LeakIX - Host 95.43.247.34

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcb0928f4f5d588c3c6d1d4d0fd5fda43984ee16b41

Found public CheckMk agent:
Version: 1.2.6p12
AgentOS: linux
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
OnlyFrom: 

Found process list through CheckMk:
(root,185144,5672,03:46:23,1) /sbin/init
(root,0,0,00:00:05,2) [kthreadd]
(root,0,0,00:00:59,3) [ksoftirqd/0]
(root,0,0,00:00:00,5) [kworker/0:0H]
(root,0,0,00:48:20,7) [rcu_sched]
(root,0,0,00:00:00,8) [rcu_bh]
(root,0,0,00:00:44,9) [migration/0]
(root,0,0,00:00:10,10) [watchdog/0]
(root,0,0,00:00:09,11) [watchdog/1]
(root,0,0,00:00:44,12) [migration/1]
(root,0,0,00:01:52,13) [ksoftirqd/1]
(root,0,0,00:00:00,15) [kworker/1:0H]
(root,0,0,00:00:10,16) [watchdog/2]
(root,0,0,00:00:42,17) [migration/2]
(root,0,0,00:01:09,18) [ksoftirqd/2]
(root,0,0,00:00:00,20) [kworker/2:0H]
(root,0,0,00:00:08,21) [watchdog/3]
(root,0,0,00:00:42,22) [migration/3]
(root,0,0,00:01:08,23) [ksoftirqd/3]
(root,0,0,00:00:00,25) [kworker/3:0H]
(root,0,0,00:00:10,26) [watchdog/4]
(root,0,0,00:00:43,27) [migration/4]
(root,0,0,00:01:07,28) [ksoftirqd/4]
(root,0,0,00:00:00,30) [kworker/4:0H]
(root,0,0,00:00:08,31) [watchdog/5]
(root,0,0,00:00:43,32) [migration/5]
(root,0,0,00:01:05,33) [ksoftirqd/5]
(root,0,0,00:00:00,35) [kworker/5:0H]
(root,0,0,00:00:10,36) [watchdog/6]
(root,0,0,00:00:45,37) [migration/6]
(root,0,0,00:01:25,38) [ksoftirqd/6]
(root,0,0,00:00:00,40) [kworker/6:0H]
(root,0,0,00:00:08,41) [watchdog/7]
(root,0,0,00:00:45,42) [migration/7]
(root,0,0,00:01:34,43) [ksoftirqd/7]
(root,0,0,00:00:00,45) [kworker/7:0H]
(root,0,0,00:00:00,46) [kdevtmpfs]
(root,0,0,00:00:00,47) [netns]
(root,0,0,00:00:00,48) [perf]
(root,0,0,00:00:03,49) [khungtaskd]
(root,0,0,00:00:00,50) [writeback]
(root,0,0,00:00:00,51) [ksmd]
(root,0,0,00:00:00,52) [khugepaged]
(root,0,0,00:00:00,53) [crypto]
(root,0,0,00:00:00,54) [kintegrityd]
(root,0,0,00:00:00,55) [bioset]
(root,0,0,00:00:00,56) [kblockd]
(root,0,0,00:00:00,57) [ata_sff]
(root,0,0,00:00:00,58) [md]
(root,0,0,00:00:00,59) [devfreq_wq]
(root,0,0,00:00:00,64) [kswapd0]
(root,0,0,00:00:00,65) [vmstat]
(root,0,0,00:00:00,66) [fsnotify_mark]
(root,0,0,00:00:00,67) [ecryptfs-kthrea]
(root,0,0,00:00:00,83) [kthrotld]
(root,0,0,00:00:00,90) [acpi_thermal_pm]
(root,0,0,00:00:00,91) [bioset]
(root,0,0,00:00:00,92) [bioset]
(root,0,0,00:00:00,93) [bioset]
(root,0,0,00:00:00,94) [bioset]
(root,0,0,00:00:00,95) [bioset]
(root,0,0,00:00:00,96) [bioset]
(root,0,0,00:00:00,97) [bioset]
(root,0,0,00:00:00,98) [bioset]
(root,0,0,00:00:00,103) [ipv6_addrconf]
(root,0,0,00:00:00,117) [deferwq]
(root,0,0,00:00:00,118) [charger_manager]
(root,0,0,00:00:00,158) [kpsmoused]
(root,0,0,00:00:00,167) [scsi_eh_0]
(root,0,0,00:00:00,171) [scsi_tmf_0]
(root,0,0,00:00:00,174) [scsi_eh_1]
(root,0,0,00:00:00,175) [scsi_tmf_1]
(root,0,0,00:00:00,199) [ttm_swap]
(root,0,0,00:00:00,204) [bioset]
(root,0,0,00:00:00,210) [scsi_eh_2]
(root,0,0,00:00:00,211) [scsi_tmf_2]
(root,0,0,00:03:38,212) [usb-storage]
(root,0,0,00:00:00,213) [uas]
(root,0,0,00:00:00,214) [scsi_eh_3]
(root,0,0,00:00:00,215) [scsi_tmf_3]
(root,0,0,00:03:37,216) [usb-storage]
(root,0,0,00:00:00,246) [scsi_eh_4]
(root,0,0,00:00:00,247) [scsi_tmf_4]
(root,0,0,00:02:55,248) [usb-storage]
(root,0,0,00:00:00,287) [bioset]
(root,0,0,00:00:00,301) [raid5wq]
(root,0,0,00:00:00,304) [bioset]
(root,0,0,00:00:00,333) [bioset]
(root,0,0,00:00:00,359) [bioset]
(root,0,0,00:00:04,366) [kworker/0:1H]
(root,0,0,00:00:03,369) [kworker/2:1H]
(root,0,0,00:01:29,371) [jbd2/sda1-8]
(root,0,0,00:00:00,372) [ext4-rsv-conver]
(root,0,0,00:00:12,420) [kworker/7:1H]
(root,0,0,00:00:03,427) [kworker/4:1H]
(root,0,0,00:00:00,442) [kauditd]
(root,0,0,00:00:00,445) [iscsi_eh]
(root,0,0,00:00:04,451) [kworker/6:1H]
(root,0,0,00:00:04,454) [kworker/3:1H]
(root,0,0,00:00:04,455) [kworker/5:1H]
(root,35372,7756,00:40:51,460) /lib/systemd/systemd-journald
(root,0,0,00:00:00,465) [ib_addr]
(root,0,0,00:00:00,468) [ib_mcast]
(root,0,0,00:00:00,469) [ib_nl_sa_wq]
(root,0,0,00:00:00,472) [ib_cm]
(root,0,0,00:00:00,474) [iw_cm_wq]
(root,0,0,00:00:00,475) [rdma_cm]
(root,94768,1564,00:00:00,502) /sbin/lvmetad -f
(root,44964,4428,00:00:04,515) /lib/systemd/systemd-udevd
(root,0,0,00:00:09,534) [kworker/1:1H]
(systemd+,100320,2572,00:00:04,562) /lib/systemd/systemd-timesyncd
(root,0,0,00:00:00,722) [kvm-irqfd-clean]
(root,4392,1268,00:00:00,1082) /usr/sbin/acpid
(syslog,256388,4224,00:09:45,1084) /usr/sbin/rsyslogd -n
(root,30816,2800,00:00:13,1092) /usr/sbin/cron -f
(root,280044,6340,00:06:39,1105) /usr/lib/accountsservice/accounts-daemon
(message+,42900,3892,00:10:29,1107) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation
(root,28624,3152,00:03:29,1126) /lib/systemd/systemd-logind
(daemon,26040,2148,00:00:00,1129) /usr/sbin/atd -f
(root,235772,2192,00:01:04,1139) /usr/bin/lxcfs /var/lib/lxcfs/
(root,13368,164,00:00:00,1164) /sbin/mdadm --monitor --pid-file /run/mdadm/monitor.pid --daemonise --scan --syslog
(root,58208,4180,00:00:07,1166) lldpd: monitor
(root,5216,152,00:01:12,1218) /sbin/iscsid
(root,5716,3508,00:05:16,1219) /sbin/iscsid
(root,19568,2100,00:07:12,1367) /usr/sbin/irqbalance --pid=/var/run/irqbalance.pid
(root,14232,2164,00:04:46,1406) /usr/sbin/lldpad -d
(root,277084,6124,00:00:01,1425) /usr/lib/policykit-1/polkitd --no-debug
(root,65508,6420,00:05:23,1451) /usr/sbin/sshd -D
(root,15052,2164,00:00:17,1473) /usr/sbin/xinetd -pidfile /run/xinetd.pid -stayalive -inetd_compat -inetd_ipv6
(_lldpd,58208,2736,00:01:13,1489) lldpd: 2 neighbors
(root,154496,38700,00:02:57,1589) /usr/bin/ruby /usr/bin/puppet agent
(root,17772,1788,00:00:19,1647) /sbin/agetty --noclear tty1 linux
(root,0,0,00:00:00,11174) [kworker/0:1]
(root,0,0,00:00:00,13161) [kworker/7:2]
(root,0,0,00:00:00,13286) [kworker/3:1]
(root,0,0,00:00:00,13508) [kworker/5:1]
(root,0,0,00:00:00,13862) [kworker/4:1]
(root,0,0,00:00:00,13984) [kworker/6:1]
(root,108184,2692,00:00:02,14723) /usr/bin/monit -c /etc/monit/monitrc
(root,0,0,00:00:00,14796) [kworker/1:1]
(root,42028,6080,00:02:20,15098) /usr/sbin/openvpn --daemon ovpn-99 --status /run/openvpn/99.status 10 --cd /etc/openvpn --script-security 2 --config /etc/openvpn/99.conf --writepid /run/openvpn/99.pid
(root,0,0,00:00:00,15838) [kworker/2:2]
(dnsmasq,56996,2796,00:02:51,16102) /usr/sbin/dnsmasq -x /run/dnsmasq/dnsmasq.pid -u dnsmasq -I lo -7 /etc/dnsmasq.d,.dpkg-dist,.dpkg-old,.dpkg-new --local-service --trust-anchor=.,19036,8,2,49aac11d7b6f6446702e54a1607371607a1a41855200fd2ce1cdde32f24e8fb5 --trust-anchor=.,20326,8,2,e06d44b80b8f1d39a95c0b0d7c65d08458e880409bbc683457104237c7f8ec8d
(root,0,0,00:00:00,16654) [kworker/0:2]
(root,0,0,00:00:00,16892) [kworker/5:2]
(root,0,0,00:00:00,17015) [kworker/3:0]
(root,0,0,00:00:00,17220) [kworker/6:2]
(root,0,0,00:00:00,17340) [kworker/4:2]
(root,0,0,00:00:00,17536) [kworker/7:1]
(root,0,0,00:00:00,18227) [kworker/1:0]
(root,0,0,00:00:00,18359) [kworker/u16:2]
(root,0,0,00:00:00,18702) [kworker/2:1]
(chilli,33916,11096,1-05:12:18,19060) /usr/sbin/chilli --fg
(root,0,0,00:00:00,20295) [kworker/6:0]
(root,0,0,00:00:00,20414) [kworker/7:0]
(root,0,0,00:00:00,20660) [kworker/5:0]
(root,0,0,00:00:00,21195) [kworker/1:2]
(root,0,0,00:00:00,21196) [kworker/0:0]
(root,0,0,00:00:00,21999) [kworker/4:0]
(root,0,0,00:00:00,22001) [systemctl] <defunct>
(root,0,0,00:00:00,22002) [lookup.check.sh] <defunct>
(root,24904,3340,00:00:00,22131) /bin/bash /usr/local/bin/issue-generator
(root,92676,6564,00:00:00,22176) sshd: root [priv]
(sshd,65508,3208,00:00:00,22177) sshd: root [net]
(root,24928,3324,00:00:00,22320) /bin/bash /usr/bin/check_mk_agent
(root,24904,1712,00:00:00,22337) /bin/bash /usr/local/bin/issue-generator
(root,172432,6552,00:00:00,22338) curl -Is --max-time 2 http://www.google.com
(root,11552,1816,00:00:00,22339) head -1
(root,34420,2928,00:00:00,22344) ps ax -o user,vsz,rss,cputime,pid,command --columns 10000
(root,13360,1048,00:00:00,22345) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4,\5) /
(root,0,0,00:00:00,27624) [kworker/u16:4]
(root,0,0,00:00:00,28324) [kworker/u16:0]

Found on 2024-12-22 00:58

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcb0928f4f5d588c3c6d1d4d0fd5fda4398126dfb34

Found public CheckMk agent:
Version: 1.2.6p12
AgentOS: linux
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
OnlyFrom: 

Found process list through CheckMk:
(root,185136,5664,03:37:56,1) /sbin/init
(root,0,0,00:00:05,2) [kthreadd]
(root,0,0,00:00:56,3) [ksoftirqd/0]
(root,0,0,00:00:00,5) [kworker/0:0H]
(root,0,0,00:46:32,7) [rcu_sched]
(root,0,0,00:00:00,8) [rcu_bh]
(root,0,0,00:00:43,9) [migration/0]
(root,0,0,00:00:10,10) [watchdog/0]
(root,0,0,00:00:09,11) [watchdog/1]
(root,0,0,00:00:43,12) [migration/1]
(root,0,0,00:01:48,13) [ksoftirqd/1]
(root,0,0,00:00:00,15) [kworker/1:0H]
(root,0,0,00:00:09,16) [watchdog/2]
(root,0,0,00:00:40,17) [migration/2]
(root,0,0,00:01:06,18) [ksoftirqd/2]
(root,0,0,00:00:00,20) [kworker/2:0H]
(root,0,0,00:00:08,21) [watchdog/3]
(root,0,0,00:00:41,22) [migration/3]
(root,0,0,00:01:06,23) [ksoftirqd/3]
(root,0,0,00:00:00,25) [kworker/3:0H]
(root,0,0,00:00:10,26) [watchdog/4]
(root,0,0,00:00:41,27) [migration/4]
(root,0,0,00:01:05,28) [ksoftirqd/4]
(root,0,0,00:00:00,30) [kworker/4:0H]
(root,0,0,00:00:08,31) [watchdog/5]
(root,0,0,00:00:41,32) [migration/5]
(root,0,0,00:01:03,33) [ksoftirqd/5]
(root,0,0,00:00:00,35) [kworker/5:0H]
(root,0,0,00:00:10,36) [watchdog/6]
(root,0,0,00:00:43,37) [migration/6]
(root,0,0,00:01:22,38) [ksoftirqd/6]
(root,0,0,00:00:00,40) [kworker/6:0H]
(root,0,0,00:00:08,41) [watchdog/7]
(root,0,0,00:00:43,42) [migration/7]
(root,0,0,00:01:31,43) [ksoftirqd/7]
(root,0,0,00:00:00,45) [kworker/7:0H]
(root,0,0,00:00:00,46) [kdevtmpfs]
(root,0,0,00:00:00,47) [netns]
(root,0,0,00:00:00,48) [perf]
(root,0,0,00:00:03,49) [khungtaskd]
(root,0,0,00:00:00,50) [writeback]
(root,0,0,00:00:00,51) [ksmd]
(root,0,0,00:00:00,52) [khugepaged]
(root,0,0,00:00:00,53) [crypto]
(root,0,0,00:00:00,54) [kintegrityd]
(root,0,0,00:00:00,55) [bioset]
(root,0,0,00:00:00,56) [kblockd]
(root,0,0,00:00:00,57) [ata_sff]
(root,0,0,00:00:00,58) [md]
(root,0,0,00:00:00,59) [devfreq_wq]
(root,0,0,00:00:00,64) [kswapd0]
(root,0,0,00:00:00,65) [vmstat]
(root,0,0,00:00:00,66) [fsnotify_mark]
(root,0,0,00:00:00,67) [ecryptfs-kthrea]
(root,0,0,00:00:00,83) [kthrotld]
(root,0,0,00:00:00,90) [acpi_thermal_pm]
(root,0,0,00:00:00,91) [bioset]
(root,0,0,00:00:00,92) [bioset]
(root,0,0,00:00:00,93) [bioset]
(root,0,0,00:00:00,94) [bioset]
(root,0,0,00:00:00,95) [bioset]
(root,0,0,00:00:00,96) [bioset]
(root,0,0,00:00:00,97) [bioset]
(root,0,0,00:00:00,98) [bioset]
(root,0,0,00:00:00,103) [ipv6_addrconf]
(root,0,0,00:00:00,117) [deferwq]
(root,0,0,00:00:00,118) [charger_manager]
(root,0,0,00:00:00,158) [kpsmoused]
(root,0,0,00:00:00,167) [scsi_eh_0]
(root,0,0,00:00:00,171) [scsi_tmf_0]
(root,0,0,00:00:00,174) [scsi_eh_1]
(root,0,0,00:00:00,175) [scsi_tmf_1]
(root,0,0,00:00:00,199) [ttm_swap]
(root,0,0,00:00:00,204) [bioset]
(root,0,0,00:00:00,210) [scsi_eh_2]
(root,0,0,00:00:00,211) [scsi_tmf_2]
(root,0,0,00:03:30,212) [usb-storage]
(root,0,0,00:00:00,213) [uas]
(root,0,0,00:00:00,214) [scsi_eh_3]
(root,0,0,00:00:00,215) [scsi_tmf_3]
(root,0,0,00:03:29,216) [usb-storage]
(root,0,0,00:00:00,246) [scsi_eh_4]
(root,0,0,00:00:00,247) [scsi_tmf_4]
(root,0,0,00:02:49,248) [usb-storage]
(root,0,0,00:00:00,287) [bioset]
(root,0,0,00:00:00,301) [raid5wq]
(root,0,0,00:00:00,304) [bioset]
(root,0,0,00:00:00,333) [bioset]
(root,0,0,00:00:00,359) [bioset]
(root,0,0,00:00:03,366) [kworker/0:1H]
(root,0,0,00:00:03,369) [kworker/2:1H]
(root,0,0,00:01:26,371) [jbd2/sda1-8]
(root,0,0,00:00:00,372) [ext4-rsv-conver]
(root,0,0,00:00:12,420) [kworker/7:1H]
(root,0,0,00:00:03,427) [kworker/4:1H]
(root,0,0,00:00:00,442) [kauditd]
(root,0,0,00:00:00,445) [iscsi_eh]
(root,0,0,00:00:04,451) [kworker/6:1H]
(root,0,0,00:00:04,454) [kworker/3:1H]
(root,0,0,00:00:03,455) [kworker/5:1H]
(root,35372,3220,00:39:14,460) /lib/systemd/systemd-journald
(root,0,0,00:00:00,465) [ib_addr]
(root,0,0,00:00:00,468) [ib_mcast]
(root,0,0,00:00:00,469) [ib_nl_sa_wq]
(root,0,0,00:00:00,472) [ib_cm]
(root,0,0,00:00:00,474) [iw_cm_wq]
(root,0,0,00:00:00,475) [rdma_cm]
(root,94768,1564,00:00:00,502) /sbin/lvmetad -f
(root,44964,4428,00:00:04,515) /lib/systemd/systemd-udevd
(root,0,0,00:00:09,534) [kworker/1:1H]
(systemd+,100320,2572,00:00:04,562) /lib/systemd/systemd-timesyncd
(root,0,0,00:00:00,722) [kvm-irqfd-clean]
(root,4392,1268,00:00:00,1082) /usr/sbin/acpid
(syslog,256388,4224,00:09:21,1084) /usr/sbin/rsyslogd -n
(root,30816,2800,00:00:12,1092) /usr/sbin/cron -f
(root,280044,6340,00:06:23,1105) /usr/lib/accountsservice/accounts-daemon
(message+,42900,3892,00:10:06,1107) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation
(root,28624,3152,00:03:21,1126) /lib/systemd/systemd-logind
(daemon,26040,2148,00:00:00,1129) /usr/sbin/atd -f
(root,235772,2192,00:01:02,1139) /usr/bin/lxcfs /var/lib/lxcfs/
(root,13368,164,00:00:00,1164) /sbin/mdadm --monitor --pid-file /run/mdadm/monitor.pid --daemonise --scan --syslog
(root,58208,4180,00:00:06,1166) lldpd: monitor
(root,5216,152,00:01:10,1218) /sbin/iscsid
(root,5716,3508,00:05:04,1219) /sbin/iscsid
(root,19568,2100,00:06:56,1367) /usr/sbin/irqbalance --pid=/var/run/irqbalance.pid
(root,14232,2164,00:04:35,1406) /usr/sbin/lldpad -d
(root,277084,6124,00:00:01,1425) /usr/lib/policykit-1/polkitd --no-debug
(root,65508,6420,00:05:09,1451) /usr/sbin/sshd -D
(root,15052,2164,00:00:16,1473) /usr/sbin/xinetd -pidfile /run/xinetd.pid -stayalive -inetd_compat -inetd_ipv6
(_lldpd,58208,2736,00:01:10,1489) lldpd: 2 neighbors
(root,154496,38700,00:02:51,1589) /usr/bin/ruby /usr/bin/puppet agent
(root,17772,1788,00:00:19,1647) /sbin/agetty --noclear tty1 linux
(root,0,0,00:00:00,4685) [kworker/u16:2]
(root,108184,2792,00:00:01,11414) /usr/bin/monit -c /etc/monit/monitrc
(root,42028,6080,00:02:05,15098) /usr/sbin/openvpn --daemon ovpn-99 --status /run/openvpn/99.status 10 --cd /etc/openvpn --script-security 2 --config /etc/openvpn/99.conf --writepid /run/openvpn/99.pid
(dnsmasq,56996,2796,00:01:31,16102) /usr/sbin/dnsmasq -x /run/dnsmasq/dnsmasq.pid -u dnsmasq -I lo -7 /etc/dnsmasq.d,.dpkg-dist,.dpkg-old,.dpkg-new --local-service --trust-anchor=.,19036,8,2,49aac11d7b6f6446702e54a1607371607a1a41855200fd2ce1cdde32f24e8fb5 --trust-anchor=.,20326,8,2,e06d44b80b8f1d39a95c0b0d7c65d08458e880409bbc683457104237c7f8ec8d
(root,52028,2948,00:00:00,19005) /usr/sbin/CRON -f
(root,4500,700,00:00:00,19011) /bin/sh -c /bin/bash /usr/local/bin/checklist.sh 1800 >> /var/log/status.log
(root,16528,3020,00:00:00,19017) /bin/bash /usr/local/bin/checklist.sh 1800
(root,9124,672,00:00:00,19034) sleep 1594
(chilli,33916,11096,1-04:20:02,19060) /usr/sbin/chilli --fg
(root,0,0,00:00:00,21454) [kworker/4:2]
(root,0,0,00:00:00,22128) [kworker/0:0]
(root,0,0,00:00:00,23084) [kworker/2:0]
(root,0,0,00:00:00,23337) [kworker/6:0]
(root,0,0,00:00:00,23671) [kworker/u16:0]
(root,0,0,00:00:00,23904) [kworker/3:1]
(root,0,0,00:00:00,24138) [kworker/1:1]
(root,0,0,00:00:00,24485) [kworker/4:1]
(root,0,0,00:00:00,24730) [kworker/u16:1]
(root,0,0,00:00:00,25052) [kworker/5:0]
(root,0,0,00:00:00,25623) [kworker/7:1]
(root,0,0,00:00:00,26184) [kworker/6:2]
(root,0,0,00:00:00,27119) [kworker/2:2]
(root,0,0,00:00:00,27136) [kworker/0:1]
(root,52028,2964,00:00:00,27236) /usr/sbin/CRON -f
(root,4500,696,00:00:00,27239) /bin/sh -c /bin/bash /usr/local/bin/checklist.sh 1800 >> /var/log/status.log
(root,16528,3052,00:00:00,27242) /bin/bash /usr/local/bin/checklist.sh 1800
(root,9124,664,00:00:00,27246) sleep 1418
(root,0,0,00:00:00,27276) [kworker/1:0]
(root,0,0,00:00:00,28050) [kworker/5:2]
(root,0,0,00:00:00,28281) [kworker/3:0]
(root,0,0,00:00:00,28417) [kworker/7:2]
(root,0,0,00:00:00,30358) [kworker/1:2]
(root,0,0,00:00:00,30593) [kworker/4:0]
(root,0,0,00:00:00,31070) [kworker/3:2]
(root,0,0,00:00:00,31176) [kworker/5:1]
(root,0,0,00:00:00,31288) [kworker/2:1]
(root,0,0,00:00:00,31976) [kworker/7:0]
(root,0,0,00:00:00,32091) [systemctl] <defunct>
(root,0,0,00:00:00,32092) [lookup.check.sh] <defunct>
(root,24928,3364,00:00:00,32277) /bin/bash /usr/bin/check_mk_agent
(root,34420,2912,00:00:00,32296) ps ax -o user,vsz,rss,cputime,pid,command --columns 10000
(root,13360,1148,00:00:00,32297) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4,\5) /

Found on 2024-12-20 00:24

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcb0928f4f5d588c3c6d1d4d0fd5fda4398b8717053

Found public CheckMk agent:
Version: 1.2.6p12
AgentOS: linux
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
OnlyFrom: 

Found process list through CheckMk:
(root,185136,5664,03:29:44,1) /sbin/init
(root,0,0,00:00:04,2) [kthreadd]
(root,0,0,00:00:54,3) [ksoftirqd/0]
(root,0,0,00:00:00,5) [kworker/0:0H]
(root,0,0,00:44:34,7) [rcu_sched]
(root,0,0,00:00:00,8) [rcu_bh]
(root,0,0,00:00:41,9) [migration/0]
(root,0,0,00:00:10,10) [watchdog/0]
(root,0,0,00:00:09,11) [watchdog/1]
(root,0,0,00:00:41,12) [migration/1]
(root,0,0,00:01:44,13) [ksoftirqd/1]
(root,0,0,00:00:00,15) [kworker/1:0H]
(root,0,0,00:00:09,16) [watchdog/2]
(root,0,0,00:00:39,17) [migration/2]
(root,0,0,00:01:04,18) [ksoftirqd/2]
(root,0,0,00:00:00,20) [kworker/2:0H]
(root,0,0,00:00:07,21) [watchdog/3]
(root,0,0,00:00:39,22) [migration/3]
(root,0,0,00:01:04,23) [ksoftirqd/3]
(root,0,0,00:00:00,25) [kworker/3:0H]
(root,0,0,00:00:09,26) [watchdog/4]
(root,0,0,00:00:40,27) [migration/4]
(root,0,0,00:01:02,28) [ksoftirqd/4]
(root,0,0,00:00:00,30) [kworker/4:0H]
(root,0,0,00:00:07,31) [watchdog/5]
(root,0,0,00:00:40,32) [migration/5]
(root,0,0,00:01:01,33) [ksoftirqd/5]
(root,0,0,00:00:00,35) [kworker/5:0H]
(root,0,0,00:00:09,36) [watchdog/6]
(root,0,0,00:00:42,37) [migration/6]
(root,0,0,00:01:19,38) [ksoftirqd/6]
(root,0,0,00:00:00,40) [kworker/6:0H]
(root,0,0,00:00:07,41) [watchdog/7]
(root,0,0,00:00:42,42) [migration/7]
(root,0,0,00:01:27,43) [ksoftirqd/7]
(root,0,0,00:00:00,45) [kworker/7:0H]
(root,0,0,00:00:00,46) [kdevtmpfs]
(root,0,0,00:00:00,47) [netns]
(root,0,0,00:00:00,48) [perf]
(root,0,0,00:00:03,49) [khungtaskd]
(root,0,0,00:00:00,50) [writeback]
(root,0,0,00:00:00,51) [ksmd]
(root,0,0,00:00:00,52) [khugepaged]
(root,0,0,00:00:00,53) [crypto]
(root,0,0,00:00:00,54) [kintegrityd]
(root,0,0,00:00:00,55) [bioset]
(root,0,0,00:00:00,56) [kblockd]
(root,0,0,00:00:00,57) [ata_sff]
(root,0,0,00:00:00,58) [md]
(root,0,0,00:00:00,59) [devfreq_wq]
(root,0,0,00:00:00,64) [kswapd0]
(root,0,0,00:00:00,65) [vmstat]
(root,0,0,00:00:00,66) [fsnotify_mark]
(root,0,0,00:00:00,67) [ecryptfs-kthrea]
(root,0,0,00:00:00,83) [kthrotld]
(root,0,0,00:00:00,90) [acpi_thermal_pm]
(root,0,0,00:00:00,91) [bioset]
(root,0,0,00:00:00,92) [bioset]
(root,0,0,00:00:00,93) [bioset]
(root,0,0,00:00:00,94) [bioset]
(root,0,0,00:00:00,95) [bioset]
(root,0,0,00:00:00,96) [bioset]
(root,0,0,00:00:00,97) [bioset]
(root,0,0,00:00:00,98) [bioset]
(root,0,0,00:00:00,103) [ipv6_addrconf]
(root,0,0,00:00:00,117) [deferwq]
(root,0,0,00:00:00,118) [charger_manager]
(root,0,0,00:00:00,158) [kpsmoused]
(root,0,0,00:00:00,167) [scsi_eh_0]
(root,0,0,00:00:00,171) [scsi_tmf_0]
(root,0,0,00:00:00,174) [scsi_eh_1]
(root,0,0,00:00:00,175) [scsi_tmf_1]
(root,0,0,00:00:00,199) [ttm_swap]
(root,0,0,00:00:00,204) [bioset]
(root,0,0,00:00:00,210) [scsi_eh_2]
(root,0,0,00:00:00,211) [scsi_tmf_2]
(root,0,0,00:03:22,212) [usb-storage]
(root,0,0,00:00:00,213) [uas]
(root,0,0,00:00:00,214) [scsi_eh_3]
(root,0,0,00:00:00,215) [scsi_tmf_3]
(root,0,0,00:03:21,216) [usb-storage]
(root,0,0,00:00:00,246) [scsi_eh_4]
(root,0,0,00:00:00,247) [scsi_tmf_4]
(root,0,0,00:02:42,248) [usb-storage]
(root,0,0,00:00:00,287) [bioset]
(root,0,0,00:00:00,301) [raid5wq]
(root,0,0,00:00:00,304) [bioset]
(root,0,0,00:00:00,333) [bioset]
(root,0,0,00:00:00,359) [bioset]
(root,0,0,00:00:03,366) [kworker/0:1H]
(root,0,0,00:00:03,369) [kworker/2:1H]
(root,0,0,00:01:22,371) [jbd2/sda1-8]
(root,0,0,00:00:00,372) [ext4-rsv-conver]
(root,0,0,00:00:11,420) [kworker/7:1H]
(root,0,0,00:00:03,427) [kworker/4:1H]
(root,0,0,00:00:00,442) [kauditd]
(root,0,0,00:00:00,445) [iscsi_eh]
(root,0,0,00:00:04,451) [kworker/6:1H]
(root,0,0,00:00:03,454) [kworker/3:1H]
(root,0,0,00:00:03,455) [kworker/5:1H]
(root,35372,6920,00:37:27,460) /lib/systemd/systemd-journald
(root,0,0,00:00:00,465) [ib_addr]
(root,0,0,00:00:00,468) [ib_mcast]
(root,0,0,00:00:00,469) [ib_nl_sa_wq]
(root,0,0,00:00:00,472) [ib_cm]
(root,0,0,00:00:00,474) [iw_cm_wq]
(root,0,0,00:00:00,475) [rdma_cm]
(root,94768,1564,00:00:00,502) /sbin/lvmetad -f
(root,44964,4428,00:00:03,515) /lib/systemd/systemd-udevd
(root,0,0,00:00:09,534) [kworker/1:1H]
(systemd+,100320,2572,00:00:03,562) /lib/systemd/systemd-timesyncd
(root,0,0,00:00:00,722) [kvm-irqfd-clean]
(root,4392,1268,00:00:00,1082) /usr/sbin/acpid
(syslog,256388,4224,00:08:55,1084) /usr/sbin/rsyslogd -n
(root,30816,2800,00:00:12,1092) /usr/sbin/cron -f
(root,280044,6340,00:06:06,1105) /usr/lib/accountsservice/accounts-daemon
(message+,42900,3892,00:09:43,1107) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation
(root,28624,3152,00:03:14,1126) /lib/systemd/systemd-logind
(daemon,26040,2148,00:00:00,1129) /usr/sbin/atd -f
(root,235772,2192,00:00:59,1139) /usr/bin/lxcfs /var/lib/lxcfs/
(root,13368,164,00:00:00,1164) /sbin/mdadm --monitor --pid-file /run/mdadm/monitor.pid --daemonise --scan --syslog
(root,58208,4180,00:00:06,1166) lldpd: monitor
(root,5216,152,00:01:07,1218) /sbin/iscsid
(root,5716,3508,00:04:53,1219) /sbin/iscsid
(root,19568,2100,00:06:40,1367) /usr/sbin/irqbalance --pid=/var/run/irqbalance.pid
(root,14232,2164,00:04:25,1406) /usr/sbin/lldpad -d
(root,277084,6124,00:00:00,1425) /usr/lib/policykit-1/polkitd --no-debug
(root,65508,6420,00:04:53,1451) /usr/sbin/sshd -D
(root,15052,2164,00:00:16,1473) /usr/sbin/xinetd -pidfile /run/xinetd.pid -stayalive -inetd_compat -inetd_ipv6
(_lldpd,58208,2736,00:01:07,1489) lldpd: 2 neighbors
(root,154496,38700,00:02:44,1589) /usr/bin/ruby /usr/bin/puppet agent
(root,17772,1788,00:00:19,1647) /sbin/agetty --noclear tty1 linux
(root,0,0,00:00:00,3974) [kworker/u16:1]
(root,108184,2720,00:00:03,5395) /usr/bin/monit -c /etc/monit/monitrc
(root,42028,6080,00:01:51,15098) /usr/sbin/openvpn --daemon ovpn-99 --status /run/openvpn/99.status 10 --cd /etc/openvpn --script-security 2 --config /etc/openvpn/99.conf --writepid /run/openvpn/99.pid
(dnsmasq,56864,2796,00:00:02,16102) /usr/sbin/dnsmasq -x /run/dnsmasq/dnsmasq.pid -u dnsmasq -I lo -7 /etc/dnsmasq.d,.dpkg-dist,.dpkg-old,.dpkg-new --local-service --trust-anchor=.,19036,8,2,49aac11d7b6f6446702e54a1607371607a1a41855200fd2ce1cdde32f24e8fb5 --trust-anchor=.,20326,8,2,e06d44b80b8f1d39a95c0b0d7c65d08458e880409bbc683457104237c7f8ec8d
(root,0,0,00:00:00,18205) [kworker/1:0]
(chilli,33916,11096,1-03:06:15,19060) /usr/sbin/chilli --fg
(root,0,0,00:00:00,20075) [kworker/2:2]
(root,0,0,00:00:00,20545) [kworker/0:2]
(root,0,0,00:00:00,21531) [kworker/1:1]
(root,0,0,00:00:00,22841) [kworker/5:2]
(root,0,0,00:00:00,23069) [kworker/6:2]
(root,0,0,00:00:00,23181) [kworker/3:1]
(root,0,0,00:00:00,23300) [kworker/7:0]
(root,0,0,00:00:00,23843) [kworker/4:2]
(root,0,0,00:00:00,24187) [kworker/0:0]
(root,0,0,00:00:00,25929) [kworker/5:0]
(root,0,0,00:00:00,26533) [kworker/3:2]
(root,0,0,00:00:00,26655) [kworker/4:1]
(root,0,0,00:00:00,26785) [kworker/6:1]
(root,0,0,00:00:00,27258) [kworker/7:1]
(root,0,0,00:00:00,27734) [kworker/2:0]
(root,0,0,00:00:00,27885) [kworker/u16:3]
(root,0,0,00:00:00,28489) [kworker/1:2]
(root,0,0,00:00:00,29971) [kworker/5:1]
(root,0,0,00:00:00,30441) [kworker/3:0]
(root,0,0,00:00:00,30570) [kworker/0:1]
(root,0,0,00:00:00,30692) [kworker/6:0]
(root,0,0,00:00:00,30699) [systemctl] <defunct>
(root,0,0,00:00:00,30700) [lookup.check.sh] <defunct>
(root,92676,6532,00:00:00,30768) sshd: root [priv]
(sshd,65508,3260,00:00:00,30769) sshd: root [net]
(root,0,0,00:00:00,30798) [kworker/u16:0]
(root,24928,3268,00:00:00,30996) /bin/bash /usr/bin/check_mk_agent
(root,34420,2936,00:00:00,31015) ps ax -o user,vsz,rss,cputime,pid,command --columns 10000
(root,13360,1052,00:00:00,31016) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4,\5) /
(root,0,0,00:00:00,31682) [kworker/u16:2]

Found on 2024-12-18 01:34

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcb0928f4f5d588c3c6d1d4d0fd5fda4398145b114a

Found public CheckMk agent:
Version: 1.2.6p12
AgentOS: linux
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
OnlyFrom: 

Found process list through CheckMk:
(root,185140,5668,03:20:57,1) /sbin/init
(root,0,0,00:00:04,2) [kthreadd]
(root,0,0,00:00:52,3) [ksoftirqd/0]
(root,0,0,00:00:00,5) [kworker/0:0H]
(root,0,0,00:42:32,7) [rcu_sched]
(root,0,0,00:00:00,8) [rcu_bh]
(root,0,0,00:00:40,9) [migration/0]
(root,0,0,00:00:09,10) [watchdog/0]
(root,0,0,00:00:08,11) [watchdog/1]
(root,0,0,00:00:39,12) [migration/1]
(root,0,0,00:01:39,13) [ksoftirqd/1]
(root,0,0,00:00:00,15) [kworker/1:0H]
(root,0,0,00:00:09,16) [watchdog/2]
(root,0,0,00:00:37,17) [migration/2]
(root,0,0,00:01:01,18) [ksoftirqd/2]
(root,0,0,00:00:00,20) [kworker/2:0H]
(root,0,0,00:00:07,21) [watchdog/3]
(root,0,0,00:00:37,22) [migration/3]
(root,0,0,00:01:01,23) [ksoftirqd/3]
(root,0,0,00:00:00,25) [kworker/3:0H]
(root,0,0,00:00:09,26) [watchdog/4]
(root,0,0,00:00:38,27) [migration/4]
(root,0,0,00:01:00,28) [ksoftirqd/4]
(root,0,0,00:00:00,30) [kworker/4:0H]
(root,0,0,00:00:07,31) [watchdog/5]
(root,0,0,00:00:38,32) [migration/5]
(root,0,0,00:00:58,33) [ksoftirqd/5]
(root,0,0,00:00:00,35) [kworker/5:0H]
(root,0,0,00:00:09,36) [watchdog/6]
(root,0,0,00:00:40,37) [migration/6]
(root,0,0,00:01:15,38) [ksoftirqd/6]
(root,0,0,00:00:00,40) [kworker/6:0H]
(root,0,0,00:00:07,41) [watchdog/7]
(root,0,0,00:00:40,42) [migration/7]
(root,0,0,00:01:23,43) [ksoftirqd/7]
(root,0,0,00:00:00,45) [kworker/7:0H]
(root,0,0,00:00:00,46) [kdevtmpfs]
(root,0,0,00:00:00,47) [netns]
(root,0,0,00:00:00,48) [perf]
(root,0,0,00:00:03,49) [khungtaskd]
(root,0,0,00:00:00,50) [writeback]
(root,0,0,00:00:00,51) [ksmd]
(root,0,0,00:00:00,52) [khugepaged]
(root,0,0,00:00:00,53) [crypto]
(root,0,0,00:00:00,54) [kintegrityd]
(root,0,0,00:00:00,55) [bioset]
(root,0,0,00:00:00,56) [kblockd]
(root,0,0,00:00:00,57) [ata_sff]
(root,0,0,00:00:00,58) [md]
(root,0,0,00:00:00,59) [devfreq_wq]
(root,0,0,00:00:00,64) [kswapd0]
(root,0,0,00:00:00,65) [vmstat]
(root,0,0,00:00:00,66) [fsnotify_mark]
(root,0,0,00:00:00,67) [ecryptfs-kthrea]
(root,0,0,00:00:00,83) [kthrotld]
(root,0,0,00:00:00,90) [acpi_thermal_pm]
(root,0,0,00:00:00,91) [bioset]
(root,0,0,00:00:00,92) [bioset]
(root,0,0,00:00:00,93) [bioset]
(root,0,0,00:00:00,94) [bioset]
(root,0,0,00:00:00,95) [bioset]
(root,0,0,00:00:00,96) [bioset]
(root,0,0,00:00:00,97) [bioset]
(root,0,0,00:00:00,98) [bioset]
(root,0,0,00:00:00,103) [ipv6_addrconf]
(root,0,0,00:00:00,117) [deferwq]
(root,0,0,00:00:00,118) [charger_manager]
(root,0,0,00:00:00,158) [kpsmoused]
(root,0,0,00:00:00,167) [scsi_eh_0]
(root,0,0,00:00:00,171) [scsi_tmf_0]
(root,0,0,00:00:00,174) [scsi_eh_1]
(root,0,0,00:00:00,175) [scsi_tmf_1]
(root,0,0,00:00:00,199) [ttm_swap]
(root,0,0,00:00:00,204) [bioset]
(root,0,0,00:00:00,210) [scsi_eh_2]
(root,0,0,00:00:00,211) [scsi_tmf_2]
(root,0,0,00:03:14,212) [usb-storage]
(root,0,0,00:00:00,213) [uas]
(root,0,0,00:00:00,214) [scsi_eh_3]
(root,0,0,00:00:00,215) [scsi_tmf_3]
(root,0,0,00:03:12,216) [usb-storage]
(root,0,0,00:00:00,246) [scsi_eh_4]
(root,0,0,00:00:00,247) [scsi_tmf_4]
(root,0,0,00:02:35,248) [usb-storage]
(root,0,0,00:00:00,287) [bioset]
(root,0,0,00:00:00,301) [raid5wq]
(root,0,0,00:00:00,304) [bioset]
(root,0,0,00:00:00,333) [bioset]
(root,0,0,00:00:00,359) [bioset]
(root,0,0,00:00:03,366) [kworker/0:1H]
(root,0,0,00:00:03,369) [kworker/2:1H]
(root,0,0,00:01:19,371) [jbd2/sda1-8]
(root,0,0,00:00:00,372) [ext4-rsv-conver]
(root,0,0,00:00:11,420) [kworker/7:1H]
(root,0,0,00:00:03,427) [kworker/4:1H]
(root,0,0,00:00:00,442) [kauditd]
(root,0,0,00:00:00,445) [iscsi_eh]
(root,0,0,00:00:04,451) [kworker/6:1H]
(root,0,0,00:00:03,454) [kworker/3:1H]
(root,0,0,00:00:03,455) [kworker/5:1H]
(root,35372,4012,00:35:49,460) /lib/systemd/systemd-journald
(root,0,0,00:00:00,465) [ib_addr]
(root,0,0,00:00:00,468) [ib_mcast]
(root,0,0,00:00:00,469) [ib_nl_sa_wq]
(root,0,0,00:00:00,472) [ib_cm]
(root,0,0,00:00:00,474) [iw_cm_wq]
(root,0,0,00:00:00,475) [rdma_cm]
(root,94768,1564,00:00:00,502) /sbin/lvmetad -f
(root,44964,4428,00:00:03,515) /lib/systemd/systemd-udevd
(root,0,0,00:00:08,534) [kworker/1:1H]
(systemd+,100320,2572,00:00:03,562) /lib/systemd/systemd-timesyncd
(root,0,0,00:00:00,722) [kvm-irqfd-clean]
(root,4392,1268,00:00:00,1082) /usr/sbin/acpid
(syslog,256388,4224,00:08:32,1084) /usr/sbin/rsyslogd -n
(root,30816,2800,00:00:11,1092) /usr/sbin/cron -f
(root,280044,6340,00:05:51,1105) /usr/lib/accountsservice/accounts-daemon
(message+,42900,3892,00:09:19,1107) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation
(root,28624,3152,00:03:06,1126) /lib/systemd/systemd-logind
(daemon,26040,2148,00:00:00,1129) /usr/sbin/atd -f
(root,235772,2192,00:00:57,1139) /usr/bin/lxcfs /var/lib/lxcfs/
(root,13368,164,00:00:00,1164) /sbin/mdadm --monitor --pid-file /run/mdadm/monitor.pid --daemonise --scan --syslog
(root,58208,4180,00:00:06,1166) lldpd: monitor
(root,5216,152,00:01:04,1218) /sbin/iscsid
(root,5716,3508,00:04:40,1219) /sbin/iscsid
(root,19568,2100,00:06:23,1367) /usr/sbin/irqbalance --pid=/var/run/irqbalance.pid
(root,14232,2164,00:04:13,1406) /usr/sbin/lldpad -d
(root,277084,6124,00:00:00,1425) /usr/lib/policykit-1/polkitd --no-debug
(root,65508,6420,00:04:41,1451) /usr/sbin/sshd -D
(root,15052,2164,00:00:15,1473) /usr/sbin/xinetd -pidfile /run/xinetd.pid -stayalive -inetd_compat -inetd_ipv6
(_lldpd,58208,2736,00:01:05,1489) lldpd: 2 neighbors
(root,0,0,00:00:00,1495) [kworker/u16:1]
(root,154496,38700,00:02:38,1589) /usr/bin/ruby /usr/bin/puppet agent
(root,17772,1788,00:00:19,1647) /sbin/agetty --noclear tty1 linux
(root,0,0,00:00:00,5217) [kworker/u16:0]
(root,108184,2688,00:00:04,13838) /usr/bin/monit -c /etc/monit/monitrc
(root,42028,6080,00:01:35,15098) /usr/sbin/openvpn --daemon ovpn-99 --status /run/openvpn/99.status 10 --cd /etc/openvpn --script-security 2 --config /etc/openvpn/99.conf --writepid /run/openvpn/99.pid
(root,0,0,00:00:00,15342) [kworker/5:2]
(root,0,0,00:00:00,15451) [kworker/7:1]
(root,0,0,00:00:00,15799) [kworker/6:2]
(root,0,0,00:00:00,16121) [kworker/1:2]
(root,0,0,00:00:01,16583) [kworker/u16:3]
(root,0,0,00:00:00,17001) [kworker/3:0]
(root,0,0,00:00:00,17117) [kworker/4:0]
(root,0,0,00:00:00,17456) [kworker/2:1]
(root,0,0,00:00:00,18712) [kworker/6:0]
(chilli,33916,11096,1-01:50:52,19060) /usr/sbin/chilli --fg
(root,0,0,00:00:00,19374) [kworker/0:1]
(root,0,0,00:00:00,19616) [kworker/1:1]
(root,0,0,00:00:00,19845) [kworker/5:0]
(root,0,0,00:00:00,20277) [kworker/4:1]
(root,52028,2924,00:00:00,20473) /usr/sbin/CRON -f
(root,4500,704,00:00:00,20480) /bin/sh -c /bin/bash /usr/local/bin/checklist.sh 1800 >> /var/log/status.log
(root,16528,3056,00:00:00,20484) /bin/bash /usr/local/bin/checklist.sh 1800
(root,9124,656,00:00:00,20504) sleep 1426
(root,0,0,00:00:00,20891) [kworker/2:2]
(root,0,0,00:00:00,21443) [kworker/3:1]
(root,0,0,00:00:00,21776) [kworker/7:0]
(root,0,0,00:00:00,22322) [kworker/0:0]
(dnsmasq,56864,2704,00:08:27,22483) /usr/sbin/dnsmasq -x /run/dnsmasq/dnsmasq.pid -u dnsmasq -I lo -7 /etc/dnsmasq.d,.dpkg-dist,.dpkg-old,.dpkg-new --local-service --trust-anchor=.,19036,8,2,49aac11d7b6f6446702e54a1607371607a1a41855200fd2ce1cdde32f24e8fb5 --trust-anchor=.,20326,8,2,e06d44b80b8f1d39a95c0b0d7c65d08458e880409bbc683457104237c7f8ec8d
(root,0,0,00:00:00,22551) [kworker/5:1]
(root,0,0,00:00:00,23108) [kworker/1:0]
(root,0,0,00:00:00,23229) [kworker/6:1]
(root,0,0,00:00:00,23773) [kworker/u16:2]
(root,0,0,00:00:00,24230) [kworker/2:0]
(root,0,0,00:00:00,24785) [kworker/3:2]
(root,0,0,00:00:00,24786) [kworker/u16:4]
(root,65508,6048,00:00:00,24788) sshd: [accepted]
(sshd,65508,2972,00:00:00,24893) sshd: [net]
(root,0,0,00:00:00,24894) [systemctl] <defunct>
(root,0,0,00:00:00,24895) [lookup.check.sh] <defunct>
(root,24928,3324,00:00:00,24960) /bin/bash /usr/bin/check_mk_agent
(root,34420,2976,00:00:00,24979) ps ax -o user,vsz,rss,cputime,pid,command --columns 10000
(root,13360,1052,00:00:00,24980) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4,\5) /

Found on 2024-12-15 23:08

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcb0928f4f5d588c3c6d1d4d0fd5fda4398bab9bdca

Found public CheckMk agent:
Version: 1.2.6p12
AgentOS: linux
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
OnlyFrom: 

Found process list through CheckMk:
(root,185132,5660,03:12:40,1) /sbin/init
(root,0,0,00:00:04,2) [kthreadd]
(root,0,0,00:00:49,3) [ksoftirqd/0]
(root,0,0,00:00:00,5) [kworker/0:0H]
(root,0,0,00:40:58,7) [rcu_sched]
(root,0,0,00:00:00,8) [rcu_bh]
(root,0,0,00:00:38,9) [migration/0]
(root,0,0,00:00:09,10) [watchdog/0]
(root,0,0,00:00:08,11) [watchdog/1]
(root,0,0,00:00:38,12) [migration/1]
(root,0,0,00:01:35,13) [ksoftirqd/1]
(root,0,0,00:00:00,15) [kworker/1:0H]
(root,0,0,00:00:08,16) [watchdog/2]
(root,0,0,00:00:35,17) [migration/2]
(root,0,0,00:00:59,18) [ksoftirqd/2]
(root,0,0,00:00:00,20) [kworker/2:0H]
(root,0,0,00:00:07,21) [watchdog/3]
(root,0,0,00:00:36,22) [migration/3]
(root,0,0,00:00:59,23) [ksoftirqd/3]
(root,0,0,00:00:00,25) [kworker/3:0H]
(root,0,0,00:00:08,26) [watchdog/4]
(root,0,0,00:00:36,27) [migration/4]
(root,0,0,00:00:57,28) [ksoftirqd/4]
(root,0,0,00:00:00,30) [kworker/4:0H]
(root,0,0,00:00:07,31) [watchdog/5]
(root,0,0,00:00:37,32) [migration/5]
(root,0,0,00:00:56,33) [ksoftirqd/5]
(root,0,0,00:00:00,35) [kworker/5:0H]
(root,0,0,00:00:09,36) [watchdog/6]
(root,0,0,00:00:38,37) [migration/6]
(root,0,0,00:01:12,38) [ksoftirqd/6]
(root,0,0,00:00:00,40) [kworker/6:0H]
(root,0,0,00:00:07,41) [watchdog/7]
(root,0,0,00:00:38,42) [migration/7]
(root,0,0,00:01:20,43) [ksoftirqd/7]
(root,0,0,00:00:00,45) [kworker/7:0H]
(root,0,0,00:00:00,46) [kdevtmpfs]
(root,0,0,00:00:00,47) [netns]
(root,0,0,00:00:00,48) [perf]
(root,0,0,00:00:02,49) [khungtaskd]
(root,0,0,00:00:00,50) [writeback]
(root,0,0,00:00:00,51) [ksmd]
(root,0,0,00:00:00,52) [khugepaged]
(root,0,0,00:00:00,53) [crypto]
(root,0,0,00:00:00,54) [kintegrityd]
(root,0,0,00:00:00,55) [bioset]
(root,0,0,00:00:00,56) [kblockd]
(root,0,0,00:00:00,57) [ata_sff]
(root,0,0,00:00:00,58) [md]
(root,0,0,00:00:00,59) [devfreq_wq]
(root,0,0,00:00:00,64) [kswapd0]
(root,0,0,00:00:00,65) [vmstat]
(root,0,0,00:00:00,66) [fsnotify_mark]
(root,0,0,00:00:00,67) [ecryptfs-kthrea]
(root,0,0,00:00:00,83) [kthrotld]
(root,0,0,00:00:00,90) [acpi_thermal_pm]
(root,0,0,00:00:00,91) [bioset]
(root,0,0,00:00:00,92) [bioset]
(root,0,0,00:00:00,93) [bioset]
(root,0,0,00:00:00,94) [bioset]
(root,0,0,00:00:00,95) [bioset]
(root,0,0,00:00:00,96) [bioset]
(root,0,0,00:00:00,97) [bioset]
(root,0,0,00:00:00,98) [bioset]
(root,0,0,00:00:00,103) [ipv6_addrconf]
(root,0,0,00:00:00,117) [deferwq]
(root,0,0,00:00:00,118) [charger_manager]
(root,0,0,00:00:00,158) [kpsmoused]
(root,0,0,00:00:00,167) [scsi_eh_0]
(root,0,0,00:00:00,171) [scsi_tmf_0]
(root,0,0,00:00:00,174) [scsi_eh_1]
(root,0,0,00:00:00,175) [scsi_tmf_1]
(root,0,0,00:00:00,199) [ttm_swap]
(root,0,0,00:00:00,204) [bioset]
(root,0,0,00:00:00,210) [scsi_eh_2]
(root,0,0,00:00:00,211) [scsi_tmf_2]
(root,0,0,00:03:06,212) [usb-storage]
(root,0,0,00:00:00,213) [uas]
(root,0,0,00:00:00,214) [scsi_eh_3]
(root,0,0,00:00:00,215) [scsi_tmf_3]
(root,0,0,00:03:05,216) [usb-storage]
(root,0,0,00:00:00,246) [scsi_eh_4]
(root,0,0,00:00:00,247) [scsi_tmf_4]
(root,0,0,00:02:29,248) [usb-storage]
(root,0,0,00:00:00,287) [bioset]
(root,0,0,00:00:00,301) [raid5wq]
(root,0,0,00:00:00,304) [bioset]
(root,0,0,00:00:00,333) [bioset]
(root,0,0,00:00:00,359) [bioset]
(root,0,0,00:00:03,366) [kworker/0:1H]
(root,0,0,00:00:02,369) [kworker/2:1H]
(root,0,0,00:01:16,371) [jbd2/sda1-8]
(root,0,0,00:00:00,372) [ext4-rsv-conver]
(root,0,0,00:00:10,420) [kworker/7:1H]
(root,0,0,00:00:03,427) [kworker/4:1H]
(root,0,0,00:00:00,442) [kauditd]
(root,0,0,00:00:00,445) [iscsi_eh]
(root,0,0,00:00:04,451) [kworker/6:1H]
(root,0,0,00:00:03,454) [kworker/3:1H]
(root,0,0,00:00:03,455) [kworker/5:1H]
(root,35372,3964,00:34:35,460) /lib/systemd/systemd-journald
(root,0,0,00:00:00,465) [ib_addr]
(root,0,0,00:00:00,468) [ib_mcast]
(root,0,0,00:00:00,469) [ib_nl_sa_wq]
(root,0,0,00:00:00,472) [ib_cm]
(root,0,0,00:00:00,474) [iw_cm_wq]
(root,0,0,00:00:00,475) [rdma_cm]
(root,94768,1564,00:00:00,502) /sbin/lvmetad -f
(root,44964,4428,00:00:03,515) /lib/systemd/systemd-udevd
(root,0,0,00:00:08,534) [kworker/1:1H]
(systemd+,100320,2572,00:00:03,562) /lib/systemd/systemd-timesyncd
(root,0,0,00:00:00,722) [kvm-irqfd-clean]
(root,0,0,00:00:00,756) [kworker/u16:1]
(root,4392,1268,00:00:00,1082) /usr/sbin/acpid
(syslog,256388,4224,00:08:14,1084) /usr/sbin/rsyslogd -n
(root,30816,2800,00:00:11,1092) /usr/sbin/cron -f
(root,280044,6340,00:05:38,1105) /usr/lib/accountsservice/accounts-daemon
(message+,42900,3892,00:08:56,1107) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation
(root,28624,3152,00:02:58,1126) /lib/systemd/systemd-logind
(daemon,26040,2148,00:00:00,1129) /usr/sbin/atd -f
(root,235772,2192,00:00:55,1139) /usr/bin/lxcfs /var/lib/lxcfs/
(root,13368,164,00:00:00,1164) /sbin/mdadm --monitor --pid-file /run/mdadm/monitor.pid --daemonise --scan --syslog
(root,58208,4180,00:00:06,1166) lldpd: monitor
(root,5216,152,00:01:02,1218) /sbin/iscsid
(root,5716,3508,00:04:29,1219) /sbin/iscsid
(root,19568,2100,00:06:08,1367) /usr/sbin/irqbalance --pid=/var/run/irqbalance.pid
(root,14232,2164,00:04:03,1406) /usr/sbin/lldpad -d
(root,277084,6124,00:00:00,1425) /usr/lib/policykit-1/polkitd --no-debug
(root,65508,6420,00:04:32,1451) /usr/sbin/sshd -D
(root,15052,2164,00:00:15,1473) /usr/sbin/xinetd -pidfile /run/xinetd.pid -stayalive -inetd_compat -inetd_ipv6
(_lldpd,58208,2736,00:01:02,1489) lldpd: 2 neighbors
(root,154496,38700,00:02:31,1589) /usr/bin/ruby /usr/bin/puppet agent
(root,17772,1788,00:00:19,1647) /sbin/agetty --noclear tty1 linux
(root,108184,2720,00:00:05,1653) /usr/bin/monit -c /etc/monit/monitrc
(root,0,0,00:00:00,11207) [kworker/2:1]
(root,0,0,00:00:00,11539) [kworker/0:1]
(root,0,0,00:00:00,11985) [kworker/u16:3]
(root,0,0,00:00:00,12506) [kworker/5:0]
(root,52028,2916,00:00:00,13050) /usr/sbin/CRON -f
(root,4500,696,00:00:00,13063) /bin/sh -c /bin/bash /usr/local/bin/checklist.sh 1800 >> /var/log/status.log
(root,16528,3064,00:00:00,13068) /bin/bash /usr/local/bin/checklist.sh 1800
(root,9124,652,00:00:00,13079) sleep 1698
(root,0,0,00:00:00,13155) [kworker/4:0]
(root,0,0,00:00:00,13394) [kworker/7:2]
(root,0,0,00:00:00,13514) [kworker/6:1]
(root,0,0,00:00:00,14393) [kworker/2:2]
(root,0,0,00:00:00,14513) [kworker/1:2]
(root,0,0,00:00:00,14644) [kworker/3:2]
(root,42028,6080,00:01:21,15098) /usr/sbin/openvpn --daemon ovpn-99 --status /run/openvpn/99.status 10 --cd /etc/openvpn --script-security 2 --config /etc/openvpn/99.conf --writepid /run/openvpn/99.pid
(root,0,0,00:00:00,15246) [kworker/0:0]
(root,0,0,00:00:00,16210) [kworker/4:2]
(root,0,0,00:00:00,16463) [kworker/7:0]
(root,0,0,00:00:00,16808) [kworker/5:2]
(root,0,0,00:00:00,17088) [kworker/u16:2]
(root,0,0,00:00:00,17190) [kworker/6:0]
(root,0,0,00:00:00,18026) [kworker/1:1]
(root,0,0,00:00:00,18607) [kworker/3:0]
(chilli,33916,11096,1-00:57:37,19060) /usr/sbin/chilli --fg
(root,0,0,00:00:00,19104) [kworker/4:1]
(root,0,0,00:00:00,19313) [kworker/u16:4]
(root,0,0,00:00:00,19556) [kworker/7:1]
(root,0,0,00:00:00,20941) [kworker/0:2]
(root,0,0,00:00:00,21179) [kworker/2:0]
(root,0,0,00:00:00,21301) [kworker/6:2]
(root,52028,2952,00:00:00,21474) /usr/sbin/CRON -f
(root,4500,696,00:00:00,21479) /bin/sh -c /bin/bash /usr/local/bin/checklist.sh 1800 >> /var/log/status.log
(root,16528,2976,00:00:00,21482) /bin/bash /usr/local/bin/checklist.sh 1800
(root,9124,644,00:00:00,21486) sleep 759
(root,0,0,00:00:00,21532) [kworker/1:0]
(root,0,0,00:00:00,21770) [systemctl] <defunct>
(root,0,0,00:00:00,21771) [lookup.check.sh] <defunct>
(root,92808,6628,00:00:00,21784) sshd: root [priv]
(sshd,65508,3216,00:00:00,21785) sshd: root [net]
(root,65508,5860,00:00:00,21786) sshd: [accepted]
(sshd,65508,3204,00:00:00,21790) sshd: [net]
(root,24928,3156,00:00:00,21856) /bin/bash /usr/bin/check_mk_agent
(root,34420,2916,00:00:00,21875) ps ax -o user,vsz,rss,cputime,pid,command --columns 10000
(root,13360,1008,00:00:00,21876) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4,\5) /
(dnsmasq,56864,2704,00:07:20,22483) /usr/sbin/dnsmasq -x /run/dnsmasq/dnsmasq.pid -u dnsmasq -I lo -7 /etc/dnsmasq.d,.dpkg-dist,.dpkg-old,.dpkg-new --local-service --trust-anchor=.,19036,8,2,49aac11d7b6f6446702e54a1607371607a1a41855200fd2ce1cdde32f24e8fb5 --trust-anchor=.,20326,8,2,e06d44b80b8f1d39a95c0b0d7c65d08458e880409bbc683457104237c7f8ec8d
(root,0,0,00:00:00,25407) [kworker/u16:0]

Found on 2024-12-13 23:15

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcb0928f4f5d588c3c6d1d4d0fd5fda439853c97b36

Found public CheckMk agent:
Version: 1.2.6p12
AgentOS: linux
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
OnlyFrom: 

Found process list through CheckMk:
(root,185136,5664,03:03:54,1) /sbin/init
(root,0,0,00:00:04,2) [kthreadd]
(root,0,0,00:00:47,3) [ksoftirqd/0]
(root,0,0,00:00:00,5) [kworker/0:0H]
(root,0,0,00:38:49,7) [rcu_sched]
(root,0,0,00:00:00,8) [rcu_bh]
(root,0,0,00:00:36,9) [migration/0]
(root,0,0,00:00:08,10) [watchdog/0]
(root,0,0,00:00:08,11) [watchdog/1]
(root,0,0,00:00:36,12) [migration/1]
(root,0,0,00:01:31,13) [ksoftirqd/1]
(root,0,0,00:00:00,15) [kworker/1:0H]
(root,0,0,00:00:08,16) [watchdog/2]
(root,0,0,00:00:34,17) [migration/2]
(root,0,0,00:00:56,18) [ksoftirqd/2]
(root,0,0,00:00:00,20) [kworker/2:0H]
(root,0,0,00:00:06,21) [watchdog/3]
(root,0,0,00:00:34,22) [migration/3]
(root,0,0,00:00:56,23) [ksoftirqd/3]
(root,0,0,00:00:00,25) [kworker/3:0H]
(root,0,0,00:00:08,26) [watchdog/4]
(root,0,0,00:00:35,27) [migration/4]
(root,0,0,00:00:55,28) [ksoftirqd/4]
(root,0,0,00:00:00,30) [kworker/4:0H]
(root,0,0,00:00:06,31) [watchdog/5]
(root,0,0,00:00:35,32) [migration/5]
(root,0,0,00:00:53,33) [ksoftirqd/5]
(root,0,0,00:00:00,35) [kworker/5:0H]
(root,0,0,00:00:08,36) [watchdog/6]
(root,0,0,00:00:37,37) [migration/6]
(root,0,0,00:01:09,38) [ksoftirqd/6]
(root,0,0,00:00:00,40) [kworker/6:0H]
(root,0,0,00:00:06,41) [watchdog/7]
(root,0,0,00:00:37,42) [migration/7]
(root,0,0,00:01:16,43) [ksoftirqd/7]
(root,0,0,00:00:00,45) [kworker/7:0H]
(root,0,0,00:00:00,46) [kdevtmpfs]
(root,0,0,00:00:00,47) [netns]
(root,0,0,00:00:00,48) [perf]
(root,0,0,00:00:02,49) [khungtaskd]
(root,0,0,00:00:00,50) [writeback]
(root,0,0,00:00:00,51) [ksmd]
(root,0,0,00:00:00,52) [khugepaged]
(root,0,0,00:00:00,53) [crypto]
(root,0,0,00:00:00,54) [kintegrityd]
(root,0,0,00:00:00,55) [bioset]
(root,0,0,00:00:00,56) [kblockd]
(root,0,0,00:00:00,57) [ata_sff]
(root,0,0,00:00:00,58) [md]
(root,0,0,00:00:00,59) [devfreq_wq]
(root,0,0,00:00:00,64) [kswapd0]
(root,0,0,00:00:00,65) [vmstat]
(root,0,0,00:00:00,66) [fsnotify_mark]
(root,0,0,00:00:00,67) [ecryptfs-kthrea]
(root,0,0,00:00:00,83) [kthrotld]
(root,0,0,00:00:00,90) [acpi_thermal_pm]
(root,0,0,00:00:00,91) [bioset]
(root,0,0,00:00:00,92) [bioset]
(root,0,0,00:00:00,93) [bioset]
(root,0,0,00:00:00,94) [bioset]
(root,0,0,00:00:00,95) [bioset]
(root,0,0,00:00:00,96) [bioset]
(root,0,0,00:00:00,97) [bioset]
(root,0,0,00:00:00,98) [bioset]
(root,0,0,00:00:00,103) [ipv6_addrconf]
(root,0,0,00:00:00,117) [deferwq]
(root,0,0,00:00:00,118) [charger_manager]
(root,0,0,00:00:00,158) [kpsmoused]
(root,0,0,00:00:00,167) [scsi_eh_0]
(root,0,0,00:00:00,171) [scsi_tmf_0]
(root,0,0,00:00:00,174) [scsi_eh_1]
(root,0,0,00:00:00,175) [scsi_tmf_1]
(root,0,0,00:00:00,199) [ttm_swap]
(root,0,0,00:00:00,204) [bioset]
(root,0,0,00:00:00,210) [scsi_eh_2]
(root,0,0,00:00:00,211) [scsi_tmf_2]
(root,0,0,00:02:57,212) [usb-storage]
(root,0,0,00:00:00,213) [uas]
(root,0,0,00:00:00,214) [scsi_eh_3]
(root,0,0,00:00:00,215) [scsi_tmf_3]
(root,0,0,00:02:56,216) [usb-storage]
(root,0,0,00:00:00,246) [scsi_eh_4]
(root,0,0,00:00:00,247) [scsi_tmf_4]
(root,0,0,00:02:22,248) [usb-storage]
(root,0,0,00:00:00,287) [bioset]
(root,0,0,00:00:00,301) [raid5wq]
(root,0,0,00:00:00,304) [bioset]
(root,0,0,00:00:00,333) [bioset]
(root,0,0,00:00:00,359) [bioset]
(root,0,0,00:00:03,366) [kworker/0:1H]
(root,0,0,00:00:02,369) [kworker/2:1H]
(root,0,0,00:01:11,371) [jbd2/sda1-8]
(root,0,0,00:00:00,372) [ext4-rsv-conver]
(root,0,0,00:00:10,420) [kworker/7:1H]
(root,0,0,00:00:02,427) [kworker/4:1H]
(root,0,0,00:00:00,442) [kauditd]
(root,0,0,00:00:00,445) [iscsi_eh]
(root,0,0,00:00:03,451) [kworker/6:1H]
(root,0,0,00:00:03,454) [kworker/3:1H]
(root,0,0,00:00:03,455) [kworker/5:1H]
(root,35372,6900,00:31:57,460) /lib/systemd/systemd-journald
(root,0,0,00:00:00,465) [ib_addr]
(root,0,0,00:00:00,468) [ib_mcast]
(root,0,0,00:00:00,469) [ib_nl_sa_wq]
(root,0,0,00:00:00,472) [ib_cm]
(root,0,0,00:00:00,474) [iw_cm_wq]
(root,0,0,00:00:00,475) [rdma_cm]
(root,94768,1564,00:00:00,502) /sbin/lvmetad -f
(root,44964,4428,00:00:03,515) /lib/systemd/systemd-udevd
(root,0,0,00:00:07,534) [kworker/1:1H]
(systemd+,100320,2572,00:00:03,562) /lib/systemd/systemd-timesyncd
(root,0,0,00:00:00,722) [kvm-irqfd-clean]
(root,4392,1268,00:00:00,1082) /usr/sbin/acpid
(syslog,256388,4224,00:07:33,1084) /usr/sbin/rsyslogd -n
(root,30816,2800,00:00:10,1092) /usr/sbin/cron -f
(root,280044,6340,00:05:08,1105) /usr/lib/accountsservice/accounts-daemon
(message+,42900,3892,00:08:32,1107) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation
(root,28624,3152,00:02:50,1126) /lib/systemd/systemd-logind
(daemon,26040,2148,00:00:00,1129) /usr/sbin/atd -f
(root,235772,2192,00:00:52,1139) /usr/bin/lxcfs /var/lib/lxcfs/
(root,13368,164,00:00:00,1164) /sbin/mdadm --monitor --pid-file /run/mdadm/monitor.pid --daemonise --scan --syslog
(root,58208,4180,00:00:05,1166) lldpd: monitor
(root,5216,152,00:00:59,1218) /sbin/iscsid
(root,5716,3508,00:04:17,1219) /sbin/iscsid
(root,19568,2100,00:05:52,1367) /usr/sbin/irqbalance --pid=/var/run/irqbalance.pid
(root,14232,2164,00:03:52,1406) /usr/sbin/lldpad -d
(root,277084,6124,00:00:00,1425) /usr/lib/policykit-1/polkitd --no-debug
(root,65508,6420,00:03:52,1451) /usr/sbin/sshd -D
(root,15052,2164,00:00:14,1473) /usr/sbin/xinetd -pidfile /run/xinetd.pid -stayalive -inetd_compat -inetd_ipv6
(_lldpd,58208,2736,00:00:59,1489) lldpd: 2 neighbors
(root,154496,38700,00:02:24,1589) /usr/bin/ruby /usr/bin/puppet agent
(root,17772,1788,00:00:19,1647) /sbin/agetty --noclear tty1 linux
(root,0,0,00:00:00,7917) [kworker/0:2]
(root,0,0,00:00:00,8761) [kworker/7:2]
(root,0,0,00:00:00,9735) [kworker/1:1]
(root,0,0,00:00:00,11448) [kworker/4:2]
(root,0,0,00:00:00,11931) [kworker/5:2]
(root,0,0,00:00:00,12779) [kworker/6:0]
(root,0,0,00:00:00,13379) [kworker/3:0]
(root,0,0,00:00:00,13634) [kworker/2:2]
(root,0,0,00:00:00,14607) [kworker/4:1]
(root,42028,6080,00:01:05,15098) /usr/sbin/openvpn --daemon ovpn-99 --status /run/openvpn/99.status 10 --cd /etc/openvpn --script-security 2 --config /etc/openvpn/99.conf --writepid /run/openvpn/99.pid
(root,0,0,00:00:00,15209) [kworker/0:0]
(root,0,0,00:00:00,15466) [kworker/1:2]
(root,0,0,00:00:00,15601) [kworker/7:1]
(root,0,0,00:00:00,16268) [kworker/6:2]
(root,0,0,00:00:00,16649) [kworker/5:1]
(root,0,0,00:00:00,16680) [kworker/u16:1]
(root,0,0,00:00:00,17018) [kworker/2:1]
(root,0,0,00:00:00,17366) [kworker/3:1]
(root,0,0,00:00:00,18689) [kworker/1:0]
(root,0,0,00:00:00,18940) [kworker/u16:4]
(chilli,33916,11096,23:58:21,19060) /usr/sbin/chilli --fg
(root,0,0,00:00:00,19900) [kworker/6:1]
(root,0,0,00:00:00,20207) [kworker/0:1]
(root,0,0,00:00:00,20540) [kworker/3:2]
(root,0,0,00:00:00,20656) [kworker/7:0]
(root,0,0,00:00:00,20659) [systemctl] <defunct>
(root,0,0,00:00:00,20660) [lookup.check.sh] <defunct>
(root,0,0,00:00:00,20789) [kworker/2:0]
(root,65508,5852,00:00:00,20797) sshd: [accepted]
(sshd,65508,724,00:00:00,20807) sshd: [net]
(root,92676,6824,00:00:00,20808) sshd: root [priv]
(sshd,65508,3224,00:00:00,20809) sshd: root [net]
(root,92676,6752,00:00:00,20810) sshd: unknown [priv]
(sshd,65508,3160,00:00:00,20811) sshd: unknown [net]
(root,24928,3320,00:00:00,21078) /bin/bash /usr/bin/check_mk_agent
(root,34420,2916,00:00:00,21097) ps ax -o user,vsz,rss,cputime,pid,command --columns 10000
(root,13360,996,00:00:00,21098) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4,\5) /
(root,0,0,00:00:00,21399) [kworker/u16:0]
(dnsmasq,56864,2704,00:06:00,22483) /usr/sbin/dnsmasq -x /run/dnsmasq/dnsmasq.pid -u dnsmasq -I lo -7 /etc/dnsmasq.d,.dpkg-dist,.dpkg-old,.dpkg-new --local-service --trust-anchor=.,19036,8,2,49aac11d7b6f6446702e54a1607371607a1a41855200fd2ce1cdde32f24e8fb5 --trust-anchor=.,20326,8,2,e06d44b80b8f1d39a95c0b0d7c65d08458e880409bbc683457104237c7f8ec8d
(root,108184,2704,00:00:01,23614) /usr/bin/monit -c /etc/monit/monitrc
(root,0,0,00:00:00,27742) [kworker/u16:3]
(root,0,0,00:00:00,31854) [kworker/u16:2]

Found on 2024-12-11 21:37

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcb0928f4f5d588c3c6d1d4d0fd5fda4398e632f329

Found public CheckMk agent:
Version: 1.2.6p12
AgentOS: linux
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
OnlyFrom: 

