Module Contents



Base class for plugins.



Parse the chunk line for line and try to extract as much information from each line as possible.


Splits a comma separated list of package names.


dissect.target.plugins.os.unix.linux.debian.apt.APT_LOG_OPERATIONS = ['Install', 'Reinstall', 'Upgrade', 'Downgrade', 'Remove', 'Purge']
class dissect.target.plugins.os.unix.linux.debian.apt.AptPlugin(target: dissect.target.Target)

Bases: dissect.target.plugin.Plugin

Base class for plugins.

Plugins can optionally be namespaced by specifying the __namespace__ class attribute. Namespacing results in your plugin needing to be prefixed with this namespace when being called. For example, if your plugin has specified test as namespace and a function called example, you must call your plugin with test.example:

A Plugin class has the following private class attributes:

  • __namespace__

  • __record_descriptors__

With the following three being assigned in register():

  • __plugin__

  • __functions__

  • __exports__

Additionally, the methods and attributes of Plugin receive more private attributes by using decorators.

The export() decorator adds the following private attributes

  • __exported__

  • __output__: Set with the export() decorator.

  • __record__: Set with the export() decorator.

The internal() decorator and InternalPlugin set the __internal__ attribute. Finally. args() decorator sets the __args__ attribute.


target – The Target object to load the plugin for.

__namespace__ = 'apt'
LOG_DIR_PATH = '/var/log/apt'
LOG_FILES_GLOB = 'history.*'
check_compatible() None

Perform a compatibility check with the target.

This function should return None if the plugin is compatible with the current target (self.target). For example, check if a certain file exists. Otherwise it should raise an UnsupportedPluginError.


UnsupportedPluginError – If the plugin could not be loaded.

logs() Iterator[dissect.target.plugins.os.unix.packagemanager.PackageManagerLogRecord]

Package manager log parser for Apt.

Apt creates logs that are multiline and therefore requires somewhat complex parsing logic. We create one PackageManagerLogRecord per package and type; the example below hence generates three records.

Example log format:

Start-Date: 2022-09-21  06:48:56
Commandline: /usr/bin/unattended-upgrade
Install: linux-headers-5.4.0-126:amd64 (5.4.0-126.142, automatic),
Upgrade: linux-headers-generic:amd64 (,, libpython3.9-minimal:amd64 (3.9.5-3ubuntu0~20.04.1, automatic)
Requested-By: user (1000)
End-Date: 2022-09-21  06:48:57
dissect.target.plugins.os.unix.linux.debian.apt.split_into_records(chunk: Iterator[str], tz: zoneinfo.ZoneInfo, target: dissect.target.Target) Iterator[dissect.target.plugins.os.unix.packagemanager.PackageManagerLogRecord]

Parse the chunk line for line and try to extract as much information from each line as possible.

dissect.target.plugins.os.unix.linux.debian.apt.split_package_names(package_names: str) list[str]

Splits a comma separated list of package names.

Example package_names:

linux-headers-5.4.0-126:amd64 (5.4.0-126.142, automatic),
linux-headers-5.4.0-126-generic:amd64 (5.4.0-126.142, automatic),
linux-modules-extra-5.4.0-126-generic:amd64 (5.4.0-126.142, automatic),
linux-modules-5.4.0-126-generic:amd64 (5.4.0-126.142, automatic),
linux-image-5.4.0-126-generic:amd64 (5.4.0-126.142, automatic)

A list of package names, e.g. ['linux-headers-5.4.0-126:amd64 (5.4.0-126.142, automatic)', ...]