From a734c6138b6b978cc13e4c5a79fbba33fc25ea9c Mon Sep 17 00:00:00 2001 From: Thiago Canozzo Lahr Date: Wed, 31 Jan 2024 19:26:24 -0300 Subject: [PATCH 01/44] refactor: development version --- CHANGELOG.md | 30 +----------------------------- uac | 2 +- 2 files changed, 2 insertions(+), 30 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 53146d3..aa21cd9 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,40 +1,12 @@ # Changelog -## 2.8.0 (2024-01-22) +## DEVELOPMENT VERSION ### Features -- --debug option now does not remove the uac-data.tmp directory created in the destination directory. This is the location where temporary and debugging data is stored during execution. ### Artifacts -- files/applications/box_drive.yaml: Renamed to box.yaml. -- files/applications/box.yaml: Added collection support for Box log files [macos]. -- files/applications/wget.yaml: Added collection support for wget hsts file. This file is used to store the HSTS cache for the wget utility [aix, esxi, freebsd, linux, macos, netbsd, openbsd, solaris] (by [firexfly](https://github.com/firexfly)). -- files/browsers/brave.yaml: Updated collection support for Flatpak version [linux]. -- files/browsers/chrome.yaml: Updated collection support for Flatpak version [linux]. -- files/browsers/edge.yaml: Updated collection support for Flatpak version [linux]. -- files/browsers/opera.yaml: Updated collection support for Flatpak version [linux]. -- files/browsers/vivaldi.yaml: Updated collection support for Flatpak version [linux]. -- files/packages/pkg_contents.yaml: Added collection support for package table of contents files [openbsd] (by [Herbert-Karl](https://github.com/Herbert-Karl)). -- files/system/desktop.yaml: Added collection support for GUI shortcut files (.desktop) of users [freebsd, linux, netbsd, openbsd] (by [Herbert-Karl](https://github.com/Herbert-Karl)). -- files/system/etc.yaml: Added "master.passwd" and "spwd.db" to the exclude_name_pattern list as they contain the hashed passwords of local users [freebsd, netbsd, netscaler, openbsd] (by [Herbert-Karl](https://github.com/Herbert-Karl)). -- files/system/etc.yaml: Added exclusion for the group shadow files 'gshadow' and 'gshadow-'. Those files contain password hashes for groups [linux] (by [Herbert-Karl](https://github.com/Herbert-Karl)). -- files/system/xsession_errors.yaml: Updated collection support for OpenBSD systems [openbsd] (by [Herbert-Karl](https://github.com/Herbert-Karl)). -- live_response/network/ndp.yaml: Added collection support for kernel's IPv6 network neighbor cache [freebsd, netbsd, openbsd] (by [Herbert-Karl](https://github.com/Herbert-Karl)). -- live_response/network/nft.yaml: Added collection support for complete nftables ruleset [linux] (by [sanderu](https://github.com/sanderu)). -- live_response/network/ss.yaml: Updated collection support for processes listening on UDP ports/sockets [android, linux]. -- live_response/vms/vmctl.yaml: Added collection support for information about running virtual machines on the OpenBSD using the native virtualization system [openbsd] (by [Herbert-Karl](https://github.com/Herbert-Karl)). ### Fixes -- Offline disk image mount point path was part of the file structure in [root] (by [maxspl](https://github.com/maxspl)). -- Collected data was not being properly archived by tar in AIX systems. - -### Profiles - -- profiles/offline.yaml: New 'offline' profile that can be used during offline collections (by [randomaccess3](https://github.com/randomaccess3)). - -### Tools - -- statx source code was moved to a dedicated repository at https://github.com/tclahr/statx diff --git a/uac b/uac index 1f93438..ff338e5 100755 --- a/uac +++ b/uac @@ -40,7 +40,7 @@ export PATH . "${UAC_DIR}/lib/load_lib_files.sh" # global vars -UAC_VERSION="2.8.0" +UAC_VERSION="DEVELOPMENT VERSION" MOUNT_POINT="/" OPERATING_SYSTEM="" SYSTEM_ARCH="" From 52b87eb294d833021760d94f3c2b4568c122b051 Mon Sep 17 00:00:00 2001 From: Sander Date: Mon, 12 Feb 2024 15:09:19 +0000 Subject: [PATCH 02/44] Get list of Python packages installed via pip and get information about the installed Python packages. Signed-off-by: Sander --- artifacts/live_response/packages/pip.yaml | 15 +++++++++++++++ 1 file changed, 15 insertions(+) create mode 100644 artifacts/live_response/packages/pip.yaml diff --git a/artifacts/live_response/packages/pip.yaml b/artifacts/live_response/packages/pip.yaml new file mode 100644 index 0000000..db81a20 --- /dev/null +++ b/artifacts/live_response/packages/pip.yaml @@ -0,0 +1,15 @@ +version: 1.0 +artifacts: + - + description: Display Python packages installed through pip. + supported_os: [linux] + collector: command + command: pip list + output_file: pip_list.txt + - + description: Display information about Python pip-packages. + supported_os: [linux] + collector: command + foreach: pip list | awk '{print $1}' | tail -n +3 + command: pip show %line% + output_file: pip_show_%line%.txt From efb1dd67b30e2c9c2be5dd09e19ca4a8b3235691 Mon Sep 17 00:00:00 2001 From: Sander Date: Mon, 12 Feb 2024 15:26:41 +0000 Subject: [PATCH 03/44] Get information about every kernel module loaded. Signed-off-by: Sander --- artifacts/live_response/system/modinfo.yaml | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/artifacts/live_response/system/modinfo.yaml b/artifacts/live_response/system/modinfo.yaml index 47f06f1..7a257e1 100644 --- a/artifacts/live_response/system/modinfo.yaml +++ b/artifacts/live_response/system/modinfo.yaml @@ -6,4 +6,10 @@ artifacts: collector: command command: modinfo output_file: modinfo.txt - \ No newline at end of file + - + description: Display information about loaded kernel modules. + supported_os: [linux] + collector: command + foreach: lsmod | awk '{print $1}' | tail -n +2 + command: modinfo %line% + output_file: modinfo_%line%.txt From d5a07d5ff142c72f2ec85627291b390b6ad5a956 Mon Sep 17 00:00:00 2001 From: Thiago Canozzo Lahr Date: Wed, 14 Feb 2024 23:52:51 -0300 Subject: [PATCH 04/44] refact: remove branch from github actions --- .github/workflows/validate-artifacts-file.yaml | 6 ------ 1 file changed, 6 deletions(-) diff --git a/.github/workflows/validate-artifacts-file.yaml b/.github/workflows/validate-artifacts-file.yaml index c7fdc28..2338844 100644 --- a/.github/workflows/validate-artifacts-file.yaml +++ b/.github/workflows/validate-artifacts-file.yaml @@ -2,14 +2,8 @@ name: Validate Artifacts File on: pull_request: - types: - - opened - - reopened paths: - 'artifacts/**' - branches: - - develop - - 'release/**' jobs: validate-artifacts-file: From df1d6f2521147025c8690bb542ea1614a3829402 Mon Sep 17 00:00:00 2001 From: Thiago Canozzo Lahr Date: Wed, 21 Feb 2024 08:27:18 -0300 Subject: [PATCH 05/44] refactor: new artifacts --- CHANGELOG.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index aa21cd9..af3d695 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -7,6 +7,8 @@ ### Artifacts +- live_response/packages/pip.yaml: Added collection support for Python packages installed through pip [linux] (by [sanderu](https://github.com/sanderu)). +- live_response/system/modinfo.yaml: Added collection support for information about loaded kernel modules [linux, solaris] (by [sanderu](https://github.com/sanderu)). ### Fixes From 9c0e3578d69ab346cfd3c1b1b1ea3cc3fa381dba Mon Sep 17 00:00:00 2001 From: Pierre-Gronau-ndaal <72132223+Pierre-Gronau-ndaal@users.noreply.github.com> Date: Sun, 10 Mar 2024 16:15:44 +0100 Subject: [PATCH 06/44] Create yay.yaml --- artifacts/live_response/packages/yay.yaml | 9 +++++++++ 1 file changed, 9 insertions(+) create mode 100644 artifacts/live_response/packages/yay.yaml diff --git a/artifacts/live_response/packages/yay.yaml b/artifacts/live_response/packages/yay.yaml new file mode 100644 index 0000000..3f27ebb --- /dev/null +++ b/artifacts/live_response/packages/yay.yaml @@ -0,0 +1,9 @@ +version: 1.0 +artifacts: + - + description: Display installed packages. + supported_os: [linux] + collector: command + command: yay -Qq + output_file: yay_list-installed.txt + From 9ccd9c4aa493062fbdc1d992c561a760f26a1305 Mon Sep 17 00:00:00 2001 From: Pierre-Gronau-ndaal <72132223+Pierre-Gronau-ndaal@users.noreply.github.com> Date: Sun, 10 Mar 2024 16:17:41 +0100 Subject: [PATCH 07/44] Create equo.yaml --- artifacts/live_response/packages/equo.yaml | 9 +++++++++ 1 file changed, 9 insertions(+) create mode 100644 artifacts/live_response/packages/equo.yaml diff --git a/artifacts/live_response/packages/equo.yaml b/artifacts/live_response/packages/equo.yaml new file mode 100644 index 0000000..84a90f1 --- /dev/null +++ b/artifacts/live_response/packages/equo.yaml @@ -0,0 +1,9 @@ +version: 1.0 +artifacts: + - + description: Display installed packages. + supported_os: [linux] + collector: command + command: equo query list + output_file: equo_list-installed.txt + From ecb3a0c035faaf41936f21b394f45a937a65fcdd Mon Sep 17 00:00:00 2001 From: Pierre-Gronau-ndaal <72132223+Pierre-Gronau-ndaal@users.noreply.github.com> Date: Sun, 10 Mar 2024 16:19:19 +0100 Subject: [PATCH 08/44] Create nix.yaml --- artifacts/live_response/packages/nix.yaml | 9 +++++++++ 1 file changed, 9 insertions(+) create mode 100644 artifacts/live_response/packages/nix.yaml diff --git a/artifacts/live_response/packages/nix.yaml b/artifacts/live_response/packages/nix.yaml new file mode 100644 index 0000000..e4fbf09 --- /dev/null +++ b/artifacts/live_response/packages/nix.yaml @@ -0,0 +1,9 @@ +version: 1.0 +artifacts: + - + description: Display installed packages. + supported_os: [linux] + collector: command + command: nix-env -q --installed + output_file: nix_list-installed.txt + From d797afaf29fb736c2ab3cf18e858e37501c43448 Mon Sep 17 00:00:00 2001 From: Pierre-Gronau-ndaal <72132223+Pierre-Gronau-ndaal@users.noreply.github.com> Date: Sun, 10 Mar 2024 16:21:41 +0100 Subject: [PATCH 09/44] Create xbps.yaml --- artifacts/live_response/packages/xbps.yaml | 9 +++++++++ 1 file changed, 9 insertions(+) create mode 100644 artifacts/live_response/packages/xbps.yaml diff --git a/artifacts/live_response/packages/xbps.yaml b/artifacts/live_response/packages/xbps.yaml new file mode 100644 index 0000000..dfcb0f0 --- /dev/null +++ b/artifacts/live_response/packages/xbps.yaml @@ -0,0 +1,9 @@ +version: 1.0 +artifacts: + - + description: Display installed packages. + supported_os: [linux] + collector: command + command: xbps-query -l + output_file: xbps_list-installed.txt + From 3437426313a668e4e435233c660dcd2ac34a3d8c Mon Sep 17 00:00:00 2001 From: Pierre-Gronau-ndaal <72132223+Pierre-Gronau-ndaal@users.noreply.github.com> Date: Sun, 10 Mar 2024 16:23:50 +0100 Subject: [PATCH 10/44] Update macos_applications.yaml --- artifacts/live_response/packages/macos_applications.yaml | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/artifacts/live_response/packages/macos_applications.yaml b/artifacts/live_response/packages/macos_applications.yaml index 63f882a..0cf5f7a 100644 --- a/artifacts/live_response/packages/macos_applications.yaml +++ b/artifacts/live_response/packages/macos_applications.yaml @@ -12,3 +12,10 @@ artifacts: collector: command command: ls -l -a /%user_home%/Applications output_file: ls_-l_-a_%user_home%_Applications.txt + - + description: Display all applications located at /Users/%user%/Applications directory. + supported_os: [macos] + collector: command + command: brew list + output_file: brew_list_%user_home%_Applications.txt + From a5cf98b0a29a81a4e5b60dc1ad63463ee0d11355 Mon Sep 17 00:00:00 2001 From: Pierre-Gronau-ndaal <72132223+Pierre-Gronau-ndaal@users.noreply.github.com> Date: Fri, 22 Mar 2024 18:54:02 +0100 Subject: [PATCH 11/44] Update xbps.yaml --- artifacts/live_response/packages/xbps.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/artifacts/live_response/packages/xbps.yaml b/artifacts/live_response/packages/xbps.yaml index dfcb0f0..deefaef 100644 --- a/artifacts/live_response/packages/xbps.yaml +++ b/artifacts/live_response/packages/xbps.yaml @@ -5,5 +5,5 @@ artifacts: supported_os: [linux] collector: command command: xbps-query -l - output_file: xbps_list-installed.txt + output_file: xbps-query_-l.txt From 91b0e76db7d58c013cbdc79122dc645db6c80236 Mon Sep 17 00:00:00 2001 From: Pierre-Gronau-ndaal <72132223+Pierre-Gronau-ndaal@users.noreply.github.com> Date: Fri, 22 Mar 2024 18:55:35 +0100 Subject: [PATCH 12/44] Update nix.yaml nix-env_-q_--installed.txt --- artifacts/live_response/packages/nix.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/artifacts/live_response/packages/nix.yaml b/artifacts/live_response/packages/nix.yaml index e4fbf09..73bafae 100644 --- a/artifacts/live_response/packages/nix.yaml +++ b/artifacts/live_response/packages/nix.yaml @@ -5,5 +5,5 @@ artifacts: supported_os: [linux] collector: command command: nix-env -q --installed - output_file: nix_list-installed.txt + output_file: nix-env_-q_--installed.txt From 4f2e87d2c46f90e45c8db6c91b8a1a52f5bc7557 Mon Sep 17 00:00:00 2001 From: Pierre-Gronau-ndaal <72132223+Pierre-Gronau-ndaal@users.noreply.github.com> Date: Fri, 22 Mar 2024 18:57:14 +0100 Subject: [PATCH 13/44] Update equo.yaml equo_query_list.txt --- artifacts/live_response/packages/equo.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/artifacts/live_response/packages/equo.yaml b/artifacts/live_response/packages/equo.yaml index 84a90f1..5a3ef86 100644 --- a/artifacts/live_response/packages/equo.yaml +++ b/artifacts/live_response/packages/equo.yaml @@ -5,5 +5,5 @@ artifacts: supported_os: [linux] collector: command command: equo query list - output_file: equo_list-installed.txt + output_file: equo_query_list.txt From 96679e8c68e88750501b1bad02d12e2941b2ab83 Mon Sep 17 00:00:00 2001 From: Pierre-Gronau-ndaal <72132223+Pierre-Gronau-ndaal@users.noreply.github.com> Date: Fri, 22 Mar 2024 18:58:22 +0100 Subject: [PATCH 14/44] Update yay.yaml yay_-Qq.txt --- artifacts/live_response/packages/yay.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/artifacts/live_response/packages/yay.yaml b/artifacts/live_response/packages/yay.yaml index 3f27ebb..fc4ca16 100644 --- a/artifacts/live_response/packages/yay.yaml +++ b/artifacts/live_response/packages/yay.yaml @@ -5,5 +5,5 @@ artifacts: supported_os: [linux] collector: command command: yay -Qq - output_file: yay_list-installed.txt + output_file: yay_-Qq.txt From f63a964366971f07d4a4b68fa8198a76a974caed Mon Sep 17 00:00:00 2001 From: Thiago Canozzo Lahr Date: Mon, 1 Apr 2024 22:56:33 -0300 Subject: [PATCH 15/44] artif: new artifact --- artifacts/live_response/packages/pisi.yaml | 8 ++++++++ 1 file changed, 8 insertions(+) create mode 100644 artifacts/live_response/packages/pisi.yaml diff --git a/artifacts/live_response/packages/pisi.yaml b/artifacts/live_response/packages/pisi.yaml new file mode 100644 index 0000000..165652c --- /dev/null +++ b/artifacts/live_response/packages/pisi.yaml @@ -0,0 +1,8 @@ +version: 1.0 +artifacts: + - + description: Display installed packages. + supported_os: [linux] + collector: command + command: pisi list + output_file: pisi_list.txt From f4acd292a2a41c4451fc2b7342f2493ff426c26d Mon Sep 17 00:00:00 2001 From: Thiago Canozzo Lahr Date: Mon, 1 Apr 2024 23:12:55 -0300 Subject: [PATCH 16/44] refactor: new artifacts --- CHANGELOG.md | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index af3d695..4a6507b 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -7,7 +7,12 @@ ### Artifacts +- live_response/packages/equo.yaml: Added collection support for packages installed through Entropy package manager [linux] (by [Pierre-Gronau-ndaal](https://github.com/Pierre-Gronau-ndaal)). +- live_response/packages/nix.yaml: Added collection support for packages installed through Nix package manager [linux] (by [Pierre-Gronau-ndaal](https://github.com/Pierre-Gronau-ndaal)). - live_response/packages/pip.yaml: Added collection support for Python packages installed through pip [linux] (by [sanderu](https://github.com/sanderu)). +- live_response/packages/pisi.yaml: Added collection support for packages installed through pisi package manager [linux] (by [Pierre-Gronau-ndaal](https://github.com/Pierre-Gronau-ndaal)). +- live_response/packages/xbps.yaml: Added collection support for packages installed through XBPS package manager [linux] (by [Pierre-Gronau-ndaal](https://github.com/Pierre-Gronau-ndaal)). +- live_response/packages/yay.yaml: Added collection support for