[DEBUG ] Reading configuration from /etc/salt/minion [DEBUG ] Using cached minion ID from /etc/salt/minion_id: ubuntu [DEBUG ] Configuration file path: /etc/salt/minion [WARNING ] Insecure logging configuration detected! Sensitive data may be logged. [DEBUG ] Reading configuration from /etc/salt/minion [DEBUG ] Please install 'virt-what' to improve results of the 'virtual' grain. [DEBUG ] Determining pillar cache [DEBUG ] LazyLoaded jinja.render [DEBUG ] LazyLoaded yaml.render [DEBUG ] LazyLoaded jinja.render [DEBUG ] LazyLoaded yaml.render [DEBUG ] LazyLoaded state.apply [DEBUG ] LazyLoaded saltutil.is_running [DEBUG ] LazyLoaded grains.get [DEBUG ] LazyLoaded roots.envs [DEBUG ] Could not LazyLoad roots.init: 'roots.init' is not available. [DEBUG ] Updating roots fileserver cache [DEBUG ] Determining pillar cache [DEBUG ] LazyLoaded jinja.render [DEBUG ] LazyLoaded yaml.render [INFO ] Loading fresh modules for state activity [DEBUG ] LazyLoaded jinja.render [DEBUG ] LazyLoaded yaml.render [DEBUG ] In saltenv 'base', looking at rel_path 'sift/vm.sls' to resolve 'salt://sift/vm.sls' [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/vm.sls' to resolve 'salt://sift/vm.sls' [DEBUG ] Fetching file from saltenv 'base', ** attempting ** 'salt://sift/vm.sls' [DEBUG ] No dest file found [INFO ] Fetching file from saltenv 'base', ** done ** 'sift/vm.sls' [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/vm.sls [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/vm.sls' using 'jinja' renderer: 0.00314998626709 [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/vm.sls: include: - sift.repos - sift.packages - sift.python-packages - sift.tools - sift.scripts - sift.config sift-version-file: file.managed: - name: /etc/sift-version - source: salt://VERSION - user: root - group: root - require: - sls: sift.repos - sls: sift.packages - sls: sift.python-packages - sls: sift.tools - sls: sift.scripts - sls: sift.config [DEBUG ] LazyLoaded config.get [DEBUG ] Results of YAML rendering: OrderedDict([('include', ['sift.repos', 'sift.packages', 'sift.python-packages', 'sift.tools', 'sift.scripts', 'sift.config']), ('sift-version-file', OrderedDict([('file.managed', [OrderedDict([('name', '/etc/sift-version')]), OrderedDict([('source', 'salt://VERSION')]), OrderedDict([('user', 'root')]), OrderedDict([('group', 'root')]), OrderedDict([('require', [OrderedDict([('sls', 'sift.repos')]), OrderedDict([('sls', 'sift.packages')]), OrderedDict([('sls', 'sift.python-packages')]), OrderedDict([('sls', 'sift.tools')]), OrderedDict([('sls', 'sift.scripts')]), OrderedDict([('sls', 'sift.config')])])])])]))]) [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/vm.sls' using 'yaml' renderer: 0.00642919540405 [DEBUG ] Could not find file 'salt://sift/repos.sls' in saltenv 'base' [DEBUG ] In saltenv 'base', looking at rel_path 'sift/repos/init.sls' to resolve 'salt://sift/repos/init.sls' [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/repos/init.sls' to resolve 'salt://sift/repos/init.sls' [DEBUG ] Fetching file from saltenv 'base', ** attempting ** 'salt://sift/repos/init.sls' [DEBUG ] No dest file found [INFO ] Fetching file from saltenv 'base', ** done ** 'sift/repos/init.sls' [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/repos/init.sls [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/repos/init.sls' using 'jinja' renderer: 0.0010621547699 [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/repos/init.sls: include: - sift.repos.docker - sift.repos.gift - sift.repos.sift - sift.repos.openjdk - sift.repos.ubuntu-multiverse - sift.repos.ubuntu-universe - sift.repos.ubuntu-tweak sift-repos: test.nop: - name: sift-repos - require: - sls: sift.repos.docker - sls: sift.repos.gift - sls: sift.repos.sift - sls: sift.repos.openjdk - sls: sift.repos.ubuntu-multiverse - sls: sift.repos.ubuntu-universe - sls: sift.repos.ubuntu-tweak [DEBUG ] Results of YAML rendering: OrderedDict([('include', ['sift.repos.docker', 'sift.repos.gift', 'sift.repos.sift', 'sift.repos.openjdk', 'sift.repos.ubuntu-multiverse', 'sift.repos.ubuntu-universe', 'sift.repos.ubuntu-tweak']), ('sift-repos', OrderedDict([('test.nop', [OrderedDict([('name', 'sift-repos')]), OrderedDict([('require', [OrderedDict([('sls', 'sift.repos.docker')]), OrderedDict([('sls', 'sift.repos.gift')]), OrderedDict([('sls', 'sift.repos.sift')]), OrderedDict([('sls', 'sift.repos.openjdk')]), OrderedDict([('sls', 'sift.repos.ubuntu-multiverse')]), OrderedDict([('sls', 'sift.repos.ubuntu-universe')]), OrderedDict([('sls', 'sift.repos.ubuntu-tweak')])])])])]))]) [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/repos/init.sls' using 'yaml' renderer: 0.00388383865356 [DEBUG ] In saltenv 'base', looking at rel_path 'sift/repos/docker.sls' to resolve 'salt://sift/repos/docker.sls' [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/repos/docker.sls' to resolve 'salt://sift/repos/docker.sls' [DEBUG ] Fetching file from saltenv 'base', ** attempting ** 'salt://sift/repos/docker.sls' [DEBUG ] No dest file found [INFO ] Fetching file from saltenv 'base', ** done ** 'sift/repos/docker.sls' [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/repos/docker.sls [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/repos/docker.sls' using 'jinja' renderer: 0.00164699554443 [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/repos/docker.sls: include: - ..packages.python-software-properties - ..packages.apt-transport-https sift-docker-repo: pkgrepo.managed: - humanname: Docker - name: deb https://apt.dockerproject.org/repo ubuntu-xenial main - dist: ubuntu-xenial - file: /etc/apt/sources.list.d/docker.list - keyid: 58118E89F3A912897C070ADBF76221572C52609D - keyserver: hkp://p80.pool.sks-keyservers.net:80 - refresh_db: true - require: - pkg: python-software-properties - pkg: apt-transport-https [DEBUG ] Results of YAML rendering: OrderedDict([('include', ['..packages.python-software-properties', '..packages.apt-transport-https']), ('sift-docker-repo', OrderedDict([('pkgrepo.managed', [OrderedDict([('humanname', 'Docker')]), OrderedDict([('name', 'deb https://apt.dockerproject.org/repo ubuntu-xenial main')]), OrderedDict([('dist', 'ubuntu-xenial')]), OrderedDict([('file', '/etc/apt/sources.list.d/docker.list')]), OrderedDict([('keyid', '58118E89F3A912897C070ADBF76221572C52609D')]), OrderedDict([('keyserver', 'hkp://p80.pool.sks-keyservers.net:80')]), OrderedDict([('refresh_db', True)]), OrderedDict([('require', [OrderedDict([('pkg', 'python-software-properties')]), OrderedDict([('pkg', 'apt-transport-https')])])])])]))]) [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/repos/docker.sls' using 'yaml' renderer: 0.00327301025391 [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/python-software-properties.sls' to resolve 'salt://sift/packages/python-software-properties.sls' [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/python-software-properties.sls' to resolve 'salt://sift/packages/python-software-properties.sls' [DEBUG ] Fetching file from saltenv 'base', ** attempting ** 'salt://sift/packages/python-software-properties.sls' [DEBUG ] No dest file found [INFO ] Fetching file from saltenv 'base', ** done ** 'sift/packages/python-software-properties.sls' [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/python-software-properties.sls [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/python-software-properties.sls' using 'jinja' renderer: 0.000752925872803 [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/python-software-properties.sls: python-software-properties: pkg.installed [DEBUG ] Results of YAML rendering: OrderedDict([('python-software-properties', 'pkg.installed')]) [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/python-software-properties.sls' using 'yaml' renderer: 0.000533103942871 [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/apt-transport-https.sls' to resolve 'salt://sift/packages/apt-transport-https.sls' [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/apt-transport-https.sls' to resolve 'salt://sift/packages/apt-transport-https.sls' [DEBUG ] Fetching file from saltenv 'base', ** attempting ** 'salt://sift/packages/apt-transport-https.sls' [DEBUG ] No dest file found [INFO ] Fetching file from saltenv 'base', ** done ** 'sift/packages/apt-transport-https.sls' [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/apt-transport-https.sls [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/apt-transport-https.sls' using 'jinja' renderer: 0.000755071640015 [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/apt-transport-https.sls: apt-transport-https: pkg.installed [DEBUG ] Results of YAML rendering: OrderedDict([('apt-transport-https', 'pkg.installed')]) [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/apt-transport-https.sls' using 'yaml' renderer: 0.000584125518799 [DEBUG ] In saltenv 'base', looking at rel_path 'sift/repos/gift.sls' to resolve 'salt://sift/repos/gift.sls' [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/repos/gift.sls' to resolve 'salt://sift/repos/gift.sls' [DEBUG ] Fetching file from saltenv 'base', ** attempting ** 'salt://sift/repos/gift.sls' [DEBUG ] No dest file found [INFO ] Fetching file from saltenv 'base', ** done ** 'sift/repos/gift.sls' [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/repos/gift.sls [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] [DEBUG ] LazyLoaded pillar.get [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/repos/gift.sls' using 'jinja' renderer: 0.00356984138489 [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/repos/gift.sls: include: - ..packages.python-software-properties sift-gift-dev: pkgrepo.absent: - ppa: gift/dev - require_in: - pkgrepo: sift-gift-repo sift-gift-repo: pkgrepo.managed: - name: gift - ppa: gift/stable - refresh_db: true - require: - pkg: python-software-properties [DEBUG ] Results of YAML rendering: OrderedDict([('include', ['..packages.python-software-properties']), ('sift-gift-dev', OrderedDict([('pkgrepo.absent', [OrderedDict([('ppa', 'gift/dev')]), OrderedDict([('require_in', [OrderedDict([('pkgrepo', 'sift-gift-repo')])])])])])), ('sift-gift-repo', OrderedDict([('pkgrepo.managed', [OrderedDict([('name', 'gift')]), OrderedDict([('ppa', 'gift/stable')]), OrderedDict([('refresh_db', True)]), OrderedDict([('require', [OrderedDict([('pkg', 'python-software-properties')])])])])]))]) [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/repos/gift.sls' using 'yaml' renderer: 0.00301289558411 [DEBUG ] In saltenv 'base', looking at rel_path 'sift/repos/sift.sls' to resolve 'salt://sift/repos/sift.sls' [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/repos/sift.sls' to resolve 'salt://sift/repos/sift.sls' [DEBUG ] Fetching file from saltenv 'base', ** attempting ** 'salt://sift/repos/sift.sls' [DEBUG ] No dest file found [INFO ] Fetching file from saltenv 'base', ** done ** 'sift/repos/sift.sls' [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/repos/sift.sls [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/repos/sift.sls' using 'jinja' renderer: 0.00265002250671 [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/repos/sift.sls: include: - sift.packages.python-software-properties sift-dev: pkgrepo.absent: - ppa: sift/dev - require_in: - pkgrepo: sift-repo sift-repo: pkgrepo.managed: - ppa: sift/stable - refresh_db: true - require: - pkg: python-software-properties [DEBUG ] Results of YAML rendering: OrderedDict([('include', ['sift.packages.python-software-properties']), ('sift-dev', OrderedDict([('pkgrepo.absent', [OrderedDict([('ppa', 'sift/dev')]), OrderedDict([('require_in', [OrderedDict([('pkgrepo', 'sift-repo')])])])])])), ('sift-repo', OrderedDict([('pkgrepo.managed', [OrderedDict([('ppa', 'sift/stable')]), OrderedDict([('refresh_db', True)]), OrderedDict([('require', [OrderedDict([('pkg', 'python-software-properties')])])])])]))]) [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/repos/sift.sls' using 'yaml' renderer: 0.0026650428772 [DEBUG ] In saltenv 'base', looking at rel_path 'sift/repos/openjdk.sls' to resolve 'salt://sift/repos/openjdk.sls' [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/repos/openjdk.sls' to resolve 'salt://sift/repos/openjdk.sls' [DEBUG ] Fetching file from saltenv 'base', ** attempting ** 'salt://sift/repos/openjdk.sls' [DEBUG ] No dest file found [INFO ] Fetching file from saltenv 'base', ** done ** 'sift/repos/openjdk.sls' [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/repos/openjdk.sls [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/repos/openjdk.sls' using 'jinja' renderer: 0.000787019729614 [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/repos/openjdk.sls: include: - ..packages.python-software-properties openjdk-repo: pkgrepo.managed: - ppa: openjdk-r/ppa - refresh_db: true - require: - pkg: python-software-properties [DEBUG ] Results of YAML rendering: OrderedDict([('include', ['..packages.python-software-properties']), ('openjdk-repo', OrderedDict([('pkgrepo.managed', [OrderedDict([('ppa', 'openjdk-r/ppa')]), OrderedDict([('refresh_db', True)]), OrderedDict([('require', [OrderedDict([('pkg', 'python-software-properties')])])])])]))]) [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/repos/openjdk.sls' using 'yaml' renderer: 0.00172710418701 [DEBUG ] In saltenv 'base', looking at rel_path 'sift/repos/ubuntu-multiverse.sls' to resolve 'salt://sift/repos/ubuntu-multiverse.sls' [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/repos/ubuntu-multiverse.sls' to resolve 'salt://sift/repos/ubuntu-multiverse.sls' [DEBUG ] Fetching file from saltenv 'base', ** attempting ** 'salt://sift/repos/ubuntu-multiverse.sls' [DEBUG ] No dest file found [INFO ] Fetching file from saltenv 'base', ** done ** 'sift/repos/ubuntu-multiverse.sls' [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/repos/ubuntu-multiverse.sls [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/repos/ubuntu-multiverse.sls' using 'jinja' renderer: 0.00144696235657 [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/repos/ubuntu-multiverse.sls: sift-multiverse-repo: pkgrepo.managed: - name: deb http://archive.ubuntu.com/ubuntu/ xenial multiverse - refresh_db: true sift-multiverse-repo-security: pkgrepo.managed: - name: deb http://archive.ubuntu.com/ubuntu/ xenial-security multiverse - refresh_db: true [DEBUG ] Results of YAML rendering: OrderedDict([('sift-multiverse-repo', OrderedDict([('pkgrepo.managed', [OrderedDict([('name', 'deb http://archive.ubuntu.com/ubuntu/ xenial multiverse')]), OrderedDict([('refresh_db', True)])])])), ('sift-multiverse-repo-security', OrderedDict([('pkgrepo.managed', [OrderedDict([('name', 'deb http://archive.ubuntu.com/ubuntu/ xenial-security multiverse')]), OrderedDict([('refresh_db', True)])])]))]) [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/repos/ubuntu-multiverse.sls' using 'yaml' renderer: 0.00195908546448 [DEBUG ] In saltenv 'base', looking at rel_path 'sift/repos/ubuntu-universe.sls' to resolve 'salt://sift/repos/ubuntu-universe.sls' [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/repos/ubuntu-universe.sls' to resolve 'salt://sift/repos/ubuntu-universe.sls' [DEBUG ] Fetching file from saltenv 'base', ** attempting ** 'salt://sift/repos/ubuntu-universe.sls' [DEBUG ] No dest file found [INFO ] Fetching file from saltenv 'base', ** done ** 'sift/repos/ubuntu-universe.sls' [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/repos/ubuntu-universe.sls [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/repos/ubuntu-universe.sls' using 'jinja' renderer: 0.00286412239075 [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/repos/ubuntu-universe.sls: sift-universe-repo: pkgrepo.managed: - name: deb http://archive.ubuntu.com/ubuntu/ xenial universe - refresh_db: true [DEBUG ] Results of YAML rendering: OrderedDict([('sift-universe-repo', OrderedDict([('pkgrepo.managed', [OrderedDict([('name', 'deb http://archive.ubuntu.com/ubuntu/ xenial universe')]), OrderedDict([('refresh_db', True)])])]))]) [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/repos/ubuntu-universe.sls' using 'yaml' renderer: 0.00260710716248 [DEBUG ] In saltenv 'base', looking at rel_path 'sift/repos/ubuntu-tweak.sls' to resolve 'salt://sift/repos/ubuntu-tweak.sls' [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/repos/ubuntu-tweak.sls' to resolve 'salt://sift/repos/ubuntu-tweak.sls' [DEBUG ] Fetching file from saltenv 'base', ** attempting ** 'salt://sift/repos/ubuntu-tweak.sls' [DEBUG ] No dest file found [INFO ] Fetching file from saltenv 'base', ** done ** 'sift/repos/ubuntu-tweak.sls' [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/repos/ubuntu-tweak.sls [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/repos/ubuntu-tweak.sls' using 'jinja' renderer: 0.00167417526245 [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/repos/ubuntu-tweak.sls: ubuntutweak: test.nop: - name: ubuntutweak [DEBUG ] Results of YAML rendering: OrderedDict([('ubuntutweak', OrderedDict([('test.nop', [OrderedDict([('name', 'ubuntutweak')])])]))]) [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/repos/ubuntu-tweak.sls' using 'yaml' renderer: 0.000832080841064 [DEBUG ] Could not find file 'salt://sift/packages.sls' in saltenv 'base' [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/init.sls' to resolve 'salt://sift/packages/init.sls' [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/init.sls' to resolve 'salt://sift/packages/init.sls' [DEBUG ] Fetching file from saltenv 'base', ** attempting ** 'salt://sift/packages/init.sls' [DEBUG ] No dest file found [INFO ] Fetching file from saltenv 'base', ** done ** 'sift/packages/init.sls' [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/init.sls [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/init.sls' using 'jinja' renderer: 0.00540399551392 [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/init.sls: include: - sift.packages.absent - sift.packages.aeskeyfind - sift.packages.afflib-tools - sift.packages.afterglow - sift.packages.aircrack-ng - sift.packages.apache2 - sift.packages.arp-scan - sift.packages.autopsy - sift.packages.bcrypt - sift.packages.bitpim - sift.packages.bitpim-lib - sift.packages.bkhive - sift.packages.bless - sift.packages.blt - sift.packages.build-essential - sift.packages.bulk-extractor - sift.packages.cabextract - sift.packages.ccrypt - sift.packages.cifs-utils - sift.packages.clamav - sift.packages.cmospwd - sift.packages.cryptcat - sift.packages.cryptsetup - sift.packages.curl - sift.packages.dc3dd - sift.packages.dcfldd - sift.packages.dconf-tools - sift.packages.docker-engine - sift.packages.driftnet - sift.packages.dsniff - sift.packages.dumbpig - sift.packages.e2fslibs-dev - sift.packages.ent - sift.packages.epic5 - sift.packages.etherape - sift.packages.ettercap-graphical - sift.packages.exfat-fuse - sift.packages.exfat-utils - sift.packages.exif - sift.packages.extundelete - sift.packages.fdupes - sift.packages.feh - sift.packages.flasm - sift.packages.flex - sift.packages.foremost - sift.packages.g++ - sift.packages.gawk - sift.packages.gcc - sift.packages.gdb - sift.packages.gddrescue - sift.packages.ghex - sift.packages.git - sift.packages.graphviz - sift.packages.gthumb - sift.packages.gzrt - sift.packages.hexedit - sift.packages.htop - sift.packages.hydra - sift.packages.hydra-gtk - sift.packages.ipython - sift.packages.jq - sift.packages.kdiff3 - sift.packages.knocker - sift.packages.kpartx - sift.packages.lft - sift.packages.libafflib-dev - sift.packages.libafflib - sift.packages.libbde - sift.packages.libbde-tools - sift.packages.libesedb - sift.packages.libesedb-tools - sift.packages.libevt - sift.packages.libevt-tools - sift.packages.libevtx - sift.packages.libevtx-tools - sift.packages.libewf - sift.packages.libewf-dev - sift.packages.libewf-python - sift.packages.libewf-tools - sift.packages.libffi-dev - sift.packages.libfuse-dev - sift.packages.libfvde - sift.packages.libfvde-tools - sift.packages.liblightgrep - sift.packages.libmsiecf - sift.packages.libncurses - sift.packages.libnet1 - sift.packages.libolecf - sift.packages.libparse-win32registry-perl - sift.packages.libpff - sift.packages.libpff-dev - sift.packages.libpff-python - sift.packages.libpff-tools - sift.packages.libregf - sift.packages.libregf-dev - sift.packages.libregf-python - sift.packages.libregf-tools - sift.packages.libssl-dev - sift.packages.libtext-csv-perl - sift.packages.libvmdk - sift.packages.libvshadow - sift.packages.libvshadow-dev - sift.packages.libvshadow-python - sift.packages.libvshadow-tools - sift.packages.libxml2-dev - sift.packages.libxslt-dev - sift.packages.md5deep - sift.packages.nbd-client - sift.packages.nbtscan - sift.packages.netcat - sift.packages.netpbm - sift.packages.netsed - sift.packages.netwox - sift.packages.nfdump - sift.packages.ngrep - sift.packages.nikto - sift.packages.okular - sift.packages.open-iscsi - sift.packages.openjdk - sift.packages.ophcrack - sift.packages.ophcrack-cli - sift.packages.outguess - sift.packages.p0f - sift.packages.p7zip-full - sift.packages.pdftk - sift.packages.pev - sift.packages.phonon - sift.packages.pkg-config - sift.packages.powershell - sift.packages.pv - sift.packages.pyew - sift.packages.pyew - sift.packages.python - sift.packages.python-dev - sift.packages.python-dfvfs - sift.packages.python-flowgrep - sift.packages.python-fuse - sift.packages.python-nids - sift.packages.python-ntdsxtract - sift.packages.python-pefile - sift.packages.python-pip - sift.packages.python-plaso - sift.packages.python-pytsk3 - sift.packages.python-qt4 - sift.packages.python-tk - sift.packages.python-virtualenv - sift.packages.python-volatility - sift.packages.python-yara - sift.packages.qemu - sift.packages.qemu-utils - sift.packages.radare2 - sift.packages.rar - sift.packages.readpst - sift.packages.regripper - sift.packages.rsakeyfind - sift.packages.safecopy - sift.packages.samba - sift.packages.samdump2 - sift.packages.scalpel - sift.packages.sleuthkit - sift.packages.socat - sift.packages.ssdeep - sift.packages.ssldump - sift.packages.sslsniff - sift.packages.stunnel4 - sift.packages.system-config-samba - sift.packages.tcl - sift.packages.tcpflow - sift.packages.tcpick - sift.packages.tcpreplay - sift.packages.tcpslice - sift.packages.tcpstat - sift.packages.tcptrace - sift.packages.tcptrack - sift.packages.tcpxtract - sift.packages.testdisk - sift.packages.tofrodos - sift.packages.transmission - sift.packages.unity-control-center - sift.packages.unrar - sift.packages.upx-ucl - sift.packages.vbindiff - sift.packages.vim - sift.packages.virtuoso-minimal - sift.packages.vmfs-tools - sift.packages.winbind - sift.packages.wine - sift.packages.wireshark - sift.packages.xdot - sift.packages.xfsprogs - sift.packages.xmount - sift.packages.xpdf - sift.packages.zenity sift-packages: test.nop: - name: sift-packages - require: - sls: sift.packages.aeskeyfind - sls: sift.packages.afflib-tools - sls: sift.packages.afterglow - sls: sift.packages.aircrack-ng - sls: sift.packages.apache2 - sls: sift.packages.arp-scan - sls: sift.packages.autopsy - sls: sift.packages.bcrypt - sls: sift.packages.bitpim - sls: sift.packages.bitpim-lib - sls: sift.packages.bkhive - sls: sift.packages.bless - sls: sift.packages.blt - sls: sift.packages.build-essential - sls: sift.packages.bulk-extractor - sls: sift.packages.cabextract - sls: sift.packages.ccrypt - sls: sift.packages.cifs-utils - sls: sift.packages.clamav - sls: sift.packages.cmospwd - sls: sift.packages.cryptcat - sls: sift.packages.cryptsetup - sls: sift.packages.curl - sls: sift.packages.dc3dd - sls: sift.packages.dcfldd - sls: sift.packages.dconf-tools - sls: sift.packages.docker-engine - sls: sift.packages.driftnet - sls: sift.packages.dsniff - sls: sift.packages.dumbpig - sls: sift.packages.e2fslibs-dev - sls: sift.packages.ent - sls: sift.packages.epic5 - sls: sift.packages.etherape - sls: sift.packages.ettercap-graphical - sls: sift.packages.exfat-fuse - sls: sift.packages.exfat-utils - sls: sift.packages.exif - sls: sift.packages.extundelete - sls: sift.packages.fdupes - sls: sift.packages.feh - sls: sift.packages.flasm - sls: sift.packages.flex - sls: sift.packages.foremost - sls: sift.packages.g++ - sls: sift.packages.gawk - sls: sift.packages.gcc - sls: sift.packages.gdb - sls: sift.packages.gddrescue - sls: sift.packages.ghex - sls: sift.packages.git - sls: sift.packages.graphviz - sls: sift.packages.gthumb - sls: sift.packages.gzrt - sls: sift.packages.hexedit - sls: sift.packages.htop - sls: sift.packages.hydra - sls: sift.packages.hydra-gtk - sls: sift.packages.ipython - sls: sift.packages.jq - sls: sift.packages.kdiff3 - sls: sift.packages.knocker - sls: sift.packages.kpartx - sls: sift.packages.lft - sls: sift.packages.libafflib-dev - sls: sift.packages.libafflib - sls: sift.packages.libbde - sls: sift.packages.libbde-tools - sls: sift.packages.libesedb - sls: sift.packages.libesedb-tools - sls: sift.packages.libevt - sls: sift.packages.libevt-tools - sls: sift.packages.libevtx - sls: sift.packages.libevtx-tools - sls: sift.packages.libewf - sls: sift.packages.libewf-dev - sls: sift.packages.libewf-python - sls: sift.packages.libewf-tools - sls: sift.packages.libffi-dev - sls: sift.packages.libfuse-dev - sls: sift.packages.libfvde - sls: sift.packages.libfvde-tools - sls: sift.packages.liblightgrep - sls: sift.packages.libmsiecf - sls: sift.packages.libncurses - sls: sift.packages.libnet1 - sls: sift.packages.libolecf - sls: sift.packages.libparse-win32registry-perl - sls: sift.packages.libpff - sls: sift.packages.libpff-dev - sls: sift.packages.libpff-python - sls: sift.packages.libpff-tools - sls: sift.packages.libregf - sls: sift.packages.libregf-dev - sls: sift.packages.libregf-python - sls: sift.packages.libregf-tools - sls: sift.packages.libssl-dev - sls: sift.packages.libtext-csv-perl - sls: sift.packages.libvmdk - sls: sift.packages.libvshadow - sls: sift.packages.libvshadow-dev - sls: sift.packages.libvshadow-python - sls: sift.packages.libvshadow-tools - sls: sift.packages.libxml2-dev - sls: sift.packages.libxslt-dev - sls: sift.packages.md5deep - sls: sift.packages.nbd-client - sls: sift.packages.nbtscan - sls: sift.packages.netcat - sls: sift.packages.netpbm - sls: sift.packages.netsed - sls: sift.packages.netwox - sls: sift.packages.nfdump - sls: sift.packages.ngrep - sls: sift.packages.nikto - sls: sift.packages.okular - sls: sift.packages.open-iscsi - sls: sift.packages.openjdk - sls: sift.packages.ophcrack - sls: sift.packages.ophcrack-cli - sls: sift.packages.outguess - sls: sift.packages.p0f - sls: sift.packages.p7zip-full - sls: sift.packages.pdftk - sls: sift.packages.pev - sls: sift.packages.phonon - sls: sift.packages.pkg-config - sls: sift.packages.powershell - sls: sift.packages.pv - sls: sift.packages.pyew - sls: sift.packages.pyew - sls: sift.packages.python - sls: sift.packages.python-dev - sls: sift.packages.python-dfvfs - sls: sift.packages.python-flowgrep - sls: sift.packages.python-fuse - sls: sift.packages.python-nids - sls: sift.packages.python-ntdsxtract - sls: sift.packages.python-pefile - sls: sift.packages.python-pip - sls: sift.packages.python-plaso - sls: sift.packages.python-pytsk3 - sls: sift.packages.python-qt4 - sls: sift.packages.python-tk - sls: sift.packages.python-virtualenv - sls: sift.packages.python-volatility - sls: sift.packages.python-yara - sls: sift.packages.qemu - sls: sift.packages.qemu-utils - sls: sift.packages.radare2 - sls: sift.packages.rar - sls: sift.packages.readpst - sls: sift.packages.regripper - sls: sift.packages.rsakeyfind - sls: sift.packages.safecopy - sls: sift.packages.samba - sls: sift.packages.samdump2 - sls: sift.packages.scalpel - sls: sift.packages.sleuthkit - sls: sift.packages.socat - sls: sift.packages.ssdeep - sls: sift.packages.ssldump - sls: sift.packages.sslsniff - sls: sift.packages.stunnel4 - sls: sift.packages.system-config-samba - sls: sift.packages.tcl - sls: sift.packages.tcpflow - sls: sift.packages.tcpick - sls: sift.packages.tcpreplay - sls: sift.packages.tcpslice - sls: sift.packages.tcpstat - sls: sift.packages.tcptrace - sls: sift.packages.tcptrack - sls: sift.packages.tcpxtract - sls: sift.packages.testdisk - sls: sift.packages.tofrodos - sls: sift.packages.transmission - sls: sift.packages.unity-control-center - sls: sift.packages.unrar - sls: sift.packages.upx-ucl - sls: sift.packages.vbindiff - sls: sift.packages.vim - sls: sift.packages.virtuoso-minimal - sls: sift.packages.vmfs-tools - sls: sift.packages.winbind - sls: sift.packages.wine - sls: sift.packages.wireshark - sls: sift.packages.xdot - sls: sift.packages.xfsprogs - sls: sift.packages.xmount - sls: sift.packages.xpdf - sls: sift.packages.zenity [DEBUG ] Results of YAML rendering: OrderedDict([('include', ['sift.packages.absent', 'sift.packages.aeskeyfind', 'sift.packages.afflib-tools', 'sift.packages.afterglow', 'sift.packages.aircrack-ng', 'sift.packages.apache2', 'sift.packages.arp-scan', 'sift.packages.autopsy', 'sift.packages.bcrypt', 'sift.packages.bitpim', 'sift.packages.bitpim-lib', 'sift.packages.bkhive', 'sift.packages.bless', 'sift.packages.blt', 'sift.packages.build-essential', 'sift.packages.bulk-extractor', 'sift.packages.cabextract', 'sift.packages.ccrypt', 'sift.packages.cifs-utils', 'sift.packages.clamav', 'sift.packages.cmospwd', 'sift.packages.cryptcat', 'sift.packages.cryptsetup', 'sift.packages.curl', 'sift.packages.dc3dd', 'sift.packages.dcfldd', 'sift.packages.dconf-tools', 'sift.packages.docker-engine', 'sift.packages.driftnet', 'sift.packages.dsniff', 'sift.packages.dumbpig', 'sift.packages.e2fslibs-dev', 'sift.packages.ent', 'sift.packages.epic5', 'sift.packages.etherape', 'sift.packages.ettercap-graphical', 'sift.packages.exfat-fuse', 'sift.packages.exfat-utils', 'sift.packages.exif', 'sift.packages.extundelete', 'sift.packages.fdupes', 'sift.packages.feh', 'sift.packages.flasm', 'sift.packages.flex', 'sift.packages.foremost', 'sift.packages.g++', 'sift.packages.gawk', 'sift.packages.gcc', 'sift.packages.gdb', 'sift.packages.gddrescue', 'sift.packages.ghex', 'sift.packages.git', 'sift.packages.graphviz', 'sift.packages.gthumb', 'sift.packages.gzrt', 'sift.packages.hexedit', 'sift.packages.htop', 'sift.packages.hydra', 'sift.packages.hydra-gtk', 'sift.packages.ipython', 'sift.packages.jq', 'sift.packages.kdiff3', 'sift.packages.knocker', 'sift.packages.kpartx', 'sift.packages.lft', 'sift.packages.libafflib-dev', 'sift.packages.libafflib', 'sift.packages.libbde', 'sift.packages.libbde-tools', 'sift.packages.libesedb', 'sift.packages.libesedb-tools', 'sift.packages.libevt', 'sift.packages.libevt-tools', 'sift.packages.libevtx', 'sift.packages.libevtx-tools', 'sift.packages.libewf', 'sift.packages.libewf-dev', 'sift.packages.libewf-python', 'sift.packages.libewf-tools', 'sift.packages.libffi-dev', 'sift.packages.libfuse-dev', 'sift.packages.libfvde', 'sift.packages.libfvde-tools', 'sift.packages.liblightgrep', 'sift.packages.libmsiecf', 'sift.packages.libncurses', 'sift.packages.libnet1', 'sift.packages.libolecf', 'sift.packages.libparse-win32registry-perl', 'sift.packages.libpff', 'sift.packages.libpff-dev', 'sift.packages.libpff-python', 'sift.packages.libpff-tools', 'sift.packages.libregf', 'sift.packages.libregf-dev', 'sift.packages.libregf-python', 'sift.packages.libregf-tools', 'sift.packages.libssl-dev', 'sift.packages.libtext-csv-perl', 'sift.packages.libvmdk', 'sift.packages.libvshadow', 'sift.packages.libvshadow-dev', 'sift.packages.libvshadow-python', 'sift.packages.libvshadow-tools', 'sift.packages.libxml2-dev', 'sift.packages.libxslt-dev', 'sift.packages.md5deep', 'sift.packages.nbd-client', 'sift.packages.nbtscan', 'sift.packages.netcat', 'sift.packages.netpbm', 'sift.packages.netsed', 'sift.packages.netwox', 'sift.packages.nfdump', 'sift.packages.ngrep', 'sift.packages.nikto', 'sift.packages.okular', 'sift.packages.open-iscsi', 'sift.packages.openjdk', 'sift.packages.ophcrack', 'sift.packages.ophcrack-cli', 'sift.packages.outguess', 'sift.packages.p0f', 'sift.packages.p7zip-full', 'sift.packages.pdftk', 'sift.packages.pev', 'sift.packages.phonon', 'sift.packages.pkg-config', 'sift.packages.powershell', 'sift.packages.pv', 'sift.packages.pyew', 'sift.packages.pyew', 'sift.packages.python', 'sift.packages.python-dev', 'sift.packages.python-dfvfs', 'sift.packages.python-flowgrep', 'sift.packages.python-fuse', 'sift.packages.python-nids', 'sift.packages.python-ntdsxtract', 'sift.packages.python-pefile', 'sift.packages.python-pip', 'sift.packages.python-plaso', 'sift.packages.python-pytsk3', 'sift.packages.python-qt4', 'sift.packages.python-tk', 'sift.packages.python-virtualenv', 'sift.packages.python-volatility', 'sift.packages.python-yara', 'sift.packages.qemu', 'sift.packages.qemu-utils', 'sift.packages.radare2', 'sift.packages.rar', 'sift.packages.readpst', 'sift.packages.regripper', 'sift.packages.rsakeyfind', 'sift.packages.safecopy', 'sift.packages.samba', 'sift.packages.samdump2', 'sift.packages.scalpel', 'sift.packages.sleuthkit', 'sift.packages.socat', 'sift.packages.ssdeep', 'sift.packages.ssldump', 'sift.packages.sslsniff', 'sift.packages.stunnel4', 'sift.packages.system-config-samba', 'sift.packages.tcl', 'sift.packages.tcpflow', 'sift.packages.tcpick', 'sift.packages.tcpreplay', 'sift.packages.tcpslice', 'sift.packages.tcpstat', 'sift.packages.tcptrace', 'sift.packages.tcptrack', 'sift.packages.tcpxtract', 'sift.packages.testdisk', 'sift.packages.tofrodos', 'sift.packages.transmission', 'sift.packages.unity-control-center', 'sift.packages.unrar', 'sift.packages.upx-ucl', 'sift.packages.vbindiff', 'sift.packages.vim', 'sift.packages.virtuoso-minimal', 'sift.packages.vmfs-tools', 'sift.packages.winbind', 'sift.packages.wine', 'sift.packages.wireshark', 'sift.packages.xdot', 'sift.packages.xfsprogs', 'sift.packages.xmount', 'sift.packages.xpdf', 'sift.packages.zenity']), ('sift-packages', OrderedDict([('test.nop', [OrderedDict([('name', 'sift-packages')]), OrderedDict([('require', [OrderedDict([('sls', 'sift.packages.aeskeyfind')]), OrderedDict([('sls', 'sift.packages.afflib-tools')]), OrderedDict([('sls', 'sift.packages.afterglow')]), OrderedDict([('sls', 'sift.packages.aircrack-ng')]), OrderedDict([('sls', 'sift.packages.apache2')]), OrderedDict([('sls', 'sift.packages.arp-scan')]), OrderedDict([('sls', 'sift.packages.autopsy')]), OrderedDict([('sls', 'sift.packages.bcrypt')]), OrderedDict([('sls', 'sift.packages.bitpim')]), OrderedDict([('sls', 'sift.packages.bitpim-lib')]), OrderedDict([('sls', 'sift.packages.bkhive')]), OrderedDict([('sls', 'sift.packages.bless')]), OrderedDict([('sls', 'sift.packages.blt')]), OrderedDict([('sls', 'sift.packages.build-essential')]), OrderedDict([('sls', 'sift.packages.bulk-extractor')]), OrderedDict([('sls', 'sift.packages.cabextract')]), OrderedDict([('sls', 'sift.packages.ccrypt')]), OrderedDict([('sls', 'sift.packages.cifs-utils')]), OrderedDict([('sls', 'sift.packages.clamav')]), OrderedDict([('sls', 'sift.packages.cmospwd')]), OrderedDict([('sls', 'sift.packages.cryptcat')]), OrderedDict([('sls', 'sift.packages.cryptsetup')]), OrderedDict([('sls', 'sift.packages.curl')]), OrderedDict([('sls', 'sift.packages.dc3dd')]), OrderedDict([('sls', 'sift.packages.dcfldd')]), OrderedDict([('sls', 'sift.packages.dconf-tools')]), OrderedDict([('sls', 'sift.packages.docker-engine')]), OrderedDict([('sls', 'sift.packages.driftnet')]), OrderedDict([('sls', 'sift.packages.dsniff')]), OrderedDict([('sls', 'sift.packages.dumbpig')]), OrderedDict([('sls', 'sift.packages.e2fslibs-dev')]), OrderedDict([('sls', 'sift.packages.ent')]), OrderedDict([('sls', 'sift.packages.epic5')]), OrderedDict([('sls', 'sift.packages.etherape')]), OrderedDict([('sls', 'sift.packages.ettercap-graphical')]), OrderedDict([('sls', 'sift.packages.exfat-fuse')]), OrderedDict([('sls', 'sift.packages.exfat-utils')]), OrderedDict([('sls', 'sift.packages.exif')]), OrderedDict([('sls', 'sift.packages.extundelete')]), OrderedDict([('sls', 'sift.packages.fdupes')]), OrderedDict([('sls', 'sift.packages.feh')]), OrderedDict([('sls', 'sift.packages.flasm')]), OrderedDict([('sls', 'sift.packages.flex')]), OrderedDict([('sls', 'sift.packages.foremost')]), OrderedDict([('sls', 'sift.packages.g++')]), OrderedDict([('sls', 'sift.packages.gawk')]), OrderedDict([('sls', 'sift.packages.gcc')]), OrderedDict([('sls', 'sift.packages.gdb')]), OrderedDict([('sls', 'sift.packages.gddrescue')]), OrderedDict([('sls', 'sift.packages.ghex')]), OrderedDict([('sls', 'sift.packages.git')]), OrderedDict([('sls', 'sift.packages.graphviz')]), OrderedDict([('sls', 'sift.packages.gthumb')]), OrderedDict([('sls', 'sift.packages.gzrt')]), OrderedDict([('sls', 'sift.packages.hexedit')]), OrderedDict([('sls', 'sift.packages.htop')]), OrderedDict([('sls', 'sift.packages.hydra')]), OrderedDict([('sls', 'sift.packages.hydra-gtk')]), OrderedDict([('sls', 'sift.packages.ipython')]), OrderedDict([('sls', 'sift.packages.jq')]), OrderedDict([('sls', 'sift.packages.kdiff3')]), OrderedDict([('sls', 'sift.packages.knocker')]), OrderedDict([('sls', 'sift.packages.kpartx')]), OrderedDict([('sls', 'sift.packages.lft')]), OrderedDict([('sls', 'sift.packages.libafflib-dev')]), OrderedDict([('sls', 'sift.packages.libafflib')]), OrderedDict([('sls', 'sift.packages.libbde')]), OrderedDict([('sls', 'sift.packages.libbde-tools')]), OrderedDict([('sls', 'sift.packages.libesedb')]), OrderedDict([('sls', 'sift.packages.libesedb-tools')]), OrderedDict([('sls', 'sift.packages.libevt')]), OrderedDict([('sls', 'sift.packages.libevt-tools')]), OrderedDict([('sls', 'sift.packages.libevtx')]), OrderedDict([('sls', 'sift.packages.libevtx-tools')]), OrderedDict([('sls', 'sift.packages.libewf')]), OrderedDict([('sls', 'sift.packages.libewf-dev')]), OrderedDict([('sls', 'sift.packages.libewf-python')]), OrderedDict([('sls', 'sift.packages.libewf-tools')]), OrderedDict([('sls', 'sift.packages.libffi-dev')]), OrderedDict([('sls', 'sift.packages.libfuse-dev')]), OrderedDict([('sls', 'sift.packages.libfvde')]), OrderedDict([('sls', 'sift.packages.libfvde-tools')]), OrderedDict([('sls', 'sift.packages.liblightgrep')]), OrderedDict([('sls', 'sift.packages.libmsiecf')]), OrderedDict([('sls', 'sift.packages.libncurses')]), OrderedDict([('sls', 'sift.packages.libnet1')]), OrderedDict([('sls', 'sift.packages.libolecf')]), OrderedDict([('sls', 'sift.packages.libparse-win32registry-perl')]), OrderedDict([('sls', 'sift.packages.libpff')]), OrderedDict([('sls', 'sift.packages.libpff-dev')]), OrderedDict([('sls', 'sift.packages.libpff-python')]), OrderedDict([('sls', 'sift.packages.libpff-tools')]), OrderedDict([('sls', 'sift.packages.libregf')]), OrderedDict([('sls', 'sift.packages.libregf-dev')]), OrderedDict([('sls', 'sift.packages.libregf-python')]), OrderedDict([('sls', 'sift.packages.libregf-tools')]), OrderedDict([('sls', 'sift.packages.libssl-dev')]), OrderedDict([('sls', 'sift.packages.libtext-csv-perl')]), OrderedDict([('sls', 'sift.packages.libvmdk')]), OrderedDict([('sls', 'sift.packages.libvshadow')]), OrderedDict([('sls', 'sift.packages.libvshadow-dev')]), OrderedDict([('sls', 'sift.packages.libvshadow-python')]), OrderedDict([('sls', 'sift.packages.libvshadow-tools')]), OrderedDict([('sls', 'sift.packages.libxml2-dev')]), OrderedDict([('sls', 'sift.packages.libxslt-dev')]), OrderedDict([('sls', 'sift.packages.md5deep')]), OrderedDict([('sls', 'sift.packages.nbd-client')]), OrderedDict([('sls', 'sift.packages.nbtscan')]), OrderedDict([('sls', 'sift.packages.netcat')]), OrderedDict([('sls', 'sift.packages.netpbm')]), OrderedDict([('sls', 'sift.packages.netsed')]), OrderedDict([('sls', 'sift.packages.netwox')]), OrderedDict([('sls', 'sift.packages.nfdump')]), OrderedDict([('sls', 'sift.packages.ngrep')]), OrderedDict([('sls', 'sift.packages.nikto')]), OrderedDict([('sls', 'sift.packages.okular')]), OrderedDict([('sls', 'sift.packages.open-iscsi')]), OrderedDict([('sls', 'sift.packages.openjdk')]), OrderedDict([('sls', 'sift.packages.ophcrack')]), OrderedDict([('sls', 'sift.packages.ophcrack-cli')]), OrderedDict([('sls', 'sift.packages.outguess')]), OrderedDict([('sls', 'sift.packages.p0f')]), OrderedDict([('sls', 'sift.packages.p7zip-full')]), OrderedDict([('sls', 'sift.packages.pdftk')]), OrderedDict([('sls', 'sift.packages.pev')]), OrderedDict([('sls', 'sift.packages.phonon')]), OrderedDict([('sls', 'sift.packages.pkg-config')]), OrderedDict([('sls', 'sift.packages.powershell')]), OrderedDict([('sls', 'sift.packages.pv')]), OrderedDict([('sls', 'sift.packages.pyew')]), OrderedDict([('sls', 'sift.packages.pyew')]), OrderedDict([('sls', 'sift.packages.python')]), OrderedDict([('sls', 'sift.packages.python-dev')]), OrderedDict([('sls', 'sift.packages.python-dfvfs')]), OrderedDict([('sls', 'sift.packages.python-flowgrep')]), OrderedDict([('sls', 'sift.packages.python-fuse')]), OrderedDict([('sls', 'sift.packages.python-nids')]), OrderedDict([('sls', 'sift.packages.python-ntdsxtract')]), OrderedDict([('sls', 'sift.packages.python-pefile')]), OrderedDict([('sls', 'sift.packages.python-pip')]), OrderedDict([('sls', 'sift.packages.python-plaso')]), OrderedDict([('sls', 'sift.packages.python-pytsk3')]), OrderedDict([('sls', 'sift.packages.python-qt4')]), OrderedDict([('sls', 'sift.packages.python-tk')]), OrderedDict([('sls', 'sift.packages.python-virtualenv')]), OrderedDict([('sls', 'sift.packages.python-volatility')]), OrderedDict([('sls', 'sift.packages.python-yara')]), OrderedDict([('sls', 'sift.packages.qemu')]), OrderedDict([('sls', 'sift.packages.qemu-utils')]), OrderedDict([('sls', 'sift.packages.radare2')]), OrderedDict([('sls', 'sift.packages.rar')]), OrderedDict([('sls', 'sift.packages.readpst')]), OrderedDict([('sls', 'sift.packages.regripper')]), OrderedDict([('sls', 'sift.packages.rsakeyfind')]), OrderedDict([('sls', 'sift.packages.safecopy')]), OrderedDict([('sls', 'sift.packages.samba')]), OrderedDict([('sls', 'sift.packages.samdump2')]), OrderedDict([('sls', 'sift.packages.scalpel')]), OrderedDict([('sls', 'sift.packages.sleuthkit')]), OrderedDict([('sls', 'sift.packages.socat')]), OrderedDict([('sls', 'sift.packages.ssdeep')]), OrderedDict([('sls', 'sift.packages.ssldump')]), OrderedDict([('sls', 'sift.packages.sslsniff')]), OrderedDict([('sls', 'sift.packages.stunnel4')]), OrderedDict([('sls', 'sift.packages.system-config-samba')]), OrderedDict([('sls', 'sift.packages.tcl')]), OrderedDict([('sls', 'sift.packages.tcpflow')]), OrderedDict([('sls', 'sift.packages.tcpick')]), OrderedDict([('sls', 'sift.packages.tcpreplay')]), OrderedDict([('sls', 'sift.packages.tcpslice')]), OrderedDict([('sls', 'sift.packages.tcpstat')]), OrderedDict([('sls', 'sift.packages.tcptrace')]), OrderedDict([('sls', 'sift.packages.tcptrack')]), OrderedDict([('sls', 'sift.packages.tcpxtract')]), OrderedDict([('sls', 'sift.packages.testdisk')]), OrderedDict([('sls', 'sift.packages.tofrodos')]), OrderedDict([('sls', 'sift.packages.transmission')]), OrderedDict([('sls', 'sift.packages.unity-control-center')]), OrderedDict([('sls', 'sift.packages.unrar')]), OrderedDict([('sls', 'sift.packages.upx-ucl')]), OrderedDict([('sls', 'sift.packages.vbindiff')]), OrderedDict([('sls', 'sift.packages.vim')]), OrderedDict([('sls', 'sift.packages.virtuoso-minimal')]), OrderedDict([('sls', 'sift.packages.vmfs-tools')]), OrderedDict([('sls', 'sift.packages.winbind')]), OrderedDict([('sls', 'sift.packages.wine')]), OrderedDict([('sls', 'sift.packages.wireshark')]), OrderedDict([('sls', 'sift.packages.xdot')]), OrderedDict([('sls', 'sift.packages.xfsprogs')]), OrderedDict([('sls', 'sift.packages.xmount')]), OrderedDict([('sls', 'sift.packages.xpdf')]), OrderedDict([('sls', 'sift.packages.zenity')])])])])]))]) [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/init.sls' using 'yaml' renderer: 0.0866198539734 [DEBUG ] Could not find file 'salt://sift/packages/absent.sls' in saltenv 'base' [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/absent/init.sls' to resolve 'salt://sift/packages/absent/init.sls' [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/absent/init.sls' to resolve 'salt://sift/packages/absent/init.sls' [DEBUG ] Fetching file from saltenv 'base', ** attempting ** 'salt://sift/packages/absent/init.sls' [DEBUG ] No dest file found [INFO ] Fetching file from saltenv 'base', ** done ** 'sift/packages/absent/init.sls' [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/absent/init.sls [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/absent/init.sls' using 'jinja' renderer: 0.000741958618164 [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/absent/init.sls: include: - .binplist - .unity-webapps-common [DEBUG ] Results of YAML rendering: OrderedDict([('include', ['.binplist', '.unity-webapps-common'])]) [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/absent/init.sls' using 'yaml' renderer: 0.000699996948242 [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/absent/binplist.sls' to resolve 'salt://sift/packages/absent/binplist.sls' [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/absent/binplist.sls' to resolve 'salt://sift/packages/absent/binplist.sls' [DEBUG ] Fetching file from saltenv 'base', ** attempting ** 'salt://sift/packages/absent/binplist.sls' [DEBUG ] No dest file found [INFO ] Fetching file from saltenv 'base', ** done ** 'sift/packages/absent/binplist.sls' [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/absent/binplist.sls [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/absent/binplist.sls' using 'jinja' renderer: 0.000586032867432 [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/absent/binplist.sls: binplist: pkg.removed [DEBUG ] Results of YAML rendering: OrderedDict([('binplist', 'pkg.removed')]) [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/absent/binplist.sls' using 'yaml' renderer: 0.000534772872925 [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/absent/unity-webapps-common.sls' to resolve 'salt://sift/packages/absent/unity-webapps-common.sls' [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/absent/unity-webapps-common.sls' to resolve 'salt://sift/packages/absent/unity-webapps-common.sls' [DEBUG ] Fetching file from saltenv 'base', ** attempting ** 'salt://sift/packages/absent/unity-webapps-common.sls' [DEBUG ] No dest file found [INFO ] Fetching file from saltenv 'base', ** done ** 'sift/packages/absent/unity-webapps-common.sls' [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/absent/unity-webapps-common.sls [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/absent/unity-webapps-common.sls' using 'jinja' renderer: 0.000653982162476 [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/absent/unity-webapps-common.sls: unity-webapps-common: pkg.removed [DEBUG ] Results of YAML rendering: OrderedDict([('unity-webapps-common', 'pkg.removed')]) [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/absent/unity-webapps-common.sls' using 'yaml' renderer: 0.00055193901062 [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/aeskeyfind.sls' to resolve 'salt://sift/packages/aeskeyfind.sls' [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/aeskeyfind.sls' to resolve 'salt://sift/packages/aeskeyfind.sls' [DEBUG ] Fetching file from saltenv 'base', ** attempting ** 'salt://sift/packages/aeskeyfind.sls' [DEBUG ] No dest file found [INFO ] Fetching file from saltenv 'base', ** done ** 'sift/packages/aeskeyfind.sls' [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/aeskeyfind.sls [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/aeskeyfind.sls' using 'jinja' renderer: 0.000730991363525 [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/aeskeyfind.sls: aeskeyfind: pkg.installed [DEBUG ] Results of YAML rendering: OrderedDict([('aeskeyfind', 'pkg.installed')]) [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/aeskeyfind.sls' using 'yaml' renderer: 0.000550985336304 [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/afflib-tools.sls' to resolve 'salt://sift/packages/afflib-tools.sls' [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/afflib-tools.sls' to resolve 'salt://sift/packages/afflib-tools.sls' [DEBUG ] Fetching file from saltenv 'base', ** attempting ** 'salt://sift/packages/afflib-tools.sls' [DEBUG ] No dest file found [INFO ] Fetching file from saltenv 'base', ** done ** 'sift/packages/afflib-tools.sls' [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/afflib-tools.sls [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/afflib-tools.sls' using 'jinja' renderer: 0.000662088394165 [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/afflib-tools.sls: afflib-tools: pkg.installed [DEBUG ] Results of YAML rendering: OrderedDict([('afflib-tools', 'pkg.installed')]) [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/afflib-tools.sls' using 'yaml' renderer: 0.000541925430298 [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/afterglow.sls' to resolve 'salt://sift/packages/afterglow.sls' [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/afterglow.sls' to resolve 'salt://sift/packages/afterglow.sls' [DEBUG ] Fetching file from saltenv 'base', ** attempting ** 'salt://sift/packages/afterglow.sls' [DEBUG ] No dest file found [INFO ] Fetching file from saltenv 'base', ** done ** 'sift/packages/afterglow.sls' [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/afterglow.sls [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/afterglow.sls' using 'jinja' renderer: 0.00066089630127 [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/afterglow.sls: include: - sift.repos.sift afterglow: pkg.installed: - required: - pkgrepo: sift-repo [DEBUG ] Results of YAML rendering: OrderedDict([('include', ['sift.repos.sift']), ('afterglow', OrderedDict([('pkg.installed', [OrderedDict([('required', [OrderedDict([('pkgrepo', 'sift-repo')])])])])]))]) [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/afterglow.sls' using 'yaml' renderer: 0.00136590003967 [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/aircrack-ng.sls' to resolve 'salt://sift/packages/aircrack-ng.sls' [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/aircrack-ng.sls' to resolve 'salt://sift/packages/aircrack-ng.sls' [DEBUG ] Fetching file from saltenv 'base', ** attempting ** 'salt://sift/packages/aircrack-ng.sls' [DEBUG ] No dest file found [INFO ] Fetching file from saltenv 'base', ** done ** 'sift/packages/aircrack-ng.sls' [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/aircrack-ng.sls [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/aircrack-ng.sls' using 'jinja' renderer: 0.000736951828003 [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/aircrack-ng.sls: aircrack-ng: pkg.installed [DEBUG ] Results of YAML rendering: OrderedDict([('aircrack-ng', 'pkg.installed')]) [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/aircrack-ng.sls' using 'yaml' renderer: 0.0010039806366 [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/apache2.sls' to resolve 'salt://sift/packages/apache2.sls' [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/apache2.sls' to resolve 'salt://sift/packages/apache2.sls' [DEBUG ] Fetching file from saltenv 'base', ** attempting ** 'salt://sift/packages/apache2.sls' [DEBUG ] No dest file found [INFO ] Fetching file from saltenv 'base', ** done ** 'sift/packages/apache2.sls' [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/apache2.sls [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/apache2.sls' using 'jinja' renderer: 0.000810146331787 [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/apache2.sls: apache2: pkg.installed [DEBUG ] Results of YAML rendering: OrderedDict([('apache2', 'pkg.installed')]) [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/apache2.sls' using 'yaml' renderer: 0.000566959381104 [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/arp-scan.sls' to resolve 'salt://sift/packages/arp-scan.sls' [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/arp-scan.sls' to resolve 'salt://sift/packages/arp-scan.sls' [DEBUG ] Fetching file from saltenv 'base', ** attempting ** 'salt://sift/packages/arp-scan.sls' [DEBUG ] No dest file found [INFO ] Fetching file from saltenv 'base', ** done ** 'sift/packages/arp-scan.sls' [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/arp-scan.sls [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/arp-scan.sls' using 'jinja' renderer: 0.000672101974487 [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/arp-scan.sls: arp-scan: pkg.installed [DEBUG ] Results of YAML rendering: OrderedDict([('arp-scan', 'pkg.installed')]) [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/arp-scan.sls' using 'yaml' renderer: 0.000514984130859 [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/autopsy.sls' to resolve 'salt://sift/packages/autopsy.sls' [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/autopsy.sls' to resolve 'salt://sift/packages/autopsy.sls' [DEBUG ] Fetching file from saltenv 'base', ** attempting ** 'salt://sift/packages/autopsy.sls' [DEBUG ] No dest file found [INFO ] Fetching file from saltenv 'base', ** done ** 'sift/packages/autopsy.sls' [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/autopsy.sls [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/autopsy.sls' using 'jinja' renderer: 0.000622987747192 [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/autopsy.sls: autopsy: pkg.installed [DEBUG ] Results of YAML rendering: OrderedDict([('autopsy', 'pkg.installed')]) [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/autopsy.sls' using 'yaml' renderer: 0.000555992126465 [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/bcrypt.sls' to resolve 'salt://sift/packages/bcrypt.sls' [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/bcrypt.sls' to resolve 'salt://sift/packages/bcrypt.sls' [DEBUG ] Fetching file from saltenv 'base', ** attempting ** 'salt://sift/packages/bcrypt.sls' [DEBUG ] No dest file found [INFO ] Fetching file from saltenv 'base', ** done ** 'sift/packages/bcrypt.sls' [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/bcrypt.sls [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/bcrypt.sls' using 'jinja' renderer: 0.000638008117676 [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/bcrypt.sls: bcrypt: pkg.installed [DEBUG ] Results of YAML rendering: OrderedDict([('bcrypt', 'pkg.installed')]) [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/bcrypt.sls' using 'yaml' renderer: 0.000472068786621 [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/bitpim.sls' to resolve 'salt://sift/packages/bitpim.sls' [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/bitpim.sls' to resolve 'salt://sift/packages/bitpim.sls' [DEBUG ] Fetching file from saltenv 'base', ** attempting ** 'salt://sift/packages/bitpim.sls' [DEBUG ] No dest file found [INFO ] Fetching file from saltenv 'base', ** done ** 'sift/packages/bitpim.sls' [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/bitpim.sls [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/bitpim.sls' using 'jinja' renderer: 0.000653982162476 [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/bitpim.sls: bitpim: pkg.installed [DEBUG ] Results of YAML rendering: OrderedDict([('bitpim', 'pkg.installed')]) [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/bitpim.sls' using 'yaml' renderer: 0.00107002258301 [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/bitpim-lib.sls' to resolve 'salt://sift/packages/bitpim-lib.sls' [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/bitpim-lib.sls' to resolve 'salt://sift/packages/bitpim-lib.sls' [DEBUG ] Fetching file from saltenv 'base', ** attempting ** 'salt://sift/packages/bitpim-lib.sls' [DEBUG ] No dest file found [INFO ] Fetching file from saltenv 'base', ** done ** 'sift/packages/bitpim-lib.sls' [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/bitpim-lib.sls [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/bitpim-lib.sls' using 'jinja' renderer: 0.000728845596313 [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/bitpim-lib.sls: bitpim-lib: pkg.installed [DEBUG ] Results of YAML rendering: OrderedDict([('bitpim-lib', 'pkg.installed')]) [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/bitpim-lib.sls' using 'yaml' renderer: 0.000519990921021 [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/bkhive.sls' to resolve 'salt://sift/packages/bkhive.sls' [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/bkhive.sls' to resolve 'salt://sift/packages/bkhive.sls' [DEBUG ] Fetching file from saltenv 'base', ** attempting ** 'salt://sift/packages/bkhive.sls' [DEBUG ] No dest file found [INFO ] Fetching file from saltenv 'base', ** done ** 'sift/packages/bkhive.sls' [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/bkhive.sls [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/bkhive.sls' using 'jinja' renderer: 0.000623941421509 [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/bkhive.sls: bkhive: pkg.installed [DEBUG ] Results of YAML rendering: OrderedDict([('bkhive', 'pkg.installed')]) [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/bkhive.sls' using 'yaml' renderer: 0.000531911849976 [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/bless.sls' to resolve 'salt://sift/packages/bless.sls' [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/bless.sls' to resolve 'salt://sift/packages/bless.sls' [DEBUG ] Fetching file from saltenv 'base', ** attempting ** 'salt://sift/packages/bless.sls' [DEBUG ] No dest file found [INFO ] Fetching file from saltenv 'base', ** done ** 'sift/packages/bless.sls' [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/bless.sls [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/bless.sls' using 'jinja' renderer: 0.000614881515503 [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/bless.sls: bless: pkg.installed [DEBUG ] Results of YAML rendering: OrderedDict([('bless', 'pkg.installed')]) [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/bless.sls' using 'yaml' renderer: 0.000480175018311 [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/blt.sls' to resolve 'salt://sift/packages/blt.sls' [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/blt.sls' to resolve 'salt://sift/packages/blt.sls' [DEBUG ] Fetching file from saltenv 'base', ** attempting ** 'salt://sift/packages/blt.sls' [DEBUG ] No dest file found [INFO ] Fetching file from saltenv 'base', ** done ** 'sift/packages/blt.sls' [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/blt.sls [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/blt.sls' using 'jinja' renderer: 0.000695943832397 [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/blt.sls: blt: pkg.installed [DEBUG ] Results of YAML rendering: OrderedDict([('blt', 'pkg.installed')]) [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/blt.sls' using 'yaml' renderer: 0.000494956970215 [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/build-essential.sls' to resolve 'salt://sift/packages/build-essential.sls' [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/build-essential.sls' to resolve 'salt://sift/packages/build-essential.sls' [DEBUG ] Fetching file from saltenv 'base', ** attempting ** 'salt://sift/packages/build-essential.sls' [DEBUG ] No dest file found [INFO ] Fetching file from saltenv 'base', ** done ** 'sift/packages/build-essential.sls' [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/build-essential.sls [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/build-essential.sls' using 'jinja' renderer: 0.000716924667358 [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/build-essential.sls: build-essential: pkg.installed [DEBUG ] Results of YAML rendering: OrderedDict([('build-essential', 'pkg.installed')]) [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/build-essential.sls' using 'yaml' renderer: 0.000602006912231 [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/bulk-extractor.sls' to resolve 'salt://sift/packages/bulk-extractor.sls' [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/bulk-extractor.sls' to resolve 'salt://sift/packages/bulk-extractor.sls' [DEBUG ] Fetching file from saltenv 'base', ** attempting ** 'salt://sift/packages/bulk-extractor.sls' [DEBUG ] No dest file found [INFO ] Fetching file from saltenv 'base', ** done ** 'sift/packages/bulk-extractor.sls' [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/bulk-extractor.sls [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/bulk-extractor.sls' using 'jinja' renderer: 0.000794887542725 [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/bulk-extractor.sls: include: - ..repos.sift - ..repos.openjdk bulk-extractor: pkg.installed: - require: - pkgrepo: sift-repo - pkgrepo: openjdk-repo [DEBUG ] Results of YAML rendering: OrderedDict([('include', ['..repos.sift', '..repos.openjdk']), ('bulk-extractor', OrderedDict([('pkg.installed', [OrderedDict([('require', [OrderedDict([('pkgrepo', 'sift-repo')]), OrderedDict([('pkgrepo', 'openjdk-repo')])])])])]))]) [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/bulk-extractor.sls' using 'yaml' renderer: 0.00166296958923 [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/cabextract.sls' to resolve 'salt://sift/packages/cabextract.sls' [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/cabextract.sls' to resolve 'salt://sift/packages/cabextract.sls' [DEBUG ] Fetching file from saltenv 'base', ** attempting ** 'salt://sift/packages/cabextract.sls' [DEBUG ] No dest file found [INFO ] Fetching file from saltenv 'base', ** done ** 'sift/packages/cabextract.sls' [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/cabextract.sls [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/cabextract.sls' using 'jinja' renderer: 0.000629901885986 [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/cabextract.sls: cabextract: pkg.installed [DEBUG ] Results of YAML rendering: OrderedDict([('cabextract', 'pkg.installed')]) [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/cabextract.sls' using 'yaml' renderer: 0.000487089157104 [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/ccrypt.sls' to resolve 'salt://sift/packages/ccrypt.sls' [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/ccrypt.sls' to resolve 'salt://sift/packages/ccrypt.sls' [DEBUG ] Fetching file from saltenv 'base', ** attempting ** 'salt://sift/packages/ccrypt.sls' [DEBUG ] No dest file found [INFO ] Fetching file from saltenv 'base', ** done ** 'sift/packages/ccrypt.sls' [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/ccrypt.sls [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/ccrypt.sls' using 'jinja' renderer: 0.000673055648804 [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/ccrypt.sls: ccrypt: pkg.installed [DEBUG ] Results of YAML rendering: OrderedDict([('ccrypt', 'pkg.installed')]) [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/ccrypt.sls' using 'yaml' renderer: 0.000483989715576 [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/cifs-utils.sls' to resolve 'salt://sift/packages/cifs-utils.sls' [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/cifs-utils.sls' to resolve 'salt://sift/packages/cifs-utils.sls' [DEBUG ] Fetching file from saltenv 'base', ** attempting ** 'salt://sift/packages/cifs-utils.sls' [DEBUG ] No dest file found [INFO ] Fetching file from saltenv 'base', ** done ** 'sift/packages/cifs-utils.sls' [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/cifs-utils.sls [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/cifs-utils.sls' using 'jinja' renderer: 0.000664949417114 [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/cifs-utils.sls: cifs-utils: pkg.installed [DEBUG ] Results of YAML rendering: OrderedDict([('cifs-utils', 'pkg.installed')]) [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/cifs-utils.sls' using 'yaml' renderer: 0.000495910644531 [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/clamav.sls' to resolve 'salt://sift/packages/clamav.sls' [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/clamav.sls' to resolve 'salt://sift/packages/clamav.sls' [DEBUG ] Fetching file from saltenv 'base', ** attempting ** 'salt://sift/packages/clamav.sls' [DEBUG ] No dest file found [INFO ] Fetching file from saltenv 'base', ** done ** 'sift/packages/clamav.sls' [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/clamav.sls [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/clamav.sls' using 'jinja' renderer: 0.000669956207275 [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/clamav.sls: clamav: pkg.installed [DEBUG ] Results of YAML rendering: OrderedDict([('clamav', 'pkg.installed')]) [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/clamav.sls' using 'yaml' renderer: 0.000503778457642 [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/cmospwd.sls' to resolve 'salt://sift/packages/cmospwd.sls' [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/cmospwd.sls' to resolve 'salt://sift/packages/cmospwd.sls' [DEBUG ] Fetching file from saltenv 'base', ** attempting ** 'salt://sift/packages/cmospwd.sls' [DEBUG ] No dest file found [INFO ] Fetching file from saltenv 'base', ** done ** 'sift/packages/cmospwd.sls' [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/cmospwd.sls [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/cmospwd.sls' using 'jinja' renderer: 0.000610828399658 [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/cmospwd.sls: cmospwd: pkg.installed [DEBUG ] Results of YAML rendering: OrderedDict([('cmospwd', 'pkg.installed')]) [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/cmospwd.sls' using 'yaml' renderer: 0.000519037246704 [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/cryptcat.sls' to resolve 'salt://sift/packages/cryptcat.sls' [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/cryptcat.sls' to resolve 'salt://sift/packages/cryptcat.sls' [DEBUG ] Fetching file from saltenv 'base', ** attempting ** 'salt://sift/packages/cryptcat.sls' [DEBUG ] No dest file found [INFO ] Fetching file from saltenv 'base', ** done ** 'sift/packages/cryptcat.sls' [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/cryptcat.sls [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/cryptcat.sls' using 'jinja' renderer: 0.000594854354858 [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/cryptcat.sls: cryptcat: pkg.installed [DEBUG ] Results of YAML rendering: OrderedDict([('cryptcat', 'pkg.installed')]) [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/cryptcat.sls' using 'yaml' renderer: 0.000463008880615 [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/cryptsetup.sls' to resolve 'salt://sift/packages/cryptsetup.sls' [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/cryptsetup.sls' to resolve 'salt://sift/packages/cryptsetup.sls' [DEBUG ] Fetching file from saltenv 'base', ** attempting ** 'salt://sift/packages/cryptsetup.sls' [DEBUG ] No dest file found [INFO ] Fetching file from saltenv 'base', ** done ** 'sift/packages/cryptsetup.sls' [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/cryptsetup.sls [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/cryptsetup.sls' using 'jinja' renderer: 0.000606060028076 [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/cryptsetup.sls: cryptsetup: pkg.installed [DEBUG ] Results of YAML rendering: OrderedDict([('cryptsetup', 'pkg.installed')]) [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/cryptsetup.sls' using 'yaml' renderer: 0.000494003295898 [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/curl.sls' to resolve 'salt://sift/packages/curl.sls' [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/curl.sls' to resolve 'salt://sift/packages/curl.sls' [DEBUG ] Fetching file from saltenv 'base', ** attempting ** 'salt://sift/packages/curl.sls' [DEBUG ] No dest file found [INFO ] Fetching file from saltenv 'base', ** done ** 'sift/packages/curl.sls' [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/curl.sls [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/curl.sls' using 'jinja' renderer: 0.000610828399658 [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/curl.sls: curl: pkg.installed [DEBUG ] Results of YAML rendering: OrderedDict([('curl', 'pkg.installed')]) [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/curl.sls' using 'yaml' renderer: 0.000533819198608 [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/dc3dd.sls' to resolve 'salt://sift/packages/dc3dd.sls' [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/dc3dd.sls' to resolve 'salt://sift/packages/dc3dd.sls' [DEBUG ] Fetching file from saltenv 'base', ** attempting ** 'salt://sift/packages/dc3dd.sls' [DEBUG ] No dest file found [INFO ] Fetching file from saltenv 'base', ** done ** 'sift/packages/dc3dd.sls' [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/dc3dd.sls [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/dc3dd.sls' using 'jinja' renderer: 0.000609874725342 [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/dc3dd.sls: dc3dd: pkg.installed [DEBUG ] Results of YAML rendering: OrderedDict([('dc3dd', 'pkg.installed')]) [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/dc3dd.sls' using 'yaml' renderer: 0.000473022460938 [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/dcfldd.sls' to resolve 'salt://sift/packages/dcfldd.sls' [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/dcfldd.sls' to resolve 'salt://sift/packages/dcfldd.sls' [DEBUG ] Fetching file from saltenv 'base', ** attempting ** 'salt://sift/packages/dcfldd.sls' [DEBUG ] No dest file found [INFO ] Fetching file from saltenv 'base', ** done ** 'sift/packages/dcfldd.sls' [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/dcfldd.sls [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/dcfldd.sls' using 'jinja' renderer: 0.00092601776123 [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/dcfldd.sls: dcfldd: pkg.installed [DEBUG ] Results of YAML rendering: OrderedDict([('dcfldd', 'pkg.installed')]) [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/dcfldd.sls' using 'yaml' renderer: 0.000478029251099 [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/dconf-tools.sls' to resolve 'salt://sift/packages/dconf-tools.sls' [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/dconf-tools.sls' to resolve 'salt://sift/packages/dconf-tools.sls' [DEBUG ] Fetching file from saltenv 'base', ** attempting ** 'salt://sift/packages/dconf-tools.sls' [DEBUG ] No dest file found [INFO ] Fetching file from saltenv 'base', ** done ** 'sift/packages/dconf-tools.sls' [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/dconf-tools.sls [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/dconf-tools.sls' using 'jinja' renderer: 0.00061297416687 [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/dconf-tools.sls: dconf-tools: pkg.installed [DEBUG ] Results of YAML rendering: OrderedDict([('dconf-tools', 'pkg.installed')]) [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/dconf-tools.sls' using 'yaml' renderer: 0.000466108322144 [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/docker-engine.sls' to resolve 'salt://sift/packages/docker-engine.sls' [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/docker-engine.sls' to resolve 'salt://sift/packages/docker-engine.sls' [DEBUG ] Fetching file from saltenv 'base', ** attempting ** 'salt://sift/packages/docker-engine.sls' [DEBUG ] No dest file found [INFO ] Fetching file from saltenv 'base', ** done ** 'sift/packages/docker-engine.sls' [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/docker-engine.sls [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/docker-engine.sls' using 'jinja' renderer: 0.000638961791992 [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/docker-engine.sls: include: - ..repos.docker docker-engine: pkg.installed: - require: - pkgrepo: sift-docker-repo [DEBUG ] Results of YAML rendering: OrderedDict([('include', ['..repos.docker']), ('docker-engine', OrderedDict([('pkg.installed', [OrderedDict([('require', [OrderedDict([('pkgrepo', 'sift-docker-repo')])])])])]))]) [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/docker-engine.sls' using 'yaml' renderer: 0.00135111808777 [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/driftnet.sls' to resolve 'salt://sift/packages/driftnet.sls' [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/driftnet.sls' to resolve 'salt://sift/packages/driftnet.sls' [DEBUG ] Fetching file from saltenv 'base', ** attempting ** 'salt://sift/packages/driftnet.sls' [DEBUG ] No dest file found [INFO ] Fetching file from saltenv 'base', ** done ** 'sift/packages/driftnet.sls' [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/driftnet.sls [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/driftnet.sls' using 'jinja' renderer: 0.000782012939453 [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/driftnet.sls: driftnet: pkg.installed [DEBUG ] Results of YAML rendering: OrderedDict([('driftnet', 'pkg.installed')]) [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/driftnet.sls' using 'yaml' renderer: 0.000569105148315 [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/dsniff.sls' to resolve 'salt://sift/packages/dsniff.sls' [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/dsniff.sls' to resolve 'salt://sift/packages/dsniff.sls' [DEBUG ] Fetching file from saltenv 'base', ** attempting ** 'salt://sift/packages/dsniff.sls' [DEBUG ] No dest file found [INFO ] Fetching file from saltenv 'base', ** done ** 'sift/packages/dsniff.sls' [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/dsniff.sls [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/dsniff.sls' using 'jinja' renderer: 0.000655889511108 [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/dsniff.sls: dsniff: pkg.installed [DEBUG ] Results of YAML rendering: OrderedDict([('dsniff', 'pkg.installed')]) [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/dsniff.sls' using 'yaml' renderer: 0.000480175018311 [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/dumbpig.sls' to resolve 'salt://sift/packages/dumbpig.sls' [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/dumbpig.sls' to resolve 'salt://sift/packages/dumbpig.sls' [DEBUG ] Fetching file from saltenv 'base', ** attempting ** 'salt://sift/packages/dumbpig.sls' [DEBUG ] No dest file found [INFO ] Fetching file from saltenv 'base', ** done ** 'sift/packages/dumbpig.sls' [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/dumbpig.sls [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/dumbpig.sls' using 'jinja' renderer: 0.000604867935181 [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/dumbpig.sls: dumbpig: pkg.installed [DEBUG ] Results of YAML rendering: OrderedDict([('dumbpig', 'pkg.installed')]) [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/dumbpig.sls' using 'yaml' renderer: 0.000470876693726 [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/e2fslibs-dev.sls' to resolve 'salt://sift/packages/e2fslibs-dev.sls' [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/e2fslibs-dev.sls' to resolve 'salt://sift/packages/e2fslibs-dev.sls' [DEBUG ] Fetching file from saltenv 'base', ** attempting ** 'salt://sift/packages/e2fslibs-dev.sls' [DEBUG ] No dest file found [INFO ] Fetching file from saltenv 'base', ** done ** 'sift/packages/e2fslibs-dev.sls' [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/e2fslibs-dev.sls [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/e2fslibs-dev.sls' using 'jinja' renderer: 0.000716924667358 [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/e2fslibs-dev.sls: e2fslibs-dev: pkg.installed [DEBUG ] Results of YAML rendering: OrderedDict([('e2fslibs-dev', 'pkg.installed')]) [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/e2fslibs-dev.sls' using 'yaml' renderer: 0.00061297416687 [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/ent.sls' to resolve 'salt://sift/packages/ent.sls' [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/ent.sls' to resolve 'salt://sift/packages/ent.sls' [DEBUG ] Fetching file from saltenv 'base', ** attempting ** 'salt://sift/packages/ent.sls' [DEBUG ] No dest file found [INFO ] Fetching file from saltenv 'base', ** done ** 'sift/packages/ent.sls' [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/ent.sls [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/ent.sls' using 'jinja' renderer: 0.000639915466309 [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/ent.sls: ent: pkg.installed [DEBUG ] Results of YAML rendering: OrderedDict([('ent', 'pkg.installed')]) [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/ent.sls' using 'yaml' renderer: 0.000503063201904 [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/epic5.sls' to resolve 'salt://sift/packages/epic5.sls' [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/epic5.sls' to resolve 'salt://sift/packages/epic5.sls' [DEBUG ] Fetching file from saltenv 'base', ** attempting ** 'salt://sift/packages/epic5.sls' [DEBUG ] No dest file found [INFO ] Fetching file from saltenv 'base', ** done ** 'sift/packages/epic5.sls' [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/epic5.sls [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/epic5.sls' using 'jinja' renderer: 0.000612020492554 [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/epic5.sls: epic5: pkg.installed [DEBUG ] Results of YAML rendering: OrderedDict([('epic5', 'pkg.installed')]) [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/epic5.sls' using 'yaml' renderer: 0.00150799751282 [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/etherape.sls' to resolve 'salt://sift/packages/etherape.sls' [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/etherape.sls' to resolve 'salt://sift/packages/etherape.sls' [DEBUG ] Fetching file from saltenv 'base', ** attempting ** 'salt://sift/packages/etherape.sls' [DEBUG ] No dest file found [INFO ] Fetching file from saltenv 'base', ** done ** 'sift/packages/etherape.sls' [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/etherape.sls [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/etherape.sls' using 'jinja' renderer: 0.00216794013977 [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/etherape.sls: etherape: pkg.installed [DEBUG ] Results of YAML rendering: OrderedDict([('etherape', 'pkg.installed')]) [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/etherape.sls' using 'yaml' renderer: 0.00198006629944 [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/ettercap-graphical.sls' to resolve 'salt://sift/packages/ettercap-graphical.sls' [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/ettercap-graphical.sls' to resolve 'salt://sift/packages/ettercap-graphical.sls' [DEBUG ] Fetching file from saltenv 'base', ** attempting ** 'salt://sift/packages/ettercap-graphical.sls' [DEBUG ] No dest file found [INFO ] Fetching file from saltenv 'base', ** done ** 'sift/packages/ettercap-graphical.sls' [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/ettercap-graphical.sls [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/ettercap-graphical.sls' using 'jinja' renderer: 0.00209999084473 [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/ettercap-graphical.sls: ettercap-graphical: pkg.installed [DEBUG ] Results of YAML rendering: OrderedDict([('ettercap-graphical', 'pkg.installed')]) [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/ettercap-graphical.sls' using 'yaml' renderer: 0.00155401229858 [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/exfat-fuse.sls' to resolve 'salt://sift/packages/exfat-fuse.sls' [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/exfat-fuse.sls' to resolve 'salt://sift/packages/exfat-fuse.sls' [DEBUG ] Fetching file from saltenv 'base', ** attempting ** 'salt://sift/packages/exfat-fuse.sls' [DEBUG ] No dest file found [INFO ] Fetching file from saltenv 'base', ** done ** 'sift/packages/exfat-fuse.sls' [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/exfat-fuse.sls [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/exfat-fuse.sls' using 'jinja' renderer: 0.00123000144958 [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/exfat-fuse.sls: exfat-fuse: pkg.installed [DEBUG ] Results of YAML rendering: OrderedDict([('exfat-fuse', 'pkg.installed')]) [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/exfat-fuse.sls' using 'yaml' renderer: 0.000952005386353 [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/exfat-utils.sls' to resolve 'salt://sift/packages/exfat-utils.sls' [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/exfat-utils.sls' to resolve 'salt://sift/packages/exfat-utils.sls' [DEBUG ] Fetching file from saltenv 'base', ** attempting ** 'salt://sift/packages/exfat-utils.sls' [DEBUG ] No dest file found [INFO ] Fetching file from saltenv 'base', ** done ** 'sift/packages/exfat-utils.sls' [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/exfat-utils.sls [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/exfat-utils.sls' using 'jinja' renderer: 0.00119590759277 [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/exfat-utils.sls: exfat-utils: pkg.installed [DEBUG ] Results of YAML rendering: OrderedDict([('exfat-utils', 'pkg.installed')]) [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/exfat-utils.sls' using 'yaml' renderer: 0.00089693069458 [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/exif.sls' to resolve 'salt://sift/packages/exif.sls' [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/exif.sls' to resolve 'salt://sift/packages/exif.sls' [DEBUG ] Fetching file from saltenv 'base', ** attempting ** 'salt://sift/packages/exif.sls' [DEBUG ] No dest file found [INFO ] Fetching file from saltenv 'base', ** done ** 'sift/packages/exif.sls' [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/exif.sls [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/exif.sls' using 'jinja' renderer: 0.00135612487793 [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/exif.sls: exif: pkg.installed [DEBUG ] Results of YAML rendering: OrderedDict([('exif', 'pkg.installed')]) [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/exif.sls' using 'yaml' renderer: 0.00107192993164 [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/extundelete.sls' to resolve 'salt://sift/packages/extundelete.sls' [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/extundelete.sls' to resolve 'salt://sift/packages/extundelete.sls' [DEBUG ] Fetching file from saltenv 'base', ** attempting ** 'salt://sift/packages/extundelete.sls' [DEBUG ] No dest file found [INFO ] Fetching file from saltenv 'base', ** done ** 'sift/packages/extundelete.sls' [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/extundelete.sls [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/extundelete.sls' using 'jinja' renderer: 0.00118088722229 [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/extundelete.sls: extundelete: pkg.installed [DEBUG ] Results of YAML rendering: OrderedDict([('extundelete', 'pkg.installed')]) [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/extundelete.sls' using 'yaml' renderer: 0.000930070877075 [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/fdupes.sls' to resolve 'salt://sift/packages/fdupes.sls' [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/fdupes.sls' to resolve 'salt://sift/packages/fdupes.sls' [DEBUG ] Fetching file from saltenv 'base', ** attempting ** 'salt://sift/packages/fdupes.sls' [DEBUG ] No dest file found [INFO ] Fetching file from saltenv 'base', ** done ** 'sift/packages/fdupes.sls' [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/fdupes.sls [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/fdupes.sls' using 'jinja' renderer: 0.00116419792175 [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/fdupes.sls: fdupes: pkg.installed [DEBUG ] Results of YAML rendering: OrderedDict([('fdupes', 'pkg.installed')]) [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/fdupes.sls' using 'yaml' renderer: 0.000906944274902 [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/feh.sls' to resolve 'salt://sift/packages/feh.sls' [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/feh.sls' to resolve 'salt://sift/packages/feh.sls' [DEBUG ] Fetching file from saltenv 'base', ** attempting ** 'salt://sift/packages/feh.sls' [DEBUG ] No dest file found [INFO ] Fetching file from saltenv 'base', ** done ** 'sift/packages/feh.sls' [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/feh.sls [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/feh.sls' using 'jinja' renderer: 0.000705003738403 [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/feh.sls: feh: pkg.installed [DEBUG ] Results of YAML rendering: OrderedDict([('feh', 'pkg.installed')]) [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/feh.sls' using 'yaml' renderer: 0.000956058502197 [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/flasm.sls' to resolve 'salt://sift/packages/flasm.sls' [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/flasm.sls' to resolve 'salt://sift/packages/flasm.sls' [DEBUG ] Fetching file from saltenv 'base', ** attempting ** 'salt://sift/packages/flasm.sls' [DEBUG ] No dest file found [INFO ] Fetching file from saltenv 'base', ** done ** 'sift/packages/flasm.sls' [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/flasm.sls [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/flasm.sls' using 'jinja' renderer: 0.000659942626953 [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/flasm.sls: flasm: pkg.installed [DEBUG ] Results of YAML rendering: OrderedDict([('flasm', 'pkg.installed')]) [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/flasm.sls' using 'yaml' renderer: 0.000504016876221 [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/flex.sls' to resolve 'salt://sift/packages/flex.sls' [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/flex.sls' to resolve 'salt://sift/packages/flex.sls' [DEBUG ] Fetching file from saltenv 'base', ** attempting ** 'salt://sift/packages/flex.sls' [DEBUG ] No dest file found [INFO ] Fetching file from saltenv 'base', ** done ** 'sift/packages/flex.sls' [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/flex.sls [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/flex.sls' using 'jinja' renderer: 0.000678062438965 [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/flex.sls: flex: pkg.installed [DEBUG ] Results of YAML rendering: OrderedDict([('flex', 'pkg.installed')]) [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/flex.sls' using 'yaml' renderer: 0.000525951385498 [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/foremost.sls' to resolve 'salt://sift/packages/foremost.sls' [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/foremost.sls' to resolve 'salt://sift/packages/foremost.sls' [DEBUG ] Fetching file from saltenv 'base', ** attempting ** 'salt://sift/packages/foremost.sls' [DEBUG ] No dest file found [INFO ] Fetching file from saltenv 'base', ** done ** 'sift/packages/foremost.sls' [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/foremost.sls [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/foremost.sls' using 'jinja' renderer: 0.000813961029053 [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/foremost.sls: foremost: pkg.installed [DEBUG ] Results of YAML rendering: OrderedDict([('foremost', 'pkg.installed')]) [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/foremost.sls' using 'yaml' renderer: 0.000664949417114 [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/g++.sls' to resolve 'salt://sift/packages/g++.sls' [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/g++.sls' to resolve 'salt://sift/packages/g++.sls' [DEBUG ] Fetching file from saltenv 'base', ** attempting ** 'salt://sift/packages/g++.sls' [DEBUG ] No dest file found [INFO ] Fetching file from saltenv 'base', ** done ** 'sift/packages/g++.sls' [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/g++.sls [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/g++.sls' using 'jinja' renderer: 0.00100302696228 [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/g++.sls: g++: pkg.installed [DEBUG ] Results of YAML rendering: OrderedDict([('g++', 'pkg.installed')]) [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/g++.sls' using 'yaml' renderer: 0.000750064849854 [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/gawk.sls' to resolve 'salt://sift/packages/gawk.sls' [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/gawk.sls' to resolve 'salt://sift/packages/gawk.sls' [DEBUG ] Fetching file from saltenv 'base', ** attempting ** 'salt://sift/packages/gawk.sls' [DEBUG ] No dest file found [INFO ] Fetching file from saltenv 'base', ** done ** 'sift/packages/gawk.sls' [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/gawk.sls [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/gawk.sls' using 'jinja' renderer: 0.000823974609375 [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/gawk.sls: gawk: pkg.installed [DEBUG ] Results of YAML rendering: OrderedDict([('gawk', 'pkg.installed')]) [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/gawk.sls' using 'yaml' renderer: 0.000643014907837 [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/gcc.sls' to resolve 'salt://sift/packages/gcc.sls' [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/gcc.sls' to resolve 'salt://sift/packages/gcc.sls' [DEBUG ] Fetching file from saltenv 'base', ** attempting ** 'salt://sift/packages/gcc.sls' [DEBUG ] No dest file found [INFO ] Fetching file from saltenv 'base', ** done ** 'sift/packages/gcc.sls' [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/gcc.sls [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/gcc.sls' using 'jinja' renderer: 0.000728130340576 [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/gcc.sls: gcc: pkg.installed [DEBUG ] Results of YAML rendering: OrderedDict([('gcc', 'pkg.installed')]) [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/gcc.sls' using 'yaml' renderer: 0.000541925430298 [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/gdb.sls' to resolve 'salt://sift/packages/gdb.sls' [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/gdb.sls' to resolve 'salt://sift/packages/gdb.sls' [DEBUG ] Fetching file from saltenv 'base', ** attempting ** 'salt://sift/packages/gdb.sls' [DEBUG ] No dest file found [INFO ] Fetching file from saltenv 'base', ** done ** 'sift/packages/gdb.sls' [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/gdb.sls [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/gdb.sls' using 'jinja' renderer: 0.000713109970093 [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/gdb.sls: gdb: pkg.installed [DEBUG ] Results of YAML rendering: OrderedDict([('gdb', 'pkg.installed')]) [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/gdb.sls' using 'yaml' renderer: 0.000539064407349 [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/gddrescue.sls' to resolve 'salt://sift/packages/gddrescue.sls' [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/gddrescue.sls' to resolve 'salt://sift/packages/gddrescue.sls' [DEBUG ] Fetching file from saltenv 'base', ** attempting ** 'salt://sift/packages/gddrescue.sls' [DEBUG ] No dest file found [INFO ] Fetching file from saltenv 'base', ** done ** 'sift/packages/gddrescue.sls' [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/gddrescue.sls [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/gddrescue.sls' using 'jinja' renderer: 0.000625848770142 [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/gddrescue.sls: gddrescue: pkg.installed [DEBUG ] Results of YAML rendering: OrderedDict([('gddrescue', 'pkg.installed')]) [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/gddrescue.sls' using 'yaml' renderer: 0.000641107559204 [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/ghex.sls' to resolve 'salt://sift/packages/ghex.sls' [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/ghex.sls' to resolve 'salt://sift/packages/ghex.sls' [DEBUG ] Fetching file from saltenv 'base', ** attempting ** 'salt://sift/packages/ghex.sls' [DEBUG ] No dest file found [INFO ] Fetching file from saltenv 'base', ** done ** 'sift/packages/ghex.sls' [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/ghex.sls [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/ghex.sls' using 'jinja' renderer: 0.000735998153687 [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/ghex.sls: ghex: pkg.installed [DEBUG ] Results of YAML rendering: OrderedDict([('ghex', 'pkg.installed')]) [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/ghex.sls' using 'yaml' renderer: 0.000629901885986 [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/git.sls' to resolve 'salt://sift/packages/git.sls' [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/git.sls' to resolve 'salt://sift/packages/git.sls' [DEBUG ] Fetching file from saltenv 'base', ** attempting ** 'salt://sift/packages/git.sls' [DEBUG ] No dest file found [INFO ] Fetching file from saltenv 'base', ** done ** 'sift/packages/git.sls' [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/git.sls [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/git.sls' using 'jinja' renderer: 0.000654935836792 [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/git.sls: git: pkg.installed [DEBUG ] Results of YAML rendering: OrderedDict([('git', 'pkg.installed')]) [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/git.sls' using 'yaml' renderer: 0.00048303604126 [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/graphviz.sls' to resolve 'salt://sift/packages/graphviz.sls' [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/graphviz.sls' to resolve 'salt://sift/packages/graphviz.sls' [DEBUG ] Fetching file from saltenv 'base', ** attempting ** 'salt://sift/packages/graphviz.sls' [DEBUG ] No dest file found [INFO ] Fetching file from saltenv 'base', ** done ** 'sift/packages/graphviz.sls' [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/graphviz.sls [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/graphviz.sls' using 'jinja' renderer: 0.000631809234619 [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/graphviz.sls: graphviz: pkg.installed [DEBUG ] Results of YAML rendering: OrderedDict([('graphviz', 'pkg.installed')]) [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/graphviz.sls' using 'yaml' renderer: 0.000484943389893 [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/gthumb.sls' to resolve 'salt://sift/packages/gthumb.sls' [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/gthumb.sls' to resolve 'salt://sift/packages/gthumb.sls' [DEBUG ] Fetching file from saltenv 'base', ** attempting ** 'salt://sift/packages/gthumb.sls' [DEBUG ] No dest file found [INFO ] Fetching file from saltenv 'base', ** done ** 'sift/packages/gthumb.sls' [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/gthumb.sls [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/gthumb.sls' using 'jinja' renderer: 0.000629901885986 [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/gthumb.sls: gthumb: pkg.installed [DEBUG ] Results of YAML rendering: OrderedDict([('gthumb', 'pkg.installed')]) [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/gthumb.sls' using 'yaml' renderer: 0.000494956970215 [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/gzrt.sls' to resolve 'salt://sift/packages/gzrt.sls' [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/gzrt.sls' to resolve 'salt://sift/packages/gzrt.sls' [DEBUG ] Fetching file from saltenv 'base', ** attempting ** 'salt://sift/packages/gzrt.sls' [DEBUG ] No dest file found [INFO ] Fetching file from saltenv 'base', ** done ** 'sift/packages/gzrt.sls' [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/gzrt.sls [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/gzrt.sls' using 'jinja' renderer: 0.000659942626953 [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/gzrt.sls: gzrt: pkg.installed [DEBUG ] Results of YAML rendering: OrderedDict([('gzrt', 'pkg.installed')]) [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/gzrt.sls' using 'yaml' renderer: 0.000489950180054 [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/hexedit.sls' to resolve 'salt://sift/packages/hexedit.sls' [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/hexedit.sls' to resolve 'salt://sift/packages/hexedit.sls' [DEBUG ] Fetching file from saltenv 'base', ** attempting ** 'salt://sift/packages/hexedit.sls' [DEBUG ] No dest file found [INFO ] Fetching file from saltenv 'base', ** done ** 'sift/packages/hexedit.sls' [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/hexedit.sls [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/hexedit.sls' using 'jinja' renderer: 0.000662088394165 [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/hexedit.sls: hexedit: pkg.installed [DEBUG ] Results of YAML rendering: OrderedDict([('hexedit', 'pkg.installed')]) [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/hexedit.sls' using 'yaml' renderer: 0.000501155853271 [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/htop.sls' to resolve 'salt://sift/packages/htop.sls' [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/htop.sls' to resolve 'salt://sift/packages/htop.sls' [DEBUG ] Fetching file from saltenv 'base', ** attempting ** 'salt://sift/packages/htop.sls' [DEBUG ] No dest file found [INFO ] Fetching file from saltenv 'base', ** done ** 'sift/packages/htop.sls' [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/htop.sls [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/htop.sls' using 'jinja' renderer: 0.000624895095825 [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/htop.sls: htop: pkg.installed [DEBUG ] Results of YAML rendering: OrderedDict([('htop', 'pkg.installed')]) [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/htop.sls' using 'yaml' renderer: 0.000481843948364 [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/hydra.sls' to resolve 'salt://sift/packages/hydra.sls' [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/hydra.sls' to resolve 'salt://sift/packages/hydra.sls' [DEBUG ] Fetching file from saltenv 'base', ** attempting ** 'salt://sift/packages/hydra.sls' [DEBUG ] No dest file found [INFO ] Fetching file from saltenv 'base', ** done ** 'sift/packages/hydra.sls' [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/hydra.sls [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/hydra.sls' using 'jinja' renderer: 0.000638008117676 [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/hydra.sls: hydra: pkg.installed [DEBUG ] Results of YAML rendering: OrderedDict([('hydra', 'pkg.installed')]) [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/hydra.sls' using 'yaml' renderer: 0.000475883483887 [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/hydra-gtk.sls' to resolve 'salt://sift/packages/hydra-gtk.sls' [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/hydra-gtk.sls' to resolve 'salt://sift/packages/hydra-gtk.sls' [DEBUG ] Fetching file from saltenv 'base', ** attempting ** 'salt://sift/packages/hydra-gtk.sls' [DEBUG ] No dest file found [INFO ] Fetching file from saltenv 'base', ** done ** 'sift/packages/hydra-gtk.sls' [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/hydra-gtk.sls [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/hydra-gtk.sls' using 'jinja' renderer: 0.00100898742676 [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/hydra-gtk.sls: hydra-gtk: pkg.installed [DEBUG ] Results of YAML rendering: OrderedDict([('hydra-gtk', 'pkg.installed')]) [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/hydra-gtk.sls' using 'yaml' renderer: 0.000478029251099 [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/ipython.sls' to resolve 'salt://sift/packages/ipython.sls' [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/ipython.sls' to resolve 'salt://sift/packages/ipython.sls' [DEBUG ] Fetching file from saltenv 'base', ** attempting ** 'salt://sift/packages/ipython.sls' [DEBUG ] No dest file found [INFO ] Fetching file from saltenv 'base', ** done ** 'sift/packages/ipython.sls' [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/ipython.sls [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/ipython.sls' using 'jinja' renderer: 0.00060510635376 [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/ipython.sls: ipython: pkg.installed [DEBUG ] Results of YAML rendering: OrderedDict([('ipython', 'pkg.installed')]) [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/ipython.sls' using 'yaml' renderer: 0.00047492980957 [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/jq.sls' to resolve 'salt://sift/packages/jq.sls' [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/jq.sls' to resolve 'salt://sift/packages/jq.sls' [DEBUG ] Fetching file from saltenv 'base', ** attempting ** 'salt://sift/packages/jq.sls' [DEBUG ] No dest file found [INFO ] Fetching file from saltenv 'base', ** done ** 'sift/packages/jq.sls' [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/jq.sls [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/jq.sls' using 'jinja' renderer: 0.000630855560303 [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/jq.sls: jq: pkg.installed: - name: jq [DEBUG ] Results of YAML rendering: OrderedDict([('jq', OrderedDict([('pkg.installed', [OrderedDict([('name', 'jq')])])]))]) [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/jq.sls' using 'yaml' renderer: 0.000833034515381 [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/kdiff3.sls' to resolve 'salt://sift/packages/kdiff3.sls' [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/kdiff3.sls' to resolve 'salt://sift/packages/kdiff3.sls' [DEBUG ] Fetching file from saltenv 'base', ** attempting ** 'salt://sift/packages/kdiff3.sls' [DEBUG ] No dest file found [INFO ] Fetching file from saltenv 'base', ** done ** 'sift/packages/kdiff3.sls' [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/kdiff3.sls [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/kdiff3.sls' using 'jinja' renderer: 0.00065016746521 [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/kdiff3.sls: kdiff3: pkg.installed [DEBUG ] Results of YAML rendering: OrderedDict([('kdiff3', 'pkg.installed')]) [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/kdiff3.sls' using 'yaml' renderer: 0.000493049621582 [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/knocker.sls' to resolve 'salt://sift/packages/knocker.sls' [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/knocker.sls' to resolve 'salt://sift/packages/knocker.sls' [DEBUG ] Fetching file from saltenv 'base', ** attempting ** 'salt://sift/packages/knocker.sls' [DEBUG ] No dest file found [INFO ] Fetching file from saltenv 'base', ** done ** 'sift/packages/knocker.sls' [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/knocker.sls [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/knocker.sls' using 'jinja' renderer: 0.000613927841187 [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/knocker.sls: knocker: pkg.installed [DEBUG ] Results of YAML rendering: OrderedDict([('knocker', 'pkg.installed')]) [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/knocker.sls' using 'yaml' renderer: 0.000507831573486 [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/kpartx.sls' to resolve 'salt://sift/packages/kpartx.sls' [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/kpartx.sls' to resolve 'salt://sift/packages/kpartx.sls' [DEBUG ] Fetching file from saltenv 'base', ** attempting ** 'salt://sift/packages/kpartx.sls' [DEBUG ] No dest file found [INFO ] Fetching file from saltenv 'base', ** done ** 'sift/packages/kpartx.sls' [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/kpartx.sls [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/kpartx.sls' using 'jinja' renderer: 0.000648975372314 [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/kpartx.sls: kpartx: pkg.installed [DEBUG ] Results of YAML rendering: OrderedDict([('kpartx', 'pkg.installed')]) [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/kpartx.sls' using 'yaml' renderer: 0.000497102737427 [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/lft.sls' to resolve 'salt://sift/packages/lft.sls' [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/lft.sls' to resolve 'salt://sift/packages/lft.sls' [DEBUG ] Fetching file from saltenv 'base', ** attempting ** 'salt://sift/packages/lft.sls' [DEBUG ] No dest file found [INFO ] Fetching file from saltenv 'base', ** done ** 'sift/packages/lft.sls' [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/lft.sls [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/lft.sls' using 'jinja' renderer: 0.000627994537354 [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/lft.sls: lft: pkg.installed [DEBUG ] Results of YAML rendering: OrderedDict([('lft', 'pkg.installed')]) [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/lft.sls' using 'yaml' renderer: 0.000484943389893 [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/libafflib-dev.sls' to resolve 'salt://sift/packages/libafflib-dev.sls' [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/libafflib-dev.sls' to resolve 'salt://sift/packages/libafflib-dev.sls' [DEBUG ] Fetching file from saltenv 'base', ** attempting ** 'salt://sift/packages/libafflib-dev.sls' [DEBUG ] No dest file found [INFO ] Fetching file from saltenv 'base', ** done ** 'sift/packages/libafflib-dev.sls' [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/libafflib-dev.sls [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/libafflib-dev.sls' using 'jinja' renderer: 0.000643014907837 [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/libafflib-dev.sls: libafflib-dev: pkg.installed [DEBUG ] Results of YAML rendering: OrderedDict([('libafflib-dev', 'pkg.installed')]) [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/libafflib-dev.sls' using 'yaml' renderer: 0.000494003295898 [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/libafflib.sls' to resolve 'salt://sift/packages/libafflib.sls' [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/libafflib.sls' to resolve 'salt://sift/packages/libafflib.sls' [DEBUG ] Fetching file from saltenv 'base', ** attempting ** 'salt://sift/packages/libafflib.sls' [DEBUG ] No dest file found [INFO ] Fetching file from saltenv 'base', ** done ** 'sift/packages/libafflib.sls' [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/libafflib.sls [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/libafflib.sls' using 'jinja' renderer: 0.0020740032196 [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/libafflib.sls: libafflib: pkg.installed: - name: libafflib0v5 [DEBUG ] Results of YAML rendering: OrderedDict([('libafflib', OrderedDict([('pkg.installed', [OrderedDict([('name', 'libafflib0v5')])])]))]) [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/libafflib.sls' using 'yaml' renderer: 0.000840902328491 [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/libbde.sls' to resolve 'salt://sift/packages/libbde.sls' [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/libbde.sls' to resolve 'salt://sift/packages/libbde.sls' [DEBUG ] Fetching file from saltenv 'base', ** attempting ** 'salt://sift/packages/libbde.sls' [DEBUG ] No dest file found [INFO ] Fetching file from saltenv 'base', ** done ** 'sift/packages/libbde.sls' [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/libbde.sls [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/libbde.sls' using 'jinja' renderer: 0.000608921051025 [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/libbde.sls: libbde: pkg.installed [DEBUG ] Results of YAML rendering: OrderedDict([('libbde', 'pkg.installed')]) [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/libbde.sls' using 'yaml' renderer: 0.000458955764771 [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/libbde-tools.sls' to resolve 'salt://sift/packages/libbde-tools.sls' [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/libbde-tools.sls' to resolve 'salt://sift/packages/libbde-tools.sls' [DEBUG ] Fetching file from saltenv 'base', ** attempting ** 'salt://sift/packages/libbde-tools.sls' [DEBUG ] No dest file found [INFO ] Fetching file from saltenv 'base', ** done ** 'sift/packages/libbde-tools.sls' [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/libbde-tools.sls [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/libbde-tools.sls' using 'jinja' renderer: 0.000630140304565 [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/libbde-tools.sls: libbde-tools: pkg.installed [DEBUG ] Results of YAML rendering: OrderedDict([('libbde-tools', 'pkg.installed')]) [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/libbde-tools.sls' using 'yaml' renderer: 0.000496864318848 [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/libesedb.sls' to resolve 'salt://sift/packages/libesedb.sls' [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/libesedb.sls' to resolve 'salt://sift/packages/libesedb.sls' [DEBUG ] Fetching file from saltenv 'base', ** attempting ** 'salt://sift/packages/libesedb.sls' [DEBUG ] No dest file found [INFO ] Fetching file from saltenv 'base', ** done ** 'sift/packages/libesedb.sls' [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/libesedb.sls [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/libesedb.sls' using 'jinja' renderer: 0.000601053237915 [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/libesedb.sls: libesedb: pkg.installed [DEBUG ] Results of YAML rendering: OrderedDict([('libesedb', 'pkg.installed')]) [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/libesedb.sls' using 'yaml' renderer: 0.000534057617188 [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/libesedb-tools.sls' to resolve 'salt://sift/packages/libesedb-tools.sls' [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/libesedb-tools.sls' to resolve 'salt://sift/packages/libesedb-tools.sls' [DEBUG ] Fetching file from saltenv 'base', ** attempting ** 'salt://sift/packages/libesedb-tools.sls' [DEBUG ] No dest file found [INFO ] Fetching file from saltenv 'base', ** done ** 'sift/packages/libesedb-tools.sls' [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/libesedb-tools.sls [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/libesedb-tools.sls' using 'jinja' renderer: 0.000631093978882 [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/libesedb-tools.sls: libesedb-tools: pkg.installed [DEBUG ] Results of YAML rendering: OrderedDict([('libesedb-tools', 'pkg.installed')]) [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/libesedb-tools.sls' using 'yaml' renderer: 0.00048303604126 [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/libevt.sls' to resolve 'salt://sift/packages/libevt.sls' [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/libevt.sls' to resolve 'salt://sift/packages/libevt.sls' [DEBUG ] Fetching file from saltenv 'base', ** attempting ** 'salt://sift/packages/libevt.sls' [DEBUG ] No dest file found [INFO ] Fetching file from saltenv 'base', ** done ** 'sift/packages/libevt.sls' [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/libevt.sls [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/libevt.sls' using 'jinja' renderer: 0.000646114349365 [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/libevt.sls: libevt: pkg.installed [DEBUG ] Results of YAML rendering: OrderedDict([('libevt', 'pkg.installed')]) [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/libevt.sls' using 'yaml' renderer: 0.000495910644531 [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/libevt-tools.sls' to resolve 'salt://sift/packages/libevt-tools.sls' [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/libevt-tools.sls' to resolve 'salt://sift/packages/libevt-tools.sls' [DEBUG ] Fetching file from saltenv 'base', ** attempting ** 'salt://sift/packages/libevt-tools.sls' [DEBUG ] No dest file found [INFO ] Fetching file from saltenv 'base', ** done ** 'sift/packages/libevt-tools.sls' [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/libevt-tools.sls [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/libevt-tools.sls' using 'jinja' renderer: 0.000627040863037 [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/libevt-tools.sls: libevt-tools: pkg.installed [DEBUG ] Results of YAML rendering: OrderedDict([('libevt-tools', 'pkg.installed')]) [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/libevt-tools.sls' using 'yaml' renderer: 0.00049901008606 [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/libevtx.sls' to resolve 'salt://sift/packages/libevtx.sls' [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/libevtx.sls' to resolve 'salt://sift/packages/libevtx.sls' [DEBUG ] Fetching file from saltenv 'base', ** attempting ** 'salt://sift/packages/libevtx.sls' [DEBUG ] No dest file found [INFO ] Fetching file from saltenv 'base', ** done ** 'sift/packages/libevtx.sls' [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/libevtx.sls [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/libevtx.sls' using 'jinja' renderer: 0.000798940658569 [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/libevtx.sls: libevtx: pkg.installed [DEBUG ] Results of YAML rendering: OrderedDict([('libevtx', 'pkg.installed')]) [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/libevtx.sls' using 'yaml' renderer: 0.00049901008606 [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/libevtx-tools.sls' to resolve 'salt://sift/packages/libevtx-tools.sls' [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/libevtx-tools.sls' to resolve 'salt://sift/packages/libevtx-tools.sls' [DEBUG ] Fetching file from saltenv 'base', ** attempting ** 'salt://sift/packages/libevtx-tools.sls' [DEBUG ] No dest file found [INFO ] Fetching file from saltenv 'base', ** done ** 'sift/packages/libevtx-tools.sls' [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/libevtx-tools.sls [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/libevtx-tools.sls' using 'jinja' renderer: 0.000692844390869 [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/libevtx-tools.sls: libevtx-tools: pkg.installed [DEBUG ] Results of YAML rendering: OrderedDict([('libevtx-tools', 'pkg.installed')]) [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/libevtx-tools.sls' using 'yaml' renderer: 0.000508069992065 [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/libewf.sls' to resolve 'salt://sift/packages/libewf.sls' [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/libewf.sls' to resolve 'salt://sift/packages/libewf.sls' [DEBUG ] Fetching file from saltenv 'base', ** attempting ** 'salt://sift/packages/libewf.sls' [DEBUG ] No dest file found [INFO ] Fetching file from saltenv 'base', ** done ** 'sift/packages/libewf.sls' [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/libewf.sls [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/libewf.sls' using 'jinja' renderer: 0.00123906135559 [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/libewf.sls: libewf: pkg.installed [DEBUG ] Results of YAML rendering: OrderedDict([('libewf', 'pkg.installed')]) [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/libewf.sls' using 'yaml' renderer: 0.000535011291504 [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/libewf-dev.sls' to resolve 'salt://sift/packages/libewf-dev.sls' [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/libewf-dev.sls' to resolve 'salt://sift/packages/libewf-dev.sls' [DEBUG ] Fetching file from saltenv 'base', ** attempting ** 'salt://sift/packages/libewf-dev.sls' [DEBUG ] No dest file found [INFO ] Fetching file from saltenv 'base', ** done ** 'sift/packages/libewf-dev.sls' [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/libewf-dev.sls [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/libewf-dev.sls' using 'jinja' renderer: 0.000670909881592 [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/libewf-dev.sls: libewf-dev: pkg.installed [DEBUG ] Results of YAML rendering: OrderedDict([('libewf-dev', 'pkg.installed')]) [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/libewf-dev.sls' using 'yaml' renderer: 0.000537872314453 [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/libewf-python.sls' to resolve 'salt://sift/packages/libewf-python.sls' [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/libewf-python.sls' to resolve 'salt://sift/packages/libewf-python.sls' [DEBUG ] Fetching file from saltenv 'base', ** attempting ** 'salt://sift/packages/libewf-python.sls' [DEBUG ] No dest file found [INFO ] Fetching file from saltenv 'base', ** done ** 'sift/packages/libewf-python.sls' [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/libewf-python.sls [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/libewf-python.sls' using 'jinja' renderer: 0.00067400932312 [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/libewf-python.sls: libewf-python: pkg.installed [DEBUG ] Results of YAML rendering: OrderedDict([('libewf-python', 'pkg.installed')]) [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/libewf-python.sls' using 'yaml' renderer: 0.000535011291504 [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/libewf-tools.sls' to resolve 'salt://sift/packages/libewf-tools.sls' [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/libewf-tools.sls' to resolve 'salt://sift/packages/libewf-tools.sls' [DEBUG ] Fetching file from saltenv 'base', ** attempting ** 'salt://sift/packages/libewf-tools.sls' [DEBUG ] No dest file found [INFO ] Fetching file from saltenv 'base', ** done ** 'sift/packages/libewf-tools.sls' [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/libewf-tools.sls [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/libewf-tools.sls' using 'jinja' renderer: 0.000654935836792 [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/libewf-tools.sls: libewf-tools: pkg.installed [DEBUG ] Results of YAML rendering: OrderedDict([('libewf-tools', 'pkg.installed')]) [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/libewf-tools.sls' using 'yaml' renderer: 0.000497102737427 [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/libffi-dev.sls' to resolve 'salt://sift/packages/libffi-dev.sls' [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/libffi-dev.sls' to resolve 'salt://sift/packages/libffi-dev.sls' [DEBUG ] Fetching file from saltenv 'base', ** attempting ** 'salt://sift/packages/libffi-dev.sls' [DEBUG ] No dest file found [INFO ] Fetching file from saltenv 'base', ** done ** 'sift/packages/libffi-dev.sls' [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/libffi-dev.sls [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/libffi-dev.sls' using 'jinja' renderer: 0.000645160675049 [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/libffi-dev.sls: libffi-dev: pkg.installed [DEBUG ] Results of YAML rendering: OrderedDict([('libffi-dev', 'pkg.installed')]) [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/libffi-dev.sls' using 'yaml' renderer: 0.000494003295898 [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/libfuse-dev.sls' to resolve 'salt://sift/packages/libfuse-dev.sls' [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/libfuse-dev.sls' to resolve 'salt://sift/packages/libfuse-dev.sls' [DEBUG ] Fetching file from saltenv 'base', ** attempting ** 'salt://sift/packages/libfuse-dev.sls' [DEBUG ] No dest file found [INFO ] Fetching file from saltenv 'base', ** done ** 'sift/packages/libfuse-dev.sls' [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/libfuse-dev.sls [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/libfuse-dev.sls' using 'jinja' renderer: 0.000654935836792 [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/libfuse-dev.sls: libfuse-dev: pkg.installed [DEBUG ] Results of YAML rendering: OrderedDict([('libfuse-dev', 'pkg.installed')]) [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/libfuse-dev.sls' using 'yaml' renderer: 0.000501155853271 [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/libfvde.sls' to resolve 'salt://sift/packages/libfvde.sls' [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/libfvde.sls' to resolve 'salt://sift/packages/libfvde.sls' [DEBUG ] Fetching file from saltenv 'base', ** attempting ** 'salt://sift/packages/libfvde.sls' [DEBUG ] No dest file found [INFO ] Fetching file from saltenv 'base', ** done ** 'sift/packages/libfvde.sls' [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/libfvde.sls [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/libfvde.sls' using 'jinja' renderer: 0.000645875930786 [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/libfvde.sls: include: - sift.repos.gift libfvde: pkg.installed: - require: - pkgrepo: sift-gift-repo [DEBUG ] Results of YAML rendering: OrderedDict([('include', ['sift.repos.gift']), ('libfvde', OrderedDict([('pkg.installed', [OrderedDict([('require', [OrderedDict([('pkgrepo', 'sift-gift-repo')])])])])]))]) [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/libfvde.sls' using 'yaml' renderer: 0.00125598907471 [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/libfvde-tools.sls' to resolve 'salt://sift/packages/libfvde-tools.sls' [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/libfvde-tools.sls' to resolve 'salt://sift/packages/libfvde-tools.sls' [DEBUG ] Fetching file from saltenv 'base', ** attempting ** 'salt://sift/packages/libfvde-tools.sls' [DEBUG ] No dest file found [INFO ] Fetching file from saltenv 'base', ** done ** 'sift/packages/libfvde-tools.sls' [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/libfvde-tools.sls [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/libfvde-tools.sls' using 'jinja' renderer: 0.000694990158081 [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/libfvde-tools.sls: libfvde-tools: pkg.installed [DEBUG ] Results of YAML rendering: OrderedDict([('libfvde-tools', 'pkg.installed')]) [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/libfvde-tools.sls' using 'yaml' renderer: 0.000554084777832 [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/liblightgrep.sls' to resolve 'salt://sift/packages/liblightgrep.sls' [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/liblightgrep.sls' to resolve 'salt://sift/packages/liblightgrep.sls' [DEBUG ] Fetching file from saltenv 'base', ** attempting ** 'salt://sift/packages/liblightgrep.sls' [DEBUG ] No dest file found [INFO ] Fetching file from saltenv 'base', ** done ** 'sift/packages/liblightgrep.sls' [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/liblightgrep.sls [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/liblightgrep.sls' using 'jinja' renderer: 0.000614881515503 [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/liblightgrep.sls: liblightgrep: pkg.installed [DEBUG ] Results of YAML rendering: OrderedDict([('liblightgrep', 'pkg.installed')]) [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/liblightgrep.sls' using 'yaml' renderer: 0.000504970550537 [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/libmsiecf.sls' to resolve 'salt://sift/packages/libmsiecf.sls' [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/libmsiecf.sls' to resolve 'salt://sift/packages/libmsiecf.sls' [DEBUG ] Fetching file from saltenv 'base', ** attempting ** 'salt://sift/packages/libmsiecf.sls' [DEBUG ] No dest file found [INFO ] Fetching file from saltenv 'base', ** done ** 'sift/packages/libmsiecf.sls' [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/libmsiecf.sls [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/libmsiecf.sls' using 'jinja' renderer: 0.000685930252075 [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/libmsiecf.sls: libmsiecf: pkg.installed [DEBUG ] Results of YAML rendering: OrderedDict([('libmsiecf', 'pkg.installed')]) [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/libmsiecf.sls' using 'yaml' renderer: 0.000577926635742 [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/libncurses.sls' to resolve 'salt://sift/packages/libncurses.sls' [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/libncurses.sls' to resolve 'salt://sift/packages/libncurses.sls' [DEBUG ] Fetching file from saltenv 'base', ** attempting ** 'salt://sift/packages/libncurses.sls' [DEBUG ] No dest file found [INFO ] Fetching file from saltenv 'base', ** done ** 'sift/packages/libncurses.sls' [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/libncurses.sls [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/libncurses.sls' using 'jinja' renderer: 0.000648021697998 [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/libncurses.sls: libncurses: pkg.installed: - name: libncurses5-dev [DEBUG ] Results of YAML rendering: OrderedDict([('libncurses', OrderedDict([('pkg.installed', [OrderedDict([('name', 'libncurses5-dev')])])]))]) [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/libncurses.sls' using 'yaml' renderer: 0.000859022140503 [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/libnet1.sls' to resolve 'salt://sift/packages/libnet1.sls' [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/libnet1.sls' to resolve 'salt://sift/packages/libnet1.sls' [DEBUG ] Fetching file from saltenv 'base', ** attempting ** 'salt://sift/packages/libnet1.sls' [DEBUG ] No dest file found [INFO ] Fetching file from saltenv 'base', ** done ** 'sift/packages/libnet1.sls' [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/libnet1.sls [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/libnet1.sls' using 'jinja' renderer: 0.000715970993042 [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/libnet1.sls: libnet1: pkg.installed [DEBUG ] Results of YAML rendering: OrderedDict([('libnet1', 'pkg.installed')]) [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/libnet1.sls' using 'yaml' renderer: 0.000499963760376 [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/libolecf.sls' to resolve 'salt://sift/packages/libolecf.sls' [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/libolecf.sls' to resolve 'salt://sift/packages/libolecf.sls' [DEBUG ] Fetching file from saltenv 'base', ** attempting ** 'salt://sift/packages/libolecf.sls' [DEBUG ] No dest file found [INFO ] Fetching file from saltenv 'base', ** done ** 'sift/packages/libolecf.sls' [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/libolecf.sls [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/libolecf.sls' using 'jinja' renderer: 0.000633955001831 [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/libolecf.sls: libolecf: pkg.installed [DEBUG ] Results of YAML rendering: OrderedDict([('libolecf', 'pkg.installed')]) [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/libolecf.sls' using 'yaml' renderer: 0.000481843948364 [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/libparse-win32registry-perl.sls' to resolve 'salt://sift/packages/libparse-win32registry-perl.sls' [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/libparse-win32registry-perl.sls' to resolve 'salt://sift/packages/libparse-win32registry-perl.sls' [DEBUG ] Fetching file from saltenv 'base', ** attempting ** 'salt://sift/packages/libparse-win32registry-perl.sls' [DEBUG ] No dest file found [INFO ] Fetching file from saltenv 'base', ** done ** 'sift/packages/libparse-win32registry-perl.sls' [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/libparse-win32registry-perl.sls [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/libparse-win32registry-perl.sls' using 'jinja' renderer: 0.000659942626953 [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/libparse-win32registry-perl.sls: libparse-win32registry-perl: pkg.installed [DEBUG ] Results of YAML rendering: OrderedDict([('libparse-win32registry-perl', 'pkg.installed')]) [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/libparse-win32registry-perl.sls' using 'yaml' renderer: 0.00049614906311 [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/libpff.sls' to resolve 'salt://sift/packages/libpff.sls' [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/libpff.sls' to resolve 'salt://sift/packages/libpff.sls' [DEBUG ] Fetching file from saltenv 'base', ** attempting ** 'salt://sift/packages/libpff.sls' [DEBUG ] No dest file found [INFO ] Fetching file from saltenv 'base', ** done ** 'sift/packages/libpff.sls' [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/libpff.sls [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/libpff.sls' using 'jinja' renderer: 0.000613212585449 [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/libpff.sls: libpff: pkg.installed [DEBUG ] Results of YAML rendering: OrderedDict([('libpff', 'pkg.installed')]) [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/libpff.sls' using 'yaml' renderer: 0.000622987747192 [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/libpff-dev.sls' to resolve 'salt://sift/packages/libpff-dev.sls' [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/libpff-dev.sls' to resolve 'salt://sift/packages/libpff-dev.sls' [DEBUG ] Fetching file from saltenv 'base', ** attempting ** 'salt://sift/packages/libpff-dev.sls' [DEBUG ] No dest file found [INFO ] Fetching file from saltenv 'base', ** done ** 'sift/packages/libpff-dev.sls' [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/libpff-dev.sls [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/libpff-dev.sls' using 'jinja' renderer: 0.000787973403931 [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/libpff-dev.sls: libpff-dev: pkg.installed [DEBUG ] Results of YAML rendering: OrderedDict([('libpff-dev', 'pkg.installed')]) [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/libpff-dev.sls' using 'yaml' renderer: 0.000519990921021 [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/libpff-python.sls' to resolve 'salt://sift/packages/libpff-python.sls' [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/libpff-python.sls' to resolve 'salt://sift/packages/libpff-python.sls' [DEBUG ] Fetching file from saltenv 'base', ** attempting ** 'salt://sift/packages/libpff-python.sls' [DEBUG ] No dest file found [INFO ] Fetching file from saltenv 'base', ** done ** 'sift/packages/libpff-python.sls' [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/libpff-python.sls [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/libpff-python.sls' using 'jinja' renderer: 0.000625848770142 [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/libpff-python.sls: libpff-python: pkg.installed [DEBUG ] Results of YAML rendering: OrderedDict([('libpff-python', 'pkg.installed')]) [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/libpff-python.sls' using 'yaml' renderer: 0.000489950180054 [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/libpff-tools.sls' to resolve 'salt://sift/packages/libpff-tools.sls' [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/libpff-tools.sls' to resolve 'salt://sift/packages/libpff-tools.sls' [DEBUG ] Fetching file from saltenv 'base', ** attempting ** 'salt://sift/packages/libpff-tools.sls' [DEBUG ] No dest file found [INFO ] Fetching file from saltenv 'base', ** done ** 'sift/packages/libpff-tools.sls' [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/libpff-tools.sls [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/libpff-tools.sls' using 'jinja' renderer: 0.000627994537354 [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/libpff-tools.sls: libpff-tools: pkg.installed [DEBUG ] Results of YAML rendering: OrderedDict([('libpff-tools', 'pkg.installed')]) [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/libpff-tools.sls' using 'yaml' renderer: 0.000470161437988 [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/libregf.sls' to resolve 'salt://sift/packages/libregf.sls' [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/libregf.sls' to resolve 'salt://sift/packages/libregf.sls' [DEBUG ] Fetching file from saltenv 'base', ** attempting ** 'salt://sift/packages/libregf.sls' [DEBUG ] No dest file found [INFO ] Fetching file from saltenv 'base', ** done ** 'sift/packages/libregf.sls' [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/libregf.sls [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/libregf.sls' using 'jinja' renderer: 0.000648975372314 [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/libregf.sls: libregf: pkg.installed [DEBUG ] Results of YAML rendering: OrderedDict([('libregf', 'pkg.installed')]) [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/libregf.sls' using 'yaml' renderer: 0.000901222229004 [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/libregf-dev.sls' to resolve 'salt://sift/packages/libregf-dev.sls' [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/libregf-dev.sls' to resolve 'salt://sift/packages/libregf-dev.sls' [DEBUG ] Fetching file from saltenv 'base', ** attempting ** 'salt://sift/packages/libregf-dev.sls' [DEBUG ] No dest file found [INFO ] Fetching file from saltenv 'base', ** done ** 'sift/packages/libregf-dev.sls' [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/libregf-dev.sls [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/libregf-dev.sls' using 'jinja' renderer: 0.000615119934082 [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/libregf-dev.sls: libregf-dev: pkg.installed [DEBUG ] Results of YAML rendering: OrderedDict([('libregf-dev', 'pkg.installed')]) [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/libregf-dev.sls' using 'yaml' renderer: 0.000759840011597 [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/libregf-python.sls' to resolve 'salt://sift/packages/libregf-python.sls' [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/libregf-python.sls' to resolve 'salt://sift/packages/libregf-python.sls' [DEBUG ] Fetching file from saltenv 'base', ** attempting ** 'salt://sift/packages/libregf-python.sls' [DEBUG ] No dest file found [INFO ] Fetching file from saltenv 'base', ** done ** 'sift/packages/libregf-python.sls' [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/libregf-python.sls [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/libregf-python.sls' using 'jinja' renderer: 0.000654220581055 [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/libregf-python.sls: libregf-python: pkg.installed [DEBUG ] Results of YAML rendering: OrderedDict([('libregf-python', 'pkg.installed')]) [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/libregf-python.sls' using 'yaml' renderer: 0.000536918640137 [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/libregf-tools.sls' to resolve 'salt://sift/packages/libregf-tools.sls' [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/libregf-tools.sls' to resolve 'salt://sift/packages/libregf-tools.sls' [DEBUG ] Fetching file from saltenv 'base', ** attempting ** 'salt://sift/packages/libregf-tools.sls' [DEBUG ] No dest file found [INFO ] Fetching file from saltenv 'base', ** done ** 'sift/packages/libregf-tools.sls' [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/libregf-tools.sls [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/libregf-tools.sls' using 'jinja' renderer: 0.000586986541748 [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/libregf-tools.sls: libregf-tools: pkg.installed [DEBUG ] Results of YAML rendering: OrderedDict([('libregf-tools', 'pkg.installed')]) [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/libregf-tools.sls' using 'yaml' renderer: 0.000460863113403 [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/libssl-dev.sls' to resolve 'salt://sift/packages/libssl-dev.sls' [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/libssl-dev.sls' to resolve 'salt://sift/packages/libssl-dev.sls' [DEBUG ] Fetching file from saltenv 'base', ** attempting ** 'salt://sift/packages/libssl-dev.sls' [DEBUG ] No dest file found [INFO ] Fetching file from saltenv 'base', ** done ** 'sift/packages/libssl-dev.sls' [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/libssl-dev.sls [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/libssl-dev.sls' using 'jinja' renderer: 0.000586986541748 [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/libssl-dev.sls: libssl-dev: pkg.installed [DEBUG ] Results of YAML rendering: OrderedDict([('libssl-dev', 'pkg.installed')]) [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/libssl-dev.sls' using 'yaml' renderer: 0.000461101531982 [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/libtext-csv-perl.sls' to resolve 'salt://sift/packages/libtext-csv-perl.sls' [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/libtext-csv-perl.sls' to resolve 'salt://sift/packages/libtext-csv-perl.sls' [DEBUG ] Fetching file from saltenv 'base', ** attempting ** 'salt://sift/packages/libtext-csv-perl.sls' [DEBUG ] No dest file found [INFO ] Fetching file from saltenv 'base', ** done ** 'sift/packages/libtext-csv-perl.sls' [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/libtext-csv-perl.sls [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/libtext-csv-perl.sls' using 'jinja' renderer: 0.000627994537354 [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/libtext-csv-perl.sls: libtext-csv-perl: pkg.installed [DEBUG ] Results of YAML rendering: OrderedDict([('libtext-csv-perl', 'pkg.installed')]) [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/libtext-csv-perl.sls' using 'yaml' renderer: 0.00049901008606 [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/libvmdk.sls' to resolve 'salt://sift/packages/libvmdk.sls' [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/libvmdk.sls' to resolve 'salt://sift/packages/libvmdk.sls' [DEBUG ] Fetching file from saltenv 'base', ** attempting ** 'salt://sift/packages/libvmdk.sls' [DEBUG ] No dest file found [INFO ] Fetching file from saltenv 'base', ** done ** 'sift/packages/libvmdk.sls' [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/libvmdk.sls [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/libvmdk.sls' using 'jinja' renderer: 0.00073504447937 [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/libvmdk.sls: libvmdk: pkg.installed [DEBUG ] Results of YAML rendering: OrderedDict([('libvmdk', 'pkg.installed')]) [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/libvmdk.sls' using 'yaml' renderer: 0.00052809715271 [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/libvshadow.sls' to resolve 'salt://sift/packages/libvshadow.sls' [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/libvshadow.sls' to resolve 'salt://sift/packages/libvshadow.sls' [DEBUG ] Fetching file from saltenv 'base', ** attempting ** 'salt://sift/packages/libvshadow.sls' [DEBUG ] No dest file found [INFO ] Fetching file from saltenv 'base', ** done ** 'sift/packages/libvshadow.sls' [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/libvshadow.sls [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/libvshadow.sls' using 'jinja' renderer: 0.000707864761353 [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/libvshadow.sls: libvshadow: pkg.installed [DEBUG ] Results of YAML rendering: OrderedDict([('libvshadow', 'pkg.installed')]) [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/libvshadow.sls' using 'yaml' renderer: 0.000529050827026 [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/libvshadow-dev.sls' to resolve 'salt://sift/packages/libvshadow-dev.sls' [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/libvshadow-dev.sls' to resolve 'salt://sift/packages/libvshadow-dev.sls' [DEBUG ] Fetching file from saltenv 'base', ** attempting ** 'salt://sift/packages/libvshadow-dev.sls' [DEBUG ] No dest file found [INFO ] Fetching file from saltenv 'base', ** done ** 'sift/packages/libvshadow-dev.sls' [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/libvshadow-dev.sls [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/libvshadow-dev.sls' using 'jinja' renderer: 0.000646829605103 [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/libvshadow-dev.sls: libvshadow-dev: pkg.installed [DEBUG ] Results of YAML rendering: OrderedDict([('libvshadow-dev', 'pkg.installed')]) [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/libvshadow-dev.sls' using 'yaml' renderer: 0.000502824783325 [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/libvshadow-python.sls' to resolve 'salt://sift/packages/libvshadow-python.sls' [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/libvshadow-python.sls' to resolve 'salt://sift/packages/libvshadow-python.sls' [DEBUG ] Fetching file from saltenv 'base', ** attempting ** 'salt://sift/packages/libvshadow-python.sls' [DEBUG ] No dest file found [INFO ] Fetching file from saltenv 'base', ** done ** 'sift/packages/libvshadow-python.sls' [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/libvshadow-python.sls [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/libvshadow-python.sls' using 'jinja' renderer: 0.000617980957031 [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/libvshadow-python.sls: libvshadow-python: pkg.installed [DEBUG ] Results of YAML rendering: OrderedDict([('libvshadow-python', 'pkg.installed')]) [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/libvshadow-python.sls' using 'yaml' renderer: 0.000497817993164 [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/libvshadow-tools.sls' to resolve 'salt://sift/packages/libvshadow-tools.sls' [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/libvshadow-tools.sls' to resolve 'salt://sift/packages/libvshadow-tools.sls' [DEBUG ] Fetching file from saltenv 'base', ** attempting ** 'salt://sift/packages/libvshadow-tools.sls' [DEBUG ] No dest file found [INFO ] Fetching file from saltenv 'base', ** done ** 'sift/packages/libvshadow-tools.sls' [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/libvshadow-tools.sls [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/libvshadow-tools.sls' using 'jinja' renderer: 0.000631809234619 [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/libvshadow-tools.sls: libvshadow-tools: pkg.installed [DEBUG ] Results of YAML rendering: OrderedDict([('libvshadow-tools', 'pkg.installed')]) [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/libvshadow-tools.sls' using 'yaml' renderer: 0.000499963760376 [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/libxml2-dev.sls' to resolve 'salt://sift/packages/libxml2-dev.sls' [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/libxml2-dev.sls' to resolve 'salt://sift/packages/libxml2-dev.sls' [DEBUG ] Fetching file from saltenv 'base', ** attempting ** 'salt://sift/packages/libxml2-dev.sls' [DEBUG ] No dest file found [INFO ] Fetching file from saltenv 'base', ** done ** 'sift/packages/libxml2-dev.sls' [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/libxml2-dev.sls [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/libxml2-dev.sls' using 'jinja' renderer: 0.000635147094727 [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/libxml2-dev.sls: libxml2-dev: pkg.installed [DEBUG ] Results of YAML rendering: OrderedDict([('libxml2-dev', 'pkg.installed')]) [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/libxml2-dev.sls' using 'yaml' renderer: 0.000476121902466 [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/libxslt-dev.sls' to resolve 'salt://sift/packages/libxslt-dev.sls' [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/libxslt-dev.sls' to resolve 'salt://sift/packages/libxslt-dev.sls' [DEBUG ] Fetching file from saltenv 'base', ** attempting ** 'salt://sift/packages/libxslt-dev.sls' [DEBUG ] No dest file found [INFO ] Fetching file from saltenv 'base', ** done ** 'sift/packages/libxslt-dev.sls' [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/libxslt-dev.sls [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/libxslt-dev.sls' using 'jinja' renderer: 0.000659942626953 [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/libxslt-dev.sls: libxslt-dev: pkg.installed [DEBUG ] Results of YAML rendering: OrderedDict([('libxslt-dev', 'pkg.installed')]) [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/libxslt-dev.sls' using 'yaml' renderer: 0.00052285194397 [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/md5deep.sls' to resolve 'salt://sift/packages/md5deep.sls' [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/md5deep.sls' to resolve 'salt://sift/packages/md5deep.sls' [DEBUG ] Fetching file from saltenv 'base', ** attempting ** 'salt://sift/packages/md5deep.sls' [DEBUG ] No dest file found [INFO ] Fetching file from saltenv 'base', ** done ** 'sift/packages/md5deep.sls' [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/md5deep.sls [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/md5deep.sls' using 'jinja' renderer: 0.000614166259766 [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/md5deep.sls: md5deep: pkg.installed [DEBUG ] Results of YAML rendering: OrderedDict([('md5deep', 'pkg.installed')]) [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/md5deep.sls' using 'yaml' renderer: 0.000526905059814 [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/nbd-client.sls' to resolve 'salt://sift/packages/nbd-client.sls' [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/nbd-client.sls' to resolve 'salt://sift/packages/nbd-client.sls' [DEBUG ] Fetching file from saltenv 'base', ** attempting ** 'salt://sift/packages/nbd-client.sls' [DEBUG ] No dest file found [INFO ] Fetching file from saltenv 'base', ** done ** 'sift/packages/nbd-client.sls' [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/nbd-client.sls [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/nbd-client.sls' using 'jinja' renderer: 0.000608921051025 [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/nbd-client.sls: nbd-client: pkg.installed [DEBUG ] Results of YAML rendering: OrderedDict([('nbd-client', 'pkg.installed')]) [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/nbd-client.sls' using 'yaml' renderer: 0.000472068786621 [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/nbtscan.sls' to resolve 'salt://sift/packages/nbtscan.sls' [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/nbtscan.sls' to resolve 'salt://sift/packages/nbtscan.sls' [DEBUG ] Fetching file from saltenv 'base', ** attempting ** 'salt://sift/packages/nbtscan.sls' [DEBUG ] No dest file found [INFO ] Fetching file from saltenv 'base', ** done ** 'sift/packages/nbtscan.sls' [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/nbtscan.sls [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/nbtscan.sls' using 'jinja' renderer: 0.000603914260864 [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/nbtscan.sls: nbtscan: pkg.installed [DEBUG ] Results of YAML rendering: OrderedDict([('nbtscan', 'pkg.installed')]) [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/nbtscan.sls' using 'yaml' renderer: 0.000468969345093 [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/netcat.sls' to resolve 'salt://sift/packages/netcat.sls' [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/netcat.sls' to resolve 'salt://sift/packages/netcat.sls' [DEBUG ] Fetching file from saltenv 'base', ** attempting ** 'salt://sift/packages/netcat.sls' [DEBUG ] No dest file found [INFO ] Fetching file from saltenv 'base', ** done ** 'sift/packages/netcat.sls' [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/netcat.sls [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/netcat.sls' using 'jinja' renderer: 0.000655889511108 [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/netcat.sls: netcat: pkg.installed [DEBUG ] Results of YAML rendering: OrderedDict([('netcat', 'pkg.installed')]) [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/netcat.sls' using 'yaml' renderer: 0.00049901008606 [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/netpbm.sls' to resolve 'salt://sift/packages/netpbm.sls' [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/netpbm.sls' to resolve 'salt://sift/packages/netpbm.sls' [DEBUG ] Fetching file from saltenv 'base', ** attempting ** 'salt://sift/packages/netpbm.sls' [DEBUG ] No dest file found [INFO ] Fetching file from saltenv 'base', ** done ** 'sift/packages/netpbm.sls' [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/netpbm.sls [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/netpbm.sls' using 'jinja' renderer: 0.00116109848022 [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/netpbm.sls: netpbm: pkg.installed [DEBUG ] Results of YAML rendering: OrderedDict([('netpbm', 'pkg.installed')]) [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/netpbm.sls' using 'yaml' renderer: 0.000495910644531 [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/netsed.sls' to resolve 'salt://sift/packages/netsed.sls' [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/netsed.sls' to resolve 'salt://sift/packages/netsed.sls' [DEBUG ] Fetching file from saltenv 'base', ** attempting ** 'salt://sift/packages/netsed.sls' [DEBUG ] No dest file found [INFO ] Fetching file from saltenv 'base', ** done ** 'sift/packages/netsed.sls' [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/netsed.sls [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/netsed.sls' using 'jinja' renderer: 0.000638961791992 [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/netsed.sls: netsed: pkg.installed [DEBUG ] Results of YAML rendering: OrderedDict([('netsed', 'pkg.installed')]) [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/netsed.sls' using 'yaml' renderer: 0.000486850738525 [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/netwox.sls' to resolve 'salt://sift/packages/netwox.sls' [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/netwox.sls' to resolve 'salt://sift/packages/netwox.sls' [DEBUG ] Fetching file from saltenv 'base', ** attempting ** 'salt://sift/packages/netwox.sls' [DEBUG ] No dest file found [INFO ] Fetching file from saltenv 'base', ** done ** 'sift/packages/netwox.sls' [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/netwox.sls [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/netwox.sls' using 'jinja' renderer: 0.000612020492554 [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/netwox.sls: netwox: pkg.installed [DEBUG ] Results of YAML rendering: OrderedDict([('netwox', 'pkg.installed')]) [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/netwox.sls' using 'yaml' renderer: 0.000483989715576 [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/nfdump.sls' to resolve 'salt://sift/packages/nfdump.sls' [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/nfdump.sls' to resolve 'salt://sift/packages/nfdump.sls' [DEBUG ] Fetching file from saltenv 'base', ** attempting ** 'salt://sift/packages/nfdump.sls' [DEBUG ] No dest file found [INFO ] Fetching file from saltenv 'base', ** done ** 'sift/packages/nfdump.sls' [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/nfdump.sls [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/nfdump.sls' using 'jinja' renderer: 0.000606060028076 [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/nfdump.sls: nfdump: pkg.installed [DEBUG ] Results of YAML rendering: OrderedDict([('nfdump', 'pkg.installed')]) [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/nfdump.sls' using 'yaml' renderer: 0.000453948974609 [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/ngrep.sls' to resolve 'salt://sift/packages/ngrep.sls' [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/ngrep.sls' to resolve 'salt://sift/packages/ngrep.sls' [DEBUG ] Fetching file from saltenv 'base', ** attempting ** 'salt://sift/packages/ngrep.sls' [DEBUG ] No dest file found [INFO ] Fetching file from saltenv 'base', ** done ** 'sift/packages/ngrep.sls' [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/ngrep.sls [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/ngrep.sls' using 'jinja' renderer: 0.000673770904541 [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/ngrep.sls: ngrep: pkg.installed [DEBUG ] Results of YAML rendering: OrderedDict([('ngrep', 'pkg.installed')]) [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/ngrep.sls' using 'yaml' renderer: 0.00048303604126 [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/nikto.sls' to resolve 'salt://sift/packages/nikto.sls' [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/nikto.sls' to resolve 'salt://sift/packages/nikto.sls' [DEBUG ] Fetching file from saltenv 'base', ** attempting ** 'salt://sift/packages/nikto.sls' [DEBUG ] No dest file found [INFO ] Fetching file from saltenv 'base', ** done ** 'sift/packages/nikto.sls' [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/nikto.sls [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/nikto.sls' using 'jinja' renderer: 0.000663995742798 [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/nikto.sls: include: - sift.repos.ubuntu-multiverse sift-nikto: pkg.installed: - name: nikto - require: - sls: sift.repos.ubuntu-multiverse [DEBUG ] Results of YAML rendering: OrderedDict([('include', ['sift.repos.ubuntu-multiverse']), ('sift-nikto', OrderedDict([('pkg.installed', [OrderedDict([('name', 'nikto')]), OrderedDict([('require', [OrderedDict([('sls', 'sift.repos.ubuntu-multiverse')])])])])]))]) [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/nikto.sls' using 'yaml' renderer: 0.00151705741882 [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/okular.sls' to resolve 'salt://sift/packages/okular.sls' [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/okular.sls' to resolve 'salt://sift/packages/okular.sls' [DEBUG ] Fetching file from saltenv 'base', ** attempting ** 'salt://sift/packages/okular.sls' [DEBUG ] No dest file found [INFO ] Fetching file from saltenv 'base', ** done ** 'sift/packages/okular.sls' [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/okular.sls [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/okular.sls' using 'jinja' renderer: 0.000622034072876 [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/okular.sls: okular: pkg.installed [DEBUG ] Results of YAML rendering: OrderedDict([('okular', 'pkg.installed')]) [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/okular.sls' using 'yaml' renderer: 0.000492095947266 [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/open-iscsi.sls' to resolve 'salt://sift/packages/open-iscsi.sls' [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/open-iscsi.sls' to resolve 'salt://sift/packages/open-iscsi.sls' [DEBUG ] Fetching file from saltenv 'base', ** attempting ** 'salt://sift/packages/open-iscsi.sls' [DEBUG ] No dest file found [INFO ] Fetching file from saltenv 'base', ** done ** 'sift/packages/open-iscsi.sls' [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/open-iscsi.sls [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/open-iscsi.sls' using 'jinja' renderer: 0.000636100769043 [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/open-iscsi.sls: open-iscsi: pkg.installed [DEBUG ] Results of YAML rendering: OrderedDict([('open-iscsi', 'pkg.installed')]) [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/open-iscsi.sls' using 'yaml' renderer: 0.000488042831421 [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/openjdk.sls' to resolve 'salt://sift/packages/openjdk.sls' [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/openjdk.sls' to resolve 'salt://sift/packages/openjdk.sls' [DEBUG ] Fetching file from saltenv 'base', ** attempting ** 'salt://sift/packages/openjdk.sls' [DEBUG ] No dest file found [INFO ] Fetching file from saltenv 'base', ** done ** 'sift/packages/openjdk.sls' [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/openjdk.sls [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/openjdk.sls' using 'jinja' renderer: 0.00240993499756 [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/openjdk.sls: include: - ..repos.openjdk openjdk: pkg.installed: - name: openjdk-7-jdk - require: - pkgrepo: openjdk-repo [DEBUG ] Results of YAML rendering: OrderedDict([('include', ['..repos.openjdk']), ('openjdk', OrderedDict([('pkg.installed', [OrderedDict([('name', 'openjdk-7-jdk')]), OrderedDict([('require', [OrderedDict([('pkgrepo', 'openjdk-repo')])])])])]))]) [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/openjdk.sls' using 'yaml' renderer: 0.00144505500793 [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/ophcrack.sls' to resolve 'salt://sift/packages/ophcrack.sls' [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/ophcrack.sls' to resolve 'salt://sift/packages/ophcrack.sls' [DEBUG ] Fetching file from saltenv 'base', ** attempting ** 'salt://sift/packages/ophcrack.sls' [DEBUG ] No dest file found [INFO ] Fetching file from saltenv 'base', ** done ** 'sift/packages/ophcrack.sls' [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/ophcrack.sls [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/ophcrack.sls' using 'jinja' renderer: 0.000710010528564 [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/ophcrack.sls: ophcrack: pkg.installed [DEBUG ] Results of YAML rendering: OrderedDict([('ophcrack', 'pkg.installed')]) [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/ophcrack.sls' using 'yaml' renderer: 0.000486850738525 [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/ophcrack-cli.sls' to resolve 'salt://sift/packages/ophcrack-cli.sls' [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/ophcrack-cli.sls' to resolve 'salt://sift/packages/ophcrack-cli.sls' [DEBUG ] Fetching file from saltenv 'base', ** attempting ** 'salt://sift/packages/ophcrack-cli.sls' [DEBUG ] No dest file found [INFO ] Fetching file from saltenv 'base', ** done ** 'sift/packages/ophcrack-cli.sls' [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/ophcrack-cli.sls [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/ophcrack-cli.sls' using 'jinja' renderer: 0.000658988952637 [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/ophcrack-cli.sls: ophcrack-cli: pkg.installed [DEBUG ] Results of YAML rendering: OrderedDict([('ophcrack-cli', 'pkg.installed')]) [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/ophcrack-cli.sls' using 'yaml' renderer: 0.000497817993164 [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/outguess.sls' to resolve 'salt://sift/packages/outguess.sls' [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/outguess.sls' to resolve 'salt://sift/packages/outguess.sls' [DEBUG ] Fetching file from saltenv 'base', ** attempting ** 'salt://sift/packages/outguess.sls' [DEBUG ] No dest file found [INFO ] Fetching file from saltenv 'base', ** done ** 'sift/packages/outguess.sls' [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/outguess.sls [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/outguess.sls' using 'jinja' renderer: 0.000612020492554 [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/outguess.sls: outguess: pkg.installed [DEBUG ] Results of YAML rendering: OrderedDict([('outguess', 'pkg.installed')]) [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/outguess.sls' using 'yaml' renderer: 0.000488042831421 [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/p0f.sls' to resolve 'salt://sift/packages/p0f.sls' [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/p0f.sls' to resolve 'salt://sift/packages/p0f.sls' [DEBUG ] Fetching file from saltenv 'base', ** attempting ** 'salt://sift/packages/p0f.sls' [DEBUG ] No dest file found [INFO ] Fetching file from saltenv 'base', ** done ** 'sift/packages/p0f.sls' [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/p0f.sls [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/p0f.sls' using 'jinja' renderer: 0.000670909881592 [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/p0f.sls: p0f: pkg.installed [DEBUG ] Results of YAML rendering: OrderedDict([('p0f', 'pkg.installed')]) [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/p0f.sls' using 'yaml' renderer: 0.000478982925415 [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/p7zip-full.sls' to resolve 'salt://sift/packages/p7zip-full.sls' [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/p7zip-full.sls' to resolve 'salt://sift/packages/p7zip-full.sls' [DEBUG ] Fetching file from saltenv 'base', ** attempting ** 'salt://sift/packages/p7zip-full.sls' [DEBUG ] No dest file found [INFO ] Fetching file from saltenv 'base', ** done ** 'sift/packages/p7zip-full.sls' [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/p7zip-full.sls [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/p7zip-full.sls' using 'jinja' renderer: 0.000631093978882 [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/p7zip-full.sls: p7zip-full: pkg.installed [DEBUG ] Results of YAML rendering: OrderedDict([('p7zip-full', 'pkg.installed')]) [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/p7zip-full.sls' using 'yaml' renderer: 0.000472068786621 [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/pdftk.sls' to resolve 'salt://sift/packages/pdftk.sls' [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/pdftk.sls' to resolve 'salt://sift/packages/pdftk.sls' [DEBUG ] Fetching file from saltenv 'base', ** attempting ** 'salt://sift/packages/pdftk.sls' [DEBUG ] No dest file found [INFO ] Fetching file from saltenv 'base', ** done ** 'sift/packages/pdftk.sls' [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/pdftk.sls [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/pdftk.sls' using 'jinja' renderer: 0.000615119934082 [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/pdftk.sls: pdftk: pkg.installed [DEBUG ] Results of YAML rendering: OrderedDict([('pdftk', 'pkg.installed')]) [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/pdftk.sls' using 'yaml' renderer: 0.000460863113403 [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/pev.sls' to resolve 'salt://sift/packages/pev.sls' [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/pev.sls' to resolve 'salt://sift/packages/pev.sls' [DEBUG ] Fetching file from saltenv 'base', ** attempting ** 'salt://sift/packages/pev.sls' [DEBUG ] No dest file found [INFO ] Fetching file from saltenv 'base', ** done ** 'sift/packages/pev.sls' [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/pev.sls [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/pev.sls' using 'jinja' renderer: 0.000593900680542 [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/pev.sls: pev: pkg.installed [DEBUG ] Results of YAML rendering: OrderedDict([('pev', 'pkg.installed')]) [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/pev.sls' using 'yaml' renderer: 0.000800132751465 [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/phonon.sls' to resolve 'salt://sift/packages/phonon.sls' [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/phonon.sls' to resolve 'salt://sift/packages/phonon.sls' [DEBUG ] Fetching file from saltenv 'base', ** attempting ** 'salt://sift/packages/phonon.sls' [DEBUG ] No dest file found [INFO ] Fetching file from saltenv 'base', ** done ** 'sift/packages/phonon.sls' [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/phonon.sls [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/phonon.sls' using 'jinja' renderer: 0.000598907470703 [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/phonon.sls: phonon: pkg.installed [DEBUG ] Results of YAML rendering: OrderedDict([('phonon', 'pkg.installed')]) [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/phonon.sls' using 'yaml' renderer: 0.00046706199646 [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/pkg-config.sls' to resolve 'salt://sift/packages/pkg-config.sls' [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/pkg-config.sls' to resolve 'salt://sift/packages/pkg-config.sls' [DEBUG ] Fetching file from saltenv 'base', ** attempting ** 'salt://sift/packages/pkg-config.sls' [DEBUG ] No dest file found [INFO ] Fetching file from saltenv 'base', ** done ** 'sift/packages/pkg-config.sls' [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/pkg-config.sls [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/pkg-config.sls' using 'jinja' renderer: 0.000584125518799 [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/pkg-config.sls: pkg-config: pkg.installed [DEBUG ] Results of YAML rendering: OrderedDict([('pkg-config', 'pkg.installed')]) [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/pkg-config.sls' using 'yaml' renderer: 0.000475883483887 [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/powershell.sls' to resolve 'salt://sift/packages/powershell.sls' [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/powershell.sls' to resolve 'salt://sift/packages/powershell.sls' [DEBUG ] Fetching file from saltenv 'base', ** attempting ** 'salt://sift/packages/powershell.sls' [DEBUG ] No dest file found [INFO ] Fetching file from saltenv 'base', ** done ** 'sift/packages/powershell.sls' [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/powershell.sls [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/powershell.sls' using 'jinja' renderer: 0.00223207473755 [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/powershell.sls: sift-powershell-source: file.managed: - name: /var/cache/sift/archives/powershell_6.0.0-alpha.13-1ubuntu1.16.04.1_amd64.deb - source: "https://github.com/Powershell/Powershell/releases/download/v6.0.0-alpha.13/powershell_6.0.0-alpha.13-1ubuntu1.16.04.1_amd64.deb" - source_hash: sha256=719fc2d42486f4fe123156e9b4380929c6dd28cb6ccbf928ba746020c1caea58 - makedirs: True sift-powershell: pkg.installed: - sources: - powershell: /var/cache/sift/archives/powershell_6.0.0-alpha.13-1ubuntu1.16.04.1_amd64.deb - watch: - file: sift-powershell-source [DEBUG ] Results of YAML rendering: OrderedDict([('sift-powershell-source', OrderedDict([('file.managed', [OrderedDict([('name', '/var/cache/sift/archives/powershell_6.0.0-alpha.13-1ubuntu1.16.04.1_amd64.deb')]), OrderedDict([('source', 'https://github.com/Powershell/Powershell/releases/download/v6.0.0-alpha.13/powershell_6.0.0-alpha.13-1ubuntu1.16.04.1_amd64.deb')]), OrderedDict([('source_hash', 'sha256=719fc2d42486f4fe123156e9b4380929c6dd28cb6ccbf928ba746020c1caea58')]), OrderedDict([('makedirs', True)])])])), ('sift-powershell', OrderedDict([('pkg.installed', [OrderedDict([('sources', [OrderedDict([('powershell', '/var/cache/sift/archives/powershell_6.0.0-alpha.13-1ubuntu1.16.04.1_amd64.deb')])])]), OrderedDict([('watch', [OrderedDict([('file', 'sift-powershell-source')])])])])]))]) [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/powershell.sls' using 'yaml' renderer: 0.00285482406616 [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/pv.sls' to resolve 'salt://sift/packages/pv.sls' [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/pv.sls' to resolve 'salt://sift/packages/pv.sls' [DEBUG ] Fetching file from saltenv 'base', ** attempting ** 'salt://sift/packages/pv.sls' [DEBUG ] No dest file found [INFO ] Fetching file from saltenv 'base', ** done ** 'sift/packages/pv.sls' [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/pv.sls [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/pv.sls' using 'jinja' renderer: 0.000638008117676 [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/pv.sls: pv: pkg.installed [DEBUG ] Results of YAML rendering: OrderedDict([('pv', 'pkg.installed')]) [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/pv.sls' using 'yaml' renderer: 0.000446081161499 [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/pyew.sls' to resolve 'salt://sift/packages/pyew.sls' [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/pyew.sls' to resolve 'salt://sift/packages/pyew.sls' [DEBUG ] Fetching file from saltenv 'base', ** attempting ** 'salt://sift/packages/pyew.sls' [DEBUG ] No dest file found [INFO ] Fetching file from saltenv 'base', ** done ** 'sift/packages/pyew.sls' [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/pyew.sls [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/pyew.sls' using 'jinja' renderer: 0.000604867935181 [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/pyew.sls: pyew: pkg.installed [DEBUG ] Results of YAML rendering: OrderedDict([('pyew', 'pkg.installed')]) [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/pyew.sls' using 'yaml' renderer: 0.000508069992065 [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/python.sls' to resolve 'salt://sift/packages/python.sls' [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/python.sls' to resolve 'salt://sift/packages/python.sls' [DEBUG ] Fetching file from saltenv 'base', ** attempting ** 'salt://sift/packages/python.sls' [DEBUG ] No dest file found [INFO ] Fetching file from saltenv 'base', ** done ** 'sift/packages/python.sls' [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/python.sls [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/python.sls' using 'jinja' renderer: 0.000630140304565 [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/python.sls: python: pkg.installed [DEBUG ] Results of YAML rendering: OrderedDict([('python', 'pkg.installed')]) [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/python.sls' using 'yaml' renderer: 0.000468015670776 [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/python-dev.sls' to resolve 'salt://sift/packages/python-dev.sls' [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/python-dev.sls' to resolve 'salt://sift/packages/python-dev.sls' [DEBUG ] Fetching file from saltenv 'base', ** attempting ** 'salt://sift/packages/python-dev.sls' [DEBUG ] No dest file found [INFO ] Fetching file from saltenv 'base', ** done ** 'sift/packages/python-dev.sls' [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/python-dev.sls [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/python-dev.sls' using 'jinja' renderer: 0.000601053237915 [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/python-dev.sls: python-dev: pkg.installed [DEBUG ] Results of YAML rendering: OrderedDict([('python-dev', 'pkg.installed')]) [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/python-dev.sls' using 'yaml' renderer: 0.00046706199646 [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/python-dfvfs.sls' to resolve 'salt://sift/packages/python-dfvfs.sls' [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/python-dfvfs.sls' to resolve 'salt://sift/packages/python-dfvfs.sls' [DEBUG ] Fetching file from saltenv 'base', ** attempting ** 'salt://sift/packages/python-dfvfs.sls' [DEBUG ] No dest file found [INFO ] Fetching file from saltenv 'base', ** done ** 'sift/packages/python-dfvfs.sls' [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/python-dfvfs.sls [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/python-dfvfs.sls' using 'jinja' renderer: 0.000689029693604 [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/python-dfvfs.sls: include: - ..repos.sift - ..repos.gift python-dfvfs: pkg.installed: - name: python-dfvfs - version: 20160108-1ppa1~xenial - hold: True - require: - pkgrepo: sift-repo - pkgrepo: sift-gift-repo [DEBUG ] Results of YAML rendering: OrderedDict([('include', ['..repos.sift', '..repos.gift']), ('python-dfvfs', OrderedDict([('pkg.installed', [OrderedDict([('name', 'python-dfvfs')]), OrderedDict([('version', '20160108-1ppa1~xenial')]), OrderedDict([('hold', True)]), OrderedDict([('require', [OrderedDict([('pkgrepo', 'sift-repo')]), OrderedDict([('pkgrepo', 'sift-gift-repo')])])])])]))]) [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/python-dfvfs.sls' using 'yaml' renderer: 0.00235915184021 [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/python-flowgrep.sls' to resolve 'salt://sift/packages/python-flowgrep.sls' [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/python-flowgrep.sls' to resolve 'salt://sift/packages/python-flowgrep.sls' [DEBUG ] Fetching file from saltenv 'base', ** attempting ** 'salt://sift/packages/python-flowgrep.sls' [DEBUG ] No dest file found [INFO ] Fetching file from saltenv 'base', ** done ** 'sift/packages/python-flowgrep.sls' [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/python-flowgrep.sls [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/python-flowgrep.sls' using 'jinja' renderer: 0.000657081604004 [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/python-flowgrep.sls: python-flowgrep: pkg.installed [DEBUG ] Results of YAML rendering: OrderedDict([('python-flowgrep', 'pkg.installed')]) [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/python-flowgrep.sls' using 'yaml' renderer: 0.00050687789917 [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/python-fuse.sls' to resolve 'salt://sift/packages/python-fuse.sls' [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/python-fuse.sls' to resolve 'salt://sift/packages/python-fuse.sls' [DEBUG ] Fetching file from saltenv 'base', ** attempting ** 'salt://sift/packages/python-fuse.sls' [DEBUG ] No dest file found [INFO ] Fetching file from saltenv 'base', ** done ** 'sift/packages/python-fuse.sls' [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/python-fuse.sls [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/python-fuse.sls' using 'jinja' renderer: 0.000607013702393 [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/python-fuse.sls: python-fuse: pkg.installed [DEBUG ] Results of YAML rendering: OrderedDict([('python-fuse', 'pkg.installed')]) [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/python-fuse.sls' using 'yaml' renderer: 0.000487804412842 [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/python-nids.sls' to resolve 'salt://sift/packages/python-nids.sls' [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/python-nids.sls' to resolve 'salt://sift/packages/python-nids.sls' [DEBUG ] Fetching file from saltenv 'base', ** attempting ** 'salt://sift/packages/python-nids.sls' [DEBUG ] No dest file found [INFO ] Fetching file from saltenv 'base', ** done ** 'sift/packages/python-nids.sls' [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/python-nids.sls [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/python-nids.sls' using 'jinja' renderer: 0.000684022903442 [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/python-nids.sls: python-nids: pkg.installed [DEBUG ] Results of YAML rendering: OrderedDict([('python-nids', 'pkg.installed')]) [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/python-nids.sls' using 'yaml' renderer: 0.000468969345093 [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/python-ntdsxtract.sls' to resolve 'salt://sift/packages/python-ntdsxtract.sls' [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/python-ntdsxtract.sls' to resolve 'salt://sift/packages/python-ntdsxtract.sls' [DEBUG ] Fetching file from saltenv 'base', ** attempting ** 'salt://sift/packages/python-ntdsxtract.sls' [DEBUG ] No dest file found [INFO ] Fetching file from saltenv 'base', ** done ** 'sift/packages/python-ntdsxtract.sls' [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/python-ntdsxtract.sls [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/python-ntdsxtract.sls' using 'jinja' renderer: 0.000630140304565 [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/python-ntdsxtract.sls: python-ntdsxtract: pkg.installed [DEBUG ] Results of YAML rendering: OrderedDict([('python-ntdsxtract', 'pkg.installed')]) [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/python-ntdsxtract.sls' using 'yaml' renderer: 0.000482082366943 [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/python-pefile.sls' to resolve 'salt://sift/packages/python-pefile.sls' [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/python-pefile.sls' to resolve 'salt://sift/packages/python-pefile.sls' [DEBUG ] Fetching file from saltenv 'base', ** attempting ** 'salt://sift/packages/python-pefile.sls' [DEBUG ] No dest file found [INFO ] Fetching file from saltenv 'base', ** done ** 'sift/packages/python-pefile.sls' [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/python-pefile.sls [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/python-pefile.sls' using 'jinja' renderer: 0.000598907470703 [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/python-pefile.sls: python-pefile: pkg.installed [DEBUG ] Results of YAML rendering: OrderedDict([('python-pefile', 'pkg.installed')]) [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/python-pefile.sls' using 'yaml' renderer: 0.0012218952179 [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/python-pip.sls' to resolve 'salt://sift/packages/python-pip.sls' [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/python-pip.sls' to resolve 'salt://sift/packages/python-pip.sls' [DEBUG ] Fetching file from saltenv 'base', ** attempting ** 'salt://sift/packages/python-pip.sls' [DEBUG ] No dest file found [INFO ] Fetching file from saltenv 'base', ** done ** 'sift/packages/python-pip.sls' [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/python-pip.sls [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/python-pip.sls' using 'jinja' renderer: 0.000689029693604 [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/python-pip.sls: include: - .python python-pip: pkg.installed [DEBUG ] Results of YAML rendering: OrderedDict([('include', ['.python']), ('python-pip', 'pkg.installed')]) [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/python-pip.sls' using 'yaml' renderer: 0.000720977783203 [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/python-plaso.sls' to resolve 'salt://sift/packages/python-plaso.sls' [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/python-plaso.sls' to resolve 'salt://sift/packages/python-plaso.sls' [DEBUG ] Fetching file from saltenv 'base', ** attempting ** 'salt://sift/packages/python-plaso.sls' [DEBUG ] No dest file found [INFO ] Fetching file from saltenv 'base', ** done ** 'sift/packages/python-plaso.sls' [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/python-plaso.sls [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/python-plaso.sls' using 'jinja' renderer: 0.000666856765747 [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/python-plaso.sls: include: - ..repos.sift - ..repos.gift - .python-dfvfs python-plaso: pkg.installed: - name: python-plaso - version: 1.4.0-1ppa3~xenial - hold: True - require: - pkgrepo: sift-repo - pkgrepo: sift-gift-repo - pkg: python-dfvfs [DEBUG ] Results of YAML rendering: OrderedDict([('include', ['..repos.sift', '..repos.gift', '.python-dfvfs']), ('python-plaso', OrderedDict([('pkg.installed', [OrderedDict([('name', 'python-plaso')]), OrderedDict([('version', '1.4.0-1ppa3~xenial')]), OrderedDict([('hold', True)]), OrderedDict([('require', [OrderedDict([('pkgrepo', 'sift-repo')]), OrderedDict([('pkgrepo', 'sift-gift-repo')]), OrderedDict([('pkg', 'python-dfvfs')])])])])]))]) [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/python-plaso.sls' using 'yaml' renderer: 0.00243496894836 [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/python-pytsk3.sls' to resolve 'salt://sift/packages/python-pytsk3.sls' [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/python-pytsk3.sls' to resolve 'salt://sift/packages/python-pytsk3.sls' [DEBUG ] Fetching file from saltenv 'base', ** attempting ** 'salt://sift/packages/python-pytsk3.sls' [DEBUG ] No dest file found [INFO ] Fetching file from saltenv 'base', ** done ** 'sift/packages/python-pytsk3.sls' [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/python-pytsk3.sls [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/python-pytsk3.sls' using 'jinja' renderer: 0.000624179840088 [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/python-pytsk3.sls: pytsk3-removed: pkg.removed: - name: pytsk3 pytsk3: pkg.installed: - name: python-pytsk3 - required: - pkg: pytsk3-removed [DEBUG ] Results of YAML rendering: OrderedDict([('pytsk3-removed', OrderedDict([('pkg.removed', [OrderedDict([('name', 'pytsk3')])])])), ('pytsk3', OrderedDict([('pkg.installed', [OrderedDict([('name', 'python-pytsk3')]), OrderedDict([('required', [OrderedDict([('pkg', 'pytsk3-removed')])])])])]))]) [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/python-pytsk3.sls' using 'yaml' renderer: 0.00168800354004 [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/python-qt4.sls' to resolve 'salt://sift/packages/python-qt4.sls' [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/python-qt4.sls' to resolve 'salt://sift/packages/python-qt4.sls' [DEBUG ] Fetching file from saltenv 'base', ** attempting ** 'salt://sift/packages/python-qt4.sls' [DEBUG ] No dest file found [INFO ] Fetching file from saltenv 'base', ** done ** 'sift/packages/python-qt4.sls' [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/python-qt4.sls [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/python-qt4.sls' using 'jinja' renderer: 0.000617980957031 [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/python-qt4.sls: python-qt4: pkg.installed [DEBUG ] Results of YAML rendering: OrderedDict([('python-qt4', 'pkg.installed')]) [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/python-qt4.sls' using 'yaml' renderer: 0.000527143478394 [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/python-tk.sls' to resolve 'salt://sift/packages/python-tk.sls' [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/python-tk.sls' to resolve 'salt://sift/packages/python-tk.sls' [DEBUG ] Fetching file from saltenv 'base', ** attempting ** 'salt://sift/packages/python-tk.sls' [DEBUG ] No dest file found [INFO ] Fetching file from saltenv 'base', ** done ** 'sift/packages/python-tk.sls' [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/python-tk.sls [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/python-tk.sls' using 'jinja' renderer: 0.000617980957031 [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/python-tk.sls: python-tk: pkg.installed [DEBUG ] Results of YAML rendering: OrderedDict([('python-tk', 'pkg.installed')]) [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/python-tk.sls' using 'yaml' renderer: 0.000454902648926 [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/python-virtualenv.sls' to resolve 'salt://sift/packages/python-virtualenv.sls' [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/python-virtualenv.sls' to resolve 'salt://sift/packages/python-virtualenv.sls' [DEBUG ] Fetching file from saltenv 'base', ** attempting ** 'salt://sift/packages/python-virtualenv.sls' [DEBUG ] No dest file found [INFO ] Fetching file from saltenv 'base', ** done ** 'sift/packages/python-virtualenv.sls' [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/python-virtualenv.sls [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/python-virtualenv.sls' using 'jinja' renderer: 0.000581979751587 [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/python-virtualenv.sls: python-virtualenv: pkg.installed [DEBUG ] Results of YAML rendering: OrderedDict([('python-virtualenv', 'pkg.installed')]) [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/python-virtualenv.sls' using 'yaml' renderer: 0.00046706199646 [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/python-volatility.sls' to resolve 'salt://sift/packages/python-volatility.sls' [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/python-volatility.sls' to resolve 'salt://sift/packages/python-volatility.sls' [DEBUG ] Fetching file from saltenv 'base', ** attempting ** 'salt://sift/packages/python-volatility.sls' [DEBUG ] No dest file found [INFO ] Fetching file from saltenv 'base', ** done ** 'sift/packages/python-volatility.sls' [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/python-volatility.sls [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/python-volatility.sls' using 'jinja' renderer: 0.00347709655762 [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/python-volatility.sls: include: - ..repos.sift - .git - sift.python-packages.colorama - sift.python-packages.construct - sift.python-packages.dpapick - sift.python-packages.distorm3 - sift.python-packages.haystack - sift.python-packages.ioc_writer - sift.python-packages.lxml - sift.python-packages.pefile - sift.python-packages.pycoin - sift.python-packages.pysocks - sift.python-packages.simplejson - sift.python-packages.yara-python python-volatility: pkg.installed: - name: python-volatility - require: - pkgrepo: sift-repo python-volatility-community-plugins: git.latest: - name: https://github.com/volatilityfoundation/community.git - target: /usr/lib/python2.7/dist-packages/volatility/plugins/community - user: root - rev: master - force_clone: True - require: - pkg: git - pkg: python-volatility - sls: sift.python-packages.colorama - sls: sift.python-packages.construct - sls: sift.python-packages.dpapick - sls: sift.python-packages.distorm3 - sls: sift.python-packages.haystack - sls: sift.python-packages.ioc_writer - sls: sift.python-packages.lxml - sls: sift.python-packages.pefile - sls: sift.python-packages.pycoin - sls: sift.python-packages.pysocks - sls: sift.python-packages.simplejson - sls: sift.python-packages.yara-python # Unable to install pykd python-volatility-remove-AlexanderTarasenko: file.absent: - name: /usr/lib/python2.7/dist-packages/volatility/plugins/community/AlexanderTarasenko - watch: - git: python-volatility-community-plugins # Conflicts with ThomasWhite Bitlocker python-volatility-remove-MarcinUlikowski: file.absent: - name: /usr/lib/python2.7/dist-packages/volatility/plugins/community/MarcinUlikowski - watch: - git: python-volatility-community-plugins python-volatility-remove-TyperHalfpop: file.absent: - name: /usr/lib/python2.7/dist-packages/volatility/plugins/community/TyperHalfpop - watch: - git: python-volatility-community-plugins python-volatility-remove-LoicJaquement-Haystack: cmd.run: - name: find /usr/lib/python2.7/dist-packages/volatility/plugins/community/ -name "Lo*cJaquemet" -exec rm -rf {} \; - require: - git: python-volatility-community-plugins python-volatility-sift-plugins: file.recurse: - name: /usr/lib/python2.7/dist-packages/volatility/plugins/sift/ - source: salt://sift/files/volatility - makedirs: True - file_mode: 644 - include_pat: '*.py' - watch: - pkg: python-volatility python-volatility-plugins-malprocfind.py-absent: file.absent: - name: /usr/lib/python2.7/dist-packages/volatility/plugins/malprocfind.py - watch: - pkg: python-volatility python-volatility-plugins-idxparser.py-absent: file.absent: - name: /usr/lib/python2.7/dist-packages/volatility/plugins/idxparser.py - watch: - pkg: python-volatility python-volatility-plugins-chromehistory.py-absent: file.absent: - name: /usr/lib/python2.7/dist-packages/volatility/plugins/chromehistory.py - watch: - pkg: python-volatility python-volatility-plugins-mimikatz.py-absent: file.absent: - name: /usr/lib/python2.7/dist-packages/volatility/plugins/mimikatz.py - watch: - pkg: python-volatility python-volatility-plugins-openioc_scan.py-absent: file.absent: - name: /usr/lib/python2.7/dist-packages/volatility/plugins/openioc_scan.py - watch: - pkg: python-volatility python-volatility-plugins-pstotal.py-absent: file.absent: - name: /usr/lib/python2.7/dist-packages/volatility/plugins/pstotal.py - watch: - pkg: python-volatility python-volatility-plugins-firefoxhistory.py-absent: file.absent: - name: /usr/lib/python2.7/dist-packages/volatility/plugins/firefoxhistory.py - watch: - pkg: python-volatility python-volatility-plugins-autoruns.py-absent: file.absent: - name: /usr/lib/python2.7/dist-packages/volatility/plugins/autoruns.py - watch: - pkg: python-volatility python-volatility-plugins-malfinddeep.py-absent: file.absent: - name: /usr/lib/python2.7/dist-packages/volatility/plugins/malfinddeep.py - watch: - pkg: python-volatility python-volatility-plugins-prefetch.py-absent: file.absent: - name: /usr/lib/python2.7/dist-packages/volatility/plugins/prefetch.py - watch: - pkg: python-volatility python-volatility-plugins-baseline.py-absent: file.absent: - name: /usr/lib/python2.7/dist-packages/volatility/plugins/baseline.py - watch: - pkg: python-volatility python-volatility-plugins-ssdeepscan.py-absent: file.absent: - name: /usr/lib/python2.7/dist-packages/volatility/plugins/ssdeepscan.py - watch: - pkg: python-volatility python-volatility-plugins-uninstallinfo.py-absent: file.absent: - name: /usr/lib/python2.7/dist-packages/volatility/plugins/uninstallinfo.py - watch: - pkg: python-volatility python-volatility-plugins-trustrecords.py-absent: file.absent: - name: /usr/lib/python2.7/dist-packages/volatility/plugins/trustrecords.py - watch: - pkg: python-volatility python-volatility-plugins-usnparser.py-absent: file.absent: - name: /usr/lib/python2.7/dist-packages/volatility/plugins/usnparser.py - watch: - pkg: python-volatility python-volatility-plugins-apihooksdeep.py-absent: file.absent: - name: /usr/lib/python2.7/dist-packages/volatility/plugins/apihooksdeep.py - watch: - pkg: python-volatility python-volatility-plugins-editbox.py-absent: file.absent: - name: /usr/lib/python2.7/dist-packages/volatility/plugins/editbox.py - watch: - pkg: python-volatility python-volatility-plugins-javarat.py-absent: file.absent: - name: /usr/lib/python2.7/dist-packages/volatility/plugins/javarat.py - watch: - pkg: python-volatility [DEBUG ] Results of YAML rendering: OrderedDict([('include', ['..repos.sift', '.git', 'sift.python-packages.colorama', 'sift.python-packages.construct', 'sift.python-packages.dpapick', 'sift.python-packages.distorm3', 'sift.python-packages.haystack', 'sift.python-packages.ioc_writer', 'sift.python-packages.lxml', 'sift.python-packages.pefile', 'sift.python-packages.pycoin', 'sift.python-packages.pysocks', 'sift.python-packages.simplejson', 'sift.python-packages.yara-python']), ('python-volatility', OrderedDict([('pkg.installed', [OrderedDict([('name', 'python-volatility')]), OrderedDict([('require', [OrderedDict([('pkgrepo', 'sift-repo')])])])])])), ('python-volatility-community-plugins', OrderedDict([('git.latest', [OrderedDict([('name', 'https://github.com/volatilityfoundation/community.git')]), OrderedDict([('target', '/usr/lib/python2.7/dist-packages/volatility/plugins/community')]), OrderedDict([('user', 'root')]), OrderedDict([('rev', 'master')]), OrderedDict([('force_clone', True)]), OrderedDict([('require', [OrderedDict([('pkg', 'git')]), OrderedDict([('pkg', 'python-volatility')]), OrderedDict([('sls', 'sift.python-packages.colorama')]), OrderedDict([('sls', 'sift.python-packages.construct')]), OrderedDict([('sls', 'sift.python-packages.dpapick')]), OrderedDict([('sls', 'sift.python-packages.distorm3')]), OrderedDict([('sls', 'sift.python-packages.haystack')]), OrderedDict([('sls', 'sift.python-packages.ioc_writer')]), OrderedDict([('sls', 'sift.python-packages.lxml')]), OrderedDict([('sls', 'sift.python-packages.pefile')]), OrderedDict([('sls', 'sift.python-packages.pycoin')]), OrderedDict([('sls', 'sift.python-packages.pysocks')]), OrderedDict([('sls', 'sift.python-packages.simplejson')]), OrderedDict([('sls', 'sift.python-packages.yara-python')])])])])])), ('python-volatility-remove-AlexanderTarasenko', OrderedDict([('file.absent', [OrderedDict([('name', '/usr/lib/python2.7/dist-packages/volatility/plugins/community/AlexanderTarasenko')]), OrderedDict([('watch', [OrderedDict([('git', 'python-volatility-community-plugins')])])])])])), ('python-volatility-remove-MarcinUlikowski', OrderedDict([('file.absent', [OrderedDict([('name', '/usr/lib/python2.7/dist-packages/volatility/plugins/community/MarcinUlikowski')]), OrderedDict([('watch', [OrderedDict([('git', 'python-volatility-community-plugins')])])])])])), ('python-volatility-remove-TyperHalfpop', OrderedDict([('file.absent', [OrderedDict([('name', '/usr/lib/python2.7/dist-packages/volatility/plugins/community/TyperHalfpop')]), OrderedDict([('watch', [OrderedDict([('git', 'python-volatility-community-plugins')])])])])])), ('python-volatility-remove-LoicJaquement-Haystack', OrderedDict([('cmd.run', [OrderedDict([('name', 'find /usr/lib/python2.7/dist-packages/volatility/plugins/community/ -name "Lo*cJaquemet" -exec rm -rf {} \\;')]), OrderedDict([('require', [OrderedDict([('git', 'python-volatility-community-plugins')])])])])])), ('python-volatility-sift-plugins', OrderedDict([('file.recurse', [OrderedDict([('name', '/usr/lib/python2.7/dist-packages/volatility/plugins/sift/')]), OrderedDict([('source', 'salt://sift/files/volatility')]), OrderedDict([('makedirs', True)]), OrderedDict([('file_mode', 644)]), OrderedDict([('include_pat', '*.py')]), OrderedDict([('watch', [OrderedDict([('pkg', 'python-volatility')])])])])])), ('python-volatility-plugins-malprocfind.py-absent', OrderedDict([('file.absent', [OrderedDict([('name', '/usr/lib/python2.7/dist-packages/volatility/plugins/malprocfind.py')]), OrderedDict([('watch', [OrderedDict([('pkg', 'python-volatility')])])])])])), ('python-volatility-plugins-idxparser.py-absent', OrderedDict([('file.absent', [OrderedDict([('name', '/usr/lib/python2.7/dist-packages/volatility/plugins/idxparser.py')]), OrderedDict([('watch', [OrderedDict([('pkg', 'python-volatility')])])])])])), ('python-volatility-plugins-chromehistory.py-absent', OrderedDict([('file.absent', [OrderedDict([('name', '/usr/lib/python2.7/dist-packages/volatility/plugins/chromehistory.py')]), OrderedDict([('watch', [OrderedDict([('pkg', 'python-volatility')])])])])])), ('python-volatility-plugins-mimikatz.py-absent', OrderedDict([('file.absent', [OrderedDict([('name', '/usr/lib/python2.7/dist-packages/volatility/plugins/mimikatz.py')]), OrderedDict([('watch', [OrderedDict([('pkg', 'python-volatility')])])])])])), ('python-volatility-plugins-openioc_scan.py-absent', OrderedDict([('file.absent', [OrderedDict([('name', '/usr/lib/python2.7/dist-packages/volatility/plugins/openioc_scan.py')]), OrderedDict([('watch', [OrderedDict([('pkg', 'python-volatility')])])])])])), ('python-volatility-plugins-pstotal.py-absent', OrderedDict([('file.absent', [OrderedDict([('name', '/usr/lib/python2.7/dist-packages/volatility/plugins/pstotal.py')]), OrderedDict([('watch', [OrderedDict([('pkg', 'python-volatility')])])])])])), ('python-volatility-plugins-firefoxhistory.py-absent', OrderedDict([('file.absent', [OrderedDict([('name', '/usr/lib/python2.7/dist-packages/volatility/plugins/firefoxhistory.py')]), OrderedDict([('watch', [OrderedDict([('pkg', 'python-volatility')])])])])])), ('python-volatility-plugins-autoruns.py-absent', OrderedDict([('file.absent', [OrderedDict([('name', '/usr/lib/python2.7/dist-packages/volatility/plugins/autoruns.py')]), OrderedDict([('watch', [OrderedDict([('pkg', 'python-volatility')])])])])])), ('python-volatility-plugins-malfinddeep.py-absent', OrderedDict([('file.absent', [OrderedDict([('name', '/usr/lib/python2.7/dist-packages/volatility/plugins/malfinddeep.py')]), OrderedDict([('watch', [OrderedDict([('pkg', 'python-volatility')])])])])])), ('python-volatility-plugins-prefetch.py-absent', OrderedDict([('file.absent', [OrderedDict([('name', '/usr/lib/python2.7/dist-packages/volatility/plugins/prefetch.py')]), OrderedDict([('watch', [OrderedDict([('pkg', 'python-volatility')])])])])])), ('python-volatility-plugins-baseline.py-absent', OrderedDict([('file.absent', [OrderedDict([('name', '/usr/lib/python2.7/dist-packages/volatility/plugins/baseline.py')]), OrderedDict([('watch', [OrderedDict([('pkg', 'python-volatility')])])])])])), ('python-volatility-plugins-ssdeepscan.py-absent', OrderedDict([('file.absent', [OrderedDict([('name', '/usr/lib/python2.7/dist-packages/volatility/plugins/ssdeepscan.py')]), OrderedDict([('watch', [OrderedDict([('pkg', 'python-volatility')])])])])])), ('python-volatility-plugins-uninstallinfo.py-absent', OrderedDict([('file.absent', [OrderedDict([('name', '/usr/lib/python2.7/dist-packages/volatility/plugins/uninstallinfo.py')]), OrderedDict([('watch', [OrderedDict([('pkg', 'python-volatility')])])])])])), ('python-volatility-plugins-trustrecords.py-absent', OrderedDict([('file.absent', [OrderedDict([('name', '/usr/lib/python2.7/dist-packages/volatility/plugins/trustrecords.py')]), OrderedDict([('watch', [OrderedDict([('pkg', 'python-volatility')])])])])])), ('python-volatility-plugins-usnparser.py-absent', OrderedDict([('file.absent', [OrderedDict([('name', '/usr/lib/python2.7/dist-packages/volatility/plugins/usnparser.py')]), OrderedDict([('watch', [OrderedDict([('pkg', 'python-volatility')])])])])])), ('python-volatility-plugins-apihooksdeep.py-absent', OrderedDict([('file.absent', [OrderedDict([('name', '/usr/lib/python2.7/dist-packages/volatility/plugins/apihooksdeep.py')]), OrderedDict([('watch', [OrderedDict([('pkg', 'python-volatility')])])])])])), ('python-volatility-plugins-editbox.py-absent', OrderedDict([('file.absent', [OrderedDict([('name', '/usr/lib/python2.7/dist-packages/volatility/plugins/editbox.py')]), OrderedDict([('watch', [OrderedDict([('pkg', 'python-volatility')])])])])])), ('python-volatility-plugins-javarat.py-absent', OrderedDict([('file.absent', [OrderedDict([('name', '/usr/lib/python2.7/dist-packages/volatility/plugins/javarat.py')]), OrderedDict([('watch', [OrderedDict([('pkg', 'python-volatility')])])])])]))]) [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/python-volatility.sls' using 'yaml' renderer: 0.0304689407349 [DEBUG ] In saltenv 'base', looking at rel_path 'sift/python-packages/colorama.sls' to resolve 'salt://sift/python-packages/colorama.sls' [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/python-packages/colorama.sls' to resolve 'salt://sift/python-packages/colorama.sls' [DEBUG ] Fetching file from saltenv 'base', ** attempting ** 'salt://sift/python-packages/colorama.sls' [DEBUG ] No dest file found [INFO ] Fetching file from saltenv 'base', ** done ** 'sift/python-packages/colorama.sls' [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/python-packages/colorama.sls [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/python-packages/colorama.sls' using 'jinja' renderer: 0.000748872756958 [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/python-packages/colorama.sls: include: - ..packages.python-pip colorama: pip.installed [DEBUG ] Results of YAML rendering: OrderedDict([('include', ['..packages.python-pip']), ('colorama', 'pip.installed')]) [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/python-packages/colorama.sls' using 'yaml' renderer: 0.000730991363525 [DEBUG ] In saltenv 'base', looking at rel_path 'sift/python-packages/construct.sls' to resolve 'salt://sift/python-packages/construct.sls' [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/python-packages/construct.sls' to resolve 'salt://sift/python-packages/construct.sls' [DEBUG ] Fetching file from saltenv 'base', ** attempting ** 'salt://sift/python-packages/construct.sls' [DEBUG ] No dest file found [INFO ] Fetching file from saltenv 'base', ** done ** 'sift/python-packages/construct.sls' [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/python-packages/construct.sls [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/python-packages/construct.sls' using 'jinja' renderer: 0.000702142715454 [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/python-packages/construct.sls: include: - ..packages.python-pip construct: pip.installed: - require: - pkg: python-pip [DEBUG ] Results of YAML rendering: OrderedDict([('include', ['..packages.python-pip']), ('construct', OrderedDict([('pip.installed', [OrderedDict([('require', [OrderedDict([('pkg', 'python-pip')])])])])]))]) [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/python-packages/construct.sls' using 'yaml' renderer: 0.00122213363647 [DEBUG ] In saltenv 'base', looking at rel_path 'sift/python-packages/dpapick.sls' to resolve 'salt://sift/python-packages/dpapick.sls' [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/python-packages/dpapick.sls' to resolve 'salt://sift/python-packages/dpapick.sls' [DEBUG ] Fetching file from saltenv 'base', ** attempting ** 'salt://sift/python-packages/dpapick.sls' [DEBUG ] No dest file found [INFO ] Fetching file from saltenv 'base', ** done ** 'sift/python-packages/dpapick.sls' [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/python-packages/dpapick.sls [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/python-packages/dpapick.sls' using 'jinja' renderer: 0.000668048858643 [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/python-packages/dpapick.sls: # Note: not included in init.sls, only required by python-volatility include: - ..packages.python-pip - sift.packages.libssl-dev dpapick: pip.installed: - name: dpapick - upgrade: True - require: - pkg: python-pip - sls: sift.packages.libssl-dev [DEBUG ] Results of YAML rendering: OrderedDict([('include', ['..packages.python-pip', 'sift.packages.libssl-dev']), ('dpapick', OrderedDict([('pip.installed', [OrderedDict([('name', 'dpapick')]), OrderedDict([('upgrade', True)]), OrderedDict([('require', [OrderedDict([('pkg', 'python-pip')]), OrderedDict([('sls', 'sift.packages.libssl-dev')])])])])]))]) [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/python-packages/dpapick.sls' using 'yaml' renderer: 0.00195693969727 [DEBUG ] In saltenv 'base', looking at rel_path 'sift/python-packages/distorm3.sls' to resolve 'salt://sift/python-packages/distorm3.sls' [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/python-packages/distorm3.sls' to resolve 'salt://sift/python-packages/distorm3.sls' [DEBUG ] Fetching file from saltenv 'base', ** attempting ** 'salt://sift/python-packages/distorm3.sls' [DEBUG ] No dest file found [INFO ] Fetching file from saltenv 'base', ** done ** 'sift/python-packages/distorm3.sls' [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/python-packages/distorm3.sls [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/python-packages/distorm3.sls' using 'jinja' renderer: 0.000633955001831 [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/python-packages/distorm3.sls: include: - ..packages.python-pip distorm3: pip.installed: - require: - pkg: python-pip [DEBUG ] Results of YAML rendering: OrderedDict([('include', ['..packages.python-pip']), ('distorm3', OrderedDict([('pip.installed', [OrderedDict([('require', [OrderedDict([('pkg', 'python-pip')])])])])]))]) [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/python-packages/distorm3.sls' using 'yaml' renderer: 0.00125503540039 [DEBUG ] In saltenv 'base', looking at rel_path 'sift/python-packages/haystack.sls' to resolve 'salt://sift/python-packages/haystack.sls' [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/python-packages/haystack.sls' to resolve 'salt://sift/python-packages/haystack.sls' [DEBUG ] Fetching file from saltenv 'base', ** attempting ** 'salt://sift/python-packages/haystack.sls' [DEBUG ] No dest file found [INFO ] Fetching file from saltenv 'base', ** done ** 'sift/python-packages/haystack.sls' [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/python-packages/haystack.sls [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/python-packages/haystack.sls' using 'jinja' renderer: 0.000672101974487 [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/python-packages/haystack.sls: # Note: not included in init.sls, only required by python-volatility include: - ..packages.python-pip haystack: pip.installed: - name: haystack - upgrade: True - require: - pkg: python-pip [DEBUG ] Results of YAML rendering: OrderedDict([('include', ['..packages.python-pip']), ('haystack', OrderedDict([('pip.installed', [OrderedDict([('name', 'haystack')]), OrderedDict([('upgrade', True)]), OrderedDict([('require', [OrderedDict([('pkg', 'python-pip')])])])])]))]) [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/python-packages/haystack.sls' using 'yaml' renderer: 0.00167512893677 [DEBUG ] In saltenv 'base', looking at rel_path 'sift/python-packages/ioc_writer.sls' to resolve 'salt://sift/python-packages/ioc_writer.sls' [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/python-packages/ioc_writer.sls' to resolve 'salt://sift/python-packages/ioc_writer.sls' [DEBUG ] Fetching file from saltenv 'base', ** attempting ** 'salt://sift/python-packages/ioc_writer.sls' [DEBUG ] No dest file found [INFO ] Fetching file from saltenv 'base', ** done ** 'sift/python-packages/ioc_writer.sls' [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/python-packages/ioc_writer.sls [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/python-packages/ioc_writer.sls' using 'jinja' renderer: 0.000640153884888 [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/python-packages/ioc_writer.sls: include: - ..packages.python-pip - .lxml ioc_writer: pip.installed: - require: - pkg: python-pip - pip: lxml [DEBUG ] Results of YAML rendering: OrderedDict([('include', ['..packages.python-pip', '.lxml']), ('ioc_writer', OrderedDict([('pip.installed', [OrderedDict([('require', [OrderedDict([('pkg', 'python-pip')]), OrderedDict([('pip', 'lxml')])])])])]))]) [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/python-packages/ioc_writer.sls' using 'yaml' renderer: 0.00147891044617 [DEBUG ] In saltenv 'base', looking at rel_path 'sift/python-packages/lxml.sls' to resolve 'salt://sift/python-packages/lxml.sls' [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/python-packages/lxml.sls' to resolve 'salt://sift/python-packages/lxml.sls' [DEBUG ] Fetching file from saltenv 'base', ** attempting ** 'salt://sift/python-packages/lxml.sls' [DEBUG ] No dest file found [INFO ] Fetching file from saltenv 'base', ** done ** 'sift/python-packages/lxml.sls' [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/python-packages/lxml.sls [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/python-packages/lxml.sls' using 'jinja' renderer: 0.000658988952637 [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/python-packages/lxml.sls: include: - ..packages.python-pip - ..packages.libxml2-dev - ..packages.libxslt-dev lxml: pip.installed: - require: - pkg: python-pip - pkg: libxml2-dev - pkg: libxslt-dev [DEBUG ] Results of YAML rendering: OrderedDict([('include', ['..packages.python-pip', '..packages.libxml2-dev', '..packages.libxslt-dev']), ('lxml', OrderedDict([('pip.installed', [OrderedDict([('require', [OrderedDict([('pkg', 'python-pip')]), OrderedDict([('pkg', 'libxml2-dev')]), OrderedDict([('pkg', 'libxslt-dev')])])])])]))]) [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/python-packages/lxml.sls' using 'yaml' renderer: 0.00176787376404 [DEBUG ] In saltenv 'base', looking at rel_path 'sift/python-packages/pefile.sls' to resolve 'salt://sift/python-packages/pefile.sls' [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/python-packages/pefile.sls' to resolve 'salt://sift/python-packages/pefile.sls' [DEBUG ] Fetching file from saltenv 'base', ** attempting ** 'salt://sift/python-packages/pefile.sls' [DEBUG ] No dest file found [INFO ] Fetching file from saltenv 'base', ** done ** 'sift/python-packages/pefile.sls' [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/python-packages/pefile.sls [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/python-packages/pefile.sls' using 'jinja' renderer: 0.000616788864136 [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/python-packages/pefile.sls: include: - ..packages.python-pip pefile: pip.installed: - require: - pkg: python-pip [DEBUG ] Results of YAML rendering: OrderedDict([('include', ['..packages.python-pip']), ('pefile', OrderedDict([('pip.installed', [OrderedDict([('require', [OrderedDict([('pkg', 'python-pip')])])])])]))]) [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/python-packages/pefile.sls' using 'yaml' renderer: 0.00120806694031 [DEBUG ] In saltenv 'base', looking at rel_path 'sift/python-packages/pycoin.sls' to resolve 'salt://sift/python-packages/pycoin.sls' [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/python-packages/pycoin.sls' to resolve 'salt://sift/python-packages/pycoin.sls' [DEBUG ] Fetching file from saltenv 'base', ** attempting ** 'salt://sift/python-packages/pycoin.sls' [DEBUG ] No dest file found [INFO ] Fetching file from saltenv 'base', ** done ** 'sift/python-packages/pycoin.sls' [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/python-packages/pycoin.sls [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/python-packages/pycoin.sls' using 'jinja' renderer: 0.000663995742798 [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/python-packages/pycoin.sls: # Note: not included in init.sls, only required by python-volatility include: - ..packages.python-pip pycoin: pip.installed: - name: pycoin - upgrade: True - require: - pkg: python-pip [DEBUG ] Results of YAML rendering: OrderedDict([('include', ['..packages.python-pip']), ('pycoin', OrderedDict([('pip.installed', [OrderedDict([('name', 'pycoin')]), OrderedDict([('upgrade', True)]), OrderedDict([('require', [OrderedDict([('pkg', 'python-pip')])])])])]))]) [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/python-packages/pycoin.sls' using 'yaml' renderer: 0.00203990936279 [DEBUG ] In saltenv 'base', looking at rel_path 'sift/python-packages/pysocks.sls' to resolve 'salt://sift/python-packages/pysocks.sls' [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/python-packages/pysocks.sls' to resolve 'salt://sift/python-packages/pysocks.sls' [DEBUG ] Fetching file from saltenv 'base', ** attempting ** 'salt://sift/python-packages/pysocks.sls' [DEBUG ] No dest file found [INFO ] Fetching file from saltenv 'base', ** done ** 'sift/python-packages/pysocks.sls' [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/python-packages/pysocks.sls [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/python-packages/pysocks.sls' using 'jinja' renderer: 0.000684022903442 [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/python-packages/pysocks.sls: include: - ..packages.python-pip pysocks: pip.installed: - name: pysocks - require: - pkg: python-pip [DEBUG ] Results of YAML rendering: OrderedDict([('include', ['..packages.python-pip']), ('pysocks', OrderedDict([('pip.installed', [OrderedDict([('name', 'pysocks')]), OrderedDict([('require', [OrderedDict([('pkg', 'python-pip')])])])])]))]) [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/python-packages/pysocks.sls' using 'yaml' renderer: 0.00143194198608 [DEBUG ] In saltenv 'base', looking at rel_path 'sift/python-packages/simplejson.sls' to resolve 'salt://sift/python-packages/simplejson.sls' [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/python-packages/simplejson.sls' to resolve 'salt://sift/python-packages/simplejson.sls' [DEBUG ] Fetching file from saltenv 'base', ** attempting ** 'salt://sift/python-packages/simplejson.sls' [DEBUG ] No dest file found [INFO ] Fetching file from saltenv 'base', ** done ** 'sift/python-packages/simplejson.sls' [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/python-packages/simplejson.sls [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/python-packages/simplejson.sls' using 'jinja' renderer: 0.00066614151001 [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/python-packages/simplejson.sls: # Note: not included in init.sls, only required by python-volatility include: - ..packages.python-pip simplejson: pip.installed: - name: simplejson - upgrade: True - require: - pkg: python-pip [DEBUG ] Results of YAML rendering: OrderedDict([('include', ['..packages.python-pip']), ('simplejson', OrderedDict([('pip.installed', [OrderedDict([('name', 'simplejson')]), OrderedDict([('upgrade', True)]), OrderedDict([('require', [OrderedDict([('pkg', 'python-pip')])])])])]))]) [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/python-packages/simplejson.sls' using 'yaml' renderer: 0.00169897079468 [DEBUG ] In saltenv 'base', looking at rel_path 'sift/python-packages/yara-python.sls' to resolve 'salt://sift/python-packages/yara-python.sls' [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/python-packages/yara-python.sls' to resolve 'salt://sift/python-packages/yara-python.sls' [DEBUG ] Fetching file from saltenv 'base', ** attempting ** 'salt://sift/python-packages/yara-python.sls' [DEBUG ] No dest file found [INFO ] Fetching file from saltenv 'base', ** done ** 'sift/python-packages/yara-python.sls' [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/python-packages/yara-python.sls [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/python-packages/yara-python.sls' using 'jinja' renderer: 0.000694990158081 [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/python-packages/yara-python.sls: # Note: not included in init.sls, only required by python-volatility include: - ..packages.python-pip yara-python: pip.installed: - name: yara-python - upgrade: True - require: - pkg: python-pip [DEBUG ] Results of YAML rendering: OrderedDict([('include', ['..packages.python-pip']), ('yara-python', OrderedDict([('pip.installed', [OrderedDict([('name', 'yara-python')]), OrderedDict([('upgrade', True)]), OrderedDict([('require', [OrderedDict([('pkg', 'python-pip')])])])])]))]) [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/python-packages/yara-python.sls' using 'yaml' renderer: 0.00187420845032 [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/python-yara.sls' to resolve 'salt://sift/packages/python-yara.sls' [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/python-yara.sls' to