Host 5.134.127.229
Italy
ITnet S.r.l.
CentOS
Software information
Apache 2.2.15
tcp/80
-
Apache server-status page is publicly available
The server-status page (usually
/server-status) allows server administrators to find out how well their server is performing.This is a HTML page that gives the current server statistics such as the server version, up time,cpu, ram, and information about requests made to the server.
This information can be very useful if the application is sent sensitive information as GET requests. If you monitor this page you might be able to find CSRF tokens, API keys, hidden paths, and other sensitive information being sent to the server.
https://medium.com/@ghostlulzhacks/apache-server-status-a70abed83f5a
First seen 2022-05-26 08:31
Last seen 2024-04-30 18:52
Open for 705 days-
Severity: medium
Fingerprint: ee80c6706842d3ef6842d3ef6325bb316325bb310450903104509031a44503ffApache Status Apache Server Status for 5.134.127.229 Server Version: Apache/2.2.15 (Unix) DAV/2 PHP/5.3.3 Server Built: Oct 16 2014 14:48:21 Current Time: Tuesday, 30-Apr-2024 20:52:37 CEST Restart Time: Tuesday, 30-Apr-2024 04:29:04 CEST Parent Server Generation: 95 Server uptime: 16 hours 23 minutes 33 seconds Total accesses: 2994 - Total Traffic: 8.9 MB CPU Usage: u289.48 s12.09 cu0 cs0 - .511% CPU load .0507 requests/sec - 158 B/second - 3122 B/request 3 requests currently being processed, 2 idle workers .W..C.._.....C._................................................ ................................................................ ................................................................ ................................................................ Scoreboard Key: "_" Waiting for Connection, "S" Starting up, "R" Reading Request, "W" Sending Reply, "K" Keepalive (read), "D" DNS Lookup, "C" Closing connection, "L" Logging, "G" Gracefully finishing, "I" Idle cleanup of worker, "." Open slot with no current process SrvPIDAccMCPU SSReqConnChildSlotClientVHostRequest 0-95-0/0/742. 6.02991900.00.002.00 ::1smtp110.ext.armada.itOPTIONS * HTTP/1.0 1-95171750/98/884W 32.85000.00.232.41 64.23.218.208smtp110.ext.armada.itGET /server-status HTTP/1.1 2-95-0/0/480. 0.011145400.00.001.64 ::1smtp110.ext.armada.itOPTIONS * HTTP/1.0 3-95-0/0/12. 0.011145300.00.000.00 ::1smtp110.ext.armada.itOPTIONS * HTTP/1.0 4-9599231/130/134C 56.420230.00.320.32 64.23.218.208smtp110.ext.armada.itGET /ecp/Current/exporttool/microsoft.exchange.ediscovery.expor 5-95-0/0/88. 29.141144700.00.000.23 ::1smtp110.ext.armada.itOPTIONS * HTTP/1.0 6-95-0/0/81. 9.531145000.00.000.29 ::1smtp110.ext.armada.itOPTIONS * HTTP/1.0 7-9599240/129/132_ 39.600110.00.360.36 64.23.218.208smtp110.ext.armada.itGET /server HTTP/1.1 8-95-0/0/86. 20.631144600.00.000.52 ::1smtp110.ext.armada.itOPTIONS * HTTP/1.0 9-95-0/0/83. 25.761144900.00.000.27 ::1smtp110.ext.armada.itOPTIONS * HTTP/1.0 10-95-0/0/5. 0.061145200.00.000.00 ::1smtp110.ext.armada.itOPTIONS * HTTP/1.0 11-95-0/0/4. 0.041144400.00.000.00 ::1smtp110.ext.armada.itOPTIONS * HTTP/1.0 12-95-0/0/2. 0.011144800.00.000.00 ::1smtp110.ext.armada.itOPTIONS * HTTP/1.0 13-9599281/127/127C 38.031240.00.490.49 64.23.218.208smtp110.ext.armada.itGET /about HTTP/1.1 14-95-0/0/1. 0.001145900.00.000.00 ::1smtp110.ext.armada.itOPTIONS * HTTP/1.0 15-9599300/129/129_ 43.460250.00.400.40 64.23.218.208smtp110.ext.armada.itGET /.vscode/sftp.json HTTP/1.1 16-95-0/0/1. 0.001145800.00.000.00 ::1smtp110.ext.armada.itOPTIONS * HTTP/1.0 17-95-0/0/1. 0.001145700.00.000.00 ::1smtp110.ext.armada.itOPTIONS * HTTP/1.0 18-95-0/0/1. 0.001145600.00.000.00 ::1smtp110.ext.armada.itOPTIONS * HTTP/1.0 19-95-0/0/1. 0.001145500.00.000.00 ::1smtp110.ext.armada.itOPTIONS * HTTP/1.0 SrvChild Server number - generation PIDOS process ID AccNumber of accesses this connection / this child / this slot MMode of operation CPUCPU usage, number of seconds SSSeconds since beginning of most recent request ReqMilliseconds required to process most recent request ConnKilobytes transferred this connection ChildMegabytes transferred this child SlotTotal megabytes transferred this slot
Found on 2024-04-30 18:52 -
Severity: medium
Fingerprint: ee80c6706842d3ef6842d3ef6325bb316325bb31045090310450903137d3b411Apache Status Apache Server Status for 5.134.127.229 Server Version: Apache/2.2.15 (Unix) DAV/2 PHP/5.3.3 Server Built: Oct 16 2014 14:48:21 Current Time: Sunday, 28-Apr-2024 19:46:39 CEST Restart Time: Sunday, 28-Apr-2024 03:42:06 CEST Parent Server Generation: 93 Server uptime: 16 hours 4 minutes 33 seconds Total accesses: 2983 - Total Traffic: 8.5 MB CPU Usage: u666.02 s23.75 cu0 cs0 - 1.19% CPU load .0515 requests/sec - 154 B/second - 2988 B/request 5 requests currently being processed, 1 idle workers CCCCW_.......................................................... ................................................................ ................................................................ ................................................................ Scoreboard Key: "_" Waiting for Connection, "S" Starting up, "R" Reading Request, "W" Sending Reply, "K" Keepalive (read), "D" DNS Lookup, "C" Closing connection, "L" Logging, "G" Gracefully finishing, "I" Idle cleanup of worker, "." Open slot with no current process SrvPIDAccMCPU SSReqConnChildSlotClientVHostRequest 0-93265651/1034/1034C 251.151920.42.822.82 159.65.18.197smtp110.ext.armada.itGET /server HTTP/1.1 1-93265661/1021/1021C 239.251150.03.093.09 159.65.18.197smtp110.ext.armada.itGET /about HTTP/1.1 2-9351361/925/925C 199.311150.02.602.60 159.65.18.197smtp110.ext.armada.itGET /.vscode/sftp.json HTTP/1.1 3-9320231/3/3C 0.060160.00.000.00 159.65.18.197smtp110.ext.armada.itGET /ecp/Current/exporttool/microsoft.exchange.ediscovery.expor 4-9320300/0/0W 0.00000.00.000.00 159.65.18.197smtp110.ext.armada.itGET /server-status HTTP/1.1 SrvChild Server number - generation PIDOS process ID AccNumber of accesses this connection / this child / this slot MMode of operation CPUCPU usage, number of seconds SSSeconds since beginning of most recent request ReqMilliseconds required to process most recent request ConnKilobytes transferred this connection ChildMegabytes transferred this child SlotTotal megabytes transferred this slot
Found on 2024-04-28 17:46 -
Severity: medium
Fingerprint: ee80c6706842d3ef6842d3ef6325bb316325bb310450903104509031f03192aaApache Status Apache Server Status for 5.134.127.229 Server Version: Apache/2.2.15 (Unix) DAV/2 PHP/5.3.3 Server Built: Oct 16 2014 14:48:21 Current Time: Wednesday, 24-Apr-2024 02:37:21 CEST Restart Time: Tuesday, 23-Apr-2024 03:15:12 CEST Parent Server Generation: 88 Server uptime: 23 hours 22 minutes 8 seconds Total accesses: 5437 - Total Traffic: 13.6 MB CPU Usage: u1421.53 s62.2 cu0 cs0 - 1.76% CPU load .0646 requests/sec - 168 B/second - 2614 B/request 5 requests currently being processed, 1 idle workers CWCCC_.......................................................... ................................................................ ................................................................ ................................................................ Scoreboard Key: "_" Waiting for Connection, "S" Starting up, "R" Reading Request, "W" Sending Reply, "K" Keepalive (read), "D" DNS Lookup, "C" Closing connection, "L" Logging, "G" Gracefully finishing, "I" Idle cleanup of worker, "." Open slot with no current process SrvPIDAccMCPU SSReqConnChildSlotClientVHostRequest 0-88216301/1174/1174C 344.630150.02.862.86 164.92.244.132smtp110.ext.armada.itGET /about HTTP/1.1 1-88216310/1163/1163W 298.27000.03.193.19 164.92.244.132smtp110.ext.armada.itGET /server-status HTTP/1.1 2-88216671/1175/1175C 329.440200.02.932.93 164.92.244.132smtp110.ext.armada.itGET /ecp/Current/exporttool/microsoft.exchange.ediscovery.expor 3-88280791/995/995C 274.181260.42.452.45 164.92.244.132smtp110.ext.armada.itGET /server HTTP/1.1 4-8888241/830/834C 237.121160.01.881.89 164.92.244.132smtp110.ext.armada.itGET /.vscode/sftp.json HTTP/1.1 5-8849180/0/94_ 0.05000.00.000.22 ::1smtp110.ext.armada.itOPTIONS * HTTP/1.0 6-88-0/0/2. 0.043345700.00.000.01 ::1smtp110.ext.armada.itOPTIONS * HTTP/1.0 SrvChild Server number - generation PIDOS process ID AccNumber of accesses this connection / this child / this slot MMode of operation CPUCPU usage, number of seconds SSSeconds since beginning of most recent request ReqMilliseconds required to process most recent request ConnKilobytes transferred this connection ChildMegabytes transferred this child SlotTotal megabytes transferred this slot
Found on 2024-04-24 00:37 -
Severity: medium
Fingerprint: ee80c6706842d3ef6842d3ef6325bb316325bb310450903104509031d18d1868Apache Status Apache Server Status for 5.134.127.229 Server Version: Apache/2.2.15 (Unix) DAV/2 PHP/5.3.3 Server Built: Oct 16 2014 14:48:21 Current Time: Thursday, 18-Apr-2024 20:19:14 CEST Restart Time: Thursday, 18-Apr-2024 03:14:04 CEST Parent Server Generation: 83 Server uptime: 17 hours 5 minutes 10 seconds Total accesses: 3256 - Total Traffic: 9.1 MB CPU Usage: u892.34 s34.85 cu0 cs0 - 1.51% CPU load .0529 requests/sec - 154 B/second - 2927 B/request 5 requests currently being processed, 0 idle workers CW.CC.C......................................................... ................................................................ ................................................................ ................................................................ Scoreboard Key: "_" Waiting for Connection, "S" Starting up, "R" Reading Request, "W" Sending Reply, "K" Keepalive (read), "D" DNS Lookup, "C" Closing connection, "L" Logging, "G" Gracefully finishing, "I" Idle cleanup of worker, "." Open slot with no current process SrvPIDAccMCPU SSReqConnChildSlotClientVHostRequest 0-83228061/930/930C 264.120200.02.622.62 159.89.12.166smtp110.ext.armada.itGET /.vscode/sftp.json HTTP/1.1 1-83228070/971/971W 291.38000.02.622.62 159.89.12.166smtp110.ext.armada.itGET /server-status HTTP/1.1 2-83-0/0/919. 278.664500.00.002.73 ::1smtp110.ext.armada.itOPTIONS * HTTP/1.0 3-83175731/425/425C 92.860180.01.121.12 159.89.12.166smtp110.ext.armada.itGET /about HTTP/1.1 4-83119091/5/5C 0.100150.00.010.01 159.89.12.166smtp110.ext.armada.itGET /ecp/Current/exporttool/microsoft.exchange.ediscovery.expor 5-83-0/0/2. 0.034400.00.000.00 ::1smtp110.ext.armada.itOPTIONS * HTTP/1.0 6-83119171/3/3C 0.04000.40.000.00 159.89.12.166smtp110.ext.armada.itGET /server HTTP/1.1 7-83-0/0/1. 0.004600.00.000.00 ::1smtp110.ext.armada.itOPTIONS * HTTP/1.0 SrvChild Server number - generation PIDOS process ID AccNumber of accesses this connection / this child / this slot MMode of operation CPUCPU usage, number of seconds SSSeconds since beginning of most recent request ReqMilliseconds required to process most recent request ConnKilobytes transferred this connection ChildMegabytes transferred this child SlotTotal megabytes transferred this slot
Found on 2024-04-18 18:19 -
Severity: medium
Fingerprint: ee80c6706842d3ef6842d3ef6325bb316325bb3104509031045090319834583cApache Status Apache Server Status for 5.134.127.229 Server Version: Apache/2.2.15 (Unix) DAV/2 PHP/5.3.3 Server Built: Oct 16 2014 14:48:21 Current Time: Wednesday, 10-Apr-2024 16:11:26 CEST Restart Time: Wednesday, 10-Apr-2024 03:12:02 CEST Parent Server Generation: 75 Server uptime: 12 hours 59 minutes 24 seconds Total accesses: 2246 - Total Traffic: 6.1 MB CPU Usage: u779.72 s33.22 cu0 cs0 - 1.74% CPU load .048 requests/sec - 135 B/second - 2828 B/request 5 requests currently being processed, 1 idle workers CCCCW_.......................................................... ................................................................ ................................................................ ................................................................ Scoreboard Key: "_" Waiting for Connection, "S" Starting up, "R" Reading Request, "W" Sending Reply, "K" Keepalive (read), "D" DNS Lookup, "C" Closing connection, "L" Logging, "G" Gracefully finishing, "I" Idle cleanup of worker, "." Open slot with no current process SrvPIDAccMCPU SSReqConnChildSlotClientVHostRequest 0-75315931/860/860C 286.041160.02.232.23 96.126.110.181smtp110.ext.armada.itGET /about HTTP/1.1 1-75315941/859/859C 300.771150.02.352.35 96.126.110.181smtp110.ext.armada.itGET /.vscode/sftp.json HTTP/1.1 2-75197891/524/524C 226.07100.41.481.48 96.126.110.181smtp110.ext.armada.itGET /server HTTP/1.1 3-7535631/3/3C 0.060210.00.000.00 96.126.110.181smtp110.ext.armada.itGET /ecp/Current/exporttool/microsoft.exchange.ediscovery.expor 4-7535660/0/0W 0.00000.00.000.00 96.126.110.181smtp110.ext.armada.itGET /server-status HTTP/1.1 SrvChild Server number - generation PIDOS process ID AccNumber of accesses this connection / this child / this slot MMode of operation CPUCPU usage, number of seconds SSSeconds since beginning of most recent request ReqMilliseconds required to process most recent request ConnKilobytes transferred this connection ChildMegabytes transferred this child SlotTotal megabytes transferred this slot
Found on 2024-04-10 14:11 -
Severity: medium
Fingerprint: ee80c6706842d3ef6842d3ef6325bb316325bb310450903104509031353d7664Apache Status Apache Server Status for 5.134.127.229 Server Version: Apache/2.2.15 (Unix) DAV/2 PHP/5.3.3 Server Built: Oct 16 2014 14:48:21 Current Time: Thursday, 21-Mar-2024 10:42:50 CET Restart Time: Thursday, 21-Mar-2024 03:13:01 CET Parent Server Generation: 55 Server uptime: 7 hours 29 minutes 48 seconds Total accesses: 2071 - Total Traffic: 5.2 MB CPU Usage: u366.04 s16.63 cu0 cs0 - 1.42% CPU load .0767 requests/sec - 202 B/second - 2644 B/request 5 requests currently being processed, 0 idle workers CCCCW........................................................... ................................................................ ................................................................ ................................................................ Scoreboard Key: "_" Waiting for Connection, "S" Starting up, "R" Reading Request, "W" Sending Reply, "K" Keepalive (read), "D" DNS Lookup, "C" Closing connection, "L" Logging, "G" Gracefully finishing, "I" Idle cleanup of worker, "." Open slot with no current process SrvPIDAccMCPU SSReqConnChildSlotClientVHostRequest 0-55293851/490/490C 112.111260.01.241.24 46.101.111.185smtp110.ext.armada.itGET /about HTTP/1.1 1-55293861/559/559C 100.631290.01.751.75 46.101.111.185smtp110.ext.armada.itGET /ecp/Current/exporttool/microsoft.exchange.ediscovery.expor 2-55294481/552/552C 113.041270.01.301.30 46.101.111.185smtp110.ext.armada.itGET /.vscode/sftp.json HTTP/1.1 3-5525091/470/470C 56.89110.40.940.94 46.101.111.185smtp110.ext.armada.itGET /server HTTP/1.1 4-55200520/0/0W 0.00000.00.000.00 46.101.111.185smtp110.ext.armada.itGET /server-status HTTP/1.1 SrvChild Server number - generation PIDOS process ID AccNumber of accesses this connection / this child / this slot MMode of operation CPUCPU usage, number of seconds SSSeconds since beginning of most recent request ReqMilliseconds required to process most recent request ConnKilobytes transferred this connection ChildMegabytes transferred this child SlotTotal megabytes transferred this slot
Found on 2024-03-21 09:42 -
Severity: medium
Fingerprint: ee80c6706842d3ef6842d3ef6325bb316325bb3104509031045090319e163796Apache Status Apache Server Status for 5.134.127.229 Server Version: Apache/2.2.15 (Unix) DAV/2 PHP/5.3.3 Server Built: Oct 16 2014 14:48:21 Current Time: Friday, 08-Mar-2024 05:20:19 CET Restart Time: Friday, 08-Mar-2024 03:08:01 CET Parent Server Generation: 42 Server uptime: 2 hours 12 minutes 17 seconds Total accesses: 482 - Total Traffic: 1.1 MB CPU Usage: u65.42 s2.7 cu0 cs0 - .858% CPU load .0607 requests/sec - 140 B/second - 2317 B/request 3 requests currently being processed, 2 idle workers ._..CC_W........................................................ ................................................................ ................................................................ ................................................................ Scoreboard Key: "_" Waiting for Connection, "S" Starting up, "R" Reading Request, "W" Sending Reply, "K" Keepalive (read), "D" DNS Lookup, "C" Closing connection, "L" Logging, "G" Gracefully finishing, "I" Idle cleanup of worker, "." Open slot with no current process SrvPIDAccMCPU SSReqConnChildSlotClientVHostRequest 0-42-0/0/80. 0.078700.00.000.17 ::1smtp110.ext.armada.itOPTIONS * HTTP/1.0 1-42204160/3/132_ 3.25000.00.000.32 139.59.231.238smtp110.ext.armada.itGET /server HTTP/1.1 2-42-0/0/73. 10.508900.00.000.14 ::1smtp110.ext.armada.itOPTIONS * HTTP/1.0 3-42-0/0/58. 14.418800.00.000.16 ::1smtp110.ext.armada.itOPTIONS * HTTP/1.0 4-42258621/56/56C 11.601240.00.120.12 139.59.231.238smtp110.ext.armada.itGET /about HTTP/1.1 5-42258631/69/69C 27.070210.00.130.13 139.59.231.238smtp110.ext.armada.itGET /ecp/Current/exporttool/microsoft.exchange.ediscovery.expor 6-42204170/4/6_ 1.100180.00.010.02 139.59.231.238smtp110.ext.armada.itGET /.vscode/sftp.json HTTP/1.1 7-42194810/8/8W 0.12000.00.010.01 139.59.231.238smtp110.ext.armada.itGET /server-status HTTP/1.1 SrvChild Server number - generation PIDOS process ID AccNumber of accesses this connection / this child / this slot MMode of operation CPUCPU usage, number of seconds SSSeconds since beginning of most recent request ReqMilliseconds required to process most recent request ConnKilobytes transferred this connection ChildMegabytes transferred this child SlotTotal megabytes transferred this slot
Found on 2024-03-08 04:20 -
Severity: medium
Fingerprint: ee80c6706842d3ef6842d3ef6325bb316325bb310450903104509031abda25b5Apache Status Apache Server Status for 5.134.127.229 Server Version: Apache/2.2.15 (Unix) DAV/2 PHP/5.3.3 Server Built: Oct 16 2014 14:48:21 Current Time: Thursday, 07-Mar-2024 18:27:27 CET Restart Time: Thursday, 07-Mar-2024 03:37:01 CET Parent Server Generation: 41 Server uptime: 14 hours 50 minutes 26 seconds Total accesses: 2655 - Total Traffic: 7.4 MB CPU Usage: u787.77 s28.13 cu0 cs0 - 1.53% CPU load .0497 requests/sec - 145 B/second - 2932 B/request 5 requests currently being processed, 0 idle workers WCC.CC.......................................................... ................................................................ ................................................................ ................................................................ Scoreboard Key: "_" Waiting for Connection, "S" Starting up, "R" Reading Request, "W" Sending Reply, "K" Keepalive (read), "D" DNS Lookup, "C" Closing connection, "L" Logging, "G" Gracefully finishing, "I" Idle cleanup of worker, "." Open slot with no current process SrvPIDAccMCPU SSReqConnChildSlotClientVHostRequest 0-41285420/693/693W 219.62000.01.881.88 162.243.184.251smtp110.ext.armada.itGET /server-status HTTP/1.1 1-41285431/701/701C 256.310280.02.002.00 162.243.184.251smtp110.ext.armada.itGET /ecp/Current/exporttool/microsoft.exchange.ediscovery.expor 2-4118191/8/310C 3.511190.00.010.77 162.243.184.251smtp110.ext.armada.itGET /.vscode/sftp.json HTTP/1.1 3-41-0/0/403. 136.0470600.00.001.12 ::1smtp110.ext.armada.itOPTIONS * HTTP/1.0 4-41204191/399/399C 133.91100.41.141.14 162.243.184.251smtp110.ext.armada.itGET /server HTTP/1.1 5-41304141/147/149C 66.511170.00.510.51 162.243.184.251smtp110.ext.armada.itGET /about HTTP/1.1 SrvChild Server number - generation PIDOS process ID AccNumber of accesses this connection / this child / this slot MMode of operation CPUCPU usage, number of seconds SSSeconds since beginning of most recent request ReqMilliseconds required to process most recent request ConnKilobytes transferred this connection ChildMegabytes transferred this child SlotTotal megabytes transferred this slot
Found on 2024-03-07 17:27 -
Severity: medium
Fingerprint: ee80c6706842d3ef6842d3ef6325bb316325bb310450903104509031a190bfe4Apache Status Apache Server Status for 5.134.127.229 Server Version: Apache/2.2.15 (Unix) DAV/2 PHP/5.3.3 Server Built: Oct 16 2014 14:48:21 Current Time: Wednesday, 06-Mar-2024 20:23:40 CET Restart Time: Wednesday, 06-Mar-2024 03:41:03 CET Parent Server Generation: 40 Server uptime: 16 hours 42 minutes 36 seconds Total accesses: 2970 - Total Traffic: 8.5 MB CPU Usage: u1042.01 s40.69 cu0 cs0 - 1.8% CPU load .0494 requests/sec - 147 B/second - 2983 B/request 4 requests currently being processed, 0 idle workers CCWC............................................................ ................................................................ ................................................................ ................................................................ Scoreboard Key: "_" Waiting for Connection, "S" Starting up, "R" Reading Request, "W" Sending Reply, "K" Keepalive (read), "D" DNS Lookup, "C" Closing connection, "L" Logging, "G" Gracefully finishing, "I" Idle cleanup of worker, "." Open slot with no current process SrvPIDAccMCPU SSReqConnChildSlotClientVHostRequest 0-40222531/1021/1021C 402.661160.02.892.89 162.243.161.105smtp110.ext.armada.itGET /about HTTP/1.1 1-40222541/1023/1023C 374.971260.03.093.09 162.243.161.105smtp110.ext.armada.itGET /.vscode/sftp.json HTTP/1.1 2-40132340/923/923W 305.01000.02.472.47 162.243.161.105smtp110.ext.armada.itGET /server-status HTTP/1.1 3-4052771/3/3C 0.060170.00.000.00 162.243.161.105smtp110.ext.armada.itGET /ecp/Current/exporttool/microsoft.exchange.ediscovery.expor SrvChild Server number - generation PIDOS process ID AccNumber of accesses this connection / this child / this slot MMode of operation CPUCPU usage, number of seconds SSSeconds since beginning of most recent request ReqMilliseconds required to process most recent request ConnKilobytes transferred this connection ChildMegabytes transferred this child SlotTotal megabytes transferred this slot
Found on 2024-03-06 19:23 -
Severity: medium
Fingerprint: ee80c6706842d3ef6842d3ef6325bb316325bb31045090310450903179e5bf46Apache Status Apache Server Status for 5.134.127.229 Server Version: Apache/2.2.15 (Unix) DAV/2 PHP/5.3.3 Server Built: Oct 16 2014 14:48:21 Current Time: Sunday, 03-Mar-2024 15:24:12 CET Restart Time: Sunday, 03-Mar-2024 03:45:02 CET Parent Server Generation: 37 Server uptime: 11 hours 39 minutes 10 seconds Total accesses: 1880 - Total Traffic: 5.0 MB CPU Usage: u542.95 s18.53 cu0 cs0 - 1.34% CPU load .0448 requests/sec - 124 B/second - 2770 B/request 4 requests currently being processed, 1 idle workers CCW_.C.......................................................... ................................................................ ................................................................ ................................................................ Scoreboard Key: "_" Waiting for Connection, "S" Starting up, "R" Reading Request, "W" Sending Reply, "K" Keepalive (read), "D" DNS Lookup, "C" Closing connection, "L" Logging, "G" Gracefully finishing, "I" Idle cleanup of worker, "." Open slot with no current process SrvPIDAccMCPU SSReqConnChildSlotClientVHostRequest 0-37196511/556/556C 190.601220.01.461.46 64.227.126.135smtp110.ext.armada.itGET /about HTTP/1.1 1-37196521/554/554C 169.980270.01.401.40 64.227.126.135smtp110.ext.armada.itGET /ecp/Current/exporttool/microsoft.exchange.ediscovery.expor 2-375820/482/482W 117.25000.01.301.30 64.227.126.135smtp110.ext.armada.itGET /server-status HTTP/1.1 3-3718370/158/158_ 55.06010.00.400.40 64.227.126.135smtp110.ext.armada.itGET /server HTTP/1.1 4-37-0/0/5. 0.111450700.00.000.02 ::1smtp110.ext.armada.itOPTIONS * HTTP/1.0 5-37134571/125/125C 28.481260.00.380.38 64.227.126.135smtp110.ext.armada.itGET /.vscode/sftp.json HTTP/1.1 SrvChild Server number - generation PIDOS process ID AccNumber of accesses this connection / this child / this slot MMode of operation CPUCPU usage, number of seconds SSSeconds since beginning of most recent request ReqMilliseconds required to process most recent request ConnKilobytes transferred this connection ChildMegabytes transferred this child SlotTotal megabytes transferred this slot
Found on 2024-03-03 14:24 -
Severity: medium
Fingerprint: ee80c6706842d3ef6842d3ef6325bb316325bb310450903104509031f5d1fcffApache Status Apache Server Status for 5.134.127.229 Server Version: Apache/2.2.15 (Unix) DAV/2 PHP/5.3.3 Server Built: Oct 16 2014 14:48:21 Current Time: Friday, 01-Mar-2024 09:04:41 CET Restart Time: Friday, 01-Mar-2024 03:12:01 CET Parent Server Generation: 35 Server uptime: 5 hours 52 minutes 39 seconds Total accesses: 1020 - Total Traffic: 2.6 MB CPU Usage: u270.62 s10.1 cu0 cs0 - 1.33% CPU load .0482 requests/sec - 131 B/second - 2719 B/request 3 requests currently being processed, 1 idle workers _WCC............................................................ ................................................................ ................................................................ ................................................................ Scoreboard Key: "_" Waiting for Connection, "S" Starting up, "R" Reading Request, "W" Sending Reply, "K" Keepalive (read), "D" DNS Lookup, "C" Closing connection, "L" Logging, "G" Gracefully finishing, "I" Idle cleanup of worker, "." Open slot with no current process SrvPIDAccMCPU SSReqConnChildSlotClientVHostRequest 0-35281720/341/341_ 70.090250.00.890.89 146.190.64.200smtp110.ext.armada.itGET /.vscode/sftp.json HTTP/1.1 1-35281730/334/334W 126.48000.00.810.81 146.190.64.200smtp110.ext.armada.itGET /server-status HTTP/1.1 2-35284021/342/342C 84.091250.00.940.94 146.190.64.200smtp110.ext.armada.itGET /about HTTP/1.1 3-35242131/3/3C 0.060210.00.000.00 146.190.64.200smtp110.ext.armada.itGET /ecp/Current/exporttool/microsoft.exchange.ediscovery.expor SrvChild Server number - generation PIDOS process ID AccNumber of accesses this connection / this child / this slot MMode of operation CPUCPU usage, number of seconds SSSeconds since beginning of most recent request ReqMilliseconds required to process most recent request ConnKilobytes transferred this connection ChildMegabytes transferred this child SlotTotal megabytes transferred this slot
Found on 2024-03-01 08:04 -
Severity: medium
Fingerprint: ee80c6706842d3ef6842d3ef6325bb316325bb310450903104509031cca42328Apache Status Apache Server Status for 5.134.127.229 Server Version: Apache/2.2.15 (Unix) DAV/2 PHP/5.3.3 Server Built: Oct 16 2014 14:48:21 Current Time: Tuesday, 20-Feb-2024 04:26:06 CET Restart Time: Tuesday, 20-Feb-2024 03:44:01 CET Parent Server Generation: 25 Server uptime: 42 minutes 4 seconds Total accesses: 158 - Total Traffic: 301 kB CPU Usage: u37.13 s1.56 cu0 cs0 - 1.53% CPU load .0626 requests/sec - 122 B/second - 1950 B/request 4 requests currently being processed, 1 idle workers CCCW_........................................................... ................................................................ ................................................................ ................................................................ Scoreboard Key: "_" Waiting for Connection, "S" Starting up, "R" Reading Request, "W" Sending Reply, "K" Keepalive (read), "D" DNS Lookup, "C" Closing connection, "L" Logging, "G" Gracefully finishing, "I" Idle cleanup of worker, "." Open slot with no current process SrvPIDAccMCPU SSReqConnChildSlotClientVHostRequest 0-2556731/79/79C 21.341180.00.160.16 162.243.161.105smtp110.ext.armada.itGET /about HTTP/1.1 1-2556741/76/76C 17.271260.00.140.14 162.243.161.105smtp110.ext.armada.itGET /.vscode/sftp.json HTTP/1.1 2-25178691/3/3C 0.080180.00.000.00 162.243.161.105smtp110.ext.armada.itGET /ecp/Current/exporttool/microsoft.exchange.ediscovery.expor 3-25178720/0/0W 0.00000.00.000.00 162.243.161.105smtp110.ext.armada.itGET /server-status HTTP/1.1 SrvChild Server number - generation PIDOS process ID AccNumber of accesses this connection / this child / this slot MMode of operation CPUCPU usage, number of seconds SSSeconds since beginning of most recent request ReqMilliseconds required to process most recent request ConnKilobytes transferred this connection ChildMegabytes transferred this child SlotTotal megabytes transferred this slot
Found on 2024-02-20 03:25 -
Severity: medium
Fingerprint: ee80c6706842d3ef6842d3ef6325bb316325bb3104509031045090314d5f1acdApache Status Apache Server Status for 5.134.127.229 Server Version: Apache/2.2.15 (Unix) DAV/2 PHP/5.3.3 Server Built: Oct 16 2014 14:48:21 Current Time: Thursday, 15-Feb-2024 19:52:49 CET Restart Time: Thursday, 15-Feb-2024 03:51:02 CET Parent Server Generation: 20 Server uptime: 16 hours 1 minute 47 seconds Total accesses: 2795 - Total Traffic: 7.8 MB CPU Usage: u747.76 s23.54 cu0 cs0 - 1.34% CPU load .0484 requests/sec - 141 B/second - 2915 B/request 4 requests currently being processed, 1 idle workers _CC.WC.......................................................... ................................................................ ................................................................ ................................................................ Scoreboard Key: "_" Waiting for Connection, "S" Starting up, "R" Reading Request, "W" Sending Reply, "K" Keepalive (read), "D" DNS Lookup, "C" Closing connection, "L" Logging, "G" Gracefully finishing, "I" Idle cleanup of worker, "." Open slot with no current process SrvPIDAccMCPU SSReqConnChildSlotClientVHostRequest 0-20188590/808/808_ 194.450130.02.282.28 143.42.118.5smtp110.ext.armada.itGET /v2/_catalog HTTP/1.1 1-20188601/797/797C 262.251140.02.192.19 143.42.118.5smtp110.ext.armada.itGET /about HTTP/1.1 2-20283211/762/762C 205.660130.02.162.16 143.42.118.5smtp110.ext.armada.itGET /ecp/Current/exporttool/microsoft.exchange.ediscovery.expor 3-20-0/0/10. 0.322033700.00.000.01 ::1smtp110.ext.armada.itOPTIONS * HTTP/1.0 4-20326610/207/207W 57.49000.00.530.53 143.42.118.5smtp110.ext.armada.itGET /server-status HTTP/1.1 5-20326621/210/210C 51.131140.00.600.60 143.42.118.5smtp110.ext.armada.itGET /.vscode/sftp.json HTTP/1.1 6-20-0/0/1. 0.002033800.00.000.00 ::1smtp110.ext.armada.itOPTIONS * HTTP/1.0 SrvChild Server number - generation PIDOS process ID AccNumber of accesses this connection / this child / this slot MMode of operation CPUCPU usage, number of seconds SSSeconds since beginning of most recent request ReqMilliseconds required to process most recent request ConnKilobytes transferred this connection ChildMegabytes transferred this child SlotTotal megabytes transferred this slot
Found on 2024-02-15 18:52 -
Severity: medium
Fingerprint: ee80c6706842d3ef6842d3ef6325bb316325bb3104509031045090315aa1e452Apache Status Apache Server Status for 5.134.127.229 Server Version: Apache/2.2.15 (Unix) DAV/2 PHP/5.3.3 Server Built: Oct 16 2014 14:48:21 Current Time: Wednesday, 14-Feb-2024 13:42:40 CET Restart Time: Wednesday, 14-Feb-2024 03:44:02 CET Parent Server Generation: 19 Server uptime: 9 hours 58 minutes 38 seconds Total accesses: 1904 - Total Traffic: 5.6 MB CPU Usage: u417.97 s13.97 cu0 cs0 - 1.2% CPU load .053 requests/sec - 163 B/second - 3091 B/request 4 requests currently being processed, 1 idle workers C_WCC........................................................... ................................................................ ................................................................ ................................................................ Scoreboard Key: "_" Waiting for Connection, "S" Starting up, "R" Reading Request, "W" Sending Reply, "K" Keepalive (read), "D" DNS Lookup, "C" Closing connection, "L" Logging, "G" Gracefully finishing, "I" Idle cleanup of worker, "." Open slot with no current process SrvPIDAccMCPU SSReqConnChildSlotClientVHostRequest 0-1991601/530/530C 105.230140.01.551.55 207.154.240.169smtp110.ext.armada.itGET /about HTTP/1.1 1-1991610/497/497_ 122.130130.01.361.36 207.154.240.169smtp110.ext.armada.itGET /v2/_catalog HTTP/1.1 2-1968370/399/399W 89.14000.00.930.93 207.154.240.169smtp110.ext.armada.itGET /server-status HTTP/1.1 3-1971221/337/337C 82.560130.01.351.35 207.154.240.169smtp110.ext.armada.itGET /ecp/Current/exporttool/microsoft.exchange.ediscovery.expor 4-1914841/141/141C 32.880140.00.420.42 207.154.240.169smtp110.ext.armada.itGET /.vscode/sftp.json HTTP/1.1 SrvChild Server number - generation PIDOS process ID AccNumber of accesses this connection / this child / this slot MMode of operation CPUCPU usage, number of seconds SSSeconds since beginning of most recent request ReqMilliseconds required to process most recent request ConnKilobytes transferred this connection ChildMegabytes transferred this child SlotTotal megabytes transferred this slot
Found on 2024-02-14 12:42 -
Severity: medium
Fingerprint: ee80c6706842d3ef6842d3ef6325bb316325bb31045090310450903172393db1Apache Status Apache Server Status for 5.134.127.229 Server Version: Apache/2.2.15 (Unix) DAV/2 PHP/5.3.3 Server Built: Oct 16 2014 14:48:21 Current Time: Thursday, 01-Feb-2024 18:03:23 CET Restart Time: Thursday, 01-Feb-2024 04:19:01 CET Parent Server Generation: 6 Server uptime: 13 hours 44 minutes 21 seconds Total accesses: 2282 - Total Traffic: 6.1 MB CPU Usage: u611.35 s19.1 cu0 cs0 - 1.27% CPU load .0461 requests/sec - 129 B/second - 2812 B/request 4 requests currently being processed, 1 idle workers CC_CW........................................................... ................................................................ ................................................................ ................................................................ Scoreboard Key: "_" Waiting for Connection, "S" Starting up, "R" Reading Request, "W" Sending Reply, "K" Keepalive (read), "D" DNS Lookup, "C" Closing connection, "L" Logging, "G" Gracefully finishing, "I" Idle cleanup of worker, "." Open slot with no current process SrvPIDAccMCPU SSReqConnChildSlotClientVHostRequest 0-666261/625/625C 198.980160.01.841.84 138.68.133.118smtp110.ext.armada.itGET /.vscode/sftp.json HTTP/1.1 1-666271/619/619C 149.550180.01.561.56 138.68.133.118smtp110.ext.armada.itGET /ecp/Current/exporttool/microsoft.exchange.ediscovery.expor 2-6158330/575/575_ 147.790150.01.641.64 138.68.133.118smtp110.ext.armada.itGET /v2/_catalog HTTP/1.1 3-6141961/446/446C 130.840140.01.051.05 138.68.133.118smtp110.ext.armada.itGET /about HTTP/1.1 4-65150/15/15W 3.26000.00.030.03 138.68.133.118smtp110.ext.armada.itGET /server-status HTTP/1.1 5-6-0/0/2. 0.03123900.00.000.01 ::1smtp110.ext.armada.itOPTIONS * HTTP/1.0 SrvChild Server number - generation PIDOS process ID AccNumber of accesses this connection / this child / this slot MMode of operation CPUCPU usage, number of seconds SSSeconds since beginning of most recent request ReqMilliseconds required to process most recent request ConnKilobytes transferred this connection ChildMegabytes transferred this child SlotTotal megabytes transferred this slot
Found on 2024-02-01 17:03 -
Severity: medium
Fingerprint: ee80c6706842d3ef6842d3ef6325bb316325bb310450903104509031f2dbc6a9Apache Status Apache Server Status for 5.134.127.229 Server Version: Apache/2.2.15 (Unix) DAV/2 PHP/5.3.3 Server Built: Oct 16 2014 14:48:21 Current Time: Saturday, 27-Jan-2024 13:49:22 CET Restart Time: Saturday, 27-Jan-2024 03:49:02 CET Parent Server Generation: 1 Server uptime: 10 hours 19 seconds Total accesses: 1840 - Total Traffic: 6.1 MB CPU Usage: u448.51 s14.39 cu0 cs0 - 1.29% CPU load .0511 requests/sec - 178 B/second - 3491 B/request 4 requests currently being processed, 1 idle workers WCCC_........................................................... ................................................................ ................................................................ ................................................................ Scoreboard Key: "_" Waiting for Connection, "S" Starting up, "R" Reading Request, "W" Sending Reply, "K" Keepalive (read), "D" DNS Lookup, "C" Closing connection, "L" Logging, "G" Gracefully finishing, "I" Idle cleanup of worker, "." Open slot with no current process SrvPIDAccMCPU SSReqConnChildSlotClientVHostRequest 0-1180640/530/530W 128.51000.01.861.86 159.203.182.222smtp110.ext.armada.itGET /server-status HTTP/1.1 1-1180651/525/525C 111.531150.01.551.55 159.203.182.222smtp110.ext.armada.itGET /about HTTP/1.1 2-1210991/318/318C 101.580230.01.011.01 159.203.182.222smtp110.ext.armada.itGET /ecp/Current/exporttool/microsoft.exchange.ediscovery.expor 3-1130831/229/229C 68.171150.00.860.86 159.203.182.222smtp110.ext.armada.itGET /.vscode/sftp.json HTTP/1.1 4-1130920/234/234_ 53.110180.00.850.85 159.203.182.222smtp110.ext.armada.itGET /v2/_catalog HTTP/1.1 5-1-0/0/3. 0.00527500.00.000.01 ::1smtp110.ext.armada.itOPTIONS * HTTP/1.0 6-1-0/0/1. 0.002259600.00.000.00 ::1smtp110.ext.armada.itOPTIONS * HTTP/1.0 SrvChild Server number - generation PIDOS process ID AccNumber of accesses this connection / this child / this slot MMode of operation CPUCPU usage, number of seconds SSSeconds since beginning of most recent request ReqMilliseconds required to process most recent request ConnKilobytes transferred this connection ChildMegabytes transferred this child SlotTotal megabytes transferred this slot
Found on 2024-01-27 12:49 -
Severity: medium
Fingerprint: ee80c6706842d3ef6842d3ef6325bb316325bb31045090310450903103c86ba0Apache Status Apache Server Status for 5.134.127.229 Server Version: Apache/2.2.15 (Unix) DAV/2 PHP/5.3.3 Server Built: Oct 16 2014 14:48:21 Current Time: Wednesday, 17-Jan-2024 10:55:03 CET Restart Time: Wednesday, 17-Jan-2024 03:23:01 CET Parent Server Generation: 267 Server uptime: 7 hours 32 minutes 2 seconds Total accesses: 1371 - Total Traffic: 4.5 MB CPU Usage: u295.96 s9.26 cu0 cs0 - 1.13% CPU load .0505 requests/sec - 174 B/second - 3459 B/request 5 requests currently being processed, 1 idle workers CWCCW_.......................................................... ................................................................ ................................................................ ................................................................ Scoreboard Key: "_" Waiting for Connection, "S" Starting up, "R" Reading Request, "W" Sending Reply, "K" Keepalive (read), "D" DNS Lookup, "C" Closing connection, "L" Logging, "G" Gracefully finishing, "I" Idle cleanup of worker, "." Open slot with no current process SrvPIDAccMCPU SSReqConnChildSlotClientVHostRequest 0-26772511/652/652C 143.541150.02.542.54 128.199.61.251smtp110.ext.armada.itGET /about HTTP/1.1 1-26772520/652/652W 150.10200.01.801.80 127.0.0.1smtp110.ext.armada.itGET /parser/ HTTP/1.1 2-267140131/64/64C 11.531150.00.180.18 128.199.61.251smtp110.ext.armada.itGET /.vscode/sftp.json HTTP/1.1 3-26714851/3/3C 0.050160.00.000.00 128.199.61.251smtp110.ext.armada.itGET /ecp/Current/exporttool/microsoft.exchange.ediscovery.expor 4-26714870/0/0W 0.00000.00.000.00 128.199.61.251smtp110.ext.armada.itGET /server-status HTTP/1.1 SrvChild Server number - generation PIDOS process ID AccNumber of accesses this connection / this child / this slot MMode of operation CPUCPU usage, number of seconds SSSeconds since beginning of most recent request ReqMilliseconds required to process most recent request ConnKilobytes transferred this connection ChildMegabytes transferred this child SlotTotal megabytes transferred this slot
Found on 2024-01-17 09:54 -
Severity: medium
Fingerprint: ee80c6706842d3ef6842d3ef6325bb316325bb31045090310450903161490013Apache Status Apache Server Status for 5.134.127.229 Server Version: Apache/2.2.15 (Unix) DAV/2 PHP/5.3.3 Server Built: Oct 16 2014 14:48:21 Current Time: Sunday, 07-Jan-2024 00:04:08 CET Restart Time: Saturday, 06-Jan-2024 03:18:01 CET Parent Server Generation: 256 Server uptime: 20 hours 46 minutes 6 seconds Total accesses: 4302 - Total Traffic: 10.6 MB CPU Usage: u328.12 s10.39 cu0 cs0 - .453% CPU load .0575 requests/sec - 147 B/second - 2572 B/request 4 requests currently being processed, 1 idle workers W_....C...CC.................................................... ................................................................ ................................................................ ................................................................ Scoreboard Key: "_" Waiting for Connection, "S" Starting up, "R" Reading Request, "W" Sending Reply, "K" Keepalive (read), "D" DNS Lookup, "C" Closing connection, "L" Logging, "G" Gracefully finishing, "I" Idle cleanup of worker, "." Open slot with no current process SrvPIDAccMCPU SSReqConnChildSlotClientVHostRequest 0-256223830/194/889W 28.77000.00.512.07 139.144.150.205smtp110.ext.armada.itGET /server-status HTTP/1.1 1-256185590/42/757_ 12.770210.00.111.63 139.144.150.205smtp110.ext.armada.itGET /v2/_catalog HTTP/1.1 2-256-0/0/794. 0.02198200.00.001.66 ::1smtp110.ext.armada.itOPTIONS * HTTP/1.0 3-256-0/0/534. 0.001656900.00.001.33 ::1smtp110.ext.armada.itOPTIONS * HTTP/1.0 4-256-0/0/341. 46.761657100.00.000.87 ::1smtp110.ext.armada.itOPTIONS * HTTP/1.0 5-256-0/0/232. 64.09339400.00.000.88 ::1smtp110.ext.armada.itOPTIONS * HTTP/1.0 6-256260381/180/184C 50.580160.00.440.45 139.144.150.205smtp110.ext.armada.itGET /about HTTP/1.1 7-256-0/0/10. 0.001657300.00.000.06 ::1smtp110.ext.armada.itOPTIONS * HTTP/1.0 8-256-0/0/4. 0.001657600.00.000.00 ::1smtp110.ext.armada.itOPTIONS * HTTP/1.0 9-256-0/0/107. 37.421657000.00.000.35 ::1smtp110.ext.armada.itOPTIONS * HTTP/1.0 10-256127191/278/278C 59.100140.00.840.84 139.144.150.205smtp110.ext.armada.itGET /.vscode/sftp.json HTTP/1.1 11-256260411/171/172C 39.000200.00.420.42 139.144.150.205smtp110.ext.armada.itGET /ecp/Current/exporttool/microsoft.exchange.ediscovery.expor SrvChild Server number - generation PIDOS process ID AccNumber of accesses this connection / this child / this slot MMode of operation CPUCPU usage, number of seconds SSSeconds since beginning of most recent request ReqMilliseconds required to process most recent request ConnKilobytes transferred this connection ChildMegabytes transferred this child SlotTotal megabytes transferred this slot
Found on 2024-01-06 23:03 -
Severity: medium
Fingerprint: ee80c6706842d3ef6842d3ef6325bb316325bb31045090310450903124280a1cApache Status Apache Server Status for 5.134.127.229 Server Version: Apache/2.2.15 (Unix) DAV/2 PHP/5.3.3 Server Built: Oct 16 2014 14:48:21 Current Time: Friday, 05-Jan-2024 15:47:59 CET Restart Time: Friday, 05-Jan-2024 03:47:01 CET Parent Server Generation: 255 Server uptime: 12 hours 57 seconds Total accesses: 2154 - Total Traffic: 6.9 MB CPU Usage: u469.59 s14.64 cu0 cs0 - 1.12% CPU load .0498 requests/sec - 168 B/second - 3382 B/request 4 requests currently being processed, 1 idle workers C.WC_C.......................................................... ................................................................ ................................................................ ................................................................ Scoreboard Key: "_" Waiting for Connection, "S" Starting up, "R" Reading Request, "W" Sending Reply, "K" Keepalive (read), "D" DNS Lookup, "C" Closing connection, "L" Logging, "G" Gracefully finishing, "I" Idle cleanup of worker, "." Open slot with no current process SrvPIDAccMCPU SSReqConnChildSlotClientVHostRequest 0-255213241/606/606C 160.890150.01.961.96 161.35.27.144smtp110.ext.armada.itGET /ecp/Current/exporttool/microsoft.exchange.ediscovery.expor 1-255-0/0/600. 158.7522800.00.001.63 ::1smtp110.ext.armada.itOPTIONS * HTTP/1.0 2-25595020/4/467W 0.08000.00.011.63 161.35.27.144smtp110.ext.armada.itGET /server-status HTTP/1.1 3-255218391/220/220C 62.180140.00.960.96 161.35.27.144smtp110.ext.armada.itGET /about HTTP/1.1 4-255287200/41/42_ 4.220160.00.210.21 161.35.27.144smtp110.ext.armada.itGET /v2/_catalog HTTP/1.1 5-255218441/219/219C 98.110160.00.560.56 161.35.27.144smtp110.ext.armada.itGET /.vscode/sftp.json HTTP/1.1 SrvChild Server number - generation PIDOS process ID AccNumber of accesses this connection / this child / this slot MMode of operation CPUCPU usage, number of seconds SSSeconds since beginning of most recent request ReqMilliseconds required to process most recent request ConnKilobytes transferred this connection ChildMegabytes transferred this child SlotTotal megabytes transferred this slot
Found on 2024-01-05 14:47 -
Severity: medium
