fpr: sddm-helper, smartd, Xorg, elastic, WebEx, BambuStudio, keepass, etc
This commit is contained in:
Thomas Stromberg
parent
bf9c1e007f
commit
00a9f6450b
2
Makefile
2
Makefile
|
|
@ -34,7 +34,7 @@ reformat:
|
|||
|
||||
.PHONY: reformat-updates
|
||||
reformat-updates:
|
||||
git status -s | awk '{ print $$2 }' | grep ".sql" | perl -ne 'chomp; system("cp $$_ /tmp/fix.sql && npx sql-formatter -l sqlite /tmp/fix.sql > $$_");'
|
||||
git status -s | awk '{ print $$2 }' | grep ".sql" | perl -ne 'chomp; print("$$_\n"); system("cp $$_ /tmp/fix.sql && npx sql-formatter -l sqlite /tmp/fix.sql > $$_");'
|
||||
|
||||
.PHONY: detect
|
||||
detect: ./out/osqtool-$(ARCH)-$(OSQTOOL_VERSION)
|
||||
|
|
|
|||
|
|
@ -57,6 +57,8 @@ WHERE
|
|||
AND s.remote_address NOT LIKE 'fc00:%'
|
||||
AND p.path != ''
|
||||
AND NOT exception_key IN (
|
||||
'0,.tailscaled-wrapped,0u,0g,.tailscaled-wra',
|
||||
'0,agentbeat,0u,0g,agentbeat',
|
||||
'0,apk,u,g,apk',
|
||||
'0,applydeltarpm,0u,0g,applydeltarpm',
|
||||
'0,bash,0u,0g,bash',
|
||||
|
|
@ -69,6 +71,7 @@ WHERE
|
|||
'0,dirmngr,0u,0g,dirmngr',
|
||||
'0,dockerd,0u,0g,dockerd',
|
||||
'0,elastic-agent,0u,0g,elastic-agent',
|
||||
'0,elastic-agent,u,g,elastic-agent',
|
||||
'0,elastic-endpoint,0u,0g,elastic-endpoin',
|
||||
'0,filebeat,0u,0g,filebeat',
|
||||
'0,flatpak-system-helper,0u,0g,flatpak-system-',
|
||||
|
|
@ -91,25 +94,14 @@ WHERE
|
|||
'0,packagekitd,0u,0g,packagekitd',
|
||||
'0,packetbeat,0u,0g,packetbeat',
|
||||
'0,pacman,0u,0g,pacman',
|
||||
'0,python3.10,0u,0g,dnf',
|
||||
'0,python3.10,0u,0g,dnf-automatic',
|
||||
'0,python3.10,0u,0g,yum',
|
||||
'0,python3.11,0u,0g,dnf',
|
||||
'0,python3.11,0u,0g,dnf-automatic',
|
||||
'0,python3.11,0u,0g,yum',
|
||||
'0,python3.12,0u,0g,dnf',
|
||||
'0,python3.12,0u,0g,dnf-automatic',
|
||||
'0,python3.12,0u,0g,yum',
|
||||
'0,rapid7_endpoint_broker,0u,0g,rapid7_endpoint',
|
||||
'0,rpi-imager,0u,0g,rpi-imager',
|
||||
'0,snapd,0u,0g,snapd',
|
||||
'0,systemctl,0u,0g,systemctl',
|
||||
'0,tailscaled,0u,0g,tailscaled',
|
||||
'0,tailscaled,500u,500g,tailscaled',
|
||||
'0,.tailscaled-wrapped,0u,0g,.tailscaled-wra',
|
||||
'0,velociraptor,0u,0g,velociraptor_cl',
|
||||
'0,yay,0u,0g,yay',
|
||||
'500,python3.11,u,g,pip',
|
||||
'105,http,0u,0g,https',
|
||||
'106,geoclue,0u,0g,geoclue',
|
||||
'115,geoclue,0u,0g,geoclue',
|
||||
|
|
@ -117,21 +109,33 @@ WHERE
|
|||
'128,fwupdmgr,0u,0g,fwupdmgr',
|
||||
'129,fwupdmgr,0u,0g,fwupdmgr',
|
||||
'42,http,0u,0g,https',
|
||||
'500,podman,0u,0g,podman',
|
||||
'500,1password,0u,0g,1password',
|
||||
'500,Brackets,0u,0g,Brackets',
|
||||
'500,Discord,0u,0g,Discord',
|
||||
'500,Discord,u,g,Discord',
|
||||
'500,Docker Desktop,0u,0g,Docker Desktop',
|
||||
'500,Keybase,0u,0g,Keybase',
|
||||
'500,Logseq,u,g,Logseq',
|
||||
'500,Melvor Idle,500u,500g,exe',
|
||||
'500,TJPP8_Vulkan,500u,500g,TJPP8_Vulkan',
|
||||
'500,WPILibInstaller,500u,500g,WPILibInstaller',
|
||||
'500,WebKitNetworkProcess,0u,0g,WebKitNetworkPr',
|
||||
'500,___go_build_main_go,500u,500g,___go_build_mai',
|
||||
'500,abrt-action-generate-core-backtrace,0u,0g,abrt-action-gen',
|
||||
'500,accountwizard,u,g,accountwizard',
|
||||
'500,act,0u,0g,act',
|
||||
'500,apk,500u,500g,apk',
|
||||
'500,apk,u,g,apk',
|
||||
'500,apko,500u,500g,apko',
|
||||
'500,apko,u,g,apko',
|
||||
'500,apk,u,g,apk',
|
||||
'500,armcord,u,g,armcord',
|
||||
'500,aws,0u,0g,aws',
|
||||
'500,aws,500u,500g,aws',
|
||||
'500,bash,0u,0g,bash',
|
||||
'500,beeper,u,g,beeper',
|
||||
'500,bitwarden,u,g,bitwarden',
|
||||
'500,bom,500u,500g,bom',
|
||||
'500,bom-linux-amd64,500u,500g,bom-linux-amd64',
|
||||
'500,Brackets,0u,0g,Brackets',
|
||||
'500,brave,0u,0g,brave',
|
||||
'500,buildkitd,500u,500g,buildkitd',
|
||||
'500,buildkite-agent,500u,500g,buildkite-agent',
|
||||
|
|
@ -144,13 +148,14 @@ WHERE
|
|||
'500,chainctl,500u,500g,chainctl',
|
||||
'500,chainctl,500u,500g,docker-credenti',
|
||||
'500,chrome,0u,0g,chrome',
|
||||
'500,chrome_crashpad_handler,0u,0g,chrome_crashpad',
|
||||
'500,chrome,u,g,chrome',
|
||||
'500,chrome_crashpad_handler,0u,0g,chrome_crashpad',
|
||||
'500,cilium,500u,123g,cilium',
|
||||
'500,cloud_sql_proxy,0u,0g,cloud_sql_proxy',
|
||||
'500,code,0u,0g,code',
|
||||
'500,code,500u,500g,code',
|
||||
'500,code,u,g,code',
|
||||
'500,code-oss,u,g,code-oss',
|
||||
'500,com.docker.backend,0u,0g,com.docker.back',
|
||||
'500,com.docker.extensions,0u,0g,com.docker.exte',
|
||||
'500,containerd,u,g,containerd',
|
||||
|
|
@ -162,20 +167,19 @@ WHERE
|
|||
'500,crane,500u,500g,crane',
|
||||
'500,curl,0u,0g,curl',
|
||||
'500,deno,500u,500g,deno',
|
||||
'500,Discord,0u,0g,Discord',
|
||||
'500,Discord,u,g,Discord',
|
||||
'500,docker,0u,0g,docker',
|
||||
'500,docker-buildx,0u,0g,docker-buildx',
|
||||
'500,Docker Desktop,0u,0g,Docker Desktop',
|
||||
'500,drkonqi,0u,0g,drkonqi',
|
||||
'500,eksctl,0u,0g,eksctl',
|
||||
'500,eksctl,500u,500g,eksctl',
|
||||
'500,electron,0u,0g,electron',
|
||||
'500,evolution-addressbook-factory,0u,0g,evolution-addre',
|
||||
'500,evolution-calendar-factory,0u,0g,evolution-calen',
|
||||
'500,evolution-source-registry,0u,0g,evolution-sourc',
|
||||
'500,firefox,0u,0g,firefox',
|
||||
'500,extension-manager,0u,0g,extension-manag',
|
||||
'500,firefox,0u,0g,.firefox-wrappe',
|
||||
'500,firefox,0u,0g,Socket Process',
|
||||
'500,firefox,0u,0g,firefox',
|
||||
'500,firefox-bin,500u,500g,firefox-bin',
|
||||
'500,firefox-bin,u,g,firefox-bin',
|
||||
'500,flameshot,0u,0g,flameshot',
|
||||
|
|
@ -186,14 +190,15 @@ WHERE
|
|||
'500,gcsfuse,500u,500g,gcsfuse',
|
||||
'500,gdb,0u,0g,gdb',
|
||||
'500,geoclue,0u,0g,geoclue',
|
||||
'500,gh-dash,500u,500g,gh-dash',
|
||||
'500,gh,0u,0g,gh',
|
||||
'500,gh-dash,500u,500g,gh-dash',
|
||||
'500,git,0u,0g,git',
|
||||
'500,git-remote-http,0u,0g,git-remote-http',
|
||||
'500,git-remote-http,u,g,git-remote-http',
|
||||
'500,gitsign,0u,0g,gitsign',
|
||||
'500,gitsign,500u,0g,gitsign',
|
||||
'500,gitsign,500u,500g,gitsign',
|
||||
'500,gitsign,u,g,gitsign',
|
||||
'500,gitsign-credential-cache,500u,500g,gitsign-credent',
|
||||
'500,gjs-console,0u,0g,org.gnome.Maps',
|
||||
'500,gnome-recipes,0u,0g,gnome-recipes',
|
||||
|
|
@ -201,10 +206,9 @@ WHERE
|
|||
'500,gnome-software,0u,0g,gnome-software',
|
||||
'500,go,0u,0g,go',
|
||||
'500,go,500u,500g,go',
|
||||
'500,goa-daemon,0u,0g,goa-daemon',
|
||||
'500,___go_build_main_go,500u,500g,___go_build_mai',
|
||||
'500,gobuster,500u,500g,gobuster',
|
||||
'500,go,u,g,go',
|
||||
'500,goa-daemon,0u,0g,goa-daemon',
|
||||
'500,gobuster,500u,500g,gobuster',
