LeakIX - Host 217.86.173.171

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcb18c9d43c4eace194284a4aeb41cc72cefe4a437d

Found public CheckMk agent:
Version: 2.4.0b1
AgentOS: freebsd
Hostname: 12637-FW002.economy.local
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/local/lib/check_mk_agent/plugins
LocalDirectory: /usr/local/lib/check_mk_agent/local
OSType: unix
FailedPythonReason: 
SSHClient: 

Found process list through CheckMk:
[time]
1734829093
[processes]
(root,0,2240,0.0) [kernel]
(root,11332,1224,0.0) /sbin/init
(root,0,128,0.0) [clock]
(root,0,144,0.0) [crypto]
(root,0,64,0.0) [cam]
(root,0,16,0.0) [ciss_notify0]
(root,0,16,0.0) [busdma]
(root,0,1376,0.0) [zfskern]
(root,0,16,0.0) [pf purge]
(root,0,16,0.0) [rand_harvestq]
(root,0,16,0.0) [audit]
(root,0,128,797.0) [idle]
(root,0,320,0.0) [intr]
(root,0,128,0.0) [ng_queue]
(root,0,48,0.0) [geom]
(root,0,16,0.0) [sequencer 00]
(root,0,320,0.0) [usb]
(root,0,48,0.0) [pagedaemon]
(root,0,16,0.0) [vmdaemon]
(root,0,128,0.0) [bufdaemon]
(root,0,16,0.0) [vnlru]
(root,0,16,0.0) [syncer]
(root,0,16,0.0) [ALQ Daemon]
(root,0,16,0.0) [enc_daemon0]
(root,109292,30560,0.0) php-fpm: master process (/usr/local/lib/php-fpm.conf) (php-fpm)
(root,148352,54540,0.0) php-fpm: pool nginx (php-fpm)
(root,148416,55548,0.0) php-fpm: pool nginx (php-fpm)
(root,13228,2868,0.0) /usr/local/sbin/check_reload_status
(root,13228,2644,0.0) check_reload_status: Monitoring daemon of check_reload_status (check_reload_status)
(root,14352,3952,0.0) /sbin/devd -q -f /etc/pfSense-devd.conf
(root,12656,2160,0.0) sleep 60
(root,75624,27700,0.0) /usr/local/sbin/kea-dhcp4 -c /usr/local/etc/kea/kea-dhcp4.conf
(root,148416,54328,0.0) php-fpm: pool nginx (php-fpm)
(root,13320,3028,0.0) /bin/sh /usr/local/sbin/sshguard -i /var/run/sshguard.pid
(root,12660,2356,0.0) /bin/cat
(root,19324,5840,0.0) /usr/local/libexec/sshg-parser
(root,17364,2996,0.0) /usr/local/libexec/sshg-blocker -w /usr/local/etc/sshguard.whitelist
(root,13320,3028,0.0) /bin/sh /usr/local/sbin/sshguard -i /var/run/sshguard.pid
(root,13320,3024,0.0) /bin/sh /usr/local/libexec/sshg-fw-pf
(root,13320,2976,0.0) /bin/sh /var/db/rrd/updaterrd.sh
(root,25840,10788,0.0) /usr/local/sbin/mpd5 -b -k -d /var/etc -f mpd_wan.conf -p /var/run/pppoe_wan.pid -s ppp pppoeclient
(root,23608,9108,0.0) /usr/local/sbin/ntpd -g -c /var/etc/ntpd.conf -p /var/run/ntpd.pid
(root,31348,9400,0.0) nginx: master process /usr/local/sbin/nginx -c /var/etc/nginx-webConfigurator.conf (nginx)
(root,33908,12632,0.0) nginx: worker process (nginx)
(root,33908,12920,0.0) nginx: worker process (nginx)
(root,12860,2564,0.0) /usr/sbin/cron -s
(root,14648,4508,0.0) /usr/local/bin/bash /opt/bin/check_mk_agent
(root,14648,4540,0.0) /usr/local/bin/bash /opt/bin/check_mk_agent
(root,14648,4500,0.0) /usr/local/bin/bash /opt/bin/check_mk_agent
(root,12660,2348,0.0) cat
(root,13388,3220,0.0) ps ax -ww -o state,user,vsz,rss,pcpu,command
(root,19936,9896,0.0) /usr/local/sbin/openvpn --config /var/etc/openvpn/client4/config.ovpn
(nobody,17888,5344,0.0) /usr/local/sbin/dnsmasq -C /dev/null --server=/economy.local/10.105.10.10 --no-resolv --server=8.8.8.8 --server=1.1.1.1 --all-servers --dns-forward-max=5000 --cache-size=10000 --local-ttl=1
(root,13320,3004,0.0) /bin/sh /etc/rc.update_pkg_metadata
(root,12656,2160,0.0) sleep 34598
(root,13424,3508,0.0) /usr/local/sbin/filterlog -i pflog0 -p /var/run/filterlog.pid
(root,25840,10784,0.0) /usr/local/sbin/mpd5 -b -k -d /var/etc -f mpd_opt1.conf -p /var/run/pppoe_opt1.pid -s ppp pppoeclient
(nobody,12768,2448,0.0) daemon: /usr/bin/env[71221] (daemon)
(nobody,745672,22104,0.0) /usr/local/bin/node_exporter --web.listen-address=10.240.252.148:9100 --collector.textfile.directory=/var/tmp/node_exporter --collector.boottime --collector.cpu --collector.exec --collector.filesystem --collector.loadavg --collector.meminfo --collector.netdev --collector.textfile --collector.time --log.level=warn
(root,148288,54144,0.0) php-fpm: pool nginx (php-fpm)
(root,12820,2948,0.0) /usr/sbin/syslogd -O rfc3164 -s -c -c -l /var/dhcpd/var/run/log -P /var/run/syslog.pid -f /etc/syslog.conf
(root,12656,2148,0.0) /usr/local/bin/minicron 240 /var/run/ping_hosts.pid /usr/local/bin/ping_hosts.sh
(root,12656,2168,0.0) minicron: helper /usr/local/bin/ping_hosts.sh  (minicron)
(root,12656,2152,0.0) /usr/local/bin/minicron 300 /var/run/ipsec_keepalive.pid /usr/local/bin/ipsec_keepalive.php
(root,12656,2172,0.0) minicron: helper /usr/local/bin/ipsec_keepalive.php  (minicron)
(root,12656,2152,0.0) /usr/local/bin/minicron 3600 /var/run/expire_accounts.pid /usr/local/sbin/fcgicli -f /etc/rc.expireaccounts
(root,12656,2176,0.0) minicron: helper /usr/local/sbin/fcgicli -f /etc/rc.expireaccounts  (minicron)
(root,12656,2152,0.0) /usr/local/bin/minicron 86400 /var/run/update_alias_url_data.pid /usr/local/sbin/fcgicli -f /etc/rc.update_alias_url_data
(root,12656,2176,0.0) minicron: helper /usr/local/sbin/fcgicli -f /etc/rc.update_alias_url_data  (minicron)
(root,19936,9720,0.0) /usr/local/sbin/openvpn --config /var/etc/openvpn/client3/config.ovpn
(root,13508,2836,0.0) /usr/local/bin/dpinger -S -r 0 -i WAN_DHCP -B 217.86.173.171 -p /var/run/dpinger_WAN_DHCP~217.86.173.171~8.8.8.8.pid -u /var/run/dpinger_WAN_DHCP~217.86.173.171~8.8.8.8.sock -d 1 -s 500 -l 2000 -t 60000 -A 1000 -D 500 -L 20 8.8.8.8
(root,17736,2932,0.0) /usr/local/bin/dpinger -S -r 0 -i WAN2 -B 87.128.57.32 -p /var/run/dpinger_WAN2~87.128.57.32~1.1.1.1.pid -u /var/run/dpinger_WAN2~87.128.57.32~1.1.1.1.sock -d 1 -s 500 -l 2000 -t 60000 -A 1000 -D 500 -L 20 1.1.1.1
(root,13404,3064,0.0) /usr/local/sbin/xinetd -syslog daemon -f /var/etc/xinetd.conf -pidfile /var/run/xinetd.pid
(root,13508,2844,0.0) /usr/local/bin/dpinger -S -r 0 -i WANUnitymediaGW -B 94.79.148.98 -p /var/run/dpinger_WANUnitymediaGW~94.79.148.98~91.190.204.61.pid -u /var/run/dpinger_WANUnitymediaGW~94.79.148.98~91.190.204.61.sock -C /etc/rc.gateway_alarm -d 1 -s 500 -l 2000 -t 60000 -A 1000 -D 500 -L 20 91.190.204.61
(root,148928,54844,0.0) php-fpm: pool nginx (php-fpm)
(root,22448,10272,0.0) sshd: /usr/sbin/sshd [listener] 0 of 10-100 startups (sshd)
(root,13204,2828,0.0) login [pam] (login)
(root,13320,3192,0.0) -sh (sh)
(root,13320,2932,0.0) /bin/sh /etc/rc.initial
(root,13204,2832,0.0) login [pam] (login)
(root,13320,3208,0.0) -sh (sh)
(root,13320,2928,0.0) /bin/sh /etc/rc.initial
(root,12788,2252,0.0) /usr/libexec/getty Pc ttyv1
(root,12788,2248,0.0) /usr/libexec/getty Pc ttyv2
(root,12788,2252,0.0) /usr/libexec/getty Pc ttyv3
(root,12788,2252,0.0) /usr/libexec/getty Pc ttyv4
(root,12788,2252,0.0) /usr/libexec/getty Pc ttyv5
(root,12788,2248,0.0) /usr/libexec/getty Pc ttyv6
(root,12788,2252,0.0) /usr/libexec/getty Pc ttyv7

Found on 2024-12-22 00:58

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcb18c9d43c4eace194284a4aeb41cc72ce8e2c4b90

Found public CheckMk agent:
Version: 2.4.0b1
AgentOS: freebsd
Hostname: 12637-FW002.economy.local
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/local/lib/check_mk_agent/plugins
LocalDirectory: /usr/local/lib/check_mk_agent/local
OSType: unix
FailedPythonReason: 
SSHClient: 

Found process list through CheckMk:
[time]
1734654714
[processes]
(root,0,2240,0.0) [kernel]
(root,11332,1224,0.0) /sbin/init
(root,0,128,0.0) [clock]
(root,0,144,0.0) [crypto]
(root,0,64,0.0) [cam]
(root,0,16,0.0) [ciss_notify0]
(root,0,16,0.0) [busdma]
(root,0,1376,0.0) [zfskern]
(root,0,16,0.0) [pf purge]
(root,0,16,0.0) [rand_harvestq]
(root,0,16,0.0) [audit]
(root,0,128,799.3) [idle]
(root,0,320,0.0) [intr]
(root,0,128,0.0) [ng_queue]
(root,0,48,0.0) [geom]
(root,0,16,0.0) [sequencer 00]
(root,0,320,0.0) [usb]
(root,0,48,0.0) [pagedaemon]
(root,0,16,0.0) [vmdaemon]
(root,0,128,0.0) [bufdaemon]
(root,0,16,0.0) [vnlru]
(root,0,16,0.0) [syncer]
(root,0,16,0.0) [ALQ Daemon]
(root,0,16,0.0) [enc_daemon0]
(root,109292,30560,0.0) php-fpm: master process (/usr/local/lib/php-fpm.conf) (php-fpm)
(root,148352,54540,0.0) php-fpm: pool nginx (php-fpm)
(root,148416,55548,0.0) php-fpm: pool nginx (php-fpm)
(root,13228,2868,0.0) /usr/local/sbin/check_reload_status
(root,13228,2644,0.0) check_reload_status: Monitoring daemon of check_reload_status (check_reload_status)
(root,14352,3952,0.0) /sbin/devd -q -f /etc/pfSense-devd.conf
(root,75624,27656,0.0) /usr/local/sbin/kea-dhcp4 -c /usr/local/etc/kea/kea-dhcp4.conf
(root,148416,54328,0.0) php-fpm: pool nginx (php-fpm)
(root,13320,2968,0.0) /bin/sh /var/db/rrd/updaterrd.sh
(root,13320,3032,0.0) /bin/sh /usr/local/sbin/sshguard -i /var/run/sshguard.pid
(root,12656,2152,0.0) /usr/local/sbin/cpustats
(root,12664,2220,0.0) cut -f1-4 -d:
(root,12660,2352,0.0) /bin/cat
(root,13320,2976,0.0) /bin/sh /var/db/rrd/updaterrd.sh
(root,19324,5836,0.0) /usr/local/libexec/sshg-parser
(root,17364,2992,0.0) /usr/local/libexec/sshg-blocker -w /usr/local/etc/sshguard.whitelist
(root,13320,3032,0.0) /bin/sh /usr/local/sbin/sshguard -i /var/run/sshguard.pid
(root,13320,3028,0.0) /bin/sh /usr/local/libexec/sshg-fw-pf
(root,25840,10788,0.0) /usr/local/sbin/mpd5 -b -k -d /var/etc -f mpd_wan.conf -p /var/run/pppoe_wan.pid -s ppp pppoeclient
(root,23608,9108,0.0) /usr/local/sbin/ntpd -g -c /var/etc/ntpd.conf -p /var/run/ntpd.pid
(root,31348,9400,0.0) nginx: master process /usr/local/sbin/nginx -c /var/etc/nginx-webConfigurator.conf (nginx)
(root,33908,12632,0.0) nginx: worker process (nginx)
(root,33908,12920,0.0) nginx: worker process (nginx)
(root,12860,2564,0.0) /usr/sbin/cron -s
(root,14648,4504,0.0) /usr/local/bin/bash /opt/bin/check_mk_agent
(root,14648,4540,0.0) /usr/local/bin/bash /opt/bin/check_mk_agent
(root,14648,4496,0.0) /usr/local/bin/bash /opt/bin/check_mk_agent
(root,12660,2352,0.0) cat
(root,13388,3240,0.0) ps ax -ww -o state,user,vsz,rss,pcpu,command
(root,19936,9896,0.0) /usr/local/sbin/openvpn --config /var/etc/openvpn/client4/config.ovpn
(nobody,17888,5344,0.0) /usr/local/sbin/dnsmasq -C /dev/null --server=/economy.local/10.105.10.10 --no-resolv --server=8.8.8.8 --server=1.1.1.1 --all-servers --dns-forward-max=5000 --cache-size=10000 --local-ttl=1
(root,13424,3508,0.0) /usr/local/sbin/filterlog -i pflog0 -p /var/run/filterlog.pid
(root,25840,10784,0.0) /usr/local/sbin/mpd5 -b -k -d /var/etc -f mpd_opt1.conf -p /var/run/pppoe_opt1.pid -s ppp pppoeclient
(nobody,12768,2448,0.0) daemon: /usr/bin/env[71221] (daemon)
(nobody,745672,22100,0.0) /usr/local/bin/node_exporter --web.listen-address=10.240.252.148:9100 --collector.textfile.directory=/var/tmp/node_exporter --collector.boottime --collector.cpu --collector.exec --collector.filesystem --collector.loadavg --collector.meminfo --collector.netdev --collector.textfile --collector.time --log.level=warn
(root,148288,54144,0.0) php-fpm: pool nginx (php-fpm)
(root,13320,3012,0.0) /bin/sh /etc/rc.update_pkg_metadata
(root,12656,2160,0.0) sleep 5898
(root,12820,2948,0.0) /usr/sbin/syslogd -O rfc3164 -s -c -c -l /var/dhcpd/var/run/log -P /var/run/syslog.pid -f /etc/syslog.conf
(root,12656,2148,0.0) /usr/local/bin/minicron 240 /var/run/ping_hosts.pid /usr/local/bin/ping_hosts.sh
(root,12656,2168,0.0) minicron: helper /usr/local/bin/ping_hosts.sh  (minicron)
(root,12656,2152,0.0) /usr/local/bin/minicron 300 /var/run/ipsec_keepalive.pid /usr/local/bin/ipsec_keepalive.php
(root,12656,2172,0.0) minicron: helper /usr/local/bin/ipsec_keepalive.php  (minicron)
(root,12656,2152,0.0) /usr/local/bin/minicron 3600 /var/run/expire_accounts.pid /usr/local/sbin/fcgicli -f /etc/rc.expireaccounts
(root,12656,2176,0.0) minicron: helper /usr/local/sbin/fcgicli -f /etc/rc.expireaccounts  (minicron)
(root,12656,2152,0.0) /usr/local/bin/minicron 86400 /var/run/update_alias_url_data.pid /usr/local/sbin/fcgicli -f /etc/rc.update_alias_url_data
(root,12656,2176,0.0) minicron: helper /usr/local/sbin/fcgicli -f /etc/rc.update_alias_url_data  (minicron)
(root,19936,9720,0.0) /usr/local/sbin/openvpn --config /var/etc/openvpn/client3/config.ovpn
(root,13508,2836,0.0) /usr/local/bin/dpinger -S -r 0 -i WAN_DHCP -B 217.86.173.171 -p /var/run/dpinger_WAN_DHCP~217.86.173.171~8.8.8.8.pid -u /var/run/dpinger_WAN_DHCP~217.86.173.171~8.8.8.8.sock -d 1 -s 500 -l 2000 -t 60000 -A 1000 -D 500 -L 20 8.8.8.8
(root,17736,2932,0.0) /usr/local/bin/dpinger -S -r 0 -i WAN2 -B 87.128.57.32 -p /var/run/dpinger_WAN2~87.128.57.32~1.1.1.1.pid -u /var/run/dpinger_WAN2~87.128.57.32~1.1.1.1.sock -d 1 -s 500 -l 2000 -t 60000 -A 1000 -D 500 -L 20 1.1.1.1
(root,13404,3064,0.0) /usr/local/sbin/xinetd -syslog daemon -f /var/etc/xinetd.conf -pidfile /var/run/xinetd.pid
(root,13508,2844,0.0) /usr/local/bin/dpinger -S -r 0 -i WANUnitymediaGW -B 94.79.148.98 -p /var/run/dpinger_WANUnitymediaGW~94.79.148.98~91.190.204.61.pid -u /var/run/dpinger_WANUnitymediaGW~94.79.148.98~91.190.204.61.sock -C /etc/rc.gateway_alarm -d 1 -s 500 -l 2000 -t 60000 -A 1000 -D 500 -L 20 91.190.204.61
(root,148928,54844,0.0) php-fpm: pool nginx (php-fpm)
(root,22448,10272,0.0) sshd: /usr/sbin/sshd [listener] 0 of 10-100 startups (sshd)
(root,13204,2828,0.0) login [pam] (login)
(root,13320,3192,0.0) -sh (sh)
(root,13320,2932,0.0) /bin/sh /etc/rc.initial
(root,13204,2832,0.0) login [pam] (login)
(root,13320,3208,0.0) -sh (sh)
(root,13320,2928,0.0) /bin/sh /etc/rc.initial
(root,12788,2252,0.0) /usr/libexec/getty Pc ttyv1
(root,12788,2248,0.0) /usr/libexec/getty Pc ttyv2
(root,12788,2252,0.0) /usr/libexec/getty Pc ttyv3
(root,12788,2252,0.0) /usr/libexec/getty Pc ttyv4
(root,12788,2252,0.0) /usr/libexec/getty Pc ttyv5
(root,12788,2248,0.0) /usr/libexec/getty Pc ttyv6
(root,12788,2252,0.0) /usr/libexec/getty Pc ttyv7

Found on 2024-12-20 00:31

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcb18c9d43c4eace194284a4aeb41cc72ce81f47c81

Found public CheckMk agent:
Version: 2.4.0b1
AgentOS: freebsd
Hostname: 12637-FW002.economy.local
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/local/lib/check_mk_agent/plugins
LocalDirectory: /usr/local/lib/check_mk_agent/local
OSType: unix
FailedPythonReason: 
SSHClient: 