Fingerprint: ee80c6706842d3ef6842d3ef6325bb316325bb310450903104509031964fdfb7Apache Status Apache Server Status for 5.134.127.229 Server Version: Apache/2.2.15 (Unix) DAV/2 PHP/5.3.3 Server Built: Oct 16 2014 14:48:21 Current Time: Saturday, 23-Dec-2023 20:26:32 CET Restart Time: Saturday, 23-Dec-2023 03:30:01 CET Parent Server Generation: 242 Server uptime: 16 hours 56 minutes 31 seconds Total accesses: 2765 - Total Traffic: 7.8 MB CPU Usage: u700.3 s21.04 cu0 cs0 - 1.18% CPU load .0453 requests/sec - 134 B/second - 2975 B/request 4 requests currently being processed, 1 idle workers .WC..C_C........................................................ ................................................................ ................................................................ ................................................................ Scoreboard Key: "_" Waiting for Connection, "S" Starting up, "R" Reading Request, "W" Sending Reply, "K" Keepalive (read), "D" DNS Lookup, "C" Closing connection, "L" Logging, "G" Gracefully finishing, "I" Idle cleanup of worker, "." Open slot with no current process SrvPIDAccMCPU SSReqConnChildSlotClientVHostRequest 0-242-0/0/827. 233.1463400.00.002.26 ::1smtp110.ext.armada.itOPTIONS * HTTP/1.0 1-242232710/829/829W 199.96000.02.252.25 159.89.83.196smtp110.ext.armada.itGET /server-status HTTP/1.1 2-242168191/687/687C 175.741170.02.132.13 159.89.83.196smtp110.ext.armada.itGET /about HTTP/1.1 3-242-0/0/244. 66.4463200.00.000.74 ::1smtp110.ext.armada.itOPTIONS * HTTP/1.0 4-242-0/0/152. 41.8763300.00.000.42 ::1smtp110.ext.armada.itOPTIONS * HTTP/1.0 5-24299751/9/9C 3.580220.00.020.02 159.89.83.196smtp110.ext.armada.itGET /ecp/Current/exporttool/microsoft.exchange.ediscovery.expor 6-24299780/9/9_ 0.490220.00.020.02 159.89.83.196smtp110.ext.armada.itGET /v2/_catalog HTTP/1.1 7-24299791/8/8C 0.121200.00.010.01 159.89.83.196smtp110.ext.armada.itGET /.vscode/sftp.json HTTP/1.1 SrvChild Server number - generation PIDOS process ID AccNumber of accesses this connection / this child / this slot MMode of operation CPUCPU usage, number of seconds SSSeconds since beginning of most recent request ReqMilliseconds required to process most recent request ConnKilobytes transferred this connection ChildMegabytes transferred this child SlotTotal megabytes transferred this slot
Found on 2023-12-23 19:26 -
Severity: medium
Fingerprint: ee80c6706842d3ef6842d3ef6325bb316325bb31045090310450903137d29dc3Apache Status Apache Server Status for 5.134.127.229 Server Version: Apache/2.2.15 (Unix) DAV/2 PHP/5.3.3 Server Built: Oct 16 2014 14:48:21 Current Time: Thursday, 14-Dec-2023 19:36:02 CET Restart Time: Thursday, 14-Dec-2023 03:28:01 CET Parent Server Generation: 233 Server uptime: 16 hours 8 minutes Total accesses: 3125 - Total Traffic: 11.0 MB CPU Usage: u733.52 s23.48 cu0 cs0 - 1.3% CPU load .0538 requests/sec - 197 B/second - 3677 B/request 4 requests currently being processed, 1 idle workers C._WC.C......................................................... ................................................................ ................................................................ ................................................................ Scoreboard Key: "_" Waiting for Connection, "S" Starting up, "R" Reading Request, "W" Sending Reply, "K" Keepalive (read), "D" DNS Lookup, "C" Closing connection, "L" Logging, "G" Gracefully finishing, "I" Idle cleanup of worker, "." Open slot with no current process SrvPIDAccMCPU SSReqConnChildSlotClientVHostRequest 0-23334541/818/818C 209.691200.02.552.55 104.236.193.132smtp110.ext.armada.itGET /.vscode/sftp.json HTTP/1.1 1-233-0/0/682. 130.981366100.00.002.50 ::1smtp110.ext.armada.itOPTIONS * HTTP/1.0 2-233241700/694/694_ 198.090160.02.172.17 104.236.193.132smtp110.ext.armada.itGET /v2/_catalog HTTP/1.1 3-233194680/402/402W 80.10000.01.571.57 104.236.193.132smtp110.ext.armada.itGET /server-status HTTP/1.1 4-233198831/378/378C 98.950180.01.581.58 104.236.193.132smtp110.ext.armada.itGET /ecp/Current/exporttool/microsoft.exchange.ediscovery.expor 5-233-0/0/11. 0.001366000.00.000.05 ::1smtp110.ext.armada.itOPTIONS * HTTP/1.0 6-233161321/140/140C 39.191210.00.540.54 104.236.193.132smtp110.ext.armada.itGET /about HTTP/1.1 SrvChild Server number - generation PIDOS process ID AccNumber of accesses this connection / this child / this slot MMode of operation CPUCPU usage, number of seconds SSSeconds since beginning of most recent request ReqMilliseconds required to process most recent request ConnKilobytes transferred this connection ChildMegabytes transferred this child SlotTotal megabytes transferred this slot
Found on 2023-12-14 18:35 -
Severity: medium
Fingerprint: ee80c6706842d3ef6842d3ef6325bb316325bb310450903104509031930818bdApache Status Apache Server Status for 5.134.127.229 Server Version: Apache/2.2.15 (Unix) DAV/2 PHP/5.3.3 Server Built: Oct 16 2014 14:48:21 Current Time: Monday, 11-Dec-2023 12:37:26 CET Restart Time: Monday, 11-Dec-2023 03:43:01 CET Parent Server Generation: 230 Server uptime: 8 hours 54 minutes 24 seconds Total accesses: 1593 - Total Traffic: 4.5 MB CPU Usage: u433.67 s13.83 cu0 cs0 - 1.4% CPU load .0497 requests/sec - 147 B/second - 2968 B/request 4 requests currently being processed, 1 idle workers C.CC_..W........................................................ ................................................................ ................................................................ ................................................................ Scoreboard Key: "_" Waiting for Connection, "S" Starting up, "R" Reading Request, "W" Sending Reply, "K" Keepalive (read), "D" DNS Lookup, "C" Closing connection, "L" Logging, "G" Gracefully finishing, "I" Idle cleanup of worker, "." Open slot with no current process SrvPIDAccMCPU SSReqConnChildSlotClientVHostRequest 0-230267431/526/526C 129.051130.01.591.59 162.243.186.177smtp110.ext.armada.itGET /.vscode/sftp.json HTTP/1.1 1-230-0/0/515. 171.22157900.00.001.54 ::1smtp110.ext.armada.itOPTIONS * HTTP/1.0 2-23085151/438/438C 122.410190.01.121.12 162.243.186.177smtp110.ext.armada.itGET /ecp/Current/exporttool/microsoft.exchange.ediscovery.expor 3-23071351/18/23C 3.511130.00.040.05 162.243.186.177smtp110.ext.armada.itGET /about HTTP/1.1 4-23075370/17/20_ 1.260140.00.050.05 162.243.186.177smtp110.ext.armada.itGET /v2/_catalog HTTP/1.1 5-230-0/0/2. 0.02344100.00.000.00 ::1smtp110.ext.armada.itOPTIONS * HTTP/1.0 6-230-0/0/2. 0.02344300.00.000.01 ::1smtp110.ext.armada.itOPTIONS * HTTP/1.0 7-230311970/42/42W 10.02000.00.110.11 162.243.186.177smtp110.ext.armada.itGET /server-status HTTP/1.1 8-230-0/0/1. 0.00344400.00.000.00 ::1smtp110.ext.armada.itOPTIONS * HTTP/1.0 9-230-0/0/24. 9.99165000.00.000.04 ::1smtp110.ext.armada.itOPTIONS * HTTP/1.0 SrvChild Server number - generation PIDOS process ID AccNumber of accesses this connection / this child / this slot MMode of operation CPUCPU usage, number of seconds SSSeconds since beginning of most recent request ReqMilliseconds required to process most recent request ConnKilobytes transferred this connection ChildMegabytes transferred this child SlotTotal megabytes transferred this slot
Found on 2023-12-11 11:37 -
Severity: medium
Fingerprint: ee80c6706842d3ef6842d3ef6325bb316325bb310450903104509031d1c3e075Apache Status Apache Server Status for 5.134.127.229 Server Version: Apache/2.2.15 (Unix) DAV/2 PHP/5.3.3 Server Built: Oct 16 2014 14:48:21 Current Time: Thursday, 16-Nov-2023 18:28:21 CET Restart Time: Thursday, 16-Nov-2023 03:35:01 CET Parent Server Generation: 205 Server uptime: 14 hours 53 minutes 20 seconds Total accesses: 3193 - Total Traffic: 8.7 MB CPU Usage: u461.73 s15.45 cu0 cs0 - .89% CPU load .0596 requests/sec - 170 B/second - 2869 B/request 4 requests currently being processed, 1 idle workers CWC.C_.......................................................... ................................................................ ................................................................ ................................................................ Scoreboard Key: "_" Waiting for Connection, "S" Starting up, "R" Reading Request, "W" Sending Reply, "K" Keepalive (read), "D" DNS Lookup, "C" Closing connection, "L" Logging, "G" Gracefully finishing, "I" Idle cleanup of worker, "." Open slot with no current process SrvPIDAccMCPU SSReqConnChildSlotClientVHostRequest 0-205257531/819/819C 211.170150.02.412.41 165.232.76.155smtp110.ext.armada.itGET /ecp/Current/exporttool/microsoft.exchange.ediscovery.expor 1-205257540/769/769W 170.20000.02.092.09 165.232.76.155smtp110.ext.armada.itGET /server-status HTTP/1.1 2-205304591/46/739C 7.930150.00.052.16 165.232.76.155smtp110.ext.armada.itGET /.vscode/sftp.json HTTP/1.1 3-205-0/0/413. 0.03223600.00.001.05 ::1smtp110.ext.armada.itOPTIONS * HTTP/1.0 4-205136751/380/380C 76.660160.00.940.94 165.232.76.155smtp110.ext.armada.itGET /about HTTP/1.1 5-205261080/68/70_ 11.170150.00.070.08 165.232.76.155smtp110.ext.armada.itGET /v2/_catalog HTTP/1.1 6-205-0/0/2. 0.02321400.00.000.01 ::1smtp110.ext.armada.itOPTIONS * HTTP/1.0 7-205-0/0/1. 0.00321500.00.000.00 ::1smtp110.ext.armada.itOPTIONS * HTTP/1.0 SrvChild Server number - generation PIDOS process ID AccNumber of accesses this connection / this child / this slot MMode of operation CPUCPU usage, number of seconds SSSeconds since beginning of most recent request ReqMilliseconds required to process most recent request ConnKilobytes transferred this connection ChildMegabytes transferred this child SlotTotal megabytes transferred this slot
Found on 2023-11-16 17:28 -
Severity: medium
Fingerprint: ee80c6706842d3ef6842d3ef6325bb316325bb310450903104509031ca143aecApache Status Apache Server Status for 5.134.127.229 Server Version: Apache/2.2.15 (Unix) DAV/2 PHP/5.3.3 Server Built: Oct 16 2014 14:48:21 Current Time: Thursday, 09-Nov-2023 07:23:14 CET Restart Time: Thursday, 09-Nov-2023 03:51:15 CET Parent Server Generation: 198 Server uptime: 3 hours 31 minutes 58 seconds Total accesses: 619 - Total Traffic: 1.6 MB CPU Usage: u129.53 s4.06 cu0 cs0 - 1.05% CPU load .0487 requests/sec - 129 B/second - 2656 B/request 4 requests currently being processed, 0 idle workers CCWC............................................................ ................................................................ ................................................................ ................................................................ Scoreboard Key: "_" Waiting for Connection, "S" Starting up, "R" Reading Request, "W" Sending Reply, "K" Keepalive (read), "D" DNS Lookup, "C" Closing connection, "L" Logging, "G" Gracefully finishing, "I" Idle cleanup of worker, "." Open slot with no current process SrvPIDAccMCPU SSReqConnChildSlotClientVHostRequest 0-198202801/176/176C 31.381160.00.410.41 104.236.193.132smtp110.ext.armada.itGET /.vscode/sftp.json HTTP/1.1 1-198202811/177/177C 28.531140.00.450.45 104.236.193.132smtp110.ext.armada.itGET /about HTTP/1.1 2-198287050/138/138W 43.85000.00.400.40 104.236.193.132smtp110.ext.armada.itGET /server-status HTTP/1.1 3-198287281/128/128C 29.830140.00.310.31 104.236.193.132smtp110.ext.armada.itGET /ecp/Current/exporttool/microsoft.exchange.ediscovery.expor SrvChild Server number - generation PIDOS process ID AccNumber of accesses this connection / this child / this slot MMode of operation CPUCPU usage, number of seconds SSSeconds since beginning of most recent request ReqMilliseconds required to process most recent request ConnKilobytes transferred this connection ChildMegabytes transferred this child SlotTotal megabytes transferred this slot
Found on 2023-11-09 06:23 -
Severity: medium
Fingerprint: ee80c6706842d3ef6842d3ef6325bb316325bb310450903104509031d1692f35Apache Status Apache Server Status for 5.134.127.229 Server Version: Apache/2.2.15 (Unix) DAV/2 PHP/5.3.3 Server Built: Oct 16 2014 14:48:21 Current Time: Sunday, 05-Nov-2023 21:42:48 CET Restart Time: Sunday, 05-Nov-2023 03:09:02 CET Parent Server Generation: 194 Server uptime: 18 hours 33 minutes 46 seconds Total accesses: 4388 - Total Traffic: 10.1 MB CPU Usage: u168.45 s6.28 cu0 cs0 - .261% CPU load .0657 requests/sec - 158 B/second - 2416 B/request 4 requests currently being processed, 1 idle workers _CCC....W....................................................... ................................................................ ................................................................ ................................................................ Scoreboard Key: "_" Waiting for Connection, "S" Starting up, "R" Reading Request, "W" Sending Reply, "K" Keepalive (read), "D" DNS Lookup, "C" Closing connection, "L" Logging, "G" Gracefully finishing, "I" Idle cleanup of worker, "." Open slot with no current process SrvPIDAccMCPU SSReqConnChildSlotClientVHostRequest 0-19484950/14/926_ 0.250150.00.042.32 74.207.237.114smtp110.ext.armada.itGET /v2/_catalog HTTP/1.1 1-194238201/939/939C 154.870150.02.042.04 74.207.237.114smtp110.ext.armada.itGET /ecp/Current/exporttool/microsoft.exchange.ediscovery.expor 2-19488851/9/855C 2.981170.00.022.10 74.207.237.114smtp110.ext.armada.itGET /about HTTP/1.1 3-19484991/14/504C 3.041140.00.020.99 74.207.237.114smtp110.ext.armada.itGET /.vscode/sftp.json HTTP/1.1 4-194-0/0/484. 9.1185500.00.000.95 ::1smtp110.ext.armada.itOPTIONS * HTTP/1.0 5-194-0/0/289. 0.0876200.00.000.85 ::1smtp110.ext.armada.itOPTIONS * HTTP/1.0 6-194-0/0/341. 3.5985400.00.000.79 ::1smtp110.ext.armada.itOPTIONS * HTTP/1.0 7-194-0/0/7. 0.08253900.00.000.00 ::1smtp110.ext.armada.itOPTIONS * HTTP/1.0 8-1944660/43/43W 0.73000.00.080.08 74.207.237.114smtp110.ext.armada.itGET /server-status HTTP/1.1 SrvChild Server number - generation PIDOS process ID AccNumber of accesses this connection / this child / this slot MMode of operation CPUCPU usage, number of seconds SSSeconds since beginning of most recent request ReqMilliseconds required to process most recent request ConnKilobytes transferred this connection ChildMegabytes transferred this child SlotTotal megabytes transferred this slot
Found on 2023-11-05 20:42 -
Severity: medium
Fingerprint: ee80c6706842d3ef6842d3ef6325bb316325bb310450903104509031580c7a3fApache Status Apache Server Status for 5.134.127.229 Server Version: Apache/2.2.15 (Unix) DAV/2 PHP/5.3.3 Server Built: Oct 16 2014 14:48:21 Current Time: Thursday, 04-May-2023 13:47:37 CEST Restart Time: Thursday, 04-May-2023 04:33:02 CEST Parent Server Generation: 9 Server uptime: 9 hours 14 minutes 35 seconds Total accesses: 1562 - Total Traffic: 5.2 MB CPU Usage: u497.57 s17.46 cu0 cs0 - 1.55% CPU load .0469 requests/sec - 162 B/second - 3458 B/request 6 requests currently being processed, 0 idle workers CCCCCW.......................................................... ................................................................ ................................................................ ................................................................ Scoreboard Key: "_" Waiting for Connection, "S" Starting up, "R" Reading Request, "W" Sending Reply, "K" Keepalive (read), "D" DNS Lookup, "C" Closing connection, "L" Logging, "G" Gracefully finishing, "I" Idle cleanup of worker, "." Open slot with no current process SrvPIDAccMCPU SSReqConnChildSlotClientVHostRequest 0-9255541/566/566C 192.711130.01.631.63 165.232.76.155smtp110.ext.armada.itGET /.git/config HTTP/1.1 1-9255551/570/570C 172.211140.01.911.91 165.232.76.155smtp110.ext.armada.itGET /info.php HTTP/1.1 2-983321/424/424C 150.081140.01.611.61 165.232.76.155smtp110.ext.armada.itGET /ecp/Current/exporttool/microsoft.exchange.ediscovery.expor 3-9291251/1/1C 0.011190.00.000.00 165.232.76.155smtp110.ext.armada.itGET /telescope/requests HTTP/1.1 4-9291261/1/1C 0.020310.00.000.00 165.232.76.155smtp110.ext.armada.itGET /.env HTTP/1.1 5-9291270/0/0W 0.00000.00.000.00 165.232.76.155smtp110.ext.armada.itGET /server-status HTTP/1.1 SrvChild Server number - generation PIDOS process ID AccNumber of accesses this connection / this child / this slot MMode of operation CPUCPU usage, number of seconds SSSeconds since beginning of most recent request ReqMilliseconds required to process most recent request ConnKilobytes transferred this connection ChildMegabytes transferred this child SlotTotal megabytes transferred this slot
Found on 2023-05-04 11:47 -
Severity: medium
Fingerprint: ee80c6706842d3ef6842d3ef6325bb316325bb310450903104509031a4b5d446Apache Status Apache Server Status for 5.134.127.229 Server Version: Apache/2.2.15 (Unix) DAV/2 PHP/5.3.3 Server Built: Oct 16 2014 14:48:21 Current Time: Tuesday, 11-Apr-2023 03:07:19 CEST Restart Time: Monday, 10-Apr-2023 03:44:01 CEST Parent Server Generation: 521 Server uptime: 23 hours 23 minutes 18 seconds Total accesses: 4297 - Total Traffic: 10.3 MB CPU Usage: u495.24 s19.98 cu0 cs0 - .612% CPU load .051 requests/sec - 128 B/second - 2511 B/request 5 requests currently being processed, 0 idle workers .C.WWW.C........................................................ ................................................................ ................................................................ ................................................................ Scoreboard Key: "_" Waiting for Connection, "S" Starting up, "R" Reading Request, "W" Sending Reply, "K" Keepalive (read), "D" DNS Lookup, "C" Closing connection, "L" Logging, "G" Gracefully finishing, "I" Idle cleanup of worker, "." Open slot with no current process SrvPIDAccMCPU SSReqConnChildSlotClientVHostRequest 0-521-0/0/812. 0.013005700.00.001.92 ::1smtp110.ext.armada.itOPTIONS * HTTP/1.0 1-521229671/464/1163C 98.400160.01.202.90 45.55.193.222smtp110.ext.armada.itGET /info.php HTTP/1.1 2-521-0/0/606. 23.083005800.00.001.34 ::1smtp110.ext.armada.itOPTIONS * HTTP/1.0 3-521129590/271/394W 84.78000.00.710.91 45.55.193.222smtp110.ext.armada.itGET /.DS_Store HTTP/1.1 4-521229140/483/483W 112.57000.01.141.14 45.55.193.222smtp110.ext.armada.itGET /.env HTTP/1.1 5-521129600/272/389W 102.33000.00.650.86 45.55.193.222smtp110.ext.armada.itGET /server-status HTTP/1.1 6-521-0/0/90. 21.413005900.00.000.25 ::1smtp110.ext.armada.itOPTIONS * HTTP/1.0 7-521152221/360/360C 72.640150.00.960.96 45.55.193.222smtp110.ext.armada.itGET /.git/config HTTP/1.1 SrvChild Server number - generation PIDOS process ID AccNumber of accesses this connection / this child / this slot MMode of operation CPUCPU usage, number of seconds SSSeconds since beginning of most recent request ReqMilliseconds required to process most recent request ConnKilobytes transferred this connection ChildMegabytes transferred this child SlotTotal megabytes transferred this slot
Found on 2023-04-11 01:07 -
Severity: medium
Fingerprint: ee80c6706842d3ef6842d3ef6325bb316325bb31045090310450903125503a2bApache Status Apache Server Status for 5.134.127.229 Server Version: Apache/2.2.15 (Unix) DAV/2 PHP/5.3.3 Server Built: Oct 16 2014 14:48:21 Current Time: Saturday, 18-Mar-2023 06:59:48 CET Restart Time: Saturday, 18-Mar-2023 03:09:02 CET Parent Server Generation: 498 Server uptime: 3 hours 50 minutes 46 seconds Total accesses: 658 - Total Traffic: 2.0 MB CPU Usage: u184.34 s7.73 cu0 cs0 - 1.39% CPU load .0475 requests/sec - 149 B/second - 3152 B/request 10 requests currently being processed, 0 idle workers CCCCCCCWCC...................................................... ................................................................ ................................................................ ................................................................ Scoreboard Key: "_" Waiting for Connection, "S" Starting up, "R" Reading Request, "W" Sending Reply, "K" Keepalive (read), "D" DNS Lookup, "C" Closing connection, "L" Logging, "G" Gracefully finishing, "I" Idle cleanup of worker, "." Open slot with no current process SrvPIDAccMCPU SSReqConnChildSlotClientVHostRequest 0-49847441/255/255C 55.230250.00.640.64 139.144.96.150smtp110.ext.armada.itGET /info.php HTTP/1.1 1-49847451/253/253C 83.500380.00.770.77 139.144.96.150smtp110.ext.armada.itGET /.DS_Store HTTP/1.1 2-498201391/142/142C 53.190356.00.560.56 139.144.96.150smtp110.ext.armada.itGET /?rest_route=/wp/v2/users/ HTTP/1.1 3-498146701/2/2C 0.051180.00.010.01 139.144.96.150smtp110.ext.armada.itGET /.vscode/sftp.json HTTP/1.1 4-498146711/2/2C 0.040240.00.000.00 139.144.96.150smtp110.ext.armada.itGET /api/search?folderIds=0 HTTP/1.1 5-498146721/1/1C 0.0207390.00.000.00 139.144.96.150smtp110.ext.armada.itGET /ecp/Current/exporttool/microsoft.exchange.ediscovery.expor 6-498146731/1/1C 0.020360.00.000.00 139.144.96.150smtp110.ext.armada.itGET /telescope/requests HTTP/1.1 7-498146740/0/0W 0.00000.00.000.00 139.144.96.150smtp110.ext.armada.itGET /server-status HTTP/1.1 8-498146751/1/1C 0.010250.00.000.00 139.144.96.150smtp110.ext.armada.itGET /config.json HTTP/1.1 9-498146761/1/1C 0.010250.00.000.00 139.144.96.150smtp110.ext.armada.itGET /v2/_catalog HTTP/1.1 SrvChild Server number - generation PIDOS process ID AccNumber of accesses this connection / this child / this slot MMode of operation CPUCPU usage, number of seconds SSSeconds since beginning of most recent request ReqMilliseconds required to process most recent request ConnKilobytes transferred this connection ChildMegabytes transferred this child SlotTotal megabytes transferred this slot
Found on 2023-03-18 05:59 -
Severity: medium
Fingerprint: ee80c6706842d3ef6842d3ef6325bb316325bb3104509031045090312d319f23Apache Status Apache Server Status for 5.134.127.229 Server Version: Apache/2.2.15 (Unix) DAV/2 PHP/5.3.3 Server Built: Oct 16 2014 14:48:21 Current Time: Friday, 03-Mar-2023 07:32:51 CET Restart Time: Friday, 03-Mar-2023 03:32:02 CET Parent Server Generation: 483 Server uptime: 4 hours 49 seconds Total accesses: 724 - Total Traffic: 2.4 MB CPU Usage: u174.79 s7.58 cu0 cs0 - 1.26% CPU load .0501 requests/sec - 171 B/second - 3414 B/request 6 requests currently being processed, 0 idle workers CCW..CCC........................................................ ................................................................ ................................................................ ................................................................ Scoreboard Key: "_" Waiting for Connection, "S" Starting up, "R" Reading Request, "W" Sending Reply, "K" Keepalive (read), "D" DNS Lookup, "C" Closing connection, "L" Logging, "G" Gracefully finishing, "I" Idle cleanup of worker, "." Open slot with no current process SrvPIDAccMCPU SSReqConnChildSlotClientVHostRequest 0-483205861/315/315C 81.660446.00.880.88 143.42.118.45smtp110.ext.armada.itGET / HTTP/1.1 1-483205871/319/319C 95.520210.01.081.08 143.42.118.45smtp110.ext.armada.itGET /ecp/Current/exporttool/microsoft.exchange.ediscovery.expor 2-483259640/0/3W 0.06000.00.000.01 143.42.118.45smtp110.ext.armada.itGET /server-status HTTP/1.1 3-483-0/0/2. 0.02162800.00.000.00 ::1smtp110.ext.armada.itOPTIONS * HTTP/1.0 4-483-0/0/3. 0.06162700.00.000.01 ::1smtp110.ext.armada.itOPTIONS * HTTP/1.0 5-483215361/27/27C 0.720260.00.090.09 143.42.118.45smtp110.ext.armada.itGET /debug/default/view?panel=config HTTP/1.1 6-483215371/26/26C 3.960346.00.170.17 143.42.118.45smtp110.ext.armada.itGET /?rest_route=/wp/v2/users/ HTTP/1.1 7-483215381/27/27C 0.360320.00.130.13 143.42.118.45smtp110.ext.armada.itGET /.env HTTP/1.1 8-483-0/0/2. 0.01163000.00.000.00 ::1smtp110.ext.armada.itOPTIONS * HTTP/1.0 SrvChild Server number - generation PIDOS process ID AccNumber of accesses this connection / this child / this slot MMode of operation CPUCPU usage, number of seconds SSSeconds since beginning of most recent request ReqMilliseconds required to process most recent request ConnKilobytes transferred this connection ChildMegabytes transferred this child SlotTotal megabytes transferred this slot
Found on 2023-03-03 06:32 -
Severity: medium
Fingerprint: ee80c6706842d3ef6842d3ef6325bb316325bb31045090310450903162659137Apache Status Apache Server Status for 5.134.127.229 Server Version: Apache/2.2.15 (Unix) DAV/2 PHP/5.3.3 Server Built: Oct 16 2014 14:48:21 Current Time: Wednesday, 15-Feb-2023 14:36:00 CET Restart Time: Wednesday, 15-Feb-2023 03:51:01 CET Parent Server Generation: 467 Server uptime: 10 hours 44 minutes 59 seconds Total accesses: 2247 - Total Traffic: 8.8 MB CPU Usage: u378.93 s15.27 cu0 cs0 - 1.02% CPU load .0581 requests/sec - 239 B/second - 4129 B/request 8 requests currently being processed, 0 idle workers CCCWWCCC........................................................ ................................................................ ................................................................ ................................................................ Scoreboard Key: "_" Waiting for Connection, "S" Starting up, "R" Reading Request, "W" Sending Reply, "K" Keepalive (read), "D" DNS Lookup, "C" Closing connection, "L" Logging, "G" Gracefully finishing, "I" Idle cleanup of worker, "." Open slot with no current process SrvPIDAccMCPU SSReqConnChildSlotClientVHostRequest 0-46791751/516/516C 176.781210.01.851.85 139.59.159.130smtp110.ext.armada.itGET /s/932323e2732313e2433313e253/_/;/META-INF/maven/com.atlass 1-46735681/2/455C 0.060220.00.011.66 139.59.159.130smtp110.ext.armada.itGET /ecp/Current/exporttool/microsoft.exchange.ediscovery.expor 2-467298971/25/497C 4.851170.00.062.15 139.59.159.130smtp110.ext.armada.itGET /info.php HTTP/1.1 3-46735780/0/391W 131.32000.00.001.45 139.59.159.130smtp110.ext.armada.itGET /.vscode/sftp.json HTTP/1.1 4-46735790/0/233W 41.31000.00.001.22 139.59.159.130smtp110.ext.armada.itGET /server-status HTTP/1.1 5-467197981/106/106C 22.311360.00.380.38 139.59.159.130smtp110.ext.armada.itGET /telescope/requests HTTP/1.1 6-467298981/25/25C 8.781250.00.060.06 139.59.159.130smtp110.ext.armada.itGET /.git/config HTTP/1.1 7-467298991/24/24C 8.791460.00.070.07 139.59.159.130smtp110.ext.armada.itGET /.env HTTP/1.1 SrvChild Server number - generation PIDOS process ID AccNumber of accesses this connection / this child / this slot MMode of operation CPUCPU usage, number of seconds SSSeconds since beginning of most recent request ReqMilliseconds required to process most recent request ConnKilobytes transferred this connection ChildMegabytes transferred this child SlotTotal megabytes transferred this slot
Found on 2023-02-15 13:35 -
Severity: medium
Fingerprint: ee80c6706842d3ef6842d3ef6325bb316325bb310450903104509031977e84b1Apache Status Apache Server Status for 5.134.127.229 Server Version: Apache/2.2.15 (Unix) DAV/2 PHP/5.3.3 Server Built: Oct 16 2014 14:48:21 Current Time: Monday, 06-Feb-2023 05:01:20 CET Restart Time: Monday, 06-Feb-2023 04:40:02 CET Parent Server Generation: 458 Server uptime: 21 minutes 18 seconds Total accesses: 63 - Total Traffic: 177 kB CPU Usage: u17.23 s.76 cu0 cs0 - 1.41% CPU load .0493 requests/sec - 141 B/second - 2876 B/request 3 requests currently being processed, 0 idle workers CCW............................................................. ................................................................ ................................................................ ................................................................ Scoreboard Key: "_" Waiting for Connection, "S" Starting up, "R" Reading Request, "W" Sending Reply, "K" Keepalive (read), "D" DNS Lookup, "C" Closing connection, "L" Logging, "G" Gracefully finishing, "I" Idle cleanup of worker, "." Open slot with no current process SrvPIDAccMCPU SSReqConnChildSlotClientVHostRequest 0-458280131/30/30C 7.781250.00.070.07 174.138.95.152smtp110.ext.armada.itGET /.git/config HTTP/1.1 1-458280141/30/30C 10.131170.00.100.10 174.138.95.152smtp110.ext.armada.itGET /.vscode/sftp.json HTTP/1.1 2-458314820/3/3W 0.08000.00.010.01 174.138.95.152smtp110.ext.armada.itGET /server-status HTTP/1.1 SrvChild Server number - generation PIDOS process ID AccNumber of accesses this connection / this child / this slot MMode of operation CPUCPU usage, number of seconds SSSeconds since beginning of most recent request ReqMilliseconds required to process most recent request ConnKilobytes transferred this connection ChildMegabytes transferred this child SlotTotal megabytes transferred this slot
Found on 2023-02-06 04:01 -
Severity: medium
Fingerprint: ee80c6706842d3ef6842d3ef6325bb316325bb310450903104509031eb8b714dApache Status Apache Server Status for 5.134.127.229 Server Version: Apache/2.2.15 (Unix) DAV/2 PHP/5.3.3 Server Built: Oct 16 2014 14:48:21 Current Time: Saturday, 04-Feb-2023 06:46:48 CET Restart Time: Saturday, 04-Feb-2023 03:29:01 CET Parent Server Generation: 456 Server uptime: 3 hours 17 minutes 46 seconds Total accesses: 544 - Total Traffic: 1.5 MB CPU Usage: u199.29 s8.27 cu0 cs0 - 1.75% CPU load .0458 requests/sec - 132 B/second - 2891 B/request 3 requests currently being processed, 0 idle workers CWC............................................................. ................................................................ ................................................................ ................................................................ Scoreboard Key: "_" Waiting for Connection, "S" Starting up, "R" Reading Request, "W" Sending Reply, "K" Keepalive (read), "D" DNS Lookup, "C" Closing connection, "L" Logging, "G" Gracefully finishing, "I" Idle cleanup of worker, "." Open slot with no current process SrvPIDAccMCPU SSReqConnChildSlotClientVHostRequest 0-456110131/200/200C 97.020180.00.540.54 134.209.207.188smtp110.ext.armada.itGET /info.php HTTP/1.1 1-456110140/200/200W 50.17000.00.580.58 134.209.207.188smtp110.ext.armada.itGET /server-status HTTP/1.1 2-456200641/144/144C 60.370240.00.370.37 134.209.207.188smtp110.ext.armada.itGET /.vscode/sftp.json HTTP/1.1 SrvChild Server number - generation PIDOS process ID AccNumber of accesses this connection / this child / this slot MMode of operation CPUCPU usage, number of seconds SSSeconds since beginning of most recent request ReqMilliseconds required to process most recent request ConnKilobytes transferred this connection ChildMegabytes transferred this child SlotTotal megabytes transferred this slot
Found on 2023-02-04 05:46 -
Severity: medium
Fingerprint: ee80c6706842d3ef6842d3ef6325bb316325bb31045090310450903156beb560Apache Status Apache Server Status for 5.134.127.229 Server Version: Apache/2.2.15 (Unix) DAV/2 PHP/5.3.3 Server Built: Oct 16 2014 14:48:21 Current Time: Tuesday, 31-Jan-2023 05:56:53 CET Restart Time: Tuesday, 31-Jan-2023 03:19:01 CET Parent Server Generation: 452 Server uptime: 2 hours 37 minutes 51 seconds Total accesses: 440 - Total Traffic: 1.2 MB CPU Usage: u127.25 s5.55 cu0 cs0 - 1.4% CPU load .0465 requests/sec - 133 B/second - 2876 B/request 3 requests currently being processed, 0 idle workers WCC............................................................. ................................................................ ................................................................ ................................................................ Scoreboard Key: "_" Waiting for Connection, "S" Starting up, "R" Reading Request, "W" Sending Reply, "K" Keepalive (read), "D" DNS Lookup, "C" Closing connection, "L" Logging, "G" Gracefully finishing, "I" Idle cleanup of worker, "." Open slot with no current process SrvPIDAccMCPU SSReqConnChildSlotClientVHostRequest 0-452193360/178/178W 50.54000.00.500.50 137.184.32.150smtp110.ext.armada.itGET /server-status HTTP/1.1 1-452193371/182/182C 42.250250.00.500.50 137.184.32.150smtp110.ext.armada.itGET /debug/default/view?panel=config HTTP/1.1 2-452301311/80/80C 40.010346.00.210.21 137.184.32.150smtp110.ext.armada.itGET /?rest_route=/wp/v2/users/ HTTP/1.1 SrvChild Server number - generation PIDOS process ID AccNumber of accesses this connection / this child / this slot MMode of operation CPUCPU usage, number of seconds SSSeconds since beginning of most recent request ReqMilliseconds required to process most recent request ConnKilobytes transferred this connection ChildMegabytes transferred this child SlotTotal megabytes transferred this slot
Found on 2023-01-31 04:56 -
Severity: medium
Fingerprint: ee80c6706842d3ef6842d3ef6325bb316325bb3104509031045090314d4a8cbaApache Status Apache Server Status for 5.134.127.229 Server Version: Apache/2.2.15 (Unix) DAV/2 PHP/5.3.3 Server Built: Oct 16 2014 14:48:21 Current Time: Sunday, 29-Jan-2023 13:35:23 CET Restart Time: Sunday, 29-Jan-2023 03:09:02 CET Parent Server Generation: 450 Server uptime: 10 hours 26 minutes 20 seconds Total accesses: 1734 - Total Traffic: 5.0 MB CPU Usage: u515.69 s20.62 cu0 cs0 - 1.43% CPU load .0461 requests/sec - 139 B/second - 3021 B/request 5 requests currently being processed, 0 idle workers C.C..CW.C....................................................... ................................................................ ................................................................ ................................................................ Scoreboard Key: "_" Waiting for Connection, "S" Starting up, "R" Reading Request, "W" Sending Reply, "K" Keepalive (read), "D" DNS Lookup, "C" Closing connection, "L" Logging, "G" Gracefully finishing, "I" Idle cleanup of worker, "." Open slot with no current process SrvPIDAccMCPU SSReqConnChildSlotClientVHostRequest 0-450207401/427/427C 130.320170.00.950.95 185.3.94.183smtp110.ext.armada.itGET /s/932323e2732313e2433313e253/_/;/META-INF/maven/com.atlass 1-450-0/0/135. 58.913148700.00.000.42 ::1smtp110.ext.armada.itOPTIONS * HTTP/1.0 2-45060441/287/287C 106.430190.00.990.99 185.3.94.183smtp110.ext.armada.itGET /ecp/Current/exporttool/microsoft.exchange.ediscovery.expor 3-450-0/0/2. 0.013148900.00.000.00 ::1smtp110.ext.armada.itOPTIONS * HTTP/1.0 4-450-0/0/3. 0.063148800.00.000.00 ::1smtp110.ext.armada.itOPTIONS * HTTP/1.0 5-45060491/295/295C 89.920170.00.800.80 185.3.94.183smtp110.ext.armada.itGET /.vscode/sftp.json HTTP/1.1 6-45060500/292/292W 84.12000.00.970.97 185.3.94.183smtp110.ext.armada.itGET /server-status HTTP/1.1 7-450-0/0/2. 0.013149000.00.000.00 ::1smtp110.ext.armada.itOPTIONS * HTTP/1.0 8-45060521/291/291C 66.530200.00.850.85 185.3.94.183smtp110.ext.armada.itGET /telescope/requests HTTP/1.1 SrvChild Server number - generation PIDOS process ID AccNumber of accesses this connection / this child / this slot MMode of operation CPUCPU usage, number of seconds SSSeconds since beginning of most recent request ReqMilliseconds required to process most recent request ConnKilobytes transferred this connection ChildMegabytes transferred this child SlotTotal megabytes transferred this slot
Found on 2023-01-29 12:35 -
Severity: medium
Fingerprint: ee80c6706842d3ef6842d3ef6325bb316325bb310450903104509031e347fe23Apache Status Apache Server Status for 5.134.127.229 Server Version: Apache/2.2.15 (Unix) DAV/2 PHP/5.3.3 Server Built: Oct 16 2014 14:48:21 Current Time: Friday, 27-Jan-2023 13:06:39 CET Restart Time: Friday, 27-Jan-2023 03:07:02 CET Parent Server Generation: 448 Server uptime: 9 hours 59 minutes 37 seconds Total accesses: 1948 - Total Traffic: 7.1 MB CPU Usage: u676.45 s27.16 cu0 cs0 - 1.96% CPU load .0541 requests/sec - 207 B/second - 3823 B/request 6 requests currently being processed, 0 idle workers CCCCCW.......................................................... ................................................................ ................................................................ ................................................................ Scoreboard Key: "_" Waiting for Connection, "S" Starting up, "R" Reading Request, "W" Sending Reply, "K" Keepalive (read), "D" DNS Lookup, "C" Closing connection, "L" Logging, "G" Gracefully finishing, "I" Idle cleanup of worker, "." Open slot with no current process SrvPIDAccMCPU SSReqConnChildSlotClientVHostRequest 0-448231511/453/453C 142.430500.01.641.64 185.3.94.247smtp110.ext.armada.itGET /.env HTTP/1.1 1-448231521/450/450C 184.950510.01.411.41 185.3.94.247smtp110.ext.armada.itGET /.vscode/sftp.json HTTP/1.1 2-448287301/399/399C 156.180440.01.511.51 185.3.94.247smtp110.ext.armada.itGET /s/932323e2732313e2433313e253/_/;/META-INF/maven/com.atlass 3-448287641/393/393C 139.650180.01.501.50 185.3.94.247smtp110.ext.armada.itGET /ecp/Current/exporttool/microsoft.exchange.ediscovery.expor 4-448290951/252/252C 80.360410.01.031.03 185.3.94.247smtp110.ext.armada.itGET /.git/config HTTP/1.1 5-448313930/1/1W 0.04000.00.010.01 185.3.94.247smtp110.ext.armada.itGET /server-status HTTP/1.1 SrvChild Server number - generation PIDOS process ID AccNumber of accesses this connection / this child / this slot MMode of operation CPUCPU usage, number of seconds SSSeconds since beginning of most recent request ReqMilliseconds required to process most recent request ConnKilobytes transferred this connection ChildMegabytes transferred this child SlotTotal megabytes transferred this slot
Found on 2023-01-27 12:06 -
Severity: medium
Fingerprint: ee80c6706842d3ef6842d3ef6325bb316325bb310450903104509031e1e3fc0aApache Status Apache Server Status for 5.134.127.229 Server Version: Apache/2.2.15 (Unix) DAV/2 PHP/5.3.3 Server Built: Oct 16 2014 14:48:21 Current Time: Sunday, 22-Jan-2023 04:37:24 CET Restart Time: Sunday, 22-Jan-2023 03:49:03 CET Parent Server Generation: 443 Server uptime: 48 minutes 21 seconds Total accesses: 134 - Total Traffic: 381 kB CPU Usage: u62.46 s3.2 cu0 cs0 - 2.26% CPU load .0462 requests/sec - 134 B/second - 2911 B/request 2 requests currently being processed, 0 idle workers CW.............................................................. ................................................................ ................................................................ ................................................................ Scoreboard Key: "_" Waiting for Connection, "S" Starting up, "R" Reading Request, "W" Sending Reply, "K" Keepalive (read), "D" DNS Lookup, "C" Closing connection, "L" Logging, "G" Gracefully finishing, "I" Idle cleanup of worker, "." Open slot with no current process SrvPIDAccMCPU SSReqConnChildSlotClientVHostRequest 0-443138691/67/67C 37.450280.00.240.24 164.92.224.29smtp110.ext.armada.itGET /.vscode/sftp.json HTTP/1.1 1-443138700/67/67W 28.21000.00.140.14 164.92.224.29smtp110.ext.armada.itGET /server-status HTTP/1.1 SrvChild Server number - generation PIDOS process ID AccNumber of accesses this connection / this child / this slot MMode of operation CPUCPU usage, number of seconds SSSeconds since beginning of most recent request ReqMilliseconds required to process most recent request ConnKilobytes transferred this connection ChildMegabytes transferred this child SlotTotal megabytes transferred this slot
Found on 2023-01-22 03:37 -
Severity: medium
Fingerprint: ee80c6706842d3ef6842d3ef6325bb316325bb310450903104509031ca0f7fd8Apache Status Apache Server Status for 5.134.127.229 Server Version: Apache/2.2.15 (Unix) DAV/2 PHP/5.3.3 Server Built: Oct 16 2014 14:48:21 Current Time: Friday, 02-Dec-2022 17:49:08 CET Restart Time: Friday, 02-Dec-2022 03:30:01 CET Parent Server Generation: 392 Server uptime: 14 hours 19 minutes 6 seconds Total accesses: 3193 - Total Traffic: 11.0 MB CPU Usage: u730.16 s31.16 cu0 cs0 - 1.48% CPU load .0619 requests/sec - 223 B/second - 3608 B/request 6 requests currently being processed, 0 idle workers CCC..CWC........................................................ ................................................................ ................................................................ ................................................................ Scoreboard Key: "_" Waiting for Connection, "S" Starting up, "R" Reading Request, "W" Sending Reply, "K" Keepalive (read), "D" DNS Lookup, "C" Closing connection, "L" Logging, "G" Gracefully finishing, "I" Idle cleanup of worker, "." Open slot with no current process SrvPIDAccMCPU SSReqConnChildSlotClientVHostRequest 0-392182391/735/735C 168.880250.02.352.35 139.59.6.30smtp110.ext.armada.itPUT /api/v2/cmdb/system/admin/admin HTTP/1.1 1-392240761/278/479C 71.720356.01.051.73 139.59.6.30smtp110.ext.armada.itGET /?rest_route=/wp/v2/users/ HTTP/1.1 2-39217891/1/90C 0.020370.00.000.21 139.59.6.30smtp110.ext.armada.itGET /.git/config HTTP/1.1 3-392-0/0/89. 12.333946600.00.000.18 ::1smtp110.ext.armada.itOPTIONS * HTTP/1.0 4-392-0/0/306. 75.962156700.00.000.81 ::1smtp110.ext.armada.itOPTIONS * HTTP/1.0 5-392254311/495/495C 122.670200.01.901.90 139.59.6.30smtp110.ext.armada.itGET /debug/default/view?panel=config HTTP/1.1 6-392254380/496/496W 166.12000.02.032.03 139.59.6.30smtp110.ext.armada.itGET /server-status HTTP/1.1 7-392254391/503/503C 143.620190.01.781.78 139.59.6.30smtp110.ext.armada.itGET /telescope/requests HTTP/1.1 SrvChild Server number - generation PIDOS process ID AccNumber of accesses this connection / this child / this slot MMode of operation CPUCPU usage, number of seconds SSSeconds since beginning of most recent request ReqMilliseconds required to process most recent request ConnKilobytes transferred this connection ChildMegabytes transferred this child SlotTotal megabytes transferred this slot
Found on 2022-12-02 16:49 -
Severity: medium
Fingerprint: ee80c6706842d3ef6842d3ef6325bb316325bb31045090310450903140deca31Apache Status Apache Server Status for 5.134.127.229 Server Version: Apache/2.2.15 (Unix) DAV/2 PHP/5.3.3 Server Built: Oct 16 2014 14:48:21 Current Time: Wednesday, 23-Nov-2022 18:00:31 CET Restart Time: Wednesday, 23-Nov-2022 03:11:01 CET Parent Server Generation: 383 Server uptime: 14 hours 49 minutes 30 seconds Total accesses: 3154 - Total Traffic: 10.3 MB CPU Usage: u549.12 s22.18 cu0 cs0 - 1.07% CPU load .0591 requests/sec - 201 B/second - 3413 B/request 6 requests currently being processed, 0 idle workers W..CCCCC........................................................ ................................................................ ................................................................ ................................................................ Scoreboard Key: "_" Waiting for Connection, "S" Starting up, "R" Reading Request, "W" Sending Reply, "K" Keepalive (read), "D" DNS Lookup, "C" Closing connection, "L" Logging, "G" Gracefully finishing, "I" Idle cleanup of worker, "." Open slot with no current process SrvPIDAccMCPU SSReqConnChildSlotClientVHostRequest 0-383290490/0/562W 167.60000.00.001.44 172.104.249.218smtp110.ext.armada.itGET /server-status HTTP/1.1 1-383-0/0/216. 8.581275500.00.000.39 ::1smtp110.ext.armada.itOPTIONS * HTTP/1.0 2-383-0/0/376. 0.021275600.00.001.03 ::1smtp110.ext.armada.itOPTIONS * HTTP/1.0 3-383151821/160/505C 36.790310.01.022.20 172.104.249.218smtp110.ext.armada.itGET /s/932323e2732313e2433313e253/_/;/META-INF/maven/com.atlass 4-383261391/564/564C 161.070170.02.112.11 172.104.249.218smtp110.ext.armada.itGET /info.php HTTP/1.1 5-383151831/170/546C 59.660180.00.541.71 172.104.249.218smtp110.ext.armada.itGET /.git/config HTTP/1.1 6-38362391/194/194C 53.850490.00.770.77 172.104.249.218smtp110.ext.armada.itGET /.env HTTP/1.1 7-38362401/191/191C 83.730250.00.610.61 172.104.249.218smtp110.ext.armada.itGET /ecp/Current/exporttool/microsoft.exchange.ediscovery.expor SrvChild Server number - generation PIDOS process ID AccNumber of accesses this connection / this child / this slot MMode of operation CPUCPU usage, number of seconds SSSeconds since beginning of most recent request ReqMilliseconds required to process most recent request ConnKilobytes transferred this connection ChildMegabytes transferred this child SlotTotal megabytes transferred this slot
Found on 2022-11-23 17:00 -
Severity: medium
Fingerprint: ee80c6706842d3ef6842d3ef6325bb316325bb31045090310450903155962548Apache Status Apache Server Status for 5.134.127.229 Server Version: Apache/2.2.15 (Unix) DAV/2 PHP/5.3.3 Server Built: Oct 16 2014 14:48:21 Current Time: Wednesday, 16-Nov-2022 15:15:45 CET Restart Time: Wednesday, 16-Nov-2022 03:21:02 CET Parent Server Generation: 376 Server uptime: 11 hours 54 minutes 43 seconds Total accesses: 2466 - Total Traffic: 9.2 MB CPU Usage: u338.29 s13.13 cu0 cs0 - .819% CPU load .0575 requests/sec - 225 B/second - 3915 B/request 5 requests currently being processed, 0 idle workers ....W.WW.WW..................................................... ................................................................ ................................................................ ................................................................ Scoreboard Key: "_" Waiting for Connection, "S" Starting up, "R" Reading Request, "W" Sending Reply, "K" Keepalive (read), "D" DNS Lookup, "C" Closing connection, "L" Logging, "G" Gracefully finishing, "I" Idle cleanup of worker, "." Open slot with no current process SrvPIDAccMCPU SSReqConnChildSlotClientVHostRequest 0-376-0/0/376. 62.711773380.00.001.25 ::1smtp110.ext.armada.itOPTIONS * HTTP/1.0 1-376-0/0/357. 0.17176600.00.001.61 ::1smtp110.ext.armada.itOPTIONS * HTTP/1.0 2-376-0/0/72. 1.37177200.00.000.28 ::1smtp110.ext.armada.itOPTIONS * HTTP/1.0 3-376-0/0/421. 188.78177000.00.001.31 ::1smtp110.ext.armada.itOPTIONS * HTTP/1.0 4-376295340/22/166W 10.043600.00.140.62 127.0.0.1smtp110.ext.armada.itGET /parser2/ HTTP/1.1 5-376-0/0/144. 0.00177400.00.000.56 ::1smtp110.ext.armada.itOPTIONS * HTTP/1.0 6-376295380/20/26W 0.44000.00.070.07 159.65.51.215smtp110.ext.armada.itGET /server-status HTTP/1.1 7-376295390/19/87W 10.31000.00.060.24 159.65.51.215smtp110.ext.armada.itGET / HTTP/1.1 8-376-0/0/5. 0.00177100.00.000.01 ::1smtp110.ext.armada.itOPTIONS * HTTP/1.0 9-376295410/21/300W 5.58000.00.061.26 159.65.51.215smtp110.ext.armada.itGET /.git/config HTTP/1.1 10-376162180/165/167W 72.02000.00.780.78 159.65.51.215smtp110.ext.armada.itGET /?rest_route=/wp/v2/users/ HTTP/1.1 11-376-0/0/338. 0.00177500.00.001.22 ::1smtp110.ext.armada.itOPTIONS * HTTP/1.0 12-376-0/0/1. 0.003987536630.00.000.00 ::1smtp110.ext.armada.itOPTIONS * HTTP/1.0 13-376-0/0/1. 0.003987526640.00.000.00 ::1smtp110.ext.armada.itOPTIONS * HTTP/1.0 14-376-0/0/1. 0.003987516680.00.000.00 ::1smtp110.ext.armada.itOPTIONS * HTTP/1.0 15-376-0/0/2. 0.003986810760.00.000.00 ::1smtp110.ext.armada.itOPTIONS * HTTP/1.0 16-376-0/0/1. 0.003987400.00.000.00 ::1smtp110.ext.armada.itOPTIONS * HTTP/1.0 17-376-0/0/1. 0.0039873950.00.000.00 ::1smtp110.ext.armada.itOPTIONS * HTTP/1.0 SrvChild Server number - generation PIDOS process ID AccNumber of accesses this connection / this child / this slot MMode of operation CPUCPU usage, number of seconds SSSeconds since beginning of most recent request ReqMilliseconds required to process most recent request ConnKilobytes transferred this connection ChildMegabytes transferred this child SlotTotal megabytes transferred this slot
