From 3dfda437ab1b7590bf813321c626d562c5286d4f Mon Sep 17 00:00:00 2001 From: Thomas Stromberg Date: Wed, 21 Sep 2022 13:34:10 -0400 Subject: [PATCH] More tuning, quiet deaths --- fd/unexpected-dev-opener-linux.sql | 11 +++- fs/unexpected-ld-so-files-linux.sql | 4 +- net/unexpected-listening-port-linux.sql | 2 + net/unexpected-talkers-linux.sql | 29 ++++++---- net/unexpected-talkers-macos.sql | 13 ++++- process/low_start_time_ctime_delta.sql | 1 + process/missing-from-disk-linux.sql | 1 + process/name_path_mismatch.sql | 14 +++++ process_events/exotic-command-events.sql | 30 +++------- startup/unexpected-active-systemd-units.sql | 64 +++++++++++---------- 10 files changed, 100 insertions(+), 69 deletions(-) diff --git a/fd/unexpected-dev-opener-linux.sql b/fd/unexpected-dev-opener-linux.sql index 4a1d28e..2e6bdb3 100644 --- a/fd/unexpected-dev-opener-linux.sql +++ b/fd/unexpected-dev-opener-linux.sql @@ -33,13 +33,15 @@ WHERE pof.path LIKE '/dev/%' '/dev/rfkill', '/dev/snd/seq', '/dev/urandom', - '/dev/vga_arbiter' + '/dev/vga_arbiter', + '/dev/video10' -- workaround for poor regex management (ffmpeg) ) AND pof.path NOT LIKE "/dev/pts/%" AND pof.path NOT LIKE "/dev/snd/%" AND pof.path NOT LIKE "/dev/tty%" AND pof.path NOT LIKE "/dev/hidraw%" AND pof.path NOT LIKE "/dev/shm/.com.google.Chrome.%" + AND pof.path NOT LIKE "/dev/shm/.org.chromium.Chromium.%" AND NOT dir_exception IN ( '/dev/bus/usb,pcscd', '/dev/bus/usb/001,pcscd', @@ -56,6 +58,7 @@ WHERE pof.path LIKE '/dev/%' '/dev/shm,chrome', '/dev/shm,code', '/dev/shm,electron', + '/dev/shm,Brackets', '/dev/shm,firefox', '/dev/shm,gopls', '/dev/shm,java', @@ -83,7 +86,9 @@ WHERE pof.path LIKE '/dev/%' '/dev/tty,agetty', '/dev/tty,gdm-wayland-session', '/dev/tty,gdm-x-session', + '/dev/usb/hiddev,apcupsd', '/dev/tty,systemd-logind', + '/dev/usb/hiddev,upowerd', '/dev/tty,Xorg', '/dev/uinput,bluetoothd', '/dev/video,chrome', @@ -93,8 +98,8 @@ WHERE pof.path LIKE '/dev/%' '/dev/video,obs', '/dev/video,vlc', '/dev/zfs,zed', - "/dev/zfs,zfs" + '/dev/zfs,zfs' ) -- shows up as python - AND NOT (program_name IN ('streamdeck') AND device LIKE "/dev/bus/usb/%") + AND NOT (device LIKE "/dev/bus/usb/%" AND program_name IN ('streamdeck', 'gphoto2')) GROUP BY pof.pid \ No newline at end of file diff --git a/fs/unexpected-ld-so-files-linux.sql b/fs/unexpected-ld-so-files-linux.sql index 0f4e714..ea56d5a 100644 --- a/fs/unexpected-ld-so-files-linux.sql +++ b/fs/unexpected-ld-so-files-linux.sql @@ -23,14 +23,16 @@ WHERE ( '/etc/ld.so.conf,0644,117,dad04a370e488aa85fb0a813a5c83cf6fd981ce01883fc59685447b092de84b5', '/etc/ld.so.conf,0644,28,239c865e4c0746a01f82b03d38d620853bab2a2ba8e81d6f5606c503e0ea379f', '/etc/ld.so.conf,0644,34,d4b198c463418b493208485def26a6f4c57279467b9dfa491b70433cedb602e8', + '/etc/ld.so.conf.d/cuda.conf,0644,66,a65f7d96e2447eb40b1be9586b90eb0bd776a8938c93d21f9606d2880b548b28', '/etc/ld.so.conf.d/dyninst-x86_64.conf,0644,19,a4c740c1f59176d816ba18d429ba823317d3db416accf6d79a9cb0ac845d9d50', - '/etc/ld.so.conf.d/fakeroot.conf,0644,21,564c4c4d369d005702d825d34edc5e5568cb1ab6ee1b19fa03d0d672fb8b3aee', '/etc/ld.so.conf.d/fakeroot-x86_64-linux-gnu.conf,0644,38,af7edc777dd224bade078ba540538444db69856533c02e18a7f9fbbdd23bd181', + '/etc/ld.so.conf.d/fakeroot.conf,0644,21,564c4c4d369d005702d825d34edc5e5568cb1ab6ee1b19fa03d0d672fb8b3aee', '/etc/ld.so.conf.d/i386-linux-gnu.conf,0644,168,023231b8d6d21a7f4b1a59b875576604395041c814c0fd640d4a1d3d29455e6a', '/etc/ld.so.conf.d/lib32-glibc.conf,0644,11,c27424154a6096ae32c0824b785e05de6acef33d9224fd6147d1936be9b4962b', '/etc/ld.so.conf.d/libc.conf,0644,44,90d4c7e43e7661cd116010eb9f50ad5817e43162df344bd1ad10898851b15d41', '/etc/ld.so.conf.d/libiscsi-x86_64.conf,0644,17,fa3839c3cb893d3a589a020a0a9a010de1332b8385ee8139660e2da8bcc932a3', '/etc/ld.so.conf.d/llvm13-x86_64.conf,0644,22,4da62e9ec76b030c527e2ea87ccfab1baeff7d0f9092f980231e49961bb97de0', + '/etc/ld.so.conf.d/opencollada.conf,0644,21,2fc9656a2b881ca4528416daa91fc525adaa97d73e96a18b41aa7856270eba1f', '/etc/ld.so.conf.d/pipewire-jack-x86_64.conf,0644,30,cf4cb69feaa8ec8b99558c4e1123518831b3c56488981cbc34a662fe218ef221', '/etc/ld.so.conf.d/tix-x86_64.conf,0644,18,b2ef4843990ded5fd96e417fc08027a785fac59bd70eca6a26dd7b057542273a', '/etc/ld.so.conf.d/x86_64-linux-gnu.conf,0644,100,f03e4740e6922b4f4a1181cd696b52f62f9f10d003740a8940f7121795c59c98' diff --git a/net/unexpected-listening-port-linux.sql b/net/unexpected-listening-port-linux.sql index 7ebbcd3..1f18a77 100644 --- a/net/unexpected-listening-port-linux.sql +++ b/net/unexpected-listening-port-linux.sql @@ -22,6 +22,7 @@ WHERE port != 0 "10256,6,0,kube-proxy", "17,255,500,dhcpcd", "1716,6,500,kdeconnectd", + "3551,6,0,apcupsd", "22,6,0,sshd", "22000,6,500,syncthing", "3000,6,0,docker-proxy", @@ -34,6 +35,7 @@ WHERE port != 0 "5000,6,500,ControlCenter", "5001,6,0,registry", "53,17,0,coredns", + "8123,6,500,Brackets-node", "53,6,0,coredns", "53,6,500,dnsmasq", "5355,6,193,systemd-resolve", diff --git a/net/unexpected-talkers-linux.sql b/net/unexpected-talkers-linux.sql index 7e74c97..938dd09 100644 --- a/net/unexpected-talkers-linux.sql +++ b/net/unexpected-talkers-linux.sql @@ -33,6 +33,7 @@ AND NOT ( 'chrome', 'chrome', 'chronyd', + 'systemd-resolve', 'cloud_sql_proxy', 'code', 'containerd', @@ -46,6 +47,7 @@ AND NOT ( 'gh', 