dissect.target.plugins.os.unix.linux.debian.apt
#
Module Contents#
Classes#
Base class for plugins. |
Functions#
Parse the chunk line for line and try to extract as much information from each line as possible. |
|
Splits a comma separated list of package names. |
Attributes#
- dissect.target.plugins.os.unix.linux.debian.apt.APT_LOG_OPERATIONS = ['Install', 'Reinstall', 'Upgrade', 'Downgrade', 'Remove', 'Purge']#
- dissect.target.plugins.os.unix.linux.debian.apt.REGEX_PACKAGE_NAMES#
- class dissect.target.plugins.os.unix.linux.debian.apt.AptPlugin(target: dissect.target.Target)#
Bases:
dissect.target.plugin.Plugin
Base class for plugins.
Plugins can optionally be namespaced by specifying the
__namespace__
class attribute. Namespacing results in your plugin needing to be prefixed with this namespace when being called. For example, if your plugin has specifiedtest
as namespace and a function calledexample
, you must call your plugin withtest.example
:A
Plugin
class has the following private class attributes:__namespace__
__record_descriptors__
With the following three being assigned in
register()
:__plugin__
__functions__
__exports__
Additionally, the methods and attributes of
Plugin
receive more private attributes by using decorators.The
export()
decorator adds the following private attributes__exported__
__output__
: Set with theexport()
decorator.__record__
: Set with theexport()
decorator.
The
internal()
decorator andInternalPlugin
set the__internal__
attribute. Finally.args()
decorator sets the__args__
attribute.- Parameters:
target – The
Target
object to load the plugin for.
- __namespace__ = 'apt'#
- LOG_DIR_PATH = '/var/log/apt'#
- LOG_FILES_GLOB = 'history.*'#
- check_compatible() bool #
Perform a compatibility check with the target.
This function should return
None
if the plugin is compatible with the current target (self.target
). For example, check if a certain file exists. Otherwise it should raise anUnsupportedPluginError
.- Raises:
UnsupportedPluginError – If the plugin could not be loaded.
- logs() Iterator[dissect.target.plugins.os.unix.packagemanager.PackageManagerLogRecord] #
Package manager log parser for Apt.
Apt creates logs that are multiline and therefore requires somewhat complex parsing logic. We create one
PackageManagerLogRecord
per package and type; the example below hence generates three records.Example log format:
Start-Date: 2022-09-21 06:48:56 Commandline: /usr/bin/unattended-upgrade Install: linux-headers-5.4.0-126:amd64 (5.4.0-126.142, automatic), Upgrade: linux-headers-generic:amd64 (5.4.0.125.126, 5.4.0.126.127), libpython3.9-minimal:amd64 (3.9.5-3ubuntu0~20.04.1, automatic) Requested-By: user (1000) End-Date: 2022-09-21 06:48:57
- dissect.target.plugins.os.unix.linux.debian.apt.split_into_records(chunk: Iterator[str], tz: zoneinfo.ZoneInfo, target: dissect.target.Target) Iterator[dissect.target.plugins.os.unix.packagemanager.PackageManagerLogRecord] #
Parse the chunk line for line and try to extract as much information from each line as possible.
- dissect.target.plugins.os.unix.linux.debian.apt.split_package_names(package_names: str) list[str] #
Splits a comma separated list of package names.
Example
package_names
:linux-headers-5.4.0-126:amd64 (5.4.0-126.142, automatic), linux-headers-5.4.0-126-generic:amd64 (5.4.0-126.142, automatic), linux-modules-extra-5.4.0-126-generic:amd64 (5.4.0-126.142, automatic), linux-modules-5.4.0-126-generic:amd64 (5.4.0-126.142, automatic), linux-image-5.4.0-126-generic:amd64 (5.4.0-126.142, automatic)
- Returns:
A list of package names, e.g.
['linux-headers-5.4.0-126:amd64 (5.4.0-126.142, automatic)', ...]