Host 42.0.29.69
Malaysia
ModernOne Data Solutions Sdn. Bhd.
Software information

Apache Apache

tcp/443

  • CheckMK monitoring endpoint publicly available
    IP: 42.0.29.69
    Port: 6556
    First seen 2024-11-16 03:17
    Last seen 2024-12-22 00:58
    Open for 35 days

    • Severity: high
      Fingerprint: 03cb82e6f6a6b45342c4bbcb4b4d50b5e9848d861f366845ea9ad32802db425d

      Found public CheckMk agent:
Version: 1.4.0p30
AgentOS: linux
Hostname: moly1.molygoshop.com
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local

Found process list through CheckMk:
(root,239100,11480,00:00:56/09:03:32,1) /usr/lib/systemd/systemd --switched-root --system --deserialize 18
(root,0,0,00:00:00/09:03:32,2) [kthreadd]
(root,0,0,00:00:00/09:03:32,3) [rcu_gp]
(root,0,0,00:00:00/09:03:32,4) [rcu_par_gp]
(root,0,0,00:00:00/09:03:32,5) [slub_flushwq]
(root,0,0,00:00:00/09:03:32,7) [kworker/0:0H-events_highpri]
(root,0,0,00:00:01/09:03:32,8) [kworker/u8:0-events_unbound]
(root,0,0,00:00:00/09:03:32,9) [mm_percpu_wq]
(root,0,0,00:00:00/09:03:32,10) [rcu_tasks_rude_]
(root,0,0,00:00:00/09:03:32,11) [rcu_tasks_trace]
(root,0,0,00:00:00/09:03:32,12) [ksoftirqd/0]
(root,0,0,00:00:15/09:03:32,13) [rcu_sched]
(root,0,0,00:00:00/09:03:32,14) [migration/0]
(root,0,0,00:00:00/09:03:32,15) [watchdog/0]
(root,0,0,00:00:00/09:03:32,16) [cpuhp/0]
(root,0,0,00:00:00/09:03:32,17) [cpuhp/1]
(root,0,0,00:00:00/09:03:32,18) [watchdog/1]
(root,0,0,00:00:00/09:03:32,19) [migration/1]
(root,0,0,00:00:00/09:03:32,20) [ksoftirqd/1]
(root,0,0,00:00:00/09:03:32,22) [kworker/1:0H-events_highpri]
(root,0,0,00:00:00/09:03:32,23) [cpuhp/2]
(root,0,0,00:00:00/09:03:32,24) [watchdog/2]
(root,0,0,00:00:00/09:03:32,25) [migration/2]
(root,0,0,00:00:00/09:03:32,26) [ksoftirqd/2]
(root,0,0,00:00:00/09:03:32,28) [kworker/2:0H-events_highpri]
(root,0,0,00:00:00/09:03:32,29) [cpuhp/3]
(root,0,0,00:00:00/09:03:32,30) [watchdog/3]
(root,0,0,00:00:00/09:03:32,31) [migration/3]
(root,0,0,00:00:00/09:03:32,32) [ksoftirqd/3]
(root,0,0,00:00:00/09:03:32,34) [kworker/3:0H-events_highpri]
(root,0,0,00:00:01/09:03:32,37) [kworker/u8:2-events_unbound]
(root,0,0,00:00:00/09:03:32,39) [kdevtmpfs]
(root,0,0,00:00:00/09:03:32,40) [netns]
(root,0,0,00:00:00/09:03:32,41) [kauditd]
(root,0,0,00:00:00/09:03:32,43) [khungtaskd]
(root,0,0,00:00:00/09:03:32,44) [oom_reaper]
(root,0,0,00:00:00/09:03:32,45) [writeback]
(root,0,0,00:00:00/09:03:32,46) [kcompactd0]
(root,0,0,00:00:00/09:03:32,47) [ksmd]
(root,0,0,00:00:03/09:03:32,48) [khugepaged]
(root,0,0,00:00:00/09:03:32,49) [crypto]
(root,0,0,00:00:00/09:03:32,50) [kintegrityd]
(root,0,0,00:00:00/09:03:32,51) [kblockd]
(root,0,0,00:00:00/09:03:32,52) [blkcg_punt_bio]
(root,0,0,00:00:00/09:03:32,53) [tpm_dev_wq]
(root,0,0,00:00:00/09:03:32,54) [md]
(root,0,0,00:00:00/09:03:32,55) [md_bitmap]
(root,0,0,00:00:00/09:03:32,56) [edac-poller]
(root,0,0,00:00:00/09:03:32,57) [watchdogd]
(root,0,0,00:00:11/09:03:32,61) [kworker/2:1H-xfs-log/dm-0]
(root,0,0,00:00:00/09:03:32,63) [kswapd0]
(root,0,0,00:00:00/09:03:32,124) [kthrotld]
(root,0,0,00:00:00/09:03:32,125) [acpi_thermal_pm]
(root,0,0,00:00:00/09:03:32,126) [kmpath_rdacd]
(root,0,0,00:00:00/09:03:32,127) [kaluad]
(root,0,0,00:00:00/09:03:31,128) [ipv6_addrconf]
(root,0,0,00:00:00/09:03:31,129) [kstrp]
(root,0,0,00:00:00/09:03:31,130) [zswap-shrink]
(root,0,0,00:00:08/09:03:31,146) [kworker/3:1H-kblockd]
(root,0,0,00:00:04/09:03:31,174) [kworker/0:1H-kblockd]
(root,0,0,00:00:09/09:03:31,176) [kworker/1:1H-kblockd]
(root,0,0,00:00:00/09:03:31,352) [ata_sff]
(root,0,0,00:00:00/09:03:31,354) [scsi_eh_0]
(root,0,0,00:00:00/09:03:31,355) [scsi_tmf_0]
(root,0,0,00:00:00/09:03:31,356) [scsi_eh_1]
(root,0,0,00:00:00/09:03:31,357) [scsi_tmf_1]
(root,0,0,00:00:00/09:03:31,359) [ttm]
(root,0,0,00:00:00/09:03:29,435) [kdmflush/253:0]
(root,0,0,00:00:00/09:03:29,444) [kdmflush/253:1]
(root,0,0,00:00:00/09:03:28,474) [xfsalloc]
(root,0,0,00:00:00/09:03:28,475) [xfs_mru_cache]
(root,0,0,00:00:00/09:03:28,476) [xfs-buf/dm-0]
(root,0,0,00:00:00/09:03:28,477) [xfs-conv/dm-0]
(root,0,0,00:00:00/09:03:28,478) [xfs-cil/dm-0]
(root,0,0,00:00:00/09:03:28,479) [xfs-reclaim/dm-]
(root,0,0,00:00:00/09:03:28,480) [xfs-blockgc/dm-]
(root,0,0,00:00:00/09:03:28,481) [xfs-log/dm-0]
(root,0,0,00:00:06/09:03:28,482) [xfsaild/dm-0]
(root,114508,34920,00:00:07/09:02:45,576) /usr/lib/systemd/systemd-journald
(root,0,0,00:00:00/09:02:37,616) [xfs-buf/sda1]
(root,0,0,00:00:00/09:02:37,617) [xfs-conv/sda1]
(root,0,0,00:00:00/09:02:37,618) [xfs-cil/sda1]
(root,0,0,00:00:00/09:02:37,619) [xfs-reclaim/sda]
(root,0,0,00:00:00/09:02:37,620) [xfs-blockgc/sda]
(root,0,0,00:00:00/09:02:37,621) [xfs-log/sda1]
(root,0,0,00:00:00/09:02:37,622) [xfsaild/sda1]
(root,97788,9136,00:00:00/09:02:35,624) /usr/lib/systemd/systemd-udevd
(root,0,0,00:00:00/09:02:30,674) [kdmflush/253:2]
(root,0,0,00:00:00/09:02:29,681) [xfs-buf/dm-2]
(root,0,0,00:00:00/09:02:29,682) [xfs-conv/dm-2]
(root,0,0,00:00:00/09:02:29,683) [xfs-cil/dm-2]
(root,0,0,00:00:00/09:02:29,684) [xfs-reclaim/dm-]
(root,0,0,00:00:00/09:02:29,685) [xfs-blockgc/dm-]
(root,0,0,00:00:00/09:02:29,686) [xfs-log/dm-2]
(root,0,0,00:00:00/09:02:29,687) [xfsaild/dm-2]
(rpc,67328,5484,00:00:00/09:02:24,709) /usr/bin/rpcbind -w -f
(root,0,0,00:00:00/09:02:23,712) [rpciod]
(root,0,0,00:00:00/09:02:23,713) [xprtiod]
(root,57392,2220,00:00:01/09:02:23,716) /sbin/auditd
(root,239864,3484,00:00:00/09:02:18,755) /usr/sbin/pure-authd -s /var/run/ftpd.sock -r /usr/local/cpanel/bin/pureauth
(dbus,56592,5544,00:00:06/09:02:18,756) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
(root,79756,7204,00:00:03/09:02:17,762) /usr/lib/systemd/systemd-logind
(root,318756,19928,00:00:03/09:02:17,763) queueprocd - waiting up to 60s to process a task
(root,50776,5936,00:00:00/09:02:16,765) /usr/sbin/smartd -n -q never
(nscd,1098056,4188,00:00:02/09:02:16,766) /usr/sbin/nscd
(root,125068,5424,00:00:01/09:02:14,779) /usr/sbin/irqbalance --foreground
(chrony,140188,4400,00:00:00/09:02:13,787) /usr/sbin/chronyd
(mailnull,88332,18384,00:00:00/09:02:02,878) /usr/sbin/exim -ps -bd -q15m -oP /var/spool/exim/exim-daemon.pid
(root,0,0,00:00:00/09:01:50,1033) [loop0]
(root,0,0,00:00:00/09:01:50,1035) [jbd2/loop0-8]
(root,0,0,00:00:00/09:01:50,1036) [ext4-rsv-conver]
(root,75028,7364,00:00:00/09:01:42,1221) /usr/sbin/sshd -D -oCiphers=aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes256-ctr,aes256-cbc,aes128-gcm@openssh.com,aes128-ctr,aes128-cbc -oMACs=hmac-sha2-256-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha1,umac-128@openssh.com,hmac-sha2-512 -oGSSAPIKexAlgorithms=gss-curve25519-sha256-,gss-nistp256-sha256-,gss-group14-sha256-,gss-group16-sha512-,gss-gex-sha1-,gss-group14-sha1- -oKexAlgorithms=curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1 -oHostKeyAlgorithms=ecdsa-sha2-nistp256,ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521,ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh-ed25519,ssh-ed25519-cert-v01@openssh.com,rsa-sha2-256,rsa-sha2-256-cert-v01@openssh.com,rsa-sha2-512,rsa-sha2-512-cert-v01@openssh.com,ssh-rsa,ssh-rsa-cert-v01@openssh.com -oPubkeyAcceptedKeyTypes=ecdsa-sha2-nistp256,ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521,ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh-ed25519,ssh-ed25519-cert-v01@openssh.com,rsa-sha2-256,rsa-sha2-256-cert-v01@openssh.com,rsa-sha2-512,rsa-sha2-512-cert-v01@openssh.com,ssh-rsa,ssh-rsa-cert-v01@openssh.com -oCASignatureAlgorithms=ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519,rsa-sha2-256,rsa-sha2-512,ssh-rsa
(root,44608,4808,00:00:00/09:01:42,1223) /usr/sbin/dovecot -F -c /etc/dovecot/dovecot.conf
(root,240472,5856,00:00:00/09:01:42,1226) pure-ftpd (SERVER)
(root,297252,10144,00:00:16/09:01:37,1234) cpsrvd (SSL) - dormant mode - accepting connections
(root,234176,25620,00:00:06/09:01:36,1239) /usr/sbin/rsyslogd -n
(root,49208,3320,00:00:00/09:01:36,1241) /usr/sbin/xinetd -stayalive -pidfile /var/run/xinetd.pid
(root,314972,4028,00:00:00/09:01:31,1245) /usr/sbin/gssproxy -D
(named,631264,60612,00:00:03/09:01:29,1253) /usr/sbin/pdns_server --socket-dir=/run/pdns --guardian=no --daemon=no --disable-syslog --log-timestamp=no --write-pid=no
(root,0,0,00:00:00/09:01:26,1265) [ib-comp-wq]
(root,0,0,00:00:00/09:01:26,1267) [kworker/u9:0]
(root,0,0,00:00:00/09:01:26,1269) [ib-comp-unb-wq]
(root,0,0,00:00:00/09:01:26,1271) [ib_mcast]
(root,0,0,00:00:00/09:01:26,1274) [ib_nl_sa_wq]
(root,233824,3364,00:00:00/09:01:25,1286) /usr/sbin/crond -n
(dovenull,27244,6876,00:00:00/09:01:24,1290) dovecot/pop3-login
(dovenull,27312,7000,00:00:00/09:01:24,1291) dovecot/imap-login
(dovecot,10472,1220,00:00:00/09:01:24,1292) dovecot/anvil
(root,10732,3000,00:00:00/09:01:24,1293) dovecot/log
(dovenull,27236,6944,00:00:00/09:01:24,1295) dovecot/pop3-login
(dovenull,27236,6952,00:00:00/09:01:24,1296) dovecot/imap-login
(root,24504,1332,00:00:00/09:01:24,1297) /usr/sbin/atd -f
(cpanelconnecttrack,23436,4412,00:01:02/09:01:24,1300) /usr/local/cpanel/3rdparty/sbin/p0f -i any -u cpanelconnecttrack -d -s /var/cpanel/userhomes/cpanelconnecttrack/p0f.socket less 400 and not dst port 80 and not dst port 443 and tcp[13] & 8==0
(root,217772,860,00:00:00/09:01:21,1324) /sbin/agetty -o -p -- \u --noclear tty1 linux
(root,16520,4920,00:00:00/09:01:21,1326) dovecot/config
(dovecot,14232,3256,00:00:00/09:01:21,1331) dovecot/stats
(mysql,1724356,258656,00:00:59/09:01:17,1446) /usr/sbin/mariadbd
(root,457660,24452,00:00:03/09:01:07,1651) php-fpm: master process (/opt/cpanel/ea-php81/root/etc/php-fpm.conf)
(root,296320,9688,00:00:01/09:01:03,1682) dnsadmin - dormant mode
(root,338116,27904,00:00:04/09:01:03,1683) tailwatchd
(root,312864,12968,00:00:04/09:01:03,1684) cpdavd - accepting connections on: 2079, 2080, 2091, 2077, 2078 (dormant)
(root,296612,9568,00:00:15/09:01:03,1686) cPhulkd - processor - dormant mode - accepting connections
(root,268092,5220,00:00:00/09:00:57,1769) cpanellogd - sleeping for logs
(root,211268,11616,00:00:02/08:59:46,2326) /usr/sbin/httpd -k start
(root,13912,1908,00:00:00/08:59:46,2327) /usr/local/cpanel/bin/splitlogs --dir=/etc/apache2/logs/domlogs --main=moly1.molygoshop.com --suffix=-bytes_log
(root,13912,2000,00:00:00/08:59:46,2328) /usr/local/cpanel/bin/splitlogs --dir=/etc/apache2/logs/domlogs --main=moly1.molygoshop.com --mainout=/etc/apache2/logs/access_log
(root,82164,16084,00:00:00/08:59:46,2329) /usr/local/cpanel/3rdparty/bin/perl /usr/local/cpanel/bin/leechprotect
(root,334992,33812,00:00:32/08:58:33,2712) lfd - sleeping
(nobody,212900,11836,00:00:00/04:10:44,46035) /usr/sbin/httpd -k start
(root,301448,155124,00:00:11/03:10:04,55957) /usr/local/cpanel/3rdparty/perl/536/bin/perl -T -w /usr/local/cpanel/3rdparty/bin/spamd --allowed-ips=127.0.0.1,::1 --max-children=5 --pidfile=/var/run/spamd.pid --listen=5 --listen=6
(root,302724,147960,00:00:03/02:58:27,57608) spamd child
(root,301448,146248,00:00:00/02:58:27,57609) spamd child
(root,410236,12500,00:00:00/02:35:05,61562) php-fpm: master process (/usr/local/cpanel/etc/php-fpm.conf)
(root,565512,42876,00:00:00/02:35:04,61597) sw-engine-fpm: master process (/etc/sw-engine/sw-engine-fpm.conf)
(root,0,0,00:00:00/02:35:02,61633) [kworker/u8:1-writeback]
(wp-toolkit,524804,66812,00:00:05/02:34:57,61695) /usr/bin/sw-engine /usr/local/cpanel/3rdparty/wp-toolkit/bin/run-script background-tasks-executor.php
(wp-toolkit,508148,50540,00:00:00/02:34:57,61699) /usr/bin/sw-engine /usr/local/cpanel/3rdparty/wp-toolkit/bin/run-script scheduled-tasks-executor.php
(nobody,213256,11712,00:00:00/57:01,75354) /usr/sbin/httpd -k start
(nobody,212808,11708,00:00:00/57:00,75369) /usr/sbin/httpd -k start
(nobody,212904,11808,00:00:00/54:43,75697) /usr/sbin/httpd -k start
(nobody,213072,11716,00:00:00/54:42,75698) /usr/sbin/httpd -k start
(nobody,212904,11564,00:00:00/54:42,75699) /usr/sbin/httpd -k start
(nobody,213076,11972,00:00:00/53:54,75814) /usr/sbin/httpd -k start
(nobody,213068,11940,00:00:00/53:53,75815) /usr/sbin/httpd -k start
(nobody,212792,11624,00:00:00/53:53,75816) /usr/sbin/httpd -k start
(root,0,0,00:00:00/49:29,76455) [kworker/1:0-events]
(root,0,0,00:00:00/36:25,78169) [kworker/2:0-events]
(nobody,212788,11264,00:00:00/18:26,80580) /usr/sbin/httpd -k start
(root,0,0,00:00:00/18:19,80589) [kworker/1:2-cgroup_pidlist_destroy]
(root,0,0,00:00:00/17:33,80709) [kworker/3:0-events]
(root,0,0,00:00:00/17:23,80716) [kworker/0:0-events]
(root,0,0,00:00:00/17:23,80721) [kworker/3:2-cgroup_pidlist_destroy]
(root,0,0,00:00:00/10:17,81663) [kworker/3:3-cgroup_destroy]
(root,0,0,00:00:00/08:33,81925) [kworker/2:1-cgroup_pidlist_destroy]
(root,0,0,00:00:00/08:20,81945) [kworker/0:2-events_power_efficient]
(root,0,0,00:00:00/05:17,82317) [kworker/1:3-cgroup_destroy]
(root,0,0,00:00:00/02:23,82753) [kworker/2:2-events]
(root,0,0,00:00:00/02:23,82754) [kworker/3:1-cgroup_pidlist_destroy]
(root,0,0,00:00:00/00:01,83090) [kworker/1:1-cgroup_pidlist_destroy]
(root,222732,3180,00:00:00/00:00,83154) /bin/bash /usr/bin/check_mk_agent
(root,42868,2176,00:00:00/00:00,83170) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000
(root,17756,1260,00:00:00/00:00,83171) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) /

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: ens18: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP mode DEFAULT group default qlen 1000
    link/ether 86:26:7e:9b:5a:f9 brd ff:ff:ff:ff:ff:ff
    altname enp0s18
3: ens19: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP mode DEFAULT group default qlen 1000
    link/ether 46:26:9b:9b:f9:21 brd ff:ff:ff:ff:ff:ff
    altname enp0s19
[end_iplink]
      Found on 2024-12-22 00:58

    • Severity: high
      Fingerprint: 03cb82e6f6a6b45342c4bbcb4b4d50b5e9848d861f366845ea9ad328bbf0b451

      Found public CheckMk agent:
Version: 1.4.0p30
AgentOS: linux
Hostname: moly1.molygoshop.com
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local

Found process list through CheckMk:
(root,239300,12092,00:23:01/6-08:47:39,1) /usr/lib/systemd/systemd --system --deserialize 21
(root,0,0,00:00:00/6-08:47:39,2) [kthreadd]
(root,0,0,00:00:00/6-08:47:39,3) [rcu_gp]
(root,0,0,00:00:00/6-08:47:39,4) [rcu_par_gp]
(root,0,0,00:00:00/6-08:47:39,5) [slub_flushwq]
(root,0,0,00:00:00/6-08:47:39,7) [kworker/0:0H-events_highpri]
(root,0,0,00:00:00/6-08:47:39,9) [mm_percpu_wq]
(root,0,0,00:00:00/6-08:47:39,10) [rcu_tasks_rude_]
(root,0,0,00:00:00/6-08:47:39,11) [rcu_tasks_trace]
(root,0,0,00:00:08/6-08:47:39,12) [ksoftirqd/0]
(root,0,0,00:09:33/6-08:47:39,13) [rcu_sched]
(root,0,0,00:00:01/6-08:47:39,14) [migration/0]
(root,0,0,00:00:01/6-08:47:39,15) [watchdog/0]
(root,0,0,00:00:00/6-08:47:39,16) [cpuhp/0]
(root,0,0,00:00:00/6-08:47:39,17) [cpuhp/1]
(root,0,0,00:00:02/6-08:47:39,18) [watchdog/1]
(root,0,0,00:00:00/6-08:47:39,19) [migration/1]
(root,0,0,00:00:07/6-08:47:39,20) [ksoftirqd/1]
(root,0,0,00:00:00/6-08:47:39,23) [cpuhp/2]
(root,0,0,00:00:02/6-08:47:39,24) [watchdog/2]
(root,0,0,00:00:00/6-08:47:39,25) [migration/2]
(root,0,0,00:00:13/6-08:47:39,26) [ksoftirqd/2]
(root,0,0,00:00:00/6-08:47:39,28) [kworker/2:0H-events_highpri]
(root,0,0,00:00:00/6-08:47:39,29) [cpuhp/3]
(root,0,0,00:00:02/6-08:47:39,30) [watchdog/3]
(root,0,0,00:00:01/6-08:47:39,31) [migration/3]
(root,0,0,00:00:08/6-08:47:39,32) [ksoftirqd/3]
(root,0,0,00:00:00/6-08:47:39,34) [kworker/3:0H-events_highpri]
(root,0,0,00:00:00/6-08:47:39,39) [kdevtmpfs]
(root,0,0,00:00:00/6-08:47:39,40) [netns]
(root,0,0,00:00:03/6-08:47:39,41) [kauditd]
(root,0,0,00:00:01/6-08:47:39,43) [khungtaskd]
(root,0,0,00:00:00/6-08:47:39,44) [oom_reaper]
(root,0,0,00:00:00/6-08:47:39,45) [writeback]
(root,0,0,00:00:01/6-08:47:39,46) [kcompactd0]
(root,0,0,00:00:00/6-08:47:39,47) [ksmd]
(root,0,0,00:01:49/6-08:47:39,48) [khugepaged]
(root,0,0,00:00:00/6-08:47:39,49) [crypto]
(root,0,0,00:00:00/6-08:47:39,50) [kintegrityd]
(root,0,0,00:00:00/6-08:47:39,51) [kblockd]
(root,0,0,00:00:00/6-08:47:39,52) [blkcg_punt_bio]
(root,0,0,00:00:00/6-08:47:39,54) [tpm_dev_wq]
(root,0,0,00:00:00/6-08:47:39,55) [md]
(root,0,0,00:00:00/6-08:47:39,56) [md_bitmap]
(root,0,0,00:00:00/6-08:47:39,57) [edac-poller]
(root,0,0,00:00:00/6-08:47:39,58) [watchdogd]
(root,0,0,00:04:12/6-08:47:39,61) [kworker/2:1H-kblockd]
(root,0,0,00:00:14/6-08:47:37,64) [kswapd0]
(root,0,0,00:00:00/6-08:47:37,125) [kthrotld]
(root,0,0,00:00:00/6-08:47:37,126) [acpi_thermal_pm]
(root,0,0,00:00:00/6-08:47:37,127) [kmpath_rdacd]
(root,0,0,00:00:00/6-08:47:37,128) [kaluad]
(root,0,0,00:02:05/6-08:47:37,129) [kworker/0:1H-xfs-log/dm-0]
(root,0,0,00:00:00/6-08:47:37,130) [ipv6_addrconf]
(root,0,0,00:00:00/6-08:47:37,131) [kstrp]
(root,0,0,00:00:00/6-08:47:37,132) [zswap-shrink]
(root,0,0,00:03:17/6-08:47:37,142) [kworker/1:1H-kblockd]
(root,0,0,00:04:12/6-08:47:37,178) [kworker/3:1H-kblockd]
(root,0,0,00:00:00/6-08:47:35,355) [ata_sff]
(root,0,0,00:00:13/6-08:47:35,360) [scsi_eh_0]
(root,0,0,00:00:00/6-08:47:35,361) [scsi_tmf_0]
(root,0,0,00:00:00/6-08:47:35,362) [scsi_eh_1]
(root,0,0,00:00:00/6-08:47:35,363) [scsi_tmf_1]
(root,0,0,00:00:00/6-08:47:35,365) [ttm]
(root,0,0,00:00:00/6-08:47:34,438) [kdmflush/253:0]
(root,0,0,00:00:00/6-08:47:34,447) [kdmflush/253:1]
(root,0,0,00:00:00/6-08:47:33,473) [xfsalloc]
(root,0,0,00:00:00/6-08:47:33,474) [xfs_mru_cache]
(root,0,0,00:00:00/6-08:47:33,475) [xfs-buf/dm-0]
(root,0,0,00:00:00/6-08:47:33,476) [xfs-conv/dm-0]
(root,0,0,00:00:00/6-08:47:33,477) [xfs-cil/dm-0]
(root,0,0,00:00:00/6-08:47:33,478) [xfs-reclaim/dm-]
(root,0,0,00:00:00/6-08:47:33,479) [xfs-blockgc/dm-]
(root,0,0,00:00:00/6-08:47:33,480) [xfs-log/dm-0]
(root,0,0,00:03:49/6-08:47:33,481) [xfsaild/dm-0]
(root,0,0,00:00:00/6-08:47:15,616) [xfs-buf/sda1]
(root,0,0,00:00:00/6-08:47:15,617) [xfs-conv/sda1]
(root,0,0,00:00:00/6-08:47:15,618) [xfs-cil/sda1]
(root,0,0,00:00:00/6-08:47:15,619) [xfs-reclaim/sda]
(root,0,0,00:00:00/6-08:47:15,620) [xfs-blockgc/sda]
(root,0,0,00:00:00/6-08:47:15,621) [xfs-log/sda1]
(root,0,0,00:00:00/6-08:47:15,622) [xfsaild/sda1]
(root,0,0,00:00:00/6-08:47:10,672) [kdmflush/253:2]
(root,0,0,00:00:00/6-08:47:09,680) [xfs-buf/dm-2]
(root,0,0,00:00:00/6-08:47:09,681) [xfs-conv/dm-2]
(root,0,0,00:00:00/6-08:47:09,682) [xfs-cil/dm-2]
(root,0,0,00:00:00/6-08:47:09,683) [xfs-reclaim/dm-]
(root,0,0,00:00:00/6-08:47:09,684) [xfs-blockgc/dm-]
(root,0,0,00:00:00/6-08:47:09,685) [xfs-log/dm-2]
(root,0,0,00:00:53/6-08:47:09,686) [xfsaild/dm-2]
(root,0,0,00:00:00/6-08:47:06,712) [rpciod]
(root,0,0,00:00:00/6-08:47:06,713) [xprtiod]
(root,57392,2012,00:00:26/6-08:47:06,716) /sbin/auditd
(dbus,56744,5428,00:02:43/6-08:46:36,758) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
(root,125068,4964,00:00:30/6-08:46:35,761) /usr/sbin/irqbalance --foreground
(root,239864,3240,00:00:01/6-08:46:32,778) /usr/sbin/pure-authd -s /var/run/ftpd.sock -r /usr/local/cpanel/bin/pureauth
(root,0,0,00:00:24/6-08:45:06,1211) [loop0]
(root,0,0,00:00:07/6-08:44:49,1217) [jbd2/loop0-8]
(root,0,0,00:00:00/6-08:44:49,1218) [ext4-rsv-conver]
(root,240472,5912,00:00:01/6-08:44:40,1237) pure-ftpd (SERVER)
(root,0,0,00:00:00/6-08:43:57,1332) [ib-comp-wq]
(root,0,0,00:00:00/6-08:43:57,1334) [kworker/u9:0]
(root,0,0,00:00:00/6-08:43:57,1335) [ib-comp-unb-wq]
(root,0,0,00:00:00/6-08:43:57,1336) [ib_mcast]
(root,0,0,00:00:00/6-08:43:57,1337) [ib_nl_sa_wq]
(root,217772,932,00:00:00/6-08:43:44,1439) /sbin/agetty -o -p -- \u --noclear tty1 linux
(root,296612,9640,00:06:15/6-08:43:02,1840) cPhulkd - processor - dormant mode - accepting connections
(root,296320,9476,00:00:30/6-08:43:02,1844) dnsadmin - dormant mode
(root,312864,13128,00:01:33/6-08:43:02,1846) cpdavd - accepting connections on: 2079, 2080, 2091, 2077, 2078 (dormant)
(root,268092,4596,00:00:06/6-08:42:42,1873) cpanellogd - sleeping for logs
(root,0,0,00:00:00/6-08:41:39,2033) [kworker/1:2H]
(root,336252,25968,00:01:28/6-07:55:05,8282) tailwatchd
(root,318720,13668,00:01:16/6-07:54:50,8329) queueprocd - waiting up to 60s to process a task
(root,297252,10276,00:07:11/6-07:54:36,8365) cpsrvd (SSL) - dormant mode - accepting connections
(cpanelconnecttrack,23496,4584,00:34:34/6-07:54:36,8370) /usr/local/cpanel/3rdparty/sbin/p0f -i any -u cpanelconnecttrack -d -s /var/cpanel/userhomes/cpanelconnecttrack/p0f.socket less 400 and not dst port 80 and not dst port 443 and tcp[13] & 8==0
(root,0,0,00:00:00/5-11:19:15,197653) [dio/dm-0]
(root,301372,152940,00:00:48/2-02:43:04,919200) /usr/local/cpanel/3rdparty/perl/536/bin/perl -T -w /usr/local/cpanel/3rdparty/bin/spamd --allowed-ips=127.0.0.1,::1 --max-children=5 --pidfile=/var/run/spamd.pid --listen=5 --listen=6
(root,302708,146980,00:00:15/1-07:40:52,1090878) spamd child
(root,233792,3308,00:00:02/1-02:44:50,1134845) /usr/sbin/crond -n
(root,82276,7604,00:00:00/1-02:42:39,1135262) /usr/lib/systemd/systemd-udevd
(wp-toolkit,508148,49680,00:00:03/1-02:41:44,1144264) /usr/bin/sw-engine /usr/local/cpanel/3rdparty/wp-toolkit/bin/run-script scheduled-tasks-executor.php
(named,704864,61352,00:00:17/1-02:41:44,1144936) /usr/sbin/pdns_server --socket-dir=/run/pdns --guardian=no --daemon=no --disable-syslog --log-timestamp=no --write-pid=no
(root,75028,7108,00:00:02/1-02:41:43,1145630) /usr/sbin/sshd -D -oCiphers=aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes256-ctr,aes256-cbc,aes128-gcm@openssh.com,aes128-ctr,aes128-cbc -oMACs=hmac-sha2-256-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha1,umac-128@openssh.com,hmac-sha2-512 -oGSSAPIKexAlgorithms=gss-curve25519-sha256-,gss-nistp256-sha256-,gss-group14-sha256-,gss-group16-sha512-,gss-gex-sha1-,gss-group14-sha1- -oKexAlgorithms=curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1 -oHostKeyAlgorithms=ecdsa-sha2-nistp256,ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521,ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh-ed25519,ssh-ed25519-cert-v01@openssh.com,rsa-sha2-256,rsa-sha2-256-cert-v01@openssh.com,rsa-sha2-512,rsa-sha2-512-cert-v01@openssh.com,ssh-rsa,ssh-rsa-cert-v01@openssh.com -oPubkeyAcceptedKeyTypes=ecdsa-sha2-nistp256,ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521,ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh-ed25519,ssh-ed25519-cert-v01@openssh.com,rsa-sha2-256,rsa-sha2-256-cert-v01@openssh.com,rsa-sha2-512,rsa-sha2-512-cert-v01@openssh.com,ssh-rsa,ssh-rsa-cert-v01@openssh.com -oCASignatureAlgorithms=ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519,rsa-sha2-256,rsa-sha2-512,ssh-rsa
(root,49208,3188,00:00:00/1-02:41:42,1146160) /usr/sbin/xinetd -stayalive -pidfile /var/run/xinetd.pid
(root,50776,4740,00:00:00/1-02:41:40,1147122) /usr/sbin/smartd -n -q never
(root,565512,42236,00:00:00/1-02:41:39,1147533) sw-engine-fpm: master process (/etc/sw-engine/sw-engine-fpm.conf)
(chrony,115640,2200,00:00:01/1-02:41:38,1148180) /usr/sbin/chronyd
(mysql,1920252,310152,00:04:45/1-02:41:29,1150719) /usr/sbin/mariadbd
(wp-toolkit,524804,66168,00:00:50/1-02:41:26,1151762) /usr/bin/sw-engine /usr/local/cpanel/3rdparty/wp-toolkit/bin/run-script background-tasks-executor.php
(root,163720,57648,00:00:31/1-02:41:23,1151960) /usr/lib/systemd/systemd-journald
(root,410236,12324,00:00:06/1-02:41:22,1152091) php-fpm: master process (/usr/local/cpanel/etc/php-fpm.conf)
(nscd,1030468,4240,00:00:11/1-02:41:22,1152175) /usr/sbin/nscd
(mailnull,88328,14312,00:00:02/1-02:41:20,1152482) /usr/sbin/exim -ps -bd -q15m -oP /var/spool/exim/exim-daemon.pid
(root,314972,3416,00:00:00/1-02:41:20,1152717) /usr/sbin/gssproxy -D
(root,79868,7772,00:00:11/1-02:41:19,1152921) /usr/lib/systemd/systemd-logind
(root,24504,1248,00:00:00/1-02:41:19,1153141) /usr/sbin/atd -f
(rpc,67328,5388,00:00:00/1-02:41:18,1153350) /usr/bin/rpcbind -w -f
(root,44608,4592,00:00:01/1-02:41:16,1154678) /usr/sbin/dovecot -F -c /etc/dovecot/dovecot.conf
(dovenull,27248,7176,00:00:00/1-02:41:16,1154748) dovecot/pop3-login
(dovenull,27220,7256,00:00:00/1-02:41:16,1154750) dovecot/imap-login
(dovecot,10472,1380,00:00:00/1-02:41:16,1154752) dovecot/anvil
(root,10732,2928,00:00:00/1-02:41:16,1154754) dovecot/log
(dovenull,27360,7220,00:00:00/1-02:41:16,1154755) dovecot/pop3-login
(dovenull,27248,7320,00:00:00/1-02:41:16,1154756) dovecot/imap-login
(root,16520,4896,00:00:01/1-02:41:16,1154759) dovecot/config
(dovecot,14232,3328,00:00:00/1-02:41:16,1154760) dovecot/stats
(root,440872,11840,00:00:25/1-02:41:12,1155975) /usr/sbin/rsyslogd -n
(root,301372,145132,00:00:00/12:57:37,1297795) spamd child
(root,0,0,00:00:01/04:54:33,1371189) [kworker/u8:3-events_unbound]
(root,0,0,00:00:01/03:19:23,1386346) [kworker/u8:1-events_unbound]
(root,211268,11696,00:00:00/02:45:05,1392749) /usr/sbin/httpd -k start
(root,13912,1924,00:00:00/02:45:05,1392750) /usr/local/cpanel/bin/splitlogs --dir=/etc/apache2/logs/domlogs --main=moly1.molygoshop.com --suffix=-bytes_log
(root,13912,1916,00:00:00/02:45:05,1392751) /usr/local/cpanel/bin/splitlogs --dir=/etc/apache2/logs/domlogs --main=moly1.molygoshop.com --mainout=/etc/apache2/logs/access_log
(root,82164,16136,00:00:00/02:45:05,1392752) /usr/local/cpanel/3rdparty/bin/perl /usr/local/cpanel/bin/leechprotect
(nobody,213060,12216,00:00:00/02:45:05,1392753) /usr/sbin/httpd -k start
(nobody,213072,12080,00:00:00/02:45:05,1392754) /usr/sbin/httpd -k start
(nobody,213072,12276,00:00:00/02:45:05,1392755) /usr/sbin/httpd -k start
(nobody,212804,12004,00:00:00/02:45:05,1392756) /usr/sbin/httpd -k start
(nobody,213000,11992,00:00:00/02:45:05,1392757) /usr/sbin/httpd -k start
(nobody,213060,11784,00:00:00/02:45:01,1392775) /usr/sbin/httpd -k start
(root,457660,24472,00:00:01/02:44:59,1392787) php-fpm: master process (/opt/cpanel/ea-php81/root/etc/php-fpm.conf)
(root,334940,33972,00:00:14/02:44:48,1392986) lfd - sleeping
(nobody,212820,11588,00:00:00/02:33:51,1395046) /usr/sbin/httpd -k start
(nobody,212744,11504,00:00:00/02:27:03,1396101) /usr/sbin/httpd -k start
(root,0,0,00:00:00/01:34:40,1403935) [kworker/u8:2-events_unbound]
(nobody,212892,11580,00:00:00/37:21,1412620) /usr/sbin/httpd -k start
(nobody,212900,11560,00:00:00/37:21,1412621) /usr/sbin/httpd -k start
(root,0,0,00:00:00/23:22,1414979) [kworker/3:0-cgroup_pidlist_destroy]
(root,0,0,00:00:00/21:01,1415241) [kworker/2:2-cgroup_pidlist_destroy]
(root,0,0,00:00:00/20:05,1415365) [kworker/2:3-cgroup_pidlist_destroy]
(root,0,0,00:00:00/14:22,1416524) [kworker/3:2-cgroup_pidlist_destroy]
(root,0,0,00:00:00/10:05,1417020) [kworker/2:0-events]
(root,0,0,00:00:00/09:52,1417045) [kworker/3:4-events]
(root,0,0,00:00:00/09:43,1417051) [kworker/0:0-events]
(root,0,0,00:00:00/09:34,1417066) [kworker/1:2-events]
(root,0,0,00:00:00/09:22,1417302) [kworker/1:3-cgroup_destroy]
(root,0,0,00:00:00/05:22,1417771) [kworker/0:2-events_power_efficient]
(root,0,0,00:00:00/04:22,1417922) [kworker/2:1-events]
(root,0,0,00:00:00/03:55,1418104) [kworker/3:1-cgroup_pidlist_destroy]
(root,234004,2084,00:00:00/00:06,1418531) /usr/sbin/CROND -n
(root,222600,1300,00:00:00/00:06,1418534) /bin/sh -c    bash -c "sleep $((RANDOM % 60))" ; /opt/imunify360/venv/share/imunify360/scripts/check-detached.py > /dev/null 2>&1 || :
(root,217156,952,00:00:00/00:06,1418536) sleep 24
(root,89804,9448,00:00:00/00:05,1418549) /usr/lib/systemd/systemd --user
(root,285740,3920,00:00:00/00:05,1418551) (sd-pam)
(mailnull,88672,11068,00:00:00/00:04,1418565) /usr/sbin/exim -ps -bd -q15m -oP /var/spool/exim/exim-daemon.pid
(mailnull,88672,11068,00:00:00/00:04,1418566) /usr/sbin/exim -ps -bd -q15m -oP /var/spool/exim/exim-daemon.pid
(root,0,0,00:00:00/00:00,1418694) [kworker/1:0-cgroup_pidlist_destroy]
(root,0,0,00:00:00/00:00,1418695) [kworker/1:1-events]
(root,222732,3308,00:00:00/00:00,1418696) /bin/bash /usr/bin/check_mk_agent
(root,42868,2320,00:00:00/00:00,1418712) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000
(root,17756,1252,00:00:00/00:00,1418713) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) /

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: ens18: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP mode DEFAULT group default qlen 1000
    link/ether 86:26:7e:9b:5a:f9 brd ff:ff:ff:ff:ff:ff
    altname enp0s18
3: ens19: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP mode DEFAULT group default qlen 1000
    link/ether 46:26:9b:9b:f9:21 brd ff:ff:ff:ff:ff:ff
    altname enp0s19
[end_iplink]
      Found on 2024-12-20 00:30

    • Severity: high
      Fingerprint: 03cb82e6f6a6b45342c4bbcb4b4d50b5e9848d861f366845ea9ad328650e1cc9

      Found public CheckMk agent:
Version: 1.4.0p30
AgentOS: linux
Hostname: moly1.molygoshop.com
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local

Found process list through CheckMk:
(root,247276,11360,00:16:55/4-10:01:46,1) /usr/lib/systemd/systemd --switched-root --system --deserialize 17
(root,0,0,00:00:00/4-10:01:46,2) [kthreadd]
(root,0,0,00:00:00/4-10:01:46,3) [rcu_gp]
(root,0,0,00:00:00/4-10:01:46,4) [rcu_par_gp]
(root,0,0,00:00:00/4-10:01:46,5) [slub_flushwq]
(root,0,0,00:00:00/4-10:01:46,7) [kworker/0:0H-events_highpri]
(root,0,0,00:00:00/4-10:01:46,9) [mm_percpu_wq]
(root,0,0,00:00:00/4-10:01:46,10) [rcu_tasks_rude_]
(root,0,0,00:00:00/4-10:01:46,11) [rcu_tasks_trace]
(root,0,0,00:00:05/4-10:01:46,12) [ksoftirqd/0]
(root,0,0,00:06:31/4-10:01:46,13) [rcu_sched]
(root,0,0,00:00:00/4-10:01:46,14) [migration/0]
(root,0,0,00:00:01/4-10:01:46,15) [watchdog/0]
(root,0,0,00:00:00/4-10:01:46,16) [cpuhp/0]
(root,0,0,00:00:00/4-10:01:46,17) [cpuhp/1]
(root,0,0,00:00:01/4-10:01:46,18) [watchdog/1]
(root,0,0,00:00:00/4-10:01:46,19) [migration/1]
(root,0,0,00:00:05/4-10:01:46,20) [ksoftirqd/1]
(root,0,0,00:00:00/4-10:01:46,23) [cpuhp/2]
(root,0,0,00:00:01/4-10:01:46,24) [watchdog/2]
(root,0,0,00:00:00/4-10:01:46,25) [migration/2]
(root,0,0,00:00:10/4-10:01:46,26) [ksoftirqd/2]
(root,0,0,00:00:00/4-10:01:46,28) [kworker/2:0H-events_highpri]
(root,0,0,00:00:00/4-10:01:46,29) [cpuhp/3]
(root,0,0,00:00:01/4-10:01:46,30) [watchdog/3]
(root,0,0,00:00:01/4-10:01:46,31) [migration/3]
(root,0,0,00:00:05/4-10:01:46,32) [ksoftirqd/3]
(root,0,0,00:00:00/4-10:01:46,34) [kworker/3:0H-events_highpri]
(root,0,0,00:00:00/4-10:01:46,39) [kdevtmpfs]
(root,0,0,00:00:00/4-10:01:46,40) [netns]
(root,0,0,00:00:02/4-10:01:46,41) [kauditd]
(root,0,0,00:00:01/4-10:01:46,43) [khungtaskd]
(root,0,0,00:00:00/4-10:01:46,44) [oom_reaper]
(root,0,0,00:00:00/4-10:01:46,45) [writeback]
(root,0,0,00:00:01/4-10:01:46,46) [kcompactd0]
(root,0,0,00:00:00/4-10:01:46,47) [ksmd]
(root,0,0,00:01:27/4-10:01:46,48) [khugepaged]
(root,0,0,00:00:00/4-10:01:46,49) [crypto]
(root,0,0,00:00:00/4-10:01:46,50) [kintegrityd]
(root,0,0,00:00:00/4-10:01:46,51) [kblockd]
(root,0,0,00:00:00/4-10:01:46,52) [blkcg_punt_bio]
(root,0,0,00:00:00/4-10:01:46,54) [tpm_dev_wq]
(root,0,0,00:00:00/4-10:01:46,55) [md]
(root,0,0,00:00:00/4-10:01:46,56) [md_bitmap]
(root,0,0,00:00:00/4-10:01:46,57) [edac-poller]
(root,0,0,00:00:00/4-10:01:46,58) [watchdogd]
(root,0,0,00:03:14/4-10:01:46,61) [kworker/2:1H-kblockd]
(root,0,0,00:00:13/4-10:01:44,64) [kswapd0]
(root,0,0,00:00:00/4-10:01:44,125) [kthrotld]
(root,0,0,00:00:00/4-10:01:44,126) [acpi_thermal_pm]
(root,0,0,00:00:00/4-10:01:44,127) [kmpath_rdacd]
(root,0,0,00:00:00/4-10:01:44,128) [kaluad]
(root,0,0,00:01:36/4-10:01:44,129) [kworker/0:1H-kblockd]
(root,0,0,00:00:00/4-10:01:44,130) [ipv6_addrconf]
(root,0,0,00:00:00/4-10:01:44,131) [kstrp]
(root,0,0,00:00:00/4-10:01:44,132) [zswap-shrink]
(root,0,0,00:02:32/4-10:01:44,142) [kworker/1:1H-kblockd]
(root,0,0,00:03:10/4-10:01:44,178) [kworker/3:1H-kblockd]
(root,0,0,00:00:00/4-10:01:42,355) [ata_sff]
(root,0,0,00:00:13/4-10:01:42,360) [scsi_eh_0]
(root,0,0,00:00:00/4-10:01:42,361) [scsi_tmf_0]
(root,0,0,00:00:00/4-10:01:42,362) [scsi_eh_1]
(root,0,0,00:00:00/4-10:01:42,363) [scsi_tmf_1]
(root,0,0,00:00:00/4-10:01:42,365) [ttm]
(root,0,0,00:00:00/4-10:01:41,438) [kdmflush/253:0]
(root,0,0,00:00:00/4-10:01:41,447) [kdmflush/253:1]
(root,0,0,00:00:00/4-10:01:40,473) [xfsalloc]
(root,0,0,00:00:00/4-10:01:40,474) [xfs_mru_cache]
(root,0,0,00:00:00/4-10:01:40,475) [xfs-buf/dm-0]
(root,0,0,00:00:00/4-10:01:40,476) [xfs-conv/dm-0]
(root,0,0,00:00:00/4-10:01:40,477) [xfs-cil/dm-0]
(root,0,0,00:00:00/4-10:01:40,478) [xfs-reclaim/dm-]
(root,0,0,00:00:00/4-10:01:40,479) [xfs-blockgc/dm-]
(root,0,0,00:00:00/4-10:01:40,480) [xfs-log/dm-0]
(root,0,0,00:02:38/4-10:01:40,481) [xfsaild/dm-0]
(root,165644,66140,00:02:23/4-10:01:25,576) /usr/lib/systemd/systemd-journald
(root,0,0,00:00:00/4-10:01:22,616) [xfs-buf/sda1]
(root,0,0,00:00:00/4-10:01:22,617) [xfs-conv/sda1]
(root,0,0,00:00:00/4-10:01:22,618) [xfs-cil/sda1]
(root,0,0,00:00:00/4-10:01:22,619) [xfs-reclaim/sda]
(root,0,0,00:00:00/4-10:01:22,620) [xfs-blockgc/sda]
(root,0,0,00:00:00/4-10:01:22,621) [xfs-log/sda1]
(root,0,0,00:00:00/4-10:01:22,622) [xfsaild/sda1]
(root,97252,8264,00:00:02/4-10:01:20,624) /usr/lib/systemd/systemd-udevd
(root,0,0,00:00:00/4-10:01:17,672) [kdmflush/253:2]
(root,0,0,00:00:00/4-10:01:16,680) [xfs-buf/dm-2]
(root,0,0,00:00:00/4-10:01:16,681) [xfs-conv/dm-2]
(root,0,0,00:00:00/4-10:01:16,682) [xfs-cil/dm-2]
(root,0,0,00:00:00/4-10:01:16,683) [xfs-reclaim/dm-]
(root,0,0,00:00:00/4-10:01:16,684) [xfs-blockgc/dm-]
(root,0,0,00:00:00/4-10:01:16,685) [xfs-log/dm-2]
(root,0,0,00:00:37/4-10:01:16,686) [xfsaild/dm-2]
(rpc,67440,5300,00:00:01/4-10:01:13,710) /usr/bin/rpcbind -w -f
(root,0,0,00:00:00/4-10:01:13,712) [rpciod]
(root,0,0,00:00:00/4-10:01:13,713) [xprtiod]
(root,57392,2060,00:00:19/4-10:01:13,716) /sbin/auditd
(root,50776,5812,00:00:08/4-10:00:43,756) /usr/sbin/smartd -n -q never
(dbus,56564,5520,00:02:01/4-10:00:43,758) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
(root,125068,5236,00:00:23/4-10:00:42,761) /usr/sbin/irqbalance --foreground
(nscd,1030468,4244,00:00:58/4-10:00:40,768) /usr/sbin/nscd
(root,79876,7688,00:00:57/4-10:00:39,777) /usr/lib/systemd/systemd-logind
(root,239864,3244,00:00:00/4-10:00:39,778) /usr/sbin/pure-authd -s /var/run/ftpd.sock -r /usr/local/cpanel/bin/pureauth
(chrony,140188,4392,00:00:05/4-10:00:38,781) /usr/sbin/chronyd
(mailnull,88356,16016,00:00:13/4-09:59:52,879) /usr/sbin/exim -ps -bd -q15m -oP /var/spool/exim/exim-daemon.pid
(root,0,0,00:00:19/4-09:59:13,1211) [loop0]
(root,0,0,00:00:05/4-09:58:56,1217) [jbd2/loop0-8]
(root,0,0,00:00:00/4-09:58:56,1218) [ext4-rsv-conver]
(root,44608,4672,00:00:08/4-09:58:50,1228) /usr/sbin/dovecot -F -c /etc/dovecot/dovecot.conf
(root,75028,7256,00:00:12/4-09:58:48,1236) /usr/sbin/sshd -D -oCiphers=aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes256-ctr,aes256-cbc,aes128-gcm@openssh.com,aes128-ctr,aes128-cbc -oMACs=hmac-sha2-256-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha1,umac-128@openssh.com,hmac-sha2-512 -oGSSAPIKexAlgorithms=gss-curve25519-sha256-,gss-nistp256-sha256-,gss-group14-sha256-,gss-group16-sha512-,gss-gex-sha1-,gss-group14-sha1- -oKexAlgorithms=curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1 -oHostKeyAlgorithms=ecdsa-sha2-nistp256,ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521,ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh-ed25519,ssh-ed25519-cert-v01@openssh.com,rsa-sha2-256,rsa-sha2-256-cert-v01@openssh.com,rsa-sha2-512,rsa-sha2-512-cert-v01@openssh.com,ssh-rsa,ssh-rsa-cert-v01@openssh.com -oPubkeyAcceptedKeyTypes=ecdsa-sha2-nistp256,ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521,ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh-ed25519,ssh-ed25519-cert-v01@openssh.com,rsa-sha2-256,rsa-sha2-256-cert-v01@openssh.com,rsa-sha2-512,rsa-sha2-512-cert-v01@openssh.com,ssh-rsa,ssh-rsa-cert-v01@openssh.com -oCASignatureAlgorithms=ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519,rsa-sha2-256,rsa-sha2-512,ssh-rsa
(root,240472,5956,00:00:01/4-09:58:47,1237) pure-ftpd (SERVER)
(root,367144,20856,00:01:54/4-09:58:45,1246) /usr/sbin/rsyslogd -n
(root,49208,3332,00:00:00/4-09:58:45,1248) /usr/sbin/xinetd -stayalive -pidfile /var/run/xinetd.pid
(root,314972,3616,00:00:00/4-09:58:12,1293) /usr/sbin/gssproxy -D
(root,0,0,00:00:00/4-09:58:04,1332) [ib-comp-wq]
(root,0,0,00:00:00/4-09:58:04,1334) [kworker/u9:0]
(root,0,0,00:00:00/4-09:58:04,1335) [ib-comp-unb-wq]
(root,0,0,00:00:00/4-09:58:04,1336) [ib_mcast]
(root,0,0,00:00:00/4-09:58:04,1337) [ib_nl_sa_wq]
(root,233820,2932,00:00:11/4-09:58:00,1358) /usr/sbin/crond -n
(root,24504,1360,00:00:00/4-09:57:55,1428) /usr/sbin/atd -f
(mysql,1855408,243972,00:20:38/4-09:57:55,1431) /usr/sbin/mariadbd
(root,217772,944,00:00:00/4-09:57:51,1439) /sbin/agetty -o -p -- \u --noclear tty1 linux
(dovenull,27380,7204,00:00:02/4-09:57:45,1521) dovecot/pop3-login
(dovenull,27368,7420,00:00:03/4-09:57:45,1522) dovecot/imap-login
(dovecot,10472,1292,00:00:01/4-09:57:45,1523) dovecot/anvil
(root,10732,2872,00:00:03/4-09:57:45,1524) dovecot/log
(dovenull,27500,7284,00:00:03/4-09:57:45,1525) dovecot/pop3-login
(dovenull,28104,7852,00:00:03/4-09:57:45,1526) dovecot/imap-login
(root,16520,4972,00:00:06/4-09:57:42,1533) dovecot/config
(dovecot,14232,3276,00:00:03/4-09:57:31,1611) dovecot/stats
(named,778596,50552,00:01:16/4-09:57:10,1837) /usr/sbin/pdns_server --socket-dir=/run/pdns --guardian=no --daemon=no --disable-syslog --log-timestamp=no --write-pid=no
(root,296612,9356,00:04:28/4-09:57:09,1840) cPhulkd - processor - dormant mode - accepting connections
(root,296320,9528,00:00:23/4-09:57:09,1844) dnsadmin - dormant mode
(root,312864,13144,00:01:08/4-09:57:09,1846) cpdavd - accepting connections on: 2079, 2080, 2091, 2077, 2078 (dormant)
(root,268092,4636,00:00:04/4-09:56:49,1873) cpanellogd - sleeping for logs
(root,0,0,00:00:00/4-09:55:46,2033) [kworker/1:2H]
(root,336300,22860,00:01:05/4-09:09:12,8282) tailwatchd
(root,318720,13780,00:00:56/4-09:08:57,8329) queueprocd - waiting up to 60s to process a task
(root,362496,36328,00:05:19/4-09:08:43,8365) cpsrvd (SSL) - waiting for connections                    
(cpanelconnecttrack,23452,4544,00:23:58/4-09:08:43,8370) /usr/local/cpanel/3rdparty/sbin/p0f -i any -u cpanelconnecttrack -d -s /var/cpanel/userhomes/cpanelconnecttrack/p0f.socket less 400 and not dst port 80 and not dst port 443 and tcp[13] & 8==0
(root,457660,13780,00:00:59/4-09:07:00,8937) php-fpm: master process (/opt/cpanel/ea-php81/root/etc/php-fpm.conf)
(root,211268,8460,00:00:33/4-08:58:26,10336) /usr/sbin/httpd -k start
(root,13912,1376,00:00:02/4-08:58:26,10337) /usr/local/cpanel/bin/splitlogs --dir=/etc/apache2/logs/domlogs --main=moly1.molygoshop.com --suffix=-bytes_log
(root,13912,1560,00:00:02/4-08:58:26,10338) /usr/local/cpanel/bin/splitlogs --dir=/etc/apache2/logs/domlogs --main=moly1.molygoshop.com --mainout=/etc/apache2/logs/access_log
(root,82156,5796,00:00:00/4-08:58:26,10339) /usr/local/cpanel/3rdparty/bin/perl /usr/local/cpanel/bin/leechprotect
(root,0,0,00:00:00/3-12:33:22,197653) [dio/dm-0]
(root,334988,30532,00:00:44/09:44:13,865582) lfd - sleeping
(nobody,212964,11076,00:00:02/09:26:10,868376) /usr/sbin/httpd -k start
(root,0,0,00:00:01/04:48:37,909897) [kworker/u8:0-xfs-cil/dm-0]
(root,410236,12504,00:00:01/04:42:31,911482) php-fpm: master process (/usr/local/cpanel/etc/php-fpm.conf)
(root,565512,39800,00:00:00/04:42:31,911513) sw-engine-fpm: master process (/etc/sw-engine/sw-engine-fpm.conf)
(wp-toolkit,524804,65848,00:00:09/04:42:23,911612) /usr/bin/sw-engine /usr/local/cpanel/3rdparty/wp-toolkit/bin/run-script background-tasks-executor.php
(wp-toolkit,508148,49768,00:00:00/04:42:23,911617) /usr/bin/sw-engine /usr/local/cpanel/3rdparty/wp-toolkit/bin/run-script scheduled-tasks-executor.php
(root,0,0,00:00:01/04:28:46,913534) [kworker/u8:2-writeback]
(root,301372,155212,00:00:11/03:57:11,919200) /usr/local/cpanel/3rdparty/perl/536/bin/perl -T -w /usr/local/cpanel/3rdparty/bin/spamd --allowed-ips=127.0.0.1,::1 --max-children=5 --pidfile=/var/run/spamd.pid --listen=5 --listen=6
(root,302648,147648,00:00:04/03:46:26,920747) spamd child
(root,301372,146236,00:00:00/03:46:26,920748) spamd child
(root,0,0,00:00:00/01:39:11,939547) [kworker/u8:1-events_unbound]
(nobody,212820,10820,00:00:00/48:03,947400) /usr/sbin/httpd -k start
(nobody,212820,10824,00:00:00/48:02,947409) /usr/sbin/httpd -k start
(nobody,213052,10020,00:00:00/48:01,947416) /usr/sbin/httpd -k start
(nobody,212820,10504,00:00:00/48:00,947422) /usr/sbin/httpd -k start
(nobody,212892,10364,00:00:00/48:00,947430) /usr/sbin/httpd -k start
(nobody,212892,10364,00:00:00/48:00,947431) /usr/sbin/httpd -k start
(nobody,212820,10572,00:00:00/48:00,947433) /usr/sbin/httpd -k start
(nobody,212832,10392,00:00:00/48:00,947434) /usr/sbin/httpd -k start
(nobody,213268,11312,00:00:00/48:00,947437) /usr/sbin/httpd -k start
(root,0,0,00:00:00/34:59,949600) [kworker/1:1-kdmflush/253:2]
(root,0,0,00:00:00/27:45,950864) [kworker/3:1-cgroup_destroy]
(root,0,0,00:00:00/24:00,951271) [kworker/2:3-events]
(root,0,0,00:00:00/19:13,951974) [kworker/3:0-cgroup_pidlist_destroy]
(root,0,0,00:00:00/16:44,952474) [kworker/2:2-cgroup_pidlist_destroy]
(root,0,0,00:00:00/14:13,952775) [kworker/0:1-cgroup_pidlist_destroy]
(root,0,0,00:00:00/13:45,952886) [kworker/3:2-events]
(root,0,0,00:00:00/08:59,953558) [kworker/1:2-events]
(root,0,0,00:00:00/08:50,953568) [kworker/0:0-cgroup_pidlist_destroy]
(root,0,0,00:00:00/07:45,953761) [kworker/2:0-events]
(root,0,0,00:00:00/06:19,953894) [kworker/0:2-events]
(root,0,0,00:00:00/04:59,954182) [kworker/3:3-events]
(root,0,0,00:00:00/03:24,954408) [kworker/1:0-kdmflush/253:2]
(root,0,0,00:00:00/00:45,954783) [kworker/0:3-cgroup_destroy]
(root,0,0,00:00:00/00:16,954813) [cpaneld - servi] <defunct>
(root,222732,3332,00:00:00/00:00,954958) /bin/bash /usr/bin/check_mk_agent
(root,42868,2172,00:00:00/00:00,954974) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000
(root,17756,1252,00:00:00/00:00,954975) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) /