'git-remote-http', 'gitsign', + 'systemd-resolve', 'gnome-software', 'go', 'grafana-server', @@ -95,21 +97,21 @@ AND NOT ( ) AND NOT exception_key IN ( '123,17,500,chronyd', - '22,6,,', -- shortlived SSH (git push) - '22,6,500,ssh', '22067,6,500,syncthing', + '22,6,500,ssh', + '22,6,,', -- shortlived SSH (git push) '27024,6,500,steam', '3307,6,500,cloud_sql_proxy', '4070,6,500,spotify', '443,17,500,chrome', + '443,17,500,jcef_helper', '443,17,500,spotify', - '443,6,0,.tailscaled-wra', '443,6,0,dnf', '443,6,0,launcher', '443,6,0,pacman', '443,6,0,tailscaled', + '443,6,0,.tailscaled-wra', '443,6,472,grafana-server', - '443,6,500,.firefox-wrappe', '443,6,500,1password', '443,6,500,chainctl', '443,6,500,chrome', @@ -119,10 +121,9 @@ AND NOT exception_key IN ( '443,6,500,controlplane', '443,6,500,crc', '443,6,500,electron', - '443,6,500,Socket Process', '443,6,500,firefox', + '443,6,500,.firefox-wrappe', '443,6,500,gh', - '443,17,500,jcef_helper', '443,6,500,git-remote-http', '443,6,500,gitsign', '443,6,500,gnome-software', @@ -137,35 +138,41 @@ AND NOT exception_key IN ( '443,6,500,ngrok', '443,6,500,nix', '443,6,500,node', + '443,6,500,flameshot', + '443,6,500,obs', '443,6,500,obs-browser-page', '443,6,500,obs-ffmpeg-mux', - '443,6,500,obs', '443,6,500,obsidian', '443,6,500,signal-desktop', '443,6,500,slack', '443,6,500,snap-store', + '443,6,500,Socket Process', '443,6,500,spotify', '443,6,500,steamwebhelper', - '443,6,500,terraform-provi', '443,6,500,terraform', + '443,6,500,terraform-provi', '443,6,500,tkn', '443,6,500,vcluster', '443,6,500,xmobar', '443,6,500,yay', + '443,6,500,Brackets', + '8801,17,500,zoom', '443,6,500,zoom', '5228,6,500,chrome', - '80,6,0,.tailscaled-wra', - '80,6,0,tailscaled', '80,6,0,dnf', '80,6,0,NetworkManager', + '80,6,0,tailscaled', + '80,6,0,.tailscaled-wra', '80,6,500,firefox', + '80,6,500,.firefox-wrappe', '80,6,500,steam', '80,6,500,steamwebhelper', '80,6,500,syncthing' + ) AND NOT (p.name = 'syncthing' AND (remote_port IN (53,80,88,110,443,587,993,3306,7451) OR remote_port > 8000)) -AND NOT (p.name IN ('chrome', 'Google Chrome Helper','Brave Browser Helper', 'Chromium Helper', 'Opera Helper') AND remote_port IN (53,443,80,8009,8080,8888,8443,5228,32211,53,10001,3478,19305,19306,19307,19308,19309)) +AND NOT (p.name IN ('chrome', 'Google Chrome Helper','Brave Browser Helper', 'Chromium Helper', 'Opera Helper') AND remote_port IN (53,443,80,9000,5004,8009,8080,8888,8443,5228,32211,53,10001,3478,19305,19306,19307,19308,19309)) AND NOT (p.name IN ('Mail', 'thunderbird', 'Spark', 'Notes') AND remote_port IN (53,143,443,587,465,585,993)) AND NOT (p.name IN ('spotify', 'Spotify Helper', 'Spotify') AND remote_port IN (53,443,8009,4070,32211)) AND NOT (remote_port IN (443,53) AND p.name LIKE 'terraform-provider-%') diff --git a/net/unexpected-talkers-macos.sql b/net/unexpected-talkers-macos.sql index a5ee01d..8c62d2a 100644 --- a/net/unexpected-talkers-macos.sql +++ b/net/unexpected-talkers-macos.sql @@ -92,6 +92,7 @@ AND NOT ( ) AND NOT exception_key IN ( + '22,6,500,ssh,,', '22,6,500,ssh,com.apple.openssh,Software Signing', '22,6,500,ssh,ssh-55554944fbf65684ab9b37c2bad3a27ef78b23f4,', '43,6,500,DropboxMacUpdate,com.dropbox.DropboxMacUpdate,Developer ID Application: Dropbox, Inc. (G7HH3F8CAK)', @@ -100,13 +101,18 @@ AND NOT exception_key IN ( '443,17,500,Reflect Helper,app.reflect.ReflectDesktop,Developer ID Application: Reflect App, LLC (789ULN5MZB)', '443,6,0,com.apple.MobileSoftwareUpdate.UpdateBrainService,com.apple.MobileSoftwareUpdate.UpdateBrainService,Software Signing', '443,6,0,launcher,launcher,Developer ID Application: Kolide Inc (YZ3EM74M78)', + '443,6,0,nessusd,nessusd,Developer ID Application: Tenable, Inc. (4B8J598M7U)', '443,6,500,Acrobat Update Helper,com.adobe.ARMDCHelper,Developer ID Application: Adobe Inc. (JQ525L2MZD)', '443,6,500,bash,bash,', + '443,6,500,gitsign,,', + '443,6,500,chainctl,,', + '443,6,500,gh,gh,', '443,6,500,chainctl,a.out,', - '443,6,500,python3.10,python3.10,', '443,6,500,cloud_sql_proxy,a.out,', '443,6,500,Code Helper,com.microsoft.VSCode.helper,Developer ID Application: Microsoft Corporation (UBF8T346G9)', + '443,6,500,Code Helper (Renderer),com.github.Electron.helper,Developer ID Application: Microsoft Corporation (UBF8T346G9)', '443,6,500,cosign,a.out,', + '443,6,500,curl,com.apple.curl,Software Signing', '443,6,500,Electron,com.microsoft.VSCode,Developer ID Application: Microsoft Corporation (UBF8T346G9)', '443,6,500,Evernote Helper,com.evernote.Evernote.helper,Apple Mac OS Application Signing', '443,6,500,figma_agent,com.figma.agent,Developer ID Application: Figma, Inc. (T8RA8NE3B7)', @@ -116,6 +122,7 @@ AND NOT exception_key IN ( '443,6,500,istioctl,a.out,', '443,6,500,ko,a.out,', '443,6,500,kubectl,a.out,', + '443,6,500,python3.10,python3.10,', '443,6,500,Python,org.python.python,', '443,6,500,Reflect,app.reflect.ReflectDesktop,Developer ID Application: Reflect App, LLC (789ULN5MZB)', '443,6,500,Reflect Helper,app.reflect.ReflectDesktop,Developer ID Application: Reflect App, LLC (789ULN5MZB)', @@ -123,13 +130,13 @@ AND NOT exception_key IN ( '443,6,500,steam_osx,com.valvesoftware.steam,Developer ID Application: Valve Corporation (MXGJJ98X76)', '443,6,500,terraform,terraform,Developer ID Application: Hashicorp, Inc. (D38WU7D763)', '443,6,500,vim,vim,', - '443,6,0,nessusd,nessusd,Developer ID Application: Tenable, Inc. (4B8J598M7U)', '443,6,500,zsh,com.apple.zsh,Software Signing', '80,6,0,com.apple.MobileSoftwareUpdate.UpdateBrainService,com.apple.MobileSoftwareUpdate.UpdateBrainService,Software Signing' + ) AND NOT (p.name = 'syncthing' AND (remote_port IN (53,80,88,110,443,587,993,3306,7451) OR remote_port > 8000)) -AND NOT (p.name IN ('Google Chrome Helper','Brave Browser Helper', 'Chromium Helper', 'Opera Helper') AND remote_port IN (53,443,80,8009,8080,8888,8443,5228,32211,53,10001,3478,19305,19306,19307,19308,19309)) +AND NOT (p.name IN ('Google Chrome Helper','Brave Browser Helper', 'Chromium Helper', 'Opera Helper') AND remote_port IN (53,443,80,8009,8080,8888,8443,5228,32211,53,10001,3478,19305,19306,5004,9000,19307,19308,19309)) AND NOT (p.name IN ('Mail', 'thunderbird', 'Spark', 'Notes') AND remote_port IN (53,143,443,587,465,585,993)) AND NOT (p.name IN ('Spotify Helper', 'Spotify') AND remote_port IN (53,443,8009,4070,32211)) AND NOT (remote_port IN (53,443) AND p.name LIKE 'terraform-provider-%') diff --git a/process/low_start_time_ctime_delta.sql b/process/low_start_time_ctime_delta.sql index 7f2792f..1400d55 100644 --- a/process/low_start_time_ctime_delta.sql +++ b/process/low_start_time_ctime_delta.sql @@ -32,6 +32,7 @@ WHERE p.start_time > 0 '/usr/sbin/tailscaled' ) AND NOT p.path LIKE "/Applications/%.app/%" + AND NOT p.path LIKE "/private/var/folders/%/bin/istioctl" AND NOT p.path LIKE "/usr/local/kolide-k2/bin/osqueryd-updates/%/osqueryd" AND NOT p.path LIKE "/private/var/folders/%/go-build%/exe/%" AND NOT p.path LIKE "/nix/store/%/bin/%" diff --git a/process/missing-from-disk-linux.sql b/process/missing-from-disk-linux.sql index 96849ab..ea7747c 100644 --- a/process/missing-from-disk-linux.sql +++ b/process/missing-from-disk-linux.sql @@ -24,6 +24,7 @@ AND p.path NOT IN ( "/usr/bin/fusermount3", "/usr/bin/gjs-console", "/usr/bin/gnome-shell", + '/usr/lib/gnome-shell-calendar-server', "/usr/bin/kded5", "/usr/bin/pipewire-pulse", "/usr/bin/tailscaled", diff --git a/process/name_path_mismatch.sql b/process/name_path_mismatch.sql index c741444..e5ee132 100644 --- a/process/name_path_mismatch.sql +++ b/process/name_path_mismatch.sql @@ -27,25 +27,38 @@ FROM processes p LEFT JOIN hash AS phash ON pp.path = phash.path WHERE short_filename != short_name AND NOT cmd LIKE "/nix/store/%/bin/bash%" + +-- Serial masqueraders +AND NOT short_filename IN ( + 'bash', + 'ruby', + 'python', + 'python3' +) + AND exception_key NOT IN ( 'name=(sd-pam),file=systemd,500', 'name=chrome-gnome-s,file=python3,500', 'name=code-oss,file=electron,500', 'name=firefox-wrappe,file=firefox,500', + 'name=blueman-tray,file=python3,500', 'name=firewalld,file=python3,0', 'name=gjs,file=gjs-console,500', 'name=gnome-tweak-to,file=python3,500', 'name=gsettings-hel,file=gsettings-help,500', 'name=Isolated,file=firefox,500', + 'name=sd_espeak-ng-m,file=sd_espeak-ng,500', 'name=mysqld,file=mariadbd,500', 'name=networkd-dispa,file=python3,0', 'name=nix-daemon,file=nix,0', 'name=npm,file=node,500', 'name=osqueryi,file=osqueryd,500', + 'name=blueman-applet,file=python3,500', 'name=phpstorm,file=dash,500', 'name=Privileged,file=firefox,500', 'name=RDD,file=firefox,500', 'name=sh,file=dash,0', + 'name=zoom,file=ZoomLauncher,500', 'name=sh,file=dash,500', 'name=Socket,file=firefox,500', 'name=streamdeck,file=python3,500', @@ -53,6 +66,7 @@ AND exception_key NOT IN ( 'name=terminator,file=python3,500', 'name=unattended-upg,file=python3,0', 'name=Utility,file=firefox,500', + 'name=zfs-auto-snaps,file=ruby,0', 'name=Web,file=firefox,500', 'name=WebExtensions,file=firefox,500', 'name=X,file=Xorg,0' diff --git a/process_events/exotic-command-events.sql b/process_events/exotic-command-events.sql index 265fd5f..05b0c20 100644 --- a/process_events/exotic-command-events.sql +++ b/process_events/exotic-command-events.sql @@ -12,7 +12,7 @@ SELECT p.pid, p.syscall, pp.path AS parent_path, pp.name AS parent_name, - p.cmdline AS parent_cmd, + TRIM(p.cmdline) AS parent_cmd, pp.euid AS parent_euid, hash.sha256 AS parent_sha256 FROM uptime, process_events p @@ -39,7 +39,7 @@ WHERE p.time > (strftime('%s', 'now') -15) -- Known attack scripts OR basename LIKE '%pwn%' - OR cmd LIKE '%attack%' + OR basename LIKE '%attack%' -- Unusual behaviors OR cmd LIKE '%ufw disable%' OR cmd LIKE '%iptables -P % ACCEPT%' @@ -87,32 +87,18 @@ WHERE p.time > (strftime('%s', 'now') -15) ) AND NOT ( p.path IN ('/usr/bin/kmod', '/bin/kmod') - AND parent_name IN ('firewalld') + AND parent_name IN ('firewalld','mkinitramfs') ) AND NOT ( p.path IN ('/usr/bin/kmod', '/bin/kmod') AND uptime.total_seconds < 15 ) - -- gpgtools - AND NOT ( - p.path = '/usr/bin/mkfifo' - AND cmd LIKE '%/org.gpgtools.log.%/fifo' - ) - -- Dropbox - AND NOT ( - parent_name = 'Dropbox' - AND cmd LIKE 'csrutil status' - ) - - -- Docker, kube-proxy - AND NOT ( - p.path IN ('/usr/bin/kmod', '/bin/kmod') - AND parent_name IN ('dockerd', 'kube-proxy') - ) + AND NOT (p.path = '/usr/bin/mkfifo' AND cmd LIKE '%/org.gpgtools.log.