mirror of
https://github.com/chainguard-dev/osquery-defense-kit
synced 2025-01-03 12:02:02 +00:00
fpr: cleanup and new additions
This commit is contained in:
Thomas Stromberg
parent
ed772cb369
commit
02337c28f0
@ -312,6 +312,7 @@ WHERE
|
||||
'443,6,500,Transmit,com.panic.Transmit,Developer ID Application: Panic, Inc. (VE8FC488U5)',
|
||||
'443,6,500,trivy,,',
|
||||
'443,6,500,trivy,a.out,',
|
||||
'443,6,500,Ecamm Live Stream Deck Plugin,Ecamm Live Stream Deck Plugin,Developer ID Application: Ecamm Network, LLC (5EJH68M642)',
|
||||
'443,6,500,TwitchStudioStreamDeck,TwitchStudioStreamDeck,Developer ID Application: Corsair Memory, Inc. (Y93VXCB8Q5)',
|
||||
'443,6,500,vegeta,a.out,',
|
||||
'443,6,500,vim,vim,',
|
||||
|
||||
@ -44,6 +44,7 @@ WHERE
|
||||
'/Applications/Pandora.app/Contents/Frameworks/Electron Framework.framework/Versions/A/Resources/crashpad_handler',
|
||||
'/Applications/Skitch.app/Contents/Library/LoginItems/J8RPQ294UB.com.skitch.SkitchHelper.app/Contents/MacOS/J8RPQ294UB.com.skitch.SkitchHelper',
|
||||
'/Library/Application Support/Logitech/com.logitech.vc.LogiVCCoreService/LogiVCCoreService.app/Contents/MacOS/LogiVCCoreService',
|
||||
'/Library/Printers/Brother/Utilities/BrStatusMonitor.app/Contents/MacOS/BrStatusMonitor',
|
||||
'/Library/Printers/Brother/Utilities/Server/LOGINserver.app/Contents/MacOS/LOGINserver',
|
||||
'/Library/Printers/Brother/Utilities/Server/NETserver.app/Contents/MacOS/NETserver',
|
||||
'/Library/Printers/Brother/Utilities/Server/USBAppControl.app/Contents/MacOS/USBAppControl',
|
||||
@ -53,8 +54,8 @@ WHERE
|
||||
'/snap/brackets/138/opt/brackets/Brackets-node',
|
||||
'/usr/bin/i3blocks',
|
||||
'/usr/bin/sshfs',
|
||||
'/usr/local/bin/dive',
|
||||
'/usr/bin/xss-lock'
|
||||
'/usr/bin/xss-lock',
|
||||
'/usr/local/bin/dive'
|
||||
)
|
||||
AND p.name NOT IN (
|
||||
'buildkitd',
|
||||
|
||||
@ -36,17 +36,17 @@ WHERE
|
||||
'/etc/ld.so.conf.d/bind-export-x86_64.conf,0644,26,efeec53def06657c947f064463d5ebdb68f7c6f9e40cc2e72fc11c263484942e',
|
||||
'/etc/ld.so.conf.d/cuda.conf,0644,66,a65f7d96e2447eb40b1be9586b90eb0bd776a8938c93d21f9606d2880b548b28',
|
||||
'/etc/ld.so.conf.d/dyninst-x86_64.conf,0644,19,a4c740c1f59176d816ba18d429ba823317d3db416accf6d79a9cb0ac845d9d50',
|
||||
'/etc/ld.so.conf.d/fakeroot-x86_64-linux-gnu.conf,0644,38,af7edc777dd224bade078ba540538444db69856533c02e18a7f9fbbdd23bd181',
|
||||
'/etc/ld.so.conf.d/fakeroot.conf,0644,21,564c4c4d369d005702d825d34edc5e5568cb1ab6ee1b19fa03d0d672fb8b3aee',
|
||||
'/etc/ld.so.conf.d/fakeroot-x86_64-linux-gnu.conf,0644,38,af7edc777dd224bade078ba540538444db69856533c02e18a7f9fbbdd23bd181',
|
||||
'/etc/ld.so.conf.d/gds-11-8.conf,0644,46,2b48cb0abd03ff1d8926eca02a71540f4ee00ebccad5515e4d28a542dae8438a',
|
||||
