LeakIX - Host 62.133.128.73

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcb3562910c28104c57538621431f6ef336d59c8958

Found public CheckMk agent:
Version: 1.2.8p15
AgentOS: linux
Hostname: proxy1
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
OnlyFrom: 

Found process list through CheckMk:
(root,56948,6788,00:01:35/197-21:07:36,1) /sbin/init
(root,0,0,00:00:00/197-21:07:36,2) [kthreadd]
(root,0,0,00:00:10/197-21:07:36,3) [ksoftirqd/0]
(root,0,0,00:00:00/197-21:07:36,5) [kworker/0:0H]
(root,0,0,02:54:17/197-21:07:36,7) [rcu_sched]
(root,0,0,00:00:00/197-21:07:36,8) [rcu_bh]
(root,0,0,00:01:09/197-21:07:36,9) [migration/0]
(root,0,0,00:00:00/197-21:07:36,10) [lru-add-drain]
(root,0,0,00:01:50/197-21:07:36,11) [watchdog/0]
(root,0,0,00:00:00/197-21:07:36,12) [cpuhp/0]
(root,0,0,00:00:00/197-21:07:36,13) [cpuhp/1]
(root,0,0,00:01:27/197-21:07:36,14) [watchdog/1]
(root,0,0,00:00:52/197-21:07:36,15) [migration/1]
(root,0,0,00:00:48/197-21:07:36,16) [ksoftirqd/1]
(root,0,0,00:00:00/197-21:07:36,18) [kworker/1:0H]
(root,0,0,00:00:00/197-21:07:36,19) [kdevtmpfs]
(root,0,0,00:00:00/197-21:07:36,20) [netns]
(root,0,0,00:00:00/197-21:07:36,21) [xenwatch]
(root,0,0,00:02:03/197-21:07:36,22) [xenbus]
(root,0,0,00:00:06/197-21:07:36,24) [khungtaskd]
(root,0,0,00:00:00/197-21:07:36,25) [oom_reaper]
(root,0,0,00:00:00/197-21:07:36,26) [writeback]
(root,0,0,00:00:00/197-21:07:36,27) [kcompactd0]
(root,0,0,00:00:00/197-21:07:36,28) [ksmd]
(root,0,0,00:00:00/197-21:07:36,29) [khugepaged]
(root,0,0,00:00:00/197-21:07:36,30) [crypto]
(root,0,0,00:00:00/197-21:07:36,31) [kintegrityd]
(root,0,0,00:00:00/197-21:07:36,32) [bioset]
(root,0,0,00:00:00/197-21:07:36,33) [kblockd]
(root,0,0,00:00:00/197-21:07:36,35) [devfreq_wq]
(root,0,0,00:00:00/197-21:07:36,36) [watchdogd]
(root,0,0,00:00:00/197-21:07:35,37) [kswapd0]
(root,0,0,00:00:00/197-21:07:35,38) [vmstat]
(root,0,0,00:00:00/197-21:07:35,50) [kthrotld]
(root,0,0,00:00:00/197-21:07:35,51) [khvcd]
(root,0,0,00:00:00/197-21:07:35,52) [ipv6_addrconf]
(root,0,0,00:00:00/197-21:07:35,91) [bioset]
(root,0,0,00:00:00/197-21:07:35,93) [bioset]
(root,0,0,00:00:00/197-21:07:35,95) [bioset]
(root,0,0,00:00:00/197-21:07:35,96) [kworker/u128:1]
(root,0,0,00:00:00/197-21:07:35,97) [ata_sff]
(root,0,0,00:00:00/197-21:07:35,98) [bioset]
(root,0,0,00:00:00/197-21:07:35,100) [bioset]
(root,0,0,00:00:00/197-21:07:35,102) [bioset]
(root,0,0,00:00:00/197-21:07:35,103) [bioset]
(root,0,0,00:00:00/197-21:07:35,104) [bioset]
(root,0,0,00:00:00/197-21:07:35,118) [scsi_eh_0]
(root,0,0,00:00:00/197-21:07:35,119) [scsi_tmf_0]
(root,0,0,00:00:00/197-21:07:35,120) [scsi_eh_1]
(root,0,0,00:00:00/197-21:07:35,121) [scsi_tmf_1]
(root,0,0,00:00:56/197-21:07:35,123) [kworker/u128:2]
(root,0,0,00:00:00/197-21:07:35,129) [bioset]
(root,0,0,00:00:00/197-21:07:31,155) [kworker/u129:0]
(root,0,0,00:00:08/197-21:07:30,165) [kworker/0:1H]
(root,0,0,00:00:19/197-21:07:30,167) [jbd2/xvda1-8]
(root,0,0,00:00:00/197-21:07:30,168) [ext4-rsv-conver]
(root,59340,5792,00:04:02/197-21:07:11,196) /lib/systemd/systemd-journald
(root,0,0,00:00:00/197-21:07:11,198) [kauditd]
(root,46732,4952,00:00:31/197-21:07:06,226) /lib/systemd/systemd-udevd
(root,0,0,00:00:12/197-21:07:04,231) [kworker/1:1H]
(root,0,0,00:00:00/197-21:06:51,282) [ttm_swap]
(root,0,0,00:00:00/197-21:06:49,316) [edac-poller]
(systemd-timesync,127288,4060,00:00:47/197-21:06:45,388) /lib/systemd/systemd-timesyncd
(root,29636,2732,00:00:30/197-21:06:44,403) /usr/sbin/cron -f
(root,35800,1932,00:37:11/197-21:06:43,416) /usr/sbin/irqbalance --foreground
(messagebus,45112,3620,00:00:00/197-21:06:43,417) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation
(root,37984,2168,00:00:40/197-21:06:30,447) /lib/systemd/systemd-logind
(root,250240,3908,00:00:22/197-21:06:30,448) /usr/sbin/rsyslogd -n
(clamav,1749008,1431804,01:19:42/197-21:06:29,456) /usr/sbin/clamd --foreground=true
(clamav,299448,35724,00:03:45/197-21:06:27,490) /usr/bin/freshclam -d --foreground=true
(bind,295176,30744,00:00:33/197-21:06:26,518) /usr/sbin/named -f -u bind
(root,14524,1716,00:00:00/197-21:06:26,524) /sbin/agetty --noclear tty1 linux
(root,14300,2064,00:00:00/197-21:06:26,525) /sbin/agetty --keep-baud 115200,38400,9600 hvc0 vt220
(smtpgw,21712,2284,00:00:03/197-21:06:22,528) /usr/sbin/smtp-gated /etc/smtp-gated.conf
(root,20220,2156,00:00:47/197-21:06:17,537) /usr/sbin/xinetd -pidfile /run/xinetd.pid -stayalive -inetd_compat -inetd_ipv6
(root,69960,5416,00:00:00/197-21:06:11,560) /usr/sbin/sshd -D
(root,790484,3116,01:43:23/197-21:05:37,575) /usr/sbin/xe-daemon -p /var/run/xe-daemon.pid
(root,25384,1512,00:00:00/197-21:05:35,578) logger -t xe-daemon
(root,25384,1492,00:00:00/197-21:05:35,580) logger -t xenstore
(root,185096,105312,00:58:12/197-21:05:22,595) /usr/bin/perl -T -w /usr/sbin/spamd -d --pidfile=/var/run/spamd.pid --create-prefs --max-children 5 --helper-home-dir --socketpath=/var/run/spamd.sock
(root,185096,99756,00:00:13/197-21:05:09,596) spamd child
(root,185096,99760,00:00:20/197-21:05:09,597) spamd child
(root,0,0,00:00:02/12:51:10,4496) [kworker/0:0]
(root,0,0,00:00:01/04:21:10,17452) [kworker/0:1]
(root,19736,3376,00:00:00/00:00,24490) /bin/bash /usr/bin/check_mk_agent
(root,36632,2824,00:00:00/00:00,24509) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000
(root,13208,1020,00:00:00/00:00,24510) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) /
(root,0,0,00:00:01/19:24:10,59682) [kworker/1:1]
(root,0,0,00:00:15/17:44:07,62303) [kworker/1:0]

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP mode DEFAULT group default qlen 1000
    link/ether 4e:f3:e0:93:12:31 brd ff:ff:ff:ff:ff:ff
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP mode DEFAULT group default qlen 1000
    link/ether 9e:6e:d6:0f:9c:57 brd ff:ff:ff:ff:ff:ff
[end_iplink]

Found on 2024-12-22 00:47

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcb3562910c28104c57538621431f6ef336489ca123

Found public CheckMk agent:
Version: 1.2.8p15
AgentOS: linux
Hostname: proxy1
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
OnlyFrom: 

Found process list through CheckMk:
(root,56948,6788,00:01:34/195-21:17:12,1) /sbin/init
(root,0,0,00:00:00/195-21:17:12,2) [kthreadd]
(root,0,0,00:00:10/195-21:17:12,3) [ksoftirqd/0]
(root,0,0,00:00:00/195-21:17:12,5) [kworker/0:0H]
(root,0,0,02:52:41/195-21:17:12,7) [rcu_sched]
(root,0,0,00:00:00/195-21:17:12,8) [rcu_bh]
(root,0,0,00:01:09/195-21:17:12,9) [migration/0]
(root,0,0,00:00:00/195-21:17:12,10) [lru-add-drain]
(root,0,0,00:01:49/195-21:17:12,11) [watchdog/0]
(root,0,0,00:00:00/195-21:17:12,12) [cpuhp/0]
(root,0,0,00:00:00/195-21:17:12,13) [cpuhp/1]
(root,0,0,00:01:26/195-21:17:12,14) [watchdog/1]
(root,0,0,00:00:51/195-21:17:12,15) [migration/1]
(root,0,0,00:00:47/195-21:17:12,16) [ksoftirqd/1]
(root,0,0,00:00:00/195-21:17:12,18) [kworker/1:0H]
(root,0,0,00:00:00/195-21:17:12,19) [kdevtmpfs]
(root,0,0,00:00:00/195-21:17:12,20) [netns]
(root,0,0,00:00:00/195-21:17:12,21) [xenwatch]
(root,0,0,00:02:02/195-21:17:12,22) [xenbus]
(root,0,0,00:00:06/195-21:17:12,24) [khungtaskd]
(root,0,0,00:00:00/195-21:17:12,25) [oom_reaper]
(root,0,0,00:00:00/195-21:17:12,26) [writeback]
(root,0,0,00:00:00/195-21:17:12,27) [kcompactd0]
(root,0,0,00:00:00/195-21:17:12,28) [ksmd]
(root,0,0,00:00:00/195-21:17:12,29) [khugepaged]
(root,0,0,00:00:00/195-21:17:12,30) [crypto]
(root,0,0,00:00:00/195-21:17:12,31) [kintegrityd]
(root,0,0,00:00:00/195-21:17:12,32) [bioset]
(root,0,0,00:00:00/195-21:17:12,33) [kblockd]
(root,0,0,00:00:00/195-21:17:12,35) [devfreq_wq]
(root,0,0,00:00:00/195-21:17:12,36) [watchdogd]
(root,0,0,00:00:00/195-21:17:11,37) [kswapd0]
(root,0,0,00:00:00/195-21:17:11,38) [vmstat]
(root,0,0,00:00:00/195-21:17:11,50) [kthrotld]
(root,0,0,00:00:00/195-21:17:11,51) [khvcd]
(root,0,0,00:00:00/195-21:17:11,52) [ipv6_addrconf]
(root,0,0,00:00:00/195-21:17:11,91) [bioset]
(root,0,0,00:00:00/195-21:17:11,93) [bioset]
(root,0,0,00:00:00/195-21:17:11,95) [bioset]
(root,0,0,00:00:00/195-21:17:11,96) [kworker/u128:1]
(root,0,0,00:00:00/195-21:17:11,97) [ata_sff]
(root,0,0,00:00:00/195-21:17:11,98) [bioset]
(root,0,0,00:00:00/195-21:17:11,100) [bioset]
(root,0,0,00:00:00/195-21:17:11,102) [bioset]
(root,0,0,00:00:00/195-21:17:11,103) [bioset]
(root,0,0,00:00:00/195-21:17:11,104) [bioset]
(root,0,0,00:00:00/195-21:17:11,118) [scsi_eh_0]
(root,0,0,00:00:00/195-21:17:11,119) [scsi_tmf_0]
(root,0,0,00:00:00/195-21:17:11,120) [scsi_eh_1]
(root,0,0,00:00:00/195-21:17:11,121) [scsi_tmf_1]
(root,0,0,00:00:56/195-21:17:11,123) [kworker/u128:2]
(root,0,0,00:00:00/195-21:17:11,129) [bioset]
(root,0,0,00:00:00/195-21:17:07,155) [kworker/u129:0]
(root,0,0,00:00:08/195-21:17:06,165) [kworker/0:1H]
(root,0,0,00:00:19/195-21:17:06,167) [jbd2/xvda1-8]
(root,0,0,00:00:00/195-21:17:06,168) [ext4-rsv-conver]
(root,59340,4560,00:04:00/195-21:16:47,196) /lib/systemd/systemd-journald
(root,0,0,00:00:00/195-21:16:47,198) [kauditd]
(root,46732,4952,00:00:31/195-21:16:42,226) /lib/systemd/systemd-udevd
(root,0,0,00:00:11/195-21:16:40,231) [kworker/1:1H]
(root,0,0,00:00:00/195-21:16:27,282) [ttm_swap]
(root,0,0,00:00:00/195-21:16:25,316) [edac-poller]
(systemd-timesync,127288,4060,00:00:47/195-21:16:21,388) /lib/systemd/systemd-timesyncd
(root,29636,2732,00:00:30/195-21:16:20,403) /usr/sbin/cron -f
(root,35800,1932,00:36:48/195-21:16:19,416) /usr/sbin/irqbalance --foreground
(messagebus,45112,3620,00:00:00/195-21:16:19,417) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation
(root,37984,2168,00:00:40/195-21:16:06,447) /lib/systemd/systemd-logind
(root,250240,3908,00:00:22/195-21:16:06,448) /usr/sbin/rsyslogd -n
(clamav,1748940,1431744,01:18:57/195-21:16:05,456) /usr/sbin/clamd --foreground=true
(clamav,299408,35684,00:03:43/195-21:16:03,490) /usr/bin/freshclam -d --foreground=true
(bind,295176,30744,00:00:33/195-21:16:02,518) /usr/sbin/named -f -u bind
(root,14524,1716,00:00:00/195-21:16:02,524) /sbin/agetty --noclear tty1 linux
(root,14300,2064,00:00:00/195-21:16:02,525) /sbin/agetty --keep-baud 115200,38400,9600 hvc0 vt220
(smtpgw,21712,2284,00:00:03/195-21:15:58,528) /usr/sbin/smtp-gated /etc/smtp-gated.conf
(root,20220,2156,00:00:47/195-21:15:53,537) /usr/sbin/xinetd -pidfile /run/xinetd.pid -stayalive -inetd_compat -inetd_ipv6
(root,69960,5416,00:00:00/195-21:15:47,560) /usr/sbin/sshd -D
(root,790484,3116,01:42:21/195-21:15:13,575) /usr/sbin/xe-daemon -p /var/run/xe-daemon.pid
(root,25384,1512,00:00:00/195-21:15:11,578) logger -t xe-daemon
(root,25384,1492,00:00:00/195-21:15:11,580) logger -t xenstore
(root,185096,105312,00:57:37/195-21:14:58,595) /usr/bin/perl -T -w /usr/sbin/spamd -d --pidfile=/var/run/spamd.pid --create-prefs --max-children 5 --helper-home-dir --socketpath=/var/run/spamd.sock
(root,185096,99756,00:00:13/195-21:14:45,596) spamd child
(root,185096,99760,00:00:20/195-21:14:45,597) spamd child
(root,0,0,00:00:00/02:36:46,11913) [kworker/0:1]
(root,19736,3316,00:00:00/00:00,16263) /bin/bash /usr/bin/check_mk_agent
(root,36632,2836,00:00:00/00:00,16282) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000
(root,13208,1044,00:00:00/00:00,16283) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) /
(root,0,0,00:00:11/1-17:56:43,17118) [kworker/0:0]
(root,0,0,00:00:02/17:55:43,53849) [kworker/1:0]
(root,0,0,00:00:13/15:31:46,57506) [kworker/1:2]

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP mode DEFAULT group default qlen 1000
    link/ether 4e:f3:e0:93:12:31 brd ff:ff:ff:ff:ff:ff
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP mode DEFAULT group default qlen 1000
    link/ether 9e:6e:d6:0f:9c:57 brd ff:ff:ff:ff:ff:ff
[end_iplink]

Found on 2024-12-20 00:57

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcb3562910c28104c57538621431f6ef336feb54739

Found public CheckMk agent:
Version: 1.2.8p15
AgentOS: linux
Hostname: proxy1
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
OnlyFrom: 

Found process list through CheckMk:
(root,56948,6788,00:01:33/193-22:02:07,1) /sbin/init
(root,0,0,00:00:00/193-22:02:07,2) [kthreadd]
(root,0,0,00:00:10/193-22:02:07,3) [ksoftirqd/0]
(root,0,0,00:00:00/193-22:02:07,5) [kworker/0:0H]
(root,0,0,02:51:03/193-22:02:07,7) [rcu_sched]
(root,0,0,00:00:00/193-22:02:07,8) [rcu_bh]
(root,0,0,00:01:08/193-22:02:07,9) [migration/0]
(root,0,0,00:00:00/193-22:02:07,10) [lru-add-drain]
(root,0,0,00:01:48/193-22:02:07,11) [watchdog/0]
(root,0,0,00:00:00/193-22:02:07,12) [cpuhp/0]
(root,0,0,00:00:00/193-22:02:07,13) [cpuhp/1]
(root,0,0,00:01:25/193-22:02:07,14) [watchdog/1]
(root,0,0,00:00:51/193-22:02:07,15) [migration/1]
(root,0,0,00:00:47/193-22:02:07,16) [ksoftirqd/1]
(root,0,0,00:00:00/193-22:02:07,18) [kworker/1:0H]
(root,0,0,00:00:00/193-22:02:07,19) [kdevtmpfs]
(root,0,0,00:00:00/193-22:02:07,20) [netns]
(root,0,0,00:00:00/193-22:02:07,21) [xenwatch]
(root,0,0,00:02:01/193-22:02:07,22) [xenbus]
(root,0,0,00:00:06/193-22:02:07,24) [khungtaskd]
(root,0,0,00:00:00/193-22:02:07,25) [oom_reaper]
(root,0,0,00:00:00/193-22:02:07,26) [writeback]
(root,0,0,00:00:00/193-22:02:07,27) [kcompactd0]
(root,0,0,00:00:00/193-22:02:07,28) [ksmd]
(root,0,0,00:00:00/193-22:02:07,29) [khugepaged]
(root,0,0,00:00:00/193-22:02:07,30) [crypto]
(root,0,0,00:00:00/193-22:02:07,31) [kintegrityd]
(root,0,0,00:00:00/193-22:02:07,32) [bioset]
(root,0,0,00:00:00/193-22:02:07,33) [kblockd]
(root,0,0,00:00:00/193-22:02:07,35) [devfreq_wq]
(root,0,0,00:00:00/193-22:02:07,36) [watchdogd]
(root,0,0,00:00:00/193-22:02:06,37) [kswapd0]
(root,0,0,00:00:00/193-22:02:06,38) [vmstat]
(root,0,0,00:00:00/193-22:02:06,50) [kthrotld]
(root,0,0,00:00:00/193-22:02:06,51) [khvcd]
(root,0,0,00:00:00/193-22:02:06,52) [ipv6_addrconf]
(root,0,0,00:00:00/193-22:02:06,91) [bioset]
(root,0,0,00:00:00/193-22:02:06,93) [bioset]
(root,0,0,00:00:00/193-22:02:06,95) [bioset]
(root,0,0,00:00:00/193-22:02:06,96) [kworker/u128:1]
(root,0,0,00:00:00/193-22:02:06,97) [ata_sff]
(root,0,0,00:00:00/193-22:02:06,98) [bioset]
(root,0,0,00:00:00/193-22:02:06,100) [bioset]
(root,0,0,00:00:00/193-22:02:06,102) [bioset]
(root,0,0,00:00:00/193-22:02:06,103) [bioset]
(root,0,0,00:00:00/193-22:02:06,104) [bioset]
(root,0,0,00:00:00/193-22:02:06,118) [scsi_eh_0]
(root,0,0,00:00:00/193-22:02:06,119) [scsi_tmf_0]
(root,0,0,00:00:00/193-22:02:06,120) [scsi_eh_1]
(root,0,0,00:00:00/193-22:02:06,121) [scsi_tmf_1]
(root,0,0,00:00:55/193-22:02:06,123) [kworker/u128:2]
(root,0,0,00:00:00/193-22:02:06,129) [bioset]
(root,0,0,00:00:00/193-22:02:02,155) [kworker/u129:0]
(root,0,0,00:00:08/193-22:02:01,165) [kworker/0:1H]
(root,0,0,00:00:19/193-22:02:01,167) [jbd2/xvda1-8]
(root,0,0,00:00:00/193-22:02:01,168) [ext4-rsv-conver]
(root,64388,10260,00:03:58/193-22:01:42,196) /lib/systemd/systemd-journald
(root,0,0,00:00:00/193-22:01:42,198) [kauditd]
(root,46732,4952,00:00:31/193-22:01:37,226) /lib/systemd/systemd-udevd
(root,0,0,00:00:11/193-22:01:35,231) [kworker/1:1H]
(root,0,0,00:00:00/193-22:01:22,282) [ttm_swap]
(root,0,0,00:00:00/193-22:01:20,316) [edac-poller]
(systemd-timesync,127288,4060,00:00:46/193-22:01:16,388) /lib/systemd/systemd-timesyncd
(root,29636,2732,00:00:30/193-22:01:15,403) /usr/sbin/cron -f
(root,35800,1932,00:36:27/193-22:01:14,416) /usr/sbin/irqbalance --foreground
(messagebus,45112,3620,00:00:00/193-22:01:14,417) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation
(root,37984,2168,00:00:39/193-22:01:01,447) /lib/systemd/systemd-logind
(root,250240,3908,00:00:22/193-22:01:01,448) /usr/sbin/rsyslogd -n
(clamav,1748708,1431624,01:18:08/193-22:01:00,456) /usr/sbin/clamd --foreground=true
(clamav,299368,35644,00:03:40/193-22:00:58,490) /usr/bin/freshclam -d --foreground=true
(bind,295176,30744,00:00:33/193-22:00:57,518) /usr/sbin/named -f -u bind
(root,14524,1716,00:00:00/193-22:00:57,524) /sbin/agetty --noclear tty1 linux
(root,14300,2064,00:00:00/193-22:00:57,525) /sbin/agetty --keep-baud 115200,38400,9600 hvc0 vt220
(smtpgw,21712,2284,00:00:03/193-22:00:53,528) /usr/sbin/smtp-gated /etc/smtp-gated.conf
(root,20220,2156,00:00:46/193-22:00:48,537) /usr/sbin/xinetd -pidfile /run/xinetd.pid -stayalive -inetd_compat -inetd_ipv6
(root,69960,5416,00:00:00/193-22:00:42,560) /usr/sbin/sshd -D
(root,790484,3116,01:41:19/193-22:00:08,575) /usr/sbin/xe-daemon -p /var/run/xe-daemon.pid
(root,25384,1512,00:00:00/193-22:00:06,578) logger -t xe-daemon
(root,25384,1492,00:00:00/193-22:00:06,580) logger -t xenstore
(root,185096,105312,00:57:03/193-21:59:53,595) /usr/bin/perl -T -w /usr/sbin/spamd -d --pidfile=/var/run/spamd.pid --create-prefs --max-children 5 --helper-home-dir --socketpath=/var/run/spamd.sock
(root,185096,99756,00:00:13/193-21:59:40,596) spamd child
(root,185096,99760,00:00:20/193-21:59:40,597) spamd child
(root,0,0,00:00:03/04:09:41,2321) [kworker/1:2]
(root,19736,3312,00:00:00/00:01,8781) /bin/bash /usr/bin/check_mk_agent
(root,36632,2860,00:00:00/00:00,8800) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000
(root,13208,1012,00:00:00/00:00,8801) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) /
(root,0,0,00:00:02/1-03:49:41,31164) [kworker/0:1]
(root,0,0,00:00:05/20:27:41,42601) [kworker/0:2]
(root,0,0,00:00:04/09:23:41,59439) [kworker/1:0]

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP mode DEFAULT group default qlen 1000
    link/ether 4e:f3:e0:93:12:31 brd ff:ff:ff:ff:ff:ff
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP mode DEFAULT group default qlen 1000
    link/ether 9e:6e:d6:0f:9c:57 brd ff:ff:ff:ff:ff:ff
[end_iplink]

Found on 2024-12-18 01:42

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcb3562910c28104c57538621431f6ef336644ffe39

Found public CheckMk agent:
Version: 1.2.8p15
AgentOS: linux
Hostname: proxy1
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
OnlyFrom: 

Found process list through CheckMk:
(root,56948,6788,00:01:33/193-16:55:56,1) /sbin/init
(root,0,0,00:00:00/193-16:55:56,2) [kthreadd]
(root,0,0,00:00:10/193-16:55:56,3) [ksoftirqd/0]
(root,0,0,00:00:00/193-16:55:56,5) [kworker/0:0H]
(root,0,0,02:50:53/193-16:55:56,7) [rcu_sched]
(root,0,0,00:00:00/193-16:55:56,8) [rcu_bh]
(root,0,0,00:01:08/193-16:55:56,9) [migration/0]
(root,0,0,00:00:00/193-16:55:56,10) [lru-add-drain]
(root,0,0,00:01:48/193-16:55:56,11) [watchdog/0]
(root,0,0,00:00:00/193-16:55:56,12) [cpuhp/0]
(root,0,0,00:00:00/193-16:55:56,13) [cpuhp/1]
(root,0,0,00:01:25/193-16:55:56,14) [watchdog/1]
(root,0,0,00:00:51/193-16:55:56,15) [migration/1]
(root,0,0,00:00:47/193-16:55:56,16) [ksoftirqd/1]
(root,0,0,00:00:00/193-16:55:56,18) [kworker/1:0H]
(root,0,0,00:00:00/193-16:55:56,19) [kdevtmpfs]
(root,0,0,00:00:00/193-16:55:56,20) [netns]
(root,0,0,00:00:00/193-16:55:56,21) [xenwatch]
(root,0,0,00:02:01/193-16:55:56,22) [xenbus]
(root,0,0,00:00:06/193-16:55:56,24) [khungtaskd]
(root,0,0,00:00:00/193-16:55:56,25) [oom_reaper]
(root,0,0,00:00:00/193-16:55:56,26) [writeback]
(root,0,0,00:00:00/193-16:55:56,27) [kcompactd0]
(root,0,0,00:00:00/193-16:55:56,28) [ksmd]
(root,0,0,00:00:00/193-16:55:56,29) [khugepaged]
(root,0,0,00:00:00/193-16:55:56,30) [crypto]
(root,0,0,00:00:00/193-16:55:56,31) [kintegrityd]
(root,0,0,00:00:00/193-16:55:56,32) [bioset]
(root,0,0,00:00:00/193-16:55:56,33) [kblockd]
(root,0,0,00:00:00/193-16:55:56,35) [devfreq_wq]
(root,0,0,00:00:00/193-16:55:56,36) [watchdogd]
(root,0,0,00:00:00/193-16:55:55,37) [kswapd0]
(root,0,0,00:00:00/193-16:55:55,38) [vmstat]
(root,0,0,00:00:00/193-16:55:55,50) [kthrotld]
(root,0,0,00:00:00/193-16:55:55,51) [khvcd]
(root,0,0,00:00:00/193-16:55:55,52) [ipv6_addrconf]
(root,0,0,00:00:00/193-16:55:55,91) [bioset]
(root,0,0,00:00:00/193-16:55:55,93) [bioset]
(root,0,0,00:00:00/193-16:55:55,95) [bioset]
(root,0,0,00:00:00/193-16:55:55,96) [kworker/u128:1]
(root,0,0,00:00:00/193-16:55:55,97) [ata_sff]
(root,0,0,00:00:00/193-16:55:55,98) [bioset]
(root,0,0,00:00:00/193-16:55:55,100) [bioset]
(root,0,0,00:00:00/193-16:55:55,102) [bioset]
(root,0,0,00:00:00/193-16:55:55,103) [bioset]
(root,0,0,00:00:00/193-16:55:55,104) [bioset]
(root,0,0,00:00:00/193-16:55:55,118) [scsi_eh_0]
(root,0,0,00:00:00/193-16:55:55,119) [scsi_tmf_0]
(root,0,0,00:00:00/193-16:55:55,120) [scsi_eh_1]
(root,0,0,00:00:00/193-16:55:55,121) [scsi_tmf_1]
(root,0,0,00:00:55/193-16:55:55,123) [kworker/u128:2]
(root,0,0,00:00:00/193-16:55:55,129) [bioset]
(root,0,0,00:00:00/193-16:55:51,155) [kworker/u129:0]
(root,0,0,00:00:08/193-16:55:50,165) [kworker/0:1H]
(root,0,0,00:00:19/193-16:55:50,167) [jbd2/xvda1-8]
(root,0,0,00:00:00/193-16:55:50,168) [ext4-rsv-conver]
(root,64388,10104,00:03:58/193-16:55:31,196) /lib/systemd/systemd-journald
(root,0,0,00:00:00/193-16:55:31,198) [kauditd]
(root,46732,4952,00:00:31/193-16:55:26,226) /lib/systemd/systemd-udevd
(root,0,0,00:00:11/193-16:55:24,231) [kworker/1:1H]
(root,0,0,00:00:00/193-16:55:11,282) [ttm_swap]
(root,0,0,00:00:00/193-16:55:09,316) [edac-poller]
(systemd-timesync,127288,4060,00:00:46/193-16:55:05,388) /lib/systemd/systemd-timesyncd
(root,29636,2732,00:00:30/193-16:55:04,403) /usr/sbin/cron -f
(root,35800,1932,00:36:24/193-16:55:03,416) /usr/sbin/irqbalance --foreground
(messagebus,45112,3620,00:00:00/193-16:55:03,417) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation
(root,37984,2168,00:00:39/193-16:54:50,447) /lib/systemd/systemd-logind
(root,250240,3908,00:00:22/193-16:54:50,448) /usr/sbin/rsyslogd -n
(clamav,1748708,1431624,01:18:08/193-16:54:49,456) /usr/sbin/clamd --foreground=true
(clamav,299368,35644,00:03:40/193-16:54:47,490) /usr/bin/freshclam -d --foreground=true
(bind,295176,30744,00:00:33/193-16:54:46,518) /usr/sbin/named -f -u bind
(root,14524,1716,00:00:00/193-16:54:46,524) /sbin/agetty --noclear tty1 linux
(root,14300,2064,00:00:00/193-16:54:46,525) /sbin/agetty --keep-baud 115200,38400,9600 hvc0 vt220
(smtpgw,21712,2284,00:00:03/193-16:54:42,528) /usr/sbin/smtp-gated /etc/smtp-gated.conf
(root,20220,2156,00:00:46/193-16:54:37,537) /usr/sbin/xinetd -pidfile /run/xinetd.pid -stayalive -inetd_compat -inetd_ipv6
(root,69960,5416,00:00:00/193-16:54:31,560) /usr/sbin/sshd -D
(root,790484,3116,01:41:12/193-16:53:57,575) /usr/sbin/xe-daemon -p /var/run/xe-daemon.pid
(root,25384,1512,00:00:00/193-16:53:55,578) logger -t xe-daemon
(root,25384,1492,00:00:00/193-16:53:55,580) logger -t xenstore
(root,185096,105312,00:56:59/193-16:53:42,595) /usr/bin/perl -T -w /usr/sbin/spamd -d --pidfile=/var/run/spamd.pid --create-prefs --max-children 5 --helper-home-dir --socketpath=/var/run/spamd.sock
(root,185096,99756,00:00:13/193-16:53:29,596) spamd child
(root,185096,99760,00:00:20/193-16:53:29,597) spamd child
(root,19736,3492,00:00:00/00:00,817) /bin/bash /usr/bin/check_mk_agent
(root,36632,2852,00:00:00/00:00,836) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000
(root,13208,1056,00:00:00/00:00,837) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) /
(root,0,0,00:00:02/22:43:30,31164) [kworker/0:1]
(root,0,0,00:00:04/15:21:30,42601) [kworker/0:2]
(root,0,0,00:00:08/13:36:27,45323) [kworker/1:1]
(root,0,0,00:00:03/04:17:30,59439) [kworker/1:0]

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP mode DEFAULT group default qlen 1000
    link/ether 4e:f3:e0:93:12:31 brd ff:ff:ff:ff:ff:ff
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP mode DEFAULT group default qlen 1000
    link/ether 9e:6e:d6:0f:9c:57 brd ff:ff:ff:ff:ff:ff
[end_iplink]

Found on 2024-12-17 20:35

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcb3562910c28104c57538621431f6ef33698fdc48c

Found public CheckMk agent:
Version: 1.2.8p15
AgentOS: linux
Hostname: proxy1
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
OnlyFrom: 

Found process list through CheckMk:
(root,56948,6788,00:01:32/191-19:42:30,1) /sbin/init
(root,0,0,00:00:00/191-19:42:30,2) [kthreadd]
(root,0,0,00:00:10/191-19:42:30,3) [ksoftirqd/0]
(root,0,0,00:00:00/191-19:42:30,5) [kworker/0:0H]
(root,0,0,02:49:25/191-19:42:30,7) [rcu_sched]
(root,0,0,00:00:00/191-19:42:30,8) [rcu_bh]
(root,0,0,00:01:07/191-19:42:30,9) [migration/0]
(root,0,0,00:00:00/191-19:42:30,10) [lru-add-drain]
(root,0,0,00:01:47/191-19:42:30,11) [watchdog/0]
(root,0,0,00:00:00/191-19:42:30,12) [cpuhp/0]
(root,0,0,00:00:00/191-19:42:30,13) [cpuhp/1]
(root,0,0,00:01:24/191-19:42:30,14) [watchdog/1]
(root,0,0,00:00:50/191-19:42:30,15) [migration/1]
(root,0,0,00:00:47/191-19:42:30,16) [ksoftirqd/1]
(root,0,0,00:00:00/191-19:42:30,18) [kworker/1:0H]
(root,0,0,00:00:00/191-19:42:30,19) [kdevtmpfs]
(root,0,0,00:00:00/191-19:42:30,20) [netns]
(root,0,0,00:00:00/191-19:42:30,21) [xenwatch]
(root,0,0,00:02:00/191-19:42:30,22) [xenbus]
(root,0,0,00:00:06/191-19:42:30,24) [khungtaskd]
(root,0,0,00:00:00/191-19:42:30,25) [oom_reaper]
(root,0,0,00:00:00/191-19:42:30,26) [writeback]
(root,0,0,00:00:00/191-19:42:30,27) [kcompactd0]
(root,0,0,00:00:00/191-19:42:30,28) [ksmd]
(root,0,0,00:00:00/191-19:42:30,29) [khugepaged]
(root,0,0,00:00:00/191-19:42:30,30) [crypto]
(root,0,0,00:00:00/191-19:42:30,31) [kintegrityd]
(root,0,0,00:00:00/191-19:42:30,32) [bioset]
(root,0,0,00:00:00/191-19:42:30,33) [kblockd]
(root,0,0,00:00:00/191-19:42:30,35) [devfreq_wq]
(root,0,0,00:00:00/191-19:42:30,36) [watchdogd]
(root,0,0,00:00:00/191-19:42:29,37) [kswapd0]
(root,0,0,00:00:00/191-19:42:29,38) [vmstat]
(root,0,0,00:00:00/191-19:42:29,50) [kthrotld]
(root,0,0,00:00:00/191-19:42:29,51) [khvcd]
(root,0,0,00:00:00/191-19:42:29,52) [ipv6_addrconf]
(root,0,0,00:00:00/191-19:42:29,91) [bioset]
(root,0,0,00:00:00/191-19:42:29,93) [bioset]
(root,0,0,00:00:00/191-19:42:29,95) [bioset]
(root,0,0,00:00:00/191-19:42:29,96) [kworker/u128:1]
(root,0,0,00:00:00/191-19:42:29,97) [ata_sff]
(root,0,0,00:00:00/191-19:42:29,98) [bioset]
(root,0,0,00:00:00/191-19:42:29,100) [bioset]
(root,0,0,00:00:00/191-19:42:29,102) [bioset]
(root,0,0,00:00:00/191-19:42:29,103) [bioset]
(root,0,0,00:00:00/191-19:42:29,104) [bioset]
(root,0,0,00:00:00/191-19:42:29,118) [scsi_eh_0]
(root,0,0,00:00:00/191-19:42:29,119) [scsi_tmf_0]
(root,0,0,00:00:00/191-19:42:29,120) [scsi_eh_1]
(root,0,0,00:00:00/191-19:42:29,121) [scsi_tmf_1]
(root,0,0,00:00:55/191-19:42:29,123) [kworker/u128:2]
(root,0,0,00:00:00/191-19:42:29,129) [bioset]
(root,0,0,00:00:00/191-19:42:25,155) [kworker/u129:0]
(root,0,0,00:00:08/191-19:42:24,165) [kworker/0:1H]
(root,0,0,00:00:19/191-19:42:24,167) [jbd2/xvda1-8]
(root,0,0,00:00:00/191-19:42:24,168) [ext4-rsv-conver]
(root,64388,9472,00:03:57/191-19:42:05,196) /lib/systemd/systemd-journald
(root,0,0,00:00:00/191-19:42:05,198) [kauditd]
(root,46732,4952,00:00:30/191-19:42:00,226) /lib/systemd/systemd-udevd
(root,0,0,00:00:11/191-19:41:58,231) [kworker/1:1H]
(root,0,0,00:00:00/191-19:41:45,282) [ttm_swap]
(root,0,0,00:00:00/191-19:41:43,316) [edac-poller]
(systemd-timesync,127288,4060,00:00:46/191-19:41:39,388) /lib/systemd/systemd-timesyncd
(root,29636,2732,00:00:29/191-19:41:38,403) /usr/sbin/cron -f
(root,35800,1932,00:36:03/191-19:41:37,416) /usr/sbin/irqbalance --foreground
(messagebus,45112,3620,00:00:00/191-19:41:37,417) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation
(root,37984,2168,00:00:39/191-19:41:24,447) /lib/systemd/systemd-logind
(root,250240,3908,00:00:22/191-19:41:24,448) /usr/sbin/rsyslogd -n
(clamav,1748388,1431292,01:17:18/191-19:41:23,456) /usr/sbin/clamd --foreground=true
(clamav,299332,35608,00:03:38/191-19:41:21,490) /usr/bin/freshclam -d --foreground=true
(bind,295176,30744,00:00:33/191-19:41:20,518) /usr/sbin/named -f -u bind
(root,14524,1716,00:00:00/191-19:41:20,524) /sbin/agetty --noclear tty1 linux
(root,14300,2064,00:00:00/191-19:41:20,525) /sbin/agetty --keep-baud 115200,38400,9600 hvc0 vt220
(smtpgw,21712,2284,00:00:03/191-19:41:16,528) /usr/sbin/smtp-gated /etc/smtp-gated.conf
(root,20220,2156,00:00:46/191-19:41:11,537) /usr/sbin/xinetd -pidfile /run/xinetd.pid -stayalive -inetd_compat -inetd_ipv6
(root,69960,5416,00:00:00/191-19:41:05,560) /usr/sbin/sshd -D
(root,790484,3116,01:40:14/191-19:40:31,575) /usr/sbin/xe-daemon -p /var/run/xe-daemon.pid
(root,25384,1512,00:00:00/191-19:40:29,578) logger -t xe-daemon
(root,25384,1492,00:00:00/191-19:40:29,580) logger -t xenstore
(root,185096,105312,00:56:26/191-19:40:16,595) /usr/bin/perl -T -w /usr/sbin/spamd -d --pidfile=/var/run/spamd.pid --create-prefs --max-children 5 --helper-home-dir --socketpath=/var/run/spamd.sock
(root,185096,99756,00:00:13/191-19:40:03,596) spamd child
(root,185096,99760,00:00:20/191-19:40:03,597) spamd child
(root,0,0,00:00:03/17:37:04,34948) [kworker/1:0]
(root,0,0,00:00:02/16:25:01,36761) [kworker/0:2]
(root,0,0,00:00:11/13:00:00,42015) [kworker/1:2]
(root,0,0,00:00:01/05:28:04,53687) [kworker/0:0]
(root,19736,3376,00:00:00/00:00,62018) /bin/bash /usr/bin/check_mk_agent
(root,36632,2804,00:00:00/00:00,62037) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000
(root,13208,1052,00:00:00/00:00,62038) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) /

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP mode DEFAULT group default qlen 1000
    link/ether 4e:f3:e0:93:12:31 brd ff:ff:ff:ff:ff:ff
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP mode DEFAULT group default qlen 1000
    link/ether 9e:6e:d6:0f:9c:57 brd ff:ff:ff:ff:ff:ff
[end_iplink]

Found on 2024-12-15 23:22

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcb3562910c28104c57538621431f6ef3361055aace

Found public CheckMk agent:
Version: 1.2.8p15
AgentOS: linux
Hostname: proxy1
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
OnlyFrom: 

Found process list through CheckMk:
(root,56948,6788,00:01:31/189-18:39:54,1) /sbin/init
(root,0,0,00:00:00/189-18:39:54,2) [kthreadd]
(root,0,0,00:00:10/189-18:39:54,3) [ksoftirqd/0]
(root,0,0,00:00:00/189-18:39:54,5) [kworker/0:0H]
(root,0,0,02:47:44/189-18:39:54,7) [rcu_sched]
(root,0,0,00:00:00/189-18:39:54,8) [rcu_bh]
(root,0,0,00:01:06/189-18:39:54,9) [migration/0]
(root,0,0,00:00:00/189-18:39:54,10) [lru-add-drain]
(root,0,0,00:01:46/189-18:39:54,11) [watchdog/0]
(root,0,0,00:00:00/189-18:39:54,12) [cpuhp/0]
(root,0,0,00:00:00/189-18:39:54,13) [cpuhp/1]
(root,0,0,00:01:23/189-18:39:54,14) [watchdog/1]
(root,0,0,00:00:50/189-18:39:54,15) [migration/1]
(root,0,0,00:00:46/189-18:39:54,16) [ksoftirqd/1]
(root,0,0,00:00:00/189-18:39:54,18) [kworker/1:0H]
(root,0,0,00:00:00/189-18:39:54,19) [kdevtmpfs]
(root,0,0,00:00:00/189-18:39:54,20) [netns]
(root,0,0,00:00:00/189-18:39:54,21) [xenwatch]
(root,0,0,00:01:58/189-18:39:54,22) [xenbus]
(root,0,0,00:00:06/189-18:39:54,24) [khungtaskd]
(root,0,0,00:00:00/189-18:39:54,25) [oom_reaper]
(root,0,0,00:00:00/189-18:39:54,26) [writeback]
(root,0,0,00:00:00/189-18:39:54,27) [kcompactd0]
(root,0,0,00:00:00/189-18:39:54,28) [ksmd]
(root,0,0,00:00:00/189-18:39:54,29) [khugepaged]
(root,0,0,00:00:00/189-18:39:54,30) [crypto]
(root,0,0,00:00:00/189-18:39:54,31) [kintegrityd]
(root,0,0,00:00:00/189-18:39:54,32) [bioset]
(root,0,0,00:00:00/189-18:39:54,33) [kblockd]
(root,0,0,00:00:00/189-18:39:54,35) [devfreq_wq]
(root,0,0,00:00:00/189-18:39:54,36) [watchdogd]
(root,0,0,00:00:00/189-18:39:53,37) [kswapd0]
(root,0,0,00:00:00/189-18:39:53,38) [vmstat]
(root,0,0,00:00:00/189-18:39:53,50) [kthrotld]
(root,0,0,00:00:00/189-18:39:53,51) [khvcd]
(root,0,0,00:00:00/189-18:39:53,52) [ipv6_addrconf]
(root,0,0,00:00:00/189-18:39:53,91) [bioset]
(root,0,0,00:00:00/189-18:39:53,93) [bioset]
(root,0,0,00:00:00/189-18:39:53,95) [bioset]
(root,0,0,00:00:00/189-18:39:53,96) [kworker/u128:1]
(root,0,0,00:00:00/189-18:39:53,97) [ata_sff]
(root,0,0,00:00:00/189-18:39:53,98) [bioset]
(root,0,0,00:00:00/189-18:39:53,100) [bioset]
(root,0,0,00:00:00/189-18:39:53,102) [bioset]
(root,0,0,00:00:00/189-18:39:53,103) [bioset]
(root,0,0,00:00:00/189-18:39:53,104) [bioset]
(root,0,0,00:00:00/189-18:39:53,118) [scsi_eh_0]
(root,0,0,00:00:00/189-18:39:53,119) [scsi_tmf_0]
(root,0,0,00:00:00/189-18:39:53,120) [scsi_eh_1]
(root,0,0,00:00:00/189-18:39:53,121) [scsi_tmf_1]
(root,0,0,00:00:54/189-18:39:53,123) [kworker/u128:2]
(root,0,0,00:00:00/189-18:39:53,129) [bioset]
(root,0,0,00:00:00/189-18:39:49,155) [kworker/u129:0]
(root,0,0,00:00:08/189-18:39:48,165) [kworker/0:1H]
(root,0,0,00:00:19/189-18:39:48,167) [jbd2/xvda1-8]
(root,0,0,00:00:00/189-18:39:48,168) [ext4-rsv-conver]
(root,64388,8704,00:03:55/189-18:39:29,196) /lib/systemd/systemd-journald
(root,0,0,00:00:00/189-18:39:29,198) [kauditd]
(root,46732,4952,00:00:30/189-18:39:24,226) /lib/systemd/systemd-udevd
(root,0,0,00:00:11/189-18:39:22,231) [kworker/1:1H]
(root,0,0,00:00:00/189-18:39:09,282) [ttm_swap]
(root,0,0,00:00:00/189-18:39:07,316) [edac-poller]
(systemd-timesync,127288,4060,00:00:45/189-18:39:03,388) /lib/systemd/systemd-timesyncd
(root,29636,2732,00:00:29/189-18:39:02,403) /usr/sbin/cron -f
(root,35800,1932,00:35:40/189-18:39:01,416) /usr/sbin/irqbalance --foreground
(messagebus,45112,3620,00:00:00/189-18:39:01,417) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation
(root,37984,2168,00:00:38/189-18:38:48,447) /lib/systemd/systemd-logind
(root,250240,3908,00:00:21/189-18:38:48,448) /usr/sbin/rsyslogd -n
(clamav,1748000,1430784,01:16:31/189-18:38:47,456) /usr/sbin/clamd --foreground=true
(clamav,299292,35568,00:03:36/189-18:38:45,490) /usr/bin/freshclam -d --foreground=true
(bind,295176,30744,00:00:33/189-18:38:44,518) /usr/sbin/named -f -u bind
(root,14524,1716,00:00:00/189-18:38:44,524) /sbin/agetty --noclear tty1 linux
(root,14300,2064,00:00:00/189-18:38:44,525) /sbin/agetty --keep-baud 115200,38400,9600 hvc0 vt220
(smtpgw,21712,2284,00:00:03/189-18:38:40,528) /usr/sbin/smtp-gated /etc/smtp-gated.conf
(root,20220,2156,00:00:45/189-18:38:35,537) /usr/sbin/xinetd -pidfile /run/xinetd.pid -stayalive -inetd_compat -inetd_ipv6
(root,69960,5416,00:00:00/189-18:38:29,560) /usr/sbin/sshd -D
(root,790484,3116,01:39:09/189-18:37:55,575) /usr/sbin/xe-daemon -p /var/run/xe-daemon.pid
(root,25384,1512,00:00:00/189-18:37:53,578) logger -t xe-daemon
(root,25384,1492,00:00:00/189-18:37:53,580) logger -t xenstore
(root,185096,105312,00:55:50/189-18:37:40,595) /usr/bin/perl -T -w /usr/sbin/spamd -d --pidfile=/var/run/spamd.pid --create-prefs --max-children 5 --helper-home-dir --socketpath=/var/run/spamd.sock
(root,185096,99756,00:00:13/189-18:37:27,596) spamd child
(root,185096,99760,00:00:20/189-18:37:27,597) spamd child
(root,0,0,00:00:04/16:35:28,26688) [kworker/0:1]
(root,0,0,00:00:08/15:24:25,28483) [kworker/1:0]
(root,0,0,00:00:04/05:21:28,43806) [kworker/1:1]
(root,19736,3420,00:00:00/00:01,51925) /bin/bash /usr/bin/check_mk_agent
(root,36632,2804,00:00:00/00:00,51944) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000
(root,13208,1056,00:00:00/00:00,51945) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) /
(root,0,0,00:00:06/1-15:25:25,57052) [kworker/0:0]

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP mode DEFAULT group default qlen 1000
    link/ether 4e:f3:e0:93:12:31 brd ff:ff:ff:ff:ff:ff
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP mode DEFAULT group default qlen 1000
    link/ether 9e:6e:d6:0f:9c:57 brd ff:ff:ff:ff:ff:ff
[end_iplink]

Found on 2024-12-13 22:19

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcb3562910c28104c57538621431f6ef336b79e2481

Found public CheckMk agent:
Version: 1.2.8p15
AgentOS: linux
Hostname: proxy1
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
OnlyFrom: 

