LeakIX - Host 95.157.69.60

Host 95.157.69.60

Italy

CDLAN s.r.l.

Software information

nginx nginx 1.16.1

tcp/80

CheckMK monitoring endpoint publicly available

An open CheckMK agent is publicly available.

This could leak sensitive information such as :

Process list ( maybe credentials )
Network interfaces
Running services
Firewall rules
Internal OS configuration

https://docs.checkmk.com/latest/en/wato_monitoringagents.html

IP: 95.157.69.60
Port: 6556

First seen 2022-09-13 10:46
Last seen 2024-12-22 00:59
Open for 830 days

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcb76c1b6ce66f06e793f105f6bdf22204e7efb5ae8

Found public CheckMk agent:
Version: 1.5.0p7
AgentOS: linux
Hostname: master.gi-dns.com
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local

Found process list through CheckMk:
(root,191148,3828,01:35:51/339-12:33:35,1) /usr/lib/systemd/systemd --switched-root --system --deserialize 22
(root,0,0,00:00:07/339-12:33:35,2) [kthreadd]
(root,0,0,00:00:00/339-12:33:35,4) [kworker/0:0H]
(root,0,0,00:11:28/339-12:33:35,6) [ksoftirqd/0]
(root,0,0,00:01:28/339-12:33:35,7) [migration/0]
(root,0,0,00:00:00/339-12:33:35,8) [rcu_bh]
(root,0,0,10:52:43/339-12:33:35,9) [rcu_sched]
(root,0,0,00:00:00/339-12:33:35,10) [lru-add-drain]
(root,0,0,00:01:58/339-12:33:35,11) [watchdog/0]
(root,0,0,00:01:32/339-12:33:35,12) [watchdog/1]
(root,0,0,00:01:33/339-12:33:35,13) [migration/1]
(root,0,0,00:01:06/339-12:33:35,14) [ksoftirqd/1]
(root,0,0,00:00:00/339-12:33:35,16) [kworker/1:0H]
(root,0,0,00:00:00/339-12:33:35,18) [kdevtmpfs]
(root,0,0,00:00:00/339-12:33:35,19) [netns]
(root,0,0,00:00:18/339-12:33:35,20) [khungtaskd]
(root,0,0,00:00:00/339-12:33:35,21) [writeback]
(root,0,0,00:00:00/339-12:33:35,22) [kintegrityd]
(root,0,0,00:00:00/339-12:33:35,23) [bioset]
(root,0,0,00:00:00/339-12:33:35,24) [bioset]
(root,0,0,00:00:00/339-12:33:35,25) [bioset]
(root,0,0,00:00:00/339-12:33:35,26) [kblockd]
(root,0,0,00:00:00/339-12:33:35,27) [md]
(root,0,0,00:00:00/339-12:33:35,28) [edac-poller]
(root,0,0,00:00:00/339-12:33:35,29) [watchdogd]
(root,0,0,00:00:05/339-12:33:35,36) [kswapd0]
(root,0,0,00:00:00/339-12:33:35,37) [ksmd]
(root,0,0,00:01:21/339-12:33:35,38) [khugepaged]
(root,0,0,00:00:00/339-12:33:35,39) [crypto]
(root,0,0,00:00:00/339-12:33:35,47) [kthrotld]
(root,0,0,00:00:00/339-12:33:35,49) [kmpath_rdacd]
(root,0,0,00:00:00/339-12:33:35,50) [kaluad]
(root,0,0,00:00:00/339-12:33:35,51) [kpsmoused]
(root,0,0,00:00:00/339-12:33:35,53) [ipv6_addrconf]
(root,0,0,00:00:00/339-12:33:35,66) [deferwq]
(root,0,0,00:01:15/339-12:33:35,101) [kauditd]
(root,0,0,00:00:00/339-12:33:34,280) [ata_sff]
(root,0,0,00:00:00/339-12:33:34,281) [mpt_poll_0]
(root,0,0,00:00:00/339-12:33:34,282) [nfit]
(root,0,0,00:00:00/339-12:33:34,283) [mpt/0]
(root,0,0,00:00:00/339-12:33:34,311) [scsi_eh_0]
(root,0,0,00:00:00/339-12:33:34,312) [scsi_tmf_0]
(root,0,0,00:00:00/339-12:33:34,353) [scsi_eh_1]
(root,0,0,00:00:00/339-12:33:34,354) [scsi_tmf_1]
(root,0,0,00:00:00/339-12:33:34,356) [scsi_eh_2]
(root,0,0,00:00:00/339-12:33:34,357) [scsi_tmf_2]
(root,0,0,00:54:32/339-12:33:34,360) [irq/16-vmwgfx]
(root,0,0,00:00:00/339-12:33:34,365) [ttm_swap]
(root,0,0,00:00:00/339-12:33:34,374) [mpt_poll_1]
(root,0,0,00:00:00/339-12:33:34,375) [mpt/1]
(root,0,0,00:00:00/339-12:33:34,378) [scsi_eh_3]
(root,0,0,00:00:00/339-12:33:34,379) [scsi_tmf_3]
(root,0,0,00:00:00/339-12:33:34,380) [mpt_poll_2]
(root,0,0,00:00:00/339-12:33:34,381) [mpt/2]
(root,0,0,00:00:00/339-12:33:34,382) [scsi_eh_4]
(root,0,0,00:00:00/339-12:33:34,383) [scsi_tmf_4]
(root,0,0,00:00:00/339-12:33:34,384) [mpt_poll_3]
(root,0,0,00:00:00/339-12:33:34,385) [mpt/3]
(root,0,0,00:00:00/339-12:33:34,386) [scsi_eh_5]
(root,0,0,00:00:00/339-12:33:34,387) [scsi_tmf_5]
(root,0,0,00:00:00/339-12:33:34,451) [kdmflush]
(root,0,0,00:00:00/339-12:33:34,452) [bioset]
(root,0,0,00:00:00/339-12:33:33,462) [kdmflush]
(root,0,0,00:00:00/339-12:33:33,463) [bioset]
(root,0,0,00:00:00/339-12:33:33,476) [bioset]
(root,0,0,00:00:00/339-12:33:33,477) [xfsalloc]
(root,0,0,00:00:00/339-12:33:33,478) [xfs_mru_cache]
(root,0,0,00:00:00/339-12:33:33,479) [xfs-buf/dm-0]
(root,0,0,00:00:00/339-12:33:33,480) [xfs-data/dm-0]
(root,0,0,00:00:00/339-12:33:33,481) [xfs-conv/dm-0]
(root,0,0,00:00:00/339-12:33:33,482) [xfs-cil/dm-0]
(root,0,0,00:00:00/339-12:33:33,483) [xfs-reclaim/dm-]
(root,0,0,00:00:00/339-12:33:33,484) [xfs-log/dm-0]
(root,0,0,00:00:00/339-12:33:33,485) [xfs-eofblocks/d]
(root,0,0,01:55:55/339-12:33:33,486) [xfsaild/dm-0]
(root,0,0,00:01:06/339-12:33:33,487) [kworker/0:1H]
(root,0,0,00:00:02/07:58:36,504) [kworker/1:2]
(root,47740,12904,00:26:49/339-12:33:30,567) /usr/lib/systemd/systemd-journald
(root,198568,1396,00:00:03/339-12:33:30,587) /usr/sbin/lvmetad -f
(root,44800,1536,00:00:01/339-12:33:30,600) /usr/lib/systemd/systemd-udevd
(root,0,0,00:00:00/339-12:33:29,729) [xfs-buf/sda1]
(root,0,0,00:00:00/339-12:33:29,730) [xfs-data/sda1]
(root,0,0,00:00:00/339-12:33:29,731) [xfs-conv/sda1]
(root,0,0,00:00:00/339-12:33:29,732) [xfs-cil/sda1]
(root,0,0,00:00:00/339-12:33:29,733) [xfs-reclaim/sda]
(root,0,0,00:00:00/339-12:33:29,734) [xfs-log/sda1]
(root,0,0,00:00:00/339-12:33:29,735) [xfs-eofblocks/s]
(root,0,0,00:00:04/339-12:33:29,744) [xfsaild/sda1]
(root,0,0,00:01:03/339-12:33:29,768) [kworker/1:1H]
(root,55528,764,00:06:25/339-12:33:29,769) /sbin/auditd
(root,99684,3356,00:00:00/339-12:33:28,791) /usr/bin/VGAuthService -s
(root,305176,4568,05:02:04/339-12:33:28,792) /usr/bin/vmtoolsd
(polkitd,612372,9416,00:00:17/339-12:33:28,797) /usr/lib/polkit-1/polkitd --no-debug
(root,21684,1072,00:17:23/339-12:33:28,805) /usr/sbin/irqbalance --foreground
(root,26380,1548,00:02:31/339-12:33:28,839) /usr/lib/systemd/systemd-logind
(dbus,58236,2064,00:07:12/339-12:33:28,840) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation
(ntp,25728,1548,00:04:19/339-12:33:28,851) /usr/sbin/ntpd -u ntp:ntp -g
(root,476344,8476,00:06:59/339-12:33:28,858) /usr/sbin/NetworkManager --no-daemon
(root,126288,1572,00:00:46/339-12:33:28,862) /usr/sbin/crond -n
(root,110108,804,00:00:00/339-12:33:28,865) /sbin/agetty --noclear tty1 linux
(root,218220,18720,01:24:50/339-12:33:27,1120) /opt/web/powerdns-admin/flask/bin/python3 /opt/web/powerdns-admin/flask/bin/gunicorn --workers 2 --bind unix:/opt/web/powerdns-admin/powerdns-admin.sock app:app
(root,462192,11528,00:33:06/339-12:33:27,1122) /usr/sbin/rsyslogd -n
(root,574200,17260,00:55:15/339-12:33:27,1123) /usr/bin/python2 -Es /usr/sbin/tuned -l -P
(root,112920,4356,00:07:30/339-12:33:27,1126) /usr/sbin/sshd -D
(root,27168,876,00:00:00/339-12:33:27,1160) /usr/sbin/xinetd -stayalive -pidfile /var/run/xinetd.pid
(mysql,1768440,169472,04:36:27/339-12:33:27,1226) /usr/sbin/mysqld
(root,57040,3040,00:00:02/339-12:33:27,1237) nginx: master process /usr/sbin/nginx -c /etc/nginx/nginx.conf
(root,0,0,00:00:11/99-07:35:44,1263) [veeamsnap_log]
(root,0,0,00:00:00/99-07:35:44,1264) [bioset]
(root,0,0,00:00:00/99-07:35:44,1266) [bioset]
(root,0,0,00:00:00/99-07:35:44,1267) [bioset]
(root,1312252,750800,1-02:43:47/339-12:33:26,1334) /usr/bin/python2 -s /usr/bin/fail2ban-server -s /var/run/fail2ban/fail2ban.sock -p /var/run/fail2ban/fail2ban.pid -x -b
(root,90356,2252,00:01:32/339-12:33:26,1412) /usr/libexec/postfix/master -w
(postfix,90636,4360,00:00:22/339-12:33:26,1452) qmgr -l -t unix -u
(root,1194016,30036,00:22:42/100-05:58:56,5783) /opt/veeam/transport/veeamtransport --run-service
(root,104896,3036,00:00:00/100-05:58:56,5790) /opt/veeam/transport/veeamtransport --run-environmentsvc 7:6
(root,168292,2192,00:18:38/100-05:58:55,5803) /opt/veeam/transport/veeamimmureposvc --subprocess --log /var/log/VeeamBackup --maxLogSize 15728640 --stdio 10:7
(root,1627728,59192,00:21:28/100-05:58:30,6189) /usr/sbin/veeamworker --pidfile /var/run/veeamservice.pid --daemon
(root,0,0,00:00:01/06:58:12,6461) [kworker/1:1]
(postfix,90460,4176,00:00:00/01:12:44,7825) pickup -l -t unix -u
(root,0,0,00:00:00/29:16,12005) [kworker/u4:0]
(root,0,0,00:00:00/24:55,12393) [kworker/0:1]
(root,0,0,00:00:00/339-07:29:29,12620) [cifsiod]
(root,0,0,00:00:00/339-07:29:29,12621) [cifsoplockd]
(root,0,0,00:00:00/15:11,13358) [kworker/u4:2]
(root,0,0,00:00:00/14:23,13454) [kworker/0:0]
(root,0,0,00:00:00/08:52,13939) [kworker/0:2]
(nginx,57468,2560,00:00:00/21:59:36,14005) nginx: worker process
(root,415456,121452,00:11:04/286-07:49:16,14055) /opt/web/powerdns-admin/flask/bin/python3 /opt/web/powerdns-admin/flask/bin/gunicorn --workers 2 --bind unix:/opt/web/powerdns-admin/powerdns-admin.sock app:app
(root,363964,69952,00:10:47/286-07:49:16,14056) /opt/web/powerdns-admin/flask/bin/python3 /opt/web/powerdns-admin/flask/bin/gunicorn --workers 2 --bind unix:/opt/web/powerdns-admin/powerdns-admin.sock app:app
(root,0,0,00:00:00/05:40:45,14104) [kworker/1:0]
(root,158804,5308,00:00:00/00:46,14819) sshd: unknown [priv]
(sshd,112920,2224,00:00:00/00:45,14820) sshd: unknown [net]
(root,0,0,00:00:00/00:02,14825) [kworker/u4:1]
(root,158804,5316,00:00:00/00:02,14826) sshd: unknown [priv]
(sshd,112920,2228,00:00:00/00:02,14827) sshd: unknown [net]
(root,113320,1752,00:00:00/00:00,14828) /bin/bash /usr/bin/check_mk_agent
(root,113320,1616,00:00:00/00:00,14872) /bin/bash /usr/bin/check_mk_agent
(root,113192,1588,00:00:00/00:00,14930) /bin/bash /usr/bin/check_mk_agent
(root,51752,1680,00:00:00/00:00,14975) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000
(root,13324,928,00:00:00/00:00,14976) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) /
(pdns,1374876,26452,01:01:20/215-13:48:27,20510) /usr/sbin/pdns_server --guardian=no --daemon=no --disable-syslog --no-shuffle --log-timestamp=no --write-pid=no
(root,99932,2244,00:00:00/325-10:17:22,22579) /opt/veeam/deployment/veeamdeploymentsvc --run-service
(root,391024,30704,00:00:22/325-10:17:22,22581) /opt/veeam/deployment/veeamdeploymentsvc --service-process 9:8
(veeam-cd,601912,15316,01:17:40/325-10:17:22,22583) /opt/veeam/deployment/veeamdeploymentsvc --vcp-subprocess 18:17

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: ens35: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether 1e:00:d2:00:05:c4 brd ff:ff:ff:ff:ff:ff
[end_iplink]

Found on 2024-12-22 00:59

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcb76c1b6ce66f06e793f105f6bdf22204ec27a4caf

Found public CheckMk agent:
Version: 1.5.0p7
AgentOS: linux
Hostname: master.gi-dns.com
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local

Found process list through CheckMk:
(root,191148,3828,01:35:05/337-12:08:52,1) /usr/lib/systemd/systemd --switched-root --system --deserialize 22
(root,0,0,00:00:07/337-12:08:52,2) [kthreadd]
(root,0,0,00:00:00/337-12:08:52,4) [kworker/0:0H]
(root,0,0,00:11:25/337-12:08:52,6) [ksoftirqd/0]
(root,0,0,00:01:28/337-12:08:52,7) [migration/0]
(root,0,0,00:00:00/337-12:08:52,8) [rcu_bh]
(root,0,0,10:49:15/337-12:08:52,9) [rcu_sched]
(root,0,0,00:00:00/337-12:08:52,10) [lru-add-drain]
(root,0,0,00:01:58/337-12:08:52,11) [watchdog/0]
(root,0,0,00:01:31/337-12:08:52,12) [watchdog/1]
(root,0,0,00:01:32/337-12:08:52,13) [migration/1]
(root,0,0,00:01:05/337-12:08:52,14) [ksoftirqd/1]
(root,0,0,00:00:00/337-12:08:52,16) [kworker/1:0H]
(root,0,0,00:00:00/337-12:08:52,18) [kdevtmpfs]
(root,0,0,00:00:00/337-12:08:52,19) [netns]
(root,0,0,00:00:18/337-12:08:52,20) [khungtaskd]
(root,0,0,00:00:00/337-12:08:52,21) [writeback]
(root,0,0,00:00:00/337-12:08:52,22) [kintegrityd]
(root,0,0,00:00:00/337-12:08:52,23) [bioset]
(root,0,0,00:00:00/337-12:08:52,24) [bioset]
(root,0,0,00:00:00/337-12:08:52,25) [bioset]
(root,0,0,00:00:00/337-12:08:52,26) [kblockd]
(root,0,0,00:00:00/337-12:08:52,27) [md]
(root,0,0,00:00:00/337-12:08:52,28) [edac-poller]
(root,0,0,00:00:00/337-12:08:52,29) [watchdogd]
(root,0,0,00:00:05/337-12:08:52,36) [kswapd0]
(root,0,0,00:00:00/337-12:08:52,37) [ksmd]
(root,0,0,00:01:21/337-12:08:52,38) [khugepaged]
(root,0,0,00:00:00/337-12:08:52,39) [crypto]
(root,0,0,00:00:00/337-12:08:52,47) [kthrotld]
(root,0,0,00:00:00/337-12:08:52,49) [kmpath_rdacd]
(root,0,0,00:00:00/337-12:08:52,50) [kaluad]
(root,0,0,00:00:00/337-12:08:52,51) [kpsmoused]
(root,0,0,00:00:00/337-12:08:52,53) [ipv6_addrconf]
(root,0,0,00:00:00/337-12:08:52,66) [deferwq]
(root,0,0,00:01:15/337-12:08:52,101) [kauditd]
(root,0,0,00:00:00/337-12:08:51,280) [ata_sff]
(root,0,0,00:00:00/337-12:08:51,281) [mpt_poll_0]
(root,0,0,00:00:00/337-12:08:51,282) [nfit]
(root,0,0,00:00:00/337-12:08:51,283) [mpt/0]
(root,0,0,00:00:00/337-12:08:51,311) [scsi_eh_0]
(root,0,0,00:00:00/337-12:08:51,312) [scsi_tmf_0]
(root,0,0,00:00:00/337-12:08:51,353) [scsi_eh_1]
(root,0,0,00:00:00/337-12:08:51,354) [scsi_tmf_1]
(root,0,0,00:00:00/337-12:08:51,356) [scsi_eh_2]
(root,0,0,00:00:00/337-12:08:51,357) [scsi_tmf_2]
(root,0,0,00:54:13/337-12:08:51,360) [irq/16-vmwgfx]
(root,0,0,00:00:00/337-12:08:51,365) [ttm_swap]
(root,0,0,00:00:00/337-12:08:51,374) [mpt_poll_1]
(root,0,0,00:00:00/337-12:08:51,375) [mpt/1]
(root,0,0,00:00:00/337-12:08:51,378) [scsi_eh_3]
(root,0,0,00:00:00/337-12:08:51,379) [scsi_tmf_3]
(root,0,0,00:00:00/337-12:08:51,380) [mpt_poll_2]
(root,0,0,00:00:00/337-12:08:51,381) [mpt/2]
(root,0,0,00:00:00/337-12:08:51,382) [scsi_eh_4]
(root,0,0,00:00:00/337-12:08:51,383) [scsi_tmf_4]
(root,0,0,00:00:00/337-12:08:51,384) [mpt_poll_3]
(root,0,0,00:00:00/337-12:08:51,385) [mpt/3]
(root,0,0,00:00:00/337-12:08:51,386) [scsi_eh_5]
(root,0,0,00:00:00/337-12:08:51,387) [scsi_tmf_5]
(root,0,0,00:00:00/337-12:08:51,451) [kdmflush]
(root,0,0,00:00:00/337-12:08:51,452) [bioset]
(root,0,0,00:00:00/337-12:08:50,462) [kdmflush]
(root,0,0,00:00:00/337-12:08:50,463) [bioset]
(root,0,0,00:00:00/337-12:08:50,476) [bioset]
(root,0,0,00:00:00/337-12:08:50,477) [xfsalloc]
(root,0,0,00:00:00/337-12:08:50,478) [xfs_mru_cache]
(root,0,0,00:00:00/337-12:08:50,479) [xfs-buf/dm-0]
(root,0,0,00:00:00/337-12:08:50,480) [xfs-data/dm-0]
(root,0,0,00:00:00/337-12:08:50,481) [xfs-conv/dm-0]
(root,0,0,00:00:00/337-12:08:50,482) [xfs-cil/dm-0]
(root,0,0,00:00:00/337-12:08:50,483) [xfs-reclaim/dm-]
(root,0,0,00:00:00/337-12:08:50,484) [xfs-log/dm-0]
(root,0,0,00:00:00/337-12:08:50,485) [xfs-eofblocks/d]
(root,0,0,01:55:10/337-12:08:50,486) [xfsaild/dm-0]
(root,0,0,00:01:05/337-12:08:50,487) [kworker/0:1H]
(root,55932,16448,00:26:36/337-12:08:47,567) /usr/lib/systemd/systemd-journald
(root,198568,1396,00:00:03/337-12:08:47,587) /usr/sbin/lvmetad -f
(root,44800,1536,00:00:01/337-12:08:47,600) /usr/lib/systemd/systemd-udevd
(root,0,0,00:00:00/337-12:08:46,729) [xfs-buf/sda1]
(root,0,0,00:00:00/337-12:08:46,730) [xfs-data/sda1]
(root,0,0,00:00:00/337-12:08:46,731) [xfs-conv/sda1]
(root,0,0,00:00:00/337-12:08:46,732) [xfs-cil/sda1]
(root,0,0,00:00:00/337-12:08:46,733) [xfs-reclaim/sda]
(root,0,0,00:00:00/337-12:08:46,734) [xfs-log/sda1]
(root,0,0,00:00:00/337-12:08:46,735) [xfs-eofblocks/s]
(root,0,0,00:00:04/337-12:08:46,744) [xfsaild/sda1]
(root,0,0,00:01:03/337-12:08:46,768) [kworker/1:1H]
(root,55528,764,00:06:22/337-12:08:46,769) /sbin/auditd
(root,99684,3748,00:00:00/337-12:08:45,791) /usr/bin/VGAuthService -s
(root,305176,4696,05:00:02/337-12:08:45,792) /usr/bin/vmtoolsd
(polkitd,612372,9436,00:00:17/337-12:08:45,797) /usr/lib/polkit-1/polkitd --no-debug
(root,21684,1072,00:17:17/337-12:08:45,805) /usr/sbin/irqbalance --foreground
(root,26380,1564,00:02:30/337-12:08:45,839) /usr/lib/systemd/systemd-logind
(dbus,58236,2064,00:07:10/337-12:08:45,840) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation
(ntp,25728,1656,00:04:18/337-12:08:45,851) /usr/sbin/ntpd -u ntp:ntp -g
(root,476344,8552,00:06:56/337-12:08:45,858) /usr/sbin/NetworkManager --no-daemon
(root,126288,1572,00:00:45/337-12:08:45,862) /usr/sbin/crond -n
(root,110108,804,00:00:00/337-12:08:45,865) /sbin/agetty --noclear tty1 linux
(root,218220,18720,01:24:18/337-12:08:44,1120) /opt/web/powerdns-admin/flask/bin/python3 /opt/web/powerdns-admin/flask/bin/gunicorn --workers 2 --bind unix:/opt/web/powerdns-admin/powerdns-admin.sock app:app
(root,470612,12852,00:32:53/337-12:08:44,1122) /usr/sbin/rsyslogd -n
(root,574200,17260,00:54:54/337-12:08:44,1123) /usr/bin/python2 -Es /usr/sbin/tuned -l -P
(root,112920,4356,00:07:26/337-12:08:44,1126) /usr/sbin/sshd -D
(root,27168,876,00:00:00/337-12:08:44,1160) /usr/sbin/xinetd -stayalive -pidfile /var/run/xinetd.pid
(mysql,1768440,169472,04:34:50/337-12:08:44,1226) /usr/sbin/mysqld
(root,57040,3040,00:00:02/337-12:08:44,1237) nginx: master process /usr/sbin/nginx -c /etc/nginx/nginx.conf
(root,0,0,00:00:10/97-07:11:01,1263) [veeamsnap_log]
(root,0,0,00:00:00/97-07:11:01,1264) [bioset]
(root,0,0,00:00:00/97-07:11:01,1266) [bioset]
(root,0,0,00:00:00/97-07:11:01,1267) [bioset]
(root,1311380,748032,1-02:32:41/337-12:08:43,1334) /usr/bin/python2 -s /usr/bin/fail2ban-server -s /var/run/fail2ban/fail2ban.sock -p /var/run/fail2ban/fail2ban.pid -x -b
(root,90356,2252,00:01:32/337-12:08:43,1412) /usr/libexec/postfix/master -w
(postfix,90636,4360,00:00:22/337-12:08:43,1452) qmgr -l -t unix -u
(root,1194016,30000,00:22:15/98-05:34:13,5783) /opt/veeam/transport/veeamtransport --run-service
(root,104896,3036,00:00:00/98-05:34:13,5790) /opt/veeam/transport/veeamtransport --run-environmentsvc 7:6
(root,168292,2192,00:18:15/98-05:34:12,5803) /opt/veeam/transport/veeamimmureposvc --subprocess --log /var/log/VeeamBackup --maxLogSize 15728640 --stdio 10:7
(root,1627728,62720,00:21:09/98-05:33:47,6189) /usr/sbin/veeamworker --pidfile /var/run/veeamservice.pid --daemon
(root,0,0,00:00:00/01:33:53,8906) [kworker/1:2]
(postfix,90460,4172,00:00:00/01:07:32,11513) pickup -l -t unix -u
(root,0,0,00:00:00/337-07:04:46,12620) [cifsiod]
(root,0,0,00:00:00/337-07:04:46,12621) [cifsoplockd]
(root,415456,121452,00:11:01/284-07:24:33,14055) /opt/web/powerdns-admin/flask/bin/python3 /opt/web/powerdns-admin/flask/bin/gunicorn --workers 2 --bind unix:/opt/web/powerdns-admin/powerdns-admin.sock app:app
(root,363964,69952,00:10:44/284-07:24:33,14056) /opt/web/powerdns-admin/flask/bin/python3 /opt/web/powerdns-admin/flask/bin/gunicorn --workers 2 --bind unix:/opt/web/powerdns-admin/powerdns-admin.sock app:app
(root,0,0,00:00:01/36:37,14715) [kworker/0:1]
(root,0,0,00:00:00/33:53,14912) [kworker/1:1]
(root,0,0,00:00:00/31:52,15112) [kworker/u4:0]
(root,0,0,00:00:00/11:06,17185) [kworker/u4:1]
(root,0,0,00:00:00/09:33,17368) [kworker/0:3]
(root,0,0,00:00:00/04:32,17830) [kworker/0:0]
(root,0,0,00:00:00/03:57,17831) [kworker/u4:2]
(root,0,0,00:00:00/01:32,18133) [kworker/0:2]
(root,161528,5836,00:00:00/00:55,18134) sshd: root [priv]
(sshd,112920,2488,00:00:00/00:55,18135) sshd: root [net]
(root,113320,1664,00:00:00/00:01,18229) /bin/bash /usr/bin/check_mk_agent
(root,113320,1620,00:00:00/00:01,18265) /bin/bash /usr/bin/check_mk_agent
(root,113192,1588,00:00:00/00:00,18309) /bin/bash /usr/bin/check_mk_agent
(root,51752,1680,00:00:00/00:00,18371) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000
(root,13320,668,00:00:00/00:00,18372) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) /
(nginx,57564,4040,00:00:00/21:34:53,20036) nginx: worker process
(pdns,1374876,26452,01:00:44/213-13:23:44,20510) /usr/sbin/pdns_server --guardian=no --daemon=no --disable-syslog --no-shuffle --log-timestamp=no --write-pid=no
(root,99932,2244,00:00:00/323-09:52:39,22579) /opt/veeam/deployment/veeamdeploymentsvc --run-service
(root,391024,30704,00:00:22/323-09:52:39,22581) /opt/veeam/deployment/veeamdeploymentsvc --service-process 9:8
(veeam-cd,601912,15316,01:17:08/323-09:52:39,22583) /opt/veeam/deployment/veeamdeploymentsvc --vcp-subprocess 18:17

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: ens35: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether 1e:00:d2:00:05:c4 brd ff:ff:ff:ff:ff:ff
[end_iplink]

Found on 2024-12-20 00:34

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcb76c1b6ce66f06e793f105f6bdf22204e631214f9

Found public CheckMk agent:
Version: 1.5.0p7
AgentOS: linux
Hostname: master.gi-dns.com
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local

Found process list through CheckMk:
(root,191148,3828,01:34:22/335-13:21:05,1) /usr/lib/systemd/systemd --switched-root --system --deserialize 22
(root,0,0,00:00:07/335-13:21:05,2) [kthreadd]
(root,0,0,00:00:00/335-13:21:05,4) [kworker/0:0H]
(root,0,0,00:11:22/335-13:21:05,6) [ksoftirqd/0]
(root,0,0,00:01:27/335-13:21:05,7) [migration/0]
(root,0,0,00:00:00/335-13:21:05,8) [rcu_bh]
(root,0,0,10:45:59/335-13:21:05,9) [rcu_sched]
(root,0,0,00:00:00/335-13:21:05,10) [lru-add-drain]
(root,0,0,00:01:57/335-13:21:05,11) [watchdog/0]
(root,0,0,00:01:31/335-13:21:05,12) [watchdog/1]
(root,0,0,00:01:32/335-13:21:05,13) [migration/1]
(root,0,0,00:01:05/335-13:21:05,14) [ksoftirqd/1]
(root,0,0,00:00:00/335-13:21:05,16) [kworker/1:0H]
(root,0,0,00:00:00/335-13:21:05,18) [kdevtmpfs]
(root,0,0,00:00:00/335-13:21:05,19) [netns]
(root,0,0,00:00:18/335-13:21:05,20) [khungtaskd]
(root,0,0,00:00:00/335-13:21:05,21) [writeback]
(root,0,0,00:00:00/335-13:21:05,22) [kintegrityd]
(root,0,0,00:00:00/335-13:21:05,23) [bioset]
(root,0,0,00:00:00/335-13:21:05,24) [bioset]
(root,0,0,00:00:00/335-13:21:05,25) [bioset]
(root,0,0,00:00:00/335-13:21:05,26) [kblockd]
(root,0,0,00:00:00/335-13:21:05,27) [md]
(root,0,0,00:00:00/335-13:21:05,28) [edac-poller]
(root,0,0,00:00:00/335-13:21:05,29) [watchdogd]
(root,0,0,00:00:05/335-13:21:05,36) [kswapd0]
(root,0,0,00:00:00/335-13:21:05,37) [ksmd]
(root,0,0,00:01:21/335-13:21:05,38) [khugepaged]
(root,0,0,00:00:00/335-13:21:05,39) [crypto]
(root,0,0,00:00:00/335-13:21:05,47) [kthrotld]
(root,0,0,00:00:00/335-13:21:05,49) [kmpath_rdacd]
(root,0,0,00:00:00/335-13:21:05,50) [kaluad]
(root,0,0,00:00:00/335-13:21:05,51) [kpsmoused]
(root,0,0,00:00:00/335-13:21:05,53) [ipv6_addrconf]
(root,0,0,00:00:00/335-13:21:05,66) [deferwq]
(root,0,0,00:01:14/335-13:21:05,101) [kauditd]
(root,0,0,00:00:00/335-13:21:04,280) [ata_sff]
(root,0,0,00:00:00/335-13:21:04,281) [mpt_poll_0]
(root,0,0,00:00:00/335-13:21:04,282) [nfit]
(root,0,0,00:00:00/335-13:21:04,283) [mpt/0]
(root,0,0,00:00:00/335-13:21:04,311) [scsi_eh_0]
(root,0,0,00:00:00/335-13:21:04,312) [scsi_tmf_0]
(root,0,0,00:00:00/335-13:21:04,353) [scsi_eh_1]
(root,0,0,00:00:00/335-13:21:04,354) [scsi_tmf_1]
(root,0,0,00:00:00/335-13:21:04,356) [scsi_eh_2]
(root,0,0,00:00:00/335-13:21:04,357) [scsi_tmf_2]
(root,0,0,00:53:55/335-13:21:04,360) [irq/16-vmwgfx]
(root,0,0,00:00:00/335-13:21:04,365) [ttm_swap]
(root,0,0,00:00:00/335-13:21:04,374) [mpt_poll_1]
(root,0,0,00:00:00/335-13:21:04,375) [mpt/1]
(root,0,0,00:00:00/335-13:21:04,378) [scsi_eh_3]
(root,0,0,00:00:00/335-13:21:04,379) [scsi_tmf_3]
(root,0,0,00:00:00/335-13:21:04,380) [mpt_poll_2]
(root,0,0,00:00:00/335-13:21:04,381) [mpt/2]
(root,0,0,00:00:00/335-13:21:04,382) [scsi_eh_4]
(root,0,0,00:00:00/335-13:21:04,383) [scsi_tmf_4]
(root,0,0,00:00:00/335-13:21:04,384) [mpt_poll_3]
(root,0,0,00:00:00/335-13:21:04,385) [mpt/3]
(root,0,0,00:00:00/335-13:21:04,386) [scsi_eh_5]
(root,0,0,00:00:00/335-13:21:04,387) [scsi_tmf_5]
(root,0,0,00:00:00/335-13:21:04,451) [kdmflush]
(root,0,0,00:00:00/335-13:21:04,452) [bioset]
(root,0,0,00:00:00/335-13:21:03,462) [kdmflush]
(root,0,0,00:00:00/335-13:21:03,463) [bioset]
(root,0,0,00:00:00/335-13:21:03,476) [bioset]
(root,0,0,00:00:00/335-13:21:03,477) [xfsalloc]
(root,0,0,00:00:00/335-13:21:03,478) [xfs_mru_cache]
(root,0,0,00:00:00/335-13:21:03,479) [xfs-buf/dm-0]
(root,0,0,00:00:00/335-13:21:03,480) [xfs-data/dm-0]
(root,0,0,00:00:00/335-13:21:03,481) [xfs-conv/dm-0]
(root,0,0,00:00:00/335-13:21:03,482) [xfs-cil/dm-0]
(root,0,0,00:00:00/335-13:21:03,483) [xfs-reclaim/dm-]
(root,0,0,00:00:00/335-13:21:03,484) [xfs-log/dm-0]
(root,0,0,00:00:00/335-13:21:03,485) [xfs-eofblocks/d]
(root,0,0,01:54:29/335-13:21:03,486) [xfsaild/dm-0]
(root,0,0,00:01:05/335-13:21:03,487) [kworker/0:1H]
(root,55956,17372,00:26:23/335-13:21:00,567) /usr/lib/systemd/systemd-journald
(root,198568,1396,00:00:03/335-13:21:00,587) /usr/sbin/lvmetad -f
(root,44800,1536,00:00:01/335-13:21:00,600) /usr/lib/systemd/systemd-udevd
(root,0,0,00:00:00/335-13:20:59,729) [xfs-buf/sda1]
(root,0,0,00:00:00/335-13:20:59,730) [xfs-data/sda1]
(root,0,0,00:00:00/335-13:20:59,731) [xfs-conv/sda1]
(root,0,0,00:00:00/335-13:20:59,732) [xfs-cil/sda1]
(root,0,0,00:00:00/335-13:20:59,733) [xfs-reclaim/sda]
(root,0,0,00:00:00/335-13:20:59,734) [xfs-log/sda1]
(root,0,0,00:00:00/335-13:20:59,735) [xfs-eofblocks/s]
(root,0,0,00:00:04/335-13:20:59,744) [xfsaild/sda1]
(root,0,0,00:01:03/335-13:20:59,768) [kworker/1:1H]
(root,55528,764,00:06:19/335-13:20:59,769) /sbin/auditd
(root,99684,3748,00:00:00/335-13:20:58,791) /usr/bin/VGAuthService -s
(root,305176,4696,04:58:07/335-13:20:58,792) /usr/bin/vmtoolsd
(polkitd,612372,9436,00:00:17/335-13:20:58,797) /usr/lib/polkit-1/polkitd --no-debug
(root,21684,1072,00:17:10/335-13:20:58,805) /usr/sbin/irqbalance --foreground
(root,26380,1564,00:02:30/335-13:20:58,839) /usr/lib/systemd/systemd-logind
(dbus,58236,2064,00:07:07/335-13:20:58,840) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation
(ntp,25728,1656,00:04:16/335-13:20:58,851) /usr/sbin/ntpd -u ntp:ntp -g
(root,476344,8552,00:06:54/335-13:20:58,858) /usr/sbin/NetworkManager --no-daemon
(root,126288,1572,00:00:45/335-13:20:58,862) /usr/sbin/crond -n
(root,110108,804,00:00:00/335-13:20:58,865) /sbin/agetty --noclear tty1 linux
(root,218220,18720,01:23:47/335-13:20:57,1120) /opt/web/powerdns-admin/flask/bin/python3 /opt/web/powerdns-admin/flask/bin/gunicorn --workers 2 --bind unix:/opt/web/powerdns-admin/powerdns-admin.sock app:app
(root,470344,13300,00:32:39/335-13:20:57,1122) /usr/sbin/rsyslogd -n
(root,574200,17260,00:54:34/335-13:20:57,1123) /usr/bin/python2 -Es /usr/sbin/tuned -l -P
(root,112920,4356,00:07:22/335-13:20:57,1126) /usr/sbin/sshd -D
(root,27168,876,00:00:00/335-13:20:57,1160) /usr/sbin/xinetd -stayalive -pidfile /var/run/xinetd.pid
(mysql,1768440,169460,04:33:14/335-13:20:57,1226) /usr/sbin/mysqld
(root,57040,3040,00:00:02/335-13:20:57,1237) nginx: master process /usr/sbin/nginx -c /etc/nginx/nginx.conf
(root,0,0,00:00:10/95-08:23:14,1263) [veeamsnap_log]
(root,0,0,00:00:00/95-08:23:14,1264) [bioset]
(root,0,0,00:00:00/95-08:23:14,1266) [bioset]
(root,0,0,00:00:00/95-08:23:14,1267) [bioset]
(root,1307460,744748,1-02:22:20/335-13:20:56,1334) /usr/bin/python2 -s /usr/bin/fail2ban-server -s /var/run/fail2ban/fail2ban.sock -p /var/run/fail2ban/fail2ban.pid -x -b
(root,90356,2252,00:01:31/335-13:20:56,1412) /usr/libexec/postfix/master -w
(postfix,90636,4360,00:00:22/335-13:20:56,1452) qmgr -l -t unix -u
(root,1194016,29984,00:21:49/96-06:46:26,5783) /opt/veeam/transport/veeamtransport --run-service
(root,104896,3036,00:00:00/96-06:46:26,5790) /opt/veeam/transport/veeamtransport --run-environmentsvc 7:6
(root,168292,2192,00:17:53/96-06:46:25,5803) /opt/veeam/transport/veeamimmureposvc --subprocess --log /var/log/VeeamBackup --maxLogSize 15728640 --stdio 10:7
(root,1627728,59296,00:20:50/96-06:46:00,6189) /usr/sbin/veeamworker --pidfile /var/run/veeamservice.pid --daemon
(root,0,0,00:00:00/335-08:16:59,12620) [cifsiod]
(root,0,0,00:00:00/335-08:16:59,12621) [cifsoplockd]
(root,415200,121192,00:10:57/282-08:36:46,14055) /opt/web/powerdns-admin/flask/bin/python3 /opt/web/powerdns-admin/flask/bin/gunicorn --workers 2 --bind unix:/opt/web/powerdns-admin/powerdns-admin.sock app:app
(root,363964,69952,00:10:39/282-08:36:46,14056) /opt/web/powerdns-admin/flask/bin/python3 /opt/web/powerdns-admin/flask/bin/gunicorn --workers 2 --bind unix:/opt/web/powerdns-admin/powerdns-admin.sock app:app
(pdns,1374876,26412,01:00:09/211-14:35:57,20510) /usr/sbin/pdns_server --guardian=no --daemon=no --disable-syslog --no-shuffle --log-timestamp=no --write-pid=no
(root,99932,2244,00:00:00/321-11:04:52,22579) /opt/veeam/deployment/veeamdeploymentsvc --run-service
(root,391024,30704,00:00:22/321-11:04:52,22581) /opt/veeam/deployment/veeamdeploymentsvc --service-process 9:8
(veeam-cd,601912,15316,01:16:37/321-11:04:52,22583) /opt/veeam/deployment/veeamdeploymentsvc --vcp-subprocess 18:17
(postfix,90460,4172,00:00:00/59:09,23513) pickup -l -t unix -u
(nginx,57472,2544,00:00:00/22:47:05,23822) nginx: worker process
(root,0,0,00:00:00/46:05,24847) [kworker/1:2]
(root,0,0,00:00:00/24:29,26990) [kworker/u4:1]
(root,0,0,00:00:00/05:46:06,27511) [kworker/1:0]
(root,0,0,00:00:00/16:20,27764) [kworker/0:3]
(root,0,0,00:00:00/16:16,27769) [kworker/u4:2]
(root,0,0,00:00:00/08:19,28561) [kworker/0:2]
(root,0,0,00:00:00/03:18,29036) [kworker/0:0]
(root,0,0,00:00:00/02:01,29238) [kworker/u4:0]
(root,158804,5316,00:00:00/01:57,29241) sshd: unknown [priv]
(sshd,112920,2228,00:00:00/01:57,29242) sshd: unknown [net]
(root,112920,4284,00:00:00/00:49,29336) sshd: [accepted]
(root,0,0,00:00:00/00:17,29345) [kworker/0:1]
(root,113192,1584,00:00:00/00:00,29603) /bin/bash /usr/bin/check_mk_agent
(root,51752,1680,00:00:00/00:00,29619) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000
(root,13324,928,00:00:00/00:00,29620) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) /

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: ens35: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether 1e:00:d2:00:05:c4 brd ff:ff:ff:ff:ff:ff
[end_iplink]

Found on 2024-12-18 01:47

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcb76c1b6ce66f06e793f105f6bdf22204ef6209cfa

Found public CheckMk agent:
Version: 1.5.0p7
AgentOS: linux
Hostname: master.gi-dns.com
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local

Found process list through CheckMk:
(root,191148,3828,01:33:35/333-11:27:08,1) /usr/lib/systemd/systemd --switched-root --system --deserialize 22
(root,0,0,00:00:07/333-11:27:08,2) [kthreadd]
(root,0,0,00:00:00/333-11:27:08,4) [kworker/0:0H]
(root,0,0,00:11:18/333-11:27:08,6) [ksoftirqd/0]
(root,0,0,00:01:27/333-11:27:08,7) [migration/0]
(root,0,0,00:00:00/333-11:27:08,8) [rcu_bh]
(root,0,0,10:42:14/333-11:27:08,9) [rcu_sched]
(root,0,0,00:00:00/333-11:27:08,10) [lru-add-drain]
(root,0,0,00:01:56/333-11:27:08,11) [watchdog/0]
(root,0,0,00:01:30/333-11:27:08,12) [watchdog/1]
(root,0,0,00:01:31/333-11:27:08,13) [migration/1]
(root,0,0,00:01:04/333-11:27:08,14) [ksoftirqd/1]
(root,0,0,00:00:00/333-11:27:08,16) [kworker/1:0H]
(root,0,0,00:00:00/333-11:27:08,18) [kdevtmpfs]
(root,0,0,00:00:00/333-11:27:08,19) [netns]
(root,0,0,00:00:18/333-11:27:08,20) [khungtaskd]
(root,0,0,00:00:00/333-11:27:08,21) [writeback]
(root,0,0,00:00:00/333-11:27:08,22) [kintegrityd]
(root,0,0,00:00:00/333-11:27:08,23) [bioset]
(root,0,0,00:00:00/333-11:27:08,24) [bioset]
(root,0,0,00:00:00/333-11:27:08,25) [bioset]
(root,0,0,00:00:00/333-11:27:08,26) [kblockd]
(root,0,0,00:00:00/333-11:27:08,27) [md]
(root,0,0,00:00:00/333-11:27:08,28) [edac-poller]
(root,0,0,00:00:00/333-11:27:08,29) [watchdogd]
(root,0,0,00:00:04/333-11:27:08,36) [kswapd0]
(root,0,0,00:00:00/333-11:27:08,37) [ksmd]
(root,0,0,00:01:20/333-11:27:08,38) [khugepaged]
(root,0,0,00:00:00/333-11:27:08,39) [crypto]
(root,0,0,00:00:00/333-11:27:08,47) [kthrotld]
(root,0,0,00:00:00/333-11:27:08,49) [kmpath_rdacd]
(root,0,0,00:00:00/333-11:27:08,50) [kaluad]
(root,0,0,00:00:00/333-11:27:08,51) [kpsmoused]
(root,0,0,00:00:00/333-11:27:08,53) [ipv6_addrconf]
(root,0,0,00:00:00/333-11:27:08,66) [deferwq]
(root,0,0,00:01:13/333-11:27:08,101) [kauditd]
(root,0,0,00:00:00/333-11:27:07,280) [ata_sff]
(root,0,0,00:00:00/333-11:27:07,281) [mpt_poll_0]
(root,0,0,00:00:00/333-11:27:07,282) [nfit]
(root,0,0,00:00:00/333-11:27:07,283) [mpt/0]
(root,0,0,00:00:00/333-11:27:07,311) [scsi_eh_0]
(root,0,0,00:00:00/333-11:27:07,312) [scsi_tmf_0]
(root,0,0,00:00:00/333-11:27:07,353) [scsi_eh_1]
(root,0,0,00:00:00/333-11:27:07,354) [scsi_tmf_1]
(root,0,0,00:00:00/333-11:27:07,356) [scsi_eh_2]
(root,0,0,00:00:00/333-11:27:07,357) [scsi_tmf_2]
(root,0,0,00:53:36/333-11:27:07,360) [irq/16-vmwgfx]
(root,0,0,00:00:00/333-11:27:07,365) [ttm_swap]
(root,0,0,00:00:00/333-11:27:07,374) [mpt_poll_1]
(root,0,0,00:00:00/333-11:27:07,375) [mpt/1]
(root,0,0,00:00:00/333-11:27:07,378) [scsi_eh_3]
(root,0,0,00:00:00/333-11:27:07,379) [scsi_tmf_3]
(root,0,0,00:00:00/333-11:27:07,380) [mpt_poll_2]
(root,0,0,00:00:00/333-11:27:07,381) [mpt/2]
(root,0,0,00:00:00/333-11:27:07,382) [scsi_eh_4]
(root,0,0,00:00:00/333-11:27:07,383) [scsi_tmf_4]
(root,0,0,00:00:00/333-11:27:07,384) [mpt_poll_3]
(root,0,0,00:00:00/333-11:27:07,385) [mpt/3]
(root,0,0,00:00:00/333-11:27:07,386) [scsi_eh_5]
(root,0,0,00:00:00/333-11:27:07,387) [scsi_tmf_5]
(root,0,0,00:00:00/333-11:27:07,451) [kdmflush]
(root,0,0,00:00:00/333-11:27:07,452) [bioset]
(root,0,0,00:00:00/333-11:27:06,462) [kdmflush]
(root,0,0,00:00:00/333-11:27:06,463) [bioset]
(root,0,0,00:00:00/333-11:27:06,476) [bioset]
(root,0,0,00:00:00/333-11:27:06,477) [xfsalloc]
(root,0,0,00:00:00/333-11:27:06,478) [xfs_mru_cache]
(root,0,0,00:00:00/333-11:27:06,479) [xfs-buf/dm-0]
(root,0,0,00:00:00/333-11:27:06,480) [xfs-data/dm-0]
(root,0,0,00:00:00/333-11:27:06,481) [xfs-conv/dm-0]
(root,0,0,00:00:00/333-11:27:06,482) [xfs-cil/dm-0]
(root,0,0,00:00:00/333-11:27:06,483) [xfs-reclaim/dm-]
(root,0,0,00:00:00/333-11:27:06,484) [xfs-log/dm-0]
(root,0,0,00:00:00/333-11:27:06,485) [xfs-eofblocks/d]
(root,0,0,01:53:44/333-11:27:06,486) [xfsaild/dm-0]
(root,0,0,00:01:04/333-11:27:06,487) [kworker/0:1H]
(root,55948,20312,00:26:11/333-11:27:03,567) /usr/lib/systemd/systemd-journald
(root,198568,1392,00:00:03/333-11:27:03,587) /usr/sbin/lvmetad -f
(root,44800,1536,00:00:01/333-11:27:03,600) /usr/lib/systemd/systemd-udevd
(root,0,0,00:00:00/333-11:27:02,729) [xfs-buf/sda1]
(root,0,0,00:00:00/333-11:27:02,730) [xfs-data/sda1]
(root,0,0,00:00:00/333-11:27:02,731) [xfs-conv/sda1]
(root,0,0,00:00:00/333-11:27:02,732) [xfs-cil/sda1]
(root,0,0,00:00:00/333-11:27:02,733) [xfs-reclaim/sda]
(root,0,0,00:00:00/333-11:27:02,734) [xfs-log/sda1]
(root,0,0,00:00:00/333-11:27:02,735) [xfs-eofblocks/s]
(root,0,0,00:00:04/333-11:27:02,744) [xfsaild/sda1]
(root,0,0,00:01:02/333-11:27:02,768) [kworker/1:1H]
(root,55528,764,00:06:16/333-11:27:02,769) /sbin/auditd
(root,99684,3956,00:00:00/333-11:27:01,791) /usr/bin/VGAuthService -s
(root,305176,4944,04:56:06/333-11:27:01,792) /usr/bin/vmtoolsd
(polkitd,612372,9468,00:00:17/333-11:27:01,797) /usr/lib/polkit-1/polkitd --no-debug
(root,21684,1072,00:17:03/333-11:27:01,805) /usr/sbin/irqbalance --foreground
(root,26380,1564,00:02:29/333-11:27:01,839) /usr/lib/systemd/systemd-logind
(dbus,58236,2064,00:07:04/333-11:27:01,840) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation
(nginx,57480,2544,00:00:00/20:53:09,841) nginx: worker process
(ntp,25728,1764,00:04:15/333-11:27:01,851) /usr/sbin/ntpd -u ntp:ntp -g
(root,476344,8552,00:06:51/333-11:27:01,858) /usr/sbin/NetworkManager --no-daemon
(root,126288,1572,00:00:45/333-11:27:01,862) /usr/sbin/crond -n
(root,110108,804,00:00:00/333-11:27:01,865) /sbin/agetty --noclear tty1 linux
(root,218220,18720,01:23:15/333-11:27:00,1120) /opt/web/powerdns-admin/flask/bin/python3 /opt/web/powerdns-admin/flask/bin/gunicorn --workers 2 --bind unix:/opt/web/powerdns-admin/powerdns-admin.sock app:app
(root,470312,15260,00:32:26/333-11:27:00,1122) /usr/sbin/rsyslogd -n
(root,574200,17260,00:54:12/333-11:27:00,1123) /usr/bin/python2 -Es /usr/sbin/tuned -l -P
(root,112920,4356,00:07:18/333-11:27:00,1126) /usr/sbin/sshd -D
(root,27168,876,00:00:00/333-11:27:00,1160) /usr/sbin/xinetd -stayalive -pidfile /var/run/xinetd.pid
(mysql,1768440,169424,04:31:33/333-11:27:00,1226) /usr/sbin/mysqld
(root,57040,3040,00:00:02/333-11:27:00,1237) nginx: master process /usr/sbin/nginx -c /etc/nginx/nginx.conf
(root,0,0,00:00:10/93-06:29:17,1263) [veeamsnap_log]
(root,0,0,00:00:00/93-06:29:17,1264) [bioset]
(root,0,0,00:00:00/93-06:29:17,1266) [bioset]
(root,0,0,00:00:00/93-06:29:17,1267) [bioset]
(root,1309248,742764,1-02:12:30/333-11:26:59,1334) /usr/bin/python2 -s /usr/bin/fail2ban-server -s /var/run/fail2ban/fail2ban.sock -p /var/run/fail2ban/fail2ban.pid -x -b
(root,90356,2252,00:01:30/333-11:26:59,1412) /usr/libexec/postfix/master -w
(postfix,90636,4360,00:00:22/333-11:26:59,1452) qmgr -l -t unix -u
(root,1194016,29012,00:21:21/94-04:52:29,5783) /opt/veeam/transport/veeamtransport --run-service
(root,104896,3036,00:00:00/94-04:52:29,5790) /opt/veeam/transport/veeamtransport --run-environmentsvc 7:6
(root,168292,2192,00:17:29/94-04:52:28,5803) /opt/veeam/transport/veeamimmureposvc --subprocess --log /var/log/VeeamBackup --maxLogSize 15728640 --stdio 10:7
(root,1627728,60008,00:20:31/94-04:52:03,6189) /usr/sbin/veeamworker --pidfile /var/run/veeamservice.pid --daemon
(root,0,0,00:00:00/333-06:23:02,12620) [cifsiod]
(root,0,0,00:00:00/333-06:23:02,12621) [cifsoplockd]
(root,414944,121192,00:10:51/280-06:42:49,14055) /opt/web/powerdns-admin/flask/bin/python3 /opt/web/powerdns-admin/flask/bin/gunicorn --workers 2 --bind unix:/opt/web/powerdns-admin/powerdns-admin.sock app:app
(root,363764,69952,00:10:34/280-06:42:49,14056) /opt/web/powerdns-admin/flask/bin/python3 /opt/web/powerdns-admin/flask/bin/gunicorn --workers 2 --bind unix:/opt/web/powerdns-admin/powerdns-admin.sock app:app
(postfix,90460,4176,00:00:00/01:04:39,19076) pickup -l -t unix -u
(pdns,1374876,26880,00:59:32/209-12:42:00,20510) /usr/sbin/pdns_server --guardian=no --daemon=no --disable-syslog --no-shuffle --log-timestamp=no --write-pid=no
(root,0,0,00:00:00/38:25,21597) [kworker/u4:2]
(root,99932,2244,00:00:00/319-09:10:55,22579) /opt/veeam/deployment/veeamdeploymentsvc --run-service
(root,391024,30704,00:00:22/319-09:10:55,22581) /opt/veeam/deployment/veeamdeploymentsvc --service-process 9:8
(veeam-cd,601912,15316,01:16:05/319-09:10:55,22583) /opt/veeam/deployment/veeamdeploymentsvc --vcp-subprocess 18:17
(root,0,0,00:00:25/05:52:54,23251) [kworker/0:0]
(root,0,0,00:00:00/16:24,23670) [kworker/1:1]
(root,0,0,00:00:00/15:53,23770) [kworker/u4:0]
(root,0,0,00:00:00/10:53,24229) [kworker/1:0]
(root,0,0,00:00:00/06:41,24603) [kworker/0:2]
(root,0,0,00:00:00/01:40,25065) [kworker/0:1]
(root,0,0,00:00:00/00:22,25159) [kworker/1:2]
(root,113320,1672,00:00:00/00:00,25249) /bin/bash /usr/bin/check_mk_agent
(root,113320,1624,00:00:00/00:00,25289) /bin/bash /usr/bin/check_mk_agent
(root,113192,1584,00:00:00/00:00,25340) /bin/bash /usr/bin/check_mk_agent
(root,51752,1680,00:00:00/00:00,25388) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000
(root,13324,928,00:00:00/00:00,25389) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) /

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: ens35: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether 1e:00:d2:00:05:c4 brd ff:ff:ff:ff:ff:ff
[end_iplink]

Found on 2024-12-15 23:53

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcb76c1b6ce66f06e793f105f6bdf22204ebcaf3fd1

Found public CheckMk agent:
Version: 1.5.0p7
AgentOS: linux
Hostname: master.gi-dns.com
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local

Found process list through CheckMk:
(root,191148,3828,01:32:50/331-11:39:00,1) /usr/lib/systemd/systemd --switched-root --system --deserialize 22
(root,0,0,00:00:07/331-11:39:00,2) [kthreadd]
(root,0,0,00:00:00/331-11:39:00,4) [kworker/0:0H]
(root,0,0,00:11:15/331-11:39:00,6) [ksoftirqd/0]
(root,0,0,00:01:26/331-11:39:00,7) [migration/0]
(root,0,0,00:00:00/331-11:39:00,8) [rcu_bh]
(root,0,0,10:38:54/331-11:39:00,9) [rcu_sched]
(root,0,0,00:00:00/331-11:39:00,10) [lru-add-drain]
(root,0,0,00:01:55/331-11:39:00,11) [watchdog/0]
(root,0,0,00:01:30/331-11:39:00,12) [watchdog/1]
(root,0,0,00:01:31/331-11:39:00,13) [migration/1]
(root,0,0,00:01:04/331-11:39:00,14) [ksoftirqd/1]
(root,0,0,00:00:00/331-11:39:00,16) [kworker/1:0H]
(root,0,0,00:00:00/331-11:39:00,18) [kdevtmpfs]
(root,0,0,00:00:00/331-11:39:00,19) [netns]
(root,0,0,00:00:18/331-11:39:00,20) [khungtaskd]
(root,0,0,00:00:00/331-11:39:00,21) [writeback]
(root,0,0,00:00:00/331-11:39:00,22) [kintegrityd]
(root,0,0,00:00:00/331-11:39:00,23) [bioset]
(root,0,0,00:00:00/331-11:39:00,24) [bioset]
(root,0,0,00:00:00/331-11:39:00,25) [bioset]
(root,0,0,00:00:00/331-11:39:00,26) [kblockd]
(root,0,0,00:00:00/331-11:39:00,27) [md]
(root,0,0,00:00:00/331-11:39:00,28) [edac-poller]
(root,0,0,00:00:00/331-11:39:00,29) [watchdogd]
(root,0,0,00:00:04/331-11:39:00,36) [kswapd0]
(root,0,0,00:00:00/331-11:39:00,37) [ksmd]
(root,0,0,00:01:20/331-11:39:00,38) [khugepaged]
(root,0,0,00:00:00/331-11:39:00,39) [crypto]
(root,0,0,00:00:00/331-11:39:00,47) [kthrotld]
(root,0,0,00:00:00/331-11:39:00,49) [kmpath_rdacd]
(root,0,0,00:00:00/331-11:39:00,50) [kaluad]
(root,0,0,00:00:00/331-11:39:00,51) [kpsmoused]
(root,0,0,00:00:00/331-11:39:00,53) [ipv6_addrconf]
(root,0,0,00:00:00/331-11:39:00,66) [deferwq]
(root,0,0,00:01:13/331-11:39:00,101) [kauditd]
(root,0,0,00:00:00/331-11:38:59,280) [ata_sff]
(root,0,0,00:00:00/331-11:38:59,281) [mpt_poll_0]
(root,0,0,00:00:00/331-11:38:59,282) [nfit]
(root,0,0,00:00:00/331-11:38:59,283) [mpt/0]
(root,0,0,00:00:00/331-11:38:59,311) [scsi_eh_0]
(root,0,0,00:00:00/331-11:38:59,312) [scsi_tmf_0]
(root,0,0,00:00:00/331-11:38:59,353) [scsi_eh_1]
(root,0,0,00:00:00/331-11:38:59,354) [scsi_tmf_1]
(root,0,0,00:00:00/331-11:38:59,356) [scsi_eh_2]
(root,0,0,00:00:00/331-11:38:59,357) [scsi_tmf_2]
(root,0,0,00:53:17/331-11:38:59,360) [irq/16-vmwgfx]
(root,0,0,00:00:00/331-11:38:59,365) [ttm_swap]
(root,0,0,00:00:00/331-11:38:59,374) [mpt_poll_1]
(root,0,0,00:00:00/331-11:38:59,375) [mpt/1]
(root,0,0,00:00:00/331-11:38:59,378) [scsi_eh_3]
(root,0,0,00:00:00/331-11:38:59,379) [scsi_tmf_3]
(root,0,0,00:00:00/331-11:38:59,380) [mpt_poll_2]
(root,0,0,00:00:00/331-11:38:59,381) [mpt/2]
(root,0,0,00:00:00/331-11:38:59,382) [scsi_eh_4]
(root,0,0,00:00:00/331-11:38:59,383) [scsi_tmf_4]
(root,0,0,00:00:00/331-11:38:59,384) [mpt_poll_3]
(root,0,0,00:00:00/331-11:38:59,385) [mpt/3]
(root,0,0,00:00:00/331-11:38:59,386) [scsi_eh_5]
(root,0,0,00:00:00/331-11:38:59,387) [scsi_tmf_5]
(root,0,0,00:00:00/331-11:38:59,451) [kdmflush]
(root,0,0,00:00:00/331-11:38:59,452) [bioset]
(root,0,0,00:00:00/331-11:38:58,462) [kdmflush]
(root,0,0,00:00:00/331-11:38:58,463) [bioset]
(root,0,0,00:00:00/331-11:38:58,476) [bioset]
(root,0,0,00:00:00/331-11:38:58,477) [xfsalloc]
(root,0,0,00:00:00/331-11:38:58,478) [xfs_mru_cache]
(root,0,0,00:00:00/331-11:38:58,479) [xfs-buf/dm-0]
(root,0,0,00:00:00/331-11:38:58,480) [xfs-data/dm-0]
(root,0,0,00:00:00/331-11:38:58,481) [xfs-conv/dm-0]
(root,0,0,00:00:00/331-11:38:58,482) [xfs-cil/dm-0]
(root,0,0,00:00:00/331-11:38:58,483) [xfs-reclaim/dm-]
(root,0,0,00:00:00/331-11:38:58,484) [xfs-log/dm-0]
(root,0,0,00:00:00/331-11:38:58,485) [xfs-eofblocks/d]
(root,0,0,01:53:01/331-11:38:58,486) [xfsaild/dm-0]
(root,0,0,00:01:04/331-11:38:58,487) [kworker/0:1H]
(root,0,0,00:00:00/01:04:01,505) [kworker/1:0]
(root,47756,10392,00:26:01/331-11:38:55,567) /usr/lib/systemd/systemd-journald
(root,198568,1396,00:00:03/331-11:38:55,587) /usr/sbin/lvmetad -f
(root,44800,1536,00:00:01/331-11:38:55,600) /usr/lib/systemd/systemd-udevd
(root,0,0,00:00:00/331-11:38:54,729) [xfs-buf/sda1]
(root,0,0,00:00:00/331-11:38:54,730) [xfs-data/sda1]
(root,0,0,00:00:00/331-11:38:54,731) [xfs-conv/sda1]
(root,0,0,00:00:00/331-11:38:54,732) [xfs-cil/sda1]
(root,0,0,00:00:00/331-11:38:54,733) [xfs-reclaim/sda]
(root,0,0,00:00:00/331-11:38:54,734) [xfs-log/sda1]
(root,0,0,00:00:00/331-11:38:54,735) [xfs-eofblocks/s]
(root,0,0,00:00:04/331-11:38:54,744) [xfsaild/sda1]
(root,0,0,00:01:02/331-11:38:54,768) [kworker/1:1H]
(root,55528,764,00:06:14/331-11:38:54,769) /sbin/auditd
(root,99684,4272,00:00:00/331-11:38:53,791) /usr/bin/VGAuthService -s
(root,305176,5104,04:54:07/331-11:38:53,792) /usr/bin/vmtoolsd
(polkitd,612372,9488,00:00:17/331-11:38:53,797) /usr/lib/polkit-1/polkitd --no-debug
(root,21684,1072,00:16:57/331-11:38:53,805) /usr/sbin/irqbalance --foreground
(root,26380,1564,00:02:28/331-11:38:53,839) /usr/lib/systemd/systemd-logind
(dbus,58236,2092,00:07:02/331-11:38:53,840) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation
(ntp,25728,1932,00:04:13/331-11:38:53,851) /usr/sbin/ntpd -u ntp:ntp -g
(root,476344,8552,00:06:48/331-11:38:53,858) /usr/sbin/NetworkManager --no-daemon
(root,126288,1572,00:00:44/331-11:38:53,862) /usr/sbin/crond -n
(root,110108,804,00:00:00/331-11:38:53,865) /sbin/agetty --noclear tty1 linux
(root,218220,18720,01:22:44/331-11:38:52,1120) /opt/web/powerdns-admin/flask/bin/python3 /opt/web/powerdns-admin/flask/bin/gunicorn --workers 2 --bind unix:/opt/web/powerdns-admin/powerdns-admin.sock app:app
(root,462260,10980,00:32:13/331-11:38:52,1122) /usr/sbin/rsyslogd -n
(root,574200,17260,00:53:51/331-11:38:52,1123) /usr/bin/python2 -Es /usr/sbin/tuned -l -P
(root,112920,4356,00:07:16/331-11:38:52,1126) /usr/sbin/sshd -D
(root,27168,876,00:00:00/331-11:38:52,1160) /usr/sbin/xinetd -stayalive -pidfile /var/run/xinetd.pid
(mysql,1768440,169220,04:29:53/331-11:38:52,1226) /usr/sbin/mysqld
(root,57040,3040,00:00:02/331-11:38:52,1237) nginx: master process /usr/sbin/nginx -c /etc/nginx/nginx.conf
(root,0,0,00:00:10/91-06:41:09,1263) [veeamsnap_log]
(root,0,0,00:00:00/91-06:41:09,1264) [bioset]
(root,0,0,00:00:00/91-06:41:09,1266) [bioset]
(root,0,0,00:00:00/91-06:41:09,1267) [bioset]
(root,1298496,735912,1-02:04:31/331-11:38:51,1334) /usr/bin/python2 -s /usr/bin/fail2ban-server -s /var/run/fail2ban/fail2ban.sock -p /var/run/fail2ban/fail2ban.pid -x -b
(root,90356,2252,00:01:30/331-11:38:51,1412) /usr/libexec/postfix/master -w
(postfix,90636,4360,00:00:21/331-11:38:51,1452) qmgr -l -t unix -u
(root,0,0,00:00:01/06:14:09,2213) [kworker/1:2]
(root,0,0,00:00:00/24:50,4341) [kworker/u4:0]
(root,0,0,00:00:00/18:02,5012) [kworker/0:2]
(root,0,0,00:00:00/10:45,5674) [kworker/u4:1]
(root,0,0,00:00:00/10:00,5768) [kworker/0:1]
(root,1194016,28960,00:20:55/92-05:04:21,5783) /opt/veeam/transport/veeamtransport --run-service
(root,104896,3036,00:00:00/92-05:04:21,5790) /opt/veeam/transport/veeamtransport --run-environmentsvc 7:6
(root,168292,2192,00:17:06/92-05:04:20,5803) /opt/veeam/transport/veeamimmureposvc --subprocess --log /var/log/VeeamBackup --maxLogSize 15728640 --stdio 10:7
(root,1627728,61312,00:20:12/92-05:03:55,6189) /usr/sbin/veeamworker --pidfile /var/run/veeamservice.pid --daemon
(root,0,0,00:00:00/01:59,6626) [kworker/0:0]
(root,0,0,00:00:00/01:51,6627) [kworker/u4:2]
(root,112920,4284,00:00:00/01:09,6719) sshd: [accepted]
(root,158804,5280,00:00:00/00:24,6811) sshd: unknown [priv]
(sshd,112920,2228,00:00:00/00:24,6812) sshd: unknown [net]
(root,158804,5280,00:00:00/00:01,6819) sshd: unknown [priv]
(sshd,112920,2224,00:00:00/00:01,6820) sshd: unknown [net]
(root,113192,1584,00:00:00/00:00,6992) /bin/bash /usr/bin/check_mk_agent
(root,51752,1680,00:00:00/00:00,7008) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000
(root,13324,928,00:00:00/00:00,7009) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) /
(nginx,57564,4060,00:00:00/21:05:00,11312) nginx: worker process
(root,0,0,00:00:00/331-06:34:54,12620) [cifsiod]
(root,0,0,00:00:00/331-06:34:54,12621) [cifsoplockd]
(root,414944,121192,00:10:48/278-06:54:41,14055) /opt/web/powerdns-admin/flask/bin/python3 /opt/web/powerdns-admin/flask/bin/gunicorn --workers 2 --bind unix:/opt/web/powerdns-admin/powerdns-admin.sock app:app
(root,363764,69952,00:10:31/278-06:54:41,14056) /opt/web/powerdns-admin/flask/bin/python3 /opt/web/powerdns-admin/flask/bin/gunicorn --workers 2 --bind unix:/opt/web/powerdns-admin/powerdns-admin.sock app:app
(pdns,1374876,26880,00:58:57/207-12:53:52,20510) /usr/sbin/pdns_server --guardian=no --daemon=no --disable-syslog --no-shuffle --log-timestamp=no --write-pid=no
(root,99932,2244,00:00:00/317-09:22:47,22579) /opt/veeam/deployment/veeamdeploymentsvc --run-service
(root,391024,30704,00:00:22/317-09:22:47,22581) /opt/veeam/deployment/veeamdeploymentsvc --service-process 9:8
(veeam-cd,601912,15316,01:15:33/317-09:22:47,22583) /opt/veeam/deployment/veeamdeploymentsvc --vcp-subprocess 18:17
(postfix,90460,4176,00:00:00/01:35:57,29869) pickup -l -t unix -u

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: ens35: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether 1e:00:d2:00:05:c4 brd ff:ff:ff:ff:ff:ff
[end_iplink]

Found on 2024-12-14 00:05

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcb76c1b6ce66f06e793f105f6bdf22204eb3516887

Found public CheckMk agent:
Version: 1.5.0p7
AgentOS: linux
Hostname: master.gi-dns.com
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local

Found process list through CheckMk:
(root,191148,3828,01:32:06/329-12:38:55,1) /usr/lib/systemd/systemd --switched-root --system --deserialize 22
(root,0,0,00:00:07/329-12:38:55,2) [kthreadd]
(root,0,0,00:00:00/329-12:38:55,4) [kworker/0:0H]
(root,0,0,00:11:12/329-12:38:55,6) [ksoftirqd/0]
(root,0,0,00:01:26/329-12:38:55,7) [migration/0]
(root,0,0,00:00:00/329-12:38:55,8) [rcu_bh]
(root,0,0,10:35:37/329-12:38:55,9) [rcu_sched]
(root,0,0,00:00:00/329-12:38:55,10) [lru-add-drain]
(root,0,0,00:01:55/329-12:38:55,11) [watchdog/0]
(root,0,0,00:01:29/329-12:38:55,12) [watchdog/1]
(root,0,0,00:01:30/329-12:38:55,13) [migration/1]
(root,0,0,00:01:04/329-12:38:55,14) [ksoftirqd/1]
(root,0,0,00:00:00/329-12:38:55,16) [kworker/1:0H]
(root,0,0,00:00:00/329-12:38:55,18) [kdevtmpfs]
(root,0,0,00:00:00/329-12:38:55,19) [netns]
(root,0,0,00:00:18/329-12:38:55,20) [khungtaskd]
(root,0,0,00:00:00/329-12:38:55,21) [writeback]
(root,0,0,00:00:00/329-12:38:55,22) [kintegrityd]
(root,0,0,00:00:00/329-12:38:55,23) [bioset]
(root,0,0,00:00:00/329-12:38:55,24) [bioset]
(root,0,0,00:00:00/329-12:38:55,25) [bioset]
(root,0,0,00:00:00/329-12:38:55,26) [kblockd]
(root,0,0,00:00:00/329-12:38:55,27) [md]
(root,0,0,00:00:00/329-12:38:55,28) [edac-poller]
(root,0,0,00:00:00/329-12:38:55,29) [watchdogd]
(root,0,0,00:00:04/329-12:38:55,36) [kswapd0]
(root,0,0,00:00:00/329-12:38:55,37) [ksmd]
(root,0,0,00:01:19/329-12:38:55,38) [khugepaged]
(root,0,0,00:00:00/329-12:38:55,39) [crypto]
(root,0,0,00:00:00/329-12:38:55,47) [kthrotld]
(root,0,0,00:00:00/329-12:38:55,49) [kmpath_rdacd]
(root,0,0,00:00:00/329-12:38:55,50) [kaluad]
(root,0,0,00:00:00/329-12:38:55,51) [kpsmoused]
(root,0,0,00:00:00/329-12:38:55,53) [ipv6_addrconf]
(root,0,0,00:00:00/329-12:38:55,66) [deferwq]
(root,0,0,00:01:13/329-12:38:55,101) [kauditd]
(root,0,0,00:00:00/329-12:38:54,280) [ata_sff]
(root,0,0,00:00:00/329-12:38:54,281) [mpt_poll_0]
(root,0,0,00:00:00/329-12:38:54,282) [nfit]
(root,0,0,00:00:00/329-12:38:54,283) [mpt/0]
(root,0,0,00:00:00/329-12:38:54,311) [scsi_eh_0]
(root,0,0,00:00:00/329-12:38:54,312) [scsi_tmf_0]
(root,0,0,00:00:00/329-12:38:54,353) [scsi_eh_1]
(root,0,0,00:00:00/329-12:38:54,354) [scsi_tmf_1]
(root,0,0,00:00:00/329-12:38:54,356) [scsi_eh_2]
(root,0,0,00:00:00/329-12:38:54,357) [scsi_tmf_2]
(root,0,0,00:52:59/329-12:38:54,360) [irq/16-vmwgfx]
(root,0,0,00:00:00/329-12:38:54,365) [ttm_swap]
(root,0,0,00:00:00/329-12:38:54,374) [mpt_poll_1]
(root,0,0,00:00:00/329-12:38:54,375) [mpt/1]
(root,0,0,00:00:00/329-12:38:54,378) [scsi_eh_3]
(root,0,0,00:00:00/329-12:38:54,379) [scsi_tmf_3]
(root,0,0,00:00:00/329-12:38:54,380) [mpt_poll_2]
(root,0,0,00:00:00/329-12:38:54,381) [mpt/2]
(root,0,0,00:00:00/329-12:38:54,382) [scsi_eh_4]
(root,0,0,00:00:00/329-12:38:54,383) [scsi_tmf_4]
(root,0,0,00:00:00/329-12:38:54,384) [mpt_poll_3]
(root,0,0,00:00:00/329-12:38:54,385) [mpt/3]
(root,0,0,00:00:00/329-12:38:54,386) [scsi_eh_5]
(root,0,0,00:00:00/329-12:38:54,387) [scsi_tmf_5]
(root,0,0,00:00:00/329-12:38:54,451) [kdmflush]
(root,0,0,00:00:00/329-12:38:54,452) [bioset]
(root,0,0,00:00:00/329-12:38:53,462) [kdmflush]
(root,0,0,00:00:00/329-12:38:53,463) [bioset]
(root,0,0,00:00:00/329-12:38:53,476) [bioset]
(root,0,0,00:00:00/329-12:38:53,477) [xfsalloc]
(root,0,0,00:00:00/329-12:38:53,478) [xfs_mru_cache]
(root,0,0,00:00:00/329-12:38:53,479) [xfs-buf/dm-0]
(root,0,0,00:00:00/329-12:38:53,480) [xfs-data/dm-0]
(root,0,0,00:00:00/329-12:38:53,481) [xfs-conv/dm-0]
(root,0,0,00:00:00/329-12:38:53,482) [xfs-cil/dm-0]
(root,0,0,00:00:00/329-12:38:53,483) [xfs-reclaim/dm-]
(root,0,0,00:00:00/329-12:38:53,484) [xfs-log/dm-0]
(root,0,0,00:00:00/329-12:38:53,485) [xfs-eofblocks/d]
(root,0,0,01:52:18/329-12:38:53,486) [xfsaild/dm-0]
(root,0,0,00:01:04/329-12:38:53,487) [kworker/0:1H]
(root,55932,19340,00:25:50/329-12:38:50,567) /usr/lib/systemd/systemd-journald
(root,198568,1396,00:00:03/329-12:38:50,587) /usr/sbin/lvmetad -f
(root,44800,1536,00:00:01/329-12:38:50,600) /usr/lib/systemd/systemd-udevd
(root,0,0,00:00:00/329-12:38:49,729) [xfs-buf/sda1]
(root,0,0,00:00:00/329-12:38:49,730) [xfs-data/sda1]
(root,0,0,00:00:00/329-12:38:49,731) [xfs-conv/sda1]
(root,0,0,00:00:00/329-12:38:49,732) [xfs-cil/sda1]
(root,0,0,00:00:00/329-12:38:49,733) [xfs-reclaim/sda]
(root,0,0,00:00:00/329-12:38:49,734) [xfs-log/sda1]
(root,0,0,00:00:00/329-12:38:49,735) [xfs-eofblocks/s]
(root,0,0,00:00:04/329-12:38:49,744) [xfsaild/sda1]
(root,0,0,00:01:01/329-12:38:49,768) [kworker/1:1H]
(root,55528,764,00:06:11/329-12:38:49,769) /sbin/auditd
(root,99684,4272,00:00:00/329-12:38:48,791) /usr/bin/VGAuthService -s
(root,305176,5104,04:52:10/329-12:38:48,792) /usr/bin/vmtoolsd
(polkitd,612372,9488,00:00:17/329-12:38:48,797) /usr/lib/polkit-1/polkitd --no-debug
(root,21684,1072,00:16:50/329-12:38:48,805) /usr/sbin/irqbalance --foreground
(root,26380,1564,00:02:27/329-12:38:48,839) /usr/lib/systemd/systemd-logind
(dbus,58236,2092,00:06:59/329-12:38:48,840) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation
(ntp,25728,1932,00:04:11/329-12:38:48,851) /usr/sbin/ntpd -u ntp:ntp -g
(root,476344,8552,00:06:46/329-12:38:48,858) /usr/sbin/NetworkManager --no-daemon
(root,126288,1572,00:00:44/329-12:38:48,862) /usr/sbin/crond -n
(root,110108,804,00:00:00/329-12:38:48,865) /sbin/agetty --noclear tty1 linux
(root,218220,18720,01:22:13/329-12:38:47,1120) /opt/web/powerdns-admin/flask/bin/python3 /opt/web/powerdns-admin/flask/bin/gunicorn --workers 2 --bind unix:/opt/web/powerdns-admin/powerdns-admin.sock app:app
(root,470328,14488,00:32:01/329-12:38:47,1122) /usr/sbin/rsyslogd -n
(root,574200,17260,00:53:31/329-12:38:47,1123) /usr/bin/python2 -Es /usr/sbin/tuned -l -P
(root,112920,4356,00:07:12/329-12:38:47,1126) /usr/sbin/sshd -D
(root,27168,876,00:00:00/329-12:38:47,1160) /usr/sbin/xinetd -stayalive -pidfile /var/run/xinetd.pid
(mysql,1768440,169192,04:28:14/329-12:38:47,1226) /usr/sbin/mysqld
(root,57040,3040,00:00:02/329-12:38:47,1237) nginx: master process /usr/sbin/nginx -c /etc/nginx/nginx.conf
(root,0,0,00:00:09/89-07:41:04,1263) [veeamsnap_log]
(root,0,0,00:00:00/89-07:41:04,1264) [bioset]
(root,0,0,00:00:00/89-07:41:04,1266) [bioset]
(root,0,0,00:00:00/89-07:41:04,1267) [bioset]
(root,1303360,736252,1-01:56:46/329-12:38:46,1334) /usr/bin/python2 -s /usr/bin/fail2ban-server -s /var/run/fail2ban/fail2ban.sock -p /var/run/fail2ban/fail2ban.pid -x -b
(root,90356,2252,00:01:29/329-12:38:46,1412) /usr/libexec/postfix/master -w
(postfix,90636,4360,00:00:21/329-12:38:46,1452) qmgr -l -t unix -u
(root,1194016,28960,00:20:28/90-06:04:16,5783) /opt/veeam/transport/veeamtransport --run-service
(root,104896,3036,00:00:00/90-06:04:16,5790) /opt/veeam/transport/veeamtransport --run-environmentsvc 7:6
(root,168292,2192,00:16:44/90-06:04:15,5803) /opt/veeam/transport/veeamimmureposvc --subprocess --log /var/log/VeeamBackup --maxLogSize 15728640 --stdio 10:7
(root,1627728,59936,00:19:52/90-06:03:50,6189) /usr/sbin/veeamworker --pidfile /var/run/veeamservice.pid --daemon
(root,0,0,00:00:00/329-07:34:49,12620) [cifsiod]
(root,0,0,00:00:00/329-07:34:49,12621) [cifsoplockd]
(postfix,90460,4172,00:00:00/01:15:19,13649) pickup -l -t unix -u
(root,0,0,00:00:29/06:54:29,13654) [kworker/0:2]
(root,415200,121192,00:10:43/276-07:54:36,14055) /opt/web/powerdns-admin/flask/bin/python3 /opt/web/powerdns-admin/flask/bin/gunicorn --workers 2 --bind unix:/opt/web/powerdns-admin/powerdns-admin.sock app:app
(root,363764,69852,00:10:25/276-07:54:36,14056) /opt/web/powerdns-admin/flask/bin/python3 /opt/web/powerdns-admin/flask/bin/gunicorn --workers 2 --bind unix:/opt/web/powerdns-admin/powerdns-admin.sock app:app
(root,0,0,00:00:00/54:37,15628) [kworker/1:2]
(root,0,0,00:00:00/15:22,19332) [kworker/u4:0]
(root,0,0,00:00:00/09:36,19926) [kworker/u4:2]
(root,0,0,00:00:00/09:30,19927) [kworker/1:0]
(root,0,0,00:00:00/06:29,20254) [kworker/1:1]
(root,0,0,00:00:00/04:08,20466) [kworker/u4:1]
(pdns,1374876,26440,00:58:21/205-13:53:47,20510) /usr/sbin/pdns_server --guardian=no --daemon=no --disable-syslog --no-shuffle --log-timestamp=no --write-pid=no
(root,113192,1584,00:00:00/00:01,21045) /bin/bash /usr/bin/check_mk_agent
(root,51752,1684,00:00:00/00:00,21061) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000
(root,13324,928,00:00:00/00:00,21062) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) /
(nginx,57468,3968,00:00:00/22:04:56,21667) nginx: worker process
(root,99932,2244,00:00:00/315-10:22:42,22579) /opt/veeam/deployment/veeamdeploymentsvc --run-service
(root,391024,30704,00:00:21/315-10:22:42,22581) /opt/veeam/deployment/veeamdeploymentsvc --service-process 9:8
(veeam-cd,601912,15316,01:15:02/315-10:22:42,22583) /opt/veeam/deployment/veeamdeploymentsvc --vcp-subprocess 18:17
(root,0,0,00:00:00/04:03:56,30079) [kworker/0:1]

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: ens35: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether 1e:00:d2:00:05:c4 brd ff:ff:ff:ff:ff:ff
[end_iplink]

Found on 2024-12-12 01:04

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcb76c1b6ce66f06e793f105f6bdf22204e0f05ec98

Found public CheckMk agent:
Version: 1.5.0p7
AgentOS: linux
Hostname: master.gi-dns.com
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local