|
||||
'500,grafana,u,g,grafana',
|
||||
'500,grype,0u,0g,grype',
|
||||
'500,grype,500u,500g,grype',
|
||||
|
|
@ -224,7 +228,6 @@ WHERE
|
|||
'500,k6,500u,500g,k6',
|
||||
'500,kbfsfuse,0u,0g,kbfsfuse',
|
||||
'500,keybase,0u,0g,keybase',
|
||||
'500,Keybase,0u,0g,Keybase',
|
||||
'500,kioslave5,0u,0g,kioslave5',
|
||||
'500,ko,500u,500g,ko',
|
||||
'500,ko,u,g,ko',
|
||||
|
|
@ -236,49 +239,42 @@ WHERE
|
|||
'500,less,0u,0g,less',
|
||||
'500,license-detector,500u,500g,license-detecto',
|
||||
'500,limactl,0u,0g,limactl',
|
||||
'500,Logseq,u,g,Logseq',
|
||||
'500,losslesscut,500u,500g,losslesscut',
|
||||
'500,mconvert,500u,500g,mconvert',
|
||||
'500,mediawriter,u,g,mediawriter',
|
||||
'500,melange,500u,500g,melange',
|
||||
'500,melange,u,g,melange',
|
||||
'500,Melvor Idle,500u,500g,exe',
|
||||
'500,minikube,0u,0g,minikube',
|
||||
'500,nami,500u,500g,nami',
|
||||
'500,nautilus,0u,0g,nautilus',
|
||||
'500,nerdctl,500u,500g,nerdctl',
|
||||
'500,nix,0u,0g,nix',
|
||||
'500,node,0u,0g,node',
|
||||
'500,node,0u,0g,.node2nix-wrapp',
|
||||
'500,node,0u,0g,node',
|
||||
'500,node,0u,0g,npm install',
|
||||
'500,node,500u,500g,npm run start',
|
||||
'500,node,u,g,node',
|
||||
'500,nuclei,500u,500g,nuclei',
|
||||
'500,obs,0u,0g,obs',
|
||||
'500,obs,u,g,obs',
|
||||
'500,obs-browser-page,0u,0g,obs-browser-pag',
|
||||
'500,obs-ffmpeg-mux,0u,0g,obs-ffmpeg-mux',
|
||||
'500,obs-ffmpeg-mux,u,g,obs-ffmpeg-mux',
|
||||
'500,obsidian,0u,0g,obsidian',
|
||||
'500,nami,500u,500g,nami',
|
||||
'500,obsidian,u,g,obsidian',
|
||||
'500,gitsign,u,g,gitsign',
|
||||
'500,code-oss,u,g,code-oss',
|
||||
'500,plasma-discover,0u,0g,plasma-discover',
|
||||
'500,bitwarden,u,g,bitwarden',
|
||||
'500,extension-manager,0u,0g,extension-manag',
|
||||
'500,accountwizard,u,g,accountwizard',
|
||||
'500,drkonqi,0u,0g,drkonqi',
|
||||
'500,thunderbird-bin,u,g,thunderbird-bin',
|
||||
'500,obs,u,g,obs',
|
||||
'500,extension-manager,0u,0g,extension-manag',
|
||||
'500,op,0u,500g,op',
|
||||
'500,packer-plugin-proxmox_v1.1.2_x5.0_linux_amd64,500u,500g,packer-plugin-p',
|
||||
'500,pacman,0u,0g,pacman',
|
||||
'500,php,0u,0g,php',
|
||||
'500,php8.1,0u,0g,php',
|
||||
'500,pingsender,0u,0g,pingsender',
|
||||
'500,plasma-discover,0u,0g,plasma-discover',
|
||||
'500,podman,0u,0g,podman',
|
||||
'500,promoter,500u,500g,promoter',
|
||||
'500,publish-release,500u,500g,publish-release',
|
||||
'500,python.test,500u,500g,python.test',
|
||||
'500,python3,0u,0g,python3',
|
||||
'500,python3,500u,500g,python3',
|
||||
'500,python3.10,0u,0g,aws',
|
||||
'500,python3.10,0u,0g,python',
|
||||
'500,python3.10,0u,0g,python3',
|
||||
|
|
@ -287,9 +283,8 @@ WHERE
|
|||
'500,python3.11,0u,0g,gnome-abrt',
|
||||
'500,python3.11,0u,0g,protonvpn',
|
||||
'500,python3.11,0u,0g,prowler',
|
||||
'500,python3.11,u,g,pip',
|
||||
'500,python3.12,0u,0g,dnf',
|
||||
'500,python3,500u,500g,python3',
|
||||
'500,python.test,500u,500g,python.test',
|
||||
'500,qemu-system-x86_64,0u,0g,qemu-system-x86',
|
||||
'500,reporter-ureport,0u,0g,reporter-urepor',
|
||||
'500,rpi-imager,0u,0g,rpi-imager',
|
||||
|
|
@ -313,7 +308,6 @@ WHERE
|
|||
'500,steamwebhelper,500u,500g,steamwebhelper',
|
||||
'500,step,500u,500g,step',
|
||||
'500,step-cli,0u,0g,step',
|
||||
'500,armcord,u,g,armcord',
|
||||
'500,stern,500u,500g,stern',
|
||||
'500,syncthing,0u,0g,syncthing',
|
||||
'500,syncthing,u,g,syncthing',
|
||||
|
|
@ -324,29 +318,30 @@ WHERE
|
|||
'500,terraform-ls,500u,500g,terraform-ls',
|
||||
'500,thunderbird,0u,0g,thunderbird',
|
||||
'500,thunderbird,u,g,thunderbird',
|
||||
'500,thunderbird-bin,u,g,thunderbird-bin',
|
||||
'500,tilt,500u,500g,tilt',
|
||||
'500,TJPP8_Vulkan,500u,500g,TJPP8_Vulkan',
|
||||
'500,todoist,0u,0g,todoist',
|
||||
'500,trivy,0u,0g,trivy',
|
||||
'500,trivy,500u,500g,trivy',
|
||||
'500,ubuntu-report,0u,0g,ubuntu-report',
|
||||
'500,WebKitNetworkProcess,0u,0g,WebKitNetworkPr',
|
||||
'500,wget,0u,0g,wget',
|
||||
'500,wine64-preloader,500u,500g,DaveTheDiver.ex',
|
||||
'500,wine64-preloader,500u,500g,Root.exe',
|
||||
'500,wolfictl,500u,500g,wolfictl',
|
||||
'500,WPILibInstaller,500u,500g,WPILibInstaller',
|
||||
'500,xmobar,0u,0g,xmobar',
|
||||
'500,yay,0u,0g,yay',
|
||||
'500,zdup,500u,500g,zdup',
|
||||
'500,zoom,0u,0g,zoom',
|
||||
'500,zoom.real,u,g,zoom.real'
|
||||
) -- Exceptions where we have to be more flexible for the process name
|
||||
AND NOT exception_key LIKE '0,python3.%,0u,0g,dnf'
|
||||
AND NOT exception_key LIKE '0,python3.%,0u,0g,dnf-automatic'
|
||||
AND NOT exception_key LIKE '0,python3.%,0u,0g,yum'
|
||||
AND NOT exception_key LIKE '500,cosign-%,500u,500g,cosign-%'
|
||||
AND NOT exception_key LIKE '500,node,0u,0g,npm exec %'
|
||||
AND NOT exception_key LIKE '500,node,0u,0g,npm install %'
|
||||
AND NOT exception_key LIKE '500,python3.%,0u,0g,pip'
|
||||
AND NOT exception_key LIKE '500,python3%,u,g,pip'
|
||||
AND NOT exception_key LIKE '500,cosign-%,500u,500g,cosign-%'
|
||||
AND NOT exception_key LIKE '500,python3.%,0u,0g,pip'
|
||||
AND NOT exception_key LIKE '500,terraform-provider-%,500u,500g,terraform-provi'
|
||||
AND NOT (
|
||||
exception_key LIKE '500,python3%,0u,0g,python%'
|
||||
|
|
|
|||
|
|
@ -204,6 +204,7 @@ WHERE
|
|||
'Developer ID Application: Canonical Group Limited (X4QN7LTP59)',
|
||||
'Developer ID Application: Corsair Memory, Inc. (Y93VXCB8Q5)',
|
||||
'Developer ID Application: Denver Technologies, Inc (2BBY89MBSN)',
|
||||
'Developer ID Application: TechSmith Corporation (7TQL462TU8)',
|
||||
'Developer ID Application: Ecamm Network, LLC (5EJH68M642)',
|
||||
'Developer ID Application: Elasticsearch, Inc (2BT3HPN62Z)',
|
||||
'Developer ID Application: Farhan Ahmed (4RZN52RN5P)',
|
||||
|
|
|
|||
|
|
@ -108,6 +108,7 @@ WHERE
|
|||
'80,6,0,python3.11,0u,0g,dnf-automatic',
|
||||
'80,6,0,python3.11,0u,0g,yum',
|
||||
'80,6,0,python3.12,0u,0g,yum',
|
||||
'80,6,500,firefox-bin,0u,0g,firefox-bin',
|
||||
'80,6,0,python3.9,u,g,yum',
|
||||
'80,6,0,sort,0u,0g,sort',
|
||||
'80,6,0,systemd-hwdb,0u,0g,systemd-hwdb',
|
||||
|
|
|
|||
|
|
@ -5,7 +5,8 @@
|
|||
--
|
||||
-- tags: transient state net often
|
||||
-- platform: macos
|
||||
SELECT pos.protocol,
|
||||
SELECT
|
||||
pos.protocol,
|
||||
pos.local_port,
|
||||
pos.remote_port,
|
||||
pos.remote_address,
|
||||
|
|
@ -66,7 +67,8 @@ SELECT pos.protocol,
|
|||
p2.path AS p2_path,
|
||||
p2.cmdline AS p2_cmd,
|
||||
p2_hash.sha256 AS p2_sha256
|
||||
FROM process_open_sockets pos
|
||||
FROM
|
||||
process_open_sockets pos
|
||||
LEFT JOIN processes p0 ON pos.pid = p0.pid