Found process list through CheckMk:
[time]
1734486015
[processes]
(root,0,2240,0.0) [kernel]
(root,11332,1224,0.0) /sbin/init
(root,0,128,0.0) [clock]
(root,0,144,0.0) [crypto]
(root,0,64,0.0) [cam]
(root,0,16,0.0) [ciss_notify0]
(root,0,16,0.0) [busdma]
(root,0,1376,0.0) [zfskern]
(root,0,16,0.0) [pf purge]
(root,0,16,0.0) [rand_harvestq]
(root,0,16,0.0) [audit]
(root,0,128,800.0) [idle]
(root,0,320,0.0) [intr]
(root,0,128,0.0) [ng_queue]
(root,0,48,0.0) [geom]
(root,0,16,0.0) [sequencer 00]
(root,0,320,0.0) [usb]
(root,0,48,0.0) [pagedaemon]
(root,0,16,0.0) [vmdaemon]
(root,0,128,0.0) [bufdaemon]
(root,0,16,0.0) [vnlru]
(root,0,16,0.0) [syncer]
(root,0,16,0.0) [ALQ Daemon]
(root,0,16,0.0) [enc_daemon0]
(root,109292,30560,0.0) php-fpm: master process (/usr/local/lib/php-fpm.conf) (php-fpm)
(root,148352,54540,0.0) php-fpm: pool nginx (php-fpm)
(root,148416,55548,0.0) php-fpm: pool nginx (php-fpm)
(root,13228,2868,0.0) /usr/local/sbin/check_reload_status
(root,13228,2644,0.0) check_reload_status: Monitoring daemon of check_reload_status (check_reload_status)
(root,14352,3952,0.0) /sbin/devd -q -f /etc/pfSense-devd.conf
(root,75624,27328,0.0) /usr/local/sbin/kea-dhcp4 -c /usr/local/etc/kea/kea-dhcp4.conf
(root,148416,54328,0.0) php-fpm: pool nginx (php-fpm)
(root,12656,2160,0.0) sleep 60
(root,13320,2976,0.0) /bin/sh /var/db/rrd/updaterrd.sh
(root,25840,10788,0.0) /usr/local/sbin/mpd5 -b -k -d /var/etc -f mpd_wan.conf -p /var/run/pppoe_wan.pid -s ppp pppoeclient
(root,14648,4504,0.0) /usr/local/bin/bash /opt/bin/check_mk_agent
(root,14648,4540,0.0) /usr/local/bin/bash /opt/bin/check_mk_agent
(root,14648,4496,0.0) /usr/local/bin/bash /opt/bin/check_mk_agent
(root,12660,2356,0.0) cat
(root,23608,9108,0.0) /usr/local/sbin/ntpd -g -c /var/etc/ntpd.conf -p /var/run/ntpd.pid
(root,31348,9400,0.0) nginx: master process /usr/local/sbin/nginx -c /var/etc/nginx-webConfigurator.conf (nginx)
(root,33908,12592,0.0) nginx: worker process (nginx)
(root,33908,12880,0.0) nginx: worker process (nginx)
(root,13388,3216,0.0) ps ax -ww -o state,user,vsz,rss,pcpu,command
(root,12860,2564,0.0) /usr/sbin/cron -s
(root,13320,3032,0.0) /bin/sh /usr/local/sbin/sshguard -i /var/run/sshguard.pid
(root,12660,2360,0.0) /bin/cat
(root,19324,5836,0.0) /usr/local/libexec/sshg-parser
(root,17364,2996,0.0) /usr/local/libexec/sshg-blocker -w /usr/local/etc/sshguard.whitelist
(root,13320,3032,0.0) /bin/sh /usr/local/sbin/sshguard -i /var/run/sshguard.pid
(root,13320,3028,0.0) /bin/sh /usr/local/libexec/sshg-fw-pf
(root,19936,9896,0.0) /usr/local/sbin/openvpn --config /var/etc/openvpn/client4/config.ovpn
(nobody,17888,5344,0.0) /usr/local/sbin/dnsmasq -C /dev/null --server=/economy.local/10.105.10.10 --no-resolv --server=8.8.8.8 --server=1.1.1.1 --all-servers --dns-forward-max=5000 --cache-size=10000 --local-ttl=1
(root,13424,3508,0.0) /usr/local/sbin/filterlog -i pflog0 -p /var/run/filterlog.pid
(root,25840,10784,0.0) /usr/local/sbin/mpd5 -b -k -d /var/etc -f mpd_opt1.conf -p /var/run/pppoe_opt1.pid -s ppp pppoeclient
(nobody,12768,2448,0.0) daemon: /usr/bin/env[71221] (daemon)
(nobody,745672,22092,0.0) /usr/local/bin/node_exporter --web.listen-address=10.240.252.148:9100 --collector.textfile.directory=/var/tmp/node_exporter --collector.boottime --collector.cpu --collector.exec --collector.filesystem --collector.loadavg --collector.meminfo --collector.netdev --collector.textfile --collector.time --log.level=warn
(root,148288,54144,0.0) php-fpm: pool nginx (php-fpm)
(root,12820,2948,0.0) /usr/sbin/syslogd -O rfc3164 -s -c -c -l /var/dhcpd/var/run/log -P /var/run/syslog.pid -f /etc/syslog.conf
(root,12656,2148,0.0) /usr/local/bin/minicron 240 /var/run/ping_hosts.pid /usr/local/bin/ping_hosts.sh
(root,12656,2168,0.0) minicron: helper /usr/local/bin/ping_hosts.sh  (minicron)
(root,12656,2152,0.0) /usr/local/bin/minicron 300 /var/run/ipsec_keepalive.pid /usr/local/bin/ipsec_keepalive.php
(root,12656,2172,0.0) minicron: helper /usr/local/bin/ipsec_keepalive.php  (minicron)
(root,12656,2152,0.0) /usr/local/bin/minicron 3600 /var/run/expire_accounts.pid /usr/local/sbin/fcgicli -f /etc/rc.expireaccounts
(root,12656,2176,0.0) minicron: helper /usr/local/sbin/fcgicli -f /etc/rc.expireaccounts  (minicron)
(root,12656,2152,0.0) /usr/local/bin/minicron 86400 /var/run/update_alias_url_data.pid /usr/local/sbin/fcgicli -f /etc/rc.update_alias_url_data
(root,12656,2176,0.0) minicron: helper /usr/local/sbin/fcgicli -f /etc/rc.update_alias_url_data  (minicron)
(root,19936,9720,0.0) /usr/local/sbin/openvpn --config /var/etc/openvpn/client3/config.ovpn
(root,13508,2836,0.0) /usr/local/bin/dpinger -S -r 0 -i WAN_DHCP -B 217.86.173.171 -p /var/run/dpinger_WAN_DHCP~217.86.173.171~8.8.8.8.pid -u /var/run/dpinger_WAN_DHCP~217.86.173.171~8.8.8.8.sock -d 1 -s 500 -l 2000 -t 60000 -A 1000 -D 500 -L 20 8.8.8.8
(root,17736,2932,0.0) /usr/local/bin/dpinger -S -r 0 -i WAN2 -B 87.128.57.32 -p /var/run/dpinger_WAN2~87.128.57.32~1.1.1.1.pid -u /var/run/dpinger_WAN2~87.128.57.32~1.1.1.1.sock -d 1 -s 500 -l 2000 -t 60000 -A 1000 -D 500 -L 20 1.1.1.1
(root,13404,3064,0.0) /usr/local/sbin/xinetd -syslog daemon -f /var/etc/xinetd.conf -pidfile /var/run/xinetd.pid
(root,13508,2844,0.0) /usr/local/bin/dpinger -S -r 0 -i WANUnitymediaGW -B 94.79.148.98 -p /var/run/dpinger_WANUnitymediaGW~94.79.148.98~91.190.204.61.pid -u /var/run/dpinger_WANUnitymediaGW~94.79.148.98~91.190.204.61.sock -C /etc/rc.gateway_alarm -d 1 -s 500 -l 2000 -t 60000 -A 1000 -D 500 -L 20 91.190.204.61
(root,148928,54844,0.0) php-fpm: pool nginx (php-fpm)
(root,22448,10272,0.0) sshd: /usr/sbin/sshd [listener] 0 of 10-100 startups (sshd)
(root,13204,2828,0.0) login [pam] (login)
(root,13320,3192,0.0) -sh (sh)
(root,13320,2932,0.0) /bin/sh /etc/rc.initial
(root,13204,2832,0.0) login [pam] (login)
(root,13320,3208,0.0) -sh (sh)
(root,13320,2928,0.0) /bin/sh /etc/rc.initial
(root,12788,2252,0.0) /usr/libexec/getty Pc ttyv1
(root,12788,2248,0.0) /usr/libexec/getty Pc ttyv2
(root,12788,2252,0.0) /usr/libexec/getty Pc ttyv3
(root,12788,2252,0.0) /usr/libexec/getty Pc ttyv4
(root,12788,2252,0.0) /usr/libexec/getty Pc ttyv5
(root,12788,2248,0.0) /usr/libexec/getty Pc ttyv6
(root,12788,2252,0.0) /usr/libexec/getty Pc ttyv7

Found on 2024-12-18 01:40

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcb18c9d43c4eace194284a4aeb41cc72ce03087f0d

Found public CheckMk agent:
Version: 2.4.0b1
AgentOS: freebsd
Hostname: 12637-FW002.economy.local
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/local/lib/check_mk_agent/plugins
LocalDirectory: /usr/local/lib/check_mk_agent/local
OSType: unix
FailedPythonReason: 
SSHClient: 

Found process list through CheckMk:
[time]
1734304810
[processes]
(root,0,2240,0.0) [kernel]
(root,11332,1224,0.0) /sbin/init
(root,0,128,0.0) [clock]
(root,0,144,0.0) [crypto]
(root,0,64,0.0) [cam]
(root,0,16,0.0) [ciss_notify0]
(root,0,16,0.0) [busdma]
(root,0,1376,0.0) [zfskern]
(root,0,16,0.0) [pf purge]
(root,0,16,0.0) [rand_harvestq]
(root,0,16,0.0) [audit]
(root,0,128,799.7) [idle]
(root,0,320,0.0) [intr]
(root,0,128,0.0) [ng_queue]
(root,0,48,0.0) [geom]
(root,0,16,0.0) [sequencer 00]
(root,0,320,0.0) [usb]
(root,0,48,0.0) [pagedaemon]
(root,0,16,0.0) [vmdaemon]
(root,0,128,0.0) [bufdaemon]
(root,0,16,0.0) [vnlru]
(root,0,16,0.0) [syncer]
(root,0,16,0.0) [ALQ Daemon]
(root,0,16,0.0) [enc_daemon0]
(root,109292,30560,0.0) php-fpm: master process (/usr/local/lib/php-fpm.conf) (php-fpm)
(root,148352,54540,0.0) php-fpm: pool nginx (php-fpm)
(root,148416,55548,0.0) php-fpm: pool nginx (php-fpm)
(root,13228,2868,0.0) /usr/local/sbin/check_reload_status
(root,13228,2644,0.0) check_reload_status: Monitoring daemon of check_reload_status (check_reload_status)
(root,14352,3952,0.0) /sbin/devd -q -f /etc/pfSense-devd.conf
(root,12656,2160,0.0) sleep 60
(root,13320,3008,0.0) /bin/sh /etc/rc.update_pkg_metadata
(root,12656,2160,0.0) sleep 18728
(root,75624,27248,0.0) /usr/local/sbin/kea-dhcp4 -c /usr/local/etc/kea/kea-dhcp4.conf
(root,148416,54328,0.0) php-fpm: pool nginx (php-fpm)
(root,14648,4500,0.0) /usr/local/bin/bash /opt/bin/check_mk_agent
(root,14648,4532,0.0) /usr/local/bin/bash /opt/bin/check_mk_agent
(root,14648,4492,0.0) /usr/local/bin/bash /opt/bin/check_mk_agent
(root,12660,2356,0.0) cat
(root,13388,3220,0.0) ps ax -ww -o state,user,vsz,rss,pcpu,command
(root,13320,2976,0.0) /bin/sh /var/db/rrd/updaterrd.sh
(root,25840,10788,0.0) /usr/local/sbin/mpd5 -b -k -d /var/etc -f mpd_wan.conf -p /var/run/pppoe_wan.pid -s ppp pppoeclient
(root,23608,9108,0.0) /usr/local/sbin/ntpd -g -c /var/etc/ntpd.conf -p /var/run/ntpd.pid
(root,31348,9400,0.0) nginx: master process /usr/local/sbin/nginx -c /var/etc/nginx-webConfigurator.conf (nginx)
(root,33908,12592,0.0) nginx: worker process (nginx)
(root,33908,12880,0.0) nginx: worker process (nginx)
(root,12860,2564,0.0) /usr/sbin/cron -s
(root,13320,3040,0.0) /bin/sh /usr/local/sbin/sshguard -i /var/run/sshguard.pid
(root,12660,2356,0.0) /bin/cat
(root,19324,5808,0.0) /usr/local/libexec/sshg-parser
(root,13268,2896,0.0) /usr/local/libexec/sshg-blocker -w /usr/local/etc/sshguard.whitelist
(root,13320,3040,0.0) /bin/sh /usr/local/sbin/sshguard -i /var/run/sshguard.pid
(root,13320,3028,0.0) /bin/sh /usr/local/libexec/sshg-fw-pf
(root,19936,9896,0.0) /usr/local/sbin/openvpn --config /var/etc/openvpn/client4/config.ovpn
(nobody,17888,5344,0.0) /usr/local/sbin/dnsmasq -C /dev/null --server=/economy.local/10.105.10.10 --no-resolv --server=8.8.8.8 --server=1.1.1.1 --all-servers --dns-forward-max=5000 --cache-size=10000 --local-ttl=1
(root,13424,3508,0.0) /usr/local/sbin/filterlog -i pflog0 -p /var/run/filterlog.pid
(root,25840,10784,0.0) /usr/local/sbin/mpd5 -b -k -d /var/etc -f mpd_opt1.conf -p /var/run/pppoe_opt1.pid -s ppp pppoeclient
(nobody,12768,2448,0.0) daemon: /usr/bin/env[71221] (daemon)
(nobody,745672,22088,0.0) /usr/local/bin/node_exporter --web.listen-address=10.240.252.148:9100 --collector.textfile.directory=/var/tmp/node_exporter --collector.boottime --collector.cpu --collector.exec --collector.filesystem --collector.loadavg --collector.meminfo --collector.netdev --collector.textfile --collector.time --log.level=warn
(root,148288,54144,0.0) php-fpm: pool nginx (php-fpm)
(root,12820,2948,0.0) /usr/sbin/syslogd -O rfc3164 -s -c -c -l /var/dhcpd/var/run/log -P /var/run/syslog.pid -f /etc/syslog.conf
(root,12656,2148,0.0) /usr/local/bin/minicron 240 /var/run/ping_hosts.pid /usr/local/bin/ping_hosts.sh
(root,12656,2168,0.0) minicron: helper /usr/local/bin/ping_hosts.sh  (minicron)
(root,12656,2152,0.0) /usr/local/bin/minicron 300 /var/run/ipsec_keepalive.pid /usr/local/bin/ipsec_keepalive.php
(root,12656,2172,0.0) minicron: helper /usr/local/bin/ipsec_keepalive.php  (minicron)
(root,12656,2152,0.0) /usr/local/bin/minicron 3600 /var/run/expire_accounts.pid /usr/local/sbin/fcgicli -f /etc/rc.expireaccounts
(root,12656,2176,0.0) minicron: helper /usr/local/sbin/fcgicli -f /etc/rc.expireaccounts  (minicron)
(root,12656,2152,0.0) /usr/local/bin/minicron 86400 /var/run/update_alias_url_data.pid /usr/local/sbin/fcgicli -f /etc/rc.update_alias_url_data
(root,12656,2176,0.0) minicron: helper /usr/local/sbin/fcgicli -f /etc/rc.update_alias_url_data  (minicron)
(root,19936,9720,0.0) /usr/local/sbin/openvpn --config /var/etc/openvpn/client3/config.ovpn
(root,13508,2836,0.0) /usr/local/bin/dpinger -S -r 0 -i WAN_DHCP -B 217.86.173.171 -p /var/run/dpinger_WAN_DHCP~217.86.173.171~8.8.8.8.pid -u /var/run/dpinger_WAN_DHCP~217.86.173.171~8.8.8.8.sock -d 1 -s 500 -l 2000 -t 60000 -A 1000 -D 500 -L 20 8.8.8.8
(root,13508,2840,0.0) /usr/local/bin/dpinger -S -r 0 -i WAN2 -B 87.128.57.32 -p /var/run/dpinger_WAN2~87.128.57.32~1.1.1.1.pid -u /var/run/dpinger_WAN2~87.128.57.32~1.1.1.1.sock -d 1 -s 500 -l 2000 -t 60000 -A 1000 -D 500 -L 20 1.1.1.1
(root,13404,3064,0.0) /usr/local/sbin/xinetd -syslog daemon -f /var/etc/xinetd.conf -pidfile /var/run/xinetd.pid
(root,13508,2844,0.0) /usr/local/bin/dpinger -S -r 0 -i WANUnitymediaGW -B 94.79.148.98 -p /var/run/dpinger_WANUnitymediaGW~94.79.148.98~91.190.204.61.pid -u /var/run/dpinger_WANUnitymediaGW~94.79.148.98~91.190.204.61.sock -C /etc/rc.gateway_alarm -d 1 -s 500 -l 2000 -t 60000 -A 1000 -D 500 -L 20 91.190.204.61
(root,148928,54844,0.0) php-fpm: pool nginx (php-fpm)
(root,22448,10272,0.0) sshd: /usr/sbin/sshd [listener] 0 of 10-100 startups (sshd)
(root,13204,2828,0.0) login [pam] (login)
(root,13320,3192,0.0) -sh (sh)
(root,13320,2932,0.0) /bin/sh /etc/rc.initial
(root,13204,2832,0.0) login [pam] (login)
(root,13320,3208,0.0) -sh (sh)
(root,13320,2928,0.0) /bin/sh /etc/rc.initial
(root,12788,2252,0.0) /usr/libexec/getty Pc ttyv1
(root,12788,2248,0.0) /usr/libexec/getty Pc ttyv2
(root,12788,2252,0.0) /usr/libexec/getty Pc ttyv3
(root,12788,2252,0.0) /usr/libexec/getty Pc ttyv4
(root,12788,2252,0.0) /usr/libexec/getty Pc ttyv5
(root,12788,2248,0.0) /usr/libexec/getty Pc ttyv6
(root,12788,2252,0.0) /usr/libexec/getty Pc ttyv7

Found on 2024-12-15 23:20

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcb18c9d43c4eace194284a4aeb41cc72ce96fa170f

Found public CheckMk agent:
Version: 2.4.0b1
AgentOS: freebsd
Hostname: 12637-FW002.economy.local
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/local/lib/check_mk_agent/plugins
LocalDirectory: /usr/local/lib/check_mk_agent/local
OSType: unix
FailedPythonReason: 
SSHClient: 

Found process list through CheckMk:
[time]
1734130782
[processes]
(root,0,2240,0.0) [kernel]
(root,11332,1224,0.0) /sbin/init
(root,0,128,0.0) [clock]
(root,0,144,0.0) [crypto]
(root,0,64,0.0) [cam]
(root,0,16,0.0) [ciss_notify0]
(root,0,16,0.0) [busdma]
(root,0,1376,0.0) [zfskern]
(root,0,16,0.0) [pf purge]
(root,0,16,0.0) [rand_harvestq]
(root,0,16,0.0) [audit]
(root,0,128,799.7) [idle]
(root,0,320,0.0) [intr]
(root,0,128,0.0) [ng_queue]
(root,0,48,0.0) [geom]
(root,0,16,0.0) [sequencer 00]
(root,0,320,0.0) [usb]
(root,0,48,0.0) [pagedaemon]
(root,0,16,0.0) [vmdaemon]
(root,0,128,0.0) [bufdaemon]
(root,0,16,0.0) [vnlru]
(root,0,16,0.0) [syncer]
(root,0,16,0.0) [ALQ Daemon]
(root,0,16,0.0) [enc_daemon0]
(root,109292,30560,0.0) php-fpm: master process (/usr/local/lib/php-fpm.conf) (php-fpm)
(root,148352,54540,0.0) php-fpm: pool nginx (php-fpm)
(root,148416,55548,0.0) php-fpm: pool nginx (php-fpm)
(root,13228,2868,0.0) /usr/local/sbin/check_reload_status
(root,13228,2644,0.0) check_reload_status: Monitoring daemon of check_reload_status (check_reload_status)
(root,14352,3952,0.0) /sbin/devd -q -f /etc/pfSense-devd.conf
(root,75624,27248,0.0) /usr/local/sbin/kea-dhcp4 -c /usr/local/etc/kea/kea-dhcp4.conf
(root,148416,54328,0.0) php-fpm: pool nginx (php-fpm)
(root,14648,4500,0.0) /usr/local/bin/bash /opt/bin/check_mk_agent
(root,14648,4536,0.0) /usr/local/bin/bash /opt/bin/check_mk_agent
(root,14648,4492,0.0) /usr/local/bin/bash /opt/bin/check_mk_agent
(root,12660,2356,0.0) cat
(root,13388,3220,0.0) ps ax -ww -o state,user,vsz,rss,pcpu,command
(root,13320,2976,0.0) /bin/sh /var/db/rrd/updaterrd.sh
(root,25840,10788,0.0) /usr/local/sbin/mpd5 -b -k -d /var/etc -f mpd_wan.conf -p /var/run/pppoe_wan.pid -s ppp pppoeclient
(root,23608,9108,0.0) /usr/local/sbin/ntpd -g -c /var/etc/ntpd.conf -p /var/run/ntpd.pid
(root,31348,9400,0.0) nginx: master process /usr/local/sbin/nginx -c /var/etc/nginx-webConfigurator.conf (nginx)
(root,33908,12592,0.0) nginx: worker process (nginx)
(root,33908,12880,0.0) nginx: worker process (nginx)
(root,12860,2564,0.0) /usr/sbin/cron -s
(root,19936,9896,0.0) /usr/local/sbin/openvpn --config /var/etc/openvpn/client4/config.ovpn
(nobody,17888,5344,0.0) /usr/local/sbin/dnsmasq -C /dev/null --server=/economy.local/10.105.10.10 --no-resolv --server=8.8.8.8 --server=1.1.1.1 --all-servers --dns-forward-max=5000 --cache-size=10000 --local-ttl=1
(root,12656,2160,0.0) sleep 60
(root,13424,3508,0.0) /usr/local/sbin/filterlog -i pflog0 -p /var/run/filterlog.pid
(root,25840,10784,0.0) /usr/local/sbin/mpd5 -b -k -d /var/etc -f mpd_opt1.conf -p /var/run/pppoe_opt1.pid -s ppp pppoeclient
(nobody,12768,2448,0.0) daemon: /usr/bin/env[71221] (daemon)
(nobody,745672,22064,0.0) /usr/local/bin/node_exporter --web.listen-address=10.240.252.148:9100 --collector.textfile.directory=/var/tmp/node_exporter --collector.boottime --collector.cpu --collector.exec --collector.filesystem --collector.loadavg --collector.meminfo --collector.netdev --collector.textfile --collector.time --log.level=warn
(root,148288,54144,0.0) php-fpm: pool nginx (php-fpm)
(root,12820,2948,0.0) /usr/sbin/syslogd -O rfc3164 -s -c -c -l /var/dhcpd/var/run/log -P /var/run/syslog.pid -f /etc/syslog.conf
(root,12656,2148,0.0) /usr/local/bin/minicron 240 /var/run/ping_hosts.pid /usr/local/bin/ping_hosts.sh
(root,12656,2168,0.0) minicron: helper /usr/local/bin/ping_hosts.sh  (minicron)
(root,12656,2152,0.0) /usr/local/bin/minicron 300 /var/run/ipsec_keepalive.pid /usr/local/bin/ipsec_keepalive.php
(root,12656,2172,0.0) minicron: helper /usr/local/bin/ipsec_keepalive.php  (minicron)
(root,12656,2152,0.0) /usr/local/bin/minicron 3600 /var/run/expire_accounts.pid /usr/local/sbin/fcgicli -f /etc/rc.expireaccounts
(root,12656,2176,0.0) minicron: helper /usr/local/sbin/fcgicli -f /etc/rc.expireaccounts  (minicron)
(root,12656,2152,0.0) /usr/local/bin/minicron 86400 /var/run/update_alias_url_data.pid /usr/local/sbin/fcgicli -f /etc/rc.update_alias_url_data
(root,12656,2176,0.0) minicron: helper /usr/local/sbin/fcgicli -f /etc/rc.update_alias_url_data  (minicron)
(root,19936,9720,0.0) /usr/local/sbin/openvpn --config /var/etc/openvpn/client3/config.ovpn
(root,13320,3036,0.0) /bin/sh /usr/local/sbin/sshguard -i /var/run/sshguard.pid
(root,12660,2352,0.0) /bin/cat
(root,19324,5832,0.0) /usr/local/libexec/sshg-parser
(root,17364,3000,0.0) /usr/local/libexec/sshg-blocker -w /usr/local/etc/sshguard.whitelist
(root,13320,3036,0.0) /bin/sh /usr/local/sbin/sshguard -i /var/run/sshguard.pid
(root,13320,3024,0.0) /bin/sh /usr/local/libexec/sshg-fw-pf
(root,13508,2836,0.0) /usr/local/bin/dpinger -S -r 0 -i WAN_DHCP -B 217.86.173.171 -p /var/run/dpinger_WAN_DHCP~217.86.173.171~8.8.8.8.pid -u /var/run/dpinger_WAN_DHCP~217.86.173.171~8.8.8.8.sock -d 1 -s 500 -l 2000 -t 60000 -A 1000 -D 500 -L 20 8.8.8.8
(root,13508,2840,0.0) /usr/local/bin/dpinger -S -r 0 -i WAN2 -B 87.128.57.32 -p /var/run/dpinger_WAN2~87.128.57.32~1.1.1.1.pid -u /var/run/dpinger_WAN2~87.128.57.32~1.1.1.1.sock -d 1 -s 500 -l 2000 -t 60000 -A 1000 -D 500 -L 20 1.1.1.1
(root,13404,3064,0.0) /usr/local/sbin/xinetd -syslog daemon -f /var/etc/xinetd.conf -pidfile /var/run/xinetd.pid
(root,13508,2844,0.0) /usr/local/bin/dpinger -S -r 0 -i WANUnitymediaGW -B 94.79.148.98 -p /var/run/dpinger_WANUnitymediaGW~94.79.148.98~91.190.204.61.pid -u /var/run/dpinger_WANUnitymediaGW~94.79.148.98~91.190.204.61.sock -C /etc/rc.gateway_alarm -d 1 -s 500 -l 2000 -t 60000 -A 1000 -D 500 -L 20 91.190.204.61
(root,148928,54844,0.0) php-fpm: pool nginx (php-fpm)
(root,22448,10272,0.0) sshd: /usr/sbin/sshd [listener] 0 of 10-100 startups (sshd)
(root,13204,2828,0.0) login [pam] (login)
(root,13320,3192,0.0) -sh (sh)
(root,13320,2932,0.0) /bin/sh /etc/rc.initial
(root,13204,2832,0.0) login [pam] (login)
(root,13320,3208,0.0) -sh (sh)
(root,13320,2928,0.0) /bin/sh /etc/rc.initial
(root,12788,2252,0.0) /usr/libexec/getty Pc ttyv1
(root,12788,2248,0.0) /usr/libexec/getty Pc ttyv2
(root,12788,2252,0.0) /usr/libexec/getty Pc ttyv3
(root,12788,2252,0.0) /usr/libexec/getty Pc ttyv4
(root,12788,2252,0.0) /usr/libexec/getty Pc ttyv5
(root,12788,2248,0.0) /usr/libexec/getty Pc ttyv6
(root,12788,2252,0.0) /usr/libexec/getty Pc ttyv7

