LeakIX - Host 91.239.248.5

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbdb152c97192c0d284810ab27e16e94ce2eb2e7d0

Found public CheckMk agent:
Version: 1.2.6b5
AgentOS: linux
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local

Found process list through CheckMk:
(root,204812,6572,00:03:25,1) /sbin/init
(root,0,0,00:00:02,2) [kthreadd]
(root,0,0,00:00:00,4) [kworker/0:0H]
(root,0,0,00:03:58,6) [kworker/0:1H]
(root,0,0,00:00:02,7) [ksoftirqd/0]
(root,0,0,01:17:01,8) [rcu_sched]
(root,0,0,00:00:00,9) [rcu_bh]
(root,0,0,00:00:02,10) [migration/0]
(root,0,0,00:00:00,11) [lru-add-drain]
(root,0,0,00:00:17,12) [watchdog/0]
(root,0,0,00:00:00,13) [cpuhp/0]
(root,0,0,00:00:00,14) [cpuhp/1]
(root,0,0,00:00:16,15) [watchdog/1]
(root,0,0,00:00:02,16) [migration/1]
(root,0,0,00:00:14,17) [ksoftirqd/1]
(root,0,0,00:00:00,19) [kworker/1:0H]
(root,0,0,00:00:00,20) [cpuhp/2]
(root,0,0,00:00:17,21) [watchdog/2]
(root,0,0,00:00:02,22) [migration/2]
(root,0,0,00:00:02,23) [ksoftirqd/2]
(root,0,0,00:00:00,25) [kworker/2:0H]
(root,0,0,00:00:00,26) [cpuhp/3]
(root,0,0,00:00:17,27) [watchdog/3]
(root,0,0,00:00:02,28) [migration/3]
(root,0,0,00:02:34,29) [ksoftirqd/3]
(root,0,0,00:00:00,31) [kworker/3:0H]
(root,0,0,00:00:00,32) [cpuhp/4]
(root,0,0,00:00:18,33) [watchdog/4]
(root,0,0,00:00:02,34) [migration/4]
(root,0,0,00:00:02,35) [ksoftirqd/4]
(root,0,0,00:00:00,37) [kworker/4:0H]
(root,0,0,00:00:00,38) [cpuhp/5]
(root,0,0,00:00:18,39) [watchdog/5]
(root,0,0,00:00:02,40) [migration/5]
(root,0,0,00:00:03,41) [ksoftirqd/5]
(root,0,0,00:00:00,43) [kworker/5:0H]
(root,0,0,00:00:00,44) [kdevtmpfs]
(root,0,0,00:00:00,45) [netns]
(root,0,0,00:00:06,46) [khungtaskd]
(root,0,0,00:00:00,47) [oom_reaper]
(root,0,0,00:00:00,48) [writeback]
(root,0,0,00:00:00,49) [kcompactd0]
(root,0,0,00:00:00,51) [ksmd]
(root,0,0,00:00:00,52) [khugepaged]
(root,0,0,00:00:00,53) [crypto]
(root,0,0,00:00:00,54) [kintegrityd]
(root,0,0,00:00:00,55) [bioset]
(root,0,0,00:00:00,56) [kblockd]
(root,0,0,00:00:00,57) [devfreq_wq]
(root,0,0,00:00:00,58) [watchdogd]
(root,0,0,00:01:20,59) [kswapd0]
(root,0,0,00:00:00,60) [vmstat]
(root,0,0,00:00:00,72) [kthrotld]
(root,0,0,00:00:00,73) [ipv6_addrconf]
(root,0,0,00:00:00,109) [mpt_poll_0]
(root,0,0,00:00:00,110) [mpt/0]
(root,0,0,00:00:00,111) [ata_sff]
(root,0,0,00:00:00,147) [scsi_eh_0]
(root,0,0,00:00:00,148) [scsi_tmf_0]
(root,0,0,00:00:00,149) [bioset]
(root,0,0,00:00:00,150) [scsi_eh_1]
(root,0,0,00:00:00,152) [scsi_tmf_1]
(root,0,0,00:00:00,153) [scsi_eh_2]
(root,0,0,00:00:00,154) [scsi_tmf_2]
(root,0,0,00:00:00,171) [bioset]
(root,0,0,00:03:44,174) [kworker/5:1H]
(root,0,0,00:10:09,176) [kworker/1:1H]
(root,0,0,00:04:05,177) [kworker/4:1H]
(root,0,0,00:00:00,203) [kworker/u13:0]
(root,0,0,00:04:53,212) [kworker/2:1H]
(root,0,0,00:55:29,214) [jbd2/sda3-8]
(root,0,0,00:00:00,215) [ext4-rsv-conver]
(root,0,0,00:08:34,237) [kworker/3:1H]
(root,135004,7660,01:43:16,241) /usr/bin/vmtoolsd
(root,0,0,00:00:00,242) [kauditd]
(root,70776,12100,00:38:33,253) /lib/systemd/systemd-journald
(root,47384,2924,00:00:12,305) /lib/systemd/systemd-udevd
(root,0,0,00:00:00,308) [bioset]
(root,0,0,00:00:00,309) [bioset]
(root,0,0,00:00:00,310) [bioset]
(root,0,0,00:00:00,311) [bioset]
(root,0,0,00:00:00,312) [bioset]
(root,0,0,00:00:00,313) [bioset]
(root,0,0,00:00:00,314) [bioset]
(root,0,0,00:00:00,315) [bioset]
(root,0,0,00:00:00,324) [loop4]
(root,0,0,00:00:00,329) [loop7]
(root,0,0,00:00:00,362) [ttm_swap]
(root,0,0,00:00:00,604) [jbd2/sda1-8]
(root,0,0,00:00:00,605) [ext4-rsv-conver]
(systemd+,127284,3648,00:00:18,621) /lib/systemd/systemd-timesyncd
(root,30876,2640,00:00:20,643) /usr/sbin/cron -f
(root,35912,2968,00:05:29,644) /usr/sbin/irqbalance --foreground
(root,153692,11868,00:00:00,645) /usr/bin/VGAuthService
(root,46668,4688,00:00:26,646) /lib/systemd/systemd-logind
(message+,45124,3328,00:00:30,647) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation
(root,1300372,24664,00:08:29,656) /usr/lib/snapd/snapd
(root,58340,3116,00:00:06,863) lldpd: monitor.
(root,15740,1480,00:00:00,865) /sbin/agetty --noclear tty1 linux
(_lldpd,58340,1976,00:01:02,911) lldpd: connected to SW_CORE_01.
(root,69956,6224,00:00:25,941) /usr/sbin/sshd -D
(root,0,0,00:00:00,951) [bioset]
(root,536952,38912,00:05:40,1135) /usr/sbin/apache2 -k start
(root,82324,4612,00:04:40,1371) sendmail: MTA: accepting connections
(root,54176,8416,00:00:00,2737) mc
(root,21164,3888,00:00:00,2739) bash -rcfile .bashrc
(root,0,0,00:00:00,3685) [loop8]
(mysql,1570444,686288,03:00:48,6210) /usr/sbin/mysqld
(freerad,2516672,26252,01:16:54,6286) /usr/sbin/freeradius
(root,553884,5012,00:02:36,6847) /usr/sbin/rsyslogd -n
(root,318164,9028,00:00:44,7053) /usr/lib/packagekit/packagekitd
(root,286116,4908,00:00:25,7057) /usr/lib/policykit-1/polkitd --no-debug
(www-data,537972,27136,00:00:00,8149) /usr/sbin/apache2 -k start
(www-data,537428,14832,00:00:00,8150) /usr/sbin/apache2 -k start
(www-data,537948,25204,00:00:00,8151) /usr/sbin/apache2 -k start
(www-data,537604,21180,00:00:00,8152) /usr/sbin/apache2 -k start
(www-data,538076,26716,00:00:00,8153) /usr/sbin/apache2 -k start
(www-data,537656,23184,00:00:00,8199) /usr/sbin/apache2 -k start
(www-data,537540,18600,00:00:00,8385) /usr/sbin/apache2 -k start
(root,0,0,00:00:14,10052) [kworker/u12:2]
(root,54128,8220,00:00:00,10334) mc
(root,21164,3956,00:00:00,10336) bash -rcfile .bashrc
(root,337112,62976,00:05:45,10429) /usr/bin/python3 /usr/bin/fail2ban-server -s /var/run/fail2ban/fail2ban.sock -p /var/run/fail2ban/fail2ban.pid -x -b
(root,0,0,00:00:02,10885) [kworker/5:1]
(root,0,0,00:00:02,12144) [kworker/2:1]
(root,0,0,00:00:00,12334) [loop1]
(root,0,0,00:00:03,12553) [kworker/0:2]
(root,99352,6804,00:00:15,12655) sshd: root@pts/1
(root,22728,5408,00:00:00,12672) -bash
(www-data,537392,14224,00:00:00,13295) /usr/sbin/apache2 -k start
(www-data,537604,19092,00:00:00,13296) /usr/sbin/apache2 -k start
(www-data,537556,14860,00:00:00,13297) /usr/sbin/apache2 -k start
(root,0,0,00:00:01,14938) [kworker/1:1]
(root,0,0,00:00:05,15642) [kworker/1:0]
(root,0,0,00:00:01,16106) [kworker/2:0]
(root,0,0,00:00:00,16348) [kworker/5:2]
(root,0,0,00:00:03,16475) [kworker/3:0]
(root,0,0,00:00:00,17354) [kworker/4:0]
(root,0,0,00:00:00,17579) [kworker/3:2]
(root,0,0,00:00:00,17630) [kworker/4:2]
(root,0,0,00:00:00,17637) [kworker/0:0]
(root,0,0,00:00:00,17642) [kworker/0:1]
(root,7044,700,00:00:00,17646) sleep 180
(root,0,0,00:00:00,17761) [kworker/4:1]
(root,20896,3452,00:00:00,17768) /bin/bash /usr/bin/check_mk_agent
(root,36628,2796,00:00:00,17774) ps ax -o user,vsz,rss,cputime,pid,command --columns 10000
(root,13204,956,00:00:00,17775) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4,\5) /
(root,0,0,00:00:00,18262) [loop2]
(root,0,0,00:00:14,19439) [kworker/u12:1]
(root,4276,648,00:00:00,20090) sh /root/.vscode-server/cli/servers/Stable-38c31bc77e0dd6ae88a4e9cc93428cc27a56ba40/server/bin/code-server --connection-token=remotessh --accept-server-license-terms --start-server --enable-remote-auto-shutdown --socket-path=/tmp/code-58b43dc0-9464-4f1b-8739-900beac7b78a
(root,1407032,164524,00:03:24,20094) /root/.vscode-server/cli/servers/Stable-38c31bc77e0dd6ae88a4e9cc93428cc27a56ba40/server/node /root/.vscode-server/cli/servers/Stable-38c31bc77e0dd6ae88a4e9cc93428cc27a56ba40/server/out/server-main.js --connection-token=remotessh --accept-server-license-terms --start-server --enable-remote-auto-shutdown --socket-path=/tmp/code-58b43dc0-9464-4f1b-8739-900beac7b78a
(root,1153896,57852,00:00:10,20128) /root/.vscode-server/cli/servers/Stable-38c31bc77e0dd6ae88a4e9cc93428cc27a56ba40/server/node /root/.vscode-server/cli/servers/Stable-38c31bc77e0dd6ae88a4e9cc93428cc27a56ba40/server/out/bootstrap-fork --type=ptyHost --logsPath /root/.vscode-server/data/logs/20241219T152927
(root,99980,7484,00:00:23,20222) sshd: root@notty
(root,4276,1608,00:00:00,20228) sh
(root,40720,6804,00:02:15,20248) /root/.vscode-server/code-38c31bc77e0dd6ae88a4e9cc93428cc27a56ba40 command-shell --cli-data-dir /root/.vscode-server/cli --parent-process-id 20228 --on-host=127.0.0.1 --on-port
(root,1416268,165104,00:06:43,20275) /root/.vscode-server/cli/servers/Stable-38c31bc77e0dd6ae88a4e9cc93428cc27a56ba40/server/node --dns-result-order=ipv4first /root/.vscode-server/cli/servers/Stable-38c31bc77e0dd6ae88a4e9cc93428cc27a56ba40/server/out/bootstrap-fork --type=extensionHost --transformURIs --useHostProxy=false
(root,1251664,51532,00:00:18,20286) /root/.vscode-server/cli/servers/Stable-38c31bc77e0dd6ae88a4e9cc93428cc27a56ba40/server/node /root/.vscode-server/cli/servers/Stable-38c31bc77e0dd6ae88a4e9cc93428cc27a56ba40/server/out/bootstrap-fork --type=fileWatcher
(root,4276,712,00:00:00,20327) /bin/sh
(root,0,0,00:00:00,23770) [loop6]
(root,0,0,00:00:00,25079) [loop3]
(root,0,0,00:00:00,25227) [bioset]
(root,0,0,00:00:00,25229) [loop9]
(root,0,0,00:00:00,25240) [loop5]
(root,99352,6736,00:00:25,30595) sshd: root@pts/2
(root,22720,5212,00:00:00,30601) -bash
(root,99352,6944,00:04:52,32228) sshd: root@pts/0
(root,56536,5544,00:00:00,32230) /lib/systemd/systemd --user
(root,232396,1696,00:00:00,32231) (sd-pam)
(root,22800,5500,00:00:00,32237) -bash

Found on 2024-12-22 00:57

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbdb152c97192c0d284810ab27e16e94ce1c2c1c04

Found public CheckMk agent:
Version: 1.2.6b5
AgentOS: linux
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local

Found process list through CheckMk:
(root,204812,6572,00:03:23,1) /sbin/init
(root,0,0,00:00:02,2) [kthreadd]
(root,0,0,00:00:00,4) [kworker/0:0H]
(root,0,0,00:03:52,6) [kworker/0:1H]
(root,0,0,00:00:02,7) [ksoftirqd/0]
(root,0,0,01:15:19,8) [rcu_sched]
(root,0,0,00:00:00,9) [rcu_bh]
(root,0,0,00:00:02,10) [migration/0]
(root,0,0,00:00:00,11) [lru-add-drain]
(root,0,0,00:00:17,12) [watchdog/0]
(root,0,0,00:00:00,13) [cpuhp/0]
(root,0,0,00:00:00,14) [cpuhp/1]
(root,0,0,00:00:16,15) [watchdog/1]
(root,0,0,00:00:02,16) [migration/1]
(root,0,0,00:00:14,17) [ksoftirqd/1]
(root,0,0,00:00:00,19) [kworker/1:0H]
(root,0,0,00:00:00,20) [cpuhp/2]
(root,0,0,00:00:16,21) [watchdog/2]
(root,0,0,00:00:02,22) [migration/2]
(root,0,0,00:00:02,23) [ksoftirqd/2]
(root,0,0,00:00:00,25) [kworker/2:0H]
(root,0,0,00:00:00,26) [cpuhp/3]
(root,0,0,00:00:16,27) [watchdog/3]
(root,0,0,00:00:02,28) [migration/3]
(root,0,0,00:02:31,29) [ksoftirqd/3]
(root,0,0,00:00:00,31) [kworker/3:0H]
(root,0,0,00:00:00,32) [cpuhp/4]
(root,0,0,00:00:18,33) [watchdog/4]
(root,0,0,00:00:02,34) [migration/4]
(root,0,0,00:00:02,35) [ksoftirqd/4]
(root,0,0,00:00:00,37) [kworker/4:0H]
(root,0,0,00:00:00,38) [cpuhp/5]
(root,0,0,00:00:17,39) [watchdog/5]
(root,0,0,00:00:02,40) [migration/5]
(root,0,0,00:00:03,41) [ksoftirqd/5]
(root,0,0,00:00:00,43) [kworker/5:0H]
(root,0,0,00:00:00,44) [kdevtmpfs]
(root,0,0,00:00:00,45) [netns]
(root,0,0,00:00:06,46) [khungtaskd]
(root,0,0,00:00:00,47) [oom_reaper]
(root,0,0,00:00:00,48) [writeback]
(root,0,0,00:00:00,49) [kcompactd0]
(root,0,0,00:00:00,51) [ksmd]
(root,0,0,00:00:00,52) [khugepaged]
(root,0,0,00:00:00,53) [crypto]
(root,0,0,00:00:00,54) [kintegrityd]
(root,0,0,00:00:00,55) [bioset]
(root,0,0,00:00:00,56) [kblockd]
(root,0,0,00:00:00,57) [devfreq_wq]
(root,0,0,00:00:00,58) [watchdogd]
(root,0,0,00:01:17,59) [kswapd0]
(root,0,0,00:00:00,60) [vmstat]
(root,0,0,00:00:00,72) [kthrotld]
(root,0,0,00:00:00,73) [ipv6_addrconf]
(root,0,0,00:00:00,109) [mpt_poll_0]
(root,0,0,00:00:00,110) [mpt/0]
(root,0,0,00:00:00,111) [ata_sff]
(root,0,0,00:00:00,147) [scsi_eh_0]
(root,0,0,00:00:00,148) [scsi_tmf_0]
(root,0,0,00:00:00,149) [bioset]
(root,0,0,00:00:00,150) [scsi_eh_1]
(root,0,0,00:00:00,152) [scsi_tmf_1]
(root,0,0,00:00:00,153) [scsi_eh_2]
(root,0,0,00:00:00,154) [scsi_tmf_2]
(root,0,0,00:00:00,171) [bioset]
(root,0,0,00:03:39,174) [kworker/5:1H]
(root,0,0,00:09:57,176) [kworker/1:1H]
(root,0,0,00:04:00,177) [kworker/4:1H]
(root,0,0,00:00:00,203) [kworker/u13:0]
(root,0,0,00:04:46,212) [kworker/2:1H]
(root,0,0,00:54:17,214) [jbd2/sda3-8]
(root,0,0,00:00:00,215) [ext4-rsv-conver]
(root,0,0,00:08:23,237) [kworker/3:1H]
(root,135004,7660,01:41:15,241) /usr/bin/vmtoolsd
(root,0,0,00:00:00,242) [kauditd]
(root,62580,9984,00:38:31,253) /lib/systemd/systemd-journald
(root,47384,2924,00:00:11,305) /lib/systemd/systemd-udevd
(root,0,0,00:00:00,308) [bioset]
(root,0,0,00:00:00,309) [bioset]
(root,0,0,00:00:00,310) [bioset]
(root,0,0,00:00:00,311) [bioset]
(root,0,0,00:00:00,312) [bioset]
(root,0,0,00:00:00,313) [bioset]
(root,0,0,00:00:00,314) [bioset]
(root,0,0,00:00:00,315) [bioset]
(root,0,0,00:00:00,324) [loop4]
(root,0,0,00:00:00,329) [loop7]
(root,0,0,00:00:00,362) [ttm_swap]
(root,0,0,00:00:00,604) [jbd2/sda1-8]
(root,0,0,00:00:00,605) [ext4-rsv-conver]
(systemd+,127284,3648,00:00:18,621) /lib/systemd/systemd-timesyncd
(root,30876,2640,00:00:19,643) /usr/sbin/cron -f
(root,35912,2968,00:05:23,644) /usr/sbin/irqbalance --foreground
(root,153692,11900,00:00:00,645) /usr/bin/VGAuthService
(root,46668,4688,00:00:26,646) /lib/systemd/systemd-logind
(message+,45124,3328,00:00:30,647) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation
(root,1300372,24940,00:08:19,656) /usr/lib/snapd/snapd
(root,58340,3120,00:00:06,863) lldpd: monitor.
(root,15740,1480,00:00:00,865) /sbin/agetty --noclear tty1 linux
(_lldpd,58340,1980,00:01:01,911) lldpd: connected to SW_CORE_01.
(root,69956,6224,00:00:24,941) /usr/sbin/sshd -D
(root,0,0,00:00:00,951) [bioset]
(root,536952,38912,00:05:34,1135) /usr/sbin/apache2 -k start
(root,82324,4612,00:04:35,1371) sendmail: MTA: accepting connections
(root,54176,8416,00:00:00,2737) mc
(root,21164,3888,00:00:00,2739) bash -rcfile .bashrc
(root,0,0,00:00:00,3685) [loop8]
(mysql,1566348,685860,02:07:47,6210) /usr/sbin/mysqld
(freerad,2516672,26248,00:54:32,6286) /usr/sbin/freeradius
(root,553884,5012,00:02:30,6847) /usr/sbin/rsyslogd -n
(root,318164,9028,00:00:43,7053) /usr/lib/packagekit/packagekitd
(root,286116,4908,00:00:25,7057) /usr/lib/policykit-1/polkitd --no-debug
(root,0,0,00:00:02,8687) [kworker/5:1]
(root,0,0,00:00:14,10052) [kworker/u12:2]
(root,54128,8220,00:00:00,10334) mc
(root,21164,3956,00:00:00,10336) bash -rcfile .bashrc
(root,337112,62976,00:05:16,10429) /usr/bin/python3 /usr/bin/fail2ban-server -s /var/run/fail2ban/fail2ban.sock -p /var/run/fail2ban/fail2ban.pid -x -b
(root,0,0,00:00:00,12334) [loop1]
(root,99352,6804,00:00:14,12655) sshd: root@pts/1
(root,22728,5408,00:00:00,12672) -bash
(root,0,0,00:00:04,14397) [kworker/5:0]
(root,0,0,00:00:06,15191) [kworker/0:0]
(www-data,543072,37236,00:00:02,15734) /usr/sbin/apache2 -k start
(www-data,538576,27084,00:00:00,15735) /usr/sbin/apache2 -k start
(www-data,538180,27084,00:00:00,15736) /usr/sbin/apache2 -k start
(www-data,542800,35976,00:00:00,15737) /usr/sbin/apache2 -k start
(www-data,538644,27164,00:00:00,15738) /usr/sbin/apache2 -k start
(www-data,538180,26828,00:00:00,15772) /usr/sbin/apache2 -k start
(www-data,543008,36616,00:00:02,16862) /usr/sbin/apache2 -k start
(www-data,538020,26580,00:00:00,16865) /usr/sbin/apache2 -k start
(www-data,538012,26620,00:00:00,16866) /usr/sbin/apache2 -k start
(www-data,537640,26228,00:00:00,16867) /usr/sbin/apache2 -k start
(root,0,0,00:00:00,18262) [loop2]
(root,0,0,00:00:08,19439) [kworker/u12:1]
(root,4276,648,00:00:00,20090) sh /root/.vscode-server/cli/servers/Stable-38c31bc77e0dd6ae88a4e9cc93428cc27a56ba40/server/bin/code-server --connection-token=remotessh --accept-server-license-terms --start-server --enable-remote-auto-shutdown --socket-path=/tmp/code-58b43dc0-9464-4f1b-8739-900beac7b78a
(root,1394484,151256,00:00:47,20094) /root/.vscode-server/cli/servers/Stable-38c31bc77e0dd6ae88a4e9cc93428cc27a56ba40/server/node /root/.vscode-server/cli/servers/Stable-38c31bc77e0dd6ae88a4e9cc93428cc27a56ba40/server/out/server-main.js --connection-token=remotessh --accept-server-license-terms --start-server --enable-remote-auto-shutdown --socket-path=/tmp/code-58b43dc0-9464-4f1b-8739-900beac7b78a
(root,1153896,58644,00:00:02,20128) /root/.vscode-server/cli/servers/Stable-38c31bc77e0dd6ae88a4e9cc93428cc27a56ba40/server/node /root/.vscode-server/cli/servers/Stable-38c31bc77e0dd6ae88a4e9cc93428cc27a56ba40/server/out/bootstrap-fork --type=ptyHost --logsPath /root/.vscode-server/data/logs/20241219T152927
(root,99980,7484,00:00:04,20222) sshd: root@notty
(root,4276,1608,00:00:00,20228) sh
(root,40720,14864,00:00:23,20248) /root/.vscode-server/code-38c31bc77e0dd6ae88a4e9cc93428cc27a56ba40 command-shell --cli-data-dir /root/.vscode-server/cli --parent-process-id 20228 --on-host=127.0.0.1 --on-port
(root,1415952,161692,00:01:11,20275) /root/.vscode-server/cli/servers/Stable-38c31bc77e0dd6ae88a4e9cc93428cc27a56ba40/server/node --dns-result-order=ipv4first /root/.vscode-server/cli/servers/Stable-38c31bc77e0dd6ae88a4e9cc93428cc27a56ba40/server/out/bootstrap-fork --type=extensionHost --transformURIs --useHostProxy=false
(root,1251664,51252,00:00:03,20286) /root/.vscode-server/cli/servers/Stable-38c31bc77e0dd6ae88a4e9cc93428cc27a56ba40/server/node /root/.vscode-server/cli/servers/Stable-38c31bc77e0dd6ae88a4e9cc93428cc27a56ba40/server/out/bootstrap-fork --type=fileWatcher
(root,4276,712,00:00:00,20327) /bin/sh
(root,0,0,00:00:03,21244) [kworker/1:2]
(root,0,0,00:00:06,22754) [kworker/1:0]
(root,0,0,00:00:00,23770) [loop6]
(root,0,0,00:00:00,23976) [kworker/4:1]
(root,0,0,00:00:00,24231) [kworker/2:0]
(root,0,0,00:00:00,24713) [kworker/2:1]
(root,0,0,00:00:00,24938) [kworker/3:0]
(root,0,0,00:00:00,24989) [kworker/3:1]
(root,0,0,00:00:00,25079) [loop3]
(root,0,0,00:00:00,25194) [kworker/4:2]
(root,0,0,00:00:00,25227) [bioset]
(root,0,0,00:00:00,25229) [loop9]
(root,0,0,00:00:00,25238) [kworker/0:2]
(root,0,0,00:00:00,25240) [loop5]
(root,7044,644,00:00:00,25243) sleep 180
(root,0,0,00:00:00,25245) [kworker/0:1]
(root,0,0,00:00:00,25306) [kworker/4:0]
(root,0,0,00:00:00,25367) [kworker/5:2]
(root,20896,3296,00:00:00,25368) /bin/bash /usr/bin/check_mk_agent
(root,36628,2792,00:00:00,25374) ps ax -o user,vsz,rss,cputime,pid,command --columns 10000
(root,13204,932,00:00:00,25375) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4,\5) /
(root,99352,6736,00:00:24,30595) sshd: root@pts/2
(root,22720,5212,00:00:00,30601) -bash
(root,99352,6944,00:04:51,32228) sshd: root@pts/0
(root,56536,5544,00:00:00,32230) /lib/systemd/systemd --user
(root,232396,1696,00:00:00,32231) (sd-pam)
(root,22800,5500,00:00:00,32237) -bash

Found on 2024-12-20 00:28

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbdb152c97192c0d284810ab27e16e94ce89ef244a

Found public CheckMk agent:
Version: 1.2.6b5
AgentOS: linux
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local

Found process list through CheckMk:
(root,204812,6572,00:03:20,1) /sbin/init
(root,0,0,00:00:02,2) [kthreadd]
(root,0,0,00:00:00,4) [kworker/0:0H]
(root,0,0,00:03:46,6) [kworker/0:1H]
(root,0,0,00:00:02,7) [ksoftirqd/0]
(root,0,0,01:13:49,8) [rcu_sched]
(root,0,0,00:00:00,9) [rcu_bh]
(root,0,0,00:00:02,10) [migration/0]
(root,0,0,00:00:00,11) [lru-add-drain]
(root,0,0,00:00:17,12) [watchdog/0]
(root,0,0,00:00:00,13) [cpuhp/0]
(root,0,0,00:00:00,14) [cpuhp/1]
(root,0,0,00:00:16,15) [watchdog/1]
(root,0,0,00:00:02,16) [migration/1]
(root,0,0,00:00:14,17) [ksoftirqd/1]
(root,0,0,00:00:00,19) [kworker/1:0H]
(root,0,0,00:00:00,20) [cpuhp/2]
(root,0,0,00:00:16,21) [watchdog/2]
(root,0,0,00:00:02,22) [migration/2]
(root,0,0,00:00:02,23) [ksoftirqd/2]
(root,0,0,00:00:00,25) [kworker/2:0H]
(root,0,0,00:00:00,26) [cpuhp/3]
(root,0,0,00:00:16,27) [watchdog/3]
(root,0,0,00:00:01,28) [migration/3]
(root,0,0,00:02:27,29) [ksoftirqd/3]
(root,0,0,00:00:00,31) [kworker/3:0H]
(root,0,0,00:00:00,32) [cpuhp/4]
(root,0,0,00:00:18,33) [watchdog/4]
(root,0,0,00:00:02,34) [migration/4]
(root,0,0,00:00:02,35) [ksoftirqd/4]
(root,0,0,00:00:00,37) [kworker/4:0H]
(root,0,0,00:00:00,38) [cpuhp/5]
(root,0,0,00:00:17,39) [watchdog/5]
(root,0,0,00:00:01,40) [migration/5]
(root,0,0,00:00:03,41) [ksoftirqd/5]
(root,0,0,00:00:00,43) [kworker/5:0H]
(root,0,0,00:00:00,44) [kdevtmpfs]
(root,0,0,00:00:00,45) [netns]
(root,0,0,00:00:06,46) [khungtaskd]
(root,0,0,00:00:00,47) [oom_reaper]
(root,0,0,00:00:00,48) [writeback]
(root,0,0,00:00:00,49) [kcompactd0]
(root,0,0,00:00:00,51) [ksmd]
(root,0,0,00:00:00,52) [khugepaged]
(root,0,0,00:00:00,53) [crypto]
(root,0,0,00:00:00,54) [kintegrityd]
(root,0,0,00:00:00,55) [bioset]
(root,0,0,00:00:00,56) [kblockd]
(root,0,0,00:00:00,57) [devfreq_wq]
(root,0,0,00:00:00,58) [watchdogd]
(root,0,0,00:01:14,59) [kswapd0]
(root,0,0,00:00:00,60) [vmstat]
(root,0,0,00:00:00,72) [kthrotld]
(root,0,0,00:00:00,73) [ipv6_addrconf]
(root,0,0,00:00:00,109) [mpt_poll_0]
(root,0,0,00:00:00,110) [mpt/0]
(root,0,0,00:00:00,111) [ata_sff]
(root,0,0,00:00:00,147) [scsi_eh_0]
(root,0,0,00:00:00,148) [scsi_tmf_0]
(root,0,0,00:00:00,149) [bioset]
(root,0,0,00:00:00,150) [scsi_eh_1]
(root,0,0,00:00:00,152) [scsi_tmf_1]
(root,0,0,00:00:00,153) [scsi_eh_2]
(root,0,0,00:00:00,154) [scsi_tmf_2]
(root,0,0,00:00:00,171) [bioset]
(root,0,0,00:03:34,174) [kworker/5:1H]
(root,0,0,00:09:45,176) [kworker/1:1H]
(root,0,0,00:03:54,177) [kworker/4:1H]
(root,0,0,00:00:00,203) [kworker/u13:0]
(root,0,0,00:04:39,212) [kworker/2:1H]
(root,0,0,00:53:08,214) [jbd2/sda3-8]
(root,0,0,00:00:00,215) [ext4-rsv-conver]
(root,0,0,00:08:14,237) [kworker/3:1H]
(root,135004,7660,01:39:20,241) /usr/bin/vmtoolsd
(root,0,0,00:00:00,242) [kauditd]
(root,62580,8288,00:38:28,253) /lib/systemd/systemd-journald
(root,47384,2924,00:00:11,305) /lib/systemd/systemd-udevd
(root,0,0,00:00:00,308) [bioset]
(root,0,0,00:00:00,309) [bioset]
(root,0,0,00:00:00,310) [bioset]
(root,0,0,00:00:00,311) [bioset]
(root,0,0,00:00:00,312) [bioset]
(root,0,0,00:00:00,313) [bioset]
(root,0,0,00:00:00,314) [bioset]
(root,0,0,00:00:00,315) [bioset]
(root,0,0,00:00:00,324) [loop4]
(root,0,0,00:00:00,329) [loop7]
(root,0,0,00:00:00,362) [ttm_swap]
(root,0,0,00:00:00,604) [jbd2/sda1-8]
(root,0,0,00:00:00,605) [ext4-rsv-conver]
(systemd+,127284,3648,00:00:17,621) /lib/systemd/systemd-timesyncd
(root,30876,2640,00:00:19,643) /usr/sbin/cron -f
(root,35912,2968,00:05:17,644) /usr/sbin/irqbalance --foreground
(root,153692,11948,00:00:00,645) /usr/bin/VGAuthService
(root,46668,4688,00:00:26,646) /lib/systemd/systemd-logind
(message+,45124,3328,00:00:29,647) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation
(root,0,0,00:00:00,654) [kworker/4:0]
(root,1300372,24876,00:08:10,656) /usr/lib/snapd/snapd
(root,58340,3200,00:00:05,863) lldpd: monitor.
(root,15740,1480,00:00:00,865) /sbin/agetty --noclear tty1 linux
(root,0,0,00:00:00,892) [kworker/3:1]
(_lldpd,58340,2060,00:01:00,911) lldpd: connected to SW_CORE_01.
(root,69956,6224,00:00:24,941) /usr/sbin/sshd -D
(root,0,0,00:00:00,951) [bioset]
(root,0,0,00:00:01,1120) [kworker/3:2]
(root,536952,38912,00:05:27,1135) /usr/sbin/apache2 -k start
(root,0,0,00:00:00,1187) [kworker/2:0]
(root,0,0,00:00:00,1248) [kworker/5:0]
(root,82324,4612,00:04:30,1371) sendmail: MTA: accepting connections
(root,0,0,00:00:00,1454) [kworker/4:1]
(root,0,0,00:00:00,1501) [kworker/0:2]
(root,0,0,00:00:00,1504) [kworker/0:0]
(root,0,0,00:00:00,1673) [kworker/4:2]
(root,20900,3360,00:00:00,1676) /bin/bash /usr/bin/check_mk_agent
(root,20896,3356,00:00:00,1706) /bin/bash /usr/bin/check_mk_agent
(root,20896,3300,00:00:00,1762) /bin/bash /usr/bin/check_mk_agent
(root,36628,2844,00:00:00,1773) ps ax -o user,vsz,rss,cputime,pid,command --columns 10000
(root,13204,844,00:00:00,1774) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4,\5) /
(root,27820,1504,00:00:00,1775) pgrep crmd
(root,54176,8416,00:00:00,2737) mc
(root,21164,3888,00:00:00,2739) bash -rcfile .bashrc
(root,0,0,00:00:00,3685) [loop8]
(root,99444,7012,00:00:00,6045) sshd: root@pts/5
(root,22688,5376,00:00:00,6051) -bash
(root,54256,8568,00:00:00,6066) mc
(root,21184,3812,00:00:00,6068) bash -rcfile .bashrc
(mysql,1554060,684828,01:14:58,6210) /usr/sbin/mysqld
(freerad,2516672,25228,00:32:01,6286) /usr/sbin/freeradius
(root,553884,5012,00:02:25,6847) /usr/sbin/rsyslogd -n
(root,318164,9028,00:00:42,7053) /usr/lib/packagekit/packagekitd
(root,286116,4908,00:00:24,7057) /usr/lib/policykit-1/polkitd --no-debug
(root,0,0,00:00:14,10052) [kworker/u12:2]
(root,54128,8220,00:00:00,10334) mc
(root,21164,3956,00:00:00,10336) bash -rcfile .bashrc
(root,337112,73624,00:04:47,10429) /usr/bin/python3 /usr/bin/fail2ban-server -s /var/run/fail2ban/fail2ban.sock -p /var/run/fail2ban/fail2ban.pid -x -b
(root,0,0,00:00:00,12334) [loop1]
(root,99352,6804,00:00:13,12655) sshd: root@pts/1
(root,22728,5408,00:00:00,12672) -bash
(root,7080,700,00:00:00,14914) tail -f /var/log/syslog
(root,0,0,00:00:00,18262) [loop2]
(root,0,0,00:00:03,19439) [kworker/u12:1]
(root,0,0,00:00:00,23770) [loop6]
(www-data,543164,40432,00:00:01,24532) /usr/sbin/apache2 -k start
(www-data,543548,40100,00:00:01,24533) /usr/sbin/apache2 -k start
(www-data,540864,29924,00:00:01,24535) /usr/sbin/apache2 -k start
(www-data,543156,40660,00:00:01,24536) /usr/sbin/apache2 -k start
(www-data,543160,39320,00:00:00,24807) /usr/sbin/apache2 -k start
(root,0,0,00:00:00,25079) [loop3]
(root,0,0,00:00:00,25227) [bioset]
(root,0,0,00:00:00,25229) [loop9]
(root,0,0,00:00:00,25240) [loop5]
(www-data,541044,30740,00:00:00,26534) /usr/sbin/apache2 -k start
(www-data,542964,37028,00:00:00,27643) /usr/sbin/apache2 -k start
(www-data,538044,28680,00:00:00,27645) /usr/sbin/apache2 -k start
(www-data,543128,37724,00:00:00,27947) /usr/sbin/apache2 -k start
(root,0,0,00:00:01,28384) [kworker/1:2]
(root,0,0,00:00:03,28893) [kworker/0:1]
(root,0,0,00:00:12,29059) [kworker/1:1]
(www-data,538160,24800,00:00:00,29065) /usr/sbin/apache2 -k start
(root,99352,6736,00:00:23,30595) sshd: root@pts/2
(root,22720,5212,00:00:00,30601) -bash
(root,0,0,00:00:01,31047) [kworker/5:2]
(root,99352,6944,00:04:50,32228) sshd: root@pts/0
(root,56536,5544,00:00:00,32230) /lib/systemd/systemd --user
(root,232396,1696,00:00:00,32231) (sd-pam)
(root,22800,5500,00:00:00,32237) -bash
(root,0,0,00:00:00,32655) [kworker/2:2]

Found on 2024-12-18 01:39

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbdb152c97192c0d284810ab27e16e94cef1cd2d70

Found public CheckMk agent:
Version: 1.2.6b5
AgentOS: linux
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local

Found process list through CheckMk:
(root,204812,6572,00:03:17,1) /sbin/init
(root,0,0,00:00:02,2) [kthreadd]
(root,0,0,00:00:00,4) [kworker/0:0H]
(root,0,0,00:03:40,6) [kworker/0:1H]
(root,0,0,00:00:02,7) [ksoftirqd/0]
(root,0,0,01:12:19,8) [rcu_sched]
(root,0,0,00:00:00,9) [rcu_bh]
(root,0,0,00:00:02,10) [migration/0]
(root,0,0,00:00:00,11) [lru-add-drain]
(root,0,0,00:00:16,12) [watchdog/0]
(root,0,0,00:00:00,13) [cpuhp/0]
(root,0,0,00:00:00,14) [cpuhp/1]
(root,0,0,00:00:15,15) [watchdog/1]
(root,0,0,00:00:02,16) [migration/1]
(root,0,0,00:00:14,17) [ksoftirqd/1]
(root,0,0,00:00:00,19) [kworker/1:0H]
(root,0,0,00:00:00,20) [cpuhp/2]
(root,0,0,00:00:16,21) [watchdog/2]
(root,0,0,00:00:02,22) [migration/2]
(root,0,0,00:00:02,23) [ksoftirqd/2]
(root,0,0,00:00:00,25) [kworker/2:0H]
(root,0,0,00:00:00,26) [cpuhp/3]
(root,0,0,00:00:16,27) [watchdog/3]
(root,0,0,00:00:01,28) [migration/3]
(root,0,0,00:02:23,29) [ksoftirqd/3]
(root,0,0,00:00:00,31) [kworker/3:0H]
(root,0,0,00:00:00,32) [cpuhp/4]
(root,0,0,00:00:17,33) [watchdog/4]
(root,0,0,00:00:02,34) [migration/4]
(root,0,0,00:00:02,35) [ksoftirqd/4]
(root,0,0,00:00:00,37) [kworker/4:0H]
(root,0,0,00:00:00,38) [cpuhp/5]
(root,0,0,00:00:17,39) [watchdog/5]
(root,0,0,00:00:01,40) [migration/5]
(root,0,0,00:00:03,41) [ksoftirqd/5]
(root,0,0,00:00:00,43) [kworker/5:0H]
(root,0,0,00:00:00,44) [kdevtmpfs]
(root,0,0,00:00:00,45) [netns]
(root,0,0,00:00:06,46) [khungtaskd]
(root,0,0,00:00:00,47) [oom_reaper]
(root,0,0,00:00:00,48) [writeback]
(root,0,0,00:00:00,49) [kcompactd0]
(root,0,0,00:00:00,51) [ksmd]
(root,0,0,00:00:00,52) [khugepaged]
(root,0,0,00:00:00,53) [crypto]
(root,0,0,00:00:00,54) [kintegrityd]
(root,0,0,00:00:00,55) [bioset]
(root,0,0,00:00:00,56) [kblockd]
(root,0,0,00:00:00,57) [devfreq_wq]
(root,0,0,00:00:00,58) [watchdogd]
(root,0,0,00:01:11,59) [kswapd0]
(root,0,0,00:00:00,60) [vmstat]
(root,0,0,00:00:00,72) [kthrotld]
(root,0,0,00:00:00,73) [ipv6_addrconf]
(root,0,0,00:00:00,109) [mpt_poll_0]
(root,0,0,00:00:00,110) [mpt/0]
(root,0,0,00:00:00,111) [ata_sff]
(root,0,0,00:00:00,147) [scsi_eh_0]
(root,0,0,00:00:00,148) [scsi_tmf_0]
(root,0,0,00:00:00,149) [bioset]
(root,0,0,00:00:00,150) [scsi_eh_1]
(root,0,0,00:00:00,152) [scsi_tmf_1]
(root,0,0,00:00:00,153) [scsi_eh_2]
(root,0,0,00:00:00,154) [scsi_tmf_2]
(root,0,0,00:00:00,171) [bioset]
(root,0,0,00:03:27,174) [kworker/5:1H]
(root,0,0,00:09:34,176) [kworker/1:1H]
(root,0,0,00:03:48,177) [kworker/4:1H]
(root,0,0,00:00:00,203) [kworker/u13:0]
(root,0,0,00:04:31,212) [kworker/2:1H]
(root,0,0,00:51:54,214) [jbd2/sda3-8]
(root,0,0,00:00:00,215) [ext4-rsv-conver]
(root,0,0,00:08:03,237) [kworker/3:1H]
(root,135004,7672,01:37:15,241) /usr/bin/vmtoolsd
(root,0,0,00:00:00,242) [kauditd]
(root,62580,6504,00:38:25,253) /lib/systemd/systemd-journald
(root,47384,2924,00:00:11,305) /lib/systemd/systemd-udevd
(root,0,0,00:00:00,308) [bioset]
(root,0,0,00:00:00,309) [bioset]
(root,0,0,00:00:00,310) [bioset]
(root,0,0,00:00:00,311) [bioset]
(root,0,0,00:00:00,312) [bioset]
(root,0,0,00:00:00,313) [bioset]
(root,0,0,00:00:00,314) [bioset]
(root,0,0,00:00:00,315) [bioset]
(root,0,0,00:00:00,324) [loop4]
(root,0,0,00:00:00,329) [loop7]
(root,0,0,00:00:00,362) [ttm_swap]
(root,0,0,00:00:00,604) [jbd2/sda1-8]
(root,0,0,00:00:00,605) [ext4-rsv-conver]
(systemd+,127284,3648,00:00:17,621) /lib/systemd/systemd-timesyncd
(root,30876,2640,00:00:18,643) /usr/sbin/cron -f
(root,35912,2968,00:05:10,644) /usr/sbin/irqbalance --foreground
(root,153692,11948,00:00:00,645) /usr/bin/VGAuthService
(root,46668,4688,00:00:25,646) /lib/systemd/systemd-logind
(message+,45124,3328,00:00:29,647) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation
(root,1300372,24884,00:08:00,656) /usr/lib/snapd/snapd
(root,58340,3240,00:00:05,863) lldpd: monitor.
(root,15740,1480,00:00:00,865) /sbin/agetty --noclear tty1 linux
(_lldpd,58340,2096,00:00:59,911) lldpd: connected to SW_CORE_01.
(root,69956,6224,00:00:24,941) /usr/sbin/sshd -D
(root,0,0,00:00:00,951) [bioset]
(www-data,537984,27228,00:00:00,967) /usr/sbin/apache2 -k start
(www-data,538212,27804,00:00:00,968) /usr/sbin/apache2 -k start
(www-data,538148,27384,00:00:00,969) /usr/sbin/apache2 -k start
(www-data,537980,26772,00:00:00,970) /usr/sbin/apache2 -k start
(www-data,537988,27044,00:00:00,971) /usr/sbin/apache2 -k start
(root,536952,38852,00:05:20,1135) /usr/sbin/apache2 -k start
(www-data,538148,27236,00:00:00,1208) /usr/sbin/apache2 -k start
(root,82324,4612,00:04:24,1371) sendmail: MTA: accepting connections
(www-data,538152,26928,00:00:00,1677) /usr/sbin/apache2 -k start
(root,0,0,00:00:01,2125) [kworker/2:1]
(root,0,0,00:00:02,2441) [kworker/u12:1]
(root,54176,8416,00:00:00,2737) mc
(root,21164,3888,00:00:00,2739) bash -rcfile .bashrc
(root,0,0,00:00:00,3044) [kworker/5:1]
(root,0,0,00:00:00,3685) [loop8]
(root,0,0,00:00:02,4145) [kworker/5:0]
(root,0,0,00:00:03,4365) [kworker/2:0]
(root,99444,7012,00:00:00,6045) sshd: root@pts/5
(root,22688,5376,00:00:00,6051) -bash
(root,54104,8368,00:00:00,6066) mc
(root,21168,3796,00:00:00,6068) bash -rcfile .bashrc
(mysql,1508804,673928,00:11:41,6210) /usr/sbin/mysqld
(freerad,2516672,23840,00:04:58,6286) /usr/sbin/freeradius
(root,0,0,00:00:01,6830) [kworker/4:1]
(root,553884,5020,00:02:19,6847) /usr/sbin/rsyslogd -n
(root,0,0,00:00:02,7036) [kworker/0:0]
(root,318164,9040,00:00:41,7053) /usr/lib/packagekit/packagekitd
(root,286116,4928,00:00:24,7057) /usr/lib/policykit-1/polkitd --no-debug
(root,0,0,00:00:02,8693) [kworker/1:2]
(root,0,0,00:00:00,9118) [kworker/3:1]
(root,0,0,00:00:02,9337) [kworker/3:2]
(root,0,0,00:00:00,9537) [kworker/4:2]
(root,0,0,00:00:00,9756) [kworker/1:0]
(root,0,0,00:00:00,9761) [kworker/0:2]
(root,0,0,00:00:00,9764) [kworker/0:1]
(root,54168,2688,00:00:00,9769) /usr/sbin/CRON -f
(smmsp,4276,752,00:00:00,9770) /bin/sh -c test -x /etc/init.d/sendmail && test -x /usr/share/sendmail/sendmail && test -x /usr/lib/sm.bin/sendmail && /usr/share/sendmail/sendmail cron-msp
(smmsp,4408,1568,00:00:00,9771) /bin/sh /usr/share/sendmail/sendmail cron-msp
(smmsp,62740,6524,00:00:00,9788) /usr/sbin/sendmail-msp -qf -Ac -L sm-msp-queue
(root,20896,3372,00:00:00,9791) /bin/bash /usr/bin/check_mk_agent
(root,20896,3352,00:00:00,9794) /bin/bash /usr/bin/check_mk_agent
(root,20896,3396,00:00:00,9818) /bin/bash /usr/bin/check_mk_agent
(root,20896,1824,00:00:00,9822) /bin/bash /usr/bin/check_mk_agent
(root,20896,1824,00:00:00,9824) /bin/bash /usr/bin/check_mk_agent
(root,176,4,00:00:00,9825) [cut]
(root,22948,736,00:00:00,9826) sort
(root,176,4,00:00:00,9828) [cut]
(root,22948,836,00:00:00,9829) sort
(root,36628,2856,00:00:00,9835) ps ax -o user,vsz,rss,cputime,pid,command --columns 10000
(root,0,0,00:00:14,10052) [kworker/u12:2]
(root,54128,8220,00:00:00,10334) mc
(root,21164,3956,00:00:00,10336) bash -rcfile .bashrc
(root,337112,73644,00:04:18,10429) /usr/bin/python3 /usr/bin/fail2ban-server -s /var/run/fail2ban/fail2ban.sock -p /var/run/fail2ban/fail2ban.pid -x -b
(root,0,0,00:00:00,12334) [loop1]
(root,99352,6804,00:00:12,12655) sshd: root@pts/1
(root,22728,5408,00:00:00,12672) -bash
(root,0,0,00:00:00,18262) [loop2]
(root,0,0,00:00:00,23770) [loop6]
(root,0,0,00:00:00,25079) [loop3]
(root,0,0,00:00:00,25227) [bioset]
(root,0,0,00:00:00,25229) [loop9]
(root,0,0,00:00:00,25240) [loop5]
(root,99352,6736,00:00:22,30595) sshd: root@pts/2
(root,22720,5212,00:00:00,30601) -bash
(root,99352,6944,00:04:49,32228) sshd: root@pts/0
(root,56536,5544,00:00:00,32230) /lib/systemd/systemd --user
(root,232396,1696,00:00:00,32231) (sd-pam)
(root,22800,5500,00:00:00,32237) -bash

Found on 2024-12-15 23:20

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbdb152c97192c0d284810ab27e16e94cef5794ccb

Found public CheckMk agent:
Version: 1.2.6b5
AgentOS: linux
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local

Found process list through CheckMk:
(root,204812,6572,00:02:37,1) /sbin/init
(root,0,0,00:00:02,2) [kthreadd]
(root,0,0,00:00:00,4) [kworker/0:0H]
(root,0,0,00:03:36,6) [kworker/0:1H]
(root,0,0,00:00:02,7) [ksoftirqd/0]
(root,0,0,01:10:47,8) [rcu_sched]
(root,0,0,00:00:00,9) [rcu_bh]
(root,0,0,00:00:01,10) [migration/0]
(root,0,0,00:00:00,11) [lru-add-drain]
(root,0,0,00:00:16,12) [watchdog/0]
(root,0,0,00:00:00,13) [cpuhp/0]
(root,0,0,00:00:00,14) [cpuhp/1]
(root,0,0,00:00:15,15) [watchdog/1]
(root,0,0,00:00:02,16) [migration/1]
(root,0,0,00:00:13,17) [ksoftirqd/1]
(root,0,0,00:00:00,19) [kworker/1:0H]
(root,0,0,00:00:00,20) [cpuhp/2]
(root,0,0,00:00:15,21) [watchdog/2]
(root,0,0,00:00:01,22) [migration/2]
(root,0,0,00:00:02,23) [ksoftirqd/2]
(root,0,0,00:00:00,25) [kworker/2:0H]
(root,0,0,00:00:00,26) [cpuhp/3]
(root,0,0,00:00:15,27) [watchdog/3]
(root,0,0,00:00:01,28) [migration/3]
(root,0,0,00:02:19,29) [ksoftirqd/3]
(root,0,0,00:00:00,31) [kworker/3:0H]
(root,0,0,00:00:00,32) [cpuhp/4]
(root,0,0,00:00:17,33) [watchdog/4]
(root,0,0,00:00:02,34) [migration/4]
(root,0,0,00:00:02,35) [ksoftirqd/4]
(root,0,0,00:00:00,37) [kworker/4:0H]
(root,0,0,00:00:00,38) [cpuhp/5]
(root,0,0,00:00:16,39) [watchdog/5]
(root,0,0,00:00:01,40) [migration/5]
(root,0,0,00:00:03,41) [ksoftirqd/5]
(root,0,0,00:00:00,43) [kworker/5:0H]
(root,0,0,00:00:00,44) [kdevtmpfs]
(root,0,0,00:00:00,45) [netns]
(root,0,0,00:00:06,46) [khungtaskd]
(root,0,0,00:00:00,47) [oom_reaper]
(root,0,0,00:00:00,48) [writeback]
(root,0,0,00:00:00,49) [kcompactd0]
(root,0,0,00:00:00,51) [ksmd]
(root,0,0,00:00:00,52) [khugepaged]
(root,0,0,00:00:00,53) [crypto]
(root,0,0,00:00:00,54) [kintegrityd]
(root,0,0,00:00:00,55) [bioset]
(root,0,0,00:00:00,56) [kblockd]
(root,0,0,00:00:00,57) [devfreq_wq]
(root,0,0,00:00:00,58) [watchdogd]
(root,0,0,00:01:09,59) [kswapd0]
(root,0,0,00:00:00,60) [vmstat]
(root,0,0,00:00:00,72) [kthrotld]
(root,0,0,00:00:00,73) [ipv6_addrconf]
(root,0,0,00:00:00,109) [mpt_poll_0]
(root,0,0,00:00:00,110) [mpt/0]
(root,0,0,00:00:00,111) [ata_sff]
(root,0,0,00:00:00,147) [scsi_eh_0]
(root,0,0,00:00:00,148) [scsi_tmf_0]
(root,0,0,00:00:00,149) [bioset]
(root,0,0,00:00:00,150) [scsi_eh_1]
(root,0,0,00:00:00,152) [scsi_tmf_1]
(root,0,0,00:00:00,153) [scsi_eh_2]
(root,0,0,00:00:00,154) [scsi_tmf_2]
(root,0,0,00:00:00,171) [bioset]
(root,0,0,00:03:23,174) [kworker/5:1H]
(root,0,0,00:09:25,176) [kworker/1:1H]
(root,0,0,00:03:44,177) [kworker/4:1H]
(root,0,0,00:00:00,203) [kworker/u13:0]
(root,0,0,00:04:26,212) [kworker/2:1H]
(root,0,0,00:51:03,214) [jbd2/sda3-8]
(root,0,0,00:00:00,215) [ext4-rsv-conver]
(root,0,0,00:07:54,237) [kworker/3:1H]
(root,135004,7672,01:35:15,241) /usr/bin/vmtoolsd
(root,0,0,00:00:00,242) [kauditd]
(root,70776,10364,00:38:04,253) /lib/systemd/systemd-journald
(root,47384,2924,00:00:11,305) /lib/systemd/systemd-udevd
(root,0,0,00:00:00,308) [bioset]
(root,0,0,00:00:00,309) [bioset]
(root,0,0,00:00:00,310) [bioset]
(root,0,0,00:00:00,311) [bioset]
(root,0,0,00:00:00,312) [bioset]
(root,0,0,00:00:00,313) [bioset]
(root,0,0,00:00:00,314) [bioset]
(root,0,0,00:00:00,315) [bioset]
(root,0,0,00:00:00,324) [loop4]
(root,0,0,00:00:00,329) [loop7]
(root,0,0,00:00:00,362) [ttm_swap]
(root,0,0,00:00:00,604) [jbd2/sda1-8]
(root,0,0,00:00:00,605) [ext4-rsv-conver]
(systemd+,127284,3648,00:00:17,621) /lib/systemd/systemd-timesyncd
(root,30876,2640,00:00:18,643) /usr/sbin/cron -f
(root,35912,2968,00:05:04,644) /usr/sbin/irqbalance --foreground
(root,153692,11948,00:00:00,645) /usr/bin/VGAuthService
(root,46668,4540,00:00:21,646) /lib/systemd/systemd-logind
(message+,45124,3328,00:00:23,647) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation
(root,1300372,24736,00:07:50,656) /usr/lib/snapd/snapd
(root,58340,3240,00:00:05,863) lldpd: monitor.
(root,15740,1480,00:00:00,865) /sbin/agetty --noclear tty1 linux
(_lldpd,58340,2096,00:00:58,911) lldpd: connected to SW_CORE_01.
(root,69956,6224,00:00:24,941) /usr/sbin/sshd -D
(root,0,0,00:00:00,951) [bioset]
(root,536952,38912,00:05:14,1135) /usr/sbin/apache2 -k start
(root,82324,4608,00:04:18,1371) sendmail: MTA: accepting connections
(root,54176,8416,00:00:00,2737) mc
(root,21164,3888,00:00:00,2739) bash -rcfile .bashrc
(root,0,0,00:00:00,3685) [loop8]
(www-data,542952,40616,00:00:00,4208) /usr/sbin/apache2 -k start
(www-data,543040,48568,00:00:01,4209) /usr/sbin/apache2 -k start
(www-data,543116,39852,00:00:00,4210) /usr/sbin/apache2 -k start
(root,0,0,00:00:02,5316) [kworker/5:0]
(www-data,543176,40336,00:00:00,5347) /usr/sbin/apache2 -k start
(root,553884,5020,00:02:10,6847) /usr/sbin/rsyslogd -n
(root,318164,9040,00:00:40,7053) /usr/lib/packagekit/packagekitd
(root,286116,4928,00:00:23,7057) /usr/lib/policykit-1/polkitd --no-debug
(www-data,542384,39916,00:00:00,7613) /usr/sbin/apache2 -k start
(www-data,542972,40856,00:00:00,7614) /usr/sbin/apache2 -k start
(www-data,542376,39944,00:00:00,7618) /usr/sbin/apache2 -k start
(www-data,537968,27160,00:00:00,7619) /usr/sbin/apache2 -k start
(www-data,543120,39260,00:00:00,7629) /usr/sbin/apache2 -k start
(www-data,542764,38496,00:00:00,7664) /usr/sbin/apache2 -k start
(root,0,0,00:00:01,10046) [kworker/0:2]
(root,0,0,00:00:14,10052) [kworker/u12:2]
(root,0,0,00:00:01,10216) [kworker/3:0]
(root,54128,8220,00:00:00,10334) mc
(root,21164,3956,00:00:00,10336) bash -rcfile .bashrc
(root,337112,73644,00:03:49,10429) /usr/bin/python3 /usr/bin/fail2ban-server -s /var/run/fail2ban/fail2ban.sock -p /var/run/fail2ban/fail2ban.pid -x -b
(root,0,0,00:00:00,10732) [kworker/4:0]
(root,0,0,00:00:06,10735) [kworker/3:1]
(root,0,0,00:00:00,11397) [kworker/2:1]
(root,0,0,00:00:00,11843) [kworker/2:0]
(root,0,0,00:00:00,12073) [kworker/5:1]
(root,0,0,00:00:00,12294) [kworker/1:1]
(root,0,0,00:00:00,12328) [kworker/0:0]
(root,0,0,00:00:00,12334) [loop1]
(root,0,0,00:00:00,12370) [kworker/4:2]
(root,0,0,00:00:00,12371) [kworker/1:2]
(root,0,0,00:00:00,12377) [kworker/0:1]
(root,0,0,00:00:00,12433) [check_mk_agent]
(root,0,0,00:00:00,12492) [kworker/3:2]
(root,20896,3180,00:00:00,12493) /bin/bash /usr/bin/check_mk_agent
(root,36628,2844,00:00:00,12501) ps ax -o user,vsz,rss,cputime,pid,command --columns 10000
(root,13204,984,00:00:00,12502) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4,\5) /
(root,99352,6804,00:00:11,12655) sshd: root@pts/1
(root,22728,5408,00:00:00,12672) -bash
(mysql,1624100,697512,12:07:42,14258) /usr/sbin/mysqld
(root,0,0,00:00:24,16518) [kworker/u12:0]
(root,0,0,00:00:00,18262) [loop2]
(freerad,2516196,22092,03:53:30,20378) /usr/sbin/freeradius
(root,0,0,00:00:00,23770) [loop6]
(root,0,0,00:00:00,25079) [loop3]
(root,0,0,00:00:00,25227) [bioset]
(root,0,0,00:00:00,25229) [loop9]
(root,0,0,00:00:00,25240) [loop5]
(root,99352,6736,00:00:22,30595) sshd: root@pts/2
(root,22720,5212,00:00:00,30601) -bash
(root,99352,6944,00:04:49,32228) sshd: root@pts/0
(root,56536,5544,00:00:00,32230) /lib/systemd/systemd --user
(root,232396,1696,00:00:00,32231) (sd-pam)
(root,22800,5500,00:00:00,32237) -bash

Found on 2024-12-13 22:58

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbdb152c97192c0d284810ab27e16e94ce53e4a210

Found public CheckMk agent:
Version: 1.2.6b5
AgentOS: linux
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local

Found process list through CheckMk:
(root,204812,6280,00:02:35,1) /sbin/init
(root,0,0,00:00:02,2) [kthreadd]
(root,0,0,00:00:00,4) [kworker/0:0H]
(root,0,0,00:03:29,6) [kworker/0:1H]
(root,0,0,00:00:02,7) [ksoftirqd/0]
(root,0,0,01:09:23,8) [rcu_sched]
(root,0,0,00:00:00,9) [rcu_bh]
(root,0,0,00:00:01,10) [migration/0]
(root,0,0,00:00:00,11) [lru-add-drain]
(root,0,0,00:00:16,12) [watchdog/0]
(root,0,0,00:00:00,13) [cpuhp/0]
(root,0,0,00:00:00,14) [cpuhp/1]
(root,0,0,00:00:15,15) [watchdog/1]
(root,0,0,00:00:02,16) [migration/1]
(root,0,0,00:00:13,17) [ksoftirqd/1]
(root,0,0,00:00:00,19) [kworker/1:0H]
(root,0,0,00:00:00,20) [cpuhp/2]
(root,0,0,00:00:15,21) [watchdog/2]
(root,0,0,00:00:01,22) [migration/2]
(root,0,0,00:00:02,23) [ksoftirqd/2]
(root,0,0,00:00:00,25) [kworker/2:0H]
(root,0,0,00:00:00,26) [cpuhp/3]
(root,0,0,00:00:15,27) [watchdog/3]
(root,0,0,00:00:01,28) [migration/3]
(root,0,0,00:02:14,29) [ksoftirqd/3]
(root,0,0,00:00:00,31) [kworker/3:0H]
(root,0,0,00:00:00,32) [cpuhp/4]
(root,0,0,00:00:17,33) [watchdog/4]
(root,0,0,00:00:02,34) [migration/4]
(root,0,0,00:00:02,35) [ksoftirqd/4]
(root,0,0,00:00:00,37) [kworker/4:0H]
(root,0,0,00:00:00,38) [cpuhp/5]
(root,0,0,00:00:16,39) [watchdog/5]
(root,0,0,00:00:01,40) [migration/5]
(root,0,0,00:00:03,41) [ksoftirqd/5]
(root,0,0,00:00:00,43) [kworker/5:0H]
(root,0,0,00:00:00,44) [kdevtmpfs]
(root,0,0,00:00:00,45) [netns]
(root,0,0,00:00:06,46) [khungtaskd]
(root,0,0,00:00:00,47) [oom_reaper]
(root,0,0,00:00:00,48) [writeback]
(root,0,0,00:00:00,49) [kcompactd0]
(root,0,0,00:00:00,51) [ksmd]
(root,0,0,00:00:00,52) [khugepaged]
(root,0,0,00:00:00,53) [crypto]
(root,0,0,00:00:00,54) [kintegrityd]
(root,0,0,00:00:00,55) [bioset]
(root,0,0,00:00:00,56) [kblockd]
(root,0,0,00:00:00,57) [devfreq_wq]
(root,0,0,00:00:00,58) [watchdogd]
(root,0,0,00:01:06,59) [kswapd0]
(root,0,0,00:00:00,60) [vmstat]
(root,0,0,00:00:00,72) [kthrotld]
(root,0,0,00:00:00,73) [ipv6_addrconf]
(root,0,0,00:00:00,109) [mpt_poll_0]
(root,0,0,00:00:00,110) [mpt/0]
(root,0,0,00:00:00,111) [ata_sff]
(root,0,0,00:00:00,147) [scsi_eh_0]
(root,0,0,00:00:00,148) [scsi_tmf_0]
(root,0,0,00:00:00,149) [bioset]
(root,0,0,00:00:00,150) [scsi_eh_1]
(root,0,0,00:00:00,152) [scsi_tmf_1]
(root,0,0,00:00:00,153) [scsi_eh_2]
(root,0,0,00:00:00,154) [scsi_tmf_2]
(root,0,0,00:00:00,171) [bioset]
(root,0,0,00:03:17,174) [kworker/5:1H]
(root,0,0,00:09:12,176) [kworker/1:1H]
(root,0,0,00:03:38,177) [kworker/4:1H]
(root,0,0,00:00:00,203) [kworker/u13:0]
(root,0,0,00:04:19,212) [kworker/2:1H]
(root,0,0,00:49:51,214) [jbd2/sda3-8]
(root,0,0,00:00:00,215) [ext4-rsv-conver]
(root,0,0,00:07:42,237) [kworker/3:1H]
(root,135004,7672,01:33:18,241) /usr/bin/vmtoolsd
(root,0,0,00:00:00,242) [kauditd]
(root,62580,8288,00:38:02,253) /lib/systemd/systemd-journald
(root,47384,2700,00:00:11,305) /lib/systemd/systemd-udevd
(root,0,0,00:00:00,308) [bioset]
(root,0,0,00:00:00,309) [bioset]
(root,0,0,00:00:00,310) [bioset]
(root,0,0,00:00:00,311) [bioset]
(root,0,0,00:00:00,312) [bioset]
(root,0,0,00:00:00,313) [bioset]
(root,0,0,00:00:00,314) [bioset]
(root,0,0,00:00:00,315) [bioset]
(root,0,0,00:00:00,324) [loop4]
(root,0,0,00:00:00,329) [loop7]
(root,0,0,00:00:00,362) [ttm_swap]
(root,0,0,00:00:00,604) [jbd2/sda1-8]
(root,0,0,00:00:00,605) [ext4-rsv-conver]
(systemd+,127284,3648,00:00:16,621) /lib/systemd/systemd-timesyncd
(root,30876,2640,00:00:18,643) /usr/sbin/cron -f
(root,35912,2968,00:04:57,644) /usr/sbin/irqbalance --foreground
(root,153692,12072,00:00:00,645) /usr/bin/VGAuthService
(root,46668,4540,00:00:21,646) /lib/systemd/systemd-logind
(message+,45124,3316,00:00:23,647) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation
(root,1300372,22188,00:07:40,656) /usr/lib/snapd/snapd
(root,58340,3308,00:00:05,863) lldpd: monitor.
(root,15740,1480,00:00:00,865) /sbin/agetty --noclear tty1 linux
(_lldpd,58340,2168,00:00:56,911) lldpd: connected to SW_CORE_01.
(root,69956,6224,00:00:24,941) /usr/sbin/sshd -D
(root,0,0,00:00:00,951) [bioset]
(root,536952,38728,00:05:07,1135) /usr/sbin/apache2 -k start
(root,82324,4608,00:04:13,1371) sendmail: MTA: accepting connections
(root,54176,8416,00:00:00,2737) mc
(root,21164,3888,00:00:00,2739) bash -rcfile .bashrc
(root,0,0,00:00:00,3685) [loop8]
(root,0,0,00:00:00,4042) [loop0]
(root,553884,5020,00:02:05,6847) /usr/sbin/rsyslogd -n
(root,318164,9040,00:00:40,7053) /usr/lib/packagekit/packagekitd
(root,286116,4928,00:00:23,7057) /usr/lib/policykit-1/polkitd --no-debug
(root,0,0,00:00:14,10052) [kworker/u12:2]
(root,54128,8220,00:00:00,10334) mc
(root,21164,3956,00:00:00,10336) bash -rcfile .bashrc
(root,337112,73644,00:03:22,10429) /usr/bin/python3 /usr/bin/fail2ban-server -s /var/run/fail2ban/fail2ban.sock -p /var/run/fail2ban/fail2ban.pid -x -b
(www-data,538120,26948,00:00:00,12197) /usr/sbin/apache2 -k start
(www-data,537952,26240,00:00:00,12198) /usr/sbin/apache2 -k start
(www-data,538120,26616,00:00:00,12199) /usr/sbin/apache2 -k start
(www-data,538132,26992,00:00:00,12200) /usr/sbin/apache2 -k start
(www-data,537952,25656,00:00:00,12201) /usr/sbin/apache2 -k start
(root,0,0,00:00:02,12292) [kworker/2:2]
(root,0,0,00:00:00,12334) [loop1]
(www-data,537576,26108,00:00:00,12478) /usr/sbin/apache2 -k start
(www-data,538520,27436,00:00:00,12482) /usr/sbin/apache2 -k start
(www-data,538008,27144,00:00:00,12483) /usr/sbin/apache2 -k start
(root,99352,6804,00:00:11,12655) sshd: root@pts/1
(root,22728,5408,00:00:00,12672) -bash
(root,0,0,00:00:00,13105) [kworker/4:2]
(mysql,1622900,697928,11:01:58,14258) /usr/sbin/mysqld
(root,0,0,00:00:02,16244) [kworker/4:1]
(root,0,0,00:00:18,16518) [kworker/u12:0]
(root,0,0,00:00:00,17016) [kworker/5:0]
(root,0,0,00:00:02,17292) [kworker/2:1]
(root,0,0,00:00:01,17927) [kworker/5:1]
(root,0,0,00:00:00,18262) [loop2]
(root,0,0,00:00:00,19074) [kworker/1:0]
(root,0,0,00:00:05,19282) [kworker/1:1]
(root,0,0,00:00:00,19953) [kworker/0:0]
(freerad,2516196,22104,03:24:49,20378) /usr/sbin/freeradius
(root,0,0,00:00:00,21100) [kworker/3:1]
(root,0,0,00:00:00,21329) [kworker/3:0]
(root,0,0,00:00:00,21340) [kworker/0:1]
(root,0,0,00:00:00,21366) [kworker/0:2]
(root,0,0,00:00:00,21482) [kworker/5:2]
(root,0,0,00:00:00,21487) [kworker/3:2]
(root,20896,3352,00:00:00,21488) /bin/bash /usr/bin/check_mk_agent
(root,36628,2792,00:00:00,21494) ps ax -o user,vsz,rss,cputime,pid,command --columns 10000
(root,13204,960,00:00:00,21495) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4,\5) /
(root,0,0,00:00:00,25079) [loop3]
(root,0,0,00:00:00,25227) [bioset]
(root,0,0,00:00:00,25229) [loop9]
(root,0,0,00:00:00,25240) [loop5]
(root,99352,6736,00:00:20,30595) sshd: root@pts/2
(root,22720,5212,00:00:00,30601) -bash
(root,99352,6944,00:04:48,32228) sshd: root@pts/0
(root,56536,5544,00:00:00,32230) /lib/systemd/systemd --user
(root,232396,1696,00:00:00,32231) (sd-pam)
(root,22800,5500,00:00:00,32237) -bash