Found process list through CheckMk:
(root,56948,6788,00:01:30/187-20:25:00,1) /sbin/init
(root,0,0,00:00:00/187-20:25:00,2) [kthreadd]
(root,0,0,00:00:10/187-20:25:00,3) [ksoftirqd/0]
(root,0,0,00:00:00/187-20:25:00,5) [kworker/0:0H]
(root,0,0,02:46:02/187-20:25:00,7) [rcu_sched]
(root,0,0,00:00:00/187-20:25:00,8) [rcu_bh]
(root,0,0,00:01:06/187-20:25:00,9) [migration/0]
(root,0,0,00:00:00/187-20:25:00,10) [lru-add-drain]
(root,0,0,00:01:45/187-20:25:00,11) [watchdog/0]
(root,0,0,00:00:00/187-20:25:00,12) [cpuhp/0]
(root,0,0,00:00:00/187-20:25:00,13) [cpuhp/1]
(root,0,0,00:01:22/187-20:25:00,14) [watchdog/1]
(root,0,0,00:00:49/187-20:25:00,15) [migration/1]
(root,0,0,00:00:46/187-20:25:00,16) [ksoftirqd/1]
(root,0,0,00:00:00/187-20:25:00,18) [kworker/1:0H]
(root,0,0,00:00:00/187-20:25:00,19) [kdevtmpfs]
(root,0,0,00:00:00/187-20:25:00,20) [netns]
(root,0,0,00:00:00/187-20:25:00,21) [xenwatch]
(root,0,0,00:01:57/187-20:25:00,22) [xenbus]
(root,0,0,00:00:06/187-20:25:00,24) [khungtaskd]
(root,0,0,00:00:00/187-20:25:00,25) [oom_reaper]
(root,0,0,00:00:00/187-20:25:00,26) [writeback]
(root,0,0,00:00:00/187-20:25:00,27) [kcompactd0]
(root,0,0,00:00:00/187-20:25:00,28) [ksmd]
(root,0,0,00:00:00/187-20:25:00,29) [khugepaged]
(root,0,0,00:00:00/187-20:25:00,30) [crypto]
(root,0,0,00:00:00/187-20:25:00,31) [kintegrityd]
(root,0,0,00:00:00/187-20:25:00,32) [bioset]
(root,0,0,00:00:00/187-20:25:00,33) [kblockd]
(root,0,0,00:00:00/187-20:25:00,35) [devfreq_wq]
(root,0,0,00:00:00/187-20:25:00,36) [watchdogd]
(root,0,0,00:00:00/187-20:24:59,37) [kswapd0]
(root,0,0,00:00:00/187-20:24:59,38) [vmstat]
(root,0,0,00:00:00/187-20:24:59,50) [kthrotld]
(root,0,0,00:00:00/187-20:24:59,51) [khvcd]
(root,0,0,00:00:00/187-20:24:59,52) [ipv6_addrconf]
(root,0,0,00:00:00/187-20:24:59,91) [bioset]
(root,0,0,00:00:00/187-20:24:59,93) [bioset]
(root,0,0,00:00:00/187-20:24:59,95) [bioset]
(root,0,0,00:00:00/187-20:24:59,96) [kworker/u128:1]
(root,0,0,00:00:00/187-20:24:59,97) [ata_sff]
(root,0,0,00:00:00/187-20:24:59,98) [bioset]
(root,0,0,00:00:00/187-20:24:59,100) [bioset]
(root,0,0,00:00:00/187-20:24:59,102) [bioset]
(root,0,0,00:00:00/187-20:24:59,103) [bioset]
(root,0,0,00:00:00/187-20:24:59,104) [bioset]
(root,0,0,00:00:00/187-20:24:59,118) [scsi_eh_0]
(root,0,0,00:00:00/187-20:24:59,119) [scsi_tmf_0]
(root,0,0,00:00:00/187-20:24:59,120) [scsi_eh_1]
(root,0,0,00:00:00/187-20:24:59,121) [scsi_tmf_1]
(root,0,0,00:00:54/187-20:24:59,123) [kworker/u128:2]
(root,0,0,00:00:00/187-20:24:59,129) [bioset]
(root,0,0,00:00:00/187-20:24:55,155) [kworker/u129:0]
(root,0,0,00:00:07/187-20:24:54,165) [kworker/0:1H]
(root,0,0,00:00:19/187-20:24:54,167) [jbd2/xvda1-8]
(root,0,0,00:00:00/187-20:24:54,168) [ext4-rsv-conver]
(root,64388,7880,00:03:53/187-20:24:35,196) /lib/systemd/systemd-journald
(root,0,0,00:00:00/187-20:24:35,198) [kauditd]
(root,46732,4952,00:00:30/187-20:24:30,226) /lib/systemd/systemd-udevd
(root,0,0,00:00:11/187-20:24:28,231) [kworker/1:1H]
(root,0,0,00:00:00/187-20:24:15,282) [ttm_swap]
(root,0,0,00:00:00/187-20:24:13,316) [edac-poller]
(systemd-timesync,127288,4060,00:00:45/187-20:24:09,388) /lib/systemd/systemd-timesyncd
(root,29636,2732,00:00:29/187-20:24:08,403) /usr/sbin/cron -f
(root,35800,1932,00:35:19/187-20:24:07,416) /usr/sbin/irqbalance --foreground
(messagebus,45112,3620,00:00:00/187-20:24:07,417) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation
(root,37984,2168,00:00:38/187-20:23:54,447) /lib/systemd/systemd-logind
(root,250240,3908,00:00:21/187-20:23:54,448) /usr/sbin/rsyslogd -n
(clamav,1747768,1430560,01:15:39/187-20:23:53,456) /usr/sbin/clamd --foreground=true
(clamav,299252,35528,00:03:33/187-20:23:51,490) /usr/bin/freshclam -d --foreground=true
(bind,295176,30744,00:00:32/187-20:23:50,518) /usr/sbin/named -f -u bind
(root,14524,1716,00:00:00/187-20:23:50,524) /sbin/agetty --noclear tty1 linux
(root,14300,2064,00:00:00/187-20:23:50,525) /sbin/agetty --keep-baud 115200,38400,9600 hvc0 vt220
(smtpgw,21712,2284,00:00:03/187-20:23:46,528) /usr/sbin/smtp-gated /etc/smtp-gated.conf
(root,20220,2156,00:00:45/187-20:23:41,537) /usr/sbin/xinetd -pidfile /run/xinetd.pid -stayalive -inetd_compat -inetd_ipv6
(root,69960,5416,00:00:00/187-20:23:35,560) /usr/sbin/sshd -D
(root,790484,3116,01:38:09/187-20:23:01,575) /usr/sbin/xe-daemon -p /var/run/xe-daemon.pid
(root,25384,1512,00:00:00/187-20:22:59,578) logger -t xe-daemon
(root,25384,1492,00:00:00/187-20:22:59,580) logger -t xenstore
(root,185096,105312,00:55:16/187-20:22:46,595) /usr/bin/perl -T -w /usr/sbin/spamd -d --pidfile=/var/run/spamd.pid --create-prefs --max-children 5 --helper-home-dir --socketpath=/var/run/spamd.sock
(root,185096,99756,00:00:13/187-20:22:33,596) spamd child
(root,185096,99760,00:00:19/187-20:22:33,597) spamd child
(root,0,0,00:00:24/1-03:27:34,4415) [kworker/1:0]
(root,0,0,00:00:03/17:11:31,20110) [kworker/0:0]
(root,0,0,00:00:01/05:29:34,38011) [kworker/0:1]
(root,19736,3308,00:00:00/00:00,46489) /bin/bash /usr/bin/check_mk_agent
(root,36632,2796,00:00:00/00:00,46508) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000
(root,13208,1092,00:00:00/00:00,46509) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) /
(root,0,0,00:00:12/1-17:12:31,48706) [kworker/1:2]

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP mode DEFAULT group default qlen 1000
    link/ether 4e:f3:e0:93:12:31 brd ff:ff:ff:ff:ff:ff
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP mode DEFAULT group default qlen 1000
    link/ether 9e:6e:d6:0f:9c:57 brd ff:ff:ff:ff:ff:ff
[end_iplink]

Found on 2024-12-12 00:05

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcb3562910c28104c57538621431f6ef336722f847c

Found public CheckMk agent:
Version: 1.2.8p15
AgentOS: linux
Hostname: proxy1
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
OnlyFrom: 

Found process list through CheckMk:
(root,56948,6788,00:01:29/185-18:59:39,1) /sbin/init
(root,0,0,00:00:00/185-18:59:39,2) [kthreadd]
(root,0,0,00:00:09/185-18:59:39,3) [ksoftirqd/0]
(root,0,0,00:00:00/185-18:59:39,5) [kworker/0:0H]
(root,0,0,02:44:11/185-18:59:39,7) [rcu_sched]
(root,0,0,00:00:00/185-18:59:39,8) [rcu_bh]
(root,0,0,00:01:05/185-18:59:39,9) [migration/0]
(root,0,0,00:00:00/185-18:59:39,10) [lru-add-drain]
(root,0,0,00:01:44/185-18:59:39,11) [watchdog/0]
(root,0,0,00:00:00/185-18:59:39,12) [cpuhp/0]
(root,0,0,00:00:00/185-18:59:39,13) [cpuhp/1]
(root,0,0,00:01:21/185-18:59:39,14) [watchdog/1]
(root,0,0,00:00:49/185-18:59:39,15) [migration/1]
(root,0,0,00:00:45/185-18:59:39,16) [ksoftirqd/1]
(root,0,0,00:00:00/185-18:59:39,18) [kworker/1:0H]
(root,0,0,00:00:00/185-18:59:39,19) [kdevtmpfs]
(root,0,0,00:00:00/185-18:59:39,20) [netns]
(root,0,0,00:00:00/185-18:59:39,21) [xenwatch]
(root,0,0,00:01:56/185-18:59:39,22) [xenbus]
(root,0,0,00:00:06/185-18:59:39,24) [khungtaskd]
(root,0,0,00:00:00/185-18:59:39,25) [oom_reaper]
(root,0,0,00:00:00/185-18:59:39,26) [writeback]
(root,0,0,00:00:00/185-18:59:39,27) [kcompactd0]
(root,0,0,00:00:00/185-18:59:39,28) [ksmd]
(root,0,0,00:00:00/185-18:59:39,29) [khugepaged]
(root,0,0,00:00:00/185-18:59:39,30) [crypto]
(root,0,0,00:00:00/185-18:59:39,31) [kintegrityd]
(root,0,0,00:00:00/185-18:59:39,32) [bioset]
(root,0,0,00:00:00/185-18:59:39,33) [kblockd]
(root,0,0,00:00:00/185-18:59:39,35) [devfreq_wq]
(root,0,0,00:00:00/185-18:59:39,36) [watchdogd]
(root,0,0,00:00:00/185-18:59:38,37) [kswapd0]
(root,0,0,00:00:00/185-18:59:38,38) [vmstat]
(root,0,0,00:00:00/185-18:59:38,50) [kthrotld]
(root,0,0,00:00:00/185-18:59:38,51) [khvcd]
(root,0,0,00:00:00/185-18:59:38,52) [ipv6_addrconf]
(root,0,0,00:00:00/185-18:59:38,91) [bioset]
(root,0,0,00:00:00/185-18:59:38,93) [bioset]
(root,0,0,00:00:00/185-18:59:38,95) [bioset]
(root,0,0,00:00:00/185-18:59:38,96) [kworker/u128:1]
(root,0,0,00:00:00/185-18:59:38,97) [ata_sff]
(root,0,0,00:00:00/185-18:59:38,98) [bioset]
(root,0,0,00:00:00/185-18:59:38,100) [bioset]
(root,0,0,00:00:00/185-18:59:38,102) [bioset]
(root,0,0,00:00:00/185-18:59:38,103) [bioset]
(root,0,0,00:00:00/185-18:59:38,104) [bioset]
(root,0,0,00:00:00/185-18:59:38,118) [scsi_eh_0]
(root,0,0,00:00:00/185-18:59:38,119) [scsi_tmf_0]
(root,0,0,00:00:00/185-18:59:38,120) [scsi_eh_1]
(root,0,0,00:00:00/185-18:59:38,121) [scsi_tmf_1]
(root,0,0,00:00:53/185-18:59:38,123) [kworker/u128:2]
(root,0,0,00:00:00/185-18:59:38,129) [bioset]
(root,0,0,00:00:00/185-18:59:34,155) [kworker/u129:0]
(root,0,0,00:00:07/185-18:59:33,165) [kworker/0:1H]
(root,0,0,00:00:18/185-18:59:33,167) [jbd2/xvda1-8]
(root,0,0,00:00:00/185-18:59:33,168) [ext4-rsv-conver]
(root,64388,10384,00:03:52/185-18:59:14,196) /lib/systemd/systemd-journald
(root,0,0,00:00:00/185-18:59:14,198) [kauditd]
(root,46732,4952,00:00:29/185-18:59:09,226) /lib/systemd/systemd-udevd
(root,0,0,00:00:11/185-18:59:07,231) [kworker/1:1H]
(root,0,0,00:00:00/185-18:58:54,282) [ttm_swap]
(root,0,0,00:00:00/185-18:58:52,316) [edac-poller]
(systemd-timesync,127288,4060,00:00:44/185-18:58:48,388) /lib/systemd/systemd-timesyncd
(root,29636,2732,00:00:28/185-18:58:47,403) /usr/sbin/cron -f
(root,35800,1932,00:34:56/185-18:58:46,416) /usr/sbin/irqbalance --foreground
(messagebus,45112,3620,00:00:00/185-18:58:46,417) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation
(root,37984,2168,00:00:38/185-18:58:33,447) /lib/systemd/systemd-logind
(root,250240,3908,00:00:21/185-18:58:33,448) /usr/sbin/rsyslogd -n
(clamav,1747568,1430332,01:14:50/185-18:58:32,456) /usr/sbin/clamd --foreground=true
(clamav,299212,35488,00:03:31/185-18:58:30,490) /usr/bin/freshclam -d --foreground=true
(bind,295176,30744,00:00:32/185-18:58:29,518) /usr/sbin/named -f -u bind
(root,14524,1716,00:00:00/185-18:58:29,524) /sbin/agetty --noclear tty1 linux
(root,14300,2064,00:00:00/185-18:58:29,525) /sbin/agetty --keep-baud 115200,38400,9600 hvc0 vt220
(smtpgw,21712,2284,00:00:03/185-18:58:25,528) /usr/sbin/smtp-gated /etc/smtp-gated.conf
(root,20220,2156,00:00:44/185-18:58:20,537) /usr/sbin/xinetd -pidfile /run/xinetd.pid -stayalive -inetd_compat -inetd_ipv6
(root,69960,5416,00:00:00/185-18:58:14,560) /usr/sbin/sshd -D
(root,790484,3116,01:37:05/185-18:57:40,575) /usr/sbin/xe-daemon -p /var/run/xe-daemon.pid
(root,25384,1512,00:00:00/185-18:57:38,578) logger -t xe-daemon
(root,25384,1492,00:00:00/185-18:57:38,580) logger -t xenstore
(root,185096,105312,00:54:40/185-18:57:25,595) /usr/bin/perl -T -w /usr/sbin/spamd -d --pidfile=/var/run/spamd.pid --create-prefs --max-children 5 --helper-home-dir --socketpath=/var/run/spamd.sock
(root,185096,99756,00:00:12/185-18:57:12,596) spamd child
(root,185096,99760,00:00:19/185-18:57:12,597) spamd child
(root,0,0,00:00:06/17:11:13,9782) [kworker/1:0]
(root,0,0,00:00:03/15:48:10,11877) [kworker/0:0]
(root,0,0,00:00:08/09:53:13,20794) [kworker/1:1]
(root,0,0,00:00:01/03:29:13,30610) [kworker/0:1]
(root,19736,3320,00:00:00/00:00,35980) /bin/bash /usr/bin/check_mk_agent
(root,36632,2756,00:00:00/00:00,35999) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000
(root,13208,1012,00:00:00/00:00,36000) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) /

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP mode DEFAULT group default qlen 1000
    link/ether 4e:f3:e0:93:12:31 brd ff:ff:ff:ff:ff:ff
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP mode DEFAULT group default qlen 1000
    link/ether 9e:6e:d6:0f:9c:57 brd ff:ff:ff:ff:ff:ff
[end_iplink]

Found on 2024-12-09 22:39

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcb3562910c28104c57538621431f6ef336729cb0ab

Found public CheckMk agent:
Version: 1.2.8p15
AgentOS: linux
Hostname: proxy1
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
OnlyFrom: 

Found process list through CheckMk:
(root,56948,6788,00:01:28/183-19:42:58,1) /sbin/init
(root,0,0,00:00:00/183-19:42:58,2) [kthreadd]
(root,0,0,00:00:09/183-19:42:58,3) [ksoftirqd/0]
(root,0,0,00:00:00/183-19:42:58,5) [kworker/0:0H]
(root,0,0,02:42:28/183-19:42:58,7) [rcu_sched]
(root,0,0,00:00:00/183-19:42:58,8) [rcu_bh]
(root,0,0,00:01:04/183-19:42:58,9) [migration/0]
(root,0,0,00:00:00/183-19:42:58,10) [lru-add-drain]
(root,0,0,00:01:43/183-19:42:58,11) [watchdog/0]
(root,0,0,00:00:00/183-19:42:58,12) [cpuhp/0]
(root,0,0,00:00:00/183-19:42:58,13) [cpuhp/1]
(root,0,0,00:01:21/183-19:42:58,14) [watchdog/1]
(root,0,0,00:00:48/183-19:42:58,15) [migration/1]
(root,0,0,00:00:45/183-19:42:58,16) [ksoftirqd/1]
(root,0,0,00:00:00/183-19:42:58,18) [kworker/1:0H]
(root,0,0,00:00:00/183-19:42:58,19) [kdevtmpfs]
(root,0,0,00:00:00/183-19:42:58,20) [netns]
(root,0,0,00:00:00/183-19:42:58,21) [xenwatch]
(root,0,0,00:01:55/183-19:42:58,22) [xenbus]
(root,0,0,00:00:06/183-19:42:58,24) [khungtaskd]
(root,0,0,00:00:00/183-19:42:58,25) [oom_reaper]
(root,0,0,00:00:00/183-19:42:58,26) [writeback]
(root,0,0,00:00:00/183-19:42:58,27) [kcompactd0]
(root,0,0,00:00:00/183-19:42:58,28) [ksmd]
(root,0,0,00:00:00/183-19:42:58,29) [khugepaged]
(root,0,0,00:00:00/183-19:42:58,30) [crypto]
(root,0,0,00:00:00/183-19:42:58,31) [kintegrityd]
(root,0,0,00:00:00/183-19:42:58,32) [bioset]
(root,0,0,00:00:00/183-19:42:58,33) [kblockd]
(root,0,0,00:00:00/183-19:42:58,35) [devfreq_wq]
(root,0,0,00:00:00/183-19:42:58,36) [watchdogd]
(root,0,0,00:00:00/183-19:42:57,37) [kswapd0]
(root,0,0,00:00:00/183-19:42:57,38) [vmstat]
(root,0,0,00:00:00/183-19:42:57,50) [kthrotld]
(root,0,0,00:00:00/183-19:42:57,51) [khvcd]
(root,0,0,00:00:00/183-19:42:57,52) [ipv6_addrconf]
(root,0,0,00:00:00/183-19:42:57,91) [bioset]
(root,0,0,00:00:00/183-19:42:57,93) [bioset]
(root,0,0,00:00:00/183-19:42:57,95) [bioset]
(root,0,0,00:00:00/183-19:42:57,96) [kworker/u128:1]
(root,0,0,00:00:00/183-19:42:57,97) [ata_sff]
(root,0,0,00:00:00/183-19:42:57,98) [bioset]
(root,0,0,00:00:00/183-19:42:57,100) [bioset]
(root,0,0,00:00:00/183-19:42:57,102) [bioset]
(root,0,0,00:00:00/183-19:42:57,103) [bioset]
(root,0,0,00:00:00/183-19:42:57,104) [bioset]
(root,0,0,00:00:00/183-19:42:57,118) [scsi_eh_0]
(root,0,0,00:00:00/183-19:42:57,119) [scsi_tmf_0]
(root,0,0,00:00:00/183-19:42:57,120) [scsi_eh_1]
(root,0,0,00:00:00/183-19:42:57,121) [scsi_tmf_1]
(root,0,0,00:00:53/183-19:42:57,123) [kworker/u128:2]
(root,0,0,00:00:00/183-19:42:57,129) [bioset]
(root,0,0,00:00:00/183-19:42:53,155) [kworker/u129:0]
(root,0,0,00:00:07/183-19:42:52,165) [kworker/0:1H]
(root,0,0,00:00:18/183-19:42:52,167) [jbd2/xvda1-8]
(root,0,0,00:00:00/183-19:42:52,168) [ext4-rsv-conver]
(root,64388,9648,00:03:50/183-19:42:33,196) /lib/systemd/systemd-journald
(root,0,0,00:00:00/183-19:42:33,198) [kauditd]
(root,46732,4952,00:00:29/183-19:42:28,226) /lib/systemd/systemd-udevd
(root,0,0,00:00:11/183-19:42:26,231) [kworker/1:1H]
(root,0,0,00:00:00/183-19:42:13,282) [ttm_swap]
(root,0,0,00:00:00/183-19:42:11,316) [edac-poller]
(systemd-timesync,127288,4060,00:00:44/183-19:42:07,388) /lib/systemd/systemd-timesyncd
(root,29636,2732,00:00:28/183-19:42:06,403) /usr/sbin/cron -f
(root,35800,1932,00:34:34/183-19:42:05,416) /usr/sbin/irqbalance --foreground
(messagebus,45112,3620,00:00:00/183-19:42:05,417) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation
(root,37984,2168,00:00:37/183-19:41:52,447) /lib/systemd/systemd-logind
(root,250240,3908,00:00:21/183-19:41:52,448) /usr/sbin/rsyslogd -n
(clamav,1747716,1430496,01:14:00/183-19:41:51,456) /usr/sbin/clamd --foreground=true
(clamav,299176,35452,00:03:29/183-19:41:49,490) /usr/bin/freshclam -d --foreground=true
(bind,295176,30480,00:00:32/183-19:41:48,518) /usr/sbin/named -f -u bind
(root,14524,1716,00:00:00/183-19:41:48,524) /sbin/agetty --noclear tty1 linux
(root,14300,2064,00:00:00/183-19:41:48,525) /sbin/agetty --keep-baud 115200,38400,9600 hvc0 vt220
(smtpgw,21712,2284,00:00:03/183-19:41:44,528) /usr/sbin/smtp-gated /etc/smtp-gated.conf
(root,20220,2156,00:00:44/183-19:41:39,537) /usr/sbin/xinetd -pidfile /run/xinetd.pid -stayalive -inetd_compat -inetd_ipv6
(root,69960,5416,00:00:00/183-19:41:33,560) /usr/sbin/sshd -D
(root,790484,3116,01:36:03/183-19:40:59,575) /usr/sbin/xe-daemon -p /var/run/xe-daemon.pid
(root,25384,1512,00:00:00/183-19:40:57,578) logger -t xe-daemon
(root,25384,1492,00:00:00/183-19:40:57,580) logger -t xenstore
(root,185096,105312,00:54:06/183-19:40:44,595) /usr/bin/perl -T -w /usr/sbin/spamd -d --pidfile=/var/run/spamd.pid --create-prefs --max-children 5 --helper-home-dir --socketpath=/var/run/spamd.sock
(root,185096,99756,00:00:12/183-19:40:31,596) spamd child
(root,185096,99760,00:00:19/183-19:40:31,597) spamd child
(root,0,0,00:00:04/16:33:29,2702) [kworker/0:0]
(root,0,0,00:00:04/10:38:32,11631) [kworker/1:2]
(root,0,0,00:00:05/06:01:48,18624) [kworker/1:0]
(root,19736,3392,00:00:00/00:00,27850) /bin/bash /usr/bin/check_mk_agent
(root,36632,2792,00:00:00/00:00,27869) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000
(root,13208,1004,00:00:00/00:00,27870) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) /
(root,0,0,00:00:01/22:57:32,58086) [kworker/0:2]

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP mode DEFAULT group default qlen 1000
    link/ether 4e:f3:e0:93:12:31 brd ff:ff:ff:ff:ff:ff
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP mode DEFAULT group default qlen 1000
    link/ether 9e:6e:d6:0f:9c:57 brd ff:ff:ff:ff:ff:ff
[end_iplink]

Found on 2024-12-07 23:23

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcb3562910c28104c57538621431f6ef3367b6683e7

Found public CheckMk agent:
Version: 1.2.8p15
AgentOS: linux
Hostname: proxy1
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
OnlyFrom: 

Found process list through CheckMk:
(root,56948,6788,00:01:27/181-20:09:16,1) /sbin/init
(root,0,0,00:00:00/181-20:09:16,2) [kthreadd]
(root,0,0,00:00:09/181-20:09:16,3) [ksoftirqd/0]
(root,0,0,00:00:00/181-20:09:16,5) [kworker/0:0H]
(root,0,0,02:40:45/181-20:09:16,7) [rcu_sched]
(root,0,0,00:00:00/181-20:09:16,8) [rcu_bh]
(root,0,0,00:01:04/181-20:09:16,9) [migration/0]
(root,0,0,00:00:00/181-20:09:16,10) [lru-add-drain]
(root,0,0,00:01:41/181-20:09:16,11) [watchdog/0]
(root,0,0,00:00:00/181-20:09:16,12) [cpuhp/0]
(root,0,0,00:00:00/181-20:09:16,13) [cpuhp/1]
(root,0,0,00:01:20/181-20:09:16,14) [watchdog/1]
(root,0,0,00:00:48/181-20:09:16,15) [migration/1]
(root,0,0,00:00:44/181-20:09:16,16) [ksoftirqd/1]
(root,0,0,00:00:00/181-20:09:16,18) [kworker/1:0H]
(root,0,0,00:00:00/181-20:09:16,19) [kdevtmpfs]
(root,0,0,00:00:00/181-20:09:16,20) [netns]
(root,0,0,00:00:00/181-20:09:16,21) [xenwatch]
(root,0,0,00:01:53/181-20:09:16,22) [xenbus]
(root,0,0,00:00:06/181-20:09:16,24) [khungtaskd]
(root,0,0,00:00:00/181-20:09:16,25) [oom_reaper]
(root,0,0,00:00:00/181-20:09:16,26) [writeback]
(root,0,0,00:00:00/181-20:09:16,27) [kcompactd0]
(root,0,0,00:00:00/181-20:09:16,28) [ksmd]
(root,0,0,00:00:00/181-20:09:16,29) [khugepaged]
(root,0,0,00:00:00/181-20:09:16,30) [crypto]
(root,0,0,00:00:00/181-20:09:16,31) [kintegrityd]
(root,0,0,00:00:00/181-20:09:16,32) [bioset]
(root,0,0,00:00:00/181-20:09:16,33) [kblockd]
(root,0,0,00:00:00/181-20:09:16,35) [devfreq_wq]
(root,0,0,00:00:00/181-20:09:16,36) [watchdogd]
(root,0,0,00:00:00/181-20:09:15,37) [kswapd0]
(root,0,0,00:00:00/181-20:09:15,38) [vmstat]
(root,0,0,00:00:00/181-20:09:15,50) [kthrotld]
(root,0,0,00:00:00/181-20:09:15,51) [khvcd]
(root,0,0,00:00:00/181-20:09:15,52) [ipv6_addrconf]
(root,0,0,00:00:00/181-20:09:15,91) [bioset]
(root,0,0,00:00:00/181-20:09:15,93) [bioset]
(root,0,0,00:00:00/181-20:09:15,95) [bioset]
(root,0,0,00:00:00/181-20:09:15,96) [kworker/u128:1]
(root,0,0,00:00:00/181-20:09:15,97) [ata_sff]
(root,0,0,00:00:00/181-20:09:15,98) [bioset]
(root,0,0,00:00:00/181-20:09:15,100) [bioset]
(root,0,0,00:00:00/181-20:09:15,102) [bioset]
(root,0,0,00:00:00/181-20:09:15,103) [bioset]
(root,0,0,00:00:00/181-20:09:15,104) [bioset]
(root,0,0,00:00:00/181-20:09:15,118) [scsi_eh_0]
(root,0,0,00:00:00/181-20:09:15,119) [scsi_tmf_0]
(root,0,0,00:00:00/181-20:09:15,120) [scsi_eh_1]
(root,0,0,00:00:00/181-20:09:15,121) [scsi_tmf_1]
(root,0,0,00:00:52/181-20:09:15,123) [kworker/u128:2]
(root,0,0,00:00:00/181-20:09:15,129) [bioset]
(root,0,0,00:00:00/181-20:09:11,155) [kworker/u129:0]
(root,0,0,00:00:07/181-20:09:10,165) [kworker/0:1H]
(root,0,0,00:00:18/181-20:09:10,167) [jbd2/xvda1-8]
(root,0,0,00:00:00/181-20:09:10,168) [ext4-rsv-conver]
(root,64388,8532,00:03:48/181-20:08:51,196) /lib/systemd/systemd-journald
(root,0,0,00:00:00/181-20:08:51,198) [kauditd]
(root,46732,4952,00:00:29/181-20:08:46,226) /lib/systemd/systemd-udevd
(root,0,0,00:00:11/181-20:08:44,231) [kworker/1:1H]
(root,0,0,00:00:00/181-20:08:31,282) [ttm_swap]
(root,0,0,00:00:00/181-20:08:29,316) [edac-poller]
(systemd-timesync,127288,4060,00:00:44/181-20:08:25,388) /lib/systemd/systemd-timesyncd
(root,29636,2732,00:00:28/181-20:08:24,403) /usr/sbin/cron -f
(root,35800,1932,00:34:12/181-20:08:23,416) /usr/sbin/irqbalance --foreground
(messagebus,45112,3620,00:00:00/181-20:08:23,417) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation
(root,37984,2168,00:00:37/181-20:08:10,447) /lib/systemd/systemd-logind
(root,250240,3908,00:00:21/181-20:08:10,448) /usr/sbin/rsyslogd -n
(clamav,1747676,1430436,01:13:11/181-20:08:09,456) /usr/sbin/clamd --foreground=true
(clamav,299136,35412,00:03:27/181-20:08:07,490) /usr/bin/freshclam -d --foreground=true
(bind,295176,30480,00:00:32/181-20:08:06,518) /usr/sbin/named -f -u bind
(root,14524,1716,00:00:00/181-20:08:06,524) /sbin/agetty --noclear tty1 linux
(root,14300,2064,00:00:00/181-20:08:06,525) /sbin/agetty --keep-baud 115200,38400,9600 hvc0 vt220
(smtpgw,21712,2284,00:00:03/181-20:08:02,528) /usr/sbin/smtp-gated /etc/smtp-gated.conf
(root,20220,2156,00:00:44/181-20:07:57,537) /usr/sbin/xinetd -pidfile /run/xinetd.pid -stayalive -inetd_compat -inetd_ipv6
(root,69960,5416,00:00:00/181-20:07:51,560) /usr/sbin/sshd -D
(root,790484,3116,01:35:01/181-20:07:17,575) /usr/sbin/xe-daemon -p /var/run/xe-daemon.pid
(root,25384,1512,00:00:00/181-20:07:15,578) logger -t xe-daemon
(root,25384,1492,00:00:00/181-20:07:15,580) logger -t xenstore
(root,185096,105312,00:53:31/181-20:07:02,595) /usr/bin/perl -T -w /usr/sbin/spamd -d --pidfile=/var/run/spamd.pid --create-prefs --max-children 5 --helper-home-dir --socketpath=/var/run/spamd.sock
(root,185096,99756,00:00:12/181-20:06:49,596) spamd child
(root,185096,99760,00:00:19/181-20:06:49,597) spamd child
(root,0,0,00:00:00/06:46,20101) [kworker/1:2]
(root,19736,3320,00:00:00/00:00,20340) /bin/bash /usr/bin/check_mk_agent
(root,36632,2900,00:00:00/00:00,20359) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000
(root,13208,1044,00:00:00/00:00,20360) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) /
(root,0,0,00:00:24/1-03:11:50,44060) [kworker/1:1]
(root,0,0,00:00:01/17:01:47,59595) [kworker/0:1]
(root,0,0,00:00:03/13:11:50,65490) [kworker/0:2]

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP mode DEFAULT group default qlen 1000
    link/ether 4e:f3:e0:93:12:31 brd ff:ff:ff:ff:ff:ff
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP mode DEFAULT group default qlen 1000
    link/ether 9e:6e:d6:0f:9c:57 brd ff:ff:ff:ff:ff:ff
[end_iplink]

Found on 2024-12-05 23:49

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcb3562910c28104c57538621431f6ef3366f26f350

Found public CheckMk agent:
Version: 1.2.8p15
AgentOS: linux
Hostname: proxy1
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
OnlyFrom: 

Found process list through CheckMk:
(root,56948,6788,00:01:26/179-20:01:21,1) /sbin/init
(root,0,0,00:00:00/179-20:01:21,2) [kthreadd]
(root,0,0,00:00:09/179-20:01:21,3) [ksoftirqd/0]
(root,0,0,00:00:00/179-20:01:21,5) [kworker/0:0H]
(root,0,0,02:39:08/179-20:01:21,7) [rcu_sched]
(root,0,0,00:00:00/179-20:01:21,8) [rcu_bh]
(root,0,0,00:01:03/179-20:01:21,9) [migration/0]
(root,0,0,00:00:00/179-20:01:21,10) [lru-add-drain]
(root,0,0,00:01:40/179-20:01:21,11) [watchdog/0]
(root,0,0,00:00:00/179-20:01:21,12) [cpuhp/0]
(root,0,0,00:00:00/179-20:01:21,13) [cpuhp/1]
(root,0,0,00:01:19/179-20:01:21,14) [watchdog/1]
(root,0,0,00:00:47/179-20:01:21,15) [migration/1]
(root,0,0,00:00:44/179-20:01:21,16) [ksoftirqd/1]
(root,0,0,00:00:00/179-20:01:21,18) [kworker/1:0H]
(root,0,0,00:00:00/179-20:01:21,19) [kdevtmpfs]
(root,0,0,00:00:00/179-20:01:21,20) [netns]
(root,0,0,00:00:00/179-20:01:21,21) [xenwatch]
(root,0,0,00:01:52/179-20:01:21,22) [xenbus]
(root,0,0,00:00:06/179-20:01:21,24) [khungtaskd]
(root,0,0,00:00:00/179-20:01:21,25) [oom_reaper]
(root,0,0,00:00:00/179-20:01:21,26) [writeback]
(root,0,0,00:00:00/179-20:01:21,27) [kcompactd0]
(root,0,0,00:00:00/179-20:01:21,28) [ksmd]
(root,0,0,00:00:00/179-20:01:21,29) [khugepaged]
(root,0,0,00:00:00/179-20:01:21,30) [crypto]
(root,0,0,00:00:00/179-20:01:21,31) [kintegrityd]
(root,0,0,00:00:00/179-20:01:21,32) [bioset]
(root,0,0,00:00:00/179-20:01:21,33) [kblockd]
(root,0,0,00:00:00/179-20:01:21,35) [devfreq_wq]
(root,0,0,00:00:00/179-20:01:21,36) [watchdogd]
(root,0,0,00:00:00/179-20:01:20,37) [kswapd0]
(root,0,0,00:00:00/179-20:01:20,38) [vmstat]
(root,0,0,00:00:00/179-20:01:20,50) [kthrotld]
(root,0,0,00:00:00/179-20:01:20,51) [khvcd]
(root,0,0,00:00:00/179-20:01:20,52) [ipv6_addrconf]
(root,0,0,00:00:00/179-20:01:20,91) [bioset]
(root,0,0,00:00:00/179-20:01:20,93) [bioset]
(root,0,0,00:00:00/179-20:01:20,95) [bioset]
(root,0,0,00:00:00/179-20:01:20,96) [kworker/u128:1]
(root,0,0,00:00:00/179-20:01:20,97) [ata_sff]
(root,0,0,00:00:00/179-20:01:20,98) [bioset]
(root,0,0,00:00:00/179-20:01:20,100) [bioset]
(root,0,0,00:00:00/179-20:01:20,102) [bioset]
(root,0,0,00:00:00/179-20:01:20,103) [bioset]
(root,0,0,00:00:00/179-20:01:20,104) [bioset]
(root,0,0,00:00:00/179-20:01:20,118) [scsi_eh_0]
(root,0,0,00:00:00/179-20:01:20,119) [scsi_tmf_0]
(root,0,0,00:00:00/179-20:01:20,120) [scsi_eh_1]
(root,0,0,00:00:00/179-20:01:20,121) [scsi_tmf_1]
(root,0,0,00:00:52/179-20:01:20,123) [kworker/u128:2]
(root,0,0,00:00:00/179-20:01:20,129) [bioset]
(root,0,0,00:00:00/179-20:01:16,155) [kworker/u129:0]
(root,0,0,00:00:07/179-20:01:15,165) [kworker/0:1H]
(root,0,0,00:00:18/179-20:01:15,167) [jbd2/xvda1-8]
(root,0,0,00:00:00/179-20:01:15,168) [ext4-rsv-conver]
(root,59340,7084,00:03:46/179-20:00:56,196) /lib/systemd/systemd-journald
(root,0,0,00:00:00/179-20:00:56,198) [kauditd]
(root,46732,4952,00:00:28/179-20:00:51,226) /lib/systemd/systemd-udevd
(root,0,0,00:00:11/179-20:00:49,231) [kworker/1:1H]
(root,0,0,00:00:00/179-20:00:36,282) [ttm_swap]
(root,0,0,00:00:00/179-20:00:34,316) [edac-poller]
(systemd-timesync,127288,4060,00:00:43/179-20:00:30,388) /lib/systemd/systemd-timesyncd
(root,29636,2732,00:00:27/179-20:00:29,403) /usr/sbin/cron -f
(root,35800,1932,00:33:49/179-20:00:28,416) /usr/sbin/irqbalance --foreground
(messagebus,45112,3620,00:00:00/179-20:00:28,417) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation
(root,37984,2168,00:00:36/179-20:00:15,447) /lib/systemd/systemd-logind
(root,250240,3908,00:00:21/179-20:00:15,448) /usr/sbin/rsyslogd -n
(clamav,1747332,1430116,01:12:25/179-20:00:14,456) /usr/sbin/clamd --foreground=true
(clamav,299096,35372,00:03:25/179-20:00:12,490) /usr/bin/freshclam -d --foreground=true
(bind,295176,30480,00:00:32/179-20:00:11,518) /usr/sbin/named -f -u bind
(root,14524,1716,00:00:00/179-20:00:11,524) /sbin/agetty --noclear tty1 linux
(root,14300,2064,00:00:00/179-20:00:11,525) /sbin/agetty --keep-baud 115200,38400,9600 hvc0 vt220
(smtpgw,21712,2284,00:00:03/179-20:00:07,528) /usr/sbin/smtp-gated /etc/smtp-gated.conf
(root,20220,2156,00:00:43/179-20:00:02,537) /usr/sbin/xinetd -pidfile /run/xinetd.pid -stayalive -inetd_compat -inetd_ipv6
(root,69960,5416,00:00:00/179-19:59:56,560) /usr/sbin/sshd -D
(root,790484,3116,01:33:58/179-19:59:22,575) /usr/sbin/xe-daemon -p /var/run/xe-daemon.pid
(root,25384,1512,00:00:00/179-19:59:20,578) logger -t xe-daemon
(root,25384,1492,00:00:00/179-19:59:20,580) logger -t xenstore
(root,185096,105312,00:52:56/179-19:59:07,595) /usr/bin/perl -T -w /usr/sbin/spamd -d --pidfile=/var/run/spamd.pid --create-prefs --max-children 5 --helper-home-dir --socketpath=/var/run/spamd.sock
(root,185096,99756,00:00:12/179-19:58:54,596) spamd child
(root,185096,99760,00:00:19/179-19:58:54,597) spamd child
(root,0,0,00:00:02/02:28:55,8048) [kworker/1:0]
(root,19736,3376,00:00:00/00:00,11895) /bin/bash /usr/bin/check_mk_agent
(root,36632,2864,00:00:00/00:00,11914) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000
(root,13208,1044,00:00:00/00:00,11915) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) /
(root,0,0,00:00:02/1-00:00:55,40170) [kworker/0:1]
(root,0,0,00:00:04/16:55:52,51126) [kworker/0:2]
(root,0,0,00:00:10/13:48:55,55896) [kworker/1:2]

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP mode DEFAULT group default qlen 1000
    link/ether 4e:f3:e0:93:12:31 brd ff:ff:ff:ff:ff:ff
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP mode DEFAULT group default qlen 1000
    link/ether 9e:6e:d6:0f:9c:57 brd ff:ff:ff:ff:ff:ff
[end_iplink]

Found on 2024-12-03 23:41

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcb3562910c28104c57538621431f6ef336a1057b90

Found public CheckMk agent:
Version: 1.2.8p15
AgentOS: linux
Hostname: proxy1
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
OnlyFrom: 

Found process list through CheckMk:
(root,56948,6788,00:01:26/177-20:25:59,1) /sbin/init
(root,0,0,00:00:00/177-20:25:59,2) [kthreadd]
(root,0,0,00:00:09/177-20:25:59,3) [ksoftirqd/0]
(root,0,0,00:00:00/177-20:25:59,5) [kworker/0:0H]
(root,0,0,02:37:32/177-20:25:59,7) [rcu_sched]
(root,0,0,00:00:00/177-20:25:59,8) [rcu_bh]
(root,0,0,00:01:02/177-20:25:59,9) [migration/0]
(root,0,0,00:00:00/177-20:25:59,10) [lru-add-drain]
(root,0,0,00:01:39/177-20:25:59,11) [watchdog/0]
(root,0,0,00:00:00/177-20:25:59,12) [cpuhp/0]
(root,0,0,00:00:00/177-20:25:59,13) [cpuhp/1]
(root,0,0,00:01:18/177-20:25:59,14) [watchdog/1]
(root,0,0,00:00:47/177-20:25:59,15) [migration/1]
(root,0,0,00:00:44/177-20:25:59,16) [ksoftirqd/1]
(root,0,0,00:00:00/177-20:25:59,18) [kworker/1:0H]
(root,0,0,00:00:00/177-20:25:59,19) [kdevtmpfs]
(root,0,0,00:00:00/177-20:25:59,20) [netns]
(root,0,0,00:00:00/177-20:25:59,21) [xenwatch]
(root,0,0,00:01:51/177-20:25:59,22) [xenbus]
(root,0,0,00:00:05/177-20:25:59,24) [khungtaskd]
(root,0,0,00:00:00/177-20:25:59,25) [oom_reaper]
(root,0,0,00:00:00/177-20:25:59,26) [writeback]
(root,0,0,00:00:00/177-20:25:59,27) [kcompactd0]
(root,0,0,00:00:00/177-20:25:59,28) [ksmd]
(root,0,0,00:00:00/177-20:25:59,29) [khugepaged]
(root,0,0,00:00:00/177-20:25:59,30) [crypto]
(root,0,0,00:00:00/177-20:25:59,31) [kintegrityd]
(root,0,0,00:00:00/177-20:25:59,32) [bioset]
(root,0,0,00:00:00/177-20:25:59,33) [kblockd]
(root,0,0,00:00:00/177-20:25:59,35) [devfreq_wq]
(root,0,0,00:00:00/177-20:25:59,36) [watchdogd]
(root,0,0,00:00:00/177-20:25:58,37) [kswapd0]
(root,0,0,00:00:00/177-20:25:58,38) [vmstat]
(root,0,0,00:00:00/177-20:25:58,50) [kthrotld]
(root,0,0,00:00:00/177-20:25:58,51) [khvcd]
(root,0,0,00:00:00/177-20:25:58,52) [ipv6_addrconf]
(root,0,0,00:00:00/177-20:25:58,91) [bioset]
(root,0,0,00:00:00/177-20:25:58,93) [bioset]
(root,0,0,00:00:00/177-20:25:58,95) [bioset]
(root,0,0,00:00:00/177-20:25:58,96) [kworker/u128:1]
(root,0,0,00:00:00/177-20:25:58,97) [ata_sff]
(root,0,0,00:00:00/177-20:25:58,98) [bioset]
(root,0,0,00:00:00/177-20:25:58,100) [bioset]
(root,0,0,00:00:00/177-20:25:58,102) [bioset]
(root,0,0,00:00:00/177-20:25:58,103) [bioset]
(root,0,0,00:00:00/177-20:25:58,104) [bioset]
(root,0,0,00:00:00/177-20:25:58,118) [scsi_eh_0]
(root,0,0,00:00:00/177-20:25:58,119) [scsi_tmf_0]
(root,0,0,00:00:00/177-20:25:58,120) [scsi_eh_1]
(root,0,0,00:00:00/177-20:25:58,121) [scsi_tmf_1]
(root,0,0,00:00:51/177-20:25:58,123) [kworker/u128:2]
(root,0,0,00:00:00/177-20:25:58,129) [bioset]
(root,0,0,00:00:00/177-20:25:54,155) [kworker/u129:0]
(root,0,0,00:00:07/177-20:25:53,165) [kworker/0:1H]
(root,0,0,00:00:18/177-20:25:53,167) [jbd2/xvda1-8]
(root,0,0,00:00:00/177-20:25:53,168) [ext4-rsv-conver]
(root,59340,6076,00:03:45/177-20:25:34,196) /lib/systemd/systemd-journald
(root,0,0,00:00:00/177-20:25:34,198) [kauditd]
(root,46732,4952,00:00:28/177-20:25:29,226) /lib/systemd/systemd-udevd
(root,0,0,00:00:11/177-20:25:27,231) [kworker/1:1H]
(root,0,0,00:00:00/177-20:25:14,282) [ttm_swap]
(root,0,0,00:00:00/177-20:25:12,316) [edac-poller]
(systemd-timesync,127288,4060,00:00:43/177-20:25:08,388) /lib/systemd/systemd-timesyncd
(root,29636,2732,00:00:27/177-20:25:07,403) /usr/sbin/cron -f
(root,35800,1932,00:33:27/177-20:25:06,416) /usr/sbin/irqbalance --foreground
(messagebus,45112,3620,00:00:00/177-20:25:06,417) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation
(root,37984,2168,00:00:36/177-20:24:53,447) /lib/systemd/systemd-logind
(root,250240,3908,00:00:21/177-20:24:53,448) /usr/sbin/rsyslogd -n
(clamav,1747028,1429732,01:11:37/177-20:24:52,456) /usr/sbin/clamd --foreground=true
(clamav,299060,35336,00:03:22/177-20:24:50,490) /usr/bin/freshclam -d --foreground=true
(bind,295176,30480,00:00:31/177-20:24:49,518) /usr/sbin/named -f -u bind
(root,14524,1716,00:00:00/177-20:24:49,524) /sbin/agetty --noclear tty1 linux
(root,14300,2064,00:00:00/177-20:24:49,525) /sbin/agetty --keep-baud 115200,38400,9600 hvc0 vt220
(smtpgw,21712,2284,00:00:03/177-20:24:45,528) /usr/sbin/smtp-gated /etc/smtp-gated.conf
(root,20220,2156,00:00:43/177-20:24:40,537) /usr/sbin/xinetd -pidfile /run/xinetd.pid -stayalive -inetd_compat -inetd_ipv6
(root,69960,5416,00:00:00/177-20:24:34,560) /usr/sbin/sshd -D
(root,790484,3116,01:32:57/177-20:24:00,575) /usr/sbin/xe-daemon -p /var/run/xe-daemon.pid
(root,25384,1512,00:00:00/177-20:23:58,578) logger -t xe-daemon
(root,25384,1492,00:00:00/177-20:23:58,580) logger -t xenstore
(root,185096,105312,00:52:21/177-20:23:45,595) /usr/bin/perl -T -w /usr/sbin/spamd -d --pidfile=/var/run/spamd.pid --create-prefs --max-children 5 --helper-home-dir --socketpath=/var/run/spamd.sock
(root,185096,99756,00:00:12/177-20:23:32,596) spamd child
(root,185096,99760,00:00:18/177-20:23:32,597) spamd child
(root,19736,3488,00:00:00/00:00,3943) /bin/bash /usr/bin/check_mk_agent
(root,36632,2900,00:00:00/00:00,3962) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000
(root,13208,1016,00:00:00/00:00,3963) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) /
(root,0,0,00:00:03/1-04:35:29,25362) [kworker/0:2]
(root,0,0,00:00:12/17:21:30,42626) [kworker/1:2]
(root,0,0,00:00:04/16:52:33,43411) [kworker/0:0]
(root,0,0,00:00:02/02:55:33,64515) [kworker/1:1]

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP mode DEFAULT group default qlen 1000
    link/ether 4e:f3:e0:93:12:31 brd ff:ff:ff:ff:ff:ff
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP mode DEFAULT group default qlen 1000
    link/ether 9e:6e:d6:0f:9c:57 brd ff:ff:ff:ff:ff:ff
[end_iplink]

Found on 2024-12-02 00:06

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcb3562910c28104c57538621431f6ef336a7b51c3f

Found public CheckMk agent:
Version: 1.2.8p15
AgentOS: linux
Hostname: proxy1
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
OnlyFrom: 

Found process list through CheckMk:
(root,56948,6788,00:01:25/175-19:21:03,1) /sbin/init
(root,0,0,00:00:00/175-19:21:03,2) [kthreadd]
(root,0,0,00:00:09/175-19:21:03,3) [ksoftirqd/0]
(root,0,0,00:00:00/175-19:21:03,5) [kworker/0:0H]
(root,0,0,02:35:45/175-19:21:03,7) [rcu_sched]
(root,0,0,00:00:00/175-19:21:03,8) [rcu_bh]
(root,0,0,00:01:01/175-19:21:03,9) [migration/0]
(root,0,0,00:00:00/175-19:21:03,10) [lru-add-drain]
(root,0,0,00:01:38/175-19:21:03,11) [watchdog/0]
(root,0,0,00:00:00/175-19:21:03,12) [cpuhp/0]
(root,0,0,00:00:00/175-19:21:03,13) [cpuhp/1]
(root,0,0,00:01:17/175-19:21:03,14) [watchdog/1]
(root,0,0,00:00:46/175-19:21:03,15) [migration/1]
(root,0,0,00:00:43/175-19:21:03,16) [ksoftirqd/1]
(root,0,0,00:00:00/175-19:21:03,18) [kworker/1:0H]
(root,0,0,00:00:00/175-19:21:03,19) [kdevtmpfs]
(root,0,0,00:00:00/175-19:21:03,20) [netns]
(root,0,0,00:00:00/175-19:21:03,21) [xenwatch]
(root,0,0,00:01:50/175-19:21:03,22) [xenbus]
(root,0,0,00:00:05/175-19:21:03,24) [khungtaskd]
(root,0,0,00:00:00/175-19:21:03,25) [oom_reaper]
(root,0,0,00:00:00/175-19:21:03,26) [writeback]
(root,0,0,00:00:00/175-19:21:03,27) [kcompactd0]
(root,0,0,00:00:00/175-19:21:03,28) [ksmd]
(root,0,0,00:00:00/175-19:21:03,29) [khugepaged]
(root,0,0,00:00:00/175-19:21:03,30) [crypto]
(root,0,0,00:00:00/175-19:21:03,31) [kintegrityd]
(root,0,0,00:00:00/175-19:21:03,32) [bioset]
(root,0,0,00:00:00/175-19:21:03,33) [kblockd]
(root,0,0,00:00:00/175-19:21:03,35) [devfreq_wq]
(root,0,0,00:00:00/175-19:21:03,36) [watchdogd]
(root,0,0,00:00:00/175-19:21:02,37) [kswapd0]
(root,0,0,00:00:00/175-19:21:02,38) [vmstat]
(root,0,0,00:00:00/175-19:21:02,50) [kthrotld]
(root,0,0,00:00:00/175-19:21:02,51) [khvcd]
(root,0,0,00:00:00/175-19:21:02,52) [ipv6_addrconf]
(root,0,0,00:00:00/175-19:21:02,91) [bioset]
(root,0,0,00:00:00/175-19:21:02,93) [bioset]
(root,0,0,00:00:00/175-19:21:02,95) [bioset]
(root,0,0,00:00:00/175-19:21:02,96) [kworker/u128:1]
(root,0,0,00:00:00/175-19:21:02,97) [ata_sff]
(root,0,0,00:00:00/175-19:21:02,98) [bioset]
(root,0,0,00:00:00/175-19:21:02,100) [bioset]
(root,0,0,00:00:00/175-19:21:02,102) [bioset]
(root,0,0,00:00:00/175-19:21:02,103) [bioset]
(root,0,0,00:00:00/175-19:21:02,104) [bioset]
(root,0,0,00:00:00/175-19:21:02,118) [scsi_eh_0]
(root,0,0,00:00:00/175-19:21:02,119) [scsi_tmf_0]
(root,0,0,00:00:00/175-19:21:02,120) [scsi_eh_1]
(root,0,0,00:00:00/175-19:21:02,121) [scsi_tmf_1]
(root,0,0,00:00:51/175-19:21:02,123) [kworker/u128:2]
(root,0,0,00:00:00/175-19:21:02,129) [bioset]
(root,0,0,00:00:00/175-19:20:58,155) [kworker/u129:0]
(root,0,0,00:00:07/175-19:20:57,165) [kworker/0:1H]
(root,0,0,00:00:18/175-19:20:57,167) [jbd2/xvda1-8]
(root,0,0,00:00:00/175-19:20:57,168) [ext4-rsv-conver]
(root,59340,4392,00:03:42/175-19:20:38,196) /lib/systemd/systemd-journald
(root,0,0,00:00:00/175-19:20:38,198) [kauditd]
(root,46732,4952,00:00:28/175-19:20:33,226) /lib/systemd/systemd-udevd
(root,0,0,00:00:10/175-19:20:31,231) [kworker/1:1H]
(root,0,0,00:00:00/175-19:20:18,282) [ttm_swap]
(root,0,0,00:00:00/175-19:20:16,316) [edac-poller]
(systemd-timesync,127288,4060,00:00:42/175-19:20:12,388) /lib/systemd/systemd-timesyncd
(root,29636,2732,00:00:27/175-19:20:11,403) /usr/sbin/cron -f
(root,35800,1932,00:33:04/175-19:20:10,416) /usr/sbin/irqbalance --foreground
(messagebus,45112,3620,00:00:00/175-19:20:10,417) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation
(root,37984,2168,00:00:36/175-19:19:57,447) /lib/systemd/systemd-logind
(root,250240,3908,00:00:20/175-19:19:57,448) /usr/sbin/rsyslogd -n
(clamav,1746872,1429608,01:10:51/175-19:19:56,456) /usr/sbin/clamd --foreground=true
(clamav,299020,35296,00:03:20/175-19:19:54,490) /usr/bin/freshclam -d --foreground=true
(bind,295176,30480,00:00:31/175-19:19:53,518) /usr/sbin/named -f -u bind
(root,14524,1716,00:00:00/175-19:19:53,524) /sbin/agetty --noclear tty1 linux
(root,14300,2064,00:00:00/175-19:19:53,525) /sbin/agetty --keep-baud 115200,38400,9600 hvc0 vt220
(smtpgw,21712,2284,00:00:03/175-19:19:49,528) /usr/sbin/smtp-gated /etc/smtp-gated.conf
(root,20220,2156,00:00:42/175-19:19:44,537) /usr/sbin/xinetd -pidfile /run/xinetd.pid -stayalive -inetd_compat -inetd_ipv6
(root,69960,5416,00:00:00/175-19:19:38,560) /usr/sbin/sshd -D
(root,790484,3116,01:31:52/175-19:19:04,575) /usr/sbin/xe-daemon -p /var/run/xe-daemon.pid
(root,25384,1512,00:00:00/175-19:19:02,578) logger -t xe-daemon
(root,25384,1492,00:00:00/175-19:19:02,580) logger -t xenstore
(root,185096,105312,00:51:45/175-19:18:49,595) /usr/bin/perl -T -w /usr/sbin/spamd -d --pidfile=/var/run/spamd.pid --create-prefs --max-children 5 --helper-home-dir --socketpath=/var/run/spamd.sock
(root,185096,99756,00:00:12/175-19:18:36,596) spamd child
(root,185096,99760,00:00:18/175-19:18:36,597) spamd child
(root,0,0,00:00:01/17:40:37,32071) [kworker/1:2]
(root,0,0,00:00:03/17:33:37,32365) [kworker/0:0]
(root,0,0,00:00:14/16:18:34,34330) [kworker/1:1]
(root,0,0,00:00:01/05:28:33,50724) [kworker/0:1]
(root,19736,3476,00:00:00/00:00,59099) /bin/bash /usr/bin/check_mk_agent
(root,36632,2820,00:00:00/00:00,59118) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000
(root,13208,1080,00:00:00/00:00,59119) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) /