Found process list through CheckMk:
(root,185132,5660,02:55:40,1) /sbin/init
(root,0,0,00:00:04,2) [kthreadd]
(root,0,0,00:00:45,3) [ksoftirqd/0]
(root,0,0,00:00:00,5) [kworker/0:0H]
(root,0,0,00:36:32,7) [rcu_sched]
(root,0,0,00:00:00,8) [rcu_bh]
(root,0,0,00:00:34,9) [migration/0]
(root,0,0,00:00:08,10) [watchdog/0]
(root,0,0,00:00:07,11) [watchdog/1]
(root,0,0,00:00:34,12) [migration/1]
(root,0,0,00:01:25,13) [ksoftirqd/1]
(root,0,0,00:00:00,15) [kworker/1:0H]
(root,0,0,00:00:08,16) [watchdog/2]
(root,0,0,00:00:32,17) [migration/2]
(root,0,0,00:00:53,18) [ksoftirqd/2]
(root,0,0,00:00:00,20) [kworker/2:0H]
(root,0,0,00:00:06,21) [watchdog/3]
(root,0,0,00:00:33,22) [migration/3]
(root,0,0,00:00:53,23) [ksoftirqd/3]
(root,0,0,00:00:00,25) [kworker/3:0H]
(root,0,0,00:00:08,26) [watchdog/4]
(root,0,0,00:00:33,27) [migration/4]
(root,0,0,00:00:51,28) [ksoftirqd/4]
(root,0,0,00:00:00,30) [kworker/4:0H]
(root,0,0,00:00:06,31) [watchdog/5]
(root,0,0,00:00:33,32) [migration/5]
(root,0,0,00:00:50,33) [ksoftirqd/5]
(root,0,0,00:00:00,35) [kworker/5:0H]
(root,0,0,00:00:08,36) [watchdog/6]
(root,0,0,00:00:35,37) [migration/6]
(root,0,0,00:01:05,38) [ksoftirqd/6]
(root,0,0,00:00:00,40) [kworker/6:0H]
(root,0,0,00:00:06,41) [watchdog/7]
(root,0,0,00:00:35,42) [migration/7]
(root,0,0,00:01:12,43) [ksoftirqd/7]
(root,0,0,00:00:00,45) [kworker/7:0H]
(root,0,0,00:00:00,46) [kdevtmpfs]
(root,0,0,00:00:00,47) [netns]
(root,0,0,00:00:00,48) [perf]
(root,0,0,00:00:02,49) [khungtaskd]
(root,0,0,00:00:00,50) [writeback]
(root,0,0,00:00:00,51) [ksmd]
(root,0,0,00:00:00,52) [khugepaged]
(root,0,0,00:00:00,53) [crypto]
(root,0,0,00:00:00,54) [kintegrityd]
(root,0,0,00:00:00,55) [bioset]
(root,0,0,00:00:00,56) [kblockd]
(root,0,0,00:00:00,57) [ata_sff]
(root,0,0,00:00:00,58) [md]
(root,0,0,00:00:00,59) [devfreq_wq]
(root,0,0,00:00:00,64) [kswapd0]
(root,0,0,00:00:00,65) [vmstat]
(root,0,0,00:00:00,66) [fsnotify_mark]
(root,0,0,00:00:00,67) [ecryptfs-kthrea]
(root,0,0,00:00:00,83) [kthrotld]
(root,0,0,00:00:00,90) [acpi_thermal_pm]
(root,0,0,00:00:00,91) [bioset]
(root,0,0,00:00:00,92) [bioset]
(root,0,0,00:00:00,93) [bioset]
(root,0,0,00:00:00,94) [bioset]
(root,0,0,00:00:00,95) [bioset]
(root,0,0,00:00:00,96) [bioset]
(root,0,0,00:00:00,97) [bioset]
(root,0,0,00:00:00,98) [bioset]
(root,0,0,00:00:00,103) [ipv6_addrconf]
(root,0,0,00:00:00,117) [deferwq]
(root,0,0,00:00:00,118) [charger_manager]
(root,0,0,00:00:00,158) [kpsmoused]
(root,0,0,00:00:00,167) [scsi_eh_0]
(root,0,0,00:00:00,171) [scsi_tmf_0]
(root,0,0,00:00:00,174) [scsi_eh_1]
(root,0,0,00:00:00,175) [scsi_tmf_1]
(root,0,0,00:00:00,199) [ttm_swap]
(root,0,0,00:00:00,204) [bioset]
(root,0,0,00:00:00,210) [scsi_eh_2]
(root,0,0,00:00:00,211) [scsi_tmf_2]
(root,0,0,00:02:50,212) [usb-storage]
(root,0,0,00:00:00,213) [uas]
(root,0,0,00:00:00,214) [scsi_eh_3]
(root,0,0,00:00:00,215) [scsi_tmf_3]
(root,0,0,00:02:49,216) [usb-storage]
(root,0,0,00:00:00,246) [scsi_eh_4]
(root,0,0,00:00:00,247) [scsi_tmf_4]
(root,0,0,00:02:16,248) [usb-storage]
(root,0,0,00:00:00,287) [bioset]
(root,0,0,00:00:00,301) [raid5wq]
(root,0,0,00:00:00,304) [bioset]
(root,0,0,00:00:00,331) [kworker/7:0]
(root,0,0,00:00:00,333) [bioset]
(root,0,0,00:00:00,359) [bioset]
(root,0,0,00:00:03,366) [kworker/0:1H]
(root,0,0,00:00:02,369) [kworker/2:1H]
(root,0,0,00:01:07,371) [jbd2/sda1-8]
(root,0,0,00:00:00,372) [ext4-rsv-conver]
(root,0,0,00:00:09,420) [kworker/7:1H]
(root,0,0,00:00:02,427) [kworker/4:1H]
(root,0,0,00:00:00,442) [kauditd]
(root,0,0,00:00:00,445) [iscsi_eh]
(root,0,0,00:00:03,451) [kworker/6:1H]
(root,0,0,00:00:03,454) [kworker/3:1H]
(root,0,0,00:00:03,455) [kworker/5:1H]
(root,35372,7748,00:29:17,460) /lib/systemd/systemd-journald
(root,0,0,00:00:00,465) [ib_addr]
(root,0,0,00:00:00,468) [ib_mcast]
(root,0,0,00:00:00,469) [ib_nl_sa_wq]
(root,0,0,00:00:00,472) [ib_cm]
(root,0,0,00:00:00,474) [iw_cm_wq]
(root,0,0,00:00:00,475) [rdma_cm]
(root,94768,1564,00:00:00,502) /sbin/lvmetad -f
(root,44964,4428,00:00:03,515) /lib/systemd/systemd-udevd
(root,0,0,00:00:07,534) [kworker/1:1H]
(systemd+,100320,2572,00:00:03,562) /lib/systemd/systemd-timesyncd
(root,0,0,00:00:00,722) [kvm-irqfd-clean]
(root,4392,1268,00:00:00,1082) /usr/sbin/acpid
(syslog,256388,4224,00:06:51,1084) /usr/sbin/rsyslogd -n
(root,30816,2800,00:00:10,1092) /usr/sbin/cron -f
(root,280044,6340,00:04:39,1105) /usr/lib/accountsservice/accounts-daemon
(message+,42900,3892,00:08:10,1107) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation
(root,28624,3152,00:02:43,1126) /lib/systemd/systemd-logind
(daemon,26040,2148,00:00:00,1129) /usr/sbin/atd -f
(root,235772,2192,00:00:50,1139) /usr/bin/lxcfs /var/lib/lxcfs/
(root,13368,164,00:00:00,1164) /sbin/mdadm --monitor --pid-file /run/mdadm/monitor.pid --daemonise --scan --syslog
(root,58208,4180,00:00:05,1166) lldpd: monitor
(root,5216,152,00:00:56,1218) /sbin/iscsid
(root,5716,3508,00:04:05,1219) /sbin/iscsid
(root,19568,2100,00:05:36,1367) /usr/sbin/irqbalance --pid=/var/run/irqbalance.pid
(root,14232,2164,00:03:41,1406) /usr/sbin/lldpad -d
(root,277084,6124,00:00:00,1425) /usr/lib/policykit-1/polkitd --no-debug
(root,65508,6420,00:03:18,1451) /usr/sbin/sshd -D
(root,15052,2164,00:00:13,1473) /usr/sbin/xinetd -pidfile /run/xinetd.pid -stayalive -inetd_compat -inetd_ipv6
(_lldpd,58208,2736,00:00:57,1489) lldpd: 2 neighbors
(root,154496,38700,00:02:18,1589) /usr/bin/ruby /usr/bin/puppet agent
(root,17772,1788,00:00:19,1647) /sbin/agetty --noclear tty1 linux
(root,0,0,00:00:00,1703) [kworker/0:2]
(root,0,0,00:00:00,2049) [kworker/1:2]
(root,0,0,00:00:00,2960) [kworker/2:1]
(root,0,0,00:00:00,3542) [kworker/6:0]
(root,0,0,00:00:00,3665) [kworker/5:1]
(root,0,0,00:00:00,3914) [kworker/4:1]
(root,0,0,00:00:00,4159) [kworker/3:0]
(root,0,0,00:00:00,5080) [kworker/1:1]
(root,0,0,00:00:00,5323) [kworker/7:1]
(root,0,0,00:00:00,5918) [kworker/2:0]
(root,0,0,00:00:00,6053) [kworker/0:1]
(root,0,0,00:00:00,6268) [kworker/u16:3]
(root,0,0,00:00:00,6641) [kworker/6:2]
(root,0,0,00:00:00,6884) [kworker/5:2]
(root,0,0,00:00:00,7593) [kworker/3:2]
(root,52028,2964,00:00:00,7595) /usr/sbin/CRON -f
(root,4500,744,00:00:00,7603) /bin/sh -c /bin/bash /usr/local/bin/checklist.sh 1800 >> /var/log/status.log
(root,16528,2944,00:00:00,7605) /bin/bash /usr/local/bin/checklist.sh 1800
(root,9124,660,00:00:00,7624) sleep 787
(root,0,0,00:00:00,8004) [kworker/4:2]
(root,0,0,00:00:00,8129) [kworker/1:0]
(root,0,0,00:00:00,8255) [kworker/7:2]
(root,0,0,00:00:00,8956) [kworker/0:0]
(root,0,0,00:00:00,9784) [kworker/2:2]
(root,65508,6044,00:00:00,10018) sshd: [accepted]
(root,0,0,00:00:00,10310) [kworker/u16:0]
(root,0,0,00:00:00,10365) [kworker/5:0]
(root,0,0,00:00:00,10494) [kworker/6:1]
(root,0,0,00:00:00,10618) [systemctl] <defunct>
(root,0,0,00:00:00,10619) [lookup.check.sh] <defunct>
(root,92676,6528,00:00:00,10755) sshd: root [priv]
(sshd,65508,3208,00:00:00,10756) sshd: root [net]
(root,92676,6568,00:00:00,10757) sshd: root [priv]
(sshd,65508,3216,00:00:00,10758) sshd: root [net]
(root,92676,6608,00:00:00,10760) sshd: unknown [priv]
(sshd,65508,3216,00:00:00,10761) sshd: unknown [net]
(root,24932,3324,00:00:00,10766) /bin/bash /usr/bin/check_mk_agent
(root,18072,2908,00:00:00,10879) /bin/bash ./public_ip
(root,24928,3156,00:00:00,10880) /bin/bash /usr/bin/check_mk_agent
(root,189236,8396,00:00:00,10881) dig +short myip.opendns.com @resolver1.opendns.com
(root,34420,2932,00:00:00,10903) ps ax -o user,vsz,rss,cputime,pid,command --columns 10000
(root,13360,1044,00:00:00,10904) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4,\5) /
(root,0,0,00:00:01,12249) [kworker/u16:2]
(root,42028,6080,00:00:51,15098) /usr/sbin/openvpn --daemon ovpn-99 --status /run/openvpn/99.status 10 --cd /etc/openvpn --script-security 2 --config /etc/openvpn/99.conf --writepid /run/openvpn/99.pid
(root,0,0,00:00:00,17584) [kworker/u16:1]
(chilli,33916,11096,22:30:14,19060) /usr/sbin/chilli --fg
(dnsmasq,56864,2704,00:04:14,22483) /usr/sbin/dnsmasq -x /run/dnsmasq/dnsmasq.pid -u dnsmasq -I lo -7 /etc/dnsmasq.d,.dpkg-dist,.dpkg-old,.dpkg-new --local-service --trust-anchor=.,19036,8,2,49aac11d7b6f6446702e54a1607371607a1a41855200fd2ce1cdde32f24e8fb5 --trust-anchor=.,20326,8,2,e06d44b80b8f1d39a95c0b0d7c65d08458e880409bbc683457104237c7f8ec8d
(root,0,0,00:00:00,23381) [kworker/u16:4]
(root,108184,2732,00:00:04,28992) /usr/bin/monit -c /etc/monit/monitrc

Found on 2024-12-09 23:05

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcb0928f4f5d588c3c6d1d4d0fd5fda43982efbb200

Found public CheckMk agent:
Version: 1.2.6p12
AgentOS: linux
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
OnlyFrom: 

Found process list through CheckMk:
(root,185132,5660,02:47:37,1) /sbin/init
(root,0,0,00:00:03,2) [kthreadd]
(root,0,0,00:00:42,3) [ksoftirqd/0]
(root,0,0,00:00:00,5) [kworker/0:0H]
(root,0,0,00:34:57,7) [rcu_sched]
(root,0,0,00:00:00,8) [rcu_bh]
(root,0,0,00:00:33,9) [migration/0]
(root,0,0,00:00:08,10) [watchdog/0]
(root,0,0,00:00:07,11) [watchdog/1]
(root,0,0,00:00:33,12) [migration/1]
(root,0,0,00:01:22,13) [ksoftirqd/1]
(root,0,0,00:00:00,15) [kworker/1:0H]
(root,0,0,00:00:07,16) [watchdog/2]
(root,0,0,00:00:31,17) [migration/2]
(root,0,0,00:00:51,18) [ksoftirqd/2]
(root,0,0,00:00:00,20) [kworker/2:0H]
(root,0,0,00:00:06,21) [watchdog/3]
(root,0,0,00:00:31,22) [migration/3]
(root,0,0,00:00:51,23) [ksoftirqd/3]
(root,0,0,00:00:00,25) [kworker/3:0H]
(root,0,0,00:00:07,26) [watchdog/4]
(root,0,0,00:00:32,27) [migration/4]
(root,0,0,00:00:49,28) [ksoftirqd/4]
(root,0,0,00:00:00,30) [kworker/4:0H]
(root,0,0,00:00:06,31) [watchdog/5]
(root,0,0,00:00:32,32) [migration/5]
(root,0,0,00:00:48,33) [ksoftirqd/5]
(root,0,0,00:00:00,35) [kworker/5:0H]
(root,0,0,00:00:07,36) [watchdog/6]
(root,0,0,00:00:33,37) [migration/6]
(root,0,0,00:01:02,38) [ksoftirqd/6]
(root,0,0,00:00:00,40) [kworker/6:0H]
(root,0,0,00:00:06,41) [watchdog/7]
(root,0,0,00:00:33,42) [migration/7]
(root,0,0,00:01:09,43) [ksoftirqd/7]
(root,0,0,00:00:00,45) [kworker/7:0H]
(root,0,0,00:00:00,46) [kdevtmpfs]
(root,0,0,00:00:00,47) [netns]
(root,0,0,00:00:00,48) [perf]
(root,0,0,00:00:02,49) [khungtaskd]
(root,0,0,00:00:00,50) [writeback]
(root,0,0,00:00:00,51) [ksmd]
(root,0,0,00:00:00,52) [khugepaged]
(root,0,0,00:00:00,53) [crypto]
(root,0,0,00:00:00,54) [kintegrityd]
(root,0,0,00:00:00,55) [bioset]
(root,0,0,00:00:00,56) [kblockd]
(root,0,0,00:00:00,57) [ata_sff]
(root,0,0,00:00:00,58) [md]
(root,0,0,00:00:00,59) [devfreq_wq]
(root,0,0,00:00:00,64) [kswapd0]
(root,0,0,00:00:00,65) [vmstat]
(root,0,0,00:00:00,66) [fsnotify_mark]
(root,0,0,00:00:00,67) [ecryptfs-kthrea]
(root,0,0,00:00:00,83) [kthrotld]
(root,0,0,00:00:00,90) [acpi_thermal_pm]
(root,0,0,00:00:00,91) [bioset]
(root,0,0,00:00:00,92) [bioset]
(root,0,0,00:00:00,93) [bioset]
(root,0,0,00:00:00,94) [bioset]
(root,0,0,00:00:00,95) [bioset]
(root,0,0,00:00:00,96) [bioset]
(root,0,0,00:00:00,97) [bioset]
(root,0,0,00:00:00,98) [bioset]
(root,0,0,00:00:00,103) [ipv6_addrconf]
(root,0,0,00:00:00,117) [deferwq]
(root,0,0,00:00:00,118) [charger_manager]
(root,0,0,00:00:00,158) [kpsmoused]
(root,0,0,00:00:00,167) [scsi_eh_0]
(root,0,0,00:00:00,171) [scsi_tmf_0]
(root,0,0,00:00:00,174) [scsi_eh_1]
(root,0,0,00:00:00,175) [scsi_tmf_1]
(root,0,0,00:00:00,199) [ttm_swap]
(root,0,0,00:00:00,204) [bioset]
(root,0,0,00:00:00,210) [scsi_eh_2]
(root,0,0,00:00:00,211) [scsi_tmf_2]
(root,0,0,00:02:42,212) [usb-storage]
(root,0,0,00:00:00,213) [uas]
(root,0,0,00:00:00,214) [scsi_eh_3]
(root,0,0,00:00:00,215) [scsi_tmf_3]
(root,0,0,00:02:41,216) [usb-storage]
(root,0,0,00:00:00,246) [scsi_eh_4]
(root,0,0,00:00:00,247) [scsi_tmf_4]
(root,0,0,00:02:10,248) [usb-storage]
(root,0,0,00:00:00,287) [bioset]
(root,0,0,00:00:00,301) [raid5wq]
(root,0,0,00:00:00,304) [bioset]
(root,0,0,00:00:00,333) [bioset]
(root,0,0,00:00:00,359) [bioset]
(root,0,0,00:00:02,366) [kworker/0:1H]
(root,0,0,00:00:02,369) [kworker/2:1H]
(root,0,0,00:01:04,371) [jbd2/sda1-8]
(root,0,0,00:00:00,372) [ext4-rsv-conver]
(root,0,0,00:00:09,420) [kworker/7:1H]
(root,0,0,00:00:02,427) [kworker/4:1H]
(root,0,0,00:00:00,442) [kauditd]
(root,0,0,00:00:00,445) [iscsi_eh]
(root,0,0,00:00:03,451) [kworker/6:1H]
(root,0,0,00:00:03,454) [kworker/3:1H]
(root,0,0,00:00:02,455) [kworker/5:1H]
(root,35372,8124,00:28:02,460) /lib/systemd/systemd-journald
(root,0,0,00:00:00,465) [ib_addr]
(root,0,0,00:00:00,468) [ib_mcast]
(root,0,0,00:00:00,469) [ib_nl_sa_wq]
(root,0,0,00:00:00,472) [ib_cm]
(root,0,0,00:00:00,474) [iw_cm_wq]
(root,0,0,00:00:00,475) [rdma_cm]
(root,94768,1564,00:00:00,502) /sbin/lvmetad -f
(root,44964,4428,00:00:03,515) /lib/systemd/systemd-udevd
(root,0,0,00:00:07,534) [kworker/1:1H]
(systemd+,100320,2572,00:00:03,562) /lib/systemd/systemd-timesyncd
(root,0,0,00:00:00,722) [kvm-irqfd-clean]
(root,4392,1268,00:00:00,1082) /usr/sbin/acpid
(syslog,256388,4224,00:06:33,1084) /usr/sbin/rsyslogd -n
(root,30816,2800,00:00:09,1092) /usr/sbin/cron -f
(root,280044,6340,00:04:26,1105) /usr/lib/accountsservice/accounts-daemon
(message+,42900,3892,00:07:47,1107) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation
(root,28624,3152,00:02:35,1126) /lib/systemd/systemd-logind
(daemon,26040,2148,00:00:00,1129) /usr/sbin/atd -f
(root,235772,2192,00:00:47,1139) /usr/bin/lxcfs /var/lib/lxcfs/
(root,13368,164,00:00:00,1164) /sbin/mdadm --monitor --pid-file /run/mdadm/monitor.pid --daemonise --scan --syslog
(root,58208,4180,00:00:05,1166) lldpd: monitor
(root,5216,152,00:00:54,1218) /sbin/iscsid
(root,5716,3508,00:03:54,1219) /sbin/iscsid
(root,19568,2100,00:05:21,1367) /usr/sbin/irqbalance --pid=/var/run/irqbalance.pid
(root,0,0,00:00:00,1380) [kworker/0:1]
(root,14232,2164,00:03:31,1406) /usr/sbin/lldpad -d
(root,277084,6124,00:00:00,1425) /usr/lib/policykit-1/polkitd --no-debug
(root,65508,6420,00:03:08,1451) /usr/sbin/sshd -D
(root,15052,2164,00:00:13,1473) /usr/sbin/xinetd -pidfile /run/xinetd.pid -stayalive -inetd_compat -inetd_ipv6
(_lldpd,58208,2736,00:00:54,1489) lldpd: 2 neighbors
(root,154496,38700,00:02:12,1589) /usr/bin/ruby /usr/bin/puppet agent
(root,17772,1788,00:00:19,1647) /sbin/agetty --noclear tty1 linux
(root,52028,2964,00:00:00,1916) /usr/sbin/CRON -f
(root,4500,780,00:00:00,1919) /bin/sh -c /bin/bash /usr/local/bin/checklist.sh 1800 >> /var/log/status.log
(root,16528,3056,00:00:00,1921) /bin/bash /usr/local/bin/checklist.sh 1800
(root,9124,700,00:00:00,1928) sleep 1743
(root,0,0,00:00:00,3008) [kworker/2:1]
(root,0,0,00:00:00,3355) [kworker/1:1]
(root,0,0,00:00:00,4118) [kworker/4:0]
(root,0,0,00:00:00,5238) [kworker/7:1]
(root,0,0,00:00:00,6226) [kworker/2:2]
(root,0,0,00:00:00,6541) [kworker/3:0]
(root,0,0,00:00:00,6653) [kworker/6:2]
(root,0,0,00:00:00,7316) [kworker/5:0]
(root,0,0,00:00:00,7422) [kworker/0:0]
(root,0,0,00:00:00,8305) [kworker/7:0]
(root,0,0,00:00:00,8867) [kworker/1:2]
(root,0,0,00:00:00,9081) [kworker/4:2]
(root,0,0,00:00:00,9396) [kworker/3:1]
(root,52028,2964,00:00:00,9728) /usr/sbin/CRON -f
(root,4500,744,00:00:00,9733) /bin/sh -c /bin/bash /usr/local/bin/checklist.sh 1800 >> /var/log/status.log
(root,16528,3052,00:00:00,9742) /bin/bash /usr/local/bin/checklist.sh 1800
(root,9124,668,00:00:00,9749) sleep 666
(root,0,0,00:00:00,9874) [kworker/6:0]
(root,0,0,00:00:00,10648) [kworker/5:2]
(root,0,0,00:00:00,10974) [kworker/7:2]
(root,0,0,00:00:00,11412) [kworker/0:2]
(root,0,0,00:00:00,12064) [kworker/1:0]
(root,0,0,00:00:00,12182) [kworker/u16:2]
(root,0,0,00:00:00,12620) [kworker/u16:3]
(root,0,0,00:00:00,12728) [kworker/2:0]
(root,0,0,00:00:00,12834) [kworker/4:1]
(root,0,0,00:00:00,13389) [kworker/5:1]
(root,0,0,00:00:00,13391) [systemctl] <defunct>
(root,0,0,00:00:00,13392) [lookup.check.sh] <defunct>
(root,0,0,00:00:00,13508) [kworker/6:1]
(root,24928,3156,00:00:00,13678) /bin/bash /usr/bin/check_mk_agent
(root,34420,2916,00:00:00,13697) ps ax -o user,vsz,rss,cputime,pid,command --columns 10000
(root,13360,1088,00:00:00,13698) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4,\5) /
(root,42028,6080,00:00:37,15098) /usr/sbin/openvpn --daemon ovpn-99 --status /run/openvpn/99.status 10 --cd /etc/openvpn --script-security 2 --config /etc/openvpn/99.conf --writepid /run/openvpn/99.pid
(chilli,33916,11096,21:41:44,19060) /usr/sbin/chilli --fg
(root,108184,2724,00:00:01,19271) /usr/bin/monit -c /etc/monit/monitrc
(dnsmasq,56864,2704,00:03:09,22483) /usr/sbin/dnsmasq -x /run/dnsmasq/dnsmasq.pid -u dnsmasq -I lo -7 /etc/dnsmasq.d,.dpkg-dist,.dpkg-old,.dpkg-new --local-service --trust-anchor=.,19036,8,2,49aac11d7b6f6446702e54a1607371607a1a41855200fd2ce1cdde32f24e8fb5 --trust-anchor=.,20326,8,2,e06d44b80b8f1d39a95c0b0d7c65d08458e880409bbc683457104237c7f8ec8d
(root,0,0,00:00:00,28478) [kworker/u16:0]
(root,0,0,00:00:00,31619) [kworker/u16:1]

Found on 2024-12-08 00:37

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcb0928f4f5d588c3c6d1d4d0fd5fda4398b05c2158

Found public CheckMk agent:
Version: 1.2.6p12
AgentOS: linux
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
OnlyFrom: 

Found process list through CheckMk:
(root,185132,5660,02:39:21,1) /sbin/init
(root,0,0,00:00:03,2) [kthreadd]
(root,0,0,00:00:40,3) [ksoftirqd/0]
(root,0,0,00:00:00,5) [kworker/0:0H]
(root,0,0,00:33:12,7) [rcu_sched]
(root,0,0,00:00:00,8) [rcu_bh]
(root,0,0,00:00:31,9) [migration/0]
(root,0,0,00:00:07,10) [watchdog/0]
(root,0,0,00:00:07,11) [watchdog/1]
(root,0,0,00:00:31,12) [migration/1]
(root,0,0,00:01:17,13) [ksoftirqd/1]
(root,0,0,00:00:00,15) [kworker/1:0H]
(root,0,0,00:00:07,16) [watchdog/2]
(root,0,0,00:00:29,17) [migration/2]
(root,0,0,00:00:48,18) [ksoftirqd/2]
(root,0,0,00:00:00,20) [kworker/2:0H]
(root,0,0,00:00:06,21) [watchdog/3]
(root,0,0,00:00:30,22) [migration/3]
(root,0,0,00:00:48,23) [ksoftirqd/3]
(root,0,0,00:00:00,25) [kworker/3:0H]
(root,0,0,00:00:07,26) [watchdog/4]
(root,0,0,00:00:30,27) [migration/4]
(root,0,0,00:00:46,28) [ksoftirqd/4]
(root,0,0,00:00:00,30) [kworker/4:0H]
(root,0,0,00:00:05,31) [watchdog/5]
(root,0,0,00:00:30,32) [migration/5]
(root,0,0,00:00:45,33) [ksoftirqd/5]
(root,0,0,00:00:00,35) [kworker/5:0H]
(root,0,0,00:00:07,36) [watchdog/6]
(root,0,0,00:00:32,37) [migration/6]
(root,0,0,00:00:59,38) [ksoftirqd/6]
(root,0,0,00:00:00,40) [kworker/6:0H]
(root,0,0,00:00:06,41) [watchdog/7]
(root,0,0,00:00:32,42) [migration/7]
(root,0,0,00:01:05,43) [ksoftirqd/7]
(root,0,0,00:00:00,45) [kworker/7:0H]
(root,0,0,00:00:00,46) [kdevtmpfs]
(root,0,0,00:00:00,47) [netns]
(root,0,0,00:00:00,48) [perf]
(root,0,0,00:00:02,49) [khungtaskd]
(root,0,0,00:00:00,50) [writeback]
(root,0,0,00:00:00,51) [ksmd]
(root,0,0,00:00:00,52) [khugepaged]
(root,0,0,00:00:00,53) [crypto]
(root,0,0,00:00:00,54) [kintegrityd]
(root,0,0,00:00:00,55) [bioset]
(root,0,0,00:00:00,56) [kblockd]
(root,0,0,00:00:00,57) [ata_sff]
(root,0,0,00:00:00,58) [md]
(root,0,0,00:00:00,59) [devfreq_wq]
(root,0,0,00:00:00,64) [kswapd0]
(root,0,0,00:00:00,65) [vmstat]
(root,0,0,00:00:00,66) [fsnotify_mark]
(root,0,0,00:00:00,67) [ecryptfs-kthrea]
(root,0,0,00:00:00,83) [kthrotld]
(root,0,0,00:00:00,90) [acpi_thermal_pm]
(root,0,0,00:00:00,91) [bioset]
(root,0,0,00:00:00,92) [bioset]
(root,0,0,00:00:00,93) [bioset]
(root,0,0,00:00:00,94) [bioset]
(root,0,0,00:00:00,95) [bioset]
(root,0,0,00:00:00,96) [bioset]
(root,0,0,00:00:00,97) [bioset]
(root,0,0,00:00:00,98) [bioset]
(root,0,0,00:00:00,103) [ipv6_addrconf]
(root,0,0,00:00:00,117) [deferwq]
(root,0,0,00:00:00,118) [charger_manager]
(root,0,0,00:00:00,158) [kpsmoused]
(root,0,0,00:00:00,167) [scsi_eh_0]
(root,0,0,00:00:00,171) [scsi_tmf_0]
(root,0,0,00:00:00,174) [scsi_eh_1]
(root,0,0,00:00:00,175) [scsi_tmf_1]
(root,0,0,00:00:00,199) [ttm_swap]
(root,0,0,00:00:00,204) [bioset]
(root,0,0,00:00:00,210) [scsi_eh_2]
(root,0,0,00:00:00,211) [scsi_tmf_2]
(root,0,0,00:02:34,212) [usb-storage]
(root,0,0,00:00:00,213) [uas]
(root,0,0,00:00:00,214) [scsi_eh_3]
(root,0,0,00:00:00,215) [scsi_tmf_3]
(root,0,0,00:02:33,216) [usb-storage]
(root,0,0,00:00:00,246) [scsi_eh_4]
(root,0,0,00:00:00,247) [scsi_tmf_4]
(root,0,0,00:02:03,248) [usb-storage]
(root,0,0,00:00:00,287) [bioset]
(root,0,0,00:00:00,301) [raid5wq]
(root,0,0,00:00:00,304) [bioset]
(root,0,0,00:00:00,333) [bioset]
(root,0,0,00:00:00,359) [bioset]
(root,0,0,00:00:02,366) [kworker/0:1H]
(root,0,0,00:00:02,369) [kworker/2:1H]
(root,0,0,00:01:01,371) [jbd2/sda1-8]
(root,0,0,00:00:00,372) [ext4-rsv-conver]
(root,0,0,00:00:08,420) [kworker/7:1H]
(root,0,0,00:00:02,427) [kworker/4:1H]
(root,0,0,00:00:00,442) [kauditd]
(root,0,0,00:00:00,445) [iscsi_eh]
(root,0,0,00:00:03,451) [kworker/6:1H]
(root,0,0,00:00:02,454) [kworker/3:1H]
(root,0,0,00:00:02,455) [kworker/5:1H]
(root,35372,8108,00:26:37,460) /lib/systemd/systemd-journald
(root,0,0,00:00:00,465) [ib_addr]
(root,0,0,00:00:00,468) [ib_mcast]
(root,0,0,00:00:00,469) [ib_nl_sa_wq]
(root,0,0,00:00:00,472) [ib_cm]
(root,0,0,00:00:00,474) [iw_cm_wq]
(root,0,0,00:00:00,475) [rdma_cm]
(root,94768,1564,00:00:00,502) /sbin/lvmetad -f
(root,44964,4428,00:00:03,515) /lib/systemd/systemd-udevd
(root,0,0,00:00:06,534) [kworker/1:1H]
(systemd+,100320,2572,00:00:03,562) /lib/systemd/systemd-timesyncd
(root,0,0,00:00:00,722) [kvm-irqfd-clean]
(root,4392,1268,00:00:00,1082) /usr/sbin/acpid
(syslog,256388,4224,00:06:13,1084) /usr/sbin/rsyslogd -n
(root,30816,2800,00:00:09,1092) /usr/sbin/cron -f
(root,280044,6340,00:04:13,1105) /usr/lib/accountsservice/accounts-daemon
(message+,42900,3892,00:07:24,1107) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation
(root,28624,3152,00:02:28,1126) /lib/systemd/systemd-logind
(daemon,26040,2148,00:00:00,1129) /usr/sbin/atd -f
(root,235772,2192,00:00:45,1139) /usr/bin/lxcfs /var/lib/lxcfs/
(root,13368,164,00:00:00,1164) /sbin/mdadm --monitor --pid-file /run/mdadm/monitor.pid --daemonise --scan --syslog
(root,58208,4180,00:00:05,1166) lldpd: monitor
(root,5216,152,00:00:51,1218) /sbin/iscsid
(root,5716,3508,00:03:42,1219) /sbin/iscsid
(root,19568,2100,00:05:05,1367) /usr/sbin/irqbalance --pid=/var/run/irqbalance.pid
(root,14232,2164,00:03:21,1406) /usr/sbin/lldpad -d
(root,277084,6124,00:00:00,1425) /usr/lib/policykit-1/polkitd --no-debug
(root,65508,6420,00:02:59,1451) /usr/sbin/sshd -D
(root,15052,2164,00:00:12,1473) /usr/sbin/xinetd -pidfile /run/xinetd.pid -stayalive -inetd_compat -inetd_ipv6
(_lldpd,58208,2736,00:00:51,1489) lldpd: 2 neighbors
(root,154496,38700,00:02:05,1589) /usr/bin/ruby /usr/bin/puppet agent
(root,17772,1788,00:00:19,1647) /sbin/agetty --noclear tty1 linux
(root,52028,2964,00:00:00,5928) /usr/sbin/CRON -f
(root,4500,736,00:00:00,5933) /bin/sh -c /bin/bash /usr/local/bin/checklist.sh 1800 >> /var/log/status.log
(root,16528,3076,00:00:00,5937) /bin/bash /usr/local/bin/checklist.sh 1800
(root,9124,804,00:00:00,5949) sleep 1687
(root,0,0,00:00:00,7468) [kworker/1:2]
(root,0,0,00:00:00,10172) [kworker/0:1]
(root,0,0,00:00:00,10286) [kworker/5:2]
(root,0,0,00:00:00,10638) [kworker/3:0]
(root,0,0,00:00:00,10746) [kworker/1:1]
(root,0,0,00:00:00,10930) [kworker/u16:0]
(root,0,0,00:00:00,11432) [kworker/7:1]
(root,0,0,00:00:00,11865) [kworker/6:0]
(root,0,0,00:00:00,12561) [kworker/2:0]
(root,0,0,00:00:00,12791) [kworker/4:2]
(root,0,0,00:00:00,13223) [kworker/5:0]
(root,52028,2964,00:00:00,14027) /usr/sbin/CRON -f
(root,4500,844,00:00:00,14030) /bin/sh -c /bin/bash /usr/local/bin/checklist.sh 1800 >> /var/log/status.log
(root,16528,3056,00:00:00,14031) /bin/bash /usr/local/bin/checklist.sh 1800
(root,9124,676,00:00:00,14037) sleep 1189
(root,0,0,00:00:00,14507) [kworker/0:0]
(root,108184,2708,00:00:02,14607) /usr/bin/monit -c /etc/monit/monitrc
(root,0,0,00:00:00,14670) [kworker/u16:4]
(root,0,0,00:00:00,14839) [kworker/6:2]
(root,0,0,00:00:00,15093) [kworker/7:0]
(root,42028,6080,00:00:22,15098) /usr/sbin/openvpn --daemon ovpn-99 --status /run/openvpn/99.status 10 --cd /etc/openvpn --script-security 2 --config /etc/openvpn/99.conf --writepid /run/openvpn/99.pid
(root,0,0,00:00:00,15196) [kworker/3:2]
(root,0,0,00:00:00,15309) [kworker/2:1]
(root,0,0,00:00:00,15869) [kworker/4:1]
(root,0,0,00:00:00,16334) [kworker/1:0]
(root,0,0,00:00:00,17032) [kworker/u16:2]
(root,0,0,00:00:00,17698) [kworker/5:1]
(root,0,0,00:00:00,17955) [kworker/2:2]
(root,0,0,00:00:00,18054) [kworker/3:1]
(root,0,0,00:00:00,18170) [kworker/6:1]
(root,0,0,00:00:00,18728) [systemctl] <defunct>
(root,0,0,00:00:00,18729) [lookup.check.sh] <defunct>
(root,0,0,00:00:00,18850) [kworker/4:0]
(root,24928,3352,00:00:00,18926) /bin/bash /usr/bin/check_mk_agent
(root,34420,2928,00:00:00,18945) ps ax -o user,vsz,rss,cputime,pid,command --columns 10000
(root,13360,1084,00:00:00,18946) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4,\5) /
(chilli,33916,11096,20:26:33,19060) /usr/sbin/chilli --fg
(dnsmasq,56864,2704,00:01:48,22483) /usr/sbin/dnsmasq -x /run/dnsmasq/dnsmasq.pid -u dnsmasq -I lo -7 /etc/dnsmasq.d,.dpkg-dist,.dpkg-old,.dpkg-new --local-service --trust-anchor=.,19036,8,2,49aac11d7b6f6446702e54a1607371607a1a41855200fd2ce1cdde32f24e8fb5 --trust-anchor=.,20326,8,2,e06d44b80b8f1d39a95c0b0d7c65d08458e880409bbc683457104237c7f8ec8d
(root,0,0,00:00:00,26442) [kworker/u16:1]

Found on 2024-12-06 00:54

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcb0928f4f5d588c3c6d1d4d0fd5fda439867b7719c

Found public CheckMk agent:
Version: 1.2.6p12
AgentOS: linux
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
OnlyFrom: 

Found process list through CheckMk:
(root,185132,5660,02:31:01,1) /sbin/init
(root,0,0,00:00:03,2) [kthreadd]
(root,0,0,00:00:38,3) [ksoftirqd/0]
(root,0,0,00:00:00,5) [kworker/0:0H]
(root,0,0,00:31:12,7) [rcu_sched]
(root,0,0,00:00:00,8) [rcu_bh]
(root,0,0,00:00:30,9) [migration/0]
(root,0,0,00:00:07,10) [watchdog/0]
(root,0,0,00:00:06,11) [watchdog/1]
(root,0,0,00:00:29,12) [migration/1]
(root,0,0,00:01:13,13) [ksoftirqd/1]
(root,0,0,00:00:00,15) [kworker/1:0H]
(root,0,0,00:00:06,16) [watchdog/2]
(root,0,0,00:00:28,17) [migration/2]
(root,0,0,00:00:46,18) [ksoftirqd/2]
(root,0,0,00:00:00,20) [kworker/2:0H]
(root,0,0,00:00:05,21) [watchdog/3]
(root,0,0,00:00:28,22) [migration/3]
(root,0,0,00:00:45,23) [ksoftirqd/3]
(root,0,0,00:00:00,25) [kworker/3:0H]
(root,0,0,00:00:07,26) [watchdog/4]
(root,0,0,00:00:28,27) [migration/4]
(root,0,0,00:00:44,28) [ksoftirqd/4]
(root,0,0,00:00:00,30) [kworker/4:0H]
(root,0,0,00:00:05,31) [watchdog/5]
(root,0,0,00:00:29,32) [migration/5]
(root,0,0,00:00:43,33) [ksoftirqd/5]
(root,0,0,00:00:00,35) [kworker/5:0H]
(root,0,0,00:00:07,36) [watchdog/6]
(root,0,0,00:00:30,37) [migration/6]
(root,0,0,00:00:56,38) [ksoftirqd/6]
(root,0,0,00:00:00,40) [kworker/6:0H]
(root,0,0,00:00:05,41) [watchdog/7]
(root,0,0,00:00:30,42) [migration/7]
(root,0,0,00:01:01,43) [ksoftirqd/7]
(root,0,0,00:00:00,45) [kworker/7:0H]
(root,0,0,00:00:00,46) [kdevtmpfs]
(root,0,0,00:00:00,47) [netns]
(root,0,0,00:00:00,48) [perf]
(root,0,0,00:00:02,49) [khungtaskd]
(root,0,0,00:00:00,50) [writeback]
(root,0,0,00:00:00,51) [ksmd]
(root,0,0,00:00:00,52) [khugepaged]
(root,0,0,00:00:00,53) [crypto]
(root,0,0,00:00:00,54) [kintegrityd]
(root,0,0,00:00:00,55) [bioset]
(root,0,0,00:00:00,56) [kblockd]
(root,0,0,00:00:00,57) [ata_sff]
(root,0,0,00:00:00,58) [md]
(root,0,0,00:00:00,59) [devfreq_wq]
(root,0,0,00:00:00,64) [kswapd0]
(root,0,0,00:00:00,65) [vmstat]
(root,0,0,00:00:00,66) [fsnotify_mark]
(root,0,0,00:00:00,67) [ecryptfs-kthrea]
(root,0,0,00:00:00,83) [kthrotld]
(root,0,0,00:00:00,90) [acpi_thermal_pm]
(root,0,0,00:00:00,91) [bioset]
(root,0,0,00:00:00,92) [bioset]
(root,0,0,00:00:00,93) [bioset]
(root,0,0,00:00:00,94) [bioset]
(root,0,0,00:00:00,95) [bioset]
(root,0,0,00:00:00,96) [bioset]
(root,0,0,00:00:00,97) [bioset]
(root,0,0,00:00:00,98) [bioset]
(root,0,0,00:00:00,103) [ipv6_addrconf]
(root,0,0,00:00:00,117) [deferwq]
(root,0,0,00:00:00,118) [charger_manager]
(root,0,0,00:00:00,158) [kpsmoused]
(root,0,0,00:00:00,167) [scsi_eh_0]
(root,0,0,00:00:00,171) [scsi_tmf_0]
(root,0,0,00:00:00,174) [scsi_eh_1]
(root,0,0,00:00:00,175) [scsi_tmf_1]
(root,0,0,00:00:00,199) [ttm_swap]
(root,0,0,00:00:00,204) [bioset]
(root,0,0,00:00:00,210) [scsi_eh_2]
(root,0,0,00:00:00,211) [scsi_tmf_2]
(root,0,0,00:02:26,212) [usb-storage]
(root,0,0,00:00:00,213) [uas]
(root,0,0,00:00:00,214) [scsi_eh_3]
(root,0,0,00:00:00,215) [scsi_tmf_3]
(root,0,0,00:02:25,216) [usb-storage]
(root,0,0,00:00:00,246) [scsi_eh_4]
(root,0,0,00:00:00,247) [scsi_tmf_4]
(root,0,0,00:01:57,248) [usb-storage]
(root,0,0,00:00:00,287) [bioset]
(root,0,0,00:00:00,301) [raid5wq]
(root,0,0,00:00:00,304) [bioset]
(root,0,0,00:00:00,333) [bioset]
(root,0,0,00:00:00,359) [bioset]
(root,0,0,00:00:02,366) [kworker/0:1H]
(root,0,0,00:00:02,369) [kworker/2:1H]
(root,0,0,00:00:58,371) [jbd2/sda1-8]
(root,0,0,00:00:00,372) [ext4-rsv-conver]
(root,0,0,00:00:08,420) [kworker/7:1H]
(root,0,0,00:00:02,427) [kworker/4:1H]
(root,0,0,00:00:00,442) [kauditd]
(root,0,0,00:00:00,445) [iscsi_eh]
(root,0,0,00:00:03,451) [kworker/6:1H]
(root,0,0,00:00:02,454) [kworker/3:1H]
(root,0,0,00:00:02,455) [kworker/5:1H]
(root,35372,3992,00:25:11,460) /lib/systemd/systemd-journald
(root,0,0,00:00:00,465) [ib_addr]
(root,0,0,00:00:00,468) [ib_mcast]
(root,0,0,00:00:00,469) [ib_nl_sa_wq]
(root,0,0,00:00:00,472) [ib_cm]
(root,0,0,00:00:00,474) [iw_cm_wq]
(root,0,0,00:00:00,475) [rdma_cm]
(root,94768,1564,00:00:00,502) /sbin/lvmetad -f
(root,44964,4428,00:00:03,515) /lib/systemd/systemd-udevd
(root,0,0,00:00:06,534) [kworker/1:1H]
(systemd+,100320,2572,00:00:02,562) /lib/systemd/systemd-timesyncd
(root,0,0,00:00:00,722) [kvm-irqfd-clean]
(root,0,0,00:00:00,972) [kworker/u16:2]
(root,4392,1268,00:00:00,1082) /usr/sbin/acpid
(syslog,256388,4224,00:05:53,1084) /usr/sbin/rsyslogd -n
(root,30816,2800,00:00:08,1092) /usr/sbin/cron -f
(root,280044,6340,00:04:00,1105) /usr/lib/accountsservice/accounts-daemon
(message+,42900,3892,00:07:01,1107) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation
(root,28624,3152,00:02:20,1126) /lib/systemd/systemd-logind
(daemon,26040,2148,00:00:00,1129) /usr/sbin/atd -f
(root,235772,2192,00:00:43,1139) /usr/bin/lxcfs /var/lib/lxcfs/
(root,13368,164,00:00:00,1164) /sbin/mdadm --monitor --pid-file /run/mdadm/monitor.pid --daemonise --scan --syslog
(root,58208,4180,00:00:04,1166) lldpd: monitor
(root,5216,152,00:00:48,1218) /sbin/iscsid
(root,5716,3508,00:03:31,1219) /sbin/iscsid
(root,19568,2100,00:04:49,1367) /usr/sbin/irqbalance --pid=/var/run/irqbalance.pid
(root,14232,2164,00:03:10,1406) /usr/sbin/lldpad -d
(root,277084,6124,00:00:00,1425) /usr/lib/policykit-1/polkitd --no-debug
(root,65508,6420,00:02:51,1451) /usr/sbin/sshd -D
(root,15052,2164,00:00:11,1473) /usr/sbin/xinetd -pidfile /run/xinetd.pid -stayalive -inetd_compat -inetd_ipv6
(_lldpd,58208,2736,00:00:49,1489) lldpd: 2 neighbors
(root,154496,38700,00:01:59,1589) /usr/bin/ruby /usr/bin/puppet agent
(root,17772,1788,00:00:19,1647) /sbin/agetty --noclear tty1 linux
(root,108184,2732,00:00:01,1837) /usr/bin/monit -c /etc/monit/monitrc
(root,42028,6080,00:00:07,15098) /usr/sbin/openvpn --daemon ovpn-99 --status /run/openvpn/99.status 10 --cd /etc/openvpn --script-security 2 --config /etc/openvpn/99.conf --writepid /run/openvpn/99.pid
(root,0,0,00:00:00,18798) [kworker/2:1]
(chilli,33916,11096,19:16:38,19060) /usr/sbin/chilli --fg
(root,0,0,00:00:00,22050) [kworker/0:1]
(root,0,0,00:00:01,22481) [kworker/u16:1]
(dnsmasq,56864,2704,00:00:14,22483) /usr/sbin/dnsmasq -x /run/dnsmasq/dnsmasq.pid -u dnsmasq -I lo -7 /etc/dnsmasq.d,.dpkg-dist,.dpkg-old,.dpkg-new --local-service --trust-anchor=.,19036,8,2,49aac11d7b6f6446702e54a1607371607a1a41855200fd2ce1cdde32f24e8fb5 --trust-anchor=.,20326,8,2,e06d44b80b8f1d39a95c0b0d7c65d08458e880409bbc683457104237c7f8ec8d
(root,0,0,00:00:00,22835) [kworker/5:0]
(root,0,0,00:00:00,22943) [kworker/4:0]
(root,0,0,00:00:00,23265) [kworker/3:2]
(root,0,0,00:00:00,24046) [kworker/7:1]
(root,0,0,00:00:00,24281) [kworker/1:1]
(root,0,0,00:00:00,24737) [kworker/6:2]
(root,52028,2964,00:00:00,24801) /usr/sbin/CRON -f
(root,4500,676,00:00:00,24807) /bin/sh -c /bin/bash /usr/local/bin/checklist.sh 1800 >> /var/log/status.log
(root,16528,2904,00:00:00,24811) /bin/bash /usr/local/bin/checklist.sh 1800
(root,9124,636,00:00:00,24822) sleep 1703
(root,0,0,00:00:00,25820) [kworker/4:2]
(root,0,0,00:00:00,26065) [kworker/2:0]
(root,0,0,00:00:00,26750) [kworker/5:2]
(root,0,0,00:00:00,26876) [kworker/7:2]
(root,0,0,00:00:00,26991) [kworker/3:0]
(root,0,0,00:00:00,27568) [kworker/1:2]
(root,0,0,00:00:00,27932) [kworker/6:0]
(root,0,0,00:00:00,28830) [kworker/0:2]
(root,0,0,00:00:00,29035) [kworker/4:1]
(root,0,0,00:00:00,30223) [kworker/5:1]
(root,0,0,00:00:00,30804) [kworker/u16:0]
(root,0,0,00:00:00,30914) [kworker/3:1]
(root,65508,6100,00:00:00,31134) sshd: [accepted]
(root,0,0,00:00:00,31369) [kworker/6:1]
(root,0,0,00:00:00,31499) [systemctl] <defunct>
(root,0,0,00:00:00,31500) [lookup.check.sh] <defunct>
(root,92676,6708,00:00:00,31619) sshd: root [priv]
(sshd,65508,3160,00:00:00,31620) sshd: root [net]
(root,92676,6564,00:00:00,31625) sshd: unknown [priv]
(sshd,65508,3216,00:00:00,31626) sshd: unknown [net]
(root,24928,3444,00:00:00,31691) /bin/bash /usr/bin/check_mk_agent
(root,34420,2928,00:00:00,31710) ps ax -o user,vsz,rss,cputime,pid,command --columns 10000
(root,13360,1080,00:00:00,31711) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4,\5) /

Found on 2024-12-04 00:42

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcb0928f4f5d588c3c6d1d4d0fd5fda43989222a923

Found public CheckMk agent:
Version: 1.2.6p12
AgentOS: linux
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
OnlyFrom: 

Found process list through CheckMk:
(root,185136,5664,02:22:50,1) /sbin/init
(root,0,0,00:00:03,2) [kthreadd]
(root,0,0,00:00:36,3) [ksoftirqd/0]
(root,0,0,00:00:00,5) [kworker/0:0H]
(root,0,0,00:29:13,7) [rcu_sched]
(root,0,0,00:00:00,8) [rcu_bh]
(root,0,0,00:00:28,9) [migration/0]
(root,0,0,00:00:06,10) [watchdog/0]
(root,0,0,00:00:06,11) [watchdog/1]
(root,0,0,00:00:28,12) [migration/1]
(root,0,0,00:01:08,13) [ksoftirqd/1]
(root,0,0,00:00:00,15) [kworker/1:0H]
(root,0,0,00:00:06,16) [watchdog/2]
(root,0,0,00:00:26,17) [migration/2]
(root,0,0,00:00:43,18) [ksoftirqd/2]
(root,0,0,00:00:00,20) [kworker/2:0H]
(root,0,0,00:00:05,21) [watchdog/3]
(root,0,0,00:00:27,22) [migration/3]
(root,0,0,00:00:42,23) [ksoftirqd/3]
(root,0,0,00:00:00,25) [kworker/3:0H]
(root,0,0,00:00:06,26) [watchdog/4]
(root,0,0,00:00:27,27) [migration/4]
(root,0,0,00:00:41,28) [ksoftirqd/4]
(root,0,0,00:00:00,30) [kworker/4:0H]
(root,0,0,00:00:05,31) [watchdog/5]
(root,0,0,00:00:27,32) [migration/5]
(root,0,0,00:00:40,33) [ksoftirqd/5]
(root,0,0,00:00:00,35) [kworker/5:0H]
(root,0,0,00:00:06,36) [watchdog/6]
(root,0,0,00:00:28,37) [migration/6]
(root,0,0,00:00:52,38) [ksoftirqd/6]
(root,0,0,00:00:00,40) [kworker/6:0H]
(root,0,0,00:00:05,41) [watchdog/7]
(root,0,0,00:00:28,42) [migration/7]
(root,0,0,00:00:58,43) [ksoftirqd/7]
(root,0,0,00:00:00,45) [kworker/7:0H]
(root,0,0,00:00:00,46) [kdevtmpfs]
(root,0,0,00:00:00,47) [netns]
(root,0,0,00:00:00,48) [perf]
(root,0,0,00:00:02,49) [khungtaskd]
(root,0,0,00:00:00,50) [writeback]
(root,0,0,00:00:00,51) [ksmd]
(root,0,0,00:00:00,52) [khugepaged]
(root,0,0,00:00:00,53) [crypto]
(root,0,0,00:00:00,54) [kintegrityd]
(root,0,0,00:00:00,55) [bioset]
(root,0,0,00:00:00,56) [kblockd]
(root,0,0,00:00:00,57) [ata_sff]
(root,0,0,00:00:00,58) [md]
(root,0,0,00:00:00,59) [devfreq_wq]
(root,0,0,00:00:00,64) [kswapd0]
(root,0,0,00:00:00,65) [vmstat]
(root,0,0,00:00:00,66) [fsnotify_mark]
(root,0,0,00:00:00,67) [ecryptfs-kthrea]
(root,0,0,00:00:00,83) [kthrotld]
(root,0,0,00:00:00,90) [acpi_thermal_pm]
(root,0,0,00:00:00,91) [bioset]
(root,0,0,00:00:00,92) [bioset]
(root,0,0,00:00:00,93) [bioset]
(root,0,0,00:00:00,94) [bioset]
(root,0,0,00:00:00,95) [bioset]
(root,0,0,00:00:00,96) [bioset]
(root,0,0,00:00:00,97) [bioset]
(root,0,0,00:00:00,98) [bioset]
(root,0,0,00:00:00,103) [ipv6_addrconf]
(root,0,0,00:00:00,117) [deferwq]
(root,0,0,00:00:00,118) [charger_manager]
(root,0,0,00:00:00,158) [kpsmoused]
(root,0,0,00:00:00,167) [scsi_eh_0]
(root,0,0,00:00:00,171) [scsi_tmf_0]
(root,0,0,00:00:00,174) [scsi_eh_1]
(root,0,0,00:00:00,175) [scsi_tmf_1]
(root,0,0,00:00:00,199) [ttm_swap]
(root,0,0,00:00:00,204) [bioset]
(root,0,0,00:00:00,210) [scsi_eh_2]
(root,0,0,00:00:00,211) [scsi_tmf_2]
(root,0,0,00:02:18,212) [usb-storage]
(root,0,0,00:00:00,213) [uas]
(root,0,0,00:00:00,214) [scsi_eh_3]
(root,0,0,00:00:00,215) [scsi_tmf_3]
(root,0,0,00:02:17,216) [usb-storage]
(root,0,0,00:00:00,246) [scsi_eh_4]
(root,0,0,00:00:00,247) [scsi_tmf_4]
(root,0,0,00:01:50,248) [usb-storage]
(root,0,0,00:00:00,287) [bioset]
(root,0,0,00:00:00,301) [raid5wq]
(root,0,0,00:00:00,304) [bioset]
(root,0,0,00:00:00,333) [bioset]
(root,0,0,00:00:00,359) [bioset]
(root,0,0,00:00:02,366) [kworker/0:1H]
(root,0,0,00:00:02,369) [kworker/2:1H]
(root,0,0,00:00:54,371) [jbd2/sda1-8]
(root,0,0,00:00:00,372) [ext4-rsv-conver]
(root,0,0,00:00:08,420) [kworker/7:1H]
(root,0,0,00:00:02,427) [kworker/4:1H]
(root,0,0,00:00:00,442) [kauditd]
(root,0,0,00:00:00,445) [iscsi_eh]
(root,0,0,00:00:02,451) [kworker/6:1H]
(root,0,0,00:00:02,454) [kworker/3:1H]
(root,0,0,00:00:02,455) [kworker/5:1H]
(root,35372,3556,00:23:38,460) /lib/systemd/systemd-journald
(root,0,0,00:00:00,465) [ib_addr]
(root,0,0,00:00:00,468) [ib_mcast]
(root,0,0,00:00:00,469) [ib_nl_sa_wq]
(root,0,0,00:00:00,472) [ib_cm]
(root,0,0,00:00:00,474) [iw_cm_wq]
(root,0,0,00:00:00,475) [rdma_cm]
(root,94768,1564,00:00:00,502) /sbin/lvmetad -f
(root,44964,4428,00:00:02,515) /lib/systemd/systemd-udevd
(root,0,0,00:00:05,534) [kworker/1:1H]
(systemd+,100320,2572,00:00:02,562) /lib/systemd/systemd-timesyncd
(root,0,0,00:00:00,671) [kworker/6:1]
(root,0,0,00:00:00,722) [kvm-irqfd-clean]
(root,4392,1268,00:00:00,1082) /usr/sbin/acpid
(syslog,256388,4224,00:05:32,1084) /usr/sbin/rsyslogd -n
(root,30816,2800,00:00:08,1092) /usr/sbin/cron -f
(root,280044,6340,00:03:46,1105) /usr/lib/accountsservice/accounts-daemon
(message+,42900,3892,00:06:38,1107) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation
(root,28624,3152,00:02:12,1126) /lib/systemd/systemd-logind
(daemon,26040,2148,00:00:00,1129) /usr/sbin/atd -f
(root,235772,2192,00:00:40,1139) /usr/bin/lxcfs /var/lib/lxcfs/
(root,13368,164,00:00:00,1164) /sbin/mdadm --monitor --pid-file /run/mdadm/monitor.pid --daemonise --scan --syslog
(root,58208,4180,00:00:04,1166) lldpd: monitor
(root,5216,152,00:00:46,1218) /sbin/iscsid
(root,5716,3508,00:03:19,1219) /sbin/iscsid
(root,0,0,00:00:00,1347) [kworker/4:0]
(root,19568,2100,00:04:33,1367) /usr/sbin/irqbalance --pid=/var/run/irqbalance.pid
(root,14232,2164,00:03:00,1406) /usr/sbin/lldpad -d
(root,277084,6124,00:00:00,1425) /usr/lib/policykit-1/polkitd --no-debug
(root,65508,6420,00:02:41,1451) /usr/sbin/sshd -D
(root,15052,2164,00:00:11,1473) /usr/sbin/xinetd -pidfile /run/xinetd.pid -stayalive -inetd_compat -inetd_ipv6
(_lldpd,58208,2736,00:00:46,1489) lldpd: 2 neighbors
(root,154496,38700,00:01:52,1589) /usr/bin/ruby /usr/bin/puppet agent
(root,17772,1788,00:00:19,1647) /sbin/agetty --noclear tty1 linux
(root,0,0,00:00:00,1811) [kworker/7:2]
(root,0,0,00:00:00,2287) [kworker/0:0]
(root,0,0,00:00:00,2694) [kworker/1:1]
(root,0,0,00:00:00,3280) [kworker/5:0]
(root,52028,2964,00:00:00,3568) /usr/sbin/CRON -f
(root,4500,688,00:00:00,3573) /bin/sh -c /bin/bash /usr/local/bin/checklist.sh 1800 >> /var/log/status.log
(root,16528,2980,00:00:00,3576) /bin/bash /usr/local/bin/checklist.sh 1800
(root,9124,640,00:00:00,3582) sleep 932
(root,0,0,00:00:00,3748) [kworker/2:0]
(root,0,0,00:00:00,4309) [kworker/3:1]
(root,0,0,00:00:00,5010) [kworker/4:1]
(root,0,0,00:00:00,5219) [kworker/6:2]
(root,0,0,00:00:00,5668) [kworker/7:0]
(root,0,0,00:00:00,5832) [kworker/u16:1]
(root,0,0,00:00:00,5902) [kworker/0:1]
(root,0,0,00:00:00,6254) [kworker/1:0]
(root,0,0,00:00:00,6817) [kworker/5:2]
(root,0,0,00:00:00,7503) [kworker/3:0]
(root,0,0,00:00:00,7932) [kworker/2:2]
(root,0,0,00:00:00,8732) [kworker/7:1]
(root,0,0,00:00:00,8970) [kworker/6:0]
(root,0,0,00:00:00,9312) [kworker/1:2]
(root,0,0,00:00:00,9326) [kworker/u16:2]
(root,0,0,00:00:00,10027) [kworker/5:1]
(root,0,0,00:00:00,10398) [systemctl] <defunct>
(root,0,0,00:00:00,10399) [lookup.check.sh] <defunct>
(root,92676,6712,00:00:00,10415) sshd: unknown [priv]
(sshd,65508,3160,00:00:00,10416) sshd: unknown [net]
(root,24928,3236,00:00:00,10690) /bin/bash /usr/bin/check_mk_agent
(root,34420,2912,00:00:00,10709) ps ax -o user,vsz,rss,cputime,pid,command --columns 10000
(root,13360,1088,00:00:00,10710) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4,\5) /
(root,0,0,00:00:00,13682) [kworker/u16:4]
(chilli,33916,11096,17:59:20,19060) /usr/sbin/chilli --fg
(dnsmasq,56996,2848,00:03:54,19755) /usr/sbin/dnsmasq -x /run/dnsmasq/dnsmasq.pid -u dnsmasq -I lo -7 /etc/dnsmasq.d,.dpkg-dist,.dpkg-old,.dpkg-new --local-service --trust-anchor=.,19036,8,2,49aac11d7b6f6446702e54a1607371607a1a41855200fd2ce1cdde32f24e8fb5 --trust-anchor=.,20326,8,2,e06d44b80b8f1d39a95c0b0d7c65d08458e880409bbc683457104237c7f8ec8d
(root,108184,2784,00:00:03,21623) /usr/bin/monit -c /etc/monit/monitrc
(root,42028,6144,00:02:12,25510) /usr/sbin/openvpn --daemon ovpn-99 --status /run/openvpn/99.status 10 --cd /etc/openvpn --script-security 2 --config /etc/openvpn/99.conf --writepid /run/openvpn/99.pid
(root,0,0,00:00:00,27491) [kworker/u16:0]
(root,0,0,00:00:00,29105) [kworker/2:1]

Found on 2024-12-02 01:27

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcb0928f4f5d588c3c6d1d4d0fd5fda4398f93d995e

Found public CheckMk agent:
Version: 1.2.6p12
AgentOS: linux
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
OnlyFrom: 

Found process list through CheckMk:
(root,185128,5656,02:14:29,1) /sbin/init
(root,0,0,00:00:03,2) [kthreadd]
(root,0,0,00:00:34,3) [ksoftirqd/0]
(root,0,0,00:00:00,5) [kworker/0:0H]
(root,0,0,00:27:30,7) [rcu_sched]
(root,0,0,00:00:00,8) [rcu_bh]
(root,0,0,00:00:26,9) [migration/0]
(root,0,0,00:00:06,10) [watchdog/0]
(root,0,0,00:00:05,11) [watchdog/1]
(root,0,0,00:00:26,12) [migration/1]
(root,0,0,00:01:04,13) [ksoftirqd/1]
(root,0,0,00:00:00,15) [kworker/1:0H]
(root,0,0,00:00:06,16) [watchdog/2]
(root,0,0,00:00:25,17) [migration/2]
(root,0,0,00:00:40,18) [ksoftirqd/2]
(root,0,0,00:00:00,20) [kworker/2:0H]
(root,0,0,00:00:05,21) [watchdog/3]
(root,0,0,00:00:25,22) [migration/3]
(root,0,0,00:00:40,23) [ksoftirqd/3]
(root,0,0,00:00:00,25) [kworker/3:0H]
(root,0,0,00:00:06,26) [watchdog/4]
(root,0,0,00:00:25,27) [migration/4]
(root,0,0,00:00:38,28) [ksoftirqd/4]
(root,0,0,00:00:00,30) [kworker/4:0H]
(root,0,0,00:00:05,31) [watchdog/5]
(root,0,0,00:00:25,32) [migration/5]
(root,0,0,00:00:38,33) [ksoftirqd/5]
(root,0,0,00:00:00,35) [kworker/5:0H]
(root,0,0,00:00:06,36) [watchdog/6]
(root,0,0,00:00:27,37) [migration/6]
(root,0,0,00:00:49,38) [ksoftirqd/6]
(root,0,0,00:00:00,40) [kworker/6:0H]
(root,0,0,00:00:05,41) [watchdog/7]
(root,0,0,00:00:27,42) [migration/7]
(root,0,0,00:00:54,43) [ksoftirqd/7]
(root,0,0,00:00:00,45) [kworker/7:0H]
(root,0,0,00:00:00,46) [kdevtmpfs]
(root,0,0,00:00:00,47) [netns]
(root,0,0,00:00:00,48) [perf]
(root,0,0,00:00:02,49) [khungtaskd]
(root,0,0,00:00:00,50) [writeback]
(root,0,0,00:00:00,51) [ksmd]
(root,0,0,00:00:00,52) [khugepaged]
(root,0,0,00:00:00,53) [crypto]
(root,0,0,00:00:00,54) [kintegrityd]
(root,0,0,00:00:00,55) [bioset]
(root,0,0,00:00:00,56) [kblockd]
(root,0,0,00:00:00,57) [ata_sff]
(root,0,0,00:00:00,58) [md]
(root,0,0,00:00:00,59) [devfreq_wq]
(root,0,0,00:00:00,64) [kswapd0]
(root,0,0,00:00:00,65) [vmstat]
(root,0,0,00:00:00,66) [fsnotify_mark]
(root,0,0,00:00:00,67) [ecryptfs-kthrea]
(root,0,0,00:00:00,83) [kthrotld]
(root,0,0,00:00:00,90) [acpi_thermal_pm]
(root,0,0,00:00:00,91) [bioset]
(root,0,0,00:00:00,92) [bioset]
(root,0,0,00:00:00,93) [bioset]
(root,0,0,00:00:00,94) [bioset]
(root,0,0,00:00:00,95) [bioset]
(root,0,0,00:00:00,96) [bioset]
(root,0,0,00:00:00,97) [bioset]
(root,0,0,00:00:00,98) [bioset]
(root,0,0,00:00:00,103) [ipv6_addrconf]
(root,0,0,00:00:00,117) [deferwq]
(root,0,0,00:00:00,118) [charger_manager]
(root,0,0,00:00:00,158) [kpsmoused]
(root,0,0,00:00:00,167) [scsi_eh_0]
(root,0,0,00:00:00,171) [scsi_tmf_0]
(root,0,0,00:00:00,174) [scsi_eh_1]
(root,0,0,00:00:00,175) [scsi_tmf_1]
(root,0,0,00:00:00,199) [ttm_swap]
(root,0,0,00:00:00,204) [bioset]
(root,0,0,00:00:00,210) [scsi_eh_2]
(root,0,0,00:00:00,211) [scsi_tmf_2]
(root,0,0,00:02:10,212) [usb-storage]
(root,0,0,00:00:00,213) [uas]
(root,0,0,00:00:00,214) [scsi_eh_3]
(root,0,0,00:00:00,215) [scsi_tmf_3]
(root,0,0,00:02:09,216) [usb-storage]
(root,0,0,00:00:00,246) [scsi_eh_4]
(root,0,0,00:00:00,247) [scsi_tmf_4]
(root,0,0,00:01:44,248) [usb-storage]
(root,0,0,00:00:00,287) [bioset]
(root,0,0,00:00:00,301) [raid5wq]
(root,0,0,00:00:00,304) [bioset]
(root,0,0,00:00:00,333) [bioset]
(root,0,0,00:00:00,359) [bioset]
(root,0,0,00:00:02,366) [kworker/0:1H]
(root,0,0,00:00:02,369) [kworker/2:1H]
(root,0,0,00:00:51,371) [jbd2/sda1-8]
(root,0,0,00:00:00,372) [ext4-rsv-conver]
(root,0,0,00:00:07,420) [kworker/7:1H]
(root,0,0,00:00:02,427) [kworker/4:1H]
(root,0,0,00:00:00,442) [kauditd]
(root,0,0,00:00:00,445) [iscsi_eh]
(root,0,0,00:00:02,451) [kworker/6:1H]
(root,0,0,00:00:02,454) [kworker/3:1H]
(root,0,0,00:00:02,455) [kworker/5:1H]
(root,35372,6600,00:22:25,460) /lib/systemd/systemd-journald
(root,0,0,00:00:00,465) [ib_addr]
(root,0,0,00:00:00,468) [ib_mcast]
(root,0,0,00:00:00,469) [ib_nl_sa_wq]
(root,0,0,00:00:00,472) [ib_cm]
(root,0,0,00:00:00,474) [iw_cm_wq]
(root,0,0,00:00:00,475) [rdma_cm]
(root,94768,1564,00:00:00,502) /sbin/lvmetad -f
(root,44964,4428,00:00:02,515) /lib/systemd/systemd-udevd
(root,0,0,00:00:05,534) [kworker/1:1H]
(systemd+,100320,2572,00:00:02,562) /lib/systemd/systemd-timesyncd
(root,0,0,00:00:00,722) [kvm-irqfd-clean]
(root,0,0,00:00:00,856) [kworker/u16:1]
(root,4392,1268,00:00:00,1082) /usr/sbin/acpid
(syslog,256388,4224,00:05:15,1084) /usr/sbin/rsyslogd -n
(root,30816,2800,00:00:07,1092) /usr/sbin/cron -f
(root,280044,6340,00:03:34,1105) /usr/lib/accountsservice/accounts-daemon
(message+,42900,3892,00:06:15,1107) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation
(root,28624,3152,00:02:05,1126) /lib/systemd/systemd-logind
(daemon,26040,2148,00:00:00,1129) /usr/sbin/atd -f
(root,235772,2192,00:00:38,1139) /usr/bin/lxcfs /var/lib/lxcfs/
(root,13368,164,00:00:00,1164) /sbin/mdadm --monitor --pid-file /run/mdadm/monitor.pid --daemonise --scan --syslog
(root,58208,4180,00:00:04,1166) lldpd: monitor
(root,5216,152,00:00:43,1218) /sbin/iscsid
(root,5716,3508,00:03:07,1219) /sbin/iscsid
(root,19568,2100,00:04:17,1367) /usr/sbin/irqbalance --pid=/var/run/irqbalance.pid
(root,14232,2164,00:02:49,1406) /usr/sbin/lldpad -d
(root,277084,6124,00:00:00,1425) /usr/lib/policykit-1/polkitd --no-debug
(root,65508,6420,00:02:33,1451) /usr/sbin/sshd -D
(root,15052,2164,00:00:10,1473) /usr/sbin/xinetd -pidfile /run/xinetd.pid -stayalive -inetd_compat -inetd_ipv6
(_lldpd,58208,2736,00:00:43,1489) lldpd: 2 neighbors
(root,154496,38700,00:01:46,1589) /usr/bin/ruby /usr/bin/puppet agent
(root,17772,1788,00:00:19,1647) /sbin/agetty --noclear tty1 linux
(root,0,0,00:00:01,6523) [kworker/u16:2]
(root,0,0,00:00:00,9406) [kworker/3:0]
(root,0,0,00:00:00,10536) [kworker/5:1]
(root,52028,2964,00:00:00,12358) /usr/sbin/CRON -f
(root,4500,692,00:00:00,12361) /bin/sh -c /bin/bash /usr/local/bin/checklist.sh 1800 >> /var/log/status.log
(root,16528,2984,00:00:00,12363) /bin/bash /usr/local/bin/checklist.sh 1800
(root,9124,664,00:00:00,12368) sleep 1467
(root,0,0,00:00:00,12437) [kworker/7:1]
(root,0,0,00:00:00,12542) [kworker/4:0]
(root,108184,2792,00:00:02,13429) /usr/bin/monit -c /etc/monit/monitrc
(root,0,0,00:00:00,13666) [kworker/1:0]
(root,0,0,00:00:00,13879) [kworker/6:2]
(root,0,0,00:00:00,14120) [kworker/0:2]
(root,0,0,00:00:00,15016) [kworker/2:0]
(root,0,0,00:00:00,15135) [kworker/5:2]
(root,0,0,00:00:00,16711) [kworker/6:0]
(root,0,0,00:00:00,16821) [kworker/3:1]
(root,0,0,00:00:00,16944) [kworker/7:2]
(root,0,0,00:00:00,17147) [kworker/0:1]
(root,0,0,00:00:00,17378) [kworker/1:2]
(root,0,0,00:00:00,17724) [kworker/2:1]
(root,0,0,00:00:00,17950) [kworker/4:1]
(chilli,33916,11096,16:44:10,19060) /usr/sbin/chilli --fg
(root,0,0,00:00:00,19502) [kworker/5:0]
(dnsmasq,56996,2848,00:02:35,19755) /usr/sbin/dnsmasq -x /run/dnsmasq/dnsmasq.pid -u dnsmasq -I lo -7 /etc/dnsmasq.d,.dpkg-dist,.dpkg-old,.dpkg-new --local-service --trust-anchor=.,19036,8,2,49aac11d7b6f6446702e54a1607371607a1a41855200fd2ce1cdde32f24e8fb5 --trust-anchor=.,20326,8,2,e06d44b80b8f1d39a95c0b0d7c65d08458e880409bbc683457104237c7f8ec8d
(root,0,0,00:00:00,19849) [kworker/7:0]
(root,0,0,00:00:00,20173) [kworker/0:0]
(root,52028,2964,00:00:00,20248) /usr/sbin/CRON -f
(root,4500,712,00:00:00,20253) /bin/sh -c /bin/bash /usr/local/bin/checklist.sh 1800 >> /var/log/status.log
(root,16528,3136,00:00:00,20259) /bin/bash /usr/local/bin/checklist.sh 1800
(root,9124,700,00:00:00,20279) sleep 750
(root,0,0,00:00:00,20447) [kworker/3:2]
(root,0,0,00:00:00,20568) [kworker/1:1]
(root,0,0,00:00:00,20842) [kworker/u16:0]
(root,0,0,00:00:00,20896) [kworker/6:1]
(root,0,0,00:00:00,21797) [kworker/2:2]
(root,0,0,00:00:00,21913) [systemctl] <defunct>
(root,0,0,00:00:00,21916) [lookup.check.sh] <defunct>
(root,24928,3220,00:00:00,21972) /bin/bash /usr/bin/check_mk_agent
(root,34420,2932,00:00:00,21991) ps ax -o user,vsz,rss,cputime,pid,command --columns 10000
(root,13360,1160,00:00:00,21992) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4,\5) /
(root,42028,6144,00:01:57,25510) /usr/sbin/openvpn --daemon ovpn-99 --status /run/openvpn/99.status 10 --cd /etc/openvpn --script-security 2 --config /etc/openvpn/99.conf --writepid /run/openvpn/99.pid
(root,0,0,00:00:00,32386) [kworker/u16:3]

Found on 2024-11-30 01:03

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcb0928f4f5d588c3c6d1d4d0fd5fda4398d401d725

Found public CheckMk agent:
Version: 1.2.6p12
AgentOS: linux
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
OnlyFrom: 