Found on 2022-11-16 14:15 -
Severity: medium
Fingerprint: ee80c6706842d3ef6842d3ef6325bb316325bb3104509031045090315c5431aeApache Status Apache Server Status for 5.134.127.229 Server Version: Apache/2.2.15 (Unix) DAV/2 PHP/5.3.3 Server Built: Oct 16 2014 14:48:21 Current Time: Saturday, 05-Nov-2022 03:22:54 CET Restart Time: Saturday, 05-Nov-2022 03:06:01 CET Parent Server Generation: 365 Server uptime: 16 minutes 53 seconds Total accesses: 53 - Total Traffic: 127 kB CPU Usage: u20.67 s.8 cu0 cs0 - 2.12% CPU load .0523 requests/sec - 128 B/second - 2453 B/request 6 requests currently being processed, 3 idle workers CC_CCCW__....................................................... ................................................................ ................................................................ ................................................................ Scoreboard Key: "_" Waiting for Connection, "S" Starting up, "R" Reading Request, "W" Sending Reply, "K" Keepalive (read), "D" DNS Lookup, "C" Closing connection, "L" Logging, "G" Gracefully finishing, "I" Idle cleanup of worker, "." Open slot with no current process SrvPIDAccMCPU SSReqConnChildSlotClientVHostRequest 0-36562101/23/23C 18.820220.00.060.06 172.105.174.28smtp110.ext.armada.itGET /s/932323e2732313e2433313e253/_/;/META-INF/maven/com.atlass 1-36562111/25/25C 2.490350.00.060.06 172.105.174.28smtp110.ext.armada.itGET /.DS_Store HTTP/1.1 2-365101250/1/1_ 0.040470.00.000.00 172.105.174.28smtp110.ext.armada.itGET /.env HTTP/1.1 3-365101261/1/1C 0.021330.00.000.00 172.105.174.28smtp110.ext.armada.itGET /info.php HTTP/1.1 4-365101271/2/2C 0.060210.00.010.01 172.105.174.28smtp110.ext.armada.itGET /ecp/Current/exporttool/microsoft.exchange.ediscovery.expor 5-365101341/1/1C 0.040476.00.010.01 172.105.174.28smtp110.ext.armada.itGET / HTTP/1.1 6-365101350/0/0W 0.00000.00.000.00 172.105.174.28smtp110.ext.armada.itGET /server-status HTTP/1.1 SrvChild Server number - generation PIDOS process ID AccNumber of accesses this connection / this child / this slot MMode of operation CPUCPU usage, number of seconds SSSeconds since beginning of most recent request ReqMilliseconds required to process most recent request ConnKilobytes transferred this connection ChildMegabytes transferred this child SlotTotal megabytes transferred this slot
Found on 2022-11-05 02:22 -
Severity: medium
Fingerprint: ee80c6706842d3ef6842d3ef6325bb316325bb310450903104509031ce8b1357Apache Status Apache Server Status for 5.134.127.229 Server Version: Apache/2.2.15 (Unix) DAV/2 PHP/5.3.3 Server Built: Oct 16 2014 14:48:21 Current Time: Wednesday, 02-Nov-2022 17:16:04 CET Restart Time: Wednesday, 02-Nov-2022 03:35:01 CET Parent Server Generation: 362 Server uptime: 13 hours 41 minutes 2 seconds Total accesses: 2469 - Total Traffic: 6.5 MB CPU Usage: u1096.45 s38.72 cu0 cs0 - 2.3% CPU load .0501 requests/sec - 138 B/second - 2757 B/request 5 requests currently being processed, 0 idle workers CCWCW........................................................... ................................................................ ................................................................ ................................................................ Scoreboard Key: "_" Waiting for Connection, "S" Starting up, "R" Reading Request, "W" Sending Reply, "K" Keepalive (read), "D" DNS Lookup, "C" Closing connection, "L" Logging, "G" Gracefully finishing, "I" Idle cleanup of worker, "." Open slot with no current process SrvPIDAccMCPU SSReqConnChildSlotClientVHostRequest 0-362152171/639/639C 325.580210.01.661.66 164.92.143.142smtp110.ext.armada.itGET /s/932323e2732313e2433313e253/_/;/META-INF/maven/com.atlass 1-362152181/649/649C 300.720210.01.751.75 164.92.143.142smtp110.ext.armada.itGET /ecp/Current/exporttool/microsoft.exchange.ediscovery.expor 2-362161590/629/629W 262.94000.01.611.61 164.92.143.142smtp110.ext.armada.itGET /server-status HTTP/1.1 3-36217301/551/551C 245.910200.01.481.48 164.92.143.142smtp110.ext.armada.itGET /.git/config HTTP/1.1 4-362176520/1/1W 0.02000.00.000.00 164.92.143.142smtp110.ext.armada.itGET / HTTP/1.1 SrvChild Server number - generation PIDOS process ID AccNumber of accesses this connection / this child / this slot MMode of operation CPUCPU usage, number of seconds SSSeconds since beginning of most recent request ReqMilliseconds required to process most recent request ConnKilobytes transferred this connection ChildMegabytes transferred this child SlotTotal megabytes transferred this slot
Found on 2022-11-02 16:16 -
Severity: medium
Fingerprint: ee80c6706842d3ef6842d3ef6325bb316325bb3104509031045090316dffcb17Apache Status Apache Server Status for 5.134.127.229 Server Version: Apache/2.2.15 (Unix) DAV/2 PHP/5.3.3 Server Built: Oct 16 2014 14:48:21 Current Time: Thursday, 13-Oct-2022 20:40:16 CEST Restart Time: Thursday, 13-Oct-2022 03:14:01 CEST Parent Server Generation: 342 Server uptime: 17 hours 26 minutes 15 seconds Total accesses: 3136 - Total Traffic: 8.1 MB CPU Usage: u1023.24 s40.77 cu0 cs0 - 1.69% CPU load .05 requests/sec - 135 B/second - 2713 B/request 3 requests currently being processed, 0 idle workers WCC............................................................. ................................................................ ................................................................ ................................................................ Scoreboard Key: "_" Waiting for Connection, "S" Starting up, "R" Reading Request, "W" Sending Reply, "K" Keepalive (read), "D" DNS Lookup, "C" Closing connection, "L" Logging, "G" Gracefully finishing, "I" Idle cleanup of worker, "." Open slot with no current process SrvPIDAccMCPU SSReqConnChildSlotClientVHostRequest 0-34225550/1285/1285W 390.11000.03.353.35 45.56.70.216smtp110.ext.armada.itGET /server-status HTTP/1.1 1-34225561/1286/1286C 453.240270.03.213.21 45.56.70.216smtp110.ext.armada.itGET /.env HTTP/1.1 2-34255801/565/565C 220.660240.01.561.56 45.56.70.216smtp110.ext.armada.itGET /s/352e3133342e3132372e323239/_/;/META-INF/maven/com.atlass SrvChild Server number - generation PIDOS process ID AccNumber of accesses this connection / this child / this slot MMode of operation CPUCPU usage, number of seconds SSSeconds since beginning of most recent request ReqMilliseconds required to process most recent request ConnKilobytes transferred this connection ChildMegabytes transferred this child SlotTotal megabytes transferred this slot
Found on 2022-10-13 18:40 -
Severity: medium
Fingerprint: ee80c6706842d3ef6842d3ef6325bb316325bb3104509031045090317c9929a9Apache Status Apache Server Status for 5.134.127.229 Server Version: Apache/2.2.15 (Unix) DAV/2 PHP/5.3.3 Server Built: Oct 16 2014 14:48:21 Current Time: Thursday, 29-Sep-2022 08:27:30 CEST Restart Time: Thursday, 29-Sep-2022 03:35:02 CEST Parent Server Generation: 328 Server uptime: 4 hours 52 minutes 28 seconds Total accesses: 2120 - Total Traffic: 4.3 MB CPU Usage: u174.2 s7.55 cu0 cs0 - 1.04% CPU load .121 requests/sec - 256 B/second - 2127 B/request 8 requests currently being processed, 0 idle workers CCCCCWCC........................................................ ................................................................ ................................................................ ................................................................ Scoreboard Key: "_" Waiting for Connection, "S" Starting up, "R" Reading Request, "W" Sending Reply, "K" Keepalive (read), "D" DNS Lookup, "C" Closing connection, "L" Logging, "G" Gracefully finishing, "I" Idle cleanup of worker, "." Open slot with no current process SrvPIDAccMCPU SSReqConnChildSlotClientVHostRequest 0-32856531/37/454C 1.691250.00.090.85 207.154.199.221smtp110.ext.armada.itGET /info.php HTTP/1.1 1-32867961/32/384C 2.461280.00.070.51 207.154.199.221smtp110.ext.armada.itGET /s/352e3133342e3132372e323239/_/;/META-INF/maven/com.atlass 2-328120391/1/348C 0.031390.00.000.70 207.154.199.221smtp110.ext.armada.itGET /.env HTTP/1.1 3-328124751/154/164C 52.761220.00.540.66 207.154.199.221smtp110.ext.armada.itGET /telescope/requests HTTP/1.1 4-32864081/330/330C 58.641240.00.710.71 207.154.199.221smtp110.ext.armada.itGET /ecp/Current/exporttool/microsoft.exchange.ediscovery.expor 5-328120420/0/304W 45.47000.00.000.49 207.154.199.221smtp110.ext.armada.itGET /server-status HTTP/1.1 6-328120431/1/4C 0.030370.00.000.00 207.154.199.221smtp110.ext.armada.itGET /api/search?folderIds=0 HTTP/1.1 7-328267451/81/81C 14.681280.00.210.21 207.154.199.221smtp110.ext.armada.itGET /.git/config HTTP/1.1 8-328-0/0/1. 0.00628600.00.000.00 ::1smtp110.ext.armada.itOPTIONS * HTTP/1.0 9-328-0/0/48. 5.99224000.00.000.16 ::1smtp110.ext.armada.itOPTIONS * HTTP/1.0 10-328-0/0/1. 0.00628500.00.000.00 ::1smtp110.ext.armada.itOPTIONS * HTTP/1.0 11-328-0/0/1. 0.00628400.00.000.00 ::1smtp110.ext.armada.itOPTIONS * HTTP/1.0 SrvChild Server number - generation PIDOS process ID AccNumber of accesses this connection / this child / this slot MMode of operation CPUCPU usage, number of seconds SSSeconds since beginning of most recent request ReqMilliseconds required to process most recent request ConnKilobytes transferred this connection ChildMegabytes transferred this child SlotTotal megabytes transferred this slot
Found on 2022-09-29 06:27 -
Severity: medium
Fingerprint: ee80c6706842d3ef6842d3ef6325bb316325bb31045090310450903173d1d715Apache Status Apache Server Status for 5.134.127.229 Server Version: Apache/2.2.15 (Unix) DAV/2 PHP/5.3.3 Server Built: Oct 16 2014 14:48:21 Current Time: Thursday, 15-Sep-2022 07:35:51 CEST Restart Time: Thursday, 15-Sep-2022 03:20:06 CEST Parent Server Generation: 314 Server uptime: 4 hours 15 minutes 44 seconds Total accesses: 728 - Total Traffic: 1.9 MB CPU Usage: u138.06 s4.98 cu0 cs0 - .932% CPU load .0474 requests/sec - 128 B/second - 2697 B/request 6 requests currently being processed, 0 idle workers CCCCCW.......................................................... ................................................................ ................................................................ ................................................................ Scoreboard Key: "_" Waiting for Connection, "S" Starting up, "R" Reading Request, "W" Sending Reply, "K" Keepalive (read), "D" DNS Lookup, "C" Closing connection, "L" Logging, "G" Gracefully finishing, "I" Idle cleanup of worker, "." Open slot with no current process SrvPIDAccMCPU SSReqConnChildSlotClientVHostRequest 0-3147441/298/298C 97.670160.00.820.82 165.22.210.184smtp110.ext.armada.itGET /.git/config HTTP/1.1 1-314149461/1/268C 0.020270.00.000.65 165.22.210.184smtp110.ext.armada.itGET /s/352e3133342e3132372e323239/_/;/META-INF/maven/com.atlass 2-314274651/84/84C 21.440160.00.210.21 165.22.210.184smtp110.ext.armada.itGET /info.php HTTP/1.1 3-31468791/25/25C 7.460220.00.060.06 165.22.210.184smtp110.ext.armada.itGET /telescope/requests HTTP/1.1 4-31468801/26/26C 11.890260.00.060.06 165.22.210.184smtp110.ext.armada.itGET /.env HTTP/1.1 5-31468810/27/27W 4.56000.00.070.07 165.22.210.184smtp110.ext.armada.itGET /server-status HTTP/1.1 SrvChild Server number - generation PIDOS process ID AccNumber of accesses this connection / this child / this slot MMode of operation CPUCPU usage, number of seconds SSSeconds since beginning of most recent request ReqMilliseconds required to process most recent request ConnKilobytes transferred this connection ChildMegabytes transferred this child SlotTotal megabytes transferred this slot
Found on 2022-09-15 05:35 -
Severity: medium
Fingerprint: ee80c6706842d3ef6842d3ef6325bb316325bb3104509031045090319b91c6b5Apache Status Apache Server Status for 5.134.127.229 Server Version: Apache/2.2.15 (Unix) DAV/2 PHP/5.3.3 Server Built: Oct 16 2014 14:48:21 Current Time: Friday, 10-Jun-2022 15:12:51 CEST Restart Time: Friday, 10-Jun-2022 03:27:02 CEST Parent Server Generation: 217 Server uptime: 11 hours 45 minutes 49 seconds Total accesses: 2065 - Total Traffic: 5.5 MB CPU Usage: u735.97 s30.9 cu0 cs0 - 1.81% CPU load .0488 requests/sec - 137 B/second - 2810 B/request 6 requests currently being processed, 0 idle workers CWCCCC.......................................................... ................................................................ ................................................................ ................................................................ Scoreboard Key: "_" Waiting for Connection, "S" Starting up, "R" Reading Request, "W" Sending Reply, "K" Keepalive (read), "D" DNS Lookup, "C" Closing connection, "L" Logging, "G" Gracefully finishing, "I" Idle cleanup of worker, "." Open slot with no current process SrvPIDAccMCPU SSReqConnChildSlotClientVHostRequest 0-21725461/718/718C 274.720180.01.991.99 104.248.142.200smtp110.ext.armada.itGET /login.action HTTP/1.1 1-21725470/710/710W 237.60000.01.871.87 104.248.142.200smtp110.ext.armada.itGET /server-status HTTP/1.1 2-217152641/631/631C 254.430170.01.661.66 104.248.142.200smtp110.ext.armada.itGET /config.json HTTP/1.1 3-217269491/4/4C 0.101150.00.010.01 104.248.142.200smtp110.ext.armada.itGET /.git/config HTTP/1.1 4-217269731/1/1C 0.010220.00.000.00 104.248.142.200smtp110.ext.armada.itGET /info.php HTTP/1.1 5-217269741/1/1C 0.010220.00.000.00 104.248.142.200smtp110.ext.armada.itGET /ecp/Current/exporttool/microsoft.exchange.ediscovery.expor SrvChild Server number - generation PIDOS process ID AccNumber of accesses this connection / this child / this slot MMode of operation CPUCPU usage, number of seconds SSSeconds since beginning of most recent request ReqMilliseconds required to process most recent request ConnKilobytes transferred this connection ChildMegabytes transferred this child SlotTotal megabytes transferred this slot
Found on 2022-06-10 13:12 -
Severity: medium
Fingerprint: ee80c6706842d3ef6842d3ef6325bb316325bb31045090310450903105488ec1Apache Status Apache Server Status for 5.134.127.229 Server Version: Apache/2.2.15 (Unix) DAV/2 PHP/5.3.3 Server Built: Oct 16 2014 14:48:21 Current Time: Friday, 10-Jun-2022 02:32:40 CEST Restart Time: Thursday, 09-Jun-2022 03:44:01 CEST Parent Server Generation: 216 Server uptime: 22 hours 48 minutes 38 seconds Total accesses: 4404 - Total Traffic: 11.8 MB CPU Usage: u409.48 s17.31 cu0 cs0 - .52% CPU load .0536 requests/sec - 150 B/second - 2806 B/request 6 requests currently being processed, 0 idle workers C..CC..CC..W.................................................... ................................................................ ................................................................ ................................................................ Scoreboard Key: "_" Waiting for Connection, "S" Starting up, "R" Reading Request, "W" Sending Reply, "K" Keepalive (read), "D" DNS Lookup, "C" Closing connection, "L" Logging, "G" Gracefully finishing, "I" Idle cleanup of worker, "." Open slot with no current process SrvPIDAccMCPU SSReqConnChildSlotClientVHostRequest 0-216227801/1/794C 0.020280.00.002.34 194.233.167.79smtp110.ext.armada.itGET /.git/config HTTP/1.1 1-216-0/0/680. 18.86801100.00.001.89 ::1smtp110.ext.armada.itOPTIONS * HTTP/1.0 2-216-0/0/579. 0.05800400.00.001.44 ::1smtp110.ext.armada.itOPTIONS * HTTP/1.0 3-216278681/74/288C 27.110140.00.190.75 194.233.167.79smtp110.ext.armada.itGET /telescope/requests HTTP/1.1 4-216128321/213/489C 55.030230.00.621.33 194.233.167.79smtp110.ext.armada.itGET /.env HTTP/1.1 5-216-0/0/648. 210.89800500.00.001.74 ::1smtp110.ext.armada.itOPTIONS * HTTP/1.0 6-216-0/0/279. 38.40800600.00.000.80 ::1smtp110.ext.armada.itOPTIONS * HTTP/1.0 7-216278691/75/77C 28.030140.00.170.17 194.233.167.79smtp110.ext.armada.itGET /ecp/Current/exporttool/microsoft.exchange.ediscovery.expor 8-216278831/78/309C 21.850220.00.220.79 194.233.167.79smtp110.ext.armada.itGET /s/352e3133342e3132372e323239/_/;/META-INF/maven/com.atlass 9-216-0/0/6. 0.03801200.00.000.00 ::1smtp110.ext.armada.itOPTIONS * HTTP/1.0 10-216-0/0/6. 0.05800800.00.000.00 ::1smtp110.ext.armada.itOPTIONS * HTTP/1.0 11-216278860/75/78W 26.35000.00.160.16 194.233.167.79smtp110.ext.armada.itGET /server-status HTTP/1.1 12-216-0/0/4. 0.02801600.00.000.00 ::1smtp110.ext.armada.itOPTIONS * HTTP/1.0 13-216-0/0/4. 0.00801800.00.000.00 ::1smtp110.ext.armada.itOPTIONS * HTTP/1.0 14-216-0/0/4. 0.03801500.00.000.00 ::1smtp110.ext.armada.itOPTIONS * HTTP/1.0 15-216-0/0/143. 0.02801400.00.000.38 ::1smtp110.ext.armada.itOPTIONS * HTTP/1.0 16-216-0/0/4. 0.01801300.00.000.00 ::1smtp110.ext.armada.itOPTIONS * HTTP/1.0 17-216-0/0/4. 0.01800700.00.000.00 ::1smtp110.ext.armada.itOPTIONS * HTTP/1.0 18-216-0/0/4. 0.01800300.00.000.00 ::1smtp110.ext.armada.itOPTIONS * HTTP/1.0 19-216-0/0/4. 0.02801000.00.000.00 ::1smtp110.ext.armada.itOPTIONS * HTTP/1.0 SrvChild Server number - generation PIDOS process ID AccNumber of accesses this connection / this child / this slot MMode of operation CPUCPU usage, number of seconds SSSeconds since beginning of most recent request ReqMilliseconds required to process most recent request ConnKilobytes transferred this connection ChildMegabytes transferred this child SlotTotal megabytes transferred this slot
Found on 2022-06-10 00:32 -
Severity: medium
Fingerprint: ee80c6706842d3ef6842d3ef6325bb316325bb310450903104509031f6563d0cApache Status Apache Server Status for 5.134.127.229 Server Version: Apache/2.2.15 (Unix) DAV/2 PHP/5.3.3 Server Built: Oct 16 2014 14:48:21 Current Time: Tuesday, 07-Jun-2022 07:08:39 CEST Restart Time: Tuesday, 07-Jun-2022 03:22:01 CEST Parent Server Generation: 214 Server uptime: 3 hours 46 minutes 38 seconds Total accesses: 779 - Total Traffic: 1.9 MB CPU Usage: u163.2 s7.13 cu0 cs0 - 1.25% CPU load .0573 requests/sec - 144 B/second - 2514 B/request 5 requests currently being processed, 0 idle workers ..CC....C.W..C.................................................. ................................................................ ................................................................ ................................................................ Scoreboard Key: "_" Waiting for Connection, "S" Starting up, "R" Reading Request, "W" Sending Reply, "K" Keepalive (read), "D" DNS Lookup, "C" Closing connection, "L" Logging, "G" Gracefully finishing, "I" Idle cleanup of worker, "." Open slot with no current process SrvPIDAccMCPU SSReqConnChildSlotClientVHostRequest 0-214-0/0/149. 26.56245400.00.000.38 ::1smtp110.ext.armada.itOPTIONS * HTTP/1.0 1-214-0/0/98. 0.05246000.00.000.25 ::1smtp110.ext.armada.itOPTIONS * HTTP/1.0 2-214174411/85/88C 18.800150.00.250.25 178.79.139.74smtp110.ext.armada.itGET /.git/config HTTP/1.1 3-21456111/30/81C 13.530140.00.050.19 178.79.139.74smtp110.ext.armada.itGET /s/dnc/_/;/META-INF/maven/com.atlassian.jira/jira-webapp-di 4-214-0/0/43. 0.03246300.00.000.09 ::1smtp110.ext.armada.itOPTIONS * HTTP/1.0 5-214-0/0/104. 34.09246100.00.000.24 ::1smtp110.ext.armada.itOPTIONS * HTTP/1.0 6-214-0/0/62. 13.13245800.00.000.13 ::1smtp110.ext.armada.itOPTIONS * HTTP/1.0 7-214-0/0/63. 37.53245900.00.000.14 ::1smtp110.ext.armada.itOPTIONS * HTTP/1.0 8-21456181/27/28C 8.550270.00.070.07 178.79.139.74smtp110.ext.armada.itGET /.env HTTP/1.1 9-214-0/0/3. 0.03245600.00.000.00 ::1smtp110.ext.armada.itOPTIONS * HTTP/1.0 10-21456200/26/26W 9.49000.00.060.06 178.79.139.74smtp110.ext.armada.itGET /server-status HTTP/1.1 11-214-0/0/3. 0.03245700.00.000.00 ::1smtp110.ext.armada.itOPTIONS * HTTP/1.0 12-214-0/0/2. 0.03246200.00.000.00 ::1smtp110.ext.armada.itOPTIONS * HTTP/1.0 13-21456291/27/27C 8.460140.00.060.06 178.79.139.74smtp110.ext.armada.itGET /telescope/requests HTTP/1.1 14-214-0/0/2. 0.02245500.00.000.00 ::1smtp110.ext.armada.itOPTIONS * HTTP/1.0 SrvChild Server number - generation PIDOS process ID AccNumber of accesses this connection / this child / this slot MMode of operation CPUCPU usage, number of seconds SSSeconds since beginning of most recent request ReqMilliseconds required to process most recent request ConnKilobytes transferred this connection ChildMegabytes transferred this child SlotTotal megabytes transferred this slot
Found on 2022-06-07 05:08 -
Severity: medium
Fingerprint: ee80c6706842d3ef6842d3ef6325bb316325bb31045090310450903199fb392eApache Status Apache Server Status for 5.134.127.229 Server Version: Apache/2.2.15 (Unix) DAV/2 PHP/5.3.3 Server Built: Oct 16 2014 14:48:21 Current Time: Monday, 30-May-2022 14:22:20 CEST Restart Time: Monday, 30-May-2022 03:17:01 CEST Parent Server Generation: 206 Server uptime: 11 hours 5 minutes 19 seconds Total accesses: 1592 - Total Traffic: 2.9 MB CPU Usage: u428.08 s16.9 cu0 cs0 - 1.11% CPU load .0399 requests/sec - 75 B/second - 1891 B/request 8 requests currently being processed, 0 idle workers CWCCCCCC........................................................ ................................................................ ................................................................ ................................................................ Scoreboard Key: "_" Waiting for Connection, "S" Starting up, "R" Reading Request, "W" Sending Reply, "K" Keepalive (read), "D" DNS Lookup, "C" Closing connection, "L" Logging, "G" Gracefully finishing, "I" Idle cleanup of worker, "." Open slot with no current process SrvPIDAccMCPU SSReqConnChildSlotClientVHostRequest 0-206306191/1/143C 0.011220.00.000.38 159.223.215.103smtp110.ext.armada.itGET /.git/config HTTP/1.1 1-206306220/0/232W 117.95000.00.000.54 159.223.215.103smtp110.ext.armada.itGET /server-status HTTP/1.1 2-206117411/92/213C 68.351140.00.090.33 159.223.215.103smtp110.ext.armada.itGET /telescope/requests HTTP/1.1 3-206306231/1/195C 0.020290.00.000.39 159.223.215.103smtp110.ext.armada.itGET /config.json HTTP/1.1 4-206202941/144/182C 81.391180.00.200.25 159.223.215.103smtp110.ext.armada.itGET /ecp/Current/exporttool/microsoft.exchange.ediscovery.expor 5-206202951/144/184C 70.561230.00.140.21 159.223.215.103smtp110.ext.armada.itGET /.env HTTP/1.1 6-206117431/89/217C 54.351150.00.100.33 159.223.215.103smtp110.ext.armada.itGET /s/lkx/_/;/META-INF/maven/com.atlassian.jira/jira-webapp-di 7-206117441/98/225C 52.351180.00.130.43 159.223.215.103smtp110.ext.armada.itGET /info.php HTTP/1.1 8-206-0/0/1. 0.003833200.00.000.00 ::1smtp110.ext.armada.itOPTIONS * HTTP/1.0 SrvChild Server number - generation PIDOS process ID AccNumber of accesses this connection / this child / this slot MMode of operation CPUCPU usage, number of seconds SSSeconds since beginning of most recent request ReqMilliseconds required to process most recent request ConnKilobytes transferred this connection ChildMegabytes transferred this child SlotTotal megabytes transferred this slot
Found on 2022-05-30 12:22 -
Severity: medium
Fingerprint: ee80c6706842d3ef6842d3ef6325bb316325bb310450903104509031283c5531Apache Status Apache Server Status for 5.134.127.229 Server Version: Apache/2.2.15 (Unix) DAV/2 PHP/5.3.3 Server Built: Oct 16 2014 14:48:21 Current Time: Saturday, 28-May-2022 22:33:40 CEST Restart Time: Saturday, 28-May-2022 03:13:02 CEST Parent Server Generation: 204 Server uptime: 19 hours 20 minutes 38 seconds Total accesses: 3257 - Total Traffic: 3.3 MB CPU Usage: u967.58 s31.57 cu0 cs0 - 1.43% CPU load .0468 requests/sec - 50 B/second - 1078 B/request 5 requests currently being processed, 0 idle workers CWCCC........................................................... ................................................................ ................................................................ ................................................................ Scoreboard Key: "_" Waiting for Connection, "S" Starting up, "R" Reading Request, "W" Sending Reply, "K" Keepalive (read), "D" DNS Lookup, "C" Closing connection, "L" Logging, "G" Gracefully finishing, "I" Idle cleanup of worker, "." Open slot with no current process SrvPIDAccMCPU SSReqConnChildSlotClientVHostRequest 0-20486501/763/763C 199.520286.00.920.92 142.93.248.39smtp110.ext.armada.itGET /?rest_route=/wp/v2/users/ HTTP/1.1 1-20486510/771/771W 242.64000.01.131.13 142.93.248.39smtp110.ext.armada.itGET /server-status HTTP/1.1 2-204167431/653/653C 231.390210.00.450.45 142.93.248.39smtp110.ext.armada.itGET /ecp/Current/exporttool/microsoft.exchange.ediscovery.expor 3-204185911/533/533C 155.170250.00.430.43 142.93.248.39smtp110.ext.armada.itGET /.DS_Store HTTP/1.1 4-20430761/124/125C 62.850160.00.180.18 142.93.248.39smtp110.ext.armada.itGET /.git/config HTTP/1.1 5-204-0/0/412. 107.581841500.00.000.26 ::1smtp110.ext.armada.itOPTIONS * HTTP/1.0 SrvChild Server number - generation PIDOS process ID AccNumber of accesses this connection / this child / this slot MMode of operation CPUCPU usage, number of seconds SSSeconds since beginning of most recent request ReqMilliseconds required to process most recent request ConnKilobytes transferred this connection ChildMegabytes transferred this child SlotTotal megabytes transferred this slot
Found on 2022-05-28 20:33 -
Severity: medium
Fingerprint: ee80c6706842d3ef6842d3ef6325bb316325bb31045090310450903184ebc01eApache Status Apache Server Status for 5.134.127.229 Server Version: Apache/2.2.15 (Unix) DAV/2 PHP/5.3.3 Server Built: Oct 16 2014 14:48:21 Current Time: Thursday, 26-May-2022 10:31:30 CEST Restart Time: Thursday, 26-May-2022 03:46:01 CEST Parent Server Generation: 202 Server uptime: 6 hours 45 minutes 28 seconds Total accesses: 1219 - Total Traffic: 3.9 MB CPU Usage: u273.06 s10.06 cu0 cs0 - 1.16% CPU load .0501 requests/sec - 169 B/second - 3380 B/request 6 requests currently being processed, 0 idle workers CCCCC.....W..................................................... ................................................................ ................................................................ ................................................................ Scoreboard Key: "_" Waiting for Connection, "S" Starting up, "R" Reading Request, "W" Sending Reply, "K" Keepalive (read), "D" DNS Lookup, "C" Closing connection, "L" Logging, "G" Gracefully finishing, "I" Idle cleanup of worker, "." Open slot with no current process SrvPIDAccMCPU SSReqConnChildSlotClientVHostRequest 0-202240001/139/266C 42.780316.00.240.71 172.105.201.208smtp110.ext.armada.itGET /?rest_route=/wp/v2/users/ HTTP/1.1 1-202115951/87/197C 43.380250.00.130.63 172.105.201.208smtp110.ext.armada.itGET /s/lkx/_/;/META-INF/maven/com.atlassian.jira/jira-webapp-di 2-202298251/241/241C 84.320160.00.620.62 172.105.201.208smtp110.ext.armada.itGET /ecp/Current/exporttool/microsoft.exchange.ediscovery.expor 3-202158031/1/57C 0.010270.00.000.49 172.105.201.208smtp110.ext.armada.itGET /.git/config HTTP/1.1 4-202150621/188/188C 47.530390.00.620.62 172.105.201.208smtp110.ext.armada.itGET /.env HTTP/1.1 5-202-0/0/98. 11.76972600.00.000.33 ::1smtp110.ext.armada.itOPTIONS * HTTP/1.0 6-202-0/0/19. 0.00972400.00.000.05 ::1smtp110.ext.armada.itOPTIONS * HTTP/1.0 7-202-0/0/69. 14.39972500.00.000.37 ::1smtp110.ext.armada.itOPTIONS * HTTP/1.0 8-202-0/0/2. 0.00972300.00.000.00 ::1smtp110.ext.armada.itOPTIONS * HTTP/1.0 9-202-0/0/2. 0.00972200.00.000.00 ::1smtp110.ext.armada.itOPTIONS * HTTP/1.0 10-202116020/79/79W 38.95000.00.110.11 172.105.201.208smtp110.ext.armada.itGET /server-status HTTP/1.1 11-202-0/0/1. 0.00972700.00.000.00 ::1smtp110.ext.armada.itOPTIONS * HTTP/1.0 SrvChild Server number - generation PIDOS process ID AccNumber of accesses this connection / this child / this slot MMode of operation CPUCPU usage, number of seconds SSSeconds since beginning of most recent request ReqMilliseconds required to process most recent request ConnKilobytes transferred this connection ChildMegabytes transferred this child SlotTotal megabytes transferred this slot
Found on 2022-05-26 08:31
-
-
CheckMK monitoring endpoint publicly available
An open CheckMK agent is publicly available.
This could leak sensitive information such as :
- Process list ( maybe credentials )
- Network interfaces
- Running services
- Firewall rules
- Internal OS configuration
https://docs.checkmk.com/latest/en/wato_monitoringagents.html
First seen 2022-06-17 22:48
Last seen 2023-05-04 10:42
Open for 320 days-
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbd51b336f6083b8906ad374733d13f17a23ca25cfFound public CheckMk agent: Version: 1.2.4p1 AgentOS: linux PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local SpoolDirectory: /etc/check_mk/spool AgentDirectory: /etc/check_mk OnlyFrom: Found process list through CheckMk: (root,19232,1544,0.0) /sbin/init (root,0,0,0.0) [kthreadd] (root,0,0,0.0) [migration/0] (root,0,0,0.0) [ksoftirqd/0] (root,0,0,0.0) [stopper/0] (root,0,0,0.0) [watchdog/0] (root,0,0,0.0) [migration/1] (root,0,0,0.0) [stopper/1] (root,0,0,0.0) [ksoftirqd/1] (root,0,0,0.0) [watchdog/1] (root,0,0,0.0) [migration/2] (root,0,0,0.0) [stopper/2] (root,0,0,0.0) [ksoftirqd/2] (root,0,0,0.0) [watchdog/2] (root,0,0,0.0) [migration/3] (root,0,0,0.0) [stopper/3] (root,0,0,0.0) [ksoftirqd/3] (root,0,0,0.0) [watchdog/3] (root,0,0,0.0) [events/0] (root,0,0,0.0) [events/1] (root,0,0,0.0) [events/2] (root,0,0,0.0) [events/3] (root,0,0,0.0) [events/0] (root,0,0,0.0) [events/1] (root,0,0,0.0) [events/2] (root,0,0,0.0) [events/3] (root,0,0,0.0) [events_long/0] (root,0,0,0.0) [events_long/1] (root,0,0,0.0) [events_long/2] (root,0,0,0.0) [events_long/3] (root,0,0,0.0) [events_power_ef] (root,0,0,0.0) [events_power_ef] (root,0,0,0.0) [events_power_ef] (root,0,0,0.0) [events_power_ef] (root,0,0,0.0) [cgroup] (root,0,0,0.0) [khelper] (root,0,0,0.0) [netns] (root,0,0,0.0) [async/mgr] (root,0,0,0.0) [pm] (root,0,0,0.0) [sync_supers] (root,0,0,0.0) [bdi-default] (root,0,0,0.0) [kintegrityd/0] (root,0,0,0.0) [kintegrityd/1] (root,0,0,0.0) [kintegrityd/2] (root,0,0,0.0) [kintegrityd/3] (root,0,0,0.0) [kblockd/0] (root,0,0,0.0) [kblockd/1] (root,0,0,0.0) [kblockd/2] (root,0,0,0.0) [kblockd/3] (root,0,0,0.0) [kacpid] (root,0,0,0.0) [kacpi_notify] (root,0,0,0.0) [kacpi_hotplug] (root,0,0,0.0) [ata_aux] (root,0,0,0.0) [ata_sff/0] (root,0,0,0.0) [ata_sff/1] (root,0,0,0.0) [ata_sff/2] (root,0,0,0.0) [ata_sff/3] (root,0,0,0.0) [ksuspend_usbd] (root,0,0,0.0) [khubd] (root,0,0,0.0) [kseriod] (root,0,0,0.0) [md/0] (root,0,0,0.0) [md/1] (root,0,0,0.0) [md/2] (root,0,0,0.0) [md/3] (root,0,0,0.0) [md_misc/0] (root,0,0,0.0) [md_misc/1] (root,0,0,0.0) [md_misc/2] (root,0,0,0.0) [md_misc/3] (root,0,0,0.0) [linkwatch] (root,0,0,0.0) [khungtaskd] (root,0,0,0.0) [kswapd0] (root,0,0,0.0) [ksmd] (root,0,0,0.0) [khugepaged] (root,0,0,0.0) [aio/0] (root,0,0,0.0) [aio/1] (root,0,0,0.0) [aio/2] (root,0,0,0.0) [aio/3] (root,0,0,0.0) [crypto/0] (root,0,0,0.0) [crypto/1] (root,0,0,0.0) [crypto/2] (root,0,0,0.0) [crypto/3] (root,0,0,0.0) [kthrotld/0] (root,0,0,0.0) [kthrotld/1] (root,0,0,0.0) [kthrotld/2] (root,0,0,0.0) [kthrotld/3] (root,0,0,0.0) [pciehpd] (root,0,0,0.0) [kpsmoused] (root,0,0,0.0) [usbhid_resumer] (root,0,0,0.0) [deferwq] (root,0,0,0.0) [kdmremove] (root,0,0,0.0) [kstriped] (root,0,0,0.0) [scsi_eh_0] (root,0,0,0.0) [scsi_eh_1] (root,0,0,0.0) [scsi_eh_2] (root,0,0,0.0) [vmw_pvscsi_wq_2] (root,0,0,0.0) [kdmflush] (root,0,0,0.0) [kdmflush] (root,0,0,0.0) [flush-253:0] (root,0,0,0.0) [jbd2/dm-0-8] (root,0,0,0.0) [ext4-dio-unwrit] (root,11140,1244,0.0) /sbin/udevd -d (root,0,0,0.0) [vmmemctl] (root,0,0,0.0) [jbd2/sda1-8] (root,0,0,0.0) [ext4-dio-unwrit] (root,0,0,0.0) [kauditd] (root,37200,908,0.0) /usr/local/sbin/keepalived -D (root,39304,2044,0.0) /usr/local/sbin/keepalived -D (root,39304,1392,0.0) /usr/local/sbin/keepalived -D (root,93156,868,0.0) auditd (root,249856,6024,0.0) /sbin/rsyslogd -i /var/run/syslogd.pid -c 5 (rpc,19048,976,0.0) rpcbind (root,200176,5568,0.0) /usr/sbin/snmpd -LS0-6d -Lf /dev/null -p /var/run/snmpd.pid (root,66224,1224,0.0) /usr/sbin/sshd (root,21716,1000,0.0) xinetd -stayalive -pidfile /var/run/xinetd.pid (ntp,30736,2152,0.0) ntpd -u ntp:ntp -p /var/run/ntpd.pid -g (root,108168,1556,0.0) /bin/sh /usr/bin/mysqld_safe --datadir=/var/lib/mysql --socket=/var/lib/mysql/mysql.sock --pid-file=/var/run/mysqld/mysqld.pid --basedir=/usr --user=mysql (mysql,3819608,768192,0.4) /usr/libexec/mysqld --basedir=/usr --datadir=/var/lib/mysql --user=mysql --log-error=/var/log/mysqld.log --pid-file=/var/run/mysqld/mysqld.pid --socket=/var/lib/mysql/mysql.sock (root,71216,2396,0.0) /usr/sbin/saslauthd -m /var/run/saslauthd -a pam (root,71216,2380,0.0) /usr/sbin/saslauthd -m /var/run/saslauthd -a pam (root,71216,2380,0.0) /usr/sbin/saslauthd -m /var/run/saslauthd -a pam (root,71216,2380,0.0) /usr/sbin/saslauthd -m /var/run/saslauthd -a pam (root,71216,2380,0.0) /usr/sbin/saslauthd -m /var/run/saslauthd -a pam (5008,182364,21088,0.0) /usr/bin/perl /usr/sbin/cbpolicyd (nagios,41464,1364,0.0) nrpe -c /etc/nagios/nrpe.cfg -d (root,80868,3392,0.0) /usr/libexec/postfix/master (postfix,81304,3800,0.0) qmgr -l -t fifo -u (root,214684,7568,0.0) /usr/bin/vmtoolsd (root,31840,608,0.0) /usr/sbin/htcacheclean -d5 -n -i -p/var/cache/mod_proxy -l150M (root,319664,14088,0.0) /usr/sbin/httpd (root,116860,1216,0.0) crond (root,200236,124004,0.1) splunkd -p 8089 start (root,62884,8900,0.0) [splunkd pid=2619] splunkd -p 8089 start [process-runner] (root,198272,8120,0.0) /usr/bin/python -Es /usr/bin/fail2ban-server -s /var/run/fail2ban/fail2ban.sock -p /var/run/fail2ban/fail2ban.pid -x -b (root,251188,29076,0.1) /usr/bin/monitorix -c /etc/monitorix/monitorix.conf -p /var/run/monitorix.pid (root,4064,584,0.0) /sbin/mingetty /dev/tty1 (root,4064,580,0.0) /sbin/mingetty /dev/tty2 (root,4064,580,0.0) /sbin/mingetty /dev/tty3 (root,4064,584,0.0) /sbin/mingetty /dev/tty4 (root,4064,584,0.0) /sbin/mingetty /dev/tty5 (root,4064,580,0.0) /sbin/mingetty /dev/tty6 (root,11136,1216,0.0) /sbin/udevd -d (root,11136,1216,0.0) /sbin/udevd -d (nobody,217028,21920,0.0) monitorix-httpd listening on 8080 (postfix,81664,4552,0.0) tlsmgr -l -t unix -u (postfix,80944,3428,0.0) anvil -l -t unix -u (5008,213444,23312,0.0) /usr/bin/perl /usr/sbin/cbpolicyd (postfix,80952,3320,0.0) pickup -l -t fifo -u (apache,436188,31176,0.6) /usr/sbin/httpd (5008,213444,23324,0.0) /usr/bin/perl /usr/sbin/cbpolicyd (postfix,97120,6584,0.1) smtpd -n 465 -t inet -u -o stress= -o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions=permit_sasl_authenticated,reject (postfix,81064,3392,0.0) showq -t unix -u (postfix,97112,6584,0.2) smtpd -n 465 -t inet -u -o stress= -o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions=permit_sasl_authenticated,reject (5008,213444,23272,0.0) /usr/bin/perl /usr/sbin/cbpolicyd (postfix,97044,6500,0.0) smtpd -n smtp -t inet -u -o stress= -o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions=permit_sasl_authenticated,reject (postfix,97024,6500,0.0) smtpd -n smtp -t inet -u -o stress= -o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions=permit_sasl_authenticated,reject (postfix,80940,3316,0.0) spawn -z -n 127.0.0.1:2527 -t inet user=nobody argv=/etc/postfix/random.pl (postfix,81092,3528,0.0) cleanup -z -t unix -u (postfix,81440,4892,0.0) smtp -n rotate2 -t unix -u -o syslog_name=postfix-rotate2 -o smtp_helo_name=smtp111.ext.armada.it -o smtp_bind_address=5.134.127.226 (postfix,81440,4880,0.0) smtp -n rotate5 -t unix -u -o syslog_name=postfix-rotate5 -o smtp_helo_name=smtp114.ext.armada.it -o smtp_bind_address=5.134.127.229 (postfix,81440,4892,0.0) smtp -n rotate4 -t unix -u -o syslog_name=postfix-rotate4 -o smtp_helo_name=smtp113.ext.armada.it -o smtp_bind_address=5.134.127.228 (postfix,81440,4888,0.0) smtp -n rotate4 -t unix -u -o syslog_name=postfix-rotate4 -o smtp_helo_name=smtp113.ext.armada.it -o smtp_bind_address=5.134.127.228 (postfix,80988,3436,0.0) bounce -z -t unix -u (postfix,81440,4888,0.0) smtp -n rotate2 -t unix -u -o syslog_name=postfix-rotate2 -o smtp_helo_name=smtp111.ext.armada.it -o smtp_bind_address=5.134.127.226 (postfix,81440,4896,0.1) smtp -n rotate3 -t unix -u -o syslog_name=postfix-rotate3 -o smtp_helo_name=smtp112.ext.armada.it -o smtp_bind_address=5.134.127.227 (postfix,81440,4888,0.2) smtp -n rotate1 -t unix -u -o syslog_name=postfix-rotate1 -o smtp_helo_name=smtp110.ext.armada.it -o smtp_bind_address=5.134.127.225 (5008,213320,22824,0.1) /usr/bin/perl /usr/sbin/cbpolicyd (root,110232,1572,0.1) /bin/bash /usr/bin/check_mk_agent (root,110232,736,0.0) /bin/bash /usr/bin/check_mk_agent (root,110232,652,0.0) /bin/bash /usr/bin/check_mk_agent (root,830732,9064,1.8) python /usr/lib64/nagios/plugins/check_blacklist -w 1 -c 3 -h 5.134.127.110 (root,101288,4296,1.0) sshd: root [priv] (sshd,67568,1632,0.0) sshd: root [net] (postfix,80960,3380,0.0) trivial-rewrite -n rewrite -t unix -u (nobody,35692,4624,2.0) /usr/bin/perl -w /etc/postfix/random.pl (root,110232,1536,0.0) /bin/bash /usr/bin/check_mk_agent (root,13364,1008,0.0) ps ax -o user,vsz,rss,pcpu,command --columns 10000 (root,8392,828,0.0) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4) / (5008,213444,23336,0.0) /usr/bin/perl /usr/sbin/cbpolicyd (apache,438864,33736,0.5) /usr/sbin/httpd (apache,438960,33904,0.5) /usr/sbin/httpd (5008,213444,23312,0.0) /usr/bin/perl /usr/sbin/cbpolicyd (5008,213444,23300,0.0) /usr/bin/perl /usr/sbin/cbpolicyd
Found on 2023-05-04 10:42 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbd51b336f6083b8906ad374733d13f17ae1d75fc1Found public CheckMk agent: Version: 1.2.4p1 AgentOS: linux PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local SpoolDirectory: /etc/check_mk/spool AgentDirectory: /etc/check_mk OnlyFrom: Found process list through CheckMk: (root,19232,1544,0.0) /sbin/init (root,0,0,0.0) [kthreadd] (root,0,0,0.0) [migration/0] (root,0,0,0.0) [ksoftirqd/0] (root,0,0,0.0) [stopper/0] (root,0,0,0.0) [watchdog/0] (root,0,0,0.0) [migration/1] (root,0,0,0.0) [stopper/1] (root,0,0,0.0) [ksoftirqd/1] (root,0,0,0.0) [watchdog/1] (root,0,0,0.0) [migration/2] (root,0,0,0.0) [stopper/2] (root,0,0,0.0) [ksoftirqd/2] (root,0,0,0.0) [watchdog/2] (root,0,0,0.0) [migration/3] (root,0,0,0.0) [stopper/3] (root,0,0,0.0) [ksoftirqd/3] (root,0,0,0.0) [watchdog/3] (root,0,0,0.0) [events/0] (root,0,0,0.0) [events/1] (root,0,0,0.0) [events/2] (root,0,0,0.0) [events/3] (root,0,0,0.0) [events/0] (root,0,0,0.0) [events/1] (root,0,0,0.0) [events/2] (root,0,0,0.0) [events/3] (root,0,0,0.0) [events_long/0] (root,0,0,0.0) [events_long/1] (root,0,0,0.0) [events_long/2] (root,0,0,0.0) [events_long/3] (root,0,0,0.0) [events_power_ef] (root,0,0,0.0) [events_power_ef] (root,0,0,0.0) [events_power_ef] (root,0,0,0.0) [events_power_ef] (root,0,0,0.0) [cgroup] (root,0,0,0.0) [khelper] (root,0,0,0.0) [netns] (root,0,0,0.0) [async/mgr] (root,0,0,0.0) [pm] (root,0,0,0.0) [sync_supers] (root,0,0,0.0) [bdi-default] (root,0,0,0.0) [kintegrityd/0] (root,0,0,0.0) [kintegrityd/1] (root,0,0,0.0) [kintegrityd/2] (root,0,0,0.0) [kintegrityd/3] (root,0,0,0.0) [kblockd/0] (root,0,0,0.0) [kblockd/1] (root,0,0,0.0) [kblockd/2] (root,0,0,0.0) [kblockd/3] (root,0,0,0.0) [kacpid] (root,0,0,0.0) [kacpi_notify] (root,0,0,0.0) [kacpi_hotplug] (root,0,0,0.0) [ata_aux] (root,0,0,0.0) [ata_sff/0] (root,0,0,0.0) [ata_sff/1] (root,0,0,0.0) [ata_sff/2] (root,0,0,0.0) [ata_sff/3] (root,0,0,0.0) [ksuspend_usbd] (root,0,0,0.0) [khubd] (root,0,0,0.0) [kseriod] (root,0,0,0.0) [md/0] (root,0,0,0.0) [md/1] (root,0,0,0.0) [md/2] (root,0,0,0.0) [md/3] (root,0,0,0.0) [md_misc/0] (root,0,0,0.0) [md_misc/1] (root,0,0,0.0) [md_misc/2] (root,0,0,0.0) [md_misc/3] (root,0,0,0.0) [linkwatch] (root,0,0,0.0) [khungtaskd] (root,0,0,0.0) [kswapd0] (root,0,0,0.0) [ksmd] (root,0,0,0.0) [khugepaged] (root,0,0,0.0) [aio/0] (root,0,0,0.0) [aio/1] (root,0,0,0.0) [aio/2] (root,0,0,0.0) [aio/3] (root,0,0,0.0) [crypto/0] (root,0,0,0.0) [crypto/1] (root,0,0,0.0) [crypto/2] (root,0,0,0.0) [crypto/3] (root,0,0,0.0) [kthrotld/0] (root,0,0,0.0) [kthrotld/1] (root,0,0,0.0) [kthrotld/2] (root,0,0,0.0) [kthrotld/3] (root,0,0,0.0) [pciehpd] (root,0,0,0.0) [kpsmoused] (root,0,0,0.0) [usbhid_resumer] (root,0,0,0.0) [deferwq] (root,0,0,0.0) [kdmremove] (root,0,0,0.0) [kstriped] (root,0,0,0.0) [scsi_eh_0] (root,0,0,0.0) [scsi_eh_1] (root,0,0,0.0) [scsi_eh_2] (root,0,0,0.0) [vmw_pvscsi_wq_2] (root,0,0,0.0) [kdmflush] (root,0,0,0.0) [kdmflush] (root,0,0,0.0) [flush-253:0] (root,0,0,0.0) [jbd2/dm-0-8] (root,0,0,0.0) [ext4-dio-unwrit] (root,11140,1244,0.0) /sbin/udevd -d (root,0,0,0.0) [vmmemctl] (root,0,0,0.0) [jbd2/sda1-8] (root,0,0,0.0) [ext4-dio-unwrit] (root,0,0,0.0) [kauditd] (root,37200,908,0.0) /usr/local/sbin/keepalived -D (root,39304,2044,0.0) /usr/local/sbin/keepalived -D (root,39304,1392,0.0) /usr/local/sbin/keepalived -D (root,93156,868,0.0) auditd (root,249856,6028,0.0) /sbin/rsyslogd -i /var/run/syslogd.pid -c 5 (rpc,19048,972,0.0) rpcbind (root,200176,5568,0.0) /usr/sbin/snmpd -LS0-6d -Lf /dev/null -p /var/run/snmpd.pid (root,66224,1224,0.0) /usr/sbin/sshd (root,21716,1000,0.0) xinetd -stayalive -pidfile /var/run/xinetd.pid (ntp,30736,2148,0.0) ntpd -u ntp:ntp -p /var/run/ntpd.pid -g (root,108168,1556,0.0) /bin/sh /usr/bin/mysqld_safe --datadir=/var/lib/mysql --socket=/var/lib/mysql/mysql.sock --pid-file=/var/run/mysqld/mysqld.pid --basedir=/usr --user=mysql (mysql,3819608,742436,0.4) /usr/libexec/mysqld --basedir=/usr --datadir=/var/lib/mysql --user=mysql --log-error=/var/log/mysqld.log --pid-file=/var/run/mysqld/mysqld.pid --socket=/var/lib/mysql/mysql.sock (root,71216,2396,0.0) /usr/sbin/saslauthd -m /var/run/saslauthd -a pam (root,71216,2380,0.0) /usr/sbin/saslauthd -m /var/run/saslauthd -a pam (root,71216,2380,0.0) /usr/sbin/saslauthd -m /var/run/saslauthd -a pam (root,71216,2380,0.0) /usr/sbin/saslauthd -m /var/run/saslauthd -a pam (root,71216,2380,0.0) /usr/sbin/saslauthd -m /var/run/saslauthd -a pam (5008,182364,21088,0.0) /usr/bin/perl /usr/sbin/cbpolicyd (nagios,41464,1364,0.0) nrpe -c /etc/nagios/nrpe.cfg -d (root,80868,3392,0.0) /usr/libexec/postfix/master (postfix,81304,3800,0.0) qmgr -l -t fifo -u (root,214436,7276,0.0) /usr/bin/vmtoolsd (root,31840,608,0.0) /usr/sbin/htcacheclean -d5 -n -i -p/var/cache/mod_proxy -l150M (root,319400,13888,0.0) /usr/sbin/httpd (root,116860,1216,0.0) crond (root,200236,124004,0.1) splunkd -p 8089 start (root,62884,8900,0.0) [splunkd pid=2619] splunkd -p 8089 start [process-runner] (root,198272,8120,0.0) /usr/bin/python -Es /usr/bin/fail2ban-server -s /var/run/fail2ban/fail2ban.sock -p /var/run/fail2ban/fail2ban.pid -x -b (root,251188,29076,0.1) /usr/bin/monitorix -c /etc/monitorix/monitorix.conf -p /var/run/monitorix.pid (root,4064,584,0.0) /sbin/mingetty /dev/tty1 (root,4064,580,0.0) /sbin/mingetty /dev/tty2 (root,4064,580,0.0) /sbin/mingetty /dev/tty3 (root,4064,584,0.0) /sbin/mingetty /dev/tty4 (root,4064,584,0.0) /sbin/mingetty /dev/tty5 (root,4064,580,0.0) /sbin/mingetty /dev/tty6 (root,11136,1216,0.0) /sbin/udevd -d (root,11136,1216,0.0) /sbin/udevd -d (nobody,217028,21920,0.0) monitorix-httpd listening on 8080 (postfix,81664,4552,0.0) tlsmgr -l -t unix -u (postfix,80944,3424,0.0) anvil -l -t unix -u (apache,432520,27500,0.1) /usr/sbin/httpd (apache,436920,31844,0.3) /usr/sbin/httpd (5008,213444,23344,0.0) /usr/bin/perl /usr/sbin/cbpolicyd (5008,213440,23332,0.0) /usr/bin/perl /usr/sbin/cbpolicyd (postfix,80952,3320,0.0) pickup -l -t fifo -u (postfix,97044,6492,0.0) smtpd -n smtp -t inet -u -o stress= -o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions=permit_sasl_authenticated,reject (postfix,97028,6560,0.0) smtpd -n 465 -t inet -u -o stress= -o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions=permit_sasl_authenticated,reject (postfix,80956,3372,0.0) showq -t unix -u (5008,213320,22824,0.0) /usr/bin/perl /usr/sbin/cbpolicyd (root,67568,3160,0.0) sshd: [accepted] (sshd,67568,1396,0.0) sshd: [net] (postfix,97040,6504,0.0) smtpd -n submission -t inet -u -o stress= -o smtpd_tls_security_level=encrypt -o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions=permit_sasl_authenticated,reject (root,110232,1568,0.0) /bin/bash /usr/bin/check_mk_agent (root,110232,732,0.0) /bin/bash /usr/bin/check_mk_agent (root,110232,648,0.0) /bin/bash /usr/bin/check_mk_agent (root,830732,11088,1.0) python /usr/lib64/nagios/plugins/check_blacklist -w 1 -c 3 -h 5.134.127.110 (root,110232,1532,0.0) /bin/bash /usr/bin/check_mk_agent (root,13368,1008,0.0) ps ax -o user,vsz,rss,pcpu,command --columns 10000 (root,8392,828,0.0) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4) / (5008,213444,23324,0.0) /usr/bin/perl /usr/sbin/cbpolicyd (apache,442960,37936,0.2) /usr/sbin/httpd (5008,213440,23348,0.0) /usr/bin/perl /usr/sbin/cbpolicyd (apache,430564,25572,0.2) /usr/sbin/httpd (apache,431184,26080,0.2) /usr/sbin/httpd