|
||||
LEFT JOIN hash p0_hash ON p0.path = p0_hash.path
|
||||
LEFT JOIN processes p1 ON p0.parent = p1.pid
|
||||
|
|
@ -75,7 +77,8 @@ FROM process_open_sockets pos
|
|||
LEFT JOIN hash p2_hash ON p2.path = p2_hash.path
|
||||
LEFT JOIN file f ON p0.path = f.path
|
||||
LEFT JOIN signature s ON p0.path = s.path
|
||||
WHERE pos.protocol > 0
|
||||
WHERE
|
||||
pos.protocol > 0
|
||||
AND NOT (
|
||||
pos.remote_port IN (53, 443)
|
||||
AND pos.protocol IN (6, 17)
|
||||
|
|
@ -204,6 +207,7 @@ WHERE pos.protocol > 0
|
|||
'500,6,22,ssh,ssh,0u,500g',
|
||||
'500,6,5432,psql,psql,500u,80g',
|
||||
'500,6,22,ssh,ssh,500u,0g',
|
||||
'500,17,123,limactl,limactl,500u,80g',
|
||||
'500,17,123,gvproxy,gvproxy,500u,80g',
|
||||
'500,6,80,qemu-system-x86_64,qemu-system-x86_64,500u,80g',
|
||||
'500,6,22,ssh,ssh,500u,20g',
|
||||
|
|
@ -300,4 +304,5 @@ WHERE pos.protocol > 0
|
|||
'Developer ID Application: Zwift, Inc (C2GM8Y9VFM),ZwiftAppSilicon'
|
||||
)
|
||||
)
|
||||
GROUP BY p0.cmdline
|
||||
GROUP BY
|
||||
p0.cmdline
|
||||
|
|
|
|||
|
|
@ -61,13 +61,13 @@ WHERE
|
|||
'/usr/bin/apt',
|
||||
'/usr/bin/aptd',
|
||||
'/usr/bin/bash',
|
||||
'/usr/bin/gnome-disks',
|
||||
'/usr/bin/bwrap',
|
||||
'/usr/bin/curl',
|
||||
'/usr/bin/darktable',
|
||||
'/usr/bin/dockerd',
|
||||
'/usr/bin/fish',
|
||||
'/usr/bin/git',
|
||||
'/usr/bin/gnome-disks',
|
||||
'/usr/bin/gnome-shell',
|
||||
'/usr/bin/gnome-software',
|
||||
'/usr/bin/gnome-text-editor',
|
||||
|
|
@ -127,7 +127,6 @@ WHERE
|
|||
AND p0.cmdline = '/usr/bin/python3 /usr/sbin/aptd'
|
||||
)
|
||||
AND NOT p0.name IN (
|
||||
'Cisco WebEx Start',
|
||||
'GoogleUpdater',
|
||||
'Install',
|
||||
'baloo_file_extr',
|
||||
|
|
@ -149,6 +148,7 @@ WHERE
|
|||
'firefox',
|
||||
'flatpak-session',
|
||||
'fsdaemon',
|
||||
'git',
|
||||
'go',
|
||||
'goland',
|
||||
'golangci-lint-v',
|
||||
|
|
|
|||
|
|
@ -79,5 +79,6 @@ WHERE
|
|||
'Developer ID Application: Docker Inc (9BNSXJN65R)',
|
||||
'Developer ID Application: Rapid7 LLC (UL6CGN7MAL)'
|
||||
)
|
||||
AND NOT p0.path LIKE '/opt/homebrew/Cellar/kubernetes-cli/%/bin/kubectl'
|
||||
GROUP BY
|
||||
p0.pid
|
||||
|
|
|
|||
|
|
@ -151,6 +151,7 @@ WHERE
|
|||
OR top_dir IN ('~/Sync')
|
||||
OR dir LIKE '/Library/Apple/System/Library/InstallerSandboxes/.PKInstallSandboxManager-SystemSoftware/%'
|
||||
OR dir LIKE '/opt/homebrew/%/.cache/%'
|
||||
OR dir LIKE '~/%enterprise-packages/.chainguard'
|
||||
OR dir LIKE '/private/tmp/%/.git'
|
||||
OR dir LIKE '/tmp/.mount_%'
|
||||
OR dir LIKE '/tmp/%/.git'
|
||||
|
|
|
|||
|
|
@ -250,3 +250,12 @@ WHERE
|
|||
AND file.type = "socket"
|
||||
AND file.mode = '0600'
|
||||
)
|
||||
-- still not sure what the hell this is
|
||||
AND NOT (
|
||||
file.path LIKE '/tmp/.%3D'
|
||||
AND file.size < 30000
|
||||
AND file.size > 20000
|
||||
AND file.mode = '0644'
|
||||
AND uid = 501
|
||||
AND gid = 0
|
||||
)
|
||||
|
|
|
|||
|
|
@ -100,6 +100,7 @@ WHERE
|
|||
'ThingsWidgetExtensionMacAppStore',
|
||||
'at.obdev.littlesnitch.endpointsecurity',
|
||||
'launchd_startx',
|
||||
'dynamiclinkmanager',
|
||||
'BetterTouchToolAppleScriptRunner',
|
||||
'BetterTouchToolShellScriptRunner',
|
||||
'TwitterNotificationServiceExtension',
|
||||
|
|
|
|||
|
|
@ -267,6 +267,7 @@ WHERE
|
|||
AND NOT p1.cmdline LIKE '%brew.rb%'
|
||||
AND NOT p1.cmdline LIKE '%/Homebrew/build.rb%'
|
||||
AND NOT p1.cmdline LIKE '%Code Helper%'
|
||||
AND NOT p1.cmdline LIKE '%Code - Insiders Helper%'
|
||||
AND NOT p1.cmdline LIKE '%gcloud.py config config-helper%'
|
||||
AND NOT p1.cmdline LIKE '/usr/lib/electron19/electron /usr/lib/code/out/bootstrap-fork --type=ptyHost --logsPath /home/%/.config/Code - OSS/logs/%'
|
||||
AND NOT p1.name LIKE '%term%'
|
||||
|
|
|
|||
|
|
@ -74,76 +74,54 @@ WHERE
|
|||
)
|
||||
)
|
||||
AND NOT exception_key IN (
|
||||
"true,Daniel Kladnik @ kiboke studio,I don't care about cookies,fihnjjcciajhdojfnbdddfaoknhalnja",
|
||||
"true,Gareth Stephenson,My O'Reilly Downloader,deebiaolijlopiocielojiipnpnaldlk",
|
||||
'false,,Grammarly: AI Writing and Grammar Checker App,cnlefmmeadmemmdciolhbnfeacpdfbkd',
|
||||
'false,privacybadger-owner@eff.org,Privacy Badger,mkejgcgkdlddbggjhhflekkondicpnop',
|
||||
'true,,Acorns Earn,facncfnojagdpibmijfjdmhkklabakgd',
|
||||
'true,Adaware,Safe Torrent Scanner,aegnopegbbhjeeiganiajffnalhlkkjb',
|
||||
'true,Adblock for Chrome Team,Adblock for Chrome™,onomjaelhagjjojbkcafidnepbfkpnee',
|
||||
'true,,Adblock for Youtube™,cmedhionkhpnakcndndgjdbohmhepckk',
|
||||
'true,Adblock, Inc.,AdBlock — best ad blocker,gighmmpiobklfepjocnamgkkbiglidom',
|
||||
'true,,Add to Amazon Wish List,ciagpekplgpbepdgggflgmahnjgiaced',
|
||||
'true,Adguard Software Ltd,AdGuard AdBlocker,bgnkhhnnamicmpeenaelnjfhikgbkllg',
|
||||
'true,,Adobe Acrobat: PDF edit, convert, sign tools,efaidnbmnnnibpcajpcglclefindmkaj',
|
||||
'true,AgileBits,1Password extension (desktop app required),aomjjhallfgjeglblehebfpbcfeobpgk',
|
||||
'true,AgileBits,1Password – Password Manager,aeblfdkhhhdcdjpifhhbdiojplfjncoa',
|
||||
'true,Alexander Shutau,Dark Reader,eimadpbcbfnmbkopoojfekhnkhdbieeh',
|
||||
'true,All uBlock contributors,uBlock - free ad blocker,epcnnfbjfcgphgdmggkamkmgojdagdnn',
|
||||
'true,,Application Launcher For Drive (by Google),lmjegmlicamnimmfhcmpkclmigmmcbeh',
|
||||
'true,,Apps Launcher for Chrome,hdmhnhkegdfpajaeijlfopfoallfdiak',
|
||||
'true,,Awesome ChatGPT Screenshot & Screen Recorder,nlipoenfbbikpbjkfpfillcgkoblgpmj',
|
||||
'true,,Awesome Screen Recorder & Screenshot,nlipoenfbbikpbjkfpfillcgkoblgpmj',
|
||||
'true,,axe DevTools - Web Accessibility Testing,lhdoppojpmngadmnindnejefpokejbdd',
|
||||
'true,,Bardeen - automate manual work,ihhkmalpkhkoedlmcnilbbhhbhnicjga',
|
||||
'true,,Bardeen - automate workflows with one click,ihhkmalpkhkoedlmcnilbbhhbhnicjga',
|
||||
'true,Benjamin Hollis,JSONView,gmegofmjomhknnokphhckolhcffdaihd',
|
||||
'true,BetaFish,AdBlock — best ad blocker,gighmmpiobklfepjocnamgkkbiglidom',
|
||||
'true,,Bionic Reading,kdfkejelgkdjgfoolngegkhkiecmlflj',
|
||||
'true,Bitwarden Inc.,Bitwarden - Free Password Manager,nngceckbapebfimnlniiiahkandclblb',
|
||||
'true,Bitwarden Inc.,Bitwarden Password Manager,nngceckbapebfimnlniiiahkandclblb',
|
||||
'true,,BlockSite: Block Websites & Stay Focused,eiimnmioipafcokbfikbljfdeojpcgbh',
|
||||
'true,,Boomerang for Gmail,mdanidgdpmkimeiiojknlnekblgmpdll',
|
||||
'true,,Browsec VPN - Free VPN for Chrome,omghfjlpggmjjaagoclmmobgdodcjboh',
|
||||
'true,,BrowserStack Local,mfiddfehmfdojjfdpfngagldgaaafcfo',
|
||||