'/etc/ld.so.conf.d/i386-linux-gnu.conf,0644,168,023231b8d6d21a7f4b1a59b875576604395041c814c0fd640d4a1d3d29455e6a',
|
||||
'/etc/ld.so.conf.d/intel-oneapi-compiler-dpcpp-cpp-runtime-libs.conf,0644,44,9f123b367c8afdcd116047d24f91339a95724d6f6cd189967696d2eb8eda63b4',
|
||||
'/etc/ld.so.conf.d/intel-oneapi-compiler-dpcpp-cpp-runtime.conf,0644,48,c0c6efda46a86b0d0cbc620b910cec4ba455d09a2bc7a39adf45ce113093366d',
|
||||
'/etc/ld.so.conf.d/intel-oneapi-compiler-dpcpp-cpp-runtime.conf,0644,92,c4f62f0bfed45e548755c60b5e012e79c9062bb2a993c041db661951eb994476',
|
||||
'/etc/ld.so.conf.d/intel-oneapi-compiler-dpcpp-cpp-runtime-libs.conf,0644,44,9f123b367c8afdcd116047d24f91339a95724d6f6cd189967696d2eb8eda63b4',
|
||||
'/etc/ld.so.conf.d/intel-oneapi-compiler-shared-opencl-cpu.conf,0644,92,c4f62f0bfed45e548755c60b5e012e79c9062bb2a993c041db661951eb994476',
|
||||
'/etc/ld.so.conf.d/intel-oneapi-compiler-shared-runtime-libs.conf,0644,65,0e9c472578fe009314f02ab64613fc41114f4d07cfd3a805191a5b755d780a43',
|
||||
'/etc/ld.so.conf.d/intel-oneapi-compiler-shared-runtime.conf,0644,157,0b4a1c81fcab2d345f99e0187f29cf28f085ae67bf42c86d7b509c06b345186e',
|
||||
'/etc/ld.so.conf.d/intel-oneapi-compiler-shared-runtime.conf,0644,92,c4f62f0bfed45e548755c60b5e012e79c9062bb2a993c041db661951eb994476',
|
||||
'/etc/ld.so.conf.d/intel-oneapi-compiler-shared-runtime-libs.conf,0644,65,0e9c472578fe009314f02ab64613fc41114f4d07cfd3a805191a5b755d780a43',
|
||||
'/etc/ld.so.conf.d/intel-oneapi-openmp.conf,0644,155,76736fa4deb3f3f4a7a96a068eb01b610faf9492814d47d36b3acbc1b4fb9fd3',
|
||||
'/etc/ld.so.conf.d/intel-oneapi-tbb.conf,0644,48,ab4d154371df8bf81c4fd8f079137994c5c9a60f43bef4132e6ffcbfbb08e99d',
|
||||
'/etc/ld.so.conf.d/kernel-3.10.0-1160.83.1.el7.x86_64.conf,0444,63,37cb41e22b4cb69bb7b8652111c59d3d07b6522ac1f4a635e794ca7eaf411dd7',
|
||||
@ -55,6 +55,7 @@ WHERE
|
||||
'/etc/ld.so.conf.d/libc.conf,0644,44,90d4c7e43e7661cd116010eb9f50ad5817e43162df344bd1ad10898851b15d41',
|
||||
'/etc/ld.so.conf.d/libiscsi-x86_64.conf,0644,17,fa3839c3cb893d3a589a020a0a9a010de1332b8385ee8139660e2da8bcc932a3',
|
||||
'/etc/ld.so.conf.d/llvm13-x86_64.conf,0644,22,4da62e9ec76b030c527e2ea87ccfab1baeff7d0f9092f980231e49961bb97de0',
|
||||
'/etc/ld.so.conf.d/llvm15-x86_64.conf,0644,22,30e995961d9e382d287469acce7e168d15811356bf20971fc17bb582a8d62afa',
|
||||
'/etc/ld.so.conf.d/mariadb-x86_64.conf,0644,17,598466b4954bc66c6f45f1f119211b0698d4a549f6c01b5d9a933a2511b82626',
|
||||
'/etc/ld.so.conf.d/mingw64-hostlib.conf,0644,29,df1b65371bead6dddc703346f56dde023e22d52d9f071a3b646beaaec75a53c9',
|
||||
'/etc/ld.so.conf.d/nessus.conf,0644,16,5a9dc65a4a0daa50ce9dd70ff3973fcceef9660cc3fdf5bb0beec8e0b6c57708',
|
||||
|
||||
@ -64,6 +64,7 @@ WHERE
|
||||
AND pe.status = 1
|
||||
AND pe.cmdline != ''
|
||||
AND pe.cmdline IS NOT NULL
|
||||
