtunnel (root,617356,71960,00:12:42/9-11:44:55,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,209344,45732,00:05:07/9-11:44:43,1995) /usr/bin/python3.11 /usr/bin/spot (postfix,44628,9380,00:00:00/3-17:20:18,2557) tlsmgr -l -t unix -u (root,35308,10108,00:00:00/9-11:44:18,3216) sshd: cm-ssh [priv] (cm-ssh,35308,5492,00:00:30/9-11:44:18,3218) sshd: cm-ssh (root,0,0,00:00:00/35:27,4425) [kworker/2:2-events] (root,0,0,00:00:00/01:37:33,9613) [kworker/1:0-events] (root,0,0,00:00:00/02:38:48,11212) [kworker/2:0-cgroup_destroy] (root,0,0,00:00:00/43:39,12819) [kworker/3:1-events] (root,0,0,00:00:00/05:04:27,14431) [kworker/u8:0-writeback] (root,0,0,00:00:00/04:04:24,14915) [kworker/u8:2-ext4-rsv-conversion] (root,0,0,00:00:01/03:50:51,15893) [kworker/0:0-events] (postfix,24244,8268,00:00:00/57:53,17707) pickup -l -t fifo -u (root,0,0,00:00:00/07:21,18354) [kworker/3:0-ata_sff] (root,0,0,00:00:00/01:25:22,20227) [kworker/0:1] (root,0,0,00:00:01/07:04:18,26887) [kworker/1:2-events] (root,0,0,00:00:00/02:09,28207) [kworker/3:2-ata_sff] (root,6656,3492,00:00:00/00:00,30645) /bin/bash /usr/bin/check_mk_agent (root,6656,3472,00:00:00/00:00,30652) /bin/bash /usr/bin/check_mk_agent (root,13744,3368,00:00:00/00:00,30686) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,30688) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-09-19 22:34 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe5683631229ef83Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189452,12636,00:00:12/7-11:10:46,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/7-11:10:46,2) [kthreadd] (root,0,0,00:00:00/7-11:10:46,3) [rcu_gp] (root,0,0,00:00:00/7-11:10:46,4) [rcu_par_gp] (root,0,0,00:00:00/7-11:10:46,5) [slub_flushwq] (root,0,0,00:00:00/7-11:10:46,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/7-11:10:46,9) [mm_percpu_wq] (root,0,0,00:00:00/7-11:10:46,10) [rcu_tasks_kthre] (root,0,0,00:00:00/7-11:10:46,11) [rcu_tasks_rude_] (root,0,0,00:00:00/7-11:10:46,12) [rcu_tasks_trace] (root,0,0,00:00:12/7-11:10:46,13) [ksoftirqd/0] (root,0,0,00:19:49/7-11:10:46,14) [rcu_preempt] (root,0,0,00:00:02/7-11:10:46,15) [migration/0] (root,0,0,00:00:00/7-11:10:46,16) [idle_inject/0] (root,0,0,00:00:00/7-11:10:46,18) [cpuhp/0] (root,0,0,00:00:00/7-11:10:46,19) [cpuhp/1] (root,0,0,00:00:00/7-11:10:46,20) [idle_inject/1] (root,0,0,00:00:03/7-11:10:46,21) [migration/1] (root,0,0,00:00:10/7-11:10:46,22) [ksoftirqd/1] (root,0,0,00:00:00/7-11:10:46,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/7-11:10:46,25) [cpuhp/2] (root,0,0,00:00:00/7-11:10:46,26) [idle_inject/2] (root,0,0,00:00:02/7-11:10:46,27) [migration/2] (root,0,0,00:13:00/7-11:10:46,28) [ksoftirqd/2] (root,0,0,00:00:00/7-11:10:46,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/7-11:10:46,31) [cpuhp/3] (root,0,0,00:00:00/7-11:10:46,32) [idle_inject/3] (root,0,0,00:00:02/7-11:10:46,33) [migration/3] (root,0,0,00:00:36/7-11:10:46,34) [ksoftirqd/3] (root,0,0,00:00:00/7-11:10:46,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/7-11:10:46,40) [kdevtmpfs] (root,0,0,00:00:00/7-11:10:46,41) [netns] (root,0,0,00:00:00/7-11:10:46,42) [inet_frag_wq] (root,0,0,00:00:00/7-11:10:46,43) [kauditd] (root,0,0,00:00:00/7-11:10:46,44) [khungtaskd] (root,0,0,00:00:00/7-11:10:46,45) [oom_reaper] (root,0,0,00:00:00/7-11:10:46,46) [writeback] (root,0,0,00:00:22/7-11:10:46,47) [kcompactd0] (root,0,0,00:00:00/7-11:10:46,48) [ksmd] (root,0,0,00:00:24/7-11:10:46,49) [khugepaged] (root,0,0,00:00:00/7-11:10:46,75) [kintegrityd] (root,0,0,00:00:00/7-11:10:46,76) [kblockd] (root,0,0,00:00:00/7-11:10:46,77) [blkcg_punt_bio] (root,0,0,00:00:00/7-11:10:46,79) [tpm_dev_wq] (root,0,0,00:00:00/7-11:10:46,80) [edac-poller] (root,0,0,00:00:00/7-11:10:46,81) [devfreq_wq] (root,0,0,00:00:00/7-11:10:46,110) [watchdogd] (root,0,0,00:00:00/7-11:10:46,111) [kswapd0] (root,0,0,00:00:01/7-11:10:46,113) [kworker/2:1H-kblockd] (root,0,0,00:00:00/7-11:10:44,115) [kthrotld] (root,0,0,00:00:00/7-11:10:44,116) [mld] (root,0,0,00:00:00/7-11:10:44,117) [ipv6_addrconf] (root,0,0,00:00:01/7-11:10:44,118) [kworker/0:1H-kblockd] (root,0,0,00:00:00/7-11:10:44,123) [kstrp] (root,0,0,00:00:00/7-11:10:44,124) [zswap-shrink] (root,0,0,00:00:00/7-11:10:44,125) [kworker/u9:0] (root,0,0,00:00:00/7-11:10:44,130) [charger_manager] (root,0,0,00:00:02/7-11:10:44,172) [kworker/1:1H-kblockd] (root,0,0,00:00:03/7-11:10:44,177) [kworker/3:1H-kblockd] (root,0,0,00:00:00/7-11:10:43,239) [kaluad] (root,0,0,00:00:00/7-11:10:43,258) [kmpath_rdacd] (root,0,0,00:00:00/7-11:10:43,304) [kmpathd] (root,0,0,00:00:00/7-11:10:43,305) [kmpath_handlerd] (root,0,0,00:00:00/7-11:10:42,342) [ata_sff] (root,0,0,00:00:00/7-11:10:42,343) [scsi_eh_0] (root,0,0,00:00:00/7-11:10:42,344) [scsi_tmf_0] (root,0,0,00:00:00/7-11:10:42,345) [scsi_eh_1] (root,0,0,00:00:00/7-11:10:42,346) [scsi_tmf_1] (root,0,0,00:00:13/7-11:10:39,366) [jbd2/vda1-8] (root,0,0,00:00:00/7-11:10:39,367) [ext4-rsv-conver] (root,38604,7616,00:00:07/7-11:10:27,440) /usr/lib/systemd/systemd-journald (root,53296,9772,00:00:01/7-11:10:26,454) /usr/lib/systemd/systemd-udevd (root,8624,6244,00:00:11/7-11:10:24,492) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1652,00:00:01/7-11:09:53,511) /sbin/auditd (messagebus,22932,5912,00:00:09/7-11:09:52,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8360,00:00:05/7-11:09:52,530) /usr/lib/systemd/systemd-logind (root,20556,6040,00:00:00/7-11:09:52,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31704,17436,00:00:03/7-11:09:50,611) /usr/sbin/wickedd --systemd --foreground (root,31900,18000,00:00:00/7-11:09:50,616) /usr/sbin/wickedd-nanny --systemd --foreground (root,547592,23800,00:00:08/7-11:09:36,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26660,00:00:00/7-11:09:36,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4536,00:00:46/7-11:09:36,1337) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1856,00:00:00/7-11:09:36,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40564,10520,00:00:00/7-11:09:36,1341) /usr/lib/systemd/systemd --user (cm-ssh,40560,10652,00:00:00/7-11:09:36,1342) /usr/lib/systemd/systemd --user (checkmk,40568,10560,00:00:00/7-11:09:36,1343) /usr/lib/systemd/systemd --user (root,448964,8880,00:00:07/7-11:09:36,1345) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6340,00:01:01/7-11:09:36,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,656,00:00:00/7-11:09:36,1352) bpfilter_umh (root,26204,8212,00:00:01/7-11:09:36,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4368,00:00:00/7-11:09:36,1359) ntpd: asynchronous dns resolver (spot,290348,176788,09:07:36/7-11:09:35,1368) /usr/bin/python3.11 /usr/bin/spot (syslogtunnel,48528,3192,00:00:00/7-11:09:35,1371) (sd-pam) (checkmk,48528,3192,00:00:00/7-11:09:35,1372) (sd-pam) (cm-ssh,48528,3192,00:00:00/7-11:09:35,1373) (sd-pam) (root,24216,5268,00:00:02/7-11:09:33,1468) /usr/lib/postfix/bin//master -w (postfix,24292,8244,00:00:00/7-11:09:33,1470) qmgr -l -t fifo -u (root,8964,2656,00:00:00/7-11:09:33,1485) /usr/sbin/cron -n (root,35304,10076,00:00:00/7-11:09:30,1516) sshd: syslogtunnel [priv] (syslogtunnel,35304,5504,00:00:25/7-11:09:29,1527) sshd: syslogtunnel (root,617356,71808,00:09:54/7-11:09:27,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,208320,44428,00:03:52/7-11:09:15,1995) /usr/bin/python3.11 /usr/bin/spot (postfix,44628,9380,00:00:00/1-16:44:50,2557) tlsmgr -l -t unix -u (root,35308,10108,00:00:00/7-11:08:50,3216) sshd: cm-ssh [priv] (cm-ssh,35308,5492,00:00:23/7-11:08:50,3218) sshd: cm-ssh (root,0,0,00:00:01/07:55:59,6969) [kworker/0:2-events] (root,0,0,00:00:00/02:58:55,8452) [kworker/1:2-events] (root,0,0,00:00:00/07:41,9208) [kworker/3:0-ata_sff] (root,0,0,00:00:00/40:34,12808) [kworker/u8:0-ext4-rsv-conversion] (root,0,0,00:00:00/06:16:37,14219) [kworker/0:1] (root,6656,3488,00:00:00/00:00,15172) /bin/bash /usr/bin/check_mk_agent (root,13744,3420,00:00:00/00:00,15190) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,15191) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:00/47:38,17990) [kworker/2:0-events] (root,0,0,00:00:01/05:20:57,18376) [kworker/2:2-events] (root,0,0,00:00:00/12:52,22475) [kworker/3:2-events] (root,0,0,00:00:00/28:56,25953) [kworker/u8:1-flush-253:0] (root,0,0,00:00:00/01:53:13,26083) [kworker/1:1] (postfix,24244,8296,00:00:00/44:28,29149) pickup -l -t fifo -u (root,0,0,00:00:00/02:29,32239) [kworker/3:1-ata_sff] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-09-17 21:59 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363618954b0Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189452,12636,00:00:09/5-12:21:58,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/5-12:21:58,2) [kthreadd] (root,0,0,00:00:00/5-12:21:58,3) [rcu_gp] (root,0,0,00:00:00/5-12:21:58,4) [rcu_par_gp] (root,0,0,00:00:00/5-12:21:58,5) [slub_flushwq] (root,0,0,00:00:00/5-12:21:58,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/5-12:21:58,9) [mm_percpu_wq] (root,0,0,00:00:00/5-12:21:58,10) [rcu_tasks_kthre] (root,0,0,00:00:00/5-12:21:58,11) [rcu_tasks_rude_] (root,0,0,00:00:00/5-12:21:58,12) [rcu_tasks_trace] (root,0,0,00:00:09/5-12:21:58,13) [ksoftirqd/0] (root,0,0,00:14:14/5-12:21:58,14) [rcu_preempt] (root,0,0,00:00:02/5-12:21:58,15) [migration/0] (root,0,0,00:00:00/5-12:21:58,16) [idle_inject/0] (root,0,0,00:00:00/5-12:21:58,18) [cpuhp/0] (root,0,0,00:00:00/5-12:21:58,19) [cpuhp/1] (root,0,0,00:00:00/5-12:21:58,20) [idle_inject/1] (root,0,0,00:00:02/5-12:21:58,21) [migration/1] (root,0,0,00:00:07/5-12:21:58,22) [ksoftirqd/1] (root,0,0,00:00:00/5-12:21:58,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/5-12:21:58,25) [cpuhp/2] (root,0,0,00:00:00/5-12:21:58,26) [idle_inject/2] (root,0,0,00:00:01/5-12:21:58,27) [migration/2] (