%/fifo') + AND NOT (cmd LIKE '%csrutil status' AND parent_name IN ('Dropbox')) + AND NOT (cmd='/usr/bin/csrutil status' AND p.parent=-1) + AND NOT (p.path IN ('/usr/bin/kmod', '/bin/kmod') AND parent_name IN ('dockerd', 'kube-proxy')) AND NOT cmd LIKE 'modprobe -va%' AND NOT cmd LIKE 'modprobe -ab%' AND NOT cmd LIKE '%modprobe overlay' AND NOT cmd LIKE '%modprobe aufs' - AND NOT cmd IN ( - 'lsmod' - ) \ No newline at end of file + AND NOT cmd IN ('lsmod') \ No newline at end of file diff --git a/startup/unexpected-active-systemd-units.sql b/startup/unexpected-active-systemd-units.sql index 56de8b3..708ce57 100644 --- a/startup/unexpected-active-systemd-units.sql +++ b/startup/unexpected-active-systemd-units.sql @@ -19,15 +19,10 @@ WHERE active_state != "inactive" ) AND ( exception_key IN ( - "systemd-hostnamed.service,Hostname Service,uid=,,sz=1205,eb16153c65d8a65fe001071e6270ee76fecb4fc6c19b8a7c0590f6ce9a873a99", - "anacron.service,Run anacron jobs,uid=,,sz=776,87d260ea7cc447dd052c131106749df24f0bdfb746a1ea3b893e107517b629e6", - "NetworkManager-dispatcher.service,Network Manager Script Dispatcher Service,uid=,,sz=637,77f8c9e7b0c5d1cd097454d201cdceaefbcb9fdc2557fb9c1ddef0b4ff02f04e", - "geoclue.service,Location Lookup Service,uid=geoclue,,sz=464,d9e1a7eced6193866f048ce9de97809d5f2896e1e3f15d559710bb87d50a054a", - "fprintd.service,Fingerprint Authentication Daemon,uid=,,sz=896,a30798db998d8f2f9d9b583bb266e23bce083154214b7b78b19fdd33ee6b7e25", + "abrtd.service,ABRT Automated Bug Reporting Tool,uid=,,sz=469,85f5425b015db6b09e8931e290c62428d21159ad6e2d47e3a7cdb3b9dc1e058e", "abrt-journal-core.service,Creates ABRT problems from coredumpctl messages,uid=,,sz=226,184d8a87f2d47ddece07cde34817c7534068f2afb7cd2d33815b9283d2fd878a", "abrt-oops.service,ABRT kernel log watcher,uid=,,sz=233,998d6cfa2884de1d94da25b330b5f62dc21b8d77c88eca09299942c735c9f743", "abrt-xorg.service,ABRT Xorg log watcher,uid=,,sz=231,873cfba658136c028eebe49d0dfaee947c9724baf4e0814486b39c1474d4e058", - "abrtd.service,ABRT Automated Bug Reporting Tool,uid=,,sz=469,85f5425b015db6b09e8931e290c62428d21159ad6e2d47e3a7cdb3b9dc1e058e", "accounts-daemon.service,Accounts Service,uid=,,sz=1985,71c667ab63b92b0c0cab646310561e7b8c97d8ef23dbeff766419b9b197a9705", "accounts-daemon.service,Accounts Service,uid=,,sz=1990,5be07366f5df8e91a0da8ca37552f36dfee0c1da8a042fd519b8e6d8d046b3cd", "accounts-daemon.service,Accounts Service,uid=,,sz=2178,154251d7d41f91bd3b5711a4b130d2531ee87f11551ccad130ff1e22df98b323", @@ -41,14 +36,16 @@ WHERE active_state != "inactive" "alsa-restore.service,Save/Restore Sound Card State,uid=,,sz=613,ad47562bf39044547594b9cb306804820c0a53ae4dda2d2279bd5de4627fe946", "alsa-state.service,Manage Sound Card State (restore and store),uid=,,sz=465,f8452094c7ec5b6dc9ed3f00195efd29562af7617b3d2bc02647da70089812d3", "alsa-store.service,Store Sound Card State,uid=,,sz=1208,47c0875cb666da1a4157bbf18e513c217cbd1d827efd389655a45017b28db935", + "anacron.service,Run anacron jobs,uid=,,sz=776,87d260ea7cc447dd052c131106749df24f0bdfb746a1ea3b893e107517b629e6", "anacron.timer,Trigger anacron every hour,uid=,,sz=154,13cce6a72c725a65ab440b38241bd8f6683b2a4a38f559ba9cad6ecde56f84a6", + "apcupsd.service,APC UPS Power Control Daemon for Linux,uid=,,sz=304,f850d7b28c52186b351ae89d1ec8f68ccd972155e618a0b23a2e3a1f620c6c37", "apparmor.service,Load AppArmor profiles,uid=,,sz=1162,02c4d752e9f13dde845cab6c067a790c7af61b3c414b82781d29881a37ec5e19", "apport.service,LSB: automatic crash report generation,uid=,/etc/init.d/apport,sz=518,8b8d235c366ae9b433af073c5a813e3465e0d6c66e3f398ba73095c9f6d33363", - "apt-daily-upgrade.timer,Daily apt upgrade and clean activities,uid=,,sz=184,b804d7bab8eb41202384f9270e25d5383346ace8b3d7c4f5029c150638d77bcd", "apt-daily.timer,Daily apt download activities,uid=,,sz=156,0075e974af4e3a94757e219ba50ccb8348d4d1a8834d938f6cc9b1f4fd1db4e5", + "apt-daily-upgrade.timer,Daily apt upgrade and clean activities,uid=,,sz=184,b804d7bab8eb41202384f9270e25d5383346ace8b3d7c4f5029c150638d77bcd", "archlinux-keyring-wkd-sync.timer,Refresh existing PGP keys of archlinux-keyring regularly,uid=,,sz=176,407a73b906ae0c5f067fa2dc8eb53bdea481e5d47bc09c7dd46acac60792288f", - "audit.service,Kernel Auditing,uid=,,sz=1281,86c98bd2414533f8b12718d04a6aff56dd007443e3928052d815c2341639141b", "auditd.service,Security Auditing Service,uid=,,sz=1700,de2fd0b124efcd46a077eedefe8e137e6c36b7773aab4194147c7b6fca947299", + "audit.service,Kernel Auditing,uid=,,sz=1281,86c98bd2414533f8b12718d04a6aff56dd007443e3928052d815c2341639141b", "avahi-daemon.service,Avahi mDNS/DNS-SD Stack,uid=,,sz=1042,24157f554fc3dd760f4b3715345c1385d09ad4b12687cae6cc715c2b2d5222b7", "avahi-daemon.service,Avahi mDNS/DNS-SD Stack,uid=,,sz=1044,2e8784f74603b0e7b03147eada1f1f8ec190fdef0c3fa1041201ac71ac2c0a7d", "avahi-daemon.socket,Avahi mDNS/DNS-SD Stack Activation Socket,uid=,,sz=870,53aa111dadc10bba319e0346e399c607a80ae6ffcded55f3cd3102c6d71995b0", @@ -67,8 +64,8 @@ WHERE active_state != "inactive" "colord.service,Manage, Install and Generate Color Profiles,uid=colord,,sz=295,06e271b1e8bfe1aa89800f1188470ce7a5725e73faf4be877f48785e30766fa9", "console-setup.service,Set console font and keymap,uid=,,sz=312,50a0af31bcdcd939ad7e3f2ddfcee04e82313c5d6a8d2ed47f23dfdc1f9f2bfd", "containerd.service,containerd container runtime,uid=,,sz=1264,cd953d771009d8a483a50ce7ccaf2a85375100d616e4491cd2b51e6511ae9a33", - "cron.service,Regular background program processing daemon,uid=,,sz=319,cb16493193f2340eb19705251c90de3b6574b18b77c90a63b0f6326353bbc416", "cronie.service,Periodic