Found process list through CheckMk:
(root,185128,5652,02:06:11,1) /sbin/init
(root,0,0,00:00:02,2) [kthreadd]
(root,0,0,00:00:32,3) [ksoftirqd/0]
(root,0,0,00:00:00,5) [kworker/0:0H]
(root,0,0,00:25:26,7) [rcu_sched]
(root,0,0,00:00:00,8) [rcu_bh]
(root,0,0,00:00:25,9) [migration/0]
(root,0,0,00:00:06,10) [watchdog/0]
(root,0,0,00:00:05,11) [watchdog/1]
(root,0,0,00:00:25,12) [migration/1]
(root,0,0,00:00:59,13) [ksoftirqd/1]
(root,0,0,00:00:00,15) [kworker/1:0H]
(root,0,0,00:00:05,16) [watchdog/2]
(root,0,0,00:00:23,17) [migration/2]
(root,0,0,00:00:37,18) [ksoftirqd/2]
(root,0,0,00:00:00,20) [kworker/2:0H]
(root,0,0,00:00:04,21) [watchdog/3]
(root,0,0,00:00:23,22) [migration/3]
(root,0,0,00:00:37,23) [ksoftirqd/3]
(root,0,0,00:00:00,25) [kworker/3:0H]
(root,0,0,00:00:05,26) [watchdog/4]
(root,0,0,00:00:24,27) [migration/4]
(root,0,0,00:00:36,28) [ksoftirqd/4]
(root,0,0,00:00:00,30) [kworker/4:0H]
(root,0,0,00:00:04,31) [watchdog/5]
(root,0,0,00:00:24,32) [migration/5]
(root,0,0,00:00:35,33) [ksoftirqd/5]
(root,0,0,00:00:00,35) [kworker/5:0H]
(root,0,0,00:00:05,36) [watchdog/6]
(root,0,0,00:00:25,37) [migration/6]
(root,0,0,00:00:45,38) [ksoftirqd/6]
(root,0,0,00:00:00,40) [kworker/6:0H]
(root,0,0,00:00:04,41) [watchdog/7]
(root,0,0,00:00:25,42) [migration/7]
(root,0,0,00:00:50,43) [ksoftirqd/7]
(root,0,0,00:00:00,45) [kworker/7:0H]
(root,0,0,00:00:00,46) [kdevtmpfs]
(root,0,0,00:00:00,47) [netns]
(root,0,0,00:00:00,48) [perf]
(root,0,0,00:00:01,49) [khungtaskd]
(root,0,0,00:00:00,50) [writeback]
(root,0,0,00:00:00,51) [ksmd]
(root,0,0,00:00:00,52) [khugepaged]
(root,0,0,00:00:00,53) [crypto]
(root,0,0,00:00:00,54) [kintegrityd]
(root,0,0,00:00:00,55) [bioset]
(root,0,0,00:00:00,56) [kblockd]
(root,0,0,00:00:00,57) [ata_sff]
(root,0,0,00:00:00,58) [md]
(root,0,0,00:00:00,59) [devfreq_wq]
(root,0,0,00:00:00,64) [kswapd0]
(root,0,0,00:00:00,65) [vmstat]
(root,0,0,00:00:00,66) [fsnotify_mark]
(root,0,0,00:00:00,67) [ecryptfs-kthrea]
(root,0,0,00:00:00,83) [kthrotld]
(root,0,0,00:00:00,90) [acpi_thermal_pm]
(root,0,0,00:00:00,91) [bioset]
(root,0,0,00:00:00,92) [bioset]
(root,0,0,00:00:00,93) [bioset]
(root,0,0,00:00:00,94) [bioset]
(root,0,0,00:00:00,95) [bioset]
(root,0,0,00:00:00,96) [bioset]
(root,0,0,00:00:00,97) [bioset]
(root,0,0,00:00:00,98) [bioset]
(root,0,0,00:00:00,103) [ipv6_addrconf]
(root,0,0,00:00:00,117) [deferwq]
(root,0,0,00:00:00,118) [charger_manager]
(root,0,0,00:00:00,158) [kpsmoused]
(root,0,0,00:00:00,167) [scsi_eh_0]
(root,0,0,00:00:00,171) [scsi_tmf_0]
(root,0,0,00:00:00,174) [scsi_eh_1]
(root,0,0,00:00:00,175) [scsi_tmf_1]
(root,0,0,00:00:00,199) [ttm_swap]
(root,0,0,00:00:00,204) [bioset]
(root,0,0,00:00:00,210) [scsi_eh_2]
(root,0,0,00:00:00,211) [scsi_tmf_2]
(root,0,0,00:02:02,212) [usb-storage]
(root,0,0,00:00:00,213) [uas]
(root,0,0,00:00:00,214) [scsi_eh_3]
(root,0,0,00:00:00,215) [scsi_tmf_3]
(root,0,0,00:02:01,216) [usb-storage]
(root,0,0,00:00:00,246) [scsi_eh_4]
(root,0,0,00:00:00,247) [scsi_tmf_4]
(root,0,0,00:01:38,248) [usb-storage]
(root,0,0,00:00:00,287) [bioset]
(root,0,0,00:00:00,301) [raid5wq]
(root,0,0,00:00:00,304) [bioset]
(root,0,0,00:00:00,333) [bioset]
(root,52028,2964,00:00:00,345) /usr/sbin/CRON -f
(root,4500,796,00:00:00,352) /bin/sh -c /bin/bash /usr/local/bin/checklist.sh 1800 >> /var/log/status.log
(root,16528,2912,00:00:00,354) /bin/bash /usr/local/bin/checklist.sh 1800
(root,0,0,00:00:00,359) [bioset]
(root,0,0,00:00:02,366) [kworker/0:1H]
(root,0,0,00:00:01,369) [kworker/2:1H]
(root,0,0,00:00:48,371) [jbd2/sda1-8]
(root,0,0,00:00:00,372) [ext4-rsv-conver]
(root,9124,640,00:00:00,374) sleep 729
(root,0,0,00:00:07,420) [kworker/7:1H]
(root,0,0,00:00:01,427) [kworker/4:1H]
(root,0,0,00:00:00,442) [kauditd]
(root,0,0,00:00:00,445) [iscsi_eh]
(root,0,0,00:00:02,451) [kworker/6:1H]
(root,0,0,00:00:02,454) [kworker/3:1H]
(root,0,0,00:00:02,455) [kworker/5:1H]
(root,35372,7900,00:20:46,460) /lib/systemd/systemd-journald
(root,0,0,00:00:00,465) [ib_addr]
(root,0,0,00:00:00,468) [ib_mcast]
(root,0,0,00:00:00,469) [ib_nl_sa_wq]
(root,0,0,00:00:00,472) [ib_cm]
(root,0,0,00:00:00,474) [iw_cm_wq]
(root,0,0,00:00:00,475) [rdma_cm]
(root,94768,1564,00:00:00,502) /sbin/lvmetad -f
(root,44964,4428,00:00:02,515) /lib/systemd/systemd-udevd
(root,0,0,00:00:00,522) [kworker/3:2]
(root,0,0,00:00:05,534) [kworker/1:1H]
(systemd+,100320,2572,00:00:02,562) /lib/systemd/systemd-timesyncd
(root,0,0,00:00:00,722) [kvm-irqfd-clean]
(root,0,0,00:00:00,853) [kworker/0:2]
(root,0,0,00:00:00,1066) [kworker/2:1]
(root,4392,1268,00:00:00,1082) /usr/sbin/acpid
(syslog,256388,4224,00:04:52,1084) /usr/sbin/rsyslogd -n
(root,30816,2800,00:00:07,1092) /usr/sbin/cron -f
(root,280044,6340,00:03:19,1105) /usr/lib/accountsservice/accounts-daemon
(message+,42900,3892,00:05:52,1107) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation
(root,28624,3152,00:01:57,1126) /lib/systemd/systemd-logind
(daemon,26040,2148,00:00:00,1129) /usr/sbin/atd -f
(root,235772,2192,00:00:36,1139) /usr/bin/lxcfs /var/lib/lxcfs/
(root,13368,164,00:00:00,1164) /sbin/mdadm --monitor --pid-file /run/mdadm/monitor.pid --daemonise --scan --syslog
(root,58208,4180,00:00:04,1166) lldpd: monitor
(root,5216,152,00:00:40,1218) /sbin/iscsid
(root,5716,3508,00:02:56,1219) /sbin/iscsid
(root,19568,2100,00:04:01,1367) /usr/sbin/irqbalance --pid=/var/run/irqbalance.pid
(root,14232,2164,00:02:38,1406) /usr/sbin/lldpad -d
(root,277084,6124,00:00:00,1425) /usr/lib/policykit-1/polkitd --no-debug
(root,65508,6420,00:02:22,1451) /usr/sbin/sshd -D
(root,15052,2164,00:00:09,1473) /usr/sbin/xinetd -pidfile /run/xinetd.pid -stayalive -inetd_compat -inetd_ipv6
(_lldpd,58208,2736,00:00:41,1489) lldpd: 2 neighbors
(root,154496,38700,00:01:39,1589) /usr/bin/ruby /usr/bin/puppet agent
(root,17772,1788,00:00:19,1647) /sbin/agetty --noclear tty1 linux
(root,0,0,00:00:00,1858) [kworker/7:1]
(root,0,0,00:00:00,1977) [kworker/u16:2]
(root,0,0,00:00:00,2394) [kworker/6:2]
(root,0,0,00:00:00,2854) [kworker/1:0]
(root,0,0,00:00:00,3077) [kworker/5:2]
(root,0,0,00:00:00,3501) [kworker/4:2]
(root,0,0,00:00:00,3502) [systemctl] <defunct>
(root,0,0,00:00:00,3503) [lookup.check.sh] <defunct>
(root,0,0,00:00:00,3618) [kworker/3:1]
(root,24928,3352,00:00:00,3799) /bin/bash /usr/bin/check_mk_agent
(root,34420,2944,00:00:00,3819) ps ax -o user,vsz,rss,cputime,pid,command --columns 10000
(root,13360,1084,00:00:00,3820) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4,\5) /
(root,0,0,00:00:00,11173) [kworker/u16:1]
(root,0,0,00:00:00,17164) [kworker/u16:0]
(chilli,33916,11096,15:20:07,19060) /usr/sbin/chilli --fg
(dnsmasq,56996,2848,00:00:53,19755) /usr/sbin/dnsmasq -x /run/dnsmasq/dnsmasq.pid -u dnsmasq -I lo -7 /etc/dnsmasq.d,.dpkg-dist,.dpkg-old,.dpkg-new --local-service --trust-anchor=.,19036,8,2,49aac11d7b6f6446702e54a1607371607a1a41855200fd2ce1cdde32f24e8fb5 --trust-anchor=.,20326,8,2,e06d44b80b8f1d39a95c0b0d7c65d08458e880409bbc683457104237c7f8ec8d
(root,0,0,00:00:00,22398) [kworker/u16:3]
(root,52028,2932,00:00:00,25030) /usr/sbin/CRON -f
(root,4500,696,00:00:00,25033) /bin/sh -c /bin/bash /usr/local/bin/checklist.sh 1800 >> /var/log/status.log
(root,16528,2976,00:00:00,25036) /bin/bash /usr/local/bin/checklist.sh 1800
(root,9124,668,00:00:00,25040) sleep 1755
(root,0,0,00:00:00,25500) [kworker/2:0]
(root,42028,6144,00:01:43,25510) /usr/sbin/openvpn --daemon ovpn-99 --status /run/openvpn/99.status 10 --cd /etc/openvpn --script-security 2 --config /etc/openvpn/99.conf --writepid /run/openvpn/99.pid
(root,108184,2708,00:00:02,26185) /usr/bin/monit -c /etc/monit/monitrc
(root,0,0,00:00:00,26701) [kworker/6:0]
(root,0,0,00:00:00,26928) [kworker/4:1]
(root,0,0,00:00:00,27156) [kworker/1:1]
(root,0,0,00:00:00,27264) [kworker/5:1]
(root,0,0,00:00:00,27699) [kworker/7:0]
(root,0,0,00:00:00,29657) [kworker/4:0]
(root,0,0,00:00:00,29883) [kworker/3:0]
(root,0,0,00:00:00,30199) [kworker/0:0]
(root,0,0,00:00:00,30425) [kworker/7:2]
(root,0,0,00:00:00,30777) [kworker/6:1]
(root,0,0,00:00:00,31964) [kworker/5:0]
(root,0,0,00:00:00,32383) [kworker/1:2]

Found on 2024-11-28 01:06

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcb0928f4f5d588c3c6d1d4d0fd5fda4398a5a1d3df

Found public CheckMk agent:
Version: 1.2.6p12
AgentOS: linux
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
OnlyFrom: 

Found process list through CheckMk:
(root,185120,5648,01:57:55,1) /sbin/init
(root,0,0,00:00:02,2) [kthreadd]
(root,0,0,00:00:30,3) [ksoftirqd/0]
(root,0,0,00:00:00,5) [kworker/0:0H]
(root,0,0,00:23:28,7) [rcu_sched]
(root,0,0,00:00:00,8) [rcu_bh]
(root,0,0,00:00:23,9) [migration/0]
(root,0,0,00:00:05,10) [watchdog/0]
(root,0,0,00:00:05,11) [watchdog/1]
(root,0,0,00:00:23,12) [migration/1]
(root,0,0,00:00:54,13) [ksoftirqd/1]
(root,0,0,00:00:00,15) [kworker/1:0H]
(root,0,0,00:00:05,16) [watchdog/2]
(root,0,0,00:00:22,17) [migration/2]
(root,0,0,00:00:35,18) [ksoftirqd/2]
(root,0,0,00:00:00,20) [kworker/2:0H]
(root,0,0,00:00:04,21) [watchdog/3]
(root,0,0,00:00:22,22) [migration/3]
(root,0,0,00:00:34,23) [ksoftirqd/3]
(root,0,0,00:00:00,25) [kworker/3:0H]
(root,0,0,00:00:05,26) [watchdog/4]
(root,0,0,00:00:22,27) [migration/4]
(root,0,0,00:00:33,28) [ksoftirqd/4]
(root,0,0,00:00:00,30) [kworker/4:0H]
(root,0,0,00:00:04,31) [watchdog/5]
(root,0,0,00:00:22,32) [migration/5]
(root,0,0,00:00:32,33) [ksoftirqd/5]
(root,0,0,00:00:00,35) [kworker/5:0H]
(root,0,0,00:00:05,36) [watchdog/6]
(root,0,0,00:00:23,37) [migration/6]
(root,0,0,00:00:42,38) [ksoftirqd/6]
(root,0,0,00:00:00,40) [kworker/6:0H]
(root,0,0,00:00:04,41) [watchdog/7]
(root,0,0,00:00:23,42) [migration/7]
(root,0,0,00:00:46,43) [ksoftirqd/7]
(root,0,0,00:00:00,45) [kworker/7:0H]
(root,0,0,00:00:00,46) [kdevtmpfs]
(root,0,0,00:00:00,47) [netns]
(root,0,0,00:00:00,48) [perf]
(root,0,0,00:00:01,49) [khungtaskd]
(root,0,0,00:00:00,50) [writeback]
(root,0,0,00:00:00,51) [ksmd]
(root,0,0,00:00:00,52) [khugepaged]
(root,0,0,00:00:00,53) [crypto]
(root,0,0,00:00:00,54) [kintegrityd]
(root,0,0,00:00:00,55) [bioset]
(root,0,0,00:00:00,56) [kblockd]
(root,0,0,00:00:00,57) [ata_sff]
(root,0,0,00:00:00,58) [md]
(root,0,0,00:00:00,59) [devfreq_wq]
(root,0,0,00:00:00,64) [kswapd0]
(root,0,0,00:00:00,65) [vmstat]
(root,0,0,00:00:00,66) [fsnotify_mark]
(root,0,0,00:00:00,67) [ecryptfs-kthrea]
(root,0,0,00:00:00,83) [kthrotld]
(root,0,0,00:00:00,90) [acpi_thermal_pm]
(root,0,0,00:00:00,91) [bioset]
(root,0,0,00:00:00,92) [bioset]
(root,0,0,00:00:00,93) [bioset]
(root,0,0,00:00:00,94) [bioset]
(root,0,0,00:00:00,95) [bioset]
(root,0,0,00:00:00,96) [bioset]
(root,0,0,00:00:00,97) [bioset]
(root,0,0,00:00:00,98) [bioset]
(root,0,0,00:00:00,103) [ipv6_addrconf]
(root,0,0,00:00:00,117) [deferwq]
(root,0,0,00:00:00,118) [charger_manager]
(root,0,0,00:00:00,158) [kpsmoused]
(root,0,0,00:00:00,167) [scsi_eh_0]
(root,0,0,00:00:00,171) [scsi_tmf_0]
(root,0,0,00:00:00,174) [scsi_eh_1]
(root,0,0,00:00:00,175) [scsi_tmf_1]
(root,0,0,00:00:00,199) [ttm_swap]
(root,0,0,00:00:00,204) [bioset]
(root,0,0,00:00:00,210) [scsi_eh_2]
(root,0,0,00:00:00,211) [scsi_tmf_2]
(root,0,0,00:01:54,212) [usb-storage]
(root,0,0,00:00:00,213) [uas]
(root,0,0,00:00:00,214) [scsi_eh_3]
(root,0,0,00:00:00,215) [scsi_tmf_3]
(root,0,0,00:01:53,216) [usb-storage]
(root,0,0,00:00:00,246) [scsi_eh_4]
(root,0,0,00:00:00,247) [scsi_tmf_4]
(root,0,0,00:01:31,248) [usb-storage]
(root,0,0,00:00:00,287) [bioset]
(root,0,0,00:00:00,301) [raid5wq]
(root,0,0,00:00:00,304) [bioset]
(root,0,0,00:00:00,333) [bioset]
(root,0,0,00:00:00,359) [bioset]
(root,0,0,00:00:01,366) [kworker/0:1H]
(root,0,0,00:00:01,369) [kworker/2:1H]
(root,0,0,00:00:45,371) [jbd2/sda1-8]
(root,0,0,00:00:00,372) [ext4-rsv-conver]
(root,0,0,00:00:06,420) [kworker/7:1H]
(root,0,0,00:00:01,427) [kworker/4:1H]
(root,0,0,00:00:00,442) [kauditd]
(root,0,0,00:00:00,445) [iscsi_eh]
(root,0,0,00:00:02,451) [kworker/6:1H]
(root,0,0,00:00:02,454) [kworker/3:1H]
(root,0,0,00:00:02,455) [kworker/5:1H]
(root,35372,6420,00:19:12,460) /lib/systemd/systemd-journald
(root,0,0,00:00:00,465) [ib_addr]
(root,0,0,00:00:00,468) [ib_mcast]
(root,0,0,00:00:00,469) [ib_nl_sa_wq]
(root,0,0,00:00:00,472) [ib_cm]
(root,0,0,00:00:00,474) [iw_cm_wq]
(root,0,0,00:00:00,475) [rdma_cm]
(root,94768,1564,00:00:00,502) /sbin/lvmetad -f
(root,44964,4428,00:00:02,515) /lib/systemd/systemd-udevd
(root,0,0,00:00:04,534) [kworker/1:1H]
(systemd+,100320,2572,00:00:02,562) /lib/systemd/systemd-timesyncd
(root,0,0,00:00:00,722) [kvm-irqfd-clean]
(root,4392,1268,00:00:00,1082) /usr/sbin/acpid
(syslog,256388,4224,00:04:30,1084) /usr/sbin/rsyslogd -n
(root,30816,2800,00:00:06,1092) /usr/sbin/cron -f
(root,280044,6340,00:03:06,1105) /usr/lib/accountsservice/accounts-daemon
(message+,42900,3892,00:05:29,1107) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation
(root,28624,3152,00:01:49,1126) /lib/systemd/systemd-logind
(daemon,26040,2148,00:00:00,1129) /usr/sbin/atd -f
(root,235772,2192,00:00:33,1139) /usr/bin/lxcfs /var/lib/lxcfs/
(root,13368,164,00:00:00,1164) /sbin/mdadm --monitor --pid-file /run/mdadm/monitor.pid --daemonise --scan --syslog
(root,58208,4180,00:00:03,1166) lldpd: monitor
(root,5216,152,00:00:37,1218) /sbin/iscsid
(root,5716,3508,00:02:44,1219) /sbin/iscsid
(root,19568,2100,00:03:45,1367) /usr/sbin/irqbalance --pid=/var/run/irqbalance.pid
(root,14232,2164,00:02:28,1406) /usr/sbin/lldpad -d
(root,277084,6124,00:00:00,1425) /usr/lib/policykit-1/polkitd --no-debug
(root,65508,6420,00:02:13,1451) /usr/sbin/sshd -D
(root,15052,2164,00:00:09,1473) /usr/sbin/xinetd -pidfile /run/xinetd.pid -stayalive -inetd_compat -inetd_ipv6
(_lldpd,58208,2736,00:00:38,1489) lldpd: 2 neighbors
(root,154496,38700,00:01:33,1589) /usr/bin/ruby /usr/bin/puppet agent
(root,17772,1788,00:00:19,1647) /sbin/agetty --noclear tty1 linux
(root,0,0,00:00:00,5903) [kworker/u16:1]
(root,0,0,00:00:00,9445) [kworker/4:0]
(dnsmasq,56864,2724,00:00:02,9967) /usr/sbin/dnsmasq -x /run/dnsmasq/dnsmasq.pid -u dnsmasq -I lo -7 /etc/dnsmasq.d,.dpkg-dist,.dpkg-old,.dpkg-new --local-service --trust-anchor=.,19036,8,2,49aac11d7b6f6446702e54a1607371607a1a41855200fd2ce1cdde32f24e8fb5 --trust-anchor=.,20326,8,2,e06d44b80b8f1d39a95c0b0d7c65d08458e880409bbc683457104237c7f8ec8d
(root,108184,2720,00:00:02,14045) /usr/bin/monit -c /etc/monit/monitrc
(root,0,0,00:00:00,15848) [kworker/2:1]
(root,0,0,00:00:00,16196) [kworker/3:0]
(root,0,0,00:00:00,16519) [kworker/1:1]
(root,0,0,00:00:00,16640) [kworker/0:1]
(root,0,0,00:00:00,16984) [kworker/7:2]
(root,0,0,00:00:00,18346) [kworker/6:1]
(root,0,0,00:00:00,18583) [kworker/5:0]
(chilli,33916,11092,14:07:27,19060) /usr/sbin/chilli --fg
(root,0,0,00:00:00,19387) [kworker/1:0]
(root,0,0,00:00:00,19941) [kworker/2:2]
(root,0,0,00:00:00,20178) [kworker/7:1]
(root,0,0,00:00:00,20413) [kworker/0:2]
(root,0,0,00:00:00,20644) [kworker/4:2]
(root,52028,2964,00:00:00,20744) /usr/sbin/CRON -f
(root,4500,708,00:00:00,20750) /bin/sh -c /bin/bash /usr/local/bin/checklist.sh 1800 >> /var/log/status.log
(root,16528,2908,00:00:00,20752) /bin/bash /usr/local/bin/checklist.sh 1800
(root,9124,804,00:00:00,20764) sleep 938
(root,0,0,00:00:00,21010) [kworker/u16:3]
(root,0,0,00:00:00,21171) [kworker/3:1]
(root,0,0,00:00:00,21391) [kworker/5:2]
(root,0,0,00:00:00,21715) [kworker/6:0]
(root,0,0,00:00:00,22845) [kworker/1:2]
(root,0,0,00:00:00,23185) [kworker/7:0]
(root,0,0,00:00:00,23853) [kworker/4:1]
(root,0,0,00:00:00,24077) [kworker/3:2]
(root,0,0,00:00:00,24627) [kworker/0:0]
(root,0,0,00:00:00,24735) [systemctl] <defunct>
(root,0,0,00:00:00,24736) [lookup.check.sh] <defunct>
(root,65508,6024,00:00:00,24749) sshd: [accepted]
(root,92676,6672,00:00:00,24860) sshd: unknown [priv]
(sshd,65508,3136,00:00:00,24861) sshd: unknown [net]
(root,24928,3352,00:00:00,25003) /bin/bash /usr/bin/check_mk_agent
(root,34420,2932,00:00:00,25022) ps ax -o user,vsz,rss,cputime,pid,command --columns 10000
(root,13360,1032,00:00:00,25023) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4,\5) /
(root,42028,6144,00:01:29,25510) /usr/sbin/openvpn --daemon ovpn-99 --status /run/openvpn/99.status 10 --cd /etc/openvpn --script-security 2 --config /etc/openvpn/99.conf --writepid /run/openvpn/99.pid
(root,0,0,00:00:00,29933) [kworker/u16:0]

Found on 2024-11-26 01:07

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcb0928f4f5d588c3c6d1d4d0fd5fda4398ffcbdf90

Found public CheckMk agent:
Version: 1.2.6p12
AgentOS: linux
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
OnlyFrom: 

Found process list through CheckMk:
(root,185120,5648,01:49:36,1) /sbin/init
(root,0,0,00:00:02,2) [kthreadd]
(root,0,0,00:00:27,3) [ksoftirqd/0]
(root,0,0,00:00:00,5) [kworker/0:0H]
(root,0,0,00:21:48,7) [rcu_sched]
(root,0,0,00:00:00,8) [rcu_bh]
(root,0,0,00:00:21,9) [migration/0]
(root,0,0,00:00:05,10) [watchdog/0]
(root,0,0,00:00:04,11) [watchdog/1]
(root,0,0,00:00:21,12) [migration/1]
(root,0,0,00:00:51,13) [ksoftirqd/1]
(root,0,0,00:00:00,15) [kworker/1:0H]
(root,0,0,00:00:05,16) [watchdog/2]
(root,0,0,00:00:20,17) [migration/2]
(root,0,0,00:00:32,18) [ksoftirqd/2]
(root,0,0,00:00:00,20) [kworker/2:0H]
(root,0,0,00:00:04,21) [watchdog/3]
(root,0,0,00:00:20,22) [migration/3]
(root,0,0,00:00:32,23) [ksoftirqd/3]
(root,0,0,00:00:00,25) [kworker/3:0H]
(root,0,0,00:00:05,26) [watchdog/4]
(root,0,0,00:00:21,27) [migration/4]
(root,0,0,00:00:31,28) [ksoftirqd/4]
(root,0,0,00:00:00,30) [kworker/4:0H]
(root,0,0,00:00:04,31) [watchdog/5]
(root,0,0,00:00:21,32) [migration/5]
(root,0,0,00:00:30,33) [ksoftirqd/5]
(root,0,0,00:00:00,35) [kworker/5:0H]
(root,0,0,00:00:05,36) [watchdog/6]
(root,0,0,00:00:22,37) [migration/6]
(root,0,0,00:00:39,38) [ksoftirqd/6]
(root,0,0,00:00:00,40) [kworker/6:0H]
(root,0,0,00:00:04,41) [watchdog/7]
(root,0,0,00:00:22,42) [migration/7]
(root,0,0,00:00:43,43) [ksoftirqd/7]
(root,0,0,00:00:00,45) [kworker/7:0H]
(root,0,0,00:00:00,46) [kdevtmpfs]
(root,0,0,00:00:00,47) [netns]
(root,0,0,00:00:00,48) [perf]
(root,0,0,00:00:01,49) [khungtaskd]
(root,0,0,00:00:00,50) [writeback]
(root,0,0,00:00:00,51) [ksmd]
(root,0,0,00:00:00,52) [khugepaged]
(root,0,0,00:00:00,53) [crypto]
(root,0,0,00:00:00,54) [kintegrityd]
(root,0,0,00:00:00,55) [bioset]
(root,0,0,00:00:00,56) [kblockd]
(root,0,0,00:00:00,57) [ata_sff]
(root,0,0,00:00:00,58) [md]
(root,0,0,00:00:00,59) [devfreq_wq]
(root,0,0,00:00:00,64) [kswapd0]
(root,0,0,00:00:00,65) [vmstat]
(root,0,0,00:00:00,66) [fsnotify_mark]
(root,0,0,00:00:00,67) [ecryptfs-kthrea]
(root,0,0,00:00:00,83) [kthrotld]
(root,0,0,00:00:00,90) [acpi_thermal_pm]
(root,0,0,00:00:00,91) [bioset]
(root,0,0,00:00:00,92) [bioset]
(root,0,0,00:00:00,93) [bioset]
(root,0,0,00:00:00,94) [bioset]
(root,0,0,00:00:00,95) [bioset]
(root,0,0,00:00:00,96) [bioset]
(root,0,0,00:00:00,97) [bioset]
(root,0,0,00:00:00,98) [bioset]
(root,0,0,00:00:00,103) [ipv6_addrconf]
(root,0,0,00:00:00,117) [deferwq]
(root,0,0,00:00:00,118) [charger_manager]
(root,0,0,00:00:00,158) [kpsmoused]
(root,0,0,00:00:00,167) [scsi_eh_0]
(root,0,0,00:00:00,171) [scsi_tmf_0]
(root,0,0,00:00:00,174) [scsi_eh_1]
(root,0,0,00:00:00,175) [scsi_tmf_1]
(root,0,0,00:00:00,199) [ttm_swap]
(root,0,0,00:00:00,204) [bioset]
(root,0,0,00:00:00,210) [scsi_eh_2]
(root,0,0,00:00:00,211) [scsi_tmf_2]
(root,0,0,00:01:46,212) [usb-storage]
(root,0,0,00:00:00,213) [uas]
(root,0,0,00:00:00,214) [scsi_eh_3]
(root,0,0,00:00:00,215) [scsi_tmf_3]
(root,0,0,00:01:45,216) [usb-storage]
(root,0,0,00:00:00,246) [scsi_eh_4]
(root,0,0,00:00:00,247) [scsi_tmf_4]
(root,0,0,00:01:25,248) [usb-storage]
(root,0,0,00:00:00,287) [bioset]
(root,0,0,00:00:00,301) [raid5wq]
(root,0,0,00:00:00,304) [bioset]
(root,0,0,00:00:00,333) [bioset]
(root,0,0,00:00:00,359) [bioset]
(root,0,0,00:00:01,366) [kworker/0:1H]
(root,0,0,00:00:01,369) [kworker/2:1H]
(root,0,0,00:00:41,371) [jbd2/sda1-8]
(root,0,0,00:00:00,372) [ext4-rsv-conver]
(root,0,0,00:00:06,420) [kworker/7:1H]
(root,0,0,00:00:01,427) [kworker/4:1H]
(root,0,0,00:00:00,442) [kauditd]
(root,0,0,00:00:00,445) [iscsi_eh]
(root,0,0,00:00:02,451) [kworker/6:1H]
(root,0,0,00:00:02,454) [kworker/3:1H]
(root,0,0,00:00:01,455) [kworker/5:1H]
(root,35372,6060,00:17:43,460) /lib/systemd/systemd-journald
(root,0,0,00:00:00,465) [ib_addr]
(root,0,0,00:00:00,468) [ib_mcast]
(root,0,0,00:00:00,469) [ib_nl_sa_wq]
(root,0,0,00:00:00,472) [ib_cm]
(root,0,0,00:00:00,474) [iw_cm_wq]
(root,0,0,00:00:00,475) [rdma_cm]
(root,94768,1564,00:00:00,502) /sbin/lvmetad -f
(root,44964,4428,00:00:02,515) /lib/systemd/systemd-udevd
(root,0,0,00:00:04,534) [kworker/1:1H]
(systemd+,100320,2572,00:00:02,562) /lib/systemd/systemd-timesyncd
(root,0,0,00:00:00,722) [kvm-irqfd-clean]
(root,4392,1268,00:00:00,1082) /usr/sbin/acpid
(syslog,256388,4188,00:04:10,1084) /usr/sbin/rsyslogd -n
(root,30816,2800,00:00:06,1092) /usr/sbin/cron -f
(root,280044,6340,00:02:52,1105) /usr/lib/accountsservice/accounts-daemon
(message+,42900,3892,00:05:06,1107) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation
(root,28624,3152,00:01:42,1126) /lib/systemd/systemd-logind
(daemon,26040,2148,00:00:00,1129) /usr/sbin/atd -f
(root,235772,2192,00:00:31,1139) /usr/bin/lxcfs /var/lib/lxcfs/
(root,13368,164,00:00:00,1164) /sbin/mdadm --monitor --pid-file /run/mdadm/monitor.pid --daemonise --scan --syslog
(root,58208,4180,00:00:03,1166) lldpd: monitor
(root,5216,152,00:00:35,1218) /sbin/iscsid
(root,5716,3508,00:02:33,1219) /sbin/iscsid
(root,19568,2100,00:03:29,1367) /usr/sbin/irqbalance --pid=/var/run/irqbalance.pid
(root,14232,2164,00:02:18,1406) /usr/sbin/lldpad -d
(root,277084,6124,00:00:00,1425) /usr/lib/policykit-1/polkitd --no-debug
(root,65508,6420,00:02:02,1451) /usr/sbin/sshd -D
(root,15052,2164,00:00:08,1473) /usr/sbin/xinetd -pidfile /run/xinetd.pid -stayalive -inetd_compat -inetd_ipv6
(root,0,0,00:00:00,1482) [kworker/u16:2]
(_lldpd,58208,2736,00:00:35,1489) lldpd: 2 neighbors
(root,154496,38700,00:01:26,1589) /usr/bin/ruby /usr/bin/puppet agent
(root,17772,1788,00:00:19,1647) /sbin/agetty --noclear tty1 linux
(root,0,0,00:00:00,3091) [kworker/1:1]
(root,0,0,00:00:00,7714) [kworker/5:1]
(root,0,0,00:00:00,8140) [kworker/4:1]
(root,0,0,00:00:00,9473) [kworker/7:1]
(root,0,0,00:00:00,9929) [kworker/0:1]
(root,0,0,00:00:00,10250) [kworker/6:1]
(root,0,0,00:00:00,10592) [kworker/3:1]
(root,0,0,00:00:00,11026) [kworker/5:0]
(root,0,0,00:00:00,11379) [kworker/2:2]
(root,0,0,00:00:00,11810) [kworker/1:2]
(root,0,0,00:00:00,12716) [kworker/4:0]
(root,0,0,00:00:00,12835) [kworker/0:0]
(root,0,0,00:00:00,13411) [kworker/7:0]
(root,0,0,00:00:00,13651) [kworker/3:2]
(root,0,0,00:00:00,13981) [kworker/6:0]
(root,0,0,00:00:00,14881) [kworker/2:1]
(root,52028,2964,00:00:00,14882) /usr/sbin/CRON -f
(root,4500,712,00:00:00,14887) /bin/sh -c /bin/bash /usr/local/bin/checklist.sh 1800 >> /var/log/status.log
(root,16528,3144,00:00:00,14890) /bin/bash /usr/local/bin/checklist.sh 1800
(root,9124,660,00:00:00,14892) sleep 1131
(root,0,0,00:00:00,14916) [kworker/1:0]
(dnsmasq,56864,2852,00:00:26,15035) /usr/sbin/dnsmasq -x /run/dnsmasq/dnsmasq.pid -u dnsmasq -I lo -7 /etc/dnsmasq.d,.dpkg-dist,.dpkg-old,.dpkg-new --local-service --trust-anchor=.,19036,8,2,49aac11d7b6f6446702e54a1607371607a1a41855200fd2ce1cdde32f24e8fb5 --trust-anchor=.,20326,8,2,e06d44b80b8f1d39a95c0b0d7c65d08458e880409bbc683457104237c7f8ec8d
(root,0,0,00:00:00,15371) [kworker/5:2]
(root,108184,2712,00:00:02,15918) /usr/bin/monit -c /etc/monit/monitrc
(root,0,0,00:00:00,16267) [kworker/0:2]
(root,0,0,00:00:00,16697) [kworker/4:2]
(root,0,0,00:00:00,16760) [kworker/u16:0]
(root,0,0,00:00:00,16923) [kworker/7:2]
(root,0,0,00:00:00,17154) [systemctl] <defunct>
(root,0,0,00:00:00,17155) [lookup.check.sh] <defunct>
(root,24928,3264,00:00:00,17642) /bin/bash /usr/bin/check_mk_agent
(root,34420,2988,00:00:00,17661) ps ax -o user,vsz,rss,cputime,pid,command --columns 10000
(root,13360,1052,00:00:00,17662) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4,\5) /
(chilli,33916,11092,13:09:15,19060) /usr/sbin/chilli --fg
(root,0,0,00:00:02,23710) [kworker/u16:1]
(root,0,0,00:00:00,25108) [kworker/u16:3]
(root,42028,6144,00:01:14,25510) /usr/sbin/openvpn --daemon ovpn-99 --status /run/openvpn/99.status 10 --cd /etc/openvpn --script-security 2 --config /etc/openvpn/99.conf --writepid /run/openvpn/99.pid

Found on 2024-11-24 00:50

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcb0928f4f5d588c3c6d1d4d0fd5fda4398edda5e6d

Found public CheckMk agent:
Version: 1.2.6p12
AgentOS: linux
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
OnlyFrom: 

Found process list through CheckMk:
(root,185120,5644,01:41:21,1) /sbin/init
(root,0,0,00:00:02,2) [kthreadd]
(root,0,0,00:00:25,3) [ksoftirqd/0]
(root,0,0,00:00:00,5) [kworker/0:0H]
(root,0,0,00:20:07,7) [rcu_sched]
(root,0,0,00:00:00,8) [rcu_bh]
(root,0,0,00:00:20,9) [migration/0]
(root,0,0,00:00:04,10) [watchdog/0]
(root,0,0,00:00:04,11) [watchdog/1]
(root,0,0,00:00:20,12) [migration/1]
(root,0,0,00:00:47,13) [ksoftirqd/1]
(root,0,0,00:00:00,15) [kworker/1:0H]
(root,0,0,00:00:04,16) [watchdog/2]
(root,0,0,00:00:18,17) [migration/2]
(root,0,0,00:00:30,18) [ksoftirqd/2]
(root,0,0,00:00:00,20) [kworker/2:0H]
(root,0,0,00:00:03,21) [watchdog/3]
(root,0,0,00:00:19,22) [migration/3]
(root,0,0,00:00:29,23) [ksoftirqd/3]
(root,0,0,00:00:00,25) [kworker/3:0H]
(root,0,0,00:00:04,26) [watchdog/4]
(root,0,0,00:00:19,27) [migration/4]
(root,0,0,00:00:28,28) [ksoftirqd/4]
(root,0,0,00:00:00,30) [kworker/4:0H]
(root,0,0,00:00:03,31) [watchdog/5]
(root,0,0,00:00:19,32) [migration/5]
(root,0,0,00:00:27,33) [ksoftirqd/5]
(root,0,0,00:00:00,35) [kworker/5:0H]
(root,0,0,00:00:04,36) [watchdog/6]
(root,0,0,00:00:20,37) [migration/6]
(root,0,0,00:00:36,38) [ksoftirqd/6]
(root,0,0,00:00:00,40) [kworker/6:0H]
(root,0,0,00:00:03,41) [watchdog/7]
(root,0,0,00:00:20,42) [migration/7]
(root,0,0,00:00:40,43) [ksoftirqd/7]
(root,0,0,00:00:00,45) [kworker/7:0H]
(root,0,0,00:00:00,46) [kdevtmpfs]
(root,0,0,00:00:00,47) [netns]
(root,0,0,00:00:00,48) [perf]
(root,0,0,00:00:01,49) [khungtaskd]
(root,0,0,00:00:00,50) [writeback]
(root,0,0,00:00:00,51) [ksmd]
(root,0,0,00:00:00,52) [khugepaged]
(root,0,0,00:00:00,53) [crypto]
(root,0,0,00:00:00,54) [kintegrityd]
(root,0,0,00:00:00,55) [bioset]
(root,0,0,00:00:00,56) [kblockd]
(root,0,0,00:00:00,57) [ata_sff]
(root,0,0,00:00:00,58) [md]
(root,0,0,00:00:00,59) [devfreq_wq]
(root,0,0,00:00:00,64) [kswapd0]
(root,0,0,00:00:00,65) [vmstat]
(root,0,0,00:00:00,66) [fsnotify_mark]
(root,0,0,00:00:00,67) [ecryptfs-kthrea]
(root,0,0,00:00:00,83) [kthrotld]
(root,0,0,00:00:00,90) [acpi_thermal_pm]
(root,0,0,00:00:00,91) [bioset]
(root,0,0,00:00:00,92) [bioset]
(root,0,0,00:00:00,93) [bioset]
(root,0,0,00:00:00,94) [bioset]
(root,0,0,00:00:00,95) [bioset]
(root,0,0,00:00:00,96) [bioset]
(root,0,0,00:00:00,97) [bioset]
(root,0,0,00:00:00,98) [bioset]
(root,0,0,00:00:00,103) [ipv6_addrconf]
(root,0,0,00:00:00,117) [deferwq]
(root,0,0,00:00:00,118) [charger_manager]
(root,0,0,00:00:00,158) [kpsmoused]
(root,0,0,00:00:00,167) [scsi_eh_0]
(root,0,0,00:00:00,171) [scsi_tmf_0]
(root,0,0,00:00:00,174) [scsi_eh_1]
(root,0,0,00:00:00,175) [scsi_tmf_1]
(root,0,0,00:00:00,199) [ttm_swap]
(root,0,0,00:00:00,204) [bioset]
(root,0,0,00:00:00,210) [scsi_eh_2]
(root,0,0,00:00:00,211) [scsi_tmf_2]
(root,0,0,00:01:38,212) [usb-storage]
(root,0,0,00:00:00,213) [uas]
(root,0,0,00:00:00,214) [scsi_eh_3]
(root,0,0,00:00:00,215) [scsi_tmf_3]
(root,0,0,00:01:37,216) [usb-storage]
(root,0,0,00:00:00,246) [scsi_eh_4]
(root,0,0,00:00:00,247) [scsi_tmf_4]
(root,0,0,00:01:18,248) [usb-storage]
(root,0,0,00:00:00,287) [bioset]
(root,0,0,00:00:00,301) [raid5wq]
(root,0,0,00:00:00,304) [bioset]
(root,0,0,00:00:00,333) [bioset]
(root,0,0,00:00:00,359) [bioset]
(root,0,0,00:00:01,366) [kworker/0:1H]
(root,0,0,00:00:01,369) [kworker/2:1H]
(root,0,0,00:00:38,371) [jbd2/sda1-8]
(root,0,0,00:00:00,372) [ext4-rsv-conver]
(root,0,0,00:00:05,420) [kworker/7:1H]
(root,0,0,00:00:01,427) [kworker/4:1H]
(root,0,0,00:00:00,442) [kauditd]
(root,0,0,00:00:00,445) [iscsi_eh]
(root,0,0,00:00:02,451) [kworker/6:1H]
(root,0,0,00:00:01,454) [kworker/3:1H]
(root,0,0,00:00:01,455) [kworker/5:1H]
(root,35372,3212,00:16:29,460) /lib/systemd/systemd-journald
(root,0,0,00:00:00,465) [ib_addr]
(root,0,0,00:00:00,468) [ib_mcast]
(root,0,0,00:00:00,469) [ib_nl_sa_wq]
(root,0,0,00:00:00,472) [ib_cm]
(root,0,0,00:00:00,474) [iw_cm_wq]
(root,0,0,00:00:00,475) [rdma_cm]
(root,0,0,00:00:00,500) [kworker/7:1]
(root,94768,1564,00:00:00,502) /sbin/lvmetad -f
(root,44964,4428,00:00:02,515) /lib/systemd/systemd-udevd
(root,0,0,00:00:04,534) [kworker/1:1H]
(systemd+,100320,2572,00:00:01,562) /lib/systemd/systemd-timesyncd
(root,0,0,00:00:00,722) [kvm-irqfd-clean]
(root,0,0,00:00:00,897) [kworker/2:0]
(root,4392,1268,00:00:00,1082) /usr/sbin/acpid
(syslog,256388,4188,00:03:52,1084) /usr/sbin/rsyslogd -n
(root,30816,2800,00:00:05,1092) /usr/sbin/cron -f
(root,280044,6340,00:02:40,1105) /usr/lib/accountsservice/accounts-daemon
(message+,42900,3892,00:04:43,1107) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation
(root,28624,3152,00:01:34,1126) /lib/systemd/systemd-logind
(daemon,26040,2148,00:00:00,1129) /usr/sbin/atd -f
(root,235772,2192,00:00:28,1139) /usr/bin/lxcfs /var/lib/lxcfs/
(root,13368,164,00:00:00,1164) /sbin/mdadm --monitor --pid-file /run/mdadm/monitor.pid --daemonise --scan --syslog
(root,58208,4180,00:00:03,1166) lldpd: monitor
(root,5216,152,00:00:32,1218) /sbin/iscsid
(root,5716,3508,00:02:21,1219) /sbin/iscsid
(root,19568,2100,00:03:14,1367) /usr/sbin/irqbalance --pid=/var/run/irqbalance.pid
(root,14232,2164,00:02:07,1406) /usr/sbin/lldpad -d
(root,277084,6124,00:00:00,1425) /usr/lib/policykit-1/polkitd --no-debug
(root,65508,6420,00:01:55,1451) /usr/sbin/sshd -D
(root,15052,2164,00:00:07,1473) /usr/sbin/xinetd -pidfile /run/xinetd.pid -stayalive -inetd_compat -inetd_ipv6
(_lldpd,58208,2736,00:00:33,1489) lldpd: 2 neighbors
(root,154496,38700,00:01:20,1589) /usr/bin/ruby /usr/bin/puppet agent
(root,0,0,00:00:00,1630) [kworker/6:2]
(root,17772,1788,00:00:19,1647) /sbin/agetty --noclear tty1 linux
(root,0,0,00:00:00,2084) [kworker/5:1]
(root,0,0,00:00:00,2427) [kworker/0:1]
(root,0,0,00:00:00,2660) [kworker/3:2]
(root,0,0,00:00:00,3117) [kworker/1:2]
(root,0,0,00:00:00,5020) [kworker/6:1]
(root,0,0,00:00:00,5135) [kworker/7:0]
(root,0,0,00:00:01,5593) [kworker/u16:1]
(root,0,0,00:00:00,5772) [kworker/0:0]
(root,0,0,00:00:00,5894) [kworker/5:2]
(root,0,0,00:00:00,6111) [kworker/3:1]
(root,52028,2964,00:00:00,6114) /usr/sbin/CRON -f
(root,4500,712,00:00:00,6119) /bin/sh -c /bin/bash /usr/local/bin/checklist.sh 1800 >> /var/log/status.log
(root,16528,3140,00:00:00,6122) /bin/bash /usr/local/bin/checklist.sh 1800
(root,9124,804,00:00:00,6124) sleep 689
(root,108184,2704,00:00:02,6157) /usr/bin/monit -c /etc/monit/monitrc
(root,0,0,00:00:00,6253) [kworker/2:2]
(root,0,0,00:00:00,6596) [kworker/4:0]
(root,0,0,00:00:00,6937) [kworker/u16:2]
(root,0,0,00:00:00,7043) [kworker/1:0]
(dnsmasq,56996,2756,00:10:30,7734) /usr/sbin/dnsmasq -x /run/dnsmasq/dnsmasq.pid -u dnsmasq -I lo -7 /etc/dnsmasq.d,.dpkg-dist,.dpkg-old,.dpkg-new --local-service --trust-anchor=.,19036,8,2,49aac11d7b6f6446702e54a1607371607a1a41855200fd2ce1cdde32f24e8fb5 --trust-anchor=.,20326,8,2,e06d44b80b8f1d39a95c0b0d7c65d08458e880409bbc683457104237c7f8ec8d
(root,0,0,00:00:00,8199) [kworker/7:2]
(root,0,0,00:00:00,8324) [kworker/6:0]
(root,0,0,00:00:00,8756) [kworker/0:2]
(root,0,0,00:00:00,8990) [kworker/2:1]
(root,0,0,00:00:00,9057) [kworker/u16:4]
(root,0,0,00:00:00,9225) [systemctl] <defunct>
(root,0,0,00:00:00,9226) [lookup.check.sh] <defunct>
(root,24928,3440,00:00:00,9304) /bin/bash /usr/bin/check_mk_agent
(root,34420,2832,00:00:00,9323) ps ax -o user,vsz,rss,cputime,pid,command --columns 10000
(root,13360,1032,00:00:00,9324) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4,\5) /
(root,0,0,00:00:00,16182) [kworker/u16:3]
(chilli,33916,11092,12:05:38,19060) /usr/sbin/chilli --fg
(root,42028,6144,00:01:00,25510) /usr/sbin/openvpn --daemon ovpn-99 --status /run/openvpn/99.status 10 --cd /etc/openvpn --script-security 2 --config /etc/openvpn/99.conf --writepid /run/openvpn/99.pid
(root,0,0,00:00:00,27735) [kworker/u16:0]
(root,0,0,00:00:00,29584) [kworker/1:1]
(root,0,0,00:00:00,31646) [kworker/4:1]

Found on 2024-11-22 00:51

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcb0928f4f5d588c3c6d1d4d0fd5fda4398aa801f25

Found public CheckMk agent:
Version: 1.2.6p12
AgentOS: linux
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
OnlyFrom: 

Found process list through CheckMk:
(root,185120,5644,01:34:05,1) /sbin/init
(root,0,0,00:00:02,2) [kthreadd]
(root,0,0,00:00:23,3) [ksoftirqd/0]
(root,0,0,00:00:00,5) [kworker/0:0H]
(root,0,0,00:18:18,7) [rcu_sched]
(root,0,0,00:00:00,8) [rcu_bh]
(root,0,0,00:00:18,9) [migration/0]
(root,0,0,00:00:04,10) [watchdog/0]
(root,0,0,00:00:04,11) [watchdog/1]
(root,0,0,00:00:18,12) [migration/1]
(root,0,0,00:00:42,13) [ksoftirqd/1]
(root,0,0,00:00:00,15) [kworker/1:0H]
(root,0,0,00:00:04,16) [watchdog/2]
(root,0,0,00:00:17,17) [migration/2]
(root,0,0,00:00:27,18) [ksoftirqd/2]
(root,0,0,00:00:00,20) [kworker/2:0H]
(root,0,0,00:00:03,21) [watchdog/3]
(root,0,0,00:00:17,22) [migration/3]
(root,0,0,00:00:27,23) [ksoftirqd/3]
(root,0,0,00:00:00,25) [kworker/3:0H]
(root,0,0,00:00:04,26) [watchdog/4]
(root,0,0,00:00:18,27) [migration/4]
(root,0,0,00:00:26,28) [ksoftirqd/4]
(root,0,0,00:00:00,30) [kworker/4:0H]
(root,0,0,00:00:03,31) [watchdog/5]
(root,0,0,00:00:18,32) [migration/5]
(root,0,0,00:00:25,33) [ksoftirqd/5]
(root,0,0,00:00:00,35) [kworker/5:0H]
(root,0,0,00:00:04,36) [watchdog/6]
(root,0,0,00:00:19,37) [migration/6]
(root,0,0,00:00:33,38) [ksoftirqd/6]
(root,0,0,00:00:00,40) [kworker/6:0H]
(root,0,0,00:00:03,41) [watchdog/7]
(root,0,0,00:00:19,42) [migration/7]
(root,0,0,00:00:36,43) [ksoftirqd/7]
(root,0,0,00:00:00,45) [kworker/7:0H]
(root,0,0,00:00:00,46) [kdevtmpfs]
(root,0,0,00:00:00,47) [netns]
(root,0,0,00:00:00,48) [perf]
(root,0,0,00:00:01,49) [khungtaskd]
(root,0,0,00:00:00,50) [writeback]
(root,0,0,00:00:00,51) [ksmd]
(root,0,0,00:00:00,52) [khugepaged]
(root,0,0,00:00:00,53) [crypto]
(root,0,0,00:00:00,54) [kintegrityd]
(root,0,0,00:00:00,55) [bioset]
(root,0,0,00:00:00,56) [kblockd]
(root,0,0,00:00:00,57) [ata_sff]
(root,0,0,00:00:00,58) [md]
(root,0,0,00:00:00,59) [devfreq_wq]
(root,0,0,00:00:00,64) [kswapd0]
(root,0,0,00:00:00,65) [vmstat]
(root,0,0,00:00:00,66) [fsnotify_mark]
(root,0,0,00:00:00,67) [ecryptfs-kthrea]
(root,0,0,00:00:00,83) [kthrotld]
(root,0,0,00:00:00,90) [acpi_thermal_pm]
(root,0,0,00:00:00,91) [bioset]
(root,0,0,00:00:00,92) [bioset]
(root,0,0,00:00:00,93) [bioset]
(root,0,0,00:00:00,94) [bioset]
(root,0,0,00:00:00,95) [bioset]
(root,0,0,00:00:00,96) [bioset]
(root,0,0,00:00:00,97) [bioset]
(root,0,0,00:00:00,98) [bioset]
(root,0,0,00:00:00,103) [ipv6_addrconf]
(root,0,0,00:00:00,117) [deferwq]
(root,0,0,00:00:00,118) [charger_manager]
(root,0,0,00:00:00,158) [kpsmoused]
(root,0,0,00:00:00,167) [scsi_eh_0]
(root,0,0,00:00:00,171) [scsi_tmf_0]
(root,0,0,00:00:00,174) [scsi_eh_1]
(root,0,0,00:00:00,175) [scsi_tmf_1]
(root,0,0,00:00:00,199) [ttm_swap]
(root,0,0,00:00:00,204) [bioset]
(root,0,0,00:00:00,210) [scsi_eh_2]
(root,0,0,00:00:00,211) [scsi_tmf_2]
(root,0,0,00:01:31,212) [usb-storage]
(root,0,0,00:00:00,213) [uas]
(root,0,0,00:00:00,214) [scsi_eh_3]
(root,0,0,00:00:00,215) [scsi_tmf_3]
(root,0,0,00:01:30,216) [usb-storage]
(root,0,0,00:00:00,246) [scsi_eh_4]
(root,0,0,00:00:00,247) [scsi_tmf_4]
(root,0,0,00:01:13,248) [usb-storage]
(root,0,0,00:00:00,287) [bioset]
(root,0,0,00:00:00,301) [raid5wq]
(root,0,0,00:00:00,304) [bioset]
(root,0,0,00:00:00,333) [bioset]
(root,0,0,00:00:00,359) [bioset]
(root,0,0,00:00:01,366) [kworker/0:1H]
(root,0,0,00:00:01,369) [kworker/2:1H]
(root,0,0,00:00:36,371) [jbd2/sda1-8]
(root,0,0,00:00:00,372) [ext4-rsv-conver]
(root,0,0,00:00:05,420) [kworker/7:1H]
(root,0,0,00:00:01,427) [kworker/4:1H]
(root,0,0,00:00:00,442) [kauditd]
(root,0,0,00:00:00,445) [iscsi_eh]
(root,0,0,00:00:01,451) [kworker/6:1H]
(root,0,0,00:00:01,454) [kworker/3:1H]
(root,0,0,00:00:01,455) [kworker/5:1H]
(root,35372,3856,00:15:09,460) /lib/systemd/systemd-journald
(root,0,0,00:00:00,465) [ib_addr]
(root,0,0,00:00:00,468) [ib_mcast]
(root,0,0,00:00:00,469) [ib_nl_sa_wq]
(root,0,0,00:00:00,472) [ib_cm]
(root,0,0,00:00:00,474) [iw_cm_wq]
(root,0,0,00:00:00,475) [rdma_cm]
(root,94768,1564,00:00:00,502) /sbin/lvmetad -f
(root,44964,4428,00:00:02,515) /lib/systemd/systemd-udevd
(root,0,0,00:00:03,534) [kworker/1:1H]
(systemd+,100320,2572,00:00:01,562) /lib/systemd/systemd-timesyncd
(root,0,0,00:00:00,722) [kvm-irqfd-clean]
(root,4392,1268,00:00:00,1082) /usr/sbin/acpid
(syslog,256388,4188,00:03:34,1084) /usr/sbin/rsyslogd -n
(root,30816,2800,00:00:05,1092) /usr/sbin/cron -f
(root,280044,6340,00:02:29,1105) /usr/lib/accountsservice/accounts-daemon
(message+,42900,3892,00:04:22,1107) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation
(root,28624,3152,00:01:27,1126) /lib/systemd/systemd-logind
(daemon,26040,2148,00:00:00,1129) /usr/sbin/atd -f
(root,235772,2192,00:00:27,1139) /usr/bin/lxcfs /var/lib/lxcfs/
(root,13368,164,00:00:00,1164) /sbin/mdadm --monitor --pid-file /run/mdadm/monitor.pid --daemonise --scan --syslog
(root,58208,4180,00:00:03,1166) lldpd: monitor
(root,5216,152,00:00:30,1218) /sbin/iscsid
(root,5716,3508,00:02:11,1219) /sbin/iscsid
(root,19568,2100,00:02:59,1367) /usr/sbin/irqbalance --pid=/var/run/irqbalance.pid
(root,14232,2164,00:01:58,1406) /usr/sbin/lldpad -d
(root,277084,6124,00:00:00,1425) /usr/lib/policykit-1/polkitd --no-debug
(root,65508,6420,00:01:48,1451) /usr/sbin/sshd -D
(root,15052,2164,00:00:07,1473) /usr/sbin/xinetd -pidfile /run/xinetd.pid -stayalive -inetd_compat -inetd_ipv6
(_lldpd,58208,2736,00:00:30,1489) lldpd: 2 neighbors
(root,154496,38700,00:01:14,1589) /usr/bin/ruby /usr/bin/puppet agent
(root,17772,1788,00:00:19,1647) /sbin/agetty --noclear tty1 linux
(dnsmasq,56996,2756,00:09:03,7734) /usr/sbin/dnsmasq -x /run/dnsmasq/dnsmasq.pid -u dnsmasq -I lo -7 /etc/dnsmasq.d,.dpkg-dist,.dpkg-old,.dpkg-new --local-service --trust-anchor=.,19036,8,2,49aac11d7b6f6446702e54a1607371607a1a41855200fd2ce1cdde32f24e8fb5 --trust-anchor=.,20326,8,2,e06d44b80b8f1d39a95c0b0d7c65d08458e880409bbc683457104237c7f8ec8d
(root,0,0,00:00:00,12915) [kworker/4:2]
(root,0,0,00:00:00,13498) [kworker/3:0]
(root,0,0,00:00:00,14578) [kworker/7:2]
(root,0,0,00:00:00,14918) [kworker/0:1]
(root,0,0,00:00:00,15703) [kworker/6:2]
(root,0,0,00:00:00,16258) [kworker/5:1]
(root,0,0,00:00:00,16380) [kworker/4:0]
(root,0,0,00:00:00,16584) [kworker/1:0]
(root,0,0,00:00:00,16816) [kworker/3:2]
(root,0,0,00:00:00,16939) [kworker/2:1]
(root,0,0,00:00:00,18762) [kworker/6:1]
(root,52028,2952,00:00:00,18854) /usr/sbin/CRON -f
(root,4500,780,00:00:00,18869) /bin/sh -c /bin/bash /usr/local/bin/checklist.sh 1800 >> /var/log/status.log
(root,16528,3060,00:00:00,18873) /bin/bash /usr/local/bin/checklist.sh 1800
(root,9124,680,00:00:00,18881) sleep 924
(chilli,33728,10928,10:51:49,19060) /usr/sbin/chilli --fg
(root,0,0,00:00:00,19217) [kworker/0:0]
(root,0,0,00:00:00,19340) [kworker/7:0]
(root,0,0,00:00:00,19357) [kworker/5:0]
(root,0,0,00:00:00,20255) [kworker/1:2]
(root,0,0,00:00:00,20378) [kworker/2:0]
(root,0,0,00:00:00,21593) [kworker/3:1]
(root,0,0,00:00:00,22300) [kworker/u16:0]
(root,0,0,00:00:00,22986) [kworker/0:2]
(root,0,0,00:00:00,23215) [kworker/5:2]
(root,0,0,00:00:00,23396) [kworker/7:1]
(root,0,0,00:00:00,23632) [kworker/2:2]
(root,0,0,00:00:00,23960) [kworker/1:1]
(root,0,0,00:00:00,24080) [systemctl] <defunct>
(root,0,0,00:00:00,24081) [lookup.check.sh] <defunct>
(root,24928,3264,00:00:00,24231) /bin/bash /usr/bin/check_mk_agent
(root,34420,2884,00:00:00,24250) ps ax -o user,vsz,rss,cputime,pid,command --columns 10000
(root,13360,1000,00:00:00,24251) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4,\5) /
(root,42028,6144,00:00:48,25510) /usr/sbin/openvpn --daemon ovpn-99 --status /run/openvpn/99.status 10 --cd /etc/openvpn --script-security 2 --config /etc/openvpn/99.conf --writepid /run/openvpn/99.pid
(root,108184,2660,00:00:01,27744) /usr/bin/monit -c /etc/monit/monitrc
(root,0,0,00:00:00,28111) [kworker/u16:2]
(root,0,0,00:00:01,30896) [kworker/u16:3]

Found on 2024-11-20 06:39

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcb0928f4f5d588c3c6d1d4d0fd5fda439828a9a9d9

Found public CheckMk agent:
Version: 1.2.6p12
AgentOS: linux
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
OnlyFrom: 

Found process list through CheckMk:
(root,185120,5644,01:33:12,1) /sbin/init
(root,0,0,00:00:02,2) [kthreadd]
(root,0,0,00:00:23,3) [ksoftirqd/0]
(root,0,0,00:00:00,5) [kworker/0:0H]
(root,0,0,00:18:07,7) [rcu_sched]
(root,0,0,00:00:00,8) [rcu_bh]
(root,0,0,00:00:18,9) [migration/0]
(root,0,0,00:00:04,10) [watchdog/0]
(root,0,0,00:00:04,11) [watchdog/1]
(root,0,0,00:00:18,12) [migration/1]
(root,0,0,00:00:42,13) [ksoftirqd/1]
(root,0,0,00:00:00,15) [kworker/1:0H]
(root,0,0,00:00:04,16) [watchdog/2]
(root,0,0,00:00:17,17) [migration/2]
(root,0,0,00:00:27,18) [ksoftirqd/2]
(root,0,0,00:00:00,20) [kworker/2:0H]
(root,0,0,00:00:03,21) [watchdog/3]
(root,0,0,00:00:17,22) [migration/3]
(root,0,0,00:00:27,23) [ksoftirqd/3]
(root,0,0,00:00:00,25) [kworker/3:0H]
(root,0,0,00:00:04,26) [watchdog/4]
(root,0,0,00:00:17,27) [migration/4]
(root,0,0,00:00:26,28) [ksoftirqd/4]
(root,0,0,00:00:00,30) [kworker/4:0H]
(root,0,0,00:00:03,31) [watchdog/5]
(root,0,0,00:00:18,32) [migration/5]
(root,0,0,00:00:25,33) [ksoftirqd/5]
(root,0,0,00:00:00,35) [kworker/5:0H]
(root,0,0,00:00:04,36) [watchdog/6]
(root,0,0,00:00:18,37) [migration/6]
(root,0,0,00:00:33,38) [ksoftirqd/6]
(root,0,0,00:00:00,40) [kworker/6:0H]
(root,0,0,00:00:03,41) [watchdog/7]
(root,0,0,00:00:18,42) [migration/7]
(root,0,0,00:00:36,43) [ksoftirqd/7]
(root,0,0,00:00:00,45) [kworker/7:0H]
(root,0,0,00:00:00,46) [kdevtmpfs]
(root,0,0,00:00:00,47) [netns]
(root,0,0,00:00:00,48) [perf]
(root,0,0,00:00:01,49) [khungtaskd]
(root,0,0,00:00:00,50) [writeback]
(root,0,0,00:00:00,51) [ksmd]
(root,0,0,00:00:00,52) [khugepaged]
(root,0,0,00:00:00,53) [crypto]
(root,0,0,00:00:00,54) [kintegrityd]
(root,0,0,00:00:00,55) [bioset]
(root,0,0,00:00:00,56) [kblockd]
(root,0,0,00:00:00,57) [ata_sff]
(root,0,0,00:00:00,58) [md]
(root,0,0,00:00:00,59) [devfreq_wq]
(root,0,0,00:00:00,64) [kswapd0]
(root,0,0,00:00:00,65) [vmstat]
(root,0,0,00:00:00,66) [fsnotify_mark]
(root,0,0,00:00:00,67) [ecryptfs-kthrea]
(root,0,0,00:00:00,83) [kthrotld]
(root,0,0,00:00:00,90) [acpi_thermal_pm]
(root,0,0,00:00:00,91) [bioset]
(root,0,0,00:00:00,92) [bioset]
(root,0,0,00:00:00,93) [bioset]
(root,0,0,00:00:00,94) [bioset]
(root,0,0,00:00:00,95) [bioset]
(root,0,0,00:00:00,96) [bioset]
(root,0,0,00:00:00,97) [bioset]
(root,0,0,00:00:00,98) [bioset]
(root,0,0,00:00:00,103) [ipv6_addrconf]
(root,0,0,00:00:00,117) [deferwq]
(root,0,0,00:00:00,118) [charger_manager]
(root,0,0,00:00:00,158) [kpsmoused]
(root,0,0,00:00:00,167) [scsi_eh_0]
(root,0,0,00:00:00,171) [scsi_tmf_0]
(root,0,0,00:00:00,174) [scsi_eh_1]
(root,0,0,00:00:00,175) [scsi_tmf_1]
(root,0,0,00:00:00,199) [ttm_swap]
(root,0,0,00:00:00,204) [bioset]
(root,0,0,00:00:00,210) [scsi_eh_2]
(root,0,0,00:00:00,211) [scsi_tmf_2]
(root,0,0,00:01:30,212) [usb-storage]
(root,0,0,00:00:00,213) [uas]
(root,0,0,00:00:00,214) [scsi_eh_3]
(root,0,0,00:00:00,215) [scsi_tmf_3]
(root,0,0,00:01:29,216) [usb-storage]
(root,0,0,00:00:00,246) [scsi_eh_4]
(root,0,0,00:00:00,247) [scsi_tmf_4]
(root,0,0,00:01:12,248) [usb-storage]
(root,0,0,00:00:00,287) [bioset]
(root,0,0,00:00:00,301) [raid5wq]
(root,0,0,00:00:00,304) [bioset]
(root,0,0,00:00:00,333) [bioset]
(root,0,0,00:00:00,359) [bioset]
(root,0,0,00:00:01,366) [kworker/0:1H]
(root,0,0,00:00:01,369) [kworker/2:1H]
(root,0,0,00:00:35,371) [jbd2/sda1-8]
(root,0,0,00:00:00,372) [ext4-rsv-conver]
(root,0,0,00:00:05,420) [kworker/7:1H]
(root,0,0,00:00:01,427) [kworker/4:1H]
(root,0,0,00:00:00,442) [kauditd]
(root,0,0,00:00:00,445) [iscsi_eh]
(root,0,0,00:00:01,451) [kworker/6:1H]
(root,0,0,00:00:01,454) [kworker/3:1H]
(root,0,0,00:00:01,455) [kworker/5:1H]
(root,35372,3476,00:15:04,460) /lib/systemd/systemd-journald
(root,0,0,00:00:00,465) [ib_addr]
(root,0,0,00:00:00,468) [ib_mcast]
(root,0,0,00:00:00,469) [ib_nl_sa_wq]
(root,0,0,00:00:00,472) [ib_cm]
(root,0,0,00:00:00,474) [iw_cm_wq]
(root,0,0,00:00:00,475) [rdma_cm]
(root,94768,1564,00:00:00,502) /sbin/lvmetad -f
(root,44964,4428,00:00:02,515) /lib/systemd/systemd-udevd
(root,0,0,00:00:03,534) [kworker/1:1H]
(systemd+,100320,2572,00:00:01,562) /lib/systemd/systemd-timesyncd
(root,0,0,00:00:00,722) [kvm-irqfd-clean]
(root,4392,1268,00:00:00,1082) /usr/sbin/acpid
(syslog,256388,4188,00:03:33,1084) /usr/sbin/rsyslogd -n
(root,30816,2800,00:00:05,1092) /usr/sbin/cron -f
(root,280044,6340,00:02:28,1105) /usr/lib/accountsservice/accounts-daemon
(message+,42900,3892,00:04:20,1107) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation
(root,28624,3152,00:01:26,1126) /lib/systemd/systemd-logind
(daemon,26040,2148,00:00:00,1129) /usr/sbin/atd -f
(root,235772,2192,00:00:26,1139) /usr/bin/lxcfs /var/lib/lxcfs/
(root,13368,164,00:00:00,1164) /sbin/mdadm --monitor --pid-file /run/mdadm/monitor.pid --daemonise --scan --syslog
(root,58208,4180,00:00:02,1166) lldpd: monitor
(root,5216,152,00:00:29,1218) /sbin/iscsid
(root,5716,3508,00:02:10,1219) /sbin/iscsid
(root,19568,2100,00:02:58,1367) /usr/sbin/irqbalance --pid=/var/run/irqbalance.pid
(root,14232,2164,00:01:57,1406) /usr/sbin/lldpad -d
(root,277084,6124,00:00:00,1425) /usr/lib/policykit-1/polkitd --no-debug
(root,65508,6420,00:01:47,1451) /usr/sbin/sshd -D
(root,15052,2164,00:00:07,1473) /usr/sbin/xinetd -pidfile /run/xinetd.pid -stayalive -inetd_compat -inetd_ipv6
(_lldpd,58208,2736,00:00:30,1489) lldpd: 2 neighbors
(root,154496,38700,00:01:13,1589) /usr/bin/ruby /usr/bin/puppet agent
(root,17772,1788,00:00:19,1647) /sbin/agetty --noclear tty1 linux
(root,0,0,00:00:01,2956) [kworker/u16:0]
(root,0,0,00:00:00,5939) [kworker/4:0]
(root,0,0,00:00:00,6801) [kworker/3:1]
(dnsmasq,56996,2756,00:08:56,7734) /usr/sbin/dnsmasq -x /run/dnsmasq/dnsmasq.pid -u dnsmasq -I lo -7 /etc/dnsmasq.d,.dpkg-dist,.dpkg-old,.dpkg-new --local-service --trust-anchor=.,19036,8,2,49aac11d7b6f6446702e54a1607371607a1a41855200fd2ce1cdde32f24e8fb5 --trust-anchor=.,20326,8,2,e06d44b80b8f1d39a95c0b0d7c65d08458e880409bbc683457104237c7f8ec8d
(root,0,0,00:00:00,8313) [kworker/0:2]
(root,0,0,00:00:01,8611) [kworker/u16:2]
(root,0,0,00:00:00,8989) [kworker/2:1]
(root,0,0,00:00:00,9429) [kworker/5:0]
(root,0,0,00:00:00,9992) [kworker/1:0]
(root,52028,2964,00:00:00,10073) /usr/sbin/CRON -f
(root,4500,748,00:00:00,10079) /bin/sh -c /bin/bash /usr/local/bin/checklist.sh 1800 >> /var/log/status.log
(root,16564,3212,00:00:00,10082) /bin/bash /usr/local/bin/checklist.sh 1800
(root,0,0,00:00:00,10124) [kworker/3:0]
(root,0,0,00:00:00,10240) [kworker/4:2]
(root,0,0,00:00:00,10580) [kworker/7:2]
(root,0,0,00:00:00,10902) [kworker/6:0]
(root,0,0,00:00:00,12245) [kworker/0:0]
(root,0,0,00:00:00,12598) [kworker/2:0]
(root,0,0,00:00:00,12828) [kworker/5:2]
(root,0,0,00:00:00,13260) [kworker/1:2]
(root,0,0,00:00:00,13616) [kworker/7:0]
(root,0,0,00:00:00,13822) [kworker/6:1]
(root,0,0,00:00:00,14513) [kworker/u16:1]
(root,0,0,00:00:00,14619) [kworker/3:2]
(root,0,0,00:00:00,14980) [kworker/0:1]
(root,0,0,00:00:00,15668) [kworker/5:1]
(root,0,0,00:00:00,16641) [kworker/7:1]
(root,0,0,00:00:00,16968) [kworker/4:1]
(root,0,0,00:00:00,17090) [systemctl] <defunct>
(root,0,0,00:00:00,17091) [lookup.check.sh] <defunct>
(root,24904,3336,00:00:00,17219) /bin/bash /usr/local/bin/issue-generator
(root,6532,852,00:00:00,17263) ping -q -c 2 -W 1 8.8.8.8
(root,183788,24320,00:00:00,17362) curl -k --silent https://start.cloudwifi.de
(root,18140,2124,00:00:00,17363) grep --quiet cloudwifi Hotspot - WelcomePage 1.0
(root,24928,3360,00:00:00,17394) /bin/bash /usr/bin/check_mk_agent
(root,34420,2832,00:00:00,17413) ps ax -o user,vsz,rss,cputime,pid,command --columns 10000
(root,13360,1080,00:00:00,17414) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4,\5) /
(chilli,33728,10928,10:46:40,19060) /usr/sbin/chilli --fg
(root,42028,6144,00:00:46,25510) /usr/sbin/openvpn --daemon ovpn-99 --status /run/openvpn/99.status 10 --cd /etc/openvpn --script-security 2 --config /etc/openvpn/99.conf --writepid /run/openvpn/99.pid
(root,108184,2720,00:00:03,27724) /usr/bin/monit -c /etc/monit/monitrc
(root,0,0,00:00:01,30896) [kworker/u16:3]

Found on 2024-11-20 01:28

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcb0928f4f5d588c3c6d1d4d0fd5fda439873a06176

Found public CheckMk agent:
Version: 1.2.6p12
AgentOS: linux
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
OnlyFrom: 

Found process list through CheckMk:
(root,185120,5644,01:24:40,1) /sbin/init
(root,0,0,00:00:01,2) [kthreadd]
(root,0,0,00:00:21,3) [ksoftirqd/0]
(root,0,0,00:00:00,5) [kworker/0:0H]
(root,0,0,00:16:14,7) [rcu_sched]
(root,0,0,00:00:00,8) [rcu_bh]
(root,0,0,00:00:16,9) [migration/0]
(root,0,0,00:00:04,10) [watchdog/0]
(root,0,0,00:00:03,11) [watchdog/1]
(root,0,0,00:00:16,12) [migration/1]
(root,0,0,00:00:38,13) [ksoftirqd/1]
(root,0,0,00:00:00,15) [kworker/1:0H]
(root,0,0,00:00:03,16) [watchdog/2]
(root,0,0,00:00:15,17) [migration/2]
(root,0,0,00:00:24,18) [ksoftirqd/2]
(root,0,0,00:00:00,20) [kworker/2:0H]
(root,0,0,00:00:03,21) [watchdog/3]
(root,0,0,00:00:16,22) [migration/3]
(root,0,0,00:00:24,23) [ksoftirqd/3]
(root,0,0,00:00:00,25) [kworker/3:0H]
(root,0,0,00:00:03,26) [watchdog/4]
(root,0,0,00:00:16,27) [migration/4]
(root,0,0,00:00:23,28) [ksoftirqd/4]
(root,0,0,00:00:00,30) [kworker/4:0H]
(root,0,0,00:00:03,31) [watchdog/5]
(root,0,0,00:00:16,32) [migration/5]
(root,0,0,00:00:22,33) [ksoftirqd/5]
(root,0,0,00:00:00,35) [kworker/5:0H]
(root,0,0,00:00:04,36) [watchdog/6]
(root,0,0,00:00:17,37) [migration/6]
(root,0,0,00:00:29,38) [ksoftirqd/6]
(root,0,0,00:00:00,40) [kworker/6:0H]
(root,0,0,00:00:03,41) [watchdog/7]
(root,0,0,00:00:17,42) [migration/7]
(root,0,0,00:00:32,43) [ksoftirqd/7]
(root,0,0,00:00:00,45) [kworker/7:0H]
(root,0,0,00:00:00,46) [kdevtmpfs]
(root,0,0,00:00:00,47) [netns]
(root,0,0,00:00:00,48) [perf]
(root,0,0,00:00:01,49) [khungtaskd]
(root,0,0,00:00:00,50) [writeback]
(root,0,0,00:00:00,51) [ksmd]
(root,0,0,00:00:00,52) [khugepaged]
(root,0,0,00:00:00,53) [crypto]
(root,0,0,00:00:00,54) [kintegrityd]
(root,0,0,00:00:00,55) [bioset]
(root,0,0,00:00:00,56) [kblockd]
(root,0,0,00:00:00,57) [ata_sff]
(root,0,0,00:00:00,58) [md]
(root,0,0,00:00:00,59) [devfreq_wq]
(root,0,0,00:00:00,64) [kswapd0]
(root,0,0,00:00:00,65) [vmstat]
(root,0,0,00:00:00,66) [fsnotify_mark]
(root,0,0,00:00:00,67) [ecryptfs-kthrea]
(root,0,0,00:00:00,83) [kthrotld]
(root,0,0,00:00:00,90) [acpi_thermal_pm]
(root,0,0,00:00:00,91) [bioset]
(root,0,0,00:00:00,92) [bioset]
(root,0,0,00:00:00,93) [bioset]
(root,0,0,00:00:00,94) [bioset]
(root,0,0,00:00:00,95) [bioset]
(root,0,0,00:00:00,96) [bioset]
(root,0,0,00:00:00,97) [bioset]
(root,0,0,00:00:00,98) [bioset]
(root,0,0,00:00:00,103) [ipv6_addrconf]
(root,0,0,00:00:00,117) [deferwq]
(root,0,0,00:00:00,118) [charger_manager]
(root,0,0,00:00:00,158) [kpsmoused]
(root,0,0,00:00:00,167) [scsi_eh_0]
(root,0,0,00:00:00,171) [scsi_tmf_0]
(root,0,0,00:00:00,174) [scsi_eh_1]
(root,0,0,00:00:00,175) [scsi_tmf_1]
(root,0,0,00:00:00,199) [ttm_swap]
(root,0,0,00:00:00,204) [bioset]
(root,0,0,00:00:00,210) [scsi_eh_2]
(root,0,0,00:00:00,211) [scsi_tmf_2]
(root,0,0,00:01:22,212) [usb-storage]
(root,0,0,00:00:00,213) [uas]
(root,0,0,00:00:00,214) [scsi_eh_3]
(root,0,0,00:00:00,215) [scsi_tmf_3]
(root,0,0,00:01:21,216) [usb-storage]
(root,0,0,00:00:00,246) [scsi_eh_4]
(root,0,0,00:00:00,247) [scsi_tmf_4]
(root,0,0,00:01:06,248) [usb-storage]
(root,0,0,00:00:00,287) [bioset]
(root,0,0,00:00:00,301) [raid5wq]
(root,0,0,00:00:00,304) [bioset]
(root,0,0,00:00:00,333) [bioset]
(root,0,0,00:00:00,359) [bioset]
(root,0,0,00:00:01,366) [kworker/0:1H]
(root,0,0,00:00:01,369) [kworker/2:1H]
(root,0,0,00:00:32,371) [jbd2/sda1-8]
(root,0,0,00:00:00,372) [ext4-rsv-conver]
(root,0,0,00:00:04,420) [kworker/7:1H]
(root,0,0,00:00:01,427) [kworker/4:1H]
(root,0,0,00:00:00,442) [kauditd]
(root,0,0,00:00:00,445) [iscsi_eh]
(root,0,0,00:00:01,451) [kworker/6:1H]
(root,0,0,00:00:01,454) [kworker/3:1H]
(root,0,0,00:00:01,455) [kworker/5:1H]
(root,35372,7748,00:13:40,460) /lib/systemd/systemd-journald
(root,0,0,00:00:00,465) [ib_addr]
(root,0,0,00:00:00,468) [ib_mcast]
(root,0,0,00:00:00,469) [ib_nl_sa_wq]
(root,0,0,00:00:00,472) [ib_cm]
(root,0,0,00:00:00,474) [iw_cm_wq]
(root,0,0,00:00:00,475) [rdma_cm]
(root,94768,1564,00:00:00,502) /sbin/lvmetad -f
(root,44964,4428,00:00:01,515) /lib/systemd/systemd-udevd
(root,0,0,00:00:03,534) [kworker/1:1H]
(systemd+,100320,2572,00:00:01,562) /lib/systemd/systemd-timesyncd
(root,0,0,00:00:00,722) [kvm-irqfd-clean]
(root,4392,1268,00:00:00,1082) /usr/sbin/acpid
(syslog,256388,4188,00:03:14,1084) /usr/sbin/rsyslogd -n
(root,30816,2800,00:00:04,1092) /usr/sbin/cron -f
(root,280044,6340,00:02:15,1105) /usr/lib/accountsservice/accounts-daemon
(message+,42900,3892,00:03:56,1107) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation
(root,28624,3152,00:01:18,1126) /lib/systemd/systemd-logind
(daemon,26040,2148,00:00:00,1129) /usr/sbin/atd -f
(root,235772,2192,00:00:24,1139) /usr/bin/lxcfs /var/lib/lxcfs/
(root,13368,164,00:00:00,1164) /sbin/mdadm --monitor --pid-file /run/mdadm/monitor.pid --daemonise --scan --syslog
(root,58208,4180,00:00:02,1166) lldpd: monitor
(root,5216,152,00:00:27,1218) /sbin/iscsid
(root,5716,3508,00:01:58,1219) /sbin/iscsid
(root,19568,2100,00:02:41,1367) /usr/sbin/irqbalance --pid=/var/run/irqbalance.pid
(root,14232,2164,00:01:46,1406) /usr/sbin/lldpad -d
(root,277084,6124,00:00:00,1425) /usr/lib/policykit-1/polkitd --no-debug
(root,65508,6420,00:01:39,1451) /usr/sbin/sshd -D
(root,15052,2164,00:00:06,1473) /usr/sbin/xinetd -pidfile /run/xinetd.pid -stayalive -inetd_compat -inetd_ipv6
(_lldpd,58208,2736,00:00:27,1489) lldpd: 2 neighbors
(root,154496,38700,00:01:07,1589) /usr/bin/ruby /usr/bin/puppet agent
(root,17772,1788,00:00:19,1647) /sbin/agetty --noclear tty1 linux
(root,0,0,00:00:00,1795) [kworker/4:2]
(root,0,0,00:00:00,2542) [kworker/1:0]
(root,0,0,00:00:00,2648) [kworker/0:1]
(root,0,0,00:00:00,3755) [kworker/6:2]
(root,0,0,00:00:00,4325) [kworker/2:1]
(root,0,0,00:00:00,4444) [kworker/7:2]
(root,0,0,00:00:00,4998) [kworker/3:0]
(root,52028,2960,00:00:00,5393) /usr/sbin/CRON -f
(root,4500,700,00:00:00,5397) /bin/sh -c /bin/bash /usr/local/bin/checklist.sh 1800 >> /var/log/status.log
(root,16528,3076,00:00:00,5400) /bin/bash /usr/local/bin/checklist.sh 1800
(root,9124,664,00:00:00,5412) sleep 787
(root,0,0,00:00:00,5478) [kworker/0:0]
(root,0,0,00:00:00,5805) [kworker/1:2]
(root,0,0,00:00:00,6034) [kworker/4:0]
(root,0,0,00:00:00,6777) [kworker/6:1]
(root,0,0,00:00:00,7222) [kworker/5:1]
(root,0,0,00:00:00,7424) [kworker/2:2]
(dnsmasq,56996,2756,00:07:26,7734) /usr/sbin/dnsmasq -x /run/dnsmasq/dnsmasq.pid -u dnsmasq -I lo -7 /etc/dnsmasq.d,.dpkg-dist,.dpkg-old,.dpkg-new --local-service --trust-anchor=.,19036,8,2,49aac11d7b6f6446702e54a1607371607a1a41855200fd2ce1cdde32f24e8fb5 --trust-anchor=.,20326,8,2,e06d44b80b8f1d39a95c0b0d7c65d08458e880409bbc683457104237c7f8ec8d
(root,0,0,00:00:00,7884) [kworker/u16:1]
(root,0,0,00:00:00,8527) [kworker/7:1]
(root,0,0,00:00:00,8731) [kworker/1:1]
(root,0,0,00:00:00,9081) [kworker/u16:4]
(root,0,0,00:00:00,9941) [kworker/6:0]
(root,0,0,00:00:00,9945) [systemctl] <defunct>
(root,0,0,00:00:00,9946) [lookup.check.sh] <defunct>
(root,0,0,00:00:00,10060) [kworker/2:0]
(root,24928,3208,00:00:00,10230) /bin/bash /usr/bin/check_mk_agent
(root,34420,2920,00:00:00,10249) ps ax -o user,vsz,rss,cputime,pid,command --columns 10000
(root,13360,1036,00:00:00,10250) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4,\5) /
(root,0,0,00:00:00,13192) [kworker/u16:2]
(root,108184,2716,00:00:05,17313) /usr/bin/monit -c /etc/monit/monitrc
(chilli,33620,10812,09:40:12,19060) /usr/sbin/chilli --fg
(root,0,0,00:00:00,21475) [kworker/u16:3]
(root,42028,6144,00:00:31,25510) /usr/sbin/openvpn --daemon ovpn-99 --status /run/openvpn/99.status 10 --cd /etc/openvpn --script-security 2 --config /etc/openvpn/99.conf --writepid /run/openvpn/99.pid
(root,0,0,00:00:00,30972) [kworker/3:2]
(root,0,0,00:00:00,31630) [kworker/5:0]
(root,0,0,00:00:00,32242) [kworker/u16:0]
(root,0,0,00:00:00,32699) [kworker/7:0]