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: ens18: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP mode DEFAULT group default qlen 1000
    link/ether 86:26:7e:9b:5a:f9 brd ff:ff:ff:ff:ff:ff
    altname enp0s18
3: ens19: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP mode DEFAULT group default qlen 1000
    link/ether 46:26:9b:9b:f9:21 brd ff:ff:ff:ff:ff:ff
    altname enp0s19
[end_iplink]
      Found on 2024-12-18 01:44

    • Severity: high
      Fingerprint: 03cb82e6f6a6b45342c4bbcb4b4d50b5e9848d861f366845ea9ad32897fdef90

      Found public CheckMk agent:
Version: 1.4.0p30
AgentOS: linux
Hostname: moly1.molygoshop.com
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local

Found process list through CheckMk:
(root,247108,11424,00:10:50/2-08:06:00,1) /usr/lib/systemd/systemd --switched-root --system --deserialize 17
(root,0,0,00:00:00/2-08:06:00,2) [kthreadd]
(root,0,0,00:00:00/2-08:06:00,3) [rcu_gp]
(root,0,0,00:00:00/2-08:06:00,4) [rcu_par_gp]
(root,0,0,00:00:00/2-08:06:00,5) [slub_flushwq]
(root,0,0,00:00:00/2-08:06:00,7) [kworker/0:0H-events_highpri]
(root,0,0,00:00:00/2-08:06:00,9) [mm_percpu_wq]
(root,0,0,00:00:00/2-08:06:00,10) [rcu_tasks_rude_]
(root,0,0,00:00:00/2-08:06:00,11) [rcu_tasks_trace]
(root,0,0,00:00:03/2-08:06:00,12) [ksoftirqd/0]
(root,0,0,00:03:22/2-08:06:00,13) [rcu_sched]
(root,0,0,00:00:00/2-08:06:00,14) [migration/0]
(root,0,0,00:00:00/2-08:06:00,15) [watchdog/0]
(root,0,0,00:00:00/2-08:06:00,16) [cpuhp/0]
(root,0,0,00:00:00/2-08:06:00,17) [cpuhp/1]
(root,0,0,00:00:00/2-08:06:00,18) [watchdog/1]
(root,0,0,00:00:00/2-08:06:00,19) [migration/1]
(root,0,0,00:00:02/2-08:06:00,20) [ksoftirqd/1]
(root,0,0,00:00:00/2-08:06:00,23) [cpuhp/2]
(root,0,0,00:00:00/2-08:06:00,24) [watchdog/2]
(root,0,0,00:00:00/2-08:06:00,25) [migration/2]
(root,0,0,00:00:06/2-08:06:00,26) [ksoftirqd/2]
(root,0,0,00:00:00/2-08:06:00,28) [kworker/2:0H-events_highpri]
(root,0,0,00:00:00/2-08:06:00,29) [cpuhp/3]
(root,0,0,00:00:00/2-08:06:00,30) [watchdog/3]
(root,0,0,00:00:01/2-08:06:00,31) [migration/3]
(root,0,0,00:00:03/2-08:06:00,32) [ksoftirqd/3]
(root,0,0,00:00:00/2-08:06:00,34) [kworker/3:0H-events_highpri]
(root,0,0,00:00:00/2-08:06:00,39) [kdevtmpfs]
(root,0,0,00:00:00/2-08:06:00,40) [netns]
(root,0,0,00:00:01/2-08:06:00,41) [kauditd]
(root,0,0,00:00:00/2-08:06:00,43) [khungtaskd]
(root,0,0,00:00:00/2-08:06:00,44) [oom_reaper]
(root,0,0,00:00:00/2-08:06:00,45) [writeback]
(root,0,0,00:00:00/2-08:06:00,46) [kcompactd0]
(root,0,0,00:00:00/2-08:06:00,47) [ksmd]
(root,0,0,00:00:58/2-08:06:00,48) [khugepaged]
(root,0,0,00:00:00/2-08:06:00,49) [crypto]
(root,0,0,00:00:00/2-08:06:00,50) [kintegrityd]
(root,0,0,00:00:00/2-08:06:00,51) [kblockd]
(root,0,0,00:00:00/2-08:06:00,52) [blkcg_punt_bio]
(root,0,0,00:00:00/2-08:06:00,54) [tpm_dev_wq]
(root,0,0,00:00:00/2-08:06:00,55) [md]
(root,0,0,00:00:00/2-08:06:00,56) [md_bitmap]
(root,0,0,00:00:00/2-08:06:00,57) [edac-poller]
(root,0,0,00:00:00/2-08:06:00,58) [watchdogd]
(root,0,0,00:02:15/2-08:06:00,61) [kworker/2:1H-kblockd]
(root,0,0,00:00:07/2-08:05:58,64) [kswapd0]
(root,0,0,00:00:00/2-08:05:58,125) [kthrotld]
(root,0,0,00:00:00/2-08:05:58,126) [acpi_thermal_pm]
(root,0,0,00:00:00/2-08:05:58,127) [kmpath_rdacd]
(root,0,0,00:00:00/2-08:05:58,128) [kaluad]
(root,0,0,00:01:05/2-08:05:58,129) [kworker/0:1H-kblockd]
(root,0,0,00:00:00/2-08:05:58,130) [ipv6_addrconf]
(root,0,0,00:00:00/2-08:05:58,131) [kstrp]
(root,0,0,00:00:00/2-08:05:58,132) [zswap-shrink]
(root,0,0,00:01:46/2-08:05:58,142) [kworker/1:1H-kblockd]
(root,0,0,00:02:06/2-08:05:58,178) [kworker/3:1H-kblockd]
(root,0,0,00:00:00/2-08:05:56,355) [ata_sff]
(root,0,0,00:00:13/2-08:05:56,360) [scsi_eh_0]
(root,0,0,00:00:00/2-08:05:56,361) [scsi_tmf_0]
(root,0,0,00:00:00/2-08:05:56,362) [scsi_eh_1]
(root,0,0,00:00:00/2-08:05:56,363) [scsi_tmf_1]
(root,0,0,00:00:00/2-08:05:56,365) [ttm]
(root,0,0,00:00:00/2-08:05:55,438) [kdmflush/253:0]
(root,0,0,00:00:00/2-08:05:55,447) [kdmflush/253:1]
(root,0,0,00:00:00/2-08:05:54,473) [xfsalloc]
(root,0,0,00:00:00/2-08:05:54,474) [xfs_mru_cache]
(root,0,0,00:00:00/2-08:05:54,475) [xfs-buf/dm-0]
(root,0,0,00:00:00/2-08:05:54,476) [xfs-conv/dm-0]
(root,0,0,00:00:00/2-08:05:54,477) [xfs-cil/dm-0]
(root,0,0,00:00:00/2-08:05:54,478) [xfs-reclaim/dm-]
(root,0,0,00:00:00/2-08:05:54,479) [xfs-blockgc/dm-]
(root,0,0,00:00:00/2-08:05:54,480) [xfs-log/dm-0]
(root,0,0,00:01:24/2-08:05:54,481) [xfsaild/dm-0]
(root,123648,24888,00:01:35/2-08:05:39,576) /usr/lib/systemd/systemd-journald
(root,0,0,00:00:00/2-08:05:36,616) [xfs-buf/sda1]
(root,0,0,00:00:00/2-08:05:36,617) [xfs-conv/sda1]
(root,0,0,00:00:00/2-08:05:36,618) [xfs-cil/sda1]
(root,0,0,00:00:00/2-08:05:36,619) [xfs-reclaim/sda]
(root,0,0,00:00:00/2-08:05:36,620) [xfs-blockgc/sda]
(root,0,0,00:00:00/2-08:05:36,621) [xfs-log/sda1]
(root,0,0,00:00:00/2-08:05:36,622) [xfsaild/sda1]
(root,97252,8336,00:00:01/2-08:05:34,624) /usr/lib/systemd/systemd-udevd
(root,0,0,00:00:00/2-08:05:31,672) [kdmflush/253:2]
(root,0,0,00:00:00/2-08:05:30,680) [xfs-buf/dm-2]
(root,0,0,00:00:00/2-08:05:30,681) [xfs-conv/dm-2]
(root,0,0,00:00:00/2-08:05:30,682) [xfs-cil/dm-2]
(root,0,0,00:00:00/2-08:05:30,683) [xfs-reclaim/dm-]
(root,0,0,00:00:00/2-08:05:30,684) [xfs-blockgc/dm-]
(root,0,0,00:00:00/2-08:05:30,685) [xfs-log/dm-2]
(root,0,0,00:00:21/2-08:05:30,686) [xfsaild/dm-2]
(rpc,67328,5220,00:00:01/2-08:05:27,710) /usr/bin/rpcbind -w -f
(root,0,0,00:00:00/2-08:05:27,712) [rpciod]
(root,0,0,00:00:00/2-08:05:27,713) [xprtiod]
(root,57392,2060,00:00:12/2-08:05:27,716) /sbin/auditd
(root,50776,5832,00:00:08/2-08:04:57,756) /usr/sbin/smartd -n -q never
(dbus,56564,5508,00:01:16/2-08:04:57,758) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
(root,125068,5240,00:00:15/2-08:04:56,761) /usr/sbin/irqbalance --foreground
(nscd,1030468,4236,00:00:37/2-08:04:54,768) /usr/sbin/nscd
(root,79876,7688,00:00:36/2-08:04:53,777) /usr/lib/systemd/systemd-logind
(root,239864,3244,00:00:00/2-08:04:53,778) /usr/sbin/pure-authd -s /var/run/ftpd.sock -r /usr/local/cpanel/bin/pureauth
(chrony,140188,4400,00:00:03/2-08:04:52,781) /usr/sbin/chronyd
(mailnull,88356,16092,00:00:08/2-08:04:06,879) /usr/sbin/exim -ps -bd -q15m -oP /var/spool/exim/exim-daemon.pid
(root,0,0,00:00:14/2-08:03:27,1211) [loop0]
(root,0,0,00:00:03/2-08:03:10,1217) [jbd2/loop0-8]
(root,0,0,00:00:00/2-08:03:10,1218) [ext4-rsv-conver]
(root,44608,4672,00:00:05/2-08:03:04,1228) /usr/sbin/dovecot -F -c /etc/dovecot/dovecot.conf
(root,75028,7256,00:00:08/2-08:03:02,1236) /usr/sbin/sshd -D -oCiphers=aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes256-ctr,aes256-cbc,aes128-gcm@openssh.com,aes128-ctr,aes128-cbc -oMACs=hmac-sha2-256-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha1,umac-128@openssh.com,hmac-sha2-512 -oGSSAPIKexAlgorithms=gss-curve25519-sha256-,gss-nistp256-sha256-,gss-group14-sha256-,gss-group16-sha512-,gss-gex-sha1-,gss-group14-sha1- -oKexAlgorithms=curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1 -oHostKeyAlgorithms=ecdsa-sha2-nistp256,ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521,ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh-ed25519,ssh-ed25519-cert-v01@openssh.com,rsa-sha2-256,rsa-sha2-256-cert-v01@openssh.com,rsa-sha2-512,rsa-sha2-512-cert-v01@openssh.com,ssh-rsa,ssh-rsa-cert-v01@openssh.com -oPubkeyAcceptedKeyTypes=ecdsa-sha2-nistp256,ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521,ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh-ed25519,ssh-ed25519-cert-v01@openssh.com,rsa-sha2-256,rsa-sha2-256-cert-v01@openssh.com,rsa-sha2-512,rsa-sha2-512-cert-v01@openssh.com,ssh-rsa,ssh-rsa-cert-v01@openssh.com -oCASignatureAlgorithms=ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519,rsa-sha2-256,rsa-sha2-512,ssh-rsa
(root,240472,5956,00:00:00/2-08:03:01,1237) pure-ftpd (SERVER)
(root,304800,22056,00:01:12/2-08:02:59,1246) /usr/sbin/rsyslogd -n
(root,49208,3332,00:00:00/2-08:02:59,1248) /usr/sbin/xinetd -stayalive -pidfile /var/run/xinetd.pid
(root,314972,3620,00:00:00/2-08:02:26,1293) /usr/sbin/gssproxy -D
(root,0,0,00:00:00/2-08:02:18,1332) [ib-comp-wq]
(root,0,0,00:00:00/2-08:02:18,1334) [kworker/u9:0]
(root,0,0,00:00:00/2-08:02:18,1335) [ib-comp-unb-wq]
(root,0,0,00:00:00/2-08:02:18,1336) [ib_mcast]
(root,0,0,00:00:00/2-08:02:18,1337) [ib_nl_sa_wq]
(root,233788,2900,00:00:07/2-08:02:14,1358) /usr/sbin/crond -n
(root,24504,1360,00:00:00/2-08:02:09,1428) /usr/sbin/atd -f
(mysql,1854808,246056,00:11:50/2-08:02:09,1431) /usr/sbin/mariadbd
(root,217772,944,00:00:00/2-08:02:05,1439) /sbin/agetty -o -p -- \u --noclear tty1 linux
(dovenull,27380,7204,00:00:01/2-08:01:59,1521) dovecot/pop3-login
(dovenull,27368,7324,00:00:02/2-08:01:59,1522) dovecot/imap-login
(dovecot,10472,1292,00:00:00/2-08:01:59,1523) dovecot/anvil
(root,10732,2872,00:00:02/2-08:01:59,1524) dovecot/log
(dovenull,27500,7284,00:00:02/2-08:01:59,1525) dovecot/pop3-login
(dovenull,27380,7376,00:00:01/2-08:01:59,1526) dovecot/imap-login
(root,16520,4972,00:00:04/2-08:01:56,1533) dovecot/config
(dovecot,14232,3276,00:00:02/2-08:01:45,1611) dovecot/stats
(wp-toolkit,508148,42228,00:00:12/2-08:01:32,1774) /usr/bin/sw-engine /usr/local/cpanel/3rdparty/wp-toolkit/bin/run-script scheduled-tasks-executor.php
(wp-toolkit,524704,55932,00:02:47/2-08:01:32,1775) /usr/bin/sw-engine /usr/local/cpanel/3rdparty/wp-toolkit/bin/run-script background-tasks-executor.php
(named,704864,54688,00:00:45/2-08:01:24,1837) /usr/sbin/pdns_server --socket-dir=/run/pdns --guardian=no --daemon=no --disable-syslog --log-timestamp=no --write-pid=no
(root,296612,9748,00:02:34/2-08:01:23,1840) cPhulkd - processor - dormant mode - accepting connections
(root,296320,9512,00:00:15/2-08:01:23,1844) dnsadmin - dormant mode
(root,312864,12960,00:00:44/2-08:01:23,1846) cpdavd - accepting connections on: 2079, 2080, 2091, 2077, 2078 (dormant)
(root,268092,4168,00:00:03/2-08:01:03,1873) cpanellogd - sleeping for logs
(root,0,0,00:00:00/2-08:00:00,2033) [kworker/1:2H]
(root,565512,30300,00:00:03/2-07:58:12,2533) sw-engine-fpm: master process (/etc/sw-engine/sw-engine-fpm.conf)
(root,336300,23888,00:00:41/2-07:13:26,8282) tailwatchd
(root,318720,14992,00:00:37/2-07:13:11,8329) queueprocd - waiting up to 60s to process a task
(root,297252,10108,00:03:23/2-07:12:57,8365) cpsrvd (SSL) - dormant mode - accepting connections
(cpanelconnecttrack,23452,4548,00:12:53/2-07:12:57,8370) /usr/local/cpanel/3rdparty/sbin/p0f -i any -u cpanelconnecttrack -d -s /var/cpanel/userhomes/cpanelconnecttrack/p0f.socket less 400 and not dst port 80 and not dst port 443 and tcp[13] & 8==0
(root,410236,11432,00:00:16/2-07:12:31,8555) php-fpm: master process (/usr/local/cpanel/etc/php-fpm.conf)
(root,457660,14164,00:00:34/2-07:11:14,8937) php-fpm: master process (/opt/cpanel/ea-php81/root/etc/php-fpm.conf)
(root,211268,8736,00:00:20/2-07:02:40,10336) /usr/sbin/httpd -k start
(root,13912,1440,00:00:01/2-07:02:40,10337) /usr/local/cpanel/bin/splitlogs --dir=/etc/apache2/logs/domlogs --main=moly1.molygoshop.com --suffix=-bytes_log
(root,13912,1608,00:00:01/2-07:02:40,10338) /usr/local/cpanel/bin/splitlogs --dir=/etc/apache2/logs/domlogs --main=moly1.molygoshop.com --mainout=/etc/apache2/logs/access_log
(root,82156,13220,00:00:00/2-07:02:40,10339) /usr/local/cpanel/3rdparty/bin/perl /usr/local/cpanel/bin/leechprotect
(root,0,0,00:00:00/1-10:37:36,197653) [dio/dm-0]
(root,334952,30736,00:00:37/07:48:27,436489) lfd - sleeping
(nobody,213076,11332,00:00:01/05:43:34,455411) /usr/sbin/httpd -k start
(root,0,0,00:00:01/05:07:44,460922) [kworker/u8:0-events_unbound]
(nobody,213012,11256,00:00:01/03:53:23,472125) /usr/sbin/httpd -k start
(nobody,213004,10960,00:00:00/03:53:06,472145) /usr/sbin/httpd -k start
(root,0,0,00:00:00/02:04:20,488934) [kworker/u8:2-flush-253:0]
(nobody,213084,11048,00:00:00/02:03:05,489603) /usr/sbin/httpd -k start
(root,301044,154912,00:00:10/02:02:01,490238) /usr/local/cpanel/3rdparty/perl/536/bin/perl -T -w /usr/local/cpanel/3rdparty/bin/spamd --allowed-ips=127.0.0.1,::1 --max-children=5 --pidfile=/var/run/spamd.pid --listen=5 --listen=6
(nobody,213016,10784,00:00:00/02:00:37,490490) /usr/sbin/httpd -k start
(nobody,212900,10744,00:00:00/01:59:53,490586) /usr/sbin/httpd -k start
(root,302276,147460,00:00:02/01:50:36,491889) spamd child
(root,301044,145844,00:00:00/01:50:36,491890) spamd child
(nobody,212800,10560,00:00:00/01:50:26,492024) /usr/sbin/httpd -k start
(nobody,213056,10824,00:00:00/01:25:22,495808) /usr/sbin/httpd -k start
(nobody,212900,10668,00:00:00/01:16:45,497171) /usr/sbin/httpd -k start
(root,0,0,00:00:00/01:07:19,498692) [kworker/u8:1-flush-253:0]
(nobody,213072,10840,00:00:00/01:03:30,499111) /usr/sbin/httpd -k start
(root,0,0,00:00:00/39:15,502703) [kworker/2:0-cgroup_pidlist_destroy]
(root,0,0,00:00:00/35:00,503405) [kworker/3:0-cgroup_pidlist_destroy]
(root,0,0,00:00:00/33:16,503581) [kworker/2:3-events]
(root,0,0,00:00:00/30:00,504141) [kworker/1:2-cgroup_pidlist_destroy]
(root,0,0,00:00:00/23:29,505017) [kworker/0:2-cgroup_destroy]
(root,0,0,00:00:00/20:00,505625) [kworker/3:1-events]
(root,0,0,00:00:00/13:11,506574) [kworker/0:0-cgroup_pidlist_destroy]
(root,0,0,00:00:00/12:00,506763) [kworker/3:2-cgroup_pidlist_destroy]
(root,0,0,00:00:00/09:15,507171) [kworker/1:0-kdmflush/253:2]
(root,0,0,00:00:00/08:16,507306) [kworker/2:2-cgroup_pidlist_destroy]
(root,0,0,00:00:00/07:39,507400) [kworker/0:1-events]
(root,0,0,00:00:00/05:00,507734) [kworker/0:3-events_power_efficient]
(dovecot,37216,4148,00:00:00/04:06,507805) dovecot/auth
(root,0,0,00:00:00/04:00,507985) [kworker/3:3-events]
(root,0,0,00:00:00/02:00,508250) [kworker/1:1-cgroup_pidlist_destroy]
(root,0,0,00:00:00/02:00,508251) [kworker/1:3-mm_percpu_wq]
(mailnull,88700,11248,00:00:00/00:01,508398) /usr/sbin/exim -ps -bd -q15m -oP /var/spool/exim/exim-daemon.pid
(mailnull,88700,11248,00:00:00/00:01,508399) /usr/sbin/exim -ps -bd -q15m -oP /var/spool/exim/exim-daemon.pid
(root,0,0,00:00:00/00:00,508466) [kworker/2:1-cgroup_destroy]
(root,222732,3264,00:00:00/00:00,508589) /bin/bash /usr/bin/check_mk_agent
(root,42868,2252,00:00:00/00:00,508605) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000
(root,17756,1256,00:00:00/00:00,508606) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) /

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: ens18: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP mode DEFAULT group default qlen 1000
    link/ether 86:26:7e:9b:5a:f9 brd ff:ff:ff:ff:ff:ff
    altname enp0s18
3: ens19: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP mode DEFAULT group default qlen 1000
    link/ether 46:26:9b:9b:f9:21 brd ff:ff:ff:ff:ff:ff
    altname enp0s19
[end_iplink]
      Found on 2024-12-15 23:48

    • Severity: high
      Fingerprint: 03cb82e6f6a6b45342c4bbcb4b4d50b5e9848d861f366845ea9ad3284b44421c

      Found public CheckMk agent:
Version: 1.4.0p30
AgentOS: linux
Hostname: moly1.molygoshop.com
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local

Found process list through CheckMk:
(root,247108,11420,00:01:48/08:24:05,1) /usr/lib/systemd/systemd --switched-root --system --deserialize 17
(root,0,0,00:00:00/08:24:05,2) [kthreadd]
(root,0,0,00:00:00/08:24:05,3) [rcu_gp]
(root,0,0,00:00:00/08:24:05,4) [rcu_par_gp]
(root,0,0,00:00:00/08:24:05,5) [slub_flushwq]
(root,0,0,00:00:00/08:24:05,7) [kworker/0:0H-events_highpri]
(root,0,0,00:00:00/08:24:05,9) [mm_percpu_wq]
(root,0,0,00:00:00/08:24:05,10) [rcu_tasks_rude_]
(root,0,0,00:00:00/08:24:05,11) [rcu_tasks_trace]
(root,0,0,00:00:00/08:24:05,12) [ksoftirqd/0]
(root,0,0,00:00:31/08:24:05,13) [rcu_sched]
(root,0,0,00:00:00/08:24:05,14) [migration/0]
(root,0,0,00:00:00/08:24:05,15) [watchdog/0]
(root,0,0,00:00:00/08:24:05,16) [cpuhp/0]
(root,0,0,00:00:00/08:24:05,17) [cpuhp/1]
(root,0,0,00:00:00/08:24:05,18) [watchdog/1]
(root,0,0,00:00:00/08:24:05,19) [migration/1]
(root,0,0,00:00:00/08:24:05,20) [ksoftirqd/1]
(root,0,0,00:00:00/08:24:05,23) [cpuhp/2]
(root,0,0,00:00:00/08:24:05,24) [watchdog/2]
(root,0,0,00:00:00/08:24:05,25) [migration/2]
(root,0,0,00:00:00/08:24:05,26) [ksoftirqd/2]
(root,0,0,00:00:00/08:24:05,28) [kworker/2:0H-events_highpri]
(root,0,0,00:00:00/08:24:05,29) [cpuhp/3]
(root,0,0,00:00:00/08:24:05,30) [watchdog/3]
(root,0,0,00:00:00/08:24:05,31) [migration/3]
(root,0,0,00:00:00/08:24:05,32) [ksoftirqd/3]
(root,0,0,00:00:00/08:24:05,34) [kworker/3:0H-events_highpri]
(root,0,0,00:00:00/08:24:05,39) [kdevtmpfs]
(root,0,0,00:00:00/08:24:05,40) [netns]
(root,0,0,00:00:00/08:24:05,41) [kauditd]
(root,0,0,00:00:00/08:24:05,43) [khungtaskd]
(root,0,0,00:00:00/08:24:05,44) [oom_reaper]
(root,0,0,00:00:00/08:24:05,45) [writeback]
(root,0,0,00:00:00/08:24:05,46) [kcompactd0]
(root,0,0,00:00:00/08:24:05,47) [ksmd]
(root,0,0,00:00:17/08:24:05,48) [khugepaged]
(root,0,0,00:00:00/08:24:05,49) [crypto]
(root,0,0,00:00:00/08:24:05,50) [kintegrityd]
(root,0,0,00:00:00/08:24:05,51) [kblockd]
(root,0,0,00:00:00/08:24:05,52) [blkcg_punt_bio]
(root,0,0,00:00:00/08:24:05,54) [tpm_dev_wq]
(root,0,0,00:00:00/08:24:05,55) [md]
(root,0,0,00:00:00/08:24:05,56) [md_bitmap]
(root,0,0,00:00:00/08:24:05,57) [edac-poller]
(root,0,0,00:00:00/08:24:05,58) [watchdogd]
(root,0,0,00:00:30/08:24:05,61) [kworker/2:1H-kblockd]
(root,0,0,00:00:00/08:24:03,64) [kswapd0]
(root,0,0,00:00:00/08:24:03,125) [kthrotld]
(root,0,0,00:00:00/08:24:03,126) [acpi_thermal_pm]
(root,0,0,00:00:00/08:24:03,127) [kmpath_rdacd]
(root,0,0,00:00:00/08:24:03,128) [kaluad]
(root,0,0,00:00:14/08:24:03,129) [kworker/0:1H-kblockd]
(root,0,0,00:00:00/08:24:03,130) [ipv6_addrconf]
(root,0,0,00:00:00/08:24:03,131) [kstrp]
(root,0,0,00:00:00/08:24:03,132) [zswap-shrink]
(root,0,0,00:00:26/08:24:03,142) [kworker/1:1H-kblockd]
(root,0,0,00:00:31/08:24:03,178) [kworker/3:1H-kblockd]
(root,0,0,00:00:00/08:24:01,355) [ata_sff]
(root,0,0,00:00:00/08:24:01,360) [scsi_eh_0]
(root,0,0,00:00:00/08:24:01,361) [scsi_tmf_0]
(root,0,0,00:00:00/08:24:01,362) [scsi_eh_1]
(root,0,0,00:00:00/08:24:01,363) [scsi_tmf_1]
(root,0,0,00:00:00/08:24:01,365) [ttm]
(root,0,0,00:00:00/08:24:00,438) [kdmflush/253:0]
(root,0,0,00:00:00/08:24:00,447) [kdmflush/253:1]
(root,0,0,00:00:00/08:23:59,473) [xfsalloc]
(root,0,0,00:00:00/08:23:59,474) [xfs_mru_cache]
(root,0,0,00:00:00/08:23:59,475) [xfs-buf/dm-0]
(root,0,0,00:00:00/08:23:59,476) [xfs-conv/dm-0]
(root,0,0,00:00:00/08:23:59,477) [xfs-cil/dm-0]
(root,0,0,00:00:00/08:23:59,478) [xfs-reclaim/dm-]
(root,0,0,00:00:00/08:23:59,479) [xfs-blockgc/dm-]
(root,0,0,00:00:00/08:23:59,480) [xfs-log/dm-0]
(root,0,0,00:00:15/08:23:59,481) [xfsaild/dm-0]
(root,114520,35208,00:00:17/08:23:44,576) /usr/lib/systemd/systemd-journald
(root,0,0,00:00:00/08:23:41,616) [xfs-buf/sda1]
(root,0,0,00:00:00/08:23:41,617) [xfs-conv/sda1]
(root,0,0,00:00:00/08:23:41,618) [xfs-cil/sda1]
(root,0,0,00:00:00/08:23:41,619) [xfs-reclaim/sda]
(root,0,0,00:00:00/08:23:41,620) [xfs-blockgc/sda]
(root,0,0,00:00:00/08:23:41,621) [xfs-log/sda1]
(root,0,0,00:00:00/08:23:41,622) [xfsaild/sda1]
(root,97252,8336,00:00:00/08:23:39,624) /usr/lib/systemd/systemd-udevd
(root,0,0,00:00:00/08:23:36,672) [kdmflush/253:2]
(root,0,0,00:00:00/08:23:35,680) [xfs-buf/dm-2]
(root,0,0,00:00:00/08:23:35,681) [xfs-conv/dm-2]
(root,0,0,00:00:00/08:23:35,682) [xfs-cil/dm-2]
(root,0,0,00:00:00/08:23:35,683) [xfs-reclaim/dm-]
(root,0,0,00:00:00/08:23:35,684) [xfs-blockgc/dm-]
(root,0,0,00:00:00/08:23:35,685) [xfs-log/dm-2]
(root,0,0,00:00:02/08:23:35,686) [xfsaild/dm-2]
(rpc,67328,5220,00:00:00/08:23:32,710) /usr/bin/rpcbind -w -f
(root,0,0,00:00:00/08:23:32,712) [rpciod]
(root,0,0,00:00:00/08:23:32,713) [xprtiod]
(root,57392,2060,00:00:02/08:23:32,716) /sbin/auditd
(root,50776,5832,00:00:00/08:23:02,756) /usr/sbin/smartd -n -q never
(dbus,56564,5504,00:00:12/08:23:02,758) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
(root,125068,5240,00:00:02/08:23:01,761) /usr/sbin/irqbalance --foreground
(nscd,1030468,4188,00:00:06/08:22:59,768) /usr/sbin/nscd
(root,79876,7688,00:00:05/08:22:58,777) /usr/lib/systemd/systemd-logind
(root,239864,3244,00:00:00/08:22:58,778) /usr/sbin/pure-authd -s /var/run/ftpd.sock -r /usr/local/cpanel/bin/pureauth
(chrony,140188,4400,00:00:00/08:22:57,781) /usr/sbin/chronyd
(mailnull,106288,16176,00:00:01/08:22:11,879) /usr/sbin/exim -ps -bd -q15m -oP /var/spool/exim/exim-daemon.pid
(root,0,0,00:00:01/08:21:32,1211) [loop0]
(root,0,0,00:00:00/08:21:15,1217) [jbd2/loop0-8]
(root,0,0,00:00:00/08:21:15,1218) [ext4-rsv-conver]
(root,44608,4664,00:00:01/08:21:09,1228) /usr/sbin/dovecot -F -c /etc/dovecot/dovecot.conf
(root,75028,7264,00:00:01/08:21:07,1236) /usr/sbin/sshd -D -oCiphers=aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes256-ctr,aes256-cbc,aes128-gcm@openssh.com,aes128-ctr,aes128-cbc -oMACs=hmac-sha2-256-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha1,umac-128@openssh.com,hmac-sha2-512 -oGSSAPIKexAlgorithms=gss-curve25519-sha256-,gss-nistp256-sha256-,gss-group14-sha256-,gss-group16-sha512-,gss-gex-sha1-,gss-group14-sha1- -oKexAlgorithms=curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1 -oHostKeyAlgorithms=ecdsa-sha2-nistp256,ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521,ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh-ed25519,ssh-ed25519-cert-v01@openssh.com,rsa-sha2-256,rsa-sha2-256-cert-v01@openssh.com,rsa-sha2-512,rsa-sha2-512-cert-v01@openssh.com,ssh-rsa,ssh-rsa-cert-v01@openssh.com -oPubkeyAcceptedKeyTypes=ecdsa-sha2-nistp256,ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521,ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh-ed25519,ssh-ed25519-cert-v01@openssh.com,rsa-sha2-256,rsa-sha2-256-cert-v01@openssh.com,rsa-sha2-512,rsa-sha2-512-cert-v01@openssh.com,ssh-rsa,ssh-rsa-cert-v01@openssh.com -oCASignatureAlgorithms=ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519,rsa-sha2-256,rsa-sha2-512,ssh-rsa
(root,240472,5956,00:00:00/08:21:06,1237) pure-ftpd (SERVER)
(root,234176,25800,00:00:13/08:21:04,1246) /usr/sbin/rsyslogd -n
(root,49208,3332,00:00:00/08:21:04,1248) /usr/sbin/xinetd -stayalive -pidfile /var/run/xinetd.pid
(root,314972,3620,00:00:00/08:20:31,1293) /usr/sbin/gssproxy -D
(root,0,0,00:00:00/08:20:23,1332) [ib-comp-wq]
(root,0,0,00:00:00/08:20:23,1334) [kworker/u9:0]
(root,0,0,00:00:00/08:20:23,1335) [ib-comp-unb-wq]
(root,0,0,00:00:00/08:20:23,1336) [ib_mcast]
(root,0,0,00:00:00/08:20:23,1337) [ib_nl_sa_wq]
(root,233788,3028,00:00:01/08:20:19,1358) /usr/sbin/crond -n
(root,24504,1360,00:00:00/08:20:14,1428) /usr/sbin/atd -f
(mysql,1854808,259828,00:01:49/08:20:14,1431) /usr/sbin/mariadbd
(root,217772,944,00:00:00/08:20:10,1439) /sbin/agetty -o -p -- \u --noclear tty1 linux
(dovenull,27148,6892,00:00:00/08:20:04,1521) dovecot/pop3-login
(dovenull,27160,6948,00:00:00/08:20:04,1522) dovecot/imap-login
(dovecot,10472,1292,00:00:00/08:20:04,1523) dovecot/anvil
(root,10732,2872,00:00:00/08:20:04,1524) dovecot/log
(dovenull,27236,6728,00:00:00/08:20:04,1525) dovecot/pop3-login
(dovenull,27256,7192,00:00:00/08:20:04,1526) dovecot/imap-login
(root,16520,4972,00:00:00/08:20:01,1533) dovecot/config
(dovecot,14232,3276,00:00:00/08:19:50,1611) dovecot/stats
(wp-toolkit,508148,45548,00:00:02/08:19:37,1774) /usr/bin/sw-engine /usr/local/cpanel/3rdparty/wp-toolkit/bin/run-script scheduled-tasks-executor.php
(wp-toolkit,524704,62088,00:00:31/08:19:37,1775) /usr/bin/sw-engine /usr/local/cpanel/3rdparty/wp-toolkit/bin/run-script background-tasks-executor.php
(named,631132,58516,00:00:07/08:19:29,1837) /usr/sbin/pdns_server --socket-dir=/run/pdns --guardian=no --daemon=no --disable-syslog --log-timestamp=no --write-pid=no
(root,296612,8876,00:00:24/08:19:28,1840) cPhulkd - processor - dormant mode - accepting connections
(root,296320,8976,00:00:03/08:19:28,1844) dnsadmin - dormant mode
(root,312864,12264,00:00:04/08:19:28,1846) cpdavd - accepting connections on: 2079, 2080, 2091, 2077, 2078 (dormant)
(root,268092,5212,00:00:00/08:19:08,1873) cpanellogd - sleeping for logs
(root,0,0,00:00:00/08:18:05,2033) [kworker/1:2H]
(root,565512,36928,00:00:00/08:16:17,2533) sw-engine-fpm: master process (/etc/sw-engine/sw-engine-fpm.conf)
(root,334948,33112,00:01:19/08:06:32,4054) lfd - sleeping
(root,336168,24536,00:00:07/07:31:31,8282) tailwatchd
(root,318720,17184,00:00:06/07:31:16,8329) queueprocd - waiting up to 60s to process a task
(root,297252,10172,00:00:31/07:31:02,8365) cpsrvd (SSL) - dormant mode - accepting connections
(cpanelconnecttrack,23412,4020,00:01:50/07:31:02,8370) /usr/local/cpanel/3rdparty/sbin/p0f -i any -u cpanelconnecttrack -d -s /var/cpanel/userhomes/cpanelconnecttrack/p0f.socket less 400 and not dst port 80 and not dst port 443 and tcp[13] & 8==0
(root,410236,12000,00:00:02/07:30:36,8555) php-fpm: master process (/usr/local/cpanel/etc/php-fpm.conf)
(root,457660,17928,00:00:06/07:29:19,8937) php-fpm: master process (/opt/cpanel/ea-php81/root/etc/php-fpm.conf)
(root,211268,10076,00:00:03/07:20:45,10336) /usr/sbin/httpd -k start
(root,13912,1912,00:00:00/07:20:45,10337) /usr/local/cpanel/bin/splitlogs --dir=/etc/apache2/logs/domlogs --main=moly1.molygoshop.com --suffix=-bytes_log
(root,13912,2084,00:00:00/07:20:45,10338) /usr/local/cpanel/bin/splitlogs --dir=/etc/apache2/logs/domlogs --main=moly1.molygoshop.com --mainout=/etc/apache2/logs/access_log
(root,82156,15820,00:00:00/07:20:45,10339) /usr/local/cpanel/3rdparty/bin/perl /usr/local/cpanel/bin/leechprotect
(nobody,213012,11632,00:00:02/07:20:45,10340) /usr/sbin/httpd -k start
(nobody,212848,11524,00:00:02/07:04:02,13141) /usr/sbin/httpd -k start
(root,0,0,00:00:02/06:05:49,22668) [kworker/u8:1-xfs-blockgc/dm-0]
(nobody,212852,11548,00:00:01/04:32:44,37946) /usr/sbin/httpd -k start
(nobody,213216,11836,00:00:00/03:37:25,47036) /usr/sbin/httpd -k start
(nobody,213080,11176,00:00:00/02:09:50,60319) /usr/sbin/httpd -k start
(root,0,0,00:00:01/02:09:42,60379) [kworker/u8:3-events_unbound]
(root,301372,154468,00:00:15/02:03:27,61770) /usr/local/cpanel/3rdparty/perl/536/bin/perl -T -w /usr/local/cpanel/3rdparty/bin/spamd --allowed-ips=127.0.0.1,::1 --max-children=5 --pidfile=/var/run/spamd.pid --listen=5 --listen=6
(nobody,213200,11324,00:00:00/01:51:05,63507) /usr/sbin/httpd -k start
(root,302704,147400,00:00:03/01:49:38,63720) spamd child
(root,301372,144464,00:00:00/01:49:37,63721) spamd child
(nobody,212800,11080,00:00:00/48:08,71914) /usr/sbin/httpd -k start
(nobody,212924,11460,00:00:00/48:07,71917) /usr/sbin/httpd -k start
(nobody,212928,11380,00:00:00/48:07,71918) /usr/sbin/httpd -k start
(nobody,212916,10704,00:00:00/40:35,72913) /usr/sbin/httpd -k start
(root,0,0,00:00:00/31:20,74351) [kworker/0:5-cgroup_pidlist_destroy]
(root,0,0,00:00:00/21:50,75810) [kworker/1:0-cgroup_pidlist_destroy]
(root,0,0,00:00:00/19:50,76050) [kworker/2:0-cgroup_pidlist_destroy]
(root,0,0,00:00:00/16:35,76563) [kworker/0:0-events]
(root,0,0,00:00:00/13:35,76923) [kworker/u8:0-writeback]
(root,0,0,00:00:00/11:35,77147) [kworker/2:1-events]
(root,0,0,00:00:00/11:21,77168) [kworker/3:1-cgroup_pidlist_destroy]
(root,0,0,00:00:00/11:21,77175) [kworker/1:3-events]
(root,0,0,00:00:00/10:24,77306) [kworker/3:2-cgroup_pidlist_destroy]
(root,0,0,00:00:00/06:23,77938) [kworker/2:3-events]
(root,0,0,00:00:00/05:23,78064) [kworker/1:2-cgroup_pidlist_destroy]
(root,0,0,00:00:00/05:10,78127) [kworker/0:1-events_power_efficient]
(root,0,0,00:00:00/01:34,78696) [kworker/3:0-cgroup_pidlist_destroy]
(root,0,0,00:00:00/01:21,78700) [kworker/3:3-events]
(root,0,0,00:00:00/00:00,78882) [kworker/1:1-cgroup_destroy]
(root,222732,3292,00:00:00/00:00,78944) /bin/bash /usr/bin/check_mk_agent
(root,42868,2168,00:00:00/00:00,78960) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000
(root,17756,1244,00:00:00/00:00,78961) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) /

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: ens18: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP mode DEFAULT group default qlen 1000
    link/ether 86:26:7e:9b:5a:f9 brd ff:ff:ff:ff:ff:ff
    altname enp0s18
3: ens19: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP mode DEFAULT group default qlen 1000
    link/ether 46:26:9b:9b:f9:21 brd ff:ff:ff:ff:ff:ff
    altname enp0s19
[end_iplink]
      Found on 2024-12-14 00:06

    • Severity: high
      Fingerprint: 03cb82e6f6a6b45342c4bbcb4b4d50b5e9848d861f366845ea9ad32877d87011

      Found public CheckMk agent:
Version: 1.4.0p30
AgentOS: linux
Hostname: moly1.molygoshop.com
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local

