`dissect.target.plugins.os.unix.linux.debian.apt`¶

Module Contents¶

Classes¶

AptPlugin

Apt package manager plugin.

Functions¶

`split_into_records`	Parse the chunk line for line and try to extract as much information from each line as possible.
`split_package_names`	Splits a comma separated list of package names.

Attributes¶

`APT_LOG_OPERATIONS`
`REGEX_PACKAGE_NAMES`

dissect.target.plugins.os.unix.linux.debian.apt.APT_LOG_OPERATIONS = ['Install', 'Reinstall', 'Upgrade', 'Downgrade', 'Remove', 'Purge']¶

dissect.target.plugins.os.unix.linux.debian.apt.REGEX_PACKAGE_NAMES¶

class dissect.target.plugins.os.unix.linux.debian.apt.AptPlugin(target: dissect.target.Target)¶

Bases: dissect.target.plugins.os.unix.packagemanager.PackageManagerPlugin

Apt package manager plugin.

__namespace__ = 'apt'¶: Defines the plugin namespace.

LOG_DIR_PATH = '/var/log/apt'¶

LOG_FILES_GLOB = 'history.*'¶

check_compatible() → None¶

Perform a compatibility check with the target.

This function should return None if the plugin is compatible with the current target (self.target). For example, check if a certain file exists. Otherwise it should raise an UnsupportedPluginError.

Raises:: UnsupportedPluginError – If the plugin could not be loaded.

logs() → Iterator[dissect.target.plugins.os.unix.packagemanager.PackageManagerLogRecord]¶

Package manager log parser for Apt.

Apt creates logs that are multiline and therefore requires somewhat complex parsing logic. We create one PackageManagerLogRecord per package and type; the example below hence generates three records.

Example log format:

Start-Date: 2022-09-21  06:48:56
Commandline: /usr/bin/unattended-upgrade
Install: linux-headers-5.4.0-126:amd64 (5.4.0-126.142, automatic),
Upgrade: linux-headers-generic:amd64 (5.4.0.125.126, 5.4.0.126.127), libpython3.9-minimal:amd64 (3.9.5-3ubuntu0~20.04.1, automatic)
Requested-By: user (1000)
End-Date: 2022-09-21  06:48:57

dissect.target.plugins.os.unix.linux.debian.apt.split_into_records(chunk: Iterator[str], tz: zoneinfo.ZoneInfo, target: dissect.target.Target) → Iterator[dissect.target.plugins.os.unix.packagemanager.PackageManagerLogRecord]¶: Parse the chunk line for line and try to extract as much information from each line as possible.

dissect.target.plugins.os.unix.linux.debian.apt.split_package_names(package_names: str) → list[str]¶

Splits a comma separated list of package names.

Example package_names:

linux-headers-5.4.0-126:amd64 (5.4.0-126.142, automatic),
linux-headers-5.4.0-126-generic:amd64 (5.4.0-126.142, automatic),
linux-modules-extra-5.4.0-126-generic:amd64 (5.4.0-126.142, automatic),
linux-modules-5.4.0-126-generic:amd64 (5.4.0-126.142, automatic),
linux-image-5.4.0-126-generic:amd64 (5.4.0-126.142, automatic)

Returns:: A list of package names, e.g. ['linux-headers-5.4.0-126:amd64 (5.4.0-126.142, automatic)', ...]

dissect.target.plugins.os.unix.linux.debian.apt¶

Module Contents¶

Classes¶

Functions¶

Attributes¶

`dissect.target.plugins.os.unix.linux.debian.apt`¶