Found process list through CheckMk:
(root,191148,3828,01:31:21/327-12:40:50,1) /usr/lib/systemd/systemd --switched-root --system --deserialize 22
(root,0,0,00:00:07/327-12:40:50,2) [kthreadd]
(root,0,0,00:00:00/327-12:40:50,4) [kworker/0:0H]
(root,0,0,00:11:09/327-12:40:50,6) [ksoftirqd/0]
(root,0,0,00:01:25/327-12:40:50,7) [migration/0]
(root,0,0,00:00:00/327-12:40:50,8) [rcu_bh]
(root,0,0,10:32:20/327-12:40:50,9) [rcu_sched]
(root,0,0,00:00:00/327-12:40:50,10) [lru-add-drain]
(root,0,0,00:01:54/327-12:40:50,11) [watchdog/0]
(root,0,0,00:01:29/327-12:40:50,12) [watchdog/1]
(root,0,0,00:01:29/327-12:40:50,13) [migration/1]
(root,0,0,00:01:03/327-12:40:50,14) [ksoftirqd/1]
(root,0,0,00:00:00/327-12:40:50,16) [kworker/1:0H]
(root,0,0,00:00:00/327-12:40:50,18) [kdevtmpfs]
(root,0,0,00:00:00/327-12:40:50,19) [netns]
(root,0,0,00:00:18/327-12:40:50,20) [khungtaskd]
(root,0,0,00:00:00/327-12:40:50,21) [writeback]
(root,0,0,00:00:00/327-12:40:50,22) [kintegrityd]
(root,0,0,00:00:00/327-12:40:50,23) [bioset]
(root,0,0,00:00:00/327-12:40:50,24) [bioset]
(root,0,0,00:00:00/327-12:40:50,25) [bioset]
(root,0,0,00:00:00/327-12:40:50,26) [kblockd]
(root,0,0,00:00:00/327-12:40:50,27) [md]
(root,0,0,00:00:00/327-12:40:50,28) [edac-poller]
(root,0,0,00:00:00/327-12:40:50,29) [watchdogd]
(root,0,0,00:00:04/327-12:40:50,36) [kswapd0]
(root,0,0,00:00:00/327-12:40:50,37) [ksmd]
(root,0,0,00:01:19/327-12:40:50,38) [khugepaged]
(root,0,0,00:00:00/327-12:40:50,39) [crypto]
(root,0,0,00:00:00/327-12:40:50,47) [kthrotld]
(root,0,0,00:00:00/327-12:40:50,49) [kmpath_rdacd]
(root,0,0,00:00:00/327-12:40:50,50) [kaluad]
(root,0,0,00:00:00/327-12:40:50,51) [kpsmoused]
(root,0,0,00:00:00/327-12:40:50,53) [ipv6_addrconf]
(root,0,0,00:00:00/327-12:40:50,66) [deferwq]
(root,0,0,00:01:12/327-12:40:50,101) [kauditd]
(root,0,0,00:00:00/327-12:40:49,280) [ata_sff]
(root,0,0,00:00:00/327-12:40:49,281) [mpt_poll_0]
(root,0,0,00:00:00/327-12:40:49,282) [nfit]
(root,0,0,00:00:00/327-12:40:49,283) [mpt/0]
(root,0,0,00:00:00/327-12:40:49,311) [scsi_eh_0]
(root,0,0,00:00:00/327-12:40:49,312) [scsi_tmf_0]
(root,0,0,00:00:00/327-12:40:49,353) [scsi_eh_1]
(root,0,0,00:00:00/327-12:40:49,354) [scsi_tmf_1]
(root,0,0,00:00:00/327-12:40:49,356) [scsi_eh_2]
(root,0,0,00:00:00/327-12:40:49,357) [scsi_tmf_2]
(root,0,0,00:52:40/327-12:40:49,360) [irq/16-vmwgfx]
(root,0,0,00:00:00/327-12:40:49,365) [ttm_swap]
(root,0,0,00:00:00/327-12:40:49,374) [mpt_poll_1]
(root,0,0,00:00:00/327-12:40:49,375) [mpt/1]
(root,0,0,00:00:00/327-12:40:49,378) [scsi_eh_3]
(root,0,0,00:00:00/327-12:40:49,379) [scsi_tmf_3]
(root,0,0,00:00:00/327-12:40:49,380) [mpt_poll_2]
(root,0,0,00:00:00/327-12:40:49,381) [mpt/2]
(root,0,0,00:00:00/327-12:40:49,382) [scsi_eh_4]
(root,0,0,00:00:00/327-12:40:49,383) [scsi_tmf_4]
(root,0,0,00:00:00/327-12:40:49,384) [mpt_poll_3]
(root,0,0,00:00:00/327-12:40:49,385) [mpt/3]
(root,0,0,00:00:00/327-12:40:49,386) [scsi_eh_5]
(root,0,0,00:00:00/327-12:40:49,387) [scsi_tmf_5]
(root,0,0,00:00:00/327-12:40:49,451) [kdmflush]
(root,0,0,00:00:00/327-12:40:49,452) [bioset]
(root,0,0,00:00:00/327-12:40:48,462) [kdmflush]
(root,0,0,00:00:00/327-12:40:48,463) [bioset]
(root,0,0,00:00:00/327-12:40:48,476) [bioset]
(root,0,0,00:00:00/327-12:40:48,477) [xfsalloc]
(root,0,0,00:00:00/327-12:40:48,478) [xfs_mru_cache]
(root,0,0,00:00:00/327-12:40:48,479) [xfs-buf/dm-0]
(root,0,0,00:00:00/327-12:40:48,480) [xfs-data/dm-0]
(root,0,0,00:00:00/327-12:40:48,481) [xfs-conv/dm-0]
(root,0,0,00:00:00/327-12:40:48,482) [xfs-cil/dm-0]
(root,0,0,00:00:00/327-12:40:48,483) [xfs-reclaim/dm-]
(root,0,0,00:00:00/327-12:40:48,484) [xfs-log/dm-0]
(root,0,0,00:00:00/327-12:40:48,485) [xfs-eofblocks/d]
(root,0,0,01:51:36/327-12:40:48,486) [xfsaild/dm-0]
(root,0,0,00:01:03/327-12:40:48,487) [kworker/0:1H]
(root,39576,4440,00:25:38/327-12:40:45,567) /usr/lib/systemd/systemd-journald
(root,198568,1392,00:00:03/327-12:40:45,587) /usr/sbin/lvmetad -f
(root,44800,1536,00:00:01/327-12:40:45,600) /usr/lib/systemd/systemd-udevd
(root,0,0,00:00:00/327-12:40:44,729) [xfs-buf/sda1]
(root,0,0,00:00:00/327-12:40:44,730) [xfs-data/sda1]
(root,0,0,00:00:00/327-12:40:44,731) [xfs-conv/sda1]
(root,0,0,00:00:00/327-12:40:44,732) [xfs-cil/sda1]
(root,0,0,00:00:00/327-12:40:44,733) [xfs-reclaim/sda]
(root,0,0,00:00:00/327-12:40:44,734) [xfs-log/sda1]
(root,0,0,00:00:00/327-12:40:44,735) [xfs-eofblocks/s]
(root,0,0,00:00:04/327-12:40:44,744) [xfsaild/sda1]
(root,0,0,00:01:01/327-12:40:44,768) [kworker/1:1H]
(root,55528,764,00:06:08/327-12:40:44,769) /sbin/auditd
(root,99684,4272,00:00:00/327-12:40:43,791) /usr/bin/VGAuthService -s
(root,305176,5104,04:50:13/327-12:40:43,792) /usr/bin/vmtoolsd
(polkitd,612372,9488,00:00:17/327-12:40:43,797) /usr/lib/polkit-1/polkitd --no-debug
(root,21684,1072,00:16:43/327-12:40:43,805) /usr/sbin/irqbalance --foreground
(root,26380,1564,00:02:26/327-12:40:43,839) /usr/lib/systemd/systemd-logind
(dbus,58236,2092,00:06:57/327-12:40:43,840) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation
(ntp,25728,1932,00:04:10/327-12:40:43,851) /usr/sbin/ntpd -u ntp:ntp -g
(root,476344,8552,00:06:43/327-12:40:43,858) /usr/sbin/NetworkManager --no-daemon
(root,126288,1572,00:00:44/327-12:40:43,862) /usr/sbin/crond -n
(root,110108,804,00:00:00/327-12:40:43,865) /sbin/agetty --noclear tty1 linux
(root,218220,18720,01:21:41/327-12:40:42,1120) /opt/web/powerdns-admin/flask/bin/python3 /opt/web/powerdns-admin/flask/bin/gunicorn --workers 2 --bind unix:/opt/web/powerdns-admin/powerdns-admin.sock app:app
(root,454036,5968,00:31:48/327-12:40:42,1122) /usr/sbin/rsyslogd -n
(root,574200,17260,00:53:10/327-12:40:42,1123) /usr/bin/python2 -Es /usr/sbin/tuned -l -P
(root,112920,4356,00:07:09/327-12:40:42,1126) /usr/sbin/sshd -D
(root,27168,876,00:00:00/327-12:40:42,1160) /usr/sbin/xinetd -stayalive -pidfile /var/run/xinetd.pid
(mysql,1768440,169192,04:26:29/327-12:40:42,1226) /usr/sbin/mysqld
(root,57040,3040,00:00:02/327-12:40:42,1237) nginx: master process /usr/sbin/nginx -c /etc/nginx/nginx.conf
(root,0,0,00:00:09/87-07:42:59,1263) [veeamsnap_log]
(root,0,0,00:00:00/87-07:42:59,1264) [bioset]
(root,0,0,00:00:00/87-07:42:59,1266) [bioset]
(root,0,0,00:00:00/87-07:42:59,1267) [bioset]
(root,1278124,724352,1-01:47:50/327-12:40:41,1334) /usr/bin/python2 -s /usr/bin/fail2ban-server -s /var/run/fail2ban/fail2ban.sock -p /var/run/fail2ban/fail2ban.pid -x -b
(root,90356,2252,00:01:29/327-12:40:41,1412) /usr/libexec/postfix/master -w
(postfix,90636,4360,00:00:21/327-12:40:41,1452) qmgr -l -t unix -u
(root,0,0,00:01:43/1-07:07:19,2666) [kworker/0:2]
(root,1194016,28960,00:20:02/88-06:06:11,5783) /opt/veeam/transport/veeamtransport --run-service
(root,104896,3036,00:00:00/88-06:06:11,5790) /opt/veeam/transport/veeamtransport --run-environmentsvc 7:6
(root,168292,2192,00:16:21/88-06:06:10,5803) /opt/veeam/transport/veeamimmureposvc --subprocess --log /var/log/VeeamBackup --maxLogSize 15728640 --stdio 10:7
(root,1627728,59996,00:19:30/88-06:05:45,6189) /usr/sbin/veeamworker --pidfile /var/run/veeamservice.pid --daemon
(root,0,0,00:00:13/03:05:51,9148) [kworker/0:1]
(root,0,0,00:00:00/327-07:36:44,12620) [cifsiod]
(root,0,0,00:00:00/327-07:36:44,12621) [cifsoplockd]
(root,415200,121192,00:10:40/274-07:56:31,14055) /opt/web/powerdns-admin/flask/bin/python3 /opt/web/powerdns-admin/flask/bin/gunicorn --workers 2 --bind unix:/opt/web/powerdns-admin/powerdns-admin.sock app:app
(root,363764,69852,00:10:21/274-07:56:31,14056) /opt/web/powerdns-admin/flask/bin/python3 /opt/web/powerdns-admin/flask/bin/gunicorn --workers 2 --bind unix:/opt/web/powerdns-admin/powerdns-admin.sock app:app
(postfix,90460,4180,00:00:00/01:36:41,17921) pickup -l -t unix -u
(root,0,0,00:00:00/01:13:16,20253) [kworker/1:3]
(pdns,1374876,26492,00:57:45/203-13:55:42,20510) /usr/sbin/pdns_server --guardian=no --daemon=no --disable-syslog --no-shuffle --log-timestamp=no --write-pid=no
(root,99932,2244,00:00:00/313-10:24:37,22579) /opt/veeam/deployment/veeamdeploymentsvc --run-service
(root,391024,30704,00:00:21/313-10:24:37,22581) /opt/veeam/deployment/veeamdeploymentsvc --service-process 9:8
(veeam-cd,601912,15316,01:14:30/313-10:24:37,22583) /opt/veeam/deployment/veeamdeploymentsvc --vcp-subprocess 18:17
(root,0,0,00:00:00/28:31,24489) [kworker/u4:2]
(nginx,57628,3972,00:00:00/22:06:51,24705) nginx: worker process
(root,0,0,00:00:00/09:05,26280) [kworker/1:1]
(root,0,0,00:00:00/05:48,26665) [kworker/u4:1]
(root,0,0,00:00:00/04:05,26767) [kworker/1:0]
(root,0,0,00:00:00/01:04,27055) [kworker/1:2]
(root,113320,1664,00:00:00/00:00,27234) /bin/bash /usr/bin/check_mk_agent
(root,113320,1616,00:00:00/00:00,27267) /bin/bash /usr/bin/check_mk_agent
(root,113192,1588,00:00:00/00:00,27325) /bin/bash /usr/bin/check_mk_agent
(root,51752,1680,00:00:00/00:00,27371) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000
(root,13316,452,00:00:00/00:00,27372) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) /

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: ens35: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether 1e:00:d2:00:05:c4 brd ff:ff:ff:ff:ff:ff
[end_iplink]

Found on 2024-12-10 01:06

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcb76c1b6ce66f06e793f105f6bdf22204e04c86d0e

Found public CheckMk agent:
Version: 1.5.0p7
AgentOS: linux
Hostname: master.gi-dns.com
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local

Found process list through CheckMk:
(root,191148,3828,01:30:37/325-12:27:01,1) /usr/lib/systemd/systemd --switched-root --system --deserialize 22
(root,0,0,00:00:07/325-12:27:01,2) [kthreadd]
(root,0,0,00:00:00/325-12:27:01,4) [kworker/0:0H]
(root,0,0,00:11:04/325-12:27:01,6) [ksoftirqd/0]
(root,0,0,00:01:24/325-12:27:01,7) [migration/0]
(root,0,0,00:00:00/325-12:27:01,8) [rcu_bh]
(root,0,0,10:28:32/325-12:27:01,9) [rcu_sched]
(root,0,0,00:00:00/325-12:27:01,10) [lru-add-drain]
(root,0,0,00:01:53/325-12:27:01,11) [watchdog/0]
(root,0,0,00:01:28/325-12:27:01,12) [watchdog/1]
(root,0,0,00:01:29/325-12:27:01,13) [migration/1]
(root,0,0,00:01:03/325-12:27:01,14) [ksoftirqd/1]
(root,0,0,00:00:00/325-12:27:01,16) [kworker/1:0H]
(root,0,0,00:00:00/325-12:27:01,18) [kdevtmpfs]
(root,0,0,00:00:00/325-12:27:01,19) [netns]
(root,0,0,00:00:17/325-12:27:01,20) [khungtaskd]
(root,0,0,00:00:00/325-12:27:01,21) [writeback]
(root,0,0,00:00:00/325-12:27:01,22) [kintegrityd]
(root,0,0,00:00:00/325-12:27:01,23) [bioset]
(root,0,0,00:00:00/325-12:27:01,24) [bioset]
(root,0,0,00:00:00/325-12:27:01,25) [bioset]
(root,0,0,00:00:00/325-12:27:01,26) [kblockd]
(root,0,0,00:00:00/325-12:27:01,27) [md]
(root,0,0,00:00:00/325-12:27:01,28) [edac-poller]
(root,0,0,00:00:00/325-12:27:01,29) [watchdogd]
(root,0,0,00:00:04/325-12:27:01,36) [kswapd0]
(root,0,0,00:00:00/325-12:27:01,37) [ksmd]
(root,0,0,00:01:18/325-12:27:01,38) [khugepaged]
(root,0,0,00:00:00/325-12:27:01,39) [crypto]
(root,0,0,00:00:00/325-12:27:01,47) [kthrotld]
(root,0,0,00:00:00/325-12:27:01,49) [kmpath_rdacd]
(root,0,0,00:00:00/325-12:27:01,50) [kaluad]
(root,0,0,00:00:00/325-12:27:01,51) [kpsmoused]
(root,0,0,00:00:00/325-12:27:01,53) [ipv6_addrconf]
(root,0,0,00:00:00/325-12:27:01,66) [deferwq]
(root,0,0,00:01:11/325-12:27:01,101) [kauditd]
(root,0,0,00:00:00/325-12:27:00,280) [ata_sff]
(root,0,0,00:00:00/325-12:27:00,281) [mpt_poll_0]
(root,0,0,00:00:00/325-12:27:00,282) [nfit]
(root,0,0,00:00:00/325-12:27:00,283) [mpt/0]
(root,0,0,00:00:00/325-12:27:00,311) [scsi_eh_0]
(root,0,0,00:00:00/325-12:27:00,312) [scsi_tmf_0]
(root,0,0,00:00:00/325-12:27:00,353) [scsi_eh_1]
(root,0,0,00:00:00/325-12:27:00,354) [scsi_tmf_1]
(root,0,0,00:00:00/325-12:27:00,356) [scsi_eh_2]
(root,0,0,00:00:00/325-12:27:00,357) [scsi_tmf_2]
(root,0,0,00:52:21/325-12:27:00,360) [irq/16-vmwgfx]
(root,0,0,00:00:00/325-12:27:00,365) [ttm_swap]
(root,0,0,00:00:00/325-12:27:00,374) [mpt_poll_1]
(root,0,0,00:00:00/325-12:27:00,375) [mpt/1]
(root,0,0,00:00:00/325-12:27:00,378) [scsi_eh_3]
(root,0,0,00:00:00/325-12:27:00,379) [scsi_tmf_3]
(root,0,0,00:00:00/325-12:27:00,380) [mpt_poll_2]
(root,0,0,00:00:00/325-12:27:00,381) [mpt/2]
(root,0,0,00:00:00/325-12:27:00,382) [scsi_eh_4]
(root,0,0,00:00:00/325-12:27:00,383) [scsi_tmf_4]
(root,0,0,00:00:00/325-12:27:00,384) [mpt_poll_3]
(root,0,0,00:00:00/325-12:27:00,385) [mpt/3]
(root,0,0,00:00:00/325-12:27:00,386) [scsi_eh_5]
(root,0,0,00:00:00/325-12:27:00,387) [scsi_tmf_5]
(root,0,0,00:00:00/325-12:27:00,451) [kdmflush]
(root,0,0,00:00:00/325-12:27:00,452) [bioset]
(root,0,0,00:00:00/325-12:26:59,462) [kdmflush]
(root,0,0,00:00:00/325-12:26:59,463) [bioset]
(root,0,0,00:00:00/325-12:26:59,476) [bioset]
(root,0,0,00:00:00/325-12:26:59,477) [xfsalloc]
(root,0,0,00:00:00/325-12:26:59,478) [xfs_mru_cache]
(root,0,0,00:00:00/325-12:26:59,479) [xfs-buf/dm-0]
(root,0,0,00:00:00/325-12:26:59,480) [xfs-data/dm-0]
(root,0,0,00:00:00/325-12:26:59,481) [xfs-conv/dm-0]
(root,0,0,00:00:00/325-12:26:59,482) [xfs-cil/dm-0]
(root,0,0,00:00:00/325-12:26:59,483) [xfs-reclaim/dm-]
(root,0,0,00:00:00/325-12:26:59,484) [xfs-log/dm-0]
(root,0,0,00:00:00/325-12:26:59,485) [xfs-eofblocks/d]
(root,0,0,01:50:54/325-12:26:59,486) [xfsaild/dm-0]
(root,0,0,00:01:03/325-12:26:59,487) [kworker/0:1H]
(root,39564,5740,00:25:25/325-12:26:56,567) /usr/lib/systemd/systemd-journald
(root,198568,1392,00:00:03/325-12:26:56,587) /usr/sbin/lvmetad -f
(root,44800,1536,00:00:01/325-12:26:56,600) /usr/lib/systemd/systemd-udevd
(root,0,0,00:00:00/325-12:26:55,729) [xfs-buf/sda1]
(root,0,0,00:00:00/325-12:26:55,730) [xfs-data/sda1]
(root,0,0,00:00:00/325-12:26:55,731) [xfs-conv/sda1]
(root,0,0,00:00:00/325-12:26:55,732) [xfs-cil/sda1]
(root,0,0,00:00:00/325-12:26:55,733) [xfs-reclaim/sda]
(root,0,0,00:00:00/325-12:26:55,734) [xfs-log/sda1]
(root,0,0,00:00:00/325-12:26:55,735) [xfs-eofblocks/s]
(root,0,0,00:00:04/325-12:26:55,744) [xfsaild/sda1]
(root,0,0,00:01:00/325-12:26:55,768) [kworker/1:1H]
(root,55528,764,00:06:05/325-12:26:55,769) /sbin/auditd
(root,99684,4272,00:00:00/325-12:26:54,791) /usr/bin/VGAuthService -s
(root,305176,5104,04:48:16/325-12:26:54,792) /usr/bin/vmtoolsd
(polkitd,612372,9488,00:00:17/325-12:26:54,797) /usr/lib/polkit-1/polkitd --no-debug
(root,21684,1072,00:16:37/325-12:26:54,805) /usr/sbin/irqbalance --foreground
(root,26380,1564,00:02:25/325-12:26:54,839) /usr/lib/systemd/systemd-logind
(dbus,58236,2092,00:06:54/325-12:26:54,840) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation
(ntp,25728,1932,00:04:08/325-12:26:54,851) /usr/sbin/ntpd -u ntp:ntp -g
(root,476344,8552,00:06:41/325-12:26:54,858) /usr/sbin/NetworkManager --no-daemon
(root,126288,1572,00:00:44/325-12:26:54,862) /usr/sbin/crond -n
(root,110108,804,00:00:00/325-12:26:54,865) /sbin/agetty --noclear tty1 linux
(root,218220,18720,01:21:10/325-12:26:53,1120) /opt/web/powerdns-admin/flask/bin/python3 /opt/web/powerdns-admin/flask/bin/gunicorn --workers 2 --bind unix:/opt/web/powerdns-admin/powerdns-admin.sock app:app
(root,453960,7052,00:31:34/325-12:26:53,1122) /usr/sbin/rsyslogd -n
(root,574200,17260,00:52:49/325-12:26:53,1123) /usr/bin/python2 -Es /usr/sbin/tuned -l -P
(root,112920,4356,00:07:05/325-12:26:53,1126) /usr/sbin/sshd -D
(root,27168,876,00:00:00/325-12:26:53,1160) /usr/sbin/xinetd -stayalive -pidfile /var/run/xinetd.pid
(mysql,1768440,169096,04:24:46/325-12:26:53,1226) /usr/sbin/mysqld
(root,57040,3040,00:00:02/325-12:26:53,1237) nginx: master process /usr/sbin/nginx -c /etc/nginx/nginx.conf
(root,0,0,00:00:09/85-07:29:10,1263) [veeamsnap_log]
(root,0,0,00:00:00/85-07:29:10,1264) [bioset]
(root,0,0,00:00:00/85-07:29:10,1266) [bioset]
(root,0,0,00:00:00/85-07:29:10,1267) [bioset]
(root,1274028,721352,1-01:38:38/325-12:26:52,1334) /usr/bin/python2 -s /usr/bin/fail2ban-server -s /var/run/fail2ban/fail2ban.sock -p /var/run/fail2ban/fail2ban.pid -x -b
(root,90356,2252,00:01:28/325-12:26:52,1412) /usr/libexec/postfix/master -w
(postfix,90636,4360,00:00:21/325-12:26:52,1452) qmgr -l -t unix -u
(root,1194016,28960,00:19:36/86-05:52:22,5783) /opt/veeam/transport/veeamtransport --run-service
(root,104896,3036,00:00:00/86-05:52:22,5790) /opt/veeam/transport/veeamtransport --run-environmentsvc 7:6
(root,168292,2192,00:15:59/86-05:52:21,5803) /opt/veeam/transport/veeamimmureposvc --subprocess --log /var/log/VeeamBackup --maxLogSize 15728640 --stdio 10:7
(root,1627728,59288,00:18:27/86-05:51:56,6189) /usr/sbin/veeamworker --pidfile /var/run/veeamservice.pid --daemon
(root,0,0,00:00:10/1-07:06:45,7259) [kworker/1:1]
(root,0,0,00:00:00/325-07:22:55,12620) [cifsiod]
(root,0,0,00:00:00/325-07:22:55,12621) [cifsoplockd]
(root,415200,121192,00:10:30/272-07:42:42,14055) /opt/web/powerdns-admin/flask/bin/python3 /opt/web/powerdns-admin/flask/bin/gunicorn --workers 2 --bind unix:/opt/web/powerdns-admin/powerdns-admin.sock app:app
(root,363000,68796,00:10:12/272-07:42:42,14056) /opt/web/powerdns-admin/flask/bin/python3 /opt/web/powerdns-admin/flask/bin/gunicorn --workers 2 --bind unix:/opt/web/powerdns-admin/powerdns-admin.sock app:app
(pdns,1374876,26948,00:57:08/201-13:41:53,20510) /usr/sbin/pdns_server --guardian=no --daemon=no --disable-syslog --no-shuffle --log-timestamp=no --write-pid=no
(root,99932,2244,00:00:00/311-10:10:48,22579) /opt/veeam/deployment/veeamdeploymentsvc --run-service
(root,391024,30640,00:00:21/311-10:10:48,22581) /opt/veeam/deployment/veeamdeploymentsvc --service-process 9:8
(veeam-cd,601912,15316,01:13:59/311-10:10:48,22583) /opt/veeam/deployment/veeamdeploymentsvc --vcp-subprocess 18:17
(root,0,0,00:00:00/52:01,25261) [kworker/1:2]
(root,0,0,00:00:01/35:19,26865) [kworker/0:2]
(root,0,0,00:00:00/15:43,28735) [kworker/u4:0]
(root,0,0,00:00:00/11:16,29106) [kworker/0:1]
(root,0,0,00:00:00/08:02,29387) [kworker/u4:2]
(nginx,57476,2540,00:00:00/21:53:02,29747) nginx: worker process
(root,0,0,00:00:00/03:47,29870) [kworker/1:0]
(root,0,0,00:00:00/03:14,29873) [kworker/0:0]
(root,0,0,00:00:00/02:57,29875) [kworker/u4:1]
(postfix,90460,4172,00:00:00/02:18,29965) pickup -l -t unix -u
(root,161528,5832,00:00:00/01:00,30061) sshd: root [priv]
(sshd,112920,2224,00:00:00/01:00,30062) sshd: root [net]
(root,0,0,00:00:00/00:14,30156) [kworker/0:3]
(root,113320,1620,00:00:00/00:00,30211) /bin/bash /usr/bin/check_mk_agent
(root,113192,1588,00:00:00/00:00,30276) /bin/bash /usr/bin/check_mk_agent
(root,0,0,00:00:00/00:00,30311) [pgrep] <defunct>
(root,51752,1680,00:00:00/00:00,30312) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000
(root,13324,928,00:00:00/00:00,30313) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) /

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: ens35: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether 1e:00:d2:00:05:c4 brd ff:ff:ff:ff:ff:ff
[end_iplink]

Found on 2024-12-08 00:53

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcb76c1b6ce66f06e793f105f6bdf22204e05cf2c9c

Found public CheckMk agent:
Version: 1.5.0p7
AgentOS: linux
Hostname: master.gi-dns.com
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local

Found process list through CheckMk:
(root,191148,3828,01:29:52/323-12:33:03,1) /usr/lib/systemd/systemd --switched-root --system --deserialize 22
(root,0,0,00:00:07/323-12:33:03,2) [kthreadd]
(root,0,0,00:00:00/323-12:33:03,4) [kworker/0:0H]
(root,0,0,00:11:01/323-12:33:03,6) [ksoftirqd/0]
(root,0,0,00:01:24/323-12:33:03,7) [migration/0]
(root,0,0,00:00:00/323-12:33:03,8) [rcu_bh]
(root,0,0,10:25:20/323-12:33:03,9) [rcu_sched]
(root,0,0,00:00:00/323-12:33:03,10) [lru-add-drain]
(root,0,0,00:01:53/323-12:33:03,11) [watchdog/0]
(root,0,0,00:01:28/323-12:33:03,12) [watchdog/1]
(root,0,0,00:01:28/323-12:33:03,13) [migration/1]
(root,0,0,00:01:02/323-12:33:03,14) [ksoftirqd/1]
(root,0,0,00:00:00/323-12:33:03,16) [kworker/1:0H]
(root,0,0,00:00:00/323-12:33:03,18) [kdevtmpfs]
(root,0,0,00:00:00/323-12:33:03,19) [netns]
(root,0,0,00:00:17/323-12:33:03,20) [khungtaskd]
(root,0,0,00:00:00/323-12:33:03,21) [writeback]
(root,0,0,00:00:00/323-12:33:03,22) [kintegrityd]
(root,0,0,00:00:00/323-12:33:03,23) [bioset]
(root,0,0,00:00:00/323-12:33:03,24) [bioset]
(root,0,0,00:00:00/323-12:33:03,25) [bioset]
(root,0,0,00:00:00/323-12:33:03,26) [kblockd]
(root,0,0,00:00:00/323-12:33:03,27) [md]
(root,0,0,00:00:00/323-12:33:03,28) [edac-poller]
(root,0,0,00:00:00/323-12:33:03,29) [watchdogd]
(root,0,0,00:00:04/323-12:33:03,36) [kswapd0]
(root,0,0,00:00:00/323-12:33:03,37) [ksmd]
(root,0,0,00:01:18/323-12:33:03,38) [khugepaged]
(root,0,0,00:00:00/323-12:33:03,39) [crypto]
(root,0,0,00:00:00/323-12:33:03,47) [kthrotld]
(root,0,0,00:00:00/323-12:33:03,49) [kmpath_rdacd]
(root,0,0,00:00:00/323-12:33:03,50) [kaluad]
(root,0,0,00:00:00/323-12:33:03,51) [kpsmoused]
(root,0,0,00:00:00/323-12:33:03,53) [ipv6_addrconf]
(root,0,0,00:00:00/323-12:33:03,66) [deferwq]
(root,0,0,00:01:11/323-12:33:03,101) [kauditd]
(root,0,0,00:00:00/323-12:33:02,280) [ata_sff]
(root,0,0,00:00:00/323-12:33:02,281) [mpt_poll_0]
(root,0,0,00:00:00/323-12:33:02,282) [nfit]
(root,0,0,00:00:00/323-12:33:02,283) [mpt/0]
(root,0,0,00:00:00/323-12:33:02,311) [scsi_eh_0]
(root,0,0,00:00:00/323-12:33:02,312) [scsi_tmf_0]
(root,0,0,00:00:00/323-12:33:02,353) [scsi_eh_1]
(root,0,0,00:00:00/323-12:33:02,354) [scsi_tmf_1]
(root,0,0,00:00:00/323-12:33:02,356) [scsi_eh_2]
(root,0,0,00:00:00/323-12:33:02,357) [scsi_tmf_2]
(root,0,0,00:52:03/323-12:33:02,360) [irq/16-vmwgfx]
(root,0,0,00:00:00/323-12:33:02,365) [ttm_swap]
(root,0,0,00:00:00/323-12:33:02,374) [mpt_poll_1]
(root,0,0,00:00:00/323-12:33:02,375) [mpt/1]
(root,0,0,00:00:00/323-12:33:02,378) [scsi_eh_3]
(root,0,0,00:00:00/323-12:33:02,379) [scsi_tmf_3]
(root,0,0,00:00:00/323-12:33:02,380) [mpt_poll_2]
(root,0,0,00:00:00/323-12:33:02,381) [mpt/2]
(root,0,0,00:00:00/323-12:33:02,382) [scsi_eh_4]
(root,0,0,00:00:00/323-12:33:02,383) [scsi_tmf_4]
(root,0,0,00:00:00/323-12:33:02,384) [mpt_poll_3]
(root,0,0,00:00:00/323-12:33:02,385) [mpt/3]
(root,0,0,00:00:00/323-12:33:02,386) [scsi_eh_5]
(root,0,0,00:00:00/323-12:33:02,387) [scsi_tmf_5]
(root,0,0,00:00:00/323-12:33:02,451) [kdmflush]
(root,0,0,00:00:00/323-12:33:02,452) [bioset]
(root,0,0,00:00:00/323-12:33:01,462) [kdmflush]
(root,0,0,00:00:00/323-12:33:01,463) [bioset]
(root,0,0,00:00:00/323-12:33:01,476) [bioset]
(root,0,0,00:00:00/323-12:33:01,477) [xfsalloc]
(root,0,0,00:00:00/323-12:33:01,478) [xfs_mru_cache]
(root,0,0,00:00:00/323-12:33:01,479) [xfs-buf/dm-0]
(root,0,0,00:00:00/323-12:33:01,480) [xfs-data/dm-0]
(root,0,0,00:00:00/323-12:33:01,481) [xfs-conv/dm-0]
(root,0,0,00:00:00/323-12:33:01,482) [xfs-cil/dm-0]
(root,0,0,00:00:00/323-12:33:01,483) [xfs-reclaim/dm-]
(root,0,0,00:00:00/323-12:33:01,484) [xfs-log/dm-0]
(root,0,0,00:00:00/323-12:33:01,485) [xfs-eofblocks/d]
(root,0,0,01:50:10/323-12:33:01,486) [xfsaild/dm-0]
(root,0,0,00:01:02/323-12:33:01,487) [kworker/0:1H]
(root,39564,8956,00:25:13/323-12:32:58,567) /usr/lib/systemd/systemd-journald
(root,198568,1392,00:00:03/323-12:32:58,587) /usr/sbin/lvmetad -f
(root,44800,1536,00:00:01/323-12:32:58,600) /usr/lib/systemd/systemd-udevd
(root,0,0,00:00:00/323-12:32:57,729) [xfs-buf/sda1]
(root,0,0,00:00:00/323-12:32:57,730) [xfs-data/sda1]
(root,0,0,00:00:00/323-12:32:57,731) [xfs-conv/sda1]
(root,0,0,00:00:00/323-12:32:57,732) [xfs-cil/sda1]
(root,0,0,00:00:00/323-12:32:57,733) [xfs-reclaim/sda]
(root,0,0,00:00:00/323-12:32:57,734) [xfs-log/sda1]
(root,0,0,00:00:00/323-12:32:57,735) [xfs-eofblocks/s]
(root,0,0,00:00:04/323-12:32:57,744) [xfsaild/sda1]
(root,0,0,00:01:00/323-12:32:57,768) [kworker/1:1H]
(root,55528,764,00:06:02/323-12:32:57,769) /sbin/auditd
(root,99684,4356,00:00:00/323-12:32:56,791) /usr/bin/VGAuthService -s
(root,305176,5188,04:46:16/323-12:32:56,792) /usr/bin/vmtoolsd
(polkitd,612372,9488,00:00:17/323-12:32:56,797) /usr/lib/polkit-1/polkitd --no-debug
(root,21684,1072,00:16:30/323-12:32:56,805) /usr/sbin/irqbalance --foreground
(root,26380,1564,00:02:24/323-12:32:56,839) /usr/lib/systemd/systemd-logind
(dbus,58236,2092,00:06:52/323-12:32:56,840) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation
(ntp,25728,1932,00:04:07/323-12:32:56,851) /usr/sbin/ntpd -u ntp:ntp -g
(root,476344,8552,00:06:38/323-12:32:56,858) /usr/sbin/NetworkManager --no-daemon
(root,126288,1572,00:00:43/323-12:32:56,862) /usr/sbin/crond -n
(root,110108,804,00:00:00/323-12:32:56,865) /sbin/agetty --noclear tty1 linux
(root,218220,18720,01:20:38/323-12:32:55,1120) /opt/web/powerdns-admin/flask/bin/python3 /opt/web/powerdns-admin/flask/bin/gunicorn --workers 2 --bind unix:/opt/web/powerdns-admin/powerdns-admin.sock app:app
(root,453948,9976,00:31:21/323-12:32:55,1122) /usr/sbin/rsyslogd -n
(root,574200,17260,00:52:29/323-12:32:55,1123) /usr/bin/python2 -Es /usr/sbin/tuned -l -P
(root,112920,4356,00:07:01/323-12:32:55,1126) /usr/sbin/sshd -D
(root,27168,876,00:00:00/323-12:32:55,1160) /usr/sbin/xinetd -stayalive -pidfile /var/run/xinetd.pid
(mysql,1768440,169096,04:23:10/323-12:32:55,1226) /usr/sbin/mysqld
(root,57040,3040,00:00:02/323-12:32:55,1237) nginx: master process /usr/sbin/nginx -c /etc/nginx/nginx.conf
(root,0,0,00:00:09/83-07:35:12,1263) [veeamsnap_log]
(root,0,0,00:00:00/83-07:35:12,1264) [bioset]
(root,0,0,00:00:00/83-07:35:12,1266) [bioset]
(root,0,0,00:00:00/83-07:35:12,1267) [bioset]
(root,1266708,721452,1-01:30:29/323-12:32:54,1334) /usr/bin/python2 -s /usr/bin/fail2ban-server -s /var/run/fail2ban/fail2ban.sock -p /var/run/fail2ban/fail2ban.pid -x -b
(root,90356,2252,00:01:28/323-12:32:54,1412) /usr/libexec/postfix/master -w
(postfix,90636,4360,00:00:21/323-12:32:54,1452) qmgr -l -t unix -u
(root,0,0,00:00:00/30:08,3200) [kworker/u4:2]
(postfix,90460,4176,00:00:00/27:42,3405) pickup -l -t unix -u
(root,0,0,00:00:00/22:01,3985) [kworker/1:2]
(root,0,0,00:00:00/13:46,4776) [kworker/u4:1]
(root,0,0,00:00:00/11:30,4980) [kworker/1:0]
(root,0,0,00:00:00/06:57,5449) [kworker/0:0]
(root,0,0,00:00:00/05:59,5539) [kworker/1:1]
(nginx,57572,3992,00:00:00/21:59:04,5741) nginx: worker process
(root,1194016,28852,00:19:08/84-05:58:24,5783) /opt/veeam/transport/veeamtransport --run-service
(root,104896,3036,00:00:00/84-05:58:24,5790) /opt/veeam/transport/veeamtransport --run-environmentsvc 7:6
(root,168292,2192,00:15:36/84-05:58:23,5803) /opt/veeam/transport/veeamimmureposvc --subprocess --log /var/log/VeeamBackup --maxLogSize 15728640 --stdio 10:7
(root,0,0,00:00:00/02:51,5830) [kworker/u4:0]
(root,0,0,00:00:00/01:56,5928) [kworker/0:2]
(root,113320,1620,00:00:00/00:00,6111) /bin/bash /usr/bin/check_mk_agent
(root,113320,1616,00:00:00/00:00,6136) /bin/bash /usr/bin/check_mk_agent
(root,1627728,58156,00:18:08/84-05:57:58,6189) /usr/sbin/veeamworker --pidfile /var/run/veeamservice.pid --daemon
(root,113192,1584,00:00:00/00:00,6197) /bin/bash /usr/bin/check_mk_agent
(root,51752,1680,00:00:00/00:00,6294) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000
(root,13324,924,00:00:00/00:00,6295) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) /
(root,0,0,00:00:00/323-07:28:57,12620) [cifsiod]
(root,0,0,00:00:00/323-07:28:57,12621) [cifsoplockd]
(root,415200,121192,00:10:27/270-07:48:44,14055) /opt/web/powerdns-admin/flask/bin/python3 /opt/web/powerdns-admin/flask/bin/gunicorn --workers 2 --bind unix:/opt/web/powerdns-admin/powerdns-admin.sock app:app
(root,363000,68796,00:10:09/270-07:48:44,14056) /opt/web/powerdns-admin/flask/bin/python3 /opt/web/powerdns-admin/flask/bin/gunicorn --workers 2 --bind unix:/opt/web/powerdns-admin/powerdns-admin.sock app:app
(pdns,1374876,26948,00:56:32/199-13:47:55,20510) /usr/sbin/pdns_server --guardian=no --daemon=no --disable-syslog --no-shuffle --log-timestamp=no --write-pid=no
(root,99932,2244,00:00:00/309-10:16:50,22579) /opt/veeam/deployment/veeamdeploymentsvc --run-service
(root,391024,30640,00:00:21/309-10:16:50,22581) /opt/veeam/deployment/veeamdeploymentsvc --service-process 9:8
(veeam-cd,601912,15316,01:13:27/309-10:16:50,22583) /opt/veeam/deployment/veeamdeploymentsvc --vcp-subprocess 18:17
(root,0,0,00:00:34/07:58:04,23374) [kworker/0:1]

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: ens35: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether 1e:00:d2:00:05:c4 brd ff:ff:ff:ff:ff:ff
[end_iplink]

Found on 2024-12-06 00:59

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcb76c1b6ce66f06e793f105f6bdf22204e3a9e8633

Found public CheckMk agent:
Version: 1.5.0p7
AgentOS: linux
Hostname: master.gi-dns.com
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local

Found process list through CheckMk:
(root,191148,3828,01:29:08/321-12:27:54,1) /usr/lib/systemd/systemd --switched-root --system --deserialize 22
(root,0,0,00:00:07/321-12:27:54,2) [kthreadd]
(root,0,0,00:00:00/321-12:27:54,4) [kworker/0:0H]
(root,0,0,00:10:59/321-12:27:54,6) [ksoftirqd/0]
(root,0,0,00:01:23/321-12:27:54,7) [migration/0]
(root,0,0,00:00:00/321-12:27:54,8) [rcu_bh]
(root,0,0,10:21:59/321-12:27:54,9) [rcu_sched]
(root,0,0,00:00:00/321-12:27:54,10) [lru-add-drain]
(root,0,0,00:01:52/321-12:27:54,11) [watchdog/0]
(root,0,0,00:01:27/321-12:27:54,12) [watchdog/1]
(root,0,0,00:01:28/321-12:27:54,13) [migration/1]
(root,0,0,00:01:02/321-12:27:54,14) [ksoftirqd/1]
(root,0,0,00:00:00/321-12:27:54,16) [kworker/1:0H]
(root,0,0,00:00:00/321-12:27:54,18) [kdevtmpfs]
(root,0,0,00:00:00/321-12:27:54,19) [netns]
(root,0,0,00:00:17/321-12:27:54,20) [khungtaskd]
(root,0,0,00:00:00/321-12:27:54,21) [writeback]
(root,0,0,00:00:00/321-12:27:54,22) [kintegrityd]
(root,0,0,00:00:00/321-12:27:54,23) [bioset]
(root,0,0,00:00:00/321-12:27:54,24) [bioset]
(root,0,0,00:00:00/321-12:27:54,25) [bioset]
(root,0,0,00:00:00/321-12:27:54,26) [kblockd]
(root,0,0,00:00:00/321-12:27:54,27) [md]
(root,0,0,00:00:00/321-12:27:54,28) [edac-poller]
(root,0,0,00:00:00/321-12:27:54,29) [watchdogd]
(root,0,0,00:00:04/321-12:27:54,36) [kswapd0]
(root,0,0,00:00:00/321-12:27:54,37) [ksmd]
(root,0,0,00:01:17/321-12:27:54,38) [khugepaged]
(root,0,0,00:00:00/321-12:27:54,39) [crypto]
(root,0,0,00:00:00/321-12:27:54,47) [kthrotld]
(root,0,0,00:00:00/321-12:27:54,49) [kmpath_rdacd]
(root,0,0,00:00:00/321-12:27:54,50) [kaluad]
(root,0,0,00:00:00/321-12:27:54,51) [kpsmoused]
(root,0,0,00:00:00/321-12:27:54,53) [ipv6_addrconf]
(root,0,0,00:00:00/321-12:27:54,66) [deferwq]
(root,0,0,00:01:10/321-12:27:54,101) [kauditd]
(root,0,0,00:00:00/321-12:27:53,280) [ata_sff]
(root,0,0,00:00:00/321-12:27:53,281) [mpt_poll_0]
(root,0,0,00:00:00/321-12:27:53,282) [nfit]
(root,0,0,00:00:00/321-12:27:53,283) [mpt/0]
(root,0,0,00:00:00/321-12:27:53,311) [scsi_eh_0]
(root,0,0,00:00:00/321-12:27:53,312) [scsi_tmf_0]
(root,0,0,00:00:00/321-12:27:53,353) [scsi_eh_1]
(root,0,0,00:00:00/321-12:27:53,354) [scsi_tmf_1]
(root,0,0,00:00:00/321-12:27:53,356) [scsi_eh_2]
(root,0,0,00:00:00/321-12:27:53,357) [scsi_tmf_2]
(root,0,0,00:51:44/321-12:27:53,360) [irq/16-vmwgfx]
(root,0,0,00:00:00/321-12:27:53,365) [ttm_swap]
(root,0,0,00:00:00/321-12:27:53,374) [mpt_poll_1]
(root,0,0,00:00:00/321-12:27:53,375) [mpt/1]
(root,0,0,00:00:00/321-12:27:53,378) [scsi_eh_3]
(root,0,0,00:00:00/321-12:27:53,379) [scsi_tmf_3]
(root,0,0,00:00:00/321-12:27:53,380) [mpt_poll_2]
(root,0,0,00:00:00/321-12:27:53,381) [mpt/2]
(root,0,0,00:00:00/321-12:27:53,382) [scsi_eh_4]
(root,0,0,00:00:00/321-12:27:53,383) [scsi_tmf_4]
(root,0,0,00:00:00/321-12:27:53,384) [mpt_poll_3]
(root,0,0,00:00:00/321-12:27:53,385) [mpt/3]
(root,0,0,00:00:00/321-12:27:53,386) [scsi_eh_5]
(root,0,0,00:00:00/321-12:27:53,387) [scsi_tmf_5]
(root,0,0,00:00:00/321-12:27:53,451) [kdmflush]
(root,0,0,00:00:00/321-12:27:53,452) [bioset]
(root,0,0,00:00:00/321-12:27:52,462) [kdmflush]
(root,0,0,00:00:00/321-12:27:52,463) [bioset]
(root,0,0,00:00:00/321-12:27:52,476) [bioset]
(root,0,0,00:00:00/321-12:27:52,477) [xfsalloc]
(root,0,0,00:00:00/321-12:27:52,478) [xfs_mru_cache]
(root,0,0,00:00:00/321-12:27:52,479) [xfs-buf/dm-0]
(root,0,0,00:00:00/321-12:27:52,480) [xfs-data/dm-0]
(root,0,0,00:00:00/321-12:27:52,481) [xfs-conv/dm-0]
(root,0,0,00:00:00/321-12:27:52,482) [xfs-cil/dm-0]
(root,0,0,00:00:00/321-12:27:52,483) [xfs-reclaim/dm-]
(root,0,0,00:00:00/321-12:27:52,484) [xfs-log/dm-0]
(root,0,0,00:00:00/321-12:27:52,485) [xfs-eofblocks/d]
(root,0,0,01:49:27/321-12:27:52,486) [xfsaild/dm-0]
(root,0,0,00:01:02/321-12:27:52,487) [kworker/0:1H]
(root,47764,14460,00:25:01/321-12:27:49,567) /usr/lib/systemd/systemd-journald
(root,198568,1388,00:00:03/321-12:27:49,587) /usr/sbin/lvmetad -f
(root,44800,1536,00:00:01/321-12:27:49,600) /usr/lib/systemd/systemd-udevd
(root,0,0,00:00:00/321-12:27:48,729) [xfs-buf/sda1]
(root,0,0,00:00:00/321-12:27:48,730) [xfs-data/sda1]
(root,0,0,00:00:00/321-12:27:48,731) [xfs-conv/sda1]
(root,0,0,00:00:00/321-12:27:48,732) [xfs-cil/sda1]
(root,0,0,00:00:00/321-12:27:48,733) [xfs-reclaim/sda]
(root,0,0,00:00:00/321-12:27:48,734) [xfs-log/sda1]
(root,0,0,00:00:00/321-12:27:48,735) [xfs-eofblocks/s]
(root,0,0,00:00:04/321-12:27:48,744) [xfsaild/sda1]
(root,0,0,00:01:00/321-12:27:48,768) [kworker/1:1H]
(root,55528,764,00:05:59/321-12:27:48,769) /sbin/auditd
(root,99684,4356,00:00:00/321-12:27:47,791) /usr/bin/VGAuthService -s
(root,305176,5188,04:44:19/321-12:27:47,792) /usr/bin/vmtoolsd
(polkitd,612372,9488,00:00:17/321-12:27:47,797) /usr/lib/polkit-1/polkitd --no-debug
(root,21684,1072,00:16:23/321-12:27:47,805) /usr/sbin/irqbalance --foreground
(root,26380,1564,00:02:23/321-12:27:47,839) /usr/lib/systemd/systemd-logind
(dbus,58236,2092,00:06:49/321-12:27:47,840) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation
(ntp,25728,1932,00:04:05/321-12:27:47,851) /usr/sbin/ntpd -u ntp:ntp -g
(root,476344,8552,00:06:36/321-12:27:47,858) /usr/sbin/NetworkManager --no-daemon
(root,126288,1572,00:00:43/321-12:27:47,862) /usr/sbin/crond -n
(root,110108,804,00:00:00/321-12:27:47,865) /sbin/agetty --noclear tty1 linux
(root,218220,18720,01:20:07/321-12:27:46,1120) /opt/web/powerdns-admin/flask/bin/python3 /opt/web/powerdns-admin/flask/bin/gunicorn --workers 2 --bind unix:/opt/web/powerdns-admin/powerdns-admin.sock app:app
(root,462700,12336,00:31:08/321-12:27:46,1122) /usr/sbin/rsyslogd -n
(root,574200,17260,00:52:08/321-12:27:46,1123) /usr/bin/python2 -Es /usr/sbin/tuned -l -P
(root,112920,4356,00:06:58/321-12:27:46,1126) /usr/sbin/sshd -D
(root,27168,876,00:00:00/321-12:27:46,1160) /usr/sbin/xinetd -stayalive -pidfile /var/run/xinetd.pid
(mysql,1768440,168216,04:21:22/321-12:27:46,1226) /usr/sbin/mysqld
(root,57040,3040,00:00:02/321-12:27:46,1237) nginx: master process /usr/sbin/nginx -c /etc/nginx/nginx.conf
(root,0,0,00:00:09/81-07:30:03,1263) [veeamsnap_log]
(root,0,0,00:00:00/81-07:30:03,1264) [bioset]
(root,0,0,00:00:00/81-07:30:03,1266) [bioset]
(root,0,0,00:00:00/81-07:30:03,1267) [bioset]
(root,1272056,721120,1-01:22:16/321-12:27:45,1334) /usr/bin/python2 -s /usr/bin/fail2ban-server -s /var/run/fail2ban/fail2ban.sock -p /var/run/fail2ban/fail2ban.pid -x -b
(root,90356,2252,00:01:27/321-12:27:45,1412) /usr/libexec/postfix/master -w
(postfix,90636,4360,00:00:21/321-12:27:45,1452) qmgr -l -t unix -u
(root,0,0,00:03:41/2-02:47:13,4868) [kworker/0:2]
(root,1194016,28852,00:18:41/82-05:53:15,5783) /opt/veeam/transport/veeamtransport --run-service
(root,104896,3036,00:00:00/82-05:53:15,5790) /opt/veeam/transport/veeamtransport --run-environmentsvc 7:6
(root,168292,2192,00:15:14/82-05:53:14,5803) /opt/veeam/transport/veeamimmureposvc --subprocess --log /var/log/VeeamBackup --maxLogSize 15728640 --stdio 10:7
(root,1627728,58856,00:17:48/82-05:52:49,6189) /usr/sbin/veeamworker --pidfile /var/run/veeamservice.pid --daemon
(postfix,90460,4172,00:00:00/42:02,10091) pickup -l -t unix -u
(root,0,0,00:00:00/30:30,11246) [kworker/u4:0]
(root,0,0,00:00:00/21:29,12108) [kworker/1:1]
(root,0,0,00:00:00/321-07:23:48,12620) [cifsiod]
(root,0,0,00:00:00/321-07:23:48,12621) [cifsoplockd]
(root,0,0,00:00:00/10:57,13074) [kworker/1:0]
(root,0,0,00:00:00/07:23,13441) [kworker/u4:2]
(root,0,0,00:00:00/06:32,13458) [kworker/0:1]
(root,0,0,00:00:00/05:26,13639) [kworker/1:2]
(root,112920,4284,00:00:00/01:51,13925) sshd: [accepted]
(root,0,0,00:00:00/01:31,13926) [kworker/0:0]
(root,415200,121192,00:10:18/268-07:43:35,14055) /opt/web/powerdns-admin/flask/bin/python3 /opt/web/powerdns-admin/flask/bin/gunicorn --workers 2 --bind unix:/opt/web/powerdns-admin/powerdns-admin.sock app:app
(root,363672,69472,00:10:00/268-07:43:35,14056) /opt/web/powerdns-admin/flask/bin/python3 /opt/web/powerdns-admin/flask/bin/gunicorn --workers 2 --bind unix:/opt/web/powerdns-admin/powerdns-admin.sock app:app
(root,112920,4284,00:00:00/00:10,14117) sshd: [accepted]
(root,161532,5836,00:00:00/00:10,14118) sshd: root [priv]
(sshd,112920,2492,00:00:00/00:07,14119) sshd: root [net]
(root,113320,1616,00:00:00/00:00,14171) /bin/bash /usr/bin/check_mk_agent
(root,113192,1580,00:00:00/00:00,14256) /bin/bash /usr/bin/check_mk_agent
(root,51752,1680,00:00:00/00:00,14281) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000
(root,13324,928,00:00:00/00:00,14282) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) /
(nginx,57672,3988,00:00:00/21:53:54,14791) nginx: worker process
(pdns,1374876,26384,00:55:55/197-13:42:46,20510) /usr/sbin/pdns_server --guardian=no --daemon=no --disable-syslog --no-shuffle --log-timestamp=no --write-pid=no
(root,99932,2244,00:00:00/307-10:11:41,22579) /opt/veeam/deployment/veeamdeploymentsvc --run-service
(root,391024,30640,00:00:21/307-10:11:41,22581) /opt/veeam/deployment/veeamdeploymentsvc --service-process 9:8
(veeam-cd,601912,15316,01:12:56/307-10:11:41,22583) /opt/veeam/deployment/veeamdeploymentsvc --vcp-subprocess 18:17

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: ens35: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether 1e:00:d2:00:05:c4 brd ff:ff:ff:ff:ff:ff
[end_iplink]

Found on 2024-12-04 00:53

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcb76c1b6ce66f06e793f105f6bdf22204e5b357af5

Found public CheckMk agent:
Version: 1.5.0p7
AgentOS: linux
Hostname: master.gi-dns.com
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local

Found process list through CheckMk:
(root,191148,3828,01:28:25/319-13:10:16,1) /usr/lib/systemd/systemd --switched-root --system --deserialize 22
(root,0,0,00:00:07/319-13:10:16,2) [kthreadd]
(root,0,0,00:00:00/319-13:10:16,4) [kworker/0:0H]
(root,0,0,00:10:56/319-13:10:16,6) [ksoftirqd/0]
(root,0,0,00:01:23/319-13:10:16,7) [migration/0]
(root,0,0,00:00:00/319-13:10:16,8) [rcu_bh]
(root,0,0,10:18:38/319-13:10:16,9) [rcu_sched]
(root,0,0,00:00:00/319-13:10:16,10) [lru-add-drain]
(root,0,0,00:01:51/319-13:10:16,11) [watchdog/0]
(root,0,0,00:01:26/319-13:10:16,12) [watchdog/1]
(root,0,0,00:01:27/319-13:10:16,13) [migration/1]
(root,0,0,00:01:01/319-13:10:16,14) [ksoftirqd/1]
(root,0,0,00:00:00/319-13:10:16,16) [kworker/1:0H]
(root,0,0,00:00:00/319-13:10:16,18) [kdevtmpfs]
(root,0,0,00:00:00/319-13:10:16,19) [netns]
(root,0,0,00:00:17/319-13:10:16,20) [khungtaskd]
(root,0,0,00:00:00/319-13:10:16,21) [writeback]
(root,0,0,00:00:00/319-13:10:16,22) [kintegrityd]
(root,0,0,00:00:00/319-13:10:16,23) [bioset]
(root,0,0,00:00:00/319-13:10:16,24) [bioset]
(root,0,0,00:00:00/319-13:10:16,25) [bioset]
(root,0,0,00:00:00/319-13:10:16,26) [kblockd]
(root,0,0,00:00:00/319-13:10:16,27) [md]
(root,0,0,00:00:00/319-13:10:16,28) [edac-poller]
(root,0,0,00:00:00/319-13:10:16,29) [watchdogd]
(root,0,0,00:00:04/319-13:10:16,36) [kswapd0]
(root,0,0,00:00:00/319-13:10:16,37) [ksmd]
(root,0,0,00:01:17/319-13:10:16,38) [khugepaged]
(root,0,0,00:00:00/319-13:10:16,39) [crypto]
(root,0,0,00:00:00/319-13:10:16,47) [kthrotld]
(root,0,0,00:00:00/319-13:10:16,49) [kmpath_rdacd]
(root,0,0,00:00:00/319-13:10:16,50) [kaluad]
(root,0,0,00:00:00/319-13:10:16,51) [kpsmoused]
(root,0,0,00:00:00/319-13:10:16,53) [ipv6_addrconf]
(root,0,0,00:00:00/319-13:10:16,66) [deferwq]
(root,0,0,00:01:10/319-13:10:16,101) [kauditd]
(root,0,0,00:00:00/319-13:10:15,280) [ata_sff]
(root,0,0,00:00:00/319-13:10:15,281) [mpt_poll_0]
(root,0,0,00:00:00/319-13:10:15,282) [nfit]
(root,0,0,00:00:00/319-13:10:15,283) [mpt/0]
(root,0,0,00:00:00/319-13:10:15,311) [scsi_eh_0]
(root,0,0,00:00:00/319-13:10:15,312) [scsi_tmf_0]
(root,0,0,00:00:00/319-13:10:15,353) [scsi_eh_1]
(root,0,0,00:00:00/319-13:10:15,354) [scsi_tmf_1]
(root,0,0,00:00:00/319-13:10:15,356) [scsi_eh_2]
(root,0,0,00:00:00/319-13:10:15,357) [scsi_tmf_2]
(root,0,0,00:51:25/319-13:10:15,360) [irq/16-vmwgfx]
(root,0,0,00:00:00/319-13:10:15,365) [ttm_swap]
(root,0,0,00:00:00/319-13:10:15,374) [mpt_poll_1]
(root,0,0,00:00:00/319-13:10:15,375) [mpt/1]
(root,0,0,00:00:00/319-13:10:15,378) [scsi_eh_3]
(root,0,0,00:00:00/319-13:10:15,379) [scsi_tmf_3]
(root,0,0,00:00:00/319-13:10:15,380) [mpt_poll_2]
(root,0,0,00:00:00/319-13:10:15,381) [mpt/2]
(root,0,0,00:00:00/319-13:10:15,382) [scsi_eh_4]
(root,0,0,00:00:00/319-13:10:15,383) [scsi_tmf_4]
(root,0,0,00:00:00/319-13:10:15,384) [mpt_poll_3]
(root,0,0,00:00:00/319-13:10:15,385) [mpt/3]
(root,0,0,00:00:00/319-13:10:15,386) [scsi_eh_5]
(root,0,0,00:00:00/319-13:10:15,387) [scsi_tmf_5]
(root,0,0,00:00:00/319-13:10:15,451) [kdmflush]
(root,0,0,00:00:00/319-13:10:15,452) [bioset]
(root,0,0,00:00:00/319-13:10:14,462) [kdmflush]
(root,0,0,00:00:00/319-13:10:14,463) [bioset]
(root,0,0,00:00:00/319-13:10:14,476) [bioset]
(root,0,0,00:00:00/319-13:10:14,477) [xfsalloc]
(root,0,0,00:00:00/319-13:10:14,478) [xfs_mru_cache]
(root,0,0,00:00:00/319-13:10:14,479) [xfs-buf/dm-0]
(root,0,0,00:00:00/319-13:10:14,480) [xfs-data/dm-0]
(root,0,0,00:00:00/319-13:10:14,481) [xfs-conv/dm-0]
(root,0,0,00:00:00/319-13:10:14,482) [xfs-cil/dm-0]
(root,0,0,00:00:00/319-13:10:14,483) [xfs-reclaim/dm-]
(root,0,0,00:00:00/319-13:10:14,484) [xfs-log/dm-0]
(root,0,0,00:00:00/319-13:10:14,485) [xfs-eofblocks/d]
(root,0,0,01:48:45/319-13:10:14,486) [xfsaild/dm-0]
(root,0,0,00:01:02/319-13:10:14,487) [kworker/0:1H]
(root,55948,19020,00:24:49/319-13:10:11,567) /usr/lib/systemd/systemd-journald
(root,198568,1388,00:00:03/319-13:10:11,587) /usr/sbin/lvmetad -f
(root,44800,1536,00:00:01/319-13:10:11,600) /usr/lib/systemd/systemd-udevd
(root,0,0,00:00:00/319-13:10:10,729) [xfs-buf/sda1]
(root,0,0,00:00:00/319-13:10:10,730) [xfs-data/sda1]
(root,0,0,00:00:00/319-13:10:10,731) [xfs-conv/sda1]
(root,0,0,00:00:00/319-13:10:10,732) [xfs-cil/sda1]
(root,0,0,00:00:00/319-13:10:10,733) [xfs-reclaim/sda]
(root,0,0,00:00:00/319-13:10:10,734) [xfs-log/sda1]
(root,0,0,00:00:00/319-13:10:10,735) [xfs-eofblocks/s]
(root,0,0,00:00:04/319-13:10:10,744) [xfsaild/sda1]
(root,0,0,00:00:59/319-13:10:10,768) [kworker/1:1H]
(root,55528,764,00:05:56/319-13:10:10,769) /sbin/auditd
(root,99684,4356,00:00:00/319-13:10:09,791) /usr/bin/VGAuthService -s
(root,305176,5188,04:42:24/319-13:10:09,792) /usr/bin/vmtoolsd
(polkitd,612372,9488,00:00:16/319-13:10:09,797) /usr/lib/polkit-1/polkitd --no-debug
(root,21684,1072,00:16:17/319-13:10:09,805) /usr/sbin/irqbalance --foreground
(root,26380,1564,00:02:22/319-13:10:09,839) /usr/lib/systemd/systemd-logind
(dbus,58236,2092,00:06:46/319-13:10:09,840) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation
(ntp,25728,1932,00:04:04/319-13:10:09,851) /usr/sbin/ntpd -u ntp:ntp -g
(root,476344,8552,00:06:33/319-13:10:09,858) /usr/sbin/NetworkManager --no-daemon
(root,126288,1572,00:00:43/319-13:10:09,862) /usr/sbin/crond -n
(root,110108,804,00:00:00/319-13:10:09,865) /sbin/agetty --noclear tty1 linux
(root,218220,18720,01:19:36/319-13:10:08,1120) /opt/web/powerdns-admin/flask/bin/python3 /opt/web/powerdns-admin/flask/bin/gunicorn --workers 2 --bind unix:/opt/web/powerdns-admin/powerdns-admin.sock app:app
(root,471040,14164,00:30:55/319-13:10:08,1122) /usr/sbin/rsyslogd -n
(root,574200,17260,00:51:48/319-13:10:08,1123) /usr/bin/python2 -Es /usr/sbin/tuned -l -P
(root,112920,4356,00:06:54/319-13:10:08,1126) /usr/sbin/sshd -D
(root,27168,876,00:00:00/319-13:10:08,1160) /usr/sbin/xinetd -stayalive -pidfile /var/run/xinetd.pid
(mysql,1768440,168188,04:19:44/319-13:10:08,1226) /usr/sbin/mysqld
(root,57040,3040,00:00:02/319-13:10:08,1237) nginx: master process /usr/sbin/nginx -c /etc/nginx/nginx.conf
(root,0,0,00:00:08/79-08:12:25,1263) [veeamsnap_log]
(root,0,0,00:00:00/79-08:12:25,1264) [bioset]
(root,0,0,00:00:00/79-08:12:25,1266) [bioset]
(root,0,0,00:00:00/79-08:12:25,1267) [bioset]
(root,1276888,719848,1-01:14:35/319-13:10:07,1334) /usr/bin/python2 -s /usr/bin/fail2ban-server -s /var/run/fail2ban/fail2ban.sock -p /var/run/fail2ban/fail2ban.pid -x -b
(root,90356,2252,00:01:26/319-13:10:07,1412) /usr/libexec/postfix/master -w
(postfix,90636,4360,00:00:21/319-13:10:07,1452) qmgr -l -t unix -u
(root,0,0,00:00:14/03:29:35,4868) [kworker/0:2]
(root,1194016,27864,00:18:15/80-06:35:37,5783) /opt/veeam/transport/veeamtransport --run-service
(root,104896,3036,00:00:00/80-06:35:37,5790) /opt/veeam/transport/veeamtransport --run-environmentsvc 7:6
(root,168292,2192,00:14:51/80-06:35:36,5803) /opt/veeam/transport/veeamimmureposvc --subprocess --log /var/log/VeeamBackup --maxLogSize 15728640 --stdio 10:7
(root,1627728,59908,00:17:30/80-06:35:11,6189) /usr/sbin/veeamworker --pidfile /var/run/veeamservice.pid --daemon
(root,0,0,00:00:00/319-08:06:10,12620) [cifsiod]
(root,0,0,00:00:00/319-08:06:10,12621) [cifsoplockd]
(root,415200,121448,00:10:10/266-08:25:57,14055) /opt/web/powerdns-admin/flask/bin/python3 /opt/web/powerdns-admin/flask/bin/gunicorn --workers 2 --bind unix:/opt/web/powerdns-admin/powerdns-admin.sock app:app
(root,363468,69472,00:09:55/266-08:25:57,14056) /opt/web/powerdns-admin/flask/bin/python3 /opt/web/powerdns-admin/flask/bin/gunicorn --workers 2 --bind unix:/opt/web/powerdns-admin/powerdns-admin.sock app:app
(pdns,1374876,26308,00:55:20/195-14:25:08,20510) /usr/sbin/pdns_server --guardian=no --daemon=no --disable-syslog --no-shuffle --log-timestamp=no --write-pid=no
(root,99932,2244,00:00:00/305-10:54:03,22579) /opt/veeam/deployment/veeamdeploymentsvc --run-service
(root,391024,30640,00:00:21/305-10:54:03,22581) /opt/veeam/deployment/veeamdeploymentsvc --service-process 9:8
(veeam-cd,601912,15316,01:12:26/305-10:54:03,22583) /opt/veeam/deployment/veeamdeploymentsvc --vcp-subprocess 18:17
(nginx,57476,2564,00:00:00/22:36:17,23290) nginx: worker process
(root,0,0,00:00:00/20:15,23689) [kworker/u4:1]
(root,0,0,00:00:00/17:43,23891) [kworker/1:2]
(root,0,0,00:00:00/12:12,24456) [kworker/1:0]
(root,0,0,00:00:00/08:53,24743) [kworker/0:0]
(root,0,0,00:00:00/08:31,24752) [kworker/u4:0]
(root,0,0,00:00:00/03:52,25216) [kworker/0:1]
(postfix,90460,4172,00:00:00/03:50,25217) pickup -l -t unix -u
(root,0,0,00:00:00/01:40,25417) [kworker/1:1]
(root,113320,1616,00:00:00/00:00,25645) /bin/bash /usr/bin/check_mk_agent
(root,113192,1584,00:00:00/00:00,25715) /bin/bash /usr/bin/check_mk_agent
(root,113320,648,00:00:00/00:00,25744) /bin/bash /usr/bin/check_mk_agent
(root,51752,1680,00:00:00/00:00,25745) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000
(root,404,4,00:00:00/00:00,25747) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) /
(root,113320,296,00:00:00/00:00,25748) /bin/bash /usr/bin/check_mk_agent
(root,13320,668,00:00:00/00:00,25749) sed s/.*=[[:space:]]*//g

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: ens35: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether 1e:00:d2:00:05:c4 brd ff:ff:ff:ff:ff:ff
[end_iplink]

Found on 2024-12-02 01:36

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcb76c1b6ce66f06e793f105f6bdf22204ee817baa1

Found public CheckMk agent:
Version: 1.5.0p7
AgentOS: linux
Hostname: master.gi-dns.com
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local

Found process list through CheckMk:
(root,191148,3828,01:27:40/317-12:33:27,1) /usr/lib/systemd/systemd --switched-root --system --deserialize 22
(root,0,0,00:00:06/317-12:33:27,2) [kthreadd]
(root,0,0,00:00:00/317-12:33:27,4) [kworker/0:0H]
(root,0,0,00:10:52/317-12:33:27,6) [ksoftirqd/0]
(root,0,0,00:01:22/317-12:33:27,7) [migration/0]
(root,0,0,00:00:00/317-12:33:27,8) [rcu_bh]
(root,0,0,10:15:06/317-12:33:27,9) [rcu_sched]
(root,0,0,00:00:00/317-12:33:27,10) [lru-add-drain]
(root,0,0,00:01:51/317-12:33:27,11) [watchdog/0]
(root,0,0,00:01:26/317-12:33:27,12) [watchdog/1]
(root,0,0,00:01:26/317-12:33:27,13) [migration/1]
(root,0,0,00:01:01/317-12:33:27,14) [ksoftirqd/1]
(root,0,0,00:00:00/317-12:33:27,16) [kworker/1:0H]
(root,0,0,00:00:00/317-12:33:27,18) [kdevtmpfs]
(root,0,0,00:00:00/317-12:33:27,19) [netns]
(root,0,0,00:00:17/317-12:33:27,20) [khungtaskd]
(root,0,0,00:00:00/317-12:33:27,21) [writeback]
(root,0,0,00:00:00/317-12:33:27,22) [kintegrityd]
(root,0,0,00:00:00/317-12:33:27,23) [bioset]
(root,0,0,00:00:00/317-12:33:27,24) [bioset]
(root,0,0,00:00:00/317-12:33:27,25) [bioset]
(root,0,0,00:00:00/317-12:33:27,26) [kblockd]
(root,0,0,00:00:00/317-12:33:27,27) [md]
(root,0,0,00:00:00/317-12:33:27,28) [edac-poller]
(root,0,0,00:00:00/317-12:33:27,29) [watchdogd]
(root,0,0,00:00:04/317-12:33:27,36) [kswapd0]
(root,0,0,00:00:00/317-12:33:27,37) [ksmd]
(root,0,0,00:01:16/317-12:33:27,38) [khugepaged]
(root,0,0,00:00:00/317-12:33:27,39) [crypto]
(root,0,0,00:00:00/317-12:33:27,47) [kthrotld]
(root,0,0,00:00:00/317-12:33:27,49) [kmpath_rdacd]
(root,0,0,00:00:00/317-12:33:27,50) [kaluad]
(root,0,0,00:00:00/317-12:33:27,51) [kpsmoused]
(root,0,0,00:00:00/317-12:33:27,53) [ipv6_addrconf]
(root,0,0,00:00:00/317-12:33:27,66) [deferwq]
(root,0,0,00:01:09/317-12:33:27,101) [kauditd]
(root,0,0,00:00:00/317-12:33:26,280) [ata_sff]
(root,0,0,00:00:00/317-12:33:26,281) [mpt_poll_0]
(root,0,0,00:00:00/317-12:33:26,282) [nfit]
(root,0,0,00:00:00/317-12:33:26,283) [mpt/0]
(root,0,0,00:00:00/317-12:33:26,311) [scsi_eh_0]
(root,0,0,00:00:00/317-12:33:26,312) [scsi_tmf_0]
(root,0,0,00:00:00/317-12:33:26,353) [scsi_eh_1]
(root,0,0,00:00:00/317-12:33:26,354) [scsi_tmf_1]
(root,0,0,00:00:00/317-12:33:26,356) [scsi_eh_2]
(root,0,0,00:00:00/317-12:33:26,357) [scsi_tmf_2]
(root,0,0,00:51:06/317-12:33:26,360) [irq/16-vmwgfx]
(root,0,0,00:00:00/317-12:33:26,365) [ttm_swap]
(root,0,0,00:00:00/317-12:33:26,374) [mpt_poll_1]
(root,0,0,00:00:00/317-12:33:26,375) [mpt/1]
(root,0,0,00:00:00/317-12:33:26,378) [scsi_eh_3]
(root,0,0,00:00:00/317-12:33:26,379) [scsi_tmf_3]
(root,0,0,00:00:00/317-12:33:26,380) [mpt_poll_2]
(root,0,0,00:00:00/317-12:33:26,381) [mpt/2]
(root,0,0,00:00:00/317-12:33:26,382) [scsi_eh_4]
(root,0,0,00:00:00/317-12:33:26,383) [scsi_tmf_4]
(root,0,0,00:00:00/317-12:33:26,384) [mpt_poll_3]
(root,0,0,00:00:00/317-12:33:26,385) [mpt/3]
(root,0,0,00:00:00/317-12:33:26,386) [scsi_eh_5]
(root,0,0,00:00:00/317-12:33:26,387) [scsi_tmf_5]
(root,0,0,00:00:00/317-12:33:26,451) [kdmflush]
(root,0,0,00:00:00/317-12:33:26,452) [bioset]
(root,0,0,00:00:00/317-12:33:25,462) [kdmflush]
(root,0,0,00:00:00/317-12:33:25,463) [bioset]
(root,0,0,00:00:00/317-12:33:25,476) [bioset]
(root,0,0,00:00:00/317-12:33:25,477) [xfsalloc]
(root,0,0,00:00:00/317-12:33:25,478) [xfs_mru_cache]
(root,0,0,00:00:00/317-12:33:25,479) [xfs-buf/dm-0]
(root,0,0,00:00:00/317-12:33:25,480) [xfs-data/dm-0]
(root,0,0,00:00:00/317-12:33:25,481) [xfs-conv/dm-0]
(root,0,0,00:00:00/317-12:33:25,482) [xfs-cil/dm-0]
(root,0,0,00:00:00/317-12:33:25,483) [xfs-reclaim/dm-]
(root,0,0,00:00:00/317-12:33:25,484) [xfs-log/dm-0]
(root,0,0,00:00:00/317-12:33:25,485) [xfs-eofblocks/d]
(root,0,0,01:48:00/317-12:33:25,486) [xfsaild/dm-0]
(root,0,0,00:01:01/317-12:33:25,487) [kworker/0:1H]
(root,39564,4112,00:24:37/317-12:33:22,567) /usr/lib/systemd/systemd-journald
(root,198568,1388,00:00:03/317-12:33:22,587) /usr/sbin/lvmetad -f
(root,44800,1536,00:00:01/317-12:33:22,600) /usr/lib/systemd/systemd-udevd
(root,0,0,00:00:00/317-12:33:21,729) [xfs-buf/sda1]
(root,0,0,00:00:00/317-12:33:21,730) [xfs-data/sda1]
(root,0,0,00:00:00/317-12:33:21,731) [xfs-conv/sda1]
(root,0,0,00:00:00/317-12:33:21,732) [xfs-cil/sda1]
(root,0,0,00:00:00/317-12:33:21,733) [xfs-reclaim/sda]
(root,0,0,00:00:00/317-12:33:21,734) [xfs-log/sda1]
(root,0,0,00:00:00/317-12:33:21,735) [xfs-eofblocks/s]
(root,0,0,00:00:04/317-12:33:21,744) [xfsaild/sda1]
(root,0,0,00:00:59/317-12:33:21,768) [kworker/1:1H]
(root,55528,764,00:05:53/317-12:33:21,769) /sbin/auditd
(root,99684,4356,00:00:00/317-12:33:20,791) /usr/bin/VGAuthService -s
(root,305176,5188,04:40:21/317-12:33:20,792) /usr/bin/vmtoolsd
(polkitd,612372,9488,00:00:16/317-12:33:20,797) /usr/lib/polkit-1/polkitd --no-debug
(root,21684,1072,00:16:10/317-12:33:20,805) /usr/sbin/irqbalance --foreground
(root,26380,1564,00:02:21/317-12:33:20,839) /usr/lib/systemd/systemd-logind
(dbus,58236,2092,00:06:44/317-12:33:20,840) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation
(ntp,25728,1932,00:04:02/317-12:33:20,851) /usr/sbin/ntpd -u ntp:ntp -g
(root,476344,8552,00:06:31/317-12:33:20,858) /usr/sbin/NetworkManager --no-daemon
(root,126288,1572,00:00:42/317-12:33:20,862) /usr/sbin/crond -n
(root,110108,804,00:00:00/317-12:33:20,865) /sbin/agetty --noclear tty1 linux
(root,218220,18720,01:19:04/317-12:33:19,1120) /opt/web/powerdns-admin/flask/bin/python3 /opt/web/powerdns-admin/flask/bin/gunicorn --workers 2 --bind unix:/opt/web/powerdns-admin/powerdns-admin.sock app:app
(root,454748,5716,00:30:41/317-12:33:19,1122) /usr/sbin/rsyslogd -n
(root,574200,17260,00:51:26/317-12:33:19,1123) /usr/bin/python2 -Es /usr/sbin/tuned -l -P
(root,112920,4356,00:06:50/317-12:33:19,1126) /usr/sbin/sshd -D
(root,27168,876,00:00:00/317-12:33:19,1160) /usr/sbin/xinetd -stayalive -pidfile /var/run/xinetd.pid
(mysql,1768440,168188,04:18:07/317-12:33:19,1226) /usr/sbin/mysqld
(root,57040,3040,00:00:02/317-12:33:19,1237) nginx: master process /usr/sbin/nginx -c /etc/nginx/nginx.conf
(root,0,0,00:00:08/77-07:35:36,1263) [veeamsnap_log]
(root,0,0,00:00:00/77-07:35:36,1264) [bioset]
(root,0,0,00:00:00/77-07:35:36,1266) [bioset]
(root,0,0,00:00:00/77-07:35:36,1267) [bioset]
(root,1263060,708440,1-01:07:22/317-12:33:18,1334) /usr/bin/python2 -s /usr/bin/fail2ban-server -s /var/run/fail2ban/fail2ban.sock -p /var/run/fail2ban/fail2ban.pid -x -b
(root,90356,2252,00:01:26/317-12:33:18,1412) /usr/libexec/postfix/master -w
(postfix,90636,4360,00:00:20/317-12:33:18,1452) qmgr -l -t unix -u
(root,0,0,00:00:01/04:22:56,5778) [kworker/1:0]
(root,1194016,27864,00:17:47/78-05:58:48,5783) /opt/veeam/transport/veeamtransport --run-service
(root,104896,3036,00:00:00/78-05:58:48,5790) /opt/veeam/transport/veeamtransport --run-environmentsvc 7:6
(root,168292,2192,00:14:28/78-05:58:47,5803) /opt/veeam/transport/veeamimmureposvc --subprocess --log /var/log/VeeamBackup --maxLogSize 15728640 --stdio 10:7
(root,1627728,59324,00:17:08/78-05:58:22,6189) /usr/sbin/veeamworker --pidfile /var/run/veeamservice.pid --daemon
(root,0,0,00:00:00/317-07:29:21,12620) [cifsiod]
(root,0,0,00:00:00/317-07:29:21,12621) [cifsoplockd]
(root,415200,121448,00:10:07/264-07:49:08,14055) /opt/web/powerdns-admin/flask/bin/python3 /opt/web/powerdns-admin/flask/bin/gunicorn --workers 2 --bind unix:/opt/web/powerdns-admin/powerdns-admin.sock app:app
(root,363468,69472,00:09:52/264-07:49:08,14056) /opt/web/powerdns-admin/flask/bin/python3 /opt/web/powerdns-admin/flask/bin/gunicorn --workers 2 --bind unix:/opt/web/powerdns-admin/powerdns-admin.sock app:app
(pdns,1374876,26308,00:54:43/193-13:48:19,20510) /usr/sbin/pdns_server --guardian=no --daemon=no --disable-syslog --no-shuffle --log-timestamp=no --write-pid=no
(postfix,90460,4176,00:00:00/01:26:37,22396) pickup -l -t unix -u
(root,99932,2244,00:00:00/303-10:17:14,22579) /opt/veeam/deployment/veeamdeploymentsvc --run-service
(root,391024,30640,00:00:21/303-10:17:14,22581) /opt/veeam/deployment/veeamdeploymentsvc --service-process 9:8
(veeam-cd,601912,15316,01:11:54/303-10:17:14,22583) /opt/veeam/deployment/veeamdeploymentsvc --vcp-subprocess 18:17
(root,0,0,00:00:01/29:13,27809) [kworker/0:0]
(root,0,0,00:00:00/28:10,27905) [kworker/u4:0]
(root,0,0,00:00:00/17:15,28828) [kworker/u4:1]
(root,0,0,00:00:00/13:10,29293) [kworker/0:1]
(root,0,0,00:00:00/07:02,29838) [kworker/1:2]
(root,0,0,00:00:00/02:39,30219) [kworker/0:2]
(root,0,0,00:00:00/02:01,30310) [kworker/1:1]
(root,113192,1580,00:00:00/00:00,30653) /bin/bash /usr/bin/check_mk_agent
(root,51752,1676,00:00:00/00:00,30669) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000
(root,13324,924,00:00:00/00:00,30670) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) /
(nginx,57564,4060,00:00:00/21:59:27,32577) nginx: worker process

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: ens35: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether 1e:00:d2:00:05:c4 brd ff:ff:ff:ff:ff:ff
[end_iplink]

Found on 2024-11-30 00:59

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcb76c1b6ce66f06e793f105f6bdf22204e55439bd5

Found public CheckMk agent:
Version: 1.5.0p7
AgentOS: linux
Hostname: master.gi-dns.com
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local