Found on 2024-12-13 22:59

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcb18c9d43c4eace194284a4aeb41cc72ce255afa65

Found public CheckMk agent:
Version: 2.4.0b1
AgentOS: freebsd
Hostname: 12637-FW002.economy.local
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/local/lib/check_mk_agent/plugins
LocalDirectory: /usr/local/lib/check_mk_agent/local
OSType: unix
FailedPythonReason: 
SSHClient: 

Found process list through CheckMk:
[time]
1733959192
[processes]
(root,0,2240,0.0) [kernel]
(root,11332,1224,0.0) /sbin/init
(root,0,128,0.0) [clock]
(root,0,144,0.0) [crypto]
(root,0,64,0.0) [cam]
(root,0,16,0.0) [ciss_notify0]
(root,0,16,0.0) [busdma]
(root,0,1376,0.0) [zfskern]
(root,0,16,0.0) [pf purge]
(root,0,16,0.0) [rand_harvestq]
(root,0,16,0.0) [audit]
(root,0,128,800.0) [idle]
(root,0,320,0.0) [intr]
(root,0,128,0.0) [ng_queue]
(root,0,48,0.0) [geom]
(root,0,16,0.0) [sequencer 00]
(root,0,320,0.0) [usb]
(root,0,48,0.0) [pagedaemon]
(root,0,16,0.0) [vmdaemon]
(root,0,128,0.0) [bufdaemon]
(root,0,16,0.0) [vnlru]
(root,0,16,0.0) [syncer]
(root,0,16,0.0) [ALQ Daemon]
(root,0,16,0.0) [enc_daemon0]
(root,109292,30560,0.0) php-fpm: master process (/usr/local/lib/php-fpm.conf) (php-fpm)
(root,148352,54540,0.0) php-fpm: pool nginx (php-fpm)
(root,148416,55548,0.0) php-fpm: pool nginx (php-fpm)
(root,13228,2868,0.0) /usr/local/sbin/check_reload_status
(root,13228,2644,0.0) check_reload_status: Monitoring daemon of check_reload_status (check_reload_status)
(root,12656,2156,0.0) sleep 60
(root,14352,3952,0.0) /sbin/devd -q -f /etc/pfSense-devd.conf
(root,13320,3008,0.0) /bin/sh /etc/rc.update_pkg_metadata
(root,12656,2164,0.0) sleep 80187
(root,75624,27164,0.0) /usr/local/sbin/kea-dhcp4 -c /usr/local/etc/kea/kea-dhcp4.conf
(root,14648,4504,0.0) /usr/local/bin/bash /opt/bin/check_mk_agent
(root,14648,4540,0.0) /usr/local/bin/bash /opt/bin/check_mk_agent
(root,14648,4496,0.0) /usr/local/bin/bash /opt/bin/check_mk_agent
(root,148416,54328,0.0) php-fpm: pool nginx (php-fpm)
(root,12660,2356,0.0) cat
(root,13388,3220,0.0) ps ax -ww -o state,user,vsz,rss,pcpu,command
(root,13320,2976,0.0) /bin/sh /var/db/rrd/updaterrd.sh
(root,25840,10788,0.0) /usr/local/sbin/mpd5 -b -k -d /var/etc -f mpd_wan.conf -p /var/run/pppoe_wan.pid -s ppp pppoeclient
(root,23608,9108,0.0) /usr/local/sbin/ntpd -g -c /var/etc/ntpd.conf -p /var/run/ntpd.pid
(root,31348,9400,0.0) nginx: master process /usr/local/sbin/nginx -c /var/etc/nginx-webConfigurator.conf (nginx)
(root,33908,12592,0.0) nginx: worker process (nginx)
(root,33908,12880,0.0) nginx: worker process (nginx)
(root,12860,2564,0.0) /usr/sbin/cron -s
(root,19936,9896,0.0) /usr/local/sbin/openvpn --config /var/etc/openvpn/client4/config.ovpn
(nobody,17888,5344,0.0) /usr/local/sbin/dnsmasq -C /dev/null --server=/economy.local/10.105.10.10 --no-resolv --server=8.8.8.8 --server=1.1.1.1 --all-servers --dns-forward-max=5000 --cache-size=10000 --local-ttl=1
(root,13424,3508,0.0) /usr/local/sbin/filterlog -i pflog0 -p /var/run/filterlog.pid
(root,25840,10784,0.0) /usr/local/sbin/mpd5 -b -k -d /var/etc -f mpd_opt1.conf -p /var/run/pppoe_opt1.pid -s ppp pppoeclient
(nobody,12768,2448,0.0) daemon: /usr/bin/env[71221] (daemon)
(nobody,745672,21976,0.0) /usr/local/bin/node_exporter --web.listen-address=10.240.252.148:9100 --collector.textfile.directory=/var/tmp/node_exporter --collector.boottime --collector.cpu --collector.exec --collector.filesystem --collector.loadavg --collector.meminfo --collector.netdev --collector.textfile --collector.time --log.level=warn
(root,148288,54144,0.0) php-fpm: pool nginx (php-fpm)
(root,12820,2948,0.0) /usr/sbin/syslogd -O rfc3164 -s -c -c -l /var/dhcpd/var/run/log -P /var/run/syslog.pid -f /etc/syslog.conf
(root,13320,3044,0.0) /bin/sh /usr/local/sbin/sshguard -i /var/run/sshguard.pid
(root,12660,2356,0.0) /bin/cat
(root,19324,5804,0.0) /usr/local/libexec/sshg-parser
(root,13268,2896,0.0) /usr/local/libexec/sshg-blocker -w /usr/local/etc/sshguard.whitelist
(root,13320,3044,0.0) /bin/sh /usr/local/sbin/sshguard -i /var/run/sshguard.pid
(root,13320,3024,0.0) /bin/sh /usr/local/libexec/sshg-fw-pf
(root,12656,2148,0.0) /usr/local/bin/minicron 240 /var/run/ping_hosts.pid /usr/local/bin/ping_hosts.sh
(root,12656,2168,0.0) minicron: helper /usr/local/bin/ping_hosts.sh  (minicron)
(root,12656,2152,0.0) /usr/local/bin/minicron 300 /var/run/ipsec_keepalive.pid /usr/local/bin/ipsec_keepalive.php
(root,12656,2172,0.0) minicron: helper /usr/local/bin/ipsec_keepalive.php  (minicron)
(root,12656,2152,0.0) /usr/local/bin/minicron 3600 /var/run/expire_accounts.pid /usr/local/sbin/fcgicli -f /etc/rc.expireaccounts
(root,12656,2176,0.0) minicron: helper /usr/local/sbin/fcgicli -f /etc/rc.expireaccounts  (minicron)
(root,12656,2152,0.0) /usr/local/bin/minicron 86400 /var/run/update_alias_url_data.pid /usr/local/sbin/fcgicli -f /etc/rc.update_alias_url_data
(root,12656,2176,0.0) minicron: helper /usr/local/sbin/fcgicli -f /etc/rc.update_alias_url_data  (minicron)
(root,19936,9720,0.0) /usr/local/sbin/openvpn --config /var/etc/openvpn/client3/config.ovpn
(root,13508,2836,0.0) /usr/local/bin/dpinger -S -r 0 -i WAN_DHCP -B 217.86.173.171 -p /var/run/dpinger_WAN_DHCP~217.86.173.171~8.8.8.8.pid -u /var/run/dpinger_WAN_DHCP~217.86.173.171~8.8.8.8.sock -d 1 -s 500 -l 2000 -t 60000 -A 1000 -D 500 -L 20 8.8.8.8
(root,13508,2840,0.0) /usr/local/bin/dpinger -S -r 0 -i WAN2 -B 87.128.57.32 -p /var/run/dpinger_WAN2~87.128.57.32~1.1.1.1.pid -u /var/run/dpinger_WAN2~87.128.57.32~1.1.1.1.sock -d 1 -s 500 -l 2000 -t 60000 -A 1000 -D 500 -L 20 1.1.1.1
(root,13404,3064,0.0) /usr/local/sbin/xinetd -syslog daemon -f /var/etc/xinetd.conf -pidfile /var/run/xinetd.pid
(root,13508,2844,0.0) /usr/local/bin/dpinger -S -r 0 -i WANUnitymediaGW -B 94.79.148.98 -p /var/run/dpinger_WANUnitymediaGW~94.79.148.98~91.190.204.61.pid -u /var/run/dpinger_WANUnitymediaGW~94.79.148.98~91.190.204.61.sock -C /etc/rc.gateway_alarm -d 1 -s 500 -l 2000 -t 60000 -A 1000 -D 500 -L 20 91.190.204.61
(root,148928,54844,0.0) php-fpm: pool nginx (php-fpm)
(root,22448,10272,0.0) sshd: /usr/sbin/sshd [listener] 0 of 10-100 startups (sshd)
(root,13204,2828,0.0) login [pam] (login)
(root,13320,3192,0.0) -sh (sh)
(root,13320,2932,0.0) /bin/sh /etc/rc.initial
(root,13204,2832,0.0) login [pam] (login)
(root,13320,3208,0.0) -sh (sh)
(root,13320,2928,0.0) /bin/sh /etc/rc.initial
(root,12788,2252,0.0) /usr/libexec/getty Pc ttyv1
(root,12788,2248,0.0) /usr/libexec/getty Pc ttyv2
(root,12788,2252,0.0) /usr/libexec/getty Pc ttyv3
(root,12788,2252,0.0) /usr/libexec/getty Pc ttyv4
(root,12788,2252,0.0) /usr/libexec/getty Pc ttyv5
(root,12788,2248,0.0) /usr/libexec/getty Pc ttyv6
(root,12788,2252,0.0) /usr/libexec/getty Pc ttyv7

Found on 2024-12-11 23:19

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcb18c9d43c4eace194284a4aeb41cc72ce15c342c9

Found public CheckMk agent:
Version: 2.4.0b1
AgentOS: freebsd
Hostname: 12637-FW002.economy.local
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/local/lib/check_mk_agent/plugins
LocalDirectory: /usr/local/lib/check_mk_agent/local
OSType: unix
FailedPythonReason: 
SSHClient: 

Found process list through CheckMk:
[time]
1733788047
[processes]
(root,0,2240,0.0) [kernel]
(root,11332,1224,0.0) /sbin/init
(root,0,128,0.0) [clock]
(root,0,144,0.0) [crypto]
(root,0,64,0.0) [cam]
(root,0,16,0.0) [ciss_notify0]
(root,0,16,0.0) [busdma]
(root,0,1376,0.0) [zfskern]
(root,0,16,0.0) [pf purge]
(root,0,16,0.0) [rand_harvestq]
(root,0,16,0.0) [audit]
(root,0,128,800.0) [idle]
(root,0,320,0.0) [intr]
(root,0,128,0.0) [ng_queue]
(root,0,48,0.0) [geom]
(root,0,16,0.0) [sequencer 00]
(root,0,320,0.0) [usb]
(root,0,48,0.0) [pagedaemon]
(root,0,16,0.0) [vmdaemon]
(root,0,128,0.0) [bufdaemon]
(root,0,16,0.0) [vnlru]
(root,0,16,0.0) [syncer]
(root,0,16,0.0) [ALQ Daemon]
(root,0,16,0.0) [enc_daemon0]
(root,109292,30560,0.0) php-fpm: master process (/usr/local/lib/php-fpm.conf) (php-fpm)
(root,148352,54424,0.0) php-fpm: pool nginx (php-fpm)
(root,148416,55280,0.0) php-fpm: pool nginx (php-fpm)
(root,13228,2868,0.0) /usr/local/sbin/check_reload_status
(root,13228,2644,0.0) check_reload_status: Monitoring daemon of check_reload_status (check_reload_status)
(root,14352,3952,0.0) /sbin/devd -q -f /etc/pfSense-devd.conf
(root,13320,3036,0.0) /bin/sh /usr/local/sbin/sshguard -i /var/run/sshguard.pid
(root,12660,2344,0.0) /bin/cat
(root,19324,5824,0.0) /usr/local/libexec/sshg-parser
(root,17364,2996,0.0) /usr/local/libexec/sshg-blocker -w /usr/local/etc/sshguard.whitelist
(root,13320,3036,0.0) /bin/sh /usr/local/sbin/sshguard -i /var/run/sshguard.pid
(root,13320,3020,0.0) /bin/sh /usr/local/libexec/sshg-fw-pf
(root,75624,27036,0.0) /usr/local/sbin/kea-dhcp4 -c /usr/local/etc/kea/kea-dhcp4.conf
(root,148288,53924,0.0) php-fpm: pool nginx (php-fpm)
(root,12656,2156,0.0) sleep 60
(root,13320,2976,0.0) /bin/sh /var/db/rrd/updaterrd.sh
(root,25840,10788,0.0) /usr/local/sbin/mpd5 -b -k -d /var/etc -f mpd_wan.conf -p /var/run/pppoe_wan.pid -s ppp pppoeclient
(root,23608,9108,0.0) /usr/local/sbin/ntpd -g -c /var/etc/ntpd.conf -p /var/run/ntpd.pid
(root,31348,9400,0.0) nginx: master process /usr/local/sbin/nginx -c /var/etc/nginx-webConfigurator.conf (nginx)
(root,33908,12592,0.0) nginx: worker process (nginx)
(root,33908,12876,0.0) nginx: worker process (nginx)
(root,12860,2564,0.0) /usr/sbin/cron -s
(root,14648,4508,0.0) /usr/local/bin/bash /opt/bin/check_mk_agent
(root,13320,3008,0.0) /bin/sh /etc/rc.update_pkg_metadata
(root,12656,2156,0.0) sleep 12191
(root,14648,4540,0.0) /usr/local/bin/bash /opt/bin/check_mk_agent
(root,14648,4500,0.0) /usr/local/bin/bash /opt/bin/check_mk_agent
(root,12660,2356,0.0) cat
(root,13388,3220,0.0) ps ax -ww -o state,user,vsz,rss,pcpu,command
(root,19936,9896,0.0) /usr/local/sbin/openvpn --config /var/etc/openvpn/client4/config.ovpn
(nobody,17888,5344,0.0) /usr/local/sbin/dnsmasq -C /dev/null --server=/economy.local/10.105.10.10 --no-resolv --server=8.8.8.8 --server=1.1.1.1 --all-servers --dns-forward-max=5000 --cache-size=10000 --local-ttl=1
(root,13424,3508,0.0) /usr/local/sbin/filterlog -i pflog0 -p /var/run/filterlog.pid
(root,25840,10784,0.0) /usr/local/sbin/mpd5 -b -k -d /var/etc -f mpd_opt1.conf -p /var/run/pppoe_opt1.pid -s ppp pppoeclient
(nobody,12768,2448,0.0) daemon: /usr/bin/env[71221] (daemon)
(nobody,745672,21960,0.0) /usr/local/bin/node_exporter --web.listen-address=10.240.252.148:9100 --collector.textfile.directory=/var/tmp/node_exporter --collector.boottime --collector.cpu --collector.exec --collector.filesystem --collector.loadavg --collector.meminfo --collector.netdev --collector.textfile --collector.time --log.level=warn
(root,148288,54004,0.0) php-fpm: pool nginx (php-fpm)
(root,12820,2948,0.0) /usr/sbin/syslogd -O rfc3164 -s -c -c -l /var/dhcpd/var/run/log -P /var/run/syslog.pid -f /etc/syslog.conf
(root,12656,2148,0.0) /usr/local/bin/minicron 240 /var/run/ping_hosts.pid /usr/local/bin/ping_hosts.sh
(root,12656,2168,0.0) minicron: helper /usr/local/bin/ping_hosts.sh  (minicron)
(root,12656,2152,0.0) /usr/local/bin/minicron 300 /var/run/ipsec_keepalive.pid /usr/local/bin/ipsec_keepalive.php
(root,12656,2172,0.0) minicron: helper /usr/local/bin/ipsec_keepalive.php  (minicron)
(root,12656,2152,0.0) /usr/local/bin/minicron 3600 /var/run/expire_accounts.pid /usr/local/sbin/fcgicli -f /etc/rc.expireaccounts
(root,12656,2176,0.0) minicron: helper /usr/local/sbin/fcgicli -f /etc/rc.expireaccounts  (minicron)
(root,12656,2152,0.0) /usr/local/bin/minicron 86400 /var/run/update_alias_url_data.pid /usr/local/sbin/fcgicli -f /etc/rc.update_alias_url_data
(root,12656,2176,0.0) minicron: helper /usr/local/sbin/fcgicli -f /etc/rc.update_alias_url_data  (minicron)
(root,19936,9708,0.0) /usr/local/sbin/openvpn --config /var/etc/openvpn/client3/config.ovpn
(root,13508,2836,0.0) /usr/local/bin/dpinger -S -r 0 -i WAN_DHCP -B 217.86.173.171 -p /var/run/dpinger_WAN_DHCP~217.86.173.171~8.8.8.8.pid -u /var/run/dpinger_WAN_DHCP~217.86.173.171~8.8.8.8.sock -d 1 -s 500 -l 2000 -t 60000 -A 1000 -D 500 -L 20 8.8.8.8
(root,13508,2840,0.0) /usr/local/bin/dpinger -S -r 0 -i WAN2 -B 87.128.57.32 -p /var/run/dpinger_WAN2~87.128.57.32~1.1.1.1.pid -u /var/run/dpinger_WAN2~87.128.57.32~1.1.1.1.sock -d 1 -s 500 -l 2000 -t 60000 -A 1000 -D 500 -L 20 1.1.1.1
(root,13404,3064,0.0) /usr/local/sbin/xinetd -syslog daemon -f /var/etc/xinetd.conf -pidfile /var/run/xinetd.pid
(root,13508,2844,0.0) /usr/local/bin/dpinger -S -r 0 -i WANUnitymediaGW -B 94.79.148.98 -p /var/run/dpinger_WANUnitymediaGW~94.79.148.98~91.190.204.61.pid -u /var/run/dpinger_WANUnitymediaGW~94.79.148.98~91.190.204.61.sock -C /etc/rc.gateway_alarm -d 1 -s 500 -l 2000 -t 60000 -A 1000 -D 500 -L 20 91.190.204.61
(root,148928,54840,0.0) php-fpm: pool nginx (php-fpm)
(root,22448,10272,0.0) sshd: /usr/sbin/sshd [listener] 0 of 10-100 startups (sshd)
(root,13204,2828,0.0) login [pam] (login)
(root,13320,3192,0.0) -sh (sh)
(root,13320,2932,0.0) /bin/sh /etc/rc.initial
(root,13204,2832,0.0) login [pam] (login)
(root,13320,3208,0.0) -sh (sh)
(root,13320,2928,0.0) /bin/sh /etc/rc.initial
(root,12788,2252,0.0) /usr/libexec/getty Pc ttyv1
(root,12788,2248,0.0) /usr/libexec/getty Pc ttyv2
(root,12788,2252,0.0) /usr/libexec/getty Pc ttyv3
(root,12788,2252,0.0) /usr/libexec/getty Pc ttyv4
(root,12788,2252,0.0) /usr/libexec/getty Pc ttyv5
(root,12788,2248,0.0) /usr/libexec/getty Pc ttyv6
(root,12788,2252,0.0) /usr/libexec/getty Pc ttyv7

Found on 2024-12-09 23:47

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcb18c9d43c4eace194284a4aeb41cc72ce74edaac2

Found public CheckMk agent:
Version: 2.4.0b1
AgentOS: freebsd
Hostname: 12637-FW002.economy.local
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/local/lib/check_mk_agent/plugins
LocalDirectory: /usr/local/lib/check_mk_agent/local
OSType: unix
FailedPythonReason: 
SSHClient: 