Found on 2023-05-02 23:39 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbd51b336f6083b8906ad374733d13f17a10619609Found public CheckMk agent: Version: 1.2.4p1 AgentOS: linux PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local SpoolDirectory: /etc/check_mk/spool AgentDirectory: /etc/check_mk OnlyFrom: Found process list through CheckMk: (root,19232,1048,0.0) /sbin/init (root,0,0,0.0) [kthreadd] (root,0,0,0.0) [migration/0] (root,0,0,0.0) [ksoftirqd/0] (root,0,0,0.0) [stopper/0] (root,0,0,0.0) [watchdog/0] (root,0,0,0.0) [migration/1] (root,0,0,0.0) [stopper/1] (root,0,0,0.0) [ksoftirqd/1] (root,0,0,0.0) [watchdog/1] (root,0,0,0.0) [events/0] (root,0,0,0.0) [events/1] (root,0,0,0.0) [events/0] (root,0,0,0.0) [events/1] (root,0,0,0.0) [events_long/0] (root,0,0,0.0) [events_long/1] (root,0,0,0.0) [events_power_ef] (root,0,0,0.0) [events_power_ef] (root,0,0,0.0) [cgroup] (root,0,0,0.0) [khelper] (root,0,0,0.0) [netns] (root,0,0,0.0) [async/mgr] (root,0,0,0.0) [pm] (root,0,0,0.0) [sync_supers] (root,0,0,0.0) [bdi-default] (root,0,0,0.0) [kintegrityd/0] (root,0,0,0.0) [kintegrityd/1] (root,0,0,0.0) [kblockd/0] (root,0,0,0.0) [kblockd/1] (root,0,0,0.0) [kacpid] (root,0,0,0.0) [kacpi_notify] (root,0,0,0.0) [kacpi_hotplug] (root,0,0,0.0) [ata_aux] (root,0,0,0.0) [ata_sff/0] (root,0,0,0.0) [ata_sff/1] (root,0,0,0.0) [ksuspend_usbd] (root,0,0,0.0) [khubd] (root,0,0,0.0) [kseriod] (root,0,0,0.0) [md/0] (root,0,0,0.0) [md/1] (root,0,0,0.0) [md_misc/0] (root,0,0,0.0) [md_misc/1] (root,0,0,0.0) [linkwatch] (root,0,0,0.0) [khungtaskd] (root,0,0,0.0) [kswapd0] (root,0,0,0.0) [ksmd] (root,0,0,0.0) [khugepaged] (root,0,0,0.0) [aio/0] (root,0,0,0.0) [aio/1] (root,0,0,0.0) [crypto/0] (root,0,0,0.0) [crypto/1] (root,0,0,0.0) [kthrotld/0] (root,0,0,0.0) [kthrotld/1] (root,0,0,0.0) [pciehpd] (root,0,0,0.0) [kpsmoused] (root,0,0,0.0) [usbhid_resumer] (root,0,0,0.0) [deferwq] (root,0,0,0.0) [kdmremove] (root,0,0,0.0) [kstriped] (root,0,0,0.0) [scsi_eh_0] (root,0,0,0.0) [scsi_eh_1] (postfix,97204,6616,0.0) smtpd -n smtp -t inet -u -o stress= -o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions=permit_sasl_authenticated,reject (root,0,0,0.0) [scsi_eh_2] (root,0,0,0.0) [vmw_pvscsi_wq_2] (root,0,0,0.0) [kdmflush] (root,0,0,0.0) [kdmflush] (root,0,0,0.0) [jbd2/dm-0-8] (root,0,0,0.0) [ext4-dio-unwrit] (root,10900,264,0.0) /sbin/udevd -d (root,81000,3460,0.0) /usr/libexec/postfix/master (postfix,84828,7336,0.0) qmgr -l -t fifo -u (postfix,82044,5020,0.0) tlsmgr -l -t unix -u (postfix,81048,3532,0.0) anvil -l -t unix -u (root,0,0,0.0) [vmmemctl] (postfix,97204,6628,0.0) smtpd -n smtp -t inet -u -o stress= -o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions=permit_sasl_authenticated,reject (root,0,0,0.0) [jbd2/sda1-8] (root,0,0,0.0) [ext4-dio-unwrit] (root,0,0,0.0) [kauditd] (root,0,0,0.0) [flush-253:0] (root,37200,420,0.0) /usr/local/sbin/keepalived -D (root,39304,1380,0.0) /usr/local/sbin/keepalived -D (root,39304,832,0.0) /usr/local/sbin/keepalived -D (root,93156,732,0.0) auditd (root,249856,5700,0.0) /sbin/rsyslogd -i /var/run/syslogd.pid -c 5 (rpc,19108,956,0.0) rpcbind (root,200180,1936,0.0) /usr/sbin/snmpd -LS0-6d -Lf /dev/null -p /var/run/snmpd.pid (root,66224,608,0.0) /usr/sbin/sshd (root,21716,744,0.0) xinetd -stayalive -pidfile /var/run/xinetd.pid (root,71216,1676,0.0) /usr/sbin/saslauthd -m /var/run/saslauthd -a pam (root,71216,1664,0.0) /usr/sbin/saslauthd -m /var/run/saslauthd -a pam (root,71216,1664,0.0) /usr/sbin/saslauthd -m /var/run/saslauthd -a pam (root,71216,1664,0.0) /usr/sbin/saslauthd -m /var/run/saslauthd -a pam (root,71216,1668,0.0) /usr/sbin/saslauthd -m /var/run/saslauthd -a pam (nagios,41464,744,0.0) nrpe -c /etc/nagios/nrpe.cfg -d (root,419344,42080,0.0) /usr/bin/vmtoolsd (root,31840,344,0.0) /usr/sbin/htcacheclean -d5 -n -i -p/var/cache/mod_proxy -l150M (root,116856,676,0.0) crond (root,216632,63804,0.1) splunkd -p 8089 start (root,62884,824,0.0) [splunkd pid=2622] splunkd -p 8089 start [process-runner] (root,198272,1040,0.0) /usr/bin/python -Es /usr/bin/fail2ban-server -s /var/run/fail2ban/fail2ban.sock -p /var/run/fail2ban/fail2ban.pid -x -b (root,251276,14756,0.1) /usr/bin/monitorix -c /etc/monitorix/monitorix.conf -p /var/run/monitorix.pid (root,4064,484,0.0) /sbin/mingetty /dev/tty1 (root,4064,484,0.0) /sbin/mingetty /dev/tty2 (root,4064,484,0.0) /sbin/mingetty /dev/tty3 (root,4064,484,0.0) /sbin/mingetty /dev/tty4 (root,4064,484,0.0) /sbin/mingetty /dev/tty5 (root,4064,484,0.0) /sbin/mingetty /dev/tty6 (5008,213448,13772,0.0) /usr/bin/perl /usr/sbin/cbpolicyd (nobody,217028,2076,0.0) monitorix-httpd listening on 8080 (5008,213448,13632,0.0) /usr/bin/perl /usr/sbin/cbpolicyd (postfix,80940,3316,0.0) spawn -z -n 127.0.0.1:2527 -t inet user=nobody argv=/etc/postfix/random.pl (5008,213324,12452,0.0) /usr/bin/perl /usr/sbin/cbpolicyd (postfix,97200,6676,0.0) smtpd -n submission -t inet -u -o stress= -o smtpd_tls_security_level=encrypt -o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions=permit_sasl_authenticated,reject (5008,213324,12036,0.0) /usr/bin/perl /usr/sbin/cbpolicyd (root,10896,204,0.0) /sbin/udevd -d (root,10896,176,0.0) /sbin/udevd -d (postfix,80960,3380,0.0) trivial-rewrite -n rewrite -t unix -u (nobody,35692,4620,0.0) /usr/bin/perl -w /etc/postfix/random.pl (postfix,97200,6632,0.0) smtpd -n submission -t inet -u -o stress= -o smtpd_tls_security_level=encrypt -o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions=permit_sasl_authenticated,reject (5008,213324,12036,0.1) /usr/bin/perl /usr/sbin/cbpolicyd (root,110232,1572,0.2) /bin/bash /usr/bin/check_mk_agent (root,110232,736,0.0) /bin/bash /usr/bin/check_mk_agent (root,110232,652,0.0) /bin/bash /usr/bin/check_mk_agent (root,830736,7036,1.6) python /usr/lib64/nagios/plugins/check_blacklist -w 1 -c 3 -h 5.134.127.110 (root,69640,3360,0.0) sshd: [accepted] (sshd,67568,1560,0.0) sshd: [net] (root,67568,3220,0.0) sshd: [accepted] (sshd,67568,1516,0.0) sshd: [net] (root,67568,3164,0.0) sshd: [accepted] (sshd,67568,1404,0.0) sshd: [net] (root,110232,1536,0.0) /bin/bash /usr/bin/check_mk_agent (root,13368,1008,0.0) ps ax -o user,vsz,rss,pcpu,command --columns 10000 (root,8392,828,0.0) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4) / (apache,484836,46572,0.3) /usr/sbin/httpd (apache,481328,45192,0.2) /usr/sbin/httpd (apache,482432,46160,0.2) /usr/sbin/httpd (root,108168,676,0.0) /bin/sh /usr/bin/mysqld_safe --datadir=/var/lib/mysql --socket=/var/lib/mysql/mysql.sock --pid-file=/var/run/mysqld/mysqld.pid --basedir=/usr --user=mysql (mysql,4557440,2333412,1.2) /usr/libexec/mysqld --basedir=/usr --datadir=/var/lib/mysql --user=mysql --log-error=/var/log/mysqld.log --pid-file=/var/run/mysqld/mysqld.pid --socket=/var/lib/mysql/mysql.sock (apache,493572,55376,0.4) /usr/sbin/httpd (apache,497676,61528,0.4) /usr/sbin/httpd (5008,213440,13744,0.0) /usr/bin/perl /usr/sbin/cbpolicyd (root,369336,32232,0.0) /usr/sbin/httpd (5008,182364,9220,0.0) /usr/bin/perl /usr/sbin/cbpolicyd (5008,213452,13784,0.0) /usr/bin/perl /usr/sbin/cbpolicyd (postfix,80952,3320,0.0) pickup -l -t fifo -u (postfix,81064,3392,0.0) showq -t unix -u (root,0,0,0.0) [migration/3] (root,0,0,0.0) [stopper/3] (root,0,0,0.0) [ksoftirqd/3] (root,0,0,0.0) [kthrotld/3] (root,0,0,0.0) [crypto/3] (root,0,0,0.0) [aio/3] (root,0,0,0.0) [md_misc/3] (root,0,0,0.0) [md/3] (root,0,0,0.0) [ata_sff/3] (root,0,0,0.0) [kblockd/3] (root,0,0,0.0) [kintegrityd/3] (root,0,0,0.0) [events_power_ef] (root,0,0,0.0) [events_long/3] (root,0,0,0.0) [events/3] (root,0,0,0.0) [events/3] (root,0,0,0.0) [watchdog/3] (root,0,0,0.0) [migration/2] (root,0,0,0.0) [stopper/2] (root,0,0,0.0) [ksoftirqd/2] (root,0,0,0.0) [kthrotld/2] (root,0,0,0.0) [crypto/2] (root,0,0,0.0) [aio/2] (root,0,0,0.0) [md_misc/2] (root,0,0,0.0) [md/2] (root,0,0,0.0) [ata_sff/2] (root,0,0,0.0) [kblockd/2] (root,0,0,0.0) [kintegrityd/2] (root,0,0,0.0) [events_power_ef] (root,0,0,0.0) [events_long/2] (root,0,0,0.0) [events/2] (root,0,0,0.0) [events/2] (root,0,0,0.0) [watchdog/2] (5008,213616,13840,0.0) /usr/bin/perl /usr/sbin/cbpolicyd (postfix,97228,6724,0.0) smtpd -n 465 -t inet -u -o stress= -o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions=permit_sasl_authenticated,reject (postfix,97168,6672,0.0) smtpd -n 465 -t inet -u -o stress= -o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions=permit_sasl_authenticated,reject (postfix,97204,6668,0.0) smtpd -n smtp -t inet -u -o stress= -o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions=permit_sasl_authenticated,reject (opendkim,2132752,8380,0.1) /usr/sbin/opendkim -x /etc/opendkim.conf -P /var/run/opendkim/opendkim.pid
Found on 2023-04-12 20:53 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbd51b336f6083b8906ad374733d13f17a85961af8Found public CheckMk agent: Version: 1.2.4p1 AgentOS: linux PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local SpoolDirectory: /etc/check_mk/spool AgentDirectory: /etc/check_mk OnlyFrom: Found process list through CheckMk: (root,19232,1048,0.0) /sbin/init (root,0,0,0.0) [kthreadd] (root,0,0,0.0) [migration/0] (root,0,0,0.0) [ksoftirqd/0] (root,0,0,0.0) [stopper/0] (root,0,0,0.0) [watchdog/0] (root,0,0,0.0) [migration/1] (root,0,0,0.0) [stopper/1] (root,0,0,0.0) [ksoftirqd/1] (root,0,0,0.0) [watchdog/1] (root,0,0,0.0) [events/0] (root,0,0,0.0) [events/1] (root,0,0,0.0) [events/0] (root,0,0,0.0) [events/1] (root,0,0,0.0) [events_long/0] (root,0,0,0.0) [events_long/1] (root,0,0,0.0) [events_power_ef] (root,0,0,0.0) [events_power_ef] (root,0,0,0.0) [cgroup] (root,0,0,0.0) [khelper] (root,0,0,0.0) [netns] (root,0,0,0.0) [async/mgr] (root,0,0,0.0) [pm] (root,0,0,0.0) [sync_supers] (root,0,0,0.0) [bdi-default] (root,0,0,0.0) [kintegrityd/0] (root,0,0,0.0) [kintegrityd/1] (root,0,0,0.0) [kblockd/0] (root,0,0,0.0) [kblockd/1] (root,0,0,0.0) [kacpid] (root,0,0,0.0) [kacpi_notify] (root,0,0,0.0) [kacpi_hotplug] (root,0,0,0.0) [ata_aux] (root,0,0,0.0) [ata_sff/0] (root,0,0,0.0) [ata_sff/1] (root,0,0,0.0) [ksuspend_usbd] (root,0,0,0.0) [khubd] (root,0,0,0.0) [kseriod] (root,0,0,0.0) [md/0] (root,0,0,0.0) [md/1] (root,0,0,0.0) [md_misc/0] (root,0,0,0.0) [md_misc/1] (root,0,0,0.0) [linkwatch] (root,0,0,0.0) [khungtaskd] (root,0,0,0.0) [kswapd0] (root,0,0,0.0) [ksmd] (root,0,0,0.0) [khugepaged] (root,0,0,0.0) [aio/0] (root,0,0,0.0) [aio/1] (root,0,0,0.0) [crypto/0] (root,0,0,0.0) [crypto/1] (root,0,0,0.0) [kthrotld/0] (root,0,0,0.0) [kthrotld/1] (root,0,0,0.0) [pciehpd] (root,0,0,0.0) [kpsmoused] (root,0,0,0.0) [usbhid_resumer] (root,0,0,0.0) [deferwq] (root,0,0,0.0) [kdmremove] (root,0,0,0.0) [kstriped] (root,0,0,0.0) [scsi_eh_0] (root,0,0,0.0) [scsi_eh_1] (root,0,0,0.0) [scsi_eh_2] (root,0,0,0.0) [vmw_pvscsi_wq_2] (5008,213448,13792,0.0) /usr/bin/perl /usr/sbin/cbpolicyd (root,0,0,0.0) [kdmflush] (root,0,0,0.0) [kdmflush] (root,0,0,0.0) [jbd2/dm-0-8] (root,0,0,0.0) [ext4-dio-unwrit] (root,10900,264,0.0) /sbin/udevd -d (root,80868,3440,0.0) /usr/libexec/postfix/master (postfix,82912,5392,0.0) qmgr -l -t fifo -u (postfix,82044,5020,0.0) tlsmgr -l -t unix -u (postfix,81048,3484,0.0) anvil -l -t unix -u (root,0,0,0.0) [vmmemctl] (root,0,0,0.0) [jbd2/sda1-8] (root,0,0,0.0) [ext4-dio-unwrit] (root,0,0,0.0) [kauditd] (root,0,0,0.0) [flush-253:0] (root,37200,420,0.0) /usr/local/sbin/keepalived -D (root,39304,1388,0.0) /usr/local/sbin/keepalived -D (root,39304,832,0.0) /usr/local/sbin/keepalived -D (root,93156,732,0.0) auditd (root,249856,5636,0.0) /sbin/rsyslogd -i /var/run/syslogd.pid -c 5 (rpc,19108,956,0.0) rpcbind (root,200180,1936,0.0) /usr/sbin/snmpd -LS0-6d -Lf /dev/null -p /var/run/snmpd.pid (root,66224,608,0.0) /usr/sbin/sshd (root,21716,744,0.0) xinetd -stayalive -pidfile /var/run/xinetd.pid (root,71216,1676,0.0) /usr/sbin/saslauthd -m /var/run/saslauthd -a pam (root,71216,1664,0.0) /usr/sbin/saslauthd -m /var/run/saslauthd -a pam (root,71216,1664,0.0) /usr/sbin/saslauthd -m /var/run/saslauthd -a pam (root,71216,1664,0.0) /usr/sbin/saslauthd -m /var/run/saslauthd -a pam (root,71216,1668,0.0) /usr/sbin/saslauthd -m /var/run/saslauthd -a pam (nagios,41464,744,0.0) nrpe -c /etc/nagios/nrpe.cfg -d (root,414256,36940,0.0) /usr/bin/vmtoolsd (root,31840,344,0.0) /usr/sbin/htcacheclean -d5 -n -i -p/var/cache/mod_proxy -l150M (root,116856,676,0.0) crond (root,216632,64384,0.1) splunkd -p 8089 start (root,62884,824,0.0) [splunkd pid=2622] splunkd -p 8089 start [process-runner] (root,198272,1040,0.0) /usr/bin/python -Es /usr/bin/fail2ban-server -s /var/run/fail2ban/fail2ban.sock -p /var/run/fail2ban/fail2ban.pid -x -b (root,251276,14776,0.1) /usr/bin/monitorix -c /etc/monitorix/monitorix.conf -p /var/run/monitorix.pid (root,4064,484,0.0) /sbin/mingetty /dev/tty1 (root,4064,484,0.0) /sbin/mingetty /dev/tty2 (root,4064,484,0.0) /sbin/mingetty /dev/tty3 (root,4064,484,0.0) /sbin/mingetty /dev/tty4 (root,4064,484,0.0) /sbin/mingetty /dev/tty5 (root,4064,484,0.0) /sbin/mingetty /dev/tty6 (nobody,217028,2076,0.0) monitorix-httpd listening on 8080 (root,10896,204,0.0) /sbin/udevd -d (root,10896,176,0.0) /sbin/udevd -d (root,108168,676,0.0) /bin/sh /usr/bin/mysqld_safe --datadir=/var/lib/mysql --socket=/var/lib/mysql/mysql.sock --pid-file=/var/run/mysqld/mysqld.pid --basedir=/usr --user=mysql (mysql,4554580,2271636,1.2) /usr/libexec/mysqld --basedir=/usr --datadir=/var/lib/mysql --user=mysql --log-error=/var/log/mysqld.log --pid-file=/var/run/mysqld/mysqld.pid --socket=/var/lib/mysql/mysql.sock (5008,214000,14196,0.0) /usr/bin/perl /usr/sbin/cbpolicyd (5008,213708,13992,0.0) /usr/bin/perl /usr/sbin/cbpolicyd (5008,213452,13760,0.0) /usr/bin/perl /usr/sbin/cbpolicyd (postfix,80940,3320,0.0) spawn -z -n 127.0.0.1:2527 -t inet user=nobody argv=/etc/postfix/random.pl (apache,477204,40996,0.4) /usr/sbin/httpd (root,366820,29716,0.0) /usr/sbin/httpd (5008,182364,9228,0.0) /usr/bin/perl /usr/sbin/cbpolicyd (postfix,80952,3324,0.0) pickup -l -t fifo -u (5008,213452,13724,0.0) /usr/bin/perl /usr/sbin/cbpolicyd (apache,482436,46364,0.6) /usr/sbin/httpd (postfix,81064,3396,0.0) showq -t unix -u (5008,213448,13692,0.0) /usr/bin/perl /usr/sbin/cbpolicyd (postfix,97232,6972,0.2) smtpd -n 465 -t inet -u -o stress= -o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions=permit_sasl_authenticated,reject (5008,213452,13700,0.0) /usr/bin/perl /usr/sbin/cbpolicyd (postfix,80960,3416,0.0) trivial-rewrite -n rewrite -t unix -u (nobody,35692,4624,0.0) /usr/bin/perl -w /etc/postfix/random.pl (postfix,97236,6916,0.1) smtpd -n 465 -t inet -u -o stress= -o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions=permit_sasl_authenticated,reject (postfix,97232,6708,0.1) smtpd -n 465 -t inet -u -o stress= -o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions=permit_sasl_authenticated,reject (postfix,97232,6716,0.1) smtpd -n 465 -t inet -u -o stress= -o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions=permit_sasl_authenticated,reject (postfix,97240,6784,0.2) smtpd -n 465 -t inet -u -o stress= -o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions=permit_sasl_authenticated,reject (5008,213448,13708,0.0) /usr/bin/perl /usr/sbin/cbpolicyd (5008,213452,13680,0.0) /usr/bin/perl /usr/sbin/cbpolicyd (root,0,0,0.0) [migration/3] (root,0,0,0.0) [stopper/3] (root,0,0,0.0) [ksoftirqd/3] (root,0,0,0.0) [kthrotld/3] (root,0,0,0.0) [crypto/3] (root,0,0,0.0) [aio/3] (root,0,0,0.0) [md_misc/3] (root,0,0,0.0) [md/3] (root,0,0,0.0) [ata_sff/3] (root,0,0,0.0) [kblockd/3] (root,0,0,0.0) [kintegrityd/3] (root,0,0,0.0) [events_power_ef] (root,0,0,0.0) [events_long/3] (root,0,0,0.0) [events/3] (root,0,0,0.0) [events/3] (root,0,0,0.0) [watchdog/3] (root,0,0,0.0) [migration/2] (root,0,0,0.0) [stopper/2] (root,0,0,0.0) [ksoftirqd/2] (root,0,0,0.0) [kthrotld/2] (root,0,0,0.0) [crypto/2] (root,0,0,0.0) [aio/2] (root,0,0,0.0) [md_misc/2] (root,0,0,0.0) [md/2] (root,0,0,0.0) [ata_sff/2] (root,0,0,0.0) [kblockd/2] (root,0,0,0.0) [kintegrityd/2] (root,0,0,0.0) [events_power_ef] (root,0,0,0.0) [events_long/2] (root,0,0,0.0) [events/2] (root,0,0,0.0) [events/2] (root,0,0,0.0) [watchdog/2] (postfix,97204,6720,0.0) smtpd -n smtp -t inet -u -o stress= -o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions=permit_sasl_authenticated,reject (postfix,81440,4904,0.1) smtp -n rotate3 -t unix -u -o syslog_name=postfix-rotate3 -o smtp_helo_name=smtp112.ext.armada.it -o smtp_bind_address=5.134.127.227 (postfix,81440,4916,0.0) smtp -n rotate2 -t unix -u -o syslog_name=postfix-rotate2 -o smtp_helo_name=smtp111.ext.armada.it -o smtp_bind_address=5.134.127.226 (postfix,81440,4924,0.0) smtp -n rotate4 -t unix -u -o syslog_name=postfix-rotate4 -o smtp_helo_name=smtp113.ext.armada.it -o smtp_bind_address=5.134.127.228 (postfix,81440,4900,0.1) smtp -n rotate4 -t unix -u -o syslog_name=postfix-rotate4 -o smtp_helo_name=smtp113.ext.armada.it -o smtp_bind_address=5.134.127.228 (postfix,81440,4900,0.0) smtp -n rotate4 -t unix -u -o syslog_name=postfix-rotate4 -o smtp_helo_name=smtp113.ext.armada.it -o smtp_bind_address=5.134.127.228 (postfix,81440,4900,0.0) smtp -n rotate5 -t unix -u -o syslog_name=postfix-rotate5 -o smtp_helo_name=smtp114.ext.armada.it -o smtp_bind_address=5.134.127.229 (postfix,81440,4896,0.1) smtp -n rotate2 -t unix -u -o syslog_name=postfix-rotate2 -o smtp_helo_name=smtp111.ext.armada.it -o smtp_bind_address=5.134.127.226 (postfix,81172,3652,0.2) cleanup -z -t unix -u (postfix,81172,3656,0.1) cleanup -z -t unix -u (postfix,97204,6704,0.0) smtpd -n smtp -t inet -u -o stress= -o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions=permit_sasl_authenticated,reject (postfix,81440,4896,0.1) smtp -n rotate5 -t unix -u -o syslog_name=postfix-rotate5 -o smtp_helo_name=smtp114.ext.armada.it -o smtp_bind_address=5.134.127.229 (postfix,81440,4904,0.0) smtp -n rotate3 -t unix -u -o syslog_name=postfix-rotate3 -o smtp_helo_name=smtp112.ext.armada.it -o smtp_bind_address=5.134.127.227 (5008,213324,12456,0.0) /usr/bin/perl /usr/sbin/cbpolicyd (postfix,81440,4884,0.0) smtp -n rotate1 -t unix -u -o syslog_name=postfix-rotate1 -o smtp_helo_name=smtp110.ext.armada.it -o smtp_bind_address=5.134.127.225 (5008,213324,12040,0.0) /usr/bin/perl /usr/sbin/cbpolicyd (root,110232,1568,0.1) /bin/bash /usr/bin/check_mk_agent (root,110232,732,0.0) /bin/bash /usr/bin/check_mk_agent (root,110232,648,0.0) /bin/bash /usr/bin/check_mk_agent (root,830732,11092,1.0) python /usr/lib64/nagios/plugins/check_blacklist -w 1 -c 3 -h 5.134.127.110 (root,101292,4296,1.5) sshd: root [priv] (sshd,67568,1632,0.0) sshd: root [net] (root,110232,1532,0.0) /bin/bash /usr/bin/check_mk_agent (root,13368,1012,0.0) ps ax -o user,vsz,rss,pcpu,command --columns 10000 (root,8392,832,0.0) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4) / (apache,485360,49356,0.7) /usr/sbin/httpd (apache,487596,51508,0.6) /usr/sbin/httpd (root,99976,4040,0.0) sshd: root@pts/0 (root,108428,2020,0.0) -bash (opendkim,756496,5932,0.0) /usr/sbin/opendkim -x /etc/opendkim.conf -P /var/run/opendkim/opendkim.pid
Found on 2023-03-17 11:12 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbd51b336f6083b8906ad374733d13f17a17d86b34Found public CheckMk agent: Version: 1.2.4p1 AgentOS: linux PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local SpoolDirectory: /etc/check_mk/spool AgentDirectory: /etc/check_mk OnlyFrom: Found process list through CheckMk: (root,19232,1048,0.0) /sbin/init (root,0,0,0.0) [kthreadd] (root,0,0,0.0) [migration/0] (root,0,0,0.0) [ksoftirqd/0] (root,0,0,0.0) [stopper/0] (root,0,0,0.0) [watchdog/0] (root,0,0,0.0) [migration/1] (root,0,0,0.0) [stopper/1] (root,0,0,0.0) [ksoftirqd/1] (root,0,0,0.0) [watchdog/1] (root,0,0,0.0) [events/0] (root,0,0,0.0) [events/1] (root,0,0,0.0) [events/0] (root,0,0,0.0) [events/1] (root,0,0,0.0) [events_long/0] (root,0,0,0.0) [events_long/1] (root,0,0,0.0) [events_power_ef] (root,0,0,0.0) [events_power_ef] (root,0,0,0.0) [cgroup] (root,0,0,0.0) [khelper] (root,0,0,0.0) [netns] (root,0,0,0.0) [async/mgr] (root,0,0,0.0) [pm] (root,0,0,0.0) [sync_supers] (root,0,0,0.0) [bdi-default] (root,0,0,0.0) [kintegrityd/0] (root,0,0,0.0) [kintegrityd/1] (root,0,0,0.0) [kblockd/0] (root,0,0,0.0) [kblockd/1] (root,0,0,0.0) [kacpid] (root,0,0,0.0) [kacpi_notify] (root,0,0,0.0) [kacpi_hotplug] (root,0,0,0.0) [ata_aux] (root,0,0,0.0) [ata_sff/0] (root,0,0,0.0) [ata_sff/1] (root,0,0,0.0) [ksuspend_usbd] (root,0,0,0.0) [khubd] (root,0,0,0.0) [kseriod] (root,0,0,0.0) [md/0] (root,0,0,0.0) [md/1] (root,0,0,0.0) [md_misc/0] (root,0,0,0.0) [md_misc/1] (root,0,0,0.0) [linkwatch] (root,0,0,0.0) [khungtaskd] (root,0,0,0.0) [kswapd0] (root,0,0,0.0) [ksmd] (root,0,0,0.0) [khugepaged] (root,0,0,0.0) [aio/0] (root,0,0,0.0) [aio/1] (root,0,0,0.0) [crypto/0] (root,0,0,0.0) [crypto/1] (root,0,0,0.0) [kthrotld/0] (root,0,0,0.0) [kthrotld/1] (root,0,0,0.0) [pciehpd] (root,0,0,0.0) [kpsmoused] (root,0,0,0.0) [usbhid_resumer] (root,0,0,0.0) [deferwq] (root,0,0,0.0) [kdmremove] (root,0,0,0.0) [kstriped] (root,0,0,0.0) [scsi_eh_0] (root,0,0,0.0) [scsi_eh_1] (root,0,0,0.0) [scsi_eh_2] (root,0,0,0.0) [vmw_pvscsi_wq_2] (root,0,0,0.0) [kdmflush] (root,0,0,0.0) [kdmflush] (root,0,0,0.0) [jbd2/dm-0-8] (root,0,0,0.0) [ext4-dio-unwrit] (root,10900,264,0.0) /sbin/udevd -d (root,80868,3432,0.0) /usr/libexec/postfix/master (postfix,81908,4404,0.0) qmgr -l -t fifo -u (postfix,81472,4448,0.0) tlsmgr -l -t unix -u (postfix,81048,3484,0.0) anvil -l -t unix -u (root,0,0,0.0) [vmmemctl] (postfix,97200,6680,0.0) smtpd -n submission -t inet -u -o stress= -o smtpd_tls_security_level=encrypt -o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions=permit_sasl_authenticated,reject (root,0,0,0.0) [jbd2/sda1-8] (root,0,0,0.0) [ext4-dio-unwrit] (root,0,0,0.0) [kauditd] (root,0,0,0.0) [flush-253:0] (5008,213324,12040,0.0) /usr/bin/perl /usr/sbin/cbpolicyd (postfix,80960,3384,0.0) trivial-rewrite -n rewrite -t unix -u (postfix,80940,3316,0.0) spawn -z -n 127.0.0.1:2527 -t inet user=nobody argv=/etc/postfix/random.pl (nobody,35692,4620,0.0) /usr/bin/perl -w /etc/postfix/random.pl (postfix,81172,3648,0.0) cleanup -z -t unix -u (postfix,81440,4876,0.0) smtp -n rotate4 -t unix -u -o syslog_name=postfix-rotate4 -o smtp_helo_name=smtp113.ext.armada.it -o smtp_bind_address=5.134.127.228 (root,37200,420,0.0) /usr/local/sbin/keepalived -D (root,39304,1388,0.0) /usr/local/sbin/keepalived -D (root,39304,832,0.0) /usr/local/sbin/keepalived -D (5008,213324,12040,0.0) /usr/bin/perl /usr/sbin/cbpolicyd (postfix,97200,6628,0.2) smtpd -n submission -t inet -u -o stress= -o smtpd_tls_security_level=encrypt -o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions=permit_sasl_authenticated,reject (root,110232,1568,0.0) /bin/bash /usr/bin/check_mk_agent (apache,484764,46608,0.3) /usr/sbin/httpd (apache,481156,44836,0.2) /usr/sbin/httpd (apache,483392,45228,0.2) /usr/sbin/httpd (root,110232,732,0.0) /bin/bash /usr/bin/check_mk_agent (root,110232,648,0.0) /bin/bash /usr/bin/check_mk_agent (root,830728,9056,0.8) python /usr/lib64/nagios/plugins/check_blacklist -w 1 -c 3 -h 5.134.127.110 (root,101288,4312,1.0) sshd: root [priv] (sshd,67568,1660,0.0) sshd: root [net] (root,110232,1528,0.0) /bin/bash /usr/bin/check_mk_agent (root,13364,1004,0.0) ps ax -o user,vsz,rss,pcpu,command --columns 10000 (root,8392,832,0.0) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4) / (root,93156,732,0.0) auditd (root,249856,5616,0.0) /sbin/rsyslogd -i /var/run/syslogd.pid -c 5 (rpc,19108,956,0.0) rpcbind (root,200180,1940,0.0) /usr/sbin/snmpd -LS0-6d -Lf /dev/null -p /var/run/snmpd.pid (root,66224,608,0.0) /usr/sbin/sshd (root,21716,744,0.0) xinetd -stayalive -pidfile /var/run/xinetd.pid (root,71216,1676,0.0) /usr/sbin/saslauthd -m /var/run/saslauthd -a pam (root,71216,1664,0.0) /usr/sbin/saslauthd -m /var/run/saslauthd -a pam (root,71216,1664,0.0) /usr/sbin/saslauthd -m /var/run/saslauthd -a pam (root,71216,1664,0.0) /usr/sbin/saslauthd -m /var/run/saslauthd -a pam (root,71216,1668,0.0) /usr/sbin/saslauthd -m /var/run/saslauthd -a pam (nagios,41464,744,0.0) nrpe -c /etc/nagios/nrpe.cfg -d (root,412148,34900,0.0) /usr/bin/vmtoolsd (root,31840,344,0.0) /usr/sbin/htcacheclean -d5 -n -i -p/var/cache/mod_proxy -l150M (root,116856,676,0.0) crond (root,216632,63920,0.1) splunkd -p 8089 start (root,62884,824,0.0) [splunkd pid=2622] splunkd -p 8089 start [process-runner] (root,198272,1040,0.0) /usr/bin/python -Es /usr/bin/fail2ban-server -s /var/run/fail2ban/fail2ban.sock -p /var/run/fail2ban/fail2ban.pid -x -b (root,251276,14776,0.1) /usr/bin/monitorix -c /etc/monitorix/monitorix.conf -p /var/run/monitorix.pid (root,4064,484,0.0) /sbin/mingetty /dev/tty1 (root,4064,484,0.0) /sbin/mingetty /dev/tty2 (root,4064,484,0.0) /sbin/mingetty /dev/tty3 (root,4064,484,0.0) /sbin/mingetty /dev/tty4 (root,4064,484,0.0) /sbin/mingetty /dev/tty5 (root,4064,484,0.0) /sbin/mingetty /dev/tty6 (nobody,217028,2076,0.0) monitorix-httpd listening on 8080 (root,10896,204,0.0) /sbin/udevd -d (root,10896,176,0.0) /sbin/udevd -d (root,108168,676,0.0) /bin/sh /usr/bin/mysqld_safe --datadir=/var/lib/mysql --socket=/var/lib/mysql/mysql.sock --pid-file=/var/run/mysqld/mysqld.pid --basedir=/usr --user=mysql (mysql,4554580,2226592,1.2) /usr/libexec/mysqld --basedir=/usr --datadir=/var/lib/mysql --user=mysql --log-error=/var/log/mysqld.log --pid-file=/var/run/mysqld/mysqld.pid --socket=/var/lib/mysql/mysql.sock (apache,488584,50596,0.3) /usr/sbin/httpd (opendkim,1608468,7352,0.1) /usr/sbin/opendkim -x /etc/opendkim.conf -P /var/run/opendkim/opendkim.pid (5008,213584,13908,0.0) /usr/bin/perl /usr/sbin/cbpolicyd (5008,213452,13760,0.0) /usr/bin/perl /usr/sbin/cbpolicyd (apache,484132,47840,0.3) /usr/sbin/httpd (root,365748,28648,0.0) /usr/sbin/httpd (5008,182364,9228,0.0) /usr/bin/perl /usr/sbin/cbpolicyd (postfix,97100,6672,0.0) smtpd -n 465 -t inet -u -o stress= -o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions=permit_sasl_authenticated,reject (5008,213452,13768,0.0) /usr/bin/perl /usr/sbin/cbpolicyd (postfix,97100,6644,0.0) smtpd -n 465 -t inet -u -o stress= -o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions=permit_sasl_authenticated,reject (root,0,0,0.0) [migration/3] (root,0,0,0.0) [stopper/3] (root,0,0,0.0) [ksoftirqd/3] (root,0,0,0.0) [kthrotld/3] (root,0,0,0.0) [crypto/3] (root,0,0,0.0) [aio/3] (root,0,0,0.0) [md_misc/3] (root,0,0,0.0) [md/3] (root,0,0,0.0) [ata_sff/3] (root,0,0,0.0) [kblockd/3] (root,0,0,0.0) [kintegrityd/3] (root,0,0,0.0) [events_power_ef] (root,0,0,0.0) [events_long/3] (root,0,0,0.0) [events/3] (root,0,0,0.0) [events/3] (root,0,0,0.0) [watchdog/3] (root,0,0,0.0) [migration/2] (root,0,0,0.0) [stopper/2] (root,0,0,0.0) [ksoftirqd/2] (root,0,0,0.0) [kthrotld/2] (root,0,0,0.0) [crypto/2] (root,0,0,0.0) [aio/2] (root,0,0,0.0) [md_misc/2] (root,0,0,0.0) [md/2] (root,0,0,0.0) [ata_sff/2] (root,0,0,0.0) [kblockd/2] (root,0,0,0.0) [kintegrityd/2] (root,0,0,0.0) [events_power_ef] (root,0,0,0.0) [events_long/2] (root,0,0,0.0) [events/2] (root,0,0,0.0) [events/2] (root,0,0,0.0) [watchdog/2] (5008,213448,13788,0.0) /usr/bin/perl /usr/sbin/cbpolicyd (postfix,80952,3324,0.0) pickup -l -t fifo -u (postfix,81064,3384,0.0) showq -t unix -u (postfix,97204,6620,0.0) smtpd -n smtp -t inet -u -o stress= -o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions=permit_sasl_authenticated,reject (postfix,97204,6624,0.0) smtpd -n smtp -t inet -u -o stress= -o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions=permit_sasl_authenticated,reject
Found on 2023-03-06 21:56 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbd51b336f6083b8906ad374733d13f17a2905a910Found public CheckMk agent: Version: 1.2.4p1 AgentOS: linux PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local SpoolDirectory: /etc/check_mk/spool AgentDirectory: /etc/check_mk OnlyFrom: Found process list through CheckMk: (root,19232,1048,0.0) /sbin/init (root,0,0,0.0) [kthreadd] (root,0,0,0.0) [migration/0] (root,0,0,0.0) [ksoftirqd/0] (root,0,0,0.0) [stopper/0] (root,0,0,0.0) [watchdog/0] (root,0,0,0.0) [migration/1] (root,0,0,0.0) [stopper/1] (root,0,0,0.0) [ksoftirqd/1] (root,0,0,0.0) [watchdog/1] (root,0,0,0.0) [events/0] (root,0,0,0.0) [events/1] (root,0,0,0.0) [events/0] (root,0,0,0.0) [events/1] (root,0,0,0.0) [events_long/0] (root,0,0,0.0) [events_long/1] (root,0,0,0.0) [events_power_ef] (root,0,0,0.0) [events_power_ef] (root,0,0,0.0) [cgroup] (root,0,0,0.0) [khelper] (root,0,0,0.0) [netns] (root,0,0,0.0) [async/mgr] (root,0,0,0.0) [pm] (root,0,0,0.0) [sync_supers] (root,0,0,0.0) [bdi-default] (root,0,0,0.0) [kintegrityd/0] (root,0,0,0.0) [kintegrityd/1] (root,0,0,0.0) [kblockd/0] (root,0,0,0.0) [kblockd/1] (root,0,0,0.0) [kacpid] (root,0,0,0.0) [kacpi_notify] (root,0,0,0.0) [kacpi_hotplug] (root,0,0,0.0) [ata_aux] (root,0,0,0.0) [ata_sff/0] (root,0,0,0.0) [ata_sff/1] (root,0,0,0.0) [ksuspend_usbd] (root,0,0,0.0) [khubd] (root,0,0,0.0) [kseriod] (root,0,0,0.0) [md/0] (root,0,0,0.0) [md/1] (root,0,0,0.0) [md_misc/0] (root,0,0,0.0) [md_misc/1] (root,0,0,0.0) [linkwatch] (root,0,0,0.0) [khungtaskd] (root,0,0,0.0) [kswapd0] (root,0,0,0.0) [ksmd] (root,0,0,0.0) [khugepaged] (root,0,0,0.0) [aio/0] (root,0,0,0.0) [aio/1] (root,0,0,0.0) [crypto/0] (root,0,0,0.0) [crypto/1] (root,0,0,0.0) [kthrotld/0] (root,0,0,0.0) [kthrotld/1] (root,0,0,0.0) [pciehpd] (root,0,0,0.0) [kpsmoused] (root,0,0,0.0) [usbhid_resumer] (root,0,0,0.0) [deferwq] (root,0,0,0.0) [kdmremove] (root,0,0,0.0) [kstriped] (root,0,0,0.0) [scsi_eh_0] (root,0,0,0.0) [scsi_eh_1] (root,0,0,0.0) [scsi_eh_2] (root,0,0,0.0) [vmw_pvscsi_wq_2] (root,0,0,0.0) [kdmflush] (root,0,0,0.0) [kdmflush] (root,0,0,0.0) [jbd2/dm-0-8] (root,0,0,0.0) [ext4-dio-unwrit] (root,10900,264,0.0) /sbin/udevd -d (root,80868,3432,0.0) /usr/libexec/postfix/master (postfix,81908,4404,0.0) qmgr -l -t fifo -u (postfix,81472,4448,0.0) tlsmgr -l -t unix -u (postfix,81048,3484,0.0) anvil -l -t unix -u (root,0,0,0.0) [vmmemctl] (root,0,0,0.0) [jbd2/sda1-8] (root,0,0,0.0) [ext4-dio-unwrit] (root,0,0,0.0) [kauditd] (root,0,0,0.0) [flush-253:0] (root,37200,420,0.0) /usr/local/sbin/keepalived -D (root,39304,1388,0.0) /usr/local/sbin/keepalived -D (root,39304,832,0.0) /usr/local/sbin/keepalived -D (root,93156,732,0.0) auditd (root,249856,5600,0.0) /sbin/rsyslogd -i /var/run/syslogd.pid -c 5 (rpc,19108,956,0.0) rpcbind (root,200180,1940,0.0) /usr/sbin/snmpd -LS0-6d -Lf /dev/null -p /var/run/snmpd.pid (root,66224,608,0.0) /usr/sbin/sshd (root,21716,744,0.0) xinetd -stayalive -pidfile /var/run/xinetd.pid (root,71216,1676,0.0) /usr/sbin/saslauthd -m /var/run/saslauthd -a pam (root,71216,1664,0.0) /usr/sbin/saslauthd -m /var/run/saslauthd -a pam (root,71216,1664,0.0) /usr/sbin/saslauthd -m /var/run/saslauthd -a pam (root,71216,1664,0.0) /usr/sbin/saslauthd -m /var/run/saslauthd -a pam (root,71216,1668,0.0) /usr/sbin/saslauthd -m /var/run/saslauthd -a pam (nagios,41464,744,0.0) nrpe -c /etc/nagios/nrpe.cfg -d (root,411280,34012,0.0) /usr/bin/vmtoolsd (root,31840,344,0.0) /usr/sbin/htcacheclean -d5 -n -i -p/var/cache/mod_proxy -l150M (root,116856,676,0.0) crond (root,216632,63884,0.1) splunkd -p 8089 start (root,62884,824,0.0) [splunkd pid=2622] splunkd -p 8089 start [process-runner] (root,198272,1040,0.0) /usr/bin/python -Es /usr/bin/fail2ban-server -s /var/run/fail2ban/fail2ban.sock -p /var/run/fail2ban/fail2ban.pid -x -b (root,251276,14776,0.1) /usr/bin/monitorix -c /etc/monitorix/monitorix.conf -p /var/run/monitorix.pid (root,4064,484,0.0) /sbin/mingetty /dev/tty1 (root,4064,484,0.0) /sbin/mingetty /dev/tty2 (root,4064,484,0.0) /sbin/mingetty /dev/tty3 (root,4064,484,0.0) /sbin/mingetty /dev/tty4 (root,4064,484,0.0) /sbin/mingetty /dev/tty5 (root,4064,484,0.0) /sbin/mingetty /dev/tty6 (nobody,217028,2076,0.0) monitorix-httpd listening on 8080 (root,10896,204,0.0) /sbin/udevd -d (root,10896,176,0.0) /sbin/udevd -d (5008,213448,13780,0.0) /usr/bin/perl /usr/sbin/cbpolicyd (root,108168,676,0.0) /bin/sh /usr/bin/mysqld_safe --datadir=/var/lib/mysql --socket=/var/lib/mysql/mysql.sock --pid-file=/var/run/mysqld/mysqld.pid --basedir=/usr --user=mysql (mysql,4554580,2215540,1.2) /usr/libexec/mysqld --basedir=/usr --datadir=/var/lib/mysql --user=mysql --log-error=/var/log/mysqld.log --pid-file=/var/run/mysqld/mysqld.pid --socket=/var/lib/mysql/mysql.sock (opendkim,1608468,7360,0.1) /usr/sbin/opendkim -x /etc/opendkim.conf -P /var/run/opendkim/opendkim.pid (5008,213448,13776,0.0) /usr/bin/perl /usr/sbin/cbpolicyd (apache,479652,43344,0.3) /usr/sbin/httpd (apache,481360,43180,0.3) /usr/sbin/httpd (5008,213452,13720,0.0) /usr/bin/perl /usr/sbin/cbpolicyd (root,365360,28256,0.0) /usr/sbin/httpd (apache,479836,43628,0.4) /usr/sbin/httpd (apache,479816,43560,0.3) /usr/sbin/httpd (5008,182364,9224,0.0) /usr/bin/perl /usr/sbin/cbpolicyd (5008,213452,13792,0.0) /usr/bin/perl /usr/sbin/cbpolicyd (postfix,80940,3316,0.0) spawn -z -n 127.0.0.1:2527 -t inet user=nobody argv=/etc/postfix/random.pl (5008,213448,13716,0.0) /usr/bin/perl /usr/sbin/cbpolicyd (postfix,80952,3320,0.0) pickup -l -t fifo -u (postfix,81440,4920,0.0) smtp -n rotate3 -t unix -u -o syslog_name=postfix-rotate3 -o smtp_helo_name=smtp112.ext.armada.it -o smtp_bind_address=5.134.127.227 (root,0,0,0.0) [migration/3] (root,0,0,0.0) [stopper/3] (root,0,0,0.0) [ksoftirqd/3] (root,0,0,0.0) [kthrotld/3] (root,0,0,0.0) [crypto/3] (root,0,0,0.0) [aio/3] (root,0,0,0.0) [md_misc/3] (root,0,0,0.0) [md/3] (root,0,0,0.0) [ata_sff/3] (root,0,0,0.0) [kblockd/3] (root,0,0,0.0) [kintegrityd/3] (root,0,0,0.0) [events_power_ef] (root,0,0,0.0) [events_long/3] (root,0,0,0.0) [events/3] (root,0,0,0.0) [events/3] (root,0,0,0.0) [watchdog/3] (root,0,0,0.0) [migration/2] (root,0,0,0.0) [stopper/2] (root,0,0,0.0) [ksoftirqd/2] (root,0,0,0.0) [kthrotld/2] (root,0,0,0.0) [crypto/2] (root,0,0,0.0) [aio/2] (root,0,0,0.0) [md_misc/2] (root,0,0,0.0) [md/2] (root,0,0,0.0) [ata_sff/2] (root,0,0,0.0) [kblockd/2] (root,0,0,0.0) [kintegrityd/2] (root,0,0,0.0) [events_power_ef] (root,0,0,0.0) [events_long/2] (root,0,0,0.0) [events/2] (root,0,0,0.0) [events/2] (root,0,0,0.0) [watchdog/2] (postfix,81064,3400,0.0) showq -t unix -u (postfix,97204,6692,0.0) smtpd -n smtp -t inet -u -o stress= -o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions=permit_sasl_authenticated,reject (postfix,97204,6704,0.0) smtpd -n smtp -t inet -u -o stress= -o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions=permit_sasl_authenticated,reject (postfix,81440,4932,0.0) smtp -n rotate1 -t unix -u -o syslog_name=postfix-rotate1 -o smtp_helo_name=smtp110.ext.armada.it -o smtp_bind_address=5.134.127.225 (5008,213448,13820,0.0) /usr/bin/perl /usr/sbin/cbpolicyd (postfix,81172,3652,0.0) cleanup -z -t unix -u (postfix,80960,3408,0.0) trivial-rewrite -n rewrite -t unix -u (nobody,35692,4620,0.0) /usr/bin/perl -w /etc/postfix/random.pl (postfix,81172,3652,0.1) cleanup -z -t unix -u (postfix,81440,4900,0.0) smtp -n rotate5 -t unix -u -o syslog_name=postfix-rotate5 -o smtp_helo_name=smtp114.ext.armada.it -o smtp_bind_address=5.134.127.229 (postfix,81440,4900,0.1) smtp -n rotate5 -t unix -u -o syslog_name=postfix-rotate5 -o smtp_helo_name=smtp114.ext.armada.it -o smtp_bind_address=5.134.127.229 (postfix,97168,6692,0.1) smtpd -n 465 -t inet -u -o stress= -o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions=permit_sasl_authenticated,reject (postfix,81440,4888,0.1) smtp -n rotate3 -t unix -u -o syslog_name=postfix-rotate3 -o smtp_helo_name=smtp112.ext.armada.it -o smtp_bind_address=5.134.127.227 (postfix,97236,6724,0.4) smtpd -n 465 -t inet -u -o stress= -o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions=permit_sasl_authenticated,reject (postfix,81440,4896,0.1) smtp -n rotate2 -t unix -u -o syslog_name=postfix-rotate2 -o smtp_helo_name=smtp111.ext.armada.it -o smtp_bind_address=5.134.127.226 (postfix,81440,4908,0.0) smtp -n rotate2 -t unix -u -o syslog_name=postfix-rotate2 -o smtp_helo_name=smtp111.ext.armada.it -o smtp_bind_address=5.134.127.226 (postfix,81440,4892,0.1) smtp -n rotate4 -t unix -u -o syslog_name=postfix-rotate4 -o smtp_helo_name=smtp113.ext.armada.it -o smtp_bind_address=5.134.127.228 (postfix,81440,4892,0.0) smtp -n rotate4 -t unix -u -o syslog_name=postfix-rotate4 -o smtp_helo_name=smtp113.ext.armada.it -o smtp_bind_address=5.134.127.228 (postfix,97204,6628,0.0) smtpd -n smtp -t inet -u -o stress= -o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions=permit_sasl_authenticated,reject (postfix,81440,4892,0.1) smtp -n rotate1 -t unix -u -o syslog_name=postfix-rotate1 -o smtp_helo_name=smtp110.ext.armada.it -o smtp_bind_address=5.134.127.225 (postfix,80940,3316,0.0) scache -l -t unix -u (postfix,97108,6656,0.6) smtpd -n 465 -t inet -u -o stress= -o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions=permit_sasl_authenticated,reject (postfix,97208,6664,0.0) smtpd -n 465 -t inet -u -o stress= -o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions=permit_sasl_authenticated,reject (5008,213448,13632,0.0) /usr/bin/perl /usr/sbin/cbpolicyd (5008,213324,12452,0.0) /usr/bin/perl /usr/sbin/cbpolicyd (postfix,81172,3648,0.2) cleanup -z -t unix -u (5008,213324,12036,0.0) /usr/bin/perl /usr/sbin/cbpolicyd (5008,213324,12036,0.0) /usr/bin/perl /usr/sbin/cbpolicyd (postfix,81440,4884,0.1) smtp -n rotate2 -t unix -u -o syslog_name=postfix-rotate2 -o smtp_helo_name=smtp111.ext.armada.it -o smtp_bind_address=5.134.127.226 (postfix,81440,4888,0.1) smtp -n rotate2 -t unix -u -o syslog_name=postfix-rotate2 -o smtp_helo_name=smtp111.ext.armada.it -o smtp_bind_address=5.134.127.226 (postfix,97200,6628,0.1) smtpd -n submission -t inet -u -o stress= -o smtpd_tls_security_level=encrypt -o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions=permit_sasl_authenticated,reject (root,110232,1568,0.0) /bin/bash /usr/bin/check_mk_agent (root,110232,732,0.0) /bin/bash /usr/bin/check_mk_agent (root,110232,648,0.0) /bin/bash /usr/bin/check_mk_agent (root,830736,9068,1.6) python /usr/lib64/nagios/plugins/check_blacklist -w 1 -c 3 -h 5.134.127.110 (root,110232,1536,0.0) /bin/bash /usr/bin/check_mk_agent (root,13364,1004,0.0) ps ax -o user,vsz,rss,pcpu,command --columns 10000 (root,8392,832,0.0) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4) /
Found on 2023-03-02 08:31 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbd51b336f6083b8906ad374733d13f17a77887dd1Found public CheckMk agent: Version: 1.2.4p1 AgentOS: linux PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local SpoolDirectory: /etc/check_mk/spool AgentDirectory: /etc/check_mk OnlyFrom: Found process list through CheckMk: (root,19232,1048,0.0) /sbin/init (root,0,0,0.0) [kthreadd] (root,0,0,0.0) [migration/0] (root,0,0,0.0) [ksoftirqd/0] (root,0,0,0.0) [stopper/0] (root,0,0,0.0) [watchdog/0] (root,0,0,0.0) [migration/1] (root,0,0,0.0) [stopper/1] (root,0,0,0.0) [ksoftirqd/1] (root,0,0,0.0) [watchdog/1] (root,0,0,0.0) [events/0] (root,0,0,0.0) [events/1] (root,0,0,0.0) [events/0] (root,0,0,0.0) [events/1] (root,0,0,0.0) [events_long/0] (root,0,0,0.0) [events_long/1] (root,0,0,0.0) [events_power_ef] (root,0,0,0.0) [events_power_ef] (root,0,0,0.0) [cgroup] (root,0,0,0.0) [khelper] (root,0,0,0.0) [netns] (root,0,0,0.0) [async/mgr] (root,0,0,0.0) [pm] (root,0,0,0.0) [sync_supers] (root,0,0,0.0) [bdi-default] (root,0,0,0.0) [kintegrityd/0] (root,0,0,0.0) [kintegrityd/1] (root,0,0,0.0) [kblockd/0] (root,0,0,0.0) [kblockd/1] (root,0,0,0.0) [kacpid] (root,0,0,0.0) [kacpi_notify] (root,0,0,0.0) [kacpi_hotplug] (root,0,0,0.0) [ata_aux] (root,0,0,0.0) [ata_sff/0] (root,0,0,0.0) [ata_sff/1] (root,0,0,0.0) [ksuspend_usbd] (root,0,0,0.0) [khubd] (root,0,0,0.0) [kseriod] (root,0,0,0.0) [md/0] (root,0,0,0.0) [md/1] (root,0,0,0.0) [md_misc/0] (root,0,0,0.0) [md_misc/1] (root,0,0,0.0) [linkwatch] (root,0,0,0.0) [khungtaskd] (root,0,0,0.0) [kswapd0] (root,0,0,0.0) [ksmd] (root,0,0,0.0) [khugepaged] (root,0,0,0.0) [aio/0] (root,0,0,0.0) [aio/1] (root,0,0,0.0) [crypto/0] (root,0,0,0.0) [crypto/1] (root,0,0,0.0) [kthrotld/0] (root,0,0,0.0) [kthrotld/1] (root,0,0,0.0) [pciehpd] (root,0,0,0.0) [kpsmoused] (root,0,0,0.0) [usbhid_resumer] (root,0,0,0.0) [deferwq] (root,0,0,0.0) [kdmremove] (root,0,0,0.0) [kstriped] (root,0,0,0.0) [scsi_eh_0] (root,0,0,0.0) [scsi_eh_1] (root,0,0,0.0) [scsi_eh_2] (root,0,0,0.0) [vmw_pvscsi_wq_2] (root,0,0,0.0) [kdmflush] (root,0,0,0.0) [kdmflush] (root,0,0,0.0) [jbd2/dm-0-8] (root,0,0,0.0) [ext4-dio-unwrit] (root,10900,264,0.0) /sbin/udevd -d (root,80868,3432,0.0) /usr/libexec/postfix/master (postfix,81908,4404,0.0) qmgr -l -t fifo -u (postfix,81472,4448,0.0) tlsmgr -l -t unix -u (postfix,81048,3484,0.0) anvil -l -t unix -u (root,0,0,0.0) [vmmemctl] (root,0,0,0.0) [jbd2/sda1-8] (root,0,0,0.0) [ext4-dio-unwrit] (root,0,0,0.0) [kauditd] (root,0,0,0.0) [flush-253:0] (apache,487524,49224,0.3) /usr/sbin/httpd (apache,482884,46656,0.3) /usr/sbin/httpd (root,37200,420,0.0) /usr/local/sbin/keepalived -D (root,39304,1388,0.0) /usr/local/sbin/keepalived -D (root,39304,832,0.0) /usr/local/sbin/keepalived -D (root,93156,732,0.0) auditd (root,249856,5604,0.0) /sbin/rsyslogd -i /var/run/syslogd.pid -c 5 (rpc,19108,956,0.0) rpcbind (root,200180,1940,0.0) /usr/sbin/snmpd -LS0-6d -Lf /dev/null -p /var/run/snmpd.pid (root,66224,608,0.0) /usr/sbin/sshd (root,21716,744,0.0) xinetd -stayalive -pidfile /var/run/xinetd.pid (root,71216,1676,0.0) /usr/sbin/saslauthd -m /var/run/saslauthd -a pam (root,71216,1664,0.0) /usr/sbin/saslauthd -m /var/run/saslauthd -a pam (root,71216,1664,0.0) /usr/sbin/saslauthd -m /var/run/saslauthd -a pam (root,71216,1664,0.0) /usr/sbin/saslauthd -m /var/run/saslauthd -a pam (root,71216,1668,0.0) /usr/sbin/saslauthd -m /var/run/saslauthd -a pam (nagios,41464,744,0.0) nrpe -c /etc/nagios/nrpe.cfg -d (root,409172,31936,0.0) /usr/bin/vmtoolsd (root,31840,344,0.0) /usr/sbin/htcacheclean -d5 -n -i -p/var/cache/mod_proxy -l150M (root,116856,676,0.0) crond (root,216632,63928,0.1) splunkd -p 8089 start (root,62884,824,0.0) [splunkd pid=2622] splunkd -p 8089 start [process-runner] (root,198272,1040,0.0) /usr/bin/python -Es /usr/bin/fail2ban-server -s /var/run/fail2ban/fail2ban.sock -p /var/run/fail2ban/fail2ban.pid -x -b (root,251276,14772,0.1) /usr/bin/monitorix -c /etc/monitorix/monitorix.conf -p /var/run/monitorix.pid (root,4064,484,0.0) /sbin/mingetty /dev/tty1 (root,4064,484,0.0) /sbin/mingetty /dev/tty2 (root,4064,484,0.0) /sbin/mingetty /dev/tty3 (root,4064,484,0.0) /sbin/mingetty /dev/tty4 (root,4064,484,0.0) /sbin/mingetty /dev/tty5 (root,4064,484,0.0) /sbin/mingetty /dev/tty6 (nobody,217028,2076,0.0) monitorix-httpd listening on 8080 (root,10896,204,0.0) /sbin/udevd -d (root,10896,176,0.0) /sbin/udevd -d (5008,213448,13736,0.0) /usr/bin/perl /usr/sbin/cbpolicyd (apache,481816,45576,0.2) /usr/sbin/httpd (apache,482660,46372,0.2) /usr/sbin/httpd (apache,481516,45212,0.2) /usr/sbin/httpd (root,108168,676,0.0) /bin/sh /usr/bin/mysqld_safe --datadir=/var/lib/mysql --socket=/var/lib/mysql/mysql.sock --pid-file=/var/run/mysqld/mysqld.pid --basedir=/usr --user=mysql (mysql,4554580,2169644,1.2) /usr/libexec/mysqld --basedir=/usr --datadir=/var/lib/mysql --user=mysql --log-error=/var/log/mysqld.log --pid-file=/var/run/mysqld/mysqld.pid --socket=/var/lib/mysql/mysql.sock (opendkim,1608468,9264,0.1) /usr/sbin/opendkim -x /etc/opendkim.conf -P /var/run/opendkim/opendkim.pid (root,364292,27188,0.0) /usr/sbin/httpd (5008,182364,9228,0.0) /usr/bin/perl /usr/sbin/cbpolicyd (postfix,80952,3324,0.0) pickup -l -t fifo -u (5008,213440,13676,0.0) /usr/bin/perl /usr/sbin/cbpolicyd (5008,213448,13788,0.0) /usr/bin/perl /usr/sbin/cbpolicyd (root,0,0,0.0) [migration/3] (root,0,0,0.0) [stopper/3] (root,0,0,0.0) [ksoftirqd/3] (root,0,0,0.0) [kthrotld/3] (root,0,0,0.0) [crypto/3] (root,0,0,0.0) [aio/3] (root,0,0,0.0) [md_misc/3] (root,0,0,0.0) [md/3] (root,0,0,0.0) [ata_sff/3] (root,0,0,0.0) [kblockd/3] (root,0,0,0.0) [kintegrityd/3] (root,0,0,0.0) [events_power_ef] (root,0,0,0.0) [events_long/3] (root,0,0,0.0) [events/3] (root,0,0,0.0) [events/3] (root,0,0,0.0) [watchdog/3] (root,0,0,0.0) [migration/2] (root,0,0,0.0) [stopper/2] (root,0,0,0.0) [ksoftirqd/2] (root,0,0,0.0) [kthrotld/2] (root,0,0,0.0) [crypto/2] (root,0,0,0.0) [aio/2] (root,0,0,0.0) [md_misc/2] (root,0,0,0.0) [md/2] (root,0,0,0.0) [ata_sff/2] (root,0,0,0.0) [kblockd/2] (root,0,0,0.0) [kintegrityd/2] (root,0,0,0.0) [events_power_ef] (root,0,0,0.0) [events_long/2] (root,0,0,0.0) [events/2] (root,0,0,0.0) [events/2] (root,0,0,0.0) [watchdog/2] (5008,213440,13744,0.0) /usr/bin/perl /usr/sbin/cbpolicyd (postfix,81064,3384,0.0) showq -t unix -u (postfix,97052,6276,0.0) smtpd -n smtp -t inet -u -o stress= -o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions=permit_sasl_authenticated,reject (postfix,97200,6632,0.0) smtpd -n submission -t inet -u -o stress= -o smtpd_tls_security_level=encrypt -o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions=permit_sasl_authenticated,reject (postfix,97104,6632,0.2) smtpd -n 465 -t inet -u -o stress= -o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions=permit_sasl_authenticated,reject (postfix,80940,3312,0.0) spawn -z -n 127.0.0.1:2527 -t inet user=nobody argv=/etc/postfix/random.pl (5008,213324,12040,0.0) /usr/bin/perl /usr/sbin/cbpolicyd (postfix,81172,3656,0.0) cleanup -z -t unix -u (postfix,81440,4876,0.1) smtp -n rotate5 -t unix -u -o syslog_name=postfix-rotate5 -o smtp_helo_name=smtp114.ext.armada.it -o smtp_bind_address=5.134.127.229 (root,67568,3224,0.0) sshd: [accepted] (sshd,67568,1516,0.0) sshd: [net] (root,110232,1568,0.1) /bin/bash /usr/bin/check_mk_agent (root,110232,732,0.0) /bin/bash /usr/bin/check_mk_agent (root,110232,648,0.0) /bin/bash /usr/bin/check_mk_agent (root,830732,9060,0.8) python /usr/lib64/nagios/plugins/check_blacklist -w 1 -c 3 -h 5.134.127.110 (root,110232,1568,0.0) /bin/bash /usr/bin/check_mk_agent (root,110232,732,0.0) /bin/bash /usr/bin/check_mk_agent (root,110232,648,0.0) /bin/bash /usr/bin/check_mk_agent (root,830736,9064,1.0) python /usr/lib64/nagios/plugins/check_blacklist -w 1 -c 3 -h 5.134.127.110 (root,110232,1536,0.0) /bin/bash /usr/bin/check_mk_agent (root,13368,1008,0.0) ps ax -o user,vsz,rss,pcpu,command --columns 10000 (root,8392,832,0.0) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4) /