Found process list through CheckMk:
(root,249500,12720,00:27:19/9-21:41:12,1) /usr/lib/systemd/systemd --switched-root --system --deserialize 18
(root,0,0,00:00:00/9-21:41:12,2) [kthreadd]
(root,0,0,00:00:00/9-21:41:12,3) [rcu_gp]
(root,0,0,00:00:00/9-21:41:12,4) [rcu_par_gp]
(root,0,0,00:00:00/9-21:41:12,5) [slub_flushwq]
(root,0,0,00:00:00/9-21:41:12,7) [kworker/0:0H-events_highpri]
(root,0,0,00:00:00/9-21:41:12,9) [mm_percpu_wq]
(root,0,0,00:00:00/9-21:41:12,10) [rcu_tasks_rude_]
(root,0,0,00:00:00/9-21:41:12,11) [rcu_tasks_trace]
(root,0,0,00:00:06/9-21:41:12,12) [ksoftirqd/0]
(root,0,0,00:08:40/9-21:41:12,13) [rcu_sched]
(root,0,0,00:00:00/9-21:41:12,14) [migration/0]
(root,0,0,00:00:00/9-21:41:12,15) [watchdog/0]
(root,0,0,00:00:00/9-21:41:12,16) [cpuhp/0]
(root,0,0,00:00:00/9-21:41:12,17) [cpuhp/1]
(root,0,0,00:00:01/9-21:41:12,18) [watchdog/1]
(root,0,0,00:00:00/9-21:41:12,19) [migration/1]
(root,0,0,00:00:07/9-21:41:12,20) [ksoftirqd/1]
(root,0,0,00:00:00/9-21:41:12,22) [kworker/1:0H-events_highpri]
(root,0,0,00:00:00/9-21:41:12,23) [cpuhp/2]
(root,0,0,00:00:01/9-21:41:12,24) [watchdog/2]
(root,0,0,00:00:00/9-21:41:12,25) [migration/2]
(root,0,0,00:00:11/9-21:41:12,26) [ksoftirqd/2]
(root,0,0,00:00:00/9-21:41:12,28) [kworker/2:0H-events_highpri]
(root,0,0,00:00:00/9-21:41:12,29) [cpuhp/3]
(root,0,0,00:00:01/9-21:41:12,30) [watchdog/3]
(root,0,0,00:00:00/9-21:41:12,31) [migration/3]
(root,0,0,00:00:07/9-21:41:12,32) [ksoftirqd/3]
(root,0,0,00:00:00/9-21:41:12,34) [kworker/3:0H-events_highpri]
(root,0,0,00:00:00/9-21:41:12,39) [kdevtmpfs]
(root,0,0,00:00:00/9-21:41:12,40) [netns]
(root,0,0,00:00:03/9-21:41:12,41) [kauditd]
(root,0,0,00:00:01/9-21:41:12,43) [khungtaskd]
(root,0,0,00:00:00/9-21:41:12,44) [oom_reaper]
(root,0,0,00:00:00/9-21:41:12,45) [writeback]
(root,0,0,00:00:02/9-21:41:12,46) [kcompactd0]
(root,0,0,00:00:00/9-21:41:12,47) [ksmd]
(root,0,0,00:02:10/9-21:41:12,48) [khugepaged]
(root,0,0,00:00:00/9-21:41:12,49) [crypto]
(root,0,0,00:00:00/9-21:41:12,50) [kintegrityd]
(root,0,0,00:00:00/9-21:41:12,51) [kblockd]
(root,0,0,00:00:00/9-21:41:12,52) [blkcg_punt_bio]
(root,0,0,00:00:00/9-21:41:12,54) [tpm_dev_wq]
(root,0,0,00:00:00/9-21:41:12,55) [md]
(root,0,0,00:00:00/9-21:41:12,56) [md_bitmap]
(root,0,0,00:00:00/9-21:41:12,57) [edac-poller]
(root,0,0,00:00:00/9-21:41:12,58) [watchdogd]
(root,0,0,00:05:07/9-21:41:12,61) [kworker/3:1H-kblockd]
(root,0,0,00:00:13/9-21:41:11,64) [kswapd0]
(root,0,0,00:00:00/9-21:41:11,125) [kthrotld]
(root,0,0,00:00:00/9-21:41:11,126) [acpi_thermal_pm]
(root,0,0,00:00:00/9-21:41:11,127) [kmpath_rdacd]
(root,0,0,00:00:00/9-21:41:11,128) [kaluad]
(root,0,0,00:02:24/9-21:41:11,129) [kworker/2:1H-kblockd]
(root,0,0,00:00:00/9-21:41:11,130) [ipv6_addrconf]
(root,0,0,00:00:00/9-21:41:11,131) [kstrp]
(root,0,0,00:00:00/9-21:41:11,132) [zswap-shrink]
(root,0,0,00:04:12/9-21:41:11,142) [kworker/1:1H-kblockd]
(root,0,0,00:03:03/9-21:41:10,178) [kworker/0:1H-kblockd]
(root,0,0,00:00:00/9-21:41:09,355) [ata_sff]
(root,0,0,00:00:04/9-21:41:09,359) [scsi_eh_0]
(root,0,0,00:00:00/9-21:41:09,360) [scsi_tmf_0]
(root,0,0,00:00:00/9-21:41:09,361) [scsi_eh_1]
(root,0,0,00:00:00/9-21:41:09,362) [scsi_tmf_1]
(root,0,0,00:00:00/9-21:41:09,367) [ttm]
(root,0,0,00:00:00/9-21:41:08,438) [kdmflush/253:0]
(root,0,0,00:00:00/9-21:41:07,449) [kdmflush/253:1]
(root,0,0,00:00:00/9-21:41:05,477) [xfsalloc]
(root,0,0,00:00:00/9-21:41:05,478) [xfs_mru_cache]
(root,0,0,00:00:00/9-21:41:05,479) [xfs-buf/dm-0]
(root,0,0,00:00:00/9-21:41:05,480) [xfs-conv/dm-0]
(root,0,0,00:00:00/9-21:41:05,481) [xfs-cil/dm-0]
(root,0,0,00:00:00/9-21:41:05,482) [xfs-reclaim/dm-]
(root,0,0,00:00:00/9-21:41:05,483) [xfs-blockgc/dm-]
(root,0,0,00:00:00/9-21:41:05,484) [xfs-log/dm-0]
(root,0,0,00:03:17/9-21:41:05,485) [xfsaild/dm-0]
(root,143584,45784,00:04:17/9-21:40:13,579) /usr/lib/systemd/systemd-journald
(root,0,0,00:00:00/9-21:40:06,620) [xfs-buf/sda1]
(root,0,0,00:00:00/9-21:40:06,621) [xfs-conv/sda1]
(root,0,0,00:00:00/9-21:40:06,622) [xfs-cil/sda1]
(root,0,0,00:00:00/9-21:40:06,623) [xfs-reclaim/sda]
(root,0,0,00:00:00/9-21:40:06,624) [xfs-blockgc/sda]
(root,0,0,00:00:00/9-21:40:06,625) [xfs-log/sda1]
(root,0,0,00:00:00/9-21:40:06,626) [xfsaild/sda1]
(root,98336,8916,00:00:05/9-21:40:01,628) /usr/lib/systemd/systemd-udevd
(root,0,0,00:00:00/9-21:39:50,676) [kdmflush/253:2]
(root,0,0,00:00:00/9-21:39:46,684) [xfs-buf/dm-2]
(root,0,0,00:00:00/9-21:39:46,685) [xfs-conv/dm-2]
(root,0,0,00:00:00/9-21:39:46,686) [xfs-cil/dm-2]
(root,0,0,00:00:00/9-21:39:46,687) [xfs-reclaim/dm-]
(root,0,0,00:00:00/9-21:39:46,688) [xfs-blockgc/dm-]
(root,0,0,00:00:00/9-21:39:46,691) [xfs-log/dm-2]
(root,0,0,00:00:40/9-21:39:46,692) [xfsaild/dm-2]
(rpc,67460,5212,00:00:02/9-21:39:18,713) /usr/bin/rpcbind -w -f
(root,0,0,00:00:00/9-21:39:17,716) [rpciod]
(root,0,0,00:00:00/9-21:39:17,717) [xprtiod]
(root,57392,2200,00:00:29/9-21:39:17,720) /sbin/auditd
(root,239864,3068,00:00:01/9-21:39:06,760) /usr/sbin/pure-authd -s /var/run/ftpd.sock -r /usr/local/cpanel/bin/pureauth
(root,50776,5880,00:00:00/9-21:39:05,762) /usr/sbin/smartd -n -q never
(root,125068,5468,00:00:37/9-21:39:04,764) /usr/sbin/irqbalance --foreground
(dbus,56636,5376,00:03:17/9-21:39:04,769) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
(root,79884,7560,00:01:30/9-21:39:04,770) /usr/lib/systemd/systemd-logind
(chrony,140188,4336,00:00:07/9-21:39:01,788) /usr/sbin/chronyd
(root,0,0,00:00:20/9-21:38:20,1038) [loop0]
(root,0,0,00:00:05/9-21:38:16,1130) [jbd2/loop0-8]
(root,0,0,00:00:00/9-21:38:16,1131) [ext4-rsv-conver]
(root,75028,7296,00:00:19/9-21:38:13,1225) /usr/sbin/sshd -D -oCiphers=aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes256-ctr,aes256-cbc,aes128-gcm@openssh.com,aes128-ctr,aes128-cbc -oMACs=hmac-sha2-256-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha1,umac-128@openssh.com,hmac-sha2-512 -oGSSAPIKexAlgorithms=gss-curve25519-sha256-,gss-nistp256-sha256-,gss-group14-sha256-,gss-group16-sha512-,gss-gex-sha1-,gss-group14-sha1- -oKexAlgorithms=curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1 -oHostKeyAlgorithms=ecdsa-sha2-nistp256,ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521,ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh-ed25519,ssh-ed25519-cert-v01@openssh.com,rsa-sha2-256,rsa-sha2-256-cert-v01@openssh.com,rsa-sha2-512,rsa-sha2-512-cert-v01@openssh.com,ssh-rsa,ssh-rsa-cert-v01@openssh.com -oPubkeyAcceptedKeyTypes=ecdsa-sha2-nistp256,ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521,ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh-ed25519,ssh-ed25519-cert-v01@openssh.com,rsa-sha2-256,rsa-sha2-256-cert-v01@openssh.com,rsa-sha2-512,rsa-sha2-512-cert-v01@openssh.com,ssh-rsa,ssh-rsa-cert-v01@openssh.com -oCASignatureAlgorithms=ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519,rsa-sha2-256,rsa-sha2-512,ssh-rsa
(root,44608,4412,00:00:14/9-21:38:13,1229) /usr/sbin/dovecot -F -c /etc/dovecot/dovecot.conf
(root,240472,5624,00:00:01/9-21:38:12,1231) pure-ftpd (SERVER)
(root,542560,32128,00:03:33/9-21:38:12,1238) /usr/sbin/rsyslogd -n
(root,362184,36252,00:09:13/9-21:38:08,1245) cpsrvd (SSL) - waiting for connections                    
(root,49208,3236,00:00:00/9-21:38:02,1251) /usr/sbin/xinetd -stayalive -pidfile /var/run/xinetd.pid
(root,314972,3592,00:00:01/9-21:37:45,1272) /usr/sbin/gssproxy -D
(root,0,0,00:00:00/9-21:37:44,1274) [ib-comp-wq]
(root,0,0,00:00:00/9-21:37:44,1275) [kworker/u9:0]
(root,0,0,00:00:00/9-21:37:44,1276) [ib-comp-unb-wq]
(root,0,0,00:00:00/9-21:37:44,1277) [ib_mcast]
(root,0,0,00:00:00/9-21:37:44,1278) [ib_nl_sa_wq]
(dovenull,27480,7308,00:00:04/9-21:37:44,1283) dovecot/pop3-login
(dovenull,27572,7228,00:00:04/9-21:37:44,1284) dovecot/imap-login
(dovecot,10472,1312,00:00:02/9-21:37:44,1285) dovecot/anvil
(root,10732,2864,00:00:05/9-21:37:44,1286) dovecot/log
(dovenull,27540,7476,00:00:04/9-21:37:44,1287) dovecot/pop3-login
(dovenull,27620,7476,00:00:04/9-21:37:44,1288) dovecot/imap-login
(root,16520,4868,00:00:10/9-21:37:42,1290) dovecot/config
(dovecot,14232,3192,00:00:05/9-21:37:38,1304) dovecot/stats
(root,233820,2932,00:00:17/9-21:37:36,1320) /usr/sbin/crond -n
(root,24504,1360,00:00:00/9-21:37:34,1330) /usr/sbin/atd -f
(root,217772,772,00:00:00/9-21:37:27,1357) /sbin/agetty -o -p -- \u --noclear tty1 linux
(mysql,1920952,272680,00:33:52/9-21:36:56,1684) /usr/sbin/mariadbd
(root,296320,9648,00:00:36/9-21:36:55,1687) dnsadmin - dormant mode
(root,296612,9616,00:07:11/9-21:36:55,1688) cPhulkd - processor - dormant mode - accepting connections
(root,336268,26008,00:02:42/9-21:27:36,3434) tailwatchd
(root,312864,13280,00:02:02/9-21:21:46,4361) cpdavd - accepting connections on: 2079, 2080, 2091, 2077, 2078 (dormant)
(root,0,0,00:00:00/8-09:08:59,328317) [dio/dm-0]
(root,565512,21960,00:00:13/8-03:13:52,379617) sw-engine-fpm: master process (/etc/sw-engine/sw-engine-fpm.conf)
(wp-toolkit,524804,33144,00:05:51/8-03:13:46,379691) /usr/bin/sw-engine /usr/local/cpanel/3rdparty/wp-toolkit/bin/run-script background-tasks-executor.php
(wp-toolkit,508148,24776,00:00:24/8-03:13:46,379695) /usr/bin/sw-engine /usr/local/cpanel/3rdparty/wp-toolkit/bin/run-script scheduled-tasks-executor.php
(root,211396,15044,00:00:34/6-03:16:36,815941) /usr/sbin/httpd -k start
(root,457660,15392,00:01:00/6-03:16:30,815979) php-fpm: master process (/opt/cpanel/ea-php81/root/etc/php-fpm.conf)
(named,704864,62692,00:00:14/1-03:16:05,1975577) /usr/sbin/pdns_server --socket-dir=/run/pdns --guardian=no --daemon=no --disable-syslog --log-timestamp=no --write-pid=no
(root,319192,20532,00:00:13/1-03:16:01,1975624) queueprocd - waiting up to 60s to process a task
(mailnull,88336,14564,00:00:02/1-03:15:18,1976413) /usr/sbin/exim -ps -bd -q15m -oP /var/spool/exim/exim-daemon.pid
(root,13912,1988,00:00:00/1-03:15:16,1976450) /usr/local/cpanel/bin/splitlogs --dir=/etc/apache2/logs/domlogs --main=moly1.molygoshop.com --suffix=-bytes_log
(root,13912,1892,00:00:00/1-03:15:16,1976451) /usr/local/cpanel/bin/splitlogs --dir=/etc/apache2/logs/domlogs --main=moly1.molygoshop.com --mainout=/etc/apache2/logs/access_log
(root,82092,16136,00:00:00/1-03:15:16,1976452) /usr/local/cpanel/3rdparty/bin/perl /usr/local/cpanel/bin/leechprotect
(nscd,1030468,4148,00:00:10/1-03:15:11,1976522) /usr/sbin/nscd
(cpanelconnecttrack,23456,4580,00:04:18/1-03:15:05,1976695) /usr/local/cpanel/3rdparty/sbin/p0f -i any -u cpanelconnecttrack -d -s /var/cpanel/userhomes/cpanelconnecttrack/p0f.socket less 400 and not dst port 80 and not dst port 443 and tcp[13] & 8==0
(root,268092,5144,00:00:00/1-03:15:04,1976706) cpanellogd - sleeping for logs
(root,410236,10364,00:00:05/1-03:15:04,1976738) php-fpm: master process (/usr/local/cpanel/etc/php-fpm.conf)
(nobody,213316,12604,00:00:01/09:46:30,2143256) /usr/sbin/httpd -k start
(root,334948,33944,00:00:54/09:02:34,2150184) lfd - sleeping
(nobody,213092,12504,00:00:01/08:37:28,2154000) /usr/sbin/httpd -k start
(nobody,212868,12288,00:00:01/07:45:23,2161981) /usr/sbin/httpd -k start
(nobody,212888,12184,00:00:01/07:44:25,2162094) /usr/sbin/httpd -k start
(nobody,213232,12488,00:00:01/07:43:06,2162229) /usr/sbin/httpd -k start
(nobody,213168,12596,00:00:01/07:43:05,2162230) /usr/sbin/httpd -k start
(nobody,212976,12380,00:00:00/07:04:17,2167757) /usr/sbin/httpd -k start
(root,0,0,00:00:01/04:07:46,2196024) [kworker/u8:0-events_unbound]
(root,301296,155184,00:00:11/03:16:25,2205175) /usr/local/cpanel/3rdparty/perl/536/bin/perl -T -w /usr/local/cpanel/3rdparty/bin/spamd --allowed-ips=127.0.0.1,::1 --max-children=5 --pidfile=/var/run/spamd.pid --listen=5 --listen=6
(root,302560,147768,00:00:03/03:02:27,2207447) spamd child
(root,301296,146164,00:00:00/03:02:27,2207448) spamd child
(nobody,212828,12132,00:00:00/02:24:05,2213648) /usr/sbin/httpd -k start
(root,0,0,00:00:00/01:56:22,2218238) [kworker/u8:3-events_unbound]
(nobody,213136,12332,00:00:00/01:37:48,2221114) /usr/sbin/httpd -k start
(root,0,0,00:00:00/01:26:47,2222963) [kworker/u8:1-events_unbound]
(nobody,213092,12052,00:00:00/01:04:36,2226562) /usr/sbin/httpd -k start
(root,0,0,00:00:00/52:21,2228614) [kworker/2:0-events]
(root,0,0,00:00:00/22:35,2233170) [kworker/3:3-events]
(root,0,0,00:00:00/17:31,2233783) [kworker/1:0-cgroup_pidlist_destroy]
(root,0,0,00:00:00/17:21,2233796) [kworker/3:0-cgroup_pidlist_destroy]
(root,0,0,00:00:00/10:53,2234915) [kworker/2:3-cgroup_pidlist_destroy]
(root,0,0,00:00:00/10:38,2234929) [kworker/0:1-cgroup_pidlist_destroy]
(root,0,0,00:00:00/09:53,2235046) [kworker/0:3-cgroup_pidlist_destroy]
(root,0,0,00:00:00/07:35,2235284) [kworker/3:2-cgroup_destroy]
(root,0,0,00:00:00/06:47,2235403) [kworker/1:1-events]
(root,0,0,00:00:00/06:24,2235443) [kworker/1:3-cgroup_destroy]
(root,0,0,00:00:00/03:53,2235877) [kworker/2:1-cgroup_pidlist_destroy]
(root,0,0,00:00:00/03:53,2235878) [kworker/2:2-events]
(root,0,0,00:00:00/02:24,2236129) [kworker/0:0-cgroup_destroy]
(root,0,0,00:00:00/01:18,2236291) [kworker/1:2-events]
(root,0,0,00:00:00/01:04,2236359) [kworker/0:2-events]
(root,0,0,00:00:00/00:53,2236436) [kworker/3:1-events]
(dovecot,37216,4052,00:00:00/00:44,2236466) dovecot/auth
(root,43956,8204,00:00:00/00:43,2236505) dovecot/lmtp
(root,37088,4000,00:00:00/00:43,2236514) dovecot/auth -w
(root,0,0,00:00:00/00:12,2236606) [update_quota_ca] <defunct>
(root,0,0,00:00:00/00:12,2236607) [cpsrvd (SSL) - ] <defunct>
(root,222732,3300,00:00:00/00:00,2236737) /bin/bash /usr/bin/check_mk_agent
(root,42868,2152,00:00:00/00:00,2236753) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000
(root,17756,1264,00:00:00/00:00,2236754) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) /

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: ens18: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP mode DEFAULT group default qlen 1000
    link/ether 86:26:7e:9b:5a:f9 brd ff:ff:ff:ff:ff:ff
    altname enp0s18
3: ens19: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP mode DEFAULT group default qlen 1000
    link/ether 46:26:9b:9b:f9:21 brd ff:ff:ff:ff:ff:ff
    altname enp0s19
[end_iplink]
      Found on 2024-12-12 01:02

    • Severity: high
      Fingerprint: 03cb82e6f6a6b45342c4bbcb4b4d50b5e9848d861f366845ea9ad3287025b91b

      Found public CheckMk agent:
Version: 1.4.0p30
AgentOS: linux
Hostname: moly1.molygoshop.com
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local

Found process list through CheckMk:
(root,249500,12676,00:21:45/7-21:44:29,1) /usr/lib/systemd/systemd --switched-root --system --deserialize 18
(root,0,0,00:00:00/7-21:44:29,2) [kthreadd]
(root,0,0,00:00:00/7-21:44:29,3) [rcu_gp]
(root,0,0,00:00:00/7-21:44:29,4) [rcu_par_gp]
(root,0,0,00:00:00/7-21:44:29,5) [slub_flushwq]
(root,0,0,00:00:00/7-21:44:29,7) [kworker/0:0H-events_highpri]
(root,0,0,00:00:00/7-21:44:29,9) [mm_percpu_wq]
(root,0,0,00:00:00/7-21:44:29,10) [rcu_tasks_rude_]
(root,0,0,00:00:00/7-21:44:29,11) [rcu_tasks_trace]
(root,0,0,00:00:05/7-21:44:29,12) [ksoftirqd/0]
(root,0,0,00:06:46/7-21:44:29,13) [rcu_sched]
(root,0,0,00:00:00/7-21:44:29,14) [migration/0]
(root,0,0,00:00:00/7-21:44:29,15) [watchdog/0]
(root,0,0,00:00:00/7-21:44:29,16) [cpuhp/0]
(root,0,0,00:00:00/7-21:44:29,17) [cpuhp/1]
(root,0,0,00:00:01/7-21:44:29,18) [watchdog/1]
(root,0,0,00:00:00/7-21:44:29,19) [migration/1]
(root,0,0,00:00:05/7-21:44:29,20) [ksoftirqd/1]
(root,0,0,00:00:00/7-21:44:29,22) [kworker/1:0H-events_highpri]
(root,0,0,00:00:00/7-21:44:29,23) [cpuhp/2]
(root,0,0,00:00:01/7-21:44:29,24) [watchdog/2]
(root,0,0,00:00:00/7-21:44:29,25) [migration/2]
(root,0,0,00:00:09/7-21:44:29,26) [ksoftirqd/2]
(root,0,0,00:00:00/7-21:44:29,28) [kworker/2:0H-events_highpri]
(root,0,0,00:00:00/7-21:44:29,29) [cpuhp/3]
(root,0,0,00:00:01/7-21:44:29,30) [watchdog/3]
(root,0,0,00:00:00/7-21:44:29,31) [migration/3]
(root,0,0,00:00:05/7-21:44:29,32) [ksoftirqd/3]
(root,0,0,00:00:00/7-21:44:29,34) [kworker/3:0H-events_highpri]
(root,0,0,00:00:00/7-21:44:29,39) [kdevtmpfs]
(root,0,0,00:00:00/7-21:44:29,40) [netns]
(root,0,0,00:00:03/7-21:44:29,41) [kauditd]
(root,0,0,00:00:01/7-21:44:29,43) [khungtaskd]
(root,0,0,00:00:00/7-21:44:29,44) [oom_reaper]
(root,0,0,00:00:00/7-21:44:29,45) [writeback]
(root,0,0,00:00:01/7-21:44:29,46) [kcompactd0]
(root,0,0,00:00:00/7-21:44:29,47) [ksmd]
(root,0,0,00:01:40/7-21:44:29,48) [khugepaged]
(root,0,0,00:00:00/7-21:44:29,49) [crypto]
(root,0,0,00:00:00/7-21:44:29,50) [kintegrityd]
(root,0,0,00:00:00/7-21:44:29,51) [kblockd]
(root,0,0,00:00:00/7-21:44:29,52) [blkcg_punt_bio]
(root,0,0,00:00:00/7-21:44:29,54) [tpm_dev_wq]
(root,0,0,00:00:00/7-21:44:29,55) [md]
(root,0,0,00:00:00/7-21:44:29,56) [md_bitmap]
(root,0,0,00:00:00/7-21:44:29,57) [edac-poller]
(root,0,0,00:00:00/7-21:44:29,58) [watchdogd]
(root,0,0,00:04:13/7-21:44:29,61) [kworker/3:1H-kblockd]
(root,0,0,00:00:08/7-21:44:28,64) [kswapd0]
(root,0,0,00:00:00/7-21:44:28,125) [kthrotld]
(root,0,0,00:00:00/7-21:44:28,126) [acpi_thermal_pm]
(root,0,0,00:00:00/7-21:44:28,127) [kmpath_rdacd]
(root,0,0,00:00:00/7-21:44:28,128) [kaluad]
(root,0,0,00:01:49/7-21:44:28,129) [kworker/2:1H-kblockd]
(root,0,0,00:00:00/7-21:44:28,130) [ipv6_addrconf]
(root,0,0,00:00:00/7-21:44:28,131) [kstrp]
(root,0,0,00:00:00/7-21:44:28,132) [zswap-shrink]
(root,0,0,00:02:57/7-21:44:28,142) [kworker/1:1H-kblockd]
(root,0,0,00:02:20/7-21:44:27,178) [kworker/0:1H-kblockd]
(root,0,0,00:00:00/7-21:44:26,355) [ata_sff]
(root,0,0,00:00:04/7-21:44:26,359) [scsi_eh_0]
(root,0,0,00:00:00/7-21:44:26,360) [scsi_tmf_0]
(root,0,0,00:00:00/7-21:44:26,361) [scsi_eh_1]
(root,0,0,00:00:00/7-21:44:26,362) [scsi_tmf_1]
(root,0,0,00:00:00/7-21:44:26,367) [ttm]
(root,0,0,00:00:00/7-21:44:25,438) [kdmflush/253:0]
(root,0,0,00:00:00/7-21:44:24,449) [kdmflush/253:1]
(root,0,0,00:00:00/7-21:44:22,477) [xfsalloc]
(root,0,0,00:00:00/7-21:44:22,478) [xfs_mru_cache]
(root,0,0,00:00:00/7-21:44:22,479) [xfs-buf/dm-0]
(root,0,0,00:00:00/7-21:44:22,480) [xfs-conv/dm-0]
(root,0,0,00:00:00/7-21:44:22,481) [xfs-cil/dm-0]
(root,0,0,00:00:00/7-21:44:22,482) [xfs-reclaim/dm-]
(root,0,0,00:00:00/7-21:44:22,483) [xfs-blockgc/dm-]
(root,0,0,00:00:00/7-21:44:22,484) [xfs-log/dm-0]
(root,0,0,00:02:36/7-21:44:22,485) [xfsaild/dm-0]
(root,109892,14928,00:03:22/7-21:43:30,579) /usr/lib/systemd/systemd-journald
(root,0,0,00:00:00/7-21:43:23,620) [xfs-buf/sda1]
(root,0,0,00:00:00/7-21:43:23,621) [xfs-conv/sda1]
(root,0,0,00:00:00/7-21:43:23,622) [xfs-cil/sda1]
(root,0,0,00:00:00/7-21:43:23,623) [xfs-reclaim/sda]
(root,0,0,00:00:00/7-21:43:23,624) [xfs-blockgc/sda]
(root,0,0,00:00:00/7-21:43:23,625) [xfs-log/sda1]
(root,0,0,00:00:00/7-21:43:23,626) [xfsaild/sda1]
(root,98336,9160,00:00:04/7-21:43:18,628) /usr/lib/systemd/systemd-udevd
(root,0,0,00:00:00/7-21:43:07,676) [kdmflush/253:2]
(root,0,0,00:00:00/7-21:43:03,684) [xfs-buf/dm-2]
(root,0,0,00:00:00/7-21:43:03,685) [xfs-conv/dm-2]
(root,0,0,00:00:00/7-21:43:03,686) [xfs-cil/dm-2]
(root,0,0,00:00:00/7-21:43:03,687) [xfs-reclaim/dm-]
(root,0,0,00:00:00/7-21:43:03,688) [xfs-blockgc/dm-]
(root,0,0,00:00:00/7-21:43:03,691) [xfs-log/dm-2]
(root,0,0,00:00:29/7-21:43:03,692) [xfsaild/dm-2]
(rpc,67460,5212,00:00:01/7-21:42:35,713) /usr/bin/rpcbind -w -f
(root,0,0,00:00:00/7-21:42:34,716) [rpciod]
(root,0,0,00:00:00/7-21:42:34,717) [xprtiod]
(root,57392,2252,00:00:23/7-21:42:34,720) /sbin/auditd
(root,239864,3072,00:00:01/7-21:42:23,760) /usr/sbin/pure-authd -s /var/run/ftpd.sock -r /usr/local/cpanel/bin/pureauth
(root,50776,5904,00:00:00/7-21:42:22,762) /usr/sbin/smartd -n -q never
(root,125068,5468,00:00:29/7-21:42:21,764) /usr/sbin/irqbalance --foreground
(root,318812,12076,00:01:19/7-21:42:21,766) queueprocd - waiting up to 60s to process a task
(dbus,56636,5404,00:02:35/7-21:42:21,769) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
(root,79884,7612,00:01:11/7-21:42:21,770) /usr/lib/systemd/systemd-logind
(nscd,1030468,4196,00:01:28/7-21:42:19,778) /usr/sbin/nscd
(chrony,140188,4468,00:00:05/7-21:42:18,788) /usr/sbin/chronyd
(mailnull,88316,18268,00:00:56/7-21:41:54,882) /usr/sbin/exim -ps -bd -q15m -oP /var/spool/exim/exim-daemon.pid
(root,0,0,00:00:15/7-21:41:37,1038) [loop0]
(root,0,0,00:00:04/7-21:41:33,1130) [jbd2/loop0-8]
(root,0,0,00:00:00/7-21:41:33,1131) [ext4-rsv-conver]
(root,75028,7384,00:00:15/7-21:41:30,1225) /usr/sbin/sshd -D -oCiphers=aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes256-ctr,aes256-cbc,aes128-gcm@openssh.com,aes128-ctr,aes128-cbc -oMACs=hmac-sha2-256-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha1,umac-128@openssh.com,hmac-sha2-512 -oGSSAPIKexAlgorithms=gss-curve25519-sha256-,gss-nistp256-sha256-,gss-group14-sha256-,gss-group16-sha512-,gss-gex-sha1-,gss-group14-sha1- -oKexAlgorithms=curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1 -oHostKeyAlgorithms=ecdsa-sha2-nistp256,ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521,ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh-ed25519,ssh-ed25519-cert-v01@openssh.com,rsa-sha2-256,rsa-sha2-256-cert-v01@openssh.com,rsa-sha2-512,rsa-sha2-512-cert-v01@openssh.com,ssh-rsa,ssh-rsa-cert-v01@openssh.com -oPubkeyAcceptedKeyTypes=ecdsa-sha2-nistp256,ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521,ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh-ed25519,ssh-ed25519-cert-v01@openssh.com,rsa-sha2-256,rsa-sha2-256-cert-v01@openssh.com,rsa-sha2-512,rsa-sha2-512-cert-v01@openssh.com,ssh-rsa,ssh-rsa-cert-v01@openssh.com -oCASignatureAlgorithms=ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519,rsa-sha2-256,rsa-sha2-512,ssh-rsa
(root,44608,4720,00:00:11/7-21:41:30,1229) /usr/sbin/dovecot -F -c /etc/dovecot/dovecot.conf
(root,240472,5732,00:00:01/7-21:41:29,1231) pure-ftpd (SERVER)
(root,515048,15468,00:02:45/7-21:41:29,1238) /usr/sbin/rsyslogd -n
(root,362224,36328,00:07:21/7-21:41:25,1245) cpsrvd (SSL) - waiting for connections                    
(root,49208,3280,00:00:00/7-21:41:19,1251) /usr/sbin/xinetd -stayalive -pidfile /var/run/xinetd.pid
(root,314972,3596,00:00:01/7-21:41:02,1272) /usr/sbin/gssproxy -D
(root,0,0,00:00:00/7-21:41:01,1274) [ib-comp-wq]
(root,0,0,00:00:00/7-21:41:01,1275) [kworker/u9:0]
(root,0,0,00:00:00/7-21:41:01,1276) [ib-comp-unb-wq]
(root,0,0,00:00:00/7-21:41:01,1277) [ib_mcast]
(root,0,0,00:00:00/7-21:41:01,1278) [ib_nl_sa_wq]
(dovenull,27480,7376,00:00:03/7-21:41:01,1283) dovecot/pop3-login
(dovenull,27572,7288,00:00:03/7-21:41:01,1284) dovecot/imap-login
(dovecot,10472,1336,00:00:01/7-21:41:01,1285) dovecot/anvil
(root,10732,2892,00:00:04/7-21:41:01,1286) dovecot/log
(dovenull,27460,7232,00:00:03/7-21:41:01,1287) dovecot/pop3-login
(dovenull,27620,7512,00:00:03/7-21:41:01,1288) dovecot/imap-login
(root,16520,4972,00:00:08/7-21:40:59,1290) dovecot/config
(cpanelconnecttrack,23464,4784,00:27:21/7-21:40:56,1295) /usr/local/cpanel/3rdparty/sbin/p0f -i any -u cpanelconnecttrack -d -s /var/cpanel/userhomes/cpanelconnecttrack/p0f.socket less 400 and not dst port 80 and not dst port 443 and tcp[13] & 8==0
(dovecot,14232,3192,00:00:04/7-21:40:55,1304) dovecot/stats
(root,233820,3040,00:00:13/7-21:40:53,1320) /usr/sbin/crond -n
(root,24504,1448,00:00:00/7-21:40:51,1330) /usr/sbin/atd -f
(root,217772,816,00:00:00/7-21:40:44,1357) /sbin/agetty -o -p -- \u --noclear tty1 linux
(mysql,1920652,275540,00:22:52/7-21:40:13,1684) /usr/sbin/mariadbd
(root,296320,9640,00:00:28/7-21:40:12,1687) dnsadmin - dormant mode
(root,296612,9684,00:05:43/7-21:40:12,1688) cPhulkd - processor - dormant mode - accepting connections
(root,268092,4240,00:00:06/7-21:39:56,1811) cpanellogd - sleeping for logs
(named,1180008,53332,00:01:31/7-21:39:40,1899) /usr/sbin/pdns_server --socket-dir=/run/pdns --guardian=no --daemon=no --disable-syslog --log-timestamp=no --write-pid=no
(root,336248,23988,00:02:17/7-21:30:53,3434) tailwatchd
(root,312864,12936,00:01:33/7-21:25:03,4361) cpdavd - accepting connections on: 2079, 2080, 2091, 2077, 2078 (dormant)
(root,0,0,00:00:00/6-09:12:16,328317) [dio/dm-0]
(root,410236,10456,00:00:26/6-03:17:10,379586) php-fpm: master process (/usr/local/cpanel/etc/php-fpm.conf)
(root,565512,26248,00:00:09/6-03:17:09,379617) sw-engine-fpm: master process (/etc/sw-engine/sw-engine-fpm.conf)
(wp-toolkit,524804,32948,00:04:22/6-03:17:03,379691) /usr/bin/sw-engine /usr/local/cpanel/3rdparty/wp-toolkit/bin/run-script background-tasks-executor.php
(wp-toolkit,508148,26120,00:00:18/6-03:17:03,379695) /usr/bin/sw-engine /usr/local/cpanel/3rdparty/wp-toolkit/bin/run-script scheduled-tasks-executor.php
(root,211268,7760,00:00:23/4-03:19:53,815941) /usr/sbin/httpd -k start
(root,13912,1452,00:00:01/4-03:19:53,815942) /usr/local/cpanel/bin/splitlogs --dir=/etc/apache2/logs/domlogs --main=moly1.molygoshop.com --suffix=-bytes_log
(root,13912,1416,00:00:01/4-03:19:53,815943) /usr/local/cpanel/bin/splitlogs --dir=/etc/apache2/logs/domlogs --main=moly1.molygoshop.com --mainout=/etc/apache2/logs/access_log
(root,82164,3976,00:00:00/4-03:19:53,815944) /usr/local/cpanel/3rdparty/bin/perl /usr/local/cpanel/bin/leechprotect
(root,457660,16476,00:00:37/4-03:19:47,815979) php-fpm: master process (/opt/cpanel/ea-php81/root/etc/php-fpm.conf)
(root,334944,33700,00:00:47/09:05:52,1699660) lfd - sleeping
(nobody,212964,11416,00:00:00/07:11:08,1717384) /usr/sbin/httpd -k start
(nobody,212956,11412,00:00:01/06:46:38,1721051) /usr/sbin/httpd -k start
(nobody,213220,11540,00:00:01/06:46:38,1721064) /usr/sbin/httpd -k start
(nobody,212836,11112,00:00:00/06:08:09,1727180) /usr/sbin/httpd -k start
(nobody,213284,11496,00:00:00/06:00:41,1728264) /usr/sbin/httpd -k start
(root,0,0,00:00:01/05:01:13,1736921) [kworker/u8:3-flush-7:0]
(nobody,213076,11528,00:00:00/03:50:41,1747648) /usr/sbin/httpd -k start
(root,0,0,00:00:00/03:21:36,1752091) [kworker/u8:1-events_unbound]
(root,301412,155212,00:00:12/03:19:13,1753328) /usr/local/cpanel/3rdparty/perl/536/bin/perl -T -w /usr/local/cpanel/3rdparty/bin/spamd --allowed-ips=127.0.0.1,::1 --max-children=5 --pidfile=/var/run/spamd.pid --listen=5 --listen=6
(nobody,213052,11128,00:00:00/03:09:29,1754817) /usr/sbin/httpd -k start
(nobody,213068,11408,00:00:00/03:09:29,1754818) /usr/sbin/httpd -k start
(root,302676,147724,00:00:03/03:05:45,1755326) spamd child
(root,301412,146272,00:00:00/03:05:45,1755327) spamd child
(root,0,0,00:00:00/01:29:50,1769750) [kworker/u8:0-events_unbound]
(root,0,0,00:00:00/30:40,1778662) [kworker/3:1-cgroup_pidlist_destroy]
(root,0,0,00:00:00/25:40,1779344) [kworker/1:3-cgroup_pidlist_destroy]
(nobody,212732,9812,00:00:00/24:15,1779722) /usr/sbin/httpd -k start
(nobody,212896,10196,00:00:00/19:51,1780269) /usr/sbin/httpd -k start
(root,0,0,00:00:00/18:26,1780591) [kworker/0:0-events]
(root,0,0,00:00:00/16:17,1780896) [kworker/2:2-cgroup_pidlist_destroy]
(root,0,0,00:00:00/14:17,1781284) [kworker/1:2-cgroup_pidlist_destroy]
(root,0,0,00:00:00/11:17,1781620) [kworker/0:3-cgroup_pidlist_destroy]
(root,0,0,00:00:00/10:39,1781671) [kworker/3:5-cgroup_pidlist_destroy]
(root,0,0,00:00:00/10:39,1781672) [kworker/3:6-cgroup_pidlist_destroy]
(root,0,0,00:00:00/09:43,1781812) [kworker/2:1-cgroup_pidlist_destroy]
(root,0,0,00:00:00/09:43,1781818) [kworker/2:3-events]
(root,0,0,00:00:00/07:17,1782246) [kworker/1:1-events]
(root,0,0,00:00:00/05:43,1782503) [kworker/0:2-cgroup_pidlist_destroy]
(root,0,0,00:00:00/04:28,1782728) [kworker/3:0-events]
(root,0,0,00:00:00/03:26,1782844) [kworker/u8:2]
(root,0,0,00:00:00/01:53,1783035) [kworker/1:0-kdmflush/253:2]
(dovecot,37216,4756,00:00:00/01:48,1783046) dovecot/auth
(root,43956,8240,00:00:00/01:43,1783113) dovecot/lmtp
(root,0,0,00:00:00/00:17,1783406) [kworker/2:0-events]
(root,222732,3220,00:00:00/00:00,1783537) /bin/bash /usr/bin/check_mk_agent
(root,42868,2196,00:00:00/00:00,1783553) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000
(root,17756,1344,00:00:00/00:00,1783554) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) /

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: ens18: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP mode DEFAULT group default qlen 1000
    link/ether 86:26:7e:9b:5a:f9 brd ff:ff:ff:ff:ff:ff
    altname enp0s18
3: ens19: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP mode DEFAULT group default qlen 1000
    link/ether 46:26:9b:9b:f9:21 brd ff:ff:ff:ff:ff:ff
    altname enp0s19
[end_iplink]
      Found on 2024-12-10 01:05

    • Severity: high
      Fingerprint: 03cb82e6f6a6b45342c4bbcb4b4d50b5e9848d861f366845ea9ad3285307ce8f

      Found public CheckMk agent:
Version: 1.4.0p30
AgentOS: linux
Hostname: moly1.molygoshop.com
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local

Found process list through CheckMk:
(root,249500,12808,00:16:08/5-21:32:55,1) /usr/lib/systemd/systemd --switched-root --system --deserialize 18
(root,0,0,00:00:00/5-21:32:55,2) [kthreadd]
(root,0,0,00:00:00/5-21:32:55,3) [rcu_gp]
(root,0,0,00:00:00/5-21:32:55,4) [rcu_par_gp]
(root,0,0,00:00:00/5-21:32:55,5) [slub_flushwq]
(root,0,0,00:00:00/5-21:32:55,7) [kworker/0:0H-events_highpri]
(root,0,0,00:00:00/5-21:32:55,9) [mm_percpu_wq]
(root,0,0,00:00:00/5-21:32:55,10) [rcu_tasks_rude_]
(root,0,0,00:00:00/5-21:32:55,11) [rcu_tasks_trace]
(root,0,0,00:00:03/5-21:32:55,12) [ksoftirqd/0]
(root,0,0,00:04:59/5-21:32:55,13) [rcu_sched]
(root,0,0,00:00:00/5-21:32:55,14) [migration/0]
(root,0,0,00:00:00/5-21:32:55,15) [watchdog/0]
(root,0,0,00:00:00/5-21:32:55,16) [cpuhp/0]
(root,0,0,00:00:00/5-21:32:55,17) [cpuhp/1]
(root,0,0,00:00:00/5-21:32:55,18) [watchdog/1]
(root,0,0,00:00:00/5-21:32:55,19) [migration/1]
(root,0,0,00:00:04/5-21:32:55,20) [ksoftirqd/1]
(root,0,0,00:00:00/5-21:32:55,22) [kworker/1:0H-events_highpri]
(root,0,0,00:00:00/5-21:32:55,23) [cpuhp/2]
(root,0,0,00:00:00/5-21:32:55,24) [watchdog/2]
(root,0,0,00:00:00/5-21:32:55,25) [migration/2]
(root,0,0,00:00:06/5-21:32:55,26) [ksoftirqd/2]
(root,0,0,00:00:00/5-21:32:55,28) [kworker/2:0H-events_highpri]
(root,0,0,00:00:00/5-21:32:55,29) [cpuhp/3]
(root,0,0,00:00:00/5-21:32:55,30) [watchdog/3]
(root,0,0,00:00:00/5-21:32:55,31) [migration/3]
(root,0,0,00:00:04/5-21:32:55,32) [ksoftirqd/3]
(root,0,0,00:00:00/5-21:32:55,34) [kworker/3:0H-events_highpri]
(root,0,0,00:00:00/5-21:32:55,39) [kdevtmpfs]
(root,0,0,00:00:00/5-21:32:55,40) [netns]
(root,0,0,00:00:02/5-21:32:55,41) [kauditd]
(root,0,0,00:00:01/5-21:32:55,43) [khungtaskd]
(root,0,0,00:00:00/5-21:32:55,44) [oom_reaper]
(root,0,0,00:00:00/5-21:32:55,45) [writeback]
(root,0,0,00:00:00/5-21:32:55,46) [kcompactd0]
(root,0,0,00:00:00/5-21:32:55,47) [ksmd]
(root,0,0,00:01:13/5-21:32:55,48) [khugepaged]
(root,0,0,00:00:00/5-21:32:55,49) [crypto]
(root,0,0,00:00:00/5-21:32:55,50) [kintegrityd]
(root,0,0,00:00:00/5-21:32:55,51) [kblockd]
(root,0,0,00:00:00/5-21:32:55,52) [blkcg_punt_bio]
(root,0,0,00:00:00/5-21:32:55,54) [tpm_dev_wq]
(root,0,0,00:00:00/5-21:32:55,55) [md]
(root,0,0,00:00:00/5-21:32:55,56) [md_bitmap]
(root,0,0,00:00:00/5-21:32:55,57) [edac-poller]
(root,0,0,00:00:00/5-21:32:55,58) [watchdogd]
(root,0,0,00:03:07/5-21:32:55,61) [kworker/3:1H-kblockd]
(root,0,0,00:00:05/5-21:32:54,64) [kswapd0]
(root,0,0,00:00:00/5-21:32:54,125) [kthrotld]
(root,0,0,00:00:00/5-21:32:54,126) [acpi_thermal_pm]
(root,0,0,00:00:00/5-21:32:54,127) [kmpath_rdacd]
(root,0,0,00:00:00/5-21:32:54,128) [kaluad]
(root,0,0,00:01:23/5-21:32:54,129) [kworker/2:1H-kblockd]
(root,0,0,00:00:00/5-21:32:54,130) [ipv6_addrconf]
(root,0,0,00:00:00/5-21:32:54,131) [kstrp]
(root,0,0,00:00:00/5-21:32:54,132) [zswap-shrink]
(root,0,0,00:02:13/5-21:32:54,142) [kworker/1:1H-kblockd]
(root,0,0,00:01:45/5-21:32:53,178) [kworker/0:1H-kblockd]
(root,0,0,00:00:00/5-21:32:52,355) [ata_sff]
(root,0,0,00:00:04/5-21:32:52,359) [scsi_eh_0]
(root,0,0,00:00:00/5-21:32:52,360) [scsi_tmf_0]
(root,0,0,00:00:00/5-21:32:52,361) [scsi_eh_1]
(root,0,0,00:00:00/5-21:32:52,362) [scsi_tmf_1]
(root,0,0,00:00:00/5-21:32:52,367) [ttm]
(root,0,0,00:00:00/5-21:32:51,438) [kdmflush/253:0]
(root,0,0,00:00:00/5-21:32:50,449) [kdmflush/253:1]
(root,0,0,00:00:00/5-21:32:48,477) [xfsalloc]
(root,0,0,00:00:00/5-21:32:48,478) [xfs_mru_cache]
(root,0,0,00:00:00/5-21:32:48,479) [xfs-buf/dm-0]
(root,0,0,00:00:00/5-21:32:48,480) [xfs-conv/dm-0]
(root,0,0,00:00:00/5-21:32:48,481) [xfs-cil/dm-0]
(root,0,0,00:00:00/5-21:32:48,482) [xfs-reclaim/dm-]
(root,0,0,00:00:00/5-21:32:48,483) [xfs-blockgc/dm-]
(root,0,0,00:00:00/5-21:32:48,484) [xfs-log/dm-0]
(root,0,0,00:01:57/5-21:32:48,485) [xfsaild/dm-0]
(root,108968,19632,00:02:26/5-21:31:56,579) /usr/lib/systemd/systemd-journald
(root,0,0,00:00:00/5-21:31:49,620) [xfs-buf/sda1]
(root,0,0,00:00:00/5-21:31:49,621) [xfs-conv/sda1]
(root,0,0,00:00:00/5-21:31:49,622) [xfs-cil/sda1]
(root,0,0,00:00:00/5-21:31:49,623) [xfs-reclaim/sda]
(root,0,0,00:00:00/5-21:31:49,624) [xfs-blockgc/sda]
(root,0,0,00:00:00/5-21:31:49,625) [xfs-log/sda1]
(root,0,0,00:00:00/5-21:31:49,626) [xfsaild/sda1]
(root,98336,9380,00:00:03/5-21:31:44,628) /usr/lib/systemd/systemd-udevd
(root,0,0,00:00:00/5-21:31:33,676) [kdmflush/253:2]
(root,0,0,00:00:00/5-21:31:29,684) [xfs-buf/dm-2]
(root,0,0,00:00:00/5-21:31:29,685) [xfs-conv/dm-2]
(root,0,0,00:00:00/5-21:31:29,686) [xfs-cil/dm-2]
(root,0,0,00:00:00/5-21:31:29,687) [xfs-reclaim/dm-]
(root,0,0,00:00:00/5-21:31:29,688) [xfs-blockgc/dm-]
(root,0,0,00:00:00/5-21:31:29,691) [xfs-log/dm-2]
(root,0,0,00:00:22/5-21:31:29,692) [xfsaild/dm-2]
(rpc,67460,5212,00:00:01/5-21:31:01,713) /usr/bin/rpcbind -w -f
(root,0,0,00:00:00/5-21:31:00,716) [rpciod]
(root,0,0,00:00:00/5-21:31:00,717) [xprtiod]
(root,57392,2252,00:00:17/5-21:31:00,720) /sbin/auditd
(root,239864,3072,00:00:00/5-21:30:49,760) /usr/sbin/pure-authd -s /var/run/ftpd.sock -r /usr/local/cpanel/bin/pureauth
(root,50776,5904,00:00:00/5-21:30:48,762) /usr/sbin/smartd -n -q never
(root,125068,5468,00:00:22/5-21:30:47,764) /usr/sbin/irqbalance --foreground
(root,318812,12656,00:00:59/5-21:30:47,766) queueprocd - waiting up to 60s to process a task
(dbus,56636,5400,00:01:54/5-21:30:47,769) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
(root,79884,7612,00:00:52/5-21:30:47,770) /usr/lib/systemd/systemd-logind
(nscd,1030468,4180,00:01:06/5-21:30:45,778) /usr/sbin/nscd
(chrony,140188,4468,00:00:04/5-21:30:44,788) /usr/sbin/chronyd
(mailnull,88316,18460,00:00:41/5-21:30:20,882) /usr/sbin/exim -ps -bd -q15m -oP /var/spool/exim/exim-daemon.pid
(root,0,0,00:00:12/5-21:30:03,1038) [loop0]
(root,0,0,00:00:03/5-21:29:59,1130) [jbd2/loop0-8]
(root,0,0,00:00:00/5-21:29:59,1131) [ext4-rsv-conver]
(root,75028,7384,00:00:11/5-21:29:56,1225) /usr/sbin/sshd -D -oCiphers=aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes256-ctr,aes256-cbc,aes128-gcm@openssh.com,aes128-ctr,aes128-cbc -oMACs=hmac-sha2-256-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha1,umac-128@openssh.com,hmac-sha2-512 -oGSSAPIKexAlgorithms=gss-curve25519-sha256-,gss-nistp256-sha256-,gss-group14-sha256-,gss-group16-sha512-,gss-gex-sha1-,gss-group14-sha1- -oKexAlgorithms=curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1 -oHostKeyAlgorithms=ecdsa-sha2-nistp256,ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521,ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh-ed25519,ssh-ed25519-cert-v01@openssh.com,rsa-sha2-256,rsa-sha2-256-cert-v01@openssh.com,rsa-sha2-512,rsa-sha2-512-cert-v01@openssh.com,ssh-rsa,ssh-rsa-cert-v01@openssh.com -oPubkeyAcceptedKeyTypes=ecdsa-sha2-nistp256,ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521,ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh-ed25519,ssh-ed25519-cert-v01@openssh.com,rsa-sha2-256,rsa-sha2-256-cert-v01@openssh.com,rsa-sha2-512,rsa-sha2-512-cert-v01@openssh.com,ssh-rsa,ssh-rsa-cert-v01@openssh.com -oCASignatureAlgorithms=ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519,rsa-sha2-256,rsa-sha2-512,ssh-rsa
(root,44608,4720,00:00:08/5-21:29:56,1229) /usr/sbin/dovecot -F -c /etc/dovecot/dovecot.conf
(root,240472,5800,00:00:01/5-21:29:55,1231) pure-ftpd (SERVER)
(root,470860,18628,00:01:57/5-21:29:55,1238) /usr/sbin/rsyslogd -n
(root,362348,36484,00:05:29/5-21:29:51,1245) cpsrvd (SSL) - waiting for connections                    
(root,49208,3280,00:00:00/5-21:29:45,1251) /usr/sbin/xinetd -stayalive -pidfile /var/run/xinetd.pid
(root,314972,3596,00:00:00/5-21:29:28,1272) /usr/sbin/gssproxy -D
(root,0,0,00:00:00/5-21:29:27,1274) [ib-comp-wq]
(root,0,0,00:00:00/5-21:29:27,1275) [kworker/u9:0]
(root,0,0,00:00:00/5-21:29:27,1276) [ib-comp-unb-wq]
(root,0,0,00:00:00/5-21:29:27,1277) [ib_mcast]
(root,0,0,00:00:00/5-21:29:27,1278) [ib_nl_sa_wq]
(dovenull,27416,7304,00:00:02/5-21:29:27,1283) dovecot/pop3-login
(dovenull,27572,7288,00:00:02/5-21:29:27,1284) dovecot/imap-login
(dovecot,10472,1336,00:00:01/5-21:29:27,1285) dovecot/anvil
(root,10732,2892,00:00:03/5-21:29:27,1286) dovecot/log
(dovenull,27460,7232,00:00:02/5-21:29:27,1287) dovecot/pop3-login
(dovenull,27448,7312,00:00:02/5-21:29:27,1288) dovecot/imap-login
(root,16520,4972,00:00:06/5-21:29:25,1290) dovecot/config
(cpanelconnecttrack,23476,4796,00:20:28/5-21:29:22,1295) /usr/local/cpanel/3rdparty/sbin/p0f -i any -u cpanelconnecttrack -d -s /var/cpanel/userhomes/cpanelconnecttrack/p0f.socket less 400 and not dst port 80 and not dst port 443 and tcp[13] & 8==0
(dovecot,14232,3192,00:00:03/5-21:29:21,1304) dovecot/stats
(root,233820,3044,00:00:10/5-21:29:19,1320) /usr/sbin/crond -n
(root,24504,1448,00:00:00/5-21:29:17,1330) /usr/sbin/atd -f
(root,217772,816,00:00:00/5-21:29:10,1357) /sbin/agetty -o -p -- \u --noclear tty1 linux
(mysql,1920952,307424,00:18:13/5-21:28:39,1684) /usr/sbin/mariadbd
(root,296320,9548,00:00:21/5-21:28:38,1687) dnsadmin - dormant mode
(root,296612,9616,00:04:14/5-21:28:38,1688) cPhulkd - processor - dormant mode - accepting connections
(root,268092,4240,00:00:04/5-21:28:22,1811) cpanellogd - sleeping for logs
(named,1180008,53584,00:01:08/5-21:28:06,1899) /usr/sbin/pdns_server --socket-dir=/run/pdns --guardian=no --daemon=no --disable-syslog --log-timestamp=no --write-pid=no
(root,336248,24776,00:01:43/5-21:19:19,3434) tailwatchd
(root,376420,40128,00:01:08/5-21:13:29,4361) cpdavd - accepting connections on: 2079, 2080, 2091, 2077, 2078
(root,0,0,00:00:00/4-09:00:42,328317) [dio/dm-0]
(root,410236,10852,00:00:17/4-03:05:36,379586) php-fpm: master process (/usr/local/cpanel/etc/php-fpm.conf)
(root,565512,31784,00:00:06/4-03:05:35,379617) sw-engine-fpm: master process (/etc/sw-engine/sw-engine-fpm.conf)
(wp-toolkit,524804,48596,00:02:56/4-03:05:29,379691) /usr/bin/sw-engine /usr/local/cpanel/3rdparty/wp-toolkit/bin/run-script background-tasks-executor.php
(wp-toolkit,508148,35792,00:00:12/4-03:05:29,379695) /usr/bin/sw-engine /usr/local/cpanel/3rdparty/wp-toolkit/bin/run-script scheduled-tasks-executor.php
(root,211268,9244,00:00:12/2-03:08:19,815941) /usr/sbin/httpd -k start
(root,13912,1456,00:00:00/2-03:08:19,815942) /usr/local/cpanel/bin/splitlogs --dir=/etc/apache2/logs/domlogs --main=moly1.molygoshop.com --suffix=-bytes_log
(root,13912,1424,00:00:00/2-03:08:19,815943) /usr/local/cpanel/bin/splitlogs --dir=/etc/apache2/logs/domlogs --main=moly1.molygoshop.com --mainout=/etc/apache2/logs/access_log
(root,82164,12080,00:00:00/2-03:08:19,815944) /usr/local/cpanel/3rdparty/bin/perl /usr/local/cpanel/bin/leechprotect
(root,457660,17008,00:00:19/2-03:08:13,815979) php-fpm: master process (/opt/cpanel/ea-php81/root/etc/php-fpm.conf)
(root,334980,33024,00:00:53/08:54:20,1228714) lfd - sleeping
(nobody,213072,11256,00:00:00/06:38:08,1251579) /usr/sbin/httpd -k start
(nobody,213080,11252,00:00:00/06:38:08,1251580) /usr/sbin/httpd -k start
(nobody,212820,10996,00:00:00/06:38:06,1251602) /usr/sbin/httpd -k start
(nobody,212864,11060,00:00:00/05:42:46,1260956) /usr/sbin/httpd -k start
(nobody,213080,11104,00:00:00/03:53:03,1279413) /usr/sbin/httpd -k start
(nobody,213268,11196,00:00:00/03:52:59,1279430) /usr/sbin/httpd -k start
(nobody,212852,10916,00:00:00/03:52:58,1279433) /usr/sbin/httpd -k start
(root,301580,155456,00:00:11/03:06:15,1288301) /usr/local/cpanel/3rdparty/perl/536/bin/perl -T -w /usr/local/cpanel/3rdparty/bin/spamd --allowed-ips=127.0.0.1,::1 --max-children=5 --pidfile=/var/run/spamd.pid --listen=5 --listen=6
(nobody,213084,11124,00:00:00/02:53:14,1290515) /usr/sbin/httpd -k start
(nobody,213228,11256,00:00:00/02:53:13,1290518) /usr/sbin/httpd -k start
(nobody,212920,10984,00:00:00/02:52:33,1290683) /usr/sbin/httpd -k start
(root,302856,147948,00:00:03/02:51:22,1290856) spamd child
(root,301580,146444,00:00:00/02:51:22,1290857) spamd child
(root,0,0,00:00:00/01:38:03,1302766) [kworker/u8:2-events_unbound]
(root,0,0,00:00:00/53:27,1309932) [kworker/u8:0-xfs-cil/dm-2]
(root,0,0,00:00:00/39:07,1312240) [kworker/0:3-cgroup_pidlist_destroy]
(root,0,0,00:00:00/37:03,1312632) [kworker/u8:1-events_unbound]
(root,0,0,00:00:00/19:20,1315289) [kworker/3:0-cgroup_pidlist_destroy]
(root,0,0,00:00:00/14:21,1316123) [kworker/0:1-events]
(root,0,0,00:00:00/13:50,1316235) [kworker/2:2-cgroup_destroy]
(root,0,0,00:00:00/13:21,1316281) [kworker/1:3-cgroup_pidlist_destroy]
(root,0,0,00:00:00/09:21,1316955) [kworker/0:2-mm_percpu_wq]
(root,0,0,00:00:00/09:17,1316977) [kworker/3:1-events]
(root,0,0,00:00:00/09:07,1316993) [kworker/3:2-cgroup_destroy]
(root,0,0,00:00:00/09:07,1316994) [kworker/1:4-events]
(root,0,0,00:00:00/06:50,1317343) [kworker/2:3-cgroup_pidlist_destroy]
(root,0,0,00:00:00/03:56,1317831) [kworker/1:0-cgroup_destroy]
(root,0,0,00:00:00/02:50,1318036) [kworker/3:3-events]
(root,0,0,00:00:00/01:50,1318187) [kworker/1:1-kdmflush/253:2]
(dovecot,37216,4132,00:00:00/01:18,1318246) dovecot/auth
(root,43956,8220,00:00:00/01:17,1318280) dovecot/lmtp
(root,0,0,00:00:00/00:50,1318442) [kworker/2:0-cgroup_pidlist_destroy]
(root,0,0,00:00:00/00:50,1318443) [kworker/2:1-events]
(mailnull,88664,11160,00:00:00/00:16,1318482) /usr/sbin/exim -ps -bd -q15m -oP /var/spool/exim/exim-daemon.pid
(mailnull,88664,11160,00:00:00/00:16,1318483) /usr/sbin/exim -ps -bd -q15m -oP /var/spool/exim/exim-daemon.pid
(root,222732,3248,00:00:00/00:00,1318613) /bin/bash /usr/bin/check_mk_agent
(root,42868,2144,00:00:00/00:00,1318636) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000
(root,17756,1304,00:00:00/00:00,1318637) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) /