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP mode DEFAULT group default qlen 1000
    link/ether 4e:f3:e0:93:12:31 brd ff:ff:ff:ff:ff:ff
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP mode DEFAULT group default qlen 1000
    link/ether 9e:6e:d6:0f:9c:57 brd ff:ff:ff:ff:ff:ff
[end_iplink]

Found on 2024-11-29 23:01

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcb3562910c28104c57538621431f6ef3365c325920

Found public CheckMk agent:
Version: 1.2.8p15
AgentOS: linux
Hostname: proxy1
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
OnlyFrom: 

Found process list through CheckMk:
(root,56948,6788,00:01:24/173-18:41:27,1) /sbin/init
(root,0,0,00:00:00/173-18:41:27,2) [kthreadd]
(root,0,0,00:00:09/173-18:41:27,3) [ksoftirqd/0]
(root,0,0,00:00:00/173-18:41:27,5) [kworker/0:0H]
(root,0,0,02:33:52/173-18:41:27,7) [rcu_sched]
(root,0,0,00:00:00/173-18:41:27,8) [rcu_bh]
(root,0,0,00:01:01/173-18:41:27,9) [migration/0]
(root,0,0,00:00:00/173-18:41:27,10) [lru-add-drain]
(root,0,0,00:01:37/173-18:41:27,11) [watchdog/0]
(root,0,0,00:00:00/173-18:41:27,12) [cpuhp/0]
(root,0,0,00:00:00/173-18:41:27,13) [cpuhp/1]
(root,0,0,00:01:16/173-18:41:27,14) [watchdog/1]
(root,0,0,00:00:46/173-18:41:27,15) [migration/1]
(root,0,0,00:00:43/173-18:41:27,16) [ksoftirqd/1]
(root,0,0,00:00:00/173-18:41:27,18) [kworker/1:0H]
(root,0,0,00:00:00/173-18:41:27,19) [kdevtmpfs]
(root,0,0,00:00:00/173-18:41:27,20) [netns]
(root,0,0,00:00:00/173-18:41:27,21) [xenwatch]
(root,0,0,00:01:48/173-18:41:27,22) [xenbus]
(root,0,0,00:00:05/173-18:41:27,24) [khungtaskd]
(root,0,0,00:00:00/173-18:41:27,25) [oom_reaper]
(root,0,0,00:00:00/173-18:41:27,26) [writeback]
(root,0,0,00:00:00/173-18:41:27,27) [kcompactd0]
(root,0,0,00:00:00/173-18:41:27,28) [ksmd]
(root,0,0,00:00:00/173-18:41:27,29) [khugepaged]
(root,0,0,00:00:00/173-18:41:27,30) [crypto]
(root,0,0,00:00:00/173-18:41:27,31) [kintegrityd]
(root,0,0,00:00:00/173-18:41:27,32) [bioset]
(root,0,0,00:00:00/173-18:41:27,33) [kblockd]
(root,0,0,00:00:00/173-18:41:27,35) [devfreq_wq]
(root,0,0,00:00:00/173-18:41:27,36) [watchdogd]
(root,0,0,00:00:00/173-18:41:26,37) [kswapd0]
(root,0,0,00:00:00/173-18:41:26,38) [vmstat]
(root,0,0,00:00:00/173-18:41:26,50) [kthrotld]
(root,0,0,00:00:00/173-18:41:26,51) [khvcd]
(root,0,0,00:00:00/173-18:41:26,52) [ipv6_addrconf]
(root,0,0,00:00:00/173-18:41:26,91) [bioset]
(root,0,0,00:00:00/173-18:41:26,93) [bioset]
(root,0,0,00:00:00/173-18:41:26,95) [bioset]
(root,0,0,00:00:00/173-18:41:26,96) [kworker/u128:1]
(root,0,0,00:00:00/173-18:41:26,97) [ata_sff]
(root,0,0,00:00:00/173-18:41:26,98) [bioset]
(root,0,0,00:00:00/173-18:41:26,100) [bioset]
(root,0,0,00:00:00/173-18:41:26,102) [bioset]
(root,0,0,00:00:00/173-18:41:26,103) [bioset]
(root,0,0,00:00:00/173-18:41:26,104) [bioset]
(root,0,0,00:00:00/173-18:41:26,118) [scsi_eh_0]
(root,0,0,00:00:00/173-18:41:26,119) [scsi_tmf_0]
(root,0,0,00:00:00/173-18:41:26,120) [scsi_eh_1]
(root,0,0,00:00:00/173-18:41:26,121) [scsi_tmf_1]
(root,0,0,00:00:50/173-18:41:26,123) [kworker/u128:2]
(root,0,0,00:00:00/173-18:41:26,129) [bioset]
(root,0,0,00:00:00/173-18:41:22,155) [kworker/u129:0]
(root,0,0,00:00:07/173-18:41:21,165) [kworker/0:1H]
(root,0,0,00:00:17/173-18:41:21,167) [jbd2/xvda1-8]
(root,0,0,00:00:00/173-18:41:21,168) [ext4-rsv-conver]
(root,64388,10292,00:03:39/173-18:41:02,196) /lib/systemd/systemd-journald
(root,0,0,00:00:00/173-18:41:02,198) [kauditd]
(root,46732,4952,00:00:27/173-18:40:57,226) /lib/systemd/systemd-udevd
(root,0,0,00:00:10/173-18:40:55,231) [kworker/1:1H]
(root,0,0,00:00:00/173-18:40:42,282) [ttm_swap]
(root,0,0,00:00:00/173-18:40:40,316) [edac-poller]
(systemd-timesync,127288,4060,00:00:42/173-18:40:36,388) /lib/systemd/systemd-timesyncd
(root,29636,2732,00:00:26/173-18:40:35,403) /usr/sbin/cron -f
(root,35800,1932,00:32:41/173-18:40:34,416) /usr/sbin/irqbalance --foreground
(messagebus,45112,3620,00:00:00/173-18:40:34,417) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation
(root,37984,2168,00:00:35/173-18:40:21,447) /lib/systemd/systemd-logind
(root,250240,3908,00:00:20/173-18:40:21,448) /usr/sbin/rsyslogd -n
(clamav,1746452,1429184,01:10:00/173-18:40:20,456) /usr/sbin/clamd --foreground=true
(clamav,298980,35256,00:03:18/173-18:40:18,490) /usr/bin/freshclam -d --foreground=true
(bind,295176,30480,00:00:31/173-18:40:17,518) /usr/sbin/named -f -u bind
(root,14524,1716,00:00:00/173-18:40:17,524) /sbin/agetty --noclear tty1 linux
(root,14300,2064,00:00:00/173-18:40:17,525) /sbin/agetty --keep-baud 115200,38400,9600 hvc0 vt220
(smtpgw,21712,2284,00:00:03/173-18:40:13,528) /usr/sbin/smtp-gated /etc/smtp-gated.conf
(root,20220,2156,00:00:42/173-18:40:08,537) /usr/sbin/xinetd -pidfile /run/xinetd.pid -stayalive -inetd_compat -inetd_ipv6
(root,69960,5416,00:00:00/173-18:40:02,560) /usr/sbin/sshd -D
(root,790484,3116,01:30:49/173-18:39:28,575) /usr/sbin/xe-daemon -p /var/run/xe-daemon.pid
(root,25384,1512,00:00:00/173-18:39:26,578) logger -t xe-daemon
(root,25384,1492,00:00:00/173-18:39:26,580) logger -t xenstore
(root,185096,105312,00:51:09/173-18:39:13,595) /usr/bin/perl -T -w /usr/sbin/spamd -d --pidfile=/var/run/spamd.pid --create-prefs --max-children 5 --helper-home-dir --socketpath=/var/run/spamd.sock
(root,185096,99756,00:00:11/173-18:39:00,596) spamd child
(root,185096,99760,00:00:18/173-18:39:00,597) spamd child
(root,0,0,00:00:03/1-05:54:01,3520) [kworker/0:1]
(root,0,0,00:00:05/18:41:01,20762) [kworker/0:0]
(root,0,0,00:00:01/15:40:58,25599) [kworker/1:1]
(root,0,0,00:00:12/14:05:01,28048) [kworker/1:0]
(root,19736,3376,00:00:00/00:00,49424) /bin/bash /usr/bin/check_mk_agent
(root,36632,2856,00:00:00/00:00,49443) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000
(root,13208,1048,00:00:00/00:00,49444) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) /

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP mode DEFAULT group default qlen 1000
    link/ether 4e:f3:e0:93:12:31 brd ff:ff:ff:ff:ff:ff
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP mode DEFAULT group default qlen 1000
    link/ether 9e:6e:d6:0f:9c:57 brd ff:ff:ff:ff:ff:ff
[end_iplink]

Found on 2024-11-27 22:21

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcb3562910c28104c57538621431f6ef3362e3895fe

Found public CheckMk agent:
Version: 1.2.8p15
AgentOS: linux
Hostname: proxy1
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
OnlyFrom: 

Found process list through CheckMk:
(root,56948,6788,00:01:23/171-20:08:15,1) /sbin/init
(root,0,0,00:00:00/171-20:08:15,2) [kthreadd]
(root,0,0,00:00:09/171-20:08:15,3) [ksoftirqd/0]
(root,0,0,00:00:00/171-20:08:15,5) [kworker/0:0H]
(root,0,0,02:32:12/171-20:08:15,7) [rcu_sched]
(root,0,0,00:00:00/171-20:08:15,8) [rcu_bh]
(root,0,0,00:01:00/171-20:08:15,9) [migration/0]
(root,0,0,00:00:00/171-20:08:15,10) [lru-add-drain]
(root,0,0,00:01:36/171-20:08:15,11) [watchdog/0]
(root,0,0,00:00:00/171-20:08:15,12) [cpuhp/0]
(root,0,0,00:00:00/171-20:08:15,13) [cpuhp/1]
(root,0,0,00:01:15/171-20:08:15,14) [watchdog/1]
(root,0,0,00:00:45/171-20:08:15,15) [migration/1]
(root,0,0,00:00:42/171-20:08:15,16) [ksoftirqd/1]
(root,0,0,00:00:00/171-20:08:15,18) [kworker/1:0H]
(root,0,0,00:00:00/171-20:08:15,19) [kdevtmpfs]
(root,0,0,00:00:00/171-20:08:15,20) [netns]
(root,0,0,00:00:00/171-20:08:15,21) [xenwatch]
(root,0,0,00:01:47/171-20:08:15,22) [xenbus]
(root,0,0,00:00:05/171-20:08:15,24) [khungtaskd]
(root,0,0,00:00:00/171-20:08:15,25) [oom_reaper]
(root,0,0,00:00:00/171-20:08:15,26) [writeback]
(root,0,0,00:00:00/171-20:08:15,27) [kcompactd0]
(root,0,0,00:00:00/171-20:08:15,28) [ksmd]
(root,0,0,00:00:00/171-20:08:15,29) [khugepaged]
(root,0,0,00:00:00/171-20:08:15,30) [crypto]
(root,0,0,00:00:00/171-20:08:15,31) [kintegrityd]
(root,0,0,00:00:00/171-20:08:15,32) [bioset]
(root,0,0,00:00:00/171-20:08:15,33) [kblockd]
(root,0,0,00:00:00/171-20:08:15,35) [devfreq_wq]
(root,0,0,00:00:00/171-20:08:15,36) [watchdogd]
(root,0,0,00:00:00/171-20:08:14,37) [kswapd0]
(root,0,0,00:00:00/171-20:08:14,38) [vmstat]
(root,0,0,00:00:00/171-20:08:14,50) [kthrotld]
(root,0,0,00:00:00/171-20:08:14,51) [khvcd]
(root,0,0,00:00:00/171-20:08:14,52) [ipv6_addrconf]
(root,0,0,00:00:00/171-20:08:14,91) [bioset]
(root,0,0,00:00:00/171-20:08:14,93) [bioset]
(root,0,0,00:00:00/171-20:08:14,95) [bioset]
(root,0,0,00:00:00/171-20:08:14,96) [kworker/u128:1]
(root,0,0,00:00:00/171-20:08:14,97) [ata_sff]
(root,0,0,00:00:00/171-20:08:14,98) [bioset]
(root,0,0,00:00:00/171-20:08:14,100) [bioset]
(root,0,0,00:00:00/171-20:08:14,102) [bioset]
(root,0,0,00:00:00/171-20:08:14,103) [bioset]
(root,0,0,00:00:00/171-20:08:14,104) [bioset]
(root,0,0,00:00:00/171-20:08:14,118) [scsi_eh_0]
(root,0,0,00:00:00/171-20:08:14,119) [scsi_tmf_0]
(root,0,0,00:00:00/171-20:08:14,120) [scsi_eh_1]
(root,0,0,00:00:00/171-20:08:14,121) [scsi_tmf_1]
(root,0,0,00:00:49/171-20:08:14,123) [kworker/u128:2]
(root,0,0,00:00:00/171-20:08:14,129) [bioset]
(root,0,0,00:00:00/171-20:08:10,155) [kworker/u129:0]
(root,0,0,00:00:07/171-20:08:09,165) [kworker/0:1H]
(root,0,0,00:00:17/171-20:08:09,167) [jbd2/xvda1-8]
(root,0,0,00:00:00/171-20:08:09,168) [ext4-rsv-conver]
(root,59340,5916,00:03:34/171-20:07:50,196) /lib/systemd/systemd-journald
(root,0,0,00:00:00/171-20:07:50,198) [kauditd]
(root,46732,4952,00:00:27/171-20:07:45,226) /lib/systemd/systemd-udevd
(root,0,0,00:00:10/171-20:07:43,231) [kworker/1:1H]
(root,0,0,00:00:00/171-20:07:30,282) [ttm_swap]
(root,0,0,00:00:00/171-20:07:28,316) [edac-poller]
(systemd-timesync,127288,4060,00:00:41/171-20:07:24,388) /lib/systemd/systemd-timesyncd
(root,29636,2732,00:00:26/171-20:07:23,403) /usr/sbin/cron -f
(root,35800,1932,00:32:20/171-20:07:22,416) /usr/sbin/irqbalance --foreground
(messagebus,45112,3620,00:00:00/171-20:07:22,417) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation
(root,37984,2168,00:00:35/171-20:07:09,447) /lib/systemd/systemd-logind
(root,250240,3908,00:00:20/171-20:07:09,448) /usr/sbin/rsyslogd -n
(clamav,1746416,1429144,01:09:10/171-20:07:08,456) /usr/sbin/clamd --foreground=true
(clamav,298940,35216,00:03:15/171-20:07:06,490) /usr/bin/freshclam -d --foreground=true
(bind,295176,30480,00:00:30/171-20:07:05,518) /usr/sbin/named -f -u bind
(root,14524,1716,00:00:00/171-20:07:05,524) /sbin/agetty --noclear tty1 linux
(root,14300,2064,00:00:00/171-20:07:05,525) /sbin/agetty --keep-baud 115200,38400,9600 hvc0 vt220
(smtpgw,21712,2284,00:00:03/171-20:07:01,528) /usr/sbin/smtp-gated /etc/smtp-gated.conf
(root,20220,2156,00:00:41/171-20:06:56,537) /usr/sbin/xinetd -pidfile /run/xinetd.pid -stayalive -inetd_compat -inetd_ipv6
(root,69960,5416,00:00:00/171-20:06:50,560) /usr/sbin/sshd -D
(root,790484,3116,01:29:48/171-20:06:16,575) /usr/sbin/xe-daemon -p /var/run/xe-daemon.pid
(root,25384,1512,00:00:00/171-20:06:14,578) logger -t xe-daemon
(root,25384,1492,00:00:00/171-20:06:14,580) logger -t xenstore
(root,185096,105312,00:50:35/171-20:06:01,595) /usr/bin/perl -T -w /usr/sbin/spamd -d --pidfile=/var/run/spamd.pid --create-prefs --max-children 5 --helper-home-dir --socketpath=/var/run/spamd.sock
(root,185096,99756,00:00:11/171-20:05:48,596) spamd child
(root,185096,99760,00:00:18/171-20:05:48,597) spamd child
(root,0,0,00:00:05/18:44:49,14419) [kworker/0:2]
(root,0,0,00:00:05/17:09:46,16904) [kworker/1:1]
(root,0,0,00:00:09/10:12:45,27530) [kworker/1:0]
(root,19736,3484,00:00:00/00:00,43095) /bin/bash /usr/bin/check_mk_agent
(root,36632,2864,00:00:00/00:00,43114) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000
(root,13208,1016,00:00:00/00:00,43115) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) /
(root,0,0,00:00:02/1-04:14:45,65093) [kworker/0:0]

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP mode DEFAULT group default qlen 1000
    link/ether 4e:f3:e0:93:12:31 brd ff:ff:ff:ff:ff:ff
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP mode DEFAULT group default qlen 1000
    link/ether 9e:6e:d6:0f:9c:57 brd ff:ff:ff:ff:ff:ff
[end_iplink]

Found on 2024-11-25 23:48

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcb3562910c28104c57538621431f6ef336b18a025f

Found public CheckMk agent:
Version: 1.2.8p15
AgentOS: linux
Hostname: proxy1
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
OnlyFrom: 

Found process list through CheckMk:
(root,56948,6788,00:01:22/169-18:36:16,1) /sbin/init
(root,0,0,00:00:00/169-18:36:16,2) [kthreadd]
(root,0,0,00:00:09/169-18:36:16,3) [ksoftirqd/0]
(root,0,0,00:00:00/169-18:36:16,5) [kworker/0:0H]
(root,0,0,02:30:18/169-18:36:16,7) [rcu_sched]
(root,0,0,00:00:00/169-18:36:16,8) [rcu_bh]
(root,0,0,00:00:59/169-18:36:16,9) [migration/0]
(root,0,0,00:00:00/169-18:36:16,10) [lru-add-drain]
(root,0,0,00:01:35/169-18:36:16,11) [watchdog/0]
(root,0,0,00:00:00/169-18:36:16,12) [cpuhp/0]
(root,0,0,00:00:00/169-18:36:16,13) [cpuhp/1]
(root,0,0,00:01:14/169-18:36:16,14) [watchdog/1]
(root,0,0,00:00:44/169-18:36:16,15) [migration/1]
(root,0,0,00:00:41/169-18:36:16,16) [ksoftirqd/1]
(root,0,0,00:00:00/169-18:36:16,18) [kworker/1:0H]
(root,0,0,00:00:00/169-18:36:16,19) [kdevtmpfs]
(root,0,0,00:00:00/169-18:36:16,20) [netns]
(root,0,0,00:00:00/169-18:36:16,21) [xenwatch]
(root,0,0,00:01:46/169-18:36:16,22) [xenbus]
(root,0,0,00:00:05/169-18:36:16,24) [khungtaskd]
(root,0,0,00:00:00/169-18:36:16,25) [oom_reaper]
(root,0,0,00:00:00/169-18:36:16,26) [writeback]
(root,0,0,00:00:00/169-18:36:16,27) [kcompactd0]
(root,0,0,00:00:00/169-18:36:16,28) [ksmd]
(root,0,0,00:00:00/169-18:36:16,29) [khugepaged]
(root,0,0,00:00:00/169-18:36:16,30) [crypto]
(root,0,0,00:00:00/169-18:36:16,31) [kintegrityd]
(root,0,0,00:00:00/169-18:36:16,32) [bioset]
(root,0,0,00:00:00/169-18:36:16,33) [kblockd]
(root,0,0,00:00:00/169-18:36:16,35) [devfreq_wq]
(root,0,0,00:00:00/169-18:36:16,36) [watchdogd]
(root,0,0,00:00:00/169-18:36:15,37) [kswapd0]
(root,0,0,00:00:00/169-18:36:15,38) [vmstat]
(root,0,0,00:00:00/169-18:36:15,50) [kthrotld]
(root,0,0,00:00:00/169-18:36:15,51) [khvcd]
(root,0,0,00:00:00/169-18:36:15,52) [ipv6_addrconf]
(root,0,0,00:00:00/169-18:36:15,91) [bioset]
(root,0,0,00:00:00/169-18:36:15,93) [bioset]
(root,0,0,00:00:00/169-18:36:15,95) [bioset]
(root,0,0,00:00:00/169-18:36:15,96) [kworker/u128:1]
(root,0,0,00:00:00/169-18:36:15,97) [ata_sff]
(root,0,0,00:00:00/169-18:36:15,98) [bioset]
(root,0,0,00:00:00/169-18:36:15,100) [bioset]
(root,0,0,00:00:00/169-18:36:15,102) [bioset]
(root,0,0,00:00:00/169-18:36:15,103) [bioset]
(root,0,0,00:00:00/169-18:36:15,104) [bioset]
(root,0,0,00:00:00/169-18:36:15,118) [scsi_eh_0]
(root,0,0,00:00:00/169-18:36:15,119) [scsi_tmf_0]
(root,0,0,00:00:00/169-18:36:15,120) [scsi_eh_1]
(root,0,0,00:00:00/169-18:36:15,121) [scsi_tmf_1]
(root,0,0,00:00:48/169-18:36:15,123) [kworker/u128:2]
(root,0,0,00:00:00/169-18:36:15,129) [bioset]
(root,0,0,00:00:00/169-18:36:11,155) [kworker/u129:0]
(root,0,0,00:00:07/169-18:36:10,165) [kworker/0:1H]
(root,0,0,00:00:17/169-18:36:10,167) [jbd2/xvda1-8]
(root,0,0,00:00:00/169-18:36:10,168) [ext4-rsv-conver]
(root,64388,10452,00:03:30/169-18:35:51,196) /lib/systemd/systemd-journald
(root,0,0,00:00:00/169-18:35:51,198) [kauditd]
(root,46732,4952,00:00:27/169-18:35:46,226) /lib/systemd/systemd-udevd
(root,0,0,00:00:10/169-18:35:44,231) [kworker/1:1H]
(root,0,0,00:00:00/169-18:35:31,282) [ttm_swap]
(root,0,0,00:00:00/169-18:35:29,316) [edac-poller]
(systemd-timesync,127288,4060,00:00:41/169-18:35:25,388) /lib/systemd/systemd-timesyncd
(root,29636,2732,00:00:26/169-18:35:24,403) /usr/sbin/cron -f
(root,35800,1932,00:31:57/169-18:35:23,416) /usr/sbin/irqbalance --foreground
(messagebus,45112,3620,00:00:00/169-18:35:23,417) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation
(root,37984,2168,00:00:34/169-18:35:10,447) /lib/systemd/systemd-logind
(root,250240,3908,00:00:19/169-18:35:10,448) /usr/sbin/rsyslogd -n
(clamav,1746404,1429116,01:08:22/169-18:35:09,456) /usr/sbin/clamd --foreground=true
(clamav,298904,35180,00:03:13/169-18:35:07,490) /usr/bin/freshclam -d --foreground=true
(bind,295176,30480,00:00:29/169-18:35:06,518) /usr/sbin/named -f -u bind
(root,14524,1716,00:00:00/169-18:35:06,524) /sbin/agetty --noclear tty1 linux
(root,14300,2064,00:00:00/169-18:35:06,525) /sbin/agetty --keep-baud 115200,38400,9600 hvc0 vt220
(smtpgw,21712,2284,00:00:03/169-18:35:02,528) /usr/sbin/smtp-gated /etc/smtp-gated.conf
(root,20220,2156,00:00:41/169-18:34:57,537) /usr/sbin/xinetd -pidfile /run/xinetd.pid -stayalive -inetd_compat -inetd_ipv6
(root,69960,5416,00:00:00/169-18:34:51,560) /usr/sbin/sshd -D
(root,790484,3116,01:28:43/169-18:34:17,575) /usr/sbin/xe-daemon -p /var/run/xe-daemon.pid
(root,25384,1512,00:00:00/169-18:34:15,578) logger -t xe-daemon
(root,25384,1492,00:00:00/169-18:34:15,580) logger -t xenstore
(root,185096,105312,00:49:59/169-18:34:02,595) /usr/bin/perl -T -w /usr/sbin/spamd -d --pidfile=/var/run/spamd.pid --create-prefs --max-children 5 --helper-home-dir --socketpath=/var/run/spamd.sock
(root,185096,99756,00:00:11/169-18:33:49,596) spamd child
(root,185096,99760,00:00:18/169-18:33:49,597) spamd child
(root,0,0,00:00:01/15:39:47,8508) [kworker/1:2]
(root,0,0,00:00:12/14:02:50,10968) [kworker/1:1]
(root,19736,3488,00:00:00/00:00,32352) /bin/bash /usr/bin/check_mk_agent
(root,36632,2792,00:00:00/00:00,32371) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000
(root,13208,1084,00:00:00/00:00,32372) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) /
(root,0,0,00:00:04/1-15:40:47,36969) [kworker/0:1]
(root,0,0,00:00:06/23:31:50,61668) [kworker/0:0]

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP mode DEFAULT group default qlen 1000
    link/ether 4e:f3:e0:93:12:31 brd ff:ff:ff:ff:ff:ff
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP mode DEFAULT group default qlen 1000
    link/ether 9e:6e:d6:0f:9c:57 brd ff:ff:ff:ff:ff:ff
[end_iplink]

Found on 2024-11-23 22:16

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcb3562910c28104c57538621431f6ef336b87c1b3a

Found public CheckMk agent:
Version: 1.2.8p15
AgentOS: linux
Hostname: proxy1
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
OnlyFrom: 

Found process list through CheckMk:
(root,56948,6788,00:01:21/167-20:10:59,1) /sbin/init
(root,0,0,00:00:00/167-20:10:59,2) [kthreadd]
(root,0,0,00:00:09/167-20:10:59,3) [ksoftirqd/0]
(root,0,0,00:00:00/167-20:10:59,5) [kworker/0:0H]
(root,0,0,02:28:41/167-20:10:59,7) [rcu_sched]
(root,0,0,00:00:00/167-20:10:59,8) [rcu_bh]
(root,0,0,00:00:59/167-20:10:59,9) [migration/0]
(root,0,0,00:00:00/167-20:10:59,10) [lru-add-drain]
(root,0,0,00:01:34/167-20:10:59,11) [watchdog/0]
(root,0,0,00:00:00/167-20:10:59,12) [cpuhp/0]
(root,0,0,00:00:00/167-20:10:59,13) [cpuhp/1]
(root,0,0,00:01:14/167-20:10:59,14) [watchdog/1]
(root,0,0,00:00:44/167-20:10:59,15) [migration/1]
(root,0,0,00:00:41/167-20:10:59,16) [ksoftirqd/1]
(root,0,0,00:00:00/167-20:10:59,18) [kworker/1:0H]
(root,0,0,00:00:00/167-20:10:59,19) [kdevtmpfs]
(root,0,0,00:00:00/167-20:10:59,20) [netns]
(root,0,0,00:00:00/167-20:10:59,21) [xenwatch]
(root,0,0,00:01:45/167-20:10:59,22) [xenbus]
(root,0,0,00:00:05/167-20:10:59,24) [khungtaskd]
(root,0,0,00:00:00/167-20:10:59,25) [oom_reaper]
(root,0,0,00:00:00/167-20:10:59,26) [writeback]
(root,0,0,00:00:00/167-20:10:59,27) [kcompactd0]
(root,0,0,00:00:00/167-20:10:59,28) [ksmd]
(root,0,0,00:00:00/167-20:10:59,29) [khugepaged]
(root,0,0,00:00:00/167-20:10:59,30) [crypto]
(root,0,0,00:00:00/167-20:10:59,31) [kintegrityd]
(root,0,0,00:00:00/167-20:10:59,32) [bioset]
(root,0,0,00:00:00/167-20:10:59,33) [kblockd]
(root,0,0,00:00:00/167-20:10:59,35) [devfreq_wq]
(root,0,0,00:00:00/167-20:10:59,36) [watchdogd]
(root,0,0,00:00:00/167-20:10:58,37) [kswapd0]
(root,0,0,00:00:00/167-20:10:58,38) [vmstat]
(root,0,0,00:00:00/167-20:10:58,50) [kthrotld]
(root,0,0,00:00:00/167-20:10:58,51) [khvcd]
(root,0,0,00:00:00/167-20:10:58,52) [ipv6_addrconf]
(root,0,0,00:00:00/167-20:10:58,91) [bioset]
(root,0,0,00:00:00/167-20:10:58,93) [bioset]
(root,0,0,00:00:00/167-20:10:58,95) [bioset]
(root,0,0,00:00:00/167-20:10:58,96) [kworker/u128:1]
(root,0,0,00:00:00/167-20:10:58,97) [ata_sff]
(root,0,0,00:00:00/167-20:10:58,98) [bioset]
(root,0,0,00:00:00/167-20:10:58,100) [bioset]
(root,0,0,00:00:00/167-20:10:58,102) [bioset]
(root,0,0,00:00:00/167-20:10:58,103) [bioset]
(root,0,0,00:00:00/167-20:10:58,104) [bioset]
(root,0,0,00:00:00/167-20:10:58,118) [scsi_eh_0]
(root,0,0,00:00:00/167-20:10:58,119) [scsi_tmf_0]
(root,0,0,00:00:00/167-20:10:58,120) [scsi_eh_1]
(root,0,0,00:00:00/167-20:10:58,121) [scsi_tmf_1]
(root,0,0,00:00:48/167-20:10:58,123) [kworker/u128:2]
(root,0,0,00:00:00/167-20:10:58,129) [bioset]
(root,0,0,00:00:00/167-20:10:54,155) [kworker/u129:0]
(root,0,0,00:00:07/167-20:10:53,165) [kworker/0:1H]
(root,0,0,00:00:17/167-20:10:53,167) [jbd2/xvda1-8]
(root,0,0,00:00:00/167-20:10:53,168) [ext4-rsv-conver]
(root,64388,9244,00:03:28/167-20:10:34,196) /lib/systemd/systemd-journald
(root,0,0,00:00:00/167-20:10:34,198) [kauditd]
(root,46732,4952,00:00:26/167-20:10:29,226) /lib/systemd/systemd-udevd
(root,0,0,00:00:10/167-20:10:27,231) [kworker/1:1H]
(root,0,0,00:00:00/167-20:10:14,282) [ttm_swap]
(root,0,0,00:00:00/167-20:10:12,316) [edac-poller]
(systemd-timesync,127288,4060,00:00:40/167-20:10:08,388) /lib/systemd/systemd-timesyncd
(root,29636,2732,00:00:26/167-20:10:07,403) /usr/sbin/cron -f
(root,35800,1932,00:31:35/167-20:10:06,416) /usr/sbin/irqbalance --foreground
(messagebus,45112,3620,00:00:00/167-20:10:06,417) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation
(root,37984,2168,00:00:34/167-20:09:53,447) /lib/systemd/systemd-logind
(root,250240,3908,00:00:19/167-20:09:53,448) /usr/sbin/rsyslogd -n
(clamav,1746056,1428744,01:07:32/167-20:09:52,456) /usr/sbin/clamd --foreground=true
(clamav,298864,35140,00:03:11/167-20:09:50,490) /usr/bin/freshclam -d --foreground=true
(bind,295176,30480,00:00:29/167-20:09:49,518) /usr/sbin/named -f -u bind
(root,14524,1716,00:00:00/167-20:09:49,524) /sbin/agetty --noclear tty1 linux
(root,14300,2064,00:00:00/167-20:09:49,525) /sbin/agetty --keep-baud 115200,38400,9600 hvc0 vt220
(smtpgw,21712,2284,00:00:02/167-20:09:45,528) /usr/sbin/smtp-gated /etc/smtp-gated.conf
(root,20220,2156,00:00:40/167-20:09:40,537) /usr/sbin/xinetd -pidfile /run/xinetd.pid -stayalive -inetd_compat -inetd_ipv6
(root,69960,5416,00:00:00/167-20:09:34,560) /usr/sbin/sshd -D
(root,790484,3116,01:27:43/167-20:09:00,575) /usr/sbin/xe-daemon -p /var/run/xe-daemon.pid
(root,25384,1512,00:00:00/167-20:08:58,578) logger -t xe-daemon
(root,25384,1492,00:00:00/167-20:08:58,580) logger -t xenstore
(root,185096,105312,00:49:25/167-20:08:45,595) /usr/bin/perl -T -w /usr/sbin/spamd -d --pidfile=/var/run/spamd.pid --create-prefs --max-children 5 --helper-home-dir --socketpath=/var/run/spamd.sock
(root,185096,99756,00:00:11/167-20:08:32,596) spamd child
(root,185096,99760,00:00:17/167-20:08:32,597) spamd child
(root,0,0,00:00:08/13:58:33,5164) [kworker/1:0]
(root,0,0,00:00:03/03:57:33,20475) [kworker/1:2]
(root,19736,3320,00:00:00/00:00,26490) /bin/bash /usr/bin/check_mk_agent
(root,36632,2800,00:00:00/00:00,26509) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000
(root,13208,1012,00:00:00/00:00,26510) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) /
(root,0,0,00:00:03/1-05:09:33,47168) [kworker/0:1]
(root,0,0,00:00:05/18:21:33,63672) [kworker/0:0]

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP mode DEFAULT group default qlen 1000
    link/ether 4e:f3:e0:93:12:31 brd ff:ff:ff:ff:ff:ff
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP mode DEFAULT group default qlen 1000
    link/ether 9e:6e:d6:0f:9c:57 brd ff:ff:ff:ff:ff:ff
[end_iplink]

Found on 2024-11-21 23:51

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcb3562910c28104c57538621431f6ef3368fc69f5a

Found public CheckMk agent:
Version: 1.2.8p15
AgentOS: linux
Hostname: proxy1
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
OnlyFrom: 

Found process list through CheckMk:
(root,56948,6788,00:01:20/165-20:23:05,1) /sbin/init
(root,0,0,00:00:00/165-20:23:05,2) [kthreadd]
(root,0,0,00:00:08/165-20:23:05,3) [ksoftirqd/0]
(root,0,0,00:00:00/165-20:23:05,5) [kworker/0:0H]
(root,0,0,02:27:01/165-20:23:05,7) [rcu_sched]
(root,0,0,00:00:00/165-20:23:05,8) [rcu_bh]
(root,0,0,00:00:58/165-20:23:05,9) [migration/0]
(root,0,0,00:00:00/165-20:23:05,10) [lru-add-drain]
(root,0,0,00:01:33/165-20:23:05,11) [watchdog/0]
(root,0,0,00:00:00/165-20:23:05,12) [cpuhp/0]
(root,0,0,00:00:00/165-20:23:05,13) [cpuhp/1]
(root,0,0,00:01:13/165-20:23:05,14) [watchdog/1]
(root,0,0,00:00:43/165-20:23:05,15) [migration/1]
(root,0,0,00:00:41/165-20:23:05,16) [ksoftirqd/1]
(root,0,0,00:00:00/165-20:23:05,18) [kworker/1:0H]
(root,0,0,00:00:00/165-20:23:05,19) [kdevtmpfs]
(root,0,0,00:00:00/165-20:23:05,20) [netns]
(root,0,0,00:00:00/165-20:23:05,21) [xenwatch]
(root,0,0,00:01:43/165-20:23:05,22) [xenbus]
(root,0,0,00:00:05/165-20:23:05,24) [khungtaskd]
(root,0,0,00:00:00/165-20:23:05,25) [oom_reaper]
(root,0,0,00:00:00/165-20:23:05,26) [writeback]
(root,0,0,00:00:00/165-20:23:05,27) [kcompactd0]
(root,0,0,00:00:00/165-20:23:05,28) [ksmd]
(root,0,0,00:00:00/165-20:23:05,29) [khugepaged]
(root,0,0,00:00:00/165-20:23:05,30) [crypto]
(root,0,0,00:00:00/165-20:23:05,31) [kintegrityd]
(root,0,0,00:00:00/165-20:23:05,32) [bioset]
(root,0,0,00:00:00/165-20:23:05,33) [kblockd]
(root,0,0,00:00:00/165-20:23:05,35) [devfreq_wq]
(root,0,0,00:00:00/165-20:23:05,36) [watchdogd]
(root,0,0,00:00:00/165-20:23:04,37) [kswapd0]
(root,0,0,00:00:00/165-20:23:04,38) [vmstat]
(root,0,0,00:00:00/165-20:23:04,50) [kthrotld]
(root,0,0,00:00:00/165-20:23:04,51) [khvcd]
(root,0,0,00:00:00/165-20:23:04,52) [ipv6_addrconf]
(root,0,0,00:00:00/165-20:23:04,91) [bioset]
(root,0,0,00:00:00/165-20:23:04,93) [bioset]
(root,0,0,00:00:00/165-20:23:04,95) [bioset]
(root,0,0,00:00:00/165-20:23:04,96) [kworker/u128:1]
(root,0,0,00:00:00/165-20:23:04,97) [ata_sff]
(root,0,0,00:00:00/165-20:23:04,98) [bioset]
(root,0,0,00:00:00/165-20:23:04,100) [bioset]
(root,0,0,00:00:00/165-20:23:04,102) [bioset]
(root,0,0,00:00:00/165-20:23:04,103) [bioset]
(root,0,0,00:00:00/165-20:23:04,104) [bioset]
(root,0,0,00:00:00/165-20:23:04,118) [scsi_eh_0]
(root,0,0,00:00:00/165-20:23:04,119) [scsi_tmf_0]
(root,0,0,00:00:00/165-20:23:04,120) [scsi_eh_1]
(root,0,0,00:00:00/165-20:23:04,121) [scsi_tmf_1]
(root,0,0,00:00:48/165-20:23:04,123) [kworker/u128:2]
(root,0,0,00:00:00/165-20:23:04,129) [bioset]
(root,0,0,00:00:00/165-20:23:00,155) [kworker/u129:0]
(root,0,0,00:00:07/165-20:22:59,165) [kworker/0:1H]
(root,0,0,00:00:16/165-20:22:59,167) [jbd2/xvda1-8]
(root,0,0,00:00:00/165-20:22:59,168) [ext4-rsv-conver]
(root,64388,8228,00:03:26/165-20:22:40,196) /lib/systemd/systemd-journald
(root,0,0,00:00:00/165-20:22:40,198) [kauditd]
(root,46732,4952,00:00:26/165-20:22:35,226) /lib/systemd/systemd-udevd
(root,0,0,00:00:10/165-20:22:33,231) [kworker/1:1H]
(root,0,0,00:00:00/165-20:22:20,282) [ttm_swap]
(root,0,0,00:00:00/165-20:22:18,316) [edac-poller]
(systemd-timesync,127288,4060,00:00:40/165-20:22:14,388) /lib/systemd/systemd-timesyncd
(root,29636,2732,00:00:25/165-20:22:13,403) /usr/sbin/cron -f
(root,35800,1932,00:31:12/165-20:22:12,416) /usr/sbin/irqbalance --foreground
(messagebus,45112,3620,00:00:00/165-20:22:12,417) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation
(root,37984,2168,00:00:34/165-20:21:59,447) /lib/systemd/systemd-logind
(root,250240,3908,00:00:19/165-20:21:59,448) /usr/sbin/rsyslogd -n
(clamav,1746220,1428988,01:07:07/165-20:21:58,456) /usr/sbin/clamd --foreground=true
(clamav,298844,35120,00:03:10/165-20:21:56,490) /usr/bin/freshclam -d --foreground=true
(bind,295176,30480,00:00:29/165-20:21:55,518) /usr/sbin/named -f -u bind
(root,14524,1716,00:00:00/165-20:21:55,524) /sbin/agetty --noclear tty1 linux
(root,14300,2064,00:00:00/165-20:21:55,525) /sbin/agetty --keep-baud 115200,38400,9600 hvc0 vt220
(smtpgw,21712,2284,00:00:02/165-20:21:51,528) /usr/sbin/smtp-gated /etc/smtp-gated.conf
(root,20220,2156,00:00:40/165-20:21:46,537) /usr/sbin/xinetd -pidfile /run/xinetd.pid -stayalive -inetd_compat -inetd_ipv6
(root,69960,5416,00:00:00/165-20:21:40,560) /usr/sbin/sshd -D
(root,790484,3116,01:26:41/165-20:21:06,575) /usr/sbin/xe-daemon -p /var/run/xe-daemon.pid
(root,25384,1512,00:00:00/165-20:21:04,578) logger -t xe-daemon
(root,25384,1492,00:00:00/165-20:21:04,580) logger -t xenstore
(root,185096,105312,00:48:50/165-20:20:51,595) /usr/bin/perl -T -w /usr/sbin/spamd -d --pidfile=/var/run/spamd.pid --create-prefs --max-children 5 --helper-home-dir --socketpath=/var/run/spamd.sock
(root,185096,99756,00:00:11/165-20:20:38,596) spamd child
(root,185096,99760,00:00:17/165-20:20:38,597) spamd child
(root,0,0,00:00:03/03:46:39,12687) [kworker/1:0]
(root,19736,3312,00:00:00/00:00,18520) /bin/bash /usr/bin/check_mk_agent
(root,36632,2792,00:00:00/00:00,18539) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000
(root,13208,1092,00:00:00/00:00,18540) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) /
(root,0,0,00:00:00/18:42:39,55047) [kworker/0:2]
(root,0,0,00:00:05/17:30:36,56941) [kworker/0:1]
(root,0,0,00:00:07/11:55:39,65411) [kworker/1:1]

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP mode DEFAULT group default qlen 1000
    link/ether 4e:f3:e0:93:12:31 brd ff:ff:ff:ff:ff:ff
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP mode DEFAULT group default qlen 1000
    link/ether 9e:6e:d6:0f:9c:57 brd ff:ff:ff:ff:ff:ff
[end_iplink]

Found on 2024-11-20 00:03

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcb3562910c28104c57538621431f6ef336b5a94259

Found public CheckMk agent:
Version: 1.2.8p15
AgentOS: linux
Hostname: proxy1
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
OnlyFrom: 

Found process list through CheckMk:
(root,56948,6788,00:01:19/163-20:51:18,1) /sbin/init
(root,0,0,00:00:00/163-20:51:18,2) [kthreadd]
(root,0,0,00:00:08/163-20:51:18,3) [ksoftirqd/0]
(root,0,0,00:00:00/163-20:51:18,5) [kworker/0:0H]
(root,0,0,02:25:19/163-20:51:18,7) [rcu_sched]
(root,0,0,00:00:00/163-20:51:18,8) [rcu_bh]
(root,0,0,00:00:57/163-20:51:18,9) [migration/0]
(root,0,0,00:00:00/163-20:51:18,10) [lru-add-drain]
(root,0,0,00:01:31/163-20:51:18,11) [watchdog/0]
(root,0,0,00:00:00/163-20:51:18,12) [cpuhp/0]
(root,0,0,00:00:00/163-20:51:18,13) [cpuhp/1]
(root,0,0,00:01:12/163-20:51:18,14) [watchdog/1]
(root,0,0,00:00:43/163-20:51:18,15) [migration/1]
(root,0,0,00:00:40/163-20:51:18,16) [ksoftirqd/1]
(root,0,0,00:00:00/163-20:51:18,18) [kworker/1:0H]
(root,0,0,00:00:00/163-20:51:18,19) [kdevtmpfs]
(root,0,0,00:00:00/163-20:51:18,20) [netns]
(root,0,0,00:00:00/163-20:51:18,21) [xenwatch]
(root,0,0,00:01:42/163-20:51:18,22) [xenbus]
(root,0,0,00:00:05/163-20:51:18,24) [khungtaskd]
(root,0,0,00:00:00/163-20:51:18,25) [oom_reaper]
(root,0,0,00:00:00/163-20:51:18,26) [writeback]
(root,0,0,00:00:00/163-20:51:18,27) [kcompactd0]
(root,0,0,00:00:00/163-20:51:18,28) [ksmd]
(root,0,0,00:00:00/163-20:51:18,29) [khugepaged]
(root,0,0,00:00:00/163-20:51:18,30) [crypto]
(root,0,0,00:00:00/163-20:51:18,31) [kintegrityd]
(root,0,0,00:00:00/163-20:51:18,32) [bioset]
(root,0,0,00:00:00/163-20:51:18,33) [kblockd]
(root,0,0,00:00:00/163-20:51:18,35) [devfreq_wq]
(root,0,0,00:00:00/163-20:51:18,36) [watchdogd]
(root,0,0,00:00:00/163-20:51:17,37) [kswapd0]
(root,0,0,00:00:00/163-20:51:17,38) [vmstat]
(root,0,0,00:00:00/163-20:51:17,50) [kthrotld]
(root,0,0,00:00:00/163-20:51:17,51) [khvcd]
(root,0,0,00:00:00/163-20:51:17,52) [ipv6_addrconf]
(root,0,0,00:00:00/163-20:51:17,91) [bioset]
(root,0,0,00:00:00/163-20:51:17,93) [bioset]
(root,0,0,00:00:00/163-20:51:17,95) [bioset]
(root,0,0,00:00:00/163-20:51:17,96) [kworker/u128:1]
(root,0,0,00:00:00/163-20:51:17,97) [ata_sff]
(root,0,0,00:00:00/163-20:51:17,98) [bioset]
(root,0,0,00:00:00/163-20:51:17,100) [bioset]
(root,0,0,00:00:00/163-20:51:17,102) [bioset]
(root,0,0,00:00:00/163-20:51:17,103) [bioset]
(root,0,0,00:00:00/163-20:51:17,104) [bioset]
(root,0,0,00:00:00/163-20:51:17,118) [scsi_eh_0]
(root,0,0,00:00:00/163-20:51:17,119) [scsi_tmf_0]
(root,0,0,00:00:00/163-20:51:17,120) [scsi_eh_1]
(root,0,0,00:00:00/163-20:51:17,121) [scsi_tmf_1]
(root,0,0,00:00:47/163-20:51:17,123) [kworker/u128:2]
(root,0,0,00:00:00/163-20:51:17,129) [bioset]
(root,0,0,00:00:00/163-20:51:13,155) [kworker/u129:0]
(root,0,0,00:00:06/163-20:51:12,165) [kworker/0:1H]
(root,0,0,00:00:16/163-20:51:12,167) [jbd2/xvda1-8]
(root,0,0,00:00:00/163-20:51:12,168) [ext4-rsv-conver]
(root,59340,7080,00:03:25/163-20:50:53,196) /lib/systemd/systemd-journald
(root,0,0,00:00:00/163-20:50:53,198) [kauditd]
(root,46732,4952,00:00:26/163-20:50:48,226) /lib/systemd/systemd-udevd
(root,0,0,00:00:10/163-20:50:46,231) [kworker/1:1H]
(root,0,0,00:00:00/163-20:50:33,282) [ttm_swap]
(root,0,0,00:00:00/163-20:50:31,316) [edac-poller]
(systemd-timesync,127288,4060,00:00:39/163-20:50:27,388) /lib/systemd/systemd-timesyncd
(root,29636,2732,00:00:25/163-20:50:26,403) /usr/sbin/cron -f
(root,35800,1932,00:30:50/163-20:50:25,416) /usr/sbin/irqbalance --foreground
(messagebus,45112,3620,00:00:00/163-20:50:25,417) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation
(root,37984,2168,00:00:33/163-20:50:12,447) /lib/systemd/systemd-logind
(root,250240,3908,00:00:19/163-20:50:12,448) /usr/sbin/rsyslogd -n
(clamav,1745712,1428408,01:06:12/163-20:50:11,456) /usr/sbin/clamd --foreground=true
(clamav,298804,35080,00:03:08/163-20:50:09,490) /usr/bin/freshclam -d --foreground=true
(bind,295176,30480,00:00:29/163-20:50:08,518) /usr/sbin/named -f -u bind
(root,14524,1716,00:00:00/163-20:50:08,524) /sbin/agetty --noclear tty1 linux
(root,14300,2064,00:00:00/163-20:50:08,525) /sbin/agetty --keep-baud 115200,38400,9600 hvc0 vt220
(smtpgw,21712,2284,00:00:02/163-20:50:04,528) /usr/sbin/smtp-gated /etc/smtp-gated.conf
(root,20220,2156,00:00:39/163-20:49:59,537) /usr/sbin/xinetd -pidfile /run/xinetd.pid -stayalive -inetd_compat -inetd_ipv6
(root,69960,5416,00:00:00/163-20:49:53,560) /usr/sbin/sshd -D
(root,790484,3116,01:25:39/163-20:49:19,575) /usr/sbin/xe-daemon -p /var/run/xe-daemon.pid
(root,25384,1512,00:00:00/163-20:49:17,578) logger -t xe-daemon
(root,25384,1492,00:00:00/163-20:49:17,580) logger -t xenstore
(root,185096,105312,00:48:15/163-20:49:04,595) /usr/bin/perl -T -w /usr/sbin/spamd -d --pidfile=/var/run/spamd.pid --create-prefs --max-children 5 --helper-home-dir --socketpath=/var/run/spamd.sock
(root,185096,99756,00:00:11/163-20:48:51,596) spamd child
(root,185096,99760,00:00:17/163-20:48:51,597) spamd child
(root,0,0,00:00:01/03:39:52,5235) [kworker/0:2]
(root,0,0,00:00:21/1-18:36:52,10716) [kworker/1:2]
(root,19736,3316,00:00:00/00:00,11033) /bin/bash /usr/bin/check_mk_agent
(root,36632,2796,00:00:00/00:00,11052) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000
(root,13208,1008,00:00:00/00:00,11053) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) /
(root,0,0,00:00:04/18:58:52,47002) [kworker/0:0]
(root,0,0,00:00:15/18:00:49,48489) [kworker/1:1]