Command Scheduler,uid=,,sz=194,ac3ff3c8a5ce1b6367b06877b4b12ff74e7f18a3c510fb9f80d6ea6b6321e3b1", + "cron.service,Regular background program processing daemon,uid=,,sz=319,cb16493193f2340eb19705251c90de3b6574b18b77c90a63b0f6326353bbc416", "cryptsetup.target,Local Encrypted Volumes,uid=,,sz=420,a6acf535dd967c951bab7d1df42004405167603ffbbd4cf7bf84cb6b8c868e00", "cups-browsed.service,Make remote CUPS printers available locally,uid=,,sz=278,325d5f1ca64505de37d9dcee1483c681a9f6d5dc7a093df014e0ec52369978ff", "cups.path,CUPS Scheduler,uid=,,sz=142,e6af6227af7ce780492e663b74971942c27a0a86a9562b790e9cdcb1e4ae38a4", @@ -98,10 +95,12 @@ WHERE active_state != "inactive" "dpkg-db-backup.timer,Daily dpkg database backup timer,uid=,,sz=138,53f7ed8aadfaf61d9decda9565b65f68d5b5a66be4ee8f87741e47163839b4a6", "dracut-shutdown.service,Restore /run/initramfs on shutdown,uid=,,sz=503,b8ba6c13fb9b792280fe8ad0e51009cb93985e5693090021fb37b550f891ef67", "e2scrub_all.timer,Periodic ext4 Online Metadata Check for All Filesystems,uid=,,sz=251,23f20fb6edc9fd54bf4754ef4311f88cba45ba65c6aecfa1885e8fb99531c211", - "firewall.service,Firewall,uid=,,sz=1537,fada35bd9561ca881bd783193ca24b90777f057ce146d4ff77e5dd4edd9b1d1f", "firewalld.service,firewalld - dynamic firewall daemon,uid=,,sz=670,99c175aa55489548d4a867bb5119082a502abe8dabe5fdf0f9c00a6d2ed2ecb1", "firewalld.service,firewalld - dynamic firewall daemon,uid=,,sz=674,60f9f917ff88bd768a0772f0872f039dc8e7790e15442280249a07c30b1bb8bf", + "firewall.service,Firewall,uid=,,sz=1537,fada35bd9561ca881bd783193ca24b90777f057ce146d4ff77e5dd4edd9b1d1f", "flatpak-system-helper.service,flatpak system helper,uid=,,sz=259,0bb869432de99daa07a86d87513cd0384240c5e5f8f4d855705bb2a2d2b3ac28", + "fprintd.service,Fingerprint Authentication Daemon,uid=,,sz=896,a30798db998d8f2f9d9b583bb266e23bce083154214b7b78b19fdd33ee6b7e25", + "fprintd.service,Fingerprint Authentication Daemon,uid=,,sz=900,75f7d0575d982d37e3e10510688180a5ac6abf64a95aa0e70f25404516214ec7", "fstrim.timer,Discard unused blocks once a week,uid=,,sz=270,b15bcc0d8fc3698701087264a834bc6c495780ed27b68e0a8e3eb10d02bef74a", "fwupd-refresh.service,Refresh fwupd metadata and update motd,uid=fwupd-refresh,,sz=404,971a86aa36c9b11c45fc5fb7b2ed17037240d1c2956517e01452262ebb64d080", "fwupd-refresh.timer,Refresh fwupd metadata regularly,uid=,,sz=194,84597cdd8c589cf5632e7d9a5f04fc122b8678cc1d7e58d8b5cb9b531987f6f9", @@ -110,6 +109,7 @@ WHERE active_state != "inactive" "gdm.service,GNOME Display Manager,uid=,,sz=855,277ab2f09ac40921a82fd1738a841624a063162f3802fa1ee2ad3d6c7e3828cf", "gdm.service,GNOME Display Manager,uid=,,sz=919,118a20990ac2a81dbfd41960540c7f687a83357be241423a55cc85893675a11f", "gdm.service,GNOME Display Manager,uid=,,sz=982,fd99a9bfde5a9034c4048abbe653375f120399a64baa246864117462c1cf8bdb", + "geoclue.service,Location Lookup Service,uid=geoclue,,sz=464,d9e1a7eced6193866f048ce9de97809d5f2896e1e3f15d559710bb87d50a054a", "geoclue.service,Location Lookup Service,uid=geoclue,,sz=468,7875489641c9bf6cff18e89795770c72c645a856ba662e53cdc324d59d700cbb", "getty-pre.target,Preparation for Logins,uid=,,sz=517,58bf84c84520850ed138e794f8618b9843d28eb00f58e7094b2ab17b047d69d7", "getty.target,Login Prompts,uid=,,sz=508,5a6c2e59b3cebc31f3c13e8814b454709de3b4b074c7055afb5de2b8d417764f", @@ -136,12 +136,12 @@ WHERE active_state != "inactive" "lightdm.service,Light Display Manager,uid=,,sz=340,0db37a14521be729411a767f157fbd07adb738b14006277def53a1efe4dacfb8", "livesys-late.service,SYSV: Late init script for live image.,uid=,/etc/rc.d/init.d/livesys-late,sz=503,2bcdf96ee5f52cd009050e85a5a01329948d2ce8e22bd9fa2c4febb70d3d7e53", "livesys.service,LSB: Init script for live image.,uid=,/etc/rc.d/init.d/livesys,sz=564,73ba2baea0e7ad5474021873824b24af51b8980aec7866514e53c6eb563d2a81", + "lm_sensors.service,Initialize hardware monitoring sensors,uid=,,sz=328,be946f218205e4a571510fe3b3757ed3ba7df9390fe7c28fd6d30d94604021b5", "local-fs-pre.target,Preparation for Local File Systems,uid=,,sz=453,4190c957c05d5b97b3f2f662504b65cbdc7398668850eb82a715af073a57d6e3", "local-fs.target,Local File Systems,uid=,,sz=555,8e68c22028464594411371ee35f8a17a0f65cbd86a718e789debbddb5b487075", "logrotate-checkconf.service,Logrotate configuration check,uid=,,sz=1103,b1282b3635284c74f169e69657702db7977064d7e921aefbfe40df2f934567a5", "logrotate.timer,Daily rotation of log files,uid=,,sz=191,42f723dc5d90247a5fda11a3358d1a67eccceed856192b2264aa222d6aa240f4", "logrotate.timer,logrotate.timer,uid=,,sz=35,8fb3eea4c97504abd8d07ffdffce20a401ea20f1bde8f950af983d325e60d624", - "systemd-hostnamed.service,Hostname Service,uid=,,sz=1189,8bf6dd3e80f80ca8d2fa5c4fe91ea90e8815d488e8eee22484b342fa9cde8e9e", "low-memory-monitor.service,Low Memory Monitor,uid=,,sz=688,5f9c54f5c59887c3c880619adfc001e3cc2611bd620618a792f5af9317775fc5", "lvm2-lvmpolld.socket,LVM2 poll daemon socket,uid=,,sz=205,cd708269dbea00ec075b7f2be6c4fcfa03086f1728e199972d1f9dd63ecad23f", "lvm2-lvmpolld.socket,LVM2 poll daemon socket,uid=,,sz=239,a9c45602d9bc5f14583d7dfb27c3db6d3f07ae99dbc455e59bceaf401d446bce", @@ -161,17 +161,19 @@ WHERE active_state != "inactive" "motd-news.timer,Message of the Day,uid=,,sz=161,f18dbd0f64344440d7d6e8f1ff302d26fe383921be2a3f13948a8e2e2545ee58", "mount-pstore.service,mount-pstore.service,uid=,,sz=1158,d24afb3d403a2196f7da07a655158d13ccd3d2f03baeb09667cd9146f08d2f8a", "multi-user.target,Multi-User