Found on 2024-12-11 23:23

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbdb152c97192c0d284810ab27e16e94ce185f0a90

Found public CheckMk agent:
Version: 1.2.6b5
AgentOS: linux
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local

Found process list through CheckMk:
(root,204812,6288,00:02:32,1) /sbin/init
(root,0,0,00:00:02,2) [kthreadd]
(root,0,0,00:00:00,4) [kworker/0:0H]
(root,0,0,00:03:23,6) [kworker/0:1H]
(root,0,0,00:00:02,7) [ksoftirqd/0]
(root,0,0,01:08:01,8) [rcu_sched]
(root,0,0,00:00:00,9) [rcu_bh]
(root,0,0,00:00:01,10) [migration/0]
(root,0,0,00:00:00,11) [lru-add-drain]
(root,0,0,00:00:15,12) [watchdog/0]
(root,0,0,00:00:00,13) [cpuhp/0]
(root,0,0,00:00:00,14) [cpuhp/1]
(root,0,0,00:00:14,15) [watchdog/1]
(root,0,0,00:00:02,16) [migration/1]
(root,0,0,00:00:13,17) [ksoftirqd/1]
(root,0,0,00:00:00,19) [kworker/1:0H]
(root,0,0,00:00:00,20) [cpuhp/2]
(root,0,0,00:00:15,21) [watchdog/2]
(root,0,0,00:00:01,22) [migration/2]
(root,0,0,00:00:02,23) [ksoftirqd/2]
(root,0,0,00:00:00,25) [kworker/2:0H]
(root,0,0,00:00:00,26) [cpuhp/3]
(root,0,0,00:00:15,27) [watchdog/3]
(root,0,0,00:00:01,28) [migration/3]
(root,0,0,00:02:10,29) [ksoftirqd/3]
(root,0,0,00:00:00,31) [kworker/3:0H]
(root,0,0,00:00:00,32) [cpuhp/4]
(root,0,0,00:00:16,33) [watchdog/4]
(root,0,0,00:00:01,34) [migration/4]
(root,0,0,00:00:02,35) [ksoftirqd/4]
(root,0,0,00:00:00,37) [kworker/4:0H]
(root,0,0,00:00:00,38) [cpuhp/5]
(root,0,0,00:00:15,39) [watchdog/5]
(root,0,0,00:00:01,40) [migration/5]
(root,0,0,00:00:03,41) [ksoftirqd/5]
(root,0,0,00:00:00,43) [kworker/5:0H]
(root,0,0,00:00:00,44) [kdevtmpfs]
(root,0,0,00:00:00,45) [netns]
(root,0,0,00:00:05,46) [khungtaskd]
(root,0,0,00:00:00,47) [oom_reaper]
(root,0,0,00:00:00,48) [writeback]
(root,0,0,00:00:00,49) [kcompactd0]
(root,0,0,00:00:00,51) [ksmd]
(root,0,0,00:00:00,52) [khugepaged]
(root,0,0,00:00:00,53) [crypto]
(root,0,0,00:00:00,54) [kintegrityd]
(root,0,0,00:00:00,55) [bioset]
(root,0,0,00:00:00,56) [kblockd]
(root,0,0,00:00:00,57) [devfreq_wq]
(root,0,0,00:00:00,58) [watchdogd]
(root,0,0,00:01:02,59) [kswapd0]
(root,0,0,00:00:00,60) [vmstat]
(root,0,0,00:00:00,72) [kthrotld]
(root,0,0,00:00:00,73) [ipv6_addrconf]
(root,0,0,00:00:00,109) [mpt_poll_0]
(root,0,0,00:00:00,110) [mpt/0]
(root,0,0,00:00:00,111) [ata_sff]
(root,0,0,00:00:00,147) [scsi_eh_0]
(root,0,0,00:00:00,148) [scsi_tmf_0]
(root,0,0,00:00:00,149) [bioset]
(root,0,0,00:00:00,150) [scsi_eh_1]
(root,0,0,00:00:00,152) [scsi_tmf_1]
(root,0,0,00:00:00,153) [scsi_eh_2]
(root,0,0,00:00:00,154) [scsi_tmf_2]
(root,0,0,00:00:00,171) [bioset]
(root,0,0,00:03:10,174) [kworker/5:1H]
(root,0,0,00:08:59,176) [kworker/1:1H]
(root,0,0,00:03:32,177) [kworker/4:1H]
(root,0,0,00:00:00,203) [kworker/u13:0]
(root,0,0,00:04:12,212) [kworker/2:1H]
(root,0,0,00:48:37,214) [jbd2/sda3-8]
(root,0,0,00:00:00,215) [ext4-rsv-conver]
(root,0,0,00:07:31,237) [kworker/3:1H]
(root,135004,7672,01:31:21,241) /usr/bin/vmtoolsd
(root,0,0,00:00:00,242) [kauditd]
(root,62580,6752,00:37:59,253) /lib/systemd/systemd-journald
(root,47384,2700,00:00:10,305) /lib/systemd/systemd-udevd
(root,0,0,00:00:00,308) [bioset]
(root,0,0,00:00:00,309) [bioset]
(root,0,0,00:00:00,310) [bioset]
(root,0,0,00:00:00,311) [bioset]
(root,0,0,00:00:00,312) [bioset]
(root,0,0,00:00:00,313) [bioset]
(root,0,0,00:00:00,314) [bioset]
(root,0,0,00:00:00,315) [bioset]
(root,0,0,00:00:00,324) [loop4]
(root,0,0,00:00:00,329) [loop7]
(root,0,0,00:00:00,362) [ttm_swap]
(root,0,0,00:00:00,604) [jbd2/sda1-8]
(root,0,0,00:00:00,605) [ext4-rsv-conver]
(systemd+,127284,3648,00:00:16,621) /lib/systemd/systemd-timesyncd
(root,30876,2640,00:00:17,643) /usr/sbin/cron -f
(root,35912,2968,00:04:51,644) /usr/sbin/irqbalance --foreground
(root,153692,12076,00:00:00,645) /usr/bin/VGAuthService
(root,46668,4540,00:00:21,646) /lib/systemd/systemd-logind
(message+,45124,3328,00:00:23,647) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation
(root,1300372,22592,00:07:31,656) /usr/lib/snapd/snapd
(root,58340,3308,00:00:05,863) lldpd: monitor.
(root,15740,1480,00:00:00,865) /sbin/agetty --noclear tty1 linux
(_lldpd,58340,2168,00:00:55,911) lldpd: connected to SW_CORE_01.
(root,69956,6232,00:00:23,941) /usr/sbin/sshd -D
(root,0,0,00:00:00,951) [bioset]
(root,536952,38908,00:05:01,1135) /usr/sbin/apache2 -k start
(root,82324,4608,00:04:08,1371) sendmail: MTA: accepting connections
(root,54176,8416,00:00:00,2737) mc
(root,21164,3888,00:00:00,2739) bash -rcfile .bashrc
(root,0,0,00:00:00,3685) [loop8]
(root,0,0,00:00:00,4042) [loop0]
(root,553884,5020,00:01:59,6847) /usr/sbin/rsyslogd -n
(root,318164,9040,00:00:39,7053) /usr/lib/packagekit/packagekitd
(root,286116,4928,00:00:22,7057) /usr/lib/policykit-1/polkitd --no-debug
(root,0,0,00:00:14,10052) [kworker/u12:2]
(root,54128,8220,00:00:00,10334) mc
(root,21164,3956,00:00:00,10336) bash -rcfile .bashrc
(root,337112,73644,00:02:54,10429) /usr/bin/python3 /usr/bin/fail2ban-server -s /var/run/fail2ban/fail2ban.sock -p /var/run/fail2ban/fail2ban.pid -x -b
(root,0,0,00:00:00,12334) [loop1]
(root,99352,6840,00:00:10,12655) sshd: root@pts/1
(root,22728,5408,00:00:00,12672) -bash
(mysql,1618700,698284,09:55:51,14258) /usr/sbin/mysqld
(root,0,0,00:00:12,16518) [kworker/u12:0]
(root,0,0,00:00:00,18262) [loop2]
(freerad,2516196,21644,02:56:08,20378) /usr/sbin/freeradius
(www-data,542924,39648,00:00:00,21363) /usr/sbin/apache2 -k start
(www-data,542564,39544,00:00:01,21364) /usr/sbin/apache2 -k start
(www-data,542944,40680,00:00:01,21366) /usr/sbin/apache2 -k start
(www-data,543108,40128,00:00:01,21367) /usr/sbin/apache2 -k start
(www-data,541032,29904,00:00:01,21408) /usr/sbin/apache2 -k start
(root,0,0,00:00:01,22204) [kworker/2:1]
(www-data,542948,40080,00:00:01,22762) /usr/sbin/apache2 -k start
(www-data,538120,27364,00:00:00,23608) /usr/sbin/apache2 -k start
(www-data,540472,29392,00:00:00,23609) /usr/sbin/apache2 -k start
(root,0,0,00:00:03,24509) [kworker/2:2]
(root,0,0,00:00:00,25079) [loop3]
(root,0,0,00:00:00,25227) [bioset]
(root,0,0,00:00:00,25229) [loop9]
(root,0,0,00:00:00,25240) [loop5]
(root,0,0,00:00:02,26121) [kworker/0:1]
(www-data,537396,14848,00:00:00,26606) /usr/sbin/apache2 -k start
(www-data,537388,14884,00:00:00,26607) /usr/sbin/apache2 -k start
(root,0,0,00:00:00,28172) [kworker/5:1]
(root,0,0,00:00:00,28505) [kworker/5:0]
(root,0,0,00:00:01,28918) [kworker/3:0]
(root,0,0,00:00:00,29135) [kworker/4:1]
(root,0,0,00:00:02,29365) [kworker/3:1]
(root,0,0,00:00:00,29579) [kworker/1:1]
(root,0,0,00:00:01,29670) [kworker/1:0]
(root,0,0,00:00:00,29875) [kworker/4:2]
(root,0,0,00:00:00,29922) [kworker/0:2]
(root,0,0,00:00:00,30091) [kworker/4:0]
(root,0,0,00:00:00,30117) [kworker/0:0]
(root,20900,3404,00:00:00,30157) /bin/bash /usr/bin/check_mk_agent
(root,20896,3384,00:00:00,30220) /bin/bash /usr/bin/check_mk_agent
(root,36628,2792,00:00:00,30229) ps ax -o user,vsz,rss,cputime,pid,command --columns 10000
(root,13204,956,00:00:00,30230) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4,\5) /
(root,99352,6776,00:00:19,30595) sshd: root@pts/2
(root,22720,5212,00:00:00,30601) -bash
(root,99352,6876,00:04:47,32228) sshd: root@pts/0
(root,56536,5544,00:00:00,32230) /lib/systemd/systemd --user
(root,232396,1696,00:00:00,32231) (sd-pam)
(root,22800,5500,00:00:00,32237) -bash

Found on 2024-12-09 23:44

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbdb152c97192c0d284810ab27e16e94ce11192526

Found public CheckMk agent:
Version: 1.2.6b5
AgentOS: linux
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local

Found process list through CheckMk:
(root,204812,6288,00:02:29,1) /sbin/init
(root,0,0,00:00:02,2) [kthreadd]
(root,0,0,00:00:00,4) [kworker/0:0H]
(root,0,0,00:03:16,6) [kworker/0:1H]
(root,0,0,00:00:02,7) [ksoftirqd/0]
(root,0,0,01:06:41,8) [rcu_sched]
(root,0,0,00:00:00,9) [rcu_bh]
(root,0,0,00:00:01,10) [migration/0]
(root,0,0,00:00:00,11) [lru-add-drain]
(root,0,0,00:00:15,12) [watchdog/0]
(root,0,0,00:00:00,13) [cpuhp/0]
(root,0,0,00:00:00,14) [cpuhp/1]
(root,0,0,00:00:14,15) [watchdog/1]
(root,0,0,00:00:02,16) [migration/1]
(root,0,0,00:00:13,17) [ksoftirqd/1]
(root,0,0,00:00:00,19) [kworker/1:0H]
(root,0,0,00:00:00,20) [cpuhp/2]
(root,0,0,00:00:14,21) [watchdog/2]
(root,0,0,00:00:01,22) [migration/2]
(root,0,0,00:00:02,23) [ksoftirqd/2]
(root,0,0,00:00:00,25) [kworker/2:0H]
(root,0,0,00:00:00,26) [cpuhp/3]
(root,0,0,00:00:14,27) [watchdog/3]
(root,0,0,00:00:01,28) [migration/3]
(root,0,0,00:02:06,29) [ksoftirqd/3]
(root,0,0,00:00:00,31) [kworker/3:0H]
(root,0,0,00:00:00,32) [cpuhp/4]
(root,0,0,00:00:16,33) [watchdog/4]
(root,0,0,00:00:01,34) [migration/4]
(root,0,0,00:00:02,35) [ksoftirqd/4]
(root,0,0,00:00:00,37) [kworker/4:0H]
(root,0,0,00:00:00,38) [cpuhp/5]
(root,0,0,00:00:15,39) [watchdog/5]
(root,0,0,00:00:01,40) [migration/5]
(root,0,0,00:00:03,41) [ksoftirqd/5]
(root,0,0,00:00:00,43) [kworker/5:0H]
(root,0,0,00:00:00,44) [kdevtmpfs]
(root,0,0,00:00:00,45) [netns]
(root,0,0,00:00:05,46) [khungtaskd]
(root,0,0,00:00:00,47) [oom_reaper]
(root,0,0,00:00:00,48) [writeback]
(root,0,0,00:00:00,49) [kcompactd0]
(root,0,0,00:00:00,51) [ksmd]
(root,0,0,00:00:00,52) [khugepaged]
(root,0,0,00:00:00,53) [crypto]
(root,0,0,00:00:00,54) [kintegrityd]
(root,0,0,00:00:00,55) [bioset]
(root,0,0,00:00:00,56) [kblockd]
(root,0,0,00:00:00,57) [devfreq_wq]
(root,0,0,00:00:00,58) [watchdogd]
(root,0,0,00:00:59,59) [kswapd0]
(root,0,0,00:00:00,60) [vmstat]
(root,0,0,00:00:00,72) [kthrotld]
(root,0,0,00:00:00,73) [ipv6_addrconf]
(root,0,0,00:00:00,109) [mpt_poll_0]
(root,0,0,00:00:00,110) [mpt/0]
(root,0,0,00:00:00,111) [ata_sff]
(root,0,0,00:00:00,147) [scsi_eh_0]
(root,0,0,00:00:00,148) [scsi_tmf_0]
(root,0,0,00:00:00,149) [bioset]
(root,0,0,00:00:00,150) [scsi_eh_1]
(root,0,0,00:00:00,152) [scsi_tmf_1]
(root,0,0,00:00:00,153) [scsi_eh_2]
(root,0,0,00:00:00,154) [scsi_tmf_2]
(root,0,0,00:00:00,171) [bioset]
(root,0,0,00:03:05,174) [kworker/5:1H]
(root,0,0,00:08:48,176) [kworker/1:1H]
(root,0,0,00:03:24,177) [kworker/4:1H]
(root,0,0,00:00:00,203) [kworker/u13:0]
(root,0,0,00:04:05,212) [kworker/2:1H]
(root,0,0,00:47:23,214) [jbd2/sda3-8]
(root,0,0,00:00:00,215) [ext4-rsv-conver]
(root,0,0,00:07:18,237) [kworker/3:1H]
(root,135004,7692,01:29:22,241) /usr/bin/vmtoolsd
(root,0,0,00:00:00,242) [kauditd]
(root,62580,5168,00:37:57,253) /lib/systemd/systemd-journald
(root,47384,2700,00:00:10,305) /lib/systemd/systemd-udevd
(root,0,0,00:00:00,308) [bioset]
(root,0,0,00:00:00,309) [bioset]
(root,0,0,00:00:00,310) [bioset]
(root,0,0,00:00:00,311) [bioset]
(root,0,0,00:00:00,312) [bioset]
(root,0,0,00:00:00,313) [bioset]
(root,0,0,00:00:00,314) [bioset]
(root,0,0,00:00:00,315) [bioset]
(root,0,0,00:00:00,324) [loop4]
(root,0,0,00:00:00,329) [loop7]
(root,0,0,00:00:00,362) [ttm_swap]
(root,0,0,00:00:00,604) [jbd2/sda1-8]
(root,0,0,00:00:00,605) [ext4-rsv-conver]
(systemd+,127284,3648,00:00:16,621) /lib/systemd/systemd-timesyncd
(root,30876,2640,00:00:17,643) /usr/sbin/cron -f
(root,35912,2968,00:04:45,644) /usr/sbin/irqbalance --foreground
(root,153692,12092,00:00:00,645) /usr/bin/VGAuthService
(root,46668,4540,00:00:20,646) /lib/systemd/systemd-logind
(message+,45124,3328,00:00:22,647) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation
(root,1300372,22700,00:07:21,656) /usr/lib/snapd/snapd
(root,58340,3308,00:00:05,863) lldpd: monitor.
(root,15740,1480,00:00:00,865) /sbin/agetty --noclear tty1 linux
(_lldpd,58340,2168,00:00:54,911) lldpd: connected to SW_CORE_01.
(root,69956,6232,00:00:23,941) /usr/sbin/sshd -D
(root,0,0,00:00:00,951) [bioset]
(root,536952,38828,00:04:54,1135) /usr/sbin/apache2 -k start
(root,82324,4608,00:04:02,1371) sendmail: MTA: accepting connections
(root,0,0,00:00:00,1594) [kworker/4:2]
(root,0,0,00:00:02,2048) [kworker/4:1]
(www-data,537308,14676,00:00:00,2318) /usr/sbin/apache2 -k start
(www-data,537308,14136,00:00:00,2320) /usr/sbin/apache2 -k start
(www-data,537308,14076,00:00:00,2321) /usr/sbin/apache2 -k start
(root,54176,8416,00:00:00,2737) mc
(root,21164,3888,00:00:00,2739) bash -rcfile .bashrc
(root,0,0,00:00:00,3218) [kworker/2:0]
(root,0,0,00:00:00,3685) [loop8]
(root,0,0,00:00:00,4042) [loop0]
(root,0,0,00:00:01,4356) [kworker/2:2]
(root,0,0,00:00:00,6139) [kworker/3:1]
(root,0,0,00:00:02,6355) [kworker/3:2]
(root,0,0,00:00:00,6587) [kworker/5:0]
(root,0,0,00:00:00,6802) [kworker/5:1]
(root,553884,5020,00:01:54,6847) /usr/sbin/rsyslogd -n
(root,318164,9052,00:00:38,7053) /usr/lib/packagekit/packagekitd
(root,0,0,00:00:00,7056) [kworker/0:1]
(root,286116,4928,00:00:22,7057) /usr/lib/policykit-1/polkitd --no-debug
(root,0,0,00:00:00,7086) [kworker/0:2]
(root,0,0,00:00:00,7208) [kworker/5:2]
(root,20896,3232,00:00:00,7209) /bin/bash /usr/bin/check_mk_agent
(root,36628,2824,00:00:00,7215) ps ax -o user,vsz,rss,cputime,pid,command --columns 10000
(root,13204,960,00:00:00,7216) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4,\5) /
(root,0,0,00:00:14,10052) [kworker/u12:2]
(root,54128,8220,00:00:00,10334) mc
(root,21164,3956,00:00:00,10336) bash -rcfile .bashrc
(root,337112,73644,00:02:26,10429) /usr/bin/python3 /usr/bin/fail2ban-server -s /var/run/fail2ban/fail2ban.sock -p /var/run/fail2ban/fail2ban.pid -x -b
(root,0,0,00:00:00,12334) [loop1]
(root,99352,6840,00:00:09,12655) sshd: root@pts/1
(root,22728,5408,00:00:00,12672) -bash
(mysql,1618700,696336,08:48:35,14258) /usr/sbin/mysqld
(root,0,0,00:00:06,16518) [kworker/u12:0]
(root,0,0,00:00:00,18262) [loop2]
(freerad,2516196,22236,02:27:08,20378) /usr/sbin/freeradius
(root,0,0,00:00:00,25079) [loop3]
(root,0,0,00:00:00,25227) [bioset]
(root,0,0,00:00:00,25229) [loop9]
(root,0,0,00:00:00,25240) [loop5]
(root,0,0,00:00:00,27564) [kworker/1:2]
(root,0,0,00:00:29,27667) [kworker/1:0]
(root,99352,6776,00:00:18,30595) sshd: root@pts/2
(root,22720,5212,00:00:00,30601) -bash
(www-data,537404,20992,00:00:00,31356) /usr/sbin/apache2 -k start
(www-data,537664,23880,00:00:00,31357) /usr/sbin/apache2 -k start
(www-data,537700,23712,00:00:00,31358) /usr/sbin/apache2 -k start
(www-data,537580,22900,00:00:00,31359) /usr/sbin/apache2 -k start
(www-data,537568,23148,00:00:00,31360) /usr/sbin/apache2 -k start
(www-data,537444,23036,00:00:00,31411) /usr/sbin/apache2 -k start
(root,99352,6876,00:04:46,32228) sshd: root@pts/0
(root,56536,5544,00:00:00,32230) /lib/systemd/systemd --user
(root,232396,1696,00:00:00,32231) (sd-pam)
(root,22800,5500,00:00:00,32237) -bash
(www-data,537660,23788,00:00:00,32297) /usr/sbin/apache2 -k start
(root,0,0,00:00:04,32724) [kworker/0:0]

Found on 2024-12-07 23:25

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbdb152c97192c0d284810ab27e16e94cefe1551a2

Found public CheckMk agent:
Version: 1.2.6b5
AgentOS: linux
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local

Found process list through CheckMk:
(root,204812,6244,00:02:26,1) /sbin/init
(root,0,0,00:00:02,2) [kthreadd]
(root,0,0,00:00:00,4) [kworker/0:0H]
(root,0,0,00:03:10,6) [kworker/0:1H]
(root,0,0,00:00:02,7) [ksoftirqd/0]
(root,0,0,01:05:21,8) [rcu_sched]
(root,0,0,00:00:00,9) [rcu_bh]
(root,0,0,00:00:01,10) [migration/0]
(root,0,0,00:00:00,11) [lru-add-drain]
(root,0,0,00:00:15,12) [watchdog/0]
(root,0,0,00:00:00,13) [cpuhp/0]
(root,0,0,00:00:00,14) [cpuhp/1]
(root,0,0,00:00:14,15) [watchdog/1]
(root,0,0,00:00:01,16) [migration/1]
(root,0,0,00:00:13,17) [ksoftirqd/1]
(root,0,0,00:00:00,19) [kworker/1:0H]
(root,0,0,00:00:00,20) [cpuhp/2]
(root,0,0,00:00:14,21) [watchdog/2]
(root,0,0,00:00:01,22) [migration/2]
(root,0,0,00:00:02,23) [ksoftirqd/2]
(root,0,0,00:00:00,25) [kworker/2:0H]
(root,0,0,00:00:00,26) [cpuhp/3]
(root,0,0,00:00:14,27) [watchdog/3]
(root,0,0,00:00:01,28) [migration/3]
(root,0,0,00:02:02,29) [ksoftirqd/3]
(root,0,0,00:00:00,31) [kworker/3:0H]
(root,0,0,00:00:00,32) [cpuhp/4]
(root,0,0,00:00:15,33) [watchdog/4]
(root,0,0,00:00:01,34) [migration/4]
(root,0,0,00:00:02,35) [ksoftirqd/4]
(root,0,0,00:00:00,37) [kworker/4:0H]
(root,0,0,00:00:00,38) [cpuhp/5]
(root,0,0,00:00:15,39) [watchdog/5]
(root,0,0,00:00:01,40) [migration/5]
(root,0,0,00:00:03,41) [ksoftirqd/5]
(root,0,0,00:00:00,43) [kworker/5:0H]
(root,0,0,00:00:00,44) [kdevtmpfs]
(root,0,0,00:00:00,45) [netns]
(root,0,0,00:00:05,46) [khungtaskd]
(root,0,0,00:00:00,47) [oom_reaper]
(root,0,0,00:00:00,48) [writeback]
(root,0,0,00:00:00,49) [kcompactd0]
(root,0,0,00:00:00,51) [ksmd]
(root,0,0,00:00:00,52) [khugepaged]
(root,0,0,00:00:00,53) [crypto]
(root,0,0,00:00:00,54) [kintegrityd]
(root,0,0,00:00:00,55) [bioset]
(root,0,0,00:00:00,56) [kblockd]
(root,0,0,00:00:00,57) [devfreq_wq]
(root,0,0,00:00:00,58) [watchdogd]
(root,0,0,00:00:56,59) [kswapd0]
(root,0,0,00:00:00,60) [vmstat]
(root,0,0,00:00:00,72) [kthrotld]
(root,0,0,00:00:00,73) [ipv6_addrconf]
(root,0,0,00:00:00,109) [mpt_poll_0]
(root,0,0,00:00:00,110) [mpt/0]
(root,0,0,00:00:00,111) [ata_sff]
(root,0,0,00:00:00,147) [scsi_eh_0]
(root,0,0,00:00:00,148) [scsi_tmf_0]
(root,0,0,00:00:00,149) [bioset]
(root,0,0,00:00:00,150) [scsi_eh_1]
(root,0,0,00:00:00,152) [scsi_tmf_1]
(root,0,0,00:00:00,153) [scsi_eh_2]
(root,0,0,00:00:00,154) [scsi_tmf_2]
(root,0,0,00:00:00,171) [bioset]
(root,0,0,00:02:59,174) [kworker/5:1H]
(root,0,0,00:08:36,176) [kworker/1:1H]
(root,0,0,00:03:18,177) [kworker/4:1H]
(root,0,0,00:00:00,203) [kworker/u13:0]
(root,0,0,00:03:58,212) [kworker/2:1H]
(root,0,0,00:46:08,214) [jbd2/sda3-8]
(root,0,0,00:00:00,215) [ext4-rsv-conver]
(root,0,0,00:07:06,237) [kworker/3:1H]
(root,135004,7692,01:27:25,241) /usr/bin/vmtoolsd
(root,0,0,00:00:00,242) [kauditd]
(root,70776,15256,00:37:55,253) /lib/systemd/systemd-journald
(root,47384,2700,00:00:10,305) /lib/systemd/systemd-udevd
(root,0,0,00:00:00,308) [bioset]
(root,0,0,00:00:00,309) [bioset]
(root,0,0,00:00:00,310) [bioset]
(root,0,0,00:00:00,311) [bioset]
(root,0,0,00:00:00,312) [bioset]
(root,0,0,00:00:00,313) [bioset]
(root,0,0,00:00:00,314) [bioset]
(root,0,0,00:00:00,315) [bioset]
(root,0,0,00:00:00,324) [loop4]
(root,0,0,00:00:00,329) [loop7]
(root,0,0,00:00:00,362) [ttm_swap]
(root,0,0,00:00:00,604) [jbd2/sda1-8]
(root,0,0,00:00:00,605) [ext4-rsv-conver]
(systemd+,127284,3648,00:00:15,621) /lib/systemd/systemd-timesyncd
(root,30876,2640,00:00:17,643) /usr/sbin/cron -f
(root,35912,2968,00:04:38,644) /usr/sbin/irqbalance --foreground
(root,153692,12180,00:00:00,645) /usr/bin/VGAuthService
(root,46668,4540,00:00:20,646) /lib/systemd/systemd-logind
(message+,45124,3328,00:00:22,647) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation
(root,1300372,22792,00:07:12,656) /usr/lib/snapd/snapd
(root,58340,3316,00:00:05,863) lldpd: monitor.
(root,15740,1480,00:00:00,865) /sbin/agetty --noclear tty1 linux
(_lldpd,58340,2176,00:00:53,911) lldpd: connected to SW_CORE_01.
(root,69956,6236,00:00:23,941) /usr/sbin/sshd -D
(root,0,0,00:00:00,951) [bioset]
(root,536952,38828,00:04:48,1135) /usr/sbin/apache2 -k start
(root,82324,4608,00:03:57,1371) sendmail: MTA: accepting connections
(root,54176,8416,00:00:00,2737) mc
(root,21164,3888,00:00:00,2739) bash -rcfile .bashrc
(root,4276,704,00:00:00,2967) sh /root/.vscode-server/cli/servers/Stable-38c31bc77e0dd6ae88a4e9cc93428cc27a56ba40/server/bin/code-server --connection-token=remotessh --accept-server-license-terms --start-server --enable-remote-auto-shutdown --socket-path=/tmp/code-b6c7d68f-d2c3-4d30-9008-336489f8543c
(root,1366428,118680,00:09:33,2971) /root/.vscode-server/cli/servers/Stable-38c31bc77e0dd6ae88a4e9cc93428cc27a56ba40/server/node /root/.vscode-server/cli/servers/Stable-38c31bc77e0dd6ae88a4e9cc93428cc27a56ba40/server/out/server-main.js --connection-token=remotessh --accept-server-license-terms --start-server --enable-remote-auto-shutdown --socket-path=/tmp/code-b6c7d68f-d2c3-4d30-9008-336489f8543c
(root,1156552,50252,00:08:58,3005) /root/.vscode-server/cli/servers/Stable-38c31bc77e0dd6ae88a4e9cc93428cc27a56ba40/server/node /root/.vscode-server/cli/servers/Stable-38c31bc77e0dd6ae88a4e9cc93428cc27a56ba40/server/out/bootstrap-fork --type=ptyHost --logsPath /root/.vscode-server/data/logs/20241129T140237
(root,99844,7292,00:01:18,3070) sshd: root@notty
(root,4276,1544,00:00:00,3076) sh
(root,40716,8436,00:07:19,3096) /root/.vscode-server/code-38c31bc77e0dd6ae88a4e9cc93428cc27a56ba40 command-shell --cli-data-dir /root/.vscode-server/cli --parent-process-id 3076 --on-host=127.0.0.1 --on-port
(root,11985740,275640,00:20:51,3123) /root/.vscode-server/cli/servers/Stable-38c31bc77e0dd6ae88a4e9cc93428cc27a56ba40/server/node --dns-result-order=ipv4first /root/.vscode-server/cli/servers/Stable-38c31bc77e0dd6ae88a4e9cc93428cc27a56ba40/server/out/bootstrap-fork --type=extensionHost --transformURIs --useHostProxy=false
(root,1449040,55264,00:00:52,3134) /root/.vscode-server/cli/servers/Stable-38c31bc77e0dd6ae88a4e9cc93428cc27a56ba40/server/node /root/.vscode-server/cli/servers/Stable-38c31bc77e0dd6ae88a4e9cc93428cc27a56ba40/server/out/bootstrap-fork --type=fileWatcher
(root,4456,2100,00:00:00,3176) /root/.vscode-server/extensions/ms-python.python-2024.14.1-linux-x64/python-env-tools/bin/pet server
(root,21280,3900,00:00:00,3253) /bin/bash --init-file /root/.vscode-server/cli/servers/Stable-38c31bc77e0dd6ae88a4e9cc93428cc27a56ba40/server/out/vs/workbench/contrib/terminal/browser/media/shellIntegration-bash.sh
(root,0,0,00:00:00,3685) [loop8]
(root,0,0,00:00:00,4042) [loop0]
(root,553884,5020,00:01:48,6847) /usr/sbin/rsyslogd -n
(root,318164,9052,00:00:37,7053) /usr/lib/packagekit/packagekitd
(root,286116,4932,00:00:21,7057) /usr/lib/policykit-1/polkitd --no-debug
(www-data,537928,27092,00:00:00,7290) /usr/sbin/apache2 -k start
(www-data,537916,26572,00:00:00,8478) /usr/sbin/apache2 -k start
(www-data,537972,27552,00:00:00,8482) /usr/sbin/apache2 -k start
(www-data,538544,26736,00:00:00,8483) /usr/sbin/apache2 -k start
(www-data,537776,26540,00:00:00,8484) /usr/sbin/apache2 -k start
(www-data,537916,26564,00:00:00,8486) /usr/sbin/apache2 -k start
(www-data,538084,26816,00:00:00,8487) /usr/sbin/apache2 -k start
(www-data,538480,27244,00:00:00,8515) /usr/sbin/apache2 -k start
(www-data,538140,28056,00:00:00,8699) /usr/sbin/apache2 -k start
(www-data,538096,27276,00:00:00,8706) /usr/sbin/apache2 -k start
(root,0,0,00:00:14,10052) [kworker/u12:2]
(root,0,0,00:00:07,10256) [kworker/1:2]
(root,54128,8220,00:00:00,10334) mc
(root,21164,3956,00:00:00,10336) bash -rcfile .bashrc
(root,337112,73644,00:01:59,10429) /usr/bin/python3 /usr/bin/fail2ban-server -s /var/run/fail2ban/fail2ban.sock -p /var/run/fail2ban/fail2ban.pid -x -b
(root,0,0,00:00:01,10437) [kworker/2:0]
(root,0,0,00:00:09,10988) [kworker/u12:1]
(root,0,0,00:00:01,11176) [kworker/4:0]
(root,0,0,00:00:00,12334) [loop1]
(root,99352,6840,00:00:08,12655) sshd: root@pts/1
(root,22728,5408,00:00:00,12672) -bash
(root,0,0,00:00:02,12817) [kworker/2:2]
(root,0,0,00:00:07,13285) [kworker/1:0]
(mysql,1594124,696840,07:42:37,14258) /usr/sbin/mysqld
(root,0,0,00:00:02,15028) [kworker/3:2]
(root,0,0,00:00:00,15283) [kworker/0:1]
(root,0,0,00:00:00,15492) [kworker/4:1]
(root,0,0,00:00:00,15546) [kworker/5:2]
(root,0,0,00:00:01,15729) [kworker/3:1]
(root,0,0,00:00:00,15863) [kworker/5:1]
(root,0,0,00:00:00,16143) [kworker/0:2]
(root,0,0,00:00:00,16314) [kworker/4:2]
(root,0,0,00:00:00,16318) [kworker/0:0]
(root,7044,656,00:00:00,16342) sleep 180
(root,20896,3324,00:00:00,16343) /bin/bash /usr/bin/check_mk_agent
(root,20896,3400,00:00:00,16352) /bin/bash /usr/bin/check_mk_agent
(root,20896,3380,00:00:00,16373) /bin/bash /usr/bin/check_mk_agent
(root,36628,2848,00:00:00,16388) ps ax -o user,vsz,rss,cputime,pid,command --columns 10000
(root,13204,900,00:00:00,16389) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4,\5) /
(root,0,0,00:00:00,18262) [loop2]
(freerad,2516196,22576,01:58:33,20378) /usr/sbin/freeradius
(root,0,0,00:00:00,25079) [loop3]
(root,0,0,00:00:00,25227) [bioset]
(root,0,0,00:00:00,25229) [loop9]
(root,0,0,00:00:00,25240) [loop5]
(root,1000556,46896,00:00:05,29503) /root/.vscode-server/cli/servers/Stable-38c31bc77e0dd6ae88a4e9cc93428cc27a56ba40/server/node /root/.vscode-server/extensions/espressif.esp-idf-extension-1.8.1/dist/kconfigServer.js --node-ipc --clientProcessId=3123
(root,99352,6776,00:00:17,30595) sshd: root@pts/2
(root,22720,5212,00:00:00,30601) -bash
(root,4276,748,00:00:00,31155) /bin/sh
(root,12357648,288172,00:00:17,31171) /root/.vscode-server/cli/servers/Stable-38c31bc77e0dd6ae88a4e9cc93428cc27a56ba40/server/node /root/.vscode-server/extensions/ms-python.vscode-pylance-2024.11.3/dist/server.bundle.js --cancellationReceive=file:d7931321beb9cb00af5f5e21cbc4cb776490b065ae --node-ipc --clientProcessId=3123
(root,99352,6876,00:04:45,32228) sshd: root@pts/0
(root,56536,5544,00:00:00,32230) /lib/systemd/systemd --user
(root,232396,1696,00:00:00,32231) (sd-pam)
(root,22800,5500,00:00:00,32237) -bash

Found on 2024-12-05 23:43

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbdb152c97192c0d284810ab27e16e94ce93594f24

Found public CheckMk agent:
Version: 1.2.6b5
AgentOS: linux
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local

Found process list through CheckMk:
(root,204812,6372,00:02:24,1) /sbin/init
(root,0,0,00:00:02,2) [kthreadd]
(root,0,0,00:00:00,4) [kworker/0:0H]
(root,0,0,00:03:04,6) [kworker/0:1H]
(root,0,0,00:00:02,7) [ksoftirqd/0]
(root,0,0,01:03:39,8) [rcu_sched]
(root,0,0,00:00:00,9) [rcu_bh]
(root,0,0,00:00:01,10) [migration/0]
(root,0,0,00:00:00,11) [lru-add-drain]
(root,0,0,00:00:14,12) [watchdog/0]
(root,0,0,00:00:00,13) [cpuhp/0]
(root,0,0,00:00:00,14) [cpuhp/1]
(root,0,0,00:00:14,15) [watchdog/1]
(root,0,0,00:00:01,16) [migration/1]
(root,0,0,00:00:12,17) [ksoftirqd/1]
(root,0,0,00:00:00,19) [kworker/1:0H]
(root,0,0,00:00:00,20) [cpuhp/2]
(root,0,0,00:00:14,21) [watchdog/2]
(root,0,0,00:00:01,22) [migration/2]
(root,0,0,00:00:02,23) [ksoftirqd/2]
(root,0,0,00:00:00,25) [kworker/2:0H]
(root,0,0,00:00:00,26) [cpuhp/3]
(root,0,0,00:00:14,27) [watchdog/3]
(root,0,0,00:00:01,28) [migration/3]
(root,0,0,00:01:58,29) [ksoftirqd/3]
(root,0,0,00:00:00,31) [kworker/3:0H]
(root,0,0,00:00:00,32) [cpuhp/4]
(root,0,0,00:00:15,33) [watchdog/4]
(root,0,0,00:00:01,34) [migration/4]
(root,0,0,00:00:02,35) [ksoftirqd/4]
(root,0,0,00:00:00,37) [kworker/4:0H]
(root,0,0,00:00:00,38) [cpuhp/5]
(root,0,0,00:00:14,39) [watchdog/5]
(root,0,0,00:00:01,40) [migration/5]
(root,0,0,00:00:03,41) [ksoftirqd/5]
(root,0,0,00:00:00,43) [kworker/5:0H]
(root,0,0,00:00:00,44) [kdevtmpfs]
(root,0,0,00:00:00,45) [netns]
(root,0,0,00:00:05,46) [khungtaskd]
(root,0,0,00:00:00,47) [oom_reaper]
(root,0,0,00:00:00,48) [writeback]
(root,0,0,00:00:00,49) [kcompactd0]
(root,0,0,00:00:00,51) [ksmd]
(root,0,0,00:00:00,52) [khugepaged]
(root,0,0,00:00:00,53) [crypto]
(root,0,0,00:00:00,54) [kintegrityd]
(root,0,0,00:00:00,55) [bioset]
(root,0,0,00:00:00,56) [kblockd]
(root,0,0,00:00:00,57) [devfreq_wq]
(root,0,0,00:00:00,58) [watchdogd]
(root,0,0,00:00:52,59) [kswapd0]
(root,0,0,00:00:00,60) [vmstat]
(root,0,0,00:00:00,72) [kthrotld]
(root,0,0,00:00:00,73) [ipv6_addrconf]
(root,0,0,00:00:00,109) [mpt_poll_0]
(root,0,0,00:00:00,110) [mpt/0]
(root,0,0,00:00:00,111) [ata_sff]
(root,0,0,00:00:00,147) [scsi_eh_0]
(root,0,0,00:00:00,148) [scsi_tmf_0]
(root,0,0,00:00:00,149) [bioset]
(root,0,0,00:00:00,150) [scsi_eh_1]
(root,0,0,00:00:00,152) [scsi_tmf_1]
(root,0,0,00:00:00,153) [scsi_eh_2]
(root,0,0,00:00:00,154) [scsi_tmf_2]
(root,0,0,00:00:00,171) [bioset]
(root,0,0,00:02:52,174) [kworker/5:1H]
(root,0,0,00:08:23,176) [kworker/1:1H]
(root,0,0,00:03:11,177) [kworker/4:1H]
(root,0,0,00:00:00,203) [kworker/u13:0]
(root,0,0,00:03:50,212) [kworker/2:1H]
(root,0,0,00:44:56,214) [jbd2/sda3-8]
(root,0,0,00:00:00,215) [ext4-rsv-conver]
(root,0,0,00:06:55,237) [kworker/3:1H]
(root,135004,7748,01:25:30,241) /usr/bin/vmtoolsd
(root,0,0,00:00:00,242) [kauditd]
(root,70776,13604,00:37:52,253) /lib/systemd/systemd-journald
(root,47384,2700,00:00:10,305) /lib/systemd/systemd-udevd
(root,0,0,00:00:00,308) [bioset]
(root,0,0,00:00:00,309) [bioset]
(root,0,0,00:00:00,310) [bioset]
(root,0,0,00:00:00,311) [bioset]
(root,0,0,00:00:00,312) [bioset]
(root,0,0,00:00:00,313) [bioset]
(root,0,0,00:00:00,314) [bioset]
(root,0,0,00:00:00,315) [bioset]
(root,0,0,00:00:00,324) [loop4]
(root,0,0,00:00:00,329) [loop7]
(root,0,0,00:00:00,362) [ttm_swap]
(root,0,0,00:00:00,604) [jbd2/sda1-8]
(root,0,0,00:00:00,605) [ext4-rsv-conver]
(systemd+,127284,3668,00:00:15,621) /lib/systemd/systemd-timesyncd
(root,30876,2648,00:00:16,643) /usr/sbin/cron -f
(root,35912,2968,00:04:32,644) /usr/sbin/irqbalance --foreground
(root,153692,12588,00:00:00,645) /usr/bin/VGAuthService
(root,46668,4608,00:00:19,646) /lib/systemd/systemd-logind
(message+,45124,3540,00:00:21,647) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation
(root,1300372,22676,00:07:02,656) /usr/lib/snapd/snapd
(root,58340,3328,00:00:05,863) lldpd: monitor.
(root,15740,1480,00:00:00,865) /sbin/agetty --noclear tty1 linux
(_lldpd,58340,2188,00:00:52,911) lldpd: connected to SW_CORE_01.
(root,69956,6284,00:00:23,941) /usr/sbin/sshd -D
(root,0,0,00:00:00,951) [bioset]
(root,536952,38828,00:04:42,1135) /usr/sbin/apache2 -k start
(root,82324,4608,00:03:52,1371) sendmail: MTA: accepting connections
(root,54104,8416,00:00:00,2737) mc
(root,21164,3888,00:00:00,2739) bash -rcfile .bashrc
(root,4276,704,00:00:00,2967) sh /root/.vscode-server/cli/servers/Stable-38c31bc77e0dd6ae88a4e9cc93428cc27a56ba40/server/bin/code-server --connection-token=remotessh --accept-server-license-terms --start-server --enable-remote-auto-shutdown --socket-path=/tmp/code-b6c7d68f-d2c3-4d30-9008-336489f8543c
(root,1377164,130988,00:08:00,2971) /root/.vscode-server/cli/servers/Stable-38c31bc77e0dd6ae88a4e9cc93428cc27a56ba40/server/node /root/.vscode-server/cli/servers/Stable-38c31bc77e0dd6ae88a4e9cc93428cc27a56ba40/server/out/server-main.js --connection-token=remotessh --accept-server-license-terms --start-server --enable-remote-auto-shutdown --socket-path=/tmp/code-b6c7d68f-d2c3-4d30-9008-336489f8543c
(root,1155760,51336,00:06:12,3005) /root/.vscode-server/cli/servers/Stable-38c31bc77e0dd6ae88a4e9cc93428cc27a56ba40/server/node /root/.vscode-server/cli/servers/Stable-38c31bc77e0dd6ae88a4e9cc93428cc27a56ba40/server/out/bootstrap-fork --type=ptyHost --logsPath /root/.vscode-server/data/logs/20241129T140237
(root,99844,7388,00:01:06,3070) sshd: root@notty
(root,4276,1544,00:00:00,3076) sh
(root,40672,15892,00:06:13,3096) /root/.vscode-server/code-38c31bc77e0dd6ae88a4e9cc93428cc27a56ba40 command-shell --cli-data-dir /root/.vscode-server/cli --parent-process-id 3076 --on-host=127.0.0.1 --on-port
(root,12002484,303364,00:14:53,3123) /root/.vscode-server/cli/servers/Stable-38c31bc77e0dd6ae88a4e9cc93428cc27a56ba40/server/node --dns-result-order=ipv4first /root/.vscode-server/cli/servers/Stable-38c31bc77e0dd6ae88a4e9cc93428cc27a56ba40/server/out/bootstrap-fork --type=extensionHost --transformURIs --useHostProxy=false
(root,1449040,60500,00:00:34,3134) /root/.vscode-server/cli/servers/Stable-38c31bc77e0dd6ae88a4e9cc93428cc27a56ba40/server/node /root/.vscode-server/cli/servers/Stable-38c31bc77e0dd6ae88a4e9cc93428cc27a56ba40/server/out/bootstrap-fork --type=fileWatcher
(root,4456,3248,00:00:00,3176) /root/.vscode-server/extensions/ms-python.python-2024.14.1-linux-x64/python-env-tools/bin/pet server
(root,21280,3900,00:00:00,3253) /bin/bash --init-file /root/.vscode-server/cli/servers/Stable-38c31bc77e0dd6ae88a4e9cc93428cc27a56ba40/server/out/vs/workbench/contrib/terminal/browser/media/shellIntegration-bash.sh
(root,12383248,324828,00:00:42,3269) /root/.vscode-server/cli/servers/Stable-38c31bc77e0dd6ae88a4e9cc93428cc27a56ba40/server/node /root/.vscode-server/extensions/ms-python.vscode-pylance-2024.11.3/dist/server.bundle.js --cancellationReceive=file:740ba27cb3e92cd2797fbadbba03a7a783ef66db08 --node-ipc --clientProcessId=3123
(root,0,0,00:00:00,3685) [loop8]
(root,0,0,00:00:00,4042) [loop0]
(root,553760,4792,00:01:41,6847) /usr/sbin/rsyslogd -n
(root,318164,9224,00:00:36,7053) /usr/lib/packagekit/packagekitd
(root,286116,4956,00:00:21,7057) /usr/lib/policykit-1/polkitd --no-debug
(root,0,0,00:00:12,10052) [kworker/u12:2]
(root,54128,8328,00:00:00,10334) mc
(root,21164,3956,00:00:00,10336) bash -rcfile .bashrc
(root,337112,73844,00:01:32,10429) /usr/bin/python3 /usr/bin/fail2ban-server -s /var/run/fail2ban/fail2ban.sock -p /var/run/fail2ban/fail2ban.pid -x -b
(root,0,0,00:00:05,10988) [kworker/u12:1]
(root,0,0,00:00:00,12334) [loop1]
(root,99352,6920,00:00:08,12655) sshd: root@pts/1
(root,22728,5408,00:00:00,12672) -bash
(mysql,1593724,701440,06:37:11,14258) /usr/sbin/mysqld
(www-data,543164,40980,00:00:01,15466) /usr/sbin/apache2 -k start
(www-data,543132,41312,00:00:01,15467) /usr/sbin/apache2 -k start
(www-data,542916,40588,00:00:01,15468) /usr/sbin/apache2 -k start
(www-data,543076,40656,00:00:01,15469) /usr/sbin/apache2 -k start
(www-data,540952,29472,00:00:01,15470) /usr/sbin/apache2 -k start
(www-data,543484,41424,00:00:01,15755) /usr/sbin/apache2 -k start
(www-data,542916,40452,00:00:01,17143) /usr/sbin/apache2 -k start
(root,0,0,00:00:00,18262) [loop2]
(www-data,543076,40356,00:00:01,18745) /usr/sbin/apache2 -k start
(www-data,542892,40212,00:00:00,19492) /usr/sbin/apache2 -k start
(root,0,0,00:00:00,19704) [kworker/2:1]
(www-data,537904,26812,00:00:00,20001) /usr/sbin/apache2 -k start
(freerad,2516196,22000,01:29:54,20378) /usr/sbin/freeradius
(root,0,0,00:00:02,20471) [kworker/2:0]
(root,0,0,00:00:00,21718) [kworker/4:2]
(root,0,0,00:00:01,21889) [kworker/5:1]
(root,0,0,00:00:01,22406) [kworker/0:1]
(root,0,0,00:00:01,23331) [kworker/1:0]
(root,0,0,00:00:00,23556) [kworker/4:1]
(root,0,0,00:00:01,24033) [kworker/1:2]
(root,0,0,00:00:00,24279) [kworker/3:1]
(root,0,0,00:00:00,24389) [kworker/5:0]
(root,0,0,00:00:00,24392) [kworker/3:0]
(root,0,0,00:00:00,24608) [kworker/0:0]
(root,0,0,00:00:00,24616) [kworker/0:2]
(root,7044,708,00:00:00,24617) sleep 180
(root,0,0,00:00:00,24731) [kworker/5:2]
(root,20896,3292,00:00:00,24734) /bin/bash /usr/bin/check_mk_agent
(root,36628,2788,00:00:00,24740) ps ax -o user,vsz,rss,cputime,pid,command --columns 10000
(root,13204,920,00:00:00,24741) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4,\5) /
(root,0,0,00:00:00,25079) [loop3]
(root,0,0,00:00:00,25227) [bioset]
(root,0,0,00:00:00,25229) [loop9]
(root,0,0,00:00:00,25240) [loop5]
(root,99352,6872,00:00:17,30595) sshd: root@pts/2
(root,22720,5212,00:00:00,30601) -bash
(root,99352,6972,00:04:44,32228) sshd: root@pts/0
(root,56536,5668,00:00:00,32230) /lib/systemd/systemd --user
(root,232396,1696,00:00:00,32231) (sd-pam)
(root,22800,5500,00:00:00,32237) -bash

Found on 2024-12-03 23:53

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbdb152c97192c0d284810ab27e16e94ceaeef29c8

Found public CheckMk agent:
Version: 1.2.6b5
AgentOS: linux
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local

Found process list through CheckMk:
(root,204812,6792,00:02:21,1) /sbin/init
(root,0,0,00:00:02,2) [kthreadd]
(root,0,0,00:00:00,4) [kworker/0:0H]
(root,0,0,00:02:58,6) [kworker/0:1H]
(root,0,0,00:00:02,7) [ksoftirqd/0]
(root,0,0,01:01:45,8) [rcu_sched]
(root,0,0,00:00:00,9) [rcu_bh]
(root,0,0,00:00:01,10) [migration/0]
(root,0,0,00:00:00,11) [lru-add-drain]
(root,0,0,00:00:14,12) [watchdog/0]
(root,0,0,00:00:00,13) [cpuhp/0]
(root,0,0,00:00:00,14) [cpuhp/1]
(root,0,0,00:00:13,15) [watchdog/1]
(root,0,0,00:00:01,16) [migration/1]
(root,0,0,00:00:12,17) [ksoftirqd/1]
(root,0,0,00:00:00,19) [kworker/1:0H]
(root,0,0,00:00:00,20) [cpuhp/2]
(root,0,0,00:00:13,21) [watchdog/2]
(root,0,0,00:00:01,22) [migration/2]
(root,0,0,00:00:02,23) [ksoftirqd/2]
(root,0,0,00:00:00,25) [kworker/2:0H]
(root,0,0,00:00:00,26) [cpuhp/3]
(root,0,0,00:00:13,27) [watchdog/3]
(root,0,0,00:00:01,28) [migration/3]
(root,0,0,00:01:54,29) [ksoftirqd/3]
(root,0,0,00:00:00,31) [kworker/3:0H]
(root,0,0,00:00:00,32) [cpuhp/4]
(root,0,0,00:00:15,33) [watchdog/4]
(root,0,0,00:00:01,34) [migration/4]
(root,0,0,00:00:02,35) [ksoftirqd/4]
(root,0,0,00:00:00,37) [kworker/4:0H]
(root,0,0,00:00:00,38) [cpuhp/5]
(root,0,0,00:00:14,39) [watchdog/5]
(root,0,0,00:00:01,40) [migration/5]
(root,0,0,00:00:02,41) [ksoftirqd/5]
(root,0,0,00:00:00,43) [kworker/5:0H]
(root,0,0,00:00:00,44) [kdevtmpfs]
(root,0,0,00:00:00,45) [netns]
(root,0,0,00:00:05,46) [khungtaskd]
(root,0,0,00:00:00,47) [oom_reaper]
(root,0,0,00:00:00,48) [writeback]
(root,0,0,00:00:00,49) [kcompactd0]
(root,0,0,00:00:00,51) [ksmd]
(root,0,0,00:00:00,52) [khugepaged]
(root,0,0,00:00:00,53) [crypto]
(root,0,0,00:00:00,54) [kintegrityd]
(root,0,0,00:00:00,55) [bioset]
(root,0,0,00:00:00,56) [kblockd]
(root,0,0,00:00:00,57) [devfreq_wq]
(root,0,0,00:00:00,58) [watchdogd]
(root,0,0,00:00:49,59) [kswapd0]
(root,0,0,00:00:00,60) [vmstat]
(root,0,0,00:00:00,72) [kthrotld]
(root,0,0,00:00:00,73) [ipv6_addrconf]
(root,0,0,00:00:00,109) [mpt_poll_0]
(root,0,0,00:00:00,110) [mpt/0]
(root,0,0,00:00:00,111) [ata_sff]
(root,0,0,00:00:00,147) [scsi_eh_0]
(root,0,0,00:00:00,148) [scsi_tmf_0]
(root,0,0,00:00:00,149) [bioset]
(root,0,0,00:00:00,150) [scsi_eh_1]
(root,0,0,00:00:00,152) [scsi_tmf_1]
(root,0,0,00:00:00,153) [scsi_eh_2]
(root,0,0,00:00:00,154) [scsi_tmf_2]
(root,0,0,00:00:00,171) [bioset]
(root,0,0,00:02:47,174) [kworker/5:1H]
(root,0,0,00:08:11,176) [kworker/1:1H]
(root,0,0,00:03:04,177) [kworker/4:1H]
(root,0,0,00:00:00,203) [kworker/u13:0]
(root,0,0,00:03:43,212) [kworker/2:1H]
(root,0,0,00:43:41,214) [jbd2/sda3-8]
(root,0,0,00:00:00,215) [ext4-rsv-conver]
(root,0,0,00:06:43,237) [kworker/3:1H]
(root,135004,7748,01:23:33,241) /usr/bin/vmtoolsd
(root,0,0,00:00:00,242) [kauditd]
(root,70776,11992,00:37:50,253) /lib/systemd/systemd-journald
(root,47384,2924,00:00:09,305) /lib/systemd/systemd-udevd
(root,0,0,00:00:00,308) [bioset]
(root,0,0,00:00:00,309) [bioset]
(root,0,0,00:00:00,310) [bioset]
(root,0,0,00:00:00,311) [bioset]
(root,0,0,00:00:00,312) [bioset]
(root,0,0,00:00:00,313) [bioset]
(root,0,0,00:00:00,314) [bioset]
(root,0,0,00:00:00,315) [bioset]
(root,0,0,00:00:00,324) [loop4]
(root,0,0,00:00:00,329) [loop7]
(root,0,0,00:00:00,362) [ttm_swap]
(root,0,0,00:00:00,604) [jbd2/sda1-8]
(root,0,0,00:00:00,605) [ext4-rsv-conver]
(systemd+,127284,3684,00:00:15,621) /lib/systemd/systemd-timesyncd
(root,30876,2684,00:00:16,643) /usr/sbin/cron -f
(root,35912,2968,00:04:26,644) /usr/sbin/irqbalance --foreground
(root,153692,12600,00:00:00,645) /usr/bin/VGAuthService
(root,46668,4916,00:00:19,646) /lib/systemd/systemd-logind
(message+,45124,3684,00:00:21,647) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation
(root,1300372,24168,00:06:53,656) /usr/lib/snapd/snapd
(root,58340,3328,00:00:05,863) lldpd: monitor.
(root,15740,1480,00:00:00,865) /sbin/agetty --noclear tty1 linux
(_lldpd,58340,2188,00:00:50,911) lldpd: connected to SW_CORE_01.
(root,69956,6308,00:00:23,941) /usr/sbin/sshd -D
(root,0,0,00:00:00,951) [bioset]
(root,536952,38768,00:04:35,1135) /usr/sbin/apache2 -k start
(root,82324,4608,00:03:46,1371) sendmail: MTA: accepting connections
(root,54104,8416,00:00:00,2737) mc
(root,21164,3888,00:00:00,2739) bash -rcfile .bashrc
(root,4276,704,00:00:00,2967) sh /root/.vscode-server/cli/servers/Stable-38c31bc77e0dd6ae88a4e9cc93428cc27a56ba40/server/bin/code-server --connection-token=remotessh --accept-server-license-terms --start-server --enable-remote-auto-shutdown --socket-path=/tmp/code-b6c7d68f-d2c3-4d30-9008-336489f8543c
(root,1403040,157136,00:04:24,2971) /root/.vscode-server/cli/servers/Stable-38c31bc77e0dd6ae88a4e9cc93428cc27a56ba40/server/node /root/.vscode-server/cli/servers/Stable-38c31bc77e0dd6ae88a4e9cc93428cc27a56ba40/server/out/server-main.js --connection-token=remotessh --accept-server-license-terms --start-server --enable-remote-auto-shutdown --socket-path=/tmp/code-b6c7d68f-d2c3-4d30-9008-336489f8543c
(root,1154968,60228,00:03:22,3005) /root/.vscode-server/cli/servers/Stable-38c31bc77e0dd6ae88a4e9cc93428cc27a56ba40/server/node /root/.vscode-server/cli/servers/Stable-38c31bc77e0dd6ae88a4e9cc93428cc27a56ba40/server/out/bootstrap-fork --type=ptyHost --logsPath /root/.vscode-server/data/logs/20241129T140237
(root,99844,7388,00:00:35,3070) sshd: root@notty
(root,4276,1544,00:00:00,3076) sh
(root,40652,15964,00:03:22,3096) /root/.vscode-server/code-38c31bc77e0dd6ae88a4e9cc93428cc27a56ba40 command-shell --cli-data-dir /root/.vscode-server/cli --parent-process-id 3076 --on-host=127.0.0.1 --on-port
(root,11957224,256880,00:08:06,3123) /root/.vscode-server/cli/servers/Stable-38c31bc77e0dd6ae88a4e9cc93428cc27a56ba40/server/node --dns-result-order=ipv4first /root/.vscode-server/cli/servers/Stable-38c31bc77e0dd6ae88a4e9cc93428cc27a56ba40/server/out/bootstrap-fork --type=extensionHost --transformURIs --useHostProxy=false
(root,1448528,60432,00:00:20,3134) /root/.vscode-server/cli/servers/Stable-38c31bc77e0dd6ae88a4e9cc93428cc27a56ba40/server/node /root/.vscode-server/cli/servers/Stable-38c31bc77e0dd6ae88a4e9cc93428cc27a56ba40/server/out/bootstrap-fork --type=fileWatcher
(root,4456,3252,00:00:00,3176) /root/.vscode-server/extensions/ms-python.python-2024.14.1-linux-x64/python-env-tools/bin/pet server
(root,21280,3900,00:00:00,3253) /bin/bash --init-file /root/.vscode-server/cli/servers/Stable-38c31bc77e0dd6ae88a4e9cc93428cc27a56ba40/server/out/vs/workbench/contrib/terminal/browser/media/shellIntegration-bash.sh
(root,12383248,324800,00:00:34,3269) /root/.vscode-server/cli/servers/Stable-38c31bc77e0dd6ae88a4e9cc93428cc27a56ba40/server/node /root/.vscode-server/extensions/ms-python.vscode-pylance-2024.11.3/dist/server.bundle.js --cancellationReceive=file:740ba27cb3e92cd2797fbadbba03a7a783ef66db08 --node-ipc --clientProcessId=3123
(root,0,0,00:00:00,3685) [loop8]
(root,0,0,00:00:00,4042) [loop0]
(root,553760,5116,00:01:36,6847) /usr/sbin/rsyslogd -n
(root,318164,9232,00:00:35,7053) /usr/lib/packagekit/packagekitd
(root,286116,4976,00:00:21,7057) /usr/lib/policykit-1/polkitd --no-debug
(root,0,0,00:00:06,10052) [kworker/u12:2]
(root,54128,8328,00:00:00,10334) mc
(root,21164,3956,00:00:00,10336) bash -rcfile .bashrc
(root,337112,73840,00:01:05,10429) /usr/bin/python3 /usr/bin/fail2ban-server -s /var/run/fail2ban/fail2ban.sock -p /var/run/fail2ban/fail2ban.pid -x -b
(root,0,0,00:00:05,10988) [kworker/u12:1]
(root,0,0,00:00:00,12334) [loop1]
(root,99352,6920,00:00:07,12655) sshd: root@pts/1
(root,22728,5408,00:00:00,12672) -bash
(mysql,1593724,690944,05:36:30,14258) /usr/sbin/mysqld
(root,0,0,00:00:05,17062) [kworker/2:2]
(root,0,0,00:00:00,18262) [loop2]
(freerad,2516196,25792,01:05:01,20378) /usr/sbin/freeradius
(www-data,544736,37376,00:00:00,23561) /usr/sbin/apache2 -k start
(www-data,537640,24168,00:00:00,23562) /usr/sbin/apache2 -k start
(www-data,537628,24264,00:00:00,23563) /usr/sbin/apache2 -k start
(www-data,537628,23708,00:00:00,23564) /usr/sbin/apache2 -k start
(www-data,537628,24128,00:00:00,23565) /usr/sbin/apache2 -k start
(www-data,537588,23728,00:00:00,23592) /usr/sbin/apache2 -k start
(www-data,537892,26204,00:00:00,24313) /usr/sbin/apache2 -k start
(root,0,0,00:00:00,25079) [loop3]
(root,0,0,00:00:00,25227) [bioset]
(root,0,0,00:00:00,25229) [loop9]
(root,0,0,00:00:00,25240) [loop5]
(root,0,0,00:00:01,25372) [kworker/5:0]
(root,0,0,00:00:04,25533) [kworker/2:0]
(root,0,0,00:00:01,27099) [kworker/1:1]
(root,0,0,00:00:10,28081) [kworker/1:0]
(www-data,537308,14204,00:00:00,28129) /usr/sbin/apache2 -k start
(www-data,537636,23576,00:00:00,28133) /usr/sbin/apache2 -k start
(www-data,537948,23616,00:00:00,28134) /usr/sbin/apache2 -k start
(root,0,0,00:00:01,28307) [kworker/4:2]
(root,0,0,00:00:01,29243) [kworker/5:1]
(root,99352,6872,00:00:16,30595) sshd: root@pts/2
(root,22720,5212,00:00:00,30601) -bash
(root,0,0,00:00:00,31393) [kworker/0:1]
(root,0,0,00:00:00,31853) [kworker/4:0]
(root,0,0,00:00:00,32135) [kworker/3:2]
(root,99352,6972,00:04:43,32228) sshd: root@pts/0
(root,56536,6056,00:00:00,32230) /lib/systemd/systemd --user
(root,232396,1696,00:00:00,32231) (sd-pam)
(root,22800,5500,00:00:00,32237) -bash
(root,0,0,00:00:00,32379) [kworker/3:0]
(root,0,0,00:00:00,32387) [kworker/0:0]
(root,7044,704,00:00:00,32395) sleep 180
(root,0,0,00:00:00,32396) [kworker/0:2]
(root,54168,2704,00:00:00,32397) /usr/sbin/CRON -f
(smmsp,4276,708,00:00:00,32398) /bin/sh -c test -x /etc/init.d/sendmail && test -x /usr/share/sendmail/sendmail && test -x /usr/lib/sm.bin/sendmail && /usr/share/sendmail/sendmail cron-msp
(smmsp,4408,1644,00:00:00,32399) /bin/sh /usr/share/sendmail/sendmail cron-msp
(smmsp,62736,6284,00:00:00,32425) /usr/sbin/sendmail-msp -qf -Ac -L sm-msp-queue
(root,20900,3404,00:00:00,32464) /bin/bash /usr/bin/check_mk_agent
(root,18020,2924,00:00:00,32525) bash ./freeradius.sh
(root,20896,3396,00:00:00,32531) /bin/bash /usr/bin/check_mk_agent
(root,36628,2832,00:00:00,32537) ps ax -o user,vsz,rss,cputime,pid,command --columns 10000
(root,13204,964,00:00:00,32538) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4,\5) /

Found on 2024-12-01 23:20

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbdb152c97192c0d284810ab27e16e94ce6984b553

Found public CheckMk agent:
Version: 1.2.6b5
AgentOS: linux
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local