packages installed through Yay [linux] (by [Pierre-Gronau-ndaal](https://github.com/Pierre-Gronau-ndaal)). - live_response/system/modinfo.yaml: Added collection support for information about loaded kernel modules [linux, solaris] (by [sanderu](https://github.com/sanderu)). ### Fixes From 41acfcab4b2c830a1841a3386fc5d25b901d1f88 Mon Sep 17 00:00:00 2001 From: Herbert <34774005+Herbert-Karl@users.noreply.github.com> Date: Wed, 3 Apr 2024 12:41:22 +0200 Subject: [PATCH 17/44] artif: updated pkg contents for netbsd 10 --- artifacts/files/packages/pkg_contents.yaml | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/artifacts/files/packages/pkg_contents.yaml b/artifacts/files/packages/pkg_contents.yaml index 7ac6cba..f3e450d 100644 --- a/artifacts/files/packages/pkg_contents.yaml +++ b/artifacts/files/packages/pkg_contents.yaml @@ -2,7 +2,13 @@ version: 1.0 artifacts: - description: Collect package table of contents files. - supported_os: [openbsd] + supported_os: [openbsd, netbsd] collector: file path: /var/db/pkg path_pattern: ["*/+CONTENTS"] + - + description: Collect package table of contents files (NetBSD 10 and later). + supported_os: [netbsd] + collector: file + path: /usr/pkg/pkgdb + path_pattern: ["*/+CONTENTS"] From 1ed4fb22b85537b0973279968e17712fab1be714 Mon Sep 17 00:00:00 2001 From: Randy Burton <25161963+rbcrwd@users.noreply.github.com> Date: Wed, 10 Apr 2024 15:36:46 -0600 Subject: [PATCH 18/44] move tool logs to the front of archive This moves the tool's logs to the front of the tar archive rather than the tail. As tar is a stream format, having them at the tail ends up requiring that automation read the archive twice: once to gather details crucial to routing and parsing the data it contains, and once to actually parse the data. Most solutions will likely still want to read archives twice in order to handle ones generated before this change, but at least they can terminate the first pass when they finish parsing the log file, thus minimizing waste. --- uac | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/uac b/uac index 1f93438..e284ee7 100755 --- a/uac +++ b/uac @@ -778,9 +778,9 @@ ua_output_file_hash="-" # sort and uniq sort_uniq_file "${TEMP_DATA_DIR}/.output_file.tmp" 2>>"${UAC_STDERR_LOG_FILE}" # add uac.log to the list of files to be archived/copied within the output file -echo "uac.log" >>"${TEMP_DATA_DIR}/.output_file.tmp" +echo "uac.log" | cat - "${TEMP_DATA_DIR}/.output_file.tmp" >"${TEMP_DATA_DIR}/.output_file.tmp" # add uac.log.stderr to the list of files to be archived/copied within the output file -echo "uac.log.stderr" >>"${TEMP_DATA_DIR}/.output_file.tmp" +echo "uac.log.stderr" | cat - "${TEMP_DATA_DIR}/.output_file.tmp" >"${TEMP_DATA_DIR}/.output_file.tmp" # create output file if command_exists "tar"; then From a4dc0ddb83040ad1cd97c0d7fdf66589fab9bcd0 Mon Sep 17 00:00:00 2001 From: Pierre-Gronau-ndaal <72132223+Pierre-Gronau-ndaal@users.noreply.github.com> Date: Thu, 11 Apr 2024 10:47:53 +0200 Subject: [PATCH 19/44] Update macos_applications.yaml --- artifacts/live_response/packages/macos_applications.yaml | 7 ------- 1 file changed, 7 deletions(-) diff --git a/artifacts/live_response/packages/macos_applications.yaml b/artifacts/live_response/packages/macos_applications.yaml index 0cf5f7a..63f882a 100644 --- a/artifacts/live_response/packages/macos_applications.yaml +++ b/artifacts/live_response/packages/macos_applications.yaml @@ -12,10 +12,3 @@ artifacts: collector: command command: ls -l -a /%user_home%/Applications output_file: ls_-l_-a_%user_home%_Applications.txt - - - description: Display all applications located at /Users/%user%/Applications directory. - supported_os: [macos] - collector: command - command: brew list - output_file: brew_list_%user_home%_Applications.txt - From 11ce70f790c4de32dbacb78635bb3c0cee1a5343 Mon Sep 17 00:00:00 2001 From: Thiago Canozzo Lahr Date: Mon, 15 Apr 2024 08:38:24 -0300 Subject: [PATCH 20/44] artif: new artifacts --- CHANGELOG.md | 3 +++ artifacts/live_response/containers/docker.yaml | 11 +++++++++-- artifacts/live_response/containers/podman.yaml | 11 +++++++++-- 3 files changed, 21 insertions(+), 4 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 4a6507b..61e4d4f 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -7,6 +7,9 @@ ### Artifacts +- files/packages/pkg_contents.yaml: Updated collection support for NetBSD 10 [netbsd] (by [Herbert-Karl](https://github.com/Herbert-Karl)). +- live_response/containers/docker.yaml: Added collection support for resource usage statistics of each container [linux]. +- live_response/containers/podman.yaml: Added collection support for resource usage statistics of each container [linux]. - live_response/packages/equo.yaml: Added collection support for packages installed through Entropy package manager [linux] (by [Pierre-Gronau-ndaal](https://github.com/Pierre-Gronau-ndaal)). - live_response/packages/nix.yaml: Added collection support for packages installed through Nix package manager [linux] (by [Pierre-Gronau-ndaal](https://github.com/Pierre-Gronau-ndaal)). - live_response/packages/pip.yaml: Added collection support for Python packages installed through pip [linux] (by [sanderu](https://github.com/sanderu)). diff --git a/artifacts/live_response/containers/docker.yaml b/artifacts/live_response/containers/docker.yaml index 14366f1..6f6a449 100644 --- a/artifacts/live_response/containers/docker.yaml +++ b/artifacts/live_response/containers/docker.yaml @@ -1,4 +1,4 @@ -version: 1.0 +version: 2.0 artifacts: - description: List all containers. @@ -90,4 +90,11 @@ artifacts: collector: command foreach: docker container ps --all | sed 1d | awk '{print $1}' command: docker diff %line% - output_file: docker_diff_%line%.txt \ No newline at end of file + output_file: docker_diff_%line%.txt + - + description: Display a live stream of resource usage statistics. + supported_os: [linux] + collector: command + foreach: docker container ps --all | sed 1d | awk '{print $1}' + command: docker stats %line% + output_file: docker_stats_%line%.txt \ No newline at end of file diff --git a/artifacts/live_response/containers/podman.yaml b/artifacts/live_response/containers/podman.yaml index ac398b8..9f7444a 100644 --- a/artifacts/live_response/containers/podman.yaml +++ b/artifacts/live_response/containers/podman.yaml @@ -1,4 +1,4 @@ -version: 1.0 +version: 2.0 artifacts: - description: List all containers. @@ -90,4 +90,11 @@ artifacts: collector: command foreach: podman container ps --all | sed 1d | awk '{print $1}' command: podman diff %line% - output_file: podman_diff_%line%.txt \ No newline at end of file + output_file: podman_diff_%line%.txt + - + description: Display a live stream of resource usage statistics. + supported_os: [linux] + collector: command + foreach: podman container ps --all | sed 1d | awk '{print $1}' + command: podman stats %line% + output_file: podman_stats_%line%.txt \ No newline at end of file From 875ea8fd1a9404ffa2bd23c80758bc79676591ee Mon Sep 17 00:00:00 2001 From: Thiago Canozzo Lahr Date: Mon, 15 Apr 2024 08:41:12 -0300 Subject: [PATCH 21/44] fix: shellcheck fix --- uac | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/uac b/uac index e284ee7..6b27a69 100755 --- a/uac +++ b/uac @@ -777,10 +777,10 @@ ua_output_file_hash="-" # sort and uniq sort_uniq_file "${TEMP_DATA_DIR}/.output_file.tmp" 2>>"${UAC_STDERR_LOG_FILE}" -# add uac.log to the list of files to be archived/copied within the output file -echo "uac.log" | cat - "${TEMP_DATA_DIR}/.output_file.tmp" >"${TEMP_DATA_DIR}/.output_file.tmp" # add uac.log.stderr to the list of files to be archived/copied within the output file -echo "uac.log.stderr" | cat - "${TEMP_DATA_DIR}/.output_file.tmp" >"${TEMP_DATA_DIR}/.output_file.tmp" +echo "uac.log.stderr" | cat - "${TEMP_DATA_DIR}/.output_file.tmp" >"${TEMP_DATA_DIR}/.temp_output_file.tmp" +# add uac.log to the list of files to be archived/copied within the output file +echo "uac.log" | cat - "${TEMP_DATA_DIR}/.temp_output_file.tmp" >"${TEMP_DATA_DIR}/.output_file.tmp" # create output file if command_exists "tar"; then From b3b73583e112167d894b4d0af14c865d2b105892 Mon Sep 17 00:00:00 