resolve 'salt://sift/packages/python-yara.sls' [DEBUG ] Fetching file from saltenv 'base', ** attempting ** 'salt://sift/packages/python-yara.sls' [DEBUG ] No dest file found [INFO ] Fetching file from saltenv 'base', ** done ** 'sift/packages/python-yara.sls' [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/python-yara.sls [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/python-yara.sls' using 'jinja' renderer: 0.000607013702393 [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/python-yara.sls: python-yara: pkg.installed [DEBUG ] Results of YAML rendering: OrderedDict([('python-yara', 'pkg.installed')]) [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/python-yara.sls' using 'yaml' renderer: 0.000489950180054 [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/qemu.sls' to resolve 'salt://sift/packages/qemu.sls' [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/qemu.sls' to resolve 'salt://sift/packages/qemu.sls' [DEBUG ] Fetching file from saltenv 'base', ** attempting ** 'salt://sift/packages/qemu.sls' [DEBUG ] No dest file found [INFO ] Fetching file from saltenv 'base', ** done ** 'sift/packages/qemu.sls' [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/qemu.sls [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/qemu.sls' using 'jinja' renderer: 0.000597953796387 [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/qemu.sls: qemu: pkg.installed [DEBUG ] Results of YAML rendering: OrderedDict([('qemu', 'pkg.installed')]) [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/qemu.sls' using 'yaml' renderer: 0.000468015670776 [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/qemu-utils.sls' to resolve 'salt://sift/packages/qemu-utils.sls' [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/qemu-utils.sls' to resolve 'salt://sift/packages/qemu-utils.sls' [DEBUG ] Fetching file from saltenv 'base', ** attempting ** 'salt://sift/packages/qemu-utils.sls' [DEBUG ] No dest file found [INFO ] Fetching file from saltenv 'base', ** done ** 'sift/packages/qemu-utils.sls' [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/qemu-utils.sls [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/qemu-utils.sls' using 'jinja' renderer: 0.000630855560303 [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/qemu-utils.sls: qemu-utils: pkg.installed [DEBUG ] Results of YAML rendering: OrderedDict([('qemu-utils', 'pkg.installed')]) [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/qemu-utils.sls' using 'yaml' renderer: 0.000479936599731 [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/radare2.sls' to resolve 'salt://sift/packages/radare2.sls' [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/radare2.sls' to resolve 'salt://sift/packages/radare2.sls' [DEBUG ] Fetching file from saltenv 'base', ** attempting ** 'salt://sift/packages/radare2.sls' [DEBUG ] No dest file found [INFO ] Fetching file from saltenv 'base', ** done ** 'sift/packages/radare2.sls' [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/radare2.sls [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/radare2.sls' using 'jinja' renderer: 0.000609874725342 [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/radare2.sls: radare2: pkg.installed [DEBUG ] Results of YAML rendering: OrderedDict([('radare2', 'pkg.installed')]) [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/radare2.sls' using 'yaml' renderer: 0.000463008880615 [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/rar.sls' to resolve 'salt://sift/packages/rar.sls' [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/rar.sls' to resolve 'salt://sift/packages/rar.sls' [DEBUG ] Fetching file from saltenv 'base', ** attempting ** 'salt://sift/packages/rar.sls' [DEBUG ] No dest file found [INFO ] Fetching file from saltenv 'base', ** done ** 'sift/packages/rar.sls' [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/rar.sls [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/rar.sls' using 'jinja' renderer: 0.000638961791992 [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/rar.sls: include: - sift.repos.ubuntu-multiverse sift-rar: pkg.installed: - name: rar - require: - sls: sift.repos.ubuntu-multiverse [DEBUG ] Results of YAML rendering: OrderedDict([('include', ['sift.repos.ubuntu-multiverse']), ('sift-rar', OrderedDict([('pkg.installed', [OrderedDict([('name', 'rar')]), OrderedDict([('require', [OrderedDict([('sls', 'sift.repos.ubuntu-multiverse')])])])])]))]) [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/rar.sls' using 'yaml' renderer: 0.00142002105713 [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/readpst.sls' to resolve 'salt://sift/packages/readpst.sls' [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/readpst.sls' to resolve 'salt://sift/packages/readpst.sls' [DEBUG ] Fetching file from saltenv 'base', ** attempting ** 'salt://sift/packages/readpst.sls' [DEBUG ] No dest file found [INFO ] Fetching file from saltenv 'base', ** done ** 'sift/packages/readpst.sls' [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/readpst.sls [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/readpst.sls' using 'jinja' renderer: 0.000582933425903 [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/readpst.sls: readpst: pkg.installed [DEBUG ] Results of YAML rendering: OrderedDict([('readpst', 'pkg.installed')]) [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/readpst.sls' using 'yaml' renderer: 0.000463962554932 [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/regripper.sls' to resolve 'salt://sift/packages/regripper.sls' [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/regripper.sls' to resolve 'salt://sift/packages/regripper.sls' [DEBUG ] Fetching file from saltenv 'base', ** attempting ** 'salt://sift/packages/regripper.sls' [DEBUG ] No dest file found [INFO ] Fetching file from saltenv 'base', ** done ** 'sift/packages/regripper.sls' [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/regripper.sls [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/regripper.sls' using 'jinja' renderer: 0.000663995742798 [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/regripper.sls: include: - sift.repos.sift - sift.packages.wine sift-regripper: pkg.installed: - name: regripper - require: - sls: sift.repos.sift - sls: sift.packages.wine [DEBUG ] Results of YAML rendering: OrderedDict([('include', ['sift.repos.sift', 'sift.packages.wine']), ('sift-regripper', OrderedDict([('pkg.installed', [OrderedDict([('name', 'regripper')]), OrderedDict([('require', [OrderedDict([('sls', 'sift.repos.sift')]), OrderedDict([('sls', 'sift.packages.wine')])])])])]))]) [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/regripper.sls' using 'yaml' renderer: 0.00199413299561 [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/wine.sls' to resolve 'salt://sift/packages/wine.sls' [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/wine.sls' to resolve 'salt://sift/packages/wine.sls' [DEBUG ] Fetching file from saltenv 'base', ** attempting ** 'salt://sift/packages/wine.sls' [DEBUG ] No dest file found [INFO ] Fetching file from saltenv 'base', ** done ** 'sift/packages/wine.sls' [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/wine.sls [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/wine.sls' using 'jinja' renderer: 0.000689029693604 [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/wine.sls: sift-wine-i386-arch: cmd.run: - name: dpkg --add-architecture i386 - unless: dpkg --print-foreign-architectures | grep i386 sift-wine-apt-update: pkg.uptodate: - refresh: True - require: - cmd: sift-wine-i386-arch sift-wine: pkg.installed: - name: wine - require: - pkg: sift-wine-apt-update [DEBUG ] Results of YAML rendering: OrderedDict([('sift-wine-i386-arch', OrderedDict([('cmd.run', [OrderedDict([('name', 'dpkg --add-architecture i386')]), OrderedDict([('unless', 'dpkg --print-foreign-architectures | grep i386')])])])), ('sift-wine-apt-update', OrderedDict([('pkg.uptodate', [OrderedDict([('refresh', True)]), OrderedDict([('require', [OrderedDict([('cmd', 'sift-wine-i386-arch')])])])])])), ('sift-wine', OrderedDict([('pkg.installed', [OrderedDict([('name', 'wine')]), OrderedDict([('require', [OrderedDict([('pkg', 'sift-wine-apt-update')])])])])]))]) [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/wine.sls' using 'yaml' renderer: 0.00284504890442 [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/rsakeyfind.sls' to resolve 'salt://sift/packages/rsakeyfind.sls' [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/rsakeyfind.sls' to resolve 'salt://sift/packages/rsakeyfind.sls' [DEBUG ] Fetching file from saltenv 'base', ** attempting ** 'salt://sift/packages/rsakeyfind.sls' [DEBUG ] No dest file found [INFO ] Fetching file from saltenv 'base', ** done ** 'sift/packages/rsakeyfind.sls' [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/rsakeyfind.sls [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/rsakeyfind.sls' using 'jinja' renderer: 0.000614166259766 [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/rsakeyfind.sls: rsakeyfind: pkg.installed [DEBUG ] Results of YAML rendering: OrderedDict([('rsakeyfind', 'pkg.installed')]) [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/rsakeyfind.sls' using 'yaml' renderer: 0.000506162643433 [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/safecopy.sls' to resolve 'salt://sift/packages/safecopy.sls' [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/safecopy.sls' to resolve 'salt://sift/packages/safecopy.sls' [DEBUG ] Fetching file from saltenv 'base', ** attempting ** 'salt://sift/packages/safecopy.sls' [DEBUG ] No dest file found [INFO ] Fetching file from saltenv 'base', ** done ** 'sift/packages/safecopy.sls' [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/safecopy.sls [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/safecopy.sls' using 'jinja' renderer: 0.000611066818237 [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/safecopy.sls: safecopy: pkg.installed [DEBUG ] Results of YAML rendering: OrderedDict([('safecopy', 'pkg.installed')]) [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/safecopy.sls' using 'yaml' renderer: 0.000488042831421 [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/samba.sls' to resolve 'salt://sift/packages/samba.sls' [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/samba.sls' to resolve 'salt://sift/packages/samba.sls' [DEBUG ] Fetching file from saltenv 'base', ** attempting ** 'salt://sift/packages/samba.sls' [DEBUG ] No dest file found [INFO ] Fetching file from saltenv 'base', ** done ** 'sift/packages/samba.sls' [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/samba.sls [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/samba.sls' using 'jinja' renderer: 0.000611066818237 [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/samba.sls: samba: pkg.installed [DEBUG ] Results of YAML rendering: OrderedDict([('samba', 'pkg.installed')]) [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/samba.sls' using 'yaml' renderer: 0.000489950180054 [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/samdump2.sls' to resolve 'salt://sift/packages/samdump2.sls' [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/samdump2.sls' to resolve 'salt://sift/packages/samdump2.sls' [DEBUG ] Fetching file from saltenv 'base', ** attempting ** 'salt://sift/packages/samdump2.sls' [DEBUG ] No dest file found [INFO ] Fetching file from saltenv 'base', ** done ** 'sift/packages/samdump2.sls' [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/samdump2.sls [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/samdump2.sls' using 'jinja' renderer: 0.000602006912231 [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/samdump2.sls: samdump2: pkg.installed [DEBUG ] Results of YAML rendering: OrderedDict([('samdump2', 'pkg.installed')]) [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/samdump2.sls' using 'yaml' renderer: 0.000447034835815 [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/scalpel.sls' to resolve 'salt://sift/packages/scalpel.sls' [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/scalpel.sls' to resolve 'salt://sift/packages/scalpel.sls' [DEBUG ] Fetching file from saltenv 'base', ** attempting ** 'salt://sift/packages/scalpel.sls' [DEBUG ] No dest file found [INFO ] Fetching file from saltenv 'base', ** done ** 'sift/packages/scalpel.sls' [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/scalpel.sls [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/scalpel.sls' using 'jinja' renderer: 0.000584840774536 [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/scalpel.sls: scalpel: pkg.installed [DEBUG ] Results of YAML rendering: OrderedDict([('scalpel', 'pkg.installed')]) [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/scalpel.sls' using 'yaml' renderer: 0.000461101531982 [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/sleuthkit.sls' to resolve 'salt://sift/packages/sleuthkit.sls' [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/sleuthkit.sls' to resolve 'salt://sift/packages/sleuthkit.sls' [DEBUG ] Fetching file from saltenv 'base', ** attempting ** 'salt://sift/packages/sleuthkit.sls' [DEBUG ] No dest file found [INFO ] Fetching file from saltenv 'base', ** done ** 'sift/packages/sleuthkit.sls' [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/sleuthkit.sls [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/sleuthkit.sls' using 'jinja' renderer: 0.000585079193115 [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/sleuthkit.sls: sleuthkit: pkg.installed [DEBUG ] Results of YAML rendering: OrderedDict([('sleuthkit', 'pkg.installed')]) [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/sleuthkit.sls' using 'yaml' renderer: 0.000465154647827 [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/socat.sls' to resolve 'salt://sift/packages/socat.sls' [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/socat.sls' to resolve 'salt://sift/packages/socat.sls' [DEBUG ] Fetching file from saltenv 'base', ** attempting ** 'salt://sift/packages/socat.sls' [DEBUG ] No dest file found [INFO ] Fetching file from saltenv 'base', ** done ** 'sift/packages/socat.sls' [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/socat.sls [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/socat.sls' using 'jinja' renderer: 0.000589847564697 [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/socat.sls: socat: pkg.installed [DEBUG ] Results of YAML rendering: OrderedDict([('socat', 'pkg.installed')]) [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/socat.sls' using 'yaml' renderer: 0.000454187393188 [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/ssdeep.sls' to resolve 'salt://sift/packages/ssdeep.sls' [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/ssdeep.sls' to resolve 'salt://sift/packages/ssdeep.sls' [DEBUG ] Fetching file from saltenv 'base', ** attempting ** 'salt://sift/packages/ssdeep.sls' [DEBUG ] No dest file found [INFO ] Fetching file from saltenv 'base', ** done ** 'sift/packages/ssdeep.sls' [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/ssdeep.sls [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/ssdeep.sls' using 'jinja' renderer: 0.000614881515503 [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/ssdeep.sls: ssdeep: pkg.installed [DEBUG ] Results of YAML rendering: OrderedDict([('ssdeep', 'pkg.installed')]) [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/ssdeep.sls' using 'yaml' renderer: 0.000463008880615 [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/ssldump.sls' to resolve 'salt://sift/packages/ssldump.sls' [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/ssldump.sls' to resolve 'salt://sift/packages/ssldump.sls' [DEBUG ] Fetching file from saltenv 'base', ** attempting ** 'salt://sift/packages/ssldump.sls' [DEBUG ] No dest file found [INFO ] Fetching file from saltenv 'base', ** done ** 'sift/packages/ssldump.sls' [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/ssldump.sls [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/ssldump.sls' using 'jinja' renderer: 0.000591993331909 [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/ssldump.sls: ssldump: pkg.installed [DEBUG ] Results of YAML rendering: OrderedDict([('ssldump', 'pkg.installed')]) [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/ssldump.sls' using 'yaml' renderer: 0.000447034835815 [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/sslsniff.sls' to resolve 'salt://sift/packages/sslsniff.sls' [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/sslsniff.sls' to resolve 'salt://sift/packages/sslsniff.sls' [DEBUG ] Fetching file from saltenv 'base', ** attempting ** 'salt://sift/packages/sslsniff.sls' [DEBUG ] No dest file found [INFO ] Fetching file from saltenv 'base', ** done ** 'sift/packages/sslsniff.sls' [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/sslsniff.sls [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/sslsniff.sls' using 'jinja' renderer: 0.000584125518799 [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/sslsniff.sls: sslsniff: pkg.installed [DEBUG ] Results of YAML rendering: OrderedDict([('sslsniff', 'pkg.installed')]) [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/sslsniff.sls' using 'yaml' renderer: 0.000462055206299 [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/stunnel4.sls' to resolve 'salt://sift/packages/stunnel4.sls' [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/stunnel4.sls' to resolve 'salt://sift/packages/stunnel4.sls' [DEBUG ] Fetching file from saltenv 'base', ** attempting ** 'salt://sift/packages/stunnel4.sls' [DEBUG ] No dest file found [INFO ] Fetching file from saltenv 'base', ** done ** 'sift/packages/stunnel4.sls' [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/stunnel4.sls [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/stunnel4.sls' using 'jinja' renderer: 0.000587940216064 [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/stunnel4.sls: stunnel4: pkg.installed [DEBUG ] Results of YAML rendering: OrderedDict([('stunnel4', 'pkg.installed')]) [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/stunnel4.sls' using 'yaml' renderer: 0.000459909439087 [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/system-config-samba.sls' to resolve 'salt://sift/packages/system-config-samba.sls' [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/system-config-samba.sls' to resolve 'salt://sift/packages/system-config-samba.sls' [DEBUG ] Fetching file from saltenv 'base', ** attempting ** 'salt://sift/packages/system-config-samba.sls' [DEBUG ] No dest file found [INFO ] Fetching file from saltenv 'base', ** done ** 'sift/packages/system-config-samba.sls' [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/system-config-samba.sls [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/system-config-samba.sls' using 'jinja' renderer: 0.000590085983276 [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/system-config-samba.sls: system-config-samba: pkg.installed [DEBUG ] Results of YAML rendering: OrderedDict([('system-config-samba', 'pkg.installed')]) [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/system-config-samba.sls' using 'yaml' renderer: 0.000452995300293 [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/tcl.sls' to resolve 'salt://sift/packages/tcl.sls' [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/tcl.sls' to resolve 'salt://sift/packages/tcl.sls' [DEBUG ] Fetching file from saltenv 'base', ** attempting ** 'salt://sift/packages/tcl.sls' [DEBUG ] No dest file found [INFO ] Fetching file from saltenv 'base', ** done ** 'sift/packages/tcl.sls' [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/tcl.sls [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/tcl.sls' using 'jinja' renderer: 0.00062084197998 [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/tcl.sls: tcl: pkg.installed [DEBUG ] Results of YAML rendering: OrderedDict([('tcl', 'pkg.installed')]) [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/tcl.sls' using 'yaml' renderer: 0.00048303604126 [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/tcpflow.sls' to resolve 'salt://sift/packages/tcpflow.sls' [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/tcpflow.sls' to resolve 'salt://sift/packages/tcpflow.sls' [DEBUG ] Fetching file from saltenv 'base', ** attempting ** 'salt://sift/packages/tcpflow.sls' [DEBUG ] No dest file found [INFO ] Fetching file from saltenv 'base', ** done ** 'sift/packages/tcpflow.sls' [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/tcpflow.sls [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/tcpflow.sls' using 'jinja' renderer: 0.000648975372314 [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/tcpflow.sls: tcpflow: pkg.installed [DEBUG ] Results of YAML rendering: OrderedDict([('tcpflow', 'pkg.installed')]) [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/tcpflow.sls' using 'yaml' renderer: 0.000501155853271 [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/tcpick.sls' to resolve 'salt://sift/packages/tcpick.sls' [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/tcpick.sls' to resolve 'salt://sift/packages/tcpick.sls' [DEBUG ] Fetching file from saltenv 'base', ** attempting ** 'salt://sift/packages/tcpick.sls' [DEBUG ] No dest file found [INFO ] Fetching file from saltenv 'base', ** done ** 'sift/packages/tcpick.sls' [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/tcpick.sls [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/tcpick.sls' using 'jinja' renderer: 0.000588178634644 [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/tcpick.sls: tcpick: pkg.installed [DEBUG ] Results of YAML rendering: OrderedDict([('tcpick', 'pkg.installed')]) [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/tcpick.sls' using 'yaml' renderer: 0.000477075576782 [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/tcpreplay.sls' to resolve 'salt://sift/packages/tcpreplay.sls' [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/tcpreplay.sls' to resolve 'salt://sift/packages/tcpreplay.sls' [DEBUG ] Fetching file from saltenv 'base', ** attempting ** 'salt://sift/packages/tcpreplay.sls' [DEBUG ] No dest file found [INFO ] Fetching file from saltenv 'base', ** done ** 'sift/packages/tcpreplay.sls' [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/tcpreplay.sls [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/tcpreplay.sls' using 'jinja' renderer: 0.000632047653198 [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/tcpreplay.sls: tcpreplay: pkg.installed [DEBUG ] Results of YAML rendering: OrderedDict([('tcpreplay', 'pkg.installed')]) [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/tcpreplay.sls' using 'yaml' renderer: 0.00051212310791 [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/tcpslice.sls' to resolve 'salt://sift/packages/tcpslice.sls' [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/tcpslice.sls' to resolve 'salt://sift/packages/tcpslice.sls' [DEBUG ] Fetching file from saltenv 'base', ** attempting ** 'salt://sift/packages/tcpslice.sls' [DEBUG ] No dest file found [INFO ] Fetching file from saltenv 'base', ** done ** 'sift/packages/tcpslice.sls' [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/tcpslice.sls [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/tcpslice.sls' using 'jinja' renderer: 0.000744819641113 [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/tcpslice.sls: tcpslice: pkg.installed [DEBUG ] Results of YAML rendering: OrderedDict([('tcpslice', 'pkg.installed')]) [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/tcpslice.sls' using 'yaml' renderer: 0.000524044036865 [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/tcpstat.sls' to resolve 'salt://sift/packages/tcpstat.sls' [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/tcpstat.sls' to resolve 'salt://sift/packages/tcpstat.sls' [DEBUG ] Fetching file from saltenv 'base', ** attempting ** 'salt://sift/packages/tcpstat.sls' [DEBUG ] No dest file found [INFO ] Fetching file from saltenv 'base', ** done ** 'sift/packages/tcpstat.sls' [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/tcpstat.sls [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/tcpstat.sls' using 'jinja' renderer: 0.000653982162476 [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/tcpstat.sls: tcpstat: pkg.installed [DEBUG ] Results of YAML rendering: OrderedDict([('tcpstat', 'pkg.installed')]) [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/tcpstat.sls' using 'yaml' renderer: 0.000509977340698 [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/tcptrace.sls' to resolve 'salt://sift/packages/tcptrace.sls' [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/tcptrace.sls' to resolve 'salt://sift/packages/tcptrace.sls' [DEBUG ] Fetching file from saltenv 'base', ** attempting ** 'salt://sift/packages/tcptrace.sls' [DEBUG ] No dest file found [INFO ] Fetching file from saltenv 'base', ** done ** 'sift/packages/tcptrace.sls' [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/tcptrace.sls [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/tcptrace.sls' using 'jinja' renderer: 0.00108480453491 [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/tcptrace.sls: tcptrace: pkg.installed [DEBUG ] Results of YAML rendering: OrderedDict([('tcptrace', 'pkg.installed')]) [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/tcptrace.sls' using 'yaml' renderer: 0.000468969345093 [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/tcptrack.sls' to resolve 'salt://sift/packages/tcptrack.sls' [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/tcptrack.sls' to resolve 'salt://sift/packages/tcptrack.sls' [DEBUG ] Fetching file from saltenv 'base', ** attempting ** 'salt://sift/packages/tcptrack.sls' [DEBUG ] No dest file found [INFO ] Fetching file from saltenv 'base', ** done ** 'sift/packages/tcptrack.sls' [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/tcptrack.sls [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/tcptrack.sls' using 'jinja' renderer: 0.000581979751587 [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/tcptrack.sls: tcptrack: pkg.installed [DEBUG ] Results of YAML rendering: OrderedDict([('tcptrack', 'pkg.installed')]) [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/tcptrack.sls' using 'yaml' renderer: 0.000444889068604 [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/tcpxtract.sls' to resolve 'salt://sift/packages/tcpxtract.sls' [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/tcpxtract.sls' to resolve 'salt://sift/packages/tcpxtract.sls' [DEBUG ] Fetching file from saltenv 'base', ** attempting ** 'salt://sift/packages/tcpxtract.sls' [DEBUG ] No dest file found [INFO ] Fetching file from saltenv 'base', ** done ** 'sift/packages/tcpxtract.sls' [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/tcpxtract.sls [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/tcpxtract.sls' using 'jinja' renderer: 0.000581979751587 [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/tcpxtract.sls: tcpxtract: pkg.installed [DEBUG ] Results of YAML rendering: OrderedDict([('tcpxtract', 'pkg.installed')]) [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/tcpxtract.sls' using 'yaml' renderer: 0.000461101531982 [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/testdisk.sls' to resolve 'salt://sift/packages/testdisk.sls' [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/testdisk.sls' to resolve 'salt://sift/packages/testdisk.sls' [DEBUG ] Fetching file from saltenv 'base', ** attempting ** 'salt://sift/packages/testdisk.sls' [DEBUG ] No dest file found [INFO ] Fetching file from saltenv 'base', ** done ** 'sift/packages/testdisk.sls' [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/testdisk.sls [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/testdisk.sls' using 'jinja' renderer: 0.000607013702393 [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/testdisk.sls: testdisk: pkg.installed [DEBUG ] Results of YAML rendering: OrderedDict([('testdisk', 'pkg.installed')]) [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/testdisk.sls' using 'yaml' renderer: 0.000482082366943 [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/tofrodos.sls' to resolve 'salt://sift/packages/tofrodos.sls' [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/tofrodos.sls' to resolve 'salt://sift/packages/tofrodos.sls' [DEBUG ] Fetching file from saltenv 'base', ** attempting ** 'salt://sift/packages/tofrodos.sls' [DEBUG ] No dest file found [INFO ] Fetching file from saltenv 'base', ** done ** 'sift/packages/tofrodos.sls' [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/tofrodos.sls [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/tofrodos.sls' using 'jinja' renderer: 0.000591039657593 [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/tofrodos.sls: tofrodos: pkg.installed [DEBUG ] Results of YAML rendering: OrderedDict([('tofrodos', 'pkg.installed')]) [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/tofrodos.sls' using 'yaml' renderer: 0.000448226928711 [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/transmission.sls' to resolve 'salt://sift/packages/transmission.sls' [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/transmission.sls' to resolve 'salt://sift/packages/transmission.sls' [DEBUG ] Fetching file from saltenv 'base', ** attempting ** 'salt://sift/packages/transmission.sls' [DEBUG ] No dest file found [INFO ] Fetching file from saltenv 'base', ** done ** 'sift/packages/transmission.sls' [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/transmission.sls [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/transmission.sls' using 'jinja' renderer: 0.000590085983276 [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/transmission.sls: transmission: pkg.installed [DEBUG ] Results of YAML rendering: OrderedDict([('transmission', 'pkg.installed')]) [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/transmission.sls' using 'yaml' renderer: 0.00046706199646 [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/unity-control-center.sls' to resolve 'salt://sift/packages/unity-control-center.sls' [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/unity-control-center.sls' to resolve 'salt://sift/packages/unity-control-center.sls' [DEBUG ] Fetching file from saltenv 'base', ** attempting ** 'salt://sift/packages/unity-control-center.sls' [DEBUG ] No dest file found [INFO ] Fetching file from saltenv 'base', ** done ** 'sift/packages/unity-control-center.sls' [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/unity-control-center.sls [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/unity-control-center.sls' using 'jinja' renderer: 0.000610113143921 [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/unity-control-center.sls: unity-control-center: pkg.installed [DEBUG ] Results of YAML rendering: OrderedDict([('unity-control-center', 'pkg.installed')]) [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/unity-control-center.sls' using 'yaml' renderer: 0.000494003295898 [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/unrar.sls' to resolve 'salt://sift/packages/unrar.sls' [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/unrar.sls' to resolve 'salt://sift/packages/unrar.sls' [DEBUG ] Fetching file from saltenv 'base', ** attempting ** 'salt://sift/packages/unrar.sls' [DEBUG ] No dest file found [INFO ] Fetching file from saltenv 'base', ** done ** 'sift/packages/unrar.sls' [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/unrar.sls [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/unrar.sls' using 'jinja' renderer: 0.000657081604004 [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/unrar.sls: include: - sift.repos.ubuntu-multiverse sift-unrar: pkg.installed: - name: unrar - require: - sls: sift.repos.ubuntu-multiverse [DEBUG ] Results of YAML rendering: OrderedDict([('include', ['sift.repos.ubuntu-multiverse']), ('sift-unrar', OrderedDict([('pkg.installed', [OrderedDict([('name', 'unrar')]), OrderedDict([('require', [OrderedDict([('sls', 'sift.repos.ubuntu-multiverse')])])])])]))]) [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/unrar.sls' using 'yaml' renderer: 0.00151991844177 [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/upx-ucl.sls' to resolve 'salt://sift/packages/upx-ucl.sls' [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/upx-ucl.sls' to resolve 'salt://sift/packages/upx-ucl.sls' [DEBUG ] Fetching file from saltenv 'base', ** attempting ** 'salt://sift/packages/upx-ucl.sls' [DEBUG ] No dest file found [INFO ] Fetching file from saltenv 'base', ** done ** 'sift/packages/upx-ucl.sls' [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/upx-ucl.sls [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/upx-ucl.sls' using 'jinja' renderer: 0.000592231750488 [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/upx-ucl.sls: upx-ucl: pkg.installed [DEBUG ] Results of YAML rendering: OrderedDict([('upx-ucl', 'pkg.installed')]) [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/upx-ucl.sls' using 'yaml' renderer: 0.000445127487183 [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/vbindiff.sls' to resolve 'salt://sift/packages/vbindiff.sls' [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/vbindiff.sls' to resolve 'salt://sift/packages/vbindiff.sls' [DEBUG ] Fetching file from saltenv 'base', ** attempting ** 'salt://sift/packages/vbindiff.sls' [DEBUG ] No dest file found [INFO ] Fetching file from saltenv 'base', ** done ** 'sift/packages/vbindiff.sls' [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/vbindiff.sls [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/vbindiff.sls' using 'jinja' renderer: 0.000581026077271 [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/vbindiff.sls: vbindiff: pkg.installed [DEBUG ] Results of YAML rendering: OrderedDict([('vbindiff', 'pkg.installed')]) [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/vbindiff.sls' using 'yaml' renderer: 0.000457048416138 [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/vim.sls' to resolve 'salt://sift/packages/vim.sls' [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/vim.sls' to resolve 'salt://sift/packages/vim.sls' [DEBUG ] Fetching file from saltenv 'base', ** attempting ** 'salt://sift/packages/vim.sls' [DEBUG ] No dest file found [INFO ] Fetching file from saltenv 'base', ** done ** 'sift/packages/vim.sls' [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/vim.sls [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/vim.sls' using 'jinja' renderer: 0.000609159469604 [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/vim.sls: vim: pkg.installed [DEBUG ] Results of YAML rendering: OrderedDict([('vim', 'pkg.installed')]) [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/vim.sls' using 'yaml' renderer: 0.000461101531982 [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/virtuoso-minimal.sls' to resolve 'salt://sift/packages/virtuoso-minimal.sls' [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/virtuoso-minimal.sls' to resolve 'salt://sift/packages/virtuoso-minimal.sls' [DEBUG ] Fetching file from saltenv 'base', ** attempting ** 'salt://sift/packages/virtuoso-minimal.sls' [DEBUG ] No dest file found [INFO ] Fetching file from saltenv 'base', ** done ** 'sift/packages/virtuoso-minimal.sls' [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/virtuoso-minimal.sls [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/virtuoso-minimal.sls' using 'jinja' renderer: 0.000614881515503 [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/virtuoso-minimal.sls: virtuoso-minimal: pkg.installed [DEBUG ] Results of YAML rendering: OrderedDict([('virtuoso-minimal', 'pkg.installed')]) [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/virtuoso-minimal.sls' using 'yaml' renderer: 0.000501155853271 [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/vmfs-tools.sls' to resolve 'salt://sift/packages/vmfs-tools.sls' [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/vmfs-tools.sls' to resolve 'salt://sift/packages/vmfs-tools.sls' [DEBUG ] Fetching file from saltenv 'base', ** attempting ** 'salt://sift/packages/vmfs-tools.sls' [DEBUG ] No dest file found [INFO ] Fetching file from saltenv 'base', ** done ** 'sift/packages/vmfs-tools.sls' [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/vmfs-tools.sls [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/vmfs-tools.sls' using 'jinja' renderer: 0.00059700012207 [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/vmfs-tools.sls: vmfs-tools: pkg.installed [DEBUG ] Results of YAML rendering: OrderedDict([('vmfs-tools', 'pkg.installed')]) [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/vmfs-tools.sls' using 'yaml' renderer: 0.000492811203003 [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/winbind.sls' to resolve 'salt://sift/packages/winbind.sls' [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/winbind.sls' to resolve 'salt://sift/packages/winbind.sls' [DEBUG ] Fetching file from saltenv 'base', ** attempting ** 'salt://sift/packages/winbind.sls' [DEBUG ] No dest file found [INFO ] Fetching file from saltenv 'base', ** done ** 'sift/packages/winbind.sls' [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/winbind.sls [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/winbind.sls' using 'jinja' renderer: 0.000607013702393 [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/winbind.sls: winbind: pkg.installed [DEBUG ] Results of YAML rendering: OrderedDict([('winbind', 'pkg.installed')]) [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/winbind.sls' using 'yaml' renderer: 0.000465869903564 [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/wireshark.sls' to resolve 'salt://sift/packages/wireshark.sls' [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/wireshark.sls' to resolve 'salt://sift/packages/wireshark.sls' [DEBUG ] Fetching file from saltenv 'base', ** attempting ** 'salt://sift/packages/wireshark.sls' [DEBUG ] No dest file found [INFO ] Fetching file from saltenv 'base', ** done ** 'sift/packages/wireshark.sls' [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/wireshark.sls [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/wireshark.sls' using 'jinja' renderer: 0.000591039657593 [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/wireshark.sls: wireshark: pkg.installed [DEBUG ] Results of YAML rendering: OrderedDict([('wireshark', 'pkg.installed')]) [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/wireshark.sls' using 'yaml' renderer: 0.000462055206299 [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/xdot.sls' to resolve 'salt://sift/packages/xdot.sls' [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/xdot.sls' to resolve 'salt://sift/packages/xdot.sls' [DEBUG ] Fetching file from saltenv 'base', ** attempting ** 'salt://sift/packages/xdot.sls' [DEBUG ] No dest file found [INFO ] Fetching file from saltenv 'base', ** done ** 'sift/packages/xdot.sls' [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/xdot.sls [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/xdot.sls' using 'jinja' renderer: 0.000590085983276 [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/xdot.sls: xdot: pkg.installed [DEBUG ] Results of YAML rendering: OrderedDict([('xdot', 'pkg.installed')]) [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/xdot.sls' using 'yaml' renderer: 0.000497102737427 [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/xfsprogs.sls' to resolve 'salt://sift/packages/xfsprogs.sls' [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/xfsprogs.sls' to resolve 'salt://sift/packages/xfsprogs.sls' [DEBUG ] Fetching file from saltenv 'base', ** attempting ** 'salt://sift/packages/xfsprogs.sls' [DEBUG ] No dest file found [INFO ] Fetching file from saltenv 'base', ** done ** 'sift/packages/xfsprogs.sls' [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/xfsprogs.sls [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/xfsprogs.sls' using 'jinja' renderer: 0.000937938690186 [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/xfsprogs.sls: xfsprogs: pkg.installed [DEBUG ] Results of YAML rendering: OrderedDict([('xfsprogs', 'pkg.installed')]) [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/xfsprogs.sls' using 'yaml' renderer: 0.000470161437988 [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/xmount.sls' to resolve 'salt://sift/packages/xmount.sls' [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/xmount.sls' to resolve 'salt://sift/packages/xmount.sls' [DEBUG ] Fetching file from saltenv 'base', ** attempting ** 'salt://sift/packages/xmount.sls' [DEBUG ] No dest file found [INFO ] Fetching file from saltenv 'base', ** done ** 'sift/packages/xmount.sls' [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/xmount.sls [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/xmount.sls' using 'jinja' renderer: 0.000627994537354 [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/xmount.sls: xmount: pkg.installed [DEBUG ] Results of YAML rendering: OrderedDict([('xmount', 'pkg.installed')]) [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/xmount.sls' using 'yaml' renderer: 0.00048303604126 [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/xpdf.sls' to resolve 'salt://sift/packages/xpdf.sls' [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/xpdf.sls' to resolve 'salt://sift/packages/xpdf.sls' [DEBUG ] Fetching file from saltenv 'base', ** attempting ** 'salt://sift/packages/xpdf.sls' [DEBUG ] No dest file found [INFO ] Fetching file from saltenv 'base', ** done ** 'sift/packages/xpdf.sls' [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/xpdf.sls [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/xpdf.sls' using 'jinja' renderer: 0.000590801239014 [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/xpdf.sls: xpdf: pkg.installed [DEBUG ] Results of YAML rendering: OrderedDict([('xpdf', 'pkg.installed')]) [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/xpdf.sls' using 'yaml' renderer: 0.000463008880615 [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/zenity.sls' to resolve 'salt://sift/packages/zenity.sls' [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/zenity.sls' to resolve 'salt://sift/packages/zenity.sls' [DEBUG ] Fetching file from saltenv 'base', ** attempting ** 'salt://sift/packages/zenity.sls' [DEBUG ] No dest file found [INFO ] Fetching file from saltenv 'base', ** done ** 'sift/packages/zenity.sls' [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/zenity.sls [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/zenity.sls' using 'jinja' renderer: 0.000597953796387 [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/zenity.sls: zenity: pkg.installed [DEBUG ] Results of YAML rendering: OrderedDict([('zenity', 'pkg.installed')]) [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/zenity.sls' using 'yaml' renderer: 0.000463962554932 [DEBUG ] Could not find file 'salt://sift/python-packages.sls' in saltenv 'base' [DEBUG ] In saltenv 'base', looking at rel_path 'sift/python-packages/init.sls' to resolve 'salt://sift/python-packages/init.sls' [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/python-packages/init.sls' to resolve 'salt://sift/python-packages/init.sls' [DEBUG ] Fetching file from saltenv 'base', ** attempting ** 'salt://sift/python-packages/init.sls' [DEBUG ] No dest file found [INFO ] Fetching file from saltenv 'base', ** done ** 'sift/python-packages/init.sls' [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/python-packages/init.sls [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/python-packages/init.sls' using 'jinja' renderer: 0.00122618675232 [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/python-packages/init.sls: include: - sift.python-packages.analyzemft - sift.python-packages.argparse - sift.python-packages.bitstring - sift.python-packages.colorama - sift.python-packages.construct - sift.python-packages.distorm3 - sift.python-packages.docopt # - sift.python-packages.indxparse (Disabled due to problem with python-fuse dependency) - sift.python-packages.ioc_writer - sift.python-packages.lxml - sift.python-packages.pefile - sift.python-packages.pip - sift.python-packages.pysocks - sift.python-packages.python-dateutil - sift.python-packages.python-evtx - sift.python-packages.python-magic - sift.python-packages.python-registry - sift.python-packages.rekall - sift.python-packages.setuptools - sift.python-packages.six - sift.python-packages.stix-validator - sift.python-packages.stix - sift.python-packages.timesketch - sift.python-packages.unicodecsv - sift.python-packages.usnparser - sift.python-packages.wheel - sift.python-packages.windowsprefetch sift-python-packages: test.nop: - name: sift-python-packages - require: - sls: sift.python-packages.analyzemft - sls: sift.python-packages.argparse - sls: sift.python-packages.bitstring - sls: sift.python-packages.colorama - sls: sift.python-packages.construct - sls: sift.python-packages.distorm3 - sls: sift.python-packages.docopt # - sls: sift.python-packages.indxparse (Disabled due to problem with python-fuse dependency) - sls: sift.python-packages.ioc_writer - sls: sift.python-packages.lxml - sls: sift.python-packages.pefile - sls: sift.python-packages.pip - sls: sift.python-packages.pysocks - sls: sift.python-packages.python-dateutil - sls: sift.python-packages.python-evtx - sls: sift.python-packages.python-magic - sls: sift.python-packages.python-registry - sls: sift.python-packages.rekall - sls: sift.python-packages.setuptools - sls: sift.python-packages.six - sls: sift.python-packages.stix-validator - sls: sift.python-packages.stix - sls: sift.python-packages.timesketch - sls: sift.python-packages.unicodecsv - sls: sift.python-packages.usnparser - sls: sift.python-packages.wheel - sls: sift.python-packages.windowsprefetch [DEBUG ] Results of YAML rendering: OrderedDict([('include', ['sift.python-packages.analyzemft', 'sift.python-packages.argparse', 'sift.python-packages.bitstring', 'sift.python-packages.colorama', 'sift.python-packages.construct', 'sift.python-packages.distorm3', 'sift.python-packages.docopt', 'sift.python-packages.ioc_writer', 'sift.python-packages.lxml', 'sift.python-packages.pefile', 'sift.python-packages.pip', 'sift.python-packages.pysocks', 'sift.python-packages.python-dateutil', 'sift.python-packages.python-evtx', 'sift.python-packages.python-magic', 'sift.python-packages.python-registry', 'sift.python-packages.rekall', 'sift.python-packages.setuptools', 'sift.python-packages.six', 'sift.python-packages.stix-validator', 'sift.python-packages.stix', 'sift.python-packages.timesketch', 'sift.python-packages.unicodecsv', 'sift.python-packages.usnparser', 'sift.python-packages.wheel', 'sift.python-packages.windowsprefetch']), ('sift-python-packages', OrderedDict([('test.nop', [OrderedDict([('name', 'sift-python-packages')]), OrderedDict([('require', [OrderedDict([('sls', 'sift.python-packages.analyzemft')]), OrderedDict([('sls', 'sift.python-packages.argparse')]), OrderedDict([('sls', 'sift.python-packages.bitstring')]), OrderedDict([('sls', 'sift.python-packages.colorama')]), OrderedDict([('sls', 'sift.python-packages.construct')]), OrderedDict([('sls', 'sift.python-packages.distorm3')]), OrderedDict([('sls', 'sift.python-packages.docopt')]), OrderedDict([('sls', 'sift.python-packages.ioc_writer')]), OrderedDict([('sls', 'sift.python-packages.lxml')]), OrderedDict([('sls', 'sift.python-packages.pefile')]), OrderedDict([('sls', 'sift.python-packages.pip')]), OrderedDict([('sls', 'sift.python-packages.pysocks')]), OrderedDict([('sls', 'sift.python-packages.python-dateutil')]), OrderedDict([('sls', 'sift.python-packages.python-evtx')]), OrderedDict([('sls', 'sift.python-packages.python-magic')]), OrderedDict([('sls', 'sift.python-packages.python-registry')]), OrderedDict([('sls', 'sift.python-packages.rekall')]), OrderedDict([('sls', 'sift.python-packages.setuptools')]), OrderedDict([('sls', 'sift.python-packages.six')]), OrderedDict([('sls', 'sift.python-packages.stix-validator')]), OrderedDict([('sls', 'sift.python-packages.stix')]), OrderedDict([('sls', 'sift.python-packages.timesketch')]), OrderedDict([('sls', 'sift.python-packages.unicodecsv')]), OrderedDict([('sls', 'sift.python-packages.usnparser')]), OrderedDict([('sls', 'sift.python-packages.wheel')]), OrderedDict([('sls', 'sift.python-packages.windowsprefetch')])])])])]))]) [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/python-packages/init.sls' using 'yaml' renderer: 0.00964999198914 [DEBUG ] In saltenv 'base', looking at rel_path 'sift/python-packages/analyzemft.sls' to resolve 'salt://sift/python-packages/analyzemft.sls' [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/python-packages/analyzemft.sls' to resolve 'salt://sift/python-packages/analyzemft.sls' [DEBUG ] Fetching file from saltenv 'base', ** attempting ** 'salt://sift/python-packages/analyzemft.sls' [DEBUG ] No dest file found [INFO ] Fetching file from saltenv 'base', ** done ** 'sift/python-packages/analyzemft.sls' [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/python-packages/analyzemft.sls [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/python-packages/analyzemft.sls' using 'jinja' renderer: 0.000717878341675 [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/python-packages/analyzemft.sls: include: - ..packages.python-pip analyzemft: pip.installed: - require: - pkg: python-pip [DEBUG ] Results of YAML rendering: OrderedDict([('include', ['..packages.python-pip']), ('analyzemft', OrderedDict([('pip.installed', [OrderedDict([('require', [OrderedDict([('pkg', 'python-pip')])])])])]))]) [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/python-packages/analyzemft.sls' using 'yaml' renderer: 0.00128293037415 [DEBUG ] In saltenv 'base', looking at rel_path 'sift/python-packages/argparse.sls' to resolve 'salt://sift/python-packages/argparse.sls' [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/python-packages/argparse.sls' to resolve 'salt://sift/python-packages/argparse.sls' [DEBUG ] Fetching file from saltenv 'base', ** attempting ** 'salt://sift/python-packages/argparse.sls' [DEBUG ] No dest file found [INFO ] Fetching file from saltenv 'base', ** done ** 'sift/python-packages/argparse.sls' [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/python-packages/argparse.sls [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/python-packages/argparse.sls' using 'jinja' renderer: 0.000828981399536 [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/python-packages/argparse.sls: include: - ..packages.python-pip argparse: pip.installed: - require: - pkg: python-pip [DEBUG ] Results of YAML rendering: OrderedDict([('include', ['..packages.python-pip']), ('argparse', OrderedDict([('pip.installed', [OrderedDict([('require', [OrderedDict([('pkg', 'python-pip')])])])])]))]) [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/python-packages/argparse.sls' using 'yaml' renderer: 0.0013279914856 [DEBUG ] In saltenv 'base', looking at rel_path 'sift/python-packages/bitstring.sls' to resolve 'salt://sift/python-packages/bitstring.sls' [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/python-packages/bitstring.sls' to resolve 'salt://sift/python-packages/bitstring.sls' [DEBUG ] Fetching file from saltenv 'base', ** attempting ** 'salt://sift/python-packages/bitstring.sls' [DEBUG ] No dest file found [INFO ] Fetching file from saltenv 'base', ** done ** 'sift/python-packages/bitstring.sls' [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/python-packages/bitstring.sls [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/python-packages/bitstring.sls' using 'jinja' renderer: 0.000643014907837 [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/python-packages/bitstring.sls: include: - ..packages.python-pip bitstring: pip.installed: - require: - pkg: python-pip [DEBUG ] Results of YAML rendering: OrderedDict([('include', ['..packages.python-pip']), ('bitstring', OrderedDict([('pip.installed', [OrderedDict([('require', [OrderedDict([('pkg', 'python-pip')])])])])]))]) [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/python-packages/bitstring.sls' using 'yaml' renderer: 0.00122714042664 [DEBUG ] In saltenv 'base', looking at rel_path 'sift/python-packages/docopt.sls' to resolve 'salt://sift/python-packages/docopt.sls' [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/python-packages/docopt.sls' to resolve 'salt://sift/python-packages/docopt.sls' [DEBUG ] Fetching file from saltenv 'base', ** attempting ** 'salt://sift/python-packages/docopt.sls' [DEBUG ] No dest file found [INFO ] Fetching file from saltenv 'base', ** done ** 'sift/python-packages/docopt.sls' [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/python-packages/docopt.sls [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/python-packages/docopt.sls' using 'jinja' renderer: 0.000638961791992 [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/python-packages/docopt.sls: include: - ..packages.python-pip docopt: pip.installed [DEBUG ] Results of YAML rendering: OrderedDict([('include', ['..packages.python-pip']), ('docopt', 'pip.installed')]) [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/python-packages/docopt.sls' using 'yaml' renderer: 0.000733137130737 [DEBUG ] In saltenv 'base', looking at rel_path 'sift/python-packages/pip.sls' to resolve 'salt://sift/python-packages/pip.sls' [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/python-packages/pip.sls' to resolve 'salt://sift/python-packages/pip.sls' [DEBUG ] Fetching file from saltenv 'base', ** attempting ** 'salt://sift/python-packages/pip.sls' [DEBUG ] No dest file found [INFO ] Fetching file from saltenv 'base', ** done ** 'sift/python-packages/pip.sls' [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/python-packages/pip.sls [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/python-packages/pip.sls' using 'jinja' renderer: 0.000715970993042 [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/python-packages/pip.sls: include: - ..packages.python-pip pip: pip.installed: - name: pip - upgrade: True - require: - pkg: python-pip [DEBUG ] Results of YAML rendering: OrderedDict([('include', ['..packages.python-pip']), ('pip', OrderedDict([('pip.installed', [OrderedDict([('name', 'pip')]), OrderedDict([('upgrade', True)]), OrderedDict([('require', [OrderedDict([('pkg', 'python-pip')])])])])]))]) [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/python-packages/pip.sls' using 'yaml' renderer: 0.00163102149963 [DEBUG ] In saltenv 'base', looking at rel_path 'sift/python-packages/python-dateutil.sls' to resolve 'salt://sift/python-packages/python-dateutil.sls' [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/python-packages/python-dateutil.sls' to resolve 'salt://sift/python-packages/python-dateutil.sls' [DEBUG ] Fetching file from saltenv 'base', ** attempting ** 'salt://sift/python-packages/python-dateutil.sls' [DEBUG ] No dest file found [INFO ] Fetching file from saltenv 'base', ** done ** 'sift/python-packages/python-dateutil.sls' [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/python-packages/python-dateutil.sls [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/python-packages/python-dateutil.sls' using 'jinja' renderer: 0.000686168670654 [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/python-packages/python-dateutil.sls: include: - ..packages.python-pip python-dateutil: pip.installed: - name: python-dateutil >= 2.4.2 - require: - pkg: python-pip [DEBUG ] Results of YAML rendering: OrderedDict([('include', ['..packages.python-pip']), ('python-dateutil', OrderedDict([('pip.installed', [OrderedDict([('name', 'python-dateutil >= 2.4.2')]), OrderedDict([('require', [OrderedDict([('pkg', 'python-pip')])])])])]))]) [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/python-packages/python-dateutil.sls' using 'yaml' renderer: 0.00144577026367 [DEBUG ] In saltenv 'base', looking at rel_path 'sift/python-packages/python-evtx.sls' to resolve 'salt://sift/python-packages/python-evtx.sls' [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/python-packages/python-evtx.sls' to resolve 'salt://sift/python-packages/python-evtx.sls' [DEBUG ] Fetching file from saltenv 'base', ** attempting ** 'salt://sift/python-packages/python-evtx.sls' [DEBUG ] No dest file found [INFO ] Fetching file from saltenv 'base', ** done ** 'sift/python-packages/python-evtx.sls' [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/python-packages/python-evtx.sls [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/python-packages/python-evtx.sls' using 'jinja' renderer: 0.000622987747192 [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/python-packages/python-evtx.sls: include: - ..packages.python-pip python-evtx: pip.installed: - require: - pkg: python-pip [DEBUG ] Results of YAML rendering: OrderedDict([('include', ['..packages.python-pip']), ('python-evtx', OrderedDict([('pip.installed', [OrderedDict([('require', [OrderedDict([('pkg', 'python-pip')])])])])]))]) [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/python-packages/python-evtx.sls' using 'yaml' renderer: 0.00118803977966 [DEBUG ] In saltenv 'base', looking at rel_path 'sift/python-packages/python-magic.sls' to resolve 'salt://sift/python-packages/python-magic.sls' [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/python-packages/python-magic.sls' to resolve 'salt://sift/python-packages/python-magic.sls' [DEBUG ] Fetching file from saltenv 'base', ** attempting ** 'salt://sift/python-packages/python-magic.sls' [DEBUG ] No dest file found [INFO ] Fetching file from saltenv 'base', ** done ** 'sift/python-packages/python-magic.sls' [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/python-packages/python-magic.sls [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/python-packages/python-magic.sls' using 'jinja' renderer: 0.000610828399658 [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/python-packages/python-magic.sls: include: - ..packages.python-pip python-magic: pip.installed: - require: - pkg: python-pip [DEBUG ] Results of YAML rendering: OrderedDict([('include', ['..packages.python-pip']), ('python-magic', OrderedDict([('pip.installed', [OrderedDict([('require', [OrderedDict([('pkg', 'python-pip')])])])])]))]) [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/python-packages/python-magic.sls' using 'yaml' renderer: 0.00129413604736 [DEBUG ] In saltenv 'base', looking at rel_path 'sift/python-packages/python-registry.sls' to resolve 'salt://sift/python-packages/python-registry.sls' [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/python-packages/python-registry.sls' to resolve 'salt://sift/python-packages/python-registry.sls' [DEBUG ] Fetching file from saltenv 'base', ** attempting ** 'salt://sift/python-packages/python-registry.sls' [DEBUG ] No dest file found [INFO ] Fetching file from saltenv 'base', ** done ** 'sift/python-packages/python-registry.sls' [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/python-packages/python-registry.sls [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/python-packages/python-registry.sls' using 'jinja' renderer: 0.000630140304565 [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/python-packages/python-registry.sls: include: - ..packages.python-pip python-registry: pip.installed: - require: - pkg: python-pip [DEBUG ] Results of YAML rendering: OrderedDict([('include', ['..packages.python-pip']), ('python-registry', OrderedDict([('pip.installed', [OrderedDict([('require', [OrderedDict([('pkg', 'python-pip')])])])])]))]) [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/python-packages/python-registry.sls' using 'yaml' renderer: 0.00121903419495 [DEBUG ] In saltenv 'base', looking at rel_path 'sift/python-packages/rekall.sls' to resolve 'salt://sift/python-packages/rekall.sls' [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/python-packages/rekall.sls' to resolve 'salt://sift/python-packages/rekall.sls' [DEBUG ] Fetching file from saltenv 'base', ** attempting ** 'salt://sift/python-packages/rekall.sls' [DEBUG ] No dest file found [INFO ] Fetching file from saltenv 'base', ** done ** 'sift/python-packages/rekall.sls' [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/python-packages/rekall.sls [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/python-packages/rekall.sls' using 'jinja' renderer: 0.000806093215942 [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/python-packages/rekall.sls: include: - ..packages.build-essential - ..packages.python-dev - ..packages.python-pip - ..packages.libncurses - ..packages.python-virtualenv - .setuptools - .wheel rekall-virtualenv: virtualenv.managed: - name: /opt/rekall - pip_pkgs: - pip - setuptools - wheel - rekall - require: - pkg: python-virtualenv rekall: pip.installed: - name: rekall - bin_env: /opt/rekall - require: - pkg: python-dev - pkg: python-pip - pkg: libncurses - pkg: build-essential - pip: setuptools - pip: wheel - virtualenv: rekall-virtualenv [DEBUG ] Results of YAML rendering: OrderedDict([('include', ['..packages.build-essential', '..packages.python-dev', '..packages.python-pip', '..packages.libncurses', '..packages.python-virtualenv', '.setuptools', '.wheel']), ('rekall-virtualenv', OrderedDict([('virtualenv.managed', [OrderedDict([('name', '/opt/rekall')]), OrderedDict([('pip_pkgs', ['pip', 'setuptools', 'wheel', 'rekall'])]), OrderedDict([('require', [OrderedDict([('pkg', 'python-virtualenv')])])])])])), ('rekall', OrderedDict([('pip.installed', [OrderedDict([('name', 'rekall')]), OrderedDict([('bin_env', '/opt/rekall')]), OrderedDict([('require', [OrderedDict([('pkg', 'python-dev')]), OrderedDict([('pkg', 'python-pip')]), OrderedDict([('pkg', 'libncurses')]), OrderedDict([('pkg', 'build-essential')]), OrderedDict([('pip', 'setuptools')]), OrderedDict([('pip', 'wheel')]), OrderedDict([('virtualenv', 'rekall-virtualenv')])])])])]))]) [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/python-packages/rekall.sls' using 'yaml' renderer: 0.00496912002563 [DEBUG ] In saltenv 'base', looking at rel_path 'sift/python-packages/setuptools.sls' to resolve 'salt://sift/python-packages/setuptools.sls' [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/python-packages/setuptools.sls' to resolve 'salt://sift/python-packages/setuptools.sls' [DEBUG ] Fetching file from saltenv 'base', ** attempting ** 'salt://sift/python-packages/setuptools.sls' [DEBUG ] No dest file found [INFO ] Fetching file from saltenv 'base', ** done ** 'sift/python-packages/setuptools.sls' [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/python-packages/setuptools.sls [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/python-packages/setuptools.sls' using 'jinja' renderer: 0.000642061233521 [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/python-packages/setuptools.sls: include: - ..packages.python-pip setuptools: pip.installed: - name: setuptools - upgrade: True - require: - pkg: python-pip [DEBUG ] Results of YAML rendering: OrderedDict([('include', ['..packages.python-pip']), ('setuptools', OrderedDict([('pip.installed', [OrderedDict([('name', 'setuptools')]), OrderedDict([('upgrade', True)]), OrderedDict([('require', [OrderedDict([('pkg', 'python-pip')])])])])]))]) [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/python-packages/setuptools.sls' using 'yaml' renderer: 0.00163912773132 [DEBUG ] In saltenv 'base', looking at rel_path 'sift/python-packages/wheel.sls' to resolve 'salt://sift/python-packages/wheel.sls' [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/python-packages/wheel.sls' to resolve 'salt://sift/python-packages/wheel.sls' [DEBUG ] Fetching file from saltenv 'base', ** attempting ** 'salt://sift/python-packages/wheel.sls' [DEBUG ] No dest file found [INFO ] Fetching file from saltenv 'base', ** done ** 'sift/python-packages/wheel.sls' [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/python-packages/wheel.sls [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/python-packages/wheel.sls' using 'jinja' renderer: 0.000686883926392 [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/python-packages/wheel.sls: include: - ..packages.python-pip wheel: pip.installed: - name: wheel - upgrade: True - require: - pkg: python-pip [DEBUG ] Results of YAML rendering: OrderedDict([('include', ['..packages.python-pip']), ('wheel', OrderedDict([('pip.installed', [OrderedDict([('name', 'wheel')]), OrderedDict([('upgrade', True)]), OrderedDict([('require', [OrderedDict([('pkg', 'python-pip')])])])])]))]) [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/python-packages/wheel.sls' using 'yaml' renderer: 0.00182700157166 [DEBUG ] In saltenv 'base', looking at rel_path 'sift/python-packages/six.sls' to resolve 'salt://sift/python-packages/six.sls' [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/python-packages/six.sls' to resolve 'salt://sift/python-packages/six.sls' [DEBUG ] Fetching file from saltenv 'base', ** attempting ** 'salt://sift/python-packages/six.sls' [DEBUG ] No dest file found [INFO ] Fetching file from saltenv 'base', ** done ** 'sift/python-packages/six.sls' [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/python-packages/six.sls [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/python-packages/six.sls' using 'jinja' renderer: 0.00062894821167 [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/python-packages/six.sls: include: - ..packages.python-pip six: pip.installed: - require: - pkg: python-pip [DEBUG ] Results of YAML rendering: OrderedDict([('include', ['..packages.python-pip']), ('six', OrderedDict([('pip.installed', [OrderedDict([('require', [OrderedDict([('pkg', 'python-pip')])])])])]))]) [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/python-packages/six.sls' using 'yaml' renderer: 0.00118899345398 [DEBUG ] In saltenv 'base', looking at rel_path 'sift/python-packages/stix-validator.sls' to resolve 'salt://sift/python-packages/stix-validator.sls' [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/python-packages/stix-validator.sls' to resolve 'salt://sift/python-packages/stix-validator.sls' [DEBUG ] Fetching file from saltenv 'base', ** attempting ** 'salt://sift/python-packages/stix-validator.sls' [DEBUG ] No dest file found [INFO ] Fetching file from saltenv 'base', ** done ** 'sift/python-packages/stix-validator.sls' [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/python-packages/stix-validator.sls [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/python-packages/stix-validator.sls' using 'jinja' renderer: 0.000622034072876 [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/python-packages/stix-validator.sls: include: - ..packages.python-pip - .stix stix-validator: pip.installed: - require: - pkg: python-pip - pip: stix [DEBUG ] Results of YAML rendering: OrderedDict([('include', ['..packages.python-pip', '.stix']), ('stix-validator', OrderedDict([('pip.installed', [OrderedDict([('require', [OrderedDict([('pkg', 'python-pip')]), OrderedDict([('pip', 'stix')])])])])]))]) [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/python-packages/stix-validator.sls' using 'yaml' renderer: 0.00147294998169 [DEBUG ] In saltenv 'base', looking at rel_path 'sift/python-packages/stix.sls' to resolve 'salt://sift/python-packages/stix.sls' [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/python-packages/stix.sls' to resolve 'salt://sift/python-packages/stix.sls' [DEBUG ] Fetching file from saltenv 'base', ** attempting ** 'salt://sift/python-packages/stix.sls' [DEBUG ] No dest file found [INFO ] Fetching file from saltenv 'base', ** done ** 'sift/python-packages/stix.sls' [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/python-packages/stix.sls [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/python-packages/stix.sls' using 'jinja' renderer: 0.000626087188721 [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/python-packages/stix.sls: include: - ..packages.python-pip - .lxml stix: pip.installed: - require: - pkg: python-pip - pip: lxml [DEBUG ] Results of YAML rendering: OrderedDict([('include', ['..packages.python-pip', '.lxml']), ('stix', OrderedDict([('pip.installed', [OrderedDict([('require', [OrderedDict([('pkg', 'python-pip')]), OrderedDict([('pip', 'lxml')])])])])]))]) [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/python-packages/stix.sls' using 'yaml' renderer: 0.00144982337952 [DEBUG ] In saltenv 'base', looking at rel_path 'sift/python-packages/timesketch.sls' to resolve 'salt://sift/python-packages/timesketch.sls' [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/python-packages/timesketch.sls' to resolve 'salt://sift/python-packages/timesketch.sls' [DEBUG ] Fetching file from saltenv 'base', ** attempting ** 'salt://sift/python-packages/timesketch.sls' [DEBUG ] No dest file found [INFO ] Fetching file from saltenv 'base', ** done ** 'sift/python-packages/timesketch.sls' [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/python-packages/timesketch.sls [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/python-packages/timesketch.sls' using 'jinja' renderer: 0.00156688690186 [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/python-packages/timesketch.sls: include: - ..packages.python-pip - ..packages.python-dev - ..packages.libffi-dev timesketch: pip.installed: - force_reinstall: False - require: - pkg: python-pip - pkg: python-dev - pkg: libffi-dev [DEBUG ] Results of YAML rendering: OrderedDict([('include', ['..packages.python-pip', '..packages.python-dev', '..packages.libffi-dev']), ('timesketch', OrderedDict([('pip.installed', [OrderedDict([('force_reinstall', False)]), OrderedDict([('require', [OrderedDict([('pkg', 'python-pip')]), OrderedDict([('pkg', 'python-dev')]), OrderedDict([('pkg', 'libffi-dev')])])])])]))]) [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/python-packages/timesketch.sls' using 'yaml' renderer: 0.00200819969177 [DEBUG ] In saltenv 'base', looking at rel_path 'sift/python-packages/unicodecsv.sls' to resolve 'salt://sift/python-packages/unicodecsv.sls' [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/python-packages/unicodecsv.sls' to resolve 'salt://sift/python-packages/unicodecsv.sls' [DEBUG ] Fetching file from saltenv 'base', ** attempting ** 'salt://sift/python-packages/unicodecsv.sls' [DEBUG ] No dest file found [INFO ] Fetching file from saltenv 'base', ** done ** 'sift/python-packages/unicodecsv.sls' [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/python-packages/unicodecsv.sls [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/python-packages/unicodecsv.sls' using 'jinja' renderer: 0.000630855560303 [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/python-packages/unicodecsv.sls: include: - ..packages.python-pip unicodecsv: pip.installed: - require: - pkg: python-pip [DEBUG ] Results of YAML rendering: OrderedDict([('include', ['..packages.python-pip']), ('unicodecsv', OrderedDict([('pip.installed', [OrderedDict([('require', [OrderedDict([('pkg', 'python-pip')])])])])]))]) [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/python-packages/unicodecsv.sls' using 'yaml' renderer: 0.0012149810791 [DEBUG ] In saltenv 'base', looking at rel_path 'sift/python-packages/usnparser.sls' to resolve 'salt://sift/python-packages/usnparser.sls' [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/python-packages/usnparser.sls' to resolve 'salt://sift/python-packages/usnparser.sls' [DEBUG ] Fetching file from saltenv 'base', ** attempting ** 'salt://sift/python-packages/usnparser.sls' [DEBUG ] No dest file found [INFO ] Fetching file from saltenv 'base', ** done ** 'sift/python-packages/usnparser.sls' [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/python-packages/usnparser.sls [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/python-packages/usnparser.sls' using 'jinja' renderer: 0.000631809234619 [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/python-packages/usnparser.sls: include: - ..packages.python-pip usnparser: pip.installed: - require: - pkg: python-pip [DEBUG ] Results of YAML rendering: OrderedDict([('include', ['..packages.python-pip']), ('usnparser', OrderedDict([('pip.installed', [OrderedDict([('require', [OrderedDict([('pkg', 'python-pip')])])])])]))]) [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/python-packages/usnparser.sls' using 'yaml' renderer: 0.00119996070862 [DEBUG ] In saltenv 'base', looking at rel_path 'sift/python-packages/windowsprefetch.sls' to resolve 'salt://sift/python-packages/windowsprefetch.sls' [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/python-packages/windowsprefetch.sls' to resolve 'salt://sift/python-packages/windowsprefetch.sls' [DEBUG ] Fetching file from saltenv 'base', ** attempting ** 'salt://sift/python-packages/windowsprefetch.sls' [DEBUG ] No dest file found [INFO ] Fetching file from saltenv 'base', ** done ** 'sift/python-packages/windowsprefetch.sls' [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/python-packages/windowsprefetch.sls [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/python-packages/windowsprefetch.sls' using 'jinja' renderer: 0.000616073608398 [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/python-packages/windowsprefetch.sls: include: - ..packages.python-pip windowsprefetch: pip.installed: - require: - pkg: python-pip [DEBUG ] Results of YAML rendering: OrderedDict([('include', ['..packages.python-pip']), ('windowsprefetch', OrderedDict([('pip.installed', [OrderedDict([('require', [OrderedDict([('pkg', 'python-pip')])])])])]))]) [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/python-packages/windowsprefetch.sls' using 'yaml' renderer: 0.00196099281311 [DEBUG ] Could not find file 'salt://sift/tools.sls' in saltenv 'base' [DEBUG ] In saltenv 'base', looking at rel_path 'sift/tools/init.sls' to resolve 'salt://sift/tools/init.sls' [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/tools/init.sls' to resolve 'salt://sift/tools/init.sls' [DEBUG ] Fetching file from saltenv 'base', ** attempting ** 'salt://sift/tools/init.sls' [DEBUG ] No dest file found [INFO ] Fetching file from saltenv 'base', ** done ** 'sift/tools/init.sls' [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/tools/init.sls [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/tools/init.sls' using 'jinja' renderer: 0.000711917877197 [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/tools/init.sls: include: - sift.tools.densityscout - sift.tools.sift-cli sift-tools: test.nop: - name: sift-tools - require: - sls: sift.tools.densityscout - sls: sift.tools.sift-cli [DEBUG ] Results of YAML rendering: OrderedDict([('include', ['sift.tools.densityscout', 'sift.tools.sift-cli']), ('sift-tools', OrderedDict([('test.nop', [OrderedDict([('name', 'sift-tools')]), OrderedDict([('require', [OrderedDict([('sls', 'sift.tools.densityscout')]), OrderedDict([('sls', 'sift.tools.sift-cli')])])])])]))]) [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/tools/init.sls' using 'yaml' renderer: 0.00174283981323 [DEBUG ] In saltenv 'base', looking at rel_path 'sift/tools/densityscout.sls' to resolve 'salt://sift/tools/densityscout.sls' [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/tools/densityscout.sls' to resolve 'salt://sift/tools/densityscout.sls' [DEBUG ] Fetching file from saltenv 'base', ** attempting ** 'salt://sift/tools/densityscout.sls' [DEBUG ] No dest file found [INFO ] Fetching file from saltenv 'base', ** done ** 'sift/tools/densityscout.sls' [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/tools/densityscout.sls [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/tools/densityscout.sls' using 'jinja' renderer: 0.00231695175171 [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/tools/densityscout.sls: # http://cert.at/static/downloads/software/densityscout/densityscout_build_45_linux.zip sift-tool-densityscout-archive: archive.extracted: - name: /usr/local/src/densityscout/densityscout_build_45_linux - enforce_toplevel: False - source: http://cert.at/static/downloads/software/densityscout/densityscout_build_45_linux.zip - source_hash: sha256=7d49813d407df06529e4b0138d4c0eec725c73bf9e93c0444639c6d409890f2c - if_missing: /usr/local/bin/densityscout-build-45 sift-tool-densityscout-binary: file.copy: - name: /usr/local/bin/densityscout-build-45 - source: /usr/local/src/densityscout/densityscout_build_45_linux/lin64/densityscout - user: root - group: root - mode: 755 - require: - archive: sift-tool-densityscout-archive sift-tool-densityscout-link: file.symlink: - name: /usr/local/bin/densityscout - target: /usr/local/bin/densityscout-build-45 - require: - file: sift-tool-densityscout-binary [DEBUG ] Results of YAML rendering: OrderedDict([('sift-tool-densityscout-archive', OrderedDict([('archive.extracted', [OrderedDict([('name', '/usr/local/src/densityscout/densityscout_build_45_linux')]), OrderedDict([('enforce_toplevel', False)]), OrderedDict([('source', 'http://cert.at/static/downloads/software/densityscout/densityscout_build_45_linux.zip')]), OrderedDict([('source_hash', 'sha256=7d49813d407df06529e4b0138d4c0eec725c73bf9e93c0444639c6d409890f2c')]), OrderedDict([('if_missing', '/usr/local/bin/densityscout-build-45')])])])), ('sift-tool-densityscout-binary', OrderedDict([('file.copy', [OrderedDict([('name', '/usr/local/bin/densityscout-build-45')]), OrderedDict([('source', '/usr/local/src/densityscout/densityscout_build_45_linux/lin64/densityscout')]), OrderedDict([('user', 'root')]), OrderedDict([('group', 'root')]), OrderedDict([('mode', 755)]), OrderedDict([('require', [OrderedDict([('archive', 'sift-tool-densityscout-archive')])])])])])), ('sift-tool-densityscout-link', OrderedDict([('file.symlink', [OrderedDict([('name', '/usr/local/bin/densityscout')]), OrderedDict([('target', '/usr/local/bin/densityscout-build-45')]), OrderedDict([('require', [OrderedDict([('file', 'sift-tool-densityscout-binary')])])])])]))]) [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/tools/densityscout.sls' using 'yaml' renderer: 0.00484204292297 [DEBUG ] In saltenv 'base', looking at rel_path 'sift/tools/sift-cli.sls' to resolve 'salt://sift/tools/sift-cli.sls' [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/tools/sift-cli.sls' to resolve 'salt://sift/tools/sift-cli.sls' [DEBUG ] Fetching file from saltenv 'base', ** attempting ** 'salt://sift/tools/sift-cli.sls' [DEBUG ] No dest file found [INFO ] Fetching file from saltenv 'base', ** done ** 'sift/tools/sift-cli.sls' [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/tools/sift-cli.sls [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/tools/sift-cli.sls' using 'jinja' renderer: 0.00139307975769 [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/tools/sift-cli.sls: sift-tool-sift-cli: file.managed: - name: /usr/local/bin/sift - source: https://github.com/sans-dfir/sift-cli/releases/download/v1.5.1/sift-cli-linux - source_hash: sha256=3847e734a98a842868ecc5488916e1273c8baf6d7a822c46d3f4079ec316566d - mode: 755 [DEBUG ] Results of YAML rendering: OrderedDict([('sift-tool-sift-cli', OrderedDict([('file.managed', [OrderedDict([('name', '/usr/local/bin/sift')]), OrderedDict([('source', 'https://github.com/sans-dfir/sift-cli/releases/download/v1.5.1/sift-cli-linux')]), OrderedDict([('source_hash', 'sha256=3847e734a98a842868ecc5488916e1273c8baf6d7a822c46d3f4079ec316566d')]), OrderedDict([('mode', 755)])])]))]) [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/tools/sift-cli.sls' using 'yaml' renderer: 0.00159287452698 [DEBUG ] Could not find file 'salt://sift/scripts.sls' in saltenv 'base' [DEBUG ] In saltenv 'base', looking at rel_path 'sift/scripts/init.sls' to resolve 'salt://sift/scripts/init.sls' [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/scripts/init.sls' to resolve 'salt://sift/scripts/init.sls' [DEBUG ] Fetching file from saltenv 'base', ** attempting ** 'salt://sift/scripts/init.sls' [DEBUG ] No dest file found [INFO ] Fetching file from saltenv 'base', ** done ** 'sift/scripts/init.sls' [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/scripts/init.sls [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/scripts/init.sls' using 'jinja' renderer: 0.000976085662842 [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/scripts/init.sls: include: - sift.scripts.4n6 - sift.scripts.amcache - sift.scripts.dump-mft-entry - sift.scripts.image-mounter - sift.scripts.java-idx-parser - sift.scripts.jobparser - sift.scripts.keydet-tools - sift.scripts.packerid - sift.scripts.page-brute - sift.scripts.parseusn - sift.scripts.pdf-tools - sift.scripts.pe-carver - sift.scripts.pescanner - sift.scripts.regripper - sift.scripts.shim-cache-parser - sift.scripts.sift - sift.scripts.sorter - sift.scripts.sqlparser - sift.scripts.usbdeviceforensics - sift.scripts.virustotal-tools - sift.scripts.vshot sift-scripts: test.nop: - name: sift-scripts - require: - sls: sift.scripts.4n6 - sls: sift.scripts.amcache - sls: sift.scripts.dump-mft-entry - sls: sift.scripts.image-mounter - sls: sift.scripts.java-idx-parser - sls: sift.scripts.jobparser - sls: sift.scripts.keydet-tools - sls: sift.scripts.packerid - sls: sift.scripts.page-brute - sls: sift.scripts.parseusn - sls: sift.scripts.pdf-tools - sls: sift.scripts.pe-carver - sls: sift.scripts.pescanner - sls: sift.scripts.regripper - sls: sift.scripts.shim-cache-parser - sls: sift.scripts.sift - sls: sift.scripts.sorter - sls: sift.scripts.sqlparser - sls: sift.scripts.usbdeviceforensics - sls: sift.scripts.virustotal-tools - sls: sift.scripts.vshot [DEBUG ] Results of YAML rendering: OrderedDict([('include', ['sift.scripts.4n6', 'sift.scripts.amcache', 'sift.scripts.dump-mft-entry', 'sift.scripts.image-mounter', 'sift.scripts.java-idx-parser', 'sift.scripts.jobparser', 'sift.scripts.keydet-tools', 'sift.scripts.packerid', 'sift.scripts.page-brute', 'sift.scripts.parseusn', 'sift.scripts.pdf-tools', 'sift.scripts.pe-carver', 'sift.scripts.pescanner', 'sift.scripts.regripper', 'sift.scripts.shim-cache-parser', 'sift.scripts.sift', 'sift.scripts.sorter', 'sift.scripts.sqlparser', 'sift.scripts.usbdeviceforensics', 'sift.scripts.virustotal-tools', 'sift.scripts.vshot']), ('sift-scripts', OrderedDict([('test.nop', [OrderedDict([('name', 'sift-scripts')]), OrderedDict([('require', [OrderedDict([('sls', 'sift.scripts.4n6')]), OrderedDict([('sls', 'sift.scripts.amcache')]), OrderedDict([('sls', 'sift.scripts.dump-mft-entry')]), OrderedDict([('sls', 'sift.scripts.image-mounter')]), OrderedDict([('sls', 'sift.scripts.java-idx-parser')]), OrderedDict([('sls', 'sift.scripts.jobparser')]), OrderedDict([('sls', 'sift.scripts.keydet-tools')]), OrderedDict([('sls', 'sift.scripts.packerid')]), OrderedDict([('sls', 'sift.scripts.page-brute')]), OrderedDict([('sls', 'sift.scripts.parseusn')]), OrderedDict([('sls', 'sift.scripts.pdf-tools')]), OrderedDict([('sls', 'sift.scripts.pe-carver')]), OrderedDict([('sls', 'sift.scripts.pescanner')]), OrderedDict([('sls', 'sift.scripts.regripper')]), OrderedDict([('sls', 'sift.scripts.shim-cache-parser')]), OrderedDict([('sls', 'sift.scripts.sift')]), OrderedDict([('sls', 'sift.scripts.sorter')]), OrderedDict([('sls', 'sift.scripts.sqlparser')]), OrderedDict([('sls', 'sift.scripts.usbdeviceforensics')]), OrderedDict([('sls', 'sift.scripts.virustotal-tools')]), OrderedDict([('sls', 'sift.scripts.vshot')])])])])]))]) [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/scripts/init.sls' using 'yaml' renderer: 0.00795984268188 [DEBUG ] In saltenv 'base', looking at rel_path 'sift/scripts/4n6.sls' to resolve 'salt://sift/scripts/4n6.sls' [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/scripts/4n6.sls' to resolve 'salt://sift/scripts/4n6.sls' [DEBUG ] Fetching file from saltenv 'base', ** attempting ** 'salt://sift/scripts/4n6.sls' [DEBUG ] No dest file found [INFO ] Fetching file from saltenv 'base', ** done ** 'sift/scripts/4n6.sls' [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/scripts/4n6.sls [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/scripts/4n6.sls' using 'jinja' renderer: 0.00454616546631 [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/scripts/4n6.sls: include: - sift.packages.git - sift.packages.python sift-scripts-4n6-git: git.latest: - name: https://github.com/cheeky4n6monkey/4n6-scripts.git - target: /usr/local/src/4n6-scripts - user: root - rev: master - force_clone: True - require: - pkg: git - pkg: python sift-scripts-4n6-WP8_AppPerms.py: file.copy: - name: /usr/local/bin/WP8_AppPerms.py - source: /usr/local/src/4n6-scripts/WP8_AppPerms.py - file_mode: 755 - watch: - git: sift-scripts-4n6-git sift-scripts-4n6-bing-bar-parser.pl: file.copy: - name: /usr/local/bin/bing-bar-parser.pl - source: /usr/local/src/4n6-scripts/bing-bar-parser.pl - file_mode: 755 - watch: - git: sift-scripts-4n6-git sift-scripts-4n6-chunkymonkey.py: file.copy: - name: /usr/local/bin/chunkymonkey.py - source: /usr/local/src/4n6-scripts/chunkymonkey.py - file_mode: 755 - watch: - git: sift-scripts-4n6-git sift-scripts-4n6-dextract.def: file.copy: - name: /usr/local/bin/dextract.def - source: /usr/local/src/4n6-scripts/dextract.def - file_mode: 755 - watch: - git: sift-scripts-4n6-git sift-scripts-4n6-dextract.py: file.copy: - name: /usr/local/bin/dextract.py - source: /usr/local/src/4n6-scripts/dextract.py - file_mode: 755 - watch: - git: sift-scripts-4n6-git sift-scripts-4n6-docx-font-extractor.pl: file.copy: - name: /usr/local/bin/docx-font-extractor.pl - source: /usr/local/src/4n6-scripts/docx-font-extractor.pl - file_mode: 755 - watch: - git: sift-scripts-4n6-git sift-scripts-4n6-exif2map.pl: file.copy: - name: /usr/local/bin/exif2map.pl - source: /usr/local/src/4n6-scripts/exif2map.pl - file_mode: 755 - watch: - git: sift-scripts-4n6-git sift-scripts-4n6-fbmsg-extractor.py: file.copy: - name: /usr/local/bin/fbmsg-extractor.py - source: /usr/local/src/4n6-scripts/fbmsg-extractor.py - file_mode: 755 - watch: - git: sift-scripts-4n6-git sift-scripts-4n6-gis4cookie.pl: file.copy: - name: /usr/local/bin/gis4cookie.pl - source: /usr/local/src/4n6-scripts/gis4cookie.pl - file_mode: 755 - watch: - git: sift-scripts-4n6-git sift-scripts-4n6-google-ei-time.py: file.copy: - name: /usr/local/bin/google-ei-time.py - source: /usr/local/src/4n6-scripts/google-ei-time.py - file_mode: 755 - watch: - git: sift-scripts-4n6-git sift-scripts-4n6-imgcache-parse-mod.py: file.copy: - name: /usr/local/bin/imgcache-parse-mod.py - source: /usr/local/src/4n6-scripts/imgcache-parse-mod.py - file_mode: 755 - watch: - git: sift-scripts-4n6-git sift-scripts-4n6-imgcache-parse.py: file.copy: - name: /usr/local/bin/imgcache-parse.py - source: /usr/local/src/4n6-scripts/imgcache-parse.py - file_mode: 755 - watch: - git: sift-scripts-4n6-git sift-scripts-4n6-json-printer.pl: file.copy: - name: /usr/local/bin/json-printer.pl - source: /usr/local/src/4n6-scripts/json-printer.pl - file_mode: 755 - watch: - git: sift-scripts-4n6-git sift-scripts-4n6-msoffice-pic-extractor.py: file.copy: - name: /usr/local/bin/msoffice-pic-extractor.py - source: /usr/local/src/4n6-scripts/msoffice-pic-extractor.py - file_mode: 755 - watch: - git: sift-scripts-4n6-git sift-scripts-4n6-plist2db.py: file.copy: - name: /usr/local/bin/plist2db.py - source: /usr/local/src/4n6-scripts/plist2db.py - file_mode: 755 - watch: - git: sift-scripts-4n6-git sift-scripts-4n6-print_apk_perms.py: file.copy: - name: /usr/local/bin/print_apk_perms.py - source: /usr/local/src/4n6-scripts/print_apk_perms.py - file_mode: 755 - watch: - git: sift-scripts-4n6-git sift-scripts-4n6-s2-cellid2latlong.py: file.copy: - name: /usr/local/bin/s2-cellid2latlong.py - source: /usr/local/src/4n6-scripts/s2-cellid2latlong.py - file_mode: 755 - watch: - git: sift-scripts-4n6-git sift-scripts-4n6-s2-latlong2cellid.py: file.copy: - name: /usr/local/bin/s2-latlong2cellid.py - source: /usr/local/src/4n6-scripts/s2-latlong2cellid.py - file_mode: 755 - watch: - git: sift-scripts-4n6-git sift-scripts-4n6-sms-grep-sample-config.txt: file.copy: - name: /usr/local/bin/sms-grep-sample-config.txt - source: /usr/local/src/4n6-scripts/sms-grep-sample-config.txt - file_mode: 755 - watch: - git: sift-scripts-4n6-git sift-scripts-4n6-sms-grep.pl: file.copy: - name: /usr/local/bin/sms-grep.pl - source: /usr/local/src/4n6-scripts/sms-grep.pl - file_mode: 755 - watch: - git: sift-scripts-4n6-git sift-scripts-4n6-sqlite-base64-decode.py: file.copy: - name: /usr/local/bin/sqlite-base64-decode.py - source: /usr/local/src/4n6-scripts/sqlite-base64-decode.py - file_mode: 755 - watch: - git: sift-scripts-4n6-git sift-scripts-4n6-sqlite-blob-dumper.py: file.copy: - name: /usr/local/bin/sqlite-blob-dumper.py - source: /usr/local/src/4n6-scripts/sqlite-blob-dumper.py - file_mode: 755 - watch: - git: sift-scripts-4n6-git sift-scripts-4n6-sqlite-parser.pl: file.copy: - name: /usr/local/bin/sqlite-parser.pl - source: /usr/local/src/4n6-scripts/sqlite-parser.pl - file_mode: 755 - watch: - git: sift-scripts-4n6-git sift-scripts-4n6-squirrelgripper-README.txt: file.copy: - name: /usr/local/bin/squirrelgripper-README.txt - source: /usr/local/src/4n6-scripts/squirrelgripper-README.txt - file_mode: 755 - watch: - git: sift-scripts-4n6-git sift-scripts-4n6-squirrelgripper.pl: file.copy: - name: /usr/local/bin/squirrelgripper.pl - source: /usr/local/src/4n6-scripts/squirrelgripper.pl - file_mode: 755 - watch: - git: sift-scripts-4n6-git sift-scripts-4n6-timediff32.pl: file.copy: - name: /usr/local/bin/timediff32.pl - source: /usr/local/src/4n6-scripts/timediff32.pl - file_mode: 755 - watch: - git: sift-scripts-4n6-git sift-scripts-4n6-vmail-db-2-html.pl: file.copy: - name: /usr/local/bin/vmail-db-2-html.pl - source: /usr/local/src/4n6-scripts/vmail-db-2-html.pl - file_mode: 755 - watch: - git: sift-scripts-4n6-git sift-scripts-4n6-wp8-1-callhistory.py: file.copy: - name: /usr/local/bin/wp8-1-callhistory.py - source: /usr/local/src/4n6-scripts/wp8-1-callhistory.py - file_mode: 755 - watch: - git: sift-scripts-4n6-git sift-scripts-4n6-wp8-1-contacts.py: file.copy: - name: /usr/local/bin/wp8-1-contacts.py - source: /usr/local/src/4n6-scripts/wp8-1-contacts.py - file_mode: 755 - watch: - git: sift-scripts-4n6-git sift-scripts-4n6-wp8-1-mms-filesort.py: file.copy: - name: /usr/local/bin/wp8-1-mms-filesort.py - source: /usr/local/src/4n6-scripts/wp8-1-mms-filesort.py - file_mode: 755 - watch: - git: sift-scripts-4n6-git sift-scripts-4n6-wp8-1-mms.py: file.copy: - name: /usr/local/bin/wp8-1-mms.py - source: /usr/local/src/4n6-scripts/wp8-1-mms.py - file_mode: 755 - watch: - git: sift-scripts-4n6-git sift-scripts-4n6-wp8-1-sms.py: file.copy: - name: /usr/local/bin/wp8-1-sms.py - source: /usr/local/src/4n6-scripts/wp8-1-sms.py - file_mode: 755 - watch: - git: sift-scripts-4n6-git sift-scripts-4n6-wp8-callhistory.py: file.copy: - name: /usr/local/bin/wp8-callhistory.py - source: /usr/local/src/4n6-scripts/wp8-callhistory.py - file_mode: 755 - watch: - git: sift-scripts-4n6-git sift-scripts-4n6-wp8-contacts.py: file.copy: - name: /usr/local/bin/wp8-contacts.py - source: /usr/local/src/4n6-scripts/wp8-contacts.py - file_mode: 755 - watch: - git: sift-scripts-4n6-git sift-scripts-4n6-wp8-fb-msg.py: file.copy: - name: /usr/local/bin/wp8-fb-msg.py - source: /usr/local/src/4n6-scripts/wp8-fb-msg.py - file_mode: 755 - watch: - git: sift-scripts-4n6-git sift-scripts-4n6-wp8-sha256-pin-finder.py: file.copy: - name: /usr/local/bin/wp8-sha256-pin-finder.py - source: /usr/local/src/4n6-scripts/wp8-sha256-pin-finder.py - file_mode: 755 - watch: - git: sift-scripts-4n6-git sift-scripts-4n6-wp8-sms.py: file.copy: - name: /usr/local/bin/wp8-sms.py - source: /usr/local/src/4n6-scripts/wp8-sms.py - file_mode: 755 - watch: - git: sift-scripts-4n6-git sift-scripts-4n6-wwf-chat-parser.py: file.copy: - name: /usr/local/bin/wwf-chat-parser.py - source: /usr/local/src/4n6-scripts/wwf-chat-parser.py - file_mode: 755 - watch: - git: sift-scripts-4n6-git [DEBUG ] Results of YAML rendering: OrderedDict([('include', ['sift.packages.git', 'sift.packages.python']), ('sift-scripts-4n6-git', OrderedDict([('git.latest', [OrderedDict([('name', 'https://github.com/cheeky4n6monkey/4n6-scripts.git')]), OrderedDict([('target', '/usr/local/src/4n6-scripts')]), OrderedDict([('user', 'root')]), OrderedDict([('rev', 'master')]), OrderedDict([('force_clone', True)]), OrderedDict([('require', [OrderedDict([('pkg', 'git')]), OrderedDict([('pkg', 'python')])])])])])), ('sift-scripts-4n6-WP8_AppPerms.py', OrderedDict([('file.copy', [OrderedDict([('name', '/usr/local/bin/WP8_AppPerms.py')]), OrderedDict([('source', '/usr/local/src/4n6-scripts/WP8_AppPerms.py')]), OrderedDict([('file_mode', 755)]), OrderedDict([('watch', [OrderedDict([('git', 'sift-scripts-4n6-git')])])])])])), ('sift-scripts-4n6-bing-bar-parser.pl', OrderedDict([('file.copy', [OrderedDict([('name', '/usr/local/bin/bing-bar-parser.pl')]), OrderedDict([('source', '/usr/local/src/4n6-scripts/bing-bar-parser.pl')]), OrderedDict([('file_mode', 755)]), OrderedDict([('watch', [OrderedDict([('git', 'sift-scripts-4n6-git')])])])])])), ('sift-scripts-4n6-chunkymonkey.py', OrderedDict([('file.copy', [OrderedDict([('name', '/usr/local/bin/chunkymonkey.py')]), OrderedDict([('source', '/usr/local/src/4n6-scripts/chunkymonkey.py')]), OrderedDict([('file_mode', 755)]), OrderedDict([('watch', [OrderedDict([('git', 'sift-scripts-4n6-git')])])])])])), ('sift-scripts-4n6-dextract.def', OrderedDict([('file.copy', [OrderedDict([('name', '/usr/local/bin/dextract.def')]), OrderedDict([('source', '/usr/local/src/4n6-scripts/dextract.def')]), OrderedDict([('file_mode', 755)]), OrderedDict([('watch', [OrderedDict([('git', 'sift-scripts-4n6-git')])])])])])), ('sift-scripts-4n6-dextract.py', OrderedDict([('file.copy', [OrderedDict([('name', '/usr/local/bin/dextract.py')]), OrderedDict([('source', '/usr/local/src/4n6-scripts/dextract.py')]), OrderedDict([('file_mode', 755)]), OrderedDict([('watch', [OrderedDict([('git', 'sift-scripts-4n6-git')])])])])])), ('sift-scripts-4n6-docx-font-extractor.pl', OrderedDict([('file.copy', [OrderedDict([('name', '/usr/local/bin/docx-font-extractor.pl')]), OrderedDict([('source', '/usr/local/src/4n6-scripts/docx-font-extractor.pl')]), OrderedDict([('file_mode', 755)]), OrderedDict([('watch', [OrderedDict([('git', 'sift-scripts-4n6-git')])])])])])), ('sift-scripts-4n6-exif2map.pl', OrderedDict([('file.copy', [OrderedDict([('name', '/usr/local/bin/exif2map.pl')]), OrderedDict([('source', '/usr/local/src/4n6-scripts/exif2map.pl')]), OrderedDict([('file_mode', 755)]), OrderedDict([('watch', [OrderedDict([('git', 'sift-scripts-4n6-git')])])])])])), ('sift-scripts-4n6-fbmsg-extractor.py', OrderedDict([('file.copy', [OrderedDict([('name', '/usr/local/bin/fbmsg-extractor.py')]), OrderedDict([('source', '/usr/local/src/4n6-scripts/fbmsg-extractor.py')]), OrderedDict([('file_mode', 755)]), OrderedDict([('watch', [OrderedDict([('git', 'sift-scripts-4n6-git')])])])])])), ('sift-scripts-4n6-gis4cookie.pl', OrderedDict([('file.copy', [OrderedDict([('name', '/usr/local/bin/gis4cookie.pl')]), OrderedDict([('source', '/usr/local/src/4n6-scripts/gis4cookie.pl')]), OrderedDict([('file_mode', 755)]), OrderedDict([('watch', [OrderedDict([('git', 'sift-scripts-4n6-git')])])])])])), ('sift-scripts-4n6-google-ei-time.py', OrderedDict([('file.copy', [OrderedDict([('name', '/usr/local/bin/google-ei-time.py')]), OrderedDict([('source', '/usr/local/src/4n6-scripts/google-ei-time.py')]), OrderedDict([('file_mode', 755)]), OrderedDict([('watch', [OrderedDict([('git', 'sift-scripts-4n6-git')])])])])])), ('sift-scripts-4n6-imgcache-parse-mod.py', OrderedDict([('file.copy', [OrderedDict([('name', '/usr/local/bin/imgcache-parse-mod.py')]), OrderedDict([('source', '/usr/local/src/4n6-scripts/imgcache-parse-mod.py')]), OrderedDict([('file_mode', 755)]), OrderedDict([('watch', [OrderedDict([('git', 'sift-scripts-4n6-git')])])])])])), ('sift-scripts-4n6-imgcache-parse.py', OrderedDict([('file.copy', [OrderedDict([('name', '/usr/local/bin/imgcache-parse.py')]), OrderedDict([('source', '/usr/local/src/4n6-scripts/imgcache-parse.py')]), OrderedDict([('file_mode', 755)]), OrderedDict([('watch', [OrderedDict([('git', 'sift-scripts-4n6-git')])])])])])), ('sift-scripts-4n6-json-printer.pl', OrderedDict([('file.copy', [OrderedDict([('name', '/usr/local/bin/json-printer.pl')]), OrderedDict([('source', '/usr/local/src/4n6-scripts/json-printer.pl')]), OrderedDict([('file_mode', 755)]), OrderedDict([('watch', [OrderedDict([('git', 'sift-scripts-4n6-git')])])])])])), ('sift-scripts-4n6-msoffice-pic-extractor.py', OrderedDict([('file.copy', [OrderedDict([('name', '/usr/local/bin/msoffice-pic-extractor.py')]), OrderedDict([('source', '/usr/local/src/4n6-scripts/msoffice-pic-extractor.py')]), OrderedDict([('file_mode', 755)]), OrderedDict([('watch', [OrderedDict([('git', 'sift-scripts-4n6-git')])])])])])), ('sift-scripts-4n6-plist2db.py', OrderedDict([('file.copy', [OrderedDict([('name', '/usr/local/bin/plist2db.py')]), OrderedDict([('source', '/usr/local/src/4n6-scripts/plist2db.py')]), OrderedDict([('file_mode', 755)]), OrderedDict([('watch', [OrderedDict([('git', 'sift-scripts-4n6-git')])])])])])), ('sift-scripts-4n6-print_apk_perms.py', OrderedDict([('file.copy', [OrderedDict([('name', '/usr/local/bin/print_apk_perms.py')]), OrderedDict([('source', '/usr/local/src/4n6-scripts/print_apk_perms.py')]), OrderedDict([('file_mode', 755)]), OrderedDict([('watch', [OrderedDict([('git', 'sift-scripts-4n6-git')])])])])])), ('sift-scripts-4n6-s2-cellid2latlong.py', OrderedDict([('file.copy', [OrderedDict([('name', '/usr/local/bin/s2-cellid2latlong.py')]), OrderedDict([('source', '/usr/local/src/4n6-scripts/s2-cellid2latlong.py')]), OrderedDict([('file_mode', 755)]), OrderedDict([('watch', [OrderedDict([('git', 'sift-scripts-4n6-git')])])])])])), ('sift-scripts-4n6-s2-latlong2cellid.py', OrderedDict([('file.copy', [OrderedDict([('name', '/usr/local/bin/s2-latlong2cellid.py')]), OrderedDict([('source', '/usr/local/src/4n6-scripts/s2-latlong2cellid.py')]), OrderedDict([('file_mode', 755)]), OrderedDict([('watch', [OrderedDict([('git', 'sift-scripts-4n6-git')])])])])])), ('sift-scripts-4n6-sms-grep-sample-config.txt', OrderedDict([('file.copy', [OrderedDict([('name', '/usr/local/bin/sms-grep-sample-config.txt')]), OrderedDict([('source', '/usr/local/src/4n6-scripts/sms-grep-sample-config.txt')]), OrderedDict([('file_mode', 755)]), OrderedDict([('watch', [OrderedDict([('git', 'sift-scripts-4n6-git')])])])])])), ('sift-scripts-4n6-sms-grep.pl', OrderedDict([('file.copy', [OrderedDict([('name', '/usr/local/bin/sms-grep.pl')]), OrderedDict([('source', '/usr/local/src/4n6-scripts/sms-grep.pl')]), OrderedDict([('file_mode', 755)]), OrderedDict([('watch', [OrderedDict([('git', 'sift-scripts-4n6-git')])])])])])), ('sift-scripts-4n6-sqlite-base64-decode.py', OrderedDict([('file.copy', [OrderedDict([('name', '/usr/local/bin/sqlite-base64-decode.py')]), OrderedDict([('source', '/usr/local/src/4n6-scripts/sqlite-base64-decode.py')]), OrderedDict([('file_mode', 755)]), OrderedDict([('watch', [OrderedDict([('git', 'sift-scripts-4n6-git')])])])])])), ('sift-scripts-4n6-sqlite-blob-dumper.py', OrderedDict([('file.copy', [OrderedDict([('name', '/usr/local/bin/sqlite-blob-dumper.py')]), OrderedDict([('source', '/usr/local/src/4n6-scripts/sqlite-blob-dumper.py')]), OrderedDict([('file_mode', 755)]), OrderedDict([('watch', [OrderedDict([('git', 'sift-scripts-4n6-git')])])])])])), ('sift-scripts-4n6-sqlite-parser.pl', OrderedDict([('file.copy', [OrderedDict([('name', '/usr/local/bin/sqlite-parser.pl')]), OrderedDict([('source', '/usr/local/src/4n6-scripts/sqlite-parser.pl')]), OrderedDict([('file_mode', 755)]), OrderedDict([('watch', [OrderedDict([('git', 'sift-scripts-4n6-git')])])])])])), ('sift-scripts-4n6-squirrelgripper-README.txt', OrderedDict([('file.copy', [OrderedDict([('name', '/usr/local/bin/squirrelgripper-README.txt')]), OrderedDict([('source', '/usr/local/src/4n6-scripts/squirrelgripper-README.txt')]), OrderedDict([('file_mode', 755)]), OrderedDict([('watch', [OrderedDict([('git', 'sift-scripts-4n6-git')])])])])])), ('sift-scripts-4n6-squirrelgripper.pl', OrderedDict([('file.copy', [OrderedDict([('name', '/usr/local/bin/squirrelgripper.pl')]), OrderedDict([('source', '/usr/local/src/4n6-scripts/squirrelgripper.pl')]), OrderedDict([('file_mode', 755)]), OrderedDict([('watch', [OrderedDict([('git', 'sift-scripts-4n6-git')])])])])])), ('sift-scripts-4n6-timediff32.pl', OrderedDict([('file.copy', [OrderedDict([('name', '/usr/local/bin/timediff32.pl')]), OrderedDict([('source', '/usr/local/src/4n6-scripts/timediff32.pl')]), OrderedDict([('file_mode', 755)]), OrderedDict([('watch', [OrderedDict([('git', 'sift-scripts-4n6-git')])])])])])), ('sift-scripts-4n6-vmail-db-2-html.pl', OrderedDict([('file.copy', [OrderedDict([('name', '/usr/local/bin/vmail-db-2-html.pl')]), OrderedDict([('source', '/usr/local/src/4n6-scripts/vmail-db-2-html.pl')]), OrderedDict([('file_mode', 755)]), OrderedDict([('watch', [OrderedDict([('git', 'sift-scripts-4n6-git')])])])])])), ('sift-scripts-4n6-wp8-1-callhistory.py', OrderedDict([('file.copy', [OrderedDict([('name', '/usr/local/bin/wp8-1-callhistory.py')]), OrderedDict([('source', '/usr/local/src/4n6-scripts/wp8-1-callhistory.py')]), OrderedDict([('file_mode', 755)]), OrderedDict([('watch', [OrderedDict([('git', 'sift-scripts-4n6-git')])])])])])), ('sift-scripts-4n6-wp8-1-contacts.py', OrderedDict([('file.copy', [OrderedDict([('name', '/usr/local/bin/wp8-1-contacts.py')]), OrderedDict([('source', '/usr/local/src/4n6-scripts/wp8-1-contacts.py')]), OrderedDict([('file_mode', 755)]), OrderedDict([('watch', [OrderedDict([('git', 'sift-scripts-4n6-git')])])])])])), ('sift-scripts-4n6-wp8-1-mms-filesort.py', OrderedDict([('file.copy', [OrderedDict([('name', '/usr/local/bin/wp8-1-mms-filesort.py')]), OrderedDict([('source', '/usr/local/src/4n6-scripts/wp8-1-mms-filesort.py')]), OrderedDict([('file_mode', 755)]), OrderedDict([('watch', [OrderedDict([('git', 'sift-scripts-4n6-git')])])])])])), ('sift-scripts-4n6-wp8-1-mms.py', OrderedDict([('file.copy', [OrderedDict([('name', '/usr/local/bin/wp8-1-mms.py')]), OrderedDict([('source', '/usr/local/src/4n6-scripts/wp8-1-mms.py')]), OrderedDict([('file_mode', 755)]), OrderedDict([('watch', [OrderedDict([('git', 'sift-scripts-4n6-git')])])])])])), ('sift-scripts-4n6-wp8-1-sms.py', OrderedDict([('file.copy', [OrderedDict([('name', '/usr/local/bin/wp8-1-sms.py')]), OrderedDict([('source', '/usr/local/src/4n6-scripts/wp8-1-sms.py')]), OrderedDict([('file_mode', 755)]), OrderedDict([('watch', [OrderedDict([('git', 'sift-scripts-4n6-git')])])])])])), ('sift-scripts-4n6-wp8-callhistory.py', OrderedDict([('file.copy', [OrderedDict([('name', '/usr/local/bin/wp8-callhistory.py')]), OrderedDict([('source', '/usr/local/src/4n6-scripts/wp8-callhistory.py')]), OrderedDict([('file_mode', 755)]), OrderedDict([('watch', [OrderedDict([('git', 'sift-scripts-4n6-git')])])])])])), ('sift-scripts-4n6-wp8-contacts.py', OrderedDict([('file.copy', [OrderedDict([('name', '/usr/local/bin/wp8-contacts.py')]), OrderedDict([('source', '/usr/local/src/4n6-scripts/wp8-contacts.py')]), OrderedDict([('file_mode', 755)]), OrderedDict([('watch', [OrderedDict([('git', 'sift-scripts-4n6-git')])])])])])), ('sift-scripts-4n6-wp8-fb-msg.py', OrderedDict([('file.copy', [OrderedDict([('name', '/usr/local/bin/wp8-fb-msg.py')]), OrderedDict([('source', '/usr/local/src/4n6-scripts/wp8-fb-msg.py')]), OrderedDict([('file_mode', 755)]), OrderedDict([('watch', [OrderedDict([('git', 'sift-scripts-4n6-git')])])])])])), ('sift-scripts-4n6-wp8-sha256-pin-finder.py', OrderedDict([('file.copy', [OrderedDict([('name', '/usr/local/bin/wp8-sha256-pin-finder.py')]), OrderedDict([('source', '/usr/local/src/4n6-scripts/wp8-sha256-pin-finder.py')]), OrderedDict([('file_mode', 755)]), OrderedDict([('watch', [OrderedDict([('git', 'sift-scripts-4n6-git')])])])])])), ('sift-scripts-4n6-wp8-sms.py', OrderedDict([('file.copy', [OrderedDict([('name', '/usr/local/bin/wp8-sms.py')]), OrderedDict([('source', '/usr/local/src/4n6-scripts/wp8-sms.py')]), OrderedDict([('file_mode', 755)]), OrderedDict([('watch', [OrderedDict([('git', 'sift-scripts-4n6-git')])])])])])), ('sift-scripts-4n6-wwf-chat-parser.py', OrderedDict([('file.copy', [OrderedDict([('name', '/usr/local/bin/wwf-chat-parser.py')]), OrderedDict([('source', '/usr/local/src/4n6-scripts/wwf-chat-parser.py')]), OrderedDict([('file_mode', 755)]), OrderedDict([('watch', [OrderedDict([('git', 'sift-scripts-4n6-git')])])])])]))]) [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/scripts/4n6.sls' using 'yaml' renderer: 0.0548250675201 [DEBUG ] In saltenv 'base', looking at rel_path 'sift/scripts/amcache.sls' to resolve 'salt://sift/scripts/amcache.sls' [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/scripts/amcache.sls' to resolve 'salt://sift/scripts/amcache.sls' [DEBUG ] Fetching file from saltenv 'base', ** attempting ** 'salt://sift/scripts/amcache.sls' [DEBUG ] No dest file found [INFO ] Fetching file from saltenv 'base', ** done ** 'sift/scripts/amcache.sls' [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/scripts/amcache.sls [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/scripts/amcache.sls' using 'jinja' renderer: 0.00167107582092 [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/scripts/amcache.sls: # Source: https://github.com/williballenthin/python-registry # License: Apache2 - https://github.com/williballenthin/python-registry/blob/master/LICENSE.TXT sift-scripts-amcache: file.managed: - name: /usr/local/bin/amcache.py - source: https://raw.githubusercontent.com/williballenthin/python-registry/1a669eada6f7933798751e0cf482a9eb654c739b/samples/amcache.py - source_hash: sha256=1065c23fdea1fde90e931bf5ccabc93b508bee0f6855a6ef2b3b9fd74495e279 - mode: 755 sift-scripts-amcache-shebang: file.replace: - name: /usr/local/bin/amcache.py - pattern: '#!/usr/bin/python' - repl: '#!/usr/bin/env python' - count: 1 - watch: - file: sift-scripts-amcache [DEBUG ] Results of YAML rendering: OrderedDict([('sift-scripts-amcache', OrderedDict([('file.managed', [OrderedDict([('name', '/usr/local/bin/amcache.py')]), OrderedDict([('source', 'https://raw.githubusercontent.com/williballenthin/python-registry/1a669eada6f7933798751e0cf482a9eb654c739b/samples/amcache.py')]), OrderedDict([('source_hash', 'sha256=1065c23fdea1fde90e931bf5ccabc93b508bee0f6855a6ef2b3b9fd74495e279')]), OrderedDict([('mode', 755)])])])), ('sift-scripts-amcache-shebang', OrderedDict([('file.replace', [OrderedDict([('name', '/usr/local/bin/amcache.py')]), OrderedDict([('pattern', '#!/usr/bin/python')]), OrderedDict([('repl', '#!/usr/bin/env python')]), OrderedDict([('count', 1)]), OrderedDict([('watch', [OrderedDict([('file', 'sift-scripts-amcache')])])])])]))]) [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/scripts/amcache.sls' using 'yaml' renderer: 0.00346398353577 [DEBUG ] In saltenv 'base', looking at rel_path 'sift/scripts/dump-mft-entry.sls' to resolve 'salt://sift/scripts/dump-mft-entry.sls' [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/scripts/dump-mft-entry.sls' to resolve 'salt://sift/scripts/dump-mft-entry.sls' [DEBUG ] Fetching file from saltenv 'base', ** attempting ** 'salt://sift/scripts/dump-mft-entry.sls' [DEBUG ] No dest file found [INFO ] Fetching file from saltenv 'base', ** done ** 'sift/scripts/dump-mft-entry.sls' [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/scripts/dump-mft-entry.sls [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/scripts/dump-mft-entry.sls' using 'jinja' renderer: 0.00157809257507 [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/scripts/dump-mft-entry.sls: # Source: https://github.com/superponible/DFIR # License: Unknown sift-scripts-dump-mft-entry: file.managed: - name: /usr/local/bin/dump-mft-entry.pl - source: https://raw.githubusercontent.com/superponible/DFIR/ee681a07a0c32a5ccaea788cd7d012d19872f181/dump_mft_entry.pl - source_hash: sha256=7141258a36037653dd377d062350f703b90c99e70c9e3d38f86fcd8c70258e1b - mode: 755 sift-scripts-dump-mft-entry-shebang: file.replace: - name: /usr/local/bin/dump-mft-entry.pl - pattern: '#!/usr/bin/perl' - repl: '#!/usr/bin/env perl' - count: 1 - watch: - file: sift-scripts-dump-mft-entry [DEBUG ] Results of YAML rendering: OrderedDict([('sift-scripts-dump-mft-entry', OrderedDict([('file.managed', [OrderedDict([('name', '/usr/local/bin/dump-mft-entry.pl')]), OrderedDict([('source', 'https://raw.githubusercontent.com/superponible/DFIR/ee681a07a0c32a5ccaea788cd7d012d19872f181/dump_mft_entry.pl')]), OrderedDict([('source_hash', 'sha256=7141258a36037653dd377d062350f703b90c99e70c9e3d38f86fcd8c70258e1b')]), OrderedDict([('mode', 755)])])])), ('sift-scripts-dump-mft-entry-shebang', OrderedDict([('file.replace', [OrderedDict([('name', '/usr/local/bin/dump-mft-entry.pl')]), OrderedDict([('pattern', '#!/usr/bin/perl')]), OrderedDict([('repl', '#!/usr/bin/env perl')]), OrderedDict([('count', 1)]), OrderedDict([('watch', [OrderedDict([('file', 'sift-scripts-dump-mft-entry')])])])])]))]) [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/scripts/dump-mft-entry.sls' using 'yaml' renderer: 0.00325012207031 [DEBUG ] In saltenv 'base', looking at rel_path 'sift/scripts/image-mounter.sls' to resolve 'salt://sift/scripts/image-mounter.sls' [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/scripts/image-mounter.sls' to resolve 'salt://sift/scripts/image-mounter.sls' [DEBUG ] Fetching file from saltenv 'base', ** attempting ** 'salt://sift/scripts/image-mounter.sls' [DEBUG ] No dest file found [INFO ] Fetching file from saltenv 'base', ** done ** 'sift/scripts/image-mounter.sls' [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/scripts/image-mounter.sls [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/scripts/image-mounter.sls' using 'jinja' renderer: 0.00070595741272 [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/scripts/image-mounter.sls: # Source: https://github.com/kevthehermit/Scripts sift-scripts-image-mounter: file.managed: - name: /usr/local/bin/imageMounter.py - source: https://raw.githubusercontent.com/kevthehermit/Scripts/master/imageMounter.py - source_hash: sha256=7e810482b5aa58f8085a7a03be266c113530145306c73c75ba9956ba83e39151 - mode: 755 [DEBUG ] Results of YAML rendering: OrderedDict([('sift-scripts-image-mounter', OrderedDict([('file.managed', [OrderedDict([('name', '/usr/local/bin/imageMounter.py')]), OrderedDict([('source', 'https://raw.githubusercontent.com/kevthehermit/Scripts/master/imageMounter.py')]), OrderedDict([('source_hash', 'sha256=7e810482b5aa58f8085a7a03be266c113530145306c73c75ba9956ba83e39151')]), OrderedDict([('mode', 755)])])]))]) [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/scripts/image-mounter.sls' using 'yaml' renderer: 0.0016610622406 [DEBUG ] In saltenv 'base', looking at rel_path 'sift/scripts/java-idx-parser.sls' to resolve 'salt://sift/scripts/java-idx-parser.sls' [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/scripts/java-idx-parser.sls' to resolve 'salt://sift/scripts/java-idx-parser.sls' [DEBUG ] Fetching file from saltenv 'base', ** attempting ** 'salt://sift/scripts/java-idx-parser.sls' [DEBUG ] No dest file found [INFO ] Fetching file from saltenv 'base', ** done ** 'sift/scripts/java-idx-parser.sls' [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/scripts/java-idx-parser.sls [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/scripts/java-idx-parser.sls' using 'jinja' renderer: 0.000735998153687 [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/scripts/java-idx-parser.sls: # Source: https://github.com/Rurik/Java_IDX_Parser # License: https://github.com/Rurik/Java_IDX_Parser#copyright-and-license scripts-java-idx-parser: file.managed: - name: /usr/local/bin/idx_parser.py - source: https://raw.githubusercontent.com/Rurik/Java_IDX_Parser/master/idx_parser.py - source_hash: sha256=963d5f38b93016f147295ab6871dcba326c9315ea9402652745ae6290b594f45 - mode: 755 [DEBUG ] Results of YAML rendering: OrderedDict([('scripts-java-idx-parser', OrderedDict([('file.managed', [OrderedDict([('name', '/usr/local/bin/idx_parser.py')]), OrderedDict([('source', 'https://raw.githubusercontent.com/Rurik/Java_IDX_Parser/master/idx_parser.py')]), OrderedDict([('source_hash', 'sha256=963d5f38b93016f147295ab6871dcba326c9315ea9402652745ae6290b594f45')]), OrderedDict([('mode', 755)])])]))]) [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/scripts/java-idx-parser.sls' using 'yaml' renderer: 0.00178599357605 [DEBUG ] In saltenv 'base', looking at rel_path 'sift/scripts/jobparser.sls' to resolve 'salt://sift/scripts/jobparser.sls' [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/scripts/jobparser.sls' to resolve 'salt://sift/scripts/jobparser.sls' [DEBUG ] Fetching file from saltenv 'base', ** attempting ** 'salt://sift/scripts/jobparser.sls' [DEBUG ] No dest file found [INFO ] Fetching file from saltenv 'base', ** done ** 'sift/scripts/jobparser.sls' [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/scripts/jobparser.sls [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/scripts/jobparser.sls' using 'jinja' renderer: 0.00161600112915 [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/scripts/jobparser.sls: # Source: https://github.com/gleeda/misc-scripts # License: GNU GPL sift-scripts-jobparser: file.managed: - name: /usr/local/bin/jobparser.py - source: https://raw.githubusercontent.com/gleeda/misc-scripts/03a0d9126359c6b4b0b508062d3422bea9b69036/misc_python/jobparser.py - source_hash: sha256=a6869e7f0f2f360681ff67a67b65c627b0084ebec25d7a9bb44abe8a1cdfb467 - mode: 755 [DEBUG ] Results of YAML rendering: OrderedDict([('sift-scripts-jobparser', OrderedDict([('file.managed', [OrderedDict([('name', '/usr/local/bin/jobparser.py')]), OrderedDict([('source', 'https://raw.githubusercontent.com/gleeda/misc-scripts/03a0d9126359c6b4b0b508062d3422bea9b69036/misc_python/jobparser.py')]), OrderedDict([('source_hash', 'sha256=a6869e7f0f2f360681ff67a67b65c627b0084ebec25d7a9bb44abe8a1cdfb467')]), OrderedDict([('mode', 755)])])]))]) [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/scripts/jobparser.sls' using 'yaml' renderer: 0.00249910354614 [DEBUG ] In saltenv 'base', looking at rel_path 'sift/scripts/keydet-tools.sls' to resolve 'salt://sift/scripts/keydet-tools.sls' [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/scripts/keydet-tools.sls' to resolve 'salt://sift/scripts/keydet-tools.sls' [DEBUG ] Fetching file from saltenv 'base', ** attempting ** 'salt://sift/scripts/keydet-tools.sls' [DEBUG ] No dest file found [INFO ] Fetching file from saltenv 'base', ** done ** 'sift/scripts/keydet-tools.sls' [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/scripts/keydet-tools.sls [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/scripts/keydet-tools.sls' using 'jinja' renderer: 0.00434803962708 [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/scripts/keydet-tools.sls: include: - sift.packages.git sift-scripts-keydet-tools-git: git.latest: - name: https://github.com/keydet89/Tools.git - target: /usr/local/src/keydet-tools - user: root - rev: master - force_clone: True - require: - pkg: git sift-scripts-keydet-tools-bodyfile.pl: file.copy: - name: /usr/local/bin/bodyfile.pl - source: /usr/local/src/keydet-tools/source/bodyfile.pl - file_mode: 755 - watch: - git: sift-scripts-keydet-tools-git sift-scripts-keydet-tools-shebang-bodyfile.pl: file.replace: - name: /usr/local/bin/bodyfile.pl - pattern: '#!(.*)' - repl: '#!/usr/bin/env perl' - count: 1 - watch: - file: sift-scripts-keydet-tools-bodyfile.pl sift-scripts-keydet-tools-evtparse.pl: file.copy: - name: /usr/local/bin/evtparse.pl - source: /usr/local/src/keydet-tools/source/evtparse.pl - file_mode: 755 - watch: - git: sift-scripts-keydet-tools-git sift-scripts-keydet-tools-shebang-evtparse.pl: file.replace: - name: /usr/local/bin/evtparse.pl - pattern: '#!(.*)' - repl: '#!/usr/bin/env perl' - count: 1 - watch: - file: sift-scripts-keydet-tools-evtparse.pl sift-scripts-keydet-tools-evtrpt.pl: file.copy: - name: /usr/local/bin/evtrpt.pl - source: /usr/local/src/keydet-tools/source/evtrpt.pl - file_mode: 755 - watch: - git: sift-scripts-keydet-tools-git sift-scripts-keydet-tools-shebang-evtrpt.pl: file.replace: - name: /usr/local/bin/evtrpt.pl - pattern: '#!(.*)' - repl: '#!/usr/bin/env perl' - count: 1 - watch: - file: sift-scripts-keydet-tools-evtrpt.pl sift-scripts-keydet-tools-evtxparse.pl: file.copy: - name: /usr/local/bin/evtxparse.pl - source: /usr/local/src/keydet-tools/source/evtxparse.pl - file_mode: 755 - watch: - git: sift-scripts-keydet-tools-git sift-scripts-keydet-tools-shebang-evtxparse.pl: file.replace: - name: /usr/local/bin/evtxparse.pl - pattern: '#!(.*)' - repl: '#!/usr/bin/env perl' - count: 1 - watch: - file: sift-scripts-keydet-tools-evtxparse.pl sift-scripts-keydet-tools-fb.pl: file.copy: - name: /usr/local/bin/fb.pl - source: /usr/local/src/keydet-tools/source/fb.pl - file_mode: 755 - watch: - git: sift-scripts-keydet-tools-git sift-scripts-keydet-tools-shebang-fb.pl: file.replace: - name: /usr/local/bin/fb.pl - pattern: '#!(.*)' - repl: '#!/usr/bin/env perl' - count: 1 - watch: - file: sift-scripts-keydet-tools-fb.pl sift-scripts-keydet-tools-ff.pl: file.copy: - name: /usr/local/bin/ff.pl - source: /usr/local/src/keydet-tools/source/ff.pl - file_mode: 755 - watch: - git: sift-scripts-keydet-tools-git sift-scripts-keydet-tools-shebang-ff.pl: file.replace: - name: /usr/local/bin/ff.pl - pattern: '#!(.*)' - repl: '#!/usr/bin/env perl' - count: 1 - watch: - file: sift-scripts-keydet-tools-ff.pl sift-scripts-keydet-tools-ff_signons.pl: file.copy: - name: /usr/local/bin/ff_signons.pl - source: /usr/local/src/keydet-tools/source/ff_signons.pl - file_mode: 755 - watch: - git: sift-scripts-keydet-tools-git sift-scripts-keydet-tools-shebang-ff_signons.pl: file.replace: - name: /usr/local/bin/ff_signons.pl - pattern: '#!(.*)' - repl: '#!/usr/bin/env perl' - count: 1 - watch: - file: sift-scripts-keydet-tools-ff_signons.pl sift-scripts-keydet-tools-ftkparse.pl: file.copy: - name: /usr/local/bin/ftkparse.pl - source: /usr/local/src/keydet-tools/source/ftkparse.pl - file_mode: 755 - watch: - git: sift-scripts-keydet-tools-git sift-scripts-keydet-tools-shebang-ftkparse.pl: file.replace: - name: /usr/local/bin/ftkparse.pl - pattern: '#!(.*)' - repl: '#!/usr/bin/env perl' - count: 1 - watch: - file: sift-scripts-keydet-tools-ftkparse.pl sift-scripts-keydet-tools-idx.pl: file.copy: - name: /usr/local/bin/idx.pl - source: /usr/local/src/keydet-tools/source/idx.pl - file_mode: 755 - watch: - git: sift-scripts-keydet-tools-git sift-scripts-keydet-tools-shebang-idx.pl: file.replace: - name: /usr/local/bin/idx.pl - pattern: '#!(.*)' - repl: '#!/usr/bin/env perl' - count: 1 - watch: - file: sift-scripts-keydet-tools-idx.pl sift-scripts-keydet-tools-idxparse.pl: file.copy: - name: /usr/local/bin/idxparse.pl - source: /usr/local/src/keydet-tools/source/idxparse.pl - file_mode: 755 - watch: - git: sift-scripts-keydet-tools-git sift-scripts-keydet-tools-shebang-idxparse.pl: file.replace: - name: /usr/local/bin/idxparse.pl - pattern: '#!(.*)' - repl: '#!/usr/bin/env perl' - count: 1 - watch: - file: sift-scripts-keydet-tools-idxparse.pl sift-scripts-keydet-tools-jl.pl: file.copy: - name: /usr/local/bin/jl.pl - source: /usr/local/src/keydet-tools/source/jl.pl - file_mode: 755 - watch: - git: sift-scripts-keydet-tools-git sift-scripts-keydet-tools-shebang-jl.pl: file.replace: - name: /usr/local/bin/jl.pl - pattern: '#!(.*)' - repl: '#!/usr/bin/env perl' - count: 1 - watch: - file: sift-scripts-keydet-tools-jl.pl sift-scripts-keydet-tools-jobparse.pl: file.copy: - name: /usr/local/bin/jobparse.pl - source: /usr/local/src/keydet-tools/source/jobparse.pl - file_mode: 755 - watch: - git: sift-scripts-keydet-tools-git sift-scripts-keydet-tools-shebang-jobparse.pl: file.replace: - name: /usr/local/bin/jobparse.pl - pattern: '#!(.*)' - repl: '#!/usr/bin/env perl' - count: 1 - watch: - file: sift-scripts-keydet-tools-jobparse.pl sift-scripts-keydet-tools-lfle.pl: file.copy: - name: /usr/local/bin/lfle.pl - source: /usr/local/src/keydet-tools/source/lfle.pl - file_mode: 755 - watch: - git: sift-scripts-keydet-tools-git sift-scripts-keydet-tools-shebang-lfle.pl: file.replace: - name: /usr/local/bin/lfle.pl - pattern: '#!(.*)' - repl: '#!/usr/bin/env perl' - count: 1 - watch: - file: sift-scripts-keydet-tools-lfle.pl sift-scripts-keydet-tools-lnk.pl: file.copy: - name: /usr/local/bin/lnk.pl - source: /usr/local/src/keydet-tools/source/lnk.pl - file_mode: 755 - watch: - git: sift-scripts-keydet-tools-git sift-scripts-keydet-tools-shebang-lnk.pl: file.replace: - name: /usr/local/bin/lnk.pl - pattern: '#!(.*)' - repl: '#!/usr/bin/env perl' - count: 1 - watch: - file: sift-scripts-keydet-tools-lnk.pl sift-scripts-keydet-tools-mft.pl: file.copy: - name: /usr/local/bin/mft.pl - source: /usr/local/src/keydet-tools/source/mft.pl - file_mode: 755 - watch: - git: sift-scripts-keydet-tools-git sift-scripts-keydet-tools-shebang-mft.pl: file.replace: - name: /usr/local/bin/mft.pl - pattern: '#!(.*)' - repl: '#!/usr/bin/env perl' - count: 1 - watch: - file: sift-scripts-keydet-tools-mft.pl sift-scripts-keydet-tools-parse.pl: file.copy: - name: /usr/local/bin/parse.pl - source: /usr/local/src/keydet-tools/source/parse.pl - file_mode: 755 - watch: - git: sift-scripts-keydet-tools-git sift-scripts-keydet-tools-shebang-parse.pl: file.replace: - name: /usr/local/bin/parse.pl - pattern: '#!(.*)' - repl: '#!/usr/bin/env perl' - count: 1 - watch: - file: sift-scripts-keydet-tools-parse.pl sift-scripts-keydet-tools-parsei30.pl: file.copy: - name: /usr/local/bin/parsei30.pl - source: /usr/local/src/keydet-tools/source/parsei30.pl - file_mode: 755 - watch: - git: sift-scripts-keydet-tools-git sift-scripts-keydet-tools-shebang-parsei30.pl: file.replace: - name: /usr/local/bin/parsei30.pl - pattern: '#!(.*)' - repl: '#!/usr/bin/env perl' - count: 1 - watch: - file: sift-scripts-keydet-tools-parsei30.pl sift-scripts-keydet-tools-parseie.pl: file.copy: - name: /usr/local/bin/parseie.pl - source: /usr/local/src/keydet-tools/source/parseie.pl - file_mode: 755 - watch: - git: sift-scripts-keydet-tools-git sift-scripts-keydet-tools-shebang-parseie.pl: file.replace: - name: /usr/local/bin/parseie.pl - pattern: '#!(.*)' - repl: '#!/usr/bin/env perl' - count: 1 - watch: - file: sift-scripts-keydet-tools-parseie.pl sift-scripts-keydet-tools-pie.pl: file.copy: - name: /usr/local/bin/pie.pl - source: /usr/local/src/keydet-tools/source/pie.pl - file_mode: 755 - watch: - git: sift-scripts-keydet-tools-git sift-scripts-keydet-tools-shebang-pie.pl: file.replace: - name: /usr/local/bin/pie.pl - pattern: '#!(.*)' - repl: '#!/usr/bin/env perl' - count: 1 - watch: - file: sift-scripts-keydet-tools-pie.pl sift-scripts-keydet-tools-pref.pl: file.copy: - name: /usr/local/bin/pref.pl - source: /usr/local/src/keydet-tools/source/pref.pl - file_mode: 755 - watch: - git: sift-scripts-keydet-tools-git sift-scripts-keydet-tools-shebang-pref.pl: file.replace: - name: /usr/local/bin/pref.pl - pattern: '#!(.*)' - repl: '#!/usr/bin/env perl' - count: 1 - watch: - file: sift-scripts-keydet-tools-pref.pl sift-scripts-keydet-tools-rawie.pl: file.copy: - name: /usr/local/bin/rawie.pl - source: /usr/local/src/keydet-tools/source/rawie.pl - file_mode: 755 - watch: - git: sift-scripts-keydet-tools-git sift-scripts-keydet-tools-shebang-rawie.pl: file.replace: - name: /usr/local/bin/rawie.pl - pattern: '#!(.*)' - repl: '#!/usr/bin/env perl' - count: 1 - watch: - file: sift-scripts-keydet-tools-rawie.pl sift-scripts-keydet-tools-recbin.pl: file.copy: - name: /usr/local/bin/recbin.pl - source: /usr/local/src/keydet-tools/source/recbin.pl - file_mode: 755 - watch: - git: sift-scripts-keydet-tools-git sift-scripts-keydet-tools-shebang-recbin.pl: file.replace: - name: /usr/local/bin/recbin.pl - pattern: '#!(.*)' - repl: '#!/usr/bin/env perl' - count: 1 - watch: - file: sift-scripts-keydet-tools-recbin.pl sift-scripts-keydet-tools-regslack.pl: file.copy: - name: /usr/local/bin/regslack.pl - source: /usr/local/src/keydet-tools/source/regslack.pl - file_mode: 755 - watch: - git: sift-scripts-keydet-tools-git sift-scripts-keydet-tools-shebang-regslack.pl: file.replace: - name: /usr/local/bin/regslack.pl - pattern: '#!(.*)' - repl: '#!/usr/bin/env perl' - count: 1 - watch: - file: sift-scripts-keydet-tools-regslack.pl sift-scripts-keydet-tools-regtime.pl: file.copy: - name: /usr/local/bin/regtime.pl - source: /usr/local/src/keydet-tools/source/regtime.pl - file_mode: 755 - watch: - git: sift-scripts-keydet-tools-git sift-scripts-keydet-tools-shebang-regtime.pl: file.replace: - name: /usr/local/bin/regtime.pl - pattern: '#!(.*)' - repl: '#!/usr/bin/env perl' - count: 1 - watch: - file: sift-scripts-keydet-tools-regtime.pl sift-scripts-keydet-tools-rfc.pl: file.copy: - name: /usr/local/bin/rfc.pl - source: /usr/local/src/keydet-tools/source/rfc.pl - file_mode: 755 - watch: - git: sift-scripts-keydet-tools-git sift-scripts-keydet-tools-shebang-rfc.pl: file.replace: - name: /usr/local/bin/rfc.pl - pattern: '#!(.*)' - repl: '#!/usr/bin/env perl' - count: 1 - watch: - file: sift-scripts-keydet-tools-rfc.pl sift-scripts-keydet-tools-rlo.pl: file.copy: - name: /usr/local/bin/rlo.pl - source: /usr/local/src/keydet-tools/source/rlo.pl - file_mode: 755 - watch: - git: sift-scripts-keydet-tools-git sift-scripts-keydet-tools-shebang-rlo.pl: file.replace: - name: /usr/local/bin/rlo.pl - pattern: '#!(.*)' - repl: '#!/usr/bin/env perl' - count: 1 - watch: - file: sift-scripts-keydet-tools-rlo.pl sift-scripts-keydet-tools-tln.pl: file.copy: - name: /usr/local/bin/tln.pl - source: /usr/local/src/keydet-tools/source/tln.pl - file_mode: 755 - watch: - git: sift-scripts-keydet-tools-git sift-scripts-keydet-tools-shebang-tln.pl: file.replace: - name: /usr/local/bin/tln.pl - pattern: '#!(.*)' - repl: '#!/usr/bin/env perl' - count: 1 - watch: - file: sift-scripts-keydet-tools-tln.pl sift-scripts-keydet-tools-usnj.pl: file.copy: - name: /usr/local/bin/usnj.pl - source: /usr/local/src/keydet-tools/source/usnj.pl - file_mode: 755 - watch: - git: sift-scripts-keydet-tools-git sift-scripts-keydet-tools-shebang-usnj.pl: file.replace: - name: /usr/local/bin/usnj.pl - pattern: '#!(.*)' - repl: '#!/usr/bin/env perl' - count: 1 - watch: - file: sift-scripts-keydet-tools-usnj.pl [DEBUG ] Results of YAML rendering: OrderedDict([('include', ['sift.packages.git']), ('sift-scripts-keydet-tools-git', OrderedDict([('git.latest', [OrderedDict([('name', 'https://github.com/keydet89/Tools.git')]), OrderedDict([('target', '/usr/local/src/keydet-tools')]), OrderedDict([('user', 'root')]), OrderedDict([('rev', 'master')]), OrderedDict([('force_clone', True)]), OrderedDict([('require', [OrderedDict([('pkg', 'git')])])])])])), ('sift-scripts-keydet-tools-bodyfile.pl', OrderedDict([('file.copy', [OrderedDict([('name', '/usr/local/bin/bodyfile.pl')]), OrderedDict([('source', '/usr/local/src/keydet-tools/source/bodyfile.pl')]), OrderedDict([('file_mode', 755)]), OrderedDict([('watch', [OrderedDict([('git', 'sift-scripts-keydet-tools-git')])])])])])), ('sift-scripts-keydet-tools-shebang-bodyfile.pl', OrderedDict([('file.replace', [OrderedDict([('name', '/usr/local/bin/bodyfile.pl')]), OrderedDict([('pattern', '#!(.*)')]), OrderedDict([('repl', '#!/usr/bin/env perl')]), OrderedDict([('count', 1)]), OrderedDict([('watch', [OrderedDict([('file', 'sift-scripts-keydet-tools-bodyfile.pl')])])])])])), ('sift-scripts-keydet-tools-evtparse.pl', OrderedDict([('file.copy', [OrderedDict([('name', '/usr/local/bin/evtparse.pl')]), OrderedDict([('source', '/usr/local/src/keydet-tools/source/evtparse.pl')]), OrderedDict([('file_mode', 755)]), OrderedDict([('watch', [OrderedDict([('git', 'sift-scripts-keydet-tools-git')])])])])])), ('sift-scripts-keydet-tools-shebang-evtparse.pl', OrderedDict([('file.replace', [OrderedDict([('name', '/usr/local/bin/evtparse.pl')]), OrderedDict([('pattern', '#!(.*)')]), OrderedDict([('repl', '#!/usr/bin/env perl')]), OrderedDict([('count', 1)]), OrderedDict([('watch', [OrderedDict([('file', 'sift-scripts-keydet-tools-evtparse.pl')])])])])])), ('sift-scripts-keydet-tools-evtrpt.pl', OrderedDict([('file.copy', [OrderedDict([('name', '/usr/local/bin/evtrpt.pl')]), OrderedDict([('source', '/usr/local/src/keydet-tools/source/evtrpt.pl')]), OrderedDict([('file_mode', 755)]), OrderedDict([('watch', [OrderedDict([('git', 'sift-scripts-keydet-tools-git')])])])])])), ('sift-scripts-keydet-tools-shebang-evtrpt.pl', OrderedDict([('file.replace', [OrderedDict([('name', '/usr/local/bin/evtrpt.pl')]), OrderedDict([('pattern', '#!(.*)')]), OrderedDict([('repl', '#!/usr/bin/env perl')]), OrderedDict([('count', 1)]), OrderedDict([('watch', [OrderedDict([('file', 'sift-scripts-keydet-tools-evtrpt.pl')])])])])])), ('sift-scripts-keydet-tools-evtxparse.pl', OrderedDict([('file.copy', [OrderedDict([('name', '/usr/local/bin/evtxparse.pl')]), OrderedDict([('source', '/usr/local/src/keydet-tools/source/evtxparse.pl')]), OrderedDict([('file_mode', 755)]), OrderedDict([('watch', [OrderedDict([('git', 'sift-scripts-keydet-tools-git')])])])])])), ('sift-scripts-keydet-tools-shebang-evtxparse.pl', OrderedDict([('file.replace', [OrderedDict([('name', '/usr/local/bin/evtxparse.pl')]), OrderedDict([('pattern', '#!(.*)')]), OrderedDict([('repl', '#!/usr/bin/env perl')]), OrderedDict([('count', 1)]), OrderedDict([('watch', [OrderedDict([('file', 'sift-scripts-keydet-tools-evtxparse.pl')])])])])])), ('sift-scripts-keydet-tools-fb.pl', OrderedDict([('file.copy', [OrderedDict([('name', '/usr/local/bin/fb.pl')]), OrderedDict([('source', '/usr/local/src/keydet-tools/source/fb.pl')]), OrderedDict([('file_mode', 755)]), OrderedDict([('watch', [OrderedDict([('git', 'sift-scripts-keydet-tools-git')])])])])])), ('sift-scripts-keydet-tools-shebang-fb.pl', OrderedDict([('file.replace', [OrderedDict([('name', '/usr/local/bin/fb.pl')]), OrderedDict([('pattern', '#!(.*)')]), OrderedDict([('repl', '#!/usr/bin/env perl')]), OrderedDict([('count', 1)]), OrderedDict([('watch', [OrderedDict([('file', 'sift-scripts-keydet-tools-fb.pl')])])])])])), ('sift-scripts-keydet-tools-ff.pl', OrderedDict([('file.copy', [OrderedDict([('name', '/usr/local/bin/ff.pl')]), OrderedDict([('source', '/usr/local/src/keydet-tools/source/ff.pl')]), OrderedDict([('file_mode', 755)]), OrderedDict([('watch', [OrderedDict([('git', 'sift-scripts-keydet-tools-git')])])])])])), ('sift-scripts-keydet-tools-shebang-ff.pl', OrderedDict([('file.replace', [OrderedDict([('name', '/usr/local/bin/ff.pl')]), OrderedDict([('pattern', '#!(.*)')]), OrderedDict([('repl', '#!/usr/bin/env perl')]), OrderedDict([('count', 1)]), OrderedDict([('watch', [OrderedDict([('file', 'sift-scripts-keydet-tools-ff.pl')])])])])])), ('sift-scripts-keydet-tools-ff_signons.pl', OrderedDict([('file.copy', [OrderedDict([('name', '/usr/local/bin/ff_signons.pl')]), OrderedDict([('source', '/usr/local/src/keydet-tools/source/ff_signons.pl')]), OrderedDict([('file_mode', 755)]), OrderedDict([('watch', [OrderedDict([('git', 'sift-scripts-keydet-tools-git')])])])])])), ('sift-scripts-keydet-tools-shebang-ff_signons.pl', OrderedDict([('file.replace', [OrderedDict([('name', '/usr/local/bin/ff_signons.pl')]), OrderedDict([('pattern', '#!(.*)')]), OrderedDict([('repl', '#!/usr/bin/env perl')]), OrderedDict([('count', 1)]), OrderedDict([('watch', [OrderedDict([('file', 'sift-scripts-keydet-tools-ff_signons.pl')])])])])])), ('sift-scripts-keydet-tools-ftkparse.pl', OrderedDict([('file.copy', [OrderedDict([('name', '/usr/local/bin/ftkparse.pl')]), OrderedDict([('source', '/usr/local/src/keydet-tools/source/ftkparse.pl')]), OrderedDict([('file_mode', 755)]), OrderedDict([('watch', [OrderedDict([('git', 'sift-scripts-keydet-tools-git')])])])])])), ('sift-scripts-keydet-tools-shebang-ftkparse.pl', OrderedDict([('file.replace', [OrderedDict([('name', '/usr/local/bin/ftkparse.pl')]), OrderedDict([('pattern', '#!(.*)')]), OrderedDict([('repl', '#!/usr/bin/env perl')]), OrderedDict([('count', 1)]), OrderedDict([('watch', [OrderedDict([('file', 'sift-scripts-keydet-tools-ftkparse.pl')])])])])])), ('sift-scripts-keydet-tools-idx.pl', OrderedDict([('file.copy', [OrderedDict([('name', '/usr/local/bin/idx.pl')]), OrderedDict([('source', '/usr/local/src/keydet-tools/source/idx.pl')]), OrderedDict([('file_mode', 755)]), OrderedDict([('watch', [OrderedDict([('git', 'sift-scripts-keydet-tools-git')])])])])])), ('sift-scripts-keydet-tools-shebang-idx.pl', OrderedDict([('file.replace', [OrderedDict([('name', '/usr/local/bin/idx.pl')]), OrderedDict([('pattern', '#!(.*)')]), OrderedDict([('repl', '#!/usr/bin/env perl')]), OrderedDict([('count', 1)]), OrderedDict([('watch', [OrderedDict([('file', 'sift-scripts-keydet-tools-idx.pl')])])])])])), ('sift-scripts-keydet-tools-idxparse.pl', OrderedDict([('file.copy', [OrderedDict([('name', '/usr/local/bin/idxparse.pl')]), OrderedDict([('source', '/usr/local/src/keydet-tools/source/idxparse.pl')]), OrderedDict([('file_mode', 755)]), OrderedDict([('watch', [OrderedDict([('git', 'sift-scripts-keydet-tools-git')])])])])])), ('sift-scripts-keydet-tools-shebang-idxparse.pl', OrderedDict([('file.replace', [OrderedDict([('name', '/usr/local/bin/idxparse.pl')]), OrderedDict([('pattern', '#!(.*)')]), OrderedDict([('repl', '#!/usr/bin/env perl')]), OrderedDict([('count', 1)]), OrderedDict([('watch', [OrderedDict([('file', 'sift-scripts-keydet-tools-idxparse.pl')])])])])])), ('sift-scripts-keydet-tools-jl.pl', OrderedDict([('file.copy', [OrderedDict([('name', '/usr/local/bin/jl.pl')]), OrderedDict([('source', '/usr/local/src/keydet-tools/source/jl.pl')]), OrderedDict([('file_mode', 755)]), OrderedDict([('watch', [OrderedDict([('git', 'sift-scripts-keydet-tools-git')])])])])])), ('sift-scripts-keydet-tools-shebang-jl.pl', OrderedDict([('file.replace', [OrderedDict([('name', '/usr/local/bin/jl.pl')]), OrderedDict([('pattern', '#!(.*)')]), OrderedDict([('repl', '#!/usr/bin/env perl')]), OrderedDict([('count', 1)]), OrderedDict([('watch', [OrderedDict([('file', 'sift-scripts-keydet-tools-jl.pl')])])])])])), ('sift-scripts-keydet-tools-jobparse.pl', OrderedDict([('file.copy', [OrderedDict([('name', '/usr/local/bin/jobparse.pl')]), OrderedDict([('source', '/usr/local/src/keydet-tools/source/jobparse.pl')]), OrderedDict([('file_mode', 755)]), OrderedDict([('watch', [OrderedDict([('git', 'sift-scripts-keydet-tools-git')])])])])])), ('sift-scripts-keydet-tools-shebang-jobparse.pl', OrderedDict([('file.replace', [OrderedDict([('name', '/usr/local/bin/jobparse.pl')]), OrderedDict([('pattern', '#!(.*)')]), OrderedDict([('repl', '#!/usr/bin/env perl')]), OrderedDict([('count', 1)]), OrderedDict([('watch', [OrderedDict([('file', 'sift-scripts-keydet-tools-jobparse.pl')])])])])])), ('sift-scripts-keydet-tools-lfle.pl', OrderedDict([('file.copy', [OrderedDict([('name', '/usr/local/bin/lfle.pl')]), OrderedDict([('source', '/usr/local/src/keydet-tools/source/lfle.pl')]), OrderedDict([('file_mode', 755)]), OrderedDict([('watch', [OrderedDict([('git', 'sift-scripts-keydet-tools-git')])])])])])), ('sift-scripts-keydet-tools-shebang-lfle.pl', OrderedDict([('file.replace', [OrderedDict([('name', '/usr/local/bin/lfle.pl')]), OrderedDict([('pattern', '#!(.*)')]), OrderedDict([('repl', '#!/usr/bin/env perl')]), OrderedDict([('count', 1)]), OrderedDict([('watch', [OrderedDict([('file', 'sift-scripts-keydet-tools-lfle.pl')])])])])])), ('sift-scripts-keydet-tools-lnk.pl', OrderedDict([('file.copy', [OrderedDict([('name', '/usr/local/bin/lnk.pl')]), OrderedDict([('source', '/usr/local/src/keydet-tools/source/lnk.pl')]), OrderedDict([('file_mode', 755)]), OrderedDict([('watch', [OrderedDict([('git', 'sift-scripts-keydet-tools-git')])])])])])), ('sift-scripts-keydet-tools-shebang-lnk.pl', OrderedDict([('file.replace', [OrderedDict([('name', '/usr/local/bin/lnk.pl')]), OrderedDict([('pattern', '#!(.*)')]), OrderedDict([('repl', '#!/usr/bin/env perl')]), OrderedDict([('count', 1)]), OrderedDict([('watch', [OrderedDict([('file', 'sift-scripts-keydet-tools-lnk.pl')])])])])])), ('sift-scripts-keydet-tools-mft.pl', OrderedDict([('file.copy', [OrderedDict([('name', '/usr/local/bin/mft.pl')]), OrderedDict([('source', '/usr/local/src/keydet-tools/source/mft.pl')]), OrderedDict([('file_mode', 755)]), OrderedDict([('watch', [OrderedDict([('git', 'sift-scripts-keydet-tools-git')])])])])])), ('sift-scripts-keydet-tools-shebang-mft.pl', OrderedDict([('file.replace', [OrderedDict([('name', '/usr/local/bin/mft.pl')]), OrderedDict([('pattern', '#!(.*)')]), OrderedDict([('repl', '#!/usr/bin/env perl')]), OrderedDict([('count', 1)]), OrderedDict([('watch', [OrderedDict([('file', 'sift-scripts-keydet-tools-mft.pl')])])])])])), ('sift-scripts-keydet-tools-parse.pl', OrderedDict([('file.copy', [OrderedDict([('name', '/usr/local/bin/parse.pl')]), OrderedDict([('source', '/usr/local/src/keydet-tools/source/parse.pl')]), OrderedDict([('file_mode', 755)]), OrderedDict([('watch', [OrderedDict([('git', 'sift-scripts-keydet-tools-git')])])])])])), ('sift-scripts-keydet-tools-shebang-parse.pl', OrderedDict([('file.replace', [OrderedDict([('name', '/usr/local/bin/parse.pl')]), OrderedDict([('pattern', '#!(.*)')]), OrderedDict([('repl', '#!/usr/bin/env perl')]), OrderedDict([('count', 1)]), OrderedDict([('watch', [OrderedDict([('file', 'sift-scripts-keydet-tools-parse.pl')])])])])])), ('sift-scripts-keydet-tools-parsei30.pl', OrderedDict([('file.copy', [OrderedDict([('name', '/usr/local/bin/parsei30.pl')]), OrderedDict([('source', '/usr/local/src/keydet-tools/source/parsei30.pl')]), OrderedDict([('file_mode', 755)]), OrderedDict([('watch', [OrderedDict([('git', 'sift-scripts-keydet-tools-git')])])])])])), ('sift-scripts-keydet-tools-shebang-parsei30.pl', OrderedDict([('file.replace', [OrderedDict([('name', '/usr/local/bin/parsei30.pl')]), OrderedDict([('pattern', '#!(.*)')]), OrderedDict([('repl', '#!/usr/bin/env perl')]), OrderedDict([('count', 1)]), OrderedDict([('watch', [OrderedDict([('file', 'sift-scripts-keydet-tools-parsei30.pl')])])])])])), ('sift-scripts-keydet-tools-parseie.pl', OrderedDict([('file.copy', [OrderedDict([('name', '/usr/local/bin/parseie.pl')]), OrderedDict([('source', '/usr/local/src/keydet-tools/source/parseie.pl')]), OrderedDict([('file_mode', 755)]), OrderedDict([('watch', [OrderedDict([('git', 'sift-scripts-keydet-tools-git')])])])])])), ('sift-scripts-keydet-tools-shebang-parseie.pl', OrderedDict([('file.replace', [OrderedDict([('name', '/usr/local/bin/parseie.pl')]), OrderedDict([('pattern', '#!(.*)')]), OrderedDict([('repl', '#!/usr/bin/env perl')]), OrderedDict([('count', 1)]), OrderedDict([('watch', [OrderedDict([('file', 'sift-scripts-keydet-tools-parseie.pl')])])])])])), ('sift-scripts-keydet-tools-pie.pl', OrderedDict([('file.copy', [OrderedDict([('name', '/usr/local/bin/pie.pl')]), OrderedDict([('source', '/usr/local/src/keydet-tools/source/pie.pl')]), OrderedDict([('file_mode', 755)]), OrderedDict([('watch', [OrderedDict([('git', 'sift-scripts-keydet-tools-git')])])])])])), ('sift-scripts-keydet-tools-shebang-pie.pl', OrderedDict([('file.replace', [OrderedDict([('name', '/usr/local/bin/pie.pl')]), OrderedDict([('pattern', '#!(.*)')]), OrderedDict([('repl', '#!/usr/bin/env perl')]), OrderedDict([('count', 1)]), OrderedDict([('watch', [OrderedDict([('file', 'sift-scripts-keydet-tools-pie.pl')])])])])])), ('sift-scripts-keydet-tools-pref.pl', OrderedDict([('file.copy', [OrderedDict([('name', '/usr/local/bin/pref.pl')]), OrderedDict([('source', '/usr/local/src/keydet-tools/source/pref.pl')]), OrderedDict([('file_mode', 755)]), OrderedDict([('watch', [OrderedDict([('git', 'sift-scripts-keydet-tools-git')])])])])])), ('sift-scripts-keydet-tools-shebang-pref.pl', OrderedDict([('file.replace', [OrderedDict([('name', '/usr/local/bin/pref.pl')]), OrderedDict([('pattern', '#!(.*)')]), OrderedDict([('repl', '#!/usr/bin/env perl')]), OrderedDict([('count', 1)]), OrderedDict([('watch', [OrderedDict([('file', 'sift-scripts-keydet-tools-pref.pl')])])])])])), ('sift-scripts-keydet-tools-rawie.pl', OrderedDict([('file.copy', [OrderedDict([('name', '/usr/local/bin/rawie.pl')]), OrderedDict([('source', '/usr/local/src/keydet-tools/source/rawie.pl')]), OrderedDict([('file_mode', 755)]), OrderedDict([('watch', [OrderedDict([('git', 'sift-scripts-keydet-tools-git')])])])])])), ('sift-scripts-keydet-tools-shebang-rawie.pl', OrderedDict([('file.replace', [OrderedDict([('name', '/usr/local/bin/rawie.pl')]), OrderedDict([('pattern', '#!(.*)')]), OrderedDict([('repl', '#!/usr/bin/env perl')]), OrderedDict([('count', 1)]), OrderedDict([('watch', [OrderedDict([('file', 'sift-scripts-keydet-tools-rawie.pl')])])])])])), ('sift-scripts-keydet-tools-recbin.pl', OrderedDict([('file.copy', [OrderedDict([('name', '/usr/local/bin/recbin.pl')]), OrderedDict([('source', '/usr/local/src/keydet-tools/source/recbin.pl')]), OrderedDict([('file_mode', 755)]), OrderedDict([('watch', [OrderedDict([('git', 'sift-scripts-keydet-tools-git')])])])])])), ('sift-scripts-keydet-tools-shebang-recbin.pl', OrderedDict([('file.replace', [OrderedDict([('name', '/usr/local/bin/recbin.pl')]), OrderedDict([('pattern', '#!(.*)')]), OrderedDict([('repl', '#!