Found process list through CheckMk:
(root,204812,6796,00:02:18,1) /sbin/init
(root,0,0,00:00:02,2) [kthreadd]
(root,0,0,00:00:00,4) [kworker/0:0H]
(root,0,0,00:02:52,6) [kworker/0:1H]
(root,0,0,00:00:02,7) [ksoftirqd/0]
(root,0,0,00:59:43,8) [rcu_sched]
(root,0,0,00:00:00,9) [rcu_bh]
(root,0,0,00:00:01,10) [migration/0]
(root,0,0,00:00:00,11) [lru-add-drain]
(root,0,0,00:00:14,12) [watchdog/0]
(root,0,0,00:00:00,13) [cpuhp/0]
(root,0,0,00:00:00,14) [cpuhp/1]
(root,0,0,00:00:13,15) [watchdog/1]
(root,0,0,00:00:01,16) [migration/1]
(root,0,0,00:00:12,17) [ksoftirqd/1]
(root,0,0,00:00:00,19) [kworker/1:0H]
(root,0,0,00:00:00,20) [cpuhp/2]
(root,0,0,00:00:13,21) [watchdog/2]
(root,0,0,00:00:01,22) [migration/2]
(root,0,0,00:00:02,23) [ksoftirqd/2]
(root,0,0,00:00:00,25) [kworker/2:0H]
(root,0,0,00:00:00,26) [cpuhp/3]
(root,0,0,00:00:13,27) [watchdog/3]
(root,0,0,00:00:01,28) [migration/3]
(root,0,0,00:01:51,29) [ksoftirqd/3]
(root,0,0,00:00:00,31) [kworker/3:0H]
(root,0,0,00:00:00,32) [cpuhp/4]
(root,0,0,00:00:14,33) [watchdog/4]
(root,0,0,00:00:01,34) [migration/4]
(root,0,0,00:00:02,35) [ksoftirqd/4]
(root,0,0,00:00:00,37) [kworker/4:0H]
(root,0,0,00:00:00,38) [cpuhp/5]
(root,0,0,00:00:14,39) [watchdog/5]
(root,0,0,00:00:01,40) [migration/5]
(root,0,0,00:00:02,41) [ksoftirqd/5]
(root,0,0,00:00:00,43) [kworker/5:0H]
(root,0,0,00:00:00,44) [kdevtmpfs]
(root,0,0,00:00:00,45) [netns]
(root,0,0,00:00:04,46) [khungtaskd]
(root,0,0,00:00:00,47) [oom_reaper]
(root,0,0,00:00:00,48) [writeback]
(root,0,0,00:00:00,49) [kcompactd0]
(root,0,0,00:00:00,51) [ksmd]
(root,0,0,00:00:00,52) [khugepaged]
(root,0,0,00:00:00,53) [crypto]
(root,0,0,00:00:00,54) [kintegrityd]
(root,0,0,00:00:00,55) [bioset]
(root,0,0,00:00:00,56) [kblockd]
(root,0,0,00:00:00,57) [devfreq_wq]
(root,0,0,00:00:00,58) [watchdogd]
(root,0,0,00:00:47,59) [kswapd0]
(root,0,0,00:00:00,60) [vmstat]
(root,0,0,00:00:00,72) [kthrotld]
(root,0,0,00:00:00,73) [ipv6_addrconf]
(root,0,0,00:00:00,109) [mpt_poll_0]
(root,0,0,00:00:00,110) [mpt/0]
(root,0,0,00:00:00,111) [ata_sff]
(root,0,0,00:00:00,147) [scsi_eh_0]
(root,0,0,00:00:00,148) [scsi_tmf_0]
(root,0,0,00:00:00,149) [bioset]
(root,0,0,00:00:00,150) [scsi_eh_1]
(root,0,0,00:00:00,152) [scsi_tmf_1]
(root,0,0,00:00:00,153) [scsi_eh_2]
(root,0,0,00:00:00,154) [scsi_tmf_2]
(root,0,0,00:00:00,171) [bioset]
(root,0,0,00:02:41,174) [kworker/5:1H]
(root,0,0,00:08:00,176) [kworker/1:1H]
(root,0,0,00:02:58,177) [kworker/4:1H]
(root,0,0,00:00:00,203) [kworker/u13:0]
(root,0,0,00:03:36,212) [kworker/2:1H]
(root,0,0,00:42:25,214) [jbd2/sda3-8]
(root,0,0,00:00:00,215) [ext4-rsv-conver]
(root,0,0,00:06:32,237) [kworker/3:1H]
(root,135004,7748,01:21:38,241) /usr/bin/vmtoolsd
(root,0,0,00:00:00,242) [kauditd]
(root,62580,9936,00:37:48,253) /lib/systemd/systemd-journald
(root,47384,3124,00:00:09,305) /lib/systemd/systemd-udevd
(root,0,0,00:00:00,308) [bioset]
(root,0,0,00:00:00,309) [bioset]
(root,0,0,00:00:00,310) [bioset]
(root,0,0,00:00:00,311) [bioset]
(root,0,0,00:00:00,312) [bioset]
(root,0,0,00:00:00,313) [bioset]
(root,0,0,00:00:00,314) [bioset]
(root,0,0,00:00:00,315) [bioset]
(root,0,0,00:00:00,324) [loop4]
(root,0,0,00:00:00,329) [loop7]
(root,0,0,00:00:00,362) [ttm_swap]
(root,0,0,00:00:00,604) [jbd2/sda1-8]
(root,0,0,00:00:00,605) [ext4-rsv-conver]
(systemd+,127284,3688,00:00:14,621) /lib/systemd/systemd-timesyncd
(root,30876,2724,00:00:15,643) /usr/sbin/cron -f
(root,35912,3260,00:04:20,644) /usr/sbin/irqbalance --foreground
(root,153692,12656,00:00:00,645) /usr/bin/VGAuthService
(root,46668,4924,00:00:18,646) /lib/systemd/systemd-logind
(message+,45124,3684,00:00:21,647) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation
(root,1300372,24252,00:06:44,656) /usr/lib/snapd/snapd
(root,58340,3328,00:00:04,863) lldpd: monitor.
(root,15740,1480,00:00:00,865) /sbin/agetty --noclear tty1 linux
(_lldpd,58340,2188,00:00:49,911) lldpd: connected to SW_CORE_01.
(root,69956,6308,00:00:23,941) /usr/sbin/sshd -D
(root,0,0,00:00:00,951) [bioset]
(root,536952,38828,00:04:29,1135) /usr/sbin/apache2 -k start
(root,82324,4608,00:03:41,1371) sendmail: MTA: accepting connections
(root,0,0,00:00:04,1539) [kworker/0:1]
(www-data,538048,26900,00:00:01,1578) /usr/sbin/apache2 -k start
(www-data,537888,26840,00:00:00,1579) /usr/sbin/apache2 -k start
(www-data,537880,27600,00:00:00,1581) /usr/sbin/apache2 -k start
(www-data,538048,26636,00:00:00,2259) /usr/sbin/apache2 -k start
(root,54104,8416,00:00:00,2737) mc
(root,21164,3888,00:00:00,2739) bash -rcfile .bashrc
(root,4276,708,00:00:00,2967) sh /root/.vscode-server/cli/servers/Stable-38c31bc77e0dd6ae88a4e9cc93428cc27a56ba40/server/bin/code-server --connection-token=remotessh --accept-server-license-terms --start-server --enable-remote-auto-shutdown --socket-path=/tmp/code-b6c7d68f-d2c3-4d30-9008-336489f8543c
(root,1399712,156752,00:00:59,2971) /root/.vscode-server/cli/servers/Stable-38c31bc77e0dd6ae88a4e9cc93428cc27a56ba40/server/node /root/.vscode-server/cli/servers/Stable-38c31bc77e0dd6ae88a4e9cc93428cc27a56ba40/server/out/server-main.js --connection-token=remotessh --accept-server-license-terms --start-server --enable-remote-auto-shutdown --socket-path=/tmp/code-b6c7d68f-d2c3-4d30-9008-336489f8543c
(root,1154168,59616,00:00:36,3005) /root/.vscode-server/cli/servers/Stable-38c31bc77e0dd6ae88a4e9cc93428cc27a56ba40/server/node /root/.vscode-server/cli/servers/Stable-38c31bc77e0dd6ae88a4e9cc93428cc27a56ba40/server/out/bootstrap-fork --type=ptyHost --logsPath /root/.vscode-server/data/logs/20241129T140237
(root,99844,7388,00:00:06,3070) sshd: root@notty
(root,4276,1544,00:00:00,3076) sh
(root,40656,15960,00:00:36,3096) /root/.vscode-server/code-38c31bc77e0dd6ae88a4e9cc93428cc27a56ba40 command-shell --cli-data-dir /root/.vscode-server/cli --parent-process-id 3076 --on-host=127.0.0.1 --on-port
(root,11999780,297700,00:01:30,3123) /root/.vscode-server/cli/servers/Stable-38c31bc77e0dd6ae88a4e9cc93428cc27a56ba40/server/node --dns-result-order=ipv4first /root/.vscode-server/cli/servers/Stable-38c31bc77e0dd6ae88a4e9cc93428cc27a56ba40/server/out/bootstrap-fork --type=extensionHost --transformURIs --useHostProxy=false
(root,1448528,57908,00:00:05,3134) /root/.vscode-server/cli/servers/Stable-38c31bc77e0dd6ae88a4e9cc93428cc27a56ba40/server/node /root/.vscode-server/cli/servers/Stable-38c31bc77e0dd6ae88a4e9cc93428cc27a56ba40/server/out/bootstrap-fork --type=fileWatcher
(root,4456,3252,00:00:00,3176) /root/.vscode-server/extensions/ms-python.python-2024.14.1-linux-x64/python-env-tools/bin/pet server
(root,21280,3900,00:00:00,3253) /bin/bash --init-file /root/.vscode-server/cli/servers/Stable-38c31bc77e0dd6ae88a4e9cc93428cc27a56ba40/server/out/vs/workbench/contrib/terminal/browser/media/shellIntegration-bash.sh
(root,12382992,324008,00:00:25,3269) /root/.vscode-server/cli/servers/Stable-38c31bc77e0dd6ae88a4e9cc93428cc27a56ba40/server/node /root/.vscode-server/extensions/ms-python.vscode-pylance-2024.11.3/dist/server.bundle.js --cancellationReceive=file:740ba27cb3e92cd2797fbadbba03a7a783ef66db08 --node-ipc --clientProcessId=3123
(root,0,0,00:00:00,3685) [loop8]
(root,0,0,00:00:00,4042) [loop0]
(root,0,0,00:00:00,5373) [kworker/2:1]
(root,0,0,00:00:01,5604) [kworker/2:0]
(root,0,0,00:00:00,5696) [kworker/1:1]
(root,0,0,00:00:06,5910) [kworker/1:2]
(root,553760,5112,00:01:30,6847) /usr/sbin/rsyslogd -n
(root,318164,9232,00:00:35,7053) /usr/lib/packagekit/packagekitd
(root,286116,4976,00:00:20,7057) /usr/lib/policykit-1/polkitd --no-debug
(root,0,0,00:00:00,7132) [kworker/5:2]
(root,0,0,00:00:00,7332) [kworker/4:0]
(root,0,0,00:00:00,7558) [kworker/4:2]
(root,0,0,00:00:00,7801) [kworker/5:1]
(root,0,0,00:00:00,8028) [kworker/3:1]
(root,0,0,00:00:00,8271) [kworker/3:2]
(root,0,0,00:00:00,8310) [kworker/0:2]
(root,0,0,00:00:00,8316) [kworker/0:0]
(root,7044,648,00:00:00,8317) sleep 180
(root,0,0,00:00:00,8379) [kworker/1:0]
(root,0,0,00:00:00,8440) [kworker/5:0]
(root,20896,3228,00:00:00,8441) /bin/bash /usr/bin/check_mk_agent
(root,36628,2864,00:00:00,8447) ps ax -o user,vsz,rss,cputime,pid,command --columns 10000
(root,13204,900,00:00:00,8448) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4,\5) /
(root,0,0,00:00:01,10052) [kworker/u12:2]
(root,54128,8328,00:00:00,10334) mc
(root,21164,3956,00:00:00,10336) bash -rcfile .bashrc
(root,337112,73840,00:00:38,10429) /usr/bin/python3 /usr/bin/fail2ban-server -s /var/run/fail2ban/fail2ban.sock -p /var/run/fail2ban/fail2ban.pid -x -b
(root,0,0,00:00:05,10988) [kworker/u12:1]
(root,0,0,00:00:00,12334) [loop1]
(root,99352,6920,00:00:06,12655) sshd: root@pts/1
(root,22728,5408,00:00:00,12672) -bash
(mysql,1589628,691304,04:44:29,14258) /usr/sbin/mysqld
(root,0,0,00:00:00,18262) [loop2]
(freerad,2516196,25736,00:44:35,20378) /usr/sbin/freeradius
(root,0,0,00:00:00,25079) [loop3]
(root,0,0,00:00:00,25227) [bioset]
(root,0,0,00:00:00,25229) [loop9]
(root,0,0,00:00:00,25240) [loop5]
(root,99352,6872,00:00:15,30595) sshd: root@pts/2
(root,22720,5212,00:00:00,30601) -bash
(www-data,538048,27044,00:00:00,31479) /usr/sbin/apache2 -k start
(www-data,538056,27068,00:00:00,31480) /usr/sbin/apache2 -k start
(www-data,537936,27560,00:00:00,31481) /usr/sbin/apache2 -k start
(www-data,538520,27892,00:00:01,31483) /usr/sbin/apache2 -k start
(www-data,537888,27560,00:00:00,31714) /usr/sbin/apache2 -k start
(root,99352,6972,00:04:42,32228) sshd: root@pts/0
(root,56536,6060,00:00:00,32230) /lib/systemd/systemd --user
(root,232396,1696,00:00:00,32231) (sd-pam)
(root,22800,5500,00:00:00,32237) -bash
(www-data,538048,27348,00:00:00,32618) /usr/sbin/apache2 -k start

Found on 2024-11-29 23:28

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbdb152c97192c0d284810ab27e16e94ce892ee27b

Found public CheckMk agent:
Version: 1.2.6b5
AgentOS: linux
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local

Found process list through CheckMk:
(root,204812,6820,00:02:16,1) /sbin/init
(root,0,0,00:00:01,2) [kthreadd]
(root,0,0,00:00:00,4) [kworker/0:0H]
(root,0,0,00:02:48,6) [kworker/0:1H]
(root,0,0,00:00:02,7) [ksoftirqd/0]
(root,0,0,00:58:02,8) [rcu_sched]
(root,0,0,00:00:00,9) [rcu_bh]
(root,0,0,00:00:01,10) [migration/0]
(root,0,0,00:00:00,11) [lru-add-drain]
(root,0,0,00:00:13,12) [watchdog/0]
(root,0,0,00:00:00,13) [cpuhp/0]
(root,0,0,00:00:00,14) [cpuhp/1]
(root,0,0,00:00:13,15) [watchdog/1]
(root,0,0,00:00:01,16) [migration/1]
(root,0,0,00:00:12,17) [ksoftirqd/1]
(root,0,0,00:00:00,19) [kworker/1:0H]
(root,0,0,00:00:00,20) [cpuhp/2]
(root,0,0,00:00:13,21) [watchdog/2]
(root,0,0,00:00:01,22) [migration/2]
(root,0,0,00:00:02,23) [ksoftirqd/2]
(root,0,0,00:00:00,25) [kworker/2:0H]
(root,0,0,00:00:00,26) [cpuhp/3]
(root,0,0,00:00:13,27) [watchdog/3]
(root,0,0,00:00:01,28) [migration/3]
(root,0,0,00:01:47,29) [ksoftirqd/3]
(root,0,0,00:00:00,31) [kworker/3:0H]
(root,0,0,00:00:00,32) [cpuhp/4]
(root,0,0,00:00:14,33) [watchdog/4]
(root,0,0,00:00:01,34) [migration/4]
(root,0,0,00:00:02,35) [ksoftirqd/4]
(root,0,0,00:00:00,37) [kworker/4:0H]
(root,0,0,00:00:00,38) [cpuhp/5]
(root,0,0,00:00:13,39) [watchdog/5]
(root,0,0,00:00:01,40) [migration/5]
(root,0,0,00:00:02,41) [ksoftirqd/5]
(root,0,0,00:00:00,43) [kworker/5:0H]
(root,0,0,00:00:00,44) [kdevtmpfs]
(root,0,0,00:00:00,45) [netns]
(root,0,0,00:00:04,46) [khungtaskd]
(root,0,0,00:00:00,47) [oom_reaper]
(root,0,0,00:00:00,48) [writeback]
(root,0,0,00:00:00,49) [kcompactd0]
(root,0,0,00:00:00,51) [ksmd]
(root,0,0,00:00:00,52) [khugepaged]
(root,0,0,00:00:00,53) [crypto]
(root,0,0,00:00:00,54) [kintegrityd]
(root,0,0,00:00:00,55) [bioset]
(root,0,0,00:00:00,56) [kblockd]
(root,0,0,00:00:00,57) [devfreq_wq]
(root,0,0,00:00:00,58) [watchdogd]
(root,0,0,00:00:44,59) [kswapd0]
(root,0,0,00:00:00,60) [vmstat]
(root,0,0,00:00:00,72) [kthrotld]
(root,0,0,00:00:00,73) [ipv6_addrconf]
(root,0,0,00:00:00,109) [mpt_poll_0]
(root,0,0,00:00:00,110) [mpt/0]
(root,0,0,00:00:00,111) [ata_sff]
(root,0,0,00:00:00,147) [scsi_eh_0]
(root,0,0,00:00:00,148) [scsi_tmf_0]
(root,0,0,00:00:00,149) [bioset]
(root,0,0,00:00:00,150) [scsi_eh_1]
(root,0,0,00:00:00,152) [scsi_tmf_1]
(root,0,0,00:00:00,153) [scsi_eh_2]
(root,0,0,00:00:00,154) [scsi_tmf_2]
(root,0,0,00:00:00,171) [bioset]
(root,0,0,00:02:36,174) [kworker/5:1H]
(root,0,0,00:07:50,176) [kworker/1:1H]
(root,0,0,00:02:52,177) [kworker/4:1H]
(root,0,0,00:00:00,203) [kworker/u13:0]
(root,0,0,00:03:30,212) [kworker/2:1H]
(root,0,0,00:41:18,214) [jbd2/sda3-8]
(root,0,0,00:00:00,215) [ext4-rsv-conver]
(root,0,0,00:06:22,237) [kworker/3:1H]
(root,135004,7748,01:19:41,241) /usr/bin/vmtoolsd
(root,0,0,00:00:00,242) [kauditd]
(root,62580,8244,00:37:44,253) /lib/systemd/systemd-journald
(root,47384,3124,00:00:09,305) /lib/systemd/systemd-udevd
(root,0,0,00:00:00,308) [bioset]
(root,0,0,00:00:00,309) [bioset]
(root,0,0,00:00:00,310) [bioset]
(root,0,0,00:00:00,311) [bioset]
(root,0,0,00:00:00,312) [bioset]
(root,0,0,00:00:00,313) [bioset]
(root,0,0,00:00:00,314) [bioset]
(root,0,0,00:00:00,315) [bioset]
(root,0,0,00:00:00,324) [loop4]
(root,0,0,00:00:00,329) [loop7]
(root,0,0,00:00:00,362) [ttm_swap]
(root,0,0,00:00:00,604) [jbd2/sda1-8]
(root,0,0,00:00:00,605) [ext4-rsv-conver]
(systemd+,127284,3876,00:00:14,621) /lib/systemd/systemd-timesyncd
(root,30876,2824,00:00:15,643) /usr/sbin/cron -f
(root,35912,3264,00:04:14,644) /usr/sbin/irqbalance --foreground
(root,153692,12660,00:00:00,645) /usr/bin/VGAuthService
(root,46668,4924,00:00:18,646) /lib/systemd/systemd-logind
(message+,45124,3684,00:00:20,647) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation
(root,1300372,23944,00:06:35,656) /usr/lib/snapd/snapd
(root,58340,3328,00:00:04,863) lldpd: monitor.
(root,15740,1480,00:00:00,865) /sbin/agetty --noclear tty1 linux
(_lldpd,58340,2188,00:00:48,911) lldpd: connected to SW_CORE_01.
(root,69956,6308,00:00:23,941) /usr/sbin/sshd -D
(root,0,0,00:00:00,951) [bioset]
(root,536952,38708,00:04:23,1135) /usr/sbin/apache2 -k start
(root,82324,3784,00:03:36,1371) sendmail: MTA: accepting connections
(root,0,0,00:00:00,3685) [loop8]
(root,0,0,00:00:00,4042) [loop0]
(root,553760,5112,00:01:24,6847) /usr/sbin/rsyslogd -n
(root,318164,9232,00:00:34,7053) /usr/lib/packagekit/packagekitd
(root,286116,4976,00:00:20,7057) /usr/lib/policykit-1/polkitd --no-debug
(www-data,538032,26556,00:00:00,7540) /usr/sbin/apache2 -k start
(www-data,538032,26872,00:00:00,7541) /usr/sbin/apache2 -k start
(www-data,538032,26748,00:00:00,7542) /usr/sbin/apache2 -k start
(www-data,538504,27204,00:00:00,7543) /usr/sbin/apache2 -k start
(www-data,538032,26944,00:00:00,7544) /usr/sbin/apache2 -k start
(www-data,538552,27844,00:00:00,7883) /usr/sbin/apache2 -k start
(www-data,537528,26532,00:00:00,8927) /usr/sbin/apache2 -k start
(root,0,0,00:00:00,10052) [kworker/u12:2]
(root,54128,8328,00:00:00,10334) mc
(root,21164,3956,00:00:00,10336) bash -rcfile .bashrc
(root,337112,73840,00:00:10,10429) /usr/bin/python3 /usr/bin/fail2ban-server -s /var/run/fail2ban/fail2ban.sock -p /var/run/fail2ban/fail2ban.pid -x -b
(root,0,0,00:00:01,10988) [kworker/u12:1]
(www-data,538032,26616,00:00:00,11663) /usr/sbin/apache2 -k start
(root,0,0,00:00:00,12334) [loop1]
(root,99352,6920,00:00:05,12655) sshd: root@pts/1
(root,22708,5336,00:00:00,12672) -bash
(www-data,537308,14736,00:00:00,13618) /usr/sbin/apache2 -k start
(mysql,1589628,692380,03:58:16,14258) /usr/sbin/mysqld
(root,0,0,00:00:00,14477) [kworker/5:0]
(root,0,0,00:00:00,14584) [kworker/4:1]
(root,0,0,00:00:00,14979) [kworker/4:0]
(root,0,0,00:00:00,15189) [kworker/5:1]
(root,0,0,00:00:00,16207) [kworker/2:2]
(root,0,0,00:00:01,16378) [kworker/3:1]
(root,0,0,00:00:00,16408) [kworker/0:2]
(root,0,0,00:00:02,16816) [kworker/3:2]
(root,0,0,00:00:00,17046) [kworker/1:0]
(root,0,0,00:00:00,17119) [kworker/2:1]
(root,0,0,00:00:00,17377) [kworker/1:1]
(root,0,0,00:00:00,17410) [kworker/0:0]
(root,0,0,00:00:00,17413) [kworker/0:1]
(root,20900,3408,00:00:00,17450) /bin/bash /usr/bin/check_mk_agent
(root,20896,3228,00:00:00,17512) /bin/bash /usr/bin/check_mk_agent
(root,18004,2888,00:00:00,17524) bash ./freeradius.sh
(root,36628,2792,00:00:00,17525) ps ax -o user,vsz,rss,cputime,pid,command --columns 10000
(root,13204,960,00:00:00,17526) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4,\5) /
(root,0,0,00:00:00,18262) [loop2]
(freerad,2516196,25948,00:24:24,20378) /usr/sbin/freeradius
(root,0,0,00:00:00,25079) [loop3]
(root,0,0,00:00:00,25227) [bioset]
(root,0,0,00:00:00,25229) [loop9]
(root,0,0,00:00:00,25240) [loop5]
(root,99352,6872,00:00:14,30595) sshd: root@pts/2
(root,22720,5212,00:00:00,30601) -bash
(root,99352,6972,00:04:41,32228) sshd: root@pts/0
(root,56536,6060,00:00:00,32230) /lib/systemd/systemd --user
(root,232396,1720,00:00:00,32231) (sd-pam)
(root,22800,5500,00:00:00,32237) -bash

Found on 2024-11-27 23:57

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbdb152c97192c0d284810ab27e16e94ceb6589c0d

Found public CheckMk agent:
Version: 1.2.6b5
AgentOS: linux
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local

Found process list through CheckMk:
(root,204812,6820,00:02:12,1) /sbin/init
(root,0,0,00:00:01,2) [kthreadd]
(root,0,0,00:00:00,4) [kworker/0:0H]
(root,0,0,00:02:42,6) [kworker/0:1H]
(root,0,0,00:00:02,7) [ksoftirqd/0]
(root,0,0,00:56:27,8) [rcu_sched]
(root,0,0,00:00:00,9) [rcu_bh]
(root,0,0,00:00:01,10) [migration/0]
(root,0,0,00:00:00,11) [lru-add-drain]
(root,0,0,00:00:13,12) [watchdog/0]
(root,0,0,00:00:00,13) [cpuhp/0]
(root,0,0,00:00:00,14) [cpuhp/1]
(root,0,0,00:00:12,15) [watchdog/1]
(root,0,0,00:00:01,16) [migration/1]
(root,0,0,00:00:12,17) [ksoftirqd/1]
(root,0,0,00:00:00,19) [kworker/1:0H]
(root,0,0,00:00:00,20) [cpuhp/2]
(root,0,0,00:00:12,21) [watchdog/2]
(root,0,0,00:00:01,22) [migration/2]
(root,0,0,00:00:02,23) [ksoftirqd/2]
(root,0,0,00:00:00,25) [kworker/2:0H]
(root,0,0,00:00:00,26) [cpuhp/3]
(root,0,0,00:00:12,27) [watchdog/3]
(root,0,0,00:00:01,28) [migration/3]
(root,0,0,00:01:44,29) [ksoftirqd/3]
(root,0,0,00:00:00,31) [kworker/3:0H]
(root,0,0,00:00:00,32) [cpuhp/4]
(root,0,0,00:00:14,33) [watchdog/4]
(root,0,0,00:00:01,34) [migration/4]
(root,0,0,00:00:02,35) [ksoftirqd/4]
(root,0,0,00:00:00,37) [kworker/4:0H]
(root,0,0,00:00:00,38) [cpuhp/5]
(root,0,0,00:00:13,39) [watchdog/5]
(root,0,0,00:00:01,40) [migration/5]
(root,0,0,00:00:02,41) [ksoftirqd/5]
(root,0,0,00:00:00,43) [kworker/5:0H]
(root,0,0,00:00:00,44) [kdevtmpfs]
(root,0,0,00:00:00,45) [netns]
(root,0,0,00:00:04,46) [khungtaskd]
(root,0,0,00:00:00,47) [oom_reaper]
(root,0,0,00:00:00,48) [writeback]
(root,0,0,00:00:00,49) [kcompactd0]
(root,0,0,00:00:00,51) [ksmd]
(root,0,0,00:00:00,52) [khugepaged]
(root,0,0,00:00:00,53) [crypto]
(root,0,0,00:00:00,54) [kintegrityd]
(root,0,0,00:00:00,55) [bioset]
(root,0,0,00:00:00,56) [kblockd]
(root,0,0,00:00:00,57) [devfreq_wq]
(root,0,0,00:00:00,58) [watchdogd]
(root,0,0,00:00:42,59) [kswapd0]
(root,0,0,00:00:00,60) [vmstat]
(root,0,0,00:00:00,72) [kthrotld]
(root,0,0,00:00:00,73) [ipv6_addrconf]
(root,0,0,00:00:00,109) [mpt_poll_0]
(root,0,0,00:00:00,110) [mpt/0]
(root,0,0,00:00:00,111) [ata_sff]
(root,0,0,00:00:00,147) [scsi_eh_0]
(root,0,0,00:00:00,148) [scsi_tmf_0]
(root,0,0,00:00:00,149) [bioset]
(root,0,0,00:00:00,150) [scsi_eh_1]
(root,0,0,00:00:00,152) [scsi_tmf_1]
(root,0,0,00:00:00,153) [scsi_eh_2]
(root,0,0,00:00:00,154) [scsi_tmf_2]
(root,0,0,00:00:00,171) [bioset]
(root,0,0,00:02:31,174) [kworker/5:1H]
(root,0,0,00:07:39,176) [kworker/1:1H]
(root,0,0,00:02:46,177) [kworker/4:1H]
(root,0,0,00:00:00,203) [kworker/u13:0]
(root,0,0,00:03:23,212) [kworker/2:1H]
(root,0,0,00:40:06,214) [jbd2/sda3-8]
(root,0,0,00:00:00,215) [ext4-rsv-conver]
(root,0,0,00:06:12,237) [kworker/3:1H]
(root,135004,7748,01:17:45,241) /usr/bin/vmtoolsd
(root,0,0,00:00:00,242) [kauditd]
(root,62580,6632,00:37:42,253) /lib/systemd/systemd-journald
(root,47384,3124,00:00:09,305) /lib/systemd/systemd-udevd
(root,0,0,00:00:00,308) [bioset]
(root,0,0,00:00:00,309) [bioset]
(root,0,0,00:00:00,310) [bioset]
(root,0,0,00:00:00,311) [bioset]
(root,0,0,00:00:00,312) [bioset]
(root,0,0,00:00:00,313) [bioset]
(root,0,0,00:00:00,314) [bioset]
(root,0,0,00:00:00,315) [bioset]
(root,0,0,00:00:00,324) [loop4]
(root,0,0,00:00:00,329) [loop7]
(root,0,0,00:00:00,362) [ttm_swap]
(root,0,0,00:00:00,604) [jbd2/sda1-8]
(root,0,0,00:00:00,605) [ext4-rsv-conver]
(systemd+,127284,3972,00:00:14,621) /lib/systemd/systemd-timesyncd
(root,30876,2824,00:00:15,643) /usr/sbin/cron -f
(root,35912,3264,00:04:07,644) /usr/sbin/irqbalance --foreground
(root,153692,12660,00:00:00,645) /usr/bin/VGAuthService
(root,46668,4924,00:00:17,646) /lib/systemd/systemd-logind
(message+,45124,3684,00:00:20,647) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation
(root,1300372,24104,00:06:26,656) /usr/lib/snapd/snapd
(root,58340,3328,00:00:04,863) lldpd: monitor.
(root,15740,1480,00:00:00,865) /sbin/agetty --noclear tty1 linux
(_lldpd,58340,2188,00:00:47,911) lldpd: connected to SW_CORE_01.
(root,69956,6308,00:00:22,941) /usr/sbin/sshd -D
(root,0,0,00:00:00,951) [bioset]
(root,7080,708,00:00:37,961) tail -f ./ blokady.log
(root,536952,38828,00:04:16,1135) /usr/sbin/apache2 -k start
(root,82324,3784,00:03:31,1371) sendmail: MTA: accepting connections
(www-data,541296,30292,00:00:01,2303) /usr/sbin/apache2 -k start
(www-data,542832,38624,00:00:00,2304) /usr/sbin/apache2 -k start
(www-data,543148,40368,00:00:03,3466) /usr/sbin/apache2 -k start
(www-data,540896,29648,00:00:00,3474) /usr/sbin/apache2 -k start
(www-data,542836,38648,00:00:01,3478) /usr/sbin/apache2 -k start
(www-data,542900,38796,00:00:02,3479) /usr/sbin/apache2 -k start
(www-data,543056,38740,00:00:02,3483) /usr/sbin/apache2 -k start
(www-data,542916,39828,00:00:02,3484) /usr/sbin/apache2 -k start
(www-data,543012,39968,00:00:00,3486) /usr/sbin/apache2 -k start
(root,0,0,00:00:00,3685) [loop8]
(root,0,0,00:00:00,4042) [loop0]
(root,0,0,00:00:14,4108) [kworker/1:1]
(root,54272,8676,00:00:00,6797) mc
(root,21168,3788,00:00:00,6799) bash -rcfile .bashrc
(root,553760,5104,00:01:19,6847) /usr/sbin/rsyslogd -n
(root,318164,9232,00:00:33,7053) /usr/lib/packagekit/packagekitd
(root,286116,4976,00:00:19,7057) /usr/lib/policykit-1/polkitd --no-debug
(root,0,0,00:00:00,12334) [loop1]
(root,99352,6920,00:00:04,12655) sshd: root@pts/1
(root,22708,5336,00:00:00,12672) -bash
(mysql,1573244,690860,03:08:45,14258) /usr/sbin/mysqld
(root,0,0,00:00:00,18262) [loop2]
(root,99352,6908,00:00:00,19188) sshd: root@pts/4
(root,22828,5616,00:00:00,19194) -bash
(root,54220,8764,00:00:02,19461) mc
(root,21168,3944,00:00:00,19463) bash -rcfile .bashrc
(root,0,0,00:00:01,19726) [kworker/4:1]
(freerad,2516196,25032,00:04:17,20378) /usr/sbin/freeradius
(root,0,0,00:00:00,20403) [kworker/u12:1]
(root,0,0,00:00:01,20648) [kworker/u12:0]
(www-data,537244,14084,00:00:00,22542) /usr/sbin/apache2 -k start
(root,0,0,00:00:05,22957) [kworker/1:2]
(root,0,0,00:00:00,23527) [kworker/4:0]
(root,0,0,00:00:00,23695) [kworker/5:0]
(root,0,0,00:00:01,23721) [kworker/0:0]
(root,0,0,00:00:00,24146) [kworker/2:1]
(root,0,0,00:00:00,24377) [kworker/2:2]
(root,0,0,00:00:01,24589) [kworker/3:2]
(root,0,0,00:00:00,24820) [kworker/5:2]
(root,0,0,00:00:00,25033) [kworker/3:0]
(root,0,0,00:00:00,25079) [loop3]
(root,0,0,00:00:00,25099) [kworker/0:1]
(root,0,0,00:00:00,25103) [kworker/0:2]
(root,0,0,00:00:00,25227) [bioset]
(root,0,0,00:00:00,25229) [loop9]
(root,0,0,00:00:00,25240) [loop5]
(root,0,0,00:00:00,25273) [kworker/2:0]
(root,20900,3460,00:00:00,25332) /bin/bash /usr/bin/check_mk_agent
(root,18020,2928,00:00:00,25380) bash ./freeradius.sh
(root,20896,3292,00:00:00,25388) /bin/bash /usr/bin/check_mk_agent
(root,36628,2828,00:00:00,25394) ps ax -o user,vsz,rss,cputime,pid,command --columns 10000
(root,13204,952,00:00:00,25395) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4,\5) /
(root,336740,62576,00:01:14,27108) /usr/bin/python3 /usr/bin/fail2ban-server -s /var/run/fail2ban/fail2ban.sock -p /var/run/fail2ban/fail2ban.pid -x -b
(root,99352,6872,00:00:13,30595) sshd: root@pts/2
(root,22696,4296,00:00:00,30601) -bash
(root,99352,6972,00:04:40,32228) sshd: root@pts/0
(root,56536,6060,00:00:00,32230) /lib/systemd/systemd --user
(root,232396,1720,00:00:00,32231) (sd-pam)
(root,22800,5500,00:00:00,32237) -bash

Found on 2024-11-26 00:12

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbdb152c97192c0d284810ab27e16e94cefd9ba1ae

Found public CheckMk agent:
Version: 1.2.6b5
AgentOS: linux
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local

Found process list through CheckMk:
(root,204812,6820,00:02:09,1) /sbin/init
(root,0,0,00:00:01,2) [kthreadd]
(root,0,0,00:00:00,4) [kworker/0:0H]
(root,0,0,00:02:36,6) [kworker/0:1H]
(root,0,0,00:00:02,7) [ksoftirqd/0]
(root,0,0,00:54:49,8) [rcu_sched]
(root,0,0,00:00:00,9) [rcu_bh]
(root,0,0,00:00:01,10) [migration/0]
(root,0,0,00:00:00,11) [lru-add-drain]
(root,0,0,00:00:13,12) [watchdog/0]
(root,0,0,00:00:00,13) [cpuhp/0]
(root,0,0,00:00:00,14) [cpuhp/1]
(root,0,0,00:00:12,15) [watchdog/1]
(root,0,0,00:00:01,16) [migration/1]
(root,0,0,00:00:12,17) [ksoftirqd/1]
(root,0,0,00:00:00,19) [kworker/1:0H]
(root,0,0,00:00:00,20) [cpuhp/2]
(root,0,0,00:00:12,21) [watchdog/2]
(root,0,0,00:00:01,22) [migration/2]
(root,0,0,00:00:02,23) [ksoftirqd/2]
(root,0,0,00:00:00,25) [kworker/2:0H]
(root,0,0,00:00:00,26) [cpuhp/3]
(root,0,0,00:00:12,27) [watchdog/3]
(root,0,0,00:00:01,28) [migration/3]
(root,0,0,00:01:41,29) [ksoftirqd/3]
(root,0,0,00:00:00,31) [kworker/3:0H]
(root,0,0,00:00:00,32) [cpuhp/4]
(root,0,0,00:00:13,33) [watchdog/4]
(root,0,0,00:00:01,34) [migration/4]
(root,0,0,00:00:02,35) [ksoftirqd/4]
(root,0,0,00:00:00,37) [kworker/4:0H]
(root,0,0,00:00:00,38) [cpuhp/5]
(root,0,0,00:00:13,39) [watchdog/5]
(root,0,0,00:00:01,40) [migration/5]
(root,0,0,00:00:02,41) [ksoftirqd/5]
(root,0,0,00:00:00,43) [kworker/5:0H]
(root,0,0,00:00:00,44) [kdevtmpfs]
(root,0,0,00:00:00,45) [netns]
(root,0,0,00:00:04,46) [khungtaskd]
(root,0,0,00:00:00,47) [oom_reaper]
(root,0,0,00:00:00,48) [writeback]
(root,0,0,00:00:00,49) [kcompactd0]
(root,0,0,00:00:00,51) [ksmd]
(root,0,0,00:00:00,52) [khugepaged]
(root,0,0,00:00:00,53) [crypto]
(root,0,0,00:00:00,54) [kintegrityd]
(root,0,0,00:00:00,55) [bioset]
(root,0,0,00:00:00,56) [kblockd]
(root,0,0,00:00:00,57) [devfreq_wq]
(root,0,0,00:00:00,58) [watchdogd]
(root,0,0,00:00:40,59) [kswapd0]
(root,0,0,00:00:00,60) [vmstat]
(root,0,0,00:00:00,72) [kthrotld]
(root,0,0,00:00:00,73) [ipv6_addrconf]
(root,0,0,00:00:00,109) [mpt_poll_0]
(root,0,0,00:00:00,110) [mpt/0]
(root,0,0,00:00:00,111) [ata_sff]
(root,0,0,00:00:00,147) [scsi_eh_0]
(root,0,0,00:00:00,148) [scsi_tmf_0]
(root,0,0,00:00:00,149) [bioset]
(root,0,0,00:00:00,150) [scsi_eh_1]
(root,0,0,00:00:00,152) [scsi_tmf_1]
(root,0,0,00:00:00,153) [scsi_eh_2]
(root,0,0,00:00:00,154) [scsi_tmf_2]
(root,0,0,00:00:00,171) [bioset]
(root,0,0,00:02:26,174) [kworker/5:1H]
(root,0,0,00:07:28,176) [kworker/1:1H]
(root,0,0,00:02:40,177) [kworker/4:1H]
(root,0,0,00:00:00,203) [kworker/u13:0]
(root,0,0,00:03:16,212) [kworker/2:1H]
(root,0,0,00:38:54,214) [jbd2/sda3-8]
(root,0,0,00:00:00,215) [ext4-rsv-conver]
(root,0,0,00:06:01,237) [kworker/3:1H]
(root,135004,7792,01:15:48,241) /usr/bin/vmtoolsd
(root,0,0,00:00:00,242) [kauditd]
(root,62580,4228,00:37:39,253) /lib/systemd/systemd-journald
(root,47384,3124,00:00:09,305) /lib/systemd/systemd-udevd
(root,0,0,00:00:00,308) [bioset]
(root,0,0,00:00:00,309) [bioset]
(root,0,0,00:00:00,310) [bioset]
(root,0,0,00:00:00,311) [bioset]
(root,0,0,00:00:00,312) [bioset]
(root,0,0,00:00:00,313) [bioset]
(root,0,0,00:00:00,314) [bioset]
(root,0,0,00:00:00,315) [bioset]
(root,0,0,00:00:00,324) [loop4]
(root,0,0,00:00:00,329) [loop7]
(root,0,0,00:00:00,362) [ttm_swap]
(root,0,0,00:00:00,604) [jbd2/sda1-8]
(root,0,0,00:00:00,605) [ext4-rsv-conver]
(systemd+,127284,4096,00:00:13,621) /lib/systemd/systemd-timesyncd
(root,30876,2824,00:00:14,643) /usr/sbin/cron -f
(root,35912,3264,00:04:01,644) /usr/sbin/irqbalance --foreground
(root,153692,12660,00:00:00,645) /usr/bin/VGAuthService
(root,46668,4924,00:00:17,646) /lib/systemd/systemd-logind
(message+,45124,3684,00:00:19,647) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation
(root,1300372,24152,00:06:17,656) /usr/lib/snapd/snapd
(root,58340,3328,00:00:04,863) lldpd: monitor.
(root,15740,1480,00:00:00,865) /sbin/agetty --noclear tty1 linux
(_lldpd,58340,2188,00:00:46,911) lldpd: connected to SW_CORE_01.
(root,69956,6308,00:00:22,941) /usr/sbin/sshd -D
(root,0,0,00:00:00,951) [bioset]
(root,7080,708,00:00:32,961) tail -f ./ blokady.log
(root,536952,38828,00:04:09,1135) /usr/sbin/apache2 -k start
(root,82324,3784,00:03:26,1371) sendmail: MTA: accepting connections
(root,0,0,00:00:00,3685) [loop8]
(root,0,0,00:00:00,4042) [loop0]
(root,54272,8676,00:00:00,6797) mc
(root,21168,3788,00:00:00,6799) bash -rcfile .bashrc
(root,553760,5156,00:01:14,6847) /usr/sbin/rsyslogd -n
(root,318164,9232,00:00:32,7053) /usr/lib/packagekit/packagekitd
(root,286116,4976,00:00:19,7057) /usr/lib/policykit-1/polkitd --no-debug
(freerad,2452488,70528,05:33:40,7832) /usr/sbin/freeradius
(root,0,0,00:00:00,12334) [loop1]
(root,99352,6920,00:00:04,12655) sshd: root@pts/1
(root,22708,5336,00:00:00,12672) -bash
(root,0,0,00:00:10,13046) [kworker/3:0]
(mysql,1509604,687140,02:18:28,14258) /usr/sbin/mysqld
(root,0,0,00:00:01,17650) [kworker/0:1]
(root,0,0,00:00:00,18262) [loop2]
(www-data,538012,27088,00:00:00,20618) /usr/sbin/apache2 -k start
(www-data,537780,26868,00:00:00,20620) /usr/sbin/apache2 -k start
(www-data,537488,22780,00:00:00,20621) /usr/sbin/apache2 -k start
(www-data,537436,20176,00:00:00,20622) /usr/sbin/apache2 -k start
(www-data,537308,18756,00:00:00,20623) /usr/sbin/apache2 -k start
(www-data,537260,14908,00:00:00,20686) /usr/sbin/apache2 -k start
(www-data,537436,19492,00:00:00,21918) /usr/sbin/apache2 -k start
(root,0,0,00:00:00,22223) [kworker/4:1]
(root,0,0,00:00:00,23176) [kworker/4:0]
(root,0,0,00:00:01,24502) [kworker/1:2]
(root,0,0,00:00:00,25079) [loop3]
(root,0,0,00:00:00,25227) [bioset]
(root,0,0,00:00:00,25229) [loop9]
(root,0,0,00:00:00,25240) [loop5]
(root,0,0,00:00:00,25246) [kworker/u12:2]
(root,0,0,00:00:00,25700) [kworker/2:2]
(www-data,537308,21076,00:00:00,26276) /usr/sbin/apache2 -k start
(www-data,537308,20736,00:00:00,26283) /usr/sbin/apache2 -k start
(www-data,537360,22900,00:00:00,26290) /usr/sbin/apache2 -k start
(root,0,0,00:00:10,26615) [kworker/u12:1]
(root,0,0,00:00:00,26858) [kworker/2:0]
(root,336740,62484,00:00:47,27108) /usr/bin/python3 /usr/bin/fail2ban-server -s /var/run/fail2ban/fail2ban.sock -p /var/run/fail2ban/fail2ban.pid -x -b
(root,0,0,00:00:00,27984) [kworker/1:0]
(root,0,0,00:00:00,29147) [kworker/3:1]
(root,0,0,00:00:00,29323) [kworker/5:0]
(root,0,0,00:00:00,29390) [kworker/0:2]
(root,0,0,00:00:00,29583) [kworker/0:0]
(root,0,0,00:00:00,29769) [kworker/4:2]
(root,20896,3372,00:00:00,29830) /bin/bash /usr/bin/check_mk_agent
(root,36628,2840,00:00:00,29836) ps ax -o user,vsz,rss,cputime,pid,command --columns 10000
(root,13204,956,00:00:00,29837) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4,\5) /
(root,99352,6872,00:00:12,30595) sshd: root@pts/2
(root,22696,4296,00:00:00,30601) -bash
(root,0,0,00:00:02,30711) [kworker/5:2]
(root,99352,6972,00:04:40,32228) sshd: root@pts/0
(root,56536,6060,00:00:00,32230) /lib/systemd/systemd --user
(root,232396,1720,00:00:00,32231) (sd-pam)
(root,22800,5500,00:00:00,32237) -bash

Found on 2024-11-23 23:25

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbdb152c97192c0d284810ab27e16e94ce2039d0bf

Found public CheckMk agent:
Version: 1.2.6b5
AgentOS: linux
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local

Found process list through CheckMk:
(root,204812,6820,00:02:06,1) /sbin/init
(root,0,0,00:00:01,2) [kthreadd]
(root,0,0,00:00:00,4) [kworker/0:0H]
(root,0,0,00:02:30,6) [kworker/0:1H]
(root,0,0,00:00:02,7) [ksoftirqd/0]
(root,0,0,00:53:17,8) [rcu_sched]
(root,0,0,00:00:00,9) [rcu_bh]
(root,0,0,00:00:01,10) [migration/0]
(root,0,0,00:00:00,11) [lru-add-drain]
(root,0,0,00:00:12,12) [watchdog/0]
(root,0,0,00:00:00,13) [cpuhp/0]
(root,0,0,00:00:00,14) [cpuhp/1]
(root,0,0,00:00:12,15) [watchdog/1]
(root,0,0,00:00:01,16) [migration/1]
(root,0,0,00:00:11,17) [ksoftirqd/1]
(root,0,0,00:00:00,19) [kworker/1:0H]
(root,0,0,00:00:00,20) [cpuhp/2]
(root,0,0,00:00:12,21) [watchdog/2]
(root,0,0,00:00:01,22) [migration/2]
(root,0,0,00:00:01,23) [ksoftirqd/2]
(root,0,0,00:00:00,25) [kworker/2:0H]
(root,0,0,00:00:00,26) [cpuhp/3]
(root,0,0,00:00:12,27) [watchdog/3]
(root,0,0,00:00:01,28) [migration/3]
(root,0,0,00:01:38,29) [ksoftirqd/3]
(root,0,0,00:00:00,31) [kworker/3:0H]
(root,0,0,00:00:00,32) [cpuhp/4]
(root,0,0,00:00:13,33) [watchdog/4]
(root,0,0,00:00:01,34) [migration/4]
(root,0,0,00:00:02,35) [ksoftirqd/4]
(root,0,0,00:00:00,37) [kworker/4:0H]
(root,0,0,00:00:00,38) [cpuhp/5]
(root,0,0,00:00:12,39) [watchdog/5]
(root,0,0,00:00:01,40) [migration/5]
(root,0,0,00:00:02,41) [ksoftirqd/5]
(root,0,0,00:00:00,43) [kworker/5:0H]
(root,0,0,00:00:00,44) [kdevtmpfs]
(root,0,0,00:00:00,45) [netns]
(root,0,0,00:00:04,46) [khungtaskd]
(root,0,0,00:00:00,47) [oom_reaper]
(root,0,0,00:00:00,48) [writeback]
(root,0,0,00:00:00,49) [kcompactd0]
(root,0,0,00:00:00,51) [ksmd]
(root,0,0,00:00:00,52) [khugepaged]
(root,0,0,00:00:00,53) [crypto]
(root,0,0,00:00:00,54) [kintegrityd]
(root,0,0,00:00:00,55) [bioset]
(root,0,0,00:00:00,56) [kblockd]
(root,0,0,00:00:00,57) [devfreq_wq]
(root,0,0,00:00:00,58) [watchdogd]
(root,0,0,00:00:38,59) [kswapd0]
(root,0,0,00:00:00,60) [vmstat]
(root,0,0,00:00:00,72) [kthrotld]
(root,0,0,00:00:00,73) [ipv6_addrconf]
(root,0,0,00:00:00,109) [mpt_poll_0]
(root,0,0,00:00:00,110) [mpt/0]
(root,0,0,00:00:00,111) [ata_sff]
(root,0,0,00:00:00,147) [scsi_eh_0]
(root,0,0,00:00:00,148) [scsi_tmf_0]
(root,0,0,00:00:00,149) [bioset]
(root,0,0,00:00:00,150) [scsi_eh_1]
(root,0,0,00:00:00,152) [scsi_tmf_1]
(root,0,0,00:00:00,153) [scsi_eh_2]
(root,0,0,00:00:00,154) [scsi_tmf_2]
(root,0,0,00:00:00,171) [bioset]
(root,0,0,00:02:21,174) [kworker/5:1H]
(root,0,0,00:07:16,176) [kworker/1:1H]
(root,0,0,00:02:34,177) [kworker/4:1H]
(root,0,0,00:00:00,203) [kworker/u13:0]
(root,0,0,00:03:09,212) [kworker/2:1H]
(root,0,0,00:37:41,214) [jbd2/sda3-8]
(root,0,0,00:00:00,215) [ext4-rsv-conver]
(root,0,0,00:05:51,237) [kworker/3:1H]
(root,135004,7940,01:13:55,241) /usr/bin/vmtoolsd
(root,0,0,00:00:00,242) [kauditd]
(root,70776,13784,00:37:36,253) /lib/systemd/systemd-journald
(root,47384,3124,00:00:08,305) /lib/systemd/systemd-udevd
(root,0,0,00:00:00,308) [bioset]
(root,0,0,00:00:00,309) [bioset]
(root,0,0,00:00:00,310) [bioset]
(root,0,0,00:00:00,311) [bioset]
(root,0,0,00:00:00,312) [bioset]
(root,0,0,00:00:00,313) [bioset]
(root,0,0,00:00:00,314) [bioset]
(root,0,0,00:00:00,315) [bioset]
(root,0,0,00:00:00,324) [loop4]
(root,0,0,00:00:00,329) [loop7]
(root,0,0,00:00:00,362) [ttm_swap]
(root,0,0,00:00:00,604) [jbd2/sda1-8]
(root,0,0,00:00:00,605) [ext4-rsv-conver]
(systemd+,127284,4096,00:00:13,621) /lib/systemd/systemd-timesyncd
(root,30876,2824,00:00:14,643) /usr/sbin/cron -f
(root,35912,3264,00:03:55,644) /usr/sbin/irqbalance --foreground
(root,153692,12660,00:00:00,645) /usr/bin/VGAuthService
(root,46668,4924,00:00:16,646) /lib/systemd/systemd-logind
(message+,45124,3684,00:00:19,647) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation
(root,1300372,23772,00:06:07,656) /usr/lib/snapd/snapd
(root,58340,3328,00:00:04,863) lldpd: monitor.
(root,15740,1480,00:00:00,865) /sbin/agetty --noclear tty1 linux
(_lldpd,58340,2188,00:00:44,911) lldpd: connected to SW_CORE_01.
(root,69956,6308,00:00:22,941) /usr/sbin/sshd -D
(root,0,0,00:00:00,951) [bioset]
(root,7080,708,00:00:26,961) tail -f ./ blokady.log
(root,536952,38828,00:04:03,1135) /usr/sbin/apache2 -k start
(root,82324,3784,00:03:21,1371) sendmail: MTA: accepting connections
(www-data,537244,14064,00:00:00,2233) /usr/sbin/apache2 -k start
(www-data,537052,14196,00:00:00,2234) /usr/sbin/apache2 -k start
(www-data,537244,14204,00:00:00,2235) /usr/sbin/apache2 -k start
(www-data,537052,14212,00:00:00,2256) /usr/sbin/apache2 -k start
(www-data,537244,14220,00:00:00,2257) /usr/sbin/apache2 -k start
(root,0,0,00:00:00,3685) [loop8]
(root,0,0,00:00:00,4042) [loop0]
(root,54272,8676,00:00:00,6797) mc
(root,21168,3788,00:00:00,6799) bash -rcfile .bashrc
(root,553760,5156,00:01:08,6847) /usr/sbin/rsyslogd -n
(root,318164,9232,00:00:31,7053) /usr/lib/packagekit/packagekitd
(root,286116,4976,00:00:18,7057) /usr/lib/policykit-1/polkitd --no-debug
(www-data,537244,14180,00:00:00,7077) /usr/sbin/apache2 -k start
(www-data,537052,14212,00:00:00,7078) /usr/sbin/apache2 -k start
(www-data,537244,14184,00:00:00,7079) /usr/sbin/apache2 -k start
(root,0,0,00:00:00,7771) [kworker/4:2]
(freerad,2370452,67452,05:11:57,7832) /usr/sbin/freeradius
(www-data,542992,39944,00:00:00,7911) /usr/sbin/apache2 -k start
(root,0,0,00:00:00,9965) [loop6]
(root,0,0,00:00:00,10946) [kworker/4:0]
(root,0,0,00:00:01,11274) [kworker/3:0]
(root,0,0,00:00:00,11831) [kworker/0:0]
(root,0,0,00:00:00,12334) [loop1]
(root,99352,6920,00:00:03,12655) sshd: root@pts/1
(root,22708,5336,00:00:00,12672) -bash
(www-data,540360,29072,00:00:00,13158) /usr/sbin/apache2 -k start
(mysql,1505508,684716,01:28:31,14258) /usr/sbin/mysqld
(root,0,0,00:00:01,14327) [kworker/3:1]
(root,0,0,00:00:01,14560) [kworker/1:2]
(root,0,0,00:00:00,14957) [kworker/5:0]
(root,0,0,00:00:00,16104) [kworker/5:2]
(root,0,0,00:00:15,16383) [kworker/1:1]
(root,0,0,00:00:00,16980) [kworker/0:1]
(root,0,0,00:00:00,17275) [kworker/3:2]
(root,0,0,00:00:00,17338) [kworker/0:2]
(root,20896,3304,00:00:00,17460) /bin/bash /usr/bin/check_mk_agent
(root,20896,3400,00:00:00,17463) /bin/bash /usr/bin/check_mk_agent
(root,20896,3292,00:00:00,17490) /bin/bash /usr/bin/check_mk_agent
(root,20896,1764,00:00:00,17491) /bin/bash /usr/bin/check_mk_agent
(root,20896,1828,00:00:00,17493) /bin/bash /usr/bin/check_mk_agent
(root,176,4,00:00:00,17494) [cut]
(root,22948,788,00:00:00,17495) sort
(root,176,4,00:00:00,17497) [cut]
(root,22948,820,00:00:00,17498) sort
(root,36628,2836,00:00:00,17504) ps ax -o user,vsz,rss,cputime,pid,command --columns 10000
(root,13204,956,00:00:00,17505) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4,\5) /
(root,0,0,00:00:00,18262) [loop2]
(root,0,0,00:00:01,18566) [kworker/2:1]
(root,0,0,00:00:00,25079) [loop3]
(root,0,0,00:00:00,25227) [bioset]
(root,0,0,00:00:00,25229) [loop9]
(root,0,0,00:00:04,26615) [kworker/u12:1]
(root,0,0,00:00:00,26969) [kworker/u12:0]
(root,336740,62484,00:00:22,27108) /usr/bin/python3 /usr/bin/fail2ban-server -s /var/run/fail2ban/fail2ban.sock -p /var/run/fail2ban/fail2ban.pid -x -b
(root,0,0,00:00:02,29708) [kworker/2:2]
(root,99352,6872,00:00:11,30595) sshd: root@pts/2
(root,22696,4296,00:00:00,30601) -bash
(root,99352,6972,00:04:38,32228) sshd: root@pts/0
(root,56536,6060,00:00:00,32230) /lib/systemd/systemd --user
(root,232396,1720,00:00:00,32231) (sd-pam)
(root,22800,5500,00:00:00,32237) -bash

Found on 2024-11-21 23:43

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbdb152c97192c0d284810ab27e16e94ce72ceb412

Found public CheckMk agent:
Version: 1.2.6b5
AgentOS: linux
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local

Found process list through CheckMk:
(root,204812,6820,00:02:03,1) /sbin/init
(root,0,0,00:00:01,2) [kthreadd]
(root,0,0,00:00:00,4) [kworker/0:0H]
(root,0,0,00:02:25,6) [kworker/0:1H]
(root,0,0,00:00:02,7) [ksoftirqd/0]
(root,0,0,00:52:02,8) [rcu_sched]
(root,0,0,00:00:00,9) [rcu_bh]
(root,0,0,00:00:01,10) [migration/0]
(root,0,0,00:00:00,11) [lru-add-drain]
(root,0,0,00:00:12,12) [watchdog/0]
(root,0,0,00:00:00,13) [cpuhp/0]
(root,0,0,00:00:00,14) [cpuhp/1]
(root,0,0,00:00:11,15) [watchdog/1]
(root,0,0,00:00:01,16) [migration/1]
(root,0,0,00:00:11,17) [ksoftirqd/1]
(root,0,0,00:00:00,19) [kworker/1:0H]
(root,0,0,00:00:00,20) [cpuhp/2]
(root,0,0,00:00:11,21) [watchdog/2]
(root,0,0,00:00:01,22) [migration/2]
(root,0,0,00:00:01,23) [ksoftirqd/2]
(root,0,0,00:00:00,25) [kworker/2:0H]
(root,0,0,00:00:00,26) [cpuhp/3]
(root,0,0,00:00:11,27) [watchdog/3]
(root,0,0,00:00:01,28) [migration/3]
(root,0,0,00:01:36,29) [ksoftirqd/3]
(root,0,0,00:00:00,31) [kworker/3:0H]
(root,0,0,00:00:00,32) [cpuhp/4]
(root,0,0,00:00:13,33) [watchdog/4]
(root,0,0,00:00:01,34) [migration/4]
(root,0,0,00:00:02,35) [ksoftirqd/4]
(root,0,0,00:00:00,37) [kworker/4:0H]
(root,0,0,00:00:00,38) [cpuhp/5]
(root,0,0,00:00:12,39) [watchdog/5]
(root,0,0,00:00:01,40) [migration/5]
(root,0,0,00:00:02,41) [ksoftirqd/5]
(root,0,0,00:00:00,43) [kworker/5:0H]
(root,0,0,00:00:00,44) [kdevtmpfs]
(root,0,0,00:00:00,45) [netns]
(root,0,0,00:00:03,46) [khungtaskd]
(root,0,0,00:00:00,47) [oom_reaper]
(root,0,0,00:00:00,48) [writeback]
(root,0,0,00:00:00,49) [kcompactd0]
(root,0,0,00:00:00,51) [ksmd]
(root,0,0,00:00:00,52) [khugepaged]
(root,0,0,00:00:00,53) [crypto]
(root,0,0,00:00:00,54) [kintegrityd]
(root,0,0,00:00:00,55) [bioset]
(root,0,0,00:00:00,56) [kblockd]
(root,0,0,00:00:00,57) [devfreq_wq]
(root,0,0,00:00:00,58) [watchdogd]
(root,0,0,00:00:36,59) [kswapd0]
(root,0,0,00:00:00,60) [vmstat]
(root,0,0,00:00:00,72) [kthrotld]
(root,0,0,00:00:00,73) [ipv6_addrconf]
(root,0,0,00:00:00,109) [mpt_poll_0]
(root,0,0,00:00:00,110) [mpt/0]
(root,0,0,00:00:00,111) [ata_sff]
(root,0,0,00:00:00,147) [scsi_eh_0]
(root,0,0,00:00:00,148) [scsi_tmf_0]
(root,0,0,00:00:00,149) [bioset]
(root,0,0,00:00:00,150) [scsi_eh_1]
(root,0,0,00:00:00,152) [scsi_tmf_1]
(root,0,0,00:00:00,153) [scsi_eh_2]
(root,0,0,00:00:00,154) [scsi_tmf_2]
(root,0,0,00:00:00,171) [bioset]
(root,0,0,00:02:15,174) [kworker/5:1H]
(root,0,0,00:07:05,176) [kworker/1:1H]
(root,0,0,00:02:28,177) [kworker/4:1H]
(root,0,0,00:00:00,203) [kworker/u13:0]
(root,0,0,00:03:02,212) [kworker/2:1H]
(root,0,0,00:36:29,214) [jbd2/sda3-8]
(root,0,0,00:00:00,215) [ext4-rsv-conver]
(root,0,0,00:05:41,237) [kworker/3:1H]
(root,135004,8080,01:12:01,241) /usr/bin/vmtoolsd
(root,0,0,00:00:00,242) [kauditd]
(root,70776,12120,00:37:33,253) /lib/systemd/systemd-journald
(root,47384,3124,00:00:08,305) /lib/systemd/systemd-udevd
(root,0,0,00:00:00,308) [bioset]
(root,0,0,00:00:00,309) [bioset]
(root,0,0,00:00:00,310) [bioset]
(root,0,0,00:00:00,311) [bioset]
(root,0,0,00:00:00,312) [bioset]
(root,0,0,00:00:00,313) [bioset]
(root,0,0,00:00:00,314) [bioset]
(root,0,0,00:00:00,315) [bioset]
(root,0,0,00:00:00,324) [loop4]
(root,0,0,00:00:00,329) [loop7]
(root,0,0,00:00:00,362) [ttm_swap]
(root,0,0,00:00:00,604) [jbd2/sda1-8]
(root,0,0,00:00:00,605) [ext4-rsv-conver]
(systemd+,127284,4096,00:00:12,621) /lib/systemd/systemd-timesyncd
(root,30876,2824,00:00:14,643) /usr/sbin/cron -f
(root,35912,3264,00:03:49,644) /usr/sbin/irqbalance --foreground
(root,153692,12660,00:00:00,645) /usr/bin/VGAuthService
(root,46668,4924,00:00:16,646) /lib/systemd/systemd-logind
(message+,45124,3684,00:00:18,647) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation
(root,1300372,24084,00:05:58,656) /usr/lib/snapd/snapd
(root,58340,3328,00:00:04,863) lldpd: monitor.
(root,15740,1480,00:00:00,865) /sbin/agetty --noclear tty1 linux
(_lldpd,58340,2188,00:00:43,911) lldpd: connected to SW_CORE_01.
(root,69956,6308,00:00:22,941) /usr/sbin/sshd -D
(root,0,0,00:00:00,951) [bioset]
(root,7080,708,00:00:21,961) tail -f ./ blokady.log
(root,0,0,00:00:00,1077) [kworker/2:0]
(root,0,0,00:00:00,1078) [kworker/5:0]
(root,321460,49552,00:17:42,1100) /usr/bin/python3 /usr/bin/fail2ban-server -s /var/run/fail2ban/fail2ban.sock -p /var/run/fail2ban/fail2ban.pid -x -b
(root,536952,38828,00:03:57,1135) /usr/sbin/apache2 -k start
(root,82324,3784,00:03:15,1371) sendmail: MTA: accepting connections
(www-data,537980,26712,00:00:00,2143) /usr/sbin/apache2 -k start
(root,0,0,00:00:00,2950) [kworker/3:0]
(root,0,0,00:00:05,3539) [kworker/1:0]
(root,0,0,00:00:00,3685) [loop8]
(root,0,0,00:00:00,4042) [loop0]
(root,0,0,00:00:00,4105) [kworker/3:1]
(root,0,0,00:00:00,5740) [kworker/0:2]
(root,0,0,00:00:00,5901) [kworker/0:1]
(root,0,0,00:00:00,6014) [kworker/4:2]
(root,20896,3400,00:00:00,6078) /bin/bash /usr/bin/check_mk_agent
(root,36628,2840,00:00:00,6084) ps ax -o user,vsz,rss,cputime,pid,command --columns 10000
(root,13204,960,00:00:00,6085) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4,\5) /
(root,54272,8676,00:00:00,6797) mc
(root,21168,3788,00:00:00,6799) bash -rcfile .bashrc
(root,553760,5044,00:01:03,6847) /usr/sbin/rsyslogd -n
(root,318164,11656,00:00:31,7053) /usr/lib/packagekit/packagekitd
(root,286116,6208,00:00:17,7057) /usr/lib/policykit-1/polkitd --no-debug
(root,0,0,00:00:00,7198) [kworker/4:1]
(freerad,2386844,64464,04:50:36,7832) /usr/sbin/freeradius
(www-data,537964,26464,00:00:00,9530) /usr/sbin/apache2 -k start
(root,0,0,00:00:00,9965) [loop6]
(root,0,0,00:00:02,10503) [kworker/4:0]
(root,0,0,00:00:00,12334) [loop1]
(root,99352,6920,00:00:02,12655) sshd: root@pts/1
(root,22708,5400,00:00:00,12672) -bash
(root,99352,6864,00:00:02,12977) sshd: root@pts/4
(root,22532,5224,00:00:00,12986) -bash
(root,54216,8284,00:00:01,13291) mc
(root,21168,3792,00:00:00,13293) bash -rcfile .bashrc
(root,0,0,00:00:12,13873) [kworker/1:2]
(mysql,1492620,674608,00:39:26,14258) /usr/sbin/mysqld
(root,7080,736,00:00:00,14921) tail -f /var/log/mysql/error.log
(root,0,0,00:00:00,18262) [loop2]
(root,0,0,00:00:01,20548) [kworker/2:1]
(www-data,537388,14708,00:00:00,22140) /usr/sbin/apache2 -k start
(www-data,537244,14184,00:00:00,22141) /usr/sbin/apache2 -k start
(root,0,0,00:00:00,25079) [loop3]
(root,0,0,00:00:00,25227) [bioset]
(root,0,0,00:00:00,25229) [loop9]
(root,0,0,00:00:00,26615) [kworker/u12:1]
(root,0,0,00:00:01,28159) [kworker/u12:2]
(www-data,538596,27284,00:00:00,28741) /usr/sbin/apache2 -k start
(www-data,537980,26668,00:00:00,28742) /usr/sbin/apache2 -k start
(www-data,537980,26704,00:00:01,28743) /usr/sbin/apache2 -k start
(www-data,537816,26744,00:00:00,28744) /usr/sbin/apache2 -k start
(www-data,537988,26972,00:00:00,28745) /usr/sbin/apache2 -k start
(www-data,538644,27756,00:00:00,28969) /usr/sbin/apache2 -k start
(root,99352,6872,00:00:10,30595) sshd: root@pts/2
(root,22696,4296,00:00:00,30601) -bash
(root,0,0,00:00:00,31793) [kworker/5:1]
(root,0,0,00:00:00,31985) [kworker/0:0]
(root,99352,6972,00:04:37,32228) sshd: root@pts/0
(root,56536,6060,00:00:00,32230) /lib/systemd/systemd --user
(root,232396,1720,00:00:00,32231) (sd-pam)
(root,22800,5548,00:00:00,32237) -bash

Found on 2024-11-20 00:03

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbdb152c97192c0d284810ab27e16e94cee3f22fd2

Found public CheckMk agent:
Version: 1.2.6b5
AgentOS: linux
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local