Found process list through CheckMk:
(root,191148,3828,01:26:56/315-12:36:27,1) /usr/lib/systemd/systemd --switched-root --system --deserialize 22
(root,0,0,00:00:06/315-12:36:27,2) [kthreadd]
(root,0,0,00:00:00/315-12:36:27,4) [kworker/0:0H]
(root,0,0,00:10:48/315-12:36:27,6) [ksoftirqd/0]
(root,0,0,00:01:22/315-12:36:27,7) [migration/0]
(root,0,0,00:00:00/315-12:36:27,8) [rcu_bh]
(root,0,0,10:11:21/315-12:36:27,9) [rcu_sched]
(root,0,0,00:00:00/315-12:36:27,10) [lru-add-drain]
(root,0,0,00:01:50/315-12:36:27,11) [watchdog/0]
(root,0,0,00:01:25/315-12:36:27,12) [watchdog/1]
(root,0,0,00:01:26/315-12:36:27,13) [migration/1]
(root,0,0,00:01:01/315-12:36:27,14) [ksoftirqd/1]
(root,0,0,00:00:00/315-12:36:27,16) [kworker/1:0H]
(root,0,0,00:00:00/315-12:36:27,18) [kdevtmpfs]
(root,0,0,00:00:00/315-12:36:27,19) [netns]
(root,0,0,00:00:17/315-12:36:27,20) [khungtaskd]
(root,0,0,00:00:00/315-12:36:27,21) [writeback]
(root,0,0,00:00:00/315-12:36:27,22) [kintegrityd]
(root,0,0,00:00:00/315-12:36:27,23) [bioset]
(root,0,0,00:00:00/315-12:36:27,24) [bioset]
(root,0,0,00:00:00/315-12:36:27,25) [bioset]
(root,0,0,00:00:00/315-12:36:27,26) [kblockd]
(root,0,0,00:00:00/315-12:36:27,27) [md]
(root,0,0,00:00:00/315-12:36:27,28) [edac-poller]
(root,0,0,00:00:00/315-12:36:27,29) [watchdogd]
(root,0,0,00:00:04/315-12:36:27,36) [kswapd0]
(root,0,0,00:00:00/315-12:36:27,37) [ksmd]
(root,0,0,00:01:16/315-12:36:27,38) [khugepaged]
(root,0,0,00:00:00/315-12:36:27,39) [crypto]
(root,0,0,00:00:00/315-12:36:27,47) [kthrotld]
(root,0,0,00:00:00/315-12:36:27,49) [kmpath_rdacd]
(root,0,0,00:00:00/315-12:36:27,50) [kaluad]
(root,0,0,00:00:00/315-12:36:27,51) [kpsmoused]
(root,0,0,00:00:00/315-12:36:27,53) [ipv6_addrconf]
(root,0,0,00:00:00/315-12:36:27,66) [deferwq]
(root,0,0,00:01:09/315-12:36:27,101) [kauditd]
(root,0,0,00:00:00/315-12:36:26,280) [ata_sff]
(root,0,0,00:00:00/315-12:36:26,281) [mpt_poll_0]
(root,0,0,00:00:00/315-12:36:26,282) [nfit]
(root,0,0,00:00:00/315-12:36:26,283) [mpt/0]
(root,0,0,00:00:00/315-12:36:26,311) [scsi_eh_0]
(root,0,0,00:00:00/315-12:36:26,312) [scsi_tmf_0]
(root,0,0,00:00:00/315-12:36:26,353) [scsi_eh_1]
(root,0,0,00:00:00/315-12:36:26,354) [scsi_tmf_1]
(root,0,0,00:00:00/315-12:36:26,356) [scsi_eh_2]
(root,0,0,00:00:00/315-12:36:26,357) [scsi_tmf_2]
(root,0,0,00:50:48/315-12:36:26,360) [irq/16-vmwgfx]
(root,0,0,00:00:00/315-12:36:26,365) [ttm_swap]
(root,0,0,00:00:00/315-12:36:26,374) [mpt_poll_1]
(root,0,0,00:00:00/315-12:36:26,375) [mpt/1]
(root,0,0,00:00:00/315-12:36:26,378) [scsi_eh_3]
(root,0,0,00:00:00/315-12:36:26,379) [scsi_tmf_3]
(root,0,0,00:00:00/315-12:36:26,380) [mpt_poll_2]
(root,0,0,00:00:00/315-12:36:26,381) [mpt/2]
(root,0,0,00:00:00/315-12:36:26,382) [scsi_eh_4]
(root,0,0,00:00:00/315-12:36:26,383) [scsi_tmf_4]
(root,0,0,00:00:00/315-12:36:26,384) [mpt_poll_3]
(root,0,0,00:00:00/315-12:36:26,385) [mpt/3]
(root,0,0,00:00:00/315-12:36:26,386) [scsi_eh_5]
(root,0,0,00:00:00/315-12:36:26,387) [scsi_tmf_5]
(root,0,0,00:00:00/315-12:36:26,451) [kdmflush]
(root,0,0,00:00:00/315-12:36:26,452) [bioset]
(root,0,0,00:00:00/315-12:36:25,462) [kdmflush]
(root,0,0,00:00:00/315-12:36:25,463) [bioset]
(root,0,0,00:00:00/315-12:36:25,476) [bioset]
(root,0,0,00:00:00/315-12:36:25,477) [xfsalloc]
(root,0,0,00:00:00/315-12:36:25,478) [xfs_mru_cache]
(root,0,0,00:00:00/315-12:36:25,479) [xfs-buf/dm-0]
(root,0,0,00:00:00/315-12:36:25,480) [xfs-data/dm-0]
(root,0,0,00:00:00/315-12:36:25,481) [xfs-conv/dm-0]
(root,0,0,00:00:00/315-12:36:25,482) [xfs-cil/dm-0]
(root,0,0,00:00:00/315-12:36:25,483) [xfs-reclaim/dm-]
(root,0,0,00:00:00/315-12:36:25,484) [xfs-log/dm-0]
(root,0,0,00:00:00/315-12:36:25,485) [xfs-eofblocks/d]
(root,0,0,01:47:18/315-12:36:25,486) [xfsaild/dm-0]
(root,0,0,00:01:01/315-12:36:25,487) [kworker/0:1H]
(root,47764,10268,00:24:26/315-12:36:22,567) /usr/lib/systemd/systemd-journald
(root,198568,1384,00:00:03/315-12:36:22,587) /usr/sbin/lvmetad -f
(root,44800,1536,00:00:01/315-12:36:22,600) /usr/lib/systemd/systemd-udevd
(root,0,0,00:00:00/315-12:36:21,729) [xfs-buf/sda1]
(root,0,0,00:00:00/315-12:36:21,730) [xfs-data/sda1]
(root,0,0,00:00:00/315-12:36:21,731) [xfs-conv/sda1]
(root,0,0,00:00:00/315-12:36:21,732) [xfs-cil/sda1]
(root,0,0,00:00:00/315-12:36:21,733) [xfs-reclaim/sda]
(root,0,0,00:00:00/315-12:36:21,734) [xfs-log/sda1]
(root,0,0,00:00:00/315-12:36:21,735) [xfs-eofblocks/s]
(root,0,0,00:00:03/315-12:36:21,744) [xfsaild/sda1]
(root,0,0,00:00:58/315-12:36:21,768) [kworker/1:1H]
(root,55528,848,00:05:51/315-12:36:21,769) /sbin/auditd
(root,99684,4476,00:00:00/315-12:36:20,791) /usr/bin/VGAuthService -s
(root,305176,5232,04:38:22/315-12:36:20,792) /usr/bin/vmtoolsd
(polkitd,612372,10004,00:00:16/315-12:36:20,797) /usr/lib/polkit-1/polkitd --no-debug
(root,21684,1120,00:16:03/315-12:36:20,805) /usr/sbin/irqbalance --foreground
(root,26380,1688,00:02:21/315-12:36:20,839) /usr/lib/systemd/systemd-logind
(dbus,58236,2340,00:06:41/315-12:36:20,840) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation
(ntp,25728,1932,00:04:00/315-12:36:20,851) /usr/sbin/ntpd -u ntp:ntp -g
(root,476344,8552,00:06:28/315-12:36:20,858) /usr/sbin/NetworkManager --no-daemon
(root,126288,1572,00:00:42/315-12:36:20,862) /usr/sbin/crond -n
(root,110108,804,00:00:00/315-12:36:20,865) /sbin/agetty --noclear tty1 linux
(root,218220,18720,01:18:32/315-12:36:19,1120) /opt/web/powerdns-admin/flask/bin/python3 /opt/web/powerdns-admin/flask/bin/gunicorn --workers 2 --bind unix:/opt/web/powerdns-admin/powerdns-admin.sock app:app
(root,463088,10508,00:30:29/315-12:36:19,1122) /usr/sbin/rsyslogd -n
(root,574200,17260,00:51:06/315-12:36:19,1123) /usr/bin/python2 -Es /usr/sbin/tuned -l -P
(root,112920,4356,00:06:47/315-12:36:19,1126) /usr/sbin/sshd -D
(root,27168,876,00:00:00/315-12:36:19,1160) /usr/sbin/xinetd -stayalive -pidfile /var/run/xinetd.pid
(mysql,1768440,167920,04:16:20/315-12:36:19,1226) /usr/sbin/mysqld
(root,57040,3040,00:00:02/315-12:36:19,1237) nginx: master process /usr/sbin/nginx -c /etc/nginx/nginx.conf
(root,0,0,00:00:08/75-07:38:36,1263) [veeamsnap_log]
(root,0,0,00:00:00/75-07:38:36,1264) [bioset]
(root,0,0,00:00:00/75-07:38:36,1266) [bioset]
(root,0,0,00:00:00/75-07:38:36,1267) [bioset]
(root,1279376,710640,1-01:01:10/315-12:36:18,1334) /usr/bin/python2 -s /usr/bin/fail2ban-server -s /var/run/fail2ban/fail2ban.sock -p /var/run/fail2ban/fail2ban.pid -x -b
(root,90356,2252,00:01:25/315-12:36:18,1412) /usr/libexec/postfix/master -w
(postfix,90636,4360,00:00:20/315-12:36:18,1452) qmgr -l -t unix -u
(root,0,0,00:00:02/06:35:45,4870) [kworker/1:0]
(root,1194016,27864,00:17:20/76-06:01:48,5783) /opt/veeam/transport/veeamtransport --run-service
(root,104896,3036,00:00:00/76-06:01:48,5790) /opt/veeam/transport/veeamtransport --run-environmentsvc 7:6
(root,168292,2192,00:14:06/76-06:01:47,5803) /opt/veeam/transport/veeamimmureposvc --subprocess --log /var/log/VeeamBackup --maxLogSize 15728640 --stdio 10:7
(root,1627728,59780,00:16:48/76-06:01:22,6189) /usr/sbin/veeamworker --pidfile /var/run/veeamservice.pid --daemon
(root,0,0,00:00:02/46:36,6584) [kworker/0:1]
(root,0,0,00:00:00/26:08,8498) [kworker/u4:0]
(root,0,0,00:00:00/14:31,9651) [kworker/0:2]
(root,0,0,00:00:00/09:23,10117) [kworker/1:2]
(postfix,90460,4184,00:00:00/09:11,10128) pickup -l -t unix -u
(root,0,0,00:00:00/09:00,10133) [kworker/0:0]
(root,0,0,00:00:00/05:13,10490) [kworker/u4:1]
(root,0,0,00:00:00/04:22,10580) [kworker/1:1]
(root,123264,736,00:00:00/01:28,10858) /usr/sbin/anacron -s
(root,113320,1760,00:00:00/00:00,10950) /bin/bash /usr/bin/check_mk_agent
(root,113192,1596,00:00:00/00:00,10972) /bin/bash /usr/bin/check_mk_agent
(root,113192,1584,00:00:00/00:00,11036) /bin/bash /usr/bin/check_mk_agent
(root,51752,1680,00:00:00/00:00,11087) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000
(root,13324,928,00:00:00/00:00,11088) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) /
(nginx,57476,3812,00:00:00/22:02:28,12072) nginx: worker process
(root,0,0,00:00:00/315-07:32:21,12620) [cifsiod]
(root,0,0,00:00:00/315-07:32:21,12621) [cifsoplockd]
(root,415200,121192,00:10:00/262-07:52:08,14055) /opt/web/powerdns-admin/flask/bin/python3 /opt/web/powerdns-admin/flask/bin/gunicorn --workers 2 --bind unix:/opt/web/powerdns-admin/powerdns-admin.sock app:app
(root,363468,69472,00:09:44/262-07:52:08,14056) /opt/web/powerdns-admin/flask/bin/python3 /opt/web/powerdns-admin/flask/bin/gunicorn --workers 2 --bind unix:/opt/web/powerdns-admin/powerdns-admin.sock app:app
(pdns,1374876,26352,00:54:06/191-13:51:19,20510) /usr/sbin/pdns_server --guardian=no --daemon=no --disable-syslog --no-shuffle --log-timestamp=no --write-pid=no
(root,99932,2244,00:00:00/301-10:20:14,22579) /opt/veeam/deployment/veeamdeploymentsvc --run-service
(root,391024,30640,00:00:21/301-10:20:14,22581) /opt/veeam/deployment/veeamdeploymentsvc --service-process 9:8
(veeam-cd,601912,15316,01:11:22/301-10:20:14,22583) /opt/veeam/deployment/veeamdeploymentsvc --vcp-subprocess 18:17

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: ens35: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether 1e:00:d2:00:05:c4 brd ff:ff:ff:ff:ff:ff
[end_iplink]

Found on 2024-11-28 01:02

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcb76c1b6ce66f06e793f105f6bdf22204e3bc49927

Found public CheckMk agent:
Version: 1.5.0p7
AgentOS: linux
Hostname: master.gi-dns.com
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local

Found process list through CheckMk:
(root,191148,3828,01:26:12/313-12:39:18,1) /usr/lib/systemd/systemd --switched-root --system --deserialize 22
(root,0,0,00:00:06/313-12:39:18,2) [kthreadd]
(root,0,0,00:00:00/313-12:39:18,4) [kworker/0:0H]
(root,0,0,00:10:44/313-12:39:18,6) [ksoftirqd/0]
(root,0,0,00:01:21/313-12:39:18,7) [migration/0]
(root,0,0,00:00:00/313-12:39:18,8) [rcu_bh]
(root,0,0,10:07:48/313-12:39:18,9) [rcu_sched]
(root,0,0,00:00:00/313-12:39:18,10) [lru-add-drain]
(root,0,0,00:01:49/313-12:39:18,11) [watchdog/0]
(root,0,0,00:01:25/313-12:39:18,12) [watchdog/1]
(root,0,0,00:01:25/313-12:39:18,13) [migration/1]
(root,0,0,00:01:00/313-12:39:18,14) [ksoftirqd/1]
(root,0,0,00:00:00/313-12:39:18,16) [kworker/1:0H]
(root,0,0,00:00:00/313-12:39:18,18) [kdevtmpfs]
(root,0,0,00:00:00/313-12:39:18,19) [netns]
(root,0,0,00:00:17/313-12:39:18,20) [khungtaskd]
(root,0,0,00:00:00/313-12:39:18,21) [writeback]
(root,0,0,00:00:00/313-12:39:18,22) [kintegrityd]
(root,0,0,00:00:00/313-12:39:18,23) [bioset]
(root,0,0,00:00:00/313-12:39:18,24) [bioset]
(root,0,0,00:00:00/313-12:39:18,25) [bioset]
(root,0,0,00:00:00/313-12:39:18,26) [kblockd]
(root,0,0,00:00:00/313-12:39:18,27) [md]
(root,0,0,00:00:00/313-12:39:18,28) [edac-poller]
(root,0,0,00:00:00/313-12:39:18,29) [watchdogd]
(root,0,0,00:00:04/313-12:39:18,36) [kswapd0]
(root,0,0,00:00:00/313-12:39:18,37) [ksmd]
(root,0,0,00:01:15/313-12:39:18,38) [khugepaged]
(root,0,0,00:00:00/313-12:39:18,39) [crypto]
(root,0,0,00:00:00/313-12:39:18,47) [kthrotld]
(root,0,0,00:00:00/313-12:39:18,49) [kmpath_rdacd]
(root,0,0,00:00:00/313-12:39:18,50) [kaluad]
(root,0,0,00:00:00/313-12:39:18,51) [kpsmoused]
(root,0,0,00:00:00/313-12:39:18,53) [ipv6_addrconf]
(root,0,0,00:00:00/313-12:39:18,66) [deferwq]
(root,0,0,00:01:08/313-12:39:18,101) [kauditd]
(root,0,0,00:00:00/313-12:39:17,280) [ata_sff]
(root,0,0,00:00:00/313-12:39:17,281) [mpt_poll_0]
(root,0,0,00:00:00/313-12:39:17,282) [nfit]
(root,0,0,00:00:00/313-12:39:17,283) [mpt/0]
(root,0,0,00:00:00/313-12:39:17,311) [scsi_eh_0]
(root,0,0,00:00:00/313-12:39:17,312) [scsi_tmf_0]
(root,0,0,00:00:00/313-12:39:17,353) [scsi_eh_1]
(root,0,0,00:00:00/313-12:39:17,354) [scsi_tmf_1]
(root,0,0,00:00:00/313-12:39:17,356) [scsi_eh_2]
(root,0,0,00:00:00/313-12:39:17,357) [scsi_tmf_2]
(root,0,0,00:50:29/313-12:39:17,360) [irq/16-vmwgfx]
(root,0,0,00:00:00/313-12:39:17,365) [ttm_swap]
(root,0,0,00:00:00/313-12:39:17,374) [mpt_poll_1]
(root,0,0,00:00:00/313-12:39:17,375) [mpt/1]
(root,0,0,00:00:00/313-12:39:17,378) [scsi_eh_3]
(root,0,0,00:00:00/313-12:39:17,379) [scsi_tmf_3]
(root,0,0,00:00:00/313-12:39:17,380) [mpt_poll_2]
(root,0,0,00:00:00/313-12:39:17,381) [mpt/2]
(root,0,0,00:00:00/313-12:39:17,382) [scsi_eh_4]
(root,0,0,00:00:00/313-12:39:17,383) [scsi_tmf_4]
(root,0,0,00:00:00/313-12:39:17,384) [mpt_poll_3]
(root,0,0,00:00:00/313-12:39:17,385) [mpt/3]
(root,0,0,00:00:00/313-12:39:17,386) [scsi_eh_5]
(root,0,0,00:00:00/313-12:39:17,387) [scsi_tmf_5]
(root,0,0,00:00:00/313-12:39:17,451) [kdmflush]
(root,0,0,00:00:00/313-12:39:17,452) [bioset]
(root,0,0,00:00:00/313-12:39:16,462) [kdmflush]
(root,0,0,00:00:00/313-12:39:16,463) [bioset]
(root,0,0,00:00:00/313-12:39:16,476) [bioset]
(root,0,0,00:00:00/313-12:39:16,477) [xfsalloc]
(root,0,0,00:00:00/313-12:39:16,478) [xfs_mru_cache]
(root,0,0,00:00:00/313-12:39:16,479) [xfs-buf/dm-0]
(root,0,0,00:00:00/313-12:39:16,480) [xfs-data/dm-0]
(root,0,0,00:00:00/313-12:39:16,481) [xfs-conv/dm-0]
(root,0,0,00:00:00/313-12:39:16,482) [xfs-cil/dm-0]
(root,0,0,00:00:00/313-12:39:16,483) [xfs-reclaim/dm-]
(root,0,0,00:00:00/313-12:39:16,484) [xfs-log/dm-0]
(root,0,0,00:00:00/313-12:39:16,485) [xfs-eofblocks/d]
(root,0,0,01:46:36/313-12:39:16,486) [xfsaild/dm-0]
(root,0,0,00:01:01/313-12:39:16,487) [kworker/0:1H]
(root,55916,19376,00:24:15/313-12:39:13,567) /usr/lib/systemd/systemd-journald
(root,198568,1384,00:00:03/313-12:39:13,587) /usr/sbin/lvmetad -f
(root,44800,1536,00:00:01/313-12:39:13,600) /usr/lib/systemd/systemd-udevd
(root,0,0,00:00:00/313-12:39:12,729) [xfs-buf/sda1]
(root,0,0,00:00:00/313-12:39:12,730) [xfs-data/sda1]
(root,0,0,00:00:00/313-12:39:12,731) [xfs-conv/sda1]
(root,0,0,00:00:00/313-12:39:12,732) [xfs-cil/sda1]
(root,0,0,00:00:00/313-12:39:12,733) [xfs-reclaim/sda]
(root,0,0,00:00:00/313-12:39:12,734) [xfs-log/sda1]
(root,0,0,00:00:00/313-12:39:12,735) [xfs-eofblocks/s]
(root,0,0,00:00:03/313-12:39:12,744) [xfsaild/sda1]
(root,0,0,00:00:58/313-12:39:12,768) [kworker/1:1H]
(root,55528,848,00:05:48/313-12:39:12,769) /sbin/auditd
(root,99684,4476,00:00:00/313-12:39:11,791) /usr/bin/VGAuthService -s
(root,305176,5232,04:36:23/313-12:39:11,792) /usr/bin/vmtoolsd
(polkitd,612372,10004,00:00:16/313-12:39:11,797) /usr/lib/polkit-1/polkitd --no-debug
(root,21684,1120,00:15:57/313-12:39:11,805) /usr/sbin/irqbalance --foreground
(root,26380,1688,00:02:20/313-12:39:11,839) /usr/lib/systemd/systemd-logind
(dbus,58236,2340,00:06:39/313-12:39:11,840) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation
(ntp,25728,1932,00:03:59/313-12:39:11,851) /usr/sbin/ntpd -u ntp:ntp -g
(root,476344,8552,00:06:25/313-12:39:11,858) /usr/sbin/NetworkManager --no-daemon
(root,126288,1572,00:00:42/313-12:39:11,862) /usr/sbin/crond -n
(root,110108,804,00:00:00/313-12:39:11,865) /sbin/agetty --noclear tty1 linux
(root,218220,18720,01:18:01/313-12:39:10,1120) /opt/web/powerdns-admin/flask/bin/python3 /opt/web/powerdns-admin/flask/bin/gunicorn --workers 2 --bind unix:/opt/web/powerdns-admin/powerdns-admin.sock app:app
(root,470572,14816,00:30:16/313-12:39:10,1122) /usr/sbin/rsyslogd -n
(root,574200,17260,00:50:45/313-12:39:10,1123) /usr/bin/python2 -Es /usr/sbin/tuned -l -P
(root,112920,4356,00:06:44/313-12:39:10,1126) /usr/sbin/sshd -D
(root,27168,876,00:00:00/313-12:39:10,1160) /usr/sbin/xinetd -stayalive -pidfile /var/run/xinetd.pid
(mysql,1768440,167784,04:14:40/313-12:39:10,1226) /usr/sbin/mysqld
(root,57040,3040,00:00:02/313-12:39:10,1237) nginx: master process /usr/sbin/nginx -c /etc/nginx/nginx.conf
(root,0,0,00:00:08/73-07:41:27,1263) [veeamsnap_log]
(root,0,0,00:00:00/73-07:41:27,1264) [bioset]
(root,0,0,00:00:00/73-07:41:27,1266) [bioset]
(root,0,0,00:00:00/73-07:41:27,1267) [bioset]
(root,1288236,710180,1-00:55:04/313-12:39:09,1334) /usr/bin/python2 -s /usr/bin/fail2ban-server -s /var/run/fail2ban/fail2ban.sock -p /var/run/fail2ban/fail2ban.pid -x -b
(root,90356,2252,00:01:25/313-12:39:09,1412) /usr/libexec/postfix/master -w
(postfix,90636,4360,00:00:20/313-12:39:09,1452) qmgr -l -t unix -u
(root,0,0,00:00:02/02:46:46,5483) [kworker/0:2]
(root,1194016,27752,00:16:53/74-06:04:39,5783) /opt/veeam/transport/veeamtransport --run-service
(root,104896,3036,00:00:00/74-06:04:39,5790) /opt/veeam/transport/veeamtransport --run-environmentsvc 7:6
(root,168292,2192,00:13:43/74-06:04:38,5803) /opt/veeam/transport/veeamimmureposvc --subprocess --log /var/log/VeeamBackup --maxLogSize 15728640 --stdio 10:7
(root,1627728,58508,00:16:26/74-06:04:13,6189) /usr/sbin/veeamworker --pidfile /var/run/veeamservice.pid --daemon
(root,0,0,00:00:08/02:04:19,9710) [kworker/0:1]
(root,0,0,00:00:00/313-07:35:12,12620) [cifsiod]
(root,0,0,00:00:00/313-07:35:12,12621) [cifsoplockd]
(root,415200,121192,00:09:54/260-07:54:59,14055) /opt/web/powerdns-admin/flask/bin/python3 /opt/web/powerdns-admin/flask/bin/gunicorn --workers 2 --bind unix:/opt/web/powerdns-admin/powerdns-admin.sock app:app
(root,362704,68680,00:09:39/260-07:54:59,14056) /opt/web/powerdns-admin/flask/bin/python3 /opt/web/powerdns-admin/flask/bin/gunicorn --workers 2 --bind unix:/opt/web/powerdns-admin/powerdns-admin.sock app:app
(root,0,0,00:00:00/47:35,17008) [kworker/1:2]
(postfix,90460,4176,00:00:00/31:26,18482) pickup -l -t unix -u
(root,0,0,00:00:00/24:24,19164) [kworker/u4:2]
(root,0,0,00:00:00/17:35,19825) [kworker/u4:0]
(pdns,1374876,26900,00:53:30/189-13:54:10,20510) /usr/sbin/pdns_server --guardian=no --daemon=no --disable-syslog --no-shuffle --log-timestamp=no --write-pid=no
(root,0,0,00:00:00/07:29,20825) [kworker/1:3]
(root,123264,728,00:00:00/04:18,21120) /usr/sbin/anacron -s
(root,0,0,00:00:00/03:29,21212) [kworker/u4:1]
(root,0,0,00:00:00/02:28,21304) [kworker/1:0]
(root,113320,1624,00:00:00/00:00,21604) /bin/bash /usr/bin/check_mk_agent
(root,113192,1592,00:00:00/00:00,21627) /bin/bash /usr/bin/check_mk_agent
(root,113192,1584,00:00:00/00:00,21679) /bin/bash /usr/bin/check_mk_agent
(root,113192,824,00:00:00/00:00,21685) /bin/bash /usr/bin/check_mk_agent
(root,51752,1680,00:00:00/00:00,21714) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000
(root,13324,928,00:00:00/00:00,21715) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) /
(root,0,0,00:00:00/00:00,21716) [cat] <defunct>
(root,99932,2244,00:00:00/299-10:23:05,22579) /opt/veeam/deployment/veeamdeploymentsvc --run-service
(root,391024,30640,00:00:20/299-10:23:05,22581) /opt/veeam/deployment/veeamdeploymentsvc --service-process 9:8
(veeam-cd,601912,15316,01:10:51/299-10:23:05,22583) /opt/veeam/deployment/veeamdeploymentsvc --vcp-subprocess 18:17
(nginx,57488,3900,00:00:00/22:05:18,23977) nginx: worker process

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: ens35: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether 1e:00:d2:00:05:c4 brd ff:ff:ff:ff:ff:ff
[end_iplink]

Found on 2024-11-26 01:05

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcb76c1b6ce66f06e793f105f6bdf22204eec0b2b81

Found public CheckMk agent:
Version: 1.5.0p7
AgentOS: linux
Hostname: master.gi-dns.com
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local

Found process list through CheckMk:
(root,191148,3828,01:25:28/311-12:24:25,1) /usr/lib/systemd/systemd --switched-root --system --deserialize 22
(root,0,0,00:00:06/311-12:24:25,2) [kthreadd]
(root,0,0,00:00:00/311-12:24:25,4) [kworker/0:0H]
(root,0,0,00:10:41/311-12:24:25,6) [ksoftirqd/0]
(root,0,0,00:01:21/311-12:24:25,7) [migration/0]
(root,0,0,00:00:00/311-12:24:25,8) [rcu_bh]
(root,0,0,10:04:00/311-12:24:25,9) [rcu_sched]
(root,0,0,00:00:00/311-12:24:25,10) [lru-add-drain]
(root,0,0,00:01:48/311-12:24:25,11) [watchdog/0]
(root,0,0,00:01:24/311-12:24:25,12) [watchdog/1]
(root,0,0,00:01:25/311-12:24:25,13) [migration/1]
(root,0,0,00:01:00/311-12:24:25,14) [ksoftirqd/1]
(root,0,0,00:00:00/311-12:24:25,16) [kworker/1:0H]
(root,0,0,00:00:00/311-12:24:25,18) [kdevtmpfs]
(root,0,0,00:00:00/311-12:24:25,19) [netns]
(root,0,0,00:00:17/311-12:24:25,20) [khungtaskd]
(root,0,0,00:00:00/311-12:24:25,21) [writeback]
(root,0,0,00:00:00/311-12:24:25,22) [kintegrityd]
(root,0,0,00:00:00/311-12:24:25,23) [bioset]
(root,0,0,00:00:00/311-12:24:25,24) [bioset]
(root,0,0,00:00:00/311-12:24:25,25) [bioset]
(root,0,0,00:00:00/311-12:24:25,26) [kblockd]
(root,0,0,00:00:00/311-12:24:25,27) [md]
(root,0,0,00:00:00/311-12:24:25,28) [edac-poller]
(root,0,0,00:00:00/311-12:24:25,29) [watchdogd]
(root,0,0,00:00:04/311-12:24:25,36) [kswapd0]
(root,0,0,00:00:00/311-12:24:25,37) [ksmd]
(root,0,0,00:01:15/311-12:24:25,38) [khugepaged]
(root,0,0,00:00:00/311-12:24:25,39) [crypto]
(root,0,0,00:00:00/311-12:24:25,47) [kthrotld]
(root,0,0,00:00:00/311-12:24:25,49) [kmpath_rdacd]
(root,0,0,00:00:00/311-12:24:25,50) [kaluad]
(root,0,0,00:00:00/311-12:24:25,51) [kpsmoused]
(root,0,0,00:00:00/311-12:24:25,53) [ipv6_addrconf]
(root,0,0,00:00:00/311-12:24:25,66) [deferwq]
(root,0,0,00:01:08/311-12:24:25,101) [kauditd]
(root,0,0,00:00:00/311-12:24:24,280) [ata_sff]
(root,0,0,00:00:00/311-12:24:24,281) [mpt_poll_0]
(root,0,0,00:00:00/311-12:24:24,282) [nfit]
(root,0,0,00:00:00/311-12:24:24,283) [mpt/0]
(root,0,0,00:00:00/311-12:24:24,311) [scsi_eh_0]
(root,0,0,00:00:00/311-12:24:24,312) [scsi_tmf_0]
(nginx,57476,2556,00:00:00/21:50:26,334) nginx: worker process
(root,0,0,00:00:00/311-12:24:24,353) [scsi_eh_1]
(root,0,0,00:00:00/311-12:24:24,354) [scsi_tmf_1]
(root,0,0,00:00:00/311-12:24:24,356) [scsi_eh_2]
(root,0,0,00:00:00/311-12:24:24,357) [scsi_tmf_2]
(root,0,0,00:50:10/311-12:24:24,360) [irq/16-vmwgfx]
(root,0,0,00:00:00/311-12:24:24,365) [ttm_swap]
(root,0,0,00:00:00/311-12:24:24,374) [mpt_poll_1]
(root,0,0,00:00:00/311-12:24:24,375) [mpt/1]
(root,0,0,00:00:00/311-12:24:24,378) [scsi_eh_3]
(root,0,0,00:00:00/311-12:24:24,379) [scsi_tmf_3]
(root,0,0,00:00:00/311-12:24:24,380) [mpt_poll_2]
(root,0,0,00:00:00/311-12:24:24,381) [mpt/2]
(root,0,0,00:00:00/311-12:24:24,382) [scsi_eh_4]
(root,0,0,00:00:00/311-12:24:24,383) [scsi_tmf_4]
(root,0,0,00:00:00/311-12:24:24,384) [mpt_poll_3]
(root,0,0,00:00:00/311-12:24:24,385) [mpt/3]
(root,0,0,00:00:00/311-12:24:24,386) [scsi_eh_5]
(root,0,0,00:00:00/311-12:24:24,387) [scsi_tmf_5]
(root,0,0,00:00:00/311-12:24:24,451) [kdmflush]
(root,0,0,00:00:00/311-12:24:24,452) [bioset]
(root,0,0,00:00:00/311-12:24:23,462) [kdmflush]
(root,0,0,00:00:00/311-12:24:23,463) [bioset]
(root,0,0,00:00:00/311-12:24:23,476) [bioset]
(root,0,0,00:00:00/311-12:24:23,477) [xfsalloc]
(root,0,0,00:00:00/311-12:24:23,478) [xfs_mru_cache]
(root,0,0,00:00:00/311-12:24:23,479) [xfs-buf/dm-0]
(root,0,0,00:00:00/311-12:24:23,480) [xfs-data/dm-0]
(root,0,0,00:00:00/311-12:24:23,481) [xfs-conv/dm-0]
(root,0,0,00:00:00/311-12:24:23,482) [xfs-cil/dm-0]
(root,0,0,00:00:00/311-12:24:23,483) [xfs-reclaim/dm-]
(root,0,0,00:00:00/311-12:24:23,484) [xfs-log/dm-0]
(root,0,0,00:00:00/311-12:24:23,485) [xfs-eofblocks/d]
(root,0,0,01:45:54/311-12:24:23,486) [xfsaild/dm-0]
(root,0,0,00:01:00/311-12:24:23,487) [kworker/0:1H]
(root,39556,7484,00:24:05/311-12:24:20,567) /usr/lib/systemd/systemd-journald
(root,198568,1384,00:00:03/311-12:24:20,587) /usr/sbin/lvmetad -f
(root,44800,1536,00:00:01/311-12:24:20,600) /usr/lib/systemd/systemd-udevd
(root,0,0,00:00:00/311-12:24:19,729) [xfs-buf/sda1]
(root,0,0,00:00:00/311-12:24:19,730) [xfs-data/sda1]
(root,0,0,00:00:00/311-12:24:19,731) [xfs-conv/sda1]
(root,0,0,00:00:00/311-12:24:19,732) [xfs-cil/sda1]
(root,0,0,00:00:00/311-12:24:19,733) [xfs-reclaim/sda]
(root,0,0,00:00:00/311-12:24:19,734) [xfs-log/sda1]
(root,0,0,00:00:00/311-12:24:19,735) [xfs-eofblocks/s]
(root,0,0,00:00:03/311-12:24:19,744) [xfsaild/sda1]
(root,0,0,00:00:57/311-12:24:19,768) [kworker/1:1H]
(root,55528,848,00:05:46/311-12:24:19,769) /sbin/auditd
(root,99684,4476,00:00:00/311-12:24:18,791) /usr/bin/VGAuthService -s
(root,305176,5232,04:34:26/311-12:24:18,792) /usr/bin/vmtoolsd
(polkitd,612372,10004,00:00:16/311-12:24:18,797) /usr/lib/polkit-1/polkitd --no-debug
(root,21684,1120,00:15:50/311-12:24:18,805) /usr/sbin/irqbalance --foreground
(root,26380,1684,00:02:19/311-12:24:18,839) /usr/lib/systemd/systemd-logind
(dbus,58236,2340,00:06:36/311-12:24:18,840) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation
(ntp,25728,1932,00:03:57/311-12:24:18,851) /usr/sbin/ntpd -u ntp:ntp -g
(root,476344,8552,00:06:23/311-12:24:18,858) /usr/sbin/NetworkManager --no-daemon
(root,126288,1572,00:00:41/311-12:24:18,862) /usr/sbin/crond -n
(root,110108,804,00:00:00/311-12:24:18,865) /sbin/agetty --noclear tty1 linux
(root,218220,18720,01:17:29/311-12:24:17,1120) /opt/web/powerdns-admin/flask/bin/python3 /opt/web/powerdns-admin/flask/bin/gunicorn --workers 2 --bind unix:/opt/web/powerdns-admin/powerdns-admin.sock app:app
(root,454436,8596,00:30:03/311-12:24:17,1122) /usr/sbin/rsyslogd -n
(root,574200,17260,00:50:24/311-12:24:17,1123) /usr/bin/python2 -Es /usr/sbin/tuned -l -P
(root,112920,4356,00:06:41/311-12:24:17,1126) /usr/sbin/sshd -D
(root,27168,876,00:00:00/311-12:24:17,1160) /usr/sbin/xinetd -stayalive -pidfile /var/run/xinetd.pid
(mysql,1768440,167680,04:13:02/311-12:24:17,1226) /usr/sbin/mysqld
(root,57040,3040,00:00:02/311-12:24:17,1237) nginx: master process /usr/sbin/nginx -c /etc/nginx/nginx.conf
(root,0,0,00:00:07/71-07:26:34,1263) [veeamsnap_log]
(root,0,0,00:00:00/71-07:26:34,1264) [bioset]
(root,0,0,00:00:00/71-07:26:34,1266) [bioset]
(root,0,0,00:00:00/71-07:26:34,1267) [bioset]
(root,1274304,702080,1-00:49:27/311-12:24:16,1334) /usr/bin/python2 -s /usr/bin/fail2ban-server -s /var/run/fail2ban/fail2ban.sock -p /var/run/fail2ban/fail2ban.pid -x -b
(root,90356,2252,00:01:24/311-12:24:16,1412) /usr/libexec/postfix/master -w
(postfix,90636,4360,00:00:20/311-12:24:16,1452) qmgr -l -t unix -u
(root,1194016,27724,00:16:27/72-05:49:46,5783) /opt/veeam/transport/veeamtransport --run-service
(root,104896,3036,00:00:00/72-05:49:46,5790) /opt/veeam/transport/veeamtransport --run-environmentsvc 7:6
(root,168292,2192,00:13:21/72-05:49:45,5803) /opt/veeam/transport/veeamimmureposvc --subprocess --log /var/log/VeeamBackup --maxLogSize 15728640 --stdio 10:7
(root,0,0,00:00:42/09:49:25,6163) [kworker/0:0]
(root,1627728,61752,00:15:11/72-05:49:20,6189) /usr/sbin/veeamworker --pidfile /var/run/veeamservice.pid --daemon
(root,0,0,00:00:00/311-07:20:19,12620) [cifsiod]
(root,0,0,00:00:00/311-07:20:19,12621) [cifsoplockd]
(root,415200,121192,00:09:50/258-07:40:06,14055) /opt/web/powerdns-admin/flask/bin/python3 /opt/web/powerdns-admin/flask/bin/gunicorn --workers 2 --bind unix:/opt/web/powerdns-admin/powerdns-admin.sock app:app
(root,362704,68680,00:09:35/258-07:40:06,14056) /opt/web/powerdns-admin/flask/bin/python3 /opt/web/powerdns-admin/flask/bin/gunicorn --workers 2 --bind unix:/opt/web/powerdns-admin/powerdns-admin.sock app:app
(pdns,1374876,26332,00:52:54/187-13:39:17,20510) /usr/sbin/pdns_server --guardian=no --daemon=no --disable-syslog --no-shuffle --log-timestamp=no --write-pid=no
(root,99932,2244,00:00:00/297-10:08:12,22579) /opt/veeam/deployment/veeamdeploymentsvc --run-service
(root,391024,30640,00:00:20/297-10:08:12,22581) /opt/veeam/deployment/veeamdeploymentsvc --service-process 9:8
(veeam-cd,601912,15316,01:10:20/297-10:08:12,22583) /opt/veeam/deployment/veeamdeploymentsvc --vcp-subprocess 18:17
(postfix,90460,4180,00:00:00/35:53,28392) pickup -l -t unix -u
(root,0,0,00:00:00/35:20,28492) [kworker/u4:0]
(root,0,0,00:00:00/21:35,29842) [kworker/1:2]
(root,0,0,00:00:00/11:03,30826) [kworker/1:1]
(root,0,0,00:00:00/08:24,31114) [kworker/0:2]
(root,0,0,00:00:00/06:07,31321) [kworker/u4:1]
(root,0,0,00:00:00/05:32,31417) [kworker/1:0]
(root,0,0,00:00:00/03:23,31617) [kworker/0:1]
(root,158804,5284,00:00:00/01:49,31732) sshd: unknown [priv]
(sshd,112920,2228,00:00:00/01:49,31733) sshd: unknown [net]
(root,113192,1584,00:00:00/00:00,32093) /bin/bash /usr/bin/check_mk_agent
(root,51752,1680,00:00:00/00:00,32109) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000
(root,13324,928,00:00:00/00:00,32110) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) /

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: ens35: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether 1e:00:d2:00:05:c4 brd ff:ff:ff:ff:ff:ff
[end_iplink]

Found on 2024-11-24 00:50

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcb76c1b6ce66f06e793f105f6bdf22204e10adbdcf

Found public CheckMk agent:
Version: 1.5.0p7
AgentOS: linux
Hostname: master.gi-dns.com
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local

Found process list through CheckMk:
(root,191148,3828,01:24:45/309-12:24:33,1) /usr/lib/systemd/systemd --switched-root --system --deserialize 22
(root,0,0,00:00:06/309-12:24:33,2) [kthreadd]
(root,0,0,00:00:00/309-12:24:33,4) [kworker/0:0H]
(root,0,0,00:10:37/309-12:24:33,6) [ksoftirqd/0]
(root,0,0,00:01:20/309-12:24:33,7) [migration/0]
(root,0,0,00:00:00/309-12:24:33,8) [rcu_bh]
(root,0,0,10:00:25/309-12:24:33,9) [rcu_sched]
(root,0,0,00:00:00/309-12:24:33,10) [lru-add-drain]
(root,0,0,00:01:48/309-12:24:33,11) [watchdog/0]
(root,0,0,00:01:24/309-12:24:33,12) [watchdog/1]
(root,0,0,00:01:24/309-12:24:33,13) [migration/1]
(root,0,0,00:00:59/309-12:24:33,14) [ksoftirqd/1]
(root,0,0,00:00:00/309-12:24:33,16) [kworker/1:0H]
(root,0,0,00:00:00/309-12:24:33,18) [kdevtmpfs]
(root,0,0,00:00:00/309-12:24:33,19) [netns]
(root,0,0,00:00:17/309-12:24:33,20) [khungtaskd]
(root,0,0,00:00:00/309-12:24:33,21) [writeback]
(root,0,0,00:00:00/309-12:24:33,22) [kintegrityd]
(root,0,0,00:00:00/309-12:24:33,23) [bioset]
(root,0,0,00:00:00/309-12:24:33,24) [bioset]
(root,0,0,00:00:00/309-12:24:33,25) [bioset]
(root,0,0,00:00:00/309-12:24:33,26) [kblockd]
(root,0,0,00:00:00/309-12:24:33,27) [md]
(root,0,0,00:00:00/309-12:24:33,28) [edac-poller]
(root,0,0,00:00:00/309-12:24:33,29) [watchdogd]
(root,0,0,00:00:04/309-12:24:33,36) [kswapd0]
(root,0,0,00:00:00/309-12:24:33,37) [ksmd]
(root,0,0,00:01:14/309-12:24:33,38) [khugepaged]
(root,0,0,00:00:00/309-12:24:33,39) [crypto]
(root,0,0,00:00:00/309-12:24:33,47) [kthrotld]
(root,0,0,00:00:00/309-12:24:33,49) [kmpath_rdacd]
(root,0,0,00:00:00/309-12:24:33,50) [kaluad]
(root,0,0,00:00:00/309-12:24:33,51) [kpsmoused]
(root,0,0,00:00:00/309-12:24:33,53) [ipv6_addrconf]
(root,0,0,00:00:00/309-12:24:33,66) [deferwq]
(root,0,0,00:01:07/309-12:24:33,101) [kauditd]
(root,0,0,00:00:00/309-12:24:32,280) [ata_sff]
(root,0,0,00:00:00/309-12:24:32,281) [mpt_poll_0]
(root,0,0,00:00:00/309-12:24:32,282) [nfit]
(root,0,0,00:00:00/309-12:24:32,283) [mpt/0]
(root,0,0,00:00:00/309-12:24:32,311) [scsi_eh_0]
(root,0,0,00:00:00/309-12:24:32,312) [scsi_tmf_0]
(root,0,0,00:00:00/309-12:24:32,353) [scsi_eh_1]
(root,0,0,00:00:00/309-12:24:32,354) [scsi_tmf_1]
(root,0,0,00:00:00/309-12:24:32,356) [scsi_eh_2]
(root,0,0,00:00:00/309-12:24:32,357) [scsi_tmf_2]
(root,0,0,00:49:52/309-12:24:32,360) [irq/16-vmwgfx]
(root,0,0,00:00:00/309-12:24:32,365) [ttm_swap]
(root,0,0,00:00:00/309-12:24:32,374) [mpt_poll_1]
(root,0,0,00:00:00/309-12:24:32,375) [mpt/1]
(root,0,0,00:00:00/309-12:24:32,378) [scsi_eh_3]
(root,0,0,00:00:00/309-12:24:32,379) [scsi_tmf_3]
(root,0,0,00:00:00/309-12:24:32,380) [mpt_poll_2]
(root,0,0,00:00:00/309-12:24:32,381) [mpt/2]
(root,0,0,00:00:00/309-12:24:32,382) [scsi_eh_4]
(root,0,0,00:00:00/309-12:24:32,383) [scsi_tmf_4]
(root,0,0,00:00:00/309-12:24:32,384) [mpt_poll_3]
(root,0,0,00:00:00/309-12:24:32,385) [mpt/3]
(root,0,0,00:00:00/309-12:24:32,386) [scsi_eh_5]
(root,0,0,00:00:00/309-12:24:32,387) [scsi_tmf_5]
(root,0,0,00:00:00/309-12:24:32,451) [kdmflush]
(root,0,0,00:00:00/309-12:24:32,452) [bioset]
(root,0,0,00:00:00/309-12:24:31,462) [kdmflush]
(root,0,0,00:00:00/309-12:24:31,463) [bioset]
(root,0,0,00:00:00/309-12:24:31,476) [bioset]
(root,0,0,00:00:00/309-12:24:31,477) [xfsalloc]
(root,0,0,00:00:00/309-12:24:31,478) [xfs_mru_cache]
(root,0,0,00:00:00/309-12:24:31,479) [xfs-buf/dm-0]
(root,0,0,00:00:00/309-12:24:31,480) [xfs-data/dm-0]
(root,0,0,00:00:00/309-12:24:31,481) [xfs-conv/dm-0]
(root,0,0,00:00:00/309-12:24:31,482) [xfs-cil/dm-0]
(root,0,0,00:00:00/309-12:24:31,483) [xfs-reclaim/dm-]
(root,0,0,00:00:00/309-12:24:31,484) [xfs-log/dm-0]
(root,0,0,00:00:00/309-12:24:31,485) [xfs-eofblocks/d]
(root,0,0,01:45:11/309-12:24:31,486) [xfsaild/dm-0]
(root,0,0,00:01:00/309-12:24:31,487) [kworker/0:1H]
(root,47740,13240,00:23:54/309-12:24:28,567) /usr/lib/systemd/systemd-journald
(root,198568,1412,00:00:03/309-12:24:28,587) /usr/sbin/lvmetad -f
(root,44800,1612,00:00:01/309-12:24:28,600) /usr/lib/systemd/systemd-udevd
(root,0,0,00:00:00/309-12:24:27,729) [xfs-buf/sda1]
(root,0,0,00:00:00/309-12:24:27,730) [xfs-data/sda1]
(root,0,0,00:00:00/309-12:24:27,731) [xfs-conv/sda1]
(root,0,0,00:00:00/309-12:24:27,732) [xfs-cil/sda1]
(root,0,0,00:00:00/309-12:24:27,733) [xfs-reclaim/sda]
(root,0,0,00:00:00/309-12:24:27,734) [xfs-log/sda1]
(root,0,0,00:00:00/309-12:24:27,735) [xfs-eofblocks/s]
(root,0,0,00:00:03/309-12:24:27,744) [xfsaild/sda1]
(root,0,0,00:00:57/309-12:24:27,768) [kworker/1:1H]
(root,55528,1072,00:05:43/309-12:24:27,769) /sbin/auditd
(root,99684,4488,00:00:00/309-12:24:26,791) /usr/bin/VGAuthService -s
(root,305176,5280,04:32:28/309-12:24:26,792) /usr/bin/vmtoolsd
(polkitd,612372,10012,00:00:16/309-12:24:26,797) /usr/lib/polkit-1/polkitd --no-debug
(root,21684,1224,00:15:44/309-12:24:26,805) /usr/sbin/irqbalance --foreground
(root,26380,1684,00:02:18/309-12:24:26,839) /usr/lib/systemd/systemd-logind
(dbus,58236,2340,00:06:33/309-12:24:26,840) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation
(ntp,25728,1932,00:03:56/309-12:24:26,851) /usr/sbin/ntpd -u ntp:ntp -g
(root,476344,8552,00:06:20/309-12:24:26,858) /usr/sbin/NetworkManager --no-daemon
(root,126288,1572,00:00:41/309-12:24:26,862) /usr/sbin/crond -n
(root,110108,804,00:00:00/309-12:24:26,865) /sbin/agetty --noclear tty1 linux
(root,218220,18720,01:16:58/309-12:24:25,1120) /opt/web/powerdns-admin/flask/bin/python3 /opt/web/powerdns-admin/flask/bin/gunicorn --workers 2 --bind unix:/opt/web/powerdns-admin/powerdns-admin.sock app:app
(root,462632,11584,00:29:50/309-12:24:25,1122) /usr/sbin/rsyslogd -n
(root,574200,17260,00:50:03/309-12:24:25,1123) /usr/bin/python2 -Es /usr/sbin/tuned -l -P
(root,112920,4356,00:06:38/309-12:24:25,1126) /usr/sbin/sshd -D
(root,27168,876,00:00:00/309-12:24:25,1160) /usr/sbin/xinetd -stayalive -pidfile /var/run/xinetd.pid
(mysql,1768440,167552,04:11:24/309-12:24:25,1226) /usr/sbin/mysqld
(root,57040,3040,00:00:02/309-12:24:25,1237) nginx: master process /usr/sbin/nginx -c /etc/nginx/nginx.conf
(root,0,0,00:00:07/69-07:26:42,1263) [veeamsnap_log]
(root,0,0,00:00:00/69-07:26:42,1264) [bioset]
(root,0,0,00:00:00/69-07:26:42,1266) [bioset]
(root,0,0,00:00:00/69-07:26:42,1267) [bioset]
(root,1290164,701252,1-00:43:20/309-12:24:24,1334) /usr/bin/python2 -s /usr/bin/fail2ban-server -s /var/run/fail2ban/fail2ban.sock -p /var/run/fail2ban/fail2ban.pid -x -b
(root,90356,2252,00:01:24/309-12:24:24,1412) /usr/libexec/postfix/master -w
(postfix,90636,4360,00:00:20/309-12:24:24,1452) qmgr -l -t unix -u
(postfix,90460,4176,00:00:00/55:28,5619) pickup -l -t unix -u
(root,1194016,27712,00:16:00/70-05:49:54,5783) /opt/veeam/transport/veeamtransport --run-service
(root,104896,3036,00:00:00/70-05:49:54,5790) /opt/veeam/transport/veeamtransport --run-environmentsvc 7:6
(root,168292,2192,00:12:58/70-05:49:53,5803) /opt/veeam/transport/veeamimmureposvc --subprocess --log /var/log/VeeamBackup --maxLogSize 15728640 --stdio 10:7
(root,0,0,00:00:00/49:34,6139) [kworker/1:0]
(root,1627728,59056,00:14:53/70-05:49:28,6189) /usr/sbin/veeamworker --pidfile /var/run/veeamservice.pid --daemon
(root,0,0,00:00:00/18:52,9201) [kworker/u4:2]
(root,0,0,00:00:00/13:51,9702) [kworker/u4:1]
(root,0,0,00:00:00/05:28,10461) [kworker/0:3]
(root,0,0,00:00:00/03:21,10656) [kworker/u4:0]
(root,0,0,00:00:00/00:27,10936) [kworker/0:0]
(root,113320,1620,00:00:00/00:00,11026) /bin/bash /usr/bin/check_mk_agent
(root,113192,1592,00:00:00/00:00,11044) /bin/bash /usr/bin/check_mk_agent
(root,113192,1588,00:00:00/00:00,11105) /bin/bash /usr/bin/check_mk_agent
(root,51752,1680,00:00:00/00:00,11141) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000
(root,13324,924,00:00:00/00:00,11142) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) /
(root,0,0,00:00:00/309-07:20:27,12620) [cifsiod]
(root,0,0,00:00:00/309-07:20:27,12621) [cifsoplockd]
(root,414432,120680,00:09:41/256-07:40:14,14055) /opt/web/powerdns-admin/flask/bin/python3 /opt/web/powerdns-admin/flask/bin/gunicorn --workers 2 --bind unix:/opt/web/powerdns-admin/powerdns-admin.sock app:app
(root,363428,69580,00:09:29/256-07:40:14,14056) /opt/web/powerdns-admin/flask/bin/python3 /opt/web/powerdns-admin/flask/bin/gunicorn --workers 2 --bind unix:/opt/web/powerdns-admin/powerdns-admin.sock app:app
(nginx,57488,3908,00:00:00/21:50:34,14485) nginx: worker process
(pdns,1374876,26316,00:52:17/185-13:39:25,20510) /usr/sbin/pdns_server --guardian=no --daemon=no --disable-syslog --no-shuffle --log-timestamp=no --write-pid=no
(root,99932,2244,00:00:00/295-10:08:20,22579) /opt/veeam/deployment/veeamdeploymentsvc --run-service
(root,391024,30640,00:00:20/295-10:08:20,22581) /opt/veeam/deployment/veeamdeploymentsvc --service-process 9:8
(veeam-cd,601912,15316,01:09:49/295-10:08:20,22583) /opt/veeam/deployment/veeamdeploymentsvc --vcp-subprocess 18:17
(root,0,0,00:00:08/02:56:56,26384) [kworker/0:2]
(root,0,0,00:00:00/02:49:34,27129) [kworker/1:2]

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: ens35: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether 1e:00:d2:00:05:c4 brd ff:ff:ff:ff:ff:ff
[end_iplink]

Found on 2024-11-22 00:50

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcb76c1b6ce66f06e793f105f6bdf22204e81fee29f

Found public CheckMk agent:
Version: 1.5.0p7
AgentOS: linux
Hostname: master.gi-dns.com
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local

Found process list through CheckMk:
(root,191148,3828,01:24:02/307-13:16:15,1) /usr/lib/systemd/systemd --switched-root --system --deserialize 22
(root,0,0,00:00:06/307-13:16:15,2) [kthreadd]
(root,0,0,00:00:00/307-13:16:15,4) [kworker/0:0H]
(root,0,0,00:10:33/307-13:16:15,6) [ksoftirqd/0]
(root,0,0,00:01:19/307-13:16:15,7) [migration/0]
(root,0,0,00:00:00/307-13:16:15,8) [rcu_bh]
(root,0,0,09:56:45/307-13:16:15,9) [rcu_sched]
(root,0,0,00:00:00/307-13:16:15,10) [lru-add-drain]
(root,0,0,00:01:47/307-13:16:15,11) [watchdog/0]
(root,0,0,00:01:23/307-13:16:15,12) [watchdog/1]
(root,0,0,00:01:24/307-13:16:15,13) [migration/1]
(root,0,0,00:00:59/307-13:16:15,14) [ksoftirqd/1]
(root,0,0,00:00:00/307-13:16:15,16) [kworker/1:0H]
(root,0,0,00:00:00/307-13:16:15,18) [kdevtmpfs]
(root,0,0,00:00:00/307-13:16:15,19) [netns]
(root,0,0,00:00:16/307-13:16:15,20) [khungtaskd]
(root,0,0,00:00:00/307-13:16:15,21) [writeback]
(root,0,0,00:00:00/307-13:16:15,22) [kintegrityd]
(root,0,0,00:00:00/307-13:16:15,23) [bioset]
(root,0,0,00:00:00/307-13:16:15,24) [bioset]
(root,0,0,00:00:00/307-13:16:15,25) [bioset]
(root,0,0,00:00:00/307-13:16:15,26) [kblockd]
(root,0,0,00:00:00/307-13:16:15,27) [md]
(root,0,0,00:00:00/307-13:16:15,28) [edac-poller]
(root,0,0,00:00:00/307-13:16:15,29) [watchdogd]
(root,0,0,00:00:04/307-13:16:15,36) [kswapd0]
(root,0,0,00:00:00/307-13:16:15,37) [ksmd]
(root,0,0,00:01:14/307-13:16:15,38) [khugepaged]
(root,0,0,00:00:00/307-13:16:15,39) [crypto]
(root,0,0,00:00:00/307-13:16:15,47) [kthrotld]
(root,0,0,00:00:00/307-13:16:15,49) [kmpath_rdacd]
(root,0,0,00:00:00/307-13:16:15,50) [kaluad]
(root,0,0,00:00:00/307-13:16:15,51) [kpsmoused]
(root,0,0,00:00:00/307-13:16:15,53) [ipv6_addrconf]
(root,0,0,00:00:00/307-13:16:15,66) [deferwq]
(root,0,0,00:01:07/307-13:16:15,101) [kauditd]
(root,0,0,00:00:00/307-13:16:14,280) [ata_sff]
(root,0,0,00:00:00/307-13:16:14,281) [mpt_poll_0]
(root,0,0,00:00:00/307-13:16:14,282) [nfit]
(root,0,0,00:00:00/307-13:16:14,283) [mpt/0]
(root,0,0,00:00:00/307-13:16:14,311) [scsi_eh_0]
(root,0,0,00:00:00/307-13:16:14,312) [scsi_tmf_0]
(root,0,0,00:00:00/307-13:16:14,353) [scsi_eh_1]
(root,0,0,00:00:00/307-13:16:14,354) [scsi_tmf_1]
(root,0,0,00:00:00/307-13:16:14,356) [scsi_eh_2]
(root,0,0,00:00:00/307-13:16:14,357) [scsi_tmf_2]
(root,0,0,00:49:33/307-13:16:14,360) [irq/16-vmwgfx]
(root,0,0,00:00:00/307-13:16:14,365) [ttm_swap]
(root,0,0,00:00:00/307-13:16:14,374) [mpt_poll_1]
(root,0,0,00:00:00/307-13:16:14,375) [mpt/1]
(root,0,0,00:00:00/307-13:16:14,378) [scsi_eh_3]
(root,0,0,00:00:00/307-13:16:14,379) [scsi_tmf_3]
(root,0,0,00:00:00/307-13:16:14,380) [mpt_poll_2]
(root,0,0,00:00:00/307-13:16:14,381) [mpt/2]
(root,0,0,00:00:00/307-13:16:14,382) [scsi_eh_4]
(root,0,0,00:00:00/307-13:16:14,383) [scsi_tmf_4]
(root,0,0,00:00:00/307-13:16:14,384) [mpt_poll_3]
(root,0,0,00:00:00/307-13:16:14,385) [mpt/3]
(root,0,0,00:00:00/307-13:16:14,386) [scsi_eh_5]
(root,0,0,00:00:00/307-13:16:14,387) [scsi_tmf_5]
(root,0,0,00:00:00/307-13:16:14,451) [kdmflush]
(root,0,0,00:00:00/307-13:16:14,452) [bioset]
(root,0,0,00:00:00/307-13:16:13,462) [kdmflush]
(root,0,0,00:00:00/307-13:16:13,463) [bioset]
(root,0,0,00:00:00/307-13:16:13,476) [bioset]
(root,0,0,00:00:00/307-13:16:13,477) [xfsalloc]
(root,0,0,00:00:00/307-13:16:13,478) [xfs_mru_cache]
(root,0,0,00:00:00/307-13:16:13,479) [xfs-buf/dm-0]
(root,0,0,00:00:00/307-13:16:13,480) [xfs-data/dm-0]
(root,0,0,00:00:00/307-13:16:13,481) [xfs-conv/dm-0]
(root,0,0,00:00:00/307-13:16:13,482) [xfs-cil/dm-0]
(root,0,0,00:00:00/307-13:16:13,483) [xfs-reclaim/dm-]
(root,0,0,00:00:00/307-13:16:13,484) [xfs-log/dm-0]
(root,0,0,00:00:00/307-13:16:13,485) [xfs-eofblocks/d]
(root,0,0,01:44:31/307-13:16:13,486) [xfsaild/dm-0]
(root,0,0,00:01:00/307-13:16:13,487) [kworker/0:1H]
(root,39560,4824,00:23:44/307-13:16:10,567) /usr/lib/systemd/systemd-journald
(root,198568,1500,00:00:03/307-13:16:10,587) /usr/sbin/lvmetad -f
(root,44800,1632,00:00:01/307-13:16:10,600) /usr/lib/systemd/systemd-udevd
(root,0,0,00:00:00/307-13:16:09,729) [xfs-buf/sda1]
(root,0,0,00:00:00/307-13:16:09,730) [xfs-data/sda1]
(root,0,0,00:00:00/307-13:16:09,731) [xfs-conv/sda1]
(root,0,0,00:00:00/307-13:16:09,732) [xfs-cil/sda1]
(root,0,0,00:00:00/307-13:16:09,733) [xfs-reclaim/sda]
(root,0,0,00:00:00/307-13:16:09,734) [xfs-log/sda1]
(root,0,0,00:00:00/307-13:16:09,735) [xfs-eofblocks/s]
(root,0,0,00:00:03/307-13:16:09,744) [xfsaild/sda1]
(root,0,0,00:00:57/307-13:16:09,768) [kworker/1:1H]
(root,55528,1072,00:05:41/307-13:16:09,769) /sbin/auditd
(root,99684,4488,00:00:00/307-13:16:08,791) /usr/bin/VGAuthService -s
(root,305176,5280,04:30:34/307-13:16:08,792) /usr/bin/vmtoolsd
(polkitd,612372,10016,00:00:16/307-13:16:08,797) /usr/lib/polkit-1/polkitd --no-debug
(root,21684,1256,00:15:37/307-13:16:08,805) /usr/sbin/irqbalance --foreground
(root,26380,1684,00:02:17/307-13:16:08,839) /usr/lib/systemd/systemd-logind
(dbus,58236,2340,00:06:31/307-13:16:08,840) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation
(ntp,25728,1932,00:03:54/307-13:16:08,851) /usr/sbin/ntpd -u ntp:ntp -g
(root,476344,8552,00:06:18/307-13:16:08,858) /usr/sbin/NetworkManager --no-daemon
(root,126288,1572,00:00:41/307-13:16:08,862) /usr/sbin/crond -n
(root,110108,804,00:00:00/307-13:16:08,865) /sbin/agetty --noclear tty1 linux
(root,218220,18720,01:16:27/307-13:16:07,1120) /opt/web/powerdns-admin/flask/bin/python3 /opt/web/powerdns-admin/flask/bin/gunicorn --workers 2 --bind unix:/opt/web/powerdns-admin/powerdns-admin.sock app:app
(root,454540,6188,00:29:38/307-13:16:07,1122) /usr/sbin/rsyslogd -n
(root,574200,17260,00:49:43/307-13:16:07,1123) /usr/bin/python2 -Es /usr/sbin/tuned -l -P
(root,112920,4356,00:06:35/307-13:16:07,1126) /usr/sbin/sshd -D
(root,27168,876,00:00:00/307-13:16:07,1160) /usr/sbin/xinetd -stayalive -pidfile /var/run/xinetd.pid
(mysql,1768440,167544,04:09:47/307-13:16:07,1226) /usr/sbin/mysqld
(root,57044,3040,00:00:02/307-13:16:07,1237) nginx: master process /usr/sbin/nginx -c /etc/nginx/nginx.conf
(root,0,0,00:00:07/67-08:18:24,1263) [veeamsnap_log]
(root,0,0,00:00:00/67-08:18:24,1264) [bioset]
(root,0,0,00:00:00/67-08:18:24,1266) [bioset]
(root,0,0,00:00:00/67-08:18:24,1267) [bioset]
(root,1280280,694512,1-00:38:08/307-13:16:06,1334) /usr/bin/python2 -s /usr/bin/fail2ban-server -s /var/run/fail2ban/fail2ban.sock -p /var/run/fail2ban/fail2ban.pid -x -b
(root,90356,2252,00:01:23/307-13:16:06,1412) /usr/libexec/postfix/master -w
(postfix,90636,4360,00:00:20/307-13:16:06,1452) qmgr -l -t unix -u
(root,1194016,26196,00:15:34/68-06:41:36,5783) /opt/veeam/transport/veeamtransport --run-service
(root,104896,3036,00:00:00/68-06:41:36,5790) /opt/veeam/transport/veeamtransport --run-environmentsvc 7:6
(root,168292,2192,00:12:36/68-06:41:35,5803) /opt/veeam/transport/veeamimmureposvc --subprocess --log /var/log/VeeamBackup --maxLogSize 15728640 --stdio 10:7
(root,1627728,60392,00:14:35/68-06:41:10,6189) /usr/sbin/veeamworker --pidfile /var/run/veeamservice.pid --daemon
(root,0,0,00:00:00/307-08:12:09,12620) [cifsiod]
(root,0,0,00:00:00/307-08:12:09,12621) [cifsoplockd]
(root,0,0,00:00:00/02:25:08,13564) [kworker/1:1]
(root,414432,120680,00:09:37/254-08:31:56,14055) /opt/web/powerdns-admin/flask/bin/python3 /opt/web/powerdns-admin/flask/bin/gunicorn --workers 2 --bind unix:/opt/web/powerdns-admin/powerdns-admin.sock app:app
(root,363172,69052,00:09:23/254-08:31:56,14056) /opt/web/powerdns-admin/flask/bin/python3 /opt/web/powerdns-admin/flask/bin/gunicorn --workers 2 --bind unix:/opt/web/powerdns-admin/powerdns-admin.sock app:app
(pdns,1374876,26364,00:51:43/183-14:31:07,20510) /usr/sbin/pdns_server --guardian=no --daemon=no --disable-syslog --no-shuffle --log-timestamp=no --write-pid=no
(root,99932,2244,00:00:00/293-11:00:02,22579) /opt/veeam/deployment/veeamdeploymentsvc --run-service
(root,391024,30640,00:00:20/293-11:00:02,22581) /opt/veeam/deployment/veeamdeploymentsvc --service-process 9:8
(veeam-cd,601912,15316,01:09:19/293-11:00:02,22583) /opt/veeam/deployment/veeamdeploymentsvc --vcp-subprocess 18:17
(root,0,0,00:00:00/47:35,23040) [kworker/u4:2]
(nginx,57552,4032,00:00:00/22:42:16,23495) nginx: worker process
(postfix,90460,4176,00:00:00/26:37,25246) pickup -l -t unix -u
(root,0,0,00:00:00/18:13,26177) [kworker/0:0]
(root,0,0,00:00:00/14:41,26514) [kworker/1:0]
(root,0,0,00:00:00/07:41,27216) [kworker/0:2]
(root,0,0,00:00:00/07:16,27313) [kworker/u4:1]
(root,0,0,00:00:00/04:39,27556) [kworker/1:2]
(root,0,0,00:00:00/02:11,27874) [kworker/0:1]
(root,161528,5832,00:00:00/00:13,28073) sshd: root [priv]
(sshd,112920,2488,00:00:00/00:13,28074) sshd: root [net]
(root,112920,4284,00:00:00/00:01,28079) sshd: [accepted]
(sshd,112920,2224,00:00:00/00:01,28080) sshd: [net]
(root,113320,1616,00:00:00/00:01,28135) /bin/bash /usr/bin/check_mk_agent
(root,113192,1584,00:00:00/00:01,28195) /bin/bash /usr/bin/check_mk_agent
(root,51752,1680,00:00:00/00:00,28226) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000
(root,13324,924,00:00:00/00:00,28227) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) /

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: ens35: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether 1e:00:d2:00:05:c4 brd ff:ff:ff:ff:ff:ff
[end_iplink]

Found on 2024-11-20 01:42

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcb76c1b6ce66f06e793f105f6bdf22204ee8ff899d

Found public CheckMk agent:
Version: 1.5.0p7
AgentOS: linux
Hostname: master.gi-dns.com
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local

Found process list through CheckMk:
(root,191148,3936,01:23:18/305-12:21:49,1) /usr/lib/systemd/systemd --switched-root --system --deserialize 22
(root,0,0,00:00:06/305-12:21:49,2) [kthreadd]
(root,0,0,00:00:00/305-12:21:49,4) [kworker/0:0H]
(root,0,0,00:10:30/305-12:21:49,6) [ksoftirqd/0]
(root,0,0,00:01:19/305-12:21:49,7) [migration/0]
(root,0,0,00:00:00/305-12:21:49,8) [rcu_bh]
(root,0,0,09:53:21/305-12:21:49,9) [rcu_sched]
(root,0,0,00:00:00/305-12:21:49,10) [lru-add-drain]
(root,0,0,00:01:46/305-12:21:49,11) [watchdog/0]
(root,0,0,00:01:23/305-12:21:49,12) [watchdog/1]
(root,0,0,00:01:23/305-12:21:49,13) [migration/1]
(root,0,0,00:00:59/305-12:21:49,14) [ksoftirqd/1]
(root,0,0,00:00:00/305-12:21:49,16) [kworker/1:0H]
(root,0,0,00:00:00/305-12:21:49,18) [kdevtmpfs]
(root,0,0,00:00:00/305-12:21:49,19) [netns]
(root,0,0,00:00:16/305-12:21:49,20) [khungtaskd]
(root,0,0,00:00:00/305-12:21:49,21) [writeback]
(root,0,0,00:00:00/305-12:21:49,22) [kintegrityd]
(root,0,0,00:00:00/305-12:21:49,23) [bioset]
(root,0,0,00:00:00/305-12:21:49,24) [bioset]
(root,0,0,00:00:00/305-12:21:49,25) [bioset]
(root,0,0,00:00:00/305-12:21:49,26) [kblockd]
(root,0,0,00:00:00/305-12:21:49,27) [md]
(root,0,0,00:00:00/305-12:21:49,28) [edac-poller]
(root,0,0,00:00:00/305-12:21:49,29) [watchdogd]
(root,0,0,00:00:04/305-12:21:49,36) [kswapd0]
(root,0,0,00:00:00/305-12:21:49,37) [ksmd]
(root,0,0,00:01:13/305-12:21:49,38) [khugepaged]
(root,0,0,00:00:00/305-12:21:49,39) [crypto]
(root,0,0,00:00:00/305-12:21:49,47) [kthrotld]
(root,0,0,00:00:00/305-12:21:49,49) [kmpath_rdacd]
(root,0,0,00:00:00/305-12:21:49,50) [kaluad]
(root,0,0,00:00:00/305-12:21:49,51) [kpsmoused]
(root,0,0,00:00:00/305-12:21:49,53) [ipv6_addrconf]
(root,0,0,00:00:00/305-12:21:49,66) [deferwq]
(root,0,0,00:01:06/305-12:21:49,101) [kauditd]
(root,0,0,00:00:00/305-12:21:48,280) [ata_sff]
(root,0,0,00:00:00/305-12:21:48,281) [mpt_poll_0]
(root,0,0,00:00:00/305-12:21:48,282) [nfit]
(root,0,0,00:00:00/305-12:21:48,283) [mpt/0]
(root,0,0,00:00:00/305-12:21:48,311) [scsi_eh_0]
(root,0,0,00:00:00/305-12:21:48,312) [scsi_tmf_0]
(root,0,0,00:00:00/305-12:21:48,353) [scsi_eh_1]
(root,0,0,00:00:00/305-12:21:48,354) [scsi_tmf_1]
(root,0,0,00:00:00/305-12:21:48,356) [scsi_eh_2]
(root,0,0,00:00:00/305-12:21:48,357) [scsi_tmf_2]
(root,0,0,00:49:14/305-12:21:48,360) [irq/16-vmwgfx]
(root,0,0,00:00:00/305-12:21:48,365) [ttm_swap]
(root,0,0,00:00:00/305-12:21:48,374) [mpt_poll_1]
(root,0,0,00:00:00/305-12:21:48,375) [mpt/1]
(root,0,0,00:00:00/305-12:21:48,378) [scsi_eh_3]
(root,0,0,00:00:00/305-12:21:48,379) [scsi_tmf_3]
(root,0,0,00:00:00/305-12:21:48,380) [mpt_poll_2]
(root,0,0,00:00:00/305-12:21:48,381) [mpt/2]
(root,0,0,00:00:00/305-12:21:48,382) [scsi_eh_4]
(root,0,0,00:00:00/305-12:21:48,383) [scsi_tmf_4]
(root,0,0,00:00:00/305-12:21:48,384) [mpt_poll_3]
(root,0,0,00:00:00/305-12:21:48,385) [mpt/3]
(root,0,0,00:00:00/305-12:21:48,386) [scsi_eh_5]
(root,0,0,00:00:00/305-12:21:48,387) [scsi_tmf_5]
(root,0,0,00:00:00/305-12:21:48,451) [kdmflush]
(root,0,0,00:00:00/305-12:21:48,452) [bioset]
(root,0,0,00:00:00/305-12:21:47,462) [kdmflush]
(root,0,0,00:00:00/305-12:21:47,463) [bioset]
(root,0,0,00:00:00/305-12:21:47,476) [bioset]
(root,0,0,00:00:00/305-12:21:47,477) [xfsalloc]
(root,0,0,00:00:00/305-12:21:47,478) [xfs_mru_cache]
(root,0,0,00:00:00/305-12:21:47,479) [xfs-buf/dm-0]
(root,0,0,00:00:00/305-12:21:47,480) [xfs-data/dm-0]
(root,0,0,00:00:00/305-12:21:47,481) [xfs-conv/dm-0]
(root,0,0,00:00:00/305-12:21:47,482) [xfs-cil/dm-0]
(root,0,0,00:00:00/305-12:21:47,483) [xfs-reclaim/dm-]
(root,0,0,00:00:00/305-12:21:47,484) [xfs-log/dm-0]
(root,0,0,00:00:00/305-12:21:47,485) [xfs-eofblocks/d]
(root,0,0,01:43:48/305-12:21:47,486) [xfsaild/dm-0]
(root,0,0,00:00:59/305-12:21:47,487) [kworker/0:1H]
(root,39548,7872,00:23:32/305-12:21:44,567) /usr/lib/systemd/systemd-journald
(root,198568,1580,00:00:03/305-12:21:44,587) /usr/sbin/lvmetad -f
(root,44800,1692,00:00:01/305-12:21:44,600) /usr/lib/systemd/systemd-udevd
(root,0,0,00:00:00/305-12:21:43,729) [xfs-buf/sda1]
(root,0,0,00:00:00/305-12:21:43,730) [xfs-data/sda1]
(root,0,0,00:00:00/305-12:21:43,731) [xfs-conv/sda1]
(root,0,0,00:00:00/305-12:21:43,732) [xfs-cil/sda1]
(root,0,0,00:00:00/305-12:21:43,733) [xfs-reclaim/sda]
(root,0,0,00:00:00/305-12:21:43,734) [xfs-log/sda1]
(root,0,0,00:00:00/305-12:21:43,735) [xfs-eofblocks/s]
(root,0,0,00:00:03/305-12:21:43,744) [xfsaild/sda1]
(root,0,0,00:00:56/305-12:21:43,768) [kworker/1:1H]
(root,55528,1072,00:05:38/305-12:21:43,769) /sbin/auditd
(root,99684,4488,00:00:00/305-12:21:42,791) /usr/bin/VGAuthService -s
(root,305176,5280,04:28:37/305-12:21:42,792) /usr/bin/vmtoolsd
(polkitd,612372,10016,00:00:16/305-12:21:42,797) /usr/lib/polkit-1/polkitd --no-debug
(root,21684,1256,00:15:30/305-12:21:42,805) /usr/sbin/irqbalance --foreground
(root,26380,1684,00:02:16/305-12:21:42,839) /usr/lib/systemd/systemd-logind
(dbus,58236,2340,00:06:28/305-12:21:42,840) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation
(ntp,25728,1932,00:03:53/305-12:21:42,851) /usr/sbin/ntpd -u ntp:ntp -g
(root,476344,8552,00:06:15/305-12:21:42,858) /usr/sbin/NetworkManager --no-daemon
(root,126288,1572,00:00:40/305-12:21:42,862) /usr/sbin/crond -n
(root,110108,804,00:00:00/305-12:21:42,865) /sbin/agetty --noclear tty1 linux
(root,218220,18720,01:15:55/305-12:21:41,1120) /opt/web/powerdns-admin/flask/bin/python3 /opt/web/powerdns-admin/flask/bin/gunicorn --workers 2 --bind unix:/opt/web/powerdns-admin/powerdns-admin.sock app:app
(root,454200,8752,00:29:25/305-12:21:41,1122) /usr/sbin/rsyslogd -n
(root,574200,17260,00:49:22/305-12:21:41,1123) /usr/bin/python2 -Es /usr/sbin/tuned -l -P
(root,112920,4356,00:06:32/305-12:21:41,1126) /usr/sbin/sshd -D
(root,27168,876,00:00:00/305-12:21:41,1160) /usr/sbin/xinetd -stayalive -pidfile /var/run/xinetd.pid
(mysql,1768440,167384,04:08:08/305-12:21:41,1226) /usr/sbin/mysqld
(root,57044,3040,00:00:02/305-12:21:41,1237) nginx: master process /usr/sbin/nginx -c /etc/nginx/nginx.conf
(root,0,0,00:00:07/65-07:23:58,1263) [veeamsnap_log]
(root,0,0,00:00:00/65-07:23:58,1264) [bioset]
(root,0,0,00:00:00/65-07:23:58,1266) [bioset]
(root,0,0,00:00:00/65-07:23:58,1267) [bioset]
(root,1280604,692340,1-00:32:24/305-12:21:40,1334) /usr/bin/python2 -s /usr/bin/fail2ban-server -s /var/run/fail2ban/fail2ban.sock -p /var/run/fail2ban/fail2ban.pid -x -b
(root,90356,2252,00:01:23/305-12:21:40,1412) /usr/libexec/postfix/master -w
(postfix,90636,4360,00:00:20/305-12:21:40,1452) qmgr -l -t unix -u
(nginx,57484,2504,00:00:00/21:47:50,2310) nginx: worker process
(root,0,0,00:00:00/04:46:16,4311) [kworker/1:0]
(root,1194016,26096,00:15:08/66-05:47:10,5783) /opt/veeam/transport/veeamtransport --run-service
(root,104896,3036,00:00:00/66-05:47:10,5790) /opt/veeam/transport/veeamtransport --run-environmentsvc 7:6
(root,168292,2192,00:12:14/66-05:47:09,5803) /opt/veeam/transport/veeamimmureposvc --subprocess --log /var/log/VeeamBackup --maxLogSize 15728640 --stdio 10:7
(root,1627728,58472,00:14:11/66-05:46:44,6189) /usr/sbin/veeamworker --pidfile /var/run/veeamservice.pid --daemon
(root,0,0,00:00:00/305-07:17:43,12620) [cifsiod]
(root,0,0,00:00:00/305-07:17:43,12621) [cifsoplockd]
(root,414432,120680,00:09:33/252-07:37:30,14055) /opt/web/powerdns-admin/flask/bin/python3 /opt/web/powerdns-admin/flask/bin/gunicorn --workers 2 --bind unix:/opt/web/powerdns-admin/powerdns-admin.sock app:app
(root,362916,68908,00:09:18/252-07:37:30,14056) /opt/web/powerdns-admin/flask/bin/python3 /opt/web/powerdns-admin/flask/bin/gunicorn --workers 2 --bind unix:/opt/web/powerdns-admin/powerdns-admin.sock app:app
(root,0,0,00:00:00/02:35:16,16773) [kworker/u4:1]
(pdns,1374876,26464,00:51:07/181-13:36:41,20510) /usr/sbin/pdns_server --guardian=no --daemon=no --disable-syslog --no-shuffle --log-timestamp=no --write-pid=no
(root,99932,2244,00:00:00/291-10:05:36,22579) /opt/veeam/deployment/veeamdeploymentsvc --run-service
(root,391024,30640,00:00:20/291-10:05:36,22581) /opt/veeam/deployment/veeamdeploymentsvc --service-process 9:8
(veeam-cd,601912,15316,01:08:48/291-10:05:36,22583) /opt/veeam/deployment/veeamdeploymentsvc --vcp-subprocess 18:17
(postfix,90460,4172,00:00:00/01:31:44,22824) pickup -l -t unix -u
(root,0,0,00:00:00/06:46:39,24630) [kworker/1:1]
(root,0,0,00:00:00/15:15,30109) [kworker/u4:2]
(root,0,0,00:00:00/09:45,30600) [kworker/0:2]
(root,0,0,00:00:00/08:13,30785) [kworker/u4:0]
(root,0,0,00:00:00/06:44,30875) [kworker/0:3]
(root,0,0,00:00:00/01:44,31337) [kworker/0:0]
(root,158804,5284,00:00:00/00:22,31520) sshd: unknown [priv]
(sshd,112920,2228,00:00:00/00:22,31521) sshd: unknown [net]
(root,113320,1672,00:00:00/00:00,31526) /bin/bash /usr/bin/check_mk_agent
(root,113320,1620,00:00:00/00:00,31566) /bin/bash /usr/bin/check_mk_agent
(root,113192,1584,00:00:00/00:00,31635) /bin/bash /usr/bin/check_mk_agent
(root,51752,1680,00:00:00/00:00,31667) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000
(root,13324,928,00:00:00/00:00,31668) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) /

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: ens35: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether 1e:00:d2:00:05:c4 brd ff:ff:ff:ff:ff:ff
[end_iplink]

Found on 2024-11-18 00:47

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcb76c1b6ce66f06e793f105f6bdf22204e53b250a1

Found public CheckMk agent:
Version: 1.5.0p7
AgentOS: linux
Hostname: master.gi-dns.com
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local

Found process list through CheckMk:
(root,191148,3936,01:22:35/303-13:15:29,1) /usr/lib/systemd/systemd --switched-root --system --deserialize 22
(root,0,0,00:00:06/303-13:15:29,2) [kthreadd]
(root,0,0,00:00:00/303-13:15:29,4) [kworker/0:0H]
(root,0,0,00:10:27/303-13:15:29,6) [ksoftirqd/0]
(root,0,0,00:01:18/303-13:15:29,7) [migration/0]
(root,0,0,00:00:00/303-13:15:29,8) [rcu_bh]
(root,0,0,09:49:40/303-13:15:29,9) [rcu_sched]
(root,0,0,00:00:00/303-13:15:29,10) [lru-add-drain]
(root,0,0,00:01:46/303-13:15:29,11) [watchdog/0]
(root,0,0,00:01:22/303-13:15:29,12) [watchdog/1]
(root,0,0,00:01:22/303-13:15:29,13) [migration/1]
(root,0,0,00:00:58/303-13:15:29,14) [ksoftirqd/1]
(root,0,0,00:00:00/303-13:15:29,16) [kworker/1:0H]
(root,0,0,00:00:00/303-13:15:29,18) [kdevtmpfs]
(root,0,0,00:00:00/303-13:15:29,19) [netns]
(root,0,0,00:00:16/303-13:15:29,20) [khungtaskd]
(root,0,0,00:00:00/303-13:15:29,21) [writeback]
(root,0,0,00:00:00/303-13:15:29,22) [kintegrityd]
(root,0,0,00:00:00/303-13:15:29,23) [bioset]
(root,0,0,00:00:00/303-13:15:29,24) [bioset]
(root,0,0,00:00:00/303-13:15:29,25) [bioset]
(root,0,0,00:00:00/303-13:15:29,26) [kblockd]
(root,0,0,00:00:00/303-13:15:29,27) [md]
(root,0,0,00:00:00/303-13:15:29,28) [edac-poller]
(root,0,0,00:00:00/303-13:15:29,29) [watchdogd]
(root,0,0,00:00:04/303-13:15:29,36) [kswapd0]
(root,0,0,00:00:00/303-13:15:29,37) [ksmd]
(root,0,0,00:01:13/303-13:15:29,38) [khugepaged]
(root,0,0,00:00:00/303-13:15:29,39) [crypto]
(root,0,0,00:00:00/303-13:15:29,47) [kthrotld]
(root,0,0,00:00:00/303-13:15:29,49) [kmpath_rdacd]
(root,0,0,00:00:00/303-13:15:29,50) [kaluad]
(root,0,0,00:00:00/303-13:15:29,51) [kpsmoused]
(root,0,0,00:00:00/303-13:15:29,53) [ipv6_addrconf]
(root,0,0,00:00:00/303-13:15:29,66) [deferwq]
(root,0,0,00:01:06/303-13:15:29,101) [kauditd]
(root,0,0,00:00:00/303-13:15:28,280) [ata_sff]
(root,0,0,00:00:00/303-13:15:28,281) [mpt_poll_0]
(root,0,0,00:00:00/303-13:15:28,282) [nfit]
(root,0,0,00:00:00/303-13:15:28,283) [mpt/0]
(root,0,0,00:00:00/303-13:15:28,311) [scsi_eh_0]
(root,0,0,00:00:00/303-13:15:28,312) [scsi_tmf_0]
(root,0,0,00:00:00/303-13:15:28,353) [scsi_eh_1]
(root,0,0,00:00:00/303-13:15:28,354) [scsi_tmf_1]
(root,0,0,00:00:00/303-13:15:28,356) [scsi_eh_2]
(root,0,0,00:00:00/303-13:15:28,357) [scsi_tmf_2]
(root,0,0,00:48:56/303-13:15:28,360) [irq/16-vmwgfx]
(root,0,0,00:00:00/303-13:15:28,365) [ttm_swap]
(root,0,0,00:00:00/303-13:15:28,374) [mpt_poll_1]
(root,0,0,00:00:00/303-13:15:28,375) [mpt/1]
(root,0,0,00:00:00/303-13:15:28,378) [scsi_eh_3]
(root,0,0,00:00:00/303-13:15:28,379) [scsi_tmf_3]
(root,0,0,00:00:00/303-13:15:28,380) [mpt_poll_2]
(root,0,0,00:00:00/303-13:15:28,381) [mpt/2]
(root,0,0,00:00:00/303-13:15:28,382) [scsi_eh_4]
(root,0,0,00:00:00/303-13:15:28,383) [scsi_tmf_4]
(root,0,0,00:00:00/303-13:15:28,384) [mpt_poll_3]
(root,0,0,00:00:00/303-13:15:28,385) [mpt/3]
(root,0,0,00:00:00/303-13:15:28,386) [scsi_eh_5]
(root,0,0,00:00:00/303-13:15:28,387) [scsi_tmf_5]
(root,0,0,00:00:00/303-13:15:28,451) [kdmflush]
(root,0,0,00:00:00/303-13:15:28,452) [bioset]
(root,0,0,00:00:00/303-13:15:27,462) [kdmflush]
(root,0,0,00:00:00/303-13:15:27,463) [bioset]
(root,0,0,00:00:00/303-13:15:27,476) [bioset]
(root,0,0,00:00:00/303-13:15:27,477) [xfsalloc]
(root,0,0,00:00:00/303-13:15:27,478) [xfs_mru_cache]
(root,0,0,00:00:00/303-13:15:27,479) [xfs-buf/dm-0]
(root,0,0,00:00:00/303-13:15:27,480) [xfs-data/dm-0]
(root,0,0,00:00:00/303-13:15:27,481) [xfs-conv/dm-0]
(root,0,0,00:00:00/303-13:15:27,482) [xfs-cil/dm-0]
(root,0,0,00:00:00/303-13:15:27,483) [xfs-reclaim/dm-]
(root,0,0,00:00:00/303-13:15:27,484) [xfs-log/dm-0]
(root,0,0,00:00:00/303-13:15:27,485) [xfs-eofblocks/d]
(root,0,0,01:43:07/303-13:15:27,486) [xfsaild/dm-0]
(root,0,0,00:00:58/303-13:15:27,487) [kworker/0:1H]
(root,55872,18544,00:23:22/303-13:15:24,567) /usr/lib/systemd/systemd-journald
(root,198568,1580,00:00:03/303-13:15:24,587) /usr/sbin/lvmetad -f
(root,44800,1692,00:00:01/303-13:15:24,600) /usr/lib/systemd/systemd-udevd
(root,0,0,00:00:00/303-13:15:23,729) [xfs-buf/sda1]
(root,0,0,00:00:00/303-13:15:23,730) [xfs-data/sda1]
(root,0,0,00:00:00/303-13:15:23,731) [xfs-conv/sda1]
(root,0,0,00:00:00/303-13:15:23,732) [xfs-cil/sda1]
(root,0,0,00:00:00/303-13:15:23,733) [xfs-reclaim/sda]
(root,0,0,00:00:00/303-13:15:23,734) [xfs-log/sda1]
(root,0,0,00:00:00/303-13:15:23,735) [xfs-eofblocks/s]
(root,0,0,00:00:03/303-13:15:23,744) [xfsaild/sda1]
(root,0,0,00:00:56/303-13:15:23,768) [kworker/1:1H]
(root,55528,1072,00:05:36/303-13:15:23,769) /sbin/auditd
(root,99684,4488,00:00:00/303-13:15:22,791) /usr/bin/VGAuthService -s
(root,305176,5280,04:26:41/303-13:15:22,792) /usr/bin/vmtoolsd
(polkitd,612372,10016,00:00:16/303-13:15:22,797) /usr/lib/polkit-1/polkitd --no-debug
(root,21684,1256,00:15:24/303-13:15:22,805) /usr/sbin/irqbalance --foreground
(root,26380,1684,00:02:15/303-13:15:22,839) /usr/lib/systemd/systemd-logind
(dbus,58236,2340,00:06:26/303-13:15:22,840) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation
(ntp,25728,1932,00:03:51/303-13:15:22,851) /usr/sbin/ntpd -u ntp:ntp -g
(root,476344,8552,00:06:13/303-13:15:22,858) /usr/sbin/NetworkManager --no-daemon
(root,126288,1572,00:00:40/303-13:15:22,862) /usr/sbin/crond -n
(root,110108,804,00:00:00/303-13:15:22,865) /sbin/agetty --noclear tty1 linux
(root,218220,18720,01:15:24/303-13:15:21,1120) /opt/web/powerdns-admin/flask/bin/python3 /opt/web/powerdns-admin/flask/bin/gunicorn --workers 2 --bind unix:/opt/web/powerdns-admin/powerdns-admin.sock app:app
(root,469932,13708,00:29:12/303-13:15:21,1122) /usr/sbin/rsyslogd -n
(root,574200,17260,00:49:02/303-13:15:21,1123) /usr/bin/python2 -Es /usr/sbin/tuned -l -P
(root,112920,4356,00:06:29/303-13:15:21,1126) /usr/sbin/sshd -D
(root,27168,876,00:00:00/303-13:15:21,1160) /usr/sbin/xinetd -stayalive -pidfile /var/run/xinetd.pid
(mysql,1768440,167384,04:06:36/303-13:15:21,1226) /usr/sbin/mysqld
(root,57044,3040,00:00:02/303-13:15:21,1237) nginx: master process /usr/sbin/nginx -c /etc/nginx/nginx.conf
(root,0,0,00:00:07/63-08:17:38,1263) [veeamsnap_log]
(root,0,0,00:00:00/63-08:17:38,1264) [bioset]
(root,0,0,00:00:00/63-08:17:38,1266) [bioset]
(root,0,0,00:00:00/63-08:17:38,1267) [bioset]
(root,1294212,695272,1-00:28:06/303-13:15:20,1334) /usr/bin/python2 -s /usr/bin/fail2ban-server -s /var/run/fail2ban/fail2ban.sock -p /var/run/fail2ban/fail2ban.pid -x -b
(root,90356,2252,00:01:22/303-13:15:20,1412) /usr/libexec/postfix/master -w
(postfix,90636,4360,00:00:19/303-13:15:20,1452) qmgr -l -t unix -u
(root,1194016,25400,00:14:42/64-06:40:50,5783) /opt/veeam/transport/veeamtransport --run-service
(root,104896,3036,00:00:00/64-06:40:50,5790) /opt/veeam/transport/veeamtransport --run-environmentsvc 7:6
(root,168292,2192,00:11:51/64-06:40:49,5803) /opt/veeam/transport/veeamimmureposvc --subprocess --log /var/log/VeeamBackup --maxLogSize 15728640 --stdio 10:7
(root,1627728,57800,00:13:52/64-06:40:24,6189) /usr/sbin/veeamworker --pidfile /var/run/veeamservice.pid --daemon
(postfix,90460,4180,00:00:00/01:04:52,8604) pickup -l -t unix -u
(nginx,57484,2540,00:00:00/22:41:30,9146) nginx: worker process
(root,0,0,00:00:01/31:25,11776) [kworker/0:1]
(root,0,0,00:00:00/22:29,12547) [kworker/u4:0]
(root,0,0,00:00:00/303-08:11:23,12620) [cifsiod]
(root,0,0,00:00:00/303-08:11:23,12621) [cifsoplockd]
(root,0,0,00:00:00/15:33,13214) [kworker/u4:2]
(root,0,0,00:00:01/15:22,13304) [kworker/0:2]
(root,0,0,00:00:00/08:44,13880) [kworker/1:0]
(root,414432,120680,00:09:30/250-08:31:10,14055) /opt/web/powerdns-admin/flask/bin/python3 /opt/web/powerdns-admin/flask/bin/gunicorn --workers 2 --bind unix:/opt/web/powerdns-admin/powerdns-admin.sock app:app
(root,362916,68908,00:09:15/250-08:31:10,14056) /opt/web/powerdns-admin/flask/bin/python3 /opt/web/powerdns-admin/flask/bin/gunicorn --workers 2 --bind unix:/opt/web/powerdns-admin/powerdns-admin.sock app:app
(root,0,0,00:00:00/04:51,14266) [kworker/0:0]
(root,0,0,00:00:00/03:43,14364) [kworker/1:2]
(root,112920,4288,00:00:00/01:38,14553) sshd: [accepted]
(root,0,0,00:00:00/01:11,14643) [kworker/u4:1]
(root,112920,4284,00:00:00/00:21,14652) sshd: [accepted]
(root,113320,1624,00:00:00/00:01,14803) /bin/bash /usr/bin/check_mk_agent
(root,113192,1584,00:00:00/00:01,14871) /bin/bash /usr/bin/check_mk_agent
(root,51752,1680,00:00:00/00:00,14896) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000
(root,13320,668,00:00:00/00:00,14897) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) /
(pdns,1374876,26464,00:50:32/179-14:30:21,20510) /usr/sbin/pdns_server --guardian=no --daemon=no --disable-syslog --no-shuffle --log-timestamp=no --write-pid=no
(root,99932,2244,00:00:00/289-10:59:16,22579) /opt/veeam/deployment/veeamdeploymentsvc --run-service
(root,391024,30640,00:00:20/289-10:59:16,22581) /opt/veeam/deployment/veeamdeploymentsvc --service-process 9:8
(veeam-cd,601912,15316,01:08:18/289-10:59:16,22583) /opt/veeam/deployment/veeamdeploymentsvc --vcp-subprocess 18:17
(root,0,0,00:00:02/07:45:21,32629) [kworker/1:1]