Found process list through CheckMk:
[time]
1733613770
[processes]
(root,0,2240,0.0) [kernel]
(root,11332,1224,0.0) /sbin/init
(root,0,128,0.0) [clock]
(root,0,144,0.0) [crypto]
(root,0,64,0.0) [cam]
(root,0,16,0.0) [ciss_notify0]
(root,0,16,0.0) [busdma]
(root,0,1376,0.0) [zfskern]
(root,0,16,0.0) [pf purge]
(root,0,16,0.0) [rand_harvestq]
(root,0,16,0.0) [audit]
(root,0,128,799.3) [idle]
(root,0,320,0.0) [intr]
(root,0,128,0.0) [ng_queue]
(root,0,48,0.0) [geom]
(root,0,16,0.0) [sequencer 00]
(root,0,320,0.0) [usb]
(root,0,48,0.0) [pagedaemon]
(root,0,16,0.0) [vmdaemon]
(root,0,128,0.0) [bufdaemon]
(root,0,16,0.0) [vnlru]
(root,0,16,0.0) [syncer]
(root,0,16,0.0) [ALQ Daemon]
(root,0,16,0.0) [enc_daemon0]
(root,109292,30560,0.0) php-fpm: master process (/usr/local/lib/php-fpm.conf) (php-fpm)
(root,148352,54424,0.0) php-fpm: pool nginx (php-fpm)
(root,148416,55280,0.0) php-fpm: pool nginx (php-fpm)
(root,13228,2868,0.0) /usr/local/sbin/check_reload_status
(root,13228,2644,0.0) check_reload_status: Monitoring daemon of check_reload_status (check_reload_status)
(root,14352,3952,0.0) /sbin/devd -q -f /etc/pfSense-devd.conf
(root,75624,26848,0.0) /usr/local/sbin/kea-dhcp4 -c /usr/local/etc/kea/kea-dhcp4.conf
(root,148288,53924,0.0) php-fpm: pool nginx (php-fpm)
(root,14648,4504,0.0) /usr/local/bin/bash /opt/bin/check_mk_agent
(root,14648,4540,0.0) /usr/local/bin/bash /opt/bin/check_mk_agent
(root,14648,4496,0.0) /usr/local/bin/bash /opt/bin/check_mk_agent
(root,12660,2356,0.0) cat
(root,13388,3228,0.0) ps ax -ww -o state,user,vsz,rss,pcpu,command
(root,13320,2976,0.0) /bin/sh /var/db/rrd/updaterrd.sh
(root,25840,10788,0.0) /usr/local/sbin/mpd5 -b -k -d /var/etc -f mpd_wan.conf -p /var/run/pppoe_wan.pid -s ppp pppoeclient
(root,23608,9108,0.0) /usr/local/sbin/ntpd -g -c /var/etc/ntpd.conf -p /var/run/ntpd.pid
(root,31348,9400,0.0) nginx: master process /usr/local/sbin/nginx -c /var/etc/nginx-webConfigurator.conf (nginx)
(root,33908,12592,0.0) nginx: worker process (nginx)
(root,33908,12876,0.0) nginx: worker process (nginx)
(root,12860,2564,0.0) /usr/sbin/cron -s
(root,19936,9896,0.0) /usr/local/sbin/openvpn --config /var/etc/openvpn/client4/config.ovpn
(nobody,17888,5344,0.0) /usr/local/sbin/dnsmasq -C /dev/null --server=/economy.local/10.105.10.10 --no-resolv --server=8.8.8.8 --server=1.1.1.1 --all-servers --dns-forward-max=5000 --cache-size=10000 --local-ttl=1
(root,12656,2156,0.0) sleep 60
(root,13424,3508,0.0) /usr/local/sbin/filterlog -i pflog0 -p /var/run/filterlog.pid
(root,13320,3008,0.0) /bin/sh /etc/rc.update_pkg_metadata
(root,12656,2160,0.0) sleep 18164
(root,25840,10784,0.0) /usr/local/sbin/mpd5 -b -k -d /var/etc -f mpd_opt1.conf -p /var/run/pppoe_opt1.pid -s ppp pppoeclient
(nobody,12768,2448,0.0) daemon: /usr/bin/env[71221] (daemon)
(nobody,745672,21836,0.0) /usr/local/bin/node_exporter --web.listen-address=10.240.252.148:9100 --collector.textfile.directory=/var/tmp/node_exporter --collector.boottime --collector.cpu --collector.exec --collector.filesystem --collector.loadavg --collector.meminfo --collector.netdev --collector.textfile --collector.time --log.level=warn
(root,148288,54004,0.0) php-fpm: pool nginx (php-fpm)
(root,12820,2948,0.0) /usr/sbin/syslogd -O rfc3164 -s -c -c -l /var/dhcpd/var/run/log -P /var/run/syslog.pid -f /etc/syslog.conf
(root,12656,2148,0.0) /usr/local/bin/minicron 240 /var/run/ping_hosts.pid /usr/local/bin/ping_hosts.sh
(root,12656,2168,0.0) minicron: helper /usr/local/bin/ping_hosts.sh  (minicron)
(root,12656,2152,0.0) /usr/local/bin/minicron 300 /var/run/ipsec_keepalive.pid /usr/local/bin/ipsec_keepalive.php
(root,12656,2172,0.0) minicron: helper /usr/local/bin/ipsec_keepalive.php  (minicron)
(root,12656,2152,0.0) /usr/local/bin/minicron 3600 /var/run/expire_accounts.pid /usr/local/sbin/fcgicli -f /etc/rc.expireaccounts
(root,12656,2176,0.0) minicron: helper /usr/local/sbin/fcgicli -f /etc/rc.expireaccounts  (minicron)
(root,12656,2152,0.0) /usr/local/bin/minicron 86400 /var/run/update_alias_url_data.pid /usr/local/sbin/fcgicli -f /etc/rc.update_alias_url_data
(root,13320,3040,0.0) /bin/sh /usr/local/sbin/sshguard -i /var/run/sshguard.pid
(root,12656,2176,0.0) minicron: helper /usr/local/sbin/fcgicli -f /etc/rc.update_alias_url_data  (minicron)
(root,12660,2352,0.0) /bin/cat
(root,19324,5836,0.0) /usr/local/libexec/sshg-parser
(root,19936,9708,0.0) /usr/local/sbin/openvpn --config /var/etc/openvpn/client3/config.ovpn
(root,13268,2892,0.0) /usr/local/libexec/sshg-blocker -w /usr/local/etc/sshguard.whitelist
(root,13320,3040,0.0) /bin/sh /usr/local/sbin/sshguard -i /var/run/sshguard.pid
(root,13320,3024,0.0) /bin/sh /usr/local/libexec/sshg-fw-pf
(root,13508,2836,0.0) /usr/local/bin/dpinger -S -r 0 -i WAN_DHCP -B 217.86.173.171 -p /var/run/dpinger_WAN_DHCP~217.86.173.171~8.8.8.8.pid -u /var/run/dpinger_WAN_DHCP~217.86.173.171~8.8.8.8.sock -d 1 -s 500 -l 2000 -t 60000 -A 1000 -D 500 -L 20 8.8.8.8
(root,13508,2840,0.0) /usr/local/bin/dpinger -S -r 0 -i WAN2 -B 87.128.57.32 -p /var/run/dpinger_WAN2~87.128.57.32~1.1.1.1.pid -u /var/run/dpinger_WAN2~87.128.57.32~1.1.1.1.sock -d 1 -s 500 -l 2000 -t 60000 -A 1000 -D 500 -L 20 1.1.1.1
(root,13404,3064,0.0) /usr/local/sbin/xinetd -syslog daemon -f /var/etc/xinetd.conf -pidfile /var/run/xinetd.pid
(root,13508,2844,0.0) /usr/local/bin/dpinger -S -r 0 -i WANUnitymediaGW -B 94.79.148.98 -p /var/run/dpinger_WANUnitymediaGW~94.79.148.98~91.190.204.61.pid -u /var/run/dpinger_WANUnitymediaGW~94.79.148.98~91.190.204.61.sock -C /etc/rc.gateway_alarm -d 1 -s 500 -l 2000 -t 60000 -A 1000 -D 500 -L 20 91.190.204.61
(root,148928,54840,0.0) php-fpm: pool nginx (php-fpm)
(root,22448,10272,0.0) sshd: /usr/sbin/sshd [listener] 0 of 10-100 startups (sshd)
(root,13204,2828,0.0) login [pam] (login)
(root,13320,3192,0.0) -sh (sh)
(root,13320,2932,0.0) /bin/sh /etc/rc.initial
(root,13204,2832,0.0) login [pam] (login)
(root,13320,3208,0.0) -sh (sh)
(root,13320,2928,0.0) /bin/sh /etc/rc.initial
(root,12788,2252,0.0) /usr/libexec/getty Pc ttyv1
(root,12788,2248,0.0) /usr/libexec/getty Pc ttyv2
(root,12788,2252,0.0) /usr/libexec/getty Pc ttyv3
(root,12788,2252,0.0) /usr/libexec/getty Pc ttyv4
(root,12788,2252,0.0) /usr/libexec/getty Pc ttyv5
(root,12788,2248,0.0) /usr/libexec/getty Pc ttyv6
(root,12788,2252,0.0) /usr/libexec/getty Pc ttyv7

Found on 2024-12-07 23:22

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcb18c9d43c4eace194284a4aeb41cc72cec8372184

Found public CheckMk agent:
Version: 2.4.0b1
AgentOS: freebsd
Hostname: 12637-FW002.economy.local
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/local/lib/check_mk_agent/plugins
LocalDirectory: /usr/local/lib/check_mk_agent/local
OSType: unix
FailedPythonReason: 
SSHClient: 

Found process list through CheckMk:
[time]
1733442465
[processes]
(root,0,2240,0.0) [kernel]
(root,11332,1224,0.0) /sbin/init
(root,0,128,0.0) [clock]
(root,0,144,0.0) [crypto]
(root,0,64,0.0) [cam]
(root,0,16,0.0) [ciss_notify0]
(root,0,16,0.0) [busdma]
(root,0,1376,0.0) [zfskern]
(root,0,16,0.0) [pf purge]
(root,0,16,0.0) [rand_harvestq]
(root,0,16,0.0) [audit]
(root,0,128,799.3) [idle]
(root,0,320,0.0) [intr]
(root,0,128,0.0) [ng_queue]
(root,0,48,0.0) [geom]
(root,0,16,0.0) [sequencer 00]
(root,0,320,0.0) [usb]
(root,0,48,0.0) [pagedaemon]
(root,0,16,0.0) [vmdaemon]
(root,0,128,0.0) [bufdaemon]
(root,0,16,0.0) [vnlru]
(root,0,16,0.0) [syncer]
(root,0,16,0.0) [ALQ Daemon]
(root,0,16,0.0) [enc_daemon0]
(root,109292,30560,0.0) php-fpm: master process (/usr/local/lib/php-fpm.conf) (php-fpm)
(root,148352,54424,0.0) php-fpm: pool nginx (php-fpm)
(root,148416,55280,0.0) php-fpm: pool nginx (php-fpm)
(root,13228,2868,0.0) /usr/local/sbin/check_reload_status
(root,13228,2644,0.0) check_reload_status: Monitoring daemon of check_reload_status (check_reload_status)
(root,13388,3224,0.0) ps ax -ww -o state,user,vsz,rss,pcpu,command
(root,14352,3952,0.0) /sbin/devd -q -f /etc/pfSense-devd.conf
(nobody,12768,2448,0.0) daemon: /usr/bin/env[11275] (daemon)
(nobody,741576,21860,0.0) /usr/local/bin/node_exporter --web.listen-address=10.240.252.148:9100 --collector.textfile.directory=/var/tmp/node_exporter --collector.boottime --collector.cpu --collector.exec --collector.filesystem --collector.loadavg --collector.meminfo --collector.netdev --collector.textfile --collector.time --log.level=warn
(root,148288,53924,0.0) php-fpm: pool nginx (php-fpm)
(root,25840,10788,0.0) /usr/local/sbin/mpd5 -b -k -d /var/etc -f mpd_wan.conf -p /var/run/pppoe_wan.pid -s ppp pppoeclient
(root,23608,9108,0.0) /usr/local/sbin/ntpd -g -c /var/etc/ntpd.conf -p /var/run/ntpd.pid
(root,13320,3036,0.0) /bin/sh /usr/local/sbin/sshguard -i /var/run/sshguard.pid
(root,12660,2356,0.0) /bin/cat
(root,31348,9400,0.0) nginx: master process /usr/local/sbin/nginx -c /var/etc/nginx-webConfigurator.conf (nginx)
(root,33908,12592,0.0) nginx: worker process (nginx)
(root,33908,12876,0.0) nginx: worker process (nginx)
(root,19324,5812,0.0) /usr/local/libexec/sshg-parser
(root,13268,2896,0.0) /usr/local/libexec/sshg-blocker -w /usr/local/etc/sshguard.whitelist
(root,13320,3036,0.0) /bin/sh /usr/local/sbin/sshguard -i /var/run/sshguard.pid
(root,13320,3028,0.0) /bin/sh /usr/local/libexec/sshg-fw-pf
(root,13508,2836,0.0) /usr/local/bin/dpinger -S -r 0 -i WAN_DHCP -B 217.86.173.171 -p /var/run/dpinger_WAN_DHCP~217.86.173.171~8.8.8.8.pid -u /var/run/dpinger_WAN_DHCP~217.86.173.171~8.8.8.8.sock -d 1 -s 500 -l 2000 -t 60000 -A 1000 -D 500 -L 20 8.8.8.8
(root,13508,2836,0.0) /usr/local/bin/dpinger -S -r 0 -i WAN2 -B 87.128.57.32 -p /var/run/dpinger_WAN2~87.128.57.32~1.1.1.1.pid -u /var/run/dpinger_WAN2~87.128.57.32~1.1.1.1.sock -d 1 -s 500 -l 2000 -t 60000 -A 1000 -D 500 -L 20 1.1.1.1
(root,13508,2844,0.0) /usr/local/bin/dpinger -S -r 0 -i WANUnitymediaGW -B 94.79.148.98 -p /var/run/dpinger_WANUnitymediaGW~94.79.148.98~91.190.204.61.pid -u /var/run/dpinger_WANUnitymediaGW~94.79.148.98~91.190.204.61.sock -C /etc/rc.gateway_alarm -d 1 -s 500 -l 2000 -t 60000 -A 1000 -D 500 -L 20 91.190.204.61
(root,12860,2564,0.0) /usr/sbin/cron -s
(root,75624,26828,0.0) /usr/local/sbin/kea-dhcp4 -c /usr/local/etc/kea/kea-dhcp4.conf
(root,13320,3004,0.0) /bin/sh /etc/rc.update_pkg_metadata
(root,12656,2160,0.0) sleep 53620
(root,19936,9896,0.0) /usr/local/sbin/openvpn --config /var/etc/openvpn/client4/config.ovpn
(nobody,17888,5344,0.0) /usr/local/sbin/dnsmasq -C /dev/null --server=/economy.local/10.105.10.10 --no-resolv --server=8.8.8.8 --server=1.1.1.1 --all-servers --dns-forward-max=5000 --cache-size=10000 --local-ttl=1
(root,13320,2976,0.0) /bin/sh /var/db/rrd/updaterrd.sh
(root,13424,3508,0.0) /usr/local/sbin/filterlog -i pflog0 -p /var/run/filterlog.pid
(root,25840,10784,0.0) /usr/local/sbin/mpd5 -b -k -d /var/etc -f mpd_opt1.conf -p /var/run/pppoe_opt1.pid -s ppp pppoeclient
(root,148288,54004,0.0) php-fpm: pool nginx (php-fpm)
(root,12820,2948,0.0) /usr/sbin/syslogd -O rfc3164 -s -c -c -l /var/dhcpd/var/run/log -P /var/run/syslog.pid -f /etc/syslog.conf
(root,12656,2148,0.0) /usr/local/bin/minicron 240 /var/run/ping_hosts.pid /usr/local/bin/ping_hosts.sh
(root,12656,2168,0.0) minicron: helper /usr/local/bin/ping_hosts.sh  (minicron)
(root,12656,2152,0.0) /usr/local/bin/minicron 300 /var/run/ipsec_keepalive.pid /usr/local/bin/ipsec_keepalive.php
(root,12656,2172,0.0) minicron: helper /usr/local/bin/ipsec_keepalive.php  (minicron)
(root,12656,2152,0.0) /usr/local/bin/minicron 3600 /var/run/expire_accounts.pid /usr/local/sbin/fcgicli -f /etc/rc.expireaccounts
(root,12656,2176,0.0) minicron: helper /usr/local/sbin/fcgicli -f /etc/rc.expireaccounts  (minicron)
(root,12656,2152,0.0) /usr/local/bin/minicron 86400 /var/run/update_alias_url_data.pid /usr/local/sbin/fcgicli -f /etc/rc.update_alias_url_data
(root,12656,2176,0.0) minicron: helper /usr/local/sbin/fcgicli -f /etc/rc.update_alias_url_data  (minicron)
(root,19936,9708,0.0) /usr/local/sbin/openvpn --config /var/etc/openvpn/client3/config.ovpn
(root,12656,2160,0.0) sleep 60
(root,13404,3064,0.0) /usr/local/sbin/xinetd -syslog daemon -f /var/etc/xinetd.conf -pidfile /var/run/xinetd.pid
(root,14648,4508,0.0) /usr/local/bin/bash /opt/bin/check_mk_agent
(root,14648,4540,0.0) /usr/local/bin/bash /opt/bin/check_mk_agent
(root,14648,4500,0.0) /usr/local/bin/bash /opt/bin/check_mk_agent
(root,12660,2356,0.0) cat
(root,148928,54840,0.0) php-fpm: pool nginx (php-fpm)
(root,22448,10272,0.0) sshd: /usr/sbin/sshd [listener] 0 of 10-100 startups (sshd)
(root,13204,2828,0.0) login [pam] (login)
(root,13320,3192,0.0) -sh (sh)
(root,13320,2932,0.0) /bin/sh /etc/rc.initial
(root,13204,2832,0.0) login [pam] (login)
(root,13320,3208,0.0) -sh (sh)
(root,13320,2928,0.0) /bin/sh /etc/rc.initial
(root,12788,2252,0.0) /usr/libexec/getty Pc ttyv1
(root,12788,2248,0.0) /usr/libexec/getty Pc ttyv2
(root,12788,2252,0.0) /usr/libexec/getty Pc ttyv3
(root,12788,2252,0.0) /usr/libexec/getty Pc ttyv4
(root,12788,2252,0.0) /usr/libexec/getty Pc ttyv5
(root,12788,2248,0.0) /usr/libexec/getty Pc ttyv6
(root,12788,2252,0.0) /usr/libexec/getty Pc ttyv7

Found on 2024-12-05 23:47

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcb18c9d43c4eace194284a4aeb41cc72ce6d69f4a8

Found public CheckMk agent:
Version: 2.4.0b1
AgentOS: freebsd
Hostname: 12637-FW002.economy.local
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/local/lib/check_mk_agent/plugins
LocalDirectory: /usr/local/lib/check_mk_agent/local
OSType: unix
FailedPythonReason: 
SSHClient: 