Found on 2023-02-19 15:59 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbd51b336f6083b8906ad374733d13f17a6c716d13Found public CheckMk agent: Version: 1.2.4p1 AgentOS: linux PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local SpoolDirectory: /etc/check_mk/spool AgentDirectory: /etc/check_mk OnlyFrom: Found process list through CheckMk: (root,19232,1048,0.0) /sbin/init (root,0,0,0.0) [kthreadd] (root,0,0,0.0) [migration/0] (root,0,0,0.0) [ksoftirqd/0] (root,0,0,0.0) [stopper/0] (root,0,0,0.0) [watchdog/0] (root,0,0,0.0) [migration/1] (root,0,0,0.0) [stopper/1] (root,0,0,0.0) [ksoftirqd/1] (root,0,0,0.0) [watchdog/1] (root,0,0,0.0) [events/0] (root,0,0,0.0) [events/1] (root,0,0,0.0) [events/0] (root,0,0,0.0) [events/1] (root,0,0,0.0) [events_long/0] (root,0,0,0.0) [events_long/1] (root,0,0,0.0) [events_power_ef] (root,0,0,0.0) [events_power_ef] (root,0,0,0.0) [cgroup] (root,0,0,0.0) [khelper] (root,0,0,0.0) [netns] (root,0,0,0.0) [async/mgr] (root,0,0,0.0) [pm] (root,0,0,0.0) [sync_supers] (root,0,0,0.0) [bdi-default] (root,0,0,0.0) [kintegrityd/0] (root,0,0,0.0) [kintegrityd/1] (root,0,0,0.0) [kblockd/0] (root,0,0,0.0) [kblockd/1] (root,0,0,0.0) [kacpid] (root,0,0,0.0) [kacpi_notify] (root,0,0,0.0) [kacpi_hotplug] (root,0,0,0.0) [ata_aux] (root,0,0,0.0) [ata_sff/0] (root,0,0,0.0) [ata_sff/1] (root,0,0,0.0) [ksuspend_usbd] (root,0,0,0.0) [khubd] (root,0,0,0.0) [kseriod] (root,0,0,0.0) [md/0] (root,0,0,0.0) [md/1] (root,0,0,0.0) [md_misc/0] (root,0,0,0.0) [md_misc/1] (root,0,0,0.0) [linkwatch] (root,0,0,0.0) [khungtaskd] (root,0,0,0.0) [kswapd0] (root,0,0,0.0) [ksmd] (root,0,0,0.0) [khugepaged] (root,0,0,0.0) [aio/0] (root,0,0,0.0) [aio/1] (root,0,0,0.0) [crypto/0] (root,0,0,0.0) [crypto/1] (root,0,0,0.0) [kthrotld/0] (root,0,0,0.0) [kthrotld/1] (root,0,0,0.0) [pciehpd] (root,0,0,0.0) [kpsmoused] (root,0,0,0.0) [usbhid_resumer] (root,0,0,0.0) [deferwq] (root,0,0,0.0) [kdmremove] (root,0,0,0.0) [kstriped] (root,0,0,0.0) [scsi_eh_0] (root,0,0,0.0) [scsi_eh_1] (root,0,0,0.0) [scsi_eh_2] (root,0,0,0.0) [vmw_pvscsi_wq_2] (root,0,0,0.0) [kdmflush] (root,0,0,0.0) [kdmflush] (root,0,0,0.0) [jbd2/dm-0-8] (root,0,0,0.0) [ext4-dio-unwrit] (root,10900,264,0.0) /sbin/udevd -d (root,80868,3432,0.0) /usr/libexec/postfix/master (postfix,81908,4404,0.0) qmgr -l -t fifo -u (postfix,81472,4448,0.0) tlsmgr -l -t unix -u (postfix,81048,3484,0.0) anvil -l -t unix -u (root,0,0,0.0) [vmmemctl] (root,0,0,0.0) [jbd2/sda1-8] (root,0,0,0.0) [ext4-dio-unwrit] (root,0,0,0.0) [kauditd] (root,0,0,0.0) [flush-253:0] (root,37200,420,0.0) /usr/local/sbin/keepalived -D (root,39304,1388,0.0) /usr/local/sbin/keepalived -D (root,39304,832,0.0) /usr/local/sbin/keepalived -D (root,93156,732,0.0) auditd (root,249856,5592,0.0) /sbin/rsyslogd -i /var/run/syslogd.pid -c 5 (rpc,19108,956,0.0) rpcbind (root,200180,1940,0.0) /usr/sbin/snmpd -LS0-6d -Lf /dev/null -p /var/run/snmpd.pid (root,66224,608,0.0) /usr/sbin/sshd (root,21716,744,0.0) xinetd -stayalive -pidfile /var/run/xinetd.pid (root,71216,1676,0.0) /usr/sbin/saslauthd -m /var/run/saslauthd -a pam (root,71216,1664,0.0) /usr/sbin/saslauthd -m /var/run/saslauthd -a pam (root,71216,1664,0.0) /usr/sbin/saslauthd -m /var/run/saslauthd -a pam (root,71216,1664,0.0) /usr/sbin/saslauthd -m /var/run/saslauthd -a pam (root,71216,1668,0.0) /usr/sbin/saslauthd -m /var/run/saslauthd -a pam (nagios,41464,744,0.0) nrpe -c /etc/nagios/nrpe.cfg -d (root,408304,31108,0.0) /usr/bin/vmtoolsd (root,31840,344,0.0) /usr/sbin/htcacheclean -d5 -n -i -p/var/cache/mod_proxy -l150M (root,116856,676,0.0) crond (root,216632,63944,0.1) splunkd -p 8089 start (root,62884,824,0.0) [splunkd pid=2622] splunkd -p 8089 start [process-runner] (root,198272,1040,0.0) /usr/bin/python -Es /usr/bin/fail2ban-server -s /var/run/fail2ban/fail2ban.sock -p /var/run/fail2ban/fail2ban.pid -x -b (postfix,80952,3384,0.0) pickup -l -t fifo -u (postfix,81032,3392,0.0) showq -t unix -u (root,251276,14776,0.1) /usr/bin/monitorix -c /etc/monitorix/monitorix.conf -p /var/run/monitorix.pid (root,4064,484,0.0) /sbin/mingetty /dev/tty1 (root,4064,484,0.0) /sbin/mingetty /dev/tty2 (root,4064,484,0.0) /sbin/mingetty /dev/tty3 (root,4064,484,0.0) /sbin/mingetty /dev/tty4 (root,4064,484,0.0) /sbin/mingetty /dev/tty5 (root,4064,484,0.0) /sbin/mingetty /dev/tty6 (nobody,217028,2076,0.0) monitorix-httpd listening on 8080 (root,10896,204,0.0) /sbin/udevd -d (root,10896,176,0.0) /sbin/udevd -d (root,108168,676,0.0) /bin/sh /usr/bin/mysqld_safe --datadir=/var/lib/mysql --socket=/var/lib/mysql/mysql.sock --pid-file=/var/run/mysqld/mysqld.pid --basedir=/usr --user=mysql (mysql,4554580,2155168,1.2) /usr/libexec/mysqld --basedir=/usr --datadir=/var/lib/mysql --user=mysql --log-error=/var/log/mysqld.log --pid-file=/var/run/mysqld/mysqld.pid --socket=/var/lib/mysql/mysql.sock (5008,213440,13788,0.0) /usr/bin/perl /usr/sbin/cbpolicyd (apache,479748,43612,0.5) /usr/sbin/httpd (apache,479092,42972,0.4) /usr/sbin/httpd (5008,213440,13740,0.0) /usr/bin/perl /usr/sbin/cbpolicyd (apache,478676,42524,0.4) /usr/sbin/httpd (opendkim,1084180,6408,0.1) /usr/sbin/opendkim -x /etc/opendkim.conf -P /var/run/opendkim/opendkim.pid (apache,477176,39108,0.1) /usr/sbin/httpd (postfix,81176,3656,0.0) cleanup -z -t unix -u (postfix,80940,3312,0.0) spawn -z -n 127.0.0.1:2527 -t inet user=nobody argv=/etc/postfix/random.pl (5008,213440,13708,0.0) /usr/bin/perl /usr/sbin/cbpolicyd (postfix,97204,6716,0.0) smtpd -n smtp -t inet -u -o stress= -o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions=permit_sasl_authenticated,reject (postfix,81176,3736,0.0) cleanup -z -t unix -u (postfix,97204,6704,0.0) smtpd -n smtp -t inet -u -o stress= -o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions=permit_sasl_authenticated,reject (5008,213440,13688,0.0) /usr/bin/perl /usr/sbin/cbpolicyd (5008,213448,13632,0.0) /usr/bin/perl /usr/sbin/cbpolicyd (postfix,97184,6676,0.0) smtpd -n smtp -t inet -u -o stress= -o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions=permit_sasl_authenticated,reject (postfix,97052,6360,0.0) smtpd -n smtp -t inet -u -o stress= -o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions=permit_sasl_authenticated,reject (postfix,97164,6688,0.3) smtpd -n 465 -t inet -u -o stress= -o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions=permit_sasl_authenticated,reject (postfix,81440,4912,0.0) smtp -n rotate2 -t unix -u -o syslog_name=postfix-rotate2 -o smtp_helo_name=smtp111.ext.armada.it -o smtp_bind_address=5.134.127.226 (postfix,81508,5024,0.1) smtp -n rotate1 -t unix -u -o syslog_name=postfix-rotate1 -o smtp_helo_name=smtp110.ext.armada.it -o smtp_bind_address=5.134.127.225 (postfix,81508,5032,0.1) smtp -n rotate5 -t unix -u -o syslog_name=postfix-rotate5 -o smtp_helo_name=smtp114.ext.armada.it -o smtp_bind_address=5.134.127.229 (postfix,81440,4896,0.0) smtp -n rotate2 -t unix -u -o syslog_name=postfix-rotate2 -o smtp_helo_name=smtp111.ext.armada.it -o smtp_bind_address=5.134.127.226 (postfix,81440,4892,0.0) smtp -n rotate1 -t unix -u -o syslog_name=postfix-rotate1 -o smtp_helo_name=smtp110.ext.armada.it -o smtp_bind_address=5.134.127.225 (5008,213448,13636,0.0) /usr/bin/perl /usr/sbin/cbpolicyd (postfix,80960,3404,0.0) trivial-rewrite -n rewrite -t unix -u (nobody,35692,4624,0.0) /usr/bin/perl -w /etc/postfix/random.pl (postfix,81440,4892,0.0) smtp -n rotate3 -t unix -u -o syslog_name=postfix-rotate3 -o smtp_helo_name=smtp112.ext.armada.it -o smtp_bind_address=5.134.127.227 (postfix,81440,4896,0.0) smtp -n rotate3 -t unix -u -o syslog_name=postfix-rotate3 -o smtp_helo_name=smtp112.ext.armada.it -o smtp_bind_address=5.134.127.227 (postfix,97052,6356,0.0) smtpd -n smtp -t inet -u -o stress= -o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions=permit_sasl_authenticated,reject (postfix,81172,3652,0.0) cleanup -z -t unix -u (postfix,81440,4864,0.0) smtp -n rotate3 -t unix -u -o syslog_name=postfix-rotate3 -o smtp_helo_name=smtp112.ext.armada.it -o smtp_bind_address=5.134.127.227 (postfix,80940,3316,0.0) scache -l -t unix -u (postfix,97168,6664,0.0) smtpd -n 465 -t inet -u -o stress= -o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions=permit_sasl_authenticated,reject (postfix,97200,6632,0.0) smtpd -n submission -t inet -u -o stress= -o smtpd_tls_security_level=encrypt -o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions=permit_sasl_authenticated,reject (5008,213324,12040,0.0) /usr/bin/perl /usr/sbin/cbpolicyd (postfix,81440,4888,0.1) smtp -n rotate5 -t unix -u -o syslog_name=postfix-rotate5 -o smtp_helo_name=smtp114.ext.armada.it -o smtp_bind_address=5.134.127.229 (root,110232,1568,0.0) /bin/bash /usr/bin/check_mk_agent (root,110232,732,0.0) /bin/bash /usr/bin/check_mk_agent (root,110232,648,0.0) /bin/bash /usr/bin/check_mk_agent (root,830736,11092,1.2) python /usr/lib64/nagios/plugins/check_blacklist -w 1 -c 3 -h 5.134.127.110 (root,110232,1532,0.0) /bin/bash /usr/bin/check_mk_agent (root,13372,1012,0.0) ps ax -o user,vsz,rss,pcpu,command --columns 10000 (root,8392,832,0.0) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4) / (root,363904,26800,0.0) /usr/sbin/httpd (5008,182364,9228,0.0) /usr/bin/perl /usr/sbin/cbpolicyd (5008,213440,13760,0.0) /usr/bin/perl /usr/sbin/cbpolicyd (apache,477576,41444,0.4) /usr/sbin/httpd (root,0,0,0.0) [migration/3] (root,0,0,0.0) [stopper/3] (root,0,0,0.0) [ksoftirqd/3] (root,0,0,0.0) [kthrotld/3] (root,0,0,0.0) [crypto/3] (root,0,0,0.0) [aio/3] (root,0,0,0.0) [md_misc/3] (root,0,0,0.0) [md/3] (root,0,0,0.0) [ata_sff/3] (root,0,0,0.0) [kblockd/3] (root,0,0,0.0) [kintegrityd/3] (root,0,0,0.0) [events_power_ef] (root,0,0,0.0) [events_long/3] (root,0,0,0.0) [events/3] (root,0,0,0.0) [events/3] (root,0,0,0.0) [watchdog/3] (root,0,0,0.0) [migration/2] (root,0,0,0.0) [stopper/2] (root,0,0,0.0) [ksoftirqd/2] (root,0,0,0.0) [kthrotld/2] (root,0,0,0.0) [crypto/2] (root,0,0,0.0) [aio/2] (root,0,0,0.0) [md_misc/2] (root,0,0,0.0) [md/2] (root,0,0,0.0) [ata_sff/2] (root,0,0,0.0) [kblockd/2] (root,0,0,0.0) [kintegrityd/2] (root,0,0,0.0) [events_power_ef] (root,0,0,0.0) [events_long/2] (root,0,0,0.0) [events/2] (root,0,0,0.0) [events/2] (root,0,0,0.0) [watchdog/2] (5008,213440,13784,0.0) /usr/bin/perl /usr/sbin/cbpolicyd (5008,213448,13756,0.0) /usr/bin/perl /usr/sbin/cbpolicyd
Found on 2023-02-15 09:17 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbd51b336f6083b8906ad374733d13f17a53c0dcf7Found public CheckMk agent: Version: 1.2.4p1 AgentOS: linux PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local SpoolDirectory: /etc/check_mk/spool AgentDirectory: /etc/check_mk OnlyFrom: Found process list through CheckMk: (root,19232,1048,0.0) /sbin/init (root,0,0,0.0) [kthreadd] (root,0,0,0.0) [migration/0] (root,0,0,0.0) [ksoftirqd/0] (root,0,0,0.0) [stopper/0] (root,0,0,0.0) [watchdog/0] (root,0,0,0.0) [migration/1] (root,0,0,0.0) [stopper/1] (root,0,0,0.0) [ksoftirqd/1] (root,0,0,0.0) [watchdog/1] (root,0,0,0.0) [events/0] (root,0,0,0.0) [events/1] (root,0,0,0.0) [events/0] (root,0,0,0.0) [events/1] (root,0,0,0.0) [events_long/0] (root,0,0,0.0) [events_long/1] (root,0,0,0.0) [events_power_ef] (root,0,0,0.0) [events_power_ef] (root,0,0,0.0) [cgroup] (root,0,0,0.0) [khelper] (root,0,0,0.0) [netns] (root,0,0,0.0) [async/mgr] (root,0,0,0.0) [pm] (root,0,0,0.0) [sync_supers] (root,0,0,0.0) [bdi-default] (root,0,0,0.0) [kintegrityd/0] (root,0,0,0.0) [kintegrityd/1] (root,0,0,0.0) [kblockd/0] (root,0,0,0.0) [kblockd/1] (root,0,0,0.0) [kacpid] (root,0,0,0.0) [kacpi_notify] (root,0,0,0.0) [kacpi_hotplug] (root,0,0,0.0) [ata_aux] (root,0,0,0.0) [ata_sff/0] (root,0,0,0.0) [ata_sff/1] (root,0,0,0.0) [ksuspend_usbd] (root,0,0,0.0) [khubd] (root,0,0,0.0) [kseriod] (root,0,0,0.0) [md/0] (root,0,0,0.0) [md/1] (root,0,0,0.0) [md_misc/0] (root,0,0,0.0) [md_misc/1] (root,0,0,0.0) [linkwatch] (root,0,0,0.0) [khungtaskd] (root,0,0,0.0) [kswapd0] (root,0,0,0.0) [ksmd] (root,0,0,0.0) [khugepaged] (root,0,0,0.0) [aio/0] (root,0,0,0.0) [aio/1] (root,0,0,0.0) [crypto/0] (root,0,0,0.0) [crypto/1] (root,0,0,0.0) [kthrotld/0] (root,0,0,0.0) [kthrotld/1] (root,0,0,0.0) [pciehpd] (root,0,0,0.0) [kpsmoused] (root,0,0,0.0) [usbhid_resumer] (root,0,0,0.0) [deferwq] (root,0,0,0.0) [kdmremove] (root,0,0,0.0) [kstriped] (root,0,0,0.0) [scsi_eh_0] (root,0,0,0.0) [scsi_eh_1] (root,0,0,0.0) [scsi_eh_2] (root,0,0,0.0) [vmw_pvscsi_wq_2] (root,0,0,0.0) [kdmflush] (root,0,0,0.0) [kdmflush] (root,0,0,0.0) [jbd2/dm-0-8] (root,0,0,0.0) [ext4-dio-unwrit] (root,10900,264,0.0) /sbin/udevd -d (root,80868,3432,0.0) /usr/libexec/postfix/master (postfix,81908,4404,0.0) qmgr -l -t fifo -u (postfix,81472,4448,0.0) tlsmgr -l -t unix -u (postfix,81048,3484,0.0) anvil -l -t unix -u (root,0,0,0.0) [vmmemctl] (root,0,0,0.0) [jbd2/sda1-8] (root,0,0,0.0) [ext4-dio-unwrit] (root,0,0,0.0) [kauditd] (root,0,0,0.0) [flush-253:0] (root,37200,420,0.0) /usr/local/sbin/keepalived -D (root,39304,1388,0.0) /usr/local/sbin/keepalived -D (root,39304,832,0.0) /usr/local/sbin/keepalived -D (root,93156,732,0.0) auditd (root,249856,5604,0.0) /sbin/rsyslogd -i /var/run/syslogd.pid -c 5 (rpc,19108,956,0.0) rpcbind (root,200180,1940,0.0) /usr/sbin/snmpd -LS0-6d -Lf /dev/null -p /var/run/snmpd.pid (root,66224,608,0.0) /usr/sbin/sshd (root,21716,744,0.0) xinetd -stayalive -pidfile /var/run/xinetd.pid (5008,213856,14088,0.0) /usr/bin/perl /usr/sbin/cbpolicyd (postfix,80940,3316,0.0) spawn -z -n 127.0.0.1:2527 -t inet user=nobody argv=/etc/postfix/random.pl (root,71216,1676,0.0) /usr/sbin/saslauthd -m /var/run/saslauthd -a pam (root,71216,1664,0.0) /usr/sbin/saslauthd -m /var/run/saslauthd -a pam (root,71216,1664,0.0) /usr/sbin/saslauthd -m /var/run/saslauthd -a pam (root,71216,1664,0.0) /usr/sbin/saslauthd -m /var/run/saslauthd -a pam (root,71216,1668,0.0) /usr/sbin/saslauthd -m /var/run/saslauthd -a pam (nagios,41464,744,0.0) nrpe -c /etc/nagios/nrpe.cfg -d (root,406932,29628,0.0) /usr/bin/vmtoolsd (root,31840,344,0.0) /usr/sbin/htcacheclean -d5 -n -i -p/var/cache/mod_proxy -l150M (root,116856,676,0.0) crond (root,216632,63636,0.1) splunkd -p 8089 start (root,62884,824,0.0) [splunkd pid=2622] splunkd -p 8089 start [process-runner] (root,198272,1040,0.0) /usr/bin/python -Es /usr/bin/fail2ban-server -s /var/run/fail2ban/fail2ban.sock -p /var/run/fail2ban/fail2ban.pid -x -b (root,251276,14772,0.1) /usr/bin/monitorix -c /etc/monitorix/monitorix.conf -p /var/run/monitorix.pid (root,4064,484,0.0) /sbin/mingetty /dev/tty1 (root,4064,484,0.0) /sbin/mingetty /dev/tty2 (root,4064,484,0.0) /sbin/mingetty /dev/tty3 (root,4064,484,0.0) /sbin/mingetty /dev/tty4 (root,4064,484,0.0) /sbin/mingetty /dev/tty5 (root,4064,484,0.0) /sbin/mingetty /dev/tty6 (nobody,217028,2076,0.0) monitorix-httpd listening on 8080 (root,10896,204,0.0) /sbin/udevd -d (root,10896,176,0.0) /sbin/udevd -d (5008,213448,13676,0.0) /usr/bin/perl /usr/sbin/cbpolicyd (postfix,97168,6732,0.0) smtpd -n 465 -t inet -u -o stress= -o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions=permit_sasl_authenticated,reject (postfix,81032,3388,0.0) showq -t unix -u (postfix,97168,6720,0.0) smtpd -n 465 -t inet -u -o stress= -o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions=permit_sasl_authenticated,reject (root,108168,676,0.0) /bin/sh /usr/bin/mysqld_safe --datadir=/var/lib/mysql --socket=/var/lib/mysql/mysql.sock --pid-file=/var/run/mysqld/mysqld.pid --basedir=/usr --user=mysql (mysql,4554580,2124920,1.2) /usr/libexec/mysqld --basedir=/usr --datadir=/var/lib/mysql --user=mysql --log-error=/var/log/mysqld.log --pid-file=/var/run/mysqld/mysqld.pid --socket=/var/lib/mysql/mysql.sock (5008,213840,14104,0.0) /usr/bin/perl /usr/sbin/cbpolicyd (5008,213448,13676,0.0) /usr/bin/perl /usr/sbin/cbpolicyd (postfix,97052,6360,0.0) smtpd -n smtp -t inet -u -o stress= -o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions=permit_sasl_authenticated,reject (postfix,81172,3652,0.0) cleanup -z -t unix -u (postfix,81440,4892,0.0) smtp -n rotate4 -t unix -u -o syslog_name=postfix-rotate4 -o smtp_helo_name=smtp113.ext.armada.it -o smtp_bind_address=5.134.127.228 (postfix,81440,4888,0.0) smtp -n rotate5 -t unix -u -o syslog_name=postfix-rotate5 -o smtp_helo_name=smtp114.ext.armada.it -o smtp_bind_address=5.134.127.229 (postfix,81440,4888,0.0) smtp -n rotate5 -t unix -u -o syslog_name=postfix-rotate5 -o smtp_helo_name=smtp114.ext.armada.it -o smtp_bind_address=5.134.127.229 (postfix,81440,4904,0.0) smtp -n rotate2 -t unix -u -o syslog_name=postfix-rotate2 -o smtp_helo_name=smtp111.ext.armada.it -o smtp_bind_address=5.134.127.226 (5008,213448,13640,0.0) /usr/bin/perl /usr/sbin/cbpolicyd (postfix,97052,6356,0.0) smtpd -n smtp -t inet -u -o stress= -o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions=permit_sasl_authenticated,reject (postfix,80928,3320,0.0) proxymap -t unix -u (postfix,97052,6356,0.0) smtpd -n smtp -t inet -u -o stress= -o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions=permit_sasl_authenticated,reject (postfix,80960,3400,0.0) trivial-rewrite -n rewrite -t unix -u (nobody,35692,4624,0.0) /usr/bin/perl -w /etc/postfix/random.pl (5008,213324,12228,0.0) /usr/bin/perl /usr/sbin/cbpolicyd (postfix,81172,3652,0.0) cleanup -z -t unix -u (postfix,81172,3656,0.0) cleanup -z -t unix -u (postfix,81440,4860,0.0) smtp -n rotate5 -t unix -u -o syslog_name=postfix-rotate5 -o smtp_helo_name=smtp114.ext.armada.it -o smtp_bind_address=5.134.127.229 (postfix,97052,6356,0.0) smtpd -n smtp -t inet -u -o stress= -o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions=permit_sasl_authenticated,reject (5008,213324,12456,0.0) /usr/bin/perl /usr/sbin/cbpolicyd (postfix,97200,6668,0.0) smtpd -n submission -t inet -u -o stress= -o smtpd_tls_security_level=encrypt -o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions=permit_sasl_authenticated,reject (5008,213324,12040,0.0) /usr/bin/perl /usr/sbin/cbpolicyd (postfix,80988,3432,0.0) bounce -z -t unix -u (postfix,81440,4880,0.0) smtp -n rotate1 -t unix -u -o syslog_name=postfix-rotate1 -o smtp_helo_name=smtp110.ext.armada.it -o smtp_bind_address=5.134.127.225 (postfix,81440,4880,0.0) smtp -n rotate1 -t unix -u -o syslog_name=postfix-rotate1 -o smtp_helo_name=smtp110.ext.armada.it -o smtp_bind_address=5.134.127.225 (5008,213324,12040,0.0) /usr/bin/perl /usr/sbin/cbpolicyd (root,66224,3096,0.0) sshd: [accepted] (root,66224,3100,0.0) sshd: [accepted] (root,66224,3096,0.0) sshd: [accepted] (root,66224,3100,0.0) sshd: [accepted] (postfix,97200,6628,0.5) smtpd -n submission -t inet -u -o stress= -o smtpd_tls_security_level=encrypt -o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions=permit_sasl_authenticated,reject (root,110232,1572,0.2) /bin/bash /usr/bin/check_mk_agent (root,110232,736,0.0) /bin/bash /usr/bin/check_mk_agent (root,110232,652,0.0) /bin/bash /usr/bin/check_mk_agent (root,830728,9056,1.2) python /usr/lib64/nagios/plugins/check_blacklist -w 1 -c 3 -h 5.134.127.110 (root,101288,4300,1.0) sshd: root [priv] (sshd,67568,1632,0.0) sshd: root [net] (postfix,97200,6632,1.0) smtpd -n submission -t inet -u -o stress= -o smtpd_tls_security_level=encrypt -o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions=permit_sasl_authenticated,reject (root,67568,3220,0.0) sshd: [accepted] (sshd,67568,1520,0.0) sshd: [net] (root,66224,3096,0.0) sshd: [accepted] (root,110232,1536,0.0) /bin/bash /usr/bin/check_mk_agent (root,13364,1008,0.0) ps ax -o user,vsz,rss,pcpu,command --columns 10000 (root,8392,828,0.0) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4) / (opendkim,1094424,6684,0.1) /usr/sbin/opendkim -x /etc/opendkim.conf -P /var/run/opendkim/opendkim.pid (5008,213580,13868,0.0) /usr/bin/perl /usr/sbin/cbpolicyd (apache,488776,52744,0.5) /usr/sbin/httpd (apache,493708,57752,0.6) /usr/sbin/httpd (root,363128,26024,0.0) /usr/sbin/httpd (5008,182364,9228,0.0) /usr/bin/perl /usr/sbin/cbpolicyd (root,99976,4024,0.0) sshd: root@pts/0 (root,108432,1988,0.0) -bash (root,0,0,0.0) [migration/3] (root,0,0,0.0) [stopper/3] (root,0,0,0.0) [ksoftirqd/3] (root,0,0,0.0) [kthrotld/3] (root,0,0,0.0) [crypto/3] (root,0,0,0.0) [aio/3] (root,0,0,0.0) [md_misc/3] (root,0,0,0.0) [md/3] (root,0,0,0.0) [ata_sff/3] (root,0,0,0.0) [kblockd/3] (root,0,0,0.0) [kintegrityd/3] (root,0,0,0.0) [events_power_ef] (root,0,0,0.0) [events_long/3] (root,0,0,0.0) [events/3] (root,0,0,0.0) [events/3] (root,0,0,0.0) [watchdog/3] (root,0,0,0.0) [migration/2] (root,0,0,0.0) [stopper/2] (root,0,0,0.0) [ksoftirqd/2] (root,0,0,0.0) [kthrotld/2] (root,0,0,0.0) [crypto/2] (root,0,0,0.0) [aio/2] (root,0,0,0.0) [md_misc/2] (root,0,0,0.0) [md/2] (root,0,0,0.0) [ata_sff/2] (root,0,0,0.0) [kblockd/2] (root,0,0,0.0) [kintegrityd/2] (root,0,0,0.0) [events_power_ef] (root,0,0,0.0) [events_long/2] (root,0,0,0.0) [events/2] (root,0,0,0.0) [events/2] (root,0,0,0.0) [watchdog/2] (postfix,80952,3324,0.0) pickup -l -t fifo -u (apache,478924,42804,0.4) /usr/sbin/httpd (apache,479448,43280,0.3) /usr/sbin/httpd (apache,480476,42356,0.4) /usr/sbin/httpd (5008,213452,13720,0.0) /usr/bin/perl /usr/sbin/cbpolicyd
Found on 2023-02-07 18:13 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbd51b336f6083b8906ad374733d13f17a637f65a7Found public CheckMk agent: Version: 1.2.4p1 AgentOS: linux PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local SpoolDirectory: /etc/check_mk/spool AgentDirectory: /etc/check_mk OnlyFrom: Found process list through CheckMk: (root,19232,1048,0.0) /sbin/init (root,0,0,0.0) [kthreadd] (root,0,0,0.0) [migration/0] (root,0,0,0.0) [ksoftirqd/0] (root,0,0,0.0) [stopper/0] (root,0,0,0.0) [watchdog/0] (root,0,0,0.0) [migration/1] (root,0,0,0.0) [stopper/1] (root,0,0,0.0) [ksoftirqd/1] (root,0,0,0.0) [watchdog/1] (root,0,0,0.0) [events/0] (root,0,0,0.0) [events/1] (root,0,0,0.0) [events/0] (root,0,0,0.0) [events/1] (root,0,0,0.0) [events_long/0] (root,0,0,0.0) [events_long/1] (root,0,0,0.0) [events_power_ef] (root,0,0,0.0) [events_power_ef] (root,0,0,0.0) [cgroup] (root,0,0,0.0) [khelper] (root,0,0,0.0) [netns] (root,0,0,0.0) [async/mgr] (root,0,0,0.0) [pm] (root,0,0,0.0) [sync_supers] (root,0,0,0.0) [bdi-default] (root,0,0,0.0) [kintegrityd/0] (root,0,0,0.0) [kintegrityd/1] (root,0,0,0.0) [kblockd/0] (root,0,0,0.0) [kblockd/1] (root,0,0,0.0) [kacpid] (root,0,0,0.0) [kacpi_notify] (root,0,0,0.0) [kacpi_hotplug] (root,0,0,0.0) [ata_aux] (root,0,0,0.0) [ata_sff/0] (root,0,0,0.0) [ata_sff/1] (root,0,0,0.0) [ksuspend_usbd] (root,0,0,0.0) [khubd] (root,0,0,0.0) [kseriod] (root,0,0,0.0) [md/0] (root,0,0,0.0) [md/1] (root,0,0,0.0) [md_misc/0] (root,0,0,0.0) [md_misc/1] (root,0,0,0.0) [linkwatch] (root,0,0,0.0) [khungtaskd] (root,0,0,0.0) [kswapd0] (root,0,0,0.0) [ksmd] (root,0,0,0.0) [khugepaged] (root,0,0,0.0) [aio/0] (root,0,0,0.0) [aio/1] (root,0,0,0.0) [crypto/0] (root,0,0,0.0) [crypto/1] (root,0,0,0.0) [kthrotld/0] (root,0,0,0.0) [kthrotld/1] (root,0,0,0.0) [pciehpd] (root,0,0,0.0) [kpsmoused] (root,0,0,0.0) [usbhid_resumer] (root,0,0,0.0) [deferwq] (root,0,0,0.0) [kdmremove] (root,0,0,0.0) [kstriped] (root,0,0,0.0) [scsi_eh_0] (root,0,0,0.0) [scsi_eh_1] (root,0,0,0.0) [scsi_eh_2] (root,0,0,0.0) [vmw_pvscsi_wq_2] (root,0,0,0.0) [kdmflush] (root,0,0,0.0) [kdmflush] (postfix,81440,4892,0.0) smtp -n rotate2 -t unix -u -o syslog_name=postfix-rotate2 -o smtp_helo_name=smtp111.ext.armada.it -o smtp_bind_address=5.134.127.226 (postfix,81440,4884,0.0) smtp -n rotate2 -t unix -u -o syslog_name=postfix-rotate2 -o smtp_helo_name=smtp111.ext.armada.it -o smtp_bind_address=5.134.127.226 (root,0,0,0.0) [jbd2/dm-0-8] (root,0,0,0.0) [ext4-dio-unwrit] (postfix,80940,3320,0.0) scache -l -t unix -u (root,10900,264,0.0) /sbin/udevd -d (root,80868,3408,0.0) /usr/libexec/postfix/master (postfix,81476,3972,0.0) qmgr -l -t fifo -u (postfix,81472,4444,0.0) tlsmgr -l -t unix -u (postfix,80944,3412,0.0) anvil -l -t unix -u (5008,213324,12040,0.0) /usr/bin/perl /usr/sbin/cbpolicyd (postfix,97052,6296,0.1) smtpd -n smtp -t inet -u -o stress= -o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions=permit_sasl_authenticated,reject (postfix,80928,3324,0.0) proxymap -t unix -u (postfix,97052,6296,0.1) smtpd -n smtp -t inet -u -o stress= -o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions=permit_sasl_authenticated,reject (root,0,0,0.0) [vmmemctl] (root,110232,1568,0.0) /bin/bash /usr/bin/check_mk_agent (root,110232,732,0.0) /bin/bash /usr/bin/check_mk_agent (root,110232,648,0.0) /bin/bash /usr/bin/check_mk_agent (root,830732,11088,1.0) python /usr/lib64/nagios/plugins/check_blacklist -w 1 -c 3 -h 5.134.127.110 (root,101288,4292,0.6) sshd: root [priv] (sshd,67568,1656,0.0) sshd: root [net] (root,110232,1536,0.0) /bin/bash /usr/bin/check_mk_agent (root,13368,1008,0.0) ps ax -o user,vsz,rss,pcpu,command --columns 10000 (root,8388,812,0.0) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4) / (root,0,0,0.0) [jbd2/sda1-8] (root,0,0,0.0) [ext4-dio-unwrit] (root,0,0,0.0) [kauditd] (root,0,0,0.0) [flush-253:0] (root,37200,420,0.0) /usr/local/sbin/keepalived -D (root,39304,1388,0.0) /usr/local/sbin/keepalived -D (root,39304,832,0.0) /usr/local/sbin/keepalived -D (root,93156,732,0.0) auditd (root,249856,5616,0.0) /sbin/rsyslogd -i /var/run/syslogd.pid -c 5 (rpc,19108,956,0.0) rpcbind (root,200180,1940,0.0) /usr/sbin/snmpd -LS0-6d -Lf /dev/null -p /var/run/snmpd.pid (root,66224,608,0.0) /usr/sbin/sshd (root,21716,744,0.0) xinetd -stayalive -pidfile /var/run/xinetd.pid (root,71216,1676,0.0) /usr/sbin/saslauthd -m /var/run/saslauthd -a pam (root,71216,1664,0.0) /usr/sbin/saslauthd -m /var/run/saslauthd -a pam (root,71216,1664,0.0) /usr/sbin/saslauthd -m /var/run/saslauthd -a pam (root,71216,1664,0.0) /usr/sbin/saslauthd -m /var/run/saslauthd -a pam (root,71216,1668,0.0) /usr/sbin/saslauthd -m /var/run/saslauthd -a pam (nagios,41464,744,0.0) nrpe -c /etc/nagios/nrpe.cfg -d (root,404452,27256,0.0) /usr/bin/vmtoolsd (root,31840,344,0.0) /usr/sbin/htcacheclean -d5 -n -i -p/var/cache/mod_proxy -l150M (root,116856,676,0.0) crond (root,216632,63876,0.1) splunkd -p 8089 start (root,62884,824,0.0) [splunkd pid=2622] splunkd -p 8089 start [process-runner] (root,198272,1040,0.0) /usr/bin/python -Es /usr/bin/fail2ban-server -s /var/run/fail2ban/fail2ban.sock -p /var/run/fail2ban/fail2ban.pid -x -b (root,251276,14772,0.1) /usr/bin/monitorix -c /etc/monitorix/monitorix.conf -p /var/run/monitorix.pid (5008,213736,13932,0.0) /usr/bin/perl /usr/sbin/cbpolicyd (root,4064,484,0.0) /sbin/mingetty /dev/tty1 (root,4064,484,0.0) /sbin/mingetty /dev/tty2 (root,4064,484,0.0) /sbin/mingetty /dev/tty3 (root,4064,484,0.0) /sbin/mingetty /dev/tty4 (root,4064,484,0.0) /sbin/mingetty /dev/tty5 (root,4064,484,0.0) /sbin/mingetty /dev/tty6 (nobody,217028,2076,0.0) monitorix-httpd listening on 8080 (root,10896,204,0.0) /sbin/udevd -d (root,10896,176,0.0) /sbin/udevd -d (apache,480400,42484,0.4) /usr/sbin/httpd (apache,479592,41628,0.3) /usr/sbin/httpd (5008,213992,14260,0.0) /usr/bin/perl /usr/sbin/cbpolicyd (root,108168,676,0.0) /bin/sh /usr/bin/mysqld_safe --datadir=/var/lib/mysql --socket=/var/lib/mysql/mysql.sock --pid-file=/var/run/mysqld/mysqld.pid --basedir=/usr --user=mysql (mysql,4554580,2059200,1.2) /usr/libexec/mysqld --basedir=/usr --datadir=/var/lib/mysql --user=mysql --log-error=/var/log/mysqld.log --pid-file=/var/run/mysqld/mysqld.pid --socket=/var/lib/mysql/mysql.sock (opendkim,494356,5416,0.0) /usr/sbin/opendkim -x /etc/opendkim.conf -P /var/run/opendkim/opendkim.pid (5008,213448,13764,0.0) /usr/bin/perl /usr/sbin/cbpolicyd (postfix,80940,3320,0.0) spawn -z -n 127.0.0.1:2527 -t inet user=nobody argv=/etc/postfix/random.pl (root,361960,24860,0.0) /usr/sbin/httpd (5008,182364,9228,0.0) /usr/bin/perl /usr/sbin/cbpolicyd (root,99976,4044,0.0) sshd: root@pts/0 (root,108432,2028,0.0) -bash (5008,213448,13720,0.0) /usr/bin/perl /usr/sbin/cbpolicyd (apache,482632,44644,0.5) /usr/sbin/httpd (apache,480544,44544,0.6) /usr/sbin/httpd (5008,213868,14132,0.0) /usr/bin/perl /usr/sbin/cbpolicyd (postfix,80952,3324,0.0) pickup -l -t fifo -u (postfix,81032,3388,0.0) showq -t unix -u (5008,213852,14108,0.0) /usr/bin/perl /usr/sbin/cbpolicyd (root,0,0,0.0) [migration/3] (root,0,0,0.0) [stopper/3] (root,0,0,0.0) [ksoftirqd/3] (root,0,0,0.0) [kthrotld/3] (root,0,0,0.0) [crypto/3] (root,0,0,0.0) [aio/3] (root,0,0,0.0) [md_misc/3] (root,0,0,0.0) [md/3] (root,0,0,0.0) [ata_sff/3] (root,0,0,0.0) [kblockd/3] (root,0,0,0.0) [kintegrityd/3] (root,0,0,0.0) [events_power_ef] (root,0,0,0.0) [events_long/3] (root,0,0,0.0) [events/3] (root,0,0,0.0) [events/3] (root,0,0,0.0) [watchdog/3] (root,0,0,0.0) [migration/2] (root,0,0,0.0) [stopper/2] (root,0,0,0.0) [ksoftirqd/2] (root,0,0,0.0) [kthrotld/2] (root,0,0,0.0) [crypto/2] (root,0,0,0.0) [aio/2] (root,0,0,0.0) [md_misc/2] (root,0,0,0.0) [md/2] (root,0,0,0.0) [ata_sff/2] (root,0,0,0.0) [kblockd/2] (root,0,0,0.0) [kintegrityd/2] (root,0,0,0.0) [events_power_ef] (root,0,0,0.0) [events_long/2] (root,0,0,0.0) [events/2] (root,0,0,0.0) [events/2] (root,0,0,0.0) [watchdog/2] (postfix,97208,6704,0.0) smtpd -n 465 -t inet -u -o stress= -o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions=permit_sasl_authenticated,reject (apache,472488,36136,0.6) /usr/sbin/httpd (postfix,97240,6696,0.0) smtpd -n 465 -t inet -u -o stress= -o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions=permit_sasl_authenticated,reject (postfix,97240,6732,0.0) smtpd -n 465 -t inet -u -o stress= -o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions=permit_sasl_authenticated,reject (5008,213440,13672,0.0) /usr/bin/perl /usr/sbin/cbpolicyd (postfix,97196,6704,0.0) smtpd -n smtp -t inet -u -o stress= -o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions=permit_sasl_authenticated,reject (postfix,81172,3656,0.0) cleanup -z -t unix -u (5008,213324,12456,0.0) /usr/bin/perl /usr/sbin/cbpolicyd (postfix,81440,4896,0.0) smtp -n rotate3 -t unix -u -o syslog_name=postfix-rotate3 -o smtp_helo_name=smtp112.ext.armada.it -o smtp_bind_address=5.134.127.227 (postfix,81440,4908,0.0) smtp -n rotate3 -t unix -u -o syslog_name=postfix-rotate3 -o smtp_helo_name=smtp112.ext.armada.it -o smtp_bind_address=5.134.127.227 (postfix,81440,4896,0.0) smtp -n rotate1 -t unix -u -o syslog_name=postfix-rotate1 -o smtp_helo_name=smtp110.ext.armada.it -o smtp_bind_address=5.134.127.225 (postfix,81440,4884,0.0) smtp -n rotate1 -t unix -u -o syslog_name=postfix-rotate1 -o smtp_helo_name=smtp110.ext.armada.it -o smtp_bind_address=5.134.127.225 (postfix,81440,4884,0.0) smtp -n rotate4 -t unix -u -o syslog_name=postfix-rotate4 -o smtp_helo_name=smtp113.ext.armada.it -o smtp_bind_address=5.134.127.228 (postfix,81440,4896,0.0) smtp -n rotate3 -t unix -u -o syslog_name=postfix-rotate3 -o smtp_helo_name=smtp112.ext.armada.it -o smtp_bind_address=5.134.127.227 (postfix,81440,4896,0.0) smtp -n rotate3 -t unix -u -o syslog_name=postfix-rotate3 -o smtp_helo_name=smtp112.ext.armada.it -o smtp_bind_address=5.134.127.227 (postfix,81440,4908,0.0) smtp -n rotate1 -t unix -u -o syslog_name=postfix-rotate1 -o smtp_helo_name=smtp110.ext.armada.it -o smtp_bind_address=5.134.127.225 (postfix,81440,4884,0.0) smtp -n rotate3 -t unix -u -o syslog_name=postfix-rotate3 -o smtp_helo_name=smtp112.ext.armada.it -o smtp_bind_address=5.134.127.227
Found on 2023-01-26 12:42 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbd51b336f6083b8906ad374733d13f17a3045df68Found public CheckMk agent: Version: 1.2.4p1 AgentOS: linux PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local SpoolDirectory: /etc/check_mk/spool AgentDirectory: /etc/check_mk OnlyFrom: Found process list through CheckMk: (root,19232,1048,0.0) /sbin/init (root,0,0,0.0) [kthreadd] (root,0,0,0.0) [migration/0] (root,0,0,0.0) [ksoftirqd/0] (root,0,0,0.0) [stopper/0] (root,0,0,0.0) [watchdog/0] (root,0,0,0.0) [migration/1] (root,0,0,0.0) [stopper/1] (root,0,0,0.0) [ksoftirqd/1] (root,0,0,0.0) [watchdog/1] (root,0,0,0.0) [events/0] (root,0,0,0.0) [events/1] (root,0,0,0.0) [events/0] (root,0,0,0.0) [events/1] (root,0,0,0.0) [events_long/0] (root,0,0,0.0) [events_long/1] (root,0,0,0.0) [events_power_ef] (root,0,0,0.0) [events_power_ef] (root,0,0,0.0) [cgroup] (root,0,0,0.0) [khelper] (root,0,0,0.0) [netns] (root,0,0,0.0) [async/mgr] (root,0,0,0.0) [pm] (root,0,0,0.0) [sync_supers] (root,0,0,0.0) [bdi-default] (root,0,0,0.0) [kintegrityd/0] (root,0,0,0.0) [kintegrityd/1] (root,0,0,0.0) [kblockd/0] (root,0,0,0.0) [kblockd/1] (root,0,0,0.0) [kacpid] (root,0,0,0.0) [kacpi_notify] (root,0,0,0.0) [kacpi_hotplug] (root,0,0,0.0) [ata_aux] (root,0,0,0.0) [ata_sff/0] (root,0,0,0.0) [ata_sff/1] (root,0,0,0.0) [ksuspend_usbd] (root,0,0,0.0) [khubd] (root,0,0,0.0) [kseriod] (root,0,0,0.0) [md/0] (root,0,0,0.0) [md/1] (root,0,0,0.0) [md_misc/0] (root,0,0,0.0) [md_misc/1] (root,0,0,0.0) [linkwatch] (root,0,0,0.0) [khungtaskd] (root,0,0,0.0) [kswapd0] (root,0,0,0.0) [ksmd] (root,0,0,0.0) [khugepaged] (root,0,0,0.0) [aio/0] (root,0,0,0.0) [aio/1] (root,0,0,0.0) [crypto/0] (root,0,0,0.0) [crypto/1] (root,0,0,0.0) [kthrotld/0] (root,0,0,0.0) [kthrotld/1] (root,0,0,0.0) [pciehpd] (root,0,0,0.0) [kpsmoused] (root,0,0,0.0) [usbhid_resumer] (root,0,0,0.0) [deferwq] (root,0,0,0.0) [kdmremove] (root,0,0,0.0) [kstriped] (root,0,0,0.0) [scsi_eh_0] (root,0,0,0.0) [scsi_eh_1] (root,0,0,0.0) [scsi_eh_2] (root,0,0,0.0) [vmw_pvscsi_wq_2] (root,0,0,0.0) [kdmflush] (root,0,0,0.0) [kdmflush] (root,0,0,0.0) [jbd2/dm-0-8] (root,0,0,0.0) [ext4-dio-unwrit] (root,10900,264,0.0) /sbin/udevd -d (root,0,0,0.0) [vmmemctl] (root,0,0,0.0) [jbd2/sda1-8] (root,0,0,0.0) [ext4-dio-unwrit] (root,0,0,0.0) [kauditd] (5008,213448,13748,0.0) /usr/bin/perl /usr/sbin/cbpolicyd (root,0,0,0.0) [flush-253:0] (root,37200,420,0.0) /usr/local/sbin/keepalived -D (root,39304,1332,0.0) /usr/local/sbin/keepalived -D (root,39304,784,0.0) /usr/local/sbin/keepalived -D (root,93156,732,0.0) auditd (root,249856,5616,0.0) /sbin/rsyslogd -i /var/run/syslogd.pid -c 5 (rpc,19108,940,0.0) rpcbind (root,200180,1908,0.0) /usr/sbin/snmpd -LS0-6d -Lf /dev/null -p /var/run/snmpd.pid (root,66224,608,0.0) /usr/sbin/sshd (root,21716,744,0.0) xinetd -stayalive -pidfile /var/run/xinetd.pid (root,71216,1676,0.0) /usr/sbin/saslauthd -m /var/run/saslauthd -a pam (root,85816,1808,0.0) /usr/sbin/saslauthd -m /var/run/saslauthd -a pam (root,71216,1664,0.0) /usr/sbin/saslauthd -m /var/run/saslauthd -a pam (root,71216,1664,0.0) /usr/sbin/saslauthd -m /var/run/saslauthd -a pam (root,71216,1664,0.0) /usr/sbin/saslauthd -m /var/run/saslauthd -a pam (nagios,41464,744,0.0) nrpe -c /etc/nagios/nrpe.cfg -d (postfix,80940,3320,0.0) spawn -z -n 127.0.0.1:2527 -t inet user=nobody argv=/etc/postfix/random.pl (root,399736,22532,0.0) /usr/bin/vmtoolsd (root,31840,344,0.0) /usr/sbin/htcacheclean -d5 -n -i -p/var/cache/mod_proxy -l150M (root,116856,676,0.0) crond (root,216632,62824,0.1) splunkd -p 8089 start (root,62884,824,0.0) [splunkd pid=2622] splunkd -p 8089 start [process-runner] (root,198272,1040,0.0) /usr/bin/python -Es /usr/bin/fail2ban-server -s /var/run/fail2ban/fail2ban.sock -p /var/run/fail2ban/fail2ban.pid -x -b (5008,213444,13796,0.0) /usr/bin/perl /usr/sbin/cbpolicyd (root,251276,14748,0.1) /usr/bin/monitorix -c /etc/monitorix/monitorix.conf -p /var/run/monitorix.pid (root,4064,484,0.0) /sbin/mingetty /dev/tty1 (root,4064,484,0.0) /sbin/mingetty /dev/tty2 (root,4064,484,0.0) /sbin/mingetty /dev/tty3 (root,4064,484,0.0) /sbin/mingetty /dev/tty4 (root,4064,484,0.0) /sbin/mingetty /dev/tty5 (root,4064,484,0.0) /sbin/mingetty /dev/tty6 (nobody,217028,2076,0.0) monitorix-httpd listening on 8080 (root,10896,204,0.0) /sbin/udevd -d (root,10896,176,0.0) /sbin/udevd -d (5008,213448,13720,0.0) /usr/bin/perl /usr/sbin/cbpolicyd (apache,473852,37692,0.5) /usr/sbin/httpd (opendkim,2224968,4876,0.1) /usr/sbin/opendkim -x /etc/opendkim.conf -P /var/run/opendkim/opendkim.pid (root,108168,676,0.0) /bin/sh /usr/bin/mysqld_safe --datadir=/var/lib/mysql --socket=/var/lib/mysql/mysql.sock --pid-file=/var/run/mysqld/mysqld.pid --basedir=/usr --user=mysql (mysql,4554580,1949256,1.2) /usr/libexec/mysqld --basedir=/usr --datadir=/var/lib/mysql --user=mysql --log-error=/var/log/mysqld.log --pid-file=/var/run/mysqld/mysqld.pid --socket=/var/lib/mysql/mysql.sock (5008,213444,13676,0.0) /usr/bin/perl /usr/sbin/cbpolicyd (postfix,81176,3656,0.0) cleanup -z -t unix -u (postfix,97208,6628,0.0) smtpd -n smtp -t inet -u -o stress= -o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions=permit_sasl_authenticated,reject (postfix,97052,6344,0.0) smtpd -n smtp -t inet -u -o stress= -o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions=permit_sasl_authenticated,reject (postfix,97052,6344,0.0) smtpd -n smtp -t inet -u -o stress= -o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions=permit_sasl_authenticated,reject (postfix,97208,6624,0.0) smtpd -n smtp -t inet -u -o stress= -o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions=permit_sasl_authenticated,reject (postfix,97052,6352,0.0) smtpd -n smtp -t inet -u -o stress= -o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions=permit_sasl_authenticated,reject (postfix,80952,3324,0.0) pickup -l -t fifo -u (postfix,81444,4896,0.0) smtp -n rotate3 -t unix -u -o syslog_name=postfix-rotate3 -o smtp_helo_name=smtp112.ext.armada.it -o smtp_bind_address=5.134.127.227 (postfix,97052,6344,0.0) smtpd -n smtp -t inet -u -o stress= -o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions=permit_sasl_authenticated,reject (postfix,97236,6744,0.2) smtpd -n 465 -t inet -u -o stress= -o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions=permit_sasl_authenticated,reject (postfix,81440,4896,0.0) smtp -n rotate1 -t unix -u -o syslog_name=postfix-rotate1 -o smtp_helo_name=smtp110.ext.armada.it -o smtp_bind_address=5.134.127.225 (5008,213440,13704,0.1) /usr/bin/perl /usr/sbin/cbpolicyd (postfix,97052,6300,0.0) smtpd -n smtp -t inet -u -o stress= -o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions=permit_sasl_authenticated,reject (postfix,97052,6304,0.0) smtpd -n smtp -t inet -u -o stress= -o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions=permit_sasl_authenticated,reject (postfix,81440,4884,0.2) smtp -n rotate5 -t unix -u -o syslog_name=postfix-rotate5 -o smtp_helo_name=smtp114.ext.armada.it -o smtp_bind_address=5.134.127.229 (postfix,97168,6692,0.5) smtpd -n 465 -t inet -u -o stress= -o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions=permit_sasl_authenticated,reject (postfix,80956,3376,0.0) showq -t unix -u (postfix,97052,6300,0.0) smtpd -n smtp -t inet -u -o stress= -o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions=permit_sasl_authenticated,reject (postfix,97052,6300,0.0) smtpd -n smtp -t inet -u -o stress= -o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions=permit_sasl_authenticated,reject (postfix,97052,6304,0.0) smtpd -n smtp -t inet -u -o stress= -o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions=permit_sasl_authenticated,reject (postfix,81440,4884,0.0) smtp -n rotate1 -t unix -u -o syslog_name=postfix-rotate1 -o smtp_helo_name=smtp110.ext.armada.it -o smtp_bind_address=5.134.127.225 (root,359628,22524,0.0) /usr/sbin/httpd (5008,182364,9224,0.0) /usr/bin/perl /usr/sbin/cbpolicyd (postfix,81440,4884,0.0) smtp -n rotate2 -t unix -u -o syslog_name=postfix-rotate2 -o smtp_helo_name=smtp111.ext.armada.it -o smtp_bind_address=5.134.127.226 (postfix,81440,4880,0.1) smtp -n rotate2 -t unix -u -o syslog_name=postfix-rotate2 -o smtp_helo_name=smtp111.ext.armada.it -o smtp_bind_address=5.134.127.226 (postfix,81440,4884,0.0) smtp -n rotate4 -t unix -u -o syslog_name=postfix-rotate4 -o smtp_helo_name=smtp113.ext.armada.it -o smtp_bind_address=5.134.127.228 (postfix,81444,4884,0.0) smtp -n rotate2 -t unix -u -o syslog_name=postfix-rotate2 -o smtp_helo_name=smtp111.ext.armada.it -o smtp_bind_address=5.134.127.226 (postfix,81440,4892,0.0) smtp -n rotate3 -t unix -u -o syslog_name=postfix-rotate3 -o smtp_helo_name=smtp112.ext.armada.it -o smtp_bind_address=5.134.127.227 (postfix,81440,4880,0.0) smtp -n rotate4 -t unix -u -o syslog_name=postfix-rotate4 -o smtp_helo_name=smtp113.ext.armada.it -o smtp_bind_address=5.134.127.228 (postfix,81444,4876,0.0) smtp -n rotate5 -t unix -u -o syslog_name=postfix-rotate5 -o smtp_helo_name=smtp114.ext.armada.it -o smtp_bind_address=5.134.127.229 (postfix,81440,4884,0.0) smtp -n rotate5 -t unix -u -o syslog_name=postfix-rotate5 -o smtp_helo_name=smtp114.ext.armada.it -o smtp_bind_address=5.134.127.229 (postfix,81444,4884,0.0) smtp -n rotate4 -t unix -u -o syslog_name=postfix-rotate4 -o smtp_helo_name=smtp113.ext.armada.it -o smtp_bind_address=5.134.127.228 (postfix,80960,3376,0.0) discard -z -n defer -t unix -u (apache,476012,39968,0.7) /usr/sbin/httpd (postfix,80960,3320,0.0) discard -z -n defer -t unix -u (postfix,97052,6296,0.2) smtpd -n smtp -t inet -u -o stress= -o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions=permit_sasl_authenticated,reject (postfix,80928,3324,0.0) proxymap -t unix -u (postfix,97052,6300,0.2) smtpd -n smtp -t inet -u -o stress= -o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions=permit_sasl_authenticated,reject (root,110232,1572,0.1) /bin/bash /usr/bin/check_mk_agent (root,110232,736,0.0) /bin/bash /usr/bin/check_mk_agent (root,110232,652,0.0) /bin/bash /usr/bin/check_mk_agent (root,830732,11088,1.4) python /usr/lib64/nagios/plugins/check_blacklist -w 1 -c 3 -h 5.134.127.110 (5008,213324,12036,0.3) /usr/bin/perl /usr/sbin/cbpolicyd (postfix,80960,3372,0.0) trivial-rewrite -n rewrite -t unix -u (nobody,35692,4624,1.0) /usr/bin/perl -w /etc/postfix/random.pl (root,110232,1532,0.0) /bin/bash /usr/bin/check_mk_agent (root,13368,1016,0.0) ps ax -o user,vsz,rss,pcpu,command --columns 10000 (root,8392,832,0.0) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4) / (root,80996,2376,0.0) /usr/libexec/postfix/master (postfix,83016,4096,0.0) qmgr -l -t fifo -u (postfix,82044,3592,0.0) tlsmgr -l -t unix -u (postfix,81668,2572,0.0) anvil -l -t unix -u (5008,213448,13772,0.0) /usr/bin/perl /usr/sbin/cbpolicyd (root,0,0,0.0) [migration/3] (root,0,0,0.0) [stopper/3] (root,0,0,0.0) [ksoftirqd/3] (root,0,0,0.0) [kthrotld/3] (root,0,0,0.0) [crypto/3] (root,0,0,0.0) [aio/3] (root,0,0,0.0) [md_misc/3] (root,0,0,0.0) [md/3] (root,0,0,0.0) [ata_sff/3] (root,0,0,0.0) [kblockd/3] (root,0,0,0.0) [kintegrityd/3] (root,0,0,0.0) [events_power_ef] (root,0,0,0.0) [events_long/3] (root,0,0,0.0) [events/3] (root,0,0,0.0) [events/3] (root,0,0,0.0) [watchdog/3] (root,0,0,0.0) [migration/2] (root,0,0,0.0) [stopper/2] (root,0,0,0.0) [ksoftirqd/2] (root,0,0,0.0) [kthrotld/2] (root,0,0,0.0) [crypto/2] (root,0,0,0.0) [aio/2] (root,0,0,0.0) [md_misc/2] (root,0,0,0.0) [md/2] (root,0,0,0.0) [ata_sff/2] (root,0,0,0.0) [kblockd/2] (root,0,0,0.0) [kintegrityd/2] (root,0,0,0.0) [events_power_ef] (root,0,0,0.0) [events_long/2] (root,0,0,0.0) [events/2] (root,0,0,0.0) [events/2] (root,0,0,0.0) [watchdog/2] (5008,213452,13740,0.0) /usr/bin/perl /usr/sbin/cbpolicyd (apache,474108,38108,0.6) /usr/sbin/httpd (apache,477104,41056,0.8) /usr/sbin/httpd