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: ens35: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether 1e:00:d2:00:05:c4 brd ff:ff:ff:ff:ff:ff
[end_iplink]

Found on 2024-11-16 01:41

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcb76c1b6ce66f06e793f105f6bdf22204e93830fed

Found public CheckMk agent:
Version: 1.5.0p7
AgentOS: linux
Hostname: master.gi-dns.com
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local

Found process list through CheckMk:
(root,191148,3936,01:21:51/301-12:19:37,1) /usr/lib/systemd/systemd --switched-root --system --deserialize 22
(root,0,0,00:00:06/301-12:19:37,2) [kthreadd]
(root,0,0,00:00:00/301-12:19:37,4) [kworker/0:0H]
(root,0,0,00:10:23/301-12:19:37,6) [ksoftirqd/0]
(root,0,0,00:01:18/301-12:19:37,7) [migration/0]
(root,0,0,00:00:00/301-12:19:37,8) [rcu_bh]
(root,0,0,09:45:52/301-12:19:37,9) [rcu_sched]
(root,0,0,00:00:00/301-12:19:37,10) [lru-add-drain]
(root,0,0,00:01:45/301-12:19:37,11) [watchdog/0]
(root,0,0,00:01:21/301-12:19:37,12) [watchdog/1]
(root,0,0,00:01:22/301-12:19:37,13) [migration/1]
(root,0,0,00:00:58/301-12:19:37,14) [ksoftirqd/1]
(root,0,0,00:00:00/301-12:19:37,16) [kworker/1:0H]
(root,0,0,00:00:00/301-12:19:37,18) [kdevtmpfs]
(root,0,0,00:00:00/301-12:19:37,19) [netns]
(root,0,0,00:00:16/301-12:19:37,20) [khungtaskd]
(root,0,0,00:00:00/301-12:19:37,21) [writeback]
(root,0,0,00:00:00/301-12:19:37,22) [kintegrityd]
(root,0,0,00:00:00/301-12:19:37,23) [bioset]
(root,0,0,00:00:00/301-12:19:37,24) [bioset]
(root,0,0,00:00:00/301-12:19:37,25) [bioset]
(root,0,0,00:00:00/301-12:19:37,26) [kblockd]
(root,0,0,00:00:00/301-12:19:37,27) [md]
(root,0,0,00:00:00/301-12:19:37,28) [edac-poller]
(root,0,0,00:00:00/301-12:19:37,29) [watchdogd]
(root,0,0,00:00:04/301-12:19:37,36) [kswapd0]
(root,0,0,00:00:00/301-12:19:37,37) [ksmd]
(root,0,0,00:01:12/301-12:19:37,38) [khugepaged]
(root,0,0,00:00:00/301-12:19:37,39) [crypto]
(root,0,0,00:00:00/301-12:19:37,47) [kthrotld]
(root,0,0,00:00:00/301-12:19:37,49) [kmpath_rdacd]
(root,0,0,00:00:00/301-12:19:37,50) [kaluad]
(root,0,0,00:00:00/301-12:19:37,51) [kpsmoused]
(root,0,0,00:00:00/301-12:19:37,53) [ipv6_addrconf]
(root,0,0,00:00:00/301-12:19:37,66) [deferwq]
(root,0,0,00:01:05/301-12:19:37,101) [kauditd]
(root,0,0,00:00:00/301-12:19:36,280) [ata_sff]
(root,0,0,00:00:00/301-12:19:36,281) [mpt_poll_0]
(root,0,0,00:00:00/301-12:19:36,282) [nfit]
(root,0,0,00:00:00/301-12:19:36,283) [mpt/0]
(root,0,0,00:00:00/301-12:19:36,311) [scsi_eh_0]
(root,0,0,00:00:00/301-12:19:36,312) [scsi_tmf_0]
(root,0,0,00:00:00/301-12:19:36,353) [scsi_eh_1]
(root,0,0,00:00:00/301-12:19:36,354) [scsi_tmf_1]
(root,0,0,00:00:00/301-12:19:36,356) [scsi_eh_2]
(root,0,0,00:00:00/301-12:19:36,357) [scsi_tmf_2]
(root,0,0,00:48:37/301-12:19:36,360) [irq/16-vmwgfx]
(root,0,0,00:00:00/301-12:19:36,365) [ttm_swap]
(root,0,0,00:00:00/301-12:19:36,374) [mpt_poll_1]
(root,0,0,00:00:00/301-12:19:36,375) [mpt/1]
(root,0,0,00:00:00/301-12:19:36,378) [scsi_eh_3]
(root,0,0,00:00:00/301-12:19:36,379) [scsi_tmf_3]
(root,0,0,00:00:00/301-12:19:36,380) [mpt_poll_2]
(root,0,0,00:00:00/301-12:19:36,381) [mpt/2]
(root,0,0,00:00:00/301-12:19:36,382) [scsi_eh_4]
(root,0,0,00:00:00/301-12:19:36,383) [scsi_tmf_4]
(root,0,0,00:00:00/301-12:19:36,384) [mpt_poll_3]
(root,0,0,00:00:00/301-12:19:36,385) [mpt/3]
(root,0,0,00:00:00/301-12:19:36,386) [scsi_eh_5]
(root,0,0,00:00:00/301-12:19:36,387) [scsi_tmf_5]
(root,0,0,00:00:00/301-12:19:36,451) [kdmflush]
(root,0,0,00:00:00/301-12:19:36,452) [bioset]
(root,0,0,00:00:00/301-12:19:35,462) [kdmflush]
(root,0,0,00:00:00/301-12:19:35,463) [bioset]
(root,0,0,00:00:00/301-12:19:35,476) [bioset]
(root,0,0,00:00:00/301-12:19:35,477) [xfsalloc]
(root,0,0,00:00:00/301-12:19:35,478) [xfs_mru_cache]
(root,0,0,00:00:00/301-12:19:35,479) [xfs-buf/dm-0]
(root,0,0,00:00:00/301-12:19:35,480) [xfs-data/dm-0]
(root,0,0,00:00:00/301-12:19:35,481) [xfs-conv/dm-0]
(root,0,0,00:00:00/301-12:19:35,482) [xfs-cil/dm-0]
(root,0,0,00:00:00/301-12:19:35,483) [xfs-reclaim/dm-]
(root,0,0,00:00:00/301-12:19:35,484) [xfs-log/dm-0]
(root,0,0,00:00:00/301-12:19:35,485) [xfs-eofblocks/d]
(root,0,0,01:42:24/301-12:19:35,486) [xfsaild/dm-0]
(root,0,0,00:00:58/301-12:19:35,487) [kworker/0:1H]
(root,55932,19944,00:23:09/301-12:19:32,567) /usr/lib/systemd/systemd-journald
(root,198568,1580,00:00:03/301-12:19:32,587) /usr/sbin/lvmetad -f
(root,44800,1692,00:00:01/301-12:19:32,600) /usr/lib/systemd/systemd-udevd
(root,0,0,00:00:00/301-12:19:31,729) [xfs-buf/sda1]
(root,0,0,00:00:00/301-12:19:31,730) [xfs-data/sda1]
(root,0,0,00:00:00/301-12:19:31,731) [xfs-conv/sda1]
(root,0,0,00:00:00/301-12:19:31,732) [xfs-cil/sda1]
(root,0,0,00:00:00/301-12:19:31,733) [xfs-reclaim/sda]
(root,0,0,00:00:00/301-12:19:31,734) [xfs-log/sda1]
(root,0,0,00:00:00/301-12:19:31,735) [xfs-eofblocks/s]
(root,0,0,00:00:03/301-12:19:31,744) [xfsaild/sda1]
(root,0,0,00:00:56/301-12:19:31,768) [kworker/1:1H]
(root,55528,1072,00:05:32/301-12:19:31,769) /sbin/auditd
(root,99684,4488,00:00:00/301-12:19:30,791) /usr/bin/VGAuthService -s
(root,305176,5280,04:24:42/301-12:19:30,792) /usr/bin/vmtoolsd
(polkitd,612372,10016,00:00:15/301-12:19:30,797) /usr/lib/polkit-1/polkitd --no-debug
(root,21684,1256,00:15:17/301-12:19:30,805) /usr/sbin/irqbalance --foreground
(root,26380,1684,00:02:14/301-12:19:30,839) /usr/lib/systemd/systemd-logind
(dbus,58236,2340,00:06:23/301-12:19:30,840) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation
(ntp,25728,1932,00:03:49/301-12:19:30,851) /usr/sbin/ntpd -u ntp:ntp -g
(root,476344,8552,00:06:10/301-12:19:30,858) /usr/sbin/NetworkManager --no-daemon
(root,126288,1572,00:00:40/301-12:19:30,862) /usr/sbin/crond -n
(root,110108,804,00:00:00/301-12:19:30,865) /sbin/agetty --noclear tty1 linux
(root,218220,18720,01:14:52/301-12:19:29,1120) /opt/web/powerdns-admin/flask/bin/python3 /opt/web/powerdns-admin/flask/bin/gunicorn --workers 2 --bind unix:/opt/web/powerdns-admin/powerdns-admin.sock app:app
(root,469856,14468,00:28:59/301-12:19:29,1122) /usr/sbin/rsyslogd -n
(root,574200,17260,00:48:40/301-12:19:29,1123) /usr/bin/python2 -Es /usr/sbin/tuned -l -P
(root,112920,4356,00:06:25/301-12:19:29,1126) /usr/sbin/sshd -D
(root,27168,876,00:00:00/301-12:19:29,1160) /usr/sbin/xinetd -stayalive -pidfile /var/run/xinetd.pid
(mysql,1768440,167380,04:04:56/301-12:19:29,1226) /usr/sbin/mysqld
(root,57044,3040,00:00:02/301-12:19:29,1237) nginx: master process /usr/sbin/nginx -c /etc/nginx/nginx.conf
(root,0,0,00:00:06/61-07:21:46,1263) [veeamsnap_log]
(root,0,0,00:00:00/61-07:21:46,1264) [bioset]
(root,0,0,00:00:00/61-07:21:46,1266) [bioset]
(root,0,0,00:00:00/61-07:21:46,1267) [bioset]
(root,1290368,692688,1-00:22:02/301-12:19:28,1334) /usr/bin/python2 -s /usr/bin/fail2ban-server -s /var/run/fail2ban/fail2ban.sock -p /var/run/fail2ban/fail2ban.pid -x -b
(root,90356,2252,00:01:21/301-12:19:28,1412) /usr/libexec/postfix/master -w
(postfix,90636,4360,00:00:19/301-12:19:28,1452) qmgr -l -t unix -u
(root,0,0,00:00:02/06:44:37,5392) [kworker/1:1]
(root,1194016,24392,00:14:15/62-05:44:58,5783) /opt/veeam/transport/veeamtransport --run-service
(root,104896,3036,00:00:00/62-05:44:58,5790) /opt/veeam/transport/veeamtransport --run-environmentsvc 7:6
(root,168292,2192,00:11:28/62-05:44:57,5803) /opt/veeam/transport/veeamimmureposvc --subprocess --log /var/log/VeeamBackup --maxLogSize 15728640 --stdio 10:7
(root,1627728,58508,00:13:34/62-05:44:32,6189) /usr/sbin/veeamworker --pidfile /var/run/veeamservice.pid --daemon
(root,0,0,00:00:00/42:54,9594) [kworker/u4:1]
(root,0,0,00:00:01/31:20,10649) [kworker/0:1]
(postfix,90460,4176,00:00:00/28:25,10925) pickup -l -t unix -u
(root,0,0,00:00:00/27:54,11016) [kworker/u4:0]
(nginx,57468,2492,00:00:00/21:45:38,12071) nginx: worker process
(root,0,0,00:00:00/15:18,12165) [kworker/0:0]
(root,0,0,00:00:00/301-07:15:31,12620) [cifsiod]
(root,0,0,00:00:00/301-07:15:31,12621) [cifsoplockd]
(root,0,0,00:00:00/09:47,12766) [kworker/0:2]
(root,0,0,00:00:00/08:12,12864) [kworker/1:0]
(root,0,0,00:00:00/07:24,12954) [kworker/u4:2]
(root,0,0,00:00:00/03:11,13347) [kworker/1:2]
(root,161528,5804,00:00:00/00:07,13651) sshd: root [priv]
(sshd,112920,2228,00:00:00/00:07,13652) sshd: root [net]
(root,113192,1588,00:00:00/00:00,13828) /bin/bash /usr/bin/check_mk_agent
(root,51752,1680,00:00:00/00:00,13844) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000
(root,13324,928,00:00:00/00:00,13845) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) /
(root,414432,120680,00:09:27/248-07:35:18,14055) /opt/web/powerdns-admin/flask/bin/python3 /opt/web/powerdns-admin/flask/bin/gunicorn --workers 2 --bind unix:/opt/web/powerdns-admin/powerdns-admin.sock app:app
(root,362204,68192,00:09:11/248-07:35:18,14056) /opt/web/powerdns-admin/flask/bin/python3 /opt/web/powerdns-admin/flask/bin/gunicorn --workers 2 --bind unix:/opt/web/powerdns-admin/powerdns-admin.sock app:app
(pdns,1374876,25236,00:49:56/177-13:34:29,20510) /usr/sbin/pdns_server --guardian=no --daemon=no --disable-syslog --no-shuffle --log-timestamp=no --write-pid=no
(root,99932,2244,00:00:00/287-10:03:24,22579) /opt/veeam/deployment/veeamdeploymentsvc --run-service
(root,391024,30640,00:00:20/287-10:03:24,22581) /opt/veeam/deployment/veeamdeploymentsvc --service-process 9:8
(veeam-cd,601912,15316,01:07:46/287-10:03:24,22583) /opt/veeam/deployment/veeamdeploymentsvc --vcp-subprocess 18:17

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: ens35: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether 1e:00:d2:00:05:c4 brd ff:ff:ff:ff:ff:ff
[end_iplink]

Found on 2024-11-14 00:45

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcb76c1b6ce66f06e793f105f6bdf22204e4b112de0

Found public CheckMk agent:
Version: 1.5.0p7
AgentOS: linux
Hostname: master.gi-dns.com
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local

Found process list through CheckMk:
(root,191148,3936,01:21:07/299-12:10:02,1) /usr/lib/systemd/systemd --switched-root --system --deserialize 22
(root,0,0,00:00:06/299-12:10:02,2) [kthreadd]
(root,0,0,00:00:00/299-12:10:02,4) [kworker/0:0H]
(root,0,0,00:10:20/299-12:10:02,6) [ksoftirqd/0]
(root,0,0,00:01:17/299-12:10:02,7) [migration/0]
(root,0,0,00:00:00/299-12:10:02,8) [rcu_bh]
(root,0,0,09:42:29/299-12:10:02,9) [rcu_sched]
(root,0,0,00:00:00/299-12:10:02,10) [lru-add-drain]
(root,0,0,00:01:44/299-12:10:02,11) [watchdog/0]
(root,0,0,00:01:21/299-12:10:02,12) [watchdog/1]
(root,0,0,00:01:21/299-12:10:02,13) [migration/1]
(root,0,0,00:00:57/299-12:10:02,14) [ksoftirqd/1]
(root,0,0,00:00:00/299-12:10:02,16) [kworker/1:0H]
(root,0,0,00:00:00/299-12:10:02,18) [kdevtmpfs]
(root,0,0,00:00:00/299-12:10:02,19) [netns]
(root,0,0,00:00:16/299-12:10:02,20) [khungtaskd]
(root,0,0,00:00:00/299-12:10:02,21) [writeback]
(root,0,0,00:00:00/299-12:10:02,22) [kintegrityd]
(root,0,0,00:00:00/299-12:10:02,23) [bioset]
(root,0,0,00:00:00/299-12:10:02,24) [bioset]
(root,0,0,00:00:00/299-12:10:02,25) [bioset]
(root,0,0,00:00:00/299-12:10:02,26) [kblockd]
(root,0,0,00:00:00/299-12:10:02,27) [md]
(root,0,0,00:00:00/299-12:10:02,28) [edac-poller]
(root,0,0,00:00:00/299-12:10:02,29) [watchdogd]
(root,0,0,00:00:04/299-12:10:02,36) [kswapd0]
(root,0,0,00:00:00/299-12:10:02,37) [ksmd]
(root,0,0,00:01:12/299-12:10:02,38) [khugepaged]
(root,0,0,00:00:00/299-12:10:02,39) [crypto]
(root,0,0,00:00:00/299-12:10:02,47) [kthrotld]
(root,0,0,00:00:00/299-12:10:02,49) [kmpath_rdacd]
(root,0,0,00:00:00/299-12:10:02,50) [kaluad]
(root,0,0,00:00:00/299-12:10:02,51) [kpsmoused]
(root,0,0,00:00:00/299-12:10:02,53) [ipv6_addrconf]
(root,0,0,00:00:00/299-12:10:02,66) [deferwq]
(root,0,0,00:01:04/299-12:10:02,101) [kauditd]
(root,0,0,00:00:00/299-12:10:01,280) [ata_sff]
(root,0,0,00:00:00/299-12:10:01,281) [mpt_poll_0]
(root,0,0,00:00:00/299-12:10:01,282) [nfit]
(root,0,0,00:00:00/299-12:10:01,283) [mpt/0]
(root,0,0,00:00:00/299-12:10:01,311) [scsi_eh_0]
(root,0,0,00:00:00/299-12:10:01,312) [scsi_tmf_0]
(root,0,0,00:00:00/299-12:10:01,353) [scsi_eh_1]
(root,0,0,00:00:00/299-12:10:01,354) [scsi_tmf_1]
(root,0,0,00:00:00/299-12:10:01,356) [scsi_eh_2]
(root,0,0,00:00:00/299-12:10:01,357) [scsi_tmf_2]
(root,0,0,00:48:18/299-12:10:01,360) [irq/16-vmwgfx]
(root,0,0,00:00:00/299-12:10:01,365) [ttm_swap]
(root,0,0,00:00:00/299-12:10:01,374) [mpt_poll_1]
(root,0,0,00:00:00/299-12:10:01,375) [mpt/1]
(root,0,0,00:00:00/299-12:10:01,378) [scsi_eh_3]
(root,0,0,00:00:00/299-12:10:01,379) [scsi_tmf_3]
(root,0,0,00:00:00/299-12:10:01,380) [mpt_poll_2]
(root,0,0,00:00:00/299-12:10:01,381) [mpt/2]
(root,0,0,00:00:00/299-12:10:01,382) [scsi_eh_4]
(root,0,0,00:00:00/299-12:10:01,383) [scsi_tmf_4]
(root,0,0,00:00:00/299-12:10:01,384) [mpt_poll_3]
(root,0,0,00:00:00/299-12:10:01,385) [mpt/3]
(root,0,0,00:00:00/299-12:10:01,386) [scsi_eh_5]
(root,0,0,00:00:00/299-12:10:01,387) [scsi_tmf_5]
(root,0,0,00:00:00/299-12:10:01,451) [kdmflush]
(root,0,0,00:00:00/299-12:10:01,452) [bioset]
(root,0,0,00:00:00/299-12:10:00,462) [kdmflush]
(root,0,0,00:00:00/299-12:10:00,463) [bioset]
(root,0,0,00:00:00/299-12:10:00,476) [bioset]
(root,0,0,00:00:00/299-12:10:00,477) [xfsalloc]
(root,0,0,00:00:00/299-12:10:00,478) [xfs_mru_cache]
(root,0,0,00:00:00/299-12:10:00,479) [xfs-buf/dm-0]
(root,0,0,00:00:00/299-12:10:00,480) [xfs-data/dm-0]
(root,0,0,00:00:00/299-12:10:00,481) [xfs-conv/dm-0]
(root,0,0,00:00:00/299-12:10:00,482) [xfs-cil/dm-0]
(root,0,0,00:00:00/299-12:10:00,483) [xfs-reclaim/dm-]
(root,0,0,00:00:00/299-12:10:00,484) [xfs-log/dm-0]
(root,0,0,00:00:00/299-12:10:00,485) [xfs-eofblocks/d]
(root,0,0,01:41:42/299-12:10:00,486) [xfsaild/dm-0]
(root,0,0,00:00:57/299-12:10:00,487) [kworker/0:1H]
(root,55932,17824,00:22:54/299-12:09:57,567) /usr/lib/systemd/systemd-journald
(root,198568,1576,00:00:03/299-12:09:57,587) /usr/sbin/lvmetad -f
(root,44800,1692,00:00:01/299-12:09:57,600) /usr/lib/systemd/systemd-udevd
(root,0,0,00:00:00/299-12:09:56,729) [xfs-buf/sda1]
(root,0,0,00:00:00/299-12:09:56,730) [xfs-data/sda1]
(root,0,0,00:00:00/299-12:09:56,731) [xfs-conv/sda1]
(root,0,0,00:00:00/299-12:09:56,732) [xfs-cil/sda1]
(root,0,0,00:00:00/299-12:09:56,733) [xfs-reclaim/sda]
(root,0,0,00:00:00/299-12:09:56,734) [xfs-log/sda1]
(root,0,0,00:00:00/299-12:09:56,735) [xfs-eofblocks/s]
(root,0,0,00:00:03/299-12:09:56,744) [xfsaild/sda1]
(root,0,0,00:00:56/299-12:09:56,768) [kworker/1:1H]
(root,55528,1072,00:05:29/299-12:09:56,769) /sbin/auditd
(root,99684,4488,00:00:00/299-12:09:55,791) /usr/bin/VGAuthService -s
(root,305176,5280,04:22:46/299-12:09:55,792) /usr/bin/vmtoolsd
(polkitd,612372,10016,00:00:15/299-12:09:55,797) /usr/lib/polkit-1/polkitd --no-debug
(root,21684,1256,00:15:10/299-12:09:55,805) /usr/sbin/irqbalance --foreground
(root,26380,1684,00:02:13/299-12:09:55,839) /usr/lib/systemd/systemd-logind
(dbus,58236,2340,00:06:21/299-12:09:55,840) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation
(ntp,25728,1932,00:03:48/299-12:09:55,851) /usr/sbin/ntpd -u ntp:ntp -g
(root,476344,8552,00:06:08/299-12:09:55,858) /usr/sbin/NetworkManager --no-daemon
(root,126288,1572,00:00:40/299-12:09:55,862) /usr/sbin/crond -n
(root,110108,804,00:00:00/299-12:09:55,865) /sbin/agetty --noclear tty1 linux
(root,218220,18720,01:14:21/299-12:09:54,1120) /opt/web/powerdns-admin/flask/bin/python3 /opt/web/powerdns-admin/flask/bin/gunicorn --workers 2 --bind unix:/opt/web/powerdns-admin/powerdns-admin.sock app:app
(root,471216,13384,00:28:45/299-12:09:54,1122) /usr/sbin/rsyslogd -n
(root,574200,17260,00:48:20/299-12:09:54,1123) /usr/bin/python2 -Es /usr/sbin/tuned -l -P
(root,112920,4356,00:06:20/299-12:09:54,1126) /usr/sbin/sshd -D
(root,27168,876,00:00:00/299-12:09:54,1160) /usr/sbin/xinetd -stayalive -pidfile /var/run/xinetd.pid
(mysql,1768440,167296,04:03:04/299-12:09:54,1226) /usr/sbin/mysqld
(root,57044,3040,00:00:02/299-12:09:54,1237) nginx: master process /usr/sbin/nginx -c /etc/nginx/nginx.conf
(root,0,0,00:00:06/59-07:12:11,1263) [veeamsnap_log]
(root,0,0,00:00:00/59-07:12:11,1264) [bioset]
(root,0,0,00:00:00/59-07:12:11,1266) [bioset]
(root,0,0,00:00:00/59-07:12:11,1267) [bioset]
(root,0,0,00:00:00/02:15:34,1308) [kworker/u4:0]
(root,1279628,685104,1-00:16:01/299-12:09:53,1334) /usr/bin/python2 -s /usr/bin/fail2ban-server -s /var/run/fail2ban/fail2ban.sock -p /var/run/fail2ban/fail2ban.pid -x -b
(root,90356,2252,00:01:21/299-12:09:53,1412) /usr/libexec/postfix/master -w
(postfix,90636,4360,00:00:19/299-12:09:53,1452) qmgr -l -t unix -u
(root,0,0,00:00:00/01:35:03,5355) [kworker/1:1]
(root,1194016,23696,00:13:48/60-05:35:23,5783) /opt/veeam/transport/veeamtransport --run-service
(root,104896,3036,00:00:00/60-05:35:23,5790) /opt/veeam/transport/veeamtransport --run-environmentsvc 7:6
(root,168292,2192,00:11:06/60-05:35:22,5803) /opt/veeam/transport/veeamimmureposvc --subprocess --log /var/log/VeeamBackup --maxLogSize 15728640 --stdio 10:7
(root,1627728,57404,00:13:14/60-05:34:57,6189) /usr/sbin/veeamworker --pidfile /var/run/veeamservice.pid --daemon
(root,0,0,00:00:00/56:57,9232) [kworker/u4:2]
(postfix,90460,4176,00:00:00/38:20,10982) pickup -l -t unix -u
(root,0,0,00:00:00/35:03,11381) [kworker/1:2]
(root,0,0,00:00:00/299-07:05:56,12620) [cifsiod]
(root,0,0,00:00:00/299-07:05:56,12621) [cifsoplockd]
(root,0,0,00:00:00/08:22,13936) [kworker/0:3]
(root,414432,120680,00:09:17/246-07:25:43,14055) /opt/web/powerdns-admin/flask/bin/python3 /opt/web/powerdns-admin/flask/bin/gunicorn --workers 2 --bind unix:/opt/web/powerdns-admin/powerdns-admin.sock app:app
(root,362204,68192,00:09:04/246-07:25:43,14056) /opt/web/powerdns-admin/flask/bin/python3 /opt/web/powerdns-admin/flask/bin/gunicorn --workers 2 --bind unix:/opt/web/powerdns-admin/powerdns-admin.sock app:app
(root,0,0,00:00:00/03:21,14432) [kworker/0:1]
(root,161528,5832,00:00:00/00:38,14722) sshd: root [priv]
(sshd,112920,2488,00:00:00/00:38,14723) sshd: root [net]
(root,0,0,00:00:00/00:20,14728) [kworker/0:2]
(root,112920,4460,00:00:00/00:01,14729) sshd: [accepted]
(sshd,112920,2488,00:00:00/00:01,14730) sshd: [net]
(root,113192,1584,00:00:00/00:00,14902) /bin/bash /usr/bin/check_mk_agent
(root,51752,1684,00:00:00/00:00,14918) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000
(root,13324,928,00:00:00/00:00,14919) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) /
(nginx,57480,3996,00:00:00/21:36:03,15602) nginx: worker process
(pdns,1374876,24468,00:49:17/175-13:24:54,20510) /usr/sbin/pdns_server --guardian=no --daemon=no --disable-syslog --no-shuffle --log-timestamp=no --write-pid=no
(root,99932,2244,00:00:00/285-09:53:49,22579) /opt/veeam/deployment/veeamdeploymentsvc --run-service
(root,391024,30640,00:00:20/285-09:53:49,22581) /opt/veeam/deployment/veeamdeploymentsvc --service-process 9:8
(veeam-cd,601912,15316,01:07:16/285-09:53:49,22583) /opt/veeam/deployment/veeamdeploymentsvc --vcp-subprocess 18:17
(root,0,0,00:00:06/02:27:44,32361) [kworker/0:0]

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: ens35: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether 1e:00:d2:00:05:c4 brd ff:ff:ff:ff:ff:ff
[end_iplink]

Found on 2024-11-12 00:36

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcb76c1b6ce66f06e793f105f6bdf22204eb7a7db8e

Found public CheckMk agent:
Version: 1.5.0p7
AgentOS: linux
Hostname: master.gi-dns.com
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local

Found process list through CheckMk:
(root,191148,3936,01:20:23/297-11:58:02,1) /usr/lib/systemd/systemd --switched-root --system --deserialize 22
(root,0,0,00:00:06/297-11:58:02,2) [kthreadd]
(root,0,0,00:00:00/297-11:58:02,4) [kworker/0:0H]
(root,0,0,00:10:16/297-11:58:02,6) [ksoftirqd/0]
(root,0,0,00:01:17/297-11:58:02,7) [migration/0]
(root,0,0,00:00:00/297-11:58:02,8) [rcu_bh]
(root,0,0,09:38:47/297-11:58:02,9) [rcu_sched]
(root,0,0,00:00:00/297-11:58:02,10) [lru-add-drain]
(root,0,0,00:01:43/297-11:58:02,11) [watchdog/0]
(root,0,0,00:01:20/297-11:58:02,12) [watchdog/1]
(root,0,0,00:01:21/297-11:58:02,13) [migration/1]
(root,0,0,00:00:57/297-11:58:02,14) [ksoftirqd/1]
(root,0,0,00:00:00/297-11:58:02,16) [kworker/1:0H]
(root,0,0,00:00:00/297-11:58:02,18) [kdevtmpfs]
(root,0,0,00:00:00/297-11:58:02,19) [netns]
(root,0,0,00:00:16/297-11:58:02,20) [khungtaskd]
(root,0,0,00:00:00/297-11:58:02,21) [writeback]
(root,0,0,00:00:00/297-11:58:02,22) [kintegrityd]
(root,0,0,00:00:00/297-11:58:02,23) [bioset]
(root,0,0,00:00:00/297-11:58:02,24) [bioset]
(root,0,0,00:00:00/297-11:58:02,25) [bioset]
(root,0,0,00:00:00/297-11:58:02,26) [kblockd]
(root,0,0,00:00:00/297-11:58:02,27) [md]
(root,0,0,00:00:00/297-11:58:02,28) [edac-poller]
(root,0,0,00:00:00/297-11:58:02,29) [watchdogd]
(root,0,0,00:00:04/297-11:58:02,36) [kswapd0]
(root,0,0,00:00:00/297-11:58:02,37) [ksmd]
(root,0,0,00:01:11/297-11:58:02,38) [khugepaged]
(root,0,0,00:00:00/297-11:58:02,39) [crypto]
(root,0,0,00:00:00/297-11:58:02,47) [kthrotld]
(root,0,0,00:00:00/297-11:58:02,49) [kmpath_rdacd]
(root,0,0,00:00:00/297-11:58:02,50) [kaluad]
(root,0,0,00:00:00/297-11:58:02,51) [kpsmoused]
(root,0,0,00:00:00/297-11:58:02,53) [ipv6_addrconf]
(root,0,0,00:00:00/297-11:58:02,66) [deferwq]
(root,0,0,00:01:04/297-11:58:02,101) [kauditd]
(root,0,0,00:00:00/297-11:58:01,280) [ata_sff]
(root,0,0,00:00:00/297-11:58:01,281) [mpt_poll_0]
(root,0,0,00:00:00/297-11:58:01,282) [nfit]
(root,0,0,00:00:00/297-11:58:01,283) [mpt/0]
(root,0,0,00:00:00/297-11:58:01,311) [scsi_eh_0]
(root,0,0,00:00:00/297-11:58:01,312) [scsi_tmf_0]
(root,0,0,00:00:00/297-11:58:01,353) [scsi_eh_1]
(root,0,0,00:00:00/297-11:58:01,354) [scsi_tmf_1]
(root,0,0,00:00:00/297-11:58:01,356) [scsi_eh_2]
(root,0,0,00:00:00/297-11:58:01,357) [scsi_tmf_2]
(root,0,0,00:47:59/297-11:58:01,360) [irq/16-vmwgfx]
(root,0,0,00:00:00/297-11:58:01,365) [ttm_swap]
(root,0,0,00:00:00/297-11:58:01,374) [mpt_poll_1]
(root,0,0,00:00:00/297-11:58:01,375) [mpt/1]
(root,0,0,00:00:00/297-11:58:01,378) [scsi_eh_3]
(root,0,0,00:00:00/297-11:58:01,379) [scsi_tmf_3]
(root,0,0,00:00:00/297-11:58:01,380) [mpt_poll_2]
(root,0,0,00:00:00/297-11:58:01,381) [mpt/2]
(root,0,0,00:00:00/297-11:58:01,382) [scsi_eh_4]
(root,0,0,00:00:00/297-11:58:01,383) [scsi_tmf_4]
(root,0,0,00:00:00/297-11:58:01,384) [mpt_poll_3]
(root,0,0,00:00:00/297-11:58:01,385) [mpt/3]
(root,0,0,00:00:00/297-11:58:01,386) [scsi_eh_5]
(root,0,0,00:00:00/297-11:58:01,387) [scsi_tmf_5]
(root,0,0,00:00:00/297-11:58:01,451) [kdmflush]
(root,0,0,00:00:00/297-11:58:01,452) [bioset]
(root,0,0,00:00:00/297-11:58:00,462) [kdmflush]
(root,0,0,00:00:00/297-11:58:00,463) [bioset]
(root,0,0,00:00:00/297-11:58:00,476) [bioset]
(root,0,0,00:00:00/297-11:58:00,477) [xfsalloc]
(root,0,0,00:00:00/297-11:58:00,478) [xfs_mru_cache]
(root,0,0,00:00:00/297-11:58:00,479) [xfs-buf/dm-0]
(root,0,0,00:00:00/297-11:58:00,480) [xfs-data/dm-0]
(root,0,0,00:00:00/297-11:58:00,481) [xfs-conv/dm-0]
(root,0,0,00:00:00/297-11:58:00,482) [xfs-cil/dm-0]
(root,0,0,00:00:00/297-11:58:00,483) [xfs-reclaim/dm-]
(root,0,0,00:00:00/297-11:58:00,484) [xfs-log/dm-0]
(root,0,0,00:00:00/297-11:58:00,485) [xfs-eofblocks/d]
(root,0,0,01:41:00/297-11:58:00,486) [xfsaild/dm-0]
(root,0,0,00:00:57/297-11:58:00,487) [kworker/0:1H]
(root,55912,18088,00:22:41/297-11:57:57,567) /usr/lib/systemd/systemd-journald
(root,198568,1576,00:00:03/297-11:57:57,587) /usr/sbin/lvmetad -f
(root,44800,1692,00:00:01/297-11:57:57,600) /usr/lib/systemd/systemd-udevd
(root,0,0,00:00:00/297-11:57:56,729) [xfs-buf/sda1]
(root,0,0,00:00:00/297-11:57:56,730) [xfs-data/sda1]
(root,0,0,00:00:00/297-11:57:56,731) [xfs-conv/sda1]
(root,0,0,00:00:00/297-11:57:56,732) [xfs-cil/sda1]
(root,0,0,00:00:00/297-11:57:56,733) [xfs-reclaim/sda]
(root,0,0,00:00:00/297-11:57:56,734) [xfs-log/sda1]
(root,0,0,00:00:00/297-11:57:56,735) [xfs-eofblocks/s]
(root,0,0,00:00:03/297-11:57:56,744) [xfsaild/sda1]
(root,0,0,00:00:55/297-11:57:56,768) [kworker/1:1H]
(root,55528,1072,00:05:26/297-11:57:56,769) /sbin/auditd
(root,99684,4488,00:00:00/297-11:57:55,791) /usr/bin/VGAuthService -s
(root,305176,5280,04:20:49/297-11:57:55,792) /usr/bin/vmtoolsd
(polkitd,612372,10016,00:00:15/297-11:57:55,797) /usr/lib/polkit-1/polkitd --no-debug
(root,21684,1256,00:15:04/297-11:57:55,805) /usr/sbin/irqbalance --foreground
(root,26380,1684,00:02:12/297-11:57:55,839) /usr/lib/systemd/systemd-logind
(dbus,58236,2340,00:06:18/297-11:57:55,840) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation
(ntp,25728,1932,00:03:46/297-11:57:55,851) /usr/sbin/ntpd -u ntp:ntp -g
(root,476344,8552,00:06:05/297-11:57:55,858) /usr/sbin/NetworkManager --no-daemon
(root,126288,1572,00:00:39/297-11:57:55,862) /usr/sbin/crond -n
(root,110108,804,00:00:00/297-11:57:55,865) /sbin/agetty --noclear tty1 linux
(root,218220,18720,01:13:49/297-11:57:54,1120) /opt/web/powerdns-admin/flask/bin/python3 /opt/web/powerdns-admin/flask/bin/gunicorn --workers 2 --bind unix:/opt/web/powerdns-admin/powerdns-admin.sock app:app
(root,471696,13444,00:28:31/297-11:57:54,1122) /usr/sbin/rsyslogd -n
(root,574200,17260,00:47:59/297-11:57:54,1123) /usr/bin/python2 -Es /usr/sbin/tuned -l -P
(root,112920,4356,00:06:16/297-11:57:54,1126) /usr/sbin/sshd -D
(root,27168,876,00:00:00/297-11:57:54,1160) /usr/sbin/xinetd -stayalive -pidfile /var/run/xinetd.pid
(mysql,1768440,167292,04:01:25/297-11:57:54,1226) /usr/sbin/mysqld
(root,57044,3040,00:00:02/297-11:57:54,1237) nginx: master process /usr/sbin/nginx -c /etc/nginx/nginx.conf
(root,0,0,00:00:06/57-07:00:11,1263) [veeamsnap_log]
(root,0,0,00:00:00/57-07:00:11,1264) [bioset]
(root,0,0,00:00:00/57-07:00:11,1266) [bioset]
(root,0,0,00:00:00/57-07:00:11,1267) [bioset]
(root,1265388,681852,1-00:10:06/297-11:57:53,1334) /usr/bin/python2 -s /usr/bin/fail2ban-server -s /var/run/fail2ban/fail2ban.sock -p /var/run/fail2ban/fail2ban.pid -x -b
(root,90356,2252,00:01:20/297-11:57:53,1412) /usr/libexec/postfix/master -w
(postfix,90636,4360,00:00:19/297-11:57:53,1452) qmgr -l -t unix -u
(root,0,0,00:00:00/02:09:13,5022) [kworker/0:1]
(root,1193852,22468,00:13:22/58-05:23:23,5783) /opt/veeam/transport/veeamtransport --run-service
(root,104896,3036,00:00:00/58-05:23:23,5790) /opt/veeam/transport/veeamtransport --run-environmentsvc 7:6
(root,168292,2192,00:10:43/58-05:23:22,5803) /opt/veeam/transport/veeamimmureposvc --subprocess --log /var/log/VeeamBackup --maxLogSize 15728640 --stdio 10:7
(root,1627728,60248,00:12:54/58-05:22:57,6189) /usr/sbin/veeamworker --pidfile /var/run/veeamservice.pid --daemon
(root,0,0,00:00:00/297-06:53:56,12620) [cifsiod]
(root,0,0,00:00:00/297-06:53:56,12621) [cifsoplockd]
(postfix,90460,4176,00:00:00/45:42,13389) pickup -l -t unix -u
(root,0,0,00:00:00/40:43,13888) [kworker/1:1]
(root,414432,120680,00:09:13/244-07:13:43,14055) /opt/web/powerdns-admin/flask/bin/python3 /opt/web/powerdns-admin/flask/bin/gunicorn --workers 2 --bind unix:/opt/web/powerdns-admin/powerdns-admin.sock app:app
(root,362204,68192,00:09:00/244-07:13:43,14056) /opt/web/powerdns-admin/flask/bin/python3 /opt/web/powerdns-admin/flask/bin/gunicorn --workers 2 --bind unix:/opt/web/powerdns-admin/powerdns-admin.sock app:app
(root,0,0,00:00:00/23:10,15591) [kworker/u4:1]
(root,0,0,00:00:01/23:03,15608) [kworker/0:0]
(root,0,0,00:00:00/14:39,16480) [kworker/u4:0]
(root,0,0,00:00:00/05:38,17357) [kworker/1:2]
(root,158804,5312,00:00:00/01:03,17756) sshd: unknown [priv]
(sshd,112920,2228,00:00:00/01:03,17757) sshd: unknown [net]
(root,0,0,00:00:00/00:37,17853) [kworker/1:0]
(root,113320,1620,00:00:00/00:00,17854) /bin/bash /usr/bin/check_mk_agent
(root,113192,1596,00:00:00/00:00,17872) /bin/bash /usr/bin/check_mk_agent
(root,113192,1588,00:00:00/00:00,17944) /bin/bash /usr/bin/check_mk_agent
(root,0,0,00:00:00/00:00,17974) [check_mk_agent] <defunct>
(root,51752,1680,00:00:00/00:00,17978) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000
(root,13324,928,00:00:00/00:00,17979) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) /
(nginx,57468,2540,00:00:00/21:24:03,18822) nginx: worker process
(pdns,1374876,24588,00:48:42/173-13:12:54,20510) /usr/sbin/pdns_server --guardian=no --daemon=no --disable-syslog --no-shuffle --log-timestamp=no --write-pid=no
(root,99932,2244,00:00:00/283-09:41:49,22579) /opt/veeam/deployment/veeamdeploymentsvc --run-service
(root,391024,30640,00:00:20/283-09:41:49,22581) /opt/veeam/deployment/veeamdeploymentsvc --service-process 9:8
(veeam-cd,601912,15316,01:06:45/283-09:41:49,22583) /opt/veeam/deployment/veeamdeploymentsvc --vcp-subprocess 18:17

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: ens35: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether 1e:00:d2:00:05:c4 brd ff:ff:ff:ff:ff:ff
[end_iplink]

Found on 2024-11-10 00:24

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcb76c1b6ce66f06e793f105f6bdf22204e3929f7bc

Found public CheckMk agent:
Version: 1.5.0p7
AgentOS: linux
Hostname: master.gi-dns.com
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local

Found process list through CheckMk:
(root,191148,3936,01:19:39/295-10:16:14,1) /usr/lib/systemd/systemd --switched-root --system --deserialize 22
(root,0,0,00:00:06/295-10:16:14,2) [kthreadd]
(root,0,0,00:00:00/295-10:16:14,4) [kworker/0:0H]
(root,0,0,00:10:11/295-10:16:14,6) [ksoftirqd/0]
(root,0,0,00:01:16/295-10:16:14,7) [migration/0]
(root,0,0,00:00:00/295-10:16:14,8) [rcu_bh]
(root,0,0,09:34:44/295-10:16:14,9) [rcu_sched]
(root,0,0,00:00:00/295-10:16:14,10) [lru-add-drain]
(root,0,0,00:01:43/295-10:16:14,11) [watchdog/0]
(root,0,0,00:01:20/295-10:16:14,12) [watchdog/1]
(root,0,0,00:01:20/295-10:16:14,13) [migration/1]
(root,0,0,00:00:56/295-10:16:14,14) [ksoftirqd/1]
(root,0,0,00:00:00/295-10:16:14,16) [kworker/1:0H]
(root,0,0,00:00:00/295-10:16:14,18) [kdevtmpfs]
(root,0,0,00:00:00/295-10:16:14,19) [netns]
(root,0,0,00:00:16/295-10:16:14,20) [khungtaskd]
(root,0,0,00:00:00/295-10:16:14,21) [writeback]
(root,0,0,00:00:00/295-10:16:14,22) [kintegrityd]
(root,0,0,00:00:00/295-10:16:14,23) [bioset]
(root,0,0,00:00:00/295-10:16:14,24) [bioset]
(root,0,0,00:00:00/295-10:16:14,25) [bioset]
(root,0,0,00:00:00/295-10:16:14,26) [kblockd]
(root,0,0,00:00:00/295-10:16:14,27) [md]
(root,0,0,00:00:00/295-10:16:14,28) [edac-poller]
(root,0,0,00:00:00/295-10:16:14,29) [watchdogd]
(root,0,0,00:00:04/295-10:16:14,36) [kswapd0]
(root,0,0,00:00:00/295-10:16:14,37) [ksmd]
(root,0,0,00:01:11/295-10:16:14,38) [khugepaged]
(root,0,0,00:00:00/295-10:16:14,39) [crypto]
(root,0,0,00:00:00/295-10:16:14,47) [kthrotld]
(root,0,0,00:00:00/295-10:16:14,49) [kmpath_rdacd]
(root,0,0,00:00:00/295-10:16:14,50) [kaluad]
(root,0,0,00:00:00/295-10:16:14,51) [kpsmoused]
(root,0,0,00:00:00/295-10:16:14,53) [ipv6_addrconf]
(root,0,0,00:00:00/295-10:16:14,66) [deferwq]
(root,0,0,00:01:03/295-10:16:14,101) [kauditd]
(root,0,0,00:00:00/295-10:16:13,280) [ata_sff]
(root,0,0,00:00:00/295-10:16:13,281) [mpt_poll_0]
(root,0,0,00:00:00/295-10:16:13,282) [nfit]
(root,0,0,00:00:00/295-10:16:13,283) [mpt/0]
(root,0,0,00:00:00/295-10:16:13,311) [scsi_eh_0]
(root,0,0,00:00:00/295-10:16:13,312) [scsi_tmf_0]
(root,0,0,00:00:00/295-10:16:13,353) [scsi_eh_1]
(root,0,0,00:00:00/295-10:16:13,354) [scsi_tmf_1]
(root,0,0,00:00:00/295-10:16:13,356) [scsi_eh_2]
(root,0,0,00:00:00/295-10:16:13,357) [scsi_tmf_2]
(root,0,0,00:47:39/295-10:16:13,360) [irq/16-vmwgfx]
(root,0,0,00:00:00/295-10:16:13,365) [ttm_swap]
(root,0,0,00:00:00/295-10:16:13,374) [mpt_poll_1]
(root,0,0,00:00:00/295-10:16:13,375) [mpt/1]
(root,0,0,00:00:00/295-10:16:13,378) [scsi_eh_3]
(root,0,0,00:00:00/295-10:16:13,379) [scsi_tmf_3]
(root,0,0,00:00:00/295-10:16:13,380) [mpt_poll_2]
(root,0,0,00:00:00/295-10:16:13,381) [mpt/2]
(root,0,0,00:00:00/295-10:16:13,382) [scsi_eh_4]
(root,0,0,00:00:00/295-10:16:13,383) [scsi_tmf_4]
(root,0,0,00:00:00/295-10:16:13,384) [mpt_poll_3]
(root,0,0,00:00:00/295-10:16:13,385) [mpt/3]
(root,0,0,00:00:00/295-10:16:13,386) [scsi_eh_5]
(root,0,0,00:00:00/295-10:16:13,387) [scsi_tmf_5]
(root,0,0,00:00:00/295-10:16:13,451) [kdmflush]
(root,0,0,00:00:00/295-10:16:13,452) [bioset]
(root,0,0,00:00:00/295-10:16:12,462) [kdmflush]
(root,0,0,00:00:00/295-10:16:12,463) [bioset]
(root,0,0,00:00:00/295-10:16:12,476) [bioset]
(root,0,0,00:00:00/295-10:16:12,477) [xfsalloc]
(root,0,0,00:00:00/295-10:16:12,478) [xfs_mru_cache]
(root,0,0,00:00:00/295-10:16:12,479) [xfs-buf/dm-0]
(root,0,0,00:00:00/295-10:16:12,480) [xfs-data/dm-0]
(root,0,0,00:00:00/295-10:16:12,481) [xfs-conv/dm-0]
(root,0,0,00:00:00/295-10:16:12,482) [xfs-cil/dm-0]
(root,0,0,00:00:00/295-10:16:12,483) [xfs-reclaim/dm-]
(root,0,0,00:00:00/295-10:16:12,484) [xfs-log/dm-0]
(root,0,0,00:00:00/295-10:16:12,485) [xfs-eofblocks/d]
(root,0,0,01:40:17/295-10:16:12,486) [xfsaild/dm-0]
(root,0,0,00:00:57/295-10:16:12,487) [kworker/0:1H]
(root,47748,14592,00:22:27/295-10:16:09,567) /usr/lib/systemd/systemd-journald
(root,198568,1576,00:00:03/295-10:16:09,587) /usr/sbin/lvmetad -f
(root,44800,1692,00:00:01/295-10:16:09,600) /usr/lib/systemd/systemd-udevd
(root,0,0,00:00:00/295-10:16:08,729) [xfs-buf/sda1]
(root,0,0,00:00:00/295-10:16:08,730) [xfs-data/sda1]
(root,0,0,00:00:00/295-10:16:08,731) [xfs-conv/sda1]
(root,0,0,00:00:00/295-10:16:08,732) [xfs-cil/sda1]
(root,0,0,00:00:00/295-10:16:08,733) [xfs-reclaim/sda]
(root,0,0,00:00:00/295-10:16:08,734) [xfs-log/sda1]
(root,0,0,00:00:00/295-10:16:08,735) [xfs-eofblocks/s]
(root,0,0,00:00:03/295-10:16:08,744) [xfsaild/sda1]
(root,0,0,00:00:55/295-10:16:08,768) [kworker/1:1H]
(root,55528,1072,00:05:22/295-10:16:08,769) /sbin/auditd
(root,99684,4488,00:00:00/295-10:16:07,791) /usr/bin/VGAuthService -s
(root,305176,5280,04:18:49/295-10:16:07,792) /usr/bin/vmtoolsd
(polkitd,612372,10016,00:00:15/295-10:16:07,797) /usr/lib/polkit-1/polkitd --no-debug
(root,21684,1256,00:14:57/295-10:16:07,805) /usr/sbin/irqbalance --foreground
(root,26380,1684,00:02:12/295-10:16:07,839) /usr/lib/systemd/systemd-logind
(dbus,58236,2340,00:06:15/295-10:16:07,840) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation
(ntp,25728,1932,00:03:45/295-10:16:07,851) /usr/sbin/ntpd -u ntp:ntp -g
(root,476344,8552,00:06:02/295-10:16:07,858) /usr/sbin/NetworkManager --no-daemon
(root,126288,1572,00:00:39/295-10:16:07,862) /usr/sbin/crond -n
(root,110108,804,00:00:00/295-10:16:07,865) /sbin/agetty --noclear tty1 linux
(root,218220,18720,01:13:17/295-10:16:06,1120) /opt/web/powerdns-admin/flask/bin/python3 /opt/web/powerdns-admin/flask/bin/gunicorn --workers 2 --bind unix:/opt/web/powerdns-admin/powerdns-admin.sock app:app
(root,464112,12196,00:28:17/295-10:16:06,1122) /usr/sbin/rsyslogd -n
(root,574200,17260,00:47:37/295-10:16:06,1123) /usr/bin/python2 -Es /usr/sbin/tuned -l -P
(root,112920,4356,00:06:11/295-10:16:06,1126) /usr/sbin/sshd -D
(root,27168,876,00:00:00/295-10:16:06,1160) /usr/sbin/xinetd -stayalive -pidfile /var/run/xinetd.pid
(mysql,1768440,167292,03:59:47/295-10:16:06,1226) /usr/sbin/mysqld
(root,57044,3040,00:00:02/295-10:16:06,1237) nginx: master process /usr/sbin/nginx -c /etc/nginx/nginx.conf
(root,0,0,00:00:06/55-05:18:23,1263) [veeamsnap_log]
(root,0,0,00:00:00/55-05:18:23,1264) [bioset]
(root,0,0,00:00:00/55-05:18:23,1266) [bioset]
(root,0,0,00:00:00/55-05:18:23,1267) [bioset]
(root,1242648,676524,1-00:04:30/295-10:16:05,1334) /usr/bin/python2 -s /usr/bin/fail2ban-server -s /var/run/fail2ban/fail2ban.sock -p /var/run/fail2ban/fail2ban.pid -x -b
(root,90356,2252,00:01:20/295-10:16:05,1412) /usr/libexec/postfix/master -w
(postfix,90636,4360,00:00:19/295-10:16:05,1452) qmgr -l -t unix -u
(root,0,0,00:00:00/01:12:13,4183) [kworker/u4:1]
(postfix,90460,4180,00:00:00/01:03:20,5112) pickup -l -t unix -u
(root,1193852,22468,00:12:55/56-03:41:35,5783) /opt/veeam/transport/veeamtransport --run-service
(root,104896,3036,00:00:00/56-03:41:35,5790) /opt/veeam/transport/veeamtransport --run-environmentsvc 7:6
(root,168292,2192,00:10:20/56-03:41:34,5803) /opt/veeam/transport/veeamimmureposvc --subprocess --log /var/log/VeeamBackup --maxLogSize 15728640 --stdio 10:7
(root,1627728,59644,00:11:33/56-03:41:09,6189) /usr/sbin/veeamworker --pidfile /var/run/veeamservice.pid --daemon
(root,0,0,00:00:23/05:43:39,8000) [kworker/0:0]
(root,0,0,00:00:00/21:11,9158) [kworker/1:1]
(root,0,0,00:00:00/10:40,10065) [kworker/1:2]
(root,0,0,00:00:00/08:30,10251) [kworker/0:1]
(root,0,0,00:00:00/08:21,10341) [kworker/u4:0]
(root,0,0,00:00:00/05:09,10617) [kworker/1:0]
(root,0,0,00:00:00/03:29,10707) [kworker/0:2]
(root,113320,1664,00:00:00/00:00,11068) /bin/bash /usr/bin/check_mk_agent
(root,113320,1616,00:00:00/00:00,11103) /bin/bash /usr/bin/check_mk_agent
(root,113192,1584,00:00:00/00:00,11155) /bin/bash /usr/bin/check_mk_agent
(root,51752,1684,00:00:00/00:00,11199) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000
(root,13324,928,00:00:00/00:00,11201) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) /
(root,0,0,00:00:00/295-05:12:08,12620) [cifsiod]
(root,0,0,00:00:00/295-05:12:08,12621) [cifsoplockd]
(root,414432,120680,00:09:10/242-05:31:55,14055) /opt/web/powerdns-admin/flask/bin/python3 /opt/web/powerdns-admin/flask/bin/gunicorn --workers 2 --bind unix:/opt/web/powerdns-admin/powerdns-admin.sock app:app
(root,362204,68192,00:08:57/242-05:31:55,14056) /opt/web/powerdns-admin/flask/bin/python3 /opt/web/powerdns-admin/flask/bin/gunicorn --workers 2 --bind unix:/opt/web/powerdns-admin/powerdns-admin.sock app:app
(pdns,1374876,24588,00:48:05/171-11:31:06,20510) /usr/sbin/pdns_server --guardian=no --daemon=no --disable-syslog --no-shuffle --log-timestamp=no --write-pid=no
(nginx,57472,2556,00:00:00/19:42:15,21972) nginx: worker process
(root,99932,2244,00:00:00/281-08:00:01,22579) /opt/veeam/deployment/veeamdeploymentsvc --run-service
(root,391024,30640,00:00:20/281-08:00:01,22581) /opt/veeam/deployment/veeamdeploymentsvc --service-process 9:8
(veeam-cd,601912,15316,01:06:13/281-08:00:01,22583) /opt/veeam/deployment/veeamdeploymentsvc --vcp-subprocess 18:17

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: ens35: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether 1e:00:d2:00:05:c4 brd ff:ff:ff:ff:ff:ff
[end_iplink]

Found on 2024-11-07 22:42

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcb76c1b6ce66f06e793f105f6bdf22204e2aa8d492

Found public CheckMk agent:
Version: 1.5.0p7
AgentOS: linux
Hostname: master.gi-dns.com
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local

Found process list through CheckMk:
(root,191148,3936,01:18:56/293-10:10:19,1) /usr/lib/systemd/systemd --switched-root --system --deserialize 22
(root,0,0,00:00:06/293-10:10:19,2) [kthreadd]
(root,0,0,00:00:00/293-10:10:19,4) [kworker/0:0H]
(root,0,0,00:10:08/293-10:10:19,6) [ksoftirqd/0]
(root,0,0,00:01:15/293-10:10:19,7) [migration/0]
(root,0,0,00:00:00/293-10:10:19,8) [rcu_bh]
(root,0,0,09:31:14/293-10:10:19,9) [rcu_sched]
(root,0,0,00:00:00/293-10:10:19,10) [lru-add-drain]
(root,0,0,00:01:42/293-10:10:19,11) [watchdog/0]
(root,0,0,00:01:19/293-10:10:19,12) [watchdog/1]
(root,0,0,00:01:19/293-10:10:19,13) [migration/1]
(root,0,0,00:00:56/293-10:10:19,14) [ksoftirqd/1]
(root,0,0,00:00:00/293-10:10:19,16) [kworker/1:0H]
(root,0,0,00:00:00/293-10:10:19,18) [kdevtmpfs]
(root,0,0,00:00:00/293-10:10:19,19) [netns]
(root,0,0,00:00:16/293-10:10:19,20) [khungtaskd]
(root,0,0,00:00:00/293-10:10:19,21) [writeback]
(root,0,0,00:00:00/293-10:10:19,22) [kintegrityd]
(root,0,0,00:00:00/293-10:10:19,23) [bioset]
(root,0,0,00:00:00/293-10:10:19,24) [bioset]
(root,0,0,00:00:00/293-10:10:19,25) [bioset]
(root,0,0,00:00:00/293-10:10:19,26) [kblockd]
(root,0,0,00:00:00/293-10:10:19,27) [md]
(root,0,0,00:00:00/293-10:10:19,28) [edac-poller]
(root,0,0,00:00:00/293-10:10:19,29) [watchdogd]
(root,0,0,00:00:04/293-10:10:19,36) [kswapd0]
(root,0,0,00:00:00/293-10:10:19,37) [ksmd]
(root,0,0,00:01:11/293-10:10:19,38) [khugepaged]
(root,0,0,00:00:00/293-10:10:19,39) [crypto]
(root,0,0,00:00:00/293-10:10:19,47) [kthrotld]
(root,0,0,00:00:00/293-10:10:19,49) [kmpath_rdacd]
(root,0,0,00:00:00/293-10:10:19,50) [kaluad]
(root,0,0,00:00:00/293-10:10:19,51) [kpsmoused]
(root,0,0,00:00:00/293-10:10:19,53) [ipv6_addrconf]
(root,0,0,00:00:00/293-10:10:19,66) [deferwq]
(root,0,0,00:01:02/293-10:10:19,101) [kauditd]
(root,0,0,00:00:00/293-10:10:18,280) [ata_sff]
(root,0,0,00:00:00/293-10:10:18,281) [mpt_poll_0]
(root,0,0,00:00:00/293-10:10:18,282) [nfit]
(root,0,0,00:00:00/293-10:10:18,283) [mpt/0]
(root,0,0,00:00:00/293-10:10:18,311) [scsi_eh_0]
(root,0,0,00:00:00/293-10:10:18,312) [scsi_tmf_0]
(root,0,0,00:00:00/293-10:10:18,353) [scsi_eh_1]
(root,0,0,00:00:00/293-10:10:18,354) [scsi_tmf_1]
(root,0,0,00:00:00/293-10:10:18,356) [scsi_eh_2]
(root,0,0,00:00:00/293-10:10:18,357) [scsi_tmf_2]
(root,0,0,00:47:20/293-10:10:18,360) [irq/16-vmwgfx]
(root,0,0,00:00:00/293-10:10:18,365) [ttm_swap]
(root,0,0,00:00:00/293-10:10:18,374) [mpt_poll_1]
(root,0,0,00:00:00/293-10:10:18,375) [mpt/1]
(root,0,0,00:00:00/293-10:10:18,378) [scsi_eh_3]
(root,0,0,00:00:00/293-10:10:18,379) [scsi_tmf_3]
(root,0,0,00:00:00/293-10:10:18,380) [mpt_poll_2]
(root,0,0,00:00:00/293-10:10:18,381) [mpt/2]
(root,0,0,00:00:00/293-10:10:18,382) [scsi_eh_4]
(root,0,0,00:00:00/293-10:10:18,383) [scsi_tmf_4]
(root,0,0,00:00:00/293-10:10:18,384) [mpt_poll_3]
(root,0,0,00:00:00/293-10:10:18,385) [mpt/3]
(root,0,0,00:00:00/293-10:10:18,386) [scsi_eh_5]
(root,0,0,00:00:00/293-10:10:18,387) [scsi_tmf_5]
(root,0,0,00:00:00/293-10:10:18,451) [kdmflush]
(root,0,0,00:00:00/293-10:10:18,452) [bioset]
(root,0,0,00:00:00/293-10:10:17,462) [kdmflush]
(root,0,0,00:00:00/293-10:10:17,463) [bioset]
(root,0,0,00:00:00/293-10:10:17,476) [bioset]
(root,0,0,00:00:00/293-10:10:17,477) [xfsalloc]
(root,0,0,00:00:00/293-10:10:17,478) [xfs_mru_cache]
(root,0,0,00:00:00/293-10:10:17,479) [xfs-buf/dm-0]
(root,0,0,00:00:00/293-10:10:17,480) [xfs-data/dm-0]
(root,0,0,00:00:00/293-10:10:17,481) [xfs-conv/dm-0]
(root,0,0,00:00:00/293-10:10:17,482) [xfs-cil/dm-0]
(root,0,0,00:00:00/293-10:10:17,483) [xfs-reclaim/dm-]
(root,0,0,00:00:00/293-10:10:17,484) [xfs-log/dm-0]
(root,0,0,00:00:00/293-10:10:17,485) [xfs-eofblocks/d]
(root,0,0,01:39:35/293-10:10:17,486) [xfsaild/dm-0]
(root,0,0,00:00:56/293-10:10:17,487) [kworker/0:1H]
(root,39556,8720,00:22:12/293-10:10:14,567) /usr/lib/systemd/systemd-journald
(root,198568,1572,00:00:03/293-10:10:14,587) /usr/sbin/lvmetad -f
(root,44800,1692,00:00:01/293-10:10:14,600) /usr/lib/systemd/systemd-udevd
(root,0,0,00:00:00/293-10:10:13,729) [xfs-buf/sda1]
(root,0,0,00:00:00/293-10:10:13,730) [xfs-data/sda1]
(root,0,0,00:00:00/293-10:10:13,731) [xfs-conv/sda1]
(root,0,0,00:00:00/293-10:10:13,732) [xfs-cil/sda1]
(root,0,0,00:00:00/293-10:10:13,733) [xfs-reclaim/sda]
(root,0,0,00:00:00/293-10:10:13,734) [xfs-log/sda1]
(root,0,0,00:00:00/293-10:10:13,735) [xfs-eofblocks/s]
(root,0,0,00:00:03/293-10:10:13,744) [xfsaild/sda1]
(root,0,0,00:00:54/293-10:10:13,768) [kworker/1:1H]
(root,55528,1072,00:05:19/293-10:10:13,769) /sbin/auditd
(root,99684,4488,00:00:00/293-10:10:12,791) /usr/bin/VGAuthService -s
(root,305176,5280,04:16:54/293-10:10:12,792) /usr/bin/vmtoolsd
(polkitd,612372,10016,00:00:15/293-10:10:12,797) /usr/lib/polkit-1/polkitd --no-debug
(root,21684,1256,00:14:50/293-10:10:12,805) /usr/sbin/irqbalance --foreground
(root,26380,1684,00:02:11/293-10:10:12,839) /usr/lib/systemd/systemd-logind
(dbus,58236,2340,00:06:13/293-10:10:12,840) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation
(ntp,25728,1932,00:03:43/293-10:10:12,851) /usr/sbin/ntpd -u ntp:ntp -g
(root,476344,8552,00:06:00/293-10:10:12,858) /usr/sbin/NetworkManager --no-daemon
(root,126288,1572,00:00:39/293-10:10:12,862) /usr/sbin/crond -n
(root,110108,804,00:00:00/293-10:10:12,865) /sbin/agetty --noclear tty1 linux
(root,218220,18720,01:12:46/293-10:10:11,1120) /opt/web/powerdns-admin/flask/bin/python3 /opt/web/powerdns-admin/flask/bin/gunicorn --workers 2 --bind unix:/opt/web/powerdns-admin/powerdns-admin.sock app:app
(root,456824,9384,00:28:04/293-10:10:11,1122) /usr/sbin/rsyslogd -n
(root,574200,17260,00:47:17/293-10:10:11,1123) /usr/bin/python2 -Es /usr/sbin/tuned -l -P
(root,112920,4356,00:06:07/293-10:10:11,1126) /usr/sbin/sshd -D
(root,27168,876,00:00:00/293-10:10:11,1160) /usr/sbin/xinetd -stayalive -pidfile /var/run/xinetd.pid
(mysql,1768440,167292,03:58:13/293-10:10:11,1226) /usr/sbin/mysqld
(root,57044,3040,00:00:02/293-10:10:11,1237) nginx: master process /usr/sbin/nginx -c /etc/nginx/nginx.conf
(root,0,0,00:00:05/53-05:12:28,1263) [veeamsnap_log]
(root,0,0,00:00:00/53-05:12:28,1264) [bioset]
(root,0,0,00:00:00/53-05:12:28,1266) [bioset]
(root,0,0,00:00:00/53-05:12:28,1267) [bioset]
(root,1218692,668332,23:58:18/293-10:10:10,1334) /usr/bin/python2 -s /usr/bin/fail2ban-server -s /var/run/fail2ban/fail2ban.sock -p /var/run/fail2ban/fail2ban.pid -x -b
(root,90356,2252,00:01:19/293-10:10:10,1412) /usr/libexec/postfix/master -w
(postfix,90636,4360,00:00:19/293-10:10:10,1452) qmgr -l -t unix -u
(postfix,90460,4176,00:00:00/01:16:48,2320) pickup -l -t unix -u
(root,1193852,22468,00:12:29/54-03:35:40,5783) /opt/veeam/transport/veeamtransport --run-service
(root,104896,3036,00:00:00/54-03:35:40,5790) /opt/veeam/transport/veeamtransport --run-environmentsvc 7:6
(root,168292,2192,00:09:58/54-03:35:39,5803) /opt/veeam/transport/veeamimmureposvc --subprocess --log /var/log/VeeamBackup --maxLogSize 15728640 --stdio 10:7
(root,1627728,60108,00:11:11/54-03:35:14,6189) /usr/sbin/veeamworker --pidfile /var/run/veeamservice.pid --daemon
(root,0,0,00:00:00/17:09,8009) [kworker/1:0]
(root,0,0,00:00:00/12:02,8579) [kworker/u4:2]
(root,0,0,00:00:00/06:37,9041) [kworker/1:1]
(root,0,0,00:00:00/06:25,9042) [kworker/u4:0]
(root,161528,5832,00:00:00/01:56,9526) sshd: root [priv]
(sshd,112920,2488,00:00:00/01:55,9527) sshd: root [net]
(root,0,0,00:00:00/01:07,9534) [kworker/1:2]
(root,113192,1584,00:00:00/00:00,9877) /bin/bash /usr/bin/check_mk_agent
(root,51752,1680,00:00:00/00:00,9893) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000
(root,13324,928,00:00:00/00:00,9894) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) /
(root,0,0,00:00:00/293-05:06:13,12620) [cifsiod]
(root,0,0,00:00:00/293-05:06:13,12621) [cifsoplockd]
(root,414432,120680,00:09:07/240-05:26:00,14055) /opt/web/powerdns-admin/flask/bin/python3 /opt/web/powerdns-admin/flask/bin/gunicorn --workers 2 --bind unix:/opt/web/powerdns-admin/powerdns-admin.sock app:app
(root,362204,68192,00:08:54/240-05:26:00,14056) /opt/web/powerdns-admin/flask/bin/python3 /opt/web/powerdns-admin/flask/bin/gunicorn --workers 2 --bind unix:/opt/web/powerdns-admin/powerdns-admin.sock app:app
(nginx,57484,3944,00:00:00/19:36:20,20276) nginx: worker process
(pdns,1374876,24588,00:47:31/169-11:25:11,20510) /usr/sbin/pdns_server --guardian=no --daemon=no --disable-syslog --no-shuffle --log-timestamp=no --write-pid=no
(root,99932,2244,00:00:00/279-07:54:06,22579) /opt/veeam/deployment/veeamdeploymentsvc --run-service
(root,391024,30640,00:00:20/279-07:54:06,22581) /opt/veeam/deployment/veeamdeploymentsvc --service-process 9:8
(veeam-cd,601912,15316,01:05:42/279-07:54:06,22583) /opt/veeam/deployment/veeamdeploymentsvc --vcp-subprocess 18:17
(root,0,0,00:00:01/1-05:00:07,26577) [kworker/0:0]
(root,0,0,00:02:03/1-04:36:03,29171) [kworker/0:1]
(root,0,0,00:00:04/1-04:31:01,30206) [kworker/0:2]

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: ens35: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether 1e:00:d2:00:05:c4 brd ff:ff:ff:ff:ff:ff
[end_iplink]

Found on 2024-11-05 22:36

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcb76c1b6ce66f06e793f105f6bdf22204e390cf6a7

Found public CheckMk agent:
Version: 1.5.0p7
AgentOS: linux
Hostname: master.gi-dns.com
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local

Found process list through CheckMk:
(root,191148,3936,01:18:15/291-12:19:29,1) /usr/lib/systemd/systemd --switched-root --system --deserialize 22
(root,0,0,00:00:06/291-12:19:29,2) [kthreadd]
(root,0,0,00:00:00/291-12:19:29,4) [kworker/0:0H]
(root,0,0,00:10:05/291-12:19:29,6) [ksoftirqd/0]
(root,0,0,00:01:15/291-12:19:29,7) [migration/0]
(root,0,0,00:00:00/291-12:19:29,8) [rcu_bh]
(root,0,0,09:28:04/291-12:19:29,9) [rcu_sched]
(root,0,0,00:00:00/291-12:19:29,10) [lru-add-drain]
(root,0,0,00:01:41/291-12:19:29,11) [watchdog/0]
(root,0,0,00:01:19/291-12:19:29,12) [watchdog/1]
(root,0,0,00:01:19/291-12:19:29,13) [migration/1]
(root,0,0,00:00:56/291-12:19:29,14) [ksoftirqd/1]
(root,0,0,00:00:00/291-12:19:29,16) [kworker/1:0H]
(root,0,0,00:00:00/291-12:19:29,18) [kdevtmpfs]
(root,0,0,00:00:00/291-12:19:29,19) [netns]
(root,0,0,00:00:16/291-12:19:29,20) [khungtaskd]
(root,0,0,00:00:00/291-12:19:29,21) [writeback]
(root,0,0,00:00:00/291-12:19:29,22) [kintegrityd]
(root,0,0,00:00:00/291-12:19:29,23) [bioset]
(root,0,0,00:00:00/291-12:19:29,24) [bioset]
(root,0,0,00:00:00/291-12:19:29,25) [bioset]
(root,0,0,00:00:00/291-12:19:29,26) [kblockd]
(root,0,0,00:00:00/291-12:19:29,27) [md]
(root,0,0,00:00:00/291-12:19:29,28) [edac-poller]
(root,0,0,00:00:00/291-12:19:29,29) [watchdogd]
(root,0,0,00:00:04/291-12:19:29,36) [kswapd0]
(root,0,0,00:00:00/291-12:19:29,37) [ksmd]
(root,0,0,00:01:10/291-12:19:29,38) [khugepaged]
(root,0,0,00:00:00/291-12:19:29,39) [crypto]
(root,0,0,00:00:00/291-12:19:29,47) [kthrotld]
(root,0,0,00:00:00/291-12:19:29,49) [kmpath_rdacd]
(root,0,0,00:00:00/291-12:19:29,50) [kaluad]
(root,0,0,00:00:00/291-12:19:29,51) [kpsmoused]
(root,0,0,00:00:00/291-12:19:29,53) [ipv6_addrconf]
(root,0,0,00:00:00/291-12:19:29,66) [deferwq]
(root,0,0,00:01:02/291-12:19:29,101) [kauditd]
(root,0,0,00:00:00/291-12:19:28,280) [ata_sff]
(root,0,0,00:00:00/291-12:19:28,281) [mpt_poll_0]
(root,0,0,00:00:00/291-12:19:28,282) [nfit]
(root,0,0,00:00:00/291-12:19:28,283) [mpt/0]
(root,0,0,00:00:00/291-12:19:28,311) [scsi_eh_0]
(root,0,0,00:00:00/291-12:19:28,312) [scsi_tmf_0]
(root,0,0,00:00:00/291-12:19:28,353) [scsi_eh_1]
(root,0,0,00:00:00/291-12:19:28,354) [scsi_tmf_1]
(root,0,0,00:00:00/291-12:19:28,356) [scsi_eh_2]
(root,0,0,00:00:00/291-12:19:28,357) [scsi_tmf_2]
(root,0,0,00:47:02/291-12:19:28,360) [irq/16-vmwgfx]
(root,0,0,00:00:00/291-12:19:28,365) [ttm_swap]
(root,0,0,00:00:00/291-12:19:28,374) [mpt_poll_1]
(root,0,0,00:00:00/291-12:19:28,375) [mpt/1]
(root,0,0,00:00:00/291-12:19:28,378) [scsi_eh_3]
(root,0,0,00:00:00/291-12:19:28,379) [scsi_tmf_3]
(root,0,0,00:00:00/291-12:19:28,380) [mpt_poll_2]
(root,0,0,00:00:00/291-12:19:28,381) [mpt/2]
(root,0,0,00:00:00/291-12:19:28,382) [scsi_eh_4]
(root,0,0,00:00:00/291-12:19:28,383) [scsi_tmf_4]
(root,0,0,00:00:00/291-12:19:28,384) [mpt_poll_3]
(root,0,0,00:00:00/291-12:19:28,385) [mpt/3]
(root,0,0,00:00:00/291-12:19:28,386) [scsi_eh_5]
(root,0,0,00:00:00/291-12:19:28,387) [scsi_tmf_5]
(root,0,0,00:00:00/291-12:19:28,451) [kdmflush]
(root,0,0,00:00:00/291-12:19:28,452) [bioset]
(root,0,0,00:00:00/291-12:19:27,462) [kdmflush]
(root,0,0,00:00:00/291-12:19:27,463) [bioset]
(root,0,0,00:00:00/291-12:19:27,476) [bioset]
(root,0,0,00:00:00/291-12:19:27,477) [xfsalloc]
(root,0,0,00:00:00/291-12:19:27,478) [xfs_mru_cache]
(root,0,0,00:00:00/291-12:19:27,479) [xfs-buf/dm-0]
(root,0,0,00:00:00/291-12:19:27,480) [xfs-data/dm-0]
(root,0,0,00:00:00/291-12:19:27,481) [xfs-conv/dm-0]
(root,0,0,00:00:00/291-12:19:27,482) [xfs-cil/dm-0]
(root,0,0,00:00:00/291-12:19:27,483) [xfs-reclaim/dm-]
(root,0,0,00:00:00/291-12:19:27,484) [xfs-log/dm-0]
(root,0,0,00:00:00/291-12:19:27,485) [xfs-eofblocks/d]
(root,0,0,01:38:56/291-12:19:27,486) [xfsaild/dm-0]
(root,0,0,00:00:56/291-12:19:27,487) [kworker/0:1H]
(root,39572,6044,00:21:58/291-12:19:24,567) /usr/lib/systemd/systemd-journald
(root,198568,1572,00:00:03/291-12:19:24,587) /usr/sbin/lvmetad -f
(root,44800,1692,00:00:01/291-12:19:24,600) /usr/lib/systemd/systemd-udevd
(root,0,0,00:00:00/291-12:19:23,729) [xfs-buf/sda1]
(root,0,0,00:00:00/291-12:19:23,730) [xfs-data/sda1]
(root,0,0,00:00:00/291-12:19:23,731) [xfs-conv/sda1]
(root,0,0,00:00:00/291-12:19:23,732) [xfs-cil/sda1]
(root,0,0,00:00:00/291-12:19:23,733) [xfs-reclaim/sda]
(root,0,0,00:00:00/291-12:19:23,734) [xfs-log/sda1]
(root,0,0,00:00:00/291-12:19:23,735) [xfs-eofblocks/s]
(root,0,0,00:00:03/291-12:19:23,744) [xfsaild/sda1]
(root,0,0,00:00:54/291-12:19:23,768) [kworker/1:1H]
(root,55528,1072,00:05:15/291-12:19:23,769) /sbin/auditd
(root,99684,4488,00:00:00/291-12:19:22,791) /usr/bin/VGAuthService -s
(root,305176,5280,04:15:07/291-12:19:22,792) /usr/bin/vmtoolsd
(polkitd,612372,10016,00:00:15/291-12:19:22,797) /usr/lib/polkit-1/polkitd --no-debug
(root,21684,1256,00:14:44/291-12:19:22,805) /usr/sbin/irqbalance --foreground
(root,26380,1684,00:02:10/291-12:19:22,839) /usr/lib/systemd/systemd-logind
(dbus,58236,2340,00:06:10/291-12:19:22,840) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation
(ntp,25728,1932,00:03:42/291-12:19:22,851) /usr/sbin/ntpd -u ntp:ntp -g
(root,476344,8552,00:05:57/291-12:19:22,858) /usr/sbin/NetworkManager --no-daemon
(root,126288,1572,00:00:38/291-12:19:22,862) /usr/sbin/crond -n
(root,110108,804,00:00:00/291-12:19:22,865) /sbin/agetty --noclear tty1 linux
(root,218220,18720,01:12:16/291-12:19:21,1120) /opt/web/powerdns-admin/flask/bin/python3 /opt/web/powerdns-admin/flask/bin/gunicorn --workers 2 --bind unix:/opt/web/powerdns-admin/powerdns-admin.sock app:app
(root,480384,7284,00:27:50/291-12:19:21,1122) /usr/sbin/rsyslogd -n
(root,574200,17260,00:46:57/291-12:19:21,1123) /usr/bin/python2 -Es /usr/sbin/tuned -l -P
(root,112920,4356,00:06:02/291-12:19:21,1126) /usr/sbin/sshd -D
(root,27168,876,00:00:00/291-12:19:21,1160) /usr/sbin/xinetd -stayalive -pidfile /var/run/xinetd.pid
(mysql,1768440,167276,03:56:40/291-12:19:21,1226) /usr/sbin/mysqld
(root,57044,3040,00:00:02/291-12:19:21,1237) nginx: master process /usr/sbin/nginx -c /etc/nginx/nginx.conf
(root,0,0,00:00:05/51-07:21:38,1263) [veeamsnap_log]
(root,0,0,00:00:00/51-07:21:38,1264) [bioset]
(root,0,0,00:00:00/51-07:21:38,1266) [bioset]
(root,0,0,00:00:00/51-07:21:38,1267) [bioset]
(root,1202716,661244,23:52:57/291-12:19:20,1334) /usr/bin/python2 -s /usr/bin/fail2ban-server -s /var/run/fail2ban/fail2ban.sock -p /var/run/fail2ban/fail2ban.pid -x -b
(root,90356,2252,00:01:19/291-12:19:20,1412) /usr/libexec/postfix/master -w
(postfix,90636,4360,00:00:19/291-12:19:20,1452) qmgr -l -t unix -u
(root,1193852,22460,00:12:04/52-05:44:50,5783) /opt/veeam/transport/veeamtransport --run-service
(root,104896,3036,00:00:00/52-05:44:50,5790) /opt/veeam/transport/veeamtransport --run-environmentsvc 7:6
(root,168292,2192,00:09:37/52-05:44:49,5803) /opt/veeam/transport/veeamimmureposvc --subprocess --log /var/log/VeeamBackup --maxLogSize 15728640 --stdio 10:7
(root,1627728,60124,00:10:55/52-05:44:24,6189) /usr/sbin/veeamworker --pidfile /var/run/veeamservice.pid --daemon
(root,0,0,00:00:00/01:44:30,11457) [kworker/1:2]
(root,0,0,00:00:00/291-07:15:23,12620) [cifsiod]
(root,0,0,00:00:00/291-07:15:23,12621) [cifsoplockd]
(root,414432,120680,00:09:00/238-07:35:10,14055) /opt/web/powerdns-admin/flask/bin/python3 /opt/web/powerdns-admin/flask/bin/gunicorn --workers 2 --bind unix:/opt/web/powerdns-admin/powerdns-admin.sock app:app
(root,362204,68192,00:08:48/238-07:35:10,14056) /opt/web/powerdns-admin/flask/bin/python3 /opt/web/powerdns-admin/flask/bin/gunicorn --workers 2 --bind unix:/opt/web/powerdns-admin/powerdns-admin.sock app:app
(postfix,90460,4180,00:00:00/25:22,19323) pickup -l -t unix -u
(nginx,57460,2536,00:00:00/21:45:30,19694) nginx: worker process
(root,0,0,00:00:00/16:00,20326) [kworker/0:0]
(root,0,0,00:00:00/15:00,20416) [kworker/u4:2]
(pdns,1374876,24568,00:46:58/167-13:34:21,20510) /usr/sbin/pdns_server --guardian=no --daemon=no --disable-syslog --no-shuffle --log-timestamp=no --write-pid=no
(root,0,0,00:00:00/13:00,20630) [kworker/0:3]
(root,0,0,00:00:00/09:53,20934) [kworker/u4:0]
(root,0,0,00:00:00/07:59,21141) [kworker/0:1]
(root,0,0,00:00:00/04:59,21443) [kworker/0:2]
(root,0,0,00:00:00/04:12,21452) [kworker/u4:1]
(root,161528,5836,00:00:00/00:52,21845) sshd: root [priv]
(sshd,112920,2488,00:00:00/00:52,21846) sshd: root [net]
(root,114996,4604,00:00:00/00:02,21944) sshd: [accepted]
(sshd,112920,2228,00:00:00/00:02,21945) sshd: [net]
(root,113192,1588,00:00:00/00:00,22110) /bin/bash /usr/bin/check_mk_agent
(root,51752,1680,00:00:00/00:00,22126) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000
(root,13324,928,00:00:00/00:00,22127) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) /
(root,99932,2244,00:00:00/277-10:03:16,22579) /opt/veeam/deployment/veeamdeploymentsvc --run-service
(root,391024,30640,00:00:20/277-10:03:16,22581) /opt/veeam/deployment/veeamdeploymentsvc --service-process 9:8
(veeam-cd,601912,15316,01:05:13/277-10:03:16,22583) /opt/veeam/deployment/veeamdeploymentsvc --vcp-subprocess 18:17
(root,0,0,00:00:00/04:44:30,24761) [kworker/1:1]