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: ens18: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP mode DEFAULT group default qlen 1000
    link/ether 86:26:7e:9b:5a:f9 brd ff:ff:ff:ff:ff:ff
    altname enp0s18
3: ens19: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP mode DEFAULT group default qlen 1000
    link/ether 46:26:9b:9b:f9:21 brd ff:ff:ff:ff:ff:ff
    altname enp0s19
[end_iplink]
      Found on 2024-12-08 00:54

    • Severity: high
      Fingerprint: 03cb82e6f6a6b45342c4bbcb4b4d50b5e9848d861f366845ea9ad328de6f8438

      Found public CheckMk agent:
Version: 1.4.0p30
AgentOS: linux
Hostname: moly1.molygoshop.com
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local

Found process list through CheckMk:
(root,249500,13328,00:10:32/3-21:39:16,1) /usr/lib/systemd/systemd --switched-root --system --deserialize 18
(root,0,0,00:00:00/3-21:39:16,2) [kthreadd]
(root,0,0,00:00:00/3-21:39:16,3) [rcu_gp]
(root,0,0,00:00:00/3-21:39:16,4) [rcu_par_gp]
(root,0,0,00:00:00/3-21:39:16,5) [slub_flushwq]
(root,0,0,00:00:00/3-21:39:16,7) [kworker/0:0H-events_highpri]
(root,0,0,00:00:00/3-21:39:16,9) [mm_percpu_wq]
(root,0,0,00:00:00/3-21:39:16,10) [rcu_tasks_rude_]
(root,0,0,00:00:00/3-21:39:16,11) [rcu_tasks_trace]
(root,0,0,00:00:02/3-21:39:16,12) [ksoftirqd/0]
(root,0,0,00:03:14/3-21:39:16,13) [rcu_sched]
(root,0,0,00:00:00/3-21:39:16,14) [migration/0]
(root,0,0,00:00:00/3-21:39:16,15) [watchdog/0]
(root,0,0,00:00:00/3-21:39:16,16) [cpuhp/0]
(root,0,0,00:00:00/3-21:39:16,17) [cpuhp/1]
(root,0,0,00:00:00/3-21:39:16,18) [watchdog/1]
(root,0,0,00:00:00/3-21:39:16,19) [migration/1]
(root,0,0,00:00:02/3-21:39:16,20) [ksoftirqd/1]
(root,0,0,00:00:00/3-21:39:16,22) [kworker/1:0H-events_highpri]
(root,0,0,00:00:00/3-21:39:16,23) [cpuhp/2]
(root,0,0,00:00:00/3-21:39:16,24) [watchdog/2]
(root,0,0,00:00:00/3-21:39:16,25) [migration/2]
(root,0,0,00:00:04/3-21:39:16,26) [ksoftirqd/2]
(root,0,0,00:00:00/3-21:39:16,28) [kworker/2:0H-events_highpri]
(root,0,0,00:00:00/3-21:39:16,29) [cpuhp/3]
(root,0,0,00:00:00/3-21:39:16,30) [watchdog/3]
(root,0,0,00:00:00/3-21:39:16,31) [migration/3]
(root,0,0,00:00:02/3-21:39:16,32) [ksoftirqd/3]
(root,0,0,00:00:00/3-21:39:16,34) [kworker/3:0H-events_highpri]
(root,0,0,00:00:00/3-21:39:16,39) [kdevtmpfs]
(root,0,0,00:00:00/3-21:39:16,40) [netns]
(root,0,0,00:00:01/3-21:39:16,41) [kauditd]
(root,0,0,00:00:00/3-21:39:16,43) [khungtaskd]
(root,0,0,00:00:00/3-21:39:16,44) [oom_reaper]
(root,0,0,00:00:00/3-21:39:16,45) [writeback]
(root,0,0,00:00:00/3-21:39:16,46) [kcompactd0]
(root,0,0,00:00:00/3-21:39:16,47) [ksmd]
(root,0,0,00:00:47/3-21:39:16,48) [khugepaged]
(root,0,0,00:00:00/3-21:39:16,49) [crypto]
(root,0,0,00:00:00/3-21:39:16,50) [kintegrityd]
(root,0,0,00:00:00/3-21:39:16,51) [kblockd]
(root,0,0,00:00:00/3-21:39:16,52) [blkcg_punt_bio]
(root,0,0,00:00:00/3-21:39:16,54) [tpm_dev_wq]
(root,0,0,00:00:00/3-21:39:16,55) [md]
(root,0,0,00:00:00/3-21:39:16,56) [md_bitmap]
(root,0,0,00:00:00/3-21:39:16,57) [edac-poller]
(root,0,0,00:00:00/3-21:39:16,58) [watchdogd]
(root,0,0,00:02:07/3-21:39:16,61) [kworker/3:1H-kblockd]
(root,0,0,00:00:01/3-21:39:15,64) [kswapd0]
(root,0,0,00:00:00/3-21:39:15,125) [kthrotld]
(root,0,0,00:00:00/3-21:39:15,126) [acpi_thermal_pm]
(root,0,0,00:00:00/3-21:39:15,127) [kmpath_rdacd]
(root,0,0,00:00:00/3-21:39:15,128) [kaluad]
(root,0,0,00:00:57/3-21:39:15,129) [kworker/2:1H-kblockd]
(root,0,0,00:00:00/3-21:39:15,130) [ipv6_addrconf]
(root,0,0,00:00:00/3-21:39:15,131) [kstrp]
(root,0,0,00:00:00/3-21:39:15,132) [zswap-shrink]
(root,0,0,00:01:28/3-21:39:15,142) [kworker/1:1H-kblockd]
(root,0,0,00:01:09/3-21:39:14,178) [kworker/0:1H-kblockd]
(root,0,0,00:00:00/3-21:39:13,355) [ata_sff]
(root,0,0,00:00:04/3-21:39:13,359) [scsi_eh_0]
(root,0,0,00:00:00/3-21:39:13,360) [scsi_tmf_0]
(root,0,0,00:00:00/3-21:39:13,361) [scsi_eh_1]
(root,0,0,00:00:00/3-21:39:13,362) [scsi_tmf_1]
(root,0,0,00:00:00/3-21:39:13,367) [ttm]
(root,0,0,00:00:00/3-21:39:12,438) [kdmflush/253:0]
(root,0,0,00:00:00/3-21:39:11,449) [kdmflush/253:1]
(root,0,0,00:00:00/3-21:39:09,477) [xfsalloc]
(root,0,0,00:00:00/3-21:39:09,478) [xfs_mru_cache]
(root,0,0,00:00:00/3-21:39:09,479) [xfs-buf/dm-0]
(root,0,0,00:00:00/3-21:39:09,480) [xfs-conv/dm-0]
(root,0,0,00:00:00/3-21:39:09,481) [xfs-cil/dm-0]
(root,0,0,00:00:00/3-21:39:09,482) [xfs-reclaim/dm-]
(root,0,0,00:00:00/3-21:39:09,483) [xfs-blockgc/dm-]
(root,0,0,00:00:00/3-21:39:09,484) [xfs-log/dm-0]
(root,0,0,00:01:17/3-21:39:09,485) [xfsaild/dm-0]
(root,210404,98036,00:01:31/3-21:38:17,579) /usr/lib/systemd/systemd-journald
(root,0,0,00:00:00/3-21:38:10,620) [xfs-buf/sda1]
(root,0,0,00:00:00/3-21:38:10,621) [xfs-conv/sda1]
(root,0,0,00:00:00/3-21:38:10,622) [xfs-cil/sda1]
(root,0,0,00:00:00/3-21:38:10,623) [xfs-reclaim/sda]
(root,0,0,00:00:00/3-21:38:10,624) [xfs-blockgc/sda]
(root,0,0,00:00:00/3-21:38:10,625) [xfs-log/sda1]
(root,0,0,00:00:00/3-21:38:10,626) [xfsaild/sda1]
(root,98336,9524,00:00:02/3-21:38:05,628) /usr/lib/systemd/systemd-udevd
(root,0,0,00:00:00/3-21:37:54,676) [kdmflush/253:2]
(root,0,0,00:00:00/3-21:37:50,684) [xfs-buf/dm-2]
(root,0,0,00:00:00/3-21:37:50,685) [xfs-conv/dm-2]
(root,0,0,00:00:00/3-21:37:50,686) [xfs-cil/dm-2]
(root,0,0,00:00:00/3-21:37:50,687) [xfs-reclaim/dm-]
(root,0,0,00:00:00/3-21:37:50,688) [xfs-blockgc/dm-]
(root,0,0,00:00:00/3-21:37:50,691) [xfs-log/dm-2]
(root,0,0,00:00:16/3-21:37:50,692) [xfsaild/dm-2]
(rpc,67328,5212,00:00:00/3-21:37:22,713) /usr/bin/rpcbind -w -f
(root,0,0,00:00:00/3-21:37:21,716) [rpciod]
(root,0,0,00:00:00/3-21:37:21,717) [xprtiod]
(root,57392,2280,00:00:11/3-21:37:21,720) /sbin/auditd
(root,239864,3072,00:00:00/3-21:37:10,760) /usr/sbin/pure-authd -s /var/run/ftpd.sock -r /usr/local/cpanel/bin/pureauth
(root,50776,5904,00:00:00/3-21:37:09,762) /usr/sbin/smartd -n -q never
(root,125068,5468,00:00:14/3-21:37:08,764) /usr/sbin/irqbalance --foreground
(root,318812,19340,00:00:39/3-21:37:08,766) queueprocd - waiting up to 60s to process a task
(dbus,56636,5396,00:01:14/3-21:37:08,769) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
(root,79884,7612,00:00:33/3-21:37:08,770) /usr/lib/systemd/systemd-logind
(nscd,1030468,4172,00:00:42/3-21:37:06,778) /usr/sbin/nscd
(chrony,140188,4476,00:00:02/3-21:37:05,788) /usr/sbin/chronyd
(mailnull,106160,16300,00:00:21/3-21:36:41,882) /usr/sbin/exim -ps -bd -q15m -oP /var/spool/exim/exim-daemon.pid
(root,0,0,00:00:08/3-21:36:24,1038) [loop0]
(root,0,0,00:00:02/3-21:36:20,1130) [jbd2/loop0-8]
(root,0,0,00:00:00/3-21:36:20,1131) [ext4-rsv-conver]
(root,75028,7392,00:00:07/3-21:36:17,1225) /usr/sbin/sshd -D -oCiphers=aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes256-ctr,aes256-cbc,aes128-gcm@openssh.com,aes128-ctr,aes128-cbc -oMACs=hmac-sha2-256-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha1,umac-128@openssh.com,hmac-sha2-512 -oGSSAPIKexAlgorithms=gss-curve25519-sha256-,gss-nistp256-sha256-,gss-group14-sha256-,gss-group16-sha512-,gss-gex-sha1-,gss-group14-sha1- -oKexAlgorithms=curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1 -oHostKeyAlgorithms=ecdsa-sha2-nistp256,ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521,ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh-ed25519,ssh-ed25519-cert-v01@openssh.com,rsa-sha2-256,rsa-sha2-256-cert-v01@openssh.com,rsa-sha2-512,rsa-sha2-512-cert-v01@openssh.com,ssh-rsa,ssh-rsa-cert-v01@openssh.com -oPubkeyAcceptedKeyTypes=ecdsa-sha2-nistp256,ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521,ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh-ed25519,ssh-ed25519-cert-v01@openssh.com,rsa-sha2-256,rsa-sha2-256-cert-v01@openssh.com,rsa-sha2-512,rsa-sha2-512-cert-v01@openssh.com,ssh-rsa,ssh-rsa-cert-v01@openssh.com -oCASignatureAlgorithms=ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519,rsa-sha2-256,rsa-sha2-512,ssh-rsa
(root,44608,4720,00:00:05/3-21:36:17,1229) /usr/sbin/dovecot -F -c /etc/dovecot/dovecot.conf
(root,240472,5900,00:00:00/3-21:36:16,1231) pure-ftpd (SERVER)
(root,383372,30984,00:01:11/3-21:36:16,1238) /usr/sbin/rsyslogd -n
(root,297252,10276,00:03:37/3-21:36:12,1245) cpsrvd (SSL) - dormant mode - accepting connections
(root,49208,3280,00:00:00/3-21:36:06,1251) /usr/sbin/xinetd -stayalive -pidfile /var/run/xinetd.pid
(root,314972,3596,00:00:00/3-21:35:49,1272) /usr/sbin/gssproxy -D
(root,0,0,00:00:00/3-21:35:48,1274) [ib-comp-wq]
(root,0,0,00:00:00/3-21:35:48,1275) [kworker/u9:0]
(root,0,0,00:00:00/3-21:35:48,1276) [ib-comp-unb-wq]
(root,0,0,00:00:00/3-21:35:48,1277) [ib_mcast]
(root,0,0,00:00:00/3-21:35:48,1278) [ib_nl_sa_wq]
(dovenull,27300,6740,00:00:01/3-21:35:48,1283) dovecot/pop3-login
(dovenull,27336,7364,00:00:01/3-21:35:48,1284) dovecot/imap-login
(dovecot,10472,1336,00:00:00/3-21:35:48,1285) dovecot/anvil
(root,10732,2892,00:00:02/3-21:35:48,1286) dovecot/log
(dovenull,27460,7348,00:00:01/3-21:35:48,1287) dovecot/pop3-login
(dovenull,27300,7272,00:00:01/3-21:35:48,1288) dovecot/imap-login
(root,16520,4972,00:00:04/3-21:35:46,1290) dovecot/config
(cpanelconnecttrack,23468,4796,00:13:36/3-21:35:43,1295) /usr/local/cpanel/3rdparty/sbin/p0f -i any -u cpanelconnecttrack -d -s /var/cpanel/userhomes/cpanelconnecttrack/p0f.socket less 400 and not dst port 80 and not dst port 443 and tcp[13] & 8==0
(dovecot,14232,3192,00:00:02/3-21:35:42,1304) dovecot/stats
(root,233820,3096,00:00:06/3-21:35:40,1320) /usr/sbin/crond -n
(root,24504,1448,00:00:00/3-21:35:38,1330) /usr/sbin/atd -f
(root,217772,820,00:00:00/3-21:35:31,1357) /sbin/agetty -o -p -- \u --noclear tty1 linux
(mysql,1920652,321620,00:12:42/3-21:35:00,1684) /usr/sbin/mariadbd
(root,296320,9544,00:00:14/3-21:34:59,1687) dnsadmin - dormant mode
(root,296612,9548,00:02:47/3-21:34:59,1688) cPhulkd - processor - dormant mode - accepting connections
(root,268092,5324,00:00:03/3-21:34:43,1811) cpanellogd - sleeping for logs
(named,852328,63892,00:00:45/3-21:34:27,1899) /usr/sbin/pdns_server --socket-dir=/run/pdns --guardian=no --daemon=no --disable-syslog --log-timestamp=no --write-pid=no
(root,336112,25972,00:01:00/3-21:25:40,3434) tailwatchd
(root,312864,12776,00:00:43/3-21:19:50,4361) cpdavd - accepting connections on: 2079, 2080, 2091, 2077, 2078 (dormant)
(root,0,0,00:00:00/2-09:07:03,328317) [dio/dm-0]
(root,410236,12016,00:00:09/2-03:11:57,379586) php-fpm: master process (/usr/local/cpanel/etc/php-fpm.conf)
(root,565512,40020,00:00:02/2-03:11:56,379617) sw-engine-fpm: master process (/etc/sw-engine/sw-engine-fpm.conf)
(wp-toolkit,524804,64148,00:01:30/2-03:11:50,379691) /usr/bin/sw-engine /usr/local/cpanel/3rdparty/wp-toolkit/bin/run-script background-tasks-executor.php
(wp-toolkit,508148,47224,00:00:06/2-03:11:50,379695) /usr/bin/sw-engine /usr/local/cpanel/3rdparty/wp-toolkit/bin/run-script scheduled-tasks-executor.php
(root,334952,33660,00:00:47/09:00:43,761263) lfd - sleeping
(root,0,0,00:00:01/05:54:45,790539) [kworker/u8:3-xfs-cil/dm-0]
(root,0,0,00:00:01/04:38:00,802180) [kworker/u8:0-writeback]
(root,211268,11764,00:00:00/03:14:40,815941) /usr/sbin/httpd -k start
(root,13912,2016,00:00:00/03:14:40,815942) /usr/local/cpanel/bin/splitlogs --dir=/etc/apache2/logs/domlogs --main=moly1.molygoshop.com --suffix=-bytes_log
(root,13912,1928,00:00:00/03:14:40,815943) /usr/local/cpanel/bin/splitlogs --dir=/etc/apache2/logs/domlogs --main=moly1.molygoshop.com --mainout=/etc/apache2/logs/access_log
(root,82164,16208,00:00:00/03:14:40,815944) /usr/local/cpanel/3rdparty/bin/perl /usr/local/cpanel/bin/leechprotect
(root,457660,24576,00:00:01/03:14:34,815979) php-fpm: master process (/opt/cpanel/ea-php81/root/etc/php-fpm.conf)
(root,301592,155360,00:00:11/03:12:47,817062) /usr/local/cpanel/3rdparty/perl/536/bin/perl -T -w /usr/local/cpanel/3rdparty/bin/spamd --allowed-ips=127.0.0.1,::1 --max-children=5 --pidfile=/var/run/spamd.pid --listen=5 --listen=6
(root,302864,148100,00:00:03/02:59:58,819103) spamd child
(root,301592,146456,00:00:00/02:59:58,819104) spamd child
(nobody,212892,12204,00:00:00/02:41:29,822200) /usr/sbin/httpd -k start
(nobody,213184,12180,00:00:00/02:41:27,822245) /usr/sbin/httpd -k start
(nobody,212852,11740,00:00:00/02:09:31,827578) /usr/sbin/httpd -k start
(nobody,213068,12316,00:00:00/02:08:33,827712) /usr/sbin/httpd -k start
(nobody,213084,12036,00:00:00/02:01:58,828867) /usr/sbin/httpd -k start
(nobody,213296,12080,00:00:00/01:55:34,829977) /usr/sbin/httpd -k start
(nobody,213068,12204,00:00:00/01:55:12,830076) /usr/sbin/httpd -k start
(root,0,0,00:00:00/30:30,843736) [kworker/3:4-cgroup_pidlist_destroy]
(root,0,0,00:00:00/21:44,845123) [kworker/0:3-cgroup_pidlist_destroy]
(root,0,0,00:00:00/21:20,845226) [kworker/2:3-cgroup_pidlist_destroy]
(root,0,0,00:00:00/18:20,845758) [kworker/1:3-cgroup_pidlist_destroy]
(nobody,212900,11536,00:00:00/16:51,845901) /usr/sbin/httpd -k start
(nobody,212900,11432,00:00:00/16:31,845945) /usr/sbin/httpd -k start
(nobody,212624,11024,00:00:00/15:53,846041) /usr/sbin/httpd -k start
(root,0,0,00:00:00/15:30,846109) [kworker/2:1-cgroup_destroy]
(root,0,0,00:00:00/15:30,846113) [kworker/3:0-cgroup_pidlist_destroy]
(root,0,0,00:00:00/13:20,846566) [kworker/2:2-cgroup_pidlist_destroy]
(root,0,0,00:00:00/13:16,846573) [kworker/0:0-events]
(root,0,0,00:00:00/10:31,846872) [kworker/1:0-events]
(root,0,0,00:00:00/09:20,847217) [kworker/1:1-cgroup_pidlist_destroy]
(root,0,0,00:00:00/07:54,847362) [kworker/u8:1-events_unbound]
(root,0,0,00:00:00/07:20,847463) [kworker/0:2-cgroup_pidlist_destroy]
(root,0,0,00:00:00/04:44,847758) [kworker/2:0-events]
(root,0,0,00:00:00/04:33,847778) [kworker/3:1-cgroup_pidlist_destroy]
(root,0,0,00:00:00/04:33,847779) [kworker/3:2-events]
(root,0,0,00:00:00/01:20,848354) [kworker/0:1-events]
(dovecot,37084,3932,00:00:00/00:41,848496) dovecot/auth
(root,0,0,00:00:00/00:30,848513) [kworker/1:2-kdmflush/253:2]
(mailnull,106532,11128,00:00:00/00:06,848607) /usr/sbin/exim -ps -bd -q15m -oP /var/spool/exim/exim-daemon.pid
(mailnull,106532,11128,00:00:00/00:05,848608) /usr/sbin/exim -ps -bd -q15m -oP /var/spool/exim/exim-daemon.pid
(root,222732,3156,00:00:00/00:00,848661) /bin/bash /usr/bin/check_mk_agent
(root,222732,3232,00:00:00/00:00,848719) /bin/bash /usr/bin/check_mk_agent
(root,42868,2232,00:00:00/00:00,848742) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000
(root,17756,1240,00:00:00/00:00,848743) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) /

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: ens18: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP mode DEFAULT group default qlen 1000
    link/ether 86:26:7e:9b:5a:f9 brd ff:ff:ff:ff:ff:ff
    altname enp0s18
3: ens19: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP mode DEFAULT group default qlen 1000
    link/ether 46:26:9b:9b:f9:21 brd ff:ff:ff:ff:ff:ff
    altname enp0s19
[end_iplink]
      Found on 2024-12-06 01:00

    • Severity: high
      Fingerprint: 03cb82e6f6a6b45342c4bbcb4b4d50b5e9848d861f366845ea9ad32898776cb9

      Found public CheckMk agent:
Version: 1.4.0p30
AgentOS: linux
Hostname: moly1.molygoshop.com
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local

Found process list through CheckMk:
(root,247436,11592,00:04:57/1-21:32:27,1) /usr/lib/systemd/systemd --switched-root --system --deserialize 18
(root,0,0,00:00:00/1-21:32:27,2) [kthreadd]
(root,0,0,00:00:00/1-21:32:27,3) [rcu_gp]
(root,0,0,00:00:00/1-21:32:27,4) [rcu_par_gp]
(root,0,0,00:00:00/1-21:32:27,5) [slub_flushwq]
(root,0,0,00:00:00/1-21:32:27,7) [kworker/0:0H-events_highpri]
(root,0,0,00:00:00/1-21:32:27,9) [mm_percpu_wq]
(root,0,0,00:00:00/1-21:32:27,10) [rcu_tasks_rude_]
(root,0,0,00:00:00/1-21:32:27,11) [rcu_tasks_trace]
(root,0,0,00:00:01/1-21:32:27,12) [ksoftirqd/0]
(root,0,0,00:01:32/1-21:32:27,13) [rcu_sched]
(root,0,0,00:00:00/1-21:32:27,14) [migration/0]
(root,0,0,00:00:00/1-21:32:27,15) [watchdog/0]
(root,0,0,00:00:00/1-21:32:27,16) [cpuhp/0]
(root,0,0,00:00:00/1-21:32:27,17) [cpuhp/1]
(root,0,0,00:00:00/1-21:32:27,18) [watchdog/1]
(root,0,0,00:00:00/1-21:32:27,19) [migration/1]
(root,0,0,00:00:01/1-21:32:27,20) [ksoftirqd/1]
(root,0,0,00:00:00/1-21:32:27,22) [kworker/1:0H-events_highpri]
(root,0,0,00:00:00/1-21:32:27,23) [cpuhp/2]
(root,0,0,00:00:00/1-21:32:27,24) [watchdog/2]
(root,0,0,00:00:00/1-21:32:27,25) [migration/2]
(root,0,0,00:00:02/1-21:32:27,26) [ksoftirqd/2]
(root,0,0,00:00:00/1-21:32:27,28) [kworker/2:0H-events_highpri]
(root,0,0,00:00:00/1-21:32:27,29) [cpuhp/3]
(root,0,0,00:00:00/1-21:32:27,30) [watchdog/3]
(root,0,0,00:00:00/1-21:32:27,31) [migration/3]
(root,0,0,00:00:01/1-21:32:27,32) [ksoftirqd/3]
(root,0,0,00:00:00/1-21:32:27,34) [kworker/3:0H-events_highpri]
(root,0,0,00:00:00/1-21:32:27,39) [kdevtmpfs]
(root,0,0,00:00:00/1-21:32:27,40) [netns]
(root,0,0,00:00:00/1-21:32:27,41) [kauditd]
(root,0,0,00:00:00/1-21:32:27,43) [khungtaskd]
(root,0,0,00:00:00/1-21:32:27,44) [oom_reaper]
(root,0,0,00:00:00/1-21:32:27,45) [writeback]
(root,0,0,00:00:00/1-21:32:27,46) [kcompactd0]
(root,0,0,00:00:00/1-21:32:27,47) [ksmd]
(root,0,0,00:00:21/1-21:32:27,48) [khugepaged]
(root,0,0,00:00:00/1-21:32:27,49) [crypto]
(root,0,0,00:00:00/1-21:32:27,50) [kintegrityd]
(root,0,0,00:00:00/1-21:32:27,51) [kblockd]
(root,0,0,00:00:00/1-21:32:27,52) [blkcg_punt_bio]
(root,0,0,00:00:00/1-21:32:27,54) [tpm_dev_wq]
(root,0,0,00:00:00/1-21:32:27,55) [md]
(root,0,0,00:00:00/1-21:32:27,56) [md_bitmap]
(root,0,0,00:00:00/1-21:32:27,57) [edac-poller]
(root,0,0,00:00:00/1-21:32:27,58) [watchdogd]
(root,0,0,00:01:04/1-21:32:27,61) [kworker/3:1H-xfs-log/dm-0]
(root,0,0,00:00:00/1-21:32:26,64) [kswapd0]
(root,0,0,00:00:00/1-21:32:26,125) [kthrotld]
(root,0,0,00:00:00/1-21:32:26,126) [acpi_thermal_pm]
(root,0,0,00:00:00/1-21:32:26,127) [kmpath_rdacd]
(root,0,0,00:00:00/1-21:32:26,128) [kaluad]
(root,0,0,00:00:31/1-21:32:26,129) [kworker/2:1H-kblockd]
(root,0,0,00:00:00/1-21:32:26,130) [ipv6_addrconf]
(root,0,0,00:00:00/1-21:32:26,131) [kstrp]
(root,0,0,00:00:00/1-21:32:26,132) [zswap-shrink]
(root,0,0,00:00:45/1-21:32:26,142) [kworker/1:1H-kblockd]
(root,0,0,00:00:35/1-21:32:25,178) [kworker/0:1H-kblockd]
(root,0,0,00:00:00/1-21:32:24,355) [ata_sff]
(root,0,0,00:00:04/1-21:32:24,359) [scsi_eh_0]
(root,0,0,00:00:00/1-21:32:24,360) [scsi_tmf_0]
(root,0,0,00:00:00/1-21:32:24,361) [scsi_eh_1]
(root,0,0,00:00:00/1-21:32:24,362) [scsi_tmf_1]
(root,0,0,00:00:00/1-21:32:24,367) [ttm]
(root,0,0,00:00:00/1-21:32:23,438) [kdmflush/253:0]
(root,0,0,00:00:00/1-21:32:22,449) [kdmflush/253:1]
(root,0,0,00:00:00/1-21:32:20,477) [xfsalloc]
(root,0,0,00:00:00/1-21:32:20,478) [xfs_mru_cache]
(root,0,0,00:00:00/1-21:32:20,479) [xfs-buf/dm-0]
(root,0,0,00:00:00/1-21:32:20,480) [xfs-conv/dm-0]
(root,0,0,00:00:00/1-21:32:20,481) [xfs-cil/dm-0]
(root,0,0,00:00:00/1-21:32:20,482) [xfs-reclaim/dm-]
(root,0,0,00:00:00/1-21:32:20,483) [xfs-blockgc/dm-]
(root,0,0,00:00:00/1-21:32:20,484) [xfs-log/dm-0]
(root,0,0,00:00:37/1-21:32:20,485) [xfsaild/dm-0]
(root,200952,91364,00:00:43/1-21:31:28,579) /usr/lib/systemd/systemd-journald
(root,0,0,00:00:00/1-21:31:21,620) [xfs-buf/sda1]
(root,0,0,00:00:00/1-21:31:21,621) [xfs-conv/sda1]
(root,0,0,00:00:00/1-21:31:21,622) [xfs-cil/sda1]
(root,0,0,00:00:00/1-21:31:21,623) [xfs-reclaim/sda]
(root,0,0,00:00:00/1-21:31:21,624) [xfs-blockgc/sda]
(root,0,0,00:00:00/1-21:31:21,625) [xfs-log/sda1]
(root,0,0,00:00:00/1-21:31:21,626) [xfsaild/sda1]
(root,98336,9524,00:00:01/1-21:31:16,628) /usr/lib/systemd/systemd-udevd
(root,0,0,00:00:00/1-21:31:05,676) [kdmflush/253:2]
(root,0,0,00:00:00/1-21:31:01,684) [xfs-buf/dm-2]
(root,0,0,00:00:00/1-21:31:01,685) [xfs-conv/dm-2]
(root,0,0,00:00:00/1-21:31:01,686) [xfs-cil/dm-2]
(root,0,0,00:00:00/1-21:31:01,687) [xfs-reclaim/dm-]
(root,0,0,00:00:00/1-21:31:01,688) [xfs-blockgc/dm-]
(root,0,0,00:00:00/1-21:31:01,691) [xfs-log/dm-2]
(root,0,0,00:00:07/1-21:31:01,692) [xfsaild/dm-2]
(rpc,67328,5212,00:00:00/1-21:30:33,713) /usr/bin/rpcbind -w -f
(root,0,0,00:00:00/1-21:30:32,716) [rpciod]
(root,0,0,00:00:00/1-21:30:32,717) [xprtiod]
(root,57392,2280,00:00:05/1-21:30:32,720) /sbin/auditd
(root,239864,3072,00:00:00/1-21:30:21,760) /usr/sbin/pure-authd -s /var/run/ftpd.sock -r /usr/local/cpanel/bin/pureauth
(root,50776,5904,00:00:00/1-21:30:20,762) /usr/sbin/smartd -n -q never
(root,125068,5468,00:00:07/1-21:30:19,764) /usr/sbin/irqbalance --foreground
(root,318812,19336,00:00:19/1-21:30:19,766) queueprocd - waiting up to 60s to process a task
(dbus,56636,5388,00:00:35/1-21:30:19,769) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
(root,79884,7612,00:00:15/1-21:30:19,770) /usr/lib/systemd/systemd-logind
(nscd,1030468,4156,00:00:17/1-21:30:17,778) /usr/sbin/nscd
(chrony,140188,4476,00:00:01/1-21:30:16,788) /usr/sbin/chronyd
(mailnull,106160,16344,00:00:03/1-21:29:52,882) /usr/sbin/exim -ps -bd -q15m -oP /var/spool/exim/exim-daemon.pid
(root,0,0,00:00:04/1-21:29:35,1038) [loop0]
(root,0,0,00:00:00/1-21:29:31,1130) [jbd2/loop0-8]
(root,0,0,00:00:00/1-21:29:31,1131) [ext4-rsv-conver]
(root,75028,7392,00:00:03/1-21:29:28,1225) /usr/sbin/sshd -D -oCiphers=aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes256-ctr,aes256-cbc,aes128-gcm@openssh.com,aes128-ctr,aes128-cbc -oMACs=hmac-sha2-256-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha1,umac-128@openssh.com,hmac-sha2-512 -oGSSAPIKexAlgorithms=gss-curve25519-sha256-,gss-nistp256-sha256-,gss-group14-sha256-,gss-group16-sha512-,gss-gex-sha1-,gss-group14-sha1- -oKexAlgorithms=curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1 -oHostKeyAlgorithms=ecdsa-sha2-nistp256,ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521,ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh-ed25519,ssh-ed25519-cert-v01@openssh.com,rsa-sha2-256,rsa-sha2-256-cert-v01@openssh.com,rsa-sha2-512,rsa-sha2-512-cert-v01@openssh.com,ssh-rsa,ssh-rsa-cert-v01@openssh.com -oPubkeyAcceptedKeyTypes=ecdsa-sha2-nistp256,ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521,ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh-ed25519,ssh-ed25519-cert-v01@openssh.com,rsa-sha2-256,rsa-sha2-256-cert-v01@openssh.com,rsa-sha2-512,rsa-sha2-512-cert-v01@openssh.com,ssh-rsa,ssh-rsa-cert-v01@openssh.com -oCASignatureAlgorithms=ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519,rsa-sha2-256,rsa-sha2-512,ssh-rsa
(root,44608,4720,00:00:02/1-21:29:28,1229) /usr/sbin/dovecot -F -c /etc/dovecot/dovecot.conf
(root,240472,5900,00:00:00/1-21:29:27,1231) pure-ftpd (SERVER)
(root,296324,24816,00:00:32/1-21:29:27,1238) /usr/sbin/rsyslogd -n
(root,362216,36412,00:01:39/1-21:29:23,1245) cpsrvd (SSL) - waiting for connections                    
(root,49208,3280,00:00:00/1-21:29:17,1251) /usr/sbin/xinetd -stayalive -pidfile /var/run/xinetd.pid
(root,314972,3596,00:00:00/1-21:29:00,1272) /usr/sbin/gssproxy -D
(root,0,0,00:00:00/1-21:28:59,1274) [ib-comp-wq]
(root,0,0,00:00:00/1-21:28:59,1275) [kworker/u9:0]
(root,0,0,00:00:00/1-21:28:59,1276) [ib-comp-unb-wq]
(root,0,0,00:00:00/1-21:28:59,1277) [ib_mcast]
(root,0,0,00:00:00/1-21:28:59,1278) [ib_nl_sa_wq]
(dovenull,27300,6740,00:00:00/1-21:28:59,1283) dovecot/pop3-login
(dovenull,27332,7052,00:00:00/1-21:28:59,1284) dovecot/imap-login
(dovecot,10472,1336,00:00:00/1-21:28:59,1285) dovecot/anvil
(root,10732,2892,00:00:01/1-21:28:59,1286) dovecot/log
(dovenull,27364,7256,00:00:00/1-21:28:59,1287) dovecot/pop3-login
(dovenull,27300,6804,00:00:00/1-21:28:59,1288) dovecot/imap-login
(root,16520,4972,00:00:02/1-21:28:57,1290) dovecot/config
(cpanelconnecttrack,23400,4728,00:06:47/1-21:28:54,1295) /usr/local/cpanel/3rdparty/sbin/p0f -i any -u cpanelconnecttrack -d -s /var/cpanel/userhomes/cpanelconnecttrack/p0f.socket less 400 and not dst port 80 and not dst port 443 and tcp[13] & 8==0
(dovecot,14232,3192,00:00:01/1-21:28:53,1304) dovecot/stats
(root,233820,3096,00:00:03/1-21:28:51,1320) /usr/sbin/crond -n
(root,24504,1448,00:00:00/1-21:28:49,1330) /usr/sbin/atd -f
(root,217772,940,00:00:00/1-21:28:42,1357) /sbin/agetty -o -p -- \u --noclear tty1 linux
(mysql,1920352,276080,00:05:15/1-21:28:11,1684) /usr/sbin/mariadbd
(root,296320,8868,00:00:07/1-21:28:10,1687) dnsadmin - dormant mode
(root,296612,9136,00:01:20/1-21:28:10,1688) cPhulkd - processor - dormant mode - accepting connections
(root,268092,5388,00:00:01/1-21:27:54,1811) cpanellogd - sleeping for logs
(named,852328,63644,00:00:22/1-21:27:38,1899) /usr/sbin/pdns_server --socket-dir=/run/pdns --guardian=no --daemon=no --disable-syslog --log-timestamp=no --write-pid=no
(root,336276,25100,00:00:19/1-21:18:51,3434) tailwatchd
(root,312864,12472,00:00:21/1-21:13:01,4361) cpdavd - accepting connections on: 2079, 2080, 2091, 2077, 2078 (dormant)
(root,457660,23176,00:00:17/1-21:12:35,4505) php-fpm: master process (/opt/cpanel/ea-php81/root/etc/php-fpm.conf)
(root,211268,11328,00:00:10/1-21:02:09,5948) /usr/sbin/httpd -k start
(root,13912,1816,00:00:00/1-21:02:09,5949) /usr/local/cpanel/bin/splitlogs --dir=/etc/apache2/logs/domlogs --main=moly1.molygoshop.com --suffix=-bytes_log
(root,13912,2080,00:00:00/1-21:02:09,5950) /usr/local/cpanel/bin/splitlogs --dir=/etc/apache2/logs/domlogs --main=moly1.molygoshop.com --mainout=/etc/apache2/logs/access_log
(root,82160,16152,00:00:00/1-21:02:09,5951) /usr/local/cpanel/3rdparty/bin/perl /usr/local/cpanel/bin/leechprotect
(root,0,0,00:00:00/09:00:14,328317) [dio/dm-0]
(root,334912,33404,00:00:33/08:53:55,329301) lfd - sleeping
(nobody,212908,11992,00:00:01/08:06:23,337071) /usr/sbin/httpd -k start
(root,0,0,00:00:00/04:47:20,364993) [kworker/u8:2-flush-7:0]
(root,410236,12368,00:00:00/03:05:08,379586) php-fpm: master process (/usr/local/cpanel/etc/php-fpm.conf)
(root,565512,42808,00:00:00/03:05:07,379617) sw-engine-fpm: master process (/etc/sw-engine/sw-engine-fpm.conf)
(wp-toolkit,524804,67092,00:00:05/03:05:01,379691) /usr/bin/sw-engine /usr/local/cpanel/3rdparty/wp-toolkit/bin/run-script background-tasks-executor.php
(wp-toolkit,508148,50016,00:00:00/03:05:01,379695) /usr/bin/sw-engine /usr/local/cpanel/3rdparty/wp-toolkit/bin/run-script scheduled-tasks-executor.php
(root,301536,155416,00:00:11/03:03:05,380825) /usr/local/cpanel/3rdparty/perl/536/bin/perl -T -w /usr/local/cpanel/3rdparty/bin/spamd --allowed-ips=127.0.0.1,::1 --max-children=5 --pidfile=/var/run/spamd.pid --listen=5 --listen=6
(root,302816,147836,00:00:03/02:48:16,382964) spamd child
(root,301536,146108,00:00:00/02:48:16,382965) spamd child
(nobody,213212,12020,00:00:00/02:33:33,384814) /usr/sbin/httpd -k start
(nobody,212900,11964,00:00:00/02:33:32,384817) /usr/sbin/httpd -k start
(nobody,212844,11792,00:00:00/02:33:32,384819) /usr/sbin/httpd -k start
(nobody,213064,12124,00:00:00/02:32:50,385088) /usr/sbin/httpd -k start
(root,0,0,00:00:00/02:11:52,387801) [kworker/u8:1-events_unbound]
(nobody,213036,11844,00:00:00/01:54:06,390153) /usr/sbin/httpd -k start
(nobody,212892,11664,00:00:00/01:52:49,390458) /usr/sbin/httpd -k start
(nobody,212828,11544,00:00:00/01:40:29,392160) /usr/sbin/httpd -k start
(root,0,0,00:00:00/01:02:21,397432) [kworker/1:0-cgroup_pidlist_destroy]
(nobody,212892,11336,00:00:00/54:01,398437) /usr/sbin/httpd -k start
(nobody,213076,11696,00:00:00/49:37,399160) /usr/sbin/httpd -k start
(root,0,0,00:00:00/28:42,401929) [kworker/2:2-cgroup_pidlist_destroy]
(root,0,0,00:00:00/22:22,402956) [kworker/2:0-cgroup_pidlist_destroy]
(root,0,0,00:00:00/20:06,403170) [kworker/0:2-cgroup_pidlist_destroy]
(root,0,0,00:00:00/15:22,403840) [kworker/1:3-events]
(root,0,0,00:00:00/13:22,404087) [kworker/0:1-events]
(root,0,0,00:00:00/12:56,404123) [kworker/2:3-cgroup_destroy]
(root,0,0,00:00:00/12:46,404137) [kworker/3:1-cgroup_pidlist_destroy]
(root,0,0,00:00:00/12:46,404138) [kworker/3:2-events]
(root,0,0,00:00:00/11:32,404402) [kworker/u8:3-events_unbound]
(root,0,0,00:00:00/09:22,404668) [kworker/1:2-kdmflush/253:2]
(root,0,0,00:00:00/07:22,404900) [kworker/3:3-cgroup_destroy]
(root,0,0,00:00:00/05:30,405168) [kworker/0:0-cgroup_pidlist_destroy]
(root,0,0,00:00:00/03:42,405410) [kworker/2:1-events]
(dovecot,37216,4024,00:00:00/02:04,405599) dovecot/auth
(root,0,0,00:00:00/01:22,405682) [kworker/0:3-events]
(moly24,630356,115472,00:00:02/00:09,405783) php-fpm: pool molygoshop_com
(moly24,535100,93356,00:00:01/00:07,405785) php-fpm: pool molygoshop_com
(root,86100,15440,00:00:00/00:06,405801) /usr/sbin/exim -Mc 1tIdeJ-00000001hZ6-0dgp
(root,86104,15488,00:00:00/00:06,405807) /usr/sbin/exim -Mc 1tIdeJ-00000001hZC-1GVd
(mailnull,86312,11688,00:00:00/00:06,405809) /usr/sbin/exim -Mc 1tIdeJ-00000001hZ6-0dgp
(mailnull,86316,11592,00:00:00/00:06,405818) /usr/sbin/exim -Mc 1tIdeJ-00000001hZC-1GVd
(root,43956,8096,00:00:00/00:05,405866) dovecot/lmtp
(root,37088,4040,00:00:00/00:05,405876) dovecot/auth -w
(root,0,0,00:00:00/00:04,405911) [dnsadmin - dorm] <defunct>
(root,0,0,00:00:00/00:04,405918) [whostmgrd - ser] <defunct>
(cpanelphpmyadmin,410204,14464,00:00:00/00:03,405938) php-fpm: pool cpanelphpmyadmin
(root,222732,3188,00:00:00/00:00,406073) /bin/bash /usr/bin/check_mk_agent
(root,42868,2196,00:00:00/00:00,406089) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000
(root,17756,1276,00:00:00/00:00,406090) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) /

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: ens18: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP mode DEFAULT group default qlen 1000
    link/ether 86:26:7e:9b:5a:f9 brd ff:ff:ff:ff:ff:ff
    altname enp0s18
3: ens19: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP mode DEFAULT group default qlen 1000
    link/ether 46:26:9b:9b:f9:21 brd ff:ff:ff:ff:ff:ff
    altname enp0s19
[end_iplink]
      Found on 2024-12-04 00:53

    • Severity: high
      Fingerprint: 03cb82e6f6a6b45342c4bbcb4b4d50b5e9848d861f366845ea9ad328d757cfad

      Found public CheckMk agent:
Version: 1.4.0p30
AgentOS: linux
Hostname: moly1.molygoshop.com
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local