Found process list through CheckMk:
(root,204812,6820,00:02:00,1) /sbin/init
(root,0,0,00:00:01,2) [kthreadd]
(root,0,0,00:00:00,4) [kworker/0:0H]
(root,0,0,00:02:18,6) [kworker/0:1H]
(root,0,0,00:00:02,7) [ksoftirqd/0]
(root,0,0,00:50:58,8) [rcu_sched]
(root,0,0,00:00:00,9) [rcu_bh]
(root,0,0,00:00:01,10) [migration/0]
(root,0,0,00:00:00,11) [lru-add-drain]
(root,0,0,00:00:12,12) [watchdog/0]
(root,0,0,00:00:00,13) [cpuhp/0]
(root,0,0,00:00:00,14) [cpuhp/1]
(root,0,0,00:00:11,15) [watchdog/1]
(root,0,0,00:00:01,16) [migration/1]
(root,0,0,00:00:11,17) [ksoftirqd/1]
(root,0,0,00:00:00,19) [kworker/1:0H]
(root,0,0,00:00:00,20) [cpuhp/2]
(root,0,0,00:00:11,21) [watchdog/2]
(root,0,0,00:00:01,22) [migration/2]
(root,0,0,00:00:01,23) [ksoftirqd/2]
(root,0,0,00:00:00,25) [kworker/2:0H]
(root,0,0,00:00:00,26) [cpuhp/3]
(root,0,0,00:00:11,27) [watchdog/3]
(root,0,0,00:00:01,28) [migration/3]
(root,0,0,00:01:33,29) [ksoftirqd/3]
(root,0,0,00:00:00,31) [kworker/3:0H]
(root,0,0,00:00:00,32) [cpuhp/4]
(root,0,0,00:00:12,33) [watchdog/4]
(root,0,0,00:00:01,34) [migration/4]
(root,0,0,00:00:02,35) [ksoftirqd/4]
(root,0,0,00:00:00,37) [kworker/4:0H]
(root,0,0,00:00:00,38) [cpuhp/5]
(root,0,0,00:00:12,39) [watchdog/5]
(root,0,0,00:00:01,40) [migration/5]
(root,0,0,00:00:02,41) [ksoftirqd/5]
(root,0,0,00:00:00,43) [kworker/5:0H]
(root,0,0,00:00:00,44) [kdevtmpfs]
(root,0,0,00:00:00,45) [netns]
(root,0,0,00:00:03,46) [khungtaskd]
(root,0,0,00:00:00,47) [oom_reaper]
(root,0,0,00:00:00,48) [writeback]
(root,0,0,00:00:00,49) [kcompactd0]
(root,0,0,00:00:00,51) [ksmd]
(root,0,0,00:00:00,52) [khugepaged]
(root,0,0,00:00:00,53) [crypto]
(root,0,0,00:00:00,54) [kintegrityd]
(root,0,0,00:00:00,55) [bioset]
(root,0,0,00:00:00,56) [kblockd]
(root,0,0,00:00:00,57) [devfreq_wq]
(root,0,0,00:00:00,58) [watchdogd]
(root,0,0,00:00:34,59) [kswapd0]
(root,0,0,00:00:00,60) [vmstat]
(root,0,0,00:00:00,72) [kthrotld]
(root,0,0,00:00:00,73) [ipv6_addrconf]
(root,0,0,00:00:00,109) [mpt_poll_0]
(root,0,0,00:00:00,110) [mpt/0]
(root,0,0,00:00:00,111) [ata_sff]
(root,0,0,00:00:00,147) [scsi_eh_0]
(root,0,0,00:00:00,148) [scsi_tmf_0]
(root,0,0,00:00:00,149) [bioset]
(root,0,0,00:00:00,150) [scsi_eh_1]
(root,0,0,00:00:00,152) [scsi_tmf_1]
(root,0,0,00:00:00,153) [scsi_eh_2]
(root,0,0,00:00:00,154) [scsi_tmf_2]
(root,0,0,00:00:00,171) [bioset]
(root,0,0,00:02:09,174) [kworker/5:1H]
(root,0,0,00:06:53,176) [kworker/1:1H]
(root,0,0,00:02:22,177) [kworker/4:1H]
(root,0,0,00:00:00,203) [kworker/u13:0]
(root,0,0,00:02:55,212) [kworker/2:1H]
(root,0,0,00:35:16,214) [jbd2/sda3-8]
(root,0,0,00:00:00,215) [ext4-rsv-conver]
(root,0,0,00:05:31,237) [kworker/3:1H]
(root,135004,8204,01:10:06,241) /usr/bin/vmtoolsd
(root,0,0,00:00:00,242) [kauditd]
(root,70776,10416,00:37:31,253) /lib/systemd/systemd-journald
(root,47384,3124,00:00:08,305) /lib/systemd/systemd-udevd
(root,0,0,00:00:00,308) [bioset]
(root,0,0,00:00:00,309) [bioset]
(root,0,0,00:00:00,310) [bioset]
(root,0,0,00:00:00,311) [bioset]
(root,0,0,00:00:00,312) [bioset]
(root,0,0,00:00:00,313) [bioset]
(root,0,0,00:00:00,314) [bioset]
(root,0,0,00:00:00,315) [bioset]
(root,0,0,00:00:00,324) [loop4]
(root,0,0,00:00:00,329) [loop7]
(root,0,0,00:00:00,362) [ttm_swap]
(root,0,0,00:00:00,604) [jbd2/sda1-8]
(root,0,0,00:00:00,605) [ext4-rsv-conver]
(systemd+,127284,4096,00:00:12,621) /lib/systemd/systemd-timesyncd
(root,30876,2824,00:00:13,643) /usr/sbin/cron -f
(root,35912,3264,00:03:43,644) /usr/sbin/irqbalance --foreground
(root,153692,12660,00:00:00,645) /usr/bin/VGAuthService
(root,46668,4924,00:00:16,646) /lib/systemd/systemd-logind
(message+,45124,3712,00:00:18,647) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation
(root,1300372,23956,00:05:48,656) /usr/lib/snapd/snapd
(root,58340,3328,00:00:04,863) lldpd: monitor.
(root,15740,1480,00:00:00,865) /sbin/agetty --noclear tty1 linux
(_lldpd,58340,2188,00:00:42,911) lldpd: connected to SW_CORE_01.
(root,69956,6308,00:00:22,941) /usr/sbin/sshd -D
(root,0,0,00:00:00,951) [bioset]
(root,7080,708,00:00:15,961) tail -f ./ blokady.log
(root,321460,49552,00:17:17,1100) /usr/bin/python3 /usr/bin/fail2ban-server -s /var/run/fail2ban/fail2ban.sock -p /var/run/fail2ban/fail2ban.pid -x -b
(root,536952,38644,00:03:50,1135) /usr/sbin/apache2 -k start
(root,82324,3784,00:03:10,1371) sendmail: MTA: accepting connections
(root,54104,7312,00:01:39,2126) mc
(root,21236,2988,00:00:00,2128) bash -rcfile .bashrc
(root,0,0,00:00:00,3685) [loop8]
(root,0,0,00:00:00,4042) [loop0]
(root,54272,8676,00:00:00,6797) mc
(root,21168,3788,00:00:00,6799) bash -rcfile .bashrc
(root,553760,5044,00:00:57,6847) /usr/sbin/rsyslogd -n
(root,318164,11656,00:00:30,7053) /usr/lib/packagekit/packagekitd
(root,286116,6208,00:00:17,7057) /usr/lib/policykit-1/polkitd --no-debug
(freerad,2419628,61772,04:29:41,7832) /usr/sbin/freeradius
(root,26872,4952,03:30:51,8257) htop
(root,0,0,00:00:09,8858) [kworker/1:2]
(mysql,1966764,694508,17:45:01,8877) /usr/sbin/mysqld
(root,0,0,00:00:00,9965) [loop6]
(root,0,0,00:00:00,10031) [kworker/5:1]
(root,0,0,00:00:01,11126) [kworker/5:0]
(root,0,0,00:00:00,12334) [loop1]
(root,0,0,00:00:00,14690) [kworker/u12:1]
(root,0,0,00:00:00,16632) [kworker/u12:2]
(www-data,537244,14748,00:00:00,17237) /usr/sbin/apache2 -k start
(www-data,542576,33144,00:00:00,17238) /usr/sbin/apache2 -k start
(www-data,537436,19412,00:00:00,17239) /usr/sbin/apache2 -k start
(www-data,537244,14740,00:00:00,17240) /usr/sbin/apache2 -k start
(www-data,542636,34032,00:00:00,17241) /usr/sbin/apache2 -k start
(www-data,537244,14744,00:00:00,17642) /usr/sbin/apache2 -k start
(root,0,0,00:00:00,18262) [loop2]
(root,0,0,00:00:00,19981) [kworker/2:1]
(root,0,0,00:00:00,21074) [kworker/2:2]
(www-data,537252,20576,00:00:00,21592) /usr/sbin/apache2 -k start
(root,0,0,00:00:00,23280) [kworker/3:0]
(root,0,0,00:00:00,24446) [kworker/0:0]
(root,0,0,00:00:00,25079) [loop3]
(root,0,0,00:00:00,25227) [bioset]
(root,0,0,00:00:00,25229) [loop9]
(root,0,0,00:00:00,25733) [kworker/4:2]
(root,0,0,00:00:00,25795) [kworker/0:2]
(root,0,0,00:00:00,25966) [kworker/3:2]
(root,0,0,00:00:00,25970) [kworker/4:1]
(root,0,0,00:00:00,26006) [kworker/0:1]
(root,20900,3404,00:00:00,26205) /bin/bash /usr/bin/check_mk_agent
(root,20896,3284,00:00:00,26268) /bin/bash /usr/bin/check_mk_agent
(root,18004,2932,00:00:00,26276) bash ./freeradius.sh
(root,36628,2820,00:00:00,26277) ps ax -o user,vsz,rss,cputime,pid,command --columns 10000
(root,13204,976,00:00:00,26278) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4,\5) /
(root,99352,6872,00:00:09,30595) sshd: root@pts/2
(root,22696,4296,00:00:00,30601) -bash
(root,0,0,00:00:05,30957) [kworker/1:1]
(root,99352,6972,00:04:34,32228) sshd: root@pts/0
(root,56536,6060,00:00:00,32230) /lib/systemd/systemd --user
(root,232396,1720,00:00:00,32231) (sd-pam)
(root,22736,4532,00:00:00,32237) -bash

Found on 2024-11-18 00:01

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbdb152c97192c0d284810ab27e16e94ce40d1ec0a

Found public CheckMk agent:
Version: 1.2.6b5
AgentOS: linux
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local

Found process list through CheckMk:
(root,204812,6820,00:01:58,1) /sbin/init
(root,0,0,00:00:01,2) [kthreadd]
(root,0,0,00:00:00,4) [kworker/0:0H]
(root,0,0,00:02:12,6) [kworker/0:1H]
(root,0,0,00:00:01,7) [ksoftirqd/0]
(root,0,0,00:49:38,8) [rcu_sched]
(root,0,0,00:00:00,9) [rcu_bh]
(root,0,0,00:00:01,10) [migration/0]
(root,0,0,00:00:00,11) [lru-add-drain]
(root,0,0,00:00:11,12) [watchdog/0]
(root,0,0,00:00:00,13) [cpuhp/0]
(root,0,0,00:00:00,14) [cpuhp/1]
(root,0,0,00:00:11,15) [watchdog/1]
(root,0,0,00:00:01,16) [migration/1]
(root,0,0,00:00:11,17) [ksoftirqd/1]
(root,0,0,00:00:00,19) [kworker/1:0H]
(root,0,0,00:00:00,20) [cpuhp/2]
(root,0,0,00:00:11,21) [watchdog/2]
(root,0,0,00:00:01,22) [migration/2]
(root,0,0,00:00:01,23) [ksoftirqd/2]
(root,0,0,00:00:00,25) [kworker/2:0H]
(root,0,0,00:00:00,26) [cpuhp/3]
(root,0,0,00:00:11,27) [watchdog/3]
(root,0,0,00:00:01,28) [migration/3]
(root,0,0,00:01:30,29) [ksoftirqd/3]
(root,0,0,00:00:00,31) [kworker/3:0H]
(root,0,0,00:00:00,32) [cpuhp/4]
(root,0,0,00:00:12,33) [watchdog/4]
(root,0,0,00:00:01,34) [migration/4]
(root,0,0,00:00:01,35) [ksoftirqd/4]
(root,0,0,00:00:00,37) [kworker/4:0H]
(root,0,0,00:00:00,38) [cpuhp/5]
(root,0,0,00:00:11,39) [watchdog/5]
(root,0,0,00:00:01,40) [migration/5]
(root,0,0,00:00:02,41) [ksoftirqd/5]
(root,0,0,00:00:00,43) [kworker/5:0H]
(root,0,0,00:00:00,44) [kdevtmpfs]
(root,0,0,00:00:00,45) [netns]
(root,0,0,00:00:03,46) [khungtaskd]
(root,0,0,00:00:00,47) [oom_reaper]
(root,0,0,00:00:00,48) [writeback]
(root,0,0,00:00:00,49) [kcompactd0]
(root,0,0,00:00:00,51) [ksmd]
(root,0,0,00:00:00,52) [khugepaged]
(root,0,0,00:00:00,53) [crypto]
(root,0,0,00:00:00,54) [kintegrityd]
(root,0,0,00:00:00,55) [bioset]
(root,0,0,00:00:00,56) [kblockd]
(root,0,0,00:00:00,57) [devfreq_wq]
(root,0,0,00:00:00,58) [watchdogd]
(root,0,0,00:00:32,59) [kswapd0]
(root,0,0,00:00:00,60) [vmstat]
(root,0,0,00:00:00,72) [kthrotld]
(root,0,0,00:00:00,73) [ipv6_addrconf]
(root,0,0,00:00:00,109) [mpt_poll_0]
(root,0,0,00:00:00,110) [mpt/0]
(root,0,0,00:00:00,111) [ata_sff]
(root,0,0,00:00:00,147) [scsi_eh_0]
(root,0,0,00:00:00,148) [scsi_tmf_0]
(root,0,0,00:00:00,149) [bioset]
(root,0,0,00:00:00,150) [scsi_eh_1]
(root,0,0,00:00:00,152) [scsi_tmf_1]
(root,0,0,00:00:00,153) [scsi_eh_2]
(root,0,0,00:00:00,154) [scsi_tmf_2]
(root,0,0,00:00:00,171) [bioset]
(root,0,0,00:02:03,174) [kworker/5:1H]
(root,0,0,00:06:41,176) [kworker/1:1H]
(root,0,0,00:02:16,177) [kworker/4:1H]
(root,0,0,00:00:00,203) [kworker/u13:0]
(root,0,0,00:02:48,212) [kworker/2:1H]
(root,0,0,00:33:58,214) [jbd2/sda3-8]
(root,0,0,00:00:00,215) [ext4-rsv-conver]
(root,0,0,00:05:21,237) [kworker/3:1H]
(root,135004,8204,01:08:07,241) /usr/bin/vmtoolsd
(root,0,0,00:00:00,242) [kauditd]
(root,70776,14244,00:37:29,253) /lib/systemd/systemd-journald
(root,47384,3124,00:00:08,305) /lib/systemd/systemd-udevd
(root,0,0,00:00:00,308) [bioset]
(root,0,0,00:00:00,309) [bioset]
(root,0,0,00:00:00,310) [bioset]
(root,0,0,00:00:00,311) [bioset]
(root,0,0,00:00:00,312) [bioset]
(root,0,0,00:00:00,313) [bioset]
(root,0,0,00:00:00,314) [bioset]
(root,0,0,00:00:00,315) [bioset]
(root,0,0,00:00:00,324) [loop4]
(root,0,0,00:00:00,329) [loop7]
(root,0,0,00:00:00,362) [ttm_swap]
(root,0,0,00:00:00,604) [jbd2/sda1-8]
(root,0,0,00:00:00,605) [ext4-rsv-conver]
(systemd+,127284,4096,00:00:12,621) /lib/systemd/systemd-timesyncd
(root,30876,2824,00:00:13,643) /usr/sbin/cron -f
(root,35912,3264,00:03:36,644) /usr/sbin/irqbalance --foreground
(root,153692,12660,00:00:00,645) /usr/bin/VGAuthService
(root,46668,4924,00:00:15,646) /lib/systemd/systemd-logind
(message+,45124,3704,00:00:17,647) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation
(root,1300372,24060,00:05:38,656) /usr/lib/snapd/snapd
(root,58340,3328,00:00:04,863) lldpd: monitor.
(root,15740,1480,00:00:00,865) /sbin/agetty --noclear tty1 linux
(_lldpd,58340,2188,00:00:41,911) lldpd: connected to SW_CORE_01.
(root,69956,6308,00:00:22,941) /usr/sbin/sshd -D
(root,0,0,00:00:00,951) [bioset]
(root,7080,708,00:00:09,961) tail -f ./ blokady.log
(root,321460,49552,00:16:51,1100) /usr/bin/python3 /usr/bin/fail2ban-server -s /var/run/fail2ban/fail2ban.sock -p /var/run/fail2ban/fail2ban.pid -x -b
(root,536952,38828,00:03:44,1135) /usr/sbin/apache2 -k start
(root,82324,3784,00:03:05,1371) sendmail: MTA: accepting connections
(root,54104,7312,00:01:32,2126) mc
(root,21236,2988,00:00:00,2128) bash -rcfile .bashrc
(root,0,0,00:00:00,2445) [kworker/5:2]
(root,0,0,00:00:00,3685) [loop8]
(root,0,0,00:00:00,4042) [loop0]
(root,0,0,00:00:00,4335) [kworker/5:0]
(root,0,0,00:00:00,4447) [kworker/2:0]
(root,0,0,00:00:00,6012) [kworker/2:1]
(root,54272,8676,00:00:00,6797) mc
(root,21168,3788,00:00:00,6799) bash -rcfile .bashrc
(root,553760,5044,00:00:52,6847) /usr/sbin/rsyslogd -n
(root,318164,11656,00:00:29,7053) /usr/lib/packagekit/packagekitd
(root,286116,6208,00:00:16,7057) /usr/lib/policykit-1/polkitd --no-debug
(www-data,537952,26948,00:00:00,7159) /usr/sbin/apache2 -k start
(www-data,537972,26880,00:00:00,7161) /usr/sbin/apache2 -k start
(www-data,537844,27184,00:00:00,7162) /usr/sbin/apache2 -k start
(www-data,538360,27032,00:00:00,7163) /usr/sbin/apache2 -k start
(www-data,537956,26932,00:00:00,7330) /usr/sbin/apache2 -k start
(root,0,0,00:00:00,7583) [kworker/u12:2]
(freerad,2403236,58720,04:08:32,7832) /usr/sbin/freeradius
(root,26872,4952,03:16:43,8257) htop
(mysql,1966764,695728,16:55:33,8877) /usr/sbin/mysqld
(root,0,0,00:00:00,9965) [loop6]
(root,0,0,00:00:00,10431) [kworker/3:1]
(root,0,0,00:00:00,11297) [kworker/0:0]
(root,0,0,00:00:00,11514) [kworker/1:2]
(root,0,0,00:00:00,12304) [kworker/1:1]
(root,0,0,00:00:00,12334) [loop1]
(root,0,0,00:00:00,12711) [kworker/3:0]
(root,0,0,00:00:00,12833) [kworker/0:1]
(root,0,0,00:00:00,12987) [kworker/0:2]
(root,20896,3376,00:00:00,13170) /bin/bash /usr/bin/check_mk_agent
(root,20896,3296,00:00:00,13178) /bin/bash /usr/bin/check_mk_agent
(root,21568,792,00:00:00,13245) awk  /:/ { c[$4]++; } END { for (x in c) { print x, c[x]; } }
(root,20896,3296,00:00:00,13246) /bin/bash /usr/bin/check_mk_agent
(root,21568,760,00:00:00,13248) awk  /:/ { c[$4]++; } END { for (x in c) { print x, c[x]; } }
(root,36628,2856,00:00:00,13254) ps ax -o user,vsz,rss,cputime,pid,command --columns 10000
(root,13204,956,00:00:00,13255) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4,\5) /
(www-data,538360,26980,00:00:00,14136) /usr/sbin/apache2 -k start
(www-data,537952,26596,00:00:00,15410) /usr/sbin/apache2 -k start
(www-data,537840,26396,00:00:00,15411) /usr/sbin/apache2 -k start
(www-data,538352,26888,00:00:00,15412) /usr/sbin/apache2 -k start
(www-data,537956,26268,00:00:00,15413) /usr/sbin/apache2 -k start
(root,0,0,00:00:00,18262) [loop2]
(root,0,0,00:00:00,25079) [loop3]
(root,0,0,00:00:00,25227) [bioset]
(root,0,0,00:00:00,25229) [loop9]
(root,0,0,00:00:00,25807) [kworker/u12:0]
(root,0,0,00:00:00,26918) [kworker/4:1]
(root,99352,6872,00:00:08,30595) sshd: root@pts/2
(root,22696,4296,00:00:00,30601) -bash
(root,99352,6972,00:04:16,32228) sshd: root@pts/0
(root,56536,6060,00:00:00,32230) /lib/systemd/systemd --user
(root,232396,1720,00:00:00,32231) (sd-pam)
(root,22736,4532,00:00:00,32237) -bash
(root,0,0,00:00:00,32387) [kworker/4:0]

Found on 2024-11-15 22:23

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbdb152c97192c0d284810ab27e16e94ce4a3b8332

Found public CheckMk agent:
Version: 1.2.6b5
AgentOS: linux
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local

Found process list through CheckMk:
(root,204812,6820,00:01:55,1) /sbin/init
(root,0,0,00:00:01,2) [kthreadd]
(root,0,0,00:00:00,4) [kworker/0:0H]
(root,0,0,00:02:05,6) [kworker/0:1H]
(root,0,0,00:00:01,7) [ksoftirqd/0]
(root,0,0,00:48:16,8) [rcu_sched]
(root,0,0,00:00:00,9) [rcu_bh]
(root,0,0,00:00:01,10) [migration/0]
(root,0,0,00:00:00,11) [lru-add-drain]
(root,0,0,00:00:11,12) [watchdog/0]
(root,0,0,00:00:00,13) [cpuhp/0]
(root,0,0,00:00:00,14) [cpuhp/1]
(root,0,0,00:00:10,15) [watchdog/1]
(root,0,0,00:00:01,16) [migration/1]
(root,0,0,00:00:11,17) [ksoftirqd/1]
(root,0,0,00:00:00,19) [kworker/1:0H]
(root,0,0,00:00:00,20) [cpuhp/2]
(root,0,0,00:00:10,21) [watchdog/2]
(root,0,0,00:00:01,22) [migration/2]
(root,0,0,00:00:01,23) [ksoftirqd/2]
(root,0,0,00:00:00,25) [kworker/2:0H]
(root,0,0,00:00:00,26) [cpuhp/3]
(root,0,0,00:00:10,27) [watchdog/3]
(root,0,0,00:00:01,28) [migration/3]
(root,0,0,00:01:27,29) [ksoftirqd/3]
(root,0,0,00:00:00,31) [kworker/3:0H]
(root,0,0,00:00:00,32) [cpuhp/4]
(root,0,0,00:00:12,33) [watchdog/4]
(root,0,0,00:00:01,34) [migration/4]
(root,0,0,00:00:01,35) [ksoftirqd/4]
(root,0,0,00:00:00,37) [kworker/4:0H]
(root,0,0,00:00:00,38) [cpuhp/5]
(root,0,0,00:00:11,39) [watchdog/5]
(root,0,0,00:00:01,40) [migration/5]
(root,0,0,00:00:02,41) [ksoftirqd/5]
(root,0,0,00:00:00,43) [kworker/5:0H]
(root,0,0,00:00:00,44) [kdevtmpfs]
(root,0,0,00:00:00,45) [netns]
(root,0,0,00:00:03,46) [khungtaskd]
(root,0,0,00:00:00,47) [oom_reaper]
(root,0,0,00:00:00,48) [writeback]
(root,0,0,00:00:00,49) [kcompactd0]
(root,0,0,00:00:00,51) [ksmd]
(root,0,0,00:00:00,52) [khugepaged]
(root,0,0,00:00:00,53) [crypto]
(root,0,0,00:00:00,54) [kintegrityd]
(root,0,0,00:00:00,55) [bioset]
(root,0,0,00:00:00,56) [kblockd]
(root,0,0,00:00:00,57) [devfreq_wq]
(root,0,0,00:00:00,58) [watchdogd]
(root,0,0,00:00:31,59) [kswapd0]
(root,0,0,00:00:00,60) [vmstat]
(root,0,0,00:00:00,72) [kthrotld]
(root,0,0,00:00:00,73) [ipv6_addrconf]
(root,0,0,00:00:00,109) [mpt_poll_0]
(root,0,0,00:00:00,110) [mpt/0]
(root,0,0,00:00:00,111) [ata_sff]
(root,0,0,00:00:00,147) [scsi_eh_0]
(root,0,0,00:00:00,148) [scsi_tmf_0]
(root,0,0,00:00:00,149) [bioset]
(root,0,0,00:00:00,150) [scsi_eh_1]
(root,0,0,00:00:00,152) [scsi_tmf_1]
(root,0,0,00:00:00,153) [scsi_eh_2]
(root,0,0,00:00:00,154) [scsi_tmf_2]
(root,0,0,00:00:00,171) [bioset]
(root,0,0,00:01:58,174) [kworker/5:1H]
(root,0,0,00:06:30,176) [kworker/1:1H]
(root,0,0,00:02:10,177) [kworker/4:1H]
(root,0,0,00:00:00,203) [kworker/u13:0]
(root,0,0,00:02:41,212) [kworker/2:1H]
(root,0,0,00:32:42,214) [jbd2/sda3-8]
(root,0,0,00:00:00,215) [ext4-rsv-conver]
(root,0,0,00:05:11,237) [kworker/3:1H]
(root,135004,8204,01:06:10,241) /usr/bin/vmtoolsd
(root,0,0,00:00:00,242) [kauditd]
(root,70776,12576,00:37:26,253) /lib/systemd/systemd-journald
(root,47384,3124,00:00:08,305) /lib/systemd/systemd-udevd
(root,0,0,00:00:00,308) [bioset]
(root,0,0,00:00:00,309) [bioset]
(root,0,0,00:00:00,310) [bioset]
(root,0,0,00:00:00,311) [bioset]
(root,0,0,00:00:00,312) [bioset]
(root,0,0,00:00:00,313) [bioset]
(root,0,0,00:00:00,314) [bioset]
(root,0,0,00:00:00,315) [bioset]
(root,0,0,00:00:00,324) [loop4]
(root,0,0,00:00:00,325) [loop5]
(root,0,0,00:00:00,329) [loop7]
(root,0,0,00:00:00,362) [ttm_swap]
(root,0,0,00:00:00,461) [kworker/3:1]
(root,0,0,00:00:00,604) [jbd2/sda1-8]
(root,0,0,00:00:00,605) [ext4-rsv-conver]
(systemd+,127284,4096,00:00:11,621) /lib/systemd/systemd-timesyncd
(root,30876,2824,00:00:12,643) /usr/sbin/cron -f
(root,35912,3264,00:03:30,644) /usr/sbin/irqbalance --foreground
(root,153692,12660,00:00:00,645) /usr/bin/VGAuthService
(root,46668,4924,00:00:15,646) /lib/systemd/systemd-logind
(message+,45124,3704,00:00:17,647) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation
(root,1300116,24104,00:05:27,656) /usr/lib/snapd/snapd
(root,58340,3328,00:00:03,863) lldpd: monitor.
(root,15740,1480,00:00:00,865) /sbin/agetty --noclear tty1 linux
(_lldpd,58340,2188,00:00:40,911) lldpd: connected to SW_CORE_01.
(root,69956,6308,00:00:22,941) /usr/sbin/sshd -D
(root,0,0,00:00:00,951) [bioset]
(root,7080,708,00:00:03,961) tail -f ./ blokady.log
(root,321460,49552,00:16:25,1100) /usr/bin/python3 /usr/bin/fail2ban-server -s /var/run/fail2ban/fail2ban.sock -p /var/run/fail2ban/fail2ban.pid -x -b
(root,536792,38668,00:03:37,1135) /usr/sbin/apache2 -k start
(root,82324,3784,00:02:59,1371) sendmail: MTA: accepting connections
(root,0,0,00:00:00,1566) [kworker/5:0]
(root,54104,7312,00:01:25,2126) mc
(root,21236,2988,00:00:00,2128) bash -rcfile .bashrc
(root,0,0,00:00:00,2373) [kworker/0:2]
(root,0,0,00:00:00,2549) [kworker/0:0]
(root,0,0,00:00:00,2715) [kworker/3:2]
(mysql,4276,708,00:00:00,2742) sh -c  /usr/bin/python3 /cfg/scripts/new_rad.py                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                   
(mysql,124752,62360,00:00:06,2743) /usr/bin/python3 /cfg/scripts/new_rad.py
(root,20900,3300,00:00:00,2750) /bin/bash /usr/bin/check_mk_agent
(root,20896,3396,00:00:00,2792) /bin/bash /usr/bin/check_mk_agent
(root,20896,3360,00:00:00,2843) /bin/bash /usr/bin/check_mk_agent
(root,36628,2796,00:00:00,2857) ps ax -o user,vsz,rss,cputime,pid,command --columns 10000
(root,13204,988,00:00:00,2858) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4,\5) /
(root,0,0,00:00:00,3685) [loop8]
(www-data,538320,27116,00:00:00,3961) /usr/sbin/apache2 -k start
(root,0,0,00:00:00,4042) [loop0]
(root,0,0,00:00:04,6316) [kworker/0:1]
(root,54272,8676,00:00:00,6797) mc
(root,21168,3788,00:00:00,6799) bash -rcfile .bashrc
(root,553760,5036,00:00:46,6847) /usr/sbin/rsyslogd -n
(root,318164,11656,00:00:28,7053) /usr/lib/packagekit/packagekitd
(root,286116,6208,00:00:16,7057) /usr/lib/policykit-1/polkitd --no-debug
(freerad,2403236,56220,03:48:27,7832) /usr/sbin/freeradius
(root,26872,4952,03:02:48,8257) htop
(mysql,1966764,697428,16:08:14,8877) /usr/sbin/mysqld
(root,0,0,00:00:00,9965) [loop6]
(root,0,0,00:00:00,11973) [kworker/2:0]
(root,0,0,00:00:00,12334) [loop1]
(root,0,0,00:00:02,13087) [kworker/2:2]
(www-data,542712,34064,00:00:00,14425) /usr/sbin/apache2 -k start
(www-data,542356,35984,00:00:00,14427) /usr/sbin/apache2 -k start
(www-data,537644,25652,00:00:00,14439) /usr/sbin/apache2 -k start
(www-data,537120,25628,00:00:00,14440) /usr/sbin/apache2 -k start
(www-data,537552,25324,00:00:00,14441) /usr/sbin/apache2 -k start
(www-data,537924,26684,00:00:00,14442) /usr/sbin/apache2 -k start
(root,0,0,00:00:00,25079) [loop3]
(root,0,0,00:00:00,25227) [bioset]
(root,0,0,00:00:00,25229) [loop9]
(root,0,0,00:00:01,28895) [kworker/1:1]
(root,0,0,00:00:00,29254) [kworker/u12:2]
(root,0,0,00:00:00,29579) [kworker/5:1]
(root,0,0,00:00:00,30124) [kworker/3:0]
(root,99352,6872,00:00:07,30595) sshd: root@pts/2
(root,22696,4296,00:00:00,30601) -bash
(root,0,0,00:00:00,30681) [kworker/4:1]
(root,0,0,00:00:02,30987) [kworker/1:0]
(root,0,0,00:00:02,31017) [kworker/u12:1]
(www-data,537760,26360,00:00:00,31113) /usr/sbin/apache2 -k start
(www-data,537932,27152,00:00:00,31114) /usr/sbin/apache2 -k start
(www-data,537772,26672,00:00:00,31451) /usr/sbin/apache2 -k start
(root,0,0,00:00:00,31827) [kworker/4:0]
(root,99352,6972,00:04:00,32228) sshd: root@pts/0
(root,56536,6060,00:00:00,32230) /lib/systemd/systemd --user
(root,232396,1720,00:00:00,32231) (sd-pam)
(root,22736,4532,00:00:00,32237) -bash

Found on 2024-11-13 22:10

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbdb152c97192c0d284810ab27e16e94ce015f9ba0

Found public CheckMk agent:
Version: 1.2.6b5
AgentOS: linux
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local

Found process list through CheckMk:
(root,204812,6820,00:01:52,1) /sbin/init
(root,0,0,00:00:01,2) [kthreadd]
(root,0,0,00:00:00,4) [kworker/0:0H]
(root,0,0,00:01:59,6) [kworker/0:1H]
(root,0,0,00:00:01,7) [ksoftirqd/0]
(root,0,0,00:46:53,8) [rcu_sched]
(root,0,0,00:00:00,9) [rcu_bh]
(root,0,0,00:00:01,10) [migration/0]
(root,0,0,00:00:00,11) [lru-add-drain]
(root,0,0,00:00:11,12) [watchdog/0]
(root,0,0,00:00:00,13) [cpuhp/0]
(root,0,0,00:00:00,14) [cpuhp/1]
(root,0,0,00:00:10,15) [watchdog/1]
(root,0,0,00:00:01,16) [migration/1]
(root,0,0,00:00:10,17) [ksoftirqd/1]
(root,0,0,00:00:00,19) [kworker/1:0H]
(root,0,0,00:00:00,20) [cpuhp/2]
(root,0,0,00:00:10,21) [watchdog/2]
(root,0,0,00:00:01,22) [migration/2]
(root,0,0,00:00:01,23) [ksoftirqd/2]
(root,0,0,00:00:00,25) [kworker/2:0H]
(root,0,0,00:00:00,26) [cpuhp/3]
(root,0,0,00:00:10,27) [watchdog/3]
(root,0,0,00:00:01,28) [migration/3]
(root,0,0,00:01:24,29) [ksoftirqd/3]
(root,0,0,00:00:00,31) [kworker/3:0H]
(root,0,0,00:00:00,32) [cpuhp/4]
(root,0,0,00:00:11,33) [watchdog/4]
(root,0,0,00:00:01,34) [migration/4]
(root,0,0,00:00:01,35) [ksoftirqd/4]
(root,0,0,00:00:00,37) [kworker/4:0H]
(root,0,0,00:00:00,38) [cpuhp/5]
(root,0,0,00:00:11,39) [watchdog/5]
(root,0,0,00:00:01,40) [migration/5]
(root,0,0,00:00:02,41) [ksoftirqd/5]
(root,0,0,00:00:00,43) [kworker/5:0H]
(root,0,0,00:00:00,44) [kdevtmpfs]
(root,0,0,00:00:00,45) [netns]
(root,0,0,00:00:03,46) [khungtaskd]
(root,0,0,00:00:00,47) [oom_reaper]
(root,0,0,00:00:00,48) [writeback]
(root,0,0,00:00:00,49) [kcompactd0]
(root,0,0,00:00:00,51) [ksmd]
(root,0,0,00:00:00,52) [khugepaged]
(root,0,0,00:00:00,53) [crypto]
(root,0,0,00:00:00,54) [kintegrityd]
(root,0,0,00:00:00,55) [bioset]
(root,0,0,00:00:00,56) [kblockd]
(root,0,0,00:00:00,57) [devfreq_wq]
(root,0,0,00:00:00,58) [watchdogd]
(root,0,0,00:00:28,59) [kswapd0]
(root,0,0,00:00:00,60) [vmstat]
(root,0,0,00:00:00,72) [kthrotld]
(root,0,0,00:00:00,73) [ipv6_addrconf]
(root,0,0,00:00:00,109) [mpt_poll_0]
(root,0,0,00:00:00,110) [mpt/0]
(root,0,0,00:00:00,111) [ata_sff]
(root,0,0,00:00:00,147) [scsi_eh_0]
(root,0,0,00:00:00,148) [scsi_tmf_0]
(root,0,0,00:00:00,149) [bioset]
(root,0,0,00:00:00,150) [scsi_eh_1]
(root,0,0,00:00:00,152) [scsi_tmf_1]
(root,0,0,00:00:00,153) [scsi_eh_2]
(root,0,0,00:00:00,154) [scsi_tmf_2]
(root,0,0,00:00:00,171) [bioset]
(root,0,0,00:01:52,174) [kworker/5:1H]
(root,0,0,00:06:18,176) [kworker/1:1H]
(root,0,0,00:02:03,177) [kworker/4:1H]
(root,0,0,00:00:00,203) [kworker/u13:0]
(root,0,0,00:02:34,212) [kworker/2:1H]
(root,0,0,00:31:29,214) [jbd2/sda3-8]
(root,0,0,00:00:00,215) [ext4-rsv-conver]
(root,0,0,00:05:02,237) [kworker/3:1H]
(root,135004,8552,01:04:16,241) /usr/bin/vmtoolsd
(root,0,0,00:00:00,242) [kauditd]
(root,70776,10968,00:37:23,253) /lib/systemd/systemd-journald
(root,47384,3408,00:00:07,305) /lib/systemd/systemd-udevd
(root,0,0,00:00:00,308) [bioset]
(root,0,0,00:00:00,309) [bioset]
(root,0,0,00:00:00,310) [bioset]
(root,0,0,00:00:00,311) [bioset]
(root,0,0,00:00:00,312) [bioset]
(root,0,0,00:00:00,313) [bioset]
(root,0,0,00:00:00,314) [bioset]
(root,0,0,00:00:00,315) [bioset]
(root,0,0,00:00:00,324) [loop4]
(root,0,0,00:00:00,325) [loop5]
(root,0,0,00:00:00,329) [loop7]
(root,0,0,00:00:00,362) [ttm_swap]
(root,0,0,00:00:00,604) [jbd2/sda1-8]
(root,0,0,00:00:00,605) [ext4-rsv-conver]
(systemd+,127284,4096,00:00:11,621) /lib/systemd/systemd-timesyncd
(root,30876,2824,00:00:12,643) /usr/sbin/cron -f
(root,35912,3264,00:03:24,644) /usr/sbin/irqbalance --foreground
(root,153692,14936,00:00:00,645) /usr/bin/VGAuthService
(root,46668,4924,00:00:14,646) /lib/systemd/systemd-logind
(message+,45124,3704,00:00:16,647) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation
(root,1300116,24860,00:05:19,656) /usr/lib/snapd/snapd
(root,58340,3436,00:00:03,863) lldpd: monitor.
(root,15740,1528,00:00:00,865) /sbin/agetty --noclear tty1 linux
(_lldpd,58340,2296,00:00:38,911) lldpd: connected to SW_CORE_01.
(root,69956,6308,00:00:21,941) /usr/sbin/sshd -D
(root,0,0,00:00:00,951) [bioset]
(root,321460,49980,00:16:00,1100) /usr/bin/python3 /usr/bin/fail2ban-server -s /var/run/fail2ban/fail2ban.sock -p /var/run/fail2ban/fail2ban.pid -x -b
(root,536792,38668,00:03:31,1135) /usr/sbin/apache2 -k start
(root,82324,3784,00:02:54,1371) sendmail: MTA: accepting connections
(www-data,537800,25508,00:00:00,2041) /usr/sbin/apache2 -k start
(www-data,537480,24056,00:00:00,2060) /usr/sbin/apache2 -k start
(www-data,537148,14612,00:00:00,2061) /usr/sbin/apache2 -k start
(www-data,537472,23788,00:00:00,2078) /usr/sbin/apache2 -k start
(www-data,537420,23024,00:00:00,2082) /usr/sbin/apache2 -k start
(www-data,537148,14676,00:00:00,2085) /usr/sbin/apache2 -k start
(www-data,537752,26304,00:00:00,2107) /usr/sbin/apache2 -k start
(root,54104,7388,00:01:19,2126) mc
(root,21236,3944,00:00:00,2128) bash -rcfile .bashrc
(root,0,0,00:00:00,3485) [kworker/2:2]
(root,0,0,00:00:00,3685) [loop8]
(root,0,0,00:00:01,4039) [kworker/4:0]
(root,0,0,00:00:00,4042) [loop0]
(root,0,0,00:00:06,4568) [kworker/2:0]
(root,54272,8660,00:00:00,6797) mc
(root,21164,3792,00:00:00,6799) bash -rcfile .bashrc
(root,553760,5036,00:00:41,6847) /usr/sbin/rsyslogd -n
(root,318164,12052,00:00:27,7053) /usr/lib/packagekit/packagekitd
(root,286116,6208,00:00:15,7057) /usr/lib/policykit-1/polkitd --no-debug
(freerad,2370452,53188,03:29:17,7832) /usr/sbin/freeradius
(root,26872,4952,02:49:15,8257) htop
(mysql,1966764,693060,15:21:18,8877) /usr/sbin/mysqld
(root,0,0,00:00:00,9148) [kworker/u12:0]
(root,0,0,00:00:00,9965) [loop6]
(root,0,0,00:00:00,12334) [loop1]
(root,0,0,00:00:01,15561) [kworker/0:2]
(www-data,537148,13384,00:00:00,16419) /usr/sbin/apache2 -k start
(root,0,0,00:00:00,18878) [kworker/3:2]
(root,0,0,00:00:00,18890) [kworker/u12:2]
(root,0,0,00:00:00,20216) [kworker/1:0]
(www-data,537344,21864,00:00:00,20486) /usr/sbin/apache2 -k start
(www-data,537476,24128,00:00:00,20618) /usr/sbin/apache2 -k start
(root,0,0,00:00:03,20766) [kworker/1:1]
(root,0,0,00:00:00,21850) [kworker/4:2]
(root,0,0,00:00:00,22931) [kworker/5:1]
(root,0,0,00:00:00,25079) [loop3]
(root,0,0,00:00:00,25227) [bioset]
(root,0,0,00:00:00,25229) [loop9]
(root,0,0,00:00:00,26190) [kworker/3:0]
(root,0,0,00:00:00,26559) [kworker/0:0]
(root,0,0,00:00:00,26697) [kworker/0:1]
(root,0,0,00:00:00,26909) [kworker/2:1]
(root,20896,3400,00:00:00,26912) /bin/bash /usr/bin/check_mk_agent
(root,36628,2864,00:00:00,26918) ps ax -o user,vsz,rss,cputime,pid,command --columns 10000
(root,13204,940,00:00:00,26919) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4,\5) /
(root,99352,6872,00:00:06,30595) sshd: root@pts/2
(root,22696,5252,00:00:00,30601) -bash
(root,0,0,00:00:02,31274) [kworker/5:2]
(root,99352,6972,00:03:44,32228) sshd: root@pts/0
(root,56536,6060,00:00:00,32230) /lib/systemd/systemd --user
(root,232396,1720,00:00:00,32231) (sd-pam)
(root,22736,5488,00:00:00,32237) -bash

Found on 2024-11-11 22:59

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbdb152c97192c0d284810ab27e16e94cee0ed5e69

Found public CheckMk agent:
Version: 1.2.6b5
AgentOS: linux
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local

Found process list through CheckMk:
(root,204812,6820,00:01:50,1) /sbin/init
(root,0,0,00:00:01,2) [kthreadd]
(root,0,0,00:00:00,4) [kworker/0:0H]
(root,0,0,00:01:53,6) [kworker/0:1H]
(root,0,0,00:00:01,7) [ksoftirqd/0]
(root,0,0,00:45:29,8) [rcu_sched]
(root,0,0,00:00:00,9) [rcu_bh]
(root,0,0,00:00:01,10) [migration/0]
(root,0,0,00:00:00,11) [lru-add-drain]
(root,0,0,00:00:10,12) [watchdog/0]
(root,0,0,00:00:00,13) [cpuhp/0]
(root,0,0,00:00:00,14) [cpuhp/1]
(root,0,0,00:00:10,15) [watchdog/1]
(root,0,0,00:00:01,16) [migration/1]
(root,0,0,00:00:10,17) [ksoftirqd/1]
(root,0,0,00:00:00,19) [kworker/1:0H]
(root,0,0,00:00:00,20) [cpuhp/2]
(root,0,0,00:00:10,21) [watchdog/2]
(root,0,0,00:00:01,22) [migration/2]
(root,0,0,00:00:01,23) [ksoftirqd/2]
(root,0,0,00:00:00,25) [kworker/2:0H]
(root,0,0,00:00:00,26) [cpuhp/3]
(root,0,0,00:00:10,27) [watchdog/3]
(root,0,0,00:00:01,28) [migration/3]
(root,0,0,00:01:21,29) [ksoftirqd/3]
(root,0,0,00:00:00,31) [kworker/3:0H]
(root,0,0,00:00:00,32) [cpuhp/4]
(root,0,0,00:00:11,33) [watchdog/4]
(root,0,0,00:00:01,34) [migration/4]
(root,0,0,00:00:01,35) [ksoftirqd/4]
(root,0,0,00:00:00,37) [kworker/4:0H]
(root,0,0,00:00:00,38) [cpuhp/5]
(root,0,0,00:00:10,39) [watchdog/5]
(root,0,0,00:00:01,40) [migration/5]
(root,0,0,00:00:02,41) [ksoftirqd/5]
(root,0,0,00:00:00,43) [kworker/5:0H]
(root,0,0,00:00:00,44) [kdevtmpfs]
(root,0,0,00:00:00,45) [netns]
(root,0,0,00:00:03,46) [khungtaskd]
(root,0,0,00:00:00,47) [oom_reaper]
(root,0,0,00:00:00,48) [writeback]
(root,0,0,00:00:00,49) [kcompactd0]
(root,0,0,00:00:00,51) [ksmd]
(root,0,0,00:00:00,52) [khugepaged]
(root,0,0,00:00:00,53) [crypto]
(root,0,0,00:00:00,54) [kintegrityd]
(root,0,0,00:00:00,55) [bioset]
(root,0,0,00:00:00,56) [kblockd]
(root,0,0,00:00:00,57) [devfreq_wq]
(root,0,0,00:00:00,58) [watchdogd]
(root,0,0,00:00:27,59) [kswapd0]
(root,0,0,00:00:00,60) [vmstat]
(root,0,0,00:00:00,72) [kthrotld]
(root,0,0,00:00:00,73) [ipv6_addrconf]
(root,0,0,00:00:00,109) [mpt_poll_0]
(root,0,0,00:00:00,110) [mpt/0]
(root,0,0,00:00:00,111) [ata_sff]
(root,0,0,00:00:00,147) [scsi_eh_0]
(root,0,0,00:00:00,148) [scsi_tmf_0]
(root,0,0,00:00:00,149) [bioset]
(root,0,0,00:00:00,150) [scsi_eh_1]
(root,0,0,00:00:00,152) [scsi_tmf_1]
(root,0,0,00:00:00,153) [scsi_eh_2]
(root,0,0,00:00:00,154) [scsi_tmf_2]
(root,0,0,00:00:00,171) [bioset]
(root,0,0,00:01:47,174) [kworker/5:1H]
(root,0,0,00:06:07,176) [kworker/1:1H]
(root,0,0,00:01:57,177) [kworker/4:1H]
(root,0,0,00:00:00,203) [kworker/u13:0]
(root,0,0,00:02:27,212) [kworker/2:1H]
(root,0,0,00:30:14,214) [jbd2/sda3-8]
(root,0,0,00:00:00,215) [ext4-rsv-conver]
(root,0,0,00:04:51,237) [kworker/3:1H]
(root,135004,8552,01:02:21,241) /usr/bin/vmtoolsd
(root,0,0,00:00:00,242) [kauditd]
(root,70776,14340,00:37:21,253) /lib/systemd/systemd-journald
(root,47384,3428,00:00:07,305) /lib/systemd/systemd-udevd
(root,0,0,00:00:00,308) [bioset]
(root,0,0,00:00:00,309) [bioset]
(root,0,0,00:00:00,310) [bioset]
(root,0,0,00:00:00,311) [bioset]
(root,0,0,00:00:00,312) [bioset]
(root,0,0,00:00:00,313) [bioset]
(root,0,0,00:00:00,314) [bioset]
(root,0,0,00:00:00,315) [bioset]
(root,0,0,00:00:00,324) [loop4]
(root,0,0,00:00:00,325) [loop5]
(root,0,0,00:00:00,329) [loop7]
(root,0,0,00:00:00,362) [ttm_swap]
(root,0,0,00:00:00,604) [jbd2/sda1-8]
(root,0,0,00:00:00,605) [ext4-rsv-conver]
(systemd+,127284,4096,00:00:11,621) /lib/systemd/systemd-timesyncd
(root,30876,2824,00:00:12,643) /usr/sbin/cron -f
(root,35912,3264,00:03:18,644) /usr/sbin/irqbalance --foreground
(root,153692,14936,00:00:00,645) /usr/bin/VGAuthService
(root,46668,4924,00:00:14,646) /lib/systemd/systemd-logind
(message+,45124,3704,00:00:16,647) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation
(root,1300116,25200,00:05:09,656) /usr/lib/snapd/snapd
(root,58340,3436,00:00:03,863) lldpd: monitor.
(root,15740,1528,00:00:00,865) /sbin/agetty --noclear tty1 linux
(_lldpd,58340,2296,00:00:37,911) lldpd: connected to SW_CORE_01.
(root,69956,6308,00:00:21,941) /usr/sbin/sshd -D
(root,0,0,00:00:00,951) [bioset]
(root,321460,49956,00:15:34,1100) /usr/bin/python3 /usr/bin/fail2ban-server -s /var/run/fail2ban/fail2ban.sock -p /var/run/fail2ban/fail2ban.pid -x -b
(root,536792,38668,00:03:25,1135) /usr/sbin/apache2 -k start
(root,82324,3784,00:02:49,1371) sendmail: MTA: accepting connections
(root,54104,7388,00:01:13,2126) mc
(root,21236,3944,00:00:00,2128) bash -rcfile .bashrc
(root,0,0,00:00:00,3685) [loop8]
(root,0,0,00:00:00,4042) [loop0]
(www-data,536884,14036,00:00:00,4692) /usr/sbin/apache2 -k start
(www-data,537148,13848,00:00:00,4715) /usr/sbin/apache2 -k start
(www-data,537148,13948,00:00:00,4716) /usr/sbin/apache2 -k start
(www-data,537148,14056,00:00:00,4717) /usr/sbin/apache2 -k start
(root,0,0,00:00:00,5625) [kworker/5:0]
(root,54272,8660,00:00:00,6797) mc
(root,21164,3792,00:00:00,6799) bash -rcfile .bashrc
(root,553760,5036,00:00:36,6847) /usr/sbin/rsyslogd -n
(root,318164,12052,00:00:26,7053) /usr/lib/packagekit/packagekitd
(root,286116,6208,00:00:15,7057) /usr/lib/policykit-1/polkitd --no-debug
(freerad,2370452,50604,03:10:03,7832) /usr/sbin/freeradius
(root,26872,4952,02:35:36,8257) htop
(mysql,1966764,692296,14:33:33,8877) /usr/sbin/mysqld
(root,0,0,00:00:05,9229) [kworker/1:0]
(root,0,0,00:00:00,9965) [loop6]
(root,0,0,00:00:00,12065) [kworker/4:0]
(root,0,0,00:00:00,12334) [loop1]
(root,0,0,00:00:05,13149) [kworker/0:1]
(root,0,0,00:00:00,13193) [kworker/3:0]
(root,0,0,00:00:00,13508) [kworker/4:1]
(www-data,537408,22824,00:00:00,14004) /usr/sbin/apache2 -k start
(www-data,537408,22808,00:00:00,14005) /usr/sbin/apache2 -k start
(www-data,537388,21436,00:00:00,14006) /usr/sbin/apache2 -k start
(www-data,537676,26852,00:00:00,14007) /usr/sbin/apache2 -k start
(www-data,537796,26152,00:00:00,14008) /usr/sbin/apache2 -k start
(root,0,0,00:00:00,14297) [kworker/3:2]
(root,0,0,00:00:00,16449) [kworker/5:2]
(root,0,0,00:00:00,16515) [kworker/u12:2]
(root,0,0,00:00:00,17503) [kworker/2:1]
(root,0,0,00:00:00,18588) [kworker/2:2]
(root,0,0,00:00:00,18788) [kworker/u12:0]
(root,0,0,00:00:00,18970) [kworker/0:2]
(root,0,0,00:00:00,19122) [kworker/0:0]
(root,20896,3300,00:00:00,19126) /bin/bash /usr/bin/check_mk_agent
(root,20896,3292,00:00:00,19129) /bin/bash /usr/bin/check_mk_agent
(root,20896,3356,00:00:00,19164) /bin/bash /usr/bin/check_mk_agent
(root,36628,2848,00:00:00,19190) ps ax -o user,vsz,rss,cputime,pid,command --columns 10000
(root,13204,924,00:00:00,19191) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4,\5) /
(www-data,537604,24332,00:00:00,24646) /usr/sbin/apache2 -k start
(root,0,0,00:00:00,25079) [loop3]
(root,0,0,00:00:00,25227) [bioset]
(root,0,0,00:00:00,25229) [loop9]
(root,99352,6872,00:00:05,30595) sshd: root@pts/2
(root,0,0,00:00:05,30596) [kworker/1:2]
(root,22696,5252,00:00:00,30601) -bash
(root,99352,6972,00:03:25,32228) sshd: root@pts/0
(root,56536,6060,00:00:00,32230) /lib/systemd/systemd --user
(root,232396,1720,00:00:00,32231) (sd-pam)
(root,22736,5488,00:00:00,32237) -bash

Found on 2024-11-09 22:56

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbdb152c97192c0d284810ab27e16e94ce4b36df14

Found public CheckMk agent:
Version: 1.2.6b5
AgentOS: linux
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local

Found process list through CheckMk:
(root,204812,6820,00:01:47,1) /sbin/init
(root,0,0,00:00:01,2) [kthreadd]
(root,0,0,00:00:00,4) [kworker/0:0H]
(root,0,0,00:01:47,6) [kworker/0:1H]
(root,0,0,00:00:01,7) [ksoftirqd/0]
(root,0,0,00:44:07,8) [rcu_sched]
(root,0,0,00:00:00,9) [rcu_bh]
(root,0,0,00:00:01,10) [migration/0]
(root,0,0,00:00:00,11) [lru-add-drain]
(root,0,0,00:00:10,12) [watchdog/0]
(root,0,0,00:00:00,13) [cpuhp/0]
(root,0,0,00:00:00,14) [cpuhp/1]
(root,0,0,00:00:09,15) [watchdog/1]
(root,0,0,00:00:01,16) [migration/1]
(root,0,0,00:00:10,17) [ksoftirqd/1]
(root,0,0,00:00:00,19) [kworker/1:0H]
(root,0,0,00:00:00,20) [cpuhp/2]
(root,0,0,00:00:10,21) [watchdog/2]
(root,0,0,00:00:01,22) [migration/2]
(root,0,0,00:00:01,23) [ksoftirqd/2]
(root,0,0,00:00:00,25) [kworker/2:0H]
(root,0,0,00:00:00,26) [cpuhp/3]
(root,0,0,00:00:09,27) [watchdog/3]
(root,0,0,00:00:01,28) [migration/3]
(root,0,0,00:01:19,29) [ksoftirqd/3]
(root,0,0,00:00:00,31) [kworker/3:0H]
(root,0,0,00:00:00,32) [cpuhp/4]
(root,0,0,00:00:11,33) [watchdog/4]
(root,0,0,00:00:01,34) [migration/4]
(root,0,0,00:00:01,35) [ksoftirqd/4]
(root,0,0,00:00:00,37) [kworker/4:0H]
(root,0,0,00:00:00,38) [cpuhp/5]
(root,0,0,00:00:10,39) [watchdog/5]
(root,0,0,00:00:01,40) [migration/5]
(root,0,0,00:00:02,41) [ksoftirqd/5]
(root,0,0,00:00:00,43) [kworker/5:0H]
(root,0,0,00:00:00,44) [kdevtmpfs]
(root,0,0,00:00:00,45) [netns]
(root,0,0,00:00:03,46) [khungtaskd]
(root,0,0,00:00:00,47) [oom_reaper]
(root,0,0,00:00:00,48) [writeback]
(root,0,0,00:00:00,49) [kcompactd0]
(root,0,0,00:00:00,51) [ksmd]
(root,0,0,00:00:00,52) [khugepaged]
(root,0,0,00:00:00,53) [crypto]
(root,0,0,00:00:00,54) [kintegrityd]
(root,0,0,00:00:00,55) [bioset]
(root,0,0,00:00:00,56) [kblockd]
(root,0,0,00:00:00,57) [devfreq_wq]
(root,0,0,00:00:00,58) [watchdogd]
(root,0,0,00:00:25,59) [kswapd0]
(root,0,0,00:00:00,60) [vmstat]
(root,0,0,00:00:00,72) [kthrotld]
(root,0,0,00:00:00,73) [ipv6_addrconf]
(root,0,0,00:00:00,109) [mpt_poll_0]
(root,0,0,00:00:00,110) [mpt/0]
(root,0,0,00:00:00,111) [ata_sff]
(root,0,0,00:00:00,147) [scsi_eh_0]
(root,0,0,00:00:00,148) [scsi_tmf_0]
(root,0,0,00:00:00,149) [bioset]
(root,0,0,00:00:00,150) [scsi_eh_1]
(root,0,0,00:00:00,152) [scsi_tmf_1]
(root,0,0,00:00:00,153) [scsi_eh_2]
(root,0,0,00:00:00,154) [scsi_tmf_2]
(root,0,0,00:00:00,171) [bioset]
(root,0,0,00:01:42,174) [kworker/5:1H]
(root,0,0,00:05:55,176) [kworker/1:1H]
(root,0,0,00:01:51,177) [kworker/4:1H]
(root,0,0,00:00:00,203) [kworker/u13:0]
(root,0,0,00:02:20,212) [kworker/2:1H]
(root,0,0,00:28:59,214) [jbd2/sda3-8]
(root,0,0,00:00:00,215) [ext4-rsv-conver]
(root,0,0,00:04:41,237) [kworker/3:1H]
(root,135004,8552,01:00:26,241) /usr/bin/vmtoolsd
(root,0,0,00:00:00,242) [kauditd]
(root,70776,12664,00:37:18,253) /lib/systemd/systemd-journald
(root,47384,3540,00:00:07,305) /lib/systemd/systemd-udevd
(root,0,0,00:00:00,308) [bioset]
(root,0,0,00:00:00,309) [bioset]
(root,0,0,00:00:00,310) [bioset]
(root,0,0,00:00:00,311) [bioset]
(root,0,0,00:00:00,312) [bioset]
(root,0,0,00:00:00,313) [bioset]
(root,0,0,00:00:00,314) [bioset]
(root,0,0,00:00:00,315) [bioset]
(root,0,0,00:00:00,324) [loop4]
(root,0,0,00:00:00,325) [loop5]
(root,0,0,00:00:00,329) [loop7]
(root,0,0,00:00:00,362) [ttm_swap]
(root,0,0,00:00:00,604) [jbd2/sda1-8]
(root,0,0,00:00:00,605) [ext4-rsv-conver]
(systemd+,127284,4096,00:00:10,621) /lib/systemd/systemd-timesyncd
(root,30876,2824,00:00:11,643) /usr/sbin/cron -f
(root,35912,3264,00:03:12,644) /usr/sbin/irqbalance --foreground
(root,153692,15108,00:00:00,645) /usr/bin/VGAuthService
(root,46668,4924,00:00:14,646) /lib/systemd/systemd-logind
(message+,45124,3704,00:00:15,647) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation
(root,1300116,25684,00:05:00,656) /usr/lib/snapd/snapd
(root,58340,3436,00:00:03,863) lldpd: monitor.
(root,15740,1528,00:00:00,865) /sbin/agetty --noclear tty1 linux
(_lldpd,58340,2296,00:00:36,911) lldpd: connected to SW_CORE_01.
(root,69956,6308,00:00:21,941) /usr/sbin/sshd -D
(root,0,0,00:00:00,951) [bioset]
(root,321460,49956,00:15:08,1100) /usr/bin/python3 /usr/bin/fail2ban-server -s /var/run/fail2ban/fail2ban.sock -p /var/run/fail2ban/fail2ban.pid -x -b
(root,536792,38668,00:03:18,1135) /usr/sbin/apache2 -k start
(root,82324,3784,00:02:44,1371) sendmail: MTA: accepting connections
(root,54104,7388,00:01:06,2126) mc
(root,21236,3944,00:00:00,2128) bash -rcfile .bashrc
(root,0,0,00:00:00,3685) [loop8]
(root,0,0,00:00:00,4042) [loop0]
(root,0,0,00:00:00,6276) [kworker/5:0]
(root,54272,8660,00:00:00,6797) mc
(root,21164,3792,00:00:00,6799) bash -rcfile .bashrc
(root,553760,5036,00:00:31,6847) /usr/sbin/rsyslogd -n
(root,318164,12052,00:00:26,7053) /usr/lib/packagekit/packagekitd
(root,286116,6208,00:00:14,7057) /usr/lib/policykit-1/polkitd --no-debug
(freerad,2370452,47996,02:51:17,7832) /usr/sbin/freeradius
(root,26872,4952,02:21:55,8257) htop
(root,0,0,00:00:00,8525) [kworker/4:2]
(mysql,1966764,691360,13:46:34,8877) /usr/sbin/mysqld
(root,0,0,00:00:00,9310) [kworker/u12:2]
(root,0,0,00:00:00,9591) [kworker/4:1]
(www-data,537144,25816,00:00:01,9652) /usr/sbin/apache2 -k start
(www-data,537884,26772,00:00:00,9653) /usr/sbin/apache2 -k start
(www-data,537716,26628,00:00:00,9654) /usr/sbin/apache2 -k start
(www-data,537936,27248,00:00:01,9655) /usr/sbin/apache2 -k start
(root,0,0,00:00:00,9965) [loop6]
(www-data,538348,27380,00:00:00,10603) /usr/sbin/apache2 -k start
(root,0,0,00:00:00,10723) [kworker/3:1]
(root,0,0,00:00:00,10893) [kworker/u12:0]
(www-data,537884,26832,00:00:00,11522) /usr/sbin/apache2 -k start
(root,0,0,00:00:00,11716) [kworker/2:1]
(root,0,0,00:00:00,12334) [loop1]
(root,0,0,00:00:00,12774) [kworker/2:0]
(root,0,0,00:00:17,13723) [kworker/1:2]
(root,0,0,00:00:00,13810) [kworker/3:2]
(root,0,0,00:00:00,14033) [kworker/1:0]
(root,0,0,00:00:00,14491) [kworker/0:1]
(root,0,0,00:00:00,14600) [kworker/0:2]
(root,20896,3288,00:00:00,14629) /bin/bash /usr/bin/check_mk_agent
(root,20896,3400,00:00:00,14635) /bin/bash /usr/bin/check_mk_agent
(root,20896,3400,00:00:00,14658) /bin/bash /usr/bin/check_mk_agent
(root,20896,1760,00:00:00,14663) /bin/bash /usr/bin/check_mk_agent
(root,20896,1824,00:00:00,14664) /bin/bash /usr/bin/check_mk_agent
(root,176,4,00:00:00,14666) [cut]
(root,22948,780,00:00:00,14668) sort
(root,176,4,00:00:00,14669) [cut]
(root,22948,772,00:00:00,14672) sort
(root,36628,2848,00:00:00,14676) ps ax -o user,vsz,rss,cputime,pid,command --columns 10000
(root,13204,900,00:00:00,14677) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4,\5) /
(www-data,537708,26372,00:00:00,15018) /usr/sbin/apache2 -k start
(www-data,537892,26472,00:00:00,15019) /usr/sbin/apache2 -k start
(www-data,537716,26220,00:00:00,24435) /usr/sbin/apache2 -k start
(www-data,537720,26052,00:00:00,24436) /usr/sbin/apache2 -k start
(root,0,0,00:00:00,25079) [loop3]
(root,0,0,00:00:01,25132) [kworker/5:1]
(root,0,0,00:00:00,25227) [bioset]
(root,0,0,00:00:00,25229) [loop9]
(root,0,0,00:00:03,25356) [kworker/0:0]
(root,99352,6872,00:00:04,30595) sshd: root@pts/2
(root,22696,5252,00:00:00,30601) -bash
(root,99352,6972,00:03:08,32228) sshd: root@pts/0
(root,56536,6060,00:00:00,32230) /lib/systemd/systemd --user
(root,232396,1720,00:00:00,32231) (sd-pam)
(root,22736,5488,00:00:00,32237) -bash

Found on 2024-11-07 23:08

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbdb152c97192c0d284810ab27e16e94ce3806b1fe

Found public CheckMk agent:
Version: 1.2.6b5
AgentOS: linux
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local

Found process list through CheckMk:
(root,204812,6820,00:01:43,1) /sbin/init
(root,0,0,00:00:01,2) [kthreadd]
(root,0,0,00:00:00,4) [kworker/0:0H]
(root,0,0,00:01:41,6) [kworker/0:1H]
(root,0,0,00:00:01,7) [ksoftirqd/0]
(root,0,0,00:42:41,8) [rcu_sched]
(root,0,0,00:00:00,9) [rcu_bh]
(root,0,0,00:00:01,10) [migration/0]
(root,0,0,00:00:00,11) [lru-add-drain]
(root,0,0,00:00:10,12) [watchdog/0]
(root,0,0,00:00:00,13) [cpuhp/0]
(root,0,0,00:00:00,14) [cpuhp/1]
(root,0,0,00:00:09,15) [watchdog/1]
(root,0,0,00:00:01,16) [migration/1]
(root,0,0,00:00:10,17) [ksoftirqd/1]
(root,0,0,00:00:00,19) [kworker/1:0H]
(root,0,0,00:00:00,20) [cpuhp/2]
(root,0,0,00:00:09,21) [watchdog/2]
(root,0,0,00:00:01,22) [migration/2]
(root,0,0,00:00:01,23) [ksoftirqd/2]
(root,0,0,00:00:00,25) [kworker/2:0H]
(root,0,0,00:00:00,26) [cpuhp/3]
(root,0,0,00:00:09,27) [watchdog/3]
(root,0,0,00:00:01,28) [migration/3]
(root,0,0,00:01:16,29) [ksoftirqd/3]
(root,0,0,00:00:00,31) [kworker/3:0H]
(root,0,0,00:00:00,32) [cpuhp/4]
(root,0,0,00:00:10,33) [watchdog/4]
(root,0,0,00:00:01,34) [migration/4]
(root,0,0,00:00:01,35) [ksoftirqd/4]
(root,0,0,00:00:00,37) [kworker/4:0H]
(root,0,0,00:00:00,38) [cpuhp/5]
(root,0,0,00:00:10,39) [watchdog/5]
(root,0,0,00:00:01,40) [migration/5]
(root,0,0,00:00:02,41) [ksoftirqd/5]
(root,0,0,00:00:00,43) [kworker/5:0H]
(root,0,0,00:00:00,44) [kdevtmpfs]
(root,0,0,00:00:00,45) [netns]
(root,0,0,00:00:03,46) [khungtaskd]
(root,0,0,00:00:00,47) [oom_reaper]
(root,0,0,00:00:00,48) [writeback]
(root,0,0,00:00:00,49) [kcompactd0]
(root,0,0,00:00:00,51) [ksmd]
(root,0,0,00:00:00,52) [khugepaged]
(root,0,0,00:00:00,53) [crypto]
(root,0,0,00:00:00,54) [kintegrityd]
(root,0,0,00:00:00,55) [bioset]
(root,0,0,00:00:00,56) [kblockd]
(root,0,0,00:00:00,57) [devfreq_wq]
(root,0,0,00:00:00,58) [watchdogd]
(root,0,0,00:00:23,59) [kswapd0]
(root,0,0,00:00:00,60) [vmstat]
(root,0,0,00:00:00,72) [kthrotld]
(root,0,0,00:00:00,73) [ipv6_addrconf]
(root,0,0,00:00:00,109) [mpt_poll_0]
(root,0,0,00:00:00,110) [mpt/0]
(root,0,0,00:00:00,111) [ata_sff]
(root,0,0,00:00:00,147) [scsi_eh_0]
(root,0,0,00:00:00,148) [scsi_tmf_0]
(root,0,0,00:00:00,149) [bioset]
(root,0,0,00:00:00,150) [scsi_eh_1]
(root,0,0,00:00:00,152) [scsi_tmf_1]
(root,0,0,00:00:00,153) [scsi_eh_2]
(root,0,0,00:00:00,154) [scsi_tmf_2]
(root,0,0,00:00:00,171) [bioset]
(root,0,0,00:01:36,174) [kworker/5:1H]
(root,0,0,00:05:43,176) [kworker/1:1H]
(root,0,0,00:01:45,177) [kworker/4:1H]
(root,0,0,00:00:00,203) [kworker/u13:0]
(root,0,0,00:02:13,212) [kworker/2:1H]
(root,0,0,00:27:44,214) [jbd2/sda3-8]
(root,0,0,00:00:00,215) [ext4-rsv-conver]
(root,0,0,00:04:30,237) [kworker/3:1H]
(root,135004,8552,00:58:27,241) /usr/bin/vmtoolsd
(root,0,0,00:00:00,242) [kauditd]
(root,62580,7328,00:37:13,253) /lib/systemd/systemd-journald
(root,47384,3700,00:00:07,305) /lib/systemd/systemd-udevd
(root,0,0,00:00:00,308) [bioset]
(root,0,0,00:00:00,309) [bioset]
(root,0,0,00:00:00,310) [bioset]
(root,0,0,00:00:00,311) [bioset]
(root,0,0,00:00:00,312) [bioset]
(root,0,0,00:00:00,313) [bioset]
(root,0,0,00:00:00,314) [bioset]
(root,0,0,00:00:00,315) [bioset]
(root,0,0,00:00:00,318) [loop2]
(root,0,0,00:00:00,324) [loop4]
(root,0,0,00:00:00,325) [loop5]
(root,0,0,00:00:00,329) [loop7]
(root,0,0,00:00:00,362) [ttm_swap]
(root,0,0,00:00:00,604) [jbd2/sda1-8]
(root,0,0,00:00:00,605) [ext4-rsv-conver]
(systemd+,127284,4096,00:00:10,621) /lib/systemd/systemd-timesyncd
(root,30876,2824,00:00:11,643) /usr/sbin/cron -f
(root,35912,3264,00:03:05,644) /usr/sbin/irqbalance --foreground
(root,153692,15652,00:00:00,645) /usr/bin/VGAuthService
(root,46668,4924,00:00:13,646) /lib/systemd/systemd-logind
(message+,45124,3704,00:00:15,647) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation
(root,1300116,26356,00:04:48,656) /usr/lib/snapd/snapd
(root,58340,3436,00:00:03,863) lldpd: monitor.
(root,15740,1528,00:00:00,865) /sbin/agetty --noclear tty1 linux
(_lldpd,58340,2296,00:00:35,911) lldpd: connected to SW_CORE_01.
(root,69956,6308,00:00:20,941) /usr/sbin/sshd -D
(root,0,0,00:00:00,951) [bioset]
(root,0,0,00:00:00,991) [kworker/4:2]
(root,321460,49916,00:14:36,1100) /usr/bin/python3 /usr/bin/fail2ban-server -s /var/run/fail2ban/fail2ban.sock -p /var/run/fail2ban/fail2ban.pid -x -b
(root,536792,38668,00:03:12,1135) /usr/sbin/apache2 -k start
(root,82324,3784,00:02:38,1371) sendmail: MTA: accepting connections
(root,54104,7388,00:00:59,2126) mc
(root,21236,3944,00:00:00,2128) bash -rcfile .bashrc
(root,0,0,00:00:00,2136) [kworker/1:2]
(root,0,0,00:00:00,2140) [kworker/5:1]
(root,0,0,00:00:00,3076) [kworker/5:2]
(root,0,0,00:00:02,3423) [kworker/u12:0]
(root,0,0,00:00:00,3685) [loop8]
(root,0,0,00:00:00,4042) [loop0]
(www-data,542732,38720,00:00:01,6187) /usr/sbin/apache2 -k start
(www-data,542856,38460,00:00:01,6188) /usr/sbin/apache2 -k start
(www-data,542748,39524,00:00:01,6189) /usr/sbin/apache2 -k start
(www-data,542688,37536,00:00:01,6190) /usr/sbin/apache2 -k start
(www-data,543348,40544,00:00:01,6191) /usr/sbin/apache2 -k start
(root,0,0,00:00:00,6196) [kworker/2:1]
(www-data,537328,26080,00:00:01,6403) /usr/sbin/apache2 -k start
(root,0,0,00:00:00,6689) [kworker/3:1]
(root,0,0,00:00:18,6703) [kworker/1:1]
(root,54272,8660,00:00:00,6797) mc
(root,21164,3792,00:00:00,6799) bash -rcfile .bashrc
(root,553760,4764,00:00:24,6847) /usr/sbin/rsyslogd -n
(root,318164,12052,00:00:25,7053) /usr/lib/packagekit/packagekitd
(root,286116,6208,00:00:14,7057) /usr/lib/policykit-1/polkitd --no-debug
(root,0,0,00:00:00,7301) [kworker/2:2]
(root,0,0,00:00:00,7796) [kworker/0:1]
(freerad,2468804,45212,02:32:39,7832) /usr/sbin/freeradius
(root,0,0,00:00:00,7967) [kworker/0:2]
(root,0,0,00:00:00,8118) [kworker/5:0]
(root,20896,3396,00:00:00,8179) /bin/bash /usr/bin/check_mk_agent
(root,36628,2840,00:00:00,8185) ps ax -o user,vsz,rss,cputime,pid,command --columns 10000
(root,13204,988,00:00:00,8186) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4,\5) /
(root,26872,4944,02:07:43,8257) htop
(www-data,540756,29092,00:00:00,8577) /usr/sbin/apache2 -k start
(www-data,540748,29672,00:00:00,8578) /usr/sbin/apache2 -k start
(mysql,1964764,693356,12:58:55,8877) /usr/sbin/mysqld
(root,0,0,00:00:00,9965) [loop6]
(root,0,0,00:00:00,12334) [loop1]
(www-data,537872,26320,00:00:00,15123) /usr/sbin/apache2 -k start
(root,0,0,00:00:03,21518) [kworker/0:0]
(www-data,537592,22492,00:00:00,24960) /usr/sbin/apache2 -k start
(root,0,0,00:00:00,26980) [kworker/u12:1]
(root,0,0,00:00:00,28464) [kworker/3:0]
(root,99352,6872,00:00:03,30595) sshd: root@pts/2
(root,22696,5252,00:00:00,30601) -bash
(root,99352,6972,00:02:50,32228) sshd: root@pts/0
(root,56536,6060,00:00:00,32230) /lib/systemd/systemd --user
(root,232396,1720,00:00:00,32231) (sd-pam)
(root,22736,5488,00:00:00,32237) -bash
(root,0,0,00:00:00,32561) [kworker/4:1]

