2022-09-08 21:58:56 +00:00
|
|
|
SELECT p.pid,
|
|
|
|
|
p.name,
|
|
|
|
|
p.path,
|
|
|
|
|
f.mode,
|
|
|
|
|
f.uid,
|
2022-09-14 14:51:56 +00:00
|
|
|
f.gid,
|
|
|
|
|
hash.sha256
|
2022-09-08 21:58:56 +00:00
|
|
|
FROM processes p
|
|
|
|
|
JOIN file f ON p.path = f.path
|
2022-09-14 14:51:56 +00:00
|
|
|
LEFT JOIN hash ON p.path = hash.path
|
2022-09-08 21:58:56 +00:00
|
|
|
WHERE f.mode NOT IN (
|
2022-09-14 14:51:56 +00:00
|
|
|
'0500',
|
|
|
|
|
'0544',
|
2022-09-08 21:58:56 +00:00
|
|
|
'0555',
|
2022-09-14 14:51:56 +00:00
|
|
|
'0711',
|
|
|
|
|
'0755',
|
2022-09-08 21:58:56 +00:00
|
|
|
'0775',
|
2022-09-14 14:51:56 +00:00
|
|
|
'2755',
|
2022-09-08 21:58:56 +00:00
|
|
|
'4511',
|
2022-09-14 14:51:56 +00:00
|
|
|
'4555',
|
|
|
|
|
'4755'
|
2022-09-08 21:58:56 +00:00
|
|
|
)
|
2022-09-14 14:51:56 +00:00
|
|
|
AND NOT (f.path = '/Library/Application Support/Logitech/com.logitech.vc.LogiVCCoreService/LogiVCCoreService.app/Contents/MacOS/LogiVCCoreService' AND f.mode = '0777' AND f.uid>500)
|
2022-09-15 13:34:45 +00:00
|
|
|
AND NOT (f.path = '/opt/1Password/1Password-KeyringHelper' AND f.mode='6755')
|
2022-09-21 14:30:17 +00:00
|
|
|
AND NOT (f.path = '/usr/bin/fusermount3' AND f.mode='4755')
|
|
|
|
|
AND NOT (f.path LIKE '/usr/libexec/cups/backend/%' AND f.mode='0700')
|
