From 9dd81494ae5999b227b3d6070ce64c413e6f35a1 Mon Sep 17 00:00:00 2001
From: Romain Gayon <romaing@google.com>
Date: Thu, 6 Sep 2018 08:57:18 +0200
Subject: [PATCH] Added HadoopAppRoot artifact definition

---
 artifacts/__init__.py    | 2 +-
 artifacts/definitions.py | 1 +
 data/hadoop.yaml         | 9 +++++++++
 3 files changed, 11 insertions(+), 1 deletion(-)
 create mode 100644 data/hadoop.yaml

diff --git a/artifacts/__init__.py b/artifacts/__init__.py
index 7081cea4..43e43e92 100644
--- a/artifacts/__init__.py
+++ b/artifacts/__init__.py
@@ -1,4 +1,4 @@
 # -*- coding: utf-8 -*-
 """ForensicArtifacts.com Artifact Repository."""
 
-__version__ = '20180827'
+__version__ = '20180830'
diff --git a/artifacts/definitions.py b/artifacts/definitions.py
index f7e0fea2..83b7efcc 100644
--- a/artifacts/definitions.py
+++ b/artifacts/definitions.py
@@ -25,6 +25,7 @@
         'Information about any user accounts e.g. username, '
         'account ID, etc.'),
     'External Media': 'Contain external media data or events e.g. USB drives.',
+    'Hadoop': 'Hadoop artifacts.',
     'IM': 'Instant Messaging / Chat applications artifacts.',
     'iOS': 'Artifacts related to iOS devices connected to the system.',
     'History Files': 'History files artifacts e.g. .bash_history.',
diff --git a/data/hadoop.yaml b/data/hadoop.yaml
new file mode 100644
index 00000000..78ed74f8
--- /dev/null
+++ b/data/hadoop.yaml
@@ -0,0 +1,9 @@
+# Hadoop artifacts
+
+name: HadoopAppRoot
+doc: Location where Hadoop application files are stored
+sources:
+- type: PATH
+  attributes: {paths: ['/hadoop/yarn/system/rmstore/FSRMStateRoot/RMAppRoot/application_*/application_*']}
+labels: [Hadoop]
+supported_os: [Linux]