System,uid=,,sz=540,e73d44a251ac878da0ca66ec437e3890345fec9684ff1374c57e012b95266b7f", + "networkd-dispatcher.service,Dispatcher daemon for systemd-networkd,uid=,,sz=258,bf1d13d1ea39069d0d0b87fd4254283b2c3443737d1eeec4f6a908ad2883bd5a", "network-interfaces.target,All Network Interfaces (deprecated),uid=,,sz=132,e71200dad50e28e5e2fe4e0fd0980a0353401ef5085bf7413748ced7773654d0", "network-local-commands.service,Extra networking commands.,uid=,,sz=1338,32d01f7dcf0937514754040d6caad04bc82976934bc7a214767cbe97dc165658", + "NetworkManager-dispatcher.service,Network Manager Script Dispatcher Service,uid=,,sz=637,77f8c9e7b0c5d1cd097454d201cdceaefbcb9fdc2557fb9c1ddef0b4ff02f04e", + "NetworkManager-dispatcher.service,Network Manager Script Dispatcher Service,uid=,,sz=652,88abd15e8cfe1f09f7cc4eb23561b86a14b6b56a13ed847f77c7e03cb27b8a39", + "NetworkManager.service,Network Manager,uid=,,sz=1335,5a9ddd4d9e74f83002654342df18c5e0b4da2d3ea14f40354a3cb4963560de2b", + "NetworkManager.service,Network Manager,uid=,,sz=1336,0d96ab7fdbde8be2dec1cf85ec83ac9ca544752eefa0bd9136817bd24b8c4c22", + "NetworkManager.service,Network Manager,uid=,,sz=1351,80774cebda3cd3d513be7629f3fa13e4eaadf17a1c61868b6ec60097e5600c5b", + "NetworkManager-wait-online.service,Network Manager Wait Online,uid=,,sz=1148,766569bd7420fab7af4e601c545311e34f71eb068dde6f94efcab32d8868e183", "network-online.target,Network is Online,uid=,,sz=513,ab7df736648ba1b6c96841ca1007d657d1a74567b289dc33aae538601cb1454f", "network-pre.target,Preparation for Network,uid=,,sz=520,01edbbdc0302bddd2ded161737f8cede5c9ec3110f451897658514498e59ea4c", "network-setup.service,Networking Setup,uid=,,sz=1392,6a9633d2dbb4fd0cb8efc3dd1aec5a02a2f00c824bc7dcaff6cc6eb93ad22ada", "network.target,Network,uid=,,sz=529,0892f909898180ef5e73eef882b24e74da67bd59bf9083cda1bb2251b6973114", - "networkd-dispatcher.service,Dispatcher daemon for systemd-networkd,uid=,,sz=258,bf1d13d1ea39069d0d0b87fd4254283b2c3443737d1eeec4f6a908ad2883bd5a", - "NetworkManager-wait-online.service,Network Manager Wait Online,uid=,,sz=1148,766569bd7420fab7af4e601c545311e34f71eb068dde6f94efcab32d8868e183", - "NetworkManager.service,Network Manager,uid=,,sz=1335,5a9ddd4d9e74f83002654342df18c5e0b4da2d3ea14f40354a3cb4963560de2b", - "NetworkManager.service,Network Manager,uid=,,sz=1336,0d96ab7fdbde8be2dec1cf85ec83ac9ca544752eefa0bd9136817bd24b8c4c22", - "NetworkManager.service,Network Manager,uid=,,sz=1351,80774cebda3cd3d513be7629f3fa13e4eaadf17a1c61868b6ec60097e5600c5b", "nfs-client.target,NFS client services,uid=,,sz=433,72fb2c60b15cc958be12528851acfc69314dbe3246dc4044f2d874ab502ac3d3", "nginx.service,Nginx Web Server,uid=nginx,,sz=2467,a25811687cc1b0370a1c4b75321ac497e6b8b099a0bef96e7a12f83c2aa62655", "nix-daemon.service,Nix Daemon,uid=,,sz=410,42674a1b26e27fb05212ed2a7a6bc18f81e482f2a58dd1eb71bba84522c04922", @@ -225,6 +227,7 @@ WHERE active_state != "inactive" "snapd.socket,Socket activation for snappy daemon,uid=,,sz=281,7703ac622bd6d863bfbf1385d4c0bd9c80b97c0a12af92174879b0aa1cfd1ec2", "sockets.target,Socket Units,uid=,,sz=409,de07df26397e3890db1d52274aa5abeae3ac849aa923fe0d7b4f8652eadb6877", "sound.target,Sound Card,uid=,,sz=428,52c92b8cc874b85fc6fca72947ef210f9d02d46368ecfc1f98700f59ad529468", + "sshd.service,OpenSSH Daemon,uid=,,sz=250,e40f8b7c8e5e2ecf3084b3511a6c36d5b5c9f9e61f2bb13e3726c71dc7d4fbc7", "sshd.service,SSH Daemon,uid=,,sz=1609,5b4e6d255fe49f9500b857029ace4d17114c4076e101e1f4f70241071026ceaf", "sssd-kcm.service,SSSD Kerberos Cache Manager,uid=,,sz=427,3285dc79414d20324f05a26011e1a300f43863d2f459668721fb15d7585c88d5", "sssd-kcm.socket,SSSD Kerberos Cache Manager responder socket,uid=,,sz=182,b884b8794ad8a0513075eaf09028a17d370dcf6d6a89cbfe6e87f67766dabf77", @@ -234,8 +237,8 @@ WHERE active_state != "inactive" "sysinit.target,System Initialization,uid=,,sz=566,127cf76cb13ab39dc7150c3f7a3224b7ee15d05cf1a303cd793b1abb294d0120", "syslog.socket,Syslog Socket,uid=,,sz=1415,78fc9f6b50902378345ffc4d5e2ffd50a5119932625d0c6f5c7324b0c4005bdf", "sysstat-collect.timer,Run system activity accounting tool every 10 minutes,uid=,,sz=325,488ca93448ac0ed2dc4f90236f436fb26c07a4841648987d730a4c09d57616f5", - "sysstat-summary.timer,Generate summary of yesterday's process accounting,uid=,,sz=356,bf3fc94dd3ae29166cf67c09fa1a860eacaacb085ebea4c23b2dc8dd4690bae6", "sysstat.service,Resets System Activity Logs,uid=root,,sz=475,f8b3354becd7e66dde0e3d9cf220747b98c792a93be03eada0c6807d9491e345", + "sysstat-summary.timer,Generate summary of yesterday's process accounting,uid=,,sz=356,bf3fc94dd3ae29166cf67c09fa1a860eacaacb085ebea4c23b2dc8dd4690bae6", "systemd-ask-password-console.path,Dispatch Password Requests to Console Directory Watch,uid=,,sz=727,f3fc9dd4c30df9b806b940061fe79a3d1bfe3781d6a09cebbf1da0401cef52bf", "systemd-ask-password-plymouth.path,Forward Password Requests to Plymouth Directory Watch,uid=,,sz=454,2462f436adecb860eb11a4dcce6391074b0e0e4bc1b36778692877aea8d7553f", "systemd-ask-password-plymouth.path,Forward Password Requests to Plymouth Directory Watch,uid=,,sz=525,7c49dcef4bc60b8c921dea86317dda64507132d86937bc017a65d8e80e0f99ef", @@ -247,9 +250,10 @@ WHERE active_state != "inactive" "systemd-fsckd.socket,fsck to fsckd communication