2001 From: Thiago Canozzo Lahr Date: Mon, 15 Apr 2024 08:51:34 -0300 Subject: [PATCH 22/44] refactor: update changelog --- CHANGELOG.md | 1 + 1 file changed, 1 insertion(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 61e4d4f..58da373 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,6 +4,7 @@ ### Features +- uac.log and uac.log.stderr files were moved to the front of the output archive file (by [rbcrwd](https://github.com/rbcrwd)). ### Artifacts From 0157a2bf357a7957b26a9a8390e1be310988fc12 Mon Sep 17 00:00:00 2001 From: Thiago Canozzo Lahr Date: Mon, 22 Apr 2024 16:28:40 -0300 Subject: [PATCH 23/44] artif: new artifact --- CHANGELOG.md | 1 + artifacts/live_response/packages/brew.yaml | 39 ++++++++++++++++++++++ uac | 2 +- 3 files changed, 41 insertions(+), 1 deletion(-) create mode 100644 artifacts/live_response/packages/brew.yaml diff --git a/CHANGELOG.md b/CHANGELOG.md index 58da373..e6a7d2b 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -11,6 +11,7 @@ - files/packages/pkg_contents.yaml: Updated collection support for NetBSD 10 [netbsd] (by [Herbert-Karl](https://github.com/Herbert-Karl)). - live_response/containers/docker.yaml: Added collection support for resource usage statistics of each container [linux]. - live_response/containers/podman.yaml: Added collection support for resource usage statistics of each container [linux]. +- live_response/packages/brew.yaml: Added collection support for packages installed through brew package manager [macos] (by [Pierre-Gronau-ndaal](https://github.com/Pierre-Gronau-ndaal)). - live_response/packages/equo.yaml: Added collection support for packages installed through Entropy package manager [linux] (by [Pierre-Gronau-ndaal](https://github.com/Pierre-Gronau-ndaal)). - live_response/packages/nix.yaml: Added collection support for packages installed through Nix package manager [linux] (by [Pierre-Gronau-ndaal](https://github.com/Pierre-Gronau-ndaal)). - live_response/packages/pip.yaml: Added collection support for Python packages installed through pip [linux] (by [sanderu](https://github.com/sanderu)). diff --git a/artifacts/live_response/packages/brew.yaml b/artifacts/live_response/packages/brew.yaml new file mode 100644 index 0000000..126ab2e --- /dev/null +++ b/artifacts/live_response/packages/brew.yaml @@ -0,0 +1,39 @@ +version: 1.0 +artifacts: + - + description: Display installed packages. + supported_os: [macos] + collector: command + command: brew list + output_file: brew_list.txt + - + description: Display CLI only installed packages. + supported_os: [macos] + collector: command + command: brew list --formula + output_file: brew_list_--formula.txt + - + description: Display GUI only installed packages. + supported_os: [macos] + collector: command + command: brew list --cask + output_file: brew_list_--cask.txt + - + description: Display installed packages including their version numbers. + supported_os: [macos] + collector: command + command: brew list --versions --multiple + output_file: brew_list_--versions_--multiple.txt + - + description: Display all top-level packages. + supported_os: [macos] + collector: command + command: brew leaves + output_file: brew_leaves.txt + - + description: Display installed packages and their dependencies, in a tree view. + supported_os: [macos] + collector: command + command: brew deps --tree --installed + output_file: brew_deps_--tree_--installed.txt + diff --git a/uac b/uac index 1fc662a..58b398b 100755 --- a/uac +++ b/uac @@ -32,7 +32,7 @@ fi # set path PATH="/usr/xpg4/bin:/usr/xpg6/bin:/bin:/sbin:/usr/bin:/usr/sbin" PATH="${PATH}:/usr/local/bin:/usr/local/sbin:/usr/ucb:/usr/ccs/bin:/opt/bin" -PATH="${PATH}:/opt/sbin:/opt/local/bin:/snap/bin:/netscaler" +PATH="${PATH}:/opt/sbin:/opt/local/bin:/snap/bin:/netscaler:/opt/homebrew/bin" export PATH # load lib files From d46c0a99244a9a638ffad113e4dca5a65acae01f Mon Sep 17 00:00:00 2001 From: Thiago Canozzo Lahr Date: Mon, 29 Apr 2024 18:50:38 -0300 Subject: [PATCH 24/44] feat: collect all artifacts if debug is enabled try to collect all artifacts regardless of the operating system if the debugging mode is enabled (--debug) --- CHANGELOG.md | 1 + lib/parse_artifacts_file.sh | 4 +++- uac | 10 ++++++---- 3 files changed, 10 insertions(+), 5 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index e6a7d2b..dba71f7 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -5,6 +5,7 @@ ### Features - uac.log and uac.log.stderr files were moved to the front of the output archive file (by [rbcrwd](https://github.com/rbcrwd)). +- UAC will try to collect all artifacts regardless of the operating system if the debugging mode is enabled (--debug). ### Artifacts diff --git a/lib/parse_artifacts_file.sh b/lib/parse_artifacts_file.sh index a4dd89f..5d856c6 100644 --- a/lib/parse_artifacts_file.sh +++ b/lib/parse_artifacts_file.sh @@ -29,6 +29,7 @@ parse_artifacts_file() { pa_artifacts_file="${1:-}" pa_root_output_directory="${2:-}" + pa_debug_mode="${3:-false}" # return if artifacts file does not exist if [ ! -f "${pa_artifacts_file}" ]; then @@ -195,8 +196,9 @@ sequence of mappings\n" >&2 # cannot use ! is_element_in_list because it is not accepted by solaris # skip if artifact does not apply to the current operating system + # run all artifacts if debugging mode is on if is_element_in_list "${OPERATING_SYSTEM}" "${pa_supported_os}" \ - || is_element_in_list "all" "${pa_supported_os}"; then + || is_element_in_list "all" "${pa_supported_os}" || ${pa_debug_mode}; then # shellcheck disable=SC2034 pa_do_nothing=true else diff --git a/uac b/uac index 58b398b..f256e85 100755 --- a/uac +++ b/uac @@ -30,9 +30,10 @@ from untarred directory.\n" >&2 fi # set path -PATH="/usr/xpg4/bin:/usr/xpg6/bin:/bin:/sbin:/usr/bin:/usr/sbin" -PATH="${PATH}:/usr/local/bin:/usr/local/sbin:/usr/ucb:/usr/ccs/bin:/opt/bin" -PATH="${PATH}:/opt/sbin:/opt/local/bin:/snap/bin:/netscaler:/opt/homebrew/bin" +ua_path="/usr/xpg4/bin:/usr/xpg6/bin:/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin" +ua_path="${ua_path}:/usr/local/sbin:/usr/ucb:/usr/ccs/bin:/opt/bin:/opt/sbin" +ua_path="${ua_path}:/opt/local/bin:/snap/bin:/netscaler:/opt/homebrew/bin" +PATH="${ua_path}:${PATH}" export PATH # load lib files @@ -746,7 +747,8 @@ while read ua_artifact_file || [ -n "${ua_artifact_file}" ]; do "${ua_progress_total}" "${ua_progress_timestamp}" "${ua_artifact_file}" ua_artifacts_root_output_directory=`dirname "${ua_artifact_file}"` parse_artifacts_file "${UAC_DIR}/artifacts/${ua_artifact_file}" \ - "${ua_artifacts_root_output_directory}" + "${ua_artifacts_root_output_directory}" \ + "${ua_debug_mode}" find "${TEMP_DATA_DIR}/${ua_artifacts_root_output_directory}" -type f -print \ | sed -e "s|^${TEMP_DATA_DIR}/||" >>"${TEMP_DATA_DIR}/.output_file.tmp" done <"${TEMP_DATA_DIR}/.artifacts.tmp" 2>>"${UAC_STDERR_LOG_FILE}" From 7c8008bfd71b576c4edab5e5d47b0e1a476dfae8 Mon Sep 17 00:00:00 2001 From: Pierre-Gronau-ndaal <72132223+Pierre-Gronau-ndaal@users.noreply.github.com> Date: Thu, 2 May 2024 20:15:34 +0200 Subject: [PATCH 25/44] Update auditctl.yaml --- artifacts/live_response/system/auditctl.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/artifacts/live_response/system/auditctl.yaml b/artifacts/live_response/system/auditctl.yaml index 1a9829c..fbec798 100644 --- a/artifacts/live_response/system/auditctl.yaml +++ b/artifacts/live_response/system/auditctl.yaml @@ -2,14 +2,14 @@ version: 1.0 artifacts: - description: Display kernel's audit rules. - supported_os: [linux] + supported_os: [linux, macos] collector: command command: auditctl -l output_file: auditctl_-l.txt - description: Display the kernel's audit subsystem status. - supported_os: [linux] + supported_os: [linux, macos] collector: command command: auditctl -s output_file: auditctl_-s.txt - \ No newline at end of file + From 728a0c0a469a1926bc492a7f7c66f5fb6114c99e Mon Sep 17 00:00:00 2001 From: Pierre-Gronau-ndaal <72132223+Pierre-Gronau-ndaal@users.noreply.github.com> Date: Mon, 6 May 2024 14:24:51 +0200 Subject: [PATCH 26/44] Update var_log.yaml esxi --- artifacts/files/logs/var_log.