Found on 2024-11-17 23:38

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcb0928f4f5d588c3c6d1d4d0fd5fda4398cef21515

Found public CheckMk agent:
Version: 1.2.6p12
AgentOS: linux
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
OnlyFrom: 

Found process list through CheckMk:
(root,185120,5640,01:16:37,1) /sbin/init
(root,0,0,00:00:01,2) [kthreadd]
(root,0,0,00:00:19,3) [ksoftirqd/0]
(root,0,0,00:00:00,5) [kworker/0:0H]
(root,0,0,00:14:49,7) [rcu_sched]
(root,0,0,00:00:00,8) [rcu_bh]
(root,0,0,00:00:15,9) [migration/0]
(root,0,0,00:00:03,10) [watchdog/0]
(root,0,0,00:00:03,11) [watchdog/1]
(root,0,0,00:00:15,12) [migration/1]
(root,0,0,00:00:35,13) [ksoftirqd/1]
(root,0,0,00:00:00,15) [kworker/1:0H]
(root,0,0,00:00:03,16) [watchdog/2]
(root,0,0,00:00:14,17) [migration/2]
(root,0,0,00:00:22,18) [ksoftirqd/2]
(root,0,0,00:00:00,20) [kworker/2:0H]
(root,0,0,00:00:02,21) [watchdog/3]
(root,0,0,00:00:14,22) [migration/3]
(root,0,0,00:00:22,23) [ksoftirqd/3]
(root,0,0,00:00:00,25) [kworker/3:0H]
(root,0,0,00:00:03,26) [watchdog/4]
(root,0,0,00:00:14,27) [migration/4]
(root,0,0,00:00:21,28) [ksoftirqd/4]
(root,0,0,00:00:00,30) [kworker/4:0H]
(root,0,0,00:00:02,31) [watchdog/5]
(root,0,0,00:00:14,32) [migration/5]
(root,0,0,00:00:20,33) [ksoftirqd/5]
(root,0,0,00:00:00,35) [kworker/5:0H]
(root,0,0,00:00:03,36) [watchdog/6]
(root,0,0,00:00:15,37) [migration/6]
(root,0,0,00:00:27,38) [ksoftirqd/6]
(root,0,0,00:00:00,40) [kworker/6:0H]
(root,0,0,00:00:02,41) [watchdog/7]
(root,0,0,00:00:15,42) [migration/7]
(root,0,0,00:00:29,43) [ksoftirqd/7]
(root,0,0,00:00:00,45) [kworker/7:0H]
(root,0,0,00:00:00,46) [kdevtmpfs]
(root,0,0,00:00:00,47) [netns]
(root,0,0,00:00:00,48) [perf]
(root,0,0,00:00:01,49) [khungtaskd]
(root,0,0,00:00:00,50) [writeback]
(root,0,0,00:00:00,51) [ksmd]
(root,0,0,00:00:00,52) [khugepaged]
(root,0,0,00:00:00,53) [crypto]
(root,0,0,00:00:00,54) [kintegrityd]
(root,0,0,00:00:00,55) [bioset]
(root,0,0,00:00:00,56) [kblockd]
(root,0,0,00:00:00,57) [ata_sff]
(root,0,0,00:00:00,58) [md]
(root,0,0,00:00:00,59) [devfreq_wq]
(root,0,0,00:00:00,64) [kswapd0]
(root,0,0,00:00:00,65) [vmstat]
(root,0,0,00:00:00,66) [fsnotify_mark]
(root,0,0,00:00:00,67) [ecryptfs-kthrea]
(root,0,0,00:00:00,83) [kthrotld]
(root,0,0,00:00:00,90) [acpi_thermal_pm]
(root,0,0,00:00:00,91) [bioset]
(root,0,0,00:00:00,92) [bioset]
(root,0,0,00:00:00,93) [bioset]
(root,0,0,00:00:00,94) [bioset]
(root,0,0,00:00:00,95) [bioset]
(root,0,0,00:00:00,96) [bioset]
(root,0,0,00:00:00,97) [bioset]
(root,0,0,00:00:00,98) [bioset]
(root,0,0,00:00:00,103) [ipv6_addrconf]
(root,0,0,00:00:00,117) [deferwq]
(root,0,0,00:00:00,118) [charger_manager]
(root,0,0,00:00:00,158) [kpsmoused]
(root,0,0,00:00:00,167) [scsi_eh_0]
(root,0,0,00:00:00,171) [scsi_tmf_0]
(root,0,0,00:00:00,174) [scsi_eh_1]
(root,0,0,00:00:00,175) [scsi_tmf_1]
(root,0,0,00:00:00,199) [ttm_swap]
(root,0,0,00:00:00,204) [bioset]
(root,0,0,00:00:00,210) [scsi_eh_2]
(root,0,0,00:00:00,211) [scsi_tmf_2]
(root,0,0,00:01:14,212) [usb-storage]
(root,0,0,00:00:00,213) [uas]
(root,0,0,00:00:00,214) [scsi_eh_3]
(root,0,0,00:00:00,215) [scsi_tmf_3]
(root,0,0,00:01:14,216) [usb-storage]
(root,0,0,00:00:00,246) [scsi_eh_4]
(root,0,0,00:00:00,247) [scsi_tmf_4]
(root,0,0,00:00:59,248) [usb-storage]
(root,0,0,00:00:00,287) [bioset]
(root,0,0,00:00:00,301) [raid5wq]
(root,0,0,00:00:00,304) [bioset]
(root,0,0,00:00:00,333) [bioset]
(root,0,0,00:00:00,359) [bioset]
(root,0,0,00:00:01,366) [kworker/0:1H]
(root,0,0,00:00:01,369) [kworker/2:1H]
(root,0,0,00:00:29,371) [jbd2/sda1-8]
(root,0,0,00:00:00,372) [ext4-rsv-conver]
(root,0,0,00:00:04,420) [kworker/7:1H]
(root,0,0,00:00:01,427) [kworker/4:1H]
(root,0,0,00:00:00,442) [kauditd]
(root,0,0,00:00:00,445) [iscsi_eh]
(root,0,0,00:00:01,451) [kworker/6:1H]
(root,0,0,00:00:01,454) [kworker/3:1H]
(root,0,0,00:00:01,455) [kworker/5:1H]
(root,35372,5224,00:12:43,460) /lib/systemd/systemd-journald
(root,0,0,00:00:00,465) [ib_addr]
(root,0,0,00:00:00,468) [ib_mcast]
(root,0,0,00:00:00,469) [ib_nl_sa_wq]
(root,0,0,00:00:00,472) [ib_cm]
(root,0,0,00:00:00,474) [iw_cm_wq]
(root,0,0,00:00:00,475) [rdma_cm]
(root,94768,1564,00:00:00,502) /sbin/lvmetad -f
(root,44964,4428,00:00:01,515) /lib/systemd/systemd-udevd
(root,0,0,00:00:03,534) [kworker/1:1H]
(systemd+,100320,2572,00:00:01,562) /lib/systemd/systemd-timesyncd
(root,0,0,00:00:00,722) [kvm-irqfd-clean]
(root,4392,1268,00:00:00,1082) /usr/sbin/acpid
(syslog,256388,4188,00:03:00,1084) /usr/sbin/rsyslogd -n
(root,30816,2800,00:00:04,1092) /usr/sbin/cron -f
(root,280044,6340,00:02:05,1105) /usr/lib/accountsservice/accounts-daemon
(message+,42900,3892,00:03:33,1107) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation
(root,28624,3152,00:01:11,1126) /lib/systemd/systemd-logind
(daemon,26040,2148,00:00:00,1129) /usr/sbin/atd -f
(root,235772,2192,00:00:21,1139) /usr/bin/lxcfs /var/lib/lxcfs/
(root,13368,164,00:00:00,1164) /sbin/mdadm --monitor --pid-file /run/mdadm/monitor.pid --daemonise --scan --syslog
(root,58208,4180,00:00:02,1166) lldpd: monitor
(root,5216,152,00:00:24,1218) /sbin/iscsid
(root,5716,3508,00:01:47,1219) /sbin/iscsid
(root,19568,2100,00:02:26,1367) /usr/sbin/irqbalance --pid=/var/run/irqbalance.pid
(root,14232,2164,00:01:36,1406) /usr/sbin/lldpad -d
(root,277084,6124,00:00:00,1425) /usr/lib/policykit-1/polkitd --no-debug
(root,65508,6420,00:01:33,1451) /usr/sbin/sshd -D
(root,15052,2164,00:00:06,1473) /usr/sbin/xinetd -pidfile /run/xinetd.pid -stayalive -inetd_compat -inetd_ipv6
(_lldpd,58208,2736,00:00:25,1489) lldpd: 2 neighbors
(root,154496,38700,00:01:00,1589) /usr/bin/ruby /usr/bin/puppet agent
(root,17772,1788,00:00:19,1647) /sbin/agetty --noclear tty1 linux
(root,0,0,00:00:00,2056) [kworker/6:2]
(root,0,0,00:00:00,2181) [kworker/4:2]
(root,0,0,00:00:00,2290) [kworker/0:1]
(root,0,0,00:00:00,4112) [kworker/u16:4]
(root,0,0,00:00:00,4330) [kworker/2:1]
(root,0,0,00:00:00,4891) [kworker/3:0]
(root,0,0,00:00:00,6239) [kworker/1:0]
(root,52028,2964,00:00:00,6806) /usr/sbin/CRON -f
(root,4500,704,00:00:00,6813) /bin/sh -c /bin/bash /usr/local/bin/checklist.sh 1800 >> /var/log/status.log
(root,16528,3056,00:00:00,6814) /bin/bash /usr/local/bin/checklist.sh 1800
(root,9124,668,00:00:00,6816) sleep 1051
(root,0,0,00:00:00,6941) [kworker/7:1]
(root,0,0,00:00:00,7385) [kworker/5:0]
(root,0,0,00:00:00,7510) [kworker/2:0]
(dnsmasq,56996,2756,00:06:25,7734) /usr/sbin/dnsmasq -x /run/dnsmasq/dnsmasq.pid -u dnsmasq -I lo -7 /etc/dnsmasq.d,.dpkg-dist,.dpkg-old,.dpkg-new --local-service --trust-anchor=.,19036,8,2,49aac11d7b6f6446702e54a1607371607a1a41855200fd2ce1cdde32f24e8fb5 --trust-anchor=.,20326,8,2,e06d44b80b8f1d39a95c0b0d7c65d08458e880409bbc683457104237c7f8ec8d
(root,0,0,00:00:00,7741) [kworker/3:2]
(root,0,0,00:00:00,8303) [kworker/4:1]
(root,0,0,00:00:00,8648) [kworker/6:0]
(root,0,0,00:00:00,8769) [kworker/0:2]
(root,0,0,00:00:00,9324) [kworker/1:2]
(root,0,0,00:00:00,9740) [kworker/7:2]
(root,0,0,00:00:00,10188) [kworker/5:2]
(root,0,0,00:00:00,10647) [kworker/2:2]
(root,0,0,00:00:00,10848) [kworker/3:1]
(root,0,0,00:00:00,10969) [kworker/u16:1]
(root,0,0,00:00:00,11976) [kworker/0:0]
(root,0,0,00:00:00,12090) [kworker/4:0]
(root,0,0,00:00:00,12213) [kworker/6:1]
(root,0,0,00:00:00,12387) [kworker/u16:3]
(root,0,0,00:00:00,12534) [kworker/7:0]
(root,0,0,00:00:00,12642) [systemctl] <defunct>
(root,0,0,00:00:00,12643) [lookup.check.sh] <defunct>
(root,92908,6912,00:00:00,12659) sshd: root [priv]
(sshd,65508,3224,00:00:00,12661) sshd: root [net]
(root,0,0,00:00:00,12763) [kworker/1:1]
(root,24928,3436,00:00:00,12857) /bin/bash /usr/bin/check_mk_agent
(root,34420,2920,00:00:00,12876) ps ax -o user,vsz,rss,cputime,pid,command --columns 10000
(root,13360,1056,00:00:00,12877) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4,\5) /
(root,0,0,00:00:00,15186) [kworker/u16:2]
(chilli,33620,10812,08:55:38,19060) /usr/sbin/chilli --fg
(root,108184,2708,00:00:01,23383) /usr/bin/monit -c /etc/monit/monitrc
(root,0,0,00:00:00,25115) [kworker/u16:0]
(root,42028,6144,00:00:17,25510) /usr/sbin/openvpn --daemon ovpn-99 --status /run/openvpn/99.status 10 --cd /etc/openvpn --script-security 2 --config /etc/openvpn/99.conf --writepid /run/openvpn/99.pid

Found on 2024-11-16 00:26

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcb0928f4f5d588c3c6d1d4d0fd5fda4398e1627dab

Found public CheckMk agent:
Version: 1.2.6p12
AgentOS: linux
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
OnlyFrom: 

Found process list through CheckMk:
(root,185120,5640,01:16:13,1) /sbin/init
(root,0,0,00:00:01,2) [kthreadd]
(root,0,0,00:00:19,3) [ksoftirqd/0]
(root,0,0,00:00:00,5) [kworker/0:0H]
(root,0,0,00:14:45,7) [rcu_sched]
(root,0,0,00:00:00,8) [rcu_bh]
(root,0,0,00:00:15,9) [migration/0]
(root,0,0,00:00:03,10) [watchdog/0]
(root,0,0,00:00:03,11) [watchdog/1]
(root,0,0,00:00:15,12) [migration/1]
(root,0,0,00:00:34,13) [ksoftirqd/1]
(root,0,0,00:00:00,15) [kworker/1:0H]
(root,0,0,00:00:03,16) [watchdog/2]
(root,0,0,00:00:14,17) [migration/2]
(root,0,0,00:00:22,18) [ksoftirqd/2]
(root,0,0,00:00:00,20) [kworker/2:0H]
(root,0,0,00:00:02,21) [watchdog/3]
(root,0,0,00:00:14,22) [migration/3]
(root,0,0,00:00:22,23) [ksoftirqd/3]
(root,0,0,00:00:00,25) [kworker/3:0H]
(root,0,0,00:00:03,26) [watchdog/4]
(root,0,0,00:00:14,27) [migration/4]
(root,0,0,00:00:21,28) [ksoftirqd/4]
(root,0,0,00:00:00,30) [kworker/4:0H]
(root,0,0,00:00:02,31) [watchdog/5]
(root,0,0,00:00:14,32) [migration/5]
(root,0,0,00:00:20,33) [ksoftirqd/5]
(root,0,0,00:00:00,35) [kworker/5:0H]
(root,0,0,00:00:03,36) [watchdog/6]
(root,0,0,00:00:15,37) [migration/6]
(root,0,0,00:00:27,38) [ksoftirqd/6]
(root,0,0,00:00:00,40) [kworker/6:0H]
(root,0,0,00:00:02,41) [watchdog/7]
(root,0,0,00:00:15,42) [migration/7]
(root,0,0,00:00:29,43) [ksoftirqd/7]
(root,0,0,00:00:00,45) [kworker/7:0H]
(root,0,0,00:00:00,46) [kdevtmpfs]
(root,0,0,00:00:00,47) [netns]
(root,0,0,00:00:00,48) [perf]
(root,0,0,00:00:01,49) [khungtaskd]
(root,0,0,00:00:00,50) [writeback]
(root,0,0,00:00:00,51) [ksmd]
(root,0,0,00:00:00,52) [khugepaged]
(root,0,0,00:00:00,53) [crypto]
(root,0,0,00:00:00,54) [kintegrityd]
(root,0,0,00:00:00,55) [bioset]
(root,0,0,00:00:00,56) [kblockd]
(root,0,0,00:00:00,57) [ata_sff]
(root,0,0,00:00:00,58) [md]
(root,0,0,00:00:00,59) [devfreq_wq]
(root,0,0,00:00:00,64) [kswapd0]
(root,0,0,00:00:00,65) [vmstat]
(root,0,0,00:00:00,66) [fsnotify_mark]
(root,0,0,00:00:00,67) [ecryptfs-kthrea]
(root,0,0,00:00:00,83) [kthrotld]
(root,0,0,00:00:00,90) [acpi_thermal_pm]
(root,0,0,00:00:00,91) [bioset]
(root,0,0,00:00:00,92) [bioset]
(root,0,0,00:00:00,93) [bioset]
(root,0,0,00:00:00,94) [bioset]
(root,0,0,00:00:00,95) [bioset]
(root,0,0,00:00:00,96) [bioset]
(root,0,0,00:00:00,97) [bioset]
(root,0,0,00:00:00,98) [bioset]
(root,0,0,00:00:00,103) [ipv6_addrconf]
(root,0,0,00:00:00,117) [deferwq]
(root,0,0,00:00:00,118) [charger_manager]
(root,0,0,00:00:00,158) [kpsmoused]
(root,0,0,00:00:00,167) [scsi_eh_0]
(root,0,0,00:00:00,171) [scsi_tmf_0]
(root,0,0,00:00:00,174) [scsi_eh_1]
(root,0,0,00:00:00,175) [scsi_tmf_1]
(root,0,0,00:00:00,199) [ttm_swap]
(root,0,0,00:00:00,204) [bioset]
(root,0,0,00:00:00,210) [scsi_eh_2]
(root,0,0,00:00:00,211) [scsi_tmf_2]
(root,0,0,00:01:14,212) [usb-storage]
(root,0,0,00:00:00,213) [uas]
(root,0,0,00:00:00,214) [scsi_eh_3]
(root,0,0,00:00:00,215) [scsi_tmf_3]
(root,0,0,00:01:13,216) [usb-storage]
(root,0,0,00:00:00,246) [scsi_eh_4]
(root,0,0,00:00:00,247) [scsi_tmf_4]
(root,0,0,00:00:59,248) [usb-storage]
(root,0,0,00:00:00,287) [bioset]
(root,0,0,00:00:00,301) [raid5wq]
(root,0,0,00:00:00,304) [bioset]
(root,0,0,00:00:00,333) [bioset]
(root,0,0,00:00:00,359) [bioset]
(root,0,0,00:00:01,366) [kworker/0:1H]
(root,0,0,00:00:01,369) [kworker/2:1H]
(root,0,0,00:00:29,371) [jbd2/sda1-8]
(root,0,0,00:00:00,372) [ext4-rsv-conver]
(root,0,0,00:00:04,420) [kworker/7:1H]
(root,0,0,00:00:01,427) [kworker/4:1H]
(root,0,0,00:00:00,442) [kauditd]
(root,0,0,00:00:00,445) [iscsi_eh]
(root,0,0,00:00:01,451) [kworker/6:1H]
(root,0,0,00:00:01,454) [kworker/3:1H]
(root,0,0,00:00:01,455) [kworker/5:1H]
(root,35372,9644,00:12:42,460) /lib/systemd/systemd-journald
(root,0,0,00:00:00,465) [ib_addr]
(root,0,0,00:00:00,468) [ib_mcast]
(root,0,0,00:00:00,469) [ib_nl_sa_wq]
(root,0,0,00:00:00,472) [ib_cm]
(root,0,0,00:00:00,474) [iw_cm_wq]
(root,0,0,00:00:00,475) [rdma_cm]
(root,94768,1564,00:00:00,502) /sbin/lvmetad -f
(root,44964,4428,00:00:01,515) /lib/systemd/systemd-udevd
(root,0,0,00:00:03,534) [kworker/1:1H]
(systemd+,100320,2572,00:00:01,562) /lib/systemd/systemd-timesyncd
(root,0,0,00:00:00,722) [kvm-irqfd-clean]
(root,4392,1268,00:00:00,1082) /usr/sbin/acpid
(syslog,256388,4188,00:03:00,1084) /usr/sbin/rsyslogd -n
(root,30816,2800,00:00:04,1092) /usr/sbin/cron -f
(root,280044,6340,00:02:05,1105) /usr/lib/accountsservice/accounts-daemon
(message+,42900,3892,00:03:32,1107) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation
(root,28624,3152,00:01:10,1126) /lib/systemd/systemd-logind
(daemon,26040,2148,00:00:00,1129) /usr/sbin/atd -f
(root,235772,2192,00:00:21,1139) /usr/bin/lxcfs /var/lib/lxcfs/
(root,13368,164,00:00:00,1164) /sbin/mdadm --monitor --pid-file /run/mdadm/monitor.pid --daemonise --scan --syslog
(root,58208,4180,00:00:02,1166) lldpd: monitor
(root,5216,152,00:00:24,1218) /sbin/iscsid
(root,5716,3508,00:01:46,1219) /sbin/iscsid
(root,0,0,00:00:00,1335) [kworker/4:1]
(root,19568,2100,00:02:26,1367) /usr/sbin/irqbalance --pid=/var/run/irqbalance.pid
(root,14232,2164,00:01:36,1406) /usr/sbin/lldpad -d
(root,277084,6124,00:00:00,1425) /usr/lib/policykit-1/polkitd --no-debug
(root,65508,6420,00:01:33,1451) /usr/sbin/sshd -D
(root,15052,2164,00:00:05,1473) /usr/sbin/xinetd -pidfile /run/xinetd.pid -stayalive -inetd_compat -inetd_ipv6
(_lldpd,58208,2736,00:00:24,1489) lldpd: 2 neighbors
(root,154496,38700,00:01:00,1589) /usr/bin/ruby /usr/bin/puppet agent
(root,17772,1788,00:00:19,1647) /sbin/agetty --noclear tty1 linux
(root,0,0,00:00:00,1906) [kworker/u16:1]
(root,0,0,00:00:00,2010) [kworker/7:2]
(root,0,0,00:00:00,2133) [kworker/6:0]
(root,0,0,00:00:00,2455) [kworker/2:0]
(root,0,0,00:00:00,2564) [kworker/3:2]
(root,0,0,00:00:00,2565) [systemctl] <defunct>
(root,0,0,00:00:00,2566) [lookup.check.sh] <defunct>
(root,92676,6520,00:00:00,2619) sshd: root [priv]
(sshd,65508,3208,00:00:00,2630) sshd: root [net]
(root,52028,2964,00:00:00,2638) /usr/sbin/CRON -f
(root,4500,752,00:00:00,2640) /bin/sh -c /usr/local/bin/check_store
(root,16428,2940,00:00:00,2641) /bin/bash /usr/local/bin/check_store
(root,16428,240,00:00:00,2720) /bin/bash /usr/local/bin/check_store
(root,13392,768,00:00:00,2723) /usr/bin/timeout -k 10 5 /usr/sbin/tcpdump -c 1 -nv -i enp0s20f1 stp
(root,17812,1728,00:00:00,2724) /usr/sbin/tcpdump -c 1 -nv -i enp0s20f1 stp
(root,24928,3436,00:00:00,2780) /bin/bash /usr/bin/check_mk_agent
(root,34420,2984,00:00:00,2806) ps ax -o user,vsz,rss,cputime,pid,command --columns 10000
(root,13360,1000,00:00:00,2807) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4,\5) /
(dnsmasq,56996,2756,00:06:22,7734) /usr/sbin/dnsmasq -x /run/dnsmasq/dnsmasq.pid -u dnsmasq -I lo -7 /etc/dnsmasq.d,.dpkg-dist,.dpkg-old,.dpkg-new --local-service --trust-anchor=.,19036,8,2,49aac11d7b6f6446702e54a1607371607a1a41855200fd2ce1cdde32f24e8fb5 --trust-anchor=.,20326,8,2,e06d44b80b8f1d39a95c0b0d7c65d08458e880409bbc683457104237c7f8ec8d
(root,0,0,00:00:00,12387) [kworker/u16:3]
(root,0,0,00:00:00,15186) [kworker/u16:2]
(chilli,33620,10812,08:53:48,19060) /usr/sbin/chilli --fg
(root,108184,2736,00:00:02,23224) /usr/bin/monit -c /etc/monit/monitrc
(root,0,0,00:00:00,25115) [kworker/u16:0]
(root,42028,6144,00:00:16,25510) /usr/sbin/openvpn --daemon ovpn-99 --status /run/openvpn/99.status 10 --cd /etc/openvpn --script-security 2 --config /etc/openvpn/99.conf --writepid /run/openvpn/99.pid
(root,0,0,00:00:00,25731) [kworker/0:2]
(root,0,0,00:00:00,26289) [kworker/7:1]
(root,0,0,00:00:00,26619) [kworker/2:1]
(root,0,0,00:00:00,26973) [kworker/4:0]
(root,0,0,00:00:00,27171) [kworker/3:1]
(root,0,0,00:00:00,27955) [kworker/6:2]
(root,0,0,00:00:00,28279) [kworker/5:2]
(root,0,0,00:00:00,29302) [kworker/1:2]
(root,0,0,00:00:00,29529) [kworker/0:0]
(root,0,0,00:00:00,30689) [kworker/4:2]
(root,52028,2948,00:00:00,30754) /usr/sbin/CRON -f
(root,4500,852,00:00:00,30761) /bin/sh -c /bin/bash /usr/local/bin/checklist.sh 1800 >> /var/log/status.log
(root,16528,3052,00:00:00,30770) /bin/bash /usr/local/bin/checklist.sh 1800
(root,9124,652,00:00:00,30783) sleep 1691
(root,0,0,00:00:00,30841) [kworker/7:0]
(root,0,0,00:00:00,31170) [kworker/6:1]
(root,0,0,00:00:00,31171) [kworker/5:0]
(root,0,0,00:00:00,31942) [kworker/3:0]
(root,0,0,00:00:00,31965) [kworker/2:2]
(root,0,0,00:00:00,32175) [kworker/1:1]

Found on 2024-11-15 22:08

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcb0928f4f5d588c3c6d1d4d0fd5fda4398e432ec97

Found public CheckMk agent:
Version: 1.2.6p12
AgentOS: linux
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
OnlyFrom: 

Found process list through CheckMk:
(root,185120,5636,01:08:22,1) /sbin/init
(root,0,0,00:00:01,2) [kthreadd]
(root,0,0,00:00:17,3) [ksoftirqd/0]
(root,0,0,00:00:00,5) [kworker/0:0H]
(root,0,0,00:12:53,7) [rcu_sched]
(root,0,0,00:00:00,8) [rcu_bh]
(root,0,0,00:00:13,9) [migration/0]
(root,0,0,00:00:03,10) [watchdog/0]
(root,0,0,00:00:03,11) [watchdog/1]
(root,0,0,00:00:13,12) [migration/1]
(root,0,0,00:00:30,13) [ksoftirqd/1]
(root,0,0,00:00:00,15) [kworker/1:0H]
(root,0,0,00:00:03,16) [watchdog/2]
(root,0,0,00:00:12,17) [migration/2]
(root,0,0,00:00:20,18) [ksoftirqd/2]
(root,0,0,00:00:00,20) [kworker/2:0H]
(root,0,0,00:00:02,21) [watchdog/3]
(root,0,0,00:00:12,22) [migration/3]
(root,0,0,00:00:19,23) [ksoftirqd/3]
(root,0,0,00:00:00,25) [kworker/3:0H]
(root,0,0,00:00:03,26) [watchdog/4]
(root,0,0,00:00:13,27) [migration/4]
(root,0,0,00:00:18,28) [ksoftirqd/4]
(root,0,0,00:00:00,30) [kworker/4:0H]
(root,0,0,00:00:02,31) [watchdog/5]
(root,0,0,00:00:13,32) [migration/5]
(root,0,0,00:00:18,33) [ksoftirqd/5]
(root,0,0,00:00:00,35) [kworker/5:0H]
(root,0,0,00:00:03,36) [watchdog/6]
(root,0,0,00:00:13,37) [migration/6]
(root,0,0,00:00:24,38) [ksoftirqd/6]
(root,0,0,00:00:00,40) [kworker/6:0H]
(root,0,0,00:00:02,41) [watchdog/7]
(root,0,0,00:00:13,42) [migration/7]
(root,0,0,00:00:26,43) [ksoftirqd/7]
(root,0,0,00:00:00,45) [kworker/7:0H]
(root,0,0,00:00:00,46) [kdevtmpfs]
(root,0,0,00:00:00,47) [netns]
(root,0,0,00:00:00,48) [perf]
(root,0,0,00:00:01,49) [khungtaskd]
(root,0,0,00:00:00,50) [writeback]
(root,0,0,00:00:00,51) [ksmd]
(root,0,0,00:00:00,52) [khugepaged]
(root,0,0,00:00:00,53) [crypto]
(root,0,0,00:00:00,54) [kintegrityd]
(root,0,0,00:00:00,55) [bioset]
(root,0,0,00:00:00,56) [kblockd]
(root,0,0,00:00:00,57) [ata_sff]
(root,0,0,00:00:00,58) [md]
(root,0,0,00:00:00,59) [devfreq_wq]
(root,0,0,00:00:00,64) [kswapd0]
(root,0,0,00:00:00,65) [vmstat]
(root,0,0,00:00:00,66) [fsnotify_mark]
(root,0,0,00:00:00,67) [ecryptfs-kthrea]
(root,0,0,00:00:00,83) [kthrotld]
(root,0,0,00:00:00,90) [acpi_thermal_pm]
(root,0,0,00:00:00,91) [bioset]
(root,0,0,00:00:00,92) [bioset]
(root,0,0,00:00:00,93) [bioset]
(root,0,0,00:00:00,94) [bioset]
(root,0,0,00:00:00,95) [bioset]
(root,0,0,00:00:00,96) [bioset]
(root,0,0,00:00:00,97) [bioset]
(root,0,0,00:00:00,98) [bioset]
(root,0,0,00:00:00,103) [ipv6_addrconf]
(root,0,0,00:00:00,117) [deferwq]
(root,0,0,00:00:00,118) [charger_manager]
(root,0,0,00:00:00,158) [kpsmoused]
(root,0,0,00:00:00,167) [scsi_eh_0]
(root,0,0,00:00:00,171) [scsi_tmf_0]
(root,0,0,00:00:00,174) [scsi_eh_1]
(root,0,0,00:00:00,175) [scsi_tmf_1]
(root,0,0,00:00:00,199) [ttm_swap]
(root,0,0,00:00:00,204) [bioset]
(root,0,0,00:00:00,210) [scsi_eh_2]
(root,0,0,00:00:00,211) [scsi_tmf_2]
(root,0,0,00:01:06,212) [usb-storage]
(root,0,0,00:00:00,213) [uas]
(root,0,0,00:00:00,214) [scsi_eh_3]
(root,0,0,00:00:00,215) [scsi_tmf_3]
(root,0,0,00:01:05,216) [usb-storage]
(root,0,0,00:00:00,246) [scsi_eh_4]
(root,0,0,00:00:00,247) [scsi_tmf_4]
(root,0,0,00:00:53,248) [usb-storage]
(root,0,0,00:00:00,287) [bioset]
(root,0,0,00:00:00,301) [raid5wq]
(root,0,0,00:00:00,304) [bioset]
(root,0,0,00:00:00,333) [bioset]
(root,0,0,00:00:00,359) [bioset]
(root,0,0,00:00:01,366) [kworker/0:1H]
(root,0,0,00:00:01,369) [kworker/2:1H]
(root,0,0,00:00:26,371) [jbd2/sda1-8]
(root,0,0,00:00:00,372) [ext4-rsv-conver]
(root,0,0,00:00:04,420) [kworker/7:1H]
(root,0,0,00:00:01,427) [kworker/4:1H]
(root,0,0,00:00:00,442) [kauditd]
(root,0,0,00:00:00,445) [iscsi_eh]
(root,0,0,00:00:01,451) [kworker/6:1H]
(root,0,0,00:00:01,454) [kworker/3:1H]
(root,0,0,00:00:01,455) [kworker/5:1H]
(root,35372,9748,00:11:25,460) /lib/systemd/systemd-journald
(root,0,0,00:00:00,465) [ib_addr]
(root,0,0,00:00:00,468) [ib_mcast]
(root,0,0,00:00:00,469) [ib_nl_sa_wq]
(root,0,0,00:00:00,472) [ib_cm]
(root,0,0,00:00:00,474) [iw_cm_wq]
(root,0,0,00:00:00,475) [rdma_cm]
(root,94768,1564,00:00:00,502) /sbin/lvmetad -f
(root,44964,4428,00:00:01,515) /lib/systemd/systemd-udevd
(root,0,0,00:00:02,534) [kworker/1:1H]
(systemd+,100320,2572,00:00:01,562) /lib/systemd/systemd-timesyncd
(root,0,0,00:00:00,722) [kvm-irqfd-clean]
(root,4392,1268,00:00:00,1082) /usr/sbin/acpid
(syslog,256388,4188,00:02:43,1084) /usr/sbin/rsyslogd -n
(root,30816,2800,00:00:03,1092) /usr/sbin/cron -f
(root,280044,6340,00:01:54,1105) /usr/lib/accountsservice/accounts-daemon
(message+,42900,3892,00:03:10,1107) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation
(root,28624,3152,00:01:03,1126) /lib/systemd/systemd-logind
(daemon,26040,2148,00:00:00,1129) /usr/sbin/atd -f
(root,235772,2192,00:00:19,1139) /usr/bin/lxcfs /var/lib/lxcfs/
(root,13368,164,00:00:00,1164) /sbin/mdadm --monitor --pid-file /run/mdadm/monitor.pid --daemonise --scan --syslog
(root,58208,4180,00:00:02,1166) lldpd: monitor
(root,5216,152,00:00:21,1218) /sbin/iscsid
(root,5716,3508,00:01:35,1219) /sbin/iscsid
(root,19568,2100,00:02:10,1367) /usr/sbin/irqbalance --pid=/var/run/irqbalance.pid
(root,14232,2164,00:01:25,1406) /usr/sbin/lldpad -d
(root,277084,6124,00:00:00,1425) /usr/lib/policykit-1/polkitd --no-debug
(root,65508,6420,00:01:28,1451) /usr/sbin/sshd -D
(root,15052,2164,00:00:05,1473) /usr/sbin/xinetd -pidfile /run/xinetd.pid -stayalive -inetd_compat -inetd_ipv6
(_lldpd,58208,2736,00:00:22,1489) lldpd: 2 neighbors
(root,154496,38700,00:00:54,1589) /usr/bin/ruby /usr/bin/puppet agent
(root,17772,1788,00:00:19,1647) /sbin/agetty --noclear tty1 linux
(dnsmasq,56996,2756,00:04:53,7734) /usr/sbin/dnsmasq -x /run/dnsmasq/dnsmasq.pid -u dnsmasq -I lo -7 /etc/dnsmasq.d,.dpkg-dist,.dpkg-old,.dpkg-new --local-service --trust-anchor=.,19036,8,2,49aac11d7b6f6446702e54a1607371607a1a41855200fd2ce1cdde32f24e8fb5 --trust-anchor=.,20326,8,2,e06d44b80b8f1d39a95c0b0d7c65d08458e880409bbc683457104237c7f8ec8d
(root,108184,2720,00:00:00,18687) /usr/bin/monit -c /etc/monit/monitrc
(chilli,33620,10808,07:42:07,19060) /usr/sbin/chilli --fg
(root,0,0,00:00:00,19935) [kworker/4:0]
(root,0,0,00:00:00,21019) [kworker/2:2]
(root,0,0,00:00:00,21572) [kworker/5:1]
(root,0,0,00:00:00,21781) [kworker/3:0]
(root,0,0,00:00:00,22114) [kworker/0:1]
(root,0,0,00:00:00,22553) [kworker/7:0]
(root,0,0,00:00:00,22664) [kworker/1:1]
(root,0,0,00:00:00,24407) [kworker/6:2]
(root,0,0,00:00:00,24741) [kworker/4:2]
(root,0,0,00:00:00,24858) [kworker/3:1]
(root,0,0,00:00:00,25173) [kworker/0:0]
(root,0,0,00:00:00,25185) [kworker/7:1]
(root,0,0,00:00:00,25399) [kworker/2:0]
(root,0,0,00:00:00,25506) [kworker/1:0]
(root,42028,6144,00:00:03,25510) /usr/sbin/openvpn --daemon ovpn-99 --status /run/openvpn/99.status 10 --cd /etc/openvpn --script-security 2 --config /etc/openvpn/99.conf --writepid /run/openvpn/99.pid
(root,0,0,00:00:00,25623) [kworker/5:0]
(root,52028,2964,00:00:00,25897) /usr/sbin/CRON -f
(root,4500,792,00:00:00,25904) /bin/sh -c /bin/bash /usr/local/bin/checklist.sh 1800 >> /var/log/status.log
(root,16528,2964,00:00:00,25908) /bin/bash /usr/local/bin/checklist.sh 1800
(root,9124,652,00:00:00,25922) sleep 1592
(root,0,0,00:00:01,26571) [kworker/u16:0]
(root,0,0,00:00:00,27079) [kworker/6:1]
(root,0,0,00:00:00,27939) [kworker/0:2]
(root,0,0,00:00:00,28127) [kworker/4:1]
(root,0,0,00:00:00,28893) [kworker/5:2]
(root,0,0,00:00:00,29009) [kworker/u16:2]
(root,0,0,00:00:00,29115) [kworker/3:2]
(root,0,0,00:00:00,29547) [kworker/1:2]
(root,0,0,00:00:00,29875) [kworker/2:1]
(root,0,0,00:00:00,29876) [systemctl] <defunct>
(root,0,0,00:00:00,29877) [lookup.check.sh] <defunct>
(root,24928,3212,00:00:00,30170) /bin/bash /usr/bin/check_mk_agent
(root,34420,2828,00:00:00,30189) ps ax -o user,vsz,rss,cputime,pid,command --columns 10000
(root,13360,1172,00:00:00,30190) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4,\5) /
(root,0,0,00:00:00,32363) [kworker/u16:1]

Found on 2024-11-14 00:07

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcb0928f4f5d588c3c6d1d4d0fd5fda439843eb4782

Found public CheckMk agent:
Version: 1.2.6p12
AgentOS: linux
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
OnlyFrom: 

Found process list through CheckMk:
(root,185120,5636,01:00:23,1) /sbin/init
(root,0,0,00:00:01,2) [kthreadd]
(root,0,0,00:00:15,3) [ksoftirqd/0]
(root,0,0,00:00:00,5) [kworker/0:0H]
(root,0,0,00:11:05,7) [rcu_sched]
(root,0,0,00:00:00,8) [rcu_bh]
(root,0,0,00:00:12,9) [migration/0]
(root,0,0,00:00:02,10) [watchdog/0]
(root,0,0,00:00:02,11) [watchdog/1]
(root,0,0,00:00:12,12) [migration/1]
(root,0,0,00:00:26,13) [ksoftirqd/1]
(root,0,0,00:00:00,15) [kworker/1:0H]
(root,0,0,00:00:02,16) [watchdog/2]
(root,0,0,00:00:11,17) [migration/2]
(root,0,0,00:00:17,18) [ksoftirqd/2]
(root,0,0,00:00:00,20) [kworker/2:0H]
(root,0,0,00:00:02,21) [watchdog/3]
(root,0,0,00:00:11,22) [migration/3]
(root,0,0,00:00:17,23) [ksoftirqd/3]
(root,0,0,00:00:00,25) [kworker/3:0H]
(root,0,0,00:00:02,26) [watchdog/4]
(root,0,0,00:00:11,27) [migration/4]
(root,0,0,00:00:16,28) [ksoftirqd/4]
(root,0,0,00:00:00,30) [kworker/4:0H]
(root,0,0,00:00:02,31) [watchdog/5]
(root,0,0,00:00:11,32) [migration/5]
(root,0,0,00:00:15,33) [ksoftirqd/5]
(root,0,0,00:00:00,35) [kworker/5:0H]
(root,0,0,00:00:02,36) [watchdog/6]
(root,0,0,00:00:12,37) [migration/6]
(root,0,0,00:00:20,38) [ksoftirqd/6]
(root,0,0,00:00:00,40) [kworker/6:0H]
(root,0,0,00:00:02,41) [watchdog/7]
(root,0,0,00:00:12,42) [migration/7]
(root,0,0,00:00:22,43) [ksoftirqd/7]
(root,0,0,00:00:00,45) [kworker/7:0H]
(root,0,0,00:00:00,46) [kdevtmpfs]
(root,0,0,00:00:00,47) [netns]
(root,0,0,00:00:00,48) [perf]
(root,0,0,00:00:00,49) [khungtaskd]
(root,0,0,00:00:00,50) [writeback]
(root,0,0,00:00:00,51) [ksmd]
(root,0,0,00:00:00,52) [khugepaged]
(root,0,0,00:00:00,53) [crypto]
(root,0,0,00:00:00,54) [kintegrityd]
(root,0,0,00:00:00,55) [bioset]
(root,0,0,00:00:00,56) [kblockd]
(root,0,0,00:00:00,57) [ata_sff]
(root,0,0,00:00:00,58) [md]
(root,0,0,00:00:00,59) [devfreq_wq]
(root,0,0,00:00:00,64) [kswapd0]
(root,0,0,00:00:00,65) [vmstat]
(root,0,0,00:00:00,66) [fsnotify_mark]
(root,0,0,00:00:00,67) [ecryptfs-kthrea]
(root,0,0,00:00:00,83) [kthrotld]
(root,0,0,00:00:00,90) [acpi_thermal_pm]
(root,0,0,00:00:00,91) [bioset]
(root,0,0,00:00:00,92) [bioset]
(root,0,0,00:00:00,93) [bioset]
(root,0,0,00:00:00,94) [bioset]
(root,0,0,00:00:00,95) [bioset]
(root,0,0,00:00:00,96) [bioset]
(root,0,0,00:00:00,97) [bioset]
(root,0,0,00:00:00,98) [bioset]
(root,0,0,00:00:00,103) [ipv6_addrconf]
(root,0,0,00:00:00,117) [deferwq]
(root,0,0,00:00:00,118) [charger_manager]
(root,0,0,00:00:00,158) [kpsmoused]
(root,0,0,00:00:00,167) [scsi_eh_0]
(root,0,0,00:00:00,171) [scsi_tmf_0]
(root,0,0,00:00:00,174) [scsi_eh_1]
(root,0,0,00:00:00,175) [scsi_tmf_1]
(root,0,0,00:00:00,199) [ttm_swap]
(root,0,0,00:00:00,204) [bioset]
(root,0,0,00:00:00,210) [scsi_eh_2]
(root,0,0,00:00:00,211) [scsi_tmf_2]
(root,0,0,00:00:58,212) [usb-storage]
(root,0,0,00:00:00,213) [uas]
(root,0,0,00:00:00,214) [scsi_eh_3]
(root,0,0,00:00:00,215) [scsi_tmf_3]
(root,0,0,00:00:58,216) [usb-storage]
(root,0,0,00:00:00,246) [scsi_eh_4]
(root,0,0,00:00:00,247) [scsi_tmf_4]
(root,0,0,00:00:47,248) [usb-storage]
(root,0,0,00:00:00,287) [bioset]
(root,0,0,00:00:00,301) [raid5wq]
(root,0,0,00:00:00,304) [bioset]
(root,0,0,00:00:00,333) [bioset]
(root,0,0,00:00:00,359) [bioset]
(root,0,0,00:00:01,366) [kworker/0:1H]
(root,0,0,00:00:01,369) [kworker/2:1H]
(root,0,0,00:00:23,371) [jbd2/sda1-8]
(root,0,0,00:00:00,372) [ext4-rsv-conver]
(root,0,0,00:00:03,420) [kworker/7:1H]
(root,0,0,00:00:00,427) [kworker/4:1H]
(root,0,0,00:00:00,442) [kauditd]
(root,0,0,00:00:00,445) [iscsi_eh]
(root,0,0,00:00:01,451) [kworker/6:1H]
(root,0,0,00:00:01,454) [kworker/3:1H]
(root,0,0,00:00:01,455) [kworker/5:1H]
(root,35372,3320,00:10:03,460) /lib/systemd/systemd-journald
(root,0,0,00:00:00,465) [ib_addr]
(root,0,0,00:00:00,468) [ib_mcast]
(root,0,0,00:00:00,469) [ib_nl_sa_wq]
(root,0,0,00:00:00,472) [ib_cm]
(root,0,0,00:00:00,474) [iw_cm_wq]
(root,0,0,00:00:00,475) [rdma_cm]
(root,94768,1564,00:00:00,502) /sbin/lvmetad -f
(root,44964,4428,00:00:01,515) /lib/systemd/systemd-udevd
(root,0,0,00:00:02,534) [kworker/1:1H]
(systemd+,100320,2572,00:00:01,562) /lib/systemd/systemd-timesyncd
(root,0,0,00:00:00,722) [kvm-irqfd-clean]
(root,0,0,00:00:00,749) [kworker/1:2]
(root,4392,1268,00:00:00,1082) /usr/sbin/acpid
(syslog,256388,4196,00:02:25,1084) /usr/sbin/rsyslogd -n
(root,30816,2800,00:00:03,1092) /usr/sbin/cron -f
(root,280044,6340,00:01:43,1105) /usr/lib/accountsservice/accounts-daemon
(message+,42900,3888,00:02:48,1107) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation
(root,28624,3152,00:00:56,1126) /lib/systemd/systemd-logind
(daemon,26040,2148,00:00:00,1129) /usr/sbin/atd -f
(root,235772,2192,00:00:16,1139) /usr/bin/lxcfs /var/lib/lxcfs/
(root,13368,164,00:00:00,1164) /sbin/mdadm --monitor --pid-file /run/mdadm/monitor.pid --daemonise --scan --syslog
(root,58208,4180,00:00:01,1166) lldpd: monitor
(root,5216,152,00:00:19,1218) /sbin/iscsid
(root,5716,3508,00:01:24,1219) /sbin/iscsid
(root,19568,2100,00:01:54,1367) /usr/sbin/irqbalance --pid=/var/run/irqbalance.pid
(root,14232,2164,00:01:15,1406) /usr/sbin/lldpad -d
(root,277084,6124,00:00:00,1425) /usr/lib/policykit-1/polkitd --no-debug
(root,65508,6420,00:01:24,1451) /usr/sbin/sshd -D
(root,15052,2164,00:00:04,1473) /usr/sbin/xinetd -pidfile /run/xinetd.pid -stayalive -inetd_compat -inetd_ipv6
(_lldpd,58208,2736,00:00:19,1489) lldpd: 2 neighbors
(root,0,0,00:00:00,1521) [kworker/0:0]
(root,154496,38700,00:00:47,1589) /usr/bin/ruby /usr/bin/puppet agent
(root,17772,1788,00:00:19,1647) /sbin/agetty --noclear tty1 linux
(root,0,0,00:00:00,4410) [kworker/2:0]
(root,52028,2932,00:00:00,4412) /usr/sbin/CRON -f
(root,4500,704,00:00:00,4417) /bin/sh -c /bin/bash /usr/local/bin/checklist.sh 1800 >> /var/log/status.log
(root,16528,3056,00:00:00,4424) /bin/bash /usr/local/bin/checklist.sh 1800
(root,9124,796,00:00:00,4433) sleep 1057
(root,0,0,00:00:00,4553) [kworker/7:1]
(root,0,0,00:00:00,4772) [kworker/4:0]
(root,0,0,00:00:00,5521) [kworker/3:1]
(root,0,0,00:00:00,5624) [kworker/6:1]
(root,0,0,00:00:00,6488) [kworker/5:1]
(root,0,0,00:00:00,7017) [kworker/2:1]
(dnsmasq,56996,2756,00:03:27,7734) /usr/sbin/dnsmasq -x /run/dnsmasq/dnsmasq.pid -u dnsmasq -I lo -7 /etc/dnsmasq.d,.dpkg-dist,.dpkg-old,.dpkg-new --local-service --trust-anchor=.,19036,8,2,49aac11d7b6f6446702e54a1607371607a1a41855200fd2ce1cdde32f24e8fb5 --trust-anchor=.,20326,8,2,e06d44b80b8f1d39a95c0b0d7c65d08458e880409bbc683457104237c7f8ec8d
(root,0,0,00:00:00,7872) [kworker/1:0]
(root,0,0,00:00:00,8309) [kworker/0:1]
(root,0,0,00:00:00,8523) [kworker/3:0]
(root,0,0,00:00:00,8959) [kworker/6:0]
(root,0,0,00:00:00,9374) [kworker/7:2]
(root,0,0,00:00:00,9490) [kworker/5:0]
(root,0,0,00:00:00,9495) [kworker/u16:0]
(root,0,0,00:00:00,9594) [kworker/4:2]
(root,0,0,00:00:00,10080) [kworker/u16:1]
(root,0,0,00:00:00,10135) [kworker/u16:2]
(root,0,0,00:00:00,10456) [kworker/1:1]
(root,0,0,00:00:00,11263) [kworker/3:2]
(root,0,0,00:00:00,11378) [kworker/2:2]
(root,52028,2964,00:00:00,11975) /usr/sbin/CRON -f
(root,4500,848,00:00:00,11979) /bin/sh -c /bin/bash /usr/local/bin/checklist.sh 1800 >> /var/log/status.log
(root,16528,3056,00:00:00,11982) /bin/bash /usr/local/bin/checklist.sh 1800
(root,9124,660,00:00:00,11989) sleep 140
(root,0,0,00:00:00,12249) [kworker/6:2]
(root,0,0,00:00:00,12250) [systemctl] <defunct>
(root,0,0,00:00:00,12251) [lookup.check.sh] <defunct>
(root,0,0,00:00:00,12372) [kworker/u16:4]
(root,24928,3440,00:00:00,12402) /bin/bash /usr/bin/check_mk_agent
(root,34420,2884,00:00:00,12421) ps ax -o user,vsz,rss,cputime,pid,command --columns 10000
(root,13360,1156,00:00:00,12422) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4,\5) /
(root,108184,2716,00:00:01,14816) /usr/bin/monit -c /etc/monit/monitrc
(root,37824,6040,00:00:25,18029) /usr/sbin/openvpn --daemon ovpn-99 --status /run/openvpn/99.status 10 --cd /etc/openvpn --script-security 2 --config /etc/openvpn/99.conf --writepid /run/openvpn/99.pid
(chilli,33620,10804,06:29:22,19060) /usr/sbin/chilli --fg
(root,0,0,00:00:01,31537) [kworker/u16:3]

Found on 2024-11-12 00:45

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcb0928f4f5d588c3c6d1d4d0fd5fda43983d3fa603

Found public CheckMk agent:
Version: 1.2.6p12
AgentOS: linux
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
OnlyFrom: 

Found process list through CheckMk:
(root,185120,5636,00:51:55,1) /sbin/init
(root,0,0,00:00:01,2) [kthreadd]
(root,0,0,00:00:13,3) [ksoftirqd/0]
(root,0,0,00:00:00,5) [kworker/0:0H]
(root,0,0,00:09:26,7) [rcu_sched]
(root,0,0,00:00:00,8) [rcu_bh]
(root,0,0,00:00:10,9) [migration/0]
(root,0,0,00:00:02,10) [watchdog/0]
(root,0,0,00:00:02,11) [watchdog/1]
(root,0,0,00:00:10,12) [migration/1]
(root,0,0,00:00:22,13) [ksoftirqd/1]
(root,0,0,00:00:00,15) [kworker/1:0H]
(root,0,0,00:00:02,16) [watchdog/2]
(root,0,0,00:00:09,17) [migration/2]
(root,0,0,00:00:15,18) [ksoftirqd/2]
(root,0,0,00:00:00,20) [kworker/2:0H]
(root,0,0,00:00:01,21) [watchdog/3]
(root,0,0,00:00:09,22) [migration/3]
(root,0,0,00:00:14,23) [ksoftirqd/3]
(root,0,0,00:00:00,25) [kworker/3:0H]
(root,0,0,00:00:02,26) [watchdog/4]
(root,0,0,00:00:09,27) [migration/4]
(root,0,0,00:00:13,28) [ksoftirqd/4]
(root,0,0,00:00:00,30) [kworker/4:0H]
(root,0,0,00:00:01,31) [watchdog/5]
(root,0,0,00:00:10,32) [migration/5]
(root,0,0,00:00:13,33) [ksoftirqd/5]
(root,0,0,00:00:00,35) [kworker/5:0H]
(root,0,0,00:00:02,36) [watchdog/6]
(root,0,0,00:00:10,37) [migration/6]
(root,0,0,00:00:17,38) [ksoftirqd/6]
(root,0,0,00:00:00,40) [kworker/6:0H]
(root,0,0,00:00:01,41) [watchdog/7]
(root,0,0,00:00:10,42) [migration/7]
(root,0,0,00:00:19,43) [ksoftirqd/7]
(root,0,0,00:00:00,45) [kworker/7:0H]
(root,0,0,00:00:00,46) [kdevtmpfs]
(root,0,0,00:00:00,47) [netns]
(root,0,0,00:00:00,48) [perf]
(root,0,0,00:00:00,49) [khungtaskd]
(root,0,0,00:00:00,50) [writeback]
(root,0,0,00:00:00,51) [ksmd]
(root,0,0,00:00:00,52) [khugepaged]
(root,0,0,00:00:00,53) [crypto]
(root,0,0,00:00:00,54) [kintegrityd]
(root,0,0,00:00:00,55) [bioset]
(root,0,0,00:00:00,56) [kblockd]
(root,0,0,00:00:00,57) [ata_sff]
(root,0,0,00:00:00,58) [md]
(root,0,0,00:00:00,59) [devfreq_wq]
(root,0,0,00:00:00,64) [kswapd0]
(root,0,0,00:00:00,65) [vmstat]
(root,0,0,00:00:00,66) [fsnotify_mark]
(root,0,0,00:00:00,67) [ecryptfs-kthrea]
(root,0,0,00:00:00,83) [kthrotld]
(root,0,0,00:00:00,90) [acpi_thermal_pm]
(root,0,0,00:00:00,91) [bioset]
(root,0,0,00:00:00,92) [bioset]
(root,0,0,00:00:00,93) [bioset]
(root,0,0,00:00:00,94) [bioset]
(root,0,0,00:00:00,95) [bioset]
(root,0,0,00:00:00,96) [bioset]
(root,0,0,00:00:00,97) [bioset]
(root,0,0,00:00:00,98) [bioset]
(root,0,0,00:00:00,103) [ipv6_addrconf]
(root,0,0,00:00:00,117) [deferwq]
(root,0,0,00:00:00,118) [charger_manager]
(root,0,0,00:00:00,158) [kpsmoused]
(root,0,0,00:00:00,167) [scsi_eh_0]
(root,0,0,00:00:00,171) [scsi_tmf_0]
(root,0,0,00:00:00,174) [scsi_eh_1]
(root,0,0,00:00:00,175) [scsi_tmf_1]
(root,0,0,00:00:00,199) [ttm_swap]
(root,0,0,00:00:00,204) [bioset]
(root,0,0,00:00:00,210) [scsi_eh_2]
(root,0,0,00:00:00,211) [scsi_tmf_2]
(root,0,0,00:00:50,212) [usb-storage]
(root,0,0,00:00:00,213) [uas]
(root,0,0,00:00:00,214) [scsi_eh_3]
(root,0,0,00:00:00,215) [scsi_tmf_3]
(root,0,0,00:00:49,216) [usb-storage]
(root,0,0,00:00:00,246) [scsi_eh_4]
(root,0,0,00:00:00,247) [scsi_tmf_4]
(root,0,0,00:00:40,248) [usb-storage]
(root,0,0,00:00:00,287) [bioset]
(root,0,0,00:00:00,301) [raid5wq]
(root,0,0,00:00:00,304) [bioset]
(root,0,0,00:00:00,333) [bioset]
(root,0,0,00:00:00,359) [bioset]
(root,0,0,00:00:00,366) [kworker/0:1H]
(root,0,0,00:00:00,369) [kworker/2:1H]
(root,0,0,00:00:20,371) [jbd2/sda1-8]
(root,0,0,00:00:00,372) [ext4-rsv-conver]
(root,0,0,00:00:03,420) [kworker/7:1H]
(root,0,0,00:00:00,427) [kworker/4:1H]
(root,0,0,00:00:00,442) [kauditd]
(root,0,0,00:00:00,445) [iscsi_eh]
(root,0,0,00:00:01,451) [kworker/6:1H]
(root,0,0,00:00:01,454) [kworker/3:1H]
(root,0,0,00:00:00,455) [kworker/5:1H]
(root,35372,7840,00:08:26,460) /lib/systemd/systemd-journald
(root,0,0,00:00:00,465) [ib_addr]
(root,0,0,00:00:00,468) [ib_mcast]
(root,0,0,00:00:00,469) [ib_nl_sa_wq]
(root,0,0,00:00:00,472) [ib_cm]
(root,0,0,00:00:00,474) [iw_cm_wq]
(root,0,0,00:00:00,475) [rdma_cm]
(root,94768,1564,00:00:00,502) /sbin/lvmetad -f
(root,44964,4428,00:00:01,515) /lib/systemd/systemd-udevd
(root,0,0,00:00:02,534) [kworker/1:1H]
(systemd+,100320,2572,00:00:00,562) /lib/systemd/systemd-timesyncd
(root,0,0,00:00:00,722) [kvm-irqfd-clean]
(root,4392,1268,00:00:00,1082) /usr/sbin/acpid
(syslog,256388,4196,00:02:01,1084) /usr/sbin/rsyslogd -n
(root,30816,2800,00:00:02,1092) /usr/sbin/cron -f
(root,280044,6340,00:01:26,1105) /usr/lib/accountsservice/accounts-daemon
(message+,42900,3888,00:02:26,1107) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation
(root,28624,3152,00:00:48,1126) /lib/systemd/systemd-logind
(daemon,26040,2148,00:00:00,1129) /usr/sbin/atd -f
(root,235772,2192,00:00:14,1139) /usr/bin/lxcfs /var/lib/lxcfs/
(root,13368,164,00:00:00,1164) /sbin/mdadm --monitor --pid-file /run/mdadm/monitor.pid --daemonise --scan --syslog
(root,58208,4180,00:00:01,1166) lldpd: monitor
(root,5216,152,00:00:16,1218) /sbin/iscsid
(root,5716,3508,00:01:12,1219) /sbin/iscsid
(root,19568,2100,00:01:38,1367) /usr/sbin/irqbalance --pid=/var/run/irqbalance.pid
(root,14232,2164,00:01:04,1406) /usr/sbin/lldpad -d
(root,277084,6124,00:00:00,1425) /usr/lib/policykit-1/polkitd --no-debug
(root,65508,6420,00:01:09,1451) /usr/sbin/sshd -D
(root,15052,2164,00:00:04,1473) /usr/sbin/xinetd -pidfile /run/xinetd.pid -stayalive -inetd_compat -inetd_ipv6
(_lldpd,58208,2736,00:00:16,1489) lldpd: 2 neighbors
(root,154496,38700,00:00:40,1589) /usr/bin/ruby /usr/bin/puppet agent
(root,17772,1788,00:00:19,1647) /sbin/agetty --noclear tty1 linux
(root,0,0,00:00:00,6300) [kworker/u16:2]
(root,108184,2792,00:00:03,6924) /usr/bin/monit -c /etc/monit/monitrc
(dnsmasq,56996,2756,00:02:19,7734) /usr/sbin/dnsmasq -x /run/dnsmasq/dnsmasq.pid -u dnsmasq -I lo -7 /etc/dnsmasq.d,.dpkg-dist,.dpkg-old,.dpkg-new --local-service --trust-anchor=.,19036,8,2,49aac11d7b6f6446702e54a1607371607a1a41855200fd2ce1cdde32f24e8fb5 --trust-anchor=.,20326,8,2,e06d44b80b8f1d39a95c0b0d7c65d08458e880409bbc683457104237c7f8ec8d
(root,0,0,00:00:00,11182) [kworker/u16:3]
(root,37824,6040,00:00:10,18029) /usr/sbin/openvpn --daemon ovpn-99 --status /run/openvpn/99.status 10 --cd /etc/openvpn --script-security 2 --config /etc/openvpn/99.conf --writepid /run/openvpn/99.pid
(chilli,33620,10804,05:30:55,19060) /usr/sbin/chilli --fg
(root,0,0,00:00:00,21287) [kworker/6:0]
(root,0,0,00:00:00,21647) [kworker/0:0]
(root,0,0,00:00:00,21761) [kworker/1:2]
(root,0,0,00:00:00,21886) [kworker/2:1]
(root,0,0,00:00:00,22456) [kworker/5:1]
(root,0,0,00:00:00,23163) [kworker/u16:1]
(root,0,0,00:00:00,23270) [kworker/3:2]
(root,52028,2964,00:00:00,23338) /usr/sbin/CRON -f
(root,4500,700,00:00:00,23343) /bin/sh -c /bin/bash /usr/local/bin/checklist.sh 1800 >> /var/log/status.log
(root,16528,3052,00:00:00,23345) /bin/bash /usr/local/bin/checklist.sh 1800
(root,9124,808,00:00:00,23348) sleep 1313
(root,0,0,00:00:00,24335) [kworker/4:1]
(root,0,0,00:00:00,24578) [kworker/7:0]
(root,0,0,00:00:00,25263) [kworker/1:1]
(root,0,0,00:00:00,25386) [kworker/0:2]
(root,0,0,00:00:00,25501) [kworker/5:0]
(root,0,0,00:00:00,25623) [kworker/2:0]
(root,0,0,00:00:00,26072) [kworker/6:1]
(root,0,0,00:00:00,26724) [kworker/3:0]
(root,0,0,00:00:00,27201) [kworker/4:2]
(root,0,0,00:00:00,27790) [kworker/7:2]
(root,0,0,00:00:00,28180) [kworker/1:0]
(root,0,0,00:00:00,28654) [kworker/2:2]
(root,0,0,00:00:00,29388) [kworker/5:2]
(root,0,0,00:00:00,29634) [kworker/3:1]
(root,0,0,00:00:00,30015) [kworker/0:1]
(root,0,0,00:00:00,30771) [kworker/4:0]
(root,0,0,00:00:00,30893) [kworker/7:1]
(root,0,0,00:00:00,30896) [systemctl] <defunct>
(root,0,0,00:00:00,30897) [lookup.check.sh] <defunct>
(root,65508,6012,00:00:00,30917) sshd: [accepted]
(sshd,65508,724,00:00:00,30918) sshd: [net]
(root,24928,3180,00:00:00,30984) /bin/bash /usr/bin/check_mk_agent
(root,34420,2928,00:00:00,31003) ps ax -o user,vsz,rss,cputime,pid,command --columns 10000
(root,13360,1056,00:00:00,31004) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4,\5) /

Found on 2024-11-09 22:28

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcb0928f4f5d588c3c6d1d4d0fd5fda439806f9e194

Found public CheckMk agent:
Version: 1.2.6p12
AgentOS: linux
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
OnlyFrom: 

Found process list through CheckMk:
(root,185120,5636,00:44:08,1) /sbin/init
(root,0,0,00:00:01,2) [kthreadd]
(root,0,0,00:00:10,3) [ksoftirqd/0]
(root,0,0,00:00:00,5) [kworker/0:0H]
(root,0,0,00:07:48,7) [rcu_sched]
(root,0,0,00:00:00,8) [rcu_bh]
(root,0,0,00:00:08,9) [migration/0]
(root,0,0,00:00:02,10) [watchdog/0]
(root,0,0,00:00:01,11) [watchdog/1]
(root,0,0,00:00:08,12) [migration/1]
(root,0,0,00:00:18,13) [ksoftirqd/1]
(root,0,0,00:00:00,15) [kworker/1:0H]
(root,0,0,00:00:02,16) [watchdog/2]
(root,0,0,00:00:08,17) [migration/2]
(root,0,0,00:00:12,18) [ksoftirqd/2]
(root,0,0,00:00:00,20) [kworker/2:0H]
(root,0,0,00:00:01,21) [watchdog/3]
(root,0,0,00:00:08,22) [migration/3]
(root,0,0,00:00:12,23) [ksoftirqd/3]
(root,0,0,00:00:00,25) [kworker/3:0H]
(root,0,0,00:00:02,26) [watchdog/4]
(root,0,0,00:00:08,27) [migration/4]
(root,0,0,00:00:11,28) [ksoftirqd/4]
(root,0,0,00:00:00,30) [kworker/4:0H]
(root,0,0,00:00:01,31) [watchdog/5]
(root,0,0,00:00:08,32) [migration/5]
(root,0,0,00:00:11,33) [ksoftirqd/5]
(root,0,0,00:00:00,35) [kworker/5:0H]
(root,0,0,00:00:02,36) [watchdog/6]
(root,0,0,00:00:08,37) [migration/6]
(root,0,0,00:00:14,38) [ksoftirqd/6]
(root,0,0,00:00:00,40) [kworker/6:0H]
(root,0,0,00:00:01,41) [watchdog/7]
(root,0,0,00:00:08,42) [migration/7]
(root,0,0,00:00:16,43) [ksoftirqd/7]
(root,0,0,00:00:00,45) [kworker/7:0H]
(root,0,0,00:00:00,46) [kdevtmpfs]
(root,0,0,00:00:00,47) [netns]
(root,0,0,00:00:00,48) [perf]
(root,0,0,00:00:00,49) [khungtaskd]
(root,0,0,00:00:00,50) [writeback]
(root,0,0,00:00:00,51) [ksmd]
(root,0,0,00:00:00,52) [khugepaged]
(root,0,0,00:00:00,53) [crypto]
(root,0,0,00:00:00,54) [kintegrityd]
(root,0,0,00:00:00,55) [bioset]
(root,0,0,00:00:00,56) [kblockd]
(root,0,0,00:00:00,57) [ata_sff]
(root,0,0,00:00:00,58) [md]
(root,0,0,00:00:00,59) [devfreq_wq]
(root,0,0,00:00:00,64) [kswapd0]
(root,0,0,00:00:00,65) [vmstat]
(root,0,0,00:00:00,66) [fsnotify_mark]
(root,0,0,00:00:00,67) [ecryptfs-kthrea]
(root,0,0,00:00:00,83) [kthrotld]
(root,0,0,00:00:00,90) [acpi_thermal_pm]
(root,0,0,00:00:00,91) [bioset]
(root,0,0,00:00:00,92) [bioset]
(root,0,0,00:00:00,93) [bioset]
(root,0,0,00:00:00,94) [bioset]
(root,0,0,00:00:00,95) [bioset]
(root,0,0,00:00:00,96) [bioset]
(root,0,0,00:00:00,97) [bioset]
(root,0,0,00:00:00,98) [bioset]
(root,0,0,00:00:00,103) [ipv6_addrconf]
(root,0,0,00:00:00,117) [deferwq]
(root,0,0,00:00:00,118) [charger_manager]
(root,0,0,00:00:00,158) [kpsmoused]
(root,0,0,00:00:00,167) [scsi_eh_0]
(root,0,0,00:00:00,171) [scsi_tmf_0]
(root,0,0,00:00:00,174) [scsi_eh_1]
(root,0,0,00:00:00,175) [scsi_tmf_1]
(root,0,0,00:00:00,199) [ttm_swap]
(root,0,0,00:00:00,204) [bioset]
(root,0,0,00:00:00,210) [scsi_eh_2]
(root,0,0,00:00:00,211) [scsi_tmf_2]
(root,0,0,00:00:42,212) [usb-storage]
(root,0,0,00:00:00,213) [uas]
(root,0,0,00:00:00,214) [scsi_eh_3]
(root,0,0,00:00:00,215) [scsi_tmf_3]
(root,0,0,00:00:42,216) [usb-storage]
(root,0,0,00:00:00,246) [scsi_eh_4]
(root,0,0,00:00:00,247) [scsi_tmf_4]
(root,0,0,00:00:34,248) [usb-storage]
(root,0,0,00:00:00,287) [bioset]
(root,0,0,00:00:00,301) [raid5wq]
(root,0,0,00:00:00,304) [bioset]
(root,0,0,00:00:00,333) [bioset]
(root,0,0,00:00:00,359) [bioset]
(root,0,0,00:00:00,366) [kworker/0:1H]
(root,0,0,00:00:00,369) [kworker/2:1H]
(root,0,0,00:00:17,371) [jbd2/sda1-8]
(root,0,0,00:00:00,372) [ext4-rsv-conver]
(root,0,0,00:00:02,420) [kworker/7:1H]
(root,0,0,00:00:00,427) [kworker/4:1H]
(root,0,0,00:00:00,442) [kauditd]
(root,0,0,00:00:00,445) [iscsi_eh]
(root,0,0,00:00:00,451) [kworker/6:1H]
(root,0,0,00:00:00,454) [kworker/3:1H]
(root,0,0,00:00:00,455) [kworker/5:1H]
(root,35372,5144,00:06:59,460) /lib/systemd/systemd-journald
(root,0,0,00:00:00,465) [ib_addr]
(root,0,0,00:00:00,468) [ib_mcast]
(root,0,0,00:00:00,469) [ib_nl_sa_wq]
(root,0,0,00:00:00,472) [ib_cm]
(root,0,0,00:00:00,474) [iw_cm_wq]
(root,0,0,00:00:00,475) [rdma_cm]
(root,94768,1564,00:00:00,502) /sbin/lvmetad -f
(root,44964,4428,00:00:01,515) /lib/systemd/systemd-udevd
(root,0,0,00:00:01,534) [kworker/1:1H]
(systemd+,100320,2572,00:00:00,562) /lib/systemd/systemd-timesyncd
(root,0,0,00:00:00,722) [kvm-irqfd-clean]
(root,0,0,00:00:01,1074) [kworker/u16:1]
(root,4392,1268,00:00:00,1082) /usr/sbin/acpid
(syslog,256388,4200,00:01:41,1084) /usr/sbin/rsyslogd -n
(root,30816,2800,00:00:02,1092) /usr/sbin/cron -f
(root,280044,6340,00:01:12,1105) /usr/lib/accountsservice/accounts-daemon
(message+,42900,3888,00:02:05,1107) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation
(root,28624,3152,00:00:41,1126) /lib/systemd/systemd-logind
(daemon,26040,2148,00:00:00,1129) /usr/sbin/atd -f
(root,235772,2192,00:00:12,1139) /usr/bin/lxcfs /var/lib/lxcfs/
(root,13368,164,00:00:00,1164) /sbin/mdadm --monitor --pid-file /run/mdadm/monitor.pid --daemonise --scan --syslog
(root,58208,4180,00:00:01,1166) lldpd: monitor
(root,0,0,00:00:01,1201) [kworker/u16:3]
(root,5216,152,00:00:14,1218) /sbin/iscsid
(root,5716,3508,00:01:01,1219) /sbin/iscsid
(root,19568,2100,00:01:23,1367) /usr/sbin/irqbalance --pid=/var/run/irqbalance.pid
(root,14232,2164,00:00:54,1406) /usr/sbin/lldpad -d
(root,277084,6124,00:00:00,1425) /usr/lib/policykit-1/polkitd --no-debug
(root,65508,6420,00:00:58,1451) /usr/sbin/sshd -D
(root,15052,2164,00:00:03,1473) /usr/sbin/xinetd -pidfile /run/xinetd.pid -stayalive -inetd_compat -inetd_ipv6
(_lldpd,58208,2736,00:00:14,1489) lldpd: 2 neighbors
(root,154496,38700,00:00:34,1589) /usr/bin/ruby /usr/bin/puppet agent
(root,17772,1788,00:00:19,1647) /sbin/agetty --noclear tty1 linux
(dnsmasq,56996,2756,00:01:06,7734) /usr/sbin/dnsmasq -x /run/dnsmasq/dnsmasq.pid -u dnsmasq -I lo -7 /etc/dnsmasq.d,.dpkg-dist,.dpkg-old,.dpkg-new --local-service --trust-anchor=.,19036,8,2,49aac11d7b6f6446702e54a1607371607a1a41855200fd2ce1cdde32f24e8fb5 --trust-anchor=.,20326,8,2,e06d44b80b8f1d39a95c0b0d7c65d08458e880409bbc683457104237c7f8ec8d
(root,108184,2680,00:00:00,9072) /usr/bin/monit -c /etc/monit/monitrc
(root,37824,6124,00:00:55,11102) /usr/sbin/openvpn --daemon ovpn-99 --status /run/openvpn/99.status 10 --cd /etc/openvpn --script-security 2 --config /etc/openvpn/99.conf --writepid /run/openvpn/99.pid
(root,0,0,00:00:00,11483) [kworker/u16:0]
(root,0,0,00:00:00,12567) [kworker/6:2]
(root,0,0,00:00:00,13611) [kworker/7:0]
(root,0,0,00:00:00,13827) [kworker/0:2]
(root,0,0,00:00:00,14036) [kworker/1:1]
(root,0,0,00:00:00,15104) [kworker/5:2]
(root,0,0,00:00:00,15218) [kworker/4:0]
(root,0,0,00:00:00,15631) [kworker/6:1]
(root,0,0,00:00:00,15851) [kworker/2:1]
(root,0,0,00:00:00,16074) [kworker/3:2]
(root,0,0,00:00:00,17064) [kworker/7:1]
(root,0,0,00:00:00,17808) [kworker/0:1]
(root,0,0,00:00:00,18223) [kworker/1:2]
(root,0,0,00:00:00,18440) [kworker/4:1]
(chilli,33620,10804,04:23:25,19060) /usr/sbin/chilli --fg
(root,0,0,00:00:00,19079) [kworker/2:0]
(root,0,0,00:00:00,19296) [kworker/3:0]
(root,0,0,00:00:00,20141) [kworker/5:0]
(root,0,0,00:00:00,20949) [kworker/7:2]
(root,0,0,00:00:00,20956) [kworker/0:0]
(root,0,0,00:00:00,21053) [kworker/1:0]
(root,0,0,00:00:00,21791) [kworker/4:2]
(root,0,0,00:00:00,21805) [kworker/u16:2]
(root,0,0,00:00:00,22010) [kworker/6:0]
(root,0,0,00:00:00,22536) [kworker/2:2]
(root,0,0,00:00:00,23304) [systemctl] <defunct>
(root,0,0,00:00:00,23305) [lookup.check.sh] <defunct>
(root,24928,3348,00:00:00,23387) /bin/bash /usr/bin/check_mk_agent
(root,34420,2932,00:00:00,23406) ps ax -o user,vsz,rss,cputime,pid,command --columns 10000
(root,13360,1048,00:00:00,23407) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4,\5) /

