dissect.target.plugins.os.unix.linux.debian.dpkg
#
Module Contents#
Classes#
Returns records for package details extracted from dpkg's status and log files. |
Functions#
Yield package status blocks read from fh text stream as the lists of lines |
|
Parse package details block from dpkg status file |
|
Parse dpkg log file line |
Attributes#
- dissect.target.plugins.os.unix.linux.debian.dpkg.STATUS_FILE_NAME = '/var/lib/dpkg/status'#
- dissect.target.plugins.os.unix.linux.debian.dpkg.LOG_FILES_GLOB = '/var/log/dpkg.log*'#
- dissect.target.plugins.os.unix.linux.debian.dpkg.STATUS_FIELD_MAPPINGS#
- dissect.target.plugins.os.unix.linux.debian.dpkg.STATUS_FIELDS_TO_EXTRACT#
- dissect.target.plugins.os.unix.linux.debian.dpkg.DpkgPackageStatusRecord#
- dissect.target.plugins.os.unix.linux.debian.dpkg.DpkgPackageLogRecord#
- class dissect.target.plugins.os.unix.linux.debian.dpkg.DpkgPlugin(target: dissect.target.Target)#
Bases:
dissect.target.plugin.Plugin
Returns records for package details extracted from dpkg’s status and log files.
- __namespace__ = 'dpkg'#
- check_compatible()#
Perform a compatibility check with the target.
This function should return
None
if the plugin is compatible with the current target (self.target
). For example, check if a certain file exists. Otherwise it should raise anUnsupportedPluginError
.- Raises:
UnsupportedPluginError – If the plugin could not be loaded.
- status()#
Yield records for packages in dpkg’s status database
- log()#
Yield records for actions logged in dpkg’s logs
- dissect.target.plugins.os.unix.linux.debian.dpkg.read_status_blocks(fh: TextIO) Generator[List[str], None, None] #
Yield package status blocks read from fh text stream as the lists of lines
- dissect.target.plugins.os.unix.linux.debian.dpkg.parse_status_block(block_lines: List[str]) Dict[str, str] #
Parse package details block from dpkg status file
- dissect.target.plugins.os.unix.linux.debian.dpkg.parse_log_date_time(date_str: str, time_str: str) datetime.datetime #
- dissect.target.plugins.os.unix.linux.debian.dpkg.parse_log_line(log_line: str) Dict[str, str] #
Parse dpkg log file line