Host 5.134.124.178
Italy
ITnet S.r.l.
Software information

Apache Apache

tcp/443 tcp/80

  • CheckMK monitoring endpoint publicly available
    IP: 5.134.124.178
    Port: 6556
    First seen 2022-06-17 22:57
    Last seen 2023-05-03 22:25
    Open for 319 days

    • Severity: high
      Fingerprint: 03cb82e6f6a6b45342c4bbcbd51b336f6083b8906ad374733d13f17a94ced4a4

      Found public CheckMk agent:
Version: 1.2.4p1
AgentOS: linux
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
SpoolDirectory: /etc/check_mk/spool
AgentDirectory: /etc/check_mk
OnlyFrom: 

Found process list through CheckMk:
(root,33668,1300,0.0) /sbin/init
(root,0,0,0.0) [kthreadd]
(root,0,0,0.0) [migration/0]
(root,0,0,0.0) [ksoftirqd/0]
(root,0,0,0.0) [stopper/0]
(root,0,0,0.0) [watchdog/0]
(root,0,0,0.0) [migration/1]
(root,0,0,0.0) [stopper/1]
(root,0,0,0.0) [ksoftirqd/1]
(root,0,0,0.0) [watchdog/1]
(root,0,0,0.0) [migration/2]
(root,0,0,0.0) [stopper/2]
(root,0,0,0.0) [ksoftirqd/2]
(root,0,0,0.0) [watchdog/2]
(root,0,0,0.0) [migration/3]
(root,0,0,0.0) [stopper/3]
(root,0,0,0.0) [ksoftirqd/3]
(root,0,0,0.0) [watchdog/3]
(root,0,0,0.0) [migration/4]
(root,0,0,0.0) [stopper/4]
(root,0,0,0.0) [ksoftirqd/4]
(root,0,0,0.0) [watchdog/4]
(root,0,0,0.0) [migration/5]
(root,0,0,0.0) [stopper/5]
(root,0,0,0.0) [ksoftirqd/5]
(root,0,0,0.0) [watchdog/5]
(root,0,0,0.0) [migration/6]
(root,0,0,0.0) [stopper/6]
(root,0,0,0.0) [ksoftirqd/6]
(root,0,0,0.0) [watchdog/6]
(root,0,0,0.0) [migration/7]
(root,0,0,0.0) [stopper/7]
(root,0,0,0.0) [ksoftirqd/7]
(root,0,0,0.0) [watchdog/7]
(root,0,0,0.0) [events/0]
(root,0,0,0.0) [events/1]
(root,0,0,0.0) [events/2]
(root,0,0,0.0) [events/3]
(root,0,0,0.0) [events/4]
(root,0,0,0.0) [events/5]
(root,0,0,0.0) [events/6]
(root,0,0,0.0) [events/7]
(root,0,0,0.0) [events/0]
(root,0,0,0.0) [events/1]
(root,0,0,0.0) [events/2]
(root,0,0,0.0) [events/3]
(root,0,0,0.0) [events/4]
(root,0,0,0.0) [events/5]
(root,0,0,0.0) [events/6]
(root,0,0,0.0) [events/7]
(root,0,0,0.0) [events_long/0]
(root,0,0,0.0) [events_long/1]
(root,0,0,0.0) [events_long/2]
(root,0,0,0.0) [events_long/3]
(root,0,0,0.0) [events_long/4]
(root,0,0,0.0) [events_long/5]
(root,0,0,0.0) [events_long/6]
(root,0,0,0.0) [events_long/7]
(root,0,0,0.0) [events_power_ef]
(root,0,0,0.0) [events_power_ef]
(root,0,0,0.0) [events_power_ef]
(root,0,0,0.0) [events_power_ef]
(root,0,0,0.0) [events_power_ef]
(root,0,0,0.0) [events_power_ef]
(root,0,0,0.0) [events_power_ef]
(root,0,0,0.0) [events_power_ef]
(root,0,0,0.0) [cgroup]
(root,0,0,0.0) [khelper]
(root,0,0,0.0) [netns]
(root,0,0,0.0) [async/mgr]
(root,0,0,0.0) [pm]
(root,0,0,0.0) [sync_supers]
(root,0,0,0.0) [bdi-default]
(root,0,0,0.0) [kintegrityd/0]
(root,0,0,0.0) [kintegrityd/1]
(root,0,0,0.0) [kintegrityd/2]
(root,0,0,0.0) [kintegrityd/3]
(root,0,0,0.0) [kintegrityd/4]
(root,0,0,0.0) [kintegrityd/5]
(root,0,0,0.0) [kintegrityd/6]
(root,0,0,0.0) [kintegrityd/7]
(root,0,0,0.0) [kblockd/0]
(root,0,0,0.0) [kblockd/1]
(root,0,0,0.0) [kblockd/2]
(root,0,0,0.0) [kblockd/3]
(root,0,0,0.0) [kblockd/4]
(root,0,0,0.0) [kblockd/5]
(root,0,0,0.0) [kblockd/6]
(root,0,0,0.0) [kblockd/7]
(root,0,0,0.0) [kacpid]
(root,0,0,0.0) [kacpi_notify]
(root,0,0,0.0) [kacpi_hotplug]
(root,0,0,0.0) [ata_aux]
(root,0,0,0.0) [ata_sff/0]
(root,0,0,0.0) [ata_sff/1]
(root,0,0,0.0) [ata_sff/2]
(root,0,0,0.0) [ata_sff/3]
(root,0,0,0.0) [ata_sff/4]
(root,0,0,0.0) [ata_sff/5]
(root,0,0,0.0) [ata_sff/6]
(root,0,0,0.0) [ata_sff/7]
(root,0,0,0.0) [ksuspend_usbd]
(root,0,0,0.0) [khubd]
(root,0,0,0.0) [kseriod]
(root,0,0,0.0) [md/0]
(root,0,0,0.0) [md/1]
(root,0,0,0.0) [md/2]
(root,0,0,0.0) [md/3]
(root,0,0,0.0) [md/4]
(root,0,0,0.0) [md/5]
(root,0,0,0.0) [md/6]
(root,0,0,0.0) [md/7]
(root,0,0,0.0) [md_misc/0]
(root,0,0,0.0) [md_misc/1]
(root,0,0,0.0) [md_misc/2]
(root,0,0,0.0) [md_misc/3]
(root,0,0,0.0) [md_misc/4]
(root,0,0,0.0) [md_misc/5]
(root,0,0,0.0) [md_misc/6]
(root,0,0,0.0) [md_misc/7]
(root,0,0,0.0) [linkwatch]
(root,0,0,0.0) [khungtaskd]
(root,0,0,0.0) [lru-add-drain/0]
(root,0,0,0.0) [lru-add-drain/1]
(root,0,0,0.0) [lru-add-drain/2]
(root,0,0,0.0) [lru-add-drain/3]
(root,0,0,0.0) [lru-add-drain/4]
(root,0,0,0.0) [lru-add-drain/5]
(root,0,0,0.0) [lru-add-drain/6]
(root,0,0,0.0) [lru-add-drain/7]
(root,0,0,0.0) [kswapd0]
(root,0,0,0.0) [ksmd]
(root,0,0,0.0) [khugepaged]
(root,0,0,0.0) [aio/0]
(root,0,0,0.0) [aio/1]
(root,0,0,0.0) [aio/2]
(root,0,0,0.0) [aio/3]
(root,0,0,0.0) [aio/4]
(root,0,0,0.0) [aio/5]
(root,0,0,0.0) [aio/6]
(root,0,0,0.0) [aio/7]
(root,0,0,0.0) [crypto/0]
(root,0,0,0.0) [crypto/1]
(root,0,0,0.0) [crypto/2]
(root,0,0,0.0) [crypto/3]
(root,0,0,0.0) [crypto/4]
(root,0,0,0.0) [crypto/5]
(root,0,0,0.0) [crypto/6]
(root,0,0,0.0) [crypto/7]
(root,0,0,0.0) [kthrotld/0]
(root,0,0,0.0) [kthrotld/1]
(root,0,0,0.0) [kthrotld/2]
(root,0,0,0.0) [kthrotld/3]
(root,0,0,0.0) [kthrotld/4]
(root,0,0,0.0) [kthrotld/5]
(root,0,0,0.0) [kthrotld/6]
(root,0,0,0.0) [kthrotld/7]
(root,0,0,0.0) [pciehpd]
(root,0,0,0.0) [kpsmoused]
(root,0,0,0.0) [usbhid_resumer]
(root,0,0,0.0) [deferwq]
(root,0,0,0.0) [kdmremove]
(root,0,0,0.0) [kstriped]
(root,0,0,0.0) [ttm_swap]
(root,0,0,0.0) [scsi_eh_0]
(root,0,0,0.0) [scsi_eh_1]
(root,0,0,0.0) [mpt_poll_0]
(root,0,0,0.0) [mpt/0]
(root,0,0,0.0) [scsi_eh_2]
(root,0,0,0.0) [kdmflush]
(root,0,0,0.0) [kdmflush]
(root,0,0,0.0) [jbd2/dm-0-8]
(root,0,0,0.0) [ext4-dio-unwrit]
(root,0,0,0.0) [flush-253:0]
(root,10676,340,0.0) /sbin/udevd -d
(root,0,0,0.1) [vmmemctl]
(root,0,0,0.0) [jbd2/sda1-8]
(root,0,0,0.0) [ext4-dio-unwrit]
(root,0,0,0.0) [kauditd]
(root,29764,704,0.0) auditd
(root,411340,9340,0.0) /sbin/rsyslogd -i /var/run/syslogd.pid -c 5
(named,256428,27160,0.0) /usr/sbin/named -u named -c /etc/named.conf -u named -n 2 -t /var/named/chroot
(rpc,18980,812,0.0) rpcbind
(root,223768,1776,0.0) /usr/sbin/sssd -f -D
(root,283128,4972,0.0) /usr/libexec/sssd/sssd_be --domain armada.it --uid 0 --gid 0 --debug-to-files
(root,227540,3264,0.0) /usr/libexec/sssd/sssd_nss --uid 0 --gid 0 --debug-to-files
(root,200288,2440,0.0) /usr/libexec/sssd/sssd_sudo --uid 0 --gid 0 --debug-to-files
(root,214560,3744,0.0) /usr/libexec/sssd/sssd_pam --uid 0 --gid 0 --debug-to-files
(root,200160,2224,0.0) /usr/libexec/sssd/sssd_ssh --uid 0 --gid 0 --debug-to-files
(root,225500,2220,0.0) /usr/libexec/sssd/sssd_pac --uid 0 --gid 0 --debug-to-files
(rpcuser,25432,772,0.0) rpc.statd
(dbus,33676,376,0.0) dbus-daemon --system
(10160,14632,260,0.0) magicspam-rate-limiter                                         
(10160,14636,400,0.0) /usr/local/psa/admin/sbin/modules/magicspampro/magicspam-daemon
(10160,399816,824,0.0) /usr/local/psa/admin/sbin/modules/magicspampro/magicspam-milter -p inet:12345@127.0.0.1
(root,10672,244,0.0) /sbin/udevd -d
(root,10672,244,0.0) /sbin/udevd -d
(root,400268,1344,0.0) automount --pid-file /var/run/autofs.pid
(root,200428,1332,0.0) /usr/sbin/snmpd -LS0-6d -Lf /dev/null -p /var/run/snmpd.pid
(root,66288,584,0.0) /usr/sbin/sshd
(root,21712,868,0.0) xinetd -stayalive -pidfile /var/run/xinetd.pid
(ntp,42984,1604,0.0) ntpd -x -u ntp:ntp -p /var/run/ntpd.pid
(root,1401360,1016248,0.0) clamd
(root,20104,1196,0.0) /usr/sbin/dovecot
(dovecot,13800,1320,0.0) dovecot/anvil
(root,13808,1268,0.0) dovecot/log
(root,23908,3236,0.0) dovecot/config
(amavis,363416,37496,0.0) /usr/sbin/amavisd (master)
(nagios,53712,856,0.0) nrpe -c /etc/nagios/nrpe.cfg -d
(root,60612,1196,0.0) /usr/libexec/postfix/master -w
(postfix,71364,2948,0.1) qmgr -l -t fifo -u
(postfix,70984,2588,0.0) tlsmgr -l -t unix -u
(tomcat,6305584,1426864,1.0) /usr/lib/jvm/java/bin/java -Xms256m -Xmx1024m -XX:PermSize=256m -XX:MaxPermSize=512m -Djavax.sql.DataSource.Factory=org.apache.commons.dbcp.BasicDataSourceFactory -classpath :/usr/share/tomcat6/bin/bootstrap.jar:/usr/share/tomcat6/bin/tomcat-juli.jar:/usr/share/java/commons-daemon.jar -Dcatalina.base=/usr/share/tomcat6 -Dcatalina.home=/usr/share/tomcat6 -Djava.endorsed.dirs= -Djava.io.tmpdir=/var/cache/tomcat6/temp -Djava.util.logging.config.file=/usr/share/tomcat6/conf/logging.properties -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager org.apache.catalina.startup.Bootstrap start
(root,223568,4524,0.0) /usr/bin/vmtoolsd
(postfix,1620912,4488,0.0) /usr/lib64/plesk-9.0/psa-pc-remote -p inet:12768@127.0.0.1 -P /var/run/psa-pc-remote.pid -u postfix -g popuser
(root,90328,3756,0.0) /usr/bin/VGAuthService -s --background=/var/run/vmware/vgauthsvclog_pid.txt
(root,414780,1208,0.0) php-fpm: master process (/opt/plesk/php/5.5/etc/php-fpm.conf)
(root,108312,1324,0.0) /bin/sh /usr/bin/mysqld_safe --datadir=/var/lib/mysql --socket=/var/lib/mysql/mysql.sock --pid-file=/var/run/mysqld/mysqld.pid --basedir=/usr --user=mysql
(mysql,4300608,655328,1.1) /usr/libexec/mysqld --basedir=/usr --datadir=/var/lib/mysql --plugin-dir=/usr/lib64/mysql/plugin --user=mysql --log-error=/var/log/mysqld.log --open-files-limit=8192 --pid-file=/var/run/mysqld/mysqld.pid --socket=/var/lib/mysql/mysql.sock
(postfix,58488,2932,0.0) spawn -n 127.0.0.1:12346 -t inet user=popuser popuser argv=/usr/lib64/plesk-9.0/postfix-srs
(root,390252,836,0.0) sw-engine-fpm: master process (/etc/sw-engine/sw-engine-fpm.conf)                                          
(root,52632,716,0.0) sw-cp-server: master process /usr/sbin/sw-cp-serverd -c /etc/sw-cp-server/config
(498,66300,4120,0.0) sw-cp-server: worker process                       
(root,129368,1212,0.0) crond
(root,21104,316,0.0) /usr/sbin/atd
(mailman,216604,1956,0.0) /usr/bin/python /usr/lib/mailman/bin/mailmanctl -s -q start
(mailman,216240,8636,0.0) /usr/bin/python /usr/lib/mailman/bin/qrunner --runner=ArchRunner:0:1 -s
(mailman,216296,6660,0.0) /usr/bin/python /usr/lib/mailman/bin/qrunner --runner=BounceRunner:0:1 -s
(mailman,216236,8592,0.0) /usr/bin/python /usr/lib/mailman/bin/qrunner --runner=CommandRunner:0:1 -s
(mailman,218540,11748,0.0) /usr/bin/python /usr/lib/mailman/bin/qrunner --runner=IncomingRunner:0:1 -s
(mailman,216260,6636,0.0) /usr/bin/python /usr/lib/mailman/bin/qrunner --runner=NewsRunner:0:1 -s
(mailman,219252,12292,0.0) /usr/bin/python /usr/lib/mailman/bin/qrunner --runner=OutgoingRunner:0:1 -s
(mailman,218384,9952,0.0) /usr/bin/python /usr/lib/mailman/bin/qrunner --runner=VirginRunner:0:1 -s
(mailman,216228,8644,0.0) /usr/bin/python /usr/lib/mailman/bin/qrunner --runner=RetryRunner:0:1 -s
(root,64632,896,0.0) /usr/sbin/certmonger -S -p /var/run/certmonger.pid
(root,359908,25648,0.0) /usr/bin/sw-engine -c /usr/local/psa/admin/conf/php.ini /usr/local/psa/admin/bin/modules/watchdog/wdcollect -c /usr/local/psa/etc/modules/watchdog/wdcollect.inc.php
(root,120076,3516,0.0) /usr/local/psa/admin/bin/modules/watchdog/monit -Ic /usr/local/psa/etc/modules/watchdog/monitrc
(root,4060,500,0.0) /sbin/mingetty /dev/tty1
(root,4060,500,0.0) /sbin/mingetty /dev/tty2
(root,4060,500,0.0) /sbin/mingetty /dev/tty3
(root,4060,500,0.0) /sbin/mingetty /dev/tty4
(root,4060,500,0.0) /sbin/mingetty /dev/tty5
(root,4060,500,0.0) /sbin/mingetty /dev/tty6
(postfix,70888,3044,0.0) showq -t unix -u
(dovenull,43200,4096,0.0) dovecot/imap-login
(popuser,25276,3936,0.0) dovecot/imap
(apache,452160,71064,0.0) /usr/sbin/httpd
(apache,452020,70928,0.0) /usr/sbin/httpd
(apache,451284,70452,0.0) /usr/sbin/httpd
(apache,451504,70656,0.0) /usr/sbin/httpd
(apache,451256,70368,0.0) /usr/sbin/httpd
(apache,451492,70628,0.0) /usr/sbin/httpd
(apache,451424,70552,0.0) /usr/sbin/httpd
(apache,451464,70496,0.0) /usr/sbin/httpd
(apache,451588,70636,0.0) /usr/sbin/httpd
(apache,451548,70588,0.0) /usr/sbin/httpd
(apache,451092,70108,0.0) /usr/sbin/httpd
(apache,451108,70224,0.0) /usr/sbin/httpd
(apache,462444,81884,0.0) /usr/sbin/httpd
(amavis,365244,70480,0.0) /usr/sbin/amavisd (ch8-avail)
(postfix,94376,7568,0.0) smtpd -n smtp -t inet -u -o stress=
(postfix,94464,7600,0.0) smtpd -n smtp -t inet -u -o stress=
(popuser,12268,1088,0.0) /usr/lib64/plesk-9.0/postfix-srs
(postfix,58488,2932,0.0) spawn -n 127.0.0.1:12346 -t inet user=popuser popuser argv=/usr/lib64/plesk-9.0/postfix-srs
(popuser,12268,1092,0.0) /usr/lib64/plesk-9.0/postfix-srs
(amavis,365364,70808,0.0) /usr/sbin/amavisd (ch9-avail)
(dovenull,43204,4104,0.0) dovecot/imap-login
(popuser,24108,3308,0.0) dovecot/imap
(postfix,94396,7592,0.0) smtpd -n smtp -t inet -u -o stress=
(amavis,368152,76276,0.1) /usr/sbin/amavisd (ch9-avail)
(apache,462500,81848,0.0) /usr/sbin/httpd
(root,38668,3592,0.0) dovecot/auth
(postfix,58488,2932,0.0) spawn -n 127.0.0.1:12346 -t inet user=popuser popuser argv=/usr/lib64/plesk-9.0/postfix-srs
(popuser,12268,1092,0.0) /usr/lib64/plesk-9.0/postfix-srs
(dovenull,43208,4100,0.0) dovecot/imap-login
(popuser,24064,3012,0.0) dovecot/imap
(amavis,365404,70840,0.0) /usr/sbin/amavisd (ch6-avail)
(dovenull,43204,4080,0.0) dovecot/imap-login
(popuser,23852,2636,0.0) dovecot/imap
(popuser,23852,2644,0.0) dovecot/imap
(amavis,365288,70600,0.0) /usr/sbin/amavisd (ch5-avail)
(popuser,23868,2692,0.0) dovecot/imap
(dovenull,43200,4084,0.0) dovecot/imap-login
(popuser,23836,2708,0.0) dovecot/imap
(dovenull,43200,4080,0.0) dovecot/imap-login
(popuser,24804,3848,0.0) dovecot/imap
(popuser,23876,2968,0.0) dovecot/imap
(popuser,23836,2672,0.0) dovecot/imap
(dovenull,43200,4100,0.0) dovecot/imap-login
(popuser,23508,2220,0.0) dovecot/imap
(popuser,23992,2984,0.0) dovecot/imap
(root,176864,24164,0.3) lfd - sleeping
(dovenull,43200,4084,0.0) dovecot/imap-login
(popuser,23852,2924,0.0) dovecot/imap
(amavis,365032,70256,0.0) /usr/sbin/amavisd (ch2-avail)
(postfix,71528,4268,0.0) cleanup -z -t unix -u
(popuser,12268,1092,0.0) /usr/lib64/plesk-9.0/postfix-srs
(postfix,91444,5832,0.0) smtpd -n 127.0.0.1:10025 -t inet -u -c -o content_filter= -o local_recipient_maps= -o relay_recipient_maps= -o smtpd_restriction_classes= -o smtpd_delay_reject=no -o smtpd_client_restrictions=permit_mynetworks,reject -o smtpd_helo_restrictions= -o smtpd_sender_restrictions= -o smtpd_recipient_restrictions=permit_mynetworks,reject -o smtpd_data_restrictions=reject_unauth_pipelining -o smtpd_end_of_data_restrictions= -o mynetworks=127.0.0.0/8 -o smtpd_error_sleep_time=0 -o smtpd_soft_error_limit=1001 -o smtpd_hard_error_limit=1000 -o smtpd_client_connection_count_limit=0 -o smtpd_client_connection_rate_limit=0 -o receive_override_options=no_header_body_checks,no_unknown_recipient_checks
(postfix,71344,4080,0.0) cleanup -z -t unix -u
(dovenull,43200,4104,0.0) dovecot/imap-login
(popuser,23860,2840,0.0) dovecot/imap
(dovenull,43200,4080,0.0) dovecot/imap-login
(dovenull,43200,4080,0.0) dovecot/imap-login
(popuser,24152,3180,0.0) dovecot/imap
(popuser,23852,2668,0.0) dovecot/imap
(postfix,58488,2932,0.0) spawn -n 127.0.0.1:12346 -t inet user=popuser popuser argv=/usr/lib64/plesk-9.0/postfix-srs
(popuser,12268,1088,0.0) /usr/lib64/plesk-9.0/postfix-srs
(dovenull,43200,4084,0.0) dovecot/imap-login
(popuser,23860,2936,0.0) dovecot/imap
(dovenull,43204,4080,0.0) dovecot/imap-login
(popuser,23836,2656,0.0) dovecot/imap
(dovenull,43204,4116,0.0) dovecot/imap-login
(popuser,23840,2672,0.0) dovecot/imap
(postfix,71316,4072,0.0) smtp -n amavisd -t unix -u -c -o smtp_data_done_timeout=1200 -o smtp_send_xforward_command=yes -o disable_dns_lookups=yes -o max_use=20
(postfix,58488,2928,0.0) spawn -n 127.0.0.1:12346 -t inet user=popuser popuser argv=/usr/lib64/plesk-9.0/postfix-srs
(postfix,59176,3972,0.0) local -t unix
(postfix,70796,3128,0.0) bounce -z -t unix -u
(amavis,365248,70416,0.1) /usr/sbin/amavisd (ch3-avail)
(dovenull,43200,4080,0.0) dovecot/imap-login
(dovenull,43200,4080,0.0) dovecot/imap-login
(popuser,23964,3148,0.0) dovecot/imap
(popuser,24484,3184,0.0) dovecot/imap
(dovenull,43200,4080,0.0) dovecot/imap-login
(popuser,23844,2872,0.0) dovecot/imap
(amavis,365032,70256,0.1) /usr/sbin/amavisd (ch2-avail)
(postfix,70748,3072,0.0) pickup -l -t fifo -u
(postfix,91444,5820,0.0) smtpd -n 127.0.0.1:10025 -t inet -u -c -o content_filter= -o local_recipient_maps= -o relay_recipient_maps= -o smtpd_restriction_classes= -o smtpd_delay_reject=no -o smtpd_client_restrictions=permit_mynetworks,reject -o smtpd_helo_restrictions= -o smtpd_sender_restrictions= -o smtpd_recipient_restrictions=permit_mynetworks,reject -o smtpd_data_restrictions=reject_unauth_pipelining -o smtpd_end_of_data_restrictions= -o mynetworks=127.0.0.0/8 -o smtpd_error_sleep_time=0 -o smtpd_soft_error_limit=1001 -o smtpd_hard_error_limit=1000 -o smtpd_client_connection_count_limit=0 -o smtpd_client_connection_rate_limit=0 -o receive_override_options=no_header_body_checks,no_unknown_recipient_checks
(apache,461360,80956,0.0) /usr/sbin/httpd
(postfix,71328,4552,0.0) smtp -t unix -u
(postfix,71328,4636,0.0) smtp -t unix -u
(postfix,71316,4068,0.0) smtp -n amavisd -t unix -u -c -o smtp_data_done_timeout=1200 -o smtp_send_xforward_command=yes -o disable_dns_lookups=yes -o max_use=20
(apache,461452,81052,0.0) /usr/sbin/httpd
(apache,461332,81044,0.0) /usr/sbin/httpd
(apache,460244,79928,0.0) /usr/sbin/httpd
(dovenull,43200,4084,0.0) dovecot/imap-login
(popuser,23916,3004,0.0) dovecot/imap
(dovenull,43200,4084,0.0) dovecot/imap-login
(popuser,24152,3176,0.0) dovecot/imap
(dovenull,43200,4080,0.0) dovecot/imap-login
(popuser,23852,2668,0.0) dovecot/imap
(postfix,94040,6996,0.1) smtpd -n submission -t inet -u -o stress= -o smtpd_enforce_tls=yes -o smtpd_tls_security_level=encrypt -o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions=permit_sasl_authenticated,reject -o smtpd_sender_restrictions= -o smtpd_recipient_restrictions=permit_mynetworks,permit_sasl_authenticated,reject_unauth_destination
(postfix,70720,3016,0.0) proxymap -t unix -u
(postfix,71328,4620,0.0) smtp -t unix -u
(postfix,71328,4640,0.0) smtp -t unix -u
(postfix,71180,3988,0.0) smtp -t unix -u
(postfix,71180,3992,0.0) smtp -t unix -u
(postfix,71328,4620,0.0) smtp -t unix -u
(postfix,71180,4000,0.0) smtp -t unix -u
(postfix,71180,3996,0.0) smtp -t unix -u
(postfix,71180,3996,0.0) smtp -t unix -u
(postfix,71908,4572,0.0) trivial-rewrite -n rewrite -t unix -u
(amavis,364656,69724,0.1) /usr/sbin/amavisd (ch1-avail)
(amavis,364656,39188,0.0) /usr/sbin/amavisd (virgin child)
(dovenull,43104,4112,0.0) dovecot/imap-login
(popuser,49056,3612,0.0) dovecot/imap
(root,13668,1164,0.0) dovecot/ssl-params
(fimppro,502656,138376,9.6) /opt/plesk/php/7.2/bin/php-cgi -c /var/www/vhosts/system/fimp.pro/etc/php.ini
(fimppro,487160,133436,9.7) /opt/plesk/php/7.2/bin/php-cgi -c /var/www/vhosts/system/fimp.pro/etc/php.ini
(ffellico,390396,23932,0.3) /opt/plesk/php/5.6/bin/php-cgi -c /var/www/vhosts/system/ffellico.it/etc/php.ini
(dovenull,43200,4116,0.2) dovecot/imap-login
(popuser,23844,2672,0.0) dovecot/imap
(fimppro,558692,51840,18.7) /opt/plesk/php/7.1/bin/php-cgi -c /var/www/vhosts/system/demo.fimp.pro/etc/php.ini
(cocori,391764,27344,1.3) /opt/plesk/php/5.6/bin/php-cgi -c /var/www/vhosts/system/forum.hrspace.it/etc/php.ini
(postfix,43696,2716,0.0) plesk_saslauthd -l -t unix -u status=5 listen=6 dbpath=/var/spool/postfix/plesk/passwd.db
(root,110248,1584,0.2) /bin/bash /usr/bin/check_mk_agent
(root,110248,760,0.0) /bin/bash /usr/bin/check_mk_agent
(root,110248,648,0.0) /bin/bash /usr/bin/check_mk_agent
(root,830756,9044,1.0) python /usr/lib64/nagios/plugins/check_blacklist -w 1 -c 3 -h server.serverlinuxxte.com
(root,110248,1532,0.0) /bin/bash /usr/bin/check_mk_agent
(root,13364,1032,0.0) ps ax -o user,vsz,rss,pcpu,command --columns 10000
(root,8388,840,0.0) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4) /
(dovenull,43104,4108,0.0) dovecot/imap-login
(popuser,24152,3348,0.0) dovecot/imap
(apache,465104,84696,0.0) /usr/sbin/httpd
(apache,463472,82796,0.0) /usr/sbin/httpd
(popuser,299252,95860,0.2) spamd child
(popuser,291140,87672,0.0) spamd child
(amavis,365796,72632,0.0) /usr/sbin/amavisd (ch19-avail)
(root,281616,80168,0.0) /usr/bin/spamd --create-prefs --daemonize --helper-home-dir=/var/qmail --max-children=5 --nouser-config --username=popuser --virtual-config-dir=/var/qmail/mailnames/%d/%l/.spamassassin -r /var/run/spamd.pid
(postfix,70848,2488,0.0) anvil -l -t unix -u
(amavis,367744,74816,0.0) /usr/sbin/amavisd (ch14-avail)
(dovenull,43200,4116,0.0) dovecot/imap-login
(popuser,23820,2676,0.0) dovecot/imap
(root,436112,71176,0.0) /usr/sbin/httpd
(root,3872,1476,0.0) plesk bin extension --exec revisium-antivirus ra_executor.php
(apache,341764,58164,0.0) /usr/sbin/httpd
(psaadm,281828,44704,0.0) /usr/bin/sw-engine -c /usr/local/psa/admin/conf/php.ini /usr/local/psa/bin/extension --exec revisium-antivirus ra_executor.php
(psaadm,11300,1292,0.0) sh -c '/usr/local/psa/admin/bin/php' -dauto_prepend_file=sdk.php '/usr/local/psa/admin/plib/modules/revisium-antivirus/scripts/ra_executor.php' 2>&1
(psaadm,264772,40548,0.0) /usr/bin/sw-engine -c /usr/local/psa/admin/conf/php.ini -dauto_prepend_file=sdk.php /usr/local/psa/admin/plib/modules/revisium-antivirus/scripts/ra_executor.php
      Found on 2023-05-03 22:25

    • Severity: high
      Fingerprint: 03cb82e6f6a6b45342c4bbcbd51b336f6083b8906ad374733d13f17a89331a22

      Found public CheckMk agent:
Version: 1.2.4p1
AgentOS: linux
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
SpoolDirectory: /etc/check_mk/spool
AgentDirectory: /etc/check_mk
OnlyFrom: 

Found process list through CheckMk:
(root,33672,1296,0.0) /sbin/init
(root,0,0,0.0) [kthreadd]
(root,0,0,0.0) [migration/0]
(root,0,0,0.0) [ksoftirqd/0]
(root,0,0,0.0) [stopper/0]
(root,0,0,0.0) [watchdog/0]
(root,0,0,0.0) [migration/1]
(root,0,0,0.0) [stopper/1]
(root,0,0,0.0) [ksoftirqd/1]
(root,0,0,0.0) [watchdog/1]
(root,0,0,0.0) [migration/2]
(root,0,0,0.0) [stopper/2]
(root,0,0,0.0) [ksoftirqd/2]
(root,0,0,0.0) [watchdog/2]
(root,0,0,0.0) [migration/3]
(root,0,0,0.0) [stopper/3]
(root,0,0,0.0) [ksoftirqd/3]
(root,0,0,0.0) [watchdog/3]
(root,0,0,0.0) [migration/4]
(root,0,0,0.0) [stopper/4]
(root,0,0,0.0) [ksoftirqd/4]
(root,0,0,0.0) [watchdog/4]
(root,0,0,0.0) [migration/5]
(root,0,0,0.0) [stopper/5]
(root,0,0,0.0) [ksoftirqd/5]
(root,0,0,0.0) [watchdog/5]
(root,0,0,0.0) [migration/6]
(root,0,0,0.0) [stopper/6]
(root,0,0,0.0) [ksoftirqd/6]
(root,0,0,0.0) [watchdog/6]
(root,0,0,0.0) [migration/7]
(root,0,0,0.0) [stopper/7]
(root,0,0,0.0) [ksoftirqd/7]
(root,0,0,0.0) [watchdog/7]
(root,0,0,0.0) [events/0]
(root,0,0,0.0) [events/1]
(root,0,0,0.0) [events/2]
(root,0,0,0.0) [events/3]
(root,0,0,0.0) [events/4]
(root,0,0,0.0) [events/5]
(root,0,0,0.0) [events/6]
(root,0,0,0.0) [events/7]
(root,0,0,0.0) [events/0]
(root,0,0,0.0) [events/1]
(root,0,0,0.0) [events/2]
(root,0,0,0.0) [events/3]
(root,0,0,0.0) [events/4]
(root,0,0,0.0) [events/5]
(root,0,0,0.0) [events/6]
(root,0,0,0.0) [events/7]
(root,0,0,0.0) [events_long/0]
(root,0,0,0.0) [events_long/1]
(root,0,0,0.0) [events_long/2]
(root,0,0,0.0) [events_long/3]
(root,0,0,0.0) [events_long/4]
(root,0,0,0.0) [events_long/5]
(root,0,0,0.0) [events_long/6]
(root,0,0,0.0) [events_long/7]
(root,0,0,0.0) [events_power_ef]
(root,0,0,0.0) [events_power_ef]
(root,0,0,0.0) [events_power_ef]
(root,0,0,0.0) [events_power_ef]
(root,0,0,0.0) [events_power_ef]
(root,0,0,0.0) [events_power_ef]
(root,0,0,0.0) [events_power_ef]
(root,0,0,0.0) [events_power_ef]
(root,0,0,0.0) [cgroup]
(root,0,0,0.0) [khelper]
(root,0,0,0.0) [netns]
(root,0,0,0.0) [async/mgr]
(root,0,0,0.0) [pm]
(root,0,0,0.0) [sync_supers]
(root,0,0,0.0) [bdi-default]
(root,0,0,0.0) [kintegrityd/0]
(root,0,0,0.0) [kintegrityd/1]
(root,0,0,0.0) [kintegrityd/2]
(root,0,0,0.0) [kintegrityd/3]
(root,0,0,0.0) [kintegrityd/4]
(root,0,0,0.0) [kintegrityd/5]
(root,0,0,0.0) [kintegrityd/6]
(root,0,0,0.0) [kintegrityd/7]
(root,0,0,0.0) [kblockd/0]
(root,0,0,0.0) [kblockd/1]
(root,0,0,0.0) [kblockd/2]
(root,0,0,0.0) [kblockd/3]
(root,0,0,0.0) [kblockd/4]
(root,0,0,0.0) [kblockd/5]
(root,0,0,0.0) [kblockd/6]
(root,0,0,0.0) [kblockd/7]
(root,0,0,0.0) [kacpid]
(root,0,0,0.0) [kacpi_notify]
(root,0,0,0.0) [kacpi_hotplug]
(root,0,0,0.0) [ata_aux]
(root,0,0,0.0) [ata_sff/0]
(root,0,0,0.0) [ata_sff/1]
(root,0,0,0.0) [ata_sff/2]
(root,0,0,0.0) [ata_sff/3]
(root,0,0,0.0) [ata_sff/4]
(root,0,0,0.0) [ata_sff/5]
(root,0,0,0.0) [ata_sff/6]
(root,0,0,0.0) [ata_sff/7]
(root,0,0,0.0) [ksuspend_usbd]
(root,0,0,0.0) [khubd]
(root,0,0,0.0) [kseriod]
(root,0,0,0.0) [md/0]
(root,0,0,0.0) [md/1]
(root,0,0,0.0) [md/2]
(root,0,0,0.0) [md/3]
(root,0,0,0.0) [md/4]
(root,0,0,0.0) [md/5]
(root,0,0,0.0) [md/6]
(root,0,0,0.0) [md/7]
(root,0,0,0.0) [md_misc/0]
(root,0,0,0.0) [md_misc/1]
(root,0,0,0.0) [md_misc/2]
(root,0,0,0.0) [md_misc/3]
(root,0,0,0.0) [md_misc/4]
(root,0,0,0.0) [md_misc/5]
(root,0,0,0.0) [md_misc/6]
(root,0,0,0.0) [md_misc/7]
(root,0,0,0.0) [linkwatch]
(root,0,0,0.0) [khungtaskd]
(root,0,0,0.0) [lru-add-drain/0]
(root,0,0,0.0) [lru-add-drain/1]
(root,0,0,0.0) [lru-add-drain/2]
(root,0,0,0.0) [lru-add-drain/3]
(root,0,0,0.0) [lru-add-drain/4]
(root,0,0,0.0) [lru-add-drain/5]
(root,0,0,0.0) [lru-add-drain/6]
(root,0,0,0.0) [lru-add-drain/7]
(root,0,0,0.0) [kswapd0]
(root,0,0,0.0) [ksmd]
(root,0,0,0.0) [khugepaged]
(root,0,0,0.0) [aio/0]
(root,0,0,0.0) [aio/1]
(root,0,0,0.0) [aio/2]
(root,0,0,0.0) [aio/3]
(root,0,0,0.0) [aio/4]
(root,0,0,0.0) [aio/5]
(root,0,0,0.0) [aio/6]
(root,0,0,0.0) [aio/7]
(root,0,0,0.0) [crypto/0]
(root,0,0,0.0) [crypto/1]
(root,0,0,0.0) [crypto/2]
(root,0,0,0.0) [crypto/3]
(root,0,0,0.0) [crypto/4]
(root,0,0,0.0) [crypto/5]
(root,0,0,0.0) [crypto/6]
(root,0,0,0.0) [crypto/7]
(root,0,0,0.0) [kthrotld/0]
(root,0,0,0.0) [kthrotld/1]
(root,0,0,0.0) [kthrotld/2]
(root,0,0,0.0) [kthrotld/3]
(root,0,0,0.0) [kthrotld/4]
(root,0,0,0.0) [kthrotld/5]
(root,0,0,0.0) [kthrotld/6]
(root,0,0,0.0) [kthrotld/7]
(root,0,0,0.0) [pciehpd]
(root,0,0,0.0) [kpsmoused]
(root,0,0,0.0) [usbhid_resumer]
(root,0,0,0.0) [deferwq]
(root,0,0,0.0) [kdmremove]
(root,0,0,0.0) [kstriped]
(root,0,0,0.0) [ttm_swap]
(root,0,0,0.0) [scsi_eh_0]
(root,0,0,0.0) [scsi_eh_1]
(apache,453580,72528,0.0) /usr/sbin/httpd
(root,0,0,0.0) [mpt_poll_0]
(root,0,0,0.0) [mpt/0]
(root,0,0,0.0) [scsi_eh_2]
(apache,452352,71488,0.0) /usr/sbin/httpd
(root,0,0,0.0) [kdmflush]
(root,0,0,0.0) [kdmflush]
(root,0,0,0.1) [flush-253:0]
(root,0,0,0.1) [jbd2/dm-0-8]
(root,0,0,0.0) [ext4-dio-unwrit]
(root,10996,280,0.0) /sbin/udevd -d
(root,0,0,0.1) [vmmemctl]
(root,11000,264,0.0) /sbin/udevd -d
(root,0,0,0.0) [jbd2/sda1-8]
(root,0,0,0.0) [ext4-dio-unwrit]
(root,0,0,0.0) [kauditd]
(amavis,368588,72864,0.1) /usr/sbin/amavisd (ch17-avail)
(amavis,372956,76784,0.0) /usr/sbin/amavisd (ch14-avail)
(root,29764,700,0.0) auditd
(root,411720,8024,0.0) /sbin/rsyslogd -i /var/run/syslogd.pid -c 5
(named,262668,18504,0.0) /usr/sbin/named -u named -c /etc/named.conf -u named -n 2 -t /var/named/chroot
(rpc,19048,828,0.0) rpcbind
(root,223768,1768,0.0) /usr/sbin/sssd -f -D
(root,283272,4880,0.0) /usr/libexec/sssd/sssd_be --domain armada.it --uid 0 --gid 0 --debug-to-files
(root,228176,3676,0.0) /usr/libexec/sssd/sssd_nss --uid 0 --gid 0 --debug-to-files
(root,200296,2484,0.0) /usr/libexec/sssd/sssd_sudo --uid 0 --gid 0 --debug-to-files
(root,214560,3292,0.0) /usr/libexec/sssd/sssd_pam --uid 0 --gid 0 --debug-to-files
(root,207940,2808,0.0) /usr/libexec/sssd/sssd_ssh --uid 0 --gid 0 --debug-to-files
(root,225500,2176,0.0) /usr/libexec/sssd/sssd_pac --uid 0 --gid 0 --debug-to-files
(rpcuser,25432,752,0.0) rpc.statd
(dbus,33676,372,0.0) dbus-daemon --system
(10160,14632,256,0.0) magicspam-rate-limiter                                         
(10160,14636,400,0.0) /usr/local/psa/admin/sbin/modules/magicspampro/magicspam-daemon
(10160,2179532,756,0.0) /usr/local/psa/admin/sbin/modules/magicspampro/magicspam-milter -p inet:12345@127.0.0.1
(root,10992,240,0.0) /sbin/udevd -d
(root,466824,1372,0.0) automount --pid-file /var/run/autofs.pid
(root,200432,1352,0.0) /usr/sbin/snmpd -LS0-6d -Lf /dev/null -p /var/run/snmpd.pid
(root,66288,576,0.0) /usr/sbin/sshd
(root,21712,844,0.0) xinetd -stayalive -pidfile /var/run/xinetd.pid
(ntp,42984,1616,0.0) ntpd -x -u ntp:ntp -p /var/run/ntpd.pid
(root,1403628,1108684,0.1) clamd
(root,20104,1292,0.0) /usr/sbin/dovecot
(dovecot,13800,1352,0.0) dovecot/anvil
(amavis,363328,32608,0.0) /usr/sbin/amavisd (master)
(nagios,53712,856,0.0) nrpe -c /etc/nagios/nrpe.cfg -d
(root,60612,1212,0.0) /usr/libexec/postfix/master -w
(tomcat,6329408,1382472,1.5) /usr/lib/jvm/java/bin/java -Xms256m -Xmx1024m -XX:PermSize=256m -XX:MaxPermSize=512m -Djavax.sql.DataSource.Factory=org.apache.commons.dbcp.BasicDataSourceFactory -classpath :/usr/share/tomcat6/bin/bootstrap.jar:/usr/share/tomcat6/bin/tomcat-juli.jar:/usr/share/java/commons-daemon.jar -Dcatalina.base=/usr/share/tomcat6 -Dcatalina.home=/usr/share/tomcat6 -Djava.endorsed.dirs= -Djava.io.tmpdir=/var/cache/tomcat6/temp -Djava.util.logging.config.file=/usr/share/tomcat6/conf/logging.properties -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager org.apache.catalina.startup.Bootstrap start
(root,213324,4372,0.1) /usr/bin/vmtoolsd
(postfix,4242460,2268,0.0) /usr/lib64/plesk-9.0/psa-pc-remote -p inet:12768@127.0.0.1 -P /var/run/psa-pc-remote.pid -u postfix -g popuser
(root,90328,3496,0.0) /usr/bin/VGAuthService -s --background=/var/run/vmware/vgauthsvclog_pid.txt
(root,414780,1072,0.0) php-fpm: master process (/opt/plesk/php/5.5/etc/php-fpm.conf)
(root,108312,1204,0.0) /bin/sh /usr/bin/mysqld_safe --datadir=/var/lib/mysql --socket=/var/lib/mysql/mysql.sock --pid-file=/var/run/mysqld/mysqld.pid --basedir=/usr --user=mysql
(amavis,374440,78704,0.1) /usr/sbin/amavisd (ch11-avail)
(dovenull,43200,4088,0.0) dovecot/imap-login
(popuser,24120,3200,0.0) dovecot/imap
(mysql,5724132,1103752,2.8) /usr/libexec/mysqld --basedir=/usr --datadir=/var/lib/mysql --plugin-dir=/usr/lib64/mysql/plugin --user=mysql --log-error=/var/log/mysqld.log --open-files-limit=8192 --pid-file=/var/run/mysqld/mysqld.pid --socket=/var/lib/mysql/mysql.sock
(dovenull,43208,4116,0.0) dovecot/imap-login
(popuser,23820,2652,0.0) dovecot/imap
(root,388860,788,0.0) sw-engine-fpm: master process (/etc/sw-engine/sw-engine-fpm.conf)                                          
(root,53804,2076,0.0) sw-cp-server: master process /usr/sbin/sw-cp-serverd -c /etc/sw-cp-server/config
(root,129368,1240,0.0) crond
(root,21104,308,0.0) /usr/sbin/atd
(mailman,216612,2252,0.0) /usr/bin/python /usr/lib/mailman/bin/mailmanctl -s -q start
(mailman,220340,11152,0.0) /usr/bin/python /usr/lib/mailman/bin/qrunner --runner=ArchRunner:0:1 -s
(mailman,216428,6236,0.0) /usr/bin/python /usr/lib/mailman/bin/qrunner --runner=BounceRunner:0:1 -s
(mailman,216240,7684,0.0) /usr/bin/python /usr/lib/mailman/bin/qrunner --runner=CommandRunner:0:1 -s
(mailman,368924,138060,0.0) /usr/bin/python /usr/lib/mailman/bin/qrunner --runner=IncomingRunner:0:1 -s
(mailman,216264,7668,0.0) /usr/bin/python /usr/lib/mailman/bin/qrunner --runner=NewsRunner:0:1 -s
(mailman,221392,11068,0.0) /usr/bin/python /usr/lib/mailman/bin/qrunner --runner=OutgoingRunner:0:1 -s
(mailman,219168,9668,0.0) /usr/bin/python /usr/lib/mailman/bin/qrunner --runner=VirginRunner:0:1 -s
(mailman,216232,7668,0.0) /usr/bin/python /usr/lib/mailman/bin/qrunner --runner=RetryRunner:0:1 -s
(root,64632,896,0.0) /usr/sbin/certmonger -S -p /var/run/certmonger.pid
(root,358512,12832,0.0) /usr/bin/sw-engine -c /usr/local/psa/admin/conf/php.ini /usr/local/psa/admin/bin/modules/watchdog/wdcollect -c /usr/local/psa/etc/modules/watchdog/wdcollect.inc.php
(root,195856,3548,0.0) /usr/local/psa/admin/bin/modules/watchdog/monit -Ic /usr/local/psa/etc/modules/watchdog/monitrc
(root,4060,492,0.0) /sbin/mingetty /dev/tty1
(root,4060,492,0.0) /sbin/mingetty /dev/tty2
(root,4060,492,0.0) /sbin/mingetty /dev/tty3
(root,4060,492,0.0) /sbin/mingetty /dev/tty4
(root,4060,492,0.0) /sbin/mingetty /dev/tty5
(root,4060,492,0.0) /sbin/mingetty /dev/tty6
(dovenull,43204,3112,0.0) dovecot/imap-login
(popuser,25580,3832,0.0) dovecot/imap
(postfix,70888,3044,0.0) showq -t unix -u
(amavis,372872,78628,0.1) /usr/sbin/amavisd (ch16-avail)
(dovenull,43204,3112,0.0) dovecot/imap-login
(popuser,23860,2640,0.0) dovecot/imap
(dovenull,43204,4088,0.0) dovecot/imap-login
(popuser,24512,2720,0.0) dovecot/imap
(root,134160,4436,0.0) sshd: giovanni [priv]
(giovanni,134160,2048,0.0) sshd: giovanni@pts/1
(giovanni,123412,4664,0.0) -sh
(dovenull,43200,4088,0.0) dovecot/imap-login
(popuser,25260,3188,0.0) dovecot/imap
(dovenull,43204,3116,0.0) dovecot/imap-login
(popuser,24360,3256,0.0) dovecot/imap
(root,281812,80392,0.0) /usr/bin/spamd --create-prefs --daemonize --helper-home-dir=/var/qmail --max-children=5 --nouser-config --username=popuser --virtual-config-dir=/var/qmail/mailnames/%d/%l/.spamassassin -r /var/run/spamd.pid
(popuser,300628,97188,0.3) spamd child
(popuser,297460,93960,0.1) spamd child
(dovenull,43204,3116,0.0) dovecot/imap-login
(popuser,32044,6068,0.0) dovecot/imap
(dovenull,43204,3124,0.0) dovecot/imap-login
(popuser,24364,3296,0.0) dovecot/imap
(dovenull,43204,3108,0.0) dovecot/imap-login
(popuser,24552,3228,0.0) dovecot/imap
(amavis,365448,68124,0.1) /usr/sbin/amavisd (ch10-avail)
(dovenull,43104,4112,0.0) dovecot/imap-login
(popuser,24100,3152,0.0) dovecot/imap
(dovenull,43104,4112,0.0) dovecot/imap-login
(popuser,24056,3160,0.0) dovecot/imap
(amavis,365388,67760,0.1) /usr/sbin/amavisd (ch8-avail)
(postfix,58488,2928,0.0) spawn -n 127.0.0.1:12346 -t inet user=popuser popuser argv=/usr/lib64/plesk-9.0/postfix-srs
(popuser,23980,3056,0.0) dovecot/imap
(root,436164,73896,0.0) /usr/sbin/httpd
(apache,341644,58500,0.1) /usr/sbin/httpd
(postfix,72040,4684,0.0) trivial-rewrite -n rewrite -t unix -u
(apache,454640,73668,0.1) /usr/sbin/httpd
(apache,453492,72548,0.0) /usr/sbin/httpd
(apache,454712,73724,0.1) /usr/sbin/httpd
(apache,453344,72448,0.1) /usr/sbin/httpd
(apache,453952,73020,0.1) /usr/sbin/httpd
(apache,453044,72244,0.0) /usr/sbin/httpd
(apache,453736,72740,0.0) /usr/sbin/httpd
(apache,453752,72960,0.0) /usr/sbin/httpd
(dovenull,43216,4088,0.0) dovecot/imap-login
(dovenull,43200,4084,0.0) dovecot/imap-login
(popuser,23876,2956,0.0) dovecot/imap
(popuser,23836,2660,0.0) dovecot/imap
(dovenull,43208,4092,0.0) dovecot/imap-login
(popuser,23884,2848,0.0) dovecot/imap
(root,3872,1452,0.0) plesk bin extension --exec revisium-antivirus ra_executor.php
(psaadm,283972,46836,0.0) /usr/bin/sw-engine -c /usr/local/psa/admin/conf/php.ini /usr/local/psa/bin/extension --exec revisium-antivirus ra_executor.php
(psaadm,11300,1296,0.0) sh -c '/usr/local/psa/admin/bin/php' -dauto_prepend_file=sdk.php '/usr/local/psa/admin/plib/modules/revisium-antivirus/scripts/ra_executor.php' 2>&1
(psaadm,266916,42696,0.1) /usr/bin/sw-engine -c /usr/local/psa/admin/conf/php.ini -dauto_prepend_file=sdk.php /usr/local/psa/admin/plib/modules/revisium-antivirus/scripts/ra_executor.php
(dovenull,43104,4124,0.0) dovecot/imap-login
(popuser,25260,3452,0.0) dovecot/imap
(dovenull,43104,4124,0.0) dovecot/imap-login
(popuser,23836,2832,0.0) dovecot/imap
(dovenull,43104,4120,0.0) dovecot/imap-login
(popuser,23624,2304,0.0) dovecot/imap
(root,196148,3080,0.0) CROND
(root,106080,1360,0.0) /bin/bash /root/backup_totale_mysql.sh
(root,106124,1000,0.2) /bin/bash /root/backup_totale_mysql.sh
(popuser,23892,2992,0.0) dovecot/imap
(popuser,23840,2800,0.0) dovecot/imap
(postfix,91444,5820,0.0) smtpd -n 127.0.0.1:10025 -t inet -u -c -o content_filter= -o local_recipient_maps= -o relay_recipient_maps= -o smtpd_restriction_classes= -o smtpd_delay_reject=no -o smtpd_client_restrictions=permit_mynetworks,reject -o smtpd_helo_restrictions= -o smtpd_sender_restrictions= -o smtpd_recipient_restrictions=permit_mynetworks,reject -o smtpd_data_restrictions=reject_unauth_pipelining -o smtpd_end_of_data_restrictions= -o mynetworks=127.0.0.0/8 -o smtpd_error_sleep_time=0 -o smtpd_soft_error_limit=1001 -o smtpd_hard_error_limit=1000 -o smtpd_client_connection_count_limit=0 -o smtpd_client_connection_rate_limit=0 -o receive_override_options=no_header_body_checks,no_unknown_recipient_checks
(amavis,372884,76568,0.0) /usr/sbin/amavisd (ch2-26118-02)
(dovenull,43208,4084,0.0) dovecot/imap-login
(popuser,23884,2952,0.0) dovecot/imap
(dovenull,43200,4080,0.0) dovecot/imap-login
(popuser,23872,2964,0.0) dovecot/imap
(amavis,365972,69368,0.5) /usr/sbin/amavisd (ch4-avail)
(postfix,58488,2896,0.0) spawn -n 127.0.0.1:12346 -t inet user=popuser popuser argv=/usr/lib64/plesk-9.0/postfix-srs
(dovenull,43200,3096,0.0) dovecot/imap-login
(popuser,23920,2508,0.0) dovecot/imap
(dovenull,43200,4080,0.0) dovecot/imap-login
(popuser,23836,2652,0.0) dovecot/imap
(dovenull,43200,4084,0.0) dovecot/imap-login
(popuser,23852,2668,0.0) dovecot/imap
(dovenull,43200,4088,0.0) dovecot/imap-login
(dovenull,43204,4092,0.0) dovecot/imap-login
(popuser,24252,2708,0.0) dovecot/imap
(popuser,25360,2744,0.0) dovecot/imap
(postfix,91444,5820,0.0) smtpd -n 127.0.0.1:10025 -t inet -u -c -o content_filter= -o local_recipient_maps= -o relay_recipient_maps= -o smtpd_restriction_classes= -o smtpd_delay_reject=no -o smtpd_client_restrictions=permit_mynetworks,reject -o smtpd_helo_restrictions= -o smtpd_sender_restrictions= -o smtpd_recipient_restrictions=permit_mynetworks,reject -o smtpd_data_restrictions=reject_unauth_pipelining -o smtpd_end_of_data_restrictions= -o mynetworks=127.0.0.0/8 -o smtpd_error_sleep_time=0 -o smtpd_soft_error_limit=1001 -o smtpd_hard_error_limit=1000 -o smtpd_client_connection_count_limit=0 -o smtpd_client_connection_rate_limit=0 -o receive_override_options=no_header_body_checks,no_unknown_recipient_checks
(apache,449384,68360,0.0) /usr/sbin/httpd
(apache,450616,69372,0.0) /usr/sbin/httpd
(amavis,364700,66760,0.0) /usr/sbin/amavisd (ch1-avail)
(amavis,371648,75456,0.3) /usr/sbin/amavisd (ch1-avail)
(popuser,23928,3060,0.0) dovecot/imap
(popuser,23876,2964,0.0) dovecot/imap
(popuser,23844,2668,0.0) dovecot/imap
(popuser,23852,2672,0.0) dovecot/imap
(popuser,23844,2856,0.0) dovecot/imap
(popuser,24192,3120,0.0) dovecot/imap
(apache,453452,72352,0.0) /usr/sbin/httpd
(apache,453868,72816,0.1) /usr/sbin/httpd
(apache,453296,72480,0.1) /usr/sbin/httpd
(apache,452944,72088,0.0) /usr/sbin/httpd
(apache,453868,72872,0.1) /usr/sbin/httpd
(apache,453684,73000,0.0) /usr/sbin/httpd
(apache,452420,71768,0.0) /usr/sbin/httpd
(apache,453340,72576,0.1) /usr/sbin/httpd
(apache,453428,72496,0.0) /usr/sbin/httpd
(dovenull,43200,4104,0.0) dovecot/imap-login
(popuser,23984,2924,0.0) dovecot/imap
(postfix,94320,7468,0.0) smtpd -n smtp -t inet -u -o stress=
(popuser,12268,1092,0.0) /usr/lib64/plesk-9.0/postfix-srs
(postfix,71436,4148,0.0) cleanup -z -t unix -u
(postfix,71388,4192,0.0) smtp -n amavisd -t unix -u -c -o smtp_data_done_timeout=1200 -o smtp_send_xforward_command=yes -o disable_dns_lookups=yes -o max_use=20
(postfix,91444,5820,0.0) smtpd -n 127.0.0.1:10025 -t inet -u -c -o content_filter= -o local_recipient_maps= -o relay_recipient_maps= -o smtpd_restriction_classes= -o smtpd_delay_reject=no -o smtpd_client_restrictions=permit_mynetworks,reject -o smtpd_helo_restrictions= -o smtpd_sender_restrictions= -o smtpd_recipient_restrictions=permit_mynetworks,reject -o smtpd_data_restrictions=reject_unauth_pipelining -o smtpd_end_of_data_restrictions= -o mynetworks=127.0.0.0/8 -o smtpd_error_sleep_time=0 -o smtpd_soft_error_limit=1001 -o smtpd_hard_error_limit=1000 -o smtpd_client_connection_count_limit=0 -o smtpd_client_connection_rate_limit=0 -o receive_override_options=no_header_body_checks,no_unknown_recipient_checks
(postfix,58488,2900,0.0) spawn -n 127.0.0.1:12346 -t inet user=popuser popuser argv=/usr/lib64/plesk-9.0/postfix-srs
(popuser,12268,1088,0.0) /usr/lib64/plesk-9.0/postfix-srs
(dovenull,43204,3116,0.0) dovecot/imap-login
(popuser,27424,4352,0.0) dovecot/imap
(dovenull,43200,4104,0.0) dovecot/imap-login
(popuser,23848,2824,0.0) dovecot/imap
(dovenull,43204,3116,0.0) dovecot/imap-login
(popuser,25596,4572,0.0) dovecot/imap
(postfix,70748,3072,0.0) pickup -l -t fifo -u
(dovenull,43208,4096,0.0) dovecot/imap-login
(popuser,24068,2700,0.0) dovecot/imap
(amavis,364568,47992,0.0) /usr/sbin/amavisd (ch1-29704-01)
(root,126836,3224,7.7) /usr/bin/mysqldump -uadmin -px xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx itjforum
(popuser,23876,2984,0.0) dovecot/imap
(root,13668,1160,0.0) dovecot/ssl-params
(popuser,23868,2700,0.0) dovecot/imap
(postfix,94324,6984,0.0) smtpd -n smtp -t inet -u -o stress=
(postfix,70720,3016,0.0) proxymap -t unix -u
(popuser,12268,1088,0.0) /usr/lib64/plesk-9.0/postfix-srs
(postfix,93940,6856,0.0) smtpd -n smtp -t inet -u -o stress=
(postfix,94316,7428,0.0) smtpd -n smtp -t inet -u -o stress=
(postfix,70732,3016,0.0) scache -l -t unix -u
(root,178976,26220,0.6) lfd - sleeping
(dovenull,43200,4080,0.0) dovecot/imap-login
(dovenull,43200,4080,0.0) dovecot/imap-login
(popuser,24248,3188,0.0) dovecot/imap
(popuser,23836,2660,0.0) dovecot/imap
(fimppro,0,0,13.7) [php-cgi] <defunct>
(cocori,392012,27680,0.8) /opt/plesk/php/5.6/bin/php-cgi -c /var/www/vhosts/system/forum.hrspace.it/etc/php.ini
(fimppro,0,0,17.0) [php-cgi] <defunct>
(fimppro,0,0,19.9) [php-cgi] <defunct>
(cocori,392024,27716,0.6) /opt/plesk/php/5.6/bin/php-cgi -c /var/www/vhosts/system/forum.hrspace.it/etc/php.ini
(fimppro,461288,47516,3.7) /opt/plesk/php/7.1/bin/php-cgi -c /var/www/vhosts/system/demo.fimp.pro/etc/php.ini
(postfix,58488,2896,0.0) spawn -n 127.0.0.1:12346 -t inet user=popuser popuser argv=/usr/lib64/plesk-9.0/postfix-srs
(cocori,392024,27676,1.1) /opt/plesk/php/5.6/bin/php-cgi -c /var/www/vhosts/system/forum.hrspace.it/etc/php.ini
(popuser,12268,1092,0.0) /usr/lib64/plesk-9.0/postfix-srs
(postfix,94044,6660,0.3) smtpd -n smtps -t inet -u -o stress= -o smtpd_tls_wrappermode=yes
(postfix,94044,6656,0.2) smtpd -n smtps -t inet -u -o stress= -o smtpd_tls_wrappermode=yes
(postfix,71316,4040,0.3) smtp -n amavisd -t unix -u -c -o smtp_data_done_timeout=1200 -o smtp_send_xforward_command=yes -o disable_dns_lookups=yes -o max_use=20
(dovenull,43104,4104,0.3) dovecot/imap-login
(popuser,23856,2720,0.0) dovecot/imap
(502,306400,17860,3.2) /usr/bin/php-cgi -c /etc/psa-webmail/roundcube/php.ini
(root,196148,3076,0.0) CROND
(nagios,53712,1444,0.0) nrpe -c /etc/nagios/nrpe.cfg -d
(nagios,53712,688,0.0) nrpe -c /etc/nagios/nrpe.cfg -d
(root,348808,24888,0.0) /usr/bin/sw-engine -c /usr/local/psa/admin/conf/php.ini -dauto_prepend_file=sdk.php /usr/local/psa/admin/plib/modules/dropbox-backup/scripts/plesk-task-manager.php
(root,110248,1536,0.0) /bin/bash /usr/bin/check_mk_agent
(root,25820,1140,0.0) ps ax -o user,vsz,rss,pcpu,command --columns 10000
(root,8388,840,0.0) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4) /
(498,68752,3804,0.0) sw-cp-server: worker process                       
(amavis,367484,72956,0.1) /usr/sbin/amavisd (ch13-avail)
(dovenull,43204,4100,0.0) dovecot/imap-login
(popuser,31748,5472,0.0) dovecot/imap
(postfix,70860,2568,0.0) tlsmgr -l -t unix -u
(postfix,71320,3012,0.1) qmgr -l -t fifo -u
(postfix,70848,2444,0.0) anvil -l -t unix -u
(root,13808,1280,0.0) dovecot/log
(root,24096,3316,0.0) dovecot/config
(root,38512,3340,0.0) dovecot/auth
      Found on 2023-04-10 16:18

