Improve keyword scans

[bra1ncramp]

🗣 Description

This PR makes two changes:

• Outputs the hostname of each instance
• Uses zgrep search command. NOTE: --recursive is removed since it is not a valid flag for zgrep

💭 Motivation and context

• Providing the instance hostname gives more clarity in the log output, making it more useful in rolled-over logs
• Using grep to search for key words on instances will only reveal possible IOCs if the incident happened within the last rollover date for the log files. Switching to zgrep enables us to search inside rolled-over (gzipped) log files increases the thoroughness of the scans, thus improving the utility of this script.

✅ Pre-approval checklist

• This PR has an informative and human-readable title.
• Changes are limited to a single goal - eschew scope creep!
• All relevant type-of-change labels have been added.
• I have read the CONTRIBUTING document.
• These code changes follow cisagov code standards.
• All new and existing tests pass.

[mcdonnnj]

This seems reasonable and LGTM. I have one suggestion just to update a comment to reflect the change in functionality.

[dav3r]

I have a couple of small requests:

[dav3r]

👍 Good stuff!

[mcdonnnj]

@cisagov/team-ois I'm a bit hesitant about the version bump given that this PR does not change the Python package functionality at all. Thoughts?

[dav3r]

@cisagov/team-ois I'm a bit hesitant about the version bump given that this PR does not change the Python package functionality at all. Thoughts?

I was on the fence about that also, but I told @bra1ncramp to do it. Since we are changing the way an included script works with this PR, I felt it was warranted, but honestly, I'm fine either way if you and @jsf9k want to overrule that.

[jsf9k]

@cisagov/team-ois I'm a bit hesitant about the version bump given that this PR does not change the Python package functionality at all. Thoughts?

I was on the fence about that also, but I told @bra1ncramp to do it. Since we are changing the way an included script works with this PR, I felt it was warranted, but honestly, I'm fine either way if you and @jsf9k want to overrule that.

I think anytime we make meaningful changes we are potentially breaking functionality (in this case, that of the script in extras/). Certainly we'd want users to be able to say, "Hey, this script worked in 1.5.3 but not in 1.5.4" so I think a version bump makes sense here.

[mcdonnnj]

@cisagov/team-ois I'm a bit hesitant about the version bump given that this PR does not change the Python package functionality at all. Thoughts?

I was on the fence about that also, but I told @bra1ncramp to do it. Since we are changing the way an included script works with this PR, I felt it was warranted, but honestly, I'm fine either way if you and @jsf9k want to overrule that.

I think anytime we make meaningful changes we are potentially breaking functionality (in this case, that of the script in extras/). Certainly we'd want users to be able to say, "Hey, this script worked in 1.5.3 but not in 1.5.4" so I think a version bump makes sense here.

I get that but my core rationale is that the file only exists if you clone the repository or download it manually. The extras/ directory is not included in the wheel when you build the package for distribution which is, in my mind, what the version represents: the Python package.

[jsf9k]

@cisagov/team-ois I'm a bit hesitant about the version bump given that this PR does not change the Python package functionality at all. Thoughts?

I was on the fence about that also, but I told @bra1ncramp to do it. Since we are changing the way an included script works with this PR, I felt it was warranted, but honestly, I'm fine either way if you and @jsf9k want to overrule that.

I think anytime we make meaningful changes we are potentially breaking functionality (in this case, that of the script in extras/). Certainly we'd want users to be able to say, "Hey, this script worked in 1.5.3 but not in 1.5.4" so I think a version bump makes sense here.

I get that but my core rationale is that the file only exists if you clone the repository or download it manually. The extras/ directory is not included in the wheel when you build the package for distribution which is, in my mind, what the version represents: the Python package.

OK, that is a valid argument. I'm fine either way, so I'm happy to defer to @mcdonnnj here. @mcdonnnj - do you mind removing that version bump commit and force-pushing?

[dav3r]

Since the version bump was removed, I went ahead and deleted the pre-merge ("Finalize version") and post-merge ("Create a release") checklist items from the PR description now that they are no longer applicable.

[dav3r]

@mcdonnnj Just waiting on your final approval and then I will merge this.

[jsf9k]

Approval intensifies!!

[jsf9k]

@mcdonnnj Just waiting on your final approval and then I will merge this.

Just turn on auto-merge! It will merge once @mcdonnnj approves.

[mcdonnnj]

oops I knew I forgot to do something.