Found process list through CheckMk:
[time]
1733269841
[processes]
(root,0,2240,0.0) [kernel]
(root,11332,1224,0.0) /sbin/init
(root,0,128,0.0) [clock]
(root,0,144,0.0) [crypto]
(root,0,64,0.0) [cam]
(root,0,16,0.0) [ciss_notify0]
(root,0,16,0.0) [busdma]
(root,0,1376,0.0) [zfskern]
(root,0,16,0.0) [pf purge]
(root,0,16,0.0) [rand_harvestq]
(root,0,16,0.0) [audit]
(root,0,128,797.7) [idle]
(root,0,320,0.0) [intr]
(root,0,128,0.0) [ng_queue]
(root,0,48,0.0) [geom]
(root,0,16,0.0) [sequencer 00]
(root,0,320,0.0) [usb]
(root,0,48,0.0) [pagedaemon]
(root,0,16,0.0) [vmdaemon]
(root,0,128,0.0) [bufdaemon]
(root,0,16,0.0) [vnlru]
(root,0,16,0.0) [syncer]
(root,0,16,0.0) [ALQ Daemon]
(root,0,16,0.0) [enc_daemon0]
(root,13508,2836,0.0) /usr/local/bin/dpinger -S -r 0 -i WAN_DHCP -B 217.86.173.171 -p /var/run/dpinger_WAN_DHCP~217.86.173.171~8.8.8.8.pid -u /var/run/dpinger_WAN_DHCP~217.86.173.171~8.8.8.8.sock -d 1 -s 500 -l 2000 -t 60000 -A 1000 -D 500 -L 20 8.8.8.8
(root,109292,30560,0.0) php-fpm: master process (/usr/local/lib/php-fpm.conf) (php-fpm)
(root,148352,54424,0.0) php-fpm: pool nginx (php-fpm)
(root,148416,55280,0.0) php-fpm: pool nginx (php-fpm)
(root,13228,2868,0.0) /usr/local/sbin/check_reload_status
(root,13228,2644,0.0) check_reload_status: Monitoring daemon of check_reload_status (check_reload_status)
(root,17736,2928,0.0) /usr/local/bin/dpinger -S -r 0 -i WAN2 -B 87.128.57.32 -p /var/run/dpinger_WAN2~87.128.57.32~1.1.1.1.pid -u /var/run/dpinger_WAN2~87.128.57.32~1.1.1.1.sock -d 1 -s 500 -l 2000 -t 60000 -A 1000 -D 500 -L 20 1.1.1.1
(root,14648,4508,0.0) /usr/local/bin/bash /opt/bin/check_mk_agent
(root,13508,2844,0.0) /usr/local/bin/dpinger -S -r 0 -i WANUnitymediaGW -B 94.79.148.98 -p /var/run/dpinger_WANUnitymediaGW~94.79.148.98~91.190.204.61.pid -u /var/run/dpinger_WANUnitymediaGW~94.79.148.98~91.190.204.61.sock -C /etc/rc.gateway_alarm -d 1 -s 500 -l 2000 -t 60000 -A 1000 -D 500 -L 20 91.190.204.61
(root,14352,3952,0.0) /sbin/devd -q -f /etc/pfSense-devd.conf
(root,14648,4540,0.0) /usr/local/bin/bash /opt/bin/check_mk_agent
(root,14648,4504,0.0) /usr/local/bin/bash /opt/bin/check_mk_agent
(root,12660,2356,0.0) cat
(root,13388,3228,0.0) ps ax -ww -o state,user,vsz,rss,pcpu,command
(root,148288,53924,0.0) php-fpm: pool nginx (php-fpm)
(root,25840,10788,0.0) /usr/local/sbin/mpd5 -b -k -d /var/etc -f mpd_wan.conf -p /var/run/pppoe_wan.pid -s ppp pppoeclient
(root,23608,9108,0.0) /usr/local/sbin/ntpd -g -c /var/etc/ntpd.conf -p /var/run/ntpd.pid
(root,31348,9400,0.0) nginx: master process /usr/local/sbin/nginx -c /var/etc/nginx-webConfigurator.conf (nginx)
(root,33908,12588,0.0) nginx: worker process (nginx)
(root,33908,12876,0.0) nginx: worker process (nginx)
(root,12860,2564,0.0) /usr/sbin/cron -s
(root,13320,3012,0.0) /bin/sh /etc/rc.update_pkg_metadata
(root,12656,2160,0.0) sleep 76159
(root,75624,27176,0.0) /usr/local/sbin/kea-dhcp4 -c /usr/local/etc/kea/kea-dhcp4.conf
(root,13320,3028,0.0) /bin/sh /usr/local/sbin/sshguard -i /var/run/sshguard.pid
(root,12660,2356,0.0) /bin/cat
(root,19324,5840,0.0) /usr/local/libexec/sshg-parser
(root,17364,3000,0.0) /usr/local/libexec/sshg-blocker -w /usr/local/etc/sshguard.whitelist
(root,13320,3028,0.0) /bin/sh /usr/local/sbin/sshguard -i /var/run/sshguard.pid
(root,13320,3024,0.0) /bin/sh /usr/local/libexec/sshg-fw-pf
(root,19936,9896,0.0) /usr/local/sbin/openvpn --config /var/etc/openvpn/client4/config.ovpn
(nobody,17888,5344,0.0) /usr/local/sbin/dnsmasq -C /dev/null --server=/economy.local/10.105.10.10 --no-resolv --server=8.8.8.8 --server=1.1.1.1 --all-servers --dns-forward-max=5000 --cache-size=10000 --local-ttl=1
(nobody,12768,2444,0.0) daemon: /usr/bin/env[59680] (daemon)
(nobody,745928,22416,0.0) /usr/local/bin/node_exporter --web.listen-address=10.240.252.148:9100 --collector.textfile.directory=/var/tmp/node_exporter --collector.boottime --collector.cpu --collector.exec --collector.filesystem --collector.loadavg --collector.meminfo --collector.netdev --collector.textfile --collector.time --log.level=warn
(root,12656,2160,0.0) sleep 60
(root,13424,3508,0.0) /usr/local/sbin/filterlog -i pflog0 -p /var/run/filterlog.pid
(root,13320,2972,0.0) /bin/sh /var/db/rrd/updaterrd.sh
(root,25840,10784,0.0) /usr/local/sbin/mpd5 -b -k -d /var/etc -f mpd_opt1.conf -p /var/run/pppoe_opt1.pid -s ppp pppoeclient
(root,148288,54004,0.0) php-fpm: pool nginx (php-fpm)
(root,12820,2948,0.0) /usr/sbin/syslogd -O rfc3164 -s -c -c -l /var/dhcpd/var/run/log -P /var/run/syslog.pid -f /etc/syslog.conf
(root,12656,2148,0.0) /usr/local/bin/minicron 240 /var/run/ping_hosts.pid /usr/local/bin/ping_hosts.sh
(root,12656,2168,0.0) minicron: helper /usr/local/bin/ping_hosts.sh  (minicron)
(root,12656,2152,0.0) /usr/local/bin/minicron 300 /var/run/ipsec_keepalive.pid /usr/local/bin/ipsec_keepalive.php
(root,12656,2172,0.0) minicron: helper /usr/local/bin/ipsec_keepalive.php  (minicron)
(root,12656,2152,0.0) /usr/local/bin/minicron 3600 /var/run/expire_accounts.pid /usr/local/sbin/fcgicli -f /etc/rc.expireaccounts
(root,12656,2176,0.0) minicron: helper /usr/local/sbin/fcgicli -f /etc/rc.expireaccounts  (minicron)
(root,12656,2152,0.0) /usr/local/bin/minicron 86400 /var/run/update_alias_url_data.pid /usr/local/sbin/fcgicli -f /etc/rc.update_alias_url_data
(root,12656,2176,0.0) minicron: helper /usr/local/sbin/fcgicli -f /etc/rc.update_alias_url_data  (minicron)
(root,19936,9708,0.0) /usr/local/sbin/openvpn --config /var/etc/openvpn/client3/config.ovpn
(root,13404,3064,0.0) /usr/local/sbin/xinetd -syslog daemon -f /var/etc/xinetd.conf -pidfile /var/run/xinetd.pid
(root,148928,54840,0.0) php-fpm: pool nginx (php-fpm)
(root,22448,10272,0.0) sshd: /usr/sbin/sshd [listener] 0 of 10-100 startups (sshd)
(root,13204,2828,0.0) login [pam] (login)
(root,13320,3192,0.0) -sh (sh)
(root,13320,2932,0.0) /bin/sh /etc/rc.initial
(root,13204,2832,0.0) login [pam] (login)
(root,13320,3208,0.0) -sh (sh)
(root,13320,2928,0.0) /bin/sh /etc/rc.initial
(root,12788,2252,0.0) /usr/libexec/getty Pc ttyv1
(root,12788,2248,0.0) /usr/libexec/getty Pc ttyv2
(root,12788,2252,0.0) /usr/libexec/getty Pc ttyv3
(root,12788,2252,0.0) /usr/libexec/getty Pc ttyv4
(root,12788,2252,0.0) /usr/libexec/getty Pc ttyv5
(root,12788,2248,0.0) /usr/libexec/getty Pc ttyv6
(root,12788,2252,0.0) /usr/libexec/getty Pc ttyv7

Found on 2024-12-03 23:50

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcb18c9d43c4eace194284a4aeb41cc72ce6163b2a1

Found public CheckMk agent:
Version: 2.4.0b1
AgentOS: freebsd
Hostname: 12637-FW002.economy.local
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/local/lib/check_mk_agent/plugins
LocalDirectory: /usr/local/lib/check_mk_agent/local
OSType: unix
FailedPythonReason: 
SSHClient: 

Found process list through CheckMk:
[time]
1733095431
[processes]
(root,0,2240,0.0) [kernel]
(root,11332,1224,0.0) /sbin/init
(root,0,128,0.0) [clock]
(root,0,144,0.0) [crypto]
(root,0,64,0.0) [cam]
(root,0,16,0.0) [ciss_notify0]
(root,0,16,0.0) [busdma]
(root,0,1376,0.0) [zfskern]
(root,0,16,0.0) [pf purge]
(root,0,16,0.0) [rand_harvestq]
(root,0,16,0.0) [audit]
(root,0,128,799.2) [idle]
(root,0,320,0.0) [intr]
(root,0,128,0.0) [ng_queue]
(root,0,48,0.0) [geom]
(root,0,16,0.0) [sequencer 00]
(root,0,320,0.0) [usb]
(root,0,48,0.0) [pagedaemon]
(root,0,16,0.0) [vmdaemon]
(root,0,128,0.0) [bufdaemon]
(root,0,16,0.0) [vnlru]
(root,0,16,0.0) [syncer]
(root,0,16,0.0) [ALQ Daemon]
(root,0,16,0.0) [enc_daemon0]
(root,13508,2836,0.0) /usr/local/bin/dpinger -S -r 0 -i WAN_DHCP -B 217.86.173.171 -p /var/run/dpinger_WAN_DHCP~217.86.173.171~8.8.8.8.pid -u /var/run/dpinger_WAN_DHCP~217.86.173.171~8.8.8.8.sock -d 1 -s 500 -l 2000 -t 60000 -A 1000 -D 500 -L 20 8.8.8.8
(root,109292,30560,0.0) php-fpm: master process (/usr/local/lib/php-fpm.conf) (php-fpm)
(root,148352,54424,0.0) php-fpm: pool nginx (php-fpm)
(root,148416,55280,0.0) php-fpm: pool nginx (php-fpm)
(root,13228,2868,0.0) /usr/local/sbin/check_reload_status
(root,13228,2644,0.0) check_reload_status: Monitoring daemon of check_reload_status (check_reload_status)
(root,13508,2836,0.0) /usr/local/bin/dpinger -S -r 0 -i WAN2 -B 87.128.57.32 -p /var/run/dpinger_WAN2~87.128.57.32~1.1.1.1.pid -u /var/run/dpinger_WAN2~87.128.57.32~1.1.1.1.sock -d 1 -s 500 -l 2000 -t 60000 -A 1000 -D 500 -L 20 1.1.1.1
(root,13508,2844,0.0) /usr/local/bin/dpinger -S -r 0 -i WANUnitymediaGW -B 94.79.148.98 -p /var/run/dpinger_WANUnitymediaGW~94.79.148.98~91.190.204.61.pid -u /var/run/dpinger_WANUnitymediaGW~94.79.148.98~91.190.204.61.sock -C /etc/rc.gateway_alarm -d 1 -s 500 -l 2000 -t 60000 -A 1000 -D 500 -L 20 91.190.204.61
(root,14352,3952,0.0) /sbin/devd -q -f /etc/pfSense-devd.conf
(root,148288,53924,0.0) php-fpm: pool nginx (php-fpm)
(root,25840,10788,0.0) /usr/local/sbin/mpd5 -b -k -d /var/etc -f mpd_wan.conf -p /var/run/pppoe_wan.pid -s ppp pppoeclient
(root,12656,2160,0.0) sleep 60
(root,23608,9108,0.0) /usr/local/sbin/ntpd -g -c /var/etc/ntpd.conf -p /var/run/ntpd.pid
(root,31348,9400,0.0) nginx: master process /usr/local/sbin/nginx -c /var/etc/nginx-webConfigurator.conf (nginx)
(root,33908,12588,0.0) nginx: worker process (nginx)
(root,33908,12876,0.0) nginx: worker process (nginx)
(root,12860,2564,0.0) /usr/sbin/cron -s
(root,75624,26752,0.0) /usr/local/sbin/kea-dhcp4 -c /usr/local/etc/kea/kea-dhcp4.conf
(root,19936,9896,0.0) /usr/local/sbin/openvpn --config /var/etc/openvpn/client4/config.ovpn
(nobody,17888,5344,0.0) /usr/local/sbin/dnsmasq -C /dev/null --server=/economy.local/10.105.10.10 --no-resolv --server=8.8.8.8 --server=1.1.1.1 --all-servers --dns-forward-max=5000 --cache-size=10000 --local-ttl=1
(nobody,12768,2444,0.0) daemon: /usr/bin/env[59680] (daemon)
(nobody,745928,22280,0.0) /usr/local/bin/node_exporter --web.listen-address=10.240.252.148:9100 --collector.textfile.directory=/var/tmp/node_exporter --collector.boottime --collector.cpu --collector.exec --collector.filesystem --collector.loadavg --collector.meminfo --collector.netdev --collector.textfile --collector.time --log.level=warn
(root,13424,3508,0.0) /usr/local/sbin/filterlog -i pflog0 -p /var/run/filterlog.pid
(root,13320,2976,0.0) /bin/sh /var/db/rrd/updaterrd.sh
(root,25840,10784,0.0) /usr/local/sbin/mpd5 -b -k -d /var/etc -f mpd_opt1.conf -p /var/run/pppoe_opt1.pid -s ppp pppoeclient
(root,148288,54004,0.0) php-fpm: pool nginx (php-fpm)
(root,12820,2948,0.0) /usr/sbin/syslogd -O rfc3164 -s -c -c -l /var/dhcpd/var/run/log -P /var/run/syslog.pid -f /etc/syslog.conf
(root,12656,2148,0.0) /usr/local/bin/minicron 240 /var/run/ping_hosts.pid /usr/local/bin/ping_hosts.sh
(root,12656,2168,0.0) minicron: helper /usr/local/bin/ping_hosts.sh  (minicron)
(root,12656,2152,0.0) /usr/local/bin/minicron 300 /var/run/ipsec_keepalive.pid /usr/local/bin/ipsec_keepalive.php
(root,12656,2172,0.0) minicron: helper /usr/local/bin/ipsec_keepalive.php  (minicron)
(root,12656,2152,0.0) /usr/local/bin/minicron 3600 /var/run/expire_accounts.pid /usr/local/sbin/fcgicli -f /etc/rc.expireaccounts
(root,12656,2176,0.0) minicron: helper /usr/local/sbin/fcgicli -f /etc/rc.expireaccounts  (minicron)
(root,12656,2152,0.0) /usr/local/bin/minicron 86400 /var/run/update_alias_url_data.pid /usr/local/sbin/fcgicli -f /etc/rc.update_alias_url_data
(root,14648,4508,0.0) /usr/local/bin/bash /opt/bin/check_mk_agent
(root,12656,2176,0.0) minicron: helper /usr/local/sbin/fcgicli -f /etc/rc.update_alias_url_data  (minicron)
(root,19936,9708,0.0) /usr/local/sbin/openvpn --config /var/etc/openvpn/client3/config.ovpn
(root,14648,4540,0.0) /usr/local/bin/bash /opt/bin/check_mk_agent
(root,14648,4500,0.0) /usr/local/bin/bash /opt/bin/check_mk_agent
(root,12660,2352,0.0) cat
(root,13320,3000,0.0) /bin/sh /etc/rc.update_pkg_metadata
(root,12656,2156,0.0) sleep 60731
(root,13388,3220,0.0) ps ax -ww -o state,user,vsz,rss,pcpu,command
(root,13320,3036,0.0) /bin/sh /usr/local/sbin/sshguard -i /var/run/sshguard.pid
(root,12660,2356,0.0) /bin/cat
(root,19324,5836,0.0) /usr/local/libexec/sshg-parser
(root,13268,2896,0.0) /usr/local/libexec/sshg-blocker -w /usr/local/etc/sshguard.whitelist
(root,13320,3036,0.0) /bin/sh /usr/local/sbin/sshguard -i /var/run/sshguard.pid
(root,13320,3028,0.0) /bin/sh /usr/local/libexec/sshg-fw-pf
(root,13404,3064,0.0) /usr/local/sbin/xinetd -syslog daemon -f /var/etc/xinetd.conf -pidfile /var/run/xinetd.pid
(root,148928,54840,0.0) php-fpm: pool nginx (php-fpm)
(root,22448,10272,0.0) sshd: /usr/sbin/sshd [listener] 0 of 10-100 startups (sshd)
(root,13204,2828,0.0) login [pam] (login)
(root,13320,3192,0.0) -sh (sh)
(root,13320,2932,0.0) /bin/sh /etc/rc.initial
(root,13204,2832,0.0) login [pam] (login)
(root,13320,3208,0.0) -sh (sh)
(root,13320,2928,0.0) /bin/sh /etc/rc.initial
(root,12788,2252,0.0) /usr/libexec/getty Pc ttyv1
(root,12788,2248,0.0) /usr/libexec/getty Pc ttyv2
(root,12788,2252,0.0) /usr/libexec/getty Pc ttyv3
(root,12788,2252,0.0) /usr/libexec/getty Pc ttyv4
(root,12788,2252,0.0) /usr/libexec/getty Pc ttyv5
(root,12788,2248,0.0) /usr/libexec/getty Pc ttyv6
(root,12788,2252,0.0) /usr/libexec/getty Pc ttyv7

Found on 2024-12-01 23:23

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcb18c9d43c4eace194284a4aeb41cc72ceedb359ec

Found public CheckMk agent:
Version: 2.4.0b1
AgentOS: freebsd
Hostname: 12637-FW002.economy.local
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/local/lib/check_mk_agent/plugins
LocalDirectory: /usr/local/lib/check_mk_agent/local
OSType: unix
FailedPythonReason: 
SSHClient: 

Found process list through CheckMk:
[time]
1732922692
[processes]
(root,0,2240,0.0) [kernel]
(root,11332,1224,0.0) /sbin/init
(root,0,128,0.0) [clock]
(root,0,144,0.0) [crypto]
(root,0,64,0.0) [cam]
(root,0,16,0.0) [ciss_notify0]
(root,0,16,0.0) [busdma]
(root,0,1376,0.0) [zfskern]
(root,0,16,0.0) [pf purge]
(root,0,16,0.0) [rand_harvestq]
(root,0,16,0.0) [audit]
(root,0,128,799.8) [idle]
(root,0,320,0.0) [intr]
(root,0,128,0.0) [ng_queue]
(root,0,48,0.0) [geom]
(root,0,16,0.0) [sequencer 00]
(root,0,320,0.0) [usb]
(root,0,48,0.0) [pagedaemon]
(root,0,16,0.0) [vmdaemon]
(root,0,128,0.0) [bufdaemon]
(root,0,16,0.0) [vnlru]
(root,0,16,0.0) [syncer]
(root,0,16,0.0) [ALQ Daemon]
(root,0,16,0.0) [enc_daemon0]
(root,13508,2836,0.0) /usr/local/bin/dpinger -S -r 0 -i WAN_DHCP -B 217.86.173.171 -p /var/run/dpinger_WAN_DHCP~217.86.173.171~8.8.8.8.pid -u /var/run/dpinger_WAN_DHCP~217.86.173.171~8.8.8.8.sock -d 1 -s 500 -l 2000 -t 60000 -A 1000 -D 500 -L 20 8.8.8.8
(root,109292,30560,0.0) php-fpm: master process (/usr/local/lib/php-fpm.conf) (php-fpm)
(root,148352,54424,0.0) php-fpm: pool nginx (php-fpm)
(root,148416,55280,0.0) php-fpm: pool nginx (php-fpm)
(root,13228,2868,0.0) /usr/local/sbin/check_reload_status
(root,13228,2644,0.0) check_reload_status: Monitoring daemon of check_reload_status (check_reload_status)
(root,13508,2836,0.0) /usr/local/bin/dpinger -S -r 0 -i WAN2 -B 87.128.57.32 -p /var/run/dpinger_WAN2~87.128.57.32~1.1.1.1.pid -u /var/run/dpinger_WAN2~87.128.57.32~1.1.1.1.sock -d 1 -s 500 -l 2000 -t 60000 -A 1000 -D 500 -L 20 1.1.1.1
(root,13508,2844,0.0) /usr/local/bin/dpinger -S -r 0 -i WANUnitymediaGW -B 94.79.148.98 -p /var/run/dpinger_WANUnitymediaGW~94.79.148.98~91.190.204.61.pid -u /var/run/dpinger_WANUnitymediaGW~94.79.148.98~91.190.204.61.sock -C /etc/rc.gateway_alarm -d 1 -s 500 -l 2000 -t 60000 -A 1000 -D 500 -L 20 91.190.204.61
(root,14352,3952,0.0) /sbin/devd -q -f /etc/pfSense-devd.conf
(root,14648,4504,0.0) /usr/local/bin/bash /opt/bin/check_mk_agent
(root,14648,4536,0.0) /usr/local/bin/bash /opt/bin/check_mk_agent
(root,14648,4500,0.0) /usr/local/bin/bash /opt/bin/check_mk_agent
(root,12660,2352,0.0) cat
(root,13388,3220,0.0) ps ax -ww -o state,user,vsz,rss,pcpu,command
(root,148288,53924,0.0) php-fpm: pool nginx (php-fpm)
(root,25840,10788,0.0) /usr/local/sbin/mpd5 -b -k -d /var/etc -f mpd_wan.conf -p /var/run/pppoe_wan.pid -s ppp pppoeclient
(root,23608,9108,0.0) /usr/local/sbin/ntpd -g -c /var/etc/ntpd.conf -p /var/run/ntpd.pid
(root,31348,9400,0.0) nginx: master process /usr/local/sbin/nginx -c /var/etc/nginx-webConfigurator.conf (nginx)
(root,33908,12588,0.0) nginx: worker process (nginx)
(root,33908,12876,0.0) nginx: worker process (nginx)
(root,12860,2564,0.0) /usr/sbin/cron -s
(root,75624,26716,0.0) /usr/local/sbin/kea-dhcp4 -c /usr/local/etc/kea/kea-dhcp4.conf
(root,19936,9896,0.0) /usr/local/sbin/openvpn --config /var/etc/openvpn/client4/config.ovpn
(nobody,17888,5344,0.0) /usr/local/sbin/dnsmasq -C /dev/null --server=/economy.local/10.105.10.10 --no-resolv --server=8.8.8.8 --server=1.1.1.1 --all-servers --dns-forward-max=5000 --cache-size=10000 --local-ttl=1
(nobody,12768,2444,0.0) daemon: /usr/bin/env[59680] (daemon)
(nobody,745928,22004,0.0) /usr/local/bin/node_exporter --web.listen-address=10.240.252.148:9100 --collector.textfile.directory=/var/tmp/node_exporter --collector.boottime --collector.cpu --collector.exec --collector.filesystem --collector.loadavg --collector.meminfo --collector.netdev --collector.textfile --collector.time --log.level=warn
(root,13424,3508,0.0) /usr/local/sbin/filterlog -i pflog0 -p /var/run/filterlog.pid
(root,13320,2976,0.0) /bin/sh /var/db/rrd/updaterrd.sh
(root,25840,10784,0.0) /usr/local/sbin/mpd5 -b -k -d /var/etc -f mpd_opt1.conf -p /var/run/pppoe_opt1.pid -s ppp pppoeclient
(root,13320,3004,0.0) /bin/sh /etc/rc.update_pkg_metadata
(root,12656,2160,0.0) sleep 47838
(root,148288,54004,0.0) php-fpm: pool nginx (php-fpm)
(root,12656,2160,0.0) sleep 60
(root,12820,2948,0.0) /usr/sbin/syslogd -O rfc3164 -s -c -c -l /var/dhcpd/var/run/log -P /var/run/syslog.pid -f /etc/syslog.conf
(root,12656,2148,0.0) /usr/local/bin/minicron 240 /var/run/ping_hosts.pid /usr/local/bin/ping_hosts.sh
(root,12656,2168,0.0) minicron: helper /usr/local/bin/ping_hosts.sh  (minicron)
(root,12656,2152,0.0) /usr/local/bin/minicron 300 /var/run/ipsec_keepalive.pid /usr/local/bin/ipsec_keepalive.php
(root,12656,2172,0.0) minicron: helper /usr/local/bin/ipsec_keepalive.php  (minicron)
(root,12656,2152,0.0) /usr/local/bin/minicron 3600 /var/run/expire_accounts.pid /usr/local/sbin/fcgicli -f /etc/rc.expireaccounts
(root,12656,2176,0.0) minicron: helper /usr/local/sbin/fcgicli -f /etc/rc.expireaccounts  (minicron)
(root,12656,2152,0.0) /usr/local/bin/minicron 86400 /var/run/update_alias_url_data.pid /usr/local/sbin/fcgicli -f /etc/rc.update_alias_url_data
(root,12656,2176,0.0) minicron: helper /usr/local/sbin/fcgicli -f /etc/rc.update_alias_url_data  (minicron)
(root,19936,9708,0.0) /usr/local/sbin/openvpn --config /var/etc/openvpn/client3/config.ovpn
(root,13404,3064,0.0) /usr/local/sbin/xinetd -syslog daemon -f /var/etc/xinetd.conf -pidfile /var/run/xinetd.pid
(root,13320,3032,0.0) /bin/sh /usr/local/sbin/sshguard -i /var/run/sshguard.pid
(root,148928,54840,0.0) php-fpm: pool nginx (php-fpm)
(root,12660,2356,0.0) /bin/cat
(root,19324,5836,0.0) /usr/local/libexec/sshg-parser
(root,17364,3000,0.0) /usr/local/libexec/sshg-blocker -w /usr/local/etc/sshguard.whitelist
(root,22448,10272,0.0) sshd: /usr/sbin/sshd [listener] 0 of 10-100 startups (sshd)
(root,13320,3032,0.0) /bin/sh /usr/local/sbin/sshguard -i /var/run/sshguard.pid
(root,13320,3028,0.0) /bin/sh /usr/local/libexec/sshg-fw-pf
(root,13204,2828,0.0) login [pam] (login)
(root,13320,3192,0.0) -sh (sh)
(root,13320,2932,0.0) /bin/sh /etc/rc.initial
(root,13204,2832,0.0) login [pam] (login)
(root,13320,3208,0.0) -sh (sh)
(root,13320,2928,0.0) /bin/sh /etc/rc.initial
(root,12788,2252,0.0) /usr/libexec/getty Pc ttyv1
(root,12788,2248,0.0) /usr/libexec/getty Pc ttyv2
(root,12788,2252,0.0) /usr/libexec/getty Pc ttyv3
(root,12788,2252,0.0) /usr/libexec/getty Pc ttyv4
(root,12788,2252,0.0) /usr/libexec/getty Pc ttyv5
(root,12788,2248,0.0) /usr/libexec/getty Pc ttyv6
(root,12788,2252,0.0) /usr/libexec/getty Pc ttyv7