    • Severity: high
      Fingerprint: 03cb82e6f6a6b45342c4bbcbd51b336f6083b8906ad374733d13f17ad6424828

      Found public CheckMk agent:
Version: 1.2.4p1
AgentOS: linux
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
SpoolDirectory: /etc/check_mk/spool
AgentDirectory: /etc/check_mk
OnlyFrom: 

Found process list through CheckMk:
(root,33672,1304,0.0) /sbin/init
(root,0,0,0.0) [kthreadd]
(root,0,0,0.0) [migration/0]
(root,0,0,0.0) [ksoftirqd/0]
(root,0,0,0.0) [stopper/0]
(root,0,0,0.0) [watchdog/0]
(root,0,0,0.0) [migration/1]
(root,0,0,0.0) [stopper/1]
(root,0,0,0.0) [ksoftirqd/1]
(root,0,0,0.0) [watchdog/1]
(root,0,0,0.0) [migration/2]
(root,0,0,0.0) [stopper/2]
(root,0,0,0.0) [ksoftirqd/2]
(root,0,0,0.0) [watchdog/2]
(root,0,0,0.0) [migration/3]
(root,0,0,0.0) [stopper/3]
(root,0,0,0.0) [ksoftirqd/3]
(root,0,0,0.0) [watchdog/3]
(root,0,0,0.0) [migration/4]
(root,0,0,0.0) [stopper/4]
(root,0,0,0.0) [ksoftirqd/4]
(root,0,0,0.0) [watchdog/4]
(root,0,0,0.0) [migration/5]
(root,0,0,0.0) [stopper/5]
(root,0,0,0.0) [ksoftirqd/5]
(root,0,0,0.0) [watchdog/5]
(root,0,0,0.0) [migration/6]
(root,0,0,0.0) [stopper/6]
(root,0,0,0.0) [ksoftirqd/6]
(root,0,0,0.0) [watchdog/6]
(root,0,0,0.0) [migration/7]
(root,0,0,0.0) [stopper/7]
(root,0,0,0.0) [ksoftirqd/7]
(root,0,0,0.0) [watchdog/7]
(root,0,0,0.0) [events/0]
(root,0,0,0.0) [events/1]
(root,0,0,0.0) [events/2]
(root,0,0,0.0) [events/3]
(root,0,0,0.0) [events/4]
(root,0,0,0.0) [events/5]
(root,0,0,0.0) [events/6]
(root,0,0,0.0) [events/7]
(root,0,0,0.0) [events/0]
(root,0,0,0.0) [events/1]
(root,0,0,0.0) [events/2]
(root,0,0,0.0) [events/3]
(root,0,0,0.0) [events/4]
(root,0,0,0.0) [events/5]
(root,0,0,0.0) [events/6]
(root,0,0,0.0) [events/7]
(root,0,0,0.0) [events_long/0]
(root,0,0,0.0) [events_long/1]
(root,0,0,0.0) [events_long/2]
(root,0,0,0.0) [events_long/3]
(root,0,0,0.0) [events_long/4]
(root,0,0,0.0) [events_long/5]
(root,0,0,0.0) [events_long/6]
(root,0,0,0.0) [events_long/7]
(root,0,0,0.0) [events_power_ef]
(root,0,0,0.0) [events_power_ef]
(root,0,0,0.0) [events_power_ef]
(root,0,0,0.0) [events_power_ef]
(root,0,0,0.0) [events_power_ef]
(root,0,0,0.0) [events_power_ef]
(root,0,0,0.0) [events_power_ef]
(root,0,0,0.0) [events_power_ef]
(root,0,0,0.0) [cgroup]
(root,0,0,0.0) [khelper]
(root,0,0,0.0) [netns]
(root,0,0,0.0) [async/mgr]
(root,0,0,0.0) [pm]
(root,0,0,0.0) [sync_supers]
(root,0,0,0.0) [bdi-default]
(root,0,0,0.0) [kintegrityd/0]
(root,0,0,0.0) [kintegrityd/1]
(root,0,0,0.0) [kintegrityd/2]
(root,0,0,0.0) [kintegrityd/3]
(root,0,0,0.0) [kintegrityd/4]
(root,0,0,0.0) [kintegrityd/5]
(root,0,0,0.0) [kintegrityd/6]
(root,0,0,0.0) [kintegrityd/7]
(root,0,0,0.0) [kblockd/0]
(root,0,0,0.0) [kblockd/1]
(root,0,0,0.0) [kblockd/2]
(root,0,0,0.0) [kblockd/3]
(root,0,0,0.0) [kblockd/4]
(root,0,0,0.0) [kblockd/5]
(root,0,0,0.0) [kblockd/6]
(root,0,0,0.0) [kblockd/7]
(root,0,0,0.0) [kacpid]
(root,0,0,0.0) [kacpi_notify]
(root,0,0,0.0) [kacpi_hotplug]
(root,0,0,0.0) [ata_aux]
(root,0,0,0.0) [ata_sff/0]
(root,0,0,0.0) [ata_sff/1]
(root,0,0,0.0) [ata_sff/2]
(root,0,0,0.0) [ata_sff/3]
(root,0,0,0.0) [ata_sff/4]
(root,0,0,0.0) [ata_sff/5]
(root,0,0,0.0) [ata_sff/6]
(root,0,0,0.0) [ata_sff/7]
(root,0,0,0.0) [ksuspend_usbd]
(root,0,0,0.0) [khubd]
(root,0,0,0.0) [kseriod]
(root,0,0,0.0) [md/0]
(root,0,0,0.0) [md/1]
(root,0,0,0.0) [md/2]
(root,0,0,0.0) [md/3]
(root,0,0,0.0) [md/4]
(root,0,0,0.0) [md/5]
(root,0,0,0.0) [md/6]
(root,0,0,0.0) [md/7]
(root,0,0,0.0) [md_misc/0]
(root,0,0,0.0) [md_misc/1]
(root,0,0,0.0) [md_misc/2]
(root,0,0,0.0) [md_misc/3]
(root,0,0,0.0) [md_misc/4]
(root,0,0,0.0) [md_misc/5]
(root,0,0,0.0) [md_misc/6]
(root,0,0,0.0) [md_misc/7]
(root,0,0,0.0) [linkwatch]
(root,0,0,0.0) [khungtaskd]
(root,0,0,0.0) [lru-add-drain/0]
(root,0,0,0.0) [lru-add-drain/1]
(root,0,0,0.0) [lru-add-drain/2]
(root,0,0,0.0) [lru-add-drain/3]
(root,0,0,0.0) [lru-add-drain/4]
(root,0,0,0.0) [lru-add-drain/5]
(root,0,0,0.0) [lru-add-drain/6]
(root,0,0,0.0) [lru-add-drain/7]
(root,0,0,0.1) [kswapd0]
(root,0,0,0.0) [ksmd]
(root,0,0,0.1) [khugepaged]
(root,0,0,0.0) [aio/0]
(root,0,0,0.0) [aio/1]
(root,0,0,0.0) [aio/2]
(root,0,0,0.0) [aio/3]
(root,0,0,0.0) [aio/4]
(root,0,0,0.0) [aio/5]
(root,0,0,0.0) [aio/6]
(root,0,0,0.0) [aio/7]
(root,0,0,0.0) [crypto/0]
(root,0,0,0.0) [crypto/1]
(root,0,0,0.0) [crypto/2]
(root,0,0,0.0) [crypto/3]
(root,0,0,0.0) [crypto/4]
(root,0,0,0.0) [crypto/5]
(root,0,0,0.0) [crypto/6]
(root,0,0,0.0) [crypto/7]
(root,0,0,0.0) [kthrotld/0]
(root,0,0,0.0) [kthrotld/1]
(root,0,0,0.0) [kthrotld/2]
(root,0,0,0.0) [kthrotld/3]
(root,0,0,0.0) [kthrotld/4]
(root,0,0,0.0) [kthrotld/5]
(root,0,0,0.0) [kthrotld/6]
(root,0,0,0.0) [kthrotld/7]
(root,0,0,0.0) [pciehpd]
(root,0,0,0.0) [kpsmoused]
(root,0,0,0.0) [usbhid_resumer]
(root,0,0,0.0) [deferwq]
(root,0,0,0.0) [kdmremove]
(root,0,0,0.0) [kstriped]
(root,0,0,0.0) [ttm_swap]
(root,0,0,0.0) [scsi_eh_0]
(root,0,0,0.0) [scsi_eh_1]
(root,0,0,0.0) [mpt_poll_0]
(root,0,0,0.0) [mpt/0]
(root,0,0,0.0) [scsi_eh_2]
(postfix,94384,7584,0.0) smtpd -n smtp -t inet -u -o stress=
(postfix,94360,7564,0.0) smtpd -n smtp -t inet -u -o stress=
(root,0,0,0.0) [kdmflush]
(root,0,0,0.0) [kdmflush]
(postfix,94432,7572,0.0) smtpd -n smtp -t inet -u -o stress=
(root,0,0,0.0) [flush-253:0]
(root,0,0,0.0) [jbd2/dm-0-8]
(root,0,0,0.0) [ext4-dio-unwrit]
(popuser,23868,2804,0.0) dovecot/imap
(popuser,24112,3044,0.0) dovecot/imap
(root,10996,284,0.0) /sbin/udevd -d
(popuser,27664,3588,0.0) dovecot/imap
(postfix,94300,7444,0.0) smtpd -n smtps -t inet -u -o stress= -o smtpd_tls_wrappermode=yes
(postfix,58488,2904,0.0) spawn -n 127.0.0.1:12346 -t inet user=popuser popuser argv=/usr/lib64/plesk-9.0/postfix-srs
(popuser,12268,1088,0.0) /usr/lib64/plesk-9.0/postfix-srs
(root,0,0,0.8) [vmmemctl]
(root,11000,264,0.0) /sbin/udevd -d
(root,0,0,0.0) [jbd2/sda1-8]
(root,0,0,0.0) [ext4-dio-unwrit]
(postfix,58488,2928,0.0) spawn -n 127.0.0.1:12346 -t inet user=popuser popuser argv=/usr/lib64/plesk-9.0/postfix-srs
(dovenull,43200,4096,0.0) dovecot/imap-login
(popuser,23868,2952,0.0) dovecot/imap
(popuser,29256,4484,0.0) dovecot/imap
(postfix,58488,2932,0.0) spawn -n 127.0.0.1:12346 -t inet user=popuser popuser argv=/usr/lib64/plesk-9.0/postfix-srs
(root,126836,3160,4.2) /usr/bin/mysqldump -uadmin -px xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx gfnatura_prestashop
(root,0,0,0.0) [kauditd]
(postfix,70796,3076,0.0) bounce -z -n defer -t unix -u
(fimppro,559548,54616,8.9) /opt/plesk/php/7.1/bin/php-cgi -c /var/www/vhosts/system/demo.fimp.pro/etc/php.ini
(postfix,71180,3996,0.0) smtp -t unix -u
(postfix,71180,3992,0.0) smtp -t unix -u
(postfix,71180,3992,0.0) smtp -t unix -u
(postfix,71180,3988,0.0) smtp -t unix -u
(postfix,70796,3072,0.0) bounce -z -n defer -t unix -u
(root,29764,676,0.0) auditd
(root,335168,2224,0.1) /sbin/rsyslogd -i /var/run/syslogd.pid -c 5
(named,259548,8668,0.1) /usr/sbin/named -u named -c /etc/named.conf -u named -n 2 -t /var/named/chroot
(postfix,58560,3080,0.0) pipe -n plesk_virtual -t unix flags=DORhu user=popuser popuser argv=/usr/lib64/plesk-9.0/postfix-local -f ${sender} -d ${recipient} -p /var/qmail/mailnames
(rpc,18980,592,0.0) rpcbind
(cocori,491584,30004,1.0) /opt/plesk/php/5.6/bin/php-cgi -c /var/www/vhosts/system/forum.hrspace.it/etc/php.ini
(root,223768,1716,0.0) /usr/sbin/sssd -f -D
(root,283144,4040,0.0) /usr/libexec/sssd/sssd_be --domain armada.it --uid 0 --gid 0 --debug-to-files
(root,227088,2628,0.0) /usr/libexec/sssd/sssd_nss --uid 0 --gid 0 --debug-to-files
(root,200296,2376,0.0) /usr/libexec/sssd/sssd_sudo --uid 0 --gid 0 --debug-to-files
(root,214560,3112,0.0) /usr/libexec/sssd/sssd_pam --uid 0 --gid 0 --debug-to-files
(root,207940,2544,0.0) /usr/libexec/sssd/sssd_ssh --uid 0 --gid 0 --debug-to-files
(root,225500,2136,0.0) /usr/libexec/sssd/sssd_pac --uid 0 --gid 0 --debug-to-files
(rpcuser,25432,752,0.0) rpc.statd
(cocori,491188,29752,1.1) /opt/plesk/php/5.6/bin/php-cgi -c /var/www/vhosts/system/forum.hrspace.it/etc/php.ini
(quartett,460568,41532,1.8) /opt/plesk/php/7.2/bin/php-cgi -c /var/www/vhosts/system/quartettoprometeo.com/etc/php.ini
(popuser,23848,2912,0.0) dovecot/imap
(cinofili,395520,45212,1.9) /opt/plesk/php/5.6/bin/php-cgi -c /var/www/vhosts/system/cinofiliagentile.it/etc/php.ini
(fimppro,461288,48604,2.4) /opt/plesk/php/7.1/bin/php-cgi -c /var/www/vhosts/system/demo.fimp.pro/etc/php.ini
(root,177364,9780,0.5) lfd - sleeping
(dbus,33676,380,0.0) dbus-daemon --system
(fimppro,463400,52356,9.9) /opt/plesk/php/7.1/bin/php-cgi -c /var/www/vhosts/system/demo.fimp.pro/etc/php.ini
(cinofili,395380,45048,2.5) /opt/plesk/php/5.6/bin/php-cgi -c /var/www/vhosts/system/cinofiliagentile.it/etc/php.ini
(10160,14632,260,0.0) magicspam-rate-limiter                                         
(10160,14636,400,0.0) /usr/local/psa/admin/sbin/modules/magicspampro/magicspam-daemon
(apache,448688,67412,0.0) /usr/sbin/httpd
(apache,448696,67164,0.0) /usr/sbin/httpd
(apache,448696,66952,0.0) /usr/sbin/httpd
(10160,399816,2804,0.0) /usr/local/psa/admin/sbin/modules/magicspampro/magicspam-milter -p inet:12345@127.0.0.1
(apache,448672,66336,0.0) /usr/sbin/httpd
(apache,448696,66940,0.0) /usr/sbin/httpd
(apache,448556,65756,0.0) /usr/sbin/httpd
(fimppro,471888,78176,10.1) /opt/plesk/php/7.2/bin/php-cgi -c /var/www/vhosts/system/fimp.pro/etc/php.ini
(cinofili,395380,45052,4.6) /opt/plesk/php/5.6/bin/php-cgi -c /var/www/vhosts/system/cinofiliagentile.it/etc/php.ini
(fimppro,471888,78168,9.7) /opt/plesk/php/7.2/bin/php-cgi -c /var/www/vhosts/system/fimp.pro/etc/php.ini
(fimppro,471888,77912,10.3) /opt/plesk/php/7.2/bin/php-cgi -c /var/www/vhosts/system/fimp.pro/etc/php.ini
(fimppro,471888,77904,9.2) /opt/plesk/php/7.2/bin/php-cgi -c /var/www/vhosts/system/fimp.pro/etc/php.ini
(fimppro,471888,77920,9.1) /opt/plesk/php/7.2/bin/php-cgi -c /var/www/vhosts/system/fimp.pro/etc/php.ini
(root,10992,240,0.0) /sbin/udevd -d
(root,400260,1344,0.0) automount --pid-file /var/run/autofs.pid
(apache,448680,66312,0.0) /usr/sbin/httpd
(root,200432,1352,0.0) /usr/sbin/snmpd -LS0-6d -Lf /dev/null -p /var/run/snmpd.pid
(cinofili,395380,45052,7.6) /opt/plesk/php/5.6/bin/php-cgi -c /var/www/vhosts/system/cinofiliagentile.it/etc/php.ini
(cocori,488860,27704,2.5) /opt/plesk/php/5.6/bin/php-cgi -c /var/www/vhosts/system/forum.hrspace.it/etc/php.ini
(cinofili,395380,45136,8.5) /opt/plesk/php/5.6/bin/php-cgi -c /var/www/vhosts/system/cinofiliagentile.it/etc/php.ini
(root,66288,576,0.0) /usr/sbin/sshd
(root,177364,9096,0.0) lfd - processing temporary bans
(root,21712,840,0.0) xinetd -stayalive -pidfile /var/run/xinetd.pid
(ntp,42984,1584,0.0) ntpd -x -u ntp:ntp -p /var/run/ntpd.pid
(root,110248,1556,0.1) /bin/bash /usr/bin/check_mk_agent
(popuser,19712,2432,0.0) dovecot/pop3
(root,123488,3904,1.0) /usr/bin/perl /usr/share/awstats/awstats_buildstaticpages.pl -awstatsprog=/var/www/cgi-bin/awstats/awstats.pl -configdir=/usr/local/psa/etc/awstats -config=robertopupi.it-http -dir=/var/www/vhosts/system/robertopupi.it/statistics//webstat/current
(root,178656,10840,3.0) lfd - (child) blocking 185.254.37.46
(fimppro,463772,35272,24.0) /opt/plesk/php/7.2/bin/php-cgi -c /var/www/vhosts/system/fimp.pro/etc/php.ini
(fimppro,463776,35060,24.0) /opt/plesk/php/7.2/bin/php-cgi -c /var/www/vhosts/system/fimp.pro/etc/php.ini
(fimppro,461296,43340,23.0) /opt/plesk/php/7.1/bin/php-cgi -c /var/www/vhosts/system/demo.fimp.pro/etc/php.ini
(root,106076,1300,0.0) sh -c "/var/www/cgi-bin/awstats/awstats.pl" -config=robertopupi.it-http -staticlinks -configdir=/usr/local/psa/etc/awstats -output=urldetail  2>&1
(root,138804,15152,19.0) /usr/bin/perl /var/www/cgi-bin/awstats/awstats.pl -config=robertopupi.it-http -staticlinks -configdir=/usr/local/psa/etc/awstats -output=urldetail
(dovenull,43200,3996,2.0) dovecot/imap-login
(dovenull,43204,3992,2.0) dovecot/imap-login
(dovenull,43200,3992,2.0) dovecot/imap-login
(root,110248,1532,0.0) /bin/bash /usr/bin/check_mk_agent
(root,13364,1032,0.0) ps ax -o user,vsz,rss,pcpu,command --columns 10000
(root,8388,848,0.0) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4) /
(root,1325844,517160,0.0) clamd
(popuser,12268,1092,0.0) /usr/lib64/plesk-9.0/postfix-srs
(root,20104,1356,0.0) /usr/sbin/dovecot
(dovecot,13800,1412,0.0) dovecot/anvil
(root,13808,1464,0.0) dovecot/log
(root,23816,3352,0.0) dovecot/config
(postfix,70888,3040,0.0) showq -t unix -u
(root,281700,79716,0.0) /usr/bin/spamd --create-prefs --daemonize --helper-home-dir=/var/qmail --max-children=5 --nouser-config --username=popuser --virtual-config-dir=/var/qmail/mailnames/%d/%l/.spamassassin -r /var/run/spamd.pid
(dovenull,43208,4088,0.0) dovecot/imap-login
(root,38376,3668,0.0) dovecot/auth
(popuser,23916,2556,0.0) dovecot/imap
(popuser,302848,99340,1.6) spamd child
(popuser,299832,96388,0.3) spamd child
(dovenull,43200,4084,0.0) dovecot/imap-login
(popuser,24484,2568,0.0) dovecot/imap
(dovenull,43200,4084,0.0) dovecot/imap-login
(popuser,24084,2564,0.0) dovecot/imap
(amavis,363328,115528,0.0) /usr/sbin/amavisd (master)
(nagios,53712,1448,0.0) nrpe -c /etc/nagios/nrpe.cfg -d
(dovenull,43200,4088,0.0) dovecot/imap-login
(popuser,24248,2564,0.0) dovecot/imap
(dovenull,43200,4088,0.0) dovecot/imap-login
(popuser,25520,3104,0.0) dovecot/imap
(root,60480,1784,0.0) /usr/libexec/postfix/master -w
(postfix,71112,3324,0.1) qmgr -l -t fifo -u
(postfix,70860,3180,0.0) tlsmgr -l -t unix -u
(tomcat,6231828,1454108,3.5) /usr/lib/jvm/java/bin/java -Xms256m -Xmx1024m -XX:PermSize=256m -XX:MaxPermSize=512m -Djavax.sql.DataSource.Factory=org.apache.commons.dbcp.BasicDataSourceFactory -classpath :/usr/share/tomcat6/bin/bootstrap.jar:/usr/share/tomcat6/bin/tomcat-juli.jar:/usr/share/java/commons-daemon.jar -Dcatalina.base=/usr/share/tomcat6 -Dcatalina.home=/usr/share/tomcat6 -Djava.endorsed.dirs= -Djava.io.tmpdir=/var/cache/tomcat6/temp -Djava.util.logging.config.file=/usr/share/tomcat6/conf/logging.properties -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager org.apache.catalina.startup.Bootstrap start
(root,213324,5176,0.1) /usr/bin/vmtoolsd
(postfix,562092,2656,0.1) /usr/lib64/plesk-9.0/psa-pc-remote -p inet:12768@127.0.0.1 -P /var/run/psa-pc-remote.pid -u postfix -g popuser
(root,90328,5004,0.0) /usr/bin/VGAuthService -s --background=/var/run/vmware/vgauthsvclog_pid.txt
(root,414780,8468,0.0) php-fpm: master process (/opt/plesk/php/5.5/etc/php-fpm.conf)
(postfix,70908,3168,0.0) anvil -l -t unix -u
(dovenull,43204,4088,0.0) dovecot/imap-login
(popuser,23868,2468,0.0) dovecot/imap
(dovenull,43200,4088,0.0) dovecot/imap-login
(root,108312,1500,0.0) /bin/sh /usr/bin/mysqld_safe --datadir=/var/lib/mysql --socket=/var/lib/mysql/mysql.sock --pid-file=/var/run/mysqld/mysqld.pid --basedir=/usr --user=mysql
(root,436164,73888,0.0) /usr/sbin/httpd
(apache,341644,58508,0.0) /usr/sbin/httpd
(apache,453696,73164,0.0) /usr/sbin/httpd
(apache,452952,72448,0.0) /usr/sbin/httpd
(apache,453576,72988,0.0) /usr/sbin/httpd
(apache,453296,72548,0.0) /usr/sbin/httpd
(apache,453308,72412,0.0) /usr/sbin/httpd
(apache,453016,72108,0.0) /usr/sbin/httpd
(apache,453664,72684,0.0) /usr/sbin/httpd
(apache,453980,73284,0.0) /usr/sbin/httpd
(popuser,23884,2932,0.0) dovecot/imap
(amavis,376980,129568,0.6) /usr/sbin/amavisd (ch12-avail)
(apache,453280,72392,0.0) /usr/sbin/httpd
(postfix,94356,7464,0.0) smtpd -n smtps -t inet -u -o stress= -o smtpd_tls_wrappermode=yes
(mysql,5616392,1453576,5.2) /usr/libexec/mysqld --basedir=/usr --datadir=/var/lib/mysql --plugin-dir=/usr/lib64/mysql/plugin --user=mysql --log-error=/var/log/mysqld.log --open-files-limit=8192 --pid-file=/var/run/mysqld/mysqld.pid --socket=/var/lib/mysql/mysql.sock
(popuser,25592,3504,0.0) dovecot/imap
(apache,453692,73000,0.0) /usr/sbin/httpd
(root,388860,13164,0.0) sw-engine-fpm: master process (/etc/sw-engine/sw-engine-fpm.conf)                                          
(root,52632,1628,0.0) sw-cp-server: master process /usr/sbin/sw-cp-serverd -c /etc/sw-cp-server/config
(498,65892,4400,0.0) sw-cp-server: worker process                       
(root,129368,1512,0.0) crond
(root,21104,476,0.0) /usr/sbin/atd
(mailman,216612,9456,0.0) /usr/bin/python /usr/lib/mailman/bin/mailmanctl -s -q start
(mailman,216240,11400,0.0) /usr/bin/python /usr/lib/mailman/bin/qrunner --runner=ArchRunner:0:1 -s
(mailman,216296,11472,0.0) /usr/bin/python /usr/lib/mailman/bin/qrunner --runner=BounceRunner:0:1 -s
(mailman,216240,11404,0.0) /usr/bin/python /usr/lib/mailman/bin/qrunner --runner=CommandRunner:0:1 -s
(mailman,216240,11396,0.0) /usr/bin/python /usr/lib/mailman/bin/qrunner --runner=IncomingRunner:0:1 -s
(mailman,216264,11480,0.0) /usr/bin/python /usr/lib/mailman/bin/qrunner --runner=NewsRunner:0:1 -s
(mailman,216316,11512,0.0) /usr/bin/python /usr/lib/mailman/bin/qrunner --runner=OutgoingRunner:0:1 -s
(mailman,216248,11384,0.0) /usr/bin/python /usr/lib/mailman/bin/qrunner --runner=VirginRunner:0:1 -s
(mailman,216232,11592,0.0) /usr/bin/python /usr/lib/mailman/bin/qrunner --runner=RetryRunner:0:1 -s
(root,64632,1416,0.0) /usr/sbin/certmonger -S -p /var/run/certmonger.pid
(root,358512,23448,0.0) /usr/bin/sw-engine -c /usr/local/psa/admin/conf/php.ini /usr/local/psa/admin/bin/modules/watchdog/wdcollect -c /usr/local/psa/etc/modules/watchdog/wdcollect.inc.php
(root,120120,3812,0.0) /usr/local/psa/admin/bin/modules/watchdog/monit -Ic /usr/local/psa/etc/modules/watchdog/monitrc
(root,4060,576,0.0) /sbin/mingetty /dev/tty1
(root,4060,572,0.0) /sbin/mingetty /dev/tty2
(root,4060,576,0.0) /sbin/mingetty /dev/tty3
(root,4060,576,0.0) /sbin/mingetty /dev/tty4
(root,4060,576,0.0) /sbin/mingetty /dev/tty5
(root,4060,572,0.0) /sbin/mingetty /dev/tty6
(apache,453176,72172,0.0) /usr/sbin/httpd
(amavis,373760,126236,0.2) /usr/sbin/amavisd (ch17-avail)
(dovenull,43200,4112,0.0) dovecot/imap-login
(popuser,24244,2992,0.0) dovecot/imap
(root,134160,3680,0.0) sshd: giovanni [priv]
(giovanni,134160,1812,0.0) sshd: giovanni@pts/0
(giovanni,123412,4416,0.0) -sh
(root,225024,3444,0.0) sudo -i
(root,111068,4552,0.0) -bash
(apache,453460,72808,0.0) /usr/sbin/httpd
(apache,453680,73036,0.0) /usr/sbin/httpd
(apache,452700,71896,0.0) /usr/sbin/httpd
(apache,453080,72428,0.0) /usr/sbin/httpd
(apache,452988,72388,0.0) /usr/sbin/httpd
(apache,453308,72736,0.0) /usr/sbin/httpd
(apache,453160,72548,0.0) /usr/sbin/httpd
(apache,452592,71620,0.0) /usr/sbin/httpd
(amavis,371324,123768,0.2) /usr/sbin/amavisd (ch13-avail)
(popuser,33576,6020,0.0) dovecot/imap
(postfix,94464,7636,0.0) smtpd -n smtp -t inet -u -o stress=
(apache,450448,69716,0.0) /usr/sbin/httpd
(root,3872,624,0.0) plesk bin extension --exec revisium-antivirus ra_executor.php
(psaadm,283972,32876,0.0) /usr/bin/sw-engine -c /usr/local/psa/admin/conf/php.ini /usr/local/psa/bin/extension --exec revisium-antivirus ra_executor.php
(psaadm,11300,1280,0.0) sh -c '/usr/local/psa/admin/bin/php' -dauto_prepend_file=sdk.php '/usr/local/psa/admin/plib/modules/revisium-antivirus/scripts/ra_executor.php' 2>&1
(psaadm,266916,28628,0.0) /usr/bin/sw-engine -c /usr/local/psa/admin/conf/php.ini -dauto_prepend_file=sdk.php /usr/local/psa/admin/plib/modules/revisium-antivirus/scripts/ra_executor.php
(postfix,58488,2936,0.0) spawn -n 127.0.0.1:12346 -t inet user=popuser popuser argv=/usr/lib64/plesk-9.0/postfix-srs
(postfix,58488,2932,0.0) spawn -n 127.0.0.1:12346 -t inet user=popuser popuser argv=/usr/lib64/plesk-9.0/postfix-srs
(popuser,12268,1092,0.0) /usr/lib64/plesk-9.0/postfix-srs
(dovenull,43104,4108,0.0) dovecot/imap-login
(popuser,24432,3320,0.0) dovecot/imap
(amavis,373612,126016,0.2) /usr/sbin/amavisd (ch9-avail)
(postfix,58488,2932,0.0) spawn -n 127.0.0.1:12346 -t inet user=popuser popuser argv=/usr/lib64/plesk-9.0/postfix-srs
(popuser,12268,1092,0.0) /usr/lib64/plesk-9.0/postfix-srs
(amavis,367440,119920,0.1) /usr/sbin/amavisd (ch4-avail)
(postfix,58488,2932,0.0) spawn -n 127.0.0.1:12346 -t inet user=popuser popuser argv=/usr/lib64/plesk-9.0/postfix-srs
(dovenull,43104,4104,0.0) dovecot/imap-login
(popuser,23848,2836,0.0) dovecot/imap
(dovenull,43204,4104,0.0) dovecot/imap-login
(popuser,32416,6380,0.0) dovecot/imap
(dovenull,43204,4100,0.0) dovecot/imap-login
(popuser,24148,3192,0.0) dovecot/imap
(popuser,23868,2788,0.0) dovecot/imap
(popuser,23872,2732,0.0) dovecot/imap
(popuser,23844,2660,0.0) dovecot/imap
(dovenull,43204,4104,0.0) dovecot/imap-login
(popuser,25160,3884,0.0) dovecot/imap
(postfix,94480,7660,0.0) smtpd -n smtp -t inet -u -o stress=
(amavis,369208,121680,0.4) /usr/sbin/amavisd (ch12-avail)
(dovenull,43200,4104,0.0) dovecot/imap-login
(popuser,23860,2808,0.0) dovecot/imap
(dovenull,43204,4100,0.0) dovecot/imap-login
(popuser,27312,4500,0.0) dovecot/imap
(root,19052,960,0.0) /usr/sbin/anacron -s
(popuser,23848,2664,0.0) dovecot/imap
(popuser,12268,1088,0.0) /usr/lib64/plesk-9.0/postfix-srs
(dovenull,43204,4104,0.0) dovecot/imap-login
(popuser,25344,3236,0.0) dovecot/imap
(dovenull,43204,4100,0.0) dovecot/imap-login
(popuser,24140,3144,0.0) dovecot/imap
(postfix,58488,2896,0.0) spawn -n 127.0.0.1:12346 -t inet user=popuser popuser argv=/usr/lib64/plesk-9.0/postfix-srs
(popuser,12268,1092,0.0) /usr/lib64/plesk-9.0/postfix-srs
(postfix,72040,4708,0.0) trivial-rewrite -n rewrite -t unix -u
(dovenull,43204,4100,0.0) dovecot/imap-login
(popuser,25312,3892,0.0) dovecot/imap
(amavis,371560,124012,0.2) /usr/sbin/amavisd (ch12-23649-12)
(dovenull,43200,4104,0.0) dovecot/imap-login
(popuser,24224,3132,0.0) dovecot/imap
(dovenull,43204,4084,0.0) dovecot/imap-login
(dovenull,43204,4084,0.0) dovecot/imap-login
(popuser,24160,3156,0.0) dovecot/imap
(popuser,23852,2660,0.0) dovecot/imap
(root,362996,41312,0.0) /usr/bin/sw-engine -c /usr/local/psa/admin/conf/php.ini /usr/local/psa/admin/plib/DailyMaintainance/task-script.php ExecuteWebStatistics --period=daily
(root,155392,3372,0.0) /usr/local/psa/admin/sbin/web_statistic_executor
(postfix,58488,2904,0.0) spawn -n 127.0.0.1:12346 -t inet user=popuser popuser argv=/usr/lib64/plesk-9.0/postfix-srs
(popuser,12268,1088,0.0) /usr/lib64/plesk-9.0/postfix-srs
(root,106076,1416,0.0) /bin/bash /usr/bin/run-parts /etc/cron.daily
(root,106076,1292,0.0) /bin/sh /etc/cron.daily/50plesk-daily
(root,105960,952,0.0) awk -v progname=/etc/cron.daily/50plesk-daily progname {?????   print progname ":\n"?????   progname="";????       }????       { print; }
(root,365536,43828,0.0) /usr/bin/sw-engine -c /usr/local/psa/admin/conf/php.ini /usr/local/psa/admin/plib/DailyMaintainance/script.php
(postfix,91444,5824,0.0) smtpd -n 127.0.0.1:10025 -t inet -u -c -o content_filter= -o local_recipient_maps= -o relay_recipient_maps= -o smtpd_restriction_classes= -o smtpd_delay_reject=no -o smtpd_client_restrictions=permit_mynetworks,reject -o smtpd_helo_restrictions= -o smtpd_sender_restrictions= -o smtpd_recipient_restrictions=permit_mynetworks,reject -o smtpd_data_restrictions=reject_unauth_pipelining -o smtpd_end_of_data_restrictions= -o mynetworks=127.0.0.0/8 -o smtpd_error_sleep_time=0 -o smtpd_soft_error_limit=1001 -o smtpd_hard_error_limit=1000 -o smtpd_client_connection_count_limit=0 -o smtpd_client_connection_rate_limit=0 -o receive_override_options=no_header_body_checks,no_unknown_recipient_checks
(postfix,71424,4156,0.0) cleanup -z -t unix -u
(popuser,12268,1088,0.0) /usr/lib64/plesk-9.0/postfix-srs
(amavis,374132,126480,0.2) /usr/sbin/amavisd (ch2-avail)
(popuser,23868,2660,0.0) dovecot/imap
(amavis,372996,125348,0.1) /usr/sbin/amavisd (ch1-avail)
(dovenull,43104,4104,0.0) dovecot/imap-login
(popuser,23832,2748,0.0) dovecot/imap
(root,13668,1160,0.0) dovecot/ssl-params
(postfix,70748,3076,0.0) pickup -l -t fifo -u
(amavis,377392,129848,0.8) /usr/sbin/amavisd (ch9-28170-09)
(postfix,94464,7628,0.0) smtpd -n smtp -t inet -u -o stress=
(postfix,91440,5828,0.0) smtpd -n 127.0.0.1:10025 -t inet -u -c -o content_filter= -o local_recipient_maps= -o relay_recipient_maps= -o smtpd_restriction_classes= -o smtpd_delay_reject=no -o smtpd_client_restrictions=permit_mynetworks,reject -o smtpd_helo_restrictions= -o smtpd_sender_restrictions= -o smtpd_recipient_restrictions=permit_mynetworks,reject -o smtpd_data_restrictions=reject_unauth_pipelining -o smtpd_end_of_data_restrictions= -o mynetworks=127.0.0.0/8 -o smtpd_error_sleep_time=0 -o smtpd_soft_error_limit=1001 -o smtpd_hard_error_limit=1000 -o smtpd_client_connection_count_limit=0 -o smtpd_client_connection_rate_limit=0 -o receive_override_options=no_header_body_checks,no_unknown_recipient_checks
(postfix,59176,3972,0.0) local -t unix
(postfix,70796,3124,0.0) bounce -z -t unix -u
(postfix,94316,7536,0.0) smtpd -n smtp -t inet -u -o stress=
(popuser,24564,3364,0.0) dovecot/imap
(root,196148,3244,0.0) CROND
(root,106080,1360,0.0) /bin/bash /root/backup_totale_mysql.sh
(root,106124,996,0.3) /bin/bash /root/backup_totale_mysql.sh
(postfix,58488,2932,0.0) spawn -n 127.0.0.1:12346 -t inet user=popuser popuser argv=/usr/lib64/plesk-9.0/postfix-srs
(popuser,12268,1088,0.0) /usr/lib64/plesk-9.0/postfix-srs
(postfix,71180,3992,0.0) smtp -t unix -u
(postfix,71180,3992,0.0) smtp -t unix -u
(amavis,373272,125728,0.3) /usr/sbin/amavisd (ch9-avail)
(popuser,12268,1092,0.0) /usr/lib64/plesk-9.0/postfix-srs
(postfix,71612,4288,0.0) cleanup -z -t unix -u
(postfix,58488,2904,0.0) spawn -n 127.0.0.1:12346 -t inet user=popuser popuser argv=/usr/lib64/plesk-9.0/postfix-srs
(popuser,12268,1088,0.0) /usr/lib64/plesk-9.0/postfix-srs
(postfix,70732,3020,0.0) scache -l -t unix -u
(postfix,43696,2796,0.0) plesk_saslauthd -l -t unix -u status=5 listen=6 dbpath=/var/spool/postfix/plesk/passwd.db
(postfix,71260,4060,0.0) smtp -n amavisd -t unix -u -c -o smtp_data_done_timeout=1200 -o smtp_send_xforward_command=yes -o disable_dns_lookups=yes -o max_use=20
(postfix,91444,5820,0.0) smtpd -n 127.0.0.1:10025 -t inet -u -c -o content_filter= -o local_recipient_maps= -o relay_recipient_maps= -o smtpd_restriction_classes= -o smtpd_delay_reject=no -o smtpd_client_restrictions=permit_mynetworks,reject -o smtpd_helo_restrictions= -o smtpd_sender_restrictions= -o smtpd_recipient_restrictions=permit_mynetworks,reject -o smtpd_data_restrictions=reject_unauth_pipelining -o smtpd_end_of_data_restrictions= -o mynetworks=127.0.0.0/8 -o smtpd_error_sleep_time=0 -o smtpd_soft_error_limit=1001 -o smtpd_hard_error_limit=1000 -o smtpd_client_connection_count_limit=0 -o smtpd_client_connection_rate_limit=0 -o receive_override_options=no_header_body_checks,no_unknown_recipient_checks
(popuser,20320,3552,0.0) dovecot/pop3
(postfix,71292,4028,0.0) cleanup -z -t unix -u
(amavis,364568,115080,0.0) /usr/sbin/amavisd (virgin child)
(postfix,71320,4076,0.0) smtp -n amavisd -t unix -u -c -o smtp_data_done_timeout=1200 -o smtp_send_xforward_command=yes -o disable_dns_lookups=yes -o max_use=20
(postfix,58488,2896,0.0) spawn -n 127.0.0.1:12346 -t inet user=popuser popuser argv=/usr/lib64/plesk-9.0/postfix-srs
(popuser,12268,1092,0.0) /usr/lib64/plesk-9.0/postfix-srs
      Found on 2023-03-17 11:07

    • Severity: high
      Fingerprint: 03cb82e6f6a6b45342c4bbcbd51b336f6083b8906ad374733d13f17aee9848d5

      Found public CheckMk agent:
Version: 1.2.4p1
AgentOS: linux
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
SpoolDirectory: /etc/check_mk/spool
AgentDirectory: /etc/check_mk
OnlyFrom: 