'true,CAD Team,Cookie AutoDelete,fhcgjolkccmbidfldomjliifgaodjagh',
|
||||
'true,,CSS Scan,gieabiemggnpnminflinemaickipbebg',
|
||||
'true,,Canvas Blocker - Fingerprint Protect,nomnklagbgmgghhjidfhnoelnjfndfpd',
|
||||
'true,,Capital One Shopping: Add to Chrome for Free,nenlahapcbofgnanklpelkaejcehkggg',
|
||||
'true,,Capital One Shopping: Save Now,nenlahapcbofgnanklpelkaejcehkggg',
|
||||
'true,,Caret,fljalecfjciodhpcledpamjachpmelml',
|
||||
'true,,Chrome Capture - Gif & Screenshot tool,ggaabchcecdbomdcnbahdfddfikjmphe',
|
||||
'true,chromeos-recovery-tool-admin@google.com,Chromebook Recovery Utility,jndclpdbaamdhonoechobihbbiimdgai',
|
||||
'true,,Chrome RDP for Google Cloud Platform,mpbbnannobiobpnfblimoapbephgifkm',
|
||||
'true,,Chrome Remote Desktop,inomeogfingihgjfjlpeplalcfajhgai',
|
||||
'true,,Chrome Web Store Payments,nmmhkkegccagdldgiimedpiccmgmieda',
|
||||
'true,,Cisco Umbrella Chromebook client (Ext),jcdhmojfecjfmbdpchihbeilohgnbdci',
|
||||
'true,,Cisco Webex Extension,jlhmfgmfgeifomenelglieieghnjghma',
|
||||
'true,,Clear Cache,cppjkneekbjaeellbfkmgnhonkkjfpdn',
|
||||
'true,,Clear cookies for one site,kajgpmmnnohnlajonknigghinhjmmehc',
|
||||
'true,,ClickUp: Tasks, Screenshots, Email, Time,pliibjocnfmkagafnbkfcimonlnlpghj',
|
||||
'true,,Clipboard History,cioiijhfebhhkmnijjjgbhkjjdlphjid',
|
||||
'true,,Clockify Time Tracker,pmjeegjhjdlccodhacdgbgfagbpmccpe',
|
||||
'true,Clockwise Inc.,Clockwise: AI Calendar & Scheduling Assistant,hjcneejoopafkkibfbcaeoldpjjiamog',
|
||||
'true,Clockwise Inc.,Clockwise: Team Time & Calendar Management,hjcneejoopafkkibfbcaeoldpjjiamog',
|
||||
'true,,Cloud9,nbdmccoknlfggadpfkmcpnamfnbkmkcp',
|
||||
'true,,Cloud Vision,nblmokgbialjjgfhfofbgfcghhbkejac',
|
||||
'true,,coLaboratory Notebook,pianggobfjcgeihlmfhfgkfalopndooo',
|
||||
'true,,Cloud9,nbdmccoknlfggadpfkmcpnamfnbkmkcp',
|
||||
'true,,ColorPick Eyedropper,ohcpnigalekghcmgcdcenkpelffpdolg',
|
||||
'true,,ColorZilla,bhlhnicpbhignbdhedgjhgdocnmhomnp',
|
||||
'true,compose.ai,Compose AI: AI-powered Writing Tool,ddlbpiadoechcolndfeaonajmngmhblj',
|
||||
'true,Contacts+,Contacts+ for Gmail,cnaibnehbbinoohhjafknihmlopdhhip',
|
||||
'true,CookieBlock Team,CookieBlock,fbhiolckidkciamgcobkokpelckgnnol',
|
||||
'true,,Cookie Tab Viewer,fdlghnedhhdgjjfgdpgpaaiddipafhgk',
|
||||
'true,,Copper CRM for Gmail,hpfmedbkgaakgagknibnonpkimkibkla',
|
||||
'true,,Copper CRM for Gmail™,hpfmedbkgaakgagknibnonpkimkibkla',
|
||||
'true,,Copy Me That,lgjinjcobiflbbnhenlfkcjpeeacklfl',
|
||||
'true,,Coupert - Automatic Coupon Finder & Cashback,mfidniedemcgceagapgdekdbmanojomk',
|
||||
'true,,crouton integration,gcpneefbbnfalgjniomfjknbcgkbijom',
|
||||
'true,Crowdcast, Inc.,Crowdcast Screensharing,kgmadhplahebfoiijgloflhakfjlkbpb',
|
||||
'true,,Crunchbase - B2B Company & Contact Info,mdfjplgeknamfodpoghbmhhlcjoacnbp',
|
||||
'true,,CSS Scan,gieabiemggnpnminflinemaickipbebg',
|
||||
"true,Daniel Kladnik @ kiboke studio,I don't care about cookies,fihnjjcciajhdojfnbdddfaoknhalnja",
|
||||
'true,,DEPRECATED Secure Shell App,pnhechapfaindjhompbnflcldabbghjo',
|
||||
'true,,Datanyze Chrome Extension,mlholfadgbpidekmhdibonbjhdmpmafd',
|
||||
'true,,DealFinder by VoucherCodes,jhgicjdnnonfaedodemjjinbgcoeiajo',
|
||||
'true,,DEPRECATED Secure Shell App,pnhechapfaindjhompbnflcldabbghjo',
|
||||
'true,,[DEPRECATED] Tag Assistant Legacy,kejbdjndbnbjgmefkgdddjlbokphdefk',
|
||||
'true,,Disconnect,jeoacafpbcihiomhlakheieifhpjdfeo',
|
||||
'true,,Distill Web Monitor,inlikjemeeknofckkjolnjbpehgadgge',
|
||||
'true,,DuckDuckGo Privacy Essentials,bkdgflcldnnnapblkhphbgpggdiikppg',
|
||||
|
|
@ -154,140 +132,108 @@ WHERE
|
|||
'true,,Eno® from Capital One®,clmkdohmabikagpnhjmgacbclihgmdje',
|
||||
'true,,Espruino Web IDE,bleoifhkdalbjfbobjackfdifdneehpo',
|
||||
'true,,Event Merge for Google Calendar™,idehaflielbgpaokehlhidbjlehlfcep',
|
||||
'true,Evernote,Evernote Web Clipper,pioclpoplcdbaefihamjohnefbikjilc',
|
||||
'true,ExpressVPN,ExpressVPN: VPN proxy for a better internet,fgddmllnllkalaagkghckoinaemmogpe',
|
||||
'true,,Extensity,jjmflmamggggndanpgfnpelongoepncg',
|
||||
'true,eyeo GmbH,Adblock Plus - free ad blocker,cfhdojbkjhnklbpkdaibdccddilifddb',
|
||||
'true,,Facebook Pixel Helper,fdgfkebogiimcoedlicjlajpkdmockpc',
|
||||
'true,,Fake Filler,bnjjngeaknajbdcgpfkgnonkmififhfo',
|
||||
'true,,Fakespot Fake Amazon Reviews and eBay Sellers,nakplnnackehceedgkgkokbgbmfghain',
|
||||
'true,Federico Brigante,GitHub Issue Link Status,nbiddhncecgemgccalnoanpnenalmkic',
|
||||
'true,,feedly,hipbfijinpcgfogaopmgehiegacbhmob',
|
||||
'true,,FoxyProxy Basic,dookpfaalaaappcdneeahomimbllocnb',
|
||||
'true,François Duprat,Mobile simulator - responsive testing tool,ckejmhbmlajgoklhgbapkiccekfoccmk',
|
||||
'true,,Free Maps Ruler,ejpahoknghmacibohhgleeacndkglgmo',
|
||||
"true,Gareth Stephenson,My O'Reilly Downloader,deebiaolijlopiocielojiipnpnaldlk",
|
||||
'true,Ghostery,Ghostery – Privacy Ad Blocker,mlomiejdfkolichcflejclcbmpeaniij',
|
||||
'true,Ghostery,Ghostery Tracker & Ad Blocker - Privacy AdBlock,mlomiejdfkolichcflejclcbmpeaniij',
|
||||
'true,Ghostery,Ghostery Tracker Ad Blocker - Privacy AdBlock,mlomiejdfkolichcflejclcbmpeaniij',
|
||||
'true,,GHunt Companion,dpdcofblfbmmnikcbmmiakkclocadjab',
|
||||
'true,,Github Absolute Dates,iepecohjelcmdnahbddleblfphbaheno',
|
||||
'true,,GSConnect,jfnifeihccihocjbfcfhicmmgpjicaec',
|
||||
'true,,GitHub Red Alert,kmiekjkmkbhbnlempjkaombjjcfhdnfe',
|
||||
'true,,Github Absolute Dates,iepecohjelcmdnahbddleblfphbaheno',
|
||||
'true,,Gmail™ Email Templates by cloudHQ,llccdnmbipddnkhmldacpcjjcnljpoij',
|
||||
'true,,Go Links,gojgbkejhelijlkgpmlbbkklljgmfljj',
|
||||
'true,,GoLinks,mdkgfdijbhbcbajcdlebbodoppgnmhab',
|
||||
'true,,GoToMeeting for Google Calendar,gaonpiemcjiihedemhopdoefaohcjoch',
|
||||
'true,,GoToTraining Screensharing,copcmbdalilphnaiajfmonkegedhkndd',
|
||||
'true,,Google Analytics Parameter Stripper,jbgedkkfkohoehhkknnmlodlobbhafge',
|
||||
'true,,Google Docs Offline,ghbmnnjooekpmoecnnnilnnbdlolhkhi',
|
||||
'true,,Google Drive,apdfllckaahabafndbhieahigkjlhalf',
|
||||
'true,,Google Hangouts,nckgahadagoaajjgafhacjanaoiihapd',
|
||||
'true,,Google Keep Chrome Extension,lpcaedmchfhocbbapmcbpinfpgnhiddi',
|
||||
'true,,Google Keep - Notes and Lists,hmjkmjkepdijhoojdojkdfohbdgmmhki',
|
||||
'true,,Google Keep Chrome Extension,lpcaedmchfhocbbapmcbpinfpgnhiddi',
|
||||
'true,,Google Mail Checker,mihcahmgecmbnbcchbopgniflfhgnkff',
|
||||
'true,,Google Optimize,bhdplaindhdkiflmbfbciehdccfhegci',
|
||||
'true,,Google Play Books,mmimngoggfoobjdlefbcabngfnmieonb',