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP mode DEFAULT group default qlen 1000
    link/ether 4e:f3:e0:93:12:31 brd ff:ff:ff:ff:ff:ff
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP mode DEFAULT group default qlen 1000
    link/ether 9e:6e:d6:0f:9c:57 brd ff:ff:ff:ff:ff:ff
[end_iplink]

Found on 2024-11-18 00:31

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcb3562910c28104c57538621431f6ef33664940a73

Found public CheckMk agent:
Version: 1.2.8p15
AgentOS: linux
Hostname: proxy1
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
OnlyFrom: 

Found process list through CheckMk:
(root,56948,6788,00:01:18/161-18:54:41,1) /sbin/init
(root,0,0,00:00:00/161-18:54:41,2) [kthreadd]
(root,0,0,00:00:08/161-18:54:41,3) [ksoftirqd/0]
(root,0,0,00:00:00/161-18:54:41,5) [kworker/0:0H]
(root,0,0,02:23:31/161-18:54:41,7) [rcu_sched]
(root,0,0,00:00:00/161-18:54:41,8) [rcu_bh]
(root,0,0,00:00:57/161-18:54:41,9) [migration/0]
(root,0,0,00:00:00/161-18:54:41,10) [lru-add-drain]
(root,0,0,00:01:30/161-18:54:41,11) [watchdog/0]
(root,0,0,00:00:00/161-18:54:41,12) [cpuhp/0]
(root,0,0,00:00:00/161-18:54:41,13) [cpuhp/1]
(root,0,0,00:01:11/161-18:54:41,14) [watchdog/1]
(root,0,0,00:00:42/161-18:54:41,15) [migration/1]
(root,0,0,00:00:40/161-18:54:41,16) [ksoftirqd/1]
(root,0,0,00:00:00/161-18:54:41,18) [kworker/1:0H]
(root,0,0,00:00:00/161-18:54:41,19) [kdevtmpfs]
(root,0,0,00:00:00/161-18:54:41,20) [netns]
(root,0,0,00:00:00/161-18:54:41,21) [xenwatch]
(root,0,0,00:01:41/161-18:54:41,22) [xenbus]
(root,0,0,00:00:05/161-18:54:41,24) [khungtaskd]
(root,0,0,00:00:00/161-18:54:41,25) [oom_reaper]
(root,0,0,00:00:00/161-18:54:41,26) [writeback]
(root,0,0,00:00:00/161-18:54:41,27) [kcompactd0]
(root,0,0,00:00:00/161-18:54:41,28) [ksmd]
(root,0,0,00:00:00/161-18:54:41,29) [khugepaged]
(root,0,0,00:00:00/161-18:54:41,30) [crypto]
(root,0,0,00:00:00/161-18:54:41,31) [kintegrityd]
(root,0,0,00:00:00/161-18:54:41,32) [bioset]
(root,0,0,00:00:00/161-18:54:41,33) [kblockd]
(root,0,0,00:00:00/161-18:54:41,35) [devfreq_wq]
(root,0,0,00:00:00/161-18:54:41,36) [watchdogd]
(root,0,0,00:00:00/161-18:54:40,37) [kswapd0]
(root,0,0,00:00:00/161-18:54:40,38) [vmstat]
(root,0,0,00:00:00/161-18:54:40,50) [kthrotld]
(root,0,0,00:00:00/161-18:54:40,51) [khvcd]
(root,0,0,00:00:00/161-18:54:40,52) [ipv6_addrconf]
(root,0,0,00:00:00/161-18:54:40,91) [bioset]
(root,0,0,00:00:00/161-18:54:40,93) [bioset]
(root,0,0,00:00:00/161-18:54:40,95) [bioset]
(root,0,0,00:00:00/161-18:54:40,96) [kworker/u128:1]
(root,0,0,00:00:00/161-18:54:40,97) [ata_sff]
(root,0,0,00:00:00/161-18:54:40,98) [bioset]
(root,0,0,00:00:00/161-18:54:40,100) [bioset]
(root,0,0,00:00:00/161-18:54:40,102) [bioset]
(root,0,0,00:00:00/161-18:54:40,103) [bioset]
(root,0,0,00:00:00/161-18:54:40,104) [bioset]
(root,0,0,00:00:00/161-18:54:40,118) [scsi_eh_0]
(root,0,0,00:00:00/161-18:54:40,119) [scsi_tmf_0]
(root,0,0,00:00:00/161-18:54:40,120) [scsi_eh_1]
(root,0,0,00:00:00/161-18:54:40,121) [scsi_tmf_1]
(root,0,0,00:00:46/161-18:54:40,123) [kworker/u128:2]
(root,0,0,00:00:00/161-18:54:40,129) [bioset]
(root,0,0,00:00:00/161-18:54:36,155) [kworker/u129:0]
(root,0,0,00:00:06/161-18:54:35,165) [kworker/0:1H]
(root,0,0,00:00:16/161-18:54:35,167) [jbd2/xvda1-8]
(root,0,0,00:00:00/161-18:54:35,168) [ext4-rsv-conver]
(root,59340,4620,00:03:21/161-18:54:16,196) /lib/systemd/systemd-journald
(root,0,0,00:00:00/161-18:54:16,198) [kauditd]
(root,46732,4952,00:00:25/161-18:54:11,226) /lib/systemd/systemd-udevd
(root,0,0,00:00:10/161-18:54:09,231) [kworker/1:1H]
(root,0,0,00:00:00/161-18:53:56,282) [ttm_swap]
(root,0,0,00:00:00/161-18:53:54,316) [edac-poller]
(systemd-timesync,127288,4060,00:00:39/161-18:53:50,388) /lib/systemd/systemd-timesyncd
(root,29636,2732,00:00:25/161-18:53:49,403) /usr/sbin/cron -f
(root,35800,1932,00:30:26/161-18:53:48,416) /usr/sbin/irqbalance --foreground
(messagebus,45112,3620,00:00:00/161-18:53:48,417) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation
(root,37984,2168,00:00:33/161-18:53:35,447) /lib/systemd/systemd-logind
(root,250240,3908,00:00:18/161-18:53:35,448) /usr/sbin/rsyslogd -n
(clamav,1745788,1428504,01:05:23/161-18:53:34,456) /usr/sbin/clamd --foreground=true
(clamav,298768,35044,00:03:05/161-18:53:32,490) /usr/bin/freshclam -d --foreground=true
(bind,295176,30480,00:00:28/161-18:53:31,518) /usr/sbin/named -f -u bind
(root,14524,1716,00:00:00/161-18:53:31,524) /sbin/agetty --noclear tty1 linux
(root,14300,2064,00:00:00/161-18:53:31,525) /sbin/agetty --keep-baud 115200,38400,9600 hvc0 vt220
(smtpgw,21712,2284,00:00:02/161-18:53:27,528) /usr/sbin/smtp-gated /etc/smtp-gated.conf
(root,20220,2156,00:00:39/161-18:53:22,537) /usr/sbin/xinetd -pidfile /run/xinetd.pid -stayalive -inetd_compat -inetd_ipv6
(root,69960,5416,00:00:00/161-18:53:16,560) /usr/sbin/sshd -D
(root,790484,3116,01:24:34/161-18:52:42,575) /usr/sbin/xe-daemon -p /var/run/xe-daemon.pid
(root,25384,1512,00:00:00/161-18:52:40,578) logger -t xe-daemon
(root,25384,1492,00:00:00/161-18:52:40,580) logger -t xenstore
(root,185096,105312,00:47:38/161-18:52:27,595) /usr/bin/perl -T -w /usr/sbin/spamd -d --pidfile=/var/run/spamd.pid --create-prefs --max-children 5 --helper-home-dir --socketpath=/var/run/spamd.sock
(root,185096,99756,00:00:11/161-18:52:14,596) spamd child
(root,185096,99760,00:00:17/161-18:52:14,597) spamd child
(root,0,0,00:00:03/2-16:07:12,31541) [kworker/0:1]
(root,0,0,00:00:00/16:49:15,38879) [kworker/1:2]
(root,0,0,00:00:14/16:06:12,39977) [kworker/1:1]
(root,0,0,00:00:15/2-04:41:15,48802) [kworker/0:2]
(root,19736,3316,00:00:00/00:00,64696) /bin/bash /usr/bin/check_mk_agent
(root,36632,2760,00:00:00/00:00,64715) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000
(root,13208,1052,00:00:00/00:00,64716) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) /

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP mode DEFAULT group default qlen 1000
    link/ether 4e:f3:e0:93:12:31 brd ff:ff:ff:ff:ff:ff
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP mode DEFAULT group default qlen 1000
    link/ether 9e:6e:d6:0f:9c:57 brd ff:ff:ff:ff:ff:ff
[end_iplink]

Found on 2024-11-15 22:34

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcb3562910c28104c57538621431f6ef3366d4793df

Found public CheckMk agent:
Version: 1.2.8p15
AgentOS: linux
Hostname: proxy1
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
OnlyFrom: 

Found process list through CheckMk:
(root,56948,6788,00:01:17/159-18:44:28,1) /sbin/init
(root,0,0,00:00:00/159-18:44:28,2) [kthreadd]
(root,0,0,00:00:08/159-18:44:28,3) [ksoftirqd/0]
(root,0,0,00:00:00/159-18:44:28,5) [kworker/0:0H]
(root,0,0,02:21:42/159-18:44:28,7) [rcu_sched]
(root,0,0,00:00:00/159-18:44:28,8) [rcu_bh]
(root,0,0,00:00:56/159-18:44:28,9) [migration/0]
(root,0,0,00:00:00/159-18:44:28,10) [lru-add-drain]
(root,0,0,00:01:29/159-18:44:28,11) [watchdog/0]
(root,0,0,00:00:00/159-18:44:28,12) [cpuhp/0]
(root,0,0,00:00:00/159-18:44:28,13) [cpuhp/1]
(root,0,0,00:01:10/159-18:44:28,14) [watchdog/1]
(root,0,0,00:00:42/159-18:44:28,15) [migration/1]
(root,0,0,00:00:39/159-18:44:28,16) [ksoftirqd/1]
(root,0,0,00:00:00/159-18:44:28,18) [kworker/1:0H]
(root,0,0,00:00:00/159-18:44:28,19) [kdevtmpfs]
(root,0,0,00:00:00/159-18:44:28,20) [netns]
(root,0,0,00:00:00/159-18:44:28,21) [xenwatch]
(root,0,0,00:01:40/159-18:44:28,22) [xenbus]
(root,0,0,00:00:05/159-18:44:28,24) [khungtaskd]
(root,0,0,00:00:00/159-18:44:28,25) [oom_reaper]
(root,0,0,00:00:00/159-18:44:28,26) [writeback]
(root,0,0,00:00:00/159-18:44:28,27) [kcompactd0]
(root,0,0,00:00:00/159-18:44:28,28) [ksmd]
(root,0,0,00:00:00/159-18:44:28,29) [khugepaged]
(root,0,0,00:00:00/159-18:44:28,30) [crypto]
(root,0,0,00:00:00/159-18:44:28,31) [kintegrityd]
(root,0,0,00:00:00/159-18:44:28,32) [bioset]
(root,0,0,00:00:00/159-18:44:28,33) [kblockd]
(root,0,0,00:00:00/159-18:44:28,35) [devfreq_wq]
(root,0,0,00:00:00/159-18:44:28,36) [watchdogd]
(root,0,0,00:00:00/159-18:44:27,37) [kswapd0]
(root,0,0,00:00:00/159-18:44:27,38) [vmstat]
(root,0,0,00:00:00/159-18:44:27,50) [kthrotld]
(root,0,0,00:00:00/159-18:44:27,51) [khvcd]
(root,0,0,00:00:00/159-18:44:27,52) [ipv6_addrconf]
(root,0,0,00:00:00/159-18:44:27,91) [bioset]
(root,0,0,00:00:00/159-18:44:27,93) [bioset]
(root,0,0,00:00:00/159-18:44:27,95) [bioset]
(root,0,0,00:00:00/159-18:44:27,96) [kworker/u128:1]
(root,0,0,00:00:00/159-18:44:27,97) [ata_sff]
(root,0,0,00:00:00/159-18:44:27,98) [bioset]
(root,0,0,00:00:00/159-18:44:27,100) [bioset]
(root,0,0,00:00:00/159-18:44:27,102) [bioset]
(root,0,0,00:00:00/159-18:44:27,103) [bioset]
(root,0,0,00:00:00/159-18:44:27,104) [bioset]
(root,0,0,00:00:00/159-18:44:27,118) [scsi_eh_0]
(root,0,0,00:00:00/159-18:44:27,119) [scsi_tmf_0]
(root,0,0,00:00:00/159-18:44:27,120) [scsi_eh_1]
(root,0,0,00:00:00/159-18:44:27,121) [scsi_tmf_1]
(root,0,0,00:00:46/159-18:44:27,123) [kworker/u128:2]
(root,0,0,00:00:00/159-18:44:27,129) [bioset]
(root,0,0,00:00:00/159-18:44:23,155) [kworker/u129:0]
(root,0,0,00:00:06/159-18:44:22,165) [kworker/0:1H]
(root,0,0,00:00:16/159-18:44:22,167) [jbd2/xvda1-8]
(root,0,0,00:00:00/159-18:44:22,168) [ext4-rsv-conver]
(root,64388,9756,00:03:19/159-18:44:03,196) /lib/systemd/systemd-journald
(root,0,0,00:00:00/159-18:44:03,198) [kauditd]
(root,46732,4952,00:00:25/159-18:43:58,226) /lib/systemd/systemd-udevd
(root,0,0,00:00:09/159-18:43:56,231) [kworker/1:1H]
(root,0,0,00:00:00/159-18:43:43,282) [ttm_swap]
(root,0,0,00:00:00/159-18:43:41,316) [edac-poller]
(systemd-timesync,127288,4060,00:00:38/159-18:43:37,388) /lib/systemd/systemd-timesyncd
(root,29636,2732,00:00:24/159-18:43:36,403) /usr/sbin/cron -f
(root,35800,1932,00:30:04/159-18:43:35,416) /usr/sbin/irqbalance --foreground
(messagebus,45112,3620,00:00:00/159-18:43:35,417) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation
(root,37984,2168,00:00:32/159-18:43:22,447) /lib/systemd/systemd-logind
(root,250240,3908,00:00:18/159-18:43:22,448) /usr/sbin/rsyslogd -n
(clamav,1745888,1428528,01:04:33/159-18:43:21,456) /usr/sbin/clamd --foreground=true
(clamav,298728,35004,00:03:03/159-18:43:19,490) /usr/bin/freshclam -d --foreground=true
(bind,295176,30480,00:00:28/159-18:43:18,518) /usr/sbin/named -f -u bind
(root,14524,1716,00:00:00/159-18:43:18,524) /sbin/agetty --noclear tty1 linux
(root,14300,2064,00:00:00/159-18:43:18,525) /sbin/agetty --keep-baud 115200,38400,9600 hvc0 vt220
(smtpgw,21712,2284,00:00:02/159-18:43:14,528) /usr/sbin/smtp-gated /etc/smtp-gated.conf
(root,20220,2156,00:00:38/159-18:43:09,537) /usr/sbin/xinetd -pidfile /run/xinetd.pid -stayalive -inetd_compat -inetd_ipv6
(root,69960,5416,00:00:00/159-18:43:03,560) /usr/sbin/sshd -D
(root,790484,3116,01:23:32/159-18:42:29,575) /usr/sbin/xe-daemon -p /var/run/xe-daemon.pid
(root,25384,1512,00:00:00/159-18:42:27,578) logger -t xe-daemon
(root,25384,1492,00:00:00/159-18:42:27,580) logger -t xenstore
(root,185096,105312,00:47:03/159-18:42:14,595) /usr/bin/perl -T -w /usr/sbin/spamd -d --pidfile=/var/run/spamd.pid --create-prefs --max-children 5 --helper-home-dir --socketpath=/var/run/spamd.sock
(root,185096,99756,00:00:11/159-18:42:01,596) spamd child
(root,185096,99760,00:00:17/159-18:42:01,597) spamd child
(root,0,0,00:00:00/17:08:02,29652) [kworker/1:0]
(root,0,0,00:00:14/16:14:02,31138) [kworker/1:2]
(root,0,0,00:00:03/15:56:59,31541) [kworker/0:1]
(root,0,0,00:00:01/04:31:02,48802) [kworker/0:2]
(root,19736,3372,00:00:00/00:01,55957) /bin/bash /usr/bin/check_mk_agent
(root,36632,2800,00:00:00/00:00,55976) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000
(root,13208,1008,00:00:00/00:00,55977) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) /

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP mode DEFAULT group default qlen 1000
    link/ether 4e:f3:e0:93:12:31 brd ff:ff:ff:ff:ff:ff
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP mode DEFAULT group default qlen 1000
    link/ether 9e:6e:d6:0f:9c:57 brd ff:ff:ff:ff:ff:ff
[end_iplink]

Found on 2024-11-13 22:24

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcb3562910c28104c57538621431f6ef336d5ae49ef

Found public CheckMk agent:
Version: 1.2.8p15
AgentOS: linux
Hostname: proxy1
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
OnlyFrom: 

Found process list through CheckMk:
(root,56948,6788,00:01:16/157-19:29:57,1) /sbin/init
(root,0,0,00:00:00/157-19:29:57,2) [kthreadd]
(root,0,0,00:00:08/157-19:29:57,3) [ksoftirqd/0]
(root,0,0,00:00:00/157-19:29:57,5) [kworker/0:0H]
(root,0,0,02:20:06/157-19:29:57,7) [rcu_sched]
(root,0,0,00:00:00/157-19:29:57,8) [rcu_bh]
(root,0,0,00:00:55/157-19:29:57,9) [migration/0]
(root,0,0,00:00:00/157-19:29:57,10) [lru-add-drain]
(root,0,0,00:01:28/157-19:29:57,11) [watchdog/0]
(root,0,0,00:00:00/157-19:29:57,12) [cpuhp/0]
(root,0,0,00:00:00/157-19:29:57,13) [cpuhp/1]
(root,0,0,00:01:09/157-19:29:57,14) [watchdog/1]
(root,0,0,00:00:41/157-19:29:57,15) [migration/1]
(root,0,0,00:00:39/157-19:29:57,16) [ksoftirqd/1]
(root,0,0,00:00:00/157-19:29:57,18) [kworker/1:0H]
(root,0,0,00:00:00/157-19:29:57,19) [kdevtmpfs]
(root,0,0,00:00:00/157-19:29:57,20) [netns]
(root,0,0,00:00:00/157-19:29:57,21) [xenwatch]
(root,0,0,00:01:38/157-19:29:57,22) [xenbus]
(root,0,0,00:00:05/157-19:29:57,24) [khungtaskd]
(root,0,0,00:00:00/157-19:29:57,25) [oom_reaper]
(root,0,0,00:00:00/157-19:29:57,26) [writeback]
(root,0,0,00:00:00/157-19:29:57,27) [kcompactd0]
(root,0,0,00:00:00/157-19:29:57,28) [ksmd]
(root,0,0,00:00:00/157-19:29:57,29) [khugepaged]
(root,0,0,00:00:00/157-19:29:57,30) [crypto]
(root,0,0,00:00:00/157-19:29:57,31) [kintegrityd]
(root,0,0,00:00:00/157-19:29:57,32) [bioset]
(root,0,0,00:00:00/157-19:29:57,33) [kblockd]
(root,0,0,00:00:00/157-19:29:57,35) [devfreq_wq]
(root,0,0,00:00:00/157-19:29:57,36) [watchdogd]
(root,0,0,00:00:00/157-19:29:56,37) [kswapd0]
(root,0,0,00:00:00/157-19:29:56,38) [vmstat]
(root,0,0,00:00:00/157-19:29:56,50) [kthrotld]
(root,0,0,00:00:00/157-19:29:56,51) [khvcd]
(root,0,0,00:00:00/157-19:29:56,52) [ipv6_addrconf]
(root,0,0,00:00:00/157-19:29:56,91) [bioset]
(root,0,0,00:00:00/157-19:29:56,93) [bioset]
(root,0,0,00:00:00/157-19:29:56,95) [bioset]
(root,0,0,00:00:00/157-19:29:56,96) [kworker/u128:1]
(root,0,0,00:00:00/157-19:29:56,97) [ata_sff]
(root,0,0,00:00:00/157-19:29:56,98) [bioset]
(root,0,0,00:00:00/157-19:29:56,100) [bioset]
(root,0,0,00:00:00/157-19:29:56,102) [bioset]
(root,0,0,00:00:00/157-19:29:56,103) [bioset]
(root,0,0,00:00:00/157-19:29:56,104) [bioset]
(root,0,0,00:00:00/157-19:29:56,118) [scsi_eh_0]
(root,0,0,00:00:00/157-19:29:56,119) [scsi_tmf_0]
(root,0,0,00:00:00/157-19:29:56,120) [scsi_eh_1]
(root,0,0,00:00:00/157-19:29:56,121) [scsi_tmf_1]
(root,0,0,00:00:45/157-19:29:56,123) [kworker/u128:2]
(root,0,0,00:00:00/157-19:29:56,129) [bioset]
(root,0,0,00:00:00/157-19:29:52,155) [kworker/u129:0]
(root,0,0,00:00:06/157-19:29:51,165) [kworker/0:1H]
(root,0,0,00:00:16/157-19:29:51,167) [jbd2/xvda1-8]
(root,0,0,00:00:00/157-19:29:51,168) [ext4-rsv-conver]
(root,64388,8144,00:03:16/157-19:29:32,196) /lib/systemd/systemd-journald
(root,0,0,00:00:00/157-19:29:32,198) [kauditd]
(root,46732,4952,00:00:25/157-19:29:27,226) /lib/systemd/systemd-udevd
(root,0,0,00:00:09/157-19:29:25,231) [kworker/1:1H]
(root,0,0,00:00:00/157-19:29:12,282) [ttm_swap]
(root,0,0,00:00:00/157-19:29:10,316) [edac-poller]
(systemd-timesync,127288,4060,00:00:38/157-19:29:06,388) /lib/systemd/systemd-timesyncd
(root,29636,2732,00:00:24/157-19:29:05,403) /usr/sbin/cron -f
(root,35800,1932,00:29:41/157-19:29:04,416) /usr/sbin/irqbalance --foreground
(messagebus,45112,3620,00:00:00/157-19:29:04,417) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation
(root,37984,2168,00:00:32/157-19:28:51,447) /lib/systemd/systemd-logind
(root,250240,3908,00:00:18/157-19:28:51,448) /usr/sbin/rsyslogd -n
(clamav,1745816,1428500,01:03:40/157-19:28:50,456) /usr/sbin/clamd --foreground=true
(clamav,298708,34984,00:03:00/157-19:28:48,490) /usr/bin/freshclam -d --foreground=true
(bind,295176,30480,00:00:27/157-19:28:47,518) /usr/sbin/named -f -u bind
(root,14524,1716,00:00:00/157-19:28:47,524) /sbin/agetty --noclear tty1 linux
(root,14300,2064,00:00:00/157-19:28:47,525) /sbin/agetty --keep-baud 115200,38400,9600 hvc0 vt220
(smtpgw,21712,2284,00:00:02/157-19:28:43,528) /usr/sbin/smtp-gated /etc/smtp-gated.conf
(root,20220,2156,00:00:38/157-19:28:38,537) /usr/sbin/xinetd -pidfile /run/xinetd.pid -stayalive -inetd_compat -inetd_ipv6
(root,69960,5416,00:00:00/157-19:28:32,560) /usr/sbin/sshd -D
(root,790484,3116,01:22:30/157-19:27:58,575) /usr/sbin/xe-daemon -p /var/run/xe-daemon.pid
(root,25384,1512,00:00:00/157-19:27:56,578) logger -t xe-daemon
(root,25384,1492,00:00:00/157-19:27:56,580) logger -t xenstore
(root,185096,105312,00:46:28/157-19:27:43,595) /usr/bin/perl -T -w /usr/sbin/spamd -d --pidfile=/var/run/spamd.pid --create-prefs --max-children 5 --helper-home-dir --socketpath=/var/run/spamd.sock
(root,185096,99756,00:00:10/157-19:27:30,596) spamd child
(root,185096,99760,00:00:16/157-19:27:30,597) spamd child
(root,0,0,00:00:06/1-02:52:31,7765) [kworker/0:0]
(root,0,0,00:00:00/17:48:31,21485) [kworker/1:2]
(root,0,0,00:00:14/16:43:28,23217) [kworker/1:1]
(root,0,0,00:00:01/06:20:31,39164) [kworker/0:1]
(root,19736,3312,00:00:00/00:00,48712) /bin/bash /usr/bin/check_mk_agent
(root,36632,2816,00:00:00/00:00,48731) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000
(root,13208,1028,00:00:00/00:00,48732) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) /

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP mode DEFAULT group default qlen 1000
    link/ether 4e:f3:e0:93:12:31 brd ff:ff:ff:ff:ff:ff
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP mode DEFAULT group default qlen 1000
    link/ether 9e:6e:d6:0f:9c:57 brd ff:ff:ff:ff:ff:ff
[end_iplink]

Found on 2024-11-11 23:10

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcb3562910c28104c57538621431f6ef3361b95b679

Found public CheckMk agent:
Version: 1.2.8p15
AgentOS: linux
Hostname: proxy1
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
OnlyFrom: 

Found process list through CheckMk:
(root,56948,6788,00:01:15/155-18:35:54,1) /sbin/init
(root,0,0,00:00:00/155-18:35:54,2) [kthreadd]
(root,0,0,00:00:08/155-18:35:54,3) [ksoftirqd/0]
(root,0,0,00:00:00/155-18:35:54,5) [kworker/0:0H]
(root,0,0,02:18:31/155-18:35:54,7) [rcu_sched]
(root,0,0,00:00:00/155-18:35:54,8) [rcu_bh]
(root,0,0,00:00:54/155-18:35:54,9) [migration/0]
(root,0,0,00:00:00/155-18:35:54,10) [lru-add-drain]
(root,0,0,00:01:27/155-18:35:54,11) [watchdog/0]
(root,0,0,00:00:00/155-18:35:54,12) [cpuhp/0]
(root,0,0,00:00:00/155-18:35:54,13) [cpuhp/1]
(root,0,0,00:01:08/155-18:35:54,14) [watchdog/1]
(root,0,0,00:00:41/155-18:35:54,15) [migration/1]
(root,0,0,00:00:38/155-18:35:54,16) [ksoftirqd/1]
(root,0,0,00:00:00/155-18:35:54,18) [kworker/1:0H]
(root,0,0,00:00:00/155-18:35:54,19) [kdevtmpfs]
(root,0,0,00:00:00/155-18:35:54,20) [netns]
(root,0,0,00:00:00/155-18:35:54,21) [xenwatch]
(root,0,0,00:01:37/155-18:35:54,22) [xenbus]
(root,0,0,00:00:05/155-18:35:54,24) [khungtaskd]
(root,0,0,00:00:00/155-18:35:54,25) [oom_reaper]
(root,0,0,00:00:00/155-18:35:54,26) [writeback]
(root,0,0,00:00:00/155-18:35:54,27) [kcompactd0]
(root,0,0,00:00:00/155-18:35:54,28) [ksmd]
(root,0,0,00:00:00/155-18:35:54,29) [khugepaged]
(root,0,0,00:00:00/155-18:35:54,30) [crypto]
(root,0,0,00:00:00/155-18:35:54,31) [kintegrityd]
(root,0,0,00:00:00/155-18:35:54,32) [bioset]
(root,0,0,00:00:00/155-18:35:54,33) [kblockd]
(root,0,0,00:00:00/155-18:35:54,35) [devfreq_wq]
(root,0,0,00:00:00/155-18:35:54,36) [watchdogd]
(root,0,0,00:00:00/155-18:35:53,37) [kswapd0]
(root,0,0,00:00:00/155-18:35:53,38) [vmstat]
(root,0,0,00:00:00/155-18:35:53,50) [kthrotld]
(root,0,0,00:00:00/155-18:35:53,51) [khvcd]
(root,0,0,00:00:00/155-18:35:53,52) [ipv6_addrconf]
(root,0,0,00:00:00/155-18:35:53,91) [bioset]
(root,0,0,00:00:00/155-18:35:53,93) [bioset]
(root,0,0,00:00:00/155-18:35:53,95) [bioset]
(root,0,0,00:00:00/155-18:35:53,96) [kworker/u128:1]
(root,0,0,00:00:00/155-18:35:53,97) [ata_sff]
(root,0,0,00:00:00/155-18:35:53,98) [bioset]
(root,0,0,00:00:00/155-18:35:53,100) [bioset]
(root,0,0,00:00:00/155-18:35:53,102) [bioset]
(root,0,0,00:00:00/155-18:35:53,103) [bioset]
(root,0,0,00:00:00/155-18:35:53,104) [bioset]
(root,0,0,00:00:00/155-18:35:53,118) [scsi_eh_0]
(root,0,0,00:00:00/155-18:35:53,119) [scsi_tmf_0]
(root,0,0,00:00:00/155-18:35:53,120) [scsi_eh_1]
(root,0,0,00:00:00/155-18:35:53,121) [scsi_tmf_1]
(root,0,0,00:00:45/155-18:35:53,123) [kworker/u128:2]
(root,0,0,00:00:00/155-18:35:53,129) [bioset]
(root,0,0,00:00:00/155-18:35:49,155) [kworker/u129:0]
(root,0,0,00:00:06/155-18:35:48,165) [kworker/0:1H]
(root,0,0,00:00:15/155-18:35:48,167) [jbd2/xvda1-8]
(root,0,0,00:00:00/155-18:35:48,168) [ext4-rsv-conver]
(root,64388,9936,00:03:14/155-18:35:29,196) /lib/systemd/systemd-journald
(root,0,0,00:00:00/155-18:35:29,198) [kauditd]
(root,46732,4952,00:00:25/155-18:35:24,226) /lib/systemd/systemd-udevd
(root,0,0,00:00:09/155-18:35:22,231) [kworker/1:1H]
(root,0,0,00:00:00/155-18:35:09,282) [ttm_swap]
(root,0,0,00:00:00/155-18:35:07,316) [edac-poller]
(systemd-timesync,127288,4060,00:00:37/155-18:35:03,388) /lib/systemd/systemd-timesyncd
(root,29636,2732,00:00:24/155-18:35:02,403) /usr/sbin/cron -f
(root,35800,1932,00:29:18/155-18:35:01,416) /usr/sbin/irqbalance --foreground
(messagebus,45112,3620,00:00:00/155-18:35:01,417) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation
(root,37984,2168,00:00:32/155-18:34:48,447) /lib/systemd/systemd-logind
(root,250240,3908,00:00:18/155-18:34:48,448) /usr/sbin/rsyslogd -n
(clamav,1745508,1428196,01:02:47/155-18:34:47,456) /usr/sbin/clamd --foreground=true
(clamav,298648,34924,00:02:58/155-18:34:45,490) /usr/bin/freshclam -d --foreground=true
(bind,295176,30480,00:00:27/155-18:34:44,518) /usr/sbin/named -f -u bind
(root,14524,1716,00:00:00/155-18:34:44,524) /sbin/agetty --noclear tty1 linux
(root,14300,2064,00:00:00/155-18:34:44,525) /sbin/agetty --keep-baud 115200,38400,9600 hvc0 vt220
(smtpgw,21712,2284,00:00:02/155-18:34:40,528) /usr/sbin/smtp-gated /etc/smtp-gated.conf
(root,20220,2156,00:00:37/155-18:34:35,537) /usr/sbin/xinetd -pidfile /run/xinetd.pid -stayalive -inetd_compat -inetd_ipv6
(root,69960,5416,00:00:00/155-18:34:29,560) /usr/sbin/sshd -D
(root,790484,3116,01:21:26/155-18:33:55,575) /usr/sbin/xe-daemon -p /var/run/xe-daemon.pid
(root,25384,1512,00:00:00/155-18:33:53,578) logger -t xe-daemon
(root,25384,1492,00:00:00/155-18:33:53,580) logger -t xenstore
(root,185096,105312,00:45:52/155-18:33:40,595) /usr/bin/perl -T -w /usr/sbin/spamd -d --pidfile=/var/run/spamd.pid --create-prefs --max-children 5 --helper-home-dir --socketpath=/var/run/spamd.sock
(root,185096,99756,00:00:10/155-18:33:27,596) spamd child
(root,185096,99760,00:00:16/155-18:33:27,597) spamd child
(root,0,0,00:00:08/15:51:25,14751) [kworker/1:0]
(root,0,0,00:00:05/06:17:28,29447) [kworker/1:2]
(root,19736,3480,00:00:00/00:00,39036) /bin/bash /usr/bin/check_mk_agent
(root,36632,2860,00:00:00/00:00,39055) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000
(root,13208,1060,00:00:00/00:00,39056) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) /
(root,0,0,00:00:01/1-15:52:25,43471) [kworker/0:2]
(root,0,0,00:00:09/1-09:49:28,52602) [kworker/0:0]

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP mode DEFAULT group default qlen 1000
    link/ether 4e:f3:e0:93:12:31 brd ff:ff:ff:ff:ff:ff
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP mode DEFAULT group default qlen 1000
    link/ether 9e:6e:d6:0f:9c:57 brd ff:ff:ff:ff:ff:ff
[end_iplink]

Found on 2024-11-09 22:15

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcb3562910c28104c57538621431f6ef33680236507

Found public CheckMk agent:
Version: 1.2.8p15
AgentOS: linux
Hostname: proxy1
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
OnlyFrom: 

Found process list through CheckMk:
(root,56948,6788,00:01:14/153-19:11:20,1) /sbin/init
(root,0,0,00:00:00/153-19:11:20,2) [kthreadd]
(root,0,0,00:00:08/153-19:11:20,3) [ksoftirqd/0]
(root,0,0,00:00:00/153-19:11:20,5) [kworker/0:0H]
(root,0,0,02:16:56/153-19:11:20,7) [rcu_sched]
(root,0,0,00:00:00/153-19:11:20,8) [rcu_bh]
(root,0,0,00:00:54/153-19:11:20,9) [migration/0]
(root,0,0,00:00:00/153-19:11:20,10) [lru-add-drain]
(root,0,0,00:01:26/153-19:11:20,11) [watchdog/0]
(root,0,0,00:00:00/153-19:11:20,12) [cpuhp/0]
(root,0,0,00:00:00/153-19:11:20,13) [cpuhp/1]
(root,0,0,00:01:07/153-19:11:20,14) [watchdog/1]
(root,0,0,00:00:40/153-19:11:20,15) [migration/1]
(root,0,0,00:00:38/153-19:11:20,16) [ksoftirqd/1]
(root,0,0,00:00:00/153-19:11:20,18) [kworker/1:0H]
(root,0,0,00:00:00/153-19:11:20,19) [kdevtmpfs]
(root,0,0,00:00:00/153-19:11:20,20) [netns]
(root,0,0,00:00:00/153-19:11:20,21) [xenwatch]
(root,0,0,00:01:36/153-19:11:20,22) [xenbus]
(root,0,0,00:00:05/153-19:11:20,24) [khungtaskd]
(root,0,0,00:00:00/153-19:11:20,25) [oom_reaper]
(root,0,0,00:00:00/153-19:11:20,26) [writeback]
(root,0,0,00:00:00/153-19:11:20,27) [kcompactd0]
(root,0,0,00:00:00/153-19:11:20,28) [ksmd]
(root,0,0,00:00:00/153-19:11:20,29) [khugepaged]
(root,0,0,00:00:00/153-19:11:20,30) [crypto]
(root,0,0,00:00:00/153-19:11:20,31) [kintegrityd]
(root,0,0,00:00:00/153-19:11:20,32) [bioset]
(root,0,0,00:00:00/153-19:11:20,33) [kblockd]
(root,0,0,00:00:00/153-19:11:20,35) [devfreq_wq]
(root,0,0,00:00:00/153-19:11:20,36) [watchdogd]
(root,0,0,00:00:00/153-19:11:19,37) [kswapd0]
(root,0,0,00:00:00/153-19:11:19,38) [vmstat]
(root,0,0,00:00:00/153-19:11:19,50) [kthrotld]
(root,0,0,00:00:00/153-19:11:19,51) [khvcd]
(root,0,0,00:00:00/153-19:11:19,52) [ipv6_addrconf]
(root,0,0,00:00:00/153-19:11:19,91) [bioset]
(root,0,0,00:00:00/153-19:11:19,93) [bioset]
(root,0,0,00:00:00/153-19:11:19,95) [bioset]
(root,0,0,00:00:00/153-19:11:19,96) [kworker/u128:1]
(root,0,0,00:00:00/153-19:11:19,97) [ata_sff]
(root,0,0,00:00:00/153-19:11:19,98) [bioset]
(root,0,0,00:00:00/153-19:11:19,100) [bioset]
(root,0,0,00:00:00/153-19:11:19,102) [bioset]
(root,0,0,00:00:00/153-19:11:19,103) [bioset]
(root,0,0,00:00:00/153-19:11:19,104) [bioset]
(root,0,0,00:00:00/153-19:11:19,118) [scsi_eh_0]
(root,0,0,00:00:00/153-19:11:19,119) [scsi_tmf_0]
(root,0,0,00:00:00/153-19:11:19,120) [scsi_eh_1]
(root,0,0,00:00:00/153-19:11:19,121) [scsi_tmf_1]
(root,0,0,00:00:44/153-19:11:19,123) [kworker/u128:2]
(root,0,0,00:00:00/153-19:11:19,129) [bioset]
(root,0,0,00:00:00/153-19:11:15,155) [kworker/u129:0]
(root,0,0,00:00:06/153-19:11:14,165) [kworker/0:1H]
(root,0,0,00:00:15/153-19:11:14,167) [jbd2/xvda1-8]
(root,0,0,00:00:00/153-19:11:14,168) [ext4-rsv-conver]
(root,64388,9188,00:03:12/153-19:10:55,196) /lib/systemd/systemd-journald
(root,0,0,00:00:00/153-19:10:55,198) [kauditd]
(root,46732,4952,00:00:24/153-19:10:50,226) /lib/systemd/systemd-udevd
(root,0,0,00:00:09/153-19:10:48,231) [kworker/1:1H]
(root,0,0,00:00:00/153-19:10:35,282) [ttm_swap]
(root,0,0,00:00:00/153-19:10:33,316) [edac-poller]
(systemd-timesync,127288,4060,00:00:37/153-19:10:29,388) /lib/systemd/systemd-timesyncd
(root,29636,2732,00:00:23/153-19:10:28,403) /usr/sbin/cron -f
(root,35800,1932,00:28:56/153-19:10:27,416) /usr/sbin/irqbalance --foreground
(messagebus,45112,3620,00:00:00/153-19:10:27,417) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation
(root,37984,2168,00:00:31/153-19:10:14,447) /lib/systemd/systemd-logind
(root,250240,3908,00:00:18/153-19:10:14,448) /usr/sbin/rsyslogd -n
(clamav,1745368,1428016,01:01:54/153-19:10:13,456) /usr/sbin/clamd --foreground=true
(clamav,298612,34888,00:02:56/153-19:10:11,490) /usr/bin/freshclam -d --foreground=true
(bind,295176,30480,00:00:27/153-19:10:10,518) /usr/sbin/named -f -u bind
(root,14524,1716,00:00:00/153-19:10:10,524) /sbin/agetty --noclear tty1 linux
(root,14300,2064,00:00:00/153-19:10:10,525) /sbin/agetty --keep-baud 115200,38400,9600 hvc0 vt220
(smtpgw,21712,2284,00:00:02/153-19:10:06,528) /usr/sbin/smtp-gated /etc/smtp-gated.conf
(root,20220,2156,00:00:37/153-19:10:01,537) /usr/sbin/xinetd -pidfile /run/xinetd.pid -stayalive -inetd_compat -inetd_ipv6
(root,69960,5416,00:00:00/153-19:09:55,560) /usr/sbin/sshd -D
(root,790484,3116,01:20:25/153-19:09:21,575) /usr/sbin/xe-daemon -p /var/run/xe-daemon.pid
(root,25384,1512,00:00:00/153-19:09:19,578) logger -t xe-daemon
(root,25384,1492,00:00:00/153-19:09:19,580) logger -t xenstore
(root,185096,105312,00:45:17/153-19:09:06,595) /usr/bin/perl -T -w /usr/sbin/spamd -d --pidfile=/var/run/spamd.pid --create-prefs --max-children 5 --helper-home-dir --socketpath=/var/run/spamd.sock
(root,185096,99756,00:00:10/153-19:08:53,596) spamd child
(root,185096,99760,00:00:16/153-19:08:53,597) spamd child
(root,0,0,00:00:01/17:38:54,4863) [kworker/1:2]
(root,0,0,00:00:14/16:28:51,6737) [kworker/1:1]
(root,0,0,00:00:03/13:17:54,11540) [kworker/0:0]
(root,19736,3484,00:00:00/00:00,31881) /bin/bash /usr/bin/check_mk_agent
(root,36632,2740,00:00:00/00:00,31900) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000
(root,13208,1028,00:00:00/00:00,31901) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) /
(root,0,0,00:00:06/1-10:02:54,45303) [kworker/0:2]

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP mode DEFAULT group default qlen 1000
    link/ether 4e:f3:e0:93:12:31 brd ff:ff:ff:ff:ff:ff
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP mode DEFAULT group default qlen 1000
    link/ether 9e:6e:d6:0f:9c:57 brd ff:ff:ff:ff:ff:ff
[end_iplink]

Found on 2024-11-07 22:51

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcb3562910c28104c57538621431f6ef336bf4521aa

Found public CheckMk agent:
Version: 1.2.8p15
AgentOS: linux
Hostname: proxy1
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
OnlyFrom: 

Found process list through CheckMk:
(root,56948,6788,00:01:13/151-18:44:25,1) /sbin/init
(root,0,0,00:00:00/151-18:44:25,2) [kthreadd]
(root,0,0,00:00:08/151-18:44:25,3) [ksoftirqd/0]
(root,0,0,00:00:00/151-18:44:25,5) [kworker/0:0H]
(root,0,0,02:15:14/151-18:44:25,7) [rcu_sched]
(root,0,0,00:00:00/151-18:44:25,8) [rcu_bh]
(root,0,0,00:00:53/151-18:44:25,9) [migration/0]
(root,0,0,00:00:00/151-18:44:25,10) [lru-add-drain]
(root,0,0,00:01:25/151-18:44:25,11) [watchdog/0]
(root,0,0,00:00:00/151-18:44:25,12) [cpuhp/0]
(root,0,0,00:00:00/151-18:44:25,13) [cpuhp/1]
(root,0,0,00:01:06/151-18:44:25,14) [watchdog/1]
(root,0,0,00:00:40/151-18:44:25,15) [migration/1]
(root,0,0,00:00:38/151-18:44:25,16) [ksoftirqd/1]
(root,0,0,00:00:00/151-18:44:25,18) [kworker/1:0H]
(root,0,0,00:00:00/151-18:44:25,19) [kdevtmpfs]
(root,0,0,00:00:00/151-18:44:25,20) [netns]
(root,0,0,00:00:00/151-18:44:25,21) [xenwatch]
(root,0,0,00:01:35/151-18:44:25,22) [xenbus]
(root,0,0,00:00:05/151-18:44:25,24) [khungtaskd]
(root,0,0,00:00:00/151-18:44:25,25) [oom_reaper]
(root,0,0,00:00:00/151-18:44:25,26) [writeback]
(root,0,0,00:00:00/151-18:44:25,27) [kcompactd0]
(root,0,0,00:00:00/151-18:44:25,28) [ksmd]
(root,0,0,00:00:00/151-18:44:25,29) [khugepaged]
(root,0,0,00:00:00/151-18:44:25,30) [crypto]
(root,0,0,00:00:00/151-18:44:25,31) [kintegrityd]
(root,0,0,00:00:00/151-18:44:25,32) [bioset]
(root,0,0,00:00:00/151-18:44:25,33) [kblockd]
(root,0,0,00:00:00/151-18:44:25,35) [devfreq_wq]
(root,0,0,00:00:00/151-18:44:25,36) [watchdogd]
(root,0,0,00:00:00/151-18:44:24,37) [kswapd0]
(root,0,0,00:00:00/151-18:44:24,38) [vmstat]
(root,0,0,00:00:00/151-18:44:24,50) [kthrotld]
(root,0,0,00:00:00/151-18:44:24,51) [khvcd]
(root,0,0,00:00:00/151-18:44:24,52) [ipv6_addrconf]
(root,0,0,00:00:00/151-18:44:24,91) [bioset]
(root,0,0,00:00:00/151-18:44:24,93) [bioset]
(root,0,0,00:00:00/151-18:44:24,95) [bioset]
(root,0,0,00:00:00/151-18:44:24,96) [kworker/u128:1]
(root,0,0,00:00:00/151-18:44:24,97) [ata_sff]
(root,0,0,00:00:00/151-18:44:24,98) [bioset]
(root,0,0,00:00:00/151-18:44:24,100) [bioset]
(root,0,0,00:00:00/151-18:44:24,102) [bioset]
(root,0,0,00:00:00/151-18:44:24,103) [bioset]
(root,0,0,00:00:00/151-18:44:24,104) [bioset]
(root,0,0,00:00:00/151-18:44:24,118) [scsi_eh_0]
(root,0,0,00:00:00/151-18:44:24,119) [scsi_tmf_0]
(root,0,0,00:00:00/151-18:44:24,120) [scsi_eh_1]
(root,0,0,00:00:00/151-18:44:24,121) [scsi_tmf_1]
(root,0,0,00:00:44/151-18:44:24,123) [kworker/u128:2]
(root,0,0,00:00:00/151-18:44:24,129) [bioset]
(root,0,0,00:00:00/151-18:44:20,155) [kworker/u129:0]
(root,0,0,00:00:06/151-18:44:19,165) [kworker/0:1H]
(root,0,0,00:00:15/151-18:44:19,167) [jbd2/xvda1-8]
(root,0,0,00:00:00/151-18:44:19,168) [ext4-rsv-conver]
(root,64388,8516,00:03:11/151-18:44:00,196) /lib/systemd/systemd-journald
(root,0,0,00:00:00/151-18:44:00,198) [kauditd]
(root,46732,4952,00:00:24/151-18:43:55,226) /lib/systemd/systemd-udevd
(root,0,0,00:00:09/151-18:43:53,231) [kworker/1:1H]
(root,0,0,00:00:00/151-18:43:40,282) [ttm_swap]
(root,0,0,00:00:00/151-18:43:38,316) [edac-poller]
(systemd-timesync,127288,4060,00:00:36/151-18:43:34,388) /lib/systemd/systemd-timesyncd
(root,29636,2732,00:00:23/151-18:43:33,403) /usr/sbin/cron -f
(root,35800,1932,00:28:33/151-18:43:32,416) /usr/sbin/irqbalance --foreground
(messagebus,45112,3620,00:00:00/151-18:43:32,417) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation
(root,37984,2168,00:00:31/151-18:43:19,447) /lib/systemd/systemd-logind
(root,250240,3908,00:00:18/151-18:43:19,448) /usr/sbin/rsyslogd -n
(clamav,1745584,1428228,01:00:56/151-18:43:18,456) /usr/sbin/clamd --foreground=true
(clamav,298572,34848,00:02:53/151-18:43:16,490) /usr/bin/freshclam -d --foreground=true
(bind,295176,30480,00:00:27/151-18:43:15,518) /usr/sbin/named -f -u bind
(root,14524,1716,00:00:00/151-18:43:15,524) /sbin/agetty --noclear tty1 linux
(root,14300,2064,00:00:00/151-18:43:15,525) /sbin/agetty --keep-baud 115200,38400,9600 hvc0 vt220
(smtpgw,21712,2284,00:00:02/151-18:43:11,528) /usr/sbin/smtp-gated /etc/smtp-gated.conf
(root,20220,2156,00:00:36/151-18:43:06,537) /usr/sbin/xinetd -pidfile /run/xinetd.pid -stayalive -inetd_compat -inetd_ipv6
(root,69960,5416,00:00:00/151-18:43:00,560) /usr/sbin/sshd -D
(root,790484,3116,01:19:21/151-18:42:26,575) /usr/sbin/xe-daemon -p /var/run/xe-daemon.pid
(root,25384,1512,00:00:00/151-18:42:24,578) logger -t xe-daemon
(root,25384,1492,00:00:00/151-18:42:24,580) logger -t xenstore
(root,185096,105312,00:44:41/151-18:42:11,595) /usr/bin/perl -T -w /usr/sbin/spamd -d --pidfile=/var/run/spamd.pid --create-prefs --max-children 5 --helper-home-dir --socketpath=/var/run/spamd.sock
(root,185096,99756,00:00:10/151-18:41:58,596) spamd child
(root,185096,99760,00:00:16/151-18:41:58,597) spamd child
(root,0,0,00:00:10/11:27:59,5328) [kworker/1:2]
(root,19736,3376,00:00:00/00:00,22944) /bin/bash /usr/bin/check_mk_agent
(root,36632,2796,00:00:00/00:00,22963) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000
(root,13208,1008,00:00:00/00:00,22964) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) /
(root,0,0,00:00:10/1-11:56:59,33125) [kworker/0:2]
(root,0,0,00:00:07/2-13:18:05,59495) [kworker/0:1]
(root,0,0,00:00:04/16:03:56,63565) [kworker/1:0]

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP mode DEFAULT group default qlen 1000
    link/ether 4e:f3:e0:93:12:31 brd ff:ff:ff:ff:ff:ff
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP mode DEFAULT group default qlen 1000
    link/ether 9e:6e:d6:0f:9c:57 brd ff:ff:ff:ff:ff:ff
[end_iplink]