Found on 2024-11-29 23:24

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcb18c9d43c4eace194284a4aeb41cc72ce25f010dc

Found public CheckMk agent:
Version: 2.4.0b1
AgentOS: freebsd
Hostname: 12637-FW002.economy.local
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/local/lib/check_mk_agent/plugins
LocalDirectory: /usr/local/lib/check_mk_agent/local
OSType: unix
FailedPythonReason: 
SSHClient: 

Found process list through CheckMk:
[time]
1732752099
[processes]
(root,0,2240,0.0) [kernel]
(root,11332,1224,0.0) /sbin/init
(root,0,128,0.0) [clock]
(root,0,144,0.0) [crypto]
(root,0,64,0.0) [cam]
(root,0,16,0.0) [ciss_notify0]
(root,0,16,0.0) [busdma]
(root,0,1376,0.0) [zfskern]
(root,0,16,0.0) [pf purge]
(root,0,16,0.0) [rand_harvestq]
(root,0,16,0.0) [audit]
(root,0,128,799.4) [idle]
(root,0,320,0.0) [intr]
(root,0,128,0.0) [ng_queue]
(root,0,48,0.0) [geom]
(root,0,16,0.0) [sequencer 00]
(root,0,320,0.0) [usb]
(root,0,48,0.0) [pagedaemon]
(root,0,16,0.0) [vmdaemon]
(root,0,128,0.0) [bufdaemon]
(root,0,16,0.0) [vnlru]
(root,0,16,0.0) [syncer]
(root,0,16,0.0) [ALQ Daemon]
(root,0,16,0.0) [enc_daemon0]
(root,109292,30560,0.0) php-fpm: master process (/usr/local/lib/php-fpm.conf) (php-fpm)
(root,143920,52028,0.0) php-fpm: pool nginx (php-fpm)
(root,148416,55280,0.0) php-fpm: pool nginx (php-fpm)
(root,13228,2868,0.0) /usr/local/sbin/check_reload_status
(root,13228,2644,0.0) check_reload_status: Monitoring daemon of check_reload_status (check_reload_status)
(root,14352,3952,0.0) /sbin/devd -q -f /etc/pfSense-devd.conf
(root,13320,3008,0.0) /bin/sh /etc/rc.update_pkg_metadata
(root,12656,2156,0.0) sleep 17462
(root,12656,2160,0.0) sleep 60
(root,148288,53900,0.0) php-fpm: pool nginx (php-fpm)
(root,75624,27280,0.0) /usr/local/sbin/kea-dhcp4 -c /usr/local/etc/kea/kea-dhcp4.conf
(root,25840,10780,0.0) /usr/local/sbin/mpd5 -b -k -d /var/etc -f mpd_wan.conf -p /var/run/pppoe_wan.pid -s ppp pppoeclient
(root,13320,2980,0.0) /bin/sh /var/db/rrd/updaterrd.sh
(root,23608,9108,0.0) /usr/local/sbin/ntpd -g -c /var/etc/ntpd.conf -p /var/run/ntpd.pid
(root,31348,9400,0.0) nginx: master process /usr/local/sbin/nginx -c /var/etc/nginx-webConfigurator.conf (nginx)
(root,33908,12132,0.0) nginx: worker process (nginx)
(root,33908,12876,0.0) nginx: worker process (nginx)
(root,13320,3036,0.0) /bin/sh /usr/local/sbin/sshguard -i /var/run/sshguard.pid
(root,12660,2356,0.0) /bin/cat
(root,19324,5808,0.0) /usr/local/libexec/sshg-parser
(root,13268,2896,0.0) /usr/local/libexec/sshg-blocker -w /usr/local/etc/sshguard.whitelist
(root,13320,3036,0.0) /bin/sh /usr/local/sbin/sshguard -i /var/run/sshguard.pid
(root,14648,4508,0.0) /usr/local/bin/bash /opt/bin/check_mk_agent
(root,13320,3024,0.0) /bin/sh /usr/local/libexec/sshg-fw-pf
(root,12860,2564,0.0) /usr/sbin/cron -s
(root,14648,4544,0.0) /usr/local/bin/bash /opt/bin/check_mk_agent
(root,14648,4500,0.0) /usr/local/bin/bash /opt/bin/check_mk_agent
(root,12660,2348,0.0) cat
(root,13388,3220,0.0) ps ax -ww -o state,user,vsz,rss,pcpu,command
(root,19936,9724,0.0) /usr/local/sbin/openvpn --config /var/etc/openvpn/client4/config.ovpn
(nobody,17888,5328,0.0) /usr/local/sbin/dnsmasq -C /dev/null --server=/economy.local/10.105.10.10 --no-resolv --server=8.8.8.8 --server=1.1.1.1 --all-servers --dns-forward-max=5000 --cache-size=10000 --local-ttl=1
(root,13424,3508,0.0) /usr/local/sbin/filterlog -i pflog0 -p /var/run/filterlog.pid
(root,25840,10780,0.0) /usr/local/sbin/mpd5 -b -k -d /var/etc -f mpd_opt1.conf -p /var/run/pppoe_opt1.pid -s ppp pppoeclient
(root,148288,54004,0.0) php-fpm: pool nginx (php-fpm)
(nobody,12768,2448,0.0) daemon: /usr/bin/env[74091] (daemon)
(nobody,741832,21844,0.0) /usr/local/bin/node_exporter --web.listen-address=10.240.252.148:9100 --collector.textfile.directory=/var/tmp/node_exporter --collector.boottime --collector.cpu --collector.exec --collector.filesystem --collector.loadavg --collector.meminfo --collector.netdev --collector.textfile --collector.time --log.level=warn
(root,12820,2948,0.0) /usr/sbin/syslogd -O rfc3164 -s -c -c -l /var/dhcpd/var/run/log -P /var/run/syslog.pid -f /etc/syslog.conf
(root,12656,2148,0.0) /usr/local/bin/minicron 240 /var/run/ping_hosts.pid /usr/local/bin/ping_hosts.sh
(root,12656,2168,0.0) minicron: helper /usr/local/bin/ping_hosts.sh  (minicron)
(root,12656,2152,0.0) /usr/local/bin/minicron 300 /var/run/ipsec_keepalive.pid /usr/local/bin/ipsec_keepalive.php
(root,12656,2172,0.0) minicron: helper /usr/local/bin/ipsec_keepalive.php  (minicron)
(root,12656,2152,0.0) /usr/local/bin/minicron 3600 /var/run/expire_accounts.pid /usr/local/sbin/fcgicli -f /etc/rc.expireaccounts
(root,12656,2176,0.0) minicron: helper /usr/local/sbin/fcgicli -f /etc/rc.expireaccounts  (minicron)
(root,12656,2152,0.0) /usr/local/bin/minicron 86400 /var/run/update_alias_url_data.pid /usr/local/sbin/fcgicli -f /etc/rc.update_alias_url_data
(root,12656,2176,0.0) minicron: helper /usr/local/sbin/fcgicli -f /etc/rc.update_alias_url_data  (minicron)
(root,19936,9704,0.0) /usr/local/sbin/openvpn --config /var/etc/openvpn/client3/config.ovpn
(root,13404,3064,0.0) /usr/local/sbin/xinetd -syslog daemon -f /var/etc/xinetd.conf -pidfile /var/run/xinetd.pid
(root,13508,2836,0.0) /usr/local/bin/dpinger -S -r 0 -i WAN_DHCP -B 217.86.173.171 -p /var/run/dpinger_WAN_DHCP~217.86.173.171~8.8.8.8.pid -u /var/run/dpinger_WAN_DHCP~217.86.173.171~8.8.8.8.sock -d 1 -s 500 -l 2000 -t 60000 -A 1000 -D 500 -L 20 8.8.8.8
(root,13508,2836,0.0) /usr/local/bin/dpinger -S -r 0 -i WAN2 -B 87.128.57.32 -p /var/run/dpinger_WAN2~87.128.57.32~1.1.1.1.pid -u /var/run/dpinger_WAN2~87.128.57.32~1.1.1.1.sock -d 1 -s 500 -l 2000 -t 60000 -A 1000 -D 500 -L 20 1.1.1.1
(root,13508,2848,0.0) /usr/local/bin/dpinger -S -r 0 -i WANUnitymediaGW -B 94.79.148.98 -p /var/run/dpinger_WANUnitymediaGW~94.79.148.98~91.190.204.61.pid -u /var/run/dpinger_WANUnitymediaGW~94.79.148.98~91.190.204.61.sock -C /etc/rc.gateway_alarm -d 1 -s 500 -l 2000 -t 60000 -A 1000 -D 500 -L 20 91.190.204.61
(root,148928,54268,0.0) php-fpm: pool nginx (php-fpm)
(root,22448,10272,0.0) sshd: /usr/sbin/sshd [listener] 0 of 10-100 startups (sshd)
(root,13204,2828,0.0) login [pam] (login)
(root,13320,3192,0.0) -sh (sh)
(root,13320,2932,0.0) /bin/sh /etc/rc.initial
(root,13204,2832,0.0) login [pam] (login)
(root,13320,3208,0.0) -sh (sh)
(root,13320,2928,0.0) /bin/sh /etc/rc.initial
(root,12788,2252,0.0) /usr/libexec/getty Pc ttyv1
(root,12788,2248,0.0) /usr/libexec/getty Pc ttyv2
(root,12788,2252,0.0) /usr/libexec/getty Pc ttyv3
(root,12788,2252,0.0) /usr/libexec/getty Pc ttyv4
(root,12788,2252,0.0) /usr/libexec/getty Pc ttyv5
(root,12788,2248,0.0) /usr/libexec/getty Pc ttyv6
(root,12788,2252,0.0) /usr/libexec/getty Pc ttyv7

Found on 2024-11-28 00:01

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcb18c9d43c4eace194284a4aeb41cc72cea6267d6b

Found public CheckMk agent:
Version: 2.4.0b1
AgentOS: freebsd
Hostname: 12637-FW002.economy.local
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/local/lib/check_mk_agent/plugins
LocalDirectory: /usr/local/lib/check_mk_agent/local
OSType: unix
FailedPythonReason: 
SSHClient: 

Found process list through CheckMk:
[time]
1732579846
[processes]
(root,0,2240,0.0) [kernel]
(root,11332,1224,0.0) /sbin/init
(root,0,128,0.0) [clock]
(root,0,144,0.0) [crypto]
(root,0,64,0.0) [cam]
(root,0,16,0.0) [ciss_notify0]
(root,0,16,0.0) [busdma]
(root,0,1376,0.0) [zfskern]
(root,0,16,0.0) [pf purge]
(root,0,16,0.0) [rand_harvestq]
(root,0,16,0.0) [audit]
(root,0,128,800.0) [idle]
(root,0,320,0.0) [intr]
(root,0,128,0.0) [ng_queue]
(root,0,48,0.0) [geom]
(root,0,16,0.0) [sequencer 00]
(root,0,320,0.0) [usb]
(root,0,48,0.0) [pagedaemon]
(root,0,16,0.0) [vmdaemon]
(root,0,128,0.0) [bufdaemon]
(root,0,16,0.0) [vnlru]
(root,0,16,0.0) [syncer]
(root,0,16,0.0) [ALQ Daemon]
(root,0,16,0.0) [enc_daemon0]
(root,109292,30560,0.0) php-fpm: master process (/usr/local/lib/php-fpm.conf) (php-fpm)
(root,143920,52028,0.0) php-fpm: pool nginx (php-fpm)
(root,148416,55280,0.0) php-fpm: pool nginx (php-fpm)
(root,13228,2868,0.0) /usr/local/sbin/check_reload_status
(root,13228,2644,0.0) check_reload_status: Monitoring daemon of check_reload_status (check_reload_status)
(root,14648,4508,0.0) /usr/local/bin/bash /opt/bin/check_mk_agent
(root,14352,3952,0.0) /sbin/devd -q -f /etc/pfSense-devd.conf
(root,14648,4544,0.0) /usr/local/bin/bash /opt/bin/check_mk_agent
(root,14648,4500,0.0) /usr/local/bin/bash /opt/bin/check_mk_agent
(root,12660,2356,0.0) cat
(root,13388,3224,0.0) ps ax -ww -o state,user,vsz,rss,pcpu,command
(root,148288,53900,0.0) php-fpm: pool nginx (php-fpm)
(root,73064,26908,0.0) /usr/local/sbin/kea-dhcp4 -c /usr/local/etc/kea/kea-dhcp4.conf
(root,25840,10780,0.0) /usr/local/sbin/mpd5 -b -k -d /var/etc -f mpd_wan.conf -p /var/run/pppoe_wan.pid -s ppp pppoeclient
(root,13320,2980,0.0) /bin/sh /var/db/rrd/updaterrd.sh
(root,23608,9108,0.0) /usr/local/sbin/ntpd -g -c /var/etc/ntpd.conf -p /var/run/ntpd.pid
(root,31348,9400,0.0) nginx: master process /usr/local/sbin/nginx -c /var/etc/nginx-webConfigurator.conf (nginx)
(root,33908,12132,0.0) nginx: worker process (nginx)
(root,33908,12876,0.0) nginx: worker process (nginx)
(root,12860,2564,0.0) /usr/sbin/cron -s
(root,19936,9724,0.0) /usr/local/sbin/openvpn --config /var/etc/openvpn/client4/config.ovpn
(nobody,17888,5312,0.0) /usr/local/sbin/dnsmasq -C /dev/null --server=/economy.local/10.105.10.10 --no-resolv --server=8.8.8.8 --server=1.1.1.1 --all-servers --dns-forward-max=5000 --cache-size=10000 --local-ttl=1
(root,13320,3036,0.0) /bin/sh /usr/local/sbin/sshguard -i /var/run/sshguard.pid
(root,12660,2364,0.0) /bin/cat
(root,19324,5836,0.0) /usr/local/libexec/sshg-parser
(root,17364,3000,0.0) /usr/local/libexec/sshg-blocker -w /usr/local/etc/sshguard.whitelist
(root,13320,3036,0.0) /bin/sh /usr/local/sbin/sshguard -i /var/run/sshguard.pid
(root,13320,3028,0.0) /bin/sh /usr/local/libexec/sshg-fw-pf
(root,13424,3508,0.0) /usr/local/sbin/filterlog -i pflog0 -p /var/run/filterlog.pid
(root,25840,10780,0.0) /usr/local/sbin/mpd5 -b -k -d /var/etc -f mpd_opt1.conf -p /var/run/pppoe_opt1.pid -s ppp pppoeclient
(root,148288,54004,0.0) php-fpm: pool nginx (php-fpm)
(nobody,12768,2448,0.0) daemon: /usr/bin/env[74091] (daemon)
(nobody,741832,21812,0.0) /usr/local/bin/node_exporter --web.listen-address=10.240.252.148:9100 --collector.textfile.directory=/var/tmp/node_exporter --collector.boottime --collector.cpu --collector.exec --collector.filesystem --collector.loadavg --collector.meminfo --collector.netdev --collector.textfile --collector.time --log.level=warn
(root,12820,2948,0.0) /usr/sbin/syslogd -O rfc3164 -s -c -c -l /var/dhcpd/var/run/log -P /var/run/syslog.pid -f /etc/syslog.conf
(root,12656,2148,0.0) /usr/local/bin/minicron 240 /var/run/ping_hosts.pid /usr/local/bin/ping_hosts.sh
(root,12656,2168,0.0) minicron: helper /usr/local/bin/ping_hosts.sh  (minicron)
(root,12656,2152,0.0) /usr/local/bin/minicron 300 /var/run/ipsec_keepalive.pid /usr/local/bin/ipsec_keepalive.php
(root,12656,2172,0.0) minicron: helper /usr/local/bin/ipsec_keepalive.php  (minicron)
(root,12656,2152,0.0) /usr/local/bin/minicron 3600 /var/run/expire_accounts.pid /usr/local/sbin/fcgicli -f /etc/rc.expireaccounts
(root,13320,3000,0.0) /bin/sh /etc/rc.update_pkg_metadata
(root,12656,2156,0.0) sleep 69215
(root,12656,2176,0.0) minicron: helper /usr/local/sbin/fcgicli -f /etc/rc.expireaccounts  (minicron)
(root,12656,2152,0.0) /usr/local/bin/minicron 86400 /var/run/update_alias_url_data.pid /usr/local/sbin/fcgicli -f /etc/rc.update_alias_url_data
(root,12656,2176,0.0) minicron: helper /usr/local/sbin/fcgicli -f /etc/rc.update_alias_url_data  (minicron)
(root,19936,9704,0.0) /usr/local/sbin/openvpn --config /var/etc/openvpn/client3/config.ovpn
(root,12656,2160,0.0) sleep 60
(root,13404,3064,0.0) /usr/local/sbin/xinetd -syslog daemon -f /var/etc/xinetd.conf -pidfile /var/run/xinetd.pid
(root,13508,2836,0.0) /usr/local/bin/dpinger -S -r 0 -i WAN_DHCP -B 217.86.173.171 -p /var/run/dpinger_WAN_DHCP~217.86.173.171~8.8.8.8.pid -u /var/run/dpinger_WAN_DHCP~217.86.173.171~8.8.8.8.sock -d 1 -s 500 -l 2000 -t 60000 -A 1000 -D 500 -L 20 8.8.8.8
(root,13508,2836,0.0) /usr/local/bin/dpinger -S -r 0 -i WAN2 -B 87.128.57.32 -p /var/run/dpinger_WAN2~87.128.57.32~1.1.1.1.pid -u /var/run/dpinger_WAN2~87.128.57.32~1.1.1.1.sock -d 1 -s 500 -l 2000 -t 60000 -A 1000 -D 500 -L 20 1.1.1.1
(root,13508,2848,0.0) /usr/local/bin/dpinger -S -r 0 -i WANUnitymediaGW -B 94.79.148.98 -p /var/run/dpinger_WANUnitymediaGW~94.79.148.98~91.190.204.61.pid -u /var/run/dpinger_WANUnitymediaGW~94.79.148.98~91.190.204.61.sock -C /etc/rc.gateway_alarm -d 1 -s 500 -l 2000 -t 60000 -A 1000 -D 500 -L 20 91.190.204.61
(root,148928,54268,0.0) php-fpm: pool nginx (php-fpm)
(root,22448,10272,0.0) sshd: /usr/sbin/sshd [listener] 0 of 10-100 startups (sshd)
(root,13204,2828,0.0) login [pam] (login)
(root,13320,3192,0.0) -sh (sh)
(root,13320,2932,0.0) /bin/sh /etc/rc.initial
(root,13204,2832,0.0) login [pam] (login)
(root,13320,3208,0.0) -sh (sh)
(root,13320,2928,0.0) /bin/sh /etc/rc.initial
(root,12788,2252,0.0) /usr/libexec/getty Pc ttyv1
(root,12788,2248,0.0) /usr/libexec/getty Pc ttyv2
(root,12788,2252,0.0) /usr/libexec/getty Pc ttyv3
(root,12788,2252,0.0) /usr/libexec/getty Pc ttyv4
(root,12788,2252,0.0) /usr/libexec/getty Pc ttyv5
(root,12788,2248,0.0) /usr/libexec/getty Pc ttyv6
(root,12788,2252,0.0) /usr/libexec/getty Pc ttyv7

Found on 2024-11-26 00:10

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcb18c9d43c4eace194284a4aeb41cc72ceb5991f68

Found public CheckMk agent:
Version: 2.4.0b1
AgentOS: freebsd
Hostname: 12637-FW002.economy.local
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/local/lib/check_mk_agent/plugins
LocalDirectory: /usr/local/lib/check_mk_agent/local
OSType: unix
FailedPythonReason: 
SSHClient: 