Found process list through CheckMk:
(root,239260,11832,01:22:57/22-11:46:50,1) /usr/lib/systemd/systemd --switched-root --system --deserialize 18
(root,0,0,00:00:02/22-11:46:50,2) [kthreadd]
(root,0,0,00:00:00/22-11:46:50,3) [rcu_gp]
(root,0,0,00:00:00/22-11:46:50,4) [rcu_par_gp]
(root,0,0,00:00:00/22-11:46:50,5) [slub_flushwq]
(root,0,0,00:00:00/22-11:46:50,9) [mm_percpu_wq]
(root,0,0,00:00:00/22-11:46:50,10) [rcu_tasks_rude_]
(root,0,0,00:00:00/22-11:46:50,11) [rcu_tasks_trace]
(root,0,0,00:01:17/22-11:46:50,12) [ksoftirqd/0]
(root,0,0,00:28:19/22-11:46:50,13) [rcu_sched]
(root,0,0,00:00:09/22-11:46:50,14) [migration/0]
(root,0,0,00:00:21/22-11:46:50,15) [watchdog/0]
(root,0,0,00:00:00/22-11:46:50,16) [cpuhp/0]
(root,0,0,00:00:00/22-11:46:50,17) [cpuhp/1]
(root,0,0,00:00:47/22-11:46:50,18) [watchdog/1]
(root,0,0,00:00:08/22-11:46:50,19) [migration/1]
(root,0,0,00:01:04/22-11:46:50,20) [ksoftirqd/1]
(root,0,0,00:00:00/22-11:46:50,22) [kworker/1:0H-events_highpri]
(root,0,0,00:00:00/22-11:46:50,23) [cpuhp/2]
(root,0,0,00:00:25/22-11:46:50,24) [watchdog/2]
(root,0,0,00:00:10/22-11:46:50,25) [migration/2]
(root,0,0,00:01:31/22-11:46:50,26) [ksoftirqd/2]
(root,0,0,00:00:00/22-11:46:50,29) [cpuhp/3]
(root,0,0,00:00:54/22-11:46:50,30) [watchdog/3]
(root,0,0,00:00:09/22-11:46:50,31) [migration/3]
(root,0,0,00:00:52/22-11:46:50,32) [ksoftirqd/3]
(root,0,0,00:00:00/22-11:46:50,34) [kworker/3:0H-events_highpri]
(root,0,0,00:00:00/22-11:46:50,39) [kdevtmpfs]
(root,0,0,00:00:00/22-11:46:50,40) [netns]
(root,0,0,00:00:12/22-11:46:50,41) [kauditd]
(root,0,0,00:00:08/22-11:46:50,43) [khungtaskd]
(root,0,0,00:00:00/22-11:46:50,44) [oom_reaper]
(root,0,0,00:00:00/22-11:46:50,45) [writeback]
(root,0,0,00:00:01/22-11:46:50,46) [kcompactd0]
(root,0,0,00:00:00/22-11:46:50,47) [ksmd]
(root,0,0,00:06:19/22-11:46:50,48) [khugepaged]
(root,0,0,00:00:00/22-11:46:50,49) [crypto]
(root,0,0,00:00:00/22-11:46:50,50) [kintegrityd]
(root,0,0,00:00:00/22-11:46:50,51) [kblockd]
(root,0,0,00:00:00/22-11:46:50,52) [blkcg_punt_bio]
(root,0,0,00:00:00/22-11:46:50,54) [tpm_dev_wq]
(root,0,0,00:00:00/22-11:46:50,55) [md]
(root,0,0,00:00:00/22-11:46:50,56) [md_bitmap]
(root,0,0,00:00:00/22-11:46:50,57) [edac-poller]
(root,0,0,00:00:00/22-11:46:50,58) [watchdogd]
(root,0,0,00:08:32/22-11:46:50,61) [kworker/2:1H-kblockd]
(root,0,0,00:00:07/22-11:46:49,64) [kswapd0]
(root,0,0,00:00:00/22-11:46:49,125) [kthrotld]
(root,0,0,00:00:00/22-11:46:49,126) [acpi_thermal_pm]
(root,0,0,00:00:00/22-11:46:49,127) [kmpath_rdacd]
(root,0,0,00:00:00/22-11:46:49,128) [kaluad]
(root,0,0,00:00:00/22-11:46:49,129) [ipv6_addrconf]
(root,0,0,00:00:00/22-11:46:49,130) [kstrp]
(root,0,0,00:00:00/22-11:46:49,131) [zswap-shrink]
(root,0,0,00:08:24/22-11:46:49,146) [kworker/3:1H-kblockd]
(root,0,0,00:18:26/22-11:46:49,175) [kworker/0:1H-kblockd]
(root,0,0,00:11:43/22-11:46:49,176) [kworker/1:1H-kblockd]
(root,0,0,00:00:00/22-11:46:47,353) [ata_sff]
(root,0,0,00:00:16/22-11:46:47,354) [scsi_eh_0]
(root,0,0,00:00:00/22-11:46:47,355) [scsi_tmf_0]
(root,0,0,00:00:00/22-11:46:47,356) [scsi_eh_1]
(root,0,0,00:00:00/22-11:46:47,357) [scsi_tmf_1]
(root,0,0,00:00:00/22-11:46:47,363) [ttm]
(root,0,0,00:00:00/22-11:46:46,434) [kdmflush/253:0]
(root,0,0,00:00:00/22-11:46:46,443) [kdmflush/253:1]
(root,0,0,00:00:00/22-11:46:45,471) [xfsalloc]
(root,0,0,00:00:00/22-11:46:45,473) [xfs_mru_cache]
(root,0,0,00:00:00/22-11:46:45,474) [xfs-buf/dm-0]
(root,0,0,00:00:00/22-11:46:45,475) [xfs-conv/dm-0]
(root,0,0,00:00:00/22-11:46:45,476) [xfs-cil/dm-0]
(root,0,0,00:00:00/22-11:46:45,477) [xfs-reclaim/dm-]
(root,0,0,00:00:00/22-11:46:45,478) [xfs-blockgc/dm-]
(root,0,0,00:00:00/22-11:46:45,479) [xfs-log/dm-0]
(root,0,0,00:09:08/22-11:46:45,480) [xfsaild/dm-0]
(root,164192,64252,00:18:15/22-11:46:09,575) /usr/lib/systemd/systemd-journald
(root,0,0,00:00:00/22-11:46:06,616) [xfs-buf/sda1]
(root,0,0,00:00:00/22-11:46:06,617) [xfs-conv/sda1]
(root,0,0,00:00:00/22-11:46:06,618) [xfs-cil/sda1]
(root,0,0,00:00:00/22-11:46:06,619) [xfs-reclaim/sda]
(root,0,0,00:00:00/22-11:46:06,620) [xfs-blockgc/sda]
(root,0,0,00:00:00/22-11:46:06,621) [xfs-log/sda1]
(root,0,0,00:00:00/22-11:46:06,622) [xfsaild/sda1]
(root,97516,8872,01:20:19/22-11:46:05,624) /usr/lib/systemd/systemd-udevd
(root,0,0,00:00:00/22-11:46:01,680) [kdmflush/253:2]
(root,0,0,00:00:00/22-11:46:01,688) [xfs-buf/dm-2]
(root,0,0,00:00:00/22-11:46:01,689) [xfs-conv/dm-2]
(root,0,0,00:00:00/22-11:46:01,690) [xfs-cil/dm-2]
(root,0,0,00:00:00/22-11:46:01,691) [xfs-reclaim/dm-]
(root,0,0,00:00:00/22-11:46:01,692) [xfs-blockgc/dm-]
(root,0,0,00:00:00/22-11:46:01,693) [xfs-log/dm-2]
(root,0,0,00:01:36/22-11:46:01,694) [xfsaild/dm-2]
(rpc,67428,5408,00:00:09/22-11:45:44,718) /usr/bin/rpcbind -w -f
(root,0,0,00:00:00/22-11:45:44,720) [rpciod]
(root,0,0,00:00:00/22-11:45:44,721) [xprtiod]
(root,57392,2232,00:01:31/22-11:45:44,724) /sbin/auditd
(dbus,56632,5288,00:09:31/22-11:45:40,772) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
(root,125068,5364,00:02:12/22-11:45:40,775) /usr/sbin/irqbalance --foreground
(root,50776,5960,00:00:03/22-11:45:40,777) /usr/sbin/smartd -n -q never
(root,80252,7996,00:04:36/22-11:45:39,785) /usr/lib/systemd/systemd-logind
(chrony,140188,4268,00:00:25/22-11:45:36,801) /usr/sbin/chronyd
(root,0,0,00:00:54/22-11:45:16,1136) [loop0]
(root,0,0,00:00:17/22-11:45:15,1142) [jbd2/loop0-8]
(root,0,0,00:00:00/22-11:45:15,1143) [ext4-rsv-conver]
(named,1244672,62748,00:06:17/22-11:45:06,1724) /usr/sbin/pdns_server --socket-dir=/run/pdns --guardian=no --daemon=no --disable-syslog --log-timestamp=no --write-pid=no
(root,503572,20160,00:18:19/22-11:45:06,1726) /usr/sbin/rsyslogd -n
(root,297252,10296,00:34:29/22-11:45:06,1729) cpsrvd (SSL) - dormant mode - accepting connections
(root,49208,3240,00:00:00/22-11:45:04,1756) /usr/sbin/xinetd -stayalive -pidfile /var/run/xinetd.pid
(root,314972,3620,00:00:04/22-11:44:59,1774) /usr/sbin/gssproxy -D
(root,217772,592,00:00:00/22-11:44:53,1878) /sbin/agetty -o -p -- \u --noclear tty1 linux
(mysql,1920852,413808,01:34:45/22-11:44:53,1910) /usr/sbin/mariadbd
(root,0,0,00:00:00/22-11:44:52,1928) [ib-comp-wq]
(root,0,0,00:00:00/22-11:44:52,1929) [kworker/u9:0]
(root,0,0,00:00:00/22-11:44:52,1931) [ib-comp-unb-wq]
(root,0,0,00:00:00/22-11:44:52,1932) [ib_mcast]
(root,0,0,00:00:00/22-11:44:52,1933) [ib_nl_sa_wq]
(root,336304,26228,00:07:08/22-11:44:43,2177) tailwatchd
(root,296612,9612,00:21:26/22-11:44:43,2178) cPhulkd - processor - dormant mode - accepting connections
(root,312864,13160,00:06:54/22-11:44:43,2179) cpdavd - accepting connections on: 2079, 2080, 2091, 2077, 2078 (dormant)
(root,296320,9728,00:02:16/22-11:44:43,2182) dnsadmin - dormant mode
(root,334952,33192,00:01:54/09:36:14,25995) lfd - sleeping
(rpcuser,43628,2588,00:00:00/22-08:57:52,31027) /usr/sbin/rpc.statd
(root,0,0,00:00:00/22-08:41:51,34212) [nfsiod]
(root,0,0,00:00:00/22-08:41:51,34222) [lockd]
(root,44608,4264,00:00:55/22-06:32:16,53842) /usr/sbin/dovecot -F -c /etc/dovecot/dovecot.conf
(dovenull,27832,7296,00:00:14/22-06:32:16,53843) dovecot/pop3-login
(dovenull,27832,6992,00:00:13/22-06:32:16,53844) dovecot/imap-login
(dovecot,10472,132,00:00:08/22-06:32:16,53845) dovecot/anvil
(root,10732,1792,00:00:20/22-06:32:16,53846) dovecot/log
(dovenull,27780,6132,00:00:17/22-06:32:16,53847) dovecot/pop3-login
(dovenull,28244,7428,00:00:21/22-06:32:16,53848) dovecot/imap-login
(root,16520,3620,00:00:40/22-06:32:16,53850) dovecot/config
(dovecot,14232,2008,00:00:24/22-06:32:16,53851) dovecot/stats
(root,0,0,00:00:00/21-23:36:13,114434) [dio/dm-0]
(root,233788,3516,00:00:00/03:49:41,115502) /usr/sbin/crond -n
(wp-toolkit,524708,66728,00:00:12/03:49:39,116009) /usr/bin/sw-engine /usr/local/cpanel/3rdparty/wp-toolkit/bin/run-script background-tasks-executor.php
(root,565512,42548,00:00:00/03:49:38,116152) sw-engine-fpm: master process (/etc/sw-engine/sw-engine-fpm.conf)
(root,240472,5968,00:00:00/03:49:38,116290) pure-ftpd (SERVER)
(root,239864,3504,00:00:00/03:49:38,116291) /usr/sbin/pure-authd -s /var/run/ftpd.sock -r /usr/local/cpanel/bin/pureauth
(root,75028,7444,00:00:00/03:49:37,116564) /usr/sbin/sshd -D -oCiphers=aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes256-ctr,aes256-cbc,aes128-gcm@openssh.com,aes128-ctr,aes128-cbc -oMACs=hmac-sha2-256-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha1,umac-128@openssh.com,hmac-sha2-512 -oGSSAPIKexAlgorithms=gss-curve25519-sha256-,gss-nistp256-sha256-,gss-group14-sha256-,gss-group16-sha512-,gss-gex-sha1-,gss-group14-sha1- -oKexAlgorithms=curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1 -oHostKeyAlgorithms=ecdsa-sha2-nistp256,ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521,ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh-ed25519,ssh-ed25519-cert-v01@openssh.com,rsa-sha2-256,rsa-sha2-256-cert-v01@openssh.com,rsa-sha2-512,rsa-sha2-512-cert-v01@openssh.com,ssh-rsa,ssh-rsa-cert-v01@openssh.com -oPubkeyAcceptedKeyTypes=ecdsa-sha2-nistp256,ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521,ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh-ed25519,ssh-ed25519-cert-v01@openssh.com,rsa-sha2-256,rsa-sha2-256-cert-v01@openssh.com,rsa-sha2-512,rsa-sha2-512-cert-v01@openssh.com,ssh-rsa,ssh-rsa-cert-v01@openssh.com -oCASignatureAlgorithms=ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519,rsa-sha2-256,rsa-sha2-512,ssh-rsa
(wp-toolkit,508148,50092,00:00:01/03:49:37,116835) /usr/bin/sw-engine /usr/local/cpanel/3rdparty/wp-toolkit/bin/run-script scheduled-tasks-executor.php
(root,89800,9660,00:00:00/03:49:36,117048) /usr/lib/systemd/systemd --user
(root,285700,3736,00:00:00/03:49:36,117063) (sd-pam)
(root,24504,1444,00:00:00/03:49:35,117393) /usr/sbin/atd -f
(root,457660,23020,00:00:02/03:49:35,117672) php-fpm: master process (/opt/cpanel/ea-php81/root/etc/php-fpm.conf)
(mailnull,88332,14472,00:00:01/03:49:34,118091) /usr/sbin/exim -ps -bd -q15m -oP /var/spool/exim/exim-daemon.pid
(root,410236,12432,00:00:01/03:49:33,118350) php-fpm: master process (/usr/local/cpanel/etc/php-fpm.conf)
(root,301488,154988,00:00:17/03:47:32,144305) /usr/local/cpanel/3rdparty/perl/536/bin/perl -T -w /usr/local/cpanel/3rdparty/bin/spamd --allowed-ips=127.0.0.1,::1 --max-children=5 --pidfile=/var/run/spamd.pid --listen=5 --listen=6
(root,302760,147716,00:00:05/03:34:23,147362) spamd child
(root,301488,146104,00:00:00/03:34:23,147363) spamd child
(nobody,212856,11492,00:00:00/01:58:55,169634) /usr/sbin/httpd -k start
(nobody,212932,11528,00:00:00/01:55:55,170257) /usr/sbin/httpd -k start
(nobody,213328,11744,00:00:00/01:45:31,172603) /usr/sbin/httpd -k start
(root,0,0,00:00:00/01:26:29,177149) [kworker/u8:0-xprtiod]
(nobody,212920,11412,00:00:00/01:26:03,177220) /usr/sbin/httpd -k start
(root,0,0,00:00:00/01:22:30,178111) [kworker/2:1-events]
(root,0,0,00:00:00/57:22,183903) [kworker/u8:2-xprtiod]
(nobody,212916,11052,00:00:00/31:13,190130) /usr/sbin/httpd -k start
(root,0,0,00:00:00/26:02,191391) [kworker/0:3-events]
(nobody,212720,10716,00:00:00/24:24,191656) /usr/sbin/httpd -k start
(nobody,213116,10864,00:00:00/24:23,191661) /usr/sbin/httpd -k start
(nobody,212840,11052,00:00:00/24:15,191688) /usr/sbin/httpd -k start
(nobody,212912,10688,00:00:00/24:10,191699) /usr/sbin/httpd -k start
(nobody,212824,11280,00:00:00/24:08,191700) /usr/sbin/httpd -k start
(root,0,0,00:00:00/22:02,192340) [kworker/3:3-events]
(root,0,0,00:00:00/21:02,192554) [kworker/1:2-cgroup_destroy]
(root,0,0,00:00:00/14:02,194097) [kworker/0:1-events]
(root,0,0,00:00:00/13:36,194225) [kworker/u8:1-xprtiod]
(root,0,0,00:00:00/09:52,195074) [kworker/1:1-events]
(root,0,0,00:00:00/07:02,195763) [kworker/2:2-cgroup_pidlist_destroy]
(root,0,0,00:00:00/06:02,195965) [kworker/3:2-cgroup_destroy]
(root,0,0,00:00:00/03:01,196713) [kworker/1:0-events]
(root,0,0,00:00:00/02:44,196739) [kworker/u8:3-xprtiod]
(root,0,0,00:00:00/01:16,197031) [kworker/2:0-events]
(root,222732,3316,00:00:00/00:00,197458) /bin/bash /usr/bin/check_mk_agent
(root,42868,2280,00:00:00/00:00,197476) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000
(root,17756,1280,00:00:00/00:00,197477) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) /
(root,347080,32888,00:00:00/21-07:36:27,252093) /usr/local/cpanel/3rdparty/bin/perl /usr/local/cpanel/bin/backup
(root,4444,1656,00:01:53/21-07:35:36,252371) /usr/local/cpanel/bin/cpuwatch 3.5000 --report-fd 8 /usr/local/cpanel/bin/pkgacct moly24 /backup/2024-11-11/accounts backup
(root,377004,36788,14-02:39:40/21-07:35:36,252372) pkgacct - moly24 - av: 4
(root,211396,13084,00:01:31/10-03:50:06,883423) /usr/sbin/httpd -k start
(root,319164,18684,00:01:24/5-03:43:24,2652548) queueprocd - waiting up to 60s to process a task
(root,13912,1848,00:00:03/5-03:39:12,2653786) /usr/local/cpanel/bin/splitlogs --dir=/etc/apache2/logs/domlogs --main=moly1.molygoshop.com --suffix=-bytes_log
(root,14040,3540,00:00:04/5-03:39:12,2653788) /usr/local/cpanel/bin/splitlogs --dir=/etc/apache2/logs/domlogs --main=moly1.molygoshop.com --mainout=/etc/apache2/logs/access_log
(root,82160,15884,00:00:00/5-03:39:12,2653790) /usr/local/cpanel/3rdparty/bin/perl /usr/local/cpanel/bin/leechprotect
(nscd,1030468,4020,00:01:18/5-03:39:05,2654025) /usr/sbin/nscd
(root,268092,4888,00:00:06/5-03:38:57,2654232) cpanellogd - sleeping for logs
(cpanelconnecttrack,23476,4560,00:23:46/5-03:38:57,2654247) /usr/local/cpanel/3rdparty/sbin/p0f -i any -u cpanelconnecttrack -d -s /var/cpanel/userhomes/cpanelconnecttrack/p0f.socket less 400 and not dst port 80 and not dst port 443 and tcp[13] & 8==0
(root,0,0,00:00:00/2-16:50:31,3461420) [kworker/2:2H-kblockd]
(root,0,0,00:00:00/13-11:24:48,3815931) [kworker/0:2H-kblockd]

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: ens18: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP mode DEFAULT group default qlen 1000
    link/ether 86:26:7e:9b:5a:f9 brd ff:ff:ff:ff:ff:ff
    altname enp0s18
3: ens19: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP mode DEFAULT group default qlen 1000
    link/ether 46:26:9b:9b:f9:21 brd ff:ff:ff:ff:ff:ff
    altname enp0s19
[end_iplink]
      Found on 2024-12-02 01:36

    • Severity: high
      Fingerprint: 03cb82e6f6a6b45342c4bbcb4b4d50b5e9848d861f366845ea9ad3285220101e

      Found public CheckMk agent:
Version: 1.4.0p30
AgentOS: linux
Hostname: moly1.molygoshop.com
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local

Found process list through CheckMk:
(root,239252,11816,01:14:58/20-11:10:07,1) /usr/lib/systemd/systemd --switched-root --system --deserialize 18
(root,0,0,00:00:02/20-11:10:07,2) [kthreadd]
(root,0,0,00:00:00/20-11:10:07,3) [rcu_gp]
(root,0,0,00:00:00/20-11:10:07,4) [rcu_par_gp]
(root,0,0,00:00:00/20-11:10:07,5) [slub_flushwq]
(root,0,0,00:00:00/20-11:10:07,9) [mm_percpu_wq]
(root,0,0,00:00:00/20-11:10:07,10) [rcu_tasks_rude_]
(root,0,0,00:00:00/20-11:10:07,11) [rcu_tasks_trace]
(root,0,0,00:01:08/20-11:10:07,12) [ksoftirqd/0]
(root,0,0,00:26:04/20-11:10:07,13) [rcu_sched]
(root,0,0,00:00:08/20-11:10:07,14) [migration/0]
(root,0,0,00:00:18/20-11:10:07,15) [watchdog/0]
(root,0,0,00:00:00/20-11:10:07,16) [cpuhp/0]
(root,0,0,00:00:00/20-11:10:07,17) [cpuhp/1]
(root,0,0,00:00:42/20-11:10:07,18) [watchdog/1]
(root,0,0,00:00:07/20-11:10:07,19) [migration/1]
(root,0,0,00:00:56/20-11:10:07,20) [ksoftirqd/1]
(root,0,0,00:00:00/20-11:10:07,22) [kworker/1:0H-events_highpri]
(root,0,0,00:00:00/20-11:10:07,23) [cpuhp/2]
(root,0,0,00:00:23/20-11:10:07,24) [watchdog/2]
(root,0,0,00:00:09/20-11:10:07,25) [migration/2]
(root,0,0,00:01:21/20-11:10:07,26) [ksoftirqd/2]
(root,0,0,00:00:00/20-11:10:07,29) [cpuhp/3]
(root,0,0,00:00:48/20-11:10:07,30) [watchdog/3]
(root,0,0,00:00:08/20-11:10:07,31) [migration/3]
(root,0,0,00:00:45/20-11:10:07,32) [ksoftirqd/3]
(root,0,0,00:00:00/20-11:10:07,34) [kworker/3:0H-events_highpri]
(root,0,0,00:00:00/20-11:10:07,39) [kdevtmpfs]
(root,0,0,00:00:00/20-11:10:07,40) [netns]
(root,0,0,00:00:11/20-11:10:07,41) [kauditd]
(root,0,0,00:00:07/20-11:10:07,43) [khungtaskd]
(root,0,0,00:00:00/20-11:10:07,44) [oom_reaper]
(root,0,0,00:00:00/20-11:10:07,45) [writeback]
(root,0,0,00:00:01/20-11:10:07,46) [kcompactd0]
(root,0,0,00:00:00/20-11:10:07,47) [ksmd]
(root,0,0,00:05:42/20-11:10:07,48) [khugepaged]
(root,0,0,00:00:00/20-11:10:07,49) [crypto]
(root,0,0,00:00:00/20-11:10:07,50) [kintegrityd]
(root,0,0,00:00:00/20-11:10:07,51) [kblockd]
(root,0,0,00:00:00/20-11:10:07,52) [blkcg_punt_bio]
(root,0,0,00:00:00/20-11:10:07,54) [tpm_dev_wq]
(root,0,0,00:00:00/20-11:10:07,55) [md]
(root,0,0,00:00:00/20-11:10:07,56) [md_bitmap]
(root,0,0,00:00:00/20-11:10:07,57) [edac-poller]
(root,0,0,00:00:00/20-11:10:07,58) [watchdogd]
(root,0,0,00:07:37/20-11:10:07,61) [kworker/2:1H-kblockd]
(root,0,0,00:00:04/20-11:10:06,64) [kswapd0]
(root,0,0,00:00:00/20-11:10:06,125) [kthrotld]
(root,0,0,00:00:00/20-11:10:06,126) [acpi_thermal_pm]
(root,0,0,00:00:00/20-11:10:06,127) [kmpath_rdacd]
(root,0,0,00:00:00/20-11:10:06,128) [kaluad]
(root,0,0,00:00:00/20-11:10:06,129) [ipv6_addrconf]
(root,0,0,00:00:00/20-11:10:06,130) [kstrp]
(root,0,0,00:00:00/20-11:10:06,131) [zswap-shrink]
(root,0,0,00:07:34/20-11:10:06,146) [kworker/3:1H-kblockd]
(root,0,0,00:16:39/20-11:10:06,175) [kworker/0:1H-kblockd]
(root,0,0,00:10:32/20-11:10:06,176) [kworker/1:1H-kblockd]
(root,0,0,00:00:00/20-11:10:04,353) [ata_sff]
(root,0,0,00:00:16/20-11:10:04,354) [scsi_eh_0]
(root,0,0,00:00:00/20-11:10:04,355) [scsi_tmf_0]
(root,0,0,00:00:00/20-11:10:04,356) [scsi_eh_1]
(root,0,0,00:00:00/20-11:10:04,357) [scsi_tmf_1]
(root,0,0,00:00:00/20-11:10:04,363) [ttm]
(root,0,0,00:00:00/20-11:10:03,434) [kdmflush/253:0]
(root,0,0,00:00:00/20-11:10:03,443) [kdmflush/253:1]
(root,0,0,00:00:00/20-11:10:02,471) [xfsalloc]
(root,0,0,00:00:00/20-11:10:02,473) [xfs_mru_cache]
(root,0,0,00:00:00/20-11:10:02,474) [xfs-buf/dm-0]
(root,0,0,00:00:00/20-11:10:02,475) [xfs-conv/dm-0]
(root,0,0,00:00:00/20-11:10:02,476) [xfs-cil/dm-0]
(root,0,0,00:00:00/20-11:10:02,477) [xfs-reclaim/dm-]
(root,0,0,00:00:00/20-11:10:02,478) [xfs-blockgc/dm-]
(root,0,0,00:00:00/20-11:10:02,479) [xfs-log/dm-0]
(root,0,0,00:08:22/20-11:10:02,480) [xfsaild/dm-0]
(root,114244,19492,00:16:40/20-11:09:26,575) /usr/lib/systemd/systemd-journald
(root,0,0,00:00:00/20-11:09:23,616) [xfs-buf/sda1]
(root,0,0,00:00:00/20-11:09:23,617) [xfs-conv/sda1]
(root,0,0,00:00:00/20-11:09:23,618) [xfs-cil/sda1]
(root,0,0,00:00:00/20-11:09:23,619) [xfs-reclaim/sda]
(root,0,0,00:00:00/20-11:09:23,620) [xfs-blockgc/sda]
(root,0,0,00:00:00/20-11:09:23,621) [xfs-log/sda1]
(root,0,0,00:00:00/20-11:09:23,622) [xfsaild/sda1]
(root,97516,8872,01:15:30/20-11:09:22,624) /usr/lib/systemd/systemd-udevd
(root,0,0,00:00:00/20-11:09:18,680) [kdmflush/253:2]
(root,0,0,00:00:00/20-11:09:18,688) [xfs-buf/dm-2]
(root,0,0,00:00:00/20-11:09:18,689) [xfs-conv/dm-2]
(root,0,0,00:00:00/20-11:09:18,690) [xfs-cil/dm-2]
(root,0,0,00:00:00/20-11:09:18,691) [xfs-reclaim/dm-]
(root,0,0,00:00:00/20-11:09:18,692) [xfs-blockgc/dm-]
(root,0,0,00:00:00/20-11:09:18,693) [xfs-log/dm-2]
(root,0,0,00:01:27/20-11:09:18,694) [xfsaild/dm-2]
(rpc,67428,5408,00:00:08/20-11:09:01,718) /usr/bin/rpcbind -w -f
(root,0,0,00:00:00/20-11:09:01,720) [rpciod]
(root,0,0,00:00:00/20-11:09:01,721) [xprtiod]
(root,57392,2232,00:01:22/20-11:09:01,724) /sbin/auditd
(dbus,56632,5288,00:08:39/20-11:08:57,772) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
(root,125068,5364,00:01:59/20-11:08:57,775) /usr/sbin/irqbalance --foreground
(root,50776,5960,00:00:03/20-11:08:57,777) /usr/sbin/smartd -n -q never
(root,80252,7996,00:04:11/20-11:08:56,785) /usr/lib/systemd/systemd-logind
(chrony,140188,4268,00:00:23/20-11:08:53,801) /usr/sbin/chronyd
(root,0,0,00:00:49/20-11:08:33,1136) [loop0]
(root,0,0,00:00:15/20-11:08:32,1142) [jbd2/loop0-8]
(root,0,0,00:00:00/20-11:08:32,1143) [ext4-rsv-conver]
(named,1244672,65408,00:05:41/20-11:08:23,1724) /usr/sbin/pdns_server --socket-dir=/run/pdns --guardian=no --daemon=no --disable-syslog --log-timestamp=no --write-pid=no
(root,479936,14444,00:16:40/20-11:08:23,1726) /usr/sbin/rsyslogd -n
(root,297252,10364,00:31:20/20-11:08:23,1729) cpsrvd (SSL) - dormant mode - accepting connections
(root,75028,7312,00:01:09/20-11:08:21,1741) /usr/sbin/sshd -D -oCiphers=aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes256-ctr,aes256-cbc,aes128-gcm@openssh.com,aes128-ctr,aes128-cbc -oMACs=hmac-sha2-256-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha1,umac-128@openssh.com,hmac-sha2-512 -oGSSAPIKexAlgorithms=gss-curve25519-sha256-,gss-nistp256-sha256-,gss-group14-sha256-,gss-group16-sha512-,gss-gex-sha1-,gss-group14-sha1- -oKexAlgorithms=curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1 -oHostKeyAlgorithms=ecdsa-sha2-nistp256,ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521,ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh-ed25519,ssh-ed25519-cert-v01@openssh.com,rsa-sha2-256,rsa-sha2-256-cert-v01@openssh.com,rsa-sha2-512,rsa-sha2-512-cert-v01@openssh.com,ssh-rsa,ssh-rsa-cert-v01@openssh.com -oPubkeyAcceptedKeyTypes=ecdsa-sha2-nistp256,ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521,ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh-ed25519,ssh-ed25519-cert-v01@openssh.com,rsa-sha2-256,rsa-sha2-256-cert-v01@openssh.com,rsa-sha2-512,rsa-sha2-512-cert-v01@openssh.com,ssh-rsa,ssh-rsa-cert-v01@openssh.com -oCASignatureAlgorithms=ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519,rsa-sha2-256,rsa-sha2-512,ssh-rsa
(root,49208,3240,00:00:00/20-11:08:21,1756) /usr/sbin/xinetd -stayalive -pidfile /var/run/xinetd.pid
(root,314972,3620,00:00:04/20-11:08:16,1774) /usr/sbin/gssproxy -D
(root,233820,3108,00:00:52/20-11:08:12,1844) /usr/sbin/crond -n
(root,24504,1352,00:00:00/20-11:08:12,1848) /usr/sbin/atd -f
(root,217772,592,00:00:00/20-11:08:10,1878) /sbin/agetty -o -p -- \u --noclear tty1 linux
(mysql,1920552,401208,01:25:10/20-11:08:10,1910) /usr/sbin/mariadbd
(root,0,0,00:00:00/20-11:08:09,1928) [ib-comp-wq]
(root,0,0,00:00:00/20-11:08:09,1929) [kworker/u9:0]
(root,0,0,00:00:00/20-11:08:09,1931) [ib-comp-unb-wq]
(root,0,0,00:00:00/20-11:08:09,1932) [ib_mcast]
(root,0,0,00:00:00/20-11:08:09,1933) [ib_nl_sa_wq]
(root,336304,26160,00:06:27/20-11:08:00,2177) tailwatchd
(root,296612,9684,00:19:30/20-11:08:00,2178) cPhulkd - processor - dormant mode - accepting connections
(root,312864,13256,00:06:17/20-11:08:00,2179) cpdavd - accepting connections on: 2079, 2080, 2091, 2077, 2078 (dormant)
(root,296320,9568,00:02:03/20-11:08:00,2182) dnsadmin - dormant mode
(rpcuser,43628,2588,00:00:00/20-08:21:09,31027) /usr/sbin/rpc.statd
(root,0,0,00:00:00/20-08:05:08,34212) [nfsiod]
(root,0,0,00:00:00/20-08:05:08,34222) [lockd]
(root,44608,4264,00:00:50/20-05:55:33,53842) /usr/sbin/dovecot -F -c /etc/dovecot/dovecot.conf
(dovenull,27832,6080,00:00:12/20-05:55:33,53843) dovecot/pop3-login
(dovenull,27832,7060,00:00:12/20-05:55:33,53844) dovecot/imap-login
(dovecot,10472,132,00:00:07/20-05:55:33,53845) dovecot/anvil
(root,10732,1792,00:00:18/20-05:55:33,53846) dovecot/log
(dovenull,27780,6200,00:00:16/20-05:55:33,53847) dovecot/pop3-login
(dovenull,27720,6172,00:00:19/20-05:55:33,53848) dovecot/imap-login
(root,16520,3620,00:00:37/20-05:55:33,53850) dovecot/config
(dovecot,14232,2008,00:00:22/20-05:55:33,53851) dovecot/stats
(mailnull,88356,17848,00:01:56/20-05:55:32,53902) /usr/sbin/exim -ps -bd -q15m -oP /var/spool/exim/exim-daemon.pid
(root,239864,3092,00:00:05/20-03:02:12,79299) /usr/sbin/pure-authd -s /var/run/ftpd.sock -r /usr/local/cpanel/bin/pureauth
(root,240472,5420,00:00:07/20-03:02:12,79300) pure-ftpd (SERVER)
(root,0,0,00:00:00/19-22:59:30,114434) [dio/dm-0]
(root,89804,9524,00:00:31/19-06:59:45,252074) /usr/lib/systemd/systemd --user
(root,287460,3160,00:00:00/19-06:59:45,252075) (sd-pam)
(root,347080,32888,00:00:00/19-06:59:44,252093) /usr/local/cpanel/3rdparty/bin/perl /usr/local/cpanel/bin/backup
(root,4444,1656,00:01:42/19-06:58:53,252371) /usr/local/cpanel/bin/cpuwatch 3.5000 --report-fd 8 /usr/local/cpanel/bin/pkgacct moly24 /backup/2024-11-11/accounts backup
(root,377004,36848,12-12:06:24/19-06:58:53,252372) pkgacct - moly24 - av: 4
(root,211396,14844,00:01:12/8-03:13:23,883423) /usr/sbin/httpd -k start
(root,319164,20136,00:00:51/3-03:06:41,2652548) queueprocd - waiting up to 60s to process a task
(root,457660,23356,00:01:06/3-03:02:41,2653694) php-fpm: master process (/opt/cpanel/ea-php81/root/etc/php-fpm.conf)
(root,13912,1904,00:00:02/3-03:02:29,2653786) /usr/local/cpanel/bin/splitlogs --dir=/etc/apache2/logs/domlogs --main=moly1.molygoshop.com --suffix=-bytes_log
(root,14040,3548,00:00:02/3-03:02:29,2653788) /usr/local/cpanel/bin/splitlogs --dir=/etc/apache2/logs/domlogs --main=moly1.molygoshop.com --mainout=/etc/apache2/logs/access_log
(root,82160,15992,00:00:00/3-03:02:29,2653790) /usr/local/cpanel/3rdparty/bin/perl /usr/local/cpanel/bin/leechprotect
(nscd,1030468,4012,00:00:46/3-03:02:22,2654025) /usr/sbin/nscd
(root,410236,12248,00:00:21/3-03:02:14,2654222) php-fpm: master process (/usr/local/cpanel/etc/php-fpm.conf)
(root,268092,4932,00:00:04/3-03:02:14,2654232) cpanellogd - sleeping for logs
(cpanelconnecttrack,23496,4592,00:14:48/3-03:02:14,2654247) /usr/local/cpanel/3rdparty/sbin/p0f -i any -u cpanelconnecttrack -d -s /var/cpanel/userhomes/cpanelconnecttrack/p0f.socket less 400 and not dst port 80 and not dst port 443 and tcp[13] & 8==0
(wp-toolkit,508148,48640,00:01:09/14-03:14:29,2727617) /usr/bin/sw-engine /usr/local/cpanel/3rdparty/wp-toolkit/bin/run-script scheduled-tasks-executor.php
(wp-toolkit,524708,64336,00:16:34/14-03:14:28,2727638) /usr/bin/sw-engine /usr/local/cpanel/3rdparty/wp-toolkit/bin/run-script background-tasks-executor.php
(root,565512,41492,00:00:40/14-03:14:27,2727690) sw-engine-fpm: master process (/etc/sw-engine/sw-engine-fpm.conf)
(root,0,0,00:00:00/16:13:48,3461420) [kworker/2:2H-kblockd]
(nobody,213036,12788,00:00:03/10:11:14,3542148) /usr/sbin/httpd -k start
(root,334940,33976,00:01:32/08:59:33,3558012) lfd - sleeping
(nobody,213312,12940,00:00:02/07:47:49,3574549) /usr/sbin/httpd -k start
(nobody,213156,12776,00:00:01/04:58:02,3612614) /usr/sbin/httpd -k start
(nobody,212980,12600,00:00:01/04:36:10,3617515) /usr/sbin/httpd -k start
(root,301456,155296,00:00:15/03:11:48,3637304) /usr/local/cpanel/3rdparty/perl/536/bin/perl -T -w /usr/local/cpanel/3rdparty/bin/spamd --allowed-ips=127.0.0.1,::1 --max-children=5 --pidfile=/var/run/spamd.pid --listen=5 --listen=6
(nobody,212924,12544,00:00:00/02:58:35,3640243) /usr/sbin/httpd -k start
(root,302728,147736,00:00:04/02:58:01,3640393) spamd child
(root,301456,146296,00:00:00/02:58:01,3640394) spamd child
(nobody,213256,12848,00:00:00/02:30:10,3646548) /usr/sbin/httpd -k start
(nobody,213100,12396,00:00:00/01:21:05,3661823) /usr/sbin/httpd -k start
(nobody,213060,12260,00:00:00/55:19,3667781) /usr/sbin/httpd -k start
(nobody,212924,12348,00:00:00/54:54,3667828) /usr/sbin/httpd -k start
(root,0,0,00:00:00/49:35,3669137) [kworker/2:1-cgroup_destroy]
(root,0,0,00:00:00/49:34,3669155) [kworker/u8:1-xprtiod]
(root,0,0,00:00:00/29:02,3673834) [kworker/u8:0-xprtiod]
(root,0,0,00:00:00/25:39,3674653) [kworker/3:3-cgroup_destroy]
(root,0,0,00:00:00/19:35,3676010) [kworker/1:2-events]
(root,0,0,00:00:00/19:31,3676019) [kworker/3:1-events]
(nobody,212944,11568,00:00:00/19:11,3676065) /usr/sbin/httpd -k start
(root,0,0,00:00:00/16:27,3676749) [kworker/u8:2-events_unbound]
(root,0,0,00:00:00/14:31,3677133) [kworker/0:0-cgroup_pidlist_destroy]
(root,0,0,00:00:00/09:34,3678239) [kworker/2:3-cgroup_pidlist_destroy]
(root,0,0,00:00:00/08:57,3678317) [kworker/0:2-events_power_efficient]
(root,0,0,00:00:00/07:41,3678533) [kworker/1:0-events]
(root,0,0,00:00:00/07:38,3678607) [kworker/0:3-events]
(root,0,0,00:00:00/04:37,3679311) [kworker/3:0-events]
(root,0,0,00:00:00/03:38,3679513) [kworker/2:0-events]
(dovecot,37216,4272,00:00:00/02:31,3679755) dovecot/auth
(root,0,0,00:00:00/00:39,3680226) [kworker/0:1-events_power_efficient]
(root,234032,2236,00:00:00/00:35,3680234) /usr/sbin/CROND -n
(root,298168,18864,00:00:00/00:35,3680236) /usr/bin/python3 -m kcarectl.__main__ -q --auto-update
(moly24,618104,105088,00:00:03/00:14,3680285) php-fpm: pool molygoshop_com
(mailnull,88700,11000,00:00:00/00:10,3680291) /usr/sbin/exim -ps -bd -q15m -oP /var/spool/exim/exim-daemon.pid
(moly24,535100,93192,00:00:02/00:10,3680293) php-fpm: pool molygoshop_com
(mailnull,88700,11000,00:00:00/00:10,3680294) /usr/sbin/exim -ps -bd -q15m -oP /var/spool/exim/exim-daemon.pid
(root,222732,3244,00:00:00/00:00,3680439) /bin/bash /usr/bin/check_mk_agent
(root,42868,2160,00:00:00/00:00,3680457) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000
(root,17756,1280,00:00:00/00:00,3680458) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) /
(root,0,0,00:00:00/11-10:48:05,3815931) [kworker/0:2H-kblockd]

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: ens18: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP mode DEFAULT group default qlen 1000
    link/ether 86:26:7e:9b:5a:f9 brd ff:ff:ff:ff:ff:ff
    altname enp0s18
3: ens19: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP mode DEFAULT group default qlen 1000
    link/ether 46:26:9b:9b:f9:21 brd ff:ff:ff:ff:ff:ff
    altname enp0s19
[end_iplink]
      Found on 2024-11-30 00:59

    • Severity: high
      Fingerprint: 03cb82e6f6a6b45342c4bbcb4b4d50b5e9848d861f366845ea9ad328645e6537

      Found public CheckMk agent:
Version: 1.4.0p30
AgentOS: linux
Hostname: moly1.molygoshop.com
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local

Found process list through CheckMk:
(root,239252,11816,01:07:09/18-11:12:32,1) /usr/lib/systemd/systemd --switched-root --system --deserialize 18
(root,0,0,00:00:02/18-11:12:32,2) [kthreadd]
(root,0,0,00:00:00/18-11:12:32,3) [rcu_gp]
(root,0,0,00:00:00/18-11:12:32,4) [rcu_par_gp]
(root,0,0,00:00:00/18-11:12:32,5) [slub_flushwq]
(root,0,0,00:00:00/18-11:12:32,9) [mm_percpu_wq]
(root,0,0,00:00:00/18-11:12:32,10) [rcu_tasks_rude_]
(root,0,0,00:00:00/18-11:12:32,11) [rcu_tasks_trace]
(root,0,0,00:00:59/18-11:12:32,12) [ksoftirqd/0]
(root,0,0,00:23:45/18-11:12:32,13) [rcu_sched]
(root,0,0,00:00:07/18-11:12:32,14) [migration/0]
(root,0,0,00:00:16/18-11:12:32,15) [watchdog/0]
(root,0,0,00:00:00/18-11:12:32,16) [cpuhp/0]
(root,0,0,00:00:00/18-11:12:32,17) [cpuhp/1]
(root,0,0,00:00:38/18-11:12:32,18) [watchdog/1]
(root,0,0,00:00:06/18-11:12:32,19) [migration/1]
(root,0,0,00:00:49/18-11:12:32,20) [ksoftirqd/1]
(root,0,0,00:00:00/18-11:12:32,22) [kworker/1:0H-events_highpri]
(root,0,0,00:00:00/18-11:12:32,23) [cpuhp/2]
(root,0,0,00:00:19/18-11:12:32,24) [watchdog/2]
(root,0,0,00:00:08/18-11:12:32,25) [migration/2]
(root,0,0,00:01:11/18-11:12:32,26) [ksoftirqd/2]
(root,0,0,00:00:00/18-11:12:32,28) [kworker/2:0H-events_highpri]
(root,0,0,00:00:00/18-11:12:32,29) [cpuhp/3]
(root,0,0,00:00:42/18-11:12:32,30) [watchdog/3]
(root,0,0,00:00:07/18-11:12:32,31) [migration/3]
(root,0,0,00:00:40/18-11:12:32,32) [ksoftirqd/3]
(root,0,0,00:00:00/18-11:12:32,34) [kworker/3:0H-events_highpri]
(root,0,0,00:00:00/18-11:12:32,39) [kdevtmpfs]
(root,0,0,00:00:00/18-11:12:32,40) [netns]
(root,0,0,00:00:10/18-11:12:32,41) [kauditd]
(root,0,0,00:00:06/18-11:12:32,43) [khungtaskd]
(root,0,0,00:00:00/18-11:12:32,44) [oom_reaper]
(root,0,0,00:00:00/18-11:12:32,45) [writeback]
(root,0,0,00:00:00/18-11:12:32,46) [kcompactd0]
(root,0,0,00:00:00/18-11:12:32,47) [ksmd]
(root,0,0,00:05:04/18-11:12:32,48) [khugepaged]
(root,0,0,00:00:00/18-11:12:32,49) [crypto]
(root,0,0,00:00:00/18-11:12:32,50) [kintegrityd]
(root,0,0,00:00:00/18-11:12:32,51) [kblockd]
(root,0,0,00:00:00/18-11:12:32,52) [blkcg_punt_bio]
(root,0,0,00:00:00/18-11:12:32,54) [tpm_dev_wq]
(root,0,0,00:00:00/18-11:12:32,55) [md]
(root,0,0,00:00:00/18-11:12:32,56) [md_bitmap]
(root,0,0,00:00:00/18-11:12:32,57) [edac-poller]
(root,0,0,00:00:00/18-11:12:32,58) [watchdogd]
(root,0,0,00:06:58/18-11:12:32,61) [kworker/2:1H-kblockd]
(root,0,0,00:00:03/18-11:12:31,64) [kswapd0]
(root,0,0,00:00:00/18-11:12:31,125) [kthrotld]
(root,0,0,00:00:00/18-11:12:31,126) [acpi_thermal_pm]
(root,0,0,00:00:00/18-11:12:31,127) [kmpath_rdacd]
(root,0,0,00:00:00/18-11:12:31,128) [kaluad]
(root,0,0,00:00:00/18-11:12:31,129) [ipv6_addrconf]
(root,0,0,00:00:00/18-11:12:31,130) [kstrp]
(root,0,0,00:00:00/18-11:12:31,131) [zswap-shrink]
(root,0,0,00:06:57/18-11:12:31,146) [kworker/3:1H-xfs-log/dm-0]
(root,0,0,00:15:06/18-11:12:31,175) [kworker/0:1H-xfs-log/dm-0]
(root,0,0,00:09:34/18-11:12:31,176) [kworker/1:1H-xfs-log/dm-0]
(root,0,0,00:00:00/18-11:12:29,353) [ata_sff]
(root,0,0,00:00:16/18-11:12:29,354) [scsi_eh_0]
(root,0,0,00:00:00/18-11:12:29,355) [scsi_tmf_0]
(root,0,0,00:00:00/18-11:12:29,356) [scsi_eh_1]
(root,0,0,00:00:00/18-11:12:29,357) [scsi_tmf_1]
(root,0,0,00:00:00/18-11:12:29,363) [ttm]
(root,0,0,00:00:00/18-11:12:28,434) [kdmflush/253:0]
(root,0,0,00:00:00/18-11:12:28,443) [kdmflush/253:1]
(root,0,0,00:00:00/18-11:12:27,471) [xfsalloc]
(root,0,0,00:00:00/18-11:12:27,473) [xfs_mru_cache]
(root,0,0,00:00:00/18-11:12:27,474) [xfs-buf/dm-0]
(root,0,0,00:00:00/18-11:12:27,475) [xfs-conv/dm-0]
(root,0,0,00:00:00/18-11:12:27,476) [xfs-cil/dm-0]
(root,0,0,00:00:00/18-11:12:27,477) [xfs-reclaim/dm-]
(root,0,0,00:00:00/18-11:12:27,478) [xfs-blockgc/dm-]
(root,0,0,00:00:00/18-11:12:27,479) [xfs-log/dm-0]
(root,0,0,00:07:32/18-11:12:27,480) [xfsaild/dm-0]
(root,195376,89944,00:15:00/18-11:11:51,575) /usr/lib/systemd/systemd-journald
(root,0,0,00:00:00/18-11:11:48,616) [xfs-buf/sda1]
(root,0,0,00:00:00/18-11:11:48,617) [xfs-conv/sda1]
(root,0,0,00:00:00/18-11:11:48,618) [xfs-cil/sda1]
(root,0,0,00:00:00/18-11:11:48,619) [xfs-reclaim/sda]
(root,0,0,00:00:00/18-11:11:48,620) [xfs-blockgc/sda]
(root,0,0,00:00:00/18-11:11:48,621) [xfs-log/sda1]
(root,0,0,00:00:00/18-11:11:48,622) [xfsaild/sda1]
(root,97516,8872,01:10:26/18-11:11:47,624) /usr/lib/systemd/systemd-udevd
(root,0,0,00:00:00/18-11:11:43,680) [kdmflush/253:2]
(root,0,0,00:00:00/18-11:11:43,688) [xfs-buf/dm-2]
(root,0,0,00:00:00/18-11:11:43,689) [xfs-conv/dm-2]
(root,0,0,00:00:00/18-11:11:43,690) [xfs-cil/dm-2]
(root,0,0,00:00:00/18-11:11:43,691) [xfs-reclaim/dm-]
(root,0,0,00:00:00/18-11:11:43,692) [xfs-blockgc/dm-]
(root,0,0,00:00:00/18-11:11:43,693) [xfs-log/dm-2]
(root,0,0,00:01:18/18-11:11:43,694) [xfsaild/dm-2]
(rpc,67428,5408,00:00:07/18-11:11:26,718) /usr/bin/rpcbind -w -f
(root,0,0,00:00:00/18-11:11:26,720) [rpciod]
(root,0,0,00:00:00/18-11:11:26,721) [xprtiod]
(root,57392,2232,00:01:14/18-11:11:26,724) /sbin/auditd
(dbus,56632,5288,00:07:48/18-11:11:22,772) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
(root,125068,5364,00:01:46/18-11:11:22,775) /usr/sbin/irqbalance --foreground
(root,50776,5960,00:00:02/18-11:11:22,777) /usr/sbin/smartd -n -q never
(root,80252,7996,00:03:46/18-11:11:21,785) /usr/lib/systemd/systemd-logind
(chrony,140188,4252,00:00:21/18-11:11:18,801) /usr/sbin/chronyd
(root,0,0,00:00:44/18-11:10:58,1136) [loop0]
(root,0,0,00:00:13/18-11:10:57,1142) [jbd2/loop0-8]
(root,0,0,00:00:00/18-11:10:57,1143) [ext4-rsv-conver]
(named,1244672,65384,00:05:06/18-11:10:48,1724) /usr/sbin/pdns_server --socket-dir=/run/pdns --guardian=no --daemon=no --disable-syslog --log-timestamp=no --write-pid=no
(root,537280,37536,00:14:56/18-11:10:48,1726) /usr/sbin/rsyslogd -n
(root,362492,36508,00:28:20/18-11:10:48,1729) cpsrvd (SSL) - waiting for connections                    
(root,75028,7312,00:01:02/18-11:10:46,1741) /usr/sbin/sshd -D -oCiphers=aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes256-ctr,aes256-cbc,aes128-gcm@openssh.com,aes128-ctr,aes128-cbc -oMACs=hmac-sha2-256-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha1,umac-128@openssh.com,hmac-sha2-512 -oGSSAPIKexAlgorithms=gss-curve25519-sha256-,gss-nistp256-sha256-,gss-group14-sha256-,gss-group16-sha512-,gss-gex-sha1-,gss-group14-sha1- -oKexAlgorithms=curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1 -oHostKeyAlgorithms=ecdsa-sha2-nistp256,ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521,ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh-ed25519,ssh-ed25519-cert-v01@openssh.com,rsa-sha2-256,rsa-sha2-256-cert-v01@openssh.com,rsa-sha2-512,rsa-sha2-512-cert-v01@openssh.com,ssh-rsa,ssh-rsa-cert-v01@openssh.com -oPubkeyAcceptedKeyTypes=ecdsa-sha2-nistp256,ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521,ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh-ed25519,ssh-ed25519-cert-v01@openssh.com,rsa-sha2-256,rsa-sha2-256-cert-v01@openssh.com,rsa-sha2-512,rsa-sha2-512-cert-v01@openssh.com,ssh-rsa,ssh-rsa-cert-v01@openssh.com -oCASignatureAlgorithms=ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519,rsa-sha2-256,rsa-sha2-512,ssh-rsa
(root,49208,3240,00:00:00/18-11:10:46,1756) /usr/sbin/xinetd -stayalive -pidfile /var/run/xinetd.pid
(root,314972,3620,00:00:03/18-11:10:41,1774) /usr/sbin/gssproxy -D
(root,233820,3108,00:00:47/18-11:10:37,1844) /usr/sbin/crond -n
(root,24504,1352,00:00:00/18-11:10:37,1848) /usr/sbin/atd -f
(root,217772,592,00:00:00/18-11:10:35,1878) /sbin/agetty -o -p -- \u --noclear tty1 linux
(mysql,1920552,387972,01:16:39/18-11:10:35,1910) /usr/sbin/mariadbd
(root,0,0,00:00:00/18-11:10:34,1928) [ib-comp-wq]
(root,0,0,00:00:00/18-11:10:34,1929) [kworker/u9:0]
(root,0,0,00:00:00/18-11:10:34,1931) [ib-comp-unb-wq]
(root,0,0,00:00:00/18-11:10:34,1932) [ib_mcast]
(root,0,0,00:00:00/18-11:10:34,1933) [ib_nl_sa_wq]
(root,336304,26100,00:05:55/18-11:10:25,2177) tailwatchd
(root,296612,9628,00:17:31/18-11:10:25,2178) cPhulkd - processor - dormant mode - accepting connections
(root,312864,13132,00:05:43/18-11:10:25,2179) cpdavd - accepting connections on: 2079, 2080, 2091, 2077, 2078 (dormant)
(root,296320,9788,00:01:50/18-11:10:25,2182) dnsadmin - dormant mode
(rpcuser,43628,2588,00:00:00/18-08:23:34,31027) /usr/sbin/rpc.statd
(root,0,0,00:00:00/18-08:07:33,34212) [nfsiod]
(root,0,0,00:00:00/18-08:07:33,34222) [lockd]
(root,44608,4520,00:00:45/18-05:57:58,53842) /usr/sbin/dovecot -F -c /etc/dovecot/dovecot.conf
(dovenull,27832,7484,00:00:11/18-05:57:58,53843) dovecot/pop3-login
(dovenull,27700,7492,00:00:10/18-05:57:58,53844) dovecot/imap-login
(dovecot,10472,1244,00:00:06/18-05:57:58,53845) dovecot/anvil
(root,10732,2924,00:00:16/18-05:57:58,53846) dovecot/log
(dovenull,27780,7556,00:00:14/18-05:57:58,53847) dovecot/pop3-login
(dovenull,27720,7604,00:00:18/18-05:57:58,53848) dovecot/imap-login
(root,16520,4988,00:00:33/18-05:57:58,53850) dovecot/config
(dovecot,14232,3232,00:00:20/18-05:57:58,53851) dovecot/stats
(mailnull,88356,17984,00:01:46/18-05:57:57,53902) /usr/sbin/exim -ps -bd -q15m -oP /var/spool/exim/exim-daemon.pid
(root,239864,3108,00:00:05/18-03:04:37,79299) /usr/sbin/pure-authd -s /var/run/ftpd.sock -r /usr/local/cpanel/bin/pureauth
(root,240472,5436,00:00:07/18-03:04:37,79300) pure-ftpd (SERVER)
(root,0,0,00:00:00/17-23:01:55,114434) [dio/dm-0]
(root,89804,9524,00:00:28/17-07:02:10,252074) /usr/lib/systemd/systemd --user
(root,287460,3224,00:00:00/17-07:02:10,252075) (sd-pam)
(root,347080,32904,00:00:00/17-07:02:09,252093) /usr/local/cpanel/3rdparty/bin/perl /usr/local/cpanel/bin/backup
(root,4444,1656,00:01:32/17-07:01:18,252371) /usr/local/cpanel/bin/cpuwatch 3.5000 --report-fd 8 /usr/local/cpanel/bin/pkgacct moly24 /backup/2024-11-11/accounts backup
(root,377004,36864,10-22:37:57/17-07:01:18,252372) pkgacct - moly24 - av: 4
(root,211396,14912,00:00:53/6-03:15:48,883423) /usr/sbin/httpd -k start
(root,319164,20604,00:00:19/1-03:09:06,2652548) queueprocd - waiting up to 60s to process a task
(root,457660,23372,00:00:24/1-03:05:06,2653694) php-fpm: master process (/opt/cpanel/ea-php81/root/etc/php-fpm.conf)
(root,13912,1904,00:00:00/1-03:04:54,2653786) /usr/local/cpanel/bin/splitlogs --dir=/etc/apache2/logs/domlogs --main=moly1.molygoshop.com --suffix=-bytes_log
(root,13912,1876,00:00:00/1-03:04:54,2653788) /usr/local/cpanel/bin/splitlogs --dir=/etc/apache2/logs/domlogs --main=moly1.molygoshop.com --mainout=/etc/apache2/logs/access_log
(root,82160,16008,00:00:00/1-03:04:54,2653790) /usr/local/cpanel/3rdparty/bin/perl /usr/local/cpanel/bin/leechprotect
(nscd,1030468,3992,00:00:16/1-03:04:47,2654025) /usr/sbin/nscd
(root,410236,12360,00:00:07/1-03:04:39,2654222) php-fpm: master process (/usr/local/cpanel/etc/php-fpm.conf)
(root,268092,4980,00:00:01/1-03:04:39,2654232) cpanellogd - sleeping for logs
(cpanelconnecttrack,23428,4524,00:05:23/1-03:04:39,2654247) /usr/local/cpanel/3rdparty/sbin/p0f -i any -u cpanelconnecttrack -d -s /var/cpanel/userhomes/cpanelconnecttrack/p0f.socket less 400 and not dst port 80 and not dst port 443 and tcp[13] & 8==0
(root,301444,149896,00:00:45/1-03:02:17,2655495) /usr/local/cpanel/3rdparty/perl/536/bin/perl -T -w /usr/local/cpanel/3rdparty/bin/spamd --allowed-ips=127.0.0.1,::1 --max-children=5 --pidfile=/var/run/spamd.pid --listen=5 --listen=6
(root,302716,144088,00:00:16/1-02:49:02,2658688) spamd child
(wp-toolkit,508148,48928,00:00:59/12-03:16:54,2727617) /usr/bin/sw-engine /usr/local/cpanel/3rdparty/wp-toolkit/bin/run-script scheduled-tasks-executor.php
(wp-toolkit,524708,65108,00:14:04/12-03:16:53,2727638) /usr/bin/sw-engine /usr/local/cpanel/3rdparty/wp-toolkit/bin/run-script background-tasks-executor.php
(root,565512,41508,00:00:33/12-03:16:52,2727690) sw-engine-fpm: master process (/etc/sw-engine/sw-engine-fpm.conf)
(root,301444,141816,00:00:00/10:05:40,2887984) spamd child
(root,334948,33060,00:01:38/09:02:00,2902747) lfd - sleeping
(nobody,213032,12316,00:00:00/04:21:10,2966696) /usr/sbin/httpd -k start
(nobody,212840,11876,00:00:00/03:56:19,2972461) /usr/sbin/httpd -k start
(nobody,212924,12240,00:00:00/03:08:42,2984283) /usr/sbin/httpd -k start
(nobody,213240,12148,00:00:00/03:08:41,2984298) /usr/sbin/httpd -k start
(nobody,213224,12384,00:00:00/02:40:15,2990767) /usr/sbin/httpd -k start
(nobody,213320,11956,00:00:00/02:30:16,2992943) /usr/sbin/httpd -k start
(nobody,213004,11808,00:00:00/02:24:55,2994198) /usr/sbin/httpd -k start
(nobody,212932,11756,00:00:00/02:24:46,2994221) /usr/sbin/httpd -k start
(nobody,213100,12024,00:00:00/02:24:10,2994369) /usr/sbin/httpd -k start
(root,0,0,00:00:02/01:08:13,3011468) [kworker/3:0-events]
(root,0,0,00:00:00/53:00,3014940) [kworker/u8:0-xprtiod]
(root,0,0,00:00:00/36:01,3018681) [kworker/2:2-mm_percpu_wq]
(root,0,0,00:00:00/25:35,3020975) [kworker/1:1-events]
(root,0,0,00:00:00/22:05,3021814) [kworker/u8:2-xprtiod]
(root,0,0,00:00:00/16:48,3022994) [kworker/0:0-cgroup_destroy]
(nobody,212932,11336,00:00:00/15:39,3023201) /usr/sbin/httpd -k start
(root,0,0,00:00:00/14:13,3023671) [kworker/1:2-cgroup_pidlist_destroy]
(root,0,0,00:00:00/12:01,3024095) [kworker/2:1-cgroup_destroy]
(root,0,0,00:00:00/11:13,3024260) [kworker/0:2-cgroup_pidlist_destroy]
(root,0,0,00:00:00/09:15,3024789) [kworker/1:3-mm_percpu_wq]
(root,0,0,00:00:00/08:15,3024988) [kworker/0:3-cgroup_pidlist_destroy]
(root,0,0,00:00:00/07:59,3025017) [kworker/u8:1-xprtiod]
(root,0,0,00:00:00/07:13,3025175) [kworker/3:2-cgroup_destroy]
(root,0,0,00:00:00/02:02,3026385) [kworker/0:1-events_power_efficient]
(root,0,0,00:00:00/01:59,3026423) [kworker/2:0-cgroup_pidlist_destroy]
(root,0,0,00:00:00/01:13,3026619) [kworker/3:1-cgroup_pidlist_destroy]
(root,0,0,00:00:00/00:13,3026887) [kworker/u8:3-xprtiod]
(root,362492,30244,00:00:00/00:02,3026908) webmaild - serving 216.218.206.67
(root,222732,3232,00:00:00/00:00,3027044) /bin/bash /usr/bin/check_mk_agent
(root,42868,2212,00:00:00/00:00,3027062) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000
(root,17756,1284,00:00:00/00:00,3027063) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) /
(root,0,0,00:00:00/9-10:50:30,3815931) [kworker/0:2H-kblockd]