Found on 2024-11-05 22:24

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcb3562910c28104c57538621431f6ef336ef4ea1b8

Found public CheckMk agent:
Version: 1.2.8p15
AgentOS: linux
Hostname: proxy1
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
OnlyFrom: 

Found process list through CheckMk:
(root,56948,6788,00:00:51/104-17:24:23,1) /sbin/init
(root,0,0,00:00:00/104-17:24:23,2) [kthreadd]
(root,0,0,00:00:05/104-17:24:23,3) [ksoftirqd/0]
(root,0,0,00:00:00/104-17:24:23,5) [kworker/0:0H]
(root,0,0,01:32:04/104-17:24:23,7) [rcu_sched]
(root,0,0,00:00:00/104-17:24:23,8) [rcu_bh]
(root,0,0,00:00:37/104-17:24:23,9) [migration/0]
(root,0,0,00:00:00/104-17:24:23,10) [lru-add-drain]
(root,0,0,00:00:58/104-17:24:23,11) [watchdog/0]
(root,0,0,00:00:00/104-17:24:23,12) [cpuhp/0]
(root,0,0,00:00:00/104-17:24:23,13) [cpuhp/1]
(root,0,0,00:00:46/104-17:24:23,14) [watchdog/1]
(root,0,0,00:00:27/104-17:24:23,15) [migration/1]
(root,0,0,00:00:25/104-17:24:23,16) [ksoftirqd/1]
(root,0,0,00:00:00/104-17:24:23,18) [kworker/1:0H]
(root,0,0,00:00:00/104-17:24:23,19) [kdevtmpfs]
(root,0,0,00:00:00/104-17:24:23,20) [netns]
(root,0,0,00:00:00/104-17:24:23,21) [xenwatch]
(root,0,0,00:01:05/104-17:24:23,22) [xenbus]
(root,0,0,00:00:03/104-17:24:23,24) [khungtaskd]
(root,0,0,00:00:00/104-17:24:23,25) [oom_reaper]
(root,0,0,00:00:00/104-17:24:23,26) [writeback]
(root,0,0,00:00:00/104-17:24:23,27) [kcompactd0]
(root,0,0,00:00:00/104-17:24:23,28) [ksmd]
(root,0,0,00:00:00/104-17:24:23,29) [khugepaged]
(root,0,0,00:00:00/104-17:24:23,30) [crypto]
(root,0,0,00:00:00/104-17:24:23,31) [kintegrityd]
(root,0,0,00:00:00/104-17:24:23,32) [bioset]
(root,0,0,00:00:00/104-17:24:23,33) [kblockd]
(root,0,0,00:00:00/104-17:24:23,35) [devfreq_wq]
(root,0,0,00:00:00/104-17:24:23,36) [watchdogd]
(root,0,0,00:00:00/104-17:24:22,37) [kswapd0]
(root,0,0,00:00:00/104-17:24:22,38) [vmstat]
(root,0,0,00:00:00/104-17:24:22,50) [kthrotld]
(root,0,0,00:00:00/104-17:24:22,51) [khvcd]
(root,0,0,00:00:00/104-17:24:22,52) [ipv6_addrconf]
(root,0,0,00:00:00/104-17:24:22,91) [bioset]
(root,0,0,00:00:00/104-17:24:22,93) [bioset]
(root,0,0,00:00:00/104-17:24:22,95) [bioset]
(root,0,0,00:00:00/104-17:24:22,96) [kworker/u128:1]
(root,0,0,00:00:00/104-17:24:22,97) [ata_sff]
(root,0,0,00:00:00/104-17:24:22,98) [bioset]
(root,0,0,00:00:00/104-17:24:22,100) [bioset]
(root,0,0,00:00:00/104-17:24:22,102) [bioset]
(root,0,0,00:00:00/104-17:24:22,103) [bioset]
(root,0,0,00:00:00/104-17:24:22,104) [bioset]
(root,0,0,00:00:00/104-17:24:22,118) [scsi_eh_0]
(root,0,0,00:00:00/104-17:24:22,119) [scsi_tmf_0]
(root,0,0,00:00:00/104-17:24:22,120) [scsi_eh_1]
(root,0,0,00:00:00/104-17:24:22,121) [scsi_tmf_1]
(root,0,0,00:00:27/104-17:24:22,123) [kworker/u128:2]
(root,0,0,00:00:00/104-17:24:22,129) [bioset]
(root,0,0,00:00:00/104-17:24:18,155) [kworker/u129:0]
(root,0,0,00:00:04/104-17:24:17,165) [kworker/0:1H]
(root,0,0,00:00:08/104-17:24:17,167) [jbd2/xvda1-8]
(root,0,0,00:00:00/104-17:24:17,168) [ext4-rsv-conver]
(root,59340,5176,00:01:48/104-17:23:58,196) /lib/systemd/systemd-journald
(root,0,0,00:00:00/104-17:23:58,198) [kauditd]
(root,46732,4952,00:00:16/104-17:23:53,226) /lib/systemd/systemd-udevd
(root,0,0,00:00:05/104-17:23:51,231) [kworker/1:1H]
(root,0,0,00:00:00/104-17:23:38,282) [ttm_swap]
(root,0,0,00:00:00/104-17:23:36,316) [edac-poller]
(systemd-timesync,127288,4060,00:00:25/104-17:23:32,388) /lib/systemd/systemd-timesyncd
(root,29636,2732,00:00:16/104-17:23:31,403) /usr/sbin/cron -f
(root,35800,1932,00:19:43/104-17:23:30,416) /usr/sbin/irqbalance --foreground
(messagebus,45112,3620,00:00:00/104-17:23:30,417) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation
(root,37984,2168,00:00:21/104-17:23:17,447) /lib/systemd/systemd-logind
(root,250240,3640,00:00:09/104-17:23:17,448) /usr/sbin/rsyslogd -n
(clamav,1744496,1427136,00:42:30/104-17:23:16,456) /usr/sbin/clamd --foreground=true
(clamav,297676,33952,00:02:01/104-17:23:14,490) /usr/bin/freshclam -d --foreground=true
(bind,295176,30480,00:00:13/104-17:23:13,518) /usr/sbin/named -f -u bind
(root,14524,1716,00:00:00/104-17:23:13,524) /sbin/agetty --noclear tty1 linux
(root,14300,2064,00:00:00/104-17:23:13,525) /sbin/agetty --keep-baud 115200,38400,9600 hvc0 vt220
(smtpgw,21712,2284,00:00:01/104-17:23:09,528) /usr/sbin/smtp-gated /etc/smtp-gated.conf
(root,20220,2156,00:00:25/104-17:23:04,537) /usr/sbin/xinetd -pidfile /run/xinetd.pid -stayalive -inetd_compat -inetd_ipv6
(root,69960,5416,00:00:00/104-17:22:58,560) /usr/sbin/sshd -D
(root,790484,3112,00:54:39/104-17:22:24,575) /usr/sbin/xe-daemon -p /var/run/xe-daemon.pid
(root,25384,1512,00:00:00/104-17:22:22,578) logger -t xe-daemon
(root,25384,1492,00:00:00/104-17:22:22,580) logger -t xenstore
(root,185096,105312,00:30:51/104-17:22:09,595) /usr/bin/perl -T -w /usr/sbin/spamd -d --pidfile=/var/run/spamd.pid --create-prefs --max-children 5 --helper-home-dir --socketpath=/var/run/spamd.sock
(root,185096,99756,00:00:07/104-17:21:56,596) spamd child
(root,185096,99760,00:00:11/104-17:21:56,597) spamd child
(root,0,0,00:00:04/16:32:57,29770) [kworker/0:2]
(root,0,0,00:00:08/09:04:03,41074) [kworker/1:2]
(root,0,0,00:00:09/2-00:22:57,46059) [kworker/0:0]
(root,0,0,00:00:00/07:57,54667) [kworker/1:0]
(root,19736,3308,00:00:00/00:00,54966) /bin/bash /usr/bin/check_mk_agent
(root,36632,2804,00:00:00/00:00,54985) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000
(root,13208,1012,00:00:00/00:00,54986) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) /

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP mode DEFAULT group default qlen 1000
    link/ether 4e:f3:e0:93:12:31 brd ff:ff:ff:ff:ff:ff
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP mode DEFAULT group default qlen 1000
    link/ether 9e:6e:d6:0f:9c:57 brd ff:ff:ff:ff:ff:ff
[end_iplink]

Found on 2024-09-19 21:04

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcb3562910c28104c57538621431f6ef336bcbb26be

Found public CheckMk agent:
Version: 1.2.8p15
AgentOS: linux
Hostname: proxy1
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
OnlyFrom: 

Found process list through CheckMk:
(root,56948,6788,00:00:50/102-16:55:11,1) /sbin/init
(root,0,0,00:00:00/102-16:55:11,2) [kthreadd]
(root,0,0,00:00:05/102-16:55:11,3) [ksoftirqd/0]
(root,0,0,00:00:00/102-16:55:11,5) [kworker/0:0H]
(root,0,0,01:30:25/102-16:55:11,7) [rcu_sched]
(root,0,0,00:00:00/102-16:55:11,8) [rcu_bh]
(root,0,0,00:00:36/102-16:55:11,9) [migration/0]
(root,0,0,00:00:00/102-16:55:11,10) [lru-add-drain]
(root,0,0,00:00:57/102-16:55:11,11) [watchdog/0]
(root,0,0,00:00:00/102-16:55:11,12) [cpuhp/0]
(root,0,0,00:00:00/102-16:55:11,13) [cpuhp/1]
(root,0,0,00:00:45/102-16:55:11,14) [watchdog/1]
(root,0,0,00:00:27/102-16:55:11,15) [migration/1]
(root,0,0,00:00:25/102-16:55:11,16) [ksoftirqd/1]
(root,0,0,00:00:00/102-16:55:11,18) [kworker/1:0H]
(root,0,0,00:00:00/102-16:55:11,19) [kdevtmpfs]
(root,0,0,00:00:00/102-16:55:11,20) [netns]
(root,0,0,00:00:00/102-16:55:11,21) [xenwatch]
(root,0,0,00:01:04/102-16:55:11,22) [xenbus]
(root,0,0,00:00:03/102-16:55:11,24) [khungtaskd]
(root,0,0,00:00:00/102-16:55:11,25) [oom_reaper]
(root,0,0,00:00:00/102-16:55:11,26) [writeback]
(root,0,0,00:00:00/102-16:55:11,27) [kcompactd0]
(root,0,0,00:00:00/102-16:55:11,28) [ksmd]
(root,0,0,00:00:00/102-16:55:11,29) [khugepaged]
(root,0,0,00:00:00/102-16:55:11,30) [crypto]
(root,0,0,00:00:00/102-16:55:11,31) [kintegrityd]
(root,0,0,00:00:00/102-16:55:11,32) [bioset]
(root,0,0,00:00:00/102-16:55:11,33) [kblockd]
(root,0,0,00:00:00/102-16:55:11,35) [devfreq_wq]
(root,0,0,00:00:00/102-16:55:11,36) [watchdogd]
(root,0,0,00:00:00/102-16:55:10,37) [kswapd0]
(root,0,0,00:00:00/102-16:55:10,38) [vmstat]
(root,0,0,00:00:00/102-16:55:10,50) [kthrotld]
(root,0,0,00:00:00/102-16:55:10,51) [khvcd]
(root,0,0,00:00:00/102-16:55:10,52) [ipv6_addrconf]
(root,0,0,00:00:00/102-16:55:10,91) [bioset]
(root,0,0,00:00:00/102-16:55:10,93) [bioset]
(root,0,0,00:00:00/102-16:55:10,95) [bioset]
(root,0,0,00:00:00/102-16:55:10,96) [kworker/u128:1]
(root,0,0,00:00:00/102-16:55:10,97) [ata_sff]
(root,0,0,00:00:00/102-16:55:10,98) [bioset]
(root,0,0,00:00:00/102-16:55:10,100) [bioset]
(root,0,0,00:00:00/102-16:55:10,102) [bioset]
(root,0,0,00:00:00/102-16:55:10,103) [bioset]
(root,0,0,00:00:00/102-16:55:10,104) [bioset]
(root,0,0,00:00:00/102-16:55:10,118) [scsi_eh_0]
(root,0,0,00:00:00/102-16:55:10,119) [scsi_tmf_0]
(root,0,0,00:00:00/102-16:55:10,120) [scsi_eh_1]
(root,0,0,00:00:00/102-16:55:10,121) [scsi_tmf_1]
(root,0,0,00:00:27/102-16:55:10,123) [kworker/u128:2]
(root,0,0,00:00:00/102-16:55:10,129) [bioset]
(root,0,0,00:00:00/102-16:55:06,155) [kworker/u129:0]
(root,0,0,00:00:03/102-16:55:05,165) [kworker/0:1H]
(root,0,0,00:00:08/102-16:55:05,167) [jbd2/xvda1-8]
(root,0,0,00:00:00/102-16:55:05,168) [ext4-rsv-conver]
(root,59340,6164,00:01:42/102-16:54:46,196) /lib/systemd/systemd-journald
(root,0,0,00:00:00/102-16:54:46,198) [kauditd]
(root,46732,4952,00:00:16/102-16:54:41,226) /lib/systemd/systemd-udevd
(root,0,0,00:00:05/102-16:54:39,231) [kworker/1:1H]
(root,0,0,00:00:00/102-16:54:26,282) [ttm_swap]
(root,0,0,00:00:00/102-16:54:24,316) [edac-poller]
(systemd-timesync,127288,4060,00:00:24/102-16:54:20,388) /lib/systemd/systemd-timesyncd
(root,29636,2732,00:00:15/102-16:54:19,403) /usr/sbin/cron -f
(root,35800,1932,00:19:20/102-16:54:18,416) /usr/sbin/irqbalance --foreground
(messagebus,45112,3620,00:00:00/102-16:54:18,417) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation
(root,37984,2168,00:00:21/102-16:54:05,447) /lib/systemd/systemd-logind
(root,250240,3640,00:00:09/102-16:54:05,448) /usr/sbin/rsyslogd -n
(clamav,1744332,1427016,00:41:38/102-16:54:04,456) /usr/sbin/clamd --foreground=true
(clamav,297636,33912,00:01:59/102-16:54:02,490) /usr/bin/freshclam -d --foreground=true
(bind,295176,30480,00:00:12/102-16:54:01,518) /usr/sbin/named -f -u bind
(root,14524,1716,00:00:00/102-16:54:01,524) /sbin/agetty --noclear tty1 linux
(root,14300,2064,00:00:00/102-16:54:01,525) /sbin/agetty --keep-baud 115200,38400,9600 hvc0 vt220
(smtpgw,21712,2284,00:00:01/102-16:53:57,528) /usr/sbin/smtp-gated /etc/smtp-gated.conf
(root,20220,2156,00:00:24/102-16:53:52,537) /usr/sbin/xinetd -pidfile /run/xinetd.pid -stayalive -inetd_compat -inetd_ipv6
(root,69960,5416,00:00:00/102-16:53:46,560) /usr/sbin/sshd -D
(root,790484,3112,00:53:35/102-16:53:12,575) /usr/sbin/xe-daemon -p /var/run/xe-daemon.pid
(root,25384,1512,00:00:00/102-16:53:10,578) logger -t xe-daemon
(root,25384,1492,00:00:00/102-16:53:10,580) logger -t xenstore
(root,185096,105312,00:30:16/102-16:52:57,595) /usr/bin/perl -T -w /usr/sbin/spamd -d --pidfile=/var/run/spamd.pid --create-prefs --max-children 5 --helper-home-dir --socketpath=/var/run/spamd.sock
(root,185096,99756,00:00:07/102-16:52:44,596) spamd child
(root,185096,99760,00:00:11/102-16:52:44,597) spamd child
(root,0,0,00:00:02/15:00:42,22755) [kworker/1:1]
(root,0,0,00:00:10/12:04:46,27257) [kworker/1:2]
(root,19736,3284,00:00:00/00:00,45822) /bin/bash /usr/bin/check_mk_agent
(root,36632,2836,00:00:00/00:00,45841) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000
(root,13208,1012,00:00:00/00:00,45842) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) /
(root,0,0,00:00:00/1-15:01:42,51227) [kworker/0:2]
(root,0,0,00:00:10/1-12:06:45,55770) [kworker/0:1]

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP mode DEFAULT group default qlen 1000
    link/ether 4e:f3:e0:93:12:31 brd ff:ff:ff:ff:ff:ff
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP mode DEFAULT group default qlen 1000
    link/ether 9e:6e:d6:0f:9c:57 brd ff:ff:ff:ff:ff:ff
[end_iplink]

Found on 2024-09-17 20:35

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcb3562910c28104c57538621431f6ef3361953ec2c

Found public CheckMk agent:
Version: 1.2.8p15
AgentOS: linux
Hostname: proxy1
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
OnlyFrom: 

Found process list through CheckMk:
(root,56948,6788,00:00:49/100-17:01:36,1) /sbin/init
(root,0,0,00:00:00/100-17:01:36,2) [kthreadd]
(root,0,0,00:00:05/100-17:01:36,3) [ksoftirqd/0]
(root,0,0,00:00:00/100-17:01:36,5) [kworker/0:0H]
(root,0,0,01:28:46/100-17:01:36,7) [rcu_sched]
(root,0,0,00:00:00/100-17:01:36,8) [rcu_bh]
(root,0,0,00:00:35/100-17:01:36,9) [migration/0]
(root,0,0,00:00:00/100-17:01:36,10) [lru-add-drain]
(root,0,0,00:00:56/100-17:01:36,11) [watchdog/0]
(root,0,0,00:00:00/100-17:01:36,12) [cpuhp/0]
(root,0,0,00:00:00/100-17:01:36,13) [cpuhp/1]
(root,0,0,00:00:44/100-17:01:36,14) [watchdog/1]
(root,0,0,00:00:26/100-17:01:36,15) [migration/1]
(root,0,0,00:00:24/100-17:01:36,16) [ksoftirqd/1]
(root,0,0,00:00:00/100-17:01:36,18) [kworker/1:0H]
(root,0,0,00:00:00/100-17:01:36,19) [kdevtmpfs]
(root,0,0,00:00:00/100-17:01:36,20) [netns]
(root,0,0,00:00:00/100-17:01:36,21) [xenwatch]
(root,0,0,00:01:02/100-17:01:36,22) [xenbus]
(root,0,0,00:00:03/100-17:01:36,24) [khungtaskd]
(root,0,0,00:00:00/100-17:01:36,25) [oom_reaper]
(root,0,0,00:00:00/100-17:01:36,26) [writeback]
(root,0,0,00:00:00/100-17:01:36,27) [kcompactd0]
(root,0,0,00:00:00/100-17:01:36,28) [ksmd]
(root,0,0,00:00:00/100-17:01:36,29) [khugepaged]
(root,0,0,00:00:00/100-17:01:36,30) [crypto]
(root,0,0,00:00:00/100-17:01:36,31) [kintegrityd]
(root,0,0,00:00:00/100-17:01:36,32) [bioset]
(root,0,0,00:00:00/100-17:01:36,33) [kblockd]
(root,0,0,00:00:00/100-17:01:36,35) [devfreq_wq]
(root,0,0,00:00:00/100-17:01:36,36) [watchdogd]
(root,0,0,00:00:00/100-17:01:35,37) [kswapd0]
(root,0,0,00:00:00/100-17:01:35,38) [vmstat]
(root,0,0,00:00:00/100-17:01:35,50) [kthrotld]
(root,0,0,00:00:00/100-17:01:35,51) [khvcd]
(root,0,0,00:00:00/100-17:01:35,52) [ipv6_addrconf]
(root,0,0,00:00:00/100-17:01:35,91) [bioset]
(root,0,0,00:00:00/100-17:01:35,93) [bioset]
(root,0,0,00:00:00/100-17:01:35,95) [bioset]
(root,0,0,00:00:00/100-17:01:35,96) [kworker/u128:1]
(root,0,0,00:00:00/100-17:01:35,97) [ata_sff]
(root,0,0,00:00:00/100-17:01:35,98) [bioset]
(root,0,0,00:00:00/100-17:01:35,100) [bioset]
(root,0,0,00:00:00/100-17:01:35,102) [bioset]
(root,0,0,00:00:00/100-17:01:35,103) [bioset]
(root,0,0,00:00:00/100-17:01:35,104) [bioset]
(root,0,0,00:00:00/100-17:01:35,118) [scsi_eh_0]
(root,0,0,00:00:00/100-17:01:35,119) [scsi_tmf_0]
(root,0,0,00:00:00/100-17:01:35,120) [scsi_eh_1]
(root,0,0,00:00:00/100-17:01:35,121) [scsi_tmf_1]
(root,0,0,00:00:26/100-17:01:35,123) [kworker/u128:2]
(root,0,0,00:00:00/100-17:01:35,129) [bioset]
(root,0,0,00:00:00/100-17:01:31,155) [kworker/u129:0]
(root,0,0,00:00:03/100-17:01:30,165) [kworker/0:1H]
(root,0,0,00:00:08/100-17:01:30,167) [jbd2/xvda1-8]
(root,0,0,00:00:00/100-17:01:30,168) [ext4-rsv-conver]
(root,64388,7212,00:01:37/100-17:01:11,196) /lib/systemd/systemd-journald
(root,0,0,00:00:00/100-17:01:11,198) [kauditd]
(root,46732,4952,00:00:16/100-17:01:06,226) /lib/systemd/systemd-udevd
(root,0,0,00:00:05/100-17:01:04,231) [kworker/1:1H]
(root,0,0,00:00:00/100-17:00:51,282) [ttm_swap]
(root,0,0,00:00:00/100-17:00:49,316) [edac-poller]
(systemd-timesync,127288,4060,00:00:24/100-17:00:45,388) /lib/systemd/systemd-timesyncd
(root,29636,2732,00:00:15/100-17:00:44,403) /usr/sbin/cron -f
(root,35800,1932,00:18:57/100-17:00:43,416) /usr/sbin/irqbalance --foreground
(messagebus,45112,3620,00:00:00/100-17:00:43,417) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation
(root,37984,2168,00:00:20/100-17:00:30,447) /lib/systemd/systemd-logind
(root,250240,3640,00:00:08/100-17:00:30,448) /usr/sbin/rsyslogd -n
(clamav,1744480,1427080,00:40:45/100-17:00:29,456) /usr/sbin/clamd --foreground=true
(clamav,297596,33872,00:01:56/100-17:00:27,490) /usr/bin/freshclam -d --foreground=true
(bind,295176,30480,00:00:11/100-17:00:26,518) /usr/sbin/named -f -u bind
(root,14524,1716,00:00:00/100-17:00:26,524) /sbin/agetty --noclear tty1 linux
(root,14300,2064,00:00:00/100-17:00:26,525) /sbin/agetty --keep-baud 115200,38400,9600 hvc0 vt220
(smtpgw,21712,2284,00:00:01/100-17:00:22,528) /usr/sbin/smtp-gated /etc/smtp-gated.conf
(root,20220,2156,00:00:24/100-17:00:17,537) /usr/sbin/xinetd -pidfile /run/xinetd.pid -stayalive -inetd_compat -inetd_ipv6
(root,69960,5416,00:00:00/100-17:00:11,560) /usr/sbin/sshd -D
(root,790484,3112,00:52:32/100-16:59:37,575) /usr/sbin/xe-daemon -p /var/run/xe-daemon.pid
(root,25384,1512,00:00:00/100-16:59:35,578) logger -t xe-daemon
(root,25384,1492,00:00:00/100-16:59:35,580) logger -t xenstore
(root,185096,105312,00:29:41/100-16:59:22,595) /usr/bin/perl -T -w /usr/sbin/spamd -d --pidfile=/var/run/spamd.pid --create-prefs --max-children 5 --helper-home-dir --socketpath=/var/run/spamd.sock
(root,185096,99756,00:00:07/100-16:59:09,596) spamd child
(root,185096,99760,00:00:10/100-16:59:09,597) spamd child
(root,0,0,00:00:00/16:04:10,12900) [kworker/1:0]
(root,0,0,00:00:13/15:09:07,14274) [kworker/1:1]
(root,0,0,00:00:01/05:46:10,28510) [kworker/0:2]
(root,0,0,00:00:00/29:10,36554) [kworker/0:1]
(root,19736,3376,00:00:00/00:00,37344) /bin/bash /usr/bin/check_mk_agent
(root,36632,2844,00:00:00/00:00,37363) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000
(root,13208,1048,00:00:00/00:00,37364) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) /

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP mode DEFAULT group default qlen 1000
    link/ether 4e:f3:e0:93:12:31 brd ff:ff:ff:ff:ff:ff
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP mode DEFAULT group default qlen 1000
    link/ether 9e:6e:d6:0f:9c:57 brd ff:ff:ff:ff:ff:ff
[end_iplink]

Found on 2024-09-15 20:41

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcb3562910c28104c57538621431f6ef336b07a7718

Found public CheckMk agent:
Version: 1.2.8p15
AgentOS: linux
Hostname: proxy1
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
OnlyFrom: 

Found process list through CheckMk:
(root,56948,6788,00:00:48/98-17:05:43,1) /sbin/init
(root,0,0,00:00:00/98-17:05:43,2) [kthreadd]
(root,0,0,00:00:05/98-17:05:43,3) [ksoftirqd/0]
(root,0,0,00:00:00/98-17:05:43,5) [kworker/0:0H]
(root,0,0,01:26:51/98-17:05:43,7) [rcu_sched]
(root,0,0,00:00:00/98-17:05:43,8) [rcu_bh]
(root,0,0,00:00:34/98-17:05:43,9) [migration/0]
(root,0,0,00:00:00/98-17:05:43,10) [lru-add-drain]
(root,0,0,00:00:55/98-17:05:43,11) [watchdog/0]
(root,0,0,00:00:00/98-17:05:43,12) [cpuhp/0]
(root,0,0,00:00:00/98-17:05:43,13) [cpuhp/1]
(root,0,0,00:00:43/98-17:05:43,14) [watchdog/1]
(root,0,0,00:00:26/98-17:05:43,15) [migration/1]
(root,0,0,00:00:24/98-17:05:43,16) [ksoftirqd/1]
(root,0,0,00:00:00/98-17:05:43,18) [kworker/1:0H]
(root,0,0,00:00:00/98-17:05:43,19) [kdevtmpfs]
(root,0,0,00:00:00/98-17:05:43,20) [netns]
(root,0,0,00:00:00/98-17:05:43,21) [xenwatch]
(root,0,0,00:01:01/98-17:05:43,22) [xenbus]
(root,0,0,00:00:03/98-17:05:43,24) [khungtaskd]
(root,0,0,00:00:00/98-17:05:43,25) [oom_reaper]
(root,0,0,00:00:00/98-17:05:43,26) [writeback]
(root,0,0,00:00:00/98-17:05:43,27) [kcompactd0]
(root,0,0,00:00:00/98-17:05:43,28) [ksmd]
(root,0,0,00:00:00/98-17:05:43,29) [khugepaged]
(root,0,0,00:00:00/98-17:05:43,30) [crypto]
(root,0,0,00:00:00/98-17:05:43,31) [kintegrityd]
(root,0,0,00:00:00/98-17:05:43,32) [bioset]
(root,0,0,00:00:00/98-17:05:43,33) [kblockd]
(root,0,0,00:00:00/98-17:05:43,35) [devfreq_wq]
(root,0,0,00:00:00/98-17:05:43,36) [watchdogd]
(root,0,0,00:00:00/98-17:05:42,37) [kswapd0]
(root,0,0,00:00:00/98-17:05:42,38) [vmstat]
(root,0,0,00:00:00/98-17:05:42,50) [kthrotld]
(root,0,0,00:00:00/98-17:05:42,51) [khvcd]
(root,0,0,00:00:00/98-17:05:42,52) [ipv6_addrconf]
(root,0,0,00:00:00/98-17:05:42,91) [bioset]
(root,0,0,00:00:00/98-17:05:42,93) [bioset]
(root,0,0,00:00:00/98-17:05:42,95) [bioset]
(root,0,0,00:00:00/98-17:05:42,96) [kworker/u128:1]
(root,0,0,00:00:00/98-17:05:42,97) [ata_sff]
(root,0,0,00:00:00/98-17:05:42,98) [bioset]
(root,0,0,00:00:00/98-17:05:42,100) [bioset]
(root,0,0,00:00:00/98-17:05:42,102) [bioset]
(root,0,0,00:00:00/98-17:05:42,103) [bioset]
(root,0,0,00:00:00/98-17:05:42,104) [bioset]
(root,0,0,00:00:00/98-17:05:42,118) [scsi_eh_0]
(root,0,0,00:00:00/98-17:05:42,119) [scsi_tmf_0]
(root,0,0,00:00:00/98-17:05:42,120) [scsi_eh_1]
(root,0,0,00:00:00/98-17:05:42,121) [scsi_tmf_1]
(root,0,0,00:00:25/98-17:05:42,123) [kworker/u128:2]
(root,0,0,00:00:00/98-17:05:42,129) [bioset]
(root,0,0,00:00:00/98-17:05:38,155) [kworker/u129:0]
(root,0,0,00:00:03/98-17:05:37,165) [kworker/0:1H]
(root,0,0,00:00:07/98-17:05:37,167) [jbd2/xvda1-8]
(root,0,0,00:00:00/98-17:05:37,168) [ext4-rsv-conver]
(root,64388,8380,00:01:32/98-17:05:18,196) /lib/systemd/systemd-journald
(root,0,0,00:00:00/98-17:05:18,198) [kauditd]
(root,46732,4952,00:00:16/98-17:05:13,226) /lib/systemd/systemd-udevd
(root,0,0,00:00:05/98-17:05:11,231) [kworker/1:1H]
(root,0,0,00:00:00/98-17:04:58,282) [ttm_swap]
(root,0,0,00:00:00/98-17:04:56,316) [edac-poller]
(systemd-timesync,127288,4060,00:00:23/98-17:04:52,388) /lib/systemd/systemd-timesyncd
(root,29636,2732,00:00:15/98-17:04:51,403) /usr/sbin/cron -f
(root,35800,1932,00:18:35/98-17:04:50,416) /usr/sbin/irqbalance --foreground
(messagebus,45112,3620,00:00:00/98-17:04:50,417) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation
(root,37984,2168,00:00:20/98-17:04:37,447) /lib/systemd/systemd-logind
(root,250240,3640,00:00:08/98-17:04:37,448) /usr/sbin/rsyslogd -n
(clamav,1744092,1426672,00:39:52/98-17:04:36,456) /usr/sbin/clamd --foreground=true
(clamav,297560,33836,00:01:54/98-17:04:34,490) /usr/bin/freshclam -d --foreground=true
(bind,295176,30480,00:00:11/98-17:04:33,518) /usr/sbin/named -f -u bind
(root,14524,1716,00:00:00/98-17:04:33,524) /sbin/agetty --noclear tty1 linux
(root,14300,2064,00:00:00/98-17:04:33,525) /sbin/agetty --keep-baud 115200,38400,9600 hvc0 vt220
(smtpgw,21712,2284,00:00:01/98-17:04:29,528) /usr/sbin/smtp-gated /etc/smtp-gated.conf
(root,20220,2156,00:00:23/98-17:04:24,537) /usr/sbin/xinetd -pidfile /run/xinetd.pid -stayalive -inetd_compat -inetd_ipv6
(root,69960,5416,00:00:00/98-17:04:18,560) /usr/sbin/sshd -D
(root,790484,3112,00:51:30/98-17:03:44,575) /usr/sbin/xe-daemon -p /var/run/xe-daemon.pid
(root,25384,1512,00:00:00/98-17:03:42,578) logger -t xe-daemon
(root,25384,1492,00:00:00/98-17:03:42,580) logger -t xenstore
(root,185096,105312,00:29:05/98-17:03:29,595) /usr/bin/perl -T -w /usr/sbin/spamd -d --pidfile=/var/run/spamd.pid --create-prefs --max-children 5 --helper-home-dir --socketpath=/var/run/spamd.sock
(root,185096,99756,00:00:07/98-17:03:16,596) spamd child
(root,185096,99760,00:00:10/98-17:03:16,597) spamd child
(root,0,0,00:00:07/12:33:17,9610) [kworker/1:2]
(root,0,0,00:00:03/04:07:17,22652) [kworker/1:0]
(root,0,0,00:00:14/3-15:18:14,25589) [kworker/0:0]
(root,19736,3488,00:00:00/00:00,28987) /bin/bash /usr/bin/check_mk_agent
(root,36632,2740,00:00:00/00:00,29006) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000
(root,13208,1064,00:00:00/00:00,29007) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) /
(root,0,0,00:00:11/1-15:16:14,34095) [kworker/0:2]

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP mode DEFAULT group default qlen 1000
    link/ether 4e:f3:e0:93:12:31 brd ff:ff:ff:ff:ff:ff
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP mode DEFAULT group default qlen 1000
    link/ether 9e:6e:d6:0f:9c:57 brd ff:ff:ff:ff:ff:ff
[end_iplink]

Found on 2024-09-13 20:45

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcb3562910c28104c57538621431f6ef33663a0e26d

Found public CheckMk agent:
Version: 1.2.8p15
AgentOS: linux
Hostname: proxy1
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
OnlyFrom: 

Found process list through CheckMk:
(root,56948,6788,00:00:47/96-17:13:21,1) /sbin/init
(root,0,0,00:00:00/96-17:13:21,2) [kthreadd]
(root,0,0,00:00:05/96-17:13:21,3) [ksoftirqd/0]
(root,0,0,00:00:00/96-17:13:21,5) [kworker/0:0H]
(root,0,0,01:24:51/96-17:13:21,7) [rcu_sched]
(root,0,0,00:00:00/96-17:13:21,8) [rcu_bh]
(root,0,0,00:00:34/96-17:13:21,9) [migration/0]
(root,0,0,00:00:00/96-17:13:21,10) [lru-add-drain]
(root,0,0,00:00:54/96-17:13:21,11) [watchdog/0]
(root,0,0,00:00:00/96-17:13:21,12) [cpuhp/0]
(root,0,0,00:00:00/96-17:13:21,13) [cpuhp/1]
(root,0,0,00:00:42/96-17:13:21,14) [watchdog/1]
(root,0,0,00:00:25/96-17:13:21,15) [migration/1]
(root,0,0,00:00:23/96-17:13:21,16) [ksoftirqd/1]
(root,0,0,00:00:00/96-17:13:21,18) [kworker/1:0H]
(root,0,0,00:00:00/96-17:13:21,19) [kdevtmpfs]
(root,0,0,00:00:00/96-17:13:21,20) [netns]
(root,0,0,00:00:00/96-17:13:21,21) [xenwatch]
(root,0,0,00:01:00/96-17:13:21,22) [xenbus]
(root,0,0,00:00:03/96-17:13:21,24) [khungtaskd]
(root,0,0,00:00:00/96-17:13:21,25) [oom_reaper]
(root,0,0,00:00:00/96-17:13:21,26) [writeback]
(root,0,0,00:00:00/96-17:13:21,27) [kcompactd0]
(root,0,0,00:00:00/96-17:13:21,28) [ksmd]
(root,0,0,00:00:00/96-17:13:21,29) [khugepaged]
(root,0,0,00:00:00/96-17:13:21,30) [crypto]
(root,0,0,00:00:00/96-17:13:21,31) [kintegrityd]
(root,0,0,00:00:00/96-17:13:21,32) [bioset]
(root,0,0,00:00:00/96-17:13:21,33) [kblockd]
(root,0,0,00:00:00/96-17:13:21,35) [devfreq_wq]
(root,0,0,00:00:00/96-17:13:21,36) [watchdogd]
(root,0,0,00:00:00/96-17:13:20,37) [kswapd0]
(root,0,0,00:00:00/96-17:13:20,38) [vmstat]
(root,0,0,00:00:00/96-17:13:20,50) [kthrotld]
(root,0,0,00:00:00/96-17:13:20,51) [khvcd]
(root,0,0,00:00:00/96-17:13:20,52) [ipv6_addrconf]
(root,0,0,00:00:00/96-17:13:20,91) [bioset]
(root,0,0,00:00:00/96-17:13:20,93) [bioset]
(root,0,0,00:00:00/96-17:13:20,95) [bioset]
(root,0,0,00:00:00/96-17:13:20,96) [kworker/u128:1]
(root,0,0,00:00:00/96-17:13:20,97) [ata_sff]
(root,0,0,00:00:00/96-17:13:20,98) [bioset]
(root,0,0,00:00:00/96-17:13:20,100) [bioset]
(root,0,0,00:00:00/96-17:13:20,102) [bioset]
(root,0,0,00:00:00/96-17:13:20,103) [bioset]
(root,0,0,00:00:00/96-17:13:20,104) [bioset]
(root,0,0,00:00:00/96-17:13:20,118) [scsi_eh_0]
(root,0,0,00:00:00/96-17:13:20,119) [scsi_tmf_0]
(root,0,0,00:00:00/96-17:13:20,120) [scsi_eh_1]
(root,0,0,00:00:00/96-17:13:20,121) [scsi_tmf_1]
(root,0,0,00:00:24/96-17:13:20,123) [kworker/u128:2]
(root,0,0,00:00:00/96-17:13:20,129) [bioset]
(root,0,0,00:00:00/96-17:13:16,155) [kworker/u129:0]
(root,0,0,00:00:03/96-17:13:15,165) [kworker/0:1H]
(root,0,0,00:00:07/96-17:13:15,167) [jbd2/xvda1-8]
(root,0,0,00:00:00/96-17:13:15,168) [ext4-rsv-conver]
(root,64388,8864,00:01:26/96-17:12:56,196) /lib/systemd/systemd-journald
(root,0,0,00:00:00/96-17:12:56,198) [kauditd]
(root,46732,4952,00:00:15/96-17:12:51,226) /lib/systemd/systemd-udevd
(root,0,0,00:00:05/96-17:12:49,231) [kworker/1:1H]
(root,0,0,00:00:00/96-17:12:36,282) [ttm_swap]
(root,0,0,00:00:00/96-17:12:34,316) [edac-poller]
(systemd-timesync,127288,4060,00:00:23/96-17:12:30,388) /lib/systemd/systemd-timesyncd
(root,29636,2732,00:00:15/96-17:12:29,403) /usr/sbin/cron -f
(root,35800,1932,00:18:12/96-17:12:28,416) /usr/sbin/irqbalance --foreground
(messagebus,45112,3620,00:00:00/96-17:12:28,417) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation
(root,37984,2168,00:00:19/96-17:12:15,447) /lib/systemd/systemd-logind
(root,250240,3640,00:00:07/96-17:12:15,448) /usr/sbin/rsyslogd -n
(clamav,1744080,1426636,00:39:02/96-17:12:14,456) /usr/sbin/clamd --foreground=true
(clamav,297520,33796,00:01:52/96-17:12:12,490) /usr/bin/freshclam -d --foreground=true
(bind,295176,30480,00:00:10/96-17:12:11,518) /usr/sbin/named -f -u bind
(root,14524,1716,00:00:00/96-17:12:11,524) /sbin/agetty --noclear tty1 linux
(root,14300,2064,00:00:00/96-17:12:11,525) /sbin/agetty --keep-baud 115200,38400,9600 hvc0 vt220
(smtpgw,21712,2284,00:00:01/96-17:12:07,528) /usr/sbin/smtp-gated /etc/smtp-gated.conf
(root,20220,2156,00:00:23/96-17:12:02,537) /usr/sbin/xinetd -pidfile /run/xinetd.pid -stayalive -inetd_compat -inetd_ipv6
(root,69960,5416,00:00:00/96-17:11:56,560) /usr/sbin/sshd -D
(root,790484,3112,00:50:27/96-17:11:22,575) /usr/sbin/xe-daemon -p /var/run/xe-daemon.pid
(root,25384,1512,00:00:00/96-17:11:20,578) logger -t xe-daemon
(root,25384,1492,00:00:00/96-17:11:20,580) logger -t xenstore
(root,185096,105312,00:28:30/96-17:11:07,595) /usr/bin/perl -T -w /usr/sbin/spamd -d --pidfile=/var/run/spamd.pid --create-prefs --max-children 5 --helper-home-dir --socketpath=/var/run/spamd.sock
(root,185096,99756,00:00:06/96-17:10:54,596) spamd child
(root,185096,99760,00:00:10/96-17:10:54,597) spamd child
(root,0,0,00:00:09/11:17:56,3465) [kworker/1:1]
(root,19736,3392,00:00:00/00:00,20720) /bin/bash /usr/bin/check_mk_agent
(root,36632,2812,00:00:00/00:00,20739) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000
(root,13208,1012,00:00:00/00:00,20740) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) /
(root,0,0,00:00:11/1-15:25:52,25589) [kworker/0:0]
(root,0,0,00:00:07/2-15:26:22,54018) [kworker/0:1]
(root,0,0,00:00:03/15:24:52,62351) [kworker/1:0]

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP mode DEFAULT group default qlen 1000
    link/ether 4e:f3:e0:93:12:31 brd ff:ff:ff:ff:ff:ff
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP mode DEFAULT group default qlen 1000
    link/ether 9e:6e:d6:0f:9c:57 brd ff:ff:ff:ff:ff:ff
[end_iplink]

Found on 2024-09-11 20:53

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcb3562910c28104c57538621431f6ef336e7c32a63

Found public CheckMk agent:
Version: 1.2.8p15
AgentOS: linux
Hostname: proxy1
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
OnlyFrom: 

Found process list through CheckMk:
(root,56948,6788,00:00:47/96-05:05:00,1) /sbin/init
(root,0,0,00:00:00/96-05:05:00,2) [kthreadd]
(root,0,0,00:00:05/96-05:05:00,3) [ksoftirqd/0]
(root,0,0,00:00:00/96-05:05:00,5) [kworker/0:0H]
(root,0,0,01:24:21/96-05:05:00,7) [rcu_sched]
(root,0,0,00:00:00/96-05:05:00,8) [rcu_bh]
(root,0,0,00:00:34/96-05:05:00,9) [migration/0]
(root,0,0,00:00:00/96-05:05:00,10) [lru-add-drain]
(root,0,0,00:00:54/96-05:05:00,11) [watchdog/0]
(root,0,0,00:00:00/96-05:05:00,12) [cpuhp/0]
(root,0,0,00:00:00/96-05:05:00,13) [cpuhp/1]
(root,0,0,00:00:42/96-05:05:00,14) [watchdog/1]
(root,0,0,00:00:25/96-05:05:00,15) [migration/1]
(root,0,0,00:00:23/96-05:05:00,16) [ksoftirqd/1]
(root,0,0,00:00:00/96-05:05:00,18) [kworker/1:0H]
(root,0,0,00:00:00/96-05:05:00,19) [kdevtmpfs]
(root,0,0,00:00:00/96-05:05:00,20) [netns]
(root,0,0,00:00:00/96-05:05:00,21) [xenwatch]
(root,0,0,00:01:00/96-05:05:00,22) [xenbus]
(root,0,0,00:00:03/96-05:05:00,24) [khungtaskd]
(root,0,0,00:00:00/96-05:05:00,25) [oom_reaper]
(root,0,0,00:00:00/96-05:05:00,26) [writeback]
(root,0,0,00:00:00/96-05:05:00,27) [kcompactd0]
(root,0,0,00:00:00/96-05:05:00,28) [ksmd]
(root,0,0,00:00:00/96-05:05:00,29) [khugepaged]
(root,0,0,00:00:00/96-05:05:00,30) [crypto]
(root,0,0,00:00:00/96-05:05:00,31) [kintegrityd]
(root,0,0,00:00:00/96-05:05:00,32) [bioset]
(root,0,0,00:00:00/96-05:05:00,33) [kblockd]
(root,0,0,00:00:00/96-05:05:00,35) [devfreq_wq]
(root,0,0,00:00:00/96-05:05:00,36) [watchdogd]
(root,0,0,00:00:00/96-05:04:59,37) [kswapd0]
(root,0,0,00:00:00/96-05:04:59,38) [vmstat]
(root,0,0,00:00:00/96-05:04:59,50) [kthrotld]
(root,0,0,00:00:00/96-05:04:59,51) [khvcd]
(root,0,0,00:00:00/96-05:04:59,52) [ipv6_addrconf]
(root,0,0,00:00:00/96-05:04:59,91) [bioset]
(root,0,0,00:00:00/96-05:04:59,93) [bioset]
(root,0,0,00:00:00/96-05:04:59,95) [bioset]
(root,0,0,00:00:00/96-05:04:59,96) [kworker/u128:1]
(root,0,0,00:00:00/96-05:04:59,97) [ata_sff]
(root,0,0,00:00:00/96-05:04:59,98) [bioset]
(root,0,0,00:00:00/96-05:04:59,100) [bioset]
(root,0,0,00:00:00/96-05:04:59,102) [bioset]
(root,0,0,00:00:00/96-05:04:59,103) [bioset]
(root,0,0,00:00:00/96-05:04:59,104) [bioset]
(root,0,0,00:00:00/96-05:04:59,118) [scsi_eh_0]
(root,0,0,00:00:00/96-05:04:59,119) [scsi_tmf_0]
(root,0,0,00:00:00/96-05:04:59,120) [scsi_eh_1]
(root,0,0,00:00:00/96-05:04:59,121) [scsi_tmf_1]
(root,0,0,00:00:24/96-05:04:59,123) [kworker/u128:2]
(root,0,0,00:00:00/96-05:04:59,129) [bioset]
(root,0,0,00:00:00/96-05:04:55,155) [kworker/u129:0]
(root,0,0,00:00:03/96-05:04:54,165) [kworker/0:1H]
(root,0,0,00:00:07/96-05:04:54,167) [jbd2/xvda1-8]
(root,0,0,00:00:00/96-05:04:54,168) [ext4-rsv-conver]
(root,64388,7648,00:01:24/96-05:04:35,196) /lib/systemd/systemd-journald
(root,0,0,00:00:00/96-05:04:35,198) [kauditd]
(root,46732,4952,00:00:15/96-05:04:30,226) /lib/systemd/systemd-udevd
(root,0,0,00:00:05/96-05:04:28,231) [kworker/1:1H]
(root,0,0,00:00:00/96-05:04:15,282) [ttm_swap]
(root,0,0,00:00:00/96-05:04:13,316) [edac-poller]
(systemd-timesync,127288,4060,00:00:23/96-05:04:09,388) /lib/systemd/systemd-timesyncd
(root,29636,2732,00:00:14/96-05:04:08,403) /usr/sbin/cron -f
(root,35800,1932,00:18:07/96-05:04:07,416) /usr/sbin/irqbalance --foreground
(messagebus,45112,3620,00:00:00/96-05:04:07,417) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation
(root,37984,2168,00:00:19/96-05:03:54,447) /lib/systemd/systemd-logind
(root,250240,3640,00:00:07/96-05:03:54,448) /usr/sbin/rsyslogd -n
(clamav,1743740,1426352,00:38:34/96-05:03:53,456) /usr/sbin/clamd --foreground=true
(clamav,297500,33776,00:01:51/96-05:03:51,490) /usr/bin/freshclam -d --foreground=true
(bind,295176,30480,00:00:09/96-05:03:50,518) /usr/sbin/named -f -u bind
(root,14524,1716,00:00:00/96-05:03:50,524) /sbin/agetty --noclear tty1 linux
(root,14300,2064,00:00:00/96-05:03:50,525) /sbin/agetty --keep-baud 115200,38400,9600 hvc0 vt220
(smtpgw,21712,2284,00:00:01/96-05:03:46,528) /usr/sbin/smtp-gated /etc/smtp-gated.conf
(root,20220,2156,00:00:23/96-05:03:41,537) /usr/sbin/xinetd -pidfile /run/xinetd.pid -stayalive -inetd_compat -inetd_ipv6
(root,69960,5416,00:00:00/96-05:03:35,560) /usr/sbin/sshd -D
(root,790484,3112,00:50:11/96-05:03:01,575) /usr/sbin/xe-daemon -p /var/run/xe-daemon.pid
(root,25384,1512,00:00:00/96-05:02:59,578) logger -t xe-daemon
(root,25384,1492,00:00:00/96-05:02:59,580) logger -t xenstore
(root,185096,105312,00:28:22/96-05:02:46,595) /usr/bin/perl -T -w /usr/sbin/spamd -d --pidfile=/var/run/spamd.pid --create-prefs --max-children 5 --helper-home-dir --socketpath=/var/run/spamd.sock
(root,185096,99756,00:00:06/96-05:02:33,596) spamd child
(root,185096,99760,00:00:10/96-05:02:33,597) spamd child
(root,19736,3372,00:00:00/00:00,2108) /bin/bash /usr/bin/check_mk_agent
(root,36632,2860,00:00:00/00:00,2127) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000
(root,13208,1088,00:00:00/00:00,2128) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) /
(root,0,0,00:00:08/1-03:17:31,25589) [kworker/0:0]
(root,0,0,00:00:07/2-03:18:01,54018) [kworker/0:1]
(root,0,0,00:00:00/04:03:00,61167) [kworker/1:2]
(root,0,0,00:00:02/03:16:31,62351) [kworker/1:0]

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP mode DEFAULT group default qlen 1000
    link/ether 4e:f3:e0:93:12:31 brd ff:ff:ff:ff:ff:ff
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP mode DEFAULT group default qlen 1000
    link/ether 9e:6e:d6:0f:9c:57 brd ff:ff:ff:ff:ff:ff
[end_iplink]

Found on 2024-09-11 08:45

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcb3562910c28104c57538621431f6ef33688df7b49

Found public CheckMk agent:
Version: 1.2.8p15
AgentOS: linux
Hostname: proxy1
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
OnlyFrom: 