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/artifacts/files/logs/var_log.yaml b/artifacts/files/logs/var_log.yaml index a54d4d7..d7b2552 100644 --- a/artifacts/files/logs/var_log.yaml +++ b/artifacts/files/logs/var_log.yaml @@ -2,7 +2,7 @@ version: 3.0 artifacts: - description: Collect /var/log logs. - supported_os: [aix, freebsd, linux, netbsd, netscaler, openbsd, solaris] + supported_os: [aix, freebsd, linux, netbsd, netscaler, openbsd, solaris, esxi] collector: file path: /var/log max_file_size: 1073741824 # 1GB From 79a9c164d063a501a5556dd241866dab2dd3376e Mon Sep 17 00:00:00 2001 From: Thiago Canozzo Lahr Date: Tue, 7 May 2024 08:25:42 -0300 Subject: [PATCH 27/44] Update var_log.yaml --- artifacts/files/logs/var_log.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/artifacts/files/logs/var_log.yaml b/artifacts/files/logs/var_log.yaml index d7b2552..f4b8a43 100644 --- a/artifacts/files/logs/var_log.yaml +++ b/artifacts/files/logs/var_log.yaml @@ -2,7 +2,7 @@ version: 3.0 artifacts: - description: Collect /var/log logs. - supported_os: [aix, freebsd, linux, netbsd, netscaler, openbsd, solaris, esxi] + supported_os: [aix, esxi, freebsd, linux, netbsd, netscaler, openbsd, solaris] collector: file path: /var/log max_file_size: 1073741824 # 1GB From 9e3de183bd4d5b286af4e5d53905f1cf29fd5f1e Mon Sep 17 00:00:00 2001 From: Thiago Canozzo Lahr Date: Tue, 7 May 2024 08:31:03 -0300 Subject: [PATCH 28/44] refactor: update new artifacts section --- CHANGELOG.md | 1 + 1 file changed, 1 insertion(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index dba71f7..b7a6b17 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -9,6 +9,7 @@ ### Artifacts +- files/logs/var_log.yaml: Updated collection to support new system [esxi] (by [Pierre-Gronau-ndaal](https://github.com/Pierre-Gronau-ndaal)). - files/packages/pkg_contents.yaml: Updated collection support for NetBSD 10 [netbsd] (by [Herbert-Karl](https://github.com/Herbert-Karl)). - live_response/containers/docker.yaml: Added collection support for resource usage statistics of each container [linux]. - live_response/containers/podman.yaml: Added collection support for resource usage statistics of each container [linux]. From ecf41b78a7a4090eb0ba844c38b438c24291ba22 Mon Sep 17 00:00:00 2001 From: Hal Pomeranz Date: Thu, 9 May 2024 15:49:17 -0400 Subject: [PATCH 29/44] artif: collect transient and per-user systemd timer information Collect transient timer *.{timer,service} files from /run/systemd/transient/ and /run/user/*/systemd/transient Collect per-user files from $HOME/.config/systemd Signed-off-by: Hal Pomeranz --- artifacts/files/system/systemd.yaml | 17 ++++++++++++++--- 1 file changed, 14 insertions(+), 3 deletions(-) diff --git a/artifacts/files/system/systemd.yaml b/artifacts/files/system/systemd.yaml index 6d7fd0d..aa30332 100644 --- a/artifacts/files/system/systemd.yaml +++ b/artifacts/files/system/systemd.yaml @@ -1,4 +1,4 @@ -version: 2.0 +version: 2.1 artifacts: - description: Collect systemd configuration files. @@ -19,8 +19,19 @@ artifacts: path: /run/systemd/sessions file_type: f - - description: Collect systemd scope files. + description: Collect systemd scope and transient timer files. supported_os: [linux] collector: file path: /run/systemd/transient - name_pattern: ["*.scope"] + name_pattern: ["*.scope", "*.timer", "*.service"] + - + description: Collect systemd per-user transient timers. + supported_os: [linux] + collector: file + path: /run/user/*/systemd/transient + name_pattern: ["*.timer", "*.service"] + - + description: Collect systemd per-user configuration. + supported_os: [linux] + collector: file + path: /%user_home%/.config/systemd From cdce5830ec6fcfc95c4f600a8c8339323fdbc1cf Mon Sep 17 00:00:00 2001 From: Hal Pomeranz Date: Thu, 9 May 2024 15:52:20 -0400 Subject: [PATCH 30/44] artif: collect systemd timer status Collect output of "systemctl status *.timer" Signed-off-by: Hal Pomeranz --- artifacts/live_response/system/systemctl.yaml | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/artifacts/live_response/system/systemctl.yaml b/artifacts/live_response/system/systemctl.yaml index bce489c..ed21287 100644 --- a/artifacts/live_response/system/systemctl.yaml +++ b/artifacts/live_response/system/systemctl.yaml @@ -1,4 +1,4 @@ -version: 1.0 +version: 1.1 artifacts: - description: Display all systemd system units. @@ -12,10 +12,16 @@ artifacts: collector: command command: systemctl list-timers --all output_file: systemctl_list-timers_--all.txt + - + description: Get status from all timers, including logs + supported_os: [linux] + collector: command + command: systemctl status *.timer + output_file: systemctl_status_timer.txt - description: Display unit files installed on the system, in combination with their enablement state (as reported by is-enabled). supported_os: [linux] collector: command command: systemctl list-unit-files output_file: systemctl_list-unit-files.txt - \ No newline at end of file + From c860d61e0676a0d04cd1d877bf8482f5639144b7 Mon Sep 17 00:00:00 2001 From: sec-hbaer <150132280+sec-hbaer@users.noreply.github.com> Date: Mon, 13 May 2024 11:26:59 +0200 Subject: [PATCH 31/44] artif: solaris services --- artifacts/files/system/svc.yaml | 26 ++++++++++++++++++++++++++ 1 file changed, 26 insertions(+) create mode 100644 artifacts/files/system/svc.yaml diff --git a/artifacts/files/system/svc.yaml b/artifacts/files/system/svc.yaml new file mode 100644 index 0000000..020faf2 --- /dev/null +++ b/artifacts/files/system/svc.yaml @@ -0,0 +1,26 @@ +version: 1.0 +artifacts: + - + description: Collect svc manifest files. + supported_os: [solaris] + collector: file + path: /lib/svc/manifest + ignore_date_range: true + - + description: Collect svc manifest files. + supported_os: [solaris] + collector: file + path: /var/svc/manifest + ignore_date_range: true + - + description: Collect svc method (service start) files. + supported_os: [solaris] + collector: file + path: /lib/svc/method + ignore_date_range: true + - + description: Collect svc log files. + supported_os: [solaris] + collector: file + path: /var/svc/log + max_file_size: 1073741824 # 1GB From 5246d6f5e651bbc056cee93efa26e4fa5e6fbe45 Mon Sep 17 00:00:00 2001 From: sec-hbaer <150132280+sec-hbaer@users.noreply.github.com> Date: Tue, 14 May 2024 14:22:46 +0200 Subject: [PATCH 32/44] artif: solaris specific locations for login record files --- artifacts/files/logs/solaris.yaml | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) create mode 100644 artifacts/files/logs/solaris.yaml diff --git a/artifacts/files/logs/solaris.yaml b/artifacts/files/logs/solaris.yaml new file mode 100644 index 0000000..ed25050 --- /dev/null +++ b/artifacts/files/logs/solaris.yaml @@ -0,0 +1,17 @@ +version: 1.0 +artifacts: + - + description: Collect lastlog log file. + supported_os: [solaris] + collector: file + path: /var/share/adm/lastlog + - + description: Collect wtmpx log file. + supported_os: [solaris] + collector: file + path: /var/share/adm/wtmpx + - + description: Collect utmpx log file. + supported_os: [solaris] + collector: file + path: /system/volatile/utmpx From 0151b32581a4e4b22712628d8363c16891ca4655 Mon Sep 17 00:00:00 2001 From: sec-hbaer <150132280+sec-hbaer@users.noreply.github.com> Date: Tue, 14 May 2024 14:24:22 +0200 Subject: [PATCH 33/44] moved solaris svc logs between artifact files --- artifacts/files/logs/solaris.yaml | 6 ++++++ artifacts/files/system/svc.yaml | 7 +------ 2 files changed, 7 insertions(+), 6 deletions(-) diff --git a/artifacts/files/logs/solaris.yaml b/artifacts/files/logs/solaris.yaml index ed25050..9411324 100644 --- a/artifacts/files/logs/solaris.yaml +++ b/artifacts/files/logs/solaris.yaml @@ -15,3 +15,9 @@ artifacts: supported_os: [solaris] collector: file path: /system/volatile/utmpx + - + description: Collect svc log files. + supported_os: [solaris] + collector: file + path: /var/svc/log + max_file_size: 1073741824 # 1GB diff --git a/artifacts/files/system/svc.yaml b/artifacts/files/system/svc.yaml index 020faf2..4e32c9f 100644 --- a/artifacts/files/system/svc.yaml +++ b/artifacts/files/system/svc.yaml @@ -18,9 +18,4 @@ artifacts: collector: file path: /lib/svc/method ignore_date_range: true - - - description: Collect svc