Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add Apple's remote desktop artifacts #361

Merged
merged 3 commits into from Nov 11, 2019

Conversation

@Karneades
Copy link
Contributor

Karneades commented Oct 10, 2019

No description provided.

Karneades added 2 commits Oct 10, 2019
@Karneades

This comment has been minimized.

Copy link
Contributor Author

Karneades commented Oct 24, 2019

Don't know how to fix ARNING:root:Missing symbolic link: /var/db/RemoteManagement/ClientCaches/* for path: /private/var/db/RemoteManagement/ClientCaches/* defined by artifact definition: MacOSRemoteDesktopAdministratorSystem in file: data\macos.yaml

@joachimmetz

This comment has been minimized.

Copy link
Member

joachimmetz commented Nov 6, 2019

@Karneades sry for the slower response can you explain more about in which context you are running into the warning. Also the validator test is not passing.

@joachimmetz

This comment has been minimized.

Copy link
Member

joachimmetz commented Nov 6, 2019

I see where you get the warning.

PYTHONPATH=. ./tools/validator.py data/macos.yaml 
Validating: data/macos.yaml
WARNING:root:Missing symbolic link: /var/db/RemoteManagement/ClientCaches/* for path: /private/var/db/RemoteManagement/ClientCaches/* defined by artifact definition: MacOSRemoteDesktopAdministratorSystem in file: data/macos.yaml
WARNING:root:Missing symbolic link: /var/db/RemoteManagement/RMDB/rmdb.sqlite3 for path: /private/var/db/RemoteManagement/RMDB/rmdb.sqlite3 defined by artifact definition: MacOSRemoteDesktopAdministratorSystem in file: data/macos.yaml
WARNING:root:Missing symbolic link: /var/db/RemoteManagement/caches/AppUsage.plist for path: /private/var/db/RemoteManagement/caches/AppUsage.plist defined by artifact definition: MacOSRemoteDesktopClientSystem in file: data/macos.yaml
WARNING:root:Missing symbolic link: /var/db/RemoteManagement/caches/UserAcct.tmp for path: /private/var/db/RemoteManagement/caches/UserAcct.tmp defined by artifact definition: MacOSRemoteDesktopClientSystem in file: data/macos.yaml
FAILURE

This means that for every /private/var path you'll need to add the /var equivalent.

Copy link
Member

joachimmetz left a comment

please add missing symbolic link representations of specified paths.

@codecov

This comment has been minimized.

Copy link

codecov bot commented Nov 8, 2019

Codecov Report

Merging #361 into master will increase coverage by 0.35%.
The diff coverage is n/a.

Impacted file tree graph

@@            Coverage Diff             @@
##           master     #361      +/-   ##
==========================================
+ Coverage   91.19%   91.54%   +0.35%     
==========================================
  Files           7        7              
  Lines         420      426       +6     
==========================================
+ Hits          383      390       +7     
+ Misses         37       36       -1
Impacted Files Coverage Δ
artifacts/source_type.py 90.78% <0%> (+1.06%) ⬆️

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update a4da56b...f5af5c0. Read the comment docs.

@joachimmetz joachimmetz self-requested a review Nov 11, 2019
Copy link
Member

joachimmetz left a comment

LGTM

@joachimmetz joachimmetz merged commit 2fa198a into ForensicArtifacts:master Nov 11, 2019
5 checks passed
5 checks passed
CodeFactor No issues found.
Details
codecov/patch Coverage not affected when comparing a4da56b...f5af5c0
Details
codecov/project 91.54% (+0.35%) compared to a4da56b
Details
continuous-integration/appveyor/pr AppVeyor build succeeded
Details
continuous-integration/travis-ci/pr The Travis CI build passed
Details
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
2 participants
You can’t perform that action at this time.