Found process list through CheckMk:
(root,56940,2936,00:00:57/78-07:50:44,1) /sbin/init
(root,0,0,00:00:00/78-07:50:44,2) [kthreadd]
(root,0,0,00:00:06/78-07:50:44,3) [ksoftirqd/0]
(root,0,0,00:00:00/78-07:50:44,5) [kworker/0:0H]
(root,0,0,01:51:06/78-07:50:44,7) [rcu_sched]
(root,0,0,00:00:00/78-07:50:44,8) [rcu_bh]
(root,0,0,00:00:46/78-07:50:44,9) [migration/0]
(root,0,0,00:00:00/78-07:50:44,10) [lru-add-drain]
(root,0,0,00:01:21/78-07:50:44,11) [watchdog/0]
(root,0,0,00:00:00/78-07:50:44,12) [cpuhp/0]
(root,0,0,00:00:00/78-07:50:44,13) [cpuhp/1]
(root,0,0,00:01:05/78-07:50:44,14) [watchdog/1]
(root,0,0,00:00:33/78-07:50:44,15) [migration/1]
(root,0,0,00:00:50/78-07:50:44,16) [ksoftirqd/1]
(root,0,0,00:00:00/78-07:50:44,18) [kworker/1:0H]
(root,0,0,00:00:00/78-07:50:44,19) [kdevtmpfs]
(root,0,0,00:00:00/78-07:50:44,20) [netns]
(root,0,0,00:00:51/78-07:50:44,21) [xenwatch]
(root,0,0,00:04:11/78-07:50:44,22) [xenbus]
(root,0,0,00:00:04/78-07:50:44,24) [khungtaskd]
(root,0,0,00:00:00/78-07:50:44,25) [oom_reaper]
(root,0,0,00:00:00/78-07:50:44,26) [writeback]
(root,0,0,00:00:00/78-07:50:44,27) [kcompactd0]
(root,0,0,00:00:00/78-07:50:44,28) [ksmd]
(root,0,0,00:00:00/78-07:50:44,29) [khugepaged]
(root,0,0,00:00:00/78-07:50:44,30) [crypto]
(root,0,0,00:00:00/78-07:50:44,31) [kintegrityd]
(root,0,0,00:00:00/78-07:50:44,32) [bioset]
(root,0,0,00:00:00/78-07:50:44,33) [kblockd]
(root,0,0,00:00:00/78-07:50:44,35) [devfreq_wq]
(root,0,0,00:00:00/78-07:50:44,36) [watchdogd]
(root,0,0,00:00:01/78-07:50:43,37) [kswapd0]
(root,0,0,00:00:00/78-07:50:43,38) [vmstat]
(root,0,0,00:00:00/78-07:50:43,50) [kthrotld]
(root,0,0,00:00:00/78-07:50:43,51) [khvcd]
(root,0,0,00:00:00/78-07:50:43,52) [ipv6_addrconf]
(root,0,0,00:00:00/78-07:50:43,87) [bioset]
(root,0,0,00:00:00/78-07:50:43,88) [bioset]
(root,0,0,00:00:00/78-07:50:43,89) [bioset]
(root,0,0,00:00:00/78-07:50:43,90) [bioset]
(root,0,0,00:00:00/78-07:50:43,91) [bioset]
(root,0,0,00:00:00/78-07:50:43,92) [bioset]
(root,0,0,00:00:00/78-07:50:43,93) [bioset]
(root,0,0,00:00:00/78-07:50:43,95) [bioset]
(root,0,0,00:00:00/78-07:50:43,96) [ata_sff]
(root,0,0,00:00:00/78-07:50:43,100) [scsi_eh_0]
(root,0,0,00:00:00/78-07:50:43,101) [scsi_tmf_0]
(root,0,0,00:00:00/78-07:50:43,102) [scsi_eh_1]
(root,0,0,00:00:00/78-07:50:43,103) [scsi_tmf_1]
(root,0,0,00:00:00/78-07:50:43,129) [bioset]
(root,0,0,00:00:00/78-07:50:42,153) [kworker/u129:0]
(root,0,0,00:00:14/78-07:50:42,164) [kworker/1:1H]
(root,0,0,00:00:32/78-07:50:42,166) [jbd2/xvda1-8]
(root,0,0,00:00:00/78-07:50:42,167) [ext4-rsv-conver]
(root,0,0,00:00:07/78-07:50:39,189) [kworker/0:1H]
(root,59340,2232,00:03:48/78-07:50:38,192) /lib/systemd/systemd-journald
(root,0,0,00:00:00/78-07:50:37,200) [kauditd]
(root,46736,980,00:00:16/78-07:50:36,228) /lib/systemd/systemd-udevd
(root,0,0,00:00:00/78-07:50:33,287) [ttm_swap]
(root,0,0,00:00:00/78-07:50:32,344) [edac-poller]
(systemd-timesync,127288,1192,00:00:24/78-07:50:29,400) /lib/systemd/systemd-timesyncd
(root,29636,900,00:00:18/78-07:50:27,457) /usr/sbin/cron -f
(messagebus,45112,1220,00:00:00/78-07:50:27,459) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation
(root,37984,16,00:00:21/78-07:50:25,512) /lib/systemd/systemd-logind
(root,250112,2400,00:00:27/78-07:50:25,514) /usr/sbin/rsyslogd -n
(root,35800,196,00:13:53/78-07:50:25,518) /usr/sbin/irqbalance --foreground
(clamav,1659852,1332592,00:53:24/78-07:50:24,528) /usr/sbin/clamd --foreground=true
(clamav,297248,12136,00:01:56/78-07:50:24,537) /usr/bin/freshclam -d --foreground=true
(bind,287116,14964,00:00:04/78-07:50:24,543) /usr/sbin/named -f -u bind
(root,14300,668,00:00:00/78-07:50:24,552) /sbin/agetty --keep-baud 115200,38400,9600 hvc0 vt220
(root,14524,492,00:00:00/78-07:50:24,553) /sbin/agetty --noclear tty1 linux
(smtpgw,21712,1100,00:00:46/78-07:50:23,556) /usr/sbin/smtp-gated /etc/smtp-gated.conf
(root,20220,928,00:00:18/78-07:50:22,567) /usr/sbin/xinetd -pidfile /run/xinetd.pid -stayalive -inetd_compat -inetd_ipv6
(root,69960,1504,00:00:00/78-07:50:20,588) /usr/sbin/sshd -D
(root,790484,2860,00:59:21/78-07:50:09,603) /usr/sbin/xe-daemon -p /var/run/xe-daemon.pid
(root,25384,196,00:00:00/78-07:50:07,607) logger -t xe-daemon
(root,25384,196,00:00:00/78-07:50:07,608) logger -t xenstore
(root,185188,98948,00:30:38/78-07:50:03,623) /usr/bin/perl -T -w /usr/sbin/spamd -d --pidfile=/var/run/spamd.pid --create-prefs --max-children 5 --helper-home-dir --socketpath=/var/run/spamd.sock
(root,185188,98224,00:00:10/78-07:49:47,626) spamd child
(root,185188,98224,00:00:07/78-07:49:47,627) spamd child
(root,0,0,00:00:10/17:50:39,34375) [kworker/0:1]
(root,0,0,00:00:00/33-04:17:20,36366) [kworker/u128:7]
(root,0,0,00:00:22/33-04:17:20,36368) [kworker/u128:11]
(root,0,0,00:00:25/12:32:56,41563) [kworker/0:0]
(root,0,0,00:00:01/06:33:40,49498) [kworker/1:2]
(root,0,0,00:00:01/02:43:56,54584) [kworker/1:0]
(root,19736,3264,00:00:00/00:00,58294) /bin/bash /usr/bin/check_mk_agent
(root,36632,2732,00:00:00/00:00,58313) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000
(root,13208,1040,00:00:00/00:00,58314) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) /

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP mode DEFAULT group default qlen 1000
    link/ether 4e:f3:e0:93:12:31 brd ff:ff:ff:ff:ff:ff
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP mode DEFAULT group default qlen 1000
    link/ether 9e:6e:d6:0f:9c:57 brd ff:ff:ff:ff:ff:ff
[end_iplink]

Found on 2023-05-22 17:05

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcb3562910c28104c57538621431f6ef336e0092995

Found public CheckMk agent:
Version: 1.2.8p15
AgentOS: linux
Hostname: proxy1
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
OnlyFrom: 

Found process list through CheckMk:
(root,56940,2936,00:00:44/60-17:46:16,1) /sbin/init
(root,0,0,00:00:00/60-17:46:16,2) [kthreadd]
(root,0,0,00:00:04/60-17:46:16,3) [ksoftirqd/0]
(root,0,0,00:00:00/60-17:46:16,5) [kworker/0:0H]
(root,0,0,01:23:29/60-17:46:16,7) [rcu_sched]
(root,0,0,00:00:00/60-17:46:16,8) [rcu_bh]
(root,0,0,00:00:35/60-17:46:16,9) [migration/0]
(root,0,0,00:00:00/60-17:46:16,10) [lru-add-drain]
(root,0,0,00:01:01/60-17:46:16,11) [watchdog/0]
(root,0,0,00:00:00/60-17:46:16,12) [cpuhp/0]
(root,0,0,00:00:00/60-17:46:16,13) [cpuhp/1]
(root,0,0,00:00:49/60-17:46:16,14) [watchdog/1]
(root,0,0,00:00:25/60-17:46:16,15) [migration/1]
(root,0,0,00:00:39/60-17:46:16,16) [ksoftirqd/1]
(root,0,0,00:00:00/60-17:46:16,18) [kworker/1:0H]
(root,0,0,00:00:00/60-17:46:16,19) [kdevtmpfs]
(root,0,0,00:00:00/60-17:46:16,20) [netns]
(root,0,0,00:00:38/60-17:46:16,21) [xenwatch]
(root,0,0,00:03:10/60-17:46:16,22) [xenbus]
(root,0,0,00:00:03/60-17:46:16,24) [khungtaskd]
(root,0,0,00:00:00/60-17:46:16,25) [oom_reaper]
(root,0,0,00:00:00/60-17:46:16,26) [writeback]
(root,0,0,00:00:00/60-17:46:16,27) [kcompactd0]
(root,0,0,00:00:00/60-17:46:16,28) [ksmd]
(root,0,0,00:00:00/60-17:46:16,29) [khugepaged]
(root,0,0,00:00:00/60-17:46:16,30) [crypto]
(root,0,0,00:00:00/60-17:46:16,31) [kintegrityd]
(root,0,0,00:00:00/60-17:46:16,32) [bioset]
(root,0,0,00:00:00/60-17:46:16,33) [kblockd]
(root,0,0,00:00:00/60-17:46:16,35) [devfreq_wq]
(root,0,0,00:00:00/60-17:46:16,36) [watchdogd]
(root,0,0,00:00:01/60-17:46:15,37) [kswapd0]
(root,0,0,00:00:00/60-17:46:15,38) [vmstat]
(root,0,0,00:00:00/60-17:46:15,50) [kthrotld]
(root,0,0,00:00:00/60-17:46:15,51) [khvcd]
(root,0,0,00:00:00/60-17:46:15,52) [ipv6_addrconf]
(root,0,0,00:00:00/60-17:46:15,87) [bioset]
(root,0,0,00:00:00/60-17:46:15,88) [bioset]
(root,0,0,00:00:00/60-17:46:15,89) [bioset]
(root,0,0,00:00:00/60-17:46:15,90) [bioset]
(root,0,0,00:00:00/60-17:46:15,91) [bioset]
(root,0,0,00:00:00/60-17:46:15,92) [bioset]
(root,0,0,00:00:00/60-17:46:15,93) [bioset]
(root,0,0,00:00:00/60-17:46:15,95) [bioset]
(root,0,0,00:00:00/60-17:46:15,96) [ata_sff]
(root,0,0,00:00:00/60-17:46:15,100) [scsi_eh_0]
(root,0,0,00:00:00/60-17:46:15,101) [scsi_tmf_0]
(root,0,0,00:00:00/60-17:46:15,102) [scsi_eh_1]
(root,0,0,00:00:00/60-17:46:15,103) [scsi_tmf_1]
(root,0,0,00:00:00/60-17:46:15,129) [bioset]
(root,0,0,00:00:00/60-17:46:14,153) [kworker/u129:0]
(root,0,0,00:00:10/60-17:46:14,164) [kworker/1:1H]
(root,0,0,00:00:24/60-17:46:14,166) [jbd2/xvda1-8]
(root,0,0,00:00:00/60-17:46:14,167) [ext4-rsv-conver]
(root,0,0,00:00:05/60-17:46:11,189) [kworker/0:1H]
(root,64388,6684,00:02:56/60-17:46:10,192) /lib/systemd/systemd-journald
(root,0,0,00:00:00/60-17:46:09,200) [kauditd]
(root,46736,980,00:00:13/60-17:46:08,228) /lib/systemd/systemd-udevd
(root,0,0,00:00:00/60-17:46:05,287) [ttm_swap]
(root,0,0,00:00:00/60-17:46:04,344) [edac-poller]
(systemd-timesync,127288,1192,00:00:18/60-17:46:01,400) /lib/systemd/systemd-timesyncd
(root,29636,900,00:00:13/60-17:45:59,457) /usr/sbin/cron -f
(messagebus,45112,1220,00:00:00/60-17:45:59,459) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation
(root,37984,16,00:00:16/60-17:45:57,512) /lib/systemd/systemd-logind
(root,250112,2400,00:00:21/60-17:45:57,514) /usr/sbin/rsyslogd -n
(root,35800,196,00:10:25/60-17:45:57,518) /usr/sbin/irqbalance --foreground
(clamav,1658232,1330736,00:39:32/60-17:45:56,528) /usr/sbin/clamd --foreground=true
(clamav,296876,11744,00:01:29/60-17:45:56,537) /usr/bin/freshclam -d --foreground=true
(bind,287116,14964,00:00:03/60-17:45:56,543) /usr/sbin/named -f -u bind
(root,14300,668,00:00:00/60-17:45:56,552) /sbin/agetty --keep-baud 115200,38400,9600 hvc0 vt220
(root,14524,492,00:00:00/60-17:45:56,553) /sbin/agetty --noclear tty1 linux
(smtpgw,21712,1100,00:00:35/60-17:45:55,556) /usr/sbin/smtp-gated /etc/smtp-gated.conf
(root,20220,928,00:00:14/60-17:45:54,567) /usr/sbin/xinetd -pidfile /run/xinetd.pid -stayalive -inetd_compat -inetd_ipv6
(root,69960,1504,00:00:00/60-17:45:52,588) /usr/sbin/sshd -D
(root,790484,2856,00:45:22/60-17:45:41,603) /usr/sbin/xe-daemon -p /var/run/xe-daemon.pid
(root,25384,196,00:00:00/60-17:45:39,607) logger -t xe-daemon
(root,25384,196,00:00:00/60-17:45:39,608) logger -t xenstore
(root,185188,98948,00:23:32/60-17:45:35,623) /usr/bin/perl -T -w /usr/sbin/spamd -d --pidfile=/var/run/spamd.pid --create-prefs --max-children 5 --helper-home-dir --socketpath=/var/run/spamd.sock
(root,185188,98224,00:00:08/60-17:45:19,626) spamd child
(root,185188,98224,00:00:05/60-17:45:19,627) spamd child
(root,0,0,00:00:13/06:31:28,6045) [kworker/0:1]
(root,19736,3444,00:00:00/00:00,14794) /bin/bash /usr/bin/check_mk_agent
(root,36632,2748,00:00:00/00:00,14813) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000
(root,13208,1036,00:00:00/00:00,14814) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) /
(root,0,0,00:00:00/1-16:42:13,25489) [kworker/1:2]
(root,0,0,00:00:16/1-14:40:28,28235) [kworker/1:0]
(root,0,0,00:00:00/15-14:12:52,36366) [kworker/u128:7]
(root,0,0,00:00:10/15-14:12:52,36368) [kworker/u128:11]
(root,0,0,00:00:12/13:04:28,62530) [kworker/0:0]

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP mode DEFAULT group default qlen 1000
    link/ether 4e:f3:e0:93:12:31 brd ff:ff:ff:ff:ff:ff
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP mode DEFAULT group default qlen 1000
    link/ether 9e:6e:d6:0f:9c:57 brd ff:ff:ff:ff:ff:ff
[end_iplink]

Found on 2023-05-05 03:01

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcb3562910c28104c57538621431f6ef3360bcbeea6

Found public CheckMk agent:
Version: 1.2.8p15
AgentOS: linux
Hostname: proxy1
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
OnlyFrom: 

Found process list through CheckMk:
(root,56940,2936,00:00:42/58-04:30:33,1) /sbin/init
(root,0,0,00:00:00/58-04:30:33,2) [kthreadd]
(root,0,0,00:00:04/58-04:30:33,3) [ksoftirqd/0]
(root,0,0,00:00:00/58-04:30:33,5) [kworker/0:0H]
(root,0,0,01:19:08/58-04:30:33,7) [rcu_sched]
(root,0,0,00:00:00/58-04:30:33,8) [rcu_bh]
(root,0,0,00:00:33/58-04:30:33,9) [migration/0]
(root,0,0,00:00:00/58-04:30:33,10) [lru-add-drain]
(root,0,0,00:00:58/58-04:30:33,11) [watchdog/0]
(root,0,0,00:00:00/58-04:30:33,12) [cpuhp/0]
(root,0,0,00:00:00/58-04:30:33,13) [cpuhp/1]
(root,0,0,00:00:47/58-04:30:33,14) [watchdog/1]
(root,0,0,00:00:24/58-04:30:33,15) [migration/1]
(root,0,0,00:00:37/58-04:30:33,16) [ksoftirqd/1]
(root,0,0,00:00:00/58-04:30:33,18) [kworker/1:0H]
(root,0,0,00:00:00/58-04:30:33,19) [kdevtmpfs]
(root,0,0,00:00:00/58-04:30:33,20) [netns]
(root,0,0,00:00:36/58-04:30:33,21) [xenwatch]
(root,0,0,00:03:01/58-04:30:33,22) [xenbus]
(root,0,0,00:00:03/58-04:30:33,24) [khungtaskd]
(root,0,0,00:00:00/58-04:30:33,25) [oom_reaper]
(root,0,0,00:00:00/58-04:30:33,26) [writeback]
(root,0,0,00:00:00/58-04:30:33,27) [kcompactd0]
(root,0,0,00:00:00/58-04:30:33,28) [ksmd]
(root,0,0,00:00:00/58-04:30:33,29) [khugepaged]
(root,0,0,00:00:00/58-04:30:33,30) [crypto]
(root,0,0,00:00:00/58-04:30:33,31) [kintegrityd]
(root,0,0,00:00:00/58-04:30:33,32) [bioset]
(root,0,0,00:00:00/58-04:30:33,33) [kblockd]
(root,0,0,00:00:00/58-04:30:33,35) [devfreq_wq]
(root,0,0,00:00:00/58-04:30:33,36) [watchdogd]
(root,0,0,00:00:01/58-04:30:32,37) [kswapd0]
(root,0,0,00:00:00/58-04:30:32,38) [vmstat]
(root,0,0,00:00:00/58-04:30:32,50) [kthrotld]
(root,0,0,00:00:00/58-04:30:32,51) [khvcd]
(root,0,0,00:00:00/58-04:30:32,52) [ipv6_addrconf]
(root,0,0,00:00:00/58-04:30:32,87) [bioset]
(root,0,0,00:00:00/58-04:30:32,88) [bioset]
(root,0,0,00:00:00/58-04:30:32,89) [bioset]
(root,0,0,00:00:00/58-04:30:32,90) [bioset]
(root,0,0,00:00:00/58-04:30:32,91) [bioset]
(root,0,0,00:00:00/58-04:30:32,92) [bioset]
(root,0,0,00:00:00/58-04:30:32,93) [bioset]
(root,0,0,00:00:00/58-04:30:32,95) [bioset]
(root,0,0,00:00:00/58-04:30:32,96) [ata_sff]
(root,0,0,00:00:00/58-04:30:32,100) [scsi_eh_0]
(root,0,0,00:00:00/58-04:30:32,101) [scsi_tmf_0]
(root,0,0,00:00:00/58-04:30:32,102) [scsi_eh_1]
(root,0,0,00:00:00/58-04:30:32,103) [scsi_tmf_1]
(root,0,0,00:00:00/58-04:30:32,129) [bioset]
(root,0,0,00:00:00/58-04:30:31,153) [kworker/u129:0]
(root,0,0,00:00:10/58-04:30:31,164) [kworker/1:1H]
(root,0,0,00:00:23/58-04:30:31,166) [jbd2/xvda1-8]
(root,0,0,00:00:00/58-04:30:31,167) [ext4-rsv-conver]
(root,0,0,00:00:05/58-04:30:28,189) [kworker/0:1H]
(root,64388,5280,00:02:48/58-04:30:27,192) /lib/systemd/systemd-journald
(root,0,0,00:00:00/58-04:30:26,200) [kauditd]
(root,46736,980,00:00:12/58-04:30:25,228) /lib/systemd/systemd-udevd
(root,0,0,00:00:00/58-04:30:22,287) [ttm_swap]
(root,0,0,00:00:00/58-04:30:21,344) [edac-poller]
(systemd-timesync,127288,1192,00:00:17/58-04:30:18,400) /lib/systemd/systemd-timesyncd
(root,29636,900,00:00:13/58-04:30:16,457) /usr/sbin/cron -f
(messagebus,45112,1220,00:00:00/58-04:30:16,459) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation
(root,37984,16,00:00:15/58-04:30:14,512) /lib/systemd/systemd-logind
(root,250112,2400,00:00:20/58-04:30:14,514) /usr/sbin/rsyslogd -n
(root,35800,196,00:09:54/58-04:30:14,518) /usr/sbin/irqbalance --foreground
(clamav,1658140,1330660,00:38:04/58-04:30:13,528) /usr/sbin/clamd --foreground=true
(clamav,296840,11708,00:01:26/58-04:30:13,537) /usr/bin/freshclam -d --foreground=true
(bind,287116,14964,00:00:03/58-04:30:13,543) /usr/sbin/named -f -u bind
(root,14300,668,00:00:00/58-04:30:13,552) /sbin/agetty --keep-baud 115200,38400,9600 hvc0 vt220
(root,14524,492,00:00:00/58-04:30:13,553) /sbin/agetty --noclear tty1 linux
(smtpgw,21712,1100,00:00:34/58-04:30:12,556) /usr/sbin/smtp-gated /etc/smtp-gated.conf
(root,20220,928,00:00:13/58-04:30:11,567) /usr/sbin/xinetd -pidfile /run/xinetd.pid -stayalive -inetd_compat -inetd_ipv6
(root,69960,1504,00:00:00/58-04:30:09,588) /usr/sbin/sshd -D
(root,790484,2856,00:43:20/58-04:29:58,603) /usr/sbin/xe-daemon -p /var/run/xe-daemon.pid
(root,25384,196,00:00:00/58-04:29:56,607) logger -t xe-daemon
(root,25384,196,00:00:00/58-04:29:56,608) logger -t xenstore
(root,185188,98948,00:22:30/58-04:29:52,623) /usr/bin/perl -T -w /usr/sbin/spamd -d --pidfile=/var/run/spamd.pid --create-prefs --max-children 5 --helper-home-dir --socketpath=/var/run/spamd.sock
(root,185188,98224,00:00:07/58-04:29:36,626) spamd child
(root,185188,98224,00:00:05/58-04:29:36,627) spamd child
(root,0,0,00:00:31/1-19:06:45,5463) [kworker/0:1]
(root,0,0,00:00:56/1-03:28:29,26361) [kworker/0:2]
(root,0,0,00:00:00/13-00:57:09,36366) [kworker/u128:7]
(root,0,0,00:00:08/13-00:57:09,36368) [kworker/u128:11]
(root,0,0,00:00:02/08:44:45,51596) [kworker/1:1]
(root,0,0,00:00:01/03:27:29,58619) [kworker/1:2]
(root,19736,3264,00:00:00/00:00,63257) /bin/bash /usr/bin/check_mk_agent
(root,36632,2760,00:00:00/00:00,63276) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000
(root,13208,1048,00:00:00/00:00,63277) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) /

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP mode DEFAULT group default qlen 1000
    link/ether 4e:f3:e0:93:12:31 brd ff:ff:ff:ff:ff:ff
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP mode DEFAULT group default qlen 1000
    link/ether 9e:6e:d6:0f:9c:57 brd ff:ff:ff:ff:ff:ff
[end_iplink]

Found on 2023-05-02 13:45

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcb3562910c28104c57538621431f6ef3360d5cb468

Found public CheckMk agent:
Version: 1.2.8p15
AgentOS: linux
Hostname: proxy1
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
OnlyFrom: 

Found process list through CheckMk:
(root,56940,3584,00:00:27/38-18:57:37,1) /sbin/init
(root,0,0,00:00:00/38-18:57:37,2) [kthreadd]
(root,0,0,00:00:02/38-18:57:37,3) [ksoftirqd/0]
(root,0,0,00:00:00/38-18:57:37,5) [kworker/0:0H]
(root,0,0,00:48:29/38-18:57:37,7) [rcu_sched]
(root,0,0,00:00:00/38-18:57:37,8) [rcu_bh]
(root,0,0,00:00:22/38-18:57:37,9) [migration/0]
(root,0,0,00:00:00/38-18:57:37,10) [lru-add-drain]
(root,0,0,00:00:37/38-18:57:37,11) [watchdog/0]
(root,0,0,00:00:00/38-18:57:37,12) [cpuhp/0]
(root,0,0,00:00:00/38-18:57:37,13) [cpuhp/1]
(root,0,0,00:00:31/38-18:57:37,14) [watchdog/1]
(root,0,0,00:00:15/38-18:57:37,15) [migration/1]
(root,0,0,00:00:19/38-18:57:37,16) [ksoftirqd/1]
(root,0,0,00:00:00/38-18:57:37,18) [kworker/1:0H]
(root,0,0,00:00:00/38-18:57:37,19) [kdevtmpfs]
(root,0,0,00:00:00/38-18:57:37,20) [netns]
(root,0,0,00:00:23/38-18:57:37,21) [xenwatch]
(root,0,0,00:01:56/38-18:57:37,22) [xenbus]
(root,0,0,00:00:02/38-18:57:37,24) [khungtaskd]
(root,0,0,00:00:00/38-18:57:37,25) [oom_reaper]
(root,0,0,00:00:00/38-18:57:37,26) [writeback]
(root,0,0,00:00:00/38-18:57:37,27) [kcompactd0]
(root,0,0,00:00:00/38-18:57:37,28) [ksmd]
(root,0,0,00:00:00/38-18:57:37,29) [khugepaged]
(root,0,0,00:00:00/38-18:57:37,30) [crypto]
(root,0,0,00:00:00/38-18:57:37,31) [kintegrityd]
(root,0,0,00:00:00/38-18:57:37,32) [bioset]
(root,0,0,00:00:00/38-18:57:37,33) [kblockd]
(root,0,0,00:00:00/38-18:57:37,35) [devfreq_wq]
(root,0,0,00:00:00/38-18:57:37,36) [watchdogd]
(root,0,0,00:00:00/38-18:57:36,37) [kswapd0]
(root,0,0,00:00:00/38-18:57:36,38) [vmstat]
(root,0,0,00:00:00/38-18:57:36,50) [kthrotld]
(root,0,0,00:00:00/38-18:57:36,51) [khvcd]
(root,0,0,00:00:00/38-18:57:36,52) [ipv6_addrconf]
(root,0,0,00:00:00/38-18:57:36,87) [bioset]
(root,0,0,00:00:00/38-18:57:36,88) [bioset]
(root,0,0,00:00:00/38-18:57:36,89) [bioset]
(root,0,0,00:00:00/38-18:57:36,90) [bioset]
(root,0,0,00:00:00/38-18:57:36,91) [bioset]
(root,0,0,00:00:00/38-18:57:36,92) [bioset]
(root,0,0,00:00:00/38-18:57:36,93) [bioset]
(root,0,0,00:00:00/38-18:57:36,95) [bioset]
(root,0,0,00:00:00/38-18:57:36,96) [ata_sff]
(root,0,0,00:00:00/38-18:57:36,100) [scsi_eh_0]
(root,0,0,00:00:00/38-18:57:36,101) [scsi_tmf_0]
(root,0,0,00:00:00/38-18:57:36,102) [scsi_eh_1]
(root,0,0,00:00:00/38-18:57:36,103) [scsi_tmf_1]
(root,0,0,00:00:00/38-18:57:36,129) [bioset]
(root,0,0,00:00:00/38-18:57:35,153) [kworker/u129:0]
(root,0,0,00:00:07/38-18:57:35,164) [kworker/1:1H]
(root,0,0,00:00:15/38-18:57:35,166) [jbd2/xvda1-8]
(root,0,0,00:00:00/38-18:57:35,167) [ext4-rsv-conver]
(root,0,0,00:00:03/38-18:57:32,189) [kworker/0:1H]
(root,64388,7188,00:01:51/38-18:57:31,192) /lib/systemd/systemd-journald
(root,0,0,00:00:00/38-18:57:30,200) [kauditd]
(root,46736,2892,00:00:08/38-18:57:29,228) /lib/systemd/systemd-udevd
(root,0,0,00:00:00/38-18:57:26,287) [ttm_swap]
(root,0,0,00:00:00/38-18:57:25,344) [edac-poller]
(systemd-timesync,127288,1732,00:00:11/38-18:57:22,400) /lib/systemd/systemd-timesyncd
(root,29636,1136,00:00:08/38-18:57:20,457) /usr/sbin/cron -f
(messagebus,45112,1564,00:00:00/38-18:57:20,459) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation
(root,37984,388,00:00:10/38-18:57:18,512) /lib/systemd/systemd-logind
(root,250112,2264,00:00:13/38-18:57:18,514) /usr/sbin/rsyslogd -n
(root,35800,240,00:06:18/38-18:57:18,518) /usr/sbin/irqbalance --foreground
(clamav,1655176,1327456,00:24:07/38-18:57:17,528) /usr/sbin/clamd --foreground=true
(clamav,296604,11556,00:00:58/38-18:57:17,537) /usr/bin/freshclam -d --foreground=true
(bind,287116,15044,00:00:02/38-18:57:17,543) /usr/sbin/named -f -u bind
(root,14300,716,00:00:00/38-18:57:17,552) /sbin/agetty --keep-baud 115200,38400,9600 hvc0 vt220
(root,14524,540,00:00:00/38-18:57:17,553) /sbin/agetty --noclear tty1 linux
(smtpgw,21712,1160,00:00:22/38-18:57:16,556) /usr/sbin/smtp-gated /etc/smtp-gated.conf
(root,20220,976,00:00:09/38-18:57:15,567) /usr/sbin/xinetd -pidfile /run/xinetd.pid -stayalive -inetd_compat -inetd_ipv6
(root,69960,1564,00:00:00/38-18:57:13,588) /usr/sbin/sshd -D
(root,790484,2872,00:28:11/38-18:57:02,603) /usr/sbin/xe-daemon -p /var/run/xe-daemon.pid
(root,25384,196,00:00:00/38-18:57:00,607) logger -t xe-daemon
(root,25384,196,00:00:00/38-18:57:00,608) logger -t xenstore
(root,185188,99008,00:14:50/38-18:56:56,623) /usr/bin/perl -T -w /usr/sbin/spamd -d --pidfile=/var/run/spamd.pid --create-prefs --max-children 5 --helper-home-dir --socketpath=/var/run/spamd.sock
(root,185188,98284,00:00:05/38-18:56:40,626) spamd child
(root,185188,98284,00:00:03/38-18:56:40,627) spamd child
(root,0,0,00:00:31/18:09:14,3360) [kworker/0:1]
(root,0,0,00:00:03/09:19:49,15061) [kworker/1:1]
(root,19736,3420,00:00:00/00:00,27580) /bin/bash /usr/bin/check_mk_agent
(root,36632,2732,00:00:00/00:00,27599) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000
(root,13208,976,00:00:00/00:00,27600) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) /
(root,0,0,00:00:00/33-13:56:59,37223) [kworker/u128:8]
(root,0,0,00:00:25/33-13:56:59,37225) [kworker/u128:10]
(root,0,0,00:00:10/1-00:11:49,60415) [kworker/0:2]
(root,0,0,00:00:05/22:41:49,62513) [kworker/1:0]

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP mode DEFAULT group default qlen 1000
    link/ether 4e:f3:e0:93:12:31 brd ff:ff:ff:ff:ff:ff
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP mode DEFAULT group default qlen 1000
    link/ether 9e:6e:d6:0f:9c:57 brd ff:ff:ff:ff:ff:ff
[end_iplink]

Found on 2023-04-13 04:12

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcb3562910c28104c57538621431f6ef336f19628d5

Found public CheckMk agent:
Version: 1.2.8p15
AgentOS: linux
Hostname: proxy1
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
OnlyFrom: 

Found process list through CheckMk:
(root,56940,3584,00:00:26/36-15:22:30,1) /sbin/init
(root,0,0,00:00:00/36-15:22:30,2) [kthreadd]
(root,0,0,00:00:02/36-15:22:30,3) [ksoftirqd/0]
(root,0,0,00:00:00/36-15:22:30,5) [kworker/0:0H]
(root,0,0,00:45:25/36-15:22:30,7) [rcu_sched]
(root,0,0,00:00:00/36-15:22:30,8) [rcu_bh]
(root,0,0,00:00:20/36-15:22:30,9) [migration/0]
(root,0,0,00:00:00/36-15:22:30,10) [lru-add-drain]
(root,0,0,00:00:35/36-15:22:30,11) [watchdog/0]
(root,0,0,00:00:00/36-15:22:30,12) [cpuhp/0]
(root,0,0,00:00:00/36-15:22:30,13) [cpuhp/1]
(root,0,0,00:00:29/36-15:22:30,14) [watchdog/1]
(root,0,0,00:00:14/36-15:22:30,15) [migration/1]
(root,0,0,00:00:18/36-15:22:30,16) [ksoftirqd/1]
(root,0,0,00:00:00/36-15:22:30,18) [kworker/1:0H]
(root,0,0,00:00:00/36-15:22:30,19) [kdevtmpfs]
(root,0,0,00:00:00/36-15:22:30,20) [netns]
(root,0,0,00:00:21/36-15:22:30,21) [xenwatch]
(root,0,0,00:01:49/36-15:22:30,22) [xenbus]
(root,0,0,00:00:01/36-15:22:30,24) [khungtaskd]
(root,0,0,00:00:00/36-15:22:30,25) [oom_reaper]
(root,0,0,00:00:00/36-15:22:30,26) [writeback]
(root,0,0,00:00:00/36-15:22:30,27) [kcompactd0]
(root,0,0,00:00:00/36-15:22:30,28) [ksmd]
(root,0,0,00:00:00/36-15:22:30,29) [khugepaged]
(root,0,0,00:00:00/36-15:22:30,30) [crypto]
(root,0,0,00:00:00/36-15:22:30,31) [kintegrityd]
(root,0,0,00:00:00/36-15:22:30,32) [bioset]
(root,0,0,00:00:00/36-15:22:30,33) [kblockd]
(root,0,0,00:00:00/36-15:22:30,35) [devfreq_wq]
(root,0,0,00:00:00/36-15:22:30,36) [watchdogd]
(root,0,0,00:00:00/36-15:22:29,37) [kswapd0]
(root,0,0,00:00:00/36-15:22:29,38) [vmstat]
(root,0,0,00:00:00/36-15:22:29,50) [kthrotld]
(root,0,0,00:00:00/36-15:22:29,51) [khvcd]
(root,0,0,00:00:00/36-15:22:29,52) [ipv6_addrconf]
(root,0,0,00:00:00/36-15:22:29,87) [bioset]
(root,0,0,00:00:00/36-15:22:29,88) [bioset]
(root,0,0,00:00:00/36-15:22:29,89) [bioset]
(root,0,0,00:00:00/36-15:22:29,90) [bioset]
(root,0,0,00:00:00/36-15:22:29,91) [bioset]
(root,0,0,00:00:00/36-15:22:29,92) [bioset]
(root,0,0,00:00:00/36-15:22:29,93) [bioset]
(root,0,0,00:00:00/36-15:22:29,95) [bioset]
(root,0,0,00:00:00/36-15:22:29,96) [ata_sff]
(root,0,0,00:00:00/36-15:22:29,100) [scsi_eh_0]
(root,0,0,00:00:00/36-15:22:29,101) [scsi_tmf_0]
(root,0,0,00:00:00/36-15:22:29,102) [scsi_eh_1]
(root,0,0,00:00:00/36-15:22:29,103) [scsi_tmf_1]
(root,0,0,00:00:00/36-15:22:29,129) [bioset]
(root,0,0,00:00:00/36-15:22:28,153) [kworker/u129:0]
(root,0,0,00:00:06/36-15:22:28,164) [kworker/1:1H]
(root,0,0,00:00:15/36-15:22:28,166) [jbd2/xvda1-8]
(root,0,0,00:00:00/36-15:22:28,167) [ext4-rsv-conver]
(root,0,0,00:00:03/36-15:22:25,189) [kworker/0:1H]
(root,64388,6288,00:01:45/36-15:22:24,192) /lib/systemd/systemd-journald
(root,0,0,00:00:00/36-15:22:23,200) [kauditd]
(root,46736,2892,00:00:08/36-15:22:22,228) /lib/systemd/systemd-udevd
(root,0,0,00:00:00/36-15:22:19,287) [ttm_swap]
(root,0,0,00:00:00/36-15:22:18,344) [edac-poller]
(systemd-timesync,127288,1732,00:00:11/36-15:22:15,400) /lib/systemd/systemd-timesyncd
(root,29636,1136,00:00:08/36-15:22:13,457) /usr/sbin/cron -f
(messagebus,45112,1564,00:00:00/36-15:22:13,459) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation
(root,37984,388,00:00:09/36-15:22:11,512) /lib/systemd/systemd-logind
(root,250112,2264,00:00:12/36-15:22:11,514) /usr/sbin/rsyslogd -n
(root,35800,240,00:05:57/36-15:22:11,518) /usr/sbin/irqbalance --foreground
(clamav,1654764,1327108,00:23:00/36-15:22:10,528) /usr/sbin/clamd --foreground=true
(clamav,296604,11556,00:00:55/36-15:22:10,537) /usr/bin/freshclam -d --foreground=true
(bind,287116,15044,00:00:02/36-15:22:10,543) /usr/sbin/named -f -u bind
(root,14300,716,00:00:00/36-15:22:10,552) /sbin/agetty --keep-baud 115200,38400,9600 hvc0 vt220
(root,14524,540,00:00:00/36-15:22:10,553) /sbin/agetty --noclear tty1 linux
(smtpgw,21712,1160,00:00:21/36-15:22:09,556) /usr/sbin/smtp-gated /etc/smtp-gated.conf
(root,20220,976,00:00:08/36-15:22:08,567) /usr/sbin/xinetd -pidfile /run/xinetd.pid -stayalive -inetd_compat -inetd_ipv6
(root,69960,1564,00:00:00/36-15:22:06,588) /usr/sbin/sshd -D
(root,790484,2868,00:26:35/36-15:21:55,603) /usr/sbin/xe-daemon -p /var/run/xe-daemon.pid
(root,25384,196,00:00:00/36-15:21:53,607) logger -t xe-daemon
(root,25384,196,00:00:00/36-15:21:53,608) logger -t xenstore
(root,185188,99008,00:14:01/36-15:21:49,623) /usr/bin/perl -T -w /usr/sbin/spamd -d --pidfile=/var/run/spamd.pid --create-prefs --max-children 5 --helper-home-dir --socketpath=/var/run/spamd.sock
(root,185188,98284,00:00:04/36-15:21:33,626) spamd child
(root,185188,98284,00:00:03/36-15:21:33,627) spamd child
(root,0,0,00:00:03/16:40:42,1504) [kworker/0:2]
(root,0,0,00:00:24/14:35:30,4267) [kworker/0:1]
(root,0,0,00:00:03/08:26:42,12429) [kworker/1:2]
(root,19736,3420,00:00:00/00:00,23741) /bin/bash /usr/bin/check_mk_agent
(root,36632,2740,00:00:00/00:00,23760) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000
(root,13208,1008,00:00:00/00:00,23761) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) /
(root,0,0,00:00:00/31-10:21:52,37223) [kworker/u128:8]
(root,0,0,00:00:23/31-10:21:52,37225) [kworker/u128:10]
(root,0,0,00:00:11/1-14:36:30,37368) [kworker/1:1]

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP mode DEFAULT group default qlen 1000
    link/ether 4e:f3:e0:93:12:31 brd ff:ff:ff:ff:ff:ff
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP mode DEFAULT group default qlen 1000
    link/ether 9e:6e:d6:0f:9c:57 brd ff:ff:ff:ff:ff:ff
[end_iplink]

Found on 2023-04-11 00:37

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcb3562910c28104c57538621431f6ef336e14c87ec

Found public CheckMk agent:
Version: 1.2.8p15
AgentOS: linux
Hostname: proxy1
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
OnlyFrom: 

Found process list through CheckMk:
(root,57012,6692,00:01:00/72-08:19:26,1) /sbin/init
(root,0,0,00:00:00/72-08:19:26,2) [kthreadd]
(root,0,0,00:00:06/72-08:19:26,3) [ksoftirqd/0]
(root,0,0,00:00:00/72-08:19:26,5) [kworker/0:0H]
(root,0,0,01:47:15/72-08:19:26,7) [rcu_sched]
(root,0,0,00:00:00/72-08:19:26,8) [rcu_bh]
(root,0,0,00:00:40/72-08:19:26,9) [migration/0]
(root,0,0,00:00:00/72-08:19:26,10) [lru-add-drain]
(root,0,0,00:01:10/72-08:19:26,11) [watchdog/0]
(root,0,0,00:00:00/72-08:19:26,12) [cpuhp/0]
(root,0,0,00:00:00/72-08:19:26,13) [cpuhp/1]
(root,0,0,00:01:04/72-08:19:26,14) [watchdog/1]
(root,0,0,00:00:31/72-08:19:26,15) [migration/1]
(root,0,0,00:01:23/72-08:19:26,16) [ksoftirqd/1]
(root,0,0,00:00:00/72-08:19:26,18) [kworker/1:0H]
(root,0,0,00:00:00/72-08:19:26,19) [kdevtmpfs]
(root,0,0,00:00:00/72-08:19:26,20) [netns]
(root,0,0,00:00:42/72-08:19:26,21) [xenwatch]
(root,0,0,00:03:38/72-08:19:26,22) [xenbus]
(root,0,0,00:00:04/72-08:19:26,24) [khungtaskd]
(root,0,0,00:00:00/72-08:19:26,25) [oom_reaper]
(root,0,0,00:00:00/72-08:19:26,26) [writeback]
(root,0,0,00:00:00/72-08:19:26,27) [kcompactd0]
(root,0,0,00:00:00/72-08:19:26,28) [ksmd]
(root,0,0,00:00:00/72-08:19:26,29) [khugepaged]
(root,0,0,00:00:00/72-08:19:26,30) [crypto]
(root,0,0,00:00:00/72-08:19:26,31) [kintegrityd]
(root,0,0,00:00:00/72-08:19:26,32) [bioset]
(root,0,0,00:00:00/72-08:19:26,33) [kblockd]
(root,0,0,00:00:00/72-08:19:26,35) [devfreq_wq]
(root,0,0,00:00:00/72-08:19:26,36) [watchdogd]
(root,0,0,00:00:00/72-08:19:25,37) [kswapd0]
(root,0,0,00:00:00/72-08:19:25,38) [vmstat]
(root,0,0,00:00:00/72-08:19:25,50) [kthrotld]
(root,0,0,00:00:00/72-08:19:25,51) [khvcd]
(root,0,0,00:00:00/72-08:19:25,52) [ipv6_addrconf]
(root,0,0,00:00:00/72-08:19:25,87) [bioset]
(root,0,0,00:00:00/72-08:19:25,88) [bioset]
(root,0,0,00:00:00/72-08:19:25,89) [bioset]
(root,0,0,00:00:00/72-08:19:25,90) [bioset]
(root,0,0,00:00:00/72-08:19:25,91) [bioset]
(root,0,0,00:00:00/72-08:19:25,92) [bioset]
(root,0,0,00:00:00/72-08:19:25,93) [bioset]
(root,0,0,00:00:00/72-08:19:25,94) [bioset]
(root,0,0,00:00:00/72-08:19:25,96) [ata_sff]
(root,0,0,00:00:00/72-08:19:25,98) [scsi_eh_0]
(root,0,0,00:00:00/72-08:19:25,99) [scsi_tmf_0]
(root,0,0,00:00:00/72-08:19:25,100) [scsi_eh_1]
(root,0,0,00:00:00/72-08:19:25,101) [scsi_tmf_1]
(root,0,0,00:00:00/72-08:19:24,129) [bioset]
(root,0,0,00:00:00/72-08:19:24,153) [kworker/u129:0]
(root,0,0,00:00:08/72-08:19:24,162) [kworker/0:1H]
(root,0,0,00:00:31/72-08:19:22,169) [jbd2/xvda1-8]
(root,0,0,00:00:00/72-08:19:22,170) [ext4-rsv-conver]
(root,0,0,00:00:13/72-08:19:22,193) [kworker/1:1H]
(root,64388,9516,00:03:47/72-08:19:22,201) /lib/systemd/systemd-journald
(root,0,0,00:00:00/72-08:19:22,206) [kauditd]
(root,45912,3692,00:00:16/72-08:19:22,221) /lib/systemd/systemd-udevd
(root,0,0,00:00:00/72-08:19:21,279) [ttm_swap]
(root,0,0,00:00:00/72-08:19:21,315) [edac-poller]
(systemd-timesync,127288,4148,00:00:23/72-08:19:20,367) /lib/systemd/systemd-timesyncd
(root,46504,4740,00:00:19/72-08:19:18,498) /lib/systemd/systemd-logind
(root,250112,3992,00:00:28/72-08:19:18,500) /usr/sbin/rsyslogd -n
(bind,287116,22420,00:00:08/72-08:19:18,501) /usr/sbin/named -f -u bind
(clamav,297052,33848,00:01:49/72-08:19:18,506) /usr/bin/freshclam -d --foreground=true
(root,29636,2420,00:00:17/72-08:19:18,513) /usr/sbin/cron -f
(root,35800,1820,00:13:50/72-08:19:18,516) /usr/sbin/irqbalance --foreground
(messagebus,45112,3756,00:00:00/72-08:19:18,518) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation
(root,69960,5364,00:00:00/72-08:19:17,563) /usr/sbin/sshd -D
(clamav,1645132,1341648,01:00:21/72-08:19:17,566) /usr/sbin/clamd --foreground=true
(root,14300,1792,00:00:00/72-08:19:17,575) /sbin/agetty --keep-baud 115200,38400,9600 hvc0 vt220
(root,14524,1512,00:00:00/72-08:19:17,577) /sbin/agetty --noclear tty1 linux
(smtpgw,21712,2264,00:00:44/72-08:19:17,584) /usr/sbin/smtp-gated /etc/smtp-gated.conf
(root,20220,2096,00:00:18/72-08:19:17,585) /usr/sbin/xinetd -pidfile /run/xinetd.pid -stayalive -inetd_compat -inetd_ipv6
(root,790484,3180,00:57:29/72-08:19:16,599) /usr/sbin/xe-daemon -p /var/run/xe-daemon.pid
(root,25384,1440,00:00:00/72-08:19:16,601) logger -t xe-daemon
(root,25384,1424,00:00:00/72-08:19:16,604) logger -t xenstore
(root,185196,105120,00:30:05/72-08:19:16,619) /usr/bin/perl -T -w /usr/sbin/spamd -d --pidfile=/var/run/spamd.pid --create-prefs --max-children 5 --helper-home-dir --socketpath=/var/run/spamd.sock
(root,185196,99856,00:00:10/72-08:19:12,621) spamd child
(root,185196,99860,00:00:07/72-08:19:12,622) spamd child
(root,0,0,00:00:06/14:12:01,24763) [kworker/1:2]
(root,0,0,00:00:00/55-09:35:05,25377) [kworker/u128:8]
(root,0,0,00:00:45/55-09:35:05,25379) [kworker/u128:10]
(root,0,0,00:00:14/07:26:13,33739) [kworker/0:2]
(root,0,0,00:00:00/16:01,43298) [kworker/0:1]
(root,19736,3312,00:00:00/00:00,43720) /bin/bash /usr/bin/check_mk_agent
(root,36632,2860,00:00:00/00:00,43739) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000
(root,13208,1008,00:00:00/00:00,43740) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) /
(root,0,0,00:00:11/1-15:02:12,56613) [kworker/1:0]

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP mode DEFAULT group default qlen 1000
    link/ether 4e:f3:e0:93:12:31 brd ff:ff:ff:ff:ff:ff
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP mode DEFAULT group default qlen 1000
    link/ether 9e:6e:d6:0f:9c:57 brd ff:ff:ff:ff:ff:ff
[end_iplink]

Found on 2023-03-02 20:06

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcb3562910c28104c57538621431f6ef336217a95c7

Found public CheckMk agent:
Version: 1.2.8p15
AgentOS: linux
Hostname: proxy1
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
OnlyFrom: 

Found process list through CheckMk:
(root,57012,6692,00:00:52/64-02:55:11,1) /sbin/init
(root,0,0,00:00:00/64-02:55:11,2) [kthreadd]
(root,0,0,00:00:05/64-02:55:11,3) [ksoftirqd/0]
(root,0,0,00:00:00/64-02:55:11,5) [kworker/0:0H]
(root,0,0,01:33:05/64-02:55:11,7) [rcu_sched]
(root,0,0,00:00:00/64-02:55:11,8) [rcu_bh]
(root,0,0,00:00:35/64-02:55:11,9) [migration/0]
(root,0,0,00:00:00/64-02:55:11,10) [lru-add-drain]
(root,0,0,00:01:01/64-02:55:11,11) [watchdog/0]
(root,0,0,00:00:00/64-02:55:11,12) [cpuhp/0]
(root,0,0,00:00:00/64-02:55:11,13) [cpuhp/1]
(root,0,0,00:00:56/64-02:55:11,14) [watchdog/1]
(root,0,0,00:00:27/64-02:55:11,15) [migration/1]
(root,0,0,00:01:10/64-02:55:11,16) [ksoftirqd/1]
(root,0,0,00:00:00/64-02:55:11,18) [kworker/1:0H]
(root,0,0,00:00:00/64-02:55:11,19) [kdevtmpfs]
(root,0,0,00:00:00/64-02:55:11,20) [netns]
(root,0,0,00:00:36/64-02:55:11,21) [xenwatch]
(root,0,0,00:03:08/64-02:55:11,22) [xenbus]
(root,0,0,00:00:03/64-02:55:11,24) [khungtaskd]
(root,0,0,00:00:00/64-02:55:11,25) [oom_reaper]
(root,0,0,00:00:00/64-02:55:11,26) [writeback]
(root,0,0,00:00:00/64-02:55:11,27) [kcompactd0]
(root,0,0,00:00:00/64-02:55:11,28) [ksmd]
(root,0,0,00:00:00/64-02:55:11,29) [khugepaged]
(root,0,0,00:00:00/64-02:55:11,30) [crypto]
(root,0,0,00:00:00/64-02:55:11,31) [kintegrityd]
(root,0,0,00:00:00/64-02:55:11,32) [bioset]
(root,0,0,00:00:00/64-02:55:11,33) [kblockd]
(root,0,0,00:00:00/64-02:55:11,35) [devfreq_wq]
(root,0,0,00:00:00/64-02:55:11,36) [watchdogd]
(root,0,0,00:00:00/64-02:55:10,37) [kswapd0]
(root,0,0,00:00:00/64-02:55:10,38) [vmstat]
(root,0,0,00:00:00/64-02:55:10,50) [kthrotld]
(root,0,0,00:00:00/64-02:55:10,51) [khvcd]
(root,0,0,00:00:00/64-02:55:10,52) [ipv6_addrconf]
(root,0,0,00:00:00/64-02:55:10,87) [bioset]
(root,0,0,00:00:00/64-02:55:10,88) [bioset]
(root,0,0,00:00:00/64-02:55:10,89) [bioset]
(root,0,0,00:00:00/64-02:55:10,90) [bioset]
(root,0,0,00:00:00/64-02:55:10,91) [bioset]
(root,0,0,00:00:00/64-02:55:10,92) [bioset]
(root,0,0,00:00:00/64-02:55:10,93) [bioset]
(root,0,0,00:00:00/64-02:55:10,94) [bioset]
(root,0,0,00:00:00/64-02:55:10,96) [ata_sff]
(root,0,0,00:00:00/64-02:55:10,98) [scsi_eh_0]
(root,0,0,00:00:00/64-02:55:10,99) [scsi_tmf_0]
(root,0,0,00:00:00/64-02:55:10,100) [scsi_eh_1]
(root,0,0,00:00:00/64-02:55:10,101) [scsi_tmf_1]
(root,0,0,00:00:00/64-02:55:09,129) [bioset]
(root,0,0,00:00:00/64-02:55:09,153) [kworker/u129:0]
(root,0,0,00:00:07/64-02:55:09,162) [kworker/0:1H]
(root,0,0,00:00:28/64-02:55:07,169) [jbd2/xvda1-8]
(root,0,0,00:00:00/64-02:55:07,170) [ext4-rsv-conver]
(root,0,0,00:00:12/64-02:55:07,193) [kworker/1:1H]
(root,59340,5656,00:03:20/64-02:55:07,201) /lib/systemd/systemd-journald
(root,0,0,00:00:00/64-02:55:07,206) [kauditd]
(root,45912,3692,00:00:14/64-02:55:07,221) /lib/systemd/systemd-udevd
(root,0,0,00:00:00/64-02:55:06,279) [ttm_swap]
(root,0,0,00:00:00/64-02:55:06,315) [edac-poller]
(systemd-timesync,127288,4148,00:00:21/64-02:55:05,367) /lib/systemd/systemd-timesyncd
(root,46504,4740,00:00:17/64-02:55:03,498) /lib/systemd/systemd-logind
(root,250112,3992,00:00:24/64-02:55:03,500) /usr/sbin/rsyslogd -n
(bind,287116,22420,00:00:06/64-02:55:03,501) /usr/sbin/named -f -u bind
(clamav,296876,33672,00:01:36/64-02:55:03,506) /usr/bin/freshclam -d --foreground=true
(root,29636,2420,00:00:15/64-02:55:03,513) /usr/sbin/cron -f
(root,35800,1820,00:12:08/64-02:55:03,516) /usr/sbin/irqbalance --foreground
(messagebus,45112,3756,00:00:00/64-02:55:03,518) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation
(root,69960,5364,00:00:00/64-02:55:02,563) /usr/sbin/sshd -D
(clamav,1644284,1340856,00:47:42/64-02:55:02,566) /usr/sbin/clamd --foreground=true
(root,14300,1792,00:00:00/64-02:55:02,575) /sbin/agetty --keep-baud 115200,38400,9600 hvc0 vt220
(root,14524,1512,00:00:00/64-02:55:02,577) /sbin/agetty --noclear tty1 linux
(smtpgw,21712,2264,00:00:39/64-02:55:02,584) /usr/sbin/smtp-gated /etc/smtp-gated.conf
(root,20220,2096,00:00:16/64-02:55:02,585) /usr/sbin/xinetd -pidfile /run/xinetd.pid -stayalive -inetd_compat -inetd_ipv6
(root,790484,3180,00:50:24/64-02:55:01,599) /usr/sbin/xe-daemon -p /var/run/xe-daemon.pid
(root,25384,1440,00:00:00/64-02:55:01,601) logger -t xe-daemon
(root,25384,1424,00:00:00/64-02:55:01,604) logger -t xenstore
(root,185196,105120,00:26:28/64-02:55:01,619) /usr/bin/perl -T -w /usr/sbin/spamd -d --pidfile=/var/run/spamd.pid --create-prefs --max-children 5 --helper-home-dir --socketpath=/var/run/spamd.sock
(root,185196,99856,00:00:08/64-02:54:57,621) spamd child
(root,185196,99860,00:00:06/64-02:54:57,622) spamd child
(root,0,0,00:00:01/12:42:46,23299) [kworker/1:2]
(root,0,0,00:00:00/47-04:10:50,25377) [kworker/u128:8]
(root,0,0,00:00:40/47-04:10:50,25379) [kworker/u128:10]
(root,0,0,00:00:04/09:22:46,27802) [kworker/1:1]
(root,0,0,00:00:12/08:12:58,29500) [kworker/0:0]
(root,0,0,00:00:04/02:07:47,37580) [kworker/0:1]
(root,19736,3312,00:00:00/00:00,40476) /bin/bash /usr/bin/check_mk_agent
(root,36632,2896,00:00:00/00:00,40495) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000
(root,13208,1008,00:00:00/00:00,40496) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) /