Found on 2023-01-02 10:33 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbd51b336f6083b8906ad374733d13f17a359e6dc3Found public CheckMk agent: Version: 1.2.4p1 AgentOS: linux PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local SpoolDirectory: /etc/check_mk/spool AgentDirectory: /etc/check_mk OnlyFrom: Found process list through CheckMk: (root,19232,1048,0.0) /sbin/init (root,0,0,0.0) [kthreadd] (root,0,0,0.0) [migration/0] (root,0,0,0.0) [ksoftirqd/0] (root,0,0,0.0) [stopper/0] (root,0,0,0.0) [watchdog/0] (root,0,0,0.0) [migration/1] (root,0,0,0.0) [stopper/1] (root,0,0,0.0) [ksoftirqd/1] (root,0,0,0.0) [watchdog/1] (root,0,0,0.0) [events/0] (root,0,0,0.0) [events/1] (root,0,0,0.0) [events/0] (root,0,0,0.0) [events/1] (root,0,0,0.0) [events_long/0] (root,0,0,0.0) [events_long/1] (root,0,0,0.0) [events_power_ef] (root,0,0,0.0) [events_power_ef] (root,0,0,0.0) [cgroup] (root,0,0,0.0) [khelper] (root,0,0,0.0) [netns] (root,0,0,0.0) [async/mgr] (root,0,0,0.0) [pm] (root,0,0,0.0) [sync_supers] (root,0,0,0.0) [bdi-default] (root,0,0,0.0) [kintegrityd/0] (root,0,0,0.0) [kintegrityd/1] (root,0,0,0.0) [kblockd/0] (root,0,0,0.0) [kblockd/1] (root,0,0,0.0) [kacpid] (root,0,0,0.0) [kacpi_notify] (root,0,0,0.0) [kacpi_hotplug] (root,0,0,0.0) [ata_aux] (root,0,0,0.0) [ata_sff/0] (root,0,0,0.0) [ata_sff/1] (root,0,0,0.0) [ksuspend_usbd] (root,0,0,0.0) [khubd] (root,0,0,0.0) [kseriod] (root,0,0,0.0) [md/0] (root,0,0,0.0) [md/1] (root,0,0,0.0) [md_misc/0] (root,0,0,0.0) [md_misc/1] (root,0,0,0.0) [linkwatch] (root,0,0,0.0) [khungtaskd] (root,0,0,0.0) [kswapd0] (root,0,0,0.0) [ksmd] (root,0,0,0.0) [khugepaged] (root,0,0,0.0) [aio/0] (root,0,0,0.0) [aio/1] (root,0,0,0.0) [crypto/0] (root,0,0,0.0) [crypto/1] (root,0,0,0.0) [kthrotld/0] (root,0,0,0.0) [kthrotld/1] (root,0,0,0.0) [pciehpd] (root,0,0,0.0) [kpsmoused] (root,0,0,0.0) [usbhid_resumer] (root,0,0,0.0) [deferwq] (root,0,0,0.0) [kdmremove] (root,0,0,0.0) [kstriped] (root,0,0,0.0) [scsi_eh_0] (root,0,0,0.0) [scsi_eh_1] (root,0,0,0.0) [scsi_eh_2] (root,0,0,0.0) [vmw_pvscsi_wq_2] (root,0,0,0.0) [kdmflush] (root,0,0,0.0) [kdmflush] (root,0,0,0.0) [jbd2/dm-0-8] (root,0,0,0.0) [ext4-dio-unwrit] (root,10900,264,0.0) /sbin/udevd -d (root,0,0,0.0) [vmmemctl] (postfix,81440,4952,0.0) smtp -n rotate1 -t unix -u -o syslog_name=postfix-rotate1 -o smtp_helo_name=smtp110.ext.armada.it -o smtp_bind_address=5.134.127.225 (root,0,0,0.0) [jbd2/sda1-8] (root,0,0,0.0) [ext4-dio-unwrit] (root,0,0,0.0) [kauditd] (5008,213448,13680,0.0) /usr/bin/perl /usr/sbin/cbpolicyd (root,0,0,0.0) [flush-253:0] (root,37200,420,0.0) /usr/local/sbin/keepalived -D (root,39304,1332,0.0) /usr/local/sbin/keepalived -D (root,39304,784,0.0) /usr/local/sbin/keepalived -D (root,93156,732,0.0) auditd (root,249856,5548,0.0) /sbin/rsyslogd -i /var/run/syslogd.pid -c 5 (rpc,19108,924,0.0) rpcbind (root,200180,1908,0.0) /usr/sbin/snmpd -LS0-6d -Lf /dev/null -p /var/run/snmpd.pid (root,66224,608,0.0) /usr/sbin/sshd (root,21716,744,0.0) xinetd -stayalive -pidfile /var/run/xinetd.pid (postfix,81444,4912,0.0) smtp -n rotate3 -t unix -u -o syslog_name=postfix-rotate3 -o smtp_helo_name=smtp112.ext.armada.it -o smtp_bind_address=5.134.127.227 (postfix,81440,4928,0.0) smtp -n rotate5 -t unix -u -o syslog_name=postfix-rotate5 -o smtp_helo_name=smtp114.ext.armada.it -o smtp_bind_address=5.134.127.229 (root,71216,1676,0.0) /usr/sbin/saslauthd -m /var/run/saslauthd -a pam (root,71216,1664,0.0) /usr/sbin/saslauthd -m /var/run/saslauthd -a pam (root,85816,1808,0.0) /usr/sbin/saslauthd -m /var/run/saslauthd -a pam (root,71216,1664,0.0) /usr/sbin/saslauthd -m /var/run/saslauthd -a pam (root,71216,1664,0.0) /usr/sbin/saslauthd -m /var/run/saslauthd -a pam (postfix,81508,5056,0.0) smtp -n rotate1 -t unix -u -o syslog_name=postfix-rotate1 -o smtp_helo_name=smtp110.ext.armada.it -o smtp_bind_address=5.134.127.225 (nagios,41464,744,0.0) nrpe -c /etc/nagios/nrpe.cfg -d (postfix,81448,4936,0.0) smtp -n rotate3 -t unix -u -o syslog_name=postfix-rotate3 -o smtp_helo_name=smtp112.ext.armada.it -o smtp_bind_address=5.134.127.227 (root,395768,18556,0.0) /usr/bin/vmtoolsd (root,31840,344,0.0) /usr/sbin/htcacheclean -d5 -n -i -p/var/cache/mod_proxy -l150M (root,116856,676,0.0) crond (root,216632,61956,0.1) splunkd -p 8089 start (root,62884,824,0.0) [splunkd pid=2622] splunkd -p 8089 start [process-runner] (root,198272,1040,0.0) /usr/bin/python -Es /usr/bin/fail2ban-server -s /var/run/fail2ban/fail2ban.sock -p /var/run/fail2ban/fail2ban.pid -x -b (root,251276,14756,0.1) /usr/bin/monitorix -c /etc/monitorix/monitorix.conf -p /var/run/monitorix.pid (root,4064,484,0.0) /sbin/mingetty /dev/tty1 (root,4064,484,0.0) /sbin/mingetty /dev/tty2 (root,4064,484,0.0) /sbin/mingetty /dev/tty3 (root,4064,484,0.0) /sbin/mingetty /dev/tty4 (root,4064,484,0.0) /sbin/mingetty /dev/tty5 (root,4064,484,0.0) /sbin/mingetty /dev/tty6 (postfix,81508,5032,0.0) smtp -n rotate3 -t unix -u -o syslog_name=postfix-rotate3 -o smtp_helo_name=smtp112.ext.armada.it -o smtp_bind_address=5.134.127.227 (nobody,217028,2076,0.0) monitorix-httpd listening on 8080 (postfix,80956,3384,0.0) showq -t unix -u (postfix,81176,3660,0.0) cleanup -z -t unix -u (postfix,81440,4908,0.0) smtp -n rotate4 -t unix -u -o syslog_name=postfix-rotate4 -o smtp_helo_name=smtp113.ext.armada.it -o smtp_bind_address=5.134.127.228 (postfix,81440,4916,0.0) smtp -n rotate2 -t unix -u -o syslog_name=postfix-rotate2 -o smtp_helo_name=smtp111.ext.armada.it -o smtp_bind_address=5.134.127.226 (postfix,81444,4900,0.0) smtp -n rotate2 -t unix -u -o syslog_name=postfix-rotate2 -o smtp_helo_name=smtp111.ext.armada.it -o smtp_bind_address=5.134.127.226 (postfix,81440,4904,0.0) smtp -n rotate2 -t unix -u -o syslog_name=postfix-rotate2 -o smtp_helo_name=smtp111.ext.armada.it -o smtp_bind_address=5.134.127.226 (5008,213448,13768,0.0) /usr/bin/perl /usr/sbin/cbpolicyd (postfix,97208,6664,0.0) smtpd -n smtp -t inet -u -o stress= -o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions=permit_sasl_authenticated,reject (postfix,81176,3660,0.1) cleanup -z -t unix -u (postfix,81176,3656,0.0) cleanup -z -t unix -u (5008,213448,13676,0.1) /usr/bin/perl /usr/sbin/cbpolicyd (5008,213580,13784,0.0) /usr/bin/perl /usr/sbin/cbpolicyd (root,10896,204,0.0) /sbin/udevd -d (root,10896,176,0.0) /sbin/udevd -d (5008,213452,13708,0.0) /usr/bin/perl /usr/sbin/cbpolicyd (postfix,97240,6740,0.2) smtpd -n 465 -t inet -u -o stress= -o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions=permit_sasl_authenticated,reject (postfix,97232,6740,0.4) smtpd -n 465 -t inet -u -o stress= -o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions=permit_sasl_authenticated,reject (postfix,81176,3656,0.0) cleanup -z -t unix -u (postfix,81444,4908,0.0) smtp -n rotate4 -t unix -u -o syslog_name=postfix-rotate4 -o smtp_helo_name=smtp113.ext.armada.it -o smtp_bind_address=5.134.127.228 (postfix,81440,4924,0.0) smtp -n rotate4 -t unix -u -o syslog_name=postfix-rotate4 -o smtp_helo_name=smtp113.ext.armada.it -o smtp_bind_address=5.134.127.228 (postfix,97236,6760,0.3) smtpd -n 465 -t inet -u -o stress= -o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions=permit_sasl_authenticated,reject (postfix,97228,6732,0.3) smtpd -n 465 -t inet -u -o stress= -o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions=permit_sasl_authenticated,reject (postfix,80960,3424,0.0) trivial-rewrite -n rewrite -t unix -u (postfix,80940,3320,0.0) spawn -z -n 127.0.0.1:2527 -t inet user=nobody argv=/etc/postfix/random.pl (nobody,35692,4624,0.0) /usr/bin/perl -w /etc/postfix/random.pl (postfix,81440,4904,0.0) smtp -n rotate5 -t unix -u -o syslog_name=postfix-rotate5 -o smtp_helo_name=smtp114.ext.armada.it -o smtp_bind_address=5.134.127.229 (postfix,97216,6608,0.0) smtpd -n smtp -t inet -u -o stress= -o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions=permit_sasl_authenticated,reject (5008,213448,13628,0.0) /usr/bin/perl /usr/sbin/cbpolicyd (postfix,81444,4904,0.0) smtp -n rotate1 -t unix -u -o syslog_name=postfix-rotate1 -o smtp_helo_name=smtp110.ext.armada.it -o smtp_bind_address=5.134.127.225 (postfix,97236,6644,0.2) smtpd -n 465 -t inet -u -o stress= -o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions=permit_sasl_authenticated,reject (root,67568,3164,0.0) sshd: [accepted] (sshd,67568,1404,0.0) sshd: [net] (opendkim,2143016,4872,0.1) /usr/sbin/opendkim -x /etc/opendkim.conf -P /var/run/opendkim/opendkim.pid (5008,213324,12028,0.0) /usr/bin/perl /usr/sbin/cbpolicyd (postfix,80988,3440,0.0) bounce -z -t unix -u (postfix,80940,3320,0.0) spawn -z -n 127.0.0.1:2527 -t inet user=nobody argv=/etc/postfix/random.pl (postfix,80960,3372,0.0) discard -z -n defer -t unix -u (root,101288,4300,0.4) sshd: root [priv] (sshd,67568,1632,0.0) sshd: root [net] (root,110232,1568,0.1) /bin/bash /usr/bin/check_mk_agent (root,110232,732,0.0) /bin/bash /usr/bin/check_mk_agent (root,110232,648,0.0) /bin/bash /usr/bin/check_mk_agent (root,830732,9060,1.1) python /usr/lib64/nagios/plugins/check_blacklist -w 1 -c 3 -h 5.134.127.110 (root,101288,4296,2.5) sshd: root [priv] (sshd,67568,1632,0.0) sshd: root [net] (root,67568,3160,0.0) sshd: [accepted] (sshd,67568,1400,0.0) sshd: [net] (root,110232,1532,0.0) /bin/bash /usr/bin/check_mk_agent (root,13368,1012,1.0) ps ax -o user,vsz,rss,pcpu,command --columns 10000 (root,8392,828,0.0) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4) / (root,108168,676,0.0) /bin/sh /usr/bin/mysqld_safe --datadir=/var/lib/mysql --socket=/var/lib/mysql/mysql.sock --pid-file=/var/run/mysqld/mysqld.pid --basedir=/usr --user=mysql (mysql,4554580,1863196,1.2) /usr/libexec/mysqld --basedir=/usr --datadir=/var/lib/mysql --user=mysql --log-error=/var/log/mysqld.log --pid-file=/var/run/mysqld/mysqld.pid --socket=/var/lib/mysql/mysql.sock (apache,470540,34392,0.5) /usr/sbin/httpd (apache,469156,32976,0.4) /usr/sbin/httpd (5008,213440,13732,0.0) /usr/bin/perl /usr/sbin/cbpolicyd (postfix,80952,3388,0.0) pickup -l -t fifo -u (root,357684,20580,0.0) /usr/sbin/httpd (apache,471672,35436,0.4) /usr/sbin/httpd (apache,474884,38648,0.6) /usr/sbin/httpd (5008,182364,9216,0.0) /usr/bin/perl /usr/sbin/cbpolicyd (5008,213452,13716,0.0) /usr/bin/perl /usr/sbin/cbpolicyd (root,80996,2376,0.0) /usr/libexec/postfix/master (postfix,83016,4096,0.0) qmgr -l -t fifo -u (postfix,82044,3592,0.0) tlsmgr -l -t unix -u (postfix,81668,2572,0.0) anvil -l -t unix -u (apache,472624,36524,0.5) /usr/sbin/httpd (root,0,0,0.0) [migration/3] (root,0,0,0.0) [stopper/3] (root,0,0,0.0) [ksoftirqd/3] (root,0,0,0.0) [kthrotld/3] (root,0,0,0.0) [crypto/3] (root,0,0,0.0) [aio/3] (root,0,0,0.0) [md_misc/3] (root,0,0,0.0) [md/3] (root,0,0,0.0) [ata_sff/3] (root,0,0,0.0) [kblockd/3] (root,0,0,0.0) [kintegrityd/3] (root,0,0,0.0) [events_power_ef] (root,0,0,0.0) [events_long/3] (root,0,0,0.0) [events/3] (root,0,0,0.0) [events/3] (root,0,0,0.0) [watchdog/3] (root,0,0,0.0) [migration/2] (root,0,0,0.0) [stopper/2] (root,0,0,0.0) [ksoftirqd/2] (root,0,0,0.0) [kthrotld/2] (root,0,0,0.0) [crypto/2] (root,0,0,0.0) [aio/2] (root,0,0,0.0) [md_misc/2] (root,0,0,0.0) [md/2] (root,0,0,0.0) [ata_sff/2] (root,0,0,0.0) [kblockd/2] (root,0,0,0.0) [kintegrityd/2] (root,0,0,0.0) [events_power_ef] (root,0,0,0.0) [events_long/2] (root,0,0,0.0) [events/2] (root,0,0,0.0) [events/2] (root,0,0,0.0) [watchdog/2] (5008,213448,13772,0.0) /usr/bin/perl /usr/sbin/cbpolicyd (5008,213448,13692,0.0) /usr/bin/perl /usr/sbin/cbpolicyd (5008,213596,13792,0.0) /usr/bin/perl /usr/sbin/cbpolicyd (postfix,97208,6716,0.0) smtpd -n smtp -t inet -u -o stress= -o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions=permit_sasl_authenticated,reject
Found on 2022-12-13 09:21 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbd51b336f6083b8906ad374733d13f17a3f7f1c72Found public CheckMk agent: Version: 1.2.4p1 AgentOS: linux PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local SpoolDirectory: /etc/check_mk/spool AgentDirectory: /etc/check_mk OnlyFrom: Found process list through CheckMk: (root,19232,1048,0.0) /sbin/init (root,0,0,0.0) [kthreadd] (root,0,0,0.0) [migration/0] (root,0,0,0.0) [ksoftirqd/0] (root,0,0,0.0) [stopper/0] (root,0,0,0.0) [watchdog/0] (root,0,0,0.0) [migration/1] (root,0,0,0.0) [stopper/1] (root,0,0,0.0) [ksoftirqd/1] (root,0,0,0.0) [watchdog/1] (root,0,0,0.0) [events/0] (root,0,0,0.0) [events/1] (root,0,0,0.0) [events/0] (root,0,0,0.0) [events/1] (root,0,0,0.0) [events_long/0] (root,0,0,0.0) [events_long/1] (root,0,0,0.0) [events_power_ef] (root,0,0,0.0) [events_power_ef] (root,0,0,0.0) [cgroup] (root,0,0,0.0) [khelper] (root,0,0,0.0) [netns] (root,0,0,0.0) [async/mgr] (root,0,0,0.0) [pm] (root,0,0,0.0) [sync_supers] (root,0,0,0.0) [bdi-default] (root,0,0,0.0) [kintegrityd/0] (root,0,0,0.0) [kintegrityd/1] (root,0,0,0.0) [kblockd/0] (root,0,0,0.0) [kblockd/1] (root,0,0,0.0) [kacpid] (root,0,0,0.0) [kacpi_notify] (root,0,0,0.0) [kacpi_hotplug] (root,0,0,0.0) [ata_aux] (root,0,0,0.0) [ata_sff/0] (root,0,0,0.0) [ata_sff/1] (root,0,0,0.0) [ksuspend_usbd] (root,0,0,0.0) [khubd] (root,0,0,0.0) [kseriod] (root,0,0,0.0) [md/0] (root,0,0,0.0) [md/1] (root,0,0,0.0) [md_misc/0] (root,0,0,0.0) [md_misc/1] (root,0,0,0.0) [linkwatch] (root,0,0,0.0) [khungtaskd] (root,0,0,0.0) [kswapd0] (root,0,0,0.0) [ksmd] (root,0,0,0.0) [khugepaged] (root,0,0,0.0) [aio/0] (root,0,0,0.0) [aio/1] (root,0,0,0.0) [crypto/0] (root,0,0,0.0) [crypto/1] (root,0,0,0.0) [kthrotld/0] (root,0,0,0.0) [kthrotld/1] (root,0,0,0.0) [pciehpd] (root,0,0,0.0) [kpsmoused] (root,0,0,0.0) [usbhid_resumer] (root,0,0,0.0) [deferwq] (root,0,0,0.0) [kdmremove] (root,0,0,0.0) [kstriped] (root,0,0,0.0) [scsi_eh_0] (root,0,0,0.0) [scsi_eh_1] (5008,213448,13632,0.0) /usr/bin/perl /usr/sbin/cbpolicyd (root,0,0,0.0) [scsi_eh_2] (root,0,0,0.0) [vmw_pvscsi_wq_2] (root,0,0,0.0) [kdmflush] (root,0,0,0.0) [kdmflush] (root,0,0,0.0) [jbd2/dm-0-8] (root,0,0,0.0) [ext4-dio-unwrit] (root,10900,264,0.0) /sbin/udevd -d (postfix,80956,3340,0.0) showq -t unix -u (postfix,81440,4888,0.0) smtp -n rotate3 -t unix -u -o syslog_name=postfix-rotate3 -o smtp_helo_name=smtp112.ext.armada.it -o smtp_bind_address=5.134.127.227 (root,0,0,0.0) [vmmemctl] (postfix,81440,4892,0.0) smtp -n rotate5 -t unix -u -o syslog_name=postfix-rotate5 -o smtp_helo_name=smtp114.ext.armada.it -o smtp_bind_address=5.134.127.229 (postfix,81440,4892,0.0) smtp -n rotate2 -t unix -u -o syslog_name=postfix-rotate2 -o smtp_helo_name=smtp111.ext.armada.it -o smtp_bind_address=5.134.127.226 (postfix,81440,4888,0.0) smtp -n rotate1 -t unix -u -o syslog_name=postfix-rotate1 -o smtp_helo_name=smtp110.ext.armada.it -o smtp_bind_address=5.134.127.225 (postfix,81440,4888,0.0) smtp -n rotate1 -t unix -u -o syslog_name=postfix-rotate1 -o smtp_helo_name=smtp110.ext.armada.it -o smtp_bind_address=5.134.127.225 (postfix,97232,6668,0.4) smtpd -n 465 -t inet -u -o stress= -o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions=permit_sasl_authenticated,reject (postfix,81440,4888,0.0) smtp -n rotate4 -t unix -u -o syslog_name=postfix-rotate4 -o smtp_helo_name=smtp113.ext.armada.it -o smtp_bind_address=5.134.127.228 (postfix,81440,4880,0.0) smtp -n rotate2 -t unix -u -o syslog_name=postfix-rotate2 -o smtp_helo_name=smtp111.ext.armada.it -o smtp_bind_address=5.134.127.226 (root,0,0,0.0) [jbd2/sda1-8] (root,0,0,0.0) [ext4-dio-unwrit] (postfix,81440,4876,0.0) smtp -n rotate2 -t unix -u -o syslog_name=postfix-rotate2 -o smtp_helo_name=smtp111.ext.armada.it -o smtp_bind_address=5.134.127.226 (5008,213324,12188,0.0) /usr/bin/perl /usr/sbin/cbpolicyd (root,0,0,0.0) [kauditd] (root,0,0,0.0) [flush-253:0] (postfix,80960,3380,0.0) trivial-rewrite -n rewrite -t unix -u (nobody,35692,4624,0.0) /usr/bin/perl -w /etc/postfix/random.pl (postfix,81440,4880,0.0) smtp -n rotate5 -t unix -u -o syslog_name=postfix-rotate5 -o smtp_helo_name=smtp114.ext.armada.it -o smtp_bind_address=5.134.127.229 (5008,213324,12000,0.0) /usr/bin/perl /usr/sbin/cbpolicyd (root,37200,420,0.0) /usr/local/sbin/keepalived -D (root,39304,1332,0.0) /usr/local/sbin/keepalived -D (root,39304,784,0.0) /usr/local/sbin/keepalived -D (postfix,81440,4884,0.0) smtp -n rotate4 -t unix -u -o syslog_name=postfix-rotate4 -o smtp_helo_name=smtp113.ext.armada.it -o smtp_bind_address=5.134.127.228 (postfix,81440,4880,0.0) smtp -n rotate4 -t unix -u -o syslog_name=postfix-rotate4 -o smtp_helo_name=smtp113.ext.armada.it -o smtp_bind_address=5.134.127.228 (root,110232,1568,0.1) /bin/bash /usr/bin/check_mk_agent (root,110232,732,0.0) /bin/bash /usr/bin/check_mk_agent (root,110232,648,0.0) /bin/bash /usr/bin/check_mk_agent (root,830732,11088,1.2) python /usr/lib64/nagios/plugins/check_blacklist -w 1 -c 3 -h 5.134.127.110 (root,67568,3244,0.0) sshd: [accepted] (sshd,67568,1572,0.0) sshd: [net] (root,67568,3204,0.0) sshd: [accepted] (sshd,67568,1444,0.0) sshd: [net] (root,110232,1536,0.0) /bin/bash /usr/bin/check_mk_agent (root,13368,1012,0.0) ps ax -o user,vsz,rss,pcpu,command --columns 10000 (root,8392,832,0.0) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4) / (root,93156,732,0.0) auditd (root,249856,5612,0.0) /sbin/rsyslogd -i /var/run/syslogd.pid -c 5 (rpc,19108,884,0.0) rpcbind (root,200180,1904,0.0) /usr/sbin/snmpd -LS0-6d -Lf /dev/null -p /var/run/snmpd.pid (root,66224,608,0.0) /usr/sbin/sshd (root,21716,744,0.0) xinetd -stayalive -pidfile /var/run/xinetd.pid (root,71216,1676,0.0) /usr/sbin/saslauthd -m /var/run/saslauthd -a pam (root,71216,1664,0.0) /usr/sbin/saslauthd -m /var/run/saslauthd -a pam (root,71216,1664,0.0) /usr/sbin/saslauthd -m /var/run/saslauthd -a pam (root,71216,1664,0.0) /usr/sbin/saslauthd -m /var/run/saslauthd -a pam (root,71216,1664,0.0) /usr/sbin/saslauthd -m /var/run/saslauthd -a pam (nagios,41464,744,0.0) nrpe -c /etc/nagios/nrpe.cfg -d (root,392048,14740,0.0) /usr/bin/vmtoolsd (root,31840,344,0.0) /usr/sbin/htcacheclean -d5 -n -i -p/var/cache/mod_proxy -l150M (root,116856,676,0.0) crond (root,214584,60016,0.1) splunkd -p 8089 start (root,62884,824,0.0) [splunkd pid=2622] splunkd -p 8089 start [process-runner] (root,198272,1040,0.0) /usr/bin/python -Es /usr/bin/fail2ban-server -s /var/run/fail2ban/fail2ban.sock -p /var/run/fail2ban/fail2ban.pid -x -b (root,251276,14752,0.1) /usr/bin/monitorix -c /etc/monitorix/monitorix.conf -p /var/run/monitorix.pid (root,4064,484,0.0) /sbin/mingetty /dev/tty1 (root,4064,484,0.0) /sbin/mingetty /dev/tty2 (root,4064,484,0.0) /sbin/mingetty /dev/tty3 (root,4064,484,0.0) /sbin/mingetty /dev/tty4 (root,4064,484,0.0) /sbin/mingetty /dev/tty5 (root,4064,484,0.0) /sbin/mingetty /dev/tty6 (nobody,217028,2076,0.0) monitorix-httpd listening on 8080 (root,10896,204,0.0) /sbin/udevd -d (root,10896,176,0.0) /sbin/udevd -d (apache,468712,32436,0.2) /usr/sbin/httpd (apache,469240,32928,0.2) /usr/sbin/httpd (opendkim,2132772,4700,0.1) /usr/sbin/opendkim -x /etc/opendkim.conf -P /var/run/opendkim/opendkim.pid (5008,213452,13728,0.0) /usr/bin/perl /usr/sbin/cbpolicyd (root,108168,676,0.0) /bin/sh /usr/bin/mysqld_safe --datadir=/var/lib/mysql --socket=/var/lib/mysql/mysql.sock --pid-file=/var/run/mysqld/mysqld.pid --basedir=/usr --user=mysql (5008,213448,13744,0.0) /usr/bin/perl /usr/sbin/cbpolicyd (mysql,4554580,1777108,1.2) /usr/libexec/mysqld --basedir=/usr --datadir=/var/lib/mysql --user=mysql --log-error=/var/log/mysqld.log --pid-file=/var/run/mysqld/mysqld.pid --socket=/var/lib/mysql/mysql.sock (apache,468788,32420,0.2) /usr/sbin/httpd (apache,468992,32676,0.2) /usr/sbin/httpd (apache,468144,31868,0.2) /usr/sbin/httpd (5008,213440,13640,0.0) /usr/bin/perl /usr/sbin/cbpolicyd (root,355844,18740,0.0) /usr/sbin/httpd (5008,182364,9184,0.0) /usr/bin/perl /usr/sbin/cbpolicyd (root,80996,2376,0.0) /usr/libexec/postfix/master (postfix,83016,3964,0.0) qmgr -l -t fifo -u (postfix,82044,3476,0.0) tlsmgr -l -t unix -u (postfix,81668,2432,0.0) anvil -l -t unix -u (root,0,0,0.0) [migration/3] (root,0,0,0.0) [stopper/3] (root,0,0,0.0) [ksoftirqd/3] (root,0,0,0.0) [kthrotld/3] (root,0,0,0.0) [crypto/3] (root,0,0,0.0) [aio/3] (root,0,0,0.0) [md_misc/3] (root,0,0,0.0) [md/3] (root,0,0,0.0) [ata_sff/3] (root,0,0,0.0) [kblockd/3] (root,0,0,0.0) [kintegrityd/3] (root,0,0,0.0) [events_power_ef] (root,0,0,0.0) [events_long/3] (root,0,0,0.0) [events/3] (root,0,0,0.0) [events/3] (root,0,0,0.0) [watchdog/3] (root,0,0,0.0) [migration/2] (root,0,0,0.0) [stopper/2] (root,0,0,0.0) [ksoftirqd/2] (root,0,0,0.0) [kthrotld/2] (root,0,0,0.0) [crypto/2] (root,0,0,0.0) [aio/2] (root,0,0,0.0) [md_misc/2] (root,0,0,0.0) [md/2] (root,0,0,0.0) [ata_sff/2] (root,0,0,0.0) [kblockd/2] (root,0,0,0.0) [kintegrityd/2] (root,0,0,0.0) [events_power_ef] (root,0,0,0.0) [events_long/2] (root,0,0,0.0) [events/2] (root,0,0,0.0) [events/2] (root,0,0,0.0) [watchdog/2] (postfix,80952,3324,0.0) pickup -l -t fifo -u (postfix,97228,6676,0.0) smtpd -n 465 -t inet -u -o stress= -o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions=permit_sasl_authenticated,reject (postfix,97212,6660,0.0) smtpd -n smtp -t inet -u -o stress= -o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions=permit_sasl_authenticated,reject (postfix,80940,3320,0.0) spawn -z -n 127.0.0.1:2527 -t inet user=nobody argv=/etc/postfix/random.pl (postfix,81176,3652,0.0) cleanup -z -t unix -u (5008,213448,13664,0.0) /usr/bin/perl /usr/sbin/cbpolicyd
Found on 2022-11-24 07:30 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbd51b336f6083b8906ad374733d13f17ab0b73963Found public CheckMk agent: Version: 1.2.4p1 AgentOS: linux PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local SpoolDirectory: /etc/check_mk/spool AgentDirectory: /etc/check_mk OnlyFrom: Found process list through CheckMk: (root,19232,1048,0.0) /sbin/init (root,0,0,0.0) [kthreadd] (root,0,0,0.0) [migration/0] (root,0,0,0.0) [ksoftirqd/0] (root,0,0,0.0) [stopper/0] (root,0,0,0.0) [watchdog/0] (root,0,0,0.0) [migration/1] (root,0,0,0.0) [stopper/1] (root,0,0,0.0) [ksoftirqd/1] (root,0,0,0.0) [watchdog/1] (root,0,0,0.0) [events/0] (root,0,0,0.0) [events/1] (root,0,0,0.0) [events/0] (root,0,0,0.0) [events/1] (root,0,0,0.0) [events_long/0] (root,0,0,0.0) [events_long/1] (root,0,0,0.0) [events_power_ef] (root,0,0,0.0) [events_power_ef] (root,0,0,0.0) [cgroup] (root,0,0,0.0) [khelper] (root,0,0,0.0) [netns] (root,0,0,0.0) [async/mgr] (root,0,0,0.0) [pm] (root,0,0,0.0) [sync_supers] (root,0,0,0.0) [bdi-default] (root,0,0,0.0) [kintegrityd/0] (root,0,0,0.0) [kintegrityd/1] (root,0,0,0.0) [kblockd/0] (root,0,0,0.0) [kblockd/1] (root,0,0,0.0) [kacpid] (root,0,0,0.0) [kacpi_notify] (root,0,0,0.0) [kacpi_hotplug] (root,0,0,0.0) [ata_aux] (root,0,0,0.0) [ata_sff/0] (root,0,0,0.0) [ata_sff/1] (root,0,0,0.0) [ksuspend_usbd] (root,0,0,0.0) [khubd] (root,0,0,0.0) [kseriod] (root,0,0,0.0) [md/0] (root,0,0,0.0) [md/1] (root,0,0,0.0) [md_misc/0] (root,0,0,0.0) [md_misc/1] (root,0,0,0.0) [linkwatch] (root,0,0,0.0) [khungtaskd] (root,0,0,0.0) [kswapd0] (root,0,0,0.0) [ksmd] (root,0,0,0.0) [khugepaged] (root,0,0,0.0) [aio/0] (root,0,0,0.0) [aio/1] (root,0,0,0.0) [crypto/0] (root,0,0,0.0) [crypto/1] (root,0,0,0.0) [kthrotld/0] (root,0,0,0.0) [kthrotld/1] (root,0,0,0.0) [pciehpd] (root,0,0,0.0) [kpsmoused] (root,0,0,0.0) [usbhid_resumer] (root,0,0,0.0) [deferwq] (root,0,0,0.0) [kdmremove] (root,0,0,0.0) [kstriped] (root,0,0,0.0) [scsi_eh_0] (root,0,0,0.0) [scsi_eh_1] (root,0,0,0.0) [scsi_eh_2] (root,0,0,0.0) [vmw_pvscsi_wq_2] (root,0,0,0.0) [kdmflush] (root,0,0,0.0) [kdmflush] (root,0,0,0.0) [jbd2/dm-0-8] (root,0,0,0.0) [ext4-dio-unwrit] (root,10900,264,0.0) /sbin/udevd -d (root,0,0,0.0) [vmmemctl] (root,0,0,0.0) [jbd2/sda1-8] (root,0,0,0.0) [ext4-dio-unwrit] (root,0,0,0.0) [kauditd] (root,0,0,0.0) [flush-253:0] (root,37200,420,0.0) /usr/local/sbin/keepalived -D (root,39304,1332,0.0) /usr/local/sbin/keepalived -D (root,39304,784,0.0) /usr/local/sbin/keepalived -D (root,93156,732,0.0) auditd (root,249856,5612,0.0) /sbin/rsyslogd -i /var/run/syslogd.pid -c 5 (rpc,19108,884,0.0) rpcbind (root,200180,1904,0.0) /usr/sbin/snmpd -LS0-6d -Lf /dev/null -p /var/run/snmpd.pid (root,66224,608,0.0) /usr/sbin/sshd (root,21716,744,0.0) xinetd -stayalive -pidfile /var/run/xinetd.pid (root,71216,1676,0.0) /usr/sbin/saslauthd -m /var/run/saslauthd -a pam (root,71216,1664,0.0) /usr/sbin/saslauthd -m /var/run/saslauthd -a pam (root,71216,1664,0.0) /usr/sbin/saslauthd -m /var/run/saslauthd -a pam (root,71216,1664,0.0) /usr/sbin/saslauthd -m /var/run/saslauthd -a pam (root,71216,1664,0.0) /usr/sbin/saslauthd -m /var/run/saslauthd -a pam (5008,213452,13688,0.0) /usr/bin/perl /usr/sbin/cbpolicyd (nagios,41464,744,0.0) nrpe -c /etc/nagios/nrpe.cfg -d (root,391676,14352,0.0) /usr/bin/vmtoolsd (root,31840,344,0.0) /usr/sbin/htcacheclean -d5 -n -i -p/var/cache/mod_proxy -l150M (root,116856,676,0.0) crond (root,214584,60016,0.1) splunkd -p 8089 start (root,62884,824,0.0) [splunkd pid=2622] splunkd -p 8089 start [process-runner] (root,198272,1040,0.0) /usr/bin/python -Es /usr/bin/fail2ban-server -s /var/run/fail2ban/fail2ban.sock -p /var/run/fail2ban/fail2ban.pid -x -b (root,251276,14752,0.1) /usr/bin/monitorix -c /etc/monitorix/monitorix.conf -p /var/run/monitorix.pid (root,4064,484,0.0) /sbin/mingetty /dev/tty1 (root,4064,484,0.0) /sbin/mingetty /dev/tty2 (root,4064,484,0.0) /sbin/mingetty /dev/tty3 (root,4064,484,0.0) /sbin/mingetty /dev/tty4 (root,4064,484,0.0) /sbin/mingetty /dev/tty5 (root,4064,484,0.0) /sbin/mingetty /dev/tty6 (nobody,217028,2076,0.0) monitorix-httpd listening on 8080 (root,10896,204,0.0) /sbin/udevd -d (root,10896,176,0.0) /sbin/udevd -d (5008,213448,13680,0.0) /usr/bin/perl /usr/sbin/cbpolicyd (postfix,81440,4940,0.0) smtp -n rotate1 -t unix -u -o syslog_name=postfix-rotate1 -o smtp_helo_name=smtp110.ext.armada.it -o smtp_bind_address=5.134.127.225 (postfix,81508,5060,0.0) smtp -n rotate5 -t unix -u -o syslog_name=postfix-rotate5 -o smtp_helo_name=smtp114.ext.armada.it -o smtp_bind_address=5.134.127.229 (postfix,81512,5052,0.0) smtp -n rotate2 -t unix -u -o syslog_name=postfix-rotate2 -o smtp_helo_name=smtp111.ext.armada.it -o smtp_bind_address=5.134.127.226 (opendkim,2132772,4700,0.1) /usr/sbin/opendkim -x /etc/opendkim.conf -P /var/run/opendkim/opendkim.pid (postfix,81512,5060,0.0) smtp -n rotate4 -t unix -u -o syslog_name=postfix-rotate4 -o smtp_helo_name=smtp113.ext.armada.it -o smtp_bind_address=5.134.127.228 (postfix,81440,4940,0.0) smtp -n rotate3 -t unix -u -o syslog_name=postfix-rotate3 -o smtp_helo_name=smtp112.ext.armada.it -o smtp_bind_address=5.134.127.227 (postfix,81504,5044,0.0) smtp -n rotate5 -t unix -u -o syslog_name=postfix-rotate5 -o smtp_helo_name=smtp114.ext.armada.it -o smtp_bind_address=5.134.127.229 (postfix,81440,4936,0.0) smtp -n rotate2 -t unix -u -o syslog_name=postfix-rotate2 -o smtp_helo_name=smtp111.ext.armada.it -o smtp_bind_address=5.134.127.226 (postfix,80960,3432,0.0) trivial-rewrite -n rewrite -t unix -u (nobody,35692,4624,0.0) /usr/bin/perl -w /etc/postfix/random.pl (postfix,81440,4928,0.0) smtp -n rotate3 -t unix -u -o syslog_name=postfix-rotate3 -o smtp_helo_name=smtp112.ext.armada.it -o smtp_bind_address=5.134.127.227 (postfix,81512,5060,0.0) smtp -n rotate1 -t unix -u -o syslog_name=postfix-rotate1 -o smtp_helo_name=smtp110.ext.armada.it -o smtp_bind_address=5.134.127.225 (postfix,81440,4940,0.0) smtp -n rotate1 -t unix -u -o syslog_name=postfix-rotate1 -o smtp_helo_name=smtp110.ext.armada.it -o smtp_bind_address=5.134.127.225 (postfix,81440,4932,0.0) smtp -n rotate4 -t unix -u -o syslog_name=postfix-rotate4 -o smtp_helo_name=smtp113.ext.armada.it -o smtp_bind_address=5.134.127.228 (postfix,81448,4948,0.0) smtp -n rotate2 -t unix -u -o syslog_name=postfix-rotate2 -o smtp_helo_name=smtp111.ext.armada.it -o smtp_bind_address=5.134.127.226 (postfix,81512,5064,0.0) smtp -n rotate1 -t unix -u -o syslog_name=postfix-rotate1 -o smtp_helo_name=smtp110.ext.armada.it -o smtp_bind_address=5.134.127.225 (postfix,81444,4940,0.0) smtp -n rotate4 -t unix -u -o syslog_name=postfix-rotate4 -o smtp_helo_name=smtp113.ext.armada.it -o smtp_bind_address=5.134.127.228 (postfix,81516,5056,0.0) smtp -n rotate4 -t unix -u -o syslog_name=postfix-rotate4 -o smtp_helo_name=smtp113.ext.armada.it -o smtp_bind_address=5.134.127.228 (postfix,81508,5048,0.0) smtp -n rotate3 -t unix -u -o syslog_name=postfix-rotate3 -o smtp_helo_name=smtp112.ext.armada.it -o smtp_bind_address=5.134.127.227 (postfix,81512,5052,0.0) smtp -n rotate3 -t unix -u -o syslog_name=postfix-rotate3 -o smtp_helo_name=smtp112.ext.armada.it -o smtp_bind_address=5.134.127.227 (postfix,81512,5064,0.0) smtp -n rotate2 -t unix -u -o syslog_name=postfix-rotate2 -o smtp_helo_name=smtp111.ext.armada.it -o smtp_bind_address=5.134.127.226 (postfix,81440,4932,0.0) smtp -n rotate5 -t unix -u -o syslog_name=postfix-rotate5 -o smtp_helo_name=smtp114.ext.armada.it -o smtp_bind_address=5.134.127.229 (postfix,81504,5032,0.0) smtp -n rotate5 -t unix -u -o syslog_name=postfix-rotate5 -o smtp_helo_name=smtp114.ext.armada.it -o smtp_bind_address=5.134.127.229 (apache,470612,34576,0.4) /usr/sbin/httpd (apache,473708,37540,0.5) /usr/sbin/httpd (root,108168,676,0.0) /bin/sh /usr/bin/mysqld_safe --datadir=/var/lib/mysql --socket=/var/lib/mysql/mysql.sock --pid-file=/var/run/mysqld/mysqld.pid --basedir=/usr --user=mysql (5008,213448,13720,0.0) /usr/bin/perl /usr/sbin/cbpolicyd (mysql,4554580,1768572,1.2) /usr/libexec/mysqld --basedir=/usr --datadir=/var/lib/mysql --user=mysql --log-error=/var/log/mysqld.log --pid-file=/var/run/mysqld/mysqld.pid --socket=/var/lib/mysql/mysql.sock (postfix,81440,4944,0.0) smtp -n rotate2 -t unix -u -o syslog_name=postfix-rotate2 -o smtp_helo_name=smtp111.ext.armada.it -o smtp_bind_address=5.134.127.226 (postfix,97208,6712,0.0) smtpd -n smtp -t inet -u -o stress= -o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions=permit_sasl_authenticated,reject (5008,213440,13692,0.0) /usr/bin/perl /usr/sbin/cbpolicyd (5008,213448,13688,0.0) /usr/bin/perl /usr/sbin/cbpolicyd (postfix,81444,4920,0.0) smtp -n rotate3 -t unix -u -o syslog_name=postfix-rotate3 -o smtp_helo_name=smtp112.ext.armada.it -o smtp_bind_address=5.134.127.227 (5008,213452,13652,0.0) /usr/bin/perl /usr/sbin/cbpolicyd (postfix,97236,6964,0.2) smtpd -n 465 -t inet -u -o stress= -o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions=permit_sasl_authenticated,reject (apache,471492,35300,0.4) /usr/sbin/httpd (postfix,97052,6348,0.0) smtpd -n smtp -t inet -u -o stress= -o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions=permit_sasl_authenticated,reject (postfix,80952,3332,0.0) pickup -l -t fifo -u (postfix,81176,3656,0.0) cleanup -z -t unix -u (postfix,81176,3660,0.0) cleanup -z -t unix -u (postfix,80960,3372,0.0) discard -z -n defer -t unix -u (5008,213324,12412,0.0) /usr/bin/perl /usr/sbin/cbpolicyd (postfix,97236,6916,0.2) smtpd -n 465 -t inet -u -o stress= -o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions=permit_sasl_authenticated,reject (postfix,97236,6952,0.2) smtpd -n 465 -t inet -u -o stress= -o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions=permit_sasl_authenticated,reject (postfix,97240,6712,0.2) smtpd -n 465 -t inet -u -o stress= -o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions=permit_sasl_authenticated,reject (postfix,97232,6668,0.2) smtpd -n 465 -t inet -u -o stress= -o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions=permit_sasl_authenticated,reject (5008,213448,13596,0.0) /usr/bin/perl /usr/sbin/cbpolicyd (postfix,97200,6684,0.0) smtpd -n submission -t inet -u -o stress= -o smtpd_tls_security_level=encrypt -o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions=permit_sasl_authenticated,reject (5008,213324,12184,0.0) /usr/bin/perl /usr/sbin/cbpolicyd (postfix,80988,3440,0.0) bounce -z -t unix -u (5008,213324,11996,0.0) /usr/bin/perl /usr/sbin/cbpolicyd (root,110232,1564,0.1) /bin/bash /usr/bin/check_mk_agent (root,98636,3776,0.0) sshd: unknown [priv] (root,110232,728,0.0) /bin/bash /usr/bin/check_mk_agent (root,110232,644,0.0) /bin/bash /usr/bin/check_mk_agent (root,830732,9060,1.0) python /usr/lib64/nagios/plugins/check_blacklist -w 1 -c 3 -h 5.134.127.110 (root,67568,3240,0.0) sshd: [accepted] (sshd,67568,1560,0.0) sshd: [net] (sshd,67568,1752,0.0) sshd: unknown [net] (root,67568,3164,0.0) sshd: [accepted] (sshd,67568,1408,0.0) sshd: [net] (root,110232,1536,0.0) /bin/bash /usr/bin/check_mk_agent (root,13364,1012,1.0) ps ax -o user,vsz,rss,pcpu,command --columns 10000 (root,8392,828,0.0) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4) / (5008,213452,13728,0.0) /usr/bin/perl /usr/sbin/cbpolicyd (5008,213452,13748,0.0) /usr/bin/perl /usr/sbin/cbpolicyd (5008,213452,13716,0.0) /usr/bin/perl /usr/sbin/cbpolicyd (root,355648,18544,0.0) /usr/sbin/httpd (5008,182364,9180,0.0) /usr/bin/perl /usr/sbin/cbpolicyd (root,80996,2376,0.0) /usr/libexec/postfix/master (postfix,83016,3964,0.0) qmgr -l -t fifo -u (postfix,82044,3476,0.0) tlsmgr -l -t unix -u (postfix,81668,2432,0.0) anvil -l -t unix -u (root,0,0,0.0) [migration/3] (root,0,0,0.0) [stopper/3] (root,0,0,0.0) [ksoftirqd/3] (root,0,0,0.0) [kthrotld/3] (root,0,0,0.0) [crypto/3] (root,0,0,0.0) [aio/3] (root,0,0,0.0) [md_misc/3] (root,0,0,0.0) [md/3] (root,0,0,0.0) [ata_sff/3] (root,0,0,0.0) [kblockd/3] (root,0,0,0.0) [kintegrityd/3] (root,0,0,0.0) [events_power_ef] (root,0,0,0.0) [events_long/3] (root,0,0,0.0) [events/3] (root,0,0,0.0) [events/3] (root,0,0,0.0) [watchdog/3] (root,0,0,0.0) [migration/2] (root,0,0,0.0) [stopper/2] (root,0,0,0.0) [ksoftirqd/2] (root,0,0,0.0) [kthrotld/2] (root,0,0,0.0) [crypto/2] (root,0,0,0.0) [aio/2] (root,0,0,0.0) [md_misc/2] (root,0,0,0.0) [md/2] (root,0,0,0.0) [ata_sff/2] (root,0,0,0.0) [kblockd/2] (root,0,0,0.0) [kintegrityd/2] (root,0,0,0.0) [events_power_ef] (root,0,0,0.0) [events_long/2] (root,0,0,0.0) [events/2] (root,0,0,0.0) [events/2] (root,0,0,0.0) [watchdog/2] (postfix,80940,3320,0.0) spawn -z -n 127.0.0.1:2527 -t inet user=nobody argv=/etc/postfix/random.pl (postfix,80956,3376,0.0) showq -t unix -u
Found on 2022-11-22 08:21 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbd51b336f6083b8906ad374733d13f17accbc1e54Found public CheckMk agent: Version: 1.2.4p1 AgentOS: linux PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local SpoolDirectory: /etc/check_mk/spool AgentDirectory: /etc/check_mk OnlyFrom: Found process list through CheckMk: (root,19232,1048,0.0) /sbin/init (root,0,0,0.0) [kthreadd] (root,0,0,0.0) [migration/0] (root,0,0,0.0) [ksoftirqd/0] (root,0,0,0.0) [stopper/0] (root,0,0,0.0) [watchdog/0] (root,0,0,0.0) [migration/1] (root,0,0,0.0) [stopper/1] (root,0,0,0.0) [ksoftirqd/1] (root,0,0,0.0) [watchdog/1] (root,0,0,0.0) [events/0] (root,0,0,0.0) [events/1] (root,0,0,0.0) [events/0] (root,0,0,0.0) [events/1] (root,0,0,0.0) [events_long/0] (root,0,0,0.0) [events_long/1] (root,0,0,0.0) [events_power_ef] (root,0,0,0.0) [events_power_ef] (root,0,0,0.0) [cgroup] (root,0,0,0.0) [khelper] (root,0,0,0.0) [netns] (root,0,0,0.0) [async/mgr] (root,0,0,0.0) [pm] (root,0,0,0.0) [sync_supers] (root,0,0,0.0) [bdi-default] (root,0,0,0.0) [kintegrityd/0] (root,0,0,0.0) [kintegrityd/1] (root,0,0,0.0) [kblockd/0] (root,0,0,0.0) [kblockd/1] (root,0,0,0.0) [kacpid] (root,0,0,0.0) [kacpi_notify] (root,0,0,0.0) [kacpi_hotplug] (root,0,0,0.0) [ata_aux] (root,0,0,0.0) [ata_sff/0] (root,0,0,0.0) [ata_sff/1] (root,0,0,0.0) [ksuspend_usbd] (root,0,0,0.0) [khubd] (root,0,0,0.0) [kseriod] (root,0,0,0.0) [md/0] (root,0,0,0.0) [md/1] (root,0,0,0.0) [md_misc/0] (root,0,0,0.0) [md_misc/1] (root,0,0,0.0) [linkwatch] (root,0,0,0.0) [khungtaskd] (root,0,0,0.0) [kswapd0] (root,0,0,0.0) [ksmd] (root,0,0,0.0) [khugepaged] (root,0,0,0.0) [aio/0] (root,0,0,0.0) [aio/1] (root,0,0,0.0) [crypto/0] (root,0,0,0.0) [crypto/1] (root,0,0,0.0) [kthrotld/0] (root,0,0,0.0) [kthrotld/1] (root,0,0,0.0) [pciehpd] (root,0,0,0.0) [kpsmoused] (root,0,0,0.0) [usbhid_resumer] (root,0,0,0.0) [deferwq] (root,0,0,0.0) [kdmremove] (root,0,0,0.0) [kstriped] (root,0,0,0.0) [scsi_eh_0] (root,0,0,0.0) [scsi_eh_1] (root,0,0,0.0) [scsi_eh_2] (root,0,0,0.0) [vmw_pvscsi_wq_2] (root,0,0,0.0) [kdmflush] (root,0,0,0.0) [kdmflush] (root,0,0,0.0) [jbd2/dm-0-8] (root,0,0,0.0) [ext4-dio-unwrit] (root,10900,264,0.0) /sbin/udevd -d (root,0,0,0.0) [vmmemctl] (root,0,0,0.0) [jbd2/sda1-8] (root,0,0,0.0) [ext4-dio-unwrit] (root,0,0,0.0) [kauditd] (root,0,0,0.0) [flush-253:0] (root,37200,420,0.0) /usr/local/sbin/keepalived -D (root,39304,1332,0.0) /usr/local/sbin/keepalived -D (root,39304,784,0.0) /usr/local/sbin/keepalived -D (postfix,80956,3380,0.0) showq -t unix -u (root,93156,732,0.0) auditd (root,249856,5556,0.0) /sbin/rsyslogd -i /var/run/syslogd.pid -c 5 (rpc,19108,868,0.0) rpcbind (root,200180,1904,0.0) /usr/sbin/snmpd -LS0-6d -Lf /dev/null -p /var/run/snmpd.pid (root,66224,608,0.0) /usr/sbin/sshd (root,21716,744,0.0) xinetd -stayalive -pidfile /var/run/xinetd.pid (root,71216,1676,0.0) /usr/sbin/saslauthd -m /var/run/saslauthd -a pam (root,71216,1664,0.0) /usr/sbin/saslauthd -m /var/run/saslauthd -a pam (root,71216,1664,0.0) /usr/sbin/saslauthd -m /var/run/saslauthd -a pam (root,71216,1664,0.0) /usr/sbin/saslauthd -m /var/run/saslauthd -a pam (root,71216,1664,0.0) /usr/sbin/saslauthd -m /var/run/saslauthd -a pam (nagios,41464,744,0.0) nrpe -c /etc/nagios/nrpe.cfg -d (root,387708,10448,0.0) /usr/bin/vmtoolsd (root,31840,344,0.0) /usr/sbin/htcacheclean -d5 -n -i -p/var/cache/mod_proxy -l150M (5008,213572,13656,0.0) /usr/bin/perl /usr/sbin/cbpolicyd (root,116856,676,0.0) crond (root,214584,59572,0.1) splunkd -p 8089 start (root,62884,824,0.0) [splunkd pid=2622] splunkd -p 8089 start [process-runner] (root,198272,1040,0.0) /usr/bin/python -Es /usr/bin/fail2ban-server -s /var/run/fail2ban/fail2ban.sock -p /var/run/fail2ban/fail2ban.pid -x -b (root,251276,14672,0.1) /usr/bin/monitorix -c /etc/monitorix/monitorix.conf -p /var/run/monitorix.pid (root,4064,484,0.0) /sbin/mingetty /dev/tty1 (root,4064,484,0.0) /sbin/mingetty /dev/tty2 (root,4064,484,0.0) /sbin/mingetty /dev/tty3 (root,4064,484,0.0) /sbin/mingetty /dev/tty4 (root,4064,484,0.0) /sbin/mingetty /dev/tty5 (root,4064,484,0.0) /sbin/mingetty /dev/tty6 (nobody,217028,2076,0.0) monitorix-httpd listening on 8080 (5008,213448,13656,0.0) /usr/bin/perl /usr/sbin/cbpolicyd (root,10896,204,0.0) /sbin/udevd -d (root,10896,176,0.0) /sbin/udevd -d (5008,213452,13676,0.0) /usr/bin/perl /usr/sbin/cbpolicyd (opendkim,2132772,4664,0.1) /usr/sbin/opendkim -x /etc/opendkim.conf -P /var/run/opendkim/opendkim.pid (root,108168,676,0.0) /bin/sh /usr/bin/mysqld_safe --datadir=/var/lib/mysql --socket=/var/lib/mysql/mysql.sock --pid-file=/var/run/mysqld/mysqld.pid --basedir=/usr --user=mysql (mysql,4554580,1644576,1.2) /usr/libexec/mysqld --basedir=/usr --datadir=/var/lib/mysql --user=mysql --log-error=/var/log/mysqld.log --pid-file=/var/run/mysqld/mysqld.pid --socket=/var/lib/mysql/mysql.sock (postfix,80940,3316,0.0) spawn -z -n 127.0.0.1:2527 -t inet user=nobody argv=/etc/postfix/random.pl (postfix,80952,3324,0.0) pickup -l -t fifo -u (5008,213448,13584,0.0) /usr/bin/perl /usr/sbin/cbpolicyd (postfix,97240,6716,0.1) smtpd -n 465 -t inet -u -o stress= -o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions=permit_sasl_authenticated,reject (5008,213584,13740,0.0) /usr/bin/perl /usr/sbin/cbpolicyd (apache,476080,39956,0.6) /usr/sbin/httpd (apache,473648,37560,0.6) /usr/sbin/httpd (postfix,97208,6708,0.0) smtpd -n smtp -t inet -u -o stress= -o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions=permit_sasl_authenticated,reject (postfix,81444,4900,0.0) smtp -n rotate3 -t unix -u -o syslog_name=postfix-rotate3 -o smtp_helo_name=smtp112.ext.armada.it -o smtp_bind_address=5.134.127.227 (5008,213448,13544,0.0) /usr/bin/perl /usr/sbin/cbpolicyd (postfix,81444,4924,0.0) smtp -n rotate1 -t unix -u -o syslog_name=postfix-rotate1 -o smtp_helo_name=smtp110.ext.armada.it -o smtp_bind_address=5.134.127.225 (postfix,81440,4892,0.0) smtp -n rotate5 -t unix -u -o syslog_name=postfix-rotate5 -o smtp_helo_name=smtp114.ext.armada.it -o smtp_bind_address=5.134.127.229 (apache,456344,17788,0.0) /usr/sbin/httpd (apache,456080,17564,0.0) /usr/sbin/httpd (apache,464100,27672,0.7) /usr/sbin/httpd (postfix,81176,3656,0.0) cleanup -z -t unix -u (postfix,80960,3396,0.0) trivial-rewrite -n rewrite -t unix -u (nobody,35692,4624,0.0) /usr/bin/perl -w /etc/postfix/random.pl (postfix,81176,3652,0.1) cleanup -z -t unix -u (postfix,81440,4884,0.0) smtp -n rotate2 -t unix -u -o syslog_name=postfix-rotate2 -o smtp_helo_name=smtp111.ext.armada.it -o smtp_bind_address=5.134.127.226 (postfix,81444,4900,0.1) smtp -n rotate4 -t unix -u -o syslog_name=postfix-rotate4 -o smtp_helo_name=smtp113.ext.armada.it -o smtp_bind_address=5.134.127.228 (postfix,81444,4900,0.1) smtp -n rotate3 -t unix -u -o syslog_name=postfix-rotate3 -o smtp_helo_name=smtp112.ext.armada.it -o smtp_bind_address=5.134.127.227 (postfix,97208,6712,0.0) smtpd -n smtp -t inet -u -o stress= -o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions=permit_sasl_authenticated,reject (root,353708,16604,0.0) /usr/sbin/httpd (5008,213324,11880,0.0) /usr/bin/perl /usr/sbin/cbpolicyd (5008,182364,9032,0.0) /usr/bin/perl /usr/sbin/cbpolicyd (5008,213324,12312,0.0) /usr/bin/perl /usr/sbin/cbpolicyd (postfix,81444,4904,0.0) smtp -n rotate2 -t unix -u -o syslog_name=postfix-rotate2 -o smtp_helo_name=smtp111.ext.armada.it -o smtp_bind_address=5.134.127.226 (postfix,80960,3372,0.0) discard -z -n defer -t unix -u (postfix,81440,4888,0.0) smtp -n rotate1 -t unix -u -o syslog_name=postfix-rotate1 -o smtp_helo_name=smtp110.ext.armada.it -o smtp_bind_address=5.134.127.225 (root,67568,3160,0.0) sshd: [accepted] (sshd,67568,1400,0.0) sshd: [net] (5008,213324,11880,0.0) /usr/bin/perl /usr/sbin/cbpolicyd (postfix,81440,4884,0.0) smtp -n rotate5 -t unix -u -o syslog_name=postfix-rotate5 -o smtp_helo_name=smtp114.ext.armada.it -o smtp_bind_address=5.134.127.229 (root,101428,4428,0.8) sshd: root [priv] (sshd,67568,1660,0.0) sshd: root [net] (root,110232,1572,0.3) /bin/bash /usr/bin/check_mk_agent (root,110232,736,0.0) /bin/bash /usr/bin/check_mk_agent (root,110232,652,0.0) /bin/bash /usr/bin/check_mk_agent (root,830732,11088,2.0) python /usr/lib64/nagios/plugins/check_blacklist -w 1 -c 3 -h 5.134.127.110 (root,101288,4312,0.8) sshd: root [priv] (sshd,67568,1648,0.0) sshd: root [net] (root,101288,4292,1.2) sshd: root [priv] (root,101288,4296,1.2) sshd: root [priv] (sshd,67568,1660,0.0) sshd: root [net] (sshd,67568,1648,0.0) sshd: root [net] (root,101288,4288,1.2) sshd: root [priv] (sshd,67568,1648,0.0) sshd: root [net] (root,67568,3200,0.0) sshd: [accepted] (root,101292,4288,3.5) sshd: root [priv] (sshd,67568,1648,0.0) sshd: root [net] (sshd,67568,1444,0.0) sshd: [net] (root,110232,1536,0.0) /bin/bash /usr/bin/check_mk_agent (root,13364,1008,1.0) ps ax -o user,vsz,rss,pcpu,command --columns 10000 (root,8392,828,0.0) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4) / (root,81000,2340,0.0) /usr/libexec/postfix/master (postfix,83016,3716,0.0) qmgr -l -t fifo -u (postfix,82044,3256,0.0) tlsmgr -l -t unix -u (postfix,81668,2404,0.0) anvil -l -t unix -u (root,0,0,0.0) [migration/3] (root,0,0,0.0) [stopper/3] (root,0,0,0.0) [ksoftirqd/3] (root,0,0,0.0) [kthrotld/3] (root,0,0,0.0) [crypto/3] (root,0,0,0.0) [aio/3] (root,0,0,0.0) [md_misc/3] (root,0,0,0.0) [md/3] (root,0,0,0.0) [ata_sff/3] (root,0,0,0.0) [kblockd/3] (root,0,0,0.0) [kintegrityd/3] (root,0,0,0.0) [events_power_ef] (root,0,0,0.0) [events_long/3] (root,0,0,0.0) [events/3] (root,0,0,0.0) [events/3] (root,0,0,0.0) [watchdog/3] (root,0,0,0.0) [migration/2] (root,0,0,0.0) [stopper/2] (root,0,0,0.0) [ksoftirqd/2] (root,0,0,0.0) [kthrotld/2] (root,0,0,0.0) [crypto/2] (root,0,0,0.0) [aio/2] (root,0,0,0.0) [md_misc/2] (root,0,0,0.0) [md/2] (root,0,0,0.0) [ata_sff/2] (root,0,0,0.0) [kblockd/2] (root,0,0,0.0) [kintegrityd/2] (root,0,0,0.0) [events_power_ef] (root,0,0,0.0) [events_long/2] (root,0,0,0.0) [events/2] (root,0,0,0.0) [events/2] (root,0,0,0.0) [watchdog/2] (5008,213452,13680,0.0) /usr/bin/perl /usr/sbin/cbpolicyd