Found on 2024-11-08 00:14

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcb0928f4f5d588c3c6d1d4d0fd5fda439855f046f0

Found public CheckMk agent:
Version: 1.2.6p12
AgentOS: linux
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
OnlyFrom: 

Found process list through CheckMk:
(root,185120,5632,00:19:52,1) /sbin/init
(root,0,0,00:00:00,2) [kthreadd]
(root,0,0,00:00:04,3) [ksoftirqd/0]
(root,0,0,00:00:00,5) [kworker/0:0H]
(root,0,0,00:03:07,7) [rcu_sched]
(root,0,0,00:00:00,8) [rcu_bh]
(root,0,0,00:00:04,9) [migration/0]
(root,0,0,00:00:00,10) [watchdog/0]
(root,0,0,00:00:00,11) [watchdog/1]
(root,0,0,00:00:04,12) [migration/1]
(root,0,0,00:00:07,13) [ksoftirqd/1]
(root,0,0,00:00:00,15) [kworker/1:0H]
(root,0,0,00:00:00,16) [watchdog/2]
(root,0,0,00:00:03,17) [migration/2]
(root,0,0,00:00:06,18) [ksoftirqd/2]
(root,0,0,00:00:00,20) [kworker/2:0H]
(root,0,0,00:00:00,21) [watchdog/3]
(root,0,0,00:00:03,22) [migration/3]
(root,0,0,00:00:05,23) [ksoftirqd/3]
(root,0,0,00:00:00,25) [kworker/3:0H]
(root,0,0,00:00:00,26) [watchdog/4]
(root,0,0,00:00:03,27) [migration/4]
(root,0,0,00:00:04,28) [ksoftirqd/4]
(root,0,0,00:00:00,30) [kworker/4:0H]
(root,0,0,00:00:00,31) [watchdog/5]
(root,0,0,00:00:03,32) [migration/5]
(root,0,0,00:00:04,33) [ksoftirqd/5]
(root,0,0,00:00:00,35) [kworker/5:0H]
(root,0,0,00:00:00,36) [watchdog/6]
(root,0,0,00:00:03,37) [migration/6]
(root,0,0,00:00:06,38) [ksoftirqd/6]
(root,0,0,00:00:00,40) [kworker/6:0H]
(root,0,0,00:00:00,41) [watchdog/7]
(root,0,0,00:00:03,42) [migration/7]
(root,0,0,00:00:06,43) [ksoftirqd/7]
(root,0,0,00:00:00,45) [kworker/7:0H]
(root,0,0,00:00:00,46) [kdevtmpfs]
(root,0,0,00:00:00,47) [netns]
(root,0,0,00:00:00,48) [perf]
(root,0,0,00:00:00,49) [khungtaskd]
(root,0,0,00:00:00,50) [writeback]
(root,0,0,00:00:00,51) [ksmd]
(root,0,0,00:00:00,52) [khugepaged]
(root,0,0,00:00:00,53) [crypto]
(root,0,0,00:00:00,54) [kintegrityd]
(root,0,0,00:00:00,55) [bioset]
(root,0,0,00:00:00,56) [kblockd]
(root,0,0,00:00:00,57) [ata_sff]
(root,0,0,00:00:00,58) [md]
(root,0,0,00:00:00,59) [devfreq_wq]
(root,0,0,00:00:00,64) [kswapd0]
(root,0,0,00:00:00,65) [vmstat]
(root,0,0,00:00:00,66) [fsnotify_mark]
(root,0,0,00:00:00,67) [ecryptfs-kthrea]
(root,0,0,00:00:00,83) [kthrotld]
(root,0,0,00:00:00,90) [acpi_thermal_pm]
(root,0,0,00:00:00,91) [bioset]
(root,0,0,00:00:00,92) [bioset]
(root,0,0,00:00:00,93) [bioset]
(root,0,0,00:00:00,94) [bioset]
(root,0,0,00:00:00,95) [bioset]
(root,0,0,00:00:00,96) [bioset]
(root,0,0,00:00:00,97) [bioset]
(root,0,0,00:00:00,98) [bioset]
(root,0,0,00:00:00,103) [ipv6_addrconf]
(root,0,0,00:00:00,117) [deferwq]
(root,0,0,00:00:00,118) [charger_manager]
(root,0,0,00:00:00,158) [kpsmoused]
(root,0,0,00:00:00,167) [scsi_eh_0]
(root,0,0,00:00:00,171) [scsi_tmf_0]
(root,0,0,00:00:00,174) [scsi_eh_1]
(root,0,0,00:00:00,175) [scsi_tmf_1]
(root,0,0,00:00:00,199) [ttm_swap]
(root,0,0,00:00:00,204) [bioset]
(root,0,0,00:00:00,210) [scsi_eh_2]
(root,0,0,00:00:00,211) [scsi_tmf_2]
(root,0,0,00:00:19,212) [usb-storage]
(root,0,0,00:00:00,213) [uas]
(root,0,0,00:00:00,214) [scsi_eh_3]
(root,0,0,00:00:00,215) [scsi_tmf_3]
(root,0,0,00:00:18,216) [usb-storage]
(root,0,0,00:00:00,246) [scsi_eh_4]
(root,0,0,00:00:00,247) [scsi_tmf_4]
(root,0,0,00:00:15,248) [usb-storage]
(root,0,0,00:00:00,287) [bioset]
(root,0,0,00:00:00,301) [raid5wq]
(root,0,0,00:00:00,304) [bioset]
(root,0,0,00:00:00,333) [bioset]
(root,0,0,00:00:00,359) [bioset]
(root,0,0,00:00:00,366) [kworker/0:1H]
(root,0,0,00:00:00,369) [kworker/2:1H]
(root,0,0,00:00:08,371) [jbd2/sda1-8]
(root,0,0,00:00:00,372) [ext4-rsv-conver]
(root,0,0,00:00:01,420) [kworker/7:1H]
(root,0,0,00:00:00,427) [kworker/4:1H]
(root,0,0,00:00:00,442) [kauditd]
(root,0,0,00:00:00,445) [iscsi_eh]
(root,0,0,00:00:00,451) [kworker/6:1H]
(root,0,0,00:00:00,454) [kworker/3:1H]
(root,0,0,00:00:00,455) [kworker/5:1H]
(root,35372,7920,00:03:25,460) /lib/systemd/systemd-journald
(root,0,0,00:00:00,465) [ib_addr]
(root,0,0,00:00:00,468) [ib_mcast]
(root,0,0,00:00:00,469) [ib_nl_sa_wq]
(root,0,0,00:00:00,472) [ib_cm]
(root,0,0,00:00:00,474) [iw_cm_wq]
(root,0,0,00:00:00,475) [rdma_cm]
(root,94768,1564,00:00:00,502) /sbin/lvmetad -f
(root,44964,4428,00:00:00,515) /lib/systemd/systemd-udevd
(root,0,0,00:00:00,534) [kworker/1:1H]
(systemd+,100320,2572,00:00:00,562) /lib/systemd/systemd-timesyncd
(root,0,0,00:00:00,722) [kvm-irqfd-clean]
(root,4392,1268,00:00:00,1082) /usr/sbin/acpid
(syslog,256388,4200,00:00:50,1084) /usr/sbin/rsyslogd -n
(root,30816,2800,00:00:01,1092) /usr/sbin/cron -f
(root,280044,6340,00:00:36,1105) /usr/lib/accountsservice/accounts-daemon
(message+,42900,3888,00:00:57,1107) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation
(root,28624,3152,00:00:18,1126) /lib/systemd/systemd-logind
(daemon,26040,2148,00:00:00,1129) /usr/sbin/atd -f
(root,235772,2192,00:00:04,1139) /usr/bin/lxcfs /var/lib/lxcfs/
(root,13368,164,00:00:00,1164) /sbin/mdadm --monitor --pid-file /run/mdadm/monitor.pid --daemonise --scan --syslog
(root,58208,4180,00:00:00,1166) lldpd: monitor
(root,5216,152,00:00:06,1218) /sbin/iscsid
(root,5716,3508,00:00:27,1219) /sbin/iscsid
(root,19568,2100,00:00:37,1367) /usr/sbin/irqbalance --pid=/var/run/irqbalance.pid
(root,14232,2164,00:00:24,1406) /usr/sbin/lldpad -d
(root,277084,6124,00:00:00,1425) /usr/lib/policykit-1/polkitd --no-debug
(root,65508,6420,00:00:34,1451) /usr/sbin/sshd -D
(root,15052,2164,00:00:01,1473) /usr/sbin/xinetd -pidfile /run/xinetd.pid -stayalive -inetd_compat -inetd_ipv6
(_lldpd,58208,2736,00:00:06,1489) lldpd: 2 neighbors
(root,154496,38700,00:00:15,1589) /usr/bin/ruby /usr/bin/puppet agent
(root,17772,1788,00:00:19,1647) /sbin/agetty --noclear tty1 linux
(root,0,0,00:00:00,6968) [kworker/u16:4]
(root,0,0,00:00:00,9492) [kworker/u16:0]
(root,37824,6124,00:00:13,11102) /usr/sbin/openvpn --daemon ovpn-99 --status /run/openvpn/99.status 10 --cd /etc/openvpn --script-security 2 --config /etc/openvpn/99.conf --writepid /run/openvpn/99.pid
(root,108184,2784,00:00:02,11548) /usr/bin/monit -c /etc/monit/monitrc
(root,0,0,00:00:00,12901) [kworker/4:0]
(root,0,0,00:00:00,13656) [kworker/1:2]
(root,0,0,00:00:00,14423) [kworker/u16:1]
(root,0,0,00:00:00,14495) [kworker/0:0]
(dnsmasq,56864,2752,00:01:27,14751) /usr/sbin/dnsmasq -x /run/dnsmasq/dnsmasq.pid -u dnsmasq -I lo -7 /etc/dnsmasq.d,.dpkg-dist,.dpkg-old,.dpkg-new --local-service --trust-anchor=.,19036,8,2,49aac11d7b6f6446702e54a1607371607a1a41855200fd2ce1cdde32f24e8fb5 --trust-anchor=.,20326,8,2,e06d44b80b8f1d39a95c0b0d7c65d08458e880409bbc683457104237c7f8ec8d
(root,0,0,00:00:00,16002) [kworker/5:1]
(root,0,0,00:00:00,16186) [kworker/6:0]
(root,52028,2964,00:00:00,17686) /usr/sbin/CRON -f
(root,4500,740,00:00:00,17695) /bin/sh -c /bin/bash /usr/local/bin/checklist.sh 1800 >> /var/log/status.log
(root,16528,3016,00:00:00,17701) /bin/bash /usr/local/bin/checklist.sh 1800
(root,9124,648,00:00:00,17713) sleep 1550
(root,0,0,00:00:00,17842) [kworker/7:1]
(root,0,0,00:00:00,17947) [kworker/2:1]
(root,0,0,00:00:00,18154) [kworker/4:2]
(root,0,0,00:00:00,18477) [kworker/1:1]
(root,0,0,00:00:00,18790) [kworker/3:0]
(root,0,0,00:00:00,18905) [kworker/5:2]
(chilli,33528,10692,01:31:55,19060) /usr/sbin/chilli --fg
(root,0,0,00:00:00,20405) [kworker/6:1]
(root,0,0,00:00:00,20941) [kworker/2:2]
(root,0,0,00:00:00,20946) [kworker/u16:2]
(root,0,0,00:00:00,21158) [kworker/7:2]
(root,0,0,00:00:00,21377) [kworker/0:2]
(root,0,0,00:00:00,21481) [kworker/3:2]
(root,0,0,00:00:00,22016) [kworker/1:0]
(root,0,0,00:00:00,22347) [kworker/5:0]
(root,0,0,00:00:00,22881) [kworker/4:1]
(root,0,0,00:00:00,22888) [kworker/u16:3]
(root,0,0,00:00:00,23823) [kworker/7:0]
(root,0,0,00:00:00,24033) [kworker/6:2]
(root,0,0,00:00:00,24137) [systemctl] <defunct>
(root,0,0,00:00:00,24138) [lookup.check.sh] <defunct>
(root,92676,6608,00:00:00,24197) sshd: root [priv]
(root,0,0,00:00:00,24251) [kworker/0:1]
(sshd,65508,3156,00:00:00,24252) sshd: root [net]
(root,24928,3368,00:00:00,24311) /bin/bash /usr/bin/check_mk_agent
(root,34420,2916,00:00:00,24330) ps ax -o user,vsz,rss,cputime,pid,command --columns 10000
(root,13360,1088,00:00:00,24331) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4,\5) /

Found on 2024-11-02 01:12

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcb0928f4f5d588c3c6d1d4d0fd5fda439868cc2944

Found public CheckMk agent:
Version: 1.2.6p12
AgentOS: linux
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
OnlyFrom: 

Found process list through CheckMk:
(root,185120,5632,00:15:35,1) /sbin/init
(root,0,0,00:00:00,2) [kthreadd]
(root,0,0,00:00:03,3) [ksoftirqd/0]
(root,0,0,00:00:00,5) [kworker/0:0H]
(root,0,0,00:02:12,7) [rcu_sched]
(root,0,0,00:00:00,8) [rcu_bh]
(root,0,0,00:00:03,9) [migration/0]
(root,0,0,00:00:00,10) [watchdog/0]
(root,0,0,00:00:00,11) [watchdog/1]
(root,0,0,00:00:03,12) [migration/1]
(root,0,0,00:00:05,13) [ksoftirqd/1]
(root,0,0,00:00:00,15) [kworker/1:0H]
(root,0,0,00:00:00,16) [watchdog/2]
(root,0,0,00:00:02,17) [migration/2]
(root,0,0,00:00:04,18) [ksoftirqd/2]
(root,0,0,00:00:00,20) [kworker/2:0H]
(root,0,0,00:00:00,21) [watchdog/3]
(root,0,0,00:00:02,22) [migration/3]
(root,0,0,00:00:04,23) [ksoftirqd/3]
(root,0,0,00:00:00,25) [kworker/3:0H]
(root,0,0,00:00:00,26) [watchdog/4]
(root,0,0,00:00:02,27) [migration/4]
(root,0,0,00:00:03,28) [ksoftirqd/4]
(root,0,0,00:00:00,30) [kworker/4:0H]
(root,0,0,00:00:00,31) [watchdog/5]
(root,0,0,00:00:02,32) [migration/5]
(root,0,0,00:00:03,33) [ksoftirqd/5]
(root,0,0,00:00:00,35) [kworker/5:0H]
(root,0,0,00:00:00,36) [watchdog/6]
(root,0,0,00:00:03,37) [migration/6]
(root,0,0,00:00:04,38) [ksoftirqd/6]
(root,0,0,00:00:00,40) [kworker/6:0H]
(root,0,0,00:00:00,41) [watchdog/7]
(root,0,0,00:00:02,42) [migration/7]
(root,0,0,00:00:04,43) [ksoftirqd/7]
(root,0,0,00:00:00,45) [kworker/7:0H]
(root,0,0,00:00:00,46) [kdevtmpfs]
(root,0,0,00:00:00,47) [netns]
(root,0,0,00:00:00,48) [perf]
(root,0,0,00:00:00,49) [khungtaskd]
(root,0,0,00:00:00,50) [writeback]
(root,0,0,00:00:00,51) [ksmd]
(root,0,0,00:00:00,52) [khugepaged]
(root,0,0,00:00:00,53) [crypto]
(root,0,0,00:00:00,54) [kintegrityd]
(root,0,0,00:00:00,55) [bioset]
(root,0,0,00:00:00,56) [kblockd]
(root,0,0,00:00:00,57) [ata_sff]
(root,0,0,00:00:00,58) [md]
(root,0,0,00:00:00,59) [devfreq_wq]
(root,0,0,00:00:00,64) [kswapd0]
(root,0,0,00:00:00,65) [vmstat]
(root,0,0,00:00:00,66) [fsnotify_mark]
(root,0,0,00:00:00,67) [ecryptfs-kthrea]
(root,0,0,00:00:00,83) [kthrotld]
(root,0,0,00:00:00,90) [acpi_thermal_pm]
(root,0,0,00:00:00,91) [bioset]
(root,0,0,00:00:00,92) [bioset]
(root,0,0,00:00:00,93) [bioset]
(root,0,0,00:00:00,94) [bioset]
(root,0,0,00:00:00,95) [bioset]
(root,0,0,00:00:00,96) [bioset]
(root,0,0,00:00:00,97) [bioset]
(root,0,0,00:00:00,98) [bioset]
(root,0,0,00:00:00,103) [ipv6_addrconf]
(root,0,0,00:00:00,117) [deferwq]
(root,0,0,00:00:00,118) [charger_manager]
(root,0,0,00:00:00,158) [kpsmoused]
(root,0,0,00:00:00,167) [scsi_eh_0]
(root,0,0,00:00:00,171) [scsi_tmf_0]
(root,0,0,00:00:00,174) [scsi_eh_1]
(root,0,0,00:00:00,175) [scsi_tmf_1]
(root,0,0,00:00:00,199) [ttm_swap]
(root,0,0,00:00:00,204) [bioset]
(root,0,0,00:00:00,210) [scsi_eh_2]
(root,0,0,00:00:00,211) [scsi_tmf_2]
(root,0,0,00:00:15,212) [usb-storage]
(root,0,0,00:00:00,213) [uas]
(root,0,0,00:00:00,214) [scsi_eh_3]
(root,0,0,00:00:00,215) [scsi_tmf_3]
(root,0,0,00:00:14,216) [usb-storage]
(root,0,0,00:00:00,246) [scsi_eh_4]
(root,0,0,00:00:00,247) [scsi_tmf_4]
(root,0,0,00:00:11,248) [usb-storage]
(root,0,0,00:00:00,287) [bioset]
(root,0,0,00:00:00,301) [raid5wq]
(root,0,0,00:00:00,304) [bioset]
(root,0,0,00:00:00,333) [bioset]
(root,0,0,00:00:00,359) [bioset]
(root,0,0,00:00:00,366) [kworker/0:1H]
(root,0,0,00:00:00,369) [kworker/2:1H]
(root,0,0,00:00:05,371) [jbd2/sda1-8]
(root,0,0,00:00:00,372) [ext4-rsv-conver]
(root,0,0,00:00:01,420) [kworker/7:1H]
(root,0,0,00:00:00,427) [kworker/4:1H]
(root,0,0,00:00:00,442) [kauditd]
(root,0,0,00:00:00,445) [iscsi_eh]
(root,0,0,00:00:00,451) [kworker/6:1H]
(root,0,0,00:00:00,454) [kworker/3:1H]
(root,0,0,00:00:00,455) [kworker/5:1H]
(root,35372,5248,00:02:21,460) /lib/systemd/systemd-journald
(root,0,0,00:00:00,465) [ib_addr]
(root,0,0,00:00:00,468) [ib_mcast]
(root,0,0,00:00:00,469) [ib_nl_sa_wq]
(root,0,0,00:00:00,472) [ib_cm]
(root,0,0,00:00:00,474) [iw_cm_wq]
(root,0,0,00:00:00,475) [rdma_cm]
(root,94768,1564,00:00:00,502) /sbin/lvmetad -f
(root,44964,4428,00:00:00,515) /lib/systemd/systemd-udevd
(root,0,0,00:00:00,534) [kworker/1:1H]
(systemd+,100320,2572,00:00:00,562) /lib/systemd/systemd-timesyncd
(root,0,0,00:00:00,722) [kvm-irqfd-clean]
(root,4392,1268,00:00:00,1082) /usr/sbin/acpid
(syslog,256388,4204,00:00:34,1084) /usr/sbin/rsyslogd -n
(root,30816,2800,00:00:00,1092) /usr/sbin/cron -f
(root,280044,6340,00:00:25,1105) /usr/lib/accountsservice/accounts-daemon
(message+,42900,3888,00:00:45,1107) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation
(root,28624,3152,00:00:14,1126) /lib/systemd/systemd-logind
(daemon,26040,2148,00:00:00,1129) /usr/sbin/atd -f
(root,235772,2192,00:00:03,1139) /usr/bin/lxcfs /var/lib/lxcfs/
(root,13368,164,00:00:00,1164) /sbin/mdadm --monitor --pid-file /run/mdadm/monitor.pid --daemonise --scan --syslog
(root,58208,4180,00:00:00,1166) lldpd: monitor
(root,5216,152,00:00:04,1218) /sbin/iscsid
(root,5716,3508,00:00:21,1219) /sbin/iscsid
(root,19568,2100,00:00:29,1367) /usr/sbin/irqbalance --pid=/var/run/irqbalance.pid
(root,14232,2164,00:00:18,1406) /usr/sbin/lldpad -d
(root,277084,6124,00:00:00,1425) /usr/lib/policykit-1/polkitd --no-debug
(root,65508,6420,00:00:22,1451) /usr/sbin/sshd -D
(root,15052,2164,00:00:01,1473) /usr/sbin/xinetd -pidfile /run/xinetd.pid -stayalive -inetd_compat -inetd_ipv6
(_lldpd,58208,2736,00:00:04,1489) lldpd: 2 neighbors
(root,154496,38700,00:00:12,1589) /usr/bin/ruby /usr/bin/puppet agent
(root,17772,1788,00:00:19,1647) /sbin/agetty --noclear tty1 linux
(root,108184,2736,00:00:00,1854) /usr/bin/monit -c /etc/monit/monitrc
(root,0,0,00:00:00,6458) [kworker/6:0]
(root,0,0,00:00:00,6907) [kworker/5:0]
(root,0,0,00:00:00,7586) [kworker/1:2]
(root,0,0,00:00:00,7709) [kworker/4:2]
(root,0,0,00:00:00,8152) [kworker/0:1]
(root,0,0,00:00:00,9074) [kworker/3:1]
(root,52028,2964,00:00:00,9288) /usr/sbin/CRON -f
(root,4500,704,00:00:00,9296) /bin/sh -c /bin/bash /usr/local/bin/checklist.sh 1800 >> /var/log/status.log
(root,16528,3076,00:00:00,9304) /bin/bash /usr/local/bin/checklist.sh 1800
(root,9124,660,00:00:00,9325) sleep 1412
(root,0,0,00:00:00,9346) [kworker/7:1]
(root,0,0,00:00:00,9470) [kworker/6:2]
(root,0,0,00:00:00,9585) [kworker/2:0]
(root,0,0,00:00:00,10146) [kworker/5:2]
(root,0,0,00:00:00,10942) [kworker/1:0]
(root,37824,6124,00:00:06,11102) /usr/sbin/openvpn --daemon ovpn-99 --status /run/openvpn/99.status 10 --cd /etc/openvpn --script-security 2 --config /etc/openvpn/99.conf --writepid /run/openvpn/99.pid
(root,0,0,00:00:00,11409) [kworker/0:2]
(root,0,0,00:00:00,12613) [kworker/2:1]
(root,0,0,00:00:00,12847) [kworker/4:0]
(root,0,0,00:00:00,12972) [kworker/7:2]
(root,0,0,00:00:00,13084) [kworker/3:2]
(root,0,0,00:00:00,13425) [kworker/u16:2]
(root,0,0,00:00:00,14203) [kworker/6:1]
(root,0,0,00:00:00,14464) [kworker/5:1]
(dnsmasq,56864,2752,00:00:53,14751) /usr/sbin/dnsmasq -x /run/dnsmasq/dnsmasq.pid -u dnsmasq -I lo -7 /etc/dnsmasq.d,.dpkg-dist,.dpkg-old,.dpkg-new --local-service --trust-anchor=.,19036,8,2,49aac11d7b6f6446702e54a1607371607a1a41855200fd2ce1cdde32f24e8fb5 --trust-anchor=.,20326,8,2,e06d44b80b8f1d39a95c0b0d7c65d08458e880409bbc683457104237c7f8ec8d
(root,0,0,00:00:00,14801) [kworker/1:1]
(root,0,0,00:00:00,15129) [kworker/u16:3]
(root,0,0,00:00:00,15378) [kworker/0:0]
(root,0,0,00:00:00,15602) [kworker/2:2]
(root,0,0,00:00:00,16044) [kworker/3:0]
(root,0,0,00:00:00,16612) [systemctl] <defunct>
(root,0,0,00:00:00,16613) [lookup.check.sh] <defunct>
(root,92676,6564,00:00:00,16624) sshd: root [priv]
(sshd,65508,3160,00:00:00,16625) sshd: root [net]
(root,24928,3184,00:00:00,16694) /bin/bash /usr/bin/check_mk_agent
(root,34420,2876,00:00:00,16713) ps ax -o user,vsz,rss,cputime,pid,command --columns 10000
(root,13360,1080,00:00:00,16714) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4,\5) /
(root,0,0,00:00:00,18921) [kworker/u16:0]
(chilli,33528,10692,01:05:38,19060) /usr/sbin/chilli --fg
(root,0,0,00:00:00,20590) [kworker/u16:4]
(root,0,0,00:00:00,20783) [kworker/u16:1]

Found on 2024-11-01 00:13

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcb0928f4f5d588c3c6d1d4d0fd5fda43987689b148

Found public CheckMk agent:
Version: 1.2.6p12
AgentOS: linux
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
OnlyFrom: 

Found process list through CheckMk:
(root,185120,5628,00:06:54,1) /sbin/init
(root,0,0,00:00:00,2) [kthreadd]
(root,0,0,00:00:01,3) [ksoftirqd/0]
(root,0,0,00:00:00,5) [kworker/0:0H]
(root,0,0,00:00:30,7) [rcu_sched]
(root,0,0,00:00:00,8) [rcu_bh]
(root,0,0,00:00:01,9) [migration/0]
(root,0,0,00:00:00,10) [watchdog/0]
(root,0,0,00:00:00,11) [watchdog/1]
(root,0,0,00:00:01,12) [migration/1]
(root,0,0,00:00:01,13) [ksoftirqd/1]
(root,0,0,00:00:00,15) [kworker/1:0H]
(root,0,0,00:00:00,16) [watchdog/2]
(root,0,0,00:00:01,17) [migration/2]
(root,0,0,00:00:02,18) [ksoftirqd/2]
(root,0,0,00:00:00,20) [kworker/2:0H]
(root,0,0,00:00:00,21) [watchdog/3]
(root,0,0,00:00:01,22) [migration/3]
(root,0,0,00:00:01,23) [ksoftirqd/3]
(root,0,0,00:00:00,25) [kworker/3:0H]
(root,0,0,00:00:00,26) [watchdog/4]
(root,0,0,00:00:01,27) [migration/4]
(root,0,0,00:00:00,28) [ksoftirqd/4]
(root,0,0,00:00:00,30) [kworker/4:0H]
(root,0,0,00:00:00,31) [watchdog/5]
(root,0,0,00:00:01,32) [migration/5]
(root,0,0,00:00:00,33) [ksoftirqd/5]
(root,0,0,00:00:00,35) [kworker/5:0H]
(root,0,0,00:00:00,36) [watchdog/6]
(root,0,0,00:00:01,37) [migration/6]
(root,0,0,00:00:01,38) [ksoftirqd/6]
(root,0,0,00:00:00,40) [kworker/6:0H]
(root,0,0,00:00:00,41) [watchdog/7]
(root,0,0,00:00:01,42) [migration/7]
(root,0,0,00:00:01,43) [ksoftirqd/7]
(root,0,0,00:00:00,45) [kworker/7:0H]
(root,0,0,00:00:00,46) [kdevtmpfs]
(root,0,0,00:00:00,47) [netns]
(root,0,0,00:00:00,48) [perf]
(root,0,0,00:00:00,49) [khungtaskd]
(root,0,0,00:00:00,50) [writeback]
(root,0,0,00:00:00,51) [ksmd]
(root,0,0,00:00:00,52) [khugepaged]
(root,0,0,00:00:00,53) [crypto]
(root,0,0,00:00:00,54) [kintegrityd]
(root,0,0,00:00:00,55) [bioset]
(root,0,0,00:00:00,56) [kblockd]
(root,0,0,00:00:00,57) [ata_sff]
(root,0,0,00:00:00,58) [md]
(root,0,0,00:00:00,59) [devfreq_wq]
(root,0,0,00:00:00,64) [kswapd0]
(root,0,0,00:00:00,65) [vmstat]
(root,0,0,00:00:00,66) [fsnotify_mark]
(root,0,0,00:00:00,67) [ecryptfs-kthrea]
(root,0,0,00:00:00,83) [kthrotld]
(root,0,0,00:00:00,90) [acpi_thermal_pm]
(root,0,0,00:00:00,91) [bioset]
(root,0,0,00:00:00,92) [bioset]
(root,0,0,00:00:00,93) [bioset]
(root,0,0,00:00:00,94) [bioset]
(root,0,0,00:00:00,95) [bioset]
(root,0,0,00:00:00,96) [bioset]
(root,0,0,00:00:00,97) [bioset]
(root,0,0,00:00:00,98) [bioset]
(root,0,0,00:00:00,103) [ipv6_addrconf]
(root,0,0,00:00:00,117) [deferwq]
(root,0,0,00:00:00,118) [charger_manager]
(root,0,0,00:00:00,158) [kpsmoused]
(root,0,0,00:00:00,167) [scsi_eh_0]
(root,0,0,00:00:00,171) [scsi_tmf_0]
(root,0,0,00:00:00,174) [scsi_eh_1]
(root,0,0,00:00:00,175) [scsi_tmf_1]
(root,0,0,00:00:00,199) [ttm_swap]
(root,0,0,00:00:00,204) [bioset]
(root,0,0,00:00:00,210) [scsi_eh_2]
(root,0,0,00:00:00,211) [scsi_tmf_2]
(root,0,0,00:00:06,212) [usb-storage]
(root,0,0,00:00:00,213) [uas]
(root,0,0,00:00:00,214) [scsi_eh_3]
(root,0,0,00:00:00,215) [scsi_tmf_3]
(root,0,0,00:00:06,216) [usb-storage]
(root,0,0,00:00:00,246) [scsi_eh_4]
(root,0,0,00:00:00,247) [scsi_tmf_4]
(root,0,0,00:00:05,248) [usb-storage]
(root,0,0,00:00:00,287) [bioset]
(root,0,0,00:00:00,301) [raid5wq]
(root,0,0,00:00:00,304) [bioset]
(root,0,0,00:00:00,333) [bioset]
(root,0,0,00:00:00,359) [bioset]
(root,0,0,00:00:00,366) [kworker/0:1H]
(root,0,0,00:00:00,369) [kworker/2:1H]
(root,0,0,00:00:02,371) [jbd2/sda1-8]
(root,0,0,00:00:00,372) [ext4-rsv-conver]
(root,0,0,00:00:00,420) [kworker/7:1H]
(root,0,0,00:00:00,427) [kworker/4:1H]
(root,0,0,00:00:00,442) [kauditd]
(root,0,0,00:00:00,445) [iscsi_eh]
(root,0,0,00:00:00,451) [kworker/6:1H]
(root,0,0,00:00:00,454) [kworker/3:1H]
(root,0,0,00:00:00,455) [kworker/5:1H]
(root,35372,8824,00:00:36,460) /lib/systemd/systemd-journald
(root,0,0,00:00:00,465) [ib_addr]
(root,0,0,00:00:00,468) [ib_mcast]
(root,0,0,00:00:00,469) [ib_nl_sa_wq]
(root,0,0,00:00:00,472) [ib_cm]
(root,0,0,00:00:00,474) [iw_cm_wq]
(root,0,0,00:00:00,475) [rdma_cm]
(root,94768,1564,00:00:00,502) /sbin/lvmetad -f
(root,44964,4428,00:00:00,515) /lib/systemd/systemd-udevd
(root,0,0,00:00:00,534) [kworker/1:1H]
(systemd+,100320,2572,00:00:00,562) /lib/systemd/systemd-timesyncd
(root,0,0,00:00:00,722) [kvm-irqfd-clean]
(root,4392,1268,00:00:00,1082) /usr/sbin/acpid
(syslog,256388,3876,00:00:08,1084) /usr/sbin/rsyslogd -n
(root,30816,2800,00:00:00,1092) /usr/sbin/cron -f
(root,280044,6340,00:00:07,1105) /usr/lib/accountsservice/accounts-daemon
(message+,42900,3796,00:00:20,1107) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation
(root,28624,3152,00:00:06,1126) /lib/systemd/systemd-logind
(daemon,26040,2148,00:00:00,1129) /usr/sbin/atd -f
(root,235772,2192,00:00:01,1139) /usr/bin/lxcfs /var/lib/lxcfs/
(root,37824,5844,00:00:11,1144) /usr/sbin/openvpn --daemon ovpn-99 --status /run/openvpn/99.status 10 --cd /etc/openvpn --script-security 2 --config /etc/openvpn/99.conf --writepid /run/openvpn/99.pid
(root,13368,164,00:00:00,1164) /sbin/mdadm --monitor --pid-file /run/mdadm/monitor.pid --daemonise --scan --syslog
(root,58208,4180,00:00:00,1166) lldpd: monitor
(root,5216,152,00:00:02,1218) /sbin/iscsid
(root,5716,3508,00:00:09,1219) /sbin/iscsid
(root,19568,2100,00:00:12,1367) /usr/sbin/irqbalance --pid=/var/run/irqbalance.pid
(root,14232,2164,00:00:07,1406) /usr/sbin/lldpad -d
(root,277084,6124,00:00:00,1425) /usr/lib/policykit-1/polkitd --no-debug
(root,65508,6420,00:00:05,1451) /usr/sbin/sshd -D
(root,15052,2164,00:00:00,1473) /usr/sbin/xinetd -pidfile /run/xinetd.pid -stayalive -inetd_compat -inetd_ipv6
(_lldpd,58208,2736,00:00:02,1489) lldpd: 2 neighbors
(root,154496,38700,00:00:05,1589) /usr/bin/ruby /usr/bin/puppet agent
(root,17772,1788,00:00:19,1647) /sbin/agetty --noclear tty1 linux
(dnsmasq,56864,2756,00:00:07,1758) /usr/sbin/dnsmasq -x /run/dnsmasq/dnsmasq.pid -u dnsmasq -I lo -7 /etc/dnsmasq.d,.dpkg-dist,.dpkg-old,.dpkg-new --local-service --trust-anchor=.,19036,8,2,49aac11d7b6f6446702e54a1607371607a1a41855200fd2ce1cdde32f24e8fb5 --trust-anchor=.,20326,8,2,e06d44b80b8f1d39a95c0b0d7c65d08458e880409bbc683457104237c7f8ec8d
(root,108184,2676,00:00:06,6349) /usr/bin/monit -c /etc/monit/monitrc
(root,0,0,00:00:00,8633) [kworker/0:1]
(root,0,0,00:00:00,9494) [kworker/7:2]
(root,0,0,00:00:00,9908) [kworker/1:1]
(root,0,0,00:00:00,10023) [kworker/4:0]
(root,0,0,00:00:00,12462) [kworker/7:1]
(root,0,0,00:00:00,12683) [kworker/1:2]
(root,0,0,00:00:00,13095) [kworker/5:0]
(root,0,0,00:00:00,13404) [kworker/4:1]
(root,0,0,00:00:00,13520) [kworker/2:2]
(root,0,0,00:00:00,13744) [kworker/6:0]
(root,0,0,00:00:00,14054) [kworker/0:0]
(root,0,0,00:00:00,14056) [kworker/3:0]
(root,0,0,00:00:00,14236) [kworker/u16:2]
(root,0,0,00:00:00,16018) [kworker/2:1]
(root,0,0,00:00:00,16541) [kworker/6:2]
(root,0,0,00:00:00,16841) [kworker/5:2]
(root,0,0,00:00:00,16945) [kworker/3:2]
(root,0,0,00:00:00,17376) [kworker/1:0]
(root,0,0,00:00:00,17493) [kworker/u16:3]
(root,0,0,00:00:00,17700) [kworker/7:0]
(root,0,0,00:00:00,18356) [kworker/4:2]
(root,52028,2964,00:00:00,18407) /usr/sbin/CRON -f
(root,4500,784,00:00:00,18412) /bin/sh -c /bin/bash /usr/local/bin/checklist.sh 1800 >> /var/log/status.log
(root,16528,3052,00:00:00,18415) /bin/bash /usr/local/bin/checklist.sh 1800
(root,9124,664,00:00:00,18417) sleep 852
(root,0,0,00:00:00,18817) [kworker/0:2]
(chilli,32448,9684,00:06:09,19060) /usr/sbin/chilli --fg
(root,0,0,00:00:00,19232) [kworker/6:1]
(root,0,0,00:00:00,19677) [kworker/5:1]
(root,65508,6108,00:00:00,19678) sshd: [accepted]
(root,0,0,00:00:00,19679) [systemctl] <defunct>
(root,0,0,00:00:00,19680) [lookup.check.sh] <defunct>
(sshd,65508,724,00:00:00,19689) sshd: [net]
(root,24928,3272,00:00:00,19738) /bin/bash /usr/bin/check_mk_agent
(root,34420,2924,00:00:00,19757) ps ax -o user,vsz,rss,cputime,pid,command --columns 10000
(root,13360,1032,00:00:00,19758) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4,\5) /
(root,0,0,00:00:00,22009) [kworker/u16:0]
(root,0,0,00:00:00,26548) [kworker/u16:1]

Found on 2024-10-29 23:17

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcb0928f4f5d588c3c6d1d4d0fd5fda4398318f9c05

Found public CheckMk agent:
Version: 1.2.6p12
AgentOS: linux
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
OnlyFrom: 

Found process list through CheckMk:
(root,185208,5948,01:45:13,1) /sbin/init
(root,0,0,00:00:02,2) [kthreadd]
(root,0,0,00:00:18,3) [ksoftirqd/0]
(root,0,0,00:00:00,5) [kworker/0:0H]
(root,0,0,00:06:32,7) [rcu_sched]
(root,0,0,00:00:00,8) [rcu_bh]
(root,0,0,00:00:20,9) [migration/0]
(root,0,0,00:00:04,10) [watchdog/0]
(root,0,0,00:00:04,11) [watchdog/1]
(root,0,0,00:00:20,12) [migration/1]
(root,0,0,00:00:26,13) [ksoftirqd/1]
(root,0,0,00:00:00,15) [kworker/1:0H]
(root,0,0,00:00:04,16) [watchdog/2]
(root,0,0,00:00:19,17) [migration/2]
(root,0,0,00:00:17,18) [ksoftirqd/2]
(root,0,0,00:00:00,20) [kworker/2:0H]
(root,0,0,00:00:03,21) [watchdog/3]
(root,0,0,00:00:19,22) [migration/3]
(root,0,0,00:00:17,23) [ksoftirqd/3]
(root,0,0,00:00:00,25) [kworker/3:0H]
(root,0,0,00:00:04,26) [watchdog/4]
(root,0,0,00:00:20,27) [migration/4]
(root,0,0,00:00:28,28) [ksoftirqd/4]
(root,0,0,00:00:00,30) [kworker/4:0H]
(root,0,0,00:00:03,31) [watchdog/5]
(root,0,0,00:00:20,32) [migration/5]
(root,0,0,00:00:19,33) [ksoftirqd/5]
(root,0,0,00:00:00,35) [kworker/5:0H]
(root,0,0,00:00:04,36) [watchdog/6]
(root,0,0,00:00:19,37) [migration/6]
(root,0,0,00:00:25,38) [ksoftirqd/6]
(root,0,0,00:00:00,40) [kworker/6:0H]
(root,0,0,00:00:03,41) [watchdog/7]
(root,0,0,00:00:19,42) [migration/7]
(root,0,0,00:00:20,43) [ksoftirqd/7]
(root,0,0,00:00:00,45) [kworker/7:0H]
(root,0,0,00:00:00,46) [kdevtmpfs]
(root,0,0,00:00:00,47) [netns]
(root,0,0,00:00:00,48) [perf]
(root,0,0,00:00:01,49) [khungtaskd]
(root,0,0,00:00:00,50) [writeback]
(root,0,0,00:00:00,51) [ksmd]
(root,0,0,00:00:00,52) [khugepaged]
(root,0,0,00:00:00,53) [crypto]
(root,0,0,00:00:00,54) [kintegrityd]
(root,0,0,00:00:00,55) [bioset]
(root,0,0,00:00:00,56) [kblockd]
(root,0,0,00:00:00,57) [ata_sff]
(root,0,0,00:00:00,58) [md]
(root,0,0,00:00:00,59) [devfreq_wq]
(root,0,0,00:00:00,64) [kswapd0]
(root,0,0,00:00:00,65) [vmstat]
(root,0,0,00:00:00,66) [fsnotify_mark]
(root,0,0,00:00:00,67) [ecryptfs-kthrea]
(root,0,0,00:00:00,83) [kthrotld]
(root,0,0,00:00:00,90) [acpi_thermal_pm]
(root,0,0,00:00:00,91) [bioset]
(root,0,0,00:00:00,92) [bioset]
(root,0,0,00:00:00,93) [bioset]
(root,0,0,00:00:00,94) [bioset]
(root,0,0,00:00:00,95) [bioset]
(root,0,0,00:00:00,96) [bioset]
(root,0,0,00:00:00,97) [bioset]
(root,0,0,00:00:00,98) [bioset]
(root,0,0,00:00:00,103) [ipv6_addrconf]
(root,0,0,00:00:00,117) [deferwq]
(root,0,0,00:00:00,118) [charger_manager]
(root,0,0,00:00:00,164) [kpsmoused]
(root,0,0,00:00:00,165) [scsi_eh_0]
(root,0,0,00:00:00,166) [scsi_tmf_0]
(root,0,0,00:00:00,167) [scsi_eh_1]
(root,0,0,00:00:00,168) [scsi_tmf_1]
(root,0,0,00:00:00,210) [bioset]
(root,0,0,00:00:00,214) [ttm_swap]
(root,0,0,00:00:00,218) [scsi_eh_2]
(root,0,0,00:00:00,219) [scsi_tmf_2]
(root,0,0,00:01:35,220) [usb-storage]
(root,0,0,00:00:00,221) [uas]
(root,0,0,00:00:00,222) [scsi_eh_3]
(root,0,0,00:00:00,223) [scsi_tmf_3]
(root,0,0,00:01:37,224) [usb-storage]
(root,0,0,00:00:00,225) [scsi_eh_4]
(root,0,0,00:00:00,226) [scsi_tmf_4]
(root,0,0,00:01:19,227) [usb-storage]
(root,0,0,00:00:00,294) [bioset]
(root,0,0,00:00:00,301) [bioset]
(root,0,0,00:00:00,317) [raid5wq]
(root,0,0,00:00:00,342) [bioset]
(root,0,0,00:00:00,349) [bioset]
(root,0,0,00:00:01,378) [kworker/0:1H]
(root,0,0,00:00:08,379) [kworker/7:1H]
(root,0,0,00:00:01,380) [kworker/2:1H]
(root,0,0,00:00:01,381) [kworker/4:1H]
(root,0,0,00:00:01,382) [kworker/1:1H]
(root,0,0,00:00:33,384) [jbd2/sda1-8]
(root,0,0,00:00:00,385) [ext4-rsv-conver]
(root,0,0,00:00:00,465) [kauditd]
(root,35372,4632,00:09:06,466) /lib/systemd/systemd-journald
(root,0,0,00:00:00,469) [iscsi_eh]
(root,0,0,00:00:00,473) [ib_addr]
(root,0,0,00:00:00,478) [ib_mcast]
(root,0,0,00:00:00,479) [ib_nl_sa_wq]
(root,0,0,00:00:00,480) [ib_cm]
(root,0,0,00:00:00,481) [iw_cm_wq]
(root,0,0,00:00:00,482) [rdma_cm]
(root,94768,1488,00:00:00,484) /sbin/lvmetad -f
(root,44964,4468,00:00:02,531) /lib/systemd/systemd-udevd
(systemd+,100320,2588,00:00:01,557) /lib/systemd/systemd-timesyncd
(root,0,0,00:00:02,694) [kworker/5:1H]
(root,0,0,00:00:01,695) [kworker/6:1H]
(root,0,0,00:00:01,712) [kworker/3:1H]
(root,0,0,00:00:00,750) [kvm-irqfd-clean]
(root,4392,1284,00:00:00,1088) /usr/sbin/acpid
(root,30816,2892,00:00:05,1096) /usr/sbin/cron -f
(root,58208,4184,00:00:03,1100) lldpd: monitor
(syslog,256388,4360,00:02:23,1107) /usr/sbin/rsyslogd -n
(message+,42900,4064,00:04:56,1109) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation
(_lldpd,58208,2788,00:00:32,1120) lldpd: 2 neighbors
(daemon,26040,2116,00:00:00,1121) /usr/sbin/atd -f
(root,280044,6248,00:01:59,1131) /usr/lib/accountsservice/accounts-daemon
(root,28624,3156,00:01:40,1142) /lib/systemd/systemd-logind
(root,309640,2380,00:00:29,1146) /usr/bin/lxcfs /var/lib/lxcfs/
(root,5216,152,00:00:29,1170) /sbin/iscsid
(root,5716,3508,00:02:12,1171) /sbin/iscsid
(root,13368,160,00:00:00,1180) /sbin/mdadm --monitor --pid-file /run/mdadm/monitor.pid --daemonise --scan --syslog
(root,0,0,00:00:00,1249) [kworker/u16:0]
(root,14232,2252,00:01:53,1321) /usr/sbin/lldpad -d
(root,19568,2036,00:03:02,1328) /usr/sbin/irqbalance --pid=/var/run/irqbalance.pid
(root,65508,6352,00:01:34,1334) /usr/sbin/sshd -D
(root,277084,6136,00:00:00,1384) /usr/lib/policykit-1/polkitd --no-debug
(root,15052,2132,00:00:08,1454) /usr/sbin/xinetd -pidfile /run/xinetd.pid -stayalive -inetd_compat -inetd_ipv6
(dnsmasq,56864,2784,00:00:01,1501) /usr/sbin/dnsmasq -x /run/dnsmasq/dnsmasq.pid -u dnsmasq -I lo -7 /etc/dnsmasq.d,.dpkg-dist,.dpkg-old,.dpkg-new --local-service --trust-anchor=.,19036,8,2,49aac11d7b6f6446702e54a1607371607a1a41855200fd2ce1cdde32f24e8fb5 --trust-anchor=.,20326,8,2,e06d44b80b8f1d39a95c0b0d7c65d08458e880409bbc683457104237c7f8ec8d
(root,155132,39564,00:01:18,1589) /usr/bin/ruby /usr/bin/puppet agent
(root,17772,1800,00:07:04,1634) /sbin/agetty --noclear tty1 linux
(root,0,0,00:00:00,3051) [kworker/u16:2]
(root,0,0,00:00:00,6042) [kworker/7:2]
(root,108184,2776,00:00:02,6085) /usr/bin/monit -c /etc/monit/monitrc
(root,37824,6020,00:02:26,6554) /usr/sbin/openvpn --daemon ovpn-99 --status /run/openvpn/99.status 10 --cd /etc/openvpn --script-security 2 --config /etc/openvpn/99.conf --writepid /run/openvpn/99.pid
(root,0,0,00:00:00,7336) [kworker/2:1]
(root,0,0,00:00:00,9986) [kworker/0:2]
(chilli,33612,10680,00:39:40,10691) /usr/sbin/chilli --fg
(root,0,0,00:00:00,10807) [kworker/5:2]
(root,0,0,00:00:00,11326) [kworker/3:0]
(root,0,0,00:00:00,12181) [kworker/6:1]
(root,0,0,00:00:00,12607) [kworker/7:0]
(root,52028,2952,00:00:00,12972) /usr/sbin/CRON -f
(root,4500,752,00:00:00,12975) /bin/sh -c /bin/bash /usr/local/bin/checklist.sh 1800 >> /var/log/status.log
(root,16528,3060,00:00:00,12976) /bin/bash /usr/local/bin/checklist.sh 1800
(root,9124,672,00:00:00,12985) sleep 1603
(root,0,0,00:00:00,13040) [kworker/4:0]
(root,0,0,00:00:00,13843) [kworker/1:0]
(root,0,0,00:00:00,14778) [kworker/6:0]
(root,0,0,00:00:00,14887) [kworker/5:1]
(root,0,0,00:00:00,15709) [kworker/4:2]
(root,0,0,00:00:00,15911) [kworker/2:2]
(root,0,0,00:00:00,15912) [kworker/0:0]
(root,0,0,00:00:00,16224) [kworker/3:2]
(root,0,0,00:00:00,16738) [kworker/1:1]
(root,0,0,00:00:00,17078) [kworker/u16:1]
(root,0,0,00:00:00,17662) [kworker/5:0]
(root,0,0,00:00:00,18382) [kworker/7:1]
(root,0,0,00:00:00,18489) [kworker/4:1]
(root,0,0,00:00:00,18809) [kworker/6:2]
(root,0,0,00:00:00,19424) [kworker/1:2]
(root,0,0,00:00:00,19535) [kworker/3:1]
(root,0,0,00:00:00,19693) [kworker/u16:3]
(root,0,0,00:00:00,19848) [systemctl] <defunct>
(root,0,0,00:00:00,19849) [lookup.check.sh] <defunct>
(root,24928,3348,00:00:00,19997) /bin/bash /usr/bin/check_mk_agent
(root,34420,2920,00:00:00,20016) ps ax -o user,vsz,rss,cputime,pid,command --columns 10000
(root,13360,1152,00:00:00,20017) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4,\5) /

Found on 2024-10-21 23:59

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcb0928f4f5d588c3c6d1d4d0fd5fda43984f898942

Found public CheckMk agent:
Version: 1.2.6p12
AgentOS: linux
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
OnlyFrom: 

Found process list through CheckMk:
(root,185208,5928,01:37:19,1) /sbin/init
(root,0,0,00:00:02,2) [kthreadd]
(root,0,0,00:00:16,3) [ksoftirqd/0]
(root,0,0,00:00:00,5) [kworker/0:0H]
(root,0,0,00:06:07,7) [rcu_sched]
(root,0,0,00:00:00,8) [rcu_bh]
(root,0,0,00:00:19,9) [migration/0]
(root,0,0,00:00:04,10) [watchdog/0]
(root,0,0,00:00:03,11) [watchdog/1]
(root,0,0,00:00:18,12) [migration/1]
(root,0,0,00:00:25,13) [ksoftirqd/1]
(root,0,0,00:00:00,15) [kworker/1:0H]
(root,0,0,00:00:04,16) [watchdog/2]
(root,0,0,00:00:18,17) [migration/2]
(root,0,0,00:00:16,18) [ksoftirqd/2]
(root,0,0,00:00:00,20) [kworker/2:0H]
(root,0,0,00:00:03,21) [watchdog/3]
(root,0,0,00:00:18,22) [migration/3]
(root,0,0,00:00:16,23) [ksoftirqd/3]
(root,0,0,00:00:00,25) [kworker/3:0H]
(root,0,0,00:00:04,26) [watchdog/4]
(root,0,0,00:00:19,27) [migration/4]
(root,0,0,00:00:25,28) [ksoftirqd/4]
(root,0,0,00:00:00,30) [kworker/4:0H]
(root,0,0,00:00:03,31) [watchdog/5]
(root,0,0,00:00:19,32) [migration/5]
(root,0,0,00:00:18,33) [ksoftirqd/5]
(root,0,0,00:00:00,35) [kworker/5:0H]
(root,0,0,00:00:04,36) [watchdog/6]
(root,0,0,00:00:17,37) [migration/6]
(root,0,0,00:00:23,38) [ksoftirqd/6]
(root,0,0,00:00:00,40) [kworker/6:0H]
(root,0,0,00:00:03,41) [watchdog/7]
(root,0,0,00:00:17,42) [migration/7]
(root,0,0,00:00:19,43) [ksoftirqd/7]
(root,0,0,00:00:00,45) [kworker/7:0H]
(root,0,0,00:00:00,46) [kdevtmpfs]
(root,0,0,00:00:00,47) [netns]
(root,0,0,00:00:00,48) [perf]
(root,0,0,00:00:01,49) [khungtaskd]
(root,0,0,00:00:00,50) [writeback]
(root,0,0,00:00:00,51) [ksmd]
(root,0,0,00:00:00,52) [khugepaged]
(root,0,0,00:00:00,53) [crypto]
(root,0,0,00:00:00,54) [kintegrityd]
(root,0,0,00:00:00,55) [bioset]
(root,0,0,00:00:00,56) [kblockd]
(root,0,0,00:00:00,57) [ata_sff]
(root,0,0,00:00:00,58) [md]
(root,0,0,00:00:00,59) [devfreq_wq]
(root,0,0,00:00:00,64) [kswapd0]
(root,0,0,00:00:00,65) [vmstat]
(root,0,0,00:00:00,66) [fsnotify_mark]
(root,0,0,00:00:00,67) [ecryptfs-kthrea]
(root,0,0,00:00:00,83) [kthrotld]
(root,0,0,00:00:00,90) [acpi_thermal_pm]
(root,0,0,00:00:00,91) [bioset]
(root,0,0,00:00:00,92) [bioset]
(root,0,0,00:00:00,93) [bioset]
(root,0,0,00:00:00,94) [bioset]
(root,0,0,00:00:00,95) [bioset]
(root,0,0,00:00:00,96) [bioset]
(root,0,0,00:00:00,97) [bioset]
(root,0,0,00:00:00,98) [bioset]
(root,0,0,00:00:00,103) [ipv6_addrconf]
(root,0,0,00:00:00,117) [deferwq]
(root,0,0,00:00:00,118) [charger_manager]
(root,0,0,00:00:00,164) [kpsmoused]
(root,0,0,00:00:00,165) [scsi_eh_0]
(root,0,0,00:00:00,166) [scsi_tmf_0]
(root,0,0,00:00:00,167) [scsi_eh_1]
(root,0,0,00:00:00,168) [scsi_tmf_1]
(root,0,0,00:00:00,210) [bioset]
(root,0,0,00:00:00,214) [ttm_swap]
(root,0,0,00:00:00,218) [scsi_eh_2]
(root,0,0,00:00:00,219) [scsi_tmf_2]
(root,0,0,00:01:28,220) [usb-storage]
(root,0,0,00:00:00,221) [uas]
(root,0,0,00:00:00,222) [scsi_eh_3]
(root,0,0,00:00:00,223) [scsi_tmf_3]
(root,0,0,00:01:30,224) [usb-storage]
(root,0,0,00:00:00,225) [scsi_eh_4]
(root,0,0,00:00:00,226) [scsi_tmf_4]
(root,0,0,00:01:13,227) [usb-storage]
(root,0,0,00:00:00,294) [bioset]
(root,0,0,00:00:00,301) [bioset]
(root,0,0,00:00:00,317) [raid5wq]
(root,0,0,00:00:00,342) [bioset]
(root,0,0,00:00:00,349) [bioset]
(root,0,0,00:00:01,378) [kworker/0:1H]
(root,0,0,00:00:07,379) [kworker/7:1H]
(root,0,0,00:00:01,380) [kworker/2:1H]
(root,0,0,00:00:01,381) [kworker/4:1H]
(root,0,0,00:00:01,382) [kworker/1:1H]
(root,0,0,00:00:31,384) [jbd2/sda1-8]
(root,0,0,00:00:00,385) [ext4-rsv-conver]
(root,0,0,00:00:00,465) [kauditd]
(root,35372,4352,00:08:39,466) /lib/systemd/systemd-journald
(root,0,0,00:00:00,469) [iscsi_eh]
(root,0,0,00:00:00,473) [ib_addr]
(root,0,0,00:00:00,478) [ib_mcast]
(root,0,0,00:00:00,479) [ib_nl_sa_wq]
(root,0,0,00:00:00,480) [ib_cm]
(root,0,0,00:00:00,481) [iw_cm_wq]
(root,0,0,00:00:00,482) [rdma_cm]
(root,94768,1488,00:00:00,484) /sbin/lvmetad -f
(root,44964,4468,00:00:02,531) /lib/systemd/systemd-udevd
(systemd+,100320,2588,00:00:01,557) /lib/systemd/systemd-timesyncd
(root,0,0,00:00:02,694) [kworker/5:1H]
(root,0,0,00:00:01,695) [kworker/6:1H]
(root,0,0,00:00:00,712) [kworker/3:1H]
(root,0,0,00:00:00,750) [kvm-irqfd-clean]
(root,4392,1284,00:00:00,1088) /usr/sbin/acpid
(root,30816,2892,00:00:05,1096) /usr/sbin/cron -f
(root,58208,4184,00:00:03,1100) lldpd: monitor
(syslog,256388,4360,00:02:16,1107) /usr/sbin/rsyslogd -n
(message+,42900,4064,00:04:34,1109) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation
(_lldpd,58208,2788,00:00:29,1120) lldpd: 2 neighbors
(daemon,26040,2116,00:00:00,1121) /usr/sbin/atd -f
(root,280044,6248,00:01:53,1131) /usr/lib/accountsservice/accounts-daemon
(root,28624,3156,00:01:32,1142) /lib/systemd/systemd-logind
(root,309640,2380,00:00:27,1146) /usr/bin/lxcfs /var/lib/lxcfs/
(root,5216,152,00:00:27,1170) /sbin/iscsid
(root,5716,3508,00:02:03,1171) /sbin/iscsid
(root,13368,160,00:00:00,1180) /sbin/mdadm --monitor --pid-file /run/mdadm/monitor.pid --daemonise --scan --syslog
(root,14232,2252,00:01:45,1321) /usr/sbin/lldpad -d
(root,19568,2036,00:02:49,1328) /usr/sbin/irqbalance --pid=/var/run/irqbalance.pid
(root,65508,6352,00:01:32,1334) /usr/sbin/sshd -D
(root,277084,6136,00:00:00,1384) /usr/lib/policykit-1/polkitd --no-debug
(root,15052,2132,00:00:07,1454) /usr/sbin/xinetd -pidfile /run/xinetd.pid -stayalive -inetd_compat -inetd_ipv6
(root,155132,39564,00:01:12,1589) /usr/bin/ruby /usr/bin/puppet agent
(root,17772,1800,00:06:34,1634) /sbin/agetty --noclear tty1 linux
(root,108184,2672,00:00:02,1872) /usr/bin/monit -c /etc/monit/monitrc
(dnsmasq,56864,2784,00:00:05,2100) /usr/sbin/dnsmasq -x /run/dnsmasq/dnsmasq.pid -u dnsmasq -I lo -7 /etc/dnsmasq.d,.dpkg-dist,.dpkg-old,.dpkg-new --local-service --trust-anchor=.,19036,8,2,49aac11d7b6f6446702e54a1607371607a1a41855200fd2ce1cdde32f24e8fb5 --trust-anchor=.,20326,8,2,e06d44b80b8f1d39a95c0b0d7c65d08458e880409bbc683457104237c7f8ec8d
(root,0,0,00:00:00,3571) [kworker/1:2]
(root,0,0,00:00:00,3680) [kworker/0:0]
(root,0,0,00:00:00,4081) [kworker/6:0]
(root,0,0,00:00:00,4909) [kworker/2:1]
(root,0,0,00:00:00,5119) [kworker/u16:1]
(root,0,0,00:00:00,5728) [kworker/4:0]
(root,37824,6020,00:02:13,6554) /usr/sbin/openvpn --daemon ovpn-99 --status /run/openvpn/99.status 10 --cd /etc/openvpn --script-security 2 --config /etc/openvpn/99.conf --writepid /run/openvpn/99.pid
(root,0,0,00:00:00,6969) [kworker/7:1]
(root,0,0,00:00:00,7480) [kworker/3:2]
(root,0,0,00:00:00,7955) [kworker/u16:0]
(root,0,0,00:00:00,8425) [kworker/5:1]
(root,0,0,00:00:00,8916) [kworker/6:1]
(root,0,0,00:00:00,9028) [kworker/0:1]
(root,0,0,00:00:00,9428) [kworker/1:1]
(root,0,0,00:00:00,9938) [kworker/4:2]
(root,0,0,00:00:00,10146) [kworker/3:0]
(root,0,0,00:00:00,10228) [kworker/2:0]
(chilli,33612,10680,00:39:15,10691) /usr/sbin/chilli --fg
(root,0,0,00:00:00,10837) [kworker/7:2]
(root,0,0,00:00:00,11554) [kworker/5:2]
(root,0,0,00:00:00,12066) [kworker/6:2]
(root,0,0,00:00:00,12175) [kworker/1:0]
(root,0,0,00:00:00,12382) [kworker/0:2]
(root,0,0,00:00:00,12992) [kworker/4:1]
(root,0,0,00:00:00,13312) [kworker/3:1]
(root,0,0,00:00:00,13412) [kworker/7:0]
(root,0,0,00:00:01,13725) [kworker/u16:4]
(root,0,0,00:00:00,13924) [kworker/2:2]
(root,0,0,00:00:00,13970) [kworker/u16:2]
(root,0,0,00:00:00,14234) [systemctl] <defunct>
(root,0,0,00:00:00,14235) [lookup.check.sh] <defunct>
(root,24904,3412,00:00:00,14344) /bin/bash /usr/local/bin/issue-generator
(root,6532,684,00:00:00,14388) ping -q -c 2 -W 1 8.8.8.8
(root,24928,3260,00:00:00,14537) /bin/bash /usr/bin/check_mk_agent
(root,34420,2976,00:00:00,14556) ps ax -o user,vsz,rss,cputime,pid,command --columns 10000
(root,13360,1160,00:00:00,14557) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4,\5) /
(root,0,0,00:00:00,29687) [kworker/u16:3]

Found on 2024-10-19 23:58

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcb0928f4f5d588c3c6d1d4d0fd5fda439898a1c20b

Found public CheckMk agent:
Version: 1.2.6p12
AgentOS: linux
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
OnlyFrom: 

Found process list through CheckMk:
(root,185208,5920,01:29:10,1) /sbin/init
(root,0,0,00:00:01,2) [kthreadd]
(root,0,0,00:00:15,3) [ksoftirqd/0]
(root,0,0,00:00:00,5) [kworker/0:0H]
(root,0,0,00:05:34,7) [rcu_sched]
(root,0,0,00:00:00,8) [rcu_bh]
(root,0,0,00:00:17,9) [migration/0]
(root,0,0,00:00:03,10) [watchdog/0]
(root,0,0,00:00:03,11) [watchdog/1]
(root,0,0,00:00:17,12) [migration/1]
(root,0,0,00:00:24,13) [ksoftirqd/1]
(root,0,0,00:00:00,15) [kworker/1:0H]
(root,0,0,00:00:03,16) [watchdog/2]
(root,0,0,00:00:16,17) [migration/2]
(root,0,0,00:00:14,18) [ksoftirqd/2]
(root,0,0,00:00:00,20) [kworker/2:0H]
(root,0,0,00:00:03,21) [watchdog/3]
(root,0,0,00:00:16,22) [migration/3]
(root,0,0,00:00:14,23) [ksoftirqd/3]
(root,0,0,00:00:00,25) [kworker/3:0H]
(root,0,0,00:00:04,26) [watchdog/4]
(root,0,0,00:00:17,27) [migration/4]
(root,0,0,00:00:22,28) [ksoftirqd/4]
(root,0,0,00:00:00,30) [kworker/4:0H]
(root,0,0,00:00:03,31) [watchdog/5]
(root,0,0,00:00:17,32) [migration/5]
(root,0,0,00:00:16,33) [ksoftirqd/5]
(root,0,0,00:00:00,35) [kworker/5:0H]
(root,0,0,00:00:03,36) [watchdog/6]
(root,0,0,00:00:16,37) [migration/6]
(root,0,0,00:00:21,38) [ksoftirqd/6]
(root,0,0,00:00:00,40) [kworker/6:0H]
(root,0,0,00:00:03,41) [watchdog/7]
(root,0,0,00:00:16,42) [migration/7]
(root,0,0,00:00:18,43) [ksoftirqd/7]
(root,0,0,00:00:00,45) [kworker/7:0H]
(root,0,0,00:00:00,46) [kdevtmpfs]
(root,0,0,00:00:00,47) [netns]
(root,0,0,00:00:00,48) [perf]
(root,0,0,00:00:01,49) [khungtaskd]
(root,0,0,00:00:00,50) [writeback]
(root,0,0,00:00:00,51) [ksmd]
(root,0,0,00:00:00,52) [khugepaged]
(root,0,0,00:00:00,53) [crypto]
(root,0,0,00:00:00,54) [kintegrityd]
(root,0,0,00:00:00,55) [bioset]
(root,0,0,00:00:00,56) [kblockd]
(root,0,0,00:00:00,57) [ata_sff]
(root,0,0,00:00:00,58) [md]
(root,0,0,00:00:00,59) [devfreq_wq]
(root,0,0,00:00:00,64) [kswapd0]
(root,0,0,00:00:00,65) [vmstat]
(root,0,0,00:00:00,66) [fsnotify_mark]
(root,0,0,00:00:00,67) [ecryptfs-kthrea]
(root,0,0,00:00:00,83) [kthrotld]
(root,0,0,00:00:00,90) [acpi_thermal_pm]
(root,0,0,00:00:00,91) [bioset]
(root,0,0,00:00:00,92) [bioset]
(root,0,0,00:00:00,93) [bioset]
(root,0,0,00:00:00,94) [bioset]
(root,0,0,00:00:00,95) [bioset]
(root,0,0,00:00:00,96) [bioset]
(root,0,0,00:00:00,97) [bioset]
(root,0,0,00:00:00,98) [bioset]
(root,0,0,00:00:00,103) [ipv6_addrconf]
(root,0,0,00:00:00,117) [deferwq]
(root,0,0,00:00:00,118) [charger_manager]
(root,0,0,00:00:00,164) [kpsmoused]
(root,0,0,00:00:00,165) [scsi_eh_0]
(root,0,0,00:00:00,166) [scsi_tmf_0]
(root,0,0,00:00:00,167) [scsi_eh_1]
(root,0,0,00:00:00,168) [scsi_tmf_1]
(root,0,0,00:00:00,210) [bioset]
(root,0,0,00:00:00,214) [ttm_swap]
(root,0,0,00:00:00,218) [scsi_eh_2]
(root,0,0,00:00:00,219) [scsi_tmf_2]
(root,0,0,00:01:21,220) [usb-storage]
(root,0,0,00:00:00,221) [uas]
(root,0,0,00:00:00,222) [scsi_eh_3]
(root,0,0,00:00:00,223) [scsi_tmf_3]
(root,0,0,00:01:23,224) [usb-storage]
(root,0,0,00:00:00,225) [scsi_eh_4]
(root,0,0,00:00:00,226) [scsi_tmf_4]
(root,0,0,00:01:07,227) [usb-storage]
(root,0,0,00:00:00,294) [bioset]
(root,0,0,00:00:00,301) [bioset]
(root,0,0,00:00:00,317) [raid5wq]
(root,0,0,00:00:00,342) [bioset]
(root,0,0,00:00:00,349) [bioset]
(root,0,0,00:00:00,361) [kworker/6:0]
(root,0,0,00:00:01,378) [kworker/0:1H]
(root,0,0,00:00:06,379) [kworker/7:1H]
(root,0,0,00:00:01,380) [kworker/2:1H]
(root,0,0,00:00:01,381) [kworker/4:1H]
(root,0,0,00:00:01,382) [kworker/1:1H]
(root,0,0,00:00:28,384) [jbd2/sda1-8]
(root,0,0,00:00:00,385) [ext4-rsv-conver]
(root,0,0,00:00:00,465) [kauditd]
(root,35372,7796,00:07:46,466) /lib/systemd/systemd-journald
(root,0,0,00:00:00,469) [iscsi_eh]
(root,0,0,00:00:00,473) [ib_addr]
(root,0,0,00:00:00,478) [ib_mcast]
(root,0,0,00:00:00,479) [ib_nl_sa_wq]
(root,0,0,00:00:00,480) [ib_cm]
(root,0,0,00:00:00,481) [iw_cm_wq]
(root,0,0,00:00:00,482) [rdma_cm]
(root,94768,1488,00:00:00,484) /sbin/lvmetad -f
(root,44964,4468,00:00:01,531) /lib/systemd/systemd-udevd
(systemd+,100320,2588,00:00:01,557) /lib/systemd/systemd-timesyncd
(root,0,0,00:00:01,694) [kworker/5:1H]
(root,0,0,00:00:01,695) [kworker/6:1H]
(root,0,0,00:00:00,712) [kworker/3:1H]
(root,0,0,00:00:00,750) [kvm-irqfd-clean]
(root,4392,1284,00:00:00,1088) /usr/sbin/acpid
(root,30816,2892,00:00:05,1096) /usr/sbin/cron -f
(root,58208,4184,00:00:02,1100) lldpd: monitor
(syslog,256388,4360,00:02:01,1107) /usr/sbin/rsyslogd -n
(message+,42900,4064,00:04:12,1109) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation
(_lldpd,58208,2788,00:00:27,1120) lldpd: 2 neighbors
(daemon,26040,2116,00:00:00,1121) /usr/sbin/atd -f
(root,280044,6248,00:01:40,1131) /usr/lib/accountsservice/accounts-daemon
(root,28624,3156,00:01:24,1142) /lib/systemd/systemd-logind
(root,309640,2380,00:00:24,1146) /usr/bin/lxcfs /var/lib/lxcfs/
(root,5216,152,00:00:24,1170) /sbin/iscsid
(root,5716,3508,00:01:53,1171) /sbin/iscsid
(root,13368,160,00:00:00,1180) /sbin/mdadm --monitor --pid-file /run/mdadm/monitor.pid --daemonise --scan --syslog
(root,14232,2252,00:01:36,1321) /usr/sbin/lldpad -d
(root,19568,2036,00:02:36,1328) /usr/sbin/irqbalance --pid=/var/run/irqbalance.pid
(root,65508,6352,00:01:19,1334) /usr/sbin/sshd -D
(root,277084,6136,00:00:00,1384) /usr/lib/policykit-1/polkitd --no-debug
(root,0,0,00:00:00,1440) [kworker/u16:1]
(root,15052,2132,00:00:07,1454) /usr/sbin/xinetd -pidfile /run/xinetd.pid -stayalive -inetd_compat -inetd_ipv6
(root,155132,39564,00:01:06,1589) /usr/bin/ruby /usr/bin/puppet agent
(root,17772,1800,00:06:02,1634) /sbin/agetty --noclear tty1 linux
(root,0,0,00:00:00,2057) [kworker/4:2]
(dnsmasq,56864,2784,00:00:03,2100) /usr/sbin/dnsmasq -x /run/dnsmasq/dnsmasq.pid -u dnsmasq -I lo -7 /etc/dnsmasq.d,.dpkg-dist,.dpkg-old,.dpkg-new --local-service --trust-anchor=.,19036,8,2,49aac11d7b6f6446702e54a1607371607a1a41855200fd2ce1cdde32f24e8fb5 --trust-anchor=.,20326,8,2,e06d44b80b8f1d39a95c0b0d7c65d08458e880409bbc683457104237c7f8ec8d
(root,0,0,00:00:00,2475) [kworker/2:1]
(root,0,0,00:00:00,2775) [kworker/5:2]
(root,0,0,00:00:00,2984) [kworker/7:1]
(root,0,0,00:00:00,3292) [kworker/6:1]
(root,0,0,00:00:00,3592) [kworker/0:2]
(root,0,0,00:00:00,4213) [kworker/1:0]
(root,0,0,00:00:00,4910) [kworker/4:1]
(root,0,0,00:00:00,5319) [kworker/3:2]
(root,0,0,00:00:00,5419) [kworker/2:2]
(root,0,0,00:00:00,6138) [kworker/7:0]
(root,52028,2952,00:00:00,6139) /usr/sbin/CRON -f
(root,4500,848,00:00:00,6144) /bin/sh -c /bin/bash /usr/local/bin/checklist.sh 1800 >> /var/log/status.log
(root,16528,2920,00:00:00,6146) /bin/bash /usr/local/bin/checklist.sh 1800
(root,9124,744,00:00:00,6149) sleep 1675
(root,0,0,00:00:00,6264) [kworker/6:2]
(root,37824,6020,00:01:59,6554) /usr/sbin/openvpn --daemon ovpn-99 --status /run/openvpn/99.status 10 --cd /etc/openvpn --script-security 2 --config /etc/openvpn/99.conf --writepid /run/openvpn/99.pid
(root,0,0,00:00:00,6575) [kworker/0:0]
(root,0,0,00:00:00,6783) [kworker/5:1]
(root,0,0,00:00:00,6987) [kworker/1:2]
(root,0,0,00:00:00,8007) [kworker/2:0]
(root,0,0,00:00:00,8217) [systemctl] <defunct>
(root,0,0,00:00:00,8218) [lookup.check.sh] <defunct>
(root,24928,3328,00:00:00,8489) /bin/bash /usr/bin/check_mk_agent
(root,34420,2888,00:00:00,8508) ps ax -o user,vsz,rss,cputime,pid,command --columns 10000
(root,13360,1088,00:00:00,8509) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4,\5) /
(chilli,33612,10680,00:38:45,10691) /usr/sbin/chilli --fg
(root,0,0,00:00:00,13191) [kworker/u16:2]
(root,0,0,00:00:00,27659) [kworker/5:0]
(root,0,0,00:00:00,28686) [kworker/u16:0]
(root,108184,2720,00:00:00,29948) /usr/bin/monit -c /etc/monit/monitrc
(root,0,0,00:00:00,30403) [kworker/1:1]
(root,0,0,00:00:00,30736) [kworker/3:0]
(root,52028,2952,00:00:00,31149) /usr/sbin/CRON -f
(root,4500,700,00:00:00,31153) /bin/sh -c /bin/bash /usr/local/bin/checklist.sh 1800 >> /var/log/status.log
(root,16528,2860,00:00:00,31161) /bin/bash /usr/local/bin/checklist.sh 1800
(root,9124,676,00:00:00,31170) sleep 1716
(root,0,0,00:00:00,32006) [kworker/7:2]
(root,0,0,00:00:00,32107) [kworker/0:1]

Found on 2024-10-17 22:49

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcb0928f4f5d588c3c6d1d4d0fd5fda4398e264cc8c

Found public CheckMk agent:
Version: 1.2.6p12
AgentOS: linux
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
OnlyFrom: 