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: ens18: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP mode DEFAULT group default qlen 1000
    link/ether 86:26:7e:9b:5a:f9 brd ff:ff:ff:ff:ff:ff
    altname enp0s18
3: ens19: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP mode DEFAULT group default qlen 1000
    link/ether 46:26:9b:9b:f9:21 brd ff:ff:ff:ff:ff:ff
    altname enp0s19
[end_iplink]
      Found on 2024-11-28 01:02

    • Severity: high
      Fingerprint: 03cb82e6f6a6b45342c4bbcb4b4d50b5e9848d861f366845ea9ad328d27edb18

      Found public CheckMk agent:
Version: 1.4.0p30
AgentOS: linux
Hostname: moly1.molygoshop.com
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local

Found process list through CheckMk:
(root,239256,11816,00:59:26/16-11:17:03,1) /usr/lib/systemd/systemd --switched-root --system --deserialize 18
(root,0,0,00:00:02/16-11:17:03,2) [kthreadd]
(root,0,0,00:00:00/16-11:17:03,3) [rcu_gp]
(root,0,0,00:00:00/16-11:17:03,4) [rcu_par_gp]
(root,0,0,00:00:00/16-11:17:03,5) [slub_flushwq]
(root,0,0,00:00:00/16-11:17:03,9) [mm_percpu_wq]
(root,0,0,00:00:00/16-11:17:03,10) [rcu_tasks_rude_]
(root,0,0,00:00:00/16-11:17:03,11) [rcu_tasks_trace]
(root,0,0,00:00:50/16-11:17:03,12) [ksoftirqd/0]
(root,0,0,00:21:25/16-11:17:03,13) [rcu_sched]
(root,0,0,00:00:06/16-11:17:03,14) [migration/0]
(root,0,0,00:00:14/16-11:17:03,15) [watchdog/0]
(root,0,0,00:00:00/16-11:17:03,16) [cpuhp/0]
(root,0,0,00:00:00/16-11:17:03,17) [cpuhp/1]
(root,0,0,00:00:33/16-11:17:03,18) [watchdog/1]
(root,0,0,00:00:06/16-11:17:03,19) [migration/1]
(root,0,0,00:00:41/16-11:17:03,20) [ksoftirqd/1]
(root,0,0,00:00:00/16-11:17:03,22) [kworker/1:0H-events_highpri]
(root,0,0,00:00:00/16-11:17:03,23) [cpuhp/2]
(root,0,0,00:00:17/16-11:17:03,24) [watchdog/2]
(root,0,0,00:00:07/16-11:17:03,25) [migration/2]
(root,0,0,00:01:01/16-11:17:03,26) [ksoftirqd/2]
(root,0,0,00:00:00/16-11:17:03,28) [kworker/2:0H-events_highpri]
(root,0,0,00:00:00/16-11:17:03,29) [cpuhp/3]
(root,0,0,00:00:36/16-11:17:03,30) [watchdog/3]
(root,0,0,00:00:07/16-11:17:03,31) [migration/3]
(root,0,0,00:00:34/16-11:17:03,32) [ksoftirqd/3]
(root,0,0,00:00:00/16-11:17:03,34) [kworker/3:0H-events_highpri]
(root,0,0,00:00:00/16-11:17:03,39) [kdevtmpfs]
(root,0,0,00:00:00/16-11:17:03,40) [netns]
(root,0,0,00:00:09/16-11:17:03,41) [kauditd]
(root,0,0,00:00:05/16-11:17:03,43) [khungtaskd]
(root,0,0,00:00:00/16-11:17:03,44) [oom_reaper]
(root,0,0,00:00:00/16-11:17:03,45) [writeback]
(root,0,0,00:00:00/16-11:17:03,46) [kcompactd0]
(root,0,0,00:00:00/16-11:17:03,47) [ksmd]
(root,0,0,00:04:27/16-11:17:03,48) [khugepaged]
(root,0,0,00:00:00/16-11:17:03,49) [crypto]
(root,0,0,00:00:00/16-11:17:03,50) [kintegrityd]
(root,0,0,00:00:00/16-11:17:03,51) [kblockd]
(root,0,0,00:00:00/16-11:17:03,52) [blkcg_punt_bio]
(root,0,0,00:00:00/16-11:17:03,54) [tpm_dev_wq]
(root,0,0,00:00:00/16-11:17:03,55) [md]
(root,0,0,00:00:00/16-11:17:03,56) [md_bitmap]
(root,0,0,00:00:00/16-11:17:03,57) [edac-poller]
(root,0,0,00:00:00/16-11:17:03,58) [watchdogd]
(root,0,0,00:06:11/16-11:17:03,61) [kworker/2:1H-kblockd]
(root,0,0,00:00:00/16-11:17:02,64) [kswapd0]
(root,0,0,00:00:00/16-11:17:02,125) [kthrotld]
(root,0,0,00:00:00/16-11:17:02,126) [acpi_thermal_pm]
(root,0,0,00:00:00/16-11:17:02,127) [kmpath_rdacd]
(root,0,0,00:00:00/16-11:17:02,128) [kaluad]
(root,0,0,00:00:00/16-11:17:02,129) [ipv6_addrconf]
(root,0,0,00:00:00/16-11:17:02,130) [kstrp]
(root,0,0,00:00:00/16-11:17:02,131) [zswap-shrink]
(root,0,0,00:06:17/16-11:17:02,146) [kworker/3:1H-xfs-log/dm-0]
(root,0,0,00:13:27/16-11:17:02,175) [kworker/0:1H-kblockd]
(root,0,0,00:08:34/16-11:17:02,176) [kworker/1:1H-xfs-log/dm-2]
(root,0,0,00:00:00/16-11:17:00,353) [ata_sff]
(root,0,0,00:00:16/16-11:17:00,354) [scsi_eh_0]
(root,0,0,00:00:00/16-11:17:00,355) [scsi_tmf_0]
(root,0,0,00:00:00/16-11:17:00,356) [scsi_eh_1]
(root,0,0,00:00:00/16-11:17:00,357) [scsi_tmf_1]
(root,0,0,00:00:00/16-11:17:00,363) [ttm]
(root,0,0,00:00:00/16-11:16:59,434) [kdmflush/253:0]
(root,0,0,00:00:00/16-11:16:59,443) [kdmflush/253:1]
(root,0,0,00:00:00/16-11:16:58,471) [xfsalloc]
(root,0,0,00:00:00/16-11:16:58,473) [xfs_mru_cache]
(root,0,0,00:00:00/16-11:16:58,474) [xfs-buf/dm-0]
(root,0,0,00:00:00/16-11:16:58,475) [xfs-conv/dm-0]
(root,0,0,00:00:00/16-11:16:58,476) [xfs-cil/dm-0]
(root,0,0,00:00:00/16-11:16:58,477) [xfs-reclaim/dm-]
(root,0,0,00:00:00/16-11:16:58,478) [xfs-blockgc/dm-]
(root,0,0,00:00:00/16-11:16:58,479) [xfs-log/dm-0]
(root,0,0,00:06:42/16-11:16:58,480) [xfsaild/dm-0]
(root,186392,83540,00:13:21/16-11:16:22,575) /usr/lib/systemd/systemd-journald
(root,0,0,00:00:00/16-11:16:19,616) [xfs-buf/sda1]
(root,0,0,00:00:00/16-11:16:19,617) [xfs-conv/sda1]
(root,0,0,00:00:00/16-11:16:19,618) [xfs-cil/sda1]
(root,0,0,00:00:00/16-11:16:19,619) [xfs-reclaim/sda]
(root,0,0,00:00:00/16-11:16:19,620) [xfs-blockgc/sda]
(root,0,0,00:00:00/16-11:16:19,621) [xfs-log/sda1]
(root,0,0,00:00:00/16-11:16:19,622) [xfsaild/sda1]
(root,97516,8936,01:05:08/16-11:16:18,624) /usr/lib/systemd/systemd-udevd
(root,0,0,00:00:00/16-11:16:14,680) [kdmflush/253:2]
(root,0,0,00:00:00/16-11:16:14,688) [xfs-buf/dm-2]
(root,0,0,00:00:00/16-11:16:14,689) [xfs-conv/dm-2]
(root,0,0,00:00:00/16-11:16:14,690) [xfs-cil/dm-2]
(root,0,0,00:00:00/16-11:16:14,691) [xfs-reclaim/dm-]
(root,0,0,00:00:00/16-11:16:14,692) [xfs-blockgc/dm-]
(root,0,0,00:00:00/16-11:16:14,693) [xfs-log/dm-2]
(root,0,0,00:01:09/16-11:16:14,694) [xfsaild/dm-2]
(rpc,67428,5476,00:00:06/16-11:15:57,718) /usr/bin/rpcbind -w -f
(root,0,0,00:00:00/16-11:15:57,720) [rpciod]
(root,0,0,00:00:00/16-11:15:57,721) [xprtiod]
(root,57392,2276,00:01:06/16-11:15:57,724) /sbin/auditd
(dbus,56632,5468,00:06:57/16-11:15:53,772) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
(nscd,1030468,4176,00:03:51/16-11:15:53,773) /usr/sbin/nscd
(root,125068,5364,00:01:34/16-11:15:53,775) /usr/sbin/irqbalance --foreground
(root,319192,20264,00:04:22/16-11:15:53,776) queueprocd - waiting up to 60s to process a task
(root,50776,6036,00:00:02/16-11:15:53,777) /usr/sbin/smartd -n -q never
(root,80252,8040,00:03:20/16-11:15:52,785) /usr/lib/systemd/systemd-logind
(chrony,140188,4408,00:00:18/16-11:15:49,801) /usr/sbin/chronyd
(root,0,0,00:00:38/16-11:15:29,1136) [loop0]
(root,0,0,00:00:11/16-11:15:28,1142) [jbd2/loop0-8]
(root,0,0,00:00:00/16-11:15:28,1143) [ext4-rsv-conver]
(named,1244672,65296,00:04:31/16-11:15:19,1724) /usr/sbin/pdns_server --socket-dir=/run/pdns --guardian=no --daemon=no --disable-syslog --log-timestamp=no --write-pid=no
(root,529088,32560,00:13:15/16-11:15:19,1726) /usr/sbin/rsyslogd -n
(root,362212,36072,00:25:15/16-11:15:19,1729) cpsrvd (SSL) - waiting for connections                    
(root,75028,7476,00:00:55/16-11:15:17,1741) /usr/sbin/sshd -D -oCiphers=aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes256-ctr,aes256-cbc,aes128-gcm@openssh.com,aes128-ctr,aes128-cbc -oMACs=hmac-sha2-256-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha1,umac-128@openssh.com,hmac-sha2-512 -oGSSAPIKexAlgorithms=gss-curve25519-sha256-,gss-nistp256-sha256-,gss-group14-sha256-,gss-group16-sha512-,gss-gex-sha1-,gss-group14-sha1- -oKexAlgorithms=curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1 -oHostKeyAlgorithms=ecdsa-sha2-nistp256,ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521,ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh-ed25519,ssh-ed25519-cert-v01@openssh.com,rsa-sha2-256,rsa-sha2-256-cert-v01@openssh.com,rsa-sha2-512,rsa-sha2-512-cert-v01@openssh.com,ssh-rsa,ssh-rsa-cert-v01@openssh.com -oPubkeyAcceptedKeyTypes=ecdsa-sha2-nistp256,ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521,ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh-ed25519,ssh-ed25519-cert-v01@openssh.com,rsa-sha2-256,rsa-sha2-256-cert-v01@openssh.com,rsa-sha2-512,rsa-sha2-512-cert-v01@openssh.com,ssh-rsa,ssh-rsa-cert-v01@openssh.com -oCASignatureAlgorithms=ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519,rsa-sha2-256,rsa-sha2-512,ssh-rsa
(root,49208,3328,00:00:00/16-11:15:17,1756) /usr/sbin/xinetd -stayalive -pidfile /var/run/xinetd.pid
(root,314972,3620,00:00:03/16-11:15:12,1774) /usr/sbin/gssproxy -D
(root,233820,3104,00:00:41/16-11:15:08,1844) /usr/sbin/crond -n
(root,24504,1440,00:00:00/16-11:15:08,1848) /usr/sbin/atd -f
(root,217772,640,00:00:00/16-11:15:06,1878) /sbin/agetty -o -p -- \u --noclear tty1 linux
(mysql,1920252,387880,01:07:48/16-11:15:06,1910) /usr/sbin/mariadbd
(root,0,0,00:00:00/16-11:15:05,1928) [ib-comp-wq]
(root,0,0,00:00:00/16-11:15:05,1929) [kworker/u9:0]
(root,0,0,00:00:00/16-11:15:05,1931) [ib-comp-unb-wq]
(root,0,0,00:00:00/16-11:15:05,1932) [ib_mcast]
(root,0,0,00:00:00/16-11:15:05,1933) [ib_nl_sa_wq]
(cpanelconnecttrack,23476,4768,01:00:04/16-11:15:00,1971) /usr/local/cpanel/3rdparty/sbin/p0f -i any -u cpanelconnecttrack -d -s /var/cpanel/userhomes/cpanelconnecttrack/p0f.socket less 400 and not dst port 80 and not dst port 443 and tcp[13] & 8==0
(root,336268,25744,00:05:21/16-11:14:56,2177) tailwatchd
(root,296612,9240,00:15:33/16-11:14:56,2178) cPhulkd - processor - dormant mode - accepting connections
(root,312864,13028,00:05:09/16-11:14:56,2179) cpdavd - accepting connections on: 2079, 2080, 2091, 2077, 2078 (dormant)
(root,296320,9612,00:01:38/16-11:14:56,2182) dnsadmin - dormant mode
(root,268092,5360,00:00:20/16-11:14:51,2256) cpanellogd - sleeping for logs
(rpcuser,43628,2680,00:00:00/16-08:28:05,31027) /usr/sbin/rpc.statd
(root,0,0,00:00:00/16-08:12:04,34212) [nfsiod]
(root,0,0,00:00:00/16-08:12:04,34222) [lockd]
(root,44608,4736,00:00:40/16-06:02:29,53842) /usr/sbin/dovecot -F -c /etc/dovecot/dovecot.conf
(dovenull,27832,7496,00:00:10/16-06:02:29,53843) dovecot/pop3-login
(dovenull,27700,7512,00:00:09/16-06:02:29,53844) dovecot/imap-login
(dovecot,10472,1248,00:00:06/16-06:02:29,53845) dovecot/anvil
(root,10732,2928,00:00:14/16-06:02:29,53846) dovecot/log
(dovenull,27652,7472,00:00:12/16-06:02:29,53847) dovecot/pop3-login
(dovenull,27720,7636,00:00:16/16-06:02:29,53848) dovecot/imap-login
(root,16520,5036,00:00:30/16-06:02:29,53850) dovecot/config
(dovecot,14232,3236,00:00:18/16-06:02:29,53851) dovecot/stats
(mailnull,88356,18476,00:01:37/16-06:02:28,53902) /usr/sbin/exim -ps -bd -q15m -oP /var/spool/exim/exim-daemon.pid
(root,239864,3156,00:00:04/16-03:09:08,79299) /usr/sbin/pure-authd -s /var/run/ftpd.sock -r /usr/local/cpanel/bin/pureauth
(root,240472,5688,00:00:06/16-03:09:08,79300) pure-ftpd (SERVER)
(root,0,0,00:00:00/15-23:06:26,114434) [dio/dm-0]
(root,89804,9524,00:00:25/15-07:06:41,252074) /usr/lib/systemd/systemd --user
(root,287460,3508,00:00:00/15-07:06:41,252075) (sd-pam)
(root,347080,33656,00:00:00/15-07:06:40,252093) /usr/local/cpanel/3rdparty/bin/perl /usr/local/cpanel/bin/backup
(root,4444,1656,00:01:20/15-07:05:49,252371) /usr/local/cpanel/bin/cpuwatch 3.5000 --report-fd 8 /usr/local/cpanel/bin/pkgacct moly24 /backup/2024-11-11/accounts backup
(root,377004,37200,9-09:48:19/15-07:05:49,252372) pkgacct - moly24 - av: 4
(root,211268,10876,00:00:33/4-03:20:19,883423) /usr/sbin/httpd -k start
(root,13912,2008,00:00:02/4-03:20:19,883424) /usr/local/cpanel/bin/splitlogs --dir=/etc/apache2/logs/domlogs --main=moly1.molygoshop.com --suffix=-bytes_log
(root,14032,3384,00:00:02/4-03:20:19,883425) /usr/local/cpanel/bin/splitlogs --dir=/etc/apache2/logs/domlogs --main=moly1.molygoshop.com --mainout=/etc/apache2/logs/access_log
(root,82168,15972,00:00:00/4-03:20:19,883426) /usr/local/cpanel/3rdparty/bin/perl /usr/local/cpanel/bin/leechprotect
(root,457660,22008,00:01:18/4-03:20:11,883539) php-fpm: master process (/opt/cpanel/ea-php81/root/etc/php-fpm.conf)
(root,334944,33852,00:01:35/09:06:32,2231725) lfd - sleeping
(root,301568,155388,00:00:15/03:19:45,2315133) /usr/local/cpanel/3rdparty/perl/536/bin/perl -T -w /usr/local/cpanel/3rdparty/bin/spamd --allowed-ips=127.0.0.1,::1 --max-children=5 --pidfile=/var/run/spamd.pid --listen=5 --listen=6
(root,302848,147700,00:00:04/03:07:07,2318013) spamd child
(root,301568,146168,00:00:00/03:07:07,2318014) spamd child
(nobody,213144,12536,00:00:01/03:00:49,2319441) /usr/sbin/httpd -k start
(nobody,213076,12492,00:00:00/02:29:02,2327036) /usr/sbin/httpd -k start
(nobody,212900,11936,00:00:00/02:28:31,2327199) /usr/sbin/httpd -k start
(nobody,213128,12552,00:00:00/02:28:02,2327258) /usr/sbin/httpd -k start
(root,0,0,00:00:00/01:09:52,2345112) [kworker/u8:0-xprtiod]
(root,0,0,00:00:00/58:42,2347910) [kworker/3:0-events]
(root,0,0,00:00:00/47:52,2350358) [kworker/u8:3-xprtiod]
(root,0,0,00:00:00/29:23,2354747) [kworker/u8:1-xfs-cil/dm-2]
(root,0,0,00:00:00/25:32,2355580) [kworker/2:0-events]
(root,0,0,00:00:00/17:46,2357372) [kworker/0:1-cgroup_destroy]
(root,0,0,00:00:00/11:43,2358789) [kworker/0:0-events_power_efficient]
(nobody,212816,10912,00:00:00/11:12,2358905) /usr/sbin/httpd -k start
(nobody,212816,10688,00:00:00/11:00,2358937) /usr/sbin/httpd -k start
(nobody,212816,10756,00:00:00/11:00,2358938) /usr/sbin/httpd -k start
(nobody,213072,10924,00:00:00/10:59,2358951) /usr/sbin/httpd -k start
(nobody,212624,10856,00:00:00/10:59,2358962) /usr/sbin/httpd -k start
(nobody,213036,10796,00:00:00/10:59,2358965) /usr/sbin/httpd -k start
(root,0,0,00:00:00/07:43,2359845) [kworker/1:1-events]
(root,0,0,00:00:00/06:31,2360165) [kworker/0:2-events]
(root,0,0,00:00:00/06:21,2360191) [kworker/2:3-mm_percpu_wq]
(root,0,0,00:00:00/06:21,2360193) [kworker/1:2-events]
(root,0,0,00:00:00/05:28,2360414) [kworker/3:1-events]
(root,0,0,00:00:00/04:19,2360742) [kworker/u8:2-xfs-blockgc/dm-0]
(root,86104,15464,00:00:00/00:15,2361621) /usr/sbin/exim -Mc 1tFk1x-00000009uMd-1gVs
(mailnull,86316,11712,00:00:00/00:15,2361626) /usr/sbin/exim -Mc 1tFk1x-00000009uMd-1gVs
(root,86104,15704,00:00:00/00:15,2361627) /usr/sbin/exim -Mc 1tFk1z-00000009uMg-1FJl
(mailnull,86316,11676,00:00:00/00:15,2361630) /usr/sbin/exim -Mc 1tFk1z-00000009uMg-1FJl
(root,0,0,00:00:00/00:01,2361725) [kworker/1:0]
(root,222732,3132,00:00:00/00:01,2361789) /bin/bash /usr/bin/check_mk_agent
(root,42868,2280,00:00:00/00:00,2361807) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000
(root,17756,1256,00:00:00/00:00,2361808) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) /
(root,410228,12452,00:01:03/10-03:21:25,2727590) php-fpm: master process (/usr/local/cpanel/etc/php-fpm.conf)
(wp-toolkit,508148,49580,00:00:49/10-03:21:25,2727617) /usr/bin/sw-engine /usr/local/cpanel/3rdparty/wp-toolkit/bin/run-script scheduled-tasks-executor.php
(wp-toolkit,524708,65976,00:11:36/10-03:21:24,2727638) /usr/bin/sw-engine /usr/local/cpanel/3rdparty/wp-toolkit/bin/run-script background-tasks-executor.php
(root,565512,41860,00:00:27/10-03:21:23,2727690) sw-engine-fpm: master process (/etc/sw-engine/sw-engine-fpm.conf)
(root,0,0,00:00:00/7-10:55:01,3815931) [kworker/0:2H-kblockd]

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: ens18: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP mode DEFAULT group default qlen 1000
    link/ether 86:26:7e:9b:5a:f9 brd ff:ff:ff:ff:ff:ff
    altname enp0s18
3: ens19: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP mode DEFAULT group default qlen 1000
    link/ether 46:26:9b:9b:f9:21 brd ff:ff:ff:ff:ff:ff
    altname enp0s19
[end_iplink]
      Found on 2024-11-26 01:06

    • Severity: high
      Fingerprint: 03cb82e6f6a6b45342c4bbcb4b4d50b5e9848d861f366845ea9ad328a2229b9f

      Found public CheckMk agent:
Version: 1.4.0p30
AgentOS: linux
Hostname: moly1.molygoshop.com
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local

Found process list through CheckMk:
(root,239256,11816,00:52:19/14-11:03:29,1) /usr/lib/systemd/systemd --switched-root --system --deserialize 18
(root,0,0,00:00:01/14-11:03:29,2) [kthreadd]
(root,0,0,00:00:00/14-11:03:29,3) [rcu_gp]
(root,0,0,00:00:00/14-11:03:29,4) [rcu_par_gp]
(root,0,0,00:00:00/14-11:03:29,5) [slub_flushwq]
(root,0,0,00:00:00/14-11:03:29,9) [mm_percpu_wq]
(root,0,0,00:00:00/14-11:03:29,10) [rcu_tasks_rude_]
(root,0,0,00:00:00/14-11:03:29,11) [rcu_tasks_trace]
(root,0,0,00:00:42/14-11:03:29,12) [ksoftirqd/0]
(root,0,0,00:19:07/14-11:03:29,13) [rcu_sched]
(root,0,0,00:00:05/14-11:03:29,14) [migration/0]
(root,0,0,00:00:12/14-11:03:29,15) [watchdog/0]
(root,0,0,00:00:00/14-11:03:29,16) [cpuhp/0]
(root,0,0,00:00:00/14-11:03:29,17) [cpuhp/1]
(root,0,0,00:00:29/14-11:03:29,18) [watchdog/1]
(root,0,0,00:00:05/14-11:03:29,19) [migration/1]
(root,0,0,00:00:34/14-11:03:29,20) [ksoftirqd/1]
(root,0,0,00:00:00/14-11:03:29,22) [kworker/1:0H-events_highpri]
(root,0,0,00:00:00/14-11:03:29,23) [cpuhp/2]
(root,0,0,00:00:14/14-11:03:29,24) [watchdog/2]
(root,0,0,00:00:07/14-11:03:29,25) [migration/2]
(root,0,0,00:00:52/14-11:03:29,26) [ksoftirqd/2]
(root,0,0,00:00:00/14-11:03:29,28) [kworker/2:0H-events_highpri]
(root,0,0,00:00:00/14-11:03:29,29) [cpuhp/3]
(root,0,0,00:00:30/14-11:03:29,30) [watchdog/3]
(root,0,0,00:00:06/14-11:03:29,31) [migration/3]
(root,0,0,00:00:29/14-11:03:29,32) [ksoftirqd/3]
(root,0,0,00:00:00/14-11:03:29,34) [kworker/3:0H-events_highpri]
(root,0,0,00:00:00/14-11:03:29,39) [kdevtmpfs]
(root,0,0,00:00:00/14-11:03:29,40) [netns]
(root,0,0,00:00:08/14-11:03:29,41) [kauditd]
(root,0,0,00:00:04/14-11:03:29,43) [khungtaskd]
(root,0,0,00:00:00/14-11:03:29,44) [oom_reaper]
(root,0,0,00:00:00/14-11:03:29,45) [writeback]
(root,0,0,00:00:00/14-11:03:29,46) [kcompactd0]
(root,0,0,00:00:00/14-11:03:29,47) [ksmd]
(root,0,0,00:03:55/14-11:03:29,48) [khugepaged]
(root,0,0,00:00:00/14-11:03:29,49) [crypto]
(root,0,0,00:00:00/14-11:03:29,50) [kintegrityd]
(root,0,0,00:00:00/14-11:03:29,51) [kblockd]
(root,0,0,00:00:00/14-11:03:29,52) [blkcg_punt_bio]
(root,0,0,00:00:00/14-11:03:29,54) [tpm_dev_wq]
(root,0,0,00:00:00/14-11:03:29,55) [md]
(root,0,0,00:00:00/14-11:03:29,56) [md_bitmap]
(root,0,0,00:00:00/14-11:03:29,57) [edac-poller]
(root,0,0,00:00:00/14-11:03:29,58) [watchdogd]
(root,0,0,00:05:32/14-11:03:29,61) [kworker/2:1H-kblockd]
(root,0,0,00:00:00/14-11:03:28,64) [kswapd0]
(root,0,0,00:00:00/14-11:03:28,125) [kthrotld]
(root,0,0,00:00:00/14-11:03:28,126) [acpi_thermal_pm]
(root,0,0,00:00:00/14-11:03:28,127) [kmpath_rdacd]
(root,0,0,00:00:00/14-11:03:28,128) [kaluad]
(root,0,0,00:00:00/14-11:03:28,129) [ipv6_addrconf]
(root,0,0,00:00:00/14-11:03:28,130) [kstrp]
(root,0,0,00:00:00/14-11:03:28,131) [zswap-shrink]
(root,0,0,00:05:41/14-11:03:28,146) [kworker/3:1H-kblockd]
(root,0,0,00:11:53/14-11:03:28,175) [kworker/0:1H-kblockd]
(root,0,0,00:07:39/14-11:03:28,176) [kworker/1:1H-kblockd]
(root,0,0,00:00:00/14-11:03:26,353) [ata_sff]
(root,0,0,00:00:16/14-11:03:26,354) [scsi_eh_0]
(root,0,0,00:00:00/14-11:03:26,355) [scsi_tmf_0]
(root,0,0,00:00:00/14-11:03:26,356) [scsi_eh_1]
(root,0,0,00:00:00/14-11:03:26,357) [scsi_tmf_1]
(root,0,0,00:00:00/14-11:03:26,363) [ttm]
(root,0,0,00:00:00/14-11:03:25,434) [kdmflush/253:0]
(root,0,0,00:00:00/14-11:03:25,443) [kdmflush/253:1]
(root,0,0,00:00:00/14-11:03:24,471) [xfsalloc]
(root,0,0,00:00:00/14-11:03:24,473) [xfs_mru_cache]
(root,0,0,00:00:00/14-11:03:24,474) [xfs-buf/dm-0]
(root,0,0,00:00:00/14-11:03:24,475) [xfs-conv/dm-0]
(root,0,0,00:00:00/14-11:03:24,476) [xfs-cil/dm-0]
(root,0,0,00:00:00/14-11:03:24,477) [xfs-reclaim/dm-]
(root,0,0,00:00:00/14-11:03:24,478) [xfs-blockgc/dm-]
(root,0,0,00:00:00/14-11:03:24,479) [xfs-log/dm-0]
(root,0,0,00:05:57/14-11:03:24,480) [xfsaild/dm-0]
(root,144604,49416,00:11:48/14-11:02:48,575) /usr/lib/systemd/systemd-journald
(root,0,0,00:00:00/14-11:02:45,616) [xfs-buf/sda1]
(root,0,0,00:00:00/14-11:02:45,617) [xfs-conv/sda1]
(root,0,0,00:00:00/14-11:02:45,618) [xfs-cil/sda1]
(root,0,0,00:00:00/14-11:02:45,619) [xfs-reclaim/sda]
(root,0,0,00:00:00/14-11:02:45,620) [xfs-blockgc/sda]
(root,0,0,00:00:00/14-11:02:45,621) [xfs-log/sda1]
(root,0,0,00:00:00/14-11:02:45,622) [xfsaild/sda1]
(root,97516,8936,01:00:00/14-11:02:44,624) /usr/lib/systemd/systemd-udevd
(root,0,0,00:00:00/14-11:02:40,680) [kdmflush/253:2]
(root,0,0,00:00:00/14-11:02:40,688) [xfs-buf/dm-2]
(root,0,0,00:00:00/14-11:02:40,689) [xfs-conv/dm-2]
(root,0,0,00:00:00/14-11:02:40,690) [xfs-cil/dm-2]
(root,0,0,00:00:00/14-11:02:40,691) [xfs-reclaim/dm-]
(root,0,0,00:00:00/14-11:02:40,692) [xfs-blockgc/dm-]
(root,0,0,00:00:00/14-11:02:40,693) [xfs-log/dm-2]
(root,0,0,00:01:01/14-11:02:40,694) [xfsaild/dm-2]
(rpc,67428,5660,00:00:05/14-11:02:23,718) /usr/bin/rpcbind -w -f
(root,0,0,00:00:00/14-11:02:23,720) [rpciod]
(root,0,0,00:00:00/14-11:02:23,721) [xprtiod]
(root,57392,2276,00:00:58/14-11:02:23,724) /sbin/auditd
(dbus,56632,5560,00:06:10/14-11:02:19,772) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
(nscd,1030468,4180,00:03:27/14-11:02:19,773) /usr/sbin/nscd
(root,125068,5364,00:01:22/14-11:02:19,775) /usr/sbin/irqbalance --foreground
(root,319192,20712,00:03:52/14-11:02:19,776) queueprocd - waiting up to 60s to process a task
(root,50776,6132,00:00:02/14-11:02:19,777) /usr/sbin/smartd -n -q never
(root,80252,8040,00:02:57/14-11:02:18,785) /usr/lib/systemd/systemd-logind
(chrony,140188,4408,00:00:16/14-11:02:15,801) /usr/sbin/chronyd
(root,0,0,00:00:34/14-11:01:55,1136) [loop0]
(root,0,0,00:00:10/14-11:01:54,1142) [jbd2/loop0-8]
(root,0,0,00:00:00/14-11:01:54,1143) [ext4-rsv-conver]
(named,1244672,65236,00:04:00/14-11:01:45,1724) /usr/sbin/pdns_server --socket-dir=/run/pdns --guardian=no --daemon=no --disable-syslog --log-timestamp=no --write-pid=no
(root,504512,20848,00:11:39/14-11:01:45,1726) /usr/sbin/rsyslogd -n
(root,362216,36132,00:22:23/14-11:01:45,1729) cpsrvd (SSL) - waiting for connections                    
(root,75028,7568,00:00:49/14-11:01:43,1741) /usr/sbin/sshd -D -oCiphers=aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes256-ctr,aes256-cbc,aes128-gcm@openssh.com,aes128-ctr,aes128-cbc -oMACs=hmac-sha2-256-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha1,umac-128@openssh.com,hmac-sha2-512 -oGSSAPIKexAlgorithms=gss-curve25519-sha256-,gss-nistp256-sha256-,gss-group14-sha256-,gss-group16-sha512-,gss-gex-sha1-,gss-group14-sha1- -oKexAlgorithms=curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1 -oHostKeyAlgorithms=ecdsa-sha2-nistp256,ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521,ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh-ed25519,ssh-ed25519-cert-v01@openssh.com,rsa-sha2-256,rsa-sha2-256-cert-v01@openssh.com,rsa-sha2-512,rsa-sha2-512-cert-v01@openssh.com,ssh-rsa,ssh-rsa-cert-v01@openssh.com -oPubkeyAcceptedKeyTypes=ecdsa-sha2-nistp256,ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521,ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh-ed25519,ssh-ed25519-cert-v01@openssh.com,rsa-sha2-256,rsa-sha2-256-cert-v01@openssh.com,rsa-sha2-512,rsa-sha2-512-cert-v01@openssh.com,ssh-rsa,ssh-rsa-cert-v01@openssh.com -oCASignatureAlgorithms=ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519,rsa-sha2-256,rsa-sha2-512,ssh-rsa
(root,49208,3328,00:00:00/14-11:01:43,1756) /usr/sbin/xinetd -stayalive -pidfile /var/run/xinetd.pid
(root,314972,3996,00:00:03/14-11:01:38,1774) /usr/sbin/gssproxy -D
(root,233820,3516,00:00:37/14-11:01:34,1844) /usr/sbin/crond -n
(root,24504,1440,00:00:00/14-11:01:34,1848) /usr/sbin/atd -f
(root,217772,820,00:00:00/14-11:01:32,1878) /sbin/agetty -o -p -- \u --noclear tty1 linux
(mysql,1920252,386644,00:57:59/14-11:01:32,1910) /usr/sbin/mariadbd
(root,0,0,00:00:00/14-11:01:31,1928) [ib-comp-wq]
(root,0,0,00:00:00/14-11:01:31,1929) [kworker/u9:0]
(root,0,0,00:00:00/14-11:01:31,1931) [ib-comp-unb-wq]
(root,0,0,00:00:00/14-11:01:31,1932) [ib_mcast]
(root,0,0,00:00:00/14-11:01:31,1933) [ib_nl_sa_wq]
(cpanelconnecttrack,23476,4768,00:53:23/14-11:01:26,1971) /usr/local/cpanel/3rdparty/sbin/p0f -i any -u cpanelconnecttrack -d -s /var/cpanel/userhomes/cpanelconnecttrack/p0f.socket less 400 and not dst port 80 and not dst port 443 and tcp[13] & 8==0
(root,336268,26144,00:04:52/14-11:01:22,2177) tailwatchd
(root,296612,9540,00:13:46/14-11:01:22,2178) cPhulkd - processor - dormant mode - accepting connections
(root,312864,13104,00:04:38/14-11:01:22,2179) cpdavd - accepting connections on: 2079, 2080, 2091, 2077, 2078 (dormant)
(root,296320,9584,00:01:26/14-11:01:22,2182) dnsadmin - dormant mode
(root,268092,5380,00:00:18/14-11:01:17,2256) cpanellogd - sleeping for logs
(rpcuser,43628,2680,00:00:00/14-08:14:31,31027) /usr/sbin/rpc.statd
(root,0,0,00:00:00/14-07:58:30,34212) [nfsiod]
(root,0,0,00:00:00/14-07:58:30,34222) [lockd]
(root,44608,4800,00:00:36/14-05:48:55,53842) /usr/sbin/dovecot -F -c /etc/dovecot/dovecot.conf
(dovenull,27700,7496,00:00:09/14-05:48:55,53843) dovecot/pop3-login
(dovenull,27700,7512,00:00:08/14-05:48:55,53844) dovecot/imap-login
(dovecot,10472,1248,00:00:05/14-05:48:55,53845) dovecot/anvil
(root,10732,2928,00:00:13/14-05:48:55,53846) dovecot/log
(dovenull,27652,7472,00:00:11/14-05:48:55,53847) dovecot/pop3-login
(dovenull,27720,7636,00:00:14/14-05:48:55,53848) dovecot/imap-login
(root,16520,5036,00:00:26/14-05:48:55,53850) dovecot/config
(dovecot,14232,3236,00:00:16/14-05:48:55,53851) dovecot/stats
(mailnull,88356,18476,00:01:29/14-05:48:54,53902) /usr/sbin/exim -ps -bd -q15m -oP /var/spool/exim/exim-daemon.pid
(root,239864,3484,00:00:04/14-02:55:34,79299) /usr/sbin/pure-authd -s /var/run/ftpd.sock -r /usr/local/cpanel/bin/pureauth
(root,240472,5716,00:00:05/14-02:55:34,79300) pure-ftpd (SERVER)
(root,0,0,00:00:00/13-22:52:52,114434) [dio/dm-0]
(root,89804,9524,00:00:22/13-06:53:07,252074) /usr/lib/systemd/systemd --user
(root,287460,3524,00:00:00/13-06:53:07,252075) (sd-pam)
(root,347080,34176,00:00:00/13-06:53:06,252093) /usr/local/cpanel/3rdparty/bin/perl /usr/local/cpanel/bin/backup
(root,4444,1656,00:01:11/13-06:52:15,252371) /usr/local/cpanel/bin/cpuwatch 3.5000 --report-fd 8 /usr/local/cpanel/bin/pkgacct moly24 /backup/2024-11-11/accounts backup
(root,377004,37632,7-21:28:25/13-06:52:15,252372) pkgacct - moly24 - av: 4
(root,211268,11644,00:00:16/2-03:06:45,883423) /usr/sbin/httpd -k start
(root,13912,2008,00:00:01/2-03:06:45,883424) /usr/local/cpanel/bin/splitlogs --dir=/etc/apache2/logs/domlogs --main=moly1.molygoshop.com --suffix=-bytes_log
(root,13912,2032,00:00:01/2-03:06:45,883425) /usr/local/cpanel/bin/splitlogs --dir=/etc/apache2/logs/domlogs --main=moly1.molygoshop.com --mainout=/etc/apache2/logs/access_log
(root,82168,15972,00:00:00/2-03:06:45,883426) /usr/local/cpanel/3rdparty/bin/perl /usr/local/cpanel/bin/leechprotect
(root,457660,24408,00:00:39/2-03:06:37,883539) php-fpm: master process (/opt/cpanel/ea-php81/root/etc/php-fpm.conf)
(nobody,212896,12732,00:00:02/12:07:34,1487382) /usr/sbin/httpd -k start
(nobody,213020,12852,00:00:01/08:59:19,1534191) /usr/sbin/httpd -k start
(root,334908,33948,00:01:39/08:52:57,1535764) lfd - sleeping
(nobody,213112,12688,00:00:00/03:19:43,1617639) /usr/sbin/httpd -k start
(nobody,213068,12820,00:00:00/03:19:11,1617802) /usr/sbin/httpd -k start
(nobody,212940,12412,00:00:00/03:19:10,1617810) /usr/sbin/httpd -k start
(nobody,213076,12548,00:00:00/03:19:10,1617812) /usr/sbin/httpd -k start
(root,301460,155324,00:00:14/03:05:35,1622076) /usr/local/cpanel/3rdparty/perl/536/bin/perl -T -w /usr/local/cpanel/3rdparty/bin/spamd --allowed-ips=127.0.0.1,::1 --max-children=5 --pidfile=/var/run/spamd.pid --listen=5 --listen=6
(root,302728,147852,00:00:04/02:51:20,1625616) spamd child
(root,301460,146344,00:00:00/02:51:20,1625617) spamd child
(nobody,213072,12892,00:00:00/02:33:02,1630357) /usr/sbin/httpd -k start
(root,0,0,00:00:00/01:39:54,1643575) [kworker/u8:1-events_unbound]
(nobody,213076,12824,00:00:00/01:07:10,1651599) /usr/sbin/httpd -k start
(nobody,212892,12236,00:00:00/01:07:09,1651604) /usr/sbin/httpd -k start
(nobody,213068,12132,00:00:00/50:20,1655882) /usr/sbin/httpd -k start
(root,0,0,00:00:00/46:18,1656839) [kworker/u8:2-xprtiod]
(root,0,0,00:00:00/33:18,1660114) [kworker/3:1-cgroup_pidlist_destroy]
(root,0,0,00:00:00/28:18,1661352) [kworker/2:1-events]
(root,0,0,00:00:00/20:06,1663325) [kworker/1:2-events]
(root,0,0,00:00:00/18:18,1663699) [kworker/2:3-cgroup_pidlist_destroy]
(root,0,0,00:00:00/12:55,1664959) [kworker/0:0-events]
(root,0,0,00:00:00/08:18,1666078) [kworker/3:0-events]
(root,0,0,00:00:00/07:18,1666290) [kworker/1:3-events]
(root,0,0,00:00:00/06:18,1666497) [kworker/0:2-cgroup_destroy]
(root,0,0,00:00:00/05:18,1666838) [kworker/2:2-cgroup_pidlist_destroy]
(root,0,0,00:00:00/05:13,1666855) [kworker/u8:0-xprtiod]
(root,0,0,00:00:00/02:17,1667490) [kworker/1:0-events]
(dovecot,37216,4184,00:00:00/00:46,1667795) dovecot/auth
(root,43956,8208,00:00:00/00:45,1667832) dovecot/lmtp
(root,37088,4288,00:00:00/00:44,1667841) dovecot/auth -w
(root,0,0,00:00:00/00:17,1668029) [kworker/0:1-cgroup_pidlist_destroy]
(root,0,0,00:00:00/00:17,1668030) [kworker/0:3-events]
(mailnull,88700,11072,00:00:00/00:10,1668041) /usr/sbin/exim -ps -bd -q15m -oP /var/spool/exim/exim-daemon.pid
(mailnull,88700,11072,00:00:00/00:10,1668042) /usr/sbin/exim -ps -bd -q15m -oP /var/spool/exim/exim-daemon.pid
(root,222732,3164,00:00:00/00:00,1668088) /bin/bash /usr/bin/check_mk_agent
(root,222732,3268,00:00:00/00:00,1668148) /bin/bash /usr/bin/check_mk_agent
(root,42868,2164,00:00:00/00:00,1668197) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000
(root,17756,1340,00:00:00/00:00,1668198) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) /
(root,410228,12576,00:00:51/8-03:07:51,2727590) php-fpm: master process (/usr/local/cpanel/etc/php-fpm.conf)
(wp-toolkit,508148,50228,00:00:39/8-03:07:51,2727617) /usr/bin/sw-engine /usr/local/cpanel/3rdparty/wp-toolkit/bin/run-script scheduled-tasks-executor.php
(wp-toolkit,524708,66784,00:09:21/8-03:07:50,2727638) /usr/bin/sw-engine /usr/local/cpanel/3rdparty/wp-toolkit/bin/run-script background-tasks-executor.php
(root,565512,42364,00:00:21/8-03:07:49,2727690) sw-engine-fpm: master process (/etc/sw-engine/sw-engine-fpm.conf)
(root,0,0,00:00:00/5-10:41:27,3815931) [kworker/0:2H-kblockd]

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: ens18: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP mode DEFAULT group default qlen 1000
    link/ether 86:26:7e:9b:5a:f9 brd ff:ff:ff:ff:ff:ff
    altname enp0s18
3: ens19: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP mode DEFAULT group default qlen 1000
    link/ether 46:26:9b:9b:f9:21 brd ff:ff:ff:ff:ff:ff
    altname enp0s19
[end_iplink]
      Found on 2024-11-24 00:53

    • Severity: high
      Fingerprint: 03cb82e6f6a6b45342c4bbcb4b4d50b5e9848d861f366845ea9ad328825c2ec8

      Found public CheckMk agent:
Version: 1.4.0p30
AgentOS: linux
Hostname: moly1.molygoshop.com
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local

