Index: plaso/preprocessors/linux.py |
diff --git a/plaso/preprocessors/linux.py b/plaso/preprocessors/linux.py |
index d26a880213931ab09946583d709ecd9583ab51a7..952fac1d7cd8b13f5866c5f59fded413cae3a2db 100644 |
--- a/plaso/preprocessors/linux.py |
+++ b/plaso/preprocessors/linux.py |
@@ -55,6 +55,44 @@ class LinuxHostnamePlugin(interface.FileArtifactPreprocessorPlugin): |
return result |
+class LinuxSystemProductPlugin(interface.FileArtifactPreprocessorPlugin): |
+ """The Linux system product plugin.""" |
+ |
+ ARTIFACT_DEFINITION_NAME = 'LinuxRelease' |
+ |
+ def _ParseFileData(self, knowledge_base, file_object): |
+ """Parses file content (data) for system product preprocessing attribute. |
+ |
+ Args: |
+ knowledge_base (KnowledgeBase): to fill with preprocessing information. |
+ file_object (dfvfs.FileIO): file-like object that contains the artifact |
+ value data. |
+ |
+ Returns: |
+ bool: True if all the preprocessing attributes were found and |
+ the preprocessor plugin is done. |
+ |
+ Raises: |
+ errors.PreProcessFail: if the preprocessing fails. |
+ """ |
+ result = False |
+ text_file_object = dfvfs_text_file.TextFile(file_object) |
+ system_product = text_file_object.readline() |
aaronp
2017/08/10 17:31:25
This seems like it will work well with the example
Joachim Metz
2017/08/11 06:09:19
Thx for flagging. Now I think of it /etc/lsb-relea
|
+ |
+ try: |
+ system_product = system_product.decode('utf-8') |
+ except UnicodeDecodeError: |
+ # TODO: add and store preprocessing errors. |
+ system_product = system_product.decode('utf-8', errors='replace') |
+ |
+ system_product = system_product.strip() |
+ if system_product: |
+ knowledge_base.SetValue('operating_system_product', system_product) |
+ result = True |
+ |
+ return result |
+ |
+ |
class LinuxTimeZonePlugin(interface.FileEntryArtifactPreprocessorPlugin): |
"""Linux time zone plugin.""" |
@@ -157,4 +195,5 @@ class LinuxUserAccountsPlugin(interface.FileArtifactPreprocessorPlugin): |
manager.PreprocessPluginsManager.RegisterPlugins([ |
- LinuxHostnamePlugin, LinuxTimeZonePlugin, LinuxUserAccountsPlugin]) |
+ LinuxHostnamePlugin, LinuxSystemProductPlugin, LinuxTimeZonePlugin, |
+ LinuxUserAccountsPlugin]) |