dissect.target.plugins.os.unix.linux.debian.dpkg

Module Contents

Classes

DpkgPlugin

Returns records for package details extracted from dpkg's status and log files.

Functions

read_status_blocks	Yield package status blocks read from fh text stream as the lists of lines
parse_status_block	Parse package details block from dpkg status file
parse_log_date_time
parse_log_line	Parse dpkg log file line

Attributes

STATUS_FILE_NAME
LOG_FILES_GLOB
STATUS_FIELD_MAPPINGS
STATUS_FIELDS_TO_EXTRACT
DpkgPackageStatusRecord
DpkgPackageLogRecord

dissect.target.plugins.os.unix.linux.debian.dpkg.STATUS_FILE_NAME = '/var/lib/dpkg/status'

dissect.target.plugins.os.unix.linux.debian.dpkg.LOG_FILES_GLOB = '/var/log/dpkg.log*'

dissect.target.plugins.os.unix.linux.debian.dpkg.STATUS_FIELD_MAPPINGS

dissect.target.plugins.os.unix.linux.debian.dpkg.STATUS_FIELDS_TO_EXTRACT

dissect.target.plugins.os.unix.linux.debian.dpkg.DpkgPackageStatusRecord

dissect.target.plugins.os.unix.linux.debian.dpkg.DpkgPackageLogRecord

class dissect.target.plugins.os.unix.linux.debian.dpkg.DpkgPlugin(target: dissect.target.Target)

Bases: dissect.target.plugin.Plugin

Returns records for package details extracted from dpkg’s status and log files.

__namespace__ = 'dpkg'

check_compatible() → None

Perform a compatibility check with the target.

This function should return None if the plugin is compatible with the current target (self.target). For example, check if a certain file exists. Otherwise it should raise an UnsupportedPluginError.

Raises:

UnsupportedPluginError – If the plugin could not be loaded.

status()

Yield records for packages in dpkg’s status database

log()

Yield records for actions logged in dpkg’s logs

dissect.target.plugins.os.unix.linux.debian.dpkg.read_status_blocks(fh: TextIO) → Generator[List[str], None, None]

Yield package status blocks read from fh text stream as the lists of lines

dissect.target.plugins.os.unix.linux.debian.dpkg.parse_status_block(block_lines: List[str]) → Dict[str, str]

Parse package details block from dpkg status file

dissect.target.plugins.os.unix.linux.debian.dpkg.parse_log_date_time(date_str: str, time_str: str) → datetime.datetime

dissect.target.plugins.os.unix.linux.debian.dpkg.parse_log_line(log_line: str) → Dict[str, str]

Parse dpkg log file line