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: ens35: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether 1e:00:d2:00:05:c4 brd ff:ff:ff:ff:ff:ff
[end_iplink]

Found on 2024-11-04 00:45

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcb76c1b6ce66f06e793f105f6bdf22204ea3a03b4e

Found public CheckMk agent:
Version: 1.5.0p7
AgentOS: linux
Hostname: master.gi-dns.com
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local

Found process list through CheckMk:
(root,191148,3936,01:11:35/272-12:12:29,1) /usr/lib/systemd/systemd --switched-root --system --deserialize 22
(root,0,0,00:00:05/272-12:12:29,2) [kthreadd]
(root,0,0,00:00:00/272-12:12:29,4) [kworker/0:0H]
(root,0,0,00:09:37/272-12:12:29,6) [ksoftirqd/0]
(root,0,0,00:01:10/272-12:12:29,7) [migration/0]
(root,0,0,00:00:00/272-12:12:29,8) [rcu_bh]
(root,0,0,08:56:31/272-12:12:29,9) [rcu_sched]
(root,0,0,00:00:00/272-12:12:29,10) [lru-add-drain]
(root,0,0,00:01:35/272-12:12:29,11) [watchdog/0]
(root,0,0,00:01:13/272-12:12:29,12) [watchdog/1]
(root,0,0,00:01:14/272-12:12:29,13) [migration/1]
(root,0,0,00:00:52/272-12:12:29,14) [ksoftirqd/1]
(root,0,0,00:00:00/272-12:12:29,16) [kworker/1:0H]
(root,0,0,00:00:00/272-12:12:29,18) [kdevtmpfs]
(root,0,0,00:00:00/272-12:12:29,19) [netns]
(root,0,0,00:00:15/272-12:12:29,20) [khungtaskd]
(root,0,0,00:00:00/272-12:12:29,21) [writeback]
(root,0,0,00:00:00/272-12:12:29,22) [kintegrityd]
(root,0,0,00:00:00/272-12:12:29,23) [bioset]
(root,0,0,00:00:00/272-12:12:29,24) [bioset]
(root,0,0,00:00:00/272-12:12:29,25) [bioset]
(root,0,0,00:00:00/272-12:12:29,26) [kblockd]
(root,0,0,00:00:00/272-12:12:29,27) [md]
(root,0,0,00:00:00/272-12:12:29,28) [edac-poller]
(root,0,0,00:00:00/272-12:12:29,29) [watchdogd]
(root,0,0,00:00:04/272-12:12:29,36) [kswapd0]
(root,0,0,00:00:00/272-12:12:29,37) [ksmd]
(root,0,0,00:01:05/272-12:12:29,38) [khugepaged]
(root,0,0,00:00:00/272-12:12:29,39) [crypto]
(root,0,0,00:00:00/272-12:12:29,47) [kthrotld]
(root,0,0,00:00:00/272-12:12:29,49) [kmpath_rdacd]
(root,0,0,00:00:00/272-12:12:29,50) [kaluad]
(root,0,0,00:00:00/272-12:12:29,51) [kpsmoused]
(root,0,0,00:00:00/272-12:12:29,53) [ipv6_addrconf]
(root,0,0,00:00:00/272-12:12:29,66) [deferwq]
(root,0,0,00:00:58/272-12:12:29,101) [kauditd]
(root,0,0,00:00:00/272-12:12:28,280) [ata_sff]
(root,0,0,00:00:00/272-12:12:28,281) [mpt_poll_0]
(root,0,0,00:00:00/272-12:12:28,282) [nfit]
(root,0,0,00:00:00/272-12:12:28,283) [mpt/0]
(root,0,0,00:00:00/272-12:12:28,311) [scsi_eh_0]
(root,0,0,00:00:00/272-12:12:28,312) [scsi_tmf_0]
(root,0,0,00:00:00/272-12:12:28,353) [scsi_eh_1]
(root,0,0,00:00:00/272-12:12:28,354) [scsi_tmf_1]
(root,0,0,00:00:00/272-12:12:28,356) [scsi_eh_2]
(root,0,0,00:00:00/272-12:12:28,357) [scsi_tmf_2]
(root,0,0,00:44:03/272-12:12:28,360) [irq/16-vmwgfx]
(root,0,0,00:00:00/272-12:12:28,365) [ttm_swap]
(root,0,0,00:00:00/272-12:12:28,374) [mpt_poll_1]
(root,0,0,00:00:00/272-12:12:28,375) [mpt/1]
(root,0,0,00:00:00/272-12:12:28,378) [scsi_eh_3]
(root,0,0,00:00:00/272-12:12:28,379) [scsi_tmf_3]
(root,0,0,00:00:00/272-12:12:28,380) [mpt_poll_2]
(root,0,0,00:00:00/272-12:12:28,381) [mpt/2]
(root,0,0,00:00:00/272-12:12:28,382) [scsi_eh_4]
(root,0,0,00:00:00/272-12:12:28,383) [scsi_tmf_4]
(root,0,0,00:00:00/272-12:12:28,384) [mpt_poll_3]
(root,0,0,00:00:00/272-12:12:28,385) [mpt/3]
(root,0,0,00:00:00/272-12:12:28,386) [scsi_eh_5]
(root,0,0,00:00:00/272-12:12:28,387) [scsi_tmf_5]
(root,0,0,00:00:00/272-12:12:28,451) [kdmflush]
(root,0,0,00:00:00/272-12:12:28,452) [bioset]
(root,0,0,00:00:00/272-12:12:27,462) [kdmflush]
(root,0,0,00:00:00/272-12:12:27,463) [bioset]
(root,0,0,00:00:00/272-12:12:27,476) [bioset]
(root,0,0,00:00:00/272-12:12:27,477) [xfsalloc]
(root,0,0,00:00:00/272-12:12:27,478) [xfs_mru_cache]
(root,0,0,00:00:00/272-12:12:27,479) [xfs-buf/dm-0]
(root,0,0,00:00:00/272-12:12:27,480) [xfs-data/dm-0]
(root,0,0,00:00:00/272-12:12:27,481) [xfs-conv/dm-0]
(root,0,0,00:00:00/272-12:12:27,482) [xfs-cil/dm-0]
(root,0,0,00:00:00/272-12:12:27,483) [xfs-reclaim/dm-]
(root,0,0,00:00:00/272-12:12:27,484) [xfs-log/dm-0]
(root,0,0,00:00:00/272-12:12:27,485) [xfs-eofblocks/d]
(root,0,0,01:32:09/272-12:12:27,486) [xfsaild/dm-0]
(root,0,0,00:00:52/272-12:12:27,487) [kworker/0:1H]
(root,55936,17940,00:20:42/272-12:12:24,567) /usr/lib/systemd/systemd-journald
(root,198568,1560,00:00:02/272-12:12:24,587) /usr/sbin/lvmetad -f
(root,44800,1692,00:00:01/272-12:12:24,600) /usr/lib/systemd/systemd-udevd
(root,0,0,00:00:00/272-12:12:23,729) [xfs-buf/sda1]
(root,0,0,00:00:00/272-12:12:23,730) [xfs-data/sda1]
(root,0,0,00:00:00/272-12:12:23,731) [xfs-conv/sda1]
(root,0,0,00:00:00/272-12:12:23,732) [xfs-cil/sda1]
(root,0,0,00:00:00/272-12:12:23,733) [xfs-reclaim/sda]
(root,0,0,00:00:00/272-12:12:23,734) [xfs-log/sda1]
(root,0,0,00:00:00/272-12:12:23,735) [xfs-eofblocks/s]
(root,0,0,00:00:03/272-12:12:23,744) [xfsaild/sda1]
(root,0,0,00:00:51/272-12:12:23,768) [kworker/1:1H]
(root,55528,1072,00:04:58/272-12:12:23,769) /sbin/auditd
(root,99684,4488,00:00:00/272-12:12:22,791) /usr/bin/VGAuthService -s
(root,305176,5280,03:56:23/272-12:12:22,792) /usr/bin/vmtoolsd
(polkitd,612372,10016,00:00:14/272-12:12:22,797) /usr/lib/polkit-1/polkitd --no-debug
(root,21684,1256,00:13:41/272-12:12:22,805) /usr/sbin/irqbalance --foreground
(root,26380,1684,00:02:01/272-12:12:22,839) /usr/lib/systemd/systemd-logind
(dbus,58236,2340,00:05:46/272-12:12:22,840) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation
(ntp,25728,1928,00:03:27/272-12:12:22,851) /usr/sbin/ntpd -u ntp:ntp -g
(root,476344,8552,00:05:33/272-12:12:22,858) /usr/sbin/NetworkManager --no-daemon
(root,126288,1572,00:00:35/272-12:12:22,862) /usr/sbin/crond -n
(root,110108,804,00:00:00/272-12:12:22,865) /sbin/agetty --noclear tty1 linux
(postfix,90460,4176,00:00:00/53:16,1067) pickup -l -t unix -u
(root,218220,18720,01:07:15/272-12:12:21,1120) /opt/web/powerdns-admin/flask/bin/python3 /opt/web/powerdns-admin/flask/bin/gunicorn --workers 2 --bind unix:/opt/web/powerdns-admin/powerdns-admin.sock app:app
(root,483188,13524,00:25:58/272-12:12:21,1122) /usr/sbin/rsyslogd -n
(root,574200,17260,00:43:38/272-12:12:21,1123) /usr/bin/python2 -Es /usr/sbin/tuned -l -P
(root,112920,4356,00:05:41/272-12:12:21,1126) /usr/sbin/sshd -D
(root,27168,876,00:00:00/272-12:12:21,1160) /usr/sbin/xinetd -stayalive -pidfile /var/run/xinetd.pid
(mysql,1768440,167112,03:41:17/272-12:12:21,1226) /usr/sbin/mysqld
(root,57076,3040,00:00:01/272-12:12:21,1237) nginx: master process /usr/sbin/nginx -c /etc/nginx/nginx.conf
(root,0,0,00:00:03/32-07:14:38,1263) [veeamsnap_log]
(root,0,0,00:00:00/32-07:14:38,1264) [bioset]
(root,0,0,00:00:00/32-07:14:38,1266) [bioset]
(root,0,0,00:00:00/32-07:14:38,1267) [bioset]
(root,1206184,635164,23:28:19/272-12:12:20,1334) /usr/bin/python2 -s /usr/bin/fail2ban-server -s /var/run/fail2ban/fail2ban.sock -p /var/run/fail2ban/fail2ban.pid -x -b
(root,90356,2252,00:01:13/272-12:12:20,1412) /usr/libexec/postfix/master -w
(postfix,90636,4360,00:00:17/272-12:12:20,1452) qmgr -l -t unix -u
(root,0,0,00:00:00/18:32,4307) [kworker/1:0]
(root,0,0,00:00:00/12:19,4852) [kworker/u4:2]
(root,0,0,00:00:00/08:29,5215) [kworker/0:1]
(root,0,0,00:00:00/08:01,5216) [kworker/1:1]
(root,0,0,00:00:00/07:15,5312) [kworker/u4:0]
(root,0,0,00:00:00/03:28,5679) [kworker/0:0]
(root,0,0,00:00:00/02:30,5769) [kworker/1:2]
(root,1193852,21360,00:07:47/33-05:37:50,5783) /opt/veeam/transport/veeamtransport --run-service
(root,104896,3036,00:00:00/33-05:37:50,5790) /opt/veeam/transport/veeamtransport --run-environmentsvc 7:6
(root,168292,2192,00:06:06/33-05:37:49,5803) /opt/veeam/transport/veeamimmureposvc --subprocess --log /var/log/VeeamBackup --maxLogSize 15728640 --stdio 10:7
(root,113320,1756,00:00:00/00:00,5962) /bin/bash /usr/bin/check_mk_agent
(root,113320,1624,00:00:00/00:00,6002) /bin/bash /usr/bin/check_mk_agent
(root,113192,1588,00:00:00/00:00,6068) /bin/bash /usr/bin/check_mk_agent
(root,51752,1680,00:00:00/00:00,6110) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000
(root,13324,924,00:00:00/00:00,6111) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) /
(root,1627728,59752,00:07:10/33-05:37:24,6189) /usr/sbin/veeamworker --pidfile /var/run/veeamservice.pid --daemon
(nginx,57476,3980,00:00:00/22:38:30,9070) nginx: worker process
(root,0,0,00:00:00/272-07:08:23,12620) [cifsiod]
(root,0,0,00:00:00/272-07:08:23,12621) [cifsoplockd]
(root,414432,120680,00:08:22/219-07:28:10,14055) /opt/web/powerdns-admin/flask/bin/python3 /opt/web/powerdns-admin/flask/bin/gunicorn --workers 2 --bind unix:/opt/web/powerdns-admin/powerdns-admin.sock app:app
(root,361840,67808,00:08:11/219-07:28:10,14056) /opt/web/powerdns-admin/flask/bin/python3 /opt/web/powerdns-admin/flask/bin/gunicorn --workers 2 --bind unix:/opt/web/powerdns-admin/powerdns-admin.sock app:app
(pdns,1374876,24488,00:41:22/148-13:27:21,20510) /usr/sbin/pdns_server --guardian=no --daemon=no --disable-syslog --no-shuffle --log-timestamp=no --write-pid=no
(root,99932,2244,00:00:00/258-09:56:16,22579) /opt/veeam/deployment/veeamdeploymentsvc --run-service
(root,391024,30640,00:00:19/258-09:56:16,22581) /opt/veeam/deployment/veeamdeploymentsvc --service-process 9:8
(veeam-cd,601912,15316,01:00:14/258-09:56:16,22583) /opt/veeam/deployment/veeamdeploymentsvc --vcp-subprocess 18:17
(root,0,0,00:00:34/07:48:05,27125) [kworker/0:2]

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: ens35: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether 1e:00:d2:00:05:c4 brd ff:ff:ff:ff:ff:ff
[end_iplink]

Found on 2024-10-16 00:38

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcb76c1b6ce66f06e793f105f6bdf22204ee0487887

Found public CheckMk agent:
Version: 1.5.0p7
AgentOS: linux
Hostname: master.gi-dns.com
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local

Found process list through CheckMk:
(root,191148,3936,01:10:52/270-11:00:02,1) /usr/lib/systemd/systemd --switched-root --system --deserialize 22
(root,0,0,00:00:05/270-11:00:02,2) [kthreadd]
(root,0,0,00:00:00/270-11:00:02,4) [kworker/0:0H]
(root,0,0,00:09:34/270-11:00:02,6) [ksoftirqd/0]
(root,0,0,00:01:09/270-11:00:02,7) [migration/0]
(root,0,0,00:00:00/270-11:00:02,8) [rcu_bh]
(root,0,0,08:53:24/270-11:00:02,9) [rcu_sched]
(root,0,0,00:00:00/270-11:00:02,10) [lru-add-drain]
(root,0,0,00:01:34/270-11:00:02,11) [watchdog/0]
(root,0,0,00:01:13/270-11:00:02,12) [watchdog/1]
(root,0,0,00:01:13/270-11:00:02,13) [migration/1]
(root,0,0,00:00:51/270-11:00:02,14) [ksoftirqd/1]
(root,0,0,00:00:00/270-11:00:02,16) [kworker/1:0H]
(root,0,0,00:00:00/270-11:00:02,18) [kdevtmpfs]
(root,0,0,00:00:00/270-11:00:02,19) [netns]
(root,0,0,00:00:14/270-11:00:02,20) [khungtaskd]
(root,0,0,00:00:00/270-11:00:02,21) [writeback]
(root,0,0,00:00:00/270-11:00:02,22) [kintegrityd]
(root,0,0,00:00:00/270-11:00:02,23) [bioset]
(root,0,0,00:00:00/270-11:00:02,24) [bioset]
(root,0,0,00:00:00/270-11:00:02,25) [bioset]
(root,0,0,00:00:00/270-11:00:02,26) [kblockd]
(root,0,0,00:00:00/270-11:00:02,27) [md]
(root,0,0,00:00:00/270-11:00:02,28) [edac-poller]
(root,0,0,00:00:00/270-11:00:02,29) [watchdogd]
(root,0,0,00:00:04/270-11:00:02,36) [kswapd0]
(root,0,0,00:00:00/270-11:00:02,37) [ksmd]
(root,0,0,00:01:04/270-11:00:02,38) [khugepaged]
(root,0,0,00:00:00/270-11:00:02,39) [crypto]
(root,0,0,00:00:00/270-11:00:02,47) [kthrotld]
(root,0,0,00:00:00/270-11:00:02,49) [kmpath_rdacd]
(root,0,0,00:00:00/270-11:00:02,50) [kaluad]
(root,0,0,00:00:00/270-11:00:02,51) [kpsmoused]
(root,0,0,00:00:00/270-11:00:02,53) [ipv6_addrconf]
(root,0,0,00:00:00/270-11:00:02,66) [deferwq]
(root,0,0,00:00:58/270-11:00:02,101) [kauditd]
(root,0,0,00:00:00/270-11:00:01,280) [ata_sff]
(root,0,0,00:00:00/270-11:00:01,281) [mpt_poll_0]
(root,0,0,00:00:00/270-11:00:01,282) [nfit]
(root,0,0,00:00:00/270-11:00:01,283) [mpt/0]
(root,0,0,00:00:00/270-11:00:01,311) [scsi_eh_0]
(root,0,0,00:00:00/270-11:00:01,312) [scsi_tmf_0]
(root,0,0,00:00:00/270-11:00:01,353) [scsi_eh_1]
(root,0,0,00:00:00/270-11:00:01,354) [scsi_tmf_1]
(root,0,0,00:00:00/270-11:00:01,356) [scsi_eh_2]
(root,0,0,00:00:00/270-11:00:01,357) [scsi_tmf_2]
(root,0,0,00:43:44/270-11:00:01,360) [irq/16-vmwgfx]
(root,0,0,00:00:00/270-11:00:01,365) [ttm_swap]
(root,0,0,00:00:00/270-11:00:01,374) [mpt_poll_1]
(root,0,0,00:00:00/270-11:00:01,375) [mpt/1]
(root,0,0,00:00:00/270-11:00:01,378) [scsi_eh_3]
(root,0,0,00:00:00/270-11:00:01,379) [scsi_tmf_3]
(root,0,0,00:00:00/270-11:00:01,380) [mpt_poll_2]
(root,0,0,00:00:00/270-11:00:01,381) [mpt/2]
(root,0,0,00:00:00/270-11:00:01,382) [scsi_eh_4]
(root,0,0,00:00:00/270-11:00:01,383) [scsi_tmf_4]
(root,0,0,00:00:00/270-11:00:01,384) [mpt_poll_3]
(root,0,0,00:00:00/270-11:00:01,385) [mpt/3]
(root,0,0,00:00:00/270-11:00:01,386) [scsi_eh_5]
(root,0,0,00:00:00/270-11:00:01,387) [scsi_tmf_5]
(root,0,0,00:00:00/270-11:00:01,451) [kdmflush]
(root,0,0,00:00:00/270-11:00:01,452) [bioset]
(root,0,0,00:00:00/270-11:00:00,462) [kdmflush]
(root,0,0,00:00:00/270-11:00:00,463) [bioset]
(root,0,0,00:00:00/270-11:00:00,476) [bioset]
(root,0,0,00:00:00/270-11:00:00,477) [xfsalloc]
(root,0,0,00:00:00/270-11:00:00,478) [xfs_mru_cache]
(root,0,0,00:00:00/270-11:00:00,479) [xfs-buf/dm-0]
(root,0,0,00:00:00/270-11:00:00,480) [xfs-data/dm-0]
(root,0,0,00:00:00/270-11:00:00,481) [xfs-conv/dm-0]
(root,0,0,00:00:00/270-11:00:00,482) [xfs-cil/dm-0]
(root,0,0,00:00:00/270-11:00:00,483) [xfs-reclaim/dm-]
(root,0,0,00:00:00/270-11:00:00,484) [xfs-log/dm-0]
(root,0,0,00:00:00/270-11:00:00,485) [xfs-eofblocks/d]
(root,0,0,01:31:25/270-11:00:00,486) [xfsaild/dm-0]
(root,0,0,00:00:51/270-11:00:00,487) [kworker/0:1H]
(root,39568,4888,00:20:37/270-10:59:57,567) /usr/lib/systemd/systemd-journald
(root,198568,1556,00:00:02/270-10:59:57,587) /usr/sbin/lvmetad -f
(root,44800,1692,00:00:01/270-10:59:57,600) /usr/lib/systemd/systemd-udevd
(root,0,0,00:00:00/270-10:59:56,729) [xfs-buf/sda1]
(root,0,0,00:00:00/270-10:59:56,730) [xfs-data/sda1]
(root,0,0,00:00:00/270-10:59:56,731) [xfs-conv/sda1]
(root,0,0,00:00:00/270-10:59:56,732) [xfs-cil/sda1]
(root,0,0,00:00:00/270-10:59:56,733) [xfs-reclaim/sda]
(root,0,0,00:00:00/270-10:59:56,734) [xfs-log/sda1]
(root,0,0,00:00:00/270-10:59:56,735) [xfs-eofblocks/s]
(root,0,0,00:00:03/270-10:59:56,744) [xfsaild/sda1]
(root,0,0,00:00:51/270-10:59:56,768) [kworker/1:1H]
(root,55528,1072,00:04:56/270-10:59:56,769) /sbin/auditd
(root,99684,4488,00:00:00/270-10:59:55,791) /usr/bin/VGAuthService -s
(root,305176,5280,03:54:21/270-10:59:55,792) /usr/bin/vmtoolsd
(polkitd,612372,10016,00:00:14/270-10:59:55,797) /usr/lib/polkit-1/polkitd --no-debug
(root,21684,1256,00:13:35/270-10:59:55,805) /usr/sbin/irqbalance --foreground
(root,26380,1684,00:02:00/270-10:59:55,839) /usr/lib/systemd/systemd-logind
(dbus,58236,2340,00:05:43/270-10:59:55,840) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation
(ntp,25728,1928,00:03:25/270-10:59:55,851) /usr/sbin/ntpd -u ntp:ntp -g
(root,476344,8552,00:05:30/270-10:59:55,858) /usr/sbin/NetworkManager --no-daemon
(root,126288,1572,00:00:35/270-10:59:55,862) /usr/sbin/crond -n
(root,110108,804,00:00:00/270-10:59:55,865) /sbin/agetty --noclear tty1 linux
(root,218220,18720,01:06:42/270-10:59:54,1120) /opt/web/powerdns-admin/flask/bin/python3 /opt/web/powerdns-admin/flask/bin/gunicorn --workers 2 --bind unix:/opt/web/powerdns-admin/powerdns-admin.sock app:app
(root,466804,6200,00:25:47/270-10:59:54,1122) /usr/sbin/rsyslogd -n
(root,574200,17260,00:43:16/270-10:59:54,1123) /usr/bin/python2 -Es /usr/sbin/tuned -l -P
(root,112920,4356,00:05:40/270-10:59:54,1126) /usr/sbin/sshd -D
(root,27168,876,00:00:00/270-10:59:54,1160) /usr/sbin/xinetd -stayalive -pidfile /var/run/xinetd.pid
(mysql,1768440,167084,03:39:28/270-10:59:54,1226) /usr/sbin/mysqld
(root,57076,3040,00:00:01/270-10:59:54,1237) nginx: master process /usr/sbin/nginx -c /etc/nginx/nginx.conf
(root,0,0,00:00:03/30-06:02:11,1263) [veeamsnap_log]
(root,0,0,00:00:00/30-06:02:11,1264) [bioset]
(root,0,0,00:00:00/30-06:02:11,1266) [bioset]
(root,0,0,00:00:00/30-06:02:11,1267) [bioset]
(root,1188780,628316,23:26:51/270-10:59:53,1334) /usr/bin/python2 -s /usr/bin/fail2ban-server -s /var/run/fail2ban/fail2ban.sock -p /var/run/fail2ban/fail2ban.pid -x -b
(root,90356,2252,00:01:13/270-10:59:53,1412) /usr/libexec/postfix/master -w
(postfix,90636,4360,00:00:17/270-10:59:53,1452) qmgr -l -t unix -u
(nginx,57476,2508,00:00:00/21:26:03,2650) nginx: worker process
(root,1193852,21324,00:07:18/31-04:25:23,5783) /opt/veeam/transport/veeamtransport --run-service
(root,104896,3036,00:00:00/31-04:25:23,5790) /opt/veeam/transport/veeamtransport --run-environmentsvc 7:6
(root,168292,2192,00:05:43/31-04:25:22,5803) /opt/veeam/transport/veeamimmureposvc --subprocess --log /var/log/VeeamBackup --maxLogSize 15728640 --stdio 10:7
(root,1627728,60392,00:06:51/31-04:24:57,6189) /usr/sbin/veeamworker --pidfile /var/run/veeamservice.pid --daemon
(root,0,0,00:00:00/270-05:55:56,12620) [cifsiod]
(root,0,0,00:00:00/270-05:55:56,12621) [cifsoplockd]
(root,414432,120680,00:08:14/217-06:15:43,14055) /opt/web/powerdns-admin/flask/bin/python3 /opt/web/powerdns-admin/flask/bin/gunicorn --workers 2 --bind unix:/opt/web/powerdns-admin/powerdns-admin.sock app:app
(root,362720,68704,00:08:05/217-06:15:43,14056) /opt/web/powerdns-admin/flask/bin/python3 /opt/web/powerdns-admin/flask/bin/gunicorn --workers 2 --bind unix:/opt/web/powerdns-admin/powerdns-admin.sock app:app
(root,0,0,00:00:02/06:34:26,19438) [kworker/1:2]
(pdns,1374876,24456,00:40:45/146-12:14:54,20510) /usr/sbin/pdns_server --guardian=no --daemon=no --disable-syslog --no-shuffle --log-timestamp=no --write-pid=no
(root,0,0,00:00:00/23:24,21601) [kworker/0:0]
(root,0,0,00:00:00/18:29,22122) [kworker/u4:1]
(root,99932,2244,00:00:00/256-08:43:49,22579) /opt/veeam/deployment/veeamdeploymentsvc --run-service
(root,391024,30640,00:00:19/256-08:43:49,22581) /opt/veeam/deployment/veeamdeploymentsvc --service-process 9:8
(veeam-cd,601912,15316,00:59:40/256-08:43:49,22583) /opt/veeam/deployment/veeamdeploymentsvc --vcp-subprocess 18:17
(root,0,0,00:00:00/12:52,22686) [kworker/0:1]
(root,0,0,00:00:00/08:04,23141) [kworker/1:0]
(root,0,0,00:00:00/07:21,23231) [kworker/0:2]
(root,0,0,00:00:00/07:14,23232) [kworker/u4:2]
(root,0,0,00:00:00/03:03,23611) [kworker/1:1]
(root,0,0,00:00:00/01:38,23790) [kworker/u4:0]
(postfix,90460,4176,00:00:00/00:23,23896) pickup -l -t unix -u
(root,112920,4292,00:00:00/00:12,23908) sshd: [accepted]
(sshd,112920,2228,00:00:00/00:12,23910) sshd: [net]
(root,113192,1588,00:00:00/00:00,24082) /bin/bash /usr/bin/check_mk_agent
(root,51752,1680,00:00:00/00:00,24098) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000
(root,13324,928,00:00:00/00:00,24099) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) /

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: ens35: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether 1e:00:d2:00:05:c4 brd ff:ff:ff:ff:ff:ff
[end_iplink]

Found on 2024-10-13 23:26

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcb76c1b6ce66f06e793f105f6bdf22204ef2b13faa

Found public CheckMk agent:
Version: 1.5.0p7
AgentOS: linux
Hostname: master.gi-dns.com
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local

Found process list through CheckMk:
(root,191148,3936,01:10:10/268-11:02:03,1) /usr/lib/systemd/systemd --switched-root --system --deserialize 22
(root,0,0,00:00:05/268-11:02:03,2) [kthreadd]
(root,0,0,00:00:00/268-11:02:03,4) [kworker/0:0H]
(root,0,0,00:09:31/268-11:02:03,6) [ksoftirqd/0]
(root,0,0,00:01:09/268-11:02:03,7) [migration/0]
(root,0,0,00:00:00/268-11:02:03,8) [rcu_bh]
(root,0,0,08:50:06/268-11:02:03,9) [rcu_sched]
(root,0,0,00:00:00/268-11:02:03,10) [lru-add-drain]
(root,0,0,00:01:33/268-11:02:03,11) [watchdog/0]
(root,0,0,00:01:12/268-11:02:03,12) [watchdog/1]
(root,0,0,00:01:13/268-11:02:03,13) [migration/1]
(root,0,0,00:00:51/268-11:02:03,14) [ksoftirqd/1]
(root,0,0,00:00:00/268-11:02:03,16) [kworker/1:0H]
(root,0,0,00:00:00/268-11:02:03,18) [kdevtmpfs]
(root,0,0,00:00:00/268-11:02:03,19) [netns]
(root,0,0,00:00:14/268-11:02:03,20) [khungtaskd]
(root,0,0,00:00:00/268-11:02:03,21) [writeback]
(root,0,0,00:00:00/268-11:02:03,22) [kintegrityd]
(root,0,0,00:00:00/268-11:02:03,23) [bioset]
(root,0,0,00:00:00/268-11:02:03,24) [bioset]
(root,0,0,00:00:00/268-11:02:03,25) [bioset]
(root,0,0,00:00:00/268-11:02:03,26) [kblockd]
(root,0,0,00:00:00/268-11:02:03,27) [md]
(root,0,0,00:00:00/268-11:02:03,28) [edac-poller]
(root,0,0,00:00:00/268-11:02:03,29) [watchdogd]
(root,0,0,00:00:04/268-11:02:03,36) [kswapd0]
(root,0,0,00:00:00/268-11:02:03,37) [ksmd]
(root,0,0,00:01:04/268-11:02:03,38) [khugepaged]
(root,0,0,00:00:00/268-11:02:03,39) [crypto]
(root,0,0,00:00:00/268-11:02:03,47) [kthrotld]
(root,0,0,00:00:00/268-11:02:03,49) [kmpath_rdacd]
(root,0,0,00:00:00/268-11:02:03,50) [kaluad]
(root,0,0,00:00:00/268-11:02:03,51) [kpsmoused]
(root,0,0,00:00:00/268-11:02:03,53) [ipv6_addrconf]
(root,0,0,00:00:00/268-11:02:03,66) [deferwq]
(root,0,0,00:00:58/268-11:02:03,101) [kauditd]
(root,0,0,00:00:00/268-11:02:02,280) [ata_sff]
(root,0,0,00:00:00/268-11:02:02,281) [mpt_poll_0]
(root,0,0,00:00:00/268-11:02:02,282) [nfit]
(root,0,0,00:00:00/268-11:02:02,283) [mpt/0]
(root,0,0,00:00:00/268-11:02:02,311) [scsi_eh_0]
(root,0,0,00:00:00/268-11:02:02,312) [scsi_tmf_0]
(root,0,0,00:00:00/268-11:02:02,353) [scsi_eh_1]
(root,0,0,00:00:00/268-11:02:02,354) [scsi_tmf_1]
(root,0,0,00:00:00/268-11:02:02,356) [scsi_eh_2]
(root,0,0,00:00:00/268-11:02:02,357) [scsi_tmf_2]
(root,0,0,00:43:26/268-11:02:02,360) [irq/16-vmwgfx]
(root,0,0,00:00:00/268-11:02:02,365) [ttm_swap]
(root,0,0,00:00:00/268-11:02:02,374) [mpt_poll_1]
(root,0,0,00:00:00/268-11:02:02,375) [mpt/1]
(root,0,0,00:00:00/268-11:02:02,378) [scsi_eh_3]
(root,0,0,00:00:00/268-11:02:02,379) [scsi_tmf_3]
(root,0,0,00:00:00/268-11:02:02,380) [mpt_poll_2]
(root,0,0,00:00:00/268-11:02:02,381) [mpt/2]
(root,0,0,00:00:00/268-11:02:02,382) [scsi_eh_4]
(root,0,0,00:00:00/268-11:02:02,383) [scsi_tmf_4]
(root,0,0,00:00:00/268-11:02:02,384) [mpt_poll_3]
(root,0,0,00:00:00/268-11:02:02,385) [mpt/3]
(root,0,0,00:00:00/268-11:02:02,386) [scsi_eh_5]
(root,0,0,00:00:00/268-11:02:02,387) [scsi_tmf_5]
(root,0,0,00:00:00/268-11:02:02,451) [kdmflush]
(root,0,0,00:00:00/268-11:02:02,452) [bioset]
(root,0,0,00:00:00/268-11:02:01,462) [kdmflush]
(root,0,0,00:00:00/268-11:02:01,463) [bioset]
(root,0,0,00:00:00/268-11:02:01,476) [bioset]
(root,0,0,00:00:00/268-11:02:01,477) [xfsalloc]
(root,0,0,00:00:00/268-11:02:01,478) [xfs_mru_cache]
(root,0,0,00:00:00/268-11:02:01,479) [xfs-buf/dm-0]
(root,0,0,00:00:00/268-11:02:01,480) [xfs-data/dm-0]
(root,0,0,00:00:00/268-11:02:01,481) [xfs-conv/dm-0]
(root,0,0,00:00:00/268-11:02:01,482) [xfs-cil/dm-0]
(root,0,0,00:00:00/268-11:02:01,483) [xfs-reclaim/dm-]
(root,0,0,00:00:00/268-11:02:01,484) [xfs-log/dm-0]
(root,0,0,00:00:00/268-11:02:01,485) [xfs-eofblocks/d]
(root,0,0,01:30:41/268-11:02:01,486) [xfsaild/dm-0]
(root,0,0,00:00:51/268-11:02:01,487) [kworker/0:1H]
(root,39568,9240,00:20:33/268-11:01:58,567) /usr/lib/systemd/systemd-journald
(root,198568,1556,00:00:02/268-11:01:58,587) /usr/sbin/lvmetad -f
(root,44800,1692,00:00:01/268-11:01:58,600) /usr/lib/systemd/systemd-udevd
(root,0,0,00:00:00/268-11:01:57,729) [xfs-buf/sda1]
(root,0,0,00:00:00/268-11:01:57,730) [xfs-data/sda1]
(root,0,0,00:00:00/268-11:01:57,731) [xfs-conv/sda1]
(root,0,0,00:00:00/268-11:01:57,732) [xfs-cil/sda1]
(root,0,0,00:00:00/268-11:01:57,733) [xfs-reclaim/sda]
(root,0,0,00:00:00/268-11:01:57,734) [xfs-log/sda1]
(root,0,0,00:00:00/268-11:01:57,735) [xfs-eofblocks/s]
(root,0,0,00:00:03/268-11:01:57,744) [xfsaild/sda1]
(root,0,0,00:00:51/268-11:01:57,768) [kworker/1:1H]
(root,55528,1072,00:04:56/268-11:01:57,769) /sbin/auditd
(root,99684,4488,00:00:00/268-11:01:56,791) /usr/bin/VGAuthService -s
(root,305176,5280,03:52:20/268-11:01:56,792) /usr/bin/vmtoolsd
(polkitd,612372,10016,00:00:14/268-11:01:56,797) /usr/lib/polkit-1/polkitd --no-debug
(root,21684,1256,00:13:28/268-11:01:56,805) /usr/sbin/irqbalance --foreground
(root,26380,1684,00:01:59/268-11:01:56,839) /usr/lib/systemd/systemd-logind
(dbus,58236,2340,00:05:40/268-11:01:56,840) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation
(ntp,25728,1928,00:03:23/268-11:01:56,851) /usr/sbin/ntpd -u ntp:ntp -g
(root,476344,8552,00:05:28/268-11:01:56,858) /usr/sbin/NetworkManager --no-daemon
(root,126288,1572,00:00:35/268-11:01:56,862) /usr/sbin/crond -n
(root,110108,804,00:00:00/268-11:01:56,865) /sbin/agetty --noclear tty1 linux
(root,218220,18720,01:06:10/268-11:01:55,1120) /opt/web/powerdns-admin/flask/bin/python3 /opt/web/powerdns-admin/flask/bin/gunicorn --workers 2 --bind unix:/opt/web/powerdns-admin/powerdns-admin.sock app:app
(root,466652,9932,00:25:37/268-11:01:55,1122) /usr/sbin/rsyslogd -n
(root,574200,17260,00:42:55/268-11:01:55,1123) /usr/bin/python2 -Es /usr/sbin/tuned -l -P
(root,112920,4356,00:05:39/268-11:01:55,1126) /usr/sbin/sshd -D
(root,27168,876,00:00:00/268-11:01:55,1160) /usr/sbin/xinetd -stayalive -pidfile /var/run/xinetd.pid
(mysql,1768440,167084,03:37:52/268-11:01:55,1226) /usr/sbin/mysqld
(root,57076,3040,00:00:01/268-11:01:55,1237) nginx: master process /usr/sbin/nginx -c /etc/nginx/nginx.conf
(root,0,0,00:00:03/28-06:04:12,1263) [veeamsnap_log]
(root,0,0,00:00:00/28-06:04:12,1264) [bioset]
(root,0,0,00:00:00/28-06:04:12,1266) [bioset]
(root,0,0,00:00:00/28-06:04:12,1267) [bioset]
(root,1196564,631140,23:25:35/268-11:01:54,1334) /usr/bin/python2 -s /usr/bin/fail2ban-server -s /var/run/fail2ban/fail2ban.sock -p /var/run/fail2ban/fail2ban.pid -x -b
(root,90356,2252,00:01:12/268-11:01:54,1412) /usr/libexec/postfix/master -w
(postfix,90636,4360,00:00:17/268-11:01:54,1452) qmgr -l -t unix -u
(root,1193852,21316,00:06:50/29-04:27:24,5783) /opt/veeam/transport/veeamtransport --run-service
(root,104896,3036,00:00:00/29-04:27:24,5790) /opt/veeam/transport/veeamtransport --run-environmentsvc 7:6
(root,168292,2192,00:05:21/29-04:27:23,5803) /opt/veeam/transport/veeamimmureposvc --subprocess --log /var/log/VeeamBackup --maxLogSize 15728640 --stdio 10:7
(root,1627728,58956,00:06:32/29-04:26:58,6189) /usr/sbin/veeamworker --pidfile /var/run/veeamservice.pid --daemon
(root,0,0,00:00:00/268-05:57:57,12620) [cifsiod]
(root,0,0,00:00:00/268-05:57:57,12621) [cifsoplockd]
(root,414432,120680,00:08:11/215-06:17:44,14055) /opt/web/powerdns-admin/flask/bin/python3 /opt/web/powerdns-admin/flask/bin/gunicorn --workers 2 --bind unix:/opt/web/powerdns-admin/powerdns-admin.sock app:app
(root,362720,68704,00:08:02/215-06:17:44,14056) /opt/web/powerdns-admin/flask/bin/python3 /opt/web/powerdns-admin/flask/bin/gunicorn --workers 2 --bind unix:/opt/web/powerdns-admin/powerdns-admin.sock app:app
(root,0,0,00:00:00/49:11,14118) [kworker/u4:1]
(root,0,0,00:00:00/37:37,15118) [kworker/u4:2]
(postfix,90460,4176,00:00:00/21:54,16579) pickup -l -t unix -u
(root,0,0,00:00:00/16:28,17121) [kworker/1:0]
(root,0,0,00:00:00/06:15,18027) [kworker/0:0]
(root,0,0,00:00:00/05:57,18028) [kworker/1:1]
(root,0,0,00:00:00/04:11,18213) [kworker/u4:0]
(root,0,0,00:00:00/01:14,18485) [kworker/0:1]
(root,0,0,00:00:00/00:26,18486) [kworker/1:2]
(root,113192,1580,00:00:00/00:00,18740) /bin/bash /usr/bin/check_mk_agent
(root,51752,1676,00:00:00/00:00,18756) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000
(root,13324,928,00:00:00/00:00,18757) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) /
(pdns,1374876,24456,00:40:10/144-12:16:55,20510) /usr/sbin/pdns_server --guardian=no --daemon=no --disable-syslog --no-shuffle --log-timestamp=no --write-pid=no
(root,99932,2244,00:00:00/254-08:45:50,22579) /opt/veeam/deployment/veeamdeploymentsvc --run-service
(root,391024,30640,00:00:18/254-08:45:50,22581) /opt/veeam/deployment/veeamdeploymentsvc --service-process 9:8
(veeam-cd,601912,15316,00:59:08/254-08:45:50,22583) /opt/veeam/deployment/veeamdeploymentsvc --vcp-subprocess 18:17
(root,0,0,00:01:09/15:58:34,27438) [kworker/0:2]
(nginx,57480,2504,00:00:00/21:28:04,29573) nginx: worker process

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: ens35: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether 1e:00:d2:00:05:c4 brd ff:ff:ff:ff:ff:ff
[end_iplink]

Found on 2024-10-11 23:28

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcb76c1b6ce66f06e793f105f6bdf22204e11ef0bf0

Found public CheckMk agent:
Version: 1.5.0p7
AgentOS: linux
Hostname: master.gi-dns.com
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local

Found process list through CheckMk:
(root,191148,3936,01:09:29/266-11:10:57,1) /usr/lib/systemd/systemd --switched-root --system --deserialize 22
(root,0,0,00:00:05/266-11:10:57,2) [kthreadd]
(root,0,0,00:00:00/266-11:10:57,4) [kworker/0:0H]
(root,0,0,00:09:28/266-11:10:57,6) [ksoftirqd/0]
(root,0,0,00:01:08/266-11:10:57,7) [migration/0]
(root,0,0,00:00:00/266-11:10:57,8) [rcu_bh]
(root,0,0,08:46:45/266-11:10:57,9) [rcu_sched]
(root,0,0,00:00:00/266-11:10:57,10) [lru-add-drain]
(root,0,0,00:01:32/266-11:10:57,11) [watchdog/0]
(root,0,0,00:01:12/266-11:10:57,12) [watchdog/1]
(root,0,0,00:01:12/266-11:10:57,13) [migration/1]
(root,0,0,00:00:51/266-11:10:57,14) [ksoftirqd/1]
(root,0,0,00:00:00/266-11:10:57,16) [kworker/1:0H]
(root,0,0,00:00:00/266-11:10:57,18) [kdevtmpfs]
(root,0,0,00:00:00/266-11:10:57,19) [netns]
(root,0,0,00:00:14/266-11:10:57,20) [khungtaskd]
(root,0,0,00:00:00/266-11:10:57,21) [writeback]
(root,0,0,00:00:00/266-11:10:57,22) [kintegrityd]
(root,0,0,00:00:00/266-11:10:57,23) [bioset]
(root,0,0,00:00:00/266-11:10:57,24) [bioset]
(root,0,0,00:00:00/266-11:10:57,25) [bioset]
(root,0,0,00:00:00/266-11:10:57,26) [kblockd]
(root,0,0,00:00:00/266-11:10:57,27) [md]
(root,0,0,00:00:00/266-11:10:57,28) [edac-poller]
(root,0,0,00:00:00/266-11:10:57,29) [watchdogd]
(root,0,0,00:00:04/266-11:10:57,36) [kswapd0]
(root,0,0,00:00:00/266-11:10:57,37) [ksmd]
(root,0,0,00:01:03/266-11:10:57,38) [khugepaged]
(root,0,0,00:00:00/266-11:10:57,39) [crypto]
(root,0,0,00:00:00/266-11:10:57,47) [kthrotld]
(root,0,0,00:00:00/266-11:10:57,49) [kmpath_rdacd]
(root,0,0,00:00:00/266-11:10:57,50) [kaluad]
(root,0,0,00:00:00/266-11:10:57,51) [kpsmoused]
(root,0,0,00:00:00/266-11:10:57,53) [ipv6_addrconf]
(root,0,0,00:00:00/266-11:10:57,66) [deferwq]
(root,0,0,00:00:58/266-11:10:57,101) [kauditd]
(root,0,0,00:00:00/266-11:10:56,280) [ata_sff]
(root,0,0,00:00:00/266-11:10:56,281) [mpt_poll_0]
(root,0,0,00:00:00/266-11:10:56,282) [nfit]
(root,0,0,00:00:00/266-11:10:56,283) [mpt/0]
(root,0,0,00:00:00/266-11:10:56,311) [scsi_eh_0]
(root,0,0,00:00:00/266-11:10:56,312) [scsi_tmf_0]
(root,0,0,00:00:00/266-11:10:56,353) [scsi_eh_1]
(root,0,0,00:00:00/266-11:10:56,354) [scsi_tmf_1]
(root,0,0,00:00:00/266-11:10:56,356) [scsi_eh_2]
(root,0,0,00:00:00/266-11:10:56,357) [scsi_tmf_2]
(root,0,0,00:43:07/266-11:10:56,360) [irq/16-vmwgfx]
(root,0,0,00:00:00/266-11:10:56,365) [ttm_swap]
(root,0,0,00:00:00/266-11:10:56,374) [mpt_poll_1]
(root,0,0,00:00:00/266-11:10:56,375) [mpt/1]
(root,0,0,00:00:00/266-11:10:56,378) [scsi_eh_3]
(root,0,0,00:00:00/266-11:10:56,379) [scsi_tmf_3]
(root,0,0,00:00:00/266-11:10:56,380) [mpt_poll_2]
(root,0,0,00:00:00/266-11:10:56,381) [mpt/2]
(root,0,0,00:00:00/266-11:10:56,382) [scsi_eh_4]
(root,0,0,00:00:00/266-11:10:56,383) [scsi_tmf_4]
(root,0,0,00:00:00/266-11:10:56,384) [mpt_poll_3]
(root,0,0,00:00:00/266-11:10:56,385) [mpt/3]
(root,0,0,00:00:00/266-11:10:56,386) [scsi_eh_5]
(root,0,0,00:00:00/266-11:10:56,387) [scsi_tmf_5]
(root,0,0,00:00:00/266-11:10:56,451) [kdmflush]
(root,0,0,00:00:00/266-11:10:56,452) [bioset]
(root,0,0,00:00:00/266-11:10:55,462) [kdmflush]
(root,0,0,00:00:00/266-11:10:55,463) [bioset]
(root,0,0,00:00:00/266-11:10:55,476) [bioset]
(root,0,0,00:00:00/266-11:10:55,477) [xfsalloc]
(root,0,0,00:00:00/266-11:10:55,478) [xfs_mru_cache]
(root,0,0,00:00:00/266-11:10:55,479) [xfs-buf/dm-0]
(root,0,0,00:00:00/266-11:10:55,480) [xfs-data/dm-0]
(root,0,0,00:00:00/266-11:10:55,481) [xfs-conv/dm-0]
(root,0,0,00:00:00/266-11:10:55,482) [xfs-cil/dm-0]
(root,0,0,00:00:00/266-11:10:55,483) [xfs-reclaim/dm-]
(root,0,0,00:00:00/266-11:10:55,484) [xfs-log/dm-0]
(root,0,0,00:00:00/266-11:10:55,485) [xfs-eofblocks/d]
(root,0,0,01:29:58/266-11:10:55,486) [xfsaild/dm-0]
(root,0,0,00:00:51/266-11:10:55,487) [kworker/0:1H]
(root,55952,17204,00:20:29/266-11:10:52,567) /usr/lib/systemd/systemd-journald
(root,198568,1556,00:00:02/266-11:10:52,587) /usr/sbin/lvmetad -f
(root,44800,1692,00:00:01/266-11:10:52,600) /usr/lib/systemd/systemd-udevd
(root,0,0,00:00:00/266-11:10:51,729) [xfs-buf/sda1]
(root,0,0,00:00:00/266-11:10:51,730) [xfs-data/sda1]
(root,0,0,00:00:00/266-11:10:51,731) [xfs-conv/sda1]
(root,0,0,00:00:00/266-11:10:51,732) [xfs-cil/sda1]
(root,0,0,00:00:00/266-11:10:51,733) [xfs-reclaim/sda]
(root,0,0,00:00:00/266-11:10:51,734) [xfs-log/sda1]
(root,0,0,00:00:00/266-11:10:51,735) [xfs-eofblocks/s]
(root,0,0,00:00:03/266-11:10:51,744) [xfsaild/sda1]
(root,0,0,00:00:50/266-11:10:51,768) [kworker/1:1H]
(root,55528,1072,00:04:54/266-11:10:51,769) /sbin/auditd
(root,99684,4488,00:00:00/266-11:10:50,791) /usr/bin/VGAuthService -s
(root,305176,5280,03:50:20/266-11:10:50,792) /usr/bin/vmtoolsd
(polkitd,612372,10016,00:00:14/266-11:10:50,797) /usr/lib/polkit-1/polkitd --no-debug
(root,21684,1256,00:13:22/266-11:10:50,805) /usr/sbin/irqbalance --foreground
(root,26380,1684,00:01:59/266-11:10:50,839) /usr/lib/systemd/systemd-logind
(dbus,58236,2340,00:05:38/266-11:10:50,840) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation
(ntp,25728,1928,00:03:22/266-11:10:50,851) /usr/sbin/ntpd -u ntp:ntp -g
(root,476344,8552,00:05:25/266-11:10:50,858) /usr/sbin/NetworkManager --no-daemon
(root,126288,1572,00:00:35/266-11:10:50,862) /usr/sbin/crond -n
(root,110108,804,00:00:00/266-11:10:50,865) /sbin/agetty --noclear tty1 linux
(root,218220,18720,01:05:38/266-11:10:49,1120) /opt/web/powerdns-admin/flask/bin/python3 /opt/web/powerdns-admin/flask/bin/gunicorn --workers 2 --bind unix:/opt/web/powerdns-admin/powerdns-admin.sock app:app
(root,482296,13344,00:25:26/266-11:10:49,1122) /usr/sbin/rsyslogd -n
(root,574200,17260,00:42:34/266-11:10:49,1123) /usr/bin/python2 -Es /usr/sbin/tuned -l -P
(root,112920,4356,00:05:38/266-11:10:49,1126) /usr/sbin/sshd -D
(root,27168,876,00:00:00/266-11:10:49,1160) /usr/sbin/xinetd -stayalive -pidfile /var/run/xinetd.pid
(mysql,1768440,167084,03:36:16/266-11:10:49,1226) /usr/sbin/mysqld
(root,57076,3040,00:00:01/266-11:10:49,1237) nginx: master process /usr/sbin/nginx -c /etc/nginx/nginx.conf
(root,0,0,00:00:02/26-06:13:06,1263) [veeamsnap_log]
(root,0,0,00:00:00/26-06:13:06,1264) [bioset]
(root,0,0,00:00:00/26-06:13:06,1266) [bioset]
(root,0,0,00:00:00/26-06:13:06,1267) [bioset]
(root,1203512,633304,23:24:16/266-11:10:48,1334) /usr/bin/python2 -s /usr/bin/fail2ban-server -s /var/run/fail2ban/fail2ban.sock -p /var/run/fail2ban/fail2ban.pid -x -b
(root,90356,2252,00:01:12/266-11:10:48,1412) /usr/libexec/postfix/master -w
(postfix,90636,4360,00:00:17/266-11:10:48,1452) qmgr -l -t unix -u
(root,0,0,00:00:00/01:20:03,5389) [kworker/u4:1]
(root,1193852,21268,00:06:22/27-04:36:18,5783) /opt/veeam/transport/veeamtransport --run-service
(root,104896,3036,00:00:00/27-04:36:18,5790) /opt/veeam/transport/veeamtransport --run-environmentsvc 7:6
(root,168292,2192,00:04:58/27-04:36:17,5803) /opt/veeam/transport/veeamimmureposvc --subprocess --log /var/log/VeeamBackup --maxLogSize 15728640 --stdio 10:7
(root,1627728,59004,00:05:17/27-04:35:52,6189) /usr/sbin/veeamworker --pidfile /var/run/veeamservice.pid --daemon
(postfix,90460,4172,00:00:00/50:14,8122) pickup -l -t unix -u
(root,0,0,00:00:00/23:54,10560) [kworker/1:0]
(root,0,0,00:00:00/13:23,11548) [kworker/1:2]
(root,0,0,00:00:00/11:38,11727) [kworker/u4:0]
(root,0,0,00:00:00/07:52,11998) [kworker/1:1]
(root,0,0,00:00:00/05:14,12266) [kworker/0:2]
(root,0,0,00:00:00/266-06:06:51,12620) [cifsiod]
(root,0,0,00:00:00/266-06:06:51,12621) [cifsoplockd]
(root,0,0,00:00:00/00:13,12714) [kworker/0:0]
(root,113320,1616,00:00:00/00:00,12769) /bin/bash /usr/bin/check_mk_agent
(root,113192,1584,00:00:00/00:00,12854) /bin/bash /usr/bin/check_mk_agent
(root,51752,1680,00:00:00/00:00,12876) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000
(root,13324,928,00:00:00/00:00,12877) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) /
(root,414432,120680,00:08:08/213-06:26:38,14055) /opt/web/powerdns-admin/flask/bin/python3 /opt/web/powerdns-admin/flask/bin/gunicorn --workers 2 --bind unix:/opt/web/powerdns-admin/powerdns-admin.sock app:app
(root,362720,68704,00:07:59/213-06:26:38,14056) /opt/web/powerdns-admin/flask/bin/python3 /opt/web/powerdns-admin/flask/bin/gunicorn --workers 2 --bind unix:/opt/web/powerdns-admin/powerdns-admin.sock app:app
(pdns,1374876,24456,00:39:34/142-12:25:49,20510) /usr/sbin/pdns_server --guardian=no --daemon=no --disable-syslog --no-shuffle --log-timestamp=no --write-pid=no
(nginx,57564,4044,00:00:00/21:36:58,22239) nginx: worker process
(root,99932,2244,00:00:00/252-08:54:44,22579) /opt/veeam/deployment/veeamdeploymentsvc --run-service
(root,391024,30640,00:00:18/252-08:54:44,22581) /opt/veeam/deployment/veeamdeploymentsvc --service-process 9:8
(veeam-cd,601912,15316,00:58:36/252-08:54:44,22583) /opt/veeam/deployment/veeamdeploymentsvc --vcp-subprocess 18:17
(root,0,0,00:00:37/08:35:58,29506) [kworker/0:1]

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: ens35: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether 1e:00:d2:00:05:c4 brd ff:ff:ff:ff:ff:ff
[end_iplink]

Found on 2024-10-09 23:36

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcb76c1b6ce66f06e793f105f6bdf22204e74d20d7d

Found public CheckMk agent:
Version: 1.5.0p7
AgentOS: linux
Hostname: master.gi-dns.com
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local

Found process list through CheckMk:
(root,191148,3936,01:08:46/264-09:35:01,1) /usr/lib/systemd/systemd --switched-root --system --deserialize 22
(root,0,0,00:00:05/264-09:35:01,2) [kthreadd]
(root,0,0,00:00:00/264-09:35:01,4) [kworker/0:0H]
(root,0,0,00:09:24/264-09:35:01,6) [ksoftirqd/0]
(root,0,0,00:01:08/264-09:35:01,7) [migration/0]
(root,0,0,00:00:00/264-09:35:01,8) [rcu_bh]
(root,0,0,08:43:02/264-09:35:01,9) [rcu_sched]
(root,0,0,00:00:00/264-09:35:01,10) [lru-add-drain]
(root,0,0,00:01:32/264-09:35:01,11) [watchdog/0]
(root,0,0,00:01:11/264-09:35:01,12) [watchdog/1]
(root,0,0,00:01:12/264-09:35:01,13) [migration/1]
(root,0,0,00:00:50/264-09:35:01,14) [ksoftirqd/1]
(root,0,0,00:00:00/264-09:35:01,16) [kworker/1:0H]
(root,0,0,00:00:00/264-09:35:01,18) [kdevtmpfs]
(root,0,0,00:00:00/264-09:35:01,19) [netns]
(root,0,0,00:00:14/264-09:35:01,20) [khungtaskd]
(root,0,0,00:00:00/264-09:35:01,21) [writeback]
(root,0,0,00:00:00/264-09:35:01,22) [kintegrityd]
(root,0,0,00:00:00/264-09:35:01,23) [bioset]
(root,0,0,00:00:00/264-09:35:01,24) [bioset]
(root,0,0,00:00:00/264-09:35:01,25) [bioset]
(root,0,0,00:00:00/264-09:35:01,26) [kblockd]
(root,0,0,00:00:00/264-09:35:01,27) [md]
(root,0,0,00:00:00/264-09:35:01,28) [edac-poller]
(root,0,0,00:00:00/264-09:35:01,29) [watchdogd]
(root,0,0,00:00:04/264-09:35:01,36) [kswapd0]
(root,0,0,00:00:00/264-09:35:01,37) [ksmd]
(root,0,0,00:01:02/264-09:35:01,38) [khugepaged]
(root,0,0,00:00:00/264-09:35:01,39) [crypto]
(root,0,0,00:00:00/264-09:35:01,47) [kthrotld]
(root,0,0,00:00:00/264-09:35:01,49) [kmpath_rdacd]
(root,0,0,00:00:00/264-09:35:01,50) [kaluad]
(root,0,0,00:00:00/264-09:35:01,51) [kpsmoused]
(root,0,0,00:00:00/264-09:35:01,53) [ipv6_addrconf]
(root,0,0,00:00:00/264-09:35:01,66) [deferwq]
(root,0,0,00:00:58/264-09:35:01,101) [kauditd]
(root,0,0,00:00:00/264-09:35:00,280) [ata_sff]
(root,0,0,00:00:00/264-09:35:00,281) [mpt_poll_0]
(root,0,0,00:00:00/264-09:35:00,282) [nfit]
(root,0,0,00:00:00/264-09:35:00,283) [mpt/0]
(root,0,0,00:00:00/264-09:35:00,311) [scsi_eh_0]
(root,0,0,00:00:00/264-09:35:00,312) [scsi_tmf_0]
(root,0,0,00:00:00/264-09:35:00,353) [scsi_eh_1]
(root,0,0,00:00:00/264-09:35:00,354) [scsi_tmf_1]
(root,0,0,00:00:00/264-09:35:00,356) [scsi_eh_2]
(root,0,0,00:00:00/264-09:35:00,357) [scsi_tmf_2]
(root,0,0,00:42:49/264-09:35:00,360) [irq/16-vmwgfx]
(root,0,0,00:00:00/264-09:35:00,365) [ttm_swap]
(root,0,0,00:00:00/264-09:35:00,374) [mpt_poll_1]
(root,0,0,00:00:00/264-09:35:00,375) [mpt/1]
(root,0,0,00:00:00/264-09:35:00,378) [scsi_eh_3]
(root,0,0,00:00:00/264-09:35:00,379) [scsi_tmf_3]
(root,0,0,00:00:00/264-09:35:00,380) [mpt_poll_2]
(root,0,0,00:00:00/264-09:35:00,381) [mpt/2]
(root,0,0,00:00:00/264-09:35:00,382) [scsi_eh_4]
(root,0,0,00:00:00/264-09:35:00,383) [scsi_tmf_4]
(root,0,0,00:00:00/264-09:35:00,384) [mpt_poll_3]
(root,0,0,00:00:00/264-09:35:00,385) [mpt/3]
(root,0,0,00:00:00/264-09:35:00,386) [scsi_eh_5]
(root,0,0,00:00:00/264-09:35:00,387) [scsi_tmf_5]
(root,0,0,00:00:00/264-09:35:00,451) [kdmflush]
(root,0,0,00:00:00/264-09:35:00,452) [bioset]
(root,0,0,00:00:00/264-09:34:59,462) [kdmflush]
(root,0,0,00:00:00/264-09:34:59,463) [bioset]
(root,0,0,00:00:00/264-09:34:59,476) [bioset]
(root,0,0,00:00:00/264-09:34:59,477) [xfsalloc]
(root,0,0,00:00:00/264-09:34:59,478) [xfs_mru_cache]
(root,0,0,00:00:00/264-09:34:59,479) [xfs-buf/dm-0]
(root,0,0,00:00:00/264-09:34:59,480) [xfs-data/dm-0]
(root,0,0,00:00:00/264-09:34:59,481) [xfs-conv/dm-0]
(root,0,0,00:00:00/264-09:34:59,482) [xfs-cil/dm-0]
(root,0,0,00:00:00/264-09:34:59,483) [xfs-reclaim/dm-]
(root,0,0,00:00:00/264-09:34:59,484) [xfs-log/dm-0]
(root,0,0,00:00:00/264-09:34:59,485) [xfs-eofblocks/d]
(root,0,0,01:29:14/264-09:34:59,486) [xfsaild/dm-0]
(root,0,0,00:00:50/264-09:34:59,487) [kworker/0:1H]
(root,39576,4428,00:20:24/264-09:34:56,567) /usr/lib/systemd/systemd-journald
(root,198568,1552,00:00:02/264-09:34:56,587) /usr/sbin/lvmetad -f
(root,44800,1692,00:00:01/264-09:34:56,600) /usr/lib/systemd/systemd-udevd
(root,0,0,00:00:00/264-09:34:55,729) [xfs-buf/sda1]
(root,0,0,00:00:00/264-09:34:55,730) [xfs-data/sda1]
(root,0,0,00:00:00/264-09:34:55,731) [xfs-conv/sda1]
(root,0,0,00:00:00/264-09:34:55,732) [xfs-cil/sda1]
(root,0,0,00:00:00/264-09:34:55,733) [xfs-reclaim/sda]
(root,0,0,00:00:00/264-09:34:55,734) [xfs-log/sda1]
(root,0,0,00:00:00/264-09:34:55,735) [xfs-eofblocks/s]
(root,0,0,00:00:03/264-09:34:55,744) [xfsaild/sda1]
(root,0,0,00:00:50/264-09:34:55,768) [kworker/1:1H]
(root,55528,1072,00:04:53/264-09:34:55,769) /sbin/auditd
(root,99684,4488,00:00:00/264-09:34:54,791) /usr/bin/VGAuthService -s
(root,305176,5280,03:48:16/264-09:34:54,792) /usr/bin/vmtoolsd
(polkitd,612372,10016,00:00:13/264-09:34:54,797) /usr/lib/polkit-1/polkitd --no-debug
(root,21684,1256,00:13:15/264-09:34:54,805) /usr/sbin/irqbalance --foreground
(root,26380,1680,00:01:58/264-09:34:54,839) /usr/lib/systemd/systemd-logind
(dbus,58236,2340,00:05:35/264-09:34:54,840) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation
(ntp,25728,1928,00:03:20/264-09:34:54,851) /usr/sbin/ntpd -u ntp:ntp -g
(root,476344,8552,00:05:22/264-09:34:54,858) /usr/sbin/NetworkManager --no-daemon
(root,126288,1572,00:00:34/264-09:34:54,862) /usr/sbin/crond -n
(root,110108,804,00:00:00/264-09:34:54,865) /sbin/agetty --noclear tty1 linux
(root,218220,18720,01:05:05/264-09:34:53,1120) /opt/web/powerdns-admin/flask/bin/python3 /opt/web/powerdns-admin/flask/bin/gunicorn --workers 2 --bind unix:/opt/web/powerdns-admin/powerdns-admin.sock app:app
(root,465912,5776,00:25:15/264-09:34:53,1122) /usr/sbin/rsyslogd -n
(root,574200,17260,00:42:12/264-09:34:53,1123) /usr/bin/python2 -Es /usr/sbin/tuned -l -P
(root,112920,4356,00:05:37/264-09:34:53,1126) /usr/sbin/sshd -D
(root,27168,876,00:00:00/264-09:34:53,1160) /usr/sbin/xinetd -stayalive -pidfile /var/run/xinetd.pid
(mysql,1768440,167068,03:34:32/264-09:34:53,1226) /usr/sbin/mysqld
(root,57076,3040,00:00:01/264-09:34:53,1237) nginx: master process /usr/sbin/nginx -c /etc/nginx/nginx.conf
(root,0,0,00:00:02/24-04:37:10,1263) [veeamsnap_log]
(root,0,0,00:00:00/24-04:37:10,1264) [bioset]
(root,0,0,00:00:00/24-04:37:10,1266) [bioset]
(root,0,0,00:00:00/24-04:37:10,1267) [bioset]
(root,1186360,626460,23:22:47/264-09:34:52,1334) /usr/bin/python2 -s /usr/bin/fail2ban-server -s /var/run/fail2ban/fail2ban.sock -p /var/run/fail2ban/fail2ban.pid -x -b
(root,90356,2252,00:01:11/264-09:34:52,1412) /usr/libexec/postfix/master -w
(postfix,90636,4360,00:00:17/264-09:34:52,1452) qmgr -l -t unix -u
(root,1193852,21144,00:05:54/25-03:00:22,5783) /opt/veeam/transport/veeamtransport --run-service
(root,104896,3036,00:00:00/25-03:00:22,5790) /opt/veeam/transport/veeamtransport --run-environmentsvc 7:6
(root,168292,2192,00:04:35/25-03:00:21,5803) /opt/veeam/transport/veeamimmureposvc --subprocess --log /var/log/VeeamBackup --maxLogSize 15728640 --stdio 10:7
(root,1627728,58428,00:04:58/25-02:59:56,6189) /usr/sbin/veeamworker --pidfile /var/run/veeamservice.pid --daemon
(root,0,0,00:00:00/264-04:30:55,12620) [cifsiod]
(root,0,0,00:00:00/264-04:30:55,12621) [cifsoplockd]
(root,414432,120680,00:08:03/211-04:50:42,14055) /opt/web/powerdns-admin/flask/bin/python3 /opt/web/powerdns-admin/flask/bin/gunicorn --workers 2 --bind unix:/opt/web/powerdns-admin/powerdns-admin.sock app:app
(root,362720,68704,00:07:54/211-04:50:42,14056) /opt/web/powerdns-admin/flask/bin/python3 /opt/web/powerdns-admin/flask/bin/gunicorn --workers 2 --bind unix:/opt/web/powerdns-admin/powerdns-admin.sock app:app
(nginx,57468,2552,00:00:00/20:01:02,14335) nginx: worker process
(pdns,1374876,24456,00:38:57/140-10:49:53,20510) /usr/sbin/pdns_server --guardian=no --daemon=no --disable-syslog --no-shuffle --log-timestamp=no --write-pid=no
(postfix,90460,4176,00:00:00/01:13:55,22342) pickup -l -t unix -u
(root,99932,2244,00:00:00/250-07:18:48,22579) /opt/veeam/deployment/veeamdeploymentsvc --run-service
(root,391024,30640,00:00:18/250-07:18:48,22581) /opt/veeam/deployment/veeamdeploymentsvc --service-process 9:8
(veeam-cd,601912,15316,00:58:02/250-07:18:48,22583) /opt/veeam/deployment/veeamdeploymentsvc --vcp-subprocess 18:17
(root,0,0,00:00:03/55:44,23978) [kworker/0:1]
(root,0,0,00:00:00/44:59,24874) [kworker/u4:0]
(root,0,0,00:00:00/13:07,27783) [kworker/0:0]
(root,0,0,00:00:00/13:06,27784) [kworker/1:2]
(root,0,0,00:00:00/08:23,28258) [kworker/u4:1]
(root,0,0,00:00:00/08:05,28259) [kworker/1:1]
(root,0,0,00:00:00/07:36,28349) [kworker/0:2]
(root,113192,1588,00:00:00/00:00,29163) /bin/bash /usr/bin/check_mk_agent
(root,51752,1680,00:00:00/00:00,29179) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000
(root,13324,924,00:00:00/00:00,29180) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) /
(root,0,0,00:00:01/05:09:08,32421) [kworker/1:0]

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: ens35: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether 1e:00:d2:00:05:c4 brd ff:ff:ff:ff:ff:ff
[end_iplink]

Found on 2024-10-07 22:01

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcb76c1b6ce66f06e793f105f6bdf22204e232b9aec

Found public CheckMk agent:
Version: 1.5.0p7
AgentOS: linux
Hostname: master.gi-dns.com
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local

Found process list through CheckMk:
(root,191148,3936,01:08:05/262-10:29:33,1) /usr/lib/systemd/systemd --switched-root --system --deserialize 22
(root,0,0,00:00:05/262-10:29:33,2) [kthreadd]
(root,0,0,00:00:00/262-10:29:33,4) [kworker/0:0H]
(root,0,0,00:09:21/262-10:29:33,6) [ksoftirqd/0]
(root,0,0,00:01:07/262-10:29:33,7) [migration/0]
(root,0,0,00:00:00/262-10:29:33,8) [rcu_bh]
(root,0,0,08:39:46/262-10:29:33,9) [rcu_sched]
(root,0,0,00:00:00/262-10:29:33,10) [lru-add-drain]
(root,0,0,00:01:31/262-10:29:33,11) [watchdog/0]
(root,0,0,00:01:11/262-10:29:33,12) [watchdog/1]
(root,0,0,00:01:11/262-10:29:33,13) [migration/1]
(root,0,0,00:00:50/262-10:29:33,14) [ksoftirqd/1]
(root,0,0,00:00:00/262-10:29:33,16) [kworker/1:0H]
(root,0,0,00:00:00/262-10:29:33,18) [kdevtmpfs]
(root,0,0,00:00:00/262-10:29:33,19) [netns]
(root,0,0,00:00:14/262-10:29:33,20) [khungtaskd]
(root,0,0,00:00:00/262-10:29:33,21) [writeback]
(root,0,0,00:00:00/262-10:29:33,22) [kintegrityd]
(root,0,0,00:00:00/262-10:29:33,23) [bioset]
(root,0,0,00:00:00/262-10:29:33,24) [bioset]
(root,0,0,00:00:00/262-10:29:33,25) [bioset]
(root,0,0,00:00:00/262-10:29:33,26) [kblockd]
(root,0,0,00:00:00/262-10:29:33,27) [md]
(root,0,0,00:00:00/262-10:29:33,28) [edac-poller]
(root,0,0,00:00:00/262-10:29:33,29) [watchdogd]
(root,0,0,00:00:04/262-10:29:33,36) [kswapd0]
(root,0,0,00:00:00/262-10:29:33,37) [ksmd]
(root,0,0,00:01:02/262-10:29:33,38) [khugepaged]
(root,0,0,00:00:00/262-10:29:33,39) [crypto]
(root,0,0,00:00:00/262-10:29:33,47) [kthrotld]
(root,0,0,00:00:00/262-10:29:33,49) [kmpath_rdacd]
(root,0,0,00:00:00/262-10:29:33,50) [kaluad]
(root,0,0,00:00:00/262-10:29:33,51) [kpsmoused]
(root,0,0,00:00:00/262-10:29:33,53) [ipv6_addrconf]
(root,0,0,00:00:00/262-10:29:33,66) [deferwq]
(root,0,0,00:00:57/262-10:29:33,101) [kauditd]
(root,0,0,00:00:00/262-10:29:32,280) [ata_sff]
(root,0,0,00:00:00/262-10:29:32,281) [mpt_poll_0]
(root,0,0,00:00:00/262-10:29:32,282) [nfit]
(root,0,0,00:00:00/262-10:29:32,283) [mpt/0]
(root,0,0,00:00:00/262-10:29:32,311) [scsi_eh_0]
(root,0,0,00:00:00/262-10:29:32,312) [scsi_tmf_0]
(root,0,0,00:00:00/262-10:29:32,353) [scsi_eh_1]
(root,0,0,00:00:00/262-10:29:32,354) [scsi_tmf_1]
(root,0,0,00:00:00/262-10:29:32,356) [scsi_eh_2]
(root,0,0,00:00:00/262-10:29:32,357) [scsi_tmf_2]
(root,0,0,00:42:30/262-10:29:32,360) [irq/16-vmwgfx]
(root,0,0,00:00:00/262-10:29:32,365) [ttm_swap]
(root,0,0,00:00:00/262-10:29:32,374) [mpt_poll_1]
(root,0,0,00:00:00/262-10:29:32,375) [mpt/1]
(root,0,0,00:00:00/262-10:29:32,378) [scsi_eh_3]
(root,0,0,00:00:00/262-10:29:32,379) [scsi_tmf_3]
(root,0,0,00:00:00/262-10:29:32,380) [mpt_poll_2]
(root,0,0,00:00:00/262-10:29:32,381) [mpt/2]
(root,0,0,00:00:00/262-10:29:32,382) [scsi_eh_4]
(root,0,0,00:00:00/262-10:29:32,383) [scsi_tmf_4]
(root,0,0,00:00:00/262-10:29:32,384) [mpt_poll_3]
(root,0,0,00:00:00/262-10:29:32,385) [mpt/3]
(root,0,0,00:00:00/262-10:29:32,386) [scsi_eh_5]
(root,0,0,00:00:00/262-10:29:32,387) [scsi_tmf_5]
(root,0,0,00:00:00/262-10:29:32,451) [kdmflush]
(root,0,0,00:00:00/262-10:29:32,452) [bioset]
(root,0,0,00:00:00/262-10:29:31,462) [kdmflush]
(root,0,0,00:00:00/262-10:29:31,463) [bioset]
(root,0,0,00:00:00/262-10:29:31,476) [bioset]
(root,0,0,00:00:00/262-10:29:31,477) [xfsalloc]
(root,0,0,00:00:00/262-10:29:31,478) [xfs_mru_cache]
(root,0,0,00:00:00/262-10:29:31,479) [xfs-buf/dm-0]
(root,0,0,00:00:00/262-10:29:31,480) [xfs-data/dm-0]
(root,0,0,00:00:00/262-10:29:31,481) [xfs-conv/dm-0]
(root,0,0,00:00:00/262-10:29:31,482) [xfs-cil/dm-0]
(root,0,0,00:00:00/262-10:29:31,483) [xfs-reclaim/dm-]
(root,0,0,00:00:00/262-10:29:31,484) [xfs-log/dm-0]
(root,0,0,00:00:00/262-10:29:31,485) [xfs-eofblocks/d]
(root,0,0,01:28:32/262-10:29:31,486) [xfsaild/dm-0]
(root,0,0,00:00:50/262-10:29:31,487) [kworker/0:1H]
(root,39576,6340,00:20:19/262-10:29:28,567) /usr/lib/systemd/systemd-journald
(root,198568,1552,00:00:02/262-10:29:28,587) /usr/sbin/lvmetad -f
(root,44800,1692,00:00:01/262-10:29:28,600) /usr/lib/systemd/systemd-udevd
(root,0,0,00:00:00/262-10:29:27,729) [xfs-buf/sda1]
(root,0,0,00:00:00/262-10:29:27,730) [xfs-data/sda1]
(root,0,0,00:00:00/262-10:29:27,731) [xfs-conv/sda1]
(root,0,0,00:00:00/262-10:29:27,732) [xfs-cil/sda1]
(root,0,0,00:00:00/262-10:29:27,733) [xfs-reclaim/sda]
(root,0,0,00:00:00/262-10:29:27,734) [xfs-log/sda1]
(root,0,0,00:00:00/262-10:29:27,735) [xfs-eofblocks/s]
(root,0,0,00:00:03/262-10:29:27,744) [xfsaild/sda1]
(root,0,0,00:00:49/262-10:29:27,768) [kworker/1:1H]
(root,55528,1072,00:04:52/262-10:29:27,769) /sbin/auditd
(root,99684,4488,00:00:00/262-10:29:26,791) /usr/bin/VGAuthService -s
(root,305176,5280,03:46:16/262-10:29:26,792) /usr/bin/vmtoolsd
(polkitd,612372,10016,00:00:13/262-10:29:26,797) /usr/lib/polkit-1/polkitd --no-debug
(root,21684,1256,00:13:08/262-10:29:26,805) /usr/sbin/irqbalance --foreground
(root,26380,1680,00:01:57/262-10:29:26,839) /usr/lib/systemd/systemd-logind
(dbus,58236,2340,00:05:33/262-10:29:26,840) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation
(ntp,25728,1928,00:03:19/262-10:29:26,851) /usr/sbin/ntpd -u ntp:ntp -g
(root,476344,8552,00:05:20/262-10:29:26,858) /usr/sbin/NetworkManager --no-daemon
(root,126288,1572,00:00:34/262-10:29:26,862) /usr/sbin/crond -n
(root,110108,804,00:00:00/262-10:29:26,865) /sbin/agetty --noclear tty1 linux
(root,218220,18720,01:04:33/262-10:29:25,1120) /opt/web/powerdns-admin/flask/bin/python3 /opt/web/powerdns-admin/flask/bin/gunicorn --workers 2 --bind unix:/opt/web/powerdns-admin/powerdns-admin.sock app:app
(root,464552,7536,00:25:04/262-10:29:25,1122) /usr/sbin/rsyslogd -n
(root,574200,17260,00:41:51/262-10:29:25,1123) /usr/bin/python2 -Es /usr/sbin/tuned -l -P
(root,112920,4356,00:05:35/262-10:29:25,1126) /usr/sbin/sshd -D
(root,27168,876,00:00:00/262-10:29:25,1160) /usr/sbin/xinetd -stayalive -pidfile /var/run/xinetd.pid
(mysql,1768440,167068,03:32:57/262-10:29:25,1226) /usr/sbin/mysqld
(root,57076,3040,00:00:01/262-10:29:25,1237) nginx: master process /usr/sbin/nginx -c /etc/nginx/nginx.conf
(root,0,0,00:00:02/22-05:31:42,1263) [veeamsnap_log]
(root,0,0,00:00:00/22-05:31:42,1264) [bioset]
(root,0,0,00:00:00/22-05:31:42,1266) [bioset]
(root,0,0,00:00:00/22-05:31:42,1267) [bioset]
(root,1186948,626892,23:21:06/262-10:29:24,1334) /usr/bin/python2 -s /usr/bin/fail2ban-server -s /var/run/fail2ban/fail2ban.sock -p /var/run/fail2ban/fail2ban.pid -x -b
(root,90356,2252,00:01:10/262-10:29:24,1412) /usr/libexec/postfix/master -w
(postfix,90636,4360,00:00:17/262-10:29:24,1452) qmgr -l -t unix -u
(root,1193852,19476,00:05:26/23-03:54:54,5783) /opt/veeam/transport/veeamtransport --run-service
(root,104896,3036,00:00:00/23-03:54:54,5790) /opt/veeam/transport/veeamtransport --run-environmentsvc 7:6
(root,168292,2192,00:04:14/23-03:54:53,5803) /opt/veeam/transport/veeamimmureposvc --subprocess --log /var/log/VeeamBackup --maxLogSize 15728640 --stdio 10:7
(root,1627728,59092,00:04:38/23-03:54:28,6189) /usr/sbin/veeamworker --pidfile /var/run/veeamservice.pid --daemon
(nginx,57468,2552,00:00:00/20:55:34,6354) nginx: worker process
(root,0,0,00:00:00/262-05:25:27,12620) [cifsiod]
(root,0,0,00:00:00/262-05:25:27,12621) [cifsoplockd]
(root,414432,120680,00:08:00/209-05:45:14,14055) /opt/web/powerdns-admin/flask/bin/python3 /opt/web/powerdns-admin/flask/bin/gunicorn --workers 2 --bind unix:/opt/web/powerdns-admin/powerdns-admin.sock app:app
(root,362720,68704,00:07:51/209-05:45:14,14056) /opt/web/powerdns-admin/flask/bin/python3 /opt/web/powerdns-admin/flask/bin/gunicorn --workers 2 --bind unix:/opt/web/powerdns-admin/powerdns-admin.sock app:app
(root,0,0,00:00:00/01:04:16,19837) [kworker/u4:1]
(pdns,1374744,24456,00:38:22/138-11:44:25,20510) /usr/sbin/pdns_server --guardian=no --daemon=no --disable-syslog --no-shuffle --log-timestamp=no --write-pid=no
(postfix,90460,4172,00:00:00/47:56,21368) pickup -l -t unix -u
(root,99932,2244,00:00:00/248-08:13:20,22579) /opt/veeam/deployment/veeamdeploymentsvc --run-service
(root,391024,30640,00:00:18/248-08:13:20,22581) /opt/veeam/deployment/veeamdeploymentsvc --service-process 9:8
(veeam-cd,601912,15316,00:57:30/248-08:13:20,22583) /opt/veeam/deployment/veeamdeploymentsvc --vcp-subprocess 18:17
(root,0,0,00:00:00/23:12,23611) [kworker/0:1]
(root,0,0,00:00:02/06:02:04,23644) [kworker/1:0]
(root,0,0,00:00:00/19:08,23972) [kworker/u4:2]
(root,0,0,00:00:00/15:51,24250) [kworker/1:2]
(root,0,0,00:00:00/12:40,24543) [kworker/0:0]
(root,0,0,00:00:00/11:07,24728) [kworker/u4:0]
(root,0,0,00:00:00/10:50,24729) [kworker/1:1]
(root,0,0,00:00:00/07:09,25088) [kworker/0:2]
(root,158804,5264,00:00:00/01:59,25580) sshd: unknown [priv]
(sshd,112920,2224,00:00:00/01:59,25581) sshd: unknown [net]
(root,158804,5280,00:00:00/01:56,25588) sshd: unknown [priv]
(sshd,112920,2224,00:00:00/01:56,25589) sshd: unknown [net]
(root,158804,5284,00:00:00/01:41,25594) sshd: unknown [priv]
(sshd,112920,2224,00:00:00/01:41,25595) sshd: unknown [net]
(root,158804,5280,00:00:00/01:16,25600) sshd: unknown [priv]
(sshd,112920,2224,00:00:00/01:16,25601) sshd: unknown [net]
(root,113320,1668,00:00:00/00:00,25784) /bin/bash /usr/bin/check_mk_agent
(root,113320,1620,00:00:00/00:00,25820) /bin/bash /usr/bin/check_mk_agent
(root,113192,1584,00:00:00/00:00,25890) /bin/bash /usr/bin/check_mk_agent
(root,9568,1320,00:00:00/00:00,25930) /bin/bash ././systemd
(root,51752,1684,00:00:00/00:00,25931) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000
(root,13324,924,00:00:00/00:00,25932) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) /

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: ens35: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether 1e:00:d2:00:05:c4 brd ff:ff:ff:ff:ff:ff
[end_iplink]

Found on 2024-10-05 22:55

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcb76c1b6ce66f06e793f105f6bdf22204e1760b6fb

Found public CheckMk agent:
Version: 1.5.0p7
AgentOS: linux
Hostname: master.gi-dns.com
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local