Found process list through CheckMk:
(root,33672,1080,0.0) /sbin/init
(root,0,0,0.0) [kthreadd]
(root,0,0,0.0) [migration/0]
(root,0,0,0.0) [ksoftirqd/0]
(root,0,0,0.0) [stopper/0]
(root,0,0,0.0) [watchdog/0]
(root,0,0,0.0) [migration/1]
(root,0,0,0.0) [stopper/1]
(root,0,0,0.0) [ksoftirqd/1]
(root,0,0,0.0) [watchdog/1]
(root,0,0,0.0) [migration/2]
(root,0,0,0.0) [stopper/2]
(root,0,0,0.0) [ksoftirqd/2]
(root,0,0,0.0) [watchdog/2]
(root,0,0,0.0) [migration/3]
(root,0,0,0.0) [stopper/3]
(root,0,0,0.0) [ksoftirqd/3]
(root,0,0,0.0) [watchdog/3]
(root,0,0,0.0) [events/0]
(root,0,0,0.0) [events/1]
(root,0,0,0.0) [events/2]
(root,0,0,0.0) [events/3]
(root,0,0,0.0) [events/0]
(root,0,0,0.0) [events/1]
(root,0,0,0.0) [events/2]
(root,0,0,0.0) [events/3]
(root,0,0,0.0) [events_long/0]
(root,0,0,0.0) [events_long/1]
(root,0,0,0.0) [events_long/2]
(root,0,0,0.0) [events_long/3]
(root,0,0,0.0) [events_power_ef]
(root,0,0,0.0) [events_power_ef]
(root,0,0,0.0) [events_power_ef]
(root,0,0,0.0) [events_power_ef]
(root,0,0,0.0) [cgroup]
(root,0,0,0.0) [khelper]
(root,0,0,0.0) [netns]
(root,0,0,0.0) [async/mgr]
(root,0,0,0.0) [pm]
(root,0,0,0.0) [sync_supers]
(root,0,0,0.0) [bdi-default]
(root,0,0,0.0) [kintegrityd/0]
(root,0,0,0.0) [kintegrityd/1]
(root,0,0,0.0) [kintegrityd/2]
(root,0,0,0.0) [kintegrityd/3]
(root,0,0,0.0) [kblockd/0]
(root,0,0,0.0) [kblockd/1]
(root,0,0,0.0) [kblockd/2]
(root,0,0,0.0) [kblockd/3]
(root,0,0,0.0) [kacpid]
(root,0,0,0.0) [kacpi_notify]
(root,0,0,0.0) [kacpi_hotplug]
(root,0,0,0.0) [ata_aux]
(root,0,0,0.0) [ata_sff/0]
(root,0,0,0.0) [ata_sff/1]
(root,0,0,0.0) [ata_sff/2]
(root,0,0,0.0) [ata_sff/3]
(root,0,0,0.0) [ksuspend_usbd]
(root,0,0,0.0) [khubd]
(root,0,0,0.0) [kseriod]
(root,0,0,0.0) [md/0]
(root,0,0,0.0) [md/1]
(root,0,0,0.0) [md/2]
(root,0,0,0.0) [md/3]
(root,0,0,0.0) [md_misc/0]
(root,0,0,0.0) [md_misc/1]
(root,0,0,0.0) [md_misc/2]
(root,0,0,0.0) [md_misc/3]
(root,0,0,0.0) [linkwatch]
(root,0,0,0.0) [khungtaskd]
(root,0,0,0.0) [lru-add-drain/0]
(root,0,0,0.0) [lru-add-drain/1]
(root,0,0,0.0) [lru-add-drain/2]
(root,0,0,0.0) [lru-add-drain/3]
(root,0,0,0.0) [kswapd0]
(root,0,0,0.0) [ksmd]
(root,0,0,0.0) [khugepaged]
(root,0,0,0.0) [aio/0]
(root,0,0,0.0) [aio/1]
(root,0,0,0.0) [aio/2]
(root,0,0,0.0) [aio/3]
(root,0,0,0.0) [crypto/0]
(root,0,0,0.0) [crypto/1]
(root,0,0,0.0) [crypto/2]
(root,0,0,0.0) [crypto/3]
(root,0,0,0.0) [kthrotld/0]
(root,0,0,0.0) [kthrotld/1]
(root,0,0,0.0) [kthrotld/2]
(root,0,0,0.0) [kthrotld/3]
(root,0,0,0.0) [pciehpd]
(root,0,0,0.0) [kpsmoused]
(root,0,0,0.0) [usbhid_resumer]
(root,0,0,0.0) [deferwq]
(root,0,0,0.0) [kdmremove]
(root,0,0,0.0) [kstriped]
(root,0,0,0.0) [ttm_swap]
(root,0,0,0.0) [scsi_eh_0]
(root,0,0,0.0) [scsi_eh_1]
(root,0,0,0.0) [mpt_poll_0]
(root,0,0,0.0) [mpt/0]
(root,0,0,0.0) [scsi_eh_2]
(root,0,0,0.0) [kdmflush]
(root,0,0,0.0) [kdmflush]
(root,0,0,0.0) [flush-253:0]
(root,0,0,0.1) [jbd2/dm-0-8]
(root,0,0,0.0) [ext4-dio-unwrit]
(postfix,70852,3144,0.0) proxymap -t unix -u
(root,10984,272,0.0) /sbin/udevd -d
(root,0,0,0.1) [vmmemctl]
(postfix,91444,5820,0.0) smtpd -n 127.0.0.1:10025 -t inet -u -c -o content_filter= -o local_recipient_maps= -o relay_recipient_maps= -o smtpd_restriction_classes= -o smtpd_delay_reject=no -o smtpd_client_restrictions=permit_mynetworks,reject -o smtpd_helo_restrictions= -o smtpd_sender_restrictions= -o smtpd_recipient_restrictions=permit_mynetworks,reject -o smtpd_data_restrictions=reject_unauth_pipelining -o smtpd_end_of_data_restrictions= -o mynetworks=127.0.0.0/8 -o smtpd_error_sleep_time=0 -o smtpd_soft_error_limit=1001 -o smtpd_hard_error_limit=1000 -o smtpd_client_connection_count_limit=0 -o smtpd_client_connection_rate_limit=0 -o receive_override_options=no_header_body_checks,no_unknown_recipient_checks
(root,0,0,0.0) [jbd2/sda1-8]
(root,0,0,0.0) [ext4-dio-unwrit]
(dovenull,43104,4108,0.0) dovecot/imap-login
(popuser,24384,3388,0.0) dovecot/imap
(dovenull,43104,4108,0.0) dovecot/imap-login
(popuser,24152,3064,0.0) dovecot/imap
(postfix,94400,7540,0.0) smtpd -n smtp -t inet -u -o stress=
(postfix,94204,6568,0.0) smtpd -n smtp -t inet -u -o stress=
(postfix,94316,7504,0.0) smtpd -n smtp -t inet -u -o stress=
(postfix,94316,7336,0.0) smtpd -n smtp -t inet -u -o stress=
(postfix,94316,7484,0.0) smtpd -n smtp -t inet -u -o stress=
(postfix,94204,6540,0.0) smtpd -n smtp -t inet -u -o stress=
(root,0,0,0.0) [kauditd]
(root,283932,3964,0.0) /usr/libexec/sssd/sssd_be --domain armada.it --uid 0 --gid 0 --debug-to-files
(postfix,58488,2900,0.0) spawn -n 127.0.0.1:12346 -t inet user=popuser popuser argv=/usr/lib64/plesk-9.0/postfix-srs
(popuser,12268,1092,0.0) /usr/lib64/plesk-9.0/postfix-srs
(apache,453776,73268,0.0) /usr/sbin/httpd
(apache,453472,73028,0.0) /usr/sbin/httpd
(root,29764,684,0.0) auditd
(root,411720,12112,0.0) /sbin/rsyslogd -i /var/run/syslogd.pid -c 5
(postfix,58488,2900,0.0) spawn -n 127.0.0.1:12346 -t inet user=popuser popuser argv=/usr/lib64/plesk-9.0/postfix-srs
(popuser,12268,1088,0.0) /usr/lib64/plesk-9.0/postfix-srs
(apache,454872,74236,0.0) /usr/sbin/httpd
(named,262408,12432,0.0) /usr/sbin/named -u named -c /etc/named.conf -u named -n 2 -t /var/named/chroot
(rpc,19048,844,0.0) rpcbind
(root,223768,1252,0.0) /usr/sbin/sssd -f -D
(root,207940,1716,0.0) /usr/libexec/sssd/sssd_ssh --uid 0 --gid 0 --debug-to-files
(root,225500,1168,0.0) /usr/libexec/sssd/sssd_pac --uid 0 --gid 0 --debug-to-files
(rpcuser,25432,668,0.0) rpc.statd
(apache,454860,74352,0.0) /usr/sbin/httpd
(dbus,33676,356,0.0) dbus-daemon --system
(10160,14632,252,0.0) magicspam-rate-limiter                                         
(10160,14636,384,0.0) /usr/local/psa/admin/sbin/modules/magicspampro/magicspam-daemon
(10160,2113996,792,0.0) /usr/local/psa/admin/sbin/modules/magicspampro/magicspam-milter -p inet:12345@127.0.0.1
(root,466824,960,0.0) automount --pid-file /var/run/autofs.pid
(root,200420,1348,0.0) /usr/sbin/snmpd -LS0-6d -Lf /dev/null -p /var/run/snmpd.pid
(root,66288,552,0.0) /usr/sbin/sshd
(root,21712,772,0.0) xinetd -stayalive -pidfile /var/run/xinetd.pid
(ntp,42984,1292,0.0) ntpd -x -u ntp:ntp -p /var/run/ntpd.pid
(root,281728,24172,0.0) /usr/bin/spamd --create-prefs --daemonize --helper-home-dir=/var/qmail --max-children=5 --nouser-config --username=popuser --virtual-config-dir=/var/qmail/mailnames/%d/%l/.spamassassin -r /var/run/spamd.pid
(nagios,53712,740,0.0) nrpe -c /etc/nagios/nrpe.cfg -d
(popuser,21084,3952,0.0) dovecot/pop3
(apache,452220,71404,0.1) /usr/sbin/httpd
(apache,451908,71372,0.1) /usr/sbin/httpd
(apache,451608,70736,0.0) /usr/sbin/httpd
(apache,452600,71576,0.0) /usr/sbin/httpd
(apache,451768,70992,0.0) /usr/sbin/httpd
(apache,452368,71832,0.0) /usr/sbin/httpd
(root,213324,2304,0.1) /usr/bin/vmtoolsd
(postfix,2145256,3652,0.0) /usr/lib64/plesk-9.0/psa-pc-remote -p inet:12768@127.0.0.1 -P /var/run/psa-pc-remote.pid -u postfix -g popuser
(root,90328,1212,0.0) /usr/bin/VGAuthService -s --background=/var/run/vmware/vgauthsvclog_pid.txt
(apache,455020,74556,0.0) /usr/sbin/httpd
(apache,454488,73988,0.0) /usr/sbin/httpd
(apache,454644,73916,0.0) /usr/sbin/httpd
(apache,454524,73960,0.0) /usr/sbin/httpd
(apache,453852,73692,0.0) /usr/sbin/httpd
(apache,454860,74180,0.0) /usr/sbin/httpd
(apache,454528,73936,0.0) /usr/sbin/httpd
(dovenull,43208,4088,0.0) dovecot/imap-login
(popuser,23832,2876,0.0) dovecot/imap
(postfix,58488,2896,0.0) spawn -n 127.0.0.1:12346 -t inet user=popuser popuser argv=/usr/lib64/plesk-9.0/postfix-srs
(popuser,12268,1096,0.0) /usr/lib64/plesk-9.0/postfix-srs
(root,0,0,0.0) [migration/4]
(root,0,0,0.0) [stopper/4]
(root,0,0,0.0) [ksoftirqd/4]
(root,0,0,0.0) [kthrotld/4]
(root,0,0,0.0) [crypto/4]
(root,0,0,0.0) [aio/4]
(root,0,0,0.0) [lru-add-drain/4]
(root,0,0,0.0) [md_misc/4]
(root,0,0,0.0) [md/4]
(root,0,0,0.0) [ata_sff/4]
(root,0,0,0.0) [kblockd/4]
(root,0,0,0.0) [kintegrityd/4]
(root,0,0,0.0) [events_power_ef]
(root,0,0,0.0) [events_long/4]
(root,0,0,0.0) [events/4]
(root,0,0,0.0) [events/4]
(root,0,0,0.0) [watchdog/4]
(root,0,0,0.0) [migration/5]
(root,0,0,0.0) [stopper/5]
(root,0,0,0.0) [ksoftirqd/5]
(root,0,0,0.0) [kthrotld/5]
(root,0,0,0.0) [crypto/5]
(root,0,0,0.0) [aio/5]
(root,0,0,0.0) [lru-add-drain/5]
(root,0,0,0.0) [md_misc/5]
(root,0,0,0.0) [md/5]
(root,0,0,0.0) [ata_sff/5]
(root,0,0,0.0) [kblockd/5]
(root,0,0,0.0) [kintegrityd/5]
(root,0,0,0.0) [events_power_ef]
(root,0,0,0.0) [events_long/5]
(root,0,0,0.0) [events/5]
(root,0,0,0.0) [events/5]
(root,10980,220,0.0) /sbin/udevd -d
(root,10980,200,0.0) /sbin/udevd -d
(root,0,0,0.0) [watchdog/5]
(root,0,0,0.0) [migration/6]
(root,0,0,0.0) [stopper/6]
(root,0,0,0.0) [ksoftirqd/6]
(root,0,0,0.0) [kthrotld/6]
(root,0,0,0.0) [crypto/6]
(root,0,0,0.0) [aio/6]
(root,0,0,0.0) [lru-add-drain/6]
(root,0,0,0.0) [md_misc/6]
(root,0,0,0.0) [md/6]
(root,0,0,0.0) [ata_sff/6]
(root,0,0,0.0) [kblockd/6]
(root,0,0,0.0) [kintegrityd/6]
(root,0,0,0.0) [events_power_ef]
(root,0,0,0.0) [events_long/6]
(root,0,0,0.0) [events/6]
(root,0,0,0.0) [events/6]
(root,0,0,0.0) [watchdog/6]
(root,0,0,0.0) [migration/7]
(root,0,0,0.0) [stopper/7]
(root,0,0,0.0) [ksoftirqd/7]
(root,0,0,0.0) [kthrotld/7]
(root,0,0,0.0) [crypto/7]
(root,0,0,0.0) [aio/7]
(root,0,0,0.0) [lru-add-drain/7]
(root,0,0,0.0) [md_misc/7]
(root,0,0,0.0) [md/7]
(root,0,0,0.0) [ata_sff/7]
(root,0,0,0.0) [kblockd/7]
(root,0,0,0.0) [kintegrityd/7]
(root,0,0,0.0) [events_power_ef]
(root,0,0,0.0) [events_long/7]
(root,0,0,0.0) [events/7]
(root,0,0,0.0) [events/7]
(root,0,0,0.0) [watchdog/7]
(apache,449276,67920,0.0) /usr/sbin/httpd
(popuser,23880,2884,0.0) dovecot/imap
(popuser,23892,2956,0.0) dovecot/imap
(popuser,23836,2656,0.0) dovecot/imap
(postfix,71284,4016,0.0) cleanup -z -t unix -u
(postfix,72040,4636,0.0) trivial-rewrite -n rewrite -t unix -u
(postfix,71316,4068,0.0) smtp -n amavisd -t unix -u -c -o smtp_data_done_timeout=1200 -o smtp_send_xforward_command=yes -o disable_dns_lookups=yes -o max_use=20
(postfix,91444,5816,0.0) smtpd -n 127.0.0.1:10025 -t inet -u -c -o content_filter= -o local_recipient_maps= -o relay_recipient_maps= -o smtpd_restriction_classes= -o smtpd_delay_reject=no -o smtpd_client_restrictions=permit_mynetworks,reject -o smtpd_helo_restrictions= -o smtpd_sender_restrictions= -o smtpd_recipient_restrictions=permit_mynetworks,reject -o smtpd_data_restrictions=reject_unauth_pipelining -o smtpd_end_of_data_restrictions= -o mynetworks=127.0.0.0/8 -o smtpd_error_sleep_time=0 -o smtpd_soft_error_limit=1001 -o smtpd_hard_error_limit=1000 -o smtpd_client_connection_count_limit=0 -o smtpd_client_connection_rate_limit=0 -o receive_override_options=no_header_body_checks,no_unknown_recipient_checks
(popuser,12268,1092,0.0) /usr/lib64/plesk-9.0/postfix-srs
(postfix,59176,3972,0.0) local -t unix
(postfix,71180,3988,0.0) smtp -t unix -u
(postfix,70796,3128,0.0) bounce -z -t unix -u
(root,385316,672,0.0) sw-engine-fpm: master process (/etc/sw-engine/sw-engine-fpm.conf)                                          
(postfix,94044,7088,0.0) smtpd -n smtps -t inet -u -o stress= -o smtpd_tls_wrappermode=yes
(postfix,71328,4600,0.0) smtp -t unix -u
(postfix,71180,3996,0.0) smtp -t unix -u
(postfix,71180,3996,0.0) smtp -t unix -u
(postfix,71180,3992,0.0) smtp -t unix -u
(postfix,71180,3988,0.0) smtp -t unix -u
(postfix,71180,3988,0.0) smtp -t unix -u
(postfix,71180,3992,0.0) smtp -t unix -u
(postfix,71180,3992,0.0) smtp -t unix -u
(postfix,71180,3996,0.0) smtp -t unix -u
(postfix,71180,3992,0.0) smtp -t unix -u
(postfix,71180,3992,0.0) smtp -t unix -u
(postfix,71180,3992,0.0) smtp -t unix -u
(postfix,71180,3992,0.0) smtp -t unix -u
(postfix,71328,4624,0.0) smtp -t unix -u
(postfix,70796,3076,0.0) bounce -z -n defer -t unix -u
(postfix,70796,3076,0.0) bounce -z -n defer -t unix -u
(root,129368,1212,0.0) crond
(root,21104,300,0.0) /usr/sbin/atd
(root,64632,896,0.0) /usr/sbin/certmonger -S -p /var/run/certmonger.pid
(root,354968,6776,0.0) /usr/bin/sw-engine -c /usr/local/psa/admin/conf/php.ini /usr/local/psa/admin/bin/modules/watchdog/wdcollect -c /usr/local/psa/etc/modules/watchdog/wdcollect.inc.php
(root,195932,2768,0.0) /usr/local/psa/admin/bin/modules/watchdog/monit -Ic /usr/local/psa/etc/modules/watchdog/monitrc
(root,4060,480,0.0) /sbin/mingetty /dev/tty1
(root,4060,480,0.0) /sbin/mingetty /dev/tty2
(root,4060,480,0.0) /sbin/mingetty /dev/tty3
(root,4060,480,0.0) /sbin/mingetty /dev/tty4
(root,4060,480,0.0) /sbin/mingetty /dev/tty5
(root,4060,480,0.0) /sbin/mingetty /dev/tty6
(fimppro,521808,161412,24.8) /opt/plesk/php/7.2/bin/php-cgi -c /var/www/vhosts/system/fimp.pro/etc/php.ini
(weddinga,214584,23420,3.2) /usr/bin/php-cgi -c /var/www/vhosts/system/wedding-angels.it/etc/php.ini
(fimppro,545384,182404,63.5) /opt/plesk/php/7.2/bin/php-cgi -c /var/www/vhosts/system/fimp.pro/etc/php.ini
(fimppro,558868,50756,38.8) /opt/plesk/php/7.1/bin/php-cgi -c /var/www/vhosts/system/demo.fimp.pro/etc/php.ini
(cocori,488604,27584,2.3) /opt/plesk/php/5.6/bin/php-cgi -c /var/www/vhosts/system/forum.hrspace.it/etc/php.ini
(root,110248,1588,0.2) /bin/bash /usr/bin/check_mk_agent
(france12,212508,21020,4.6) /usr/bin/php-cgi -c /var/www/vhosts/system/francescomele.com/etc/php.ini
(fimppro,463336,50516,52.5) /opt/plesk/php/7.1/bin/php-cgi -c /var/www/vhosts/system/demo.fimp.pro/etc/php.ini
(root,110248,764,0.0) /bin/bash /usr/bin/check_mk_agent
(root,110248,652,0.0) /bin/bash /usr/bin/check_mk_agent
(root,830764,9044,2.5) python /usr/lib64/nagios/plugins/check_blacklist -w 1 -c 3 -h server.serverlinuxxte.com
(dovenull,42940,3704,0.0) dovecot/pop3-login
(root,110248,1528,0.0) /bin/bash /usr/bin/check_mk_agent
(root,13364,1032,0.0) ps ax -o user,vsz,rss,pcpu,command --columns 10000
(root,8388,844,0.0) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4) /
(dovenull,43204,3116,0.0) dovecot/imap-login
(popuser,25992,3888,0.0) dovecot/imap
(root,52632,356,0.0) sw-cp-server: master process /usr/sbin/sw-cp-serverd -c /etc/sw-cp-server/config
(amavis,373684,80288,0.1) /usr/sbin/amavisd (ch7-avail)
(498,67528,3660,0.0) sw-cp-server: worker process                       
(root,436172,72148,0.0) /usr/sbin/httpd
(apache,341644,58488,0.0) /usr/sbin/httpd
(dovenull,43204,3120,0.0) dovecot/imap-login
(popuser,24928,3668,0.0) dovecot/imap
(dovenull,43200,4092,0.0) dovecot/imap-login
(dovenull,43204,4088,0.0) dovecot/imap-login
(popuser,24080,2688,0.0) dovecot/imap
(dovenull,43200,4092,0.0) dovecot/imap-login
(popuser,25520,3180,0.0) dovecot/imap
(dovenull,43200,4088,0.0) dovecot/imap-login
(dovenull,43200,4092,0.0) dovecot/imap-login
(popuser,24392,3080,0.0) dovecot/imap
(popuser,23916,2680,0.0) dovecot/imap
(popuser,24112,3196,0.0) dovecot/imap
(popuser,23856,2452,0.0) dovecot/imap
(dovenull,43200,3380,0.0) dovecot/imap-login
(popuser,25320,3260,0.0) dovecot/imap
(dovenull,43204,3008,0.0) dovecot/imap-login
(popuser,24420,3296,0.0) dovecot/imap
(root,20104,992,0.0) /usr/sbin/dovecot
(dovecot,13804,1152,0.0) dovecot/anvil
(root,13928,1124,0.0) dovecot/log
(root,24068,2872,0.0) dovecot/config
(dovenull,43200,4112,0.0) dovecot/imap-login
(popuser,24028,2936,0.0) dovecot/imap
(dovenull,43212,1628,0.0) dovecot/imap-login
(popuser,32296,5716,0.0) dovecot/imap
(dovenull,43212,3008,0.0) dovecot/imap-login
(popuser,25436,3872,0.0) dovecot/imap
(tomcat,6313184,1026456,2.4) /usr/lib/jvm/java/bin/java -Xms256m -Xmx1024m -XX:PermSize=256m -XX:MaxPermSize=512m -Djavax.sql.DataSource.Factory=org.apache.commons.dbcp.BasicDataSourceFactory -classpath :/usr/share/tomcat6/bin/bootstrap.jar:/usr/share/tomcat6/bin/tomcat-juli.jar:/usr/share/java/commons-daemon.jar -Dcatalina.base=/usr/share/tomcat6 -Dcatalina.home=/usr/share/tomcat6 -Djava.endorsed.dirs= -Djava.io.tmpdir=/var/cache/tomcat6/temp -Djava.util.logging.config.file=/usr/share/tomcat6/conf/logging.properties -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager org.apache.catalina.startup.Bootstrap start
(root,38844,2988,0.0) dovecot/auth
(root,108312,696,0.0) /bin/sh /usr/bin/mysqld_safe --datadir=/var/lib/mysql --socket=/var/lib/mysql/mysql.sock --pid-file=/var/run/mysqld/mysqld.pid --basedir=/usr --user=mysql
(mysql,3579552,1089088,3.0) /usr/libexec/mysqld --basedir=/usr --datadir=/var/lib/mysql --plugin-dir=/usr/lib64/mysql/plugin --user=mysql --log-error=/var/log/mysqld.log --open-files-limit=8192 --pid-file=/var/run/mysqld/mysqld.pid --socket=/var/lib/mysql/mysql.sock
(apache,459048,78912,0.0) /usr/sbin/httpd
(apache,458272,78120,0.0) /usr/sbin/httpd
(mailman,216604,796,0.0) /usr/bin/python /usr/lib/mailman/bin/mailmanctl -s -q start
(mailman,221424,11400,0.0) /usr/bin/python /usr/lib/mailman/bin/qrunner --runner=ArchRunner:0:1 -s
(mailman,219676,6808,0.0) /usr/bin/python /usr/lib/mailman/bin/qrunner --runner=BounceRunner:0:1 -s
(mailman,216248,6724,0.0) /usr/bin/python /usr/lib/mailman/bin/qrunner --runner=CommandRunner:0:1 -s
(mailman,367028,151256,0.0) /usr/bin/python /usr/lib/mailman/bin/qrunner --runner=IncomingRunner:0:1 -s
(mailman,216264,6800,0.0) /usr/bin/python /usr/lib/mailman/bin/qrunner --runner=NewsRunner:0:1 -s
(mailman,223708,13804,0.0) /usr/bin/python /usr/lib/mailman/bin/qrunner --runner=OutgoingRunner:0:1 -s
(mailman,218416,9460,0.0) /usr/bin/python /usr/lib/mailman/bin/qrunner --runner=VirginRunner:0:1 -s
(mailman,216236,2812,0.0) /usr/bin/python /usr/lib/mailman/bin/qrunner --runner=RetryRunner:0:1 -s
(root,228708,3324,0.0) /usr/libexec/sssd/sssd_nss --uid 0 --gid 0 --debug-to-files
(root,200276,1712,0.0) /usr/libexec/sssd/sssd_sudo --uid 0 --gid 0 --debug-to-files
(root,214556,2232,0.0) /usr/libexec/sssd/sssd_pam --uid 0 --gid 0 --debug-to-files
(root,3872,1480,0.0) plesk bin extension --exec revisium-antivirus ra_executor.php
(psaadm,283716,46596,0.0) /usr/bin/sw-engine -c /usr/local/psa/admin/conf/php.ini /usr/local/psa/bin/extension --exec revisium-antivirus ra_executor.php
(psaadm,11300,1296,0.0) sh -c '/usr/local/psa/admin/bin/php' -dauto_prepend_file=sdk.php '/usr/local/psa/admin/plib/modules/revisium-antivirus/scripts/ra_executor.php' 2>&1
(psaadm,266660,42436,0.0) /usr/bin/sw-engine -c /usr/local/psa/admin/conf/php.ini -dauto_prepend_file=sdk.php /usr/local/psa/admin/plib/modules/revisium-antivirus/scripts/ra_executor.php
(dovenull,43200,1528,0.0) dovecot/imap-login
(popuser,23860,1232,0.0) dovecot/imap
(amavis,1479224,1091600,0.5) clamd.amavisd -c /etc/clamd.d/amavisd.conf --pid /var/run/amavisd/clamd.pid
(root,1479412,1089224,0.1) clamd
(root,13668,1164,0.0) dovecot/ssl-params
(popuser,298948,76256,0.1) spamd child
(apache,458360,78236,0.0) /usr/sbin/httpd
(postfix,70888,3044,0.0) showq -t unix -u
(amavis,367100,72392,0.0) /usr/sbin/amavisd (ch16-avail)
(root,178488,25852,0.5) lfd - sleeping
(postfix,94360,7548,0.0) smtpd -n smtp -t inet -u -o stress=
(postfix,58488,2932,0.0) spawn -n 127.0.0.1:12346 -t inet user=popuser popuser argv=/usr/lib64/plesk-9.0/postfix-srs
(popuser,12268,1088,0.0) /usr/lib64/plesk-9.0/postfix-srs
(postfix,94400,7544,0.0) smtpd -n smtp -t inet -u -o stress=
(root,414780,1020,0.0) php-fpm: master process (/opt/plesk/php/5.5/etc/php-fpm.conf)
(postfix,58488,2928,0.0) spawn -n 127.0.0.1:12346 -t inet user=popuser popuser argv=/usr/lib64/plesk-9.0/postfix-srs
(popuser,12268,1092,0.0) /usr/lib64/plesk-9.0/postfix-srs
(postfix,94364,7592,0.0) smtpd -n smtp -t inet -u -o stress=
(postfix,58488,2928,0.0) spawn -n 127.0.0.1:12346 -t inet user=popuser popuser argv=/usr/lib64/plesk-9.0/postfix-srs
(popuser,12268,1092,0.0) /usr/lib64/plesk-9.0/postfix-srs
(postfix,58488,2932,0.0) spawn -n 127.0.0.1:12346 -t inet user=popuser popuser argv=/usr/lib64/plesk-9.0/postfix-srs
(amavis,374920,79776,0.2) /usr/sbin/amavisd (ch14-avail)
(dovenull,43212,3004,0.0) dovecot/imap-login
(popuser,27652,4536,0.0) dovecot/imap
(amavis,365528,67360,0.0) /usr/sbin/amavisd (ch4-avail)
(postfix,70748,3072,0.0) pickup -l -t fifo -u
(amavis,363324,30488,0.0) /usr/sbin/amavisd (master)
(popuser,293560,68012,0.0) spamd child
(amavis,364564,34696,0.0) /usr/sbin/amavisd (virgin child)
(amavis,373864,81164,1.6) /usr/sbin/amavisd (ch3-avail)
(dovenull,43212,2996,0.0) dovecot/imap-login
(popuser,24344,3156,0.0) dovecot/imap
(amavis,368388,73948,0.0) /usr/sbin/amavisd (ch17-avail)
(amavis,365460,67280,0.0) /usr/sbin/amavisd (ch3-avail)
(amavis,365132,66888,0.0) /usr/sbin/amavisd (ch2-avail)
(popuser,23868,2684,0.0) dovecot/imap
(amavis,371040,74512,0.3) /usr/sbin/amavisd (ch4-avail)
(dovenull,43212,2996,0.0) dovecot/imap-login
(popuser,23860,2616,0.0) dovecot/imap
(dovenull,43200,3096,0.0) dovecot/imap-login
(popuser,24640,3004,0.0) dovecot/imap
(amavis,368932,72744,0.3) /usr/sbin/amavisd (ch2-avail)
(amavis,369568,75516,0.7) /usr/sbin/amavisd (ch4-avail)
(dovenull,43200,4084,0.0) dovecot/imap-login
(popuser,23968,3072,0.0) dovecot/imap
(dovenull,43200,4080,0.0) dovecot/imap-login
(popuser,23836,2816,0.0) dovecot/imap
(dovenull,43200,4084,0.0) dovecot/imap-login
(popuser,23960,3048,0.0) dovecot/imap
(root,60604,1160,0.0) /usr/libexec/postfix/master -w
(postfix,71452,2900,0.1) qmgr -l -t fifo -u
(root,124744,4176,0.0) ConfigServer Version Check
(root,100920,620,0.0) sleep 15152
(postfix,70940,2564,0.0) tlsmgr -l -t unix -u
(postfix,70848,2472,0.0) anvil -l -t unix -u
(postfix,91440,5820,0.0) smtpd -n 127.0.0.1:10025 -t inet -u -c -o content_filter= -o local_recipient_maps= -o relay_recipient_maps= -o smtpd_restriction_classes= -o smtpd_delay_reject=no -o smtpd_client_restrictions=permit_mynetworks,reject -o smtpd_helo_restrictions= -o smtpd_sender_restrictions= -o smtpd_recipient_restrictions=permit_mynetworks,reject -o smtpd_data_restrictions=reject_unauth_pipelining -o smtpd_end_of_data_restrictions= -o mynetworks=127.0.0.0/8 -o smtpd_error_sleep_time=0 -o smtpd_soft_error_limit=1001 -o smtpd_hard_error_limit=1000 -o smtpd_client_connection_count_limit=0 -o smtpd_client_connection_rate_limit=0 -o receive_override_options=no_header_body_checks,no_unknown_recipient_checks
      Found on 2023-03-16 07:13

    • Severity: high
      Fingerprint: 03cb82e6f6a6b45342c4bbcbd51b336f6083b8906ad374733d13f17a924bb97d

      Found public CheckMk agent:
Version: 1.2.4p1
AgentOS: linux
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
SpoolDirectory: /etc/check_mk/spool
AgentDirectory: /etc/check_mk
OnlyFrom: 

Found process list through CheckMk:
(root,33672,1084,0.0) /sbin/init
(root,0,0,0.0) [kthreadd]
(root,0,0,0.0) [migration/0]
(root,0,0,0.0) [ksoftirqd/0]
(root,0,0,0.0) [stopper/0]
(root,0,0,0.0) [watchdog/0]
(root,0,0,0.0) [migration/1]
(root,0,0,0.0) [stopper/1]
(root,0,0,0.0) [ksoftirqd/1]
(root,0,0,0.0) [watchdog/1]
(root,0,0,0.0) [migration/2]
(root,0,0,0.0) [stopper/2]
(root,0,0,0.0) [ksoftirqd/2]
(root,0,0,0.0) [watchdog/2]
(root,0,0,0.0) [migration/3]
(root,0,0,0.0) [stopper/3]
(root,0,0,0.0) [ksoftirqd/3]
(root,0,0,0.0) [watchdog/3]
(root,0,0,0.0) [events/0]
(root,0,0,0.0) [events/1]
(root,0,0,0.0) [events/2]
(root,0,0,0.0) [events/3]
(root,0,0,0.0) [events/0]
(root,0,0,0.0) [events/1]
(root,0,0,0.0) [events/2]
(root,0,0,0.0) [events/3]
(root,0,0,0.0) [events_long/0]
(root,0,0,0.0) [events_long/1]
(root,0,0,0.0) [events_long/2]
(root,0,0,0.0) [events_long/3]
(root,0,0,0.0) [events_power_ef]
(root,0,0,0.0) [events_power_ef]
(root,0,0,0.0) [events_power_ef]
(root,0,0,0.0) [events_power_ef]
(root,0,0,0.0) [cgroup]
(root,0,0,0.0) [khelper]
(root,0,0,0.0) [netns]
(root,0,0,0.0) [async/mgr]
(root,0,0,0.0) [pm]
(root,0,0,0.0) [sync_supers]
(root,0,0,0.0) [bdi-default]
(root,0,0,0.0) [kintegrityd/0]
(root,0,0,0.0) [kintegrityd/1]
(root,0,0,0.0) [kintegrityd/2]
(root,0,0,0.0) [kintegrityd/3]
(root,0,0,0.0) [kblockd/0]
(root,0,0,0.0) [kblockd/1]
(root,0,0,0.0) [kblockd/2]
(root,0,0,0.0) [kblockd/3]
(root,0,0,0.0) [kacpid]
(root,0,0,0.0) [kacpi_notify]
(root,0,0,0.0) [kacpi_hotplug]
(root,0,0,0.0) [ata_aux]
(root,0,0,0.0) [ata_sff/0]
(root,0,0,0.0) [ata_sff/1]
(root,0,0,0.0) [ata_sff/2]
(root,0,0,0.0) [ata_sff/3]
(root,0,0,0.0) [ksuspend_usbd]
(root,0,0,0.0) [khubd]
(root,0,0,0.0) [kseriod]
(root,0,0,0.0) [md/0]
(root,0,0,0.0) [md/1]
(root,0,0,0.0) [md/2]
(root,0,0,0.0) [md/3]
(root,0,0,0.0) [md_misc/0]
(root,0,0,0.0) [md_misc/1]
(root,0,0,0.0) [md_misc/2]
(root,0,0,0.0) [md_misc/3]
(root,0,0,0.0) [linkwatch]
(root,0,0,0.0) [khungtaskd]
(root,0,0,0.0) [lru-add-drain/0]
(root,0,0,0.0) [lru-add-drain/1]
(root,0,0,0.0) [lru-add-drain/2]
(root,0,0,0.0) [lru-add-drain/3]
(root,0,0,0.0) [kswapd0]
(root,0,0,0.0) [ksmd]
(root,0,0,0.0) [khugepaged]
(root,0,0,0.0) [aio/0]
(root,0,0,0.0) [aio/1]
(root,0,0,0.0) [aio/2]
(root,0,0,0.0) [aio/3]
(root,0,0,0.0) [crypto/0]
(root,0,0,0.0) [crypto/1]
(root,0,0,0.0) [crypto/2]
(root,0,0,0.0) [crypto/3]
(root,0,0,0.0) [kthrotld/0]
(root,0,0,0.0) [kthrotld/1]
(root,0,0,0.0) [kthrotld/2]
(root,0,0,0.0) [kthrotld/3]
(root,0,0,0.0) [pciehpd]
(root,0,0,0.0) [kpsmoused]
(root,0,0,0.0) [usbhid_resumer]
(root,0,0,0.0) [deferwq]
(root,0,0,0.0) [kdmremove]
(root,0,0,0.0) [kstriped]
(root,0,0,0.0) [ttm_swap]
(root,0,0,0.0) [scsi_eh_0]
(root,0,0,0.0) [scsi_eh_1]
(root,0,0,0.0) [mpt_poll_0]
(root,0,0,0.0) [mpt/0]
(root,0,0,0.0) [scsi_eh_2]
(root,0,0,0.0) [kdmflush]
(root,0,0,0.0) [kdmflush]
(root,0,0,0.0) [flush-253:0]
(root,0,0,0.0) [jbd2/dm-0-8]
(root,0,0,0.0) [ext4-dio-unwrit]
(root,10984,272,0.0) /sbin/udevd -d
(root,0,0,0.0) [vmmemctl]
(root,10636,252,0.0) /sbin/udevd -d
(root,0,0,0.0) [jbd2/sda1-8]
(root,0,0,0.0) [ext4-dio-unwrit]
(apache,452368,71356,0.0) /usr/sbin/httpd
(apache,452704,71672,0.0) /usr/sbin/httpd
(apache,453096,72132,0.0) /usr/sbin/httpd
(apache,452536,71476,0.0) /usr/sbin/httpd
(apache,452620,71640,0.0) /usr/sbin/httpd
(root,0,0,0.0) [kauditd]
(popuser,300120,77088,0.4) spamd child
(root,283652,3620,0.0) /usr/libexec/sssd/sssd_be --domain armada.it --uid 0 --gid 0 --debug-to-files
(root,29764,688,0.0) auditd
(root,411720,12088,0.0) /sbin/rsyslogd -i /var/run/syslogd.pid -c 5
(named,262408,10000,0.0) /usr/sbin/named -u named -c /etc/named.conf -u named -n 2 -t /var/named/chroot
(rpc,19048,684,0.0) rpcbind
(root,223768,1260,0.0) /usr/sbin/sssd -f -D
(root,207940,1676,0.0) /usr/libexec/sssd/sssd_ssh --uid 0 --gid 0 --debug-to-files
(root,225500,1176,0.0) /usr/libexec/sssd/sssd_pac --uid 0 --gid 0 --debug-to-files
(rpcuser,25432,676,0.0) rpc.statd
(dbus,33676,356,0.0) dbus-daemon --system
(10160,14632,252,0.0) magicspam-rate-limiter                                         
(10160,14636,392,0.0) /usr/local/psa/admin/sbin/modules/magicspampro/magicspam-daemon
(10160,1458636,672,0.0) /usr/local/psa/admin/sbin/modules/magicspampro/magicspam-milter -p inet:12345@127.0.0.1
(amavis,370524,74020,0.0) /usr/sbin/amavisd (ch7-avail)
(root,10980,224,0.0) /sbin/udevd -d
(root,466824,976,0.0) automount --pid-file /var/run/autofs.pid
(root,200420,1336,0.0) /usr/sbin/snmpd -LS0-6d -Lf /dev/null -p /var/run/snmpd.pid
(root,66288,560,0.0) /usr/sbin/sshd
(root,21712,772,0.0) xinetd -stayalive -pidfile /var/run/xinetd.pid
(ntp,42984,1300,0.0) ntpd -x -u ntp:ntp -p /var/run/ntpd.pid
(nagios,53712,748,0.0) nrpe -c /etc/nagios/nrpe.cfg -d
(root,213324,2300,0.1) /usr/bin/vmtoolsd
(postfix,2145324,2584,0.0) /usr/lib64/plesk-9.0/psa-pc-remote -p inet:12768@127.0.0.1 -P /var/run/psa-pc-remote.pid -u postfix -g popuser
(root,90328,1228,0.0) /usr/bin/VGAuthService -s --background=/var/run/vmware/vgauthsvclog_pid.txt
(postfix,58488,2936,0.0) spawn -n 127.0.0.1:12346 -t inet user=popuser popuser argv=/usr/lib64/plesk-9.0/postfix-srs
(dovenull,43200,3108,0.0) dovecot/imap-login
(popuser,25532,3416,0.0) dovecot/imap
(root,385316,688,0.0) sw-engine-fpm: master process (/etc/sw-engine/sw-engine-fpm.conf)                                          
(root,129368,928,0.0) crond
(root,21104,304,0.0) /usr/sbin/atd
(root,64632,896,0.0) /usr/sbin/certmonger -S -p /var/run/certmonger.pid
(root,354968,6736,0.0) /usr/bin/sw-engine -c /usr/local/psa/admin/conf/php.ini /usr/local/psa/admin/bin/modules/watchdog/wdcollect -c /usr/local/psa/etc/modules/watchdog/wdcollect.inc.php
(root,195932,2724,0.0) /usr/local/psa/admin/bin/modules/watchdog/monit -Ic /usr/local/psa/etc/modules/watchdog/monitrc
(root,4060,480,0.0) /sbin/mingetty /dev/tty1
(root,4060,480,0.0) /sbin/mingetty /dev/tty2
(root,4060,480,0.0) /sbin/mingetty /dev/tty3
(root,4060,480,0.0) /sbin/mingetty /dev/tty4
(root,4060,480,0.0) /sbin/mingetty /dev/tty5
(root,4060,480,0.0) /sbin/mingetty /dev/tty6
(root,60480,1164,0.0) /usr/libexec/postfix/master -w
(postfix,71060,2628,0.1) qmgr -l -t fifo -u
(postfix,70860,2472,0.0) tlsmgr -l -t unix -u
(postfix,70848,2364,0.0) anvil -l -t unix -u
(amavis,364836,64864,0.0) /usr/sbin/amavisd (ch5-avail)
(root,38396,3236,0.0) dovecot/auth
(apache,462812,81912,0.0) /usr/sbin/httpd
(dovenull,43208,1752,0.0) dovecot/imap-login
(root,52632,400,0.0) sw-cp-server: master process /usr/sbin/sw-cp-serverd -c /etc/sw-cp-server/config
(498,67528,3832,0.0) sw-cp-server: worker process                       
(popuser,24060,2224,0.0) dovecot/imap
(popuser,302972,80796,0.2) spamd child
(amavis,371928,74664,0.0) /usr/sbin/amavisd (ch9-avail)
(root,20104,988,0.0) /usr/sbin/dovecot
(dovecot,13804,1076,0.0) dovecot/anvil
(root,13928,1128,0.0) dovecot/log
(root,24068,2804,0.0) dovecot/config
(amavis,369664,75404,0.0) /usr/sbin/amavisd (ch14-avail)
(dovenull,43212,1744,0.0) dovecot/imap-login
(popuser,32224,4196,0.0) dovecot/imap
(apache,458288,77264,0.0) /usr/sbin/httpd
(apache,458812,77796,0.0) /usr/sbin/httpd
(apache,459252,78316,0.0) /usr/sbin/httpd
(apache,457796,76952,0.0) /usr/sbin/httpd
(apache,457944,77024,0.0) /usr/sbin/httpd
(root,108312,784,0.0) /bin/sh /usr/bin/mysqld_safe --datadir=/var/lib/mysql --socket=/var/lib/mysql/mysql.sock --pid-file=/var/run/mysqld/mysqld.pid --basedir=/usr --user=mysql
(amavis,367564,73128,0.0) /usr/sbin/amavisd (ch13-avail)
(mysql,3639664,1605264,2.7) /usr/libexec/mysqld --basedir=/usr --datadir=/var/lib/mysql --plugin-dir=/usr/lib64/mysql/plugin --user=mysql --log-error=/var/log/mysqld.log --open-files-limit=8192 --pid-file=/var/run/mysqld/mysqld.pid --socket=/var/lib/mysql/mysql.sock
(mailman,216604,1404,0.0) /usr/bin/python /usr/lib/mailman/bin/mailmanctl -s -q start
(mailman,219056,7320,0.0) /usr/bin/python /usr/lib/mailman/bin/qrunner --runner=ArchRunner:0:1 -s
(mailman,218140,7048,0.0) /usr/bin/python /usr/lib/mailman/bin/qrunner --runner=BounceRunner:0:1 -s
(mailman,216248,6968,0.0) /usr/bin/python /usr/lib/mailman/bin/qrunner --runner=CommandRunner:0:1 -s
(mailman,360820,19232,0.0) /usr/bin/python /usr/lib/mailman/bin/qrunner --runner=IncomingRunner:0:1 -s
(mailman,216264,7040,0.0) /usr/bin/python /usr/lib/mailman/bin/qrunner --runner=NewsRunner:0:1 -s
(mailman,220552,8748,0.0) /usr/bin/python /usr/lib/mailman/bin/qrunner --runner=OutgoingRunner:0:1 -s
(mailman,218416,9252,0.0) /usr/bin/python /usr/lib/mailman/bin/qrunner --runner=VirginRunner:0:1 -s
(mailman,216236,3056,0.0) /usr/bin/python /usr/lib/mailman/bin/qrunner --runner=RetryRunner:0:1 -s
(apache,462156,81220,0.0) /usr/sbin/httpd
(amavis,376776,82556,0.0) /usr/sbin/amavisd (ch14-avail)
(root,228708,3128,0.0) /usr/libexec/sssd/sssd_nss --uid 0 --gid 0 --debug-to-files
(root,200276,1712,0.0) /usr/libexec/sssd/sssd_sudo --uid 0 --gid 0 --debug-to-files
(root,214556,2224,0.0) /usr/libexec/sssd/sssd_pam --uid 0 --gid 0 --debug-to-files
(amavis,365040,65512,0.0) /usr/sbin/amavisd (ch10-avail)
(root,281528,29200,0.0) /usr/bin/spamd --create-prefs --daemonize --helper-home-dir=/var/qmail --max-children=5 --nouser-config --username=popuser --virtual-config-dir=/var/qmail/mailnames/%d/%l/.spamassassin -r /var/run/spamd.pid
(amavis,362972,8668,0.0) /usr/sbin/amavisd (master)
(dovenull,43200,1648,0.0) dovecot/imap-login
(popuser,23860,1260,0.0) dovecot/imap
(amavis,1479224,1000268,0.4) clamd.amavisd -c /etc/clamd.d/amavisd.conf --pid /var/run/amavisd/clamd.pid
(root,1479412,1078612,0.1) clamd
(postfix,94300,7268,0.0) smtpd -n smtp -t inet -u -o stress=
(dovenull,43200,4116,0.0) dovecot/imap-login
(popuser,23836,2652,0.0) dovecot/imap
(postfix,58488,2936,0.0) spawn -n 127.0.0.1:12346 -t inet user=popuser popuser argv=/usr/lib64/plesk-9.0/postfix-srs
(tomcat,4182216,1392600,1.7) /usr/lib/jvm/java/bin/java -Xms256m -Xmx1024m -XX:PermSize=256m -XX:MaxPermSize=512m -Djavax.sql.DataSource.Factory=org.apache.commons.dbcp.BasicDataSourceFactory -classpath :/usr/share/tomcat6/bin/bootstrap.jar:/usr/share/tomcat6/bin/tomcat-juli.jar:/usr/share/java/commons-daemon.jar -Dcatalina.base=/usr/share/tomcat6 -Dcatalina.home=/usr/share/tomcat6 -Djava.endorsed.dirs= -Djava.io.tmpdir=/var/cache/tomcat6/temp -Djava.util.logging.config.file=/usr/share/tomcat6/conf/logging.properties -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager org.apache.catalina.startup.Bootstrap start
(root,414780,8576,0.0) php-fpm: master process (/opt/plesk/php/5.5/etc/php-fpm.conf)
(postfix,72020,4672,0.0) trivial-rewrite -n rewrite -t unix -u
(root,436956,73136,0.0) /usr/sbin/httpd
(apache,342444,58960,0.0) /usr/sbin/httpd
(dovenull,43200,3172,0.0) dovecot/imap-login
(popuser,24540,3184,0.0) dovecot/imap
(amavis,365476,66276,0.0) /usr/sbin/amavisd (ch4-avail)
(postfix,70748,3072,0.0) pickup -l -t fifo -u
(popuser,23828,2740,0.0) dovecot/imap
(dovenull,43104,4112,0.0) dovecot/imap-login
(dovenull,43104,4108,0.0) dovecot/imap-login
(dovenull,43200,4100,0.0) dovecot/imap-login
(dovenull,43208,4108,0.0) dovecot/imap-login
(popuser,24672,3636,0.0) dovecot/imap
(popuser,24028,3040,0.0) dovecot/imap
(dovenull,43208,4112,0.0) dovecot/imap-login
(popuser,24124,3140,0.0) dovecot/imap
(popuser,24136,3148,0.0) dovecot/imap
(dovenull,43104,4112,0.0) dovecot/imap-login
(dovenull,43104,4112,0.0) dovecot/imap-login
(dovenull,43208,4112,0.0) dovecot/imap-login
(popuser,24372,3292,0.0) dovecot/imap
(popuser,24072,3104,0.0) dovecot/imap
(popuser,23836,2788,0.0) dovecot/imap
(popuser,23836,2788,0.0) dovecot/imap
(dovenull,43204,3116,0.0) dovecot/imap-login
(popuser,24092,2772,0.0) dovecot/imap
(apache,466432,83448,0.0) /usr/sbin/httpd
(popuser,23868,2688,0.0) dovecot/imap
(postfix,94036,7064,0.0) smtpd -n submission -t inet -u -o stress= -o smtpd_enforce_tls=yes -o smtpd_tls_security_level=encrypt -o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions=permit_sasl_authenticated,reject -o smtpd_sender_restrictions= -o smtpd_recipient_restrictions=permit_mynetworks,permit_sasl_authenticated,reject_unauth_destination
(dovenull,43200,4084,0.0) dovecot/imap-login
(popuser,23872,2712,0.0) dovecot/imap
(dovenull,43200,4080,0.0) dovecot/imap-login
(popuser,23848,2672,0.0) dovecot/imap
(postfix,58488,2932,0.0) spawn -n 127.0.0.1:12346 -t inet user=popuser popuser argv=/usr/lib64/plesk-9.0/postfix-srs
(popuser,12268,1092,0.0) /usr/lib64/plesk-9.0/postfix-srs
(dovenull,43200,4080,0.0) dovecot/imap-login
(popuser,24304,3408,0.0) dovecot/imap
(dovenull,43204,4084,0.0) dovecot/imap-login
(dovenull,43200,4084,0.0) dovecot/imap-login
(popuser,23884,2952,0.0) dovecot/imap
(popuser,24752,3896,0.0) dovecot/imap
(dovenull,43200,4080,0.0) dovecot/imap-login
(popuser,28036,7228,0.0) dovecot/imap
(dovenull,43208,4080,0.0) dovecot/imap-login
(popuser,26004,5144,0.0) dovecot/imap
(dovenull,43200,4084,0.0) dovecot/imap-login
(popuser,51084,29456,0.0) dovecot/imap
(dovenull,43200,4080,0.0) dovecot/imap-login
(dovenull,43200,4084,0.0) dovecot/imap-login
(popuser,28916,3676,0.0) dovecot/imap
(popuser,23940,3072,0.0) dovecot/imap
(dovenull,43200,4080,0.0) dovecot/imap-login
(popuser,23976,3156,0.0) dovecot/imap
(dovenull,43200,4084,0.0) dovecot/imap-login
(popuser,23904,2960,0.0) dovecot/imap
(postfix,58488,2896,0.0) spawn -n 127.0.0.1:12346 -t inet user=popuser popuser argv=/usr/lib64/plesk-9.0/postfix-srs
(dovenull,43200,4080,0.0) dovecot/imap-login
(popuser,23864,2676,0.0) dovecot/imap
(dovenull,43204,4084,0.0) dovecot/imap-login
(popuser,23992,3140,0.0) dovecot/imap
(dovenull,43200,4084,0.0) dovecot/imap-login
(popuser,23860,2868,0.0) dovecot/imap
(dovenull,43200,4084,0.0) dovecot/imap-login
(popuser,23848,2816,0.0) dovecot/imap
(dovenull,43200,4080,0.0) dovecot/imap-login
(dovenull,43200,4080,0.0) dovecot/imap-login
(popuser,24132,3036,0.0) dovecot/imap
(popuser,23844,2800,0.0) dovecot/imap
(dovenull,43200,4080,0.0) dovecot/imap-login
(popuser,23840,2828,0.0) dovecot/imap
(dovenull,43200,4084,0.0) dovecot/imap-login
(popuser,23844,2624,0.0) dovecot/imap
(dovenull,43200,4080,0.0) dovecot/imap-login
(popuser,23856,2672,0.0) dovecot/imap
(dovenull,43200,4100,0.0) dovecot/imap-login
(popuser,27408,3920,0.0) dovecot/imap
(postfix,94296,7508,0.0) smtpd -n smtp -t inet -u -o stress=
(popuser,12268,1088,0.0) /usr/lib64/plesk-9.0/postfix-srs
(popuser,23908,2780,0.0) dovecot/imap
(dovenull,43200,4104,0.0) dovecot/imap-login
(popuser,24116,3016,0.0) dovecot/imap
(dovenull,43200,4104,0.0) dovecot/imap-login
(popuser,23856,2684,0.0) dovecot/imap
(postfix,70888,3032,0.0) showq -t unix -u
(popuser,23848,2724,0.0) dovecot/imap
(popuser,23624,2308,0.0) dovecot/imap
(dovenull,43204,3104,0.0) dovecot/imap-login
(dovenull,43200,3100,0.0) dovecot/imap-login
(popuser,24132,3068,0.0) dovecot/imap
(dovenull,43200,3104,0.0) dovecot/imap-login
(popuser,23912,2528,0.0) dovecot/imap
(popuser,25600,3116,0.0) dovecot/imap
(dovenull,43200,3100,0.0) dovecot/imap-login
(popuser,24652,2940,0.0) dovecot/imap
(dovenull,43208,3104,0.0) dovecot/imap-login
(postfix,71268,4004,0.0) cleanup -z -t unix -u
(popuser,24056,2512,0.0) dovecot/imap
(popuser,12268,1092,0.0) /usr/lib64/plesk-9.0/postfix-srs
(popuser,23848,2664,0.0) dovecot/imap
(amavis,370340,75964,0.0) /usr/sbin/amavisd (ch15-avail)
(dovenull,43104,4108,0.0) dovecot/imap-login
(popuser,24136,3188,0.0) dovecot/imap
(apache,464424,83328,0.0) /usr/sbin/httpd
(amavis,374544,79008,0.0) /usr/sbin/amavisd (ch14-avail)
(root,3872,644,0.0) plesk bin extension --exec revisium-antivirus ra_executor.php
(psaadm,285788,48604,0.0) /usr/bin/sw-engine -c /usr/local/psa/admin/conf/php.ini /usr/local/psa/bin/extension --exec revisium-antivirus ra_executor.php
(psaadm,11300,1296,0.0) sh -c '/usr/local/psa/admin/bin/php' -dauto_prepend_file=sdk.php '/usr/local/psa/admin/plib/modules/revisium-antivirus/scripts/ra_executor.php' 2>&1
(psaadm,268740,44432,0.0) /usr/bin/sw-engine -c /usr/local/psa/admin/conf/php.ini -dauto_prepend_file=sdk.php /usr/local/psa/admin/plib/modules/revisium-antivirus/scripts/ra_executor.php
(postfix,58488,2896,0.0) spawn -n 127.0.0.1:12346 -t inet user=popuser popuser argv=/usr/lib64/plesk-9.0/postfix-srs
(amavis,364508,64300,0.0) /usr/sbin/amavisd (ch1-avail)
(apache,464352,83032,0.0) /usr/sbin/httpd
(dovenull,43212,1748,0.0) dovecot/imap-login
(popuser,25524,2156,0.0) dovecot/imap
(popuser,23880,2944,0.0) dovecot/imap
(amavis,364196,13628,0.0) /usr/sbin/amavisd (virgin child)
(dovenull,43208,1744,0.0) dovecot/imap-login
(popuser,26976,2164,0.0) dovecot/imap
(postfix,91436,5804,0.0) smtpd -n 127.0.0.1:10025 -t inet -u -c -o content_filter= -o local_recipient_maps= -o relay_recipient_maps= -o smtpd_restriction_classes= -o smtpd_delay_reject=no -o smtpd_client_restrictions=permit_mynetworks,reject -o smtpd_helo_restrictions= -o smtpd_sender_restrictions= -o smtpd_recipient_restrictions=permit_mynetworks,reject -o smtpd_data_restrictions=reject_unauth_pipelining -o smtpd_end_of_data_restrictions= -o mynetworks=127.0.0.0/8 -o smtpd_error_sleep_time=0 -o smtpd_soft_error_limit=1001 -o smtpd_hard_error_limit=1000 -o smtpd_client_connection_count_limit=0 -o smtpd_client_connection_rate_limit=0 -o receive_override_options=no_header_body_checks,no_unknown_recipient_checks
(popuser,27832,3800,0.0) dovecot/imap
(popuser,23848,2976,0.0) dovecot/imap
(popuser,23912,3024,0.0) dovecot/imap
(popuser,24100,3116,0.0) dovecot/imap
(popuser,24204,3140,0.0) dovecot/imap
(dovenull,43200,4104,0.0) dovecot/imap-login
(dovenull,43200,4104,0.0) dovecot/imap-login
(root,13668,1160,0.0) dovecot/ssl-params
(popuser,23852,2760,0.0) dovecot/imap
(popuser,23836,2736,0.0) dovecot/imap
(postfix,94024,6980,0.0) smtpd -n submission -t inet -u -o stress= -o smtpd_enforce_tls=yes -o smtpd_tls_security_level=encrypt -o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions=permit_sasl_authenticated,reject -o smtpd_sender_restrictions= -o smtpd_recipient_restrictions=permit_mynetworks,permit_sasl_authenticated,reject_unauth_destination
(postfix,70720,3012,0.0) proxymap -t unix -u
(dovenull,43104,4108,0.0) dovecot/imap-login
(dovenull,43104,4112,0.0) dovecot/imap-login
(popuser,23624,2292,0.0) dovecot/imap
(popuser,23624,2296,0.0) dovecot/imap
(postfix,43696,2216,0.0) plesk_saslauthd -l -t unix -u status=5 listen=6 dbpath=/var/spool/postfix/plesk/passwd.db
(popuser,23844,2808,0.0) dovecot/imap
(dovenull,43200,4084,0.1) dovecot/imap-login
(popuser,23928,3048,0.0) dovecot/imap
(popuser,23960,3072,0.0) dovecot/imap
(postfix,94184,6552,0.0) smtpd -n smtp -t inet -u -o stress=
(dovenull,43200,4080,0.0) dovecot/imap-login
(popuser,23836,2692,0.0) dovecot/imap
(popuser,23860,2676,0.0) dovecot/imap
(cocori,491584,29800,1.9) /opt/plesk/php/5.6/bin/php-cgi -c /var/www/vhosts/system/forum.hrspace.it/etc/php.ini
(fimppro,789872,115700,24.5) /opt/plesk/php/7.2/bin/php-cgi -c /var/www/vhosts/system/fimp.pro/etc/php.ini
(france12,212156,20664,1.2) /usr/bin/php-cgi -c /var/www/vhosts/system/francescomele.com/etc/php.ini
(dovenull,43200,4072,0.2) dovecot/pop3-login
(popuser,19520,2740,0.0) dovecot/pop3
(fimppro,558432,53144,16.9) /opt/plesk/php/7.1/bin/php-cgi -c /var/www/vhosts/system/demo.fimp.pro/etc/php.ini
(root,110248,1584,0.3) /bin/bash /usr/bin/check_mk_agent
(root,110248,760,0.0) /bin/bash /usr/bin/check_mk_agent
(root,110248,648,0.0) /bin/bash /usr/bin/check_mk_agent
(root,830764,7020,1.4) python /usr/lib64/nagios/plugins/check_blacklist -w 1 -c 3 -h server.serverlinuxxte.com
(root,110248,1532,0.0) /bin/bash /usr/bin/check_mk_agent
(root,13360,1032,0.0) ps ax -o user,vsz,rss,pcpu,command --columns 10000
(root,8388,844,0.0) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4) /
(apache,454700,73964,0.0) /usr/sbin/httpd
(apache,454776,73748,0.0) /usr/sbin/httpd
(dovenull,43204,3112,0.0) dovecot/imap-login
(popuser,24396,3236,0.0) dovecot/imap
(dovenull,43212,1748,0.0) dovecot/imap-login
(popuser,25164,3040,0.0) dovecot/imap
(apache,454172,73200,0.0) /usr/sbin/httpd
(apache,454904,73932,0.0) /usr/sbin/httpd
(apache,455664,74688,0.0) /usr/sbin/httpd
(root,179756,13096,0.3) lfd - sleeping
(dovenull,43212,1748,0.0) dovecot/imap-login
(popuser,27708,4204,0.0) dovecot/imap
      Found on 2023-02-10 20:32