/usr/bin/env perl')]), OrderedDict([('count', 1)]), OrderedDict([('watch', [OrderedDict([('file', 'sift-scripts-keydet-tools-recbin.pl')])])])])])), ('sift-scripts-keydet-tools-regslack.pl', OrderedDict([('file.copy', [OrderedDict([('name', '/usr/local/bin/regslack.pl')]), OrderedDict([('source', '/usr/local/src/keydet-tools/source/regslack.pl')]), OrderedDict([('file_mode', 755)]), OrderedDict([('watch', [OrderedDict([('git', 'sift-scripts-keydet-tools-git')])])])])])), ('sift-scripts-keydet-tools-shebang-regslack.pl', OrderedDict([('file.replace', [OrderedDict([('name', '/usr/local/bin/regslack.pl')]), OrderedDict([('pattern', '#!(.*)')]), OrderedDict([('repl', '#!/usr/bin/env perl')]), OrderedDict([('count', 1)]), OrderedDict([('watch', [OrderedDict([('file', 'sift-scripts-keydet-tools-regslack.pl')])])])])])), ('sift-scripts-keydet-tools-regtime.pl', OrderedDict([('file.copy', [OrderedDict([('name', '/usr/local/bin/regtime.pl')]), OrderedDict([('source', '/usr/local/src/keydet-tools/source/regtime.pl')]), OrderedDict([('file_mode', 755)]), OrderedDict([('watch', [OrderedDict([('git', 'sift-scripts-keydet-tools-git')])])])])])), ('sift-scripts-keydet-tools-shebang-regtime.pl', OrderedDict([('file.replace', [OrderedDict([('name', '/usr/local/bin/regtime.pl')]), OrderedDict([('pattern', '#!(.*)')]), OrderedDict([('repl', '#!/usr/bin/env perl')]), OrderedDict([('count', 1)]), OrderedDict([('watch', [OrderedDict([('file', 'sift-scripts-keydet-tools-regtime.pl')])])])])])), ('sift-scripts-keydet-tools-rfc.pl', OrderedDict([('file.copy', [OrderedDict([('name', '/usr/local/bin/rfc.pl')]), OrderedDict([('source', '/usr/local/src/keydet-tools/source/rfc.pl')]), OrderedDict([('file_mode', 755)]), OrderedDict([('watch', [OrderedDict([('git', 'sift-scripts-keydet-tools-git')])])])])])), ('sift-scripts-keydet-tools-shebang-rfc.pl', OrderedDict([('file.replace', [OrderedDict([('name', '/usr/local/bin/rfc.pl')]), OrderedDict([('pattern', '#!(.*)')]), OrderedDict([('repl', '#!/usr/bin/env perl')]), OrderedDict([('count', 1)]), OrderedDict([('watch', [OrderedDict([('file', 'sift-scripts-keydet-tools-rfc.pl')])])])])])), ('sift-scripts-keydet-tools-rlo.pl', OrderedDict([('file.copy', [OrderedDict([('name', '/usr/local/bin/rlo.pl')]), OrderedDict([('source', '/usr/local/src/keydet-tools/source/rlo.pl')]), OrderedDict([('file_mode', 755)]), OrderedDict([('watch', [OrderedDict([('git', 'sift-scripts-keydet-tools-git')])])])])])), ('sift-scripts-keydet-tools-shebang-rlo.pl', OrderedDict([('file.replace', [OrderedDict([('name', '/usr/local/bin/rlo.pl')]), OrderedDict([('pattern', '#!(.*)')]), OrderedDict([('repl', '#!/usr/bin/env perl')]), OrderedDict([('count', 1)]), OrderedDict([('watch', [OrderedDict([('file', 'sift-scripts-keydet-tools-rlo.pl')])])])])])), ('sift-scripts-keydet-tools-tln.pl', OrderedDict([('file.copy', [OrderedDict([('name', '/usr/local/bin/tln.pl')]), OrderedDict([('source', '/usr/local/src/keydet-tools/source/tln.pl')]), OrderedDict([('file_mode', 755)]), OrderedDict([('watch', [OrderedDict([('git', 'sift-scripts-keydet-tools-git')])])])])])), ('sift-scripts-keydet-tools-shebang-tln.pl', OrderedDict([('file.replace', [OrderedDict([('name', '/usr/local/bin/tln.pl')]), OrderedDict([('pattern', '#!(.*)')]), OrderedDict([('repl', '#!/usr/bin/env perl')]), OrderedDict([('count', 1)]), OrderedDict([('watch', [OrderedDict([('file', 'sift-scripts-keydet-tools-tln.pl')])])])])])), ('sift-scripts-keydet-tools-usnj.pl', OrderedDict([('file.copy', [OrderedDict([('name', '/usr/local/bin/usnj.pl')]), OrderedDict([('source', '/usr/local/src/keydet-tools/source/usnj.pl')]), OrderedDict([('file_mode', 755)]), OrderedDict([('watch', [OrderedDict([('git', 'sift-scripts-keydet-tools-git')])])])])])), ('sift-scripts-keydet-tools-shebang-usnj.pl', OrderedDict([('file.replace', [OrderedDict([('name', '/usr/local/bin/usnj.pl')]), OrderedDict([('pattern', '#!(.*)')]), OrderedDict([('repl', '#!/usr/bin/env perl')]), OrderedDict([('count', 1)]), OrderedDict([('watch', [OrderedDict([('file', 'sift-scripts-keydet-tools-usnj.pl')])])])])]))]) [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/scripts/keydet-tools.sls' using 'yaml' renderer: 0.0836379528046 [DEBUG ] In saltenv 'base', looking at rel_path 'sift/scripts/packerid.sls' to resolve 'salt://sift/scripts/packerid.sls' [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/scripts/packerid.sls' to resolve 'salt://sift/scripts/packerid.sls' [DEBUG ] Fetching file from saltenv 'base', ** attempting ** 'salt://sift/scripts/packerid.sls' [DEBUG ] No dest file found [INFO ] Fetching file from saltenv 'base', ** done ** 'sift/scripts/packerid.sls' [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/scripts/packerid.sls [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/scripts/packerid.sls' using 'jinja' renderer: 0.00172090530396 [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/scripts/packerid.sls: include: - sift.packages.python - sift.python-packages.pefile # Source: https://github.com/sooshie/packerid # License: Unknown sift-scripts-packerid: file.managed: - name: /usr/local/bin/packerid.py - source: https://raw.githubusercontent.com/sooshie/packerid/7b2ee6ef57db903bf356fd342c8ca998abdb68cd/packerid.py - source_hash: sha256=be589d4cbe70ecdc3424a6da48d8fc24630d51a6ebf92e5328b36e39423eb038 - mode: 755 - require: - sls: sift.packages.python - sls: sift.python-packages.pefile sift-scripts-packerid-shebang: file.replace: - name: /usr/local/bin/packerid.py - pattern: '#!/usr/local/bin/python' - repl: '#!/usr/bin/env python' - count: 1 - watch: - file: sift-scripts-packerid [DEBUG ] Results of YAML rendering: OrderedDict([('include', ['sift.packages.python', 'sift.python-packages.pefile']), ('sift-scripts-packerid', OrderedDict([('file.managed', [OrderedDict([('name', '/usr/local/bin/packerid.py')]), OrderedDict([('source', 'https://raw.githubusercontent.com/sooshie/packerid/7b2ee6ef57db903bf356fd342c8ca998abdb68cd/packerid.py')]), OrderedDict([('source_hash', 'sha256=be589d4cbe70ecdc3424a6da48d8fc24630d51a6ebf92e5328b36e39423eb038')]), OrderedDict([('mode', 755)]), OrderedDict([('require', [OrderedDict([('sls', 'sift.packages.python')]), OrderedDict([('sls', 'sift.python-packages.pefile')])])])])])), ('sift-scripts-packerid-shebang', OrderedDict([('file.replace', [OrderedDict([('name', '/usr/local/bin/packerid.py')]), OrderedDict([('pattern', '#!/usr/local/bin/python')]), OrderedDict([('repl', '#!/usr/bin/env python')]), OrderedDict([('count', 1)]), OrderedDict([('watch', [OrderedDict([('file', 'sift-scripts-packerid')])])])])]))]) [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/scripts/packerid.sls' using 'yaml' renderer: 0.00425505638123 [DEBUG ] In saltenv 'base', looking at rel_path 'sift/scripts/page-brute.sls' to resolve 'salt://sift/scripts/page-brute.sls' [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/scripts/page-brute.sls' to resolve 'salt://sift/scripts/page-brute.sls' [DEBUG ] Fetching file from saltenv 'base', ** attempting ** 'salt://sift/scripts/page-brute.sls' [DEBUG ] No dest file found [INFO ] Fetching file from saltenv 'base', ** done ** 'sift/scripts/page-brute.sls' [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/scripts/page-brute.sls [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/scripts/page-brute.sls' using 'jinja' renderer: 0.000641107559204 [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/scripts/page-brute.sls: scripts-page-brute: file.recurse: - name: /usr/local/bin - source: salt://sift/files/page-brute - file_mode: 755 - include_pat: '*.py' [DEBUG ] Results of YAML rendering: OrderedDict([('scripts-page-brute', OrderedDict([('file.recurse', [OrderedDict([('name', '/usr/local/bin')]), OrderedDict([('source', 'salt://sift/files/page-brute')]), OrderedDict([('file_mode', 755)]), OrderedDict([('include_pat', '*.py')])])]))]) [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/scripts/page-brute.sls' using 'yaml' renderer: 0.00145506858826 [DEBUG ] In saltenv 'base', looking at rel_path 'sift/scripts/parseusn.sls' to resolve 'salt://sift/scripts/parseusn.sls' [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/scripts/parseusn.sls' to resolve 'salt://sift/scripts/parseusn.sls' [DEBUG ] Fetching file from saltenv 'base', ** attempting ** 'salt://sift/scripts/parseusn.sls' [DEBUG ] No dest file found [INFO ] Fetching file from saltenv 'base', ** done ** 'sift/scripts/parseusn.sls' [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/scripts/parseusn.sls [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/scripts/parseusn.sls' using 'jinja' renderer: 0.00144290924072 [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/scripts/parseusn.sls: include: - sift.packages.python # Source: https://github.com/superponible/DFIR/ # License: MIT Open Source License (http://opensource.org/licenses/mit-license.php) sift-scripts-parseusn: file.managed: - name: /usr/local/bin/parseusn.py - source: https://raw.githubusercontent.com/superponible/DFIR/master/parseusn.py - source_hash: sha256=4540eba4cdddcb0eab1bc21ccea6a6ab7c010936909bb233807dc9bf4189ab10 - mode: 755 [DEBUG ] Results of YAML rendering: OrderedDict([('include', ['sift.packages.python']), ('sift-scripts-parseusn', OrderedDict([('file.managed', [OrderedDict([('name', '/usr/local/bin/parseusn.py')]), OrderedDict([('source', 'https://raw.githubusercontent.com/superponible/DFIR/master/parseusn.py')]), OrderedDict([('source_hash', 'sha256=4540eba4cdddcb0eab1bc21ccea6a6ab7c010936909bb233807dc9bf4189ab10')]), OrderedDict([('mode', 755)])])]))]) [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/scripts/parseusn.sls' using 'yaml' renderer: 0.00199484825134 [DEBUG ] In saltenv 'base', looking at rel_path 'sift/scripts/pdf-tools.sls' to resolve 'salt://sift/scripts/pdf-tools.sls' [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/scripts/pdf-tools.sls' to resolve 'salt://sift/scripts/pdf-tools.sls' [DEBUG ] Fetching file from saltenv 'base', ** attempting ** 'salt://sift/scripts/pdf-tools.sls' [DEBUG ] No dest file found [INFO ] Fetching file from saltenv 'base', ** done ** 'sift/scripts/pdf-tools.sls' [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/scripts/pdf-tools.sls [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/scripts/pdf-tools.sls' using 'jinja' renderer: 0.000710010528564 [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/scripts/pdf-tools.sls: scripts-pdf-tools: file.recurse: - name: /usr/local/bin - source: salt://sift/files/pdf-tools - file_mode: 755 [DEBUG ] Results of YAML rendering: OrderedDict([('scripts-pdf-tools', OrderedDict([('file.recurse', [OrderedDict([('name', '/usr/local/bin')]), OrderedDict([('source', 'salt://sift/files/pdf-tools')]), OrderedDict([('file_mode', 755)])])]))]) [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/scripts/pdf-tools.sls' using 'yaml' renderer: 0.00128817558289 [DEBUG ] In saltenv 'base', looking at rel_path 'sift/scripts/pe-carver.sls' to resolve 'salt://sift/scripts/pe-carver.sls' [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/scripts/pe-carver.sls' to resolve 'salt://sift/scripts/pe-carver.sls' [DEBUG ] Fetching file from saltenv 'base', ** attempting ** 'salt://sift/scripts/pe-carver.sls' [DEBUG ] No dest file found [INFO ] Fetching file from saltenv 'base', ** done ** 'sift/scripts/pe-carver.sls' [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/scripts/pe-carver.sls [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/scripts/pe-carver.sls' using 'jinja' renderer: 0.00150990486145 [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/scripts/pe-carver.sls: include: - sift.python-packages.bitstring - sift.python-packages.pefile # Source: https://github.com/Rurik/PE_Carver # License: No Specified sift-scripts-pecarve: file.managed: - name: /usr/local/bin/pecarve.py - source: https://raw.githubusercontent.com/Rurik/PE_Carver/9026cd2ca4bd0633f9898a93cb798cd19cffc8f6/pe_carve.py - source_hash: sha256=6b245decadde4652ff6d1e2b24f6496dd252bee4bf57e7c934fbb9c9f21df849 - mode: 755 - require: - sls: sift.python-packages.bitstring - sls: sift.python-packages.pefile sift-scripts-pecarve-shebang: file.prepend: - name: /usr/local/bin/pecarve.py - text: '#!/usr/bin/env python' - watch: - file: sift-scripts-pecarve [DEBUG ] Results of YAML rendering: OrderedDict([('include', ['sift.python-packages.bitstring', 'sift.python-packages.pefile']), ('sift-scripts-pecarve', OrderedDict([('file.managed', [OrderedDict([('name', '/usr/local/bin/pecarve.py')]), OrderedDict([('source', 'https://raw.githubusercontent.com/Rurik/PE_Carver/9026cd2ca4bd0633f9898a93cb798cd19cffc8f6/pe_carve.py')]), OrderedDict([('source_hash', 'sha256=6b245decadde4652ff6d1e2b24f6496dd252bee4bf57e7c934fbb9c9f21df849')]), OrderedDict([('mode', 755)]), OrderedDict([('require', [OrderedDict([('sls', 'sift.python-packages.bitstring')]), OrderedDict([('sls', 'sift.python-packages.pefile')])])])])])), ('sift-scripts-pecarve-shebang', OrderedDict([('file.prepend', [OrderedDict([('name', '/usr/local/bin/pecarve.py')]), OrderedDict([('text', '#!/usr/bin/env python')]), OrderedDict([('watch', [OrderedDict([('file', 'sift-scripts-pecarve')])])])])]))]) [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/scripts/pe-carver.sls' using 'yaml' renderer: 0.00405097007751 [DEBUG ] In saltenv 'base', looking at rel_path 'sift/scripts/pescanner.sls' to resolve 'salt://sift/scripts/pescanner.sls' [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/scripts/pescanner.sls' to resolve 'salt://sift/scripts/pescanner.sls' [DEBUG ] Fetching file from saltenv 'base', ** attempting ** 'salt://sift/scripts/pescanner.sls' [DEBUG ] No dest file found [INFO ] Fetching file from saltenv 'base', ** done ** 'sift/scripts/pescanner.sls' [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/scripts/pescanner.sls [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/scripts/pescanner.sls' using 'jinja' renderer: 0.00141906738281 [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/scripts/pescanner.sls: include: - sift.python-packages.pefile # Source: https://github.com/hiddenillusion/AnalyzePE/ # License: Unknown sift-scripts-pescanner: file.managed: - name: /usr/local/bin/pescanner.py - source: https://raw.githubusercontent.com/hiddenillusion/AnalyzePE/9c76ecbc3ac417bc07439c244f2d5ed19af06578/pescanner.py - source_hash: sha256=0c4e2a8916df3de0bde67ef47543db6f6068b267fa2b665667a52bc6002e6529 - mode: 755 - require: - pip: pefile [DEBUG ] Results of YAML rendering: OrderedDict([('include', ['sift.python-packages.pefile']), ('sift-scripts-pescanner', OrderedDict([('file.managed', [OrderedDict([('name', '/usr/local/bin/pescanner.py')]), OrderedDict([('source', 'https://raw.githubusercontent.com/hiddenillusion/AnalyzePE/9c76ecbc3ac417bc07439c244f2d5ed19af06578/pescanner.py')]), OrderedDict([('source_hash', 'sha256=0c4e2a8916df3de0bde67ef47543db6f6068b267fa2b665667a52bc6002e6529')]), OrderedDict([('mode', 755)]), OrderedDict([('require', [OrderedDict([('pip', 'pefile')])])])])]))]) [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/scripts/pescanner.sls' using 'yaml' renderer: 0.00232696533203 [DEBUG ] In saltenv 'base', looking at rel_path 'sift/scripts/regripper.sls' to resolve 'salt://sift/scripts/regripper.sls' [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/scripts/regripper.sls' to resolve 'salt://sift/scripts/regripper.sls' [DEBUG ] Fetching file from saltenv 'base', ** attempting ** 'salt://sift/scripts/regripper.sls' [DEBUG ] No dest file found [INFO ] Fetching file from saltenv 'base', ** done ** 'sift/scripts/regripper.sls' [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/scripts/regripper.sls [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/scripts/regripper.sls' using 'jinja' renderer: 0.00144195556641 [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/scripts/regripper.sls: include: - sift.packages.git - sift.packages.libparse-win32registry-perl sift-scripts-regripper-git: git.latest: - name: https://github.com/keydet89/RegRipper2.8.git - target: /usr/local/src/regripper - user: root - rev: master - force_clone: True - require: - pkg: git sift-scripts-regripper-directory: file.directory: - name: /usr/local/share/regripper - makedirs: True - file_mode: 644 - require: - git: sift-scripts-regripper-git sift-scripts-regripper-binary: file.managed: - name: /usr/local/share/regripper/rip.pl - source: salt://sift/files/regripper/rip.pl - mode: 755 - require: - git: sift-scripts-regripper-git - pkg: libparse-win32registry-perl sift-scripts-regripper-plugins-symlink: file.symlink: - name: /usr/local/share/regripper/plugins - target: /usr/local/src/regripper/plugins - require: - git: sift-scripts-regripper-git - file: sift-scripts-regripper-directory sift-scripts-regripper-binary-symlink: file.symlink: - name: /usr/local/bin/rip.pl - target: /usr/local/share/regripper/rip.pl - mode: 755 - require: - file: sift-scripts-regripper-binary sift-scripts-regripper-plugins-all: cmd.wait: - name: "grep -R \"my %config = (hive\" /usr/local/share/regripper/plugins | grep \"All\" | cut -f1 -d: | xargs -n1 -I{} basename {} | sed 's/.pl$//' > /usr/local/share/regripper/plugins/all" - watch: - git: sift-scripts-regripper-git sift-scripts-regripper-plugins-ntuser: cmd.wait: - name: "grep -R \"my %config = (hive\" /usr/local/share/regripper/plugins | grep \"NTUSER\" | cut -f1 -d: | xargs -n1 -I{} basename {} | sed 's/.pl$//' > /usr/local/share/regripper/plugins/ntuser" - watch: - git: sift-scripts-regripper-git sift-scripts-regripper-plugins-usrclass: cmd.wait: - name: "grep -R \"my %config = (hive\" /usr/local/share/regripper/plugins | grep \"USRCLASS\" | cut -f1 -d: | xargs -n1 -I{} basename {} | sed 's/.pl$//' > /usr/local/share/regripper/plugins/usrclass" - watch: - git: sift-scripts-regripper-git sift-scripts-regripper-plugins-sam: cmd.wait: - name: "grep -R \"my %config = (hive\" /usr/local/share/regripper/plugins | grep \"SAM\" | cut -f1 -d: | xargs -n1 -I{} basename {} | sed 's/.pl$//' > /usr/local/share/regripper/plugins/sam" - watch: - git: sift-scripts-regripper-git sift-scripts-regripper-plugins-security: cmd.wait: - name: "grep -R \"my %config = (hive\" /usr/local/share/regripper/plugins | grep \"Security\" | cut -f1 -d: | xargs -n1 -I{} basename {} | sed 's/.pl$//' > /usr/local/share/regripper/plugins/security" - watch: - git: sift-scripts-regripper-git sift-scripts-regripper-plugins-software: cmd.wait: - name: "grep -R \"my %config = (hive\" /usr/local/share/regripper/plugins | grep \"Software\" | cut -f1 -d: | xargs -n1 -I{} basename {} | sed 's/.pl$//' > /usr/local/share/regripper/plugins/software" - watch: - git: sift-scripts-regripper-git sift-scripts-regripper-plugins-system: cmd.wait: - name: "grep -R \"my %config = (hive\" /usr/local/share/regripper/plugins | grep \"System\" | cut -f1 -d: | xargs -n1 -I{} basename {} | sed 's/.pl$//' > /usr/local/share/regripper/plugins/system" - watch: - git: sift-scripts-regripper-git [DEBUG ] Results of YAML rendering: OrderedDict([('include', ['sift.packages.git', 'sift.packages.libparse-win32registry-perl']), ('sift-scripts-regripper-git', OrderedDict([('git.latest', [OrderedDict([('name', 'https://github.com/keydet89/RegRipper2.8.git')]), OrderedDict([('target', '/usr/local/src/regripper')]), OrderedDict([('user', 'root')]), OrderedDict([('rev', 'master')]), OrderedDict([('force_clone', True)]), OrderedDict([('require', [OrderedDict([('pkg', 'git')])])])])])), ('sift-scripts-regripper-directory', OrderedDict([('file.directory', [OrderedDict([('name', '/usr/local/share/regripper')]), OrderedDict([('makedirs', True)]), OrderedDict([('file_mode', 644)]), OrderedDict([('require', [OrderedDict([('git', 'sift-scripts-regripper-git')])])])])])), ('sift-scripts-regripper-binary', OrderedDict([('file.managed', [OrderedDict([('name', '/usr/local/share/regripper/rip.pl')]), OrderedDict([('source', 'salt://sift/files/regripper/rip.pl')]), OrderedDict([('mode', 755)]), OrderedDict([('require', [OrderedDict([('git', 'sift-scripts-regripper-git')]), OrderedDict([('pkg', 'libparse-win32registry-perl')])])])])])), ('sift-scripts-regripper-plugins-symlink', OrderedDict([('file.symlink', [OrderedDict([('name', '/usr/local/share/regripper/plugins')]), OrderedDict([('target', '/usr/local/src/regripper/plugins')]), OrderedDict([('require', [OrderedDict([('git', 'sift-scripts-regripper-git')]), OrderedDict([('file', 'sift-scripts-regripper-directory')])])])])])), ('sift-scripts-regripper-binary-symlink', OrderedDict([('file.symlink', [OrderedDict([('name', '/usr/local/bin/rip.pl')]), OrderedDict([('target', '/usr/local/share/regripper/rip.pl')]), OrderedDict([('mode', 755)]), OrderedDict([('require', [OrderedDict([('file', 'sift-scripts-regripper-binary')])])])])])), ('sift-scripts-regripper-plugins-all', OrderedDict([('cmd.wait', [OrderedDict([('name', 'grep -R "my %config = (hive" /usr/local/share/regripper/plugins | grep "All" | cut -f1 -d: | xargs -n1 -I{} basename {} | sed \'s/.pl$//\' > /usr/local/share/regripper/plugins/all')]), OrderedDict([('watch', [OrderedDict([('git', 'sift-scripts-regripper-git')])])])])])), ('sift-scripts-regripper-plugins-ntuser', OrderedDict([('cmd.wait', [OrderedDict([('name', 'grep -R "my %config = (hive" /usr/local/share/regripper/plugins | grep "NTUSER" | cut -f1 -d: | xargs -n1 -I{} basename {} | sed \'s/.pl$//\' > /usr/local/share/regripper/plugins/ntuser')]), OrderedDict([('watch', [OrderedDict([('git', 'sift-scripts-regripper-git')])])])])])), ('sift-scripts-regripper-plugins-usrclass', OrderedDict([('cmd.wait', [OrderedDict([('name', 'grep -R "my %config = (hive" /usr/local/share/regripper/plugins | grep "USRCLASS" | cut -f1 -d: | xargs -n1 -I{} basename {} | sed \'s/.pl$//\' > /usr/local/share/regripper/plugins/usrclass')]), OrderedDict([('watch', [OrderedDict([('git', 'sift-scripts-regripper-git')])])])])])), ('sift-scripts-regripper-plugins-sam', OrderedDict([('cmd.wait', [OrderedDict([('name', 'grep -R "my %config = (hive" /usr/local/share/regripper/plugins | grep "SAM" | cut -f1 -d: | xargs -n1 -I{} basename {} | sed \'s/.pl$//\' > /usr/local/share/regripper/plugins/sam')]), OrderedDict([('watch', [OrderedDict([('git', 'sift-scripts-regripper-git')])])])])])), ('sift-scripts-regripper-plugins-security', OrderedDict([('cmd.wait', [OrderedDict([('name', 'grep -R "my %config = (hive" /usr/local/share/regripper/plugins | grep "Security" | cut -f1 -d: | xargs -n1 -I{} basename {} | sed \'s/.pl$//\' > /usr/local/share/regripper/plugins/security')]), OrderedDict([('watch', [OrderedDict([('git', 'sift-scripts-regripper-git')])])])])])), ('sift-scripts-regripper-plugins-software', OrderedDict([('cmd.wait', [OrderedDict([('name', 'grep -R "my %config = (hive" /usr/local/share/regripper/plugins | grep "Software" | cut -f1 -d: | xargs -n1 -I{} basename {} | sed \'s/.pl$//\' > /usr/local/share/regripper/plugins/software')]), OrderedDict([('watch', [OrderedDict([('git', 'sift-scripts-regripper-git')])])])])])), ('sift-scripts-regripper-plugins-system', OrderedDict([('cmd.wait', [OrderedDict([('name', 'grep -R "my %config = (hive" /usr/local/share/regripper/plugins | grep "System" | cut -f1 -d: | xargs -n1 -I{} basename {} | sed \'s/.pl$//\' > /usr/local/share/regripper/plugins/system')]), OrderedDict([('watch', [OrderedDict([('git', 'sift-scripts-regripper-git')])])])])]))]) [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/scripts/regripper.sls' using 'yaml' renderer: 0.0162291526794 [DEBUG ] In saltenv 'base', looking at rel_path 'sift/scripts/shim-cache-parser.sls' to resolve 'salt://sift/scripts/shim-cache-parser.sls' [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/scripts/shim-cache-parser.sls' to resolve 'salt://sift/scripts/shim-cache-parser.sls' [DEBUG ] Fetching file from saltenv 'base', ** attempting ** 'salt://sift/scripts/shim-cache-parser.sls' [DEBUG ] No dest file found [INFO ] Fetching file from saltenv 'base', ** done ** 'sift/scripts/shim-cache-parser.sls' [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/scripts/shim-cache-parser.sls [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/scripts/shim-cache-parser.sls' using 'jinja' renderer: 0.00162386894226 [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/scripts/shim-cache-parser.sls: include: - sift.python-packages.python-registry # Source: https://github.com/mandiant/ShimCacheParser # License: Apache 2 (https://github.com/mandiant/ShimCacheParser/blob/master/LICENSE) sift-scripts-shim-cache-parser: file.managed: - name: /usr/local/bin/ShimCacheParser.py - source: https://raw.githubusercontent.com/mandiant/ShimCacheParser/d7c517af9f3b09b810c5859ee52a6540f3b25855/ShimCacheParser.py - source_hash: sha256=61e75e485c0efc862e7b1c7746a493ca944afcf3e96512fb864706089f89d9aa - mode: 755 - require: - sls: sift.python-packages.python-registry sift-scripts-shim-cache-parser-shebang: file.prepend: - name: /usr/local/bin/ShimCacheParser.py - text: '#!/usr/bin/env python' - watch: - file: sift-scripts-shim-cache-parser [DEBUG ] Results of YAML rendering: OrderedDict([('include', ['sift.python-packages.python-registry']), ('sift-scripts-shim-cache-parser', OrderedDict([('file.managed', [OrderedDict([('name', '/usr/local/bin/ShimCacheParser.py')]), OrderedDict([('source', 'https://raw.githubusercontent.com/mandiant/ShimCacheParser/d7c517af9f3b09b810c5859ee52a6540f3b25855/ShimCacheParser.py')]), OrderedDict([('source_hash', 'sha256=61e75e485c0efc862e7b1c7746a493ca944afcf3e96512fb864706089f89d9aa')]), OrderedDict([('mode', 755)]), OrderedDict([('require', [OrderedDict([('sls', 'sift.python-packages.python-registry')])])])])])), ('sift-scripts-shim-cache-parser-shebang', OrderedDict([('file.prepend', [OrderedDict([('name', '/usr/local/bin/ShimCacheParser.py')]), OrderedDict([('text', '#!/usr/bin/env python')]), OrderedDict([('watch', [OrderedDict([('file', 'sift-scripts-shim-cache-parser')])])])])]))]) [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/scripts/shim-cache-parser.sls' using 'yaml' renderer: 0.00358009338379 [DEBUG ] In saltenv 'base', looking at rel_path 'sift/scripts/sift.sls' to resolve 'salt://sift/scripts/sift.sls' [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/scripts/sift.sls' to resolve 'salt://sift/scripts/sift.sls' [DEBUG ] Fetching file from saltenv 'base', ** attempting ** 'salt://sift/scripts/sift.sls' [DEBUG ] No dest file found [INFO ] Fetching file from saltenv 'base', ** done ** 'sift/scripts/sift.sls' [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/scripts/sift.sls [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/scripts/sift.sls' using 'jinja' renderer: 0.00177788734436 [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/scripts/sift.sls: scripts-sift-resources-resources: file.directory: - name: /usr/share/sift/resources - user: root - group: root - makedirs: true - require_in: - file: sift-resources scripts-sift-resources-images: file.directory: - name: /usr/share/sift/images - user: root - group: root - makedirs: true - require_in: - file: sift-resources scripts-sift-resources-audio: file.directory: - name: /usr/share/sift/audio - user: root - group: root - makedirs: true - require_in: - file: sift-resources scripts-sift-resources-other: file.directory: - name: /usr/share/sift/other - user: root - group: root - makedirs: true - require_in: - file: sift-resources scripts-sift-resources-scripts: file.directory: - name: /usr/share/sift/scripts - user: root - group: root - makedirs: true - require_in: - file: sift-resources sift-resources: file.recurse: - name: /usr/share/sift - source: salt://sift/files/sift [DEBUG ] Results of YAML rendering: OrderedDict([('scripts-sift-resources-resources', OrderedDict([('file.directory', [OrderedDict([('name', '/usr/share/sift/resources')]), OrderedDict([('user', 'root')]), OrderedDict([('group', 'root')]), OrderedDict([('makedirs', True)]), OrderedDict([('require_in', [OrderedDict([('file', 'sift-resources')])])])])])), ('scripts-sift-resources-images', OrderedDict([('file.directory', [OrderedDict([('name', '/usr/share/sift/images')]), OrderedDict([('user', 'root')]), OrderedDict([('group', 'root')]), OrderedDict([('makedirs', True)]), OrderedDict([('require_in', [OrderedDict([('file', 'sift-resources')])])])])])), ('scripts-sift-resources-audio', OrderedDict([('file.directory', [OrderedDict([('name', '/usr/share/sift/audio')]), OrderedDict([('user', 'root')]), OrderedDict([('group', 'root')]), OrderedDict([('makedirs', True)]), OrderedDict([('require_in', [OrderedDict([('file', 'sift-resources')])])])])])), ('scripts-sift-resources-other', OrderedDict([('file.directory', [OrderedDict([('name', '/usr/share/sift/other')]), OrderedDict([('user', 'root')]), OrderedDict([('group', 'root')]), OrderedDict([('makedirs', True)]), OrderedDict([('require_in', [OrderedDict([('file', 'sift-resources')])])])])])), ('scripts-sift-resources-scripts', OrderedDict([('file.directory', [OrderedDict([('name', '/usr/share/sift/scripts')]), OrderedDict([('user', 'root')]), OrderedDict([('group', 'root')]), OrderedDict([('makedirs', True)]), OrderedDict([('require_in', [OrderedDict([('file', 'sift-resources')])])])])])), ('sift-resources', OrderedDict([('file.recurse', [OrderedDict([('name', '/usr/share/sift')]), OrderedDict([('source', 'salt://sift/files/sift')])])]))]) [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/scripts/sift.sls' using 'yaml' renderer: 0.00867390632629 [DEBUG ] In saltenv 'base', looking at rel_path 'sift/scripts/sorter.sls' to resolve 'salt://sift/scripts/sorter.sls' [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/scripts/sorter.sls' to resolve 'salt://sift/scripts/sorter.sls' [DEBUG ] Fetching file from saltenv 'base', ** attempting ** 'salt://sift/scripts/sorter.sls' [DEBUG ] No dest file found [INFO ] Fetching file from saltenv 'base', ** done ** 'sift/scripts/sorter.sls' [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/scripts/sorter.sls [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/scripts/sorter.sls' using 'jinja' renderer: 0.000729084014893 [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/scripts/sorter.sls: scripts-sorter-directory: file.directory: - name: /usr/share/tsk/sorter - makedirs: true scripts-sorter-files: file.recurse: - name: /usr/share/tsk/sorter - source: salt://sift/files/sorter - file_mode: 644 - require: - file: scripts-sorter-directory [DEBUG ] Results of YAML rendering: OrderedDict([('scripts-sorter-directory', OrderedDict([('file.directory', [OrderedDict([('name', '/usr/share/tsk/sorter')]), OrderedDict([('makedirs', True)])])])), ('scripts-sorter-files', OrderedDict([('file.recurse', [OrderedDict([('name', '/usr/share/tsk/sorter')]), OrderedDict([('source', 'salt://sift/files/sorter')]), OrderedDict([('file_mode', 644)]), OrderedDict([('require', [OrderedDict([('file', 'scripts-sorter-directory')])])])])]))]) [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/scripts/sorter.sls' using 'yaml' renderer: 0.00239896774292 [DEBUG ] In saltenv 'base', looking at rel_path 'sift/scripts/sqlparser.sls' to resolve 'salt://sift/scripts/sqlparser.sls' [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/scripts/sqlparser.sls' to resolve 'salt://sift/scripts/sqlparser.sls' [DEBUG ] Fetching file from saltenv 'base', ** attempting ** 'salt://sift/scripts/sqlparser.sls' [DEBUG ] No dest file found [INFO ] Fetching file from saltenv 'base', ** done ** 'sift/scripts/sqlparser.sls' [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/scripts/sqlparser.sls [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/scripts/sqlparser.sls' using 'jinja' renderer: 0.00144004821777 [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/scripts/sqlparser.sls: # Source: https://github.com/mdegrazia/SQLite-Deleted-Records-Parser # License: Not Specified sift-scripts-sqlparser: file.managed: - name: /usr/local/bin/sqlparser.py - source: https://github.com/mdegrazia/SQLite-Deleted-Records-Parser/releases/download/v.1.1/sqlparse_v1.1.py - source_hash: sha256=0bb28498141380821d5adc43cc3557ce6a96aeb8a33c414a48e3ccc2a1aad8c9 - mode: 755 sift-scripts-sqlparser-shebang: file.prepend: - name: /usr/local/bin/sqlparser.py - text: '#!/usr/bin/env python' - watch: - file: sift-scripts-sqlparser [DEBUG ] Results of YAML rendering: OrderedDict([('sift-scripts-sqlparser', OrderedDict([('file.managed', [OrderedDict([('name', '/usr/local/bin/sqlparser.py')]), OrderedDict([('source', 'https://github.com/mdegrazia/SQLite-Deleted-Records-Parser/releases/download/v.1.1/sqlparse_v1.1.py')]), OrderedDict([('source_hash', 'sha256=0bb28498141380821d5adc43cc3557ce6a96aeb8a33c414a48e3ccc2a1aad8c9')]), OrderedDict([('mode', 755)])])])), ('sift-scripts-sqlparser-shebang', OrderedDict([('file.prepend', [OrderedDict([('name', '/usr/local/bin/sqlparser.py')]), OrderedDict([('text', '#!/usr/bin/env python')]), OrderedDict([('watch', [OrderedDict([('file', 'sift-scripts-sqlparser')])])])])]))]) [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/scripts/sqlparser.sls' using 'yaml' renderer: 0.00300002098083 [DEBUG ] In saltenv 'base', looking at rel_path 'sift/scripts/usbdeviceforensics.sls' to resolve 'salt://sift/scripts/usbdeviceforensics.sls' [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/scripts/usbdeviceforensics.sls' to resolve 'salt://sift/scripts/usbdeviceforensics.sls' [DEBUG ] Fetching file from saltenv 'base', ** attempting ** 'salt://sift/scripts/usbdeviceforensics.sls' [DEBUG ] No dest file found [INFO ] Fetching file from saltenv 'base', ** done ** 'sift/scripts/usbdeviceforensics.sls' [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/scripts/usbdeviceforensics.sls [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/scripts/usbdeviceforensics.sls' using 'jinja' renderer: 0.00155997276306 [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/scripts/usbdeviceforensics.sls: # Source: https://github.com/woanware/usbdeviceforensics # License: Unknown sift-scripts-usbdeviceforensics: file.managed: - name: /usr/local/bin/usbdeviceforensics.py - source: https://raw.githubusercontent.com/woanware/usbdeviceforensics/5a0705d5beca09eab2fd5a47a52240dbc0db5bc9/usbdeviceforensics.py - source_hash: sha256=cc643ae2ccd7b772f6d8a2abaa0e9dd33514c60328c5bc3b7d60bb69398b9637 - mode: 755 sift-scripts-usbdeviceforensics-shebang: file.replace: - name: /usr/local/bin/usbdeviceforensics.py - pattern: '#!/usr/bin/python' - repl: '#!/usr/bin/env python' - count: 1 - watch: - file: sift-scripts-usbdeviceforensics [DEBUG ] Results of YAML rendering: OrderedDict([('sift-scripts-usbdeviceforensics', OrderedDict([('file.managed', [OrderedDict([('name', '/usr/local/bin/usbdeviceforensics.py')]), OrderedDict([('source', 'https://raw.githubusercontent.com/woanware/usbdeviceforensics/5a0705d5beca09eab2fd5a47a52240dbc0db5bc9/usbdeviceforensics.py')]), OrderedDict([('source_hash', 'sha256=cc643ae2ccd7b772f6d8a2abaa0e9dd33514c60328c5bc3b7d60bb69398b9637')]), OrderedDict([('mode', 755)])])])), ('sift-scripts-usbdeviceforensics-shebang', OrderedDict([('file.replace', [OrderedDict([('name', '/usr/local/bin/usbdeviceforensics.py')]), OrderedDict([('pattern', '#!/usr/bin/python')]), OrderedDict([('repl', '#!/usr/bin/env python')]), OrderedDict([('count', 1)]), OrderedDict([('watch', [OrderedDict([('file', 'sift-scripts-usbdeviceforensics')])])])])]))]) [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/scripts/usbdeviceforensics.sls' using 'yaml' renderer: 0.00330090522766 [DEBUG ] In saltenv 'base', looking at rel_path 'sift/scripts/virustotal-tools.sls' to resolve 'salt://sift/scripts/virustotal-tools.sls' [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/scripts/virustotal-tools.sls' to resolve 'salt://sift/scripts/virustotal-tools.sls' [DEBUG ] Fetching file from saltenv 'base', ** attempting ** 'salt://sift/scripts/virustotal-tools.sls' [DEBUG ] No dest file found [INFO ] Fetching file from saltenv 'base', ** done ** 'sift/scripts/virustotal-tools.sls' [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/scripts/virustotal-tools.sls [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/scripts/virustotal-tools.sls' using 'jinja' renderer: 0.00105905532837 [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/scripts/virustotal-tools.sls: # Source: https://blog.didierstevens.com/programs/virustotal-tools/ # License: Unknown, No Copyright sift-scripts-virustotal-search-archive: archive.extracted: - name: /usr/local/src/virustotal-search-v0.1.4 - source: https://didierstevens.com/files/software/virustotal-search_V0_1_4.zip - source_hash: sha256=8c033b3c46767590c54c191aeedc0162b3b8ccde0d7b75841a6552ca9de76044 - enforce_toplevel: False sift-scripts-virustotal-search-script: file.managed: - name: /usr/local/bin/virustotal-search.py - source: /usr/local/src/virustotal-search-v0.1.4/virustotal-search.py - mode: 755 - watch: - archive: sift-scripts-virustotal-search-archive sift-scripts-virustotal-submit-archive: archive.extracted: - name: /usr/local/src/virustotal-submit-v0.0.3 - source: https://didierstevens.com/files/software/virustotal-submit_V0_0_3.zip - source_hash: sha256=37cce3e8469de097912cb23bac6b909c9c7f5a5cee09c9279d32bdb9d6e23bcc - enforce_toplevel: False sift-scripts-virustotal-submit-script: file.managed: - name: /usr/local/bin/virustotal-submit.py - source: /usr/local/src/virustotal-submit-v0.0.3/virustotal-submit.py - mode: 755 - watch: - archive: sift-scripts-virustotal-submit-archive [DEBUG ] Results of YAML rendering: OrderedDict([('sift-scripts-virustotal-search-archive', OrderedDict([('archive.extracted', [OrderedDict([('name', '/usr/local/src/virustotal-search-v0.1.4')]), OrderedDict([('source', 'https://didierstevens.com/files/software/virustotal-search_V0_1_4.zip')]), OrderedDict([('source_hash', 'sha256=8c033b3c46767590c54c191aeedc0162b3b8ccde0d7b75841a6552ca9de76044')]), OrderedDict([('enforce_toplevel', False)])])])), ('sift-scripts-virustotal-search-script', OrderedDict([('file.managed', [OrderedDict([('name', '/usr/local/bin/virustotal-search.py')]), OrderedDict([('source', '/usr/local/src/virustotal-search-v0.1.4/virustotal-search.py')]), OrderedDict([('mode', 755)]), OrderedDict([('watch', [OrderedDict([('archive', 'sift-scripts-virustotal-search-archive')])])])])])), ('sift-scripts-virustotal-submit-archive', OrderedDict([('archive.extracted', [OrderedDict([('name', '/usr/local/src/virustotal-submit-v0.0.3')]), OrderedDict([('source', 'https://didierstevens.com/files/software/virustotal-submit_V0_0_3.zip')]), OrderedDict([('source_hash', 'sha256=37cce3e8469de097912cb23bac6b909c9c7f5a5cee09c9279d32bdb9d6e23bcc')]), OrderedDict([('enforce_toplevel', False)])])])), ('sift-scripts-virustotal-submit-script', OrderedDict([('file.managed', [OrderedDict([('name', '/usr/local/bin/virustotal-submit.py')]), OrderedDict([('source', '/usr/local/src/virustotal-submit-v0.0.3/virustotal-submit.py')]), OrderedDict([('mode', 755)]), OrderedDict([('watch', [OrderedDict([('archive', 'sift-scripts-virustotal-submit-archive')])])])])]))]) [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/scripts/virustotal-tools.sls' using 'yaml' renderer: 0.00609302520752 [DEBUG ] In saltenv 'base', looking at rel_path 'sift/scripts/vshot.sls' to resolve 'salt://sift/scripts/vshot.sls' [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/scripts/vshot.sls' to resolve 'salt://sift/scripts/vshot.sls' [DEBUG ] Fetching file from saltenv 'base', ** attempting ** 'salt://sift/scripts/vshot.sls' [DEBUG ] No dest file found [INFO ] Fetching file from saltenv 'base', ** done ** 'sift/scripts/vshot.sls' [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/scripts/vshot.sls [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/scripts/vshot.sls' using 'jinja' renderer: 0.00159502029419 [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/scripts/vshot.sls: include: - sift.packages.bulk-extractor - sift.packages.python-volatility # Source: https://github.com/williballenthin/python-registry # License: Apache2 - https://github.com/williballenthin/python-registry/blob/master/LICENSE.TXT sift-scripts-vshot: file.managed: - name: /usr/local/bin/vshot - source: https://raw.githubusercontent.com/CrowdStrike/Forensics/62d8ae4ed1ca276f2a1ffe251e1750d10538ae52/vshot - source_hash: sha256=590fb825df2d17f2e83fcbf1a578f39d8c7bd38017d85edfb250c0fb92db8b3a - mode: 755 - require: - pkg: python-volatility - pkg: bulk-extractor [DEBUG ] Results of YAML rendering: OrderedDict([('include', ['sift.packages.bulk-extractor', 'sift.packages.python-volatility']), ('sift-scripts-vshot', OrderedDict([('file.managed', [OrderedDict([('name', '/usr/local/bin/vshot')]), OrderedDict([('source', 'https://raw.githubusercontent.com/CrowdStrike/Forensics/62d8ae4ed1ca276f2a1ffe251e1750d10538ae52/vshot')]), OrderedDict([('source_hash', 'sha256=590fb825df2d17f2e83fcbf1a578f39d8c7bd38017d85edfb250c0fb92db8b3a')]), OrderedDict([('mode', 755)]), OrderedDict([('require', [OrderedDict([('pkg', 'python-volatility')]), OrderedDict([('pkg', 'bulk-extractor')])])])])]))]) [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/scripts/vshot.sls' using 'yaml' renderer: 0.00274395942688 [DEBUG ] Could not find file 'salt://sift/config.sls' in saltenv 'base' [DEBUG ] In saltenv 'base', looking at rel_path 'sift/config/init.sls' to resolve 'salt://sift/config/init.sls' [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/config/init.sls' to resolve 'salt://sift/config/init.sls' [DEBUG ] Fetching file from saltenv 'base', ** attempting ** 'salt://sift/config/init.sls' [DEBUG ] No dest file found [INFO ] Fetching file from saltenv 'base', ** done ** 'sift/config/init.sls' [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/config/init.sls [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/config/init.sls' using 'jinja' renderer: 0.000741004943848 [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/config/init.sls: include: - sift.config.hostname - sift.config.user - sift.config.timezone - sift.config.folders - sift.config.salt-minion - sift.config.samba #- .symlinks sift-config: test.nop: - name: sift-config - require: - sls: sift.config.hostname - sls: sift.config.user - sls: sift.config.timezone - sls: sift.config.folders - sls: sift.config.salt-minion - sls: sift.config.samba [DEBUG ] Results of YAML rendering: OrderedDict([('include', ['sift.config.hostname', 'sift.config.user', 'sift.config.timezone', 'sift.config.folders', 'sift.config.salt-minion', 'sift.config.samba']), ('sift-config', OrderedDict([('test.nop', [OrderedDict([('name', 'sift-config')]), OrderedDict([('require', [OrderedDict([('sls', 'sift.config.hostname')]), OrderedDict([('sls', 'sift.config.user')]), OrderedDict([('sls', 'sift.config.timezone')]), OrderedDict([('sls', 'sift.config.folders')]), OrderedDict([('sls', 'sift.config.salt-minion')]), OrderedDict([('sls', 'sift.config.samba')])])])])]))]) [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/config/init.sls' using 'yaml' renderer: 0.00289297103882 [DEBUG ] In saltenv 'base', looking at rel_path 'sift/config/hostname.sls' to resolve 'salt://sift/config/hostname.sls' [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/config/hostname.sls' to resolve 'salt://sift/config/hostname.sls' [DEBUG ] Fetching file from saltenv 'base', ** attempting ** 'salt://sift/config/hostname.sls' [DEBUG ] No dest file found [INFO ] Fetching file from saltenv 'base', ** done ** 'sift/config/hostname.sls' [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/config/hostname.sls [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/config/hostname.sls' using 'jinja' renderer: 0.00294995307922 [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/config/hostname.sls: hostname-managed: file.managed: - name: /etc/hostname - contents: siftworkstation - backup: false hostname-set-hostname: cmd.run: - name: hostnamectl set-hostname siftworkstation - unless: test "siftworkstation" = "$(hostname)" hostname-set-hosts: host.present: - name: siftworkstation - ip: 127.0.0.1 [DEBUG ] Results of YAML rendering: OrderedDict([('hostname-managed', OrderedDict([('file.managed', [OrderedDict([('name', '/etc/hostname')]), OrderedDict([('contents', 'siftworkstation')]), OrderedDict([('backup', False)])])])), ('hostname-set-hostname', OrderedDict([('cmd.run', [OrderedDict([('name', 'hostnamectl set-hostname siftworkstation')]), OrderedDict([('unless', 'test "siftworkstation" = "$(hostname)"')])])])), ('hostname-set-hosts', OrderedDict([('host.present', [OrderedDict([('name', 'siftworkstation')]), OrderedDict([('ip', '127.0.0.1')])])]))]) [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/config/hostname.sls' using 'yaml' renderer: 0.00274205207825 [DEBUG ] Could not find file 'salt://sift/config/user.sls' in saltenv 'base' [DEBUG ] In saltenv 'base', looking at rel_path 'sift/config/user/init.sls' to resolve 'salt://sift/config/user/init.sls' [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/config/user/init.sls' to resolve 'salt://sift/config/user/init.sls' [DEBUG ] Fetching file from saltenv 'base', ** attempting ** 'salt://sift/config/user/init.sls' [DEBUG ] No dest file found [INFO ] Fetching file from saltenv 'base', ** done ** 'sift/config/user/init.sls' [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/config/user/init.sls [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/config/user/init.sls' using 'jinja' renderer: 0.000821113586426 [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/config/user/init.sls: include: - sift.config.user.user - sift.config.user.bash-aliases - sift.config.user.bash-rc - sift.config.user.folders - sift.config.user.pdfs - sift.config.user.symlinks - sift.config.user.theme sift-config-user: test.nop: - name: sift-config-user - require: - sls: sift.config.user.user - sls: sift.config.user.bash-aliases - sls: sift.config.user.bash-rc - sls: sift.config.user.folders - sls: sift.config.user.pdfs - sls: sift.config.user.symlinks - sls: sift.config.user.theme [DEBUG ] Results of YAML rendering: OrderedDict([('include', ['sift.config.user.user', 'sift.config.user.bash-aliases', 'sift.config.user.bash-rc', 'sift.config.user.folders', 'sift.config.user.pdfs', 'sift.config.user.symlinks', 'sift.config.user.theme']), ('sift-config-user', OrderedDict([('test.nop', [OrderedDict([('name', 'sift-config-user')]), OrderedDict([('require', [OrderedDict([('sls', 'sift.config.user.user')]), OrderedDict([('sls', 'sift.config.user.bash-aliases')]), OrderedDict([('sls', 'sift.config.user.bash-rc')]), OrderedDict([('sls', 'sift.config.user.folders')]), OrderedDict([('sls', 'sift.config.user.pdfs')]), OrderedDict([('sls', 'sift.config.user.symlinks')]), OrderedDict([('sls', 'sift.config.user.theme')])])])])]))]) [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/config/user/init.sls' using 'yaml' renderer: 0.00364208221436 [DEBUG ] In saltenv 'base', looking at rel_path 'sift/config/user/user.sls' to resolve 'salt://sift/config/user/user.sls' [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/config/user/user.sls' to resolve 'salt://sift/config/user/user.sls' [DEBUG ] Fetching file from saltenv 'base', ** attempting ** 'salt://sift/config/user/user.sls' [DEBUG ] No dest file found [INFO ] Fetching file from saltenv 'base', ** done ** 'sift/config/user/user.sls' [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/config/user/user.sls [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] [DEBUG ] LazyLoaded user.list_users [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/config/user/user.sls' using 'jinja' renderer: 0.00603795051575 [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/config/user/user.sls: sift-user-sansforensics: user.present: - name: sansforensics - home: /home/sansforensics [DEBUG ] Results of YAML rendering: OrderedDict([('sift-user-sansforensics', OrderedDict([('user.present', [OrderedDict([('name', 'sansforensics')]), OrderedDict([('home', '/home/sansforensics')])])]))]) [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/config/user/user.sls' using 'yaml' renderer: 0.00113010406494 [DEBUG ] In saltenv 'base', looking at rel_path 'sift/config/user/bash-aliases.sls' to resolve 'salt://sift/config/user/bash-aliases.sls' [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/config/user/bash-aliases.sls' to resolve 'salt://sift/config/user/bash-aliases.sls' [DEBUG ] Fetching file from saltenv 'base', ** attempting ** 'salt://sift/config/user/bash-aliases.sls' [DEBUG ] No dest file found [INFO ] Fetching file from saltenv 'base', ** done ** 'sift/config/user/bash-aliases.sls' [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/config/user/bash-aliases.sls [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/config/user/bash-aliases.sls' using 'jinja' renderer: 0.00180506706238 [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/config/user/bash-aliases.sls: include: - .user bash-aliases-user-sansforensics: file.append: - name: /home/sansforensics/.bash_aliases - text: "alias mountwin='mount -o ro,loop,show_sys_files,streams_interface=windows'" - require: - user: sift-user-sansforensics bash-aliases-user-root: file.append: - name: /root/.bash_aliases - text: "alias mountwin='mount -o ro,loop,show_sys_files,streams_interface=windows'" - require: - file: bash-aliases-user-sansforensics [DEBUG ] Results of YAML rendering: OrderedDict([('include', ['.user']), ('bash-aliases-user-sansforensics', OrderedDict([('file.append', [OrderedDict([('name', '/home/sansforensics/.bash_aliases')]), OrderedDict([('text', "alias mountwin='mount -o ro,loop,show_sys_files,streams_interface=windows'")]), OrderedDict([('require', [OrderedDict([('user', 'sift-user-sansforensics')])])])])])), ('bash-aliases-user-root', OrderedDict([('file.append', [OrderedDict([('name', '/root/.bash_aliases')]), OrderedDict([('text', "alias mountwin='mount -o ro,loop,show_sys_files,streams_interface=windows'")]), OrderedDict([('require', [OrderedDict([('file', 'bash-aliases-user-sansforensics')])])])])]))]) [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/config/user/bash-aliases.sls' using 'yaml' renderer: 0.00292897224426 [DEBUG ] In saltenv 'base', looking at rel_path 'sift/config/user/bash-rc.sls' to resolve 'salt://sift/config/user/bash-rc.sls' [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/config/user/bash-rc.sls' to resolve 'salt://sift/config/user/bash-rc.sls' [DEBUG ] Fetching file from saltenv 'base', ** attempting ** 'salt://sift/config/user/bash-rc.sls' [DEBUG ] No dest file found [INFO ] Fetching file from saltenv 'base', ** done ** 'sift/config/user/bash-rc.sls' [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/config/user/bash-rc.sls [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/config/user/bash-rc.sls' using 'jinja' renderer: 0.00190711021423 [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/config/user/bash-rc.sls: include: - .user rc-noclobber: file.append: - name: /home/sansforensics/.bashrc - text: 'set -o noclobber' - require: - user: sift-user-sansforensics rekall-path: file.append: - name: /home/sansforensics/.bashrc - text: 'export PATH=$PATH:/opt/rekall/bin' - require: - user: sift-user-sansforensics rc-root-noclobber: file.append: - name: /root/.bashrc - text: 'set -o noclobber' - require: - file: rekall-path [DEBUG ] Results of YAML rendering: OrderedDict([('include', ['.user']), ('rc-noclobber', OrderedDict([('file.append', [OrderedDict([('name', '/home/sansforensics/.bashrc')]), OrderedDict([('text', 'set -o noclobber')]), OrderedDict([('require', [OrderedDict([('user', 'sift-user-sansforensics')])])])])])), ('rekall-path', OrderedDict([('file.append', [OrderedDict([('name', '/home/sansforensics/.bashrc')]), OrderedDict([('text', 'export PATH=$PATH:/opt/rekall/bin')]), OrderedDict([('require', [OrderedDict([('user', 'sift-user-sansforensics')])])])])])), ('rc-root-noclobber', OrderedDict([('file.append', [OrderedDict([('name', '/root/.bashrc')]), OrderedDict([('text', 'set -o noclobber')]), OrderedDict([('require', [OrderedDict([('file', 'rekall-path')])])])])]))]) [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/config/user/bash-rc.sls' using 'yaml' renderer: 0.0038890838623 [DEBUG ] In saltenv 'base', looking at rel_path 'sift/config/user/folders.sls' to resolve 'salt://sift/config/user/folders.sls' [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/config/user/folders.sls' to resolve 'salt://sift/config/user/folders.sls' [DEBUG ] Fetching file from saltenv 'base', ** attempting ** 'salt://sift/config/user/folders.sls' [DEBUG ] No dest file found [INFO ] Fetching file from saltenv 'base', ** done ** 'sift/config/user/folders.sls' [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/config/user/folders.sls [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/config/user/folders.sls' using 'jinja' renderer: 0.00175809860229 [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/config/user/folders.sls: include: - .user folders-config-autostart: file.directory: - name: /home/sansforensics/.config/autostart - user: sansforensics - group: sansforensics - makedirs: True - require: - user: sift-user-sansforensics [DEBUG ] Results of YAML rendering: OrderedDict([('include', ['.user']), ('folders-config-autostart', OrderedDict([('file.directory', [OrderedDict([('name', '/home/sansforensics/.config/autostart')]), OrderedDict([('user', 'sansforensics')]), OrderedDict([('group', 'sansforensics')]), OrderedDict([('makedirs', True)]), OrderedDict([('require', [OrderedDict([('user', 'sift-user-sansforensics')])])])])]))]) [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/config/user/folders.sls' using 'yaml' renderer: 0.00205302238464 [DEBUG ] In saltenv 'base', looking at rel_path 'sift/config/user/pdfs.sls' to resolve 'salt://sift/config/user/pdfs.sls' [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/config/user/pdfs.sls' to resolve 'salt://sift/config/user/pdfs.sls' [DEBUG ] Fetching file from saltenv 'base', ** attempting ** 'salt://sift/config/user/pdfs.sls' [DEBUG ] No dest file found [INFO ] Fetching file from saltenv 'base', ** done ** 'sift/config/user/pdfs.sls' [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/config/user/pdfs.sls [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/config/user/pdfs.sls' using 'jinja' renderer: 0.00152397155762 [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/config/user/pdfs.sls: include: - .user pdfs-resource-copy: file.recurse: - name: /home/sansforensics/Desktop - source: salt://sift/files/sift/resources - include_pat: '*.pdf' - require: - user: sift-user-sansforensics [DEBUG ] Results of YAML rendering: OrderedDict([('include', ['.user']), ('pdfs-resource-copy', OrderedDict([('file.recurse', [OrderedDict([('name', '/home/sansforensics/Desktop')]), OrderedDict([('source', 'salt://sift/files/sift/resources')]), OrderedDict([('include_pat', '*.pdf')]), OrderedDict([('require', [OrderedDict([('user', 'sift-user-sansforensics')])])])])]))]) [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/config/user/pdfs.sls' using 'yaml' renderer: 0.00192904472351 [DEBUG ] In saltenv 'base', looking at rel_path 'sift/config/user/symlinks.sls' to resolve 'salt://sift/config/user/symlinks.sls' [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/config/user/symlinks.sls' to resolve 'salt://sift/config/user/symlinks.sls' [DEBUG ] Fetching file from saltenv 'base', ** attempting ** 'salt://sift/config/user/symlinks.sls' [DEBUG ] No dest file found [INFO ] Fetching file from saltenv 'base', ** done ** 'sift/config/user/symlinks.sls' [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/config/user/symlinks.sls [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/config/user/symlinks.sls' using 'jinja' renderer: 0.00261807441711 [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/config/user/symlinks.sls: include: - .user symlinks-user-desktop-directory: file.directory: - name: /home/sansforensics/Desktop - require: - user: sift-user-sansforensics symlinks-mount-points: file.symlink: - name: /home/sansforensics/Desktop/mount_points - target: /mnt - user: sansforensics - group: sansforensics - require: - file: symlinks-user-desktop-directory - user: sift-user-sansforensics symlinks-cases: file.symlink: - name: /home/sansforensics/Desktop/cases - target: /cases - user: sansforensics - group: sansforensics - require: - file: symlinks-user-desktop-directory - user: sift-user-sansforensics [DEBUG ] Results of YAML rendering: OrderedDict([('include', ['.user']), ('symlinks-user-desktop-directory', OrderedDict([('file.directory', [OrderedDict([('name', '/home/sansforensics/Desktop')]), OrderedDict([('require', [OrderedDict([('user', 'sift-user-sansforensics')])])])])])), ('symlinks-mount-points', OrderedDict([('file.symlink', [OrderedDict([('name', '/home/sansforensics/Desktop/mount_points')]), OrderedDict([('target', '/mnt')]), OrderedDict([('user', 'sansforensics')]), OrderedDict([('group', 'sansforensics')]), OrderedDict([('require', [OrderedDict([('file', 'symlinks-user-desktop-directory')]), OrderedDict([('user', 'sift-user-sansforensics')])])])])])), ('symlinks-cases', OrderedDict([('file.symlink', [OrderedDict([('name', '/home/sansforensics/Desktop/cases')]), OrderedDict([('target', '/cases')]), OrderedDict([('user', 'sansforensics')]), OrderedDict([('group', 'sansforensics')]), OrderedDict([('require', [OrderedDict([('file', 'symlinks-user-desktop-directory')]), OrderedDict([('user', 'sift-user-sansforensics')])])])])]))]) [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/config/user/symlinks.sls' using 'yaml' renderer: 0.00528311729431 [DEBUG ] In saltenv 'base', looking at rel_path 'sift/config/user/theme.sls' to resolve 'salt://sift/config/user/theme.sls' [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/config/user/theme.sls' to resolve 'salt://sift/config/user/theme.sls' [DEBUG ] Fetching file from saltenv 'base', ** attempting ** 'salt://sift/config/user/theme.sls' [DEBUG ] No dest file found [INFO ] Fetching file from saltenv 'base', ** done ** 'sift/config/user/theme.sls' [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/config/user/theme.sls [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/config/user/theme.sls' using 'jinja' renderer: 0.00464200973511 [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/config/user/theme.sls: include: - .user theme-set-background-directory: file.directory: - name: /usr/share/backgrounds - makedirs: True theme-set-background: file.managed: - name: /usr/share/backgrounds/warty-final-ubuntu.png - source: salt://sift/files/sift/images/forensics_blue.jpg - replace: True - require: - file: theme-set-background-directory - user: sift-user-sansforensics theme-set-unity-logo-directory: file.directory: - name: /usr/share/unity-greeter - makedirs: True theme-set-unity-logo: file.managed: - name: /usr/share/unity-greeter/logo.png - source: salt://sift/files/sift/images/login_logo.png - replace: True - require: - file: theme-set-unity-logo-directory - user: sift-user-sansforensics theme-manage-autostart: file.directory: - name: /home/sansforensics/.config/autostart/ - makedirs: True theme-manage-gnome-terminal: file.managed: - name: /home/sansforensics/.config/autostart/gnome-terminal.desktop - source: salt://sift/files/sift/other/gnome-terminal.desktop - replace: True - require: - file: theme-manage-autostart - user: sift-user-sansforensics [DEBUG ] Results of YAML rendering: OrderedDict([('include', ['.user']), ('theme-set-background-directory', OrderedDict([('file.directory', [OrderedDict([('name', '/usr/share/backgrounds')]), OrderedDict([('makedirs', True)])])])), ('theme-set-background', OrderedDict([('file.managed', [OrderedDict([('name', '/usr/share/backgrounds/warty-final-ubuntu.png')]), OrderedDict([('source', 'salt://sift/files/sift/images/forensics_blue.jpg')]), OrderedDict([('replace', True)]), OrderedDict([('require', [OrderedDict([('file', 'theme-set-background-directory')]), OrderedDict([('user', 'sift-user-sansforensics')])])])])])), ('theme-set-unity-logo-directory', OrderedDict([('file.directory', [OrderedDict([('name', '/usr/share/unity-greeter')]), OrderedDict([('makedirs', True)])])])), ('theme-set-unity-logo', OrderedDict([('file.managed', [OrderedDict([('name', '/usr/share/unity-greeter/logo.png')]), OrderedDict([('source', 'salt://sift/files/sift/images/login_logo.png')]), OrderedDict([('replace', True)]), OrderedDict([('require', [OrderedDict([('file', 'theme-set-unity-logo-directory')]), OrderedDict([('user', 'sift-user-sansforensics')])])])])])), ('theme-manage-autostart', OrderedDict([('file.directory', [OrderedDict([('name', '/home/sansforensics/.config/autostart/')]), OrderedDict([('makedirs', True)])])])), ('theme-manage-gnome-terminal', OrderedDict([('file.managed', [OrderedDict([('name', '/home/sansforensics/.config/autostart/gnome-terminal.desktop')]), OrderedDict([('source', 'salt://sift/files/sift/other/gnome-terminal.desktop')]), OrderedDict([('replace', True)]), OrderedDict([('require', [OrderedDict([('file', 'theme-manage-autostart')]), OrderedDict([('user', 'sift-user-sansforensics')])])])])]))]) [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/config/user/theme.sls' using 'yaml' renderer: 0.00855994224548 [DEBUG ] In saltenv 'base', looking at rel_path 'sift/config/timezone.sls' to resolve 'salt://sift/config/timezone.sls' [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/config/timezone.sls' to resolve 'salt://sift/config/timezone.sls' [DEBUG ] Fetching file from saltenv 'base', ** attempting ** 'salt://sift/config/timezone.sls' [DEBUG ] No dest file found [INFO ] Fetching file from saltenv 'base', ** done ** 'sift/config/timezone.sls' [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/config/timezone.sls [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/config/timezone.sls' using 'jinja' renderer: 0.00144195556641 [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/config/timezone.sls: Etc/UTC: timezone.system [DEBUG ] Results of YAML rendering: OrderedDict([('Etc/UTC', 'timezone.system')]) [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/config/timezone.sls' using 'yaml' renderer: 0.000504970550537 [DEBUG ] In saltenv 'base', looking at rel_path 'sift/config/folders.sls' to resolve 'salt://sift/config/folders.sls' [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/config/folders.sls' to resolve 'salt://sift/config/folders.sls' [DEBUG ] Fetching file from saltenv 'base', ** attempting ** 'salt://sift/config/folders.sls' [DEBUG ] No dest file found [INFO ] Fetching file from saltenv 'base', ** done ** 'sift/config/folders.sls' [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/config/folders.sls [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/config/folders.sls' using 'jinja' renderer: 0.0045440196991 [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/config/folders.sls: include: - .user config-folder-cases: file.directory: - name: /cases - user: sansforensics - group: root - makedirs: true - dir_mode: 775 - require: - user: sift-user-sansforensics /mnt/usb: file.directory: - user: root - group: root - makedirs: true /mnt/vss: file.directory: - user: root - group: root - makedirs: true /mnt/shadow: file.directory: - user: root - group: root - makedirs: true /mnt/windows_mount: file.directory: - user: root - group: root - makedirs: true /mnt/e01: file.directory: - user: root - group: root - makedirs: true /mnt/aff: file.directory: - user: root - group: root - makedirs: true /mnt/ewf: file.directory: - user: root - group: root - makedirs: true /mnt/bde: file.directory: - user: root - group: root - makedirs: true /mnt/iscsi: file.directory: - user: root - group: root - makedirs: true /mnt/windows_mount1: file.directory: - user: root - group: root - makedirs: true /mnt/windows_mount2: file.directory: - user: root - group: root - makedirs: true /mnt/windows_mount3: file.directory: - user: root - group: root - makedirs: true /mnt/windows_mount4: file.directory: - user: root - group: root - makedirs: true /mnt/windows_mount5: file.directory: - user: root - group: root - makedirs: true /mnt/shadow/vss1: file.directory: - user: root - group: root - makedirs: true /mnt/shadow/vss2: file.directory: - user: root - group: root - makedirs: true /mnt/shadow/vss3: file.directory: - user: root - group: root - makedirs: true /mnt/shadow/vss4: file.directory: - user: root - group: root - makedirs: true /mnt/shadow/vss5: file.directory: - user: root - group: root - makedirs: true /mnt/shadow/vss6: file.directory: - user: root - group: root - makedirs: true /mnt/shadow/vss7: file.directory: - user: root - group: root - makedirs: true /mnt/shadow/vss8: file.directory: - user: root - group: root - makedirs: true /mnt/shadow/vss9: file.directory: - user: root - group: root - makedirs: true /mnt/shadow/vss10: file.directory: - user: root - group: root - makedirs: true /mnt/shadow/vss11: file.directory: - user: root - group: root - makedirs: true /mnt/shadow/vss12: file.directory: - user: root - group: root - makedirs: true /mnt/shadow/vss13: file.directory: - user: root - group: root - makedirs: true /mnt/shadow/vss14: file.directory: - user: root - group: root - makedirs: true /mnt/shadow/vss15: file.directory: - user: root - group: root - makedirs: true /mnt/shadow/vss16: file.directory: - user: root - group: root - makedirs: true /mnt/shadow/vss17: file.directory: - user: root - group: root - makedirs: true /mnt/shadow/vss18: file.directory: - user: root - group: root - makedirs: true /mnt/shadow/vss19: file.directory: - user: root - group: root - makedirs: true /mnt/shadow/vss20: file.directory: - user: root - group: root - makedirs: true /mnt/shadow/vss21: file.directory: - user: root - group: root - makedirs: true /mnt/shadow/vss22: file.directory: - user: root - group: root - makedirs: true /mnt/shadow/vss23: file.directory: - user: root - group: root - makedirs: true /mnt/shadow/vss24: file.directory: - user: root - group: root - makedirs: true /mnt/shadow/vss25: file.directory: - user: root - group: root - makedirs: true /mnt/shadow/vss26: file.directory: - user: root - group: root - makedirs: true /mnt/shadow/vss27: file.directory: - user: root - group: root - makedirs: true /mnt/shadow/vss28: file.directory: - user: root - group: root - makedirs: true /mnt/shadow/vss29: file.directory: - user: root - group: root - makedirs: true /mnt/shadow/vss30: file.directory: - user: root - group: root - makedirs: true [DEBUG ] Results of YAML rendering: OrderedDict([('include', ['.user']), ('config-folder-cases', OrderedDict([('file.directory', [OrderedDict([('name', '/cases')]), OrderedDict([('user', 'sansforensics')]), OrderedDict([('group', 'root')]), OrderedDict([('makedirs', True)]), OrderedDict([('dir_mode', 775)]), OrderedDict([('require', [OrderedDict([('user', 'sift-user-sansforensics')])])])])])), ('/mnt/usb', OrderedDict([('file.directory', [OrderedDict([('user', 'root')]), OrderedDict([('group', 'root')]), OrderedDict([('makedirs', True)])])])), ('/mnt/vss', OrderedDict([('file.directory', [OrderedDict([('user', 'root')]), OrderedDict([('group', 'root')]), OrderedDict([('makedirs', True)])])])), ('/mnt/shadow', OrderedDict([('file.directory', [OrderedDict([('user', 'root')]), OrderedDict([('group', 'root')]), OrderedDict([('makedirs', True)])])])), ('/mnt/windows_mount', OrderedDict([('file.directory', [OrderedDict([('user', 'root')]), OrderedDict([('group', 'root')]), OrderedDict([('makedirs', True)])])])), ('/mnt/e01', OrderedDict([('file.directory', [OrderedDict([('user', 'root')]), OrderedDict([('group', 'root')]), OrderedDict([('makedirs', True)])])])), ('/mnt/aff', OrderedDict([('file.directory', [OrderedDict([('user', 'root')]), OrderedDict([('group', 'root')]), OrderedDict([('makedirs', True)])])])), ('/mnt/ewf', OrderedDict([('file.directory', [OrderedDict([('user', 'root')]), OrderedDict([('group', 'root')]), OrderedDict([('makedirs', True)])])])), ('/mnt/bde', OrderedDict([('file.directory', [OrderedDict([('user', 'root')]), OrderedDict([('group', 'root')]), OrderedDict([('makedirs', True)])])])), ('/mnt/iscsi', OrderedDict([('file.directory', [OrderedDict([('user', 'root')]), OrderedDict([('group', 'root')]), OrderedDict([('makedirs', True)])])])), ('/mnt/windows_mount1', OrderedDict([('file.directory', [OrderedDict([('user', 'root')]), OrderedDict([('group', 'root')]), OrderedDict([('makedirs', True)])])])), ('/mnt/windows_mount2', OrderedDict([('file.directory', [OrderedDict([('user', 'root')]), OrderedDict([('group', 'root')]), OrderedDict([('makedirs', True)])])])), ('/mnt/windows_mount3', OrderedDict([('file.directory', [OrderedDict([('user', 'root')]), OrderedDict([('group', 'root')]), OrderedDict([('makedirs', True)])])])), ('/mnt/windows_mount4', OrderedDict([('file.directory', [OrderedDict([('user', 'root')]), OrderedDict([('group', 'root')]), OrderedDict([('makedirs', True)])])])), ('/mnt/windows_mount5', OrderedDict([('file.directory', [OrderedDict([('user', 'root')]), OrderedDict([('group', 'root')]), OrderedDict([('makedirs', True)])])])), ('/mnt/shadow/vss1', OrderedDict([('file.directory', [OrderedDict([('user', 'root')]), OrderedDict([('group', 'root')]), OrderedDict([('makedirs', True)])])])), ('/mnt/shadow/vss2', OrderedDict([('file.directory', [OrderedDict([('user', 'root')]), OrderedDict([('group', 'root')]), OrderedDict([('makedirs', True)])])])), ('/mnt/shadow/vss3', OrderedDict([('file.directory', [OrderedDict([('user', 'root')]), OrderedDict([('group', 'root')]), OrderedDict([('makedirs', True)])])])), ('/mnt/shadow/vss4', OrderedDict([('file.directory', [OrderedDict([('user', 'root')]), OrderedDict([('group', 'root')]), OrderedDict([('makedirs', True)])])])), ('/mnt/shadow/vss5', OrderedDict([('file.directory', [OrderedDict([('user', 'root')]), OrderedDict([('group', 'root')]), OrderedDict([('makedirs', True)])])])), ('/mnt/shadow/vss6', OrderedDict([('file.directory', [OrderedDict([('user', 'root')]), OrderedDict([('group', 'root')]), OrderedDict([('makedirs', True)])])])), ('/mnt/shadow/vss7', OrderedDict([('file.directory', [OrderedDict([('user', 'root')]), OrderedDict([('group', 'root')]), OrderedDict([('makedirs', True)])])])), ('/mnt/shadow/vss8', OrderedDict([('file.directory', [OrderedDict([('user', 'root')]), OrderedDict([('group', 'root')]), OrderedDict([('makedirs', True)])])])), ('/mnt/shadow/vss9', OrderedDict([('file.directory', [OrderedDict([('user', 'root')]), OrderedDict([('group', 'root')]), OrderedDict([('makedirs', True)])])])), ('/mnt/shadow/vss10', OrderedDict([('file.directory', [OrderedDict([('user', 'root')]), OrderedDict([('group', 'root')]), OrderedDict([('makedirs', True)])])])), ('/mnt/shadow/vss11', OrderedDict([('file.directory', [OrderedDict([('user', 'root')]), OrderedDict([('group', 'root')]), OrderedDict([('makedirs', True)])])])), ('/mnt/shadow/vss12', OrderedDict([('file.directory', [OrderedDict([('user', 'root')]), OrderedDict([('group', 'root')]), OrderedDict([('makedirs', True)])])])), ('/mnt/shadow/vss13', OrderedDict([('file.directory', [OrderedDict([('user', 'root')]), OrderedDict([('group', 'root')]), OrderedDict([('makedirs', True)])])])), ('/mnt/shadow/vss14', OrderedDict([('file.directory', [OrderedDict([('user', 'root')]), OrderedDict([('group', 'root')]), OrderedDict([('makedirs', True)])])])), ('/mnt/shadow/vss15', OrderedDict([('file.directory', [OrderedDict([('user', 'root')]), OrderedDict([('group', 'root')]), OrderedDict([('makedirs', True)])])])), ('/mnt/shadow/vss16', OrderedDict([('file.directory', [OrderedDict([('user', 'root')]), OrderedDict([('group', 'root')]), OrderedDict([('makedirs', True)])])])), ('/mnt/shadow/vss17', OrderedDict([('file.directory', [OrderedDict([('user', 'root')]), OrderedDict([('group', 'root')]), OrderedDict([('makedirs', True)])])])), ('/mnt/shadow/vss18', OrderedDict([('file.directory', [OrderedDict([('user', 'root')]), OrderedDict([('group', 'root')]), OrderedDict([('makedirs', True)])])])), ('/mnt/shadow/vss19', OrderedDict([('file.directory', [OrderedDict([('user', 'root')]), OrderedDict([('group', 'root')]), OrderedDict([('makedirs', True)])])])), ('/mnt/shadow/vss20', OrderedDict([('file.directory', [OrderedDict([('user', 'root')]), OrderedDict([('group', 'root')]), OrderedDict([('makedirs', True)])])])), ('/mnt/shadow/vss21', OrderedDict([('file.directory', [OrderedDict([('user', 'root')]), OrderedDict([('group', 'root')]), OrderedDict([('makedirs', True)])])])), ('/mnt/shadow/vss22', OrderedDict([('file.directory', [OrderedDict([('user', 'root')]), OrderedDict([('group', 'root')]), OrderedDict([('makedirs', True)])])])), ('/mnt/shadow/vss23', OrderedDict([('file.directory', [OrderedDict([('user', 'root')]), OrderedDict([('group', 'root')]), OrderedDict([('makedirs', True)])])])), ('/mnt/shadow/vss24', OrderedDict([('file.directory', [OrderedDict([('user', 'root')]), OrderedDict([('group', 'root')]), OrderedDict([('makedirs', True)])])])), ('/mnt/shadow/vss25', OrderedDict([('file.directory', [OrderedDict([('user', 'root')]), OrderedDict([('group', 'root')]), OrderedDict([('makedirs', True)])])])), ('/mnt/shadow/vss26', OrderedDict([('file.directory', [OrderedDict([('user', 'root')]), OrderedDict([('group', 'root')]), OrderedDict([('makedirs', True)])])])), ('/mnt/shadow/vss27', OrderedDict([('file.directory', [OrderedDict([('user', 'root')]), OrderedDict([('group', 'root')]), OrderedDict([('makedirs', True)])])])), ('/mnt/shadow/vss28', OrderedDict([('file.directory', [OrderedDict([('user', 'root')]), OrderedDict([('group', 'root')]), OrderedDict([('makedirs', True)])])])), ('/mnt/shadow/vss29', OrderedDict([('file.directory', [OrderedDict([('user', 'root')]), OrderedDict([('group', 'root')]), OrderedDict([('makedirs', True)])])])), ('/mnt/shadow/vss30', OrderedDict([('file.directory', [OrderedDict([('user', 'root')]), OrderedDict([('group', 'root')]), OrderedDict([('makedirs', True)])])]))]) [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/config/folders.sls' using 'yaml' renderer: 0.0413839817047 [DEBUG ] In saltenv 'base', looking at rel_path 'sift/config/salt-minion.sls' to resolve 'salt://sift/config/salt-minion.sls' [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/config/salt-minion.sls' to resolve 'salt://sift/config/salt-minion.sls' [DEBUG ] Fetching file from saltenv 'base', ** attempting ** 'salt://sift/config/salt-minion.sls' [DEBUG ] No dest file found [INFO ] Fetching file from saltenv 'base', ** done ** 'sift/config/salt-minion.sls' [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/config/salt-minion.sls [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/config/salt-minion.sls' using 'jinja' renderer: 0.000771999359131 [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/config/salt-minion.sls: salt-minion: service.dead: - name: salt-minion - enable: False [DEBUG ] Results of YAML rendering: OrderedDict([('salt-minion', OrderedDict([('service.dead', [OrderedDict([('name', 'salt-minion')]), OrderedDict([('enable', False)])])]))]) [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/config/salt-minion.sls' using 'yaml' renderer: 0.00114011764526 [DEBUG ] In saltenv 'base', looking at rel_path 'sift/config/samba.sls' to resolve 'salt://sift/config/samba.sls' [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/config/samba.sls' to resolve 'salt://sift/config/samba.sls' [DEBUG ] Fetching file from saltenv 'base', ** attempting ** 'salt://sift/config/samba.sls' [DEBUG ] No dest file found [INFO ] Fetching file from saltenv 'base', ** done ** 'sift/config/samba.sls' [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/config/samba.sls [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/config/samba.sls' using 'jinja' renderer: 0.000813007354736 [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/config/samba.sls: include: - ..packages.samba sift-samba-initial: file.managed: - name: /etc/samba/.sift-samba - contents: | This file indicates to SIFT that it has made the changes to the smb.conf file and prevents it from overwritting it should a user make custom changes. samba-config: file.managed: - name: /etc/samba/smb.conf - source: salt://sift/files/samba/smb.conf - require: - pkg: samba - watch: - file: sift-samba-initial samba-service-smbd: service.running: - name: smbd - watch: - file: /etc/samba/smb.conf samba-service-nmbd: service.running: - name: nmbd - require: - service: samba-service-smbd - watch: - file: /etc/samba/smb.conf [DEBUG ] Results of YAML rendering: OrderedDict([('include', ['..packages.samba']), ('sift-samba-initial', OrderedDict([('file.managed', [OrderedDict([('name', '/etc/samba/.sift-samba')]), OrderedDict([('contents', 'This file indicates to SIFT that it has made the changes to the smb.conf file\nand prevents it from overwritting it should a user make custom changes.