Found on 2024-11-05 22:04

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbdb152c97192c0d284810ab27e16e94ceddcacf50

Found public CheckMk agent:
Version: 1.2.6b5
AgentOS: linux
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local

Found process list through CheckMk:
(root,204812,6820,00:01:38,1) /sbin/init
(root,0,0,00:00:01,2) [kthreadd]
(root,0,0,00:00:00,4) [kworker/0:0H]
(root,0,0,00:01:35,6) [kworker/0:1H]
(root,0,0,00:00:01,7) [ksoftirqd/0]
(root,0,0,00:41:19,8) [rcu_sched]
(root,0,0,00:00:00,9) [rcu_bh]
(root,0,0,00:00:01,10) [migration/0]
(root,0,0,00:00:00,11) [lru-add-drain]
(root,0,0,00:00:09,12) [watchdog/0]
(root,0,0,00:00:00,13) [cpuhp/0]
(root,0,0,00:00:00,14) [cpuhp/1]
(root,0,0,00:00:09,15) [watchdog/1]
(root,0,0,00:00:01,16) [migration/1]
(root,0,0,00:00:09,17) [ksoftirqd/1]
(root,0,0,00:00:00,19) [kworker/1:0H]
(root,0,0,00:00:00,20) [cpuhp/2]
(root,0,0,00:00:09,21) [watchdog/2]
(root,0,0,00:00:01,22) [migration/2]
(root,0,0,00:00:01,23) [ksoftirqd/2]
(root,0,0,00:00:00,25) [kworker/2:0H]
(root,0,0,00:00:00,26) [cpuhp/3]
(root,0,0,00:00:09,27) [watchdog/3]
(root,0,0,00:00:01,28) [migration/3]
(root,0,0,00:01:13,29) [ksoftirqd/3]
(root,0,0,00:00:00,31) [kworker/3:0H]
(root,0,0,00:00:00,32) [cpuhp/4]
(root,0,0,00:00:10,33) [watchdog/4]
(root,0,0,00:00:01,34) [migration/4]
(root,0,0,00:00:01,35) [ksoftirqd/4]
(root,0,0,00:00:00,37) [kworker/4:0H]
(root,0,0,00:00:00,38) [cpuhp/5]
(root,0,0,00:00:09,39) [watchdog/5]
(root,0,0,00:00:01,40) [migration/5]
(root,0,0,00:00:02,41) [ksoftirqd/5]
(root,0,0,00:00:00,43) [kworker/5:0H]
(root,0,0,00:00:00,44) [kdevtmpfs]
(root,0,0,00:00:00,45) [netns]
(root,0,0,00:00:03,46) [khungtaskd]
(root,0,0,00:00:00,47) [oom_reaper]
(root,0,0,00:00:00,48) [writeback]
(root,0,0,00:00:00,49) [kcompactd0]
(root,0,0,00:00:00,51) [ksmd]
(root,0,0,00:00:00,52) [khugepaged]
(root,0,0,00:00:00,53) [crypto]
(root,0,0,00:00:00,54) [kintegrityd]
(root,0,0,00:00:00,55) [bioset]
(root,0,0,00:00:00,56) [kblockd]
(root,0,0,00:00:00,57) [devfreq_wq]
(root,0,0,00:00:00,58) [watchdogd]
(root,0,0,00:00:21,59) [kswapd0]
(root,0,0,00:00:00,60) [vmstat]
(root,0,0,00:00:00,72) [kthrotld]
(root,0,0,00:00:00,73) [ipv6_addrconf]
(root,0,0,00:00:00,109) [mpt_poll_0]
(root,0,0,00:00:00,110) [mpt/0]
(root,0,0,00:00:00,111) [ata_sff]
(root,0,0,00:00:00,147) [scsi_eh_0]
(root,0,0,00:00:00,148) [scsi_tmf_0]
(root,0,0,00:00:00,149) [bioset]
(root,0,0,00:00:00,150) [scsi_eh_1]
(root,0,0,00:00:00,152) [scsi_tmf_1]
(root,0,0,00:00:00,153) [scsi_eh_2]
(root,0,0,00:00:00,154) [scsi_tmf_2]
(root,0,0,00:00:00,171) [bioset]
(root,0,0,00:01:31,174) [kworker/5:1H]
(root,0,0,00:05:33,176) [kworker/1:1H]
(root,0,0,00:01:39,177) [kworker/4:1H]
(root,0,0,00:00:00,203) [kworker/u13:0]
(root,0,0,00:02:07,212) [kworker/2:1H]
(root,0,0,00:26:36,214) [jbd2/sda3-8]
(root,0,0,00:00:00,215) [ext4-rsv-conver]
(root,0,0,00:04:22,237) [kworker/3:1H]
(root,135004,8552,00:56:39,241) /usr/bin/vmtoolsd
(root,0,0,00:00:00,242) [kauditd]
(root,70776,13436,00:36:45,253) /lib/systemd/systemd-journald
(root,47384,3712,00:00:06,305) /lib/systemd/systemd-udevd
(root,0,0,00:00:00,308) [bioset]
(root,0,0,00:00:00,309) [bioset]
(root,0,0,00:00:00,310) [bioset]
(root,0,0,00:00:00,311) [bioset]
(root,0,0,00:00:00,312) [bioset]
(root,0,0,00:00:00,313) [bioset]
(root,0,0,00:00:00,314) [bioset]
(root,0,0,00:00:00,315) [bioset]
(root,0,0,00:00:00,318) [loop2]
(root,0,0,00:00:00,324) [loop4]
(root,0,0,00:00:00,325) [loop5]
(root,0,0,00:00:00,329) [loop7]
(root,0,0,00:00:00,362) [ttm_swap]
(root,0,0,00:00:00,604) [jbd2/sda1-8]
(root,0,0,00:00:00,605) [ext4-rsv-conver]
(systemd+,127284,4096,00:00:10,621) /lib/systemd/systemd-timesyncd
(root,30876,2824,00:00:11,643) /usr/sbin/cron -f
(root,35912,3264,00:03:00,644) /usr/sbin/irqbalance --foreground
(root,153692,15772,00:00:00,645) /usr/bin/VGAuthService
(root,46668,4924,00:00:13,646) /lib/systemd/systemd-logind
(message+,45124,3704,00:00:14,647) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation
(root,1300116,26396,00:04:39,656) /usr/lib/snapd/snapd
(root,58340,3436,00:00:03,863) lldpd: monitor.
(root,15740,1528,00:00:00,865) /sbin/agetty --noclear tty1 linux
(_lldpd,58340,2296,00:00:34,911) lldpd: connected to SW_CORE_01.
(root,69956,6308,00:00:12,941) /usr/sbin/sshd -D
(root,0,0,00:00:00,951) [bioset]
(root,321460,49916,00:13:06,1100) /usr/bin/python3 /usr/bin/fail2ban-server -s /var/run/fail2ban/fail2ban.sock -p /var/run/fail2ban/fail2ban.pid -x -b
(root,536792,38668,00:03:06,1135) /usr/sbin/apache2 -k start
(root,82324,3784,00:02:34,1371) sendmail: MTA: accepting connections
(root,54104,7388,00:00:53,2126) mc
(root,21236,3944,00:00:00,2128) bash -rcfile .bashrc
(root,0,0,00:00:00,2246) [kworker/1:1]
(root,0,0,00:00:00,3685) [loop8]
(root,0,0,00:00:00,4042) [loop0]
(root,0,0,00:00:03,4357) [kworker/1:2]
(root,54272,8660,00:00:00,6797) mc
(root,21164,3792,00:00:00,6799) bash -rcfile .bashrc
(root,553760,4500,00:00:13,6847) /usr/sbin/rsyslogd -n
(root,318164,12052,00:00:24,7053) /usr/lib/packagekit/packagekitd
(root,286116,6208,00:00:13,7057) /usr/lib/policykit-1/polkitd --no-debug
(freerad,2370452,42564,02:16:25,7832) /usr/sbin/freeradius
(root,26872,4944,01:54:58,8257) htop
(mysql,1964764,691996,12:16:24,8877) /usr/sbin/mysqld
(root,0,0,00:00:00,9965) [loop6]
(root,0,0,00:00:00,10876) [kworker/5:1]
(root,0,0,00:00:00,10906) [kworker/u12:2]
(root,0,0,00:00:00,12334) [loop1]
(root,0,0,00:00:00,12990) [kworker/3:1]
(root,0,0,00:00:00,14585) [kworker/u12:0]
(root,0,0,00:00:00,14969) [kworker/5:2]
(root,0,0,00:00:01,15405) [kworker/2:2]
(root,0,0,00:00:00,16824) [kworker/4:1]
(root,0,0,00:00:00,17023) [kworker/3:0]
(root,0,0,00:00:00,17282) [kworker/0:1]
(root,0,0,00:00:00,17619) [kworker/0:0]
(root,99204,6608,00:00:00,17717) sshd: root [priv]
(sshd,69956,3336,00:00:00,17718) sshd: root [net]
(root,0,0,00:00:00,17832) [kworker/1:0]
(root,0,0,00:00:00,17839) [kworker/3:2]
(root,20896,3360,00:00:00,17840) /bin/bash /usr/bin/check_mk_agent
(root,36628,2836,00:00:00,17846) ps ax -o user,vsz,rss,cputime,pid,command --columns 10000
(root,13204,972,00:00:00,17847) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4,\5) /
(www-data,536884,20564,00:00:00,19365) /usr/sbin/apache2 -k start
(root,0,0,00:00:02,25236) [kworker/0:2]
(www-data,537580,24624,00:00:00,25503) /usr/sbin/apache2 -k start
(www-data,537276,19224,00:00:00,25504) /usr/sbin/apache2 -k start
(www-data,537916,26996,00:00:00,25505) /usr/sbin/apache2 -k start
(www-data,537084,14592,00:00:00,25506) /usr/sbin/apache2 -k start
(www-data,537084,14628,00:00:00,25507) /usr/sbin/apache2 -k start
(www-data,537084,14576,00:00:00,25575) /usr/sbin/apache2 -k start
(root,0,0,00:00:01,26271) [kworker/4:0]
(www-data,537084,14580,00:00:00,27574) /usr/sbin/apache2 -k start
(root,0,0,00:00:01,30483) [kworker/2:0]
(root,99352,6872,00:00:02,30595) sshd: root@pts/2
(root,22696,5252,00:00:00,30601) -bash
(root,99352,6972,00:02:34,32228) sshd: root@pts/0
(root,56536,6060,00:00:00,32230) /lib/systemd/systemd --user
(root,232396,1720,00:00:00,32231) (sd-pam)
(root,22736,5488,00:00:00,32237) -bash

Found on 2024-11-04 01:19

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbdb152c97192c0d284810ab27e16e94ce6d8fc2d4

Found public CheckMk agent:
Version: 1.2.6b5
AgentOS: linux
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local

Found process list through CheckMk:
(root,204812,6804,00:00:52,1) /sbin/init
(root,0,0,00:00:00,2) [kthreadd]
(root,0,0,00:00:00,4) [kworker/0:0H]
(root,0,0,00:00:35,6) [kworker/0:1H]
(root,0,0,00:00:00,7) [ksoftirqd/0]
(root,0,0,00:21:29,8) [rcu_sched]
(root,0,0,00:00:00,9) [rcu_bh]
(root,0,0,00:00:00,10) [migration/0]
(root,0,0,00:00:00,11) [lru-add-drain]
(root,0,0,00:00:04,12) [watchdog/0]
(root,0,0,00:00:00,13) [cpuhp/0]
(root,0,0,00:00:00,14) [cpuhp/1]
(root,0,0,00:00:04,15) [watchdog/1]
(root,0,0,00:00:00,16) [migration/1]
(root,0,0,00:00:05,17) [ksoftirqd/1]
(root,0,0,00:00:00,19) [kworker/1:0H]
(root,0,0,00:00:00,20) [cpuhp/2]
(root,0,0,00:00:04,21) [watchdog/2]
(root,0,0,00:00:00,22) [migration/2]
(root,0,0,00:00:00,23) [ksoftirqd/2]
(root,0,0,00:00:00,25) [kworker/2:0H]
(root,0,0,00:00:00,26) [cpuhp/3]
(root,0,0,00:00:04,27) [watchdog/3]
(root,0,0,00:00:00,28) [migration/3]
(root,0,0,00:00:46,29) [ksoftirqd/3]
(root,0,0,00:00:00,31) [kworker/3:0H]
(root,0,0,00:00:00,32) [cpuhp/4]
(root,0,0,00:00:05,33) [watchdog/4]
(root,0,0,00:00:00,34) [migration/4]
(root,0,0,00:00:00,35) [ksoftirqd/4]
(root,0,0,00:00:00,37) [kworker/4:0H]
(root,0,0,00:00:00,38) [cpuhp/5]
(root,0,0,00:00:04,39) [watchdog/5]
(root,0,0,00:00:00,40) [migration/5]
(root,0,0,00:00:01,41) [ksoftirqd/5]
(root,0,0,00:00:00,43) [kworker/5:0H]
(root,0,0,00:00:00,44) [kdevtmpfs]
(root,0,0,00:00:00,45) [netns]
(root,0,0,00:00:01,46) [khungtaskd]
(root,0,0,00:00:00,47) [oom_reaper]
(root,0,0,00:00:00,48) [writeback]
(root,0,0,00:00:00,49) [kcompactd0]
(root,0,0,00:00:00,51) [ksmd]
(root,0,0,00:00:00,52) [khugepaged]
(root,0,0,00:00:00,53) [crypto]
(root,0,0,00:00:00,54) [kintegrityd]
(root,0,0,00:00:00,55) [bioset]
(root,0,0,00:00:00,56) [kblockd]
(root,0,0,00:00:00,57) [devfreq_wq]
(root,0,0,00:00:00,58) [watchdogd]
(root,0,0,00:00:08,59) [kswapd0]
(root,0,0,00:00:00,60) [vmstat]
(root,0,0,00:00:00,72) [kthrotld]
(root,0,0,00:00:00,73) [ipv6_addrconf]
(root,0,0,00:00:00,109) [mpt_poll_0]
(root,0,0,00:00:00,110) [mpt/0]
(root,0,0,00:00:00,111) [ata_sff]
(root,0,0,00:00:00,147) [scsi_eh_0]
(root,0,0,00:00:00,148) [scsi_tmf_0]
(root,0,0,00:00:00,149) [bioset]
(root,0,0,00:00:00,150) [scsi_eh_1]
(root,0,0,00:00:00,152) [scsi_tmf_1]
(root,0,0,00:00:00,153) [scsi_eh_2]
(root,0,0,00:00:00,154) [scsi_tmf_2]
(root,0,0,00:00:00,171) [bioset]
(root,0,0,00:00:36,174) [kworker/5:1H]
(root,0,0,00:02:34,176) [kworker/1:1H]
(root,0,0,00:00:36,177) [kworker/4:1H]
(root,0,0,00:00:00,203) [kworker/u13:0]
(root,0,0,00:00:52,212) [kworker/2:1H]
(root,0,0,00:11:07,214) [jbd2/sda3-8]
(root,0,0,00:00:00,215) [ext4-rsv-conver]
(root,0,0,00:02:15,237) [kworker/3:1H]
(root,135004,8552,00:28:29,241) /usr/bin/vmtoolsd
(root,0,0,00:00:00,242) [kauditd]
(root,76844,17608,00:26:02,253) /lib/systemd/systemd-journald
(root,98996,1200,00:00:00,273) /sbin/lvmetad -f
(root,47416,3332,00:00:03,305) /lib/systemd/systemd-udevd
(root,0,0,00:00:00,308) [bioset]
(root,0,0,00:00:00,309) [bioset]
(root,0,0,00:00:00,310) [bioset]
(root,0,0,00:00:00,311) [bioset]
(root,0,0,00:00:00,312) [bioset]
(root,0,0,00:00:00,313) [bioset]
(root,0,0,00:00:00,314) [bioset]
(root,0,0,00:00:00,315) [bioset]
(root,0,0,00:00:00,316) [loop0]
(root,0,0,00:00:00,318) [loop2]
(root,0,0,00:00:00,324) [loop4]
(root,0,0,00:00:00,325) [loop5]
(root,0,0,00:00:00,329) [loop7]
(root,0,0,00:00:00,362) [ttm_swap]
(root,0,0,00:00:00,604) [jbd2/sda1-8]
(root,0,0,00:00:00,605) [ext4-rsv-conver]
(systemd+,127284,4096,00:00:05,621) /lib/systemd/systemd-timesyncd
(root,30876,2824,00:00:05,643) /usr/sbin/cron -f
(root,35912,3264,00:01:29,644) /usr/sbin/irqbalance --foreground
(root,153692,16004,00:00:00,645) /usr/bin/VGAuthService
(root,46668,4924,00:00:06,646) /lib/systemd/systemd-logind
(message+,45124,3704,00:00:07,647) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation
(root,1299860,26996,00:02:17,656) /usr/lib/snapd/snapd
(root,58340,3708,00:00:01,863) lldpd: monitor.
(root,15740,1528,00:00:00,865) /sbin/agetty --noclear tty1 linux
(_lldpd,58340,2468,00:00:16,911) lldpd: connected to SW_CORE_01.
(root,69956,6308,00:00:04,941) /usr/sbin/sshd -D
(root,0,0,00:00:00,951) [bioset]
(root,979984,10396,01:48:34,1063) /usr/sbin/collectd
(root,321460,49912,00:06:22,1100) /usr/bin/python3 /usr/bin/fail2ban-server -s /var/run/fail2ban/fail2ban.sock -p /var/run/fail2ban/fail2ban.pid -x -b
(root,536792,38668,00:01:32,1135) /usr/sbin/apache2 -k start
(www-data,542160,31376,00:00:00,1251) /usr/sbin/apache2 -k start
(www-data,537148,25572,00:00:00,1252) /usr/sbin/apache2 -k start
(root,82324,3784,00:01:15,1371) sendmail: MTA: accepting connections
(root,0,0,00:00:00,2251) [kworker/5:0]
(root,0,0,00:00:00,2524) [kworker/5:2]
(root,0,0,00:00:00,3939) [kworker/0:0]
(root,0,0,00:00:01,4166) [kworker/1:2]
(root,0,0,00:00:00,4412) [kworker/3:2]
(root,0,0,00:00:00,4687) [kworker/3:1]
(www-data,541892,29476,00:00:00,4770) /usr/sbin/apache2 -k start
(www-data,536872,12232,00:00:00,4771) /usr/sbin/apache2 -k start
(www-data,536872,12232,00:00:00,4772) /usr/sbin/apache2 -k start
(www-data,536872,12232,00:00:00,4773) /usr/sbin/apache2 -k start
(root,0,0,00:00:00,4779) [kworker/0:2]
(root,0,0,00:00:00,4954) [kworker/0:1]
(root,20900,3268,00:00:00,5027) /bin/bash /usr/bin/check_mk_agent
(root,20896,3372,00:00:00,5086) /bin/bash /usr/bin/check_mk_agent
(root,18004,2932,00:00:00,5094) bash ./freeradius.sh
(root,36628,2788,00:00:00,5095) ps ax -o user,vsz,rss,cputime,pid,command --columns 10000
(root,13204,968,00:00:00,5096) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4,\5) /
(root,318164,12052,00:00:12,7053) /usr/lib/packagekit/packagekitd
(root,286116,6208,00:00:07,7057) /usr/lib/policykit-1/polkitd --no-debug
(freerad,2354136,28768,00:32:30,7832) /usr/sbin/freeradius
(root,99352,6948,00:00:01,8461) sshd: root@pts/0
(root,56536,5920,00:00:00,8463) /lib/systemd/systemd --user
(root,232396,1780,00:00:00,8464) (sd-pam)
(root,22456,5192,00:00:00,8470) -bash
(root,0,0,00:00:54,8479) [kworker/u12:0]
(root,54108,8376,00:00:00,8578) mc
(root,21168,3904,00:00:00,8580) bash -rcfile .bashrc
(mysql,1555164,682724,04:34:52,8877) /usr/sbin/mysqld
(root,0,0,00:00:00,12334) [loop1]
(root,0,0,00:00:00,18592) [kworker/u12:1]
(root,553760,5048,00:00:46,20311) /usr/sbin/rsyslogd -n
(root,0,0,00:00:20,26916) [kworker/1:0]
(www-data,537556,26532,00:00:00,27089) /usr/sbin/apache2 -k start
(www-data,537164,14732,00:00:00,27090) /usr/sbin/apache2 -k start
(www-data,537212,23632,00:00:00,27092) /usr/sbin/apache2 -k start
(www-data,542212,33744,00:00:00,27093) /usr/sbin/apache2 -k start
(root,0,0,00:00:00,28054) [loop8]
(root,0,0,00:00:00,28194) [loop3]
(root,0,0,00:00:00,29778) [kworker/2:2]
(root,0,0,00:00:03,30329) [kworker/2:1]
(root,0,0,00:00:00,31140) [kworker/4:0]
(root,0,0,00:00:01,31613) [kworker/4:2]

Found on 2024-10-05 23:42

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbdb152c97192c0d284810ab27e16e94ce1da559a8

Found public CheckMk agent:
Version: 1.2.6b5
AgentOS: linux
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local

Found process list through CheckMk:
(root,204812,6804,00:00:48,1) /sbin/init
(root,0,0,00:00:00,2) [kthreadd]
(root,0,0,00:00:00,4) [kworker/0:0H]
(root,0,0,00:00:32,6) [kworker/0:1H]
(root,0,0,00:00:00,7) [ksoftirqd/0]
(root,0,0,00:20:07,8) [rcu_sched]
(root,0,0,00:00:00,9) [rcu_bh]
(root,0,0,00:00:00,10) [migration/0]
(root,0,0,00:00:00,11) [lru-add-drain]
(root,0,0,00:00:04,12) [watchdog/0]
(root,0,0,00:00:00,13) [cpuhp/0]
(root,0,0,00:00:00,14) [cpuhp/1]
(root,0,0,00:00:04,15) [watchdog/1]
(root,0,0,00:00:00,16) [migration/1]
(root,0,0,00:00:05,17) [ksoftirqd/1]
(root,0,0,00:00:00,19) [kworker/1:0H]
(root,0,0,00:00:00,20) [cpuhp/2]
(root,0,0,00:00:04,21) [watchdog/2]
(root,0,0,00:00:00,22) [migration/2]
(root,0,0,00:00:00,23) [ksoftirqd/2]
(root,0,0,00:00:00,25) [kworker/2:0H]
(root,0,0,00:00:00,26) [cpuhp/3]
(root,0,0,00:00:04,27) [watchdog/3]
(root,0,0,00:00:00,28) [migration/3]
(root,0,0,00:00:45,29) [ksoftirqd/3]
(root,0,0,00:00:00,31) [kworker/3:0H]
(root,0,0,00:00:00,32) [cpuhp/4]
(root,0,0,00:00:04,33) [watchdog/4]
(root,0,0,00:00:00,34) [migration/4]
(root,0,0,00:00:00,35) [ksoftirqd/4]
(root,0,0,00:00:00,37) [kworker/4:0H]
(root,0,0,00:00:00,38) [cpuhp/5]
(root,0,0,00:00:04,39) [watchdog/5]
(root,0,0,00:00:00,40) [migration/5]
(root,0,0,00:00:01,41) [ksoftirqd/5]
(root,0,0,00:00:00,43) [kworker/5:0H]
(root,0,0,00:00:00,44) [kdevtmpfs]
(root,0,0,00:00:00,45) [netns]
(root,0,0,00:00:01,46) [khungtaskd]
(root,0,0,00:00:00,47) [oom_reaper]
(root,0,0,00:00:00,48) [writeback]
(root,0,0,00:00:00,49) [kcompactd0]
(root,0,0,00:00:00,51) [ksmd]
(root,0,0,00:00:00,52) [khugepaged]
(root,0,0,00:00:00,53) [crypto]
(root,0,0,00:00:00,54) [kintegrityd]
(root,0,0,00:00:00,55) [bioset]
(root,0,0,00:00:00,56) [kblockd]
(root,0,0,00:00:00,57) [devfreq_wq]
(root,0,0,00:00:00,58) [watchdogd]
(root,0,0,00:00:07,59) [kswapd0]
(root,0,0,00:00:00,60) [vmstat]
(root,0,0,00:00:00,72) [kthrotld]
(root,0,0,00:00:00,73) [ipv6_addrconf]
(root,0,0,00:00:00,109) [mpt_poll_0]
(root,0,0,00:00:00,110) [mpt/0]
(root,0,0,00:00:00,111) [ata_sff]
(root,0,0,00:00:00,147) [scsi_eh_0]
(root,0,0,00:00:00,148) [scsi_tmf_0]
(root,0,0,00:00:00,149) [bioset]
(root,0,0,00:00:00,150) [scsi_eh_1]
(root,0,0,00:00:00,152) [scsi_tmf_1]
(root,0,0,00:00:00,153) [scsi_eh_2]
(root,0,0,00:00:00,154) [scsi_tmf_2]
(root,0,0,00:00:00,171) [bioset]
(root,0,0,00:00:33,174) [kworker/5:1H]
(root,0,0,00:02:24,176) [kworker/1:1H]
(root,0,0,00:00:33,177) [kworker/4:1H]
(root,0,0,00:00:00,203) [kworker/u13:0]
(root,0,0,00:00:49,212) [kworker/2:1H]
(root,0,0,00:10:18,214) [jbd2/sda3-8]
(root,0,0,00:00:00,215) [ext4-rsv-conver]
(root,0,0,00:02:08,237) [kworker/3:1H]
(root,135004,8552,00:26:32,241) /usr/bin/vmtoolsd
(root,0,0,00:00:00,242) [kauditd]
(root,62584,5912,00:24:16,253) /lib/systemd/systemd-journald
(root,98996,1200,00:00:00,273) /sbin/lvmetad -f
(root,47416,3544,00:00:03,305) /lib/systemd/systemd-udevd
(root,0,0,00:00:00,308) [bioset]
(root,0,0,00:00:00,309) [bioset]
(root,0,0,00:00:00,310) [bioset]
(root,0,0,00:00:00,311) [bioset]
(root,0,0,00:00:00,312) [bioset]
(root,0,0,00:00:00,313) [bioset]
(root,0,0,00:00:00,314) [bioset]
(root,0,0,00:00:00,315) [bioset]
(root,0,0,00:00:00,316) [loop0]
(root,0,0,00:00:00,318) [loop2]
(root,0,0,00:00:00,324) [loop4]
(root,0,0,00:00:00,325) [loop5]
(root,0,0,00:00:00,329) [loop7]
(root,0,0,00:00:00,362) [ttm_swap]
(root,0,0,00:00:00,604) [jbd2/sda1-8]
(root,0,0,00:00:00,605) [ext4-rsv-conver]
(systemd+,127284,4096,00:00:04,621) /lib/systemd/systemd-timesyncd
(root,30876,2824,00:00:04,643) /usr/sbin/cron -f
(root,35912,3264,00:01:23,644) /usr/sbin/irqbalance --foreground
(root,153692,16712,00:00:00,645) /usr/bin/VGAuthService
(root,46668,4948,00:00:06,646) /lib/systemd/systemd-logind
(message+,45124,3756,00:00:07,647) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation
(root,1299860,26648,00:02:07,656) /usr/lib/snapd/snapd
(root,58340,4340,00:00:01,863) lldpd: monitor.
(root,15740,1528,00:00:00,865) /sbin/agetty --noclear tty1 linux
(_lldpd,58340,2884,00:00:15,911) lldpd: connected to SW_CORE_01.
(root,69956,6308,00:00:04,941) /usr/sbin/sshd -D
(root,0,0,00:00:00,951) [bioset]
(root,979984,10496,01:41:05,1063) /usr/sbin/collectd
(root,321460,49920,00:05:57,1100) /usr/bin/python3 /usr/bin/fail2ban-server -s /var/run/fail2ban/fail2ban.sock -p /var/run/fail2ban/fail2ban.pid -x -b
(root,536436,38368,00:01:25,1135) /usr/sbin/apache2 -k start
(root,82324,3784,00:01:10,1371) sendmail: MTA: accepting connections
(root,0,0,00:00:00,4478) [kworker/5:1]
(www-data,537224,22940,00:00:00,4491) /usr/sbin/apache2 -k start
(www-data,537224,21884,00:00:00,4492) /usr/sbin/apache2 -k start
(root,0,0,00:00:01,4799) [kworker/5:0]
(root,0,0,00:00:01,6600) [kworker/0:1]
(root,318164,12052,00:00:11,7053) /usr/lib/packagekit/packagekitd
(root,286116,6208,00:00:06,7057) /usr/lib/policykit-1/polkitd --no-debug
(freerad,2337948,29028,00:30:13,7832) /usr/sbin/freeradius
(root,0,0,00:00:00,8119) [kworker/4:0]
(root,0,0,00:00:02,8417) [kworker/1:2]
(root,99352,6948,00:00:00,8461) sshd: root@pts/0
(root,56536,5920,00:00:00,8463) /lib/systemd/systemd --user
(root,232396,1780,00:00:00,8464) (sd-pam)
(root,22456,5192,00:00:00,8470) -bash
(root,0,0,00:00:30,8479) [kworker/u12:0]
(root,54108,8376,00:00:00,8578) mc
(root,21168,3904,00:00:00,8580) bash -rcfile .bashrc
(mysql,1555164,681976,04:13:59,8877) /usr/sbin/mysqld
(root,0,0,00:00:00,8988) [kworker/2:1]
(root,0,0,00:00:00,9225) [kworker/2:0]
(root,0,0,00:00:00,9476) [kworker/3:0]
(root,0,0,00:00:00,9723) [kworker/1:1]
(root,0,0,00:00:00,9989) [kworker/3:2]
(root,0,0,00:00:00,10010) [kworker/0:2]
(root,0,0,00:00:00,10060) [kworker/0:0]
(root,20900,3420,00:00:00,10112) /bin/bash /usr/bin/check_mk_agent
(root,20896,3360,00:00:00,10171) /bin/bash /usr/bin/check_mk_agent
(root,18004,2908,00:00:00,10179) bash ./freeradius.sh
(root,36628,2740,00:00:00,10180) ps ax -o user,vsz,rss,cputime,pid,command --columns 10000
(root,13204,936,00:00:00,10181) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4,\5) /
(root,0,0,00:00:00,12334) [loop1]
(root,0,0,00:00:00,18592) [kworker/u12:1]
(root,553760,4948,00:00:20,20311) /usr/sbin/rsyslogd -n
(root,0,0,00:00:00,28054) [loop8]
(root,0,0,00:00:00,28194) [loop3]
(www-data,538176,27420,00:00:00,32113) /usr/sbin/apache2 -k start
(www-data,537500,26492,00:00:00,32114) /usr/sbin/apache2 -k start
(www-data,537648,26616,00:00:00,32115) /usr/sbin/apache2 -k start
(www-data,537664,25864,00:00:00,32116) /usr/sbin/apache2 -k start
(www-data,537656,25896,00:00:00,32117) /usr/sbin/apache2 -k start
(www-data,537656,26348,00:00:00,32157) /usr/sbin/apache2 -k start
(www-data,537660,26360,00:00:00,32353) /usr/sbin/apache2 -k start
(root,0,0,00:00:01,32423) [kworker/4:1]

Found on 2024-10-03 23:27

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbdb152c97192c0d284810ab27e16e94ce294b5ae0

Found public CheckMk agent:
Version: 1.2.6b5
AgentOS: linux
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local

Found process list through CheckMk:
(root,204812,6836,00:00:44,1) /sbin/init
(root,0,0,00:00:00,2) [kthreadd]
(root,0,0,00:00:00,4) [kworker/0:0H]
(root,0,0,00:00:29,6) [kworker/0:1H]
(root,0,0,00:00:00,7) [ksoftirqd/0]
(root,0,0,00:18:44,8) [rcu_sched]
(root,0,0,00:00:00,9) [rcu_bh]
(root,0,0,00:00:00,10) [migration/0]
(root,0,0,00:00:00,11) [lru-add-drain]
(root,0,0,00:00:04,12) [watchdog/0]
(root,0,0,00:00:00,13) [cpuhp/0]
(root,0,0,00:00:00,14) [cpuhp/1]
(root,0,0,00:00:03,15) [watchdog/1]
(root,0,0,00:00:00,16) [migration/1]
(root,0,0,00:00:04,17) [ksoftirqd/1]
(root,0,0,00:00:00,19) [kworker/1:0H]
(root,0,0,00:00:00,20) [cpuhp/2]
(root,0,0,00:00:04,21) [watchdog/2]
(root,0,0,00:00:00,22) [migration/2]
(root,0,0,00:00:00,23) [ksoftirqd/2]
(root,0,0,00:00:00,25) [kworker/2:0H]
(root,0,0,00:00:00,26) [cpuhp/3]
(root,0,0,00:00:03,27) [watchdog/3]
(root,0,0,00:00:00,28) [migration/3]
(root,0,0,00:00:43,29) [ksoftirqd/3]
(root,0,0,00:00:00,31) [kworker/3:0H]
(root,0,0,00:00:00,32) [cpuhp/4]
(root,0,0,00:00:04,33) [watchdog/4]
(root,0,0,00:00:00,34) [migration/4]
(root,0,0,00:00:00,35) [ksoftirqd/4]
(root,0,0,00:00:00,37) [kworker/4:0H]
(root,0,0,00:00:00,38) [cpuhp/5]
(root,0,0,00:00:04,39) [watchdog/5]
(root,0,0,00:00:00,40) [migration/5]
(root,0,0,00:00:01,41) [ksoftirqd/5]
(root,0,0,00:00:00,43) [kworker/5:0H]
(root,0,0,00:00:00,44) [kdevtmpfs]
(root,0,0,00:00:00,45) [netns]
(root,0,0,00:00:01,46) [khungtaskd]
(root,0,0,00:00:00,47) [oom_reaper]
(root,0,0,00:00:00,48) [writeback]
(root,0,0,00:00:00,49) [kcompactd0]
(root,0,0,00:00:00,51) [ksmd]
(root,0,0,00:00:00,52) [khugepaged]
(root,0,0,00:00:00,53) [crypto]
(root,0,0,00:00:00,54) [kintegrityd]
(root,0,0,00:00:00,55) [bioset]
(root,0,0,00:00:00,56) [kblockd]
(root,0,0,00:00:00,57) [devfreq_wq]
(root,0,0,00:00:00,58) [watchdogd]
(root,0,0,00:00:06,59) [kswapd0]
(root,0,0,00:00:00,60) [vmstat]
(root,0,0,00:00:00,72) [kthrotld]
(root,0,0,00:00:00,73) [ipv6_addrconf]
(root,0,0,00:00:00,109) [mpt_poll_0]
(root,0,0,00:00:00,110) [mpt/0]
(root,0,0,00:00:00,111) [ata_sff]
(root,0,0,00:00:00,147) [scsi_eh_0]
(root,0,0,00:00:00,148) [scsi_tmf_0]
(root,0,0,00:00:00,149) [bioset]
(root,0,0,00:00:00,150) [scsi_eh_1]
(root,0,0,00:00:00,152) [scsi_tmf_1]
(root,0,0,00:00:00,153) [scsi_eh_2]
(root,0,0,00:00:00,154) [scsi_tmf_2]
(root,0,0,00:00:00,171) [bioset]
(root,0,0,00:00:31,174) [kworker/5:1H]
(root,0,0,00:02:13,176) [kworker/1:1H]
(root,0,0,00:00:31,177) [kworker/4:1H]
(root,0,0,00:00:00,203) [kworker/u13:0]
(root,0,0,00:00:45,212) [kworker/2:1H]
(root,0,0,00:09:30,214) [jbd2/sda3-8]
(root,0,0,00:00:00,215) [ext4-rsv-conver]
(root,0,0,00:02:00,237) [kworker/3:1H]
(root,135004,10520,00:24:36,241) /usr/bin/vmtoolsd
(root,0,0,00:00:00,242) [kauditd]
(root,76844,15652,00:22:30,253) /lib/systemd/systemd-journald
(root,98996,1248,00:00:00,273) /sbin/lvmetad -f
(root,47416,3988,00:00:03,305) /lib/systemd/systemd-udevd
(root,0,0,00:00:00,308) [bioset]
(root,0,0,00:00:00,309) [bioset]
(root,0,0,00:00:00,310) [bioset]
(root,0,0,00:00:00,311) [bioset]
(root,0,0,00:00:00,312) [bioset]
(root,0,0,00:00:00,313) [bioset]
(root,0,0,00:00:00,314) [bioset]
(root,0,0,00:00:00,315) [bioset]
(root,0,0,00:00:00,316) [loop0]
(root,0,0,00:00:00,318) [loop2]
(root,0,0,00:00:00,324) [loop4]
(root,0,0,00:00:00,325) [loop5]
(root,0,0,00:00:00,329) [loop7]
(root,0,0,00:00:00,362) [ttm_swap]
(root,0,0,00:00:00,604) [jbd2/sda1-8]
(root,0,0,00:00:00,605) [ext4-rsv-conver]
(systemd+,127284,4100,00:00:04,621) /lib/systemd/systemd-timesyncd
(root,30876,2824,00:00:04,643) /usr/sbin/cron -f
(root,35912,3312,00:01:17,644) /usr/sbin/irqbalance --foreground
(root,153692,18136,00:00:00,645) /usr/bin/VGAuthService
(root,46668,5004,00:00:05,646) /lib/systemd/systemd-logind
(message+,45124,3864,00:00:06,647) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation
(root,1299860,27140,00:01:58,656) /usr/lib/snapd/snapd
(root,58340,4368,00:00:01,863) lldpd: monitor.
(root,15740,1532,00:00:00,865) /sbin/agetty --noclear tty1 linux
(_lldpd,58340,2908,00:00:14,911) lldpd: connected to SW_CORE_01.
(root,69956,6308,00:00:04,941) /usr/sbin/sshd -D
(root,0,0,00:00:00,951) [bioset]
(root,979984,10560,01:33:35,1063) /usr/sbin/collectd
(root,321460,49932,00:05:32,1100) /usr/bin/python3 /usr/bin/fail2ban-server -s /var/run/fail2ban/fail2ban.sock -p /var/run/fail2ban/fail2ban.pid -x -b
(root,536436,38352,00:01:19,1135) /usr/sbin/apache2 -k start
(root,82324,3784,00:01:05,1371) sendmail: MTA: accepting connections
(root,0,0,00:00:03,3758) [kworker/5:2]
(www-data,538112,27260,00:00:00,4438) /usr/sbin/apache2 -k start
(www-data,537480,26264,00:00:00,4439) /usr/sbin/apache2 -k start
(www-data,537632,26312,00:00:00,4440) /usr/sbin/apache2 -k start
(www-data,537708,27304,00:00:00,4441) /usr/sbin/apache2 -k start
(www-data,537652,26728,00:00:01,4442) /usr/sbin/apache2 -k start
(www-data,537104,26004,00:00:00,4542) /usr/sbin/apache2 -k start
(www-data,537476,26188,00:00:00,4756) /usr/sbin/apache2 -k start
(www-data,537644,26724,00:00:01,4764) /usr/sbin/apache2 -k start
(www-data,537632,26400,00:00:00,4774) /usr/sbin/apache2 -k start
(www-data,537644,26420,00:00:00,4781) /usr/sbin/apache2 -k start
(root,318164,12056,00:00:10,7053) /usr/lib/packagekit/packagekitd
(root,286116,6208,00:00:06,7057) /usr/lib/policykit-1/polkitd --no-debug
(freerad,2338052,29048,00:27:56,7832) /usr/sbin/freeradius
(root,99352,6948,00:00:00,8461) sshd: root@pts/0
(root,56536,5920,00:00:00,8463) /lib/systemd/systemd --user
(root,232396,1780,00:00:00,8464) (sd-pam)
(root,22456,5192,00:00:00,8470) -bash
(root,0,0,00:00:05,8479) [kworker/u12:0]
(root,0,0,00:00:00,8512) [kworker/5:0]
(root,54108,8376,00:00:00,8578) mc
(root,21168,3904,00:00:00,8580) bash -rcfile .bashrc
(root,553760,5040,00:00:08,8604) /usr/sbin/rsyslogd -n
(root,4276,696,00:00:00,8706) /bin/sh /usr/bin/sensible-editor /etc/rsyslog.d/50-telegraf.conf
(root,54020,7984,00:00:00,8714) /usr/bin/mcedit /etc/rsyslog.d/50-telegraf.conf
(mysql,1551068,682820,03:53:17,8877) /usr/sbin/mysqld
(root,0,0,00:00:08,9776) [kworker/1:2]
(root,0,0,00:00:00,12334) [loop1]
(root,0,0,00:00:00,12921) [kworker/4:0]
(root,0,0,00:00:00,12999) [kworker/4:2]
(root,0,0,00:00:00,13438) [kworker/3:1]
(root,0,0,00:00:00,13729) [kworker/3:0]
(root,0,0,00:00:02,13897) [kworker/1:1]
(root,0,0,00:00:00,14109) [kworker/0:0]
(root,0,0,00:00:00,15180) [kworker/2:0]
(root,0,0,00:00:00,15407) [kworker/2:2]
(root,0,0,00:00:00,15495) [kworker/0:1]
(root,0,0,00:00:00,15503) [kworker/0:2]
(root,20900,3348,00:00:00,15543) /bin/bash /usr/bin/check_mk_agent
(root,20896,3452,00:00:00,15608) /bin/bash /usr/bin/check_mk_agent
(root,18004,2944,00:00:00,15619) bash ./freeradius.sh
(root,36628,2864,00:00:00,15620) ps ax -o user,vsz,rss,cputime,pid,command --columns 10000
(root,13204,980,00:00:00,15621) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4,\5) /
(root,0,0,00:00:43,26730) [kworker/u12:2]
(root,0,0,00:00:00,28054) [loop8]
(root,0,0,00:00:00,28194) [loop3]

Found on 2024-10-01 23:38

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbdb152c97192c0d284810ab27e16e94ce1c7c6f47

Found public CheckMk agent:
Version: 1.2.6b5
AgentOS: linux
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local

Found process list through CheckMk:
(root,204812,6896,00:00:40,1) /sbin/init
(root,0,0,00:00:00,2) [kthreadd]
(root,0,0,00:00:00,4) [kworker/0:0H]
(root,0,0,00:00:27,6) [kworker/0:1H]
(root,0,0,00:00:00,7) [ksoftirqd/0]
(root,0,0,00:16:45,8) [rcu_sched]
(root,0,0,00:00:00,9) [rcu_bh]
(root,0,0,00:00:00,10) [migration/0]
(root,0,0,00:00:00,11) [lru-add-drain]
(root,0,0,00:00:03,12) [watchdog/0]
(root,0,0,00:00:00,13) [cpuhp/0]
(root,0,0,00:00:00,14) [cpuhp/1]
(root,0,0,00:00:03,15) [watchdog/1]
(root,0,0,00:00:00,16) [migration/1]
(root,0,0,00:00:04,17) [ksoftirqd/1]
(root,0,0,00:00:00,19) [kworker/1:0H]
(root,0,0,00:00:00,20) [cpuhp/2]
(root,0,0,00:00:03,21) [watchdog/2]
(root,0,0,00:00:00,22) [migration/2]
(root,0,0,00:00:00,23) [ksoftirqd/2]
(root,0,0,00:00:00,25) [kworker/2:0H]
(root,0,0,00:00:00,26) [cpuhp/3]
(root,0,0,00:00:03,27) [watchdog/3]
(root,0,0,00:00:00,28) [migration/3]
(root,0,0,00:00:38,29) [ksoftirqd/3]
(root,0,0,00:00:00,31) [kworker/3:0H]
(root,0,0,00:00:00,32) [cpuhp/4]
(root,0,0,00:00:04,33) [watchdog/4]
(root,0,0,00:00:00,34) [migration/4]
(root,0,0,00:00:00,35) [ksoftirqd/4]
(root,0,0,00:00:00,37) [kworker/4:0H]
(root,0,0,00:00:00,38) [cpuhp/5]
(root,0,0,00:00:03,39) [watchdog/5]
(root,0,0,00:00:00,40) [migration/5]
(root,0,0,00:00:01,41) [ksoftirqd/5]
(root,0,0,00:00:00,43) [kworker/5:0H]
(root,0,0,00:00:00,44) [kdevtmpfs]
(root,0,0,00:00:00,45) [netns]
(root,0,0,00:00:01,46) [khungtaskd]
(root,0,0,00:00:00,47) [oom_reaper]
(root,0,0,00:00:00,48) [writeback]
(root,0,0,00:00:00,49) [kcompactd0]
(root,0,0,00:00:00,51) [ksmd]
(root,0,0,00:00:00,52) [khugepaged]
(root,0,0,00:00:00,53) [crypto]
(root,0,0,00:00:00,54) [kintegrityd]
(root,0,0,00:00:00,55) [bioset]
(root,0,0,00:00:00,56) [kblockd]
(root,0,0,00:00:00,57) [devfreq_wq]
(root,0,0,00:00:00,58) [watchdogd]
(root,0,0,00:00:06,59) [kswapd0]
(root,0,0,00:00:00,60) [vmstat]
(root,0,0,00:00:00,72) [kthrotld]
(root,0,0,00:00:00,73) [ipv6_addrconf]
(root,0,0,00:00:00,109) [mpt_poll_0]
(root,0,0,00:00:00,110) [mpt/0]
(root,0,0,00:00:00,111) [ata_sff]
(root,0,0,00:00:00,147) [scsi_eh_0]
(root,0,0,00:00:00,148) [scsi_tmf_0]
(root,0,0,00:00:00,149) [bioset]
(root,0,0,00:00:00,150) [scsi_eh_1]
(root,0,0,00:00:00,152) [scsi_tmf_1]
(root,0,0,00:00:00,153) [scsi_eh_2]
(root,0,0,00:00:00,154) [scsi_tmf_2]
(root,0,0,00:00:00,171) [bioset]
(root,0,0,00:00:29,174) [kworker/5:1H]
(root,0,0,00:02:03,176) [kworker/1:1H]
(root,0,0,00:00:29,177) [kworker/4:1H]
(root,0,0,00:00:00,203) [kworker/u13:0]
(root,0,0,00:00:41,212) [kworker/2:1H]
(root,0,0,00:08:41,214) [jbd2/sda3-8]
(root,0,0,00:00:00,215) [ext4-rsv-conver]
(root,0,0,00:01:48,237) [kworker/3:1H]
(root,135004,10820,00:22:36,241) /usr/bin/vmtoolsd
(root,0,0,00:00:00,242) [kauditd]
(root,76908,18404,00:20:41,253) /lib/systemd/systemd-journald
(root,98996,1260,00:00:00,273) /sbin/lvmetad -f
(root,47416,4140,00:00:03,305) /lib/systemd/systemd-udevd
(root,0,0,00:00:00,308) [bioset]
(root,0,0,00:00:00,309) [bioset]
(root,0,0,00:00:00,310) [bioset]
(root,0,0,00:00:00,311) [bioset]
(root,0,0,00:00:00,312) [bioset]
(root,0,0,00:00:00,313) [bioset]
(root,0,0,00:00:00,314) [bioset]
(root,0,0,00:00:00,315) [bioset]
(root,0,0,00:00:00,316) [loop0]
(root,0,0,00:00:00,318) [loop2]
(root,0,0,00:00:00,324) [loop4]
(root,0,0,00:00:00,325) [loop5]
(root,0,0,00:00:00,329) [loop7]
(root,0,0,00:00:00,362) [ttm_swap]
(root,0,0,00:00:00,604) [jbd2/sda1-8]
(root,0,0,00:00:00,605) [ext4-rsv-conver]
(systemd+,127284,4100,00:00:04,621) /lib/systemd/systemd-timesyncd
(root,553760,5300,00:04:33,642) /usr/sbin/rsyslogd -n
(root,30876,2824,00:00:04,643) /usr/sbin/cron -f
(root,35912,3312,00:01:11,644) /usr/sbin/irqbalance --foreground
(root,153692,18276,00:00:00,645) /usr/bin/VGAuthService
(root,46668,5004,00:00:05,646) /lib/systemd/systemd-logind
(message+,45124,3864,00:00:06,647) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation
(root,1299860,26972,00:01:48,656) /usr/lib/snapd/snapd
(root,58340,4368,00:00:01,863) lldpd: monitor.
(root,15740,1532,00:00:00,865) /sbin/agetty --noclear tty1 linux
(_lldpd,58340,2908,00:00:13,911) lldpd: connected to SW_CORE_01.
(root,69956,6308,00:00:03,941) /usr/sbin/sshd -D
(root,0,0,00:00:00,951) [bioset]
(root,979984,10560,01:25:54,1063) /usr/sbin/collectd
(root,321460,49932,00:05:06,1100) /usr/bin/python3 /usr/bin/fail2ban-server -s /var/run/fail2ban/fail2ban.sock -p /var/run/fail2ban/fail2ban.pid -x -b
(root,536436,38344,00:01:12,1135) /usr/sbin/apache2 -k start
(root,82324,3784,00:00:59,1371) sendmail: MTA: accepting connections
(root,318164,12056,00:00:09,7053) /usr/lib/packagekit/packagekitd
(root,286116,6208,00:00:05,7057) /usr/lib/policykit-1/polkitd --no-debug
(freerad,1911700,27492,00:25:37,7832) /usr/sbin/freeradius
(mysql,1542876,682400,03:32:14,8877) /usr/sbin/mysqld
(www-data,536940,14232,00:00:00,10501) /usr/sbin/apache2 -k start
(www-data,536960,14348,00:00:00,10502) /usr/sbin/apache2 -k start
(www-data,536960,19352,00:00:00,10546) /usr/sbin/apache2 -k start
(www-data,537248,24872,00:00:00,11260) /usr/sbin/apache2 -k start
(www-data,536960,14344,00:00:00,11699) /usr/sbin/apache2 -k start
(root,0,0,00:00:00,12334) [loop1]
(www-data,536960,14368,00:00:00,13205) /usr/sbin/apache2 -k start
(www-data,536960,14268,00:00:00,13208) /usr/sbin/apache2 -k start
(www-data,536536,13620,00:00:00,13209) /usr/sbin/apache2 -k start
(www-data,536960,13552,00:00:00,13210) /usr/sbin/apache2 -k start
(www-data,536528,13636,00:00:00,13213) /usr/sbin/apache2 -k start
(root,0,0,00:00:01,15026) [kworker/2:1]
(root,0,0,00:00:00,15762) [kworker/4:2]
(root,0,0,00:00:00,15996) [kworker/4:1]
(root,0,0,00:00:00,16447) [kworker/u12:1]
(root,0,0,00:00:00,18080) [kworker/3:1]
(root,0,0,00:00:02,18344) [kworker/1:2]
(root,0,0,00:00:00,18853) [kworker/5:1]
(root,0,0,00:00:00,19195) [kworker/5:2]
(root,0,0,00:00:00,19413) [kworker/3:0]
(root,0,0,00:00:00,19474) [kworker/2:0]
(root,0,0,00:00:01,19715) [kworker/1:1]
(root,0,0,00:00:00,19721) [kworker/0:0]
(root,0,0,00:00:00,20285) [kworker/0:2]
(root,0,0,00:00:00,20452) [kworker/3:2]
(root,0,0,00:00:00,20482) [kworker/0:1]
(root,20900,3388,00:00:00,20526) /bin/bash /usr/bin/check_mk_agent
(root,20896,3404,00:00:00,20585) /bin/bash /usr/bin/check_mk_agent
(root,36628,2872,00:00:00,20595) ps ax -o user,vsz,rss,cputime,pid,command --columns 10000
(root,13204,948,00:00:00,20596) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4,\5) /
(root,0,0,00:00:24,26730) [kworker/u12:2]
(root,0,0,00:00:00,28054) [loop8]
(root,0,0,00:00:00,28194) [loop3]

Found on 2024-09-29 22:43

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbdb152c97192c0d284810ab27e16e94cee6f66e65

Found public CheckMk agent:
Version: 1.2.6b5
AgentOS: linux
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local

Found process list through CheckMk:
(root,204812,6896,00:00:36,1) /sbin/init
(root,0,0,00:00:00,2) [kthreadd]
(root,0,0,00:00:00,4) [kworker/0:0H]
(root,0,0,00:00:25,6) [kworker/0:1H]
(root,0,0,00:00:00,7) [ksoftirqd/0]
(root,0,0,00:14:40,8) [rcu_sched]
(root,0,0,00:00:00,9) [rcu_bh]
(root,0,0,00:00:00,10) [migration/0]
(root,0,0,00:00:00,11) [lru-add-drain]
(root,0,0,00:00:03,12) [watchdog/0]
(root,0,0,00:00:00,13) [cpuhp/0]
(root,0,0,00:00:00,14) [cpuhp/1]
(root,0,0,00:00:03,15) [watchdog/1]
(root,0,0,00:00:00,16) [migration/1]
(root,0,0,00:00:04,17) [ksoftirqd/1]
(root,0,0,00:00:00,19) [kworker/1:0H]
(root,0,0,00:00:00,20) [cpuhp/2]
(root,0,0,00:00:03,21) [watchdog/2]
(root,0,0,00:00:00,22) [migration/2]
(root,0,0,00:00:00,23) [ksoftirqd/2]
(root,0,0,00:00:00,25) [kworker/2:0H]
(root,0,0,00:00:00,26) [cpuhp/3]
(root,0,0,00:00:03,27) [watchdog/3]
(root,0,0,00:00:00,28) [migration/3]
(root,0,0,00:00:33,29) [ksoftirqd/3]
(root,0,0,00:00:00,31) [kworker/3:0H]
(root,0,0,00:00:00,32) [cpuhp/4]
(root,0,0,00:00:03,33) [watchdog/4]
(root,0,0,00:00:00,34) [migration/4]
(root,0,0,00:00:00,35) [ksoftirqd/4]
(root,0,0,00:00:00,37) [kworker/4:0H]
(root,0,0,00:00:00,38) [cpuhp/5]
(root,0,0,00:00:03,39) [watchdog/5]
(root,0,0,00:00:00,40) [migration/5]
(root,0,0,00:00:01,41) [ksoftirqd/5]
(root,0,0,00:00:00,43) [kworker/5:0H]
(root,0,0,00:00:00,44) [kdevtmpfs]
(root,0,0,00:00:00,45) [netns]
(root,0,0,00:00:01,46) [khungtaskd]
(root,0,0,00:00:00,47) [oom_reaper]
(root,0,0,00:00:00,48) [writeback]
(root,0,0,00:00:00,49) [kcompactd0]
(root,0,0,00:00:00,51) [ksmd]
(root,0,0,00:00:00,52) [khugepaged]
(root,0,0,00:00:00,53) [crypto]
(root,0,0,00:00:00,54) [kintegrityd]
(root,0,0,00:00:00,55) [bioset]
(root,0,0,00:00:00,56) [kblockd]
(root,0,0,00:00:00,57) [devfreq_wq]
(root,0,0,00:00:00,58) [watchdogd]
(root,0,0,00:00:05,59) [kswapd0]
(root,0,0,00:00:00,60) [vmstat]
(root,0,0,00:00:00,72) [kthrotld]
(root,0,0,00:00:00,73) [ipv6_addrconf]
(root,0,0,00:00:00,109) [mpt_poll_0]
(root,0,0,00:00:00,110) [mpt/0]
(root,0,0,00:00:00,111) [ata_sff]
(root,0,0,00:00:00,147) [scsi_eh_0]
(root,0,0,00:00:00,148) [scsi_tmf_0]
(root,0,0,00:00:00,149) [bioset]
(root,0,0,00:00:00,150) [scsi_eh_1]
(root,0,0,00:00:00,152) [scsi_tmf_1]
(root,0,0,00:00:00,153) [scsi_eh_2]
(root,0,0,00:00:00,154) [scsi_tmf_2]
(root,0,0,00:00:00,171) [bioset]
(root,0,0,00:00:26,174) [kworker/5:1H]
(root,0,0,00:01:52,176) [kworker/1:1H]
(root,0,0,00:00:25,177) [kworker/4:1H]
(root,0,0,00:00:00,203) [kworker/u13:0]
(root,0,0,00:00:38,212) [kworker/2:1H]
(root,0,0,00:07:53,214) [jbd2/sda3-8]
(root,0,0,00:00:00,215) [ext4-rsv-conver]
(root,0,0,00:01:36,237) [kworker/3:1H]
(root,135004,10820,00:20:37,241) /usr/bin/vmtoolsd
(root,0,0,00:00:00,242) [kauditd]
(root,62584,6720,00:18:54,253) /lib/systemd/systemd-journald
(root,98996,1260,00:00:00,273) /sbin/lvmetad -f
(root,47416,4160,00:00:02,305) /lib/systemd/systemd-udevd
(root,0,0,00:00:00,308) [bioset]
(root,0,0,00:00:00,309) [bioset]
(root,0,0,00:00:00,310) [bioset]
(root,0,0,00:00:00,311) [bioset]
(root,0,0,00:00:00,312) [bioset]
(root,0,0,00:00:00,313) [bioset]
(root,0,0,00:00:00,314) [bioset]
(root,0,0,00:00:00,315) [bioset]
(root,0,0,00:00:00,316) [loop0]
(root,0,0,00:00:00,318) [loop2]
(root,0,0,00:00:00,324) [loop4]
(root,0,0,00:00:00,325) [loop5]
(root,0,0,00:00:00,329) [loop7]
(root,0,0,00:00:00,362) [ttm_swap]
(root,0,0,00:00:00,604) [jbd2/sda1-8]
(root,0,0,00:00:00,605) [ext4-rsv-conver]
(systemd+,127284,4100,00:00:03,621) /lib/systemd/systemd-timesyncd
(root,553760,5276,00:04:09,642) /usr/sbin/rsyslogd -n
(root,30876,2824,00:00:03,643) /usr/sbin/cron -f
(root,35912,3312,00:01:05,644) /usr/sbin/irqbalance --foreground
(root,153692,18276,00:00:00,645) /usr/bin/VGAuthService
(root,46668,5004,00:00:04,646) /lib/systemd/systemd-logind
(message+,45124,3864,00:00:06,647) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation
(root,1299860,26528,00:01:39,656) /usr/lib/snapd/snapd
(root,58340,4368,00:00:01,863) lldpd: monitor.
(root,15740,1532,00:00:00,865) /sbin/agetty --noclear tty1 linux
(_lldpd,58340,2908,00:00:12,911) lldpd: connected to SW_CORE_01.
(root,69956,6308,00:00:03,941) /usr/sbin/sshd -D
(root,0,0,00:00:00,951) [bioset]
(root,979984,10552,01:18:24,1063) /usr/sbin/collectd
(root,321460,49932,00:04:41,1100) /usr/bin/python3 /usr/bin/fail2ban-server -s /var/run/fail2ban/fail2ban.sock -p /var/run/fail2ban/fail2ban.pid -x -b
(root,536436,38204,00:01:06,1135) /usr/sbin/apache2 -k start
(root,82324,3784,00:00:54,1371) sendmail: MTA: accepting connections
(root,0,0,00:02:16,3523) [kworker/u12:0]
(root,0,0,00:00:05,4123) [kworker/1:1]
(root,0,0,00:00:40,6729) [kworker/1:0]
(root,318164,12056,00:00:08,7053) /usr/lib/packagekit/packagekitd
(root,286116,6208,00:00:05,7057) /usr/lib/policykit-1/polkitd --no-debug
(freerad,1911700,27472,00:23:21,7832) /usr/sbin/freeradius
(mysql,1542876,680740,03:11:53,8877) /usr/sbin/mysqld
(root,0,0,00:00:00,12334) [loop1]
(root,0,0,00:00:00,16447) [kworker/u12:1]
(root,0,0,00:00:01,16684) [kworker/5:0]
(www-data,537680,27024,00:00:00,17157) /usr/sbin/apache2 -k start
(www-data,537072,25872,00:00:00,17158) /usr/sbin/apache2 -k start
(www-data,537628,26692,00:00:01,17159) /usr/sbin/apache2 -k start
(www-data,537452,26412,00:00:00,17160) /usr/sbin/apache2 -k start
(www-data,537620,26328,00:00:00,17161) /usr/sbin/apache2 -k start
(www-data,537452,26396,00:00:00,17255) /usr/sbin/apache2 -k start
(www-data,537452,26208,00:00:00,17450) /usr/sbin/apache2 -k start
(root,0,0,00:00:00,19208) [kworker/2:0]
(root,0,0,00:00:02,19639) [kworker/2:2]
(www-data,537620,26356,00:00:00,20238) /usr/sbin/apache2 -k start
(root,0,0,00:00:01,20482) [kworker/5:1]
(root,0,0,00:00:00,22020) [kworker/4:0]
(root,0,0,00:00:00,24031) [kworker/4:2]
(root,0,0,00:00:00,26228) [kworker/3:2]
(root,0,0,00:00:00,26276) [kworker/0:1]
(root,0,0,00:00:00,26488) [kworker/3:1]
(root,0,0,00:00:00,26539) [kworker/0:2]
(root,0,0,00:00:00,26546) [kworker/0:0]
(root,20900,3400,00:00:00,26589) /bin/bash /usr/bin/check_mk_agent
(root,20896,3356,00:00:00,26652) /bin/bash /usr/bin/check_mk_agent
(root,18004,2936,00:00:00,26659) bash ./freeradius.sh
(root,36628,2676,00:00:00,26662) ps ax -o user,vsz,rss,cputime,pid,command --columns 10000
(root,13204,916,00:00:00,26663) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4,\5) /
(root,18004,1824,00:00:00,26665) bash ./freeradius.sh
(root,0,0,00:00:00,28054) [loop8]
(root,0,0,00:00:00,28194) [loop3]

Found on 2024-09-27 22:35

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbdb152c97192c0d284810ab27e16e94cebde55ee3

Found public CheckMk agent:
Version: 1.2.6b5
AgentOS: linux
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local

Found process list through CheckMk:
(root,204812,6896,00:00:34,1) /sbin/init
(root,0,0,00:00:00,2) [kthreadd]
(root,0,0,00:00:00,4) [kworker/0:0H]
(root,0,0,00:00:22,6) [kworker/0:1H]
(root,0,0,00:00:00,7) [ksoftirqd/0]
(root,0,0,00:12:31,8) [rcu_sched]
(root,0,0,00:00:00,9) [rcu_bh]
(root,0,0,00:00:00,10) [migration/0]
(root,0,0,00:00:00,11) [lru-add-drain]
(root,0,0,00:00:03,12) [watchdog/0]
(root,0,0,00:00:00,13) [cpuhp/0]
(root,0,0,00:00:00,14) [cpuhp/1]
(root,0,0,00:00:03,15) [watchdog/1]
(root,0,0,00:00:00,16) [migration/1]
(root,0,0,00:00:03,17) [ksoftirqd/1]
(root,0,0,00:00:00,19) [kworker/1:0H]
(root,0,0,00:00:00,20) [cpuhp/2]
(root,0,0,00:00:03,21) [watchdog/2]
(root,0,0,00:00:00,22) [migration/2]
(root,0,0,00:00:00,23) [ksoftirqd/2]
(root,0,0,00:00:00,25) [kworker/2:0H]
(root,0,0,00:00:00,26) [cpuhp/3]
(root,0,0,00:00:02,27) [watchdog/3]
(root,0,0,00:00:00,28) [migration/3]
(root,0,0,00:00:27,29) [ksoftirqd/3]
(root,0,0,00:00:00,31) [kworker/3:0H]
(root,0,0,00:00:00,32) [cpuhp/4]
(root,0,0,00:00:03,33) [watchdog/4]
(root,0,0,00:00:00,34) [migration/4]
(root,0,0,00:00:00,35) [ksoftirqd/4]
(root,0,0,00:00:00,37) [kworker/4:0H]
(root,0,0,00:00:00,38) [cpuhp/5]
(root,0,0,00:00:03,39) [watchdog/5]
(root,0,0,00:00:00,40) [migration/5]
(root,0,0,00:00:00,41) [ksoftirqd/5]
(root,0,0,00:00:00,43) [kworker/5:0H]
(root,0,0,00:00:00,44) [kdevtmpfs]
(root,0,0,00:00:00,45) [netns]
(root,0,0,00:00:00,46) [khungtaskd]
(root,0,0,00:00:00,47) [oom_reaper]
(root,0,0,00:00:00,48) [writeback]
(root,0,0,00:00:00,49) [kcompactd0]
(root,0,0,00:00:00,51) [ksmd]
(root,0,0,00:00:00,52) [khugepaged]
(root,0,0,00:00:00,53) [crypto]
(root,0,0,00:00:00,54) [kintegrityd]
(root,0,0,00:00:00,55) [bioset]
(root,0,0,00:00:00,56) [kblockd]
(root,0,0,00:00:00,57) [devfreq_wq]
(root,0,0,00:00:00,58) [watchdogd]
(root,0,0,00:00:05,59) [kswapd0]
(root,0,0,00:00:00,60) [vmstat]
(root,0,0,00:00:00,72) [kthrotld]
(root,0,0,00:00:00,73) [ipv6_addrconf]
(root,0,0,00:00:00,109) [mpt_poll_0]
(root,0,0,00:00:00,110) [mpt/0]
(root,0,0,00:00:00,111) [ata_sff]
(root,0,0,00:00:00,147) [scsi_eh_0]
(root,0,0,00:00:00,148) [scsi_tmf_0]
(root,0,0,00:00:00,149) [bioset]
(root,0,0,00:00:00,150) [scsi_eh_1]
(root,0,0,00:00:00,152) [scsi_tmf_1]
(root,0,0,00:00:00,153) [scsi_eh_2]
(root,0,0,00:00:00,154) [scsi_tmf_2]
(root,0,0,00:00:00,171) [bioset]
(root,0,0,00:00:23,174) [kworker/5:1H]
(root,0,0,00:01:40,176) [kworker/1:1H]
(root,0,0,00:00:22,177) [kworker/4:1H]
(root,0,0,00:00:00,203) [kworker/u13:0]
(root,0,0,00:00:34,212) [kworker/2:1H]
(root,0,0,00:07:04,214) [jbd2/sda3-8]
(root,0,0,00:00:00,215) [ext4-rsv-conver]
(root,0,0,00:01:24,237) [kworker/3:1H]
(root,135004,10820,00:18:34,241) /usr/bin/vmtoolsd
(root,0,0,00:00:00,242) [kauditd]
(root,76844,14144,00:17:03,253) /lib/systemd/systemd-journald
(root,98996,1260,00:00:00,273) /sbin/lvmetad -f
(root,47416,4624,00:00:02,305) /lib/systemd/systemd-udevd
(root,0,0,00:00:00,308) [bioset]
(root,0,0,00:00:00,309) [bioset]
(root,0,0,00:00:00,310) [bioset]
(root,0,0,00:00:00,311) [bioset]
(root,0,0,00:00:00,312) [bioset]
(root,0,0,00:00:00,313) [bioset]
(root,0,0,00:00:00,314) [bioset]
(root,0,0,00:00:00,315) [bioset]
(root,0,0,00:00:00,316) [loop0]
(root,0,0,00:00:00,318) [loop2]
(root,0,0,00:00:00,324) [loop4]
(root,0,0,00:00:00,325) [loop5]
(root,0,0,00:00:00,329) [loop7]
(root,0,0,00:00:00,362) [ttm_swap]
(root,0,0,00:00:00,604) [jbd2/sda1-8]
(root,0,0,00:00:00,605) [ext4-rsv-conver]
(systemd+,127284,4100,00:00:03,621) /lib/systemd/systemd-timesyncd
(root,553760,5368,00:03:44,642) /usr/sbin/rsyslogd -n
(root,30876,2824,00:00:03,643) /usr/sbin/cron -f
(root,35912,3312,00:00:59,644) /usr/sbin/irqbalance --foreground
(root,153692,18276,00:00:00,645) /usr/bin/VGAuthService
(root,46668,5004,00:00:04,646) /lib/systemd/systemd-logind
(message+,45124,3864,00:00:05,647) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation
(root,1299860,26692,00:01:29,656) /usr/lib/snapd/snapd
(root,58340,4368,00:00:01,863) lldpd: monitor.
(root,15740,1532,00:00:00,865) /sbin/agetty --noclear tty1 linux
(_lldpd,58340,2908,00:00:11,911) lldpd: connected to SW_CORE_01.
(root,69956,6308,00:00:03,941) /usr/sbin/sshd -D
(root,0,0,00:00:00,951) [bioset]
(root,979984,10544,01:10:36,1063) /usr/sbin/collectd
(root,321460,49932,00:04:14,1100) /usr/bin/python3 /usr/bin/fail2ban-server -s /var/run/fail2ban/fail2ban.sock -p /var/run/fail2ban/fail2ban.pid -x -b
(root,536304,38320,00:00:59,1135) /usr/sbin/apache2 -k start
(root,82324,3784,00:00:48,1371) sendmail: MTA: accepting connections
(root,0,0,00:01:50,3523) [kworker/u12:0]
(root,0,0,00:00:00,6605) [kworker/u12:1]
(root,318164,12056,00:00:07,7053) /usr/lib/packagekit/packagekitd
(root,286116,6208,00:00:05,7057) /usr/lib/policykit-1/polkitd --no-debug
(freerad,1911700,27328,00:21:02,7832) /usr/sbin/freeradius
(mysql,1542876,682820,02:51:03,8877) /usr/sbin/mysqld
(root,0,0,00:00:00,12334) [loop1]
(www-data,542644,39640,00:00:00,22620) /usr/sbin/apache2 -k start
(www-data,542052,39140,00:00:00,22621) /usr/sbin/apache2 -k start
(www-data,542436,38456,00:00:00,22622) /usr/sbin/apache2 -k start
(www-data,540328,28828,00:00:00,22623) /usr/sbin/apache2 -k start
(www-data,542284,39548,00:00:00,22625) /usr/sbin/apache2 -k start
(www-data,542424,38532,00:00:00,22914) /usr/sbin/apache2 -k start
(root,0,0,00:00:01,23547) [kworker/2:0]
(www-data,540320,29532,00:00:00,23983) /usr/sbin/apache2 -k start
(root,0,0,00:00:01,25339) [kworker/4:1]
(www-data,542584,37756,00:00:00,26001) /usr/sbin/apache2 -k start
(www-data,542616,39784,00:00:00,26831) /usr/sbin/apache2 -k start
(www-data,537612,26336,00:00:00,27061) /usr/sbin/apache2 -k start
(root,0,0,00:00:01,27292) [kworker/2:2]
(root,0,0,00:00:01,27846) [kworker/0:1]
(root,0,0,00:00:00,28054) [loop8]
(root,0,0,00:00:01,28081) [kworker/1:2]
(root,0,0,00:00:00,28194) [loop3]
(root,0,0,00:00:05,28623) [kworker/1:1]
(root,0,0,00:00:00,29841) [kworker/5:1]
(root,0,0,00:00:00,30118) [kworker/5:2]
(root,0,0,00:00:00,30639) [kworker/4:0]
(root,0,0,00:00:00,31145) [kworker/3:2]
(root,0,0,00:00:00,31215) [kworker/3:1]
(root,0,0,00:00:00,31217) [kworker/0:0]
(root,0,0,00:00:00,31224) [kworker/0:2]
(root,0,0,00:00:00,31289) [kworker/5:0]
(root,20896,3396,00:00:00,31350) /bin/bash /usr/bin/check_mk_agent
(root,36628,2880,00:00:00,31356) ps ax -o user,vsz,rss,cputime,pid,command --columns 10000
(root,13204,984,00:00:00,31357) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4,\5) /