Found process list through CheckMk:
(root,185208,5900,01:21:04,1) /sbin/init
(root,0,0,00:00:01,2) [kthreadd]
(root,0,0,00:00:14,3) [ksoftirqd/0]
(root,0,0,00:00:00,5) [kworker/0:0H]
(root,0,0,00:05:05,7) [rcu_sched]
(root,0,0,00:00:00,8) [rcu_bh]
(root,0,0,00:00:16,9) [migration/0]
(root,0,0,00:00:03,10) [watchdog/0]
(root,0,0,00:00:03,11) [watchdog/1]
(root,0,0,00:00:15,12) [migration/1]
(root,0,0,00:00:22,13) [ksoftirqd/1]
(root,0,0,00:00:00,15) [kworker/1:0H]
(root,0,0,00:00:03,16) [watchdog/2]
(root,0,0,00:00:15,17) [migration/2]
(root,0,0,00:00:13,18) [ksoftirqd/2]
(root,0,0,00:00:00,20) [kworker/2:0H]
(root,0,0,00:00:03,21) [watchdog/3]
(root,0,0,00:00:14,22) [migration/3]
(root,0,0,00:00:13,23) [ksoftirqd/3]
(root,0,0,00:00:00,25) [kworker/3:0H]
(root,0,0,00:00:03,26) [watchdog/4]
(root,0,0,00:00:15,27) [migration/4]
(root,0,0,00:00:19,28) [ksoftirqd/4]
(root,0,0,00:00:00,30) [kworker/4:0H]
(root,0,0,00:00:02,31) [watchdog/5]
(root,0,0,00:00:15,32) [migration/5]
(root,0,0,00:00:14,33) [ksoftirqd/5]
(root,0,0,00:00:00,35) [kworker/5:0H]
(root,0,0,00:00:03,36) [watchdog/6]
(root,0,0,00:00:14,37) [migration/6]
(root,0,0,00:00:20,38) [ksoftirqd/6]
(root,0,0,00:00:00,40) [kworker/6:0H]
(root,0,0,00:00:02,41) [watchdog/7]
(root,0,0,00:00:14,42) [migration/7]
(root,0,0,00:00:16,43) [ksoftirqd/7]
(root,0,0,00:00:00,45) [kworker/7:0H]
(root,0,0,00:00:00,46) [kdevtmpfs]
(root,0,0,00:00:00,47) [netns]
(root,0,0,00:00:00,48) [perf]
(root,0,0,00:00:01,49) [khungtaskd]
(root,0,0,00:00:00,50) [writeback]
(root,0,0,00:00:00,51) [ksmd]
(root,0,0,00:00:00,52) [khugepaged]
(root,0,0,00:00:00,53) [crypto]
(root,0,0,00:00:00,54) [kintegrityd]
(root,0,0,00:00:00,55) [bioset]
(root,0,0,00:00:00,56) [kblockd]
(root,0,0,00:00:00,57) [ata_sff]
(root,0,0,00:00:00,58) [md]
(root,0,0,00:00:00,59) [devfreq_wq]
(root,0,0,00:00:00,64) [kswapd0]
(root,0,0,00:00:00,65) [vmstat]
(root,0,0,00:00:00,66) [fsnotify_mark]
(root,0,0,00:00:00,67) [ecryptfs-kthrea]
(root,0,0,00:00:00,83) [kthrotld]
(root,0,0,00:00:00,90) [acpi_thermal_pm]
(root,0,0,00:00:00,91) [bioset]
(root,0,0,00:00:00,92) [bioset]
(root,0,0,00:00:00,93) [bioset]
(root,0,0,00:00:00,94) [bioset]
(root,0,0,00:00:00,95) [bioset]
(root,0,0,00:00:00,96) [bioset]
(root,0,0,00:00:00,97) [bioset]
(root,0,0,00:00:00,98) [bioset]
(root,0,0,00:00:00,103) [ipv6_addrconf]
(root,0,0,00:00:00,117) [deferwq]
(root,0,0,00:00:00,118) [charger_manager]
(root,0,0,00:00:00,164) [kpsmoused]
(root,0,0,00:00:00,165) [scsi_eh_0]
(root,0,0,00:00:00,166) [scsi_tmf_0]
(root,0,0,00:00:00,167) [scsi_eh_1]
(root,0,0,00:00:00,168) [scsi_tmf_1]
(root,0,0,00:00:00,210) [bioset]
(root,0,0,00:00:00,214) [ttm_swap]
(root,0,0,00:00:00,218) [scsi_eh_2]
(root,0,0,00:00:00,219) [scsi_tmf_2]
(root,0,0,00:01:14,220) [usb-storage]
(root,0,0,00:00:00,221) [uas]
(root,0,0,00:00:00,222) [scsi_eh_3]
(root,0,0,00:00:00,223) [scsi_tmf_3]
(root,0,0,00:01:15,224) [usb-storage]
(root,0,0,00:00:00,225) [scsi_eh_4]
(root,0,0,00:00:00,226) [scsi_tmf_4]
(root,0,0,00:01:01,227) [usb-storage]
(root,0,0,00:00:00,294) [bioset]
(root,0,0,00:00:00,301) [bioset]
(root,0,0,00:00:00,317) [raid5wq]
(root,108184,2724,00:00:04,325) /usr/bin/monit -c /etc/monit/monitrc
(root,0,0,00:00:00,342) [bioset]
(root,0,0,00:00:00,349) [bioset]
(root,0,0,00:00:01,378) [kworker/0:1H]
(root,0,0,00:00:05,379) [kworker/7:1H]
(root,0,0,00:00:00,380) [kworker/2:1H]
(root,0,0,00:00:01,381) [kworker/4:1H]
(root,0,0,00:00:01,382) [kworker/1:1H]
(root,0,0,00:00:25,384) [jbd2/sda1-8]
(root,0,0,00:00:00,385) [ext4-rsv-conver]
(root,0,0,00:00:00,465) [kauditd]
(root,35372,7644,00:06:51,466) /lib/systemd/systemd-journald
(root,0,0,00:00:00,469) [iscsi_eh]
(root,0,0,00:00:00,473) [ib_addr]
(root,0,0,00:00:00,478) [ib_mcast]
(root,0,0,00:00:00,479) [ib_nl_sa_wq]
(root,0,0,00:00:00,480) [ib_cm]
(root,0,0,00:00:00,481) [iw_cm_wq]
(root,0,0,00:00:00,482) [rdma_cm]
(root,94768,1488,00:00:00,484) /sbin/lvmetad -f
(root,44964,4468,00:00:01,531) /lib/systemd/systemd-udevd
(systemd+,100320,2588,00:00:01,557) /lib/systemd/systemd-timesyncd
(root,0,0,00:00:01,694) [kworker/5:1H]
(root,0,0,00:00:01,695) [kworker/6:1H]
(root,0,0,00:00:00,712) [kworker/3:1H]
(root,0,0,00:00:00,750) [kvm-irqfd-clean]
(root,0,0,00:00:00,886) [kworker/3:0]
(root,4392,1284,00:00:00,1088) /usr/sbin/acpid
(root,30816,2892,00:00:04,1096) /usr/sbin/cron -f
(root,0,0,00:00:00,1097) [kworker/6:1]
(root,58208,4184,00:00:02,1100) lldpd: monitor
(syslog,256388,4360,00:01:46,1107) /usr/sbin/rsyslogd -n
(message+,42900,4064,00:03:49,1109) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation
(_lldpd,58208,2788,00:00:24,1120) lldpd: 2 neighbors
(daemon,26040,2116,00:00:00,1121) /usr/sbin/atd -f
(root,280044,6248,00:01:28,1131) /usr/lib/accountsservice/accounts-daemon
(root,28624,3156,00:01:17,1142) /lib/systemd/systemd-logind
(root,309640,2380,00:00:22,1146) /usr/bin/lxcfs /var/lib/lxcfs/
(root,5216,152,00:00:22,1170) /sbin/iscsid
(root,5716,3508,00:01:43,1171) /sbin/iscsid
(root,13368,160,00:00:00,1180) /sbin/mdadm --monitor --pid-file /run/mdadm/monitor.pid --daemonise --scan --syslog
(root,0,0,00:00:00,1211) [kworker/5:1]
(root,14232,2252,00:01:27,1321) /usr/sbin/lldpad -d
(root,19568,2036,00:02:22,1328) /usr/sbin/irqbalance --pid=/var/run/irqbalance.pid
(root,65508,6352,00:01:05,1334) /usr/sbin/sshd -D
(root,277084,6136,00:00:00,1384) /usr/lib/policykit-1/polkitd --no-debug
(root,15052,2132,00:00:06,1454) /usr/sbin/xinetd -pidfile /run/xinetd.pid -stayalive -inetd_compat -inetd_ipv6
(root,0,0,00:00:01,1504) [kworker/u16:4]
(root,155132,39564,00:01:00,1589) /usr/bin/ruby /usr/bin/puppet agent
(root,17772,1800,00:05:28,1634) /sbin/agetty --noclear tty1 linux
(dnsmasq,56864,2784,00:00:02,2100) /usr/sbin/dnsmasq -x /run/dnsmasq/dnsmasq.pid -u dnsmasq -I lo -7 /etc/dnsmasq.d,.dpkg-dist,.dpkg-old,.dpkg-new --local-service --trust-anchor=.,19036,8,2,49aac11d7b6f6446702e54a1607371607a1a41855200fd2ce1cdde32f24e8fb5 --trust-anchor=.,20326,8,2,e06d44b80b8f1d39a95c0b0d7c65d08458e880409bbc683457104237c7f8ec8d
(root,0,0,00:00:00,2432) [kworker/0:2]
(root,0,0,00:00:00,3256) [kworker/7:0]
(root,0,0,00:00:00,3575) [kworker/2:1]
(root,0,0,00:00:00,3996) [kworker/5:2]
(root,52028,2932,00:00:00,4207) /usr/sbin/CRON -f
(root,4500,700,00:00:00,4212) /bin/sh -c /bin/bash /usr/local/bin/checklist.sh 1800 >> /var/log/status.log
(root,16528,3024,00:00:00,4215) /bin/bash /usr/local/bin/checklist.sh 1800
(root,9124,804,00:00:00,4217) sleep 655
(root,0,0,00:00:00,4747) [kworker/3:2]
(root,0,0,00:00:00,4846) [kworker/6:0]
(root,0,0,00:00:00,4849) [kworker/0:1]
(root,0,0,00:00:00,5663) [kworker/4:1]
(root,0,0,00:00:00,6079) [kworker/1:0]
(root,0,0,00:00:00,6185) [kworker/2:2]
(root,37824,6020,00:01:45,6554) /usr/sbin/openvpn --daemon ovpn-99 --status /run/openvpn/99.status 10 --cd /etc/openvpn --script-security 2 --config /etc/openvpn/99.conf --writepid /run/openvpn/99.pid
(root,0,0,00:00:00,6893) [kworker/5:0]
(root,0,0,00:00:00,7512) [kworker/3:1]
(root,0,0,00:00:00,7611) [kworker/0:0]
(root,0,0,00:00:00,7822) [kworker/7:2]
(root,0,0,00:00:00,8539) [kworker/6:2]
(root,0,0,00:00:00,8948) [kworker/4:2]
(root,0,0,00:00:00,9047) [systemctl] <defunct>
(root,0,0,00:00:00,9048) [lookup.check.sh] <defunct>
(root,0,0,00:00:00,9157) [kworker/2:0]
(root,24928,3264,00:00:00,9232) /bin/bash /usr/bin/check_mk_agent
(root,34420,2988,00:00:00,9251) ps ax -o user,vsz,rss,cputime,pid,command --columns 10000
(root,13360,996,00:00:00,9252) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4,\5) /
(chilli,33612,10680,00:38:12,10691) /usr/sbin/chilli --fg
(root,0,0,00:00:01,21773) [kworker/u16:1]
(root,0,0,00:00:00,23436) [kworker/u16:2]
(root,0,0,00:00:00,26949) [kworker/4:0]
(root,0,0,00:00:00,32303) [kworker/7:1]
(root,0,0,00:00:00,32604) [kworker/1:2]

Found on 2024-10-15 21:55

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcb0928f4f5d588c3c6d1d4d0fd5fda43980ddb0eb2

Found public CheckMk agent:
Version: 1.2.6p12
AgentOS: linux
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
OnlyFrom: 

Found process list through CheckMk:
(root,185208,5896,01:13:24,1) /sbin/init
(root,0,0,00:00:01,2) [kthreadd]
(root,0,0,00:00:12,3) [ksoftirqd/0]
(root,0,0,00:00:00,5) [kworker/0:0H]
(root,0,0,00:04:42,7) [rcu_sched]
(root,0,0,00:00:00,8) [rcu_bh]
(root,0,0,00:00:14,9) [migration/0]
(root,0,0,00:00:03,10) [watchdog/0]
(root,0,0,00:00:02,11) [watchdog/1]
(root,0,0,00:00:14,12) [migration/1]
(root,0,0,00:00:21,13) [ksoftirqd/1]
(root,0,0,00:00:00,15) [kworker/1:0H]
(root,0,0,00:00:03,16) [watchdog/2]
(root,0,0,00:00:13,17) [migration/2]
(root,0,0,00:00:12,18) [ksoftirqd/2]
(root,0,0,00:00:00,20) [kworker/2:0H]
(root,0,0,00:00:02,21) [watchdog/3]
(root,0,0,00:00:13,22) [migration/3]
(root,0,0,00:00:12,23) [ksoftirqd/3]
(root,0,0,00:00:00,25) [kworker/3:0H]
(root,0,0,00:00:03,26) [watchdog/4]
(root,0,0,00:00:14,27) [migration/4]
(root,0,0,00:00:16,28) [ksoftirqd/4]
(root,0,0,00:00:00,30) [kworker/4:0H]
(root,0,0,00:00:02,31) [watchdog/5]
(root,0,0,00:00:14,32) [migration/5]
(root,0,0,00:00:12,33) [ksoftirqd/5]
(root,0,0,00:00:00,35) [kworker/5:0H]
(root,0,0,00:00:03,36) [watchdog/6]
(root,0,0,00:00:13,37) [migration/6]
(root,0,0,00:00:18,38) [ksoftirqd/6]
(root,0,0,00:00:00,40) [kworker/6:0H]
(root,0,0,00:00:02,41) [watchdog/7]
(root,0,0,00:00:13,42) [migration/7]
(root,0,0,00:00:15,43) [ksoftirqd/7]
(root,0,0,00:00:00,45) [kworker/7:0H]
(root,0,0,00:00:00,46) [kdevtmpfs]
(root,0,0,00:00:00,47) [netns]
(root,0,0,00:00:00,48) [perf]
(root,0,0,00:00:01,49) [khungtaskd]
(root,0,0,00:00:00,50) [writeback]
(root,0,0,00:00:00,51) [ksmd]
(root,0,0,00:00:00,52) [khugepaged]
(root,0,0,00:00:00,53) [crypto]
(root,0,0,00:00:00,54) [kintegrityd]
(root,0,0,00:00:00,55) [bioset]
(root,0,0,00:00:00,56) [kblockd]
(root,0,0,00:00:00,57) [ata_sff]
(root,0,0,00:00:00,58) [md]
(root,0,0,00:00:00,59) [devfreq_wq]
(root,0,0,00:00:00,64) [kswapd0]
(root,0,0,00:00:00,65) [vmstat]
(root,0,0,00:00:00,66) [fsnotify_mark]
(root,0,0,00:00:00,67) [ecryptfs-kthrea]
(root,0,0,00:00:00,83) [kthrotld]
(root,0,0,00:00:00,90) [acpi_thermal_pm]
(root,0,0,00:00:00,91) [bioset]
(root,0,0,00:00:00,92) [bioset]
(root,0,0,00:00:00,93) [bioset]
(root,0,0,00:00:00,94) [bioset]
(root,0,0,00:00:00,95) [bioset]
(root,0,0,00:00:00,96) [bioset]
(root,0,0,00:00:00,97) [bioset]
(root,0,0,00:00:00,98) [bioset]
(root,0,0,00:00:00,103) [ipv6_addrconf]
(root,0,0,00:00:00,117) [deferwq]
(root,0,0,00:00:00,118) [charger_manager]
(root,0,0,00:00:00,164) [kpsmoused]
(root,0,0,00:00:00,165) [scsi_eh_0]
(root,0,0,00:00:00,166) [scsi_tmf_0]
(root,0,0,00:00:00,167) [scsi_eh_1]
(root,0,0,00:00:00,168) [scsi_tmf_1]
(root,0,0,00:00:00,210) [bioset]
(root,0,0,00:00:00,214) [ttm_swap]
(root,0,0,00:00:00,218) [scsi_eh_2]
(root,0,0,00:00:00,219) [scsi_tmf_2]
(root,0,0,00:01:07,220) [usb-storage]
(root,0,0,00:00:00,221) [uas]
(root,0,0,00:00:00,222) [scsi_eh_3]
(root,0,0,00:00:00,223) [scsi_tmf_3]
(root,0,0,00:01:08,224) [usb-storage]
(root,0,0,00:00:00,225) [scsi_eh_4]
(root,0,0,00:00:00,226) [scsi_tmf_4]
(root,0,0,00:00:55,227) [usb-storage]
(root,0,0,00:00:00,294) [bioset]
(root,0,0,00:00:00,301) [bioset]
(root,0,0,00:00:00,317) [raid5wq]
(root,0,0,00:00:00,342) [bioset]
(root,0,0,00:00:00,349) [bioset]
(root,0,0,00:00:01,378) [kworker/0:1H]
(root,0,0,00:00:05,379) [kworker/7:1H]
(root,0,0,00:00:00,380) [kworker/2:1H]
(root,0,0,00:00:01,381) [kworker/4:1H]
(root,0,0,00:00:01,382) [kworker/1:1H]
(root,0,0,00:00:23,384) [jbd2/sda1-8]
(root,0,0,00:00:00,385) [ext4-rsv-conver]
(root,0,0,00:00:00,465) [kauditd]
(root,35372,4100,00:06:17,466) /lib/systemd/systemd-journald
(root,0,0,00:00:00,469) [iscsi_eh]
(root,0,0,00:00:00,473) [ib_addr]
(root,0,0,00:00:00,478) [ib_mcast]
(root,0,0,00:00:00,479) [ib_nl_sa_wq]
(root,0,0,00:00:00,480) [ib_cm]
(root,0,0,00:00:00,481) [iw_cm_wq]
(root,0,0,00:00:00,482) [rdma_cm]
(root,94768,1488,00:00:00,484) /sbin/lvmetad -f
(root,44964,4468,00:00:01,531) /lib/systemd/systemd-udevd
(systemd+,100320,2588,00:00:01,557) /lib/systemd/systemd-timesyncd
(root,0,0,00:00:00,573) [kworker/2:2]
(root,0,0,00:00:00,684) [kworker/7:1]
(root,0,0,00:00:01,694) [kworker/5:1H]
(root,0,0,00:00:01,695) [kworker/6:1H]
(root,0,0,00:00:00,712) [kworker/3:1H]
(root,0,0,00:00:00,750) [kvm-irqfd-clean]
(root,0,0,00:00:00,896) [kworker/1:2]
(root,4392,1284,00:00:00,1088) /usr/sbin/acpid
(root,30816,2892,00:00:04,1096) /usr/sbin/cron -f
(root,58208,4184,00:00:02,1100) lldpd: monitor
(syslog,256388,4360,00:01:37,1107) /usr/sbin/rsyslogd -n
(message+,42900,4064,00:03:28,1109) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation
(_lldpd,58208,2788,00:00:22,1120) lldpd: 2 neighbors
(daemon,26040,2116,00:00:00,1121) /usr/sbin/atd -f
(root,280044,6248,00:01:21,1131) /usr/lib/accountsservice/accounts-daemon
(root,28624,3156,00:01:10,1142) /lib/systemd/systemd-logind
(root,309640,2380,00:00:20,1146) /usr/bin/lxcfs /var/lib/lxcfs/
(root,5216,152,00:00:20,1170) /sbin/iscsid
(root,5716,3508,00:01:33,1171) /sbin/iscsid
(root,13368,160,00:00:00,1180) /sbin/mdadm --monitor --pid-file /run/mdadm/monitor.pid --daemonise --scan --syslog
(root,14232,2252,00:01:19,1321) /usr/sbin/lldpad -d
(root,19568,2036,00:02:09,1328) /usr/sbin/irqbalance --pid=/var/run/irqbalance.pid
(root,65508,6352,00:01:00,1334) /usr/sbin/sshd -D
(root,277084,6136,00:00:00,1384) /usr/lib/policykit-1/polkitd --no-debug
(root,15052,2132,00:00:05,1454) /usr/sbin/xinetd -pidfile /run/xinetd.pid -stayalive -inetd_compat -inetd_ipv6
(root,0,0,00:00:00,1530) [kworker/3:0]
(root,155132,39564,00:00:54,1589) /usr/bin/ruby /usr/bin/puppet agent
(root,17772,1800,00:04:56,1634) /sbin/agetty --noclear tty1 linux
(root,0,0,00:00:00,1641) [kworker/u16:2]
(root,65508,6036,00:00:00,1947) sshd: [accepted]
(root,0,0,00:00:00,2046) [systemctl] <defunct>
(root,0,0,00:00:00,2047) [lookup.check.sh] <defunct>
(root,65508,5824,00:00:00,2058) sshd: [accepted]
(dnsmasq,56864,2784,00:00:00,2100) /usr/sbin/dnsmasq -x /run/dnsmasq/dnsmasq.pid -u dnsmasq -I lo -7 /etc/dnsmasq.d,.dpkg-dist,.dpkg-old,.dpkg-new --local-service --trust-anchor=.,19036,8,2,49aac11d7b6f6446702e54a1607371607a1a41855200fd2ce1cdde32f24e8fb5 --trust-anchor=.,20326,8,2,e06d44b80b8f1d39a95c0b0d7c65d08458e880409bbc683457104237c7f8ec8d
(root,65508,6032,00:00:00,2212) sshd: [accepted]
(root,24928,3196,00:00:00,2316) /bin/bash /usr/bin/check_mk_agent
(root,34420,2928,00:00:00,2335) ps ax -o user,vsz,rss,cputime,pid,command --columns 10000
(root,13360,1000,00:00:00,2336) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4,\5) /
(root,0,0,00:00:00,4731) [kworker/u16:4]
(root,37824,6020,00:01:32,6554) /usr/sbin/openvpn --daemon ovpn-99 --status /run/openvpn/99.status 10 --cd /etc/openvpn --script-security 2 --config /etc/openvpn/99.conf --writepid /run/openvpn/99.pid
(chilli,33612,10680,00:37:41,10691) /usr/sbin/chilli --fg
(root,108184,2708,00:00:01,14554) /usr/bin/monit -c /etc/monit/monitrc
(root,0,0,00:00:00,21217) [kworker/4:1]
(root,52028,2952,00:00:00,23529) /usr/sbin/CRON -f
(root,4500,776,00:00:00,23535) /bin/sh -c /bin/bash /usr/local/bin/checklist.sh 1800 >> /var/log/status.log
(root,16528,2960,00:00:00,23539) /bin/bash /usr/local/bin/checklist.sh 1800
(root,9124,812,00:00:00,23544) sleep 1378
(root,0,0,00:00:00,24260) [kworker/6:2]
(root,0,0,00:00:00,26018) [kworker/7:0]
(root,0,0,00:00:00,26947) [kworker/3:2]
(root,0,0,00:00:00,27248) [kworker/2:1]
(root,0,0,00:00:00,27559) [kworker/5:2]
(root,0,0,00:00:00,27668) [kworker/1:0]
(root,0,0,00:00:00,27864) [kworker/6:0]
(root,0,0,00:00:00,29525) [kworker/0:1]
(root,0,0,00:00:00,29634) [kworker/4:2]
(root,0,0,00:00:00,30047) [kworker/7:2]
(root,0,0,00:00:00,30158) [kworker/2:0]
(root,0,0,00:00:00,30262) [kworker/1:1]
(root,0,0,00:00:00,30466) [kworker/5:1]
(root,0,0,00:00:00,30681) [kworker/3:1]
(root,0,0,00:00:00,30894) [kworker/u16:1]
(root,52028,2904,00:00:00,30954) /usr/sbin/CRON -f
(root,4500,840,00:00:00,30964) /bin/sh -c /bin/bash /usr/local/bin/checklist.sh 1800 >> /var/log/status.log
(root,16528,3056,00:00:00,30967) /bin/bash /usr/local/bin/checklist.sh 1800
(root,9124,640,00:00:00,30983) sleep 990
(root,0,0,00:00:00,31998) [kworker/u16:0]
(root,0,0,00:00:00,32287) [kworker/0:2]
(root,0,0,00:00:00,32403) [kworker/4:0]

Found on 2024-10-13 23:07

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcb0928f4f5d588c3c6d1d4d0fd5fda4398d85fcc64

Found public CheckMk agent:
Version: 1.2.6p12
AgentOS: linux
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
OnlyFrom: 

Found process list through CheckMk:
(root,185208,5896,01:05:14,1) /sbin/init
(root,0,0,00:00:01,2) [kthreadd]
(root,0,0,00:00:11,3) [ksoftirqd/0]
(root,0,0,00:00:00,5) [kworker/0:0H]
(root,0,0,00:04:14,7) [rcu_sched]
(root,0,0,00:00:00,8) [rcu_bh]
(root,0,0,00:00:13,9) [migration/0]
(root,0,0,00:00:02,10) [watchdog/0]
(root,0,0,00:00:02,11) [watchdog/1]
(root,0,0,00:00:12,12) [migration/1]
(root,0,0,00:00:20,13) [ksoftirqd/1]
(root,0,0,00:00:00,15) [kworker/1:0H]
(root,0,0,00:00:02,16) [watchdog/2]
(root,0,0,00:00:12,17) [migration/2]
(root,0,0,00:00:10,18) [ksoftirqd/2]
(root,0,0,00:00:00,20) [kworker/2:0H]
(root,0,0,00:00:02,21) [watchdog/3]
(root,0,0,00:00:11,22) [migration/3]
(root,0,0,00:00:10,23) [ksoftirqd/3]
(root,0,0,00:00:00,25) [kworker/3:0H]
(root,0,0,00:00:02,26) [watchdog/4]
(root,0,0,00:00:12,27) [migration/4]
(root,0,0,00:00:13,28) [ksoftirqd/4]
(root,0,0,00:00:00,30) [kworker/4:0H]
(root,0,0,00:00:02,31) [watchdog/5]
(root,0,0,00:00:12,32) [migration/5]
(root,0,0,00:00:11,33) [ksoftirqd/5]
(root,0,0,00:00:00,35) [kworker/5:0H]
(root,0,0,00:00:02,36) [watchdog/6]
(root,0,0,00:00:12,37) [migration/6]
(root,0,0,00:00:16,38) [ksoftirqd/6]
(root,0,0,00:00:00,40) [kworker/6:0H]
(root,0,0,00:00:02,41) [watchdog/7]
(root,0,0,00:00:12,42) [migration/7]
(root,0,0,00:00:13,43) [ksoftirqd/7]
(root,0,0,00:00:00,45) [kworker/7:0H]
(root,0,0,00:00:00,46) [kdevtmpfs]
(root,0,0,00:00:00,47) [netns]
(root,0,0,00:00:00,48) [perf]
(root,0,0,00:00:00,49) [khungtaskd]
(root,0,0,00:00:00,50) [writeback]
(root,0,0,00:00:00,51) [ksmd]
(root,0,0,00:00:00,52) [khugepaged]
(root,0,0,00:00:00,53) [crypto]
(root,0,0,00:00:00,54) [kintegrityd]
(root,0,0,00:00:00,55) [bioset]
(root,0,0,00:00:00,56) [kblockd]
(root,0,0,00:00:00,57) [ata_sff]
(root,0,0,00:00:00,58) [md]
(root,0,0,00:00:00,59) [devfreq_wq]
(root,0,0,00:00:00,64) [kswapd0]
(root,0,0,00:00:00,65) [vmstat]
(root,0,0,00:00:00,66) [fsnotify_mark]
(root,0,0,00:00:00,67) [ecryptfs-kthrea]
(root,0,0,00:00:00,83) [kthrotld]
(root,0,0,00:00:00,90) [acpi_thermal_pm]
(root,0,0,00:00:00,91) [bioset]
(root,0,0,00:00:00,92) [bioset]
(root,0,0,00:00:00,93) [bioset]
(root,0,0,00:00:00,94) [bioset]
(root,0,0,00:00:00,95) [bioset]
(root,0,0,00:00:00,96) [bioset]
(root,0,0,00:00:00,97) [bioset]
(root,0,0,00:00:00,98) [bioset]
(root,0,0,00:00:00,103) [ipv6_addrconf]
(root,0,0,00:00:00,117) [deferwq]
(root,0,0,00:00:00,118) [charger_manager]
(root,0,0,00:00:00,164) [kpsmoused]
(root,0,0,00:00:00,165) [scsi_eh_0]
(root,0,0,00:00:00,166) [scsi_tmf_0]
(root,0,0,00:00:00,167) [scsi_eh_1]
(root,0,0,00:00:00,168) [scsi_tmf_1]
(root,0,0,00:00:00,210) [bioset]
(root,0,0,00:00:00,214) [ttm_swap]
(root,0,0,00:00:00,218) [scsi_eh_2]
(root,0,0,00:00:00,219) [scsi_tmf_2]
(root,0,0,00:01:00,220) [usb-storage]
(root,0,0,00:00:00,221) [uas]
(root,0,0,00:00:00,222) [scsi_eh_3]
(root,0,0,00:00:00,223) [scsi_tmf_3]
(root,0,0,00:01:01,224) [usb-storage]
(root,0,0,00:00:00,225) [scsi_eh_4]
(root,0,0,00:00:00,226) [scsi_tmf_4]
(root,0,0,00:00:49,227) [usb-storage]
(root,0,0,00:00:00,294) [bioset]
(root,0,0,00:00:00,301) [bioset]
(root,0,0,00:00:00,317) [raid5wq]
(root,0,0,00:00:00,342) [bioset]
(root,0,0,00:00:00,349) [bioset]
(root,0,0,00:00:01,378) [kworker/0:1H]
(root,0,0,00:00:04,379) [kworker/7:1H]
(root,0,0,00:00:00,380) [kworker/2:1H]
(root,0,0,00:00:00,381) [kworker/4:1H]
(root,0,0,00:00:01,382) [kworker/1:1H]
(root,0,0,00:00:20,384) [jbd2/sda1-8]
(root,0,0,00:00:00,385) [ext4-rsv-conver]
(root,0,0,00:00:00,465) [kauditd]
(root,35372,4064,00:05:30,466) /lib/systemd/systemd-journald
(root,0,0,00:00:00,469) [iscsi_eh]
(root,0,0,00:00:00,473) [ib_addr]
(root,0,0,00:00:00,478) [ib_mcast]
(root,0,0,00:00:00,479) [ib_nl_sa_wq]
(root,0,0,00:00:00,480) [ib_cm]
(root,0,0,00:00:00,481) [iw_cm_wq]
(root,0,0,00:00:00,482) [rdma_cm]
(root,94768,1488,00:00:00,484) /sbin/lvmetad -f
(root,44964,4468,00:00:01,531) /lib/systemd/systemd-udevd
(systemd+,100320,2588,00:00:01,557) /lib/systemd/systemd-timesyncd
(root,0,0,00:00:01,694) [kworker/5:1H]
(root,0,0,00:00:01,695) [kworker/6:1H]
(root,0,0,00:00:00,712) [kworker/3:1H]
(root,0,0,00:00:00,750) [kvm-irqfd-clean]
(root,4392,1284,00:00:00,1088) /usr/sbin/acpid
(root,30816,2892,00:00:03,1096) /usr/sbin/cron -f
(root,58208,4184,00:00:02,1100) lldpd: monitor
(syslog,256388,4360,00:01:25,1107) /usr/sbin/rsyslogd -n
(message+,42900,4064,00:03:05,1109) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation
(_lldpd,58208,2788,00:00:19,1120) lldpd: 2 neighbors
(daemon,26040,2116,00:00:00,1121) /usr/sbin/atd -f
(root,280044,6248,00:01:10,1131) /usr/lib/accountsservice/accounts-daemon
(root,28624,3156,00:01:02,1142) /lib/systemd/systemd-logind
(root,309640,2380,00:00:17,1146) /usr/bin/lxcfs /var/lib/lxcfs/
(root,5216,152,00:00:18,1170) /sbin/iscsid
(root,5716,3508,00:01:23,1171) /sbin/iscsid
(root,13368,160,00:00:00,1180) /sbin/mdadm --monitor --pid-file /run/mdadm/monitor.pid --daemonise --scan --syslog
(root,14232,2252,00:01:10,1321) /usr/sbin/lldpad -d
(root,19568,2036,00:01:55,1328) /usr/sbin/irqbalance --pid=/var/run/irqbalance.pid
(root,65508,6352,00:00:50,1334) /usr/sbin/sshd -D
(root,277084,6136,00:00:00,1384) /usr/lib/policykit-1/polkitd --no-debug
(root,15052,2132,00:00:05,1454) /usr/sbin/xinetd -pidfile /run/xinetd.pid -stayalive -inetd_compat -inetd_ipv6
(root,155132,39564,00:00:48,1589) /usr/bin/ruby /usr/bin/puppet agent
(root,17772,1800,00:04:28,1634) /sbin/agetty --noclear tty1 linux
(dnsmasq,56864,2820,00:00:43,4442) /usr/sbin/dnsmasq -x /run/dnsmasq/dnsmasq.pid -u dnsmasq -I lo -7 /etc/dnsmasq.d,.dpkg-dist,.dpkg-old,.dpkg-new --local-service --trust-anchor=.,19036,8,2,49aac11d7b6f6446702e54a1607371607a1a41855200fd2ce1cdde32f24e8fb5 --trust-anchor=.,20326,8,2,e06d44b80b8f1d39a95c0b0d7c65d08458e880409bbc683457104237c7f8ec8d
(root,37824,6020,00:01:18,6554) /usr/sbin/openvpn --daemon ovpn-99 --status /run/openvpn/99.status 10 --cd /etc/openvpn --script-security 2 --config /etc/openvpn/99.conf --writepid /run/openvpn/99.pid
(chilli,33612,10680,00:37:14,10691) /usr/sbin/chilli --fg
(root,0,0,00:00:00,16827) [kworker/3:2]
(root,0,0,00:00:00,17037) [kworker/6:1]
(root,0,0,00:00:00,17960) [kworker/u16:4]
(root,0,0,00:00:00,18198) [kworker/5:2]
(root,0,0,00:00:00,18298) [kworker/4:1]
(root,0,0,00:00:00,19847) [kworker/7:0]
(root,0,0,00:00:00,20347) [kworker/2:1]
(root,0,0,00:00:00,21197) [kworker/1:0]
(root,0,0,00:00:00,21408) [kworker/0:2]
(root,0,0,00:00:00,21698) [kworker/5:1]
(root,0,0,00:00:00,21999) [kworker/6:2]
(root,0,0,00:00:00,23030) [kworker/4:2]
(root,0,0,00:00:00,23138) [kworker/7:1]
(root,0,0,00:00:00,23847) [kworker/2:0]
(root,0,0,00:00:00,23860) [kworker/1:1]
(root,0,0,00:00:00,24167) [kworker/0:1]
(root,0,0,00:00:00,24377) [kworker/3:0]
(root,0,0,00:00:00,25406) [kworker/5:0]
(root,52028,2952,00:00:00,25461) /usr/sbin/CRON -f
(root,4500,840,00:00:00,25467) /bin/sh -c /bin/bash /usr/local/bin/checklist.sh 1800 >> /var/log/status.log
(root,16528,3144,00:00:00,25469) /bin/bash /usr/local/bin/checklist.sh 1800
(root,9124,680,00:00:00,25480) sleep 1060
(root,0,0,00:00:00,25546) [kworker/4:0]
(root,0,0,00:00:00,26060) [kworker/7:2]
(root,0,0,00:00:00,26462) [kworker/u16:1]
(root,0,0,00:00:00,26562) [kworker/2:2]
(root,0,0,00:00:00,26771) [kworker/1:2]
(root,0,0,00:00:00,26786) [kworker/6:0]
(root,0,0,00:00:00,27075) [kworker/3:1]
(root,0,0,00:00:00,27497) [kworker/0:0]
(root,0,0,00:00:00,27800) [systemctl] <defunct>
(root,0,0,00:00:00,27801) [lookup.check.sh] <defunct>
(root,24928,3352,00:00:00,27877) /bin/bash /usr/bin/check_mk_agent
(root,34420,2972,00:00:00,27896) ps ax -o user,vsz,rss,cputime,pid,command --columns 10000
(root,13360,1060,00:00:00,27897) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4,\5) /
(root,0,0,00:00:01,28500) [kworker/u16:2]
(root,108184,2736,00:00:04,29654) /usr/bin/monit -c /etc/monit/monitrc
(root,0,0,00:00:00,29788) [kworker/u16:0]

Found on 2024-10-11 21:34

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcb0928f4f5d588c3c6d1d4d0fd5fda43983d9e228a

Found public CheckMk agent:
Version: 1.2.6p12
AgentOS: linux
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
OnlyFrom: 

Found process list through CheckMk:
(root,185116,5864,00:57:25,1) /sbin/init
(root,0,0,00:00:01,2) [kthreadd]
(root,0,0,00:00:10,3) [ksoftirqd/0]
(root,0,0,00:00:00,5) [kworker/0:0H]
(root,0,0,00:03:48,7) [rcu_sched]
(root,0,0,00:00:00,8) [rcu_bh]
(root,0,0,00:00:11,9) [migration/0]
(root,0,0,00:00:02,10) [watchdog/0]
(root,0,0,00:00:02,11) [watchdog/1]
(root,0,0,00:00:11,12) [migration/1]
(root,0,0,00:00:18,13) [ksoftirqd/1]
(root,0,0,00:00:00,15) [kworker/1:0H]
(root,0,0,00:00:02,16) [watchdog/2]
(root,0,0,00:00:10,17) [migration/2]
(root,0,0,00:00:09,18) [ksoftirqd/2]
(root,0,0,00:00:00,20) [kworker/2:0H]
(root,0,0,00:00:02,21) [watchdog/3]
(root,0,0,00:00:10,22) [migration/3]
(root,0,0,00:00:09,23) [ksoftirqd/3]
(root,0,0,00:00:00,25) [kworker/3:0H]
(root,0,0,00:00:02,26) [watchdog/4]
(root,0,0,00:00:11,27) [migration/4]
(root,0,0,00:00:10,28) [ksoftirqd/4]
(root,0,0,00:00:00,30) [kworker/4:0H]
(root,0,0,00:00:02,31) [watchdog/5]
(root,0,0,00:00:10,32) [migration/5]
(root,0,0,00:00:09,33) [ksoftirqd/5]
(root,0,0,00:00:00,35) [kworker/5:0H]
(root,0,0,00:00:02,36) [watchdog/6]
(root,0,0,00:00:10,37) [migration/6]
(root,0,0,00:00:15,38) [ksoftirqd/6]
(root,0,0,00:00:00,40) [kworker/6:0H]
(root,0,0,00:00:02,41) [watchdog/7]
(root,0,0,00:00:10,42) [migration/7]
(root,0,0,00:00:12,43) [ksoftirqd/7]
(root,0,0,00:00:00,45) [kworker/7:0H]
(root,0,0,00:00:00,46) [kdevtmpfs]
(root,0,0,00:00:00,47) [netns]
(root,0,0,00:00:00,48) [perf]
(root,0,0,00:00:00,49) [khungtaskd]
(root,0,0,00:00:00,50) [writeback]
(root,0,0,00:00:00,51) [ksmd]
(root,0,0,00:00:00,52) [khugepaged]
(root,0,0,00:00:00,53) [crypto]
(root,0,0,00:00:00,54) [kintegrityd]
(root,0,0,00:00:00,55) [bioset]
(root,0,0,00:00:00,56) [kblockd]
(root,0,0,00:00:00,57) [ata_sff]
(root,0,0,00:00:00,58) [md]
(root,0,0,00:00:00,59) [devfreq_wq]
(root,0,0,00:00:00,64) [kswapd0]
(root,0,0,00:00:00,65) [vmstat]
(root,0,0,00:00:00,66) [fsnotify_mark]
(root,0,0,00:00:00,67) [ecryptfs-kthrea]
(root,0,0,00:00:00,83) [kthrotld]
(root,0,0,00:00:00,90) [acpi_thermal_pm]
(root,0,0,00:00:00,91) [bioset]
(root,0,0,00:00:00,92) [bioset]
(root,0,0,00:00:00,93) [bioset]
(root,0,0,00:00:00,94) [bioset]
(root,0,0,00:00:00,95) [bioset]
(root,0,0,00:00:00,96) [bioset]
(root,0,0,00:00:00,97) [bioset]
(root,0,0,00:00:00,98) [bioset]
(root,0,0,00:00:00,103) [ipv6_addrconf]
(root,0,0,00:00:00,117) [deferwq]
(root,0,0,00:00:00,118) [charger_manager]
(root,0,0,00:00:00,164) [kpsmoused]
(root,0,0,00:00:00,165) [scsi_eh_0]
(root,0,0,00:00:00,166) [scsi_tmf_0]
(root,0,0,00:00:00,167) [scsi_eh_1]
(root,0,0,00:00:00,168) [scsi_tmf_1]
(root,0,0,00:00:00,210) [bioset]
(root,0,0,00:00:00,214) [ttm_swap]
(root,0,0,00:00:00,218) [scsi_eh_2]
(root,0,0,00:00:00,219) [scsi_tmf_2]
(root,0,0,00:00:53,220) [usb-storage]
(root,0,0,00:00:00,221) [uas]
(root,0,0,00:00:00,222) [scsi_eh_3]
(root,0,0,00:00:00,223) [scsi_tmf_3]
(root,0,0,00:00:54,224) [usb-storage]
(root,0,0,00:00:00,225) [scsi_eh_4]
(root,0,0,00:00:00,226) [scsi_tmf_4]
(root,0,0,00:00:44,227) [usb-storage]
(root,0,0,00:00:00,294) [bioset]
(root,0,0,00:00:00,301) [bioset]
(root,0,0,00:00:00,317) [raid5wq]
(root,0,0,00:00:00,342) [bioset]
(root,0,0,00:00:00,349) [bioset]
(root,0,0,00:00:01,378) [kworker/0:1H]
(root,0,0,00:00:04,379) [kworker/7:1H]
(root,0,0,00:00:00,380) [kworker/2:1H]
(root,0,0,00:00:00,381) [kworker/4:1H]
(root,0,0,00:00:01,382) [kworker/1:1H]
(root,0,0,00:00:17,384) [jbd2/sda1-8]
(root,0,0,00:00:00,385) [ext4-rsv-conver]
(root,0,0,00:00:00,465) [kauditd]
(root,35372,9396,00:04:45,466) /lib/systemd/systemd-journald
(root,0,0,00:00:00,469) [iscsi_eh]
(root,0,0,00:00:00,473) [ib_addr]
(root,0,0,00:00:00,478) [ib_mcast]
(root,0,0,00:00:00,479) [ib_nl_sa_wq]
(root,0,0,00:00:00,480) [ib_cm]
(root,0,0,00:00:00,481) [iw_cm_wq]
(root,0,0,00:00:00,482) [rdma_cm]
(root,94768,1488,00:00:00,484) /sbin/lvmetad -f
(root,44964,4468,00:00:01,531) /lib/systemd/systemd-udevd
(systemd+,100320,2588,00:00:01,557) /lib/systemd/systemd-timesyncd
(root,0,0,00:00:00,694) [kworker/5:1H]
(root,0,0,00:00:01,695) [kworker/6:1H]
(root,0,0,00:00:00,712) [kworker/3:1H]
(root,0,0,00:00:00,750) [kvm-irqfd-clean]
(root,4392,1284,00:00:00,1088) /usr/sbin/acpid
(root,30816,2892,00:00:03,1096) /usr/sbin/cron -f
(root,58208,4184,00:00:01,1100) lldpd: monitor
(syslog,256388,4360,00:01:13,1107) /usr/sbin/rsyslogd -n
(message+,42900,4064,00:02:43,1109) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation
(_lldpd,58208,2788,00:00:17,1120) lldpd: 2 neighbors
(daemon,26040,2116,00:00:00,1121) /usr/sbin/atd -f
(root,280044,6248,00:01:01,1131) /usr/lib/accountsservice/accounts-daemon
(root,28624,3156,00:00:54,1142) /lib/systemd/systemd-logind
(root,309640,2380,00:00:15,1146) /usr/bin/lxcfs /var/lib/lxcfs/
(root,5216,152,00:00:16,1170) /sbin/iscsid
(root,5716,3508,00:01:14,1171) /sbin/iscsid
(root,13368,160,00:00:00,1180) /sbin/mdadm --monitor --pid-file /run/mdadm/monitor.pid --daemonise --scan --syslog
(root,14232,2252,00:01:02,1321) /usr/sbin/lldpad -d
(root,19568,2036,00:01:42,1328) /usr/sbin/irqbalance --pid=/var/run/irqbalance.pid
(root,65508,6352,00:00:43,1334) /usr/sbin/sshd -D
(root,277084,6136,00:00:00,1384) /usr/lib/policykit-1/polkitd --no-debug
(root,15052,2132,00:00:04,1454) /usr/sbin/xinetd -pidfile /run/xinetd.pid -stayalive -inetd_compat -inetd_ipv6
(root,155132,39564,00:00:43,1589) /usr/bin/ruby /usr/bin/puppet agent
(root,17772,1800,00:03:55,1634) /sbin/agetty --noclear tty1 linux
(root,0,0,00:00:00,3028) [kworker/u16:3]
(root,0,0,00:00:00,3810) [kworker/u16:2]
(dnsmasq,56864,2820,00:00:42,4442) /usr/sbin/dnsmasq -x /run/dnsmasq/dnsmasq.pid -u dnsmasq -I lo -7 /etc/dnsmasq.d,.dpkg-dist,.dpkg-old,.dpkg-new --local-service --trust-anchor=.,19036,8,2,49aac11d7b6f6446702e54a1607371607a1a41855200fd2ce1cdde32f24e8fb5 --trust-anchor=.,20326,8,2,e06d44b80b8f1d39a95c0b0d7c65d08458e880409bbc683457104237c7f8ec8d
(root,37824,6020,00:01:05,6554) /usr/sbin/openvpn --daemon ovpn-99 --status /run/openvpn/99.status 10 --cd /etc/openvpn --script-security 2 --config /etc/openvpn/99.conf --writepid /run/openvpn/99.pid
(root,0,0,00:00:00,8145) [kworker/u16:0]
(root,0,0,00:00:00,8596) [kworker/0:0]
(root,0,0,00:00:00,9723) [kworker/4:0]
(root,108184,2736,00:00:04,9841) /usr/bin/monit -c /etc/monit/monitrc
(root,0,0,00:00:00,10125) [kworker/1:2]
(root,0,0,00:00:00,10234) [kworker/3:0]
(chilli,33612,10680,00:36:42,10691) /usr/sbin/chilli --fg
(root,0,0,00:00:00,11048) [kworker/5:1]
(root,0,0,00:00:00,11157) [kworker/2:0]
(root,0,0,00:00:00,11986) [kworker/6:2]
(root,0,0,00:00:00,12864) [kworker/1:0]
(root,52028,2888,00:00:00,13168) /usr/sbin/CRON -f
(root,4500,672,00:00:00,13173) /bin/sh -c /bin/bash /usr/local/bin/checklist.sh 1800 >> /var/log/status.log
(root,16528,2896,00:00:00,13175) /bin/bash /usr/local/bin/checklist.sh 1800
(root,9124,668,00:00:00,13178) sleep 1619
(root,0,0,00:00:00,13195) [kworker/7:1]
(root,0,0,00:00:00,13297) [kworker/3:2]
(root,0,0,00:00:00,13602) [kworker/4:2]
(root,0,0,00:00:00,14527) [kworker/2:1]
(root,0,0,00:00:00,14828) [kworker/0:2]
(root,0,0,00:00:00,15445) [kworker/u16:4]
(root,0,0,00:00:00,15544) [kworker/5:2]
(root,0,0,00:00:00,15752) [kworker/7:2]
(root,0,0,00:00:00,16069) [kworker/6:0]
(root,0,0,00:00:00,16992) [kworker/2:2]
(root,0,0,00:00:00,17298) [kworker/3:1]
(root,0,0,00:00:00,17806) [kworker/4:1]
(root,0,0,00:00:00,18013) [kworker/0:1]
(root,0,0,00:00:00,18222) [kworker/1:1]
(root,0,0,00:00:00,18629) [kworker/7:0]
(root,0,0,00:00:00,18630) [systemctl] <defunct>
(root,0,0,00:00:00,18631) [lookup.check.sh] <defunct>
(root,24904,3320,00:00:00,18640) /bin/bash /usr/local/bin/issue-generator
(root,6532,704,00:00:00,18685) ping -q -c 2 -W 1 8.8.8.8
(root,24928,3348,00:00:00,18741) /bin/bash /usr/bin/check_mk_agent
(root,34420,2876,00:00:00,18760) ps ax -o user,vsz,rss,cputime,pid,command --columns 10000
(root,13360,1000,00:00:00,18761) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4,\5) /

Found on 2024-10-09 21:56

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcb0928f4f5d588c3c6d1d4d0fd5fda4398ad439a61

Found public CheckMk agent:
Version: 1.2.6p12
AgentOS: linux
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
OnlyFrom: 

Found process list through CheckMk:
(root,185112,5860,00:49:39,1) /sbin/init
(root,0,0,00:00:01,2) [kthreadd]
(root,0,0,00:00:09,3) [ksoftirqd/0]
(root,0,0,00:00:00,5) [kworker/0:0H]
(root,0,0,00:03:23,7) [rcu_sched]
(root,0,0,00:00:00,8) [rcu_bh]
(root,0,0,00:00:09,9) [migration/0]
(root,0,0,00:00:02,10) [watchdog/0]
(root,0,0,00:00:02,11) [watchdog/1]
(root,0,0,00:00:09,12) [migration/1]
(root,0,0,00:00:17,13) [ksoftirqd/1]
(root,0,0,00:00:00,15) [kworker/1:0H]
(root,0,0,00:00:02,16) [watchdog/2]
(root,0,0,00:00:09,17) [migration/2]
(root,0,0,00:00:08,18) [ksoftirqd/2]
(root,0,0,00:00:00,20) [kworker/2:0H]
(root,0,0,00:00:01,21) [watchdog/3]
(root,0,0,00:00:08,22) [migration/3]
(root,0,0,00:00:08,23) [ksoftirqd/3]
(root,0,0,00:00:00,25) [kworker/3:0H]
(root,0,0,00:00:02,26) [watchdog/4]
(root,0,0,00:00:09,27) [migration/4]
(root,0,0,00:00:08,28) [ksoftirqd/4]
(root,0,0,00:00:00,30) [kworker/4:0H]
(root,0,0,00:00:01,31) [watchdog/5]
(root,0,0,00:00:09,32) [migration/5]
(root,0,0,00:00:07,33) [ksoftirqd/5]
(root,0,0,00:00:00,35) [kworker/5:0H]
(root,0,0,00:00:02,36) [watchdog/6]
(root,0,0,00:00:09,37) [migration/6]
(root,0,0,00:00:13,38) [ksoftirqd/6]
(root,0,0,00:00:00,40) [kworker/6:0H]
(root,0,0,00:00:01,41) [watchdog/7]
(root,0,0,00:00:09,42) [migration/7]
(root,0,0,00:00:10,43) [ksoftirqd/7]
(root,0,0,00:00:00,45) [kworker/7:0H]
(root,0,0,00:00:00,46) [kdevtmpfs]
(root,0,0,00:00:00,47) [netns]
(root,0,0,00:00:00,48) [perf]
(root,0,0,00:00:00,49) [khungtaskd]
(root,0,0,00:00:00,50) [writeback]
(root,0,0,00:00:00,51) [ksmd]
(root,0,0,00:00:00,52) [khugepaged]
(root,0,0,00:00:00,53) [crypto]
(root,0,0,00:00:00,54) [kintegrityd]
(root,0,0,00:00:00,55) [bioset]
(root,0,0,00:00:00,56) [kblockd]
(root,0,0,00:00:00,57) [ata_sff]
(root,0,0,00:00:00,58) [md]
(root,0,0,00:00:00,59) [devfreq_wq]
(root,0,0,00:00:00,64) [kswapd0]
(root,0,0,00:00:00,65) [vmstat]
(root,0,0,00:00:00,66) [fsnotify_mark]
(root,0,0,00:00:00,67) [ecryptfs-kthrea]
(root,0,0,00:00:00,83) [kthrotld]
(root,0,0,00:00:00,90) [acpi_thermal_pm]
(root,0,0,00:00:00,91) [bioset]
(root,0,0,00:00:00,92) [bioset]
(root,0,0,00:00:00,93) [bioset]
(root,0,0,00:00:00,94) [bioset]
(root,0,0,00:00:00,95) [bioset]
(root,0,0,00:00:00,96) [bioset]
(root,0,0,00:00:00,97) [bioset]
(root,0,0,00:00:00,98) [bioset]
(root,0,0,00:00:00,103) [ipv6_addrconf]
(root,0,0,00:00:00,117) [deferwq]
(root,0,0,00:00:00,118) [charger_manager]
(root,0,0,00:00:00,164) [kpsmoused]
(root,0,0,00:00:00,165) [scsi_eh_0]
(root,0,0,00:00:00,166) [scsi_tmf_0]
(root,0,0,00:00:00,167) [scsi_eh_1]
(root,0,0,00:00:00,168) [scsi_tmf_1]
(root,0,0,00:00:00,210) [bioset]
(root,0,0,00:00:00,214) [ttm_swap]
(root,0,0,00:00:00,218) [scsi_eh_2]
(root,0,0,00:00:00,219) [scsi_tmf_2]
(root,0,0,00:00:46,220) [usb-storage]
(root,0,0,00:00:00,221) [uas]
(root,0,0,00:00:00,222) [scsi_eh_3]
(root,0,0,00:00:00,223) [scsi_tmf_3]
(root,0,0,00:00:47,224) [usb-storage]
(root,0,0,00:00:00,225) [scsi_eh_4]
(root,0,0,00:00:00,226) [scsi_tmf_4]
(root,0,0,00:00:38,227) [usb-storage]
(root,0,0,00:00:00,294) [bioset]
(root,0,0,00:00:00,301) [bioset]
(root,0,0,00:00:00,317) [raid5wq]
(root,0,0,00:00:00,342) [bioset]
(root,0,0,00:00:00,349) [bioset]
(root,0,0,00:00:01,378) [kworker/0:1H]
(root,0,0,00:00:03,379) [kworker/7:1H]
(root,0,0,00:00:00,380) [kworker/2:1H]
(root,0,0,00:00:00,381) [kworker/4:1H]
(root,0,0,00:00:01,382) [kworker/1:1H]
(root,0,0,00:00:15,384) [jbd2/sda1-8]
(root,0,0,00:00:00,385) [ext4-rsv-conver]
(root,0,0,00:00:00,465) [kauditd]
(root,35372,5648,00:04:11,466) /lib/systemd/systemd-journald
(root,0,0,00:00:00,469) [iscsi_eh]
(root,0,0,00:00:00,473) [ib_addr]
(root,0,0,00:00:00,478) [ib_mcast]
(root,0,0,00:00:00,479) [ib_nl_sa_wq]
(root,0,0,00:00:00,480) [ib_cm]
(root,0,0,00:00:00,481) [iw_cm_wq]
(root,0,0,00:00:00,482) [rdma_cm]
(root,94768,1488,00:00:00,484) /sbin/lvmetad -f
(root,44964,4468,00:00:01,531) /lib/systemd/systemd-udevd
(systemd+,100320,2588,00:00:00,557) /lib/systemd/systemd-timesyncd
(root,0,0,00:00:00,694) [kworker/5:1H]
(root,0,0,00:00:01,695) [kworker/6:1H]
(root,0,0,00:00:00,712) [kworker/3:1H]
(root,0,0,00:00:00,750) [kvm-irqfd-clean]
(root,4392,1284,00:00:00,1088) /usr/sbin/acpid
(root,30816,2892,00:00:02,1096) /usr/sbin/cron -f
(root,58208,4184,00:00:01,1100) lldpd: monitor
(syslog,256388,4364,00:01:04,1107) /usr/sbin/rsyslogd -n
(message+,42900,4064,00:02:22,1109) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation
(_lldpd,58208,2788,00:00:14,1120) lldpd: 2 neighbors
(daemon,26040,2116,00:00:00,1121) /usr/sbin/atd -f
(root,280044,6248,00:00:53,1131) /usr/lib/accountsservice/accounts-daemon
(root,28624,3156,00:00:47,1142) /lib/systemd/systemd-logind
(root,309640,2380,00:00:13,1146) /usr/bin/lxcfs /var/lib/lxcfs/
(root,5216,152,00:00:14,1170) /sbin/iscsid
(root,5716,3508,00:01:04,1171) /sbin/iscsid
(root,13368,160,00:00:00,1180) /sbin/mdadm --monitor --pid-file /run/mdadm/monitor.pid --daemonise --scan --syslog
(root,14232,2252,00:00:54,1321) /usr/sbin/lldpad -d
(root,19568,2036,00:01:29,1328) /usr/sbin/irqbalance --pid=/var/run/irqbalance.pid
(root,65508,6352,00:00:38,1334) /usr/sbin/sshd -D
(root,277084,6136,00:00:00,1384) /usr/lib/policykit-1/polkitd --no-debug
(root,15052,2132,00:00:04,1454) /usr/sbin/xinetd -pidfile /run/xinetd.pid -stayalive -inetd_compat -inetd_ipv6
(root,155132,39564,00:00:37,1589) /usr/bin/ruby /usr/bin/puppet agent
(root,17772,1800,00:03:23,1634) /sbin/agetty --noclear tty1 linux
(root,0,0,00:00:00,3203) [kworker/u16:0]
(dnsmasq,56864,2820,00:00:40,4442) /usr/sbin/dnsmasq -x /run/dnsmasq/dnsmasq.pid -u dnsmasq -I lo -7 /etc/dnsmasq.d,.dpkg-dist,.dpkg-old,.dpkg-new --local-service --trust-anchor=.,19036,8,2,49aac11d7b6f6446702e54a1607371607a1a41855200fd2ce1cdde32f24e8fb5 --trust-anchor=.,20326,8,2,e06d44b80b8f1d39a95c0b0d7c65d08458e880409bbc683457104237c7f8ec8d
(root,37824,6020,00:00:51,6554) /usr/sbin/openvpn --daemon ovpn-99 --status /run/openvpn/99.status 10 --cd /etc/openvpn --script-security 2 --config /etc/openvpn/99.conf --writepid /run/openvpn/99.pid
(root,0,0,00:00:00,10072) [kworker/5:1]
(chilli,33612,10680,00:36:11,10691) /usr/sbin/chilli --fg
(root,0,0,00:00:00,14375) [kworker/u16:3]
(root,0,0,00:00:00,16137) [kworker/7:2]
(root,0,0,00:00:00,16547) [kworker/6:2]
(root,0,0,00:00:00,16646) [kworker/4:0]
(root,0,0,00:00:00,16755) [kworker/2:1]
(root,0,0,00:00:00,16855) [kworker/1:0]
(root,0,0,00:00:00,17471) [kworker/0:2]
(root,0,0,00:00:00,17578) [kworker/3:0]
(root,0,0,00:00:00,18726) [kworker/u16:2]
(root,0,0,00:00:00,18826) [kworker/7:1]
(root,0,0,00:00:00,19129) [kworker/5:2]
(root,0,0,00:00:00,19448) [kworker/6:0]
(root,0,0,00:00:00,19547) [kworker/1:2]
(root,0,0,00:00:00,19957) [kworker/4:1]
(root,0,0,00:00:00,20165) [kworker/3:1]
(root,0,0,00:00:00,20674) [kworker/0:1]
(root,0,0,00:00:00,20882) [kworker/2:2]
(root,0,0,00:00:00,21501) [kworker/u16:1]
(root,0,0,00:00:00,22014) [kworker/1:1]
(root,0,0,00:00:00,22315) [kworker/5:0]
(root,0,0,00:00:00,22318) [kworker/4:2]
(root,0,0,00:00:00,22626) [kworker/6:1]
(root,0,0,00:00:00,22736) [kworker/3:2]
(root,0,0,00:00:00,23533) [kworker/2:0]
(root,0,0,00:00:00,23635) [systemctl] <defunct>
(root,0,0,00:00:00,23636) [lookup.check.sh] <defunct>
(root,24928,3264,00:00:00,23986) /bin/bash /usr/bin/check_mk_agent
(root,34420,2860,00:00:00,24005) ps ax -o user,vsz,rss,cputime,pid,command --columns 10000
(root,13360,984,00:00:00,24006) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4,\5) /
(root,108184,2780,00:00:05,31978) /usr/bin/monit -c /etc/monit/monitrc

Found on 2024-10-07 22:26

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcb0928f4f5d588c3c6d1d4d0fd5fda4398caedaa94

Found public CheckMk agent:
Version: 1.2.6p12
AgentOS: linux
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
OnlyFrom: 

Found process list through CheckMk:
(root,185112,5860,00:41:48,1) /sbin/init
(root,0,0,00:00:00,2) [kthreadd]
(root,0,0,00:00:07,3) [ksoftirqd/0]
(root,0,0,00:00:00,5) [kworker/0:0H]
(root,0,0,00:02:54,7) [rcu_sched]
(root,0,0,00:00:00,8) [rcu_bh]
(root,0,0,00:00:08,9) [migration/0]
(root,0,0,00:00:01,10) [watchdog/0]
(root,0,0,00:00:01,11) [watchdog/1]
(root,0,0,00:00:08,12) [migration/1]
(root,0,0,00:00:14,13) [ksoftirqd/1]
(root,0,0,00:00:00,15) [kworker/1:0H]
(root,0,0,00:00:01,16) [watchdog/2]
(root,0,0,00:00:07,17) [migration/2]
(root,0,0,00:00:07,18) [ksoftirqd/2]
(root,0,0,00:00:00,20) [kworker/2:0H]
(root,0,0,00:00:01,21) [watchdog/3]
(root,0,0,00:00:07,22) [migration/3]
(root,0,0,00:00:07,23) [ksoftirqd/3]
(root,0,0,00:00:00,25) [kworker/3:0H]
(root,0,0,00:00:01,26) [watchdog/4]
(root,0,0,00:00:07,27) [migration/4]
(root,0,0,00:00:06,28) [ksoftirqd/4]
(root,0,0,00:00:00,30) [kworker/4:0H]
(root,0,0,00:00:01,31) [watchdog/5]
(root,0,0,00:00:07,32) [migration/5]
(root,0,0,00:00:06,33) [ksoftirqd/5]
(root,0,0,00:00:00,35) [kworker/5:0H]
(root,0,0,00:00:01,36) [watchdog/6]
(root,0,0,00:00:07,37) [migration/6]
(root,0,0,00:00:11,38) [ksoftirqd/6]
(root,0,0,00:00:00,40) [kworker/6:0H]
(root,0,0,00:00:01,41) [watchdog/7]
(root,0,0,00:00:07,42) [migration/7]
(root,0,0,00:00:09,43) [ksoftirqd/7]
(root,0,0,00:00:00,45) [kworker/7:0H]
(root,0,0,00:00:00,46) [kdevtmpfs]
(root,0,0,00:00:00,47) [netns]
(root,0,0,00:00:00,48) [perf]
(root,0,0,00:00:00,49) [khungtaskd]
(root,0,0,00:00:00,50) [writeback]
(root,0,0,00:00:00,51) [ksmd]
(root,0,0,00:00:00,52) [khugepaged]
(root,0,0,00:00:00,53) [crypto]
(root,0,0,00:00:00,54) [kintegrityd]
(root,0,0,00:00:00,55) [bioset]
(root,0,0,00:00:00,56) [kblockd]
(root,0,0,00:00:00,57) [ata_sff]
(root,0,0,00:00:00,58) [md]
(root,0,0,00:00:00,59) [devfreq_wq]
(root,0,0,00:00:00,64) [kswapd0]
(root,0,0,00:00:00,65) [vmstat]
(root,0,0,00:00:00,66) [fsnotify_mark]
(root,0,0,00:00:00,67) [ecryptfs-kthrea]
(root,0,0,00:00:00,83) [kthrotld]
(root,0,0,00:00:00,90) [acpi_thermal_pm]
(root,0,0,00:00:00,91) [bioset]
(root,0,0,00:00:00,92) [bioset]
(root,0,0,00:00:00,93) [bioset]
(root,0,0,00:00:00,94) [bioset]
(root,0,0,00:00:00,95) [bioset]
(root,0,0,00:00:00,96) [bioset]
(root,0,0,00:00:00,97) [bioset]
(root,0,0,00:00:00,98) [bioset]
(root,0,0,00:00:00,103) [ipv6_addrconf]
(root,0,0,00:00:00,117) [deferwq]
(root,0,0,00:00:00,118) [charger_manager]
(root,0,0,00:00:00,164) [kpsmoused]
(root,0,0,00:00:00,165) [scsi_eh_0]
(root,0,0,00:00:00,166) [scsi_tmf_0]
(root,0,0,00:00:00,167) [scsi_eh_1]
(root,0,0,00:00:00,168) [scsi_tmf_1]
(root,0,0,00:00:00,210) [bioset]
(root,0,0,00:00:00,214) [ttm_swap]
(root,0,0,00:00:00,218) [scsi_eh_2]
(root,0,0,00:00:00,219) [scsi_tmf_2]
(root,0,0,00:00:39,220) [usb-storage]
(root,0,0,00:00:00,221) [uas]
(root,0,0,00:00:00,222) [scsi_eh_3]
(root,0,0,00:00:00,223) [scsi_tmf_3]
(root,0,0,00:00:39,224) [usb-storage]
(root,0,0,00:00:00,225) [scsi_eh_4]
(root,0,0,00:00:00,226) [scsi_tmf_4]
(root,0,0,00:00:32,227) [usb-storage]
(root,0,0,00:00:00,294) [bioset]
(root,0,0,00:00:00,301) [bioset]
(root,0,0,00:00:00,317) [raid5wq]
(root,0,0,00:00:00,342) [bioset]
(root,0,0,00:00:00,349) [bioset]
(root,0,0,00:00:00,378) [kworker/0:1H]
(root,0,0,00:00:03,379) [kworker/7:1H]
(root,0,0,00:00:00,380) [kworker/2:1H]
(root,0,0,00:00:00,381) [kworker/4:1H]
(root,0,0,00:00:01,382) [kworker/1:1H]
(root,0,0,00:00:13,384) [jbd2/sda1-8]
(root,0,0,00:00:00,385) [ext4-rsv-conver]
(root,0,0,00:00:00,465) [kauditd]
(root,35372,7452,00:03:34,466) /lib/systemd/systemd-journald
(root,0,0,00:00:00,469) [iscsi_eh]
(root,0,0,00:00:00,473) [ib_addr]
(root,0,0,00:00:00,478) [ib_mcast]
(root,0,0,00:00:00,479) [ib_nl_sa_wq]
(root,0,0,00:00:00,480) [ib_cm]
(root,0,0,00:00:00,481) [iw_cm_wq]
(root,0,0,00:00:00,482) [rdma_cm]
(root,94768,1488,00:00:00,484) /sbin/lvmetad -f
(root,44964,4468,00:00:01,531) /lib/systemd/systemd-udevd
(systemd+,100320,2588,00:00:00,557) /lib/systemd/systemd-timesyncd
(root,0,0,00:00:00,694) [kworker/5:1H]
(root,0,0,00:00:00,695) [kworker/6:1H]
(root,0,0,00:00:00,712) [kworker/3:1H]
(root,0,0,00:00:00,750) [kvm-irqfd-clean]
(root,4392,1284,00:00:00,1088) /usr/sbin/acpid
(root,30816,2892,00:00:02,1096) /usr/sbin/cron -f
(root,58208,4184,00:00:01,1100) lldpd: monitor
(syslog,256388,4364,00:00:54,1107) /usr/sbin/rsyslogd -n
(message+,42900,4064,00:02:00,1109) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation
(_lldpd,58208,2788,00:00:12,1120) lldpd: 2 neighbors
(daemon,26040,2116,00:00:00,1121) /usr/sbin/atd -f
(root,280044,6248,00:00:45,1131) /usr/lib/accountsservice/accounts-daemon
(root,28624,3156,00:00:40,1142) /lib/systemd/systemd-logind
(root,309640,2380,00:00:10,1146) /usr/bin/lxcfs /var/lib/lxcfs/
(root,5216,152,00:00:12,1170) /sbin/iscsid
(root,5716,3508,00:00:54,1171) /sbin/iscsid
(root,13368,160,00:00:00,1180) /sbin/mdadm --monitor --pid-file /run/mdadm/monitor.pid --daemonise --scan --syslog
(root,14232,2252,00:00:46,1321) /usr/sbin/lldpad -d
(root,19568,2036,00:01:16,1328) /usr/sbin/irqbalance --pid=/var/run/irqbalance.pid
(root,65508,6352,00:00:33,1334) /usr/sbin/sshd -D
(root,277084,6136,00:00:00,1384) /usr/lib/policykit-1/polkitd --no-debug
(root,15052,2132,00:00:03,1454) /usr/sbin/xinetd -pidfile /run/xinetd.pid -stayalive -inetd_compat -inetd_ipv6
(root,155132,39564,00:00:31,1589) /usr/bin/ruby /usr/bin/puppet agent
(root,17772,1800,00:02:55,1634) /sbin/agetty --noclear tty1 linux
(dnsmasq,56864,2820,00:00:39,4442) /usr/sbin/dnsmasq -x /run/dnsmasq/dnsmasq.pid -u dnsmasq -I lo -7 /etc/dnsmasq.d,.dpkg-dist,.dpkg-old,.dpkg-new --local-service --trust-anchor=.,19036,8,2,49aac11d7b6f6446702e54a1607371607a1a41855200fd2ce1cdde32f24e8fb5 --trust-anchor=.,20326,8,2,e06d44b80b8f1d39a95c0b0d7c65d08458e880409bbc683457104237c7f8ec8d
(root,108184,2736,00:00:05,5581) /usr/bin/monit -c /etc/monit/monitrc
(root,37824,6020,00:00:38,6554) /usr/sbin/openvpn --daemon ovpn-99 --status /run/openvpn/99.status 10 --cd /etc/openvpn --script-security 2 --config /etc/openvpn/99.conf --writepid /run/openvpn/99.pid
(chilli,33612,10680,00:35:42,10691) /usr/sbin/chilli --fg
(root,0,0,00:00:00,17215) [kworker/u16:2]
(root,0,0,00:00:00,18566) [kworker/1:0]
(root,0,0,00:00:00,19491) [kworker/3:1]
(root,0,0,00:00:00,20524) [kworker/5:1]
(root,0,0,00:00:00,20526) [kworker/u16:1]
(root,0,0,00:00:00,21133) [kworker/7:1]
(root,0,0,00:00:00,22417) [kworker/0:2]
(root,0,0,00:00:00,22516) [kworker/2:2]
(root,0,0,00:00:00,22836) [kworker/6:0]
(root,0,0,00:00:00,23348) [kworker/4:2]
(root,0,0,00:00:00,23558) [kworker/1:2]
(root,0,0,00:00:00,23859) [kworker/7:0]
(root,0,0,00:00:00,24672) [kworker/5:0]
(root,0,0,00:00:00,25301) [kworker/u16:3]
(root,52028,2952,00:00:00,25349) /usr/sbin/CRON -f
(root,4500,708,00:00:00,25355) /bin/sh -c /bin/bash /usr/local/bin/checklist.sh 1800 >> /var/log/status.log
(root,16528,2908,00:00:00,25357) /bin/bash /usr/local/bin/checklist.sh 1800
(root,9124,700,00:00:00,25359) sleep 1213
(root,0,0,00:00:00,25527) [kworker/0:1]
(root,0,0,00:00:00,25730) [kworker/2:0]
(root,0,0,00:00:00,26137) [kworker/4:0]
(root,0,0,00:00:00,26548) [kworker/6:2]
(root,0,0,00:00:00,26648) [kworker/3:0]
(root,0,0,00:00:00,27263) [kworker/1:1]
(root,0,0,00:00:00,27471) [kworker/7:2]
(root,0,0,00:00:00,28081) [kworker/5:2]
(root,0,0,00:00:00,28381) [kworker/2:1]
(root,0,0,00:00:00,28490) [kworker/u16:0]
(root,0,0,00:00:00,28797) [kworker/0:0]
(root,0,0,00:00:00,29098) [systemctl] <defunct>
(root,0,0,00:00:00,29099) [lookup.check.sh] <defunct>
(root,24928,3264,00:00:00,29261) /bin/bash /usr/bin/check_mk_agent
(root,34420,2952,00:00:00,29280) ps ax -o user,vsz,rss,cputime,pid,command --columns 10000
(root,13360,1084,00:00:00,29281) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4,\5) /

Found on 2024-10-05 22:22

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcb0928f4f5d588c3c6d1d4d0fd5fda4398e925f341

Found public CheckMk agent:
Version: 1.2.6p12
AgentOS: linux
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
OnlyFrom: 

Found process list through CheckMk:
(root,185112,5860,00:33:54,1) /sbin/init
(root,0,0,00:00:00,2) [kthreadd]
(root,0,0,00:00:05,3) [ksoftirqd/0]
(root,0,0,00:00:00,5) [kworker/0:0H]
(root,0,0,00:02:29,7) [rcu_sched]
(root,0,0,00:00:00,8) [rcu_bh]
(root,0,0,00:00:06,9) [migration/0]
(root,0,0,00:00:01,10) [watchdog/0]
(root,0,0,00:00:01,11) [watchdog/1]
(root,0,0,00:00:06,12) [migration/1]
(root,0,0,00:00:11,13) [ksoftirqd/1]
(root,0,0,00:00:00,15) [kworker/1:0H]
(root,0,0,00:00:01,16) [watchdog/2]
(root,0,0,00:00:06,17) [migration/2]
(root,0,0,00:00:05,18) [ksoftirqd/2]
(root,0,0,00:00:00,20) [kworker/2:0H]
(root,0,0,00:00:01,21) [watchdog/3]
(root,0,0,00:00:06,22) [migration/3]
(root,0,0,00:00:05,23) [ksoftirqd/3]
(root,0,0,00:00:00,25) [kworker/3:0H]
(root,0,0,00:00:01,26) [watchdog/4]
(root,0,0,00:00:06,27) [migration/4]
(root,0,0,00:00:05,28) [ksoftirqd/4]
(root,0,0,00:00:00,30) [kworker/4:0H]
(root,0,0,00:00:01,31) [watchdog/5]
(root,0,0,00:00:06,32) [migration/5]
(root,0,0,00:00:05,33) [ksoftirqd/5]
(root,0,0,00:00:00,35) [kworker/5:0H]
(root,0,0,00:00:01,36) [watchdog/6]
(root,0,0,00:00:06,37) [migration/6]
(root,0,0,00:00:09,38) [ksoftirqd/6]
(root,0,0,00:00:00,40) [kworker/6:0H]
(root,0,0,00:00:01,41) [watchdog/7]
(root,0,0,00:00:06,42) [migration/7]
(root,0,0,00:00:07,43) [ksoftirqd/7]
(root,0,0,00:00:00,45) [kworker/7:0H]
(root,0,0,00:00:00,46) [kdevtmpfs]
(root,0,0,00:00:00,47) [netns]
(root,0,0,00:00:00,48) [perf]
(root,0,0,00:00:00,49) [khungtaskd]
(root,0,0,00:00:00,50) [writeback]
(root,0,0,00:00:00,51) [ksmd]
(root,0,0,00:00:00,52) [khugepaged]
(root,0,0,00:00:00,53) [crypto]
(root,0,0,00:00:00,54) [kintegrityd]
(root,0,0,00:00:00,55) [bioset]
(root,0,0,00:00:00,56) [kblockd]
(root,0,0,00:00:00,57) [ata_sff]
(root,0,0,00:00:00,58) [md]
(root,0,0,00:00:00,59) [devfreq_wq]
(root,0,0,00:00:00,64) [kswapd0]
(root,0,0,00:00:00,65) [vmstat]
(root,0,0,00:00:00,66) [fsnotify_mark]
(root,0,0,00:00:00,67) [ecryptfs-kthrea]
(root,0,0,00:00:00,83) [kthrotld]
(root,0,0,00:00:00,90) [acpi_thermal_pm]
(root,0,0,00:00:00,91) [bioset]
(root,0,0,00:00:00,92) [bioset]
(root,0,0,00:00:00,93) [bioset]
(root,0,0,00:00:00,94) [bioset]
(root,0,0,00:00:00,95) [bioset]
(root,0,0,00:00:00,96) [bioset]
(root,0,0,00:00:00,97) [bioset]
(root,0,0,00:00:00,98) [bioset]
(root,0,0,00:00:00,103) [ipv6_addrconf]
(root,0,0,00:00:00,117) [deferwq]
(root,0,0,00:00:00,118) [charger_manager]
(root,0,0,00:00:00,164) [kpsmoused]
(root,0,0,00:00:00,165) [scsi_eh_0]
(root,0,0,00:00:00,166) [scsi_tmf_0]
(root,0,0,00:00:00,167) [scsi_eh_1]
(root,0,0,00:00:00,168) [scsi_tmf_1]
(root,0,0,00:00:00,210) [bioset]
(root,0,0,00:00:00,214) [ttm_swap]
(root,0,0,00:00:00,218) [scsi_eh_2]
(root,0,0,00:00:00,219) [scsi_tmf_2]
(root,0,0,00:00:31,220) [usb-storage]
(root,0,0,00:00:00,221) [uas]
(root,0,0,00:00:00,222) [scsi_eh_3]
(root,0,0,00:00:00,223) [scsi_tmf_3]
(root,0,0,00:00:32,224) [usb-storage]
(root,0,0,00:00:00,225) [scsi_eh_4]
(root,0,0,00:00:00,226) [scsi_tmf_4]
(root,0,0,00:00:26,227) [usb-storage]
(root,0,0,00:00:00,294) [bioset]
(root,0,0,00:00:00,301) [bioset]
(root,0,0,00:00:00,317) [raid5wq]
(root,0,0,00:00:00,342) [bioset]
(root,0,0,00:00:00,349) [bioset]
(root,0,0,00:00:00,378) [kworker/0:1H]
(root,0,0,00:00:03,379) [kworker/7:1H]
(root,0,0,00:00:00,380) [kworker/2:1H]
(root,0,0,00:00:00,381) [kworker/4:1H]
(root,0,0,00:00:00,382) [kworker/1:1H]
(root,0,0,00:00:10,384) [jbd2/sda1-8]
(root,0,0,00:00:00,385) [ext4-rsv-conver]
(root,0,0,00:00:00,465) [kauditd]
(root,35372,3828,00:02:59,466) /lib/systemd/systemd-journald
(root,0,0,00:00:00,469) [iscsi_eh]
(root,0,0,00:00:00,473) [ib_addr]
(root,0,0,00:00:00,478) [ib_mcast]
(root,0,0,00:00:00,479) [ib_nl_sa_wq]
(root,0,0,00:00:00,480) [ib_cm]
(root,0,0,00:00:00,481) [iw_cm_wq]
(root,0,0,00:00:00,482) [rdma_cm]
(root,94768,1488,00:00:00,484) /sbin/lvmetad -f
(root,44964,4468,00:00:01,531) /lib/systemd/systemd-udevd
(systemd+,100320,2588,00:00:00,557) /lib/systemd/systemd-timesyncd
(root,0,0,00:00:00,607) [kworker/4:1]
(root,0,0,00:00:00,694) [kworker/5:1H]
(root,0,0,00:00:00,695) [kworker/6:1H]
(root,0,0,00:00:00,712) [kworker/3:1H]
(root,0,0,00:00:00,741) [kworker/5:0]
(root,0,0,00:00:00,750) [kvm-irqfd-clean]
(root,0,0,00:00:00,1045) [kworker/0:1]
(root,4392,1284,00:00:00,1088) /usr/sbin/acpid
(root,30816,2892,00:00:01,1096) /usr/sbin/cron -f
(root,58208,4184,00:00:01,1100) lldpd: monitor
(syslog,256388,4364,00:00:45,1107) /usr/sbin/rsyslogd -n
(message+,42900,4064,00:01:38,1109) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation
(_lldpd,58208,2788,00:00:10,1120) lldpd: 2 neighbors
(daemon,26040,2116,00:00:00,1121) /usr/sbin/atd -f
(root,280044,6248,00:00:37,1131) /usr/lib/accountsservice/accounts-daemon
(root,28624,3156,00:00:32,1142) /lib/systemd/systemd-logind
(root,309640,2380,00:00:08,1146) /usr/bin/lxcfs /var/lib/lxcfs/
(root,0,0,00:00:00,1159) [kworker/3:0]
(root,5216,152,00:00:09,1170) /sbin/iscsid
(root,5716,3508,00:00:45,1171) /sbin/iscsid
(root,13368,160,00:00:00,1180) /sbin/mdadm --monitor --pid-file /run/mdadm/monitor.pid --daemonise --scan --syslog
(root,0,0,00:00:00,1273) [kworker/1:1]
(root,14232,2252,00:00:37,1321) /usr/sbin/lldpad -d
(root,19568,2036,00:01:02,1328) /usr/sbin/irqbalance --pid=/var/run/irqbalance.pid
(root,65508,6352,00:00:28,1334) /usr/sbin/sshd -D
(root,277084,6136,00:00:00,1384) /usr/lib/policykit-1/polkitd --no-debug
(root,15052,2132,00:00:02,1454) /usr/sbin/xinetd -pidfile /run/xinetd.pid -stayalive -inetd_compat -inetd_ipv6
(root,155132,39564,00:00:25,1589) /usr/bin/ruby /usr/bin/puppet agent
(root,0,0,00:00:00,1600) [kworker/2:0]
(root,17772,1800,00:02:21,1634) /sbin/agetty --noclear tty1 linux
(root,0,0,00:00:00,2834) [kworker/7:1]
(root,0,0,00:00:00,3749) [kworker/5:2]
(root,0,0,00:00:00,3854) [kworker/0:2]
(root,0,0,00:00:00,4189) [kworker/1:2]
(root,0,0,00:00:00,4399) [kworker/u16:2]
(dnsmasq,56864,2820,00:00:37,4442) /usr/sbin/dnsmasq -x /run/dnsmasq/dnsmasq.pid -u dnsmasq -I lo -7 /etc/dnsmasq.d,.dpkg-dist,.dpkg-old,.dpkg-new --local-service --trust-anchor=.,19036,8,2,49aac11d7b6f6446702e54a1607371607a1a41855200fd2ce1cdde32f24e8fb5 --trust-anchor=.,20326,8,2,e06d44b80b8f1d39a95c0b0d7c65d08458e880409bbc683457104237c7f8ec8d
(root,0,0,00:00:00,4615) [kworker/6:2]
(root,0,0,00:00:00,5369) [kworker/2:2]
(root,0,0,00:00:00,5482) [kworker/7:2]
(root,0,0,00:00:00,5797) [kworker/3:2]
(root,0,0,00:00:00,6461) [kworker/0:0]
(root,37824,6020,00:00:24,6554) /usr/sbin/openvpn --daemon ovpn-99 --status /run/openvpn/99.status 10 --cd /etc/openvpn --script-security 2 --config /etc/openvpn/99.conf --writepid /run/openvpn/99.pid
(root,0,0,00:00:00,6994) [kworker/5:1]
(root,0,0,00:00:00,7001) [kworker/u16:1]
(root,0,0,00:00:00,7615) [kworker/1:0]
(root,0,0,00:00:00,7724) [kworker/6:1]
(root,52028,2952,00:00:00,8092) /usr/sbin/CRON -f
(root,4500,732,00:00:00,8098) /bin/sh -c /bin/bash /usr/local/bin/checklist.sh 1800 >> /var/log/status.log
(root,16528,3056,00:00:00,8103) /bin/bash /usr/local/bin/checklist.sh 1800
(root,9124,676,00:00:00,8125) sleep 1720
(root,0,0,00:00:00,8172) [kworker/7:0]
(root,0,0,00:00:00,8677) [kworker/3:1]
(root,0,0,00:00:00,8678) [systemctl] <defunct>
(root,0,0,00:00:00,8679) [lookup.check.sh] <defunct>
(root,24928,3212,00:00:00,8829) /bin/bash /usr/bin/check_mk_agent
(root,34420,2912,00:00:00,8848) ps ax -o user,vsz,rss,cputime,pid,command --columns 10000
(root,13360,1048,00:00:00,8849) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4,\5) /
(chilli,33612,10680,00:35:07,10691) /usr/sbin/chilli --fg
(root,0,0,00:00:00,14030) [kworker/u16:4]
(root,0,0,00:00:01,23072) [kworker/u16:3]
(root,0,0,00:00:00,26233) [kworker/6:0]
(root,0,0,00:00:00,28120) [kworker/4:0]
(root,0,0,00:00:01,29723) [kworker/u16:0]
(root,108184,2744,00:00:04,29922) /usr/bin/monit -c /etc/monit/monitrc