    • Severity: high
      Fingerprint: 03cb82e6f6a6b45342c4bbcbd51b336f6083b8906ad374733d13f17ac6e0d379

      Found public CheckMk agent:
Version: 1.2.4p1
AgentOS: linux
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
SpoolDirectory: /etc/check_mk/spool
AgentDirectory: /etc/check_mk
OnlyFrom: 

Found process list through CheckMk:
(root,33672,1084,0.0) /sbin/init
(root,0,0,0.0) [kthreadd]
(root,0,0,0.0) [migration/0]
(root,0,0,0.0) [ksoftirqd/0]
(root,0,0,0.0) [stopper/0]
(root,0,0,0.0) [watchdog/0]
(root,0,0,0.0) [migration/1]
(root,0,0,0.0) [stopper/1]
(root,0,0,0.0) [ksoftirqd/1]
(root,0,0,0.0) [watchdog/1]
(root,0,0,0.0) [migration/2]
(root,0,0,0.0) [stopper/2]
(root,0,0,0.0) [ksoftirqd/2]
(root,0,0,0.0) [watchdog/2]
(root,0,0,0.0) [migration/3]
(root,0,0,0.0) [stopper/3]
(root,0,0,0.0) [ksoftirqd/3]
(root,0,0,0.0) [watchdog/3]
(root,0,0,0.0) [events/0]
(root,0,0,0.0) [events/1]
(root,0,0,0.0) [events/2]
(root,0,0,0.0) [events/3]
(root,0,0,0.0) [events/0]
(root,0,0,0.0) [events/1]
(root,0,0,0.0) [events/2]
(root,0,0,0.0) [events/3]
(root,0,0,0.0) [events_long/0]
(root,0,0,0.0) [events_long/1]
(root,0,0,0.0) [events_long/2]
(root,0,0,0.0) [events_long/3]
(root,0,0,0.0) [events_power_ef]
(root,0,0,0.0) [events_power_ef]
(root,0,0,0.0) [events_power_ef]
(root,0,0,0.0) [events_power_ef]
(root,0,0,0.0) [cgroup]
(root,0,0,0.0) [khelper]
(root,0,0,0.0) [netns]
(root,0,0,0.0) [async/mgr]
(root,0,0,0.0) [pm]
(root,0,0,0.0) [sync_supers]
(root,0,0,0.0) [bdi-default]
(root,0,0,0.0) [kintegrityd/0]
(root,0,0,0.0) [kintegrityd/1]
(root,0,0,0.0) [kintegrityd/2]
(root,0,0,0.0) [kintegrityd/3]
(root,0,0,0.0) [kblockd/0]
(root,0,0,0.0) [kblockd/1]
(root,0,0,0.0) [kblockd/2]
(root,0,0,0.0) [kblockd/3]
(root,0,0,0.0) [kacpid]
(root,0,0,0.0) [kacpi_notify]
(root,0,0,0.0) [kacpi_hotplug]
(root,0,0,0.0) [ata_aux]
(root,0,0,0.0) [ata_sff/0]
(root,0,0,0.0) [ata_sff/1]
(root,0,0,0.0) [ata_sff/2]
(root,0,0,0.0) [ata_sff/3]
(root,0,0,0.0) [ksuspend_usbd]
(root,0,0,0.0) [khubd]
(root,0,0,0.0) [kseriod]
(root,0,0,0.0) [md/0]
(root,0,0,0.0) [md/1]
(root,0,0,0.0) [md/2]
(root,0,0,0.0) [md/3]
(root,0,0,0.0) [md_misc/0]
(root,0,0,0.0) [md_misc/1]
(root,0,0,0.0) [md_misc/2]
(root,0,0,0.0) [md_misc/3]
(root,0,0,0.0) [linkwatch]
(root,0,0,0.0) [khungtaskd]
(root,0,0,0.0) [lru-add-drain/0]
(root,0,0,0.0) [lru-add-drain/1]
(root,0,0,0.0) [lru-add-drain/2]
(root,0,0,0.0) [lru-add-drain/3]
(root,0,0,0.0) [kswapd0]
(root,0,0,0.0) [ksmd]
(root,0,0,0.0) [khugepaged]
(root,0,0,0.0) [aio/0]
(root,0,0,0.0) [aio/1]
(root,0,0,0.0) [aio/2]
(root,0,0,0.0) [aio/3]
(root,0,0,0.0) [crypto/0]
(root,0,0,0.0) [crypto/1]
(root,0,0,0.0) [crypto/2]
(root,0,0,0.0) [crypto/3]
(root,0,0,0.0) [kthrotld/0]
(root,0,0,0.0) [kthrotld/1]
(root,0,0,0.0) [kthrotld/2]
(root,0,0,0.0) [kthrotld/3]
(root,0,0,0.0) [pciehpd]
(root,0,0,0.0) [kpsmoused]
(root,0,0,0.0) [usbhid_resumer]
(root,0,0,0.0) [deferwq]
(root,0,0,0.0) [kdmremove]
(root,0,0,0.0) [kstriped]
(root,0,0,0.0) [ttm_swap]
(root,0,0,0.0) [scsi_eh_0]
(root,0,0,0.0) [scsi_eh_1]
(root,0,0,0.0) [mpt_poll_0]
(root,0,0,0.0) [mpt/0]
(root,0,0,0.0) [scsi_eh_2]
(root,0,0,0.0) [kdmflush]
(root,0,0,0.0) [kdmflush]
(root,0,0,0.0) [flush-253:0]
(root,0,0,0.0) [jbd2/dm-0-8]
(root,0,0,0.0) [ext4-dio-unwrit]
(root,10984,272,0.0) /sbin/udevd -d
(root,0,0,0.0) [vmmemctl]
(apache,456936,37996,0.0) /usr/sbin/httpd
(apache,456512,37596,0.0) /usr/sbin/httpd
(apache,456868,37740,0.0) /usr/sbin/httpd
(root,10636,252,0.0) /sbin/udevd -d
(root,0,0,0.0) [jbd2/sda1-8]
(root,0,0,0.0) [ext4-dio-unwrit]
(apache,469216,50556,0.0) /usr/sbin/httpd
(root,0,0,0.0) [kauditd]
(root,283592,3384,0.0) /usr/libexec/sssd/sssd_be --domain armada.it --uid 0 --gid 0 --debug-to-files
(root,29764,680,0.0) auditd
(root,411720,11952,0.0) /sbin/rsyslogd -i /var/run/syslogd.pid -c 5
(named,262408,10132,0.0) /usr/sbin/named -u named -c /etc/named.conf -u named -n 2 -t /var/named/chroot
(rpc,19048,688,0.0) rpcbind
(root,223768,1260,0.0) /usr/sbin/sssd -f -D
(root,207940,1516,0.0) /usr/libexec/sssd/sssd_ssh --uid 0 --gid 0 --debug-to-files
(root,225500,1176,0.0) /usr/libexec/sssd/sssd_pac --uid 0 --gid 0 --debug-to-files
(rpcuser,25432,676,0.0) rpc.statd
(dbus,33676,356,0.0) dbus-daemon --system
(10160,14632,252,0.0) magicspam-rate-limiter                                         
(10160,14636,392,0.0) /usr/local/psa/admin/sbin/modules/magicspampro/magicspam-daemon
(10160,1458636,792,0.0) /usr/local/psa/admin/sbin/modules/magicspampro/magicspam-milter -p inet:12345@127.0.0.1
(root,10980,224,0.0) /sbin/udevd -d
(root,466824,976,0.0) automount --pid-file /var/run/autofs.pid
(root,200420,1336,0.0) /usr/sbin/snmpd -LS0-6d -Lf /dev/null -p /var/run/snmpd.pid
(dovenull,43200,4084,0.0) dovecot/imap-login
(root,66288,560,0.0) /usr/sbin/sshd
(popuser,30572,9728,0.0) dovecot/imap
(root,21712,772,0.0) xinetd -stayalive -pidfile /var/run/xinetd.pid
(ntp,42984,1296,0.0) ntpd -x -u ntp:ntp -p /var/run/ntpd.pid
(amavis,364836,64840,0.0) /usr/sbin/amavisd (ch7-avail)
(nagios,53712,748,0.0) nrpe -c /etc/nagios/nrpe.cfg -d
(root,213324,2300,0.1) /usr/bin/vmtoolsd
(postfix,2145324,3396,0.0) /usr/lib64/plesk-9.0/psa-pc-remote -p inet:12768@127.0.0.1 -P /var/run/psa-pc-remote.pid -u postfix -g popuser
(root,90328,1228,0.0) /usr/bin/VGAuthService -s --background=/var/run/vmware/vgauthsvclog_pid.txt
(root,385316,664,0.0) sw-engine-fpm: master process (/etc/sw-engine/sw-engine-fpm.conf)                                          
(root,129368,1192,0.0) crond
(root,21104,304,0.0) /usr/sbin/atd
(root,64632,896,0.0) /usr/sbin/certmonger -S -p /var/run/certmonger.pid
(root,354968,6732,0.0) /usr/bin/sw-engine -c /usr/local/psa/admin/conf/php.ini /usr/local/psa/admin/bin/modules/watchdog/wdcollect -c /usr/local/psa/etc/modules/watchdog/wdcollect.inc.php
(root,195932,2716,0.0) /usr/local/psa/admin/bin/modules/watchdog/monit -Ic /usr/local/psa/etc/modules/watchdog/monitrc
(root,4060,480,0.0) /sbin/mingetty /dev/tty1
(root,4060,480,0.0) /sbin/mingetty /dev/tty2
(root,4060,480,0.0) /sbin/mingetty /dev/tty3
(root,4060,480,0.0) /sbin/mingetty /dev/tty4
(root,4060,480,0.0) /sbin/mingetty /dev/tty5
(root,4060,480,0.0) /sbin/mingetty /dev/tty6
(tomcat,4212548,1054680,1.4) /usr/lib/jvm/java/bin/java -Xms256m -Xmx1024m -XX:PermSize=256m -XX:MaxPermSize=512m -Djavax.sql.DataSource.Factory=org.apache.commons.dbcp.BasicDataSourceFactory -classpath :/usr/share/tomcat6/bin/bootstrap.jar:/usr/share/tomcat6/bin/tomcat-juli.jar:/usr/share/java/commons-daemon.jar -Dcatalina.base=/usr/share/tomcat6 -Dcatalina.home=/usr/share/tomcat6 -Djava.endorsed.dirs= -Djava.io.tmpdir=/var/cache/tomcat6/temp -Djava.util.logging.config.file=/usr/share/tomcat6/conf/logging.properties -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager org.apache.catalina.startup.Bootstrap start
(dovenull,43204,3096,0.0) dovecot/imap-login
(popuser,23912,2500,0.0) dovecot/imap
(dovenull,43208,4100,0.0) dovecot/imap-login
(popuser,23856,2612,0.0) dovecot/imap
(root,414780,1024,0.0) php-fpm: master process (/opt/plesk/php/5.5/etc/php-fpm.conf)
(dovenull,43208,1752,0.0) dovecot/imap-login
(root,52632,400,0.0) sw-cp-server: master process /usr/sbin/sw-cp-serverd -c /etc/sw-cp-server/config
(498,67528,3432,0.0) sw-cp-server: worker process                       
(amavis,364836,65228,0.0) /usr/sbin/amavisd (ch5-avail)
(popuser,24060,2372,0.0) dovecot/imap
(popuser,302696,99324,0.6) spamd child
(dovenull,43200,3096,0.0) dovecot/imap-login
(popuser,24160,2572,0.0) dovecot/imap
(popuser,23868,2668,0.0) dovecot/imap
(apache,468804,50064,0.0) /usr/sbin/httpd
(root,20104,996,0.0) /usr/sbin/dovecot
(dovecot,13804,1076,0.0) dovecot/anvil
(root,13928,1128,0.0) dovecot/log
(root,24068,2824,0.0) dovecot/config
(dovenull,43212,1744,0.0) dovecot/imap-login
(popuser,32224,5656,0.0) dovecot/imap
(postfix,70748,3072,0.0) pickup -l -t fifo -u
(postfix,70888,3036,0.0) showq -t unix -u
(amavis,365676,68688,0.0) /usr/sbin/amavisd (ch2-avail)
(root,108312,784,0.0) /bin/sh /usr/bin/mysqld_safe --datadir=/var/lib/mysql --socket=/var/lib/mysql/mysql.sock --pid-file=/var/run/mysqld/mysqld.pid --basedir=/usr --user=mysql
(postfix,94184,7096,0.0) smtpd -n smtp -t inet -u -o stress=
(mysql,3574128,780868,2.4) /usr/libexec/mysqld --basedir=/usr --datadir=/var/lib/mysql --plugin-dir=/usr/lib64/mysql/plugin --user=mysql --log-error=/var/log/mysqld.log --open-files-limit=8192 --pid-file=/var/run/mysqld/mysqld.pid --socket=/var/lib/mysql/mysql.sock
(dovenull,43204,4084,0.0) dovecot/imap-login
(popuser,32480,4016,0.0) dovecot/imap
(dovenull,43200,4084,0.0) dovecot/imap-login
(popuser,23852,2940,0.0) dovecot/imap
(popuser,287552,84136,0.2) spamd child
(dovenull,43200,4084,0.0) dovecot/imap-login
(dovenull,43200,4080,0.0) dovecot/imap-login
(dovenull,43200,4080,0.0) dovecot/imap-login
(popuser,23864,2956,0.0) dovecot/imap
(popuser,23896,3016,0.0) dovecot/imap
(popuser,23868,2700,0.0) dovecot/imap
(dovenull,43200,4080,0.0) dovecot/imap-login
(popuser,23852,2676,0.0) dovecot/imap
(mailman,216604,1216,0.0) /usr/bin/python /usr/lib/mailman/bin/mailmanctl -s -q start
(mailman,219056,7656,0.0) /usr/bin/python /usr/lib/mailman/bin/qrunner --runner=ArchRunner:0:1 -s
(mailman,218140,6884,0.0) /usr/bin/python /usr/lib/mailman/bin/qrunner --runner=BounceRunner:0:1 -s
(mailman,216248,6792,0.0) /usr/bin/python /usr/lib/mailman/bin/qrunner --runner=CommandRunner:0:1 -s
(mailman,360820,45808,0.0) /usr/bin/python /usr/lib/mailman/bin/qrunner --runner=IncomingRunner:0:1 -s
(mailman,216264,6868,0.0) /usr/bin/python /usr/lib/mailman/bin/qrunner --runner=NewsRunner:0:1 -s
(mailman,220552,7532,0.0) /usr/bin/python /usr/lib/mailman/bin/qrunner --runner=OutgoingRunner:0:1 -s
(mailman,218416,8608,0.0) /usr/bin/python /usr/lib/mailman/bin/qrunner --runner=VirginRunner:0:1 -s
(mailman,216236,2888,0.0) /usr/bin/python /usr/lib/mailman/bin/qrunner --runner=RetryRunner:0:1 -s
(dovenull,43204,4096,0.0) dovecot/imap-login
(popuser,24772,3348,0.0) dovecot/imap
(root,228708,3100,0.0) /usr/libexec/sssd/sssd_nss --uid 0 --gid 0 --debug-to-files
(root,200276,1628,0.0) /usr/libexec/sssd/sssd_sudo --uid 0 --gid 0 --debug-to-files
(postfix,71276,4012,0.0) cleanup -z -t unix -u
(root,214556,1908,0.0) /usr/libexec/sssd/sssd_pam --uid 0 --gid 0 --debug-to-files
(postfix,58488,2928,0.0) spawn -n 127.0.0.1:12346 -t inet user=popuser popuser argv=/usr/lib64/plesk-9.0/postfix-srs
(popuser,12268,1092,0.0) /usr/lib64/plesk-9.0/postfix-srs
(apache,469012,50536,0.0) /usr/sbin/httpd
(apache,469336,50968,0.0) /usr/sbin/httpd
(apache,469564,51188,0.0) /usr/sbin/httpd
(apache,468316,50248,0.0) /usr/sbin/httpd
(apache,468152,49364,0.0) /usr/sbin/httpd
(apache,468820,50596,0.0) /usr/sbin/httpd
(apache,467792,49624,0.0) /usr/sbin/httpd
(apache,468796,50724,0.0) /usr/sbin/httpd
(popuser,23852,2960,0.0) dovecot/imap
(popuser,23836,2656,0.0) dovecot/imap
(popuser,23860,2840,0.0) dovecot/imap
(dovenull,43200,3104,0.0) dovecot/imap-login
(popuser,25892,3100,0.0) dovecot/imap
(amavis,362972,8416,0.0) /usr/sbin/amavisd (master)
(popuser,23996,3156,0.0) dovecot/imap
(amavis,367484,71580,0.0) /usr/sbin/amavisd (ch10-avail)
(amavis,365084,65576,0.0) /usr/sbin/amavisd (ch15-avail)
(dovenull,43200,1648,0.0) dovecot/imap-login
(popuser,23860,1260,0.0) dovecot/imap
(amavis,1479224,1086020,0.4) clamd.amavisd -c /etc/clamd.d/amavisd.conf --pid /var/run/amavisd/clamd.pid
(root,1479412,1080260,0.1) clamd
(popuser,23852,2752,0.0) dovecot/imap
(amavis,374908,84376,0.1) /usr/sbin/amavisd (ch17-avail)
(popuser,23836,2652,0.0) dovecot/imap
(popuser,23864,2956,0.0) dovecot/imap
(amavis,366984,75628,0.1) /usr/sbin/amavisd (ch13-avail)
(dovenull,43200,3108,0.0) dovecot/imap-login
(popuser,24492,2752,0.0) dovecot/imap
(dovenull,43208,4100,0.0) dovecot/imap-login
(popuser,24044,2868,0.0) dovecot/imap
(dovenull,43204,4092,0.0) dovecot/imap-login
(popuser,23872,2728,0.0) dovecot/imap
(postfix,72012,4592,0.0) trivial-rewrite -n rewrite -t unix -u
(popuser,24260,3288,0.0) dovecot/imap
(popuser,23864,2980,0.0) dovecot/imap
(root,281724,80248,0.0) /usr/bin/spamd --create-prefs --daemonize --helper-home-dir=/var/qmail --max-children=5 --nouser-config --username=popuser --virtual-config-dir=/var/qmail/mailnames/%d/%l/.spamassassin -r /var/run/spamd.pid
(popuser,24328,3324,0.0) dovecot/imap
(root,60612,1112,0.0) /usr/libexec/postfix/master -w
(postfix,71244,2532,0.1) qmgr -l -t fifo -u
(postfix,70860,2160,0.0) tlsmgr -l -t unix -u
(postfix,70848,2084,0.0) anvil -l -t unix -u
(popuser,23624,2300,0.0) dovecot/imap
(popuser,23872,2728,0.0) dovecot/imap
(postfix,94184,7096,0.0) smtpd -n smtp -t inet -u -o stress=
(apache,460668,41956,0.0) /usr/sbin/httpd
(apache,460664,41932,0.0) /usr/sbin/httpd
(apache,460236,41160,0.0) /usr/sbin/httpd
(apache,461028,42116,0.0) /usr/sbin/httpd
(root,13668,1160,0.0) dovecot/ssl-params
(apache,461264,42508,0.0) /usr/sbin/httpd
(apache,462092,43400,0.0) /usr/sbin/httpd
(amavis,364508,64240,0.1) /usr/sbin/amavisd (ch1-avail)
(popuser,23852,2940,0.0) dovecot/imap
(popuser,23848,2672,0.0) dovecot/imap
(dovenull,43200,4080,0.0) dovecot/imap-login
(popuser,23948,3008,0.0) dovecot/imap
(postfix,94184,7060,0.0) smtpd -n smtp -t inet -u -o stress=
(postfix,58488,2900,0.0) spawn -n 127.0.0.1:12346 -t inet user=popuser popuser argv=/usr/lib64/plesk-9.0/postfix-srs
(dovenull,43204,3120,0.0) dovecot/imap-login
(popuser,24092,2800,0.0) dovecot/imap
(postfix,71268,4000,0.0) cleanup -z -t unix -u
(postfix,71316,4072,0.0) smtp -n amavisd -t unix -u -c -o smtp_data_done_timeout=1200 -o smtp_send_xforward_command=yes -o disable_dns_lookups=yes -o max_use=20
(postfix,91436,5812,0.0) smtpd -n 127.0.0.1:10025 -t inet -u -c -o content_filter= -o local_recipient_maps= -o relay_recipient_maps= -o smtpd_restriction_classes= -o smtpd_delay_reject=no -o smtpd_client_restrictions=permit_mynetworks,reject -o smtpd_helo_restrictions= -o smtpd_sender_restrictions= -o smtpd_recipient_restrictions=permit_mynetworks,reject -o smtpd_data_restrictions=reject_unauth_pipelining -o smtpd_end_of_data_restrictions= -o mynetworks=127.0.0.0/8 -o smtpd_error_sleep_time=0 -o smtpd_soft_error_limit=1001 -o smtpd_hard_error_limit=1000 -o smtpd_client_connection_count_limit=0 -o smtpd_client_connection_rate_limit=0 -o receive_override_options=no_header_body_checks,no_unknown_recipient_checks
(popuser,12268,1088,0.0) /usr/lib64/plesk-9.0/postfix-srs
(postfix,59168,3968,0.0) local -t unix
(postfix,71180,3992,0.0) smtp -t unix -u
(postfix,70796,3128,0.0) bounce -z -t unix -u
(dovenull,43200,4084,0.0) dovecot/imap-login
(popuser,23852,2844,0.0) dovecot/imap
(cocori,491584,30696,1.7) /opt/plesk/php/5.6/bin/php-cgi -c /var/www/vhosts/system/forum.hrspace.it/etc/php.ini
(postfix,70796,3072,0.0) bounce -z -n defer -t unix -u
(wilkit,219572,28344,1.9) /usr/bin/php-cgi -c /var/www/vhosts/system/wilk.it/etc/php.ini
(christi1,397860,43744,3.6) /opt/plesk/php/5.6/bin/php-cgi -c /var/www/vhosts/system/christiandesicafanclub.it/etc/php.ini
(matteogr,208796,17436,1.8) /usr/bin/php-cgi -c /var/www/vhosts/system/matteogroppi.it/etc/php.ini
(postfix,43696,2796,0.0) plesk_saslauthd -l -t unix -u status=5 listen=6 dbpath=/var/spool/postfix/plesk/passwd.db
(popuser,23860,2744,0.0) dovecot/imap
(popuser,23868,2700,0.0) dovecot/imap
(dovenull,43208,4004,0.1) dovecot/imap-login
(dovenull,43208,4000,0.2) dovecot/imap-login
(marcopol,340284,36736,7.1) /opt/plesk/php/5.5/bin/php-cgi -c /var/www/vhosts/system/marcopolzelli.net/etc/php.ini
(fimppro,461416,50428,6.5) /opt/plesk/php/7.1/bin/php-cgi -c /var/www/vhosts/system/demo.fimp.pro/etc/php.ini
(root,110248,1588,0.6) /bin/bash /usr/bin/check_mk_agent
(root,110248,764,0.0) /bin/bash /usr/bin/check_mk_agent
(root,110248,652,0.0) /bin/bash /usr/bin/check_mk_agent
(root,830764,7020,1.6) python /usr/lib64/nagios/plugins/check_blacklist -w 1 -c 3 -h server.serverlinuxxte.com
(root,110248,1536,0.0) /bin/bash /usr/bin/check_mk_agent
(root,13360,1024,2.0) ps ax -o user,vsz,rss,pcpu,command --columns 10000
(root,8388,844,0.0) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4) /
(amavis,366120,69364,0.0) /usr/sbin/amavisd (ch16-avail)
(amavis,368148,76864,0.0) /usr/sbin/amavisd (ch20-26233-20)
(root,176872,24192,0.4) lfd - sleeping
(root,436956,31832,0.0) /usr/sbin/httpd
(apache,342444,19952,0.0) /usr/sbin/httpd
(root,3872,1424,0.0) plesk bin extension --exec revisium-antivirus ra_executor.php
(psaadm,286776,49616,0.0) /usr/bin/sw-engine -c /usr/local/psa/admin/conf/php.ini /usr/local/psa/bin/extension --exec revisium-antivirus ra_executor.php
(psaadm,11300,1296,0.0) sh -c '/usr/local/psa/admin/bin/php' -dauto_prepend_file=sdk.php '/usr/local/psa/admin/plib/modules/revisium-antivirus/scripts/ra_executor.php' 2>&1
(psaadm,269720,45432,0.0) /usr/bin/sw-engine -c /usr/local/psa/admin/conf/php.ini -dauto_prepend_file=sdk.php /usr/local/psa/admin/plib/modules/revisium-antivirus/scripts/ra_executor.php
(amavis,367284,73084,0.0) /usr/sbin/amavisd (ch4-avail)
(apache,468136,49788,0.0) /usr/sbin/httpd
(dovenull,43208,4096,0.0) dovecot/imap-login
(popuser,24980,2712,0.0) dovecot/imap
(dovenull,43212,1748,0.0) dovecot/imap-login
(popuser,25524,3088,0.0) dovecot/imap
(postfix,94036,7068,0.0) smtpd -n submission -t inet -u -o stress= -o smtpd_enforce_tls=yes -o smtpd_tls_security_level=encrypt -o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions=permit_sasl_authenticated,reject -o smtpd_sender_restrictions= -o smtpd_recipient_restrictions=permit_mynetworks,permit_sasl_authenticated,reject_unauth_destination
(postfix,58488,2932,0.0) spawn -n 127.0.0.1:12346 -t inet user=popuser popuser argv=/usr/lib64/plesk-9.0/postfix-srs
(popuser,12268,1088,0.0) /usr/lib64/plesk-9.0/postfix-srs
(dovenull,43208,1744,0.0) dovecot/imap-login
(root,38524,3268,0.0) dovecot/auth
(popuser,26976,3832,0.0) dovecot/imap
(dovenull,43200,4092,0.0) dovecot/imap-login
(popuser,24424,2700,0.0) dovecot/imap
(dovenull,43200,4100,0.0) dovecot/imap-login
(popuser,23868,2608,0.0) dovecot/imap
(amavis,365208,66072,0.0) /usr/sbin/amavisd (ch3-avail)
(dovenull,43204,3112,0.0) dovecot/imap-login
(popuser,24392,3132,0.0) dovecot/imap
(dovenull,43212,1748,0.0) dovecot/imap-login
(popuser,25164,3032,0.0) dovecot/imap
(dovenull,43208,4120,0.0) dovecot/imap-login
(popuser,23976,2872,0.0) dovecot/imap
(dovenull,43212,1748,0.0) dovecot/imap-login
(popuser,27700,4056,0.0) dovecot/imap
      Found on 2023-02-04 00:42

    • Severity: high
      Fingerprint: 03cb82e6f6a6b45342c4bbcbd51b336f6083b8906ad374733d13f17a40e353c9

      Found public CheckMk agent:
Version: 1.2.4p1
AgentOS: linux
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
SpoolDirectory: /etc/check_mk/spool
AgentDirectory: /etc/check_mk
OnlyFrom: 

Found process list through CheckMk:
(root,33672,1084,0.0) /sbin/init
(root,0,0,0.0) [kthreadd]
(root,0,0,0.0) [migration/0]
(root,0,0,0.0) [ksoftirqd/0]
(root,0,0,0.0) [stopper/0]
(root,0,0,0.0) [watchdog/0]
(root,0,0,0.0) [migration/1]
(root,0,0,0.0) [stopper/1]
(root,0,0,0.0) [ksoftirqd/1]
(root,0,0,0.0) [watchdog/1]
(root,0,0,0.0) [migration/2]
(root,0,0,0.0) [stopper/2]
(root,0,0,0.0) [ksoftirqd/2]
(root,0,0,0.0) [watchdog/2]
(root,0,0,0.0) [migration/3]
(root,0,0,0.0) [stopper/3]
(root,0,0,0.0) [ksoftirqd/3]
(root,0,0,0.0) [watchdog/3]
(root,0,0,0.0) [events/0]
(root,0,0,0.0) [events/1]
(root,0,0,0.0) [events/2]
(root,0,0,0.0) [events/3]
(root,0,0,0.0) [events/0]
(root,0,0,0.0) [events/1]
(root,0,0,0.0) [events/2]
(root,0,0,0.0) [events/3]
(root,0,0,0.0) [events_long/0]
(root,0,0,0.0) [events_long/1]
(root,0,0,0.0) [events_long/2]
(root,0,0,0.0) [events_long/3]
(root,0,0,0.0) [events_power_ef]
(root,0,0,0.0) [events_power_ef]
(root,0,0,0.0) [events_power_ef]
(root,0,0,0.0) [events_power_ef]
(root,0,0,0.0) [cgroup]
(root,0,0,0.0) [khelper]
(root,0,0,0.0) [netns]
(root,0,0,0.0) [async/mgr]
(root,0,0,0.0) [pm]
(root,0,0,0.0) [sync_supers]
(root,0,0,0.0) [bdi-default]
(root,0,0,0.0) [kintegrityd/0]
(root,0,0,0.0) [kintegrityd/1]
(root,0,0,0.0) [kintegrityd/2]
(root,0,0,0.0) [kintegrityd/3]
(root,0,0,0.0) [kblockd/0]
(root,0,0,0.0) [kblockd/1]
(root,0,0,0.0) [kblockd/2]
(root,0,0,0.0) [kblockd/3]
(root,0,0,0.0) [kacpid]
(root,0,0,0.0) [kacpi_notify]
(root,0,0,0.0) [kacpi_hotplug]
(root,0,0,0.0) [ata_aux]
(root,0,0,0.0) [ata_sff/0]
(root,0,0,0.0) [ata_sff/1]
(root,0,0,0.0) [ata_sff/2]
(root,0,0,0.0) [ata_sff/3]
(root,0,0,0.0) [ksuspend_usbd]
(root,0,0,0.0) [khubd]
(root,0,0,0.0) [kseriod]
(root,0,0,0.0) [md/0]
(root,0,0,0.0) [md/1]
(root,0,0,0.0) [md/2]
(root,0,0,0.0) [md/3]
(root,0,0,0.0) [md_misc/0]
(root,0,0,0.0) [md_misc/1]
(root,0,0,0.0) [md_misc/2]
(root,0,0,0.0) [md_misc/3]
(root,0,0,0.0) [linkwatch]
(root,0,0,0.0) [khungtaskd]
(root,0,0,0.0) [lru-add-drain/0]
(root,0,0,0.0) [lru-add-drain/1]
(root,0,0,0.0) [lru-add-drain/2]
(root,0,0,0.0) [lru-add-drain/3]
(root,0,0,0.0) [kswapd0]
(root,0,0,0.0) [ksmd]
(root,0,0,0.0) [khugepaged]
(root,0,0,0.0) [aio/0]
(root,0,0,0.0) [aio/1]
(root,0,0,0.0) [aio/2]
(root,0,0,0.0) [aio/3]
(root,0,0,0.0) [crypto/0]
(root,0,0,0.0) [crypto/1]
(root,0,0,0.0) [crypto/2]
(root,0,0,0.0) [crypto/3]
(root,0,0,0.0) [kthrotld/0]
(root,0,0,0.0) [kthrotld/1]
(root,0,0,0.0) [kthrotld/2]
(root,0,0,0.0) [kthrotld/3]
(root,0,0,0.0) [pciehpd]
(root,0,0,0.0) [kpsmoused]
(root,0,0,0.0) [usbhid_resumer]
(root,0,0,0.0) [deferwq]
(root,0,0,0.0) [kdmremove]
(root,0,0,0.0) [kstriped]
(root,0,0,0.0) [ttm_swap]
(postfix,71280,4016,0.0) cleanup -z -t unix -u
(postfix,58488,2900,0.0) spawn -n 127.0.0.1:12346 -t inet user=popuser popuser argv=/usr/lib64/plesk-9.0/postfix-srs
(popuser,12268,1096,0.0) /usr/lib64/plesk-9.0/postfix-srs
(root,0,0,0.0) [scsi_eh_0]
(root,0,0,0.0) [scsi_eh_1]
(root,0,0,0.0) [mpt_poll_0]
(root,0,0,0.0) [mpt/0]
(root,0,0,0.0) [scsi_eh_2]
(root,0,0,0.0) [kdmflush]
(root,0,0,0.0) [kdmflush]
(postfix,91436,5804,0.0) smtpd -n 127.0.0.1:10025 -t inet -u -c -o content_filter= -o local_recipient_maps= -o relay_recipient_maps= -o smtpd_restriction_classes= -o smtpd_delay_reject=no -o smtpd_client_restrictions=permit_mynetworks,reject -o smtpd_helo_restrictions= -o smtpd_sender_restrictions= -o smtpd_recipient_restrictions=permit_mynetworks,reject -o smtpd_data_restrictions=reject_unauth_pipelining -o smtpd_end_of_data_restrictions= -o mynetworks=127.0.0.0/8 -o smtpd_error_sleep_time=0 -o smtpd_soft_error_limit=1001 -o smtpd_hard_error_limit=1000 -o smtpd_client_connection_count_limit=0 -o smtpd_client_connection_rate_limit=0 -o receive_override_options=no_header_body_checks,no_unknown_recipient_checks
(root,0,0,0.0) [flush-253:0]
(root,0,0,0.0) [jbd2/dm-0-8]
(root,0,0,0.0) [ext4-dio-unwrit]
(root,10984,272,0.0) /sbin/udevd -d
(amavis,364508,63732,0.1) /usr/sbin/amavisd (ch1-avail)
(root,0,0,0.0) [vmmemctl]
(popuser,23928,3036,0.0) dovecot/imap
(popuser,23848,2976,0.0) dovecot/imap
(popuser,23852,2664,0.0) dovecot/imap
(popuser,23868,2688,0.0) dovecot/imap
(popuser,12268,1092,0.0) /usr/lib64/plesk-9.0/postfix-srs
(popuser,23864,2840,0.0) dovecot/imap
(popuser,23876,2812,0.0) dovecot/imap
(root,10636,252,0.0) /sbin/udevd -d
(root,0,0,0.0) [jbd2/sda1-8]
(root,0,0,0.0) [ext4-dio-unwrit]
(postfix,58488,2900,0.0) spawn -n 127.0.0.1:12346 -t inet user=popuser popuser argv=/usr/lib64/plesk-9.0/postfix-srs
(popuser,12268,1092,0.0) /usr/lib64/plesk-9.0/postfix-srs
(postfix,71180,3996,0.0) smtp -t unix -u
(postfix,58560,3080,0.0) pipe -n plesk_virtual -t unix flags=DORhu user=popuser popuser argv=/usr/lib64/plesk-9.0/postfix-local -f ${sender} -d ${recipient} -p /var/qmail/mailnames
(root,0,0,0.0) [kauditd]
(postfix,58488,2932,0.0) spawn -n 127.0.0.1:12346 -t inet user=popuser popuser argv=/usr/lib64/plesk-9.0/postfix-srs
(root,283592,3088,0.0) /usr/libexec/sssd/sssd_be --domain armada.it --uid 0 --gid 0 --debug-to-files
(root,29764,672,0.0) auditd
(root,411720,11988,0.0) /sbin/rsyslogd -i /var/run/syslogd.pid -c 5
(named,262408,15704,0.0) /usr/sbin/named -u named -c /etc/named.conf -u named -n 2 -t /var/named/chroot
(rpc,19048,648,0.0) rpcbind
(root,223768,1260,0.0) /usr/sbin/sssd -f -D
(root,207940,1516,0.0) /usr/libexec/sssd/sssd_ssh --uid 0 --gid 0 --debug-to-files
(root,225500,1176,0.0) /usr/libexec/sssd/sssd_pac --uid 0 --gid 0 --debug-to-files
(postfix,59168,3980,0.0) local -t unix
(postfix,70796,3132,0.0) bounce -z -t unix -u
(rpcuser,25432,676,0.0) rpc.statd
(postfix,94020,7096,0.0) smtpd -n smtps -t inet -u -o stress= -o smtpd_tls_wrappermode=yes
(dbus,33676,356,0.0) dbus-daemon --system
(10160,14632,252,0.0) magicspam-rate-limiter                                         
(10160,14636,392,0.0) /usr/local/psa/admin/sbin/modules/magicspampro/magicspam-daemon
(dovenull,43204,3112,0.0) dovecot/imap-login
(popuser,24144,3076,0.0) dovecot/imap
(10160,1458636,760,0.0) /usr/local/psa/admin/sbin/modules/magicspampro/magicspam-milter -p inet:12345@127.0.0.1
(root,10980,224,0.0) /sbin/udevd -d
(root,466824,976,0.0) automount --pid-file /var/run/autofs.pid
(dovenull,43104,4092,0.0) dovecot/imap-login
(root,200420,1340,0.0) /usr/sbin/snmpd -LS0-6d -Lf /dev/null -p /var/run/snmpd.pid
(dovenull,43104,4092,0.0) dovecot/imap-login
(root,66288,560,0.0) /usr/sbin/sshd
(root,21712,772,0.0) xinetd -stayalive -pidfile /var/run/xinetd.pid
(ntp,42984,1296,0.0) ntpd -x -u ntp:ntp -p /var/run/ntpd.pid
(postfix,91436,5812,0.0) smtpd -n 127.0.0.1:10025 -t inet -u -c -o content_filter= -o local_recipient_maps= -o relay_recipient_maps= -o smtpd_restriction_classes= -o smtpd_delay_reject=no -o smtpd_client_restrictions=permit_mynetworks,reject -o smtpd_helo_restrictions= -o smtpd_sender_restrictions= -o smtpd_recipient_restrictions=permit_mynetworks,reject -o smtpd_data_restrictions=reject_unauth_pipelining -o smtpd_end_of_data_restrictions= -o mynetworks=127.0.0.0/8 -o smtpd_error_sleep_time=0 -o smtpd_soft_error_limit=1001 -o smtpd_hard_error_limit=1000 -o smtpd_client_connection_count_limit=0 -o smtpd_client_connection_rate_limit=0 -o receive_override_options=no_header_body_checks,no_unknown_recipient_checks
(dovenull,43200,4104,0.0) dovecot/imap-login
(amavis,374108,82968,0.2) /usr/sbin/amavisd (ch13-avail)
(popuser,24076,2900,0.0) dovecot/imap
(dovenull,43200,4104,0.0) dovecot/imap-login
(postfix,70732,3016,0.0) scache -l -t unix -u
(popuser,23508,2216,0.0) dovecot/imap
(nagios,53712,748,0.0) nrpe -c /etc/nagios/nrpe.cfg -d
(popuser,23624,2296,0.0) dovecot/imap
(popuser,23868,2736,0.0) dovecot/imap
(root,213324,2300,0.1) /usr/bin/vmtoolsd
(postfix,2145320,2992,0.0) /usr/lib64/plesk-9.0/psa-pc-remote -p inet:12768@127.0.0.1 -P /var/run/psa-pc-remote.pid -u postfix -g popuser
(root,90328,1228,0.0) /usr/bin/VGAuthService -s --background=/var/run/vmware/vgauthsvclog_pid.txt
(cocori,491092,30372,4.3) /opt/plesk/php/5.6/bin/php-cgi -c /var/www/vhosts/system/forum.hrspace.it/etc/php.ini
(cinofili,434136,96476,8.6) /opt/plesk/php/5.6/bin/php-cgi -c /var/www/vhosts/system/cinofiliagentile.it/etc/php.ini
(postfix,70748,2984,0.0) pickup -l -t fifo -u
(fimppro,474356,96924,8.7) /opt/plesk/php/7.2/bin/php-cgi -c /var/www/vhosts/system/fimp.pro/etc/php.ini
(cinofili,432536,96128,8.7) /opt/plesk/php/5.6/bin/php-cgi -c /var/www/vhosts/system/cinofiliagentile.it/etc/php.ini
(popuser,23848,2912,0.0) dovecot/imap
(postfix,70888,3028,0.0) showq -t unix -u
(dovenull,42940,3704,0.0) dovecot/pop3-login
(postfix,71180,3988,0.0) smtp -t unix -u
(postfix,71180,3988,0.0) smtp -t unix -u
(postfix,71180,3988,0.0) smtp -t unix -u
(postfix,70796,3076,0.0) bounce -z -n defer -t unix -u
(postfix,70796,3072,0.0) bounce -z -n defer -t unix -u
(postfix,70796,3072,0.0) bounce -z -n defer -t unix -u
(root,110248,1584,0.5) /bin/bash /usr/bin/check_mk_agent
(quartett,463200,51208,25.1) /opt/plesk/php/7.2/bin/php-cgi -c /var/www/vhosts/system/quartettoprometeo.com/etc/php.ini
(root,110248,760,0.0) /bin/bash /usr/bin/check_mk_agent
(root,110248,648,0.0) /bin/bash /usr/bin/check_mk_agent
(root,830760,7020,2.2) python /usr/lib64/nagios/plugins/check_blacklist -w 1 -c 3 -h server.serverlinuxxte.com
(christi1,398552,47328,37.3) /opt/plesk/php/5.6/bin/php-cgi -c /var/www/vhosts/system/christiandesicafanclub.it/etc/php.ini
(root,110248,1536,0.0) /bin/bash /usr/bin/check_mk_agent
(root,13364,1028,2.0) ps ax -o user,vsz,rss,pcpu,command --columns 10000
(root,8388,844,0.0) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4) /
(popuser,33736,5792,0.0) dovecot/imap
(popuser,23856,2832,0.0) dovecot/imap
(popuser,23844,2660,0.0) dovecot/imap
(popuser,24196,3264,0.0) dovecot/imap
(root,385316,676,0.0) sw-engine-fpm: master process (/etc/sw-engine/sw-engine-fpm.conf)                                          
(amavis,377972,88352,0.2) /usr/sbin/amavisd (ch19-avail)
(root,129368,1208,0.0) crond
(root,21104,304,0.0) /usr/sbin/atd
(root,64632,896,0.0) /usr/sbin/certmonger -S -p /var/run/certmonger.pid
(root,354968,6732,0.0) /usr/bin/sw-engine -c /usr/local/psa/admin/conf/php.ini /usr/local/psa/admin/bin/modules/watchdog/wdcollect -c /usr/local/psa/etc/modules/watchdog/wdcollect.inc.php
(root,195932,2712,0.0) /usr/local/psa/admin/bin/modules/watchdog/monit -Ic /usr/local/psa/etc/modules/watchdog/monitrc
(root,4060,480,0.0) /sbin/mingetty /dev/tty1
(root,4060,480,0.0) /sbin/mingetty /dev/tty2
(root,4060,480,0.0) /sbin/mingetty /dev/tty3
(root,4060,480,0.0) /sbin/mingetty /dev/tty4
(root,4060,480,0.0) /sbin/mingetty /dev/tty5
(root,4060,480,0.0) /sbin/mingetty /dev/tty6
(amavis,367892,76264,0.2) /usr/sbin/amavisd (ch12-avail)
(root,179172,26400,0.5) lfd - sleeping
(root,281656,80188,0.0) /usr/bin/spamd --create-prefs --daemonize --helper-home-dir=/var/qmail --max-children=5 --nouser-config --username=popuser --virtual-config-dir=/var/qmail/mailnames/%d/%l/.spamassassin -r /var/run/spamd.pid
(popuser,25008,2740,0.0) dovecot/imap
(tomcat,4212548,1324872,1.3) /usr/lib/jvm/java/bin/java -Xms256m -Xmx1024m -XX:PermSize=256m -XX:MaxPermSize=512m -Djavax.sql.DataSource.Factory=org.apache.commons.dbcp.BasicDataSourceFactory -classpath :/usr/share/tomcat6/bin/bootstrap.jar:/usr/share/tomcat6/bin/tomcat-juli.jar:/usr/share/java/commons-daemon.jar -Dcatalina.base=/usr/share/tomcat6 -Dcatalina.home=/usr/share/tomcat6 -Djava.endorsed.dirs= -Djava.io.tmpdir=/var/cache/tomcat6/temp -Djava.util.logging.config.file=/usr/share/tomcat6/conf/logging.properties -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager org.apache.catalina.startup.Bootstrap start
(dovenull,43204,3096,0.0) dovecot/imap-login
(popuser,23912,2500,0.0) dovecot/imap
(root,414780,1024,0.0) php-fpm: master process (/opt/plesk/php/5.5/etc/php-fpm.conf)
(dovenull,43208,1752,0.0) dovecot/imap-login
(root,52632,400,0.0) sw-cp-server: master process /usr/sbin/sw-cp-serverd -c /etc/sw-cp-server/config
(498,67528,3844,0.0) sw-cp-server: worker process                       
(popuser,24060,2240,0.0) dovecot/imap
(dovenull,43200,3096,0.0) dovecot/imap-login
(popuser,24160,2608,0.0) dovecot/imap
(root,20104,988,0.0) /usr/sbin/dovecot
(dovecot,13804,1076,0.0) dovecot/anvil
(root,13928,1136,0.0) dovecot/log
(root,24068,2836,0.0) dovecot/config
(amavis,367560,73328,0.1) /usr/sbin/amavisd (ch12-avail)
(dovenull,43212,1744,0.0) dovecot/imap-login
(popuser,32224,4292,0.0) dovecot/imap
(popuser,299680,96284,1.0) spamd child
(root,108312,784,0.0) /bin/sh /usr/bin/mysqld_safe --datadir=/var/lib/mysql --socket=/var/lib/mysql/mysql.sock --pid-file=/var/run/mysqld/mysqld.pid --basedir=/usr --user=mysql
(mysql,3574128,818360,2.4) /usr/libexec/mysqld --basedir=/usr --datadir=/var/lib/mysql --plugin-dir=/usr/lib64/mysql/plugin --user=mysql --log-error=/var/log/mysqld.log --open-files-limit=8192 --pid-file=/var/run/mysqld/mysqld.pid --socket=/var/lib/mysql/mysql.sock
(dovenull,43200,3100,0.0) dovecot/imap-login
(popuser,24828,2816,0.0) dovecot/imap
(mailman,216604,1596,0.0) /usr/bin/python /usr/lib/mailman/bin/mailmanctl -s -q start
(mailman,219056,6960,0.0) /usr/bin/python /usr/lib/mailman/bin/qrunner --runner=ArchRunner:0:1 -s
(mailman,218140,6884,0.0) /usr/bin/python /usr/lib/mailman/bin/qrunner --runner=BounceRunner:0:1 -s
(mailman,216248,6792,0.0) /usr/bin/python /usr/lib/mailman/bin/qrunner --runner=CommandRunner:0:1 -s
(mailman,360820,19776,0.0) /usr/bin/python /usr/lib/mailman/bin/qrunner --runner=IncomingRunner:0:1 -s
(mailman,216264,6868,0.0) /usr/bin/python /usr/lib/mailman/bin/qrunner --runner=NewsRunner:0:1 -s
(mailman,220552,9732,0.0) /usr/bin/python /usr/lib/mailman/bin/qrunner --runner=OutgoingRunner:0:1 -s
(mailman,218416,9068,0.0) /usr/bin/python /usr/lib/mailman/bin/qrunner --runner=VirginRunner:0:1 -s
(mailman,216236,2888,0.0) /usr/bin/python /usr/lib/mailman/bin/qrunner --runner=RetryRunner:0:1 -s
(root,228708,3064,0.0) /usr/libexec/sssd/sssd_nss --uid 0 --gid 0 --debug-to-files
(root,200276,1624,0.0) /usr/libexec/sssd/sssd_sudo --uid 0 --gid 0 --debug-to-files
(root,214556,1860,0.0) /usr/libexec/sssd/sssd_pam --uid 0 --gid 0 --debug-to-files
(dovenull,43200,3112,0.0) dovecot/imap-login
(popuser,25892,3332,0.0) dovecot/imap
(amavis,362972,8472,0.0) /usr/sbin/amavisd (master)
(amavis,370716,78676,0.1) /usr/sbin/amavisd (ch6-15527-06)
(dovenull,43200,1648,0.0) dovecot/imap-login
(popuser,23860,1260,0.0) dovecot/imap
(amavis,1479224,1091924,0.4) clamd.amavisd -c /etc/clamd.d/amavisd.conf --pid /var/run/amavisd/clamd.pid
(root,1479412,1084560,0.1) clamd
(popuser,23868,2976,0.0) dovecot/imap
(dovenull,43200,4116,0.0) dovecot/imap-login
(popuser,23832,2648,0.0) dovecot/imap
(dovenull,43200,3108,0.0) dovecot/imap-login
(popuser,24488,3164,0.0) dovecot/imap
(popuser,23996,2748,0.0) dovecot/imap
(popuser,23860,2788,0.0) dovecot/imap
(dovenull,43104,4108,0.0) dovecot/imap-login
(dovenull,43200,4104,0.0) dovecot/imap-login
(dovenull,43200,4104,0.0) dovecot/imap-login
(dovenull,43200,4104,0.0) dovecot/imap-login
(popuser,30100,6884,0.0) dovecot/imap
(popuser,24124,3140,0.0) dovecot/imap
(popuser,24012,3040,0.0) dovecot/imap
(popuser,24116,3144,0.0) dovecot/imap
(dovenull,43200,4108,0.0) dovecot/imap-login
(dovenull,43200,4104,0.0) dovecot/imap-login
(dovenull,43104,4112,0.0) dovecot/imap-login
(popuser,23932,3160,0.0) dovecot/imap
(popuser,23836,2788,0.0) dovecot/imap
(popuser,23836,2788,0.0) dovecot/imap
(dovenull,43104,4108,0.0) dovecot/imap-login
(popuser,24132,3192,0.0) dovecot/imap
(dovenull,43104,4104,0.0) dovecot/imap-login
(popuser,23852,2660,0.0) dovecot/imap
(dovenull,43104,4104,0.0) dovecot/imap-login
(popuser,24060,2900,0.0) dovecot/imap
(dovenull,43200,3116,0.0) dovecot/imap-login
(popuser,25544,3404,0.0) dovecot/imap
(root,60612,1112,0.0) /usr/libexec/postfix/master -w
(postfix,71208,2340,0.1) qmgr -l -t fifo -u
(postfix,70860,2168,0.0) tlsmgr -l -t unix -u
(postfix,70848,2080,0.0) anvil -l -t unix -u
(postfix,72020,4660,0.0) trivial-rewrite -n rewrite -t unix -u
(popuser,290324,86876,0.5) spamd child
(popuser,26720,3976,0.0) dovecot/imap
(amavis,374456,84324,0.2) /usr/sbin/amavisd (ch19-avail)
(dovenull,43204,4104,0.0) dovecot/imap-login
(popuser,24092,3160,0.0) dovecot/imap
(popuser,23852,2940,0.0) dovecot/imap
(postfix,71296,4036,0.0) cleanup -z -t unix -u
(postfix,91436,5836,0.0) smtpd -n 127.0.0.1:10025 -t inet -u -c -o content_filter= -o local_recipient_maps= -o relay_recipient_maps= -o smtpd_restriction_classes= -o smtpd_delay_reject=no -o smtpd_client_restrictions=permit_mynetworks,reject -o smtpd_helo_restrictions= -o smtpd_sender_restrictions= -o smtpd_recipient_restrictions=permit_mynetworks,reject -o smtpd_data_restrictions=reject_unauth_pipelining -o smtpd_end_of_data_restrictions= -o mynetworks=127.0.0.0/8 -o smtpd_error_sleep_time=0 -o smtpd_soft_error_limit=1001 -o smtpd_hard_error_limit=1000 -o smtpd_client_connection_count_limit=0 -o smtpd_client_connection_rate_limit=0 -o receive_override_options=no_header_body_checks,no_unknown_recipient_checks
(popuser,12268,1092,0.0) /usr/lib64/plesk-9.0/postfix-srs
(popuser,23844,2676,0.0) dovecot/imap
(dovenull,43208,4112,0.0) dovecot/imap-login
(popuser,23624,2312,0.0) dovecot/imap
(amavis,373872,83088,0.1) /usr/sbin/amavisd (ch19-avail)
(dovenull,43208,4112,0.0) dovecot/imap-login
(popuser,24076,3088,0.0) dovecot/imap
(amavis,373492,79520,0.1) /usr/sbin/amavisd (ch16-avail)
(amavis,370912,79664,0.1) /usr/sbin/amavisd (ch16-avail)
(dovenull,43200,4100,0.0) dovecot/imap-login
(popuser,24788,3796,0.0) dovecot/imap
(popuser,23872,2756,0.0) dovecot/imap
(root,436956,73936,0.0) /usr/sbin/httpd
(apache,342444,59040,0.1) /usr/sbin/httpd
(apache,451280,70048,0.0) /usr/sbin/httpd
(apache,451220,70016,0.1) /usr/sbin/httpd
(apache,452952,69852,0.0) /usr/sbin/httpd
(apache,451144,69860,0.0) /usr/sbin/httpd
(apache,451632,70452,0.0) /usr/sbin/httpd
(apache,451516,70264,0.0) /usr/sbin/httpd
(apache,451956,70688,0.0) /usr/sbin/httpd
(apache,451796,70600,0.0) /usr/sbin/httpd
(apache,451268,69992,0.0) /usr/sbin/httpd
(root,3872,1396,0.0) plesk bin extension --exec revisium-antivirus ra_executor.php
(psaadm,286536,49408,0.0) /usr/bin/sw-engine -c /usr/local/psa/admin/conf/php.ini /usr/local/psa/bin/extension --exec revisium-antivirus ra_executor.php
(psaadm,11300,1296,0.0) sh -c '/usr/local/psa/admin/bin/php' -dauto_prepend_file=sdk.php '/usr/local/psa/admin/plib/modules/revisium-antivirus/scripts/ra_executor.php' 2>&1
(psaadm,269480,45240,0.0) /usr/bin/sw-engine -c /usr/local/psa/admin/conf/php.ini -dauto_prepend_file=sdk.php /usr/local/psa/admin/plib/modules/revisium-antivirus/scripts/ra_executor.php
(postfix,58488,2900,0.0) spawn -n 127.0.0.1:12346 -t inet user=popuser popuser argv=/usr/lib64/plesk-9.0/postfix-srs
(root,13668,1160,0.0) dovecot/ssl-params
(apache,451436,70216,0.0) /usr/sbin/httpd
(apache,451088,69748,0.0) /usr/sbin/httpd
(apache,451004,69620,0.0) /usr/sbin/httpd
(apache,452836,69480,0.0) /usr/sbin/httpd
(apache,450632,69268,0.0) /usr/sbin/httpd
(apache,451300,69996,0.0) /usr/sbin/httpd
(apache,451272,69992,0.0) /usr/sbin/httpd
(apache,451252,70016,0.0) /usr/sbin/httpd
(apache,451212,69876,0.0) /usr/sbin/httpd
(apache,451400,70040,0.0) /usr/sbin/httpd
(amavis,381408,85080,1.0) /usr/sbin/amavisd (ch5-avail)
(dovenull,43212,1748,0.0) dovecot/imap-login
(amavis,365168,65848,0.2) /usr/sbin/amavisd (ch5-avail)
(popuser,25524,3032,0.0) dovecot/imap
(popuser,23872,2936,0.0) dovecot/imap
(dovenull,43208,1744,0.0) dovecot/imap-login
(root,38452,3196,0.0) dovecot/auth
(popuser,23848,2744,0.0) dovecot/imap
(popuser,23508,2236,0.0) dovecot/imap
(dovenull,43200,4080,0.0) dovecot/imap-login
(popuser,26976,2220,0.0) dovecot/imap
(popuser,23828,2884,0.5) dovecot/imap
(dovenull,43204,4080,0.0) dovecot/imap-login
(popuser,23820,2916,0.0) dovecot/imap
(popuser,23868,2656,0.0) dovecot/imap
(root,196148,3080,0.0) CROND
(root,106076,1420,0.0) /bin/bash /usr/bin/run-parts /etc/cron.hourly
(root,106076,1396,0.0) /bin/bash /etc/cron.hourly/asl
(root,105960,952,0.0) awk -v progname=/etc/cron.hourly/asl progname {?????   print progname ":\n"?????   progname="";????       }????       { print; }
(root,100920,616,0.0) sleep 960
(dovenull,43200,4084,0.0) dovecot/imap-login
(popuser,23876,2960,0.0) dovecot/imap
(dovenull,43200,4084,0.0) dovecot/imap-login
(popuser,23884,2980,0.0) dovecot/imap
(dovenull,43200,4080,0.0) dovecot/imap-login
(popuser,23948,3108,0.0) dovecot/imap
(postfix,58488,2896,0.0) spawn -n 127.0.0.1:12346 -t inet user=popuser popuser argv=/usr/lib64/plesk-9.0/postfix-srs
(postfix,71312,4048,0.0) cleanup -z -t unix -u
(dovenull,43200,4080,0.0) dovecot/imap-login
(popuser,23880,2860,0.0) dovecot/imap
(dovenull,43204,4080,0.0) dovecot/imap-login
(popuser,23844,2660,0.0) dovecot/imap
(dovenull,43200,4084,0.0) dovecot/imap-login
(popuser,23860,2664,0.0) dovecot/imap
(dovenull,43208,4108,0.0) dovecot/imap-login
(popuser,23836,2696,0.0) dovecot/imap
(dovenull,43200,4080,0.0) dovecot/imap-login
(popuser,23864,2980,0.0) dovecot/imap
(popuser,12268,1092,0.0) /usr/lib64/plesk-9.0/postfix-srs
(dovenull,43204,4080,0.0) dovecot/imap-login
(popuser,23856,2716,0.0) dovecot/imap
(dovenull,43200,4084,0.0) dovecot/imap-login
(popuser,23836,2624,0.0) dovecot/imap
(dovenull,43204,4080,0.0) dovecot/imap-login
(popuser,23852,2700,0.0) dovecot/imap
(dovenull,43200,4080,0.0) dovecot/imap-login
(popuser,23860,2656,0.0) dovecot/imap
(dovenull,43200,4084,0.0) dovecot/imap-login
(popuser,23868,2656,0.0) dovecot/imap
(dovenull,43204,4084,0.0) dovecot/imap-login
(popuser,23844,2660,0.0) dovecot/imap
(dovenull,43200,4096,0.0) dovecot/imap-login
(popuser,23864,2864,0.0) dovecot/imap
(dovenull,43204,4084,0.0) dovecot/imap-login
(popuser,23868,2664,0.0) dovecot/imap
(dovenull,43200,4084,0.0) dovecot/imap-login
(popuser,23860,2664,0.0) dovecot/imap
(dovenull,43204,3120,0.0) dovecot/imap-login
(popuser,24392,3024,0.0) dovecot/imap
(dovenull,43212,1748,0.0) dovecot/imap-login
(postfix,94068,7088,0.0) smtpd -n submission -t inet -u -o stress= -o smtpd_enforce_tls=yes -o smtpd_tls_security_level=encrypt -o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions=permit_sasl_authenticated,reject -o smtpd_sender_restrictions= -o smtpd_recipient_restrictions=permit_mynetworks,permit_sasl_authenticated,reject_unauth_destination
(postfix,71388,4136,0.0) smtp -n amavisd -t unix -u -c -o smtp_data_done_timeout=1200 -o smtp_send_xforward_command=yes -o disable_dns_lookups=yes -o max_use=20
(popuser,25164,2216,0.0) dovecot/imap
(postfix,94336,7296,0.0) smtpd -n smtps -t inet -u -o stress= -o smtpd_tls_wrappermode=yes
(postfix,94348,7544,0.0) smtpd -n smtp -t inet -u -o stress=
(postfix,94356,7524,0.0) smtpd -n smtp -t inet -u -o stress=
(dovenull,43212,1748,0.0) dovecot/imap-login
(postfix,58488,2936,0.0) spawn -n 127.0.0.1:12346 -t inet user=popuser popuser argv=/usr/lib64/plesk-9.0/postfix-srs
(popuser,12268,1088,0.0) /usr/lib64/plesk-9.0/postfix-srs
(dovenull,43200,4080,0.0) dovecot/imap-login
(popuser,24988,3480,0.0) dovecot/imap
(popuser,27696,3772,0.0) dovecot/imap
      Found on 2023-02-02 17:16