Found on 2022-11-02 16:26 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbd51b336f6083b8906ad374733d13f17ac92bc344Found public CheckMk agent: Version: 1.2.4p1 AgentOS: linux PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local SpoolDirectory: /etc/check_mk/spool AgentDirectory: /etc/check_mk OnlyFrom: Found process list through CheckMk: (root,19232,1036,0.0) /sbin/init (root,0,0,0.0) [kthreadd] (root,0,0,0.0) [migration/0] (root,0,0,0.0) [ksoftirqd/0] (root,0,0,0.0) [stopper/0] (root,0,0,0.0) [watchdog/0] (root,0,0,0.0) [migration/1] (root,0,0,0.0) [stopper/1] (root,0,0,0.0) [ksoftirqd/1] (root,0,0,0.0) [watchdog/1] (root,0,0,0.0) [events/0] (root,0,0,0.0) [events/1] (root,0,0,0.0) [events/0] (root,0,0,0.0) [events/1] (root,0,0,0.0) [events_long/0] (root,0,0,0.0) [events_long/1] (root,0,0,0.0) [events_power_ef] (root,0,0,0.0) [events_power_ef] (root,0,0,0.0) [cgroup] (root,0,0,0.0) [khelper] (root,0,0,0.0) [netns] (root,0,0,0.0) [async/mgr] (root,0,0,0.0) [pm] (root,0,0,0.0) [sync_supers] (root,0,0,0.0) [bdi-default] (root,0,0,0.0) [kintegrityd/0] (root,0,0,0.0) [kintegrityd/1] (root,0,0,0.0) [kblockd/0] (root,0,0,0.0) [kblockd/1] (root,0,0,0.0) [kacpid] (root,0,0,0.0) [kacpi_notify] (root,0,0,0.0) [kacpi_hotplug] (root,0,0,0.0) [ata_aux] (root,0,0,0.0) [ata_sff/0] (root,0,0,0.0) [ata_sff/1] (root,0,0,0.0) [ksuspend_usbd] (root,0,0,0.0) [khubd] (root,0,0,0.0) [kseriod] (root,0,0,0.0) [md/0] (root,0,0,0.0) [md/1] (root,0,0,0.0) [md_misc/0] (root,0,0,0.0) [md_misc/1] (root,0,0,0.0) [linkwatch] (root,0,0,0.0) [khungtaskd] (root,0,0,0.0) [kswapd0] (root,0,0,0.0) [ksmd] (root,0,0,0.0) [khugepaged] (root,0,0,0.0) [aio/0] (root,0,0,0.0) [aio/1] (root,0,0,0.0) [crypto/0] (root,0,0,0.0) [crypto/1] (root,0,0,0.0) [kthrotld/0] (root,0,0,0.0) [kthrotld/1] (root,0,0,0.0) [pciehpd] (root,0,0,0.0) [kpsmoused] (root,0,0,0.0) [usbhid_resumer] (root,0,0,0.0) [deferwq] (root,0,0,0.0) [kdmremove] (root,0,0,0.0) [kstriped] (root,0,0,0.0) [scsi_eh_0] (root,0,0,0.0) [scsi_eh_1] (root,0,0,0.0) [scsi_eh_2] (root,0,0,0.0) [vmw_pvscsi_wq_2] (root,0,0,0.0) [kdmflush] (root,0,0,0.0) [kdmflush] (root,0,0,0.0) [jbd2/dm-0-8] (root,0,0,0.0) [ext4-dio-unwrit] (postfix,81440,4900,0.0) smtp -n rotate2 -t unix -u -o syslog_name=postfix-rotate2 -o smtp_helo_name=smtp111.ext.armada.it -o smtp_bind_address=5.134.127.226 (root,10900,264,0.0) /sbin/udevd -d (root,0,0,0.0) [vmmemctl] (postfix,81440,4896,0.0) smtp -n rotate1 -t unix -u -o syslog_name=postfix-rotate1 -o smtp_helo_name=smtp110.ext.armada.it -o smtp_bind_address=5.134.127.225 (root,0,0,0.0) [jbd2/sda1-8] (root,0,0,0.0) [ext4-dio-unwrit] (root,0,0,0.0) [kauditd] (postfix,97204,6680,0.0) smtpd -n submission -t inet -u -o stress= -o smtpd_tls_security_level=encrypt -o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions=permit_sasl_authenticated,reject (postfix,97052,6300,0.0) smtpd -n smtp -t inet -u -o stress= -o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions=permit_sasl_authenticated,reject (root,0,0,0.0) [flush-253:0] (root,37200,420,0.0) /usr/local/sbin/keepalived -D (root,39304,1332,0.0) /usr/local/sbin/keepalived -D (root,39304,784,0.0) /usr/local/sbin/keepalived -D (postfix,81444,4892,0.0) smtp -n rotate4 -t unix -u -o syslog_name=postfix-rotate4 -o smtp_helo_name=smtp113.ext.armada.it -o smtp_bind_address=5.134.127.228 (postfix,80988,3436,0.0) bounce -z -t unix -u (5008,213324,11344,0.0) /usr/bin/perl /usr/sbin/cbpolicyd (root,98636,3776,0.0) sshd: unknown [priv] (sshd,67568,1752,0.0) sshd: unknown [net] (root,110232,1568,0.1) /bin/bash /usr/bin/check_mk_agent (root,110232,732,0.0) /bin/bash /usr/bin/check_mk_agent (root,110232,648,0.0) /bin/bash /usr/bin/check_mk_agent (root,830736,17220,2.2) python /usr/lib64/nagios/plugins/check_blacklist -w 1 -c 3 -h 5.134.127.110 (postfix,80960,3380,0.0) trivial-rewrite -n rewrite -t unix -u (nobody,35692,4624,1.0) /usr/bin/perl -w /etc/postfix/random.pl (root,110232,1536,0.0) /bin/bash /usr/bin/check_mk_agent (root,13368,1012,0.0) ps ax -o user,vsz,rss,pcpu,command --columns 10000 (root,8392,828,0.0) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4) / (root,93156,732,0.0) auditd (root,249856,5568,0.0) /sbin/rsyslogd -i /var/run/syslogd.pid -c 5 (rpc,19108,868,0.0) rpcbind (root,200180,1892,0.0) /usr/sbin/snmpd -LS0-6d -Lf /dev/null -p /var/run/snmpd.pid (root,66224,608,0.0) /usr/sbin/sshd (root,21716,744,0.0) xinetd -stayalive -pidfile /var/run/xinetd.pid (5008,213620,13176,0.0) /usr/bin/perl /usr/sbin/cbpolicyd (root,71216,1676,0.0) /usr/sbin/saslauthd -m /var/run/saslauthd -a pam (root,71216,1664,0.0) /usr/sbin/saslauthd -m /var/run/saslauthd -a pam (root,71216,1664,0.0) /usr/sbin/saslauthd -m /var/run/saslauthd -a pam (root,71216,1664,0.0) /usr/sbin/saslauthd -m /var/run/saslauthd -a pam (root,71216,1664,0.0) /usr/sbin/saslauthd -m /var/run/saslauthd -a pam (nagios,41464,744,0.0) nrpe -c /etc/nagios/nrpe.cfg -d (root,385104,7824,0.0) /usr/bin/vmtoolsd (root,31840,344,0.0) /usr/sbin/htcacheclean -d5 -n -i -p/var/cache/mod_proxy -l150M (root,116856,676,0.0) crond (postfix,80940,3356,0.0) spawn -z -n 127.0.0.1:2527 -t inet user=nobody argv=/etc/postfix/random.pl (root,214584,57796,0.1) splunkd -p 8089 start (root,62884,824,0.0) [splunkd pid=2622] splunkd -p 8089 start [process-runner] (root,198272,1040,0.0) /usr/bin/python -Es /usr/bin/fail2ban-server -s /var/run/fail2ban/fail2ban.sock -p /var/run/fail2ban/fail2ban.pid -x -b (root,251276,13816,0.1) /usr/bin/monitorix -c /etc/monitorix/monitorix.conf -p /var/run/monitorix.pid (root,4064,484,0.0) /sbin/mingetty /dev/tty1 (root,4064,484,0.0) /sbin/mingetty /dev/tty2 (root,4064,484,0.0) /sbin/mingetty /dev/tty3 (root,4064,484,0.0) /sbin/mingetty /dev/tty4 (root,4064,484,0.0) /sbin/mingetty /dev/tty5 (root,4064,484,0.0) /sbin/mingetty /dev/tty6 (nobody,217028,2076,0.0) monitorix-httpd listening on 8080 (5008,213452,13068,0.0) /usr/bin/perl /usr/sbin/cbpolicyd (root,10896,204,0.0) /sbin/udevd -d (root,10896,176,0.0) /sbin/udevd -d (opendkim,2132772,4576,0.1) /usr/sbin/opendkim -x /etc/opendkim.conf -P /var/run/opendkim/opendkim.pid (root,108168,676,0.0) /bin/sh /usr/bin/mysqld_safe --datadir=/var/lib/mysql --socket=/var/lib/mysql/mysql.sock --pid-file=/var/run/mysqld/mysqld.pid --basedir=/usr --user=mysql (mysql,4554580,1626868,1.2) /usr/libexec/mysqld --basedir=/usr --datadir=/var/lib/mysql --user=mysql --log-error=/var/log/mysqld.log --pid-file=/var/run/mysqld/mysqld.pid --socket=/var/lib/mysql/mysql.sock (apache,469396,33212,0.6) /usr/sbin/httpd (apache,473656,37516,0.7) /usr/sbin/httpd (apache,465852,29680,0.7) /usr/sbin/httpd (5008,213452,13040,0.0) /usr/bin/perl /usr/sbin/cbpolicyd (5008,213448,13164,0.0) /usr/bin/perl /usr/sbin/cbpolicyd (root,352448,14688,0.0) /usr/sbin/httpd (5008,182364,8376,0.0) /usr/bin/perl /usr/sbin/cbpolicyd (root,81000,2352,0.0) /usr/libexec/postfix/master (postfix,83016,3692,0.0) qmgr -l -t fifo -u (postfix,82044,3164,0.0) tlsmgr -l -t unix -u (postfix,81668,2360,0.0) anvil -l -t unix -u (postfix,80956,3380,0.0) showq -t unix -u (postfix,80952,3324,0.0) pickup -l -t fifo -u (root,0,0,0.0) [migration/3] (root,0,0,0.0) [stopper/3] (root,0,0,0.0) [ksoftirqd/3] (root,0,0,0.0) [kthrotld/3] (root,0,0,0.0) [crypto/3] (root,0,0,0.0) [aio/3] (root,0,0,0.0) [md_misc/3] (root,0,0,0.0) [md/3] (root,0,0,0.0) [ata_sff/3] (root,0,0,0.0) [kblockd/3] (root,0,0,0.0) [kintegrityd/3] (root,0,0,0.0) [events_power_ef] (root,0,0,0.0) [events_long/3] (root,0,0,0.0) [events/3] (root,0,0,0.0) [events/3] (root,0,0,0.0) [watchdog/3] (root,0,0,0.0) [migration/2] (root,0,0,0.0) [stopper/2] (root,0,0,0.0) [ksoftirqd/2] (root,0,0,0.0) [kthrotld/2] (root,0,0,0.0) [crypto/2] (root,0,0,0.0) [aio/2] (root,0,0,0.0) [md_misc/2] (root,0,0,0.0) [md/2] (root,0,0,0.0) [ata_sff/2] (root,0,0,0.0) [kblockd/2] (root,0,0,0.0) [kintegrityd/2] (root,0,0,0.0) [events_power_ef] (root,0,0,0.0) [events_long/2] (root,0,0,0.0) [events/2] (root,0,0,0.0) [events/2] (root,0,0,0.0) [watchdog/2] (5008,213448,13128,0.0) /usr/bin/perl /usr/sbin/cbpolicyd (5008,213448,13148,0.0) /usr/bin/perl /usr/sbin/cbpolicyd (postfix,97236,6748,0.1) smtpd -n 465 -t inet -u -o stress= -o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions=permit_sasl_authenticated,reject (postfix,97240,6752,0.1) smtpd -n 465 -t inet -u -o stress= -o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions=permit_sasl_authenticated,reject (postfix,97232,6768,0.1) smtpd -n 465 -t inet -u -o stress= -o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions=permit_sasl_authenticated,reject (5008,213324,11808,0.0) /usr/bin/perl /usr/sbin/cbpolicyd (postfix,81176,3656,0.0) cleanup -z -t unix -u (postfix,97208,6680,0.0) smtpd -n smtp -t inet -u -o stress= -o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions=permit_sasl_authenticated,reject (postfix,81440,4892,0.0) smtp -n rotate3 -t unix -u -o syslog_name=postfix-rotate3 -o smtp_helo_name=smtp112.ext.armada.it -o smtp_bind_address=5.134.127.227 (postfix,81440,4896,0.0) smtp -n rotate4 -t unix -u -o syslog_name=postfix-rotate4 -o smtp_helo_name=smtp113.ext.armada.it -o smtp_bind_address=5.134.127.228 (postfix,81444,4892,0.0) smtp -n rotate3 -t unix -u -o syslog_name=postfix-rotate3 -o smtp_helo_name=smtp112.ext.armada.it -o smtp_bind_address=5.134.127.227 (apache,464660,28512,0.7) /usr/sbin/httpd (postfix,81444,4920,0.0) smtp -n rotate5 -t unix -u -o syslog_name=postfix-rotate5 -o smtp_helo_name=smtp114.ext.armada.it -o smtp_bind_address=5.134.127.229 (postfix,81440,4892,0.0) smtp -n rotate2 -t unix -u -o syslog_name=postfix-rotate2 -o smtp_helo_name=smtp111.ext.armada.it -o smtp_bind_address=5.134.127.226 (postfix,81440,4880,0.0) smtp -n rotate5 -t unix -u -o syslog_name=postfix-rotate5 -o smtp_helo_name=smtp114.ext.armada.it -o smtp_bind_address=5.134.127.229
Found on 2022-10-20 09:11 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbd51b336f6083b8906ad374733d13f17aea42374aFound public CheckMk agent: Version: 1.2.4p1 AgentOS: linux PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local SpoolDirectory: /etc/check_mk/spool AgentDirectory: /etc/check_mk OnlyFrom: Found process list through CheckMk: (root,19232,1052,0.0) /sbin/init (root,0,0,0.0) [kthreadd] (root,0,0,0.0) [migration/0] (root,0,0,0.0) [ksoftirqd/0] (root,0,0,0.0) [stopper/0] (root,0,0,0.0) [watchdog/0] (root,0,0,0.0) [migration/1] (root,0,0,0.0) [stopper/1] (root,0,0,0.0) [ksoftirqd/1] (root,0,0,0.0) [watchdog/1] (root,0,0,0.0) [events/0] (root,0,0,0.0) [events/1] (root,0,0,0.0) [events/0] (root,0,0,0.0) [events/1] (root,0,0,0.0) [events_long/0] (root,0,0,0.0) [events_long/1] (root,0,0,0.0) [events_power_ef] (root,0,0,0.0) [events_power_ef] (root,0,0,0.0) [cgroup] (root,0,0,0.0) [khelper] (root,0,0,0.0) [netns] (root,0,0,0.0) [async/mgr] (root,0,0,0.0) [pm] (root,0,0,0.0) [sync_supers] (root,0,0,0.0) [bdi-default] (root,0,0,0.0) [kintegrityd/0] (root,0,0,0.0) [kintegrityd/1] (root,0,0,0.0) [kblockd/0] (root,0,0,0.0) [kblockd/1] (root,0,0,0.0) [kacpid] (root,0,0,0.0) [kacpi_notify] (root,0,0,0.0) [kacpi_hotplug] (root,0,0,0.0) [ata_aux] (root,0,0,0.0) [ata_sff/0] (root,0,0,0.0) [ata_sff/1] (root,0,0,0.0) [ksuspend_usbd] (root,0,0,0.0) [khubd] (root,0,0,0.0) [kseriod] (root,0,0,0.0) [md/0] (root,0,0,0.0) [md/1] (root,0,0,0.0) [md_misc/0] (root,0,0,0.0) [md_misc/1] (root,0,0,0.0) [linkwatch] (root,0,0,0.0) [khungtaskd] (root,0,0,0.0) [kswapd0] (root,0,0,0.0) [ksmd] (root,0,0,0.0) [khugepaged] (root,0,0,0.0) [aio/0] (root,0,0,0.0) [aio/1] (root,0,0,0.0) [crypto/0] (root,0,0,0.0) [crypto/1] (root,0,0,0.0) [kthrotld/0] (root,0,0,0.0) [kthrotld/1] (root,0,0,0.0) [pciehpd] (root,0,0,0.0) [kpsmoused] (root,0,0,0.0) [usbhid_resumer] (root,0,0,0.0) [deferwq] (root,0,0,0.0) [kdmremove] (root,0,0,0.0) [kstriped] (root,0,0,0.0) [scsi_eh_0] (root,0,0,0.0) [scsi_eh_1] (root,0,0,0.0) [scsi_eh_2] (root,0,0,0.0) [vmw_pvscsi_wq_2] (root,0,0,0.0) [kdmflush] (root,0,0,0.0) [kdmflush] (root,0,0,0.0) [jbd2/dm-0-8] (root,0,0,0.0) [ext4-dio-unwrit] (root,10900,264,0.0) /sbin/udevd -d (root,0,0,0.0) [vmmemctl] (root,0,0,0.0) [jbd2/sda1-8] (root,0,0,0.0) [ext4-dio-unwrit] (root,0,0,0.0) [kauditd] (root,0,0,0.0) [flush-253:0] (root,37200,420,0.0) /usr/local/sbin/keepalived -D (root,39304,1332,0.0) /usr/local/sbin/keepalived -D (root,39304,784,0.0) /usr/local/sbin/keepalived -D (root,93156,732,0.0) auditd (root,249856,5596,0.0) /sbin/rsyslogd -i /var/run/syslogd.pid -c 5 (rpc,19108,940,0.0) rpcbind (root,200180,1908,0.0) /usr/sbin/snmpd -LS0-6d -Lf /dev/null -p /var/run/snmpd.pid (root,66224,616,0.0) /usr/sbin/sshd (root,21716,744,0.0) xinetd -stayalive -pidfile /var/run/xinetd.pid (root,71216,1676,0.0) /usr/sbin/saslauthd -m /var/run/saslauthd -a pam (root,71216,1664,0.0) /usr/sbin/saslauthd -m /var/run/saslauthd -a pam (root,85816,1808,0.0) /usr/sbin/saslauthd -m /var/run/saslauthd -a pam (root,85816,1808,0.0) /usr/sbin/saslauthd -m /var/run/saslauthd -a pam (root,71216,1664,0.0) /usr/sbin/saslauthd -m /var/run/saslauthd -a pam (nagios,41464,744,0.0) nrpe -c /etc/nagios/nrpe.cfg -d (root,383492,12124,0.0) /usr/bin/vmtoolsd (root,31840,344,0.0) /usr/sbin/htcacheclean -d5 -n -i -p/var/cache/mod_proxy -l150M (root,116856,676,0.0) crond (root,214584,59344,0.1) splunkd -p 8089 start (root,62884,824,0.0) [splunkd pid=2622] splunkd -p 8089 start [process-runner] (root,198272,1040,0.0) /usr/bin/python -Es /usr/bin/fail2ban-server -s /var/run/fail2ban/fail2ban.sock -p /var/run/fail2ban/fail2ban.pid -x -b (root,251276,14688,0.1) /usr/bin/monitorix -c /etc/monitorix/monitorix.conf -p /var/run/monitorix.pid (root,4064,484,0.0) /sbin/mingetty /dev/tty1 (root,4064,484,0.0) /sbin/mingetty /dev/tty2 (root,4064,484,0.0) /sbin/mingetty /dev/tty3 (root,4064,484,0.0) /sbin/mingetty /dev/tty4 (root,4064,484,0.0) /sbin/mingetty /dev/tty5 (root,4064,484,0.0) /sbin/mingetty /dev/tty6 (nobody,217028,2084,0.0) monitorix-httpd listening on 8080 (root,10896,208,0.0) /sbin/udevd -d (root,10896,180,0.0) /sbin/udevd -d (5008,213452,13736,0.0) /usr/bin/perl /usr/sbin/cbpolicyd (opendkim,2153260,5364,0.1) /usr/sbin/opendkim -x /etc/opendkim.conf -P /var/run/opendkim/opendkim.pid (5008,213440,13636,0.0) /usr/bin/perl /usr/sbin/cbpolicyd (root,108168,708,0.0) /bin/sh /usr/bin/mysqld_safe --datadir=/var/lib/mysql --socket=/var/lib/mysql/mysql.sock --pid-file=/var/run/mysqld/mysqld.pid --basedir=/usr --user=mysql (mysql,4554580,2334064,1.2) /usr/libexec/mysqld --basedir=/usr --datadir=/var/lib/mysql --user=mysql --log-error=/var/log/mysqld.log --pid-file=/var/run/mysqld/mysqld.pid --socket=/var/lib/mysql/mysql.sock (5008,213448,13716,0.0) /usr/bin/perl /usr/sbin/cbpolicyd (apache,461896,31804,0.1) /usr/sbin/httpd (apache,462028,32000,0.3) /usr/sbin/httpd (root,351672,20988,0.0) /usr/sbin/httpd (postfix,80952,3328,0.0) pickup -l -t fifo -u (5008,182364,9168,0.0) /usr/bin/perl /usr/sbin/cbpolicyd (apache,461900,31864,0.4) /usr/sbin/httpd (apache,454044,22200,0.0) /usr/sbin/httpd (apache,462008,31892,0.2) /usr/sbin/httpd (root,81000,2404,0.0) /usr/libexec/postfix/master (postfix,83016,4304,0.0) qmgr -l -t fifo -u (postfix,82044,3672,0.0) tlsmgr -l -t unix -u (postfix,81668,2504,0.0) anvil -l -t unix -u (postfix,97208,6660,0.0) smtpd -n smtp -t inet -u -o stress= -o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions=permit_sasl_authenticated,reject (postfix,97208,6684,0.0) smtpd -n smtp -t inet -u -o stress= -o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions=permit_sasl_authenticated,reject (postfix,97208,6660,0.0) smtpd -n smtp -t inet -u -o stress= -o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions=permit_sasl_authenticated,reject (postfix,80956,3380,0.0) showq -t unix -u (postfix,97052,6348,0.0) smtpd -n smtp -t inet -u -o stress= -o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions=permit_sasl_authenticated,reject (5008,213452,13628,0.0) /usr/bin/perl /usr/sbin/cbpolicyd (5008,213324,12412,0.0) /usr/bin/perl /usr/sbin/cbpolicyd (5008,213324,11992,0.0) /usr/bin/perl /usr/sbin/cbpolicyd (postfix,97208,6620,0.0) smtpd -n smtp -t inet -u -o stress= -o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions=permit_sasl_authenticated,reject (5008,213448,13588,0.0) /usr/bin/perl /usr/sbin/cbpolicyd (postfix,80960,3388,0.0) trivial-rewrite -n rewrite -t unix -u (postfix,80940,3320,0.0) spawn -z -n 127.0.0.1:2527 -t inet user=nobody argv=/etc/postfix/random.pl (nobody,35692,4624,0.0) /usr/bin/perl -w /etc/postfix/random.pl (5008,213324,12180,0.0) /usr/bin/perl /usr/sbin/cbpolicyd (postfix,81176,3660,0.0) cleanup -z -t unix -u (postfix,81440,4836,0.0) smtp -n rotate2 -t unix -u -o syslog_name=postfix-rotate2 -o smtp_helo_name=smtp111.ext.armada.it -o smtp_bind_address=5.134.127.226 (5008,213324,11992,0.0) /usr/bin/perl /usr/sbin/cbpolicyd (postfix,81444,4872,0.0) smtp -n rotate2 -t unix -u -o syslog_name=postfix-rotate2 -o smtp_helo_name=smtp111.ext.armada.it -o smtp_bind_address=5.134.127.226 (postfix,81440,4876,0.0) smtp -n rotate5 -t unix -u -o syslog_name=postfix-rotate5 -o smtp_helo_name=smtp114.ext.armada.it -o smtp_bind_address=5.134.127.229 (postfix,81444,4876,0.0) smtp -n rotate2 -t unix -u -o syslog_name=postfix-rotate2 -o smtp_helo_name=smtp111.ext.armada.it -o smtp_bind_address=5.134.127.226 (postfix,80960,3372,0.0) discard -z -n defer -t unix -u (postfix,81444,4868,0.1) smtp -n rotate5 -t unix -u -o syslog_name=postfix-rotate5 -o smtp_helo_name=smtp114.ext.armada.it -o smtp_bind_address=5.134.127.229 (postfix,81440,4864,0.1) smtp -n rotate3 -t unix -u -o syslog_name=postfix-rotate3 -o smtp_helo_name=smtp112.ext.armada.it -o smtp_bind_address=5.134.127.227 (postfix,81444,4876,0.1) smtp -n rotate3 -t unix -u -o syslog_name=postfix-rotate3 -o smtp_helo_name=smtp112.ext.armada.it -o smtp_bind_address=5.134.127.227 (postfix,80988,3432,0.0) bounce -z -t unix -u (postfix,81440,4876,0.1) smtp -n rotate4 -t unix -u -o syslog_name=postfix-rotate4 -o smtp_helo_name=smtp113.ext.armada.it -o smtp_bind_address=5.134.127.228 (postfix,81288,4236,0.0) smtp -n rotate1 -t unix -u -o syslog_name=postfix-rotate1 -o smtp_helo_name=smtp110.ext.armada.it -o smtp_bind_address=5.134.127.225 (root,110232,1572,0.3) /bin/bash /usr/bin/check_mk_agent (root,110232,736,0.0) /bin/bash /usr/bin/check_mk_agent (root,110232,652,0.0) /bin/bash /usr/bin/check_mk_agent (root,830736,13132,1.5) python /usr/lib64/nagios/plugins/check_blacklist -w 1 -c 3 -h 5.134.127.110 (root,98636,3776,0.3) sshd: unknown [priv] (sshd,67568,1752,0.0) sshd: unknown [net] (root,110232,1532,0.0) /bin/bash /usr/bin/check_mk_agent (root,13368,1012,0.0) ps ax -o user,vsz,rss,pcpu,command --columns 10000 (root,8392,832,0.0) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4) / (root,0,0,0.0) [migration/3] (root,0,0,0.0) [stopper/3] (root,0,0,0.0) [ksoftirqd/3] (root,0,0,0.0) [kthrotld/3] (root,0,0,0.0) [crypto/3] (root,0,0,0.0) [aio/3] (root,0,0,0.0) [md_misc/3] (root,0,0,0.0) [md/3] (root,0,0,0.0) [ata_sff/3] (root,0,0,0.0) [kblockd/3] (root,0,0,0.0) [kintegrityd/3] (root,0,0,0.0) [events_power_ef] (root,0,0,0.0) [events_long/3] (root,0,0,0.0) [events/3] (root,0,0,0.0) [events/3] (root,0,0,0.0) [watchdog/3] (root,0,0,0.0) [migration/2] (root,0,0,0.0) [stopper/2] (root,0,0,0.0) [ksoftirqd/2] (root,0,0,0.0) [kthrotld/2] (root,0,0,0.0) [crypto/2] (root,0,0,0.0) [aio/2] (root,0,0,0.0) [md_misc/2] (root,0,0,0.0) [md/2] (root,0,0,0.0) [ata_sff/2] (root,0,0,0.0) [kblockd/2] (root,0,0,0.0) [kintegrityd/2] (root,0,0,0.0) [events_power_ef] (root,0,0,0.0) [events_long/2] (root,0,0,0.0) [events/2] (root,0,0,0.0) [events/2] (root,0,0,0.0) [watchdog/2]
Found on 2022-10-12 03:02 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbd51b336f6083b8906ad374733d13f17a51df9a37Found public CheckMk agent: Version: 1.2.4p1 AgentOS: linux PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local SpoolDirectory: /etc/check_mk/spool AgentDirectory: /etc/check_mk OnlyFrom: Found process list through CheckMk: (root,19232,1036,0.0) /sbin/init (root,0,0,0.0) [kthreadd] (root,0,0,0.0) [migration/0] (root,0,0,0.0) [ksoftirqd/0] (root,0,0,0.0) [stopper/0] (root,0,0,0.0) [watchdog/0] (root,0,0,0.0) [migration/1] (root,0,0,0.0) [stopper/1] (root,0,0,0.0) [ksoftirqd/1] (root,0,0,0.0) [watchdog/1] (root,0,0,0.0) [events/0] (root,0,0,0.0) [events/1] (root,0,0,0.0) [events/0] (root,0,0,0.0) [events/1] (root,0,0,0.0) [events_long/0] (root,0,0,0.0) [events_long/1] (root,0,0,0.0) [events_power_ef] (root,0,0,0.0) [events_power_ef] (root,0,0,0.0) [cgroup] (root,0,0,0.0) [khelper] (root,0,0,0.0) [netns] (root,0,0,0.0) [async/mgr] (root,0,0,0.0) [pm] (root,0,0,0.0) [sync_supers] (root,0,0,0.0) [bdi-default] (root,0,0,0.0) [kintegrityd/0] (root,0,0,0.0) [kintegrityd/1] (root,0,0,0.0) [kblockd/0] (root,0,0,0.0) [kblockd/1] (root,0,0,0.0) [kacpid] (root,0,0,0.0) [kacpi_notify] (root,0,0,0.0) [kacpi_hotplug] (root,0,0,0.0) [ata_aux] (root,0,0,0.0) [ata_sff/0] (root,0,0,0.0) [ata_sff/1] (root,0,0,0.0) [ksuspend_usbd] (root,0,0,0.0) [khubd] (root,0,0,0.0) [kseriod] (root,0,0,0.0) [md/0] (root,0,0,0.0) [md/1] (root,0,0,0.0) [md_misc/0] (root,0,0,0.0) [md_misc/1] (root,0,0,0.0) [linkwatch] (root,0,0,0.0) [khungtaskd] (root,0,0,0.0) [kswapd0] (root,0,0,0.0) [ksmd] (root,0,0,0.0) [khugepaged] (root,0,0,0.0) [aio/0] (root,0,0,0.0) [aio/1] (root,0,0,0.0) [crypto/0] (root,0,0,0.0) [crypto/1] (root,0,0,0.0) [kthrotld/0] (root,0,0,0.0) [kthrotld/1] (root,0,0,0.0) [pciehpd] (root,0,0,0.0) [kpsmoused] (root,0,0,0.0) [usbhid_resumer] (root,0,0,0.0) [deferwq] (root,0,0,0.0) [kdmremove] (root,0,0,0.0) [kstriped] (root,0,0,0.0) [scsi_eh_0] (root,0,0,0.0) [scsi_eh_1] (root,0,0,0.0) [scsi_eh_2] (root,0,0,0.0) [vmw_pvscsi_wq_2] (root,0,0,0.0) [kdmflush] (root,0,0,0.0) [kdmflush] (root,0,0,0.0) [jbd2/dm-0-8] (root,0,0,0.0) [ext4-dio-unwrit] (root,10900,264,0.0) /sbin/udevd -d (root,0,0,0.0) [vmmemctl] (root,0,0,0.0) [jbd2/sda1-8] (root,0,0,0.0) [ext4-dio-unwrit] (root,0,0,0.0) [kauditd] (root,0,0,0.0) [flush-253:0] (root,37200,420,0.0) /usr/local/sbin/keepalived -D (root,39304,1332,0.0) /usr/local/sbin/keepalived -D (root,39304,784,0.0) /usr/local/sbin/keepalived -D (root,93156,732,0.0) auditd (root,249856,5600,0.0) /sbin/rsyslogd -i /var/run/syslogd.pid -c 5 (rpc,19108,940,0.0) rpcbind (root,200180,1908,0.0) /usr/sbin/snmpd -LS0-6d -Lf /dev/null -p /var/run/snmpd.pid (root,66224,616,0.0) /usr/sbin/sshd (root,21716,744,0.0) xinetd -stayalive -pidfile /var/run/xinetd.pid (root,71216,1676,0.0) /usr/sbin/saslauthd -m /var/run/saslauthd -a pam (root,71216,1664,0.0) /usr/sbin/saslauthd -m /var/run/saslauthd -a pam (root,71216,1664,0.0) /usr/sbin/saslauthd -m /var/run/saslauthd -a pam (root,71216,1664,0.0) /usr/sbin/saslauthd -m /var/run/saslauthd -a pam (root,71216,1664,0.0) /usr/sbin/saslauthd -m /var/run/saslauthd -a pam (nagios,41464,744,0.0) nrpe -c /etc/nagios/nrpe.cfg -d (root,380016,8520,0.0) /usr/bin/vmtoolsd (root,31840,344,0.0) /usr/sbin/htcacheclean -d5 -n -i -p/var/cache/mod_proxy -l150M (root,116856,676,0.0) crond (root,214584,59840,0.1) splunkd -p 8089 start (root,62884,824,0.0) [splunkd pid=2622] splunkd -p 8089 start [process-runner] (root,198272,1040,0.0) /usr/bin/python -Es /usr/bin/fail2ban-server -s /var/run/fail2ban/fail2ban.sock -p /var/run/fail2ban/fail2ban.pid -x -b (root,251276,14716,0.1) /usr/bin/monitorix -c /etc/monitorix/monitorix.conf -p /var/run/monitorix.pid (root,4064,484,0.0) /sbin/mingetty /dev/tty1 (root,4064,484,0.0) /sbin/mingetty /dev/tty2 (root,4064,484,0.0) /sbin/mingetty /dev/tty3 (root,4064,484,0.0) /sbin/mingetty /dev/tty4 (root,4064,484,0.0) /sbin/mingetty /dev/tty5 (root,4064,484,0.0) /sbin/mingetty /dev/tty6 (nobody,217028,2084,0.0) monitorix-httpd listening on 8080 (root,10896,208,0.0) /sbin/udevd -d (root,10896,180,0.0) /sbin/udevd -d (postfix,97208,6688,0.0) smtpd -n smtp -t inet -u -o stress= -o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions=permit_sasl_authenticated,reject (postfix,97104,6648,0.0) smtpd -n 465 -t inet -u -o stress= -o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions=permit_sasl_authenticated,reject (opendkim,2132772,5200,0.1) /usr/sbin/opendkim -x /etc/opendkim.conf -P /var/run/opendkim/opendkim.pid (postfix,80952,3324,0.0) pickup -l -t fifo -u (root,108168,708,0.0) /bin/sh /usr/bin/mysqld_safe --datadir=/var/lib/mysql --socket=/var/lib/mysql/mysql.sock --pid-file=/var/run/mysqld/mysqld.pid --basedir=/usr --user=mysql (mysql,4554580,2330840,1.2) /usr/libexec/mysqld --basedir=/usr --datadir=/var/lib/mysql --user=mysql --log-error=/var/log/mysqld.log --pid-file=/var/run/mysqld/mysqld.pid --socket=/var/lib/mysql/mysql.sock (5008,213452,13624,0.0) /usr/bin/perl /usr/sbin/cbpolicyd (postfix,97104,6648,0.0) smtpd -n 465 -t inet -u -o stress= -o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions=permit_sasl_authenticated,reject (5008,213440,13664,0.0) /usr/bin/perl /usr/sbin/cbpolicyd (postfix,97204,6716,1.2) smtpd -n submission -t inet -u -o stress= -o smtpd_tls_security_level=encrypt -o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions=permit_sasl_authenticated,reject (postfix,80960,3380,0.0) trivial-rewrite -n rewrite -t unix -u (nobody,35692,4620,0.0) /usr/bin/perl -w /etc/postfix/random.pl (postfix,81176,3656,0.4) cleanup -z -t unix -u (postfix,81444,4892,0.1) smtp -n rotate3 -t unix -u -o syslog_name=postfix-rotate3 -o smtp_helo_name=smtp112.ext.armada.it -o smtp_bind_address=5.134.127.227 (postfix,81440,4888,0.1) smtp -n rotate2 -t unix -u -o syslog_name=postfix-rotate2 -o smtp_helo_name=smtp111.ext.armada.it -o smtp_bind_address=5.134.127.226 (postfix,81444,4888,0.2) smtp -n rotate4 -t unix -u -o syslog_name=postfix-rotate4 -o smtp_helo_name=smtp113.ext.armada.it -o smtp_bind_address=5.134.127.228 (postfix,81440,4904,0.1) smtp -n rotate1 -t unix -u -o syslog_name=postfix-rotate1 -o smtp_helo_name=smtp110.ext.armada.it -o smtp_bind_address=5.134.127.225 (postfix,81440,4888,0.1) smtp -n rotate5 -t unix -u -o syslog_name=postfix-rotate5 -o smtp_helo_name=smtp114.ext.armada.it -o smtp_bind_address=5.134.127.229 (postfix,97208,6604,0.0) smtpd -n smtp -t inet -u -o stress= -o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions=permit_sasl_authenticated,reject (root,110232,1568,0.0) /bin/bash /usr/bin/check_mk_agent (root,110232,732,0.0) /bin/bash /usr/bin/check_mk_agent (root,110232,648,0.0) /bin/bash /usr/bin/check_mk_agent (root,830732,11092,0.6) python /usr/lib64/nagios/plugins/check_blacklist -w 1 -c 3 -h 5.134.127.110 (root,98636,3768,0.0) sshd: unknown [priv] (sshd,67568,1748,0.0) sshd: unknown [net] (root,69640,3360,0.0) sshd: [accepted] (sshd,67568,1580,0.0) sshd: [net] (root,110232,1532,0.0) /bin/bash /usr/bin/check_mk_agent (root,13368,1008,0.0) ps ax -o user,vsz,rss,pcpu,command --columns 10000 (root,8392,824,0.0) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4) / (5008,213580,13844,0.0) /usr/bin/perl /usr/sbin/cbpolicyd (apache,472584,42936,0.4) /usr/sbin/httpd (apache,470388,40784,0.4) /usr/sbin/httpd (postfix,80940,3356,0.0) spawn -z -n 127.0.0.1:2527 -t inet user=nobody argv=/etc/postfix/random.pl (root,349928,19244,0.0) /usr/sbin/httpd (5008,182364,9156,0.0) /usr/bin/perl /usr/sbin/cbpolicyd (apache,466252,36552,0.3) /usr/sbin/httpd (apache,467216,37508,0.3) /usr/sbin/httpd (5008,213580,13816,0.0) /usr/bin/perl /usr/sbin/cbpolicyd (root,81000,2408,0.0) /usr/libexec/postfix/master (postfix,83016,4304,0.0) qmgr -l -t fifo -u (postfix,82044,3636,0.0) tlsmgr -l -t unix -u (postfix,81668,2504,0.0) anvil -l -t unix -u (root,0,0,0.0) [migration/3] (root,0,0,0.0) [stopper/3] (root,0,0,0.0) [ksoftirqd/3] (root,0,0,0.0) [kthrotld/3] (root,0,0,0.0) [crypto/3] (root,0,0,0.0) [aio/3] (root,0,0,0.0) [md_misc/3] (root,0,0,0.0) [md/3] (root,0,0,0.0) [ata_sff/3] (root,0,0,0.0) [kblockd/3] (root,0,0,0.0) [kintegrityd/3] (root,0,0,0.0) [events_power_ef] (root,0,0,0.0) [events_long/3] (root,0,0,0.0) [events/3] (root,0,0,0.0) [events/3] (root,0,0,0.0) [watchdog/3] (root,0,0,0.0) [migration/2] (root,0,0,0.0) [stopper/2] (root,0,0,0.0) [ksoftirqd/2] (root,0,0,0.0) [kthrotld/2] (root,0,0,0.0) [crypto/2] (root,0,0,0.0) [aio/2] (root,0,0,0.0) [md_misc/2] (root,0,0,0.0) [md/2] (root,0,0,0.0) [ata_sff/2] (root,0,0,0.0) [kblockd/2] (root,0,0,0.0) [kintegrityd/2] (root,0,0,0.0) [events_power_ef] (root,0,0,0.0) [events_long/2] (root,0,0,0.0) [events/2] (root,0,0,0.0) [events/2] (root,0,0,0.0) [watchdog/2] (postfix,80956,3380,0.0) showq -t unix -u (5008,213712,13916,0.0) /usr/bin/perl /usr/sbin/cbpolicyd (apache,464928,35332,0.3) /usr/sbin/httpd
Found on 2022-09-24 15:52 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbd51b336f6083b8906ad374733d13f17ac2fd3018Found public CheckMk agent: Version: 1.2.4p1 AgentOS: linux PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local SpoolDirectory: /etc/check_mk/spool AgentDirectory: /etc/check_mk OnlyFrom: Found process list through CheckMk: (root,19232,1052,0.0) /sbin/init (root,0,0,0.0) [kthreadd] (root,0,0,0.0) [migration/0] (root,0,0,0.0) [ksoftirqd/0] (root,0,0,0.0) [stopper/0] (root,0,0,0.0) [watchdog/0] (root,0,0,0.0) [migration/1] (root,0,0,0.0) [stopper/1] (root,0,0,0.0) [ksoftirqd/1] (root,0,0,0.0) [watchdog/1] (root,0,0,0.0) [events/0] (root,0,0,0.0) [events/1] (root,0,0,0.0) [events/0] (root,0,0,0.0) [events/1] (root,0,0,0.0) [events_long/0] (root,0,0,0.0) [events_long/1] (root,0,0,0.0) [events_power_ef] (root,0,0,0.0) [events_power_ef] (root,0,0,0.0) [cgroup] (root,0,0,0.0) [khelper] (root,0,0,0.0) [netns] (root,0,0,0.0) [async/mgr] (root,0,0,0.0) [pm] (root,0,0,0.0) [sync_supers] (root,0,0,0.0) [bdi-default] (root,0,0,0.0) [kintegrityd/0] (root,0,0,0.0) [kintegrityd/1] (root,0,0,0.0) [kblockd/0] (root,0,0,0.0) [kblockd/1] (root,0,0,0.0) [kacpid] (root,0,0,0.0) [kacpi_notify] (root,0,0,0.0) [kacpi_hotplug] (root,0,0,0.0) [ata_aux] (root,0,0,0.0) [ata_sff/0] (root,0,0,0.0) [ata_sff/1] (root,0,0,0.0) [ksuspend_usbd] (root,0,0,0.0) [khubd] (root,0,0,0.0) [kseriod] (root,0,0,0.0) [md/0] (root,0,0,0.0) [md/1] (root,0,0,0.0) [md_misc/0] (root,0,0,0.0) [md_misc/1] (root,0,0,0.0) [linkwatch] (root,0,0,0.0) [khungtaskd] (root,0,0,0.0) [kswapd0] (root,0,0,0.0) [ksmd] (root,0,0,0.0) [khugepaged] (root,0,0,0.0) [aio/0] (root,0,0,0.0) [aio/1] (root,0,0,0.0) [crypto/0] (root,0,0,0.0) [crypto/1] (root,0,0,0.0) [kthrotld/0] (root,0,0,0.0) [kthrotld/1] (root,0,0,0.0) [pciehpd] (root,0,0,0.0) [kpsmoused] (root,0,0,0.0) [usbhid_resumer] (root,0,0,0.0) [deferwq] (root,0,0,0.0) [kdmremove] (root,0,0,0.0) [kstriped] (root,0,0,0.0) [scsi_eh_0] (root,0,0,0.0) [scsi_eh_1] (root,0,0,0.0) [scsi_eh_2] (root,0,0,0.0) [vmw_pvscsi_wq_2] (root,0,0,0.0) [kdmflush] (root,0,0,0.0) [kdmflush] (root,0,0,0.0) [jbd2/dm-0-8] (root,0,0,0.0) [ext4-dio-unwrit] (root,10900,272,0.0) /sbin/udevd -d (root,0,0,0.0) [vmmemctl] (root,0,0,0.0) [jbd2/sda1-8] (root,0,0,0.0) [ext4-dio-unwrit] (root,0,0,0.0) [kauditd] (root,0,0,0.0) [flush-253:0] (root,37200,420,0.0) /usr/local/sbin/keepalived -D (root,39304,1360,0.0) /usr/local/sbin/keepalived -D (root,39304,784,0.0) /usr/local/sbin/keepalived -D (root,93156,732,0.0) auditd (root,249856,5576,0.0) /sbin/rsyslogd -i /var/run/syslogd.pid -c 5 (rpc,19108,964,0.0) rpcbind (root,200180,1896,0.0) /usr/sbin/snmpd -LS0-6d -Lf /dev/null -p /var/run/snmpd.pid (root,66224,616,0.0) /usr/sbin/sshd (root,21716,744,0.0) xinetd -stayalive -pidfile /var/run/xinetd.pid (root,71216,1676,0.0) /usr/sbin/saslauthd -m /var/run/saslauthd -a pam (root,71216,1664,0.0) /usr/sbin/saslauthd -m /var/run/saslauthd -a pam (root,71216,1664,0.0) /usr/sbin/saslauthd -m /var/run/saslauthd -a pam (root,71216,1664,0.0) /usr/sbin/saslauthd -m /var/run/saslauthd -a pam (root,71216,1664,0.0) /usr/sbin/saslauthd -m /var/run/saslauthd -a pam (nagios,41464,744,0.0) nrpe -c /etc/nagios/nrpe.cfg -d (root,376420,12780,0.0) /usr/bin/vmtoolsd (root,31840,348,0.0) /usr/sbin/htcacheclean -d5 -n -i -p/var/cache/mod_proxy -l150M (root,116856,676,0.0) crond (root,214584,59936,0.1) splunkd -p 8089 start (root,62884,824,0.0) [splunkd pid=2622] splunkd -p 8089 start [process-runner] (root,198272,1040,0.0) /usr/bin/python -Es /usr/bin/fail2ban-server -s /var/run/fail2ban/fail2ban.sock -p /var/run/fail2ban/fail2ban.pid -x -b (5008,213592,13824,0.0) /usr/bin/perl /usr/sbin/cbpolicyd (root,251276,14796,0.1) /usr/bin/monitorix -c /etc/monitorix/monitorix.conf -p /var/run/monitorix.pid (root,4064,484,0.0) /sbin/mingetty /dev/tty1 (root,4064,484,0.0) /sbin/mingetty /dev/tty2 (root,4064,484,0.0) /sbin/mingetty /dev/tty3 (root,4064,484,0.0) /sbin/mingetty /dev/tty4 (root,4064,484,0.0) /sbin/mingetty /dev/tty5 (root,4064,484,0.0) /sbin/mingetty /dev/tty6 (nobody,217028,2104,0.0) monitorix-httpd listening on 8080 (root,10896,216,0.0) /sbin/udevd -d (root,10896,188,0.0) /sbin/udevd -d (apache,461052,34240,0.2) /usr/sbin/httpd (5008,213588,13828,0.0) /usr/bin/perl /usr/sbin/cbpolicyd (apache,464024,37364,0.3) /usr/sbin/httpd (opendkim,2132772,8152,0.1) /usr/sbin/opendkim -x /etc/opendkim.conf -P /var/run/opendkim/opendkim.pid (apache,469744,43140,0.4) /usr/sbin/httpd (root,108168,816,0.0) /bin/sh /usr/bin/mysqld_safe --datadir=/var/lib/mysql --socket=/var/lib/mysql/mysql.sock --pid-file=/var/run/mysqld/mysqld.pid --basedir=/usr --user=mysql (mysql,4554580,2332436,1.2) /usr/libexec/mysqld --basedir=/usr --datadir=/var/lib/mysql --user=mysql --log-error=/var/log/mysqld.log --pid-file=/var/run/mysqld/mysqld.pid --socket=/var/lib/mysql/mysql.sock (apache,471456,42644,0.4) /usr/sbin/httpd (5008,213448,13780,0.0) /usr/bin/perl /usr/sbin/cbpolicyd (postfix,80956,3376,0.0) showq -t unix -u (5008,213452,13704,0.0) /usr/bin/perl /usr/sbin/cbpolicyd (root,348188,20508,0.0) /usr/sbin/httpd (5008,182364,9260,0.0) /usr/bin/perl /usr/sbin/cbpolicyd (postfix,81176,3660,0.0) cleanup -z -t unix -u (apache,465040,36396,0.2) /usr/sbin/httpd (postfix,97168,6720,0.0) smtpd -n 465 -t inet -u -o stress= -o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions=permit_sasl_authenticated,reject (root,81000,3400,0.0) /usr/libexec/postfix/master (postfix,83016,5472,0.0) qmgr -l -t fifo -u (postfix,82044,4960,0.0) tlsmgr -l -t unix -u (postfix,81668,3724,0.0) anvil -l -t unix -u (postfix,81176,3660,0.0) cleanup -z -t unix -u (postfix,97240,6732,0.0) smtpd -n 465 -t inet -u -o stress= -o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions=permit_sasl_authenticated,reject (postfix,97232,6688,0.0) smtpd -n 465 -t inet -u -o stress= -o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions=permit_sasl_authenticated,reject (postfix,80952,3328,0.0) pickup -l -t fifo -u (5008,213452,13784,0.0) /usr/bin/perl /usr/sbin/cbpolicyd (postfix,97208,6612,0.0) smtpd -n smtp -t inet -u -o stress= -o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions=permit_sasl_authenticated,reject (postfix,80960,3396,0.0) trivial-rewrite -n rewrite -t unix -u (postfix,80940,3320,0.0) spawn -z -n 127.0.0.1:2527 -t inet user=nobody argv=/etc/postfix/random.pl (nobody,35692,4624,0.0) /usr/bin/perl -w /etc/postfix/random.pl (postfix,81440,4900,0.0) smtp -n rotate1 -t unix -u -o syslog_name=postfix-rotate1 -o smtp_helo_name=smtp110.ext.armada.it -o smtp_bind_address=5.134.127.225 (postfix,81440,4896,0.0) smtp -n rotate2 -t unix -u -o syslog_name=postfix-rotate2 -o smtp_helo_name=smtp111.ext.armada.it -o smtp_bind_address=5.134.127.226 (postfix,81440,4892,0.0) smtp -n rotate4 -t unix -u -o syslog_name=postfix-rotate4 -o smtp_helo_name=smtp113.ext.armada.it -o smtp_bind_address=5.134.127.228 (postfix,97208,6632,0.0) smtpd -n smtp -t inet -u -o stress= -o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions=permit_sasl_authenticated,reject (postfix,81440,4880,0.0) smtp -n rotate1 -t unix -u -o syslog_name=postfix-rotate1 -o smtp_helo_name=smtp110.ext.armada.it -o smtp_bind_address=5.134.127.225 (postfix,81440,4892,0.0) smtp -n rotate3 -t unix -u -o syslog_name=postfix-rotate3 -o smtp_helo_name=smtp112.ext.armada.it -o smtp_bind_address=5.134.127.227 (postfix,81444,4884,0.0) smtp -n rotate5 -t unix -u -o syslog_name=postfix-rotate5 -o smtp_helo_name=smtp114.ext.armada.it -o smtp_bind_address=5.134.127.229 (root,110232,1572,0.1) /bin/bash /usr/bin/check_mk_agent (root,110232,736,0.0) /bin/bash /usr/bin/check_mk_agent (root,110232,652,0.0) /bin/bash /usr/bin/check_mk_agent (root,830728,11084,1.4) python /usr/lib64/nagios/plugins/check_blacklist -w 1 -c 3 -h 5.134.127.110 (root,110232,1536,0.0) /bin/bash /usr/bin/check_mk_agent (root,13372,1012,0.0) ps ax -o user,vsz,rss,pcpu,command --columns 10000 (root,8392,828,0.0) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4) / (root,0,0,0.0) [migration/3] (root,0,0,0.0) [stopper/3] (root,0,0,0.0) [ksoftirqd/3] (root,0,0,0.0) [kthrotld/3] (root,0,0,0.0) [crypto/3] (root,0,0,0.0) [aio/3] (root,0,0,0.0) [md_misc/3] (root,0,0,0.0) [md/3] (root,0,0,0.0) [ata_sff/3] (root,0,0,0.0) [kblockd/3] (root,0,0,0.0) [kintegrityd/3] (root,0,0,0.0) [events_power_ef] (root,0,0,0.0) [events_long/3] (root,0,0,0.0) [events/3] (root,0,0,0.0) [events/3] (root,0,0,0.0) [watchdog/3] (root,0,0,0.0) [migration/2] (root,0,0,0.0) [stopper/2] (root,0,0,0.0) [ksoftirqd/2] (root,0,0,0.0) [kthrotld/2] (root,0,0,0.0) [crypto/2] (root,0,0,0.0) [aio/2] (root,0,0,0.0) [md_misc/2] (root,0,0,0.0) [md/2] (root,0,0,0.0) [ata_sff/2] (root,0,0,0.0) [kblockd/2] (root,0,0,0.0) [kintegrityd/2] (root,0,0,0.0) [events_power_ef] (root,0,0,0.0) [events_long/2] (root,0,0,0.0) [events/2] (root,0,0,0.0) [events/2] (root,0,0,0.0) [watchdog/2] (5008,213448,13760,0.0) /usr/bin/perl /usr/sbin/cbpolicyd
Found on 2022-09-06 15:10 -
Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbd51b336f6083b8906ad374733d13f17a2397ab82Found public CheckMk agent: Version: 1.2.4p1 AgentOS: linux PluginsDirectory: /usr/lib/check_mk_agent/plugins LocalDirectory: /usr/lib/check_mk_agent/local SpoolDirectory: /etc/check_mk/spool AgentDirectory: /etc/check_mk OnlyFrom: Found process list through CheckMk: (root,19232,1012,0.0) /sbin/init (root,0,0,0.0) [kthreadd] (root,0,0,0.0) [migration/0] (root,0,0,0.0) [ksoftirqd/0] (root,0,0,0.0) [stopper/0] (root,0,0,0.0) [watchdog/0] (root,0,0,0.0) [migration/1] (root,0,0,0.0) [stopper/1] (root,0,0,0.0) [ksoftirqd/1] (root,0,0,0.0) [watchdog/1] (root,0,0,0.0) [events/0] (root,0,0,0.0) [events/1] (root,0,0,0.0) [events/0] (root,0,0,0.0) [events/1] (root,0,0,0.0) [events_long/0] (root,0,0,0.0) [events_long/1] (root,0,0,0.0) [events_power_ef] (root,0,0,0.0) [events_power_ef] (root,0,0,0.0) [cgroup] (root,0,0,0.0) [khelper] (root,0,0,0.0) [netns] (root,0,0,0.0) [async/mgr] (root,0,0,0.0) [pm] (root,0,0,0.0) [sync_supers] (root,0,0,0.0) [bdi-default] (root,0,0,0.0) [kintegrityd/0] (root,0,0,0.0) [kintegrityd/1] (root,0,0,0.0) [kblockd/0] (root,0,0,0.0) [kblockd/1] (root,0,0,0.0) [kacpid] (root,0,0,0.0) [kacpi_notify] (root,0,0,0.0) [kacpi_hotplug] (root,0,0,0.0) [ata_aux] (root,0,0,0.0) [ata_sff/0] (root,0,0,0.0) [ata_sff/1] (root,0,0,0.0) [ksuspend_usbd] (root,0,0,0.0) [khubd] (root,0,0,0.0) [kseriod] (root,0,0,0.0) [md/0] (root,0,0,0.0) [md/1] (root,0,0,0.0) [md_misc/0] (root,0,0,0.0) [md_misc/1] (root,0,0,0.0) [linkwatch] (root,0,0,0.0) [khungtaskd] (root,0,0,0.0) [kswapd0] (root,0,0,0.0) [ksmd] (root,0,0,0.0) [khugepaged] (root,0,0,0.0) [aio/0] (root,0,0,0.0) [aio/1] (root,0,0,0.0) [crypto/0] (root,0,0,0.0) [crypto/1] (root,0,0,0.0) [kthrotld/0] (root,0,0,0.0) [kthrotld/1] (root,0,0,0.0) [pciehpd] (root,0,0,0.0) [kpsmoused] (root,0,0,0.0) [usbhid_resumer] (root,0,0,0.0) [deferwq] (root,0,0,0.0) [kdmremove] (root,0,0,0.0) [kstriped] (root,0,0,0.0) [scsi_eh_0] (root,0,0,0.0) [scsi_eh_1] (root,0,0,0.0) [scsi_eh_2] (root,0,0,0.0) [vmw_pvscsi_wq_2] (root,0,0,0.0) [kdmflush] (root,0,0,0.0) [kdmflush] (root,0,0,0.0) [jbd2/dm-0-8] (root,0,0,0.0) [ext4-dio-unwrit] (root,10900,420,0.0) /sbin/udevd -d (root,0,0,0.0) [vmmemctl] (root,0,0,0.0) [jbd2/sda1-8] (root,0,0,0.0) [ext4-dio-unwrit] (root,0,0,0.0) [kauditd] (root,0,0,0.0) [flush-253:0] (root,37200,420,0.0) /usr/local/sbin/keepalived -D (root,39304,1360,0.0) /usr/local/sbin/keepalived -D (root,39304,784,0.0) /usr/local/sbin/keepalived -D (apache,465776,43956,0.4) /usr/sbin/httpd (root,93156,732,0.0) auditd (root,249856,5528,0.0) /sbin/rsyslogd -i /var/run/syslogd.pid -c 5 (rpc,19108,888,0.0) rpcbind (root,200180,1888,0.0) /usr/sbin/snmpd -LS0-6d -Lf /dev/null -p /var/run/snmpd.pid (root,66224,616,0.0) /usr/sbin/sshd (root,21716,744,0.0) xinetd -stayalive -pidfile /var/run/xinetd.pid (apache,462248,40428,0.3) /usr/sbin/httpd (root,71216,1676,0.0) /usr/sbin/saslauthd -m /var/run/saslauthd -a pam (root,71216,1664,0.0) /usr/sbin/saslauthd -m /var/run/saslauthd -a pam (root,71216,1664,0.0) /usr/sbin/saslauthd -m /var/run/saslauthd -a pam (root,71216,1664,0.0) /usr/sbin/saslauthd -m /var/run/saslauthd -a pam (root,71216,1664,0.0) /usr/sbin/saslauthd -m /var/run/saslauthd -a pam (nagios,41464,744,0.0) nrpe -c /etc/nagios/nrpe.cfg -d (root,360416,9076,0.0) /usr/bin/vmtoolsd (root,31840,348,0.0) /usr/sbin/htcacheclean -d5 -n -i -p/var/cache/mod_proxy -l150M (root,116856,676,0.0) crond (root,214584,58104,0.1) splunkd -p 8089 start (root,62884,824,0.0) [splunkd pid=2622] splunkd -p 8089 start [process-runner] (root,198272,1040,0.0) /usr/bin/python -Es /usr/bin/fail2ban-server -s /var/run/fail2ban/fail2ban.sock -p /var/run/fail2ban/fail2ban.pid -x -b (root,251276,14720,0.1) /usr/bin/monitorix -c /etc/monitorix/monitorix.conf -p /var/run/monitorix.pid (root,4064,484,0.0) /sbin/mingetty /dev/tty1 (root,4064,484,0.0) /sbin/mingetty /dev/tty2 (root,4064,484,0.0) /sbin/mingetty /dev/tty3 (root,4064,484,0.0) /sbin/mingetty /dev/tty4 (root,4064,484,0.0) /sbin/mingetty /dev/tty5 (root,4064,484,0.0) /sbin/mingetty /dev/tty6 (nobody,217028,2104,0.0) monitorix-httpd listening on 8080 (root,10896,408,0.0) /sbin/udevd -d (root,10896,380,0.0) /sbin/udevd -d (root,108168,816,0.0) /bin/sh /usr/bin/mysqld_safe --datadir=/var/lib/mysql --socket=/var/lib/mysql/mysql.sock --pid-file=/var/run/mysqld/mysqld.pid --basedir=/usr --user=mysql (mysql,4554320,2339668,1.2) /usr/libexec/mysqld --basedir=/usr --datadir=/var/lib/mysql --user=mysql --log-error=/var/log/mysqld.log --pid-file=/var/run/mysqld/mysqld.pid --socket=/var/lib/mysql/mysql.sock (postfix,80952,3384,0.0) pickup -l -t fifo -u (root,80996,2588,0.0) /usr/libexec/postfix/master (postfix,83052,4124,0.0) qmgr -l -t fifo -u (postfix,82044,3948,0.0) tlsmgr -l -t unix -u (postfix,81052,2648,0.0) anvil -l -t unix -u (5008,213448,13592,0.0) /usr/bin/perl /usr/sbin/cbpolicyd (5008,213596,13720,0.0) /usr/bin/perl /usr/sbin/cbpolicyd (postfix,97216,6676,0.0) smtpd -n smtp -t inet -u -o stress= -o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions=permit_sasl_authenticated,reject (postfix,80956,3380,0.0) showq -t unix -u (5008,213580,13724,0.0) /usr/bin/perl /usr/sbin/cbpolicyd (postfix,97184,6664,0.0) smtpd -n smtp -t inet -u -o stress= -o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions=permit_sasl_authenticated,reject (5008,213324,12300,0.0) /usr/bin/perl /usr/sbin/cbpolicyd (postfix,97232,6652,0.0) smtpd -n 465 -t inet -u -o stress= -o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions=permit_sasl_authenticated,reject (5008,213452,13532,0.0) /usr/bin/perl /usr/sbin/cbpolicyd (root,340348,17560,0.0) /usr/sbin/httpd (5008,182364,8976,0.0) /usr/bin/perl /usr/sbin/cbpolicyd (postfix,81176,3652,0.0) cleanup -z -t unix -u (postfix,80940,3320,0.0) spawn -z -n 127.0.0.1:2527 -t inet user=nobody argv=/etc/postfix/random.pl (postfix,81440,4868,0.0) smtp -n rotate5 -t unix -u -o syslog_name=postfix-rotate5 -o smtp_helo_name=smtp114.ext.armada.it -o smtp_bind_address=5.134.127.229 (postfix,81440,4864,0.0) smtp -n rotate1 -t unix -u -o syslog_name=postfix-rotate1 -o smtp_helo_name=smtp110.ext.armada.it -o smtp_bind_address=5.134.127.225 (postfix,97204,6624,0.0) smtpd -n submission -t inet -u -o stress= -o smtpd_tls_security_level=encrypt -o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions=permit_sasl_authenticated,reject (5008,213324,11880,0.0) /usr/bin/perl /usr/sbin/cbpolicyd (root,67568,3164,0.0) sshd: [accepted] (sshd,67568,1404,0.0) sshd: [net] (root,110232,1568,0.0) /bin/bash /usr/bin/check_mk_agent (root,110232,732,0.0) /bin/bash /usr/bin/check_mk_agent (root,110232,648,0.0) /bin/bash /usr/bin/check_mk_agent (root,830732,7036,0.8) python /usr/lib64/nagios/plugins/check_blacklist -w 1 -c 3 -h 5.134.127.110 (root,98636,3772,0.0) sshd: unknown [priv] (sshd,67568,1752,0.0) sshd: unknown [net] (root,67568,3204,0.0) sshd: [accepted] (sshd,67568,1536,0.0) sshd: [net] (root,110232,1532,0.0) /bin/bash /usr/bin/check_mk_agent (root,13368,1008,0.0) ps ax -o user,vsz,rss,pcpu,command --columns 10000 (root,8392,828,0.0) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4) / (5008,214040,14172,0.0) /usr/bin/perl /usr/sbin/cbpolicyd (opendkim,2132756,5000,0.2) /usr/sbin/opendkim -x /etc/opendkim.conf -P /var/run/opendkim/opendkim.pid (apache,461860,40144,0.3) /usr/sbin/httpd (root,0,0,0.0) [migration/3] (root,0,0,0.0) [stopper/3] (root,0,0,0.0) [ksoftirqd/3] (root,0,0,0.0) [kthrotld/3] (root,0,0,0.0) [crypto/3] (root,0,0,0.0) [aio/3] (root,0,0,0.0) [md_misc/3] (root,0,0,0.0) [md/3] (root,0,0,0.0) [ata_sff/3] (root,0,0,0.0) [kblockd/3] (root,0,0,0.0) [kintegrityd/3] (root,0,0,0.0) [events_power_ef] (root,0,0,0.0) [events_long/3] (root,0,0,0.0) [events/3] (root,0,0,0.0) [events/3] (root,0,0,0.0) [watchdog/3] (root,0,0,0.0) [migration/2] (root,0,0,0.0) [stopper/2] (root,0,0,0.0) [ksoftirqd/2] (root,0,0,0.0) [kthrotld/2] (root,0,0,0.0) [crypto/2] (root,0,0,0.0) [aio/2] (root,0,0,0.0) [md_misc/2] (root,0,0,0.0) [md/2] (root,0,0,0.0) [ata_sff/2] (root,0,0,0.0) [kblockd/2] (root,0,0,0.0) [kintegrityd/2] (root,0,0,0.0) [events_power_ef] (root,0,0,0.0) [events_long/2] (root,0,0,0.0) [events/2] (root,0,0,0.0) [events/2] (root,0,0,0.0) [watchdog/2] (apache,463028,41260,0.3) /usr/sbin/httpd (apache,465440,43680,0.4) /usr/sbin/httpd
Found on 2022-06-17 22:48
-
Leak detected by ApacheStatusHttpPlugin
No description available
First seen 2021-06-25 01:01
Last seen 2022-11-09 06:20
Open for 502 days-
Severity: medium
Fingerprint: c72c1c3018e67f2f18e67f2f9d6971f19d6971f17dac9f717dac9f712e6b9466Apache Status Apache Server Status for 5.134.127.229 Server Version: Apache/2.2.15 (Unix) DAV/2 PHP/5.3.3 Server Built: Oct 16 2014 14:48:21 Current Time: Wednesday, 09-Nov-2022 07:20:56 CET Restart Time: Wednesday, 09-Nov-2022 03:38:01 CET Parent Server Generation: 369 Server uptime: 3 hours 42 minutes 55 seconds Total accesses: 701 - Total Traffic: 1.8 MB CPU Usage: u245.88 s8.83 cu0 cs0 - 1.9% CPU load .0524 requests/sec - 139 B/second - 2665 B/request 1 requests currently being processed, 3 idle workers ___W............................................................ ................................................................ ................................................................ ................................................................ Scoreboard Key: "_" Waiting for Connection, "S" Starting up, "R" Reading Request, "W" Sending Reply, "K" Keepalive (read), "D" DNS Lookup, "C" Closing connection, "L" Logging, "G" Gracefully finishing, "I" Idle cleanup of worker, "." Open slot with no current process SrvPIDAccMCPU SSReqConnChildSlotClientVHostRequest 0-369268190/231/231_ 97.090350.00.660.66 161.35.86.181smtp110.ext.armada.itGET /debug/default/view?panel=config HTTP/1.1 1-369268200/238/238_ 81.540210.00.600.60 161.35.86.181smtp110.ext.armada.itGET /v2/_catalog HTTP/1.1 2-369325720/171/171_ 52.630220.00.410.41 161.35.86.181smtp110.ext.armada.itGET /login.action HTTP/1.1 3-369180700/61/61W 23.45000.00.120.12 161.35.86.181smtp110.ext.armada.itGET /server-status HTTP/1.1 SrvChild Server number - generation PIDOS process ID AccNumber of accesses this connection / this child / this slot MMode of operation CPUCPU usage, number of seconds SSSeconds since beginning of most recent request ReqMilliseconds required to process most recent request ConnKilobytes transferred this connection ChildMegabytes transferred this child SlotTotal megabytes transferred this slot
Found on 2022-11-09 06:20 -
Severity: medium
