`dissect.target.plugins.os.unix.linux.debian.apt`#

Module Contents#

Classes#

AptPlugin

Base class for plugins.

Functions#

`split_into_records`	Parse the chunk line for line and try to extract as much information from each line as possible.
`split_package_names`	Splits a comma separated list of package names.

Attributes#

`APT_LOG_OPERATIONS`
`REGEX_PACKAGE_NAMES`

dissect.target.plugins.os.unix.linux.debian.apt.APT_LOG_OPERATIONS = ['Install', 'Reinstall', 'Upgrade', 'Downgrade', 'Remove', 'Purge']#

dissect.target.plugins.os.unix.linux.debian.apt.REGEX_PACKAGE_NAMES#

class dissect.target.plugins.os.unix.linux.debian.apt.AptPlugin(target: dissect.target.Target)#

Bases: dissect.target.plugin.Plugin

Base class for plugins.

Plugins can optionally be namespaced by specifying the __namespace__ class attribute. Namespacing results in your plugin needing to be prefixed with this namespace when being called. For example, if your plugin has specified test as namespace and a function called example, you must call your plugin with test.example:

A Plugin class has the following private class attributes:

__namespace__
__record_descriptors__

With the following three being assigned in register():

__plugin__
__functions__
__exports__

Additionally, the methods and attributes of Plugin receive more private attributes by using decorators.

The export() decorator adds the following private attributes

__exported__
__output__: Set with the export() decorator.
__record__: Set with the export() decorator.

The internal() decorator and InternalPlugin set the __internal__ attribute. Finally. args() decorator sets the __args__ attribute.

Parameters:: target – The Target object to load the plugin for.

__namespace__ = 'apt'#

LOG_DIR_PATH = '/var/log/apt'#

LOG_FILES_GLOB = 'history.*'#

check_compatible() → None#

Perform a compatibility check with the target.

This function should return None if the plugin is compatible with the current target (self.target). For example, check if a certain file exists. Otherwise it should raise an UnsupportedPluginError.

Raises:: UnsupportedPluginError – If the plugin could not be loaded.

logs() → Iterator[dissect.target.plugins.os.unix.packagemanager.PackageManagerLogRecord]#

Package manager log parser for Apt.

Apt creates logs that are multiline and therefore requires somewhat complex parsing logic. We create one PackageManagerLogRecord per package and type; the example below hence generates three records.

Example log format:

Start-Date: 2022-09-21  06:48:56
Commandline: /usr/bin/unattended-upgrade
Install: linux-headers-5.4.0-126:amd64 (5.4.0-126.142, automatic),
Upgrade: linux-headers-generic:amd64 (5.4.0.125.126, 5.4.0.126.127), libpython3.9-minimal:amd64 (3.9.5-3ubuntu0~20.04.1, automatic)
Requested-By: user (1000)
End-Date: 2022-09-21  06:48:57

dissect.target.plugins.os.unix.linux.debian.apt.split_into_records(chunk: Iterator[str], tz: zoneinfo.ZoneInfo, target: dissect.target.Target) → Iterator[dissect.target.plugins.os.unix.packagemanager.PackageManagerLogRecord]#: Parse the chunk line for line and try to extract as much information from each line as possible.

dissect.target.plugins.os.unix.linux.debian.apt.split_package_names(package_names: str) → list[str]#

Splits a comma separated list of package names.

Example package_names:

linux-headers-5.4.0-126:amd64 (5.4.0-126.142, automatic),
linux-headers-5.4.0-126-generic:amd64 (5.4.0-126.142, automatic),
linux-modules-extra-5.4.0-126-generic:amd64 (5.4.0-126.142, automatic),
linux-modules-5.4.0-126-generic:amd64 (5.4.0-126.142, automatic),
linux-image-5.4.0-126-generic:amd64 (5.4.0-126.142, automatic)

Returns:: A list of package names, e.g. ['linux-headers-5.4.0-126:amd64 (5.4.0-126.142, automatic)', ...]

dissect.target.plugins.os.unix.linux.debian.apt#

Module Contents#

Classes#

Functions#

Attributes#

`dissect.target.plugins.os.unix.linux.debian.apt`#