zira-etc/csf/csf.pignore

###############################################################################
# Copyright 2006-2015, Way to the Web Limited
# URL: http://www.configserver.com
# Email: sales@waytotheweb.com
###############################################################################
# The following is a list of executables (exe) command lines (cmd) and
# usernames (user) that lfd process tracking will ignore.
#
# You must use the following format:
#
# exe:/full/path/to/file
# user:username
# cmd:command line
#
# Or, perl regular expression matching (regex):
#
# pexe:/full/path/to/file as a perl regex[*]
# puser:username as a perl regex[*]
# pcmd:command line as a perl regex[*]
#
# [*]You must remember to escape characters correctly when using regex's, e.g.:
# pexe:/home/.*/public_html/cgi-bin/script\.cgi
# puser:bob\d.*
# pcmd:/home/.*/command\s\to\smatch\s\.pl\s.*
#
# It is strongly recommended that you use command line ignores very carefully
# as any process can change what is reported to the OS.
#
# For more information see readme.txt

#users
user:dovecot
user:dovenull
user:amavis
user:mysql
user:postfix
user:opendkim
user:nobody
user:backuppc
user:sonykss
user:ntp
user:filter
user:munin
user:samba
user:apache
user:named
user:mailnull
user:nginx
user:nagios
user:quagga
user:clamsmtp
user:memcached
user:sslh
user:grafana
user:greensql
user:icinga
user:chrony
user:nrpe
user:onem
user:redis
user:postgrey
user:prosody
user:vampi
user:otrs
user:alex
user:redis
user:rspamd
user:_rspamd
user:netdata
user:postgres
user:sqlgrey
user:polkitd
user:daemon

#executables
exe:/usr/lib/polkit-1/polkitd
exe:/usr/pgsql-11/bin/postgres 
exe:/home/madalin/psybnc/psybnc
exe:/usr/bin/rspamd
exe:/usr/sbin/redis-server
exe:/usr/sbin/chronyd
exe:/usr/sbin/greensql-fw
exe:/usr/sbin/sslh
exe:/usr/bin/memcached
exe:/usr/sbin/clamsmtpd
exe:/usr/sbin/zebra
exe:/usr/sbin/nagios
exe:/usr/sbin/nginx
exe:/usr/sbin/exim
exe:/usr/sbin/named
exe:/usr/sbin/httpd
exe:/usr/sbin/munin-node
exe:/usr/sbin/xinetd
exe:/usr/bin/talk
exe:/usr/sbin/in.ntalkd
exe:/usr/sbin/in.talkd
exe:/usr/sbin/pure-ftpd
exe:/usr/sbin/httpd
exe:/usr/sbin/sshd
exe:/usr/sbin/named
exe:/usr/sbin/exim
exe:/usr/sbin/opendkim
exe:/usr/sbin/amavisd
exe:/usr/share/BackupPC/bin/BackupPC
exe:/usr/share/BackupPC/bin/BackupPC_trashClean
exe:/usr/share/BackupPC/bin/BackupPC_zipCreate
exe:/usr/lib/courier-imap/bin/pop3d
exe:/usr/lib/courier-imap/bin/imapd
exe:/usr/sbin/pure-ftpd
exe:/usr/local/apache/bin/httpd
exe:/usr/sbin/sshd
exe:/usr/sbin/proftpd
exe:/usr/libexec/dovecot/imap
exe:/usr/libexec/dovecot/pop3
exe:/usr/sbin/named
exe:/usr/sbin/ntpd
exe:/usr/bin/dbus-daemon
exe:/usr/sbin/ntpd
exe:/usr/sbin/exim4
exe:/sbin/ntpd
exe:/usr/libexec/dovecot/pop3
exe:/usr/libexec/dovecot/imap
exe:/usr/local/libexec/dovecot/pop3
exe:/usr/local/libexec/dovecot/pop3-login
exe:/usr/local/libexec/dovecot/imap
exe:/usr/local/libexec/dovecot/imap-login
exe:/root/srelay-0.4.8b5/srelay
exe:/usr/sbin/grafana-server
exe:/usr/sbin/postgrey
exe:/usr/bin/ncat
exe:/usr/bin/perl
exe:/usr/sbin/darkstat
exe:/usr/sbin/vsftpd
exe:/usr/bin/monitorix
exe:/opt/gitlab/embedded/postgresql/10/bin/postgres
exe:/usr/bin/newrelic-infra-service
exe:/usr/bin/terraform
exe:/usr/sbin/rngd
exe:/usr/bin/tor

# torsocks
user:toranon

# ipsec
exe:/usr/sbin/xl2tpd
exe:/usr/libexec/ipsec/pluto

# madalin
exe:/usr/bin/scr-bx
exe:/usr/local/bin/muh
exe:/usr/bin/miau
exe:/usr/bin/BitchX-1.2.1

# users
user:dbus

# vampi
user:vampi
user:opendmarc

# wazuh
user:ossec
user:ossece
user:ossecr
user:ossecm
user:wazuh
exe:/var/ossec/bin/ossec-agentd
exe:/var/ossec/bin/ossec-analysisd
exe:/var/ossec/bin/ossec-monitord
exe:/var/ossec/bin/ossec-remoted
exe:/var/ossec/bin/ossec-syscheckd
exe:/var/ossec/bin/ossec-logcollector
exe:/var/ossec/bin/wazuh-modulesd
exe:/var/ossec/bin/ossec-execd
exe:/usr/sbin/squid

user:squid

user:pydio
exe:/home/pydio/cells