Found process list through CheckMk:
(root,239256,11816,00:45:14/12-11:05:57,1) /usr/lib/systemd/systemd --switched-root --system --deserialize 18
(root,0,0,00:00:01/12-11:05:57,2) [kthreadd]
(root,0,0,00:00:00/12-11:05:57,3) [rcu_gp]
(root,0,0,00:00:00/12-11:05:57,4) [rcu_par_gp]
(root,0,0,00:00:00/12-11:05:57,5) [slub_flushwq]
(root,0,0,00:00:00/12-11:05:57,9) [mm_percpu_wq]
(root,0,0,00:00:00/12-11:05:57,10) [rcu_tasks_rude_]
(root,0,0,00:00:00/12-11:05:57,11) [rcu_tasks_trace]
(root,0,0,00:00:34/12-11:05:57,12) [ksoftirqd/0]
(root,0,0,00:16:47/12-11:05:57,13) [rcu_sched]
(root,0,0,00:00:05/12-11:05:57,14) [migration/0]
(root,0,0,00:00:09/12-11:05:57,15) [watchdog/0]
(root,0,0,00:00:00/12-11:05:57,16) [cpuhp/0]
(root,0,0,00:00:00/12-11:05:57,17) [cpuhp/1]
(root,0,0,00:00:23/12-11:05:57,18) [watchdog/1]
(root,0,0,00:00:04/12-11:05:57,19) [migration/1]
(root,0,0,00:00:28/12-11:05:57,20) [ksoftirqd/1]
(root,0,0,00:00:00/12-11:05:57,22) [kworker/1:0H-events_highpri]
(root,0,0,00:00:00/12-11:05:57,23) [cpuhp/2]
(root,0,0,00:00:11/12-11:05:57,24) [watchdog/2]
(root,0,0,00:00:06/12-11:05:57,25) [migration/2]
(root,0,0,00:00:44/12-11:05:57,26) [ksoftirqd/2]
(root,0,0,00:00:00/12-11:05:57,28) [kworker/2:0H-events_highpri]
(root,0,0,00:00:00/12-11:05:57,29) [cpuhp/3]
(root,0,0,00:00:24/12-11:05:57,30) [watchdog/3]
(root,0,0,00:00:05/12-11:05:57,31) [migration/3]
(root,0,0,00:00:24/12-11:05:57,32) [ksoftirqd/3]
(root,0,0,00:00:00/12-11:05:57,34) [kworker/3:0H-events_highpri]
(root,0,0,00:00:00/12-11:05:57,39) [kdevtmpfs]
(root,0,0,00:00:00/12-11:05:57,40) [netns]
(root,0,0,00:00:07/12-11:05:57,41) [kauditd]
(root,0,0,00:00:04/12-11:05:57,43) [khungtaskd]
(root,0,0,00:00:00/12-11:05:57,44) [oom_reaper]
(root,0,0,00:00:00/12-11:05:57,45) [writeback]
(root,0,0,00:00:00/12-11:05:57,46) [kcompactd0]
(root,0,0,00:00:00/12-11:05:57,47) [ksmd]
(root,0,0,00:03:25/12-11:05:57,48) [khugepaged]
(root,0,0,00:00:00/12-11:05:57,49) [crypto]
(root,0,0,00:00:00/12-11:05:57,50) [kintegrityd]
(root,0,0,00:00:00/12-11:05:57,51) [kblockd]
(root,0,0,00:00:00/12-11:05:57,52) [blkcg_punt_bio]
(root,0,0,00:00:00/12-11:05:57,54) [tpm_dev_wq]
(root,0,0,00:00:00/12-11:05:57,55) [md]
(root,0,0,00:00:00/12-11:05:57,56) [md_bitmap]
(root,0,0,00:00:00/12-11:05:57,57) [edac-poller]
(root,0,0,00:00:00/12-11:05:57,58) [watchdogd]
(root,0,0,00:04:48/12-11:05:57,61) [kworker/2:1H-kblockd]
(root,0,0,00:00:00/12-11:05:56,64) [kswapd0]
(root,0,0,00:00:00/12-11:05:56,125) [kthrotld]
(root,0,0,00:00:00/12-11:05:56,126) [acpi_thermal_pm]
(root,0,0,00:00:00/12-11:05:56,127) [kmpath_rdacd]
(root,0,0,00:00:00/12-11:05:56,128) [kaluad]
(root,0,0,00:00:00/12-11:05:56,129) [ipv6_addrconf]
(root,0,0,00:00:00/12-11:05:56,130) [kstrp]
(root,0,0,00:00:00/12-11:05:56,131) [zswap-shrink]
(root,0,0,00:05:00/12-11:05:56,146) [kworker/3:1H-kblockd]
(root,0,0,00:10:11/12-11:05:56,175) [kworker/0:1H-kblockd]
(root,0,0,00:06:37/12-11:05:56,176) [kworker/1:1H-xfs-log/dm-2]
(root,0,0,00:00:00/12-11:05:54,353) [ata_sff]
(root,0,0,00:00:16/12-11:05:54,354) [scsi_eh_0]
(root,0,0,00:00:00/12-11:05:54,355) [scsi_tmf_0]
(root,0,0,00:00:00/12-11:05:54,356) [scsi_eh_1]
(root,0,0,00:00:00/12-11:05:54,357) [scsi_tmf_1]
(root,0,0,00:00:00/12-11:05:54,363) [ttm]
(root,0,0,00:00:00/12-11:05:53,434) [kdmflush/253:0]
(root,0,0,00:00:00/12-11:05:53,443) [kdmflush/253:1]
(root,0,0,00:00:00/12-11:05:52,471) [xfsalloc]
(root,0,0,00:00:00/12-11:05:52,473) [xfs_mru_cache]
(root,0,0,00:00:00/12-11:05:52,474) [xfs-buf/dm-0]
(root,0,0,00:00:00/12-11:05:52,475) [xfs-conv/dm-0]
(root,0,0,00:00:00/12-11:05:52,476) [xfs-cil/dm-0]
(root,0,0,00:00:00/12-11:05:52,477) [xfs-reclaim/dm-]
(root,0,0,00:00:00/12-11:05:52,478) [xfs-blockgc/dm-]
(root,0,0,00:00:00/12-11:05:52,479) [xfs-log/dm-0]
(root,0,0,00:05:11/12-11:05:52,480) [xfsaild/dm-0]
(root,119268,25668,00:10:10/12-11:05:16,575) /usr/lib/systemd/systemd-journald
(root,0,0,00:00:00/12-11:05:13,616) [xfs-buf/sda1]
(root,0,0,00:00:00/12-11:05:13,617) [xfs-conv/sda1]
(root,0,0,00:00:00/12-11:05:13,618) [xfs-cil/sda1]
(root,0,0,00:00:00/12-11:05:13,619) [xfs-reclaim/sda]
(root,0,0,00:00:00/12-11:05:13,620) [xfs-blockgc/sda]
(root,0,0,00:00:00/12-11:05:13,621) [xfs-log/sda1]
(root,0,0,00:00:00/12-11:05:13,622) [xfsaild/sda1]
(root,97516,8936,00:54:38/12-11:05:12,624) /usr/lib/systemd/systemd-udevd
(root,0,0,00:00:00/12-11:05:08,680) [kdmflush/253:2]
(root,0,0,00:00:00/12-11:05:08,688) [xfs-buf/dm-2]
(root,0,0,00:00:00/12-11:05:08,689) [xfs-conv/dm-2]
(root,0,0,00:00:00/12-11:05:08,690) [xfs-cil/dm-2]
(root,0,0,00:00:00/12-11:05:08,691) [xfs-reclaim/dm-]
(root,0,0,00:00:00/12-11:05:08,692) [xfs-blockgc/dm-]
(root,0,0,00:00:00/12-11:05:08,693) [xfs-log/dm-2]
(root,0,0,00:00:54/12-11:05:08,694) [xfsaild/dm-2]
(rpc,67428,5660,00:00:05/12-11:04:51,718) /usr/bin/rpcbind -w -f
(root,0,0,00:00:00/12-11:04:51,720) [rpciod]
(root,0,0,00:00:00/12-11:04:51,721) [xprtiod]
(root,57392,2276,00:00:51/12-11:04:51,724) /sbin/auditd
(dbus,56632,5560,00:05:23/12-11:04:47,772) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
(nscd,1030468,4184,00:03:02/12-11:04:47,773) /usr/sbin/nscd
(root,125068,5364,00:01:11/12-11:04:47,775) /usr/sbin/irqbalance --foreground
(root,319192,20752,00:03:23/12-11:04:47,776) queueprocd - waiting up to 60s to process a task
(root,50776,6132,00:00:01/12-11:04:47,777) /usr/sbin/smartd -n -q never
(root,80252,8040,00:02:34/12-11:04:46,785) /usr/lib/systemd/systemd-logind
(chrony,140188,4408,00:00:14/12-11:04:43,801) /usr/sbin/chronyd
(root,0,0,00:00:30/12-11:04:23,1136) [loop0]
(root,0,0,00:00:09/12-11:04:22,1142) [jbd2/loop0-8]
(root,0,0,00:00:00/12-11:04:22,1143) [ext4-rsv-conver]
(named,1244672,65236,00:03:29/12-11:04:13,1724) /usr/sbin/pdns_server --socket-dir=/run/pdns --guardian=no --daemon=no --disable-syslog --log-timestamp=no --write-pid=no
(root,504512,21300,00:10:00/12-11:04:13,1726) /usr/sbin/rsyslogd -n
(root,362216,36356,00:19:30/12-11:04:13,1729) cpsrvd (SSL) - waiting for connections                    
(root,75028,7568,00:00:43/12-11:04:11,1741) /usr/sbin/sshd -D -oCiphers=aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes256-ctr,aes256-cbc,aes128-gcm@openssh.com,aes128-ctr,aes128-cbc -oMACs=hmac-sha2-256-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha1,umac-128@openssh.com,hmac-sha2-512 -oGSSAPIKexAlgorithms=gss-curve25519-sha256-,gss-nistp256-sha256-,gss-group14-sha256-,gss-group16-sha512-,gss-gex-sha1-,gss-group14-sha1- -oKexAlgorithms=curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1 -oHostKeyAlgorithms=ecdsa-sha2-nistp256,ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521,ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh-ed25519,ssh-ed25519-cert-v01@openssh.com,rsa-sha2-256,rsa-sha2-256-cert-v01@openssh.com,rsa-sha2-512,rsa-sha2-512-cert-v01@openssh.com,ssh-rsa,ssh-rsa-cert-v01@openssh.com -oPubkeyAcceptedKeyTypes=ecdsa-sha2-nistp256,ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521,ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh-ed25519,ssh-ed25519-cert-v01@openssh.com,rsa-sha2-256,rsa-sha2-256-cert-v01@openssh.com,rsa-sha2-512,rsa-sha2-512-cert-v01@openssh.com,ssh-rsa,ssh-rsa-cert-v01@openssh.com -oCASignatureAlgorithms=ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519,rsa-sha2-256,rsa-sha2-512,ssh-rsa
(root,49208,3328,00:00:00/12-11:04:11,1756) /usr/sbin/xinetd -stayalive -pidfile /var/run/xinetd.pid
(root,314972,4036,00:00:02/12-11:04:06,1774) /usr/sbin/gssproxy -D
(root,233820,3556,00:00:32/12-11:04:02,1844) /usr/sbin/crond -n
(root,24504,1440,00:00:00/12-11:04:02,1848) /usr/sbin/atd -f
(root,217772,856,00:00:00/12-11:04:00,1878) /sbin/agetty -o -p -- \u --noclear tty1 linux
(mysql,1920552,385480,00:50:59/12-11:04:00,1910) /usr/sbin/mariadbd
(root,0,0,00:00:00/12-11:03:59,1928) [ib-comp-wq]
(root,0,0,00:00:00/12-11:03:59,1929) [kworker/u9:0]
(root,0,0,00:00:00/12-11:03:59,1931) [ib-comp-unb-wq]
(root,0,0,00:00:00/12-11:03:59,1932) [ib_mcast]
(root,0,0,00:00:00/12-11:03:59,1933) [ib_nl_sa_wq]
(cpanelconnecttrack,23480,4772,00:46:45/12-11:03:54,1971) /usr/local/cpanel/3rdparty/sbin/p0f -i any -u cpanelconnecttrack -d -s /var/cpanel/userhomes/cpanelconnecttrack/p0f.socket less 400 and not dst port 80 and not dst port 443 and tcp[13] & 8==0
(root,336268,25996,00:04:23/12-11:03:50,2177) tailwatchd
(root,296612,9552,00:12:00/12-11:03:50,2178) cPhulkd - processor - dormant mode - accepting connections
(root,376420,39996,00:04:05/12-11:03:50,2179) cpdavd - accepting connections on: 2079, 2080, 2091, 2077, 2078
(root,296320,9508,00:01:16/12-11:03:50,2182) dnsadmin - dormant mode
(root,268092,5380,00:00:15/12-11:03:45,2256) cpanellogd - sleeping for logs
(rpcuser,43628,2680,00:00:00/12-08:16:59,31027) /usr/sbin/rpc.statd
(root,0,0,00:00:00/12-08:00:58,34212) [nfsiod]
(root,0,0,00:00:00/12-08:00:58,34222) [lockd]
(root,44608,4800,00:00:31/12-05:51:23,53842) /usr/sbin/dovecot -F -c /etc/dovecot/dovecot.conf
(dovenull,27496,7452,00:00:07/12-05:51:23,53843) dovecot/pop3-login
(dovenull,27568,7512,00:00:07/12-05:51:23,53844) dovecot/imap-login
(dovecot,10472,1248,00:00:04/12-05:51:23,53845) dovecot/anvil
(root,10732,2928,00:00:11/12-05:51:23,53846) dovecot/log
(dovenull,27528,7380,00:00:09/12-05:51:23,53847) dovecot/pop3-login
(dovenull,27720,7636,00:00:12/12-05:51:23,53848) dovecot/imap-login
(root,16520,5036,00:00:23/12-05:51:23,53850) dovecot/config
(dovecot,14232,3236,00:00:13/12-05:51:23,53851) dovecot/stats
(mailnull,88324,18504,00:01:21/12-05:51:22,53902) /usr/sbin/exim -ps -bd -q15m -oP /var/spool/exim/exim-daemon.pid
(root,239864,3524,00:00:03/12-02:58:02,79299) /usr/sbin/pure-authd -s /var/run/ftpd.sock -r /usr/local/cpanel/bin/pureauth
(root,240472,5836,00:00:05/12-02:58:02,79300) pure-ftpd (SERVER)
(root,0,0,00:00:00/11-22:55:20,114434) [dio/dm-0]
(root,89804,9524,00:00:19/11-06:55:35,252074) /usr/lib/systemd/systemd --user
(root,287460,3524,00:00:00/11-06:55:35,252075) (sd-pam)
(root,347080,34184,00:00:00/11-06:55:34,252093) /usr/local/cpanel/3rdparty/bin/perl /usr/local/cpanel/bin/backup
(root,4444,1656,00:01:01/11-06:54:43,252371) /usr/local/cpanel/bin/cpuwatch 3.5000 --report-fd 8 /usr/local/cpanel/bin/pkgacct moly24 /backup/2024-11-11/accounts backup
(root,377004,37660,6-10:15:54/11-06:54:43,252372) pkgacct - moly24 - av: 4
(root,334952,33928,00:01:50/08:55:27,792910) lfd - sleeping
(root,241052,8160,00:00:00/05:17:29,849176) ConfigServer Version Check
(root,217156,928,00:00:00/05:17:29,849181) sleep 20499
(root,211268,11644,00:00:01/03:09:13,883423) /usr/sbin/httpd -k start
(root,13912,2008,00:00:00/03:09:13,883424) /usr/local/cpanel/bin/splitlogs --dir=/etc/apache2/logs/domlogs --main=moly1.molygoshop.com --suffix=-bytes_log
(root,13912,2032,00:00:00/03:09:13,883425) /usr/local/cpanel/bin/splitlogs --dir=/etc/apache2/logs/domlogs --main=moly1.molygoshop.com --mainout=/etc/apache2/logs/access_log
(root,82168,15972,00:00:00/03:09:13,883426) /usr/local/cpanel/3rdparty/bin/perl /usr/local/cpanel/bin/leechprotect
(root,457660,24444,00:00:02/03:09:05,883539) php-fpm: master process (/opt/cpanel/ea-php81/root/etc/php-fpm.conf)
(root,301612,155304,00:00:14/03:06:46,884922) /usr/local/cpanel/3rdparty/perl/536/bin/perl -T -w /usr/local/cpanel/3rdparty/bin/spamd --allowed-ips=127.0.0.1,::1 --max-children=5 --pidfile=/var/run/spamd.pid --listen=5 --listen=6
(nobody,213208,12520,00:00:00/02:58:33,887171) /usr/sbin/httpd -k start
(nobody,213304,12508,00:00:00/02:58:31,887179) /usr/sbin/httpd -k start
(nobody,212848,11848,00:00:00/02:58:31,887184) /usr/sbin/httpd -k start
(nobody,212824,11956,00:00:00/02:58:30,887192) /usr/sbin/httpd -k start
(nobody,212852,12228,00:00:00/02:58:30,887193) /usr/sbin/httpd -k start
(nobody,213208,12384,00:00:00/02:58:30,887205) /usr/sbin/httpd -k start
(root,302884,147936,00:00:04/02:53:34,888500) spamd child
(root,301612,146224,00:00:00/02:53:34,888501) spamd child
(nobody,213260,12360,00:00:00/01:00:17,918009) /usr/sbin/httpd -k start
(root,0,0,00:00:00/40:54,923181) [kworker/u8:2-xprtiod]
(root,0,0,00:00:00/32:05,925521) [kworker/3:0-mm_percpu_wq]
(root,0,0,00:00:00/27:51,926670) [kworker/u8:3-xprtiod]
(nobody,212900,11928,00:00:00/20:31,928462) /usr/sbin/httpd -k start
(root,0,0,00:00:00/19:35,928728) [kworker/1:1-events]
(root,0,0,00:00:00/19:06,928871) [kworker/3:2-cgroup_destroy]
(root,0,0,00:00:00/17:55,929252) [kworker/u8:1-xprtiod]
(nobody,212900,11632,00:00:00/13:20,930221) /usr/sbin/httpd -k start
(nobody,212708,11356,00:00:00/12:56,930439) /usr/sbin/httpd -k start
(root,0,0,00:00:00/08:42,931420) [kworker/0:1-events]
(root,0,0,00:00:00/08:06,931574) [kworker/3:3-events]
(root,0,0,00:00:00/07:07,931938) [kworker/1:3-events]
(root,0,0,00:00:00/06:06,932158) [kworker/2:2-events]
(root,0,0,00:00:00/05:29,932257) [kworker/2:3-events]
(root,0,0,00:00:00/05:07,932398) [kworker/0:2-events]
(dovecot,37216,4052,00:00:00/02:55,932930) dovecot/auth
(root,0,0,00:00:00/00:34,933531) [kworker/1:0-kdmflush/253:2]
(root,0,0,00:00:00/00:11,933600) [cpsrvd (SSL) - ] <defunct>
(root,222732,3288,00:00:00/00:00,933825) /bin/bash /usr/bin/check_mk_agent
(root,42868,2272,00:00:00/00:00,933843) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000
(root,17756,1244,00:00:00/00:00,933844) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) /
(root,410228,12576,00:00:39/6-03:10:19,2727590) php-fpm: master process (/usr/local/cpanel/etc/php-fpm.conf)
(wp-toolkit,508148,50268,00:00:30/6-03:10:19,2727617) /usr/bin/sw-engine /usr/local/cpanel/3rdparty/wp-toolkit/bin/run-script scheduled-tasks-executor.php
(wp-toolkit,524708,66824,00:07:06/6-03:10:18,2727638) /usr/bin/sw-engine /usr/local/cpanel/3rdparty/wp-toolkit/bin/run-script background-tasks-executor.php
(root,565512,42400,00:00:15/6-03:10:17,2727690) sw-engine-fpm: master process (/etc/sw-engine/sw-engine-fpm.conf)
(root,0,0,00:00:00/3-10:43:55,3815931) [kworker/0:2H-kblockd]

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: ens18: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP mode DEFAULT group default qlen 1000
    link/ether 86:26:7e:9b:5a:f9 brd ff:ff:ff:ff:ff:ff
    altname enp0s18
3: ens19: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP mode DEFAULT group default qlen 1000
    link/ether 46:26:9b:9b:f9:21 brd ff:ff:ff:ff:ff:ff
    altname enp0s19
[end_iplink]
      Found on 2024-11-22 00:55

    • Severity: high
      Fingerprint: 03cb82e6f6a6b45342c4bbcb4b4d50b5e9848d861f366845ea9ad32867199f97

      Found public CheckMk agent:
Version: 1.4.0p30
AgentOS: linux
Hostname: moly1.molygoshop.com
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local

Found process list through CheckMk:
(root,239112,11684,00:40:36/11-02:43:11,1) /usr/lib/systemd/systemd --switched-root --system --deserialize 18
(root,0,0,00:00:01/11-02:43:11,2) [kthreadd]
(root,0,0,00:00:00/11-02:43:11,3) [rcu_gp]
(root,0,0,00:00:00/11-02:43:11,4) [rcu_par_gp]
(root,0,0,00:00:00/11-02:43:11,5) [slub_flushwq]
(root,0,0,00:00:00/11-02:43:11,9) [mm_percpu_wq]
(root,0,0,00:00:00/11-02:43:11,10) [rcu_tasks_rude_]
(root,0,0,00:00:00/11-02:43:11,11) [rcu_tasks_trace]
(root,0,0,00:00:29/11-02:43:11,12) [ksoftirqd/0]
(root,0,0,00:15:08/11-02:43:11,13) [rcu_sched]
(root,0,0,00:00:04/11-02:43:11,14) [migration/0]
(root,0,0,00:00:08/11-02:43:11,15) [watchdog/0]
(root,0,0,00:00:00/11-02:43:11,16) [cpuhp/0]
(root,0,0,00:00:00/11-02:43:11,17) [cpuhp/1]
(root,0,0,00:00:20/11-02:43:11,18) [watchdog/1]
(root,0,0,00:00:04/11-02:43:11,19) [migration/1]
(root,0,0,00:00:24/11-02:43:11,20) [ksoftirqd/1]
(root,0,0,00:00:00/11-02:43:11,22) [kworker/1:0H-events_highpri]
(root,0,0,00:00:00/11-02:43:11,23) [cpuhp/2]
(root,0,0,00:00:09/11-02:43:11,24) [watchdog/2]
(root,0,0,00:00:05/11-02:43:11,25) [migration/2]
(root,0,0,00:00:38/11-02:43:11,26) [ksoftirqd/2]
(root,0,0,00:00:00/11-02:43:11,28) [kworker/2:0H-events_highpri]
(root,0,0,00:00:00/11-02:43:11,29) [cpuhp/3]
(root,0,0,00:00:20/11-02:43:11,30) [watchdog/3]
(root,0,0,00:00:05/11-02:43:11,31) [migration/3]
(root,0,0,00:00:21/11-02:43:11,32) [ksoftirqd/3]
(root,0,0,00:00:00/11-02:43:11,34) [kworker/3:0H-events_highpri]
(root,0,0,00:00:00/11-02:43:11,39) [kdevtmpfs]
(root,0,0,00:00:00/11-02:43:11,40) [netns]
(root,0,0,00:00:06/11-02:43:11,41) [kauditd]
(root,0,0,00:00:03/11-02:43:11,43) [khungtaskd]
(root,0,0,00:00:00/11-02:43:11,44) [oom_reaper]
(root,0,0,00:00:00/11-02:43:11,45) [writeback]
(root,0,0,00:00:00/11-02:43:11,46) [kcompactd0]
(root,0,0,00:00:00/11-02:43:11,47) [ksmd]
(root,0,0,00:03:05/11-02:43:11,48) [khugepaged]
(root,0,0,00:00:00/11-02:43:11,49) [crypto]
(root,0,0,00:00:00/11-02:43:11,50) [kintegrityd]
(root,0,0,00:00:00/11-02:43:11,51) [kblockd]
(root,0,0,00:00:00/11-02:43:11,52) [blkcg_punt_bio]
(root,0,0,00:00:00/11-02:43:11,54) [tpm_dev_wq]
(root,0,0,00:00:00/11-02:43:11,55) [md]
(root,0,0,00:00:00/11-02:43:11,56) [md_bitmap]
(root,0,0,00:00:00/11-02:43:11,57) [edac-poller]
(root,0,0,00:00:00/11-02:43:11,58) [watchdogd]
(root,0,0,00:04:14/11-02:43:11,61) [kworker/2:1H-kblockd]
(root,0,0,00:00:00/11-02:43:10,64) [kswapd0]
(root,0,0,00:00:00/11-02:43:10,125) [kthrotld]
(root,0,0,00:00:00/11-02:43:10,126) [acpi_thermal_pm]
(root,0,0,00:00:00/11-02:43:10,127) [kmpath_rdacd]
(root,0,0,00:00:00/11-02:43:10,128) [kaluad]
(root,0,0,00:00:00/11-02:43:10,129) [ipv6_addrconf]
(root,0,0,00:00:00/11-02:43:10,130) [kstrp]
(root,0,0,00:00:00/11-02:43:10,131) [zswap-shrink]
(root,0,0,00:04:31/11-02:43:10,146) [kworker/3:1H-kblockd]
(root,0,0,00:08:56/11-02:43:10,175) [kworker/0:1H-kblockd]
(root,0,0,00:05:52/11-02:43:10,176) [kworker/1:1H-xfs-log/dm-0]
(root,0,0,00:00:00/11-02:43:08,353) [ata_sff]
(root,0,0,00:00:16/11-02:43:08,354) [scsi_eh_0]
(root,0,0,00:00:00/11-02:43:08,355) [scsi_tmf_0]
(root,0,0,00:00:00/11-02:43:08,356) [scsi_eh_1]
(root,0,0,00:00:00/11-02:43:08,357) [scsi_tmf_1]
(root,0,0,00:00:00/11-02:43:08,363) [ttm]
(root,0,0,00:00:00/11-02:43:07,434) [kdmflush/253:0]
(root,0,0,00:00:00/11-02:43:07,443) [kdmflush/253:1]
(root,0,0,00:00:00/11-02:43:06,471) [xfsalloc]
(root,0,0,00:00:00/11-02:43:06,473) [xfs_mru_cache]
(root,0,0,00:00:00/11-02:43:06,474) [xfs-buf/dm-0]
(root,0,0,00:00:00/11-02:43:06,475) [xfs-conv/dm-0]
(root,0,0,00:00:00/11-02:43:06,476) [xfs-cil/dm-0]
(root,0,0,00:00:00/11-02:43:06,477) [xfs-reclaim/dm-]
(root,0,0,00:00:00/11-02:43:06,478) [xfs-blockgc/dm-]
(root,0,0,00:00:00/11-02:43:06,479) [xfs-log/dm-0]
(root,0,0,00:04:41/11-02:43:06,480) [xfsaild/dm-0]
(root,110548,18964,00:09:05/11-02:42:30,575) /usr/lib/systemd/systemd-journald
(root,0,0,00:00:00/11-02:42:27,616) [xfs-buf/sda1]
(root,0,0,00:00:00/11-02:42:27,617) [xfs-conv/sda1]
(root,0,0,00:00:00/11-02:42:27,618) [xfs-cil/sda1]
(root,0,0,00:00:00/11-02:42:27,619) [xfs-reclaim/sda]
(root,0,0,00:00:00/11-02:42:27,620) [xfs-blockgc/sda]
(root,0,0,00:00:00/11-02:42:27,621) [xfs-log/sda1]
(root,0,0,00:00:00/11-02:42:27,622) [xfsaild/sda1]
(root,97516,8936,00:50:44/11-02:42:26,624) /usr/lib/systemd/systemd-udevd
(root,0,0,00:00:00/11-02:42:22,680) [kdmflush/253:2]
(root,0,0,00:00:00/11-02:42:22,688) [xfs-buf/dm-2]
(root,0,0,00:00:00/11-02:42:22,689) [xfs-conv/dm-2]
(root,0,0,00:00:00/11-02:42:22,690) [xfs-cil/dm-2]
(root,0,0,00:00:00/11-02:42:22,691) [xfs-reclaim/dm-]
(root,0,0,00:00:00/11-02:42:22,692) [xfs-blockgc/dm-]
(root,0,0,00:00:00/11-02:42:22,693) [xfs-log/dm-2]
(root,0,0,00:00:48/11-02:42:22,694) [xfsaild/dm-2]
(rpc,67428,5660,00:00:04/11-02:42:05,718) /usr/bin/rpcbind -w -f
(root,0,0,00:00:00/11-02:42:05,720) [rpciod]
(root,0,0,00:00:00/11-02:42:05,721) [xprtiod]
(root,57392,2276,00:00:46/11-02:42:05,724) /sbin/auditd
(dbus,56632,5560,00:04:51/11-02:42:01,772) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
(nscd,1030468,4184,00:02:44/11-02:42:01,773) /usr/sbin/nscd
(root,125068,5364,00:01:04/11-02:42:01,775) /usr/sbin/irqbalance --foreground
(root,319192,20752,00:03:02/11-02:42:01,776) queueprocd - waiting up to 60s to process a task
(root,50776,6132,00:00:01/11-02:42:01,777) /usr/sbin/smartd -n -q never
(root,80280,7852,00:02:18/11-02:42:00,785) /usr/lib/systemd/systemd-logind
(chrony,140188,4408,00:00:12/11-02:41:57,801) /usr/sbin/chronyd
(root,0,0,00:00:27/11-02:41:37,1136) [loop0]
(root,0,0,00:00:08/11-02:41:36,1142) [jbd2/loop0-8]
(root,0,0,00:00:00/11-02:41:36,1143) [ext4-rsv-conver]
(named,1244672,64812,00:03:08/11-02:41:27,1724) /usr/sbin/pdns_server --socket-dir=/run/pdns --guardian=no --daemon=no --disable-syslog --log-timestamp=no --write-pid=no
(root,488128,17968,00:08:52/11-02:41:27,1726) /usr/sbin/rsyslogd -n
(root,297252,10280,00:17:30/11-02:41:27,1729) cpsrvd (SSL) - dormant mode - accepting connections
(root,75028,7568,00:00:39/11-02:41:25,1741) /usr/sbin/sshd -D -oCiphers=aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes256-ctr,aes256-cbc,aes128-gcm@openssh.com,aes128-ctr,aes128-cbc -oMACs=hmac-sha2-256-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha1,umac-128@openssh.com,hmac-sha2-512 -oGSSAPIKexAlgorithms=gss-curve25519-sha256-,gss-nistp256-sha256-,gss-group14-sha256-,gss-group16-sha512-,gss-gex-sha1-,gss-group14-sha1- -oKexAlgorithms=curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1 -oHostKeyAlgorithms=ecdsa-sha2-nistp256,ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521,ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh-ed25519,ssh-ed25519-cert-v01@openssh.com,rsa-sha2-256,rsa-sha2-256-cert-v01@openssh.com,rsa-sha2-512,rsa-sha2-512-cert-v01@openssh.com,ssh-rsa,ssh-rsa-cert-v01@openssh.com -oPubkeyAcceptedKeyTypes=ecdsa-sha2-nistp256,ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521,ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh-ed25519,ssh-ed25519-cert-v01@openssh.com,rsa-sha2-256,rsa-sha2-256-cert-v01@openssh.com,rsa-sha2-512,rsa-sha2-512-cert-v01@openssh.com,ssh-rsa,ssh-rsa-cert-v01@openssh.com -oCASignatureAlgorithms=ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519,rsa-sha2-256,rsa-sha2-512,ssh-rsa
(root,49208,3328,00:00:00/11-02:41:25,1756) /usr/sbin/xinetd -stayalive -pidfile /var/run/xinetd.pid
(root,314972,4036,00:00:02/11-02:41:20,1774) /usr/sbin/gssproxy -D
(root,233820,3556,00:00:29/11-02:41:16,1844) /usr/sbin/crond -n
(root,24504,1440,00:00:00/11-02:41:16,1848) /usr/sbin/atd -f
(root,217772,856,00:00:00/11-02:41:14,1878) /sbin/agetty -o -p -- \u --noclear tty1 linux
(mysql,1919952,384996,00:45:32/11-02:41:14,1910) /usr/sbin/mariadbd
(root,0,0,00:00:00/11-02:41:13,1928) [ib-comp-wq]
(root,0,0,00:00:00/11-02:41:13,1929) [kworker/u9:0]
(root,0,0,00:00:00/11-02:41:13,1931) [ib-comp-unb-wq]
(root,0,0,00:00:00/11-02:41:13,1932) [ib_mcast]
(root,0,0,00:00:00/11-02:41:13,1933) [ib_nl_sa_wq]
(cpanelconnecttrack,23480,4772,00:42:13/11-02:41:08,1971) /usr/local/cpanel/3rdparty/sbin/p0f -i any -u cpanelconnecttrack -d -s /var/cpanel/userhomes/cpanelconnecttrack/p0f.socket less 400 and not dst port 80 and not dst port 443 and tcp[13] & 8==0
(root,337268,27148,00:04:02/11-02:41:04,2177) tailwatchd
(root,296612,9580,00:10:46/11-02:41:04,2178) cPhulkd - processor - dormant mode - accepting connections
(root,312864,13084,00:03:37/11-02:41:04,2179) cpdavd - accepting connections on: 2079, 2080, 2091, 2077, 2078 (dormant)
(root,296320,9544,00:01:08/11-02:41:04,2182) dnsadmin - dormant mode
(root,268092,5380,00:00:14/11-02:40:59,2256) cpanellogd - sleeping for logs
(rpcuser,43628,2680,00:00:00/10-23:54:13,31027) /usr/sbin/rpc.statd
(root,0,0,00:00:00/10-23:38:12,34212) [nfsiod]
(root,0,0,00:00:00/10-23:38:12,34222) [lockd]
(root,44608,4800,00:00:28/10-21:28:37,53842) /usr/sbin/dovecot -F -c /etc/dovecot/dovecot.conf
(dovenull,27496,7452,00:00:06/10-21:28:37,53843) dovecot/pop3-login
(dovenull,27568,7512,00:00:06/10-21:28:37,53844) dovecot/imap-login
(dovecot,10472,1248,00:00:04/10-21:28:37,53845) dovecot/anvil
(root,10732,2928,00:00:10/10-21:28:37,53846) dovecot/log
(dovenull,27528,7380,00:00:08/10-21:28:37,53847) dovecot/pop3-login
(dovenull,27664,7600,00:00:10/10-21:28:37,53848) dovecot/imap-login
(root,16520,5036,00:00:20/10-21:28:37,53850) dovecot/config
(dovecot,14232,3236,00:00:12/10-21:28:37,53851) dovecot/stats
(mailnull,88324,18504,00:01:16/10-21:28:36,53902) /usr/sbin/exim -ps -bd -q15m -oP /var/spool/exim/exim-daemon.pid
(root,211268,11480,00:01:40/10-21:28:34,53953) /usr/sbin/httpd -k start
(root,13912,1912,00:00:08/10-21:28:34,53954) /usr/local/cpanel/bin/splitlogs --dir=/etc/apache2/logs/domlogs --main=moly1.molygoshop.com --suffix=-bytes_log
(root,14040,3488,00:00:08/10-21:28:34,53955) /usr/local/cpanel/bin/splitlogs --dir=/etc/apache2/logs/domlogs --main=moly1.molygoshop.com --mainout=/etc/apache2/logs/access_log
(root,82088,16072,00:00:00/10-21:28:34,53956) /usr/local/cpanel/3rdparty/bin/perl /usr/local/cpanel/bin/leechprotect
(root,239864,3524,00:00:03/10-18:35:16,79299) /usr/sbin/pure-authd -s /var/run/ftpd.sock -r /usr/local/cpanel/bin/pureauth
(root,240472,5836,00:00:04/10-18:35:16,79300) pure-ftpd (SERVER)
(root,0,0,00:00:00/10-14:32:34,114434) [dio/dm-0]
(root,301380,155220,00:00:33/18:46:20,123680) /usr/local/cpanel/3rdparty/perl/536/bin/perl -T -w /usr/local/cpanel/3rdparty/bin/spamd --allowed-ips=127.0.0.1,::1 --max-children=5 --pidfile=/var/run/spamd.pid --listen=5 --listen=6
(root,302636,147756,00:00:03/18:35:58,126430) spamd child
(root,89804,9524,00:00:17/9-22:32:49,252074) /usr/lib/systemd/systemd --user
(root,287460,3524,00:00:00/9-22:32:49,252075) (sd-pam)
(root,347080,34184,00:00:00/9-22:32:48,252093) /usr/local/cpanel/3rdparty/bin/perl /usr/local/cpanel/bin/backup
(root,4444,1656,00:00:54/9-22:31:57,252371) /usr/local/cpanel/bin/cpuwatch 3.5000 --report-fd 8 /usr/local/cpanel/bin/pkgacct moly24 /backup/2024-11-11/accounts backup
(root,377004,37660,5-11:06:49/9-22:31:57,252372) pkgacct - moly24 - av: 4
(nobody,212852,12680,00:00:00/05:42:49,326347) /usr/sbin/httpd -k start
(nobody,213088,13012,00:00:00/04:45:31,342261) /usr/sbin/httpd -k start
(nobody,212976,12732,00:00:00/04:45:30,342281) /usr/sbin/httpd -k start
(nobody,212936,12864,00:00:00/04:45:30,342284) /usr/sbin/httpd -k start
(nobody,212840,12668,00:00:00/04:45:30,342286) /usr/sbin/httpd -k start
(nobody,213224,13012,00:00:00/03:56:59,356130) /usr/sbin/httpd -k start
(nobody,213220,13008,00:00:00/02:53:11,374495) /usr/sbin/httpd -k start
(nobody,213072,12896,00:00:00/02:04:48,387498) /usr/sbin/httpd -k start
(nobody,212900,12836,00:00:00/02:04:21,387666) /usr/sbin/httpd -k start
(root,0,0,00:00:00/01:57:54,389324) [kworker/u8:3-xprtiod]
(root,301380,146144,00:00:00/01:56:25,389722) spamd child
(nobody,213076,12488,00:00:00/01:40:25,394029) /usr/sbin/httpd -k start
(root,0,0,00:00:00/45:22,408585) [kworker/u8:2-xprtiod]
(root,0,0,00:00:00/42:40,409153) [kworker/1:1-cgroup_pidlist_destroy]
(root,334948,33944,00:00:07/32:41,411767) lfd - sleeping
(root,0,0,00:00:00/23:49,413996) [kworker/0:1-events_power_efficient]
(root,0,0,00:00:00/22:39,414412) [kworker/3:2-events]
(root,0,0,00:00:00/22:22,414529) [kworker/2:3-events]
(root,0,0,00:00:00/14:22,416540) [kworker/2:1-cgroup_destroy]
(root,0,0,00:00:00/13:58,416594) [kworker/u8:0-xprtiod]
(root,0,0,00:00:00/13:21,416761) [kworker/3:3-cgroup_destroy]
(root,0,0,00:00:00/11:22,417396) [kworker/0:0-cgroup_pidlist_destroy]
(root,0,0,00:00:00/10:15,417639) [kworker/1:2-events]
(root,0,0,00:00:00/08:22,418088) [kworker/1:3-cgroup_pidlist_destroy]
(root,0,0,00:00:00/05:22,418940) [kworker/0:3-events]
(root,0,0,00:00:00/04:22,419168) [kworker/3:0-cgroup_pidlist_destroy]
(root,0,0,00:00:00/04:22,419169) [kworker/3:1-cgroup_destroy]
(root,0,0,00:00:00/02:43,419505) [kworker/2:0-cgroup_pidlist_destroy]
(root,0,0,00:00:00/02:43,419506) [kworker/2:2-cgroup_pidlist_destroy]
(dovecot,37216,4024,00:00:00/02:30,419579) dovecot/auth
(root,0,0,00:00:00/00:14,420325) [kworker/1:0-events]
(root,222732,3224,00:00:00/00:00,420420) /bin/bash /usr/bin/check_mk_agent
(root,42868,2220,00:00:00/00:00,420438) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000
(root,17756,1340,00:00:00/00:00,420439) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) /
(root,410228,12576,00:00:30/4-18:47:33,2727590) php-fpm: master process (/usr/local/cpanel/etc/php-fpm.conf)
(wp-toolkit,508148,50268,00:00:24/4-18:47:33,2727617) /usr/bin/sw-engine /usr/local/cpanel/3rdparty/wp-toolkit/bin/run-script scheduled-tasks-executor.php
(wp-toolkit,524708,66824,00:05:34/4-18:47:32,2727638) /usr/bin/sw-engine /usr/local/cpanel/3rdparty/wp-toolkit/bin/run-script background-tasks-executor.php
(root,457660,24688,00:01:31/4-18:47:31,2727663) php-fpm: master process (/opt/cpanel/ea-php81/root/etc/php-fpm.conf)
(root,565512,42400,00:00:11/4-18:47:31,2727690) sw-engine-fpm: master process (/etc/sw-engine/sw-engine-fpm.conf)
(root,0,0,00:00:00/2-02:21:09,3815931) [kworker/0:2H-kblockd]

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: ens18: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP mode DEFAULT group default qlen 1000
    link/ether 86:26:7e:9b:5a:f9 brd ff:ff:ff:ff:ff:ff
    altname enp0s18
3: ens19: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP mode DEFAULT group default qlen 1000
    link/ether 46:26:9b:9b:f9:21 brd ff:ff:ff:ff:ff:ff
    altname enp0s19
[end_iplink]
      Found on 2024-11-20 16:32

    • Severity: high
      Fingerprint: 03cb82e6f6a6b45342c4bbcb4b4d50b5e9848d861f366845ea9ad328bc467954

      Found public CheckMk agent:
Version: 1.4.0p30
AgentOS: linux
Hostname: moly1.molygoshop.com
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local

Found process list through CheckMk:
(root,239112,11684,00:38:28/10-11:52:10,1) /usr/lib/systemd/systemd --switched-root --system --deserialize 18
(root,0,0,00:00:01/10-11:52:10,2) [kthreadd]
(root,0,0,00:00:00/10-11:52:10,3) [rcu_gp]
(root,0,0,00:00:00/10-11:52:10,4) [rcu_par_gp]
(root,0,0,00:00:00/10-11:52:10,5) [slub_flushwq]
(root,0,0,00:00:00/10-11:52:10,9) [mm_percpu_wq]
(root,0,0,00:00:00/10-11:52:10,10) [rcu_tasks_rude_]
(root,0,0,00:00:00/10-11:52:10,11) [rcu_tasks_trace]
(root,0,0,00:00:27/10-11:52:10,12) [ksoftirqd/0]
(root,0,0,00:14:22/10-11:52:10,13) [rcu_sched]
(root,0,0,00:00:04/10-11:52:10,14) [migration/0]
(root,0,0,00:00:07/10-11:52:10,15) [watchdog/0]
(root,0,0,00:00:00/10-11:52:10,16) [cpuhp/0]
(root,0,0,00:00:00/10-11:52:10,17) [cpuhp/1]
(root,0,0,00:00:19/10-11:52:10,18) [watchdog/1]
(root,0,0,00:00:04/10-11:52:10,19) [migration/1]
(root,0,0,00:00:22/10-11:52:10,20) [ksoftirqd/1]
(root,0,0,00:00:00/10-11:52:10,22) [kworker/1:0H-events_highpri]
(root,0,0,00:00:00/10-11:52:10,23) [cpuhp/2]
(root,0,0,00:00:09/10-11:52:10,24) [watchdog/2]
(root,0,0,00:00:05/10-11:52:10,25) [migration/2]
(root,0,0,00:00:36/10-11:52:10,26) [ksoftirqd/2]
(root,0,0,00:00:00/10-11:52:10,28) [kworker/2:0H-events_highpri]
(root,0,0,00:00:00/10-11:52:10,29) [cpuhp/3]
(root,0,0,00:00:18/10-11:52:10,30) [watchdog/3]
(root,0,0,00:00:04/10-11:52:10,31) [migration/3]
(root,0,0,00:00:20/10-11:52:10,32) [ksoftirqd/3]
(root,0,0,00:00:00/10-11:52:10,34) [kworker/3:0H-events_highpri]
(root,0,0,00:00:00/10-11:52:10,39) [kdevtmpfs]
(root,0,0,00:00:00/10-11:52:10,40) [netns]
(root,0,0,00:00:06/10-11:52:10,41) [kauditd]
(root,0,0,00:00:03/10-11:52:10,43) [khungtaskd]
(root,0,0,00:00:00/10-11:52:10,44) [oom_reaper]
(root,0,0,00:00:00/10-11:52:10,45) [writeback]
(root,0,0,00:00:00/10-11:52:10,46) [kcompactd0]
(root,0,0,00:00:00/10-11:52:10,47) [ksmd]
(root,0,0,00:02:57/10-11:52:10,48) [khugepaged]
(root,0,0,00:00:00/10-11:52:10,49) [crypto]
(root,0,0,00:00:00/10-11:52:10,50) [kintegrityd]
(root,0,0,00:00:00/10-11:52:10,51) [kblockd]
(root,0,0,00:00:00/10-11:52:10,52) [blkcg_punt_bio]
(root,0,0,00:00:00/10-11:52:10,54) [tpm_dev_wq]
(root,0,0,00:00:00/10-11:52:10,55) [md]
(root,0,0,00:00:00/10-11:52:10,56) [md_bitmap]
(root,0,0,00:00:00/10-11:52:10,57) [edac-poller]
(root,0,0,00:00:00/10-11:52:10,58) [watchdogd]
(root,0,0,00:04:01/10-11:52:10,61) [kworker/2:1H-kblockd]
(root,0,0,00:00:00/10-11:52:09,64) [kswapd0]
(root,0,0,00:00:00/10-11:52:09,125) [kthrotld]
(root,0,0,00:00:00/10-11:52:09,126) [acpi_thermal_pm]
(root,0,0,00:00:00/10-11:52:09,127) [kmpath_rdacd]
(root,0,0,00:00:00/10-11:52:09,128) [kaluad]
(root,0,0,00:00:00/10-11:52:09,129) [ipv6_addrconf]
(root,0,0,00:00:00/10-11:52:09,130) [kstrp]
(root,0,0,00:00:00/10-11:52:09,131) [zswap-shrink]
(root,0,0,00:04:20/10-11:52:09,146) [kworker/3:1H-kblockd]
(root,0,0,00:08:26/10-11:52:09,175) [kworker/0:1H-kblockd]
(root,0,0,00:05:33/10-11:52:09,176) [kworker/1:1H-kblockd]
(root,0,0,00:00:00/10-11:52:07,353) [ata_sff]
(root,0,0,00:00:16/10-11:52:07,354) [scsi_eh_0]
(root,0,0,00:00:00/10-11:52:07,355) [scsi_tmf_0]
(root,0,0,00:00:00/10-11:52:07,356) [scsi_eh_1]
(root,0,0,00:00:00/10-11:52:07,357) [scsi_tmf_1]
(root,0,0,00:00:00/10-11:52:07,363) [ttm]
(root,0,0,00:00:00/10-11:52:06,434) [kdmflush/253:0]
(root,0,0,00:00:00/10-11:52:06,443) [kdmflush/253:1]
(root,0,0,00:00:00/10-11:52:05,471) [xfsalloc]
(root,0,0,00:00:00/10-11:52:05,473) [xfs_mru_cache]
(root,0,0,00:00:00/10-11:52:05,474) [xfs-buf/dm-0]
(root,0,0,00:00:00/10-11:52:05,475) [xfs-conv/dm-0]
(root,0,0,00:00:00/10-11:52:05,476) [xfs-cil/dm-0]
(root,0,0,00:00:00/10-11:52:05,477) [xfs-reclaim/dm-]
(root,0,0,00:00:00/10-11:52:05,478) [xfs-blockgc/dm-]
(root,0,0,00:00:00/10-11:52:05,479) [xfs-log/dm-0]
(root,0,0,00:04:27/10-11:52:05,480) [xfsaild/dm-0]
(root,192288,82984,00:08:34/10-11:51:29,575) /usr/lib/systemd/systemd-journald
(root,0,0,00:00:00/10-11:51:26,616) [xfs-buf/sda1]
(root,0,0,00:00:00/10-11:51:26,617) [xfs-conv/sda1]
(root,0,0,00:00:00/10-11:51:26,618) [xfs-cil/sda1]
(root,0,0,00:00:00/10-11:51:26,619) [xfs-reclaim/sda]
(root,0,0,00:00:00/10-11:51:26,620) [xfs-blockgc/sda]
(root,0,0,00:00:00/10-11:51:26,621) [xfs-log/sda1]
(root,0,0,00:00:00/10-11:51:26,622) [xfsaild/sda1]
(root,97516,8936,00:48:52/10-11:51:25,624) /usr/lib/systemd/systemd-udevd
(root,0,0,00:00:00/10-11:51:21,680) [kdmflush/253:2]
(root,0,0,00:00:00/10-11:51:21,688) [xfs-buf/dm-2]
(root,0,0,00:00:00/10-11:51:21,689) [xfs-conv/dm-2]
(root,0,0,00:00:00/10-11:51:21,690) [xfs-cil/dm-2]
(root,0,0,00:00:00/10-11:51:21,691) [xfs-reclaim/dm-]
(root,0,0,00:00:00/10-11:51:21,692) [xfs-blockgc/dm-]
(root,0,0,00:00:00/10-11:51:21,693) [xfs-log/dm-2]
(root,0,0,00:00:45/10-11:51:21,694) [xfsaild/dm-2]
(rpc,67428,5660,00:00:04/10-11:51:04,718) /usr/bin/rpcbind -w -f
(root,0,0,00:00:00/10-11:51:04,720) [rpciod]
(root,0,0,00:00:00/10-11:51:04,721) [xprtiod]
(root,57392,2276,00:00:44/10-11:51:04,724) /sbin/auditd
(dbus,56632,5560,00:04:35/10-11:51:00,772) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
(nscd,1030468,4184,00:02:36/10-11:51:00,773) /usr/sbin/nscd
(root,125068,5364,00:01:01/10-11:51:00,775) /usr/sbin/irqbalance --foreground
(root,319192,20752,00:02:53/10-11:51:00,776) queueprocd - waiting up to 60s to process a task
(root,50776,6132,00:00:01/10-11:51:00,777) /usr/sbin/smartd -n -q never
(root,80280,7852,00:02:11/10-11:50:59,785) /usr/lib/systemd/systemd-logind
(chrony,140188,4408,00:00:12/10-11:50:56,801) /usr/sbin/chronyd
(root,0,0,00:00:25/10-11:50:36,1136) [loop0]
(root,0,0,00:00:07/10-11:50:35,1142) [jbd2/loop0-8]
(root,0,0,00:00:00/10-11:50:35,1143) [ext4-rsv-conver]
(named,1244672,64812,00:02:58/10-11:50:26,1724) /usr/sbin/pdns_server --socket-dir=/run/pdns --guardian=no --daemon=no --disable-syslog --log-timestamp=no --write-pid=no
(root,516816,31312,00:08:20/10-11:50:26,1726) /usr/sbin/rsyslogd -n
(root,297252,10148,00:16:37/10-11:50:26,1729) cpsrvd (SSL) - dormant mode - accepting connections
(root,75028,7568,00:00:37/10-11:50:24,1741) /usr/sbin/sshd -D -oCiphers=aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes256-ctr,aes256-cbc,aes128-gcm@openssh.com,aes128-ctr,aes128-cbc -oMACs=hmac-sha2-256-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha1,umac-128@openssh.com,hmac-sha2-512 -oGSSAPIKexAlgorithms=gss-curve25519-sha256-,gss-nistp256-sha256-,gss-group14-sha256-,gss-group16-sha512-,gss-gex-sha1-,gss-group14-sha1- -oKexAlgorithms=curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1 -oHostKeyAlgorithms=ecdsa-sha2-nistp256,ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521,ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh-ed25519,ssh-ed25519-cert-v01@openssh.com,rsa-sha2-256,rsa-sha2-256-cert-v01@openssh.com,rsa-sha2-512,rsa-sha2-512-cert-v01@openssh.com,ssh-rsa,ssh-rsa-cert-v01@openssh.com -oPubkeyAcceptedKeyTypes=ecdsa-sha2-nistp256,ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521,ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh-ed25519,ssh-ed25519-cert-v01@openssh.com,rsa-sha2-256,rsa-sha2-256-cert-v01@openssh.com,rsa-sha2-512,rsa-sha2-512-cert-v01@openssh.com,ssh-rsa,ssh-rsa-cert-v01@openssh.com -oCASignatureAlgorithms=ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519,rsa-sha2-256,rsa-sha2-512,ssh-rsa
(root,49208,3328,00:00:00/10-11:50:24,1756) /usr/sbin/xinetd -stayalive -pidfile /var/run/xinetd.pid
(root,314972,4036,00:00:02/10-11:50:19,1774) /usr/sbin/gssproxy -D
(root,233820,3556,00:00:27/10-11:50:15,1844) /usr/sbin/crond -n
(root,24504,1440,00:00:00/10-11:50:15,1848) /usr/sbin/atd -f
(root,217772,856,00:00:00/10-11:50:13,1878) /sbin/agetty -o -p -- \u --noclear tty1 linux
(mysql,1920852,385096,00:42:30/10-11:50:13,1910) /usr/sbin/mariadbd
(root,0,0,00:00:00/10-11:50:12,1928) [ib-comp-wq]
(root,0,0,00:00:00/10-11:50:12,1929) [kworker/u9:0]
(root,0,0,00:00:00/10-11:50:12,1931) [ib-comp-unb-wq]
(root,0,0,00:00:00/10-11:50:12,1932) [ib_mcast]
(root,0,0,00:00:00/10-11:50:12,1933) [ib_nl_sa_wq]
(cpanelconnecttrack,23480,4772,00:40:04/10-11:50:07,1971) /usr/local/cpanel/3rdparty/sbin/p0f -i any -u cpanelconnecttrack -d -s /var/cpanel/userhomes/cpanelconnecttrack/p0f.socket less 400 and not dst port 80 and not dst port 443 and tcp[13] & 8==0
(root,337268,27148,00:03:51/10-11:50:03,2177) tailwatchd
(root,296612,9548,00:10:12/10-11:50:03,2178) cPhulkd - processor - dormant mode - accepting connections
(root,376440,40016,00:03:25/10-11:50:03,2179) cpdavd - accepting connections on: 2079, 2080, 2091, 2077, 2078
(root,296320,9544,00:01:05/10-11:50:03,2182) dnsadmin - dormant mode
(root,268092,5380,00:00:13/10-11:49:58,2256) cpanellogd - sleeping for logs
(rpcuser,43628,2680,00:00:00/10-09:03:12,31027) /usr/sbin/rpc.statd
(root,334992,33868,00:01:53/09:41:40,31979) lfd - sleeping
(root,0,0,00:00:00/10-08:47:11,34212) [nfsiod]
(root,0,0,00:00:00/10-08:47:11,34222) [lockd]
(nobody,213060,13000,00:00:02/08:23:50,52779) /usr/sbin/httpd -k start
(root,44608,4800,00:00:27/10-06:37:36,53842) /usr/sbin/dovecot -F -c /etc/dovecot/dovecot.conf
(dovenull,27496,7452,00:00:06/10-06:37:36,53843) dovecot/pop3-login
(dovenull,27568,7512,00:00:06/10-06:37:36,53844) dovecot/imap-login
(dovecot,10472,1248,00:00:03/10-06:37:36,53845) dovecot/anvil
(root,10732,2928,00:00:09/10-06:37:36,53846) dovecot/log
(dovenull,27528,7380,00:00:08/10-06:37:36,53847) dovecot/pop3-login
(dovenull,27532,7600,00:00:10/10-06:37:36,53848) dovecot/imap-login
(root,16520,5036,00:00:19/10-06:37:36,53850) dovecot/config
(dovecot,14232,3236,00:00:11/10-06:37:36,53851) dovecot/stats
(mailnull,88324,18504,00:01:13/10-06:37:35,53902) /usr/sbin/exim -ps -bd -q15m -oP /var/spool/exim/exim-daemon.pid
(root,211268,11480,00:01:34/10-06:37:33,53953) /usr/sbin/httpd -k start
(root,13912,1912,00:00:07/10-06:37:33,53954) /usr/local/cpanel/bin/splitlogs --dir=/etc/apache2/logs/domlogs --main=moly1.molygoshop.com --suffix=-bytes_log
(root,14040,3488,00:00:08/10-06:37:33,53955) /usr/local/cpanel/bin/splitlogs --dir=/etc/apache2/logs/domlogs --main=moly1.molygoshop.com --mainout=/etc/apache2/logs/access_log
(root,82088,16072,00:00:00/10-06:37:33,53956) /usr/local/cpanel/3rdparty/bin/perl /usr/local/cpanel/bin/leechprotect
(root,239864,3524,00:00:03/10-03:44:15,79299) /usr/sbin/pure-authd -s /var/run/ftpd.sock -r /usr/local/cpanel/bin/pureauth
(root,240472,5836,00:00:04/10-03:44:15,79300) pure-ftpd (SERVER)
(nobody,212880,12712,00:00:01/06:13:19,86936) /usr/sbin/httpd -k start
(nobody,213296,12744,00:00:01/04:36:10,112487) /usr/sbin/httpd -k start
(root,0,0,00:00:00/9-23:41:33,114434) [dio/dm-0]
(nobody,213320,13064,00:00:01/04:25:06,115440) /usr/sbin/httpd -k start
(root,301380,155200,00:00:16/03:55:19,123680) /usr/local/cpanel/3rdparty/perl/536/bin/perl -T -w /usr/local/cpanel/3rdparty/bin/spamd --allowed-ips=127.0.0.1,::1 --max-children=5 --pidfile=/var/run/spamd.pid --listen=5 --listen=6
(root,302636,147788,00:00:05/03:44:57,126429) spamd child
(root,301380,146344,00:00:00/03:44:57,126430) spamd child
(nobody,212860,12548,00:00:00/03:35:08,128860) /usr/sbin/httpd -k start
(nobody,212896,12572,00:00:00/01:49:25,155995) /usr/sbin/httpd -k start
(nobody,212952,12456,00:00:00/01:19:41,163764) /usr/sbin/httpd -k start
(root,0,0,00:00:00/47:51,172070) [kworker/u8:3-xprtiod]
(root,0,0,00:00:00/32:06,176279) [kworker/u8:1-xprtiod]
(root,0,0,00:00:00/26:39,177725) [kworker/3:0-cgroup_destroy]
(nobody,212824,11984,00:00:00/23:51,178548) /usr/sbin/httpd -k start
(nobody,212788,11900,00:00:00/23:23,178636) /usr/sbin/httpd -k start
(root,0,0,00:00:00/23:02,178799) [kworker/2:3-cgroup_destroy]
(nobody,212900,11568,00:00:00/19:34,179605) /usr/sbin/httpd -k start
(root,0,0,00:00:00/18:00,180140) [kworker/u8:2-xprtiod]
(root,0,0,00:00:00/16:02,180610) [kworker/2:0-cgroup_pidlist_destroy]
(root,0,0,00:00:00/15:29,180698) [kworker/0:1-events_power_efficient]
(root,0,0,00:00:00/15:01,180843) [kworker/1:1-events]
(root,0,0,00:00:00/11:01,181919) [kworker/0:2-cgroup_pidlist_destroy]
(root,0,0,00:00:00/10:00,182157) [kworker/3:1-cgroup_pidlist_destroy]
(root,0,0,00:00:00/06:01,183220) [kworker/1:3-cgroup_pidlist_destroy]
(root,0,0,00:00:00/05:00,183450) [kworker/0:0-cgroup_pidlist_destroy]
(root,0,0,00:00:00/04:02,183838) [kworker/0:3-events]
(root,0,0,00:00:00/01:42,184393) [kworker/3:2-events]
(root,0,0,00:00:00/01:39,184409) [kworker/2:1-events]
(root,0,0,00:00:00/00:42,184634) [kworker/1:0-events]
(dovecot,37084,3976,00:00:00/00:11,184706) dovecot/auth
(root,86104,15772,00:00:00/00:10,184722) /usr/sbin/exim -Mc 1tDZin-00000000m3M-26Yv
(root,86108,15520,00:00:00/00:10,184727) /usr/sbin/exim -Mc 1tDZin-00000000m3P-2mA2
(mailnull,86316,11540,00:00:00/00:10,184728) /usr/sbin/exim -Mc 1tDZin-00000000m3M-26Yv
(mailnull,86320,11564,00:00:00/00:10,184731) /usr/sbin/exim -Mc 1tDZin-00000000m3P-2mA2
(root,0,0,00:00:00/00:00,184951) [kworker/2:2-events]
(root,222732,3264,00:00:00/00:00,184952) /bin/bash /usr/bin/check_mk_agent
(root,42868,2144,00:00:00/00:00,184970) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000
(root,17756,1236,00:00:00/00:00,184971) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) /
(root,89804,9524,00:00:16/9-07:41:48,252074) /usr/lib/systemd/systemd --user
(root,287460,3524,00:00:00/9-07:41:48,252075) (sd-pam)
(root,347080,34184,00:00:00/9-07:41:47,252093) /usr/local/cpanel/3rdparty/bin/perl /usr/local/cpanel/bin/backup
(root,4444,1656,00:00:51/9-07:40:56,252371) /usr/local/cpanel/bin/cpuwatch 3.5000 --report-fd 8 /usr/local/cpanel/bin/pkgacct moly24 /backup/2024-11-11/accounts backup
(root,377004,37660,5-00:43:18/9-07:40:56,252372) pkgacct - moly24 - av: 4
(root,410228,12576,00:00:26/4-03:56:32,2727590) php-fpm: master process (/usr/local/cpanel/etc/php-fpm.conf)
(wp-toolkit,508148,50268,00:00:20/4-03:56:32,2727617) /usr/bin/sw-engine /usr/local/cpanel/3rdparty/wp-toolkit/bin/run-script scheduled-tasks-executor.php
(wp-toolkit,524708,66824,00:04:51/4-03:56:31,2727638) /usr/bin/sw-engine /usr/local/cpanel/3rdparty/wp-toolkit/bin/run-script background-tasks-executor.php
(root,457660,24688,00:01:19/4-03:56:30,2727663) php-fpm: master process (/opt/cpanel/ea-php81/root/etc/php-fpm.conf)
(root,565512,42400,00:00:09/4-03:56:30,2727690) sw-engine-fpm: master process (/etc/sw-engine/sw-engine-fpm.conf)
(root,0,0,00:00:00/1-11:30:08,3815931) [kworker/0:2H-kblockd]