Found on 2024-09-25 20:32

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbdb152c97192c0d284810ab27e16e94ce5d34ad28

Found public CheckMk agent:
Version: 1.2.6b5
AgentOS: linux
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local

Found process list through CheckMk:
(root,204812,6896,00:00:31,1) /sbin/init
(root,0,0,00:00:00,2) [kthreadd]
(root,0,0,00:00:00,4) [kworker/0:0H]
(root,0,0,00:00:20,6) [kworker/0:1H]
(root,0,0,00:00:00,7) [ksoftirqd/0]
(root,0,0,00:10:45,8) [rcu_sched]
(root,0,0,00:00:00,9) [rcu_bh]
(root,0,0,00:00:00,10) [migration/0]
(root,0,0,00:00:00,11) [lru-add-drain]
(root,0,0,00:00:02,12) [watchdog/0]
(root,0,0,00:00:00,13) [cpuhp/0]
(root,0,0,00:00:00,14) [cpuhp/1]
(root,0,0,00:00:02,15) [watchdog/1]
(root,0,0,00:00:00,16) [migration/1]
(root,0,0,00:00:03,17) [ksoftirqd/1]
(root,0,0,00:00:00,19) [kworker/1:0H]
(root,0,0,00:00:00,20) [cpuhp/2]
(root,0,0,00:00:02,21) [watchdog/2]
(root,0,0,00:00:00,22) [migration/2]
(root,0,0,00:00:00,23) [ksoftirqd/2]
(root,0,0,00:00:00,25) [kworker/2:0H]
(root,0,0,00:00:00,26) [cpuhp/3]
(root,0,0,00:00:02,27) [watchdog/3]
(root,0,0,00:00:00,28) [migration/3]
(root,0,0,00:00:23,29) [ksoftirqd/3]
(root,0,0,00:00:00,31) [kworker/3:0H]
(root,0,0,00:00:00,32) [cpuhp/4]
(root,0,0,00:00:03,33) [watchdog/4]
(root,0,0,00:00:00,34) [migration/4]
(root,0,0,00:00:00,35) [ksoftirqd/4]
(root,0,0,00:00:00,37) [kworker/4:0H]
(root,0,0,00:00:00,38) [cpuhp/5]
(root,0,0,00:00:02,39) [watchdog/5]
(root,0,0,00:00:00,40) [migration/5]
(root,0,0,00:00:00,41) [ksoftirqd/5]
(root,0,0,00:00:00,43) [kworker/5:0H]
(root,0,0,00:00:00,44) [kdevtmpfs]
(root,0,0,00:00:00,45) [netns]
(root,0,0,00:00:00,46) [khungtaskd]
(root,0,0,00:00:00,47) [oom_reaper]
(root,0,0,00:00:00,48) [writeback]
(root,0,0,00:00:00,49) [kcompactd0]
(root,0,0,00:00:00,51) [ksmd]
(root,0,0,00:00:00,52) [khugepaged]
(root,0,0,00:00:00,53) [crypto]
(root,0,0,00:00:00,54) [kintegrityd]
(root,0,0,00:00:00,55) [bioset]
(root,0,0,00:00:00,56) [kblockd]
(root,0,0,00:00:00,57) [devfreq_wq]
(root,0,0,00:00:00,58) [watchdogd]
(root,0,0,00:00:04,59) [kswapd0]
(root,0,0,00:00:00,60) [vmstat]
(root,0,0,00:00:00,72) [kthrotld]
(root,0,0,00:00:00,73) [ipv6_addrconf]
(root,0,0,00:00:00,109) [mpt_poll_0]
(root,0,0,00:00:00,110) [mpt/0]
(root,0,0,00:00:00,111) [ata_sff]
(root,0,0,00:00:00,147) [scsi_eh_0]
(root,0,0,00:00:00,148) [scsi_tmf_0]
(root,0,0,00:00:00,149) [bioset]
(root,0,0,00:00:00,150) [scsi_eh_1]
(root,0,0,00:00:00,152) [scsi_tmf_1]
(root,0,0,00:00:00,153) [scsi_eh_2]
(root,0,0,00:00:00,154) [scsi_tmf_2]
(root,0,0,00:00:00,171) [bioset]
(root,0,0,00:00:21,174) [kworker/5:1H]
(root,0,0,00:01:30,176) [kworker/1:1H]
(root,0,0,00:00:20,177) [kworker/4:1H]
(root,0,0,00:00:00,203) [kworker/u13:0]
(root,0,0,00:00:30,212) [kworker/2:1H]
(root,0,0,00:06:17,214) [jbd2/sda3-8]
(root,0,0,00:00:00,215) [ext4-rsv-conver]
(root,0,0,00:01:12,237) [kworker/3:1H]
(root,135004,10820,00:16:40,241) /usr/bin/vmtoolsd
(root,0,0,00:00:00,242) [kauditd]
(root,62584,7236,00:15:18,253) /lib/systemd/systemd-journald
(root,98996,1260,00:00:00,273) /sbin/lvmetad -f
(root,47416,4652,00:00:02,305) /lib/systemd/systemd-udevd
(root,0,0,00:00:00,308) [bioset]
(root,0,0,00:00:00,309) [bioset]
(root,0,0,00:00:00,310) [bioset]
(root,0,0,00:00:00,311) [bioset]
(root,0,0,00:00:00,312) [bioset]
(root,0,0,00:00:00,313) [bioset]
(root,0,0,00:00:00,314) [bioset]
(root,0,0,00:00:00,315) [bioset]
(root,0,0,00:00:00,316) [loop0]
(root,0,0,00:00:00,318) [loop2]
(root,0,0,00:00:00,324) [loop4]
(root,0,0,00:00:00,325) [loop5]
(root,0,0,00:00:00,329) [loop7]
(root,0,0,00:00:00,362) [ttm_swap]
(root,0,0,00:00:00,604) [jbd2/sda1-8]
(root,0,0,00:00:00,605) [ext4-rsv-conver]
(systemd+,127284,4100,00:00:03,621) /lib/systemd/systemd-timesyncd
(root,553760,5372,00:03:20,642) /usr/sbin/rsyslogd -n
(root,30876,2824,00:00:03,643) /usr/sbin/cron -f
(root,35912,3312,00:00:53,644) /usr/sbin/irqbalance --foreground
(root,153692,18276,00:00:00,645) /usr/bin/VGAuthService
(root,46668,5004,00:00:04,646) /lib/systemd/systemd-logind
(message+,45124,3864,00:00:05,647) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation
(root,1299796,26424,00:01:20,656) /usr/lib/snapd/snapd
(root,58340,4368,00:00:00,863) lldpd: monitor.
(root,15740,1532,00:00:00,865) /sbin/agetty --noclear tty1 linux
(_lldpd,58340,2908,00:00:09,911) lldpd: connected to SW_CORE_01.
(root,69956,6308,00:00:03,941) /usr/sbin/sshd -D
(root,0,0,00:00:00,951) [bioset]
(root,979984,10544,01:03:13,1063) /usr/sbin/collectd
(root,321460,49932,00:03:47,1100) /usr/bin/python3 /usr/bin/fail2ban-server -s /var/run/fail2ban/fail2ban.sock -p /var/run/fail2ban/fail2ban.pid -x -b
(root,536304,38304,00:00:53,1135) /usr/sbin/apache2 -k start
(root,82324,3784,00:00:43,1371) sendmail: MTA: accepting connections
(root,0,0,00:00:00,1830) [kworker/4:0]
(root,0,0,00:00:00,1919) [kworker/4:2]
(root,0,0,00:01:26,3523) [kworker/u12:0]
(root,0,0,00:00:00,4451) [kworker/3:0]
(root,0,0,00:00:00,4821) [kworker/1:2]
(root,0,0,00:00:00,5000) [kworker/3:2]
(root,0,0,00:00:00,5119) [kworker/0:1]
(root,0,0,00:00:00,5129) [kworker/0:0]
(root,0,0,00:00:00,5297) [kworker/2:2]
(mysql,4276,748,00:00:00,5300) sh -c  /usr/bin/python3 /cfg/scripts/new_rad.py                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                   
(mysql,126448,64164,00:00:04,5301) /usr/bin/python3 /cfg/scripts/new_rad.py
(root,0,0,00:00:00,5414) [kworker/5:1]
(root,20896,3356,00:00:00,5419) /bin/bash /usr/bin/check_mk_agent
(root,36628,2848,00:00:00,5425) ps ax -o user,vsz,rss,cputime,pid,command --columns 10000
(root,13204,956,00:00:00,5426) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4,\5) /
(root,318164,12056,00:00:07,7053) /usr/lib/packagekit/packagekitd
(root,286116,6208,00:00:04,7057) /usr/lib/policykit-1/polkitd --no-debug
(freerad,1911700,27236,00:18:52,7832) /usr/sbin/freeradius
(mysql,1542876,678480,02:31:37,8877) /usr/sbin/mysqld
(root,0,0,00:00:00,12334) [loop1]
(root,0,0,00:00:00,18309) [kworker/u12:2]
(root,0,0,00:00:00,23910) [kworker/2:1]
(root,0,0,00:00:04,24188) [kworker/2:0]
(www-data,537448,26832,00:00:01,26051) /usr/sbin/apache2 -k start
(www-data,537992,27080,00:00:00,26052) /usr/sbin/apache2 -k start
(www-data,538060,27736,00:00:01,26053) /usr/sbin/apache2 -k start
(www-data,538124,27696,00:00:00,26054) /usr/sbin/apache2 -k start
(root,0,0,00:00:00,28054) [loop8]
(www-data,537216,25192,00:00:00,28099) /usr/sbin/apache2 -k start
(www-data,537048,25496,00:00:00,28100) /usr/sbin/apache2 -k start
(www-data,537596,26392,00:00:00,28102) /usr/sbin/apache2 -k start
(www-data,537620,26748,00:00:00,28103) /usr/sbin/apache2 -k start
(root,0,0,00:00:00,28194) [loop3]
(root,0,0,00:00:00,29954) [kworker/5:2]
(www-data,537592,25176,00:00:00,30069) /usr/sbin/apache2 -k start
(www-data,537436,25936,00:00:00,30070) /usr/sbin/apache2 -k start
(root,0,0,00:00:12,30131) [kworker/1:1]
(root,0,0,00:00:01,30192) [kworker/5:0]
(root,0,0,00:00:02,31517) [kworker/0:2]

Found on 2024-09-23 22:10

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbdb152c97192c0d284810ab27e16e94ce595b5726

Found public CheckMk agent:
Version: 1.2.6b5
AgentOS: linux
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local

Found process list through CheckMk:
(root,204812,6896,00:00:28,1) /sbin/init
(root,0,0,00:00:00,2) [kthreadd]
(root,0,0,00:00:00,4) [kworker/0:0H]
(root,0,0,00:00:18,6) [kworker/0:1H]
(root,0,0,00:00:00,7) [ksoftirqd/0]
(root,0,0,00:09:38,8) [rcu_sched]
(root,0,0,00:00:00,9) [rcu_bh]
(root,0,0,00:00:00,10) [migration/0]
(root,0,0,00:00:00,11) [lru-add-drain]
(root,0,0,00:00:02,12) [watchdog/0]
(root,0,0,00:00:00,13) [cpuhp/0]
(root,0,0,00:00:00,14) [cpuhp/1]
(root,0,0,00:00:02,15) [watchdog/1]
(root,0,0,00:00:00,16) [migration/1]
(root,0,0,00:00:02,17) [ksoftirqd/1]
(root,0,0,00:00:00,19) [kworker/1:0H]
(root,0,0,00:00:00,20) [cpuhp/2]
(root,0,0,00:00:02,21) [watchdog/2]
(root,0,0,00:00:00,22) [migration/2]
(root,0,0,00:00:00,23) [ksoftirqd/2]
(root,0,0,00:00:00,25) [kworker/2:0H]
(root,0,0,00:00:00,26) [cpuhp/3]
(root,0,0,00:00:02,27) [watchdog/3]
(root,0,0,00:00:00,28) [migration/3]
(root,0,0,00:00:20,29) [ksoftirqd/3]
(root,0,0,00:00:00,31) [kworker/3:0H]
(root,0,0,00:00:00,32) [cpuhp/4]
(root,0,0,00:00:02,33) [watchdog/4]
(root,0,0,00:00:00,34) [migration/4]
(root,0,0,00:00:00,35) [ksoftirqd/4]
(root,0,0,00:00:00,37) [kworker/4:0H]
(root,0,0,00:00:00,38) [cpuhp/5]
(root,0,0,00:00:02,39) [watchdog/5]
(root,0,0,00:00:00,40) [migration/5]
(root,0,0,00:00:00,41) [ksoftirqd/5]
(root,0,0,00:00:00,43) [kworker/5:0H]
(root,0,0,00:00:00,44) [kdevtmpfs]
(root,0,0,00:00:00,45) [netns]
(root,0,0,00:00:00,46) [khungtaskd]
(root,0,0,00:00:00,47) [oom_reaper]
(root,0,0,00:00:00,48) [writeback]
(root,0,0,00:00:00,49) [kcompactd0]
(root,0,0,00:00:00,51) [ksmd]
(root,0,0,00:00:00,52) [khugepaged]
(root,0,0,00:00:00,53) [crypto]
(root,0,0,00:00:00,54) [kintegrityd]
(root,0,0,00:00:00,55) [bioset]
(root,0,0,00:00:00,56) [kblockd]
(root,0,0,00:00:00,57) [devfreq_wq]
(root,0,0,00:00:00,58) [watchdogd]
(root,0,0,00:00:03,59) [kswapd0]
(root,0,0,00:00:00,60) [vmstat]
(root,0,0,00:00:00,72) [kthrotld]
(root,0,0,00:00:00,73) [ipv6_addrconf]
(root,0,0,00:00:00,109) [mpt_poll_0]
(root,0,0,00:00:00,110) [mpt/0]
(root,0,0,00:00:00,111) [ata_sff]
(root,0,0,00:00:00,147) [scsi_eh_0]
(root,0,0,00:00:00,148) [scsi_tmf_0]
(root,0,0,00:00:00,149) [bioset]
(root,0,0,00:00:00,150) [scsi_eh_1]
(root,0,0,00:00:00,152) [scsi_tmf_1]
(root,0,0,00:00:00,153) [scsi_eh_2]
(root,0,0,00:00:00,154) [scsi_tmf_2]
(root,0,0,00:00:00,171) [bioset]
(root,0,0,00:00:18,174) [kworker/5:1H]
(root,0,0,00:01:19,176) [kworker/1:1H]
(root,0,0,00:00:17,177) [kworker/4:1H]
(root,0,0,00:00:00,203) [kworker/u13:0]
(root,0,0,00:00:26,212) [kworker/2:1H]
(root,0,0,00:05:29,214) [jbd2/sda3-8]
(root,0,0,00:00:00,215) [ext4-rsv-conver]
(root,0,0,00:01:04,237) [kworker/3:1H]
(root,135004,10956,00:14:44,241) /usr/bin/vmtoolsd
(root,0,0,00:00:00,242) [kauditd]
(root,62584,9832,00:13:29,253) /lib/systemd/systemd-journald
(root,98996,1260,00:00:00,273) /sbin/lvmetad -f
(root,47416,5028,00:00:02,305) /lib/systemd/systemd-udevd
(root,0,0,00:00:00,308) [bioset]
(root,0,0,00:00:00,309) [bioset]
(root,0,0,00:00:00,310) [bioset]
(root,0,0,00:00:00,311) [bioset]
(root,0,0,00:00:00,312) [bioset]
(root,0,0,00:00:00,313) [bioset]
(root,0,0,00:00:00,314) [bioset]
(root,0,0,00:00:00,315) [bioset]
(root,0,0,00:00:00,316) [loop0]
(root,0,0,00:00:00,318) [loop2]
(root,0,0,00:00:00,324) [loop4]
(root,0,0,00:00:00,325) [loop5]
(root,0,0,00:00:00,329) [loop7]
(root,0,0,00:00:00,362) [ttm_swap]
(root,0,0,00:00:00,604) [jbd2/sda1-8]
(root,0,0,00:00:00,605) [ext4-rsv-conver]
(systemd+,127284,4100,00:00:02,621) /lib/systemd/systemd-timesyncd
(root,553760,5312,00:02:57,642) /usr/sbin/rsyslogd -n
(root,30876,2824,00:00:02,643) /usr/sbin/cron -f
(root,35912,3312,00:00:47,644) /usr/sbin/irqbalance --foreground
(root,153692,18276,00:00:00,645) /usr/bin/VGAuthService
(root,46668,5004,00:00:03,646) /lib/systemd/systemd-logind
(message+,45124,3864,00:00:04,647) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation
(root,1299796,26160,00:01:11,656) /usr/lib/snapd/snapd
(root,58340,4368,00:00:00,863) lldpd: monitor.
(root,15740,1532,00:00:00,865) /sbin/agetty --noclear tty1 linux
(_lldpd,58340,2908,00:00:08,911) lldpd: connected to SW_CORE_01.
(root,69956,6308,00:00:01,941) /usr/sbin/sshd -D
(root,0,0,00:00:00,951) [bioset]
(root,979984,10540,00:55:53,1063) /usr/sbin/collectd
(root,321460,49912,00:03:06,1100) /usr/bin/python3 /usr/bin/fail2ban-server -s /var/run/fail2ban/fail2ban.sock -p /var/run/fail2ban/fail2ban.pid -x -b
(root,536304,38292,00:00:47,1135) /usr/sbin/apache2 -k start
(root,82324,3784,00:00:38,1371) sendmail: MTA: accepting connections
(root,0,0,00:00:00,2537) [kworker/1:2]
(root,0,0,00:00:06,2813) [kworker/1:1]
(root,0,0,00:00:00,3249) [kworker/5:0]
(root,0,0,00:01:01,3523) [kworker/u12:0]
(root,0,0,00:00:01,3639) [kworker/0:1]
(root,0,0,00:00:00,5445) [kworker/3:2]
(root,0,0,00:00:00,5694) [kworker/3:1]
(root,0,0,00:00:00,6296) [kworker/4:2]
(root,0,0,00:00:00,6630) [kworker/4:1]
(root,0,0,00:00:00,6717) [kworker/0:2]
(root,0,0,00:00:00,6732) [kworker/0:0]
(root,0,0,00:00:00,6910) [kworker/4:0]
(root,20900,3456,00:00:00,7027) /bin/bash /usr/bin/check_mk_agent
(root,318164,12056,00:00:06,7053) /usr/lib/packagekit/packagekitd
(root,286116,6208,00:00:04,7057) /usr/lib/policykit-1/polkitd --no-debug
(root,18020,2968,00:00:00,7086) bash ./freeradius.sh
(root,20896,3396,00:00:00,7092) /bin/bash /usr/bin/check_mk_agent
(root,19396,7836,00:00:00,7099) /bin/sed -n -e s/\s*\(FreeRADIUS-Total-Access-Requests = [0-9]*\)/\1/p -e s/\s*\(FreeRADIUS-Total-Access-Accepts = [0-9]*\)/\1/p -e s/\s*\(FreeRADIUS-Total-Access-Rejects = [0-9]*\)/\1/p -e s/\s*\(FreeRADIUS-Total-Access-Challenges = [0-9]*\)/\1/p -e s/\s*\(FreeRADIUS-Total-Auth-Responses = [0-9]*\)/\1/p -e s/\s*\(FreeRADIUS-Total-Auth-Duplicate-Requests = [0-9]*\)/\1/p -e s/\s*\(FreeRADIUS-Total-Auth-Malformed-Requests = [0-9]*\)/\1/p -e s/\s*\(FreeRADIUS-Total-Auth-Invalid-Requests = [0-9]*\)/\1/p -e s/\s*\(FreeRADIUS-Total-Auth-Dropped-Requests = [0-9]*\)/\1/p -e s/\s*\(FreeRADIUS-Total-Auth-Unknown-Types = [0-9]*\)/\1/p -e s/\s*\(FreeRADIUS-Total-Accounting-Requests = [0-9]*\)/\1/p -e s/\s*\(FreeRADIUS-Total-Accounting-Responses = [0-9]*\)/\1/p -e s/\s*\(FreeRADIUS-Total-Acct-Duplicate-Requests = [0-9]*\)/\1/p -e s/\s*\(FreeRADIUS-Total-Acct-Malformed-Requests = [0-9]*\)/\1/p -e s/\s*\(FreeRADIUS-Total-Acct-Invalid-Requests = [0-9]*\)/\1/p -e s/\s*\(FreeRADIUS-Total-Acct-Dropped-Requests = [0-9]*\)/\1/p -e s/\s*\(FreeRADIUS-Total-Acct-Unknown-Types = [0-9]*\)/\1/p -e s/\s*\(FreeRADIUS-Total-Proxy-Access-Requests = [0-9]*\)/\1/p -e s/\s*\(FreeRADIUS-Total-Proxy-Access-Accepts = [0-9]*\)/\1/p -e s/\s*\(FreeRADIUS-Total-Proxy-Access-Rejects = [0-9]*\)/\1/p -e s/\s*\(FreeRADIUS-Total-Proxy-Access-Challenges = [0-9]*\)/\1/p -e s/\s*\(FreeRADIUS-Total-Proxy-Auth-Responses = [0-9]*\)/\1/p -e s/\s*\(FreeRADIUS-Total-Proxy-Auth-Duplicate-Requests = [0-9]*\)/\1/p -e s/\s*\(FreeRADIUS-Total-Proxy-Auth-Malformed-Requests = [0-9]*\)/\1/p -e s/\s*\(FreeRADIUS-Total-Proxy-Auth-Invalid-Requests = [0-9]*\)/\1/p -e s/\s*\(FreeRADIUS-Total-Proxy-Auth-Dropped-Requests = [0-9]*\)/\1/p -e s/\s*\(FreeRADIUS-Total-Proxy-Auth-Unknown-Types = [0-9]*\)/\1/p -e s/\s*\(FreeRADIUS-Total-Proxy-Accounting-Requests = [0-9]*\)/\1/p -e s/\s*\(FreeRADIUS-Total-Proxy-Accounting-Responses = [0-9]*\)/\1/p -e s/\s*\(FreeRADIUS-Total-Proxy-Acct-Duplicate-Requests = [0-9]*\)/\1/p -e s/\s*\(FreeRADIUS-Total-Proxy-Acct-Malformed-Requests = [0-9]*\)/\1/p -e s/\s*\(FreeRADIUS-Total-Proxy-Acct-Invalid-Requests = [0-9]*\)/\1/p -e s/\s*\(FreeRADIUS-Total-Proxy-Acct-Dropped-Requests = [0-9]*\)/\1/p -e s/\s*\(FreeRADIUS-Total-Proxy-Acct-Unknown-Types = [0-9]*\)/\1/p -e s/\s*\(FreeRADIUS-Queue-Len-Internal = [0-9]*\)/\1/p -e s/\s*\(FreeRADIUS-Queue-Len-Proxy = [0-9]*\)/\1/p -e s/\s*\(FreeRADIUS-Queue-Len-Auth = [0-9]*\)/\1/p -e s/\s*\(FreeRADIUS-Queue-Len-Acct = [0-9]*\)/\1/p -e s/\s*\(FreeRADIUS-Queue-Len-Detail = [0-9]*\)/\1/p -e s/\s*\(FreeRADIUS-Queue-PPS-In = [0-9]*\)/\1/p -e s/\s*\(FreeRADIUS-Queue-PPS-Out = [0-9]*\)/\1/p
(root,36628,2752,00:00:00,7100) ps ax -o user,vsz,rss,cputime,pid,command --columns 10000
(root,13204,944,00:00:00,7101) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4,\5) /
(freerad,1903504,27148,00:16:35,7832) /usr/sbin/freeradius
(mysql,1534684,678936,02:11:20,8877) /usr/sbin/mysqld
(root,0,0,00:00:00,12334) [loop1]
(root,0,0,00:00:04,17510) [kworker/2:0]
(root,0,0,00:00:00,18309) [kworker/u12:2]
(root,0,0,00:00:02,27199) [kworker/5:2]
(www-data,536916,14176,00:00:00,28039) /usr/sbin/apache2 -k start
(www-data,537140,22844,00:00:00,28040) /usr/sbin/apache2 -k start
(www-data,537196,24380,00:00:00,28041) /usr/sbin/apache2 -k start
(www-data,537144,22432,00:00:00,28042) /usr/sbin/apache2 -k start
(root,0,0,00:00:00,28054) [loop8]
(www-data,537588,25760,00:00:00,28090) /usr/sbin/apache2 -k start
(root,0,0,00:00:00,28194) [loop3]
(root,0,0,00:00:03,28350) [kworker/2:2]
(www-data,537304,23068,00:00:00,28825) /usr/sbin/apache2 -k start
(www-data,537644,26808,00:00:00,28826) /usr/sbin/apache2 -k start
(www-data,537412,25820,00:00:00,28827) /usr/sbin/apache2 -k start
(www-data,537300,25308,00:00:00,28828) /usr/sbin/apache2 -k start
(www-data,536796,14300,00:00:00,28829) /usr/sbin/apache2 -k start

Found on 2024-09-21 22:39

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbdb152c97192c0d284810ab27e16e94ce497fe506

Found public CheckMk agent:
Version: 1.2.6b5
AgentOS: linux
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local

Found process list through CheckMk:
(root,204812,6896,00:00:25,1) /sbin/init
(root,0,0,00:00:00,2) [kthreadd]
(root,0,0,00:00:00,4) [kworker/0:0H]
(root,0,0,00:00:15,6) [kworker/0:1H]
(root,0,0,00:00:00,7) [ksoftirqd/0]
(root,0,0,00:08:26,8) [rcu_sched]
(root,0,0,00:00:00,9) [rcu_bh]
(root,0,0,00:00:00,10) [migration/0]
(root,0,0,00:00:00,11) [lru-add-drain]
(root,0,0,00:00:02,12) [watchdog/0]
(root,0,0,00:00:00,13) [cpuhp/0]
(root,0,0,00:00:00,14) [cpuhp/1]
(root,0,0,00:00:02,15) [watchdog/1]
(root,0,0,00:00:00,16) [migration/1]
(root,0,0,00:00:02,17) [ksoftirqd/1]
(root,0,0,00:00:00,19) [kworker/1:0H]
(root,0,0,00:00:00,20) [cpuhp/2]
(root,0,0,00:00:02,21) [watchdog/2]
(root,0,0,00:00:00,22) [migration/2]
(root,0,0,00:00:00,23) [ksoftirqd/2]
(root,0,0,00:00:00,25) [kworker/2:0H]
(root,0,0,00:00:00,26) [cpuhp/3]
(root,0,0,00:00:02,27) [watchdog/3]
(root,0,0,00:00:00,28) [migration/3]
(root,0,0,00:00:17,29) [ksoftirqd/3]
(root,0,0,00:00:00,31) [kworker/3:0H]
(root,0,0,00:00:00,32) [cpuhp/4]
(root,0,0,00:00:02,33) [watchdog/4]
(root,0,0,00:00:00,34) [migration/4]
(root,0,0,00:00:00,35) [ksoftirqd/4]
(root,0,0,00:00:00,37) [kworker/4:0H]
(root,0,0,00:00:00,38) [cpuhp/5]
(root,0,0,00:00:02,39) [watchdog/5]
(root,0,0,00:00:00,40) [migration/5]
(root,0,0,00:00:00,41) [ksoftirqd/5]
(root,0,0,00:00:00,43) [kworker/5:0H]
(root,0,0,00:00:00,44) [kdevtmpfs]
(root,0,0,00:00:00,45) [netns]
(root,0,0,00:00:00,46) [khungtaskd]
(root,0,0,00:00:00,47) [oom_reaper]
(root,0,0,00:00:00,48) [writeback]
(root,0,0,00:00:00,49) [kcompactd0]
(root,0,0,00:00:00,51) [ksmd]
(root,0,0,00:00:00,52) [khugepaged]
(root,0,0,00:00:00,53) [crypto]
(root,0,0,00:00:00,54) [kintegrityd]
(root,0,0,00:00:00,55) [bioset]
(root,0,0,00:00:00,56) [kblockd]
(root,0,0,00:00:00,57) [devfreq_wq]
(root,0,0,00:00:00,58) [watchdogd]
(root,0,0,00:00:02,59) [kswapd0]
(root,0,0,00:00:00,60) [vmstat]
(root,0,0,00:00:00,72) [kthrotld]
(root,0,0,00:00:00,73) [ipv6_addrconf]
(root,0,0,00:00:00,109) [mpt_poll_0]
(root,0,0,00:00:00,110) [mpt/0]
(root,0,0,00:00:00,111) [ata_sff]
(root,0,0,00:00:00,147) [scsi_eh_0]
(root,0,0,00:00:00,148) [scsi_tmf_0]
(root,0,0,00:00:00,149) [bioset]
(root,0,0,00:00:00,150) [scsi_eh_1]
(root,0,0,00:00:00,152) [scsi_tmf_1]
(root,0,0,00:00:00,153) [scsi_eh_2]
(root,0,0,00:00:00,154) [scsi_tmf_2]
(root,0,0,00:00:00,171) [bioset]
(root,0,0,00:00:15,174) [kworker/5:1H]
(root,0,0,00:01:09,176) [kworker/1:1H]
(root,0,0,00:00:15,177) [kworker/4:1H]
(root,0,0,00:00:00,203) [kworker/u13:0]
(root,0,0,00:00:23,212) [kworker/2:1H]
(root,0,0,00:04:42,214) [jbd2/sda3-8]
(root,0,0,00:00:00,215) [ext4-rsv-conver]
(root,0,0,00:00:55,237) [kworker/3:1H]
(root,135004,11028,00:12:48,241) /usr/bin/vmtoolsd
(root,0,0,00:00:00,242) [kauditd]
(root,62584,7892,00:11:43,253) /lib/systemd/systemd-journald
(root,98996,1476,00:00:00,273) /sbin/lvmetad -f
(root,47416,5088,00:00:01,305) /lib/systemd/systemd-udevd
(root,0,0,00:00:00,308) [bioset]
(root,0,0,00:00:00,309) [bioset]
(root,0,0,00:00:00,310) [bioset]
(root,0,0,00:00:00,311) [bioset]
(root,0,0,00:00:00,312) [bioset]
(root,0,0,00:00:00,313) [bioset]
(root,0,0,00:00:00,314) [bioset]
(root,0,0,00:00:00,315) [bioset]
(root,0,0,00:00:00,316) [loop0]
(root,0,0,00:00:00,318) [loop2]
(root,0,0,00:00:00,324) [loop4]
(root,0,0,00:00:00,325) [loop5]
(root,0,0,00:00:00,329) [loop7]
(root,0,0,00:00:00,362) [ttm_swap]
(root,0,0,00:00:00,604) [jbd2/sda1-8]
(root,0,0,00:00:00,605) [ext4-rsv-conver]
(systemd+,127284,4100,00:00:02,621) /lib/systemd/systemd-timesyncd
(root,553760,5300,00:02:33,642) /usr/sbin/rsyslogd -n
(root,30876,2824,00:00:02,643) /usr/sbin/cron -f
(root,35912,3312,00:00:41,644) /usr/sbin/irqbalance --foreground
(root,153692,18276,00:00:00,645) /usr/bin/VGAuthService
(root,46668,5004,00:00:03,646) /lib/systemd/systemd-logind
(message+,45124,3864,00:00:04,647) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation
(root,1299796,25640,00:01:02,656) /usr/lib/snapd/snapd
(root,58340,4368,00:00:00,863) lldpd: monitor.
(root,15740,1532,00:00:00,865) /sbin/agetty --noclear tty1 linux
(_lldpd,58340,2908,00:00:07,911) lldpd: connected to SW_CORE_01.
(root,69956,6308,00:00:01,941) /usr/sbin/sshd -D
(root,0,0,00:00:00,951) [bioset]
(root,979984,10532,00:48:31,1063) /usr/sbin/collectd
(root,321460,49864,00:02:38,1100) /usr/bin/python3 /usr/bin/fail2ban-server -s /var/run/fail2ban/fail2ban.sock -p /var/run/fail2ban/fail2ban.pid -x -b
(root,536304,38280,00:00:41,1135) /usr/sbin/apache2 -k start
(www-data,537576,26232,00:00:00,1208) /usr/sbin/apache2 -k start
(www-data,538088,27292,00:00:00,1209) /usr/sbin/apache2 -k start
(www-data,537568,26488,00:00:00,1210) /usr/sbin/apache2 -k start
(www-data,537584,25824,00:00:00,1211) /usr/sbin/apache2 -k start
(www-data,537964,26616,00:00:00,1212) /usr/sbin/apache2 -k start
(www-data,537404,26612,00:00:00,1249) /usr/sbin/apache2 -k start
(root,82324,3784,00:00:33,1371) sendmail: MTA: accepting connections
(root,0,0,00:00:00,2213) [kworker/5:1]
(root,0,0,00:00:36,3523) [kworker/u12:0]
(root,0,0,00:00:01,4210) [kworker/5:2]
(www-data,537400,25592,00:00:00,5808) /usr/sbin/apache2 -k start
(www-data,537572,26032,00:00:00,6047) /usr/sbin/apache2 -k start
(www-data,537568,23968,00:00:00,6802) /usr/sbin/apache2 -k start
(www-data,537288,23720,00:00:00,6803) /usr/sbin/apache2 -k start
(root,318164,12056,00:00:05,7053) /usr/lib/packagekit/packagekitd
(root,286116,6208,00:00:04,7057) /usr/lib/policykit-1/polkitd --no-debug
(root,0,0,00:00:01,7106) [kworker/0:1]
(freerad,1903504,27068,00:14:22,7832) /usr/sbin/freeradius
(root,0,0,00:00:00,8322) [kworker/2:0]
(root,0,0,00:00:00,8602) [kworker/3:2]
(root,0,0,00:00:00,8833) [kworker/3:1]
(mysql,1534684,678808,01:51:27,8877) /usr/sbin/mysqld
(root,0,0,00:00:00,8982) [kworker/2:2]
(root,0,0,00:00:00,9745) [kworker/4:0]
(root,0,0,00:00:00,9933) [kworker/4:2]
(root,0,0,00:00:00,10779) [kworker/1:1]
(root,0,0,00:00:00,11014) [kworker/1:0]
(root,0,0,00:00:00,11098) [kworker/0:2]
(root,0,0,00:00:00,11113) [kworker/u12:1]
(root,0,0,00:00:00,11135) [kworker/0:0]
(root,0,0,00:00:00,11304) [kworker/1:2]
(root,0,0,00:00:00,11370) [kworker/2:1]
(root,20896,3292,00:00:00,11431) /bin/bash /usr/bin/check_mk_agent
(root,36628,2844,00:00:00,11437) ps ax -o user,vsz,rss,cputime,pid,command --columns 10000
(root,13204,896,00:00:00,11438) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4,\5) /
(root,0,0,00:00:00,12334) [loop1]
(root,0,0,00:00:00,28054) [loop8]
(root,0,0,00:00:00,28194) [loop3]

Found on 2024-09-19 23:10

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbdb152c97192c0d284810ab27e16e94ce0610093c

Found public CheckMk agent:
Version: 1.2.6b5
AgentOS: linux
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local

Found process list through CheckMk:
(root,204812,6896,00:00:21,1) /sbin/init
(root,0,0,00:00:00,2) [kthreadd]
(root,0,0,00:00:00,4) [kworker/0:0H]
(root,0,0,00:00:13,6) [kworker/0:1H]
(root,0,0,00:00:00,7) [ksoftirqd/0]
(root,0,0,00:07:15,8) [rcu_sched]
(root,0,0,00:00:00,9) [rcu_bh]
(root,0,0,00:00:00,10) [migration/0]
(root,0,0,00:00:00,11) [lru-add-drain]
(root,0,0,00:00:01,12) [watchdog/0]
(root,0,0,00:00:00,13) [cpuhp/0]
(root,0,0,00:00:00,14) [cpuhp/1]
(root,0,0,00:00:01,15) [watchdog/1]
(root,0,0,00:00:00,16) [migration/1]
(root,0,0,00:00:02,17) [ksoftirqd/1]
(root,0,0,00:00:00,19) [kworker/1:0H]
(root,0,0,00:00:00,20) [cpuhp/2]
(root,0,0,00:00:01,21) [watchdog/2]
(root,0,0,00:00:00,22) [migration/2]
(root,0,0,00:00:00,23) [ksoftirqd/2]
(root,0,0,00:00:00,25) [kworker/2:0H]
(root,0,0,00:00:00,26) [cpuhp/3]
(root,0,0,00:00:01,27) [watchdog/3]
(root,0,0,00:00:00,28) [migration/3]
(root,0,0,00:00:15,29) [ksoftirqd/3]
(root,0,0,00:00:00,31) [kworker/3:0H]
(root,0,0,00:00:00,32) [cpuhp/4]
(root,0,0,00:00:01,33) [watchdog/4]
(root,0,0,00:00:00,34) [migration/4]
(root,0,0,00:00:00,35) [ksoftirqd/4]
(root,0,0,00:00:00,37) [kworker/4:0H]
(root,0,0,00:00:00,38) [cpuhp/5]
(root,0,0,00:00:01,39) [watchdog/5]
(root,0,0,00:00:00,40) [migration/5]
(root,0,0,00:00:00,41) [ksoftirqd/5]
(root,0,0,00:00:00,43) [kworker/5:0H]
(root,0,0,00:00:00,44) [kdevtmpfs]
(root,0,0,00:00:00,45) [netns]
(root,0,0,00:00:00,46) [khungtaskd]
(root,0,0,00:00:00,47) [oom_reaper]
(root,0,0,00:00:00,48) [writeback]
(root,0,0,00:00:00,49) [kcompactd0]
(root,0,0,00:00:00,51) [ksmd]
(root,0,0,00:00:00,52) [khugepaged]
(root,0,0,00:00:00,53) [crypto]
(root,0,0,00:00:00,54) [kintegrityd]
(root,0,0,00:00:00,55) [bioset]
(root,0,0,00:00:00,56) [kblockd]
(root,0,0,00:00:00,57) [devfreq_wq]
(root,0,0,00:00:00,58) [watchdogd]
(root,0,0,00:00:02,59) [kswapd0]
(root,0,0,00:00:00,60) [vmstat]
(root,0,0,00:00:00,72) [kthrotld]
(root,0,0,00:00:00,73) [ipv6_addrconf]
(root,0,0,00:00:00,109) [mpt_poll_0]
(root,0,0,00:00:00,110) [mpt/0]
(root,0,0,00:00:00,111) [ata_sff]
(root,0,0,00:00:00,147) [scsi_eh_0]
(root,0,0,00:00:00,148) [scsi_tmf_0]
(root,0,0,00:00:00,149) [bioset]
(root,0,0,00:00:00,150) [scsi_eh_1]
(root,0,0,00:00:00,152) [scsi_tmf_1]
(root,0,0,00:00:00,153) [scsi_eh_2]
(root,0,0,00:00:00,154) [scsi_tmf_2]
(root,0,0,00:00:00,171) [bioset]
(root,0,0,00:00:13,174) [kworker/5:1H]
(root,0,0,00:00:58,176) [kworker/1:1H]
(root,0,0,00:00:12,177) [kworker/4:1H]
(root,0,0,00:00:00,203) [kworker/u13:0]
(root,0,0,00:00:19,212) [kworker/2:1H]
(root,0,0,00:03:55,214) [jbd2/sda3-8]
(root,0,0,00:00:00,215) [ext4-rsv-conver]
(root,0,0,00:00:46,237) [kworker/3:1H]
(root,135004,11028,00:10:52,241) /usr/bin/vmtoolsd
(root,0,0,00:00:00,242) [kauditd]
(root,76848,18016,00:09:57,253) /lib/systemd/systemd-journald
(root,98996,1476,00:00:00,273) /sbin/lvmetad -f
(root,47416,5088,00:00:01,305) /lib/systemd/systemd-udevd
(root,0,0,00:00:00,308) [bioset]
(root,0,0,00:00:00,309) [bioset]
(root,0,0,00:00:00,310) [bioset]
(root,0,0,00:00:00,311) [bioset]
(root,0,0,00:00:00,312) [bioset]
(root,0,0,00:00:00,313) [bioset]
(root,0,0,00:00:00,314) [bioset]
(root,0,0,00:00:00,315) [bioset]
(root,0,0,00:00:00,316) [loop0]
(root,0,0,00:00:00,318) [loop2]
(root,0,0,00:00:00,324) [loop4]
(root,0,0,00:00:00,325) [loop5]
(root,0,0,00:00:00,329) [loop7]
(root,0,0,00:00:00,362) [ttm_swap]
(root,0,0,00:00:00,604) [jbd2/sda1-8]
(root,0,0,00:00:00,605) [ext4-rsv-conver]
(systemd+,127284,4100,00:00:02,621) /lib/systemd/systemd-timesyncd
(root,553760,5220,00:02:09,642) /usr/sbin/rsyslogd -n
(root,30876,2824,00:00:02,643) /usr/sbin/cron -f
(root,35912,3312,00:00:34,644) /usr/sbin/irqbalance --foreground
(root,153692,18276,00:00:00,645) /usr/bin/VGAuthService
(root,46668,5004,00:00:02,646) /lib/systemd/systemd-logind
(message+,45124,3864,00:00:03,647) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation
(root,1299796,25468,00:00:53,656) /usr/lib/snapd/snapd
(root,58340,4368,00:00:00,863) lldpd: monitor.
(root,15740,1532,00:00:00,865) /sbin/agetty --noclear tty1 linux
(_lldpd,58340,2908,00:00:06,911) lldpd: connected to SW_CORE_01.
(root,69956,6308,00:00:00,941) /usr/sbin/sshd -D
(root,0,0,00:00:00,951) [bioset]
(root,979984,10516,00:41:10,1063) /usr/sbin/collectd
(root,321460,49864,00:02:14,1100) /usr/bin/python3 /usr/bin/fail2ban-server -s /var/run/fail2ban/fail2ban.sock -p /var/run/fail2ban/fail2ban.pid -x -b
(root,536304,38268,00:00:34,1135) /usr/sbin/apache2 -k start
(root,82324,3784,00:00:28,1371) sendmail: MTA: accepting connections
(root,0,0,00:00:12,3523) [kworker/u12:0]
(www-data,537576,26836,00:00:00,6640) /usr/sbin/apache2 -k start
(www-data,537568,26860,00:00:00,6642) /usr/sbin/apache2 -k start
(www-data,537556,26644,00:00:00,6643) /usr/sbin/apache2 -k start
(www-data,537568,26616,00:00:00,6850) /usr/sbin/apache2 -k start
(root,318164,12056,00:00:04,7053) /usr/lib/packagekit/packagekitd
(root,286116,6208,00:00:03,7057) /usr/lib/policykit-1/polkitd --no-debug
(www-data,536812,26180,00:00:00,7175) /usr/sbin/apache2 -k start
(freerad,1911700,27020,00:12:09,7832) /usr/sbin/freeradius
(mysql,1534684,677640,01:31:14,8877) /usr/sbin/mysqld
(root,0,0,00:00:01,10619) [kworker/1:1]
(root,0,0,00:00:00,11113) [kworker/u12:1]
(root,0,0,00:00:01,11117) [kworker/5:1]
(www-data,537548,26448,00:00:00,11174) /usr/sbin/apache2 -k start
(www-data,537556,26000,00:00:00,11175) /usr/sbin/apache2 -k start
(www-data,537392,23264,00:00:00,11178) /usr/sbin/apache2 -k start
(www-data,538016,24736,00:00:00,11179) /usr/sbin/apache2 -k start
(root,0,0,00:00:10,11686) [kworker/1:0]
(root,0,0,00:00:00,12334) [loop1]
(root,0,0,00:00:00,12337) [kworker/5:0]
(root,0,0,00:00:01,13645) [kworker/0:0]
(root,0,0,00:00:00,14108) [kworker/4:1]
(root,0,0,00:00:00,14338) [kworker/4:0]
(root,0,0,00:00:00,14402) [kworker/2:0]
(root,0,0,00:00:00,16477) [kworker/3:1]
(root,0,0,00:00:00,16707) [kworker/2:2]
(www-data,536544,13524,00:00:00,16738) /usr/sbin/apache2 -k start
(root,0,0,00:00:00,16989) [kworker/3:0]
(root,0,0,00:00:00,17006) [kworker/0:2]
(root,0,0,00:00:00,17033) [kworker/0:1]
(root,0,0,00:00:00,17097) [kworker/1:2]
(root,20896,3376,00:00:00,17158) /bin/bash /usr/bin/check_mk_agent
(root,36628,2856,00:00:00,17164) ps ax -o user,vsz,rss,cputime,pid,command --columns 10000
(root,13204,980,00:00:00,17165) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4,\5) /
(root,0,0,00:00:00,28054) [loop8]
(root,0,0,00:00:00,28194) [loop3]

Found on 2024-09-17 23:26

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbdb152c97192c0d284810ab27e16e94cea56ef514

Found public CheckMk agent:
Version: 1.2.6b5
AgentOS: linux
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local

Found process list through CheckMk:
(root,204812,6896,00:00:18,1) /sbin/init
(root,0,0,00:00:00,2) [kthreadd]
(root,0,0,00:00:00,4) [kworker/0:0H]
(root,0,0,00:00:11,6) [kworker/0:1H]
(root,0,0,00:00:00,7) [ksoftirqd/0]
(root,0,0,00:05:54,8) [rcu_sched]
(root,0,0,00:00:00,9) [rcu_bh]
(root,0,0,00:00:00,10) [migration/0]
(root,0,0,00:00:00,11) [lru-add-drain]
(root,0,0,00:00:01,12) [watchdog/0]
(root,0,0,00:00:00,13) [cpuhp/0]
(root,0,0,00:00:00,14) [cpuhp/1]
(root,0,0,00:00:01,15) [watchdog/1]
(root,0,0,00:00:00,16) [migration/1]
(root,0,0,00:00:01,17) [ksoftirqd/1]
(root,0,0,00:00:00,19) [kworker/1:0H]
(root,0,0,00:00:00,20) [cpuhp/2]
(root,0,0,00:00:01,21) [watchdog/2]
(root,0,0,00:00:00,22) [migration/2]
(root,0,0,00:00:00,23) [ksoftirqd/2]
(root,0,0,00:00:00,25) [kworker/2:0H]
(root,0,0,00:00:00,26) [cpuhp/3]
(root,0,0,00:00:01,27) [watchdog/3]
(root,0,0,00:00:00,28) [migration/3]
(root,0,0,00:00:11,29) [ksoftirqd/3]
(root,0,0,00:00:00,31) [kworker/3:0H]
(root,0,0,00:00:00,32) [cpuhp/4]
(root,0,0,00:00:01,33) [watchdog/4]
(root,0,0,00:00:00,34) [migration/4]
(root,0,0,00:00:00,35) [ksoftirqd/4]
(root,0,0,00:00:00,37) [kworker/4:0H]
(root,0,0,00:00:00,38) [cpuhp/5]
(root,0,0,00:00:01,39) [watchdog/5]
(root,0,0,00:00:00,40) [migration/5]
(root,0,0,00:00:00,41) [ksoftirqd/5]
(root,0,0,00:00:00,43) [kworker/5:0H]
(root,0,0,00:00:00,44) [kdevtmpfs]
(root,0,0,00:00:00,45) [netns]
(root,0,0,00:00:00,46) [khungtaskd]
(root,0,0,00:00:00,47) [oom_reaper]
(root,0,0,00:00:00,48) [writeback]
(root,0,0,00:00:00,49) [kcompactd0]
(root,0,0,00:00:00,51) [ksmd]
(root,0,0,00:00:00,52) [khugepaged]
(root,0,0,00:00:00,53) [crypto]
(root,0,0,00:00:00,54) [kintegrityd]
(root,0,0,00:00:00,55) [bioset]
(root,0,0,00:00:00,56) [kblockd]
(root,0,0,00:00:00,57) [devfreq_wq]
(root,0,0,00:00:00,58) [watchdogd]
(root,0,0,00:00:01,59) [kswapd0]
(root,0,0,00:00:00,60) [vmstat]
(root,0,0,00:00:00,72) [kthrotld]
(root,0,0,00:00:00,73) [ipv6_addrconf]
(root,0,0,00:00:00,109) [mpt_poll_0]
(root,0,0,00:00:00,110) [mpt/0]
(root,0,0,00:00:00,111) [ata_sff]
(root,0,0,00:00:00,147) [scsi_eh_0]
(root,0,0,00:00:00,148) [scsi_tmf_0]
(root,0,0,00:00:00,149) [bioset]
(root,0,0,00:00:00,150) [scsi_eh_1]
(root,0,0,00:00:00,152) [scsi_tmf_1]
(root,0,0,00:00:00,153) [scsi_eh_2]
(root,0,0,00:00:00,154) [scsi_tmf_2]
(root,0,0,00:00:00,171) [bioset]
(root,0,0,00:00:10,174) [kworker/5:1H]
(root,0,0,00:00:48,176) [kworker/1:1H]
(root,0,0,00:00:09,177) [kworker/4:1H]
(root,0,0,00:00:00,203) [kworker/u13:0]
(root,0,0,00:00:15,212) [kworker/2:1H]
(root,0,0,00:03:09,214) [jbd2/sda3-8]
(root,0,0,00:00:00,215) [ext4-rsv-conver]
(root,0,0,00:00:37,237) [kworker/3:1H]
(root,135004,11028,00:08:57,241) /usr/bin/vmtoolsd
(root,0,0,00:00:00,242) [kauditd]
(root,76844,17980,00:08:13,253) /lib/systemd/systemd-journald
(root,98996,1476,00:00:00,273) /sbin/lvmetad -f
(root,47416,5088,00:00:01,305) /lib/systemd/systemd-udevd
(root,0,0,00:00:00,308) [bioset]
(root,0,0,00:00:00,309) [bioset]
(root,0,0,00:00:00,310) [bioset]
(root,0,0,00:00:00,311) [bioset]
(root,0,0,00:00:00,312) [bioset]
(root,0,0,00:00:00,313) [bioset]
(root,0,0,00:00:00,314) [bioset]
(root,0,0,00:00:00,315) [bioset]
(root,0,0,00:00:00,316) [loop0]
(root,0,0,00:00:00,318) [loop2]
(root,0,0,00:00:00,324) [loop4]
(root,0,0,00:00:00,325) [loop5]
(root,0,0,00:00:00,326) [loop6]
(root,0,0,00:00:00,329) [loop7]
(root,0,0,00:00:00,362) [ttm_swap]
(root,0,0,00:00:00,604) [jbd2/sda1-8]
(root,0,0,00:00:00,605) [ext4-rsv-conver]
(systemd+,127284,4100,00:00:01,621) /lib/systemd/systemd-timesyncd
(root,553760,5328,00:01:46,642) /usr/sbin/rsyslogd -n
(root,30876,2824,00:00:01,643) /usr/sbin/cron -f
(root,35912,3312,00:00:28,644) /usr/sbin/irqbalance --foreground
(root,153692,18308,00:00:00,645) /usr/bin/VGAuthService
(root,46668,5004,00:00:02,646) /lib/systemd/systemd-logind
(message+,45124,3864,00:00:03,647) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation
(root,1299796,28260,00:00:43,656) /usr/lib/snapd/snapd
(root,58340,4368,00:00:00,863) lldpd: monitor.
(root,15740,1640,00:00:00,865) /sbin/agetty --noclear tty1 linux
(_lldpd,58340,2908,00:00:05,911) lldpd: connected to SW_CORE_01.
(root,69956,6308,00:00:00,941) /usr/sbin/sshd -D
(root,0,0,00:00:00,951) [bioset]
(root,979984,10244,00:33:39,1063) /usr/sbin/collectd
(root,321460,49864,00:01:50,1100) /usr/bin/python3 /usr/bin/fail2ban-server -s /var/run/fail2ban/fail2ban.sock -p /var/run/fail2ban/fail2ban.pid -x -b
(root,536304,38252,00:00:28,1135) /usr/sbin/apache2 -k start
(root,56536,6004,00:00:00,1199) /lib/systemd/systemd --user
(root,84908,1448,00:00:00,1200) (sd-pam)
(root,82324,3784,00:00:22,1371) sendmail: MTA: accepting connections
(root,0,0,00:00:01,1558) [kworker/0:2]
(root,0,0,00:00:05,2824) [kworker/1:2]
(root,0,0,00:00:00,4699) [kworker/2:2]
(root,0,0,00:00:00,5255) [kworker/2:1]
(www-data,536904,14172,00:00:00,5564) /usr/sbin/apache2 -k start
(www-data,536776,14196,00:00:00,5566) /usr/sbin/apache2 -k start
(www-data,536744,14252,00:00:00,5567) /usr/sbin/apache2 -k start
(www-data,536744,13660,00:00:00,5568) /usr/sbin/apache2 -k start
(root,0,0,00:00:00,5570) [kworker/5:1]
(www-data,536984,19416,00:00:00,5575) /usr/sbin/apache2 -k start
(www-data,537000,20784,00:00:00,5580) /usr/sbin/apache2 -k start
(www-data,536528,13672,00:00:00,5591) /usr/sbin/apache2 -k start
(www-data,536528,13676,00:00:00,5597) /usr/sbin/apache2 -k start
(www-data,536528,13732,00:00:00,5598) /usr/sbin/apache2 -k start
(www-data,536776,14024,00:00:00,5599) /usr/sbin/apache2 -k start
(root,0,0,00:00:00,5856) [kworker/3:1]
(root,0,0,00:00:00,6926) [kworker/4:0]
(root,318164,12056,00:00:03,7053) /usr/lib/packagekit/packagekitd
(root,286116,6208,00:00:02,7057) /usr/lib/policykit-1/polkitd --no-debug
(root,0,0,00:00:00,7502) [kworker/4:2]
(freerad,1911700,26728,00:09:45,7832) /usr/sbin/freeradius
(root,0,0,00:00:00,8011) [kworker/3:2]
(root,0,0,00:00:00,8552) [kworker/1:0]
(root,0,0,00:00:00,8839) [kworker/0:1]
(mysql,1534684,679424,01:10:47,8877) /usr/sbin/mysqld
(root,7044,676,00:00:00,8918) sleep 180
(root,0,0,00:00:00,9088) [kworker/4:1]
(root,0,0,00:00:00,9091) [kworker/0:0]
(root,54168,2744,00:00:00,9092) /usr/sbin/CRON -f
(smmsp,4276,712,00:00:00,9093) /bin/sh -c test -x /etc/init.d/sendmail && test -x /usr/share/sendmail/sendmail && test -x /usr/lib/sm.bin/sendmail && /usr/share/sendmail/sendmail cron-msp
(smmsp,4408,1716,00:00:00,9094) /bin/sh /usr/share/sendmail/sendmail cron-msp
(smmsp,62740,6536,00:00:00,9112) /usr/sbin/sendmail-msp -qf -Ac -L sm-msp-queue
(mysql,4276,716,00:00:00,9113) sh -c  /usr/bin/python3 /cfg/scripts/new_rad.py                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                   
(mysql,126460,64012,00:00:05,9114) /usr/bin/python3 /cfg/scripts/new_rad.py
(root,0,0,00:00:00,9191) [kworker/5:2]
(root,20896,3228,00:00:00,9254) /bin/bash /usr/bin/check_mk_agent
(root,36628,2800,00:00:00,9260) ps ax -o user,vsz,rss,cputime,pid,command --columns 10000
(root,13204,952,00:00:00,9261) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4,\5) /
(root,4276,692,00:00:00,10974) sh /root/.vscode-server/cli/servers/Stable-4849ca9bdf9666755eb463db297b69e5385090e3/server/bin/code-server --connection-token=remotessh --accept-server-license-terms --start-server --enable-remote-auto-shutdown --socket-path=/tmp/code-e26311fa-342f-4a15-a334-f6757e2c536e
(root,1344004,104416,00:03:57,10978) /root/.vscode-server/cli/servers/Stable-4849ca9bdf9666755eb463db297b69e5385090e3/server/node /root/.vscode-server/cli/servers/Stable-4849ca9bdf9666755eb463db297b69e5385090e3/server/out/server-main.js --connection-token=remotessh --accept-server-license-terms --start-server --enable-remote-auto-shutdown --socket-path=/tmp/code-e26311fa-342f-4a15-a334-f6757e2c536e
(root,1161904,69808,00:07:58,11012) /root/.vscode-server/cli/servers/Stable-4849ca9bdf9666755eb463db297b69e5385090e3/server/node /root/.vscode-server/cli/servers/Stable-4849ca9bdf9666755eb463db297b69e5385090e3/server/out/bootstrap-fork --type=ptyHost --logsPath /root/.vscode-server/data/logs/20240911T103125
(root,99704,6864,00:00:28,11060) sshd: root@notty
(root,4276,1516,00:00:00,11066) sh
(root,40672,15928,00:02:45,11084) /root/.vscode-server/code-4849ca9bdf9666755eb463db297b69e5385090e3 command-shell --cli-data-dir /root/.vscode-server/cli --parent-process-id 11066 --on-host=127.0.0.1 --on-port
(root,11892900,192680,00:05:29,11111) /root/.vscode-server/cli/servers/Stable-4849ca9bdf9666755eb463db297b69e5385090e3/server/node --dns-result-order=ipv4first /root/.vscode-server/cli/servers/Stable-4849ca9bdf9666755eb463db297b69e5385090e3/server/out/bootstrap-fork --type=extensionHost --transformURIs --useHostProxy=false
(root,1449040,60392,00:00:33,11122) /root/.vscode-server/cli/servers/Stable-4849ca9bdf9666755eb463db297b69e5385090e3/server/node /root/.vscode-server/cli/servers/Stable-4849ca9bdf9666755eb463db297b69e5385090e3/server/out/bootstrap-fork --type=fileWatcher
(root,4432,3452,00:00:00,11462) /root/.vscode-server/extensions/ms-python.python-2024.14.0-linux-x64/python-env-tools/bin/pet server
(root,21280,3964,00:00:00,11561) /bin/bash --init-file /root/.vscode-server/cli/servers/Stable-4849ca9bdf9666755eb463db297b69e5385090e3/server/out/vs/workbench/contrib/terminal/browser/media/shellIntegration-bash.sh
(root,12965380,445492,00:02:02,11580) /root/.vscode-server/cli/servers/Stable-4849ca9bdf9666755eb463db297b69e5385090e3/server/node /root/.vscode-server/extensions/ms-python.vscode-pylance-2024.9.1/dist/server.bundle.js --cancellationReceive=file:9cc6197381cbb09f8d202ab5c6746afcf51e69ebfd --node-ipc --clientProcessId=11111
(root,21288,3992,00:00:00,11643) /bin/bash --init-file /root/.vscode-server/cli/servers/Stable-4849ca9bdf9666755eb463db297b69e5385090e3/server/out/vs/workbench/contrib/terminal/browser/media/shellIntegration-bash.sh
(root,7080,708,00:00:00,11721) tail -f /cfg/scripts/blokady.log
(root,0,0,00:00:05,22404) [kworker/u12:1]
(root,0,0,00:00:02,26934) [kworker/u12:0]
(root,0,0,00:00:00,28054) [loop8]
(root,0,0,00:00:00,28194) [loop3]
(root,0,0,00:00:01,30847) [kworker/5:0]

Found on 2024-09-15 23:40

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbdb152c97192c0d284810ab27e16e94ce2099e3e4

Found public CheckMk agent:
Version: 1.2.6b5
AgentOS: linux
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local

Found process list through CheckMk:
(root,204812,6796,00:00:15,1) /sbin/init
(root,0,0,00:00:00,2) [kthreadd]
(root,0,0,00:00:00,4) [kworker/0:0H]
(root,0,0,00:00:08,6) [kworker/0:1H]
(root,0,0,00:00:00,7) [ksoftirqd/0]
(root,0,0,00:04:11,8) [rcu_sched]
(root,0,0,00:00:00,9) [rcu_bh]
(root,0,0,00:00:00,10) [migration/0]
(root,0,0,00:00:00,11) [lru-add-drain]
(root,0,0,00:00:01,12) [watchdog/0]
(root,0,0,00:00:00,13) [cpuhp/0]
(root,0,0,00:00:00,14) [cpuhp/1]
(root,0,0,00:00:01,15) [watchdog/1]
(root,0,0,00:00:00,16) [migration/1]
(root,0,0,00:00:01,17) [ksoftirqd/1]
(root,0,0,00:00:00,19) [kworker/1:0H]
(root,0,0,00:00:00,20) [cpuhp/2]
(root,0,0,00:00:01,21) [watchdog/2]
(root,0,0,00:00:00,22) [migration/2]
(root,0,0,00:00:00,23) [ksoftirqd/2]
(root,0,0,00:00:00,25) [kworker/2:0H]
(root,0,0,00:00:00,26) [cpuhp/3]
(root,0,0,00:00:01,27) [watchdog/3]
(root,0,0,00:00:00,28) [migration/3]
(root,0,0,00:00:08,29) [ksoftirqd/3]
(root,0,0,00:00:00,31) [kworker/3:0H]
(root,0,0,00:00:00,32) [cpuhp/4]
(root,0,0,00:00:01,33) [watchdog/4]
(root,0,0,00:00:00,34) [migration/4]
(root,0,0,00:00:00,35) [ksoftirqd/4]
(root,0,0,00:00:00,37) [kworker/4:0H]
(root,0,0,00:00:00,38) [cpuhp/5]
(root,0,0,00:00:01,39) [watchdog/5]
(root,0,0,00:00:00,40) [migration/5]
(root,0,0,00:00:00,41) [ksoftirqd/5]
(root,0,0,00:00:00,43) [kworker/5:0H]
(root,0,0,00:00:00,44) [kdevtmpfs]
(root,0,0,00:00:00,45) [netns]
(root,0,0,00:00:00,46) [khungtaskd]
(root,0,0,00:00:00,47) [oom_reaper]
(root,0,0,00:00:00,48) [writeback]
(root,0,0,00:00:00,49) [kcompactd0]
(root,0,0,00:00:00,51) [ksmd]
(root,0,0,00:00:00,52) [khugepaged]
(root,0,0,00:00:00,53) [crypto]
(root,0,0,00:00:00,54) [kintegrityd]
(root,0,0,00:00:00,55) [bioset]
(root,0,0,00:00:00,56) [kblockd]
(root,0,0,00:00:00,57) [devfreq_wq]
(root,0,0,00:00:00,58) [watchdogd]
(root,0,0,00:00:01,59) [kswapd0]
(root,0,0,00:00:00,60) [vmstat]
(root,0,0,00:00:00,72) [kthrotld]
(root,0,0,00:00:00,73) [ipv6_addrconf]
(root,0,0,00:00:00,109) [mpt_poll_0]
(root,0,0,00:00:00,110) [mpt/0]
(root,0,0,00:00:00,111) [ata_sff]
(root,0,0,00:00:00,147) [scsi_eh_0]
(root,0,0,00:00:00,148) [scsi_tmf_0]
(root,0,0,00:00:00,149) [bioset]
(root,0,0,00:00:00,150) [scsi_eh_1]
(root,0,0,00:00:00,152) [scsi_tmf_1]
(root,0,0,00:00:00,153) [scsi_eh_2]
(root,0,0,00:00:00,154) [scsi_tmf_2]
(root,0,0,00:00:00,171) [bioset]
(root,0,0,00:00:08,174) [kworker/5:1H]
(root,0,0,00:00:36,176) [kworker/1:1H]
(root,0,0,00:00:07,177) [kworker/4:1H]
(root,0,0,00:00:00,203) [kworker/u13:0]
(root,0,0,00:00:11,212) [kworker/2:1H]
(root,0,0,00:02:19,214) [jbd2/sda3-8]
(root,0,0,00:00:00,215) [ext4-rsv-conver]
(root,0,0,00:00:28,237) [kworker/3:1H]
(root,135004,11064,00:06:58,241) /usr/bin/vmtoolsd
(root,0,0,00:00:00,242) [kauditd]
(root,62584,8328,00:06:25,253) /lib/systemd/systemd-journald
(root,98996,1476,00:00:00,273) /sbin/lvmetad -f
(root,47416,5352,00:00:01,305) /lib/systemd/systemd-udevd
(root,0,0,00:00:00,308) [bioset]
(root,0,0,00:00:00,309) [bioset]
(root,0,0,00:00:00,310) [bioset]
(root,0,0,00:00:00,311) [bioset]
(root,0,0,00:00:00,312) [bioset]
(root,0,0,00:00:00,313) [bioset]
(root,0,0,00:00:00,314) [bioset]
(root,0,0,00:00:00,315) [bioset]
(root,0,0,00:00:00,316) [loop0]
(root,0,0,00:00:00,317) [loop1]
(root,0,0,00:00:00,318) [loop2]
(root,0,0,00:00:00,324) [loop4]
(root,0,0,00:00:00,325) [loop5]
(root,0,0,00:00:00,326) [loop6]
(root,0,0,00:00:00,329) [loop7]
(root,0,0,00:00:00,362) [ttm_swap]
(root,0,0,00:00:00,604) [jbd2/sda1-8]
(root,0,0,00:00:00,605) [ext4-rsv-conver]
(systemd+,127284,4100,00:00:01,621) /lib/systemd/systemd-timesyncd
(root,553760,5236,00:01:23,642) /usr/sbin/rsyslogd -n
(root,30876,2824,00:00:01,643) /usr/sbin/cron -f
(root,35912,3312,00:00:22,644) /usr/sbin/irqbalance --foreground
(root,153692,18336,00:00:00,645) /usr/bin/VGAuthService
(root,46520,4756,00:00:02,646) /lib/systemd/systemd-logind
(message+,45124,3864,00:00:02,647) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation
(root,1299796,30148,00:00:33,656) /usr/lib/snapd/snapd
(root,58340,4368,00:00:00,863) lldpd: monitor.
(root,15740,1640,00:00:00,865) /sbin/agetty --noclear tty1 linux
(_lldpd,58340,2908,00:00:04,911) lldpd: connected to SW_CORE_01.
(root,69956,6308,00:00:00,941) /usr/sbin/sshd -D
(root,0,0,00:00:00,951) [bioset]
(root,979984,10216,00:25:50,1063) /usr/sbin/collectd
(root,321460,49864,00:01:26,1100) /usr/bin/python3 /usr/bin/fail2ban-server -s /var/run/fail2ban/fail2ban.sock -p /var/run/fail2ban/fail2ban.pid -x -b
(root,536260,38180,00:00:21,1135) /usr/sbin/apache2 -k start
(root,56536,6004,00:00:00,1199) /lib/systemd/systemd --user
(root,84908,1484,00:00:00,1200) (sd-pam)
(root,82324,3784,00:00:17,1371) sendmail: MTA: accepting connections
(root,0,0,00:00:01,2970) [kworker/u12:2]
(root,0,0,00:00:00,4019) [kworker/4:2]
(root,0,0,00:00:01,4526) [kworker/4:0]
(root,0,0,00:00:00,6160) [kworker/5:1]
(root,318164,12056,00:00:02,7053) /usr/lib/packagekit/packagekitd
(root,286116,6208,00:00:02,7057) /usr/lib/policykit-1/polkitd --no-debug
(freerad,1911700,26480,00:07:33,7832) /usr/sbin/freeradius
(mysql,1518300,674884,00:50:41,8877) /usr/sbin/mysqld
(root,4276,756,00:00:00,10974) sh /root/.vscode-server/cli/servers/Stable-4849ca9bdf9666755eb463db297b69e5385090e3/server/bin/code-server --connection-token=remotessh --accept-server-license-terms --start-server --enable-remote-auto-shutdown --socket-path=/tmp/code-e26311fa-342f-4a15-a334-f6757e2c536e
(root,1344004,104356,00:02:54,10978) /root/.vscode-server/cli/servers/Stable-4849ca9bdf9666755eb463db297b69e5385090e3/server/node /root/.vscode-server/cli/servers/Stable-4849ca9bdf9666755eb463db297b69e5385090e3/server/out/server-main.js --connection-token=remotessh --accept-server-license-terms --start-server --enable-remote-auto-shutdown --socket-path=/tmp/code-e26311fa-342f-4a15-a334-f6757e2c536e
(root,1161904,68260,00:04:24,11012) /root/.vscode-server/cli/servers/Stable-4849ca9bdf9666755eb463db297b69e5385090e3/server/node /root/.vscode-server/cli/servers/Stable-4849ca9bdf9666755eb463db297b69e5385090e3/server/out/bootstrap-fork --type=ptyHost --logsPath /root/.vscode-server/data/logs/20240911T103125
(root,99704,6864,00:00:20,11060) sshd: root@notty
(root,4276,1516,00:00:00,11066) sh
(root,40672,15936,00:02:06,11084) /root/.vscode-server/code-4849ca9bdf9666755eb463db297b69e5385090e3 command-shell --cli-data-dir /root/.vscode-server/cli --parent-process-id 11066 --on-host=127.0.0.1 --on-port
(root,11903432,202696,00:03:09,11111) /root/.vscode-server/cli/servers/Stable-4849ca9bdf9666755eb463db297b69e5385090e3/server/node --dns-result-order=ipv4first /root/.vscode-server/cli/servers/Stable-4849ca9bdf9666755eb463db297b69e5385090e3/server/out/bootstrap-fork --type=extensionHost --transformURIs --useHostProxy=false
(root,1449040,61000,00:00:19,11122) /root/.vscode-server/cli/servers/Stable-4849ca9bdf9666755eb463db297b69e5385090e3/server/node /root/.vscode-server/cli/servers/Stable-4849ca9bdf9666755eb463db297b69e5385090e3/server/out/bootstrap-fork --type=fileWatcher
(root,4432,3452,00:00:00,11462) /root/.vscode-server/extensions/ms-python.python-2024.14.0-linux-x64/python-env-tools/bin/pet server
(root,21280,3964,00:00:00,11561) /bin/bash --init-file /root/.vscode-server/cli/servers/Stable-4849ca9bdf9666755eb463db297b69e5385090e3/server/out/vs/workbench/contrib/terminal/browser/media/shellIntegration-bash.sh
(root,12965380,444856,00:01:54,11580) /root/.vscode-server/cli/servers/Stable-4849ca9bdf9666755eb463db297b69e5385090e3/server/node /root/.vscode-server/extensions/ms-python.vscode-pylance-2024.9.1/dist/server.bundle.js --cancellationReceive=file:9cc6197381cbb09f8d202ab5c6746afcf51e69ebfd --node-ipc --clientProcessId=11111
(root,0,0,00:00:00,11633) [kworker/1:1]
(root,21288,3992,00:00:00,11643) /bin/bash --init-file /root/.vscode-server/cli/servers/Stable-4849ca9bdf9666755eb463db297b69e5385090e3/server/out/vs/workbench/contrib/terminal/browser/media/shellIntegration-bash.sh
(root,7080,708,00:00:00,11721) tail -f /cfg/scripts/blokady.log
(root,0,0,00:00:06,12130) [kworker/1:0]
(root,0,0,00:00:01,12287) [kworker/0:0]
(root,0,0,00:00:00,12494) [kworker/5:2]
(www-data,536352,13520,00:00:00,13049) /usr/sbin/apache2 -k start
(root,0,0,00:00:11,14403) [kworker/u12:0]
(root,0,0,00:00:00,16498) [kworker/2:2]
(root,0,0,00:00:00,17049) [kworker/2:1]
(root,0,0,00:00:00,17554) [kworker/3:2]
(root,0,0,00:00:00,17745) [kworker/3:0]
(root,0,0,00:00:00,17925) [kworker/0:1]
(root,7044,668,00:00:00,17955) sleep 180
(root,0,0,00:00:00,18004) [kworker/0:2]
(root,0,0,00:00:00,18113) [kworker/4:1]
(root,20896,3352,00:00:00,18122) /bin/bash /usr/bin/check_mk_agent
(root,36628,2868,00:00:00,18128) ps ax -o user,vsz,rss,cputime,pid,command --columns 10000
(root,13204,940,00:00:00,18129) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4,\5) /
(root,0,0,00:00:00,28054) [loop8]
(www-data,537476,26216,00:00:00,30886) /usr/sbin/apache2 -k start
(www-data,537536,27108,00:00:01,30887) /usr/sbin/apache2 -k start
(www-data,537312,26496,00:00:00,30888) /usr/sbin/apache2 -k start
(www-data,537296,25028,00:00:00,30889) /usr/sbin/apache2 -k start
(www-data,537308,25816,00:00:00,30890) /usr/sbin/apache2 -k start
(www-data,537352,27064,00:00:00,31306) /usr/sbin/apache2 -k start
(www-data,537476,25764,00:00:00,31466) /usr/sbin/apache2 -k start