|
||||
'true,,Google Play Movies & TV,gdijeikdkaembjbdobgfkoidjkpbmlkd',
|
||||
'true,Gordon Pedsersen,MarkDownload - Markdown Web Clipper,pcmpcfapbekmbjjkdalcgopdkipoggdi',
|
||||
'true,,GoToMeeting for Google Calendar,gaonpiemcjiihedemhopdoefaohcjoch',
|
||||
'true,,GoToTraining Screensharing,copcmbdalilphnaiajfmonkegedhkndd',
|
||||
'true,,Grammarly: AI Writing and Grammar Checker App,kbfnbcaeplbcioakkpcpgfkobkghlhen',
|
||||
'true,,Grammarly: Grammar Checker and AI Writing App,kbfnbcaeplbcioakkpcpgfkobkghlhen',
|
||||
'true,,Grammarly: Grammar Checker and Writing App,kbfnbcaeplbcioakkpcpgfkobkghlhen',
|
||||
'true,,Gravit Designer,pdagghjnpkeagmlbilmjmclfhjeaapaa',
|
||||
'true,,Greenhouse Recruiting Chrome extension,naooopefdfeangnkgmjpklgblnfmbaea',
|
||||
'true,,GSConnect,jfnifeihccihocjbfcfhicmmgpjicaec',
|
||||
'true,Guilherme Nascimento,Prevent Duplicate Tabs,eednccpckdkpojaiemedoejdngappaag',
|
||||
'true,homerchen19,File Icons for GitHub and GitLab,ficfmibkjjnpogdcfhfokmihanoldbfe',
|
||||
'true,,HTTPS Everywhere,gcbommkclmclpchllfjekcdonpmejbdp',
|
||||
'true,,Hippo Video: Video and Screen Recorder,cijidiollmnkegoghpfobabpecdkeiah',
|
||||
'true,,Honey: Automatic Coupons & Cash Back,bmnlcjabgnpnenekpadlanbbkooimhnj',
|
||||
'true,,Honey: Automatic Coupons & Rewards,bmnlcjabgnpnenekpadlanbbkooimhnj',
|
||||
'true,,HTTPS Everywhere,gcbommkclmclpchllfjekcdonpmejbdp',
|
||||
'true,https://metamask.io,MetaMask,nkbihfbeogaeaoehlefnkodbefgpgknn',
|
||||
'true,,HubSpot Sales,oiiaigjnkhngdbnoookogelabohpglmd',
|
||||
'true,,Hundred Handshakes,cmlngncglcblbobiehdpjcgbpoemidho',
|
||||
'true,,IBA Opt-out (by Google),gbiekjoijknlhijdjbaadobpkdhmoebb',
|
||||
'true,,iCloud Bookmarks,fkepacicchenbjecpbpbclokcabebhah',
|
||||
'true,,Instapaper,ldjkgaaoikpmhmkelcgkgacicjfbofhh',
|
||||
'true,James Anderson,LeechBlock NG,blaaajhemilngeeffpbfkdjjoefldkok',
|
||||
'true,,Jamstash,jccdpflnecheidefpofmlblgebobbloc',
|
||||
'true,,Jitsi Meetings,kglhbbefdnlheedjiejgomgmfplipfeb',
|
||||
'true,,JSON Formatter,bcjindcccaagfpapjjmafapmmgkkhgoa',
|
||||
'true,,JSON Viewer Pro,eifflpmocdbdmepbjaopkkhbfmdgijcc',
|
||||
'true,,Jamstash,jccdpflnecheidefpofmlblgebobbloc',
|
||||
'true,,Jitsi Meetings,kglhbbefdnlheedjiejgomgmfplipfeb',
|
||||
'true,,Kagi Search for Chrome,cdglnehniifkbagbbombnjghhcihifij',
|
||||
'true,Kai Uwe Broulik <kde@privat.broulik.de>,Plasma Integration,cimiefiiaegbelhefglklhhakcgmhkai',
|
||||
'true,Kas Elvirov,GitHub Gloc,kaodcnpebhdbpaeeemkiobcokcnegdki',
|
||||
'true,Keepa GmbH,Keepa - Amazon Price Tracker,neebplgakaahbhdphmkckjjcegoiijjo',
|
||||
'true,LastPass,LastPass: Free Password Manager,hdokiejnpimakedhajhdlcegeplioahd',
|
||||
'true,Leadjet,Leadjet - Make your CRM work on LinkedIn,kojhcdejfimplnokhhhekhiapceggamn',
|
||||
'true,,Lever Hire Extension,dgbcohbjchndmjocioegkgdniaffcaia',
|
||||
'true,,Link to Text Fragment,pbcodcjpfjdpcineamnnmbkkmkdpajjg',
|
||||
'true,,Lolli: Earn Bitcoin When You Shop,fleenceagaplaefnklabikkmocalkcpo',
|
||||
'true,,Loom \xE2\x80\x93 Screen Recorder & Screen Capture,liecbddmkiiihnedobmlmillhodjkdmb',
|
||||
'true,,Loom – Free Screen Recorder & Screen Capture,liecbddmkiiihnedobmlmillhodjkdmb',
|
||||
'true,,Loom – Screen Recorder & Screen Capture,liecbddmkiiihnedobmlmillhodjkdmb',
|
||||
'true,,Lucidchart Diagrams,apboafhkiegglekeafbckfjldecefkhn',
|
||||
'true,,Mailvelope,kajibbejlbohfaggdiogboambcijhkke',
|
||||
'true,,Markdown Preview Plus,febilkbfcbhebfnokafefeacimjdckgl',
|
||||
'true,Marker.io,Marker.io: Visual bug reporting for websites,jofhoojcehdmaiibilpcoofpdbbddkkl',
|
||||
'true,,Media Hint,akipcefbjlmpbcejgdaopmmidpnjlhnb',
|
||||
'true,,Meta Pixel Helper,fdgfkebogiimcoedlicjlajpkdmockpc',
|
||||
'true,Microsoft Corporation,Microsoft 365,ndjpnladcallmjemlbaebfadecfhkepb',
|
||||
'true,Microsoft Corporation,Microsoft Autofill,fiedbfgcleddlbcmgdigjgdfcggjcion',
|
||||
'true,,Mettl Tests : Enable Screen Sharing,hkjemkcbndldepdbnbdnibeppofoooio',
|
||||
'true,,Microsoft Single Sign On,ppnbnpeolgkicgegkbkbjmhlideopiji',
|
||||
'true,Moustachauve,Cookie-Editor,hlkenndednhfkekhgcdicdfddnkalmdm',
|
||||
'true,NortonLifeLock Inc,Norton Safe Web,fnpbeacklnhmkkilekogeiekaglbmmka',
|
||||
'true,,NoScript,doojmbjmlfjjnbmnoijecmcbfeoakpjm',
|
||||
'true,,Notion Web Clipper,knheggckgoiihginacbkhaalnibhilkk',
|
||||
'true,,Office Editing for Docs, Sheets & Slides,gbkeegbaiigmenfmjfclcdgdpimamgkj',
|
||||
'true,,Office - Enable Copy and Paste,ifbmcpbgkhlpfcodhjhdbllhiaomkdej',
|
||||
'true,,Office Editing for Docs, Sheets & Slides,gbkeegbaiigmenfmjfclcdgdpimamgkj',
|
||||
'true,,Okta Browser Plugin,glnpjglilkicbckjpbgcfkogebgllemb',
|
||||
'true,,OneLogin for Google Chrome,ioalpmibngobedobkmbhgmadaphocjdn',
|
||||
'true,,OneTab,chphlpgkkbolifaimnlloiipkdnihall',
|
||||
'true,Opera,Cashback Assistant,ompjkhnkeoicimmaehlcmgmpghobbjoj',
|
||||
'true,Opera Norway AS,Opera AI Prompts,mljbnbeedpkgakdchcmfapkjhfcogaoc',
|
||||
'true,Opera Software AS,Rich Hints Agent,enegjkbbakeegngfapepobipndnebkdk',
|
||||
'true,,Outbrain Pixel Tracker,daebadnaphbiobojnpgcenlkgpihmbdc',
|
||||
'true,,Outreach Everywhere,chmpifjjfpeodjljjadlobceoiflhdid',
|
||||
'true,,Page Analytics (by Google),fnbdnhhicmebfgdgglcdacdapkcihcoh',
|
||||
'true,,Password Alert,noondiphcddnnabmjcihcjfbhfklnnep',
|
||||
'true,Pawel Psztyc,Advanced REST client,hgmloofddffdnphfgcellkdfbfbjeloo',
|
||||
'true,,PhantomBuster,mdlnjfcpdiaclglfbdkbleiamdafilil',
|
||||
'true,,Picture-in-Picture Extension (by Google),hkgfoiooedgoejojocmhlaklaeopbecg',
|
||||
'true,,Playback Rate,jgmkoefgnppfpagkhifpialkkkgnfgag',
|
||||
'true,,PlayTo for Chromecast™,jngkenaoceimiimeokpdbmejeonaaami',
|
||||
'true,,Playback Rate,jgmkoefgnppfpagkhifpialkkkgnfgag',
|
||||
'true,,Ponyrun,ohfoafaaamjfbhmceahibpppkbnohaeg',
|
||||
'true,,Postman,fhbjgbiflinjbdggehcddcbncdddomop',
|
||||
'true,,Privacy Badger,pkehgijcmpdhfbdbbnkijodmdjhbjlgp',
|
||||
'true,,Private Internet Access,jplnlifepflhkbkgonidnobkakhmpnmh',
|
||||
'true,Pushbullet,Pushbullet,chlffgpmiacpedhhbkiomidkjlcfhogd',
|
||||
'true,Quantier, LLC,Vim for Google Docs™,aphmodfjbhofkpibocbggkdfnpbpjmpp',
|
||||
'true,Quantier, LLC,Vim for Google Docs\xE2\x84\xA2,aphmodfjbhofkpibocbggkdfnpbpjmpp',
|
||||
'true,Quidco.com,Quidco Cashback Reminder,offafgdgnliocofjjiohlpjpenbogkbl',
|
||||
'true,,QuillBot for Chrome,iidnbdjijdkbmajdffnidomddglmieko',
|
||||
'true,Rakuten,Rakuten: Get Cash Back For Shopping,chhjbpecpncaggjpdakmflnfcopglcmi',
|
||||
'true,Raymond Hill & contributors,uBlock Origin,cjpalhdlnbpafiamejdnhcphjbkeiagm',