Found process list through CheckMk:
[time]
1732404480
[processes]
(root,0,2240,0.0) [kernel]
(root,11332,1224,0.0) /sbin/init
(root,0,128,0.0) [clock]
(root,0,144,0.0) [crypto]
(root,0,64,0.0) [cam]
(root,0,16,0.0) [ciss_notify0]
(root,0,16,0.0) [busdma]
(root,0,1376,0.0) [zfskern]
(root,0,16,0.0) [pf purge]
(root,0,16,0.0) [rand_harvestq]
(root,0,16,0.0) [audit]
(root,0,128,796.4) [idle]
(root,0,320,0.0) [intr]
(root,0,128,0.0) [ng_queue]
(root,0,48,0.0) [geom]
(root,0,16,0.0) [sequencer 00]
(root,0,320,0.0) [usb]
(root,0,48,0.0) [pagedaemon]
(root,0,16,0.0) [vmdaemon]
(root,0,128,0.0) [bufdaemon]
(root,0,16,0.0) [vnlru]
(root,0,16,0.0) [syncer]
(root,0,16,0.0) [ALQ Daemon]
(root,0,16,0.0) [enc_daemon0]
(root,109292,30560,0.0) php-fpm: master process (/usr/local/lib/php-fpm.conf) (php-fpm)
(root,143920,52028,0.0) php-fpm: pool nginx (php-fpm)
(root,148416,55280,0.0) php-fpm: pool nginx (php-fpm)
(root,13228,2868,0.0) /usr/local/sbin/check_reload_status
(root,13228,2644,0.0) check_reload_status: Monitoring daemon of check_reload_status (check_reload_status)
(root,14352,3952,0.0) /sbin/devd -q -f /etc/pfSense-devd.conf
(root,14648,4508,0.0) /usr/local/bin/bash /opt/bin/check_mk_agent
(root,14648,4540,0.0) /usr/local/bin/bash /opt/bin/check_mk_agent
(root,14648,4500,0.0) /usr/local/bin/bash /opt/bin/check_mk_agent
(root,12660,2356,0.0) cat
(root,13388,3220,0.0) ps ax -ww -o state,user,vsz,rss,pcpu,command
(root,148288,53900,0.0) php-fpm: pool nginx (php-fpm)
(root,73064,26720,0.0) /usr/local/sbin/kea-dhcp4 -c /usr/local/etc/kea/kea-dhcp4.conf
(root,13320,3012,0.0) /bin/sh /etc/rc.update_pkg_metadata
(root,12656,2156,0.0) sleep 78694
(root,25840,10780,0.0) /usr/local/sbin/mpd5 -b -k -d /var/etc -f mpd_wan.conf -p /var/run/pppoe_wan.pid -s ppp pppoeclient
(root,13320,2980,0.0) /bin/sh /var/db/rrd/updaterrd.sh
(root,13320,3040,0.0) /bin/sh /usr/local/sbin/sshguard -i /var/run/sshguard.pid
(root,12660,2352,0.0) /bin/cat
(root,19324,5808,0.0) /usr/local/libexec/sshg-parser
(root,13268,2896,0.0) /usr/local/libexec/sshg-blocker -w /usr/local/etc/sshguard.whitelist
(root,13320,3040,0.0) /bin/sh /usr/local/sbin/sshguard -i /var/run/sshguard.pid
(root,13320,3032,0.0) /bin/sh /usr/local/libexec/sshg-fw-pf
(root,23608,9108,0.0) /usr/local/sbin/ntpd -g -c /var/etc/ntpd.conf -p /var/run/ntpd.pid
(root,31348,9400,0.0) nginx: master process /usr/local/sbin/nginx -c /var/etc/nginx-webConfigurator.conf (nginx)
(root,33908,12124,0.0) nginx: worker process (nginx)
(root,33908,12868,0.0) nginx: worker process (nginx)
(root,12860,2564,0.0) /usr/sbin/cron -s
(root,19936,9724,0.0) /usr/local/sbin/openvpn --config /var/etc/openvpn/client4/config.ovpn
(nobody,17888,5312,0.0) /usr/local/sbin/dnsmasq -C /dev/null --server=/economy.local/10.105.10.10 --no-resolv --server=8.8.8.8 --server=1.1.1.1 --all-servers --dns-forward-max=5000 --cache-size=10000 --local-ttl=1
(root,13424,3508,0.0) /usr/local/sbin/filterlog -i pflog0 -p /var/run/filterlog.pid
(root,25840,10780,0.0) /usr/local/sbin/mpd5 -b -k -d /var/etc -f mpd_opt1.conf -p /var/run/pppoe_opt1.pid -s ppp pppoeclient
(root,148288,54004,0.0) php-fpm: pool nginx (php-fpm)
(nobody,12768,2448,0.0) daemon: /usr/bin/env[74091] (daemon)
(nobody,741832,21780,0.0) /usr/local/bin/node_exporter --web.listen-address=10.240.252.148:9100 --collector.textfile.directory=/var/tmp/node_exporter --collector.boottime --collector.cpu --collector.exec --collector.filesystem --collector.loadavg --collector.meminfo --collector.netdev --collector.textfile --collector.time --log.level=warn
(root,12820,2948,0.0) /usr/sbin/syslogd -O rfc3164 -s -c -c -l /var/dhcpd/var/run/log -P /var/run/syslog.pid -f /etc/syslog.conf
(root,12656,2148,0.0) /usr/local/bin/minicron 240 /var/run/ping_hosts.pid /usr/local/bin/ping_hosts.sh
(root,12656,2168,0.0) minicron: helper /usr/local/bin/ping_hosts.sh  (minicron)
(root,12656,2152,0.0) /usr/local/bin/minicron 300 /var/run/ipsec_keepalive.pid /usr/local/bin/ipsec_keepalive.php
(root,12656,2172,0.0) minicron: helper /usr/local/bin/ipsec_keepalive.php  (minicron)
(root,12656,2152,0.0) /usr/local/bin/minicron 3600 /var/run/expire_accounts.pid /usr/local/sbin/fcgicli -f /etc/rc.expireaccounts
(root,12656,2176,0.0) minicron: helper /usr/local/sbin/fcgicli -f /etc/rc.expireaccounts  (minicron)
(root,12656,2152,0.0) /usr/local/bin/minicron 86400 /var/run/update_alias_url_data.pid /usr/local/sbin/fcgicli -f /etc/rc.update_alias_url_data
(root,12656,2176,0.0) minicron: helper /usr/local/sbin/fcgicli -f /etc/rc.update_alias_url_data  (minicron)
(root,12656,2160,0.0) sleep 60
(root,19936,9704,0.0) /usr/local/sbin/openvpn --config /var/etc/openvpn/client3/config.ovpn
(root,13404,3064,0.0) /usr/local/sbin/xinetd -syslog daemon -f /var/etc/xinetd.conf -pidfile /var/run/xinetd.pid
(root,13508,2836,0.0) /usr/local/bin/dpinger -S -r 0 -i WAN_DHCP -B 217.86.173.171 -p /var/run/dpinger_WAN_DHCP~217.86.173.171~8.8.8.8.pid -u /var/run/dpinger_WAN_DHCP~217.86.173.171~8.8.8.8.sock -d 1 -s 500 -l 2000 -t 60000 -A 1000 -D 500 -L 20 8.8.8.8
(root,13508,2836,0.0) /usr/local/bin/dpinger -S -r 0 -i WAN2 -B 87.128.57.32 -p /var/run/dpinger_WAN2~87.128.57.32~1.1.1.1.pid -u /var/run/dpinger_WAN2~87.128.57.32~1.1.1.1.sock -d 1 -s 500 -l 2000 -t 60000 -A 1000 -D 500 -L 20 1.1.1.1
(root,13508,2848,0.0) /usr/local/bin/dpinger -S -r 0 -i WANUnitymediaGW -B 94.79.148.98 -p /var/run/dpinger_WANUnitymediaGW~94.79.148.98~91.190.204.61.pid -u /var/run/dpinger_WANUnitymediaGW~94.79.148.98~91.190.204.61.sock -C /etc/rc.gateway_alarm -d 1 -s 500 -l 2000 -t 60000 -A 1000 -D 500 -L 20 91.190.204.61
(root,148928,54268,0.0) php-fpm: pool nginx (php-fpm)
(root,22448,10272,0.0) sshd: /usr/sbin/sshd [listener] 0 of 10-100 startups (sshd)
(root,13204,2828,0.0) login [pam] (login)
(root,13320,3192,0.0) -sh (sh)
(root,13320,2932,0.0) /bin/sh /etc/rc.initial
(root,13204,2832,0.0) login [pam] (login)
(root,13320,3208,0.0) -sh (sh)
(root,13320,2928,0.0) /bin/sh /etc/rc.initial
(root,12788,2252,0.0) /usr/libexec/getty Pc ttyv1
(root,12788,2248,0.0) /usr/libexec/getty Pc ttyv2
(root,12788,2252,0.0) /usr/libexec/getty Pc ttyv3
(root,12788,2252,0.0) /usr/libexec/getty Pc ttyv4
(root,12788,2252,0.0) /usr/libexec/getty Pc ttyv5
(root,12788,2248,0.0) /usr/libexec/getty Pc ttyv6
(root,12788,2252,0.0) /usr/libexec/getty Pc ttyv7

Found on 2024-11-23 23:28

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcb18c9d43c4eace194284a4aeb41cc72ceeb3098f6

Found public CheckMk agent:
Version: 2.4.0b1
AgentOS: freebsd
Hostname: 12637-FW002.economy.local
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/local/lib/check_mk_agent/plugins
LocalDirectory: /usr/local/lib/check_mk_agent/local
OSType: unix
FailedPythonReason: 
SSHClient: 

Found process list through CheckMk:
[time]
1732232391
[processes]
(root,0,2240,0.0) [kernel]
(root,11332,1224,0.0) /sbin/init
(root,0,128,0.0) [clock]
(root,0,144,0.0) [crypto]
(root,0,64,0.0) [cam]
(root,0,16,0.0) [ciss_notify0]
(root,0,16,0.0) [busdma]
(root,0,1376,0.0) [zfskern]
(root,0,16,0.0) [pf purge]
(root,0,16,0.0) [rand_harvestq]
(root,0,16,0.0) [audit]
(root,0,128,799.8) [idle]
(root,0,320,0.0) [intr]
(root,0,128,0.0) [ng_queue]
(root,0,48,0.0) [geom]
(root,0,16,0.0) [sequencer 00]
(root,0,320,0.0) [usb]
(root,0,48,0.0) [pagedaemon]
(root,0,16,0.0) [vmdaemon]
(root,0,128,0.0) [bufdaemon]
(root,0,16,0.0) [vnlru]
(root,0,16,0.0) [syncer]
(root,0,16,0.0) [ALQ Daemon]
(root,0,16,0.0) [enc_daemon0]
(root,109292,30560,0.0) php-fpm: master process (/usr/local/lib/php-fpm.conf) (php-fpm)
(root,143920,52028,0.0) php-fpm: pool nginx (php-fpm)
(root,148416,55280,0.0) php-fpm: pool nginx (php-fpm)
(root,13228,2868,0.0) /usr/local/sbin/check_reload_status
(root,13228,2644,0.0) check_reload_status: Monitoring daemon of check_reload_status (check_reload_status)
(root,14352,3952,0.0) /sbin/devd -q -f /etc/pfSense-devd.conf
(root,13320,3032,0.0) /bin/sh /usr/local/sbin/sshguard -i /var/run/sshguard.pid
(root,12660,2360,0.0) /bin/cat
(root,19324,5832,0.0) /usr/local/libexec/sshg-parser
(root,13268,2888,0.0) /usr/local/libexec/sshg-blocker -w /usr/local/etc/sshguard.whitelist
(root,13320,3032,0.0) /bin/sh /usr/local/sbin/sshguard -i /var/run/sshguard.pid
(root,13320,3024,0.0) /bin/sh /usr/local/libexec/sshg-fw-pf
(root,148288,53900,0.0) php-fpm: pool nginx (php-fpm)
(root,60776,25860,0.0) /usr/local/sbin/kea-dhcp4 -c /usr/local/etc/kea/kea-dhcp4.conf
(root,14648,4500,0.0) /usr/local/bin/bash /opt/bin/check_mk_agent
(root,14648,4536,0.0) /usr/local/bin/bash /opt/bin/check_mk_agent
(root,14648,4492,0.0) /usr/local/bin/bash /opt/bin/check_mk_agent
(root,12660,2356,0.0) cat
(root,13388,3224,0.0) ps ax -ww -o state,user,vsz,rss,pcpu,command
(root,25840,10780,0.0) /usr/local/sbin/mpd5 -b -k -d /var/etc -f mpd_wan.conf -p /var/run/pppoe_wan.pid -s ppp pppoeclient
(root,13320,2984,0.0) /bin/sh /var/db/rrd/updaterrd.sh
(root,23608,9016,0.0) /usr/local/sbin/ntpd -g -c /var/etc/ntpd.conf -p /var/run/ntpd.pid
(root,31348,9400,0.0) nginx: master process /usr/local/sbin/nginx -c /var/etc/nginx-webConfigurator.conf (nginx)
(root,33908,12124,0.0) nginx: worker process (nginx)
(root,33908,12868,0.0) nginx: worker process (nginx)
(root,12860,2564,0.0) /usr/sbin/cron -s
(root,19936,9724,0.0) /usr/local/sbin/openvpn --config /var/etc/openvpn/client4/config.ovpn
(nobody,17888,5312,0.0) /usr/local/sbin/dnsmasq -C /dev/null --server=/economy.local/10.105.10.10 --no-resolv --server=8.8.8.8 --server=1.1.1.1 --all-servers --dns-forward-max=5000 --cache-size=10000 --local-ttl=1
(root,13320,3012,0.0) /bin/sh /etc/rc.update_pkg_metadata
(root,12656,2156,0.0) sleep 44980
(root,13424,3508,0.0) /usr/local/sbin/filterlog -i pflog0 -p /var/run/filterlog.pid
(root,25840,10780,0.0) /usr/local/sbin/mpd5 -b -k -d /var/etc -f mpd_opt1.conf -p /var/run/pppoe_opt1.pid -s ppp pppoeclient
(root,148288,54004,0.0) php-fpm: pool nginx (php-fpm)
(nobody,12768,2448,0.0) daemon: /usr/bin/env[74091] (daemon)
(nobody,741832,21364,0.0) /usr/local/bin/node_exporter --web.listen-address=10.240.252.148:9100 --collector.textfile.directory=/var/tmp/node_exporter --collector.boottime --collector.cpu --collector.exec --collector.filesystem --collector.loadavg --collector.meminfo --collector.netdev --collector.textfile --collector.time --log.level=warn
(root,12820,2948,0.0) /usr/sbin/syslogd -O rfc3164 -s -c -c -l /var/dhcpd/var/run/log -P /var/run/syslog.pid -f /etc/syslog.conf
(root,12656,2148,0.0) /usr/local/bin/minicron 240 /var/run/ping_hosts.pid /usr/local/bin/ping_hosts.sh
(root,12656,2168,0.0) minicron: helper /usr/local/bin/ping_hosts.sh  (minicron)
(root,12656,2152,0.0) /usr/local/bin/minicron 300 /var/run/ipsec_keepalive.pid /usr/local/bin/ipsec_keepalive.php
(root,12656,2172,0.0) minicron: helper /usr/local/bin/ipsec_keepalive.php  (minicron)
(root,12656,2152,0.0) /usr/local/bin/minicron 3600 /var/run/expire_accounts.pid /usr/local/sbin/fcgicli -f /etc/rc.expireaccounts
(root,12656,2176,0.0) minicron: helper /usr/local/sbin/fcgicli -f /etc/rc.expireaccounts  (minicron)
(root,12656,2152,0.0) /usr/local/bin/minicron 86400 /var/run/update_alias_url_data.pid /usr/local/sbin/fcgicli -f /etc/rc.update_alias_url_data
(root,12656,2176,0.0) minicron: helper /usr/local/sbin/fcgicli -f /etc/rc.update_alias_url_data  (minicron)
(root,12656,2156,0.0) sleep 60
(root,19936,9704,0.0) /usr/local/sbin/openvpn --config /var/etc/openvpn/client3/config.ovpn
(root,13404,3064,0.0) /usr/local/sbin/xinetd -syslog daemon -f /var/etc/xinetd.conf -pidfile /var/run/xinetd.pid
(root,13508,2836,0.0) /usr/local/bin/dpinger -S -r 0 -i WAN_DHCP -B 217.86.173.171 -p /var/run/dpinger_WAN_DHCP~217.86.173.171~8.8.8.8.pid -u /var/run/dpinger_WAN_DHCP~217.86.173.171~8.8.8.8.sock -d 1 -s 500 -l 2000 -t 60000 -A 1000 -D 500 -L 20 8.8.8.8
(root,13508,2836,0.0) /usr/local/bin/dpinger -S -r 0 -i WAN2 -B 87.128.57.32 -p /var/run/dpinger_WAN2~87.128.57.32~1.1.1.1.pid -u /var/run/dpinger_WAN2~87.128.57.32~1.1.1.1.sock -d 1 -s 500 -l 2000 -t 60000 -A 1000 -D 500 -L 20 1.1.1.1
(root,13508,2848,0.0) /usr/local/bin/dpinger -S -r 0 -i WANUnitymediaGW -B 94.79.148.98 -p /var/run/dpinger_WANUnitymediaGW~94.79.148.98~91.190.204.61.pid -u /var/run/dpinger_WANUnitymediaGW~94.79.148.98~91.190.204.61.sock -C /etc/rc.gateway_alarm -d 1 -s 500 -l 2000 -t 60000 -A 1000 -D 500 -L 20 91.190.204.61
(root,148928,54268,0.0) php-fpm: pool nginx (php-fpm)
(root,22448,10272,0.0) sshd: /usr/sbin/sshd [listener] 0 of 10-100 startups (sshd)
(root,13204,2828,0.0) login [pam] (login)
(root,13320,3192,0.0) -sh (sh)
(root,13320,2932,0.0) /bin/sh /etc/rc.initial
(root,13204,2832,0.0) login [pam] (login)
(root,13320,3208,0.0) -sh (sh)
(root,13320,2928,0.0) /bin/sh /etc/rc.initial
(root,12788,2252,0.0) /usr/libexec/getty Pc ttyv1
(root,12788,2248,0.0) /usr/libexec/getty Pc ttyv2
(root,12788,2252,0.0) /usr/libexec/getty Pc ttyv3
(root,12788,2252,0.0) /usr/libexec/getty Pc ttyv4
(root,12788,2252,0.0) /usr/libexec/getty Pc ttyv5
(root,12788,2248,0.0) /usr/libexec/getty Pc ttyv6
(root,12788,2252,0.0) /usr/libexec/getty Pc ttyv7

Found on 2024-11-21 23:39

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcb18c9d43c4eace194284a4aeb41cc72ce4693c088

Found public CheckMk agent:
Version: 2.4.0b1
AgentOS: freebsd
Hostname: 12637-FW002.economy.local
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/local/lib/check_mk_agent/plugins
LocalDirectory: /usr/local/lib/check_mk_agent/local
OSType: unix
FailedPythonReason: 
SSHClient: 

Found process list through CheckMk:
[time]
1732061372
[processes]
(root,0,2240,0.0) [kernel]
(root,11332,1224,0.0) /sbin/init
(root,0,128,0.0) [clock]
(root,0,144,0.0) [crypto]
(root,0,64,0.0) [cam]
(root,0,16,0.0) [ciss_notify0]
(root,0,16,0.0) [busdma]
(root,0,1376,0.0) [zfskern]
(root,0,16,0.0) [pf purge]
(root,0,16,0.0) [rand_harvestq]
(root,0,16,0.0) [audit]
(root,0,128,799.0) [idle]
(root,0,320,0.0) [intr]
(root,0,128,0.0) [ng_queue]
(root,0,48,0.0) [geom]
(root,0,16,0.0) [sequencer 00]
(root,0,320,0.0) [usb]
(root,0,48,0.0) [pagedaemon]
(root,0,16,0.0) [vmdaemon]
(root,0,128,0.0) [bufdaemon]
(root,0,16,0.0) [vnlru]
(root,0,16,0.0) [syncer]
(root,0,16,0.0) [ALQ Daemon]
(root,0,16,0.0) [enc_daemon0]
(root,109292,30560,0.0) php-fpm: master process (/usr/local/lib/php-fpm.conf) (php-fpm)
(root,143920,52028,0.0) php-fpm: pool nginx (php-fpm)
(root,148416,54840,0.0) php-fpm: pool nginx (php-fpm)
(root,13228,2868,0.0) /usr/local/sbin/check_reload_status
(root,13228,2644,0.0) check_reload_status: Monitoring daemon of check_reload_status (check_reload_status)
(root,14352,3952,0.0) /sbin/devd -q -f /etc/pfSense-devd.conf
(root,148288,53900,0.0) php-fpm: pool nginx (php-fpm)
(root,25840,10780,0.0) /usr/local/sbin/mpd5 -b -k -d /var/etc -f mpd_wan.conf -p /var/run/pppoe_wan.pid -s ppp pppoeclient
(root,23608,9016,0.0) /usr/local/sbin/ntpd -g -c /var/etc/ntpd.conf -p /var/run/ntpd.pid
(root,31348,9400,0.0) nginx: master process /usr/local/sbin/nginx -c /var/etc/nginx-webConfigurator.conf (nginx)
(root,33908,12124,0.0) nginx: worker process (nginx)
(root,33908,12868,0.0) nginx: worker process (nginx)
(root,12860,2564,0.0) /usr/sbin/cron -s
(root,12656,2160,0.0) sleep 60
(root,13508,2836,0.0) /usr/local/bin/dpinger -S -r 0 -i WAN_DHCP -B 217.86.173.171 -p /var/run/dpinger_WAN_DHCP~217.86.173.171~8.8.8.8.pid -u /var/run/dpinger_WAN_DHCP~217.86.173.171~8.8.8.8.sock -d 1 -s 500 -l 2000 -t 60000 -A 1000 -D 500 -L 20 8.8.8.8
(root,17736,2932,0.0) /usr/local/bin/dpinger -S -r 0 -i WAN2 -B 87.128.57.32 -p /var/run/dpinger_WAN2~87.128.57.32~1.1.1.1.pid -u /var/run/dpinger_WAN2~87.128.57.32~1.1.1.1.sock -d 1 -s 500 -l 2000 -t 60000 -A 1000 -D 500 -L 20 1.1.1.1
(root,17736,2936,0.0) /usr/local/bin/dpinger -S -r 0 -i WANUnitymediaGW -B 94.79.148.98 -p /var/run/dpinger_WANUnitymediaGW~94.79.148.98~91.190.204.61.pid -u /var/run/dpinger_WANUnitymediaGW~94.79.148.98~91.190.204.61.sock -C /etc/rc.gateway_alarm -d 1 -s 500 -l 2000 -t 60000 -A 1000 -D 500 -L 20 91.190.204.61
(root,13320,3008,0.0) /bin/sh /etc/rc.update_pkg_metadata
(root,12656,2160,0.0) sleep 19568
(root,19936,9724,0.0) /usr/local/sbin/openvpn --config /var/etc/openvpn/client4/config.ovpn
(nobody,17888,5312,0.0) /usr/local/sbin/dnsmasq -C /dev/null --server=/economy.local/10.105.10.10 --no-resolv --server=8.8.8.8 --server=1.1.1.1 --all-servers --dns-forward-max=5000 --cache-size=10000 --local-ttl=1
(root,68968,26588,0.0) /usr/local/sbin/kea-dhcp4 -c /usr/local/etc/kea/kea-dhcp4.conf
(root,13424,3508,0.0) /usr/local/sbin/filterlog -i pflog0 -p /var/run/filterlog.pid
(root,25840,10780,0.0) /usr/local/sbin/mpd5 -b -k -d /var/etc -f mpd_opt1.conf -p /var/run/pppoe_opt1.pid -s ppp pppoeclient
(root,148288,54004,0.0) php-fpm: pool nginx (php-fpm)
(root,14648,4500,0.0) /usr/local/bin/bash /opt/bin/check_mk_agent
(root,14648,4536,0.0) /usr/local/bin/bash /opt/bin/check_mk_agent
(root,14648,4496,0.0) /usr/local/bin/bash /opt/bin/check_mk_agent
(nobody,12768,2456,0.0) daemon: /usr/bin/env[76278] (daemon)
(root,12660,2356,0.0) cat
(nobody,745928,21332,0.0) /usr/local/bin/node_exporter --web.listen-address=10.240.252.148:9100 --collector.textfile.directory=/var/tmp/node_exporter --collector.boottime --collector.cpu --collector.exec --collector.filesystem --collector.loadavg --collector.meminfo --collector.netdev --collector.textfile --collector.time --log.level=warn
(root,13320,2976,0.0) /bin/sh /var/db/rrd/updaterrd.sh
(root,12820,2948,0.0) /usr/sbin/syslogd -O rfc3164 -s -c -c -l /var/dhcpd/var/run/log -P /var/run/syslog.pid -f /etc/syslog.conf
(root,13388,3224,0.0) ps ax -ww -o state,user,vsz,rss,pcpu,command
(root,12656,2148,0.0) /usr/local/bin/minicron 240 /var/run/ping_hosts.pid /usr/local/bin/ping_hosts.sh
(root,12656,2168,0.0) minicron: helper /usr/local/bin/ping_hosts.sh  (minicron)
(root,12656,2152,0.0) /usr/local/bin/minicron 300 /var/run/ipsec_keepalive.pid /usr/local/bin/ipsec_keepalive.php
(root,12656,2172,0.0) minicron: helper /usr/local/bin/ipsec_keepalive.php  (minicron)
(root,12656,2152,0.0) /usr/local/bin/minicron 3600 /var/run/expire_accounts.pid /usr/local/sbin/fcgicli -f /etc/rc.expireaccounts
(root,12656,2176,0.0) minicron: helper /usr/local/sbin/fcgicli -f /etc/rc.expireaccounts  (minicron)
(root,12656,2152,0.0) /usr/local/bin/minicron 86400 /var/run/update_alias_url_data.pid /usr/local/sbin/fcgicli -f /etc/rc.update_alias_url_data
(root,12656,2176,0.0) minicron: helper /usr/local/sbin/fcgicli -f /etc/rc.update_alias_url_data  (minicron)
(root,13320,3040,0.0) /bin/sh /usr/local/sbin/sshguard -i /var/run/sshguard.pid
(root,12660,2356,0.0) /bin/cat
(root,19324,5816,0.0) /usr/local/libexec/sshg-parser
(root,13268,2888,0.0) /usr/local/libexec/sshg-blocker -w /usr/local/etc/sshguard.whitelist
(root,13320,3040,0.0) /bin/sh /usr/local/sbin/sshguard -i /var/run/sshguard.pid
(root,13320,3028,0.0) /bin/sh /usr/local/libexec/sshg-fw-pf
(root,19936,9700,0.0) /usr/local/sbin/openvpn --config /var/etc/openvpn/client3/config.ovpn
(root,13404,3064,0.0) /usr/local/sbin/xinetd -syslog daemon -f /var/etc/xinetd.conf -pidfile /var/run/xinetd.pid
(root,148928,54268,0.0) php-fpm: pool nginx (php-fpm)
(root,22448,10272,0.0) sshd: /usr/sbin/sshd [listener] 0 of 10-100 startups (sshd)
(root,13204,2828,0.0) login [pam] (login)
(root,13320,3192,0.0) -sh (sh)
(root,13320,2932,0.0) /bin/sh /etc/rc.initial
(root,13204,2832,0.0) login [pam] (login)
(root,13320,3208,0.0) -sh (sh)
(root,13320,2928,0.0) /bin/sh /etc/rc.initial
(root,12788,2252,0.0) /usr/libexec/getty Pc ttyv1
(root,12788,2248,0.0) /usr/libexec/getty Pc ttyv2
(root,12788,2252,0.0) /usr/libexec/getty Pc ttyv3
(root,12788,2252,0.0) /usr/libexec/getty Pc ttyv4
(root,12788,2252,0.0) /usr/libexec/getty Pc ttyv5
(root,12788,2248,0.0) /usr/libexec/getty Pc ttyv6
(root,12788,2252,0.0) /usr/libexec/getty Pc ttyv7