Found on 2024-10-03 22:01

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcb0928f4f5d588c3c6d1d4d0fd5fda4398dbc153f8

Found public CheckMk agent:
Version: 1.2.6p12
AgentOS: linux
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
OnlyFrom: 

Found process list through CheckMk:
(root,185112,5860,00:26:11,1) /sbin/init
(root,0,0,00:00:00,2) [kthreadd]
(root,0,0,00:00:04,3) [ksoftirqd/0]
(root,0,0,00:00:00,5) [kworker/0:0H]
(root,0,0,00:02:04,7) [rcu_sched]
(root,0,0,00:00:00,8) [rcu_bh]
(root,0,0,00:00:05,9) [migration/0]
(root,0,0,00:00:01,10) [watchdog/0]
(root,0,0,00:00:01,11) [watchdog/1]
(root,0,0,00:00:05,12) [migration/1]
(root,0,0,00:00:09,13) [ksoftirqd/1]
(root,0,0,00:00:00,15) [kworker/1:0H]
(root,0,0,00:00:01,16) [watchdog/2]
(root,0,0,00:00:04,17) [migration/2]
(root,0,0,00:00:04,18) [ksoftirqd/2]
(root,0,0,00:00:00,20) [kworker/2:0H]
(root,0,0,00:00:01,21) [watchdog/3]
(root,0,0,00:00:04,22) [migration/3]
(root,0,0,00:00:04,23) [ksoftirqd/3]
(root,0,0,00:00:00,25) [kworker/3:0H]
(root,0,0,00:00:01,26) [watchdog/4]
(root,0,0,00:00:04,27) [migration/4]
(root,0,0,00:00:04,28) [ksoftirqd/4]
(root,0,0,00:00:00,30) [kworker/4:0H]
(root,0,0,00:00:01,31) [watchdog/5]
(root,0,0,00:00:04,32) [migration/5]
(root,0,0,00:00:04,33) [ksoftirqd/5]
(root,0,0,00:00:00,35) [kworker/5:0H]
(root,0,0,00:00:01,36) [watchdog/6]
(root,0,0,00:00:04,37) [migration/6]
(root,0,0,00:00:06,38) [ksoftirqd/6]
(root,0,0,00:00:00,40) [kworker/6:0H]
(root,0,0,00:00:01,41) [watchdog/7]
(root,0,0,00:00:04,42) [migration/7]
(root,0,0,00:00:05,43) [ksoftirqd/7]
(root,0,0,00:00:00,45) [kworker/7:0H]
(root,0,0,00:00:00,46) [kdevtmpfs]
(root,0,0,00:00:00,47) [netns]
(root,0,0,00:00:00,48) [perf]
(root,0,0,00:00:00,49) [khungtaskd]
(root,0,0,00:00:00,50) [writeback]
(root,0,0,00:00:00,51) [ksmd]
(root,0,0,00:00:00,52) [khugepaged]
(root,0,0,00:00:00,53) [crypto]
(root,0,0,00:00:00,54) [kintegrityd]
(root,0,0,00:00:00,55) [bioset]
(root,0,0,00:00:00,56) [kblockd]
(root,0,0,00:00:00,57) [ata_sff]
(root,0,0,00:00:00,58) [md]
(root,0,0,00:00:00,59) [devfreq_wq]
(root,0,0,00:00:00,64) [kswapd0]
(root,0,0,00:00:00,65) [vmstat]
(root,0,0,00:00:00,66) [fsnotify_mark]
(root,0,0,00:00:00,67) [ecryptfs-kthrea]
(root,0,0,00:00:00,83) [kthrotld]
(root,0,0,00:00:00,90) [acpi_thermal_pm]
(root,0,0,00:00:00,91) [bioset]
(root,0,0,00:00:00,92) [bioset]
(root,0,0,00:00:00,93) [bioset]
(root,0,0,00:00:00,94) [bioset]
(root,0,0,00:00:00,95) [bioset]
(root,0,0,00:00:00,96) [bioset]
(root,0,0,00:00:00,97) [bioset]
(root,0,0,00:00:00,98) [bioset]
(root,0,0,00:00:00,103) [ipv6_addrconf]
(root,0,0,00:00:00,117) [deferwq]
(root,0,0,00:00:00,118) [charger_manager]
(root,0,0,00:00:00,164) [kpsmoused]
(root,0,0,00:00:00,165) [scsi_eh_0]
(root,0,0,00:00:00,166) [scsi_tmf_0]
(root,0,0,00:00:00,167) [scsi_eh_1]
(root,0,0,00:00:00,168) [scsi_tmf_1]
(root,0,0,00:00:00,210) [bioset]
(root,0,0,00:00:00,214) [ttm_swap]
(root,0,0,00:00:00,218) [scsi_eh_2]
(root,0,0,00:00:00,219) [scsi_tmf_2]
(root,0,0,00:00:24,220) [usb-storage]
(root,0,0,00:00:00,221) [uas]
(root,0,0,00:00:00,222) [scsi_eh_3]
(root,0,0,00:00:00,223) [scsi_tmf_3]
(root,0,0,00:00:24,224) [usb-storage]
(root,0,0,00:00:00,225) [scsi_eh_4]
(root,0,0,00:00:00,226) [scsi_tmf_4]
(root,0,0,00:00:20,227) [usb-storage]
(root,0,0,00:00:00,294) [bioset]
(root,0,0,00:00:00,301) [bioset]
(root,0,0,00:00:00,317) [raid5wq]
(root,0,0,00:00:00,342) [bioset]
(root,0,0,00:00:00,349) [bioset]
(root,0,0,00:00:00,378) [kworker/0:1H]
(root,0,0,00:00:02,379) [kworker/7:1H]
(root,0,0,00:00:00,380) [kworker/2:1H]
(root,0,0,00:00:00,381) [kworker/4:1H]
(root,0,0,00:00:00,382) [kworker/1:1H]
(root,0,0,00:00:08,384) [jbd2/sda1-8]
(root,0,0,00:00:00,385) [ext4-rsv-conver]
(root,0,0,00:00:00,465) [kauditd]
(root,35372,8672,00:02:24,466) /lib/systemd/systemd-journald
(root,0,0,00:00:00,469) [iscsi_eh]
(root,0,0,00:00:00,473) [ib_addr]
(root,0,0,00:00:00,478) [ib_mcast]
(root,0,0,00:00:00,479) [ib_nl_sa_wq]
(root,0,0,00:00:00,480) [ib_cm]
(root,0,0,00:00:00,481) [iw_cm_wq]
(root,0,0,00:00:00,482) [rdma_cm]
(root,94768,1488,00:00:00,484) /sbin/lvmetad -f
(root,44964,4468,00:00:00,531) /lib/systemd/systemd-udevd
(systemd+,100320,2588,00:00:00,557) /lib/systemd/systemd-timesyncd
(root,0,0,00:00:00,694) [kworker/5:1H]
(root,0,0,00:00:00,695) [kworker/6:1H]
(root,0,0,00:00:00,712) [kworker/3:1H]
(root,0,0,00:00:00,750) [kvm-irqfd-clean]
(root,4392,1284,00:00:00,1088) /usr/sbin/acpid
(root,30816,2892,00:00:01,1096) /usr/sbin/cron -f
(root,58208,4184,00:00:00,1100) lldpd: monitor
(syslog,256388,4296,00:00:36,1107) /usr/sbin/rsyslogd -n
(message+,42900,4064,00:01:16,1109) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation
(_lldpd,58208,2788,00:00:07,1120) lldpd: 2 neighbors
(daemon,26040,2116,00:00:00,1121) /usr/sbin/atd -f
(root,280044,6248,00:00:29,1131) /usr/lib/accountsservice/accounts-daemon
(root,28624,3156,00:00:25,1142) /lib/systemd/systemd-logind
(root,309640,2380,00:00:06,1146) /usr/bin/lxcfs /var/lib/lxcfs/
(root,5216,152,00:00:07,1170) /sbin/iscsid
(root,5716,3508,00:00:35,1171) /sbin/iscsid
(root,13368,160,00:00:00,1180) /sbin/mdadm --monitor --pid-file /run/mdadm/monitor.pid --daemonise --scan --syslog
(root,14232,2252,00:00:29,1321) /usr/sbin/lldpad -d
(root,19568,2036,00:00:49,1328) /usr/sbin/irqbalance --pid=/var/run/irqbalance.pid
(root,65508,6352,00:00:22,1334) /usr/sbin/sshd -D
(root,277084,6136,00:00:00,1384) /usr/lib/policykit-1/polkitd --no-debug
(root,15052,2132,00:00:01,1454) /usr/sbin/xinetd -pidfile /run/xinetd.pid -stayalive -inetd_compat -inetd_ipv6
(root,0,0,00:00:00,1494) [kworker/u16:1]
(root,155132,39564,00:00:19,1589) /usr/bin/ruby /usr/bin/puppet agent
(root,17772,1800,00:01:46,1634) /sbin/agetty --noclear tty1 linux
(root,0,0,00:00:00,3365) [kworker/7:1]
(root,0,0,00:00:00,3670) [kworker/3:0]
(root,0,0,00:00:00,4194) [kworker/0:1]
(dnsmasq,56864,2820,00:00:36,4442) /usr/sbin/dnsmasq -x /run/dnsmasq/dnsmasq.pid -u dnsmasq -I lo -7 /etc/dnsmasq.d,.dpkg-dist,.dpkg-old,.dpkg-new --local-service --trust-anchor=.,19036,8,2,49aac11d7b6f6446702e54a1607371607a1a41855200fd2ce1cdde32f24e8fb5 --trust-anchor=.,20326,8,2,e06d44b80b8f1d39a95c0b0d7c65d08458e880409bbc683457104237c7f8ec8d
(root,0,0,00:00:00,5315) [kworker/5:1]
(root,0,0,00:00:00,5917) [kworker/2:0]
(root,0,0,00:00:00,6334) [kworker/6:2]
(root,37824,6020,00:00:11,6554) /usr/sbin/openvpn --daemon ovpn-99 --status /run/openvpn/99.status 10 --cd /etc/openvpn --script-security 2 --config /etc/openvpn/99.conf --writepid /run/openvpn/99.pid
(root,108184,2796,00:00:00,6891) /usr/bin/monit -c /etc/monit/monitrc
(root,0,0,00:00:00,7673) [kworker/4:0]
(root,0,0,00:00:00,7884) [kworker/0:2]
(root,52028,2952,00:00:00,7996) /usr/sbin/CRON -f
(root,4500,784,00:00:00,8005) /bin/sh -c /bin/bash /usr/local/bin/checklist.sh 1800 >> /var/log/status.log
(root,16528,2976,00:00:00,8011) /bin/bash /usr/local/bin/checklist.sh 1800
(root,9124,748,00:00:00,8017) sleep 1056
(root,0,0,00:00:00,8531) [kworker/1:2]
(root,0,0,00:00:00,9040) [kworker/u16:3]
(root,0,0,00:00:00,9667) [kworker/3:1]
(root,0,0,00:00:00,9973) [kworker/5:0]
(root,0,0,00:00:00,10084) [kworker/6:0]
(root,0,0,00:00:00,10387) [kworker/4:2]
(root,0,0,00:00:00,10597) [kworker/7:0]
(chilli,33612,10680,00:34:27,10691) /usr/sbin/chilli --fg
(root,0,0,00:00:00,10704) [kworker/2:1]
(root,0,0,00:00:00,11955) [kworker/1:1]
(root,0,0,00:00:00,12060) [kworker/0:0]
(root,0,0,00:00:00,12338) [kworker/u16:2]
(root,0,0,00:00:00,12811) [kworker/3:2]
(root,0,0,00:00:00,13031) [kworker/5:2]
(root,0,0,00:00:00,13774) [kworker/4:1]
(root,0,0,00:00:00,13988) [kworker/u16:0]
(root,0,0,00:00:00,13991) [kworker/u16:4]
(root,0,0,00:00:00,14108) [kworker/7:2]
(root,0,0,00:00:00,14303) [kworker/6:1]
(root,0,0,00:00:00,14304) [systemctl] <defunct>
(root,0,0,00:00:00,14305) [lookup.check.sh] <defunct>
(root,24928,3320,00:00:00,14514) /bin/bash /usr/bin/check_mk_agent
(root,34420,2936,00:00:00,14533) ps ax -o user,vsz,rss,cputime,pid,command --columns 10000
(root,13360,1088,00:00:00,14534) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4,\5) /

Found on 2024-10-01 22:42

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcb0928f4f5d588c3c6d1d4d0fd5fda4398a0fe6106

Found public CheckMk agent:
Version: 1.2.6p12
AgentOS: linux
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
OnlyFrom: 

Found process list through CheckMk:
(root,119564,5772,00:17:36,1) /sbin/init
(root,0,0,00:00:00,2) [kthreadd]
(root,0,0,00:00:03,3) [ksoftirqd/0]
(root,0,0,00:00:00,5) [kworker/0:0H]
(root,0,0,00:00:52,7) [rcu_sched]
(root,0,0,00:00:00,8) [rcu_bh]
(root,0,0,00:00:03,9) [migration/0]
(root,0,0,00:00:00,10) [watchdog/0]
(root,0,0,00:00:00,11) [watchdog/1]
(root,0,0,00:00:03,12) [migration/1]
(root,0,0,00:00:06,13) [ksoftirqd/1]
(root,0,0,00:00:00,15) [kworker/1:0H]
(root,0,0,00:00:00,16) [watchdog/2]
(root,0,0,00:00:03,17) [migration/2]
(root,0,0,00:00:02,18) [ksoftirqd/2]
(root,0,0,00:00:00,20) [kworker/2:0H]
(root,0,0,00:00:00,21) [watchdog/3]
(root,0,0,00:00:03,22) [migration/3]
(root,0,0,00:00:02,23) [ksoftirqd/3]
(root,0,0,00:00:00,25) [kworker/3:0H]
(root,0,0,00:00:00,26) [watchdog/4]
(root,0,0,00:00:03,27) [migration/4]
(root,0,0,00:00:02,28) [ksoftirqd/4]
(root,0,0,00:00:00,30) [kworker/4:0H]
(root,0,0,00:00:00,31) [watchdog/5]
(root,0,0,00:00:03,32) [migration/5]
(root,0,0,00:00:02,33) [ksoftirqd/5]
(root,0,0,00:00:00,35) [kworker/5:0H]
(root,0,0,00:00:00,36) [watchdog/6]
(root,0,0,00:00:03,37) [migration/6]
(root,0,0,00:00:03,38) [ksoftirqd/6]
(root,0,0,00:00:00,40) [kworker/6:0H]
(root,0,0,00:00:00,41) [watchdog/7]
(root,0,0,00:00:03,42) [migration/7]
(root,0,0,00:00:03,43) [ksoftirqd/7]
(root,0,0,00:00:00,45) [kworker/7:0H]
(root,0,0,00:00:00,46) [kdevtmpfs]
(root,0,0,00:00:00,47) [netns]
(root,0,0,00:00:00,48) [perf]
(root,0,0,00:00:00,49) [khungtaskd]
(root,0,0,00:00:00,50) [writeback]
(root,0,0,00:00:00,51) [ksmd]
(root,0,0,00:00:00,52) [khugepaged]
(root,0,0,00:00:00,53) [crypto]
(root,0,0,00:00:00,54) [kintegrityd]
(root,0,0,00:00:00,55) [bioset]
(root,0,0,00:00:00,56) [kblockd]
(root,0,0,00:00:00,57) [ata_sff]
(root,0,0,00:00:00,58) [md]
(root,0,0,00:00:00,59) [devfreq_wq]
(root,0,0,00:00:00,64) [kswapd0]
(root,0,0,00:00:00,65) [vmstat]
(root,0,0,00:00:00,66) [fsnotify_mark]
(root,0,0,00:00:00,67) [ecryptfs-kthrea]
(root,0,0,00:00:00,83) [kthrotld]
(root,0,0,00:00:00,90) [acpi_thermal_pm]
(root,0,0,00:00:00,91) [bioset]
(root,0,0,00:00:00,92) [bioset]
(root,0,0,00:00:00,93) [bioset]
(root,0,0,00:00:00,94) [bioset]
(root,0,0,00:00:00,95) [bioset]
(root,0,0,00:00:00,96) [bioset]
(root,0,0,00:00:00,97) [bioset]
(root,0,0,00:00:00,98) [bioset]
(root,0,0,00:00:00,103) [ipv6_addrconf]
(root,0,0,00:00:00,117) [deferwq]
(root,0,0,00:00:00,118) [charger_manager]
(root,0,0,00:00:00,164) [kpsmoused]
(root,0,0,00:00:00,165) [scsi_eh_0]
(root,0,0,00:00:00,166) [scsi_tmf_0]
(root,0,0,00:00:00,167) [scsi_eh_1]
(root,0,0,00:00:00,168) [scsi_tmf_1]
(root,0,0,00:00:00,210) [bioset]
(root,0,0,00:00:00,214) [ttm_swap]
(root,0,0,00:00:00,218) [scsi_eh_2]
(root,0,0,00:00:00,219) [scsi_tmf_2]
(root,0,0,00:00:16,220) [usb-storage]
(root,0,0,00:00:00,221) [uas]
(root,0,0,00:00:00,222) [scsi_eh_3]
(root,0,0,00:00:00,223) [scsi_tmf_3]
(root,0,0,00:00:16,224) [usb-storage]
(root,0,0,00:00:00,225) [scsi_eh_4]
(root,0,0,00:00:00,226) [scsi_tmf_4]
(root,0,0,00:00:13,227) [usb-storage]
(root,0,0,00:00:00,294) [bioset]
(root,0,0,00:00:00,301) [bioset]
(root,0,0,00:00:00,317) [raid5wq]
(root,0,0,00:00:00,342) [bioset]
(root,0,0,00:00:00,349) [bioset]
(root,0,0,00:00:00,378) [kworker/0:1H]
(root,0,0,00:00:01,379) [kworker/7:1H]
(root,0,0,00:00:00,380) [kworker/2:1H]
(root,0,0,00:00:00,381) [kworker/4:1H]
(root,0,0,00:00:00,382) [kworker/1:1H]
(root,0,0,00:00:04,384) [jbd2/sda1-8]
(root,0,0,00:00:00,385) [ext4-rsv-conver]
(root,0,0,00:00:00,465) [kauditd]
(root,35372,5180,00:01:11,466) /lib/systemd/systemd-journald
(root,0,0,00:00:00,469) [iscsi_eh]
(root,0,0,00:00:00,473) [ib_addr]
(root,0,0,00:00:00,478) [ib_mcast]
(root,0,0,00:00:00,479) [ib_nl_sa_wq]
(root,0,0,00:00:00,480) [ib_cm]
(root,0,0,00:00:00,481) [iw_cm_wq]
(root,0,0,00:00:00,482) [rdma_cm]
(root,94768,1488,00:00:00,484) /sbin/lvmetad -f
(root,44964,4468,00:00:00,531) /lib/systemd/systemd-udevd
(systemd+,100320,2588,00:00:00,557) /lib/systemd/systemd-timesyncd
(root,0,0,00:00:00,592) [kworker/2:2]
(root,0,0,00:00:00,694) [kworker/5:1H]
(root,0,0,00:00:00,695) [kworker/6:1H]
(root,0,0,00:00:00,699) [kworker/6:2]
(root,0,0,00:00:00,712) [kworker/3:1H]
(root,0,0,00:00:00,750) [kvm-irqfd-clean]
(root,0,0,00:00:00,820) [kworker/u16:2]
(root,4392,1284,00:00:00,1088) /usr/sbin/acpid
(root,30816,2892,00:00:00,1096) /usr/sbin/cron -f
(root,58208,4184,00:00:00,1100) lldpd: monitor
(syslog,256388,4296,00:00:17,1107) /usr/sbin/rsyslogd -n
(message+,42900,4064,00:00:52,1109) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation
(_lldpd,58208,2788,00:00:04,1120) lldpd: connected to KBG570-NWCLSW-P165
(daemon,26040,2116,00:00:00,1121) /usr/sbin/atd -f
(root,280044,6248,00:00:15,1131) /usr/lib/accountsservice/accounts-daemon
(root,20096,1148,00:00:16,1142) /lib/systemd/systemd-logind
(root,309640,2380,00:00:04,1146) /usr/bin/lxcfs /var/lib/lxcfs/
(root,5216,152,00:00:05,1170) /sbin/iscsid
(root,5716,3508,00:00:24,1171) /sbin/iscsid
(root,13368,160,00:00:00,1180) /sbin/mdadm --monitor --pid-file /run/mdadm/monitor.pid --daemonise --scan --syslog
(root,0,0,00:00:00,1258) [kworker/0:0]
(chilli,32312,9452,00:01:14,1313) /usr/sbin/chilli --fg
(root,14232,2176,00:00:19,1321) /usr/sbin/lldpad -d
(root,19568,2036,00:00:33,1328) /usr/sbin/irqbalance --pid=/var/run/irqbalance.pid
(root,65508,6352,00:00:08,1334) /usr/sbin/sshd -D
(root,65508,5876,00:00:00,1365) sshd: [accepted]
(root,277084,6136,00:00:00,1384) /usr/lib/policykit-1/polkitd --no-debug
(root,15052,2132,00:00:01,1454) /usr/sbin/xinetd -pidfile /run/xinetd.pid -stayalive -inetd_compat -inetd_ipv6
(root,155132,39564,00:00:12,1589) /usr/bin/ruby /usr/bin/puppet agent
(root,17772,1800,00:01:08,1634) /sbin/agetty --noclear tty1 linux
(root,0,0,00:00:00,1898) [kworker/1:1]
(root,0,0,00:00:00,2005) [kworker/4:0]
(root,0,0,00:00:00,2116) [kworker/3:1]
(root,0,0,00:00:00,2221) [systemctl] <defunct>
(root,0,0,00:00:00,2222) [lookup.check.sh] <defunct>
(root,0,0,00:00:00,2422) [kworker/7:0]
(root,24928,3320,00:00:00,2552) /bin/bash /usr/bin/check_mk_agent
(root,34420,2832,00:00:00,2572) ps ax -o user,vsz,rss,cputime,pid,command --columns 10000
(root,13360,1088,00:00:00,2573) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4,\5) /
(root,0,0,00:00:00,17062) [kworker/u16:0]
(root,0,0,00:00:00,23106) [kworker/u16:1]
(root,0,0,00:00:00,24060) [kworker/0:1]
(root,108184,2804,00:00:05,25020) /usr/bin/monit -c /etc/monit/monitrc
(root,0,0,00:00:00,26839) [kworker/6:0]
(root,0,0,00:00:00,27543) [kworker/4:2]
(root,0,0,00:00:00,27654) [kworker/2:0]
(root,52028,2952,00:00:00,27761) /usr/sbin/CRON -f
(root,4500,792,00:00:00,27766) /bin/sh -c /bin/bash /usr/local/bin/checklist.sh 1800 >> /var/log/status.log
(root,16528,2904,00:00:00,27767) /bin/bash /usr/local/bin/checklist.sh 1800
(root,9124,656,00:00:00,27771) sleep 1577
(root,0,0,00:00:00,28102) [kworker/7:1]
(root,0,0,00:00:00,28621) [kworker/5:0]
(root,0,0,00:00:02,28862) [kworker/u16:3]
(root,0,0,00:00:00,29139) [kworker/1:2]
(root,0,0,00:00:00,29354) [kworker/3:2]
(root,0,0,00:00:00,29977) [kworker/0:2]
(root,0,0,00:00:00,30190) [kworker/2:1]
(root,0,0,00:00:00,30405) [kworker/6:1]
(root,0,0,00:00:00,30612) [kworker/u16:4]
(dnsmasq,56864,2768,00:00:02,30847) /usr/sbin/dnsmasq -x /run/dnsmasq/dnsmasq.pid -u dnsmasq -I lo -7 /etc/dnsmasq.d,.dpkg-dist,.dpkg-old,.dpkg-new --local-service --trust-anchor=.,19036,8,2,49aac11d7b6f6446702e54a1607371607a1a41855200fd2ce1cdde32f24e8fb5 --trust-anchor=.,20326,8,2,e06d44b80b8f1d39a95c0b0d7c65d08458e880409bbc683457104237c7f8ec8d
(root,0,0,00:00:00,31043) [kworker/4:1]
(root,0,0,00:00:00,31144) [kworker/7:2]
(root,37824,6064,00:00:24,31358) /usr/sbin/openvpn --daemon ovpn-99 --status /run/openvpn/99.status 10 --cd /etc/openvpn --script-security 2 --config /etc/openvpn/99.conf --writepid /run/openvpn/99.pid
(root,0,0,00:00:00,31667) [kworker/5:2]
(root,0,0,00:00:00,31668) [kworker/1:0]
(root,0,0,00:00:00,31783) [kworker/3:0]

Found on 2024-09-29 21:59

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcb0928f4f5d588c3c6d1d4d0fd5fda4398f4d38b7b

Found public CheckMk agent:
Version: 1.2.6p12
AgentOS: linux
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
OnlyFrom: 

Found process list through CheckMk:
(root,119560,5768,00:07:51,1) /sbin/init
(root,0,0,00:00:00,2) [kthreadd]
(root,0,0,00:00:01,3) [ksoftirqd/0]
(root,0,0,00:00:00,5) [kworker/0:0H]
(root,0,0,00:00:23,7) [rcu_sched]
(root,0,0,00:00:00,8) [rcu_bh]
(root,0,0,00:00:01,9) [migration/0]
(root,0,0,00:00:00,10) [watchdog/0]
(root,0,0,00:00:00,11) [watchdog/1]
(root,0,0,00:00:01,12) [migration/1]
(root,0,0,00:00:02,13) [ksoftirqd/1]
(root,0,0,00:00:00,15) [kworker/1:0H]
(root,0,0,00:00:00,16) [watchdog/2]
(root,0,0,00:00:01,17) [migration/2]
(root,0,0,00:00:01,18) [ksoftirqd/2]
(root,0,0,00:00:00,20) [kworker/2:0H]
(root,0,0,00:00:00,21) [watchdog/3]
(root,0,0,00:00:01,22) [migration/3]
(root,0,0,00:00:01,23) [ksoftirqd/3]
(root,0,0,00:00:00,25) [kworker/3:0H]
(root,0,0,00:00:00,26) [watchdog/4]
(root,0,0,00:00:01,27) [migration/4]
(root,0,0,00:00:01,28) [ksoftirqd/4]
(root,0,0,00:00:00,30) [kworker/4:0H]
(root,0,0,00:00:00,31) [watchdog/5]
(root,0,0,00:00:01,32) [migration/5]
(root,0,0,00:00:01,33) [ksoftirqd/5]
(root,0,0,00:00:00,35) [kworker/5:0H]
(root,0,0,00:00:00,36) [watchdog/6]
(root,0,0,00:00:01,37) [migration/6]
(root,0,0,00:00:02,38) [ksoftirqd/6]
(root,0,0,00:00:00,40) [kworker/6:0H]
(root,0,0,00:00:00,41) [watchdog/7]
(root,0,0,00:00:01,42) [migration/7]
(root,0,0,00:00:01,43) [ksoftirqd/7]
(root,0,0,00:00:00,45) [kworker/7:0H]
(root,0,0,00:00:00,46) [kdevtmpfs]
(root,0,0,00:00:00,47) [netns]
(root,0,0,00:00:00,48) [perf]
(root,0,0,00:00:00,49) [khungtaskd]
(root,0,0,00:00:00,50) [writeback]
(root,0,0,00:00:00,51) [ksmd]
(root,0,0,00:00:00,52) [khugepaged]
(root,0,0,00:00:00,53) [crypto]
(root,0,0,00:00:00,54) [kintegrityd]
(root,0,0,00:00:00,55) [bioset]
(root,0,0,00:00:00,56) [kblockd]
(root,0,0,00:00:00,57) [ata_sff]
(root,0,0,00:00:00,58) [md]
(root,0,0,00:00:00,59) [devfreq_wq]
(root,0,0,00:00:00,64) [kswapd0]
(root,0,0,00:00:00,65) [vmstat]
(root,0,0,00:00:00,66) [fsnotify_mark]
(root,0,0,00:00:00,67) [ecryptfs-kthrea]
(root,0,0,00:00:00,83) [kthrotld]
(root,0,0,00:00:00,90) [acpi_thermal_pm]
(root,0,0,00:00:00,91) [bioset]
(root,0,0,00:00:00,92) [bioset]
(root,0,0,00:00:00,93) [bioset]
(root,0,0,00:00:00,94) [bioset]
(root,0,0,00:00:00,95) [bioset]
(root,0,0,00:00:00,96) [bioset]
(root,0,0,00:00:00,97) [bioset]
(root,0,0,00:00:00,98) [bioset]
(root,0,0,00:00:00,103) [ipv6_addrconf]
(root,0,0,00:00:00,117) [deferwq]
(root,0,0,00:00:00,118) [charger_manager]
(root,0,0,00:00:00,164) [kpsmoused]
(root,0,0,00:00:00,165) [scsi_eh_0]
(root,0,0,00:00:00,166) [scsi_tmf_0]
(root,0,0,00:00:00,167) [scsi_eh_1]
(root,0,0,00:00:00,168) [scsi_tmf_1]
(root,0,0,00:00:00,210) [bioset]
(root,0,0,00:00:00,214) [ttm_swap]
(root,0,0,00:00:00,218) [scsi_eh_2]
(root,0,0,00:00:00,219) [scsi_tmf_2]
(root,0,0,00:00:07,220) [usb-storage]
(root,0,0,00:00:00,221) [uas]
(root,0,0,00:00:00,222) [scsi_eh_3]
(root,0,0,00:00:00,223) [scsi_tmf_3]
(root,0,0,00:00:07,224) [usb-storage]
(root,0,0,00:00:00,225) [scsi_eh_4]
(root,0,0,00:00:00,226) [scsi_tmf_4]
(root,0,0,00:00:06,227) [usb-storage]
(root,0,0,00:00:00,294) [bioset]
(root,0,0,00:00:00,301) [bioset]
(root,0,0,00:00:00,317) [raid5wq]
(root,0,0,00:00:00,342) [bioset]
(root,0,0,00:00:00,349) [bioset]
(root,0,0,00:00:00,378) [kworker/0:1H]
(root,0,0,00:00:00,379) [kworker/7:1H]
(root,0,0,00:00:00,380) [kworker/2:1H]
(root,0,0,00:00:00,381) [kworker/4:1H]
(root,0,0,00:00:00,382) [kworker/1:1H]
(root,0,0,00:00:02,384) [jbd2/sda1-8]
(root,0,0,00:00:00,385) [ext4-rsv-conver]
(root,0,0,00:00:00,465) [kauditd]
(root,35372,3848,00:00:30,466) /lib/systemd/systemd-journald
(root,0,0,00:00:00,469) [iscsi_eh]
(root,0,0,00:00:00,473) [ib_addr]
(root,0,0,00:00:00,478) [ib_mcast]
(root,0,0,00:00:00,479) [ib_nl_sa_wq]
(root,0,0,00:00:00,480) [ib_cm]
(root,0,0,00:00:00,481) [iw_cm_wq]
(root,0,0,00:00:00,482) [rdma_cm]
(root,94768,1488,00:00:00,484) /sbin/lvmetad -f
(root,44964,4468,00:00:00,531) /lib/systemd/systemd-udevd
(systemd+,100320,2588,00:00:00,557) /lib/systemd/systemd-timesyncd
(root,0,0,00:00:00,648) [kworker/2:1]
(root,0,0,00:00:00,694) [kworker/5:1H]
(root,0,0,00:00:00,695) [kworker/6:1H]
(root,0,0,00:00:00,712) [kworker/3:1H]
(root,0,0,00:00:00,750) [kvm-irqfd-clean]
(root,0,0,00:00:00,751) [kworker/4:2]
(root,0,0,00:00:00,860) [kworker/0:2]
(root,4392,1284,00:00:00,1088) /usr/sbin/acpid
(root,30816,2892,00:00:00,1096) /usr/sbin/cron -f
(root,58208,4184,00:00:00,1100) lldpd: monitor
(syslog,256388,3768,00:00:07,1107) /usr/sbin/rsyslogd -n
(message+,42900,3912,00:00:23,1109) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation
(_lldpd,58208,2788,00:00:02,1120) lldpd: connected to KBG570-NWCLSW-P165
(daemon,26040,2116,00:00:00,1121) /usr/sbin/atd -f
(root,280044,6248,00:00:06,1131) /usr/lib/accountsservice/accounts-daemon
(root,20096,1148,00:00:07,1142) /lib/systemd/systemd-logind
(root,235772,2380,00:00:01,1146) /usr/bin/lxcfs /var/lib/lxcfs/
(root,5216,152,00:00:02,1170) /sbin/iscsid
(root,5716,3508,00:00:10,1171) /sbin/iscsid
(root,13368,160,00:00:00,1180) /sbin/mdadm --monitor --pid-file /run/mdadm/monitor.pid --daemonise --scan --syslog
(chilli,32312,9452,00:00:37,1313) /usr/sbin/chilli --fg
(root,14232,2176,00:00:08,1321) /usr/sbin/lldpad -d
(root,19568,2036,00:00:14,1328) /usr/sbin/irqbalance --pid=/var/run/irqbalance.pid
(root,65508,6352,00:00:03,1334) /usr/sbin/sshd -D
(root,277084,6136,00:00:00,1384) /usr/lib/policykit-1/polkitd --no-debug
(root,0,0,00:00:00,1394) [kworker/1:1]
(root,15052,2132,00:00:00,1454) /usr/sbin/xinetd -pidfile /run/xinetd.pid -stayalive -inetd_compat -inetd_ipv6
(root,0,0,00:00:00,1497) [kworker/6:1]
(root,155132,39564,00:00:05,1589) /usr/bin/ruby /usr/bin/puppet agent
(root,0,0,00:00:00,1609) [kworker/5:1]
(root,17772,1800,00:00:33,1634) /sbin/agetty --noclear tty1 linux
(root,0,0,00:00:00,2325) [kworker/u16:4]
(root,0,0,00:00:00,3037) [kworker/3:2]
(root,0,0,00:00:00,3641) [kworker/7:1]
(root,0,0,00:00:00,3849) [kworker/0:0]
(root,0,0,00:00:00,4059) [kworker/6:0]
(root,0,0,00:00:00,4251) [kworker/5:2]
(root,0,0,00:00:01,4404) [kworker/u16:3]
(root,0,0,00:00:00,4666) [kworker/2:2]
(root,0,0,00:00:00,4869) [kworker/1:2]
(root,0,0,00:00:00,5593) [kworker/4:0]
(root,0,0,00:00:00,5594) [kworker/u16:1]
(root,0,0,00:00:00,5596) [kworker/3:1]
(root,0,0,00:00:00,6209) [kworker/7:0]
(root,52028,2952,00:00:00,6211) /usr/sbin/CRON -f
(root,4500,748,00:00:00,6215) /bin/sh -c /bin/bash /usr/local/bin/checklist.sh 1800 >> /var/log/status.log
(root,16528,3020,00:00:00,6216) /bin/bash /usr/local/bin/checklist.sh 1800
(root,9124,644,00:00:00,6226) sleep 846
(root,0,0,00:00:00,6751) [systemctl] <defunct>
(root,0,0,00:00:00,6752) [lookup.check.sh] <defunct>
(root,24928,3360,00:00:00,7028) /bin/bash /usr/bin/check_mk_agent
(root,34420,2864,00:00:00,7047) ps ax -o user,vsz,rss,cputime,pid,command --columns 10000
(root,13360,1008,00:00:00,7048) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4,\5) /
(root,108184,2664,00:00:02,8046) /usr/bin/monit -c /etc/monit/monitrc
(root,0,0,00:00:02,15076) [kworker/u16:2]
(root,0,0,00:00:00,16275) [kworker/u16:0]
(root,0,0,00:00:00,27355) [kworker/4:1]
(root,0,0,00:00:00,28173) [kworker/3:0]
(root,0,0,00:00:00,29884) [kworker/7:2]
(root,0,0,00:00:00,30401) [kworker/2:0]
(dnsmasq,56864,2768,00:00:00,30847) /usr/sbin/dnsmasq -x /run/dnsmasq/dnsmasq.pid -u dnsmasq -I lo -7 /etc/dnsmasq.d,.dpkg-dist,.dpkg-old,.dpkg-new --local-service --trust-anchor=.,19036,8,2,49aac11d7b6f6446702e54a1607371607a1a41855200fd2ce1cdde32f24e8fb5 --trust-anchor=.,20326,8,2,e06d44b80b8f1d39a95c0b0d7c65d08458e880409bbc683457104237c7f8ec8d
(root,52028,2952,00:00:00,31130) /usr/sbin/CRON -f
(root,4500,788,00:00:00,31133) /bin/sh -c /bin/bash /usr/local/bin/checklist.sh 1800 >> /var/log/status.log
(root,16528,3132,00:00:00,31134) /bin/bash /usr/local/bin/checklist.sh 1800
(root,9124,752,00:00:00,31140) sleep 1136
(root,0,0,00:00:00,31157) [kworker/1:0]
(root,37824,6064,00:00:08,31358) /usr/sbin/openvpn --daemon ovpn-99 --status /run/openvpn/99.status 10 --cd /etc/openvpn --script-security 2 --config /etc/openvpn/99.conf --writepid /run/openvpn/99.pid

Found on 2024-09-27 23:31

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcb0928f4f5d588c3c6d1d4d0fd5fda4398eb4f8b28

Found public CheckMk agent:
Version: 1.2.6p12
AgentOS: linux
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
OnlyFrom: 

Found process list through CheckMk:
(root,185300,5920,07:36:20,1) /sbin/init
(root,0,0,00:00:08,2) [kthreadd]
(root,0,0,00:01:39,3) [ksoftirqd/0]
(root,0,0,00:00:00,5) [kworker/0:0H]
(root,0,0,01:40:43,7) [rcu_sched]
(root,0,0,00:00:00,8) [rcu_bh]
(root,0,0,00:01:25,9) [migration/0]
(root,0,0,00:00:20,10) [watchdog/0]
(root,0,0,00:00:19,11) [watchdog/1]
(root,0,0,00:01:23,12) [migration/1]
(root,0,0,00:05:24,13) [ksoftirqd/1]
(root,0,0,00:00:00,15) [kworker/1:0H]
(root,0,0,00:00:19,16) [watchdog/2]
(root,0,0,00:01:21,17) [migration/2]
(root,0,0,00:03:00,18) [ksoftirqd/2]
(root,0,0,00:00:00,20) [kworker/2:0H]
(root,0,0,00:00:16,21) [watchdog/3]
(root,0,0,00:01:20,22) [migration/3]
(root,0,0,00:02:58,23) [ksoftirqd/3]
(root,0,0,00:00:00,25) [kworker/3:0H]
(root,0,0,00:00:20,26) [watchdog/4]
(root,0,0,00:01:21,27) [migration/4]
(root,0,0,00:03:02,28) [ksoftirqd/4]
(root,0,0,00:00:00,30) [kworker/4:0H]
(root,0,0,00:00:17,31) [watchdog/5]
(root,0,0,00:01:20,32) [migration/5]
(root,0,0,00:03:16,33) [ksoftirqd/5]
(root,0,0,00:00:00,35) [kworker/5:0H]
(root,0,0,00:00:20,36) [watchdog/6]
(root,0,0,00:01:24,37) [migration/6]
(root,0,0,00:03:30,38) [ksoftirqd/6]
(root,0,0,00:00:00,40) [kworker/6:0H]
(root,0,0,00:00:17,41) [watchdog/7]
(root,0,0,00:01:23,42) [migration/7]
(root,0,0,00:03:51,43) [ksoftirqd/7]
(root,0,0,00:00:00,45) [kworker/7:0H]
(root,0,0,00:00:00,46) [kdevtmpfs]
(root,0,0,00:00:00,47) [netns]
(root,0,0,00:00:00,48) [perf]
(root,0,0,00:00:05,49) [khungtaskd]
(root,0,0,00:00:00,50) [writeback]
(root,0,0,00:00:00,51) [ksmd]
(root,0,0,00:00:00,52) [khugepaged]
(root,0,0,00:00:00,53) [crypto]
(root,0,0,00:00:00,54) [kintegrityd]
(root,0,0,00:00:00,55) [bioset]
(root,0,0,00:00:00,56) [kblockd]
(root,0,0,00:00:00,57) [ata_sff]
(root,0,0,00:00:00,58) [md]
(root,0,0,00:00:00,59) [devfreq_wq]
(root,0,0,00:00:00,64) [kswapd0]
(root,0,0,00:00:00,65) [vmstat]
(root,0,0,00:00:00,66) [fsnotify_mark]
(root,0,0,00:00:00,67) [ecryptfs-kthrea]
(root,0,0,00:00:00,83) [kthrotld]
(root,0,0,00:00:00,90) [acpi_thermal_pm]
(root,0,0,00:00:00,91) [bioset]
(root,0,0,00:00:00,92) [bioset]
(root,0,0,00:00:00,93) [bioset]
(root,0,0,00:00:00,94) [bioset]
(root,0,0,00:00:00,95) [bioset]
(root,0,0,00:00:00,96) [bioset]
(root,0,0,00:00:00,97) [bioset]
(root,0,0,00:00:00,98) [bioset]
(root,0,0,00:00:00,103) [ipv6_addrconf]
(root,0,0,00:00:00,118) [deferwq]
(root,0,0,00:00:00,119) [charger_manager]
(root,0,0,00:00:00,175) [kpsmoused]
(root,0,0,00:00:00,176) [scsi_eh_0]
(root,0,0,00:00:00,177) [scsi_tmf_0]
(root,0,0,00:00:00,178) [scsi_eh_1]
(root,0,0,00:00:00,179) [scsi_tmf_1]
(root,0,0,00:00:00,198) [ttm_swap]
(root,0,0,00:00:00,212) [bioset]
(root,0,0,00:00:00,218) [scsi_eh_2]
(root,0,0,00:00:00,219) [scsi_tmf_2]
(root,0,0,00:06:53,220) [usb-storage]
(root,0,0,00:00:00,221) [uas]
(root,0,0,00:00:00,222) [scsi_eh_3]
(root,0,0,00:00:00,223) [scsi_tmf_3]
(root,0,0,00:06:33,224) [usb-storage]
(root,0,0,00:00:00,225) [scsi_eh_4]
(root,0,0,00:00:00,226) [scsi_tmf_4]
(root,0,0,00:05:26,227) [usb-storage]
(root,0,0,00:00:00,294) [bioset]
(root,0,0,00:00:00,301) [bioset]
(root,0,0,00:00:00,318) [raid5wq]
(root,0,0,00:00:00,343) [bioset]
(root,0,0,00:00:00,349) [bioset]
(root,0,0,00:00:06,379) [kworker/4:1H]
(root,0,0,00:00:18,380) [kworker/7:1H]
(root,0,0,00:00:21,381) [kworker/1:1H]
(root,0,0,00:00:08,382) [kworker/2:1H]
(root,0,0,00:00:07,383) [kworker/5:1H]
(root,0,0,00:00:08,384) [kworker/6:1H]
(root,0,0,00:02:31,386) [jbd2/sda1-8]
(root,0,0,00:00:00,387) [ext4-rsv-conver]
(root,0,0,00:00:00,446) [iscsi_eh]
(root,0,0,00:00:00,447) [kauditd]
(root,0,0,00:00:00,457) [ib_addr]
(root,0,0,00:00:00,465) [ib_mcast]
(root,0,0,00:00:00,466) [ib_nl_sa_wq]
(root,0,0,00:00:00,467) [ib_cm]
(root,35268,9664,01:17:46,469) /lib/systemd/systemd-journald
(root,0,0,00:00:00,471) [iw_cm_wq]
(root,0,0,00:00:00,472) [rdma_cm]
(root,0,0,00:00:08,480) [kworker/0:1H]
(root,94768,1480,00:00:00,512) /sbin/lvmetad -f
(root,44964,4524,00:00:07,534) /lib/systemd/systemd-udevd
(systemd+,100320,2616,00:00:07,587) /lib/systemd/systemd-timesyncd
(root,0,0,00:00:00,766) [kvm-irqfd-clean]
(root,280044,6356,00:11:09,1088) /usr/lib/accountsservice/accounts-daemon
(daemon,26040,2204,00:00:00,1091) /usr/sbin/atd -f
(root,4392,1228,00:00:00,1099) /usr/sbin/acpid
(syslog,256388,4280,00:16:22,1101) /usr/sbin/rsyslogd -n
(message+,42900,3976,00:20:46,1105) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation
(root,30816,2788,00:00:23,1139) /usr/sbin/cron -f
(root,309668,2252,00:02:09,1141) /usr/bin/lxcfs /var/lib/lxcfs/
(root,20096,1204,00:06:40,1143) /lib/systemd/systemd-logind
(root,13368,156,00:00:00,1157) /sbin/mdadm --monitor --pid-file /run/mdadm/monitor.pid --daemonise --scan --syslog
(root,0,0,00:00:08,1167) [kworker/3:1H]
(root,277084,6036,00:00:02,1171) /usr/lib/policykit-1/polkitd --no-debug
(root,58208,4388,00:00:13,1182) lldpd: monitor
(root,5216,152,00:02:21,1225) /sbin/iscsid
(root,5716,3508,00:10:39,1226) /sbin/iscsid
(root,19568,2104,00:15:01,1335) /usr/sbin/irqbalance --pid=/var/run/irqbalance.pid
(chilli,34196,11368,3-10:16:04,1371) /usr/sbin/chilli --fg
(root,14232,2124,00:08:54,1383) /usr/sbin/lldpad -d
(root,65508,6324,00:07:09,1421) /usr/sbin/sshd -D
(_lldpd,58208,2728,00:01:57,1436) lldpd: connected to KBG570-NWCLSW-P165
(root,15052,2144,00:00:34,1504) /usr/sbin/xinetd -pidfile /run/xinetd.pid -stayalive -inetd_compat -inetd_ipv6
(root,155188,39428,00:05:25,1654) /usr/bin/ruby /usr/bin/puppet agent
(root,17772,1812,00:33:12,1716) /sbin/agetty --noclear tty1 linux
(root,0,0,00:00:00,8965) [kworker/4:2]
(root,0,0,00:00:00,9279) [kworker/3:0]
(root,0,0,00:00:00,9492) [kworker/6:2]
(root,0,0,00:00:00,9603) [kworker/7:1]
(root,0,0,00:00:00,10012) [kworker/2:2]
(root,0,0,00:00:00,10231) [kworker/0:0]
(root,52028,2980,00:00:00,11035) /usr/sbin/CRON -f
(root,4500,712,00:00:00,11040) /bin/sh -c /bin/bash /usr/local/bin/checklist.sh 1800 >> /var/log/status.log
(root,16528,3076,00:00:00,11043) /bin/bash /usr/local/bin/checklist.sh 1800
(root,9124,748,00:00:00,11055) sleep 1177
(root,0,0,00:00:00,11369) [kworker/5:0]
(root,0,0,00:00:00,11479) [kworker/1:1]
(root,0,0,00:00:00,12417) [kworker/3:1]
(root,0,0,00:00:00,12628) [kworker/2:0]
(root,0,0,00:00:00,13034) [kworker/7:0]
(root,0,0,00:00:00,13244) [kworker/0:2]
(root,0,0,00:00:00,13457) [kworker/6:0]
(dnsmasq,56864,2788,00:00:02,13477) /usr/sbin/dnsmasq -x /run/dnsmasq/dnsmasq.pid -u dnsmasq -I lo -7 /etc/dnsmasq.d,.dpkg-dist,.dpkg-old,.dpkg-new --local-service --trust-anchor=.,19036,8,2,49aac11d7b6f6446702e54a1607371607a1a41855200fd2ce1cdde32f24e8fb5 --trust-anchor=.,20326,8,2,e06d44b80b8f1d39a95c0b0d7c65d08458e880409bbc683457104237c7f8ec8d
(root,0,0,00:00:00,13876) [kworker/5:1]
(root,0,0,00:00:00,13975) [kworker/4:1]
(root,0,0,00:00:05,13997) [kworker/u16:2]
(root,0,0,00:00:00,14087) [kworker/1:0]
(root,0,0,00:00:00,15223) [kworker/u16:3]
(root,0,0,00:00:00,15844) [kworker/2:1]
(root,0,0,00:00:00,16048) [kworker/3:2]
(root,0,0,00:00:00,16358) [systemctl] <defunct>
(root,0,0,00:00:00,16359) [lookup.check.sh] <defunct>
(root,24928,3264,00:00:00,16587) /bin/bash /usr/bin/check_mk_agent
(root,34420,2932,00:00:00,16613) ps ax -o user,vsz,rss,cputime,pid,command --columns 10000
(root,13360,1156,00:00:00,16614) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4,\5) /
(root,37824,5880,00:05:29,18273) /usr/sbin/openvpn --daemon ovpn-99 --status /run/openvpn/99.status 10 --cd /etc/openvpn --script-security 2 --config /etc/openvpn/99.conf --writepid /run/openvpn/99.pid
(root,0,0,00:00:00,22696) [kworker/u16:0]
(root,0,0,00:00:00,27852) [kworker/u16:1]
(root,108184,2704,00:00:01,32242) /usr/bin/monit -c /etc/monit/monitrc

Found on 2024-09-25 23:41

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcb0928f4f5d588c3c6d1d4d0fd5fda4398fbe20e2b

Found public CheckMk agent:
Version: 1.2.6p12
AgentOS: linux
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
OnlyFrom: 

Found process list through CheckMk:
(root,185300,5920,07:24:58,1) /sbin/init
(root,0,0,00:00:08,2) [kthreadd]
(root,0,0,00:01:36,3) [ksoftirqd/0]
(root,0,0,00:00:00,5) [kworker/0:0H]
(root,0,0,01:38:46,7) [rcu_sched]
(root,0,0,00:00:00,8) [rcu_bh]
(root,0,0,00:01:23,9) [migration/0]
(root,0,0,00:00:20,10) [watchdog/0]
(root,0,0,00:00:19,11) [watchdog/1]
(root,0,0,00:01:21,12) [migration/1]
(root,0,0,00:05:18,13) [ksoftirqd/1]
(root,0,0,00:00:00,15) [kworker/1:0H]
(root,0,0,00:00:19,16) [watchdog/2]
(root,0,0,00:01:19,17) [migration/2]
(root,0,0,00:02:56,18) [ksoftirqd/2]
(root,0,0,00:00:00,20) [kworker/2:0H]
(root,0,0,00:00:16,21) [watchdog/3]
(root,0,0,00:01:18,22) [migration/3]
(root,0,0,00:02:54,23) [ksoftirqd/3]
(root,0,0,00:00:00,25) [kworker/3:0H]
(root,0,0,00:00:19,26) [watchdog/4]
(root,0,0,00:01:19,27) [migration/4]
(root,0,0,00:02:58,28) [ksoftirqd/4]
(root,0,0,00:00:00,30) [kworker/4:0H]
(root,0,0,00:00:16,31) [watchdog/5]
(root,0,0,00:01:18,32) [migration/5]
(root,0,0,00:03:12,33) [ksoftirqd/5]
(root,0,0,00:00:00,35) [kworker/5:0H]
(root,0,0,00:00:19,36) [watchdog/6]
(root,0,0,00:01:22,37) [migration/6]
(root,0,0,00:03:25,38) [ksoftirqd/6]
(root,0,0,00:00:00,40) [kworker/6:0H]
(root,0,0,00:00:16,41) [watchdog/7]
(root,0,0,00:01:21,42) [migration/7]
(root,0,0,00:03:46,43) [ksoftirqd/7]
(root,0,0,00:00:00,45) [kworker/7:0H]
(root,0,0,00:00:00,46) [kdevtmpfs]
(root,0,0,00:00:00,47) [netns]
(root,0,0,00:00:00,48) [perf]
(root,0,0,00:00:05,49) [khungtaskd]
(root,0,0,00:00:00,50) [writeback]
(root,0,0,00:00:00,51) [ksmd]
(root,0,0,00:00:00,52) [khugepaged]
(root,0,0,00:00:00,53) [crypto]
(root,0,0,00:00:00,54) [kintegrityd]
(root,0,0,00:00:00,55) [bioset]
(root,0,0,00:00:00,56) [kblockd]
(root,0,0,00:00:00,57) [ata_sff]
(root,0,0,00:00:00,58) [md]
(root,0,0,00:00:00,59) [devfreq_wq]
(root,0,0,00:00:00,64) [kswapd0]
(root,0,0,00:00:00,65) [vmstat]
(root,0,0,00:00:00,66) [fsnotify_mark]
(root,0,0,00:00:00,67) [ecryptfs-kthrea]
(root,0,0,00:00:00,83) [kthrotld]
(root,0,0,00:00:00,90) [acpi_thermal_pm]
(root,0,0,00:00:00,91) [bioset]
(root,0,0,00:00:00,92) [bioset]
(root,0,0,00:00:00,93) [bioset]
(root,0,0,00:00:00,94) [bioset]
(root,0,0,00:00:00,95) [bioset]
(root,0,0,00:00:00,96) [bioset]
(root,0,0,00:00:00,97) [bioset]
(root,0,0,00:00:00,98) [bioset]
(root,0,0,00:00:00,103) [ipv6_addrconf]
(root,0,0,00:00:00,118) [deferwq]
(root,0,0,00:00:00,119) [charger_manager]
(root,0,0,00:00:00,175) [kpsmoused]
(root,0,0,00:00:00,176) [scsi_eh_0]
(root,0,0,00:00:00,177) [scsi_tmf_0]
(root,0,0,00:00:00,178) [scsi_eh_1]
(root,0,0,00:00:00,179) [scsi_tmf_1]
(root,0,0,00:00:00,198) [ttm_swap]
(root,0,0,00:00:00,212) [bioset]
(root,0,0,00:00:00,218) [scsi_eh_2]
(root,0,0,00:00:00,219) [scsi_tmf_2]
(root,0,0,00:06:43,220) [usb-storage]
(root,0,0,00:00:00,221) [uas]
(root,0,0,00:00:00,222) [scsi_eh_3]
(root,0,0,00:00:00,223) [scsi_tmf_3]
(root,0,0,00:06:24,224) [usb-storage]
(root,0,0,00:00:00,225) [scsi_eh_4]
(root,0,0,00:00:00,226) [scsi_tmf_4]
(root,0,0,00:05:18,227) [usb-storage]
(root,0,0,00:00:00,294) [bioset]
(root,0,0,00:00:00,301) [bioset]
(root,0,0,00:00:00,311) [kworker/7:2]
(root,0,0,00:00:00,318) [raid5wq]
(root,0,0,00:00:00,343) [bioset]
(root,0,0,00:00:00,349) [bioset]
(root,0,0,00:00:06,379) [kworker/4:1H]
(root,0,0,00:00:17,380) [kworker/7:1H]
(root,0,0,00:00:21,381) [kworker/1:1H]
(root,0,0,00:00:07,382) [kworker/2:1H]
(root,0,0,00:00:07,383) [kworker/5:1H]
(root,0,0,00:00:08,384) [kworker/6:1H]
(root,0,0,00:02:27,386) [jbd2/sda1-8]
(root,0,0,00:00:00,387) [ext4-rsv-conver]
(root,0,0,00:00:00,446) [iscsi_eh]
(root,0,0,00:00:00,447) [kauditd]
(root,0,0,00:00:00,457) [ib_addr]
(root,0,0,00:00:00,465) [ib_mcast]
(root,0,0,00:00:00,466) [ib_nl_sa_wq]
(root,0,0,00:00:00,467) [ib_cm]
(root,35268,4616,01:16:19,469) /lib/systemd/systemd-journald
(root,0,0,00:00:00,471) [iw_cm_wq]
(root,0,0,00:00:00,472) [rdma_cm]
(root,0,0,00:00:08,480) [kworker/0:1H]
(root,94768,1480,00:00:00,512) /sbin/lvmetad -f
(root,44964,4524,00:00:06,534) /lib/systemd/systemd-udevd
(systemd+,100320,2616,00:00:07,587) /lib/systemd/systemd-timesyncd
(root,0,0,00:00:00,766) [kvm-irqfd-clean]
(root,0,0,00:00:00,1004) [kworker/3:0]
(root,280044,6356,00:10:57,1088) /usr/lib/accountsservice/accounts-daemon
(daemon,26040,2204,00:00:00,1091) /usr/sbin/atd -f
(root,4392,1228,00:00:00,1099) /usr/sbin/acpid
(syslog,256388,4280,00:16:04,1101) /usr/sbin/rsyslogd -n
(message+,42900,3976,00:20:15,1105) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation
(root,30816,2788,00:00:23,1139) /usr/sbin/cron -f
(root,309668,2252,00:02:06,1141) /usr/bin/lxcfs /var/lib/lxcfs/
(root,20096,1204,00:06:30,1143) /lib/systemd/systemd-logind
(root,13368,156,00:00:00,1157) /sbin/mdadm --monitor --pid-file /run/mdadm/monitor.pid --daemonise --scan --syslog
(root,0,0,00:00:08,1167) [kworker/3:1H]
(root,277084,6036,00:00:02,1171) /usr/lib/policykit-1/polkitd --no-debug
(root,58208,4388,00:00:13,1182) lldpd: monitor
(root,5216,152,00:02:18,1225) /sbin/iscsid
(root,5716,3508,00:10:24,1226) /sbin/iscsid
(root,19568,2104,00:14:39,1335) /usr/sbin/irqbalance --pid=/var/run/irqbalance.pid
(chilli,34196,11368,3-08:54:36,1371) /usr/sbin/chilli --fg
(root,14232,2124,00:08:41,1383) /usr/sbin/lldpad -d
(root,0,0,00:00:00,1402) [kworker/6:0]
(root,65508,6324,00:07:03,1421) /usr/sbin/sshd -D
(_lldpd,58208,2728,00:01:54,1436) lldpd: connected to KBG570-NWCLSW-P165
(root,15052,2144,00:00:33,1504) /usr/sbin/xinetd -pidfile /run/xinetd.pid -stayalive -inetd_compat -inetd_ipv6
(root,0,0,00:00:00,1508) [kworker/u16:1]
(root,155188,39428,00:05:17,1654) /usr/bin/ruby /usr/bin/puppet agent
(root,17772,1812,00:32:21,1716) /sbin/agetty --noclear tty1 linux
(root,0,0,00:00:00,1717) [kworker/1:1]
(root,0,0,00:00:00,1840) [kworker/2:1]
(root,0,0,00:00:00,2537) [kworker/u16:2]
(root,0,0,00:00:00,2643) [kworker/4:2]
(root,0,0,00:00:00,3084) [kworker/0:0]
(root,0,0,00:00:00,3777) [kworker/7:1]
(root,0,0,00:00:00,4012) [kworker/5:1]
(root,0,0,00:00:00,4702) [kworker/3:2]
(root,0,0,00:00:00,4703) [systemctl] <defunct>
(root,0,0,00:00:00,4704) [lookup.check.sh] <defunct>
(root,92676,6600,00:00:00,4838) sshd: root [priv]
(sshd,65508,3184,00:00:00,4839) sshd: root [net]
(root,0,0,00:00:00,4938) [kworker/2:2]
(root,24928,3208,00:00:00,5107) /bin/bash /usr/bin/check_mk_agent
(root,34420,2848,00:00:00,5126) ps ax -o user,vsz,rss,cputime,pid,command --columns 10000
(root,13360,1088,00:00:00,5127) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4,\5) /
(root,0,0,00:00:00,7460) [kworker/u16:0]
(root,108184,2796,00:00:02,9927) /usr/bin/monit -c /etc/monit/monitrc
(root,37824,5880,00:05:10,18273) /usr/sbin/openvpn --daemon ovpn-99 --status /run/openvpn/99.status 10 --cd /etc/openvpn --script-security 2 --config /etc/openvpn/99.conf --writepid /run/openvpn/99.pid
(root,0,0,00:00:01,23144) [kworker/u16:3]
(root,0,0,00:00:00,26664) [kworker/3:1]
(root,0,0,00:00:00,27422) [kworker/4:1]
(root,0,0,00:00:00,28350) [kworker/5:0]
(root,0,0,00:00:00,28465) [kworker/0:1]
(dnsmasq,56864,2704,00:00:23,28771) /usr/sbin/dnsmasq -x /run/dnsmasq/dnsmasq.pid -u dnsmasq -I lo -7 /etc/dnsmasq.d,.dpkg-dist,.dpkg-old,.dpkg-new --local-service --trust-anchor=.,19036,8,2,49aac11d7b6f6446702e54a1607371607a1a41855200fd2ce1cdde32f24e8fb5 --trust-anchor=.,20326,8,2,e06d44b80b8f1d39a95c0b0d7c65d08458e880409bbc683457104237c7f8ec8d
(root,0,0,00:00:00,29274) [kworker/1:2]
(root,0,0,00:00:00,29511) [kworker/7:0]
(root,0,0,00:00:00,30553) [kworker/2:0]
(root,52028,2980,00:00:00,30839) /usr/sbin/CRON -f
(root,4500,696,00:00:00,30842) /bin/sh -c /bin/bash /usr/local/bin/checklist.sh 1800 >> /var/log/status.log
(root,16528,2964,00:00:00,30846) /bin/bash /usr/local/bin/checklist.sh 1800
(root,9124,680,00:00:00,30849) sleep 751
(root,0,0,00:00:00,30920) [kworker/6:1]
(root,0,0,00:00:00,31150) [kworker/5:2]
(root,0,0,00:00:00,31403) [kworker/u16:4]
(root,0,0,00:00:00,31501) [kworker/4:0]
(root,0,0,00:00:00,32184) [kworker/0:2]

Found on 2024-09-23 23:57

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcb0928f4f5d588c3c6d1d4d0fd5fda439863007808

Found public CheckMk agent:
Version: 1.2.6p12
AgentOS: linux
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
OnlyFrom: 

Found process list through CheckMk:
(root,185300,5920,07:13:25,1) /sbin/init
(root,0,0,00:00:08,2) [kthreadd]
(root,0,0,00:01:34,3) [ksoftirqd/0]
(root,0,0,00:00:00,5) [kworker/0:0H]
(root,0,0,01:36:17,7) [rcu_sched]
(root,0,0,00:00:00,8) [rcu_bh]
(root,0,0,00:01:20,9) [migration/0]
(root,0,0,00:00:19,10) [watchdog/0]
(root,0,0,00:00:18,11) [watchdog/1]
(root,0,0,00:01:19,12) [migration/1]
(root,0,0,00:05:11,13) [ksoftirqd/1]
(root,0,0,00:00:00,15) [kworker/1:0H]
(root,0,0,00:00:18,16) [watchdog/2]
(root,0,0,00:01:17,17) [migration/2]
(root,0,0,00:02:52,18) [ksoftirqd/2]
(root,0,0,00:00:00,20) [kworker/2:0H]
(root,0,0,00:00:16,21) [watchdog/3]
(root,0,0,00:01:16,22) [migration/3]
(root,0,0,00:02:50,23) [ksoftirqd/3]
(root,0,0,00:00:00,25) [kworker/3:0H]
(root,0,0,00:00:19,26) [watchdog/4]
(root,0,0,00:01:17,27) [migration/4]
(root,0,0,00:02:54,28) [ksoftirqd/4]
(root,0,0,00:00:00,30) [kworker/4:0H]
(root,0,0,00:00:16,31) [watchdog/5]
(root,0,0,00:01:16,32) [migration/5]
(root,0,0,00:03:08,33) [ksoftirqd/5]
(root,0,0,00:00:00,35) [kworker/5:0H]
(root,0,0,00:00:19,36) [watchdog/6]
(root,0,0,00:01:20,37) [migration/6]
(root,0,0,00:03:21,38) [ksoftirqd/6]
(root,0,0,00:00:00,40) [kworker/6:0H]
(root,0,0,00:00:16,41) [watchdog/7]
(root,0,0,00:01:19,42) [migration/7]
(root,0,0,00:03:41,43) [ksoftirqd/7]
(root,0,0,00:00:00,45) [kworker/7:0H]
(root,0,0,00:00:00,46) [kdevtmpfs]
(root,0,0,00:00:00,47) [netns]
(root,0,0,00:00:00,48) [perf]
(root,0,0,00:00:05,49) [khungtaskd]
(root,0,0,00:00:00,50) [writeback]
(root,0,0,00:00:00,51) [ksmd]
(root,0,0,00:00:00,52) [khugepaged]
(root,0,0,00:00:00,53) [crypto]
(root,0,0,00:00:00,54) [kintegrityd]
(root,0,0,00:00:00,55) [bioset]
(root,0,0,00:00:00,56) [kblockd]
(root,0,0,00:00:00,57) [ata_sff]
(root,0,0,00:00:00,58) [md]
(root,0,0,00:00:00,59) [devfreq_wq]
(root,0,0,00:00:00,64) [kswapd0]
(root,0,0,00:00:00,65) [vmstat]
(root,0,0,00:00:00,66) [fsnotify_mark]
(root,0,0,00:00:00,67) [ecryptfs-kthrea]
(root,0,0,00:00:00,83) [kthrotld]
(root,0,0,00:00:00,90) [acpi_thermal_pm]
(root,0,0,00:00:00,91) [bioset]
(root,0,0,00:00:00,92) [bioset]
(root,0,0,00:00:00,93) [bioset]
(root,0,0,00:00:00,94) [bioset]
(root,0,0,00:00:00,95) [bioset]
(root,0,0,00:00:00,96) [bioset]
(root,0,0,00:00:00,97) [bioset]
(root,0,0,00:00:00,98) [bioset]
(root,0,0,00:00:00,103) [ipv6_addrconf]
(root,0,0,00:00:00,118) [deferwq]
(root,0,0,00:00:00,119) [charger_manager]
(root,0,0,00:00:00,175) [kpsmoused]
(root,0,0,00:00:00,176) [scsi_eh_0]
(root,0,0,00:00:00,177) [scsi_tmf_0]
(root,0,0,00:00:00,178) [scsi_eh_1]
(root,0,0,00:00:00,179) [scsi_tmf_1]
(root,0,0,00:00:00,198) [ttm_swap]
(root,0,0,00:00:00,212) [bioset]
(root,0,0,00:00:00,218) [scsi_eh_2]
(root,0,0,00:00:00,219) [scsi_tmf_2]
(root,0,0,00:06:33,220) [usb-storage]
(root,0,0,00:00:00,221) [uas]
(root,0,0,00:00:00,222) [scsi_eh_3]
(root,0,0,00:00:00,223) [scsi_tmf_3]
(root,0,0,00:06:14,224) [usb-storage]
(root,0,0,00:00:00,225) [scsi_eh_4]
(root,0,0,00:00:00,226) [scsi_tmf_4]
(root,0,0,00:05:10,227) [usb-storage]
(root,0,0,00:00:00,294) [bioset]
(root,0,0,00:00:00,301) [bioset]
(root,0,0,00:00:00,318) [raid5wq]
(root,0,0,00:00:00,343) [bioset]
(root,0,0,00:00:00,349) [bioset]
(root,0,0,00:00:06,379) [kworker/4:1H]
(root,0,0,00:00:16,380) [kworker/7:1H]
(root,0,0,00:00:20,381) [kworker/1:1H]
(root,0,0,00:00:07,382) [kworker/2:1H]
(root,0,0,00:00:07,383) [kworker/5:1H]
(root,0,0,00:00:07,384) [kworker/6:1H]
(root,0,0,00:02:24,386) [jbd2/sda1-8]
(root,0,0,00:00:00,387) [ext4-rsv-conver]
(root,0,0,00:00:00,446) [iscsi_eh]
(root,0,0,00:00:00,447) [kauditd]
(root,0,0,00:00:00,457) [ib_addr]
(root,0,0,00:00:00,465) [ib_mcast]
(root,0,0,00:00:00,466) [ib_nl_sa_wq]
(root,0,0,00:00:00,467) [ib_cm]
(root,35268,8408,01:14:34,469) /lib/systemd/systemd-journald
(root,0,0,00:00:00,471) [iw_cm_wq]
(root,0,0,00:00:00,472) [rdma_cm]
(root,0,0,00:00:08,480) [kworker/0:1H]
(root,94768,1480,00:00:00,512) /sbin/lvmetad -f
(root,44964,4524,00:00:06,534) /lib/systemd/systemd-udevd
(systemd+,100320,2616,00:00:07,587) /lib/systemd/systemd-timesyncd
(root,0,0,00:00:00,766) [kvm-irqfd-clean]
(root,0,0,00:00:00,800) [kworker/3:1]
(root,0,0,00:00:00,921) [kworker/4:1]
(root,0,0,00:00:00,1041) [kworker/5:0]
(root,280044,6356,00:10:40,1088) /usr/lib/accountsservice/accounts-daemon
(daemon,26040,2204,00:00:00,1091) /usr/sbin/atd -f
(root,4392,1228,00:00:00,1099) /usr/sbin/acpid
(syslog,256388,4280,00:15:41,1101) /usr/sbin/rsyslogd -n
(message+,42900,3976,00:19:44,1105) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation
(root,30816,2788,00:00:22,1139) /usr/sbin/cron -f
(root,309668,2252,00:02:02,1141) /usr/bin/lxcfs /var/lib/lxcfs/
(root,20096,1204,00:06:20,1143) /lib/systemd/systemd-logind
(root,13368,156,00:00:00,1157) /sbin/mdadm --monitor --pid-file /run/mdadm/monitor.pid --daemonise --scan --syslog
(root,0,0,00:00:07,1167) [kworker/3:1H]
(root,277084,6036,00:00:02,1171) /usr/lib/policykit-1/polkitd --no-debug
(root,58208,4388,00:00:13,1182) lldpd: monitor
(root,5216,152,00:02:15,1225) /sbin/iscsid
(root,5716,3508,00:10:08,1226) /sbin/iscsid
(root,19568,2104,00:14:17,1335) /usr/sbin/irqbalance --pid=/var/run/irqbalance.pid
(chilli,34196,11368,3-07:07:37,1371) /usr/sbin/chilli --fg
(root,14232,2124,00:08:28,1383) /usr/sbin/lldpad -d
(root,65508,6324,00:06:50,1421) /usr/sbin/sshd -D
(_lldpd,58208,2728,00:01:51,1436) lldpd: connected to KBG570-NWCLSW-P165
(root,15052,2144,00:00:33,1504) /usr/sbin/xinetd -pidfile /run/xinetd.pid -stayalive -inetd_compat -inetd_ipv6
(root,0,0,00:00:00,1529) [kworker/u16:1]
(root,155188,39428,00:05:09,1654) /usr/bin/ruby /usr/bin/puppet agent
(root,17772,1812,00:31:35,1716) /sbin/agetty --noclear tty1 linux
(root,0,0,00:00:00,1864) [kworker/6:0]
(root,0,0,00:00:00,2687) [kworker/7:0]
(root,0,0,00:00:00,2812) [kworker/0:1]
(root,0,0,00:00:00,3184) [kworker/2:0]
(root,0,0,00:00:00,3648) [kworker/1:0]
(root,65508,6016,00:00:00,3649) sshd: [accepted]
(root,65508,5856,00:00:00,3786) sshd: [accepted]
(root,65508,5844,00:00:00,3790) sshd: [accepted]
(root,65508,5840,00:00:00,3973) sshd: [accepted]
(sshd,65508,728,00:00:00,4024) sshd: [net]
(root,65508,6008,00:00:00,4030) sshd: [accepted]
(root,65508,6020,00:00:00,4283) sshd: [accepted]
(root,0,0,00:00:00,4284) [kworker/u16:4]
(root,0,0,00:00:00,4396) [systemctl] <defunct>
(root,0,0,00:00:00,4397) [lookup.check.sh] <defunct>
(root,65508,5808,00:00:00,4409) sshd: [accepted]
(root,24904,3412,00:00:00,4508) /bin/bash /usr/local/bin/issue-generator
(root,65508,6168,00:00:00,4722) sshd: [accepted]
(sshd,65508,724,00:00:00,4723) sshd: [net]
(root,24928,3148,00:00:00,4724) /bin/bash /usr/bin/check_mk_agent
(root,34420,2932,00:00:00,4743) ps ax -o user,vsz,rss,cputime,pid,command --columns 10000
(root,13360,1088,00:00:00,4744) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4,\5) /
(root,37824,5880,00:04:51,18273) /usr/sbin/openvpn --daemon ovpn-99 --status /run/openvpn/99.status 10 --cd /etc/openvpn --script-security 2 --config /etc/openvpn/99.conf --writepid /run/openvpn/99.pid
(root,108184,2796,00:00:01,18737) /usr/bin/monit -c /etc/monit/monitrc
(dnsmasq,56864,2720,00:01:10,19434) /usr/sbin/dnsmasq -x /run/dnsmasq/dnsmasq.pid -u dnsmasq -I lo -7 /etc/dnsmasq.d,.dpkg-dist,.dpkg-old,.dpkg-new --local-service --trust-anchor=.,19036,8,2,49aac11d7b6f6446702e54a1607371607a1a41855200fd2ce1cdde32f24e8fb5 --trust-anchor=.,20326,8,2,e06d44b80b8f1d39a95c0b0d7c65d08458e880409bbc683457104237c7f8ec8d
(root,0,0,00:00:00,24713) [kworker/u16:2]
(root,0,0,00:00:00,26278) [kworker/7:2]
(root,0,0,00:00:00,27289) [kworker/6:1]
(root,0,0,00:00:00,28524) [kworker/1:1]
(root,0,0,00:00:00,28741) [kworker/2:1]
(root,0,0,00:00:00,28852) [kworker/0:2]
(root,0,0,00:00:00,29085) [kworker/4:0]
(root,0,0,00:00:00,29321) [kworker/3:2]
(root,0,0,00:00:01,29981) [kworker/u16:3]
(root,0,0,00:00:00,30132) [kworker/7:1]
(root,0,0,00:00:00,30347) [kworker/5:2]
(root,0,0,00:00:00,30461) [kworker/6:2]
(root,52028,2980,00:00:00,30955) /usr/sbin/CRON -f
(root,4500,776,00:00:00,30961) /bin/sh -c /bin/bash /usr/local/bin/checklist.sh 1800 >> /var/log/status.log
(root,16528,2960,00:00:00,30964) /bin/bash /usr/local/bin/checklist.sh 1800
(root,9124,700,00:00:00,30972) sleep 1768
(root,0,0,00:00:00,31980) [kworker/0:0]
(root,0,0,00:00:00,32431) [kworker/2:2]
(root,0,0,00:00:00,32542) [kworker/u16:0]
(root,0,0,00:00:00,32669) [kworker/1:2]