Found process list through CheckMk:
(root,191148,3936,01:07:22/260-07:48:20,1) /usr/lib/systemd/systemd --switched-root --system --deserialize 22
(root,0,0,00:00:05/260-07:48:20,2) [kthreadd]
(root,0,0,00:00:00/260-07:48:20,4) [kworker/0:0H]
(root,0,0,00:09:18/260-07:48:20,6) [ksoftirqd/0]
(root,0,0,00:01:07/260-07:48:20,7) [migration/0]
(root,0,0,00:00:00/260-07:48:20,8) [rcu_bh]
(root,0,0,08:36:28/260-07:48:20,9) [rcu_sched]
(root,0,0,00:00:00/260-07:48:20,10) [lru-add-drain]
(root,0,0,00:01:30/260-07:48:20,11) [watchdog/0]
(root,0,0,00:01:10/260-07:48:20,12) [watchdog/1]
(root,0,0,00:01:11/260-07:48:20,13) [migration/1]
(root,0,0,00:00:50/260-07:48:20,14) [ksoftirqd/1]
(root,0,0,00:00:00/260-07:48:20,16) [kworker/1:0H]
(root,0,0,00:00:00/260-07:48:20,18) [kdevtmpfs]
(root,0,0,00:00:00/260-07:48:20,19) [netns]
(root,0,0,00:00:14/260-07:48:20,20) [khungtaskd]
(root,0,0,00:00:00/260-07:48:20,21) [writeback]
(root,0,0,00:00:00/260-07:48:20,22) [kintegrityd]
(root,0,0,00:00:00/260-07:48:20,23) [bioset]
(root,0,0,00:00:00/260-07:48:20,24) [bioset]
(root,0,0,00:00:00/260-07:48:20,25) [bioset]
(root,0,0,00:00:00/260-07:48:20,26) [kblockd]
(root,0,0,00:00:00/260-07:48:20,27) [md]
(root,0,0,00:00:00/260-07:48:20,28) [edac-poller]
(root,0,0,00:00:00/260-07:48:20,29) [watchdogd]
(root,0,0,00:00:04/260-07:48:20,36) [kswapd0]
(root,0,0,00:00:00/260-07:48:20,37) [ksmd]
(root,0,0,00:01:01/260-07:48:20,38) [khugepaged]
(root,0,0,00:00:00/260-07:48:20,39) [crypto]
(root,0,0,00:00:00/260-07:48:20,47) [kthrotld]
(root,0,0,00:00:00/260-07:48:20,49) [kmpath_rdacd]
(root,0,0,00:00:00/260-07:48:20,50) [kaluad]
(root,0,0,00:00:00/260-07:48:20,51) [kpsmoused]
(root,0,0,00:00:00/260-07:48:20,53) [ipv6_addrconf]
(root,0,0,00:00:00/260-07:48:20,66) [deferwq]
(root,0,0,00:00:57/260-07:48:20,101) [kauditd]
(root,0,0,00:00:00/260-07:48:19,280) [ata_sff]
(root,0,0,00:00:00/260-07:48:19,281) [mpt_poll_0]
(root,0,0,00:00:00/260-07:48:19,282) [nfit]
(root,0,0,00:00:00/260-07:48:19,283) [mpt/0]
(root,0,0,00:00:00/260-07:48:19,311) [scsi_eh_0]
(root,0,0,00:00:00/260-07:48:19,312) [scsi_tmf_0]
(root,0,0,00:00:00/260-07:48:19,353) [scsi_eh_1]
(root,0,0,00:00:00/260-07:48:19,354) [scsi_tmf_1]
(root,0,0,00:00:00/260-07:48:19,356) [scsi_eh_2]
(root,0,0,00:00:00/260-07:48:19,357) [scsi_tmf_2]
(root,0,0,00:42:11/260-07:48:19,360) [irq/16-vmwgfx]
(root,0,0,00:00:00/260-07:48:19,365) [ttm_swap]
(root,0,0,00:00:00/260-07:48:19,374) [mpt_poll_1]
(root,0,0,00:00:00/260-07:48:19,375) [mpt/1]
(root,0,0,00:00:00/260-07:48:19,378) [scsi_eh_3]
(root,0,0,00:00:00/260-07:48:19,379) [scsi_tmf_3]
(root,0,0,00:00:00/260-07:48:19,380) [mpt_poll_2]
(root,0,0,00:00:00/260-07:48:19,381) [mpt/2]
(root,0,0,00:00:00/260-07:48:19,382) [scsi_eh_4]
(root,0,0,00:00:00/260-07:48:19,383) [scsi_tmf_4]
(root,0,0,00:00:00/260-07:48:19,384) [mpt_poll_3]
(root,0,0,00:00:00/260-07:48:19,385) [mpt/3]
(root,0,0,00:00:00/260-07:48:19,386) [scsi_eh_5]
(root,0,0,00:00:00/260-07:48:19,387) [scsi_tmf_5]
(root,0,0,00:00:00/260-07:48:19,451) [kdmflush]
(root,0,0,00:00:00/260-07:48:19,452) [bioset]
(root,0,0,00:00:00/260-07:48:18,462) [kdmflush]
(root,0,0,00:00:00/260-07:48:18,463) [bioset]
(root,0,0,00:00:00/260-07:48:18,476) [bioset]
(root,0,0,00:00:00/260-07:48:18,477) [xfsalloc]
(root,0,0,00:00:00/260-07:48:18,478) [xfs_mru_cache]
(root,0,0,00:00:00/260-07:48:18,479) [xfs-buf/dm-0]
(root,0,0,00:00:00/260-07:48:18,480) [xfs-data/dm-0]
(root,0,0,00:00:00/260-07:48:18,481) [xfs-conv/dm-0]
(root,0,0,00:00:00/260-07:48:18,482) [xfs-cil/dm-0]
(root,0,0,00:00:00/260-07:48:18,483) [xfs-reclaim/dm-]
(root,0,0,00:00:00/260-07:48:18,484) [xfs-log/dm-0]
(root,0,0,00:00:00/260-07:48:18,485) [xfs-eofblocks/d]
(root,0,0,01:27:45/260-07:48:18,486) [xfsaild/dm-0]
(root,0,0,00:00:50/260-07:48:18,487) [kworker/0:1H]
(root,39576,7632,00:20:14/260-07:48:15,567) /usr/lib/systemd/systemd-journald
(root,198568,1548,00:00:02/260-07:48:15,587) /usr/sbin/lvmetad -f
(root,44800,1692,00:00:01/260-07:48:15,600) /usr/lib/systemd/systemd-udevd
(root,0,0,00:00:00/260-07:48:14,729) [xfs-buf/sda1]
(root,0,0,00:00:00/260-07:48:14,730) [xfs-data/sda1]
(root,0,0,00:00:00/260-07:48:14,731) [xfs-conv/sda1]
(root,0,0,00:00:00/260-07:48:14,732) [xfs-cil/sda1]
(root,0,0,00:00:00/260-07:48:14,733) [xfs-reclaim/sda]
(root,0,0,00:00:00/260-07:48:14,734) [xfs-log/sda1]
(root,0,0,00:00:00/260-07:48:14,735) [xfs-eofblocks/s]
(root,0,0,00:00:03/260-07:48:14,744) [xfsaild/sda1]
(root,0,0,00:00:49/260-07:48:14,768) [kworker/1:1H]
(root,55528,1072,00:04:51/260-07:48:14,769) /sbin/auditd
(root,99684,4488,00:00:00/260-07:48:13,791) /usr/bin/VGAuthService -s
(root,305176,5280,03:44:06/260-07:48:13,792) /usr/bin/vmtoolsd
(polkitd,612372,10016,00:00:13/260-07:48:13,797) /usr/lib/polkit-1/polkitd --no-debug
(root,21684,1256,00:13:01/260-07:48:13,805) /usr/sbin/irqbalance --foreground
(root,26380,1680,00:01:56/260-07:48:13,839) /usr/lib/systemd/systemd-logind
(dbus,58236,2340,00:05:30/260-07:48:13,840) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation
(ntp,25728,1928,00:03:17/260-07:48:13,851) /usr/sbin/ntpd -u ntp:ntp -g
(root,476344,8552,00:05:17/260-07:48:13,858) /usr/sbin/NetworkManager --no-daemon
(root,126288,1572,00:00:34/260-07:48:13,862) /usr/sbin/crond -n
(root,110108,804,00:00:00/260-07:48:13,865) /sbin/agetty --noclear tty1 linux
(root,0,0,00:00:00/35:45,1056) [kworker/u4:1]
(root,218220,18720,01:04:00/260-07:48:12,1120) /opt/web/powerdns-admin/flask/bin/python3 /opt/web/powerdns-admin/flask/bin/gunicorn --workers 2 --bind unix:/opt/web/powerdns-admin/powerdns-admin.sock app:app
(root,463212,8660,00:24:52/260-07:48:12,1122) /usr/sbin/rsyslogd -n
(root,574200,17260,00:41:29/260-07:48:12,1123) /usr/bin/python2 -Es /usr/sbin/tuned -l -P
(root,112920,4356,00:05:34/260-07:48:12,1126) /usr/sbin/sshd -D
(root,27168,876,00:00:00/260-07:48:12,1160) /usr/sbin/xinetd -stayalive -pidfile /var/run/xinetd.pid
(mysql,1768440,167052,03:31:12/260-07:48:12,1226) /usr/sbin/mysqld
(root,57076,3040,00:00:01/260-07:48:12,1237) nginx: master process /usr/sbin/nginx -c /etc/nginx/nginx.conf
(root,0,0,00:00:02/20-02:50:29,1263) [veeamsnap_log]
(root,0,0,00:00:00/20-02:50:29,1264) [bioset]
(root,0,0,00:00:00/20-02:50:29,1266) [bioset]
(root,0,0,00:00:00/20-02:50:29,1267) [bioset]
(root,1179156,626288,23:19:22/260-07:48:11,1334) /usr/bin/python2 -s /usr/bin/fail2ban-server -s /var/run/fail2ban/fail2ban.sock -p /var/run/fail2ban/fail2ban.pid -x -b
(root,90356,2252,00:01:10/260-07:48:11,1412) /usr/libexec/postfix/master -w
(postfix,90636,4360,00:00:17/260-07:48:11,1452) qmgr -l -t unix -u
(root,0,0,00:00:00/20:13,2564) [kworker/u4:0]
(root,0,0,00:00:00/18:09,2743) [kworker/1:1]
(root,0,0,00:00:00/12:38,3304) [kworker/1:2]
(root,0,0,00:00:00/07:53,3750) [kworker/0:1]
(postfix,90460,4176,00:00:00/06:20,3840) pickup -l -t unix -u
(root,0,0,00:00:00/02:51,4198) [kworker/0:0]
(root,0,0,00:00:00/02:07,4199) [kworker/1:0]
(root,113192,1584,00:00:00/00:00,4549) /bin/bash /usr/bin/check_mk_agent
(root,51752,1680,00:00:00/00:00,4565) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000
(root,13324,924,00:00:00/00:00,4566) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) /
(root,1193852,18340,00:04:56/21-01:13:41,5783) /opt/veeam/transport/veeamtransport --run-service
(root,104896,3036,00:00:00/21-01:13:41,5790) /opt/veeam/transport/veeamtransport --run-environmentsvc 7:6
(root,168292,2192,00:03:50/21-01:13:40,5803) /opt/veeam/transport/veeamimmureposvc --subprocess --log /var/log/VeeamBackup --maxLogSize 15728640 --stdio 10:7
(root,1627728,60216,00:04:17/21-01:13:15,6189) /usr/sbin/veeamworker --pidfile /var/run/veeamservice.pid --daemon
(root,0,0,00:00:00/260-02:44:14,12620) [cifsiod]
(root,0,0,00:00:00/260-02:44:14,12621) [cifsoplockd]
(root,414432,120680,00:07:57/207-03:04:01,14055) /opt/web/powerdns-admin/flask/bin/python3 /opt/web/powerdns-admin/flask/bin/gunicorn --workers 2 --bind unix:/opt/web/powerdns-admin/powerdns-admin.sock app:app
(root,362720,68704,00:07:48/207-03:04:01,14056) /opt/web/powerdns-admin/flask/bin/python3 /opt/web/powerdns-admin/flask/bin/gunicorn --workers 2 --bind unix:/opt/web/powerdns-admin/powerdns-admin.sock app:app
(root,0,0,00:00:15/03:29:35,16063) [kworker/0:2]
(pdns,1374744,24192,00:37:44/136-09:03:12,20510) /usr/sbin/pdns_server --guardian=no --daemon=no --disable-syslog --no-shuffle --log-timestamp=no --write-pid=no
(root,99932,2244,00:00:00/246-05:32:07,22579) /opt/veeam/deployment/veeamdeploymentsvc --run-service
(root,391024,30640,00:00:18/246-05:32:07,22581) /opt/veeam/deployment/veeamdeploymentsvc --service-process 9:8
(veeam-cd,601912,15316,00:56:56/246-05:32:07,22583) /opt/veeam/deployment/veeamdeploymentsvc --vcp-subprocess 18:17
(nginx,57564,4028,00:00:00/18:14:21,31837) nginx: worker process

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: ens35: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether 1e:00:d2:00:05:c4 brd ff:ff:ff:ff:ff:ff
[end_iplink]

Found on 2024-10-03 20:14

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcb76c1b6ce66f06e793f105f6bdf22204eb0b4254f

Found public CheckMk agent:
Version: 1.5.0p7
AgentOS: linux
Hostname: master.gi-dns.com
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local

Found process list through CheckMk:
(root,191148,3936,01:06:41/258-09:08:44,1) /usr/lib/systemd/systemd --switched-root --system --deserialize 22
(root,0,0,00:00:05/258-09:08:44,2) [kthreadd]
(root,0,0,00:00:00/258-09:08:44,4) [kworker/0:0H]
(root,0,0,00:09:15/258-09:08:44,6) [ksoftirqd/0]
(root,0,0,00:01:06/258-09:08:44,7) [migration/0]
(root,0,0,00:00:00/258-09:08:44,8) [rcu_bh]
(root,0,0,08:33:17/258-09:08:44,9) [rcu_sched]
(root,0,0,00:00:00/258-09:08:44,10) [lru-add-drain]
(root,0,0,00:01:29/258-09:08:44,11) [watchdog/0]
(root,0,0,00:01:09/258-09:08:44,12) [watchdog/1]
(root,0,0,00:01:10/258-09:08:44,13) [migration/1]
(root,0,0,00:00:49/258-09:08:44,14) [ksoftirqd/1]
(root,0,0,00:00:00/258-09:08:44,16) [kworker/1:0H]
(root,0,0,00:00:00/258-09:08:44,18) [kdevtmpfs]
(root,0,0,00:00:00/258-09:08:44,19) [netns]
(root,0,0,00:00:14/258-09:08:44,20) [khungtaskd]
(root,0,0,00:00:00/258-09:08:44,21) [writeback]
(root,0,0,00:00:00/258-09:08:44,22) [kintegrityd]
(root,0,0,00:00:00/258-09:08:44,23) [bioset]
(root,0,0,00:00:00/258-09:08:44,24) [bioset]
(root,0,0,00:00:00/258-09:08:44,25) [bioset]
(root,0,0,00:00:00/258-09:08:44,26) [kblockd]
(root,0,0,00:00:00/258-09:08:44,27) [md]
(root,0,0,00:00:00/258-09:08:44,28) [edac-poller]
(root,0,0,00:00:00/258-09:08:44,29) [watchdogd]
(root,0,0,00:00:04/258-09:08:44,36) [kswapd0]
(root,0,0,00:00:00/258-09:08:44,37) [ksmd]
(root,0,0,00:01:01/258-09:08:44,38) [khugepaged]
(root,0,0,00:00:00/258-09:08:44,39) [crypto]
(root,0,0,00:00:00/258-09:08:44,47) [kthrotld]
(root,0,0,00:00:00/258-09:08:44,49) [kmpath_rdacd]
(root,0,0,00:00:00/258-09:08:44,50) [kaluad]
(root,0,0,00:00:00/258-09:08:44,51) [kpsmoused]
(root,0,0,00:00:00/258-09:08:44,53) [ipv6_addrconf]
(root,0,0,00:00:00/258-09:08:44,66) [deferwq]
(root,0,0,00:00:57/258-09:08:44,101) [kauditd]
(root,0,0,00:00:00/258-09:08:43,280) [ata_sff]
(root,0,0,00:00:00/258-09:08:43,281) [mpt_poll_0]
(root,0,0,00:00:00/258-09:08:43,282) [nfit]
(root,0,0,00:00:00/258-09:08:43,283) [mpt/0]
(root,0,0,00:00:00/258-09:08:43,311) [scsi_eh_0]
(root,0,0,00:00:00/258-09:08:43,312) [scsi_tmf_0]
(root,0,0,00:00:00/258-09:08:43,353) [scsi_eh_1]
(root,0,0,00:00:00/258-09:08:43,354) [scsi_tmf_1]
(root,0,0,00:00:00/258-09:08:43,356) [scsi_eh_2]
(root,0,0,00:00:00/258-09:08:43,357) [scsi_tmf_2]
(root,0,0,00:41:53/258-09:08:43,360) [irq/16-vmwgfx]
(root,0,0,00:00:00/258-09:08:43,365) [ttm_swap]
(root,0,0,00:00:00/258-09:08:43,374) [mpt_poll_1]
(root,0,0,00:00:00/258-09:08:43,375) [mpt/1]
(root,0,0,00:00:00/258-09:08:43,378) [scsi_eh_3]
(root,0,0,00:00:00/258-09:08:43,379) [scsi_tmf_3]
(root,0,0,00:00:00/258-09:08:43,380) [mpt_poll_2]
(root,0,0,00:00:00/258-09:08:43,381) [mpt/2]
(root,0,0,00:00:00/258-09:08:43,382) [scsi_eh_4]
(root,0,0,00:00:00/258-09:08:43,383) [scsi_tmf_4]
(root,0,0,00:00:00/258-09:08:43,384) [mpt_poll_3]
(root,0,0,00:00:00/258-09:08:43,385) [mpt/3]
(root,0,0,00:00:00/258-09:08:43,386) [scsi_eh_5]
(root,0,0,00:00:00/258-09:08:43,387) [scsi_tmf_5]
(root,0,0,00:00:00/258-09:08:43,451) [kdmflush]
(root,0,0,00:00:00/258-09:08:43,452) [bioset]
(root,0,0,00:00:00/258-09:08:42,462) [kdmflush]
(root,0,0,00:00:00/258-09:08:42,463) [bioset]
(root,0,0,00:00:00/258-09:08:42,476) [bioset]
(root,0,0,00:00:00/258-09:08:42,477) [xfsalloc]
(root,0,0,00:00:00/258-09:08:42,478) [xfs_mru_cache]
(root,0,0,00:00:00/258-09:08:42,479) [xfs-buf/dm-0]
(root,0,0,00:00:00/258-09:08:42,480) [xfs-data/dm-0]
(root,0,0,00:00:00/258-09:08:42,481) [xfs-conv/dm-0]
(root,0,0,00:00:00/258-09:08:42,482) [xfs-cil/dm-0]
(root,0,0,00:00:00/258-09:08:42,483) [xfs-reclaim/dm-]
(root,0,0,00:00:00/258-09:08:42,484) [xfs-log/dm-0]
(root,0,0,00:00:00/258-09:08:42,485) [xfs-eofblocks/d]
(root,0,0,01:27:03/258-09:08:42,486) [xfsaild/dm-0]
(root,0,0,00:00:49/258-09:08:42,487) [kworker/0:1H]
(postfix,90460,4176,00:00:00/06:10,540) pickup -l -t unix -u
(root,39572,7904,00:20:08/258-09:08:39,567) /usr/lib/systemd/systemd-journald
(root,198568,1548,00:00:02/258-09:08:39,587) /usr/sbin/lvmetad -f
(root,44800,1692,00:00:01/258-09:08:39,600) /usr/lib/systemd/systemd-udevd
(root,0,0,00:00:00/05:27,633) [kworker/1:3]
(root,0,0,00:00:00/258-09:08:38,729) [xfs-buf/sda1]
(root,0,0,00:00:00/258-09:08:38,730) [xfs-data/sda1]
(root,0,0,00:00:00/258-09:08:38,731) [xfs-conv/sda1]
(root,0,0,00:00:00/258-09:08:38,732) [xfs-cil/sda1]
(root,0,0,00:00:00/258-09:08:38,733) [xfs-reclaim/sda]
(root,0,0,00:00:00/258-09:08:38,734) [xfs-log/sda1]
(root,0,0,00:00:00/258-09:08:38,735) [xfs-eofblocks/s]
(root,0,0,00:00:03/258-09:08:38,744) [xfsaild/sda1]
(root,0,0,00:00:48/258-09:08:38,768) [kworker/1:1H]
(root,55528,1072,00:04:49/258-09:08:38,769) /sbin/auditd
(root,99684,4488,00:00:00/258-09:08:37,791) /usr/bin/VGAuthService -s
(root,305176,5280,03:42:07/258-09:08:37,792) /usr/bin/vmtoolsd
(polkitd,612372,10016,00:00:13/258-09:08:37,797) /usr/lib/polkit-1/polkitd --no-debug
(root,21684,1256,00:12:55/258-09:08:37,805) /usr/sbin/irqbalance --foreground
(root,26380,1680,00:01:55/258-09:08:37,839) /usr/lib/systemd/systemd-logind
(dbus,58236,2340,00:05:27/258-09:08:37,840) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation
(ntp,25728,1928,00:03:15/258-09:08:37,851) /usr/sbin/ntpd -u ntp:ntp -g
(root,476344,8552,00:05:15/258-09:08:37,858) /usr/sbin/NetworkManager --no-daemon
(root,126288,1572,00:00:33/258-09:08:37,862) /usr/sbin/crond -n
(root,110108,804,00:00:00/258-09:08:37,865) /sbin/agetty --noclear tty1 linux
(root,218220,18720,01:03:28/258-09:08:36,1120) /opt/web/powerdns-admin/flask/bin/python3 /opt/web/powerdns-admin/flask/bin/gunicorn --workers 2 --bind unix:/opt/web/powerdns-admin/powerdns-admin.sock app:app
(root,461900,8836,00:24:41/258-09:08:36,1122) /usr/sbin/rsyslogd -n
(root,574200,17260,00:41:08/258-09:08:36,1123) /usr/bin/python2 -Es /usr/sbin/tuned -l -P
(root,112920,4356,00:05:33/258-09:08:36,1126) /usr/sbin/sshd -D
(root,27168,876,00:00:00/258-09:08:36,1160) /usr/sbin/xinetd -stayalive -pidfile /var/run/xinetd.pid
(mysql,1768440,167028,03:29:32/258-09:08:36,1226) /usr/sbin/mysqld
(root,57076,3040,00:00:01/258-09:08:36,1237) nginx: master process /usr/sbin/nginx -c /etc/nginx/nginx.conf
(root,0,0,00:00:02/18-04:10:53,1263) [veeamsnap_log]
(root,0,0,00:00:00/18-04:10:53,1264) [bioset]
(root,0,0,00:00:00/18-04:10:53,1266) [bioset]
(root,0,0,00:00:00/18-04:10:53,1267) [bioset]
(root,113192,1588,00:00:00/00:00,1308) /bin/bash /usr/bin/check_mk_agent
(root,1171036,625052,23:17:30/258-09:08:35,1334) /usr/bin/python2 -s /usr/bin/fail2ban-server -s /var/run/fail2ban/fail2ban.sock -p /var/run/fail2ban/fail2ban.pid -x -b
(root,51752,1680,00:00:00/00:00,1336) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000
(root,13324,928,00:00:00/00:00,1337) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) /
(root,90356,2252,00:01:09/258-09:08:35,1412) /usr/libexec/postfix/master -w
(postfix,90636,4360,00:00:16/258-09:08:35,1452) qmgr -l -t unix -u
(root,1193852,18244,00:04:29/19-02:34:05,5783) /opt/veeam/transport/veeamtransport --run-service
(root,104896,3036,00:00:00/19-02:34:05,5790) /opt/veeam/transport/veeamtransport --run-environmentsvc 7:6
(root,168292,2192,00:03:28/19-02:34:04,5803) /opt/veeam/transport/veeamimmureposvc --subprocess --log /var/log/VeeamBackup --maxLogSize 15728640 --stdio 10:7
(root,1627728,59732,00:03:56/19-02:33:39,6189) /usr/sbin/veeamworker --pidfile /var/run/veeamservice.pid --daemon
(root,0,0,00:00:00/258-04:04:38,12620) [cifsiod]
(root,0,0,00:00:00/258-04:04:38,12621) [cifsoplockd]
(root,414432,120680,00:07:49/205-04:24:25,14055) /opt/web/powerdns-admin/flask/bin/python3 /opt/web/powerdns-admin/flask/bin/gunicorn --workers 2 --bind unix:/opt/web/powerdns-admin/powerdns-admin.sock app:app
(root,362720,68404,00:07:40/205-04:24:25,14056) /opt/web/powerdns-admin/flask/bin/python3 /opt/web/powerdns-admin/flask/bin/gunicorn --workers 2 --bind unix:/opt/web/powerdns-admin/powerdns-admin.sock app:app
(root,0,0,00:00:00/02:33:45,19528) [kworker/0:0]
(pdns,1374744,24028,00:37:09/134-10:23:36,20510) /usr/sbin/pdns_server --guardian=no --daemon=no --disable-syslog --no-shuffle --log-timestamp=no --write-pid=no
(nginx,57480,2500,00:00:00/19:34:45,20955) nginx: worker process
(root,99932,2244,00:00:00/244-06:52:31,22579) /opt/veeam/deployment/veeamdeploymentsvc --run-service
(root,391024,30640,00:00:18/244-06:52:31,22581) /opt/veeam/deployment/veeamdeploymentsvc --service-process 9:8
(veeam-cd,601912,15316,00:56:24/244-06:52:31,22583) /opt/veeam/deployment/veeamdeploymentsvc --vcp-subprocess 18:17
(root,0,0,00:00:00/45:33,29414) [kworker/1:2]
(root,0,0,00:00:00/43:58,29593) [kworker/u4:1]
(root,0,0,00:00:02/33:45,30534) [kworker/0:2]
(root,0,0,00:00:00/23:23,31447) [kworker/u4:0]
(root,0,0,00:00:00/13:28,32348) [kworker/1:1]

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: ens35: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether 1e:00:d2:00:05:c4 brd ff:ff:ff:ff:ff:ff
[end_iplink]

Found on 2024-10-01 21:34

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcb76c1b6ce66f06e793f105f6bdf22204ebbe4323f

Found public CheckMk agent:
Version: 1.5.0p7
AgentOS: linux
Hostname: master.gi-dns.com
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local

Found process list through CheckMk:
(root,191148,3936,01:06:01/256-10:46:27,1) /usr/lib/systemd/systemd --switched-root --system --deserialize 22
(root,0,0,00:00:05/256-10:46:27,2) [kthreadd]
(root,0,0,00:00:00/256-10:46:27,4) [kworker/0:0H]
(root,0,0,00:09:11/256-10:46:27,6) [ksoftirqd/0]
(root,0,0,00:01:06/256-10:46:27,7) [migration/0]
(root,0,0,00:00:00/256-10:46:27,8) [rcu_bh]
(root,0,0,08:29:28/256-10:46:27,9) [rcu_sched]
(root,0,0,00:00:00/256-10:46:27,10) [lru-add-drain]
(root,0,0,00:01:29/256-10:46:27,11) [watchdog/0]
(root,0,0,00:01:09/256-10:46:27,12) [watchdog/1]
(root,0,0,00:01:10/256-10:46:27,13) [migration/1]
(root,0,0,00:00:49/256-10:46:27,14) [ksoftirqd/1]
(root,0,0,00:00:00/256-10:46:27,16) [kworker/1:0H]
(root,0,0,00:00:00/256-10:46:27,18) [kdevtmpfs]
(root,0,0,00:00:00/256-10:46:27,19) [netns]
(root,0,0,00:00:14/256-10:46:27,20) [khungtaskd]
(root,0,0,00:00:00/256-10:46:27,21) [writeback]
(root,0,0,00:00:00/256-10:46:27,22) [kintegrityd]
(root,0,0,00:00:00/256-10:46:27,23) [bioset]
(root,0,0,00:00:00/256-10:46:27,24) [bioset]
(root,0,0,00:00:00/256-10:46:27,25) [bioset]
(root,0,0,00:00:00/256-10:46:27,26) [kblockd]
(root,0,0,00:00:00/256-10:46:27,27) [md]
(root,0,0,00:00:00/256-10:46:27,28) [edac-poller]
(root,0,0,00:00:00/256-10:46:27,29) [watchdogd]
(root,0,0,00:00:04/256-10:46:27,36) [kswapd0]
(root,0,0,00:00:00/256-10:46:27,37) [ksmd]
(root,0,0,00:01:00/256-10:46:27,38) [khugepaged]
(root,0,0,00:00:00/256-10:46:27,39) [crypto]
(root,0,0,00:00:00/256-10:46:27,47) [kthrotld]
(root,0,0,00:00:00/256-10:46:27,49) [kmpath_rdacd]
(root,0,0,00:00:00/256-10:46:27,50) [kaluad]
(root,0,0,00:00:00/256-10:46:27,51) [kpsmoused]
(root,0,0,00:00:00/256-10:46:27,53) [ipv6_addrconf]
(root,0,0,00:00:00/256-10:46:27,66) [deferwq]
(root,0,0,00:00:57/256-10:46:27,101) [kauditd]
(root,0,0,00:00:00/256-10:46:26,280) [ata_sff]
(root,0,0,00:00:00/256-10:46:26,281) [mpt_poll_0]
(root,0,0,00:00:00/256-10:46:26,282) [nfit]
(root,0,0,00:00:00/256-10:46:26,283) [mpt/0]
(root,0,0,00:00:00/256-10:46:26,311) [scsi_eh_0]
(root,0,0,00:00:00/256-10:46:26,312) [scsi_tmf_0]
(root,0,0,00:00:00/256-10:46:26,353) [scsi_eh_1]
(root,0,0,00:00:00/256-10:46:26,354) [scsi_tmf_1]
(root,0,0,00:00:00/256-10:46:26,356) [scsi_eh_2]
(root,0,0,00:00:00/256-10:46:26,357) [scsi_tmf_2]
(root,0,0,00:41:35/256-10:46:26,360) [irq/16-vmwgfx]
(root,0,0,00:00:01/06:08:42,362) [kworker/0:0]
(root,0,0,00:00:00/256-10:46:26,365) [ttm_swap]
(root,0,0,00:00:00/256-10:46:26,374) [mpt_poll_1]
(root,0,0,00:00:00/256-10:46:26,375) [mpt/1]
(root,0,0,00:00:00/256-10:46:26,378) [scsi_eh_3]
(root,0,0,00:00:00/256-10:46:26,379) [scsi_tmf_3]
(root,0,0,00:00:00/256-10:46:26,380) [mpt_poll_2]
(root,0,0,00:00:00/256-10:46:26,381) [mpt/2]
(root,0,0,00:00:00/256-10:46:26,382) [scsi_eh_4]
(root,0,0,00:00:00/256-10:46:26,383) [scsi_tmf_4]
(root,0,0,00:00:00/256-10:46:26,384) [mpt_poll_3]
(root,0,0,00:00:00/256-10:46:26,385) [mpt/3]
(root,0,0,00:00:00/256-10:46:26,386) [scsi_eh_5]
(root,0,0,00:00:00/256-10:46:26,387) [scsi_tmf_5]
(root,0,0,00:00:00/256-10:46:26,451) [kdmflush]
(root,0,0,00:00:00/256-10:46:26,452) [bioset]
(root,0,0,00:00:00/256-10:46:25,462) [kdmflush]
(root,0,0,00:00:00/256-10:46:25,463) [bioset]
(root,0,0,00:00:00/256-10:46:25,476) [bioset]
(root,0,0,00:00:00/256-10:46:25,477) [xfsalloc]
(root,0,0,00:00:00/256-10:46:25,478) [xfs_mru_cache]
(root,0,0,00:00:00/256-10:46:25,479) [xfs-buf/dm-0]
(root,0,0,00:00:00/256-10:46:25,480) [xfs-data/dm-0]
(root,0,0,00:00:00/256-10:46:25,481) [xfs-conv/dm-0]
(root,0,0,00:00:00/256-10:46:25,482) [xfs-cil/dm-0]
(root,0,0,00:00:00/256-10:46:25,483) [xfs-reclaim/dm-]
(root,0,0,00:00:00/256-10:46:25,484) [xfs-log/dm-0]
(root,0,0,00:00:00/256-10:46:25,485) [xfs-eofblocks/d]
(root,0,0,01:26:22/256-10:46:25,486) [xfsaild/dm-0]
(root,0,0,00:00:49/256-10:46:25,487) [kworker/0:1H]
(root,47752,11880,00:20:03/256-10:46:22,567) /usr/lib/systemd/systemd-journald
(root,198568,1548,00:00:02/256-10:46:22,587) /usr/sbin/lvmetad -f
(root,44800,1692,00:00:01/256-10:46:22,600) /usr/lib/systemd/systemd-udevd
(root,0,0,00:00:00/18:00,678) [kworker/1:0]
(root,0,0,00:00:00/256-10:46:21,729) [xfs-buf/sda1]
(root,0,0,00:00:00/256-10:46:21,730) [xfs-data/sda1]
(root,0,0,00:00:00/256-10:46:21,731) [xfs-conv/sda1]
(root,0,0,00:00:00/256-10:46:21,732) [xfs-cil/sda1]
(root,0,0,00:00:00/256-10:46:21,733) [xfs-reclaim/sda]
(root,0,0,00:00:00/256-10:46:21,734) [xfs-log/sda1]
(root,0,0,00:00:00/256-10:46:21,735) [xfs-eofblocks/s]
(root,0,0,00:00:03/256-10:46:21,744) [xfsaild/sda1]
(root,0,0,00:00:48/256-10:46:21,768) [kworker/1:1H]
(root,55528,1072,00:04:48/256-10:46:21,769) /sbin/auditd
(root,99684,4488,00:00:00/256-10:46:20,791) /usr/bin/VGAuthService -s
(root,305176,5280,03:40:11/256-10:46:20,792) /usr/bin/vmtoolsd
(polkitd,612372,10016,00:00:13/256-10:46:20,797) /usr/lib/polkit-1/polkitd --no-debug
(root,21684,1256,00:12:48/256-10:46:20,805) /usr/sbin/irqbalance --foreground
(root,26380,1680,00:01:54/256-10:46:20,839) /usr/lib/systemd/systemd-logind
(dbus,58236,2340,00:05:25/256-10:46:20,840) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation
(ntp,25728,1928,00:03:14/256-10:46:20,851) /usr/sbin/ntpd -u ntp:ntp -g
(root,476344,8552,00:05:12/256-10:46:20,858) /usr/sbin/NetworkManager --no-daemon
(root,126288,1572,00:00:33/256-10:46:20,862) /usr/sbin/crond -n
(root,110108,804,00:00:00/256-10:46:20,865) /sbin/agetty --noclear tty1 linux
(root,218220,18720,01:02:57/256-10:46:19,1120) /opt/web/powerdns-admin/flask/bin/python3 /opt/web/powerdns-admin/flask/bin/gunicorn --workers 2 --bind unix:/opt/web/powerdns-admin/powerdns-admin.sock app:app
(root,468980,11116,00:24:30/256-10:46:19,1122) /usr/sbin/rsyslogd -n
(root,574200,17260,00:40:48/256-10:46:19,1123) /usr/bin/python2 -Es /usr/sbin/tuned -l -P
(root,112920,4356,00:05:31/256-10:46:19,1126) /usr/sbin/sshd -D
(root,27168,876,00:00:00/256-10:46:19,1160) /usr/sbin/xinetd -stayalive -pidfile /var/run/xinetd.pid
(mysql,1768440,167008,03:27:54/256-10:46:19,1226) /usr/sbin/mysqld
(root,57076,3040,00:00:01/256-10:46:19,1237) nginx: master process /usr/sbin/nginx -c /etc/nginx/nginx.conf
(root,0,0,00:00:00/12:29,1262) [kworker/1:1]
(root,0,0,00:00:01/16-05:48:36,1263) [veeamsnap_log]
(root,0,0,00:00:00/16-05:48:36,1264) [bioset]
(root,0,0,00:00:00/16-05:48:36,1266) [bioset]
(root,0,0,00:00:00/16-05:48:36,1267) [bioset]
(root,1180212,625716,23:15:49/256-10:46:18,1334) /usr/bin/python2 -s /usr/bin/fail2ban-server -s /var/run/fail2ban/fail2ban.sock -p /var/run/fail2ban/fail2ban.pid -x -b
(root,90356,2252,00:01:09/256-10:46:18,1412) /usr/libexec/postfix/master -w
(postfix,90636,4360,00:00:16/256-10:46:18,1452) qmgr -l -t unix -u
(root,0,0,00:00:00/01:57,2219) [kworker/1:2]
(root,0,0,00:00:00/00:26,2402) [kworker/u4:0]
(root,113320,1620,00:00:00/00:00,2403) /bin/bash /usr/bin/check_mk_agent
(root,113192,1592,00:00:00/00:00,2422) /bin/bash /usr/bin/check_mk_agent
(root,113192,1588,00:00:00/00:00,2468) /bin/bash /usr/bin/check_mk_agent
(root,51752,1680,00:00:00/00:00,2499) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000
(root,113192,288,00:00:00/00:00,2500) /bin/bash /usr/bin/check_mk_agent
(root,1193852,18232,00:04:02/17-04:11:48,5783) /opt/veeam/transport/veeamtransport --run-service
(root,104896,3036,00:00:00/17-04:11:48,5790) /opt/veeam/transport/veeamtransport --run-environmentsvc 7:6
(root,168292,2192,00:03:07/17-04:11:47,5803) /opt/veeam/transport/veeamimmureposvc --subprocess --log /var/log/VeeamBackup --maxLogSize 15728640 --stdio 10:7
(root,1627728,58428,00:03:37/17-04:11:22,6189) /usr/sbin/veeamworker --pidfile /var/run/veeamservice.pid --daemon
(root,0,0,00:00:00/256-05:42:21,12620) [cifsiod]
(root,0,0,00:00:00/256-05:42:21,12621) [cifsoplockd]
(nginx,57468,2556,00:00:00/21:12:28,13478) nginx: worker process
(root,414432,120680,00:07:46/203-06:02:08,14055) /opt/web/powerdns-admin/flask/bin/python3 /opt/web/powerdns-admin/flask/bin/gunicorn --workers 2 --bind unix:/opt/web/powerdns-admin/powerdns-admin.sock app:app
(root,362720,68404,00:07:37/203-06:02:08,14056) /opt/web/powerdns-admin/flask/bin/python3 /opt/web/powerdns-admin/flask/bin/gunicorn --workers 2 --bind unix:/opt/web/powerdns-admin/powerdns-admin.sock app:app
(pdns,1374744,24160,00:36:34/132-12:01:19,20510) /usr/sbin/pdns_server --guardian=no --daemon=no --disable-syslog --no-shuffle --log-timestamp=no --write-pid=no
(root,99932,2244,00:00:00/242-08:30:14,22579) /opt/veeam/deployment/veeamdeploymentsvc --run-service
(root,391024,30640,00:00:18/242-08:30:14,22581) /opt/veeam/deployment/veeamdeploymentsvc --service-process 9:8
(veeam-cd,601912,15316,00:55:53/242-08:30:14,22583) /opt/veeam/deployment/veeamdeploymentsvc --vcp-subprocess 18:17
(root,0,0,00:00:00/01:37:19,25929) [kworker/u4:2]
(root,0,0,00:00:00/44:21,30777) [kworker/u4:1]
(root,0,0,00:00:00/06:24:16,30872) [kworker/0:2]
(root,0,0,00:00:27/06:13:44,31862) [kworker/0:1]
(postfix,90460,4176,00:00:00/23:22,32660) pickup -l -t unix -u

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: ens35: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether 1e:00:d2:00:05:c4 brd ff:ff:ff:ff:ff:ff
[end_iplink]

Found on 2024-09-29 23:12

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcb76c1b6ce66f06e793f105f6bdf22204e5786ebe6

Found public CheckMk agent:
Version: 1.5.0p7
AgentOS: linux
Hostname: master.gi-dns.com
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local

Found process list through CheckMk:
(root,191148,3932,01:05:18/254-09:28:11,1) /usr/lib/systemd/systemd --switched-root --system --deserialize 22
(root,0,0,00:00:05/254-09:28:11,2) [kthreadd]
(root,0,0,00:00:00/254-09:28:11,4) [kworker/0:0H]
(root,0,0,00:09:08/254-09:28:11,6) [ksoftirqd/0]
(root,0,0,00:01:05/254-09:28:11,7) [migration/0]
(root,0,0,00:00:00/254-09:28:11,8) [rcu_bh]
(root,0,0,08:26:01/254-09:28:11,9) [rcu_sched]
(root,0,0,00:00:00/254-09:28:11,10) [lru-add-drain]
(root,0,0,00:01:28/254-09:28:11,11) [watchdog/0]
(root,0,0,00:01:08/254-09:28:11,12) [watchdog/1]
(root,0,0,00:01:09/254-09:28:11,13) [migration/1]
(root,0,0,00:00:49/254-09:28:11,14) [ksoftirqd/1]
(root,0,0,00:00:00/254-09:28:11,16) [kworker/1:0H]
(root,0,0,00:00:00/254-09:28:11,18) [kdevtmpfs]
(root,0,0,00:00:00/254-09:28:11,19) [netns]
(root,0,0,00:00:14/254-09:28:11,20) [khungtaskd]
(root,0,0,00:00:00/254-09:28:11,21) [writeback]
(root,0,0,00:00:00/254-09:28:11,22) [kintegrityd]
(root,0,0,00:00:00/254-09:28:11,23) [bioset]
(root,0,0,00:00:00/254-09:28:11,24) [bioset]
(root,0,0,00:00:00/254-09:28:11,25) [bioset]
(root,0,0,00:00:00/254-09:28:11,26) [kblockd]
(root,0,0,00:00:00/254-09:28:11,27) [md]
(root,0,0,00:00:00/254-09:28:11,28) [edac-poller]
(root,0,0,00:00:00/254-09:28:11,29) [watchdogd]
(root,0,0,00:00:04/254-09:28:11,36) [kswapd0]
(root,0,0,00:00:00/254-09:28:11,37) [ksmd]
(root,0,0,00:00:59/254-09:28:11,38) [khugepaged]
(root,0,0,00:00:00/254-09:28:11,39) [crypto]
(root,0,0,00:00:00/254-09:28:11,47) [kthrotld]
(root,0,0,00:00:00/254-09:28:11,49) [kmpath_rdacd]
(root,0,0,00:00:00/254-09:28:11,50) [kaluad]
(root,0,0,00:00:00/254-09:28:11,51) [kpsmoused]
(root,0,0,00:00:00/254-09:28:11,53) [ipv6_addrconf]
(root,0,0,00:00:00/254-09:28:11,66) [deferwq]
(root,0,0,00:00:56/254-09:28:11,101) [kauditd]
(root,0,0,00:00:00/254-09:28:10,280) [ata_sff]
(root,0,0,00:00:00/254-09:28:10,281) [mpt_poll_0]
(root,0,0,00:00:00/254-09:28:10,282) [nfit]
(root,0,0,00:00:00/254-09:28:10,283) [mpt/0]
(root,0,0,00:00:00/254-09:28:10,311) [scsi_eh_0]
(root,0,0,00:00:00/254-09:28:10,312) [scsi_tmf_0]
(root,0,0,00:00:00/254-09:28:10,353) [scsi_eh_1]
(root,0,0,00:00:00/254-09:28:10,354) [scsi_tmf_1]
(root,0,0,00:00:00/254-09:28:10,356) [scsi_eh_2]
(root,0,0,00:00:00/254-09:28:10,357) [scsi_tmf_2]
(root,0,0,00:41:16/254-09:28:10,360) [irq/16-vmwgfx]
(root,0,0,00:00:00/254-09:28:10,365) [ttm_swap]
(root,0,0,00:00:00/254-09:28:10,374) [mpt_poll_1]
(root,0,0,00:00:00/254-09:28:10,375) [mpt/1]
(root,0,0,00:00:00/254-09:28:10,378) [scsi_eh_3]
(root,0,0,00:00:00/254-09:28:10,379) [scsi_tmf_3]
(root,0,0,00:00:00/254-09:28:10,380) [mpt_poll_2]
(root,0,0,00:00:00/254-09:28:10,381) [mpt/2]
(root,0,0,00:00:00/254-09:28:10,382) [scsi_eh_4]
(root,0,0,00:00:00/254-09:28:10,383) [scsi_tmf_4]
(root,0,0,00:00:00/254-09:28:10,384) [mpt_poll_3]
(root,0,0,00:00:00/254-09:28:10,385) [mpt/3]
(root,0,0,00:00:00/254-09:28:10,386) [scsi_eh_5]
(root,0,0,00:00:00/254-09:28:10,387) [scsi_tmf_5]
(root,0,0,00:00:00/254-09:28:10,451) [kdmflush]
(root,0,0,00:00:00/254-09:28:10,452) [bioset]
(root,0,0,00:00:00/254-09:28:09,462) [kdmflush]
(root,0,0,00:00:00/254-09:28:09,463) [bioset]
(root,0,0,00:00:00/254-09:28:09,476) [bioset]
(root,0,0,00:00:00/254-09:28:09,477) [xfsalloc]
(root,0,0,00:00:00/254-09:28:09,478) [xfs_mru_cache]
(root,0,0,00:00:00/254-09:28:09,479) [xfs-buf/dm-0]
(root,0,0,00:00:00/254-09:28:09,480) [xfs-data/dm-0]
(root,0,0,00:00:00/254-09:28:09,481) [xfs-conv/dm-0]
(root,0,0,00:00:00/254-09:28:09,482) [xfs-cil/dm-0]
(root,0,0,00:00:00/254-09:28:09,483) [xfs-reclaim/dm-]
(root,0,0,00:00:00/254-09:28:09,484) [xfs-log/dm-0]
(root,0,0,00:00:00/254-09:28:09,485) [xfs-eofblocks/d]
(root,0,0,01:25:37/254-09:28:09,486) [xfsaild/dm-0]
(root,0,0,00:00:49/254-09:28:09,487) [kworker/0:1H]
(root,47752,12452,00:19:57/254-09:28:06,567) /usr/lib/systemd/systemd-journald
(root,198568,1544,00:00:02/254-09:28:06,587) /usr/sbin/lvmetad -f
(root,44800,1692,00:00:01/254-09:28:06,600) /usr/lib/systemd/systemd-udevd
(root,0,0,00:00:00/254-09:28:05,729) [xfs-buf/sda1]
(root,0,0,00:00:00/254-09:28:05,730) [xfs-data/sda1]
(root,0,0,00:00:00/254-09:28:05,731) [xfs-conv/sda1]
(root,0,0,00:00:00/254-09:28:05,732) [xfs-cil/sda1]
(root,0,0,00:00:00/254-09:28:05,733) [xfs-reclaim/sda]
(root,0,0,00:00:00/254-09:28:05,734) [xfs-log/sda1]
(root,0,0,00:00:00/254-09:28:05,735) [xfs-eofblocks/s]
(root,0,0,00:00:03/254-09:28:05,744) [xfsaild/sda1]
(root,0,0,00:00:48/254-09:28:05,768) [kworker/1:1H]
(root,55528,1072,00:04:47/254-09:28:05,769) /sbin/auditd
(root,99684,4488,00:00:00/254-09:28:04,791) /usr/bin/VGAuthService -s
(root,305176,5280,03:38:04/254-09:28:04,792) /usr/bin/vmtoolsd
(polkitd,612372,10016,00:00:13/254-09:28:04,797) /usr/lib/polkit-1/polkitd --no-debug
(root,21684,1256,00:12:42/254-09:28:04,805) /usr/sbin/irqbalance --foreground
(root,26380,1680,00:01:53/254-09:28:04,839) /usr/lib/systemd/systemd-logind
(dbus,58236,2340,00:05:22/254-09:28:04,840) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation
(ntp,25728,1928,00:03:12/254-09:28:04,851) /usr/sbin/ntpd -u ntp:ntp -g
(root,476344,8552,00:05:09/254-09:28:04,858) /usr/sbin/NetworkManager --no-daemon
(root,126288,1572,00:00:33/254-09:28:04,862) /usr/sbin/crond -n
(root,110108,804,00:00:00/254-09:28:04,865) /sbin/agetty --noclear tty1 linux
(root,218220,18720,01:02:24/254-09:28:03,1120) /opt/web/powerdns-admin/flask/bin/python3 /opt/web/powerdns-admin/flask/bin/gunicorn --workers 2 --bind unix:/opt/web/powerdns-admin/powerdns-admin.sock app:app
(root,489960,11620,00:24:18/254-09:28:03,1122) /usr/sbin/rsyslogd -n
(root,574200,17260,00:40:26/254-09:28:03,1123) /usr/bin/python2 -Es /usr/sbin/tuned -l -P
(root,112920,4356,00:05:30/254-09:28:03,1126) /usr/sbin/sshd -D
(root,27168,876,00:00:00/254-09:28:03,1160) /usr/sbin/xinetd -stayalive -pidfile /var/run/xinetd.pid
(mysql,1768440,166932,03:26:10/254-09:28:03,1226) /usr/sbin/mysqld
(root,57076,3040,00:00:01/254-09:28:03,1237) nginx: master process /usr/sbin/nginx -c /etc/nginx/nginx.conf
(root,0,0,00:00:01/14-04:30:20,1263) [veeamsnap_log]
(root,0,0,00:00:00/14-04:30:20,1264) [bioset]
(root,0,0,00:00:00/14-04:30:20,1266) [bioset]
(root,0,0,00:00:00/14-04:30:20,1267) [bioset]
(root,1173056,625560,23:13:55/254-09:28:02,1334) /usr/bin/python2 -s /usr/bin/fail2ban-server -s /var/run/fail2ban/fail2ban.sock -p /var/run/fail2ban/fail2ban.pid -x -b
(root,90356,2252,00:01:08/254-09:28:02,1412) /usr/libexec/postfix/master -w
(postfix,90636,4360,00:00:16/254-09:28:02,1452) qmgr -l -t unix -u
(root,0,0,00:00:08/02:53:53,3698) [kworker/0:2]
(nginx,57564,4004,00:00:00/19:54:12,5667) nginx: worker process
(root,1193852,17516,00:03:33/15-02:53:32,5783) /opt/veeam/transport/veeamtransport --run-service
(root,104896,3036,00:00:00/15-02:53:32,5790) /opt/veeam/transport/veeamtransport --run-environmentsvc 7:6
(root,168292,2192,00:02:45/15-02:53:31,5803) /opt/veeam/transport/veeamimmureposvc --subprocess --log /var/log/VeeamBackup --maxLogSize 15728640 --stdio 10:7
(root,1627728,57936,00:03:17/15-02:53:06,6189) /usr/sbin/veeamworker --pidfile /var/run/veeamservice.pid --daemon
(root,0,0,00:00:00/254-04:24:05,12620) [cifsiod]
(root,0,0,00:00:00/254-04:24:05,12621) [cifsoplockd]
(postfix,90460,4176,00:00:00/01:04:35,13852) pickup -l -t unix -u
(root,414432,120680,00:07:43/201-04:43:52,14055) /opt/web/powerdns-admin/flask/bin/python3 /opt/web/powerdns-admin/flask/bin/gunicorn --workers 2 --bind unix:/opt/web/powerdns-admin/powerdns-admin.sock app:app
(root,362720,68404,00:07:33/201-04:43:52,14056) /opt/web/powerdns-admin/flask/bin/python3 /opt/web/powerdns-admin/flask/bin/gunicorn --workers 2 --bind unix:/opt/web/powerdns-admin/powerdns-admin.sock app:app
(root,0,0,00:00:00/45:12,15572) [kworker/1:3]
(root,0,0,00:00:00/44:19,15662) [kworker/u4:0]
(root,0,0,00:00:01/14:41,18397) [kworker/0:1]
(root,0,0,00:00:00/13:15,18487) [kworker/u4:2]
(root,0,0,00:00:00/05:06,19234) [kworker/1:1]
(root,0,0,00:00:00/04:51,19235) [kworker/u4:1]
(root,0,0,00:00:00/00:05,19693) [kworker/1:0]
(root,113320,1664,00:00:00/00:00,19694) /bin/bash /usr/bin/check_mk_agent
(root,113192,1596,00:00:00/00:00,19714) /bin/bash /usr/bin/check_mk_agent
(root,113192,1580,00:00:00/00:00,19772) /bin/bash /usr/bin/check_mk_agent
(root,51752,1680,00:00:00/00:00,19821) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000
(root,13324,928,00:00:00/00:00,19822) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) /
(pdns,1374744,24160,00:35:57/130-10:43:03,20510) /usr/sbin/pdns_server --guardian=no --daemon=no --disable-syslog --no-shuffle --log-timestamp=no --write-pid=no
(root,99932,2244,00:00:00/240-07:11:58,22579) /opt/veeam/deployment/veeamdeploymentsvc --run-service
(root,391024,30640,00:00:18/240-07:11:58,22581) /opt/veeam/deployment/veeamdeploymentsvc --service-process 9:8
(veeam-cd,601912,15316,00:55:19/240-07:11:58,22583) /opt/veeam/deployment/veeamdeploymentsvc --vcp-subprocess 18:17

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: ens35: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether 1e:00:d2:00:05:c4 brd ff:ff:ff:ff:ff:ff
[end_iplink]

Found on 2024-09-27 21:54

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcb76c1b6ce66f06e793f105f6bdf22204e28afaaa2

Found public CheckMk agent:
Version: 1.5.0p7
AgentOS: linux
Hostname: master.gi-dns.com
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local

Found process list through CheckMk:
(root,191148,3932,01:04:38/252-09:52:19,1) /usr/lib/systemd/systemd --switched-root --system --deserialize 22
(root,0,0,00:00:05/252-09:52:19,2) [kthreadd]
(root,0,0,00:00:00/252-09:52:19,4) [kworker/0:0H]
(root,0,0,00:09:03/252-09:52:19,6) [ksoftirqd/0]
(root,0,0,00:01:05/252-09:52:19,7) [migration/0]
(root,0,0,00:00:00/252-09:52:19,8) [rcu_bh]
(root,0,0,08:22:41/252-09:52:19,9) [rcu_sched]
(root,0,0,00:00:00/252-09:52:19,10) [lru-add-drain]
(root,0,0,00:01:27/252-09:52:19,11) [watchdog/0]
(root,0,0,00:01:08/252-09:52:19,12) [watchdog/1]
(root,0,0,00:01:09/252-09:52:19,13) [migration/1]
(root,0,0,00:00:48/252-09:52:19,14) [ksoftirqd/1]
(root,0,0,00:00:00/252-09:52:19,16) [kworker/1:0H]
(root,0,0,00:00:00/252-09:52:19,18) [kdevtmpfs]
(root,0,0,00:00:00/252-09:52:19,19) [netns]
(root,0,0,00:00:13/252-09:52:19,20) [khungtaskd]
(root,0,0,00:00:00/252-09:52:19,21) [writeback]
(root,0,0,00:00:00/252-09:52:19,22) [kintegrityd]
(root,0,0,00:00:00/252-09:52:19,23) [bioset]
(root,0,0,00:00:00/252-09:52:19,24) [bioset]
(root,0,0,00:00:00/252-09:52:19,25) [bioset]
(root,0,0,00:00:00/252-09:52:19,26) [kblockd]
(root,0,0,00:00:00/252-09:52:19,27) [md]
(root,0,0,00:00:00/252-09:52:19,28) [edac-poller]
(root,0,0,00:00:00/252-09:52:19,29) [watchdogd]
(root,0,0,00:00:04/252-09:52:19,36) [kswapd0]
(root,0,0,00:00:00/252-09:52:19,37) [ksmd]
(root,0,0,00:00:59/252-09:52:19,38) [khugepaged]
(root,0,0,00:00:00/252-09:52:19,39) [crypto]
(root,0,0,00:00:00/252-09:52:19,47) [kthrotld]
(root,0,0,00:00:00/252-09:52:19,49) [kmpath_rdacd]
(root,0,0,00:00:00/252-09:52:19,50) [kaluad]
(root,0,0,00:00:00/252-09:52:19,51) [kpsmoused]
(root,0,0,00:00:00/252-09:52:19,53) [ipv6_addrconf]
(root,0,0,00:00:00/252-09:52:19,66) [deferwq]
(root,0,0,00:00:56/252-09:52:19,101) [kauditd]
(root,0,0,00:00:00/252-09:52:18,280) [ata_sff]
(root,0,0,00:00:00/252-09:52:18,281) [mpt_poll_0]
(root,0,0,00:00:00/252-09:52:18,282) [nfit]
(root,0,0,00:00:00/252-09:52:18,283) [mpt/0]
(root,0,0,00:00:00/252-09:52:18,311) [scsi_eh_0]
(root,0,0,00:00:00/252-09:52:18,312) [scsi_tmf_0]
(root,0,0,00:00:00/252-09:52:18,353) [scsi_eh_1]
(root,0,0,00:00:00/252-09:52:18,354) [scsi_tmf_1]
(root,0,0,00:00:00/252-09:52:18,356) [scsi_eh_2]
(root,0,0,00:00:00/252-09:52:18,357) [scsi_tmf_2]
(root,0,0,00:40:57/252-09:52:18,360) [irq/16-vmwgfx]
(root,0,0,00:00:00/252-09:52:18,365) [ttm_swap]
(root,0,0,00:00:00/252-09:52:18,374) [mpt_poll_1]
(root,0,0,00:00:00/252-09:52:18,375) [mpt/1]
(root,0,0,00:00:00/252-09:52:18,378) [scsi_eh_3]
(root,0,0,00:00:00/252-09:52:18,379) [scsi_tmf_3]
(root,0,0,00:00:00/252-09:52:18,380) [mpt_poll_2]
(root,0,0,00:00:00/252-09:52:18,381) [mpt/2]
(root,0,0,00:00:00/252-09:52:18,382) [scsi_eh_4]
(root,0,0,00:00:00/252-09:52:18,383) [scsi_tmf_4]
(root,0,0,00:00:00/252-09:52:18,384) [mpt_poll_3]
(root,0,0,00:00:00/252-09:52:18,385) [mpt/3]
(root,0,0,00:00:00/252-09:52:18,386) [scsi_eh_5]
(root,0,0,00:00:00/252-09:52:18,387) [scsi_tmf_5]
(root,0,0,00:00:00/252-09:52:18,451) [kdmflush]
(root,0,0,00:00:00/252-09:52:18,452) [bioset]
(root,0,0,00:00:00/252-09:52:17,462) [kdmflush]
(root,0,0,00:00:00/252-09:52:17,463) [bioset]
(root,0,0,00:00:00/252-09:52:17,476) [bioset]
(root,0,0,00:00:00/252-09:52:17,477) [xfsalloc]
(root,0,0,00:00:00/252-09:52:17,478) [xfs_mru_cache]
(root,0,0,00:00:00/252-09:52:17,479) [xfs-buf/dm-0]
(root,0,0,00:00:00/252-09:52:17,480) [xfs-data/dm-0]
(root,0,0,00:00:00/252-09:52:17,481) [xfs-conv/dm-0]
(root,0,0,00:00:00/252-09:52:17,482) [xfs-cil/dm-0]
(root,0,0,00:00:00/252-09:52:17,483) [xfs-reclaim/dm-]
(root,0,0,00:00:00/252-09:52:17,484) [xfs-log/dm-0]
(root,0,0,00:00:00/252-09:52:17,485) [xfs-eofblocks/d]
(root,0,0,01:24:56/252-09:52:17,486) [xfsaild/dm-0]
(root,0,0,00:00:48/252-09:52:17,487) [kworker/0:1H]
(root,47764,15280,00:19:52/252-09:52:14,567) /usr/lib/systemd/systemd-journald
(root,198568,1544,00:00:02/252-09:52:14,587) /usr/sbin/lvmetad -f
(root,44800,1692,00:00:01/252-09:52:14,600) /usr/lib/systemd/systemd-udevd
(root,0,0,00:00:00/252-09:52:13,729) [xfs-buf/sda1]
(root,0,0,00:00:00/252-09:52:13,730) [xfs-data/sda1]
(root,0,0,00:00:00/252-09:52:13,731) [xfs-conv/sda1]
(root,0,0,00:00:00/252-09:52:13,732) [xfs-cil/sda1]
(root,0,0,00:00:00/252-09:52:13,733) [xfs-reclaim/sda]
(root,0,0,00:00:00/252-09:52:13,734) [xfs-log/sda1]
(root,0,0,00:00:00/252-09:52:13,735) [xfs-eofblocks/s]
(root,0,0,00:00:03/252-09:52:13,744) [xfsaild/sda1]
(root,0,0,00:00:47/252-09:52:13,768) [kworker/1:1H]
(root,55528,1072,00:04:46/252-09:52:13,769) /sbin/auditd
(root,99684,4488,00:00:00/252-09:52:12,791) /usr/bin/VGAuthService -s
(root,305176,5280,03:36:02/252-09:52:12,792) /usr/bin/vmtoolsd
(polkitd,612372,10016,00:00:13/252-09:52:12,797) /usr/lib/polkit-1/polkitd --no-debug
(root,21684,1256,00:12:35/252-09:52:12,805) /usr/sbin/irqbalance --foreground
(root,26380,1680,00:01:52/252-09:52:12,839) /usr/lib/systemd/systemd-logind
(dbus,58236,2340,00:05:20/252-09:52:12,840) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation
(ntp,25728,1928,00:03:11/252-09:52:12,851) /usr/sbin/ntpd -u ntp:ntp -g
(root,476344,8552,00:05:07/252-09:52:12,858) /usr/sbin/NetworkManager --no-daemon
(root,126288,1572,00:00:32/252-09:52:12,862) /usr/sbin/crond -n
(root,110108,804,00:00:00/252-09:52:12,865) /sbin/agetty --noclear tty1 linux
(root,218220,18720,01:01:53/252-09:52:11,1120) /opt/web/powerdns-admin/flask/bin/python3 /opt/web/powerdns-admin/flask/bin/gunicorn --workers 2 --bind unix:/opt/web/powerdns-admin/powerdns-admin.sock app:app
(root,467400,12828,00:24:07/252-09:52:11,1122) /usr/sbin/rsyslogd -n
(root,574200,17260,00:40:05/252-09:52:11,1123) /usr/bin/python2 -Es /usr/sbin/tuned -l -P
(root,112920,4356,00:05:29/252-09:52:11,1126) /usr/sbin/sshd -D
(root,27168,876,00:00:00/252-09:52:11,1160) /usr/sbin/xinetd -stayalive -pidfile /var/run/xinetd.pid
(mysql,1768440,166696,03:24:07/252-09:52:11,1226) /usr/sbin/mysqld
(root,57076,3040,00:00:01/252-09:52:11,1237) nginx: master process /usr/sbin/nginx -c /etc/nginx/nginx.conf
(root,0,0,00:00:01/12-04:54:28,1263) [veeamsnap_log]
(root,0,0,00:00:00/12-04:54:28,1264) [bioset]
(root,0,0,00:00:00/12-04:54:28,1266) [bioset]
(root,0,0,00:00:00/12-04:54:28,1267) [bioset]
(root,1165956,625468,23:12:06/252-09:52:10,1334) /usr/bin/python2 -s /usr/bin/fail2ban-server -s /var/run/fail2ban/fail2ban.sock -p /var/run/fail2ban/fail2ban.pid -x -b
(root,90356,2252,00:01:07/252-09:52:10,1412) /usr/libexec/postfix/master -w
(postfix,90636,4360,00:00:16/252-09:52:10,1452) qmgr -l -t unix -u
(root,1193852,17472,00:03:05/13-03:17:40,5783) /opt/veeam/transport/veeamtransport --run-service
(root,104896,3036,00:00:00/13-03:17:40,5790) /opt/veeam/transport/veeamtransport --run-environmentsvc 7:6
(root,168292,2192,00:02:23/13-03:17:39,5803) /opt/veeam/transport/veeamimmureposvc --subprocess --log /var/log/VeeamBackup --maxLogSize 15728640 --stdio 10:7
(root,1627728,61404,00:02:57/13-03:17:14,6189) /usr/sbin/veeamworker --pidfile /var/run/veeamservice.pid --daemon
(root,0,0,00:00:00/47:52,8510) [kworker/u4:1]
(root,0,0,00:00:00/37:12,9426) [kworker/u4:0]
(root,0,0,00:00:00/19:54,11113) [kworker/0:0]
(root,0,0,00:00:00/17:20,11395) [kworker/1:1]
(root,0,0,00:00:00/08:52,12233) [kworker/0:3]
(postfix,90460,4176,00:00:00/08:18,12323) pickup -l -t unix -u
(root,0,0,00:00:00/252-04:48:13,12620) [cifsiod]
(root,0,0,00:00:00/252-04:48:13,12621) [cifsoplockd]
(root,0,0,00:00:00/03:51,12682) [kworker/0:1]
(root,0,0,00:00:00/03:21,12782) [kworker/u4:2]
(root,158804,5280,00:00:00/01:31,13017) sshd: unknown [priv]
(sshd,112920,2224,00:00:00/01:31,13018) sshd: unknown [net]
(root,158804,5284,00:00:00/01:29,13019) sshd: unknown [priv]
(sshd,112920,2228,00:00:00/01:29,13020) sshd: unknown [net]
(root,158804,5280,00:00:00/01:29,13021) sshd: unknown [priv]
(sshd,112920,2224,00:00:00/01:29,13022) sshd: unknown [net]
(root,158804,5284,00:00:00/01:00,13045) sshd: unknown [priv]
(sshd,112920,2224,00:00:00/01:00,13046) sshd: unknown [net]
(root,0,0,00:00:00/00:51,13054) [kworker/0:2]
(root,113320,1712,00:00:00/00:00,13147) /bin/bash /usr/bin/check_mk_agent
(root,113192,1592,00:00:00/00:00,13173) /bin/bash /usr/bin/check_mk_agent
(root,113192,1588,00:00:00/00:00,13225) /bin/bash /usr/bin/check_mk_agent
(root,51752,1680,00:00:00/00:00,13276) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000
(root,13324,928,00:00:00/00:00,13277) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) /
(root,0,0,00:00:00/00:00,13281) [grep] <defunct>
(root,9924,976,00:00:00/00:00,13282) awk  /:/ { c[$1]++; } END { for (x in c) { print x, c[x]; } }
(root,13320,668,00:00:00/00:00,13283) sed -e s/^ESTAB/01/g;s/^SYN-SENT/02/g;s/^SYN-RECV/03/g;s/^FIN-WAIT-1/04/g;s/^FIN-WAIT-2/05/g;s/^TIME-WAIT/06/g;s/^CLOSED/07/g;s/^CLOSE-WAIT/08/g;s/^LAST-ACK/09/g;s/^LISTEN/0A/g;s/^CLOSING/0B/g;
(root,414432,120680,00:07:28/199-05:08:00,14055) /opt/web/powerdns-admin/flask/bin/python3 /opt/web/powerdns-admin/flask/bin/gunicorn --workers 2 --bind unix:/opt/web/powerdns-admin/powerdns-admin.sock app:app
(root,362568,68404,00:07:23/199-05:08:00,14056) /opt/web/powerdns-admin/flask/bin/python3 /opt/web/powerdns-admin/flask/bin/gunicorn --workers 2 --bind unix:/opt/web/powerdns-admin/powerdns-admin.sock app:app
(pdns,1374744,24096,00:35:20/128-11:07:11,20510) /usr/sbin/pdns_server --guardian=no --daemon=no --disable-syslog --no-shuffle --log-timestamp=no --write-pid=no
(root,99932,2244,00:00:00/238-07:36:06,22579) /opt/veeam/deployment/veeamdeploymentsvc --run-service
(root,391024,30640,00:00:18/238-07:36:06,22581) /opt/veeam/deployment/veeamdeploymentsvc --service-process 9:8
(veeam-cd,601912,15316,00:54:46/238-07:36:06,22583) /opt/veeam/deployment/veeamdeploymentsvc --vcp-subprocess 18:17
(root,0,0,00:00:00/03:17:59,27023) [kworker/1:2]
(nginx,57484,3912,00:00:00/20:18:19,28991) nginx: worker process

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: ens35: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether 1e:00:d2:00:05:c4 brd ff:ff:ff:ff:ff:ff
[end_iplink]

Found on 2024-09-25 22:18

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcb76c1b6ce66f06e793f105f6bdf22204ef45bf646

Found public CheckMk agent:
Version: 1.5.0p7
AgentOS: linux
Hostname: master.gi-dns.com
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local

Found process list through CheckMk:
(root,191148,3932,01:03:58/250-11:08:17,1) /usr/lib/systemd/systemd --switched-root --system --deserialize 22
(root,0,0,00:00:05/250-11:08:17,2) [kthreadd]
(root,0,0,00:00:00/250-11:08:17,4) [kworker/0:0H]
(root,0,0,00:08:59/250-11:08:17,6) [ksoftirqd/0]
(root,0,0,00:01:04/250-11:08:17,7) [migration/0]
(root,0,0,00:00:00/250-11:08:17,8) [rcu_bh]
(root,0,0,08:19:18/250-11:08:17,9) [rcu_sched]
(root,0,0,00:00:00/250-11:08:17,10) [lru-add-drain]
(root,0,0,00:01:27/250-11:08:17,11) [watchdog/0]
(root,0,0,00:01:07/250-11:08:17,12) [watchdog/1]
(root,0,0,00:01:08/250-11:08:17,13) [migration/1]
(root,0,0,00:00:48/250-11:08:17,14) [ksoftirqd/1]
(root,0,0,00:00:00/250-11:08:17,16) [kworker/1:0H]
(root,0,0,00:00:00/250-11:08:17,18) [kdevtmpfs]
(root,0,0,00:00:00/250-11:08:17,19) [netns]
(root,0,0,00:00:13/250-11:08:17,20) [khungtaskd]
(root,0,0,00:00:00/250-11:08:17,21) [writeback]
(root,0,0,00:00:00/250-11:08:17,22) [kintegrityd]
(root,0,0,00:00:00/250-11:08:17,23) [bioset]
(root,0,0,00:00:00/250-11:08:17,24) [bioset]
(root,0,0,00:00:00/250-11:08:17,25) [bioset]
(root,0,0,00:00:00/250-11:08:17,26) [kblockd]
(root,0,0,00:00:00/250-11:08:17,27) [md]
(root,0,0,00:00:00/250-11:08:17,28) [edac-poller]
(root,0,0,00:00:00/250-11:08:17,29) [watchdogd]
(root,0,0,00:00:04/250-11:08:17,36) [kswapd0]
(root,0,0,00:00:00/250-11:08:17,37) [ksmd]
(root,0,0,00:00:58/250-11:08:17,38) [khugepaged]
(root,0,0,00:00:00/250-11:08:17,39) [crypto]
(root,0,0,00:00:00/250-11:08:17,47) [kthrotld]
(root,0,0,00:00:00/250-11:08:17,49) [kmpath_rdacd]
(root,0,0,00:00:00/250-11:08:17,50) [kaluad]
(root,0,0,00:00:00/250-11:08:17,51) [kpsmoused]
(root,0,0,00:00:00/250-11:08:17,53) [ipv6_addrconf]
(root,0,0,00:00:00/250-11:08:17,66) [deferwq]
(root,0,0,00:00:56/250-11:08:17,101) [kauditd]
(root,0,0,00:00:00/250-11:08:16,280) [ata_sff]
(root,0,0,00:00:00/250-11:08:16,281) [mpt_poll_0]
(root,0,0,00:00:00/250-11:08:16,282) [nfit]
(root,0,0,00:00:00/250-11:08:16,283) [mpt/0]
(root,0,0,00:00:00/250-11:08:16,311) [scsi_eh_0]
(root,0,0,00:00:00/250-11:08:16,312) [scsi_tmf_0]
(root,0,0,00:00:00/250-11:08:16,353) [scsi_eh_1]
(root,0,0,00:00:00/250-11:08:16,354) [scsi_tmf_1]
(root,0,0,00:00:00/250-11:08:16,356) [scsi_eh_2]
(root,0,0,00:00:00/250-11:08:16,357) [scsi_tmf_2]
(root,0,0,00:40:39/250-11:08:16,360) [irq/16-vmwgfx]
(root,0,0,00:00:00/250-11:08:16,365) [ttm_swap]
(root,0,0,00:00:00/250-11:08:16,374) [mpt_poll_1]
(root,0,0,00:00:00/250-11:08:16,375) [mpt/1]
(root,0,0,00:00:00/250-11:08:16,378) [scsi_eh_3]
(root,0,0,00:00:00/250-11:08:16,379) [scsi_tmf_3]
(root,0,0,00:00:00/250-11:08:16,380) [mpt_poll_2]
(root,0,0,00:00:00/250-11:08:16,381) [mpt/2]
(root,0,0,00:00:00/250-11:08:16,382) [scsi_eh_4]
(root,0,0,00:00:00/250-11:08:16,383) [scsi_tmf_4]
(root,0,0,00:00:00/250-11:08:16,384) [mpt_poll_3]
(root,0,0,00:00:00/250-11:08:16,385) [mpt/3]
(root,0,0,00:00:00/250-11:08:16,386) [scsi_eh_5]
(root,0,0,00:00:00/250-11:08:16,387) [scsi_tmf_5]
(root,0,0,00:00:00/250-11:08:16,451) [kdmflush]
(root,0,0,00:00:00/250-11:08:16,452) [bioset]
(root,0,0,00:00:00/250-11:08:15,462) [kdmflush]
(root,0,0,00:00:00/250-11:08:15,463) [bioset]
(root,0,0,00:00:00/250-11:08:15,476) [bioset]
(root,0,0,00:00:00/250-11:08:15,477) [xfsalloc]
(root,0,0,00:00:00/250-11:08:15,478) [xfs_mru_cache]
(root,0,0,00:00:00/250-11:08:15,479) [xfs-buf/dm-0]
(root,0,0,00:00:00/250-11:08:15,480) [xfs-data/dm-0]
(root,0,0,00:00:00/250-11:08:15,481) [xfs-conv/dm-0]
(root,0,0,00:00:00/250-11:08:15,482) [xfs-cil/dm-0]
(root,0,0,00:00:00/250-11:08:15,483) [xfs-reclaim/dm-]
(root,0,0,00:00:00/250-11:08:15,484) [xfs-log/dm-0]
(root,0,0,00:00:00/250-11:08:15,485) [xfs-eofblocks/d]
(root,0,0,01:24:14/250-11:08:15,486) [xfsaild/dm-0]
(root,0,0,00:00:48/250-11:08:15,487) [kworker/0:1H]
(root,39572,2816,00:19:47/250-11:08:12,567) /usr/lib/systemd/systemd-journald
(root,198568,1544,00:00:02/250-11:08:12,587) /usr/sbin/lvmetad -f
(root,44800,1692,00:00:01/250-11:08:12,600) /usr/lib/systemd/systemd-udevd
(root,0,0,00:00:00/250-11:08:11,729) [xfs-buf/sda1]
(root,0,0,00:00:00/250-11:08:11,730) [xfs-data/sda1]
(root,0,0,00:00:00/250-11:08:11,731) [xfs-conv/sda1]
(root,0,0,00:00:00/250-11:08:11,732) [xfs-cil/sda1]
(root,0,0,00:00:00/250-11:08:11,733) [xfs-reclaim/sda]
(root,0,0,00:00:00/250-11:08:11,734) [xfs-log/sda1]
(root,0,0,00:00:00/250-11:08:11,735) [xfs-eofblocks/s]
(root,0,0,00:00:03/250-11:08:11,744) [xfsaild/sda1]
(root,0,0,00:00:47/250-11:08:11,768) [kworker/1:1H]
(root,55528,1072,00:04:45/250-11:08:11,769) /sbin/auditd
(root,99684,4488,00:00:00/250-11:08:10,791) /usr/bin/VGAuthService -s
(root,305176,5280,03:34:02/250-11:08:10,792) /usr/bin/vmtoolsd
(polkitd,612372,10016,00:00:13/250-11:08:10,797) /usr/lib/polkit-1/polkitd --no-debug
(root,21684,1256,00:12:29/250-11:08:10,805) /usr/sbin/irqbalance --foreground
(root,26380,1680,00:01:51/250-11:08:10,839) /usr/lib/systemd/systemd-logind
(dbus,58236,2340,00:05:17/250-11:08:10,840) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation
(ntp,25728,1928,00:03:09/250-11:08:10,851) /usr/sbin/ntpd -u ntp:ntp -g
(root,476344,8552,00:05:04/250-11:08:10,858) /usr/sbin/NetworkManager --no-daemon
(root,126288,1572,00:00:32/250-11:08:10,862) /usr/sbin/crond -n
(root,110108,804,00:00:00/250-11:08:10,865) /sbin/agetty --noclear tty1 linux
(root,218220,18720,01:01:21/250-11:08:09,1120) /opt/web/powerdns-admin/flask/bin/python3 /opt/web/powerdns-admin/flask/bin/gunicorn --workers 2 --bind unix:/opt/web/powerdns-admin/powerdns-admin.sock app:app
(root,459208,4512,00:23:56/250-11:08:09,1122) /usr/sbin/rsyslogd -n
(root,574200,17260,00:39:44/250-11:08:09,1123) /usr/bin/python2 -Es /usr/sbin/tuned -l -P
(root,112920,4356,00:05:28/250-11:08:09,1126) /usr/sbin/sshd -D
(root,27168,876,00:00:00/250-11:08:09,1160) /usr/sbin/xinetd -stayalive -pidfile /var/run/xinetd.pid
(mysql,1768440,166604,03:22:25/250-11:08:09,1226) /usr/sbin/mysqld
(root,57076,3040,00:00:01/250-11:08:09,1237) nginx: master process /usr/sbin/nginx -c /etc/nginx/nginx.conf
(root,0,0,00:00:01/10-06:10:26,1263) [veeamsnap_log]
(root,0,0,00:00:00/10-06:10:26,1264) [bioset]
(root,0,0,00:00:00/10-06:10:26,1266) [bioset]
(root,0,0,00:00:00/10-06:10:26,1267) [bioset]
(root,1156740,618064,23:10:15/250-11:08:08,1334) /usr/bin/python2 -s /usr/bin/fail2ban-server -s /var/run/fail2ban/fail2ban.sock -p /var/run/fail2ban/fail2ban.pid -x -b
(root,90356,2252,00:01:07/250-11:08:08,1412) /usr/libexec/postfix/master -w
(postfix,90636,4360,00:00:16/250-11:08:08,1452) qmgr -l -t unix -u
(root,1193852,17372,00:02:38/11-04:33:38,5783) /opt/veeam/transport/veeamtransport --run-service
(root,104896,3036,00:00:00/11-04:33:38,5790) /opt/veeam/transport/veeamtransport --run-environmentsvc 7:6
(root,168292,2192,00:02:01/11-04:33:37,5803) /opt/veeam/transport/veeamimmureposvc --subprocess --log /var/log/VeeamBackup --maxLogSize 15728640 --stdio 10:7
(root,1627728,58880,00:01:52/11-04:33:12,6189) /usr/sbin/veeamworker --pidfile /var/run/veeamservice.pid --daemon
(root,0,0,00:00:00/48:22,6555) [kworker/u4:1]
(root,0,0,00:00:00/19:01,9334) [kworker/1:2]
(root,0,0,00:00:00/13:13,9870) [kworker/u4:2]
(root,0,0,00:00:00/09:52,10138) [kworker/0:2]
(root,0,0,00:00:00/08:30,10228) [kworker/1:1]
(root,0,0,00:00:00/05:00,10590) [kworker/u4:0]
(root,0,0,00:00:00/04:51,10591) [kworker/0:0]
(postfix,90460,4172,00:00:00/03:44,10681) pickup -l -t unix -u
(root,0,0,00:00:00/02:59,10771) [kworker/1:0]
(root,113320,1668,00:00:00/00:00,11039) /bin/bash /usr/bin/check_mk_agent
(root,113320,1616,00:00:00/00:00,11072) /bin/bash /usr/bin/check_mk_agent
(root,113192,1580,00:00:00/00:00,11141) /bin/bash /usr/bin/check_mk_agent
(root,51752,1680,00:00:00/00:00,11184) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000
(root,13324,928,00:00:00/00:00,11185) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) /
(root,0,0,00:00:00/250-06:04:11,12620) [cifsiod]
(root,0,0,00:00:00/250-06:04:11,12621) [cifsoplockd]
(root,414432,120680,00:07:23/197-06:23:58,14055) /opt/web/powerdns-admin/flask/bin/python3 /opt/web/powerdns-admin/flask/bin/gunicorn --workers 2 --bind unix:/opt/web/powerdns-admin/powerdns-admin.sock app:app
(root,362568,68404,00:07:18/197-06:23:58,14056) /opt/web/powerdns-admin/flask/bin/python3 /opt/web/powerdns-admin/flask/bin/gunicorn --workers 2 --bind unix:/opt/web/powerdns-admin/powerdns-admin.sock app:app
(pdns,1374744,24092,00:34:45/126-12:23:09,20510) /usr/sbin/pdns_server --guardian=no --daemon=no --disable-syslog --no-shuffle --log-timestamp=no --write-pid=no
(nginx,57484,3988,00:00:00/21:34:17,20646) nginx: worker process
(root,0,0,00:00:43/09:41:54,21813) [kworker/0:1]
(root,99932,2244,00:00:00/236-08:52:04,22579) /opt/veeam/deployment/veeamdeploymentsvc --run-service
(root,391024,30640,00:00:18/236-08:52:04,22581) /opt/veeam/deployment/veeamdeploymentsvc --service-process 9:8
(veeam-cd,601912,15316,00:54:15/236-08:52:04,22583) /opt/veeam/deployment/veeamdeploymentsvc --vcp-subprocess 18:17

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: ens35: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether 1e:00:d2:00:05:c4 brd ff:ff:ff:ff:ff:ff
[end_iplink]

Found on 2024-09-23 23:34

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcb76c1b6ce66f06e793f105f6bdf22204eb7e6205e

Found public CheckMk agent:
Version: 1.5.0p7
AgentOS: linux
Hostname: master.gi-dns.com
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local