AND p0_cmd != '/opt/homebrew/opt/tailscale/bin/tailscaled'
|
||||
GROUP BY
|
||||
pe.euid,
|
||||
pe.path,
|
||||
|
||||
@ -48,6 +48,7 @@ WHERE -- NOTE: The remainder of this query is synced with unexpected-fetcher-par
|
||||
'curl,302,bash,nix',
|
||||
'curl,303,bash,nix',
|
||||
'curl,305,bash,nix',
|
||||
'curl,500,nvim,nvim',
|
||||
'curl,307,bash,nix',
|
||||
'curl,500,bash,bash',
|
||||
'curl,500,bash,fakeroot',
|
||||
|
||||
@ -259,6 +259,7 @@ WHERE
|
||||
'dash,0,kube-proxy,containerd-shim-runc-v2',
|
||||
'dash,0,run-parts,dash',
|
||||
'dash,0,snapd,systemd',
|
||||
'dash,0,dpkg,python3.10',
|
||||
'sh,0,auditd,launchd',
|
||||
'sh,500,cloud_sql_proxy,zsh',
|
||||
'sh,500,docs,zsh',
|
||||
|
||||
@ -32,7 +32,10 @@ WHERE
|
||||
active_state != 'inactive'
|
||||
AND sub_state != 'plugged'
|
||||
AND sub_state != 'mounted'
|
||||
AND fragment_path != ''
|
||||
AND file.filename != ''
|
||||
-- Don't care about logical groupings.
|
||||
AND NOT file.filename LIKE '%.target'
|
||||
-- All of these are known good exceptions in known good paths
|
||||
AND NOT (
|
||||
(
|
||||
-- Only allow fragment paths in known good directories
|
||||
@ -55,7 +58,6 @@ WHERE
|
||||
'acpid.service,ACPI Daemon,,1125',
|
||||
'acpid.service,ACPI event daemon,,225',
|
||||
'acpid.socket,ACPID Listen Socket,,0',
|
||||
'akmods-keygen.target,akmods-keygen.target,,0',
|
||||
'akmods.service,Builds and install new kmods from akmod packages,,225',
|
||||
'alsa-restore.service,Save/Restore Sound Card State,,225',
|
||||
'alsa-restore.service,Save/Restore Sound Card State,,450',
|
||||
@ -79,28 +81,19 @@ WHERE
|
||||
'audit.service,Kernel Auditing,,1125',
|
||||
'avahi-daemon.service,Avahi mDNS/DNS-SD Stack,,900',
|
||||
'avahi-daemon.socket,Avahi mDNS/DNS-SD Stack Activation Socket,,675',
|
||||
'basic.target,Basic System,,900',
|
||||
'binfmt-support.service,Enable support for additional executable binary formats,,1125',
|
||||
'blk-availability.service,Availability of block devices,,225',
|
||||
"blockdev@dev-mapper-cryptdata.target,Block Device Preparation for /dev/mapper/cryptdata,,225",
|
||||
'blockdev@dev-mapper-cryptoswap.target,Block Device Preparation for /dev/mapper/cryptoswap,,225',
|
||||
"blockdev@dev-mapper-cryptswap.target,Block Device Preparation for /dev/mapper/cryptswap,,225",
|
||||
'bluetooth.service,Bluetooth service,,675',
|
||||
'bluetooth.target,Bluetooth Support,,225',
|
||||
'bolt.service,Thunderbolt system service,,450',
|
||||
'chronyd.service,NTP client/server,,1350',
|
||||
"chrony.service,chrony, an NTP client/server,,1575",
|
||||
'chrony.service,chrony, an NTP client/server,,450',
|
||||
'cloud-config.service,Apply the settings specified in cloud-config,,225',
|
||||
'cloud-config.target,Cloud-config availability,,450',
|
||||