Found on 2024-11-20 00:09

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcb18c9d43c4eace194284a4aeb41cc72ce4bf277ef

Found public CheckMk agent:
Version: 2.4.0b1
AgentOS: freebsd
Hostname: 12637-FW002.economy.local
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/local/lib/check_mk_agent/plugins
LocalDirectory: /usr/local/lib/check_mk_agent/local
OSType: unix
FailedPythonReason: 
SSHClient: 

Found process list through CheckMk:
[time]
1731887200
[processes]
(root,0,2240,0.0) [kernel]
(root,11332,1224,0.0) /sbin/init
(root,0,128,0.0) [clock]
(root,0,144,0.0) [crypto]
(root,0,64,0.0) [cam]
(root,0,16,0.0) [ciss_notify0]
(root,0,16,0.0) [busdma]
(root,0,1376,0.0) [zfskern]
(root,0,16,0.0) [pf purge]
(root,0,16,0.0) [rand_harvestq]
(root,0,16,0.0) [audit]
(root,0,128,800.0) [idle]
(root,0,320,0.0) [intr]
(root,0,128,0.0) [ng_queue]
(root,0,48,0.0) [geom]
(root,0,16,0.0) [sequencer 00]
(root,0,320,0.0) [usb]
(root,0,48,0.0) [pagedaemon]
(root,0,16,0.0) [vmdaemon]
(root,0,128,0.0) [bufdaemon]
(root,0,16,0.0) [vnlru]
(root,0,16,0.0) [syncer]
(root,0,16,0.0) [ALQ Daemon]
(root,0,16,0.0) [enc_daemon0]
(root,109292,30560,0.0) php-fpm: master process (/usr/local/lib/php-fpm.conf) (php-fpm)
(root,143920,52028,0.0) php-fpm: pool nginx (php-fpm)
(root,148416,54832,0.0) php-fpm: pool nginx (php-fpm)
(root,13228,2868,0.0) /usr/local/sbin/check_reload_status
(root,13228,2644,0.0) check_reload_status: Monitoring daemon of check_reload_status (check_reload_status)
(root,14352,3952,0.0) /sbin/devd -q -f /etc/pfSense-devd.conf
(root,148288,53748,0.0) php-fpm: pool nginx (php-fpm)
(root,12656,2156,0.0) sleep 60
(root,25840,10780,0.0) /usr/local/sbin/mpd5 -b -k -d /var/etc -f mpd_wan.conf -p /var/run/pppoe_wan.pid -s ppp pppoeclient
(root,13320,3036,0.0) /bin/sh /usr/local/sbin/sshguard -i /var/run/sshguard.pid
(root,12660,2352,0.0) /bin/cat
(root,19324,5836,0.0) /usr/local/libexec/sshg-parser
(root,17364,3000,0.0) /usr/local/libexec/sshg-blocker -w /usr/local/etc/sshguard.whitelist
(root,13320,3036,0.0) /bin/sh /usr/local/sbin/sshguard -i /var/run/sshguard.pid
(root,13320,3028,0.0) /bin/sh /usr/local/libexec/sshg-fw-pf
(root,23608,9016,0.0) /usr/local/sbin/ntpd -g -c /var/etc/ntpd.conf -p /var/run/ntpd.pid
(root,31348,9400,0.0) nginx: master process /usr/local/sbin/nginx -c /var/etc/nginx-webConfigurator.conf (nginx)
(root,33908,12112,0.0) nginx: worker process (nginx)
(root,33908,12856,0.0) nginx: worker process (nginx)
(root,12860,2564,0.0) /usr/sbin/cron -s
(root,13508,2836,0.0) /usr/local/bin/dpinger -S -r 0 -i WAN_DHCP -B 217.86.173.171 -p /var/run/dpinger_WAN_DHCP~217.86.173.171~8.8.8.8.pid -u /var/run/dpinger_WAN_DHCP~217.86.173.171~8.8.8.8.sock -d 1 -s 500 -l 2000 -t 60000 -A 1000 -D 500 -L 20 8.8.8.8
(root,13508,2840,0.0) /usr/local/bin/dpinger -S -r 0 -i WAN2 -B 87.128.57.32 -p /var/run/dpinger_WAN2~87.128.57.32~1.1.1.1.pid -u /var/run/dpinger_WAN2~87.128.57.32~1.1.1.1.sock -d 1 -s 500 -l 2000 -t 60000 -A 1000 -D 500 -L 20 1.1.1.1
(root,13508,2844,0.0) /usr/local/bin/dpinger -S -r 0 -i WANUnitymediaGW -B 94.79.148.98 -p /var/run/dpinger_WANUnitymediaGW~94.79.148.98~91.190.204.61.pid -u /var/run/dpinger_WANUnitymediaGW~94.79.148.98~91.190.204.61.sock -C /etc/rc.gateway_alarm -d 1 -s 500 -l 2000 -t 60000 -A 1000 -D 500 -L 20 91.190.204.61
(root,14648,4500,0.0) /usr/local/bin/bash /opt/bin/check_mk_agent
(root,14648,4536,0.0) /usr/local/bin/bash /opt/bin/check_mk_agent
(root,14648,4492,0.0) /usr/local/bin/bash /opt/bin/check_mk_agent
(root,12660,2352,0.0) cat
(root,13388,3224,0.0) ps ax -ww -o state,user,vsz,rss,pcpu,command
(root,19936,9724,0.0) /usr/local/sbin/openvpn --config /var/etc/openvpn/client4/config.ovpn
(nobody,17888,5312,0.0) /usr/local/sbin/dnsmasq -C /dev/null --server=/economy.local/10.105.10.10 --no-resolv --server=8.8.8.8 --server=1.1.1.1 --all-servers --dns-forward-max=5000 --cache-size=10000 --local-ttl=1
(root,56680,25416,0.0) /usr/local/sbin/kea-dhcp4 -c /usr/local/etc/kea/kea-dhcp4.conf
(root,13424,3508,0.0) /usr/local/sbin/filterlog -i pflog0 -p /var/run/filterlog.pid
(root,25840,10780,0.0) /usr/local/sbin/mpd5 -b -k -d /var/etc -f mpd_opt1.conf -p /var/run/pppoe_opt1.pid -s ppp pppoeclient
(root,13320,3004,0.0) /bin/sh /etc/rc.update_pkg_metadata
(root,12656,2152,0.0) sleep 5401
(root,148288,53972,0.0) php-fpm: pool nginx (php-fpm)
(root,13320,2980,0.0) /bin/sh /var/db/rrd/updaterrd.sh
(root,12820,2948,0.0) /usr/sbin/syslogd -O rfc3164 -s -c -c -l /var/dhcpd/var/run/log -P /var/run/syslog.pid -f /etc/syslog.conf
(root,12656,2148,0.0) /usr/local/bin/minicron 240 /var/run/ping_hosts.pid /usr/local/bin/ping_hosts.sh
(root,12656,2168,0.0) minicron: helper /usr/local/bin/ping_hosts.sh  (minicron)
(root,12656,2152,0.0) /usr/local/bin/minicron 300 /var/run/ipsec_keepalive.pid /usr/local/bin/ipsec_keepalive.php
(root,12656,2172,0.0) minicron: helper /usr/local/bin/ipsec_keepalive.php  (minicron)
(root,12656,2152,0.0) /usr/local/bin/minicron 3600 /var/run/expire_accounts.pid /usr/local/sbin/fcgicli -f /etc/rc.expireaccounts
(root,12656,2176,0.0) minicron: helper /usr/local/sbin/fcgicli -f /etc/rc.expireaccounts  (minicron)
(root,12656,2152,0.0) /usr/local/bin/minicron 86400 /var/run/update_alias_url_data.pid /usr/local/sbin/fcgicli -f /etc/rc.update_alias_url_data
(root,12656,2176,0.0) minicron: helper /usr/local/sbin/fcgicli -f /etc/rc.update_alias_url_data  (minicron)
(root,19936,9692,0.0) /usr/local/sbin/openvpn --config /var/etc/openvpn/client3/config.ovpn
(root,13404,3064,0.0) /usr/local/sbin/xinetd -syslog daemon -f /var/etc/xinetd.conf -pidfile /var/run/xinetd.pid
(root,148800,54012,0.0) php-fpm: pool nginx (php-fpm)
(root,22448,10272,0.0) sshd: /usr/sbin/sshd [listener] 0 of 10-100 startups (sshd)
(root,13204,2828,0.0) login [pam] (login)
(root,13320,3192,0.0) -sh (sh)
(root,13320,2932,0.0) /bin/sh /etc/rc.initial
(root,13204,2832,0.0) login [pam] (login)
(root,13320,3208,0.0) -sh (sh)
(root,13320,2928,0.0) /bin/sh /etc/rc.initial
(root,12788,2252,0.0) /usr/libexec/getty Pc ttyv1
(root,12788,2248,0.0) /usr/libexec/getty Pc ttyv2
(root,12788,2252,0.0) /usr/libexec/getty Pc ttyv3
(root,12788,2252,0.0) /usr/libexec/getty Pc ttyv4
(root,12788,2252,0.0) /usr/libexec/getty Pc ttyv5
(root,12788,2248,0.0) /usr/libexec/getty Pc ttyv6
(root,12788,2252,0.0) /usr/libexec/getty Pc ttyv7

Found on 2024-11-17 23:46

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcb18c9d43c4eace194284a4aeb41cc72cec6206bd6

Found public CheckMk agent:
Version: 2.4.0b1
AgentOS: freebsd
Hostname: 12637-FW002.economy.local
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/local/lib/check_mk_agent/plugins
LocalDirectory: /usr/local/lib/check_mk_agent/local
OSType: unix
FailedPythonReason: 
SSHClient: 

Found process list through CheckMk:
[time]
1731716101
[processes]
(root,0,2240,0.0) [kernel]
(root,11332,1224,0.0) /sbin/init
(root,0,128,0.0) [clock]
(root,0,144,0.0) [crypto]
(root,0,64,0.0) [cam]
(root,0,16,0.0) [ciss_notify0]
(root,0,16,0.0) [busdma]
(root,0,1376,0.0) [zfskern]
(root,0,16,0.0) [pf purge]
(root,0,16,0.0) [rand_harvestq]
(root,0,16,0.0) [audit]
(root,0,128,799.8) [idle]
(root,0,320,0.0) [intr]
(root,0,128,0.0) [ng_queue]
(root,0,48,0.0) [geom]
(root,0,16,0.0) [sequencer 00]
(root,0,320,0.0) [usb]
(root,0,48,0.0) [pagedaemon]
(root,0,16,0.0) [vmdaemon]
(root,0,128,0.0) [bufdaemon]
(root,0,16,0.0) [vnlru]
(root,0,16,0.0) [syncer]
(root,0,16,0.0) [ALQ Daemon]
(root,0,16,0.0) [enc_daemon0]
(root,109292,30560,0.0) php-fpm: master process (/usr/local/lib/php-fpm.conf) (php-fpm)
(root,143920,52028,0.0) php-fpm: pool nginx (php-fpm)
(root,148416,54832,0.0) php-fpm: pool nginx (php-fpm)
(root,13228,2868,0.0) /usr/local/sbin/check_reload_status
(root,13228,2644,0.0) check_reload_status: Monitoring daemon of check_reload_status (check_reload_status)
(root,14352,3952,0.0) /sbin/devd -q -f /etc/pfSense-devd.conf
(root,13320,3012,0.0) /bin/sh /etc/rc.update_pkg_metadata
(root,12656,2160,0.0) sleep 71683
(root,148288,53748,0.0) php-fpm: pool nginx (php-fpm)
(root,12656,2160,0.0) sleep 60
(root,25840,10780,0.0) /usr/local/sbin/mpd5 -b -k -d /var/etc -f mpd_wan.conf -p /var/run/pppoe_wan.pid -s ppp pppoeclient
(root,23608,9016,0.0) /usr/local/sbin/ntpd -g -c /var/etc/ntpd.conf -p /var/run/ntpd.pid
(root,31348,9400,0.0) nginx: master process /usr/local/sbin/nginx -c /var/etc/nginx-webConfigurator.conf (nginx)
(root,33908,12108,0.0) nginx: worker process (nginx)
(root,33908,12852,0.0) nginx: worker process (nginx)
(root,12860,2564,0.0) /usr/sbin/cron -s
(root,13508,2836,0.0) /usr/local/bin/dpinger -S -r 0 -i WAN_DHCP -B 217.86.173.171 -p /var/run/dpinger_WAN_DHCP~217.86.173.171~8.8.8.8.pid -u /var/run/dpinger_WAN_DHCP~217.86.173.171~8.8.8.8.sock -d 1 -s 500 -l 2000 -t 60000 -A 1000 -D 500 -L 20 8.8.8.8
(root,13508,2840,0.0) /usr/local/bin/dpinger -S -r 0 -i WAN2 -B 87.128.57.32 -p /var/run/dpinger_WAN2~87.128.57.32~1.1.1.1.pid -u /var/run/dpinger_WAN2~87.128.57.32~1.1.1.1.sock -d 1 -s 500 -l 2000 -t 60000 -A 1000 -D 500 -L 20 1.1.1.1
(root,13508,2844,0.0) /usr/local/bin/dpinger -S -r 0 -i WANUnitymediaGW -B 94.79.148.98 -p /var/run/dpinger_WANUnitymediaGW~94.79.148.98~91.190.204.61.pid -u /var/run/dpinger_WANUnitymediaGW~94.79.148.98~91.190.204.61.sock -C /etc/rc.gateway_alarm -d 1 -s 500 -l 2000 -t 60000 -A 1000 -D 500 -L 20 91.190.204.61
(root,14648,4508,0.0) /usr/local/bin/bash /opt/bin/check_mk_agent
(root,14648,4540,0.0) /usr/local/bin/bash /opt/bin/check_mk_agent
(root,14648,4500,0.0) /usr/local/bin/bash /opt/bin/check_mk_agent
(root,12660,2356,0.0) cat
(root,13320,3036,0.0) /bin/sh /usr/local/sbin/sshguard -i /var/run/sshguard.pid
(root,12660,2352,0.0) /bin/cat
(root,19324,5840,0.0) /usr/local/libexec/sshg-parser
(root,17364,2996,0.0) /usr/local/libexec/sshg-blocker -w /usr/local/etc/sshguard.whitelist
(root,13320,3036,0.0) /bin/sh /usr/local/sbin/sshguard -i /var/run/sshguard.pid
(root,13320,3028,0.0) /bin/sh /usr/local/libexec/sshg-fw-pf
(root,13388,3216,0.0) ps ax -ww -o state,user,vsz,rss,pcpu,command
(root,19936,9720,0.0) /usr/local/sbin/openvpn --config /var/etc/openvpn/client4/config.ovpn
(nobody,17888,5312,0.0) /usr/local/sbin/dnsmasq -C /dev/null --server=/economy.local/10.105.10.10 --no-resolv --server=8.8.8.8 --server=1.1.1.1 --all-servers --dns-forward-max=5000 --cache-size=10000 --local-ttl=1
(root,56680,25328,0.0) /usr/local/sbin/kea-dhcp4 -c /usr/local/etc/kea/kea-dhcp4.conf
(root,13424,3508,0.0) /usr/local/sbin/filterlog -i pflog0 -p /var/run/filterlog.pid
(root,25840,10780,0.0) /usr/local/sbin/mpd5 -b -k -d /var/etc -f mpd_opt1.conf -p /var/run/pppoe_opt1.pid -s ppp pppoeclient
(root,148288,53972,0.0) php-fpm: pool nginx (php-fpm)
(root,13320,2980,0.0) /bin/sh /var/db/rrd/updaterrd.sh
(root,12820,2948,0.0) /usr/sbin/syslogd -O rfc3164 -s -c -c -l /var/dhcpd/var/run/log -P /var/run/syslog.pid -f /etc/syslog.conf
(root,12656,2148,0.0) /usr/local/bin/minicron 240 /var/run/ping_hosts.pid /usr/local/bin/ping_hosts.sh
(root,12656,2168,0.0) minicron: helper /usr/local/bin/ping_hosts.sh  (minicron)
(root,12656,2152,0.0) /usr/local/bin/minicron 300 /var/run/ipsec_keepalive.pid /usr/local/bin/ipsec_keepalive.php
(root,12656,2172,0.0) minicron: helper /usr/local/bin/ipsec_keepalive.php  (minicron)
(root,12656,2152,0.0) /usr/local/bin/minicron 3600 /var/run/expire_accounts.pid /usr/local/sbin/fcgicli -f /etc/rc.expireaccounts
(root,12656,2176,0.0) minicron: helper /usr/local/sbin/fcgicli -f /etc/rc.expireaccounts  (minicron)
(root,12656,2152,0.0) /usr/local/bin/minicron 86400 /var/run/update_alias_url_data.pid /usr/local/sbin/fcgicli -f /etc/rc.update_alias_url_data
(root,12656,2176,0.0) minicron: helper /usr/local/sbin/fcgicli -f /etc/rc.update_alias_url_data  (minicron)
(root,19936,9692,0.0) /usr/local/sbin/openvpn --config /var/etc/openvpn/client3/config.ovpn
(root,13404,3064,0.0) /usr/local/sbin/xinetd -syslog daemon -f /var/etc/xinetd.conf -pidfile /var/run/xinetd.pid
(root,148800,54012,0.0) php-fpm: pool nginx (php-fpm)
(root,22448,10272,0.0) sshd: /usr/sbin/sshd [listener] 0 of 10-100 startups (sshd)
(root,13204,2828,0.0) login [pam] (login)
(root,13320,3192,0.0) -sh (sh)
(root,13320,2932,0.0) /bin/sh /etc/rc.initial
(root,13204,2832,0.0) login [pam] (login)
(root,13320,3208,0.0) -sh (sh)
(root,13320,2928,0.0) /bin/sh /etc/rc.initial
(root,12788,2252,0.0) /usr/libexec/getty Pc ttyv1
(root,12788,2248,0.0) /usr/libexec/getty Pc ttyv2
(root,12788,2252,0.0) /usr/libexec/getty Pc ttyv3
(root,12788,2252,0.0) /usr/libexec/getty Pc ttyv4
(root,12788,2252,0.0) /usr/libexec/getty Pc ttyv5
(root,12788,2248,0.0) /usr/libexec/getty Pc ttyv6
(root,12788,2252,0.0) /usr/libexec/getty Pc ttyv7

Found on 2024-11-16 00:15

Host 217.86.173.171

Germany

CheckMK monitoring endpoint publicly available

Domain summary