    • Severity: high
      Fingerprint: 03cb82e6f6a6b45342c4bbcbd51b336f6083b8906ad374733d13f17ad163b6a6

      Found public CheckMk agent:
Version: 1.2.4p1
AgentOS: linux
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
SpoolDirectory: /etc/check_mk/spool
AgentDirectory: /etc/check_mk
OnlyFrom: 

Found process list through CheckMk:
(root,33672,1084,0.0) /sbin/init
(root,0,0,0.0) [kthreadd]
(root,0,0,0.0) [migration/0]
(root,0,0,0.0) [ksoftirqd/0]
(root,0,0,0.0) [stopper/0]
(root,0,0,0.0) [watchdog/0]
(root,0,0,0.0) [migration/1]
(root,0,0,0.0) [stopper/1]
(root,0,0,0.0) [ksoftirqd/1]
(root,0,0,0.0) [watchdog/1]
(root,0,0,0.0) [migration/2]
(root,0,0,0.0) [stopper/2]
(root,0,0,0.0) [ksoftirqd/2]
(root,0,0,0.0) [watchdog/2]
(root,0,0,0.0) [migration/3]
(root,0,0,0.0) [stopper/3]
(root,0,0,0.0) [ksoftirqd/3]
(root,0,0,0.0) [watchdog/3]
(root,0,0,0.0) [events/0]
(root,0,0,0.0) [events/1]
(root,0,0,0.0) [events/2]
(root,0,0,0.0) [events/3]
(root,0,0,0.0) [events/0]
(root,0,0,0.0) [events/1]
(root,0,0,0.0) [events/2]
(root,0,0,0.0) [events/3]
(root,0,0,0.0) [events_long/0]
(root,0,0,0.0) [events_long/1]
(root,0,0,0.0) [events_long/2]
(root,0,0,0.0) [events_long/3]
(root,0,0,0.0) [events_power_ef]
(root,0,0,0.0) [events_power_ef]
(root,0,0,0.0) [events_power_ef]
(root,0,0,0.0) [events_power_ef]
(root,0,0,0.0) [cgroup]
(root,0,0,0.0) [khelper]
(root,0,0,0.0) [netns]
(root,0,0,0.0) [async/mgr]
(root,0,0,0.0) [pm]
(root,0,0,0.0) [sync_supers]
(root,0,0,0.0) [bdi-default]
(root,0,0,0.0) [kintegrityd/0]
(root,0,0,0.0) [kintegrityd/1]
(root,0,0,0.0) [kintegrityd/2]
(root,0,0,0.0) [kintegrityd/3]
(root,0,0,0.0) [kblockd/0]
(root,0,0,0.0) [kblockd/1]
(root,0,0,0.0) [kblockd/2]
(root,0,0,0.0) [kblockd/3]
(root,0,0,0.0) [kacpid]
(root,0,0,0.0) [kacpi_notify]
(root,0,0,0.0) [kacpi_hotplug]
(root,0,0,0.0) [ata_aux]
(root,0,0,0.0) [ata_sff/0]
(root,0,0,0.0) [ata_sff/1]
(root,0,0,0.0) [ata_sff/2]
(root,0,0,0.0) [ata_sff/3]
(root,0,0,0.0) [ksuspend_usbd]
(root,0,0,0.0) [khubd]
(root,0,0,0.0) [kseriod]
(root,0,0,0.0) [md/0]
(root,0,0,0.0) [md/1]
(root,0,0,0.0) [md/2]
(root,0,0,0.0) [md/3]
(root,0,0,0.0) [md_misc/0]
(root,0,0,0.0) [md_misc/1]
(root,0,0,0.0) [md_misc/2]
(root,0,0,0.0) [md_misc/3]
(root,0,0,0.0) [linkwatch]
(root,0,0,0.0) [khungtaskd]
(root,0,0,0.0) [lru-add-drain/0]
(root,0,0,0.0) [lru-add-drain/1]
(root,0,0,0.0) [lru-add-drain/2]
(root,0,0,0.0) [lru-add-drain/3]
(root,0,0,0.0) [kswapd0]
(root,0,0,0.0) [ksmd]
(root,0,0,0.0) [khugepaged]
(root,0,0,0.0) [aio/0]
(root,0,0,0.0) [aio/1]
(root,0,0,0.0) [aio/2]
(root,0,0,0.0) [aio/3]
(root,0,0,0.0) [crypto/0]
(root,0,0,0.0) [crypto/1]
(root,0,0,0.0) [crypto/2]
(root,0,0,0.0) [crypto/3]
(root,0,0,0.0) [kthrotld/0]
(root,0,0,0.0) [kthrotld/1]
(root,0,0,0.0) [kthrotld/2]
(root,0,0,0.0) [kthrotld/3]
(root,0,0,0.0) [pciehpd]
(root,0,0,0.0) [kpsmoused]
(root,0,0,0.0) [usbhid_resumer]
(root,0,0,0.0) [deferwq]
(root,0,0,0.0) [kdmremove]
(root,0,0,0.0) [kstriped]
(root,0,0,0.0) [ttm_swap]
(root,0,0,0.0) [scsi_eh_0]
(root,0,0,0.0) [scsi_eh_1]
(root,0,0,0.0) [mpt_poll_0]
(root,0,0,0.0) [mpt/0]
(root,0,0,0.0) [scsi_eh_2]
(root,0,0,0.0) [kdmflush]
(root,0,0,0.0) [kdmflush]
(root,0,0,0.0) [flush-253:0]
(root,0,0,0.0) [jbd2/dm-0-8]
(root,0,0,0.0) [ext4-dio-unwrit]
(root,10984,272,0.0) /sbin/udevd -d
(root,0,0,0.0) [vmmemctl]
(root,10636,252,0.0) /sbin/udevd -d
(root,0,0,0.0) [jbd2/sda1-8]
(root,0,0,0.0) [ext4-dio-unwrit]
(root,0,0,0.0) [kauditd]
(amavis,367352,73804,0.0) /usr/sbin/amavisd (ch12-avail)
(root,283592,3528,0.0) /usr/libexec/sssd/sssd_be --domain armada.it --uid 0 --gid 0 --debug-to-files
(root,29764,680,0.0) auditd
(root,411720,12220,0.0) /sbin/rsyslogd -i /var/run/syslogd.pid -c 5
(named,262408,10180,0.0) /usr/sbin/named -u named -c /etc/named.conf -u named -n 2 -t /var/named/chroot
(rpc,19048,744,0.0) rpcbind
(root,223768,1260,0.0) /usr/sbin/sssd -f -D
(root,207940,1584,0.0) /usr/libexec/sssd/sssd_ssh --uid 0 --gid 0 --debug-to-files
(root,225500,1176,0.0) /usr/libexec/sssd/sssd_pac --uid 0 --gid 0 --debug-to-files
(rpcuser,25432,676,0.0) rpc.statd
(dbus,33676,356,0.0) dbus-daemon --system
(10160,14632,252,0.0) magicspam-rate-limiter                                         
(10160,14636,392,0.0) /usr/local/psa/admin/sbin/modules/magicspampro/magicspam-daemon
(10160,1458636,760,0.0) /usr/local/psa/admin/sbin/modules/magicspampro/magicspam-milter -p inet:12345@127.0.0.1
(root,10980,224,0.0) /sbin/udevd -d
(root,466824,976,0.0) automount --pid-file /var/run/autofs.pid
(root,200420,1336,0.0) /usr/sbin/snmpd -LS0-6d -Lf /dev/null -p /var/run/snmpd.pid
(root,66288,560,0.0) /usr/sbin/sshd
(root,21712,772,0.0) xinetd -stayalive -pidfile /var/run/xinetd.pid
(ntp,42984,1300,0.0) ntpd -x -u ntp:ntp -p /var/run/ntpd.pid
(amavis,370116,77884,0.0) /usr/sbin/amavisd (ch9-avail)
(nagios,53712,748,0.0) nrpe -c /etc/nagios/nrpe.cfg -d
(root,213324,2300,0.1) /usr/bin/vmtoolsd
(postfix,2145324,3396,0.0) /usr/lib64/plesk-9.0/psa-pc-remote -p inet:12768@127.0.0.1 -P /var/run/psa-pc-remote.pid -u postfix -g popuser
(root,90328,1228,0.0) /usr/bin/VGAuthService -s --background=/var/run/vmware/vgauthsvclog_pid.txt
(dovenull,43200,4096,0.0) dovecot/imap-login
(popuser,24720,3472,0.0) dovecot/imap
(amavis,365128,65404,0.0) /usr/sbin/amavisd (ch7-avail)
(root,385316,672,0.0) sw-engine-fpm: master process (/etc/sw-engine/sw-engine-fpm.conf)                                          
(root,129368,1196,0.0) crond
(root,21104,304,0.0) /usr/sbin/atd
(root,64632,896,0.0) /usr/sbin/certmonger -S -p /var/run/certmonger.pid
(root,354968,6964,0.0) /usr/bin/sw-engine -c /usr/local/psa/admin/conf/php.ini /usr/local/psa/admin/bin/modules/watchdog/wdcollect -c /usr/local/psa/etc/modules/watchdog/wdcollect.inc.php
(root,195932,2764,0.0) /usr/local/psa/admin/bin/modules/watchdog/monit -Ic /usr/local/psa/etc/modules/watchdog/monitrc
(root,4060,480,0.0) /sbin/mingetty /dev/tty1
(root,4060,480,0.0) /sbin/mingetty /dev/tty2
(root,4060,480,0.0) /sbin/mingetty /dev/tty3
(root,4060,480,0.0) /sbin/mingetty /dev/tty4
(root,4060,480,0.0) /sbin/mingetty /dev/tty5
(root,4060,480,0.0) /sbin/mingetty /dev/tty6
(postfix,94036,7068,0.0) smtpd -n submission -t inet -u -o stress= -o smtpd_enforce_tls=yes -o smtpd_tls_security_level=encrypt -o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions=permit_sasl_authenticated,reject -o smtpd_sender_restrictions= -o smtpd_recipient_restrictions=permit_mynetworks,permit_sasl_authenticated,reject_unauth_destination
(popuser,12268,1092,0.0) /usr/lib64/plesk-9.0/postfix-srs
(amavis,365932,67752,0.0) /usr/sbin/amavisd (ch6-avail)
(dovenull,43212,1752,0.0) dovecot/imap-login
(popuser,24116,2352,0.0) dovecot/imap
(tomcat,4206380,1092760,1.2) /usr/lib/jvm/java/bin/java -Xms256m -Xmx1024m -XX:PermSize=256m -XX:MaxPermSize=512m -Djavax.sql.DataSource.Factory=org.apache.commons.dbcp.BasicDataSourceFactory -classpath :/usr/share/tomcat6/bin/bootstrap.jar:/usr/share/tomcat6/bin/tomcat-juli.jar:/usr/share/java/commons-daemon.jar -Dcatalina.base=/usr/share/tomcat6 -Dcatalina.home=/usr/share/tomcat6 -Djava.endorsed.dirs= -Djava.io.tmpdir=/var/cache/tomcat6/temp -Djava.util.logging.config.file=/usr/share/tomcat6/conf/logging.properties -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager org.apache.catalina.startup.Bootstrap start
(root,414780,1024,0.0) php-fpm: master process (/opt/plesk/php/5.5/etc/php-fpm.conf)
(dovenull,43208,1752,0.0) dovecot/imap-login
(root,52632,400,0.0) sw-cp-server: master process /usr/sbin/sw-cp-serverd -c /etc/sw-cp-server/config
(498,67528,5268,0.0) sw-cp-server: worker process                       
(popuser,24060,2424,0.0) dovecot/imap
(dovenull,43200,4100,0.0) dovecot/imap-login
(popuser,24840,3716,0.0) dovecot/imap
(popuser,23864,2612,0.0) dovecot/imap
(root,20104,992,0.0) /usr/sbin/dovecot
(dovecot,13804,1084,0.0) dovecot/anvil
(root,13928,1128,0.0) dovecot/log
(root,24068,2824,0.0) dovecot/config
(dovenull,43212,1744,0.0) dovecot/imap-login
(popuser,29620,5296,0.0) dovecot/imap
(dovenull,43200,4088,0.0) dovecot/imap-login
(popuser,24948,2716,0.0) dovecot/imap
(root,108312,784,0.0) /bin/sh /usr/bin/mysqld_safe --datadir=/var/lib/mysql --socket=/var/lib/mysql/mysql.sock --pid-file=/var/run/mysqld/mysqld.pid --basedir=/usr --user=mysql
(mysql,3556188,753948,2.1) /usr/libexec/mysqld --basedir=/usr --datadir=/var/lib/mysql --plugin-dir=/usr/lib64/mysql/plugin --user=mysql --log-error=/var/log/mysqld.log --open-files-limit=8192 --pid-file=/var/run/mysqld/mysqld.pid --socket=/var/lib/mysql/mysql.sock
(mailman,216604,1720,0.0) /usr/bin/python /usr/lib/mailman/bin/mailmanctl -s -q start
(mailman,219056,8576,0.0) /usr/bin/python /usr/lib/mailman/bin/qrunner --runner=ArchRunner:0:1 -s
(mailman,218140,7460,0.0) /usr/bin/python /usr/lib/mailman/bin/qrunner --runner=BounceRunner:0:1 -s
(mailman,216248,7012,0.0) /usr/bin/python /usr/lib/mailman/bin/qrunner --runner=CommandRunner:0:1 -s
(mailman,360820,61472,0.0) /usr/bin/python /usr/lib/mailman/bin/qrunner --runner=IncomingRunner:0:1 -s
(mailman,216264,7092,0.0) /usr/bin/python /usr/lib/mailman/bin/qrunner --runner=NewsRunner:0:1 -s
(mailman,220552,11204,0.0) /usr/bin/python /usr/lib/mailman/bin/qrunner --runner=OutgoingRunner:0:1 -s
(mailman,218416,9672,0.0) /usr/bin/python /usr/lib/mailman/bin/qrunner --runner=VirginRunner:0:1 -s
(mailman,216236,7044,0.0) /usr/bin/python /usr/lib/mailman/bin/qrunner --runner=RetryRunner:0:1 -s
(amavis,365868,68328,0.0) /usr/sbin/amavisd (ch13-avail)
(root,228420,3188,0.0) /usr/libexec/sssd/sssd_nss --uid 0 --gid 0 --debug-to-files
(root,200276,1660,0.0) /usr/libexec/sssd/sssd_sudo --uid 0 --gid 0 --debug-to-files
(popuser,297256,75348,0.7) spamd child
(root,214556,2060,0.0) /usr/libexec/sssd/sssd_pam --uid 0 --gid 0 --debug-to-files
(popuser,287560,62656,0.1) spamd child
(root,436948,73180,0.0) /usr/sbin/httpd
(amavis,362972,8176,0.0) /usr/sbin/amavisd (master)
(apache,342444,59044,0.0) /usr/sbin/httpd
(dovenull,43200,1648,0.0) dovecot/imap-login
(popuser,23860,1260,0.0) dovecot/imap
(amavis,1479224,1082112,0.4) clamd.amavisd -c /etc/clamd.d/amavisd.conf --pid /var/run/amavisd/clamd.pid
(root,1401572,1079580,0.1) clamd
(amavis,372896,79440,0.0) /usr/sbin/amavisd (ch18-avail)
(postfix,94344,7516,0.0) smtpd -n smtp -t inet -u -o stress=
(dovenull,43200,4092,0.0) dovecot/imap-login
(popuser,24044,2868,0.0) dovecot/imap
(dovenull,43208,4096,0.0) dovecot/imap-login
(popuser,23872,2724,0.0) dovecot/imap
(amavis,369308,74692,0.0) /usr/sbin/amavisd (ch13-avail)
(amavis,364840,64752,0.0) /usr/sbin/amavisd (ch3-avail)
(root,60480,1088,0.0) /usr/libexec/postfix/master -w
(postfix,71200,2524,0.1) qmgr -l -t fifo -u
(postfix,70860,2232,0.0) tlsmgr -l -t unix -u
(postfix,70848,2136,0.0) anvil -l -t unix -u
(postfix,70888,3036,0.0) showq -t unix -u
(dovenull,43200,4088,0.0) dovecot/imap-login
(popuser,23848,2900,0.0) dovecot/imap
(dovenull,43200,4084,0.0) dovecot/imap-login
(popuser,23876,2764,0.0) dovecot/imap
(dovenull,43200,4084,0.0) dovecot/imap-login
(popuser,23868,2688,0.0) dovecot/imap
(dovenull,43200,4084,0.0) dovecot/imap-login
(popuser,23852,2668,0.0) dovecot/imap
(dovenull,43200,4104,0.0) dovecot/imap-login
(popuser,24060,2984,0.0) dovecot/imap
(dovenull,43104,4112,0.0) dovecot/imap-login
(popuser,23848,2820,0.0) dovecot/imap
(dovenull,43104,4112,0.0) dovecot/imap-login
(popuser,23508,2216,0.0) dovecot/imap
(popuser,23880,2808,0.0) dovecot/imap
(dovenull,43200,4084,0.0) dovecot/imap-login
(dovenull,43200,4080,0.0) dovecot/imap-login
(popuser,23904,2984,0.0) dovecot/imap
(popuser,24504,3164,0.0) dovecot/imap
(dovenull,43200,4080,0.0) dovecot/imap-login
(popuser,24400,3044,0.0) dovecot/imap
(dovenull,43204,1744,0.0) dovecot/imap-login
(popuser,24056,2432,0.0) dovecot/imap
(root,179536,26776,0.4) lfd - sleeping
(popuser,23840,2748,0.0) dovecot/imap
(dovenull,43200,4084,0.0) dovecot/imap-login
(popuser,32464,3932,0.0) dovecot/imap
(amavis,366144,69352,0.0) /usr/sbin/amavisd (ch11-avail)
(postfix,94024,7124,0.0) smtpd -n smtps -t inet -u -o stress= -o smtpd_tls_wrappermode=yes
(root,281476,30280,0.0) /usr/bin/spamd --create-prefs --daemonize --helper-home-dir=/var/qmail --max-children=5 --nouser-config --username=popuser --virtual-config-dir=/var/qmail/mailnames/%d/%l/.spamassassin -r /var/run/spamd.pid
(postfix,72020,4624,0.0) trivial-rewrite -n rewrite -t unix -u
(dovenull,43104,4108,0.0) dovecot/imap-login
(dovenull,43200,4100,0.0) dovecot/imap-login
(popuser,24132,3192,0.0) dovecot/imap
(popuser,24212,3260,0.0) dovecot/imap
(dovenull,43204,4100,0.0) dovecot/imap-login
(dovenull,43104,4108,0.0) dovecot/imap-login
(popuser,23508,2216,0.0) dovecot/imap
(popuser,23508,2220,0.0) dovecot/imap
(postfix,58488,2928,0.0) spawn -n 127.0.0.1:12346 -t inet user=popuser popuser argv=/usr/lib64/plesk-9.0/postfix-srs
(popuser,12268,1088,0.0) /usr/lib64/plesk-9.0/postfix-srs
(postfix,94184,7052,0.0) smtpd -n smtp -t inet -u -o stress=
(dovenull,43200,4092,0.0) dovecot/imap-login
(dovenull,43200,4088,0.0) dovecot/imap-login
(dovenull,43204,4092,0.0) dovecot/imap-login
(dovenull,43200,4088,0.0) dovecot/imap-login
(root,38332,3728,0.0) dovecot/auth
(popuser,25360,2724,0.0) dovecot/imap
(popuser,24564,3132,0.0) dovecot/imap
(popuser,24148,2696,0.0) dovecot/imap
(dovenull,43200,4092,0.0) dovecot/imap-login
(dovenull,43200,4092,0.0) dovecot/imap-login
(popuser,24056,2704,0.0) dovecot/imap
(popuser,23912,2684,0.0) dovecot/imap
(popuser,23920,2876,0.0) dovecot/imap
(amavis,366784,74508,0.0) /usr/sbin/amavisd (ch10-avail)
(postfix,71292,4024,0.0) cleanup -z -t unix -u
(postfix,58488,2900,0.0) spawn -n 127.0.0.1:12346 -t inet user=popuser popuser argv=/usr/lib64/plesk-9.0/postfix-srs
(popuser,12268,1092,0.0) /usr/lib64/plesk-9.0/postfix-srs
(apache,454236,73432,0.0) /usr/sbin/httpd
(postfix,70748,3076,0.0) pickup -l -t fifo -u
(popuser,23840,2752,0.0) dovecot/imap
(root,13668,1164,0.0) dovecot/ssl-params
(postfix,94024,7100,0.0) smtpd -n smtps -t inet -u -o stress= -o smtpd_tls_wrappermode=yes
(postfix,94336,7340,0.0) smtpd -n smtps -t inet -u -o stress= -o smtpd_tls_wrappermode=yes
(dovenull,43104,4108,0.0) dovecot/imap-login
(dovenull,43200,4104,0.0) dovecot/imap-login
(popuser,23508,2216,0.0) dovecot/imap
(popuser,23508,2220,0.0) dovecot/imap
(dovenull,43192,4068,0.0) dovecot/pop3-login
(popuser,19512,2540,0.0) dovecot/pop3
(root,3872,1420,0.0) plesk bin extension --exec revisium-antivirus ra_executor.php
(psaadm,285340,48212,0.0) /usr/bin/sw-engine -c /usr/local/psa/admin/conf/php.ini /usr/local/psa/bin/extension --exec revisium-antivirus ra_executor.php
(psaadm,11300,1296,0.0) sh -c '/usr/local/psa/admin/bin/php' -dauto_prepend_file=sdk.php '/usr/local/psa/admin/plib/modules/revisium-antivirus/scripts/ra_executor.php' 2>&1
(psaadm,268288,44060,0.0) /usr/bin/sw-engine -c /usr/local/psa/admin/conf/php.ini -dauto_prepend_file=sdk.php /usr/local/psa/admin/plib/modules/revisium-antivirus/scripts/ra_executor.php
(popuser,19528,2524,0.0) dovecot/pop3
(popuser,25420,4068,0.0) dovecot/imap
(dovenull,43212,1748,0.0) dovecot/imap-login
(dovenull,43084,4064,0.0) dovecot/pop3-login
(popuser,19528,2752,0.0) dovecot/pop3
(popuser,25520,3120,0.0) dovecot/imap
(dovenull,43208,4096,0.0) dovecot/imap-login
(popuser,23872,2716,0.0) dovecot/imap
(popuser,23880,2976,0.0) dovecot/imap
(apache,454424,73508,0.0) /usr/sbin/httpd
(dovenull,43200,4076,0.0) dovecot/pop3-login
(dovenull,43200,4072,0.0) dovecot/pop3-login
(popuser,19512,2544,0.0) dovecot/pop3
(popuser,19528,2524,0.0) dovecot/pop3
(dovenull,43092,3756,0.0) dovecot/imap-login
(postfix,43696,2796,0.0) plesk_saslauthd -l -t unix -u status=5 listen=6 dbpath=/var/spool/postfix/plesk/passwd.db
(postfix,94296,6872,0.0) smtpd -n smtp -t inet -u -o stress=
(postfix,70720,3004,0.0) proxymap -t unix -u
(barbara1,0,0,1.2) [php-cgi] <defunct>
(dovenull,43092,3756,0.0) dovecot/imap-login
(apache,454160,73228,0.0) /usr/sbin/httpd
(christi1,394408,35500,1.4) /opt/plesk/php/5.6/bin/php-cgi -c /var/www/vhosts/system/christiandesicafanclub.it/etc/php.ini
(cocori,491592,30528,2.6) /opt/plesk/php/5.6/bin/php-cgi -c /var/www/vhosts/system/forum.hrspace.it/etc/php.ini
(christi1,398276,46744,3.7) /opt/plesk/php/5.6/bin/php-cgi -c /var/www/vhosts/system/christiandesicafanclub.it/etc/php.ini
(10155,476736,97848,21.4) /opt/plesk/php/7.2/bin/php-cgi -c /var/www/vhosts/system/dorispalmisano.com/etc/php.ini
(10155,476732,97708,21.8) /opt/plesk/php/7.2/bin/php-cgi -c /var/www/vhosts/system/dorispalmisano.com/etc/php.ini
(cocori,491088,28788,4.3) /opt/plesk/php/5.6/bin/php-cgi -c /var/www/vhosts/system/forum.hrspace.it/etc/php.ini
(cocori,394096,27716,1.8) /opt/plesk/php/5.6/bin/php-cgi -c /var/www/vhosts/system/forum.hrspace.it/etc/php.ini
(root,110248,1588,0.3) /bin/bash /usr/bin/check_mk_agent
(root,110248,764,0.0) /bin/bash /usr/bin/check_mk_agent
(apache,453828,72700,0.0) /usr/sbin/httpd
(apache,454096,73304,0.0) /usr/sbin/httpd
(root,110248,652,0.0) /bin/bash /usr/bin/check_mk_agent
(apache,453772,72612,0.0) /usr/sbin/httpd
(root,830764,7024,1.4) python /usr/lib64/nagios/plugins/check_blacklist -w 1 -c 3 -h server.serverlinuxxte.com
(apache,453744,73112,0.0) /usr/sbin/httpd
(musicpar,460624,26196,15.0) /opt/plesk/php/7.2/bin/php-cgi -c /var/www/vhosts/system/musicparty.it/etc/php.ini
(root,110248,1532,0.0) /bin/bash /usr/bin/check_mk_agent
(root,13360,1028,2.0) ps ax -o user,vsz,rss,pcpu,command --columns 10000
(root,8388,840,0.0) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4) /
(amavis,373788,79232,0.0) /usr/sbin/amavisd (ch15-avail)
(dovenull,43208,1744,0.0) dovecot/imap-login
(popuser,26972,3964,0.0) dovecot/imap
(apache,453940,72756,0.0) /usr/sbin/httpd
(postfix,58488,2932,0.0) spawn -n 127.0.0.1:12346 -t inet user=popuser popuser argv=/usr/lib64/plesk-9.0/postfix-srs
(apache,453724,72788,0.0) /usr/sbin/httpd
(apache,454100,73204,0.0) /usr/sbin/httpd
(apache,454036,72852,0.0) /usr/sbin/httpd
(apache,454272,73388,0.0) /usr/sbin/httpd
(apache,454668,73252,0.0) /usr/sbin/httpd
(apache,454416,73300,0.0) /usr/sbin/httpd
(apache,454704,73556,0.0) /usr/sbin/httpd
(apache,454108,73416,0.0) /usr/sbin/httpd
(amavis,367424,73900,0.1) /usr/sbin/amavisd (ch13-avail)
(apache,454208,73456,0.0) /usr/sbin/httpd
(apache,453576,72620,0.0) /usr/sbin/httpd
(apache,454780,73776,0.0) /usr/sbin/httpd
(apache,454244,73288,0.0) /usr/sbin/httpd
(dovenull,43212,1748,0.0) dovecot/imap-login
(popuser,25152,3084,0.0) dovecot/imap
(dovenull,43200,4112,0.0) dovecot/imap-login
(popuser,23964,2884,0.0) dovecot/imap
(dovenull,43212,1748,0.0) dovecot/imap-login
(popuser,27680,4024,0.0) dovecot/imap
      Found on 2023-01-28 18:57

    • Severity: high
      Fingerprint: 03cb82e6f6a6b45342c4bbcbd51b336f6083b8906ad374733d13f17af37ad897

      Found public CheckMk agent:
Version: 1.2.4p1
AgentOS: linux
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
SpoolDirectory: /etc/check_mk/spool
AgentDirectory: /etc/check_mk
OnlyFrom: 

Found process list through CheckMk:
(root,33672,1236,0.0) /sbin/init
(root,0,0,0.0) [kthreadd]
(root,0,0,0.0) [migration/0]
(root,0,0,0.0) [ksoftirqd/0]
(root,0,0,0.0) [stopper/0]
(root,0,0,0.0) [watchdog/0]
(root,0,0,0.0) [migration/1]
(root,0,0,0.0) [stopper/1]
(root,0,0,0.0) [ksoftirqd/1]
(root,0,0,0.0) [watchdog/1]
(root,0,0,0.0) [migration/2]
(root,0,0,0.0) [stopper/2]
(root,0,0,0.0) [ksoftirqd/2]
(root,0,0,0.0) [watchdog/2]
(root,0,0,0.0) [migration/3]
(root,0,0,0.0) [stopper/3]
(root,0,0,0.0) [ksoftirqd/3]
(root,0,0,0.0) [watchdog/3]
(root,0,0,0.0) [events/0]
(root,0,0,0.0) [events/1]
(root,0,0,0.0) [events/2]
(root,0,0,0.0) [events/3]
(root,0,0,0.0) [events/0]
(root,0,0,0.0) [events/1]
(root,0,0,0.0) [events/2]
(root,0,0,0.0) [events/3]
(root,0,0,0.0) [events_long/0]
(root,0,0,0.0) [events_long/1]
(root,0,0,0.0) [events_long/2]
(root,0,0,0.0) [events_long/3]
(root,0,0,0.0) [events_power_ef]
(root,0,0,0.0) [events_power_ef]
(root,0,0,0.0) [events_power_ef]
(root,0,0,0.0) [events_power_ef]
(root,0,0,0.0) [cgroup]
(root,0,0,0.0) [khelper]
(root,0,0,0.0) [netns]
(root,0,0,0.0) [async/mgr]
(root,0,0,0.0) [pm]
(root,0,0,0.0) [sync_supers]
(root,0,0,0.0) [bdi-default]
(root,0,0,0.0) [kintegrityd/0]
(root,0,0,0.0) [kintegrityd/1]
(root,0,0,0.0) [kintegrityd/2]
(root,0,0,0.0) [kintegrityd/3]
(root,0,0,0.0) [kblockd/0]
(root,0,0,0.0) [kblockd/1]
(root,0,0,0.0) [kblockd/2]
(root,0,0,0.0) [kblockd/3]
(root,0,0,0.0) [kacpid]
(root,0,0,0.0) [kacpi_notify]
(root,0,0,0.0) [kacpi_hotplug]
(root,0,0,0.0) [ata_aux]
(root,0,0,0.0) [ata_sff/0]
(root,0,0,0.0) [ata_sff/1]
(root,0,0,0.0) [ata_sff/2]
(root,0,0,0.0) [ata_sff/3]
(root,0,0,0.0) [ksuspend_usbd]
(root,0,0,0.0) [khubd]
(root,0,0,0.0) [kseriod]
(root,0,0,0.0) [md/0]
(root,0,0,0.0) [md/1]
(root,0,0,0.0) [md/2]
(root,0,0,0.0) [md/3]
(root,0,0,0.0) [md_misc/0]
(root,0,0,0.0) [md_misc/1]
(root,0,0,0.0) [md_misc/2]
(root,0,0,0.0) [md_misc/3]
(root,0,0,0.0) [linkwatch]
(root,0,0,0.0) [khungtaskd]
(root,0,0,0.0) [lru-add-drain/0]
(root,0,0,0.0) [lru-add-drain/1]
(root,0,0,0.0) [lru-add-drain/2]
(root,0,0,0.0) [lru-add-drain/3]
(root,0,0,0.0) [kswapd0]
(root,0,0,0.0) [ksmd]
(root,0,0,0.0) [khugepaged]
(root,0,0,0.0) [aio/0]
(root,0,0,0.0) [aio/1]
(root,0,0,0.0) [aio/2]
(root,0,0,0.0) [aio/3]
(root,0,0,0.0) [crypto/0]
(root,0,0,0.0) [crypto/1]
(root,0,0,0.0) [crypto/2]
(root,0,0,0.0) [crypto/3]
(root,0,0,0.0) [kthrotld/0]
(root,0,0,0.0) [kthrotld/1]
(root,0,0,0.0) [kthrotld/2]
(root,0,0,0.0) [kthrotld/3]
(root,0,0,0.0) [pciehpd]
(root,0,0,0.0) [kpsmoused]
(root,0,0,0.0) [usbhid_resumer]
(root,0,0,0.0) [deferwq]
(root,0,0,0.0) [kdmremove]
(root,0,0,0.0) [kstriped]
(root,0,0,0.0) [ttm_swap]
(root,0,0,0.0) [scsi_eh_0]
(root,0,0,0.0) [scsi_eh_1]
(root,0,0,0.0) [mpt_poll_0]
(root,0,0,0.0) [mpt/0]
(root,0,0,0.0) [scsi_eh_2]
(root,0,0,0.0) [kdmflush]
(root,0,0,0.0) [kdmflush]
(root,0,0,0.0) [flush-253:0]
(root,0,0,0.1) [jbd2/dm-0-8]
(root,0,0,0.0) [ext4-dio-unwrit]
(root,10984,280,0.0) /sbin/udevd -d
(dovenull,43200,4084,0.0) dovecot/imap-login
(popuser,23976,2968,0.0) dovecot/imap
(root,0,0,0.0) [vmmemctl]
(dovenull,43200,4084,0.0) dovecot/imap-login
(popuser,24132,3208,0.0) dovecot/imap
(dovenull,43200,4084,0.0) dovecot/imap-login
(popuser,24772,3372,0.0) dovecot/imap
(dovenull,43200,4084,0.0) dovecot/imap-login
(popuser,24964,3380,0.0) dovecot/imap
(dovenull,43204,4084,0.0) dovecot/imap-login
(popuser,27856,3824,0.0) dovecot/imap
(root,10636,252,0.0) /sbin/udevd -d
(root,0,0,0.0) [jbd2/sda1-8]
(root,0,0,0.0) [ext4-dio-unwrit]
(postfix,71380,4116,0.0) cleanup -z -t unix -u
(postfix,58488,2900,0.0) spawn -n 127.0.0.1:12346 -t inet user=popuser popuser argv=/usr/lib64/plesk-9.0/postfix-srs
(popuser,12268,1088,0.0) /usr/lib64/plesk-9.0/postfix-srs
(dovenull,43208,3292,0.0) dovecot/imap-login
(popuser,24788,2740,0.0) dovecot/imap
(postfix,94320,7464,0.0) smtpd -n smtp -t inet -u -o stress=
(dovenull,43200,4084,0.0) dovecot/imap-login
(popuser,31068,4392,0.0) dovecot/imap
(root,0,0,0.0) [kauditd]
(dovenull,43200,4084,0.0) dovecot/imap-login
(popuser,23836,2652,0.0) dovecot/imap
(dovenull,43208,4088,0.0) dovecot/imap-login
(popuser,24644,3324,0.0) dovecot/imap
(root,283508,3224,0.0) /usr/libexec/sssd/sssd_be --domain armada.it --uid 0 --gid 0 --debug-to-files
(postfix,58488,2896,0.0) spawn -n 127.0.0.1:12346 -t inet user=popuser popuser argv=/usr/lib64/plesk-9.0/postfix-srs
(popuser,12268,1092,0.0) /usr/lib64/plesk-9.0/postfix-srs
(root,29764,684,0.0) auditd
(root,411720,12008,0.0) /sbin/rsyslogd -i /var/run/syslogd.pid -c 5
(named,262408,17284,0.0) /usr/sbin/named -u named -c /etc/named.conf -u named -n 2 -t /var/named/chroot
(rpc,19048,688,0.0) rpcbind
(root,223768,1348,0.0) /usr/sbin/sssd -f -D
(root,207940,1624,0.0) /usr/libexec/sssd/sssd_ssh --uid 0 --gid 0 --debug-to-files
(root,225500,1280,0.0) /usr/libexec/sssd/sssd_pac --uid 0 --gid 0 --debug-to-files
(rpcuser,25432,700,0.0) rpc.statd
(dbus,33676,368,0.0) dbus-daemon --system
(10160,14632,252,0.0) magicspam-rate-limiter                                         
(10160,14636,396,0.0) /usr/local/psa/admin/sbin/modules/magicspampro/magicspam-daemon
(10160,1458636,680,0.0) /usr/local/psa/admin/sbin/modules/magicspampro/magicspam-milter -p inet:12345@127.0.0.1
(popuser,23624,2304,0.0) dovecot/imap
(popuser,23872,2732,0.0) dovecot/imap
(root,10980,224,0.0) /sbin/udevd -d
(dovenull,43200,4084,0.0) dovecot/imap-login
(root,466824,1112,0.0) automount --pid-file /var/run/autofs.pid
(popuser,23960,3132,0.0) dovecot/imap
(root,200420,1340,0.0) /usr/sbin/snmpd -LS0-6d -Lf /dev/null -p /var/run/snmpd.pid
(root,66288,568,0.0) /usr/sbin/sshd
(root,21712,808,0.0) xinetd -stayalive -pidfile /var/run/xinetd.pid
(ntp,42984,1492,0.0) ntpd -x -u ntp:ntp -p /var/run/ntpd.pid
(dovenull,43200,4084,0.0) dovecot/imap-login
(popuser,23844,2688,0.0) dovecot/imap
(apache,472348,52344,0.0) /usr/sbin/httpd
(apache,467336,47332,0.0) /usr/sbin/httpd
(apache,467024,46576,0.0) /usr/sbin/httpd
(apache,467732,48060,0.0) /usr/sbin/httpd
(dovenull,43208,4088,0.0) dovecot/imap-login
(popuser,23864,2692,0.0) dovecot/imap
(apache,468048,48176,0.0) /usr/sbin/httpd
(apache,471080,51452,0.0) /usr/sbin/httpd
(dovenull,43200,4080,0.0) dovecot/imap-login
(popuser,23844,2752,0.0) dovecot/imap
(dovenull,43200,4084,0.0) dovecot/imap-login
(popuser,23868,2756,0.0) dovecot/imap
(root,178936,13400,0.4) lfd - sleeping
(nagios,53712,804,0.0) nrpe -c /etc/nagios/nrpe.cfg -d
(dovenull,43200,4084,0.0) dovecot/imap-login
(popuser,23868,3020,0.0) dovecot/imap
(dovenull,43200,4080,0.0) dovecot/imap-login
(popuser,23964,3120,0.0) dovecot/imap
(root,213324,3292,0.1) /usr/bin/vmtoolsd
(postfix,2145220,2988,0.0) /usr/lib64/plesk-9.0/psa-pc-remote -p inet:12768@127.0.0.1 -P /var/run/psa-pc-remote.pid -u postfix -g popuser
(root,90328,2264,0.0) /usr/bin/VGAuthService -s --background=/var/run/vmware/vgauthsvclog_pid.txt
(root,414780,812,0.0) php-fpm: master process (/opt/plesk/php/5.5/etc/php-fpm.conf)
(root,3872,388,0.0) plesk bin extension --exec revisium-antivirus ra_executor.php
(psaadm,286572,29940,0.0) /usr/bin/sw-engine -c /usr/local/psa/admin/conf/php.ini /usr/local/psa/bin/extension --exec revisium-antivirus ra_executor.php
(psaadm,11300,1120,0.0) sh -c '/usr/local/psa/admin/bin/php' -dauto_prepend_file=sdk.php '/usr/local/psa/admin/plib/modules/revisium-antivirus/scripts/ra_executor.php' 2>&1
(psaadm,269536,29192,0.0) /usr/bin/sw-engine -c /usr/local/psa/admin/conf/php.ini -dauto_prepend_file=sdk.php /usr/local/psa/admin/plib/modules/revisium-antivirus/scripts/ra_executor.php
(dovenull,43200,4084,0.0) dovecot/imap-login
(popuser,23940,3016,0.0) dovecot/imap
(dovenull,43200,4084,0.0) dovecot/imap-login
(popuser,23892,2984,0.0) dovecot/imap
(dovenull,43200,3136,0.0) dovecot/imap-login
(popuser,25868,2948,0.0) dovecot/imap
(dovenull,43200,4080,0.0) dovecot/imap-login
(popuser,23932,3016,0.0) dovecot/imap
(amavis,379064,87536,0.2) /usr/sbin/amavisd (ch18-avail)
(root,438512,30152,0.0) /usr/sbin/httpd
(apache,344156,21660,0.0) /usr/sbin/httpd
(amavis,370284,79012,0.1) /usr/sbin/amavisd (ch10-avail)
(popuser,23868,2952,0.0) dovecot/imap
(dovenull,43200,3460,0.0) dovecot/imap-login
(popuser,24128,2808,0.0) dovecot/imap
(postfix,71288,4024,0.1) cleanup -z -t unix -u
(postfix,71316,4076,0.0) smtp -n amavisd -t unix -u -c -o smtp_data_done_timeout=1200 -o smtp_send_xforward_command=yes -o disable_dns_lookups=yes -o max_use=20
(postfix,71316,4068,0.0) smtp -n amavisd -t unix -u -c -o smtp_data_done_timeout=1200 -o smtp_send_xforward_command=yes -o disable_dns_lookups=yes -o max_use=20
(postfix,91432,5808,0.0) smtpd -n 127.0.0.1:10025 -t inet -u -c -o content_filter= -o local_recipient_maps= -o relay_recipient_maps= -o smtpd_restriction_classes= -o smtpd_delay_reject=no -o smtpd_client_restrictions=permit_mynetworks,reject -o smtpd_helo_restrictions= -o smtpd_sender_restrictions= -o smtpd_recipient_restrictions=permit_mynetworks,reject -o smtpd_data_restrictions=reject_unauth_pipelining -o smtpd_end_of_data_restrictions= -o mynetworks=127.0.0.0/8 -o smtpd_error_sleep_time=0 -o smtpd_soft_error_limit=1001 -o smtpd_hard_error_limit=1000 -o smtpd_client_connection_count_limit=0 -o smtpd_client_connection_rate_limit=0 -o receive_override_options=no_header_body_checks,no_unknown_recipient_checks
(postfix,58488,2896,0.0) spawn -n 127.0.0.1:12346 -t inet user=popuser popuser argv=/usr/lib64/plesk-9.0/postfix-srs
(popuser,12268,1096,0.0) /usr/lib64/plesk-9.0/postfix-srs
(amavis,364196,36124,0.0) /usr/sbin/amavisd (virgin child)
(root,196148,2872,0.0) CROND
(root,106076,1420,0.0) /bin/bash /usr/bin/run-parts /etc/cron.hourly
(root,106076,1396,0.0) /bin/bash /etc/cron.hourly/asl
(root,105960,944,0.0) awk -v progname=/etc/cron.hourly/asl progname {?????   print progname ":\n"?????   progname="";????       }????       { print; }
(root,100920,616,0.0) sleep 127
(postfix,59168,3964,0.0) local -t unix
(postfix,71180,3980,0.0) smtp -t unix -u
(postfix,70796,3128,0.0) bounce -z -t unix -u
(postfix,58560,3076,0.0) pipe -n plesk_virtual -t unix flags=DORhu user=popuser popuser argv=/usr/lib64/plesk-9.0/postfix-local -f ${sender} -d ${recipient} -p /var/qmail/mailnames
(root,385316,708,0.0) sw-engine-fpm: master process (/etc/sw-engine/sw-engine-fpm.conf)                                          
(popuser,23844,2804,0.0) dovecot/imap
(postfix,94304,7432,0.0) smtpd -n smtp -t inet -u -o stress=
(postfix,70720,3008,0.0) proxymap -t unix -u
(root,129368,1012,0.0) crond
(postfix,58488,2904,0.0) spawn -n 127.0.0.1:12346 -t inet user=popuser popuser argv=/usr/lib64/plesk-9.0/postfix-srs
(popuser,12268,1096,0.0) /usr/lib64/plesk-9.0/postfix-srs
(dovenull,43200,4080,0.0) dovecot/imap-login
(dovenull,43208,4084,0.0) dovecot/imap-login
(popuser,23848,2928,0.0) dovecot/imap
(popuser,23860,2680,0.0) dovecot/imap
(root,21104,304,0.0) /usr/sbin/atd
(dovenull,43200,4116,0.0) dovecot/imap-login
(root,64632,936,0.0) /usr/sbin/certmonger -S -p /var/run/certmonger.pid
(popuser,24200,3204,0.0) dovecot/imap
(root,354968,8320,0.0) /usr/bin/sw-engine -c /usr/local/psa/admin/conf/php.ini /usr/local/psa/admin/bin/modules/watchdog/wdcollect -c /usr/local/psa/etc/modules/watchdog/wdcollect.inc.php
(root,195848,3428,0.0) /usr/local/psa/admin/bin/modules/watchdog/monit -Ic /usr/local/psa/etc/modules/watchdog/monitrc
(root,4060,492,0.0) /sbin/mingetty /dev/tty1
(root,4060,492,0.0) /sbin/mingetty /dev/tty2
(root,4060,492,0.0) /sbin/mingetty /dev/tty3
(root,4060,492,0.0) /sbin/mingetty /dev/tty4
(root,4060,492,0.0) /sbin/mingetty /dev/tty5
(root,4060,492,0.0) /sbin/mingetty /dev/tty6
(cocori,491084,27944,0.5) /opt/plesk/php/5.6/bin/php-cgi -c /var/www/vhosts/system/forum.hrspace.it/etc/php.ini
(502,313528,25424,1.8) /usr/bin/php-cgi -c /etc/psa-webmail/roundcube/php.ini
(fimppro,558444,52152,3.2) /opt/plesk/php/7.1/bin/php-cgi -c /var/www/vhosts/system/demo.fimp.pro/etc/php.ini
(dovenull,43200,4084,0.1) dovecot/imap-login
(popuser,23856,2668,0.0) dovecot/imap
(popuser,24636,3588,0.1) dovecot/imap
(dovenull,43204,4084,0.1) dovecot/imap-login
(popuser,23872,2708,0.0) dovecot/imap
(popuser,23848,2912,0.0) dovecot/imap
(root,110248,1584,0.3) /bin/bash /usr/bin/check_mk_agent
(root,110248,760,0.0) /bin/bash /usr/bin/check_mk_agent
(root,110248,648,0.0) /bin/bash /usr/bin/check_mk_agent
(root,830760,7016,1.6) python /usr/lib64/nagios/plugins/check_blacklist -w 1 -c 3 -h server.serverlinuxxte.com
(root,110248,1528,0.0) /bin/bash /usr/bin/check_mk_agent
(root,13368,1040,1.0) ps ax -o user,vsz,rss,pcpu,command --columns 10000
(root,8388,844,0.0) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4) /
(dovenull,43204,3148,0.0) dovecot/imap-login
(popuser,25400,2864,0.0) dovecot/imap
(postfix,58488,2928,0.0) spawn -n 127.0.0.1:12346 -t inet user=popuser popuser argv=/usr/lib64/plesk-9.0/postfix-srs
(popuser,303636,100364,1.2) spamd child
(popuser,294068,90624,0.3) spamd child
(dovenull,43212,2616,0.0) dovecot/imap-login
(popuser,24140,2384,0.0) dovecot/imap
(dovenull,43104,3292,0.0) dovecot/imap-login
(popuser,28224,3608,0.0) dovecot/imap
(dovenull,43104,3352,0.0) dovecot/imap-login
(popuser,23836,2372,0.1) dovecot/imap
(popuser,25368,4156,0.0) dovecot/imap
(dovenull,43216,4112,0.0) dovecot/imap-login
(popuser,23860,2612,0.0) dovecot/imap
(dovenull,43208,2616,0.0) dovecot/imap-login
(popuser,24056,2068,0.0) dovecot/imap
(apache,469164,48456,0.0) /usr/sbin/httpd
(apache,469480,49248,0.0) /usr/sbin/httpd
(amavis,370480,79864,0.2) /usr/sbin/amavisd (ch9-avail)
(apache,469316,48448,0.0) /usr/sbin/httpd
(root,20104,1168,0.0) /usr/sbin/dovecot
(dovecot,13804,1156,0.0) dovecot/anvil
(root,13928,1124,0.0) dovecot/log
(root,24068,3004,0.0) dovecot/config
(dovenull,43200,4100,0.0) dovecot/imap-login
(popuser,25240,3568,0.0) dovecot/imap
(dovenull,43212,2604,0.0) dovecot/imap-login
(popuser,29584,5424,0.0) dovecot/imap
(root,13668,1160,0.0) dovecot/ssl-params
(amavis,372872,82252,0.3) /usr/sbin/amavisd (ch9-avail)
(root,60480,1104,0.0) /usr/libexec/postfix/master -w
(postfix,71468,3028,0.1) qmgr -l -t fifo -u
(postfix,70860,2316,0.0) tlsmgr -l -t unix -u
(amavis,374100,84068,0.4) /usr/sbin/amavisd (ch10-avail)
(postfix,70848,2256,0.0) anvil -l -t unix -u
(root,108312,760,0.0) /bin/sh /usr/bin/mysqld_safe --datadir=/var/lib/mysql --socket=/var/lib/mysql/mysql.sock --pid-file=/var/run/mysqld/mysqld.pid --basedir=/usr --user=mysql
(root,281588,80096,0.0) /usr/bin/spamd --create-prefs --daemonize --helper-home-dir=/var/qmail --max-children=5 --nouser-config --username=popuser --virtual-config-dir=/var/qmail/mailnames/%d/%l/.spamassassin -r /var/run/spamd.pid
(apache,466976,47188,0.0) /usr/sbin/httpd
(root,228420,3128,0.0) /usr/libexec/sssd/sssd_nss --uid 0 --gid 0 --debug-to-files
(root,200276,1756,0.0) /usr/libexec/sssd/sssd_sudo --uid 0 --gid 0 --debug-to-files
(mysql,3628704,976220,2.4) /usr/libexec/mysqld --basedir=/usr --datadir=/var/lib/mysql --plugin-dir=/usr/lib64/mysql/plugin --user=mysql --log-error=/var/log/mysqld.log --open-files-limit=8192 --pid-file=/var/run/mysqld/mysqld.pid --socket=/var/lib/mysql/mysql.sock
(root,214556,2008,0.0) /usr/libexec/sssd/sssd_pam --uid 0 --gid 0 --debug-to-files
(dovenull,43200,4096,0.0) dovecot/imap-login
(popuser,25328,4436,0.0) dovecot/imap
(amavis,370856,79800,0.1) /usr/sbin/amavisd (ch8-avail)
(mailman,216600,940,0.0) /usr/bin/python /usr/lib/mailman/bin/mailmanctl -s -q start
(mailman,218804,7416,0.0) /usr/bin/python /usr/lib/mailman/bin/qrunner --runner=ArchRunner:0:1 -s
(mailman,216440,2924,0.0) /usr/bin/python /usr/lib/mailman/bin/qrunner --runner=BounceRunner:0:1 -s
(mailman,216248,2864,0.0) /usr/bin/python /usr/lib/mailman/bin/qrunner --runner=CommandRunner:0:1 -s
(mailman,308172,102340,0.0) /usr/bin/python /usr/lib/mailman/bin/qrunner --runner=IncomingRunner:0:1 -s
(mailman,216260,2860,0.0) /usr/bin/python /usr/lib/mailman/bin/qrunner --runner=NewsRunner:0:1 -s
(mailman,218568,9100,0.0) /usr/bin/python /usr/lib/mailman/bin/qrunner --runner=OutgoingRunner:0:1 -s
(mailman,218416,7140,0.0) /usr/bin/python /usr/lib/mailman/bin/qrunner --runner=VirginRunner:0:1 -s
(mailman,216236,2832,0.0) /usr/bin/python /usr/lib/mailman/bin/qrunner --runner=RetryRunner:0:1 -s
(dovenull,43104,4108,0.0) dovecot/imap-login
(popuser,27112,4120,0.0) dovecot/imap
(amavis,362972,32172,0.0) /usr/sbin/amavisd (master)
(apache,456844,36140,0.0) /usr/sbin/httpd
(tomcat,4208804,1161756,1.3) /usr/lib/jvm/java/bin/java -Xms256m -Xmx1024m -XX:PermSize=256m -XX:MaxPermSize=512m -Djavax.sql.DataSource.Factory=org.apache.commons.dbcp.BasicDataSourceFactory -classpath :/usr/share/tomcat6/bin/bootstrap.jar:/usr/share/tomcat6/bin/tomcat-juli.jar:/usr/share/java/commons-daemon.jar -Dcatalina.base=/usr/share/tomcat6 -Dcatalina.home=/usr/share/tomcat6 -Djava.endorsed.dirs= -Djava.io.tmpdir=/var/cache/tomcat6/temp -Djava.util.logging.config.file=/usr/share/tomcat6/conf/logging.properties -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager org.apache.catalina.startup.Bootstrap start
(popuser,34504,5644,0.0) dovecot/imap
(popuser,23856,2844,0.0) dovecot/imap
(popuser,23860,2668,0.0) dovecot/imap
(popuser,24140,3188,0.0) dovecot/imap
(dovenull,43200,2508,0.0) dovecot/imap-login
(popuser,23860,1300,0.0) dovecot/imap
(popuser,24204,3240,0.0) dovecot/imap
(amavis,1479224,1059772,0.4) clamd.amavisd -c /etc/clamd.d/amavisd.conf --pid /var/run/amavisd/clamd.pid
(root,1401544,1083716,0.1) clamd
(popuser,25408,3256,0.0) dovecot/imap
(popuser,24236,3296,0.0) dovecot/imap
(popuser,28560,4056,0.0) dovecot/imap
(amavis,370608,79488,0.2) /usr/sbin/amavisd (ch5-avail)
(postfix,72020,4648,0.0) trivial-rewrite -n rewrite -t unix -u
(amavis,374444,83828,0.3) /usr/sbin/amavisd (ch10-avail)
(popuser,24440,3488,0.0) dovecot/imap
(popuser,23836,2660,0.0) dovecot/imap
(popuser,23864,2684,0.0) dovecot/imap
(amavis,371792,78716,0.1) /usr/sbin/amavisd (ch5-avail)
(apache,465264,45272,0.0) /usr/sbin/httpd
(dovenull,43204,2864,0.0) dovecot/imap-login
(popuser,23848,2104,0.0) dovecot/imap
(apache,465452,41408,0.0) /usr/sbin/httpd
(apache,461692,41496,0.0) /usr/sbin/httpd
(apache,461396,41792,0.0) /usr/sbin/httpd
(amavis,373288,84128,0.2) /usr/sbin/amavisd (ch17-avail)
(popuser,24416,3532,0.0) dovecot/imap
(postfix,72012,4668,0.0) trivial-rewrite -n rewrite -t unix -u
(apache,461084,41256,0.0) /usr/sbin/httpd
(apache,461968,42040,0.0) /usr/sbin/httpd
(postfix,70748,3068,0.0) pickup -l -t fifo -u
(root,52632,680,0.0) sw-cp-server: master process /usr/sbin/sw-cp-serverd -c /etc/sw-cp-server/config
(498,66152,3548,0.0) sw-cp-server: worker process                       
(root,38396,3020,0.0) dovecot/auth
(amavis,377940,87552,0.2) /usr/sbin/amavisd (ch15-avail)
(dovenull,43104,4108,0.0) dovecot/imap-login
(dovenull,43104,4108,0.0) dovecot/imap-login
(dovenull,43200,4100,0.0) dovecot/imap-login
(dovenull,43200,4104,0.0) dovecot/imap-login
(popuser,24212,3172,0.0) dovecot/imap
(popuser,24948,3952,0.0) dovecot/imap
(dovenull,43208,4120,0.0) dovecot/imap-login
(popuser,24256,3232,0.0) dovecot/imap
(popuser,36408,5076,0.0) dovecot/imap
(dovenull,43200,4100,0.0) dovecot/imap-login
(dovenull,43104,4108,0.0) dovecot/imap-login
(popuser,24632,3796,0.0) dovecot/imap
(popuser,24064,3076,0.0) dovecot/imap
(popuser,23836,2752,0.0) dovecot/imap
(dovenull,43104,4108,0.0) dovecot/imap-login
(popuser,23836,2788,0.0) dovecot/imap
(dovenull,43200,4100,0.0) dovecot/imap-login
(popuser,23836,2816,0.0) dovecot/imap
(postfix,71276,4012,0.0) cleanup -z -t unix -u
(popuser,12268,1088,0.0) /usr/lib64/plesk-9.0/postfix-srs
(postfix,94300,7396,0.0) smtpd -n smtp -t inet -u -o stress=
(postfix,94372,7544,0.0) smtpd -n smtp -t inet -u -o stress=
(postfix,58488,2932,0.0) spawn -n 127.0.0.1:12346 -t inet user=popuser popuser argv=/usr/lib64/plesk-9.0/postfix-srs
(popuser,12268,1088,0.0) /usr/lib64/plesk-9.0/postfix-srs
(postfix,58488,2936,0.0) spawn -n 127.0.0.1:12346 -t inet user=popuser popuser argv=/usr/lib64/plesk-9.0/postfix-srs
(popuser,12268,1092,0.0) /usr/lib64/plesk-9.0/postfix-srs
(dovenull,43200,3132,0.0) dovecot/imap-login
(popuser,24160,2180,0.0) dovecot/imap
(dovenull,43204,3136,0.0) dovecot/imap-login
(popuser,24516,2672,0.0) dovecot/imap
(dovenull,43200,3132,0.0) dovecot/imap-login
(popuser,23912,2120,0.0) dovecot/imap
(dovenull,43200,3140,0.0) dovecot/imap-login
(popuser,24724,2996,0.0) dovecot/imap
(dovenull,43212,2616,0.0) dovecot/imap-login
(popuser,25504,3492,0.0) dovecot/imap
(popuser,23852,2752,0.0) dovecot/imap
(postfix,70888,3036,0.0) showq -t unix -u
(dovenull,43200,4084,0.0) dovecot/imap-login
(popuser,23880,2980,0.0) dovecot/imap
(dovenull,43208,2608,0.0) dovecot/imap-login
(popuser,26816,4204,0.0) dovecot/imap
(popuser,28460,3928,0.0) dovecot/imap
(apache,461216,41112,0.0) /usr/sbin/httpd
(dovenull,43204,4084,0.0) dovecot/imap-login
(popuser,23852,2700,0.0) dovecot/imap
(apache,476616,53260,0.0) /usr/sbin/httpd
(postfix,94068,7084,0.0) smtpd -n submission -t inet -u -o stress= -o smtpd_enforce_tls=yes -o smtpd_tls_security_level=encrypt -o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions=permit_sasl_authenticated,reject -o smtpd_sender_restrictions= -o smtpd_recipient_restrictions=permit_mynetworks,permit_sasl_authenticated,reject_unauth_destination
(apache,461260,41244,0.0) /usr/sbin/httpd
(popuser,23868,2972,0.0) dovecot/imap
(popuser,23924,2864,0.0) dovecot/imap
(postfix,58488,2932,0.0) spawn -n 127.0.0.1:12346 -t inet user=popuser popuser argv=/usr/lib64/plesk-9.0/postfix-srs
(popuser,12268,1092,0.0) /usr/lib64/plesk-9.0/postfix-srs
(dovenull,43212,2604,0.0) dovecot/imap-login
(popuser,25092,3324,0.0) dovecot/imap
(dovenull,43204,4100,0.0) dovecot/imap-login
(popuser,23944,3004,0.0) dovecot/imap
(dovenull,43204,4100,0.0) dovecot/imap-login
(popuser,23836,2816,0.0) dovecot/imap
(dovenull,43212,2612,0.0) dovecot/imap-login
(popuser,27620,4004,0.0) dovecot/imap
      Found on 2023-01-12 15:03