Found on 2024-09-13 22:07

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbdb152c97192c0d284810ab27e16e94ce7f12c4f0

Found public CheckMk agent:
Version: 1.2.6b5
AgentOS: linux
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local

Found process list through CheckMk:
(root,204812,6904,00:00:12,1) /sbin/init
(root,0,0,00:00:00,2) [kthreadd]
(root,0,0,00:00:00,4) [kworker/0:0H]
(root,0,0,00:00:05,6) [kworker/0:1H]
(root,0,0,00:00:00,7) [ksoftirqd/0]
(root,0,0,00:02:41,8) [rcu_sched]
(root,0,0,00:00:00,9) [rcu_bh]
(root,0,0,00:00:00,10) [migration/0]
(root,0,0,00:00:00,11) [lru-add-drain]
(root,0,0,00:00:00,12) [watchdog/0]
(root,0,0,00:00:00,13) [cpuhp/0]
(root,0,0,00:00:00,14) [cpuhp/1]
(root,0,0,00:00:00,15) [watchdog/1]
(root,0,0,00:00:00,16) [migration/1]
(root,0,0,00:00:00,17) [ksoftirqd/1]
(root,0,0,00:00:00,19) [kworker/1:0H]
(root,0,0,00:00:00,20) [cpuhp/2]
(root,0,0,00:00:00,21) [watchdog/2]
(root,0,0,00:00:00,22) [migration/2]
(root,0,0,00:00:00,23) [ksoftirqd/2]
(root,0,0,00:00:00,25) [kworker/2:0H]
(root,0,0,00:00:00,26) [cpuhp/3]
(root,0,0,00:00:00,27) [watchdog/3]
(root,0,0,00:00:00,28) [migration/3]
(root,0,0,00:00:06,29) [ksoftirqd/3]
(root,0,0,00:00:00,31) [kworker/3:0H]
(root,0,0,00:00:00,32) [cpuhp/4]
(root,0,0,00:00:00,33) [watchdog/4]
(root,0,0,00:00:00,34) [migration/4]
(root,0,0,00:00:00,35) [ksoftirqd/4]
(root,0,0,00:00:00,37) [kworker/4:0H]
(root,0,0,00:00:00,38) [cpuhp/5]
(root,0,0,00:00:00,39) [watchdog/5]
(root,0,0,00:00:00,40) [migration/5]
(root,0,0,00:00:00,41) [ksoftirqd/5]
(root,0,0,00:00:00,43) [kworker/5:0H]
(root,0,0,00:00:00,44) [kdevtmpfs]
(root,0,0,00:00:00,45) [netns]
(root,0,0,00:00:00,46) [khungtaskd]
(root,0,0,00:00:00,47) [oom_reaper]
(root,0,0,00:00:00,48) [writeback]
(root,0,0,00:00:00,49) [kcompactd0]
(root,0,0,00:00:00,51) [ksmd]
(root,0,0,00:00:00,52) [khugepaged]
(root,0,0,00:00:00,53) [crypto]
(root,0,0,00:00:00,54) [kintegrityd]
(root,0,0,00:00:00,55) [bioset]
(root,0,0,00:00:00,56) [kblockd]
(root,0,0,00:00:00,57) [devfreq_wq]
(root,0,0,00:00:00,58) [watchdogd]
(root,0,0,00:00:00,59) [kswapd0]
(root,0,0,00:00:00,60) [vmstat]
(root,0,0,00:00:00,72) [kthrotld]
(root,0,0,00:00:00,73) [ipv6_addrconf]
(root,0,0,00:00:00,109) [mpt_poll_0]
(root,0,0,00:00:00,110) [mpt/0]
(root,0,0,00:00:00,111) [ata_sff]
(root,0,0,00:00:00,147) [scsi_eh_0]
(root,0,0,00:00:00,148) [scsi_tmf_0]
(root,0,0,00:00:00,149) [bioset]
(root,0,0,00:00:00,150) [scsi_eh_1]
(root,0,0,00:00:00,152) [scsi_tmf_1]
(root,0,0,00:00:00,153) [scsi_eh_2]
(root,0,0,00:00:00,154) [scsi_tmf_2]
(root,0,0,00:00:00,171) [bioset]
(root,0,0,00:00:05,174) [kworker/5:1H]
(root,0,0,00:00:25,176) [kworker/1:1H]
(root,0,0,00:00:05,177) [kworker/4:1H]
(root,0,0,00:00:00,203) [kworker/u13:0]
(root,0,0,00:00:08,212) [kworker/2:1H]
(root,0,0,00:01:29,214) [jbd2/sda3-8]
(root,0,0,00:00:00,215) [ext4-rsv-conver]
(root,0,0,00:00:20,237) [kworker/3:1H]
(root,135004,11064,00:05:09,241) /usr/bin/vmtoolsd
(root,0,0,00:00:00,242) [kauditd]
(root,62584,8840,00:04:47,253) /lib/systemd/systemd-journald
(root,98996,1476,00:00:00,273) /sbin/lvmetad -f
(root,47416,5352,00:00:01,305) /lib/systemd/systemd-udevd
(root,0,0,00:00:00,308) [bioset]
(root,0,0,00:00:00,309) [bioset]
(root,0,0,00:00:00,310) [bioset]
(root,0,0,00:00:00,311) [bioset]
(root,0,0,00:00:00,312) [bioset]
(root,0,0,00:00:00,313) [bioset]
(root,0,0,00:00:00,314) [bioset]
(root,0,0,00:00:00,315) [bioset]
(root,0,0,00:00:00,316) [loop0]
(root,0,0,00:00:00,317) [loop1]
(root,0,0,00:00:00,318) [loop2]
(root,0,0,00:00:00,324) [loop4]
(root,0,0,00:00:00,325) [loop5]
(root,0,0,00:00:00,326) [loop6]
(root,0,0,00:00:00,329) [loop7]
(root,0,0,00:00:00,362) [ttm_swap]
(root,0,0,00:00:00,604) [jbd2/sda1-8]
(root,0,0,00:00:00,605) [ext4-rsv-conver]
(systemd+,127284,4100,00:00:00,621) /lib/systemd/systemd-timesyncd
(root,553760,5268,00:01:01,642) /usr/sbin/rsyslogd -n
(root,30876,2824,00:00:00,643) /usr/sbin/cron -f
(root,35912,3312,00:00:16,644) /usr/sbin/irqbalance --foreground
(root,153692,18336,00:00:00,645) /usr/bin/VGAuthService
(root,46520,4756,00:00:01,646) /lib/systemd/systemd-logind
(message+,45124,3864,00:00:02,647) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation
(root,1299796,30448,00:00:24,656) /usr/lib/snapd/snapd
(root,58340,4368,00:00:00,863) lldpd: monitor.
(root,15740,1640,00:00:00,865) /sbin/agetty --noclear tty1 linux
(_lldpd,58340,2908,00:00:03,911) lldpd: connected to SW_CORE_01.
(root,69956,6308,00:00:00,941) /usr/sbin/sshd -D
(root,0,0,00:00:00,951) [bioset]
(root,979984,10204,00:18:30,1063) /usr/sbin/collectd
(root,321460,49864,00:01:04,1100) /usr/bin/python3 /usr/bin/fail2ban-server -s /var/run/fail2ban/fail2ban.sock -p /var/run/fail2ban/fail2ban.pid -x -b
(root,536260,38160,00:00:16,1135) /usr/sbin/apache2 -k start
(root,56536,6004,00:00:00,1199) /lib/systemd/systemd --user
(root,84908,1592,00:00:00,1200) (sd-pam)
(root,82324,3784,00:00:12,1371) sendmail: MTA: accepting connections
(root,318164,12056,00:00:02,7053) /usr/lib/packagekit/packagekitd
(root,286116,6208,00:00:01,7057) /usr/lib/policykit-1/polkitd --no-debug
(freerad,1911700,26260,00:05:32,7832) /usr/sbin/freeradius
(root,0,0,00:00:03,8369) [kworker/2:2]
(www-data,542292,39924,00:00:01,8494) /usr/sbin/apache2 -k start
(www-data,542536,40764,00:00:02,8496) /usr/sbin/apache2 -k start
(www-data,541972,38996,00:00:01,8537) /usr/sbin/apache2 -k start
(root,0,0,00:00:12,8647) [kworker/u12:2]
(mysql,1510108,677084,00:30:59,8877) /usr/sbin/mysqld
(www-data,542364,39976,00:00:01,10021) /usr/sbin/apache2 -k start
(root,53980,8152,00:00:00,10537) mc
(root,21160,3824,00:00:00,10539) bash -rcfile .bashrc
(root,99352,6944,00:00:00,10547) sshd: root@pts/1
(root,22556,5312,00:00:00,10553) -bash
(root,4276,756,00:00:00,10974) sh /root/.vscode-server/cli/servers/Stable-4849ca9bdf9666755eb463db297b69e5385090e3/server/bin/code-server --connection-token=remotessh --accept-server-license-terms --start-server --enable-remote-auto-shutdown --socket-path=/tmp/code-e26311fa-342f-4a15-a334-f6757e2c536e
(root,1389156,147276,00:01:30,10978) /root/.vscode-server/cli/servers/Stable-4849ca9bdf9666755eb463db297b69e5385090e3/server/node /root/.vscode-server/cli/servers/Stable-4849ca9bdf9666755eb463db297b69e5385090e3/server/out/server-main.js --connection-token=remotessh --accept-server-license-terms --start-server --enable-remote-auto-shutdown --socket-path=/tmp/code-e26311fa-342f-4a15-a334-f6757e2c536e
(root,1162384,68472,00:01:07,11012) /root/.vscode-server/cli/servers/Stable-4849ca9bdf9666755eb463db297b69e5385090e3/server/node /root/.vscode-server/cli/servers/Stable-4849ca9bdf9666755eb463db297b69e5385090e3/server/out/bootstrap-fork --type=ptyHost --logsPath /root/.vscode-server/data/logs/20240911T103125
(root,99492,6864,00:00:10,11060) sshd: root@notty
(root,4276,1516,00:00:00,11066) sh
(root,40672,15884,00:01:10,11084) /root/.vscode-server/code-4849ca9bdf9666755eb463db297b69e5385090e3 command-shell --cli-data-dir /root/.vscode-server/cli --parent-process-id 11066 --on-host=127.0.0.1 --on-port
(root,11917604,216420,00:00:58,11111) /root/.vscode-server/cli/servers/Stable-4849ca9bdf9666755eb463db297b69e5385090e3/server/node --dns-result-order=ipv4first /root/.vscode-server/cli/servers/Stable-4849ca9bdf9666755eb463db297b69e5385090e3/server/out/bootstrap-fork --type=extensionHost --transformURIs --useHostProxy=false
(root,1448784,57328,00:00:06,11122) /root/.vscode-server/cli/servers/Stable-4849ca9bdf9666755eb463db297b69e5385090e3/server/node /root/.vscode-server/cli/servers/Stable-4849ca9bdf9666755eb463db297b69e5385090e3/server/out/bootstrap-fork --type=fileWatcher
(root,4432,3452,00:00:00,11462) /root/.vscode-server/extensions/ms-python.python-2024.14.0-linux-x64/python-env-tools/bin/pet server
(root,21280,3964,00:00:00,11561) /bin/bash --init-file /root/.vscode-server/cli/servers/Stable-4849ca9bdf9666755eb463db297b69e5385090e3/server/out/vs/workbench/contrib/terminal/browser/media/shellIntegration-bash.sh
(root,12965124,445328,00:01:46,11580) /root/.vscode-server/cli/servers/Stable-4849ca9bdf9666755eb463db297b69e5385090e3/server/node /root/.vscode-server/extensions/ms-python.vscode-pylance-2024.9.1/dist/server.bundle.js --cancellationReceive=file:9cc6197381cbb09f8d202ab5c6746afcf51e69ebfd --node-ipc --clientProcessId=11111
(root,21288,3992,00:00:00,11643) /bin/bash --init-file /root/.vscode-server/cli/servers/Stable-4849ca9bdf9666755eb463db297b69e5385090e3/server/out/vs/workbench/contrib/terminal/browser/media/shellIntegration-bash.sh
(root,7080,708,00:00:00,11721) tail -f /cfg/scripts/blokady.log
(root,0,0,00:00:02,14132) [kworker/5:1]
(www-data,542296,39528,00:00:01,14837) /usr/sbin/apache2 -k start
(root,0,0,00:00:02,24961) [kworker/1:1]
(www-data,536784,13676,00:00:00,25317) /usr/sbin/apache2 -k start
(www-data,536688,13616,00:00:00,25319) /usr/sbin/apache2 -k start
(www-data,536688,14192,00:00:00,25320) /usr/sbin/apache2 -k start
(www-data,536784,13576,00:00:00,25321) /usr/sbin/apache2 -k start
(www-data,536352,13540,00:00:00,25322) /usr/sbin/apache2 -k start
(root,0,0,00:00:04,26991) [kworker/1:0]
(root,0,0,00:00:00,27900) [kworker/4:0]
(root,0,0,00:00:00,28054) [loop8]
(root,0,0,00:00:00,28412) [kworker/4:1]
(root,0,0,00:00:00,28563) [kworker/u12:1]
(root,0,0,00:00:00,28969) [kworker/5:2]
(root,0,0,00:00:00,29095) [kworker/2:1]
(root,99352,7036,00:00:00,29930) sshd: root@pts/2
(root,22532,5228,00:00:00,29936) -bash
(root,0,0,00:00:00,30306) [kworker/0:1]
(root,0,0,00:00:00,30558) [kworker/3:0]
(root,0,0,00:00:00,31090) [kworker/3:1]
(root,0,0,00:00:00,31199) [kworker/0:2]
(root,7044,680,00:00:00,31203) sleep 180
(root,0,0,00:00:00,31273) [kworker/0:0]
(root,20900,3404,00:00:00,31274) /bin/bash /usr/bin/check_mk_agent
(root,20900,3384,00:00:00,31313) /bin/bash /usr/bin/check_mk_agent
(root,18004,2896,00:00:00,31362) bash ./freeradius.sh
(root,18004,1824,00:00:00,31367) bash ./freeradius.sh
(root,37764,5208,00:00:00,31370) /usr/bin/radclient -x localhost:18121 status adminsecret
(root,20896,3368,00:00:00,31376) /bin/bash /usr/bin/check_mk_agent
(root,18004,2940,00:00:00,31377) bash ./freeradius.sh
(root,18004,1824,00:00:00,31380) bash ./freeradius.sh
(root,37636,4836,00:00:00,31384) /usr/bin/radclient -x localhost:18121 status adminsecret
(root,36628,2880,00:00:00,31388) ps ax -o user,vsz,rss,cputime,pid,command --columns 10000
(root,13204,988,00:00:00,31389) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4,\5) /

Found on 2024-09-12 00:22

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbdb152c97192c0d284810ab27e16e94ce5e9656e9

Found public CheckMk agent:
Version: 1.2.6b5
AgentOS: linux
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local

Found process list through CheckMk:
(root,204812,7196,00:00:10,1) /sbin/init
(root,0,0,00:00:00,2) [kthreadd]
(root,0,0,00:00:00,4) [kworker/0:0H]
(root,0,0,00:00:04,6) [kworker/0:1H]
(root,0,0,00:00:00,7) [ksoftirqd/0]
(root,0,0,00:01:55,8) [rcu_sched]
(root,0,0,00:00:00,9) [rcu_bh]
(root,0,0,00:00:00,10) [migration/0]
(root,0,0,00:00:00,11) [lru-add-drain]
(root,0,0,00:00:00,12) [watchdog/0]
(root,0,0,00:00:00,13) [cpuhp/0]
(root,0,0,00:00:00,14) [cpuhp/1]
(root,0,0,00:00:00,15) [watchdog/1]
(root,0,0,00:00:00,16) [migration/1]
(root,0,0,00:00:00,17) [ksoftirqd/1]
(root,0,0,00:00:00,19) [kworker/1:0H]
(root,0,0,00:00:00,20) [cpuhp/2]
(root,0,0,00:00:00,21) [watchdog/2]
(root,0,0,00:00:00,22) [migration/2]
(root,0,0,00:00:00,23) [ksoftirqd/2]
(root,0,0,00:00:00,25) [kworker/2:0H]
(root,0,0,00:00:00,26) [cpuhp/3]
(root,0,0,00:00:00,27) [watchdog/3]
(root,0,0,00:00:00,28) [migration/3]
(root,0,0,00:00:04,29) [ksoftirqd/3]
(root,0,0,00:00:00,31) [kworker/3:0H]
(root,0,0,00:00:00,32) [cpuhp/4]
(root,0,0,00:00:00,33) [watchdog/4]
(root,0,0,00:00:00,34) [migration/4]
(root,0,0,00:00:00,35) [ksoftirqd/4]
(root,0,0,00:00:00,37) [kworker/4:0H]
(root,0,0,00:00:00,38) [cpuhp/5]
(root,0,0,00:00:00,39) [watchdog/5]
(root,0,0,00:00:00,40) [migration/5]
(root,0,0,00:00:00,41) [ksoftirqd/5]
(root,0,0,00:00:00,43) [kworker/5:0H]
(root,0,0,00:00:00,44) [kdevtmpfs]
(root,0,0,00:00:00,45) [netns]
(root,0,0,00:00:00,46) [khungtaskd]
(root,0,0,00:00:00,47) [oom_reaper]
(root,0,0,00:00:00,48) [writeback]
(root,0,0,00:00:00,49) [kcompactd0]
(root,0,0,00:00:00,51) [ksmd]
(root,0,0,00:00:00,52) [khugepaged]
(root,0,0,00:00:00,53) [crypto]
(root,0,0,00:00:00,54) [kintegrityd]
(root,0,0,00:00:00,55) [bioset]
(root,0,0,00:00:00,56) [kblockd]
(root,0,0,00:00:00,57) [devfreq_wq]
(root,0,0,00:00:00,58) [watchdogd]
(root,0,0,00:00:00,59) [kswapd0]
(root,0,0,00:00:00,60) [vmstat]
(root,0,0,00:00:00,72) [kthrotld]
(root,0,0,00:00:00,73) [ipv6_addrconf]
(root,0,0,00:00:00,109) [mpt_poll_0]
(root,0,0,00:00:00,110) [mpt/0]
(root,0,0,00:00:00,111) [ata_sff]
(root,0,0,00:00:00,147) [scsi_eh_0]
(root,0,0,00:00:00,148) [scsi_tmf_0]
(root,0,0,00:00:00,149) [bioset]
(root,0,0,00:00:00,150) [scsi_eh_1]
(root,0,0,00:00:00,152) [scsi_tmf_1]
(root,0,0,00:00:00,153) [scsi_eh_2]
(root,0,0,00:00:00,154) [scsi_tmf_2]
(root,0,0,00:00:00,171) [bioset]
(root,0,0,00:00:04,174) [kworker/5:1H]
(root,0,0,00:00:20,176) [kworker/1:1H]
(root,0,0,00:00:03,177) [kworker/4:1H]
(root,0,0,00:00:00,203) [kworker/u13:0]
(root,0,0,00:00:06,212) [kworker/2:1H]
(root,0,0,00:01:04,214) [jbd2/sda3-8]
(root,0,0,00:00:00,215) [ext4-rsv-conver]
(root,0,0,00:00:15,237) [kworker/3:1H]
(root,135004,11064,00:03:59,241) /usr/bin/vmtoolsd
(root,0,0,00:00:00,242) [kauditd]
(root,82900,23944,00:03:45,253) /lib/systemd/systemd-journald
(root,98996,1476,00:00:00,273) /sbin/lvmetad -f
(root,47416,5352,00:00:00,305) /lib/systemd/systemd-udevd
(root,0,0,00:00:00,308) [bioset]
(root,0,0,00:00:00,309) [bioset]
(root,0,0,00:00:00,310) [bioset]
(root,0,0,00:00:00,311) [bioset]
(root,0,0,00:00:00,312) [bioset]
(root,0,0,00:00:00,313) [bioset]
(root,0,0,00:00:00,314) [bioset]
(root,0,0,00:00:00,315) [bioset]
(root,0,0,00:00:00,316) [loop0]
(root,0,0,00:00:00,317) [loop1]
(root,0,0,00:00:00,318) [loop2]
(root,0,0,00:00:00,324) [loop4]
(root,0,0,00:00:00,325) [loop5]
(root,0,0,00:00:00,326) [loop6]
(root,0,0,00:00:00,329) [loop7]
(root,0,0,00:00:00,362) [ttm_swap]
(root,0,0,00:00:00,604) [jbd2/sda1-8]
(root,0,0,00:00:00,605) [ext4-rsv-conver]
(systemd+,127284,4100,00:00:00,621) /lib/systemd/systemd-timesyncd
(root,553760,5364,00:00:48,642) /usr/sbin/rsyslogd -n
(root,30876,2824,00:00:00,643) /usr/sbin/cron -f
(root,35912,3312,00:00:12,644) /usr/sbin/irqbalance --foreground
(root,153692,18336,00:00:00,645) /usr/bin/VGAuthService
(root,46520,4756,00:00:01,646) /lib/systemd/systemd-logind
(message+,45124,3864,00:00:01,647) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation
(root,1291600,30320,00:00:18,656) /usr/lib/snapd/snapd
(root,58340,4368,00:00:00,863) lldpd: monitor.
(root,15740,1640,00:00:00,865) /sbin/agetty --noclear tty1 linux
(_lldpd,58340,2908,00:00:02,911) lldpd: connected to SW_CORE_01.
(root,69956,6308,00:00:00,941) /usr/sbin/sshd -D
(root,0,0,00:00:00,951) [bioset]
(root,0,0,00:00:00,1050) [kworker/0:2]
(root,979984,10184,00:14:07,1063) /usr/sbin/collectd
(root,321460,49856,00:00:50,1100) /usr/bin/python3 /usr/bin/fail2ban-server -s /var/run/fail2ban/fail2ban.sock -p /var/run/fail2ban/fail2ban.pid -x -b
(root,536260,38156,00:00:12,1135) /usr/sbin/apache2 -k start
(root,56536,6004,00:00:00,1199) /lib/systemd/systemd --user
(root,84908,1868,00:00:00,1200) (sd-pam)
(root,0,0,00:00:00,1258) [kworker/5:1]
(root,82324,3784,00:00:10,1371) sendmail: MTA: accepting connections
(root,0,0,00:00:00,1789) [kworker/2:1]
(root,0,0,00:00:00,2072) [kworker/2:0]
(root,0,0,00:00:00,2301) [kworker/5:2]
(root,0,0,00:00:00,2337) [kworker/0:1]
(root,0,0,00:00:00,2346) [kworker/0:0]
(root,0,0,00:00:00,2407) [kworker/5:0]
(root,0,0,00:00:00,2468) [kworker/2:2]
(root,20896,3288,00:00:00,2469) /bin/bash /usr/bin/check_mk_agent
(root,36628,2792,00:00:00,2475) ps ax -o user,vsz,rss,cputime,pid,command --columns 10000
(root,13204,956,00:00:00,2476) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4,\5) /
(root,318164,12032,00:00:01,7053) /usr/lib/packagekit/packagekitd
(root,286116,6208,00:00:01,7057) /usr/lib/policykit-1/polkitd --no-debug
(freerad,1909628,25800,00:04:15,7832) /usr/sbin/freeradius
(root,0,0,00:00:01,8647) [kworker/u12:2]
(mysql,1463948,675156,00:21:23,8877) /usr/sbin/mysqld
(root,0,0,00:00:03,16376) [kworker/4:2]
(www-data,540388,28968,00:00:00,27190) /usr/sbin/apache2 -k start
(www-data,540152,28660,00:00:00,27191) /usr/sbin/apache2 -k start
(www-data,540776,28756,00:00:00,27192) /usr/sbin/apache2 -k start
(www-data,542268,39324,00:00:00,27194) /usr/sbin/apache2 -k start
(www-data,539788,28160,00:00:00,27444) /usr/sbin/apache2 -k start
(root,0,0,00:00:00,28054) [loop8]
(root,0,0,00:00:03,28077) [kworker/u12:1]
(www-data,540152,28680,00:00:00,29093) /usr/sbin/apache2 -k start
(www-data,542000,35064,00:00:00,29353) /usr/sbin/apache2 -k start
(www-data,539880,27600,00:00:00,29354) /usr/sbin/apache2 -k start
(www-data,542412,38168,00:00:00,29355) /usr/sbin/apache2 -k start
(root,99352,7036,00:00:00,29930) sshd: root@pts/2
(root,22532,5228,00:00:00,29936) -bash
(www-data,541904,38224,00:00:00,29971) /usr/sbin/apache2 -k start
(root,0,0,00:00:00,30759) [kworker/3:2]
(root,0,0,00:00:00,31569) [kworker/1:2]
(root,0,0,00:00:06,31855) [kworker/1:1]
(root,0,0,00:00:00,32671) [kworker/3:0]
(root,0,0,00:00:00,32673) [kworker/4:1]

Found on 2024-09-10 17:51

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbdb152c97192c0d284810ab27e16e94ce6b48fd11

Found public CheckMk agent:
Version: 1.2.6b5
AgentOS: linux
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local

Found process list through CheckMk:
(root,204652,6104,00:01:14,1) /sbin/init
(root,0,0,00:00:01,2) [kthreadd]
(root,0,0,00:00:00,4) [kworker/0:0H]
(root,0,0,00:03:52,6) [kworker/0:1H]
(root,0,0,00:00:11,7) [ksoftirqd/0]
(root,0,0,01:39:50,8) [rcu_sched]
(root,0,0,00:00:00,9) [rcu_bh]
(root,0,0,00:00:03,10) [migration/0]
(root,0,0,00:00:00,11) [lru-add-drain]
(root,0,0,00:00:20,12) [watchdog/0]
(root,0,0,00:00:00,13) [cpuhp/0]
(root,0,0,00:00:00,14) [cpuhp/1]
(root,0,0,00:00:18,15) [watchdog/1]
(root,0,0,00:00:03,16) [migration/1]
(root,0,0,00:00:06,17) [ksoftirqd/1]
(root,0,0,00:00:00,19) [kworker/1:0H]
(root,0,0,00:00:00,20) [cpuhp/2]
(root,0,0,00:00:18,21) [watchdog/2]
(root,0,0,00:00:03,22) [migration/2]
(root,0,0,00:02:17,23) [ksoftirqd/2]
(root,0,0,00:00:00,25) [kworker/2:0H]
(root,0,0,00:00:00,26) [cpuhp/3]
(root,0,0,00:00:17,27) [watchdog/3]
(root,0,0,00:00:03,28) [migration/3]
(root,0,0,00:00:13,29) [ksoftirqd/3]
(root,0,0,00:00:00,31) [kworker/3:0H]
(root,0,0,00:00:00,32) [kdevtmpfs]
(root,0,0,00:00:00,33) [netns]
(root,0,0,00:00:05,34) [khungtaskd]
(root,0,0,00:00:00,35) [oom_reaper]
(root,0,0,00:00:00,36) [writeback]
(root,0,0,00:00:00,37) [kcompactd0]
(root,0,0,00:00:00,39) [ksmd]
(root,0,0,00:00:00,40) [khugepaged]
(root,0,0,00:00:00,41) [crypto]
(root,0,0,00:00:00,42) [kintegrityd]
(root,0,0,00:00:00,43) [bioset]
(root,0,0,00:00:00,44) [kblockd]
(root,0,0,00:00:00,45) [devfreq_wq]
(root,0,0,00:00:00,46) [watchdogd]
(root,0,0,00:00:21,47) [kswapd0]
(root,0,0,00:00:00,48) [vmstat]
(root,0,0,00:00:00,60) [kthrotld]
(root,0,0,00:00:00,61) [ipv6_addrconf]
(root,0,0,00:00:00,102) [mpt_poll_0]
(root,0,0,00:00:00,106) [mpt/0]
(root,0,0,00:00:00,112) [ata_sff]
(root,0,0,00:00:00,131) [scsi_eh_0]
(root,0,0,00:00:00,132) [scsi_tmf_0]
(root,0,0,00:00:00,133) [bioset]
(root,0,0,00:00:00,134) [scsi_eh_1]
(root,0,0,00:00:00,136) [scsi_tmf_1]
(root,0,0,00:00:00,137) [scsi_eh_2]
(root,0,0,00:00:00,138) [scsi_tmf_2]
(root,0,0,00:00:00,155) [bioset]
(root,0,0,00:10:17,158) [kworker/3:1H]
(root,0,0,00:08:04,161) [kworker/2:1H]
(root,0,0,00:04:35,163) [kworker/1:1H]
(root,0,0,00:00:00,187) [kworker/u9:0]
(root,0,0,00:29:13,197) [jbd2/sda3-8]
(root,0,0,00:00:00,198) [ext4-rsv-conver]
(root,208736,8232,01:46:41,220) /usr/bin/vmtoolsd
(root,0,0,00:00:00,221) [kauditd]
(root,59356,7020,04:41:15,231) /lib/systemd/systemd-journald
(root,98996,1316,00:00:00,258) /sbin/lvmetad -f
(root,47284,2316,00:00:12,265) /lib/systemd/systemd-udevd
(root,0,0,00:00:00,296) [ttm_swap]
(root,0,0,00:00:00,394) [jbd2/sda1-8]
(root,0,0,00:00:00,395) [ext4-rsv-conver]
(systemd+,127284,3784,00:00:14,413) /lib/systemd/systemd-timesyncd
(message+,45124,3448,00:00:10,429) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation
(root,30876,2748,00:00:20,432) /usr/sbin/cron -f
(root,35908,3040,00:05:08,435) /usr/sbin/irqbalance --foreground
(root,153692,10300,00:00:00,436) /usr/bin/VGAuthService
(root,46532,4328,00:00:17,437) /lib/systemd/systemd-logind
(Debian-+,71412,18852,10:24:28,593) /usr/sbin/snmpd -Lsd -Lf /dev/null -u Debian-snmp -g Debian-snmp -I -smux mteTrigger mteTriggerConf -f
(root,58340,3520,00:00:04,596) lldpd: monitor.
(root,15740,1544,00:00:00,599) /sbin/agetty --noclear tty1 linux
(root,69956,6052,00:00:18,626) /usr/sbin/sshd -D
(_lldpd,58340,2216,00:01:06,678) lldpd: connected to sw-core-01.
(root,371776,102900,10:25:47,782) /usr/bin/python3 /usr/bin/fail2ban-server -s /var/run/fail2ban/fail2ban.sock -p /var/run/fail2ban/fail2ban.pid -x -b
(root,979984,8088,04:25:47,789) /usr/sbin/collectd
(root,529412,37104,00:05:56,813) /usr/sbin/apache2 -k start
(root,318164,10336,00:00:42,1360) /usr/lib/packagekit/packagekitd
(root,286116,5916,00:00:03,1373) /usr/lib/policykit-1/polkitd --no-debug
(freerad,2288376,42884,02:06:00,1655) /usr/sbin/freeradius
(root,82324,3656,00:04:23,2943) sendmail: MTA: accepting connections
(www-data,612304,40484,00:00:01,4606) /usr/sbin/apache2 -k start
(www-data,612300,40744,00:00:01,4607) /usr/sbin/apache2 -k start
(www-data,610216,35956,00:00:01,4608) /usr/sbin/apache2 -k start
(www-data,607352,34992,00:00:01,4610) /usr/sbin/apache2 -k start
(www-data,610212,36260,00:00:01,4611) /usr/sbin/apache2 -k start
(www-data,612352,38740,00:00:01,5118) /usr/sbin/apache2 -k start
(root,54072,8392,00:00:00,6091) mc
(root,21164,3868,00:00:00,6093) bash -rcfile .bashrc
(root,99352,6924,00:00:12,6100) sshd: root@pts/13
(root,22436,5040,00:00:00,6106) -bash
(root,54520,8564,00:00:03,6112) mc
(root,21184,3972,00:00:00,6114) bash -rcfile .bashrc
(mysql,1540476,701396,04:27:25,6380) /usr/sbin/mysqld
(root,0,0,00:00:19,6974) [kworker/0:0]
(www-data,610212,35984,00:00:01,8150) /usr/sbin/apache2 -k start
(www-data,612268,40536,00:00:00,9947) /usr/sbin/apache2 -k start
(www-data,612328,38824,00:00:00,9948) /usr/sbin/apache2 -k start
(www-data,607332,33396,00:00:00,9949) /usr/sbin/apache2 -k start
(root,99352,6980,00:00:17,10061) sshd: root@pts/0
(root,56400,5576,00:00:00,10063) /lib/systemd/systemd --user
(root,232280,1476,00:00:00,10064) (sd-pam)
(root,22436,5136,00:00:00,10070) -bash
(root,549672,4624,00:02:24,10987) /usr/sbin/rsyslogd -n
(root,0,0,00:00:00,13039) [kworker/2:2]
(root,0,0,00:00:01,13362) [kworker/2:0]
(root,0,0,00:00:00,16954) [kworker/3:1]
(root,0,0,00:00:00,17419) [kworker/3:2]
(root,0,0,00:00:00,17435) [kworker/1:2]
(root,0,0,00:00:00,17496) [kworker/1:1]
(root,0,0,00:00:00,17517) [kworker/1:0]
(root,0,0,00:00:00,17575) [kworker/3:0]
(root,20896,3288,00:00:00,17633) /bin/bash /usr/bin/check_mk_agent
(root,36628,2848,00:00:00,17639) ps ax -o user,vsz,rss,cputime,pid,command --columns 10000
(root,13204,956,00:00:00,17640) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4,\5) /
(root,0,0,00:00:00,23778) [kworker/u8:2]
(root,0,0,00:02:52,24923) [kworker/u8:1]
(root,0,0,00:00:13,31067) [kworker/0:1]

Found on 2023-03-02 23:27

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbdb152c97192c0d284810ab27e16e94cefbca5f39

Found public CheckMk agent:
Version: 1.2.6b5
AgentOS: linux
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local

Found process list through CheckMk:
(root,204696,6396,00:01:01,1) /sbin/init
(root,0,0,00:00:01,2) [kthreadd]
(root,0,0,00:00:00,4) [kworker/0:0H]
(root,0,0,00:03:09,6) [kworker/0:1H]
(root,0,0,00:00:09,7) [ksoftirqd/0]
(root,0,0,01:20:56,8) [rcu_sched]
(root,0,0,00:00:00,9) [rcu_bh]
(root,0,0,00:00:02,10) [migration/0]
(root,0,0,00:00:00,11) [lru-add-drain]
(root,0,0,00:00:17,12) [watchdog/0]
(root,0,0,00:00:00,13) [cpuhp/0]
(root,0,0,00:00:00,14) [cpuhp/1]
(root,0,0,00:00:14,15) [watchdog/1]
(root,0,0,00:00:02,16) [migration/1]
(root,0,0,00:00:05,17) [ksoftirqd/1]
(root,0,0,00:00:00,19) [kworker/1:0H]
(root,0,0,00:00:00,20) [cpuhp/2]
(root,0,0,00:00:14,21) [watchdog/2]
(root,0,0,00:00:02,22) [migration/2]
(root,0,0,00:01:47,23) [ksoftirqd/2]
(root,0,0,00:00:00,25) [kworker/2:0H]
(root,0,0,00:00:00,26) [cpuhp/3]
(root,0,0,00:00:14,27) [watchdog/3]
(root,0,0,00:00:02,28) [migration/3]
(root,0,0,00:00:11,29) [ksoftirqd/3]
(root,0,0,00:00:00,31) [kworker/3:0H]
(root,0,0,00:00:00,32) [kdevtmpfs]
(root,0,0,00:00:00,33) [netns]
(root,0,0,00:00:04,34) [khungtaskd]
(root,0,0,00:00:00,35) [oom_reaper]
(root,0,0,00:00:00,36) [writeback]
(root,0,0,00:00:00,37) [kcompactd0]
(root,0,0,00:00:00,39) [ksmd]
(root,0,0,00:00:00,40) [khugepaged]
(root,0,0,00:00:00,41) [crypto]
(root,0,0,00:00:00,42) [kintegrityd]
(root,0,0,00:00:00,43) [bioset]
(root,0,0,00:00:00,44) [kblockd]
(root,0,0,00:00:00,45) [devfreq_wq]
(root,0,0,00:00:00,46) [watchdogd]
(root,0,0,00:00:17,47) [kswapd0]
(root,0,0,00:00:00,48) [vmstat]
(root,0,0,00:00:00,60) [kthrotld]
(root,0,0,00:00:00,61) [ipv6_addrconf]
(root,0,0,00:00:00,102) [mpt_poll_0]
(root,0,0,00:00:00,106) [mpt/0]
(root,0,0,00:00:00,112) [ata_sff]
(root,0,0,00:00:00,131) [scsi_eh_0]
(root,0,0,00:00:00,132) [scsi_tmf_0]
(root,0,0,00:00:00,133) [bioset]
(root,0,0,00:00:00,134) [scsi_eh_1]
(root,0,0,00:00:00,136) [scsi_tmf_1]
(root,0,0,00:00:00,137) [scsi_eh_2]
(root,0,0,00:00:00,138) [scsi_tmf_2]
(root,0,0,00:00:00,155) [bioset]
(root,0,0,00:08:33,158) [kworker/3:1H]
(root,0,0,00:06:27,161) [kworker/2:1H]
(root,0,0,00:03:45,163) [kworker/1:1H]
(root,0,0,00:00:00,187) [kworker/u9:0]
(root,0,0,00:24:07,197) [jbd2/sda3-8]
(root,0,0,00:00:00,198) [ext4-rsv-conver]
(root,208736,8252,01:27:35,220) /usr/bin/vmtoolsd
(root,0,0,00:00:00,221) [kauditd]
(root,59356,7384,04:36:26,231) /lib/systemd/systemd-journald
(root,98996,1316,00:00:00,258) /sbin/lvmetad -f
(root,47284,2396,00:00:10,265) /lib/systemd/systemd-udevd
(root,0,0,00:00:00,296) [ttm_swap]
(root,0,0,00:00:00,394) [jbd2/sda1-8]
(root,0,0,00:00:00,395) [ext4-rsv-conver]
(systemd+,127284,3796,00:00:12,413) /lib/systemd/systemd-timesyncd
(message+,45124,3556,00:00:08,429) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation
(root,30876,2848,00:00:16,432) /usr/sbin/cron -f
(root,35908,3264,00:04:13,435) /usr/sbin/irqbalance --foreground
(root,153692,12884,00:00:00,436) /usr/bin/VGAuthService
(root,46532,4664,00:00:14,437) /lib/systemd/systemd-logind
(Debian-+,69368,18980,10:08:49,593) /usr/sbin/snmpd -Lsd -Lf /dev/null -u Debian-snmp -g Debian-snmp -I -smux mteTrigger mteTriggerConf -f
(root,58340,3568,00:00:03,596) lldpd: monitor.
(root,15740,1544,00:00:00,599) /sbin/agetty --noclear tty1 linux
(root,69956,6248,00:00:15,626) /usr/sbin/sshd -D
(_lldpd,58340,2284,00:00:54,678) lldpd: connected to sw-core-01.
(root,368192,99172,08:22:32,782) /usr/bin/python3 /usr/bin/fail2ban-server -s /var/run/fail2ban/fail2ban.sock -p /var/run/fail2ban/fail2ban.pid -x -b
(root,979984,8112,03:38:18,789) /usr/sbin/collectd
(root,529348,37192,00:04:51,813) /usr/sbin/apache2 -k start
(root,0,0,00:00:00,926) [kworker/u8:0]
(root,318164,10440,00:00:34,1360) /usr/lib/packagekit/packagekitd
(root,286116,6016,00:00:02,1373) /usr/lib/policykit-1/polkitd --no-debug
(root,0,0,00:00:02,1608) [kworker/3:0]
(freerad,2288376,39324,01:43:11,1655) /usr/sbin/freeradius
(root,82324,3656,00:03:35,2943) sendmail: MTA: accepting connections
(www-data,612236,42000,00:00:02,3142) /usr/sbin/apache2 -k start
(www-data,612216,40632,00:00:01,3144) /usr/sbin/apache2 -k start
(www-data,612232,42004,00:00:01,3145) /usr/sbin/apache2 -k start
(www-data,612292,41832,00:00:02,3981) /usr/sbin/apache2 -k start
(mysql,1600124,709400,21:48:43,4197) /usr/sbin/mysqld
(www-data,612232,41672,00:00:01,4941) /usr/sbin/apache2 -k start
(root,99660,7384,00:00:05,5445) sshd: root@pts/2
(root,99352,6888,00:00:00,5447) sshd: root@notty
(root,22496,5248,00:00:00,5453) -bash
(root,12684,1784,00:00:00,5467) /usr/lib/openssh/sftp-server
(www-data,612276,41836,00:00:02,5969) /usr/sbin/apache2 -k start
(www-data,612284,41408,00:00:01,5970) /usr/sbin/apache2 -k start
(www-data,612292,41164,00:00:01,5972) /usr/sbin/apache2 -k start
(www-data,612304,41912,00:00:03,5973) /usr/sbin/apache2 -k start
(root,99352,6724,00:00:00,6051) sshd: mar [priv]
(mar,64832,5904,00:00:00,6058) /lib/systemd/systemd --user
(mar,232280,1332,00:00:00,6059) (sd-pam)
(mar,99500,4384,00:00:00,6065) sshd: mar@notty
(mar,12568,3248,00:00:00,6066) bash
(mar,4276,736,00:00:00,6112) sh /home/mar/.vscode-server/bin/97dec172d3256f8ca4bfb2143f3f76b503ca0534/bin/code-server --start-server --host=127.0.0.1 --accept-server-license-terms --enable-remote-auto-shutdown --port=0 --telemetry-level all --connection-token-file /home/mar/.vscode-server/.97dec172d3256f8ca4bfb2143f3f76b503ca0534.token
(mar,955156,74004,00:00:21,6122) /home/mar/.vscode-server/bin/97dec172d3256f8ca4bfb2143f3f76b503ca0534/node /home/mar/.vscode-server/bin/97dec172d3256f8ca4bfb2143f3f76b503ca0534/out/server-main.js --start-server --host=127.0.0.1 --accept-server-license-terms --enable-remote-auto-shutdown --port=0 --telemetry-level all --connection-token-file /home/mar/.vscode-server/.97dec172d3256f8ca4bfb2143f3f76b503ca0534.token
(mar,724920,49892,00:00:49,6394) /home/mar/.vscode-server/bin/97dec172d3256f8ca4bfb2143f3f76b503ca0534/node /home/mar/.vscode-server/bin/97dec172d3256f8ca4bfb2143f3f76b503ca0534/out/bootstrap-fork --type=ptyHost --logsPath /home/mar/.vscode-server/data/logs/20230208T093234
(root,99352,6960,00:00:00,6449) sshd: mar [priv]
(mar,99552,4548,00:00:03,6455) sshd: mar@notty
(mar,12588,3328,00:00:00,6456) bash
(mar,914684,91300,00:00:45,6508) /home/mar/.vscode-server/bin/97dec172d3256f8ca4bfb2143f3f76b503ca0534/node /home/mar/.vscode-server/bin/97dec172d3256f8ca4bfb2143f3f76b503ca0534/out/bootstrap-fork --type=extensionHost --transformURIs --useHostProxy=false
(mar,846600,42372,00:00:04,6519) /home/mar/.vscode-server/bin/97dec172d3256f8ca4bfb2143f3f76b503ca0534/node /home/mar/.vscode-server/bin/97dec172d3256f8ca4bfb2143f3f76b503ca0534/out/bootstrap-fork --type=fileWatcher
(mar,22536,5276,00:00:00,6559) /bin/bash --init-file /home/mar/.vscode-server/bin/97dec172d3256f8ca4bfb2143f3f76b503ca0534/out/vs/workbench/contrib/terminal/browser/media/shellIntegration-bash.sh
(www-data,530316,22332,00:00:00,9876) /usr/sbin/apache2 -k start
(root,99352,6984,00:00:17,10061) sshd: root@pts/0
(root,56400,5932,00:00:00,10063) /lib/systemd/systemd --user
(root,232280,1532,00:00:00,10064) (sd-pam)
(root,22436,5136,00:00:00,10070) -bash
(root,54208,8540,00:00:01,10091) mc
(root,21172,3960,00:00:00,10093) bash -rcfile .bashrc
(root,549548,4532,00:00:59,10987) /usr/sbin/rsyslogd -n
(root,0,0,00:01:17,14585) [kworker/u8:1]
(root,0,0,00:00:00,19570) [kworker/2:0]
(root,0,0,00:00:00,20417) [kworker/2:1]
(root,0,0,00:00:00,21206) [kworker/3:1]
(root,0,0,00:00:00,21559) [kworker/0:0]
(root,0,0,00:00:00,22016) [kworker/0:2]
(root,0,0,00:00:00,22073) [kworker/1:2]
(root,0,0,00:00:00,22253) [kworker/1:1]
(root,0,0,00:00:00,22424) [kworker/2:2]
(mar,7044,652,00:00:00,22468) sleep 180
(root,0,0,00:00:00,22469) [kworker/1:0]
(mar,7044,648,00:00:00,22477) sleep 180
(root,0,0,00:00:00,22591) [kworker/0:1]
(root,20896,3288,00:00:00,22592) /bin/bash /usr/bin/check_mk_agent
(root,36628,2792,00:00:00,22598) ps ax -o user,vsz,rss,cputime,pid,command --columns 10000
(root,13204,984,00:00:00,22599) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4,\5) /

Found on 2023-02-09 01:42

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbdb152c97192c0d284810ab27e16e94cecc14d9ab

Found public CheckMk agent:
Version: 1.2.6b5
AgentOS: linux
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local

Found process list through CheckMk:
(root,204696,6408,00:00:58,1) /sbin/init
(root,0,0,00:00:01,2) [kthreadd]
(root,0,0,00:00:00,4) [kworker/0:0H]
(root,0,0,00:03:03,6) [kworker/0:1H]
(root,0,0,00:00:09,7) [ksoftirqd/0]
(root,0,0,01:16:58,8) [rcu_sched]
(root,0,0,00:00:00,9) [rcu_bh]
(root,0,0,00:00:02,10) [migration/0]
(root,0,0,00:00:00,11) [lru-add-drain]
(root,0,0,00:00:16,12) [watchdog/0]
(root,0,0,00:00:00,13) [cpuhp/0]
(root,0,0,00:00:00,14) [cpuhp/1]
(root,0,0,00:00:14,15) [watchdog/1]
(root,0,0,00:00:02,16) [migration/1]
(root,0,0,00:00:05,17) [ksoftirqd/1]
(root,0,0,00:00:00,19) [kworker/1:0H]
(root,0,0,00:00:00,20) [cpuhp/2]
(root,0,0,00:00:14,21) [watchdog/2]
(root,0,0,00:00:02,22) [migration/2]
(root,0,0,00:01:41,23) [ksoftirqd/2]
(root,0,0,00:00:00,25) [kworker/2:0H]
(root,0,0,00:00:00,26) [cpuhp/3]
(root,0,0,00:00:13,27) [watchdog/3]
(root,0,0,00:00:02,28) [migration/3]
(root,0,0,00:00:10,29) [ksoftirqd/3]
(root,0,0,00:00:00,31) [kworker/3:0H]
(root,0,0,00:00:00,32) [kdevtmpfs]
(root,0,0,00:00:00,33) [netns]
(root,0,0,00:00:04,34) [khungtaskd]
(root,0,0,00:00:00,35) [oom_reaper]
(root,0,0,00:00:00,36) [writeback]
(root,0,0,00:00:00,37) [kcompactd0]
(root,0,0,00:00:00,39) [ksmd]
(root,0,0,00:00:00,40) [khugepaged]
(root,0,0,00:00:00,41) [crypto]
(root,0,0,00:00:00,42) [kintegrityd]
(root,0,0,00:00:00,43) [bioset]
(root,0,0,00:00:00,44) [kblockd]
(root,0,0,00:00:00,45) [devfreq_wq]
(root,0,0,00:00:00,46) [watchdogd]
(root,0,0,00:00:16,47) [kswapd0]
(root,0,0,00:00:00,48) [vmstat]
(root,0,0,00:00:00,60) [kthrotld]
(root,0,0,00:00:00,61) [ipv6_addrconf]
(root,0,0,00:00:00,102) [mpt_poll_0]
(root,0,0,00:00:00,106) [mpt/0]
(root,0,0,00:00:00,112) [ata_sff]
(root,0,0,00:00:00,131) [scsi_eh_0]
(root,0,0,00:00:00,132) [scsi_tmf_0]
(root,0,0,00:00:00,133) [bioset]
(root,0,0,00:00:00,134) [scsi_eh_1]
(root,0,0,00:00:00,136) [scsi_tmf_1]
(root,0,0,00:00:00,137) [scsi_eh_2]
(root,0,0,00:00:00,138) [scsi_tmf_2]
(root,0,0,00:00:00,155) [bioset]
(root,0,0,00:08:13,158) [kworker/3:1H]
(root,0,0,00:06:09,161) [kworker/2:1H]
(root,0,0,00:03:37,163) [kworker/1:1H]
(root,0,0,00:00:00,187) [kworker/u9:0]
(root,0,0,00:23:17,197) [jbd2/sda3-8]
(root,0,0,00:00:00,198) [ext4-rsv-conver]
(root,208736,8264,01:23:38,220) /usr/bin/vmtoolsd
(root,0,0,00:00:00,221) [kauditd]
(root,64424,8084,04:35:29,231) /lib/systemd/systemd-journald
(root,98996,1316,00:00:00,258) /sbin/lvmetad -f
(root,47284,2396,00:00:09,265) /lib/systemd/systemd-udevd
(root,0,0,00:00:00,296) [ttm_swap]
(root,0,0,00:00:00,394) [jbd2/sda1-8]
(root,0,0,00:00:00,395) [ext4-rsv-conver]
(systemd+,127284,4152,00:00:11,413) /lib/systemd/systemd-timesyncd
(message+,45124,3800,00:00:08,429) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation
(root,30876,2848,00:00:15,432) /usr/sbin/cron -f
(root,35908,3264,00:04:01,435) /usr/sbin/irqbalance --foreground
(root,153692,12884,00:00:00,436) /usr/bin/VGAuthService
(root,46532,4664,00:00:14,437) /lib/systemd/systemd-logind
(Debian-+,68944,18556,10:05:47,593) /usr/sbin/snmpd -Lsd -Lf /dev/null -u Debian-snmp -g Debian-snmp -I -smux mteTrigger mteTriggerConf -f
(root,58340,3568,00:00:03,596) lldpd: monitor.
(root,15740,1544,00:00:00,599) /sbin/agetty --noclear tty1 linux
(root,69956,6248,00:00:14,626) /usr/sbin/sshd -D
(_lldpd,58340,2284,00:00:51,678) lldpd: connected to sw-core-01.
(root,366912,97904,07:53:10,782) /usr/bin/python3 /usr/bin/fail2ban-server -s /var/run/fail2ban/fail2ban.sock -p /var/run/fail2ban/fail2ban.pid -x -b
(root,979984,8112,03:28:24,789) /usr/sbin/collectd
(root,529336,37184,00:04:38,813) /usr/sbin/apache2 -k start
(root,318164,10440,00:00:33,1360) /usr/lib/packagekit/packagekitd
(root,286116,6016,00:00:02,1373) /usr/lib/policykit-1/polkitd --no-debug
(freerad,2288376,38752,01:38:26,1655) /usr/sbin/freeradius
(root,0,0,00:00:00,2131) [kworker/0:2]
(root,0,0,00:00:04,2631) [kworker/0:0]
(root,82324,3656,00:03:25,2943) sendmail: MTA: accepting connections
(root,0,0,00:00:00,3258) [kworker/3:2]
(root,0,0,00:00:00,3552) [kworker/3:0]
(root,0,0,00:00:00,3986) [kworker/1:2]
(root,0,0,00:00:00,4154) [kworker/2:1]
(mysql,1600124,699672,21:14:15,4197) /usr/sbin/mysqld
(root,0,0,00:00:00,4439) [kworker/2:2]
(root,0,0,00:00:00,4517) [kworker/1:0]
(root,0,0,00:00:00,4552) [kworker/1:1]
(root,0,0,00:00:00,4694) [kworker/0:1]
(root,20896,3400,00:00:00,4706) /bin/bash /usr/bin/check_mk_agent
(root,36628,2792,00:00:00,4712) ps ax -o user,vsz,rss,cputime,pid,command --columns 10000
(root,13204,900,00:00:00,4713) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4,\5) /
(root,99660,7384,00:00:04,5445) sshd: root@pts/2
(root,99352,6888,00:00:00,5447) sshd: root@notty
(root,22496,5248,00:00:00,5453) -bash
(root,12684,1784,00:00:00,5467) /usr/lib/openssh/sftp-server
(root,99352,6876,00:00:14,10061) sshd: root@pts/0
(root,56400,5932,00:00:00,10063) /lib/systemd/systemd --user
(root,232280,1544,00:00:00,10064) (sd-pam)
(root,22436,5136,00:00:00,10070) -bash
(root,54208,8540,00:00:01,10091) mc
(root,21168,3956,00:00:00,10093) bash -rcfile .bashrc
(root,549548,4632,00:00:42,10987) /usr/sbin/rsyslogd -n
(root,0,0,00:00:39,14585) [kworker/u8:1]
(root,0,0,00:00:38,14804) [kworker/u8:2]
(www-data,530036,20740,00:00:00,31500) /usr/sbin/apache2 -k start
(www-data,529776,11724,00:00:00,31501) /usr/sbin/apache2 -k start
(www-data,529776,11724,00:00:00,31539) /usr/sbin/apache2 -k start
(www-data,530040,20168,00:00:00,31540) /usr/sbin/apache2 -k start
(www-data,529776,11724,00:00:00,31541) /usr/sbin/apache2 -k start
(www-data,530052,21088,00:00:00,31593) /usr/sbin/apache2 -k start
(www-data,529776,11724,00:00:00,32359) /usr/sbin/apache2 -k start

Found on 2023-02-04 13:04

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbdb152c97192c0d284810ab27e16e94ce8019ccc2

Found public CheckMk agent:
Version: 1.2.6b5
AgentOS: linux
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local

Found process list through CheckMk:
(root,204696,6408,00:00:47,1) /sbin/init
(root,0,0,00:00:01,2) [kthreadd]
(root,0,0,00:00:00,4) [kworker/0:0H]
(root,0,0,00:02:30,6) [kworker/0:1H]
(root,0,0,00:00:08,7) [ksoftirqd/0]
(root,0,0,01:00:58,8) [rcu_sched]
(root,0,0,00:00:00,9) [rcu_bh]
(root,0,0,00:00:02,10) [migration/0]
(root,0,0,00:00:00,11) [lru-add-drain]
(root,0,0,00:00:13,12) [watchdog/0]
(root,0,0,00:00:00,13) [cpuhp/0]
(root,0,0,00:00:00,14) [cpuhp/1]
(root,0,0,00:00:11,15) [watchdog/1]
(root,0,0,00:00:02,16) [migration/1]
(root,0,0,00:00:04,17) [ksoftirqd/1]
(root,0,0,00:00:00,19) [kworker/1:0H]
(root,0,0,00:00:00,20) [cpuhp/2]
(root,0,0,00:00:11,21) [watchdog/2]
(root,0,0,00:00:02,22) [migration/2]
(root,0,0,00:01:17,23) [ksoftirqd/2]
(root,0,0,00:00:00,25) [kworker/2:0H]
(root,0,0,00:00:00,26) [cpuhp/3]
(root,0,0,00:00:11,27) [watchdog/3]
(root,0,0,00:00:02,28) [migration/3]
(root,0,0,00:00:08,29) [ksoftirqd/3]
(root,0,0,00:00:00,31) [kworker/3:0H]
(root,0,0,00:00:00,32) [kdevtmpfs]
(root,0,0,00:00:00,33) [netns]
(root,0,0,00:00:03,34) [khungtaskd]
(root,0,0,00:00:00,35) [oom_reaper]
(root,0,0,00:00:00,36) [writeback]
(root,0,0,00:00:00,37) [kcompactd0]
(root,0,0,00:00:00,39) [ksmd]
(root,0,0,00:00:00,40) [khugepaged]
(root,0,0,00:00:00,41) [crypto]
(root,0,0,00:00:00,42) [kintegrityd]
(root,0,0,00:00:00,43) [bioset]
(root,0,0,00:00:00,44) [kblockd]
(root,0,0,00:00:00,45) [devfreq_wq]
(root,0,0,00:00:00,46) [watchdogd]
(root,0,0,00:00:14,47) [kswapd0]
(root,0,0,00:00:00,48) [vmstat]
(root,0,0,00:00:00,60) [kthrotld]
(root,0,0,00:00:00,61) [ipv6_addrconf]
(root,0,0,00:00:00,102) [mpt_poll_0]
(root,0,0,00:00:00,106) [mpt/0]
(root,0,0,00:00:00,112) [ata_sff]
(root,0,0,00:00:00,131) [scsi_eh_0]
(root,0,0,00:00:00,132) [scsi_tmf_0]
(root,0,0,00:00:00,133) [bioset]
(root,0,0,00:00:00,134) [scsi_eh_1]
(root,0,0,00:00:00,136) [scsi_tmf_1]
(root,0,0,00:00:00,137) [scsi_eh_2]
(root,0,0,00:00:00,138) [scsi_tmf_2]
(root,0,0,00:00:00,155) [bioset]
(root,0,0,00:06:45,158) [kworker/3:1H]
(root,0,0,00:04:48,161) [kworker/2:1H]
(root,0,0,00:02:55,163) [kworker/1:1H]
(root,0,0,00:00:00,187) [kworker/u9:0]
(root,0,0,00:19:12,197) [jbd2/sda3-8]
(root,0,0,00:00:00,198) [ext4-rsv-conver]
(root,208736,8960,01:08:18,220) /usr/bin/vmtoolsd
(root,0,0,00:00:00,221) [kauditd]
(root,64424,10972,04:16:51,231) /lib/systemd/systemd-journald
(root,98996,1316,00:00:00,258) /sbin/lvmetad -f
(root,47284,3148,00:00:08,265) /lib/systemd/systemd-udevd
(root,0,0,00:00:00,296) [ttm_swap]
(root,0,0,00:00:00,394) [jbd2/sda1-8]
(root,0,0,00:00:00,395) [ext4-rsv-conver]
(systemd+,127284,4164,00:00:09,413) /lib/systemd/systemd-timesyncd
(message+,45124,3800,00:00:06,429) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation
(root,30876,2848,00:00:12,432) /usr/sbin/cron -f
(root,549672,10988,00:45:13,433) /usr/sbin/rsyslogd -n
(root,35908,3264,00:03:16,435) /usr/sbin/irqbalance --foreground
(root,153692,12884,00:00:00,436) /usr/bin/VGAuthService
(root,46532,4664,00:00:11,437) /lib/systemd/systemd-logind
(Debian-+,67352,17200,09:21:49,593) /usr/sbin/snmpd -Lsd -Lf /dev/null -u Debian-snmp -g Debian-snmp -I -smux mteTrigger mteTriggerConf -f
(root,58340,3768,00:00:03,596) lldpd: monitor.
(root,15740,1544,00:00:00,599) /sbin/agetty --noclear tty1 linux
(root,69956,6248,00:00:11,626) /usr/sbin/sshd -D
(_lldpd,58340,2356,00:00:42,678) lldpd: connected to sw-core-01.
(root,360512,89564,06:09:15,782) /usr/bin/python3 /usr/bin/fail2ban-server -s /var/run/fail2ban/fail2ban.sock -p /var/run/fail2ban/fail2ban.pid -x -b
(root,979984,8128,02:49:06,789) /usr/sbin/collectd
(root,529284,37136,00:03:46,813) /usr/sbin/apache2 -k start
(root,318164,10440,00:00:27,1360) /usr/lib/packagekit/packagekitd
(root,286116,6016,00:00:02,1373) /usr/lib/policykit-1/polkitd --no-debug
(freerad,2280180,35440,01:18:59,1655) /usr/sbin/freeradius
(root,82324,3656,00:02:47,2943) sendmail: MTA: accepting connections
(mysql,1583740,701496,17:47:20,4197) /usr/sbin/mysqld
(www-data,607228,34300,00:00:01,9478) /usr/sbin/apache2 -k start
(www-data,607228,34168,00:00:01,9479) /usr/sbin/apache2 -k start
(www-data,530128,23476,00:00:00,9480) /usr/sbin/apache2 -k start
(www-data,530400,24732,00:00:01,9481) /usr/sbin/apache2 -k start
(www-data,607280,34084,00:00:01,9495) /usr/sbin/apache2 -k start
(www-data,607224,33580,00:00:00,9538) /usr/sbin/apache2 -k start
(root,99352,6876,00:00:04,10061) sshd: root@pts/0
(root,56400,5932,00:00:00,10063) /lib/systemd/systemd --user
(root,232280,1544,00:00:00,10064) (sd-pam)
(root,22436,5136,00:00:00,10070) -bash
(root,54208,8476,00:00:00,10091) mc
(root,21168,3956,00:00:00,10093) bash -rcfile .bashrc
(root,0,0,00:00:00,10094) [kworker/u8:2]
(www-data,607224,33644,00:00:01,10706) /usr/sbin/apache2 -k start
(www-data,607224,33816,00:00:00,13645) /usr/sbin/apache2 -k start
(www-data,607224,34336,00:00:00,13646) /usr/sbin/apache2 -k start
(www-data,607208,33428,00:00:00,18614) /usr/sbin/apache2 -k start
(root,0,0,00:00:00,19496) [kworker/2:2]
(root,0,0,00:00:01,19630) [kworker/0:1]
(root,0,0,00:00:00,20070) [kworker/2:1]
(root,0,0,00:00:05,20708) [kworker/0:0]
(root,0,0,00:00:00,23579) [kworker/3:1]
(root,0,0,00:00:00,24136) [kworker/1:0]
(root,0,0,00:00:00,24384) [kworker/3:0]
(root,0,0,00:00:00,24385) [kworker/1:2]
(root,0,0,00:00:00,24475) [kworker/1:1]
(root,0,0,00:00:00,24610) [kworker/3:2]
(root,20896,3404,00:00:00,24611) /bin/bash /usr/bin/check_mk_agent
(root,36628,2868,00:00:00,24617) ps ax -o user,vsz,rss,cputime,pid,command --columns 10000
(root,13204,924,00:00:00,24618) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4,\5) /
(root,0,0,00:02:10,30415) [kworker/u8:1]

Found on 2023-01-17 21:49

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbdb152c97192c0d284810ab27e16e94ce234528c2

Found public CheckMk agent:
Version: 1.2.6b5
AgentOS: linux
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local