'cloud-config.target,Cloud-config availability,,675',
|
||||
'cloud-final.service,Execute cloud user/final scripts,,450',
|
||||
'cloud-init-hotplugd.socket,cloud-init hotplug hook socket,,225',
|
||||
'cloud-init-local.service,Initial cloud-init job (pre-networking),,450',
|
||||
'cloud-init.service,Initial cloud-init job (metadata service crawler),,450',
|
||||
'cloud-init.service,Initial cloud-init job (metadata service crawler),,675',
|
||||
'cloud-init.target,Cloud-init target,,225',
|
||||
'cloud-init.target,Cloud-init target,,450',
|
||||
'colord.service,Manage, Install and Generate Color Profiles,colord,225',
|
||||
"com.system76.PowerDaemon.service,System76 Power Daemon,,225",
|
||||
"com.system76.Scheduler.service,Automatically configure CPU scheduler for responsiveness on AC,,225",
|
||||
@ -110,7 +103,6 @@ WHERE
|
||||
'crond.service,Command Scheduler,,225',
|
||||
'cronie.service,Periodic Command Scheduler,,0',
|
||||
'cron.service,Regular background program processing daemon,,225',
|
||||
'cryptsetup.target,Local Encrypted Volumes,,225',
|
||||
'cups-browsed.service,Make remote CUPS printers available locally,,225',
|
||||
'cups.path,CUPS Scheduler,,0',
|
||||
'cups.service,CUPS Scheduler,,225',
|
||||
@ -154,16 +146,12 @@ WHERE
|
||||
'gdm.service,GNOME Display Manager,,675',
|
||||
'gdm.service,GNOME Display Manager,,900',
|
||||
'geoclue.service,Location Lookup Service,geoclue,450',
|
||||
'getty-pre.target,Preparation for Logins,,450',
|
||||
'getty.target,Login Prompts,,450',
|
||||
'gitsign.service,Keyless Git signing with Sigstore!,,900',
|
||||
'graphical.target,Graphical Interface,,450',
|
||||
'gssproxy.service,GSSAPI Proxy Daemon,,450',
|
||||
'haproxy.service,HAProxy Load Balancer,,1350',
|
||||
"ifupdown-pre.service,Helper to synchronize boot up for ifupdown,,225",
|
||||
'iio-sensor-proxy.service,IIO Sensor Proxy service,,225',
|
||||
'import-state.service,Import network configuration from initramfs,,225',
|
||||
'integritysetup.target,Local Integrity Protected Volumes,,225',
|
||||
'irqbalance.service,irqbalance daemon,,225',
|
||||
'irqbalance.service,irqbalance daemon,,450',
|
||||
'iscsid.socket,Open-iSCSI iscsid Socket,,0',
|
||||
@ -187,9 +175,6 @@ WHERE
|
||||
'lm_sensors.service,Hardware Monitoring Sensors,,225',
|
||||
'lm-sensors.service,Initialize hardware monitoring sensors,,0',
|
||||
'lm_sensors.service,Initialize hardware monitoring sensors,,225',
|
||||
'local-fs-pre.target,Local File Systems (Pre),,225',
|
||||
'local-fs-pre.target,Preparation for Local File Systems,,450',
|
||||
'local-fs.target,Local File Systems,,450',
|
||||
'logrotate-checkconf.service,Logrotate configuration check,,1125',
|
||||
'logrotate.timer,Daily rotation of log files,,0',
|
||||
'logrotate.timer,logrotate.timer,,0',
|