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: ens18: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP mode DEFAULT group default qlen 1000
    link/ether 86:26:7e:9b:5a:f9 brd ff:ff:ff:ff:ff:ff
    altname enp0s18
3: ens19: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP mode DEFAULT group default qlen 1000
    link/ether 46:26:9b:9b:f9:21 brd ff:ff:ff:ff:ff:ff
    altname enp0s19
[end_iplink]
      Found on 2024-11-20 01:41

    • Severity: high
      Fingerprint: 03cb82e6f6a6b45342c4bbcb4b4d50b5e9848d861f366845ea9ad328c1e5b967

      Found public CheckMk agent:
Version: 1.4.0p30
AgentOS: linux
Hostname: moly1.molygoshop.com
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local

Found process list through CheckMk:
(root,239112,11684,00:31:26/8-10:59:33,1) /usr/lib/systemd/systemd --switched-root --system --deserialize 18
(root,0,0,00:00:01/8-10:59:33,2) [kthreadd]
(root,0,0,00:00:00/8-10:59:33,3) [rcu_gp]
(root,0,0,00:00:00/8-10:59:33,4) [rcu_par_gp]
(root,0,0,00:00:00/8-10:59:33,5) [slub_flushwq]
(root,0,0,00:00:00/8-10:59:33,7) [kworker/0:0H-events_highpri]
(root,0,0,00:00:00/8-10:59:33,9) [mm_percpu_wq]
(root,0,0,00:00:00/8-10:59:33,10) [rcu_tasks_rude_]
(root,0,0,00:00:00/8-10:59:33,11) [rcu_tasks_trace]
(root,0,0,00:00:20/8-10:59:33,12) [ksoftirqd/0]
(root,0,0,00:11:49/8-10:59:33,13) [rcu_sched]
(root,0,0,00:00:03/8-10:59:33,14) [migration/0]
(root,0,0,00:00:05/8-10:59:33,15) [watchdog/0]
(root,0,0,00:00:00/8-10:59:33,16) [cpuhp/0]
(root,0,0,00:00:00/8-10:59:33,17) [cpuhp/1]
(root,0,0,00:00:14/8-10:59:33,18) [watchdog/1]
(root,0,0,00:00:03/8-10:59:33,19) [migration/1]
(root,0,0,00:00:17/8-10:59:33,20) [ksoftirqd/1]
(root,0,0,00:00:00/8-10:59:33,22) [kworker/1:0H-events_highpri]
(root,0,0,00:00:00/8-10:59:33,23) [cpuhp/2]
(root,0,0,00:00:06/8-10:59:33,24) [watchdog/2]
(root,0,0,00:00:04/8-10:59:33,25) [migration/2]
(root,0,0,00:00:28/8-10:59:33,26) [ksoftirqd/2]
(root,0,0,00:00:00/8-10:59:33,28) [kworker/2:0H-events_highpri]
(root,0,0,00:00:00/8-10:59:33,29) [cpuhp/3]
(root,0,0,00:00:13/8-10:59:33,30) [watchdog/3]
(root,0,0,00:00:04/8-10:59:33,31) [migration/3]
(root,0,0,00:00:15/8-10:59:33,32) [ksoftirqd/3]
(root,0,0,00:00:00/8-10:59:33,34) [kworker/3:0H-events_highpri]
(root,0,0,00:00:00/8-10:59:33,39) [kdevtmpfs]
(root,0,0,00:00:00/8-10:59:33,40) [netns]
(root,0,0,00:00:05/8-10:59:33,41) [kauditd]
(root,0,0,00:00:03/8-10:59:33,43) [khungtaskd]
(root,0,0,00:00:00/8-10:59:33,44) [oom_reaper]
(root,0,0,00:00:00/8-10:59:33,45) [writeback]
(root,0,0,00:00:00/8-10:59:33,46) [kcompactd0]
(root,0,0,00:00:00/8-10:59:33,47) [ksmd]
(root,0,0,00:02:25/8-10:59:33,48) [khugepaged]
(root,0,0,00:00:00/8-10:59:33,49) [crypto]
(root,0,0,00:00:00/8-10:59:33,50) [kintegrityd]
(root,0,0,00:00:00/8-10:59:33,51) [kblockd]
(root,0,0,00:00:00/8-10:59:33,52) [blkcg_punt_bio]
(root,0,0,00:00:00/8-10:59:33,54) [tpm_dev_wq]
(root,0,0,00:00:00/8-10:59:33,55) [md]
(root,0,0,00:00:00/8-10:59:33,56) [md_bitmap]
(root,0,0,00:00:00/8-10:59:33,57) [edac-poller]
(root,0,0,00:00:00/8-10:59:33,58) [watchdogd]
(root,0,0,00:03:21/8-10:59:33,61) [kworker/2:1H-kblockd]
(root,0,0,00:00:00/8-10:59:32,64) [kswapd0]
(root,0,0,00:00:00/8-10:59:32,125) [kthrotld]
(root,0,0,00:00:00/8-10:59:32,126) [acpi_thermal_pm]
(root,0,0,00:00:00/8-10:59:32,127) [kmpath_rdacd]
(root,0,0,00:00:00/8-10:59:32,128) [kaluad]
(root,0,0,00:00:00/8-10:59:32,129) [ipv6_addrconf]
(root,0,0,00:00:00/8-10:59:32,130) [kstrp]
(root,0,0,00:00:00/8-10:59:32,131) [zswap-shrink]
(root,0,0,00:03:36/8-10:59:32,146) [kworker/3:1H-kblockd]
(root,0,0,00:06:57/8-10:59:32,175) [kworker/0:1H-kblockd]
(root,0,0,00:04:41/8-10:59:32,176) [kworker/1:1H-kblockd]
(root,0,0,00:00:00/8-10:59:30,353) [ata_sff]
(root,0,0,00:00:10/8-10:59:30,354) [scsi_eh_0]
(root,0,0,00:00:00/8-10:59:30,355) [scsi_tmf_0]
(root,0,0,00:00:00/8-10:59:30,356) [scsi_eh_1]
(root,0,0,00:00:00/8-10:59:30,357) [scsi_tmf_1]
(root,0,0,00:00:00/8-10:59:30,363) [ttm]
(root,0,0,00:00:00/8-10:59:29,434) [kdmflush/253:0]
(root,0,0,00:00:00/8-10:59:29,443) [kdmflush/253:1]
(root,0,0,00:00:00/8-10:59:28,471) [xfsalloc]
(root,0,0,00:00:00/8-10:59:28,473) [xfs_mru_cache]
(root,0,0,00:00:00/8-10:59:28,474) [xfs-buf/dm-0]
(root,0,0,00:00:00/8-10:59:28,475) [xfs-conv/dm-0]
(root,0,0,00:00:00/8-10:59:28,476) [xfs-cil/dm-0]
(root,0,0,00:00:00/8-10:59:28,477) [xfs-reclaim/dm-]
(root,0,0,00:00:00/8-10:59:28,478) [xfs-blockgc/dm-]
(root,0,0,00:00:00/8-10:59:28,479) [xfs-log/dm-0]
(root,0,0,00:03:41/8-10:59:28,480) [xfsaild/dm-0]
(root,138216,43612,00:06:57/8-10:58:52,575) /usr/lib/systemd/systemd-journald
(root,0,0,00:00:00/8-10:58:49,616) [xfs-buf/sda1]
(root,0,0,00:00:00/8-10:58:49,617) [xfs-conv/sda1]
(root,0,0,00:00:00/8-10:58:49,618) [xfs-cil/sda1]
(root,0,0,00:00:00/8-10:58:49,619) [xfs-reclaim/sda]
(root,0,0,00:00:00/8-10:58:49,620) [xfs-blockgc/sda]
(root,0,0,00:00:00/8-10:58:49,621) [xfs-log/sda1]
(root,0,0,00:00:00/8-10:58:49,622) [xfsaild/sda1]
(root,97516,8936,00:42:12/8-10:58:48,624) /usr/lib/systemd/systemd-udevd
(root,0,0,00:00:00/8-10:58:44,680) [kdmflush/253:2]
(root,0,0,00:00:00/8-10:58:44,688) [xfs-buf/dm-2]
(root,0,0,00:00:00/8-10:58:44,689) [xfs-conv/dm-2]
(root,0,0,00:00:00/8-10:58:44,690) [xfs-cil/dm-2]
(root,0,0,00:00:00/8-10:58:44,691) [xfs-reclaim/dm-]
(root,0,0,00:00:00/8-10:58:44,692) [xfs-blockgc/dm-]
(root,0,0,00:00:00/8-10:58:44,693) [xfs-log/dm-2]
(root,0,0,00:00:38/8-10:58:44,694) [xfsaild/dm-2]
(rpc,67328,5480,00:00:03/8-10:58:27,718) /usr/bin/rpcbind -w -f
(root,0,0,00:00:00/8-10:58:27,720) [rpciod]
(root,0,0,00:00:00/8-10:58:27,721) [xprtiod]
(root,57392,2276,00:00:36/8-10:58:27,724) /sbin/auditd
(dbus,56632,5560,00:03:45/8-10:58:23,772) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
(nscd,1030468,4184,00:02:06/8-10:58:23,773) /usr/sbin/nscd
(root,125068,5364,00:00:50/8-10:58:23,775) /usr/sbin/irqbalance --foreground
(root,319192,20748,00:02:21/8-10:58:23,776) queueprocd - waiting up to 60s to process a task
(root,50776,6132,00:00:01/8-10:58:23,777) /usr/sbin/smartd -n -q never
(root,80280,7852,00:01:47/8-10:58:22,785) /usr/lib/systemd/systemd-logind
(chrony,140188,4408,00:00:09/8-10:58:19,801) /usr/sbin/chronyd
(root,0,0,00:00:21/8-10:57:59,1136) [loop0]
(root,0,0,00:00:06/8-10:57:58,1142) [jbd2/loop0-8]
(root,0,0,00:00:00/8-10:57:58,1143) [ext4-rsv-conver]
(named,1244672,64280,00:02:26/8-10:57:49,1724) /usr/sbin/pdns_server --socket-dir=/run/pdns --guardian=no --daemon=no --disable-syslog --log-timestamp=no --write-pid=no
(root,484084,34596,00:06:40/8-10:57:49,1726) /usr/sbin/rsyslogd -n
(root,362224,36172,00:13:36/8-10:57:49,1729) cpsrvd (SSL) - waiting for connections                    
(root,75028,7568,00:00:30/8-10:57:47,1741) /usr/sbin/sshd -D -oCiphers=aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes256-ctr,aes256-cbc,aes128-gcm@openssh.com,aes128-ctr,aes128-cbc -oMACs=hmac-sha2-256-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha1,umac-128@openssh.com,hmac-sha2-512 -oGSSAPIKexAlgorithms=gss-curve25519-sha256-,gss-nistp256-sha256-,gss-group14-sha256-,gss-group16-sha512-,gss-gex-sha1-,gss-group14-sha1- -oKexAlgorithms=curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1 -oHostKeyAlgorithms=ecdsa-sha2-nistp256,ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521,ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh-ed25519,ssh-ed25519-cert-v01@openssh.com,rsa-sha2-256,rsa-sha2-256-cert-v01@openssh.com,rsa-sha2-512,rsa-sha2-512-cert-v01@openssh.com,ssh-rsa,ssh-rsa-cert-v01@openssh.com -oPubkeyAcceptedKeyTypes=ecdsa-sha2-nistp256,ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521,ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh-ed25519,ssh-ed25519-cert-v01@openssh.com,rsa-sha2-256,rsa-sha2-256-cert-v01@openssh.com,rsa-sha2-512,rsa-sha2-512-cert-v01@openssh.com,ssh-rsa,ssh-rsa-cert-v01@openssh.com -oCASignatureAlgorithms=ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519,rsa-sha2-256,rsa-sha2-512,ssh-rsa
(root,49208,3328,00:00:00/8-10:57:47,1756) /usr/sbin/xinetd -stayalive -pidfile /var/run/xinetd.pid
(root,314972,4036,00:00:01/8-10:57:42,1774) /usr/sbin/gssproxy -D
(root,233820,3556,00:00:22/8-10:57:38,1844) /usr/sbin/crond -n
(root,24504,1440,00:00:00/8-10:57:38,1848) /usr/sbin/atd -f
(root,217772,856,00:00:00/8-10:57:36,1878) /sbin/agetty -o -p -- \u --noclear tty1 linux
(mysql,1920552,372468,00:36:12/8-10:57:36,1910) /usr/sbin/mariadbd
(root,0,0,00:00:00/8-10:57:35,1928) [ib-comp-wq]
(root,0,0,00:00:00/8-10:57:35,1929) [kworker/u9:0]
(root,0,0,00:00:00/8-10:57:35,1931) [ib-comp-unb-wq]
(root,0,0,00:00:00/8-10:57:35,1932) [ib_mcast]
(root,0,0,00:00:00/8-10:57:35,1933) [ib_nl_sa_wq]
(cpanelconnecttrack,23480,4772,00:32:54/8-10:57:30,1971) /usr/local/cpanel/3rdparty/sbin/p0f -i any -u cpanelconnecttrack -d -s /var/cpanel/userhomes/cpanelconnecttrack/p0f.socket less 400 and not dst port 80 and not dst port 443 and tcp[13] & 8==0
(root,337268,27148,00:03:13/8-10:57:26,2177) tailwatchd
(root,314552,17060,00:08:16/8-10:57:26,2178) cPhulkd - processor
(root,312864,13080,00:02:48/8-10:57:26,2179) cpdavd - accepting connections on: 2079, 2080, 2091, 2077, 2078 (dormant)
(root,296320,9588,00:00:53/8-10:57:26,2182) dnsadmin - dormant mode
(root,268092,5380,00:00:10/8-10:57:21,2256) cpanellogd - sleeping for logs
(rpcuser,43628,2680,00:00:00/8-08:10:35,31027) /usr/sbin/rpc.statd
(root,0,0,00:00:00/8-07:54:34,34212) [nfsiod]
(root,0,0,00:00:00/8-07:54:34,34222) [lockd]
(root,44608,4800,00:00:22/8-05:44:59,53842) /usr/sbin/dovecot -F -c /etc/dovecot/dovecot.conf
(dovenull,27428,7360,00:00:05/8-05:44:59,53843) dovecot/pop3-login
(dovenull,27436,7512,00:00:04/8-05:44:59,53844) dovecot/imap-login
(dovecot,10472,1248,00:00:03/8-05:44:59,53845) dovecot/anvil
(root,10732,2928,00:00:07/8-05:44:59,53846) dovecot/log
(dovenull,27528,7380,00:00:06/8-05:44:59,53847) dovecot/pop3-login
(dovenull,27532,7600,00:00:08/8-05:44:59,53848) dovecot/imap-login
(root,16520,5036,00:00:16/8-05:44:59,53850) dovecot/config
(dovecot,14232,3236,00:00:09/8-05:44:59,53851) dovecot/stats
(mailnull,88324,18504,00:00:57/8-05:44:58,53902) /usr/sbin/exim -ps -bd -q15m -oP /var/spool/exim/exim-daemon.pid
(root,211268,11480,00:01:17/8-05:44:56,53953) /usr/sbin/httpd -k start
(root,13912,1912,00:00:06/8-05:44:56,53954) /usr/local/cpanel/bin/splitlogs --dir=/etc/apache2/logs/domlogs --main=moly1.molygoshop.com --suffix=-bytes_log
(root,14040,3488,00:00:06/8-05:44:56,53955) /usr/local/cpanel/bin/splitlogs --dir=/etc/apache2/logs/domlogs --main=moly1.molygoshop.com --mainout=/etc/apache2/logs/access_log
(root,82088,16072,00:00:00/8-05:44:56,53956) /usr/local/cpanel/3rdparty/bin/perl /usr/local/cpanel/bin/leechprotect
(root,239864,3524,00:00:02/8-02:51:38,79299) /usr/sbin/pure-authd -s /var/run/ftpd.sock -r /usr/local/cpanel/bin/pureauth
(root,240472,5836,00:00:03/8-02:51:38,79300) pure-ftpd (SERVER)
(root,0,0,00:00:00/7-22:48:56,114434) [dio/dm-0]
(root,89804,9524,00:00:12/7-06:49:11,252074) /usr/lib/systemd/systemd --user
(root,287460,3524,00:00:00/7-06:49:11,252075) (sd-pam)
(root,347080,34184,00:00:00/7-06:49:10,252093) /usr/local/cpanel/3rdparty/bin/perl /usr/local/cpanel/bin/backup
(root,4444,1656,00:00:41/7-06:48:19,252371) /usr/local/cpanel/bin/cpuwatch 3.5000 --report-fd 8 /usr/local/cpanel/bin/pkgacct moly24 /backup/2024-11-11/accounts backup
(root,377004,37660,3-15:31:53/7-06:48:19,252372) pkgacct - moly24 - av: 4
(root,410228,12576,00:00:13/2-03:03:55,2727590) php-fpm: master process (/usr/local/cpanel/etc/php-fpm.conf)
(wp-toolkit,508148,50268,00:00:10/2-03:03:55,2727617) /usr/bin/sw-engine /usr/local/cpanel/3rdparty/wp-toolkit/bin/run-script scheduled-tasks-executor.php
(wp-toolkit,524708,66824,00:02:29/2-03:03:54,2727638) /usr/bin/sw-engine /usr/local/cpanel/3rdparty/wp-toolkit/bin/run-script background-tasks-executor.php
(root,457660,24688,00:00:46/2-03:03:53,2727663) php-fpm: master process (/opt/cpanel/ea-php81/root/etc/php-fpm.conf)
(root,565512,42400,00:00:03/2-03:03:53,2727690) sw-engine-fpm: master process (/etc/sw-engine/sw-engine-fpm.conf)
(root,334920,33948,00:01:43/08:49:04,3456254) lfd - sleeping
(root,301524,155384,00:00:14/03:02:40,3551736) /usr/local/cpanel/3rdparty/perl/536/bin/perl -T -w /usr/local/cpanel/3rdparty/bin/spamd --allowed-ips=127.0.0.1,::1 --max-children=5 --pidfile=/var/run/spamd.pid --listen=5 --listen=6
(root,302792,147948,00:00:04/02:52:20,3554746) spamd child
(root,301524,146428,00:00:00/02:52:20,3554747) spamd child
(nobody,213060,12620,00:00:00/02:28:03,3561723) /usr/sbin/httpd -k start
(root,0,0,00:00:00/01:25:32,3578468) [kworker/u8:1-xprtiod]
(nobody,213072,12572,00:00:00/01:01:20,3584986) /usr/sbin/httpd -k start
(nobody,213072,12552,00:00:00/01:01:20,3584987) /usr/sbin/httpd -k start
(nobody,213208,12144,00:00:00/01:01:19,3584993) /usr/sbin/httpd -k start
(nobody,213076,12636,00:00:00/01:01:18,3584995) /usr/sbin/httpd -k start
(nobody,213076,12416,00:00:00/01:01:18,3584997) /usr/sbin/httpd -k start
(nobody,212804,12456,00:00:00/01:01:18,3584998) /usr/sbin/httpd -k start
(nobody,213076,12580,00:00:00/01:01:18,3585000) /usr/sbin/httpd -k start
(root,0,0,00:00:00/46:39,3589023) [kworker/u8:0-xprtiod]
(nobody,212892,11664,00:00:00/24:14,3594950) /usr/sbin/httpd -k start
(nobody,213116,11760,00:00:00/23:19,3595198) /usr/sbin/httpd -k start
(root,0,0,00:00:00/22:26,3595412) [kworker/3:0-events]
(root,0,0,00:00:00/18:26,3596566) [kworker/2:2-cgroup_pidlist_destroy]
(root,0,0,00:00:00/18:13,3596600) [kworker/0:1-events_power_efficient]
(root,0,0,00:00:00/13:28,3597808) [kworker/u8:2-xprtiod]
(root,0,0,00:00:00/13:26,3597885) [kworker/1:2-events]
(root,0,0,00:00:00/11:25,3598486) [kworker/2:1-events]
(root,0,0,00:00:00/09:06,3599027) [kworker/0:3-mm_percpu_wq]
(root,0,0,00:00:00/07:26,3599432) [kworker/1:1-kdmflush/253:2]
(root,0,0,00:00:00/06:26,3599821) [kworker/3:3-events]
(root,0,0,00:00:00/05:25,3600049) [kworker/2:3-events]
(root,0,0,00:00:00/01:48,3600865) [kworker/1:0-events]
(root,289712,15088,00:00:00/01:48,3600872) cPhulkd - dbprocessor
(dovecot,37216,4180,00:00:00/01:44,3600930) dovecot/auth
(root,43956,8224,00:00:00/01:42,3600966) dovecot/lmtp
(root,0,0,00:00:00/01:36,3601062) [kworker/0:0-events]
(root,0,0,00:00:00/00:14,3601420) [kworker/u8:3-xprtiod]
(root,222732,3248,00:00:00/00:00,3601585) /bin/bash /usr/bin/check_mk_agent
(root,42868,2240,00:00:00/00:00,3601603) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000
(root,17756,1276,00:00:00/00:00,3601604) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) /

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: ens18: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP mode DEFAULT group default qlen 1000
    link/ether 86:26:7e:9b:5a:f9 brd ff:ff:ff:ff:ff:ff
    altname enp0s18
3: ens19: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP mode DEFAULT group default qlen 1000
    link/ether 46:26:9b:9b:f9:21 brd ff:ff:ff:ff:ff:ff
    altname enp0s19
[end_iplink]
      Found on 2024-11-18 00:49

    • Severity: high
      Fingerprint: 03cb82e6f6a6b45342c4bbcb4b4d50b5e9848d861f366845ea9ad3289797ce16

      Found public CheckMk agent:
Version: 1.4.0p30
AgentOS: linux
Hostname: moly1.molygoshop.com
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local

Found process list through CheckMk:
(root,239112,11684,00:25:03/6-13:28:03,1) /usr/lib/systemd/systemd --switched-root --system --deserialize 18
(root,0,0,00:00:00/6-13:28:03,2) [kthreadd]
(root,0,0,00:00:00/6-13:28:03,3) [rcu_gp]
(root,0,0,00:00:00/6-13:28:03,4) [rcu_par_gp]
(root,0,0,00:00:00/6-13:28:03,5) [slub_flushwq]
(root,0,0,00:00:00/6-13:28:03,7) [kworker/0:0H-events_highpri]
(root,0,0,00:00:00/6-13:28:03,9) [mm_percpu_wq]
(root,0,0,00:00:00/6-13:28:03,10) [rcu_tasks_rude_]
(root,0,0,00:00:00/6-13:28:03,11) [rcu_tasks_trace]
(root,0,0,00:00:14/6-13:28:03,12) [ksoftirqd/0]
(root,0,0,00:09:18/6-13:28:03,13) [rcu_sched]
(root,0,0,00:00:02/6-13:28:03,14) [migration/0]
(root,0,0,00:00:03/6-13:28:03,15) [watchdog/0]
(root,0,0,00:00:00/6-13:28:03,16) [cpuhp/0]
(root,0,0,00:00:00/6-13:28:03,17) [cpuhp/1]
(root,0,0,00:00:10/6-13:28:03,18) [watchdog/1]
(root,0,0,00:00:02/6-13:28:03,19) [migration/1]
(root,0,0,00:00:12/6-13:28:03,20) [ksoftirqd/1]
(root,0,0,00:00:00/6-13:28:03,22) [kworker/1:0H-events_highpri]
(root,0,0,00:00:00/6-13:28:03,23) [cpuhp/2]
(root,0,0,00:00:04/6-13:28:03,24) [watchdog/2]
(root,0,0,00:00:03/6-13:28:03,25) [migration/2]
(root,0,0,00:00:20/6-13:28:03,26) [ksoftirqd/2]
(root,0,0,00:00:00/6-13:28:03,28) [kworker/2:0H-events_highpri]
(root,0,0,00:00:00/6-13:28:03,29) [cpuhp/3]
(root,0,0,00:00:09/6-13:28:03,30) [watchdog/3]
(root,0,0,00:00:03/6-13:28:03,31) [migration/3]
(root,0,0,00:00:10/6-13:28:03,32) [ksoftirqd/3]
(root,0,0,00:00:00/6-13:28:03,34) [kworker/3:0H-events_highpri]
(root,0,0,00:00:00/6-13:28:03,39) [kdevtmpfs]
(root,0,0,00:00:00/6-13:28:03,40) [netns]
(root,0,0,00:00:04/6-13:28:03,41) [kauditd]
(root,0,0,00:00:02/6-13:28:03,43) [khungtaskd]
(root,0,0,00:00:00/6-13:28:03,44) [oom_reaper]
(root,0,0,00:00:00/6-13:28:03,45) [writeback]
(root,0,0,00:00:00/6-13:28:03,46) [kcompactd0]
(root,0,0,00:00:00/6-13:28:03,47) [ksmd]
(root,0,0,00:01:53/6-13:28:03,48) [khugepaged]
(root,0,0,00:00:00/6-13:28:03,49) [crypto]
(root,0,0,00:00:00/6-13:28:03,50) [kintegrityd]
(root,0,0,00:00:00/6-13:28:03,51) [kblockd]
(root,0,0,00:00:00/6-13:28:03,52) [blkcg_punt_bio]
(root,0,0,00:00:00/6-13:28:03,54) [tpm_dev_wq]
(root,0,0,00:00:00/6-13:28:03,55) [md]
(root,0,0,00:00:00/6-13:28:03,56) [md_bitmap]
(root,0,0,00:00:00/6-13:28:03,57) [edac-poller]
(root,0,0,00:00:00/6-13:28:03,58) [watchdogd]
(root,0,0,00:02:39/6-13:28:03,61) [kworker/2:1H-kblockd]
(root,0,0,00:00:00/6-13:28:02,64) [kswapd0]
(root,0,0,00:00:00/6-13:28:02,125) [kthrotld]
(root,0,0,00:00:00/6-13:28:02,126) [acpi_thermal_pm]
(root,0,0,00:00:00/6-13:28:02,127) [kmpath_rdacd]
(root,0,0,00:00:00/6-13:28:02,128) [kaluad]
(root,0,0,00:00:00/6-13:28:02,129) [ipv6_addrconf]
(root,0,0,00:00:00/6-13:28:02,130) [kstrp]
(root,0,0,00:00:00/6-13:28:02,131) [zswap-shrink]
(root,0,0,00:02:49/6-13:28:02,146) [kworker/3:1H-kblockd]
(root,0,0,00:05:32/6-13:28:02,175) [kworker/0:1H-kblockd]
(root,0,0,00:03:49/6-13:28:02,176) [kworker/1:1H-kblockd]
(root,0,0,00:00:00/6-13:28:00,353) [ata_sff]
(root,0,0,00:00:10/6-13:28:00,354) [scsi_eh_0]
(root,0,0,00:00:00/6-13:28:00,355) [scsi_tmf_0]
(root,0,0,00:00:00/6-13:28:00,356) [scsi_eh_1]
(root,0,0,00:00:00/6-13:28:00,357) [scsi_tmf_1]
(root,0,0,00:00:00/6-13:28:00,363) [ttm]
(root,0,0,00:00:00/6-13:27:59,434) [kdmflush/253:0]
(root,0,0,00:00:00/6-13:27:59,443) [kdmflush/253:1]
(root,0,0,00:00:00/6-13:27:58,471) [xfsalloc]
(root,0,0,00:00:00/6-13:27:58,473) [xfs_mru_cache]
(root,0,0,00:00:00/6-13:27:58,474) [xfs-buf/dm-0]
(root,0,0,00:00:00/6-13:27:58,475) [xfs-conv/dm-0]
(root,0,0,00:00:00/6-13:27:58,476) [xfs-cil/dm-0]
(root,0,0,00:00:00/6-13:27:58,477) [xfs-reclaim/dm-]
(root,0,0,00:00:00/6-13:27:58,478) [xfs-blockgc/dm-]
(root,0,0,00:00:00/6-13:27:58,479) [xfs-log/dm-0]
(root,0,0,00:02:57/6-13:27:58,480) [xfsaild/dm-0]
(root,174168,68764,00:05:27/6-13:27:22,575) /usr/lib/systemd/systemd-journald
(root,0,0,00:00:00/6-13:27:19,616) [xfs-buf/sda1]
(root,0,0,00:00:00/6-13:27:19,617) [xfs-conv/sda1]
(root,0,0,00:00:00/6-13:27:19,618) [xfs-cil/sda1]
(root,0,0,00:00:00/6-13:27:19,619) [xfs-reclaim/sda]
(root,0,0,00:00:00/6-13:27:19,620) [xfs-blockgc/sda]
(root,0,0,00:00:00/6-13:27:19,621) [xfs-log/sda1]
(root,0,0,00:00:00/6-13:27:19,622) [xfsaild/sda1]
(root,97516,8936,00:35:18/6-13:27:18,624) /usr/lib/systemd/systemd-udevd
(root,0,0,00:00:00/6-13:27:14,680) [kdmflush/253:2]
(root,0,0,00:00:00/6-13:27:14,688) [xfs-buf/dm-2]
(root,0,0,00:00:00/6-13:27:14,689) [xfs-conv/dm-2]
(root,0,0,00:00:00/6-13:27:14,690) [xfs-cil/dm-2]
(root,0,0,00:00:00/6-13:27:14,691) [xfs-reclaim/dm-]
(root,0,0,00:00:00/6-13:27:14,692) [xfs-blockgc/dm-]
(root,0,0,00:00:00/6-13:27:14,693) [xfs-log/dm-2]
(root,0,0,00:00:29/6-13:27:14,694) [xfsaild/dm-2]
(rpc,67328,5480,00:00:03/6-13:26:57,718) /usr/bin/rpcbind -w -f
(root,0,0,00:00:00/6-13:26:57,720) [rpciod]
(root,0,0,00:00:00/6-13:26:57,721) [xprtiod]
(root,57392,2276,00:00:29/6-13:26:57,724) /sbin/auditd
(dbus,56632,5560,00:03:01/6-13:26:53,772) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
(nscd,1030468,4184,00:01:39/6-13:26:53,773) /usr/sbin/nscd
(root,125068,5364,00:00:40/6-13:26:53,775) /usr/sbin/irqbalance --foreground
(root,319192,20748,00:01:52/6-13:26:53,776) queueprocd - waiting up to 60s to process a task
(root,50776,6132,00:00:01/6-13:26:53,777) /usr/sbin/smartd -n -q never
(root,80280,7852,00:01:26/6-13:26:52,785) /usr/lib/systemd/systemd-logind
(chrony,140188,4408,00:00:08/6-13:26:49,801) /usr/sbin/chronyd
(root,0,0,00:00:17/6-13:26:29,1136) [loop0]
(root,0,0,00:00:05/6-13:26:28,1142) [jbd2/loop0-8]
(root,0,0,00:00:00/6-13:26:28,1143) [ext4-rsv-conver]
(named,1244672,64016,00:01:56/6-13:26:19,1724) /usr/sbin/pdns_server --socket-dir=/run/pdns --guardian=no --daemon=no --disable-syslog --log-timestamp=no --write-pid=no
(root,479936,22748,00:05:08/6-13:26:19,1726) /usr/sbin/rsyslogd -n
(root,297252,10324,00:10:44/6-13:26:19,1729) cpsrvd (SSL) - dormant mode - accepting connections
(root,75028,7568,00:00:23/6-13:26:17,1741) /usr/sbin/sshd -D -oCiphers=aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes256-ctr,aes256-cbc,aes128-gcm@openssh.com,aes128-ctr,aes128-cbc -oMACs=hmac-sha2-256-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha1,umac-128@openssh.com,hmac-sha2-512 -oGSSAPIKexAlgorithms=gss-curve25519-sha256-,gss-nistp256-sha256-,gss-group14-sha256-,gss-group16-sha512-,gss-gex-sha1-,gss-group14-sha1- -oKexAlgorithms=curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1 -oHostKeyAlgorithms=ecdsa-sha2-nistp256,ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521,ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh-ed25519,ssh-ed25519-cert-v01@openssh.com,rsa-sha2-256,rsa-sha2-256-cert-v01@openssh.com,rsa-sha2-512,rsa-sha2-512-cert-v01@openssh.com,ssh-rsa,ssh-rsa-cert-v01@openssh.com -oPubkeyAcceptedKeyTypes=ecdsa-sha2-nistp256,ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521,ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh-ed25519,ssh-ed25519-cert-v01@openssh.com,rsa-sha2-256,rsa-sha2-256-cert-v01@openssh.com,rsa-sha2-512,rsa-sha2-512-cert-v01@openssh.com,ssh-rsa,ssh-rsa-cert-v01@openssh.com -oCASignatureAlgorithms=ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519,rsa-sha2-256,rsa-sha2-512,ssh-rsa
(root,49208,3328,00:00:00/6-13:26:17,1756) /usr/sbin/xinetd -stayalive -pidfile /var/run/xinetd.pid
(root,314972,4036,00:00:01/6-13:26:12,1774) /usr/sbin/gssproxy -D
(root,233820,3556,00:00:18/6-13:26:08,1844) /usr/sbin/crond -n
(root,24504,1440,00:00:00/6-13:26:08,1848) /usr/sbin/atd -f
(root,217772,856,00:00:00/6-13:26:06,1878) /sbin/agetty -o -p -- \u --noclear tty1 linux
(mysql,1920852,372380,00:27:42/6-13:26:06,1910) /usr/sbin/mariadbd
(root,0,0,00:00:00/6-13:26:05,1928) [ib-comp-wq]
(root,0,0,00:00:00/6-13:26:05,1929) [kworker/u9:0]
(root,0,0,00:00:00/6-13:26:05,1931) [ib-comp-unb-wq]
(root,0,0,00:00:00/6-13:26:05,1932) [ib_mcast]
(root,0,0,00:00:00/6-13:26:05,1933) [ib_nl_sa_wq]
(cpanelconnecttrack,23492,4784,00:26:18/6-13:26:00,1971) /usr/local/cpanel/3rdparty/sbin/p0f -i any -u cpanelconnecttrack -d -s /var/cpanel/userhomes/cpanelconnecttrack/p0f.socket less 400 and not dst port 80 and not dst port 443 and tcp[13] & 8==0
(root,337736,27540,00:02:24/6-13:25:56,2177) tailwatchd
(root,296612,9600,00:06:31/6-13:25:56,2178) cPhulkd - processor - dormant mode - accepting connections
(root,376412,39900,00:02:17/6-13:25:56,2179) cpdavd - accepting connections on: 2079, 2080, 2091, 2077, 2078
(root,296320,9644,00:00:42/6-13:25:56,2182) dnsadmin - dormant mode
(root,268092,5380,00:00:08/6-13:25:51,2256) cpanellogd - sleeping for logs
(rpcuser,43628,2680,00:00:00/6-10:39:05,31027) /usr/sbin/rpc.statd
(root,0,0,00:00:00/6-10:23:04,34212) [nfsiod]
(root,0,0,00:00:00/6-10:23:04,34222) [lockd]
(root,44608,4800,00:00:17/6-08:13:29,53842) /usr/sbin/dovecot -F -c /etc/dovecot/dovecot.conf
(dovenull,27428,7360,00:00:04/6-08:13:29,53843) dovecot/pop3-login
(dovenull,27436,7512,00:00:03/6-08:13:29,53844) dovecot/imap-login
(dovecot,10472,1248,00:00:02/6-08:13:29,53845) dovecot/anvil
(root,10732,2928,00:00:05/6-08:13:29,53846) dovecot/log
(dovenull,27500,7148,00:00:05/6-08:13:29,53847) dovecot/pop3-login
(dovenull,27532,7600,00:00:06/6-08:13:29,53848) dovecot/imap-login
(root,16520,5036,00:00:12/6-08:13:29,53850) dovecot/config
(dovecot,14232,3236,00:00:07/6-08:13:29,53851) dovecot/stats
(mailnull,88348,18456,00:00:46/6-08:13:28,53902) /usr/sbin/exim -ps -bd -q15m -oP /var/spool/exim/exim-daemon.pid
(root,211268,11480,00:01:01/6-08:13:26,53953) /usr/sbin/httpd -k start
(root,13912,1912,00:00:05/6-08:13:26,53954) /usr/local/cpanel/bin/splitlogs --dir=/etc/apache2/logs/domlogs --main=moly1.molygoshop.com --suffix=-bytes_log
(root,14040,3488,00:00:05/6-08:13:26,53955) /usr/local/cpanel/bin/splitlogs --dir=/etc/apache2/logs/domlogs --main=moly1.molygoshop.com --mainout=/etc/apache2/logs/access_log
(root,82088,16072,00:00:00/6-08:13:26,53956) /usr/local/cpanel/3rdparty/bin/perl /usr/local/cpanel/bin/leechprotect
(root,239864,3524,00:00:01/6-05:20:08,79299) /usr/sbin/pure-authd -s /var/run/ftpd.sock -r /usr/local/cpanel/bin/pureauth
(root,240472,5836,00:00:02/6-05:20:08,79300) pure-ftpd (SERVER)
(root,0,0,00:00:00/6-01:17:26,114434) [dio/dm-0]
(root,89804,9524,00:00:09/5-09:17:41,252074) /usr/lib/systemd/systemd --user
(root,287460,3524,00:00:00/5-09:17:41,252075) (sd-pam)
(root,347080,34184,00:00:00/5-09:17:40,252093) /usr/local/cpanel/3rdparty/bin/perl /usr/local/cpanel/bin/backup
(root,4444,1656,00:00:31/5-09:16:49,252371) /usr/local/cpanel/bin/cpuwatch 3.5000 --report-fd 8 /usr/local/cpanel/bin/pkgacct moly24 /backup/2024-11-11/accounts backup
(root,377004,37660,2-10:29:41/5-09:16:49,252372) pkgacct - moly24 - av: 4
(root,334944,33968,00:02:24/11:17:36,2624515) lfd - sleeping
(nobody,213084,12768,00:00:02/08:25:50,2674844) /usr/sbin/httpd -k start
(root,410228,12576,00:00:01/05:32:25,2727590) php-fpm: master process (/usr/local/cpanel/etc/php-fpm.conf)
(wp-toolkit,508148,50180,00:00:01/05:32:25,2727617) /usr/bin/sw-engine /usr/local/cpanel/3rdparty/wp-toolkit/bin/run-script scheduled-tasks-executor.php
(wp-toolkit,524708,66824,00:00:16/05:32:24,2727638) /usr/bin/sw-engine /usr/local/cpanel/3rdparty/wp-toolkit/bin/run-script background-tasks-executor.php
(root,457660,24688,00:00:05/05:32:23,2727663) php-fpm: master process (/opt/cpanel/ea-php81/root/etc/php-fpm.conf)
(root,565512,42400,00:00:00/05:32:23,2727690) sw-engine-fpm: master process (/etc/sw-engine/sw-engine-fpm.conf)
(root,301448,155188,00:00:17/05:29:48,2729134) /usr/local/cpanel/3rdparty/perl/536/bin/perl -T -w /usr/local/cpanel/3rdparty/bin/spamd --allowed-ips=127.0.0.1,::1 --max-children=5 --pidfile=/var/run/spamd.pid --listen=5 --listen=6
(root,302716,147928,00:00:08/05:16:49,2732885) spamd child
(root,301448,146356,00:00:00/05:16:49,2732886) spamd child
(nobody,212892,12716,00:00:01/04:25:50,2747703) /usr/sbin/httpd -k start
(nobody,213100,12908,00:00:00/03:16:06,2769692) /usr/sbin/httpd -k start
(nobody,212844,12412,00:00:00/02:48:05,2778651) /usr/sbin/httpd -k start
(root,0,0,00:00:00/01:14:28,2808192) [kworker/u8:1-xprtiod]
(nobody,213288,12512,00:00:00/01:10:44,2809193) /usr/sbin/httpd -k start
(root,0,0,00:00:00/55:55,2813854) [kworker/2:2-cgroup_pidlist_destroy]
(root,0,0,00:00:00/53:34,2814552) [kworker/u8:3-xprtiod]
(nobody,213100,12256,00:00:00/50:43,2815565) /usr/sbin/httpd -k start
(nobody,213028,12496,00:00:00/45:22,2817319) /usr/sbin/httpd -k start
(nobody,213068,12492,00:00:00/45:22,2817320) /usr/sbin/httpd -k start
(nobody,212900,12400,00:00:00/44:40,2817520) /usr/sbin/httpd -k start
(nobody,212788,11548,00:00:00/39:44,2818948) /usr/sbin/httpd -k start
(root,0,0,00:00:00/34:08,2821199) [kworker/u8:0-xprtiod]
(root,0,0,00:00:01/32:33,2821635) [kworker/3:1-events]
(root,0,0,00:00:00/15:57,2826907) [kworker/1:1-kdmflush/253:2]
(root,0,0,00:00:00/13:56,2827556) [kworker/2:0-events]
(root,0,0,00:00:00/11:56,2828058) [kworker/3:2-cgroup_pidlist_destroy]
(root,0,0,00:00:00/10:09,2828442) [kworker/1:2-cgroup_pidlist_destroy]
(root,0,0,00:00:00/10:08,2828454) [kworker/0:2-cgroup_destroy]
(root,0,0,00:00:00/08:55,2828954) [kworker/2:3-cgroup_destroy]
(root,0,0,00:00:00/07:56,2829233) [kworker/0:3-kdmflush/253:0]
(root,0,0,00:00:00/06:59,2829425) [kworker/u8:2-xprtiod]
(root,0,0,00:00:00/05:55,2829890) [kworker/3:0-cgroup_destroy]
(root,0,0,00:00:00/04:07,2830859) [kworker/1:0-cgroup_destroy]
(root,0,0,00:00:00/02:56,2831221) [kworker/3:3-events]
(root,0,0,00:00:00/00:56,2831724) [kworker/1:3-mm_percpu_wq]
(mailnull,88692,11128,00:00:00/00:10,2831850) /usr/sbin/exim -ps -bd -q15m -oP /var/spool/exim/exim-daemon.pid
(mailnull,88692,11128,00:00:00/00:09,2831854) /usr/sbin/exim -ps -bd -q15m -oP /var/spool/exim/exim-daemon.pid
(mailnull,88692,11128,00:00:00/00:08,2831855) /usr/sbin/exim -ps -bd -q15m -oP /var/spool/exim/exim-daemon.pid
(root,0,0,00:00:00/00:04,2832004) [kworker/0:0-cgroup_pidlist_destroy]
(root,0,0,00:00:00/00:04,2832005) [kworker/0:1-events]
(root,222732,3276,00:00:00/00:00,2832017) /bin/bash /usr/bin/check_mk_agent
(root,42868,2164,00:00:00/00:00,2832035) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000
(root,17756,1256,00:00:00/00:00,2832036) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) /

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: ens18: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP mode DEFAULT group default qlen 1000
    link/ether 86:26:7e:9b:5a:f9 brd ff:ff:ff:ff:ff:ff
    altname enp0s18
3: ens19: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP mode DEFAULT group default qlen 1000
    link/ether 46:26:9b:9b:f9:21 brd ff:ff:ff:ff:ff:ff
    altname enp0s19
[end_iplink]
      Found on 2024-11-16 03:17
    Create report

  • Open service 42.0.29.69:443

    2024-11-20 11:21 

    HTTP/1.1 200 OK
Date: Wed, 20 Nov 2024 11:22:03 GMT
Server: Apache
Last-Modified: Mon, 04 Dec 2023 03:24:53 GMT
Accept-Ranges: bytes
Content-Length: 163
Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: 0
Connection: close
Content-Type: text/html


<html><head><META HTTP-EQUIV="Cache-control" CONTENT="no-cache"><META HTTP-EQUIV="refresh" CONTENT="0;URL=/cgi-sys/defaultwebpage.cgi"></head><body></body></html>
    Found 2024-11-20 by HttpPlugin
    Create report
autoconfig.moly1.molygoshop.comautodiscover.moly1.molygoshop.comcpanel.moly1.molygoshop.comcpcalendars.moly1.molygoshop.comcpcontacts.moly1.molygoshop.comipv6.moly1.molygoshop.commail.moly1.molygoshop.commoly1.molygoshop.comwebdisk.moly1.molygoshop.comwebmail.moly1.molygoshop.comwhm.moly1.molygoshop.comwww.moly1.molygoshop.com
Fingerprint:
0e4d55c4fc36a1f2443f22fa442a778ac751c9c87264e7528d91c538dbf0676b
CN:
moly1.molygoshop.com
Key:
RSA-2048
Issuer:
R10
Not before:
2024-11-09 18:05
Not after:
2025-02-07 18:05
Domain summary
No record

© 2024 LeakIX
About LeakIX - Credits - Take-down and blacklist requests - Security issues - Terms and conditions - Cookie policy - Legal notice