|
||||
'true,,RSS Feed Reader,pnjaodmkngahhkoihejjehlcdlnohgmp',
|
||||
'true,,RSS Subscription Extension (by Google),nlbjncdgjeocebhnmkbbbdekmmmcbfjd',
|
||||
'true,,React Developer Tools,fmkadmapgofadopljbjfkapdkoienihi',
|
||||
'true,,Reader Mode,llimhhconnjiflfimocjggfjdlmlhblm',
|
||||
'true,,Readwise Highlighter,jjhefcfhmnkfeepcpnilbbkaadhngkbi',
|
||||
'true,Reddit Enhancement Suite contributors,Reddit Enhancement Suite,kbmfpngjjgdllneeigpgjifpgocmfgmb',
|
||||
'true,,Redux DevTools,lmhkpmbekcpmknklioeibfkpmmfibljd',
|
||||
'true,,Refined GitHub,hlepfoohegkhhmjieoechaddaejaokhf',
|
||||
'true,,RetailMeNot Deal Finder™️,jjfblogammkiefalfpafidabbnamoknm',
|
||||
'true,,RSS Feed Reader,pnjaodmkngahhkoihejjehlcdlnohgmp',
|
||||
'true,,RSS Subscription Extension (by Google),nlbjncdgjeocebhnmkbbbdekmmmcbfjd',
|
||||
'true,,SABconnect++,okphadhbbjadcifjplhifajfacbkkbod',
|
||||
'true,,Salesforce,jjghhkepijgakdammjldcbnjehfkfmha',
|
||||
'true,,SalesLoft Connect,cffgjgigjfgjkfdopbobbdadaelbhepo',
|
||||
'true,,SSH for Google Cloud Platform,ojilllmhjhibplnppnamldakhpmdnibd',
|
||||
'true,,SalesLoft Connect - Legacy,cffgjgigjfgjkfdopbobbdadaelbhepo',
|
||||
'true,,SalesLoft Connect,cffgjgigjfgjkfdopbobbdadaelbhepo',
|
||||
'true,,Salesforce,jjghhkepijgakdammjldcbnjehfkfmha',
|
||||
'true,,Save to Google Drive,gmbmikajjgmnabiglmofipeabaddhgne',
|
||||
'true,,Save to Pinterest,gpdjojdkbbmdfjfahjcgigfpmkopogic',
|
||||
'true,,Save to Pocket,niloccemoadcdkdjlinkgdfekeahmflj',
|
||||
'true,,Scraper,poegfpiagjgnenagjphgdklmgcpjaofi',
|
||||
'true,,Screenshot Master: Full Page Capture,ggacghlcchiiejclfdajbpkbjfgjhfol',
|
||||
'true,,Screen Recorder,hniebljpgcogalllopnjokppmgbhaden',
|
||||
'true,,Screenshot & Screen Video Record by Screeny,djekgpcemgcnfkjldcclcpcjhemofcib',
|
||||
'true,,Screenshot Master: Full Page Capture,ggacghlcchiiejclfdajbpkbjfgjhfol',
|
||||
'true,,Scribe: AI Documentation, SOPs & Screenshots,okfkdaglfjjjfefdcppliegebpoegaii',
|
||||
'true,,Secure Shell,iodihamcpbpeioajjeobimgagajmlibd',
|
||||
'true,,Selenium IDE,mooikfkahbdckldjjndioackbalphokd',
|
||||
'true,,Send from Gmail (by Google),pgphcomnlaojlmmcjmiddhdapjpbgeoc',
|
||||
'true,,Sendspark Video and Screen Recorder,blimjkpadkhcpmkeboeknjcmiaogbkph',
|
||||
'true,,Send to Kindle for Google Chrome<6D><65><EFBFBD>,cgdjpilhipecahhcilnafpblkieebhea',
|
||||
'true,,Sendspark Video and Screen Recorder,blimjkpadkhcpmkeboeknjcmiaogbkph',
|
||||
'true,,Session Buddy,edacconmaakjimmfgnblocblbcdcpbko',
|
||||
'true,,Set Character Encoding,bpojelgakakmcfmjfilgdlmhefphglae',
|
||||
'true,,Shodan,jjalcfnidlmpjhdfepjhjbhnhkbgleap',
|
||||
|
|
@ -295,28 +241,21 @@ WHERE
|
|||
'true,,Simple Tab Sorter,cgfpgnepljlgenjclbekbjdlgcodfmjp',
|
||||
'true,,Skype Calling,blakpkgjpemejpbmfiglncklihnhjkij',
|
||||
'true,,Slack,jeogkiiogjbmhklcnbgkdcjoioegiknm',
|
||||
'true,,SSH for Google Cloud Platform,ojilllmhjhibplnppnamldakhpmdnibd',
|
||||
'true,stefanXO,Tab Manager Plus for Chrome,cnkdjjdmfiffagllbiiilooaoofcoeff',
|
||||
'true,,Soapbox — Video Recorder,lmepjnndgdhcgphilomlfekmgnnmngbi',
|
||||
'true,,Super Dark Mode,nlgphodeccebbcnkgmokeegopgpnjfkc',
|
||||
'true,,Superhuman,dcgcnpooblobhncpnddnhoendgbnglpn',
|
||||
'true,Symantec Corporation,Norton Password Manager,admmjipmmciaobhojoghlmleefbicajg',
|
||||
'true,,Tabli,igeehkedfibbnhbfponhjjplpkeomghi',
|
||||
'true,,Tab Wrangler,egnjhciaieeiiohknchakcodbpgjnchh',
|
||||
'true,,Tabli,igeehkedfibbnhbfponhjjplpkeomghi',
|
||||
'true,,Tag Assistant Legacy (by Google),kejbdjndbnbjgmefkgdddjlbokphdefk',
|
||||
'true,,Tampermonkey BETA,gcalenpjmijncebpfijmoaglllgpjagf',
|
||||
'true,Team Octotree,Octotree - GitHub code tree,bkhaagjahfmjljalopjnoealnfndnagc',
|
||||
'true,,The Marvellous Suspender,noogafoofpebimajpfpamcfhoaifemoa',
|
||||
'true,,The Org for LinkedIn,gnkbmaifcbniminbmbmiabamggncacag',
|
||||
'true,Thomas Rientjes,Decentraleyes,ldpochfccmkkmhdbclfhpagapcfdljkj',
|
||||
'true,,TickTick - Todo & Task List,diankknpkndanachmlckaikddgcehkod',
|
||||
'true,,Todoist for Chrome,jldhpllghnbhlbpcmnajkpdmadaolakh',
|
||||
'true,,Todoist for Gmail,clgenfnodoocmhnlnpknojdbjjnmecff',
|
||||
'true,Tomas Popela, tpopela@redhat.com,Fedora User Agent,hojggiaghnldpcknpbciehjcaoafceil',
|
||||
'true,,Trend Micro Ad Blocker: Powerful Ad Blocker,pmekfefnodgilnnjcfkkdjlebokonhpm',
|
||||
'true,Tulio Ornelas <ornelas.tulio@gmail.com>,JSON Viewer,gbmdgpbipfallnflgajpaliibnhdgobh',
|
||||
'true,,Ubiquiti Device Discovery Tool,hmpigflbjeapnknladcfphgkemopofig',
|
||||
'true,,uBlock,epcnnfbjfcgphgdmggkamkmgojdagdnn',
|
||||
'true,,UET Tag Helper (by Microsoft Advertising),naijndjklgmffmpembnkfbcjbognokbf',
|
||||
'true,,Ubiquiti Device Discovery Tool,hmpigflbjeapnknladcfphgkemopofig',
|
||||
'true,,Universal Video Downloader,cogmkaeijeflocngklepoknelfjpdjng',
|
||||
'true,,User-Agent Switcher for Chrome,djflhoibgkdhkhhcedjiklpkjnoahfmg',
|
||||
'true,,Utime,kpcibgnngaaabebmcabmkocdokepdaki',
|
||||
|
|
@ -324,27 +263,94 @@ WHERE
|
|||
'true,,VidyoWebConnector,mmedphfiemffkinodeemalghecnicmnh',
|
||||
'true,,Vimcal,akopimcimmdmklcmegcflfidpfegngke',
|
||||
'true,,Vimeo Record - Screen & Webcam Recorder,ejfmffkmeigkphomnpabpdabfddeadcb',
|
||||
'true,Vimeo,Vimeo Record - Screen & Webcam Recorder,ejfmffkmeigkphomnpabpdabfddeadcb',
|
||||
'true,,Vimium,dbepggeogbaibhgnhhndojpepiihcmeb',
|
||||
'true,,Vue.js devtools,nhdogjmejiglipccpnnnanhbledajbpd',
|
||||
'true,Wappalyzer,Wappalyzer - Technology profiler,gppongmhjkpfnbhagpmjfkannfbllamg',
|
||||
'true,,WAVE Evaluation Tool,jbbplnpkjmmeebjpijfedlgcdilocofh',
|
||||
'true,Web to Figma,Web to Figma,mafpepbepbabkenbfpcdjmmjmeeemoal',
|
||||
'true,,WhatFont,jabopobgcpjmedljpbcaablpmlmfcogm',
|
||||
'true,,Wikiwand: Wikipedia Modernized,emffkefkbkpkgpdeeooapgaicgmcbolj',
|
||||
'true,,Windows Accounts,ppnbnpeolgkicgegkbkbjmhlideopiji',
|
||||
'true,,Windscribe - Free Proxy and Ad Blocker,hnmpcagpplmpfojmgmnngilcnanddlhb',
|
||||
'true,,Wisdolia,ciknpklcipibmfbgjmdmfdfalklfdlne',
|
||||
'true,,WiseStamp email signature,pbcgnkmbeodkmiijjfnliicelkjfcldg',
|
||||
'true,,writeGPT - ChatGPT Prompt Engineer Assistant,dflcdbibjghipieemcligeelbmackgco',
|
||||
'true,,Wistia Video Downloader,acbiaofoeebeinacmcknopaikmecdehl',
|
||||
'true,,Yesware Sales Engagement,gkjnkapjmjfpipfcccnjbjcbgdnahpjp',
|
||||
'true,Yuri Konotopov <ykonotopov@gnome.org>,GNOME Shell integration,gphhapmejobijbbhgpjhcjognlahblep',
|
||||
'true,,Zoom Scheduler,kgjfgplpablkjnlkjmjdecgdpfankdle',
|
||||
'true,,Zoom,hmbjbjdpkobdjplfobhljndfdfdipjhg',