    • Severity: high
      Fingerprint: 03cb82e6f6a6b45342c4bbcbd51b336f6083b8906ad374733d13f17af9aa9bbd

      Found public CheckMk agent:
Version: 1.2.4p1
AgentOS: linux
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
SpoolDirectory: /etc/check_mk/spool
AgentDirectory: /etc/check_mk
OnlyFrom: 

Found process list through CheckMk:
(root,33672,1288,0.0) /sbin/init
(root,0,0,0.0) [kthreadd]
(root,0,0,0.0) [migration/0]
(root,0,0,0.0) [ksoftirqd/0]
(root,0,0,0.0) [stopper/0]
(root,0,0,0.0) [watchdog/0]
(root,0,0,0.0) [migration/1]
(root,0,0,0.0) [stopper/1]
(root,0,0,0.0) [ksoftirqd/1]
(root,0,0,0.0) [watchdog/1]
(root,0,0,0.0) [migration/2]
(root,0,0,0.0) [stopper/2]
(root,0,0,0.0) [ksoftirqd/2]
(root,0,0,0.0) [watchdog/2]
(root,0,0,0.0) [migration/3]
(root,0,0,0.0) [stopper/3]
(root,0,0,0.0) [ksoftirqd/3]
(root,0,0,0.0) [watchdog/3]
(root,0,0,0.0) [events/0]
(root,0,0,0.0) [events/1]
(root,0,0,0.0) [events/2]
(root,0,0,0.0) [events/3]
(root,0,0,0.0) [events/0]
(root,0,0,0.0) [events/1]
(root,0,0,0.0) [events/2]
(root,0,0,0.0) [events/3]
(root,0,0,0.0) [events_long/0]
(root,0,0,0.0) [events_long/1]
(root,0,0,0.0) [events_long/2]
(root,0,0,0.0) [events_long/3]
(root,0,0,0.0) [events_power_ef]
(root,0,0,0.0) [events_power_ef]
(root,0,0,0.0) [events_power_ef]
(root,0,0,0.0) [events_power_ef]
(root,0,0,0.0) [cgroup]
(root,0,0,0.0) [khelper]
(root,0,0,0.0) [netns]
(root,0,0,0.0) [async/mgr]
(root,0,0,0.0) [pm]
(root,0,0,0.0) [sync_supers]
(root,0,0,0.0) [bdi-default]
(root,0,0,0.0) [kintegrityd/0]
(root,0,0,0.0) [kintegrityd/1]
(root,0,0,0.0) [kintegrityd/2]
(root,0,0,0.0) [kintegrityd/3]
(root,0,0,0.0) [kblockd/0]
(root,0,0,0.0) [kblockd/1]
(root,0,0,0.0) [kblockd/2]
(root,0,0,0.0) [kblockd/3]
(root,0,0,0.0) [kacpid]
(root,0,0,0.0) [kacpi_notify]
(root,0,0,0.0) [kacpi_hotplug]
(root,0,0,0.0) [ata_aux]
(root,0,0,0.0) [ata_sff/0]
(root,0,0,0.0) [ata_sff/1]
(root,0,0,0.0) [ata_sff/2]
(root,0,0,0.0) [ata_sff/3]
(root,0,0,0.0) [ksuspend_usbd]
(root,0,0,0.0) [khubd]
(root,0,0,0.0) [kseriod]
(root,0,0,0.0) [md/0]
(root,0,0,0.0) [md/1]
(root,0,0,0.0) [md/2]
(root,0,0,0.0) [md/3]
(root,0,0,0.0) [md_misc/0]
(root,0,0,0.0) [md_misc/1]
(root,0,0,0.0) [md_misc/2]
(root,0,0,0.0) [md_misc/3]
(root,0,0,0.0) [linkwatch]
(root,0,0,0.0) [khungtaskd]
(root,0,0,0.0) [lru-add-drain/0]
(root,0,0,0.0) [lru-add-drain/1]
(root,0,0,0.0) [lru-add-drain/2]
(root,0,0,0.0) [lru-add-drain/3]
(root,0,0,0.0) [kswapd0]
(root,0,0,0.0) [ksmd]
(root,0,0,0.0) [khugepaged]
(root,0,0,0.0) [aio/0]
(root,0,0,0.0) [aio/1]
(root,0,0,0.0) [aio/2]
(root,0,0,0.0) [aio/3]
(root,0,0,0.0) [crypto/0]
(root,0,0,0.0) [crypto/1]
(root,0,0,0.0) [crypto/2]
(root,0,0,0.0) [crypto/3]
(root,0,0,0.0) [kthrotld/0]
(root,0,0,0.0) [kthrotld/1]
(root,0,0,0.0) [kthrotld/2]
(root,0,0,0.0) [kthrotld/3]
(root,0,0,0.0) [pciehpd]
(root,0,0,0.0) [kpsmoused]
(root,0,0,0.0) [usbhid_resumer]
(root,0,0,0.0) [deferwq]
(root,0,0,0.0) [kdmremove]
(root,0,0,0.0) [kstriped]
(root,0,0,0.0) [ttm_swap]
(root,0,0,0.0) [scsi_eh_0]
(root,0,0,0.0) [scsi_eh_1]
(root,0,0,0.0) [mpt_poll_0]
(root,0,0,0.0) [mpt/0]
(root,0,0,0.0) [scsi_eh_2]
(root,0,0,0.0) [kdmflush]
(root,0,0,0.0) [kdmflush]
(root,0,0,0.0) [flush-253:0]
(root,0,0,0.1) [jbd2/dm-0-8]
(root,0,0,0.0) [ext4-dio-unwrit]
(root,10984,280,0.0) /sbin/udevd -d
(root,0,0,0.0) [vmmemctl]
(tomcat,4195844,1129028,1.1) /usr/lib/jvm/java/bin/java -Xms256m -Xmx1024m -XX:PermSize=256m -XX:MaxPermSize=512m -Djavax.sql.DataSource.Factory=org.apache.commons.dbcp.BasicDataSourceFactory -classpath :/usr/share/tomcat6/bin/bootstrap.jar:/usr/share/tomcat6/bin/tomcat-juli.jar:/usr/share/java/commons-daemon.jar -Dcatalina.base=/usr/share/tomcat6 -Dcatalina.home=/usr/share/tomcat6 -Djava.endorsed.dirs= -Djava.io.tmpdir=/var/cache/tomcat6/temp -Djava.util.logging.config.file=/usr/share/tomcat6/conf/logging.properties -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager org.apache.catalina.startup.Bootstrap start
(root,10636,272,0.0) /sbin/udevd -d
(root,0,0,0.0) [jbd2/sda1-8]
(root,0,0,0.0) [ext4-dio-unwrit]
(postfix,71272,4008,0.0) cleanup -z -t unix -u
(root,0,0,0.0) [kauditd]
(root,437860,25076,0.0) /usr/sbin/httpd
(apache,343372,13632,0.0) /usr/sbin/httpd
(root,283436,4492,0.0) /usr/libexec/sssd/sssd_be --domain armada.it --uid 0 --gid 0 --debug-to-files
(root,29764,704,0.0) auditd
(root,411720,12048,0.0) /sbin/rsyslogd -i /var/run/syslogd.pid -c 5
(named,262408,19252,0.0) /usr/sbin/named -u named -c /etc/named.conf -u named -n 2 -t /var/named/chroot
(rpc,19048,824,0.0) rpcbind
(apache,470660,44556,0.0) /usr/sbin/httpd
(root,223768,1820,0.0) /usr/sbin/sssd -f -D
(root,207940,2788,0.0) /usr/libexec/sssd/sssd_ssh --uid 0 --gid 0 --debug-to-files
(root,225500,2184,0.0) /usr/libexec/sssd/sssd_pac --uid 0 --gid 0 --debug-to-files
(rpcuser,25432,772,0.0) rpc.statd
(dovenull,43104,4108,0.0) dovecot/imap-login
(dovenull,43104,4108,0.0) dovecot/imap-login
(dovenull,43104,4112,0.0) dovecot/imap-login
(dovenull,43200,4104,0.0) dovecot/imap-login
(popuser,24132,3156,0.0) dovecot/imap
(popuser,24028,3052,0.0) dovecot/imap
(popuser,25108,4212,0.0) dovecot/imap
(popuser,24120,3144,0.0) dovecot/imap
(dovenull,43200,4104,0.0) dovecot/imap-login
(dovenull,43104,4112,0.0) dovecot/imap-login
(dovenull,43104,4108,0.0) dovecot/imap-login
(dovenull,43104,4112,0.0) dovecot/imap-login
(popuser,24052,3088,0.0) dovecot/imap
(popuser,23836,2788,0.0) dovecot/imap
(popuser,24384,3392,0.0) dovecot/imap
(popuser,23836,2788,0.0) dovecot/imap
(postfix,58488,2932,0.0) spawn -n 127.0.0.1:12346 -t inet user=popuser popuser argv=/usr/lib64/plesk-9.0/postfix-srs
(popuser,12268,1088,0.0) /usr/lib64/plesk-9.0/postfix-srs
(dbus,33676,376,0.0) dbus-daemon --system
(10160,14632,256,0.0) magicspam-rate-limiter                                         
(10160,14636,400,0.0) /usr/local/psa/admin/sbin/modules/magicspampro/magicspam-daemon
(10160,672204,700,0.0) /usr/local/psa/admin/sbin/modules/magicspampro/magicspam-milter -p inet:12345@127.0.0.1
(root,10980,244,0.0) /sbin/udevd -d
(root,466824,1372,0.0) automount --pid-file /var/run/autofs.pid
(root,200420,1340,0.0) /usr/sbin/snmpd -LS0-6d -Lf /dev/null -p /var/run/snmpd.pid
(root,66288,580,0.0) /usr/sbin/sshd
(root,21712,852,0.0) xinetd -stayalive -pidfile /var/run/xinetd.pid
(apache,472080,45444,0.0) /usr/sbin/httpd
(apache,471528,44744,0.0) /usr/sbin/httpd
(ntp,42984,1636,0.0) ntpd -x -u ntp:ntp -p /var/run/ntpd.pid
(apache,471536,44792,0.0) /usr/sbin/httpd
(amavis,376604,83284,0.0) /usr/sbin/amavisd (ch9-avail)
(apache,471572,44484,0.0) /usr/sbin/httpd
(root,1477320,1077524,0.0) clamd
(amavis,363084,32316,0.0) /usr/sbin/amavisd (master)
(nagios,53712,852,0.0) nrpe -c /etc/nagios/nrpe.cfg -d
(amavis,364308,41176,0.0) /usr/sbin/amavisd (ch1-avail)
(root,213324,4244,0.0) /usr/bin/vmtoolsd
(postfix,2145320,2584,0.0) /usr/lib64/plesk-9.0/psa-pc-remote -p inet:12768@127.0.0.1 -P /var/run/psa-pc-remote.pid -u postfix -g popuser
(root,90328,3720,0.0) /usr/bin/VGAuthService -s --background=/var/run/vmware/vgauthsvclog_pid.txt
(root,414780,1036,0.0) php-fpm: master process (/opt/plesk/php/5.5/etc/php-fpm.conf)
(root,108312,1320,0.0) /bin/sh /usr/bin/mysqld_safe --datadir=/var/lib/mysql --socket=/var/lib/mysql/mysql.sock --pid-file=/var/run/mysqld/mysqld.pid --basedir=/usr --user=mysql
(dovenull,43204,3112,0.0) dovecot/imap-login
(dovenull,43200,3100,0.0) dovecot/imap-login
(popuser,26668,4016,0.0) dovecot/imap
(popuser,25772,3552,0.0) dovecot/imap
(dovenull,43200,3104,0.0) dovecot/imap-login
(popuser,24428,3560,0.0) dovecot/imap
(mysql,3571528,832340,1.7) /usr/libexec/mysqld --basedir=/usr --datadir=/var/lib/mysql --plugin-dir=/usr/lib64/mysql/plugin --user=mysql --log-error=/var/log/mysqld.log --open-files-limit=8192 --pid-file=/var/run/mysqld/mysqld.pid --socket=/var/lib/mysql/mysql.sock
(root,385316,784,0.0) sw-engine-fpm: master process (/etc/sw-engine/sw-engine-fpm.conf)                                          
(root,52632,580,0.0) sw-cp-server: master process /usr/sbin/sw-cp-serverd -c /etc/sw-cp-server/config
(498,67428,3824,0.0) sw-cp-server: worker process                       
(root,129368,1240,0.0) crond
(root,21104,312,0.0) /usr/sbin/atd
(mailman,216608,1728,0.0) /usr/bin/python /usr/lib/mailman/bin/mailmanctl -s -q start
(mailman,226476,18220,0.0) /usr/bin/python /usr/lib/mailman/bin/qrunner --runner=ArchRunner:0:1 -s
(mailman,216300,6064,0.0) /usr/bin/python /usr/lib/mailman/bin/qrunner --runner=BounceRunner:0:1 -s
(mailman,216236,8020,0.0) /usr/bin/python /usr/lib/mailman/bin/qrunner --runner=CommandRunner:0:1 -s
(mailman,382644,163936,0.0) /usr/bin/python /usr/lib/mailman/bin/qrunner --runner=IncomingRunner:0:1 -s
(mailman,216264,8080,0.0) /usr/bin/python /usr/lib/mailman/bin/qrunner --runner=NewsRunner:0:1 -s
(mailman,235088,27224,0.0) /usr/bin/python /usr/lib/mailman/bin/qrunner --runner=OutgoingRunner:0:1 -s
(mailman,226512,17992,0.0) /usr/bin/python /usr/lib/mailman/bin/qrunner --runner=VirginRunner:0:1 -s
(mailman,216228,8100,0.0) /usr/bin/python /usr/lib/mailman/bin/qrunner --runner=RetryRunner:0:1 -s
(root,64632,864,0.0) /usr/sbin/certmonger -S -p /var/run/certmonger.pid
(root,354968,13144,0.0) /usr/bin/sw-engine -c /usr/local/psa/admin/conf/php.ini /usr/local/psa/admin/bin/modules/watchdog/wdcollect -c /usr/local/psa/etc/modules/watchdog/wdcollect.inc.php
(root,195844,3548,0.0) /usr/local/psa/admin/bin/modules/watchdog/monit -Ic /usr/local/psa/etc/modules/watchdog/monitrc
(root,4060,492,0.0) /sbin/mingetty /dev/tty1
(root,4060,492,0.0) /sbin/mingetty /dev/tty2
(root,4060,492,0.0) /sbin/mingetty /dev/tty3
(root,4060,492,0.0) /sbin/mingetty /dev/tty4
(root,4060,492,0.0) /sbin/mingetty /dev/tty5
(root,4060,492,0.0) /sbin/mingetty /dev/tty6
(postfix,94184,7068,0.0) smtpd -n smtp -t inet -u -o stress=
(apache,468756,42360,0.0) /usr/sbin/httpd
(apache,468120,41984,0.0) /usr/sbin/httpd
(postfix,94036,7060,0.0) smtpd -n submission -t inet -u -o stress= -o smtpd_enforce_tls=yes -o smtpd_tls_security_level=encrypt -o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions=permit_sasl_authenticated,reject -o smtpd_sender_restrictions= -o smtpd_recipient_restrictions=permit_mynetworks,permit_sasl_authenticated,reject_unauth_destination
(postfix,58488,2932,0.0) spawn -n 127.0.0.1:12346 -t inet user=popuser popuser argv=/usr/lib64/plesk-9.0/postfix-srs
(popuser,12268,1088,0.0) /usr/lib64/plesk-9.0/postfix-srs
(apache,469140,43140,0.0) /usr/sbin/httpd
(root,60480,1164,0.0) /usr/libexec/postfix/master -w
(postfix,71264,2956,0.1) qmgr -l -t fifo -u
(postfix,70860,2456,0.0) tlsmgr -l -t unix -u
(postfix,70848,2468,0.0) anvil -l -t unix -u
(root,20104,1196,0.0) /usr/sbin/dovecot
(dovecot,13804,1336,0.0) dovecot/anvil
(root,13808,1256,0.0) dovecot/log
(root,23800,3068,0.0) dovecot/config
(root,38468,3344,0.0) dovecot/auth
(dovenull,43200,3108,0.0) dovecot/imap-login
(popuser,24116,3040,0.0) dovecot/imap
(dovenull,43200,3104,0.0) dovecot/imap-login
(popuser,25720,3372,0.0) dovecot/imap
(dovenull,43200,3096,0.0) dovecot/imap-login
(popuser,23908,2504,0.0) dovecot/imap
(dovenull,43204,3120,0.0) dovecot/imap-login
(popuser,29536,6160,0.0) dovecot/imap
(dovenull,43104,3120,0.0) dovecot/imap-login
(popuser,46956,3688,0.0) dovecot/imap
(dovenull,43204,3116,0.0) dovecot/imap-login
(popuser,26640,4616,0.0) dovecot/imap
(dovenull,43204,3120,0.0) dovecot/imap-login
(popuser,27356,4620,0.0) dovecot/imap
(dovenull,43204,3112,0.0) dovecot/imap-login
(popuser,23848,2652,0.0) dovecot/imap
(dovenull,43204,3128,0.0) dovecot/imap-login
(popuser,24428,3296,0.0) dovecot/imap
(popuser,298500,95076,0.3) spamd child
(amavis,377984,82672,0.0) /usr/sbin/amavisd (ch7-avail)
(dovenull,43204,3116,0.0) dovecot/imap-login
(popuser,24920,3416,0.0) dovecot/imap
(apache,470068,43896,0.0) /usr/sbin/httpd
(dovenull,43104,4108,0.0) dovecot/imap-login
(popuser,28140,3860,0.0) dovecot/imap
(apache,470708,44988,0.0) /usr/sbin/httpd
(apache,469636,43804,0.0) /usr/sbin/httpd
(dovenull,43204,3108,0.0) dovecot/imap-login
(popuser,24348,2784,0.0) dovecot/imap
(apache,472936,45276,0.0) /usr/sbin/httpd
(dovenull,43208,4100,0.0) dovecot/imap-login
(dovenull,43204,4092,0.0) dovecot/imap-login
(popuser,23864,2720,0.0) dovecot/imap
(popuser,24068,2888,0.0) dovecot/imap
(dovenull,43200,4088,0.0) dovecot/imap-login
(popuser,24468,3280,0.0) dovecot/imap
(apache,466908,40480,0.0) /usr/sbin/httpd
(apache,467416,41180,0.0) /usr/sbin/httpd
(apache,466540,40368,0.0) /usr/sbin/httpd
(dovenull,43104,4112,0.0) dovecot/imap-login
(popuser,24016,2944,0.0) dovecot/imap
(postfix,94184,7064,0.0) smtpd -n smtp -t inet -u -o stress=
(amavis,374860,81048,0.0) /usr/sbin/amavisd (ch9-avail)
(dovenull,43204,4080,0.0) dovecot/imap-login
(popuser,23928,3004,0.0) dovecot/imap
(dovenull,43200,4084,0.0) dovecot/imap-login
(popuser,24048,3044,0.0) dovecot/imap
(popuser,299848,96384,0.1) spamd child
(root,228420,3660,0.0) /usr/libexec/sssd/sssd_nss --uid 0 --gid 0 --debug-to-files
(dovenull,43204,4084,0.0) dovecot/imap-login
(popuser,23868,2640,0.0) dovecot/imap
(root,200276,2412,0.0) /usr/libexec/sssd/sssd_sudo --uid 0 --gid 0 --debug-to-files
(dovenull,43200,4084,0.0) dovecot/imap-login
(popuser,23852,2944,0.0) dovecot/imap
(dovenull,43200,4084,0.0) dovecot/imap-login
(popuser,24288,3292,0.0) dovecot/imap
(root,214556,2932,0.0) /usr/libexec/sssd/sssd_pam --uid 0 --gid 0 --debug-to-files
(postfix,94300,7316,0.0) smtpd -n smtp -t inet -u -o stress=
(dovenull,43200,4080,0.0) dovecot/imap-login
(popuser,23980,2948,0.0) dovecot/imap
(dovenull,43200,4084,0.0) dovecot/imap-login
(popuser,24152,3152,0.0) dovecot/imap
(postfix,72020,4628,0.0) trivial-rewrite -n rewrite -t unix -u
(dovenull,43104,4112,0.0) dovecot/imap-login
(popuser,24016,2932,0.0) dovecot/imap
(dovenull,43200,4088,0.0) dovecot/imap-login
(popuser,24044,3028,0.0) dovecot/imap
(apache,519760,52816,0.0) /usr/sbin/httpd
(apache,469176,43064,0.0) /usr/sbin/httpd
(apache,469864,43236,0.0) /usr/sbin/httpd
(popuser,23852,2764,0.0) dovecot/imap
(dovenull,43200,4084,0.0) dovecot/imap-login
(dovenull,43200,4084,0.0) dovecot/imap-login
(popuser,23836,2672,0.0) dovecot/imap
(popuser,23868,2688,0.0) dovecot/imap
(popuser,23872,2952,0.0) dovecot/imap
(popuser,23844,2844,0.0) dovecot/imap
(dovenull,43200,2928,0.0) dovecot/imap-login
(popuser,23860,2444,0.0) dovecot/imap
(popuser,23932,2796,0.0) dovecot/imap
(dovenull,43200,4104,0.0) dovecot/imap-login
(popuser,23848,2804,0.0) dovecot/imap
(dovenull,43204,4088,0.0) dovecot/imap-login
(popuser,24356,2696,0.0) dovecot/imap
(dovenull,43104,4112,0.0) dovecot/imap-login
(dovenull,43104,4112,0.0) dovecot/imap-login
(dovenull,43104,4112,0.0) dovecot/imap-login
(dovenull,43200,4104,0.0) dovecot/imap-login
(popuser,24132,3080,0.0) dovecot/imap
(popuser,24492,3392,0.0) dovecot/imap
(popuser,24316,3128,0.0) dovecot/imap
(dovenull,43200,4104,0.0) dovecot/imap-login
(popuser,24224,3032,0.0) dovecot/imap
(dovenull,43104,4108,0.0) dovecot/imap-login
(dovenull,43104,4108,0.0) dovecot/imap-login
(dovenull,43104,4108,0.0) dovecot/imap-login
(popuser,23508,2220,0.0) dovecot/imap
(popuser,23508,2216,0.0) dovecot/imap
(popuser,23508,2216,0.0) dovecot/imap
(popuser,23508,2216,0.0) dovecot/imap
(postfix,94184,7068,0.0) smtpd -n smtp -t inet -u -o stress=
(dovenull,43200,4112,0.0) dovecot/imap-login
(popuser,24012,3000,0.0) dovecot/imap
(dovenull,43200,4088,0.0) dovecot/imap-login
(popuser,25140,2716,0.0) dovecot/imap
(root,196148,3084,0.0) CROND
(root,106080,1360,0.0) /bin/bash /root/backup_totale_mysql.sh
(root,106124,1000,0.2) /bin/bash /root/backup_totale_mysql.sh
(postfix,58488,2896,0.0) spawn -n 127.0.0.1:12346 -t inet user=popuser popuser argv=/usr/lib64/plesk-9.0/postfix-srs
(postfix,70748,3068,0.0) pickup -l -t fifo -u
(root,176788,24036,0.4) lfd - sleeping
(dovenull,43104,4112,0.1) dovecot/imap-login
(popuser,24528,3260,0.0) dovecot/imap
(dovenull,43104,4108,0.0) dovecot/imap-login
(popuser,23840,2756,0.0) dovecot/imap
(amavis,364308,39652,0.0) /usr/sbin/amavisd (ch1-19415-01)
(postfix,58488,2900,0.0) spawn -n 127.0.0.1:12346 -t inet user=popuser popuser argv=/usr/lib64/plesk-9.0/postfix-srs
(postfix,58488,2896,0.0) spawn -n 127.0.0.1:12346 -t inet user=popuser popuser argv=/usr/lib64/plesk-9.0/postfix-srs
(popuser,23852,2756,0.0) dovecot/imap
(amavis,377556,84284,0.0) /usr/sbin/amavisd (ch13-avail)
(root,13668,1164,0.0) dovecot/ssl-params
(dovenull,43084,4064,0.0) dovecot/pop3-login
(dovenull,43192,4064,0.0) dovecot/pop3-login
(popuser,19504,2672,0.0) dovecot/pop3
(popuser,19536,2580,0.0) dovecot/pop3
(cinofili,0,0,6.3) [php-cgi] <defunct>
(cinofili,0,0,4.8) [php-cgi] <defunct>
(cocori,0,0,1.5) [php-cgi] <defunct>
(cocori,0,0,0.7) [php-cgi] <defunct>
(fimppro,476488,98040,7.6) /opt/plesk/php/7.2/bin/php-cgi -c /var/www/vhosts/system/fimp.pro/etc/php.ini
(fimppro,485188,108560,14.4) /opt/plesk/php/7.2/bin/php-cgi -c /var/www/vhosts/system/fimp.pro/etc/php.ini
(fimppro,495728,107848,12.4) /opt/plesk/php/7.2/bin/php-cgi -c /var/www/vhosts/system/fimp.pro/etc/php.ini
(fimppro,478460,101488,10.8) /opt/plesk/php/7.2/bin/php-cgi -c /var/www/vhosts/system/fimp.pro/etc/php.ini
(christi1,411776,53192,10.7) /opt/plesk/php/5.6/bin/php-cgi -c /var/www/vhosts/system/christiandesicafanclub.it/etc/php.ini
(dovenull,43204,4084,0.2) dovecot/imap-login
(popuser,23852,2928,0.0) dovecot/imap
(root,110248,1588,0.4) /bin/bash /usr/bin/check_mk_agent
(cocori,490688,28000,4.2) /opt/plesk/php/5.6/bin/php-cgi -c /var/www/vhosts/system/forum.hrspace.it/etc/php.ini
(root,110248,764,0.0) /bin/bash /usr/bin/check_mk_agent
(root,110248,652,0.0) /bin/bash /usr/bin/check_mk_agent
(root,830760,7016,1.7) python /usr/lib64/nagios/plugins/check_blacklist -w 1 -c 3 -h server.serverlinuxxte.com
(502,306656,18104,7.5) /usr/bin/php-cgi -c /etc/psa-webmail/roundcube/php.ini
(root,126852,3112,0.0) /usr/bin/mysqldump -uadmin -px xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx fimppro_new
(root,110248,1536,0.0) /bin/bash /usr/bin/check_mk_agent
(root,13360,1032,0.0) ps ax -o user,vsz,rss,pcpu,command --columns 10000
(root,8388,840,0.0) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4) /
(dovenull,43204,3124,0.0) dovecot/imap-login
(popuser,24336,3256,0.0) dovecot/imap
(root,3872,1196,0.0) plesk bin extension --exec revisium-antivirus ra_executor.php
(psaadm,283360,46236,0.0) /usr/bin/sw-engine -c /usr/local/psa/admin/conf/php.ini /usr/local/psa/bin/extension --exec revisium-antivirus ra_executor.php
(psaadm,11300,1296,0.0) sh -c '/usr/local/psa/admin/bin/php' -dauto_prepend_file=sdk.php '/usr/local/psa/admin/plib/modules/revisium-antivirus/scripts/ra_executor.php' 2>&1
(psaadm,266308,42080,0.0) /usr/bin/sw-engine -c /usr/local/psa/admin/conf/php.ini -dauto_prepend_file=sdk.php /usr/local/psa/admin/plib/modules/revisium-antivirus/scripts/ra_executor.php
(apache,456108,28792,0.0) /usr/sbin/httpd
(postfix,70888,3040,0.0) showq -t unix -u
(amavis,365104,67872,0.0) /usr/sbin/amavisd (ch5-avail)
(amavis,365576,69700,0.0) /usr/sbin/amavisd (ch7-avail)
(root,281540,80112,0.0) /usr/bin/spamd --create-prefs --daemonize --helper-home-dir=/var/qmail --max-children=5 --nouser-config --username=popuser --virtual-config-dir=/var/qmail/mailnames/%d/%l/.spamassassin -r /var/run/spamd.pid
(amavis,365572,69320,0.0) /usr/sbin/amavisd (ch5-avail)
(amavis,365500,69304,0.0) /usr/sbin/amavisd (ch4-avail)
(apache,476724,49168,0.0) /usr/sbin/httpd
(amavis,364916,67048,0.0) /usr/sbin/amavisd (ch4-avail)
(amavis,365908,70012,0.0) /usr/sbin/amavisd (ch4-avail)
      Found on 2022-12-21 23:07

    • Severity: high
      Fingerprint: 03cb82e6f6a6b45342c4bbcbd51b336f6083b8906ad374733d13f17ac7d30e5d

      Found public CheckMk agent:
Version: 1.2.4p1
AgentOS: linux
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
SpoolDirectory: /etc/check_mk/spool
AgentDirectory: /etc/check_mk
OnlyFrom: 