||||
@ -198,7 +183,6 @@ WHERE
|
||||
'lvm2-lvmpolld.socket,LVM2 poll daemon socket,,225',
|
||||
'lvm2-monitor.service,Monitoring of LVM2 mirrors, snapshots etc. using dmeventd or progress polling,,450',
|
||||
'machine.slice,Virtual Machine and Container Slice,,450',
|
||||
'machines.target,Containers,,225',
|
||||
'man-db.service,Daily man-db regeneration,root,675',
|
||||
'man-db.timer,Daily man-db regeneration,,0',
|
||||
'mcelog.service,Machine Check Exception Logging Daemon,,225',
|
||||
@ -213,40 +197,28 @@ WHERE
|
||||
'mount-pstore.service,mount-pstore.service,,1125',
|
||||
'multipathd.service,Device-Mapper Multipath Device Controller,,675',
|
||||
'multipathd.socket,multipathd control socket,,225',
|
||||
'multi-user.target,Multi-User System,,450',
|
||||
'nessusd.service,The Nessus Vulnerability Scanner,,675',
|
||||
'netcf-transaction.service,Rollback uncommitted netcf network config change transactions,,225',
|
||||
'networkd-dispatcher.service,Dispatcher daemon for systemd-networkd,,225',
|
||||
"networking.service,Raise network interfaces,,450",
|
||||
'network-interfaces.target,All Network Interfaces (deprecated),,0',
|
||||
'network-local-commands.service,Extra networking commands.,,1350',
|
||||
'NetworkManager-dispatcher.service,Network Manager Script Dispatcher Service,,450',
|
||||
'NetworkManager-dispatcher.service,Network Manager Script Dispatcher Service,,675',
|
||||
'NetworkManager.service,Network Manager,,1125',
|
||||
'NetworkManager.service,Network Manager,,1350',
|
||||
'NetworkManager-wait-online.service,Network Manager Wait Online,,1125',
|
||||
'network-online.target,Network is Online,,450',
|
||||
'network-pre.target,Network (Pre),,450',
|
||||
'network-pre.target,Preparation for Network,,450',
|
||||
'network-setup.service,Networking Setup,,1350',
|
||||
'network.target,Network,,225',
|
||||
'network.target,Network,,450',
|
||||
'nfs-client.target,NFS client services,,225',
|
||||
'nginx.service,Nginx Web Server,nginx,2400',
|
||||
'nix-daemon.service,Nix Daemon,,225',
|
||||
'nix-daemon.socket,Nix Daemon Socket,,225',
|
||||
'nix-gc.timer,nix-gc.timer,,0',
|
||||
'nscd.service,Name Service Cache Daemon,nscd,1800',
|
||||
'nss-lookup.target,Host and Network Name Lookups,,450',
|
||||
'nss-user-lookup.target,User and Group Name Lookups,,450',
|
||||
'nvidia-fallback.service,Fallback to nouveau as nvidia did not load,,225',
|
||||
'nvidia-persistenced.service,NVIDIA Persistence Daemon,,225',
|
||||
'nvidia-powerd.service,nvidia-powerd service,,0',
|
||||
'nvidia-suspend.service,NVIDIA system suspend actions,,225',
|
||||
'openvpn.service,OpenVPN service,,225',
|
||||
'packagekit.service,PackageKit Daemon,root,225',
|
||||
'paths.target,Paths,,225',
|
||||
'paths.target,Path Units,,225',
|
||||