log files. - supported_os: [solaris] - collector: file - path: /var/svc/log - max_file_size: 1073741824 # 1GB + From 499de3ccb7956c17fea8d168f2542faa86c5c97b Mon Sep 17 00:00:00 2001 From: sec-hbaer <150132280+sec-hbaer@users.noreply.github.com> Date: Tue, 14 May 2024 15:17:46 +0200 Subject: [PATCH 34/44] artif: solaris specific ld config files --- artifacts/files/system/var_ld.yaml | 7 +++++++ 1 file changed, 7 insertions(+) create mode 100644 artifacts/files/system/var_ld.yaml diff --git a/artifacts/files/system/var_ld.yaml b/artifacts/files/system/var_ld.yaml new file mode 100644 index 0000000..56d0dcd --- /dev/null +++ b/artifacts/files/system/var_ld.yaml @@ -0,0 +1,7 @@ +version: 1.0 +artifacts: + - + description: Collect ld config files. + supported_os: [solaris] + collector: file + path: /var/ld From d45db9777b89839ea45f114ba5e8754d86941e30 Mon Sep 17 00:00:00 2001 From: sec-hbaer <150132280+sec-hbaer@users.noreply.github.com> Date: Wed, 15 May 2024 09:47:42 +0200 Subject: [PATCH 35/44] artif: content and list of installed packages on solaris --- artifacts/files/packages/pkg_contents.yaml | 7 ++++++- artifacts/live_response/packages/pkg.yaml | 5 ++--- 2 files changed, 8 insertions(+), 4 deletions(-) diff --git a/artifacts/files/packages/pkg_contents.yaml b/artifacts/files/packages/pkg_contents.yaml index f3e450d..9f219fe 100644 --- a/artifacts/files/packages/pkg_contents.yaml +++ b/artifacts/files/packages/pkg_contents.yaml @@ -1,4 +1,4 @@ -version: 1.0 +version: 2.0 artifacts: - description: Collect package table of contents files. @@ -12,3 +12,8 @@ artifacts: collector: file path: /usr/pkg/pkgdb path_pattern: ["*/+CONTENTS"] + - + description: Collect package table of contents files. + supported_os: [solaris] + collector: file + path: /var/pkg/publisher/*/pkg diff --git a/artifacts/live_response/packages/pkg.yaml b/artifacts/live_response/packages/pkg.yaml index 744fb6c..fb74cb5 100644 --- a/artifacts/live_response/packages/pkg.yaml +++ b/artifacts/live_response/packages/pkg.yaml @@ -1,10 +1,9 @@ -version: 1.0 +version: 2.0 artifacts: - description: Displays information about installed packages. - supported_os: [freebsd] + supported_os: [freebsd, solaris] collector: command command: pkg info output_file: pkg_info.txt - \ No newline at end of file From 41e73ccda0042132c78093a74925155be1f4f774 Mon Sep 17 00:00:00 2001 From: sec-hbaer <150132280+sec-hbaer@users.noreply.github.com> Date: Wed, 15 May 2024 09:48:38 +0200 Subject: [PATCH 36/44] fix: solaris ld config no filter on date range --- artifacts/files/system/var_ld.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/artifacts/files/system/var_ld.yaml b/artifacts/files/system/var_ld.yaml index 56d0dcd..ef9629c 100644 --- a/artifacts/files/system/var_ld.yaml +++ b/artifacts/files/system/var_ld.yaml @@ -5,3 +5,4 @@ artifacts: supported_os: [solaris] collector: file path: /var/ld + ignore_date_range: true From d9ded8214472c5884e24d14f0f20c93c8478a0da Mon Sep 17 00:00:00 2001 From: Thiago Canozzo Lahr Date: Wed, 15 May 2024 18:52:13 -0300 Subject: [PATCH 37/44] feat: remove feature on debug mode on --- CHANGELOG.md | 1 - artifacts/live_response/packages/pip.yaml | 12 ++++++------ lib/parse_artifacts_file.sh | 4 +--- uac | 3 +-- 4 files changed, 8 insertions(+), 12 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index b7a6b17..c90408e 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -5,7 +5,6 @@ ### Features - uac.log and uac.log.stderr files were moved to the front of the output archive file (by [rbcrwd](https://github.com/rbcrwd)). -- UAC will try to collect all artifacts regardless of the operating system if the debugging mode is enabled (--debug). ### Artifacts diff --git a/artifacts/live_response/packages/pip.yaml b/artifacts/live_response/packages/pip.yaml index db81a20..47f3dfa 100644 --- a/artifacts/live_response/packages/pip.yaml +++ b/artifacts/live_response/packages/pip.yaml @@ -2,14 +2,14 @@ version: 1.0 artifacts: - description: Display Python packages installed through pip. - supported_os: [linux] + supported_os: [all] collector: command command: pip list output_file: pip_list.txt - - description: Display information about Python pip-packages. - supported_os: [linux] + description: Display Python packages installed through pip. + supported_os: [all] collector: command - foreach: pip list | awk '{print $1}' | tail -n +3 - command: pip show %line% - output_file: pip_show_%line%.txt + command: pip list -v + output_file: pip_list_-v.txt + diff --git a/lib/parse_artifacts_file.sh b/lib/parse_artifacts_file.sh index 5d856c6..a4dd89f 100644 --- a/lib/parse_artifacts_file.sh +++ b/lib/parse_artifacts_file.sh @@ -29,7 +29,6 @@ parse_artifacts_file() { pa_artifacts_file="${1:-}" pa_root_output_directory="${2:-}" - pa_debug_mode="${3:-false}" # return if artifacts file does not exist if [ ! -f "${pa_artifacts_file}" ]; then @@ -196,9 +195,8 @@ sequence of mappings\n" >&2 # cannot use ! is_element_in_list because it is not accepted by solaris # skip if artifact does not apply to the current operating system - # run all artifacts if debugging mode is on if is_element_in_list "${OPERATING_SYSTEM}" "${pa_supported_os}" \ - || is_element_in_list "all" "${pa_supported_os}" || ${pa_debug_mode}; then + || is_element_in_list "all" "${pa_supported_os}"; then # shellcheck disable=SC2034 pa_do_nothing=true else diff --git a/uac b/uac index f256e85..f9dfb71 100755 --- a/uac +++ b/uac @@ -747,8 +747,7 @@ while read ua_artifact_file || [ -n "${ua_artifact_file}" ]; do "${ua_progress_total}" "${ua_progress_timestamp}" "${ua_artifact_file}" ua_artifacts_root_output_directory=`dirname "${ua_artifact_file}"` parse_artifacts_file "${UAC_DIR}/artifacts/${ua_artifact_file}" \ - "${ua_artifacts_root_output_directory}" \ - "${ua_debug_mode}" + "${ua_artifacts_root_output_directory}" find "${TEMP_DATA_DIR}/${ua_artifacts_root_output_directory}" -type f -print \ | sed -e "s|^${TEMP_DATA_DIR}/||" >>"${TEMP_DATA_DIR}/.output_file.tmp" done <"${TEMP_DATA_DIR}/.artifacts.tmp" 2>>"${UAC_STDERR_LOG_FILE}" From 7b12fd99e68d5cce929ee036573257dd3e9a56be Mon Sep 17 00:00:00 2001 From: Thiago Canozzo Lahr Date: Wed, 15 May 2024 19:41:06 -0300 Subject: [PATCH 38/44] artif: add /var/audit --- artifacts/files/logs/macos.yaml | 7 +++++++ artifacts/live_response/system/auditctl.yaml | 4 ++-- 2 files changed, 9 insertions(+), 2 deletions(-) diff --git a/artifacts/files/logs/macos.yaml b/artifacts/files/logs/macos.yaml index 8bf2051..1e1c566 100644 --- a/artifacts/files/logs/macos.yaml +++ b/artifacts/files/logs/macos.yaml @@ -24,4 +24,11 @@ artifacts: collector: file path: /%user_home%/Library/Logs max_file_size: 1073741824 # 1GB + - + description: Collect auditd logs. + # Reference: https://medium.com/@boutnaru/the-macos-process-journey-auditd-audit-log-management-daemon-1addd6698016 + supported_os: [macos] + collector: file + path: /var/audit + max_file_size: 1073741824 # 1GB \ No newline at end of file diff --git a/artifacts/live_response/system/auditctl.yaml b/artifacts/live_response/system/auditctl.yaml index fbec798..19e9140 100644 --- a/artifacts/live_response/system/auditctl.yaml +++ b/artifacts/live_response/system/auditctl.yaml @@ -2,13 +2,13 @@ version: 1.0 artifacts: - description: Display kernel's audit rules. - supported_os: [linux, macos] + supported_os: [linux] collector: command command: auditctl -l output_file: auditctl_-l.txt - description: Display the kernel's audit subsystem status. - supported_os: [linux, macos] + supported_os: [linux] collector: command command: auditctl -s output_file: auditctl_-s.txt From 343c4e8ad90d2b00a10cb244d22eb89a30d72b1e Mon Sep 17 00:00:00 2001 From: sec-hbaer <150132280+sec-hbaer@users.noreply.github.com> Date: Thu, 16 May 2024 09:02:24 +0200 Subject: [PATCH 39/44] explicit collection of webui logs --- artifacts/files/logs/solaris.yaml | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/artifacts/files/logs/solaris.yaml b/artifacts/files/logs/solaris.yaml index 9411324..bd86d14 100644 --- a/artifacts/files/logs/solaris.yaml +++ b/artifacts/files/logs/solaris.yaml @@ -21,3 +21,9 @@ artifacts: collector: file path: /var/svc/log