`dissect.target.plugins.os.unix._os`¶

Module Contents¶

Classes¶

UnixPlugin

UNIX plugin.

Functions¶

parse_fstab

Parse fstab file and return a generator that streams the details of entries,

Attributes¶

`log`
`ARCH_MAP`

dissect.target.plugins.os.unix._os.log¶

dissect.target.plugins.os.unix._os.ARCH_MAP¶

class dissect.target.plugins.os.unix._os.UnixPlugin(target: dissect.target.target.Target)¶

Bases: dissect.target.plugin.OSPlugin

UNIX plugin.

PASSWD_FILES = ('/etc/passwd', '/etc/passwd-', '/etc/master.passwd')¶

classmethod detect(target: dissect.target.target.Target) → dissect.target.filesystem.Filesystem | None¶

Provide detection of this OSPlugin on a given filesystem.

Parameters:: fs – Filesystem to detect the OS on.
Returns:: The root filesystem / sysvol when found.

classmethod create(target: dissect.target.target.Target, sysvol: dissect.target.filesystem.Filesystem) → typing_extensions.Self¶

Initiate this OSPlugin with the given target and detected filesystem.

Parameters:

target – The Target object.
sysvol – The filesystem that was detected in the detect() function.

Returns:

An instantiated version of the OSPlugin.

users(sessions: bool = False) → collections.abc.Iterator[dissect.target.helpers.record.UnixUserRecord]¶

Yield unix user records from passwd files or syslog session logins.

References

https://manpages.ubuntu.com/manpages/oracular/en/man5/passwd.5.html

misc_user_paths() → collections.abc.Iterator[tuple[str, tuple[str, str] | None]]¶

Yields miscellaneous user paths and user keys.

Example

(“c:/Windows/ServiceProfiles/LocalService”, (“sid”, “S-1-5-19”))

architecture() → str | None¶

Return a slug of the target’s OS architecture.

Returns:: A slug of the OS architecture, e.g. ‘x86_32-unix’, ‘MIPS-linux’ or ‘AMD64-win32’, or ‘unknown’ if the architecture is unknown.

hostname() → str | None¶

Return the target’s hostname.

Returns:: The hostname as string.

domain() → str | None¶

os() → str¶

Return a slug of the target’s OS name.

Returns:: A slug of the OS name, e.g. ‘windows’ or ‘linux’.

dissect.target.plugins.os.unix._os.parse_fstab(fstab: dissect.target.helpers.fsutil.TargetPath, log: logging.Logger = log) → collections.abc.Iterator[tuple[uuid.UUID | str, str, str, str, str]]¶: Parse fstab file and return a generator that streams the details of entries, with unsupported FS types and block devices filtered away.

dissect.target.plugins.os.unix._os¶

Module Contents¶

Classes¶

Functions¶

Attributes¶

`dissect.target.plugins.os.unix._os`¶