|
||||
'true,,ZoomInfo Engage Chrome Extension,mnbjlpbmllanehlpbgilmbjgocpmcijp',
|
||||
'true,,Zoom Scheduler,kgjfgplpablkjnlkjmjdecgdpfankdle',
|
||||
'true,,[DEPRECATED] Tag Assistant Legacy,kejbdjndbnbjgmefkgdddjlbokphdefk',
|
||||
'true,,axe DevTools - Web Accessibility Testing,lhdoppojpmngadmnindnejefpokejbdd',
|
||||
'true,,coLaboratory Notebook,pianggobfjcgeihlmfhfgkfalopndooo',
|
||||
'true,,crouton integration,gcpneefbbnfalgjniomfjknbcgkbijom',
|
||||
'true,,feedly,hipbfijinpcgfogaopmgehiegacbhmob',
|
||||
'true,,iCloud Bookmarks,fkepacicchenbjecpbpbclokcabebhah',
|
||||
'true,,uBlock,epcnnfbjfcgphgdmggkamkmgojdagdnn',
|
||||
'true,,writeGPT - ChatGPT Prompt Engineer Assistant,dflcdbibjghipieemcligeelbmackgco',
|
||||
'true,Adaware,Safe Torrent Scanner,aegnopegbbhjeeiganiajffnalhlkkjb',
|
||||
'true,Adblock for Chrome Team,Adblock for Chrome™,onomjaelhagjjojbkcafidnepbfkpnee',
|
||||
'true,Adblock, Inc.,AdBlock — best ad blocker,gighmmpiobklfepjocnamgkkbiglidom',
|
||||
'true,Adguard Software Ltd,AdGuard AdBlocker,bgnkhhnnamicmpeenaelnjfhikgbkllg',
|
||||
'true,AgileBits,1Password Nightly – Password Manager,gejiddohjgogedgjnonbofjigllpkmbf',
|
||||
'true,AgileBits,1Password \xE2\x80\x93 Password Manager,aeblfdkhhhdcdjpifhhbdiojplfjncoa',
|
||||
'true,,Loom \xE2\x80\x93 Screen Recorder & Screen Capture,liecbddmkiiihnedobmlmillhodjkdmb',
|
||||
'true,Quantier, LLC,Vim for Google Docs\xE2\x84\xA2,aphmodfjbhofkpibocbggkdfnpbpjmpp'
|
||||
'true,AgileBits,1Password extension (desktop app required),aomjjhallfgjeglblehebfpbcfeobpgk',
|
||||
'true,AgileBits,1Password – Password Manager,aeblfdkhhhdcdjpifhhbdiojplfjncoa',
|
||||
'true,Alexander Shutau,Dark Reader,eimadpbcbfnmbkopoojfekhnkhdbieeh',
|
||||
'true,All uBlock contributors,uBlock - free ad blocker,epcnnfbjfcgphgdmggkamkmgojdagdnn',
|
||||
'true,Benjamin Hollis,JSONView,gmegofmjomhknnokphhckolhcffdaihd',
|
||||
'true,BetaFish,AdBlock — best ad blocker,gighmmpiobklfepjocnamgkkbiglidom',
|
||||
'true,Bitwarden Inc.,Bitwarden - Free Password Manager,nngceckbapebfimnlniiiahkandclblb',
|
||||
'true,Bitwarden Inc.,Bitwarden Password Manager,nngceckbapebfimnlniiiahkandclblb',
|
||||
'true,CAD Team,Cookie AutoDelete,fhcgjolkccmbidfldomjliifgaodjagh',
|
||||
'true,Clockwise Inc.,Clockwise: AI Calendar & Scheduling Assistant,hjcneejoopafkkibfbcaeoldpjjiamog',
|
||||
'true,Clockwise Inc.,Clockwise: Team Time & Calendar Management,hjcneejoopafkkibfbcaeoldpjjiamog',
|
||||
'true,Contacts+,Contacts+ for Gmail,cnaibnehbbinoohhjafknihmlopdhhip',
|
||||
'true,CookieBlock Team,CookieBlock,fbhiolckidkciamgcobkokpelckgnnol',
|
||||
'true,Crowdcast, Inc.,Crowdcast Screensharing,kgmadhplahebfoiijgloflhakfjlkbpb',
|
||||
'true,Evernote,Evernote Web Clipper,pioclpoplcdbaefihamjohnefbikjilc',
|
||||
'true,ExpressVPN,ExpressVPN: VPN proxy for a better internet,fgddmllnllkalaagkghckoinaemmogpe',
|
||||
'true,Federico Brigante,GitHub Issue Link Status,nbiddhncecgemgccalnoanpnenalmkic',
|
||||
'true,François Duprat,Mobile simulator - responsive testing tool,ckejmhbmlajgoklhgbapkiccekfoccmk',
|
||||
'true,Ghostery,Ghostery Tracker & Ad Blocker - Privacy AdBlock,mlomiejdfkolichcflejclcbmpeaniij',
|
||||
'true,Ghostery,Ghostery Tracker Ad Blocker - Privacy AdBlock,mlomiejdfkolichcflejclcbmpeaniij',
|
||||
'true,Ghostery,Ghostery – Privacy Ad Blocker,mlomiejdfkolichcflejclcbmpeaniij',
|
||||
'true,Gordon Pedsersen,MarkDownload - Markdown Web Clipper,pcmpcfapbekmbjjkdalcgopdkipoggdi',
|
||||
'true,Guilherme Nascimento,Prevent Duplicate Tabs,eednccpckdkpojaiemedoejdngappaag',
|
||||
'true,James Anderson,LeechBlock NG,blaaajhemilngeeffpbfkdjjoefldkok',
|
||||
'true,Kai Uwe Broulik <kde@privat.broulik.de>,Plasma Integration,cimiefiiaegbelhefglklhhakcgmhkai',
|
||||
'true,Kas Elvirov,GitHub Gloc,kaodcnpebhdbpaeeemkiobcokcnegdki',
|
||||
'true,Keepa GmbH,Keepa - Amazon Price Tracker,neebplgakaahbhdphmkckjjcegoiijjo',
|
||||
'true,LastPass,LastPass: Free Password Manager,hdokiejnpimakedhajhdlcegeplioahd',
|
||||
'true,Leadjet,Leadjet - Make your CRM work on LinkedIn,kojhcdejfimplnokhhhekhiapceggamn',
|
||||
'true,Marker.io,Marker.io: Visual bug reporting for websites,jofhoojcehdmaiibilpcoofpdbbddkkl',
|
||||
'true,Microsoft Corporation,Microsoft 365,ndjpnladcallmjemlbaebfadecfhkepb',
|
||||
'true,Microsoft Corporation,Microsoft Autofill,fiedbfgcleddlbcmgdigjgdfcggjcion',
|
||||
'true,Moustachauve,Cookie-Editor,hlkenndednhfkekhgcdicdfddnkalmdm',
|
||||
'true,NortonLifeLock Inc,Norton Safe Web,fnpbeacklnhmkkilekogeiekaglbmmka',
|
||||
'true,Opera Norway AS,Opera AI Prompts,mljbnbeedpkgakdchcmfapkjhfcogaoc',
|
||||
'true,Opera Software AS,Rich Hints Agent,enegjkbbakeegngfapepobipndnebkdk',
|
||||
'true,Opera,Cashback Assistant,ompjkhnkeoicimmaehlcmgmpghobbjoj',
|
||||
'true,Pawel Psztyc,Advanced REST client,hgmloofddffdnphfgcellkdfbfbjeloo',
|
||||
'true,Pushbullet,Pushbullet,chlffgpmiacpedhhbkiomidkjlcfhogd',
|
||||
'true,Quantier, LLC,Vim for Google Docs\xE2\x84\xA2,aphmodfjbhofkpibocbggkdfnpbpjmpp',
|
||||
'true,Quantier, LLC,Vim for Google Docs™,aphmodfjbhofkpibocbggkdfnpbpjmpp',
|
||||
'true,Quidco.com,Quidco Cashback Reminder,offafgdgnliocofjjiohlpjpenbogkbl',
|
||||
'true,Rakuten,Rakuten: Get Cash Back For Shopping,chhjbpecpncaggjpdakmflnfcopglcmi',
|
||||
'true,Raymond Hill & contributors,uBlock Origin,cjpalhdlnbpafiamejdnhcphjbkeiagm',
|
||||
'true,Reddit Enhancement Suite contributors,Reddit Enhancement Suite,kbmfpngjjgdllneeigpgjifpgocmfgmb',
|
||||
'true,Symantec Corporation,Norton Password Manager,admmjipmmciaobhojoghlmleefbicajg',
|
||||
'true,Team Octotree,Octotree - GitHub code tree,bkhaagjahfmjljalopjnoealnfndnagc',
|
||||
'true,Thomas Rientjes,Decentraleyes,ldpochfccmkkmhdbclfhpagapcfdljkj',
|
||||
'true,Tomas Popela, tpopela@redhat.com,Fedora User Agent,hojggiaghnldpcknpbciehjcaoafceil',
|
||||
'true,Tulio Ornelas <ornelas.tulio@gmail.com>,JSON Viewer,gbmdgpbipfallnflgajpaliibnhdgobh',
|
||||
'true,Vimeo,Vimeo Record - Screen & Webcam Recorder,ejfmffkmeigkphomnpabpdabfddeadcb',
|
||||
'true,Wappalyzer,Wappalyzer - Technology profiler,gppongmhjkpfnbhagpmjfkannfbllamg',
|
||||
'true,Web to Figma,Web to Figma,mafpepbepbabkenbfpcdjmmjmeeemoal',
|
||||
'true,Yuri Konotopov <ykonotopov@gnome.org>,GNOME Shell integration,gphhapmejobijbbhgpjhcjognlahblep',
|
||||
'true,chromeos-recovery-tool-admin@google.com,Chromebook Recovery Utility,jndclpdbaamdhonoechobihbbiimdgai',
|
||||
'true,compose.ai,Compose AI: AI-powered Writing Tool,ddlbpiadoechcolndfeaonajmngmhblj',
|
||||
'true,eyeo GmbH,Adblock Plus - free ad blocker,cfhdojbkjhnklbpkdaibdccddilifddb',