'pcscd.service,PC/SC Smart Card Daemon,,225',
|
||||
'pcscd.socket,PC/SC Smart Card Daemon Activation Socket,,0',
|
||||
'phpsessionclean.timer,Clean PHP session files every 30 mins,,0',
|
||||
@ -268,13 +240,10 @@ WHERE
|
||||
'reflector.service,Refresh Pacman mirrorlist with Reflector.,,1350',
|
||||
'reflector.timer,Refresh Pacman mirrorlist weekly with Reflector.,,0',
|
||||
'reload-systemd-vconsole-setup.service,Reset console on configuration changes,,1125',
|
||||
'remote-fs-pre.target,Preparation for Remote File Systems,,450',
|
||||
'remote-fs.target,Remote File Systems,,450',
|
||||
"resolvconf-pull-resolved.path,resolvconf-pull-resolved.path,,0",
|
||||
"resolvconf.service,Nameserver information manager,,225",
|
||||
'resolvconf.service,resolvconf update,,1125',
|
||||
'rngd.service,Hardware RNG Entropy Gatherer Daemon,,225',
|
||||
'rpc_pipefs.target,rpc_pipefs.target,,0',
|
||||
'rpc-statd-notify.service,Notify NFS peers of a restart,,225',
|
||||
'rsyslog.service,System Logging Service,,225',
|
||||
'rsyslog.service,System Logging Service,,450',
|
||||
@ -284,37 +253,32 @@ WHERE
|
||||
'setvtrgb.service,Set console scheme,,225',
|
||||
'shadow.service,Verify integrity of password and group files,,900',
|
||||
'shadow.timer,Daily verification of password and group files,,0',
|
||||
'sleep.target,Sleep,,225',
|
||||
'sleep.target,Sleep,,450',
|
||||
'slices.target,Slices,,450',
|
||||
'slices.target,Slice Units,,450',
|
||||
'smartcard.target,Smart Card,,225',
|
||||
'abrt-journal-core.service,ABRT coredumpctl message creator,,0',
|
||||
'abrtd.service,ABRT Daemon,,225',
|
||||
'nginx.service,Nginx Web Server,nginx,2250',
|
||||
'network-local-commands.service,Extra networking commands.,,1125',
|
||||
'logrotate-checkconf.service,Logrotate configuration check,,900',
|
||||
'-.slice,Root Slice,,0',
|
||||
'accounts-daemon.service,Accounts Service,,2025',
|
||||
'nscd.service,Name Service Cache Daemon (nsncd),nscd,1350',
|
||||
'smartd.service,Self Monitoring and Reporting Technology (SMART) Daemon,,225',
|
||||
'smartd.service,Self Monitoring and Reporting Technology (SMART) Daemon,,450',
|
||||
'snapd.apparmor.service,Load AppArmor profiles managed internally by snapd,,675',
|
||||
'snapd.mounts-pre.target,Mounting snaps,,0',
|
||||
'snapd.mounts.target,Mounted snaps,,0',
|
||||
'snapd.seeded.service,Wait until snapd is fully seeded,,225',
|
||||
'snapd.service,Snap Daemon,,450',
|
||||
'snapd.socket,Socket activation for snappy daemon,,225',
|
||||
'snap.lxd.daemon.unix.socket,Socket unix for snap application lxd.daemon,,225',
|
||||
'snap.lxd.user-daemon.unix.socket,Socket unix for snap application lxd.user-daemon,,225',
|
||||
'snap.yubioath-desktop.pcscd.service,Service for snap application yubioath-desktop.pcscd,,450',
|
||||
