`dissect.target.plugins.os.unix.linux.debian.dpkg`#

Module Contents#

Classes#

DpkgPlugin

Returns records for package details extracted from dpkg's status and log files.

Functions#

`read_status_blocks`	Yield package status blocks read from fh text stream as the lists of lines
`parse_status_block`	Parse package details block from dpkg status file
`parse_log_date_time`
`parse_log_line`	Parse dpkg log file line

Attributes#

`STATUS_FILE_NAME`
`LOG_FILES_GLOB`
`STATUS_FIELD_MAPPINGS`
`STATUS_FIELDS_TO_EXTRACT`
`DpkgPackageStatusRecord`
`DpkgPackageLogRecord`

dissect.target.plugins.os.unix.linux.debian.dpkg.STATUS_FILE_NAME = '/var/lib/dpkg/status'#

dissect.target.plugins.os.unix.linux.debian.dpkg.LOG_FILES_GLOB = '/var/log/dpkg.log*'#

dissect.target.plugins.os.unix.linux.debian.dpkg.STATUS_FIELD_MAPPINGS#

dissect.target.plugins.os.unix.linux.debian.dpkg.STATUS_FIELDS_TO_EXTRACT#

dissect.target.plugins.os.unix.linux.debian.dpkg.DpkgPackageStatusRecord#

dissect.target.plugins.os.unix.linux.debian.dpkg.DpkgPackageLogRecord#

class dissect.target.plugins.os.unix.linux.debian.dpkg.DpkgPlugin(target: dissect.target.Target)#

Bases: dissect.target.plugin.Plugin

Returns records for package details extracted from dpkg’s status and log files.

__namespace__ = 'dpkg'#

check_compatible() → None#

Perform a compatibility check with the target.

This function should return None if the plugin is compatible with the current target (self.target). For example, check if a certain file exists. Otherwise it should raise an UnsupportedPluginError.

Raises:: UnsupportedPluginError – If the plugin could not be loaded.

status()#: Yield records for packages in dpkg’s status database

log()#: Yield records for actions logged in dpkg’s logs

dissect.target.plugins.os.unix.linux.debian.dpkg.read_status_blocks(fh: TextIO) → Generator[List[str], None, None]#: Yield package status blocks read from fh text stream as the lists of lines

dissect.target.plugins.os.unix.linux.debian.dpkg.parse_status_block(block_lines: List[str]) → Dict[str, str]#: Parse package details block from dpkg status file

dissect.target.plugins.os.unix.linux.debian.dpkg.parse_log_date_time(date_str: str, time_str: str) → datetime.datetime#

dissect.target.plugins.os.unix.linux.debian.dpkg.parse_log_line(log_line: str) → Dict[str, str]#: Parse dpkg log file line

dissect.target.plugins.os.unix.linux.debian.dpkg#

Module Contents#

Classes#

Functions#

Attributes#

`dissect.target.plugins.os.unix.linux.debian.dpkg`#