Found process list through CheckMk:
(root,33672,1288,0.0) /sbin/init
(root,0,0,0.0) [kthreadd]
(root,0,0,0.0) [migration/0]
(root,0,0,0.0) [ksoftirqd/0]
(root,0,0,0.0) [stopper/0]
(root,0,0,0.0) [watchdog/0]
(root,0,0,0.0) [migration/1]
(root,0,0,0.0) [stopper/1]
(root,0,0,0.0) [ksoftirqd/1]
(root,0,0,0.0) [watchdog/1]
(root,0,0,0.0) [migration/2]
(root,0,0,0.0) [stopper/2]
(root,0,0,0.0) [ksoftirqd/2]
(root,0,0,0.0) [watchdog/2]
(root,0,0,0.0) [migration/3]
(root,0,0,0.0) [stopper/3]
(root,0,0,0.0) [ksoftirqd/3]
(root,0,0,0.0) [watchdog/3]
(root,0,0,0.0) [events/0]
(root,0,0,0.0) [events/1]
(root,0,0,0.0) [events/2]
(root,0,0,0.0) [events/3]
(root,0,0,0.0) [events/0]
(root,0,0,0.0) [events/1]
(root,0,0,0.0) [events/2]
(root,0,0,0.0) [events/3]
(root,0,0,0.0) [events_long/0]
(root,0,0,0.0) [events_long/1]
(root,0,0,0.0) [events_long/2]
(root,0,0,0.0) [events_long/3]
(root,0,0,0.0) [events_power_ef]
(root,0,0,0.0) [events_power_ef]
(root,0,0,0.0) [events_power_ef]
(root,0,0,0.0) [events_power_ef]
(root,0,0,0.0) [cgroup]
(root,0,0,0.0) [khelper]
(root,0,0,0.0) [netns]
(root,0,0,0.0) [async/mgr]
(root,0,0,0.0) [pm]
(root,0,0,0.0) [sync_supers]
(root,0,0,0.0) [bdi-default]
(root,0,0,0.0) [kintegrityd/0]
(root,0,0,0.0) [kintegrityd/1]
(root,0,0,0.0) [kintegrityd/2]
(root,0,0,0.0) [kintegrityd/3]
(root,0,0,0.0) [kblockd/0]
(root,0,0,0.0) [kblockd/1]
(root,0,0,0.0) [kblockd/2]
(root,0,0,0.0) [kblockd/3]
(root,0,0,0.0) [kacpid]
(root,0,0,0.0) [kacpi_notify]
(root,0,0,0.0) [kacpi_hotplug]
(root,0,0,0.0) [ata_aux]
(root,0,0,0.0) [ata_sff/0]
(root,0,0,0.0) [ata_sff/1]
(root,0,0,0.0) [ata_sff/2]
(root,0,0,0.0) [ata_sff/3]
(root,0,0,0.0) [ksuspend_usbd]
(root,0,0,0.0) [khubd]
(root,0,0,0.0) [kseriod]
(root,0,0,0.0) [md/0]
(root,0,0,0.0) [md/1]
(root,0,0,0.0) [md/2]
(root,0,0,0.0) [md/3]
(root,0,0,0.0) [md_misc/0]
(root,0,0,0.0) [md_misc/1]
(root,0,0,0.0) [md_misc/2]
(root,0,0,0.0) [md_misc/3]
(root,0,0,0.0) [linkwatch]
(root,0,0,0.0) [khungtaskd]
(root,0,0,0.0) [lru-add-drain/0]
(root,0,0,0.0) [lru-add-drain/1]
(root,0,0,0.0) [lru-add-drain/2]
(root,0,0,0.0) [lru-add-drain/3]
(root,0,0,0.0) [kswapd0]
(root,0,0,0.0) [ksmd]
(root,0,0,0.0) [khugepaged]
(root,0,0,0.0) [aio/0]
(root,0,0,0.0) [aio/1]
(root,0,0,0.0) [aio/2]
(root,0,0,0.0) [aio/3]
(root,0,0,0.0) [crypto/0]
(root,0,0,0.0) [crypto/1]
(root,0,0,0.0) [crypto/2]
(root,0,0,0.0) [crypto/3]
(root,0,0,0.0) [kthrotld/0]
(root,0,0,0.0) [kthrotld/1]
(root,0,0,0.0) [kthrotld/2]
(root,0,0,0.0) [kthrotld/3]
(root,0,0,0.0) [pciehpd]
(root,0,0,0.0) [kpsmoused]
(root,0,0,0.0) [usbhid_resumer]
(root,0,0,0.0) [deferwq]
(root,0,0,0.0) [kdmremove]
(root,0,0,0.0) [kstriped]
(root,0,0,0.0) [ttm_swap]
(root,0,0,0.0) [scsi_eh_0]
(root,0,0,0.0) [scsi_eh_1]
(root,0,0,0.0) [mpt_poll_0]
(root,0,0,0.0) [mpt/0]
(root,0,0,0.0) [scsi_eh_2]
(root,0,0,0.0) [kdmflush]
(root,0,0,0.0) [kdmflush]
(root,0,0,0.0) [flush-253:0]
(root,0,0,0.1) [jbd2/dm-0-8]
(root,0,0,0.0) [ext4-dio-unwrit]
(root,10984,280,0.0) /sbin/udevd -d
(root,0,0,0.0) [vmmemctl]
(root,10636,272,0.0) /sbin/udevd -d
(root,0,0,0.0) [jbd2/sda1-8]
(root,0,0,0.0) [ext4-dio-unwrit]
(root,0,0,0.0) [kauditd]
(postfix,58488,2932,0.0) spawn -n 127.0.0.1:12346 -t inet user=popuser popuser argv=/usr/lib64/plesk-9.0/postfix-srs
(popuser,12268,1088,0.0) /usr/lib64/plesk-9.0/postfix-srs
(root,283244,4180,0.0) /usr/libexec/sssd/sssd_be --domain armada.it --uid 0 --gid 0 --debug-to-files
(amavis,366044,74564,0.1) /usr/sbin/amavisd (ch10-avail)
(root,438384,73204,0.0) /usr/sbin/httpd
(apache,344032,60176,0.0) /usr/sbin/httpd
(apache,470924,89884,0.0) /usr/sbin/httpd
(root,29764,700,0.0) auditd
(root,411720,12084,0.0) /sbin/rsyslogd -i /var/run/syslogd.pid -c 5
(named,262408,17840,0.0) /usr/sbin/named -u named -c /etc/named.conf -u named -n 2 -t /var/named/chroot
(rpc,19048,816,0.0) rpcbind
(root,223768,1820,0.0) /usr/sbin/sssd -f -D
(root,207940,3316,0.0) /usr/libexec/sssd/sssd_ssh --uid 0 --gid 0 --debug-to-files
(root,225500,2184,0.0) /usr/libexec/sssd/sssd_pac --uid 0 --gid 0 --debug-to-files
(rpcuser,25432,772,0.0) rpc.statd
(dbus,33676,376,0.0) dbus-daemon --system
(10160,14632,260,0.0) magicspam-rate-limiter                                         
(10160,14636,400,0.0) /usr/local/psa/admin/sbin/modules/magicspampro/magicspam-daemon
(10160,672204,680,0.0) /usr/local/psa/admin/sbin/modules/magicspampro/magicspam-milter -p inet:12345@127.0.0.1
(root,10980,244,0.0) /sbin/udevd -d
(root,466824,1368,0.0) automount --pid-file /var/run/autofs.pid
(root,200420,1336,0.0) /usr/sbin/snmpd -LS0-6d -Lf /dev/null -p /var/run/snmpd.pid
(root,66288,580,0.0) /usr/sbin/sshd
(root,21712,852,0.0) xinetd -stayalive -pidfile /var/run/xinetd.pid
(ntp,42984,1640,0.0) ntpd -x -u ntp:ntp -p /var/run/ntpd.pid
(root,1477272,1079024,0.0) clamd
(root,20104,1184,0.0) /usr/sbin/dovecot
(dovecot,13804,1336,0.0) dovecot/anvil
(root,13932,1368,0.0) dovecot/log
(root,24064,3252,0.0) dovecot/config
(amavis,363084,32876,0.0) /usr/sbin/amavisd (master)
(nagios,53712,852,0.0) nrpe -c /etc/nagios/nrpe.cfg -d
(root,60612,1188,0.0) /usr/libexec/postfix/master -w
(postfix,71252,2820,0.1) qmgr -l -t fifo -u
(postfix,70860,2452,0.0) tlsmgr -l -t unix -u
(tomcat,4213308,1226964,0.8) /usr/lib/jvm/java/bin/java -Xms256m -Xmx1024m -XX:PermSize=256m -XX:MaxPermSize=512m -Djavax.sql.DataSource.Factory=org.apache.commons.dbcp.BasicDataSourceFactory -classpath :/usr/share/tomcat6/bin/bootstrap.jar:/usr/share/tomcat6/bin/tomcat-juli.jar:/usr/share/java/commons-daemon.jar -Dcatalina.base=/usr/share/tomcat6 -Dcatalina.home=/usr/share/tomcat6 -Djava.endorsed.dirs= -Djava.io.tmpdir=/var/cache/tomcat6/temp -Djava.util.logging.config.file=/usr/share/tomcat6/conf/logging.properties -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager org.apache.catalina.startup.Bootstrap start
(root,213324,4244,0.0) /usr/bin/vmtoolsd
(postfix,2145320,2364,0.0) /usr/lib64/plesk-9.0/psa-pc-remote -p inet:12768@127.0.0.1 -P /var/run/psa-pc-remote.pid -u postfix -g popuser
(root,90328,3744,0.0) /usr/bin/VGAuthService -s --background=/var/run/vmware/vgauthsvclog_pid.txt
(root,414780,1036,0.0) php-fpm: master process (/opt/plesk/php/5.5/etc/php-fpm.conf)
(postfix,70852,2360,0.0) anvil -l -t unix -u
(amavis,365920,71956,0.1) /usr/sbin/amavisd (ch6-avail)
(dovenull,43208,3268,0.0) dovecot/imap-login
(popuser,24960,3132,0.0) dovecot/imap
(root,108312,1320,0.0) /bin/sh /usr/bin/mysqld_safe --datadir=/var/lib/mysql --socket=/var/lib/mysql/mysql.sock --pid-file=/var/run/mysqld/mysqld.pid --basedir=/usr --user=mysql
(mysql,3571528,791144,2.0) /usr/libexec/mysqld --basedir=/usr --datadir=/var/lib/mysql --plugin-dir=/usr/lib64/mysql/plugin --user=mysql --log-error=/var/log/mysqld.log --open-files-limit=8192 --pid-file=/var/run/mysqld/mysqld.pid --socket=/var/lib/mysql/mysql.sock
(root,385316,788,0.0) sw-engine-fpm: master process (/etc/sw-engine/sw-engine-fpm.conf)                                          
(root,52632,640,0.0) sw-cp-server: master process /usr/sbin/sw-cp-serverd -c /etc/sw-cp-server/config
(498,67428,5144,0.0) sw-cp-server: worker process                       
(root,129368,976,0.0) crond
(root,21104,312,0.0) /usr/sbin/atd
(mailman,216608,1416,0.0) /usr/bin/python /usr/lib/mailman/bin/mailmanctl -s -q start
(mailman,219552,8160,0.0) /usr/bin/python /usr/lib/mailman/bin/qrunner --runner=ArchRunner:0:1 -s
(mailman,216300,6064,0.0) /usr/bin/python /usr/lib/mailman/bin/qrunner --runner=BounceRunner:0:1 -s
(mailman,216236,8020,0.0) /usr/bin/python /usr/lib/mailman/bin/qrunner --runner=CommandRunner:0:1 -s
(mailman,382972,30572,0.0) /usr/bin/python /usr/lib/mailman/bin/qrunner --runner=IncomingRunner:0:1 -s
(mailman,216264,8080,0.0) /usr/bin/python /usr/lib/mailman/bin/qrunner --runner=NewsRunner:0:1 -s
(mailman,219276,10540,0.0) /usr/bin/python /usr/lib/mailman/bin/qrunner --runner=OutgoingRunner:0:1 -s
(mailman,218544,9560,0.0) /usr/bin/python /usr/lib/mailman/bin/qrunner --runner=VirginRunner:0:1 -s
(mailman,216228,8100,0.0) /usr/bin/python /usr/lib/mailman/bin/qrunner --runner=RetryRunner:0:1 -s
(root,64632,948,0.0) /usr/sbin/certmonger -S -p /var/run/certmonger.pid
(root,354968,12844,0.0) /usr/bin/sw-engine -c /usr/local/psa/admin/conf/php.ini /usr/local/psa/admin/bin/modules/watchdog/wdcollect -c /usr/local/psa/etc/modules/watchdog/wdcollect.inc.php
(root,195844,3484,0.0) /usr/local/psa/admin/bin/modules/watchdog/monit -Ic /usr/local/psa/etc/modules/watchdog/monitrc
(apache,462952,82152,0.0) /usr/sbin/httpd
(root,4060,492,0.0) /sbin/mingetty /dev/tty1
(root,4060,492,0.0) /sbin/mingetty /dev/tty2
(root,4060,492,0.0) /sbin/mingetty /dev/tty3
(root,4060,492,0.0) /sbin/mingetty /dev/tty4
(root,4060,492,0.0) /sbin/mingetty /dev/tty5
(root,4060,492,0.0) /sbin/mingetty /dev/tty6
(postfix,58488,2936,0.0) spawn -n 127.0.0.1:12346 -t inet user=popuser popuser argv=/usr/lib64/plesk-9.0/postfix-srs
(apache,458980,78164,0.0) /usr/sbin/httpd
(dovenull,43208,3096,0.0) dovecot/imap-login
(popuser,24124,2912,0.0) dovecot/imap
(dovenull,43200,3100,0.0) dovecot/imap-login
(popuser,25612,3324,0.0) dovecot/imap
(dovenull,43208,3100,0.0) dovecot/imap-login
(popuser,24452,3000,0.0) dovecot/imap
(dovenull,43212,3244,0.0) dovecot/imap-login
(popuser,23848,2692,0.0) dovecot/imap
(amavis,365968,71768,0.1) /usr/sbin/amavisd (ch4-avail)
(apache,459052,78148,0.0) /usr/sbin/httpd
(apache,460848,77980,0.0) /usr/sbin/httpd
(apache,459764,78760,0.0) /usr/sbin/httpd
(postfix,71508,4240,0.0) cleanup -z -t unix -u
(apache,458512,77660,0.0) /usr/sbin/httpd
(apache,458976,78016,0.0) /usr/sbin/httpd
(apache,458864,78028,0.0) /usr/sbin/httpd
(apache,459016,78116,0.0) /usr/sbin/httpd
(apache,458172,77352,0.0) /usr/sbin/httpd
(popuser,12268,1092,0.0) /usr/lib64/plesk-9.0/postfix-srs
(apache,458720,77900,0.0) /usr/sbin/httpd
(popuser,24588,3360,0.0) dovecot/imap
(popuser,23844,2924,0.0) dovecot/imap
(popuser,23852,2980,0.0) dovecot/imap
(popuser,48988,5776,0.0) dovecot/imap
(popuser,24284,3388,0.0) dovecot/imap
(popuser,23936,3056,0.0) dovecot/imap
(popuser,24032,3220,0.0) dovecot/imap
(popuser,26244,3504,0.0) dovecot/imap
(popuser,24164,3240,0.0) dovecot/imap
(dovenull,43204,3120,0.0) dovecot/imap-login
(popuser,26544,3400,0.0) dovecot/imap
(amavis,366428,73636,0.0) /usr/sbin/amavisd (ch13-avail)
(popuser,24188,3236,0.0) dovecot/imap
(popuser,24056,3200,0.0) dovecot/imap
(popuser,24208,3228,0.0) dovecot/imap
(dovenull,43204,4104,0.0) dovecot/imap-login
(popuser,23856,2820,0.0) dovecot/imap
(postfix,91432,5852,0.0) smtpd -n 127.0.0.1:10025 -t inet -u -c -o content_filter= -o local_recipient_maps= -o relay_recipient_maps= -o smtpd_restriction_classes= -o smtpd_delay_reject=no -o smtpd_client_restrictions=permit_mynetworks,reject -o smtpd_helo_restrictions= -o smtpd_sender_restrictions= -o smtpd_recipient_restrictions=permit_mynetworks,reject -o smtpd_data_restrictions=reject_unauth_pipelining -o smtpd_end_of_data_restrictions= -o mynetworks=127.0.0.0/8 -o smtpd_error_sleep_time=0 -o smtpd_soft_error_limit=1001 -o smtpd_hard_error_limit=1000 -o smtpd_client_connection_count_limit=0 -o smtpd_client_connection_rate_limit=0 -o receive_override_options=no_header_body_checks,no_unknown_recipient_checks
(root,281596,80208,0.0) /usr/bin/spamd --create-prefs --daemonize --helper-home-dir=/var/qmail --max-children=5 --nouser-config --username=popuser --virtual-config-dir=/var/qmail/mailnames/%d/%l/.spamassassin -r /var/run/spamd.pid
(popuser,300060,96680,0.4) spamd child
(amavis,364852,67300,0.0) /usr/sbin/amavisd (ch2-avail)
(dovenull,43104,3116,0.0) dovecot/imap-login
(popuser,27836,3404,0.0) dovecot/imap
(dovenull,43104,3112,0.0) dovecot/imap-login
(popuser,46504,3908,0.0) dovecot/imap
(dovenull,43200,3096,0.0) dovecot/imap-login
(popuser,23908,2604,0.0) dovecot/imap
(amavis,368060,76592,0.2) /usr/sbin/amavisd (ch6-avail)
(dovenull,43200,3188,0.0) dovecot/imap-login
(popuser,24476,2912,0.0) dovecot/imap
(popuser,294508,91032,0.0) spamd child
(root,228004,3416,0.0) /usr/libexec/sssd/sssd_nss --uid 0 --gid 0 --debug-to-files
(root,200276,2392,0.0) /usr/libexec/sssd/sssd_sudo --uid 0 --gid 0 --debug-to-files
(root,214556,2912,0.0) /usr/libexec/sssd/sssd_pam --uid 0 --gid 0 --debug-to-files
(dovenull,43204,4100,0.0) dovecot/imap-login
(popuser,25028,3524,0.0) dovecot/imap
(dovenull,43104,4108,0.0) dovecot/imap-login
(dovenull,43200,4104,0.0) dovecot/imap-login
(popuser,23508,2216,0.0) dovecot/imap
(popuser,23508,2220,0.0) dovecot/imap
(postfix,70748,3076,0.0) pickup -l -t fifo -u
(postfix,72020,4656,0.0) trivial-rewrite -n rewrite -t unix -u
(amavis,365992,72052,0.3) /usr/sbin/amavisd (ch4-avail)
(amavis,368536,76512,0.1) /usr/sbin/amavisd (ch3-avail)
(root,38396,3248,0.0) dovecot/auth
(postfix,70888,3032,0.0) showq -t unix -u
(postfix,94356,7492,0.0) smtpd -n smtp -t inet -u -o stress=
(amavis,375804,84492,0.0) /usr/sbin/amavisd (ch18-avail)
(postfix,58488,2932,0.0) spawn -n 127.0.0.1:12346 -t inet user=popuser popuser argv=/usr/lib64/plesk-9.0/postfix-srs
(popuser,12268,1088,0.0) /usr/lib64/plesk-9.0/postfix-srs
(postfix,58488,2896,0.0) spawn -n 127.0.0.1:12346 -t inet user=popuser popuser argv=/usr/lib64/plesk-9.0/postfix-srs
(dovenull,43208,3308,0.0) dovecot/imap-login
(popuser,26636,3868,0.0) dovecot/imap
(amavis,367164,74944,0.1) /usr/sbin/amavisd (ch14-avail)
(postfix,58488,2896,0.0) spawn -n 127.0.0.1:12346 -t inet user=popuser popuser argv=/usr/lib64/plesk-9.0/postfix-srs
(dovenull,43212,3364,0.0) dovecot/imap-login
(popuser,27140,4488,0.0) dovecot/imap
(dovenull,43200,4080,0.0) dovecot/imap-login
(popuser,23904,2992,0.0) dovecot/imap
(dovenull,43200,4080,0.0) dovecot/imap-login
(popuser,23944,3016,0.0) dovecot/imap
(dovenull,43200,4084,0.0) dovecot/imap-login
(popuser,23848,2936,0.0) dovecot/imap
(dovenull,43200,4080,0.0) dovecot/imap-login
(popuser,23936,3008,0.0) dovecot/imap
(apache,463400,82520,0.0) /usr/sbin/httpd
(apache,463308,82484,0.0) /usr/sbin/httpd
(apache,462800,82000,0.0) /usr/sbin/httpd
(apache,462080,81208,0.0) /usr/sbin/httpd
(apache,462932,82112,0.0) /usr/sbin/httpd
(popuser,23856,2944,0.0) dovecot/imap
(dovenull,43200,4080,0.0) dovecot/imap-login
(popuser,23868,2928,0.0) dovecot/imap
(dovenull,43204,4080,0.0) dovecot/imap-login
(popuser,24144,3100,0.0) dovecot/imap
(dovenull,43200,4080,0.0) dovecot/imap-login
(popuser,23864,2904,0.0) dovecot/imap
(postfix,58488,2896,0.0) spawn -n 127.0.0.1:12346 -t inet user=popuser popuser argv=/usr/lib64/plesk-9.0/postfix-srs
(postfix,72020,4664,0.0) trivial-rewrite -n rewrite -t unix -u
(popuser,23844,2828,0.0) dovecot/imap
(dovenull,43204,4080,0.0) dovecot/imap-login
(popuser,23844,2732,0.0) dovecot/imap
(dovenull,43200,4080,0.0) dovecot/imap-login
(popuser,26368,3236,0.0) dovecot/imap
(amavis,364524,66832,0.0) /usr/sbin/amavisd (ch1-avail)
(postfix,94440,7556,0.0) smtpd -n smtp -t inet -u -o stress=
(popuser,12268,1088,0.0) /usr/lib64/plesk-9.0/postfix-srs
(postfix,71384,4104,0.0) cleanup -z -t unix -u
(postfix,71388,4192,0.0) smtp -n amavisd -t unix -u -c -o smtp_data_done_timeout=1200 -o smtp_send_xforward_command=yes -o disable_dns_lookups=yes -o max_use=20
(postfix,91432,5824,0.0) smtpd -n 127.0.0.1:10025 -t inet -u -c -o content_filter= -o local_recipient_maps= -o relay_recipient_maps= -o smtpd_restriction_classes= -o smtpd_delay_reject=no -o smtpd_client_restrictions=permit_mynetworks,reject -o smtpd_helo_restrictions= -o smtpd_sender_restrictions= -o smtpd_recipient_restrictions=permit_mynetworks,reject -o smtpd_data_restrictions=reject_unauth_pipelining -o smtpd_end_of_data_restrictions= -o mynetworks=127.0.0.0/8 -o smtpd_error_sleep_time=0 -o smtpd_soft_error_limit=1001 -o smtpd_hard_error_limit=1000 -o smtpd_client_connection_count_limit=0 -o smtpd_client_connection_rate_limit=0 -o receive_override_options=no_header_body_checks,no_unknown_recipient_checks
(popuser,12268,1096,0.0) /usr/lib64/plesk-9.0/postfix-srs
(postfix,71344,4080,0.0) cleanup -z -t unix -u
(popuser,12268,1088,0.0) /usr/lib64/plesk-9.0/postfix-srs
(root,179540,14912,0.3) lfd - sleeping
(root,13668,1168,0.0) dovecot/ssl-params
(postfix,58560,3080,0.0) pipe -n plesk_virtual -t unix flags=DORhu user=popuser popuser argv=/usr/lib64/plesk-9.0/postfix-local -f ${sender} -d ${recipient} -p /var/qmail/mailnames
(dovenull,43104,3112,0.0) dovecot/imap-login
(popuser,24056,2964,0.0) dovecot/imap
(amavis,364308,35304,0.0) /usr/sbin/amavisd (virgin child)
(popuser,23920,2980,0.0) dovecot/imap
(postfix,94036,7020,0.0) smtpd -n submission -t inet -u -o stress= -o smtpd_enforce_tls=yes -o smtpd_tls_security_level=encrypt -o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions=permit_sasl_authenticated,reject -o smtpd_sender_restrictions= -o smtpd_recipient_restrictions=permit_mynetworks,permit_sasl_authenticated,reject_unauth_destination
(dovenull,43200,4080,0.0) dovecot/imap-login
(popuser,23936,3048,0.0) dovecot/imap
(dovenull,43200,4080,0.0) dovecot/imap-login
(popuser,23872,2976,0.0) dovecot/imap
(dovenull,43200,4080,0.0) dovecot/imap-login
(popuser,23944,3084,0.2) dovecot/imap
(postfix,58488,2900,0.0) spawn -n 127.0.0.1:12346 -t inet user=popuser popuser argv=/usr/lib64/plesk-9.0/postfix-srs
(popuser,12268,1092,0.0) /usr/lib64/plesk-9.0/postfix-srs
(dovenull,43208,4096,0.0) dovecot/imap-login
(popuser,23940,2892,0.0) dovecot/imap
(dovenull,43204,4080,0.0) dovecot/imap-login
(popuser,23864,2844,0.0) dovecot/imap
(dovenull,43200,4084,0.0) dovecot/imap-login
(popuser,23848,2824,0.0) dovecot/imap
(dovenull,43200,4080,0.0) dovecot/imap-login
(popuser,23840,2832,0.0) dovecot/imap
(dovenull,43204,4080,0.0) dovecot/imap-login
(popuser,23940,3016,0.0) dovecot/imap
(ffellico,0,0,0.1) [php-cgi] <defunct>
(cocori,0,0,3.2) [php-cgi] <defunct>
(postfix,71180,3960,0.0) smtp -t unix -u
(postfix,71180,3992,0.0) smtp -t unix -u
(postfix,71180,3996,0.0) smtp -t unix -u
(postfix,71180,3996,0.0) smtp -t unix -u
(postfix,70796,3072,0.0) bounce -z -n defer -t unix -u
(postfix,70796,3072,0.0) bounce -z -n defer -t unix -u
(cinofili,467220,135620,21.2) /opt/plesk/php/5.6/bin/php-cgi -c /var/www/vhosts/system/cinofiliagentile.it/etc/php.ini
(root,196148,2824,0.0) CROND
(root,106076,1420,0.0) /bin/bash /usr/bin/run-parts /etc/cron.hourly
(root,106076,1396,0.0) /bin/bash /etc/cron.hourly/asl
(root,105960,944,0.0) awk -v progname=/etc/cron.hourly/asl progname {?????   print progname ":\n"?????   progname="";????       }????       { print; }
(root,100920,620,0.0) sleep 192
(postfix,59168,3960,0.0) local -t unix
(postfix,70796,3124,0.0) bounce -z -t unix -u
(dovenull,43200,4080,0.1) dovecot/imap-login
(popuser,23872,3008,0.0) dovecot/imap
(france12,212156,20636,0.9) /usr/bin/php-cgi -c /var/www/vhosts/system/francescomele.com/etc/php.ini
(cinofili,447076,114180,33.8) /opt/plesk/php/5.6/bin/php-cgi -c /var/www/vhosts/system/cinofiliagentile.it/etc/php.ini
(root,110248,1588,0.2) /bin/bash /usr/bin/check_mk_agent
(root,110248,764,0.0) /bin/bash /usr/bin/check_mk_agent
(root,110248,652,0.0) /bin/bash /usr/bin/check_mk_agent
(root,830756,7012,1.5) python /usr/lib64/nagios/plugins/check_blacklist -w 1 -c 3 -h server.serverlinuxxte.com
(postfix,58488,2932,0.0) spawn -n 127.0.0.1:12346 -t inet user=popuser popuser argv=/usr/lib64/plesk-9.0/postfix-srs
(root,110248,1532,0.0) /bin/bash /usr/bin/check_mk_agent
(root,3872,1468,0.0) plesk bin extension --exec revisium-antivirus ra_executor.php
(psaadm,282020,44884,0.0) /usr/bin/sw-engine -c /usr/local/psa/admin/conf/php.ini /usr/local/psa/bin/extension --exec revisium-antivirus ra_executor.php
(root,13364,1032,0.0) ps ax -o user,vsz,rss,pcpu,command --columns 10000
(root,8388,840,0.0) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4) /
(psaadm,11300,1296,0.0) sh -c '/usr/local/psa/admin/bin/php' -dauto_prepend_file=sdk.php '/usr/local/psa/admin/plib/modules/revisium-antivirus/scripts/ra_executor.php' 2>&1
(psaadm,264968,40744,0.0) /usr/bin/sw-engine -c /usr/local/psa/admin/conf/php.ini -dauto_prepend_file=sdk.php /usr/local/psa/admin/plib/modules/revisium-antivirus/scripts/ra_executor.php
(dovenull,43200,3284,0.0) dovecot/imap-login
(popuser,25600,3208,0.0) dovecot/imap
(apache,467768,86688,0.0) /usr/sbin/httpd
(dovenull,43104,3380,0.0) dovecot/imap-login
(popuser,26776,3712,0.0) dovecot/imap
(apache,458280,77372,0.0) /usr/sbin/httpd
(dovenull,43212,3224,0.0) dovecot/imap-login
(popuser,23864,2688,0.0) dovecot/imap
(postfix,58488,2932,0.0) spawn -n 127.0.0.1:12346 -t inet user=popuser popuser argv=/usr/lib64/plesk-9.0/postfix-srs
(apache,459384,78492,0.0) /usr/sbin/httpd
(postfix,94400,7556,0.0) smtpd -n smtp -t inet -u -o stress=
(dovenull,43212,4112,0.0) dovecot/imap-login
(popuser,23908,2876,0.0) dovecot/imap
(dovenull,43200,4080,0.0) dovecot/imap-login
(dovenull,43204,4080,0.0) dovecot/imap-login
(popuser,23852,2956,0.0) dovecot/imap
(popuser,23856,2688,0.0) dovecot/imap
(postfix,58488,2932,0.0) spawn -n 127.0.0.1:12346 -t inet user=popuser popuser argv=/usr/lib64/plesk-9.0/postfix-srs
(popuser,12268,1092,0.0) /usr/lib64/plesk-9.0/postfix-srs
(postfix,94352,7548,0.0) smtpd -n smtp -t inet -u -o stress=
      Found on 2022-12-09 21:01

    • Severity: high
      Fingerprint: 03cb82e6f6a6b45342c4bbcbd51b336f6083b8906ad374733d13f17afa418aaf

      Found public CheckMk agent:
Version: 1.2.4p1
AgentOS: linux
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
SpoolDirectory: /etc/check_mk/spool
AgentDirectory: /etc/check_mk
OnlyFrom: 

Found process list through CheckMk:
(root,33668,732,0.0) /sbin/init
(root,0,0,0.0) [kthreadd]
(root,0,0,0.0) [migration/0]
(root,0,0,0.0) [ksoftirqd/0]
(root,0,0,0.0) [stopper/0]
(root,0,0,0.0) [watchdog/0]
(root,0,0,0.0) [migration/1]
(root,0,0,0.0) [stopper/1]
(root,0,0,0.0) [ksoftirqd/1]
(root,0,0,0.0) [watchdog/1]
(root,0,0,0.0) [migration/2]
(root,0,0,0.0) [stopper/2]
(root,0,0,0.0) [ksoftirqd/2]
(root,0,0,0.0) [watchdog/2]
(root,0,0,0.0) [migration/3]
(root,0,0,0.0) [stopper/3]
(root,0,0,0.0) [ksoftirqd/3]
(root,0,0,0.0) [watchdog/3]
(root,0,0,0.0) [events/0]
(root,0,0,0.0) [events/1]
(root,0,0,0.0) [events/2]
(root,0,0,0.0) [events/3]
(root,0,0,0.0) [events/0]
(root,0,0,0.0) [events/1]
(root,0,0,0.0) [events/2]
(root,0,0,0.0) [events/3]
(root,0,0,0.0) [events_long/0]
(root,0,0,0.0) [events_long/1]
(root,0,0,0.0) [events_long/2]
(root,0,0,0.0) [events_long/3]
(root,0,0,0.0) [events_power_ef]
(root,0,0,0.0) [events_power_ef]
(root,0,0,0.0) [events_power_ef]
(root,0,0,0.0) [events_power_ef]
(root,0,0,0.0) [cgroup]
(root,0,0,0.0) [khelper]
(root,0,0,0.0) [netns]
(root,0,0,0.0) [async/mgr]
(root,0,0,0.0) [pm]
(root,0,0,0.0) [sync_supers]
(root,0,0,0.0) [bdi-default]
(root,0,0,0.0) [kintegrityd/0]
(root,0,0,0.0) [kintegrityd/1]
(root,0,0,0.0) [kintegrityd/2]
(root,0,0,0.0) [kintegrityd/3]
(root,0,0,0.0) [kblockd/0]
(root,0,0,0.0) [kblockd/1]
(root,0,0,0.0) [kblockd/2]
(root,0,0,0.0) [kblockd/3]
(root,0,0,0.0) [kacpid]
(root,0,0,0.0) [kacpi_notify]
(root,0,0,0.0) [kacpi_hotplug]
(root,0,0,0.0) [ata_aux]
(root,0,0,0.0) [ata_sff/0]
(root,0,0,0.0) [ata_sff/1]
(root,0,0,0.0) [ata_sff/2]
(root,0,0,0.0) [ata_sff/3]
(root,0,0,0.0) [ksuspend_usbd]
(root,0,0,0.0) [khubd]
(root,0,0,0.0) [kseriod]
(root,0,0,0.0) [md/0]
(root,0,0,0.0) [md/1]
(root,0,0,0.0) [md/2]
(root,0,0,0.0) [md/3]
(root,0,0,0.0) [md_misc/0]
(root,0,0,0.0) [md_misc/1]
(root,0,0,0.0) [md_misc/2]
(root,0,0,0.0) [md_misc/3]
(root,0,0,0.0) [linkwatch]
(root,0,0,0.0) [khungtaskd]
(root,0,0,0.0) [lru-add-drain/0]
(root,0,0,0.0) [lru-add-drain/1]
(root,0,0,0.0) [lru-add-drain/2]
(root,0,0,0.0) [lru-add-drain/3]
(root,0,0,0.0) [kswapd0]
(root,0,0,0.0) [ksmd]
(root,0,0,0.0) [khugepaged]
(root,0,0,0.0) [aio/0]
(root,0,0,0.0) [aio/1]
(root,0,0,0.0) [aio/2]
(root,0,0,0.0) [aio/3]
(root,0,0,0.0) [crypto/0]
(root,0,0,0.0) [crypto/1]
(root,0,0,0.0) [crypto/2]
(root,0,0,0.0) [crypto/3]
(root,0,0,0.0) [kthrotld/0]
(root,0,0,0.0) [kthrotld/1]
(root,0,0,0.0) [kthrotld/2]
(root,0,0,0.0) [kthrotld/3]
(root,0,0,0.0) [pciehpd]
(root,0,0,0.0) [kpsmoused]
(root,0,0,0.0) [usbhid_resumer]
(root,0,0,0.0) [deferwq]
(root,0,0,0.0) [kdmremove]
(root,0,0,0.0) [kstriped]
(root,0,0,0.0) [ttm_swap]
(root,0,0,0.0) [scsi_eh_0]
(root,0,0,0.0) [scsi_eh_1]
(root,0,0,0.0) [mpt_poll_0]
(root,0,0,0.0) [mpt/0]
(root,0,0,0.0) [scsi_eh_2]
(root,0,0,0.0) [kdmflush]
(root,0,0,0.0) [kdmflush]
(root,0,0,0.0) [jbd2/dm-0-8]
(root,0,0,0.0) [ext4-dio-unwrit]
(root,11000,204,0.0) /sbin/udevd -d
(popuser,303528,100232,1.9) spamd child
(popuser,296332,92940,0.6) spamd child
(root,0,0,0.0) [vmmemctl]
(root,0,0,0.0) [jbd2/sda1-8]
(root,0,0,0.0) [ext4-dio-unwrit]
(root,0,0,0.0) [flush-253:0]
(root,0,0,0.0) [kauditd]
(root,29764,500,0.0) auditd
(root,411720,5768,0.0) /sbin/rsyslogd -i /var/run/syslogd.pid -c 5
(rpc,19048,448,0.0) rpcbind
(root,223768,720,0.0) /usr/sbin/sssd -f -D
(root,283928,3400,0.0) /usr/libexec/sssd/sssd_be --domain armada.it --uid 0 --gid 0 --debug-to-files
(root,228740,2688,0.0) /usr/libexec/sssd/sssd_nss --uid 0 --gid 0 --debug-to-files
(root,200296,1228,0.0) /usr/libexec/sssd/sssd_sudo --uid 0 --gid 0 --debug-to-files
(root,214560,1684,0.0) /usr/libexec/sssd/sssd_pam --uid 0 --gid 0 --debug-to-files
(root,207940,1104,0.0) /usr/libexec/sssd/sssd_ssh --uid 0 --gid 0 --debug-to-files
(root,225500,588,0.0) /usr/libexec/sssd/sssd_pac --uid 0 --gid 0 --debug-to-files
(rpcuser,25432,160,0.0) rpc.statd
(dbus,33676,140,0.0) dbus-daemon --system
(10160,14632,120,0.0) magicspam-rate-limiter                                         
(10160,14636,124,0.0) /usr/local/psa/admin/sbin/modules/magicspampro/magicspam-daemon
(10160,803276,424,0.0) /usr/local/psa/admin/sbin/modules/magicspampro/magicspam-milter -p inet:12345@127.0.0.1
(root,10996,220,0.0) /sbin/udevd -d
(root,466832,564,0.0) automount --pid-file /var/run/autofs.pid
(root,200420,1304,0.0) /usr/sbin/snmpd -LS0-6d -Lf /dev/null -p /var/run/snmpd.pid
(root,66288,360,0.0) /usr/sbin/sshd
(root,21712,484,0.0) xinetd -stayalive -pidfile /var/run/xinetd.pid
(ntp,42984,836,0.0) ntpd -x -u ntp:ntp -p /var/run/ntpd.pid
(nagios,53712,192,0.0) nrpe -c /etc/nagios/nrpe.cfg -d
(root,213324,1620,0.0) /usr/bin/vmtoolsd
(root,90328,232,0.0) /usr/bin/VGAuthService -s --background=/var/run/vmware/vgauthsvclog_pid.txt
(postfix,94400,7612,0.0) smtpd -n smtp -t inet -u -o stress=
(postfix,58488,2928,0.0) spawn -n 127.0.0.1:12346 -t inet user=popuser popuser argv=/usr/lib64/plesk-9.0/postfix-srs
(popuser,12268,1092,0.0) /usr/lib64/plesk-9.0/postfix-srs
(dovenull,43104,3112,0.0) dovecot/imap-login
(popuser,24080,3020,0.0) dovecot/imap
(dovenull,43204,2996,0.0) dovecot/imap-login
(popuser,24376,2612,0.0) dovecot/imap
(root,108312,380,0.0) /bin/sh /usr/bin/mysqld_safe --datadir=/var/lib/mysql --socket=/var/lib/mysql/mysql.sock --pid-file=/var/run/mysqld/mysqld.pid --basedir=/usr --user=mysql
(root,385372,372,0.0) sw-engine-fpm: master process (/etc/sw-engine/sw-engine-fpm.conf)                                          
(root,21104,132,0.0) /usr/sbin/atd
(dovenull,43104,4108,0.0) dovecot/imap-login
(popuser,24184,3196,0.0) dovecot/imap
(root,271720,2240,0.0) /usr/local/psa/admin/bin/modules/watchdog/monit -Ic /usr/local/psa/etc/modules/watchdog/monitrc
(root,4060,104,0.0) /sbin/mingetty /dev/tty1
(root,4060,104,0.0) /sbin/mingetty /dev/tty2
(root,4060,104,0.0) /sbin/mingetty /dev/tty3
(root,4060,104,0.0) /sbin/mingetty /dev/tty4
(root,4060,104,0.0) /sbin/mingetty /dev/tty5
(root,4060,104,0.0) /sbin/mingetty /dev/tty6
(mysql,3634408,968980,1.8) /usr/libexec/mysqld --basedir=/usr --datadir=/var/lib/mysql --plugin-dir=/usr/lib64/mysql/plugin --user=mysql --log-error=/var/log/mysqld.log --open-files-limit=8192 --pid-file=/var/run/mysqld/mysqld.pid --socket=/var/lib/mysql/mysql.sock
(amavis,368896,74688,0.1) /usr/sbin/amavisd (ch7-avail)
(root,20104,764,0.0) /usr/sbin/dovecot
(dovecot,13800,652,0.0) dovecot/anvil
(postfix,2145212,1892,0.0) /usr/lib64/plesk-9.0/psa-pc-remote -p inet:12768@127.0.0.1 -P /var/run/psa-pc-remote.pid -u postfix -g popuser
(dovenull,43212,2992,0.0) dovecot/imap-login
(popuser,29068,5720,0.0) dovecot/imap
(amavis,371736,80536,0.2) /usr/sbin/amavisd (ch8-avail)
(dovenull,43200,3108,0.0) dovecot/imap-login
(popuser,24148,3032,0.0) dovecot/imap
(amavis,377708,85548,0.2) /usr/sbin/amavisd (ch10-avail)
(root,52632,396,0.0) sw-cp-server: master process /usr/sbin/sw-cp-serverd -c /etc/sw-cp-server/config
(498,68536,3820,0.0) sw-cp-server: worker process                       
(root,281328,79984,0.0) /usr/bin/spamd --create-prefs --daemonize --helper-home-dir=/var/qmail --max-children=5 --nouser-config --username=popuser --virtual-config-dir=/var/qmail/mailnames/%d/%l/.spamassassin -r /var/run/spamd.pid
(apache,461792,80440,0.0) /usr/sbin/httpd
(apache,461464,80216,0.1) /usr/sbin/httpd
(apache,460308,79144,0.0) /usr/sbin/httpd
(apache,460612,78908,0.0) /usr/sbin/httpd
(apache,460932,79656,0.0) /usr/sbin/httpd
(root,60608,1004,0.0) /usr/libexec/postfix/master -w
(postfix,71332,2360,0.1) qmgr -l -t fifo -u
(postfix,70860,1796,0.0) tlsmgr -l -t unix -u
(postfix,70848,1716,0.0) anvil -l -t unix -u
(root,10996,220,0.0) /sbin/udevd -d
(root,0,0,0.0) [bluetooth]
(dovenull,43200,4100,0.0) dovecot/imap-login
(popuser,25332,3180,0.0) dovecot/imap
(postfix,70888,3044,0.0) showq -t unix -u
(dovenull,43212,2996,0.0) dovecot/imap-login
(popuser,26772,4348,0.0) dovecot/imap
(amavis,372664,80776,0.2) /usr/sbin/amavisd (ch9-avail)
(apache,463072,81904,0.1) /usr/sbin/httpd
(apache,463140,81932,0.0) /usr/sbin/httpd
(apache,462980,81784,0.0) /usr/sbin/httpd
(dovenull,43104,3120,0.0) dovecot/imap-login
(popuser,45296,3932,0.0) dovecot/imap
(dovenull,43204,2980,0.0) dovecot/imap-login
(popuser,24304,2804,0.0) dovecot/imap
(dovenull,43200,3116,0.0) dovecot/imap-login
(dovenull,43200,3104,0.0) dovecot/imap-login
(popuser,25564,3352,0.0) dovecot/imap
(popuser,25704,3404,0.0) dovecot/imap
(dovenull,43212,1388,0.0) dovecot/imap-login
(root,14048,800,0.0) dovecot/log
(root,24068,2404,0.0) dovecot/config
(popuser,25020,3052,0.0) dovecot/imap
(apache,462300,81056,0.1) /usr/sbin/httpd
(apache,463304,81840,0.0) /usr/sbin/httpd
(apache,463228,81560,0.0) /usr/sbin/httpd
(apache,462996,81788,0.0) /usr/sbin/httpd
(apache,462780,81152,0.0) /usr/sbin/httpd
(apache,462392,81196,0.0) /usr/sbin/httpd
(dovenull,43200,3376,0.0) dovecot/imap-login
(popuser,23904,2552,0.0) dovecot/imap
(dovenull,43204,1968,0.0) dovecot/imap-login
(popuser,25436,3332,0.0) dovecot/imap
(dovenull,43208,3408,0.0) dovecot/imap-login
(popuser,24016,2552,0.0) dovecot/imap
(dovenull,43104,3116,0.0) dovecot/imap-login
(popuser,24216,2960,0.0) dovecot/imap
(postfix,94368,7576,0.0) smtpd -n smtp -t inet -u -o stress=
(postfix,58488,2932,0.0) spawn -n 127.0.0.1:12346 -t inet user=popuser popuser argv=/usr/lib64/plesk-9.0/postfix-srs
(popuser,12268,1088,0.0) /usr/lib64/plesk-9.0/postfix-srs
(postfix,70748,3072,0.0) pickup -l -t fifo -u
(dovenull,43208,3448,0.0) dovecot/imap-login
(popuser,24428,2944,0.0) dovecot/imap
(root,129372,1240,0.0) crond
(amavis,375024,83348,0.4) /usr/sbin/amavisd (ch8-avail)
(root,1479472,1087496,0.1) clamd
(dovenull,43200,4080,0.0) dovecot/imap-login
(popuser,24152,3156,0.0) dovecot/imap
(dovenull,43104,3112,0.0) dovecot/imap-login
(popuser,27948,3728,0.0) dovecot/imap
(mailman,216600,1568,0.0) /usr/bin/python /usr/lib/mailman/bin/mailmanctl -s -q start
(mailman,267872,7504,0.0) /usr/bin/python /usr/lib/mailman/bin/qrunner --runner=ArchRunner:0:1 -s
(mailman,218592,1484,0.0) /usr/bin/python /usr/lib/mailman/bin/qrunner --runner=BounceRunner:0:1 -s
(mailman,216248,3256,0.0) /usr/bin/python /usr/lib/mailman/bin/qrunner --runner=CommandRunner:0:1 -s
(mailman,368208,63324,0.0) /usr/bin/python /usr/lib/mailman/bin/qrunner --runner=IncomingRunner:0:1 -s
(mailman,216260,1324,0.0) /usr/bin/python /usr/lib/mailman/bin/qrunner --runner=NewsRunner:0:1 -s
(mailman,252180,13152,0.0) /usr/bin/python /usr/lib/mailman/bin/qrunner --runner=OutgoingRunner:0:1 -s
(mailman,235836,9340,0.0) /usr/bin/python /usr/lib/mailman/bin/qrunner --runner=VirginRunner:0:1 -s
(mailman,216240,1304,0.0) /usr/bin/python /usr/lib/mailman/bin/qrunner --runner=RetryRunner:0:1 -s
(dovenull,43104,4112,0.0) dovecot/imap-login
(popuser,24112,3192,0.0) dovecot/imap
(popuser,24424,3536,0.0) dovecot/imap
(postfix,58488,2936,0.0) spawn -n 127.0.0.1:12346 -t inet user=popuser popuser argv=/usr/lib64/plesk-9.0/postfix-srs
(named,259808,12780,0.0) /usr/sbin/named -u named -c /etc/named.conf -u named -n 2 -t /var/named/chroot
(postfix,58488,2900,0.0) spawn -n 127.0.0.1:12346 -t inet user=popuser popuser argv=/usr/lib64/plesk-9.0/postfix-srs
(dovenull,43104,4108,0.0) dovecot/imap-login
(popuser,24020,2932,0.0) dovecot/imap
(root,5280,952,0.0) plesk bin extension --exec revisium-antivirus ra_executor.php
(psaadm,280696,43448,0.0) /usr/bin/sw-engine -c /usr/local/psa/admin/conf/php.ini /usr/local/psa/bin/extension --exec revisium-antivirus ra_executor.php
(psaadm,11300,1296,0.0) sh -c '/usr/local/psa/admin/bin/php' -dauto_prepend_file=sdk.php '/usr/local/psa/admin/plib/modules/revisium-antivirus/scripts/ra_executor.php' 2>&1
(psaadm,263580,39220,0.0) /usr/bin/sw-engine -c /usr/local/psa/admin/conf/php.ini -dauto_prepend_file=sdk.php /usr/local/psa/admin/plib/modules/revisium-antivirus/scripts/ra_executor.php
(postfix,94372,7580,0.0) smtpd -n smtp -t inet -u -o stress=
(postfix,58488,2932,0.0) spawn -n 127.0.0.1:12346 -t inet user=popuser popuser argv=/usr/lib64/plesk-9.0/postfix-srs
(popuser,12268,1096,0.0) /usr/lib64/plesk-9.0/postfix-srs
(popuser,23984,2872,0.0) dovecot/imap
(popuser,28024,3724,0.0) dovecot/imap
(dovenull,43200,4100,0.0) dovecot/imap-login
(popuser,25412,3572,0.0) dovecot/imap
(postfix,94280,7420,0.0) smtpd -n smtps -t inet -u -o stress= -o smtpd_tls_wrappermode=yes
(popuser,12268,1088,0.0) /usr/lib64/plesk-9.0/postfix-srs
(amavis,364904,13452,0.0) /usr/sbin/amavisd (virgin child)
(amavis,363680,7952,0.0) /usr/sbin/amavisd (master)
(dovenull,43200,4084,0.0) dovecot/imap-login
(popuser,23872,2980,0.0) dovecot/imap
(dovenull,43212,1984,0.0) dovecot/imap-login
(popuser,24036,2048,0.0) dovecot/imap
(amavis,364904,13608,0.0) /usr/sbin/amavisd (virgin child)
(dovenull,43104,4112,0.0) dovecot/imap-login
(dovenull,43104,4108,0.0) dovecot/imap-login
(dovenull,43104,4108,0.0) dovecot/imap-login
(popuser,23508,2216,0.0) dovecot/imap
(popuser,23508,2220,0.0) dovecot/imap
(popuser,23508,2216,0.0) dovecot/imap
(dovenull,43200,4080,0.0) dovecot/imap-login
(popuser,25608,3416,0.0) dovecot/imap
(dovenull,43200,4080,0.0) dovecot/imap-login
(popuser,23852,2828,0.0) dovecot/imap
(dovenull,43208,4088,0.0) dovecot/imap-login
(popuser,23852,2836,0.0) dovecot/imap
(dovenull,43200,4084,0.0) dovecot/imap-login
(popuser,23880,2876,0.0) dovecot/imap
(dovenull,43200,4084,0.0) dovecot/imap-login
(popuser,23852,2796,0.0) dovecot/imap
(postfix,72024,4644,0.0) trivial-rewrite -n rewrite -t unix -u
(amavis,370544,80608,0.3) /usr/sbin/amavisd (ch19-avail)
(dovenull,43200,4096,0.0) dovecot/imap-login
(popuser,23852,2676,0.0) dovecot/imap
(postfix,71296,4032,0.0) cleanup -z -t unix -u
(postfix,71388,4132,0.0) smtp -n amavisd -t unix -u -c -o smtp_data_done_timeout=1200 -o smtp_send_xforward_command=yes -o disable_dns_lookups=yes -o max_use=20
(popuser,12268,1092,0.0) /usr/lib64/plesk-9.0/postfix-srs
(dovenull,43104,4112,0.0) dovecot/imap-login
(dovenull,43104,4112,0.0) dovecot/imap-login
(dovenull,43104,4108,0.0) dovecot/imap-login
(dovenull,43104,4108,0.0) dovecot/imap-login
(popuser,24300,3336,0.0) dovecot/imap
(popuser,23960,3000,0.0) dovecot/imap
(popuser,24208,3256,0.0) dovecot/imap
(popuser,25096,4184,0.0) dovecot/imap
(dovenull,43104,4108,0.0) dovecot/imap-login
(dovenull,43104,4108,0.0) dovecot/imap-login
(dovenull,43104,4112,0.1) dovecot/imap-login
(dovenull,43104,4108,0.0) dovecot/imap-login
(popuser,24088,3076,0.0) dovecot/imap
(popuser,23836,2868,0.0) dovecot/imap
(popuser,24288,3420,0.0) dovecot/imap
(popuser,23848,2884,0.0) dovecot/imap
(popuser,23876,2920,0.0) dovecot/imap
(dovenull,43200,4104,0.0) dovecot/imap-login
(popuser,23624,2320,0.0) dovecot/imap
(root,178672,26004,0.5) lfd - sleeping
(root,438388,74484,0.0) /usr/sbin/httpd
(postfix,91432,5808,0.0) smtpd -n 127.0.0.1:10025 -t inet -u -c -o content_filter= -o local_recipient_maps= -o relay_recipient_maps= -o smtpd_restriction_classes= -o smtpd_delay_reject=no -o smtpd_client_restrictions=permit_mynetworks,reject -o smtpd_helo_restrictions= -o smtpd_sender_restrictions= -o smtpd_recipient_restrictions=permit_mynetworks,reject -o smtpd_data_restrictions=reject_unauth_pipelining -o smtpd_end_of_data_restrictions= -o mynetworks=127.0.0.0/8 -o smtpd_error_sleep_time=0 -o smtpd_soft_error_limit=1001 -o smtpd_hard_error_limit=1000 -o smtpd_client_connection_count_limit=0 -o smtpd_client_connection_rate_limit=0 -o receive_override_options=no_header_body_checks,no_unknown_recipient_checks
(popuser,24156,3212,0.0) dovecot/imap
(popuser,23856,2748,0.0) dovecot/imap
(apache,344008,60176,0.0) /usr/sbin/httpd
(apache,463524,82544,0.1) /usr/sbin/httpd
(apache,462548,81424,0.0) /usr/sbin/httpd
(popuser,23848,2668,0.0) dovecot/imap
(dovenull,43212,3000,0.0) dovecot/imap-login
(apache,462220,80984,0.0) /usr/sbin/httpd
(apache,461956,80688,0.1) /usr/sbin/httpd
(root,38444,3096,0.0) dovecot/auth
(popuser,24052,2524,0.0) dovecot/imap
(dovenull,43204,944,0.0) dovecot/imap-login
(popuser,24136,1080,0.0) dovecot/imap
(amavis,364904,13456,0.0) /usr/sbin/amavisd (virgin child)
(postfix,94336,7292,0.0) smtpd -n smtps -t inet -u -o stress= -o smtpd_tls_wrappermode=yes
(postfix,70720,3008,0.0) proxymap -t unix -u
(dovenull,43200,4080,0.0) dovecot/imap-login
(popuser,23880,2856,0.0) dovecot/imap
(postfix,91436,5812,0.0) smtpd -n 127.0.0.1:10025 -t inet -u -c -o content_filter= -o local_recipient_maps= -o relay_recipient_maps= -o smtpd_restriction_classes= -o smtpd_delay_reject=no -o smtpd_client_restrictions=permit_mynetworks,reject -o smtpd_helo_restrictions= -o smtpd_sender_restrictions= -o smtpd_recipient_restrictions=permit_mynetworks,reject -o smtpd_data_restrictions=reject_unauth_pipelining -o smtpd_end_of_data_restrictions= -o mynetworks=127.0.0.0/8 -o smtpd_error_sleep_time=0 -o smtpd_soft_error_limit=1001 -o smtpd_hard_error_limit=1000 -o smtpd_client_connection_count_limit=0 -o smtpd_client_connection_rate_limit=0 -o receive_override_options=no_header_body_checks,no_unknown_recipient_checks
(postfix,58560,3080,0.0) pipe -n plesk_virtual -t unix flags=DORhu user=popuser popuser argv=/usr/lib64/plesk-9.0/postfix-local -f ${sender} -d ${recipient} -p /var/qmail/mailnames
(root,115104,4900,0.0) sshd: root [priv]
(sshd,67632,1684,0.0) sshd: root [net] 
(root,13668,1164,0.0) dovecot/ssl-params
(postfix,94300,6948,0.1) smtpd -n smtp -t inet -u -o stress=
(postfix,93888,6252,0.0) smtpd -n submission -t inet -u -o stress= -o smtpd_enforce_tls=yes -o smtpd_tls_security_level=encrypt -o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions=permit_sasl_authenticated,reject -o smtpd_sender_restrictions= -o smtpd_recipient_restrictions=permit_mynetworks,permit_sasl_authenticated,reject_unauth_destination
(barbara1,0,0,1.6) [php-cgi] <defunct>
(fimppro,489292,113364,42.5) /opt/plesk/php/7.2/bin/php-cgi -c /var/www/vhosts/system/fimp.pro/etc/php.ini
(cocori,0,0,1.6) [php-cgi] <defunct>
(postfix,58488,2896,0.0) spawn -n 127.0.0.1:12346 -t inet user=popuser popuser argv=/usr/lib64/plesk-9.0/postfix-srs
(popuser,12268,1088,0.0) /usr/lib64/plesk-9.0/postfix-srs
(dovenull,43192,4064,0.1) dovecot/pop3-login
(popuser,19520,2696,0.0) dovecot/pop3
(gfnatura,308428,19984,4.9) /usr/bin/php-cgi -c /var/www/vhosts/system/gfnaturale.it/etc/php.ini
(10155,476732,97928,25.2) /opt/plesk/php/7.2/bin/php-cgi -c /var/www/vhosts/system/dorispalmisano.com/etc/php.ini
(musicpar,490452,88584,36.3) /opt/plesk/php/7.2/bin/php-cgi -c /var/www/vhosts/system/musicparty.it/etc/php.ini
(10141,243424,41276,15.1) /usr/bin/php-cgi -c /var/www/vhosts/system/bellavista-hotel.net/etc/php.ini
(popuser,24120,2964,0.0) dovecot/imap
(root,110248,1584,0.3) /bin/bash /usr/bin/check_mk_agent
(root,110248,760,0.0) /bin/bash /usr/bin/check_mk_agent
(root,110248,648,0.0) /bin/bash /usr/bin/check_mk_agent
(root,830760,7020,1.4) python /usr/lib64/nagios/plugins/check_blacklist -w 1 -c 3 -h server.serverlinuxxte.com
(postfix,43696,2788,0.0) plesk_saslauthd -l -t unix -u status=5 listen=6 dbpath=/var/spool/postfix/plesk/passwd.db
(postfix,93892,6228,0.6) smtpd -n submission -t inet -u -o stress= -o smtpd_enforce_tls=yes -o smtpd_tls_security_level=encrypt -o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions=permit_sasl_authenticated,reject -o smtpd_sender_restrictions= -o smtpd_recipient_restrictions=permit_mynetworks,permit_sasl_authenticated,reject_unauth_destination
(dovenull,43200,4088,4.0) dovecot/imap-login
(root,110248,1536,0.0) /bin/bash /usr/bin/check_mk_agent
(popuser,23624,2300,0.0) dovecot/imap
(root,13360,1028,5.0) ps ax -o user,vsz,rss,pcpu,command --columns 10000
(root,8388,844,0.0) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4) /
(amavis,376052,85792,0.2) /usr/sbin/amavisd (ch17-avail)
(apache,463384,82224,0.0) /usr/sbin/httpd
(apache,462100,80960,0.1) /usr/sbin/httpd
(popuser,32372,5552,0.0) dovecot/imap
(dovenull,43204,3040,0.0) dovecot/imap-login
(popuser,26000,3564,0.0) dovecot/imap
(amavis,377056,86184,0.3) /usr/sbin/amavisd (ch14-avail)
(popuser,23836,2660,0.0) dovecot/imap
(popuser,23856,2668,0.0) dovecot/imap
(popuser,24116,3180,0.0) dovecot/imap
(tomcat,4188956,1259336,1.2) /usr/lib/jvm/java/bin/java -Xms256m -Xmx1024m -XX:PermSize=256m -XX:MaxPermSize=512m -Djavax.sql.DataSource.Factory=org.apache.commons.dbcp.BasicDataSourceFactory -classpath :/usr/share/tomcat6/bin/bootstrap.jar:/usr/share/tomcat6/bin/tomcat-juli.jar:/usr/share/java/commons-daemon.jar -Dcatalina.base=/usr/share/tomcat6 -Dcatalina.home=/usr/share/tomcat6 -Djava.endorsed.dirs= -Djava.io.tmpdir=/var/cache/tomcat6/temp -Djava.util.logging.config.file=/usr/share/tomcat6/conf/logging.properties -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager org.apache.catalina.startup.Bootstrap start
(dovenull,43204,4080,0.0) dovecot/imap-login
(popuser,23844,2832,0.0) dovecot/imap
(root,414780,840,0.0) php-fpm: master process (/opt/plesk/php/5.5/etc/php-fpm.conf)
(amavis,377896,87660,0.3) /usr/sbin/amavisd (ch14-avail)
      Found on 2022-11-18 12:09

    • Severity: high
      Fingerprint: 03cb82e6f6a6b45342c4bbcbd51b336f6083b8906ad374733d13f17a5a4fc8d1

      Found public CheckMk agent:
Version: 1.2.4p1
AgentOS: linux
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
SpoolDirectory: /etc/check_mk/spool
AgentDirectory: /etc/check_mk
OnlyFrom: 