max_file_size: 1073741824 # 1GB + - + description: Collect webui log files. + supported_os: [solaris] + collector: file + path: /var/webui/logs + max_file_size: 1073741824 # 1GB From c636c4b280a5014fa71f2faf5e1ae13218cc7911 Mon Sep 17 00:00:00 2001 From: Thiago Canozzo Lahr Date: Mon, 20 May 2024 08:09:19 -0300 Subject: [PATCH 40/44] refactor: change to alphabetical order --- CHANGELOG.md | 10 +++++++--- artifacts/files/packages/pkg_contents.yaml | 2 +- artifacts/files/system/systemd.yaml | 4 ++-- 3 files changed, 10 insertions(+), 6 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index c90408e..76f06b1 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -8,8 +8,14 @@ ### Artifacts +- files/logs/macos.yaml: Updated collection support for auditd logs [macos] (by [Pierre-Gronau-ndaal](https://github.com/Pierre-Gronau-ndaal)). +- files/logs/solaris.yaml: Added collection support for lastlog, wtmpx, utmpx, svc and webui logs that are stored outside /var/log directory [solaris] (by [sec-hbaer](https://github.com/sec-hbaer)). - files/logs/var_log.yaml: Updated collection to support new system [esxi] (by [Pierre-Gronau-ndaal](https://github.com/Pierre-Gronau-ndaal)). - files/packages/pkg_contents.yaml: Updated collection support for NetBSD 10 [netbsd] (by [Herbert-Karl](https://github.com/Herbert-Karl)). +- files/packages/pkg_contents.yaml: Updated collection support for package table of contents files [solaris] (by [sec-hbaer](https://github.com/sec-hbaer)). +- files/system/svc.yaml: Added collection support for svc manifest and method (service start) files [solaris] (by [sec-hbaer](https://github.com/sec-hbaer)). +- files/system/systemd.yaml: Updated collection to support artifacts related to transient and per-user systemd timers [linux] (by [halpomeranz](https://github.com/halpomeranz)). +- files/system/var_ld.yaml: Added collection support for ld config files [solaris] (by [sec-hbaer](https://github.com/sec-hbaer)). - live_response/containers/docker.yaml: Added collection support for resource usage statistics of each container [linux]. - live_response/containers/podman.yaml: Added collection support for resource usage statistics of each container [linux]. - live_response/packages/brew.yaml: Added collection support for packages installed through brew package manager [macos] (by [Pierre-Gronau-ndaal](https://github.com/Pierre-Gronau-ndaal)). @@ -17,9 +23,7 @@ - live_response/packages/nix.yaml: Added collection support for packages installed through Nix package manager [linux] (by [Pierre-Gronau-ndaal](https://github.com/Pierre-Gronau-ndaal)). - live_response/packages/pip.yaml: Added collection support for Python packages installed through pip [linux] (by [sanderu](https://github.com/sanderu)). - live_response/packages/pisi.yaml: Added collection support for packages installed through pisi package manager [linux] (by [Pierre-Gronau-ndaal](https://github.com/Pierre-Gronau-ndaal)). +- live_response/packages/pkg.yaml: Updated collection support for information about installed packages [solaris] (by [sec-hbaer](https://github.com/sec-hbaer)). - live_response/packages/xbps.yaml: Added collection support for packages installed through XBPS package manager [linux] (by [Pierre-Gronau-ndaal](https://github.com/Pierre-Gronau-ndaal)). - live_response/packages/yay.yaml: Added collection support for packages installed through Yay [linux] (by [Pierre-Gronau-ndaal](https://github.com/Pierre-Gronau-ndaal)). - live_response/system/modinfo.yaml: Added collection support for information about loaded kernel modules [linux, solaris] (by [sanderu](https://github.com/sanderu)). - -### Fixes - diff --git a/artifacts/files/packages/pkg_contents.yaml b/artifacts/files/packages/pkg_contents.yaml index 9f219fe..533aabd 100644 --- a/artifacts/files/packages/pkg_contents.yaml +++ b/artifacts/files/packages/pkg_contents.yaml @@ -2,7 +2,7 @@ version: 2.0 artifacts: - description: Collect package table of contents files. - supported_os: [openbsd, netbsd] + supported_os: [netbsd, openbsd] collector: file path: /var/db/pkg path_pattern: ["*/+CONTENTS"] diff --git a/artifacts/files/system/systemd.yaml b/artifacts/files/system/systemd.yaml index aa30332..ce60ef2 100644 --- a/artifacts/files/system/systemd.yaml +++ b/artifacts/files/system/systemd.yaml @@ -23,13 +23,13 @@ artifacts: supported_os: [linux] collector: file path: /run/systemd/transient - name_pattern: ["*.scope", "*.timer", "*.service"] + name_pattern: ["*.scope", "*.service", "*.timer"] - description: Collect systemd per-user transient timers. supported_os: [linux] collector: file path: /run/user/*/systemd/transient - name_pattern: ["*.timer", "*.service"] + name_pattern: ["*.service", "*.timer"] - description: Collect systemd per-user configuration. supported_os: [linux] From 801a04c20ca6fd67b8216beacc88714bbf22179e Mon Sep 17 00:00:00 2001 From: Thiago Canozzo Lahr Date: Tue, 21 May 2024 09:04:38 -0300 Subject: [PATCH 41/44] artif: new artifacts --- CHANGELOG.md | 6 ++++ .../process/procfs_information.yaml | 29 +++++++++++++++++-- artifacts/live_response/system/ebpf.yaml | 11 +++++++ .../live_response/system/kernel_modules.yaml | 19 ++++++++++++ 4 files changed, 63 insertions(+), 2 deletions(-) create mode 100644 artifacts/live_response/system/ebpf.yaml create mode 100644 artifacts/live_response/system/kernel_modules.yaml diff --git a/CHANGELOG.md b/CHANGELOG.md index 76f06b1..d6006f1 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -26,4 +26,10 @@ - live_response/packages/pkg.yaml: Updated collection support for information about installed packages [solaris] (by [sec-hbaer](https://github.com/sec-hbaer)). - live_response/packages/xbps.yaml: Added collection support for packages installed through XBPS package manager [linux] (by [Pierre-Gronau-ndaal](https://github.com/Pierre-Gronau-ndaal)). - live_response/packages/yay.yaml: Added collection support for packages installed through Yay [linux] (by [Pierre-Gronau-ndaal](https://github.com/Pierre-Gronau-ndaal)). +- live_response/process/procfs_information.yaml: Added collection support for entries corresponding to memory-mapped files [linux]. +- live_response/process/procfs_information.yaml: Added collection support for listing the contents of /proc/modules [linux]. +- live_response/process/procfs_information.yaml: Added collection support for listing Unix sockets [linux]. +- live_response/system/ebpf.yaml: Added collection support for listing pinned eBPF progs [linux]. +- live_response/system/kernel_modules.yaml: Added collection support for listing available parameters per kernel module [linux]. +- live_response/system/kernel_modules.yaml: Added collection support for listing loaded kernel modules to compare with /proc/modules [linux]. - live_response/system/modinfo.yaml: Added collection support for information about loaded kernel modules [linux, solaris] (by [sanderu](https://github.com/sanderu)). diff --git a/artifacts/live_response/process/procfs_information.yaml b/artifacts/live_response/process/procfs_information.yaml index aa1ca66..d5638d6 100644 --- a/artifacts/live_response/process/procfs_information.yaml +++ b/artifacts/live_response/process/procfs_information.yaml @@ -1,4 +1,4 @@ -version: 1.0 +version: 2.0 artifacts: - description: Collect current running processes information. @@ -42,6 +42,12 @@ artifacts: collector: command command: ls -l /proc/[0-9]*/cwd output_file: ls_-l_proc_pid_cwd.txt + - + description: Display the list of all modules loaded into the kernel. + supported_os: [linux] + collector: command + command: cat /proc/modules + output_file: cat_proc_modules.txt - description: Collect the command name associated with a process. supported_os: [android, linux] @@ -98,6 +104,14 @@ artifacts: command: ls -la /proc/%line%/fd output_directory: proc/%line% output_file: fd.txt + - + description: Collect information about entries corresponding to memory-mapped files. + supported_os: [linux] + collector: command + foreach: for pid in /proc/[0-9]*; do echo ${pid} | sed -e 's:/proc/::'; done + command: ls -la /proc/%line%/map_files + output_directory: proc/%line% + output_file: map_files.txt - description: Collect the