'sockets.target,Sockets,,225',
|
||||
'sockets.target,Socket Units,,225',
|
||||
'sound.target,Sound Card,,225',
|
||||
'sshd-keygen.target,sshd-keygen.target,,0',
|
||||
'sshd.service,OpenSSH Daemon,,225',
|
||||
'sshd.service,OpenSSH server daemon,,225',
|
||||
'sshd.service,OpenSSH server daemon,,450',
|
||||
'sshd.service,SSH Daemon,,1575',
|
||||
'ssh.service,OpenBSD Secure Shell server,,450',
|
||||
'sssd-kcm.service,SSSD Kerberos Cache Manager,,225',
|
||||
'sssd-kcm.socket,SSSD Kerberos Cache Manager responder socket,,0',
|
||||
'supergfxd.service,SUPERGFX,,450',
|
||||
'swap.target,Swap,,225',
|
||||
'swap.target,Swaps,,225',
|
||||
'switcheroo-control.service,Switcheroo Control Proxy service,,450',
|
||||
'sysinit.target,System Initialization,,450',
|
||||
'syslog.socket,Syslog Socket,,1350',
|
||||
'sysstat-collect.timer,Run system activity accounting tool every 10 minutes,,225',
|
||||
'sysstat.service,Resets System Activity Logs,root,225',
|
||||
@ -402,11 +366,6 @@ WHERE
|
||||
'system.slice,System Slice,,0',
|
||||
'tailscaled.service,Tailscale node agent,,675',
|
||||
'thermald.service,Thermal Daemon Service,,225',
|
||||
'timers.target,Timers,,450',
|
||||
'timers.target,Timer Units,,450',
|
||||
'time-set.target,System Time Set,,225',
|
||||
"time-sync.target,System Time Synchronized,,225",
|
||||
'time-sync.target,System Time Synchronized,,450',
|
||||
'tlp.service,TLP system startup/shutdown,,450',
|
||||
"touchegg.service,Touchégg Daemon,,225",
|
||||
'ua-timer.timer,Ubuntu Advantage Timer for running repeated jobs,,0',
|
||||
@ -427,7 +386,6 @@ WHERE
|
||||
'vboxballoonctrl-service.service,vboxballoonctrl-service.service,,450',
|
||||
'vboxdrv.service,VirtualBox Linux kernel module,,450',
|
||||
'vboxweb-service.service,vboxweb-service.service,,450',
|
||||
'veritysetup.target,Local Verity Protected Volumes,,225',
|
||||
'virtinterfaced.socket,Libvirt interface local socket,,225',
|
||||
'virtlockd.socket,Virtual machine lock manager socket,,0',
|
||||
'virtlogd-admin.socket,Virtual machine log manager socket,,225',
|
||||
@ -448,7 +406,6 @@ WHERE
|
||||
'whoopsie.path,Start whoopsie on modification of the /var/crash directory,,0',
|
||||
'wpa_supplicant.service,WPA supplicant,,225',
|
||||
'zfs-import-cache.service,Import ZFS pools by cache file,,450',
|
||||
'zfs-import.target,ZFS pool import target,,0',
|
||||
'zfs-load-key-rpool.service,Load ZFS key for rpool,,675',
|
||||
'zfs-load-module.service,Install ZFS kernel module,,225',
|
||||
'zfs-mount.service,Mount ZFS filesystems,,225',
|
||||
@ -459,8 +416,6 @@ WHERE
|
||||
'zfs-snapshot-daily.service,ZFS auto-snapshotting every day,,900',
|
||||
'zfs-snapshot-frequent.service,ZFS auto-snapshotting every 15 mins,,900',
|
||||
'zfs-snapshot-hourly.service,ZFS auto-snapshotting every hour,,900',