Socket,uid=,,sz=540,5cbce5a8b5f9391f0d774e259e90408459a2a66e82b99dd33ad9bdb52087bf49", "systemd-homed-activate.service,Home Area Activation,uid=,,sz=645,4f816a2918cc824b4c878e129461db1809f730be2ab337ed052206e35a570c8e", "systemd-homed.service,Home Area Manager,uid=,,sz=1346,a07b2c38c7f733b97bceebe1c77daab82f98cc5399a0028ff3539e7675628ee6", + "systemd-hostnamed.service,Hostname Service,uid=,,sz=1189,8bf6dd3e80f80ca8d2fa5c4fe91ea90e8815d488e8eee22484b342fa9cde8e9e", + "systemd-hostnamed.service,Hostname Service,uid=,,sz=1205,eb16153c65d8a65fe001071e6270ee76fecb4fc6c19b8a7c0590f6ce9a873a99", "systemd-initctl.socket,initctl Compatibility Named Pipe,uid=,,sz=553,afcb762f3d2bcf4e1f94ac9712fa25016334c854ffd6815ec08cc9cbabfce118", "systemd-journal-catalog-update.service,Rebuild Journal Catalog,uid=,,sz=741,c69d69ed349ca6863130a8a9c3bc781f55c974e589f0d8c41fa8a5a17b51aa7c", - "systemd-journal-flush.service,Flush Journal to Persistent Storage,uid=,,sz=819,153bf7052c1ab54f38762102dfae171b801add553364336020a5034102d91149", "systemd-journald-audit.socket,Journal Audit Socket,uid=,,sz=655,d260e31cb9fe659dd5ba7ffd8981f40f5bcd4dc819d3cf66a4bee2b128b689c4", "systemd-journald-audit.socket,Journal Audit Socket,uid=,,sz=694,2c6e0f03250c09114aa7a137b513c0c17d4361badaa1f822d87e6c57779e7f44", "systemd-journald-dev-log.socket,Journal Socket (/dev/log),uid=,,sz=1154,fd449ae03beeebab53ad75f70cba4c4d0080fe52ad5003cae9fb55c7381290e2", @@ -258,6 +262,8 @@ WHERE active_state != "inactive" "systemd-journald.service,Journal Service,uid=,,sz=1820,42df40d2c4c44c312642542d1cdca697ada2b402baeea8611bde9ec045a2a020", "systemd-journald.service,Journal Service,uid=,,sz=1869,9afb303d61342e3efaa2527d92fb70d0b32b9584bda92c939647f8468d31246b", "systemd-journald.socket,Journal Socket,uid=,,sz=906,c17504f4c86653882070215fc089a610f69d8149e1860b92e439b008cce3f1d1", + "systemd-journal-flush.service,Flush Journal to Persistent Storage,uid=,,sz=819,153bf7052c1ab54f38762102dfae171b801add553364336020a5034102d91149", + "systemd-localed.service,Locale Service,uid=,,sz=1209,c15244cfb7f6a967b002653d169b4e63ad332675f16b3a1cabc9cf58fc3b21ee", "systemd-logind.service,User Login Management,uid=,,sz=2002,32fe4938115583aae1dc7029109dea05baa217e765da49c47d46c953abdd3968", "systemd-logind.service,User Login Management,uid=,,sz=2018,c4f403fc9d9e047065725650aa460365afc632f6f56a9814f57f412dd0112d02", "systemd-logind.service,User Login Management,uid=,,sz=2071,d581e6b8a24585e5d4fbb21bd8464abadf9ca473c9d9b3ab0820d182ba1a3e47", @@ -291,30 +297,30 @@ WHERE active_state != "inactive" "systemd-tmpfiles-setup-dev.service,Create Static Device Nodes in /dev,uid=,,sz=747,eb14a74c287994d145389f25032bcfec8dc7ee610e38c984a43945209bae2ce8", "systemd-tmpfiles-setup.service,Create Volatile Files and Directories,uid=,,sz=787,e130f6a582f1ef16c6d35e918e6bd1a73a0513b807a918a9c5dcef2e6c9bc45c", "systemd-tmpfiles-setup.service,Create Volatile Files and Directories,uid=,,sz=814,7987843104d68fd7dec2d7fccd544fdfdff84cb533447d3da633439046bd02f9", - "systemd-udev-settle.service,Wait for udev To Complete Device Initialization,uid=,,sz=863,363f7496d0613fd14f020629e7057f54afe84c9c6d2b4d94153ac09f0aee8f5c", - "systemd-udev-trigger.service,Coldplug All udev Devices,uid=,,sz=752,59e381905530d776758d2ed936342cdc335a7c6ba07a34d2549e0d61da541c85", - "systemd-udev-trigger.service,Coldplug All udev Devices,uid=,,sz=763,62938df7c72dda0015db2747b112f9c9dc3e31b952eecc94f6aae9cbd2631b27", "systemd-udevd-control.socket,udev Control Socket,uid=,,sz=650,7a5b56d487ff00b50c8e1cd73cdec138136f54da3e333f077e5398b5b61408b5", "systemd-udevd-kernel.socket,udev Kernel Socket,uid=,,sz=624,42c2c6e0b77dd66b1bd885cd5c2cc82191662738c1e565950fcff3deabdcaa56", "systemd-udevd.service,Rule-based Manager for Device Events and Files,uid=,,sz=1282,97a2c647997bc43e6200aecdb537d5a33d19ba6efe3e319e63be9706fbf36c0c", "systemd-udevd.service,Rule-based Manager for Device Events and Files,uid=,,sz=1301,d28df830235ec1060f955502d1631d1816a058dfc8be5e36e1859e9cab13f0a3", "systemd-udevd.service,Rule-based Manager for Device Events and Files,uid=,,sz=1331,708fe7ee7ceecfae134bbd0dc50b378f9410cbd3cbe562c845db5cc508ac5245", "systemd-udevd.service,Rule-based Manager for Device Events and Files,uid=,,sz=1384,0ddffa5d779c8872396a1c9d126d6730a013f65464061a37e36c1922b7b241f0", + "systemd-udev-settle.service,Wait for udev To Complete Device Initialization,uid=,,sz=863,363f7496d0613fd14f020629e7057f54afe84c9c6d2b4d94153ac09f0aee8f5c", + "systemd-udev-trigger.service,Coldplug All udev Devices,uid=,,sz=752,59e381905530d776758d2ed936342cdc335a7c6ba07a34d2549e0d61da541c85", + "systemd-udev-trigger.service,Coldplug All udev Devices,uid=,,sz=763,62938df7c72dda0015db2747b112f9c9dc3e31b952eecc94f6aae9cbd2631b27", "systemd-update-done.service,Update is Completed,uid=,,sz=682,5196e3618c02428ed18585ea31fe44574d421b5663bf12ce4e987697d117df62", "systemd-update-done.service,Update is Completed,uid=,,sz=735,f87cf6c3cfa851d0515d6a17413b34be75df9617ca75172a5d946d64f2315229", "systemd-update-utmp.service,Record System Boot/Shutdown in UTMP,uid=,,sz=799,6f5b2af992dc06e0104bfb6129f414b46c9f6b52513ab81f5bf80c8980b8b454", "systemd-update-utmp.service,Record System Boot/Shutdown in UTMP,uid=,,sz=807,5a0d8833f798d7388c266c26bf36c8413564e70004717742ad6e7e04a66db4c7", "systemd-update-utmp.service,Record