Found process list through CheckMk:
(root,191148,3932,01:03:17/248-10:50:20,1) /usr/lib/systemd/systemd --switched-root --system --deserialize 22
(root,0,0,00:00:05/248-10:50:20,2) [kthreadd]
(root,0,0,00:00:00/248-10:50:20,4) [kworker/0:0H]
(root,0,0,00:08:55/248-10:50:20,6) [ksoftirqd/0]
(root,0,0,00:01:04/248-10:50:20,7) [migration/0]
(root,0,0,00:00:00/248-10:50:20,8) [rcu_bh]
(root,0,0,08:15:43/248-10:50:20,9) [rcu_sched]
(root,0,0,00:00:00/248-10:50:20,10) [lru-add-drain]
(root,0,0,00:01:26/248-10:50:20,11) [watchdog/0]
(root,0,0,00:01:07/248-10:50:20,12) [watchdog/1]
(root,0,0,00:01:08/248-10:50:20,13) [migration/1]
(root,0,0,00:00:47/248-10:50:20,14) [ksoftirqd/1]
(root,0,0,00:00:00/248-10:50:20,16) [kworker/1:0H]
(root,0,0,00:00:00/248-10:50:20,18) [kdevtmpfs]
(root,0,0,00:00:00/248-10:50:20,19) [netns]
(root,0,0,00:00:13/248-10:50:20,20) [khungtaskd]
(root,0,0,00:00:00/248-10:50:20,21) [writeback]
(root,0,0,00:00:00/248-10:50:20,22) [kintegrityd]
(root,0,0,00:00:00/248-10:50:20,23) [bioset]
(root,0,0,00:00:00/248-10:50:20,24) [bioset]
(root,0,0,00:00:00/248-10:50:20,25) [bioset]
(root,0,0,00:00:00/248-10:50:20,26) [kblockd]
(root,0,0,00:00:00/248-10:50:20,27) [md]
(root,0,0,00:00:00/248-10:50:20,28) [edac-poller]
(root,0,0,00:00:00/248-10:50:20,29) [watchdogd]
(root,0,0,00:00:04/248-10:50:20,36) [kswapd0]
(root,0,0,00:00:00/248-10:50:20,37) [ksmd]
(root,0,0,00:00:58/248-10:50:20,38) [khugepaged]
(root,0,0,00:00:00/248-10:50:20,39) [crypto]
(root,0,0,00:00:00/248-10:50:20,47) [kthrotld]
(root,0,0,00:00:00/248-10:50:20,49) [kmpath_rdacd]
(root,0,0,00:00:00/248-10:50:20,50) [kaluad]
(root,0,0,00:00:00/248-10:50:20,51) [kpsmoused]
(root,0,0,00:00:00/248-10:50:20,53) [ipv6_addrconf]
(root,0,0,00:00:00/248-10:50:20,66) [deferwq]
(root,0,0,00:00:56/248-10:50:20,101) [kauditd]
(root,0,0,00:00:00/248-10:50:19,280) [ata_sff]
(root,0,0,00:00:00/248-10:50:19,281) [mpt_poll_0]
(root,0,0,00:00:00/248-10:50:19,282) [nfit]
(root,0,0,00:00:00/248-10:50:19,283) [mpt/0]
(root,0,0,00:00:00/248-10:50:19,311) [scsi_eh_0]
(root,0,0,00:00:00/248-10:50:19,312) [scsi_tmf_0]
(root,0,0,00:00:00/248-10:50:19,353) [scsi_eh_1]
(root,0,0,00:00:00/248-10:50:19,354) [scsi_tmf_1]
(root,0,0,00:00:00/248-10:50:19,356) [scsi_eh_2]
(root,0,0,00:00:00/248-10:50:19,357) [scsi_tmf_2]
(root,0,0,00:40:21/248-10:50:19,360) [irq/16-vmwgfx]
(root,0,0,00:00:00/248-10:50:19,365) [ttm_swap]
(root,0,0,00:00:00/248-10:50:19,374) [mpt_poll_1]
(root,0,0,00:00:00/248-10:50:19,375) [mpt/1]
(root,0,0,00:00:00/248-10:50:19,378) [scsi_eh_3]
(root,0,0,00:00:00/248-10:50:19,379) [scsi_tmf_3]
(root,0,0,00:00:00/248-10:50:19,380) [mpt_poll_2]
(root,0,0,00:00:00/248-10:50:19,381) [mpt/2]
(root,0,0,00:00:00/248-10:50:19,382) [scsi_eh_4]
(root,0,0,00:00:00/248-10:50:19,383) [scsi_tmf_4]
(root,0,0,00:00:00/248-10:50:19,384) [mpt_poll_3]
(root,0,0,00:00:00/248-10:50:19,385) [mpt/3]
(root,0,0,00:00:00/248-10:50:19,386) [scsi_eh_5]
(root,0,0,00:00:00/248-10:50:19,387) [scsi_tmf_5]
(root,0,0,00:00:00/248-10:50:19,451) [kdmflush]
(root,0,0,00:00:00/248-10:50:19,452) [bioset]
(root,0,0,00:00:00/248-10:50:18,462) [kdmflush]
(root,0,0,00:00:00/248-10:50:18,463) [bioset]
(root,0,0,00:00:00/248-10:50:18,476) [bioset]
(root,0,0,00:00:00/248-10:50:18,477) [xfsalloc]
(root,0,0,00:00:00/248-10:50:18,478) [xfs_mru_cache]
(root,0,0,00:00:00/248-10:50:18,479) [xfs-buf/dm-0]
(root,0,0,00:00:00/248-10:50:18,480) [xfs-data/dm-0]
(root,0,0,00:00:00/248-10:50:18,481) [xfs-conv/dm-0]
(root,0,0,00:00:00/248-10:50:18,482) [xfs-cil/dm-0]
(root,0,0,00:00:00/248-10:50:18,483) [xfs-reclaim/dm-]
(root,0,0,00:00:00/248-10:50:18,484) [xfs-log/dm-0]
(root,0,0,00:00:00/248-10:50:18,485) [xfs-eofblocks/d]
(root,0,0,01:23:31/248-10:50:18,486) [xfsaild/dm-0]
(root,0,0,00:00:48/248-10:50:18,487) [kworker/0:1H]
(root,39548,5840,00:19:42/248-10:50:15,567) /usr/lib/systemd/systemd-journald
(root,198568,1540,00:00:02/248-10:50:15,587) /usr/sbin/lvmetad -f
(root,44800,1692,00:00:01/248-10:50:15,600) /usr/lib/systemd/systemd-udevd
(root,0,0,00:00:00/09:42,671) [kworker/1:0]
(root,0,0,00:00:00/248-10:50:14,729) [xfs-buf/sda1]
(root,0,0,00:00:00/248-10:50:14,730) [xfs-data/sda1]
(root,0,0,00:00:00/248-10:50:14,731) [xfs-conv/sda1]
(root,0,0,00:00:00/248-10:50:14,732) [xfs-cil/sda1]
(root,0,0,00:00:00/248-10:50:14,733) [xfs-reclaim/sda]
(root,0,0,00:00:00/248-10:50:14,734) [xfs-log/sda1]
(root,0,0,00:00:00/248-10:50:14,735) [xfs-eofblocks/s]
(root,0,0,00:00:03/248-10:50:14,744) [xfsaild/sda1]
(root,0,0,00:00:47/248-10:50:14,768) [kworker/1:1H]
(root,55528,1072,00:04:43/248-10:50:14,769) /sbin/auditd
(root,99684,4488,00:00:00/248-10:50:13,791) /usr/bin/VGAuthService -s
(root,305176,5280,03:32:00/248-10:50:13,792) /usr/bin/vmtoolsd
(polkitd,612372,10016,00:00:13/248-10:50:13,797) /usr/lib/polkit-1/polkitd --no-debug
(root,21684,1256,00:12:22/248-10:50:13,805) /usr/sbin/irqbalance --foreground
(root,26380,1680,00:01:50/248-10:50:13,839) /usr/lib/systemd/systemd-logind
(dbus,58236,2340,00:05:14/248-10:50:13,840) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation
(ntp,25728,1928,00:03:07/248-10:50:13,851) /usr/sbin/ntpd -u ntp:ntp -g
(root,476344,8552,00:05:02/248-10:50:13,858) /usr/sbin/NetworkManager --no-daemon
(root,126288,1572,00:00:32/248-10:50:13,862) /usr/sbin/crond -n
(root,110108,804,00:00:00/248-10:50:13,865) /sbin/agetty --noclear tty1 linux
(root,0,0,00:00:00/07:43,881) [kworker/0:2]
(root,218220,18720,01:00:49/248-10:50:12,1120) /opt/web/powerdns-admin/flask/bin/python3 /opt/web/powerdns-admin/flask/bin/gunicorn --workers 2 --bind unix:/opt/web/powerdns-admin/powerdns-admin.sock app:app
(root,458036,7100,00:23:45/248-10:50:12,1122) /usr/sbin/rsyslogd -n
(root,574200,17260,00:39:23/248-10:50:12,1123) /usr/bin/python2 -Es /usr/sbin/tuned -l -P
(root,112920,4356,00:05:27/248-10:50:12,1126) /usr/sbin/sshd -D
(root,27168,876,00:00:00/248-10:50:12,1160) /usr/sbin/xinetd -stayalive -pidfile /var/run/xinetd.pid
(postfix,90460,4172,00:00:00/05:10,1163) pickup -l -t unix -u
(root,0,0,00:00:00/04:41,1166) [kworker/1:2]
(mysql,1768440,166592,03:20:42/248-10:50:12,1226) /usr/sbin/mysqld
(root,57076,3040,00:00:01/248-10:50:12,1237) nginx: master process /usr/sbin/nginx -c /etc/nginx/nginx.conf
(root,0,0,00:00:00/04:11,1261) [kworker/u4:2]
(root,0,0,00:00:00/8-05:52:29,1263) [veeamsnap_log]
(root,0,0,00:00:00/8-05:52:29,1264) [bioset]
(root,0,0,00:00:00/8-05:52:29,1266) [bioset]
(root,0,0,00:00:00/8-05:52:29,1267) [bioset]
(root,1157632,619216,23:08:32/248-10:50:11,1334) /usr/bin/python2 -s /usr/bin/fail2ban-server -s /var/run/fail2ban/fail2ban.sock -p /var/run/fail2ban/fail2ban.pid -x -b
(root,90356,2252,00:01:06/248-10:50:11,1412) /usr/libexec/postfix/master -w
(postfix,90636,4360,00:00:16/248-10:50:11,1452) qmgr -l -t unix -u
(root,0,0,00:00:00/02:12,1485) [kworker/0:1]
(root,113320,1672,00:00:00/00:00,1666) /bin/bash /usr/bin/check_mk_agent
(root,113320,1620,00:00:00/00:00,1701) /bin/bash /usr/bin/check_mk_agent
(root,113192,1588,00:00:00/00:00,1775) /bin/bash /usr/bin/check_mk_agent
(root,9568,1320,00:00:00/00:00,1803) /bin/bash ././systemd
(root,0,0,00:00:00/00:00,1810) [systemctl] <defunct>
(root,51752,1684,00:00:00/00:00,1812) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000
(root,113192,288,00:00:00/00:00,1814) /bin/bash /usr/bin/check_mk_agent
(root,1193852,17252,00:02:10/9-04:15:41,5783) /opt/veeam/transport/veeamtransport --run-service
(root,104896,3036,00:00:00/9-04:15:41,5790) /opt/veeam/transport/veeamtransport --run-environmentsvc 7:6
(root,168292,2192,00:01:39/9-04:15:40,5803) /opt/veeam/transport/veeamimmureposvc --subprocess --log /var/log/VeeamBackup --maxLogSize 15728640 --stdio 10:7
(root,1627728,55096,00:01:33/9-04:15:15,6189) /usr/sbin/veeamworker --pidfile /var/run/veeamservice.pid --daemon
(root,0,0,00:00:00/248-05:46:14,12620) [cifsiod]
(root,0,0,00:00:00/248-05:46:14,12621) [cifsoplockd]
(nginx,57468,2548,00:00:00/21:16:21,13356) nginx: worker process
(root,414432,120680,00:07:20/195-06:06:01,14055) /opt/web/powerdns-admin/flask/bin/python3 /opt/web/powerdns-admin/flask/bin/gunicorn --workers 2 --bind unix:/opt/web/powerdns-admin/powerdns-admin.sock app:app
(root,362356,68404,00:07:14/195-06:06:01,14056) /opt/web/powerdns-admin/flask/bin/python3 /opt/web/powerdns-admin/flask/bin/gunicorn --workers 2 --bind unix:/opt/web/powerdns-admin/powerdns-admin.sock app:app
(root,0,0,00:00:01/03:18:05,16140) [kworker/1:1]
(pdns,1374744,24068,00:34:09/124-12:05:12,20510) /usr/sbin/pdns_server --guardian=no --daemon=no --disable-syslog --no-shuffle --log-timestamp=no --write-pid=no
(root,99932,2244,00:00:00/234-08:34:07,22579) /opt/veeam/deployment/veeamdeploymentsvc --run-service
(root,391024,30640,00:00:18/234-08:34:07,22581) /opt/veeam/deployment/veeamdeploymentsvc --service-process 9:8
(veeam-cd,601912,15316,00:53:42/234-08:34:07,22583) /opt/veeam/deployment/veeamdeploymentsvc --vcp-subprocess 18:17
(root,0,0,00:00:00/35:54,30725) [kworker/u4:0]
(root,0,0,00:00:00/27:34,31450) [kworker/u4:1]
(root,0,0,00:00:00/18:14,32357) [kworker/0:0]

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: ens35: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether 1e:00:d2:00:05:c4 brd ff:ff:ff:ff:ff:ff
[end_iplink]

Found on 2024-09-21 23:16

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcb76c1b6ce66f06e793f105f6bdf22204ed264fdeb

Found public CheckMk agent:
Version: 1.5.0p7
AgentOS: linux
Hostname: master.gi-dns.com
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local

Found process list through CheckMk:
(root,191148,3932,01:02:36/246-09:54:10,1) /usr/lib/systemd/systemd --switched-root --system --deserialize 22
(root,0,0,00:00:05/246-09:54:10,2) [kthreadd]
(root,0,0,00:00:00/246-09:54:10,4) [kworker/0:0H]
(root,0,0,00:08:52/246-09:54:10,6) [ksoftirqd/0]
(root,0,0,00:01:03/246-09:54:10,7) [migration/0]
(root,0,0,00:00:00/246-09:54:10,8) [rcu_bh]
(root,0,0,08:12:04/246-09:54:10,9) [rcu_sched]
(root,0,0,00:00:00/246-09:54:10,10) [lru-add-drain]
(root,0,0,00:01:25/246-09:54:10,11) [watchdog/0]
(root,0,0,00:01:06/246-09:54:10,12) [watchdog/1]
(root,0,0,00:01:07/246-09:54:10,13) [migration/1]
(root,0,0,00:00:47/246-09:54:10,14) [ksoftirqd/1]
(root,0,0,00:00:00/246-09:54:10,16) [kworker/1:0H]
(root,0,0,00:00:00/246-09:54:10,18) [kdevtmpfs]
(root,0,0,00:00:00/246-09:54:10,19) [netns]
(root,0,0,00:00:13/246-09:54:10,20) [khungtaskd]
(root,0,0,00:00:00/246-09:54:10,21) [writeback]
(root,0,0,00:00:00/246-09:54:10,22) [kintegrityd]
(root,0,0,00:00:00/246-09:54:10,23) [bioset]
(root,0,0,00:00:00/246-09:54:10,24) [bioset]
(root,0,0,00:00:00/246-09:54:10,25) [bioset]
(root,0,0,00:00:00/246-09:54:10,26) [kblockd]
(root,0,0,00:00:00/246-09:54:10,27) [md]
(root,0,0,00:00:00/246-09:54:10,28) [edac-poller]
(root,0,0,00:00:00/246-09:54:10,29) [watchdogd]
(root,0,0,00:00:04/246-09:54:10,36) [kswapd0]
(root,0,0,00:00:00/246-09:54:10,37) [ksmd]
(root,0,0,00:00:57/246-09:54:10,38) [khugepaged]
(root,0,0,00:00:00/246-09:54:10,39) [crypto]
(root,0,0,00:00:00/246-09:54:10,47) [kthrotld]
(root,0,0,00:00:00/246-09:54:10,49) [kmpath_rdacd]
(root,0,0,00:00:00/246-09:54:10,50) [kaluad]
(root,0,0,00:00:00/246-09:54:10,51) [kpsmoused]
(root,0,0,00:00:00/246-09:54:10,53) [ipv6_addrconf]
(root,0,0,00:00:00/246-09:54:10,66) [deferwq]
(root,0,0,00:00:56/246-09:54:10,101) [kauditd]
(root,0,0,00:00:00/246-09:54:09,280) [ata_sff]
(root,0,0,00:00:00/246-09:54:09,281) [mpt_poll_0]
(root,0,0,00:00:00/246-09:54:09,282) [nfit]
(root,0,0,00:00:00/246-09:54:09,283) [mpt/0]
(root,0,0,00:00:00/246-09:54:09,311) [scsi_eh_0]
(root,0,0,00:00:00/246-09:54:09,312) [scsi_tmf_0]
(root,0,0,00:00:00/246-09:54:09,353) [scsi_eh_1]
(root,0,0,00:00:00/246-09:54:09,354) [scsi_tmf_1]
(root,0,0,00:00:00/246-09:54:09,356) [scsi_eh_2]
(root,0,0,00:00:00/246-09:54:09,357) [scsi_tmf_2]
(root,0,0,00:40:02/246-09:54:09,360) [irq/16-vmwgfx]
(root,0,0,00:00:00/246-09:54:09,365) [ttm_swap]
(root,0,0,00:00:00/246-09:54:09,374) [mpt_poll_1]
(root,0,0,00:00:00/246-09:54:09,375) [mpt/1]
(root,0,0,00:00:00/246-09:54:09,378) [scsi_eh_3]
(root,0,0,00:00:00/246-09:54:09,379) [scsi_tmf_3]
(root,0,0,00:00:00/246-09:54:09,380) [mpt_poll_2]
(root,0,0,00:00:00/246-09:54:09,381) [mpt/2]
(root,0,0,00:00:00/246-09:54:09,382) [scsi_eh_4]
(root,0,0,00:00:00/246-09:54:09,383) [scsi_tmf_4]
(root,0,0,00:00:00/246-09:54:09,384) [mpt_poll_3]
(root,0,0,00:00:00/246-09:54:09,385) [mpt/3]
(root,0,0,00:00:00/246-09:54:09,386) [scsi_eh_5]
(root,0,0,00:00:00/246-09:54:09,387) [scsi_tmf_5]
(root,0,0,00:00:00/246-09:54:09,451) [kdmflush]
(root,0,0,00:00:00/246-09:54:09,452) [bioset]
(root,0,0,00:00:00/246-09:54:08,462) [kdmflush]
(root,0,0,00:00:00/246-09:54:08,463) [bioset]
(root,0,0,00:00:00/246-09:54:08,476) [bioset]
(root,0,0,00:00:00/246-09:54:08,477) [xfsalloc]
(root,0,0,00:00:00/246-09:54:08,478) [xfs_mru_cache]
(root,0,0,00:00:00/246-09:54:08,479) [xfs-buf/dm-0]
(root,0,0,00:00:00/246-09:54:08,480) [xfs-data/dm-0]
(root,0,0,00:00:00/246-09:54:08,481) [xfs-conv/dm-0]
(root,0,0,00:00:00/246-09:54:08,482) [xfs-cil/dm-0]
(root,0,0,00:00:00/246-09:54:08,483) [xfs-reclaim/dm-]
(root,0,0,00:00:00/246-09:54:08,484) [xfs-log/dm-0]
(root,0,0,00:00:00/246-09:54:08,485) [xfs-eofblocks/d]
(root,0,0,01:22:48/246-09:54:08,486) [xfsaild/dm-0]
(root,0,0,00:00:47/246-09:54:08,487) [kworker/0:1H]
(root,39548,8444,00:19:37/246-09:54:05,567) /usr/lib/systemd/systemd-journald
(root,198568,1540,00:00:02/246-09:54:05,587) /usr/sbin/lvmetad -f
(root,44800,1692,00:00:01/246-09:54:05,600) /usr/lib/systemd/systemd-udevd
(root,0,0,00:00:00/246-09:54:04,729) [xfs-buf/sda1]
(root,0,0,00:00:00/246-09:54:04,730) [xfs-data/sda1]
(root,0,0,00:00:00/246-09:54:04,731) [xfs-conv/sda1]
(root,0,0,00:00:00/246-09:54:04,732) [xfs-cil/sda1]
(root,0,0,00:00:00/246-09:54:04,733) [xfs-reclaim/sda]
(root,0,0,00:00:00/246-09:54:04,734) [xfs-log/sda1]
(root,0,0,00:00:00/246-09:54:04,735) [xfs-eofblocks/s]
(root,0,0,00:00:03/246-09:54:04,744) [xfsaild/sda1]
(root,0,0,00:00:46/246-09:54:04,768) [kworker/1:1H]
(root,55528,1072,00:04:42/246-09:54:04,769) /sbin/auditd
(root,99684,4488,00:00:00/246-09:54:03,791) /usr/bin/VGAuthService -s
(root,305176,5280,03:29:54/246-09:54:03,792) /usr/bin/vmtoolsd
(polkitd,612372,10016,00:00:13/246-09:54:03,797) /usr/lib/polkit-1/polkitd --no-debug
(root,21684,1256,00:12:15/246-09:54:03,805) /usr/sbin/irqbalance --foreground
(root,26380,1680,00:01:50/246-09:54:03,839) /usr/lib/systemd/systemd-logind
(dbus,58236,2340,00:05:12/246-09:54:03,840) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation
(ntp,25728,1928,00:03:06/246-09:54:03,851) /usr/sbin/ntpd -u ntp:ntp -g
(root,476344,8552,00:04:59/246-09:54:03,858) /usr/sbin/NetworkManager --no-daemon
(root,126288,1572,00:00:32/246-09:54:03,862) /usr/sbin/crond -n
(root,110108,804,00:00:00/246-09:54:03,865) /sbin/agetty --noclear tty1 linux
(root,218220,18720,01:00:16/246-09:54:02,1120) /opt/web/powerdns-admin/flask/bin/python3 /opt/web/powerdns-admin/flask/bin/gunicorn --workers 2 --bind unix:/opt/web/powerdns-admin/powerdns-admin.sock app:app
(root,457992,9256,00:23:34/246-09:54:02,1122) /usr/sbin/rsyslogd -n
(root,574200,17260,00:39:01/246-09:54:02,1123) /usr/bin/python2 -Es /usr/sbin/tuned -l -P
(root,112920,4356,00:05:26/246-09:54:02,1126) /usr/sbin/sshd -D
(root,27168,876,00:00:00/246-09:54:02,1160) /usr/sbin/xinetd -stayalive -pidfile /var/run/xinetd.pid
(mysql,1768440,166592,03:19:01/246-09:54:02,1226) /usr/sbin/mysqld
(root,57076,3040,00:00:01/246-09:54:02,1237) nginx: master process /usr/sbin/nginx -c /etc/nginx/nginx.conf
(root,0,0,00:00:00/6-04:56:19,1263) [veeamsnap_log]
(root,0,0,00:00:00/6-04:56:19,1264) [bioset]
(root,0,0,00:00:00/6-04:56:19,1266) [bioset]
(root,0,0,00:00:00/6-04:56:19,1267) [bioset]
(root,1164244,620584,23:06:46/246-09:54:01,1334) /usr/bin/python2 -s /usr/bin/fail2ban-server -s /var/run/fail2ban/fail2ban.sock -p /var/run/fail2ban/fail2ban.pid -x -b
(root,90356,2252,00:01:06/246-09:54:01,1412) /usr/libexec/postfix/master -w
(postfix,90636,4360,00:00:16/246-09:54:01,1452) qmgr -l -t unix -u
(nginx,57476,3684,00:00:00/20:20:11,3594) nginx: worker process
(root,0,0,00:00:00/02:49:43,5183) [kworker/u4:0]
(root,1193852,16876,00:01:41/7-03:19:31,5783) /opt/veeam/transport/veeamtransport --run-service
(root,104896,3036,00:00:00/7-03:19:31,5790) /opt/veeam/transport/veeamtransport --run-environmentsvc 7:6
(root,168292,2192,00:01:17/7-03:19:30,5803) /opt/veeam/transport/veeamimmureposvc --subprocess --log /var/log/VeeamBackup --maxLogSize 15728640 --stdio 10:7
(root,1627728,54768,00:01:14/7-03:19:05,6189) /usr/sbin/veeamworker --pidfile /var/run/veeamservice.pid --daemon
(root,0,0,00:00:00/246-04:50:04,12620) [cifsiod]
(root,0,0,00:00:00/246-04:50:04,12621) [cifsoplockd]
(root,414432,120680,00:07:17/193-05:09:51,14055) /opt/web/powerdns-admin/flask/bin/python3 /opt/web/powerdns-admin/flask/bin/gunicorn --workers 2 --bind unix:/opt/web/powerdns-admin/powerdns-admin.sock app:app
(root,362356,68404,00:07:10/193-05:09:51,14056) /opt/web/powerdns-admin/flask/bin/python3 /opt/web/powerdns-admin/flask/bin/gunicorn --workers 2 --bind unix:/opt/web/powerdns-admin/powerdns-admin.sock app:app
(postfix,90460,4172,00:00:00/01:08:34,14559) pickup -l -t unix -u
(root,0,0,00:00:00/24:26,18911) [kworker/u4:1]
(root,0,0,00:00:00/19:09,19384) [kworker/1:1]
(root,0,0,00:00:00/17:37,19481) [kworker/u4:2]
(root,0,0,00:00:00/08:37,20396) [kworker/1:2]
(root,0,0,00:00:00/07:59,20492) [kworker/0:2]
(pdns,1374744,24068,00:33:32/122-11:09:02,20510) /usr/sbin/pdns_server --guardian=no --daemon=no --disable-syslog --no-shuffle --log-timestamp=no --write-pid=no
(root,0,0,00:00:00/03:06,20997) [kworker/1:0]
(root,0,0,00:00:00/02:58,20998) [kworker/0:0]
(root,158804,5280,00:00:00/00:15,21279) sshd: unknown [priv]
(sshd,112920,2224,00:00:00/00:15,21280) sshd: unknown [net]
(root,113192,1584,00:00:00/00:00,21452) /bin/bash /usr/bin/check_mk_agent
(root,51752,1680,00:00:00/00:00,21468) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000
(root,13324,928,00:00:00/00:00,21469) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) /
(root,0,0,00:00:23/05:20:03,22566) [kworker/0:1]
(root,99932,2244,00:00:00/232-07:37:57,22579) /opt/veeam/deployment/veeamdeploymentsvc --run-service
(root,391024,30640,00:00:18/232-07:37:57,22581) /opt/veeam/deployment/veeamdeploymentsvc --service-process 9:8
(veeam-cd,601912,15316,00:53:09/232-07:37:57,22583) /opt/veeam/deployment/veeamdeploymentsvc --vcp-subprocess 18:17

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: ens35: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether 1e:00:d2:00:05:c4 brd ff:ff:ff:ff:ff:ff
[end_iplink]

Found on 2024-09-19 22:20

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcb76c1b6ce66f06e793f105f6bdf22204ea6229507

Found public CheckMk agent:
Version: 1.5.0p7
AgentOS: linux
Hostname: master.gi-dns.com
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local

Found process list through CheckMk:
(root,191148,3932,01:01:56/244-10:08:19,1) /usr/lib/systemd/systemd --switched-root --system --deserialize 22
(root,0,0,00:00:05/244-10:08:19,2) [kthreadd]
(root,0,0,00:00:00/244-10:08:19,4) [kworker/0:0H]
(root,0,0,00:08:48/244-10:08:19,6) [ksoftirqd/0]
(root,0,0,00:01:03/244-10:08:19,7) [migration/0]
(root,0,0,00:00:00/244-10:08:19,8) [rcu_bh]
(root,0,0,08:08:41/244-10:08:19,9) [rcu_sched]
(root,0,0,00:00:00/244-10:08:19,10) [lru-add-drain]
(root,0,0,00:01:24/244-10:08:19,11) [watchdog/0]
(root,0,0,00:01:06/244-10:08:19,12) [watchdog/1]
(root,0,0,00:01:07/244-10:08:19,13) [migration/1]
(root,0,0,00:00:47/244-10:08:19,14) [ksoftirqd/1]
(root,0,0,00:00:00/244-10:08:19,16) [kworker/1:0H]
(root,0,0,00:00:00/244-10:08:19,18) [kdevtmpfs]
(root,0,0,00:00:00/244-10:08:19,19) [netns]
(root,0,0,00:00:13/244-10:08:19,20) [khungtaskd]
(root,0,0,00:00:00/244-10:08:19,21) [writeback]
(root,0,0,00:00:00/244-10:08:19,22) [kintegrityd]
(root,0,0,00:00:00/244-10:08:19,23) [bioset]
(root,0,0,00:00:00/244-10:08:19,24) [bioset]
(root,0,0,00:00:00/244-10:08:19,25) [bioset]
(root,0,0,00:00:00/244-10:08:19,26) [kblockd]
(root,0,0,00:00:00/244-10:08:19,27) [md]
(root,0,0,00:00:00/244-10:08:19,28) [edac-poller]
(root,0,0,00:00:00/244-10:08:19,29) [watchdogd]
(root,0,0,00:00:04/244-10:08:19,36) [kswapd0]
(root,0,0,00:00:00/244-10:08:19,37) [ksmd]
(root,0,0,00:00:56/244-10:08:19,38) [khugepaged]
(root,0,0,00:00:00/244-10:08:19,39) [crypto]
(root,0,0,00:00:00/244-10:08:19,47) [kthrotld]
(root,0,0,00:00:00/244-10:08:19,49) [kmpath_rdacd]
(root,0,0,00:00:00/244-10:08:19,50) [kaluad]
(root,0,0,00:00:00/244-10:08:19,51) [kpsmoused]
(root,0,0,00:00:00/244-10:08:19,53) [ipv6_addrconf]
(root,0,0,00:00:00/244-10:08:19,66) [deferwq]
(root,0,0,00:00:55/244-10:08:19,101) [kauditd]
(root,0,0,00:00:00/244-10:08:18,280) [ata_sff]
(root,0,0,00:00:00/244-10:08:18,281) [mpt_poll_0]
(root,0,0,00:00:00/244-10:08:18,282) [nfit]
(root,0,0,00:00:00/244-10:08:18,283) [mpt/0]
(root,0,0,00:00:00/244-10:08:18,311) [scsi_eh_0]
(root,0,0,00:00:00/244-10:08:18,312) [scsi_tmf_0]
(root,0,0,00:00:00/244-10:08:18,353) [scsi_eh_1]
(root,0,0,00:00:00/244-10:08:18,354) [scsi_tmf_1]
(root,0,0,00:00:00/244-10:08:18,356) [scsi_eh_2]
(root,0,0,00:00:00/244-10:08:18,357) [scsi_tmf_2]
(root,0,0,00:39:44/244-10:08:18,360) [irq/16-vmwgfx]
(root,0,0,00:00:00/244-10:08:18,365) [ttm_swap]
(root,0,0,00:00:00/244-10:08:18,374) [mpt_poll_1]
(root,0,0,00:00:00/244-10:08:18,375) [mpt/1]
(root,0,0,00:00:00/244-10:08:18,378) [scsi_eh_3]
(root,0,0,00:00:00/244-10:08:18,379) [scsi_tmf_3]
(root,0,0,00:00:00/244-10:08:18,380) [mpt_poll_2]
(root,0,0,00:00:00/244-10:08:18,381) [mpt/2]
(root,0,0,00:00:00/244-10:08:18,382) [scsi_eh_4]
(root,0,0,00:00:00/244-10:08:18,383) [scsi_tmf_4]
(root,0,0,00:00:00/244-10:08:18,384) [mpt_poll_3]
(root,0,0,00:00:00/244-10:08:18,385) [mpt/3]
(root,0,0,00:00:00/244-10:08:18,386) [scsi_eh_5]
(root,0,0,00:00:00/244-10:08:18,387) [scsi_tmf_5]
(root,0,0,00:00:00/244-10:08:18,451) [kdmflush]
(root,0,0,00:00:00/244-10:08:18,452) [bioset]
(root,0,0,00:00:00/244-10:08:17,462) [kdmflush]
(root,0,0,00:00:00/244-10:08:17,463) [bioset]
(root,0,0,00:00:00/244-10:08:17,476) [bioset]
(root,0,0,00:00:00/244-10:08:17,477) [xfsalloc]
(root,0,0,00:00:00/244-10:08:17,478) [xfs_mru_cache]
(root,0,0,00:00:00/244-10:08:17,479) [xfs-buf/dm-0]
(root,0,0,00:00:00/244-10:08:17,480) [xfs-data/dm-0]
(root,0,0,00:00:00/244-10:08:17,481) [xfs-conv/dm-0]
(root,0,0,00:00:00/244-10:08:17,482) [xfs-cil/dm-0]
(root,0,0,00:00:00/244-10:08:17,483) [xfs-reclaim/dm-]
(root,0,0,00:00:00/244-10:08:17,484) [xfs-log/dm-0]
(root,0,0,00:00:00/244-10:08:17,485) [xfs-eofblocks/d]
(root,0,0,01:22:05/244-10:08:17,486) [xfsaild/dm-0]
(root,0,0,00:00:47/244-10:08:17,487) [kworker/0:1H]
(root,48520,10100,00:19:32/244-10:08:14,567) /usr/lib/systemd/systemd-journald
(root,198568,1540,00:00:02/244-10:08:14,587) /usr/sbin/lvmetad -f
(root,44800,1692,00:00:01/244-10:08:14,600) /usr/lib/systemd/systemd-udevd
(root,0,0,00:00:00/244-10:08:13,729) [xfs-buf/sda1]
(root,0,0,00:00:00/244-10:08:13,730) [xfs-data/sda1]
(root,0,0,00:00:00/244-10:08:13,731) [xfs-conv/sda1]
(root,0,0,00:00:00/244-10:08:13,732) [xfs-cil/sda1]
(root,0,0,00:00:00/244-10:08:13,733) [xfs-reclaim/sda]
(root,0,0,00:00:00/244-10:08:13,734) [xfs-log/sda1]
(root,0,0,00:00:00/244-10:08:13,735) [xfs-eofblocks/s]
(root,0,0,00:00:03/244-10:08:13,744) [xfsaild/sda1]
(root,0,0,00:00:46/244-10:08:13,768) [kworker/1:1H]
(root,55528,1072,00:04:41/244-10:08:13,769) /sbin/auditd
(root,99684,4488,00:00:00/244-10:08:12,791) /usr/bin/VGAuthService -s
(root,305176,5280,03:27:52/244-10:08:12,792) /usr/bin/vmtoolsd
(polkitd,612372,10016,00:00:12/244-10:08:12,797) /usr/lib/polkit-1/polkitd --no-debug
(root,21684,1256,00:12:09/244-10:08:12,805) /usr/sbin/irqbalance --foreground
(root,26380,1680,00:01:49/244-10:08:12,839) /usr/lib/systemd/systemd-logind
(dbus,58236,2340,00:05:09/244-10:08:12,840) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation
(ntp,25728,1928,00:03:04/244-10:08:12,851) /usr/sbin/ntpd -u ntp:ntp -g
(root,476344,8552,00:04:56/244-10:08:12,858) /usr/sbin/NetworkManager --no-daemon
(root,126288,1572,00:00:31/244-10:08:12,862) /usr/sbin/crond -n
(root,110108,804,00:00:00/244-10:08:12,865) /sbin/agetty --noclear tty1 linux
(root,218220,18720,00:59:45/244-10:08:11,1120) /opt/web/powerdns-admin/flask/bin/python3 /opt/web/powerdns-admin/flask/bin/gunicorn --workers 2 --bind unix:/opt/web/powerdns-admin/powerdns-admin.sock app:app
(root,486928,10524,00:23:23/244-10:08:11,1122) /usr/sbin/rsyslogd -n
(root,574200,17260,00:38:40/244-10:08:11,1123) /usr/bin/python2 -Es /usr/sbin/tuned -l -P
(root,112920,4356,00:05:24/244-10:08:11,1126) /usr/sbin/sshd -D
(root,27168,876,00:00:00/244-10:08:11,1160) /usr/sbin/xinetd -stayalive -pidfile /var/run/xinetd.pid
(mysql,1768440,166568,03:17:14/244-10:08:11,1226) /usr/sbin/mysqld
(root,57076,3040,00:00:01/244-10:08:11,1237) nginx: master process /usr/sbin/nginx -c /etc/nginx/nginx.conf
(root,0,0,00:00:00/4-05:10:28,1263) [veeamsnap_log]
(root,0,0,00:00:00/4-05:10:28,1264) [bioset]
(root,0,0,00:00:00/4-05:10:28,1266) [bioset]
(root,0,0,00:00:00/4-05:10:28,1267) [bioset]
(root,1172912,619704,23:04:48/244-10:08:10,1334) /usr/bin/python2 -s /usr/bin/fail2ban-server -s /var/run/fail2ban/fail2ban.sock -p /var/run/fail2ban/fail2ban.pid -x -b
(root,90356,2252,00:01:05/244-10:08:10,1412) /usr/libexec/postfix/master -w
(postfix,90636,4360,00:00:15/244-10:08:10,1452) qmgr -l -t unix -u
(root,1193852,15828,00:01:13/5-03:33:40,5783) /opt/veeam/transport/veeamtransport --run-service
(root,104896,3036,00:00:00/5-03:33:40,5790) /opt/veeam/transport/veeamtransport --run-environmentsvc 7:6
(root,168292,2192,00:00:55/5-03:33:39,5803) /opt/veeam/transport/veeamimmureposvc --subprocess --log /var/log/VeeamBackup --maxLogSize 15728640 --stdio 10:7
(root,1627728,49856,00:00:54/5-03:33:14,6189) /usr/sbin/veeamworker --pidfile /var/run/veeamservice.pid --daemon
(root,0,0,00:00:03/55:17,7856) [kworker/0:1]
(root,0,0,00:00:00/33:13,9907) [kworker/u4:1]
(root,0,0,00:00:00/21:32,10994) [kworker/u4:2]
(root,0,0,00:00:00/12:40,11796) [kworker/0:2]
(root,0,0,00:00:00/07:09,12242) [kworker/0:0]
(root,0,0,00:00:00/244-05:04:13,12620) [cifsiod]
(root,0,0,00:00:00/244-05:04:13,12621) [cifsoplockd]
(postfix,90460,4176,00:00:00/02:12,12690) pickup -l -t unix -u
(root,0,0,00:00:00/01:55,12691) [kworker/u4:0]
(root,113192,1580,00:00:00/00:00,13043) /bin/bash /usr/bin/check_mk_agent
(root,51752,1684,00:00:00/00:00,13059) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000
(root,13324,928,00:00:00/00:00,13060) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) /
(root,414432,120680,00:07:10/191-05:24:00,14055) /opt/web/powerdns-admin/flask/bin/python3 /opt/web/powerdns-admin/flask/bin/gunicorn --workers 2 --bind unix:/opt/web/powerdns-admin/powerdns-admin.sock app:app
(root,362356,68404,00:07:05/191-05:24:00,14056) /opt/web/powerdns-admin/flask/bin/python3 /opt/web/powerdns-admin/flask/bin/gunicorn --workers 2 --bind unix:/opt/web/powerdns-admin/powerdns-admin.sock app:app
(root,0,0,00:00:02/05:21:48,15192) [kworker/1:1]
(root,0,0,00:00:01/05:16:47,15944) [kworker/1:2]
(pdns,1374744,24048,00:32:56/120-11:23:11,20510) /usr/sbin/pdns_server --guardian=no --daemon=no --disable-syslog --no-shuffle --log-timestamp=no --write-pid=no
(root,99932,2244,00:00:00/230-07:52:06,22579) /opt/veeam/deployment/veeamdeploymentsvc --run-service
(root,391024,30640,00:00:17/230-07:52:06,22581) /opt/veeam/deployment/veeamdeploymentsvc --service-process 9:8
(veeam-cd,601912,15316,00:52:37/230-07:52:06,22583) /opt/veeam/deployment/veeamdeploymentsvc --vcp-subprocess 18:17
(nginx,57476,3964,00:00:00/20:34:20,28629) nginx: worker process
(root,0,0,00:00:00/08:33:20,29835) [kworker/1:0]

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: ens35: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether 1e:00:d2:00:05:c4 brd ff:ff:ff:ff:ff:ff
[end_iplink]

Found on 2024-09-17 22:34

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcb76c1b6ce66f06e793f105f6bdf22204e5878173c

Found public CheckMk agent:
Version: 1.5.0p7
AgentOS: linux
Hostname: master.gi-dns.com
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local

Found process list through CheckMk:
(root,191148,3932,01:01:16/242-10:22:00,1) /usr/lib/systemd/systemd --switched-root --system --deserialize 22
(root,0,0,00:00:05/242-10:22:00,2) [kthreadd]
(root,0,0,00:00:00/242-10:22:00,4) [kworker/0:0H]
(root,0,0,00:08:45/242-10:22:00,6) [ksoftirqd/0]
(root,0,0,00:01:02/242-10:22:00,7) [migration/0]
(root,0,0,00:00:00/242-10:22:00,8) [rcu_bh]
(root,0,0,08:05:31/242-10:22:00,9) [rcu_sched]
(root,0,0,00:00:00/242-10:22:00,10) [lru-add-drain]
(root,0,0,00:01:24/242-10:22:00,11) [watchdog/0]
(root,0,0,00:01:05/242-10:22:00,12) [watchdog/1]
(root,0,0,00:01:06/242-10:22:00,13) [migration/1]
(root,0,0,00:00:46/242-10:22:00,14) [ksoftirqd/1]
(root,0,0,00:00:00/242-10:22:00,16) [kworker/1:0H]
(root,0,0,00:00:00/242-10:22:00,18) [kdevtmpfs]
(root,0,0,00:00:00/242-10:22:00,19) [netns]
(root,0,0,00:00:13/242-10:22:00,20) [khungtaskd]
(root,0,0,00:00:00/242-10:22:00,21) [writeback]
(root,0,0,00:00:00/242-10:22:00,22) [kintegrityd]
(root,0,0,00:00:00/242-10:22:00,23) [bioset]
(root,0,0,00:00:00/242-10:22:00,24) [bioset]
(root,0,0,00:00:00/242-10:22:00,25) [bioset]
(root,0,0,00:00:00/242-10:22:00,26) [kblockd]
(root,0,0,00:00:00/242-10:22:00,27) [md]
(root,0,0,00:00:00/242-10:22:00,28) [edac-poller]
(root,0,0,00:00:00/242-10:22:00,29) [watchdogd]
(root,0,0,00:00:04/242-10:22:00,36) [kswapd0]
(root,0,0,00:00:00/242-10:22:00,37) [ksmd]
(root,0,0,00:00:56/242-10:22:00,38) [khugepaged]
(root,0,0,00:00:00/242-10:22:00,39) [crypto]
(root,0,0,00:00:00/242-10:22:00,47) [kthrotld]
(root,0,0,00:00:00/242-10:22:00,49) [kmpath_rdacd]
(root,0,0,00:00:00/242-10:22:00,50) [kaluad]
(root,0,0,00:00:00/242-10:22:00,51) [kpsmoused]
(root,0,0,00:00:00/242-10:22:00,53) [ipv6_addrconf]
(root,0,0,00:00:00/242-10:22:00,66) [deferwq]
(root,0,0,00:00:55/242-10:22:00,101) [kauditd]
(root,0,0,00:00:00/242-10:21:59,280) [ata_sff]
(root,0,0,00:00:00/242-10:21:59,281) [mpt_poll_0]
(root,0,0,00:00:00/242-10:21:59,282) [nfit]
(root,0,0,00:00:00/242-10:21:59,283) [mpt/0]
(root,0,0,00:00:00/242-10:21:59,311) [scsi_eh_0]
(root,0,0,00:00:00/242-10:21:59,312) [scsi_tmf_0]
(root,0,0,00:00:00/242-10:21:59,353) [scsi_eh_1]
(root,0,0,00:00:00/242-10:21:59,354) [scsi_tmf_1]
(root,0,0,00:00:00/242-10:21:59,356) [scsi_eh_2]
(root,0,0,00:00:00/242-10:21:59,357) [scsi_tmf_2]
(root,0,0,00:39:25/242-10:21:59,360) [irq/16-vmwgfx]
(root,0,0,00:00:00/242-10:21:59,365) [ttm_swap]
(root,0,0,00:00:00/242-10:21:59,374) [mpt_poll_1]
(root,0,0,00:00:00/242-10:21:59,375) [mpt/1]
(root,0,0,00:00:00/242-10:21:59,378) [scsi_eh_3]
(root,0,0,00:00:00/242-10:21:59,379) [scsi_tmf_3]
(root,0,0,00:00:00/242-10:21:59,380) [mpt_poll_2]
(root,0,0,00:00:00/242-10:21:59,381) [mpt/2]
(root,0,0,00:00:00/242-10:21:59,382) [scsi_eh_4]
(root,0,0,00:00:00/242-10:21:59,383) [scsi_tmf_4]
(root,0,0,00:00:00/242-10:21:59,384) [mpt_poll_3]
(root,0,0,00:00:00/242-10:21:59,385) [mpt/3]
(root,0,0,00:00:00/242-10:21:59,386) [scsi_eh_5]
(root,0,0,00:00:00/242-10:21:59,387) [scsi_tmf_5]
(root,0,0,00:00:00/242-10:21:59,451) [kdmflush]
(root,0,0,00:00:00/242-10:21:59,452) [bioset]
(root,0,0,00:00:00/242-10:21:58,462) [kdmflush]
(root,0,0,00:00:00/242-10:21:58,463) [bioset]
(root,0,0,00:00:00/242-10:21:58,476) [bioset]
(root,0,0,00:00:00/242-10:21:58,477) [xfsalloc]
(root,0,0,00:00:00/242-10:21:58,478) [xfs_mru_cache]
(root,0,0,00:00:00/242-10:21:58,479) [xfs-buf/dm-0]
(root,0,0,00:00:00/242-10:21:58,480) [xfs-data/dm-0]
(root,0,0,00:00:00/242-10:21:58,481) [xfs-conv/dm-0]
(root,0,0,00:00:00/242-10:21:58,482) [xfs-cil/dm-0]
(root,0,0,00:00:00/242-10:21:58,483) [xfs-reclaim/dm-]
(root,0,0,00:00:00/242-10:21:58,484) [xfs-log/dm-0]
(root,0,0,00:00:00/242-10:21:58,485) [xfs-eofblocks/d]
(root,0,0,01:21:21/242-10:21:58,486) [xfsaild/dm-0]
(root,0,0,00:00:47/242-10:21:58,487) [kworker/0:1H]
(root,48520,14776,00:19:27/242-10:21:55,567) /usr/lib/systemd/systemd-journald
(root,198568,1536,00:00:02/242-10:21:55,587) /usr/sbin/lvmetad -f
(root,44800,1692,00:00:01/242-10:21:55,600) /usr/lib/systemd/systemd-udevd
(root,0,0,00:00:00/242-10:21:54,729) [xfs-buf/sda1]
(root,0,0,00:00:00/242-10:21:54,730) [xfs-data/sda1]
(root,0,0,00:00:00/242-10:21:54,731) [xfs-conv/sda1]
(root,0,0,00:00:00/242-10:21:54,732) [xfs-cil/sda1]
(root,0,0,00:00:00/242-10:21:54,733) [xfs-reclaim/sda]
(root,0,0,00:00:00/242-10:21:54,734) [xfs-log/sda1]
(root,0,0,00:00:00/242-10:21:54,735) [xfs-eofblocks/s]
(root,0,0,00:00:03/242-10:21:54,744) [xfsaild/sda1]
(root,0,0,00:00:46/242-10:21:54,768) [kworker/1:1H]
(root,55528,1072,00:04:40/242-10:21:54,769) /sbin/auditd
(root,99684,4488,00:00:00/242-10:21:53,791) /usr/bin/VGAuthService -s
(root,305176,5280,03:25:51/242-10:21:53,792) /usr/bin/vmtoolsd
(polkitd,612372,10016,00:00:12/242-10:21:53,797) /usr/lib/polkit-1/polkitd --no-debug
(root,21684,1256,00:12:02/242-10:21:53,805) /usr/sbin/irqbalance --foreground
(root,26380,1680,00:01:48/242-10:21:53,839) /usr/lib/systemd/systemd-logind
(dbus,58236,2340,00:05:07/242-10:21:53,840) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation
(ntp,25728,1928,00:03:03/242-10:21:53,851) /usr/sbin/ntpd -u ntp:ntp -g
(root,476344,8552,00:04:54/242-10:21:53,858) /usr/sbin/NetworkManager --no-daemon
(root,126288,1572,00:00:31/242-10:21:53,862) /usr/sbin/crond -n
(root,110108,804,00:00:00/242-10:21:53,865) /sbin/agetty --noclear tty1 linux
(root,218220,18720,00:59:13/242-10:21:52,1120) /opt/web/powerdns-admin/flask/bin/python3 /opt/web/powerdns-admin/flask/bin/gunicorn --workers 2 --bind unix:/opt/web/powerdns-admin/powerdns-admin.sock app:app
(root,463924,12268,00:23:12/242-10:21:52,1122) /usr/sbin/rsyslogd -n
(root,574200,17260,00:38:19/242-10:21:52,1123) /usr/bin/python2 -Es /usr/sbin/tuned -l -P
(root,112920,4356,00:05:23/242-10:21:52,1126) /usr/sbin/sshd -D
(root,27168,876,00:00:00/242-10:21:52,1160) /usr/sbin/xinetd -stayalive -pidfile /var/run/xinetd.pid
(mysql,1768440,166564,03:15:37/242-10:21:52,1226) /usr/sbin/mysqld
(root,57076,3040,00:00:01/242-10:21:52,1237) nginx: master process /usr/sbin/nginx -c /etc/nginx/nginx.conf
(root,0,0,00:00:00/2-05:24:09,1263) [veeamsnap_log]
(root,0,0,00:00:00/2-05:24:09,1264) [bioset]
(root,0,0,00:00:00/2-05:24:09,1266) [bioset]
(root,0,0,00:00:00/2-05:24:09,1267) [bioset]
(root,1165340,620420,23:03:03/242-10:21:51,1334) /usr/bin/python2 -s /usr/bin/fail2ban-server -s /var/run/fail2ban/fail2ban.sock -p /var/run/fail2ban/fail2ban.pid -x -b
(root,90356,2252,00:01:05/242-10:21:51,1412) /usr/libexec/postfix/master -w
(postfix,90636,4360,00:00:15/242-10:21:51,1452) qmgr -l -t unix -u
(root,0,0,00:00:03/47:01,2113) [kworker/0:2]
(postfix,90460,4176,00:00:00/35:21,3189) pickup -l -t unix -u
(root,0,0,00:00:00/16:43,4797) [kworker/1:3]
(root,0,0,00:00:00/08:42,5519) [kworker/1:1]
(root,1193852,14236,00:00:45/3-03:47:21,5783) /opt/veeam/transport/veeamtransport --run-service
(root,104896,3036,00:00:00/3-03:47:21,5790) /opt/veeam/transport/veeamtransport --run-environmentsvc 7:6
(root,0,0,00:00:00/06:04,5799) [kworker/u4:0]
(root,168292,2192,00:00:34/3-03:47:20,5803) /opt/veeam/transport/veeamimmureposvc --subprocess --log /var/log/VeeamBackup --maxLogSize 15728640 --stdio 10:7
(root,0,0,00:00:00/03:41,5993) [kworker/1:0]
(root,1627608,43388,00:00:31/3-03:46:55,6189) /usr/sbin/veeamworker --pidfile /var/run/veeamservice.pid --daemon
(root,0,0,00:00:00/00:41,6316) [kworker/1:2]
(root,113320,1624,00:00:00/00:00,6433) /bin/bash /usr/bin/check_mk_agent
(root,113192,1588,00:00:00/00:00,6501) /bin/bash /usr/bin/check_mk_agent
(root,51752,1676,00:00:00/00:00,6558) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000
(root,13324,928,00:00:00/00:00,6559) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) /
(root,0,0,00:00:20/05:41:30,7250) [kworker/0:0]
(root,0,0,00:00:00/242-05:17:54,12620) [cifsiod]
(root,0,0,00:00:00/242-05:17:54,12621) [cifsoplockd]
(root,414432,120680,00:07:06/189-05:37:41,14055) /opt/web/powerdns-admin/flask/bin/python3 /opt/web/powerdns-admin/flask/bin/gunicorn --workers 2 --bind unix:/opt/web/powerdns-admin/powerdns-admin.sock app:app
(root,362356,68404,00:07:01/189-05:37:41,14056) /opt/web/powerdns-admin/flask/bin/python3 /opt/web/powerdns-admin/flask/bin/gunicorn --workers 2 --bind unix:/opt/web/powerdns-admin/powerdns-admin.sock app:app
(pdns,1374744,24068,00:32:21/118-11:36:52,20510) /usr/sbin/pdns_server --guardian=no --daemon=no --disable-syslog --no-shuffle --log-timestamp=no --write-pid=no
(nginx,57484,2500,00:00:00/20:48:00,21296) nginx: worker process
(root,99932,2244,00:00:00/228-08:05:47,22579) /opt/veeam/deployment/veeamdeploymentsvc --run-service
(root,391024,30640,00:00:17/228-08:05:47,22581) /opt/veeam/deployment/veeamdeploymentsvc --service-process 9:8
(veeam-cd,601912,15316,00:52:04/228-08:05:47,22583) /opt/veeam/deployment/veeamdeploymentsvc --vcp-subprocess 18:17
(root,0,0,00:00:00/02:04:44,27504) [kworker/u4:1]

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: ens35: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether 1e:00:d2:00:05:c4 brd ff:ff:ff:ff:ff:ff
[end_iplink]

Found on 2024-09-15 22:48

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcb76c1b6ce66f06e793f105f6bdf22204e6186568c

Found public CheckMk agent:
Version: 1.5.0p7
AgentOS: linux
Hostname: master.gi-dns.com
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local

Found process list through CheckMk:
(root,191148,3932,01:00:34/240-08:02:40,1) /usr/lib/systemd/systemd --switched-root --system --deserialize 22
(root,0,0,00:00:05/240-08:02:40,2) [kthreadd]
(root,0,0,00:00:00/240-08:02:40,4) [kworker/0:0H]
(root,0,0,00:08:42/240-08:02:40,6) [ksoftirqd/0]
(root,0,0,00:01:02/240-08:02:40,7) [migration/0]
(root,0,0,00:00:00/240-08:02:40,8) [rcu_bh]
(root,0,0,08:02:06/240-08:02:40,9) [rcu_sched]
(root,0,0,00:00:00/240-08:02:40,10) [lru-add-drain]
(root,0,0,00:01:23/240-08:02:40,11) [watchdog/0]
(root,0,0,00:01:04/240-08:02:40,12) [watchdog/1]
(root,0,0,00:01:06/240-08:02:40,13) [migration/1]
(root,0,0,00:00:46/240-08:02:40,14) [ksoftirqd/1]
(root,0,0,00:00:00/240-08:02:40,16) [kworker/1:0H]
(root,0,0,00:00:00/240-08:02:40,18) [kdevtmpfs]
(root,0,0,00:00:00/240-08:02:40,19) [netns]
(root,0,0,00:00:13/240-08:02:40,20) [khungtaskd]
(root,0,0,00:00:00/240-08:02:40,21) [writeback]
(root,0,0,00:00:00/240-08:02:40,22) [kintegrityd]
(root,0,0,00:00:00/240-08:02:40,23) [bioset]
(root,0,0,00:00:00/240-08:02:40,24) [bioset]
(root,0,0,00:00:00/240-08:02:40,25) [bioset]
(root,0,0,00:00:00/240-08:02:40,26) [kblockd]
(root,0,0,00:00:00/240-08:02:40,27) [md]
(root,0,0,00:00:00/240-08:02:40,28) [edac-poller]
(root,0,0,00:00:00/240-08:02:40,29) [watchdogd]
(root,0,0,00:00:04/240-08:02:40,36) [kswapd0]
(root,0,0,00:00:00/240-08:02:40,37) [ksmd]
(root,0,0,00:00:55/240-08:02:40,38) [khugepaged]
(root,0,0,00:00:00/240-08:02:40,39) [crypto]
(root,0,0,00:00:00/240-08:02:40,47) [kthrotld]
(root,0,0,00:00:00/240-08:02:40,49) [kmpath_rdacd]
(root,0,0,00:00:00/240-08:02:40,50) [kaluad]
(root,0,0,00:00:00/240-08:02:40,51) [kpsmoused]
(root,0,0,00:00:00/240-08:02:40,53) [ipv6_addrconf]
(root,0,0,00:00:00/240-08:02:40,66) [deferwq]
(root,0,0,00:00:55/240-08:02:40,101) [kauditd]
(root,0,0,00:00:00/240-08:02:39,280) [ata_sff]
(root,0,0,00:00:00/240-08:02:39,281) [mpt_poll_0]
(root,0,0,00:00:00/240-08:02:39,282) [nfit]
(root,0,0,00:00:00/240-08:02:39,283) [mpt/0]
(root,0,0,00:00:00/240-08:02:39,311) [scsi_eh_0]
(root,0,0,00:00:00/240-08:02:39,312) [scsi_tmf_0]
(root,0,0,00:00:00/240-08:02:39,353) [scsi_eh_1]
(root,0,0,00:00:00/240-08:02:39,354) [scsi_tmf_1]
(root,0,0,00:00:00/240-08:02:39,356) [scsi_eh_2]
(root,0,0,00:00:00/240-08:02:39,357) [scsi_tmf_2]
(root,0,0,00:39:06/240-08:02:39,360) [irq/16-vmwgfx]
(root,0,0,00:00:00/240-08:02:39,365) [ttm_swap]
(root,0,0,00:00:00/240-08:02:39,374) [mpt_poll_1]
(root,0,0,00:00:00/240-08:02:39,375) [mpt/1]
(root,0,0,00:00:00/240-08:02:39,378) [scsi_eh_3]
(root,0,0,00:00:00/240-08:02:39,379) [scsi_tmf_3]
(root,0,0,00:00:00/240-08:02:39,380) [mpt_poll_2]
(root,0,0,00:00:00/240-08:02:39,381) [mpt/2]
(root,0,0,00:00:00/240-08:02:39,382) [scsi_eh_4]
(root,0,0,00:00:00/240-08:02:39,383) [scsi_tmf_4]
(root,0,0,00:00:00/240-08:02:39,384) [mpt_poll_3]
(root,0,0,00:00:00/240-08:02:39,385) [mpt/3]
(root,0,0,00:00:00/240-08:02:39,386) [scsi_eh_5]
(root,0,0,00:00:00/240-08:02:39,387) [scsi_tmf_5]
(root,0,0,00:00:00/240-08:02:39,451) [kdmflush]
(root,0,0,00:00:00/240-08:02:39,452) [bioset]
(root,0,0,00:00:00/240-08:02:38,462) [kdmflush]
(root,0,0,00:00:00/240-08:02:38,463) [bioset]
(root,0,0,00:00:00/240-08:02:38,476) [bioset]
(root,0,0,00:00:00/240-08:02:38,477) [xfsalloc]
(root,0,0,00:00:00/240-08:02:38,478) [xfs_mru_cache]
(root,0,0,00:00:00/240-08:02:38,479) [xfs-buf/dm-0]
(root,0,0,00:00:00/240-08:02:38,480) [xfs-data/dm-0]
(root,0,0,00:00:00/240-08:02:38,481) [xfs-conv/dm-0]
(root,0,0,00:00:00/240-08:02:38,482) [xfs-cil/dm-0]
(root,0,0,00:00:00/240-08:02:38,483) [xfs-reclaim/dm-]
(root,0,0,00:00:00/240-08:02:38,484) [xfs-log/dm-0]
(root,0,0,00:00:00/240-08:02:38,485) [xfs-eofblocks/d]
(root,0,0,01:20:35/240-08:02:38,486) [xfsaild/dm-0]
(root,0,0,00:00:46/240-08:02:38,487) [kworker/0:1H]
(root,40328,3476,00:19:22/240-08:02:35,567) /usr/lib/systemd/systemd-journald
(root,198568,1536,00:00:02/240-08:02:35,587) /usr/sbin/lvmetad -f
(root,44800,1692,00:00:01/240-08:02:35,600) /usr/lib/systemd/systemd-udevd
(root,0,0,00:00:00/240-08:02:34,729) [xfs-buf/sda1]
(root,0,0,00:00:00/240-08:02:34,730) [xfs-data/sda1]
(root,0,0,00:00:00/240-08:02:34,731) [xfs-conv/sda1]
(root,0,0,00:00:00/240-08:02:34,732) [xfs-cil/sda1]
(root,0,0,00:00:00/240-08:02:34,733) [xfs-reclaim/sda]
(root,0,0,00:00:00/240-08:02:34,734) [xfs-log/sda1]
(root,0,0,00:00:00/240-08:02:34,735) [xfs-eofblocks/s]
(root,0,0,00:00:03/240-08:02:34,744) [xfsaild/sda1]
(root,0,0,00:00:45/240-08:02:34,768) [kworker/1:1H]
(root,55528,1072,00:04:39/240-08:02:34,769) /sbin/auditd
(root,99684,4488,00:00:00/240-08:02:33,791) /usr/bin/VGAuthService -s
(root,305176,5280,03:23:41/240-08:02:33,792) /usr/bin/vmtoolsd
(polkitd,612372,10016,00:00:12/240-08:02:33,797) /usr/lib/polkit-1/polkitd --no-debug
(root,21684,1256,00:11:55/240-08:02:33,805) /usr/sbin/irqbalance --foreground
(root,26380,1680,00:01:47/240-08:02:33,839) /usr/lib/systemd/systemd-logind
(dbus,58236,2340,00:05:04/240-08:02:33,840) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation
(ntp,25728,1928,00:03:01/240-08:02:33,851) /usr/sbin/ntpd -u ntp:ntp -g
(root,476344,8552,00:04:51/240-08:02:33,858) /usr/sbin/NetworkManager --no-daemon
(root,126288,1572,00:00:31/240-08:02:33,862) /usr/sbin/crond -n
(root,110108,804,00:00:00/240-08:02:33,865) /sbin/agetty --noclear tty1 linux
(root,218220,18720,00:58:39/240-08:02:32,1120) /opt/web/powerdns-admin/flask/bin/python3 /opt/web/powerdns-admin/flask/bin/gunicorn --workers 2 --bind unix:/opt/web/powerdns-admin/powerdns-admin.sock app:app
(root,455732,4908,00:23:00/240-08:02:32,1122) /usr/sbin/rsyslogd -n
(root,574200,17260,00:37:57/240-08:02:32,1123) /usr/bin/python2 -Es /usr/sbin/tuned -l -P
(root,112920,4356,00:05:22/240-08:02:32,1126) /usr/sbin/sshd -D
(root,27168,876,00:00:00/240-08:02:32,1160) /usr/sbin/xinetd -stayalive -pidfile /var/run/xinetd.pid
(mysql,1768440,166560,03:13:53/240-08:02:32,1226) /usr/sbin/mysqld
(root,57076,3040,00:00:01/240-08:02:32,1237) nginx: master process /usr/sbin/nginx -c /etc/nginx/nginx.conf
(root,0,0,00:00:00/03:04:49,1263) [veeamsnap_log]
(root,0,0,00:00:00/03:04:49,1264) [bioset]
(root,0,0,00:00:00/03:04:49,1266) [bioset]
(root,0,0,00:00:00/03:04:49,1267) [bioset]
(root,1157148,614888,23:01:21/240-08:02:31,1334) /usr/bin/python2 -s /usr/bin/fail2ban-server -s /var/run/fail2ban/fail2ban.sock -p /var/run/fail2ban/fail2ban.pid -x -b
(root,90356,2252,00:01:04/240-08:02:31,1412) /usr/libexec/postfix/master -w
(postfix,90636,4360,00:00:15/240-08:02:31,1452) qmgr -l -t unix -u
(root,1193852,13552,00:00:15/1-01:28:01,5783) /opt/veeam/transport/veeamtransport --run-service
(root,104896,3036,00:00:00/1-01:28:01,5790) /opt/veeam/transport/veeamtransport --run-environmentsvc 7:6
(root,168292,2192,00:00:11/1-01:28:00,5803) /opt/veeam/transport/veeamimmureposvc --subprocess --log /var/log/VeeamBackup --maxLogSize 15728640 --stdio 10:7
(root,1627608,35524,00:00:10/1-01:27:35,6189) /usr/sbin/veeamworker --pidfile /var/run/veeamservice.pid --daemon
(nginx,57564,4056,00:00:00/18:28:41,11992) nginx: worker process
(root,0,0,00:00:00/240-02:58:34,12620) [cifsiod]
(root,0,0,00:00:00/240-02:58:34,12621) [cifsoplockd]
(root,414432,120680,00:07:03/187-03:18:21,14055) /opt/web/powerdns-admin/flask/bin/python3 /opt/web/powerdns-admin/flask/bin/gunicorn --workers 2 --bind unix:/opt/web/powerdns-admin/powerdns-admin.sock app:app
(root,362356,68404,00:06:58/187-03:18:21,14056) /opt/web/powerdns-admin/flask/bin/python3 /opt/web/powerdns-admin/flask/bin/gunicorn --workers 2 --bind unix:/opt/web/powerdns-admin/powerdns-admin.sock app:app
(root,0,0,00:00:00/50:49,14114) [kworker/u4:2]
(postfix,90460,4172,00:00:00/15:33,17387) pickup -l -t unix -u
(root,0,0,00:00:00/12:34,17662) [kworker/0:2]
(root,0,0,00:00:00/07:41,18019) [kworker/1:0]
(root,0,0,00:00:00/07:33,18109) [kworker/0:0]
(root,0,0,00:00:00/06:14,18200) [kworker/u4:1]
(root,0,0,00:00:00/02:40,18473) [kworker/1:2]
(root,0,0,00:00:00/02:02,18563) [kworker/0:1]
(root,113192,1588,00:00:00/00:00,18915) /bin/bash /usr/bin/check_mk_agent
(root,51752,1680,00:00:00/00:00,18931) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000
(root,13324,928,00:00:00/00:00,18932) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) /
(pdns,1374612,24068,00:31:43/116-09:17:32,20510) /usr/sbin/pdns_server --guardian=no --daemon=no --disable-syslog --no-shuffle --log-timestamp=no --write-pid=no
(root,99932,2244,00:00:00/226-05:46:27,22579) /opt/veeam/deployment/veeamdeploymentsvc --run-service
(root,391024,30640,00:00:17/226-05:46:27,22581) /opt/veeam/deployment/veeamdeploymentsvc --service-process 9:8
(veeam-cd,601912,15316,00:51:30/226-05:46:27,22583) /opt/veeam/deployment/veeamdeploymentsvc --vcp-subprocess 18:17
(root,0,0,00:00:01/03:13:32,32700) [kworker/1:1]

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: ens35: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether 1e:00:d2:00:05:c4 brd ff:ff:ff:ff:ff:ff
[end_iplink]

Found on 2024-09-13 20:28

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcb76c1b6ce66f06e793f105f6bdf22204e43f57da2

Found public CheckMk agent:
Version: 1.5.0p7
AgentOS: linux
Hostname: master.gi-dns.com
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local

Found process list through CheckMk:
(root,191148,3932,00:59:53/238-07:31:48,1) /usr/lib/systemd/systemd --switched-root --system --deserialize 22
(root,0,0,00:00:05/238-07:31:48,2) [kthreadd]
(root,0,0,00:00:00/238-07:31:48,4) [kworker/0:0H]
(root,0,0,00:08:37/238-07:31:48,6) [ksoftirqd/0]
(root,0,0,00:01:01/238-07:31:48,7) [migration/0]
(root,0,0,00:00:00/238-07:31:48,8) [rcu_bh]
(root,0,0,07:58:40/238-07:31:48,9) [rcu_sched]
(root,0,0,00:00:00/238-07:31:48,10) [lru-add-drain]
(root,0,0,00:01:22/238-07:31:48,11) [watchdog/0]
(root,0,0,00:01:04/238-07:31:48,12) [watchdog/1]
(root,0,0,00:01:05/238-07:31:48,13) [migration/1]
(root,0,0,00:00:46/238-07:31:48,14) [ksoftirqd/1]
(root,0,0,00:00:00/238-07:31:48,16) [kworker/1:0H]
(root,0,0,00:00:00/238-07:31:48,18) [kdevtmpfs]
(root,0,0,00:00:00/238-07:31:48,19) [netns]
(root,0,0,00:00:13/238-07:31:48,20) [khungtaskd]
(root,0,0,00:00:00/238-07:31:48,21) [writeback]
(root,0,0,00:00:00/238-07:31:48,22) [kintegrityd]
(root,0,0,00:00:00/238-07:31:48,23) [bioset]
(root,0,0,00:00:00/238-07:31:48,24) [bioset]
(root,0,0,00:00:00/238-07:31:48,25) [bioset]
(root,0,0,00:00:00/238-07:31:48,26) [kblockd]
(root,0,0,00:00:00/238-07:31:48,27) [md]
(root,0,0,00:00:00/238-07:31:48,28) [edac-poller]
(root,0,0,00:00:00/238-07:31:48,29) [watchdogd]
(root,0,0,00:00:04/238-07:31:48,36) [kswapd0]
(root,0,0,00:00:00/238-07:31:48,37) [ksmd]
(root,0,0,00:00:55/238-07:31:48,38) [khugepaged]
(root,0,0,00:00:00/238-07:31:48,39) [crypto]
(root,0,0,00:00:00/238-07:31:48,47) [kthrotld]
(root,0,0,00:00:00/238-07:31:48,49) [kmpath_rdacd]
(root,0,0,00:00:00/238-07:31:48,50) [kaluad]
(root,0,0,00:00:00/238-07:31:48,51) [kpsmoused]
(root,0,0,00:00:00/238-07:31:48,53) [ipv6_addrconf]
(root,0,0,00:00:00/238-07:31:48,66) [deferwq]
(root,0,0,00:00:55/238-07:31:48,101) [kauditd]
(root,0,0,00:00:00/238-07:31:47,280) [ata_sff]
(root,0,0,00:00:00/238-07:31:47,281) [mpt_poll_0]
(root,0,0,00:00:00/238-07:31:47,282) [nfit]
(root,0,0,00:00:00/238-07:31:47,283) [mpt/0]
(root,0,0,00:00:00/238-07:31:47,311) [scsi_eh_0]
(root,0,0,00:00:00/238-07:31:47,312) [scsi_tmf_0]
(root,0,0,00:00:00/238-07:31:47,353) [scsi_eh_1]
(root,0,0,00:00:00/238-07:31:47,354) [scsi_tmf_1]
(root,0,0,00:00:00/238-07:31:47,356) [scsi_eh_2]
(root,0,0,00:00:00/238-07:31:47,357) [scsi_tmf_2]
(root,0,0,00:38:48/238-07:31:47,360) [irq/16-vmwgfx]
(root,0,0,00:00:00/238-07:31:47,365) [ttm_swap]
(root,0,0,00:00:00/238-07:31:47,374) [mpt_poll_1]
(root,0,0,00:00:00/238-07:31:47,375) [mpt/1]
(root,0,0,00:00:00/238-07:31:47,378) [scsi_eh_3]
(root,0,0,00:00:00/238-07:31:47,379) [scsi_tmf_3]
(root,0,0,00:00:00/238-07:31:47,380) [mpt_poll_2]
(root,0,0,00:00:00/238-07:31:47,381) [mpt/2]
(root,0,0,00:00:00/238-07:31:47,382) [scsi_eh_4]
(root,0,0,00:00:00/238-07:31:47,383) [scsi_tmf_4]
(root,0,0,00:00:00/238-07:31:47,384) [mpt_poll_3]
(root,0,0,00:00:00/238-07:31:47,385) [mpt/3]
(root,0,0,00:00:00/238-07:31:47,386) [scsi_eh_5]
(root,0,0,00:00:00/238-07:31:47,387) [scsi_tmf_5]
(root,0,0,00:00:00/56:11,438) [kworker/1:2]
(root,0,0,00:00:00/238-07:31:47,451) [kdmflush]
(root,0,0,00:00:00/238-07:31:47,452) [bioset]
(root,0,0,00:00:00/238-07:31:46,462) [kdmflush]
(root,0,0,00:00:00/238-07:31:46,463) [bioset]
(root,0,0,00:00:00/238-07:31:46,476) [bioset]
(root,0,0,00:00:00/238-07:31:46,477) [xfsalloc]
(root,0,0,00:00:00/238-07:31:46,478) [xfs_mru_cache]
(root,0,0,00:00:00/238-07:31:46,479) [xfs-buf/dm-0]
(root,0,0,00:00:00/238-07:31:46,480) [xfs-data/dm-0]
(root,0,0,00:00:00/238-07:31:46,481) [xfs-conv/dm-0]
(root,0,0,00:00:00/238-07:31:46,482) [xfs-cil/dm-0]
(root,0,0,00:00:00/238-07:31:46,483) [xfs-reclaim/dm-]
(root,0,0,00:00:00/238-07:31:46,484) [xfs-log/dm-0]
(root,0,0,00:00:00/238-07:31:46,485) [xfs-eofblocks/d]
(root,0,0,01:19:51/238-07:31:46,486) [xfsaild/dm-0]
(root,0,0,00:00:46/238-07:31:46,487) [kworker/0:1H]
(root,39572,5632,00:19:17/238-07:31:43,567) /usr/lib/systemd/systemd-journald
(root,198568,1532,00:00:02/238-07:31:43,587) /usr/sbin/lvmetad -f
(root,44800,1692,00:00:01/238-07:31:43,600) /usr/lib/systemd/systemd-udevd
(root,0,0,00:00:00/238-07:31:42,729) [xfs-buf/sda1]
(root,0,0,00:00:00/238-07:31:42,730) [xfs-data/sda1]
(root,0,0,00:00:00/238-07:31:42,731) [xfs-conv/sda1]
(root,0,0,00:00:00/238-07:31:42,732) [xfs-cil/sda1]
(root,0,0,00:00:00/238-07:31:42,733) [xfs-reclaim/sda]
(root,0,0,00:00:00/238-07:31:42,734) [xfs-log/sda1]
(root,0,0,00:00:00/238-07:31:42,735) [xfs-eofblocks/s]
(root,0,0,00:00:03/238-07:31:42,744) [xfsaild/sda1]
(root,0,0,00:00:45/238-07:31:42,768) [kworker/1:1H]
(root,55528,1072,00:04:37/238-07:31:42,769) /sbin/auditd
(root,99684,4488,00:00:00/238-07:31:41,791) /usr/bin/VGAuthService -s
(root,305176,5280,03:21:38/238-07:31:41,792) /usr/bin/vmtoolsd
(polkitd,612372,10016,00:00:12/238-07:31:41,797) /usr/lib/polkit-1/polkitd --no-debug
(root,21684,1256,00:11:49/238-07:31:41,805) /usr/sbin/irqbalance --foreground
(root,26380,1680,00:01:46/238-07:31:41,839) /usr/lib/systemd/systemd-logind
(dbus,58236,2340,00:05:01/238-07:31:41,840) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation
(ntp,25728,1928,00:02:59/238-07:31:41,851) /usr/sbin/ntpd -u ntp:ntp -g
(root,476344,8552,00:04:48/238-07:31:41,858) /usr/sbin/NetworkManager --no-daemon
(root,126288,1572,00:00:30/238-07:31:41,862) /usr/sbin/crond -n
(root,110108,804,00:00:00/238-07:31:41,865) /sbin/agetty --noclear tty1 linux
(root,218220,18720,00:58:07/238-07:31:40,1120) /opt/web/powerdns-admin/flask/bin/python3 /opt/web/powerdns-admin/flask/bin/gunicorn --workers 2 --bind unix:/opt/web/powerdns-admin/powerdns-admin.sock app:app
(root,455268,6852,00:22:49/238-07:31:40,1122) /usr/sbin/rsyslogd -n
(root,574200,17260,00:37:35/238-07:31:40,1123) /usr/bin/python2 -Es /usr/sbin/tuned -l -P
(root,112920,4356,00:05:21/238-07:31:40,1126) /usr/sbin/sshd -D
(root,27168,876,00:00:00/238-07:31:40,1160) /usr/sbin/xinetd -stayalive -pidfile /var/run/xinetd.pid
(mysql,1768440,166284,03:12:02/238-07:31:40,1226) /usr/sbin/mysqld
(root,57076,3040,00:00:01/238-07:31:40,1237) nginx: master process /usr/sbin/nginx -c /etc/nginx/nginx.conf
(root,1159304,616564,22:59:32/238-07:31:39,1334) /usr/bin/python2 -s /usr/bin/fail2ban-server -s /var/run/fail2ban/fail2ban.sock -p /var/run/fail2ban/fail2ban.pid -x -b
(root,90356,2252,00:01:03/238-07:31:39,1412) /usr/libexec/postfix/master -w
(postfix,90636,4360,00:00:15/238-07:31:39,1452) qmgr -l -t unix -u
(nginx,57564,3980,00:00:00/17:57:49,2323) nginx: worker process
(root,0,0,00:00:00/35:33,2419) [kworker/u4:2]
(root,0,0,00:00:00/19:59,3766) [kworker/u4:1]
(root,0,0,00:00:00/08:04,4843) [kworker/1:1]
(postfix,90460,4176,00:00:00/04:06,5205) pickup -l -t unix -u
(root,0,0,00:00:00/03:03,5295) [kworker/1:0]
(root,0,0,00:00:00/00:02,5563) [kworker/1:3]
(root,113192,1584,00:00:00/00:00,5736) /bin/bash /usr/bin/check_mk_agent
(root,51752,1680,00:00:00/00:00,5752) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000
(root,13324,924,00:00:00/00:00,5753) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) /
(root,0,0,00:00:11/105-02:56:40,9994) [veeamsnap_log]
(root,0,0,00:00:00/105-02:56:40,9995) [bioset]
(root,0,0,00:00:00/105-02:56:40,9996) [bioset]
(root,0,0,00:00:00/105-02:56:40,9997) [bioset]
(root,0,0,00:00:00/238-02:27:42,12620) [cifsiod]
(root,0,0,00:00:00/238-02:27:42,12621) [cifsoplockd]
(root,414432,120680,00:06:56/185-02:47:29,14055) /opt/web/powerdns-admin/flask/bin/python3 /opt/web/powerdns-admin/flask/bin/gunicorn --workers 2 --bind unix:/opt/web/powerdns-admin/powerdns-admin.sock app:app
(root,362356,68404,00:06:49/185-02:47:29,14056) /opt/web/powerdns-admin/flask/bin/python3 /opt/web/powerdns-admin/flask/bin/gunicorn --workers 2 --bind unix:/opt/web/powerdns-admin/powerdns-admin.sock app:app
(root,1194980,42612,00:21:56/106-00:54:14,17667) /opt/veeam/transport/veeamtransport --run-service
(root,104888,2828,00:00:00/106-00:54:13,17674) /opt/veeam/transport/veeamtransport --run-environmentsvc 7:6
(root,168256,4188,00:15:13/106-00:54:13,17687) /opt/veeam/transport/veeamimmureposvc --subprocess --log /var/log/VeeamBackup --maxLogSize 15728640 --stdio 10:7
(root,1619136,59308,00:16:55/106-00:53:50,17966) /usr/sbin/veeamworker --pidfile /var/run/veeamservice.pid --daemon
(root,0,0,00:02:41/1-13:45:15,18227) [kworker/0:0]
(pdns,1374612,24052,00:31:06/114-08:46:40,20510) /usr/sbin/pdns_server --guardian=no --daemon=no --disable-syslog --no-shuffle --log-timestamp=no --write-pid=no
(root,99932,2244,00:00:00/224-05:15:35,22579) /opt/veeam/deployment/veeamdeploymentsvc --run-service
(root,430308,69940,00:00:16/224-05:15:35,22581) /opt/veeam/deployment/veeamdeploymentsvc --service-process 9:8
(veeam-cd,601912,15316,00:50:56/224-05:15:35,22583) /opt/veeam/deployment/veeamdeploymentsvc --vcp-subprocess 18:17
(root,0,0,00:00:04/57:23,32604) [kworker/0:2]

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: ens35: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether 1e:00:d2:00:05:c4 brd ff:ff:ff:ff:ff:ff
[end_iplink]

Found on 2024-09-11 19:57

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcb76c1b6ce66f06e793f105f6bdf22204e79bd8baf

Found public CheckMk agent:
Version: 1.5.0p7
AgentOS: linux
Hostname: master.gi-dns.com
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local

Found process list through CheckMk:
(root,191028,3988,00:13:15/78-04:19:34,1) /usr/lib/systemd/systemd --switched-root --system --deserialize 22
(root,0,0,00:00:01/78-04:19:34,2) [kthreadd]
(root,0,0,00:00:00/78-04:19:34,4) [kworker/0:0H]
(root,0,0,00:02:07/78-04:19:34,6) [ksoftirqd/0]
(root,0,0,00:00:21/78-04:19:34,7) [migration/0]
(root,0,0,00:00:00/78-04:19:34,8) [rcu_bh]
(root,0,0,02:02:50/78-04:19:34,9) [rcu_sched]
(root,0,0,00:00:00/78-04:19:34,10) [lru-add-drain]
(root,0,0,00:00:31/78-04:19:34,11) [watchdog/0]
(root,0,0,00:00:26/78-04:19:34,12) [watchdog/1]
(root,0,0,00:00:22/78-04:19:34,13) [migration/1]
(root,0,0,00:00:40/78-04:19:34,14) [ksoftirqd/1]
(root,0,0,00:00:00/78-04:19:34,16) [kworker/1:0H]
(root,0,0,00:00:00/78-04:19:34,18) [kdevtmpfs]
(root,0,0,00:00:00/78-04:19:34,19) [netns]
(root,0,0,00:00:08/78-04:19:34,20) [khungtaskd]
(root,0,0,00:00:00/78-04:19:34,21) [writeback]
(root,0,0,00:00:00/78-04:19:34,22) [kintegrityd]
(root,0,0,00:00:00/78-04:19:34,23) [bioset]
(root,0,0,00:00:00/78-04:19:34,24) [bioset]
(root,0,0,00:00:00/78-04:19:34,25) [bioset]
(root,0,0,00:00:00/78-04:19:34,26) [kblockd]
(root,0,0,00:00:00/78-04:19:34,27) [md]
(root,0,0,00:00:00/78-04:19:34,28) [edac-poller]
(root,0,0,00:00:00/78-04:19:34,29) [watchdogd]
(root,0,0,00:00:00/78-04:19:34,35) [kswapd0]
(root,0,0,00:00:00/78-04:19:34,36) [ksmd]
(root,0,0,00:00:23/78-04:19:34,37) [khugepaged]
(root,0,0,00:00:00/78-04:19:34,38) [crypto]
(root,0,0,00:00:00/78-04:19:34,46) [kthrotld]
(root,0,0,00:00:00/78-04:19:34,48) [kmpath_rdacd]
(root,0,0,00:00:00/78-04:19:34,49) [kaluad]
(root,0,0,00:00:00/78-04:19:34,51) [kpsmoused]
(root,0,0,00:00:00/78-04:19:34,53) [ipv6_addrconf]
(root,0,0,00:00:00/78-04:19:34,66) [deferwq]
(root,0,0,00:00:23/78-04:19:34,101) [kauditd]
(root,0,0,00:00:00/78-04:19:34,272) [mpt_poll_0]
(root,0,0,00:00:00/78-04:19:34,275) [nfit]
(root,0,0,00:00:00/78-04:19:34,276) [mpt/0]
(root,0,0,00:00:00/78-04:19:34,279) [ata_sff]
(root,0,0,00:00:00/78-04:19:33,304) [scsi_eh_0]
(root,0,0,00:00:00/78-04:19:33,312) [scsi_tmf_0]
(root,0,0,00:00:00/78-04:19:33,334) [scsi_eh_1]
(root,0,0,00:00:00/78-04:19:33,336) [scsi_tmf_1]
(root,0,0,00:00:00/78-04:19:33,339) [scsi_eh_2]
(root,0,0,00:00:00/78-04:19:33,340) [scsi_tmf_2]
(root,0,0,00:19:04/78-04:19:33,342) [irq/16-vmwgfx]
(root,0,0,00:00:00/78-04:19:33,343) [ttm_swap]
(root,0,0,00:00:00/78-04:19:33,376) [mpt_poll_1]
(root,0,0,00:00:00/78-04:19:33,377) [mpt/1]
(root,0,0,00:00:00/78-04:19:33,379) [scsi_eh_3]
(root,0,0,00:00:00/78-04:19:33,380) [scsi_tmf_3]
(root,0,0,00:00:00/78-04:19:33,381) [mpt_poll_2]
(root,0,0,00:00:00/78-04:19:33,382) [mpt/2]
(root,0,0,00:00:00/78-04:19:33,383) [scsi_eh_4]
(root,0,0,00:00:00/78-04:19:33,384) [scsi_tmf_4]
(root,0,0,00:00:00/78-04:19:33,385) [mpt_poll_3]
(root,0,0,00:00:00/78-04:19:33,386) [mpt/3]
(root,0,0,00:00:00/78-04:19:33,387) [scsi_eh_5]
(root,0,0,00:00:00/78-04:19:33,388) [scsi_tmf_5]
(root,0,0,00:00:00/78-04:19:33,456) [kdmflush]
(root,0,0,00:00:00/78-04:19:33,457) [bioset]
(root,0,0,00:00:00/78-04:19:33,466) [kdmflush]
(root,0,0,00:00:00/78-04:19:33,467) [bioset]
(root,0,0,00:00:00/78-04:19:33,481) [bioset]
(root,0,0,00:00:00/78-04:19:33,482) [xfsalloc]
(root,0,0,00:00:00/78-04:19:33,483) [xfs_mru_cache]
(root,0,0,00:00:00/78-04:19:33,484) [xfs-buf/dm-0]
(root,0,0,00:00:00/78-04:19:33,485) [xfs-data/dm-0]
(root,0,0,00:00:00/78-04:19:33,486) [xfs-conv/dm-0]
(root,0,0,00:00:00/78-04:19:33,487) [xfs-cil/dm-0]
(root,0,0,00:00:00/78-04:19:33,488) [xfs-reclaim/dm-]
(root,0,0,00:00:00/78-04:19:33,489) [xfs-log/dm-0]
(root,0,0,00:00:00/78-04:19:33,490) [xfs-eofblocks/d]
(root,0,0,00:29:09/78-04:19:33,491) [xfsaild/dm-0]
(root,0,0,00:00:12/78-04:19:32,492) [kworker/0:1H]
(root,55932,19332,00:09:18/78-04:19:32,571) /usr/lib/systemd/systemd-journald
(root,44832,1944,00:00:02/78-04:19:31,592) /usr/lib/systemd/systemd-udevd
(root,198568,3476,00:00:00/78-04:19:31,596) /usr/sbin/lvmetad -f
(root,0,0,00:00:00/78-04:19:31,737) [xfs-buf/sda1]
(root,0,0,00:00:00/78-04:19:31,738) [xfs-data/sda1]
(root,0,0,00:00:00/78-04:19:31,739) [xfs-conv/sda1]
(root,0,0,00:00:00/78-04:19:31,740) [xfs-cil/sda1]
(root,0,0,00:00:00/78-04:19:31,741) [xfs-reclaim/sda]
(root,0,0,00:00:00/78-04:19:31,742) [xfs-log/sda1]
(root,0,0,00:00:00/78-04:19:31,743) [xfs-eofblocks/s]
(root,0,0,00:00:01/78-04:19:31,744) [xfsaild/sda1]
(root,55528,1076,00:01:41/78-04:19:31,773) /sbin/auditd
(root,99684,6084,00:00:00/78-04:19:31,795) /usr/bin/VGAuthService -s
(root,305176,6408,01:16:36/78-04:19:31,796) /usr/bin/vmtoolsd
(root,26380,1780,00:00:39/78-04:19:31,798) /usr/lib/systemd/systemd-logind
(root,21684,1300,00:04:09/78-04:19:31,799) /usr/sbin/irqbalance --foreground
(dbus,58236,2468,00:01:48/78-04:19:31,802) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation
(root,476328,10712,00:01:50/78-04:19:30,821) /usr/sbin/NetworkManager --no-daemon
(root,1009524,10908,00:10:25/78-04:19:30,822) /usr/lib/Acronis/UpdateController/acp-update-controller -e --update-controller
(polkitd,612244,10072,00:00:04/78-04:19:30,840) /usr/lib/polkit-1/polkitd --no-debug
(root,126288,1576,00:00:11/78-04:19:30,846) /usr/sbin/crond -n
(root,110108,848,00:00:00/78-04:19:30,848) /sbin/agetty --noclear tty1 linux
(ntp,25728,1984,00:01:00/78-04:19:30,854) /usr/sbin/ntpd -u ntp:ntp -g
(root,0,0,00:00:27/78-04:19:30,930) [kworker/1:1H]
(root,0,0,00:00:00/78-04:19:30,933) [acp-update-cont] <defunct>
(root,112920,4356,00:02:17/78-04:19:30,1126) /usr/sbin/sshd -D
(root,574200,19496,00:14:26/78-04:19:30,1128) /usr/bin/python2 -Es /usr/sbin/tuned -l -P
(root,413008,14676,00:09:21/78-04:19:30,1129) /usr/sbin/rsyslogd -n
(root,1757532,40664,08:50:14/78-04:19:30,1131) //opt/acronis/aakore run
(root,218220,19436,00:21:17/78-04:19:30,1133) /opt/web/powerdns-admin/flask/bin/python3 /opt/web/powerdns-admin/flask/bin/gunicorn --workers 2 --bind unix:/opt/web/powerdns-admin/powerdns-admin.sock app:app
(root,27168,996,00:00:00/78-04:19:30,1136) /usr/sbin/xinetd -stayalive -pidfile /var/run/xinetd.pid
(root,57076,3044,00:00:00/78-04:19:30,1168) nginx: master process /usr/sbin/nginx -c /etc/nginx/nginx.conf
(mysql,1768444,138128,01:13:38/78-04:19:29,1190) /usr/sbin/mysqld
(root,606900,34816,02:53:12/78-04:19:29,1258) /opt/acronis/bin/task-manager --config task-manager.yaml
(root,308796,17348,00:04:15/78-04:19:29,1260) /opt/acronis/bin/cred-store --aakore-control
(root,635880,8572,00:15:28/78-04:19:29,1263) /opt/acronis/bin/grpm-sync-unit run
(root,1185772,13820,01:03:37/78-04:19:29,1266) /opt/acronis/bin/updater -e
(root,1140944,15972,00:46:36/78-04:19:29,1271) /opt/acronis/bin/adp-agent -e
(root,923016,386580,03:36:24/78-04:19:29,1387) /usr/bin/python2 -s /usr/bin/fail2ban-server -s /var/run/fail2ban/fail2ban.sock -p /var/run/fail2ban/fail2ban.pid -x -b
(pdns,1284704,21916,00:22:21/78-04:19:28,1455) /usr/sbin/pdns_server --guardian=no --daemon=no --disable-syslog --no-shuffle --log-timestamp=no --write-pid=no
(root,90356,2260,00:00:23/78-04:19:28,1573) /usr/libexec/postfix/master -w
(root,361728,67668,00:03:09/78-04:19:28,1581) /opt/web/powerdns-admin/flask/bin/python3 /opt/web/powerdns-admin/flask/bin/gunicorn --workers 2 --bind unix:/opt/web/powerdns-admin/powerdns-admin.sock app:app
(postfix,90636,4400,00:00:05/78-04:19:28,1585) qmgr -l -t unix -u
(root,361660,67924,00:03:08/78-04:19:28,1587) /opt/web/powerdns-admin/flask/bin/python3 /opt/web/powerdns-admin/flask/bin/gunicorn --workers 2 --bind unix:/opt/web/powerdns-admin/powerdns-admin.sock app:app
(nginx,57484,2572,00:00:00/09:00:23,5554) nginx: worker process
(root,0,0,00:00:09/02:28:17,11312) [kworker/0:2]
(root,0,0,00:00:00/77-17:30:16,14444) [cifsiod]
(root,0,0,00:00:00/77-17:30:16,14445) [cifsoplockd]
(root,1500464,105916,00:32:18/78-04:19:15,14957) /usr/lib/Acronis/APL/active-protection --conf_file=/etc/Acronis/APL/active-protection.conf
(root,845876,6928,00:27:33/78-04:19:15,14958) /usr/lib/Acronis/Schedule/schedul2-bin
(root,723844,270924,05:29:24/78-04:19:15,14973) /usr/lib/Acronis/BackupAndRecovery/mms
(root,0,0,00:00:00/78-04:19:11,15064) [snapapid]
(root,0,0,00:00:00/01:45:06,15836) [kworker/0:1]
(postfix,90460,4176,00:00:00/01:27:53,17455) pickup -l -t unix -u
(root,0,0,00:00:00/41:20,21793) [kworker/1:1]
(root,0,0,00:00:00/30:03,22809) [kworker/u4:2]
(root,0,0,00:00:00/08:13,24816) [kworker/u4:1]
(root,0,0,00:00:00/06:14,24999) [kworker/1:3]
(root,0,0,00:00:00/01:13,25490) [kworker/1:0]
(root,113192,1584,00:00:00/00:00,25751) /bin/bash /usr/bin/check_mk_agent
(root,51752,1680,00:00:00/00:00,25767) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000
(root,13324,928,00:00:00/00:00,25768) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) /