Fingerprint: c72c1c3018e67f2f18e67f2f9d6971f19d6971f17dac9f717dac9f71d29e571dApache Status Apache Server Status for 5.134.127.229 Server Version: Apache/2.2.15 (Unix) DAV/2 PHP/5.3.3 Server Built: Oct 16 2014 14:48:21 Current Time: Friday, 05-Aug-2022 09:35:01 CEST Restart Time: Friday, 05-Aug-2022 03:33:02 CEST Parent Server Generation: 273 Server uptime: 6 hours 1 minute 59 seconds Total accesses: 1172 - Total Traffic: 3.0 MB CPU Usage: u431.13 s16.61 cu0 cs0 - 2.06% CPU load .054 requests/sec - 145 B/second - 2698 B/request 3 requests currently being processed, 2 idle workers _W.C._W......................................................... ................................................................ ................................................................ ................................................................ Scoreboard Key: "_" Waiting for Connection, "S" Starting up, "R" Reading Request, "W" Sending Reply, "K" Keepalive (read), "D" DNS Lookup, "C" Closing connection, "L" Logging, "G" Gracefully finishing, "I" Idle cleanup of worker, "." Open slot with no current process SrvPIDAccMCPU SSReqConnChildSlotClientVHostRequest 0-273124640/304/304_ 124.200220.00.830.83 161.35.86.181smtp110.ext.armada.itGET /debug/default/view?panel=config HTTP/1.1 1-273124650/284/284W 98.67000.00.810.81 127.0.0.1smtp110.ext.armada.itGET /parser/ HTTP/1.1 2-273-0/0/9. 0.161761200.00.000.00 ::1smtp110.ext.armada.itOPTIONS * HTTP/1.0 3-273266551/198/198C 67.650210.00.450.45 161.35.86.181smtp110.ext.armada.itGET /v2/_catalog HTTP/1.1 4-273-0/0/3. 0.041761100.00.000.00 ::1smtp110.ext.armada.itOPTIONS * HTTP/1.0 5-273266600/196/196_ 85.040220.00.450.45 161.35.86.181smtp110.ext.armada.itGET /idx_config/ HTTP/1.1 6-273266610/176/176W 71.98000.00.470.47 161.35.86.181smtp110.ext.armada.itGET /server-status HTTP/1.1 7-273-0/0/1. 0.001761400.00.000.00 ::1smtp110.ext.armada.itOPTIONS * HTTP/1.0 8-273-0/0/1. 0.001761300.00.000.00 ::1smtp110.ext.armada.itOPTIONS * HTTP/1.0 SrvChild Server number - generation PIDOS process ID AccNumber of accesses this connection / this child / this slot MMode of operation CPUCPU usage, number of seconds SSSeconds since beginning of most recent request ReqMilliseconds required to process most recent request ConnKilobytes transferred this connection ChildMegabytes transferred this child SlotTotal megabytes transferred this slot
Found on 2022-08-05 07:34 -
Severity: medium
Fingerprint: c72c1c3018e67f2f18e67f2f9d6971f19d6971f17dac9f717dac9f7168939cebApache Status Apache Server Status for 5.134.127.229 Server Version: Apache/2.2.15 (Unix) DAV/2 PHP/5.3.3 Server Built: Oct 16 2014 14:48:21 Current Time: Thursday, 04-Aug-2022 04:03:44 CEST Restart Time: Thursday, 04-Aug-2022 03:50:02 CEST Parent Server Generation: 272 Server uptime: 13 minutes 42 seconds Total accesses: 43 - Total Traffic: 121 kB CPU Usage: u8.72 s.35 cu0 cs0 - 1.1% CPU load .0523 requests/sec - 150 B/second - 2881 B/request 1 requests currently being processed, 1 idle workers W_.............................................................. ................................................................ ................................................................ ................................................................ Scoreboard Key: "_" Waiting for Connection, "S" Starting up, "R" Reading Request, "W" Sending Reply, "K" Keepalive (read), "D" DNS Lookup, "C" Closing connection, "L" Logging, "G" Gracefully finishing, "I" Idle cleanup of worker, "." Open slot with no current process SrvPIDAccMCPU SSReqConnChildSlotClientVHostRequest 0-272271000/22/22W 4.40000.00.070.07 161.35.188.242smtp110.ext.armada.itGET /server-status HTTP/1.1 1-272271010/21/21_ 4.670280.00.040.04 161.35.188.242smtp110.ext.armada.itGET / HTTP/1.1 SrvChild Server number - generation PIDOS process ID AccNumber of accesses this connection / this child / this slot MMode of operation CPUCPU usage, number of seconds SSSeconds since beginning of most recent request ReqMilliseconds required to process most recent request ConnKilobytes transferred this connection ChildMegabytes transferred this child SlotTotal megabytes transferred this slot
Found on 2022-08-04 02:03 -
Severity: medium
Fingerprint: c72c1c3018e67f2f18e67f2f9d6971f19d6971f17dac9f717dac9f71128c3a91Apache Status Apache Server Status for 5.134.127.229 Server Version: Apache/2.2.15 (Unix) DAV/2 PHP/5.3.3 Server Built: Oct 16 2014 14:48:21 Current Time: Friday, 08-Jul-2022 05:52:56 CEST Restart Time: Friday, 08-Jul-2022 03:45:05 CEST Parent Server Generation: 245 Server uptime: 2 hours 7 minutes 50 seconds Total accesses: 396 - Total Traffic: 1.4 MB CPU Usage: u102.38 s4.06 cu0 cs0 - 1.39% CPU load .0516 requests/sec - 194 B/second - 3772 B/request 1 requests currently being processed, 4 idle workers .W____.......................................................... ................................................................ ................................................................ ................................................................ Scoreboard Key: "_" Waiting for Connection, "S" Starting up, "R" Reading Request, "W" Sending Reply, "K" Keepalive (read), "D" DNS Lookup, "C" Closing connection, "L" Logging, "G" Gracefully finishing, "I" Idle cleanup of worker, "." Open slot with no current process SrvPIDAccMCPU SSReqConnChildSlotClientVHostRequest 0-245-0/0/94. 17.72361500.00.000.27 ::1smtp110.ext.armada.itOPTIONS * HTTP/1.0 1-245218650/132/132W 43.90000.00.500.50 134.122.112.12smtp110.ext.armada.itGET /server-status HTTP/1.1 2-2459080/43/43_ 18.660160.00.130.13 134.122.112.12smtp110.ext.armada.itGET /debug/default/view?panel=config HTTP/1.1 3-24510500/38/42_ 9.790260.00.100.12 134.122.112.12smtp110.ext.armada.itGET / HTTP/1.1 4-2459120/43/43_ 7.850170.00.180.18 134.122.112.12smtp110.ext.armada.itGET /api/search?folderIds=0 HTTP/1.1 5-2459140/42/42_ 8.520170.00.230.23 134.122.112.12smtp110.ext.armada.itGET /v2/_catalog HTTP/1.1 SrvChild Server number - generation PIDOS process ID AccNumber of accesses this connection / this child / this slot MMode of operation CPUCPU usage, number of seconds SSSeconds since beginning of most recent request ReqMilliseconds required to process most recent request ConnKilobytes transferred this connection ChildMegabytes transferred this child SlotTotal megabytes transferred this slot
Found on 2022-07-08 03:52 -
Severity: medium
Fingerprint: c72c1c3018e67f2f18e67f2f9d6971f19d6971f17dac9f717dac9f714b9d1c85Apache Status Apache Server Status for 5.134.127.229 Server Version: Apache/2.2.15 (Unix) DAV/2 PHP/5.3.3 Server Built: Oct 16 2014 14:48:21 Current Time: Monday, 13-Jun-2022 07:27:24 CEST Restart Time: Monday, 13-Jun-2022 03:46:01 CEST Parent Server Generation: 220 Server uptime: 3 hours 41 minutes 22 seconds Total accesses: 790 - Total Traffic: 2.4 MB CPU Usage: u192.39 s8.5 cu0 cs0 - 1.51% CPU load .0595 requests/sec - 188 B/second - 3175 B/request 1 requests currently being processed, 4 idle workers W____........................................................... ................................................................ ................................................................ ................................................................ Scoreboard Key: "_" Waiting for Connection, "S" Starting up, "R" Reading Request, "W" Sending Reply, "K" Keepalive (read), "D" DNS Lookup, "C" Closing connection, "L" Logging, "G" Gracefully finishing, "I" Idle cleanup of worker, "." Open slot with no current process SrvPIDAccMCPU SSReqConnChildSlotClientVHostRequest 0-220165280/226/226W 65.51000.00.620.62 161.35.188.242smtp110.ext.armada.itGET /server-status HTTP/1.1 1-220165290/218/218_ 39.67000.00.690.69 161.35.188.242smtp110.ext.armada.itGET /cgi-bin/.%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e 2-220285230/115/115_ 38.99000.00.470.47 161.35.188.242smtp110.ext.armada.itGET /cgi-bin/.%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e 3-220285240/114/114_ 35.850230.00.350.35 161.35.188.242smtp110.ext.armada.itGET /.DS_Store HTTP/1.1 4-220285250/117/117_ 20.870150.00.270.27 161.35.188.242smtp110.ext.armada.itCONNECT leakix.net:443 HTTP/1.1 SrvChild Server number - generation PIDOS process ID AccNumber of accesses this connection / this child / this slot MMode of operation CPUCPU usage, number of seconds SSSeconds since beginning of most recent request ReqMilliseconds required to process most recent request ConnKilobytes transferred this connection ChildMegabytes transferred this child SlotTotal megabytes transferred this slot
Found on 2022-06-13 05:27 -
Severity: medium
Fingerprint: c72c1c3018e67f2f18e67f2f9d6971f19d6971f17dac9f717dac9f713e6c7e19Apache Status Apache Server Status for 5.134.127.229 Server Version: Apache/2.2.15 (Unix) DAV/2 PHP/5.3.3 Server Built: Oct 16 2014 14:48:21 Current Time: Thursday, 26-May-2022 06:02:29 CEST Restart Time: Thursday, 26-May-2022 03:46:01 CEST Parent Server Generation: 202 Server uptime: 2 hours 16 minutes 27 seconds Total accesses: 439 - Total Traffic: 1.5 MB CPU Usage: u91.91 s3.37 cu0 cs0 - 1.16% CPU load .0536 requests/sec - 192 B/second - 3585 B/request 1 requests currently being processed, 4 idle workers W.____.......................................................... ................................................................ ................................................................ ................................................................ Scoreboard Key: "_" Waiting for Connection, "S" Starting up, "R" Reading Request, "W" Sending Reply, "K" Keepalive (read), "D" DNS Lookup, "C" Closing connection, "L" Logging, "G" Gracefully finishing, "I" Idle cleanup of worker, "." Open slot with no current process SrvPIDAccMCPU SSReqConnChildSlotClientVHostRequest 0-202266050/118/118W 43.97000.00.360.36 161.35.86.181smtp110.ext.armada.itGET /server-status HTTP/1.1 1-202-0/0/104. 3.0690500.00.000.35 ::1smtp110.ext.armada.itOPTIONS * HTTP/1.0 2-202298250/96/96_ 33.930190.00.250.25 161.35.86.181smtp110.ext.armada.itGET /v2/_catalog HTTP/1.1 3-202150570/36/36_ 7.280250.00.200.20 161.35.86.181smtp110.ext.armada.itGET /.json HTTP/1.1 4-202150620/39/39_ 6.64000.00.240.24 161.35.86.181smtp110.ext.armada.itGET /favicon.ico HTTP/1.1 5-202196500/14/32_ 0.400140.00.010.07 161.35.86.181smtp110.ext.armada.itGET /idx_config/ HTTP/1.1 6-202-0/0/7. 0.0090600.00.000.02 ::1smtp110.ext.armada.itOPTIONS * HTTP/1.0 7-202-0/0/7. 0.0090700.00.000.03 ::1smtp110.ext.armada.itOPTIONS * HTTP/1.0 SrvChild Server number - generation PIDOS process ID AccNumber of accesses this connection / this child / this slot MMode of operation CPUCPU usage, number of seconds SSSeconds since beginning of most recent request ReqMilliseconds required to process most recent request ConnKilobytes transferred this connection ChildMegabytes transferred this child SlotTotal megabytes transferred this slot
Found on 2022-05-26 04:02 -
Severity: medium
Fingerprint: c72c1c3018e67f2f18e67f2f9d6971f19d6971f17dac9f717dac9f711167d499Apache Status Apache Server Status for 5.134.127.229 Server Version: Apache/2.2.15 (Unix) DAV/2 PHP/5.3.3 Server Built: Oct 16 2014 14:48:21 Current Time: Sunday, 08-May-2022 12:23:06 CEST Restart Time: Sunday, 08-May-2022 03:19:01 CEST Parent Server Generation: 184 Server uptime: 9 hours 4 minutes 4 seconds Total accesses: 1559 - Total Traffic: 1.0 MB CPU Usage: u402.65 s14.26 cu0 cs0 - 1.28% CPU load .0478 requests/sec - 32 B/second - 675 B/request 1 requests currently being processed, 2 idle workers __W............................................................. ................................................................ ................................................................ ................................................................ Scoreboard Key: "_" Waiting for Connection, "S" Starting up, "R" Reading Request, "W" Sending Reply, "K" Keepalive (read), "D" DNS Lookup, "C" Closing connection, "L" Logging, "G" Gracefully finishing, "I" Idle cleanup of worker, "." Open slot with no current process SrvPIDAccMCPU SSReqConnChildSlotClientVHostRequest 0-18450190/552/552_ 120.62000.00.410.41 134.122.112.12smtp110.ext.armada.itGET /cgi-bin/.%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e 1-18450200/555/555_ 164.680330.00.350.35 134.122.112.12smtp110.ext.armada.itGET /.DS_Store HTTP/1.1 2-184270780/452/452W 131.61000.00.240.24 134.122.112.12smtp110.ext.armada.itGET /server-status HTTP/1.1 SrvChild Server number - generation PIDOS process ID AccNumber of accesses this connection / this child / this slot MMode of operation CPUCPU usage, number of seconds SSSeconds since beginning of most recent request ReqMilliseconds required to process most recent request ConnKilobytes transferred this connection ChildMegabytes transferred this child SlotTotal megabytes transferred this slot
Found on 2022-05-08 10:23 -
Severity: medium
Fingerprint: c72c1c3018e67f2f18e67f2f9d6971f19d6971f17dac9f717dac9f71e2eef7c0Apache Status Apache Server Status for 5.134.127.229 Server Version: Apache/2.2.15 (Unix) DAV/2 PHP/5.3.3 Server Built: Oct 16 2014 14:48:21 Current Time: Friday, 15-Apr-2022 12:11:51 CEST Restart Time: Friday, 15-Apr-2022 03:18:01 CEST Parent Server Generation: 161 Server uptime: 8 hours 53 minutes 49 seconds Total accesses: 2584 - Total Traffic: 4.7 MB CPU Usage: u811.79 s32.13 cu0 cs0 - 2.63% CPU load .0807 requests/sec - 154 B/second - 1911 B/request 1 requests currently being processed, 4 idle workers .W___._......................................................... ................................................................ ................................................................ ................................................................ Scoreboard Key: "_" Waiting for Connection, "S" Starting up, "R" Reading Request, "W" Sending Reply, "K" Keepalive (read), "D" DNS Lookup, "C" Closing connection, "L" Logging, "G" Gracefully finishing, "I" Idle cleanup of worker, "." Open slot with no current process SrvPIDAccMCPU SSReqConnChildSlotClientVHostRequest 0-161-0/0/387. 135.391518600.00.001.22 ::1smtp110.ext.armada.itOPTIONS * HTTP/1.0 1-161120050/737/737W 269.51000.01.471.47 161.35.86.181smtp110.ext.armada.itGET /server-status HTTP/1.1 2-161220620/433/433_ 124.57000.00.680.68 161.35.86.181smtp110.ext.armada.itGET /favicon.ico HTTP/1.1 3-16179300/347/347_ 145.480310.00.350.35 161.35.86.181smtp110.ext.armada.itGET /.git/config HTTP/1.1 4-16179320/319/319_ 74.370260.00.520.52 161.35.86.181smtp110.ext.armada.itGET /debug/default/view?panel=config HTTP/1.1 5-161-0/0/5. 0.001518500.00.000.03 ::1smtp110.ext.armada.itOPTIONS * HTTP/1.0 6-16179380/349/349_ 94.600220.00.440.44 161.35.86.181smtp110.ext.armada.itGET /frontend_dev.php/$ HTTP/1.1 7-161-0/0/3. 0.001518400.00.000.01 ::1smtp110.ext.armada.itOPTIONS * HTTP/1.0 8-161-0/0/2. 0.001518800.00.000.00 ::1smtp110.ext.armada.itOPTIONS * HTTP/1.0 9-161-0/0/2. 0.001518700.00.000.00 ::1smtp110.ext.armada.itOPTIONS * HTTP/1.0 SrvChild Server number - generation PIDOS process ID AccNumber of accesses this connection / this child / this slot MMode of operation CPUCPU usage, number of seconds SSSeconds since beginning of most recent request ReqMilliseconds required to process most recent request ConnKilobytes transferred this connection ChildMegabytes transferred this child SlotTotal megabytes transferred this slot
Found on 2022-04-15 10:11 -
Severity: medium
Fingerprint: c72c1c3018e67f2f18e67f2f9d6971f19d6971f17dac9f717dac9f7105edcc6aApache Status Apache Server Status for 5.134.127.229 Server Version: Apache/2.2.15 (Unix) DAV/2 PHP/5.3.3 Server Built: Oct 16 2014 14:48:21 Current Time: Sunday, 30-Jan-2022 16:17:25 CET Restart Time: Sunday, 30-Jan-2022 03:33:01 CET Parent Server Generation: 86 Server uptime: 12 hours 44 minutes 23 seconds Total accesses: 2647 - Total Traffic: 8.1 MB CPU Usage: u519.26 s18.45 cu0 cs0 - 1.17% CPU load .0577 requests/sec - 184 B/second - 3198 B/request 1 requests currently being processed, 4 idle workers __._.._W........................................................ ................................................................ ................................................................ ................................................................ Scoreboard Key: "_" Waiting for Connection, "S" Starting up, "R" Reading Request, "W" Sending Reply, "K" Keepalive (read), "D" DNS Lookup, "C" Closing connection, "L" Logging, "G" Gracefully finishing, "I" Idle cleanup of worker, "." Open slot with no current process SrvPIDAccMCPU SSReqConnChildSlotClientVHostRequest 0-86190020/532/557_ 124.650150.01.411.58 143.198.136.88smtp110.ext.armada.itGET /s/lkx/_/;/META-INF/maven/com.atlassian.jira/jira-webapp-di 1-86125340/427/463_ 113.00000.01.121.38 143.198.136.88smtp110.ext.armada.itGET /cgi-bin/.%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e 2-86-0/0/517. 101.68191600.00.001.48 ::1smtp110.ext.armada.itOPTIONS * HTTP/1.0 3-86312350/22/117_ 6.331140.00.050.63 143.198.136.88smtp110.ext.armada.itCONNECT leakix.net:443 HTTP/1.1 4-86-0/0/94. 20.243875200.00.000.35 ::1smtp110.ext.armada.itOPTIONS * HTTP/1.0 5-86-0/0/110. 23.913875400.00.000.40 ::1smtp110.ext.armada.itOPTIONS * HTTP/1.0 6-86125470/404/404_ 63.070240.01.111.11 143.198.136.88smtp110.ext.armada.itGET /.DS_Store HTTP/1.1 7-86125480/385/385W 84.83000.01.151.15 143.198.136.88smtp110.ext.armada.itGET /server-status HTTP/1.1 SrvChild Server number - generation PIDOS process ID AccNumber of accesses this connection / this child / this slot MMode of operation CPUCPU usage, number of seconds SSSeconds since beginning of most recent request ReqMilliseconds required to process most recent request ConnKilobytes transferred this connection ChildMegabytes transferred this child SlotTotal megabytes transferred this slot
Found on 2022-01-30 14:57 -
Severity: medium
Fingerprint: c72c1c3018e67f2f18e67f2f9d6971f19d6971f17dac9f717dac9f71bb0af739Apache Status Apache Server Status for 5.134.127.229 Server Version: Apache/2.2.15 (Unix) DAV/2 PHP/5.3.3 Server Built: Oct 16 2014 14:48:21 Current Time: Sunday, 02-Jan-2022 10:22:41 CET Restart Time: Sunday, 02-Jan-2022 03:11:01 CET Parent Server Generation: 58 Server uptime: 7 hours 11 minutes 39 seconds Total accesses: 1255 - Total Traffic: 3.9 MB CPU Usage: u346.49 s12.39 cu0 cs0 - 1.39% CPU load .0485 requests/sec - 157 B/second - 3248 B/request 1 requests currently being processed, 4 idle workers ___W_........................................................... ................................................................ ................................................................ ................................................................ Scoreboard Key: "_" Waiting for Connection, "S" Starting up, "R" Reading Request, "W" Sending Reply, "K" Keepalive (read), "D" DNS Lookup, "C" Closing connection, "L" Logging, "G" Gracefully finishing, "I" Idle cleanup of worker, "." Open slot with no current process SrvPIDAccMCPU SSReqConnChildSlotClientVHostRequest 0-58266590/378/378_ 103.290160.00.940.94 161.35.86.181smtp110.ext.armada.itGET /idx_config/ HTTP/1.1 1-58266600/372/372_ 106.210160.01.281.28 161.35.86.181smtp110.ext.armada.itGET /debug/default/view?panel=config HTTP/1.1 2-58157520/172/172_ 47.840260.00.710.71 161.35.86.181smtp110.ext.armada.itGET /.json HTTP/1.1 3-58157600/167/167W 46.88000.00.540.54 161.35.86.181smtp110.ext.armada.itGET /server-status HTTP/1.1 4-58157610/166/166_ 54.660160.00.420.42 161.35.86.181smtp110.ext.armada.itGET /frontend_dev.php/$ HTTP/1.1 SrvChild Server number - generation PIDOS process ID AccNumber of accesses this connection / this child / this slot MMode of operation CPUCPU usage, number of seconds SSSeconds since beginning of most recent request ReqMilliseconds required to process most recent request ConnKilobytes transferred this connection ChildMegabytes transferred this child SlotTotal megabytes transferred this slot
Found on 2022-01-02 08:40 -
Severity: medium
Fingerprint: c72c1c3018e67f2f18e67f2f9d6971f19d6971f17dac9f717dac9f7140cf7145Apache Status Apache Server Status for 5.134.127.229 Server Version: Apache/2.2.15 (Unix) DAV/2 PHP/5.3.3 Server Built: Oct 16 2014 14:48:21 Current Time: Saturday, 23-Oct-2021 16:46:57 CEST Restart Time: Saturday, 23-Oct-2021 03:37:02 CEST Parent Server Generation: 127 Server uptime: 13 hours 9 minutes 54 seconds Total accesses: 2302 - Total Traffic: 7.3 MB CPU Usage: u807.48 s29.87 cu0 cs0 - 1.77% CPU load .0486 requests/sec - 161 B/second - 3317 B/request 1 requests currently being processed, 3 idle workers ___W............................................................ ................................................................ ................................................................ ................................................................ Scoreboard Key: "_" Waiting for Connection, "S" Starting up, "R" Reading Request, "W" Sending Reply, "K" Keepalive (read), "D" DNS Lookup, "C" Closing connection, "L" Logging, "G" Gracefully finishing, "I" Idle cleanup of worker, "." Open slot with no current process SrvPIDAccMCPU SSReqConnChildSlotClientVHostRequest 0-127137170/737/737_ 277.990250.02.582.58 161.35.86.181smtp110.ext.armada.itGET / HTTP/1.1 1-127137180/727/727_ 278.270160.02.002.00 161.35.86.181smtp110.ext.armada.itGET /frontend_dev.php/$ HTTP/1.1 2-127185390/681/681_ 237.780160.02.252.25 161.35.86.181smtp110.ext.armada.itGET /debug/default/view?panel=config HTTP/1.1 3-12799640/157/157W 43.31000.00.450.45 161.35.86.181smtp110.ext.armada.itGET /server-status HTTP/1.1 SrvChild Server number - generation PIDOS process ID AccNumber of accesses this connection / this child / this slot MMode of operation CPUCPU usage, number of seconds SSSeconds since beginning of most recent request ReqMilliseconds required to process most recent request ConnKilobytes transferred this connection ChildMegabytes transferred this child SlotTotal megabytes transferred this slot
Found on 2021-10-23 14:46 -
Fingerprint: c72c1c3018e67f2f18e67f2f9d6971f19d6971f17dac9f717dac9f7157d7cf94
Apache Status Apache Server Status for 5.134.127.229 Server Version: Apache/2.2.15 (Unix) DAV/2 PHP/5.3.3 Server Built: Oct 16 2014 14:48:21 Current Time: Friday, 25-Jun-2021 03:01:49 CEST Restart Time: Thursday, 24-Jun-2021 03:28:01 CEST Parent Server Generation: 6 Server uptime: 23 hours 33 minutes 47 seconds Total accesses: 4851 - Total Traffic: 16.1 MB CPU Usage: u788.13 s29.98 cu0 cs0 - .964% CPU load .0572 requests/sec - 199 B/second - 3490 B/request 1 requests currently being processed, 4 idle workers ____..W......................................................... ................................................................ ................................................................ ................................................................ Scoreboard Key: "_" Waiting for Connection, "S" Starting up, "R" Reading Request, "W" Sending Reply, "K" Keepalive (read), "D" DNS Lookup, "C" Closing connection, "L" Logging, "G" Gracefully finishing, "I" Idle cleanup of worker, "." Open slot with no current process SrvPIDAccMCPU SSReqConnChildSlotClientVHostRequest 0-6146440/1083/1083_ 340.841230.03.443.44 178.32.197.91smtp110.ext.armada.itGET / HTTP/1.1 1-6146450/1095/1095_ 245.940270.03.623.62 167.71.13.196smtp110.ext.armada.itGET / HTTP/1.1 2-6200350/576/1007_ 116.060270.01.893.02 167.71.13.196smtp110.ext.armada.itGET / HTTP/1.1 3-6191190/94/732_ 33.902160.00.252.53 167.71.13.196smtp110.ext.armada.it\x16\x03\x01 4-6-0/0/266. 27.101844100.00.000.95 ::1smtp110.ext.armada.itOPTIONS * HTTP/1.0 5-6-0/0/359. 0.001843800.00.001.53 ::1smtp110.ext.armada.itOPTIONS * HTTP/1.0 6-6240150/191/191W 37.65000.00.540.54 167.71.13.196smtp110.ext.armada.itGET /server-status HTTP/1.1 7-6-0/0/10. 0.001843900.00.000.05 ::1smtp110.ext.armada.itOPTIONS * HTTP/1.0 8-6-0/0/6. 0.001844300.00.000.01 ::1smtp110.ext.armada.itOPTIONS * HTTP/1.0 9-6-0/0/5. 0.001844400.00.000.03 ::1smtp110.ext.armada.itOPTIONS * HTTP/1.0 10-6-0/0/93. 16.62971900.00.000.29 ::1smtp110.ext.armada.itOPTIONS * HTTP/1.0 11-6-0/0/4. 0.001844000.00.000.14 ::1smtp110.ext.armada.itOPTIONS * HTTP/1.0 SrvChild Server number - generation PIDOS process ID AccNumber of accesses this connection / this child / this slot MMode of operation CPUCPU usage, number of seconds SSSeconds since beginning of most recent request ReqMilliseconds required to process most recent request ConnKilobytes transferred this connection ChildMegabytes transferred this child SlotTotal megabytes transferred this slot
Found on 2021-06-25 01:01
-
-
Open service 5.134.127.229:80
2024-04-30 18:52
HTTP/1.1 200 OK Date: Tue, 30 Apr 2024 18:52:34 GMT Server: Apache/2.2.15 (CentOS) X-Powered-By: PHP/5.3.3 Set-Cookie: PHPSESSID=a3iamfhkgto157493enll3tkf5; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Content-Length: 6171 Connection: close Content-Type: text/html; charset=UTF-8 <!doctype html> <html class="no-js"> <head> <meta charset="utf-8"> <title></title> <meta name="description" content=""> <meta name="viewport" content="width=device-width"> <link rel="shortcut icon" href="/favicon.ico" /> <!-- Place favicon.ico and apple-touch-icon.png in the root directory --> <!-- build:css styles/vendor.css --> <!-- bower:css --> <!-- endbower --> <!-- endbuild --> <!-- build:css(.tmp) styles/main.css --> <link rel="stylesheet" href="styles/main.css"> <link rel="stylesheet" href="styles/extra.css"> <link rel="stylesheet" href="styles/angular-busy.min.css"> <!-- endbuild --> </head> <body ng-app="app" ng-class="bodyclass" style="margin:0px;padding:0px;"> <!--[if lt IE 7]> <p class="browsehappy">You are using an <strong>outdated</strong> browser. Please <a href="http://browsehappy.com/">upgrade your browser</a> to improve your experience.</p> <![endif]--> <!-- Add your site or application content here --> <div class="container container-full"> <nav ng-include="'views/nav/menu.html'" ng-if="location.path() != '/login'"></nav> <div ui-view=""></div> <nav ng-include="'views/nav/footer.html'" ng-if="location.path() != '/login'"></nav> </div> <!-- Google Analytics: change UA-XXXXX-X to be your site's ID --> <script> (function(i,s,o,g,r,a,m){i['GoogleAnalyticsObject']=r;i[r]=i[r]||function(){ (i[r].q=i[r].q||[]).push(arguments)},i[r].l=1*new Date();a=s.createElement(o), m=s.getElementsByTagName(o)[0];a.async=1;a.src=g;m.parentNode.insertBefore(a,m) })(window,document,'script','//www.google-analytics.com/analytics.js','ga'); ga('create', 'UA-XXXXX-X'); ga('send', 'pageview'); </script> <!--[if lt IE 9]> <script src="bower_components/es5-shim/es5-shim.js"></script> <script src="bower_components/json3/lib/json3.min.js"></script> <![endif]--> <!-- build:js scripts/vendor.js --> <!-- bower:js --> <script src="bower_components/jquery/dist/jquery.min.js"></script> <script src="bower_components/angular/angular.min.js"></script> <script src="bower_components/bootstrap-sass-official/vendor/assets/javascripts/bootstrap/affix.js"></script> <script src="bower_components/bootstrap-sass-official/vendor/assets/javascripts/bootstrap/alert.js"></script> <script src="bower_components/bootstrap-sass-official/vendor/assets/javascripts/bootstrap/button.js"></script> <script src="bower_components/bootstrap-sass-official/vendor/assets/javascripts/bootstrap/carousel.js"></script> <script src="bower_components/bootstrap-sass-official/vendor/assets/javascripts/bootstrap/collapse.js"></script> <script src="bower_components/bootstrap-sass-official/vendor/assets/javascripts/bootstrap/dropdown.js"></script> <script src="bower_components/bootstrap-sass-official/vendor/assets/javascripts/bootstrap/tab.js"></script> <script src="bower_components/bootstrap-sass-official/vendor/assets/javascripts/bootstrap/transition.js"></script> <script src="bower_components/bootstrap-sass-official/vendor/assets/javascripts/bootstrap/scrollspy.js"></script> <script src="bower_components/bootstrap-sass-official/vendor/assets/javascripts/bootstrap/modal.js"></script> <script src="bower_components/bootstrap-sass-official/vendor/assets/javascripts/bootstrap/tooltip.js"></script> <script src="bower_components/bootstrap-sass-official/vendor/assets/javascripts/bootstrap/popover.js"></script> <script src="bower_components/angular-resource/angular-resource.min.js"></script> <script src="bower_components/angular-cookies/angular-cookies.min.js"></script> <script src="bower_components/angular-sanitize/angular-sanitize.min.js"></script> <script src="bower_components/angular-route/angular-route.min.js"></script> <script src="bower_components/ngstorage/ngStorage.min.js"></script> <script src="bower_components/angular-translate/angular-translate.min.js"></script> <script src="bower_compFound one day ago by HttpPluginCreate report
-
Open service 5.134.127.229:80
2024-04-28 17:46
HTTP/1.1 200 OK Date: Sun, 28 Apr 2024 17:46:37 GMT Server: Apache/2.2.15 (CentOS) X-Powered-By: PHP/5.3.3 Set-Cookie: PHPSESSID=j2qlgomm9ql3lula09q6i9om70; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Content-Length: 6171 Connection: close Content-Type: text/html; charset=UTF-8 <!doctype html> <html class="no-js"> <head> <meta charset="utf-8"> <title></title> <meta name="description" content=""> <meta name="viewport" content="width=device-width"> <link rel="shortcut icon" href="/favicon.ico" /> <!-- Place favicon.ico and apple-touch-icon.png in the root directory --> <!-- build:css styles/vendor.css --> <!-- bower:css --> <!-- endbower --> <!-- endbuild --> <!-- build:css(.tmp) styles/main.css --> <link rel="stylesheet" href="styles/main.css"> <link rel="stylesheet" href="styles/extra.css"> <link rel="stylesheet" href="styles/angular-busy.min.css"> <!-- endbuild --> </head> <body ng-app="app" ng-class="bodyclass" style="margin:0px;padding:0px;"> <!--[if lt IE 7]> <p class="browsehappy">You are using an <strong>outdated</strong> browser. Please <a href="http://browsehappy.com/">upgrade your browser</a> to improve your experience.</p> <![endif]--> <!-- Add your site or application content here --> <div class="container container-full"> <nav ng-include="'views/nav/menu.html'" ng-if="location.path() != '/login'"></nav> <div ui-view=""></div> <nav ng-include="'views/nav/footer.html'" ng-if="location.path() != '/login'"></nav> </div> <!-- Google Analytics: change UA-XXXXX-X to be your site's ID --> <script> (function(i,s,o,g,r,a,m){i['GoogleAnalyticsObject']=r;i[r]=i[r]||function(){ (i[r].q=i[r].q||[]).push(arguments)},i[r].l=1*new Date();a=s.createElement(o), m=s.getElementsByTagName(o)[0];a.async=1;a.src=g;m.parentNode.insertBefore(a,m) })(window,document,'script','//www.google-analytics.com/analytics.js','ga'); ga('create', 'UA-XXXXX-X'); ga('send', 'pageview'); </script> <!--[if lt IE 9]> <script src="bower_components/es5-shim/es5-shim.js"></script> <script src="bower_components/json3/lib/json3.min.js"></script> <![endif]--> <!-- build:js scripts/vendor.js --> <!-- bower:js --> <script src="bower_components/jquery/dist/jquery.min.js"></script> <script src="bower_components/angular/angular.min.js"></script> <script src="bower_components/bootstrap-sass-official/vendor/assets/javascripts/bootstrap/affix.js"></script> <script src="bower_components/bootstrap-sass-official/vendor/assets/javascripts/bootstrap/alert.js"></script> <script src="bower_components/bootstrap-sass-official/vendor/assets/javascripts/bootstrap/button.js"></script> <script src="bower_components/bootstrap-sass-official/vendor/assets/javascripts/bootstrap/carousel.js"></script> <script src="bower_components/bootstrap-sass-official/vendor/assets/javascripts/bootstrap/collapse.js"></script> <script src="bower_components/bootstrap-sass-official/vendor/assets/javascripts/bootstrap/dropdown.js"></script> <script src="bower_components/bootstrap-sass-official/vendor/assets/javascripts/bootstrap/tab.js"></script> <script src="bower_components/bootstrap-sass-official/vendor/assets/javascripts/bootstrap/transition.js"></script> <script src="bower_components/bootstrap-sass-official/vendor/assets/javascripts/bootstrap/scrollspy.js"></script> <script src="bower_components/bootstrap-sass-official/vendor/assets/javascripts/bootstrap/modal.js"></script> <script src="bower_components/bootstrap-sass-official/vendor/assets/javascripts/bootstrap/tooltip.js"></script> <script src="bower_components/bootstrap-sass-official/vendor/assets/javascripts/bootstrap/popover.js"></script> <script src="bower_components/angular-resource/angular-resource.min.js"></script> <script src="bower_components/angular-cookies/angular-cookies.min.js"></script> <script src="bower_components/angular-sanitize/angular-sanitize.min.js"></script> <script src="bower_components/angular-route/angular-route.min.js"></script> <script src="bower_components/ngstorage/ngStorage.min.js"></script> <script src="bower_components/angular-translate/angular-translate.min.js"></script> <script src="bower_compFound 2024-04-28 by HttpPluginCreate report
-
Open service 5.134.127.229:22
2024-04-25 15:35
Found 2024-04-25 by SSHOpenPluginCreate report
-
Open service 5.134.127.229:80
2024-04-24 00:37
HTTP/1.1 200 OK Date: Wed, 24 Apr 2024 00:37:19 GMT Server: Apache/2.2.15 (CentOS) X-Powered-By: PHP/5.3.3 Set-Cookie: PHPSESSID=hlo864lefht587utfpc120up97; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Content-Length: 6171 Connection: close Content-Type: text/html; charset=UTF-8 <!doctype html> <html class="no-js"> <head> <meta charset="utf-8"> <title></title> <meta name="description" content=""> <meta name="viewport" content="width=device-width"> <link rel="shortcut icon" href="/favicon.ico" /> <!-- Place favicon.ico and apple-touch-icon.png in the root directory --> <!-- build:css styles/vendor.css --> <!-- bower:css --> <!-- endbower --> <!-- endbuild --> <!-- build:css(.tmp) styles/main.css --> <link rel="stylesheet" href="styles/main.css"> <link rel="stylesheet" href="styles/extra.css"> <link rel="stylesheet" href="styles/angular-busy.min.css"> <!-- endbuild --> </head> <body ng-app="app" ng-class="bodyclass" style="margin:0px;padding:0px;"> <!--[if lt IE 7]> <p class="browsehappy">You are using an <strong>outdated</strong> browser. Please <a href="http://browsehappy.com/">upgrade your browser</a> to improve your experience.</p> <![endif]--> <!-- Add your site or application content here --> <div class="container container-full"> <nav ng-include="'views/nav/menu.html'" ng-if="location.path() != '/login'"></nav> <div ui-view=""></div> <nav ng-include="'views/nav/footer.html'" ng-if="location.path() != '/login'"></nav> </div> <!-- Google Analytics: change UA-XXXXX-X to be your site's ID --> <script> (function(i,s,o,g,r,a,m){i['GoogleAnalyticsObject']=r;i[r]=i[r]||function(){ (i[r].q=i[r].q||[]).push(arguments)},i[r].l=1*new Date();a=s.createElement(o), m=s.getElementsByTagName(o)[0];a.async=1;a.src=g;m.parentNode.insertBefore(a,m) })(window,document,'script','//www.google-analytics.com/analytics.js','ga'); ga('create', 'UA-XXXXX-X'); ga('send', 'pageview'); </script> <!--[if lt IE 9]> <script src="bower_components/es5-shim/es5-shim.js"></script> <script src="bower_components/json3/lib/json3.min.js"></script> <![endif]--> <!-- build:js scripts/vendor.js --> <!-- bower:js --> <script src="bower_components/jquery/dist/jquery.min.js"></script> <script src="bower_components/angular/angular.min.js"></script> <script src="bower_components/bootstrap-sass-official/vendor/assets/javascripts/bootstrap/affix.js"></script> <script src="bower_components/bootstrap-sass-official/vendor/assets/javascripts/bootstrap/alert.js"></script> <script src="bower_components/bootstrap-sass-official/vendor/assets/javascripts/bootstrap/button.js"></script> <script src="bower_components/bootstrap-sass-official/vendor/assets/javascripts/bootstrap/carousel.js"></script> <script src="bower_components/bootstrap-sass-official/vendor/assets/javascripts/bootstrap/collapse.js"></script> <script src="bower_components/bootstrap-sass-official/vendor/assets/javascripts/bootstrap/dropdown.js"></script> <script src="bower_components/bootstrap-sass-official/vendor/assets/javascripts/bootstrap/tab.js"></script> <script src="bower_components/bootstrap-sass-official/vendor/assets/javascripts/bootstrap/transition.js"></script> <script src="bower_components/bootstrap-sass-official/vendor/assets/javascripts/bootstrap/scrollspy.js"></script> <script src="bower_components/bootstrap-sass-official/vendor/assets/javascripts/bootstrap/modal.js"></script> <script src="bower_components/bootstrap-sass-official/vendor/assets/javascripts/bootstrap/tooltip.js"></script> <script src="bower_components/bootstrap-sass-official/vendor/assets/javascripts/bootstrap/popover.js"></script> <script src="bower_components/angular-resource/angular-resource.min.js"></script> <script src="bower_components/angular-cookies/angular-cookies.min.js"></script> <script src="bower_components/angular-sanitize/angular-sanitize.min.js"></script> <script src="bower_components/angular-route/angular-route.min.js"></script> <script src="bower_components/ngstorage/ngStorage.min.js"></script> <script src="bower_components/angular-translate/angular-translate.min.js"></script> <script src="bower_compFound 2024-04-24 by HttpPluginCreate report
-
Open service 5.134.127.229:22
2024-04-24 00:27
Found 2024-04-24 by SSHOpenPluginCreate report
-
Open service 5.134.127.229:80
2024-04-18 18:19
HTTP/1.1 200 OK Date: Thu, 18 Apr 2024 18:19:14 GMT Server: Apache/2.2.15 (CentOS) X-Powered-By: PHP/5.3.3 Set-Cookie: PHPSESSID=d7nsnok2vip3c6j69nkf9o6fm1; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Content-Length: 6171 Connection: close Content-Type: text/html; charset=UTF-8 <!doctype html> <html class="no-js"> <head> <meta charset="utf-8"> <title></title> <meta name="description" content=""> <meta name="viewport" content="width=device-width"> <link rel="shortcut icon" href="/favicon.ico" /> <!-- Place favicon.ico and apple-touch-icon.png in the root directory --> <!-- build:css styles/vendor.css --> <!-- bower:css --> <!-- endbower --> <!-- endbuild --> <!-- build:css(.tmp) styles/main.css --> <link rel="stylesheet" href="styles/main.css"> <link rel="stylesheet" href="styles/extra.css"> <link rel="stylesheet" href="styles/angular-busy.min.css"> <!-- endbuild --> </head> <body ng-app="app" ng-class="bodyclass" style="margin:0px;padding:0px;"> <!--[if lt IE 7]> <p class="browsehappy">You are using an <strong>outdated</strong> browser. Please <a href="http://browsehappy.com/">upgrade your browser</a> to improve your experience.</p> <![endif]--> <!-- Add your site or application content here --> <div class="container container-full"> <nav ng-include="'views/nav/menu.html'" ng-if="location.path() != '/login'"></nav> <div ui-view=""></div> <nav ng-include="'views/nav/footer.html'" ng-if="location.path() != '/login'"></nav> </div> <!-- Google Analytics: change UA-XXXXX-X to be your site's ID --> <script> (function(i,s,o,g,r,a,m){i['GoogleAnalyticsObject']=r;i[r]=i[r]||function(){ (i[r].q=i[r].q||[]).push(arguments)},i[r].l=1*new Date();a=s.createElement(o), m=s.getElementsByTagName(o)[0];a.async=1;a.src=g;m.parentNode.insertBefore(a,m) })(window,document,'script','//www.google-analytics.com/analytics.js','ga'); ga('create', 'UA-XXXXX-X'); ga('send', 'pageview'); </script> <!--[if lt IE 9]> <script src="bower_components/es5-shim/es5-shim.js"></script> <script src="bower_components/json3/lib/json3.min.js"></script> <![endif]--> <!-- build:js scripts/vendor.js --> <!-- bower:js --> <script src="bower_components/jquery/dist/jquery.min.js"></script> <script src="bower_components/angular/angular.min.js"></script> <script src="bower_components/bootstrap-sass-official/vendor/assets/javascripts/bootstrap/affix.js"></script> <script src="bower_components/bootstrap-sass-official/vendor/assets/javascripts/bootstrap/alert.js"></script> <script src="bower_components/bootstrap-sass-official/vendor/assets/javascripts/bootstrap/button.js"></script> <script src="bower_components/bootstrap-sass-official/vendor/assets/javascripts/bootstrap/carousel.js"></script> <script src="bower_components/bootstrap-sass-official/vendor/assets/javascripts/bootstrap/collapse.js"></script> <script src="bower_components/bootstrap-sass-official/vendor/assets/javascripts/bootstrap/dropdown.js"></script> <script src="bower_components/bootstrap-sass-official/vendor/assets/javascripts/bootstrap/tab.js"></script> <script src="bower_components/bootstrap-sass-official/vendor/assets/javascripts/bootstrap/transition.js"></script> <script src="bower_components/bootstrap-sass-official/vendor/assets/javascripts/bootstrap/scrollspy.js"></script> <script src="bower_components/bootstrap-sass-official/vendor/assets/javascripts/bootstrap/modal.js"></script> <script src="bower_components/bootstrap-sass-official/vendor/assets/javascripts/bootstrap/tooltip.js"></script> <script src="bower_components/bootstrap-sass-official/vendor/assets/javascripts/bootstrap/popover.js"></script> <script src="bower_components/angular-resource/angular-resource.min.js"></script> <script src="bower_components/angular-cookies/angular-cookies.min.js"></script> <script src="bower_components/angular-sanitize/angular-sanitize.min.js"></script> <script src="bower_components/angular-route/angular-route.min.js"></script> <script src="bower_components/ngstorage/ngStorage.min.js"></script> <script src="bower_components/angular-translate/angular-translate.min.js"></script> <script src="bower_compFound 2024-04-18 by HttpPluginCreate report
-
Open service 5.134.127.229:80
2024-04-10 14:11
HTTP/1.1 200 OK Date: Wed, 10 Apr 2024 14:11:24 GMT Server: Apache/2.2.15 (CentOS) X-Powered-By: PHP/5.3.3 Set-Cookie: PHPSESSID=65otmt0c63nq41kqr5djggv8v7; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Content-Length: 6171 Connection: close Content-Type: text/html; charset=UTF-8 <!doctype html> <html class="no-js"> <head> <meta charset="utf-8"> <title></title> <meta name="description" content=""> <meta name="viewport" content="width=device-width"> <link rel="shortcut icon" href="/favicon.ico" /> <!-- Place favicon.ico and apple-touch-icon.png in the root directory --> <!-- build:css styles/vendor.css --> <!-- bower:css --> <!-- endbower --> <!-- endbuild --> <!-- build:css(.tmp) styles/main.css --> <link rel="stylesheet" href="styles/main.css"> <link rel="stylesheet" href="styles/extra.css"> <link rel="stylesheet" href="styles/angular-busy.min.css"> <!-- endbuild --> </head> <body ng-app="app" ng-class="bodyclass" style="margin:0px;padding:0px;"> <!--[if lt IE 7]> <p class="browsehappy">You are using an <strong>outdated</strong> browser. Please <a href="http://browsehappy.com/">upgrade your browser</a> to improve your experience.</p> <![endif]--> <!-- Add your site or application content here --> <div class="container container-full"> <nav ng-include="'views/nav/menu.html'" ng-if="location.path() != '/login'"></nav> <div ui-view=""></div> <nav ng-include="'views/nav/footer.html'" ng-if="location.path() != '/login'"></nav> </div> <!-- Google Analytics: change UA-XXXXX-X to be your site's ID --> <script> (function(i,s,o,g,r,a,m){i['GoogleAnalyticsObject']=r;i[r]=i[r]||function(){ (i[r].q=i[r].q||[]).push(arguments)},i[r].l=1*new Date();a=s.createElement(o), m=s.getElementsByTagName(o)[0];a.async=1;a.src=g;m.parentNode.insertBefore(a,m) })(window,document,'script','//www.google-analytics.com/analytics.js','ga'); ga('create', 'UA-XXXXX-X'); ga('send', 'pageview'); </script> <!--[if lt IE 9]> <script src="bower_components/es5-shim/es5-shim.js"></script> <script src="bower_components/json3/lib/json3.min.js"></script> <![endif]--> <!-- build:js scripts/vendor.js --> <!-- bower:js --> <script src="bower_components/jquery/dist/jquery.min.js"></script> <script src="bower_components/angular/angular.min.js"></script> <script src="bower_components/bootstrap-sass-official/vendor/assets/javascripts/bootstrap/affix.js"></script> <script src="bower_components/bootstrap-sass-official/vendor/assets/javascripts/bootstrap/alert.js"></script> <script src="bower_components/bootstrap-sass-official/vendor/assets/javascripts/bootstrap/button.js"></script> <script src="bower_components/bootstrap-sass-official/vendor/assets/javascripts/bootstrap/carousel.js"></script> <script src="bower_components/bootstrap-sass-official/vendor/assets/javascripts/bootstrap/collapse.js"></script> <script src="bower_components/bootstrap-sass-official/vendor/assets/javascripts/bootstrap/dropdown.js"></script> <script src="bower_components/bootstrap-sass-official/vendor/assets/javascripts/bootstrap/tab.js"></script> <script src="bower_components/bootstrap-sass-official/vendor/assets/javascripts/bootstrap/transition.js"></script> <script src="bower_components/bootstrap-sass-official/vendor/assets/javascripts/bootstrap/scrollspy.js"></script> <script src="bower_components/bootstrap-sass-official/vendor/assets/javascripts/bootstrap/modal.js"></script> <script src="bower_components/bootstrap-sass-official/vendor/assets/javascripts/bootstrap/tooltip.js"></script> <script src="bower_components/bootstrap-sass-official/vendor/assets/javascripts/bootstrap/popover.js"></script> <script src="bower_components/angular-resource/angular-resource.min.js"></script> <script src="bower_components/angular-cookies/angular-cookies.min.js"></script> <script src="bower_components/angular-sanitize/angular-sanitize.min.js"></script> <script src="bower_components/angular-route/angular-route.min.js"></script> <script src="bower_components/ngstorage/ngStorage.min.js"></script> <script src="bower_components/angular-translate/angular-translate.min.js"></script> <script src="bower_compFound 2024-04-10 by HttpPluginCreate report
Domain summary
No record