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP mode DEFAULT group default qlen 1000
    link/ether 4e:f3:e0:93:12:31 brd ff:ff:ff:ff:ff:ff
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP mode DEFAULT group default qlen 1000
    link/ether 9e:6e:d6:0f:9c:57 brd ff:ff:ff:ff:ff:ff
[end_iplink]

Found on 2023-02-22 14:41

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcb3562910c28104c57538621431f6ef3360a7b2007

Found public CheckMk agent:
Version: 1.2.8p15
AgentOS: linux
Hostname: proxy1
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
OnlyFrom: 

Found process list through CheckMk:
(root,57012,6692,00:00:42/52-00:03:40,1) /sbin/init
(root,0,0,00:00:00/52-00:03:40,2) [kthreadd]
(root,0,0,00:00:04/52-00:03:40,3) [ksoftirqd/0]
(root,0,0,00:00:00/52-00:03:40,5) [kworker/0:0H]
(root,0,0,01:13:14/52-00:03:40,7) [rcu_sched]
(root,0,0,00:00:00/52-00:03:40,8) [rcu_bh]
(root,0,0,00:00:27/52-00:03:40,9) [migration/0]
(root,0,0,00:00:00/52-00:03:40,10) [lru-add-drain]
(root,0,0,00:00:48/52-00:03:40,11) [watchdog/0]
(root,0,0,00:00:00/52-00:03:40,12) [cpuhp/0]
(root,0,0,00:00:00/52-00:03:40,13) [cpuhp/1]
(root,0,0,00:00:44/52-00:03:40,14) [watchdog/1]
(root,0,0,00:00:21/52-00:03:40,15) [migration/1]
(root,0,0,00:00:56/52-00:03:40,16) [ksoftirqd/1]
(root,0,0,00:00:00/52-00:03:40,18) [kworker/1:0H]
(root,0,0,00:00:00/52-00:03:40,19) [kdevtmpfs]
(root,0,0,00:00:00/52-00:03:40,20) [netns]
(root,0,0,00:00:27/52-00:03:40,21) [xenwatch]
(root,0,0,00:02:23/52-00:03:40,22) [xenbus]
(root,0,0,00:00:02/52-00:03:40,24) [khungtaskd]
(root,0,0,00:00:00/52-00:03:40,25) [oom_reaper]
(root,0,0,00:00:00/52-00:03:40,26) [writeback]
(root,0,0,00:00:00/52-00:03:40,27) [kcompactd0]
(root,0,0,00:00:00/52-00:03:40,28) [ksmd]
(root,0,0,00:00:00/52-00:03:40,29) [khugepaged]
(root,0,0,00:00:00/52-00:03:40,30) [crypto]
(root,0,0,00:00:00/52-00:03:40,31) [kintegrityd]
(root,0,0,00:00:00/52-00:03:40,32) [bioset]
(root,0,0,00:00:00/52-00:03:40,33) [kblockd]
(root,0,0,00:00:00/52-00:03:40,35) [devfreq_wq]
(root,0,0,00:00:00/52-00:03:40,36) [watchdogd]
(root,0,0,00:00:00/52-00:03:39,37) [kswapd0]
(root,0,0,00:00:00/52-00:03:39,38) [vmstat]
(root,0,0,00:00:00/52-00:03:39,50) [kthrotld]
(root,0,0,00:00:00/52-00:03:39,51) [khvcd]
(root,0,0,00:00:00/52-00:03:39,52) [ipv6_addrconf]
(root,0,0,00:00:00/52-00:03:39,87) [bioset]
(root,0,0,00:00:00/52-00:03:39,88) [bioset]
(root,0,0,00:00:00/52-00:03:39,89) [bioset]
(root,0,0,00:00:00/52-00:03:39,90) [bioset]
(root,0,0,00:00:00/52-00:03:39,91) [bioset]
(root,0,0,00:00:00/52-00:03:39,92) [bioset]
(root,0,0,00:00:00/52-00:03:39,93) [bioset]
(root,0,0,00:00:00/52-00:03:39,94) [bioset]
(root,0,0,00:00:00/52-00:03:39,96) [ata_sff]
(root,0,0,00:00:00/52-00:03:39,98) [scsi_eh_0]
(root,0,0,00:00:00/52-00:03:39,99) [scsi_tmf_0]
(root,0,0,00:00:00/52-00:03:39,100) [scsi_eh_1]
(root,0,0,00:00:00/52-00:03:39,101) [scsi_tmf_1]
(root,0,0,00:00:00/52-00:03:38,129) [bioset]
(root,0,0,00:00:00/52-00:03:38,153) [kworker/u129:0]
(root,0,0,00:00:05/52-00:03:38,162) [kworker/0:1H]
(root,0,0,00:00:22/52-00:03:36,169) [jbd2/xvda1-8]
(root,0,0,00:00:00/52-00:03:36,170) [ext4-rsv-conver]
(root,0,0,00:00:09/52-00:03:36,193) [kworker/1:1H]
(root,59340,6428,00:02:42/52-00:03:36,201) /lib/systemd/systemd-journald
(root,0,0,00:00:00/52-00:03:36,206) [kauditd]
(root,45912,3692,00:00:11/52-00:03:36,221) /lib/systemd/systemd-udevd
(root,0,0,00:00:00/52-00:03:35,279) [ttm_swap]
(root,0,0,00:00:00/52-00:03:35,315) [edac-poller]
(systemd-timesync,127288,4148,00:00:16/52-00:03:34,367) /lib/systemd/systemd-timesyncd
(root,46504,4740,00:00:13/52-00:03:32,498) /lib/systemd/systemd-logind
(root,250112,3992,00:00:20/52-00:03:32,500) /usr/sbin/rsyslogd -n
(bind,287116,22420,00:00:06/52-00:03:32,501) /usr/sbin/named -f -u bind
(clamav,296644,33440,00:01:17/52-00:03:32,506) /usr/bin/freshclam -d --foreground=true
(root,29636,2420,00:00:11/52-00:03:32,513) /usr/sbin/cron -f
(root,35800,1820,00:09:41/52-00:03:32,516) /usr/sbin/irqbalance --foreground
(messagebus,45112,3756,00:00:00/52-00:03:32,518) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation
(root,69960,5364,00:00:00/52-00:03:31,563) /usr/sbin/sshd -D
(clamav,1643256,1339628,00:38:10/52-00:03:31,566) /usr/sbin/clamd --foreground=true
(root,14300,1792,00:00:00/52-00:03:31,575) /sbin/agetty --keep-baud 115200,38400,9600 hvc0 vt220
(root,14524,1512,00:00:00/52-00:03:31,577) /sbin/agetty --noclear tty1 linux
(smtpgw,21712,2264,00:00:31/52-00:03:31,584) /usr/sbin/smtp-gated /etc/smtp-gated.conf
(root,20220,2096,00:00:12/52-00:03:31,585) /usr/sbin/xinetd -pidfile /run/xinetd.pid -stayalive -inetd_compat -inetd_ipv6
(root,790484,3180,00:40:04/52-00:03:30,599) /usr/sbin/xe-daemon -p /var/run/xe-daemon.pid
(root,25384,1440,00:00:00/52-00:03:30,601) logger -t xe-daemon
(root,25384,1424,00:00:00/52-00:03:30,604) logger -t xenstore
(root,185196,105120,00:21:12/52-00:03:30,619) /usr/bin/perl -T -w /usr/sbin/spamd -d --pidfile=/var/run/spamd.pid --create-prefs --max-children 5 --helper-home-dir --socketpath=/var/run/spamd.sock
(root,185196,99856,00:00:07/52-00:03:26,621) spamd child
(root,185196,99860,00:00:04/52-00:03:26,622) spamd child
(root,0,0,00:00:03/1-01:19:04,8491) [kworker/0:1]
(root,0,0,00:00:50/23:22:53,11052) [kworker/0:2]
(root,0,0,00:00:03/14:18:18,23154) [kworker/1:2]
(root,0,0,00:00:00/35-01:19:19,25377) [kworker/u128:8]
(root,0,0,00:00:30/35-01:19:19,25379) [kworker/u128:10]
(root,0,0,00:00:03/06:44:15,33320) [kworker/1:1]
(root,19736,3320,00:00:00/00:00,42418) /bin/bash /usr/bin/check_mk_agent
(root,36632,2848,00:00:00/00:00,42437) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000
(root,13208,1020,00:00:00/00:00,42438) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) /

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP mode DEFAULT group default qlen 1000
    link/ether 4e:f3:e0:93:12:31 brd ff:ff:ff:ff:ff:ff
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP mode DEFAULT group default qlen 1000
    link/ether 9e:6e:d6:0f:9c:57 brd ff:ff:ff:ff:ff:ff
[end_iplink]

Found on 2023-02-10 11:50

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcb3562910c28104c57538621431f6ef336f585b14e

Found public CheckMk agent:
Version: 1.2.8p15
AgentOS: linux
Hostname: proxy1
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
OnlyFrom: 

Found process list through CheckMk:
(root,57012,6692,00:00:34/42-07:37:02,1) /sbin/init
(root,0,0,00:00:00/42-07:37:02,2) [kthreadd]
(root,0,0,00:00:03/42-07:37:02,3) [ksoftirqd/0]
(root,0,0,00:00:00/42-07:37:02,5) [kworker/0:0H]
(root,0,0,00:58:03/42-07:37:02,7) [rcu_sched]
(root,0,0,00:00:00/42-07:37:02,8) [rcu_bh]
(root,0,0,00:00:21/42-07:37:02,9) [migration/0]
(root,0,0,00:00:00/42-07:37:02,10) [lru-add-drain]
(root,0,0,00:00:37/42-07:37:02,11) [watchdog/0]
(root,0,0,00:00:00/42-07:37:02,12) [cpuhp/0]
(root,0,0,00:00:00/42-07:37:02,13) [cpuhp/1]
(root,0,0,00:00:34/42-07:37:02,14) [watchdog/1]
(root,0,0,00:00:16/42-07:37:02,15) [migration/1]
(root,0,0,00:00:45/42-07:37:02,16) [ksoftirqd/1]
(root,0,0,00:00:00/42-07:37:02,18) [kworker/1:0H]
(root,0,0,00:00:00/42-07:37:02,19) [kdevtmpfs]
(root,0,0,00:00:00/42-07:37:02,20) [netns]
(root,0,0,00:00:19/42-07:37:02,21) [xenwatch]
(root,0,0,00:01:46/42-07:37:02,22) [xenbus]
(root,0,0,00:00:02/42-07:37:02,24) [khungtaskd]
(root,0,0,00:00:00/42-07:37:02,25) [oom_reaper]
(root,0,0,00:00:00/42-07:37:02,26) [writeback]
(root,0,0,00:00:00/42-07:37:02,27) [kcompactd0]
(root,0,0,00:00:00/42-07:37:02,28) [ksmd]
(root,0,0,00:00:00/42-07:37:02,29) [khugepaged]
(root,0,0,00:00:00/42-07:37:02,30) [crypto]
(root,0,0,00:00:00/42-07:37:02,31) [kintegrityd]
(root,0,0,00:00:00/42-07:37:02,32) [bioset]
(root,0,0,00:00:00/42-07:37:02,33) [kblockd]
(root,0,0,00:00:00/42-07:37:02,35) [devfreq_wq]
(root,0,0,00:00:00/42-07:37:02,36) [watchdogd]
(root,0,0,00:00:00/42-07:37:01,37) [kswapd0]
(root,0,0,00:00:00/42-07:37:01,38) [vmstat]
(root,0,0,00:00:00/42-07:37:01,50) [kthrotld]
(root,0,0,00:00:00/42-07:37:01,51) [khvcd]
(root,0,0,00:00:00/42-07:37:01,52) [ipv6_addrconf]
(root,0,0,00:00:00/42-07:37:01,87) [bioset]
(root,0,0,00:00:00/42-07:37:01,88) [bioset]
(root,0,0,00:00:00/42-07:37:01,89) [bioset]
(root,0,0,00:00:00/42-07:37:01,90) [bioset]
(root,0,0,00:00:00/42-07:37:01,91) [bioset]
(root,0,0,00:00:00/42-07:37:01,92) [bioset]
(root,0,0,00:00:00/42-07:37:01,93) [bioset]
(root,0,0,00:00:00/42-07:37:01,94) [bioset]
(root,0,0,00:00:00/42-07:37:01,96) [ata_sff]
(root,0,0,00:00:00/42-07:37:01,98) [scsi_eh_0]
(root,0,0,00:00:00/42-07:37:01,99) [scsi_tmf_0]
(root,0,0,00:00:00/42-07:37:01,100) [scsi_eh_1]
(root,0,0,00:00:00/42-07:37:01,101) [scsi_tmf_1]
(root,0,0,00:00:00/42-07:37:00,129) [bioset]
(root,0,0,00:00:00/42-07:37:00,153) [kworker/u129:0]
(root,0,0,00:00:04/42-07:37:00,162) [kworker/0:1H]
(root,0,0,00:00:18/42-07:36:58,169) [jbd2/xvda1-8]
(root,0,0,00:00:00/42-07:36:58,170) [ext4-rsv-conver]
(root,0,0,00:00:07/42-07:36:58,193) [kworker/1:1H]
(root,59340,6548,00:02:11/42-07:36:58,201) /lib/systemd/systemd-journald
(root,0,0,00:00:00/42-07:36:58,206) [kauditd]
(root,45912,3692,00:00:09/42-07:36:58,221) /lib/systemd/systemd-udevd
(root,0,0,00:00:00/42-07:36:57,279) [ttm_swap]
(root,0,0,00:00:00/42-07:36:57,315) [edac-poller]
(systemd-timesync,127288,4148,00:00:13/42-07:36:56,367) /lib/systemd/systemd-timesyncd
(root,46504,4740,00:00:11/42-07:36:54,498) /lib/systemd/systemd-logind
(root,250112,3724,00:00:16/42-07:36:54,500) /usr/sbin/rsyslogd -n
(bind,287116,22420,00:00:05/42-07:36:54,501) /usr/sbin/named -f -u bind
(clamav,296604,33400,00:01:01/42-07:36:54,506) /usr/bin/freshclam -d --foreground=true
(root,29636,2420,00:00:09/42-07:36:54,513) /usr/sbin/cron -f
(root,35800,1820,00:07:40/42-07:36:54,516) /usr/sbin/irqbalance --foreground
(messagebus,45112,3756,00:00:00/42-07:36:54,518) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation
(root,69960,5364,00:00:00/42-07:36:53,563) /usr/sbin/sshd -D
(clamav,1642072,1338356,00:30:04/42-07:36:53,566) /usr/sbin/clamd --foreground=true
(root,14300,1792,00:00:00/42-07:36:53,575) /sbin/agetty --keep-baud 115200,38400,9600 hvc0 vt220
(root,14524,1512,00:00:00/42-07:36:53,577) /sbin/agetty --noclear tty1 linux
(smtpgw,21712,2264,00:00:25/42-07:36:53,584) /usr/sbin/smtp-gated /etc/smtp-gated.conf
(root,20220,2096,00:00:10/42-07:36:53,585) /usr/sbin/xinetd -pidfile /run/xinetd.pid -stayalive -inetd_compat -inetd_ipv6
(root,790484,3180,00:31:31/42-07:36:52,599) /usr/sbin/xe-daemon -p /var/run/xe-daemon.pid
(root,25384,1440,00:00:00/42-07:36:52,601) logger -t xe-daemon
(root,25384,1424,00:00:00/42-07:36:52,604) logger -t xenstore
(root,185196,105120,00:16:53/42-07:36:52,619) /usr/bin/perl -T -w /usr/sbin/spamd -d --pidfile=/var/run/spamd.pid --create-prefs --max-children 5 --helper-home-dir --socketpath=/var/run/spamd.sock
(root,185196,99856,00:00:05/42-07:36:48,621) spamd child
(root,185196,99860,00:00:03/42-07:36:48,622) spamd child
(root,0,0,00:00:06/1-14:12:37,6277) [kworker/1:2]
(root,0,0,00:00:12/1-00:29:37,24642) [kworker/1:1]
(root,0,0,00:00:00/25-08:52:41,25377) [kworker/u128:8]
(root,0,0,00:00:22/25-08:52:41,25379) [kworker/u128:10]
(root,0,0,00:00:01/07:02:17,47881) [kworker/0:0]
(root,0,0,00:00:14/06:25:26,48772) [kworker/0:1]
(root,19736,3320,00:00:00/00:01,57335) /bin/bash /usr/bin/check_mk_agent
(root,36632,2772,00:00:00/00:00,57354) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000
(root,13208,1016,00:00:00/00:00,57355) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) /

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP mode DEFAULT group default qlen 1000
    link/ether 4e:f3:e0:93:12:31 brd ff:ff:ff:ff:ff:ff
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP mode DEFAULT group default qlen 1000
    link/ether 9e:6e:d6:0f:9c:57 brd ff:ff:ff:ff:ff:ff
[end_iplink]

Found on 2023-01-31 19:23

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcb3562910c28104c57538621431f6ef3360ddc890f

Found public CheckMk agent:
Version: 1.2.8p15
AgentOS: linux
Hostname: proxy1
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
OnlyFrom: 

Found process list through CheckMk:
(root,57012,6692,00:00:27/34-19:29:51,1) /sbin/init
(root,0,0,00:00:00/34-19:29:51,2) [kthreadd]
(root,0,0,00:00:02/34-19:29:51,3) [ksoftirqd/0]
(root,0,0,00:00:00/34-19:29:51,5) [kworker/0:0H]
(root,0,0,00:45:10/34-19:29:51,7) [rcu_sched]
(root,0,0,00:00:00/34-19:29:51,8) [rcu_bh]
(root,0,0,00:00:16/34-19:29:51,9) [migration/0]
(root,0,0,00:00:00/34-19:29:51,10) [lru-add-drain]
(root,0,0,00:00:29/34-19:29:51,11) [watchdog/0]
(root,0,0,00:00:00/34-19:29:51,12) [cpuhp/0]
(root,0,0,00:00:00/34-19:29:51,13) [cpuhp/1]
(root,0,0,00:00:26/34-19:29:51,14) [watchdog/1]
(root,0,0,00:00:13/34-19:29:51,15) [migration/1]
(root,0,0,00:00:35/34-19:29:51,16) [ksoftirqd/1]
(root,0,0,00:00:00/34-19:29:51,18) [kworker/1:0H]
(root,0,0,00:00:00/34-19:29:51,19) [kdevtmpfs]
(root,0,0,00:00:00/34-19:29:51,20) [netns]
(root,0,0,00:00:13/34-19:29:51,21) [xenwatch]
(root,0,0,00:01:18/34-19:29:51,22) [xenbus]
(root,0,0,00:00:01/34-19:29:51,24) [khungtaskd]
(root,0,0,00:00:00/34-19:29:51,25) [oom_reaper]
(root,0,0,00:00:00/34-19:29:51,26) [writeback]
(root,0,0,00:00:00/34-19:29:51,27) [kcompactd0]
(root,0,0,00:00:00/34-19:29:51,28) [ksmd]
(root,0,0,00:00:00/34-19:29:51,29) [khugepaged]
(root,0,0,00:00:00/34-19:29:51,30) [crypto]
(root,0,0,00:00:00/34-19:29:51,31) [kintegrityd]
(root,0,0,00:00:00/34-19:29:51,32) [bioset]
(root,0,0,00:00:00/34-19:29:51,33) [kblockd]
(root,0,0,00:00:00/34-19:29:51,35) [devfreq_wq]
(root,0,0,00:00:00/34-19:29:51,36) [watchdogd]
(root,0,0,00:00:00/34-19:29:50,37) [kswapd0]
(root,0,0,00:00:00/34-19:29:50,38) [vmstat]
(root,0,0,00:00:00/34-19:29:50,50) [kthrotld]
(root,0,0,00:00:00/34-19:29:50,51) [khvcd]
(root,0,0,00:00:00/34-19:29:50,52) [ipv6_addrconf]
(root,0,0,00:00:00/34-19:29:50,87) [bioset]
(root,0,0,00:00:00/34-19:29:50,88) [bioset]
(root,0,0,00:00:00/34-19:29:50,89) [bioset]
(root,0,0,00:00:00/34-19:29:50,90) [bioset]
(root,0,0,00:00:00/34-19:29:50,91) [bioset]
(root,0,0,00:00:00/34-19:29:50,92) [bioset]
(root,0,0,00:00:00/34-19:29:50,93) [bioset]
(root,0,0,00:00:00/34-19:29:50,94) [bioset]
(root,0,0,00:00:00/34-19:29:50,96) [ata_sff]
(root,0,0,00:00:00/34-19:29:50,98) [scsi_eh_0]
(root,0,0,00:00:00/34-19:29:50,99) [scsi_tmf_0]
(root,0,0,00:00:00/34-19:29:50,100) [scsi_eh_1]
(root,0,0,00:00:00/34-19:29:50,101) [scsi_tmf_1]
(root,0,0,00:00:00/34-19:29:49,129) [bioset]
(root,0,0,00:00:00/34-19:29:49,153) [kworker/u129:0]
(root,0,0,00:00:03/34-19:29:49,162) [kworker/0:1H]
(root,0,0,00:00:14/34-19:29:47,169) [jbd2/xvda1-8]
(root,0,0,00:00:00/34-19:29:47,170) [ext4-rsv-conver]
(root,0,0,00:00:06/34-19:29:47,193) [kworker/1:1H]
(root,64388,9156,00:01:45/34-19:29:47,201) /lib/systemd/systemd-journald
(root,0,0,00:00:00/34-19:29:47,206) [kauditd]
(root,45912,3692,00:00:07/34-19:29:47,221) /lib/systemd/systemd-udevd
(root,0,0,00:00:00/34-19:29:46,279) [ttm_swap]
(root,0,0,00:00:00/34-19:29:46,315) [edac-poller]
(systemd-timesync,127288,4148,00:00:10/34-19:29:45,367) /lib/systemd/systemd-timesyncd
(root,46504,4740,00:00:09/34-19:29:43,498) /lib/systemd/systemd-logind
(root,250112,3724,00:00:12/34-19:29:43,500) /usr/sbin/rsyslogd -n
(bind,287116,22152,00:00:04/34-19:29:43,501) /usr/sbin/named -f -u bind
(clamav,296604,33400,00:00:48/34-19:29:43,506) /usr/bin/freshclam -d --foreground=true
(root,29636,2420,00:00:07/34-19:29:43,513) /usr/sbin/cron -f
(root,35800,1820,00:06:06/34-19:29:43,516) /usr/sbin/irqbalance --foreground
(messagebus,45112,3756,00:00:00/34-19:29:43,518) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation
(root,69960,5364,00:00:00/34-19:29:42,563) /usr/sbin/sshd -D
(clamav,1640956,1337120,00:23:24/34-19:29:42,566) /usr/sbin/clamd --foreground=true
(root,14300,1792,00:00:00/34-19:29:42,575) /sbin/agetty --keep-baud 115200,38400,9600 hvc0 vt220
(root,14524,1512,00:00:00/34-19:29:42,577) /sbin/agetty --noclear tty1 linux
(smtpgw,21712,2264,00:00:20/34-19:29:42,584) /usr/sbin/smtp-gated /etc/smtp-gated.conf
(root,20220,2096,00:00:08/34-19:29:42,585) /usr/sbin/xinetd -pidfile /run/xinetd.pid -stayalive -inetd_compat -inetd_ipv6
(root,790484,3176,00:24:49/34-19:29:41,599) /usr/sbin/xe-daemon -p /var/run/xe-daemon.pid
(root,25384,1440,00:00:00/34-19:29:41,601) logger -t xe-daemon
(root,25384,1424,00:00:00/34-19:29:41,604) logger -t xenstore
(root,185196,105120,00:13:31/34-19:29:41,619) /usr/bin/perl -T -w /usr/sbin/spamd -d --pidfile=/var/run/spamd.pid --create-prefs --max-children 5 --helper-home-dir --socketpath=/var/run/spamd.sock
(root,185196,99856,00:00:04/34-19:29:37,621) spamd child
(root,185196,99860,00:00:03/34-19:29:37,622) spamd child
(root,0,0,00:00:04/01:47:15,9674) [kworker/0:2]
(root,19736,3484,00:00:00/00:00,12127) /bin/bash /usr/bin/check_mk_agent
(root,36632,2808,00:00:00/00:00,12146) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000
(root,13208,1044,00:00:00/00:00,12147) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) /
(root,0,0,00:00:00/17-20:45:30,25377) [kworker/u128:8]
(root,0,0,00:00:15/17-20:45:30,25379) [kworker/u128:10]
(root,0,0,00:00:37/18:57:37,51923) [kworker/0:1]
(root,0,0,00:00:01/17:57:36,53292) [kworker/1:2]
(root,0,0,00:00:06/13:49:15,58852) [kworker/1:1]

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP mode DEFAULT group default qlen 1000
    link/ether 4e:f3:e0:93:12:31 brd ff:ff:ff:ff:ff:ff
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP mode DEFAULT group default qlen 1000
    link/ether 9e:6e:d6:0f:9c:57 brd ff:ff:ff:ff:ff:ff
[end_iplink]

Found on 2023-01-24 07:16

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcb3562910c28104c57538621431f6ef336de5464ac

Found public CheckMk agent:
Version: 1.2.8p15
AgentOS: linux
Hostname: proxy1
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
OnlyFrom: 

Found process list through CheckMk:
(root,57012,6692,00:00:14/19-20:09:16,1) /sbin/init
(root,0,0,00:00:00/19-20:09:16,2) [kthreadd]
(root,0,0,00:00:01/19-20:09:16,3) [ksoftirqd/0]
(root,0,0,00:00:00/19-20:09:16,5) [kworker/0:0H]
(root,0,0,00:19:13/19-20:09:16,7) [rcu_sched]
(root,0,0,00:00:00/19-20:09:16,8) [rcu_bh]
(root,0,0,00:00:07/19-20:09:16,9) [migration/0]
(root,0,0,00:00:00/19-20:09:16,10) [lru-add-drain]
(root,0,0,00:00:12/19-20:09:16,11) [watchdog/0]
(root,0,0,00:00:00/19-20:09:16,12) [cpuhp/0]
(root,0,0,00:00:00/19-20:09:16,13) [cpuhp/1]
(root,0,0,00:00:11/19-20:09:16,14) [watchdog/1]
(root,0,0,00:00:05/19-20:09:16,15) [migration/1]
(root,0,0,00:00:12/19-20:09:16,16) [ksoftirqd/1]
(root,0,0,00:00:00/19-20:09:16,18) [kworker/1:0H]
(root,0,0,00:00:00/19-20:09:16,19) [kdevtmpfs]
(root,0,0,00:00:00/19-20:09:16,20) [netns]
(root,0,0,00:00:02/19-20:09:16,21) [xenwatch]
(root,0,0,00:00:22/19-20:09:16,22) [xenbus]
(root,0,0,00:00:00/19-20:09:16,24) [khungtaskd]
(root,0,0,00:00:00/19-20:09:16,25) [oom_reaper]
(root,0,0,00:00:00/19-20:09:16,26) [writeback]
(root,0,0,00:00:00/19-20:09:16,27) [kcompactd0]
(root,0,0,00:00:00/19-20:09:16,28) [ksmd]
(root,0,0,00:00:00/19-20:09:16,29) [khugepaged]
(root,0,0,00:00:00/19-20:09:16,30) [crypto]
(root,0,0,00:00:00/19-20:09:16,31) [kintegrityd]
(root,0,0,00:00:00/19-20:09:16,32) [bioset]
(root,0,0,00:00:00/19-20:09:16,33) [kblockd]
(root,0,0,00:00:00/19-20:09:16,35) [devfreq_wq]
(root,0,0,00:00:00/19-20:09:16,36) [watchdogd]
(root,0,0,00:00:00/19-20:09:15,37) [kswapd0]
(root,0,0,00:00:00/19-20:09:15,38) [vmstat]
(root,0,0,00:00:00/19-20:09:15,50) [kthrotld]
(root,0,0,00:00:00/19-20:09:15,51) [khvcd]
(root,0,0,00:00:00/19-20:09:15,52) [ipv6_addrconf]
(root,0,0,00:00:00/19-20:09:15,87) [bioset]
(root,0,0,00:00:00/19-20:09:15,88) [bioset]
(root,0,0,00:00:00/19-20:09:15,89) [bioset]
(root,0,0,00:00:00/19-20:09:15,90) [bioset]
(root,0,0,00:00:00/19-20:09:15,91) [bioset]
(root,0,0,00:00:00/19-20:09:15,92) [bioset]
(root,0,0,00:00:00/19-20:09:15,93) [bioset]
(root,0,0,00:00:00/19-20:09:15,94) [bioset]
(root,0,0,00:00:00/19-20:09:15,96) [ata_sff]
(root,0,0,00:00:00/19-20:09:15,98) [scsi_eh_0]
(root,0,0,00:00:00/19-20:09:15,99) [scsi_tmf_0]
(root,0,0,00:00:00/19-20:09:15,100) [scsi_eh_1]
(root,0,0,00:00:00/19-20:09:15,101) [scsi_tmf_1]
(root,0,0,00:00:00/19-20:09:14,129) [bioset]
(root,0,0,00:00:00/19-20:09:14,153) [kworker/u129:0]
(root,0,0,00:00:01/19-20:09:14,162) [kworker/0:1H]
(root,0,0,00:00:07/19-20:09:12,169) [jbd2/xvda1-8]
(root,0,0,00:00:00/19-20:09:12,170) [ext4-rsv-conver]
(root,0,0,00:00:02/19-20:09:12,193) [kworker/1:1H]
(root,59340,4888,00:00:56/19-20:09:12,201) /lib/systemd/systemd-journald
(root,0,0,00:00:00/19-20:09:12,206) [kauditd]
(root,45912,3692,00:00:03/19-20:09:12,221) /lib/systemd/systemd-udevd
(root,0,0,00:00:00/19-20:09:11,279) [ttm_swap]
(root,0,0,00:00:00/19-20:09:11,315) [edac-poller]
(systemd-timesync,127288,4148,00:00:05/19-20:09:10,367) /lib/systemd/systemd-timesyncd
(root,46504,4740,00:00:04/19-20:09:08,498) /lib/systemd/systemd-logind
(root,250112,3460,00:00:06/19-20:09:08,500) /usr/sbin/rsyslogd -n
(bind,287116,22152,00:00:03/19-20:09:08,501) /usr/sbin/named -f -u bind
(clamav,296604,33400,00:00:25/19-20:09:08,506) /usr/bin/freshclam -d --foreground=true
(root,29636,2420,00:00:03/19-20:09:08,513) /usr/sbin/cron -f
(root,35800,1820,00:03:01/19-20:09:08,516) /usr/sbin/irqbalance --foreground
(messagebus,45112,3756,00:00:00/19-20:09:08,518) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation
(root,69960,5364,00:00:00/19-20:09:07,563) /usr/sbin/sshd -D
(clamav,1638560,1334568,00:11:20/19-20:09:07,566) /usr/sbin/clamd --foreground=true
(root,14300,1792,00:00:00/19-20:09:07,575) /sbin/agetty --keep-baud 115200,38400,9600 hvc0 vt220
(root,14524,1512,00:00:00/19-20:09:07,577) /sbin/agetty --noclear tty1 linux
(smtpgw,21712,2264,00:00:10/19-20:09:07,584) /usr/sbin/smtp-gated /etc/smtp-gated.conf
(root,20220,2096,00:00:04/19-20:09:07,585) /usr/sbin/xinetd -pidfile /run/xinetd.pid -stayalive -inetd_compat -inetd_ipv6
(root,790484,3168,00:11:42/19-20:09:06,599) /usr/sbin/xe-daemon -p /var/run/xe-daemon.pid
(root,25384,1440,00:00:00/19-20:09:06,601) logger -t xe-daemon
(root,25384,1424,00:00:00/19-20:09:06,604) logger -t xenstore
(root,185196,105120,00:06:52/19-20:09:06,619) /usr/bin/perl -T -w /usr/sbin/spamd -d --pidfile=/var/run/spamd.pid --create-prefs --max-children 5 --helper-home-dir --socketpath=/var/run/spamd.sock
(root,185196,99856,00:00:02/19-20:09:02,621) spamd child
(root,185196,99860,00:00:01/19-20:09:02,622) spamd child
(root,0,0,00:00:36/3-02:32:54,18487) [kworker/1:2]
(root,0,0,00:00:00/2-21:24:55,25377) [kworker/u128:8]
(root,0,0,00:00:02/2-21:24:55,25379) [kworker/u128:10]
(root,0,0,00:00:32/18:00:51,28949) [kworker/0:2]
(root,0,0,00:00:04/09:22:51,40452) [kworker/1:1]
(root,0,0,00:00:06/02:53:51,49094) [kworker/0:1]
(root,19736,3320,00:00:00/00:00,53073) /bin/bash /usr/bin/check_mk_agent
(root,36632,2744,00:00:00/00:00,53092) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000
(root,13208,1016,00:00:00/00:00,53093) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) /

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP mode DEFAULT group default qlen 1000
    link/ether 4e:f3:e0:93:12:31 brd ff:ff:ff:ff:ff:ff
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP mode DEFAULT group default qlen 1000
    link/ether 9e:6e:d6:0f:9c:57 brd ff:ff:ff:ff:ff:ff
[end_iplink]

Found on 2023-01-09 07:56

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcb3562910c28104c57538621431f6ef33604c5e760

Found public CheckMk agent:
Version: 1.2.8p15
AgentOS: linux
Hostname: proxy1
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
OnlyFrom: 

Found process list through CheckMk:
(root,57012,6716,00:00:03/2-16:24:00,1) /sbin/init
(root,0,0,00:00:00/2-16:24:00,2) [kthreadd]
(root,0,0,00:00:00/2-16:24:00,3) [ksoftirqd/0]
(root,0,0,00:00:00/2-16:24:00,5) [kworker/0:0H]
(root,0,0,00:00:01/2-16:24:00,6) [kworker/u128:0]
(root,0,0,00:01:53/2-16:24:00,7) [rcu_sched]
(root,0,0,00:00:00/2-16:24:00,8) [rcu_bh]
(root,0,0,00:00:00/2-16:24:00,9) [migration/0]
(root,0,0,00:00:00/2-16:24:00,10) [lru-add-drain]
(root,0,0,00:00:01/2-16:24:00,11) [watchdog/0]
(root,0,0,00:00:00/2-16:24:00,12) [cpuhp/0]
(root,0,0,00:00:00/2-16:24:00,13) [cpuhp/1]
(root,0,0,00:00:01/2-16:24:00,14) [watchdog/1]
(root,0,0,00:00:00/2-16:24:00,15) [migration/1]
(root,0,0,00:00:00/2-16:24:00,16) [ksoftirqd/1]
(root,0,0,00:00:00/2-16:24:00,18) [kworker/1:0H]
(root,0,0,00:00:00/2-16:24:00,19) [kdevtmpfs]
(root,0,0,00:00:00/2-16:24:00,20) [netns]
(root,0,0,00:00:00/2-16:24:00,21) [xenwatch]
(root,0,0,00:00:01/2-16:24:00,22) [xenbus]
(root,0,0,00:00:00/2-16:24:00,24) [khungtaskd]
(root,0,0,00:00:00/2-16:24:00,25) [oom_reaper]
(root,0,0,00:00:00/2-16:24:00,26) [writeback]
(root,0,0,00:00:00/2-16:24:00,27) [kcompactd0]
(root,0,0,00:00:00/2-16:24:00,28) [ksmd]
(root,0,0,00:00:00/2-16:24:00,29) [khugepaged]
(root,0,0,00:00:00/2-16:24:00,30) [crypto]
(root,0,0,00:00:00/2-16:24:00,31) [kintegrityd]
(root,0,0,00:00:00/2-16:24:00,32) [bioset]
(root,0,0,00:00:00/2-16:24:00,33) [kblockd]
(root,0,0,00:00:00/2-16:24:00,35) [devfreq_wq]
(root,0,0,00:00:00/2-16:24:00,36) [watchdogd]
(root,0,0,00:00:00/2-16:23:59,37) [kswapd0]
(root,0,0,00:00:00/2-16:23:59,38) [vmstat]
(root,0,0,00:00:00/2-16:23:59,50) [kthrotld]
(root,0,0,00:00:00/2-16:23:59,51) [khvcd]
(root,0,0,00:00:00/2-16:23:59,52) [ipv6_addrconf]
(root,0,0,00:00:00/2-16:23:59,87) [bioset]
(root,0,0,00:00:00/2-16:23:59,88) [bioset]
(root,0,0,00:00:00/2-16:23:59,89) [bioset]
(root,0,0,00:00:00/2-16:23:59,90) [bioset]
(root,0,0,00:00:00/2-16:23:59,91) [bioset]
(root,0,0,00:00:00/2-16:23:59,92) [bioset]
(root,0,0,00:00:00/2-16:23:59,93) [bioset]
(root,0,0,00:00:00/2-16:23:59,94) [bioset]
(root,0,0,00:00:00/2-16:23:59,95) [kworker/u128:1]
(root,0,0,00:00:00/2-16:23:59,96) [ata_sff]
(root,0,0,00:00:00/2-16:23:59,98) [scsi_eh_0]
(root,0,0,00:00:00/2-16:23:59,99) [scsi_tmf_0]
(root,0,0,00:00:00/2-16:23:59,100) [scsi_eh_1]
(root,0,0,00:00:00/2-16:23:59,101) [scsi_tmf_1]
(root,0,0,00:00:00/2-16:23:58,129) [bioset]
(root,0,0,00:00:00/2-16:23:58,153) [kworker/u129:0]
(root,0,0,00:00:00/2-16:23:58,162) [kworker/0:1H]
(root,0,0,00:00:00/2-16:23:56,169) [jbd2/xvda1-8]
(root,0,0,00:00:00/2-16:23:56,170) [ext4-rsv-conver]
(root,0,0,00:00:00/2-16:23:56,193) [kworker/1:1H]
(root,64388,9244,00:00:07/2-16:23:56,201) /lib/systemd/systemd-journald
(root,0,0,00:00:00/2-16:23:56,206) [kauditd]
(root,45912,3956,00:00:00/2-16:23:56,221) /lib/systemd/systemd-udevd
(root,0,0,00:00:00/2-16:23:55,279) [ttm_swap]
(root,0,0,00:00:00/2-16:23:55,315) [edac-poller]
(systemd-timesync,127288,4148,00:00:00/2-16:23:54,367) /lib/systemd/systemd-timesyncd
(root,46504,4748,00:00:00/2-16:23:52,498) /lib/systemd/systemd-logind
(root,250112,3200,00:00:00/2-16:23:52,500) /usr/sbin/rsyslogd -n
(bind,287116,22172,00:00:00/2-16:23:52,501) /usr/sbin/named -f -u bind
(clamav,296604,33332,00:00:02/2-16:23:52,506) /usr/bin/freshclam -d --foreground=true
(root,29636,2748,00:00:00/2-16:23:52,513) /usr/sbin/cron -f
(root,35800,1820,00:00:22/2-16:23:52,516) /usr/sbin/irqbalance --foreground
(messagebus,45112,3756,00:00:00/2-16:23:52,518) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation
(root,69960,5364,00:00:00/2-16:23:51,563) /usr/sbin/sshd -D
(clamav,1636872,1332828,00:01:32/2-16:23:51,566) /usr/sbin/clamd --foreground=true
(root,14300,2120,00:00:00/2-16:23:51,575) /sbin/agetty --keep-baud 115200,38400,9600 hvc0 vt220
(root,14524,1716,00:00:00/2-16:23:51,577) /sbin/agetty --noclear tty1 linux
(smtpgw,21712,2268,00:00:01/2-16:23:51,584) /usr/sbin/smtp-gated /etc/smtp-gated.conf
(root,20220,2096,00:00:00/2-16:23:51,585) /usr/sbin/xinetd -pidfile /run/xinetd.pid -stayalive -inetd_compat -inetd_ipv6
(root,790484,3068,00:01:25/2-16:23:50,599) /usr/sbin/xe-daemon -p /var/run/xe-daemon.pid
(root,25384,1440,00:00:00/2-16:23:50,601) logger -t xe-daemon
(root,25384,1424,00:00:00/2-16:23:50,604) logger -t xenstore
(root,185196,105324,00:00:55/2-16:23:50,619) /usr/bin/perl -T -w /usr/sbin/spamd -d --pidfile=/var/run/spamd.pid --create-prefs --max-children 5 --helper-home-dir --socketpath=/var/run/spamd.sock
(root,185196,99856,00:00:00/2-16:23:46,621) spamd child
(root,185196,99860,00:00:00/2-16:23:46,622) spamd child
(root,0,0,00:00:19/16:07:24,2228) [kworker/0:1]
(root,0,0,00:00:01/03:40:24,18800) [kworker/1:0]
(root,19736,3332,00:00:00/00:00,23735) /bin/bash /usr/bin/check_mk_agent
(root,36632,2856,00:00:00/00:00,23754) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000
(root,13208,1048,00:00:00/00:00,23755) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) /
(root,0,0,00:00:05/23:07:38,58026) [kworker/1:1]
(root,0,0,00:00:07/22:55:24,58336) [kworker/0:0]

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP mode DEFAULT group default qlen 1000
    link/ether 4e:f3:e0:93:12:31 brd ff:ff:ff:ff:ff:ff
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP mode DEFAULT group default qlen 1000
    link/ether 9e:6e:d6:0f:9c:57 brd ff:ff:ff:ff:ff:ff
[end_iplink]

Found on 2022-12-23 04:10

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcb3562910c28104c57538621431f6ef336cf438c84

Found public CheckMk agent:
Version: 1.2.8p15
AgentOS: linux
Hostname: proxy1
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
OnlyFrom: 

Found process list through CheckMk:
(root,57100,3420,00:00:44/56-02:43:28,1) /sbin/init
(root,0,0,00:00:00/56-02:43:28,2) [kthreadd]
(root,0,0,00:00:03/56-02:43:28,3) [ksoftirqd/0]
(root,0,0,00:00:00/56-02:43:28,5) [kworker/0:0H]
(root,0,0,01:10:12/56-02:43:28,7) [rcu_sched]
(root,0,0,00:00:00/56-02:43:28,8) [rcu_bh]
(root,0,0,00:00:30/56-02:43:28,9) [migration/0]
(root,0,0,00:00:00/56-02:43:28,10) [lru-add-drain]
(root,0,0,00:00:52/56-02:43:28,11) [watchdog/0]
(root,0,0,00:00:00/56-02:43:28,12) [cpuhp/0]
(root,0,0,00:00:00/56-02:43:28,13) [cpuhp/1]
(root,0,0,00:00:46/56-02:43:28,14) [watchdog/1]
(root,0,0,00:00:22/56-02:43:28,15) [migration/1]
(root,0,0,00:00:48/56-02:43:28,16) [ksoftirqd/1]
(root,0,0,00:00:00/56-02:43:28,18) [kworker/1:0H]
(root,0,0,00:00:00/56-02:43:28,19) [kdevtmpfs]
(root,0,0,00:00:00/56-02:43:28,20) [netns]
(root,0,0,00:00:00/56-02:43:28,21) [xenwatch]
(root,0,0,00:00:51/56-02:43:28,22) [xenbus]
(root,0,0,00:00:03/56-02:43:28,24) [khungtaskd]
(root,0,0,00:00:00/56-02:43:28,25) [oom_reaper]
(root,0,0,00:00:00/56-02:43:28,26) [writeback]
(root,0,0,00:00:00/56-02:43:28,27) [kcompactd0]
(root,0,0,00:00:00/56-02:43:28,28) [ksmd]
(root,0,0,00:00:00/56-02:43:28,29) [khugepaged]
(root,0,0,00:00:00/56-02:43:28,30) [crypto]
(root,0,0,00:00:00/56-02:43:28,31) [kintegrityd]
(root,0,0,00:00:00/56-02:43:28,32) [bioset]
(root,0,0,00:00:00/56-02:43:28,33) [kblockd]
(root,0,0,00:00:00/56-02:43:28,34) [devfreq_wq]
(root,0,0,00:00:00/56-02:43:28,36) [watchdogd]
(root,0,0,00:02:29/56-02:43:27,37) [kswapd0]
(root,0,0,00:00:00/56-02:43:27,38) [vmstat]
(root,0,0,00:00:00/56-02:43:27,50) [kthrotld]
(root,0,0,00:00:00/56-02:43:27,51) [khvcd]
(root,0,0,00:00:00/56-02:43:27,52) [ipv6_addrconf]
(root,0,0,00:00:00/56-02:43:27,87) [bioset]
(root,0,0,00:00:00/56-02:43:27,88) [bioset]
(root,0,0,00:00:00/56-02:43:27,89) [bioset]
(root,0,0,00:00:00/56-02:43:27,90) [bioset]
(root,0,0,00:00:00/56-02:43:27,91) [bioset]
(root,0,0,00:00:00/56-02:43:27,92) [bioset]
(root,0,0,00:00:00/56-02:43:27,93) [bioset]
(root,0,0,00:00:00/56-02:43:27,94) [bioset]
(root,0,0,00:00:00/56-02:43:27,96) [ata_sff]
(root,0,0,00:00:00/56-02:43:27,97) [scsi_eh_0]
(root,0,0,00:00:00/56-02:43:27,98) [scsi_tmf_0]
(root,0,0,00:00:00/56-02:43:27,99) [scsi_eh_1]
(root,0,0,00:00:00/56-02:43:27,100) [scsi_tmf_1]
(root,0,0,00:00:00/56-02:43:26,129) [bioset]
(root,0,0,00:00:00/56-02:43:26,153) [kworker/u129:0]
(root,0,0,00:00:09/56-02:43:26,163) [kworker/0:1H]
(root,0,0,00:00:53/56-02:43:26,165) [jbd2/xvda1-8]
(root,0,0,00:00:00/56-02:43:26,166) [ext4-rsv-conver]
(root,0,0,00:00:20/56-02:43:26,194) [kworker/1:1H]
(root,64388,4224,00:11:56/56-02:43:26,201) /lib/systemd/systemd-journald
(root,0,0,00:00:00/56-02:43:25,211) [kauditd]
(root,45556,52,00:00:11/56-02:43:25,224) /lib/systemd/systemd-udevd
(root,0,0,00:00:00/56-02:43:25,265) [ttm_swap]
(root,0,0,00:00:00/56-02:43:25,334) [edac-poller]
(systemd-timesync,127288,40,00:00:17/56-02:43:24,370) /lib/systemd/systemd-timesyncd
(root,35800,120,00:11:05/56-02:43:22,493) /usr/sbin/irqbalance --foreground
(root,250112,120,00:01:41/56-02:43:22,495) /usr/sbin/rsyslogd -n
(messagebus,45112,404,00:00:00/56-02:43:22,497) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation
(clamav,296720,1012,00:01:24/56-02:43:22,501) /usr/bin/freshclam -d --foreground=true
(bind,287116,2724,00:04:10/56-02:43:22,505) /usr/sbin/named -f -u bind
(root,29636,72,00:00:13/56-02:43:22,508) /usr/sbin/cron -f
(root,37984,476,00:00:15/56-02:43:22,511) /lib/systemd/systemd-logind
(root,14524,0,00:00:00/56-02:43:22,524) /sbin/agetty --noclear tty1 linux
(root,14300,0,00:00:00/56-02:43:22,525) /sbin/agetty --keep-baud 115200,38400,9600 hvc0 vt220
(clamav,1635360,543592,00:43:54/56-02:43:22,535) /usr/sbin/clamd --foreground=true
(root,69960,0,00:00:00/56-02:43:22,548) /usr/sbin/sshd -D
(root,20220,544,00:00:12/56-02:43:22,571) /usr/sbin/xinetd -pidfile /run/xinetd.pid -stayalive -inetd_compat -inetd_ipv6
(smtpgw,21712,892,00:00:32/56-02:43:22,574) /usr/sbin/smtp-gated /etc/smtp-gated.conf
(root,790484,2664,00:40:30/56-02:43:21,592) /usr/sbin/xe-daemon -p /var/run/xe-daemon.pid
(root,25384,0,00:00:00/56-02:43:21,594) logger -t xe-daemon
(root,25384,0,00:00:00/56-02:43:21,597) logger -t xenstore
(root,185080,2020,00:21:46/56-02:43:21,612) /usr/bin/perl -T -w /usr/sbin/spamd -d --pidfile=/var/run/spamd.pid --create-prefs --max-children 5 --helper-home-dir --socketpath=/var/run/spamd.sock
(root,185080,1496,00:00:07/56-02:43:17,613) spamd child
(root,185080,1660,00:00:07/56-02:43:17,615) spamd child
(root,0,0,00:00:39/1-01:51:44,8261) [kworker/1:0]
(root,0,0,00:00:48/47-00:01:49,32298) [kworker/u128:6]
(root,0,0,00:00:00/47-00:01:49,32300) [kworker/u128:9]
(root,0,0,00:00:01/06:00:44,34622) [kworker/0:2]
(root,0,0,00:00:00/01:50:44,40244) [kworker/0:1]
(root,19736,3292,00:00:00/00:00,42781) /bin/bash /usr/bin/check_mk_agent
(root,36632,2712,00:00:00/00:00,42800) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000
(root,13208,1036,00:00:00/00:00,42801) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) /
(root,0,0,00:00:15/1-12:10:43,59517) [kworker/1:1]