Found process list through CheckMk:
(root,33668,732,0.0) /sbin/init
(root,0,0,0.0) [kthreadd]
(root,0,0,0.0) [migration/0]
(root,0,0,0.0) [ksoftirqd/0]
(root,0,0,0.0) [stopper/0]
(root,0,0,0.0) [watchdog/0]
(root,0,0,0.0) [migration/1]
(root,0,0,0.0) [stopper/1]
(root,0,0,0.0) [ksoftirqd/1]
(root,0,0,0.0) [watchdog/1]
(root,0,0,0.0) [migration/2]
(root,0,0,0.0) [stopper/2]
(root,0,0,0.0) [ksoftirqd/2]
(root,0,0,0.0) [watchdog/2]
(root,0,0,0.0) [migration/3]
(root,0,0,0.0) [stopper/3]
(root,0,0,0.0) [ksoftirqd/3]
(root,0,0,0.0) [watchdog/3]
(root,0,0,0.0) [events/0]
(root,0,0,0.0) [events/1]
(root,0,0,0.0) [events/2]
(root,0,0,0.0) [events/3]
(root,0,0,0.0) [events/0]
(root,0,0,0.0) [events/1]
(root,0,0,0.0) [events/2]
(root,0,0,0.0) [events/3]
(root,0,0,0.0) [events_long/0]
(root,0,0,0.0) [events_long/1]
(root,0,0,0.0) [events_long/2]
(root,0,0,0.0) [events_long/3]
(root,0,0,0.0) [events_power_ef]
(root,0,0,0.0) [events_power_ef]
(root,0,0,0.0) [events_power_ef]
(root,0,0,0.0) [events_power_ef]
(root,0,0,0.0) [cgroup]
(root,0,0,0.0) [khelper]
(root,0,0,0.0) [netns]
(root,0,0,0.0) [async/mgr]
(root,0,0,0.0) [pm]
(root,0,0,0.0) [sync_supers]
(root,0,0,0.0) [bdi-default]
(root,0,0,0.0) [kintegrityd/0]
(root,0,0,0.0) [kintegrityd/1]
(root,0,0,0.0) [kintegrityd/2]
(root,0,0,0.0) [kintegrityd/3]
(root,0,0,0.0) [kblockd/0]
(root,0,0,0.0) [kblockd/1]
(root,0,0,0.0) [kblockd/2]
(root,0,0,0.0) [kblockd/3]
(root,0,0,0.0) [kacpid]
(root,0,0,0.0) [kacpi_notify]
(root,0,0,0.0) [kacpi_hotplug]
(root,0,0,0.0) [ata_aux]
(root,0,0,0.0) [ata_sff/0]
(root,0,0,0.0) [ata_sff/1]
(root,0,0,0.0) [ata_sff/2]
(root,0,0,0.0) [ata_sff/3]
(root,0,0,0.0) [ksuspend_usbd]
(root,0,0,0.0) [khubd]
(root,0,0,0.0) [kseriod]
(root,0,0,0.0) [md/0]
(root,0,0,0.0) [md/1]
(root,0,0,0.0) [md/2]
(root,0,0,0.0) [md/3]
(root,0,0,0.0) [md_misc/0]
(root,0,0,0.0) [md_misc/1]
(root,0,0,0.0) [md_misc/2]
(root,0,0,0.0) [md_misc/3]
(root,0,0,0.0) [linkwatch]
(root,0,0,0.0) [khungtaskd]
(root,0,0,0.0) [lru-add-drain/0]
(root,0,0,0.0) [lru-add-drain/1]
(root,0,0,0.0) [lru-add-drain/2]
(root,0,0,0.0) [lru-add-drain/3]
(root,0,0,0.0) [kswapd0]
(root,0,0,0.0) [ksmd]
(root,0,0,0.0) [khugepaged]
(root,0,0,0.0) [aio/0]
(root,0,0,0.0) [aio/1]
(root,0,0,0.0) [aio/2]
(root,0,0,0.0) [aio/3]
(root,0,0,0.0) [crypto/0]
(root,0,0,0.0) [crypto/1]
(root,0,0,0.0) [crypto/2]
(root,0,0,0.0) [crypto/3]
(root,0,0,0.0) [kthrotld/0]
(root,0,0,0.0) [kthrotld/1]
(root,0,0,0.0) [kthrotld/2]
(root,0,0,0.0) [kthrotld/3]
(root,0,0,0.0) [pciehpd]
(root,0,0,0.0) [kpsmoused]
(root,0,0,0.0) [usbhid_resumer]
(root,0,0,0.0) [deferwq]
(root,0,0,0.0) [kdmremove]
(root,0,0,0.0) [kstriped]
(root,0,0,0.0) [ttm_swap]
(root,0,0,0.0) [scsi_eh_0]
(root,0,0,0.0) [scsi_eh_1]
(root,0,0,0.0) [mpt_poll_0]
(root,0,0,0.0) [mpt/0]
(root,0,0,0.0) [scsi_eh_2]
(root,0,0,0.0) [kdmflush]
(root,0,0,0.0) [kdmflush]
(root,0,0,0.0) [jbd2/dm-0-8]
(root,0,0,0.0) [ext4-dio-unwrit]
(root,11000,108,0.0) /sbin/udevd -d
(amavis,368264,73656,0.0) /usr/sbin/amavisd (ch13-avail)
(root,0,0,0.0) [vmmemctl]
(root,11000,128,0.0) /sbin/udevd -d
(root,0,0,0.0) [jbd2/sda1-8]
(root,0,0,0.0) [ext4-dio-unwrit]
(root,0,0,0.0) [flush-253:0]
(root,0,0,0.0) [kauditd]
(postfix,94300,7440,0.0) smtpd -n smtp -t inet -u -o stress=
(postfix,58488,2928,0.0) spawn -n 127.0.0.1:12346 -t inet user=popuser popuser argv=/usr/lib64/plesk-9.0/postfix-srs
(root,29764,496,0.0) auditd
(root,411720,5648,0.0) /sbin/rsyslogd -i /var/run/syslogd.pid -c 5
(rpc,19048,476,0.0) rpcbind
(root,223768,716,0.0) /usr/sbin/sssd -f -D
(root,283824,2928,0.0) /usr/libexec/sssd/sssd_be --domain armada.it --uid 0 --gid 0 --debug-to-files
(root,228612,2600,0.0) /usr/libexec/sssd/sssd_nss --uid 0 --gid 0 --debug-to-files
(root,200296,1164,0.0) /usr/libexec/sssd/sssd_sudo --uid 0 --gid 0 --debug-to-files
(root,214560,1404,0.0) /usr/libexec/sssd/sssd_pam --uid 0 --gid 0 --debug-to-files
(root,207940,1020,0.0) /usr/libexec/sssd/sssd_ssh --uid 0 --gid 0 --debug-to-files
(root,225500,588,0.0) /usr/libexec/sssd/sssd_pac --uid 0 --gid 0 --debug-to-files
(rpcuser,25432,160,0.0) rpc.statd
(popuser,12268,1088,0.0) /usr/lib64/plesk-9.0/postfix-srs
(dbus,33676,140,0.0) dbus-daemon --system
(10160,14632,120,0.0) magicspam-rate-limiter                                         
(10160,14636,124,0.0) /usr/local/psa/admin/sbin/modules/magicspampro/magicspam-daemon
(10160,737740,468,0.0) /usr/local/psa/admin/sbin/modules/magicspampro/magicspam-milter -p inet:12345@127.0.0.1
(root,10996,112,0.0) /sbin/udevd -d
(root,466832,560,0.0) automount --pid-file /var/run/autofs.pid
(root,200420,1300,0.0) /usr/sbin/snmpd -LS0-6d -Lf /dev/null -p /var/run/snmpd.pid
(postfix,70888,2960,0.0) showq -t unix -u
(root,66288,360,0.0) /usr/sbin/sshd
(root,21712,448,0.0) xinetd -stayalive -pidfile /var/run/xinetd.pid
(ntp,42984,836,0.0) ntpd -x -u ntp:ntp -p /var/run/ntpd.pid
(amavis,368604,76372,0.0) /usr/sbin/amavisd (ch17-avail)
(nagios,53712,192,0.0) nrpe -c /etc/nagios/nrpe.cfg -d
(root,213324,1588,0.0) /usr/bin/vmtoolsd
(root,90328,232,0.0) /usr/bin/VGAuthService -s --background=/var/run/vmware/vgauthsvclog_pid.txt
(root,106076,1416,0.0) /bin/bash /usr/bin/run-parts /etc/cron.daily
(root,106076,1296,0.0) /bin/sh /etc/cron.daily/50plesk-daily
(root,105960,952,0.0) awk -v progname=/etc/cron.daily/50plesk-daily progname {?????   print progname ":\n"?????   progname="";????       }????       { print; }
(root,361992,40244,0.0) /usr/bin/sw-engine -c /usr/local/psa/admin/conf/php.ini /usr/local/psa/admin/plib/DailyMaintainance/script.php
(root,108312,380,0.0) /bin/sh /usr/bin/mysqld_safe --datadir=/var/lib/mysql --socket=/var/lib/mysql/mysql.sock --pid-file=/var/run/mysqld/mysqld.pid --basedir=/usr --user=mysql
(root,385372,376,0.0) sw-engine-fpm: master process (/etc/sw-engine/sw-engine-fpm.conf)                                          
(root,21104,132,0.0) /usr/sbin/atd
(postfix,70748,2996,0.0) pickup -l -t fifo -u
(root,271720,2260,0.0) /usr/local/psa/admin/bin/modules/watchdog/monit -Ic /usr/local/psa/etc/modules/watchdog/monitrc
(root,4060,104,0.0) /sbin/mingetty /dev/tty1
(root,4060,104,0.0) /sbin/mingetty /dev/tty2
(root,4060,104,0.0) /sbin/mingetty /dev/tty3
(root,4060,104,0.0) /sbin/mingetty /dev/tty4
(root,4060,104,0.0) /sbin/mingetty /dev/tty5
(root,4060,104,0.0) /sbin/mingetty /dev/tty6
(mysql,3630588,937456,1.7) /usr/libexec/mysqld --basedir=/usr --datadir=/var/lib/mysql --plugin-dir=/usr/lib64/mysql/plugin --user=mysql --log-error=/var/log/mysqld.log --open-files-limit=8192 --pid-file=/var/run/mysqld/mysqld.pid --socket=/var/lib/mysql/mysql.sock
(amavis,366636,71396,0.0) /usr/sbin/amavisd (ch4-avail)
(root,20104,760,0.0) /usr/sbin/dovecot
(dovecot,13800,648,0.0) dovecot/anvil
(postfix,2145212,3416,0.0) /usr/lib64/plesk-9.0/psa-pc-remote -p inet:12768@127.0.0.1 -P /var/run/psa-pc-remote.pid -u postfix -g popuser
(root,38364,2924,0.0) dovecot/auth
(dovenull,43212,4108,0.0) dovecot/imap-login
(popuser,28876,6212,0.0) dovecot/imap
(postfix,71888,4504,0.0) trivial-rewrite -n rewrite -t unix -u
(apache,453952,72604,0.0) /usr/sbin/httpd
(root,52632,444,0.0) sw-cp-server: master process /usr/sbin/sw-cp-serverd -c /etc/sw-cp-server/config
(498,67280,3708,0.0) sw-cp-server: worker process                       
(dovenull,43212,1976,0.0) dovecot/imap-login
(root,281380,79984,0.0) /usr/bin/spamd --create-prefs --daemonize --helper-home-dir=/var/qmail --max-children=5 --nouser-config --username=popuser --virtual-config-dir=/var/qmail/mailnames/%d/%l/.spamassassin -r /var/run/spamd.pid
(popuser,26844,3648,0.0) dovecot/imap
(dovenull,43212,1976,0.0) dovecot/imap-login
(popuser,25488,2440,0.0) dovecot/imap
(amavis,368392,75828,0.0) /usr/sbin/amavisd (ch17-avail)
(dovenull,43204,1972,0.0) dovecot/imap-login
(popuser,24076,2216,0.0) dovecot/imap
(postfix,71288,4028,0.0) cleanup -z -t unix -u
(postfix,58488,2932,0.0) spawn -n 127.0.0.1:12346 -t inet user=popuser popuser argv=/usr/lib64/plesk-9.0/postfix-srs
(popuser,12268,1092,0.0) /usr/lib64/plesk-9.0/postfix-srs
(root,60608,1056,0.0) /usr/libexec/postfix/master -w
(postfix,71332,2284,0.1) qmgr -l -t fifo -u
(postfix,70860,1836,0.0) tlsmgr -l -t unix -u
(postfix,70848,1732,0.0) anvil -l -t unix -u
(popuser,23848,2968,0.0) dovecot/imap
(popuser,23848,2672,0.0) dovecot/imap
(root,177168,24444,0.4) lfd - sleeping
(popuser,293184,89704,0.0) spamd child
(dovenull,43204,3092,0.0) dovecot/imap-login
(popuser,24248,3048,0.0) dovecot/imap
(dovenull,43204,1976,0.0) dovecot/imap-login
(popuser,24120,2260,0.0) dovecot/imap
(root,359468,37708,0.0) /usr/bin/sw-engine -c /usr/local/psa/admin/conf/php.ini /usr/local/psa/admin/plib/DailyMaintainance/task-script.php ExecuteSpamtrain --period=daily
(root,110864,6192,6.1) /bin/bash /usr/local/psa/admin/sbin/spamtrain
(amavis,366824,71672,0.0) /usr/sbin/amavisd (ch6-avail)
(dovenull,43212,1392,0.0) dovecot/imap-login
(root,14048,804,0.0) dovecot/log
(root,24068,2344,0.0) dovecot/config
(popuser,25000,2812,0.0) dovecot/imap
(dovenull,43204,1976,0.0) dovecot/imap-login
(popuser,25212,3040,0.0) dovecot/imap
(dovenull,43204,2156,0.0) dovecot/imap-login
(popuser,24608,2652,0.0) dovecot/imap
(amavis,368408,75804,0.0) /usr/sbin/amavisd (ch11-avail)
(root,13668,1164,0.0) dovecot/ssl-params
(dovenull,43200,2160,0.0) dovecot/imap-login
(popuser,24264,2344,0.0) dovecot/imap
(apache,453516,72400,0.0) /usr/sbin/httpd
(amavis,364904,13828,0.0) /usr/sbin/amavisd (virgin child)
(apache,451324,69776,0.1) /usr/sbin/httpd
(apache,451540,70032,0.0) /usr/sbin/httpd
(apache,451648,70388,0.0) /usr/sbin/httpd
(apache,451412,69872,0.0) /usr/sbin/httpd
(apache,451088,69800,0.0) /usr/sbin/httpd
(apache,451236,69720,0.0) /usr/sbin/httpd
(apache,451528,70276,0.0) /usr/sbin/httpd
(apache,451472,69956,0.0) /usr/sbin/httpd
(apache,451796,70320,0.0) /usr/sbin/httpd
(apache,451464,69960,0.0) /usr/sbin/httpd
(root,1479472,1083896,0.1) clamd
(apache,451500,70000,0.0) /usr/sbin/httpd
(apache,451416,70200,0.0) /usr/sbin/httpd
(apache,451424,69868,0.0) /usr/sbin/httpd
(apache,451820,70544,0.0) /usr/sbin/httpd
(apache,451548,70560,0.1) /usr/sbin/httpd
(apache,451716,70244,0.0) /usr/sbin/httpd
(apache,451288,69804,0.0) /usr/sbin/httpd
(postfix,58488,2932,0.0) spawn -n 127.0.0.1:12346 -t inet user=popuser popuser argv=/usr/lib64/plesk-9.0/postfix-srs
(popuser,12268,1092,0.0) /usr/lib64/plesk-9.0/postfix-srs
(mailman,216600,1400,0.0) /usr/bin/python /usr/lib/mailman/bin/mailmanctl -s -q start
(mailman,267872,3092,0.0) /usr/bin/python /usr/lib/mailman/bin/qrunner --runner=ArchRunner:0:1 -s
(mailman,218592,2000,0.0) /usr/bin/python /usr/lib/mailman/bin/qrunner --runner=BounceRunner:0:1 -s
(mailman,216248,3140,0.0) /usr/bin/python /usr/lib/mailman/bin/qrunner --runner=CommandRunner:0:1 -s
(mailman,335840,52720,0.0) /usr/bin/python /usr/lib/mailman/bin/qrunner --runner=IncomingRunner:0:1 -s
(mailman,216260,1208,0.0) /usr/bin/python /usr/lib/mailman/bin/qrunner --runner=NewsRunner:0:1 -s
(mailman,252180,8404,0.0) /usr/bin/python /usr/lib/mailman/bin/qrunner --runner=OutgoingRunner:0:1 -s
(mailman,222156,7080,0.0) /usr/bin/python /usr/lib/mailman/bin/qrunner --runner=VirginRunner:0:1 -s
(mailman,216240,1188,0.0) /usr/bin/python /usr/lib/mailman/bin/qrunner --runner=RetryRunner:0:1 -s
(popuser,23624,2296,0.0) dovecot/imap
(popuser,23836,2708,0.0) dovecot/imap
(named,259808,8084,0.0) /usr/sbin/named -u named -c /etc/named.conf -u named -n 2 -t /var/named/chroot
(postfix,94036,7100,0.0) smtpd -n submission -t inet -u -o stress= -o smtpd_enforce_tls=yes -o smtpd_tls_security_level=encrypt -o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions=permit_sasl_authenticated,reject -o smtpd_sender_restrictions= -o smtpd_recipient_restrictions=permit_mynetworks,permit_sasl_authenticated,reject_unauth_destination
(dovenull,43200,2156,0.0) dovecot/imap-login
(popuser,24132,2512,0.0) dovecot/imap
(dovenull,43204,2156,0.0) dovecot/imap-login
(popuser,25548,2540,0.0) dovecot/imap
(dovenull,43208,2168,0.0) dovecot/imap-login
(dovenull,43200,2156,0.0) dovecot/imap-login
(popuser,25344,2920,0.0) dovecot/imap
(popuser,23960,2468,0.0) dovecot/imap
(amavis,365468,64492,0.0) /usr/sbin/amavisd (ch2-avail)
(amavis,366884,71832,0.0) /usr/sbin/amavisd (ch17-avail)
(postfix,94184,7160,0.0) smtpd -n smtp -t inet -u -o stress=
(ffellico,0,0,0.2) [php-cgi] <defunct>
(france12,0,0,1.0) [php-cgi] <defunct>
(dovenull,43200,2180,0.0) dovecot/imap-login
(popuser,24384,2688,0.0) dovecot/imap
(postfix,93696,6124,0.2) smtpd -n submission -t inet -u -o stress= -o smtpd_enforce_tls=yes -o smtpd_tls_security_level=encrypt -o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions=permit_sasl_authenticated,reject -o smtpd_sender_restrictions= -o smtpd_recipient_restrictions=permit_mynetworks,permit_sasl_authenticated,reject_unauth_destination
(postfix,70720,3004,0.0) proxymap -t unix -u
(christi1,398300,47084,25.0) /opt/plesk/php/5.6/bin/php-cgi -c /var/www/vhosts/system/christiandesicafanclub.it/etc/php.ini
(postfix,43696,2716,0.0) plesk_saslauthd -l -t unix -u status=5 listen=6 dbpath=/var/spool/postfix/plesk/passwd.db
(root,110248,1588,0.5) /bin/bash /usr/bin/check_mk_agent
(root,110248,764,0.0) /bin/bash /usr/bin/check_mk_agent
(root,110248,652,0.0) /bin/bash /usr/bin/check_mk_agent
(root,830760,7020,1.6) python /usr/lib64/nagios/plugins/check_blacklist -w 1 -c 3 -h server.serverlinuxxte.com
(gfnatura,308840,20336,25.0) /usr/bin/php-cgi -c /var/www/vhosts/system/gfnaturale.it/etc/php.ini
(root,83876,2820,0.0) su - popuser -s /bin/sh -c /usr/bin/sa-learn --sync --dbpath /var/qmail/mailnames/fimp.pro/giuseppedimauro/.spamassassin
(popuser,124548,4724,5.0) /usr/bin/perl -T -w /usr/bin/sa-learn --sync --dbpath /var/qmail/mailnames/fimp.pro/giuseppedimauro/.spamassassin
(root,110248,1536,0.0) /bin/bash /usr/bin/check_mk_agent
(root,129332,952,0.0) crond
(root,13360,1024,2.0) ps ax -o user,vsz,rss,pcpu,command --columns 10000
(root,8388,844,0.0) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4) /
(amavis,367028,72276,0.0) /usr/sbin/amavisd (ch8-avail)
(amavis,363680,8504,0.0) /usr/sbin/amavisd (master)
(dovenull,43212,1992,0.0) dovecot/imap-login
(popuser,24036,2208,0.0) dovecot/imap
(popuser,23924,2740,0.0) dovecot/imap
(amavis,367028,73328,0.0) /usr/sbin/amavisd (ch11-avail)
(dovenull,43200,4080,0.0) dovecot/imap-login
(popuser,23848,2632,0.0) dovecot/imap
(popuser,281380,77528,0.0) spamd child
(dovenull,43204,948,0.0) dovecot/imap-login
(popuser,24136,1080,0.0) dovecot/imap
(root,19052,960,0.0) /usr/sbin/anacron -s
(apache,452092,70664,0.0) /usr/sbin/httpd
(root,438008,72484,0.0) /usr/sbin/httpd
(apache,343492,59560,0.0) /usr/sbin/httpd
(amavis,367908,75100,0.0) /usr/sbin/amavisd (ch10-avail)
(tomcat,4184844,1306108,1.2) /usr/lib/jvm/java/bin/java -Xms256m -Xmx1024m -XX:PermSize=256m -XX:MaxPermSize=512m -Djavax.sql.DataSource.Factory=org.apache.commons.dbcp.BasicDataSourceFactory -classpath :/usr/share/tomcat6/bin/bootstrap.jar:/usr/share/tomcat6/bin/tomcat-juli.jar:/usr/share/java/commons-daemon.jar -Dcatalina.base=/usr/share/tomcat6 -Dcatalina.home=/usr/share/tomcat6 -Djava.endorsed.dirs= -Djava.io.tmpdir=/var/cache/tomcat6/temp -Djava.util.logging.config.file=/usr/share/tomcat6/conf/logging.properties -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager org.apache.catalina.startup.Bootstrap start
(root,414780,844,0.0) php-fpm: master process (/opt/plesk/php/5.5/etc/php-fpm.conf)
(root,3872,1292,0.0) plesk bin extension --exec revisium-antivirus ra_executor.php
(psaadm,280700,43464,0.0) /usr/bin/sw-engine -c /usr/local/psa/admin/conf/php.ini /usr/local/psa/bin/extension --exec revisium-antivirus ra_executor.php
(psaadm,11300,1296,0.0) sh -c '/usr/local/psa/admin/bin/php' -dauto_prepend_file=sdk.php '/usr/local/psa/admin/plib/modules/revisium-antivirus/scripts/ra_executor.php' 2>&1
(psaadm,263580,39220,0.0) /usr/bin/sw-engine -c /usr/local/psa/admin/conf/php.ini -dauto_prepend_file=sdk.php /usr/local/psa/admin/plib/modules/revisium-antivirus/scripts/ra_executor.php
(dovenull,43104,4108,0.0) dovecot/imap-login
(popuser,23944,2992,0.0) dovecot/imap
(dovenull,43104,4112,0.0) dovecot/imap-login
(popuser,24012,2928,0.0) dovecot/imap
      Found on 2022-10-23 02:21

    • Severity: high
      Fingerprint: 03cb82e6f6a6b45342c4bbcbd51b336f6083b8906ad374733d13f17a60136c0e

      Found public CheckMk agent:
Version: 1.2.4p1
AgentOS: linux
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
SpoolDirectory: /etc/check_mk/spool
AgentDirectory: /etc/check_mk
OnlyFrom: 

Found process list through CheckMk:
(root,33668,628,0.0) /sbin/init
(root,0,0,0.0) [kthreadd]
(root,0,0,0.0) [migration/0]
(root,0,0,0.0) [ksoftirqd/0]
(root,0,0,0.0) [stopper/0]
(root,0,0,0.0) [watchdog/0]
(root,0,0,0.0) [migration/1]
(root,0,0,0.0) [stopper/1]
(root,0,0,0.0) [ksoftirqd/1]
(root,0,0,0.0) [watchdog/1]
(root,0,0,0.0) [migration/2]
(root,0,0,0.0) [stopper/2]
(root,0,0,0.0) [ksoftirqd/2]
(root,0,0,0.0) [watchdog/2]
(root,0,0,0.0) [migration/3]
(root,0,0,0.0) [stopper/3]
(root,0,0,0.0) [ksoftirqd/3]
(root,0,0,0.0) [watchdog/3]
(root,0,0,0.0) [events/0]
(root,0,0,0.0) [events/1]
(root,0,0,0.0) [events/2]
(root,0,0,0.0) [events/3]
(root,0,0,0.0) [events/0]
(root,0,0,0.0) [events/1]
(root,0,0,0.0) [events/2]
(root,0,0,0.0) [events/3]
(root,0,0,0.0) [events_long/0]
(root,0,0,0.0) [events_long/1]
(root,0,0,0.0) [events_long/2]
(root,0,0,0.0) [events_long/3]
(root,0,0,0.0) [events_power_ef]
(root,0,0,0.0) [events_power_ef]
(root,0,0,0.0) [events_power_ef]
(root,0,0,0.0) [events_power_ef]
(root,0,0,0.0) [cgroup]
(root,0,0,0.0) [khelper]
(root,0,0,0.0) [netns]
(root,0,0,0.0) [async/mgr]
(root,0,0,0.0) [pm]
(root,0,0,0.0) [sync_supers]
(root,0,0,0.0) [bdi-default]
(root,0,0,0.0) [kintegrityd/0]
(root,0,0,0.0) [kintegrityd/1]
(root,0,0,0.0) [kintegrityd/2]
(root,0,0,0.0) [kintegrityd/3]
(root,0,0,0.0) [kblockd/0]
(root,0,0,0.0) [kblockd/1]
(root,0,0,0.0) [kblockd/2]
(root,0,0,0.0) [kblockd/3]
(root,0,0,0.0) [kacpid]
(root,0,0,0.0) [kacpi_notify]
(root,0,0,0.0) [kacpi_hotplug]
(root,0,0,0.0) [ata_aux]
(root,0,0,0.0) [ata_sff/0]
(root,0,0,0.0) [ata_sff/1]
(root,0,0,0.0) [ata_sff/2]
(root,0,0,0.0) [ata_sff/3]
(root,0,0,0.0) [ksuspend_usbd]
(root,0,0,0.0) [khubd]
(root,0,0,0.0) [kseriod]
(root,0,0,0.0) [md/0]
(root,0,0,0.0) [md/1]
(root,0,0,0.0) [md/2]
(root,0,0,0.0) [md/3]
(root,0,0,0.0) [md_misc/0]
(root,0,0,0.0) [md_misc/1]
(root,0,0,0.0) [md_misc/2]
(root,0,0,0.0) [md_misc/3]
(root,0,0,0.0) [linkwatch]
(root,0,0,0.0) [khungtaskd]
(root,0,0,0.0) [lru-add-drain/0]
(root,0,0,0.0) [lru-add-drain/1]
(root,0,0,0.0) [lru-add-drain/2]
(root,0,0,0.0) [lru-add-drain/3]
(root,0,0,0.0) [kswapd0]
(root,0,0,0.0) [ksmd]
(root,0,0,0.0) [khugepaged]
(root,0,0,0.0) [aio/0]
(root,0,0,0.0) [aio/1]
(root,0,0,0.0) [aio/2]
(root,0,0,0.0) [aio/3]
(root,0,0,0.0) [crypto/0]
(root,0,0,0.0) [crypto/1]
(root,0,0,0.0) [crypto/2]
(root,0,0,0.0) [crypto/3]
(root,0,0,0.0) [kthrotld/0]
(root,0,0,0.0) [kthrotld/1]
(root,0,0,0.0) [kthrotld/2]
(root,0,0,0.0) [kthrotld/3]
(root,0,0,0.0) [pciehpd]
(root,0,0,0.0) [kpsmoused]
(root,0,0,0.0) [usbhid_resumer]
(root,0,0,0.0) [deferwq]
(root,0,0,0.0) [kdmremove]
(root,0,0,0.0) [kstriped]
(root,0,0,0.0) [ttm_swap]
(popuser,23884,2796,0.0) dovecot/imap
(root,0,0,0.0) [scsi_eh_0]
(root,0,0,0.0) [scsi_eh_1]
(root,0,0,0.0) [mpt_poll_0]
(root,0,0,0.0) [mpt/0]
(root,0,0,0.0) [scsi_eh_2]
(root,0,0,0.0) [kdmflush]
(root,0,0,0.0) [kdmflush]
(root,0,0,0.0) [jbd2/dm-0-8]
(root,0,0,0.0) [ext4-dio-unwrit]
(root,11000,108,0.0) /sbin/udevd -d
(root,0,0,0.0) [vmmemctl]
(amavis,365732,67576,0.0) /usr/sbin/amavisd (ch8-avail)
(root,11000,128,0.0) /sbin/udevd -d
(dovenull,43200,4084,0.0) dovecot/imap-login
(dovenull,43200,4080,0.0) dovecot/imap-login
(dovenull,43200,4084,0.0) dovecot/imap-login
(popuser,23864,2940,0.0) dovecot/imap
(popuser,23872,2700,0.0) dovecot/imap
(popuser,23868,2964,0.0) dovecot/imap
(dovenull,43208,4088,0.0) dovecot/imap-login
(root,0,0,0.0) [jbd2/sda1-8]
(root,0,0,0.0) [ext4-dio-unwrit]
(popuser,23868,2952,0.0) dovecot/imap
(dovenull,43200,4080,0.0) dovecot/imap-login
(popuser,23860,2684,0.0) dovecot/imap
(postfix,58488,2900,0.0) spawn -n 127.0.0.1:12346 -t inet user=popuser popuser argv=/usr/lib64/plesk-9.0/postfix-srs
(popuser,12268,1092,0.0) /usr/lib64/plesk-9.0/postfix-srs
(root,0,0,0.0) [flush-253:0]
(postfix,70720,3012,0.0) proxymap -t unix -u
(dovenull,43212,4112,0.0) dovecot/imap-login
(postfix,58488,2896,0.0) spawn -n 127.0.0.1:12346 -t inet user=popuser popuser argv=/usr/lib64/plesk-9.0/postfix-srs
(amavis,364904,34208,0.0) /usr/sbin/amavisd (virgin child)
(root,0,0,0.0) [kauditd]
(popuser,23840,2808,0.0) dovecot/imap
(apache,457104,75820,0.0) /usr/sbin/httpd
(apache,457136,75752,0.0) /usr/sbin/httpd
(apache,457132,75664,0.0) /usr/sbin/httpd
(apache,456648,75276,0.0) /usr/sbin/httpd
(apache,456628,75384,0.0) /usr/sbin/httpd
(apache,458004,76520,0.0) /usr/sbin/httpd
(apache,457432,75856,0.0) /usr/sbin/httpd
(apache,457772,76192,0.0) /usr/sbin/httpd
(apache,457016,75752,0.0) /usr/sbin/httpd
(apache,457376,75896,0.0) /usr/sbin/httpd
(apache,457668,76336,0.0) /usr/sbin/httpd
(root,29764,500,0.0) auditd
(root,411720,5632,0.0) /sbin/rsyslogd -i /var/run/syslogd.pid -c 5
(postfix,71180,3996,0.0) smtp -t unix -u
(rpc,19048,552,0.0) rpcbind
(root,223768,712,0.0) /usr/sbin/sssd -f -D
(root,283284,2216,0.0) /usr/libexec/sssd/sssd_be --domain armada.it --uid 0 --gid 0 --debug-to-files
(root,228572,2572,0.0) /usr/libexec/sssd/sssd_nss --uid 0 --gid 0 --debug-to-files
(root,200296,1152,0.0) /usr/libexec/sssd/sssd_sudo --uid 0 --gid 0 --debug-to-files
(root,214560,1336,0.0) /usr/libexec/sssd/sssd_pam --uid 0 --gid 0 --debug-to-files
(root,207940,976,0.0) /usr/libexec/sssd/sssd_ssh --uid 0 --gid 0 --debug-to-files
(root,225500,588,0.0) /usr/libexec/sssd/sssd_pac --uid 0 --gid 0 --debug-to-files
(rpcuser,25432,160,0.0) rpc.statd
(postfix,93892,6268,0.0) smtpd -n submission -t inet -u -o stress= -o smtpd_enforce_tls=yes -o smtpd_tls_security_level=encrypt -o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions=permit_sasl_authenticated,reject -o smtpd_sender_restrictions= -o smtpd_recipient_restrictions=permit_mynetworks,permit_sasl_authenticated,reject_unauth_destination
(dbus,33676,420,0.0) dbus-daemon --system
(10160,14632,120,0.0) magicspam-rate-limiter                                         
(10160,14636,124,0.0) /usr/local/psa/admin/sbin/modules/magicspampro/magicspam-daemon
(postfix,71180,3992,0.0) smtp -t unix -u
(10160,737740,448,0.0) /usr/local/psa/admin/sbin/modules/magicspampro/magicspam-milter -p inet:12345@127.0.0.1
(root,10996,112,0.0) /sbin/udevd -d
(root,466832,540,0.0) automount --pid-file /var/run/autofs.pid
(root,200420,1252,0.0) /usr/sbin/snmpd -LS0-6d -Lf /dev/null -p /var/run/snmpd.pid
(root,66288,360,0.0) /usr/sbin/sshd
(root,21712,448,0.0) xinetd -stayalive -pidfile /var/run/xinetd.pid
(ntp,42984,796,0.0) ntpd -x -u ntp:ntp -p /var/run/ntpd.pid
(postfix,94296,7460,0.0) smtpd -n smtp -t inet -u -o stress=
(popuser,303660,100384,0.3) spamd child
(nagios,53712,192,0.0) nrpe -c /etc/nagios/nrpe.cfg -d
(root,13668,1160,0.0) dovecot/ssl-params
(postfix,71272,4008,0.0) cleanup -z -t unix -u
(postfix,71316,4064,0.0) smtp -n amavisd -t unix -u -c -o smtp_data_done_timeout=1200 -o smtp_send_xforward_command=yes -o disable_dns_lookups=yes -o max_use=20
(postfix,91436,5812,0.0) smtpd -n 127.0.0.1:10025 -t inet -u -c -o content_filter= -o local_recipient_maps= -o relay_recipient_maps= -o smtpd_restriction_classes= -o smtpd_delay_reject=no -o smtpd_client_restrictions=permit_mynetworks,reject -o smtpd_helo_restrictions= -o smtpd_sender_restrictions= -o smtpd_recipient_restrictions=permit_mynetworks,reject -o smtpd_data_restrictions=reject_unauth_pipelining -o smtpd_end_of_data_restrictions= -o mynetworks=127.0.0.0/8 -o smtpd_error_sleep_time=0 -o smtpd_soft_error_limit=1001 -o smtpd_hard_error_limit=1000 -o smtpd_client_connection_count_limit=0 -o smtpd_client_connection_rate_limit=0 -o receive_override_options=no_header_body_checks,no_unknown_recipient_checks
(popuser,12268,1092,0.0) /usr/lib64/plesk-9.0/postfix-srs
(postfix,59168,3964,0.0) local -t unix
(postfix,70796,3124,0.0) bounce -z -t unix -u
(postfix,93696,6124,0.0) smtpd -n submission -t inet -u -o stress= -o smtpd_enforce_tls=yes -o smtpd_tls_security_level=encrypt -o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions=permit_sasl_authenticated,reject -o smtpd_sender_restrictions= -o smtpd_recipient_restrictions=permit_mynetworks,permit_sasl_authenticated,reject_unauth_destination
(root,213324,1616,0.0) /usr/bin/vmtoolsd
(dovenull,43208,4092,0.0) dovecot/imap-login
(popuser,23880,3008,0.0) dovecot/imap
(popuser,23624,2308,0.0) dovecot/imap
(popuser,25688,3384,0.0) dovecot/imap
(root,90328,232,0.0) /usr/bin/VGAuthService -s --background=/var/run/vmware/vgauthsvclog_pid.txt
(dovenull,43200,4092,0.0) dovecot/imap-login
(popuser,23864,2868,0.0) dovecot/imap
(postfix,58488,2900,0.0) spawn -n 127.0.0.1:12346 -t inet user=popuser popuser argv=/usr/lib64/plesk-9.0/postfix-srs
(popuser,12268,1096,0.0) /usr/lib64/plesk-9.0/postfix-srs
(postfix,71316,4072,0.0) smtp -n amavisd -t unix -u -c -o smtp_data_done_timeout=1200 -o smtp_send_xforward_command=yes -o disable_dns_lookups=yes -o max_use=20
(gfnatura,307656,19716,8.0) /usr/bin/php-cgi -c /var/www/vhosts/system/gfnaturale.it/etc/php.ini
(gfnatura,308688,20736,19.8) /usr/bin/php-cgi -c /var/www/vhosts/system/gfnaturale.it/etc/php.ini
(postfix,43696,2720,0.0) plesk_saslauthd -l -t unix -u status=5 listen=6 dbpath=/var/spool/postfix/plesk/passwd.db
(postfix,58560,3080,0.0) pipe -n plesk_virtual -t unix flags=DORhu user=popuser popuser argv=/usr/lib64/plesk-9.0/postfix-local -f ${sender} -d ${recipient} -p /var/qmail/mailnames
(root,110248,1584,0.4) /bin/bash /usr/bin/check_mk_agent
(root,110248,760,0.0) /bin/bash /usr/bin/check_mk_agent
(root,110248,648,0.0) /bin/bash /usr/bin/check_mk_agent
(root,830764,7020,1.6) python /usr/lib64/nagios/plugins/check_blacklist -w 1 -c 3 -h server.serverlinuxxte.com
(dovenull,42940,3708,0.0) dovecot/pop3-login
(root,110248,1532,0.0) /bin/bash /usr/bin/check_mk_agent
(root,13364,1024,0.0) ps ax -o user,vsz,rss,pcpu,command --columns 10000
(root,8388,844,0.0) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4) /
(amavis,367828,73036,0.0) /usr/sbin/amavisd (ch9-avail)
(root,385372,360,0.0) sw-engine-fpm: master process (/etc/sw-engine/sw-engine-fpm.conf)                                          
(dovenull,43200,4088,0.0) dovecot/imap-login
(popuser,23912,2944,0.0) dovecot/imap
(root,129364,636,0.0) crond
(root,21104,132,0.0) /usr/sbin/atd
(root,64632,864,0.0) /usr/sbin/certmonger -S -p /var/run/certmonger.pid
(root,355116,3628,0.0) /usr/bin/sw-engine -c /usr/local/psa/admin/conf/php.ini /usr/local/psa/admin/bin/modules/watchdog/wdcollect -c /usr/local/psa/etc/modules/watchdog/wdcollect.inc.php
(root,195832,2196,0.0) /usr/local/psa/admin/bin/modules/watchdog/monit -Ic /usr/local/psa/etc/modules/watchdog/monitrc
(root,4060,104,0.0) /sbin/mingetty /dev/tty1
(root,4060,104,0.0) /sbin/mingetty /dev/tty2
(root,4060,104,0.0) /sbin/mingetty /dev/tty3
(root,4060,104,0.0) /sbin/mingetty /dev/tty4
(root,4060,104,0.0) /sbin/mingetty /dev/tty5
(root,4060,104,0.0) /sbin/mingetty /dev/tty6
(root,20104,696,0.0) /usr/sbin/dovecot
(dovecot,13800,652,0.0) dovecot/anvil
(postfix,2014136,2268,0.0) /usr/lib64/plesk-9.0/psa-pc-remote -p inet:12768@127.0.0.1 -P /var/run/psa-pc-remote.pid -u postfix -g popuser
(popuser,304344,100944,0.4) spamd child
(dovenull,43212,4108,0.0) dovecot/imap-login
(dovenull,43200,4096,0.0) dovecot/imap-login
(popuser,25448,3576,0.0) dovecot/imap
(popuser,26492,4624,0.0) dovecot/imap
(root,281816,80384,0.0) /usr/bin/spamd --create-prefs --daemonize --helper-home-dir=/var/qmail --max-children=5 --nouser-config --username=popuser --virtual-config-dir=/var/qmail/mailnames/%d/%l/.spamassassin -r /var/run/spamd.pid
(amavis,366104,70992,0.0) /usr/sbin/amavisd (ch6-avail)
(postfix,72148,4712,0.0) trivial-rewrite -n rewrite -t unix -u
(dovenull,43208,4108,0.0) dovecot/imap-login
(popuser,26216,4588,0.0) dovecot/imap
(root,438760,74688,0.0) /usr/sbin/httpd
(apache,344248,60472,0.0) /usr/sbin/httpd
(apache,472640,91536,0.0) /usr/sbin/httpd
(apache,472760,91548,0.0) /usr/sbin/httpd
(root,60612,828,0.0) /usr/libexec/postfix/master -w
(postfix,71528,2144,0.1) qmgr -l -t fifo -u
(postfix,70860,1452,0.0) tlsmgr -l -t unix -u
(apache,471864,90620,0.0) /usr/sbin/httpd
(postfix,70848,1396,0.0) anvil -l -t unix -u
(amavis,368796,75688,0.0) /usr/sbin/amavisd (ch4-avail)
(apache,471856,90824,0.0) /usr/sbin/httpd
(apache,460132,78816,0.0) /usr/sbin/httpd
(dovenull,43200,4092,0.0) dovecot/imap-login
(popuser,24080,3020,0.0) dovecot/imap
(amavis,369512,75456,0.0) /usr/sbin/amavisd (ch11-avail)
(root,52632,168,0.0) sw-cp-server: master process /usr/sbin/sw-cp-serverd -c /etc/sw-cp-server/config
(498,66844,3340,0.0) sw-cp-server: worker process                       
(dovenull,43200,4088,0.0) dovecot/imap-login
(popuser,23872,2988,0.0) dovecot/imap
(root,5280,604,0.0) plesk bin extension --exec revisium-antivirus ra_executor.php
(psaadm,280484,43236,0.0) /usr/bin/sw-engine -c /usr/local/psa/admin/conf/php.ini /usr/local/psa/bin/extension --exec revisium-antivirus ra_executor.php
(psaadm,11300,1296,0.0) sh -c '/usr/local/psa/admin/bin/php' -dauto_prepend_file=sdk.php '/usr/local/psa/admin/plib/modules/revisium-antivirus/scripts/ra_executor.php' 2>&1
(psaadm,263428,39016,0.0) /usr/bin/sw-engine -c /usr/local/psa/admin/conf/php.ini -dauto_prepend_file=sdk.php /usr/local/psa/admin/plib/modules/revisium-antivirus/scripts/ra_executor.php
(root,13928,644,0.0) dovecot/log
(root,24068,2320,0.0) dovecot/config
(dovenull,43204,4092,0.0) dovecot/imap-login
(popuser,25576,3484,0.0) dovecot/imap
(root,38468,2072,0.0) dovecot/auth
(dovenull,43204,4092,0.0) dovecot/imap-login
(popuser,24108,3200,0.0) dovecot/imap
(postfix,94040,7020,0.0) smtpd -n submission -t inet -u -o stress= -o smtpd_enforce_tls=yes -o smtpd_tls_security_level=encrypt -o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions=permit_sasl_authenticated,reject -o smtpd_sender_restrictions= -o smtpd_recipient_restrictions=permit_mynetworks,permit_sasl_authenticated,reject_unauth_destination
(postfix,58488,2932,0.0) spawn -n 127.0.0.1:12346 -t inet user=popuser popuser argv=/usr/lib64/plesk-9.0/postfix-srs
(popuser,12268,1088,0.0) /usr/lib64/plesk-9.0/postfix-srs
(dovenull,43212,4108,0.0) dovecot/imap-login
(dovenull,43200,4088,0.0) dovecot/imap-login
(popuser,24240,3224,0.0) dovecot/imap
(popuser,24040,3112,0.0) dovecot/imap
(root,1479484,1082168,0.0) clamd
(dovenull,43212,4112,0.0) dovecot/imap-login
(popuser,23872,2840,0.0) dovecot/imap
(root,176736,24108,0.3) lfd - sleeping
(amavis,369072,74708,0.0) /usr/sbin/amavisd (ch4-avail)
(mailman,216600,1488,0.0) /usr/bin/python /usr/lib/mailman/bin/mailmanctl -s -q start
(mailman,234392,4380,0.0) /usr/bin/python /usr/lib/mailman/bin/qrunner --runner=ArchRunner:0:1 -s
(mailman,218592,1316,0.0) /usr/bin/python /usr/lib/mailman/bin/qrunner --runner=BounceRunner:0:1 -s
(mailman,216248,3136,0.0) /usr/bin/python /usr/lib/mailman/bin/qrunner --runner=CommandRunner:0:1 -s
(mailman,360408,99192,0.0) /usr/bin/python /usr/lib/mailman/bin/qrunner --runner=IncomingRunner:0:1 -s
(mailman,216260,1208,0.0) /usr/bin/python /usr/lib/mailman/bin/qrunner --runner=NewsRunner:0:1 -s
(mailman,251224,7252,0.0) /usr/bin/python /usr/lib/mailman/bin/qrunner --runner=OutgoingRunner:0:1 -s
(mailman,218492,6456,0.0) /usr/bin/python /usr/lib/mailman/bin/qrunner --runner=VirginRunner:0:1 -s
(mailman,216240,1188,0.0) /usr/bin/python /usr/lib/mailman/bin/qrunner --runner=RetryRunner:0:1 -s
(named,259808,14824,0.0) /usr/sbin/named -u named -c /etc/named.conf -u named -n 2 -t /var/named/chroot
(postfix,70748,3068,0.0) pickup -l -t fifo -u
(amavis,366212,70432,0.0) /usr/sbin/amavisd (ch4-avail)
(amavis,370764,76564,0.0) /usr/sbin/amavisd (ch13-avail)
(amavis,370072,76076,0.0) /usr/sbin/amavisd (ch16-avail)
(amavis,363680,29640,0.0) /usr/sbin/amavisd (master)
(postfix,58488,2932,0.0) spawn -n 127.0.0.1:12346 -t inet user=popuser popuser argv=/usr/lib64/plesk-9.0/postfix-srs
(root,108312,144,0.0) /bin/sh /usr/bin/mysqld_safe --datadir=/var/lib/mysql --socket=/var/lib/mysql/mysql.sock --pid-file=/var/run/mysqld/mysqld.pid --basedir=/usr --user=mysql
(dovenull,43200,4100,0.0) dovecot/imap-login
(popuser,23860,2852,0.0) dovecot/imap
(postfix,71416,4080,0.0) cleanup -z -t unix -u
(postfix,58488,2932,0.0) spawn -n 127.0.0.1:12346 -t inet user=popuser popuser argv=/usr/lib64/plesk-9.0/postfix-srs
(popuser,12268,1092,0.0) /usr/lib64/plesk-9.0/postfix-srs
(root,414780,320,0.0) php-fpm: master process (/opt/plesk/php/5.5/etc/php-fpm.conf)
(mysql,3551952,673012,1.2) /usr/libexec/mysqld --basedir=/usr --datadir=/var/lib/mysql --plugin-dir=/usr/lib64/mysql/plugin --user=mysql --log-error=/var/log/mysqld.log --open-files-limit=8192 --pid-file=/var/run/mysqld/mysqld.pid --socket=/var/lib/mysql/mysql.sock
(dovenull,43204,1368,0.0) dovecot/imap-login
(popuser,24312,1516,0.0) dovecot/imap
(dovenull,43212,4108,0.0) dovecot/imap-login
(postfix,94040,7016,0.0) smtpd -n submission -t inet -u -o stress= -o smtpd_enforce_tls=yes -o smtpd_tls_security_level=encrypt -o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions=permit_sasl_authenticated,reject -o smtpd_sender_restrictions= -o smtpd_recipient_restrictions=permit_mynetworks,permit_sasl_authenticated,reject_unauth_destination
(popuser,23948,3076,0.0) dovecot/imap
(dovenull,43208,4088,0.0) dovecot/imap-login
(popuser,23876,2956,0.0) dovecot/imap
(dovenull,43208,4092,0.0) dovecot/imap-login
(popuser,23844,2864,0.0) dovecot/imap
(dovenull,43216,4088,0.0) dovecot/imap-login
(popuser,23848,2928,0.0) dovecot/imap
(popuser,12268,1092,0.0) /usr/lib64/plesk-9.0/postfix-srs
(dovenull,43204,4104,0.0) dovecot/imap-login
(popuser,24004,2972,0.0) dovecot/imap
(apache,457796,76656,0.0) /usr/sbin/httpd
(dovenull,43208,4084,0.0) dovecot/imap-login
(popuser,24012,3044,0.0) dovecot/imap
(dovenull,43200,4080,0.0) dovecot/imap-login
(popuser,23884,3020,0.0) dovecot/imap
(apache,457804,76360,0.0) /usr/sbin/httpd
(apache,457636,76228,0.0) /usr/sbin/httpd
(apache,457032,75744,0.0) /usr/sbin/httpd
(dovenull,43200,4084,0.0) dovecot/imap-login
(popuser,23856,2684,0.0) dovecot/imap
(dovenull,43200,4080,0.0) dovecot/imap-login
(popuser,23948,2976,0.0) dovecot/imap
(dovenull,43200,4084,0.0) dovecot/imap-login
(popuser,23876,3008,0.0) dovecot/imap
(amavis,364904,34100,0.0) /usr/sbin/amavisd (virgin child)
(dovenull,43212,4112,0.0) dovecot/imap-login
(popuser,23848,2816,0.0) dovecot/imap
(postfix,94296,7468,0.0) smtpd -n smtp -t inet -u -o stress=
(dovenull,43204,4084,0.0) dovecot/imap-login
(popuser,23856,2688,0.0) dovecot/imap
(tomcat,4174528,1099160,1.1) /usr/lib/jvm/java/bin/java -Xms256m -Xmx1024m -XX:PermSize=256m -XX:MaxPermSize=512m -Djavax.sql.DataSource.Factory=org.apache.commons.dbcp.BasicDataSourceFactory -classpath :/usr/share/tomcat6/bin/bootstrap.jar:/usr/share/tomcat6/bin/tomcat-juli.jar:/usr/share/java/commons-daemon.jar -Dcatalina.base=/usr/share/tomcat6 -Dcatalina.home=/usr/share/tomcat6 -Djava.endorsed.dirs= -Djava.io.tmpdir=/var/cache/tomcat6/temp -Djava.util.logging.config.file=/usr/share/tomcat6/conf/logging.properties -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager org.apache.catalina.startup.Bootstrap start
(popuser,23624,2300,0.0) dovecot/imap
(popuser,25688,3376,0.0) dovecot/imap
(dovenull,43200,4084,0.0) dovecot/imap-login
(popuser,23948,2976,0.0) dovecot/imap
(amavis,365756,67792,0.0) /usr/sbin/amavisd (ch9-avail)
(dovenull,43208,4096,0.0) dovecot/imap-login
(popuser,25416,3536,0.0) dovecot/imap
(postfix,70888,3032,0.0) showq -t unix -u
(dovenull,43200,4080,0.0) dovecot/imap-login
(popuser,23884,3016,0.0) dovecot/imap
(popuser,24768,3556,0.0) dovecot/imap
(popuser,23856,2932,0.0) dovecot/imap
      Found on 2022-06-17 22:57
    Create report

  • Open service 5.134.124.178:3306

    2024-06-02 15:43 

    MySQL detected
    Found 2024-06-02 by tcpid
    Create report

  • Open service 5.134.124.178:21

    2024-06-02 11:15 

    220 ProFTPD Server (ProFTPD) [5.134.124.178]
    Found 2024-06-02 by FtpPlugin
    Create report

  • Open service 5.134.124.178:80

    2024-06-02 10:23 

    HTTP/1.1 200 OK
Date: Sun, 02 Jun 2024 10:23:10 GMT
Server: Apache
Last-Modified: Mon, 15 Mar 2021 08:51:51 GMT
ETag: "38417a-48-5bd8f5c625d37"
Accept-Ranges: bytes
Content-Length: 72
Vary: Accept-Encoding
X-Powered-By: PleskLin
Connection: close
Content-Type: text/html


 <META HTTP-EQUIV="Refresh" CONTENT="0;URL=http://www.hostingperte.it">
    Found 2024-06-02 by HttpPlugin
    Create report

  • Open service 5.134.124.178:443

    2024-06-01 23:11 

    HTTP/1.1 200 OK
Date: Sat, 01 Jun 2024 23:11:47 GMT
Server: Apache
Last-Modified: Mon, 15 Mar 2021 08:51:51 GMT
ETag: "38417a-48-5bd8f5c625d37"
Accept-Ranges: bytes
Content-Length: 72
Vary: Accept-Encoding
X-Powered-By: PleskLin
Connection: close
Content-Type: text/html


 <META HTTP-EQUIV="Refresh" CONTENT="0;URL=http://www.hostingperte.it">
    Found 2024-06-01 by HttpPlugin
    Create report

  • Open service 5.134.124.178:443

    2024-05-29 18:12 

    HTTP/1.1 200 OK
Date: Wed, 29 May 2024 18:12:53 GMT
Server: Apache
Last-Modified: Mon, 15 Mar 2021 08:51:51 GMT
ETag: "38417a-48-5bd8f5c625d37"
Accept-Ranges: bytes
Content-Length: 72
Vary: Accept-Encoding
X-Powered-By: PleskLin
Connection: close
Content-Type: text/html


 <META HTTP-EQUIV="Refresh" CONTENT="0;URL=http://www.hostingperte.it">
    Found 2024-05-29 by HttpPlugin
    Create report

  • Open service 5.134.124.178:21

    2024-05-27 23:59 

    220 ProFTPD Server (ProFTPD) [5.134.124.178]
    Found 2024-05-27 by FtpPlugin
    Create report

  • Open service 5.134.124.178:80

    2024-05-27 16:52 

    HTTP/1.1 200 OK
Date: Mon, 27 May 2024 16:52:56 GMT
Server: Apache
Last-Modified: Mon, 15 Mar 2021 08:51:51 GMT
ETag: "38417a-48-5bd8f5c625d37"
Accept-Ranges: bytes
Content-Length: 72
Vary: Accept-Encoding
X-Powered-By: PleskLin
Connection: close
Content-Type: text/html


 <META HTTP-EQUIV="Refresh" CONTENT="0;URL=http://www.hostingperte.it">
    Found 2024-05-27 by HttpPlugin
    Create report
Fingerprint:
ec1ee63c580419ed84425d42df140c1c81a0029fdb415cf1cce2cc8f12fdbd1b
CN:
Parallels Panel
Key:
RSA-2048
Issuer:
Parallels Panel
Not before:
2014-01-27 16:50
Not after:
2015-01-27 16:50
Domain summary
No record

© 2024 LeakIX
About LeakIX - Credits - Take-down and blacklist requests - Security issues - Terms and conditions - Cookie policy - Legal notice