initial process' stack trace. supported_os: [android, linux] @@ -114,6 +128,14 @@ artifacts: command: cat /proc/%line%/status output_directory: proc/%line% output_file: status.txt + - + description: Display the list of UNIX sockets. + supported_os: [linux] + collector: command + foreach: for pid in /proc/[0-9]*; do echo ${pid} | sed -e 's:/proc/::'; done + command: cat /proc/%line%/net/unix + output_directory: proc/%line%/net + output_file: unix.txt - description: Collect running process information. supported_os: [aix, solaris] @@ -137,4 +159,7 @@ artifacts: foreach: for pid in /proc/[0-9]*; do echo ${pid} | sed -e 's:/proc/::'; done command: procfiles -n -c %line% output_directory: proc/%line% - output_file: procfiles.txt \ No newline at end of file + output_file: procfiles.txt + +# References: +# https://www.defensive-security.com/storage/uploads/Advanced%20Linux%20Detection%20and%20Forensics%20Cheatsheet%20by%20Defensive%20Security.pdf diff --git a/artifacts/live_response/system/ebpf.yaml b/artifacts/live_response/system/ebpf.yaml new file mode 100644 index 0000000..88a1398 --- /dev/null +++ b/artifacts/live_response/system/ebpf.yaml @@ -0,0 +1,11 @@ +version: 1.0 +artifacts: + - + description: List pinned eBPF progs. + supported_os: [linux] + collector: command + command: ls -la /sys/fs/bpf + output_file: ls_-la_sys_fs_bpf.txt + +# References: +# https://www.defensive-security.com/storage/uploads/Advanced%20Linux%20Detection%20and%20Forensics%20Cheatsheet%20by%20Defensive%20Security.pdf \ No newline at end of file diff --git a/artifacts/live_response/system/kernel_modules.yaml b/artifacts/live_response/system/kernel_modules.yaml new file mode 100644 index 0000000..a1d60d4 --- /dev/null +++ b/artifacts/live_response/system/kernel_modules.yaml @@ -0,0 +1,19 @@ +version: 1.0 +artifacts: + - + description: Display the loaded kernel modules (compare with /proc/modules). + supported_os: [linux] + collector: command + command: ls -la /sys/module + output_file: ls_-la_sys_module.txt + - + description: Display available parameters per kernel module. + supported_os: [linux] + collector: command + foreach: for module in /sys/module/* ; do echo ${module} | sed -e 's:/sys/module/::'; done + command: ls -la /sys/module/%line%/parameters + output_directory: module/%line% + output_file: parameters.txt + +# References: +# https://www.defensive-security.com/storage/uploads/Advanced%20Linux%20Detection%20and%20Forensics%20Cheatsheet%20by%20Defensive%20Security.pdf \ No newline at end of file From 907ec524bb7ee7f9d85e3d26cd349827e3883bcf Mon Sep 17 00:00:00 2001 From: Thiago Canozzo Lahr Date: Wed, 22 May 2024 19:57:36 -0300 Subject: [PATCH 42/44] artif: new artifacts --- artifacts/files/logs/solaris.yaml | 2 +- .../process/procfs_information.yaml | 34 ++++++++----------- 2 files changed, 15 insertions(+), 21 deletions(-) diff --git a/artifacts/files/logs/solaris.yaml b/artifacts/files/logs/solaris.yaml index bd86d14..b2d656c 100644 --- a/artifacts/files/logs/solaris.yaml +++ b/artifacts/files/logs/solaris.yaml @@ -1,4 +1,4 @@ -version: 1.0 +version: 2.0 artifacts: - description: Collect lastlog log file. diff --git a/artifacts/live_response/process/procfs_information.yaml b/artifacts/live_response/process/procfs_information.yaml index d5638d6..7da7b4a 100644 --- a/artifacts/live_response/process/procfs_information.yaml +++ b/artifacts/live_response/process/procfs_information.yaml @@ -8,9 +8,9 @@ artifacts: output_file: ls_-l_proc.txt - description: Collect running processes executable path. - supported_os: [freebsd, macos, openbsd] + supported_os: [aix] collector: command - command: ps -eo args | grep ^/ | awk '{print $1}' | sort -u + command: ls -l /proc/[0-9]*/object/a.out output_file: running_processes_full_paths.txt - description: Collect running processes executable path. @@ -20,15 +20,15 @@ artifacts: output_file: running_processes_full_paths.txt - description: Collect running processes executable path. - supported_os: [netscaler] + supported_os: [freebsd, macos, openbsd] collector: command - command: ls -l /proc/[0-9]*/file + command: ps -eo args | grep ^/ | awk '{print $1}' | sort -u output_file: running_processes_full_paths.txt - description: Collect running processes executable path. - supported_os: [aix] + supported_os: [netscaler] collector: command - command: ls -l /proc/[0-9]*/object/a.out + command: ls -l /proc/[0-9]*/file output_file: running_processes_full_paths.txt - description: Collect running processes executable path. @@ -42,12 +42,6 @@ artifacts: collector: command command: ls -l /proc/[0-9]*/cwd output_file: ls_-l_proc_pid_cwd.txt - - - description: Display the list of all modules loaded into the kernel. - supported_os: [linux] - collector: command - command: cat /proc/modules - output_file: cat_proc_modules.txt - description: Collect the command name associated with a process. supported_os: [android, linux] @@ -144,14 +138,6 @@ artifacts: command: strings /proc/%line%/psinfo output_directory: proc/%line% output_file: psinfo.txt - - - description: Collect the list of files which the process has open. - supported_os: [solaris] - collector: command - foreach: for pid in /proc/[0-9]*; do echo ${pid} | sed -e 's:/proc/::'; done - command: pfiles -F %line% - output_directory: proc/%line% - output_file: pfiles.txt - description: Collect information about all file descriptors opened by a process. supported_os: [aix] @@ -160,6 +146,14 @@ artifacts: command: procfiles -n -c %line% output_directory: proc/%line% output_file: procfiles.txt + - + description: Collect the list of files which the process has open. + supported_os: [solaris] + collector: command + foreach: for pid in /proc/[0-9]*; do echo ${pid} | sed -e 's:/proc/::'; done + command: pfiles -F %line% + output_directory: proc/%line% + output_file: pfiles.txt # References: # https://www.defensive-security.com/storage/uploads/Advanced%20Linux%20Detection%20and%20Forensics%20Cheatsheet%20by%20Defensive%20Security.pdf From 306f3349b4ebd9ff722a8dfbf779456507c6dc4a Mon Sep 17 00:00:00 2001 From: Thiago Canozzo Lahr Date: Wed, 22 May 2024 19:59:47 -0300 Subject: [PATCH 43/44] refactor: exclude uac-data.tmp from output file --- uac | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/uac b/uac index f9dfb71..f31a82c 100755 --- a/uac +++ b/uac @@ -786,6 +786,8 @@ echo "uac.log" | cat - "${TEMP_DATA_DIR}/.temp_output_file.tmp" >"${TEMP_DATA_DI # create output file if command_exists "tar"; then if [ -f "${TEMP_DATA_DIR}/.files.tmp" ]; then + grep -v -E "${UAC_DIR}|/uac-data.tmp/" "${TEMP_DATA_DIR}/.files.tmp" >"${TEMP_DATA_DIR}/.files_uac-data.tmp_removed.tmp" + cp "${TEMP_DATA_DIR}/.files_uac-data.tmp_removed.tmp" "${TEMP_DATA_DIR}/.files.tmp" # sort and uniq sort_uniq_file "${TEMP_DATA_DIR}/.files.tmp" 2>>"${UAC_STDERR_LOG_FILE}" if ${ua_temp_data_dir_symlink_support}; then @@ -842,6 +844,8 @@ else ua_output_filename="${ua_output_base_filename}" printf %b "'tar' not found. Copying collected artifacts to '${ua_destination_dir}/${ua_output_filename}'. Please wait...\n" if [ -f "${TEMP_DATA_DIR}/.files.tmp" ]; then + grep -v -E "${UAC_DIR}|/uac-data.tmp/" "${TEMP_DATA_DIR}/.files.tmp" >"${TEMP_DATA_DIR}/.files_uac-data.tmp_removed.tmp" + cp "${TEMP_DATA_DIR}/.files_uac-data.tmp_removed.tmp" "${TEMP_DATA_DIR}/.files.tmp" # sort and uniq sort_uniq_file "${TEMP_DATA_DIR}/.files.tmp" 2>>"${UAC_STDERR_LOG_FILE}" copy_data "${TEMP_DATA_DIR}/.files.tmp" "${ua_destination_dir}/${ua_output_filename}/[root]" \ From 294bdd34ce6e6e5bf0fc915092ac838fa61daf3a Mon Sep 17 00:00:00 2001 From: Thiago Canozzo Lahr Date: Tue, 28 May 2024 08:40:46 -0300 Subject: [PATCH 44/44] refactor: v2.9.0 --- CHANGELOG.md | 2 +- uac | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index d6006f1..e44f3a5 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,6 +1,6 @@ # Changelog -## DEVELOPMENT VERSION +## 2.9.0 (2024-05-28) ### Features diff --git a/uac b/uac index f31a82c..5546655 100755 --- a/uac +++ b/uac @@ -41,7 +41,7 @@ export PATH . "${UAC_DIR}/lib/load_lib_files.sh" # global vars -UAC_VERSION="DEVELOPMENT VERSION" +UAC_VERSION="2.9.0" MOUNT_POINT="/" OPERATING_SYSTEM="" SYSTEM_ARCH=""