root,0,0,00:09:19/5-12:21:58,28) [ksoftirqd/2] (root,0,0,00:00:00/5-12:21:58,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/5-12:21:58,31) [cpuhp/3] (root,0,0,00:00:00/5-12:21:58,32) [idle_inject/3] (root,0,0,00:00:02/5-12:21:58,33) [migration/3] (root,0,0,00:00:25/5-12:21:58,34) [ksoftirqd/3] (root,0,0,00:00:00/5-12:21:58,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/5-12:21:58,40) [kdevtmpfs] (root,0,0,00:00:00/5-12:21:58,41) [netns] (root,0,0,00:00:00/5-12:21:58,42) [inet_frag_wq] (root,0,0,00:00:00/5-12:21:58,43) [kauditd] (root,0,0,00:00:00/5-12:21:58,44) [khungtaskd] (root,0,0,00:00:00/5-12:21:58,45) [oom_reaper] (root,0,0,00:00:00/5-12:21:58,46) [writeback] (root,0,0,00:00:15/5-12:21:58,47) [kcompactd0] (root,0,0,00:00:00/5-12:21:58,48) [ksmd] (root,0,0,00:00:16/5-12:21:58,49) [khugepaged] (root,0,0,00:00:00/5-12:21:58,75) [kintegrityd] (root,0,0,00:00:00/5-12:21:58,76) [kblockd] (root,0,0,00:00:00/5-12:21:58,77) [blkcg_punt_bio] (root,0,0,00:00:00/5-12:21:58,79) [tpm_dev_wq] (root,0,0,00:00:00/5-12:21:58,80) [edac-poller] (root,0,0,00:00:00/5-12:21:58,81) [devfreq_wq] (root,0,0,00:00:00/5-12:21:58,110) [watchdogd] (root,0,0,00:00:00/5-12:21:58,111) [kswapd0] (root,0,0,00:00:01/5-12:21:58,113) [kworker/2:1H-kblockd] (root,0,0,00:00:00/5-12:21:56,115) [kthrotld] (root,0,0,00:00:00/5-12:21:56,116) [mld] (root,0,0,00:00:00/5-12:21:56,117) [ipv6_addrconf] (root,0,0,00:00:01/5-12:21:56,118) [kworker/0:1H-kblockd] (root,0,0,00:00:00/5-12:21:56,123) [kstrp] (root,0,0,00:00:00/5-12:21:56,124) [zswap-shrink] (root,0,0,00:00:00/5-12:21:56,125) [kworker/u9:0] (root,0,0,00:00:00/5-12:21:56,130) [charger_manager] (root,0,0,00:00:01/5-12:21:56,172) [kworker/1:1H-kblockd] (root,0,0,00:00:02/5-12:21:56,177) [kworker/3:1H-kblockd] (root,0,0,00:00:00/5-12:21:55,239) [kaluad] (root,0,0,00:00:00/5-12:21:55,258) [kmpath_rdacd] (root,0,0,00:00:00/5-12:21:55,304) [kmpathd] (root,0,0,00:00:00/5-12:21:55,305) [kmpath_handlerd] (root,0,0,00:00:00/5-12:21:54,342) [ata_sff] (root,0,0,00:00:00/5-12:21:54,343) [scsi_eh_0] (root,0,0,00:00:00/5-12:21:54,344) [scsi_tmf_0] (root,0,0,00:00:00/5-12:21:54,345) [scsi_eh_1] (root,0,0,00:00:00/5-12:21:54,346) [scsi_tmf_1] (root,0,0,00:00:09/5-12:21:51,366) [jbd2/vda1-8] (root,0,0,00:00:00/5-12:21:51,367) [ext4-rsv-conver] (root,38604,7616,00:00:05/5-12:21:39,440) /usr/lib/systemd/systemd-journald (root,53296,9868,00:00:00/5-12:21:38,454) /usr/lib/systemd/systemd-udevd (root,8624,6244,00:00:08/5-12:21:36,492) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1652,00:00:01/5-12:21:05,511) /sbin/auditd (messagebus,22932,5912,00:00:07/5-12:21:04,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8360,00:00:04/5-12:21:04,530) /usr/lib/systemd/systemd-logind (root,20556,6064,00:00:00/5-12:21:04,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31704,17460,00:00:03/5-12:21:02,611) /usr/sbin/wickedd --systemd --foreground (root,31900,18024,00:00:00/5-12:21:02,616) /usr/sbin/wickedd-nanny --systemd --foreground (root,547592,23628,00:00:06/5-12:20:48,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26736,00:00:00/5-12:20:48,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4536,00:00:34/5-12:20:48,1337) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1856,00:00:00/5-12:20:48,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40564,10520,00:00:00/5-12:20:48,1341) /usr/lib/systemd/systemd --user (cm-ssh,40560,10652,00:00:00/5-12:20:48,1342) /usr/lib/systemd/systemd --user (checkmk,40568,10560,00:00:00/5-12:20:48,1343) /usr/lib/systemd/systemd --user (root,448964,8616,00:00:06/5-12:20:48,1345) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6344,00:00:44/5-12:20:48,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,656,00:00:00/5-12:20:48,1352) bpfilter_umh (root,26204,8212,00:00:01/5-12:20:48,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4372,00:00:00/5-12:20:48,1359) ntpd: asynchronous dns resolver (spot,212092,174608,06:17:26/5-12:20:47,1368) /usr/bin/python3.11 /usr/bin/spot (syslogtunnel,48528,3192,00:00:00/5-12:20:47,1371) (sd-pam) (checkmk,48528,3192,00:00:00/5-12:20:47,1372) (sd-pam) (cm-ssh,48528,3192,00:00:00/5-12:20:47,1373) (sd-pam) (root,24216,5268,00:00:01/5-12:20:45,1468) /usr/lib/postfix/bin//master -w (postfix,24292,8244,00:00:00/5-12:20:45,1470) qmgr -l -t fifo -u (root,8964,2656,00:00:00/5-12:20:45,1485) /usr/sbin/cron -n (root,35304,10076,00:00:00/5-12:20:42,1516) sshd: syslogtunnel [priv] (syslogtunnel,35304,5504,00:00:18/5-12:20:41,1527) sshd: syslogtunnel (root,617100,71504,00:07:10/5-12:20:39,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,208320,43148,00:02:46/5-12:20:27,1995) /usr/bin/python3.11 /usr/bin/spot (root,35308,10108,00:00:00/5-12:20:02,3216) sshd: cm-ssh [priv] (cm-ssh,35308,5492,00:00:17/5-12:20:02,3218) sshd: cm-ssh (root,0,0,00:00:00/10:11,4816) [kworker/u8:0-flush-253:0] (root,0,0,00:00:00/00:17,11957) [kworker/3:1-ata_sff] (root,0,0,00:00:00/26:41,12853) [kworker/1:0-events] (root,6656,3488,00:00:00/00:00,13061) /bin/bash /usr/bin/check_mk_agent (root,13744,3424,00:00:00/00:00,13079) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,13080) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (postfix,24244,8228,00:00:00/36:31,15243) pickup -l -t fifo -u (root,0,0,00:00:00/01:55:25,18842) [kworker/0:0-events] (root,0,0,00:00:00/57:20,19687) [kworker/3:0-events] (root,0,0,00:00:01/04:40:34,20908) [kworker/2:1-events] (root,0,0,00:00:00/05:28,23268) [kworker/3:2-ata_sff] (root,0,0,00:00:00/15:38,24590) [kworker/0:2-events] (root,0,0,00:00:01/03:23:23,25521) [kworker/1:2-events] (root,0,0,00:00:00/09:15:11,28908) [kworker/u8:2-writeback] (root,0,0,00:00:00/01:22:33,31575) [kworker/2:2-events] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-09-15 23:10 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe568363f76088e1Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189452,12636,00:00:07/3-12:13:06,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/3-12:13:06,2) [kthreadd] (root,0,0,00:00:00/3-12:13:06,3) [rcu_gp] (root,0,0,00:00:00/3-12:13:06,4) [rcu_par_gp] (root,0,0,00:00:00/3-12:13:06,5) [slub_flushwq] (root,0,0,00:00:00/3-12:13:06,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/3-12:13:06,9) [mm_percpu_wq] (root,0,0,00:00:00/3-12:13:06,10) [rcu_tasks_kthre] (root,0,0,00:00:00/3-12:13:06,11) [rcu_tasks_rude_] (root,0,0,00:00:00/3-12:13:06,12) [rcu_tasks_trace] (root,0,0,00:00:05/3-12:13:06,13) [ksoftirqd/0] (root,0,0,00:08:58/3-12:13:06,14) [rcu_preempt] (root,0,0,00:00:01/3-12:13:06,15) [migration/0] (root,0,0,00:00:00/3-12:13:06,16) [idle_inject/0] (root,0,0,00:00:00/3-12:13:06,18) [cpuhp/0] (root,0,0,00:00:00/3-12:13:06,19) [cpuhp/1] (root,0,0,00:00:00/3-12:13:06,20) [idle_inject/1] (root,0,0,00:00:01/3-12:13:06,21) [migration/1] (root,0,0,00:00:05/3-12:13:06,22) [ksoftirqd/1] (root,0,0,00:00:00/3-12:13:06,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/3-12:13:06,25) [cpuhp/2] (root,0,0,00:00:00/3-12:13:06,26) [idle_inject/2] (root,0,0,00:00:01/3-12:13:06,27) [migration/2] (root,0,0,00:06:03/3-12:13:06,28) [ksoftirqd/2] (root,0,0,00:00:00/3-12:13:06,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/3-12:13:06,31) [cpuhp/3] (root,0,0,00:00:00/3-12:13:06,32) [idle_inject/3] (root,0,0,00:00:01/3-12:13:06,33) [migration/3] (root,0,0,00:00:16/3-12:13:06,34) [ksoftirqd/3] (root,0,0,00:00:00/3-12:13:06,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/3-12:13:06,40) [kdevtmpfs] (root,0,0,00:00:00/3-12:13:06,41) [netns] (root,0,0,00:00:00/3-12:13:06,42) [inet_frag_wq] (root,0,0,00:00:00/3-12:13:06,43) [kauditd] (root,0,0,00:00:00/3-12:13:06,44) [khungtaskd] (root,0,0,00:00:00/3-12:13:06,45) [oom_reaper] (root,0,0,00:00:00/3-12:13:06,46) [writeback] (root,0,0,00:00:09/3-12:13:06,47) [kcompactd0] (root,0,0,00:00:00/3-12:13:06,48) [ksmd] (root,0,0,00:00:10/3-12:13:06,49) [khugepaged] (root,0,0,00:00:00/3-12:13:06,75) [kintegrityd] (root,0,0,00:00:00/3-12:13:06,76) [kblockd] (root,0,0,00:00:00/3-12:13:06,77) [blkcg_punt_bio] (root,0,0,00:00:00/3-12:13:06,79) [tpm_dev_wq] (root,0,0,00:00:00/3-12:13:06,80) [edac-poller] (root,0,0,00:00:00/3-12:13:06,81) [devfreq_wq] (root,0,0,00:00:00/3-12:13:06,110) [watchdogd] (root,0,0,00:00:00/3-12:13:06,111) [kswapd0] (root,0,0,00:00:00/3-12:13:06,113) [kworker/2:1H-kblockd] (root,0,0,00:00:00/3-12:13:04,115) [kthrotld] (root,0,0,00:00:00/3-12:13:04,116) [mld] (root,0,0,00:00:00/3-12:13:04,117) [ipv6_addrconf] (root,0,0,00:00:00/3-12:13:04,118) [kworker/0:1H-kblockd] (root,0,0,00:00:00/3-12:13:04,123) [kstrp] (root,0,0,00:00:00/3-12:13:04,124) [zswap-shrink] (root,0,0,00:00:00/3-12:13:04,125) [kworker/u9:0] (root,0,0,00:00:00/3-12:13:04,130) [charger_manager] (root,0,0,00:00:00/3-12:13:04,172) [kworker/1:1H-kblockd] (root,0,0,00:00:01/3-12:13:04,177) [kworker/3:1H-kblockd] (root,0,0,00:00:00/3-12:13:03,239) [kaluad] (root,0,0,00:00:00/3-12:13:03,258) [kmpath_rdacd] (root,0,0,00:00:00/3-12:13:03,304) [kmpathd] (root,0,0,00:00:00/3-12:13:03,305) [kmpath_handlerd] (root,0,0,00:00:00/3-12:13:02,342) [ata_sff] (root,0,0,00:00:00/3-12:13:02,343) [scsi_eh_0] (root,0,0,00:00:00/3-12:13:02,344) [scsi_tmf_0] (root,0,0,00:00:00/3-12:13:02,345) [scsi_eh_1] (root,0,0,00:00:00/3-12:13:02,346) [scsi_tmf_1] (root,0,0,00:00:05/3-12:12:59,366) [jbd2/vda1-8] (root,0,0,00:00:00/3-12:12:59,367) [ext4-rsv-conver] (root,38604,7616,00:00:03/3-12:12:47,440) /usr/lib/systemd/systemd-journald (root,53296,9868,00:00:00/3-12:12:46,454) /usr/lib/systemd/systemd-udevd (root,8624,6244,00:00:05/3-12:12:44,492) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1652,00:00:00/3-12:12:13,511) /sbin/auditd (messagebus,22932,5912,00:00:04/3-12:12:12,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8356,00:00:02/3-12:12:12,530) /usr/lib/systemd/systemd-logind (root,20556,6064,00:00:00/3-12:12:12,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31704,17460,00:00:03/3-12:12:10,611) /usr/sbin/wickedd --systemd --foreground (root,31900,18024,00:00:00/3-12:12:10,616) /usr/sbin/wickedd-nanny --systemd --foreground (root,547336,22784,00:00:04/3-12:11:56,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26736,00:00:00/3-12:11:56,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,0,0,00:00:00/01:00:42,1333) [kworker/0:1-events] (root,21172,4536,00:00:22/3-12:11:56,1337) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1856,00:00:00/3-12:11:56,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40564,10520,00:00:00/3-12:11:56,1341) /usr/lib/systemd/systemd --user (cm-ssh,40560,10652,00:00:00/3-12:11:56,1342) /usr/lib/systemd/systemd --user (checkmk,40568,10560,00:00:00/3-12:11:56,1343) /usr/lib/systemd/systemd --user (root,448964,8096,00:00:04/3-12:11:56,1345) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6344,00:00:27/3-12:11:56,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,656,00:00:00/3-12:11:56,1352) bpfilter_umh (root,26204,8212,00:00:00/3-12:11:56,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4372,00:00:00/3-12:11:56,1359) ntpd: asynchronous dns resolver (spot,206124,169232,04:02:17/3-12:11:55,1368) /usr/bin/python3.11 /usr/bin/spot (syslogtunnel,48528,3192,00:00:00/3-12:11:55,1371) (sd-pam) (checkmk,48528,3192,00:00:00/3-12:11:55,1372) (sd-pam) (cm-ssh,48528,3192,00:00:00/3-12:11:55,1373) (sd-pam) (root,24216,5268,00:00:01/3-12:11:53,1468) /usr/lib/postfix/bin//master -w (postfix,24292,8244,00:00:00/3-12:11:53,1470) qmgr -l -t fifo -u (root,8964,2656,00:00:00/3-12:11:53,1485) /usr/sbin/cron -n (root,35304,10076,00:00:00/3-12:11:50,1516) sshd: syslogtunnel [priv] (syslogtunnel,35304,5504,00:00:11/3-12:11:49,1527) sshd: syslogtunnel (root,615564,67936,00:04:35/3-12:11:47,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,206272,41868,00:01:48/3-12:11:35,1995) /usr/bin/python3.11 /usr/bin/spot (root,0,0,00:00:00/04:00,2037) [kworker/3:1-ata_sff] (root,0,0,00:00:01/07:39:47,2276) [kworker/1:2-events] (root,0,0,00:00:00/50:42,2497) [kworker/3:2-events] (root,35308,10108,00:00:00/3-12:11:10,3216) sshd: cm-ssh [priv] (cm-ssh,35308,5492,00:00:10/3-12:11:10,3218) sshd: cm-ssh (root,0,0,00:00:00/01:20:02,4067) [kworker/1:1] (root,0,0,00:00:01/07:23:44,5266) [kworker/2:1-events] (postfix,24244,8260,00:00:00/49:35,6052) pickup -l -t fifo -u (root,0,0,00:00:00/02:22,11797) [kworker/2:0-events] (root,0,0,00:00:00/09:12,12360) [kworker/3:0-ata_sff] (root,0,0,00:00:00/46:41,13330) [kworker/u8:2-ext4-rsv-conversion] (root,0,0,00:00:00/03:32:25,13615) [kworker/2:2-cgroup_destroy] (root,6656,3488,00:00:00/00:00,20523) /bin/bash /usr/bin/check_mk_agent (root,13744,3508,00:00:00/00:00,20541) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,964,00:00:00/00:00,20542) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:00/36:09,27113) [kworker/u8:1-flush-253:0] (root,0,0,00:00:00/35:58,28172) [kworker/0:2-events] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-09-13 23:01 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe5683630c226664Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189452,12528,00:00:04/1-10:51:15,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/1-10:51:15,2) [kthreadd] (root,0,0,00:00:00/1-10:51:15,3) [rcu_gp] (root,0,0,00:00:00/1-10:51:15,4) [rcu_par_gp] (root,0,0,00:00:00/1-10:51:15,5) [slub_flushwq] (root,0,0,00:00:00/1-10:51:15,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/1-10:51:15,9) [mm_percpu_wq] (root,0,0,00:00:00/1-10:51:15,10) [rcu_tasks_kthre] (root,0,0,00:00:00/1-10:51:15,11) [rcu_tasks_rude_] (root,0,0,00:00:00/1-10:51:15,12) [rcu_tasks_trace] (root,0,0,00:00:02/1-10:51:15,13) [ksoftirqd/0] (root,0,0,00:03:51/1-10:51:15,14) [rcu_preempt] (root,0,0,00:00:00/1-10:51:15,15) [migration/0] (root,0,0,00:00:00/1-10:51:15,16) [idle_inject/0] (root,0,0,00:00:00/1-10:51:15,18) [cpuhp/0] (root,0,0,00:00:00/1-10:51:15,19) [cpuhp/1] (root,0,0,00:00:00/1-10:51:15,20) [idle_inject/1] (root,0,0,00:00:00/1-10:51:15,21) [migration/1] (root,0,0,00:00:02/1-10:51:15,22) [ksoftirqd/1] (root,0,0,00:00:00/1-10:51:15,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/1-10:51:15,25) [cpuhp/2] (root,0,0,00:00:00/1-10:51:15,26) [idle_inject/2] (root,0,0,00:00:00/1-10:51:15,27) [migration/2] (root,0,0,00:02:28/1-10:51:15,28) [ksoftirqd/2] (root,0,0,00:00:00/1-10:51:15,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/1-10:51:15,31) [cpuhp/3] (root,0,0,00:00:00/1-10:51:15,32) [idle_inject/3] (root,0,0,00:00:00/1-10:51:15,33) [migration/3] (root,0,0,00:00:07/1-10:51:15,34) [ksoftirqd/3] (root,0,0,00:00:00/1-10:51:15,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/1-10:51:15,40) [kdevtmpfs] (root,0