Found on 2024-09-21 23:40

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcb0928f4f5d588c3c6d1d4d0fd5fda4398dc865977

Found public CheckMk agent:
Version: 1.2.6p12
AgentOS: linux
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
OnlyFrom: 

Found process list through CheckMk:
(root,185300,5920,07:01:11,1) /sbin/init
(root,0,0,00:00:08,2) [kthreadd]
(root,0,0,00:01:31,3) [ksoftirqd/0]
(root,0,0,00:00:00,5) [kworker/0:0H]
(root,0,0,01:33:40,7) [rcu_sched]
(root,0,0,00:00:00,8) [rcu_bh]
(root,0,0,00:01:18,9) [migration/0]
(root,0,0,00:00:19,10) [watchdog/0]
(root,0,0,00:00:18,11) [watchdog/1]
(root,0,0,00:01:17,12) [migration/1]
(root,0,0,00:05:04,13) [ksoftirqd/1]
(root,0,0,00:00:00,15) [kworker/1:0H]
(root,0,0,00:00:18,16) [watchdog/2]
(root,0,0,00:01:15,17) [migration/2]
(root,0,0,00:02:48,18) [ksoftirqd/2]
(root,0,0,00:00:00,20) [kworker/2:0H]
(root,0,0,00:00:15,21) [watchdog/3]
(root,0,0,00:01:14,22) [migration/3]
(root,0,0,00:02:46,23) [ksoftirqd/3]
(root,0,0,00:00:00,25) [kworker/3:0H]
(root,0,0,00:00:18,26) [watchdog/4]
(root,0,0,00:01:14,27) [migration/4]
(root,0,0,00:02:50,28) [ksoftirqd/4]
(root,0,0,00:00:00,30) [kworker/4:0H]
(root,0,0,00:00:15,31) [watchdog/5]
(root,0,0,00:01:14,32) [migration/5]
(root,0,0,00:03:03,33) [ksoftirqd/5]
(root,0,0,00:00:00,35) [kworker/5:0H]
(root,0,0,00:00:18,36) [watchdog/6]
(root,0,0,00:01:18,37) [migration/6]
(root,0,0,00:03:16,38) [ksoftirqd/6]
(root,0,0,00:00:00,40) [kworker/6:0H]
(root,0,0,00:00:15,41) [watchdog/7]
(root,0,0,00:01:16,42) [migration/7]
(root,0,0,00:03:36,43) [ksoftirqd/7]
(root,0,0,00:00:00,45) [kworker/7:0H]
(root,0,0,00:00:00,46) [kdevtmpfs]
(root,0,0,00:00:00,47) [netns]
(root,0,0,00:00:00,48) [perf]
(root,0,0,00:00:05,49) [khungtaskd]
(root,0,0,00:00:00,50) [writeback]
(root,0,0,00:00:00,51) [ksmd]
(root,0,0,00:00:00,52) [khugepaged]
(root,0,0,00:00:00,53) [crypto]
(root,0,0,00:00:00,54) [kintegrityd]
(root,0,0,00:00:00,55) [bioset]
(root,0,0,00:00:00,56) [kblockd]
(root,0,0,00:00:00,57) [ata_sff]
(root,0,0,00:00:00,58) [md]
(root,0,0,00:00:00,59) [devfreq_wq]
(root,0,0,00:00:00,64) [kswapd0]
(root,0,0,00:00:00,65) [vmstat]
(root,0,0,00:00:00,66) [fsnotify_mark]
(root,0,0,00:00:00,67) [ecryptfs-kthrea]
(root,0,0,00:00:00,83) [kthrotld]
(root,0,0,00:00:00,90) [acpi_thermal_pm]
(root,0,0,00:00:00,91) [bioset]
(root,0,0,00:00:00,92) [bioset]
(root,0,0,00:00:00,93) [bioset]
(root,0,0,00:00:00,94) [bioset]
(root,0,0,00:00:00,95) [bioset]
(root,0,0,00:00:00,96) [bioset]
(root,0,0,00:00:00,97) [bioset]
(root,0,0,00:00:00,98) [bioset]
(root,0,0,00:00:00,103) [ipv6_addrconf]
(root,0,0,00:00:00,118) [deferwq]
(root,0,0,00:00:00,119) [charger_manager]
(root,0,0,00:00:00,175) [kpsmoused]
(root,0,0,00:00:00,176) [scsi_eh_0]
(root,0,0,00:00:00,177) [scsi_tmf_0]
(root,0,0,00:00:00,178) [scsi_eh_1]
(root,0,0,00:00:00,179) [scsi_tmf_1]
(root,0,0,00:00:00,198) [ttm_swap]
(root,0,0,00:00:00,212) [bioset]
(root,0,0,00:00:00,218) [scsi_eh_2]
(root,0,0,00:00:00,219) [scsi_tmf_2]
(root,0,0,00:06:22,220) [usb-storage]
(root,0,0,00:00:00,221) [uas]
(root,0,0,00:00:00,222) [scsi_eh_3]
(root,0,0,00:00:00,223) [scsi_tmf_3]
(root,0,0,00:06:03,224) [usb-storage]
(root,0,0,00:00:00,225) [scsi_eh_4]
(root,0,0,00:00:00,226) [scsi_tmf_4]
(root,0,0,00:05:01,227) [usb-storage]
(root,0,0,00:00:00,294) [bioset]
(root,0,0,00:00:00,301) [bioset]
(root,0,0,00:00:00,318) [raid5wq]
(root,0,0,00:00:00,343) [bioset]
(root,0,0,00:00:00,349) [bioset]
(root,0,0,00:00:06,379) [kworker/4:1H]
(root,0,0,00:00:16,380) [kworker/7:1H]
(root,0,0,00:00:20,381) [kworker/1:1H]
(root,0,0,00:00:07,382) [kworker/2:1H]
(root,0,0,00:00:07,383) [kworker/5:1H]
(root,0,0,00:00:07,384) [kworker/6:1H]
(root,0,0,00:02:20,386) [jbd2/sda1-8]
(root,0,0,00:00:00,387) [ext4-rsv-conver]
(root,0,0,00:00:00,446) [iscsi_eh]
(root,0,0,00:00:00,447) [kauditd]
(root,0,0,00:00:00,457) [ib_addr]
(root,0,0,00:00:00,465) [ib_mcast]
(root,0,0,00:00:00,466) [ib_nl_sa_wq]
(root,0,0,00:00:00,467) [ib_cm]
(root,35268,7812,01:12:46,469) /lib/systemd/systemd-journald
(root,0,0,00:00:00,471) [iw_cm_wq]
(root,0,0,00:00:00,472) [rdma_cm]
(root,0,0,00:00:08,480) [kworker/0:1H]
(root,94768,1480,00:00:00,512) /sbin/lvmetad -f
(root,44964,4524,00:00:06,534) /lib/systemd/systemd-udevd
(systemd+,100320,2616,00:00:07,587) /lib/systemd/systemd-timesyncd
(root,0,0,00:00:00,683) [kworker/u16:3]
(root,0,0,00:00:00,766) [kvm-irqfd-clean]
(root,280044,6356,00:10:24,1088) /usr/lib/accountsservice/accounts-daemon
(daemon,26040,2204,00:00:00,1091) /usr/sbin/atd -f
(root,4392,1228,00:00:00,1099) /usr/sbin/acpid
(syslog,256388,4280,00:15:18,1101) /usr/sbin/rsyslogd -n
(message+,42900,3976,00:19:11,1105) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation
(root,30816,2788,00:00:21,1139) /usr/sbin/cron -f
(root,309668,2252,00:01:59,1141) /usr/bin/lxcfs /var/lib/lxcfs/
(root,20096,1204,00:06:09,1143) /lib/systemd/systemd-logind
(root,13368,156,00:00:00,1157) /sbin/mdadm --monitor --pid-file /run/mdadm/monitor.pid --daemonise --scan --syslog
(root,0,0,00:00:07,1167) [kworker/3:1H]
(root,277084,6036,00:00:01,1171) /usr/lib/policykit-1/polkitd --no-debug
(root,58208,4388,00:00:12,1182) lldpd: monitor
(root,5216,152,00:02:11,1225) /sbin/iscsid
(root,5716,3508,00:09:51,1226) /sbin/iscsid
(root,19568,2104,00:13:53,1335) /usr/sbin/irqbalance --pid=/var/run/irqbalance.pid
(chilli,34196,11368,3-05:25:51,1371) /usr/sbin/chilli --fg
(root,14232,2124,00:08:13,1383) /usr/sbin/lldpad -d
(root,65508,6324,00:06:38,1421) /usr/sbin/sshd -D
(_lldpd,58208,2728,00:01:48,1436) lldpd: connected to KBG570-NWCLSW-P165
(root,15052,2144,00:00:32,1504) /usr/sbin/xinetd -pidfile /run/xinetd.pid -stayalive -inetd_compat -inetd_ipv6
(root,155188,39428,00:05:00,1654) /usr/bin/ruby /usr/bin/puppet agent
(root,17772,1812,00:30:43,1716) /sbin/agetty --noclear tty1 linux
(dnsmasq,56996,2848,00:00:42,3206) /usr/sbin/dnsmasq -x /run/dnsmasq/dnsmasq.pid -u dnsmasq -I lo -7 /etc/dnsmasq.d,.dpkg-dist,.dpkg-old,.dpkg-new --local-service --trust-anchor=.,19036,8,2,49aac11d7b6f6446702e54a1607371607a1a41855200fd2ce1cdde32f24e8fb5 --trust-anchor=.,20326,8,2,e06d44b80b8f1d39a95c0b0d7c65d08458e880409bbc683457104237c7f8ec8d
(root,0,0,00:00:00,11979) [kworker/1:2]
(root,108184,2712,00:00:01,15075) /usr/bin/monit -c /etc/monit/monitrc
(root,0,0,00:00:00,15611) [kworker/u16:2]
(root,0,0,00:00:00,17234) [kworker/7:2]
(root,37824,5880,00:04:31,18273) /usr/sbin/openvpn --daemon ovpn-99 --status /run/openvpn/99.status 10 --cd /etc/openvpn --script-security 2 --config /etc/openvpn/99.conf --writepid /run/openvpn/99.pid
(root,0,0,00:00:00,19038) [kworker/6:1]
(root,52028,2980,00:00:00,19713) /usr/sbin/CRON -f
(root,4500,772,00:00:00,19716) /bin/sh -c /bin/bash /usr/local/bin/checklist.sh 1800 >> /var/log/status.log
(root,16528,3048,00:00:00,19719) /bin/bash /usr/local/bin/checklist.sh 1800
(root,9124,652,00:00:00,19723) sleep 1537
(root,0,0,00:00:00,20668) [kworker/u16:4]
(root,0,0,00:00:00,21036) [kworker/0:2]
(root,0,0,00:00:00,21156) [kworker/5:2]
(root,0,0,00:00:00,21305) [kworker/3:0]
(root,0,0,00:00:00,21496) [kworker/7:0]
(root,0,0,00:00:00,21623) [kworker/2:1]
(root,0,0,00:00:00,22337) [kworker/4:1]
(root,0,0,00:00:00,22832) [kworker/6:0]
(root,0,0,00:00:00,23302) [kworker/1:0]
(root,0,0,00:00:00,23562) [kworker/u16:1]
(root,0,0,00:00:00,24601) [kworker/3:1]
(root,0,0,00:00:00,24731) [kworker/2:0]
(root,0,0,00:00:00,25188) [kworker/5:0]
(root,0,0,00:00:00,25317) [kworker/0:1]
(root,0,0,00:00:00,25687) [kworker/4:0]
(root,0,0,00:00:00,26368) [kworker/6:2]
(root,0,0,00:00:00,26710) [kworker/1:1]
(root,0,0,00:00:00,26955) [kworker/7:1]
(root,0,0,00:00:00,28268) [kworker/5:1]
(root,0,0,00:00:00,28391) [kworker/2:2]
(root,52028,2980,00:00:00,28396) /usr/sbin/CRON -f
(root,4500,696,00:00:00,28407) /bin/sh -c /bin/bash /usr/local/bin/checklist.sh 1800 >> /var/log/status.log
(root,16528,2964,00:00:00,28410) /bin/bash /usr/local/bin/checklist.sh 1800
(root,9124,676,00:00:00,28417) sleep 1547
(root,0,0,00:00:00,28670) [kworker/3:2]
(root,0,0,00:00:00,28675) [systemctl] <defunct>
(root,0,0,00:00:00,28676) [lookup.check.sh] <defunct>
(root,24928,3352,00:00:00,28872) /bin/bash /usr/bin/check_mk_agent
(root,34420,2928,00:00:00,28891) ps ax -o user,vsz,rss,cputime,pid,command --columns 10000
(root,13360,996,00:00:00,28892) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4,\5) /
(root,0,0,00:00:01,31239) [kworker/u16:0]

Found on 2024-09-19 20:30

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcb0928f4f5d588c3c6d1d4d0fd5fda439884ae967a

Found public CheckMk agent:
Version: 1.2.6p12
AgentOS: linux
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
OnlyFrom: 

Found process list through CheckMk:
(root,185300,5920,06:49:48,1) /sbin/init
(root,0,0,00:00:07,2) [kthreadd]
(root,0,0,00:01:29,3) [ksoftirqd/0]
(root,0,0,00:00:00,5) [kworker/0:0H]
(root,0,0,01:30:24,7) [rcu_sched]
(root,0,0,00:00:00,8) [rcu_bh]
(root,0,0,00:01:16,9) [migration/0]
(root,0,0,00:00:18,10) [watchdog/0]
(root,0,0,00:00:17,11) [watchdog/1]
(root,0,0,00:01:14,12) [migration/1]
(root,0,0,00:04:54,13) [ksoftirqd/1]
(root,0,0,00:00:00,15) [kworker/1:0H]
(root,0,0,00:00:17,16) [watchdog/2]
(root,0,0,00:01:13,17) [migration/2]
(root,0,0,00:02:42,18) [ksoftirqd/2]
(root,0,0,00:00:00,20) [kworker/2:0H]
(root,0,0,00:00:15,21) [watchdog/3]
(root,0,0,00:01:12,22) [migration/3]
(root,0,0,00:02:40,23) [ksoftirqd/3]
(root,0,0,00:00:00,25) [kworker/3:0H]
(root,0,0,00:00:18,26) [watchdog/4]
(root,0,0,00:01:12,27) [migration/4]
(root,0,0,00:02:45,28) [ksoftirqd/4]
(root,0,0,00:00:00,30) [kworker/4:0H]
(root,0,0,00:00:15,31) [watchdog/5]
(root,0,0,00:01:12,32) [migration/5]
(root,0,0,00:02:57,33) [ksoftirqd/5]
(root,0,0,00:00:00,35) [kworker/5:0H]
(root,0,0,00:00:18,36) [watchdog/6]
(root,0,0,00:01:15,37) [migration/6]
(root,0,0,00:03:10,38) [ksoftirqd/6]
(root,0,0,00:00:00,40) [kworker/6:0H]
(root,0,0,00:00:15,41) [watchdog/7]
(root,0,0,00:01:14,42) [migration/7]
(root,0,0,00:03:29,43) [ksoftirqd/7]
(root,0,0,00:00:00,45) [kworker/7:0H]
(root,0,0,00:00:00,46) [kdevtmpfs]
(root,0,0,00:00:00,47) [netns]
(root,0,0,00:00:00,48) [perf]
(root,0,0,00:00:04,49) [khungtaskd]
(root,0,0,00:00:00,50) [writeback]
(root,0,0,00:00:00,51) [ksmd]
(root,0,0,00:00:00,52) [khugepaged]
(root,0,0,00:00:00,53) [crypto]
(root,0,0,00:00:00,54) [kintegrityd]
(root,0,0,00:00:00,55) [bioset]
(root,0,0,00:00:00,56) [kblockd]
(root,0,0,00:00:00,57) [ata_sff]
(root,0,0,00:00:00,58) [md]
(root,0,0,00:00:00,59) [devfreq_wq]
(root,0,0,00:00:00,64) [kswapd0]
(root,0,0,00:00:00,65) [vmstat]
(root,0,0,00:00:00,66) [fsnotify_mark]
(root,0,0,00:00:00,67) [ecryptfs-kthrea]
(root,0,0,00:00:00,83) [kthrotld]
(root,0,0,00:00:00,90) [acpi_thermal_pm]
(root,0,0,00:00:00,91) [bioset]
(root,0,0,00:00:00,92) [bioset]
(root,0,0,00:00:00,93) [bioset]
(root,0,0,00:00:00,94) [bioset]
(root,0,0,00:00:00,95) [bioset]
(root,0,0,00:00:00,96) [bioset]
(root,0,0,00:00:00,97) [bioset]
(root,0,0,00:00:00,98) [bioset]
(root,0,0,00:00:00,103) [ipv6_addrconf]
(root,0,0,00:00:00,118) [deferwq]
(root,0,0,00:00:00,119) [charger_manager]
(root,0,0,00:00:00,175) [kpsmoused]
(root,0,0,00:00:00,176) [scsi_eh_0]
(root,0,0,00:00:00,177) [scsi_tmf_0]
(root,0,0,00:00:00,178) [scsi_eh_1]
(root,0,0,00:00:00,179) [scsi_tmf_1]
(root,0,0,00:00:00,198) [ttm_swap]
(root,0,0,00:00:00,212) [bioset]
(root,0,0,00:00:00,218) [scsi_eh_2]
(root,0,0,00:00:00,219) [scsi_tmf_2]
(root,0,0,00:06:12,220) [usb-storage]
(root,0,0,00:00:00,221) [uas]
(root,0,0,00:00:00,222) [scsi_eh_3]
(root,0,0,00:00:00,223) [scsi_tmf_3]
(root,0,0,00:05:54,224) [usb-storage]
(root,0,0,00:00:00,225) [scsi_eh_4]
(root,0,0,00:00:00,226) [scsi_tmf_4]
(root,0,0,00:04:53,227) [usb-storage]
(root,0,0,00:00:00,294) [bioset]
(root,0,0,00:00:00,301) [bioset]
(root,0,0,00:00:00,318) [raid5wq]
(root,0,0,00:00:00,343) [bioset]
(root,0,0,00:00:00,349) [bioset]
(root,0,0,00:00:06,379) [kworker/4:1H]
(root,0,0,00:00:15,380) [kworker/7:1H]
(root,0,0,00:00:19,381) [kworker/1:1H]
(root,0,0,00:00:07,382) [kworker/2:1H]
(root,0,0,00:00:07,383) [kworker/5:1H]
(root,0,0,00:00:07,384) [kworker/6:1H]
(root,0,0,00:02:15,386) [jbd2/sda1-8]
(root,0,0,00:00:00,387) [ext4-rsv-conver]
(root,0,0,00:00:00,446) [iscsi_eh]
(root,0,0,00:00:00,447) [kauditd]
(root,0,0,00:00:00,457) [ib_addr]
(root,0,0,00:00:00,465) [ib_mcast]
(root,0,0,00:00:00,466) [ib_nl_sa_wq]
(root,0,0,00:00:00,467) [ib_cm]
(root,35268,5388,01:09:24,469) /lib/systemd/systemd-journald
(root,0,0,00:00:00,471) [iw_cm_wq]
(root,0,0,00:00:00,472) [rdma_cm]
(root,0,0,00:00:07,480) [kworker/0:1H]
(root,94768,1480,00:00:00,512) /sbin/lvmetad -f
(root,44964,4524,00:00:06,534) /lib/systemd/systemd-udevd
(systemd+,100320,2616,00:00:06,587) /lib/systemd/systemd-timesyncd
(root,0,0,00:00:00,766) [kvm-irqfd-clean]
(root,280044,6356,00:09:47,1088) /usr/lib/accountsservice/accounts-daemon
(daemon,26040,2204,00:00:00,1091) /usr/sbin/atd -f
(root,4392,1228,00:00:00,1099) /usr/sbin/acpid
(syslog,256388,4280,00:14:30,1101) /usr/sbin/rsyslogd -n
(message+,42900,3976,00:18:41,1105) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation
(root,30816,2788,00:00:21,1139) /usr/sbin/cron -f
(root,309668,2252,00:01:56,1141) /usr/bin/lxcfs /var/lib/lxcfs/
(root,20096,1204,00:05:59,1143) /lib/systemd/systemd-logind
(root,13368,156,00:00:00,1157) /sbin/mdadm --monitor --pid-file /run/mdadm/monitor.pid --daemonise --scan --syslog
(root,0,0,00:00:07,1167) [kworker/3:1H]
(root,277084,6036,00:00:01,1171) /usr/lib/policykit-1/polkitd --no-debug
(root,58208,4388,00:00:12,1182) lldpd: monitor
(root,5216,152,00:02:07,1225) /sbin/iscsid
(root,5716,3508,00:09:35,1226) /sbin/iscsid
(root,19568,2104,00:13:31,1335) /usr/sbin/irqbalance --pid=/var/run/irqbalance.pid
(chilli,34196,11368,3-03:03:02,1371) /usr/sbin/chilli --fg
(root,14232,2124,00:08:00,1383) /usr/sbin/lldpad -d
(root,65508,6324,00:05:53,1421) /usr/sbin/sshd -D
(_lldpd,58208,2728,00:01:45,1436) lldpd: connected to KBG570-NWCLSW-P165
(root,15052,2144,00:00:31,1504) /usr/sbin/xinetd -pidfile /run/xinetd.pid -stayalive -inetd_compat -inetd_ipv6
(root,155188,39428,00:04:52,1654) /usr/bin/ruby /usr/bin/puppet agent
(root,17772,1812,00:29:53,1716) /sbin/agetty --noclear tty1 linux
(root,0,0,00:00:00,13681) [kworker/u16:3]
(root,37824,5880,00:04:13,18273) /usr/sbin/openvpn --daemon ovpn-99 --status /run/openvpn/99.status 10 --cd /etc/openvpn --script-security 2 --config /etc/openvpn/99.conf --writepid /run/openvpn/99.pid
(root,0,0,00:00:00,22005) [kworker/0:1]
(root,0,0,00:00:00,23564) [kworker/3:0]
(root,0,0,00:00:00,23630) [kworker/u16:1]
(root,0,0,00:00:00,23899) [kworker/2:2]
(dnsmasq,56864,2712,00:00:27,23989) /usr/sbin/dnsmasq -x /run/dnsmasq/dnsmasq.pid -u dnsmasq -I lo -7 /etc/dnsmasq.d,.dpkg-dist,.dpkg-old,.dpkg-new --local-service --trust-anchor=.,19036,8,2,49aac11d7b6f6446702e54a1607371607a1a41855200fd2ce1cdde32f24e8fb5 --trust-anchor=.,20326,8,2,e06d44b80b8f1d39a95c0b0d7c65d08458e880409bbc683457104237c7f8ec8d
(root,0,0,00:00:00,24143) [kworker/5:0]
(root,0,0,00:00:00,24474) [kworker/1:0]
(root,0,0,00:00:00,25041) [kworker/4:0]
(root,0,0,00:00:00,25276) [kworker/6:0]
(root,0,0,00:00:00,26196) [kworker/7:0]
(root,0,0,00:00:00,27107) [kworker/3:1]
(root,0,0,00:00:00,27229) [kworker/0:2]
(root,0,0,00:00:00,27434) [kworker/1:2]
(root,0,0,00:00:00,27677) [kworker/5:1]
(root,0,0,00:00:00,27702) [kworker/4:2]
(root,0,0,00:00:00,28139) [kworker/u16:2]
(root,0,0,00:00:00,28371) [kworker/2:1]
(root,0,0,00:00:00,28697) [kworker/6:2]
(root,0,0,00:00:00,28946) [kworker/7:1]
(root,0,0,00:00:03,28960) [kworker/u16:4]
(root,52028,2980,00:00:00,29609) /usr/sbin/CRON -f
(root,4500,776,00:00:00,29614) /bin/sh -c /bin/bash /usr/local/bin/checklist.sh 1800 >> /var/log/status.log
(root,16528,2960,00:00:00,29617) /bin/bash /usr/local/bin/checklist.sh 1800
(root,9124,668,00:00:00,29633) sleep 1282
(root,0,0,00:00:00,30333) [kworker/3:2]
(root,0,0,00:00:00,30916) [kworker/4:1]
(root,0,0,00:00:00,30936) [kworker/u16:0]
(root,0,0,00:00:00,31040) [kworker/0:0]
(root,0,0,00:00:00,31381) [kworker/6:1]
(root,0,0,00:00:00,31481) [kworker/2:0]
(root,0,0,00:00:00,31606) [kworker/5:2]
(root,108184,2720,00:00:05,32045) /usr/bin/monit -c /etc/monit/monitrc
(root,0,0,00:00:00,32290) [systemctl] <defunct>
(root,0,0,00:00:00,32291) [lookup.check.sh] <defunct>
(root,24928,3344,00:00:00,32473) /bin/bash /usr/bin/check_mk_agent
(root,34420,2932,00:00:00,32492) ps ax -o user,vsz,rss,cputime,pid,command --columns 10000
(root,13360,1088,00:00:00,32493) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4,\5) /

Found on 2024-09-17 22:05

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcb0928f4f5d588c3c6d1d4d0fd5fda439818db5ebd

Found public CheckMk agent:
Version: 1.2.6p12
AgentOS: linux
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
OnlyFrom: 

Found process list through CheckMk:
(root,185300,5920,06:38:36,1) /sbin/init
(root,0,0,00:00:07,2) [kthreadd]
(root,0,0,00:01:26,3) [ksoftirqd/0]
(root,0,0,00:00:00,5) [kworker/0:0H]
(root,0,0,01:27:37,7) [rcu_sched]
(root,0,0,00:00:00,8) [rcu_bh]
(root,0,0,00:01:14,9) [migration/0]
(root,0,0,00:00:18,10) [watchdog/0]
(root,0,0,00:00:17,11) [watchdog/1]
(root,0,0,00:01:12,12) [migration/1]
(root,0,0,00:04:44,13) [ksoftirqd/1]
(root,0,0,00:00:00,15) [kworker/1:0H]
(root,0,0,00:00:17,16) [watchdog/2]
(root,0,0,00:01:11,17) [migration/2]
(root,0,0,00:02:37,18) [ksoftirqd/2]
(root,0,0,00:00:00,20) [kworker/2:0H]
(root,0,0,00:00:14,21) [watchdog/3]
(root,0,0,00:01:10,22) [migration/3]
(root,0,0,00:02:36,23) [ksoftirqd/3]
(root,0,0,00:00:00,25) [kworker/3:0H]
(root,0,0,00:00:17,26) [watchdog/4]
(root,0,0,00:01:10,27) [migration/4]
(root,0,0,00:02:39,28) [ksoftirqd/4]
(root,0,0,00:00:00,30) [kworker/4:0H]
(root,0,0,00:00:14,31) [watchdog/5]
(root,0,0,00:01:10,32) [migration/5]
(root,0,0,00:02:51,33) [ksoftirqd/5]
(root,0,0,00:00:00,35) [kworker/5:0H]
(root,0,0,00:00:17,36) [watchdog/6]
(root,0,0,00:01:13,37) [migration/6]
(root,0,0,00:03:04,38) [ksoftirqd/6]
(root,0,0,00:00:00,40) [kworker/6:0H]
(root,0,0,00:00:14,41) [watchdog/7]
(root,0,0,00:01:12,42) [migration/7]
(root,0,0,00:03:22,43) [ksoftirqd/7]
(root,0,0,00:00:00,45) [kworker/7:0H]
(root,0,0,00:00:00,46) [kdevtmpfs]
(root,0,0,00:00:00,47) [netns]
(root,0,0,00:00:00,48) [perf]
(root,0,0,00:00:04,49) [khungtaskd]
(root,0,0,00:00:00,50) [writeback]
(root,0,0,00:00:00,51) [ksmd]
(root,0,0,00:00:00,52) [khugepaged]
(root,0,0,00:00:00,53) [crypto]
(root,0,0,00:00:00,54) [kintegrityd]
(root,0,0,00:00:00,55) [bioset]
(root,0,0,00:00:00,56) [kblockd]
(root,0,0,00:00:00,57) [ata_sff]
(root,0,0,00:00:00,58) [md]
(root,0,0,00:00:00,59) [devfreq_wq]
(root,0,0,00:00:00,64) [kswapd0]
(root,0,0,00:00:00,65) [vmstat]
(root,0,0,00:00:00,66) [fsnotify_mark]
(root,0,0,00:00:00,67) [ecryptfs-kthrea]
(root,0,0,00:00:00,83) [kthrotld]
(root,0,0,00:00:00,90) [acpi_thermal_pm]
(root,0,0,00:00:00,91) [bioset]
(root,0,0,00:00:00,92) [bioset]
(root,0,0,00:00:00,93) [bioset]
(root,0,0,00:00:00,94) [bioset]
(root,0,0,00:00:00,95) [bioset]
(root,0,0,00:00:00,96) [bioset]
(root,0,0,00:00:00,97) [bioset]
(root,0,0,00:00:00,98) [bioset]
(root,0,0,00:00:00,103) [ipv6_addrconf]
(root,0,0,00:00:00,118) [deferwq]
(root,0,0,00:00:00,119) [charger_manager]
(root,0,0,00:00:00,175) [kpsmoused]
(root,0,0,00:00:00,176) [scsi_eh_0]
(root,0,0,00:00:00,177) [scsi_tmf_0]
(root,0,0,00:00:00,178) [scsi_eh_1]
(root,0,0,00:00:00,179) [scsi_tmf_1]
(root,0,0,00:00:00,198) [ttm_swap]
(root,0,0,00:00:00,212) [bioset]
(root,0,0,00:00:00,218) [scsi_eh_2]
(root,0,0,00:00:00,219) [scsi_tmf_2]
(root,0,0,00:06:02,220) [usb-storage]
(root,0,0,00:00:00,221) [uas]
(root,0,0,00:00:00,222) [scsi_eh_3]
(root,0,0,00:00:00,223) [scsi_tmf_3]
(root,0,0,00:05:44,224) [usb-storage]
(root,0,0,00:00:00,225) [scsi_eh_4]
(root,0,0,00:00:00,226) [scsi_tmf_4]
(root,0,0,00:04:45,227) [usb-storage]
(root,0,0,00:00:00,294) [bioset]
(root,0,0,00:00:00,301) [bioset]
(root,0,0,00:00:00,318) [raid5wq]
(root,0,0,00:00:00,343) [bioset]
(root,0,0,00:00:00,349) [bioset]
(root,0,0,00:00:06,379) [kworker/4:1H]
(root,0,0,00:00:15,380) [kworker/7:1H]
(root,0,0,00:00:19,381) [kworker/1:1H]
(root,0,0,00:00:07,382) [kworker/2:1H]
(root,0,0,00:00:07,383) [kworker/5:1H]
(root,0,0,00:00:07,384) [kworker/6:1H]
(root,0,0,00:02:11,386) [jbd2/sda1-8]
(root,0,0,00:00:00,387) [ext4-rsv-conver]
(root,0,0,00:00:00,446) [iscsi_eh]
(root,0,0,00:00:00,447) [kauditd]
(root,0,0,00:00:00,457) [ib_addr]
(root,0,0,00:00:00,465) [ib_mcast]
(root,0,0,00:00:00,466) [ib_nl_sa_wq]
(root,0,0,00:00:00,467) [ib_cm]
(root,35268,6424,01:07:24,469) /lib/systemd/systemd-journald
(root,0,0,00:00:00,471) [iw_cm_wq]
(root,0,0,00:00:00,472) [rdma_cm]
(root,0,0,00:00:07,480) [kworker/0:1H]
(root,94768,1480,00:00:00,512) /sbin/lvmetad -f
(root,44964,4524,00:00:06,534) /lib/systemd/systemd-udevd
(systemd+,100320,2616,00:00:06,587) /lib/systemd/systemd-timesyncd
(root,0,0,00:00:00,766) [kvm-irqfd-clean]
(root,280044,6356,00:09:34,1088) /usr/lib/accountsservice/accounts-daemon
(daemon,26040,2204,00:00:00,1091) /usr/sbin/atd -f
(root,4392,1228,00:00:00,1099) /usr/sbin/acpid
(syslog,256388,4280,00:14:07,1101) /usr/sbin/rsyslogd -n
(message+,42900,3976,00:18:11,1105) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation
(root,30816,2788,00:00:20,1139) /usr/sbin/cron -f
(root,309668,2252,00:01:53,1141) /usr/bin/lxcfs /var/lib/lxcfs/
(root,20096,1204,00:05:50,1143) /lib/systemd/systemd-logind
(root,13368,156,00:00:00,1157) /sbin/mdadm --monitor --pid-file /run/mdadm/monitor.pid --daemonise --scan --syslog
(root,0,0,00:00:07,1167) [kworker/3:1H]
(root,277084,6036,00:00:01,1171) /usr/lib/policykit-1/polkitd --no-debug
(root,58208,4388,00:00:12,1182) lldpd: monitor
(root,5216,152,00:02:04,1225) /sbin/iscsid
(root,5716,3508,00:09:19,1226) /sbin/iscsid
(root,19568,2104,00:13:08,1335) /usr/sbin/irqbalance --pid=/var/run/irqbalance.pid
(chilli,34196,11368,3-00:36:38,1371) /usr/sbin/chilli --fg
(root,14232,2124,00:07:47,1383) /usr/sbin/lldpad -d
(root,0,0,00:00:00,1409) [kworker/3:1]
(root,65508,6324,00:05:47,1421) /usr/sbin/sshd -D
(_lldpd,58208,2728,00:01:42,1436) lldpd: connected to KBG570-NWCLSW-P165
(root,15052,2144,00:00:30,1504) /usr/sbin/xinetd -pidfile /run/xinetd.pid -stayalive -inetd_compat -inetd_ipv6
(root,0,0,00:00:00,1640) [kworker/2:0]
(root,155188,39428,00:04:44,1654) /usr/bin/ruby /usr/bin/puppet agent
(root,17772,1812,00:29:03,1716) /sbin/agetty --noclear tty1 linux
(root,0,0,00:00:00,2575) [kworker/1:1]
(root,0,0,00:00:00,3328) [kworker/0:0]
(root,0,0,00:00:00,3760) [kworker/4:2]
(root,0,0,00:00:00,3880) [kworker/7:1]
(root,0,0,00:00:00,4430) [kworker/6:2]
(root,0,0,00:00:00,4544) [kworker/5:1]
(root,0,0,00:00:00,5098) [kworker/2:2]
(root,0,0,00:00:00,6417) [kworker/1:0]
(root,0,0,00:00:00,6426) [kworker/3:2]
(root,108184,2732,00:00:00,6434) /usr/bin/monit -c /etc/monit/monitrc
(root,0,0,00:00:00,6904) [kworker/0:1]
(root,0,0,00:00:00,7592) [kworker/4:1]
(root,0,0,00:00:00,8260) [kworker/7:0]
(root,0,0,00:00:00,8391) [kworker/u16:2]
(root,0,0,00:00:00,9708) [kworker/5:0]
(root,0,0,00:00:00,9827) [kworker/3:0]
(root,0,0,00:00:00,9938) [kworker/6:1]
(root,0,0,00:00:00,10065) [kworker/0:2]
(root,0,0,00:00:00,10066) [kworker/1:2]
(root,0,0,00:00:00,10296) [kworker/2:1]
(root,52028,2980,00:00:00,10593) /usr/sbin/CRON -f
(root,4500,780,00:00:00,10596) /bin/sh -c /bin/bash /usr/local/bin/checklist.sh 1800 >> /var/log/status.log
(root,16528,3060,00:00:00,10599) /bin/bash /usr/local/bin/checklist.sh 1800
(root,9124,812,00:00:00,10604) sleep 963
(root,0,0,00:00:00,10642) [kworker/4:0]
(root,0,0,00:00:00,11088) [kworker/u16:1]
(root,0,0,00:00:00,11422) [kworker/7:2]
(root,0,0,00:00:00,11426) [systemctl] <defunct>
(root,0,0,00:00:00,11427) [lookup.check.sh] <defunct>
(root,24928,3276,00:00:00,11694) /bin/bash /usr/bin/check_mk_agent
(root,34420,2920,00:00:00,11713) ps ax -o user,vsz,rss,cputime,pid,command --columns 10000
(root,13360,1156,00:00:00,11714) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4,\5) /
(dnsmasq,56864,2740,00:00:12,11893) /usr/sbin/dnsmasq -x /run/dnsmasq/dnsmasq.pid -u dnsmasq -I lo -7 /etc/dnsmasq.d,.dpkg-dist,.dpkg-old,.dpkg-new --local-service --trust-anchor=.,19036,8,2,49aac11d7b6f6446702e54a1607371607a1a41855200fd2ce1cdde32f24e8fb5 --trust-anchor=.,20326,8,2,e06d44b80b8f1d39a95c0b0d7c65d08458e880409bbc683457104237c7f8ec8d
(root,37824,5880,00:03:53,18273) /usr/sbin/openvpn --daemon ovpn-99 --status /run/openvpn/99.status 10 --cd /etc/openvpn --script-security 2 --config /etc/openvpn/99.conf --writepid /run/openvpn/99.pid
(root,0,0,00:00:01,22763) [kworker/u16:0]
(root,0,0,00:00:00,24439) [kworker/u16:4]
(root,0,0,00:00:00,25051) [kworker/6:0]
(root,0,0,00:00:00,30632) [kworker/5:2]

Found on 2024-09-15 23:16

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcb0928f4f5d588c3c6d1d4d0fd5fda4398e91afef1

Found public CheckMk agent:
Version: 1.2.6p12
AgentOS: linux
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
OnlyFrom: 

Found process list through CheckMk:
(root,185300,5908,06:26:56,1) /sbin/init
(root,0,0,00:00:07,2) [kthreadd]
(root,0,0,00:01:24,3) [ksoftirqd/0]
(root,0,0,00:00:00,5) [kworker/0:0H]
(root,0,0,01:25:24,7) [rcu_sched]
(root,0,0,00:00:00,8) [rcu_bh]
(root,0,0,00:01:12,9) [migration/0]
(root,0,0,00:00:17,10) [watchdog/0]
(root,0,0,00:00:16,11) [watchdog/1]
(root,0,0,00:01:10,12) [migration/1]
(root,0,0,00:04:37,13) [ksoftirqd/1]
(root,0,0,00:00:00,15) [kworker/1:0H]
(root,0,0,00:00:16,16) [watchdog/2]
(root,0,0,00:01:09,17) [migration/2]
(root,0,0,00:02:33,18) [ksoftirqd/2]
(root,0,0,00:00:00,20) [kworker/2:0H]
(root,0,0,00:00:14,21) [watchdog/3]
(root,0,0,00:01:08,22) [migration/3]
(root,0,0,00:02:32,23) [ksoftirqd/3]
(root,0,0,00:00:00,25) [kworker/3:0H]
(root,0,0,00:00:16,26) [watchdog/4]
(root,0,0,00:01:08,27) [migration/4]
(root,0,0,00:02:35,28) [ksoftirqd/4]
(root,0,0,00:00:00,30) [kworker/4:0H]
(root,0,0,00:00:14,31) [watchdog/5]
(root,0,0,00:01:08,32) [migration/5]
(root,0,0,00:02:47,33) [ksoftirqd/5]
(root,0,0,00:00:00,35) [kworker/5:0H]
(root,0,0,00:00:17,36) [watchdog/6]
(root,0,0,00:01:11,37) [migration/6]
(root,0,0,00:02:59,38) [ksoftirqd/6]
(root,0,0,00:00:00,40) [kworker/6:0H]
(root,0,0,00:00:14,41) [watchdog/7]
(root,0,0,00:01:10,42) [migration/7]
(root,0,0,00:03:17,43) [ksoftirqd/7]
(root,0,0,00:00:00,45) [kworker/7:0H]
(root,0,0,00:00:00,46) [kdevtmpfs]
(root,0,0,00:00:00,47) [netns]
(root,0,0,00:00:00,48) [perf]
(root,0,0,00:00:04,49) [khungtaskd]
(root,0,0,00:00:00,50) [writeback]
(root,0,0,00:00:00,51) [ksmd]
(root,0,0,00:00:00,52) [khugepaged]
(root,0,0,00:00:00,53) [crypto]
(root,0,0,00:00:00,54) [kintegrityd]
(root,0,0,00:00:00,55) [bioset]
(root,0,0,00:00:00,56) [kblockd]
(root,0,0,00:00:00,57) [ata_sff]
(root,0,0,00:00:00,58) [md]
(root,0,0,00:00:00,59) [devfreq_wq]
(root,0,0,00:00:00,64) [kswapd0]
(root,0,0,00:00:00,65) [vmstat]
(root,0,0,00:00:00,66) [fsnotify_mark]
(root,0,0,00:00:00,67) [ecryptfs-kthrea]
(root,0,0,00:00:00,83) [kthrotld]
(root,0,0,00:00:00,90) [acpi_thermal_pm]
(root,0,0,00:00:00,91) [bioset]
(root,0,0,00:00:00,92) [bioset]
(root,0,0,00:00:00,93) [bioset]
(root,0,0,00:00:00,94) [bioset]
(root,0,0,00:00:00,95) [bioset]
(root,0,0,00:00:00,96) [bioset]
(root,0,0,00:00:00,97) [bioset]
(root,0,0,00:00:00,98) [bioset]
(root,0,0,00:00:00,103) [ipv6_addrconf]
(root,0,0,00:00:00,118) [deferwq]
(root,0,0,00:00:00,119) [charger_manager]
(root,0,0,00:00:00,175) [kpsmoused]
(root,0,0,00:00:00,176) [scsi_eh_0]
(root,0,0,00:00:00,177) [scsi_tmf_0]
(root,0,0,00:00:00,178) [scsi_eh_1]
(root,0,0,00:00:00,179) [scsi_tmf_1]
(root,0,0,00:00:00,198) [ttm_swap]
(root,0,0,00:00:00,212) [bioset]
(root,0,0,00:00:00,218) [scsi_eh_2]
(root,0,0,00:00:00,219) [scsi_tmf_2]
(root,0,0,00:05:51,220) [usb-storage]
(root,0,0,00:00:00,221) [uas]
(root,0,0,00:00:00,222) [scsi_eh_3]
(root,0,0,00:00:00,223) [scsi_tmf_3]
(root,0,0,00:05:34,224) [usb-storage]
(root,0,0,00:00:00,225) [scsi_eh_4]
(root,0,0,00:00:00,226) [scsi_tmf_4]
(root,0,0,00:04:37,227) [usb-storage]
(root,0,0,00:00:00,294) [bioset]
(root,0,0,00:00:00,301) [bioset]
(root,0,0,00:00:00,318) [raid5wq]
(root,0,0,00:00:00,343) [bioset]
(root,0,0,00:00:00,349) [bioset]
(root,0,0,00:00:05,379) [kworker/4:1H]
(root,0,0,00:00:15,380) [kworker/7:1H]
(root,0,0,00:00:18,381) [kworker/1:1H]
(root,0,0,00:00:06,382) [kworker/2:1H]
(root,0,0,00:00:06,383) [kworker/5:1H]
(root,0,0,00:00:07,384) [kworker/6:1H]
(root,0,0,00:02:08,386) [jbd2/sda1-8]
(root,0,0,00:00:00,387) [ext4-rsv-conver]
(root,0,0,00:00:00,446) [iscsi_eh]
(root,0,0,00:00:00,447) [kauditd]
(root,0,0,00:00:00,457) [ib_addr]
(root,0,0,00:00:00,465) [ib_mcast]
(root,0,0,00:00:00,466) [ib_nl_sa_wq]
(root,0,0,00:00:00,467) [ib_cm]
(root,35268,4900,01:06:12,469) /lib/systemd/systemd-journald
(root,0,0,00:00:00,471) [iw_cm_wq]
(root,0,0,00:00:00,472) [rdma_cm]
(root,0,0,00:00:07,480) [kworker/0:1H]
(root,94768,1480,00:00:00,512) /sbin/lvmetad -f
(root,44964,4524,00:00:06,534) /lib/systemd/systemd-udevd
(systemd+,100320,2616,00:00:06,587) /lib/systemd/systemd-timesyncd
(root,0,0,00:00:00,612) [kworker/6:0]
(root,0,0,00:00:00,766) [kvm-irqfd-clean]
(root,280044,6356,00:09:22,1088) /usr/lib/accountsservice/accounts-daemon
(daemon,26040,2204,00:00:00,1091) /usr/sbin/atd -f
(root,4392,1228,00:00:00,1099) /usr/sbin/acpid
(syslog,256388,4280,00:13:52,1101) /usr/sbin/rsyslogd -n
(message+,42900,3976,00:17:39,1105) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation
(root,30816,2788,00:00:20,1139) /usr/sbin/cron -f
(root,309668,2252,00:01:49,1141) /usr/bin/lxcfs /var/lib/lxcfs/
(root,20096,1204,00:05:40,1143) /lib/systemd/systemd-logind
(root,13368,156,00:00:00,1157) /sbin/mdadm --monitor --pid-file /run/mdadm/monitor.pid --daemonise --scan --syslog
(root,0,0,00:00:07,1167) [kworker/3:1H]
(root,277084,6036,00:00:01,1171) /usr/lib/policykit-1/polkitd --no-debug
(root,58208,4388,00:00:11,1182) lldpd: monitor
(root,0,0,00:00:00,1209) [kworker/3:2]
(root,52028,2980,00:00:00,1210) /usr/sbin/CRON -f
(root,4500,748,00:00:00,1213) /bin/sh -c /bin/bash /usr/local/bin/checklist.sh 1800 >> /var/log/status.log
(root,16528,3016,00:00:00,1216) /bin/bash /usr/local/bin/checklist.sh 1800
(root,9124,808,00:00:00,1220) sleep 1097
(root,5216,152,00:02:00,1225) /sbin/iscsid
(root,5716,3508,00:09:03,1226) /sbin/iscsid
(root,0,0,00:00:00,1254) [kworker/7:1]
(root,19568,2104,00:12:46,1335) /usr/sbin/irqbalance --pid=/var/run/irqbalance.pid
(chilli,34196,11368,2-22:54:15,1371) /usr/sbin/chilli --fg
(root,14232,2124,00:07:33,1383) /usr/sbin/lldpad -d
(root,65508,6324,00:05:41,1421) /usr/sbin/sshd -D
(_lldpd,58208,2728,00:01:39,1436) lldpd: connected to KBG570-NWCLSW-P165
(root,15052,2144,00:00:29,1504) /usr/sbin/xinetd -pidfile /run/xinetd.pid -stayalive -inetd_compat -inetd_ipv6
(root,155188,39428,00:04:36,1654) /usr/bin/ruby /usr/bin/puppet agent
(root,17772,1812,00:28:20,1716) /sbin/agetty --noclear tty1 linux
(root,0,0,00:00:00,2367) [kworker/0:1]
(root,0,0,00:00:00,3169) [kworker/2:0]
(root,0,0,00:00:00,3619) [kworker/5:2]
(root,0,0,00:00:00,4088) [kworker/3:1]
(root,0,0,00:00:00,4658) [kworker/u16:4]
(root,0,0,00:00:00,4768) [kworker/1:0]
(root,0,0,00:00:00,4984) [kworker/6:2]
(root,0,0,00:00:00,5096) [kworker/4:0]
(root,0,0,00:00:00,5218) [kworker/0:0]
(root,0,0,00:00:00,5297) [kworker/u16:1]
(root,0,0,00:00:00,6014) [kworker/2:2]
(root,0,0,00:00:00,6127) [kworker/7:2]
(root,0,0,00:00:01,6317) [kworker/u16:3]
(root,0,0,00:00:00,6458) [kworker/5:0]
(root,0,0,00:00:00,7818) [kworker/u16:2]
(root,0,0,00:00:00,8149) [kworker/4:2]
(root,0,0,00:00:00,8476) [kworker/3:0]
(root,0,0,00:00:00,8609) [kworker/1:1]
(root,0,0,00:00:00,8721) [kworker/6:1]
(root,0,0,00:00:00,9052) [kworker/0:2]
(root,0,0,00:00:00,9285) [kworker/2:1]
(root,52028,2980,00:00:00,9520) /usr/sbin/CRON -f
(root,4500,780,00:00:00,9525) /bin/sh -c /bin/bash /usr/local/bin/checklist.sh 1800 >> /var/log/status.log
(root,16528,3044,00:00:00,9533) /bin/bash /usr/local/bin/checklist.sh 1800
(root,9124,676,00:00:00,9544) sleep 1131
(root,0,0,00:00:00,9571) [systemctl] <defunct>
(root,0,0,00:00:00,9572) [lookup.check.sh] <defunct>
(root,24928,3432,00:00:00,9800) /bin/bash /usr/bin/check_mk_agent
(root,34420,2940,00:00:00,9819) ps ax -o user,vsz,rss,cputime,pid,command --columns 10000
(root,13360,1008,00:00:00,9820) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4,\5) /
(root,0,0,00:00:00,17430) [kworker/u16:0]
(dnsmasq,56864,2784,00:00:07,18182) /usr/sbin/dnsmasq -x /run/dnsmasq/dnsmasq.pid -u dnsmasq -I lo -7 /etc/dnsmasq.d,.dpkg-dist,.dpkg-old,.dpkg-new --local-service --trust-anchor=.,19036,8,2,49aac11d7b6f6446702e54a1607371607a1a41855200fd2ce1cdde32f24e8fb5 --trust-anchor=.,20326,8,2,e06d44b80b8f1d39a95c0b0d7c65d08458e880409bbc683457104237c7f8ec8d
(root,37824,5880,00:03:33,18273) /usr/sbin/openvpn --daemon ovpn-99 --status /run/openvpn/99.status 10 --cd /etc/openvpn --script-security 2 --config /etc/openvpn/99.conf --writepid /run/openvpn/99.pid
(root,108184,2724,00:00:06,26151) /usr/bin/monit -c /etc/monit/monitrc
(root,0,0,00:00:00,30696) [kworker/4:1]
(root,0,0,00:00:00,31572) [kworker/1:2]

Found on 2024-09-13 22:30

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcb0928f4f5d588c3c6d1d4d0fd5fda4398ead853ae

Found public CheckMk agent:
Version: 1.2.6p12
AgentOS: linux
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
OnlyFrom: 

Found process list through CheckMk:
(root,185300,5904,06:15:45,1) /sbin/init
(root,0,0,00:00:07,2) [kthreadd]
(root,0,0,00:01:21,3) [ksoftirqd/0]
(root,0,0,00:00:00,5) [kworker/0:0H]
(root,0,0,01:22:37,7) [rcu_sched]
(root,0,0,00:00:00,8) [rcu_bh]
(root,0,0,00:01:10,9) [migration/0]
(root,0,0,00:00:17,10) [watchdog/0]
(root,0,0,00:00:16,11) [watchdog/1]
(root,0,0,00:01:08,12) [migration/1]
(root,0,0,00:04:28,13) [ksoftirqd/1]
(root,0,0,00:00:00,15) [kworker/1:0H]
(root,0,0,00:00:16,16) [watchdog/2]
(root,0,0,00:01:07,17) [migration/2]
(root,0,0,00:02:28,18) [ksoftirqd/2]
(root,0,0,00:00:00,20) [kworker/2:0H]
(root,0,0,00:00:13,21) [watchdog/3]
(root,0,0,00:01:06,22) [migration/3]
(root,0,0,00:02:27,23) [ksoftirqd/3]
(root,0,0,00:00:00,25) [kworker/3:0H]
(root,0,0,00:00:16,26) [watchdog/4]
(root,0,0,00:01:06,27) [migration/4]
(root,0,0,00:02:31,28) [ksoftirqd/4]
(root,0,0,00:00:00,30) [kworker/4:0H]
(root,0,0,00:00:14,31) [watchdog/5]
(root,0,0,00:01:06,32) [migration/5]
(root,0,0,00:02:42,33) [ksoftirqd/5]
(root,0,0,00:00:00,35) [kworker/5:0H]
(root,0,0,00:00:16,36) [watchdog/6]
(root,0,0,00:01:09,37) [migration/6]
(root,0,0,00:02:54,38) [ksoftirqd/6]
(root,0,0,00:00:00,40) [kworker/6:0H]
(root,0,0,00:00:14,41) [watchdog/7]
(root,0,0,00:01:08,42) [migration/7]
(root,0,0,00:03:11,43) [ksoftirqd/7]
(root,0,0,00:00:00,45) [kworker/7:0H]
(root,0,0,00:00:00,46) [kdevtmpfs]
(root,0,0,00:00:00,47) [netns]
(root,0,0,00:00:00,48) [perf]
(root,0,0,00:00:04,49) [khungtaskd]
(root,0,0,00:00:00,50) [writeback]
(root,0,0,00:00:00,51) [ksmd]
(root,0,0,00:00:00,52) [khugepaged]
(root,0,0,00:00:00,53) [crypto]
(root,0,0,00:00:00,54) [kintegrityd]
(root,0,0,00:00:00,55) [bioset]
(root,0,0,00:00:00,56) [kblockd]
(root,0,0,00:00:00,57) [ata_sff]
(root,0,0,00:00:00,58) [md]
(root,0,0,00:00:00,59) [devfreq_wq]
(root,0,0,00:00:00,64) [kswapd0]
(root,0,0,00:00:00,65) [vmstat]
(root,0,0,00:00:00,66) [fsnotify_mark]
(root,0,0,00:00:00,67) [ecryptfs-kthrea]
(root,0,0,00:00:00,83) [kthrotld]
(root,0,0,00:00:00,90) [acpi_thermal_pm]
(root,0,0,00:00:00,91) [bioset]
(root,0,0,00:00:00,92) [bioset]
(root,0,0,00:00:00,93) [bioset]
(root,0,0,00:00:00,94) [bioset]
(root,0,0,00:00:00,95) [bioset]
(root,0,0,00:00:00,96) [bioset]
(root,0,0,00:00:00,97) [bioset]
(root,0,0,00:00:00,98) [bioset]
(root,0,0,00:00:00,103) [ipv6_addrconf]
(root,0,0,00:00:00,118) [deferwq]
(root,0,0,00:00:00,119) [charger_manager]
(root,0,0,00:00:00,175) [kpsmoused]
(root,0,0,00:00:00,176) [scsi_eh_0]
(root,0,0,00:00:00,177) [scsi_tmf_0]
(root,0,0,00:00:00,178) [scsi_eh_1]
(root,0,0,00:00:00,179) [scsi_tmf_1]
(root,0,0,00:00:00,198) [ttm_swap]
(root,0,0,00:00:00,212) [bioset]
(root,0,0,00:00:00,218) [scsi_eh_2]
(root,0,0,00:00:00,219) [scsi_tmf_2]
(root,0,0,00:05:41,220) [usb-storage]
(root,0,0,00:00:00,221) [uas]
(root,0,0,00:00:00,222) [scsi_eh_3]
(root,0,0,00:00:00,223) [scsi_tmf_3]
(root,0,0,00:05:25,224) [usb-storage]
(root,0,0,00:00:00,225) [scsi_eh_4]
(root,0,0,00:00:00,226) [scsi_tmf_4]
(root,0,0,00:04:29,227) [usb-storage]
(root,0,0,00:00:00,294) [bioset]
(root,0,0,00:00:00,301) [bioset]
(root,0,0,00:00:00,318) [raid5wq]
(root,0,0,00:00:00,343) [bioset]
(root,0,0,00:00:00,349) [bioset]
(root,0,0,00:00:05,379) [kworker/4:1H]
(root,0,0,00:00:14,380) [kworker/7:1H]
(root,0,0,00:00:18,381) [kworker/1:1H]
(root,0,0,00:00:06,382) [kworker/2:1H]
(root,0,0,00:00:06,383) [kworker/5:1H]
(root,0,0,00:00:06,384) [kworker/6:1H]
(root,0,0,00:02:05,386) [jbd2/sda1-8]
(root,0,0,00:00:00,387) [ext4-rsv-conver]
(root,0,0,00:00:00,446) [iscsi_eh]
(root,0,0,00:00:00,447) [kauditd]
(root,0,0,00:00:00,457) [ib_addr]
(root,0,0,00:00:00,465) [ib_mcast]
(root,0,0,00:00:00,466) [ib_nl_sa_wq]
(root,0,0,00:00:00,467) [ib_cm]
(root,35268,8860,01:04:16,469) /lib/systemd/systemd-journald
(root,0,0,00:00:00,471) [iw_cm_wq]
(root,0,0,00:00:00,472) [rdma_cm]
(root,0,0,00:00:07,480) [kworker/0:1H]
(root,94768,1480,00:00:00,512) /sbin/lvmetad -f
(root,44964,4524,00:00:05,534) /lib/systemd/systemd-udevd
(systemd+,100320,2616,00:00:06,587) /lib/systemd/systemd-timesyncd
(root,0,0,00:00:00,766) [kvm-irqfd-clean]
(root,0,0,00:00:00,921) [kworker/7:2]
(root,280044,6356,00:09:07,1088) /usr/lib/accountsservice/accounts-daemon
(daemon,26040,2204,00:00:00,1091) /usr/sbin/atd -f
(root,4392,1228,00:00:00,1099) /usr/sbin/acpid
(syslog,256388,4280,00:13:29,1101) /usr/sbin/rsyslogd -n
(message+,42900,3976,00:17:09,1105) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation
(root,30816,2788,00:00:19,1139) /usr/sbin/cron -f
(root,309668,2252,00:01:46,1141) /usr/bin/lxcfs /var/lib/lxcfs/
(root,20096,1204,00:05:30,1143) /lib/systemd/systemd-logind
(root,13368,156,00:00:00,1157) /sbin/mdadm --monitor --pid-file /run/mdadm/monitor.pid --daemonise --scan --syslog
(root,0,0,00:00:06,1167) [kworker/3:1H]
(root,277084,6036,00:00:01,1171) /usr/lib/policykit-1/polkitd --no-debug
(root,58208,4388,00:00:11,1182) lldpd: monitor
(root,5216,152,00:01:57,1225) /sbin/iscsid
(root,5716,3508,00:08:47,1226) /sbin/iscsid
(root,19568,2104,00:12:23,1335) /usr/sbin/irqbalance --pid=/var/run/irqbalance.pid
(chilli,34196,11368,2-20:41:53,1371) /usr/sbin/chilli --fg
(root,14232,2124,00:07:20,1383) /usr/sbin/lldpad -d
(root,65508,6324,00:05:31,1421) /usr/sbin/sshd -D
(_lldpd,58208,2728,00:01:36,1436) lldpd: connected to KBG570-NWCLSW-P165
(root,15052,2144,00:00:28,1504) /usr/sbin/xinetd -pidfile /run/xinetd.pid -stayalive -inetd_compat -inetd_ipv6
(root,155188,39428,00:04:28,1654) /usr/bin/ruby /usr/bin/puppet agent
(root,17772,1812,00:27:28,1716) /sbin/agetty --noclear tty1 linux
(root,0,0,00:00:00,3375) [kworker/3:2]
(root,0,0,00:00:00,4188) [kworker/4:1]
(root,0,0,00:00:00,4210) [kworker/u16:3]
(root,0,0,00:00:00,4311) [kworker/2:2]
(root,0,0,00:00:00,4556) [kworker/6:1]
(root,0,0,00:00:00,5496) [kworker/5:1]
(root,0,0,00:00:01,6154) [kworker/u16:0]
(root,0,0,00:00:00,6199) [kworker/0:0]
(root,0,0,00:00:00,7233) [kworker/3:0]
(root,0,0,00:00:00,7476) [kworker/1:1]
(root,0,0,00:00:00,7617) [kworker/6:2]
(root,0,0,00:00:00,8178) [kworker/4:2]
(root,0,0,00:00:00,8295) [kworker/2:0]
(root,0,0,00:00:00,9576) [kworker/7:1]
(root,0,0,00:00:00,9786) [kworker/0:2]
(root,0,0,00:00:00,9910) [kworker/u16:1]
(root,0,0,00:00:00,10393) [kworker/1:0]
(root,0,0,00:00:00,10603) [kworker/5:2]
(root,0,0,00:00:00,11041) [kworker/3:1]
(root,0,0,00:00:00,11610) [kworker/2:1]
(root,0,0,00:00:00,12079) [kworker/6:0]
(root,0,0,00:00:00,12423) [kworker/7:0]
(root,52028,2980,00:00:00,12524) /usr/sbin/CRON -f
(root,4500,780,00:00:00,12530) /bin/sh -c /bin/bash /usr/local/bin/checklist.sh 1800 >> /var/log/status.log
(root,16528,3072,00:00:00,12531) /bin/bash /usr/local/bin/checklist.sh 1800
(root,9124,676,00:00:00,12534) sleep 714
(root,0,0,00:00:00,12612) [kworker/u16:4]
(root,0,0,00:00:00,12899) [kworker/4:0]
(root,0,0,00:00:00,13339) [kworker/0:1]
(root,0,0,00:00:00,13582) [systemctl] <defunct>
(root,0,0,00:00:00,13583) [lookup.check.sh] <defunct>
(root,24928,3264,00:00:00,13647) /bin/bash /usr/bin/check_mk_agent
(root,34420,2888,00:00:00,13666) ps ax -o user,vsz,rss,cputime,pid,command --columns 10000
(root,13360,1004,00:00:00,13667) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4,\5) /
(root,37824,5880,00:03:13,18273) /usr/sbin/openvpn --daemon ovpn-99 --status /run/openvpn/99.status 10 --cd /etc/openvpn --script-security 2 --config /etc/openvpn/99.conf --writepid /run/openvpn/99.pid
(dnsmasq,56864,2780,00:00:21,21397) /usr/sbin/dnsmasq -x /run/dnsmasq/dnsmasq.pid -u dnsmasq -I lo -7 /etc/dnsmasq.d,.dpkg-dist,.dpkg-old,.dpkg-new --local-service --trust-anchor=.,19036,8,2,49aac11d7b6f6446702e54a1607371607a1a41855200fd2ce1cdde32f24e8fb5 --trust-anchor=.,20326,8,2,e06d44b80b8f1d39a95c0b0d7c65d08458e880409bbc683457104237c7f8ec8d
(root,108184,2712,00:00:01,23721) /usr/bin/monit -c /etc/monit/monitrc
(root,0,0,00:00:00,27614) [kworker/u16:2]

Found on 2024-09-11 23:47

Severity: high
Fingerprint: 03cb82e6f6a6b45342c4bbcb0928f4f5d588c3c6d1d4d0fd5fda4398f77230f7

Found public CheckMk agent:
Version: 1.2.6p12
AgentOS: linux
AgentDirectory: /etc/check_mk
DataDirectory: /var/lib/check_mk_agent
SpoolDirectory: /var/lib/check_mk_agent/spool
PluginsDirectory: /usr/lib/check_mk_agent/plugins
LocalDirectory: /usr/lib/check_mk_agent/local
OnlyFrom: 

Found process list through CheckMk:
(root,185300,5904,06:10:06,1) /sbin/init
(root,0,0,00:00:07,2) [kthreadd]
(root,0,0,00:01:20,3) [ksoftirqd/0]
(root,0,0,00:00:00,5) [kworker/0:0H]
(root,0,0,01:21:14,7) [rcu_sched]
(root,0,0,00:00:00,8) [rcu_bh]
(root,0,0,00:01:09,9) [migration/0]
(root,0,0,00:00:17,10) [watchdog/0]
(root,0,0,00:00:16,11) [watchdog/1]
(root,0,0,00:01:07,12) [migration/1]
(root,0,0,00:04:24,13) [ksoftirqd/1]
(root,0,0,00:00:00,15) [kworker/1:0H]
(root,0,0,00:00:16,16) [watchdog/2]
(root,0,0,00:01:06,17) [migration/2]
(root,0,0,00:02:26,18) [ksoftirqd/2]
(root,0,0,00:00:00,20) [kworker/2:0H]
(root,0,0,00:00:13,21) [watchdog/3]
(root,0,0,00:01:05,22) [migration/3]
(root,0,0,00:02:24,23) [ksoftirqd/3]
(root,0,0,00:00:00,25) [kworker/3:0H]
(root,0,0,00:00:16,26) [watchdog/4]
(root,0,0,00:01:05,27) [migration/4]
(root,0,0,00:02:28,28) [ksoftirqd/4]
(root,0,0,00:00:00,30) [kworker/4:0H]
(root,0,0,00:00:13,31) [watchdog/5]
(root,0,0,00:01:05,32) [migration/5]
(root,0,0,00:02:39,33) [ksoftirqd/5]
(root,0,0,00:00:00,35) [kworker/5:0H]
(root,0,0,00:00:16,36) [watchdog/6]
(root,0,0,00:01:08,37) [migration/6]
(root,0,0,00:02:51,38) [ksoftirqd/6]
(root,0,0,00:00:00,40) [kworker/6:0H]
(root,0,0,00:00:13,41) [watchdog/7]
(root,0,0,00:01:07,42) [migration/7]
(root,0,0,00:03:08,43) [ksoftirqd/7]
(root,0,0,00:00:00,45) [kworker/7:0H]
(root,0,0,00:00:00,46) [kdevtmpfs]
(root,0,0,00:00:00,47) [netns]
(root,0,0,00:00:00,48) [perf]
(root,0,0,00:00:04,49) [khungtaskd]
(root,0,0,00:00:00,50) [writeback]
(root,0,0,00:00:00,51) [ksmd]
(root,0,0,00:00:00,52) [khugepaged]
(root,0,0,00:00:00,53) [crypto]
(root,0,0,00:00:00,54) [kintegrityd]
(root,0,0,00:00:00,55) [bioset]
(root,0,0,00:00:00,56) [kblockd]
(root,0,0,00:00:00,57) [ata_sff]
(root,0,0,00:00:00,58) [md]
(root,0,0,00:00:00,59) [devfreq_wq]
(root,0,0,00:00:00,64) [kswapd0]
(root,0,0,00:00:00,65) [vmstat]
(root,0,0,00:00:00,66) [fsnotify_mark]
(root,0,0,00:00:00,67) [ecryptfs-kthrea]
(root,0,0,00:00:00,83) [kthrotld]
(root,0,0,00:00:00,90) [acpi_thermal_pm]
(root,0,0,00:00:00,91) [bioset]
(root,0,0,00:00:00,92) [bioset]
(root,0,0,00:00:00,93) [bioset]
(root,0,0,00:00:00,94) [bioset]
(root,0,0,00:00:00,95) [bioset]
(root,0,0,00:00:00,96) [bioset]
(root,0,0,00:00:00,97) [bioset]
(root,0,0,00:00:00,98) [bioset]
(root,0,0,00:00:00,103) [ipv6_addrconf]
(root,0,0,00:00:00,118) [deferwq]
(root,0,0,00:00:00,119) [charger_manager]
(root,0,0,00:00:00,175) [kpsmoused]
(root,0,0,00:00:00,176) [scsi_eh_0]
(root,0,0,00:00:00,177) [scsi_tmf_0]
(root,0,0,00:00:00,178) [scsi_eh_1]
(root,0,0,00:00:00,179) [scsi_tmf_1]
(root,0,0,00:00:00,198) [ttm_swap]
(root,0,0,00:00:00,212) [bioset]
(root,0,0,00:00:00,218) [scsi_eh_2]
(root,0,0,00:00:00,219) [scsi_tmf_2]
(root,0,0,00:05:36,220) [usb-storage]
(root,0,0,00:00:00,221) [uas]
(root,0,0,00:00:00,222) [scsi_eh_3]
(root,0,0,00:00:00,223) [scsi_tmf_3]
(root,0,0,00:05:20,224) [usb-storage]
(root,0,0,00:00:00,225) [scsi_eh_4]
(root,0,0,00:00:00,226) [scsi_tmf_4]
(root,0,0,00:04:25,227) [usb-storage]
(root,0,0,00:00:00,294) [bioset]
(root,0,0,00:00:00,301) [bioset]
(root,0,0,00:00:00,318) [raid5wq]
(root,0,0,00:00:00,343) [bioset]
(root,0,0,00:00:00,349) [bioset]
(root,0,0,00:00:05,379) [kworker/4:1H]
(root,0,0,00:00:14,380) [kworker/7:1H]
(root,0,0,00:00:17,381) [kworker/1:1H]
(root,0,0,00:00:06,382) [kworker/2:1H]
(root,0,0,00:00:06,383) [kworker/5:1H]
(root,0,0,00:00:06,384) [kworker/6:1H]
(root,0,0,00:02:03,386) [jbd2/sda1-8]
(root,0,0,00:00:00,387) [ext4-rsv-conver]
(root,0,0,00:00:00,446) [iscsi_eh]
(root,0,0,00:00:00,447) [kauditd]
(root,0,0,00:00:00,457) [ib_addr]
(root,0,0,00:00:00,465) [ib_mcast]
(root,0,0,00:00:00,466) [ib_nl_sa_wq]
(root,0,0,00:00:00,467) [ib_cm]
(root,35268,4064,01:03:22,469) /lib/systemd/systemd-journald
(root,0,0,00:00:00,471) [iw_cm_wq]
(root,0,0,00:00:00,472) [rdma_cm]
(root,0,0,00:00:07,480) [kworker/0:1H]
(root,94768,1480,00:00:00,512) /sbin/lvmetad -f
(root,44964,4524,00:00:05,534) /lib/systemd/systemd-udevd
(systemd+,100320,2616,00:00:06,587) /lib/systemd/systemd-timesyncd
(root,0,0,00:00:00,766) [kvm-irqfd-clean]
(root,280044,6356,00:09:00,1088) /usr/lib/accountsservice/accounts-daemon
(daemon,26040,2204,00:00:00,1091) /usr/sbin/atd -f
(root,4392,1228,00:00:00,1099) /usr/sbin/acpid
(syslog,256388,4280,00:13:17,1101) /usr/sbin/rsyslogd -n
(message+,42900,3976,00:16:54,1105) /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation
(root,30816,2788,00:00:19,1139) /usr/sbin/cron -f
(root,309668,2252,00:01:44,1141) /usr/bin/lxcfs /var/lib/lxcfs/
(root,20096,1204,00:05:25,1143) /lib/systemd/systemd-logind
(root,13368,156,00:00:00,1157) /sbin/mdadm --monitor --pid-file /run/mdadm/monitor.pid --daemonise --scan --syslog
(root,0,0,00:00:06,1167) [kworker/3:1H]
(root,277084,6036,00:00:01,1171) /usr/lib/policykit-1/polkitd --no-debug
(root,58208,4388,00:00:11,1182) lldpd: monitor
(root,5216,152,00:01:55,1225) /sbin/iscsid
(root,5716,3508,00:08:39,1226) /sbin/iscsid
(root,19568,2104,00:12:12,1335) /usr/sbin/irqbalance --pid=/var/run/irqbalance.pid
(chilli,34196,11368,2-19:27:04,1371) /usr/sbin/chilli --fg
(root,14232,2124,00:07:13,1383) /usr/sbin/lldpad -d
(root,65508,6324,00:05:27,1421) /usr/sbin/sshd -D
(_lldpd,58208,2728,00:01:35,1436) lldpd: connected to KBG570-NWCLSW-P165
(root,15052,2144,00:00:28,1504) /usr/sbin/xinetd -pidfile /run/xinetd.pid -stayalive -inetd_compat -inetd_ipv6
(root,155188,39428,00:04:24,1654) /usr/bin/ruby /usr/bin/puppet agent
(dnsmasq,56864,2656,00:00:07,1691) /usr/sbin/dnsmasq -x /run/dnsmasq/dnsmasq.pid -u dnsmasq -I lo -7 /etc/dnsmasq.d,.dpkg-dist,.dpkg-old,.dpkg-new --local-service --trust-anchor=.,19036,8,2,49aac11d7b6f6446702e54a1607371607a1a41855200fd2ce1cdde32f24e8fb5 --trust-anchor=.,20326,8,2,e06d44b80b8f1d39a95c0b0d7c65d08458e880409bbc683457104237c7f8ec8d
(root,17772,1812,00:27:01,1716) /sbin/agetty --noclear tty1 linux
(root,0,0,00:00:00,14737) [kworker/5:1]
(root,0,0,00:00:00,15128) [kworker/0:0]
(root,0,0,00:00:00,15274) [kworker/3:2]
(root,0,0,00:00:00,16086) [kworker/6:2]
(root,0,0,00:00:00,16358) [kworker/4:1]
(root,0,0,00:00:00,16577) [kworker/7:0]
(root,0,0,00:00:00,16921) [kworker/u16:0]
(root,0,0,00:00:00,17399) [kworker/1:1]
(root,0,0,00:00:00,18090) [kworker/5:2]
(root,37824,5880,00:03:03,18273) /usr/sbin/openvpn --daemon ovpn-99 --status /run/openvpn/99.status 10 --cd /etc/openvpn --script-security 2 --config /etc/openvpn/99.conf --writepid /run/openvpn/99.pid
(root,108184,2776,00:00:03,18650) /usr/bin/monit -c /etc/monit/monitrc
(root,0,0,00:00:00,19011) [kworker/3:1]
(root,0,0,00:00:00,19461) [kworker/4:2]
(root,0,0,00:00:00,19574) [kworker/2:0]
(root,0,0,00:00:00,19832) [kworker/6:0]
(root,0,0,00:00:00,19932) [kworker/7:1]
(root,0,0,00:00:00,20811) [kworker/0:2]
(root,0,0,00:00:00,21255) [kworker/1:0]
(root,0,0,00:00:00,22425) [kworker/2:2]
(root,0,0,00:00:00,22763) [kworker/4:0]
(root,0,0,00:00:00,22876) [kworker/u16:1]
(root,0,0,00:00:00,22999) [kworker/5:0]
(root,0,0,00:00:00,23111) [kworker/7:2]
(root,0,0,00:00:00,23797) [kworker/6:1]
(root,52028,2980,00:00:00,24430) /usr/sbin/CRON -f
(root,4500,700,00:00:00,24433) /bin/sh -c /bin/bash /usr/local/bin/checklist.sh 1800 >> /var/log/status.log
(root,16528,3044,00:00:00,24434) /bin/bash /usr/local/bin/checklist.sh 1800
(root,9124,668,00:00:00,24440) sleep 1144
(root,0,0,00:00:00,24505) [kworker/1:2]
(root,0,0,00:00:00,24538) [kworker/u16:3]
(root,0,0,00:00:00,24699) [kworker/3:0]
(root,0,0,00:00:00,25076) [systemctl] <defunct>
(root,0,0,00:00:00,25077) [lookup.check.sh] <defunct>
(root,24904,3384,00:00:00,25256) /bin/bash /usr/local/bin/issue-generator
(root,6532,696,00:00:00,25314) ping -q -c 2 -W 1 8.8.8.8
(root,24928,3276,00:00:00,25399) /bin/bash /usr/bin/check_mk_agent
(root,34420,2932,00:00:00,25418) ps ax -o user,vsz,rss,cputime,pid,command --columns 10000
(root,13360,968,00:00:00,25419) sed -e 1d -e s/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4,\5) /
(root,0,0,00:00:00,28251) [kworker/u16:2]

Found on 2024-09-11 00:16

Host 95.43.247.34

Bulgaria

CheckMK monitoring endpoint publicly available

Domain summary