|
||||
'zfs.target,ZFS startup target,,0',
|
||||
'zfs-volumes.target,ZFS volumes are ready,,0',
|
||||
'zfs-volume-wait.service,Wait for ZFS Volume (zvol) links in /dev,,225',
|
||||
'zfs-zed.service,ZFS Event Daemon (zed),,225',
|
||||
'znapzend.service,ZnapZend - ZFS Backup System,root,1575',
|
||||
@ -472,8 +427,6 @@ WHERE
|
||||
OR exception_key LIKE 'zfs-snapshot-%.service,zfs-snapshot-%.service,,900'
|
||||
OR exception_key LIKE 'dbus-:1.%-org.freedesktop.problems@%.service,dbus-:%.%-org.freedesktop.problems@%.service,0,225'
|
||||
OR exception_key LIKE 'run-media-%.mount,run-media-%.mount,,0'
|
||||
OR id LIKE 'blockdev@dev-mapper-luks%.target'
|
||||
OR id LIKE 'blockdev@dev-mapper-nvme%.target'
|
||||
OR id LIKE ''
|
||||
OR id LIKE 'dev-disk-by%.swap'
|
||||
OR id LIKE 'dev-mapper-%.swap'
|
||||
|
||||
@ -75,23 +75,18 @@ WHERE
|
||||
AND NOT file.filename LIKE '%-v1%'
|
||||
-- Well known demo keys
|
||||
AND NOT hash.sha256 IN (
|
||||
'11ffc5141b4b0071c0796914deef68d012c4f4c289931c5587fe89d7d6dca0a1',
|
||||
'2d330d059f4af4d314a85418fb031ee628f41dcf3e31fbce46858e52e73180c4',
|
||||
'4b4be8c1bc7e3bc7ea1f02932a024466db5faf3eaad885cf31ac7383484b1b1c',
|
||||
'6e55f3eccad59a615189c82cbcbd1133ce94509f7c5d42e3e7fbd00e65f0731f',
|
||||
'81bce2313cd00ffc42303fbf7c08e4d068fccc9c0076867903ef94616d795e12',
|
||||
'8d740893c1f9163ddfd8c193d9a95caf15da3740b42f2739c4b107ad12661809',
|
||||
'cea85342377ef1bce115629c3d9d3ec405964a43545805c9f7ace98940aa0be2',
|
||||
'998ddcb7d1a7c2931c8546576873e47b399f23cef719227052f245c8240c6528',
|
||||
'af1a2f8e9d581bb1504e3d8801d15d962fdf12ee7ebcf2bb9c475c8b92da6472',
|
||||
'81bce2313cd00ffc42303fbf7c08e4d068fccc9c0076867903ef94616d795e12',
|
||||
'4b4be8c1bc7e3bc7ea1f02932a024466db5faf3eaad885cf31ac7383484b1b1c',
|
||||
'af1a2f8e9d581bb1504e3d8801d15d962fdf12ee7ebcf2bb9c475c8b92da6472',
|
||||
'bc4c0ad21d79fea9050e75e80f13dd54bfdc867236342ede901d15d815f31988',
|
||||
'6e55f3eccad59a615189c82cbcbd1133ce94509f7c5d42e3e7fbd00e65f0731f',
|
||||
'11ffc5141b4b0071c0796914deef68d012c4f4c289931c5587fe89d7d6dca0a1',
|
||||
'6e55f3eccad59a615189c82cbcbd1133ce94509f7c5d42e3e7fbd00e65f0731f',
|
||||
'2d330d059f4af4d314a85418fb031ee628f41dcf3e31fbce46858e52e73180c4',
|
||||
'b68896dc8e8c23ade371cf8b5c9d25853d81b4cfa5baa2bc0200d9242a903d80',
|
||||
'bc4c0ad21d79fea9050e75e80f13dd54bfdc867236342ede901d15d815f31988',
|
||||
'cea85342377ef1bce115629c3d9d3ec405964a43545805c9f7ace98940aa0be2',
|
||||
'ef2c928c69403e023a332002d8c5c430e1022850b12f834563f6aec111d99f14',
|
||||
'bc4c0ad21d79fea9050e75e80f13dd54bfdc867236342ede901d15d815f31988'
|
||||
'ef2c928c69403e023a332002d8c5c430e1022850b12f834563f6aec111d99f14'
|
||||
)
|
||||
GROUP BY
|
||||
file.path
|
||||
|
||||
Loading…
Reference in New Issue
Block a user