,0,00:00:00/1-10:51:15,41) [netns] (root,0,0,00:00:00/1-10:51:15,42) [inet_frag_wq] (root,0,0,00:00:00/1-10:51:15,43) [kauditd] (root,0,0,00:00:00/1-10:51:15,44) [khungtaskd] (root,0,0,00:00:00/1-10:51:15,45) [oom_reaper] (root,0,0,00:00:00/1-10:51:15,46) [writeback] (root,0,0,00:00:04/1-10:51:15,47) [kcompactd0] (root,0,0,00:00:00/1-10:51:15,48) [ksmd] (root,0,0,00:00:04/1-10:51:15,49) [khugepaged] (root,0,0,00:00:00/1-10:51:15,75) [kintegrityd] (root,0,0,00:00:00/1-10:51:15,76) [kblockd] (root,0,0,00:00:00/1-10:51:15,77) [blkcg_punt_bio] (root,0,0,00:00:00/1-10:51:15,79) [tpm_dev_wq] (root,0,0,00:00:00/1-10:51:15,80) [edac-poller] (root,0,0,00:00:00/1-10:51:15,81) [devfreq_wq] (root,0,0,00:00:00/1-10:51:15,110) [watchdogd] (root,0,0,00:00:00/1-10:51:15,111) [kswapd0] (root,0,0,00:00:00/1-10:51:15,113) [kworker/2:1H-kblockd] (root,0,0,00:00:00/1-10:51:13,115) [kthrotld] (root,0,0,00:00:00/1-10:51:13,116) [mld] (root,0,0,00:00:00/1-10:51:13,117) [ipv6_addrconf] (root,0,0,00:00:00/1-10:51:13,118) [kworker/0:1H-kblockd] (root,0,0,00:00:00/1-10:51:13,123) [kstrp] (root,0,0,00:00:00/1-10:51:13,124) [zswap-shrink] (root,0,0,00:00:00/1-10:51:13,125) [kworker/u9:0] (root,0,0,00:00:00/1-10:51:13,130) [charger_manager] (root,0,0,00:00:00/1-10:51:13,172) [kworker/1:1H-kblockd] (root,0,0,00:00:00/1-10:51:13,177) [kworker/3:1H-kblockd] (root,0,0,00:00:00/1-10:51:12,239) [kaluad] (root,0,0,00:00:00/1-10:51:12,258) [kmpath_rdacd] (root,0,0,00:00:00/1-10:51:12,304) [kmpathd] (root,0,0,00:00:00/1-10:51:12,305) [kmpath_handlerd] (root,0,0,00:00:00/1-10:51:11,342) [ata_sff] (root,0,0,00:00:00/1-10:51:11,343) [scsi_eh_0] (root,0,0,00:00:00/1-10:51:11,344) [scsi_tmf_0] (root,0,0,00:00:00/1-10:51:11,345) [scsi_eh_1] (root,0,0,00:00:00/1-10:51:11,346) [scsi_tmf_1] (root,0,0,00:00:02/1-10:51:08,366) [jbd2/vda1-8] (root,0,0,00:00:00/1-10:51:08,367) [ext4-rsv-conver] (root,38604,7616,00:00:01/1-10:50:56,440) /usr/lib/systemd/systemd-journald (root,53296,9868,00:00:00/1-10:50:55,454) /usr/lib/systemd/systemd-udevd (root,8624,6244,00:00:02/1-10:50:53,492) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1652,00:00:00/1-10:50:22,511) /sbin/auditd (messagebus,22932,5912,00:00:02/1-10:50:21,517) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38748,8328,00:00:01/1-10:50:21,530) /usr/lib/systemd/systemd-logind (root,20556,6064,00:00:00/1-10:50:21,539) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31704,17460,00:00:03/1-10:50:19,611) /usr/sbin/wickedd --systemd --foreground (root,31900,18024,00:00:00/1-10:50:19,616) /usr/sbin/wickedd-nanny --systemd --foreground (postfix,24244,8192,00:00:00/01:29:44,777) pickup -l -t fifo -u (root,547336,22256,00:00:01/1-10:50:05,1316) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26736,00:00:00/1-10:50:05,1328) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4536,00:00:08/1-10:50:05,1337) /usr/sbin/xinetd -stayalive -dontfork (root,2984,1856,00:00:00/1-10:50:05,1340) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40564,10520,00:00:00/1-10:50:05,1341) /usr/lib/systemd/systemd --user (cm-ssh,40560,10652,00:00:00/1-10:50:05,1342) /usr/lib/systemd/systemd --user (checkmk,40568,10560,00:00:00/1-10:50:05,1343) /usr/lib/systemd/systemd --user (root,448724,7512,00:00:01/1-10:50:05,1345) /usr/sbin/rsyslogd -n -iNONE (ntp,20660,6344,00:00:11/1-10:50:05,1347) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,656,00:00:00/1-10:50:05,1352) bpfilter_umh (root,26204,8212,00:00:00/1-10:50:05,1358) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4372,00:00:00/1-10:50:05,1359) ntpd: asynchronous dns resolver (spot,204748,167868,01:57:39/1-10:50:04,1368) /usr/bin/python3.11 /usr/bin/spot (syslogtunnel,48528,3192,00:00:00/1-10:50:04,1371) (sd-pam) (checkmk,48528,3192,00:00:00/1-10:50:04,1372) (sd-pam) (cm-ssh,48528,3192,00:00:00/1-10:50:04,1373) (sd-pam) (root,24216,5268,00:00:00/1-10:50:02,1468) /usr/lib/postfix/bin//master -w (postfix,24292,8244,00:00:00/1-10:50:02,1470) qmgr -l -t fifo -u (root,8964,2656,00:00:00/1-10:50:02,1485) /usr/sbin/cron -n (root,35304,10076,00:00:00/1-10:49:59,1516) sshd: syslogtunnel [priv] (syslogtunnel,35304,5504,00:00:05/1-10:49:58,1527) sshd: syslogtunnel (root,615564,69636,00:01:59/1-10:49:56,1532) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,206272,41332,00:00:49/1-10:49:44,1995) /usr/bin/python3.11 /usr/bin/spot (root,35308,10108,00:00:00/1-10:49:19,3216) sshd: cm-ssh [priv] (cm-ssh,35308,5492,00:00:04/1-10:49:19,3218) sshd: cm-ssh (root,0,0,00:00:00/09:51,3521) [kworker/3:1-ata_sff] (root,0,0,00:00:00/29:29,4224) [kworker/u8:0-flush-253:0] (root,0,0,00:00:00/04:39,12770) [kworker/3:2-ata_sff] (root,0,0,00:00:00/39:41,16572) [kworker/0:2-events] (root,0,0,00:00:00/54:25,18327) [kworker/u8:2-ext4-rsv-conversion] (root,0,0,00:00:01/01:48:24,22690) [kworker/3:0-events_freezable_power_] (root,6656,3492,00:00:00/00:00,22721) /bin/bash /usr/bin/check_mk_agent (root,6656,1828,00:00:00/00:00,22762) /bin/bash /usr/bin/check_mk_agent (root,6656,2020,00:00:00/00:00,22763) /bin/bash /usr/bin/check_mk_agent (root,4480,1152,00:00:00/00:00,22764) awk /:/ { c[$4]++; } END { for (x in c) { print x, c[x]; } } (root,2728,780,00:00:00/00:00,22765) timeout 5 cat /proc/net/tcp /proc/net/tcp6 (root,6656,3488,00:00:00/00:00,22767) /bin/bash /usr/bin/check_mk_agent (root,13744,3416,00:00:00/00:00,22785) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,968,00:00:00/00:00,22786) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:00/17:45,24470) [kworker/2:1-events] (root,0,0,00:00:04/04:50:37,25188) [kworker/1:2-events] (root,0,0,00:00:00/03:01:26,25538) [kworker/1:1] (root,0,0,00:00:00/50:35,25963) [kworker/2:0-events] (root,0,0,00:00:00/02:07:06,31079) [kworker/0:1-events] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-09-11 21:39 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbbdf2c1a4295b567ff3c93ce4fe56836391de3743Found public CheckMk agent: Version: 1.5.0p25 AgentOS: linux Hostname: sarpedon AgentDirectory: /etc/check_mk DataDirectory: /var/lib/check_mk_agent SpoolDirectory: /var/lib/check_mk_agent/spool PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local OnlyFrom: Found process list through CheckMk: (root,189460,12476,00:00:07/3-15:24:13,1) /usr/lib/systemd/systemd showopts --switched-root --system --deserialize 29 (root,0,0,00:00:00/3-15:24:13,2) [kthreadd] (root,0,0,00:00:00/3-15:24:13,3) [rcu_gp] (root,0,0,00:00:00/3-15:24:13,4) [rcu_par_gp] (root,0,0,00:00:00/3-15:24:13,5) [slub_flushwq] (root,0,0,00:00:00/3-15:24:13,7) [kworker/0:0H-events_highpri] (root,0,0,00:00:00/3-15:24:13,9) [mm_percpu_wq] (root,0,0,00:00:00/3-15:24:13,10) [rcu_tasks_kthre] (root,0,0,00:00:00/3-15:24:13,11) [rcu_tasks_rude_] (root,0,0,00:00:00/3-15:24:13,12) [rcu_tasks_trace] (root,0,0,00:00:09/3-15:24:13,13) [ksoftirqd/0] (root,0,0,00:13:02/3-15:24:13,14) [rcu_preempt] (root,0,0,00:00:01/3-15:24:13,15) [migration/0] (root,0,0,00:00:00/3-15:24:13,16) [idle_inject/0] (root,0,0,00:00:00/3-15:24:13,18) [cpuhp/0] (root,0,0,00:00:00/3-15:24:13,19) [cpuhp/1] (root,0,0,00:00:00/3-15:24:13,20) [idle_inject/1] (root,0,0,00:00:01/3-15:24:13,21) [migration/1] (root,0,0,00:00:07/3-15:24:13,22) [ksoftirqd/1] (root,0,0,00:00:00/3-15:24:13,24) [kworker/1:0H-events_highpri] (root,0,0,00:00:00/3-15:24:13,25) [cpuhp/2] (root,0,0,00:00:00/3-15:24:13,26) [idle_inject/2] (root,0,0,00:00:01/3-15:24:13,27) [migration/2] (root,0,0,00:13:00/3-15:24:13,28) [ksoftirqd/2] (root,0,0,00:00:00/3-15:24:13,30) [kworker/2:0H-events_highpri] (root,0,0,00:00:00/3-15:24:13,31) [cpuhp/3] (root,0,0,00:00:00/3-15:24:13,32) [idle_inject/3] (root,0,0,00:00:01/3-15:24:13,33) [migration/3] (root,0,0,00:00:35/3-15:24:13,34) [ksoftirqd/3] (root,0,0,00:00:00/3-15:24:13,36) [kworker/3:0H-events_highpri] (root,0,0,00:00:00/3-15:24:13,41) [kdevtmpfs] (root,0,0,00:00:00/3-15:24:13,42) [netns] (root,0,0,00:00:00/3-15:24:13,43) [inet_frag_wq] (root,0,0,00:00:00/3-15:24:13,44) [kauditd] (root,0,0,00:00:00/3-15:24:13,46) [khungtaskd] (root,0,0,00:00:00/3-15:24:13,47) [oom_reaper] (root,0,0,00:00:00/3-15:24:13,48) [writeback] (root,0,0,00:00:15/3-15:24:13,49) [kcompactd0] (root,0,0,00:00:00/3-15:24:13,50) [ksmd] (root,0,0,00:00:11/3-15:24:13,51) [khugepaged] (root,0,0,00:00:00/3-15:24:13,76) [kintegrityd] (root,0,0,00:00:00/3-15:24:13,77) [kblockd] (root,0,0,00:00:00/3-15:24:13,78) [blkcg_punt_bio] (root,0,0,00:00:00/3-15:24:13,80) [tpm_dev_wq] (root,0,0,00:00:00/3-15:24:13,81) [edac-poller] (root,0,0,00:00:00/3-15:24:13,82) [devfreq_wq] (root,0,0,00:00:00/3-15:24:13,111) [watchdogd] (root,0,0,00:00:01/3-15:24:13,113) [kworker/1:1H-kblockd] (root,0,0,00:00:00/3-15:24:13,114) [kswapd0] (root,0,0,00:00:00/3-15:24:12,116) [kthrotld] (root,0,0,00:00:00/3-15:24:12,117) [mld] (root,0,0,00:00:00/3-15:24:12,118) [ipv6_addrconf] (root,0,0,00:00:01/3-15:24:12,119) [kworker/3:1H-kblockd] (root,0,0,00:00:00/3-15:24:12,124) [kstrp] (root,0,0,00:00:00/3-15:24:12,125) [zswap-shrink] (root,0,0,00:00:00/3-15:24:12,126) [kworker/u9:0] (root,0,0,00:00:00/3-15:24:12,131) [charger_manager] (root,0,0,00:00:01/3-15:24:12,173) [kworker/0:1H-kblockd] (root,0,0,00:00:01/3-15:24:12,177) [kworker/2:1H-kblockd] (root,0,0,00:00:00/3-15:24:12,190) [kaluad] (root,0,0,00:00:00/3-15:24:12,197) [kmpath_rdacd] (root,0,0,00:00:00/3-15:24:12,210) [kmpathd] (root,0,0,00:00:00/3-15:24:12,212) [kmpath_handlerd] (root,0,0,00:00:00/3-15:24:12,335) [ata_sff] (root,0,0,00:00:00/3-15:24:12,336) [scsi_eh_0] (root,0,0,00:00:00/3-15:24:12,337) [scsi_tmf_0] (root,0,0,00:00:00/3-15:24:12,338) [scsi_eh_1] (root,0,0,00:00:00/3-15:24:12,341) [scsi_tmf_1] (root,0,0,00:00:08/3-15:24:11,365) [jbd2/vda1-8] (root,0,0,00:00:00/3-15:24:11,366) [ext4-rsv-conver] (root,38604,7720,00:00:04/3-15:24:09,435) /usr/lib/systemd/systemd-journald (root,52912,9276,00:00:00/3-15:24:09,452) /usr/lib/systemd/systemd-udevd (root,8624,6920,00:00:07/3-15:24:09,490) /usr/sbin/haveged -w 1024 -v 0 -F (root,13476,1648,00:00:01/3-15:24:08,509) /sbin/auditd (messagebus,22940,5852,00:00:05/3-15:24:08,515) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only (root,38756,8376,00:00:03/3-15:24:08,522) /usr/lib/systemd/systemd-logind (root,20556,6136,00:00:00/3-15:24:08,525) /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground (root,31704,17424,00:00:03/3-15:24:08,612) /usr/sbin/wickedd --systemd --foreground (root,31904,17884,00:00:00/3-15:24:08,613) /usr/sbin/wickedd-nanny --systemd --foreground (root,547336,24716,00:00:04/3-15:23:57,2070) python3 /services/inst/nemo-exportd/bin/nemo-exportd (root,37016,26892,00:00:00/3-15:23:57,2082) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (root,21172,4524,00:00:20/3-15:23:57,2094) /usr/sbin/xinetd -stayalive -dontfork (root,448724,10192,00:00:05/3-15:23:57,2096) /usr/sbin/rsyslogd -n -iNONE (root,2984,1756,00:00:00/3-15:23:57,2097) /sbin/agetty -o -p -- \u --noclear tty1 linux (syslogtunnel,40568,10592,00:00:00/3-15:23:57,2098) /usr/lib/systemd/systemd --user (cm-ssh,40560,10476,00:00:00/3-15:23:57,2099) /usr/lib/systemd/systemd --user (checkmk,40564,10532,00:00:00/3-15:23:57,2100) /usr/lib/systemd/systemd --user (ntp,20660,6368,00:00:36/3-15:23:57,2104) /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf (root,2516,644,00:00:00/3-15:23:57,2106) bpfilter_umh (root,26204,8300,00:00:00/3-15:23:57,2109) sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups (ntp,22048,4396,00:00:00/3-15:23:57,2113) ntpd: asynchronous dns resolver (spot,226500,187432,08:28:57/3-15:23:57,2118) /usr/bin/python3.11 /usr/bin/spot (checkmk,48544,3180,00:00:00/3-15:23:57,2121) (sd-pam) (cm-ssh,48544,3180,00:00:00/3-15:23:57,2122) (sd-pam) (syslogtunnel,48544,3180,00:00:00/3-15:23:57,2123) (sd-pam) (root,24216,5416,00:00:01/3-15:23:56,2222) /usr/lib/postfix/bin//master -w (postfix,24292,8260,00:00:00/3-15:23:56,2224) qmgr -l -t fifo -u (root,8956,2652,00:00:00/3-15:23:56,2246) /usr/sbin/cron -n (root,616308,69032,00:05:51/3-15:23:56,2261) /opt/dfn-cert-salt/bin/python /opt/dfn-cert-salt/bin/salt-minion (spot,207296,41464,00:02:31/3-15:23:54,2272) /usr/bin/python3.11 /usr/bin/spot (root,35308,9940,00:00:00/3-15:23:51,2320) sshd: cm-ssh [priv] (cm-ssh,35308,5384,00:00:13/3-15:23:51,2322) sshd: cm-ssh (root,35308,9992,00:00:00/3-15:23:47,2329) sshd: syslogtunnel [priv] (syslogtunnel,35308,5312,00:00:15/3-15:23:47,2331) sshd: syslogtunnel (root,0,0,00:00:00/02:35,2826) [kworker/3:2-ata_sff] (root,0,0,00:00:00/02:30:58,3663) [kworker/0:0] (root,0,0,00:00:00/01:12:44,4011) [kworker/0:2-events] (root,6656,3484,00:00:00/00:00,9246) /bin/bash /usr/bin/check_mk_agent (root,13744,3512,00:00:00/00:00,9264) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000 (root,11644,952,00:00:00/00:00,9265) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) / (root,0,0,00:00:00/01:08:36,10069) [kworker/u8:2-writeback] (root,0,0,00:00:00/07:48,11792) [kworker/3:0-ata_sff] (postfix,24244,8240,00:00:00/42:35,13051) pickup -l -t fifo -u (root,0,0,00:00:00/03:57:32,13520) [kworker/2:1-cgroup_destroy] (root,0,0,00:00:00/39:40,14875) [kworker/1:0-events] (root,0,0,00:00:00/04:08:20,16689) [kworker/1:1-events] (postfix,44628,9388,00:00:00/19:44:52,18145) tlsmgr -l -t unix -u (root,0,0,00:00:00/02:08:34,20649) [kworker/u8:1-ext4-rsv-conversion] (root,0,0,00:00:01/02:07:07,21904) [kworker/3:1-events] (root,0,0,00:00:00/02:41:49,28204) [kworker/2:0-events] Found network interfaces through CheckMk: [start_iplink] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d2:d8:79:3d:79:c8 brd ff:ff:ff:ff:ff:ff altname enp0s18 altname ens18 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 42:10:47:e6:ef:4b brd ff:ff:ff:ff:ff:ff altname enp0s19 altname ens19 [end_iplink]Found on 2024-09-10 00:29
-
Open service 212.201.193.138:8080
2024-12-17 18:16
HTTP/1.0 407 Proxy Authentication Required Server: squid/2.5.STABLE12 Date: Tue, 17 Dec 2024 19:16:14 GMT Proxy-Authenticate: Basic realm="Access" Proxy-Authenticate: Digest realm="Access", qop="auth,auth-int", nonce="b'MTczNDQ1OTM3NC4yMDc0Nzk6R2SBooxc5ylbBh9Xmj4Glw=='", opaque="982593f7d27b8212b1aafe59ba43acc9" X-Squid-Error: ERR_CACHE_ACCESS_DENIED 0 X-Cache: MISS from asyneddy.euchas.py X-Cache-Lookup: NONE from asyneddy.euchas.py:8080 Connection: close Content-Type: text/html Content-Length: 319 Page title: 407 Proxy Authentication Required <?xml version="1.0" encoding="utf-8"?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html> <head> <title>407 Proxy Authentication Required</title> </head> <body> <h1>407 Proxy Authentication Required</h1> </body> </html>Found 2024-12-17 by HttpPluginCreate report
Domain summary
No record