Found process list through CheckMk:
(root,204696,6416,00:00:37,1) /sbin/init
(root,0,0,00:00:00,2) [kthreadd]
(root,0,0,00:00:00,4) [kworker/0:0H]
(root,0,0,00:01:57,6) [kworker/0:1H]
(root,0,0,00:00:06,7) [ksoftirqd/0]
(root,0,0,00:47:35,8) [rcu_sched]
(root,0,0,00:00:00,9) [rcu_bh]
(root,0,0,00:00:01,10) [migration/0]
(root,0,0,00:00:00,11) [lru-add-drain]
(root,0,0,00:00:10,12) [watchdog/0]
(root,0,0,00:00:00,13) [cpuhp/0]
(root,0,0,00:00:00,14) [cpuhp/1]
(root,0,0,00:00:09,15) [watchdog/1]
(root,0,0,00:00:01,16) [migration/1]
(root,0,0,00:00:03,17) [ksoftirqd/1]
(root,0,0,00:00:00,19) [kworker/1:0H]
(root,0,0,00:00:00,20) [cpuhp/2]
(root,0,0,00:00:09,21) [watchdog/2]
(root,0,0,00:00:01,22) [migration/2]
(root,0,0,00:00:54,23) [ksoftirqd/2]
(root,0,0,00:00:00,25) [kworker/2:0H]
(root,0,0,00:00:00,26) [cpuhp/3]
(root,0,0,00:00:09,27) [watchdog/3]
(root,0,0,00:00:01,28) [migration/3]
(root,0,0,00:00:07,29) [ksoftirqd/3]
(root,0,0,00:00:00,31) [kworker/3:0H]
(root,0,0,00:00:00,32) [kdevtmpfs]
(root,0,0,00:00:00,33) [netns]
(root,0,0,00:00:02,34) [khungtaskd]
(root,0,0,00:00:00,35) [oom_reaper]
(root,0,0,00:00:00,36) [writeback]
(root,0,0,00:00:00,37) [kcompactd0]
(root,0,0,00:00:00,39) [ksmd]
(root,0,0,00:00:00,40) [khugepaged]
(root,0,0,00:00:00,41) [crypto]
(root,0,0,00:00:00,42) [kintegrityd]
(root,0,0,00:00:00,43) [bioset]
(root,0,0,00:00:00,44) [kblockd]
(root,0,0,00:00:00,45) [devfreq_wq]
(root,0,0,00:00:00,46) [watchdogd]
(root,0,0,00:00:11,47) [kswapd0]
(root,0,0,00:00:00,48) [vmstat]
(root,0,0,00:00:00,60) [kthrotld]
(root,0,0,00:00:00,61) [ipv6_addrconf]
(root,0,0,00:00:00,102) [mpt_poll_0]
(root,0,0,00:00:00,106) [mpt/0]
(root,0,0,00:00:00,112) [ata_sff]
(root,0,0,00:00:00,131) [scsi_eh_0]
(root,0,0,00:00:00,132) [scsi_tmf_0]
(root,0,0,00:00:00,133) [bioset]
(root,0,0,00:00:00,134) [scsi_eh_1]
(root,0,0,00:00:00,136) [scsi_tmf_1]
(root,0,0,00:00:00,137) [scsi_eh_2]
(root,0,0,00:00:00,138) [scsi_tmf_2]
(root,0,0,00:00:00,155) [bioset]
(root,0,0,00:05:17,158) [kworker/3:1H]
(root,0,0,00:03:32,161) [kworker/2:1H]
(root,0,0,00:02:20,163) [kworker/1:1H]
(root,0,0,00:00:00,187) [kworker/u9:0]
(root,0,0,00:15:14,197) [jbd2/sda3-8]
(root,0,0,00:00:00,198) [ext4-rsv-conver]
(root,208736,10052,00:54:20,220) /usr/bin/vmtoolsd
(root,0,0,00:00:00,221) [kauditd]
(root,64424,9684,04:12:01,231) /lib/systemd/systemd-journald
(root,98996,1320,00:00:00,258) /sbin/lvmetad -f
(root,47284,4168,00:00:06,265) /lib/systemd/systemd-udevd
(root,0,0,00:00:00,296) [ttm_swap]
(root,0,0,00:00:00,394) [jbd2/sda1-8]
(root,0,0,00:00:00,395) [ext4-rsv-conver]
(systemd+,127284,4168,00:00:07,413) /lib/systemd/systemd-timesyncd
(message+,45124,3816,00:00:05,429) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation
(root,30876,2848,00:00:10,432) /usr/sbin/cron -f
(root,549672,11148,00:43:53,433) /usr/sbin/rsyslogd -n
(root,35908,3268,00:02:35,435) /usr/sbin/irqbalance --foreground
(root,153692,15276,00:00:00,436) /usr/bin/VGAuthService
(root,46532,4680,00:00:09,437) /lib/systemd/systemd-logind
(Debian-+,65880,16460,09:07:59,593) /usr/sbin/snmpd -Lsd -Lf /dev/null -u Debian-snmp -g Debian-snmp -I -smux mteTrigger mteTriggerConf -f
(root,58340,4256,00:00:02,596) lldpd: monitor.
(root,15740,1548,00:00:00,599) /sbin/agetty --noclear tty1 linux
(root,69956,6248,00:00:09,626) /usr/sbin/sshd -D
(_lldpd,58340,2672,00:00:33,678) lldpd: connected to sw-core-01.
(root,355648,84176,04:57:40,782) /usr/bin/python3 /usr/bin/fail2ban-server -s /var/run/fail2ban/fail2ban.sock -p /var/run/fail2ban/fail2ban.pid -x -b
(root,979984,8556,02:14:39,789) /usr/sbin/collectd
(root,529240,36996,00:02:59,813) /usr/sbin/apache2 -k start
(root,318164,10504,00:00:21,1360) /usr/lib/packagekit/packagekitd
(root,286116,6024,00:00:01,1373) /usr/lib/policykit-1/polkitd --no-debug
(freerad,2288376,34596,01:01:42,1655) /usr/sbin/freeradius
(www-data,529680,11612,00:00:00,2182) /usr/sbin/apache2 -k start
(www-data,529680,11612,00:00:00,2183) /usr/sbin/apache2 -k start
(www-data,529680,11612,00:00:00,2184) /usr/sbin/apache2 -k start
(www-data,529680,11612,00:00:00,2185) /usr/sbin/apache2 -k start
(www-data,529680,11612,00:00:00,2186) /usr/sbin/apache2 -k start
(www-data,529680,11612,00:00:00,2247) /usr/sbin/apache2 -k start
(root,82324,3656,00:02:10,2943) sendmail: MTA: accepting connections
(mysql,1571452,701608,13:11:40,4197) /usr/sbin/mysqld
(root,0,0,00:00:06,6905) [kworker/0:0]
(root,0,0,00:00:00,7599) [kworker/3:1]
(root,0,0,00:00:02,10839) [kworker/0:1]
(root,0,0,00:00:00,11072) [kworker/3:2]
(root,0,0,00:00:00,11589) [kworker/2:0]
(root,0,0,00:00:00,11971) [kworker/2:2]
(root,0,0,00:00:00,12524) [kworker/1:2]
(root,0,0,00:00:00,12574) [kworker/1:0]
(root,0,0,00:00:00,12604) [kworker/1:1]
(root,0,0,00:00:00,12715) [kworker/2:1]
(root,0,0,00:00:00,12773) [kworker/0:2]
(root,20896,3284,00:00:00,12774) /bin/bash /usr/bin/check_mk_agent
(root,36628,2852,00:00:00,12780) ps ax -o user,vsz,rss,cputime,pid,command --columns 10000
(root,13204,968,00:00:00,12781) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4,\5) /
(root,0,0,00:00:55,27143) [kworker/u8:0]
(root,0,0,00:00:49,30415) [kworker/u8:1]

Found on 2023-01-01 18:31

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbdb152c97192c0d284810ab27e16e94ceda1dc8aa

Found public CheckMk agent:
Version: 1.2.6b5
AgentOS: linux
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local

Found process list through CheckMk:
(root,204696,6316,00:00:30,1) /sbin/init
(root,0,0,00:00:00,2) [kthreadd]
(root,0,0,00:00:00,4) [kworker/0:0H]
(root,0,0,00:01:35,6) [kworker/0:1H]
(root,0,0,00:00:05,7) [ksoftirqd/0]
(root,0,0,00:40:44,8) [rcu_sched]
(root,0,0,00:00:00,9) [rcu_bh]
(root,0,0,00:00:01,10) [migration/0]
(root,0,0,00:00:00,11) [lru-add-drain]
(root,0,0,00:00:08,12) [watchdog/0]
(root,0,0,00:00:00,13) [cpuhp/0]
(root,0,0,00:00:00,14) [cpuhp/1]
(root,0,0,00:00:07,15) [watchdog/1]
(root,0,0,00:00:01,16) [migration/1]
(root,0,0,00:00:03,17) [ksoftirqd/1]
(root,0,0,00:00:00,19) [kworker/1:0H]
(root,0,0,00:00:00,20) [cpuhp/2]
(root,0,0,00:00:07,21) [watchdog/2]
(root,0,0,00:00:01,22) [migration/2]
(root,0,0,00:00:45,23) [ksoftirqd/2]
(root,0,0,00:00:00,25) [kworker/2:0H]
(root,0,0,00:00:00,26) [cpuhp/3]
(root,0,0,00:00:07,27) [watchdog/3]
(root,0,0,00:00:01,28) [migration/3]
(root,0,0,00:00:05,29) [ksoftirqd/3]
(root,0,0,00:00:00,31) [kworker/3:0H]
(root,0,0,00:00:00,32) [kdevtmpfs]
(root,0,0,00:00:00,33) [netns]
(root,0,0,00:00:02,34) [khungtaskd]
(root,0,0,00:00:00,35) [oom_reaper]
(root,0,0,00:00:00,36) [writeback]
(root,0,0,00:00:00,37) [kcompactd0]
(root,0,0,00:00:00,39) [ksmd]
(root,0,0,00:00:00,40) [khugepaged]
(root,0,0,00:00:00,41) [crypto]
(root,0,0,00:00:00,42) [kintegrityd]
(root,0,0,00:00:00,43) [bioset]
(root,0,0,00:00:00,44) [kblockd]
(root,0,0,00:00:00,45) [devfreq_wq]
(root,0,0,00:00:00,46) [watchdogd]
(root,0,0,00:00:09,47) [kswapd0]
(root,0,0,00:00:00,48) [vmstat]
(root,0,0,00:00:00,60) [kthrotld]
(root,0,0,00:00:00,61) [ipv6_addrconf]
(root,0,0,00:00:00,102) [mpt_poll_0]
(root,0,0,00:00:00,106) [mpt/0]
(root,0,0,00:00:00,112) [ata_sff]
(root,0,0,00:00:00,131) [scsi_eh_0]
(root,0,0,00:00:00,132) [scsi_tmf_0]
(root,0,0,00:00:00,133) [bioset]
(root,0,0,00:00:00,134) [scsi_eh_1]
(root,0,0,00:00:00,136) [scsi_tmf_1]
(root,0,0,00:00:00,137) [scsi_eh_2]
(root,0,0,00:00:00,138) [scsi_tmf_2]
(root,0,0,00:00:00,155) [bioset]
(root,0,0,00:04:09,158) [kworker/3:1H]
(root,0,0,00:02:51,161) [kworker/2:1H]
(root,0,0,00:01:55,163) [kworker/1:1H]
(root,0,0,00:00:00,187) [kworker/u9:0]
(root,0,0,00:12:23,197) [jbd2/sda3-8]
(root,0,0,00:00:00,198) [ext4-rsv-conver]
(root,208736,10052,00:44:12,220) /usr/bin/vmtoolsd
(root,0,0,00:00:00,221) [kauditd]
(root,59356,6068,04:03:37,231) /lib/systemd/systemd-journald
(root,98996,1320,00:00:00,258) /sbin/lvmetad -f
(root,47284,4196,00:00:05,265) /lib/systemd/systemd-udevd
(root,0,0,00:00:00,296) [ttm_swap]
(root,0,0,00:00:00,394) [jbd2/sda1-8]
(root,0,0,00:00:00,395) [ext4-rsv-conver]
(systemd+,127284,4168,00:00:06,413) /lib/systemd/systemd-timesyncd
(message+,45124,3812,00:00:04,429) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation
(root,30876,2848,00:00:08,432) /usr/sbin/cron -f
(root,549672,11096,00:42:07,433) /usr/sbin/rsyslogd -n
(root,35908,3268,00:02:05,435) /usr/sbin/irqbalance --foreground
(root,153692,15276,00:00:00,436) /usr/bin/VGAuthService
(root,46532,4664,00:00:07,437) /lib/systemd/systemd-logind
(Debian-+,64788,15372,08:47:33,593) /usr/sbin/snmpd -Lsd -Lf /dev/null -u Debian-snmp -g Debian-snmp -I -smux mteTrigger mteTriggerConf -f
(root,58340,4256,00:00:01,596) lldpd: monitor.
(root,15740,1548,00:00:00,599) /sbin/agetty --noclear tty1 linux
(root,69956,6248,00:00:07,626) /usr/sbin/sshd -D
(_lldpd,58340,2672,00:00:26,678) lldpd: connected to sw-core-01.
(root,353856,82436,03:55:30,782) /usr/bin/python3 /usr/bin/fail2ban-server -s /var/run/fail2ban/fail2ban.sock -p /var/run/fail2ban/fail2ban.pid -x -b
(root,979984,8552,01:50:08,789) /usr/sbin/collectd
(root,529192,37136,00:02:24,813) /usr/sbin/apache2 -k start
(root,318164,10504,00:00:17,1360) /usr/lib/packagekit/packagekitd
(root,286116,6024,00:00:01,1373) /usr/lib/policykit-1/polkitd --no-debug
(freerad,2271984,34104,00:49:27,1655) /usr/sbin/freeradius
(root,82324,3656,00:01:45,2943) sendmail: MTA: accepting connections
(mysql,1571452,702052,10:35:32,4197) /usr/sbin/mysqld
(root,99352,6972,00:01:54,10994) sshd: root@pts/0
(root,56400,5760,00:00:00,11117) /lib/systemd/systemd --user
(root,84564,1244,00:00:00,11118) (sd-pam)
(root,22436,4932,00:00:00,11124) -bash
(root,0,0,00:00:00,12642) [kworker/3:0]
(root,0,0,00:00:00,13046) [kworker/2:1]
(root,0,0,00:00:00,13399) [kworker/2:2]
(root,0,0,00:00:00,13783) [kworker/3:1]
(root,0,0,00:00:00,14048) [kworker/0:2]
(root,0,0,00:00:00,14585) [kworker/0:1]
(root,0,0,00:00:00,14676) [kworker/1:1]
(root,0,0,00:00:00,14782) [kworker/1:0]
(root,0,0,00:00:00,14858) [kworker/3:2]
(root,0,0,00:00:00,15026) [kworker/0:0]
(root,0,0,00:00:00,15027) [kworker/1:2]
(root,0,0,00:00:00,15159) [kworker/2:0]
(root,20896,3404,00:00:00,15160) /bin/bash /usr/bin/check_mk_agent
(root,36628,2744,00:00:00,15166) ps ax -o user,vsz,rss,cputime,pid,command --columns 10000
(root,13204,924,00:00:00,15167) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4,\5) /
(root,54212,7560,00:00:18,22373) mc
(root,21248,3880,00:00:00,22375) bash -rcfile .bashrc
(www-data,612092,41220,00:00:02,23220) /usr/sbin/apache2 -k start
(www-data,612144,40424,00:00:02,23221) /usr/sbin/apache2 -k start
(www-data,612092,41276,00:00:03,23222) /usr/sbin/apache2 -k start
(www-data,612076,39988,00:00:02,23223) /usr/sbin/apache2 -k start
(www-data,610000,36704,00:00:03,23224) /usr/sbin/apache2 -k start
(www-data,612104,41232,00:00:02,23743) /usr/sbin/apache2 -k start
(www-data,612092,40752,00:00:02,24457) /usr/sbin/apache2 -k start
(www-data,612088,41060,00:00:01,26888) /usr/sbin/apache2 -k start
(www-data,612072,40800,00:00:01,26890) /usr/sbin/apache2 -k start
(www-data,612148,41520,00:00:01,26891) /usr/sbin/apache2 -k start
(root,0,0,00:00:07,27143) [kworker/u8:0]
(root,0,0,00:01:06,27746) [kworker/u8:2]

Found on 2022-12-21 05:10

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbdb152c97192c0d284810ab27e16e94cee82d9962

Found public CheckMk agent:
Version: 1.2.6b5
AgentOS: linux
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local

Found process list through CheckMk:
(root,204696,6424,00:00:25,1) /sbin/init
(root,0,0,00:00:00,2) [kthreadd]
(root,0,0,00:00:00,4) [kworker/0:0H]
(root,0,0,00:01:14,6) [kworker/0:1H]
(root,0,0,00:00:04,7) [ksoftirqd/0]
(root,0,0,00:34:42,8) [rcu_sched]
(root,0,0,00:00:00,9) [rcu_bh]
(root,0,0,00:00:01,10) [migration/0]
(root,0,0,00:00:00,11) [lru-add-drain]
(root,0,0,00:00:06,12) [watchdog/0]
(root,0,0,00:00:00,13) [cpuhp/0]
(root,0,0,00:00:00,14) [cpuhp/1]
(root,0,0,00:00:06,15) [watchdog/1]
(root,0,0,00:00:01,16) [migration/1]
(root,0,0,00:00:03,17) [ksoftirqd/1]
(root,0,0,00:00:00,19) [kworker/1:0H]
(root,0,0,00:00:00,20) [cpuhp/2]
(root,0,0,00:00:06,21) [watchdog/2]
(root,0,0,00:00:01,22) [migration/2]
(root,0,0,00:00:36,23) [ksoftirqd/2]
(root,0,0,00:00:00,25) [kworker/2:0H]
(root,0,0,00:00:00,26) [cpuhp/3]
(root,0,0,00:00:05,27) [watchdog/3]
(root,0,0,00:00:01,28) [migration/3]
(root,0,0,00:00:04,29) [ksoftirqd/3]
(root,0,0,00:00:00,31) [kworker/3:0H]
(root,0,0,00:00:00,32) [kdevtmpfs]
(root,0,0,00:00:00,33) [netns]
(root,0,0,00:00:01,34) [khungtaskd]
(root,0,0,00:00:00,35) [oom_reaper]
(root,0,0,00:00:00,36) [writeback]
(root,0,0,00:00:00,37) [kcompactd0]
(root,0,0,00:00:00,39) [ksmd]
(root,0,0,00:00:00,40) [khugepaged]
(root,0,0,00:00:00,41) [crypto]
(root,0,0,00:00:00,42) [kintegrityd]
(root,0,0,00:00:00,43) [bioset]
(root,0,0,00:00:00,44) [kblockd]
(root,0,0,00:00:00,45) [devfreq_wq]
(root,0,0,00:00:00,46) [watchdogd]
(root,0,0,00:00:08,47) [kswapd0]
(root,0,0,00:00:00,48) [vmstat]
(root,0,0,00:00:00,60) [kthrotld]
(root,0,0,00:00:00,61) [ipv6_addrconf]
(root,0,0,00:00:00,102) [mpt_poll_0]
(root,0,0,00:00:00,106) [mpt/0]
(root,0,0,00:00:00,112) [ata_sff]
(root,0,0,00:00:00,131) [scsi_eh_0]
(root,0,0,00:00:00,132) [scsi_tmf_0]
(root,0,0,00:00:00,133) [bioset]
(root,0,0,00:00:00,134) [scsi_eh_1]
(root,0,0,00:00:00,136) [scsi_tmf_1]
(root,0,0,00:00:00,137) [scsi_eh_2]
(root,0,0,00:00:00,138) [scsi_tmf_2]
(root,0,0,00:00:00,155) [bioset]
(root,0,0,00:03:16,158) [kworker/3:1H]
(root,0,0,00:02:17,161) [kworker/2:1H]
(root,0,0,00:01:31,163) [kworker/1:1H]
(root,0,0,00:00:00,187) [kworker/u9:0]
(root,0,0,00:09:57,197) [jbd2/sda3-8]
(root,0,0,00:00:00,198) [ext4-rsv-conver]
(root,208736,11144,00:35:50,220) /usr/bin/vmtoolsd
(root,0,0,00:00:00,221) [kauditd]
(root,64424,10984,03:34:13,231) /lib/systemd/systemd-journald
(root,98996,1376,00:00:00,258) /sbin/lvmetad -f
(root,47284,4444,00:00:04,265) /lib/systemd/systemd-udevd
(root,0,0,00:00:00,296) [ttm_swap]
(root,0,0,00:00:00,394) [jbd2/sda1-8]
(root,0,0,00:00:00,395) [ext4-rsv-conver]
(systemd+,127284,4168,00:00:04,413) /lib/systemd/systemd-timesyncd
(message+,45124,3920,00:00:03,429) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation
(root,30876,2848,00:00:06,432) /usr/sbin/cron -f
(root,549548,10972,00:36:50,433) /usr/sbin/rsyslogd -n
(root,35908,3312,00:01:41,435) /usr/sbin/irqbalance --foreground
(root,153692,18436,00:00:00,436) /usr/bin/VGAuthService
(root,46532,4732,00:00:05,437) /lib/systemd/systemd-logind
(Debian-+,63868,14868,07:43:15,593) /usr/sbin/snmpd -Lsd -Lf /dev/null -u Debian-snmp -g Debian-snmp -I -smux mteTrigger mteTriggerConf -f
(root,58340,4340,00:00:01,596) lldpd: monitor.
(root,15740,1596,00:00:00,599) /sbin/agetty --noclear tty1 linux
(root,69956,6280,00:00:06,626) /usr/sbin/sshd -D
(_lldpd,58340,2788,00:00:21,678) lldpd: connected to sw-core-01.
(root,351296,80248,03:02:48,782) /usr/bin/python3 /usr/bin/fail2ban-server -s /var/run/fail2ban/fail2ban.sock -p /var/run/fail2ban/fail2ban.pid -x -b
(root,979984,9404,01:29:17,789) /usr/sbin/collectd
(root,529192,37112,00:01:56,813) /usr/sbin/apache2 -k start
(www-data,607100,34132,00:00:00,925) /usr/sbin/apache2 -k start
(www-data,607156,34096,00:00:00,926) /usr/sbin/apache2 -k start
(www-data,607104,33716,00:00:00,927) /usr/sbin/apache2 -k start
(www-data,607100,33864,00:00:00,928) /usr/sbin/apache2 -k start
(www-data,607100,33884,00:00:00,929) /usr/sbin/apache2 -k start
(root,318164,12008,00:00:14,1360) /usr/lib/packagekit/packagekitd
(root,286116,6192,00:00:01,1373) /usr/lib/policykit-1/polkitd --no-debug
(www-data,607100,33552,00:00:00,1398) /usr/sbin/apache2 -k start
(freerad,2287708,32124,00:37:38,1655) /usr/sbin/freeradius
(root,82324,3656,00:01:24,2943) sendmail: MTA: accepting connections
(www-data,607112,33440,00:00:00,2964) /usr/sbin/apache2 -k start
(mysql,1565356,694264,08:14:26,4197) /usr/sbin/mysqld
(root,0,0,00:00:00,7912) [kworker/2:0]
(root,0,0,00:00:01,8464) [kworker/0:0]
(root,0,0,00:00:00,8672) [kworker/0:1]
(root,0,0,00:00:00,8673) [kworker/2:2]
(root,0,0,00:00:00,8877) [kworker/3:0]
(root,0,0,00:00:00,9536) [kworker/3:2]
(root,0,0,00:00:00,9809) [kworker/1:2]
(root,0,0,00:00:00,9879) [kworker/1:1]
(root,7044,680,00:00:00,9925) sleep 180
(root,0,0,00:00:00,9928) [kworker/1:0]
(root,0,0,00:00:00,10234) [kworker/0:2]
(root,20896,3356,00:00:00,10235) /bin/bash /usr/bin/check_mk_agent
(root,36628,2792,00:00:00,10241) ps ax -o user,vsz,rss,cputime,pid,command --columns 10000
(root,13204,972,00:00:00,10242) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4,\5) /
(root,99352,6972,00:01:48,10994) sshd: root@pts/0
(root,56400,5892,00:00:00,11117) /lib/systemd/systemd --user
(root,84564,1244,00:00:00,11118) (sd-pam)
(root,22436,4936,00:00:00,11124) -bash
(root,99676,7336,00:00:20,20110) sshd: root@notty
(root,12568,3072,00:00:00,20116) bash
(root,4276,692,00:00:00,20161) sh /root/.vscode-server/bin/d045a5eda657f4d7b676dedbfa7aab8207f8a075/bin/code-server --start-server --host=127.0.0.1 --accept-server-license-terms --enable-remote-auto-shutdown --port=0 --telemetry-level all --connection-token-file /root/.vscode-server/.d045a5eda657f4d7b676dedbfa7aab8207f8a075.token
(root,969912,102428,00:01:33,20171) /root/.vscode-server/bin/d045a5eda657f4d7b676dedbfa7aab8207f8a075/node /root/.vscode-server/bin/d045a5eda657f4d7b676dedbfa7aab8207f8a075/out/server-main.js --start-server --host=127.0.0.1 --accept-server-license-terms --enable-remote-auto-shutdown --port=0 --telemetry-level all --connection-token-file /root/.vscode-server/.d045a5eda657f4d7b676dedbfa7aab8207f8a075.token
(root,710332,58484,00:02:29,20419) /root/.vscode-server/bin/d045a5eda657f4d7b676dedbfa7aab8207f8a075/node /root/.vscode-server/bin/d045a5eda657f4d7b676dedbfa7aab8207f8a075/out/bootstrap-fork --type=ptyHost --logsPath /root/.vscode-server/data/logs/20221209T102925
(root,1046212,167896,00:03:19,20442) /root/.vscode-server/bin/d045a5eda657f4d7b676dedbfa7aab8207f8a075/node /root/.vscode-server/bin/d045a5eda657f4d7b676dedbfa7aab8207f8a075/out/bootstrap-fork --type=extensionHost --transformURIs --useHostProxy=false
(root,1043204,45728,00:00:13,20453) /root/.vscode-server/bin/d045a5eda657f4d7b676dedbfa7aab8207f8a075/node /root/.vscode-server/bin/d045a5eda657f4d7b676dedbfa7aab8207f8a075/out/bootstrap-fork --type=fileWatcher
(root,1113252,331420,00:06:46,20536) /root/.vscode-server/bin/d045a5eda657f4d7b676dedbfa7aab8207f8a075/node /root/.vscode-server/extensions/ms-python.vscode-pylance-2022.12.20/dist/server.bundle.js --cancellationReceive=file:82c68ab6eca4806fa3b30f5d686f27b6a4a9a7b375 --node-ipc --clientProcessId=20442
(root,21244,3936,00:00:00,20556) /bin/bash --init-file /root/.vscode-server/bin/d045a5eda657f4d7b676dedbfa7aab8207f8a075/out/vs/workbench/contrib/terminal/browser/media/shellIntegration-bash.sh
(root,0,0,00:00:16,20854) [kworker/u8:0]
(root,54212,7544,00:00:18,22373) mc
(root,21248,3880,00:00:00,22375) bash -rcfile .bashrc
(root,0,0,00:00:02,24538) [kworker/u8:1]

Found on 2022-12-11 15:10

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbdb152c97192c0d284810ab27e16e94ceb91a3119

Found public CheckMk agent:
Version: 1.2.6b5
AgentOS: linux
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local

Found process list through CheckMk:
(root,204696,6836,00:00:11,1) /sbin/init
(root,0,0,00:00:00,2) [kthreadd]
(root,0,0,00:00:00,4) [kworker/0:0H]
(root,0,0,00:00:25,6) [kworker/0:1H]
(root,0,0,00:00:01,7) [ksoftirqd/0]
(root,0,0,00:15:11,8) [rcu_sched]
(root,0,0,00:00:00,9) [rcu_bh]
(root,0,0,00:00:00,10) [migration/0]
(root,0,0,00:00:00,11) [lru-add-drain]
(root,0,0,00:00:02,12) [watchdog/0]
(root,0,0,00:00:00,13) [cpuhp/0]
(root,0,0,00:00:00,14) [cpuhp/1]
(root,0,0,00:00:02,15) [watchdog/1]
(root,0,0,00:00:00,16) [migration/1]
(root,0,0,00:00:01,17) [ksoftirqd/1]
(root,0,0,00:00:00,19) [kworker/1:0H]
(root,0,0,00:00:00,20) [cpuhp/2]
(root,0,0,00:00:02,21) [watchdog/2]
(root,0,0,00:00:00,22) [migration/2]
(root,0,0,00:00:17,23) [ksoftirqd/2]
(root,0,0,00:00:00,25) [kworker/2:0H]
(root,0,0,00:00:00,26) [cpuhp/3]
(root,0,0,00:00:02,27) [watchdog/3]
(root,0,0,00:00:00,28) [migration/3]
(root,0,0,00:00:01,29) [ksoftirqd/3]
(root,0,0,00:00:00,31) [kworker/3:0H]
(root,0,0,00:00:00,32) [kdevtmpfs]
(root,0,0,00:00:00,33) [netns]
(root,0,0,00:00:00,34) [khungtaskd]
(root,0,0,00:00:00,35) [oom_reaper]
(root,0,0,00:00:00,36) [writeback]
(root,0,0,00:00:00,37) [kcompactd0]
(root,0,0,00:00:00,39) [ksmd]
(root,0,0,00:00:00,40) [khugepaged]
(root,0,0,00:00:00,41) [crypto]
(root,0,0,00:00:00,42) [kintegrityd]
(root,0,0,00:00:00,43) [bioset]
(root,0,0,00:00:00,44) [kblockd]
(root,0,0,00:00:00,45) [devfreq_wq]
(root,0,0,00:00:00,46) [watchdogd]
(root,0,0,00:00:02,47) [kswapd0]
(root,0,0,00:00:00,48) [vmstat]
(root,0,0,00:00:00,60) [kthrotld]
(root,0,0,00:00:00,61) [ipv6_addrconf]
(root,0,0,00:00:00,102) [mpt_poll_0]
(root,0,0,00:00:00,106) [mpt/0]
(root,0,0,00:00:00,112) [ata_sff]
(root,0,0,00:00:00,131) [scsi_eh_0]
(root,0,0,00:00:00,132) [scsi_tmf_0]
(root,0,0,00:00:00,133) [bioset]
(root,0,0,00:00:00,134) [scsi_eh_1]
(root,0,0,00:00:00,136) [scsi_tmf_1]
(root,0,0,00:00:00,137) [scsi_eh_2]
(root,0,0,00:00:00,138) [scsi_tmf_2]
(root,0,0,00:00:00,155) [bioset]
(root,0,0,00:01:11,158) [kworker/3:1H]
(root,0,0,00:00:56,161) [kworker/2:1H]
(root,0,0,00:00:31,163) [kworker/1:1H]
(root,0,0,00:00:00,187) [kworker/u9:0]
(root,0,0,00:04:04,197) [jbd2/sda3-8]
(root,0,0,00:00:00,198) [ext4-rsv-conver]
(root,208736,11204,00:15:14,220) /usr/bin/vmtoolsd
(root,0,0,00:00:00,221) [kauditd]
(root,59356,4288,00:41:30,231) /lib/systemd/systemd-journald
(root,98996,1592,00:00:00,258) /sbin/lvmetad -f
(root,47284,5308,00:00:02,265) /lib/systemd/systemd-udevd
(root,0,0,00:00:00,296) [ttm_swap]
(root,0,0,00:00:00,394) [jbd2/sda1-8]
(root,0,0,00:00:00,395) [ext4-rsv-conver]
(systemd+,127284,4168,00:00:02,413) /lib/systemd/systemd-timesyncd
(message+,45124,3920,00:00:01,429) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation
(root,30876,2848,00:00:02,432) /usr/sbin/cron -f
(root,549548,11088,00:07:08,433) /usr/sbin/rsyslogd -n
(root,35908,3312,00:00:43,435) /usr/sbin/irqbalance --foreground
(root,153692,18436,00:00:00,436) /usr/bin/VGAuthService
(root,46532,4732,00:00:02,437) /lib/systemd/systemd-logind
(Debian-+,61664,12664,01:31:29,593) /usr/sbin/snmpd -Lsd -Lf /dev/null -u Debian-snmp -g Debian-snmp -I -smux mteTrigger mteTriggerConf -f
(root,58340,4340,00:00:00,596) lldpd: monitor.
(root,15740,1596,00:00:00,599) /sbin/agetty --noclear tty1 linux
(root,69956,6280,00:00:02,626) /usr/sbin/sshd -D
(_lldpd,58340,2788,00:00:09,678) lldpd: connected to sw-core-01.
(root,338624,64688,01:07:15,782) /usr/bin/python3 /usr/bin/fail2ban-server -s /var/run/fail2ban/fail2ban.sock -p /var/run/fail2ban/fail2ban.pid -x -b
(root,979984,9352,00:38:01,789) /usr/sbin/collectd
(root,529192,37032,00:00:50,813) /usr/sbin/apache2 -k start
(root,318164,12008,00:00:06,1360) /usr/lib/packagekit/packagekitd
(root,286116,6192,00:00:00,1373) /usr/lib/policykit-1/polkitd --no-debug
(freerad,2271288,28436,00:14:37,1655) /usr/sbin/freeradius
(root,82324,3656,00:00:36,2943) sendmail: MTA: accepting connections
(root,0,0,00:00:00,4018) [kworker/u8:1]
(mysql,1532588,687152,02:18:00,4197) /usr/sbin/mysqld
(www-data,609908,36468,00:00:01,9044) /usr/sbin/apache2 -k start
(www-data,612012,38240,00:00:01,9045) /usr/sbin/apache2 -k start
(www-data,611952,37988,00:00:01,9046) /usr/sbin/apache2 -k start
(www-data,609908,36452,00:00:01,9047) /usr/sbin/apache2 -k start
(www-data,614044,39804,00:00:01,9181) /usr/sbin/apache2 -k start
(www-data,612060,40824,00:00:01,10293) /usr/sbin/apache2 -k start
(root,99352,6972,00:00:35,10994) sshd: root@pts/0
(root,56400,5892,00:00:00,11117) /lib/systemd/systemd --user
(root,84564,1644,00:00:00,11118) (sd-pam)
(root,22436,4972,00:00:00,11124) -bash
(www-data,530092,22356,00:00:00,14395) /usr/sbin/apache2 -k start
(www-data,533064,26308,00:00:00,14408) /usr/sbin/apache2 -k start
(www-data,535168,34900,00:00:00,14409) /usr/sbin/apache2 -k start
(root,0,0,00:01:50,14981) [kworker/u8:0]
(www-data,530368,24272,00:00:00,16321) /usr/sbin/apache2 -k start
(root,54076,8316,00:00:00,22373) mc
(root,21248,3880,00:00:00,22375) bash -rcfile .bashrc
(root,0,0,00:00:00,22810) [kworker/3:2]
(root,0,0,00:00:00,24530) [kworker/3:1]
(root,0,0,00:00:00,25946) [kworker/2:0]
(root,0,0,00:00:00,26201) [kworker/2:2]
(root,0,0,00:00:00,26997) [kworker/0:2]
(root,0,0,00:00:00,27387) [kworker/0:0]
(root,0,0,00:00:00,27534) [kworker/1:1]
(root,0,0,00:00:00,27578) [kworker/1:2]
(root,0,0,00:00:00,27602) [kworker/1:0]
(root,0,0,00:00:00,27771) [kworker/0:1]
(root,20896,3400,00:00:00,27908) /bin/bash /usr/bin/check_mk_agent
(root,36628,2728,00:00:00,27914) ps ax -o user,vsz,rss,cputime,pid,command --columns 10000
(root,13204,984,00:00:00,27915) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4,\5) /

Found on 2022-11-18 04:10

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbdb152c97192c0d284810ab27e16e94ce0d2c4f4a

Found public CheckMk agent:
Version: 1.2.6b5
AgentOS: linux
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local

Found process list through CheckMk:
(root,204552,6772,00:00:04,1) /sbin/init
(root,0,0,00:00:00,2) [kthreadd]
(root,0,0,00:00:00,4) [kworker/0:0H]
(root,0,0,00:00:07,6) [kworker/0:1H]
(root,0,0,00:00:00,7) [ksoftirqd/0]
(root,0,0,00:07:40,8) [rcu_sched]
(root,0,0,00:00:00,9) [rcu_bh]
(root,0,0,00:00:00,10) [migration/0]
(root,0,0,00:00:00,11) [lru-add-drain]
(root,0,0,00:00:01,12) [watchdog/0]
(root,0,0,00:00:00,13) [cpuhp/0]
(root,0,0,00:00:00,14) [cpuhp/1]
(root,0,0,00:00:01,15) [watchdog/1]
(root,0,0,00:00:00,16) [migration/1]
(root,0,0,00:00:00,17) [ksoftirqd/1]
(root,0,0,00:00:00,19) [kworker/1:0H]
(root,0,0,00:00:00,20) [cpuhp/2]
(root,0,0,00:00:01,21) [watchdog/2]
(root,0,0,00:00:00,22) [migration/2]
(root,0,0,00:00:08,23) [ksoftirqd/2]
(root,0,0,00:00:00,25) [kworker/2:0H]
(root,0,0,00:00:00,26) [cpuhp/3]
(root,0,0,00:00:01,27) [watchdog/3]
(root,0,0,00:00:00,28) [migration/3]
(root,0,0,00:00:00,29) [ksoftirqd/3]
(root,0,0,00:00:00,31) [kworker/3:0H]
(root,0,0,00:00:00,32) [kdevtmpfs]
(root,0,0,00:00:00,33) [netns]
(root,0,0,00:00:00,34) [khungtaskd]
(root,0,0,00:00:00,35) [oom_reaper]
(root,0,0,00:00:00,36) [writeback]
(root,0,0,00:00:00,37) [kcompactd0]
(root,0,0,00:00:00,39) [ksmd]
(root,0,0,00:00:00,40) [khugepaged]
(root,0,0,00:00:00,41) [crypto]
(root,0,0,00:00:00,42) [kintegrityd]
(root,0,0,00:00:00,43) [bioset]
(root,0,0,00:00:00,44) [kblockd]
(root,0,0,00:00:00,45) [devfreq_wq]
(root,0,0,00:00:00,46) [watchdogd]
(root,0,0,00:00:01,47) [kswapd0]
(root,0,0,00:00:00,48) [vmstat]
(root,0,0,00:00:00,60) [kthrotld]
(root,0,0,00:00:00,61) [ipv6_addrconf]
(root,0,0,00:00:00,102) [mpt_poll_0]
(root,0,0,00:00:00,106) [mpt/0]
(root,0,0,00:00:00,112) [ata_sff]
(root,0,0,00:00:00,131) [scsi_eh_0]
(root,0,0,00:00:00,132) [scsi_tmf_0]
(root,0,0,00:00:00,133) [bioset]
(root,0,0,00:00:00,134) [scsi_eh_1]
(root,0,0,00:00:00,136) [scsi_tmf_1]
(root,0,0,00:00:00,137) [scsi_eh_2]
(root,0,0,00:00:00,138) [scsi_tmf_2]
(root,0,0,00:00:00,155) [bioset]
(root,0,0,00:00:19,158) [kworker/3:1H]
(root,0,0,00:00:24,161) [kworker/2:1H]
(root,0,0,00:00:10,163) [kworker/1:1H]
(root,0,0,00:00:00,187) [kworker/u9:0]
(root,0,0,00:01:34,197) [jbd2/sda3-8]
(root,0,0,00:00:00,198) [ext4-rsv-conver]
(root,208736,11204,00:06:09,220) /usr/bin/vmtoolsd
(root,0,0,00:00:00,221) [kauditd]
(root,64424,8748,00:23:29,231) /lib/systemd/systemd-journald
(root,98996,1592,00:00:00,258) /sbin/lvmetad -f
(root,47284,5308,00:00:01,265) /lib/systemd/systemd-udevd
(root,0,0,00:00:00,296) [ttm_swap]
(root,0,0,00:00:00,394) [jbd2/sda1-8]
(root,0,0,00:00:00,395) [ext4-rsv-conver]
(systemd+,127284,4168,00:00:00,413) /lib/systemd/systemd-timesyncd
(message+,45124,3920,00:00:00,429) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation
(root,30876,2848,00:00:01,432) /usr/sbin/cron -f
(root,402016,8368,00:03:56,433) /usr/sbin/rsyslogd -n
(root,35908,3312,00:00:17,435) /usr/sbin/irqbalance --foreground
(root,153692,18436,00:00:00,436) /usr/bin/VGAuthService
(root,46532,4732,00:00:01,437) /lib/systemd/systemd-logind
(telegraf,5417636,65132,00:18:17,590) /usr/bin/telegraf -config /etc/telegraf/telegraf.conf -config-directory /etc/telegraf/telegraf.d
(Debian-+,60780,11680,00:50:40,593) /usr/sbin/snmpd -Lsd -Lf /dev/null -u Debian-snmp -g Debian-snmp -I -smux mteTrigger mteTriggerConf -f
(root,58340,4340,00:00:00,596) lldpd: monitor.
(root,15740,1596,00:00:00,599) /sbin/agetty --noclear tty1 linux
(root,69956,6280,00:00:01,626) /usr/sbin/sshd -D
(_lldpd,58340,2788,00:00:03,678) lldpd: connected to sw-core-01.
(mysql,1487428,693176,01:11:26,779) /usr/sbin/mysqld
(root,333504,58672,00:25:36,782) /usr/bin/python3 /usr/bin/fail2ban-server -s /var/run/fail2ban/fail2ban.sock -p /var/run/fail2ban/fail2ban.pid -x -b
(root,979984,9300,00:15:23,789) /usr/sbin/collectd
(root,529060,36976,00:00:20,813) /usr/sbin/apache2 -k start
(www-data,612020,39316,00:00:00,1032) /usr/sbin/apache2 -k start
(www-data,611888,40152,00:00:01,1033) /usr/sbin/apache2 -k start
(www-data,612020,40856,00:00:01,1034) /usr/sbin/apache2 -k start
(www-data,609892,36772,00:00:01,1035) /usr/sbin/apache2 -k start
(www-data,611960,40952,00:00:01,1036) /usr/sbin/apache2 -k start
(root,0,0,00:00:08,1037) [kworker/0:0]
(www-data,611952,40320,00:00:01,1144) /usr/sbin/apache2 -k start
(root,318164,12008,00:00:02,1360) /usr/lib/packagekit/packagekitd
(root,286116,6192,00:00:00,1373) /usr/lib/policykit-1/polkitd --no-debug
(freerad,2294940,26024,00:05:44,1655) /usr/sbin/freeradius
(www-data,611992,38308,00:00:01,2154) /usr/sbin/apache2 -k start
(www-data,611988,38628,00:00:01,2158) /usr/sbin/apache2 -k start
(www-data,612012,40616,00:00:00,2159) /usr/sbin/apache2 -k start
(root,82324,3656,00:00:14,2943) sendmail: MTA: accepting connections
(www-data,607020,34448,00:00:00,4969) /usr/sbin/apache2 -k start
(root,0,0,00:00:00,6662) [kworker/2:2]
(root,0,0,00:00:05,7221) [kworker/0:1]
(root,0,0,00:00:00,9120) [kworker/2:1]
(root,0,0,00:00:00,10363) [kworker/3:0]
(root,0,0,00:00:00,10781) [kworker/3:1]
(root,0,0,00:00:00,10812) [kworker/1:1]
(root,0,0,00:00:00,10908) [kworker/1:0]
(root,0,0,00:00:00,10942) [kworker/1:2]
(root,7044,664,00:00:00,10943) sleep 180
(root,7044,692,00:00:00,10944) sleep 180
(root,99352,6972,00:00:29,10994) sshd: root@pts/0
(root,0,0,00:00:00,11059) [kworker/3:2]
(root,20896,3296,00:00:00,11060) /bin/bash /usr/bin/check_mk_agent
(root,36628,2868,00:00:00,11066) ps ax -o user,vsz,rss,cputime,pid,command --columns 10000
(root,13204,960,00:00:00,11067) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4,\5) /
(root,56400,5892,00:00:00,11117) /lib/systemd/systemd --user
(root,84564,1644,00:00:00,11118) (sd-pam)
(root,22436,5024,00:00:00,11124) -bash
(root,0,0,00:00:28,14981) [kworker/u8:0]
(root,0,0,00:00:10,21997) [kworker/u8:1]
(root,54076,8292,00:00:00,22373) mc
(root,21160,3788,00:00:00,22375) bash -rcfile .bashrc
(root,4276,756,00:00:00,22404) /bin/sh /usr/bin/sensible-editor /cfg/scripts/blokady.py
(root,54104,8084,00:00:00,22412) /usr/bin/mcedit /cfg/scripts/blokady.py
(root,99576,6944,00:00:00,23677) sshd: root@notty
(root,12568,3056,00:00:00,23683) bash
(root,4276,648,00:00:00,23728) sh /root/.vscode-server/bin/d045a5eda657f4d7b676dedbfa7aab8207f8a075/bin/code-server --start-server --host=127.0.0.1 --accept-server-license-terms --enable-remote-auto-shutdown --port=0 --telemetry-level all --connection-token-file /root/.vscode-server/.d045a5eda657f4d7b676dedbfa7aab8207f8a075.token
(root,970352,117208,00:02:55,23738) /root/.vscode-server/bin/d045a5eda657f4d7b676dedbfa7aab8207f8a075/node /root/.vscode-server/bin/d045a5eda657f4d7b676dedbfa7aab8207f8a075/out/server-main.js --start-server --host=127.0.0.1 --accept-server-license-terms --enable-remote-auto-shutdown --port=0 --telemetry-level all --connection-token-file /root/.vscode-server/.d045a5eda657f4d7b676dedbfa7aab8207f8a075.token
(root,729768,47700,00:04:41,23962) /root/.vscode-server/bin/d045a5eda657f4d7b676dedbfa7aab8207f8a075/node /root/.vscode-server/bin/d045a5eda657f4d7b676dedbfa7aab8207f8a075/out/bootstrap-fork --type=ptyHost --logsPath /root/.vscode-server/data/logs/20221103T100244
(root,99564,6736,00:00:30,24066) sshd: root@notty
(root,12592,3304,00:00:00,24073) bash
(root,1052828,168124,00:04:52,24125) /root/.vscode-server/bin/d045a5eda657f4d7b676dedbfa7aab8207f8a075/node /root/.vscode-server/bin/d045a5eda657f4d7b676dedbfa7aab8207f8a075/out/bootstrap-fork --type=extensionHost --transformURIs --useHostProxy=false
(root,1043204,46568,00:00:25,24136) /root/.vscode-server/bin/d045a5eda657f4d7b676dedbfa7aab8207f8a075/node /root/.vscode-server/bin/d045a5eda657f4d7b676dedbfa7aab8207f8a075/out/bootstrap-fork --type=fileWatcher
(root,21244,4100,00:00:00,24174) /bin/bash --init-file /root/.vscode-server/bin/d045a5eda657f4d7b676dedbfa7aab8207f8a075/out/vs/workbench/contrib/terminal/browser/media/shellIntegration-bash.sh
(root,1025944,214188,00:00:28,24235) /root/.vscode-server/bin/d045a5eda657f4d7b676dedbfa7aab8207f8a075/node /root/.vscode-server/extensions/ms-python.vscode-pylance-2022.11.10/dist/server.bundle.js --cancellationReceive=file:513adf49bea28c2ac1925a17b5eb8811367bb2627d --node-ipc --clientProcessId=24125

Found on 2022-11-07 16:29

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbdb152c97192c0d284810ab27e16e94ced5dfbbd4

Found public CheckMk agent:
Version: 1.2.6b5
AgentOS: linux
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local

Found process list through CheckMk:
(root,204700,6524,00:00:45,1) /lib/systemd/systemd --system --deserialize 23
(root,0,0,00:00:01,2) [kthreadd]
(root,0,0,00:00:03,3) [ksoftirqd/0]
(root,0,0,00:00:00,5) [kworker/0:0H]
(root,0,0,00:26:57,7) [rcu_sched]
(root,0,0,00:00:00,8) [rcu_bh]
(root,0,0,00:00:03,9) [migration/0]
(root,0,0,00:00:00,10) [lru-add-drain]
(root,0,0,00:00:06,11) [watchdog/0]
(root,0,0,00:00:00,12) [cpuhp/0]
(root,0,0,00:00:00,13) [cpuhp/1]
(root,0,0,00:00:06,14) [watchdog/1]
(root,0,0,00:00:03,15) [migration/1]
(root,0,0,00:00:04,16) [ksoftirqd/1]
(root,0,0,00:00:00,18) [kworker/1:0H]
(root,0,0,00:00:00,19) [cpuhp/2]
(root,0,0,00:00:06,20) [watchdog/2]
(root,0,0,00:00:03,21) [migration/2]
(root,0,0,00:00:40,22) [ksoftirqd/2]
(root,0,0,00:00:00,24) [kworker/2:0H]
(root,0,0,00:00:00,25) [cpuhp/3]
(root,0,0,00:00:06,26) [watchdog/3]
(root,0,0,00:00:04,27) [migration/3]
(root,0,0,00:00:04,28) [ksoftirqd/3]
(root,0,0,00:00:00,30) [kworker/3:0H]
(root,0,0,00:00:00,31) [kdevtmpfs]
(root,0,0,00:00:00,32) [netns]
(root,0,0,00:00:02,33) [khungtaskd]
(root,0,0,00:00:00,34) [oom_reaper]
(root,0,0,00:00:00,35) [writeback]
(root,0,0,00:00:00,36) [kcompactd0]
(root,0,0,00:00:00,38) [ksmd]
(root,0,0,00:00:00,39) [khugepaged]
(root,0,0,00:00:00,40) [crypto]
(root,0,0,00:00:00,41) [kintegrityd]
(root,0,0,00:00:00,42) [bioset]
(root,0,0,00:00:00,43) [kblockd]
(root,0,0,00:00:00,44) [devfreq_wq]
(root,0,0,00:00:00,45) [watchdogd]
(root,0,0,00:00:13,46) [kswapd0]
(root,0,0,00:00:00,47) [vmstat]
(root,0,0,00:00:00,59) [kthrotld]
(root,0,0,00:00:00,60) [ipv6_addrconf]
(root,0,0,00:00:00,97) [mpt_poll_0]
(root,0,0,00:00:00,99) [mpt/0]
(root,0,0,00:00:00,101) [ata_sff]
(root,0,0,00:00:00,130) [scsi_eh_0]
(root,0,0,00:00:00,131) [scsi_tmf_0]
(root,0,0,00:00:00,132) [bioset]
(root,0,0,00:00:00,133) [scsi_eh_1]
(root,0,0,00:00:00,134) [scsi_tmf_1]
(root,0,0,00:00:00,135) [scsi_eh_2]
(root,0,0,00:00:00,136) [scsi_tmf_2]
(root,0,0,00:00:00,154) [bioset]
(root,0,0,00:02:35,156) [kworker/1:1H]
(root,0,0,00:01:57,159) [kworker/2:1H]
(root,0,0,00:02:31,160) [kworker/3:1H]
(root,0,0,00:02:02,198) [kworker/0:1H]
(root,0,0,00:00:00,303) [kworker/u9:0]
(root,0,0,00:14:23,313) [jbd2/sda3-8]
(root,0,0,00:00:00,314) [ext4-rsv-conver]
(root,135004,6436,00:31:55,337) /usr/bin/vmtoolsd
(root,0,0,00:00:00,338) [kauditd]
(root,59356,5476,01:19:49,341) /lib/systemd/systemd-journald
(root,107192,2268,00:00:00,372) /sbin/lvmetad -f
(root,0,0,00:00:00,411) [ttm_swap]
(root,0,0,00:00:00,493) [edac-poller]
(root,0,0,00:00:00,508) [jbd2/sda1-8]
(root,0,0,00:00:00,509) [ext4-rsv-conver]
(root,35908,2660,00:02:37,546) /usr/sbin/irqbalance --foreground
(root,46520,3252,00:00:09,547) /lib/systemd/systemd-logind
(root,153692,8100,00:00:00,548) /usr/bin/VGAuthService
(message+,45260,3284,00:00:06,549) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation
(root,406352,35096,00:12:49,552) /usr/sbin/rsyslogd -n
(root,30876,2320,00:00:10,553) /usr/sbin/cron -f
(Debian-+,64652,13376,03:24:06,704) /usr/sbin/snmpd -Lsd -Lf /dev/null -u Debian-snmp -g Debian-snmp -I -smux mteTrigger mteTriggerConf -f
(root,58340,3212,00:00:02,709) lldpd: monitor.
(root,72112,3112,00:00:00,710) /bin/login --
(root,69956,5340,00:00:09,746) /usr/sbin/sshd -D
(_lldpd,58340,2004,00:00:40,866) lldpd: 2 neighbors.
(root,340196,65944,03:15:13,869) /usr/bin/python3 /usr/bin/fail2ban-server -s /var/run/fail2ban/fail2ban.sock -p /var/run/fail2ban/fail2ban.pid -x -b
(root,979984,7176,02:32:00,872) /usr/sbin/collectd
(root,529192,36940,00:02:18,895) /usr/sbin/apache2 -k start
(root,56396,3604,00:00:00,1134) /lib/systemd/systemd --user
(root,84564,696,00:00:00,1136) (sd-pam)
(root,22564,4764,00:00:00,1138) -bash
(mysql,1562460,759656,09:15:07,1254) /usr/sbin/mysqld
(root,82320,3228,00:02:06,1329) sendmail: MTA: accepting connections
(root,53532,6092,00:00:00,1441) mc
(root,4168,632,00:00:00,1442) cons.saver /dev/tty1
(root,21188,3464,00:00:00,1443) bash -rcfile .bashrc
(root,99444,6708,00:00:35,1546) sshd: root@pts/1
(root,22436,4460,00:00:00,1552) -bash
(root,54916,8148,00:00:02,1558) mc
(root,21176,3456,00:00:00,1560) bash -rcfile .bashrc
(root,0,0,00:00:00,4817) [bioset]
(root,0,0,00:00:00,4819) [xfsalloc]
(root,0,0,00:00:00,4820) [xfs_mru_cache]
(root,0,0,00:00:00,4824) [jfsIO]
(root,0,0,00:00:00,4825) [jfsCommit]
(root,0,0,00:00:00,4826) [jfsCommit]
(root,0,0,00:00:00,4827) [jfsCommit]
(root,0,0,00:00:00,4828) [jfsCommit]
(root,0,0,00:00:00,4829) [jfsSync]
(root,0,0,00:00:00,4860) [bioset]
(root,45288,2900,00:00:05,5021) /lib/systemd/systemd-udevd
(systemd+,127284,3812,00:00:07,5134) /lib/systemd/systemd-timesyncd
(root,0,0,00:00:35,10332) [kworker/u8:2]
(www-data,612096,39800,00:00:01,10457) /usr/sbin/apache2 -k start
(www-data,612112,40720,00:00:02,10458) /usr/sbin/apache2 -k start
(www-data,612176,40888,00:00:02,10460) /usr/sbin/apache2 -k start
(www-data,610072,36768,00:00:01,10461) /usr/sbin/apache2 -k start
(www-data,610020,36336,00:00:01,10529) /usr/sbin/apache2 -k start
(www-data,610020,36584,00:00:01,11725) /usr/sbin/apache2 -k start
(root,0,0,00:00:01,12460) [kworker/u8:0]
(root,99660,7368,00:01:37,12692) sshd: root@pts/3
(root,99352,6804,00:00:00,12694) sshd: root@notty
(root,22544,4984,00:00:00,12704) -bash
(root,12684,1740,00:00:00,12712) /usr/lib/openssh/sftp-server
(root,0,0,00:00:01,14202) [kworker/2:2]
(root,4276,704,00:00:00,14420) sh /root/.vscode-server/bin/d045a5eda657f4d7b676dedbfa7aab8207f8a075/bin/code-server --start-server --host=127.0.0.1 --accept-server-license-terms --enable-remote-auto-shutdown --port=0 --telemetry-level all --connection-token-file /root/.vscode-server/.d045a5eda657f4d7b676dedbfa7aab8207f8a075.token
(root,963576,89288,00:00:36,14429) /root/.vscode-server/bin/d045a5eda657f4d7b676dedbfa7aab8207f8a075/node /root/.vscode-server/bin/d045a5eda657f4d7b676dedbfa7aab8207f8a075/out/server-main.js --start-server --host=127.0.0.1 --accept-server-license-terms --enable-remote-auto-shutdown --port=0 --telemetry-level all --connection-token-file /root/.vscode-server/.d045a5eda657f4d7b676dedbfa7aab8207f8a075.token
(root,873536,57120,00:00:23,14468) /root/.vscode-server/bin/d045a5eda657f4d7b676dedbfa7aab8207f8a075/node /root/.vscode-server/bin/d045a5eda657f4d7b676dedbfa7aab8207f8a075/out/bootstrap-fork --type=ptyHost --logsPath /root/.vscode-server/data/logs/20221018T104120
(root,1042948,46280,00:00:02,14502) /root/.vscode-server/bin/d045a5eda657f4d7b676dedbfa7aab8207f8a075/node /root/.vscode-server/bin/d045a5eda657f4d7b676dedbfa7aab8207f8a075/out/bootstrap-fork --type=fileWatcher
(root,322404,8256,00:00:13,14575) /usr/lib/packagekit/packagekitd
(root,299340,5876,00:00:02,14579) /usr/lib/policykit-1/polkitd --no-debug
(root,21296,3692,00:00:00,14603) /bin/bash --init-file /root/.vscode-server/bin/d045a5eda657f4d7b676dedbfa7aab8207f8a075/out/vs/workbench/contrib/terminal/browser/media/shellIntegration-bash.sh
(www-data,612136,40156,00:00:01,14727) /usr/sbin/apache2 -k start
(www-data,612156,40208,00:00:00,14728) /usr/sbin/apache2 -k start
(www-data,612112,39604,00:00:00,14729) /usr/sbin/apache2 -k start
(www-data,607148,34200,00:00:00,14730) /usr/sbin/apache2 -k start
(root,0,0,00:00:14,15298) [kworker/2:0]
(root,99584,6836,00:00:03,16294) sshd: root@notty
(root,12588,3284,00:00:00,16300) bash
(root,1043528,165660,00:00:44,16352) /root/.vscode-server/bin/d045a5eda657f4d7b676dedbfa7aab8207f8a075/node /root/.vscode-server/bin/d045a5eda657f4d7b676dedbfa7aab8207f8a075/out/bootstrap-fork --type=extensionHost --transformURIs --useHostProxy=false
(root,1043204,46260,00:00:02,16363) /root/.vscode-server/bin/d045a5eda657f4d7b676dedbfa7aab8207f8a075/node /root/.vscode-server/bin/d045a5eda657f4d7b676dedbfa7aab8207f8a075/out/bootstrap-fork --type=fileWatcher
(root,1048692,247416,00:01:10,16415) /root/.vscode-server/bin/d045a5eda657f4d7b676dedbfa7aab8207f8a075/node /root/.vscode-server/extensions/ms-python.vscode-pylance-2022.10.20/dist/server.bundle.js --cancellationReceive=file:644c923f1b70a549fcf817a5409e6949cb408ab97b --node-ipc --clientProcessId=16352
(root,0,0,00:00:00,20121) [kworker/0:0]
(root,0,0,00:00:00,20766) [kworker/3:2]
(root,0,0,00:00:00,21123) [kworker/3:0]
(root,0,0,00:00:00,21178) [kworker/0:1]
(root,0,0,00:00:00,23936) [kworker/1:2]
(root,0,0,00:00:00,23965) [kworker/1:0]
(root,0,0,00:00:00,24146) [kworker/1:1]
(root,7044,708,00:00:00,24148) sleep 180
(root,0,0,00:00:00,24261) [kworker/u8:1]
(root,0,0,00:00:00,24262) [kworker/0:2]
(root,20896,3440,00:00:00,24264) /bin/bash /usr/bin/check_mk_agent
(root,36628,2876,00:00:00,24270) ps ax -o user,vsz,rss,cputime,pid,command --columns 10000
(root,13204,980,00:00:00,24271) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4,\5) /
(telegraf,5491368,65536,00:42:26,27823) /usr/bin/telegraf -config /etc/telegraf/telegraf.conf -config-directory /etc/telegraf/telegraf.d
(freerad,2296608,29700,00:58:05,29110) /usr/sbin/freeradius

Found on 2022-10-18 20:12

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcbdb152c97192c0d284810ab27e16e94cecba5662c

Found public CheckMk agent:
Version: 1.2.6b5
AgentOS: linux
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local

Found process list through CheckMk:
(root,204588,7072,00:00:20,1) /lib/systemd/systemd --system --deserialize 23
(root,0,0,00:00:00,2) [kthreadd]
(root,0,0,00:00:01,3) [ksoftirqd/0]
(root,0,0,00:00:00,5) [kworker/0:0H]
(root,0,0,00:11:19,7) [rcu_sched]
(root,0,0,00:00:00,8) [rcu_bh]
(root,0,0,00:00:02,9) [migration/0]
(root,0,0,00:00:00,10) [lru-add-drain]
(root,0,0,00:00:02,11) [watchdog/0]
(root,0,0,00:00:00,12) [cpuhp/0]
(root,0,0,00:00:00,13) [cpuhp/1]
(root,0,0,00:00:02,14) [watchdog/1]
(root,0,0,00:00:02,15) [migration/1]
(root,0,0,00:00:02,16) [ksoftirqd/1]
(root,0,0,00:00:00,18) [kworker/1:0H]
(root,0,0,00:00:00,19) [cpuhp/2]
(root,0,0,00:00:02,20) [watchdog/2]
(root,0,0,00:00:02,21) [migration/2]
(root,0,0,00:00:18,22) [ksoftirqd/2]
(root,0,0,00:00:00,24) [kworker/2:0H]
(root,0,0,00:00:00,25) [cpuhp/3]
(root,0,0,00:00:02,26) [watchdog/3]
(root,0,0,00:00:03,27) [migration/3]
(root,0,0,00:00:01,28) [ksoftirqd/3]
(root,0,0,00:00:00,30) [kworker/3:0H]
(root,0,0,00:00:00,31) [kdevtmpfs]
(root,0,0,00:00:00,32) [netns]
(root,0,0,00:00:01,33) [khungtaskd]
(root,0,0,00:00:00,34) [oom_reaper]
(root,0,0,00:00:00,35) [writeback]
(root,0,0,00:00:00,36) [kcompactd0]
(root,0,0,00:00:00,38) [ksmd]
(root,0,0,00:00:00,39) [khugepaged]
(root,0,0,00:00:00,40) [crypto]
(root,0,0,00:00:00,41) [kintegrityd]
(root,0,0,00:00:00,42) [bioset]
(root,0,0,00:00:00,43) [kblockd]
(root,0,0,00:00:00,44) [devfreq_wq]
(root,0,0,00:00:00,45) [watchdogd]
(root,0,0,00:00:04,46) [kswapd0]
(root,0,0,00:00:00,47) [vmstat]
(root,0,0,00:00:00,59) [kthrotld]
(root,0,0,00:00:00,60) [ipv6_addrconf]
(root,0,0,00:00:00,97) [mpt_poll_0]
(root,0,0,00:00:00,99) [mpt/0]
(root,0,0,00:00:00,101) [ata_sff]
(root,0,0,00:00:00,130) [scsi_eh_0]
(root,0,0,00:00:00,131) [scsi_tmf_0]
(root,0,0,00:00:00,132) [bioset]
(root,0,0,00:00:00,133) [scsi_eh_1]
(root,0,0,00:00:00,134) [scsi_tmf_1]
(root,0,0,00:00:00,135) [scsi_eh_2]
(root,0,0,00:00:00,136) [scsi_tmf_2]
(root,0,0,00:00:00,154) [bioset]
(root,0,0,00:01:09,156) [kworker/1:1H]
(root,0,0,00:00:55,159) [kworker/2:1H]
(root,0,0,00:01:05,160) [kworker/3:1H]
(root,0,0,00:00:52,198) [kworker/0:1H]
(root,0,0,00:00:00,303) [kworker/u9:0]
(root,0,0,00:06:15,313) [jbd2/sda3-8]
(root,0,0,00:00:00,314) [ext4-rsv-conver]
(root,135004,10472,00:14:14,337) /usr/bin/vmtoolsd
(root,0,0,00:00:00,338) [kauditd]
(root,64424,8452,00:11:37,341) /lib/systemd/systemd-journald
(root,107192,1400,00:00:00,372) /sbin/lvmetad -f
(root,0,0,00:00:00,411) [ttm_swap]
(root,0,0,00:00:00,493) [edac-poller]
(root,0,0,00:00:00,508) [jbd2/sda1-8]
(root,0,0,00:00:00,509) [ext4-rsv-conver]
(root,35908,3220,00:01:10,546) /usr/sbin/irqbalance --foreground
(root,46520,4592,00:00:04,547) /lib/systemd/systemd-logind
(root,153692,18252,00:00:00,548) /usr/bin/VGAuthService
(message+,45260,4036,00:00:03,549) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation
(root,406228,18760,00:01:43,552) /usr/sbin/rsyslogd -n
(root,30876,2960,00:00:04,553) /usr/sbin/cron -f
(telegraf,5473980,96104,01:31:30,689) /usr/bin/telegraf -config /etc/telegraf/telegraf.conf -config-directory /etc/telegraf/telegraf.d
(Debian-+,61756,12676,00:32:01,704) /usr/sbin/snmpd -Lsd -Lf /dev/null -u Debian-snmp -g Debian-snmp -I -smux mteTrigger mteTriggerConf -f
(root,58340,4332,00:00:01,709) lldpd: monitor.
(root,72112,3452,00:00:00,710) /bin/login --
(root,69956,6264,00:00:04,746) /usr/sbin/sshd -D
(_lldpd,58340,2820,00:00:18,866) lldpd: 2 neighbors.
(root,330724,57012,01:08:03,869) /usr/bin/python3 /usr/bin/fail2ban-server -s /var/run/fail2ban/fail2ban.sock -p /var/run/fail2ban/fail2ban.pid -x -b
(root,979984,9108,01:09:23,872) /usr/sbin/collectd
(root,529192,37160,00:01:01,895) /usr/sbin/apache2 -k start
(root,56396,6020,00:00:00,1134) /lib/systemd/systemd --user
(root,84564,996,00:00:00,1136) (sd-pam)
(root,22564,5252,00:00:00,1138) -bash
(mysql,1540372,759604,03:51:22,1254) /usr/sbin/mysqld
(root,82320,3772,00:00:57,1329) sendmail: MTA: accepting connections
(root,53532,7716,00:00:00,1441) mc
(root,4168,640,00:00:00,1442) cons.saver /dev/tty1
(root,21188,3960,00:00:00,1443) bash -rcfile .bashrc
(root,99444,7096,00:00:16,1546) sshd: root@pts/1
(root,22436,4944,00:00:00,1552) -bash
(root,54916,9348,00:00:02,1558) mc
(root,21168,3804,00:00:00,1560) bash -rcfile .bashrc
(www-data,607072,33904,00:00:01,3880) /usr/sbin/apache2 -k start
(www-data,530116,22736,00:00:01,3881) /usr/sbin/apache2 -k start
(www-data,607056,33852,00:00:01,3882) /usr/sbin/apache2 -k start
(www-data,529892,18280,00:00:01,3883) /usr/sbin/apache2 -k start
(www-data,607056,33868,00:00:01,3884) /usr/sbin/apache2 -k start
(www-data,607112,34216,00:00:01,4235) /usr/sbin/apache2 -k start
(root,0,0,00:00:00,4817) [bioset]
(root,0,0,00:00:00,4819) [xfsalloc]
(root,0,0,00:00:00,4820) [xfs_mru_cache]
(root,0,0,00:00:00,4824) [jfsIO]
(root,0,0,00:00:00,4825) [jfsCommit]
(root,0,0,00:00:00,4826) [jfsCommit]
(root,0,0,00:00:00,4827) [jfsCommit]
(root,0,0,00:00:00,4828) [jfsCommit]
(root,0,0,00:00:00,4829) [jfsSync]
(root,0,0,00:00:00,4860) [bioset]
(root,45288,3096,00:00:02,5021) /lib/systemd/systemd-udevd
(systemd+,127284,4020,00:00:03,5134) /lib/systemd/systemd-timesyncd
(www-data,529960,22232,00:00:01,5770) /usr/sbin/apache2 -k start
(root,0,0,00:00:00,7515) [kworker/3:0]
(root,0,0,00:00:00,7584) [kworker/0:1]
(root,0,0,00:00:01,7818) [kworker/3:1]
(root,0,0,00:00:01,8447) [kworker/0:0]
(root,0,0,00:00:00,12614) [kworker/2:2]
(root,99660,7452,00:01:25,12692) sshd: root@pts/3
(root,99352,6856,00:00:00,12694) sshd: root@notty
(root,22544,5540,00:00:00,12704) -bash
(root,12684,1740,00:00:00,12712) /usr/lib/openssh/sftp-server
(root,0,0,00:00:01,12965) [kworker/2:1]
(root,0,0,00:00:00,13548) [kworker/1:2]
(root,0,0,00:00:00,13588) [kworker/1:1]
(root,0,0,00:00:00,13600) [kworker/1:0]
(root,20896,3368,00:00:00,13726) /bin/bash /usr/bin/check_mk_agent
(root,36628,2808,00:00:00,13732) ps ax -o user,vsz,rss,cputime,pid,command --columns 10000
(root,13204,944,00:00:00,13733) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4,\5) /
(root,322404,12076,00:00:06,14575) /usr/lib/packagekit/packagekitd
(root,299340,7884,00:00:00,14579) /usr/lib/policykit-1/polkitd --no-debug
(root,0,0,00:01:24,19403) [kworker/u8:0]
(freerad,2286628,25692,00:21:33,29110) /usr/sbin/freeradius
(root,0,0,00:02:07,31873) [kworker/u8:2]

Found on 2022-09-17 20:30

Host 91.239.248.5

Poland

Software information

CheckMK monitoring endpoint publicly available

Create report

Domain summary