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: ens35: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether 06:5a:38:00:02:07 brd ff:ff:ff:ff:ff:ff
[end_iplink]

Found on 2023-05-04 11:00

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcb76c1b6ce66f06e793f105f6bdf22204eaeefef99

Found public CheckMk agent:
Version: 1.5.0p7
AgentOS: linux
Hostname: master.gi-dns.com
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local

Found process list through CheckMk:
(root,191028,3976,00:00:24/2-14:20:10,1) /usr/lib/systemd/systemd --switched-root --system --deserialize 22
(root,0,0,00:00:00/2-14:20:10,2) [kthreadd]
(root,0,0,00:00:00/2-14:20:10,4) [kworker/0:0H]
(root,0,0,00:00:04/2-14:20:10,6) [ksoftirqd/0]
(root,0,0,00:00:00/2-14:20:10,7) [migration/0]
(root,0,0,00:00:00/2-14:20:10,8) [rcu_bh]
(root,0,0,00:03:42/2-14:20:10,9) [rcu_sched]
(root,0,0,00:00:00/2-14:20:10,10) [lru-add-drain]
(root,0,0,00:00:01/2-14:20:10,11) [watchdog/0]
(root,0,0,00:00:00/2-14:20:10,12) [watchdog/1]
(root,0,0,00:00:00/2-14:20:10,13) [migration/1]
(root,0,0,00:00:01/2-14:20:10,14) [ksoftirqd/1]
(root,0,0,00:00:00/2-14:20:10,16) [kworker/1:0H]
(root,0,0,00:00:00/2-14:20:10,18) [kdevtmpfs]
(root,0,0,00:00:00/2-14:20:10,19) [netns]
(root,0,0,00:00:00/2-14:20:10,20) [khungtaskd]
(root,0,0,00:00:00/2-14:20:10,21) [writeback]
(root,0,0,00:00:00/2-14:20:10,22) [kintegrityd]
(root,0,0,00:00:00/2-14:20:10,23) [bioset]
(root,0,0,00:00:00/2-14:20:10,24) [bioset]
(root,0,0,00:00:00/2-14:20:10,25) [bioset]
(root,0,0,00:00:00/2-14:20:10,26) [kblockd]
(root,0,0,00:00:00/2-14:20:10,27) [md]
(root,0,0,00:00:00/2-14:20:10,28) [edac-poller]
(root,0,0,00:00:00/2-14:20:10,29) [watchdogd]
(root,0,0,00:00:00/2-14:20:10,35) [kswapd0]
(root,0,0,00:00:00/2-14:20:10,36) [ksmd]
(root,0,0,00:00:01/2-14:20:10,37) [khugepaged]
(root,0,0,00:00:00/2-14:20:10,38) [crypto]
(root,0,0,00:00:00/2-14:20:10,46) [kthrotld]
(root,0,0,00:00:00/2-14:20:10,48) [kmpath_rdacd]
(root,0,0,00:00:00/2-14:20:10,49) [kaluad]
(root,0,0,00:00:00/2-14:20:10,51) [kpsmoused]
(root,0,0,00:00:00/2-14:20:10,53) [ipv6_addrconf]
(root,0,0,00:00:00/2-14:20:10,66) [deferwq]
(root,0,0,00:00:00/2-14:20:10,101) [kauditd]
(root,0,0,00:00:00/2-14:20:10,272) [mpt_poll_0]
(root,0,0,00:00:00/2-14:20:10,275) [nfit]
(root,0,0,00:00:00/2-14:20:10,276) [mpt/0]
(root,0,0,00:00:00/2-14:20:10,279) [ata_sff]
(root,0,0,00:00:00/2-14:20:09,304) [scsi_eh_0]
(root,0,0,00:00:00/2-14:20:09,312) [scsi_tmf_0]
(root,0,0,00:00:00/2-14:20:09,334) [scsi_eh_1]
(root,0,0,00:00:00/2-14:20:09,336) [scsi_tmf_1]
(root,0,0,00:00:00/2-14:20:09,339) [scsi_eh_2]
(root,0,0,00:00:00/2-14:20:09,340) [scsi_tmf_2]
(root,0,0,00:00:29/2-14:20:09,342) [irq/16-vmwgfx]
(root,0,0,00:00:00/2-14:20:09,343) [ttm_swap]
(root,0,0,00:00:00/2-14:20:09,376) [mpt_poll_1]
(root,0,0,00:00:00/2-14:20:09,377) [mpt/1]
(root,0,0,00:00:00/2-14:20:09,379) [scsi_eh_3]
(root,0,0,00:00:00/2-14:20:09,380) [scsi_tmf_3]
(root,0,0,00:00:00/2-14:20:09,381) [mpt_poll_2]
(root,0,0,00:00:00/2-14:20:09,382) [mpt/2]
(root,0,0,00:00:00/2-14:20:09,383) [scsi_eh_4]
(root,0,0,00:00:00/2-14:20:09,384) [scsi_tmf_4]
(root,0,0,00:00:00/2-14:20:09,385) [mpt_poll_3]
(root,0,0,00:00:00/2-14:20:09,386) [mpt/3]
(root,0,0,00:00:00/2-14:20:09,387) [scsi_eh_5]
(root,0,0,00:00:00/2-14:20:09,388) [scsi_tmf_5]
(root,0,0,00:00:00/2-14:20:09,456) [kdmflush]
(root,0,0,00:00:00/2-14:20:09,457) [bioset]
(root,0,0,00:00:00/2-14:20:09,466) [kdmflush]
(root,0,0,00:00:00/2-14:20:09,467) [bioset]
(root,0,0,00:00:00/2-14:20:09,481) [bioset]
(root,0,0,00:00:00/2-14:20:09,482) [xfsalloc]
(root,0,0,00:00:00/2-14:20:09,483) [xfs_mru_cache]
(root,0,0,00:00:00/2-14:20:09,484) [xfs-buf/dm-0]
(root,0,0,00:00:00/2-14:20:09,485) [xfs-data/dm-0]
(root,0,0,00:00:00/2-14:20:09,486) [xfs-conv/dm-0]
(root,0,0,00:00:00/2-14:20:09,487) [xfs-cil/dm-0]
(root,0,0,00:00:00/2-14:20:09,488) [xfs-reclaim/dm-]
(root,0,0,00:00:00/2-14:20:09,489) [xfs-log/dm-0]
(root,0,0,00:00:00/2-14:20:09,490) [xfs-eofblocks/d]
(root,0,0,00:00:55/2-14:20:09,491) [xfsaild/dm-0]
(root,0,0,00:00:00/2-14:20:08,492) [kworker/0:1H]
(root,55968,19592,00:00:17/2-14:20:08,571) /usr/lib/systemd/systemd-journald
(root,44832,1944,00:00:00/2-14:20:07,592) /usr/lib/systemd/systemd-udevd
(root,198568,5448,00:00:00/2-14:20:07,596) /usr/sbin/lvmetad -f
(root,0,0,00:00:00/2-14:20:07,737) [xfs-buf/sda1]
(root,0,0,00:00:00/2-14:20:07,738) [xfs-data/sda1]
(root,0,0,00:00:00/2-14:20:07,739) [xfs-conv/sda1]
(root,0,0,00:00:00/2-14:20:07,740) [xfs-cil/sda1]
(root,0,0,00:00:00/2-14:20:07,741) [xfs-reclaim/sda]
(root,0,0,00:00:00/2-14:20:07,742) [xfs-log/sda1]
(root,0,0,00:00:00/2-14:20:07,743) [xfs-eofblocks/s]
(root,0,0,00:00:00/2-14:20:07,744) [xfsaild/sda1]
(root,55528,1076,00:00:03/2-14:20:07,773) /sbin/auditd
(root,99684,6084,00:00:00/2-14:20:07,795) /usr/bin/VGAuthService -s
(root,305176,6408,00:02:29/2-14:20:07,796) /usr/bin/vmtoolsd
(root,26380,1760,00:00:01/2-14:20:07,798) /usr/lib/systemd/systemd-logind
(root,21684,1300,00:00:08/2-14:20:07,799) /usr/sbin/irqbalance --foreground
(dbus,58236,2468,00:00:03/2-14:20:07,802) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation
(root,476328,10712,00:00:03/2-14:20:06,821) /usr/sbin/NetworkManager --no-daemon
(root,1009524,9568,00:00:20/2-14:20:06,822) /usr/lib/Acronis/UpdateController/acp-update-controller -e --update-controller
(polkitd,612244,10072,00:00:00/2-14:20:06,840) /usr/lib/polkit-1/polkitd --no-debug
(root,126288,1576,00:00:00/2-14:20:06,846) /usr/sbin/crond -n
(root,110108,848,00:00:00/2-14:20:06,848) /sbin/agetty --noclear tty1 linux
(ntp,25728,1984,00:00:02/2-14:20:06,854) /usr/sbin/ntpd -u ntp:ntp -g
(root,0,0,00:00:00/2-14:20:06,930) [kworker/1:1H]
(root,0,0,00:00:00/2-14:20:06,933) [acp-update-cont] <defunct>
(root,112920,4356,00:00:04/2-14:20:06,1126) /usr/sbin/sshd -D
(root,574200,19496,00:00:28/2-14:20:06,1128) /usr/bin/python2 -Es /usr/sbin/tuned -l -P
(root,290148,15824,00:00:17/2-14:20:06,1129) /usr/sbin/rsyslogd -n
(root,1756764,41608,00:16:38/2-14:20:06,1131) //opt/acronis/aakore run
(root,218220,19436,00:00:42/2-14:20:06,1133) /opt/web/powerdns-admin/flask/bin/python3 /opt/web/powerdns-admin/flask/bin/gunicorn --workers 2 --bind unix:/opt/web/powerdns-admin/powerdns-admin.sock app:app
(root,27168,996,00:00:00/2-14:20:06,1136) /usr/sbin/xinetd -stayalive -pidfile /var/run/xinetd.pid
(root,57076,3000,00:00:00/2-14:20:06,1168) nginx: master process /usr/sbin/nginx -c /etc/nginx/nginx.conf
(mysql,1768144,126896,00:02:37/2-14:20:05,1190) /usr/sbin/mysqld
(root,539312,34336,00:05:17/2-14:20:05,1258) /opt/acronis/bin/task-manager --config task-manager.yaml
(root,177724,16632,00:00:08/2-14:20:05,1260) /opt/acronis/bin/cred-store --aakore-control
(root,568292,8364,00:00:30/2-14:20:05,1263) /opt/acronis/bin/grpm-sync-unit run
(root,1168540,12928,00:02:04/2-14:20:05,1266) /opt/acronis/bin/updater -e
(root,1140944,14524,00:01:24/2-14:20:05,1271) /opt/acronis/bin/adp-agent -e
(root,573604,133532,00:06:49/2-14:20:05,1387) /usr/bin/python2 -s /usr/bin/fail2ban-server -s /var/run/fail2ban/fail2ban.sock -p /var/run/fail2ban/fail2ban.pid -x -b
(pdns,1284308,19420,00:00:44/2-14:20:04,1455) /usr/sbin/pdns_server --guardian=no --daemon=no --disable-syslog --no-shuffle --log-timestamp=no --write-pid=no
(root,90356,2260,00:00:00/2-14:20:04,1573) /usr/libexec/postfix/master -w
(root,360212,66324,00:00:12/2-14:20:04,1581) /opt/web/powerdns-admin/flask/bin/python3 /opt/web/powerdns-admin/flask/bin/gunicorn --workers 2 --bind unix:/opt/web/powerdns-admin/powerdns-admin.sock app:app
(postfix,90636,4400,00:00:00/2-14:20:04,1585) qmgr -l -t unix -u
(root,360872,66840,00:00:10/2-14:20:04,1587) /opt/web/powerdns-admin/flask/bin/python3 /opt/web/powerdns-admin/flask/bin/gunicorn --workers 2 --bind unix:/opt/web/powerdns-admin/powerdns-admin.sock app:app
(root,0,0,00:00:00/2-03:30:52,14444) [cifsiod]
(root,0,0,00:00:00/2-03:30:52,14445) [cifsoplockd]
(root,1500464,105748,00:01:04/2-14:19:51,14957) /usr/lib/Acronis/APL/active-protection --conf_file=/etc/Acronis/APL/active-protection.conf
(root,845876,6856,00:00:53/2-14:19:51,14958) /usr/lib/Acronis/Schedule/schedul2-bin
(root,699696,248664,00:10:15/2-14:19:51,14973) /usr/lib/Acronis/BackupAndRecovery/mms
(root,0,0,00:00:00/2-14:19:47,15064) [snapapid]
(root,0,0,00:00:00/01:37:34,15736) [kworker/1:1]
(nginx,57480,4044,00:00:00/18:00:58,16156) nginx: worker process
(root,0,0,00:00:00/01:26:31,16826) [kworker/1:0]
(root,0,0,00:00:00/01:13:21,18102) [kworker/u4:0]
(postfix,90460,4176,00:00:00/39:40,21276) pickup -l -t unix -u
(root,0,0,00:00:00/18:00,23366) [kworker/u4:2]
(root,0,0,00:00:00/09:10,24242) [kworker/0:0]
(root,0,0,00:00:00/06:10,24537) [kworker/0:3]
(root,112920,4288,00:00:00/01:46,24912) sshd: [accepted]
(root,0,0,00:00:00/01:09,24979) [kworker/0:1]
(root,112920,4284,00:00:00/00:52,25003) sshd: [accepted]
(root,113192,1584,00:00:00/00:00,25261) /bin/bash /usr/bin/check_mk_agent
(root,51752,1680,00:00:00/00:00,25277) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000
(root,13324,928,00:00:00/00:00,25278) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) /

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: ens35: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether 06:5a:38:00:02:07 brd ff:ff:ff:ff:ff:ff
[end_iplink]

Found on 2023-02-17 21:00

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcb76c1b6ce66f06e793f105f6bdf22204ee24d36d6

Found public CheckMk agent:
Version: 1.5.0p7
AgentOS: linux
Hostname: master.gi-dns.com
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local

Found process list through CheckMk:
(root,191076,2996,08:01:35/992-15:48:32,1) /usr/lib/systemd/systemd --switched-root --system --deserialize 22
(root,0,0,00:00:26/992-15:48:32,2) [kthreadd]
(root,0,0,00:00:00/992-15:48:32,4) [kworker/0:0H]
(root,0,0,00:31:19/992-15:48:32,6) [ksoftirqd/0]
(root,0,0,00:05:24/992-15:48:32,7) [migration/0]
(root,0,0,00:00:00/992-15:48:32,8) [rcu_bh]
(root,0,0,1-01:27:47/992-15:48:32,9) [rcu_sched]
(root,0,0,00:00:00/992-15:48:32,10) [lru-add-drain]
(root,0,0,00:07:18/992-15:48:32,11) [watchdog/0]
(root,0,0,00:06:26/992-15:48:32,12) [watchdog/1]
(root,0,0,00:05:46/992-15:48:32,13) [migration/1]
(root,0,0,00:06:33/992-15:48:32,14) [ksoftirqd/1]
(root,0,0,00:00:00/992-15:48:32,16) [kworker/1:0H]
(root,0,0,00:00:00/992-15:48:32,18) [kdevtmpfs]
(root,0,0,00:00:00/992-15:48:32,19) [netns]
(root,0,0,00:01:23/992-15:48:32,20) [khungtaskd]
(root,0,0,00:00:00/992-15:48:32,21) [writeback]
(root,0,0,00:00:00/992-15:48:32,22) [kintegrityd]
(root,0,0,00:00:00/992-15:48:32,23) [bioset]
(root,0,0,00:00:00/992-15:48:32,24) [bioset]
(root,0,0,00:00:00/992-15:48:32,25) [bioset]
(root,0,0,00:00:00/992-15:48:32,26) [kblockd]
(root,0,0,00:00:00/992-15:48:32,27) [md]
(root,0,0,00:00:00/992-15:48:32,28) [edac-poller]
(root,0,0,00:00:00/992-15:48:32,29) [watchdogd]
(root,0,0,00:02:48/992-15:48:31,35) [kswapd0]
(root,0,0,00:00:00/992-15:48:31,36) [ksmd]
(root,0,0,00:04:33/992-15:48:31,37) [khugepaged]
(root,0,0,00:00:00/992-15:48:31,38) [crypto]
(root,0,0,00:00:00/992-15:48:31,46) [kthrotld]
(root,0,0,00:00:00/992-15:48:31,48) [kmpath_rdacd]
(root,0,0,00:00:00/992-15:48:31,49) [kaluad]
(root,0,0,00:00:00/992-15:48:31,51) [kpsmoused]
(root,0,0,00:00:00/992-15:48:31,53) [ipv6_addrconf]
(root,0,0,00:00:00/992-15:48:31,66) [deferwq]
(root,0,0,00:07:55/992-15:48:31,101) [kauditd]
(root,0,0,00:00:00/992-15:48:31,282) [nfit]
(root,0,0,00:00:00/992-15:48:31,283) [mpt_poll_0]
(root,0,0,00:00:00/992-15:48:31,284) [mpt/0]
(root,0,0,00:00:00/992-15:48:31,285) [ata_sff]
(root,0,0,00:00:00/992-15:48:31,315) [scsi_eh_0]
(root,0,0,00:00:00/992-15:48:31,319) [scsi_tmf_0]
(root,0,0,00:00:07/992-15:48:31,353) [scsi_eh_1]
(root,0,0,00:00:00/992-15:48:31,355) [scsi_tmf_1]
(root,0,0,00:00:00/992-15:48:31,358) [scsi_eh_2]
(root,0,0,00:00:00/992-15:48:31,359) [scsi_tmf_2]
(root,0,0,04:39:28/992-15:48:31,362) [irq/16-vmwgfx]
(root,0,0,00:00:00/992-15:48:31,365) [ttm_swap]
(root,0,0,00:00:00/992-15:48:30,376) [mpt_poll_1]
(root,0,0,00:00:00/992-15:48:30,377) [mpt/1]
(root,0,0,00:00:00/992-15:48:30,380) [scsi_eh_3]
(root,0,0,00:00:00/992-15:48:30,381) [scsi_tmf_3]
(root,0,0,00:00:00/992-15:48:30,382) [mpt_poll_2]
(root,0,0,00:00:00/992-15:48:30,383) [mpt/2]
(root,0,0,00:00:00/992-15:48:30,384) [scsi_eh_4]
(root,0,0,00:00:00/992-15:48:30,385) [scsi_tmf_4]
(root,0,0,00:00:00/992-15:48:30,386) [mpt_poll_3]
(root,0,0,00:00:00/992-15:48:30,387) [mpt/3]
(root,0,0,00:00:00/992-15:48:30,388) [scsi_eh_5]
(root,0,0,00:00:00/992-15:48:30,389) [scsi_tmf_5]
(root,0,0,00:00:00/992-15:48:30,457) [kdmflush]
(root,0,0,00:00:00/992-15:48:30,458) [bioset]
(root,0,0,00:00:00/992-15:48:30,468) [kdmflush]
(root,0,0,00:00:00/992-15:48:30,470) [bioset]
(root,0,0,00:00:00/992-15:48:30,483) [bioset]
(root,0,0,00:00:00/992-15:48:30,484) [xfsalloc]
(root,0,0,00:00:00/992-15:48:30,485) [xfs_mru_cache]
(root,0,0,00:00:00/992-15:48:30,486) [xfs-buf/dm-0]
(root,0,0,00:00:00/992-15:48:30,487) [xfs-data/dm-0]
(root,0,0,00:00:00/992-15:48:30,488) [xfs-conv/dm-0]
(root,0,0,00:00:00/992-15:48:30,489) [xfs-cil/dm-0]
(root,0,0,00:00:00/992-15:48:30,490) [xfs-reclaim/dm-]
(root,0,0,00:00:00/992-15:48:30,491) [xfs-log/dm-0]
(root,0,0,00:00:00/992-15:48:30,492) [xfs-eofblocks/d]
(root,0,0,07:29:38/992-15:48:30,493) [xfsaild/dm-0]
(root,0,0,00:04:08/992-15:48:30,494) [kworker/0:1H]
(root,39548,4632,02:20:00/992-15:48:29,574) /usr/lib/systemd/systemd-journald
(root,44692,908,00:00:23/992-15:48:29,600) /usr/lib/systemd/systemd-udevd
(root,198568,604,00:00:07/992-15:48:29,601) /usr/sbin/lvmetad -f
(root,0,0,00:00:00/992-15:48:27,751) [xfs-buf/sda1]
(root,0,0,00:00:00/992-15:48:27,752) [xfs-data/sda1]
(root,0,0,00:00:00/992-15:48:27,753) [xfs-conv/sda1]
(root,0,0,00:00:00/992-15:48:27,754) [xfs-cil/sda1]
(root,0,0,00:00:00/992-15:48:27,755) [xfs-reclaim/sda]
(root,0,0,00:00:00/992-15:48:27,756) [xfs-log/sda1]
(root,0,0,00:00:00/992-15:48:27,757) [xfs-eofblocks/s]
(root,0,0,00:00:14/992-15:48:27,758) [xfsaild/sda1]
(root,55528,596,00:34:12/992-15:48:26,775) /sbin/auditd
(root,26380,1152,00:08:31/992-15:48:26,797) /usr/lib/systemd/systemd-logind
(root,99684,480,00:00:00/992-15:48:26,799) /usr/bin/VGAuthService -s
(root,231444,1732,19:29:43/992-15:48:26,800) /usr/bin/vmtoolsd
(dbus,58236,1280,00:24:06/992-15:48:26,802) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation
(root,21684,620,01:13:00/992-15:48:26,808) /usr/sbin/irqbalance --foreground
(root,476340,1720,00:25:31/992-15:48:26,815) /usr/sbin/NetworkManager --no-daemon
(polkitd,612372,1404,00:00:56/992-15:48:26,817) /usr/lib/polkit-1/polkitd --no-debug
(root,126324,680,00:02:38/992-15:48:26,820) /usr/sbin/crond -n
(root,110108,388,00:00:00/992-15:48:26,826) /sbin/agetty --noclear tty1 linux
(ntp,25728,980,00:13:32/992-15:48:26,841) /usr/sbin/ntpd -u ntp:ntp -g
(root,0,0,00:04:38/992-15:48:26,979) [kworker/1:1H]
(root,218220,2224,04:56:54/992-15:48:25,1094) /opt/web/powerdns-admin/flask/bin/python3 /opt/web/powerdns-admin/flask/bin/gunicorn --workers 2 --bind unix:/opt/web/powerdns-admin/powerdns-admin.sock app:app
(root,112920,888,00:40:31/992-15:48:25,1095) /usr/sbin/sshd -D
(root,574200,4804,03:17:42/992-15:48:25,1096) /usr/bin/python2 -Es /usr/sbin/tuned -l -P
(root,27168,364,00:00:00/992-15:48:25,1099) /usr/sbin/xinetd -stayalive -pidfile /var/run/xinetd.pid
(root,408976,7252,02:17:28/992-15:48:25,1100) /usr/sbin/rsyslogd -n
(root,57056,1812,00:00:07/992-15:48:25,1132) nginx: master process /usr/sbin/nginx -c /etc/nginx/nginx.conf
(mysql,1768744,69120,17:24:17/992-15:48:25,1167) /usr/sbin/mysqld
(root,2864592,2366780,3-18:58:50/992-15:48:24,1296) /usr/bin/python2 -s /usr/bin/fail2ban-server -s /var/run/fail2ban/fail2ban.sock -p /var/run/fail2ban/fail2ban.pid -x -b
(root,90356,692,00:05:16/992-15:48:24,1335) /usr/libexec/postfix/master -w
(postfix,90636,676,00:01:14/992-15:48:24,1350) qmgr -l -t unix -u
(nginx,57568,3084,00:00:00/18:46:33,25252) nginx: worker process
(root,400876,61548,00:37:28/832-01:19:22,49663) /opt/web/powerdns-admin/flask/bin/python3 /opt/web/powerdns-admin/flask/bin/gunicorn --workers 2 --bind unix:/opt/web/powerdns-admin/powerdns-admin.sock app:app
(root,389972,59804,00:37:18/832-01:19:22,49664) /opt/web/powerdns-admin/flask/bin/python3 /opt/web/powerdns-admin/flask/bin/gunicorn --workers 2 --bind unix:/opt/web/powerdns-admin/powerdns-admin.sock app:app
(pdns,1366580,16448,02:18:53/406-07:17:44,61407) /usr/sbin/pdns_server --guardian=no --daemon=no --disable-syslog --no-shuffle --log-timestamp=no --write-pid=no
(root,1759584,23436,1-03:43:27/231-21:32:40,87364) //opt/acronis/aakore run
(root,446088,5304,00:13:57/231-21:32:40,87372) /opt/acronis/bin/cred-store --aakore-control
(root,570360,5164,00:50:17/231-21:32:40,87374) /opt/acronis/bin/grpm-sync-unit run
(root,607112,19352,09:02:43/231-21:32:40,87377) /opt/acronis/bin/task-manager --config task-manager.yaml
(root,1168540,6256,03:25:03/231-21:32:40,87378) /opt/acronis/bin/updater -e
(root,1140948,7548,02:27:44/231-21:32:40,87379) /opt/acronis/bin/adp-agent -e
(root,845872,4104,01:33:45/231-21:32:38,87470) /usr/lib/Acronis/Schedule/schedul2-bin
(root,726500,157332,14:35:55/231-21:32:36,87500) /usr/lib/Acronis/BackupAndRecovery/mms
(root,1488980,22780,01:52:58/231-21:32:33,87566) /usr/lib/Acronis/APL/active-protection --conf_file=/etc/Acronis/APL/active-protection.conf
(root,0,0,00:00:00/231-21:32:32,87582) [snapapid]
(root,1009512,6172,00:32:48/231-21:32:31,87601) /usr/lib/Acronis/UpdateController/acp-update-controller -e --update-controller
(root,0,0,00:00:00/231-21:32:31,87608) [acp-update-cont] <defunct>
(root,0,0,00:00:00/02:45:33,98910) [kworker/0:0]
(root,0,0,00:00:00/01:34:33,108990) [kworker/1:0]
(root,0,0,00:00:03/45:33,115948) [kworker/0:1]
(root,0,0,00:00:00/28:53,118366) [kworker/u256:0]
(postfix,90460,4176,00:00:00/27:31,118524) pickup -l -t unix -u
(root,0,0,00:00:00/11:20,120788) [kworker/1:2]
(root,0,0,00:00:00/11:05,120890) [kworker/u256:1]
(root,0,0,00:00:00/06:19,121496) [kworker/1:1]
(root,0,0,00:00:00/04:52,121747) [kworker/u256:2]
(root,0,0,00:00:00/03:19,121912) [kworker/1:3]
(root,112920,4288,00:00:00/00:27,122326) sshd: [accepted]
(root,113192,1588,00:00:00/00:00,122602) /bin/bash /usr/bin/check_mk_agent
(root,51752,1680,00:00:00/00:00,122618) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000
(root,13324,928,00:00:00/00:00,122619) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) /
(root,0,0,00:00:00/991-22:55:02,123861) [cifsiod]
(root,0,0,00:00:00/991-22:55:02,123862) [cifsoplockd]

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: ens35: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether 06:5a:38:00:02:07 brd ff:ff:ff:ff:ff:ff
[end_iplink]

Found on 2023-02-08 21:46

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcb76c1b6ce66f06e793f105f6bdf22204e10309399

Found public CheckMk agent:
Version: 1.5.0p7
AgentOS: linux
Hostname: master.gi-dns.com
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local

Found process list through CheckMk:
(root,191076,2992,07:19:54/941-23:12:02,1) /usr/lib/systemd/systemd --switched-root --system --deserialize 22
(root,0,0,00:00:25/941-23:12:02,2) [kthreadd]
(root,0,0,00:00:00/941-23:12:02,4) [kworker/0:0H]
(root,0,0,00:29:39/941-23:12:02,6) [ksoftirqd/0]
(root,0,0,00:05:10/941-23:12:02,7) [migration/0]
(root,0,0,00:00:00/941-23:12:02,8) [rcu_bh]
(root,0,0,23:56:35/941-23:12:02,9) [rcu_sched]
(root,0,0,00:00:00/941-23:12:02,10) [lru-add-drain]
(root,0,0,00:06:56/941-23:12:02,11) [watchdog/0]
(root,0,0,00:06:07/941-23:12:02,12) [watchdog/1]
(root,0,0,00:05:31/941-23:12:02,13) [migration/1]
(root,0,0,00:06:08/941-23:12:02,14) [ksoftirqd/1]
(root,0,0,00:00:00/941-23:12:02,16) [kworker/1:0H]
(root,0,0,00:00:00/941-23:12:02,18) [kdevtmpfs]
(root,0,0,00:00:00/941-23:12:02,19) [netns]
(root,0,0,00:01:19/941-23:12:02,20) [khungtaskd]
(root,0,0,00:00:00/941-23:12:02,21) [writeback]
(root,0,0,00:00:00/941-23:12:02,22) [kintegrityd]
(root,0,0,00:00:00/941-23:12:02,23) [bioset]
(root,0,0,00:00:00/941-23:12:02,24) [bioset]
(root,0,0,00:00:00/941-23:12:02,25) [bioset]
(root,0,0,00:00:00/941-23:12:02,26) [kblockd]
(root,0,0,00:00:00/941-23:12:02,27) [md]
(root,0,0,00:00:00/941-23:12:02,28) [edac-poller]
(root,0,0,00:00:00/941-23:12:02,29) [watchdogd]
(root,0,0,00:02:07/941-23:12:01,35) [kswapd0]
(root,0,0,00:00:00/941-23:12:01,36) [ksmd]
(root,0,0,00:04:19/941-23:12:01,37) [khugepaged]
(root,0,0,00:00:00/941-23:12:01,38) [crypto]
(root,0,0,00:00:00/941-23:12:01,46) [kthrotld]
(root,0,0,00:00:00/941-23:12:01,48) [kmpath_rdacd]
(root,0,0,00:00:00/941-23:12:01,49) [kaluad]
(root,0,0,00:00:00/941-23:12:01,51) [kpsmoused]
(root,0,0,00:00:00/941-23:12:01,53) [ipv6_addrconf]
(root,0,0,00:00:00/941-23:12:01,66) [deferwq]
(root,0,0,00:07:38/941-23:12:01,101) [kauditd]
(root,0,0,00:00:00/941-23:12:01,282) [nfit]
(root,0,0,00:00:00/941-23:12:01,283) [mpt_poll_0]
(root,0,0,00:00:00/941-23:12:01,284) [mpt/0]
(root,0,0,00:00:00/941-23:12:01,285) [ata_sff]
(root,0,0,00:00:00/941-23:12:01,315) [scsi_eh_0]
(root,0,0,00:00:00/941-23:12:01,319) [scsi_tmf_0]
(root,0,0,00:00:06/941-23:12:01,353) [scsi_eh_1]
(root,0,0,00:00:00/941-23:12:01,355) [scsi_tmf_1]
(root,0,0,00:00:00/941-23:12:01,358) [scsi_eh_2]
(root,0,0,00:00:00/941-23:12:01,359) [scsi_tmf_2]
(root,0,0,04:26:13/941-23:12:01,362) [irq/16-vmwgfx]
(root,0,0,00:00:00/941-23:12:01,365) [ttm_swap]
(root,0,0,00:00:00/941-23:12:00,376) [mpt_poll_1]
(root,0,0,00:00:00/941-23:12:00,377) [mpt/1]
(root,0,0,00:00:00/941-23:12:00,380) [scsi_eh_3]
(root,0,0,00:00:00/941-23:12:00,381) [scsi_tmf_3]
(root,0,0,00:00:00/941-23:12:00,382) [mpt_poll_2]
(root,0,0,00:00:00/941-23:12:00,383) [mpt/2]
(root,0,0,00:00:00/941-23:12:00,384) [scsi_eh_4]
(root,0,0,00:00:00/941-23:12:00,385) [scsi_tmf_4]
(root,0,0,00:00:00/941-23:12:00,386) [mpt_poll_3]
(root,0,0,00:00:00/941-23:12:00,387) [mpt/3]
(root,0,0,00:00:00/941-23:12:00,388) [scsi_eh_5]
(root,0,0,00:00:00/941-23:12:00,389) [scsi_tmf_5]
(root,0,0,00:00:00/941-23:12:00,457) [kdmflush]
(root,0,0,00:00:00/941-23:12:00,458) [bioset]
(root,0,0,00:00:00/941-23:12:00,468) [kdmflush]
(root,0,0,00:00:00/941-23:12:00,470) [bioset]
(root,0,0,00:00:00/941-23:12:00,483) [bioset]
(root,0,0,00:00:00/941-23:12:00,484) [xfsalloc]
(root,0,0,00:00:00/941-23:12:00,485) [xfs_mru_cache]
(root,0,0,00:00:00/941-23:12:00,486) [xfs-buf/dm-0]
(root,0,0,00:00:00/941-23:12:00,487) [xfs-data/dm-0]
(root,0,0,00:00:00/941-23:12:00,488) [xfs-conv/dm-0]
(root,0,0,00:00:00/941-23:12:00,489) [xfs-cil/dm-0]
(root,0,0,00:00:00/941-23:12:00,490) [xfs-reclaim/dm-]
(root,0,0,00:00:00/941-23:12:00,491) [xfs-log/dm-0]
(root,0,0,00:00:00/941-23:12:00,492) [xfs-eofblocks/d]
(root,0,0,07:10:02/941-23:12:00,493) [xfsaild/dm-0]
(root,0,0,00:03:56/941-23:12:00,494) [kworker/0:1H]
(root,55932,19412,02:13:37/941-23:11:59,574) /usr/lib/systemd/systemd-journald
(root,44692,912,00:00:21/941-23:11:59,600) /usr/lib/systemd/systemd-udevd
(root,198568,612,00:00:07/941-23:11:59,601) /usr/sbin/lvmetad -f
(root,0,0,00:00:00/941-23:11:57,751) [xfs-buf/sda1]
(root,0,0,00:00:00/941-23:11:57,752) [xfs-data/sda1]
(root,0,0,00:00:00/941-23:11:57,753) [xfs-conv/sda1]
(root,0,0,00:00:00/941-23:11:57,754) [xfs-cil/sda1]
(root,0,0,00:00:00/941-23:11:57,755) [xfs-reclaim/sda]
(root,0,0,00:00:00/941-23:11:57,756) [xfs-log/sda1]
(root,0,0,00:00:00/941-23:11:57,757) [xfs-eofblocks/s]
(root,0,0,00:00:13/941-23:11:57,758) [xfsaild/sda1]
(root,55528,612,00:32:58/941-23:11:56,775) /sbin/auditd
(root,26380,1152,00:08:06/941-23:11:56,797) /usr/lib/systemd/systemd-logind
(root,99684,480,00:00:00/941-23:11:56,799) /usr/bin/VGAuthService -s
(root,231444,1732,18:36:25/941-23:11:56,800) /usr/bin/vmtoolsd
(dbus,58236,1284,00:22:57/941-23:11:56,802) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation
(root,21684,620,01:09:25/941-23:11:56,808) /usr/sbin/irqbalance --foreground
(root,476340,1480,00:24:20/941-23:11:56,815) /usr/sbin/NetworkManager --no-daemon
(polkitd,612372,1416,00:00:53/941-23:11:56,817) /usr/lib/polkit-1/polkitd --no-debug
(root,126324,680,00:02:30/941-23:11:56,820) /usr/sbin/crond -n
(root,110108,388,00:00:00/941-23:11:56,826) /sbin/agetty --noclear tty1 linux
(ntp,25728,984,00:12:54/941-23:11:56,841) /usr/sbin/ntpd -u ntp:ntp -g
(root,0,0,00:04:25/941-23:11:56,979) [kworker/1:1H]
(root,218220,3484,04:42:22/941-23:11:55,1094) /opt/web/powerdns-admin/flask/bin/python3 /opt/web/powerdns-admin/flask/bin/gunicorn --workers 2 --bind unix:/opt/web/powerdns-admin/powerdns-admin.sock app:app
(root,112920,888,00:38:57/941-23:11:55,1095) /usr/sbin/sshd -D
(root,574200,4844,03:08:09/941-23:11:55,1096) /usr/bin/python2 -Es /usr/sbin/tuned -l -P
(root,27168,364,00:00:00/941-23:11:55,1099) /usr/sbin/xinetd -stayalive -pidfile /var/run/xinetd.pid
(root,413028,15512,02:11:10/941-23:11:55,1100) /usr/sbin/rsyslogd -n
(root,57056,2572,00:00:07/941-23:11:55,1132) nginx: master process /usr/sbin/nginx -c /etc/nginx/nginx.conf
(mysql,1768744,82548,16:34:48/941-23:11:55,1167) /usr/sbin/mysqld
(root,2778824,2301552,3-14:01:39/941-23:11:54,1296) /usr/bin/python2 -s /usr/bin/fail2ban-server -s /var/run/fail2ban/fail2ban.sock -p /var/run/fail2ban/fail2ban.pid -x -b
(root,90356,692,00:05:01/941-23:11:54,1335) /usr/libexec/postfix/master -w
(postfix,90636,868,00:01:10/941-23:11:54,1350) qmgr -l -t unix -u
(root,401388,81836,00:35:11/781-08:42:52,49663) /opt/web/powerdns-admin/flask/bin/python3 /opt/web/powerdns-admin/flask/bin/gunicorn --workers 2 --bind unix:/opt/web/powerdns-admin/powerdns-admin.sock app:app
(root,389972,59440,00:35:04/781-08:42:52,49664) /opt/web/powerdns-admin/flask/bin/python3 /opt/web/powerdns-admin/flask/bin/gunicorn --workers 2 --bind unix:/opt/web/powerdns-admin/powerdns-admin.sock app:app
(nginx,57484,2240,00:00:00/02:10:03,55586) nginx: worker process
(root,0,0,00:00:00/02:10:03,55588) [kworker/1:1]
(pdns,1366580,16236,02:02:44/355-14:41:14,61407) /usr/sbin/pdns_server --guardian=no --daemon=no --disable-syslog --no-shuffle --log-timestamp=no --write-pid=no
(root,0,0,00:00:00/01:10:44,64363) [kworker/u256:1]
(postfix,90460,4172,00:00:00/25:46,71072) pickup -l -t unix -u
(root,0,0,00:00:00/15:34,72525) [kworker/u256:0]
(root,0,0,00:00:00/13:51,72810) [kworker/0:0]
(root,0,0,00:00:00/10:51,73260) [kworker/0:1]
(root,0,0,00:00:00/09:03,73479) [kworker/1:0]
(root,0,0,00:00:00/05:50,74014) [kworker/0:2]
(root,0,0,00:00:00/02:50,74439) [kworker/0:3]
(root,113192,1584,00:00:00/00:00,74939) /bin/bash /usr/bin/check_mk_agent
(root,51752,1680,00:00:00/00:00,74955) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000
(root,13324,928,00:00:00/00:00,74956) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) /
(root,1759584,24176,21:44:16/181-04:56:10,87364) //opt/acronis/aakore run
(root,446088,6480,00:10:56/181-04:56:10,87372) /opt/acronis/bin/cred-store --aakore-control
(root,570360,5832,00:39:23/181-04:56:10,87374) /opt/acronis/bin/grpm-sync-unit run
(root,607112,19604,07:06:53/181-04:56:10,87377) /opt/acronis/bin/task-manager --config task-manager.yaml
(root,1168540,6056,02:41:44/181-04:56:10,87378) /opt/acronis/bin/updater -e
(root,1140948,7824,01:56:38/181-04:56:10,87379) /opt/acronis/bin/adp-agent -e
(root,845872,4240,01:14:05/181-04:56:08,87470) /usr/lib/Acronis/Schedule/schedul2-bin
(root,713188,145480,11:09:33/181-04:56:06,87500) /usr/lib/Acronis/BackupAndRecovery/mms
(root,1488980,23136,01:28:43/181-04:56:03,87566) /usr/lib/Acronis/APL/active-protection --conf_file=/etc/Acronis/APL/active-protection.conf
(root,0,0,00:00:00/181-04:56:02,87582) [snapapid]
(root,1009512,6556,00:25:43/181-04:56:01,87601) /usr/lib/Acronis/UpdateController/acp-update-controller -e --update-controller
(root,0,0,00:00:00/181-04:56:01,87608) [acp-update-cont] <defunct>
(root,0,0,00:00:00/941-06:18:32,123861) [cifsiod]
(root,0,0,00:00:00/941-06:18:32,123862) [cifsoplockd]

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: ens35: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether 06:5a:38:00:02:07 brd ff:ff:ff:ff:ff:ff
[end_iplink]

Found on 2022-12-20 05:10

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcb76c1b6ce66f06e793f105f6bdf22204ebaf694a3

Found public CheckMk agent:
Version: 1.5.0p7
AgentOS: linux
Hostname: master.gi-dns.com
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local

Found process list through CheckMk:
(root,191076,3000,06:24:27/875-11:57:25,1) /usr/lib/systemd/systemd --switched-root --system --deserialize 22
(root,0,0,00:00:23/875-11:57:25,2) [kthreadd]
(root,0,0,00:00:00/875-11:57:25,4) [kworker/0:0H]
(root,0,0,00:27:26/875-11:57:25,6) [ksoftirqd/0]
(root,0,0,00:04:50/875-11:57:25,7) [migration/0]
(root,0,0,00:00:00/875-11:57:25,8) [rcu_bh]
(root,0,0,22:00:08/875-11:57:25,9) [rcu_sched]
(root,0,0,00:00:00/875-11:57:25,10) [lru-add-drain]
(root,0,0,00:06:26/875-11:57:25,11) [watchdog/0]
(root,0,0,00:05:42/875-11:57:25,12) [watchdog/1]
(root,0,0,00:05:10/875-11:57:25,13) [migration/1]
(root,0,0,00:05:32/875-11:57:25,14) [ksoftirqd/1]
(root,0,0,00:00:00/875-11:57:25,16) [kworker/1:0H]
(root,0,0,00:00:00/875-11:57:25,18) [kdevtmpfs]
(root,0,0,00:00:00/875-11:57:25,19) [netns]
(root,0,0,00:01:13/875-11:57:25,20) [khungtaskd]
(root,0,0,00:00:00/875-11:57:25,21) [writeback]
(root,0,0,00:00:00/875-11:57:25,22) [kintegrityd]
(root,0,0,00:00:00/875-11:57:25,23) [bioset]
(root,0,0,00:00:00/875-11:57:25,24) [bioset]
(root,0,0,00:00:00/875-11:57:25,25) [bioset]
(root,0,0,00:00:00/875-11:57:25,26) [kblockd]
(root,0,0,00:00:00/875-11:57:25,27) [md]
(root,0,0,00:00:00/875-11:57:25,28) [edac-poller]
(root,0,0,00:00:00/875-11:57:25,29) [watchdogd]
(root,0,0,00:01:26/875-11:57:24,35) [kswapd0]
(root,0,0,00:00:00/875-11:57:24,36) [ksmd]
(root,0,0,00:03:59/875-11:57:24,37) [khugepaged]
(root,0,0,00:00:00/875-11:57:24,38) [crypto]
(root,0,0,00:00:00/875-11:57:24,46) [kthrotld]
(root,0,0,00:00:00/875-11:57:24,48) [kmpath_rdacd]
(root,0,0,00:00:00/875-11:57:24,49) [kaluad]
(root,0,0,00:00:00/875-11:57:24,51) [kpsmoused]
(root,0,0,00:00:00/875-11:57:24,53) [ipv6_addrconf]
(root,0,0,00:00:00/875-11:57:24,66) [deferwq]
(root,0,0,00:07:16/875-11:57:24,101) [kauditd]
(root,0,0,00:00:00/875-11:57:24,282) [nfit]
(root,0,0,00:00:00/875-11:57:24,283) [mpt_poll_0]
(root,0,0,00:00:00/875-11:57:24,284) [mpt/0]
(root,0,0,00:00:00/875-11:57:24,285) [ata_sff]
(root,0,0,00:00:00/875-11:57:24,315) [scsi_eh_0]
(root,0,0,00:00:00/875-11:57:24,319) [scsi_tmf_0]
(root,0,0,00:00:06/875-11:57:24,353) [scsi_eh_1]
(root,0,0,00:00:00/875-11:57:24,355) [scsi_tmf_1]
(root,0,0,00:00:00/875-11:57:24,358) [scsi_eh_2]
(root,0,0,00:00:00/875-11:57:24,359) [scsi_tmf_2]
(root,0,0,04:08:15/875-11:57:24,362) [irq/16-vmwgfx]
(root,0,0,00:00:00/875-11:57:24,365) [ttm_swap]
(root,0,0,00:00:00/875-11:57:23,376) [mpt_poll_1]
(root,0,0,00:00:00/875-11:57:23,377) [mpt/1]
(root,0,0,00:00:00/875-11:57:23,380) [scsi_eh_3]
(root,0,0,00:00:00/875-11:57:23,381) [scsi_tmf_3]
(root,0,0,00:00:00/875-11:57:23,382) [mpt_poll_2]
(root,0,0,00:00:00/875-11:57:23,383) [mpt/2]
(root,0,0,00:00:00/875-11:57:23,384) [scsi_eh_4]
(root,0,0,00:00:00/875-11:57:23,385) [scsi_tmf_4]
(root,0,0,00:00:00/875-11:57:23,386) [mpt_poll_3]
(root,0,0,00:00:00/875-11:57:23,387) [mpt/3]
(root,0,0,00:00:00/875-11:57:23,388) [scsi_eh_5]
(root,0,0,00:00:00/875-11:57:23,389) [scsi_tmf_5]
(root,0,0,00:00:00/875-11:57:23,457) [kdmflush]
(root,0,0,00:00:00/875-11:57:23,458) [bioset]
(root,0,0,00:00:00/875-11:57:23,468) [kdmflush]
(root,0,0,00:00:00/875-11:57:23,470) [bioset]
(root,0,0,00:00:00/875-11:57:23,483) [bioset]
(root,0,0,00:00:00/875-11:57:23,484) [xfsalloc]
(root,0,0,00:00:00/875-11:57:23,485) [xfs_mru_cache]
(root,0,0,00:00:00/875-11:57:23,486) [xfs-buf/dm-0]
(root,0,0,00:00:00/875-11:57:23,487) [xfs-data/dm-0]
(root,0,0,00:00:00/875-11:57:23,488) [xfs-conv/dm-0]
(root,0,0,00:00:00/875-11:57:23,489) [xfs-cil/dm-0]
(root,0,0,00:00:00/875-11:57:23,490) [xfs-reclaim/dm-]
(root,0,0,00:00:00/875-11:57:23,491) [xfs-log/dm-0]
(root,0,0,00:00:00/875-11:57:23,492) [xfs-eofblocks/d]
(root,0,0,06:42:34/875-11:57:23,493) [xfsaild/dm-0]
(root,0,0,00:03:41/875-11:57:23,494) [kworker/0:1H]
(root,47732,9372,02:04:37/875-11:57:22,574) /usr/lib/systemd/systemd-journald
(root,44692,972,00:00:19/875-11:57:22,600) /usr/lib/systemd/systemd-udevd
(root,198568,672,00:00:06/875-11:57:22,601) /usr/sbin/lvmetad -f
(root,0,0,00:00:00/875-11:57:20,751) [xfs-buf/sda1]
(root,0,0,00:00:00/875-11:57:20,752) [xfs-data/sda1]
(root,0,0,00:00:00/875-11:57:20,753) [xfs-conv/sda1]
(root,0,0,00:00:00/875-11:57:20,754) [xfs-cil/sda1]
(root,0,0,00:00:00/875-11:57:20,755) [xfs-reclaim/sda]
(root,0,0,00:00:00/875-11:57:20,756) [xfs-log/sda1]
(root,0,0,00:00:00/875-11:57:20,757) [xfs-eofblocks/s]
(root,0,0,00:00:11/875-11:57:20,758) [xfsaild/sda1]
(root,55528,612,00:31:20/875-11:57:19,775) /sbin/auditd
(root,26380,1144,00:07:31/875-11:57:19,797) /usr/lib/systemd/systemd-logind
(root,99684,480,00:00:00/875-11:57:19,799) /usr/bin/VGAuthService -s
(root,231444,1732,17:22:37/875-11:57:19,800) /usr/bin/vmtoolsd
(dbus,58236,1288,00:21:17/875-11:57:19,802) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation
(root,21684,620,01:04:40/875-11:57:19,808) /usr/sbin/irqbalance --foreground
(root,476340,1532,00:22:42/875-11:57:19,815) /usr/sbin/NetworkManager --no-daemon
(polkitd,612372,1492,00:00:49/875-11:57:19,817) /usr/lib/polkit-1/polkitd --no-debug
(root,126324,684,00:02:20/875-11:57:19,820) /usr/sbin/crond -n
(root,110108,388,00:00:00/875-11:57:19,826) /sbin/agetty --noclear tty1 linux
(root,0,0,00:00:00/36:49,838) [kworker/u256:2]
(ntp,25728,980,00:11:59/875-11:57:19,841) /usr/sbin/ntpd -u ntp:ntp -g
(root,0,0,00:04:06/875-11:57:19,979) [kworker/1:1H]
(root,218220,3720,04:22:56/875-11:57:18,1094) /opt/web/powerdns-admin/flask/bin/python3 /opt/web/powerdns-admin/flask/bin/gunicorn --workers 2 --bind unix:/opt/web/powerdns-admin/powerdns-admin.sock app:app
(root,112920,888,00:37:12/875-11:57:18,1095) /usr/sbin/sshd -D
(root,574200,4900,02:55:22/875-11:57:18,1096) /usr/bin/python2 -Es /usr/sbin/tuned -l -P
(root,27168,364,00:00:00/875-11:57:18,1099) /usr/sbin/xinetd -stayalive -pidfile /var/run/xinetd.pid
(root,396644,11096,02:02:13/875-11:57:18,1100) /usr/sbin/rsyslogd -n
(root,57056,2584,00:00:06/875-11:57:18,1132) nginx: master process /usr/sbin/nginx -c /etc/nginx/nginx.conf
(mysql,1768744,84476,15:27:27/875-11:57:18,1167) /usr/sbin/mysqld
(root,2719124,2199860,3-05:42:35/875-11:57:17,1296) /usr/bin/python2 -s /usr/bin/fail2ban-server -s /var/run/fail2ban/fail2ban.sock -p /var/run/fail2ban/fail2ban.pid -x -b
(root,90356,692,00:04:41/875-11:57:17,1335) /usr/libexec/postfix/master -w
(postfix,90636,880,00:01:05/875-11:57:17,1350) qmgr -l -t unix -u
(root,0,0,00:00:02/31:41,1607) [kworker/0:0]
(root,0,0,00:00:00/30:38,1846) [kworker/u256:1]
(root,0,0,00:00:00/05:37,5370) [kworker/1:3]
(postfix,90460,4172,00:00:00/03:31,5656) pickup -l -t unix -u
(root,158804,5304,00:00:00/01:38,5928) sshd: unknown [priv]
(sshd,112920,2224,00:00:00/01:37,5929) sshd: unknown [net]
(root,0,0,00:00:00/00:36,6073) [kworker/1:0]
(root,113192,1584,00:00:00/00:00,6273) /bin/bash /usr/bin/check_mk_agent
(root,51752,1680,00:00:00/00:00,6289) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000
(root,13324,928,00:00:00/00:00,6290) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) /
(root,386968,64584,00:32:12/714-21:28:15,49663) /opt/web/powerdns-admin/flask/bin/python3 /opt/web/powerdns-admin/flask/bin/gunicorn --workers 2 --bind unix:/opt/web/powerdns-admin/powerdns-admin.sock app:app
(root,389716,60624,00:32:11/714-21:28:15,49664) /opt/web/powerdns-admin/flask/bin/python3 /opt/web/powerdns-admin/flask/bin/gunicorn --workers 2 --bind unix:/opt/web/powerdns-admin/powerdns-admin.sock app:app
(pdns,1366580,17112,01:41:11/289-03:26:37,61407) /usr/sbin/pdns_server --guardian=no --daemon=no --disable-syslog --no-shuffle --log-timestamp=no --write-pid=no
(root,1759328,23624,13:46:16/114-17:41:33,87364) //opt/acronis/aakore run
(root,446088,6324,00:06:56/114-17:41:33,87372) /opt/acronis/bin/cred-store --aakore-control
(root,570360,5568,00:25:03/114-17:41:33,87374) /opt/acronis/bin/grpm-sync-unit run
(root,607112,19776,04:30:12/114-17:41:33,87377) /opt/acronis/bin/task-manager --config task-manager.yaml
(root,1168540,6276,01:42:47/114-17:41:33,87378) /opt/acronis/bin/updater -e
(root,1140948,9356,01:14:24/114-17:41:33,87379) /opt/acronis/bin/adp-agent -e
(root,845872,5380,00:47:13/114-17:41:31,87470) /usr/lib/Acronis/Schedule/schedul2-bin
(root,712164,178688,06:50:41/114-17:41:29,87500) /usr/lib/Acronis/BackupAndRecovery/mms
(root,1488980,23400,00:56:28/114-17:41:26,87566) /usr/lib/Acronis/APL/active-protection --conf_file=/etc/Acronis/APL/active-protection.conf
(root,0,0,00:00:00/114-17:41:25,87582) [snapapid]
(root,1009512,7860,00:16:18/114-17:41:24,87601) /usr/lib/Acronis/UpdateController/acp-update-controller -e --update-controller
(root,0,0,00:00:00/114-17:41:24,87608) [acp-update-cont] <defunct>
(root,0,0,00:00:00/874-19:03:55,123861) [cifsiod]
(root,0,0,00:00:00/874-19:03:55,123862) [cifsoplockd]
(root,0,0,00:00:00/01:26:46,123928) [kworker/1:2]
(root,0,0,00:00:01/54:26,129131) [kworker/0:1]
(nginx,57480,3608,00:00:00/15:55:26,130546) nginx: worker process

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: ens35: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether 06:5a:38:00:02:07 brd ff:ff:ff:ff:ff:ff
[end_iplink]

Found on 2022-10-14 17:55

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcb76c1b6ce66f06e793f105f6bdf22204e39988b54

Found public CheckMk agent:
Version: 1.5.0p7
AgentOS: linux
Hostname: master.gi-dns.com
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local

Found process list through CheckMk:
(root,191076,3000,06:23:23/874-04:17:28,1) /usr/lib/systemd/systemd --switched-root --system --deserialize 22
(root,0,0,00:00:23/874-04:17:28,2) [kthreadd]
(root,0,0,00:00:00/874-04:17:28,4) [kworker/0:0H]
(root,0,0,00:27:23/874-04:17:28,6) [ksoftirqd/0]
(root,0,0,00:04:50/874-04:17:28,7) [migration/0]
(root,0,0,00:00:00/874-04:17:28,8) [rcu_bh]
(root,0,0,21:57:52/874-04:17:28,9) [rcu_sched]
(root,0,0,00:00:00/874-04:17:28,10) [lru-add-drain]
(root,0,0,00:06:25/874-04:17:28,11) [watchdog/0]
(root,0,0,00:05:42/874-04:17:28,12) [watchdog/1]
(root,0,0,00:05:10/874-04:17:28,13) [migration/1]
(root,0,0,00:05:31/874-04:17:28,14) [ksoftirqd/1]
(root,0,0,00:00:00/874-04:17:28,16) [kworker/1:0H]
(root,0,0,00:00:00/874-04:17:28,18) [kdevtmpfs]
(root,0,0,00:00:00/874-04:17:28,19) [netns]
(root,0,0,00:01:13/874-04:17:28,20) [khungtaskd]
(root,0,0,00:00:00/874-04:17:28,21) [writeback]
(root,0,0,00:00:00/874-04:17:28,22) [kintegrityd]
(root,0,0,00:00:00/874-04:17:28,23) [bioset]
(root,0,0,00:00:00/874-04:17:28,24) [bioset]
(root,0,0,00:00:00/874-04:17:28,25) [bioset]
(root,0,0,00:00:00/874-04:17:28,26) [kblockd]
(root,0,0,00:00:00/874-04:17:28,27) [md]
(root,0,0,00:00:00/874-04:17:28,28) [edac-poller]
(root,0,0,00:00:00/874-04:17:28,29) [watchdogd]
(root,0,0,00:01:25/874-04:17:27,35) [kswapd0]
(root,0,0,00:00:00/874-04:17:27,36) [ksmd]
(root,0,0,00:03:59/874-04:17:27,37) [khugepaged]
(root,0,0,00:00:00/874-04:17:27,38) [crypto]
(root,0,0,00:00:00/874-04:17:27,46) [kthrotld]
(root,0,0,00:00:00/874-04:17:27,48) [kmpath_rdacd]
(root,0,0,00:00:00/874-04:17:27,49) [kaluad]
(root,0,0,00:00:00/874-04:17:27,51) [kpsmoused]
(root,0,0,00:00:00/874-04:17:27,53) [ipv6_addrconf]
(root,0,0,00:00:00/874-04:17:27,66) [deferwq]
(root,0,0,00:07:15/874-04:17:27,101) [kauditd]
(root,0,0,00:00:00/874-04:17:27,282) [nfit]
(root,0,0,00:00:00/874-04:17:27,283) [mpt_poll_0]
(root,0,0,00:00:00/874-04:17:27,284) [mpt/0]
(root,0,0,00:00:00/874-04:17:27,285) [ata_sff]
(root,0,0,00:00:00/874-04:17:27,315) [scsi_eh_0]
(root,0,0,00:00:00/874-04:17:27,319) [scsi_tmf_0]
(root,0,0,00:00:06/874-04:17:27,353) [scsi_eh_1]
(root,0,0,00:00:00/874-04:17:27,355) [scsi_tmf_1]
(root,0,0,00:00:00/874-04:17:27,358) [scsi_eh_2]
(root,0,0,00:00:00/874-04:17:27,359) [scsi_tmf_2]
(root,0,0,04:07:53/874-04:17:27,362) [irq/16-vmwgfx]
(root,0,0,00:00:00/874-04:17:27,365) [ttm_swap]
(root,0,0,00:00:00/874-04:17:26,376) [mpt_poll_1]
(root,0,0,00:00:00/874-04:17:26,377) [mpt/1]
(root,0,0,00:00:00/874-04:17:26,380) [scsi_eh_3]
(root,0,0,00:00:00/874-04:17:26,381) [scsi_tmf_3]
(root,0,0,00:00:00/874-04:17:26,382) [mpt_poll_2]
(root,0,0,00:00:00/874-04:17:26,383) [mpt/2]
(root,0,0,00:00:00/874-04:17:26,384) [scsi_eh_4]
(root,0,0,00:00:00/874-04:17:26,385) [scsi_tmf_4]
(root,0,0,00:00:00/874-04:17:26,386) [mpt_poll_3]
(root,0,0,00:00:00/874-04:17:26,387) [mpt/3]
(root,0,0,00:00:00/874-04:17:26,388) [scsi_eh_5]
(root,0,0,00:00:00/874-04:17:26,389) [scsi_tmf_5]
(root,0,0,00:00:00/874-04:17:26,457) [kdmflush]
(root,0,0,00:00:00/874-04:17:26,458) [bioset]
(root,0,0,00:00:00/874-04:17:26,468) [kdmflush]
(root,0,0,00:00:00/874-04:17:26,470) [bioset]
(root,0,0,00:00:00/874-04:17:26,483) [bioset]
(root,0,0,00:00:00/874-04:17:26,484) [xfsalloc]
(root,0,0,00:00:00/874-04:17:26,485) [xfs_mru_cache]
(root,0,0,00:00:00/874-04:17:26,486) [xfs-buf/dm-0]
(root,0,0,00:00:00/874-04:17:26,487) [xfs-data/dm-0]
(root,0,0,00:00:00/874-04:17:26,488) [xfs-conv/dm-0]
(root,0,0,00:00:00/874-04:17:26,489) [xfs-cil/dm-0]
(root,0,0,00:00:00/874-04:17:26,490) [xfs-reclaim/dm-]
(root,0,0,00:00:00/874-04:17:26,491) [xfs-log/dm-0]
(root,0,0,00:00:00/874-04:17:26,492) [xfs-eofblocks/d]
(root,0,0,06:42:00/874-04:17:26,493) [xfsaild/dm-0]
(root,0,0,00:03:41/874-04:17:26,494) [kworker/0:1H]
(root,64116,22472,02:04:27/874-04:17:25,574) /usr/lib/systemd/systemd-journald
(root,44692,968,00:00:19/874-04:17:25,600) /usr/lib/systemd/systemd-udevd
(root,198568,668,00:00:06/874-04:17:25,601) /usr/sbin/lvmetad -f
(root,0,0,00:00:00/874-04:17:23,751) [xfs-buf/sda1]
(root,0,0,00:00:00/874-04:17:23,752) [xfs-data/sda1]
(root,0,0,00:00:00/874-04:17:23,753) [xfs-conv/sda1]
(root,0,0,00:00:00/874-04:17:23,754) [xfs-cil/sda1]
(root,0,0,00:00:00/874-04:17:23,755) [xfs-reclaim/sda]
(root,0,0,00:00:00/874-04:17:23,756) [xfs-log/sda1]
(root,0,0,00:00:00/874-04:17:23,757) [xfs-eofblocks/s]
(root,0,0,00:00:11/874-04:17:23,758) [xfsaild/sda1]
(root,55528,612,00:31:18/874-04:17:22,775) /sbin/auditd
(root,26380,1144,00:07:30/874-04:17:22,797) /usr/lib/systemd/systemd-logind
(root,99684,480,00:00:00/874-04:17:22,799) /usr/bin/VGAuthService -s
(root,231444,1732,17:21:08/874-04:17:22,800) /usr/bin/vmtoolsd
(dbus,58236,1288,00:21:15/874-04:17:22,802) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation
(root,21684,620,01:04:34/874-04:17:22,808) /usr/sbin/irqbalance --foreground
(root,476340,1532,00:22:40/874-04:17:22,815) /usr/sbin/NetworkManager --no-daemon
(polkitd,612372,1492,00:00:49/874-04:17:22,817) /usr/lib/polkit-1/polkitd --no-debug
(root,126324,684,00:02:20/874-04:17:22,820) /usr/sbin/crond -n
(root,110108,388,00:00:00/874-04:17:22,826) /sbin/agetty --noclear tty1 linux
(ntp,25728,1000,00:11:58/874-04:17:22,841) /usr/sbin/ntpd -u ntp:ntp -g
(root,0,0,00:04:05/874-04:17:22,979) [kworker/1:1H]
(root,218220,3720,04:22:32/874-04:17:21,1094) /opt/web/powerdns-admin/flask/bin/python3 /opt/web/powerdns-admin/flask/bin/gunicorn --workers 2 --bind unix:/opt/web/powerdns-admin/powerdns-admin.sock app:app
(root,112920,888,00:37:11/874-04:17:21,1095) /usr/sbin/sshd -D
(root,574200,4904,02:55:07/874-04:17:21,1096) /usr/bin/python2 -Es /usr/sbin/tuned -l -P
(root,27168,364,00:00:00/874-04:17:21,1099) /usr/sbin/xinetd -stayalive -pidfile /var/run/xinetd.pid
(root,413028,17520,02:02:02/874-04:17:21,1100) /usr/sbin/rsyslogd -n
(root,57056,2584,00:00:06/874-04:17:21,1132) nginx: master process /usr/sbin/nginx -c /etc/nginx/nginx.conf
(mysql,1768744,83804,15:26:05/874-04:17:21,1167) /usr/sbin/mysqld
(root,2725520,2200560,3-05:31:30/874-04:17:20,1296) /usr/bin/python2 -s /usr/bin/fail2ban-server -s /var/run/fail2ban/fail2ban.sock -p /var/run/fail2ban/fail2ban.pid -x -b
(root,90356,692,00:04:40/874-04:17:20,1335) /usr/libexec/postfix/master -w
(postfix,90636,880,00:01:05/874-04:17:20,1350) qmgr -l -t unix -u
(root,386968,64064,00:32:05/713-13:48:18,49663) /opt/web/powerdns-admin/flask/bin/python3 /opt/web/powerdns-admin/flask/bin/gunicorn --workers 2 --bind unix:/opt/web/powerdns-admin/powerdns-admin.sock app:app
(root,389716,60168,00:32:06/713-13:48:18,49664) /opt/web/powerdns-admin/flask/bin/python3 /opt/web/powerdns-admin/flask/bin/gunicorn --workers 2 --bind unix:/opt/web/powerdns-admin/powerdns-admin.sock app:app
(nginx,57480,2172,00:00:00/08:15:29,52546) nginx: worker process
(pdns,1366580,16340,01:40:45/287-19:46:40,61407) /usr/sbin/pdns_server --guardian=no --daemon=no --disable-syslog --no-shuffle --log-timestamp=no --write-pid=no
(root,1759328,23596,13:36:44/113-10:01:36,87364) //opt/acronis/aakore run
(root,446088,6400,00:06:51/113-10:01:36,87372) /opt/acronis/bin/cred-store --aakore-control
(root,570360,5760,00:24:46/113-10:01:36,87374) /opt/acronis/bin/grpm-sync-unit run
(root,607112,19768,04:27:06/113-10:01:36,87377) /opt/acronis/bin/task-manager --config task-manager.yaml
(root,1168540,6948,01:41:36/113-10:01:36,87378) /opt/acronis/bin/updater -e
(root,1140948,9360,01:13:33/113-10:01:36,87379) /opt/acronis/bin/adp-agent -e
(root,845872,5380,00:46:41/113-10:01:34,87470) /usr/lib/Acronis/Schedule/schedul2-bin
(root,712164,178812,06:45:33/113-10:01:32,87500) /usr/lib/Acronis/BackupAndRecovery/mms
(root,1488980,23208,00:55:50/113-10:01:29,87566) /usr/lib/Acronis/APL/active-protection --conf_file=/etc/Acronis/APL/active-protection.conf
(root,0,0,00:00:00/113-10:01:28,87582) [snapapid]
(root,1009512,7968,00:16:07/113-10:01:27,87601) /usr/lib/Acronis/UpdateController/acp-update-controller -e --update-controller
(root,0,0,00:00:00/113-10:01:27,87608) [acp-update-cont] <defunct>
(root,0,0,00:00:00/03:14:29,95470) [kworker/1:2]
(root,0,0,00:00:00/01:14:29,112290) [kworker/1:1]
(root,0,0,00:00:00/54:27,115061) [kworker/u256:1]
(root,0,0,00:00:01/21:16,119696) [kworker/0:1]
(root,0,0,00:00:00/13:34,120846) [kworker/u256:2]
(root,0,0,00:00:00/10:14,121279) [kworker/0:2]
(root,0,0,00:00:00/05:14,121992) [kworker/0:0]
(root,0,0,00:00:00/04:37,122118) [kworker/u256:0]
(postfix,90460,4176,00:00:00/03:46,122166) pickup -l -t unix -u
(root,0,0,00:00:00/02:13,122430) [kworker/0:3]
(root,161528,5832,00:00:00/01:50,122452) sshd: root [priv]
(sshd,112920,2488,00:00:00/01:49,122454) sshd: root [net]
(root,113192,1588,00:00:00/00:00,122899) /bin/bash /usr/bin/check_mk_agent
(root,51752,1680,00:00:00/00:00,122915) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000
(root,13324,924,00:00:00/00:00,122916) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) /
(root,0,0,00:00:00/873-11:23:58,123861) [cifsiod]
(root,0,0,00:00:00/873-11:23:58,123862) [cifsoplockd]

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: ens35: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether 06:5a:38:00:02:07 brd ff:ff:ff:ff:ff:ff
[end_iplink]

Found on 2022-10-13 10:15

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcb76c1b6ce66f06e793f105f6bdf22204edbd036e7

Found public CheckMk agent:
Version: 1.5.0p7
AgentOS: linux
Hostname: master.gi-dns.com
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local

Found process list through CheckMk:
(root,191076,3012,06:01:05/844-04:48:46,1) /usr/lib/systemd/systemd --switched-root --system --deserialize 22
(root,0,0,00:00:22/844-04:48:46,2) [kthreadd]
(root,0,0,00:00:00/844-04:48:46,4) [kworker/0:0H]
(root,0,0,00:26:25/844-04:48:46,6) [ksoftirqd/0]
(root,0,0,00:04:42/844-04:48:46,7) [migration/0]
(root,0,0,00:00:00/844-04:48:46,8) [rcu_bh]
(root,0,0,21:05:55/844-04:48:46,9) [rcu_sched]
(root,0,0,00:00:00/844-04:48:46,10) [lru-add-drain]
(root,0,0,00:06:11/844-04:48:46,11) [watchdog/0]
(root,0,0,00:05:31/844-04:48:46,12) [watchdog/1]
(root,0,0,00:05:02/844-04:48:46,13) [migration/1]
(root,0,0,00:05:17/844-04:48:46,14) [ksoftirqd/1]
(root,0,0,00:00:00/844-04:48:46,16) [kworker/1:0H]
(root,0,0,00:00:00/844-04:48:46,18) [kdevtmpfs]
(root,0,0,00:00:00/844-04:48:46,19) [netns]
(root,0,0,00:01:10/844-04:48:46,20) [khungtaskd]
(root,0,0,00:00:00/844-04:48:46,21) [writeback]
(root,0,0,00:00:00/844-04:48:46,22) [kintegrityd]
(root,0,0,00:00:00/844-04:48:46,23) [bioset]
(root,0,0,00:00:00/844-04:48:46,24) [bioset]
(root,0,0,00:00:00/844-04:48:46,25) [bioset]
(root,0,0,00:00:00/844-04:48:46,26) [kblockd]
(root,0,0,00:00:00/844-04:48:46,27) [md]
(root,0,0,00:00:00/844-04:48:46,28) [edac-poller]
(root,0,0,00:00:00/844-04:48:46,29) [watchdogd]
(root,0,0,00:01:15/844-04:48:45,35) [kswapd0]
(root,0,0,00:00:00/844-04:48:45,36) [ksmd]
(root,0,0,00:03:50/844-04:48:45,37) [khugepaged]
(root,0,0,00:00:00/844-04:48:45,38) [crypto]
(root,0,0,00:00:00/844-04:48:45,46) [kthrotld]
(root,0,0,00:00:00/844-04:48:45,48) [kmpath_rdacd]
(root,0,0,00:00:00/844-04:48:45,49) [kaluad]
(root,0,0,00:00:00/844-04:48:45,51) [kpsmoused]
(root,0,0,00:00:00/844-04:48:45,53) [ipv6_addrconf]
(root,0,0,00:00:00/844-04:48:45,66) [deferwq]
(root,0,0,00:07:07/844-04:48:45,101) [kauditd]
(root,0,0,00:00:00/844-04:48:45,282) [nfit]
(root,0,0,00:00:00/844-04:48:45,283) [mpt_poll_0]
(root,0,0,00:00:00/844-04:48:45,284) [mpt/0]
(root,0,0,00:00:00/844-04:48:45,285) [ata_sff]
(root,0,0,00:00:00/844-04:48:45,315) [scsi_eh_0]
(root,0,0,00:00:00/844-04:48:45,319) [scsi_tmf_0]
(root,0,0,00:00:05/844-04:48:45,353) [scsi_eh_1]
(root,0,0,00:00:00/844-04:48:45,355) [scsi_tmf_1]
(root,0,0,00:00:00/844-04:48:45,358) [scsi_eh_2]
(root,0,0,00:00:00/844-04:48:45,359) [scsi_tmf_2]
(root,0,0,03:59:42/844-04:48:45,362) [irq/16-vmwgfx]
(root,0,0,00:00:00/844-04:48:45,365) [ttm_swap]
(root,0,0,00:00:00/844-04:48:44,376) [mpt_poll_1]
(root,0,0,00:00:00/844-04:48:44,377) [mpt/1]
(root,0,0,00:00:00/844-04:48:44,380) [scsi_eh_3]
(root,0,0,00:00:00/844-04:48:44,381) [scsi_tmf_3]
(root,0,0,00:00:00/844-04:48:44,382) [mpt_poll_2]
(root,0,0,00:00:00/844-04:48:44,383) [mpt/2]
(root,0,0,00:00:00/844-04:48:44,384) [scsi_eh_4]
(root,0,0,00:00:00/844-04:48:44,385) [scsi_tmf_4]
(root,0,0,00:00:00/844-04:48:44,386) [mpt_poll_3]
(root,0,0,00:00:00/844-04:48:44,387) [mpt/3]
(root,0,0,00:00:00/844-04:48:44,388) [scsi_eh_5]
(root,0,0,00:00:00/844-04:48:44,389) [scsi_tmf_5]
(root,0,0,00:00:00/844-04:48:44,457) [kdmflush]
(root,0,0,00:00:00/844-04:48:44,458) [bioset]
(root,0,0,00:00:00/844-04:48:44,468) [kdmflush]
(root,0,0,00:00:00/844-04:48:44,470) [bioset]
(root,0,0,00:00:00/844-04:48:44,483) [bioset]
(root,0,0,00:00:00/844-04:48:44,484) [xfsalloc]
(root,0,0,00:00:00/844-04:48:44,485) [xfs_mru_cache]
(root,0,0,00:00:00/844-04:48:44,486) [xfs-buf/dm-0]
(root,0,0,00:00:00/844-04:48:44,487) [xfs-data/dm-0]
(root,0,0,00:00:00/844-04:48:44,488) [xfs-conv/dm-0]
(root,0,0,00:00:00/844-04:48:44,489) [xfs-cil/dm-0]
(root,0,0,00:00:00/844-04:48:44,490) [xfs-reclaim/dm-]
(root,0,0,00:00:00/844-04:48:44,491) [xfs-log/dm-0]
(root,0,0,00:00:00/844-04:48:44,492) [xfs-eofblocks/d]
(root,0,0,06:29:29/844-04:48:44,493) [xfsaild/dm-0]
(root,0,0,00:03:34/844-04:48:44,494) [kworker/0:1H]
(root,39556,5748,02:01:00/844-04:48:43,574) /usr/lib/systemd/systemd-journald
(root,44692,976,00:00:18/844-04:48:43,600) /usr/lib/systemd/systemd-udevd
(root,198568,688,00:00:06/844-04:48:43,601) /usr/sbin/lvmetad -f
(root,0,0,00:00:00/844-04:48:41,751) [xfs-buf/sda1]
(root,0,0,00:00:00/844-04:48:41,752) [xfs-data/sda1]
(root,0,0,00:00:00/844-04:48:41,753) [xfs-conv/sda1]
(root,0,0,00:00:00/844-04:48:41,754) [xfs-cil/sda1]
(root,0,0,00:00:00/844-04:48:41,755) [xfs-reclaim/sda]
(root,0,0,00:00:00/844-04:48:41,756) [xfs-log/sda1]
(root,0,0,00:00:00/844-04:48:41,757) [xfs-eofblocks/s]
(root,0,0,00:00:10/844-04:48:41,758) [xfsaild/sda1]
(root,55528,616,00:30:43/844-04:48:40,775) /sbin/auditd
(root,26380,1136,00:07:15/844-04:48:40,797) /usr/lib/systemd/systemd-logind
(root,99684,480,00:00:00/844-04:48:40,799) /usr/bin/VGAuthService -s
(root,231444,1732,16:47:29/844-04:48:40,800) /usr/bin/vmtoolsd
(dbus,58236,1288,00:20:35/844-04:48:40,802) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation
(root,21684,620,01:02:24/844-04:48:40,808) /usr/sbin/irqbalance --foreground
(root,476340,1544,00:21:56/844-04:48:40,815) /usr/sbin/NetworkManager --no-daemon
(polkitd,612372,1500,00:00:47/844-04:48:40,817) /usr/lib/polkit-1/polkitd --no-debug
(root,126324,684,00:02:15/844-04:48:40,820) /usr/sbin/crond -n
(root,110108,388,00:00:00/844-04:48:40,826) /sbin/agetty --noclear tty1 linux
(ntp,25728,980,00:11:36/844-04:48:40,841) /usr/sbin/ntpd -u ntp:ntp -g
(root,0,0,00:03:57/844-04:48:40,979) [kworker/1:1H]
(root,218220,3720,04:13:43/844-04:48:39,1094) /opt/web/powerdns-admin/flask/bin/python3 /opt/web/powerdns-admin/flask/bin/gunicorn --workers 2 --bind unix:/opt/web/powerdns-admin/powerdns-admin.sock app:app
(root,112920,888,00:36:33/844-04:48:39,1095) /usr/sbin/sshd -D
(root,574200,4932,02:49:19/844-04:48:39,1096) /usr/bin/python2 -Es /usr/sbin/tuned -l -P
(root,27168,364,00:00:00/844-04:48:39,1099) /usr/sbin/xinetd -stayalive -pidfile /var/run/xinetd.pid
(root,388452,8388,01:58:12/844-04:48:39,1100) /usr/sbin/rsyslogd -n
(root,57056,2584,00:00:06/844-04:48:39,1132) nginx: master process /usr/sbin/nginx -c /etc/nginx/nginx.conf
(mysql,1768744,85552,14:53:53/844-04:48:39,1167) /usr/sbin/mysqld
(root,2693012,2161644,3-02:34:54/844-04:48:38,1296) /usr/bin/python2 -s /usr/bin/fail2ban-server -s /var/run/fail2ban/fail2ban.sock -p /var/run/fail2ban/fail2ban.pid -x -b
(root,90356,692,00:04:31/844-04:48:38,1335) /usr/libexec/postfix/master -w
(postfix,90636,988,00:01:03/844-04:48:38,1350) qmgr -l -t unix -u
(root,386968,64580,00:30:52/683-14:19:36,49663) /opt/web/powerdns-admin/flask/bin/python3 /opt/web/powerdns-admin/flask/bin/gunicorn --workers 2 --bind unix:/opt/web/powerdns-admin/powerdns-admin.sock app:app
(root,389716,60344,00:30:47/683-14:19:36,49664) /opt/web/powerdns-admin/flask/bin/python3 /opt/web/powerdns-admin/flask/bin/gunicorn --workers 2 --bind unix:/opt/web/powerdns-admin/powerdns-admin.sock app:app
(nginx,57576,3704,00:00:00/08:46:47,52555) nginx: worker process
(pdns,1366580,17332,01:30:43/257-20:17:58,61407) /usr/sbin/pdns_server --guardian=no --daemon=no --disable-syslog --no-shuffle --log-timestamp=no --write-pid=no
(root,0,0,00:00:10/19:45:47,87079) [kworker/1:1]
(root,1759328,23764,10:00:50/83-10:32:54,87364) //opt/acronis/aakore run
(root,446088,6264,00:05:03/83-10:32:54,87372) /opt/acronis/bin/cred-store --aakore-control
(root,570360,6124,00:18:15/83-10:32:54,87374) /opt/acronis/bin/grpm-sync-unit run
(root,607112,19892,03:16:09/83-10:32:54,87377) /opt/acronis/bin/task-manager --config task-manager.yaml
(root,1168540,6388,01:14:46/83-10:32:54,87378) /opt/acronis/bin/updater -e
(root,1140948,9384,00:54:04/83-10:32:54,87379) /opt/acronis/bin/adp-agent -e
(root,845872,5404,00:34:23/83-10:32:52,87470) /usr/lib/Acronis/Schedule/schedul2-bin
(root,712164,178768,04:55:49/83-10:32:50,87500) /usr/lib/Acronis/BackupAndRecovery/mms
(root,1488980,23460,00:41:10/83-10:32:47,87566) /usr/lib/Acronis/APL/active-protection --conf_file=/etc/Acronis/APL/active-protection.conf
(root,0,0,00:00:00/83-10:32:46,87582) [snapapid]
(root,1009512,7912,00:11:51/83-10:32:45,87601) /usr/lib/Acronis/UpdateController/acp-update-controller -e --update-controller
(root,0,0,00:00:00/83-10:32:45,87608) [acp-update-cont] <defunct>
(root,0,0,00:00:00/843-11:55:16,123861) [cifsiod]
(root,0,0,00:00:00/843-11:55:16,123862) [cifsoplockd]
(postfix,90460,4176,00:00:00/31:29,124891) pickup -l -t unix -u
(root,0,0,00:00:00/18:30,126765) [kworker/0:1]
(root,0,0,00:00:00/17:05,126936) [kworker/u256:1]
(root,0,0,00:00:00/12:59,127515) [kworker/0:0]
(root,0,0,00:00:00/08:52,128184) [kworker/u256:2]
(root,0,0,00:00:00/05:47,128620) [kworker/1:0]
(root,0,0,00:00:00/03:19,128966) [kworker/u256:0]
(root,0,0,00:00:00/02:28,129109) [kworker/0:2]
(root,112920,4288,00:00:00/01:35,129254) sshd: [accepted]
(sshd,112920,2228,00:00:00/01:34,129256) sshd: [net]
(root,0,0,00:00:00/00:46,129385) [kworker/1:2]
(root,161528,5832,00:00:00/00:36,129396) sshd: root [priv]
(sshd,112920,2224,00:00:00/00:36,129397) sshd: root [net]
(root,112920,4288,00:00:00/00:30,129407) sshd: [accepted]
(sshd,112920,2228,00:00:00/00:29,129409) sshd: [net]
(root,113192,1584,00:00:00/00:00,129604) /bin/bash /usr/bin/check_mk_agent
(root,51752,1684,00:00:00/00:00,129620) ps ax -o user:32,vsz,rss,cputime,etime,pid,command --columns 10000
(root,13324,928,00:00:00/00:00,129621) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4\/\5,\6) /

Found network interfaces through CheckMk:
[start_iplink]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: ens35: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether 06:5a:38:00:02:07 brd ff:ff:ff:ff:ff:ff
[end_iplink]

Found on 2022-09-13 10:46

Create report

Open service 95.157.69.60:80

2024-12-17 20:39

HTTP/1.1 404 Not Found
Server: nginx/1.16.1
Date: Tue, 17 Dec 2024 20:39:20 GMT
Content-Type: text/html
Content-Length: 555
Connection: close

Page title: 404 Not Found

<html>
<head><title>404 Not Found</title></head>
<body>
<center><h1>404 Not Found</h1></center>
<hr><center>nginx/1.16.1</center>
</body>
</html>
<!-- a padding to disable MSIE and Chrome friendly error page -->
<!-- a padding to disable MSIE and Chrome friendly error page -->
<!-- a padding to disable MSIE and Chrome friendly error page -->
<!-- a padding to disable MSIE and Chrome friendly error page -->
<!-- a padding to disable MSIE and Chrome friendly error page -->
<!-- a padding to disable MSIE and Chrome friendly error page -->

Found 2024-12-17 by HttpPlugin

Create report

Domain summary

No record