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP mode DEFAULT group default qlen 1000
    link/ether 4e:f3:e0:93:12:31 brd ff:ff:ff:ff:ff:ff
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP mode DEFAULT group default qlen 1000
    link/ether 9e:6e:d6:0f:9c:57 brd ff:ff:ff:ff:ff:ff
[end_iplink]

Found on 2022-12-07 11:21

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcb3562910c28104c57538621431f6ef336bc397544

Found public CheckMk agent:
Version: 1.2.8p15
AgentOS: linux
Hostname: proxy1
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
OnlyFrom: 

Found process list through CheckMk:
(root,57100,3976,00:00:37/46-23:45:43,1) /sbin/init
(root,0,0,00:00:00/46-23:45:43,2) [kthreadd]
(root,0,0,00:00:02/46-23:45:43,3) [ksoftirqd/0]
(root,0,0,00:00:00/46-23:45:43,5) [kworker/0:0H]
(root,0,0,00:59:33/46-23:45:43,7) [rcu_sched]
(root,0,0,00:00:00/46-23:45:43,8) [rcu_bh]
(root,0,0,00:00:24/46-23:45:43,9) [migration/0]
(root,0,0,00:00:00/46-23:45:43,10) [lru-add-drain]
(root,0,0,00:00:43/46-23:45:43,11) [watchdog/0]
(root,0,0,00:00:00/46-23:45:43,12) [cpuhp/0]
(root,0,0,00:00:00/46-23:45:43,13) [cpuhp/1]
(root,0,0,00:00:38/46-23:45:43,14) [watchdog/1]
(root,0,0,00:00:18/46-23:45:43,15) [migration/1]
(root,0,0,00:00:42/46-23:45:43,16) [ksoftirqd/1]
(root,0,0,00:00:00/46-23:45:43,18) [kworker/1:0H]
(root,0,0,00:00:00/46-23:45:43,19) [kdevtmpfs]
(root,0,0,00:00:00/46-23:45:43,20) [netns]
(root,0,0,00:00:00/46-23:45:43,21) [xenwatch]
(root,0,0,00:00:43/46-23:45:43,22) [xenbus]
(root,0,0,00:00:02/46-23:45:43,24) [khungtaskd]
(root,0,0,00:00:00/46-23:45:43,25) [oom_reaper]
(root,0,0,00:00:00/46-23:45:43,26) [writeback]
(root,0,0,00:00:00/46-23:45:43,27) [kcompactd0]
(root,0,0,00:00:00/46-23:45:43,28) [ksmd]
(root,0,0,00:00:00/46-23:45:43,29) [khugepaged]
(root,0,0,00:00:00/46-23:45:43,30) [crypto]
(root,0,0,00:00:00/46-23:45:43,31) [kintegrityd]
(root,0,0,00:00:00/46-23:45:43,32) [bioset]
(root,0,0,00:00:00/46-23:45:43,33) [kblockd]
(root,0,0,00:00:00/46-23:45:43,34) [devfreq_wq]
(root,0,0,00:00:00/46-23:45:43,36) [watchdogd]
(root,0,0,00:01:59/46-23:45:42,37) [kswapd0]
(root,0,0,00:00:00/46-23:45:42,38) [vmstat]
(root,0,0,00:00:00/46-23:45:42,50) [kthrotld]
(root,0,0,00:00:00/46-23:45:42,51) [khvcd]
(root,0,0,00:00:00/46-23:45:42,52) [ipv6_addrconf]
(root,0,0,00:00:00/46-23:45:42,87) [bioset]
(root,0,0,00:00:00/46-23:45:42,88) [bioset]
(root,0,0,00:00:00/46-23:45:42,89) [bioset]
(root,0,0,00:00:00/46-23:45:42,90) [bioset]
(root,0,0,00:00:00/46-23:45:42,91) [bioset]
(root,0,0,00:00:00/46-23:45:42,92) [bioset]
(root,0,0,00:00:00/46-23:45:42,93) [bioset]
(root,0,0,00:00:00/46-23:45:42,94) [bioset]
(root,0,0,00:00:00/46-23:45:42,96) [ata_sff]
(root,0,0,00:00:00/46-23:45:42,97) [scsi_eh_0]
(root,0,0,00:00:00/46-23:45:42,98) [scsi_tmf_0]
(root,0,0,00:00:00/46-23:45:42,99) [scsi_eh_1]
(root,0,0,00:00:00/46-23:45:42,100) [scsi_tmf_1]
(root,0,0,00:00:00/46-23:45:41,129) [bioset]
(root,0,0,00:00:00/46-23:45:41,153) [kworker/u129:0]
(root,0,0,00:00:07/46-23:45:41,163) [kworker/0:1H]
(root,0,0,00:00:49/46-23:45:41,165) [jbd2/xvda1-8]
(root,0,0,00:00:00/46-23:45:41,166) [ext4-rsv-conver]
(root,0,0,00:00:18/46-23:45:41,194) [kworker/1:1H]
(root,59340,4048,00:11:29/46-23:45:41,201) /lib/systemd/systemd-journald
(root,0,0,00:00:00/46-23:45:40,211) [kauditd]
(root,45556,560,00:00:09/46-23:45:40,224) /lib/systemd/systemd-udevd
(root,0,0,00:00:00/46-23:45:40,265) [ttm_swap]
(root,0,0,00:00:00/46-23:45:40,334) [edac-poller]
(systemd-timesync,127288,1172,00:00:14/46-23:45:39,370) /lib/systemd/systemd-timesyncd
(root,35800,120,00:09:11/46-23:45:37,493) /usr/sbin/irqbalance --foreground
(root,250112,804,00:01:38/46-23:45:37,495) /usr/sbin/rsyslogd -n
(messagebus,45112,728,00:00:00/46-23:45:37,497) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation
(clamav,296604,996,00:01:08/46-23:45:37,501) /usr/bin/freshclam -d --foreground=true
(bind,286596,4128,00:04:09/46-23:45:37,505) /usr/sbin/named -f -u bind
(root,29636,488,00:00:10/46-23:45:37,508) /usr/sbin/cron -f
(root,37984,908,00:00:12/46-23:45:37,511) /lib/systemd/systemd-logind
(root,14524,0,00:00:00/46-23:45:37,524) /sbin/agetty --noclear tty1 linux
(root,14300,0,00:00:00/46-23:45:37,525) /sbin/agetty --keep-baud 115200,38400,9600 hvc0 vt220
(clamav,1634744,541964,00:36:15/46-23:45:37,535) /usr/sbin/clamd --foreground=true
(root,69960,0,00:00:00/46-23:45:37,548) /usr/sbin/sshd -D
(root,20220,556,00:00:10/46-23:45:37,571) /usr/sbin/xinetd -pidfile /run/xinetd.pid -stayalive -inetd_compat -inetd_ipv6
(smtpgw,21712,956,00:00:26/46-23:45:37,574) /usr/sbin/smtp-gated /etc/smtp-gated.conf
(root,790484,2908,00:33:42/46-23:45:36,592) /usr/sbin/xe-daemon -p /var/run/xe-daemon.pid
(root,25384,0,00:00:00/46-23:45:36,594) logger -t xe-daemon
(root,25384,0,00:00:00/46-23:45:36,597) logger -t xenstore
(root,185080,1840,00:18:10/46-23:45:36,612) /usr/bin/perl -T -w /usr/sbin/spamd -d --pidfile=/var/run/spamd.pid --create-prefs --max-children 5 --helper-home-dir --socketpath=/var/run/spamd.sock
(root,185080,2160,00:00:06/46-23:45:32,613) spamd child
(root,185080,1956,00:00:05/46-23:45:32,615) spamd child
(root,0,0,00:00:00/02:34:35,7168) [kworker/0:2]
(root,19736,3300,00:00:00/00:00,10661) /bin/bash /usr/bin/check_mk_agent
(root,36632,2816,00:00:00/00:00,10680) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000
(root,13208,1008,00:00:00/00:00,10681) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) /
(root,0,0,00:00:41/37-21:04:04,32298) [kworker/u128:6]
(root,0,0,00:00:00/37-21:04:04,32300) [kworker/u128:9]
(root,0,0,00:00:39/1-02:57:35,39739) [kworker/1:1]
(root,0,0,00:00:53/2-15:23:58,56059) [kworker/1:2]
(root,0,0,00:00:01/08:44:35,63960) [kworker/0:0]

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP mode DEFAULT group default qlen 1000
    link/ether 4e:f3:e0:93:12:31 brd ff:ff:ff:ff:ff:ff
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP mode DEFAULT group default qlen 1000
    link/ether 9e:6e:d6:0f:9c:57 brd ff:ff:ff:ff:ff:ff
[end_iplink]

Found on 2022-11-28 08:24

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcb3562910c28104c57538621431f6ef336d458d884

Found public CheckMk agent:
Version: 1.2.8p15
AgentOS: linux
Hostname: proxy1
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
OnlyFrom: 

Found process list through CheckMk:
(root,57100,3636,00:00:36/44-19:04:40,1) /sbin/init
(root,0,0,00:00:00/44-19:04:40,2) [kthreadd]
(root,0,0,00:00:02/44-19:04:40,3) [ksoftirqd/0]
(root,0,0,00:00:00/44-19:04:40,5) [kworker/0:0H]
(root,0,0,00:56:32/44-19:04:40,7) [rcu_sched]
(root,0,0,00:00:00/44-19:04:40,8) [rcu_bh]
(root,0,0,00:00:23/44-19:04:40,9) [migration/0]
(root,0,0,00:00:00/44-19:04:40,10) [lru-add-drain]
(root,0,0,00:00:41/44-19:04:40,11) [watchdog/0]
(root,0,0,00:00:00/44-19:04:40,12) [cpuhp/0]
(root,0,0,00:00:00/44-19:04:40,13) [cpuhp/1]
(root,0,0,00:00:36/44-19:04:40,14) [watchdog/1]
(root,0,0,00:00:17/44-19:04:40,15) [migration/1]
(root,0,0,00:00:39/44-19:04:40,16) [ksoftirqd/1]
(root,0,0,00:00:00/44-19:04:40,18) [kworker/1:0H]
(root,0,0,00:00:00/44-19:04:40,19) [kdevtmpfs]
(root,0,0,00:00:00/44-19:04:40,20) [netns]
(root,0,0,00:00:00/44-19:04:40,21) [xenwatch]
(root,0,0,00:00:41/44-19:04:40,22) [xenbus]
(root,0,0,00:00:02/44-19:04:40,24) [khungtaskd]
(root,0,0,00:00:00/44-19:04:40,25) [oom_reaper]
(root,0,0,00:00:00/44-19:04:40,26) [writeback]
(root,0,0,00:00:00/44-19:04:40,27) [kcompactd0]
(root,0,0,00:00:00/44-19:04:40,28) [ksmd]
(root,0,0,00:00:00/44-19:04:40,29) [khugepaged]
(root,0,0,00:00:00/44-19:04:40,30) [crypto]
(root,0,0,00:00:00/44-19:04:40,31) [kintegrityd]
(root,0,0,00:00:00/44-19:04:40,32) [bioset]
(root,0,0,00:00:00/44-19:04:40,33) [kblockd]
(root,0,0,00:00:00/44-19:04:40,34) [devfreq_wq]
(root,0,0,00:00:00/44-19:04:40,36) [watchdogd]
(root,0,0,00:01:53/44-19:04:39,37) [kswapd0]
(root,0,0,00:00:00/44-19:04:39,38) [vmstat]
(root,0,0,00:00:00/44-19:04:39,50) [kthrotld]
(root,0,0,00:00:00/44-19:04:39,51) [khvcd]
(root,0,0,00:00:00/44-19:04:39,52) [ipv6_addrconf]
(root,0,0,00:00:00/44-19:04:39,87) [bioset]
(root,0,0,00:00:00/44-19:04:39,88) [bioset]
(root,0,0,00:00:00/44-19:04:39,89) [bioset]
(root,0,0,00:00:00/44-19:04:39,90) [bioset]
(root,0,0,00:00:00/44-19:04:39,91) [bioset]
(root,0,0,00:00:00/44-19:04:39,92) [bioset]
(root,0,0,00:00:00/44-19:04:39,93) [bioset]
(root,0,0,00:00:00/44-19:04:39,94) [bioset]
(root,0,0,00:00:00/44-19:04:39,96) [ata_sff]
(root,0,0,00:00:00/44-19:04:39,97) [scsi_eh_0]
(root,0,0,00:00:00/44-19:04:39,98) [scsi_tmf_0]
(root,0,0,00:00:00/44-19:04:39,99) [scsi_eh_1]
(root,0,0,00:00:00/44-19:04:39,100) [scsi_tmf_1]
(root,0,0,00:00:00/44-19:04:38,129) [bioset]
(root,0,0,00:00:00/44-19:04:38,153) [kworker/u129:0]
(root,0,0,00:00:07/44-19:04:38,163) [kworker/0:1H]
(root,0,0,00:00:48/44-19:04:38,165) [jbd2/xvda1-8]
(root,0,0,00:00:00/44-19:04:38,166) [ext4-rsv-conver]
(root,0,0,00:00:17/44-19:04:38,194) [kworker/1:1H]
(root,64388,5440,00:11:22/44-19:04:38,201) /lib/systemd/systemd-journald
(root,0,0,00:00:00/44-19:04:37,211) [kauditd]
(root,45556,20,00:00:08/44-19:04:37,224) /lib/systemd/systemd-udevd
(root,0,0,00:00:00/44-19:04:37,265) [ttm_swap]
(root,0,0,00:00:00/44-19:04:37,334) [edac-poller]
(systemd-timesync,127288,44,00:00:14/44-19:04:36,370) /lib/systemd/systemd-timesyncd
(root,35800,120,00:08:44/44-19:04:34,493) /usr/sbin/irqbalance --foreground
(root,250112,788,00:01:37/44-19:04:34,495) /usr/sbin/rsyslogd -n
(messagebus,45112,908,00:00:00/44-19:04:34,497) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation
(clamav,296604,996,00:01:05/44-19:04:34,501) /usr/bin/freshclam -d --foreground=true
(bind,286596,4116,00:04:09/44-19:04:34,505) /usr/sbin/named -f -u bind
(root,29636,352,00:00:10/44-19:04:34,508) /usr/sbin/cron -f
(root,37984,116,00:00:11/44-19:04:34,511) /lib/systemd/systemd-logind
(root,14524,0,00:00:00/44-19:04:34,524) /sbin/agetty --noclear tty1 linux
(root,14300,0,00:00:00/44-19:04:34,525) /sbin/agetty --keep-baud 115200,38400,9600 hvc0 vt220
(clamav,1634432,539880,00:34:41/44-19:04:34,535) /usr/sbin/clamd --foreground=true
(root,69960,0,00:00:00/44-19:04:34,548) /usr/sbin/sshd -D
(root,20220,444,00:00:09/44-19:04:34,571) /usr/sbin/xinetd -pidfile /run/xinetd.pid -stayalive -inetd_compat -inetd_ipv6
(smtpgw,21712,864,00:00:25/44-19:04:34,574) /usr/sbin/smtp-gated /etc/smtp-gated.conf
(root,790484,2864,00:32:03/44-19:04:33,592) /usr/sbin/xe-daemon -p /var/run/xe-daemon.pid
(root,25384,0,00:00:00/44-19:04:33,594) logger -t xe-daemon
(root,25384,0,00:00:00/44-19:04:33,597) logger -t xenstore
(root,185080,1820,00:17:18/44-19:04:33,612) /usr/bin/perl -T -w /usr/sbin/spamd -d --pidfile=/var/run/spamd.pid --create-prefs --max-children 5 --helper-home-dir --socketpath=/var/run/spamd.sock
(root,185080,1168,00:00:05/44-19:04:29,613) spamd child
(root,185080,1068,00:00:05/44-19:04:29,615) spamd child
(root,19736,3280,00:00:00/00:00,5187) /bin/bash /usr/bin/check_mk_agent
(root,36632,2764,00:00:00/00:00,5206) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000
(root,13208,1028,00:00:00/00:00,5207) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) /
(root,0,0,00:00:04/1-08:33:32,26913) [kworker/0:2]
(root,0,0,00:00:39/35-16:23:01,32298) [kworker/u128:6]
(root,0,0,00:00:00/35-16:23:01,32300) [kworker/u128:9]
(root,0,0,00:00:17/22:31:56,40217) [kworker/1:0]
(root,0,0,00:00:05/18:20:16,45903) [kworker/0:1]
(root,0,0,00:00:15/10:42:55,56059) [kworker/1:2]

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP mode DEFAULT group default qlen 1000
    link/ether 4e:f3:e0:93:12:31 brd ff:ff:ff:ff:ff:ff
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP mode DEFAULT group default qlen 1000
    link/ether 9e:6e:d6:0f:9c:57 brd ff:ff:ff:ff:ff:ff
[end_iplink]

Found on 2022-11-26 03:43

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcb3562910c28104c57538621431f6ef336d7c5beca

Found public CheckMk agent:
Version: 1.2.8p15
AgentOS: linux
Hostname: proxy1
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
OnlyFrom: 

Found process list through CheckMk:
(root,57100,604,00:00:29/36-03:48:41,1) /sbin/init
(root,0,0,00:00:00/36-03:48:41,2) [kthreadd]
(root,0,0,00:00:02/36-03:48:41,3) [ksoftirqd/0]
(root,0,0,00:00:00/36-03:48:41,5) [kworker/0:0H]
(root,0,0,00:46:08/36-03:48:41,7) [rcu_sched]
(root,0,0,00:00:00/36-03:48:41,8) [rcu_bh]
(root,0,0,00:00:18/36-03:48:41,9) [migration/0]
(root,0,0,00:00:00/36-03:48:41,10) [lru-add-drain]
(root,0,0,00:00:32/36-03:48:41,11) [watchdog/0]
(root,0,0,00:00:00/36-03:48:41,12) [cpuhp/0]
(root,0,0,00:00:00/36-03:48:41,13) [cpuhp/1]
(root,0,0,00:00:28/36-03:48:41,14) [watchdog/1]
(root,0,0,00:00:14/36-03:48:41,15) [migration/1]
(root,0,0,00:00:33/36-03:48:41,16) [ksoftirqd/1]
(root,0,0,00:00:00/36-03:48:41,18) [kworker/1:0H]
(root,0,0,00:00:00/36-03:48:41,19) [kdevtmpfs]
(root,0,0,00:00:00/36-03:48:41,20) [netns]
(root,0,0,00:00:00/36-03:48:41,21) [xenwatch]
(root,0,0,00:00:32/36-03:48:41,22) [xenbus]
(root,0,0,00:00:01/36-03:48:41,24) [khungtaskd]
(root,0,0,00:00:00/36-03:48:41,25) [oom_reaper]
(root,0,0,00:00:00/36-03:48:41,26) [writeback]
(root,0,0,00:00:00/36-03:48:41,27) [kcompactd0]
(root,0,0,00:00:00/36-03:48:41,28) [ksmd]
(root,0,0,00:00:00/36-03:48:41,29) [khugepaged]
(root,0,0,00:00:00/36-03:48:41,30) [crypto]
(root,0,0,00:00:00/36-03:48:41,31) [kintegrityd]
(root,0,0,00:00:00/36-03:48:41,32) [bioset]
(root,0,0,00:00:00/36-03:48:41,33) [kblockd]
(root,0,0,00:00:00/36-03:48:41,34) [devfreq_wq]
(root,0,0,00:00:00/36-03:48:41,36) [watchdogd]
(root,0,0,00:01:28/36-03:48:40,37) [kswapd0]
(root,0,0,00:00:00/36-03:48:40,38) [vmstat]
(root,0,0,00:00:00/36-03:48:40,50) [kthrotld]
(root,0,0,00:00:00/36-03:48:40,51) [khvcd]
(root,0,0,00:00:00/36-03:48:40,52) [ipv6_addrconf]
(root,0,0,00:00:00/36-03:48:40,87) [bioset]
(root,0,0,00:00:00/36-03:48:40,88) [bioset]
(root,0,0,00:00:00/36-03:48:40,89) [bioset]
(root,0,0,00:00:00/36-03:48:40,90) [bioset]
(root,0,0,00:00:00/36-03:48:40,91) [bioset]
(root,0,0,00:00:00/36-03:48:40,92) [bioset]
(root,0,0,00:00:00/36-03:48:40,93) [bioset]
(root,0,0,00:00:00/36-03:48:40,94) [bioset]
(root,0,0,00:00:00/36-03:48:40,96) [ata_sff]
(root,0,0,00:00:00/36-03:48:40,97) [scsi_eh_0]
(root,0,0,00:00:00/36-03:48:40,98) [scsi_tmf_0]
(root,0,0,00:00:00/36-03:48:40,99) [scsi_eh_1]
(root,0,0,00:00:00/36-03:48:40,100) [scsi_tmf_1]
(root,0,0,00:00:00/36-03:48:39,129) [bioset]
(root,0,0,00:00:00/36-03:48:39,153) [kworker/u129:0]
(root,0,0,00:00:05/36-03:48:39,163) [kworker/0:1H]
(root,0,0,00:00:43/36-03:48:39,165) [jbd2/xvda1-8]
(root,0,0,00:00:00/36-03:48:39,166) [ext4-rsv-conver]
(root,0,0,00:00:15/36-03:48:39,194) [kworker/1:1H]
(root,59340,3228,00:10:55/36-03:48:39,201) /lib/systemd/systemd-journald
(root,0,0,00:00:00/36-03:48:38,211) [kauditd]
(root,45556,28,00:00:07/36-03:48:38,224) /lib/systemd/systemd-udevd
(root,0,0,00:00:00/36-03:48:38,265) [ttm_swap]
(root,0,0,00:00:00/36-03:48:38,334) [edac-poller]
(systemd-timesync,127288,44,00:00:11/36-03:48:37,370) /lib/systemd/systemd-timesyncd
(root,35800,120,00:06:55/36-03:48:35,493) /usr/sbin/irqbalance --foreground
(root,250112,84,00:01:33/36-03:48:35,495) /usr/sbin/rsyslogd -n
(messagebus,45112,60,00:00:00/36-03:48:35,497) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation
(clamav,296604,1060,00:00:53/36-03:48:35,501) /usr/bin/freshclam -d --foreground=true
(bind,286336,3076,00:04:08/36-03:48:35,505) /usr/sbin/named -f -u bind
(root,29636,356,00:00:08/36-03:48:35,508) /usr/sbin/cron -f
(root,37984,168,00:00:09/36-03:48:35,511) /lib/systemd/systemd-logind
(root,14524,0,00:00:00/36-03:48:35,524) /sbin/agetty --noclear tty1 linux
(root,14300,0,00:00:00/36-03:48:35,525) /sbin/agetty --keep-baud 115200,38400,9600 hvc0 vt220
(clamav,1633440,543556,00:28:11/36-03:48:35,535) /usr/sbin/clamd --foreground=true
(root,69960,0,00:00:00/36-03:48:35,548) /usr/sbin/sshd -D
(root,20220,464,00:00:07/36-03:48:35,571) /usr/sbin/xinetd -pidfile /run/xinetd.pid -stayalive -inetd_compat -inetd_ipv6
(smtpgw,21712,764,00:00:20/36-03:48:35,574) /usr/sbin/smtp-gated /etc/smtp-gated.conf
(root,790484,2724,00:25:36/36-03:48:34,592) /usr/sbin/xe-daemon -p /var/run/xe-daemon.pid
(root,25384,0,00:00:00/36-03:48:34,594) logger -t xe-daemon
(root,25384,0,00:00:00/36-03:48:34,597) logger -t xenstore
(root,185080,2144,00:13:53/36-03:48:34,612) /usr/bin/perl -T -w /usr/sbin/spamd -d --pidfile=/var/run/spamd.pid --create-prefs --max-children 5 --helper-home-dir --socketpath=/var/run/spamd.sock
(root,185080,1600,00:00:04/36-03:48:30,613) spamd child
(root,185080,1872,00:00:04/36-03:48:30,615) spamd child
(root,0,0,00:00:31/1-03:10:17,16797) [kworker/1:2]
(root,0,0,00:00:03/15:48:56,31859) [kworker/0:1]
(root,0,0,00:00:32/27-01:07:02,32298) [kworker/u128:6]
(root,0,0,00:00:00/27-01:07:02,32300) [kworker/u128:9]
(root,0,0,00:00:09/06:26:57,44408) [kworker/1:0]
(root,0,0,00:00:00/03:09:57,48746) [kworker/0:0]
(root,19736,3304,00:00:00/00:00,53029) /bin/bash /usr/bin/check_mk_agent
(root,36632,2756,00:00:00/00:00,53048) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000
(root,13208,996,00:00:00/00:00,53049) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) /

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP mode DEFAULT group default qlen 1000
    link/ether 4e:f3:e0:93:12:31 brd ff:ff:ff:ff:ff:ff
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP mode DEFAULT group default qlen 1000
    link/ether 9e:6e:d6:0f:9c:57 brd ff:ff:ff:ff:ff:ff
[end_iplink]

Found on 2022-11-17 12:27

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcb3562910c28104c57538621431f6ef33699a43582

Found public CheckMk agent:
Version: 1.2.8p15
AgentOS: linux
Hostname: proxy1
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
OnlyFrom: 

Found process list through CheckMk:
(root,57100,6868,00:00:08/9-18:24:00,1) /sbin/init
(root,0,0,00:00:00/9-18:24:00,2) [kthreadd]
(root,0,0,00:00:00/9-18:24:00,3) [ksoftirqd/0]
(root,0,0,00:00:00/9-18:24:00,5) [kworker/0:0H]
(root,0,0,00:09:17/9-18:24:00,7) [rcu_sched]
(root,0,0,00:00:00/9-18:24:00,8) [rcu_bh]
(root,0,0,00:00:03/9-18:24:00,9) [migration/0]
(root,0,0,00:00:00/9-18:24:00,10) [lru-add-drain]
(root,0,0,00:00:06/9-18:24:00,11) [watchdog/0]
(root,0,0,00:00:00/9-18:24:00,12) [cpuhp/0]
(root,0,0,00:00:00/9-18:24:00,13) [cpuhp/1]
(root,0,0,00:00:05/9-18:24:00,14) [watchdog/1]
(root,0,0,00:00:02/9-18:24:00,15) [migration/1]
(root,0,0,00:00:06/9-18:24:00,16) [ksoftirqd/1]
(root,0,0,00:00:00/9-18:24:00,18) [kworker/1:0H]
(root,0,0,00:00:00/9-18:24:00,19) [kdevtmpfs]
(root,0,0,00:00:00/9-18:24:00,20) [netns]
(root,0,0,00:00:00/9-18:24:00,21) [xenwatch]
(root,0,0,00:00:07/9-18:24:00,22) [xenbus]
(root,0,0,00:00:00/9-18:24:00,24) [khungtaskd]
(root,0,0,00:00:00/9-18:24:00,25) [oom_reaper]
(root,0,0,00:00:00/9-18:24:00,26) [writeback]
(root,0,0,00:00:00/9-18:24:00,27) [kcompactd0]
(root,0,0,00:00:00/9-18:24:00,28) [ksmd]
(root,0,0,00:00:00/9-18:24:00,29) [khugepaged]
(root,0,0,00:00:00/9-18:24:00,30) [crypto]
(root,0,0,00:00:00/9-18:24:00,31) [kintegrityd]
(root,0,0,00:00:00/9-18:24:00,32) [bioset]
(root,0,0,00:00:00/9-18:24:00,33) [kblockd]
(root,0,0,00:00:00/9-18:24:00,34) [devfreq_wq]
(root,0,0,00:00:00/9-18:24:00,36) [watchdogd]
(root,0,0,00:00:00/9-18:23:59,37) [kswapd0]
(root,0,0,00:00:00/9-18:23:59,38) [vmstat]
(root,0,0,00:00:00/9-18:23:59,50) [kthrotld]
(root,0,0,00:00:00/9-18:23:59,51) [khvcd]
(root,0,0,00:00:00/9-18:23:59,52) [ipv6_addrconf]
(root,0,0,00:00:00/9-18:23:59,87) [bioset]
(root,0,0,00:00:00/9-18:23:59,88) [bioset]
(root,0,0,00:00:00/9-18:23:59,89) [bioset]
(root,0,0,00:00:00/9-18:23:59,90) [bioset]
(root,0,0,00:00:00/9-18:23:59,91) [bioset]
(root,0,0,00:00:00/9-18:23:59,92) [bioset]
(root,0,0,00:00:00/9-18:23:59,93) [bioset]
(root,0,0,00:00:00/9-18:23:59,94) [bioset]
(root,0,0,00:00:00/9-18:23:59,96) [ata_sff]
(root,0,0,00:00:00/9-18:23:59,97) [scsi_eh_0]
(root,0,0,00:00:00/9-18:23:59,98) [scsi_tmf_0]
(root,0,0,00:00:00/9-18:23:59,99) [scsi_eh_1]
(root,0,0,00:00:00/9-18:23:59,100) [scsi_tmf_1]
(root,0,0,00:00:00/9-18:23:58,129) [bioset]
(root,0,0,00:00:00/9-18:23:58,153) [kworker/u129:0]
(root,0,0,00:00:01/9-18:23:58,163) [kworker/0:1H]
(root,0,0,00:00:03/9-18:23:58,165) [jbd2/xvda1-8]
(root,0,0,00:00:00/9-18:23:58,166) [ext4-rsv-conver]
(root,0,0,00:00:01/9-18:23:58,194) [kworker/1:1H]
(root,64388,8564,00:00:27/9-18:23:58,201) /lib/systemd/systemd-journald
(root,0,0,00:00:00/9-18:23:57,211) [kauditd]
(root,45556,3328,00:00:01/9-18:23:57,224) /lib/systemd/systemd-udevd
(root,0,0,00:00:00/9-18:23:57,265) [ttm_swap]
(root,0,0,00:00:00/9-18:23:57,334) [edac-poller]
(systemd-timesync,127288,4104,00:00:02/9-18:23:56,370) /lib/systemd/systemd-timesyncd
(root,35800,1924,00:01:26/9-18:23:54,493) /usr/sbin/irqbalance --foreground
(root,250112,3276,00:00:03/9-18:23:54,495) /usr/sbin/rsyslogd -n
(messagebus,45112,3636,00:00:00/9-18:23:54,497) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation
(clamav,296604,33456,00:00:10/9-18:23:54,501) /usr/bin/freshclam -d --foreground=true
(bind,286076,21088,00:00:00/9-18:23:54,505) /usr/sbin/named -f -u bind
(root,29636,2328,00:00:01/9-18:23:54,508) /usr/sbin/cron -f
(root,37984,4372,00:00:02/9-18:23:54,511) /lib/systemd/systemd-logind
(root,14524,1424,00:00:00/9-18:23:54,524) /sbin/agetty --noclear tty1 linux
(root,14300,1628,00:00:00/9-18:23:54,525) /sbin/agetty --keep-baud 115200,38400,9600 hvc0 vt220
(clamav,1614860,1318240,00:04:53/9-18:23:54,535) /usr/sbin/clamd --foreground=true
(root,69960,5652,00:00:00/9-18:23:54,548) /usr/sbin/sshd -D
(root,20220,2136,00:00:02/9-18:23:54,571) /usr/sbin/xinetd -pidfile /run/xinetd.pid -stayalive -inetd_compat -inetd_ipv6
(smtpgw,21712,2244,00:00:05/9-18:23:54,574) /usr/sbin/smtp-gated /etc/smtp-gated.conf
(root,790484,3140,00:05:41/9-18:23:53,592) /usr/sbin/xe-daemon -p /var/run/xe-daemon.pid
(root,25384,1460,00:00:00/9-18:23:53,594) logger -t xe-daemon
(root,25384,1472,00:00:00/9-18:23:53,597) logger -t xenstore
(root,185080,105100,00:03:23/9-18:23:53,612) /usr/bin/perl -T -w /usr/sbin/spamd -d --pidfile=/var/run/spamd.pid --create-prefs --max-children 5 --helper-home-dir --socketpath=/var/run/spamd.sock
(root,185080,99768,00:00:01/9-18:23:49,613) spamd child
(root,185080,99768,00:00:00/9-18:23:49,615) spamd child
(root,0,0,00:00:05/22:44:31,22857) [kworker/1:1]
(root,0,0,00:01:07/18:01:32,29131) [kworker/1:0]
(root,0,0,00:00:00/15:42:21,32298) [kworker/u128:6]
(root,0,0,00:00:00/15:42:21,32300) [kworker/u128:9]
(root,0,0,00:00:03/15:42:21,32302) [kworker/0:2]
(root,0,0,00:00:01/05:18:16,46107) [kworker/0:0]
(root,19736,3312,00:00:00/00:00,53270) /bin/bash /usr/bin/check_mk_agent
(root,36632,2828,00:00:00/00:00,53289) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000
(root,13208,1028,00:00:00/00:00,53290) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) /

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP mode DEFAULT group default qlen 1000
    link/ether 4e:f3:e0:93:12:31 brd ff:ff:ff:ff:ff:ff
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP mode DEFAULT group default qlen 1000
    link/ether 9e:6e:d6:0f:9c:57 brd ff:ff:ff:ff:ff:ff
[end_iplink]

Found on 2022-10-22 03:02

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcb3562910c28104c57538621431f6ef336fe631fa0

Found public CheckMk agent:
Version: 1.2.8p15
AgentOS: linux
Hostname: proxy1
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
OnlyFrom: 

Found process list through CheckMk:
(root,56940,3648,00:01:29/112-08:28:29,1) /sbin/init
(root,0,0,00:00:00/112-08:28:29,2) [kthreadd]
(root,0,0,00:00:08/112-08:28:29,3) [ksoftirqd/0]
(root,0,0,00:00:00/112-08:28:29,5) [kworker/0:0H]
(root,0,0,02:43:23/112-08:28:29,7) [rcu_sched]
(root,0,0,00:00:00/112-08:28:29,8) [rcu_bh]
(root,0,0,00:00:56/112-08:28:29,9) [migration/0]
(root,0,0,00:00:00/112-08:28:29,10) [lru-add-drain]
(root,0,0,00:01:46/112-08:28:29,11) [watchdog/0]
(root,0,0,00:00:00/112-08:28:29,12) [cpuhp/0]
(root,0,0,00:00:00/112-08:28:29,13) [cpuhp/1]
(root,0,0,00:01:29/112-08:28:29,14) [watchdog/1]
(root,0,0,00:00:45/112-08:28:29,15) [migration/1]
(root,0,0,00:01:59/112-08:28:29,16) [ksoftirqd/1]
(root,0,0,00:00:00/112-08:28:29,18) [kworker/1:0H]
(root,0,0,00:00:00/112-08:28:29,19) [kdevtmpfs]
(root,0,0,00:00:00/112-08:28:29,20) [netns]
(root,0,0,00:00:00/112-08:28:29,21) [xenwatch]
(root,0,0,00:01:41/112-08:28:29,22) [xenbus]
(root,0,0,00:00:05/112-08:28:29,24) [khungtaskd]
(root,0,0,00:00:00/112-08:28:29,25) [oom_reaper]
(root,0,0,00:00:00/112-08:28:29,26) [writeback]
(root,0,0,00:00:00/112-08:28:29,27) [kcompactd0]
(root,0,0,00:00:00/112-08:28:29,28) [ksmd]
(root,0,0,00:00:00/112-08:28:29,29) [khugepaged]
(root,0,0,00:00:00/112-08:28:29,30) [crypto]
(root,0,0,00:00:00/112-08:28:29,31) [kintegrityd]
(root,0,0,00:00:00/112-08:28:29,32) [bioset]
(root,0,0,00:00:00/112-08:28:29,33) [kblockd]
(root,0,0,00:00:00/112-08:28:29,35) [devfreq_wq]
(root,0,0,00:00:00/112-08:28:29,36) [watchdogd]
(root,0,0,00:05:37/112-08:28:28,37) [kswapd0]
(root,0,0,00:00:00/112-08:28:28,38) [vmstat]
(root,0,0,00:00:00/112-08:28:28,50) [kthrotld]
(root,0,0,00:00:00/112-08:28:28,51) [khvcd]
(root,0,0,00:00:00/112-08:28:28,53) [ipv6_addrconf]
(root,0,0,00:00:00/112-08:28:28,88) [ata_sff]
(root,0,0,00:00:00/112-08:28:28,89) [scsi_eh_0]
(root,0,0,00:00:00/112-08:28:28,90) [scsi_tmf_0]
(root,0,0,00:00:00/112-08:28:28,91) [scsi_eh_1]
(root,0,0,00:00:00/112-08:28:28,92) [scsi_tmf_1]
(root,0,0,00:00:00/112-08:28:28,95) [bioset]
(root,0,0,00:00:00/112-08:28:28,96) [bioset]
(root,0,0,00:00:00/112-08:28:28,97) [bioset]
(root,0,0,00:00:00/112-08:28:28,98) [bioset]
(root,0,0,00:00:00/112-08:28:28,99) [bioset]
(root,0,0,00:00:00/112-08:28:28,100) [bioset]
(root,0,0,00:00:00/112-08:28:28,101) [bioset]
(root,0,0,00:00:00/112-08:28:28,102) [bioset]
(root,0,0,00:00:00/112-08:28:28,129) [bioset]
(root,0,0,00:00:00/112-08:28:27,153) [kworker/u129:0]
(root,0,0,00:00:14/112-08:28:25,163) [kworker/0:1H]
(root,0,0,00:00:48/112-08:28:25,165) [jbd2/xvda1-8]
(root,0,0,00:00:00/112-08:28:25,166) [ext4-rsv-conver]
(root,56840,2788,00:05:41/112-08:28:23,193) /lib/systemd/systemd-journald
(root,0,0,00:00:29/112-08:28:23,194) [kworker/1:1H]
(root,0,0,00:00:00/112-08:28:23,199) [kauditd]
(root,45936,52,00:00:24/112-08:28:23,224) /lib/systemd/systemd-udevd
(root,0,0,00:00:00/112-08:28:23,277) [ttm_swap]
(root,0,0,00:00:00/112-08:28:22,334) [edac-poller]
(systemd-timesync,127288,44,00:00:36/112-08:28:21,390) /lib/systemd/systemd-timesyncd
(root,29636,452,00:00:27/112-08:28:19,478) /usr/sbin/cron -f
(root,37984,880,00:00:33/112-08:28:19,479) /lib/systemd/systemd-logind
(root,35800,124,00:21:31/112-08:28:19,483) /usr/sbin/irqbalance --foreground
(clamav,297696,1556,00:02:50/112-08:28:19,484) /usr/bin/freshclam -d --foreground=true
(bind,287376,3592,00:00:09/112-08:28:19,491) /usr/sbin/named -f -u bind
(messagebus,45112,744,00:00:01/112-08:28:19,492) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation
(root,250240,0,00:00:41/112-08:28:18,524) /usr/sbin/rsyslogd -n
(root,14524,0,00:00:00/112-08:28:18,532) /sbin/agetty --noclear tty1 linux
(root,14300,0,00:00:00/112-08:28:18,534) /sbin/agetty --keep-baud 115200,38400,9600 hvc0 vt220
(clamav,1606636,710080,01:29:39/112-08:28:18,539) /usr/sbin/clamd --foreground=true
(root,20220,496,00:00:26/112-08:28:18,549) /usr/sbin/xinetd -pidfile /run/xinetd.pid -stayalive -inetd_compat -inetd_ipv6
(smtpgw,21712,764,00:01:08/112-08:28:18,553) /usr/sbin/smtp-gated /etc/smtp-gated.conf
(root,69960,0,00:00:00/112-08:28:17,563) /usr/sbin/sshd -D
(root,790484,2812,01:21:35/112-08:28:16,626) /usr/sbin/xe-daemon -p /var/run/xe-daemon.pid
(root,25384,0,00:00:00/112-08:28:16,629) logger -t xe-daemon
(root,25384,0,00:00:00/112-08:28:16,631) logger -t xenstore
(root,185056,1956,00:44:38/112-08:28:15,689) /usr/bin/perl -T -w /usr/sbin/spamd -d --pidfile=/var/run/spamd.pid --create-prefs --max-children 5 --helper-home-dir --socketpath=/var/run/spamd.sock
(root,185056,1080,00:00:15/112-08:28:06,727) spamd child
(root,185056,1092,00:00:14/112-08:28:06,729) spamd child
(root,0,0,00:01:00/73-14:39:37,7078) [kworker/u128:4]
(root,0,0,00:00:00/73-14:39:37,7082) [kworker/u128:9]
(root,0,0,00:00:03/11:09:24,12796) [kworker/1:2]
(root,0,0,00:00:11/06:44:02,18634) [kworker/0:1]
(root,0,0,00:00:02/57:25,26290) [kworker/0:2]
(root,19736,3436,00:00:00/00:01,27642) /bin/bash /usr/bin/check_mk_agent
(root,36632,2796,00:00:00/00:00,27661) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000
(root,13208,1040,00:00:00/00:00,27662) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) /
(root,0,0,00:00:05/1-06:45:01,51702) [kworker/1:1]

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP mode DEFAULT group default qlen 1000
    link/ether 4e:f3:e0:93:12:31 brd ff:ff:ff:ff:ff:ff
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP mode DEFAULT group default qlen 1000
    link/ether 9e:6e:d6:0f:9c:57 brd ff:ff:ff:ff:ff:ff
[end_iplink]

Found on 2022-09-10 00:36

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcb3562910c28104c57538621431f6ef336d4653446

Found public CheckMk agent:
Version: 1.2.8p15
AgentOS: linux
Hostname: proxy1
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
OnlyFrom: 

Found process list through CheckMk:
(root,56940,3500,00:00:18/28-07:14:56,1) /sbin/init
(root,0,0,00:00:00/28-07:14:56,2) [kthreadd]
(root,0,0,00:00:01/28-07:14:56,3) [ksoftirqd/0]
(root,0,0,00:00:00/28-07:14:56,5) [kworker/0:0H]
(root,0,0,00:00:15/28-07:14:56,6) [kworker/u128:0]
(root,0,0,00:30:35/28-07:14:56,7) [rcu_sched]
(root,0,0,00:00:00/28-07:14:56,8) [rcu_bh]
(root,0,0,00:00:09/28-07:14:56,9) [migration/0]
(root,0,0,00:00:00/28-07:14:56,10) [lru-add-drain]
(root,0,0,00:00:16/28-07:14:56,11) [watchdog/0]
(root,0,0,00:00:00/28-07:14:56,12) [cpuhp/0]
(root,0,0,00:00:00/28-07:14:56,13) [cpuhp/1]
(root,0,0,00:00:13/28-07:14:56,14) [watchdog/1]
(root,0,0,00:00:07/28-07:14:56,15) [migration/1]
(root,0,0,00:00:16/28-07:14:56,16) [ksoftirqd/1]
(root,0,0,00:00:00/28-07:14:56,18) [kworker/1:0H]
(root,0,0,00:00:00/28-07:14:56,19) [kdevtmpfs]
(root,0,0,00:00:00/28-07:14:56,20) [netns]
(root,0,0,00:00:00/28-07:14:56,21) [xenwatch]
(root,0,0,00:00:18/28-07:14:56,22) [xenbus]
(root,0,0,00:00:01/28-07:14:56,24) [khungtaskd]
(root,0,0,00:00:00/28-07:14:56,25) [oom_reaper]
(root,0,0,00:00:00/28-07:14:56,26) [writeback]
(root,0,0,00:00:00/28-07:14:56,27) [kcompactd0]
(root,0,0,00:00:00/28-07:14:56,28) [ksmd]
(root,0,0,00:00:00/28-07:14:56,29) [khugepaged]
(root,0,0,00:00:00/28-07:14:56,30) [crypto]
(root,0,0,00:00:00/28-07:14:56,31) [kintegrityd]
(root,0,0,00:00:00/28-07:14:56,32) [bioset]
(root,0,0,00:00:00/28-07:14:56,33) [kblockd]
(root,0,0,00:00:00/28-07:14:56,35) [devfreq_wq]
(root,0,0,00:00:00/28-07:14:56,36) [watchdogd]
(root,0,0,00:01:13/28-07:14:55,37) [kswapd0]
(root,0,0,00:00:00/28-07:14:55,38) [vmstat]
(root,0,0,00:00:00/28-07:14:55,50) [kthrotld]
(root,0,0,00:00:00/28-07:14:55,51) [khvcd]
(root,0,0,00:00:00/28-07:14:55,53) [ipv6_addrconf]
(root,0,0,00:00:00/28-07:14:55,88) [ata_sff]
(root,0,0,00:00:00/28-07:14:55,89) [scsi_eh_0]
(root,0,0,00:00:00/28-07:14:55,90) [scsi_tmf_0]
(root,0,0,00:00:00/28-07:14:55,91) [scsi_eh_1]
(root,0,0,00:00:00/28-07:14:55,92) [scsi_tmf_1]
(root,0,0,00:00:00/28-07:14:55,95) [bioset]
(root,0,0,00:00:00/28-07:14:55,96) [bioset]
(root,0,0,00:00:00/28-07:14:55,97) [bioset]
(root,0,0,00:00:00/28-07:14:55,98) [bioset]
(root,0,0,00:00:00/28-07:14:55,99) [bioset]
(root,0,0,00:00:00/28-07:14:55,100) [bioset]
(root,0,0,00:00:00/28-07:14:55,101) [bioset]
(root,0,0,00:00:00/28-07:14:55,102) [bioset]
(root,0,0,00:00:00/28-07:14:55,129) [bioset]
(root,0,0,00:00:00/28-07:14:54,153) [kworker/u129:0]
(root,0,0,00:00:03/28-07:14:52,163) [kworker/0:1H]
(root,0,0,00:00:08/28-07:14:52,165) [jbd2/xvda1-8]
(root,0,0,00:00:00/28-07:14:52,166) [ext4-rsv-conver]
(root,59388,3852,00:01:10/28-07:14:50,193) /lib/systemd/systemd-journald
(root,0,0,00:00:05/28-07:14:50,194) [kworker/1:1H]
(root,0,0,00:00:00/28-07:14:50,199) [kauditd]
(root,45936,52,00:00:04/28-07:14:50,224) /lib/systemd/systemd-udevd
(root,0,0,00:00:00/28-07:14:50,277) [ttm_swap]
(root,0,0,00:00:00/28-07:14:49,334) [edac-poller]
(systemd-timesync,127288,44,00:00:07/28-07:14:48,390) /lib/systemd/systemd-timesyncd
(root,29636,376,00:00:05/28-07:14:46,478) /usr/sbin/cron -f
(root,37984,84,00:00:06/28-07:14:46,479) /lib/systemd/systemd-logind
(root,35800,116,00:03:51/28-07:14:46,483) /usr/sbin/irqbalance --foreground
(clamav,296604,1264,00:00:41/28-07:14:46,484) /usr/bin/freshclam -d --foreground=true
(bind,287376,2320,00:00:01/28-07:14:46,491) /usr/sbin/named -f -u bind
(messagebus,45112,620,00:00:00/28-07:14:46,492) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation
(root,250112,140,00:00:07/28-07:14:45,524) /usr/sbin/rsyslogd -n
(root,14524,0,00:00:00/28-07:14:45,532) /sbin/agetty --noclear tty1 linux
(root,14300,0,00:00:00/28-07:14:45,534) /sbin/agetty --keep-baud 115200,38400,9600 hvc0 vt220
(clamav,1588408,720156,00:20:15/28-07:14:45,539) /usr/sbin/clamd --foreground=true
(root,20220,356,00:00:05/28-07:14:45,549) /usr/sbin/xinetd -pidfile /run/xinetd.pid -stayalive -inetd_compat -inetd_ipv6
(smtpgw,21712,660,00:00:13/28-07:14:45,553) /usr/sbin/smtp-gated /etc/smtp-gated.conf
(root,69960,0,00:00:00/28-07:14:44,563) /usr/sbin/sshd -D
(root,790484,2400,00:15:09/28-07:14:43,626) /usr/sbin/xe-daemon -p /var/run/xe-daemon.pid
(root,25384,0,00:00:00/28-07:14:43,629) logger -t xe-daemon
(root,25384,0,00:00:00/28-07:14:43,631) logger -t xenstore
(root,185056,1452,00:09:28/28-07:14:42,689) /usr/bin/perl -T -w /usr/sbin/spamd -d --pidfile=/var/run/spamd.pid --create-prefs --max-children 5 --helper-home-dir --socketpath=/var/run/spamd.sock
(root,185056,1656,00:00:03/28-07:14:33,727) spamd child
(root,185056,1484,00:00:02/28-07:14:33,729) spamd child
(root,0,0,00:00:14/1-06:36:41,22097) [kworker/0:1]
(root,0,0,00:00:00/27-13:14:13,24917) [kworker/u128:2]
(root,0,0,00:00:23/18:45:52,38043) [kworker/0:2]
(root,0,0,00:00:00/07:49:51,52558) [kworker/1:1]
(root,0,0,00:00:01/06:35:41,54171) [kworker/1:0]
(root,19736,3460,00:00:00/00:00,63132) /bin/bash /usr/bin/check_mk_agent
(root,36632,2776,00:00:00/00:00,63151) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000
(root,13208,1036,00:00:00/00:00,63152) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) /

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP mode DEFAULT group default qlen 1000
    link/ether 4e:f3:e0:93:12:31 brd ff:ff:ff:ff:ff:ff
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP mode DEFAULT group default qlen 1000
    link/ether 9e:6e:d6:0f:9c:57 brd ff:ff:ff:ff:ff:ff
[end_iplink]

Found on 2022-06-17 23:23

Host 62.133.128.73

Poland

CheckMK monitoring endpoint publicly available

Domain summary