|
||||
'true,homerchen19,File Icons for GitHub and GitLab,ficfmibkjjnpogdcfhfokmihanoldbfe',
|
||||
'true,https://metamask.io,MetaMask,nkbihfbeogaeaoehlefnkodbefgpgknn',
|
||||
'true,stefanXO,Tab Manager Plus for Chrome,cnkdjjdmfiffagllbiiilooaoofcoeff',
|
||||
)
|
||||
AND NOT (
|
||||
exception_key IN (
|
||||
|
|
|
|||
|
|
@ -51,4 +51,4 @@ WHERE
|
|||
'74,0,/tmp/mysql.sock.lock,regular,0600',
|
||||
'74,0,/tmp/mysqlx.sock.lock,regular,0600'
|
||||
)
|
||||
AND NOT exception_key LIKE '500,1000,/tmp/keepassxc-%-linux.lock,regular,0644'
|
||||
AND NOT exception_key LIKE '500,1000,/tmp/keepassxc-%.lock,regular,0644'
|
||||
|
|
|
|||
|
|
@ -82,6 +82,7 @@ WHERE
|
|||
'2345,6,500,dlv,',
|
||||
'24678,6,500,node,',
|
||||
'24802,6,500,synergy-service,Developer ID Application: Symless Ltd (4HX897Y6GJ)',
|
||||
'24851,6,500,HueSync,Developer ID Application: Signify Netherlands B.V. (PREPN2W95S)',
|
||||
'25565,6,500,java,',
|
||||
'26000,6,500,node20,Developer ID Application: Node.js Foundation (HX7739G8FX)',
|
||||
'27036,6,500,steam_osx,Developer ID Application: Valve Corporation (MXGJJ98X76)',
|
||||
|
|
@ -111,7 +112,6 @@ WHERE
|
|||
'49152,6,0,AirPlayXPCHelper,Software Signing',
|
||||
'49152,6,0,launchd,Software Signing',
|
||||
'49152,6,0,remoted,Software Signing',
|
||||
'24851,6,500,HueSync,Developer ID Application: Signify Netherlands B.V. (PREPN2W95S)',
|
||||
'49152,6,0,remotepairingdeviced,Software Signing',
|
||||
'49152,6,500,AUHostingServiceXPC_arrow,Software Signing',
|
||||
'49152,6,500,CaptureCoreService,Developer ID Application: Capture One A/S (5WTDB5F65L)',
|
||||
|
|
@ -150,6 +150,7 @@ WHERE
|
|||
'49152,6,500,telepresence,',
|
||||
'49152,6,500,vpnkit-bridge,Developer ID Application: Docker Inc (9BNSXJN65R)',
|
||||
'49152,6,65,mDNSResponder,Software Signing',
|
||||
'500,6,8883,BambuStudio,BambuStudio,500u,80g',
|
||||
'5000,6,500,ControlCenter,Software Signing',
|
||||
'5001,6,500,crane,',
|
||||
'5001,6,500,gvproxy,',
|
||||
|
|
@ -195,6 +196,8 @@ WHERE
|
|||
'8834,6,0,nessusd,Developer ID Application: Tenable, Inc. (4B8J598M7U)',
|
||||
'8834,6,500,Code Helper,Developer ID Application: Microsoft Corporation (UBF8T346G9)',
|
||||
'8888,6,500,otel-desktop-viewer,',
|
||||
'8933,6,500,WebexHelper,Developer ID Application: Cisco (DE8Y96K9QP)',
|
||||
'8934,6,500,WebexHelper,Developer ID Application: Cisco (DE8Y96K9QP)',
|
||||
'9101,6,500,github_actions_exporter,',
|
||||
'9991,6,500,sourcegraph-backend,Developer ID Application: SOURCEGRAPH INC (74A5FJ7P96)'
|
||||
)
|
||||
|
|
|
|||
|
|
@ -84,6 +84,7 @@ WHERE
|
|||
'X,/nix/store/__VERSION__/bin/Xorg,0,system.slice,display-manager.service,0555',
|
||||
'Xorg,/usr/lib/Xorg,0,system.slice,lightdm.service,0755',
|
||||
'Xorg,/usr/lib/Xorg,0,system.slice,sddm.service,0755',
|
||||
'Xorg,/usr/lib/xorg/Xorg,0,system.slice,sddm.service,0755',
|
||||
'abrt-dump-journ,/usr/bin/abrt-dump-journal-core,0,system.slice,abrt-journal-core.service,0755',
|
||||
'abrt-dump-journ,/usr/bin/abrt-dump-journal-oops,0,system.slice,abrt-oops.service,0755',
|
||||
'abrt-dump-journ,/usr/bin/abrt-dump-journal-xorg,0,system.slice,abrt-xorg.service,0755',
|
||||
|
|
@ -255,10 +256,12 @@ WHERE
|
|||
'scdaemon,/usr/libexec/scdaemon,0,user.slice,user-1000.slice,0755',
|
||||
'sddm,/usr/bin/sddm,0,system.slice,sddm.service,0755',
|
||||
'sddm-helper,/usr/lib/sddm/sddm-helper,0,user.slice,user-1000.slice,0755',
|
||||
'sddm-helper,/usr/lib/x86_64-linux-gnu/sddm/sddm-helper,0,user.slice,user-1000.slice,0755',
|
||||
'sddm-helper,/usr/libexec/sddm-helper,0,user.slice,user-1000.slice,0755',
|
||||
'sedispatch,/usr/sbin/sedispatch,0,system.slice,auditd.service,0755',
|
||||
'sh,/nix/store/__VERSION__/bin/bash,0,system.slice,znapzend.service,0555',
|
||||
'smartd,/usr/sbin/smartd,0,system.slice,smartd.service,0755',
|
||||
'smartd,/usr/sbin/smartd,0,system.slice,smartmontools.service,0755',
|
||||
'snapd,/snap/snapd/__VERSION__/usr/lib/snapd/snapd,0,system.slice,snapd.service,0755',
|
||||
'snapd,/usr/lib/snapd/snapd,0,system.slice,snapd.service,0755',
|
||||
'snapd,/usr/libexec/snapd/snapd,0,system.slice,snapd.service,0755',
|
||||
|
|
@ -327,17 +330,13 @@ WHERE
|
|||
'zfs-auto-snapsh,/nix/store/__VERSION__/bin/ruby,0,system.slice,zfs-snapshot-frequent.service,0555',
|
||||
'zfs-auto-snapsh,/nix/store/__VERSION__/bin/ruby,0,system.slice,zfs-snapshot-hourly.service,0555'
|
||||
)
|
||||
AND NOT exception_key LIKE 'abrt-dbus,/usr/sbin/abrt-dbus,0,system.slice,system-dbus%org.freedesktop.problems.slice,0755'
|
||||
AND NOT exception_key LIKE '%beat,%/opt/Elastic/Agent/data/elastic-%/components/%beat,0,system.slice,elastic-agent.service,%'
|
||||
AND NOT exception_key LIKE 'abrt-dbus,/usr/sbin/abrt-dbus,0,system.slice,system-dbus%org.freedesktop.problems.slice,%'
|
||||
AND NOT exception_key LIKE 'elastic-agent,%/opt/Elastic/Agent/data/elastic-agent%/elastic-agent,0,system.slice,elastic-agent.service,%'
|
||||
AND NOT exception_key LIKE 'fusermount3,/usr/bin/fusermount3,%,user.slice,user-%.slice,4755'
|
||||
AND NOT exception_key LIKE 'elastic-agent,/opt/Elastic/Agent/data/elastic-agent%/elastic-agent,0,system.slice,elastic-agent.service,0750'
|
||||
AND NOT exception_key LIKE 'elastic-agent,/var/opt/Elastic/Agent/data/elastic-agent%/elastic-agent,0,system.slice,elastic-agent.service,0750'
|
||||
AND NOT exception_key LIKE 'elastic-agent,/var/opt/Elastic/Agent/data/elastic-agent%/elastic-agent,0,system.slice,elastic-agent.service,0770'
|
||||
AND NOT exception_key LIKE '%beat,/opt/Elastic/Agent/data/elastic-%/components/%beat,0,system.slice,elastic-agent.service,0750'
|
||||
AND NOT exception_key LIKE '%beat,/var/opt/Elastic/Agent/data/elastic-%/components/%beat,0,system.slice,elastic-agent.service,0750'
|
||||
AND NOT exception_key LIKE 'incusd,%/bin/incusd,0,lxc.monitor.%,,0755'
|
||||
AND NOT exception_key LIKE 'osquery-extensi,/opt/Elastic/Agent/data/elastic-agent-%/components/osquery-extension.ext,0,system.slice,elastic-agent.service,0750'
|
||||
AND NOT exception_key LIKE 'osqueryd,/opt/Elastic/Agent/data/elastic-agent-%/components/osqueryd,0,system.slice,elastic-agent.service,0750'
|
||||
AND NOT exception_key LIKE 'elastic-agent,/opt/Elastic/Agent/data/elastic-agent-%/elastic-agent,0,system.slice,elastic-agent.service,0770'
|
||||
AND NOT exception_key LIKE 'incusd,%/bin/incusd,0,lxc.monitor.%,,0755'
|
||||
AND NOT p0.path IN ('/bin/bash', '/usr/bin/bash')
|
||||
AND NOT p0.cgroup_path LIKE '/system.slice/docker-%'
|
||||
GROUP BY
|
||||
|
|
|
|||
Loading…
Reference in New Issue