System Boot/Shutdown in UTMP,uid=,,sz=913,6cfb271b6213c4f49e56b90da022d6c463e66a644b3df73c8fb64bc60e797f18", + "systemd-userdbd.service,User Database Manager,uid=,,sz=1171,8245c4c113ac234e412efdb740a662a9db6c67605d65090c878280fd37a51278", + "systemd-userdbd.socket,User Database Manager Socket,uid=,,sz=691,3a81e9864f20bcb4c117bf78a7ecdfdbdd9035577616b83fec4f4d0af1231fa3", "systemd-user-sessions.service,Permit User Sessions,uid=,,sz=647,d3eacc48c36549ed292d8306bf50a00a68eea875eb906015759f55a8fdec722a", "systemd-user-sessions.service,Permit User Sessions,uid=,,sz=655,e6680d505aefa23436ede13f05eba3ca7bc41531cc5f56c20efb340804a088de", "systemd-user-sessions.service,Permit User Sessions,uid=,,sz=761,6413bab69c823859ad2781112bbd8ae29da61a713c5b42ce7a00c0f9686e2ecc", - "systemd-userdbd.service,User Database Manager,uid=,,sz=1171,8245c4c113ac234e412efdb740a662a9db6c67605d65090c878280fd37a51278", - "systemd-userdbd.socket,User Database Manager Socket,uid=,,sz=691,3a81e9864f20bcb4c117bf78a7ecdfdbdd9035577616b83fec4f4d0af1231fa3", "systemd-vconsole-setup.service,Setup Virtual Console,uid=,,sz=650,75791d21fa1a10d7d60c2eab1704d3e9adc109831819d1fbfaa1807310982015", "tailscaled.service,Tailscale node agent,uid=,,sz=674,c5fa76fa23a0cd08fcdd447477858feafec2e0ac9bfe5f271d978af818d9ab76", "tailscaled.service,Tailscale node agent,uid=,,sz=799,23423df7585fe927981664b706993fbf7ffb6d14267f32c5e039f348c6961be7", - "time-set.target,System Time Set,uid=,,sz=434,1dd72c1869b02dd88b836b6d426cc19dafcbc1fd76f6afb8e53ad3e068e4007f", "timers.target,Timer Units,uid=,,sz=458,c0ef1e24adda9b81ca8439a6a4060aeb730fbc3abf55e07e59852911cf523aa6", + "time-set.target,System Time Set,uid=,,sz=434,1dd72c1869b02dd88b836b6d426cc19dafcbc1fd76f6afb8e53ad3e068e4007f", "tlp.service,TLP system startup/shutdown,uid=,,sz=501,fb58bcf89c811756aa83af67841bdcf5b6058e8bc4b08a2951ffbd7009218204", "ua-timer.timer,Ubuntu Advantage Timer for running repeated jobs,uid=,,sz=170,64c6be9cf92d35f31ea5e18f140190f49d7050d95a4225f9c50d25a86e5bdc75", "udisks2.service,Disk Manager,uid=,,sz=203,bbf204fb935e0e1b2662b971e7dd5b475038097cb338a8075146d5e611473f23", @@ -322,9 +328,9 @@ WHERE active_state != "inactive" "ufw.service,Uncomplicated firewall,uid=,,sz=333,7b8042cb70b1acd9bbc3a4cf8a08c41700c986d62499b8852113c551cab1082a", "unattended-upgrades.service,Unattended Upgrades Shutdown,uid=,,sz=377,642331d3861bcc5e41342b9b93ad96b1852447d5b10533b9b2988531cfd2860a", "unbound-anchor.timer,daily update of the root trust anchor for DNSSEC,uid=,,sz=346,52832bb5a11045ba390f5ea0933faf1b52f23b6ee91bfd47a159ba734f927139", + "updatedb.timer,Daily locate database update,uid=,,sz=113,94520117a4a2e16b5f2311c406904369d72690b8998c39ee4cf758009fdddbcb", "update-notifier-download.timer,Download data for packages that failed at package install time,uid=,,sz=268,78f01ff5be8b01eee4c438d6a7971dcb9f34687cb75bd0d61f754eb5eb42ad22", "update-notifier-motd.timer,Check to see whether there is a new version of Ubuntu available,uid=,,sz=301,7e5fa1f167ad72cf1bd0421d72ca3017ccb5a62f98d91ec3f9e25efd46c2a9ef", - "updatedb.timer,Daily locate database update,uid=,,sz=113,94520117a4a2e16b5f2311c406904369d72690b8998c39ee4cf758009fdddbcb", "upower.service,Daemon for power management,uid=,,sz=990,a5b48717ff682ae1c8c1c23925cb9d37b1eacc4a22a110bc73958225e7215ccc", "upower.service,Daemon for power management,uid=,,sz=994,c6d300b60a7dd2e9186152b8bc4fd1557ec2977027d0a24b06304d31f6e4124c", "uresourced.service,User resource assignment daemon,uid=,,sz=388,4c09d9ba4055ec4d065f312c531a2f9d3b434f40024143788ac2fa2539abeab8", @@ -364,13 +370,13 @@ WHERE active_state != "inactive" "zfs-snapshot-hourly.timer,zfs-snapshot-hourly.timer,uid=,,sz=50,3d876dbf234e09d8ff1525a20f0af9e40014f2828776fab3f8b946eee138cfc0", "zfs-snapshot-monthly.timer,zfs-snapshot-monthly.timer,uid=,,sz=51,77519e4ae82c232a84437a5e226f65d1bc3fba1b3e5ebf05df33c8eee2d198b0", "zfs-snapshot-weekly.timer,zfs-snapshot-weekly.timer,uid=,,sz=50,f940747ee60b6003820edacb893bc8595463ddaa47b28de75882e8881388f842", - "zfs-volume-wait.service,Wait for ZFS Volume (zvol) links in /dev,uid=,,sz=291,0a9db1010f54f5f7a8883c75a557e5005b73912d2dd0569142abe9df5da64b45", - "zfs-volumes.target,ZFS volumes are ready,uid=,,sz=135,8d4ad63b2a8aeeb3e01361b0cd22440e13b8ebb796f3e313b5c208f0ce04aabe", - "zfs-zed.service,ZFS Event Daemon (zed),uid=,,sz=266,6b0fd1d60282959f9fc1decc8bd9aae4bb2650eee201b3bc741dbe88ba1cc4b8", "zfs.target,ZFS startup target,uid=,,sz=76,04bc085198b464b7a77374472374e099593241f59d7ed2676905e58b62c8d301", + "zfs-volumes.target,ZFS volumes are ready,uid=,,sz=135,8d4ad63b2a8aeeb3e01361b0cd22440e13b8ebb796f3e313b5c208f0ce04aabe", + "zfs-volume-wait.service,Wait for ZFS Volume (zvol) links in /dev,uid=,,sz=291,0a9db1010f54f5f7a8883c75a557e5005b73912d2dd0569142abe9df5da64b45", + "zfs-zed.service,ZFS Event Daemon (zed),uid=,,sz=266,6b0fd1d60282959f9fc1decc8bd9aae4bb2650eee201b3bc741dbe88ba1cc4b8", "znapzend.service,ZnapZend - ZFS Backup System,uid=root,,sz=1723,58e7b27685746368b5bfec27651433c9087b0916531f72f7de1695e0789bdafa", "zpool-trim.timer,zpool-trim.timer,uid=,,sz=50,f940747ee60b6003820edacb893bc8595463ddaa47b28de75882e8881388f842" - ) + ) OR id LIKE 'blockdev@dev-mapper-luks%.target' OR id LIKE 'blockdev@dev-mapper-nvme%.target' OR id LIKE 'dbus-:%-org.freedesktop.problems@0.service'