\n')])])])), ('samba-config', OrderedDict([('file.managed', [OrderedDict([('name', '/etc/samba/smb.conf')]), OrderedDict([('source', 'salt://sift/files/samba/smb.conf')]), OrderedDict([('require', [OrderedDict([('pkg', 'samba')])])]), OrderedDict([('watch', [OrderedDict([('file', 'sift-samba-initial')])])])])])), ('samba-service-smbd', OrderedDict([('service.running', [OrderedDict([('name', 'smbd')]), OrderedDict([('watch', [OrderedDict([('file', '/etc/samba/smb.conf')])])])])])), ('samba-service-nmbd', OrderedDict([('service.running', [OrderedDict([('name', 'nmbd')]), OrderedDict([('require', [OrderedDict([('service', 'samba-service-smbd')])])]), OrderedDict([('watch', [OrderedDict([('file', '/etc/samba/smb.conf')])])])])]))]) [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/config/samba.sls' using 'yaml' renderer: 0.00523996353149 [DEBUG ] LazyLoaded pkg.install [DEBUG ] LazyLoaded pkg.installed [DEBUG ] Module DSC: Only available on Windows systems [DEBUG ] Module PSGet: Only available on Windows systems [DEBUG ] Could not LazyLoad pkg.ex_mod_init: 'pkg.ex_mod_init' is not available. [INFO ] Running state [python-software-properties] at time 13:13:44.352550 [INFO ] Executing state pkg.installed for python-software-properties [INFO ] Executing command ['dpkg-query', '--showformat', '${Status} ${Package} ${Version} ${Architecture}\n', '-W'] in directory '/home/sansforensics' [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. [DEBUG ] Could not LazyLoad pkg.check_db: 'pkg.check_db' is not available. [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. [INFO ] Executing command ['apt-get', '-q', 'update'] in directory '/home/sansforensics' [INFO ] Executing command ['dpkg', '--get-selections', '*'] in directory '/home/sansforensics' [INFO ] Executing command ['systemd-run', '--scope', 'apt-get', '-q', '-y', '-o', 'DPkg::Options::=--force-confold', '-o', 'DPkg::Options::=--force-confdef', 'install', 'python-software-properties'] in directory '/home/sansforensics' [INFO ] Executing command ['dpkg-query', '--showformat', '${Status} ${Package} ${Version} ${Architecture}\n', '-W'] in directory '/home/sansforensics' [INFO ] Made the following changes: 'python-software-properties' changed from 'absent' to '0.96.20.7' [DEBUG ] Refreshing modules... [INFO ] Loading fresh modules for state activity [DEBUG ] LazyLoaded jinja.render [DEBUG ] LazyLoaded yaml.render [INFO ] Completed state [python-software-properties] at time 13:13:51.359261 duration_in_ms=7006.71 [DEBUG ] LazyLoaded config.option [DEBUG ] LazyLoaded pkg.install [DEBUG ] LazyLoaded pkg.installed [INFO ] Running state [apt-transport-https] at time 13:13:51.427575 [INFO ] Executing state pkg.installed for apt-transport-https [DEBUG ] Module DSC: Only available on Windows systems [DEBUG ] Module PSGet: Only available on Windows systems [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. [INFO ] Package apt-transport-https is already installed [INFO ] Completed state [apt-transport-https] at time 13:13:51.751217 duration_in_ms=323.643 [DEBUG ] LazyLoaded pkgrepo.managed [INFO ] Running state [deb https://apt.dockerproject.org/repo ubuntu-xenial main] at time 13:13:51.756812 [INFO ] Executing state pkgrepo.managed for deb https://apt.dockerproject.org/repo ubuntu-xenial main [INFO ] Executing command ['apt-key', 'export', '58118E89F3A912897C070ADBF76221572C52609D'] in directory '/home/sansforensics' [DEBUG ] stderr: gpg: WARNING: nothing exported [INFO ] Executing command ['apt-key', 'adv', '--keyserver', 'hkp://p80.pool.sks-keyservers.net:80', '--logger-fd', '1', '--recv-keys', '58118E89F3A912897C070ADBF76221572C52609D'] in directory '/home/sansforensics' [DEBUG ] stdout: Executing: /tmp/tmp.b7Grok9A7D/gpg.1.sh --keyserver hkp://p80.pool.sks-keyservers.net:80 --logger-fd 1 --recv-keys 58118E89F3A912897C070ADBF76221572C52609D gpg: requesting key 2C52609D from hkp server p80.pool.sks-keyservers.net gpg: key 2C52609D: public key "Docker Release Tool (releasedocker) " imported gpg: Total number processed: 1 gpg: imported: 1 [DEBUG ] stderr: (RSA: 1) [INFO ] Executing command ['apt-get', '-q', 'update'] in directory '/home/sansforensics' [INFO ] {'repo': 'deb https://apt.dockerproject.org/repo ubuntu-xenial main'} [INFO ] Completed state [deb https://apt.dockerproject.org/repo ubuntu-xenial main] at time 13:13:59.864832 duration_in_ms=8108.019 [INFO ] Running state [sift-gift-dev] at time 13:13:59.865238 [INFO ] Executing state pkgrepo.absent for sift-gift-dev [INFO ] Package repo ppa:gift/dev is absent [INFO ] Completed state [sift-gift-dev] at time 13:14:00.493877 duration_in_ms=628.638 [INFO ] Running state [gift] at time 13:14:00.500412 [INFO ] Executing state pkgrepo.managed for gift [INFO ] Executing command ['apt-add-repository', '-y', 'ppa:gift/stable'] in directory '/home/sansforensics' [DEBUG ] stdout: OK [DEBUG ] stderr: gpg: keyring `/tmp/tmp_74b19m3/secring.gpg' created gpg: keyring `/tmp/tmp_74b19m3/pubring.gpg' created gpg: requesting key 10C598B8 from hkp server keyserver.ubuntu.com gpg: /tmp/tmp_74b19m3/trustdb.gpg: trustdb created gpg: key 10C598B8: public key "Launchpad PPA for Google Investigative Forensic Toolkit" imported gpg: Total number processed: 1 gpg: imported: 1 (RSA: 1) [INFO ] Executing command ['apt-get', '-q', 'update'] in directory '/home/sansforensics' [INFO ] {'repo': 'ppa:gift/stable'} [INFO ] Completed state [gift] at time 13:14:10.143111 duration_in_ms=9642.699 [INFO ] Running state [sift-dev] at time 13:14:10.143280 [INFO ] Executing state pkgrepo.absent for sift-dev [INFO ] Package repo ppa:sift/dev is absent [INFO ] Completed state [sift-dev] at time 13:14:10.710101 duration_in_ms=566.82 [INFO ] Running state [sift-repo] at time 13:14:10.716194 [INFO ] Executing state pkgrepo.managed for sift-repo [INFO ] Executing command ['apt-add-repository', '-y', 'ppa:sift/stable'] in directory '/home/sansforensics' [DEBUG ] stdout: OK [DEBUG ] stderr: gpg: keyring `/tmp/tmpr37894ia/secring.gpg' created gpg: keyring `/tmp/tmpr37894ia/pubring.gpg' created gpg: requesting key 0744BEC3 from hkp server keyserver.ubuntu.com gpg: /tmp/tmpr37894ia/trustdb.gpg: trustdb created gpg: key 0744BEC3: public key "Launchpad PPA for SANS Investigative Forensics Toolkit" imported gpg: Total number processed: 1 gpg: imported: 1 (RSA: 1) [INFO ] Executing command ['apt-get', '-q', 'update'] in directory '/home/sansforensics' [INFO ] {'repo': 'ppa:sift/stable'} [INFO ] Completed state [sift-repo] at time 13:14:20.170564 duration_in_ms=9454.37 [INFO ] Running state [openjdk-repo] at time 13:14:20.173685 [INFO ] Executing state pkgrepo.managed for openjdk-repo [INFO ] Executing command ['apt-add-repository', '-y', 'ppa:openjdk-r/ppa'] in directory '/home/sansforensics' [DEBUG ] stdout: OK [DEBUG ] stderr: gpg: keyring `/tmp/tmph1x4hzyy/secring.gpg' created gpg: keyring `/tmp/tmph1x4hzyy/pubring.gpg' created gpg: requesting key 86F44E2A from hkp server keyserver.ubuntu.com gpg: /tmp/tmph1x4hzyy/trustdb.gpg: trustdb created gpg: key 86F44E2A: public key "Launchpad OpenJDK builds (all archs)" imported gpg: Total number processed: 1 gpg: imported: 1 (RSA: 1) [INFO ] Executing command ['apt-get', '-q', 'update'] in directory '/home/sansforensics' [INFO ] {'repo': 'ppa:openjdk-r/ppa'} [INFO ] Completed state [openjdk-repo] at time 13:14:29.424589 duration_in_ms=9250.904 [INFO ] Running state [deb http://archive.ubuntu.com/ubuntu/ xenial multiverse] at time 13:14:29.424864 [INFO ] Executing state pkgrepo.managed for deb http://archive.ubuntu.com/ubuntu/ xenial multiverse [INFO ] Executing command ['apt-get', '-q', 'update'] in directory '/home/sansforensics' [INFO ] {'repo': 'deb http://archive.ubuntu.com/ubuntu xenial multiverse'} [INFO ] Completed state [deb http://archive.ubuntu.com/ubuntu/ xenial multiverse] at time 13:14:39.192969 duration_in_ms=9768.105 [INFO ] Running state [deb http://archive.ubuntu.com/ubuntu/ xenial-security multiverse] at time 13:14:39.193184 [INFO ] Executing state pkgrepo.managed for deb http://archive.ubuntu.com/ubuntu/ xenial-security multiverse [INFO ] Executing command ['apt-get', '-q', 'update'] in directory '/home/sansforensics' [INFO ] {'repo': 'deb http://archive.ubuntu.com/ubuntu xenial-security multiverse'} [INFO ] Completed state [deb http://archive.ubuntu.com/ubuntu/ xenial-security multiverse] at time 13:14:48.094971 duration_in_ms=8901.786 [INFO ] Running state [deb http://archive.ubuntu.com/ubuntu/ xenial universe] at time 13:14:48.096236 [INFO ] Executing state pkgrepo.managed for deb http://archive.ubuntu.com/ubuntu/ xenial universe [INFO ] Executing command ['apt-get', '-q', 'update'] in directory '/home/sansforensics' [INFO ] {'repo': 'deb http://archive.ubuntu.com/ubuntu xenial universe'} [INFO ] Completed state [deb http://archive.ubuntu.com/ubuntu/ xenial universe] at time 13:15:20.051584 duration_in_ms=31955.347 [DEBUG ] LazyLoaded test.nop [INFO ] Running state [ubuntutweak] at time 13:15:20.052996 [INFO ] Executing state test.nop for ubuntutweak [INFO ] Success! [INFO ] Completed state [ubuntutweak] at time 13:15:20.053538 duration_in_ms=0.542 [INFO ] Running state [sift-repos] at time 13:15:20.064042 [INFO ] Executing state test.nop for sift-repos [INFO ] Success! [INFO ] Completed state [sift-repos] at time 13:15:20.064541 duration_in_ms=0.5 [INFO ] Running state [binplist] at time 13:15:20.064673 [INFO ] Executing state pkg.removed for binplist [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. [INFO ] All specified packages are already absent [INFO ] Completed state [binplist] at time 13:15:20.075013 duration_in_ms=10.34 [INFO ] Running state [unity-webapps-common] at time 13:15:20.075173 [INFO ] Executing state pkg.removed for unity-webapps-common [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. [INFO ] Executing command ['systemd-run', '--scope', 'apt-get', '-q', '-y', 'remove', 'unity-webapps-common'] in directory '/home/sansforensics' [INFO ] Executing command ['dpkg-query', '--showformat', '${Status} ${Package} ${Version} ${Architecture}\n', '-W'] in directory '/home/sansforensics' [INFO ] Made the following changes: 'unity-webapps-common' changed from '2.4.17+15.10.20150616-0ubuntu2' to 'absent' [DEBUG ] Refreshing modules... [INFO ] Loading fresh modules for state activity [DEBUG ] LazyLoaded jinja.render [DEBUG ] LazyLoaded yaml.render [INFO ] Completed state [unity-webapps-common] at time 13:15:23.196256 duration_in_ms=3121.083 [DEBUG ] LazyLoaded config.option [DEBUG ] LazyLoaded pkg.install [DEBUG ] LazyLoaded pkg.installed [INFO ] Running state [aeskeyfind] at time 13:15:23.202168 [INFO ] Executing state pkg.installed for aeskeyfind [DEBUG ] Module DSC: Only available on Windows systems [DEBUG ] Module PSGet: Only available on Windows systems [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. [DEBUG ] Could not LazyLoad pkg.check_db: 'pkg.check_db' is not available. [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. [INFO ] Executing command ['dpkg', '--get-selections', '*'] in directory '/home/sansforensics' [INFO ] Executing command ['systemd-run', '--scope', 'apt-get', '-q', '-y', '-o', 'DPkg::Options::=--force-confold', '-o', 'DPkg::Options::=--force-confdef', 'install', 'aeskeyfind'] in directory '/home/sansforensics' [INFO ] Executing command ['dpkg-query', '--showformat', '${Status} ${Package} ${Version} ${Architecture}\n', '-W'] in directory '/home/sansforensics' [INFO ] Made the following changes: 'aeskeyfind' changed from 'absent' to '1:1.0-3' [DEBUG ] Refreshing modules... [INFO ] Loading fresh modules for state activity [DEBUG ] LazyLoaded jinja.render [DEBUG ] LazyLoaded yaml.render [INFO ] Completed state [aeskeyfind] at time 13:15:27.186495 duration_in_ms=3984.328 [DEBUG ] LazyLoaded config.option [DEBUG ] LazyLoaded pkg.install [DEBUG ] LazyLoaded pkg.installed [INFO ] Running state [afflib-tools] at time 13:15:27.192368 [INFO ] Executing state pkg.installed for afflib-tools [DEBUG ] Module DSC: Only available on Windows systems [DEBUG ] Module PSGet: Only available on Windows systems [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. [DEBUG ] Could not LazyLoad pkg.check_db: 'pkg.check_db' is not available. [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. [INFO ] Executing command ['dpkg', '--get-selections', '*'] in directory '/home/sansforensics' [INFO ] Executing command ['systemd-run', '--scope', 'apt-get', '-q', '-y', '-o', 'DPkg::Options::=--force-confold', '-o', 'DPkg::Options::=--force-confdef', 'install', 'afflib-tools'] in directory '/home/sansforensics' [INFO ] Executing command ['dpkg-query', '--showformat', '${Status} ${Package} ${Version} ${Architecture}\n', '-W'] in directory '/home/sansforensics' [INFO ] Made the following changes: 'afflib-tools' changed from 'absent' to '3.7.7-3' 'libafflib0v5' changed from 'absent' to '3.7.7-3' [DEBUG ] Refreshing modules... [INFO ] Loading fresh modules for state activity [DEBUG ] LazyLoaded jinja.render [DEBUG ] LazyLoaded yaml.render [INFO ] Completed state [afflib-tools] at time 13:15:32.248922 duration_in_ms=5056.554 [DEBUG ] LazyLoaded config.option [DEBUG ] LazyLoaded pkg.install [DEBUG ] LazyLoaded pkg.installed [INFO ] Running state [afterglow] at time 13:15:32.254554 [INFO ] Executing state pkg.installed for afterglow [DEBUG ] Module DSC: Only available on Windows systems [DEBUG ] Module PSGet: Only available on Windows systems [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. [DEBUG ] Could not LazyLoad pkg.check_db: 'pkg.check_db' is not available. [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. [INFO ] Executing command ['dpkg', '--get-selections', '*'] in directory '/home/sansforensics' [INFO ] Executing command ['systemd-run', '--scope', 'apt-get', '-q', '-y', '-o', 'DPkg::Options::=--force-confold', '-o', 'DPkg::Options::=--force-confdef', 'install', 'afterglow'] in directory '/home/sansforensics' [INFO ] Executing command ['dpkg-query', '--showformat', '${Status} ${Package} ${Version} ${Architecture}\n', '-W'] in directory '/home/sansforensics' [INFO ] Made the following changes: 'afterglow' changed from 'absent' to '1.6.4-trusy1' [DEBUG ] Refreshing modules... [INFO ] Loading fresh modules for state activity [DEBUG ] LazyLoaded jinja.render [DEBUG ] LazyLoaded yaml.render [INFO ] Completed state [afterglow] at time 13:15:36.155050 duration_in_ms=3900.496 [DEBUG ] LazyLoaded config.option [DEBUG ] LazyLoaded pkg.install [DEBUG ] LazyLoaded pkg.installed [INFO ] Running state [aircrack-ng] at time 13:15:36.160882 [INFO ] Executing state pkg.installed for aircrack-ng [DEBUG ] Module DSC: Only available on Windows systems [DEBUG ] Module PSGet: Only available on Windows systems [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. [DEBUG ] Could not LazyLoad pkg.check_db: 'pkg.check_db' is not available. [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. [INFO ] Executing command ['dpkg', '--get-selections', '*'] in directory '/home/sansforensics' [INFO ] Executing command ['systemd-run', '--scope', 'apt-get', '-q', '-y', '-o', 'DPkg::Options::=--force-confold', '-o', 'DPkg::Options::=--force-confdef', 'install', 'aircrack-ng'] in directory '/home/sansforensics' [INFO ] Executing command ['dpkg-query', '--showformat', '${Status} ${Package} ${Version} ${Architecture}\n', '-W'] in directory '/home/sansforensics' [INFO ] Made the following changes: 'ieee-data' changed from 'absent' to '20150531.1' 'aircrack-ng' changed from 'absent' to '1:1.2-0~beta3-4' [DEBUG ] Refreshing modules... [INFO ] Loading fresh modules for state activity [DEBUG ] LazyLoaded jinja.render [DEBUG ] LazyLoaded yaml.render [INFO ] Completed state [aircrack-ng] at time 13:15:43.474837 duration_in_ms=7313.956 [DEBUG ] LazyLoaded config.option [DEBUG ] LazyLoaded pkg.install [DEBUG ] LazyLoaded pkg.installed [INFO ] Running state [apache2] at time 13:15:43.481430 [INFO ] Executing state pkg.installed for apache2 [DEBUG ] Module DSC: Only available on Windows systems [DEBUG ] Module PSGet: Only available on Windows systems [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. [DEBUG ] Could not LazyLoad pkg.check_db: 'pkg.check_db' is not available. [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. [INFO ] Executing command ['dpkg', '--get-selections', '*'] in directory '/home/sansforensics' [INFO ] Executing command ['systemd-run', '--scope', 'apt-get', '-q', '-y', '-o', 'DPkg::Options::=--force-confold', '-o', 'DPkg::Options::=--force-confdef', 'install', 'apache2'] in directory '/home/sansforensics' [INFO ] Executing command ['dpkg-query', '--showformat', '${Status} ${Package} ${Version} ${Architecture}\n', '-W'] in directory '/home/sansforensics' [INFO ] Made the following changes: 'apache2-data' changed from 'absent' to '2.4.18-2ubuntu3.3' 'libapr1' changed from 'absent' to '1.5.2-3' 'apache2-utils' changed from 'absent' to '2.4.18-2ubuntu3.3' 'libaprutil1-ldap' changed from 'absent' to '1.5.4-1build1' 'apache2-api-20120211' changed from 'absent' to '1' 'httpd' changed from 'absent' to '1' 'apache2' changed from 'absent' to '2.4.18-2ubuntu3.3' 'liblua5.1-0' changed from 'absent' to '5.1.5-8ubuntu1' 'libaprutil1-dbd-sqlite3' changed from 'absent' to '1.5.4-1build1' 'httpd-cgi' changed from 'absent' to '1' 'apache2-bin' changed from 'absent' to '2.4.18-2ubuntu3.3' 'libaprutil1' changed from 'absent' to '1.5.4-1build1' [DEBUG ] Refreshing modules... [INFO ] Loading fresh modules for state activity [DEBUG ] LazyLoaded jinja.render [DEBUG ] LazyLoaded yaml.render [INFO ] Completed state [apache2] at time 13:15:54.948387 duration_in_ms=11466.957 [DEBUG ] LazyLoaded config.option [DEBUG ] LazyLoaded pkg.install [DEBUG ] LazyLoaded pkg.installed [INFO ] Running state [arp-scan] at time 13:15:54.954017 [INFO ] Executing state pkg.installed for arp-scan [DEBUG ] Module DSC: Only available on Windows systems [DEBUG ] Module PSGet: Only available on Windows systems [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. [DEBUG ] Could not LazyLoad pkg.check_db: 'pkg.check_db' is not available. [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. [INFO ] Executing command ['dpkg', '--get-selections', '*'] in directory '/home/sansforensics' [INFO ] Executing command ['systemd-run', '--scope', 'apt-get', '-q', '-y', '-o', 'DPkg::Options::=--force-confold', '-o', 'DPkg::Options::=--force-confdef', 'install', 'arp-scan'] in directory '/home/sansforensics' [INFO ] Executing command ['dpkg-query', '--showformat', '${Status} ${Package} ${Version} ${Architecture}\n', '-W'] in directory '/home/sansforensics' [INFO ] Made the following changes: 'arp-scan' changed from 'absent' to '1.8.1-2ubuntu1' [DEBUG ] Refreshing modules... [INFO ] Loading fresh modules for state activity [DEBUG ] LazyLoaded jinja.render [DEBUG ] LazyLoaded yaml.render [INFO ] Completed state [arp-scan] at time 13:15:59.679465 duration_in_ms=4725.449 [DEBUG ] LazyLoaded config.option [DEBUG ] LazyLoaded pkg.install [DEBUG ] LazyLoaded pkg.installed [INFO ] Running state [autopsy] at time 13:15:59.685018 [INFO ] Executing state pkg.installed for autopsy [DEBUG ] Module DSC: Only available on Windows systems [DEBUG ] Module PSGet: Only available on Windows systems [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. [DEBUG ] Could not LazyLoad pkg.check_db: 'pkg.check_db' is not available. [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. [INFO ] Executing command ['dpkg', '--get-selections', '*'] in directory '/home/sansforensics' [INFO ] Executing command ['systemd-run', '--scope', 'apt-get', '-q', '-y', '-o', 'DPkg::Options::=--force-confold', '-o', 'DPkg::Options::=--force-confdef', 'install', 'autopsy'] in directory '/home/sansforensics' [INFO ] Executing command ['dpkg-query', '--showformat', '${Status} ${Package} ${Version} ${Architecture}\n', '-W'] in directory '/home/sansforensics' [INFO ] Made the following changes: 'sleuthkit' changed from 'absent' to '4.2.0-13sift1~xenial' 'libewf2' changed from 'absent' to '20140608-6' 'libtsk' changed from 'absent' to '4.2.0-13sift1~xenial' 'autopsy' changed from 'absent' to '2.24-1.1' 'libbfio1' changed from 'absent' to '20160108-1' [DEBUG ] Refreshing modules... [INFO ] Loading fresh modules for state activity [DEBUG ] LazyLoaded jinja.render [DEBUG ] LazyLoaded yaml.render [INFO ] Completed state [autopsy] at time 13:16:15.213067 duration_in_ms=15528.049 [DEBUG ] LazyLoaded config.option [DEBUG ] LazyLoaded pkg.install [DEBUG ] LazyLoaded pkg.installed [INFO ] Running state [bcrypt] at time 13:16:15.218642 [INFO ] Executing state pkg.installed for bcrypt [DEBUG ] Module DSC: Only available on Windows systems [DEBUG ] Module PSGet: Only available on Windows systems [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. [DEBUG ] Could not LazyLoad pkg.check_db: 'pkg.check_db' is not available. [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. [INFO ] Executing command ['dpkg', '--get-selections', '*'] in directory '/home/sansforensics' [INFO ] Executing command ['systemd-run', '--scope', 'apt-get', '-q', '-y', '-o', 'DPkg::Options::=--force-confold', '-o', 'DPkg::Options::=--force-confdef', 'install', 'bcrypt'] in directory '/home/sansforensics' [INFO ] Executing command ['dpkg-query', '--showformat', '${Status} ${Package} ${Version} ${Architecture}\n', '-W'] in directory '/home/sansforensics' [INFO ] Made the following changes: 'bcrypt' changed from 'absent' to '1.1-8.1' [DEBUG ] Refreshing modules... [INFO ] Loading fresh modules for state activity [DEBUG ] LazyLoaded jinja.render [DEBUG ] LazyLoaded yaml.render [INFO ] Completed state [bcrypt] at time 13:16:19.754052 duration_in_ms=4535.41 [DEBUG ] LazyLoaded config.option [DEBUG ] LazyLoaded pkg.install [DEBUG ] LazyLoaded pkg.installed [INFO ] Running state [bitpim] at time 13:16:19.759213 [INFO ] Executing state pkg.installed for bitpim [DEBUG ] Module DSC: Only available on Windows systems [DEBUG ] Module PSGet: Only available on Windows systems [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. [DEBUG ] Could not LazyLoad pkg.check_db: 'pkg.check_db' is not available. [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. [INFO ] Executing command ['dpkg', '--get-selections', '*'] in directory '/home/sansforensics' [INFO ] Executing command ['systemd-run', '--scope', 'apt-get', '-q', '-y', '-o', 'DPkg::Options::=--force-confold', '-o', 'DPkg::Options::=--force-confdef', 'install', 'bitpim'] in directory '/home/sansforensics' [INFO ] Executing command ['dpkg-query', '--showformat', '${Status} ${Package} ${Version} ${Architecture}\n', '-W'] in directory '/home/sansforensics' [INFO ] Made the following changes: 'python-ecdsa' changed from 'absent' to '0.13-2' 'python-wxversion' changed from 'absent' to '3.0.2.0+dfsg-1build1' 'bitpim' changed from 'absent' to '1.0.7+sift5~xenial' 'python2.7-dsv' changed from 'absent' to '1' 'libwxbase3.0-0v5' changed from 'absent' to '3.0.2+dfsg-1.3ubuntu0.1' 'python-wxgtk3.0' changed from 'absent' to '3.0.2.0+dfsg-1build1' 'bitpim-lib' changed from 'absent' to '1.0.7+sift5~xenial' 'libwxgtk3.0-0v5' changed from 'absent' to '3.0.2+dfsg-1.3ubuntu0.1' 'python2.7-wxgtk3.0' changed from 'absent' to '1' 'python-serial' changed from 'absent' to '3.0.1-1' 'python-apsw' changed from 'absent' to '3.8.11.1-r1-1build1' 'python-dsv' changed from 'absent' to '1.4.1-3' 'python-paramiko' changed from 'absent' to '1.16.0-1' 'python2.7-paramiko' changed from 'absent' to '1' [DEBUG ] Refreshing modules... [INFO ] Loading fresh modules for state activity [DEBUG ] LazyLoaded jinja.render [DEBUG ] LazyLoaded yaml.render [INFO ] Completed state [bitpim] at time 13:16:52.685940 duration_in_ms=32926.727 [DEBUG ] LazyLoaded config.option [DEBUG ] LazyLoaded pkg.install [DEBUG ] LazyLoaded pkg.installed [INFO ] Running state [bitpim-lib] at time 13:16:52.691624 [INFO ] Executing state pkg.installed for bitpim-lib [DEBUG ] Module DSC: Only available on Windows systems [DEBUG ] Module PSGet: Only available on Windows systems [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. [INFO ] Package bitpim-lib is already installed [INFO ] Completed state [bitpim-lib] at time 13:16:52.948861 duration_in_ms=257.237 [INFO ] Running state [bkhive] at time 13:16:52.949031 [INFO ] Executing state pkg.installed for bkhive [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. [DEBUG ] Could not LazyLoad pkg.check_db: 'pkg.check_db' is not available. [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. [INFO ] Executing command ['dpkg', '--get-selections', '*'] in directory '/home/sansforensics' [INFO ] Executing command ['systemd-run', '--scope', 'apt-get', '-q', '-y', '-o', 'DPkg::Options::=--force-confold', '-o', 'DPkg::Options::=--force-confdef', 'install', 'bkhive'] in directory '/home/sansforensics' [INFO ] Executing command ['dpkg-query', '--showformat', '${Status} ${Package} ${Version} ${Architecture}\n', '-W'] in directory '/home/sansforensics' [INFO ] Made the following changes: 'samdump2' changed from 'absent' to '3.0.0-3' 'bkhive' changed from 'absent' to '3.0.0-3' [DEBUG ] Refreshing modules... [INFO ] Loading fresh modules for state activity [DEBUG ] LazyLoaded jinja.render [DEBUG ] LazyLoaded yaml.render [INFO ] Completed state [bkhive] at time 13:16:57.152481 duration_in_ms=4203.45 [DEBUG ] LazyLoaded config.option [DEBUG ] LazyLoaded pkg.install [DEBUG ] LazyLoaded pkg.installed [INFO ] Running state [bless] at time 13:16:57.158174 [INFO ] Executing state pkg.installed for bless [DEBUG ] Module DSC: Only available on Windows systems [DEBUG ] Module PSGet: Only available on Windows systems [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. [DEBUG ] Could not LazyLoad pkg.check_db: 'pkg.check_db' is not available. [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. [INFO ] Executing command ['dpkg', '--get-selections', '*'] in directory '/home/sansforensics' [INFO ] Executing command ['systemd-run', '--scope', 'apt-get', '-q', '-y', '-o', 'DPkg::Options::=--force-confold', '-o', 'DPkg::Options::=--force-confdef', 'install', 'bless'] in directory '/home/sansforensics' [INFO ] Executing command ['dpkg-query', '--showformat', '${Status} ${Package} ${Version} ${Architecture}\n', '-W'] in directory '/home/sansforensics' [INFO ] Made the following changes: 'libmono-system-drawing4.0-cil' changed from 'absent' to '4.2.1.102+dfsg2-7ubuntu4' 'mono-4.0-gac' changed from 'absent' to '4.2.1.102+dfsg2-7ubuntu4' 'cli-runtime' changed from 'absent' to '1' 'cli-virtual-machine' changed from 'absent' to '1' 'libmono-i18n-west4.0-cil' changed from 'absent' to '4.2.1.102+dfsg2-7ubuntu4' 'cli-common' changed from 'absent' to '0.9+nmu1' 'libgtk2.0-cil' changed from 'absent' to '2.12.10-6' 'libmono-cairo4.0-cil' changed from 'absent' to '4.2.1.102+dfsg2-7ubuntu4' 'docbook-xml' changed from 'absent' to '4.5-7.3' 'libmono-corlib4.5-cil' changed from 'absent' to '4.2.1.102+dfsg2-7ubuntu4' 'mono-runtime' changed from 'absent' to '4.2.1.102+dfsg2-7ubuntu4' 'ca-certificates-mono' changed from 'absent' to '4.2.1.102+dfsg2-7ubuntu4' 'global-assembly-cache-tool' changed from 'absent' to '1' 'libmono-system-security4.0-cil' changed from 'absent' to '4.2.1.102+dfsg2-7ubuntu4' 'docbk-xml' changed from 'absent' to '1' 'mono-runtime-sgen' changed from 'absent' to '4.2.1.102+dfsg2-7ubuntu4' 'libmono-posix4.0-cil' changed from 'absent' to '4.2.1.102+dfsg2-7ubuntu4' 'rarian-compat' changed from 'absent' to '0.8.1-6' 'libgdiplus' changed from 'absent' to '4.2-1ubuntu1' 'librarian0' changed from 'absent' to '0.8.1-6' 'sgml-data' changed from 'absent' to '2.0.10' 'binfmt-support' changed from 'absent' to '2.1.6-1' 'mono-gac' changed from 'absent' to '4.2.1.102+dfsg2-7ubuntu4' 'mono-runtime-common' changed from 'absent' to '4.2.1.102+dfsg2-7ubuntu4' 'libmono-system-configuration4.0-cil' changed from 'absent' to '4.2.1.102+dfsg2-7ubuntu4' 'libmono-i18n4.0-cil' changed from 'absent' to '4.2.1.102+dfsg2-7ubuntu4' 'libglade2-0' changed from 'absent' to '1:2.6.4-2' 'scrollkeeper' changed from 'absent' to '1' 'libmono-system4.0-cil' changed from 'absent' to '4.2.1.102+dfsg2-7ubuntu4' 'libgif7' changed from 'absent' to '5.1.4-0.3~16.04' 'bless' changed from 'absent' to '0.6.0-51sift1~trusty' 'libmono-system-xml4.0-cil' changed from 'absent' to '4.2.1.102+dfsg2-7ubuntu4' 'libmono-security4.0-cil' changed from 'absent' to '4.2.1.102+dfsg2-7ubuntu4' 'libglade2.0-cil' changed from 'absent' to '2.12.10-6' 'libglib2.0-cil' changed from 'absent' to '2.12.10-6' [DEBUG ] Refreshing modules... [INFO ] Loading fresh modules for state activity [DEBUG ] LazyLoaded jinja.render [DEBUG ] LazyLoaded yaml.render [INFO ] Completed state [bless] at time 13:17:31.154533 duration_in_ms=33996.359 [DEBUG ] LazyLoaded config.option [DEBUG ] LazyLoaded pkg.install [DEBUG ] LazyLoaded pkg.installed [INFO ] Running state [blt] at time 13:17:31.160235 [INFO ] Executing state pkg.installed for blt [DEBUG ] Module DSC: Only available on Windows systems [DEBUG ] Module PSGet: Only available on Windows systems [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. [DEBUG ] Could not LazyLoad pkg.check_db: 'pkg.check_db' is not available. [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. [INFO ] Executing command ['dpkg', '--get-selections', '*'] in directory '/home/sansforensics' [INFO ] Executing command ['systemd-run', '--scope', 'apt-get', '-q', '-y', '-o', 'DPkg::Options::=--force-confold', '-o', 'DPkg::Options::=--force-confdef', 'install', 'blt'] in directory '/home/sansforensics' [INFO ] Executing command ['dpkg-query', '--showformat', '${Status} ${Package} ${Version} ${Architecture}\n', '-W'] in directory '/home/sansforensics' [INFO ] Made the following changes: 'blt' changed from 'absent' to '2.5.3+dfsg-3' 'tk8.6-blt2.5' changed from 'absent' to '2.5.3+dfsg-3' [DEBUG ] Refreshing modules... [INFO ] Loading fresh modules for state activity [DEBUG ] LazyLoaded jinja.render [DEBUG ] LazyLoaded yaml.render [INFO ] Completed state [blt] at time 13:17:36.552945 duration_in_ms=5392.71 [DEBUG ] LazyLoaded config.option [DEBUG ] LazyLoaded pkg.install [DEBUG ] LazyLoaded pkg.installed [INFO ] Running state [build-essential] at time 13:17:36.558376 [INFO ] Executing state pkg.installed for build-essential [DEBUG ] Module DSC: Only available on Windows systems [DEBUG ] Module PSGet: Only available on Windows systems [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. [INFO ] Package build-essential is already installed [INFO ] Completed state [build-essential] at time 13:17:36.817681 duration_in_ms=259.305 [INFO ] Running state [bulk-extractor] at time 13:17:36.822120 [INFO ] Executing state pkg.installed for bulk-extractor [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. [DEBUG ] Could not LazyLoad pkg.check_db: 'pkg.check_db' is not available. [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. [INFO ] Executing command ['dpkg', '--get-selections', '*'] in directory '/home/sansforensics' [INFO ] Executing command ['systemd-run', '--scope', 'apt-get', '-q', '-y', '-o', 'DPkg::Options::=--force-confold', '-o', 'DPkg::Options::=--force-confdef', 'install', 'bulk-extractor'] in directory '/home/sansforensics' [INFO ] Executing command ['dpkg-query', '--showformat', '${Status} ${Package} ${Version} ${Architecture}\n', '-W'] in directory '/home/sansforensics' [INFO ] Made the following changes: 'java-common' changed from 'absent' to '0.56ubuntu2' 'libxt-dev' changed from 'absent' to '1:1.1.5-0ubuntu1' 'xtrans-dev' changed from 'absent' to '1.3.5-1' 'libz-dev' changed from 'absent' to '1' 'libbonobo2-common' changed from 'absent' to '2.32.1-3' 'libfl-dev' changed from 'absent' to '2.6.0-11' 'liborbit-2-0' changed from 'absent' to '1:2.14.19-1build1' 'xorg-sgml-doctools' changed from 'absent' to '1:1.11-1' 'openjdk-7-jre' changed from 'absent' to '7u95-2.6.4-3' 'libbfio-dev' changed from 'absent' to '20160108-1' 'libatk-wrapper-java' changed from 'absent' to '0.33.3-6' 'libsigsegv2' changed from 'absent' to '2.10-4' 'libgnomevfs2-0' changed from 'absent' to '1:2.24.4-6.1ubuntu1' 'x11proto-kb-dev' changed from 'absent' to '1.0.7-0ubuntu1' 'libsm-dev' changed from 'absent' to '2:1.2.2-1' 'libbonobo2-0' changed from 'absent' to '2.32.1-3' 'libssl-doc' changed from 'absent' to '1.0.2g-1ubuntu4.8' 'libsctp1' changed from 'absent' to '1.0.16+dfsg-3' 'm4' changed from 'absent' to '1.4.17-5' 'libxdmcp-dev' changed from 'absent' to '1:1.1.2-1.1' 'libxau-dev' changed from 'absent' to '1:1.0.8-1' 'libx11-dev' changed from 'absent' to '2:1.6.3-1ubuntu2' 'libpthread-stubs0-dev' changed from 'absent' to '0.3-4' 'libgnome2-common' changed from 'absent' to '2.32.1-5ubuntu1' 'flex' changed from 'absent' to '2.6.0-11' 'x11proto-core-dev' changed from 'absent' to '7.0.28-2ubuntu1' 'libice-dev' changed from 'absent' to '2:1.0.9-1' 'libssl-dev' changed from 'absent' to '1.0.2g-1ubuntu4.8' 'libx11-doc' changed from 'absent' to '2:1.6.3-1ubuntu2' 'fonts-dejavu-extra' changed from 'absent' to '2.35-1' 'libewf-dev' changed from 'absent' to '20140608-6' 'bulk-extractor' changed from 'absent' to '1.5.5-trusty2' 'openjdk-7-jdk' changed from 'absent' to '7u95-2.6.4-3' 'openjdk-7-jre-headless' changed from 'absent' to '7u95-2.6.4-3' 'libatk-wrapper-java-jni' changed from 'absent' to '0.33.3-6' 'liblightgrep' changed from 'absent' to '1.2.1-trusty1' 'libgnomevfs2-common' changed from 'absent' to '1:2.24.4-6.1ubuntu1' 'libgnome-2-0' changed from 'absent' to '2.32.1-5ubuntu1' 'x11proto-input-dev' changed from 'absent' to '2.3.1-1' 'ca-certificates-java' changed from 'absent' to '20160321' 'libxcb1-dev' changed from 'absent' to '1.11.1-1ubuntu1' 'zlib1g-dev' changed from 'absent' to '1:1.2.8.dfsg-2ubuntu4.1' [DEBUG ] Refreshing modules... [INFO ] Loading fresh modules for state activity [DEBUG ] LazyLoaded jinja.render [DEBUG ] LazyLoaded yaml.render [INFO ] Completed state [bulk-extractor] at time 13:19:42.704854 duration_in_ms=125882.733 [DEBUG ] LazyLoaded config.option [DEBUG ] LazyLoaded pkg.install [DEBUG ] LazyLoaded pkg.installed [INFO ] Running state [cabextract] at time 13:19:42.710581 [INFO ] Executing state pkg.installed for cabextract [DEBUG ] Module DSC: Only available on Windows systems [DEBUG ] Module PSGet: Only available on Windows systems [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. [DEBUG ] Could not LazyLoad pkg.check_db: 'pkg.check_db' is not available. [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. [INFO ] Executing command ['dpkg', '--get-selections', '*'] in directory '/home/sansforensics' [INFO ] Executing command ['systemd-run', '--scope', 'apt-get', '-q', '-y', '-o', 'DPkg::Options::=--force-confold', '-o', 'DPkg::Options::=--force-confdef', 'install', 'cabextract'] in directory '/home/sansforensics' [INFO ] Executing command ['dpkg-query', '--showformat', '${Status} ${Package} ${Version} ${Architecture}\n', '-W'] in directory '/home/sansforensics' [INFO ] Made the following changes: 'cabextract' changed from 'absent' to '1.6-1' [DEBUG ] Refreshing modules... [INFO ] Loading fresh modules for state activity [DEBUG ] LazyLoaded jinja.render [DEBUG ] LazyLoaded yaml.render [INFO ] Completed state [cabextract] at time 13:19:47.500539 duration_in_ms=4789.958 [DEBUG ] LazyLoaded config.option [DEBUG ] LazyLoaded pkg.install [DEBUG ] LazyLoaded pkg.installed [INFO ] Running state [ccrypt] at time 13:19:47.506926 [INFO ] Executing state pkg.installed for ccrypt [DEBUG ] Module DSC: Only available on Windows systems [DEBUG ] Module PSGet: Only available on Windows systems [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. [DEBUG ] Could not LazyLoad pkg.check_db: 'pkg.check_db' is not available. [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. [INFO ] Executing command ['dpkg', '--get-selections', '*'] in directory '/home/sansforensics' [INFO ] Executing command ['systemd-run', '--scope', 'apt-get', '-q', '-y', '-o', 'DPkg::Options::=--force-confold', '-o', 'DPkg::Options::=--force-confdef', 'install', 'ccrypt'] in directory '/home/sansforensics' [INFO ] Executing command ['dpkg-query', '--showformat', '${Status} ${Package} ${Version} ${Architecture}\n', '-W'] in directory '/home/sansforensics' [INFO ] Made the following changes: 'ccrypt' changed from 'absent' to '1.10-4' [DEBUG ] Refreshing modules... [INFO ] Loading fresh modules for state activity [DEBUG ] LazyLoaded jinja.render [DEBUG ] LazyLoaded yaml.render [INFO ] Completed state [ccrypt] at time 13:19:52.145995 duration_in_ms=4639.068 [DEBUG ] LazyLoaded config.option [DEBUG ] LazyLoaded pkg.install [DEBUG ] LazyLoaded pkg.installed [INFO ] Running state [cifs-utils] at time 13:19:52.151372 [INFO ] Executing state pkg.installed for cifs-utils [DEBUG ] Module DSC: Only available on Windows systems [DEBUG ] Module PSGet: Only available on Windows systems [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. [DEBUG ] Could not LazyLoad pkg.check_db: 'pkg.check_db' is not available. [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. [INFO ] Executing command ['dpkg', '--get-selections', '*'] in directory '/home/sansforensics' [INFO ] Executing command ['systemd-run', '--scope', 'apt-get', '-q', '-y', '-o', 'DPkg::Options::=--force-confold', '-o', 'DPkg::Options::=--force-confdef', 'install', 'cifs-utils'] in directory '/home/sansforensics' [INFO ] Executing command ['dpkg-query', '--showformat', '${Status} ${Package} ${Version} ${Architecture}\n', '-W'] in directory '/home/sansforensics' [INFO ] Made the following changes: 'keyutils' changed from 'absent' to '1.5.9-8ubuntu1' 'python2.7-ldb' changed from 'absent' to '1' 'python-ldb' changed from 'absent' to '2:1.1.24-1ubuntu3' 'cifs-utils' changed from 'absent' to '2:6.4-1ubuntu1.1' 'samba-common-bin' changed from 'absent' to '2:4.3.11+dfsg-0ubuntu0.16.04.8' 'python-samba' changed from 'absent' to '2:4.3.11+dfsg-0ubuntu0.16.04.8' 'samba-common' changed from 'absent' to '2:4.3.11+dfsg-0ubuntu0.16.04.8' 'python2.7-tdb' changed from 'absent' to '1' 'python2.7-samba' changed from 'absent' to '1' 'python-tdb' changed from 'absent' to '1.3.8-2' [DEBUG ] Refreshing modules... [INFO ] Loading fresh modules for state activity [DEBUG ] LazyLoaded jinja.render [DEBUG ] LazyLoaded yaml.render [INFO ] Completed state [cifs-utils] at time 13:20:01.857874 duration_in_ms=9706.501 [DEBUG ] LazyLoaded config.option [DEBUG ] LazyLoaded pkg.install [DEBUG ] LazyLoaded pkg.installed [INFO ] Running state [clamav] at time 13:20:01.863487 [INFO ] Executing state pkg.installed for clamav [DEBUG ] Module DSC: Only available on Windows systems [DEBUG ] Module PSGet: Only available on Windows systems [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. [DEBUG ] Could not LazyLoad pkg.check_db: 'pkg.check_db' is not available. [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. [INFO ] Executing command ['dpkg', '--get-selections', '*'] in directory '/home/sansforensics' [INFO ] Executing command ['systemd-run', '--scope', 'apt-get', '-q', '-y', '-o', 'DPkg::Options::=--force-confold', '-o', 'DPkg::Options::=--force-confdef', 'install', 'clamav'] in directory '/home/sansforensics' [INFO ] Executing command ['dpkg-query', '--showformat', '${Status} ${Package} ${Version} ${Architecture}\n', '-W'] in directory '/home/sansforensics' [INFO ] Made the following changes: 'libclamav7' changed from 'absent' to '0.99.2+dfsg-0ubuntu0.16.04.1' 'libllvm3.6v5' changed from 'absent' to '1:3.6.2-3ubuntu2' 'clamav-base' changed from 'absent' to '0.99.2+dfsg-0ubuntu0.16.04.1' 'clamav-data' changed from 'absent' to '1' 'clamav-freshclam' changed from 'absent' to '0.99.2+dfsg-0ubuntu0.16.04.1' 'clamav' changed from 'absent' to '0.99.2+dfsg-0ubuntu0.16.04.1' [DEBUG ] Refreshing modules... [INFO ] Loading fresh modules for state activity [DEBUG ] LazyLoaded jinja.render [DEBUG ] LazyLoaded yaml.render [INFO ] Completed state [clamav] at time 13:20:25.382732 duration_in_ms=23519.246 [DEBUG ] LazyLoaded config.option [DEBUG ] LazyLoaded pkg.install [DEBUG ] LazyLoaded pkg.installed [INFO ] Running state [cmospwd] at time 13:20:25.388236 [INFO ] Executing state pkg.installed for cmospwd [DEBUG ] Module DSC: Only available on Windows systems [DEBUG ] Module PSGet: Only available on Windows systems [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. [DEBUG ] Could not LazyLoad pkg.check_db: 'pkg.check_db' is not available. [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. [INFO ] Executing command ['dpkg', '--get-selections', '*'] in directory '/home/sansforensics' [INFO ] Executing command ['systemd-run', '--scope', 'apt-get', '-q', '-y', '-o', 'DPkg::Options::=--force-confold', '-o', 'DPkg::Options::=--force-confdef', 'install', 'cmospwd'] in directory '/home/sansforensics' [INFO ] Executing command ['dpkg-query', '--showformat', '${Status} ${Package} ${Version} ${Architecture}\n', '-W'] in directory '/home/sansforensics' [INFO ] Made the following changes: 'cmospwd' changed from 'absent' to '5.0+dfsg-2' [DEBUG ] Refreshing modules... [INFO ] Loading fresh modules for state activity [DEBUG ] LazyLoaded jinja.render [DEBUG ] LazyLoaded yaml.render [INFO ] Completed state [cmospwd] at time 13:20:30.484298 duration_in_ms=5096.061 [DEBUG ] LazyLoaded config.option [DEBUG ] LazyLoaded pkg.install [DEBUG ] LazyLoaded pkg.installed [INFO ] Running state [cryptcat] at time 13:20:30.491664 [INFO ] Executing state pkg.installed for cryptcat [DEBUG ] Module DSC: Only available on Windows systems [DEBUG ] Module PSGet: Only available on Windows systems [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. [DEBUG ] Could not LazyLoad pkg.check_db: 'pkg.check_db' is not available. [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. [INFO ] Executing command ['dpkg', '--get-selections', '*'] in directory '/home/sansforensics' [INFO ] Executing command ['systemd-run', '--scope', 'apt-get', '-q', '-y', '-o', 'DPkg::Options::=--force-confold', '-o', 'DPkg::Options::=--force-confdef', 'install', 'cryptcat'] in directory '/home/sansforensics' [INFO ] Executing command ['dpkg-query', '--showformat', '${Status} ${Package} ${Version} ${Architecture}\n', '-W'] in directory '/home/sansforensics' [INFO ] Made the following changes: 'cryptcat' changed from 'absent' to '20031202-4' [DEBUG ] Refreshing modules... [INFO ] Loading fresh modules for state activity [DEBUG ] LazyLoaded jinja.render [DEBUG ] LazyLoaded yaml.render [INFO ] Completed state [cryptcat] at time 13:20:35.161142 duration_in_ms=4669.478 [DEBUG ] LazyLoaded config.option [DEBUG ] LazyLoaded pkg.install [DEBUG ] LazyLoaded pkg.installed [INFO ] Running state [cryptsetup] at time 13:20:35.168629 [INFO ] Executing state pkg.installed for cryptsetup [DEBUG ] Module DSC: Only available on Windows systems [DEBUG ] Module PSGet: Only available on Windows systems [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. [DEBUG ] Could not LazyLoad pkg.check_db: 'pkg.check_db' is not available. [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. [INFO ] Executing command ['dpkg', '--get-selections', '*'] in directory '/home/sansforensics' [INFO ] Executing command ['systemd-run', '--scope', 'apt-get', '-q', '-y', '-o', 'DPkg::Options::=--force-confold', '-o', 'DPkg::Options::=--force-confdef', 'install', 'cryptsetup'] in directory '/home/sansforensics' [INFO ] Executing command ['dpkg-query', '--showformat', '${Status} ${Package} ${Version} ${Architecture}\n', '-W'] in directory '/home/sansforensics' [INFO ] Made the following changes: 'cryptsetup-luks' changed from 'absent' to '1' 'cryptsetup' changed from 'absent' to '2:1.6.6-5ubuntu2' 'dmsetup' changed from 'absent' to '2:1.02.110-1ubuntu10' 'cryptsetup-bin' changed from 'absent' to '2:1.6.6-5ubuntu2' [DEBUG ] Refreshing modules... [INFO ] Loading fresh modules for state activity [DEBUG ] LazyLoaded jinja.render [DEBUG ] LazyLoaded yaml.render [INFO ] Completed state [cryptsetup] at time 13:20:55.145714 duration_in_ms=19977.085 [DEBUG ] LazyLoaded config.option [DEBUG ] LazyLoaded pkg.install [DEBUG ] LazyLoaded pkg.installed [INFO ] Running state [curl] at time 13:20:55.151534 [INFO ] Executing state pkg.installed for curl [DEBUG ] Module DSC: Only available on Windows systems [DEBUG ] Module PSGet: Only available on Windows systems [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. [DEBUG ] Could not LazyLoad pkg.check_db: 'pkg.check_db' is not available. [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. [INFO ] Executing command ['dpkg', '--get-selections', '*'] in directory '/home/sansforensics' [INFO ] Executing command ['systemd-run', '--scope', 'apt-get', '-q', '-y', '-o', 'DPkg::Options::=--force-confold', '-o', 'DPkg::Options::=--force-confdef', 'install', 'curl'] in directory '/home/sansforensics' [INFO ] Executing command ['dpkg-query', '--showformat', '${Status} ${Package} ${Version} ${Architecture}\n', '-W'] in directory '/home/sansforensics' [INFO ] Made the following changes: 'curl' changed from 'absent' to '7.47.0-1ubuntu2.2' [DEBUG ] Refreshing modules... [INFO ] Loading fresh modules for state activity [DEBUG ] LazyLoaded jinja.render [DEBUG ] LazyLoaded yaml.render [INFO ] Completed state [curl] at time 13:20:59.908144 duration_in_ms=4756.61 [DEBUG ] LazyLoaded config.option [DEBUG ] LazyLoaded pkg.install [DEBUG ] LazyLoaded pkg.installed [INFO ] Running state [dc3dd] at time 13:20:59.914052 [INFO ] Executing state pkg.installed for dc3dd [DEBUG ] Module DSC: Only available on Windows systems [DEBUG ] Module PSGet: Only available on Windows systems [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. [DEBUG ] Could not LazyLoad pkg.check_db: 'pkg.check_db' is not available. [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. [INFO ] Executing command ['dpkg', '--get-selections', '*'] in directory '/home/sansforensics' [INFO ] Executing command ['systemd-run', '--scope', 'apt-get', '-q', '-y', '-o', 'DPkg::Options::=--force-confold', '-o', 'DPkg::Options::=--force-confdef', 'install', 'dc3dd'] in directory '/home/sansforensics' [INFO ] Executing command ['dpkg-query', '--showformat', '${Status} ${Package} ${Version} ${Architecture}\n', '-W'] in directory '/home/sansforensics' [INFO ] Made the following changes: 'dc3dd' changed from 'absent' to '7.2.641-3' [DEBUG ] Refreshing modules... [INFO ] Loading fresh modules for state activity [DEBUG ] LazyLoaded jinja.render [DEBUG ] LazyLoaded yaml.render [INFO ] Completed state [dc3dd] at time 13:21:04.829052 duration_in_ms=4915.001 [DEBUG ] LazyLoaded config.option [DEBUG ] LazyLoaded pkg.install [DEBUG ] LazyLoaded pkg.installed [INFO ] Running state [dcfldd] at time 13:21:04.835470 [INFO ] Executing state pkg.installed for dcfldd [DEBUG ] Module DSC: Only available on Windows systems [DEBUG ] Module PSGet: Only available on Windows systems [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. [DEBUG ] Could not LazyLoad pkg.check_db: 'pkg.check_db' is not available. [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. [INFO ] Executing command ['dpkg', '--get-selections', '*'] in directory '/home/sansforensics' [INFO ] Executing command ['systemd-run', '--scope', 'apt-get', '-q', '-y', '-o', 'DPkg::Options::=--force-confold', '-o', 'DPkg::Options::=--force-confdef', 'install', 'dcfldd'] in directory '/home/sansforensics' [INFO ] Executing command ['dpkg-query', '--showformat', '${Status} ${Package} ${Version} ${Architecture}\n', '-W'] in directory '/home/sansforensics' [INFO ] Made the following changes: 'dcfldd' changed from 'absent' to '1.3.4.1-9' [DEBUG ] Refreshing modules... [INFO ] Loading fresh modules for state activity [DEBUG ] LazyLoaded jinja.render [DEBUG ] LazyLoaded yaml.render [INFO ] Completed state [dcfldd] at time 13:21:09.352323 duration_in_ms=4516.852 [DEBUG ] LazyLoaded config.option [DEBUG ] LazyLoaded pkg.install [DEBUG ] LazyLoaded pkg.installed [INFO ] Running state [dconf-tools] at time 13:21:09.358026 [INFO ] Executing state pkg.installed for dconf-tools [DEBUG ] Module DSC: Only available on Windows systems [DEBUG ] Module PSGet: Only available on Windows systems [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. [DEBUG ] Could not LazyLoad pkg.check_db: 'pkg.check_db' is not available. [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. [INFO ] Executing command ['dpkg', '--get-selections', '*'] in directory '/home/sansforensics' [INFO ] Executing command ['systemd-run', '--scope', 'apt-get', '-q', '-y', '-o', 'DPkg::Options::=--force-confold', '-o', 'DPkg::Options::=--force-confdef', 'install', 'dconf-tools'] in directory '/home/sansforensics' [INFO ] Executing command ['dpkg-query', '--showformat', '${Status} ${Package} ${Version} ${Architecture}\n', '-W'] in directory '/home/sansforensics' [INFO ] Made the following changes: 'dconf-editor' changed from 'absent' to '3.18.2-1' 'dconf-tools' changed from 'absent' to '0.24.0-2' [DEBUG ] Refreshing modules... [INFO ] Loading fresh modules for state activity [DEBUG ] LazyLoaded jinja.render [DEBUG ] LazyLoaded yaml.render [INFO ] Completed state [dconf-tools] at time 13:21:15.283301 duration_in_ms=5925.275 [DEBUG ] LazyLoaded config.option [DEBUG ] LazyLoaded pkg.install [DEBUG ] LazyLoaded pkg.installed [INFO ] Running state [docker-engine] at time 13:21:15.290753 [INFO ] Executing state pkg.installed for docker-engine [DEBUG ] Module DSC: Only available on Windows systems [DEBUG ] Module PSGet: Only available on Windows systems [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. [DEBUG ] Could not LazyLoad pkg.check_db: 'pkg.check_db' is not available. [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. [INFO ] Executing command ['dpkg', '--get-selections', '*'] in directory '/home/sansforensics' [INFO ] Executing command ['systemd-run', '--scope', 'apt-get', '-q', '-y', '-o', 'DPkg::Options::=--force-confold', '-o', 'DPkg::Options::=--force-confdef', 'install', 'docker-engine'] in directory '/home/sansforensics' [INFO ] Executing command ['dpkg-query', '--showformat', '${Status} ${Package} ${Version} ${Architecture}\n', '-W'] in directory '/home/sansforensics' [INFO ] Made the following changes: 'git' changed from 'absent' to '1:2.7.4-0ubuntu1.1' 'liberror-perl' changed from 'absent' to '0.17-1.2' 'docker-engine' changed from 'absent' to '17.05.0~ce-0~ubuntu-xenial' 'aufs-tools' changed from 'absent' to '1:3.2+20130722-1.1ubuntu1' 'git-man' changed from 'absent' to '1:2.7.4-0ubuntu1.1' 'cgroupfs-mount' changed from 'absent' to '1.2' 'git-core' changed from 'absent' to '1' 'git-completion' changed from 'absent' to '1' [DEBUG ] Refreshing modules... [INFO ] Loading fresh modules for state activity [DEBUG ] LazyLoaded jinja.render [DEBUG ] LazyLoaded yaml.render [INFO ] Completed state [docker-engine] at time 13:21:35.112311 duration_in_ms=19821.559 [DEBUG ] LazyLoaded config.option [DEBUG ] LazyLoaded pkg.install [DEBUG ] LazyLoaded pkg.installed [INFO ] Running state [driftnet] at time 13:21:35.117991 [INFO ] Executing state pkg.installed for driftnet [DEBUG ] Module DSC: Only available on Windows systems [DEBUG ] Module PSGet: Only available on Windows systems [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. [DEBUG ] Could not LazyLoad pkg.check_db: 'pkg.check_db' is not available. [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. [INFO ] Executing command ['dpkg', '--get-selections', '*'] in directory '/home/sansforensics' [INFO ] Executing command ['systemd-run', '--scope', 'apt-get', '-q', '-y', '-o', 'DPkg::Options::=--force-confold', '-o', 'DPkg::Options::=--force-confdef', 'install', 'driftnet'] in directory '/home/sansforensics' [ERROR ] Command '['systemd-run', '--scope', 'apt-get', '-q', '-y', '-o', 'DPkg::Options::=--force-confold', '-o', 'DPkg::Options::=--force-confdef', 'install', 'driftnet']' failed with return code: 100 [ERROR ] stderr: Running scope as unit run-rd791eb01d76f47c7b2913e42fd965bef.scope. E: Could not get lock /var/lib/dpkg/lock - open (11: Resource temporarily unavailable) E: Unable to lock the administration directory (/var/lib/dpkg/), is another process using it? [ERROR ] retcode: 100 [INFO ] Executing command ['dpkg-query', '--showformat', '${Status} ${Package} ${Version} ${Architecture}\n', '-W'] in directory '/home/sansforensics' [ERROR ] Problem encountered installing package(s). Additional info follows: errors: - Running scope as unit run-rd791eb01d76f47c7b2913e42fd965bef.scope. E: Could not get lock /var/lib/dpkg/lock - open (11: Resource temporarily unavailable) E: Unable to lock the administration directory (/var/lib/dpkg/), is another process using it? [INFO ] Completed state [driftnet] at time 13:21:35.638994 duration_in_ms=521.003 [INFO ] Running state [dsniff] at time 13:21:35.639228 [INFO ] Executing state pkg.installed for dsniff [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. [DEBUG ] Could not LazyLoad pkg.check_db: 'pkg.check_db' is not available. [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. [INFO ] Executing command ['dpkg', '--get-selections', '*'] in directory '/home/sansforensics' [INFO ] Executing command ['systemd-run', '--scope', 'apt-get', '-q', '-y', '-o', 'DPkg::Options::=--force-confold', '-o', 'DPkg::Options::=--force-confdef', 'install', 'dsniff'] in directory '/home/sansforensics' [ERROR ] Command '['systemd-run', '--scope', 'apt-get', '-q', '-y', '-o', 'DPkg::Options::=--force-confold', '-o', 'DPkg::Options::=--force-confdef', 'install', 'dsniff']' failed with return code: 100 [ERROR ] stderr: Running scope as unit run-r0449a242f023401c8547159a02cefc88.scope. E: Could not get lock /var/lib/dpkg/lock - open (11: Resource temporarily unavailable) E: Unable to lock the administration directory (/var/lib/dpkg/), is another process using it? [ERROR ] retcode: 100 [INFO ] Executing command ['dpkg-query', '--showformat', '${Status} ${Package} ${Version} ${Architecture}\n', '-W'] in directory '/home/sansforensics' [ERROR ] Problem encountered installing package(s). Additional info follows: errors: - Running scope as unit run-r0449a242f023401c8547159a02cefc88.scope. E: Could not get lock /var/lib/dpkg/lock - open (11: Resource temporarily unavailable) E: Unable to lock the administration directory (/var/lib/dpkg/), is another process using it? [INFO ] Completed state [dsniff] at time 13:21:35.843334 duration_in_ms=204.104 [INFO ] Running state [dumbpig] at time 13:21:35.843596 [INFO ] Executing state pkg.installed for dumbpig [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. [DEBUG ] Could not LazyLoad pkg.check_db: 'pkg.check_db' is not available. [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. [INFO ] Executing command ['dpkg', '--get-selections', '*'] in directory '/home/sansforensics' [INFO ] Executing command ['systemd-run', '--scope', 'apt-get', '-q', '-y', '-o', 'DPkg::Options::=--force-confold', '-o', 'DPkg::Options::=--force-confdef', 'install', 'dumbpig'] in directory '/home/sansforensics' [ERROR ] Command '['systemd-run', '--scope', 'apt-get', '-q', '-y', '-o', 'DPkg::Options::=--force-confold', '-o', 'DPkg::Options::=--force-confdef', 'install', 'dumbpig']' failed with return code: 100 [ERROR ] stderr: Running scope as unit run-r2214e0b637a84a5186e9a64118800ba4.scope. E: Could not get lock /var/lib/dpkg/lock - open (11: Resource temporarily unavailable) E: Unable to lock the administration directory (/var/lib/dpkg/), is another process using it? [ERROR ] retcode: 100 [INFO ] Executing command ['dpkg-query', '--showformat', '${Status} ${Package} ${Version} ${Architecture}\n', '-W'] in directory '/home/sansforensics' [ERROR ] Problem encountered installing package(s). Additional info follows: errors: - Running scope as unit run-r2214e0b637a84a5186e9a64118800ba4.scope. E: Could not get lock /var/lib/dpkg/lock - open (11: Resource temporarily unavailable) E: Unable to lock the administration directory (/var/lib/dpkg/), is another process using it? [INFO ] Completed state [dumbpig] at time 13:21:36.064588 duration_in_ms=220.992 [INFO ] Running state [e2fslibs-dev] at time 13:21:36.065065 [INFO ] Executing state pkg.installed for e2fslibs-dev [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. [DEBUG ] Could not LazyLoad pkg.check_db: 'pkg.check_db' is not available. [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. [INFO ] Executing command ['dpkg', '--get-selections', '*'] in directory '/home/sansforensics' [INFO ] Executing command ['systemd-run', '--scope', 'apt-get', '-q', '-y', '-o', 'DPkg::Options::=--force-confold', '-o', 'DPkg::Options::=--force-confdef', 'install', 'e2fslibs-dev'] in directory '/home/sansforensics' [ERROR ] Command '['systemd-run', '--scope', 'apt-get', '-q', '-y', '-o', 'DPkg::Options::=--force-confold', '-o', 'DPkg::Options::=--force-confdef', 'install', 'e2fslibs-dev']' failed with return code: 100 [ERROR ] stderr: Running scope as unit run-r1b6c9a058bfa4ac6a59b4284dd527be3.scope. E: Could not get lock /var/lib/dpkg/lock - open (11: Resource temporarily unavailable) E: Unable to lock the administration directory (/var/lib/dpkg/), is another process using it? [ERROR ] retcode: 100 [INFO ] Executing command ['dpkg-query', '--showformat', '${Status} ${Package} ${Version} ${Architecture}\n', '-W'] in directory '/home/sansforensics' [ERROR ] Problem encountered installing package(s). Additional info follows: errors: - Running scope as unit run-r1b6c9a058bfa4ac6a59b4284dd527be3.scope. E: Could not get lock /var/lib/dpkg/lock - open (11: Resource temporarily unavailable) E: Unable to lock the administration directory (/var/lib/dpkg/), is another process using it? [INFO ] Completed state [e2fslibs-dev] at time 13:21:36.288423 duration_in_ms=223.368 [INFO ] Running state [ent] at time 13:21:36.288703 [INFO ] Executing state pkg.installed for ent [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. [DEBUG ] Could not LazyLoad pkg.check_db: 'pkg.check_db' is not available. [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. [INFO ] Executing command ['dpkg', '--get-selections', '*'] in directory '/home/sansforensics' [INFO ] Executing command ['systemd-run', '--scope', 'apt-get', '-q', '-y', '-o', 'DPkg::Options::=--force-confold', '-o', 'DPkg::Options::=--force-confdef', 'install', 'ent'] in directory '/home/sansforensics' [ERROR ] Command '['systemd-run', '--scope', 'apt-get', '-q', '-y', '-o', 'DPkg::Options::=--force-confold', '-o', 'DPkg::Options::=--force-confdef', 'install', 'ent']' failed with return code: 100 [ERROR ] stderr: Running scope as unit run-r6391bd4001324d968a280e5e559b7e72.scope. E: Could not get lock /var/lib/dpkg/lock - open (11: Resource temporarily unavailable) E: Unable to lock the administration directory (/var/lib/dpkg/), is another process using it? [ERROR ] retcode: 100 [INFO ] Executing command ['dpkg-query', '--showformat', '${Status} ${Package} ${Version} ${Architecture}\n', '-W'] in directory '/home/sansforensics' [ERROR ] Problem encountered installing package(s). Additional info follows: errors: - Running scope as unit run-r6391bd4001324d968a280e5e559b7e72.scope. E: Could not get lock /var/lib/dpkg/lock - open (11: Resource temporarily unavailable) E: Unable to lock the administration directory (/var/lib/dpkg/), is another process using it? [INFO ] Completed state [ent] at time 13:21:36.519725 duration_in_ms=231.021 [INFO ] Running state [epic5] at time 13:21:36.519977 [INFO ] Executing state pkg.installed for epic5 [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. [DEBUG ] Could not LazyLoad pkg.check_db: 'pkg.check_db' is not available. [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. [INFO ] Executing command ['dpkg', '--get-selections', '*'] in directory '/home/sansforensics' [INFO ] Executing command ['systemd-run', '--scope', 'apt-get', '-q', '-y', '-o', 'DPkg::Options::=--force-confold', '-o', 'DPkg::Options::=--force-confdef', 'install', 'epic5'] in directory '/home/sansforensics' [ERROR ] Command '['systemd-run', '--scope', 'apt-get', '-q', '-y', '-o', 'DPkg::Options::=--force-confold', '-o', 'DPkg::Options::=--force-confdef', 'install', 'epic5']' failed with return code: 100 [ERROR ] stderr: Running scope as unit run-r416b25b2dd79465489894d5e734398e5.scope. E: Could not get lock /var/lib/dpkg/lock - open (11: Resource temporarily unavailable) E: Unable to lock the administration directory (/var/lib/dpkg/), is another process using it? [ERROR ] retcode: 100 [INFO ] Executing command ['dpkg-query', '--showformat', '${Status} ${Package} ${Version} ${Architecture}\n', '-W'] in directory '/home/sansforensics' [ERROR ] Problem encountered installing package(s). Additional info follows: errors: - Running scope as unit run-r416b25b2dd79465489894d5e734398e5.scope. E: Could not get lock /var/lib/dpkg/lock - open (11: Resource temporarily unavailable) E: Unable to lock the administration directory (/var/lib/dpkg/), is another process using it? [INFO ] Completed state [epic5] at time 13:21:36.733361 duration_in_ms=213.383 [INFO ] Running state [etherape] at time 13:21:36.733574 [INFO ] Executing state pkg.installed for etherape [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. [DEBUG ] Could not LazyLoad pkg.check_db: 'pkg.check_db' is not available. [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. [INFO ] Executing command ['dpkg', '--get-selections', '*'] in directory '/home/sansforensics' [INFO ] Executing command ['systemd-run', '--scope', 'apt-get', '-q', '-y', '-o', 'DPkg::Options::=--force-confold', '-o', 'DPkg::Options::=--force-confdef', 'install', 'etherape'] in directory '/home/sansforensics' [ERROR ] Command '['systemd-run', '--scope', 'apt-get', '-q', '-y', '-o', 'DPkg::Options::=--force-confold', '-o', 'DPkg::Options::=--force-confdef', 'install', 'etherape']' failed with return code: 100 [ERROR ] stderr: Running scope as unit run-r6e9cbfe304654ae1beb71a8af5adfd7a.scope. E: Could not get lock /var/lib/dpkg/lock - open (11: Resource temporarily unavailable) E: Unable to lock the administration directory (/var/lib/dpkg/), is another process using it? [ERROR ] retcode: 100 [INFO ] Executing command ['dpkg-query', '--showformat', '${Status} ${Package} ${Version} ${Architecture}\n', '-W'] in directory '/home/sansforensics' [ERROR ] Problem encountered installing package(s). Additional info follows: errors: - Running scope as unit run-r6e9cbfe304654ae1beb71a8af5adfd7a.scope. E: Could not get lock /var/lib/dpkg/lock - open (11: Resource temporarily unavailable) E: Unable to lock the administration directory (/var/lib/dpkg/), is another process using it? [INFO ] Completed state [etherape] at time 13:21:36.979669 duration_in_ms=246.094 [INFO ] Running state [ettercap-graphical] at time 13:21:36.979879 [INFO ] Executing state pkg.installed for ettercap-graphical [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. [DEBUG ] Could not LazyLoad pkg.check_db: 'pkg.check_db' is not available. [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. [INFO ] Executing command ['dpkg', '--get-selections', '*'] in directory '/home/sansforensics' [INFO ] Executing command ['systemd-run', '--scope', 'apt-get', '-q', '-y', '-o', 'DPkg::Options::=--force-confold', '-o', 'DPkg::Options::=--force-confdef', 'install', 'ettercap-graphical'] in directory '/home/sansforensics' [ERROR ] Command '['systemd-run', '--scope', 'apt-get', '-q', '-y', '-o', 'DPkg::Options::=--force-confold', '-o', 'DPkg::Options::=--force-confdef', 'install', 'ettercap-graphical']' failed with return code: 100 [ERROR ] stderr: Running scope as unit run-r36f7696d7974431186a4bdc628fbb425.scope. E: Could not get lock /var/lib/dpkg/lock - open (11: Resource temporarily unavailable) E: Unable to lock the administration directory (/var/lib/dpkg/), is another process using it? [ERROR ] retcode: 100 [INFO ] Executing command ['dpkg-query', '--showformat', '${Status} ${Package} ${Version} ${Architecture}\n', '-W'] in directory '/home/sansforensics' [ERROR ] Problem encountered installing package(s). Additional info follows: errors: - Running scope as unit run-r36f7696d7974431186a4bdc628fbb425.scope. E: Could not get lock /var/lib/dpkg/lock - open (11: Resource temporarily unavailable) E: Unable to lock the administration directory (/var/lib/dpkg/), is another process using it? [INFO ] Completed state [ettercap-graphical] at time 13:21:37.225823 duration_in_ms=245.943 [INFO ] Running state [exfat-fuse] at time 13:21:37.226065 [INFO ] Executing state pkg.installed for exfat-fuse [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. [DEBUG ] Could not LazyLoad pkg.check_db: 'pkg.check_db' is not available. [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. [INFO ] Executing command ['dpkg', '--get-selections', '*'] in directory '/home/sansforensics' [INFO ] Executing command ['systemd-run', '--scope', 'apt-get', '-q', '-y', '-o', 'DPkg::Options::=--force-confold', '-o', 'DPkg::Options::=--force-confdef', 'install', 'exfat-fuse'] in directory '/home/sansforensics' [ERROR ] Command '['systemd-run', '--scope', 'apt-get', '-q', '-y', '-o', 'DPkg::Options::=--force-confold', '-o', 'DPkg::Options::=--force-confdef', 'install', 'exfat-fuse']' failed with return code: 100 [ERROR ] stderr: Running scope as unit run-r82d894ea79cc4984a9c08fbd3663f6c3.scope. E: Could not get lock /var/lib/dpkg/lock - open (11: Resource temporarily unavailable) E: Unable to lock the administration directory (/var/lib/dpkg/), is another process using it? [ERROR ] retcode: 100 [INFO ] Executing command ['dpkg-query', '--showformat', '${Status} ${Package} ${Version} ${Architecture}\n', '-W'] in directory '/home/sansforensics' [ERROR ] Problem encountered installing package(s). Additional info follows: errors: - Running scope as unit run-r82d894ea79cc4984a9c08fbd3663f6c3.scope. E: Could not get lock /var/lib/dpkg/lock - open (11: Resource temporarily unavailable) E: Unable to lock the administration directory (/var/lib/dpkg/), is another process using it? [INFO ] Completed state [exfat-fuse] at time 13:21:37.534813 duration_in_ms=308.746 [INFO ] Running state [exfat-utils] at time 13:21:37.535057 [INFO ] Executing state pkg.installed for exfat-utils [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. [DEBUG ] Could not LazyLoad pkg.check_db: 'pkg.check_db' is not available. [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. [INFO ] Executing command ['dpkg', '--get-selections', '*'] in directory '/home/sansforensics' [INFO ] Executing command ['systemd-run', '--scope', 'apt-get', '-q', '-y', '-o', 'DPkg::Options::=--force-confold', '-o', 'DPkg::Options::=--force-confdef', 'install', 'exfat-utils'] in directory '/home/sansforensics' [ERROR ] Command '['systemd-run', '--scope', 'apt-get', '-q', '-y', '-o', 'DPkg::Options::=--force-confold', '-o', 'DPkg::Options::=--force-confdef', 'install', 'exfat-utils']' failed with return code: 100 [ERROR ] stderr: Running scope as unit run-ra4e446c981904fafa7a1406793f87cbb.scope. E: Could not get lock /var/lib/dpkg/lock - open (11: Resource temporarily unavailable) E: Unable to lock the administration directory (/var/lib/dpkg/), is another process using it? [ERROR ] retcode: 100 [INFO ] Executing command ['dpkg-query', '--showformat', '${Status} ${Package} ${Version} ${Architecture}\n', '-W'] in directory '/home/sansforensics' [ERROR ] Problem encountered installing package(s). Additional info follows: errors: - Running scope as unit run-ra4e446c981904fafa7a1406793f87cbb.scope. E: Could not get lock /var/lib/dpkg/lock - open (11: Resource temporarily unavailable) E: Unable to lock the administration directory (/var/lib/dpkg/), is another process using it? [INFO ] Completed state [exfat-utils] at time 13:21:37.824427 duration_in_ms=289.368 [INFO ] Running state [exif] at time 13:21:37.824714 [INFO ] Executing state pkg.installed for exif [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. [DEBUG ] Could not LazyLoad pkg.check_db: 'pkg.check_db' is not available. [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. [INFO ] Executing command ['dpkg', '--get-selections', '*'] in directory '/home/sansforensics' [INFO ] Executing command ['systemd-run', '--scope', 'apt-get', '-q', '-y', '-o', 'DPkg::Options::=--force-confold', '-o', 'DPkg::Options::=--force-confdef', 'install', 'exif'] in directory '/home/sansforensics' [ERROR ] Command '['systemd-run', '--scope', 'apt-get', '-q', '-y', '-o', 'DPkg::Options::=--force-confold', '-o', 'DPkg::Options::=--force-confdef', 'install', 'exif']' failed with return code: 100 [ERROR ] stderr: Running scope as unit run-rff3f0db17be44b4986ccd8efa279095f.scope. E: Could not get lock /var/lib/dpkg/lock - open (11: Resource temporarily unavailable) E: Unable to lock the administration directory (/var/lib/dpkg/), is another process using it? [ERROR ] retcode: 100 [INFO ] Executing command ['dpkg-query', '--showformat', '${Status} ${Package} ${Version} ${Architecture}\n', '-W'] in directory '/home/sansforensics' [ERROR ] Problem encountered installing package(s). Additional info follows: errors: - Running scope as unit run-rff3f0db17be44b4986ccd8efa279095f.scope. E: Could not get lock /var/lib/dpkg/lock - open (11: Resource temporarily unavailable) E: Unable to lock the administration directory (/var/lib/dpkg/), is another process using it? [INFO ] Completed state [exif] at time 13:21:38.066190 duration_in_ms=241.474 [INFO ] Running state [extundelete] at time 13:21:38.066440 [INFO ] Executing state pkg.installed for extundelete [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. [DEBUG ] Could not LazyLoad pkg.check_db: 'pkg.check_db' is not available. [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. [INFO ] Executing command ['dpkg', '--get-selections', '*'] in directory '/home/sansforensics' [INFO ] Executing command ['systemd-run', '--scope', 'apt-get', '-q', '-y', '-o', 'DPkg::Options::=--force-confold', '-o', 'DPkg::Options::=--force-confdef', 'install', 'extundelete'] in directory '/home/sansforensics' [ERROR ] Command '['systemd-run', '--scope', 'apt-get', '-q', '-y', '-o', 'DPkg::Options::=--force-confold', '-o', 'DPkg::Options::=--force-confdef', 'install', 'extundelete']' failed with return code: 100 [ERROR ] stderr: Running scope as unit run-rf6d7ed835dd0464ea590b5e8c7eb6d52.scope. E: Could not get lock /var/lib/dpkg/lock - open (11: Resource temporarily unavailable) E: Unable to lock the administration directory (/var/lib/dpkg/), is another process using it? [ERROR ] retcode: 100 [INFO ] Executing command ['dpkg-query', '--showformat', '${Status} ${Package} ${Version} ${Architecture}\n', '-W'] in directory '/home/sansforensics' [ERROR ] Problem encountered installing package(s). Additional info follows: errors: - Running scope as unit run-rf6d7ed835dd0464ea590b5e8c7eb6d52.scope. E: Could not get lock /var/lib/dpkg/lock - open (11: Resource temporarily unavailable) E: Unable to lock the administration directory (/var/lib/dpkg/), is another process using it? [INFO ] Completed state [extundelete] at time 13:21:38.401656 duration_in_ms=335.215 [INFO ] Running state [fdupes] at time 13:21:38.401872 [INFO ] Executing state pkg.installed for fdupes [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. [DEBUG ] Could not LazyLoad pkg.check_db: 'pkg.check_db' is not available. [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. [INFO ] Executing command ['dpkg', '--get-selections', '*'] in directory '/home/sansforensics' [INFO ] Executing command ['systemd-run', '--scope', 'apt-get', '-q', '-y', '-o', 'DPkg::Options::=--force-confold', '-o', 'DPkg::Options::=--force-confdef', 'install', 'fdupes'] in directory '/home/sansforensics' [ERROR ] Command '['systemd-run', '--scope', 'apt-get', '-q', '-y', '-o', 'DPkg::Options::=--force-confold', '-o', 'DPkg::Options::=--force-confdef', 'install', 'fdupes']' failed with return code: 100 [ERROR ] stderr: Running scope as unit run-r59dafdc2a8f64a0fadb9a876b129b4c0.scope. E: Could not get lock /var/lib/dpkg/lock - open (11: Resource temporarily unavailable) E: Unable to lock the administration directory (/var/lib/dpkg/), is another process using it? [ERROR ] retcode: 100 [INFO ] Executing command ['dpkg-query', '--showformat', '${Status} ${Package} ${Version} ${Architecture}\n', '-W'] in directory '/home/sansforensics' [ERROR ] Problem encountered installing package(s). Additional info follows: errors: - Running scope as unit run-r59dafdc2a8f64a0fadb9a876b129b4c0.scope. E: Could not get lock /var/lib/dpkg/lock - open (11: Resource temporarily unavailable) E: Unable to lock the administration directory (/var/lib/dpkg/), is another process using it? [INFO ] Completed state [fdupes] at time 13:21:38.757531 duration_in_ms=355.657 [INFO ] Running state [feh] at time 13:21:38.757716 [INFO ] Executing state pkg.installed for feh [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. [DEBUG ] Could not LazyLoad pkg.check_db: 'pkg.check_db' is not available. [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. [INFO ] Executing command ['dpkg', '--get-selections', '*'] in directory '/home/sansforensics' [INFO ] Executing command ['systemd-run', '--scope', 'apt-get', '-q', '-y', '-o', 'DPkg::Options::=--force-confold', '-o', 'DPkg::Options::=--force-confdef', 'install', 'feh'] in directory '/home/sansforensics' [ERROR ] Command '['systemd-run', '--scope', 'apt-get', '-q', '-y', '-o', 'DPkg::Options::=--force-confold', '-o', 'DPkg::Options::=--force-confdef', 'install', 'feh']' failed with return code: 100 [ERROR ] stderr: Running scope as unit run-r6f51d7f27f2243dc94a3511b6019d47d.scope. E: Could not get lock /var/lib/dpkg/lock - open (11: Resource temporarily unavailable) E: Unable to lock the administration directory (/var/lib/dpkg/), is another process using it? [ERROR ] retcode: 100 [INFO ] Executing command ['dpkg-query', '--showformat', '${Status} ${Package} ${Version} ${Architecture}\n', '-W'] in directory '/home/sansforensics' [ERROR ] Problem encountered installing package(s). Additional info follows: errors: - Running scope as unit run-r6f51d7f27f2243dc94a3511b6019d47d.scope. E: Could not get lock /var/lib/dpkg/lock - open (11: Resource temporarily unavailable) E: Unable to lock the administration directory (/var/lib/dpkg/), is another process using it? [INFO ] Completed state [feh] at time 13:21:38.952287 duration_in_ms=194.569 [INFO ] Running state [flasm] at time 13:21:38.952497 [INFO ] Executing state pkg.installed for flasm [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. [DEBUG ] Could not LazyLoad pkg.check_db: 'pkg.check_db' is not available. [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. [INFO ] Executing command ['dpkg', '--get-selections', '*'] in directory '/home/sansforensics' [INFO ] Executing command ['systemd-run', '--scope', 'apt-get', '-q', '-y', '-o', 'DPkg::Options::=--force-confold', '-o', 'DPkg::Options::=--force-confdef', 'install', 'flasm'] in directory '/home/sansforensics' [ERROR ] Command '['systemd-run', '--scope', 'apt-get', '-q', '-y', '-o', 'DPkg::Options::=--force-confold', '-o', 'DPkg::Options::=--force-confdef', 'install', 'flasm']' failed with return code: 100 [ERROR ] stderr: Running scope as unit run-r9bd35477dd534bb18a5d56fb9f01630d.scope. E: Could not get lock /var/lib/dpkg/lock - open (11: Resource temporarily unavailable) E: Unable to lock the administration directory (/var/lib/dpkg/), is another process using it? [ERROR ] retcode: 100 [INFO ] Executing command ['dpkg-query', '--showformat', '${Status} ${Package} ${Version} ${Architecture}\n', '-W'] in directory '/home/sansforensics' [ERROR ] Problem encountered installing package(s). Additional info follows: errors: - Running scope as unit run-r9bd35477dd534bb18a5d56fb9f01630d.scope. E: Could not get lock /var/lib/dpkg/lock - open (11: Resource temporarily unavailable) E: Unable to lock the administration directory (/var/lib/dpkg/), is another process using it? [INFO ] Completed state [flasm] at time 13:21:39.222261 duration_in_ms=269.76 [INFO ] Running state [flex] at time 13:21:39.222822 [INFO ] Executing state pkg.installed for flex [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. [INFO ] Package flex is already installed [INFO ] Completed state [flex] at time 13:21:39.232183 duration_in_ms=9.361 [INFO ] Running state [foremost] at time 13:21:39.232380 [INFO ] Executing state pkg.installed for foremost [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. [DEBUG ] Could not LazyLoad pkg.check_db: 'pkg.check_db' is not available. [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. [INFO ] Executing command ['dpkg', '--get-selections', '*'] in directory '/home/sansforensics' [INFO ] Executing command ['systemd-run', '--scope', 'apt-get', '-q', '-y', '-o', 'DPkg::Options::=--force-confold', '-o', 'DPkg::Options::=--force-confdef', 'install', 'foremost'] in directory '/home/sansforensics' [ERROR ] Command '['systemd-run', '--scope', 'apt-get', '-q', '-y', '-o', 'DPkg::Options::=--force-confold', '-o', 'DPkg::Options::=--force-confdef', 'install', 'foremost']' failed with return code: 100 [ERROR ] stderr: Running scope as unit run-ra40f8278485e45578ca567e0d4e77789.scope. E: Could not get lock /var/lib/dpkg/lock - open (11: Resource temporarily unavailable) E: Unable to lock the administration directory (/var/lib/dpkg/), is another process using it? [ERROR ] retcode: 100 [INFO ] Executing command ['dpkg-query', '--showformat', '${Status} ${Package} ${Version} ${Architecture}\n', '-W'] in directory '/home/sansforensics' [ERROR ] Problem encountered installing package(s). Additional info follows: errors: - Running scope as unit run-ra40f8278485e45578ca567e0d4e77789.scope. E: Could not get lock /var/lib/dpkg/lock - open (11: Resource temporarily unavailable) E: Unable to lock the administration directory (/var/lib/dpkg/), is another process using it? [INFO ] Completed state [foremost] at time 13:21:39.536994 duration_in_ms=304.612 [INFO ] Running state [g++] at time 13:21:39.537177 [INFO ] Executing state pkg.installed for g++ [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. [INFO ] Package g++ is already installed [INFO ] Completed state [g++] at time 13:21:39.542774 duration_in_ms=5.596 [INFO ] Running state [gawk] at time 13:21:39.542970 [INFO ] Executing state pkg.installed for gawk [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. [DEBUG ] Could not LazyLoad pkg.check_db: 'pkg.check_db' is not available. [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. [INFO ] Executing command ['dpkg', '--get-selections', '*'] in directory '/home/sansforensics' [INFO ] Executing command ['systemd-run', '--scope', 'apt-get', '-q', '-y', '-o', 'DPkg::Options::=--force-confold', '-o', 'DPkg::Options::=--force-confdef', 'install', 'gawk'] in directory '/home/sansforensics' [ERROR ] Command '['systemd-run', '--scope', 'apt-get', '-q', '-y', '-o', 'DPkg::Options::=--force-confold', '-o', 'DPkg::Options::=--force-confdef', 'install', 'gawk']' failed with return code: 100 [ERROR ] stderr: Running scope as unit run-r9e89c481f80042dcabb0a35fe817885e.scope. E: Could not get lock /var/lib/dpkg/lock - open (11: Resource temporarily unavailable) E: Unable to lock the administration directory (/var/lib/dpkg/), is another process using it? [ERROR ] retcode: 100 [INFO ] Executing command ['dpkg-query', '--showformat', '${Status} ${Package} ${Version} ${Architecture}\n', '-W'] in directory '/home/sansforensics' [ERROR ] Problem encountered installing package(s). Additional info follows: errors: - Running scope as unit run-r9e89c481f80042dcabb0a35fe817885e.scope. E: Could not get lock /var/lib/dpkg/lock - open (11: Resource temporarily unavailable) E: Unable to lock the administration directory (/var/lib/dpkg/), is another process using it? [INFO ] Completed state [gawk] at time 13:21:39.840295 duration_in_ms=297.323 [INFO ] Running state [gcc] at time 13:21:39.840569 [INFO ] Executing state pkg.installed for gcc [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. [INFO ] Package gcc is already installed [INFO ] Completed state [gcc] at time 13:21:39.847178 duration_in_ms=6.609 [INFO ] Running state [gdb] at time 13:21:39.847426 [INFO ] Executing state pkg.installed for gdb [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. [INFO ] Package gdb is already installed [INFO ] Completed state [gdb] at time 13:21:39.854550 duration_in_ms=7.124 [INFO ] Running state [gddrescue] at time 13:21:39.854768 [INFO ] Executing state pkg.installed for gddrescue [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. [DEBUG ] Could not LazyLoad pkg.check_db: 'pkg.check_db' is not available. [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. [INFO ] Executing command ['dpkg', '--get-selections', '*'] in directory '/home/sansforensics' [INFO ] Executing command ['systemd-run', '--scope', 'apt-get', '-q', '-y', '-o', 'DPkg::Options::=--force-confold', '-o', 'DPkg::Options::=--force-confdef', 'install', 'gddrescue'] in directory '/home/sansforensics' [ERROR ] Command '['systemd-run', '--scope', 'apt-get', '-q', '-y', '-o', 'DPkg::Options::=--force-confold', '-o', 'DPkg::Options::=--force-confdef', 'install', 'gddrescue']' failed with return code: 100 [ERROR ] stderr: Running scope as unit run-rb89d0166b383446daeff5949168e2219.scope. E: Could not get lock /var/lib/dpkg/lock - open (11: Resource temporarily unavailable) E: Unable to lock the administration directory (/var/lib/dpkg/), is another process using it? [ERROR ] retcode: 100 [INFO ] Executing command ['dpkg-query', '--showformat', '${Status} ${Package} ${Version} ${Architecture}\n', '-W'] in directory '/home/sansforensics' [ERROR ] Problem encountered installing package(s). Additional info follows: errors: - Running scope as unit run-rb89d0166b383446daeff5949168e2219.scope. E: Could not get lock /var/lib/dpkg/lock - open (11: Resource temporarily unavailable) E: Unable to lock the administration directory (/var/lib/dpkg/), is another process using it? [INFO ] Completed state [gddrescue] at time 13:21:40.122922 duration_in_ms=268.152 [INFO ] Running state [ghex] at time 13:21:40.123111 [INFO ] Executing state pkg.installed for ghex [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. [DEBUG ] Could not LazyLoad pkg.check_db: 'pkg.check_db' is not available. [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. [INFO ] Executing command ['dpkg', '--get-selections', '*'] in directory '/home/sansforensics' [INFO ] Executing command ['systemd-run', '--scope', 'apt-get', '-q', '-y', '-o', 'DPkg::Options::=--force-confold', '-o', 'DPkg::Options::=--force-confdef', 'install', 'ghex'] in directory '/home/sansforensics' [ERROR ] Command '['systemd-run', '--scope', 'apt-get', '-q', '-y', '-o', 'DPkg::Options::=--force-confold', '-o', 'DPkg::Options::=--force-confdef', 'install', 'ghex']' failed with return code: 100 [ERROR ] stderr: Running scope as unit run-r9ff94fd45f3442bea562ed47acfe3c3a.scope. E: Could not get lock /var/lib/dpkg/lock - open (11: Resource temporarily unavailable) E: Unable to lock the administration directory (/var/lib/dpkg/), is another process using it? [ERROR ] retcode: 100 [INFO ] Executing command ['dpkg-query', '--showformat', '${Status} ${Package} ${Version} ${Architecture}\n', '-W'] in directory '/home/sansforensics' [ERROR ] Problem encountered installing package(s). Additional info follows: errors: - Running scope as unit run-r9ff94fd45f3442bea562ed47acfe3c3a.scope. E: Could not get lock /var/lib/dpkg/lock - open (11: Resource temporarily unavailable) E: Unable to lock the administration directory (/var/lib/dpkg/), is another process using it? [INFO ] Completed state [ghex] at time 13:21:40.320858 duration_in_ms=197.745 [INFO ] Running state [git] at time 13:21:40.321063 [INFO ] Executing state pkg.installed for git [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. [INFO ] Package git is already installed [INFO ] Completed state [git] at time 13:21:40.326267 duration_in_ms=5.204 [INFO ] Running state [graphviz] at time 13:21:40.326418 [INFO ] Executing state pkg.installed for graphviz [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. [DEBUG ] Could not LazyLoad pkg.check_db: 'pkg.check_db' is not available. [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. [INFO ] Executing command ['dpkg', '--get-selections', '*'] in directory '/home/sansforensics' [INFO ] Executing command ['systemd-run', '--scope', 'apt-get', '-q', '-y', '-o', 'DPkg::Options::=--force-confold', '-o', 'DPkg::Options::=--force-confdef', 'install', 'graphviz'] in directory '/home/sansforensics' [ERROR ] Command '['systemd-run', '--scope', 'apt-get', '-q', '-y', '-o', 'DPkg::Options::=--force-confold', '-o', 'DPkg::Options::=--force-confdef', 'install', 'graphviz']' failed with return code: 100 [ERROR ] stderr: Running scope as unit run-r3163647bceff465e902db87ca0f2d745.scope. E: Could not get lock /var/lib/dpkg/lock - open (11: Resource temporarily unavailable) E: Unable to lock the administration directory (/var/lib/dpkg/), is another process using it? [ERROR ] retcode: 100 [INFO ] Executing command ['dpkg-query', '--showformat', '${Status} ${Package} ${Version} ${Architecture}\n', '-W'] in directory '/home/sansforensics' [ERROR ] Problem encountered installing package(s). Additional info follows: errors: - Running scope as unit run-r3163647bceff465e902db87ca0f2d745.scope. E: Could not get lock /var/lib/dpkg/lock - open (11: Resource temporarily unavailable) E: Unable to lock the administration directory (/var/lib/dpkg/), is another process using it? [INFO ] Completed state [graphviz] at time 13:21:40.583351 duration_in_ms=256.931 [INFO ] Running state [gthumb] at time 13:21:40.583571 [INFO ] Executing state pkg.installed for gthumb [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. [DEBUG ] Could not LazyLoad pkg.check_db: 'pkg.check_db' is not available. [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. [INFO ] Executing command ['dpkg', '--get-selections', '*'] in directory '/home/sansforensics' [INFO ] Executing command ['systemd-run', '--scope', 'apt-get', '-q', '-y', '-o', 'DPkg::Options::=--force-confold', '-o', 'DPkg::Options::=--force-confdef', 'install', 'gthumb'] in directory '/home/sansforensics' [ERROR ] Command '['systemd-run', '--scope', 'apt-get', '-q', '-y', '-o', 'DPkg::Options::=--force-confold', '-o', 'DPkg::Options::=--force-confdef', 'install', 'gthumb']' failed with return code: 100 [ERROR ] stderr: Running scope as unit run-r4721a3e918354f058b2c633108d26580.scope. E: Could not get lock /var/lib/dpkg/lock - open (11: Resource temporarily unavailable) E: Unable to lock the administration directory (/var/lib/dpkg/), is another process using it? [ERROR ] retcode: 100 [INFO ] Executing command ['dpkg-query', '--showformat', '${Status} ${Package} ${Version} ${Architecture}\n', '-W'] in directory '/home/sansforensics' [ERROR ] Problem encountered installing package(s). Additional info follows: errors: - Running scope as unit run-r4721a3e918354f058b2c633108d26580.scope. E: Could not get lock /var/lib/dpkg/lock - open (11: Resource temporarily unavailable) E: Unable to lock the administration directory (/var/lib/dpkg/), is another process using it? [INFO ] Completed state [gthumb] at time 13:21:40.868201 duration_in_ms=284.628 [INFO ] Running state [gzrt] at time 13:21:40.868527 [INFO ] Executing state pkg.installed for gzrt [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. [DEBUG ] Could not LazyLoad pkg.check_db: 'pkg.check_db' is not available. [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. [INFO ] Executing command ['dpkg', '--get-selections', '*'] in directory '/home/sansforensics' [INFO ] Executing command ['systemd-run', '--scope', 'apt-get', '-q', '-y', '-o', 'DPkg::Options::=--force-confold', '-o', 'DPkg::Options::=--force-confdef', 'install', 'gzrt'] in directory '/home/sansforensics' [ERROR ] Command '['systemd-run', '--scope', 'apt-get', '-q', '-y', '-o', 'DPkg::Options::=--force-confold', '-o', 'DPkg::Options::=--force-confdef', 'install', 'gzrt']' failed with return code: 100 [ERROR ] stderr: Running scope as unit run-r1ecb06f5e0964eab89316930ebb05a0d.scope. E: Could not get lock /var/lib/dpkg/lock - open (11: Resource temporarily unavailable) E: Unable to lock the administration directory (/var/lib/dpkg/), is another process using it? [ERROR ] retcode: 100 [INFO ] Executing command ['dpkg-query', '--showformat', '${Status} ${Package} ${Version} ${Architecture}\n', '-W'] in directory '/home/sansforensics' [ERROR ] Problem encountered installing package(s). Additional info follows: errors: - Running scope as unit run-r1ecb06f5e0964eab89316930ebb05a0d.scope. E: Could not get lock /var/lib/dpkg/lock - open (11: Resource temporarily unavailable) E: Unable to lock the administration directory (/var/lib/dpkg/), is another process using it? [INFO ] Completed state [gzrt] at time 13:21:41.129498 duration_in_ms=260.97 [INFO ] Running state [hexedit] at time 13:21:41.129707 [INFO ] Executing state pkg.installed for hexedit [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. [DEBUG ] Could not LazyLoad pkg.check_db: 'pkg.check_db' is not available. [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. [INFO ] Executing command ['dpkg', '--get-selections', '*'] in directory '/home/sansforensics' [INFO ] Executing command ['systemd-run', '--scope', 'apt-get', '-q', '-y', '-o', 'DPkg::Options::=--force-confold', '-o', 'DPkg::Options::=--force-confdef', 'install', 'hexedit'] in directory '/home/sansforensics' [ERROR ] Command '['systemd-run', '--scope', 'apt-get', '-q', '-y', '-o', 'DPkg::Options::=--force-confold', '-o', 'DPkg::Options::=--force-confdef', 'install', 'hexedit']' failed with return code: 100 [ERROR ] stderr: Running scope as unit run-r7415a7ad5c364a12a9a525432d49f423.scope. E: Could not get lock /var/lib/dpkg/lock - open (11: Resource temporarily unavailable) E: Unable to lock the administration directory (/var/lib/dpkg/), is another process using it? [ERROR ] retcode: 100 [INFO ] Executing command ['dpkg-query', '--showformat', '${Status} ${Package} ${Version} ${Architecture}\n', '-W'] in directory '/home/sansforensics' [ERROR ] Problem encountered installing package(s). Additional info follows: errors: - Running scope as unit run-r7415a7ad5c364a12a9a525432d49f423.scope. E: Could not get lock /var/lib/dpkg/lock - open (11: Resource temporarily unavailable) E: Unable to lock the administration directory (/var/lib/dpkg/), is another process using it? [INFO ] Completed state [hexedit] at time 13:21:41.391946 duration_in_ms=262.237 [INFO ] Running state [htop] at time 13:21:41.392158 [INFO ] Executing state pkg.installed for htop [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. [DEBUG ] Could not LazyLoad pkg.check_db: 'pkg.check_db' is not available. [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. [INFO ] Executing command ['dpkg', '--get-selections', '*'] in directory '/home/sansforensics' [INFO ] Executing command ['systemd-run', '--scope', 'apt-get', '-q', '-y', '-o', 'DPkg::Options::=--force-confold', '-o', 'DPkg::Options::=--force-confdef', 'install', 'htop'] in directory '/home/sansforensics' [ERROR ] Command '['systemd-run', '--scope', 'apt-get', '-q', '-y', '-o', 'DPkg::Options::=--force-confold', '-o', 'DPkg::Options::=--force-confdef', 'install', 'htop']' failed with return code: 100 [ERROR ] stderr: Running scope as unit run-r18da6cf3b7704e7b86cedbafca527678.scope. E: Could not get lock /var/lib/dpkg/lock - open (11: Resource temporarily unavailable) E: Unable to lock the administration directory (/var/lib/dpkg/), is another process using it? [ERROR ] retcode: 100 [INFO ] Executing command ['dpkg-query', '--showformat', '${Status} ${Package} ${Version} ${Architecture}\n', '-W'] in directory '/home/sansforensics' [ERROR ] Problem encountered installing package(s). Additional info follows: errors: - Running scope as unit run-r18da6cf3b7704e7b86cedbafca527678.scope. E: Could not get lock /var/lib/dpkg/lock - open (11: Resource temporarily unavailable) E: Unable to lock the administration directory (/var/lib/dpkg/), is another process using it? [INFO ] Completed state [htop] at time 13:21:41.608216 duration_in_ms=216.056 [INFO ] Running state [hydra] at time 13:21:41.608430 [INFO ] Executing state pkg.installed for hydra [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. [DEBUG ] Could not LazyLoad pkg.check_db: 'pkg.check_db' is not available. [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. [INFO ] Executing command ['dpkg', '--get-selections', '*'] in directory '/home/sansforensics' [INFO ] Executing command ['systemd-run', '--scope', 'apt-get', '-q', '-y', '-o', 'DPkg::Options::=--force-confold', '-o', 'DPkg::Options::=--force-confdef', 'install', 'hydra'] in directory '/home/sansforensics' [ERROR ] Command '['systemd-run', '--scope', 'apt-get', '-q', '-y', '-o', 'DPkg::Options::=--force-confold', '-o', 'DPkg::Options::=--force-confdef', 'install', 'hydra']' failed with return code: 100 [ERROR ] stderr: Running scope as unit run-ra7e9dab027f94f678b5dbace9e276850.scope. E: Could not get lock /var/lib/dpkg/lock - open (11: Resource temporarily unavailable) E: Unable to lock the administration directory (/var/lib/dpkg/), is another process using it? [ERROR ] retcode: 100 [INFO ] Executing command ['dpkg-query', '--showformat', '${Status} ${Package} ${Version} ${Architecture}\n', '-W'] in directory '/home/sansforensics' [ERROR ] Problem encountered installing package(s). Additional info follows: errors: - Running scope as unit run-ra7e9dab027f94f678b5dbace9e276850.scope. E: Could not get lock /var/lib/dpkg/lock - open (11: Resource temporarily unavailable) E: Unable to lock the administration directory (/var/lib/dpkg/), is another process using it? [INFO ] Completed state [hydra] at time 13:21:41.814378 duration_in_ms=205.947 [INFO ] Running state [hydra-gtk] at time 13:21:41.814658 [INFO ] Executing state pkg.installed for hydra-gtk [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. [DEBUG ] Could not LazyLoad pkg.check_db: 'pkg.check_db' is not available. [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. [INFO ] Executing command ['dpkg', '--get-selections', '*'] in directory '/home/sansforensics' [INFO ] Executing command ['systemd-run', '--scope', 'apt-get', '-q', '-y', '-o', 'DPkg::Options::=--force-confold', '-o', 'DPkg::Options::=--force-confdef', 'install', 'hydra-gtk'] in directory '/home/sansforensics' [ERROR ] Command '['systemd-run', '--scope', 'apt-get', '-q', '-y', '-o', 'DPkg::Options::=--force-confold', '-o', 'DPkg::Options::=--force-confdef', 'install', 'hydra-gtk']' failed with return code: 100 [ERROR ] stderr: Running scope as unit run-r161dacfc7994480ebe626fe5e1cf3c49.scope. E: Could not get lock /var/lib/dpkg/lock - open (11: Resource temporarily unavailable) E: Unable to lock the administration directory (/var/lib/dpkg/), is another process using it? [ERROR ] retcode: 100 [INFO ] Executing command ['dpkg-query', '--showformat', '${Status} ${Package} ${Version} ${Architecture}\n', '-W'] in directory '/home/sansforensics' [ERROR ] Problem encountered installing package(s). Additional info follows: errors: - Running scope as unit run-r161dacfc7994480ebe626fe5e1cf3c49.scope. E: Could not get lock /var/lib/dpkg/lock - open (11: Resource temporarily unavailable) E: Unable to lock the administration directory (/var/lib/dpkg/), is another process using it? [INFO ] Completed state [hydra-gtk] at time 13:21:42.032495 duration_in_ms=217.836 [INFO ] Running state [ipython] at time 13:21:42.032774 [INFO ] Executing state pkg.installed for ipython [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. [DEBUG ] Could not LazyLoad pkg.check_db: 'pkg.check_db' is not available. [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. [INFO ] Executing command ['dpkg', '--get-selections', '*'] in directory '/home/sansforensics' [INFO ] Executing command ['systemd-run', '--scope', 'apt-get', '-q', '-y', '-o', 'DPkg::Options::=--force-confold', '-o', 'DPkg::Options::=--force-confdef', 'install', 'ipython'] in directory '/home/sansforensics' [ERROR ] Command '['systemd-run', '--scope', 'apt-get', '-q', '-y', '-o', 'DPkg::Options::=--force-confold', '-o', 'DPkg::Options::=--force-confdef', 'install', 'ipython']' failed with return code: 100 [ERROR ] stderr: Running scope as unit run-rc3cd796cff024533bd2de35290d67e1e.scope. E: Could not get lock /var/lib/dpkg/lock - open (11: Resource temporarily unavailable) E: Unable to lock the administration directory (/var/lib/dpkg/), is another process using it? [ERROR ] retcode: 100 [INFO ] Executing command ['dpkg-query', '--showformat', '${Status} ${Package} ${Version} ${Architecture}\n', '-W'] in directory '/home/sansforensics' [ERROR ] Problem encountered installing package(s). Additional info follows: errors: - Running scope as unit run-rc3cd796cff024533bd2de35290d67e1e.scope. E: Could not get lock /var/lib/dpkg/lock - open (11: Resource temporarily unavailable) E: Unable to lock the administration directory (/var/lib/dpkg/), is another process using it? [INFO ] Completed state [ipython] at time 13:21:42.244839 duration_in_ms=212.063 [INFO ] Running state [jq] at time 13:21:42.245129 [INFO ] Executing state pkg.installed for jq [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. [DEBUG ] Could not LazyLoad pkg.check_db: 'pkg.check_db' is not available. [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. [INFO ] Executing command ['dpkg', '--get-selections', '*'] in directory '/home/sansforensics' [INFO ] Executing command ['systemd-run', '--scope', 'apt-get', '-q', '-y', '-o', 'DPkg::Options::=--force-confold', '-o', 'DPkg::Options::=--force-confdef', 'install', 'jq'] in directory '/home/sansforensics' [ERROR ] Command '['systemd-run', '--scope', 'apt-get', '-q', '-y', '-o', 'DPkg::Options::=--force-confold', '-o', 'DPkg::Options::=--force-confdef', 'install', 'jq']' failed with return code: 100 [ERROR ] stderr: Running scope as unit run-r52deacc44e0c4cebb5c9cb9a887db922.scope. E: Could not get lock /var/lib/dpkg/lock - open (11: Resource temporarily unavailable) E: Unable to lock the administration directory (/var/lib/dpkg/), is another process using it? [ERROR ] retcode: 100 [INFO ] Executing command ['dpkg-query', '--showformat', '${Status} ${Package} ${Version} ${Architecture}\n', '-W'] in directory '/home/sansforensics' [ERROR ] Problem encountered installing package(s). Additional info follows: errors: - Running scope as unit run-r52deacc44e0c4cebb5c9cb9a887db922.scope. E: Could not get lock /var/lib/dpkg/lock - open (11: Resource temporarily unavailable) E: Unable to lock the administration directory (/var/lib/dpkg/), is another process using it? [INFO ] Completed state [jq] at time 13:21:42.468350 duration_in_ms=223.22 [INFO ] Running state [kdiff3] at time 13:21:42.468645 [INFO ] Executing state pkg.installed for kdiff3 [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. [DEBUG ] Could not LazyLoad pkg.check_db: 'pkg.check_db' is not available. [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. [INFO ] Executing command ['dpkg', '--get-selections', '*'] in directory '/home/sansforensics' [INFO ] Executing command ['systemd-run', '--scope', 'apt-get', '-q', '-y', '-o', 'DPkg::Options::=--force-confold', '-o', 'DPkg::Options::=--force-confdef', 'install', 'kdiff3'] in directory '/home/sansforensics' [ERROR ] Command '['systemd-run', '--scope', 'apt-get', '-q', '-y', '-o', 'DPkg::Options::=--force-confold', '-o', 'DPkg::Options::=--force-confdef', 'install', 'kdiff3']' failed with return code: 100 [ERROR ] stderr: Running scope as unit run-r7005486e867d41ae8651986679c061b3.scope. E: Could not get lock /var/lib/dpkg/lock - open (11: Resource temporarily unavailable) E: Unable to lock the administration directory (/var/lib/dpkg/), is another process using it? [ERROR ] retcode: 100 [INFO ] Executing command ['dpkg-query', '--showformat', '${Status} ${Package} ${Version} ${Architecture}\n', '-W'] in directory '/home/sansforensics' [ERROR ] Problem encountered installing package(s). Additional info follows: errors: - Running scope as unit run-r7005486e867d41ae8651986679c061b3.scope. E: Could not get lock /var/lib/dpkg/lock - open (11: Resource temporarily unavailable) E: Unable to lock the administration directory (/var/lib/dpkg/), is another process using it? [INFO ] Completed state [kdiff3] at time 13:21:42.685422 duration_in_ms=216.776 [INFO ] Running state [knocker] at time 13:21:42.685679 [INFO ] Executing state pkg.installed for knocker [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. [DEBUG ] Could not LazyLoad pkg.check_db: 'pkg.check_db' is not available. [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. [INFO ] Executing command ['dpkg', '--get-selections', '*'] in directory '/home/sansforensics' [INFO ] Executing command ['systemd-run', '--scope', 'apt-get', '-q', '-y', '-o', 'DPkg::Options::=--force-confold', '-o', 'DPkg::Options::=--force-confdef', 'install', 'knocker'] in directory '/home/sansforensics' [ERROR ] Command '['systemd-run', '--scope', 'apt-get', '-q', '-y', '-o', 'DPkg::Options::=--force-confold', '-o', 'DPkg::Options::=--force-confdef', 'install', 'knocker']' failed with return code: 100 [ERROR ] stderr: Running scope as unit run-r2e74c50020044e9b807e637ab8eefa51.scope. E: Could not get lock /var/lib/dpkg/lock - open (11: Resource temporarily unavailable) E: Unable to lock the administration directory (/var/lib/dpkg/), is another process using it? [ERROR ] retcode: 100 [INFO ] Executing command ['dpkg-query', '--showformat', '${Status} ${Package} ${Version} ${Architecture}\n', '-W'] in directory '/home/sansforensics' [ERROR ] Problem encountered installing package(s). Additional info follows: errors: - Running scope as unit run-r2e74c50020044e9b807e637ab8eefa51.scope. E: Could not get lock /var/lib/dpkg/lock - open (11: Resource temporarily unavailable) E: Unable to lock the administration directory (/var/lib/dpkg/), is another process using it? [INFO ] Completed state [knocker] at time 13:21:42.906266 duration_in_ms=220.585 [INFO ] Running state [kpartx] at time 13:21:42.906455 [INFO ] Executing state pkg.installed for kpartx [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. [DEBUG ] Could not LazyLoad pkg.check_db: 'pkg.check_db' is not available. [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. [INFO ] Executing command ['dpkg', '--get-selections', '*'] in directory '/home/sansforensics' [INFO ] Executing command ['systemd-run', '--scope', 'apt-get', '-q', '-y', '-o', 'DPkg::Options::=--force-confold', '-o', 'DPkg::Options::=--force-confdef', 'install', 'kpartx'] in directory '/home/sansforensics' [ERROR ] Command '['systemd-run', '--scope', 'apt-get', '-q', '-y', '-o', 'DPkg::Options::=--force-confold', '-o', 'DPkg::Options::=--force-confdef', 'install', 'kpartx']' failed with return code: 100 [ERROR ] stderr: Running scope as unit run-rc1870786cab44ec5b48d564153c64bef.scope. E: Could not get lock /var/lib/dpkg/lock - open (11: Resource temporarily unavailable) E: Unable to lock the administration directory (/var/lib/dpkg/), is another process using it? [ERROR ] retcode: 100 [INFO ] Executing command ['dpkg-query', '--showformat', '${Status} ${Package} ${Version} ${Architecture}\n', '-W'] in directory '/home/sansforensics' [ERROR ] Problem encountered installing package(s). Additional info follows: errors: - Running scope as unit run-rc1870786cab44ec5b48d564153c64bef.scope. E: Could not get lock /var/lib/dpkg/lock - open (11: Resource temporarily unavailable) E: Unable to lock the administration directory (/var/lib/dpkg/), is another process using it? [INFO ] Completed state [kpartx] at time 13:21:43.194320 duration_in_ms=287.863 [INFO ] Running state [lft] at time 13:21:43.194558 [INFO ] Executing state pkg.installed for lft [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. [DEBUG ] Could not LazyLoad pkg.check_db: 'pkg.check_db' is not available. [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. [INFO ] Executing command ['dpkg', '--get-selections', '*'] in directory '/home/sansforensics' [INFO ] Executing command ['systemd-run', '--scope', 'apt-get', '-q', '-y', '-o', 'DPkg::Options::=--force-confold', '-o', 'DPkg::Options::=--force-confdef', 'install', 'lft'] in directory '/home/sansforensics' [ERROR ] Command '['systemd-run', '--scope', 'apt-get', '-q', '-y', '-o', 'DPkg::Options::=--force-confold', '-o', 'DPkg::Options::=--force-confdef', 'install', 'lft']' failed with return code: 100 [ERROR ] stderr: Running scope as unit run-rfe6088b42f0e49b6be3e5645be983c4e.scope. E: Could not get lock /var/lib/dpkg/lock - open (11: Resource temporarily unavailable) E: Unable to lock the administration directory (/var/lib/dpkg/), is another process using it? [ERROR ] retcode: 100 [INFO ] Executing command ['dpkg-query', '--showformat', '${Status} ${Package} ${Version} ${Architecture}\n', '-W'] in directory '/home/sansforensics' [ERROR ] Problem encountered installing package(s). Additional info follows: errors: - Running scope as unit run-rfe6088b42f0e49b6be3e5645be983c4e.scope. E: Could not get lock /var/lib/dpkg/lock - open (11: Resource temporarily unavailable) E: Unable to lock the administration directory (/var/lib/dpkg/), is another process using it? [INFO ] Completed state [lft] at time 13:21:43.417624 duration_in_ms=223.065 [INFO ] Running state [libafflib-dev] at time 13:21:43.417879 [INFO ] Executing state pkg.installed for libafflib-dev [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. [DEBUG ] Could not LazyLoad pkg.check_db: 'pkg.check_db' is not available. [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. [INFO ] Executing command ['dpkg', '--get-selections', '*'] in directory '/home/sansforensics' [INFO ] Executing command ['systemd-run', '--scope', 'apt-get', '-q', '-y', '-o', 'DPkg::Options::=--force-confold', '-o', 'DPkg::Options::=--force-confdef', 'install', 'libafflib-dev'] in directory '/home/sansforensics' [ERROR ] Command '['systemd-run', '--scope', 'apt-get', '-q', '-y', '-o', 'DPkg::Options::=--force-confold', '-o', 'DPkg::Options::=--force-confdef', 'install', 'libafflib-dev']' failed with return code: 100 [ERROR ] stderr: Running scope as unit run-rfbeedd18e76e488aa42603d69367a78f.scope. E: Could not get lock /var/lib/dpkg/lock - open (11: Resource temporarily unavailable) E: Unable to lock the administration directory (/var/lib/dpkg/), is another process using it? [ERROR ] retcode: 100 [INFO ] Executing command ['dpkg-query', '--showformat', '${Status} ${Package} ${Version} ${Architecture}\n', '-W'] in directory '/home/sansforensics' [ERROR ] Problem encountered installing package(s). Additional info follows: errors: - Running scope as unit run-rfbeedd18e76e488aa42603d69367a78f.scope. E: Could not get lock /var/lib/dpkg/lock - open (11: Resource temporarily unavailable) E: Unable to lock the administration directory (/var/lib/dpkg/), is another process using it? [INFO ] Completed state [libafflib-dev] at time 13:21:43.626604 duration_in_ms=208.723 [INFO ] Running state [libafflib0v5] at time 13:21:43.626826 [INFO ] Executing state pkg.installed for libafflib0v5 [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. [INFO ] Package libafflib0v5 is already installed [INFO ] Completed state [libafflib0v5] at time 13:21:43.632153 duration_in_ms=5.326 [INFO ] Running state [libbde] at time 13:21:43.632286 [INFO ] Executing state pkg.installed for libbde [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. [DEBUG ] Could not LazyLoad pkg.check_db: 'pkg.check_db' is not available. [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. [INFO ] Executing command ['dpkg', '--get-selections', '*'] in directory '/home/sansforensics' [INFO ] Executing command ['systemd-run', '--scope', 'apt-get', '-q', '-y', '-o', 'DPkg::Options::=--force-confold', '-o', 'DPkg::Options::=--force-confdef', 'install', 'libbde'] in directory '/home/sansforensics' [ERROR ] Command '['systemd-run', '--scope', 'apt-get', '-q', '-y', '-o', 'DPkg::Options::=--force-confold', '-o', 'DPkg::Options::=--force-confdef', 'install', 'libbde']' failed with return code: 100 [ERROR ] stderr: Running scope as unit run-r893c549dca474e479bda426f82a44f87.scope. E: Could not get lock /var/lib/dpkg/lock - open (11: Resource temporarily unavailable) E: Unable to lock the administration directory (/var/lib/dpkg/), is another process using it? [ERROR ] retcode: 100 [INFO ] Executing command ['dpkg-query', '--showformat', '${Status} ${Package} ${Version} ${Architecture}\n', '-W'] in directory '/home/sansforensics' [ERROR ] Problem encountered installing package(s). Additional info follows: errors: - Running scope as unit run-r893c549dca474e479bda426f82a44f87.scope. E: Could not get lock /var/lib/dpkg/lock - open (11: Resource temporarily unavailable) E: Unable to lock the administration directory (/var/lib/dpkg/), is another process using it? [INFO ] Completed state [libbde] at time 13:21:43.850974 duration_in_ms=218.687 [INFO ] Running state [libbde-tools] at time 13:21:43.851247 [INFO ] Executing state pkg.installed for libbde-tools [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. [DEBUG ] Could not LazyLoad pkg.check_db: 'pkg.check_db' is not available. [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. [INFO ] Executing command ['dpkg', '--get-selections', '*'] in directory '/home/sansforensics' [INFO ] Executing command ['systemd-run', '--scope', 'apt-get', '-q', '-y', '-o', 'DPkg::Options::=--force-confold', '-o', 'DPkg::Options::=--force-confdef', 'install', 'libbde-tools'] in directory '/home/sansforensics' [ERROR ] Command '['systemd-run', '--scope', 'apt-get', '-q', '-y', '-o', 'DPkg::Options::=--force-confold', '-o', 'DPkg::Options::=--force-confdef', 'install', 'libbde-tools']' failed with return code: 100 [ERROR ] stderr: Running scope as unit run-rdac25b3feb6d450cab4d06e535769d9a.scope. E: Could not get lock /var/lib/dpkg/lock - open (11: Resource temporarily unavailable) E: Unable to lock the administration directory (/var/lib/dpkg/), is another process using it? [ERROR ] retcode: 100 [INFO ] Executing command ['dpkg-query', '--showformat', '${Status} ${Package} ${Version} ${Architecture}\n', '-W'] in directory '/home/sansforensics' [ERROR ] Problem encountered installing package(s). Additional info follows: errors: - Running scope as unit run-rdac25b3feb6d450cab4d06e535769d9a.scope. E: Could not get lock /var/lib/dpkg/lock - open (11: Resource temporarily unavailable) E: Unable to lock the administration directory (/var/lib/dpkg/), is another process using it? [INFO ] Completed state [libbde-tools] at time 13:21:44.069254 duration_in_ms=218.005 [INFO ] Running state [libesedb] at time 13:21:44.069510 [INFO ] Executing state pkg.installed for libesedb [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. [DEBUG ] Could not LazyLoad pkg.check_db: 'pkg.check_db' is not available. [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. [INFO ] Executing command ['dpkg', '--get-selections', '*'] in directory '/home/sansforensics' [INFO ] Executing command ['systemd-run', '--scope', 'apt-get', '-q', '-y', '-o', 'DPkg::Options::=--force-confold', '-o', 'DPkg::Options::=--force-confdef', 'install', 'libesedb'] in directory '/home/sansforensics' [ERROR ] Command '['systemd-run', '--scope', 'apt-get', '-q', '-y', '-o', 'DPkg::Options::=--force-confold', '-o', 'DPkg::Options::=--force-confdef', 'install', 'libesedb']' failed with return code: 100 [ERROR ] stderr: Running scope as unit run-rf2f41ad07aba4fabbdfafba5908908a9.scope. E: Could not get lock /var/lib/dpkg/lock - open (11: Resource temporarily unavailable) E: Unable to lock the administration directory (/var/lib/dpkg/), is another process using it? [ERROR ] retcode: 100 [INFO ] Executing command ['dpkg-query', '--showformat', '${Status} ${Package} ${Version} ${Architecture}\n', '-W'] in directory '/home/sansforensics' [ERROR ] Problem encountered installing package(s). Additional info follows: errors: - Running scope as unit run-rf2f41ad07aba4fabbdfafba5908908a9.scope. E: Could not get lock /var/lib/dpkg/lock - open (11: Resource temporarily unavailable) E: Unable to lock the administration directory (/var/lib/dpkg/), is another process using it? [INFO ] Completed state [libesedb] at time 13:21:44.294803 duration_in_ms=225.29 [INFO ] Running state [libesedb-tools] at time 13:21:44.295070 [INFO ] Executing state pkg.installed for libesedb-tools [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. [DEBUG ] Could not LazyLoad pkg.check_db: 'pkg.check_db' is not available. [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. [INFO ] Executing command ['dpkg', '--get-selections', '*'] in directory '/home/sansforensics' [INFO ] Executing command ['systemd-run', '--scope', 'apt-get', '-q', '-y', '-o', 'DPkg::Options::=--force-confold', '-o', 'DPkg::Options::=--force-confdef', 'install', 'libesedb-tools'] in directory '/home/sansforensics' [ERROR ] Command '['systemd-run', '--scope', 'apt-get', '-q', '-y', '-o', 'DPkg::Options::=--force-confold', '-o', 'DPkg::Options::=--force-confdef', 'install', 'libesedb-tools']' failed with return code: 100 [ERROR ] stderr: Running scope as unit run-rafc4b6ee312145a29db9665ebe14213d.scope. E: Could not get lock /var/lib/dpkg/lock - open (11: Resource temporarily unavailable) E: Unable to lock the administration directory (/var/lib/dpkg/), is another process using it? [ERROR ] retcode: 100 [INFO ] Executing command ['dpkg-query', '--showformat', '${Status} ${Package} ${Version} ${Architecture}\n', '-W'] in directory '/home/sansforensics' [ERROR ] Problem encountered installing package(s). Additional info follows: errors: - Running scope as unit run-rafc4b6ee312145a29db9665ebe14213d.scope. E: Could not get lock /var/lib/dpkg/lock - open (11: Resource temporarily unavailable) E: Unable to lock the administration directory (/var/lib/dpkg/), is another process using it? [INFO ] Completed state [libesedb-tools] at time 13:21:44.527173 duration_in_ms=232.101 [INFO ] Running state [libevt] at time 13:21:44.527435 [INFO ] Executing state pkg.installed for libevt [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. [DEBUG ] Could not LazyLoad pkg.check_db: 'pkg.check_db' is not available. [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. [INFO ] Executing command ['dpkg', '--get-selections', '*'] in directory '/home/sansforensics' [INFO ] Executing command ['systemd-run', '--scope', 'apt-get', '-q', '-y', '-o', 'DPkg::Options::=--force-confold', '-o', 'DPkg::Options::=--force-confdef', 'install', 'libevt'] in directory '/home/sansforensics' [ERROR ] Command '['systemd-run', '--scope', 'apt-get', '-q', '-y', '-o', 'DPkg::Options::=--force-confold', '-o', 'DPkg::Options::=--force-confdef', 'install', 'libevt']' failed with return code: 100 [ERROR ] stderr: Running scope as unit run-rde123efb1b7a4988bc03acc883743191.scope. E: Could not get lock /var/lib/dpkg/lock - open (11: Resource temporarily unavailable) E: Unable to lock the administration directory (/var/lib/dpkg/), is another process using it? [ERROR ] retcode: 100 [INFO ] Executing command ['dpkg-query', '--showformat', '${Status} ${Package} ${Version} ${Architecture}\n', '-W'] in directory '/home/sansforensics' [ERROR ] Problem encountered installing package(s). Additional info follows: errors: - Running scope as unit run-rde123efb1b7a4988bc03acc883743191.scope. E: Could not get lock /var/lib/dpkg/lock - open (11: Resource temporarily unavailable) E: Unable to lock the administration directory (/var/lib/dpkg/), is another process using it? [INFO ] Completed state [libevt] at time 13:21:44.745251 duration_in_ms=217.814 [INFO ] Running state [libevt-tools] at time 13:21:44.745469 [INFO ] Executing state pkg.installed for libevt-tools [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. [DEBUG ] Could not LazyLoad pkg.check_db: 'pkg.check_db' is not available. [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. [INFO ] Executing command ['dpkg', '--get-selections', '*'] in directory '/home/sansforensics' [INFO ] Executing command ['systemd-run', '--scope', 'apt-get', '-q', '-y', '-o', 'DPkg::Options::=--force-confold', '-o', 'DPkg::Options::=--force-confdef', 'install', 'libevt-tools'] in directory '/home/sansforensics' [ERROR ] Command '['systemd-run', '--scope', 'apt-get', '-q', '-y', '-o', 'DPkg::Options::=--force-confold', '-o', 'DPkg::Options::=--force-confdef', 'install', 'libevt-tools']' failed with return code: 100 [ERROR ] stderr: Running scope as unit run-re89de3998a7046559cb95c7998de3c9d.scope. E: Could not get lock /var/lib/dpkg/lock - open (11: Resource temporarily unavailable) E: Unable to lock the administration directory (/var/lib/dpkg/), is another process using it? [ERROR ] retcode: 100 [INFO ] Executing command ['dpkg-query', '--showformat', '${Status} ${Package} ${Version} ${Architecture}\n', '-W'] in directory '/home/sansforensics' [ERROR ] Problem encountered installing package(s). Additional info follows: errors: - Running scope as unit run-re89de3998a7046559cb95c7998de3c9d.scope. E: Could not get lock /var/lib/dpkg/lock - open (11: Resource temporarily unavailable) E: Unable to lock the administration directory (/var/lib/dpkg/), is another process using it? [INFO ] Completed state [libevt-tools] at time 13:21:44.948551 duration_in_ms=203.079 [INFO ] Running state [libevtx] at time 13:21:44.948840 [INFO ] Executing state pkg.installed for libevtx [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. [DEBUG ] Could not LazyLoad pkg.check_db: 'pkg.check_db' is not available. [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. [INFO ] Executing command ['dpkg', '--get-selections', '*'] in directory '/home/sansforensics' [INFO ] Executing command ['systemd-run', '--scope', 'apt-get', '-q', '-y', '-o', 'DPkg::Options::=--force-confold', '-o', 'DPkg::Options::=--force-confdef', 'install', 'libevtx'] in directory '/home/sansforensics' [ERROR ] Command '['systemd-run', '--scope', 'apt-get', '-q', '-y', '-o', 'DPkg::Options::=--force-confold', '-o', 'DPkg::Options::=--force-confdef', 'install', 'libevtx']' failed with return code: 100 [ERROR ] stderr: Running scope as unit run-rab510286c38e433bb98a9e7ffd70cfbb.scope. E: Could not get lock /var/lib/dpkg/lock - open (11: Resource temporarily unavailable) E: Unable to lock the administration directory (/var/lib/dpkg/), is another process using it? [ERROR ] retcode: 100 [INFO ] Executing command ['dpkg-query', '--showformat', '${Status} ${Package} ${Version} ${Architecture}\n', '-W'] in directory '/home/sansforensics' [ERROR ] Problem encountered installing package(s). Additional info follows: errors: - Running scope as unit run-rab510286c38e433bb98a9e7ffd70cfbb.scope. E: Could not get lock /var/lib/dpkg/lock - open (11: Resource temporarily unavailable) E: Unable to lock the administration directory (/var/lib/dpkg/), is another process using it? [INFO ] Completed state [libevtx] at time 13:21:45.179032 duration_in_ms=230.19 [INFO ] Running state [libevtx-tools] at time 13:21:45.179228 [INFO ] Executing state pkg.installed for libevtx-tools [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. [DEBUG ] Could not LazyLoad pkg.check_db: 'pkg.check_db' is not available. [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. [INFO ] Executing command ['dpkg', '--get-selections', '*'] in directory '/home/sansforensics' [INFO ] Executing command ['systemd-run', '--scope', 'apt-get', '-q', '-y', '-o', 'DPkg::Options::=--force-confold', '-o', 'DPkg::Options::=--force-confdef', 'install', 'libevtx-tools'] in directory '/home/sansforensics' [ERROR ] Command '['systemd-run', '--scope', 'apt-get', '-q', '-y', '-o', 'DPkg::Options::=--force-confold', '-o', 'DPkg::Options::=--force-confdef', 'install', 'libevtx-tools']' failed with return code: 100 [ERROR ] stderr: Running scope as unit run-ra5ee951447dd4720b622e174199ab16d.scope. E: Could not get lock /var/lib/dpkg/lock - open (11: Resource temporarily unavailable) E: Unable to lock the administration directory (/var/lib/dpkg/), is another process using it? [ERROR ] retcode: 100 [INFO ] Executing command ['dpkg-query', '--showformat', '${Status} ${Package} ${Version} ${Architecture}\n', '-W'] in directory '/home/sansforensics' [ERROR ] Problem encountered installing package(s). Additional info follows: errors: - Running scope as unit run-ra5ee951447dd4720b622e174199ab16d.scope. E: Could not get lock /var/lib/dpkg/lock - open (11: Resource temporarily unavailable) E: Unable to lock the administration directory (/var/lib/dpkg/), is another process using it? [INFO ] Completed state [libevtx-tools] at time 13:21:45.400833 duration_in_ms=221.602 [INFO ] Running state [libewf] at time 13:21:45.401117 [INFO ] Executing state pkg.installed for libewf [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. [DEBUG ] Could not LazyLoad pkg.check_db: 'pkg.check_db' is not available. [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. [INFO ] Executing command ['dpkg', '--get-selections', '*'] in directory '/home/sansforensics' [INFO ] Executing command ['systemd-run', '--scope', 'apt-get', '-q', '-y', '-o', 'DPkg::Options::=--force-confold', '-o', 'DPkg::Options::=--force-confdef', 'install', 'libewf'] in directory '/home/sansforensics' [ERROR ] Command '['systemd-run', '--scope', 'apt-get', '-q', '-y', '-o', 'DPkg::Options::=--force-confold', '-o', 'DPkg::Options::=--force-confdef', 'install', 'libewf']' failed with return code: 100 [ERROR ] stderr: Running scope as unit run-r33755e096392479392060515453da747.scope. E: Could not get lock /var/lib/dpkg/lock - open (11: Resource temporarily unavailable) E: Unable to lock the administration directory (/var/lib/dpkg/), is another process using it? [ERROR ] retcode: 100 [INFO ] Executing command ['dpkg-query', '--showformat', '${Status} ${Package} ${Version} ${Architecture}\n', '-W'] in directory '/home/sansforensics' [ERROR ] Problem encountered installing package(s). Additional info follows: errors: - Running scope as unit run-r33755e096392479392060515453da747.scope. E: Could not get lock /var/lib/dpkg/lock - open (11: Resource temporarily unavailable) E: Unable to lock the administration directory (/var/lib/dpkg/), is another process using it? [INFO ] Completed state [libewf] at time 13:21:45.615449 duration_in_ms=214.33 [INFO ] Running state [libewf-dev] at time 13:21:45.615794 [INFO ] Executing state pkg.installed for libewf-dev [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. [INFO ] Package libewf-dev is already installed [INFO ] Completed state [libewf-dev] at time 13:21:45.626282 duration_in_ms=10.487 [INFO ] Running state [libewf-python] at time 13:21:45.626595 [INFO ] Executing state pkg.installed for libewf-python [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. [DEBUG ] Could not LazyLoad pkg.check_db: 'pkg.check_db' is not available. [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. [INFO ] Executing command ['dpkg', '--get-selections', '*'] in directory '/home/sansforensics' [INFO ] Executing command ['systemd-run', '--scope', 'apt-get', '-q', '-y', '-o', 'DPkg::Options::=--force-confold', '-o', 'DPkg::Options::=--force-confdef', 'install', 'libewf-python'] in directory '/home/sansforensics' [ERROR ] Command '['systemd-run', '--scope', 'apt-get', '-q', '-y', '-o', 'DPkg::Options::=--force-confold', '-o', 'DPkg::Options::=--force-confdef', 'install', 'libewf-python']' failed with return code: 100 [ERROR ] stderr: Running scope as unit run-r4c1d19bff9ae43dba77b9f9e743ce3ca.scope. E: Could not get lock /var/lib/dpkg/lock - open (11: Resource temporarily unavailable) E: Unable to lock the administration directory (/var/lib/dpkg/), is another process using it? [ERROR ] retcode: 100 [INFO ] Executing command ['dpkg-query', '--showformat', '${Status} ${Package} ${Version} ${Architecture}\n', '-W'] in directory '/home/sansforensics' [ERROR ] Problem encountered installing package(s). Additional info follows: errors: - Running scope as unit run-r4c1d19bff9ae43dba77b9f9e743ce3ca.scope. E: Could not get lock /var/lib/dpkg/lock - open (11: Resource temporarily unavailable) E: Unable to lock the administration directory (/var/lib/dpkg/), is another process using it? [INFO ] Completed state [libewf-python] at time 13:21:45.843996 duration_in_ms=217.4 [INFO ] Running state [libewf-tools] at time 13:21:45.844260 [INFO ] Executing state pkg.installed for libewf-tools [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. [DEBUG ] Could not LazyLoad pkg.check_db: 'pkg.check_db' is not available. [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. [INFO ] Executing command ['dpkg', '--get-selections', '*'] in directory '/home/sansforensics' [INFO ] Executing command ['systemd-run', '--scope', 'apt-get', '-q', '-y', '-o', 'DPkg::Options::=--force-confold', '-o', 'DPkg::Options::=--force-confdef', 'install', 'libewf-tools'] in directory '/home/sansforensics' [ERROR ] Command '['systemd-run', '--scope', 'apt-get', '-q', '-y', '-o', 'DPkg::Options::=--force-confold', '-o', 'DPkg::Options::=--force-confdef', 'install', 'libewf-tools']' failed with return code: 100 [ERROR ] stderr: Running scope as unit run-r81e3d20d80844a95954e3953c90e47df.scope. E: Could not get lock /var/lib/dpkg/lock - open (11: Resource temporarily unavailable) E: Unable to lock the administration directory (/var/lib/dpkg/), is another process using it? [ERROR ] retcode: 100 [INFO ] Executing command ['dpkg-query', '--showformat', '${Status} ${Package} ${Version} ${Architecture}\n', '-W'] in directory '/home/sansforensics' [ERROR ] Problem encountered installing package(s). Additional info follows: errors: - Running scope as unit run-r81e3d20d80844a95954e3953c90e47df.scope. E: Could not get lock /var/lib/dpkg/lock - open (11: Resource temporarily unavailable) E: Unable to lock the administration directory (/var/lib/dpkg/), is another process using it? [INFO ] Completed state [libewf-tools] at time 13:21:46.049814 duration_in_ms=205.553 [INFO ] Running state [libffi-dev] at time 13:21:46.050030 [INFO ] Executing state pkg.installed for libffi-dev [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. [DEBUG ] Could not LazyLoad pkg.check_db: 'pkg.check_db' is not available. [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. [INFO ] Executing command ['dpkg', '--get-selections', '*'] in directory '/home/sansforensics' [INFO ] Executing command ['systemd-run', '--scope', 'apt-get', '-q', '-y', '-o', 'DPkg::Options::=--force-confold', '-o', 'DPkg::Options::=--force-confdef', 'install', 'libffi-dev'] in directory '/home/sansforensics' [ERROR ] Command '['systemd-run', '--scope', 'apt-get', '-q', '-y', '-o', 'DPkg::Options::=--force-confold', '-o', 'DPkg::Options::=--force-confdef', 'install', 'libffi-dev']' failed with return code: 100 [ERROR ] stderr: Running scope as unit run-r550bb6ced15044d5894fe4dac2dedb90.scope. E: Could not get lock /var/lib/dpkg/lock - open (11: Resource temporarily unavailable) E: Unable to lock the administration directory (/var/lib/dpkg/), is another process using it? [ERROR ] retcode: 100 [INFO ] Executing command ['dpkg-query', '--showformat', '${Status} ${Package} ${Version} ${Architecture}\n', '-W'] in directory '/home/sansforensics' [ERROR ] Problem encountered installing package(s). Additional info follows: errors: - Running scope as unit run-r550bb6ced15044d5894fe4dac2dedb90.scope. E: Could not get lock /var/lib/dpkg/lock - open (11: Resource temporarily unavailable) E: Unable to lock the administration directory (/var/lib/dpkg/), is another process using it? [INFO ] Completed state [libffi-dev] at time 13:21:46.267537 duration_in_ms=217.506 [INFO ] Running state [libfuse-dev] at time 13:21:46.267786 [INFO ] Executing state pkg.installed for libfuse-dev [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. [DEBUG ] Could not LazyLoad pkg.check_db: 'pkg.check_db' is not available. [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. [INFO ] Executing command ['dpkg', '--get-selections', '*'] in directory '/home/sansforensics' [INFO ] Executing command ['systemd-run', '--scope', 'apt-get', '-q', '-y', '-o', 'DPkg::Options::=--force-confold', '-o', 'DPkg::Options::=--force-confdef', 'install', 'libfuse-dev'] in directory '/home/sansforensics' [ERROR ] Command '['systemd-run', '--scope', 'apt-get', '-q', '-y', '-o', 'DPkg::Options::=--force-confold', '-o', 'DPkg::Options::=--force-confdef', 'install', 'libfuse-dev']' failed with return code: 100 [ERROR ] stderr: Running scope as unit run-ra58f8a5f89fc42cf911f01398472b445.scope. E: Could not get lock /var/lib/dpkg/lock - open (11: Resource temporarily unavailable) E: Unable to lock the administration directory (/var/lib/dpkg/), is another process using it? [ERROR ] retcode: 100 [INFO ] Executing command ['dpkg-query', '--showformat', '${Status} ${Package} ${Version} ${Architecture}\n', '-W'] in directory '/home/sansforensics' [ERROR ] Problem encountered installing package(s). Additional info follows: errors: - Running scope as unit run-ra58f8a5f89fc42cf911f01398472b445.scope. E: Could not get lock /var/lib/dpkg/lock - open (11: Resource temporarily unavailable) E: Unable to lock the administration directory (/var/lib/dpkg/), is another process using it? [INFO ] Completed state [libfuse-dev] at time 13:21:46.640427 duration_in_ms=372.639 [INFO ] Running state [libfvde] at time 13:21:46.644212 [INFO ] Executing state pkg.installed for libfvde [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. [DEBUG ] Could not LazyLoad pkg.check_db: 'pkg.check_db' is not available. [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. [INFO ] Executing command ['dpkg', '--get-selections', '*'] in directory '/home/sansforensics' [INFO ] Executing command ['systemd-run', '--scope', 'apt-get', '-q', '-y', '-o', 'DPkg::Options::=--force-confold', '-o', 'DPkg::Options::=--force-confdef', 'install', 'libfvde'] in directory '/home/sansforensics' [ERROR ] Command '['systemd-run', '--scope', 'apt-get', '-q', '-y', '-o', 'DPkg::Options::=--force-confold', '-o', 'DPkg::Options::=--force-confdef', 'install', 'libfvde']' failed with return code: 100 [ERROR ] stderr: Running scope as unit run-rfb44e5835db54ae0abf756873ad4067b.scope. E: Could not get lock /var/lib/dpkg/lock - open (11: Resource temporarily unavailable) E: Unable to lock the administration directory (/var/lib/dpkg/), is another process using it? [ERROR ] retcode: 100 [INFO ] Executing command ['dpkg-query', '--showformat', '${Status} ${Package} ${Version} ${Architecture}\n', '-W'] in directory '/home/sansforensics' [ERROR ] Problem encountered installing package(s). Additional info follows: errors: - Running scope as unit run-rfb44e5835db54ae0abf756873ad4067b.scope. E: Could not get lock /var/lib/dpkg/lock - open (11: Resource temporarily unavailable) E: Unable to lock the administration directory (/var/lib/dpkg/), is another process using it? [INFO ] Completed state [libfvde] at time 13:21:46.907873 duration_in_ms=263.661 [INFO ] Running state [libfvde-tools] at time 13:21:46.908068 [INFO ] Executing state pkg.installed for libfvde-tools [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. [DEBUG ] Could not LazyLoad pkg.check_db: 'pkg.check_db' is not available. [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. [INFO ] Executing command ['dpkg', '--get-selections', '*'] in directory '/home/sansforensics' [INFO ] Executing command ['systemd-run', '--scope', 'apt-get', '-q', '-y', '-o', 'DPkg::Options::=--force-confold', '-o', 'DPkg::Options::=--force-confdef', 'install', 'libfvde-tools'] in directory '/home/sansforensics' [ERROR ] Command '['systemd-run', '--scope', 'apt-get', '-q', '-y', '-o', 'DPkg::Options::=--force-confold', '-o', 'DPkg::Options::=--force-confdef', 'install', 'libfvde-tools']' failed with return code: 100 [ERROR ] stderr: Running scope as unit run-rb70665e6c0cb42aea25e505df556f39f.scope. E: Could not get lock /var/lib/dpkg/lock - open (11: Resource temporarily unavailable) E: Unable to lock the administration directory (/var/lib/dpkg/), is another process using it? [ERROR ] retcode: 100 [INFO ] Executing command ['dpkg-query', '--showformat', '${Status} ${Package} ${Version} ${Architecture}\n', '-W'] in directory '/home/sansforensics' [ERROR ] Problem encountered installing package(s). Additional info follows: errors: - Running scope as unit run-rb70665e6c0cb42aea25e505df556f39f.scope. E: Could not get lock /var/lib/dpkg/lock - open (11: Resource temporarily unavailable) E: Unable to lock the administration directory (/var/lib/dpkg/), is another process using it? [INFO ] Completed state [libfvde-tools] at time 13:21:47.106873 duration_in_ms=198.804 [INFO ] Running state [liblightgrep] at time 13:21:47.107079 [INFO ] Executing state pkg.installed for liblightgrep [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. [INFO ] Package liblightgrep is already installed [INFO ] Completed state [liblightgrep] at time 13:21:47.112053 duration_in_ms=4.974 [INFO ] Running state [libmsiecf] at time 13:21:47.112186 [INFO ] Executing state pkg.installed for libmsiecf [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. [DEBUG ] Could not LazyLoad pkg.check_db: 'pkg.check_db' is not available. [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. [INFO ] Executing command ['dpkg', '--get-selections', '*'] in directory '/home/sansforensics' [INFO ] Executing command ['systemd-run', '--scope', 'apt-get', '-q', '-y', '-o', 'DPkg::Options::=--force-confold', '-o', 'DPkg::Options::=--force-confdef', 'install', 'libmsiecf'] in directory '/home/sansforensics' [ERROR ] Command '['systemd-run', '--scope', 'apt-get', '-q', '-y', '-o', 'DPkg::Options::=--force-confold', '-o', 'DPkg::Options::=--force-confdef', 'install', 'libmsiecf']' failed with return code: 100 [ERROR ] stderr: Running scope as unit run-rcd7c8ca7703a4084a6ca445babe21d61.scope. E: Could not get lock /var/lib/dpkg/lock - open (11: Resource temporarily unavailable) E: Unable to lock the administration directory (/var/lib/dpkg/), is another process using it? [ERROR ] retcode: 100 [INFO ] Executing command ['dpkg-query', '--showformat', '${Status} ${Package} ${Version} ${Architecture}\n', '-W'] in directory '/home/sansforensics' [ERROR ] Problem encountered installing package(s). Additional info follows: errors: - Running scope as unit run-rcd7c8ca7703a4084a6ca445babe21d61.scope. E: Could not get lock /var/lib/dpkg/lock - open (11: Resource temporarily unavailable) E: Unable to lock the administration directory (/var/lib/dpkg/), is another process using it? [INFO ] Completed state [libmsiecf] at time 13:21:47.334946 duration_in_ms=222.758 [INFO ] Running state [libncurses5-dev] at time 13:21:47.335243 [INFO ] Executing state pkg.installed for libncurses5-dev [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. [DEBUG ] Could not LazyLoad pkg.check_db: 'pkg.check_db' is not available. [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. [INFO ] Executing command ['dpkg', '--get-selections', '*'] in directory '/home/sansforensics' [INFO ] Executing command ['systemd-run', '--scope', 'apt-get', '-q', '-y', '-o', 'DPkg::Options::=--force-confold', '-o', 'DPkg::Options::=--force-confdef', 'install', 'libncurses5-dev'] in directory '/home/sansforensics' [INFO ] Executing command ['dpkg-query', '--showformat', '${Status} ${Package} ${Version} ${Architecture}\n', '-W'] in directory '/home/sansforensics' [INFO ] Made the following changes: 'libncurses5-dev' changed from 'absent' to '6.0+20160213-1ubuntu1' 'libncurses-dev' changed from 'absent' to '1' 'libtinfo-dev' changed from 'absent' to '6.0+20160213-1ubuntu1' 'ncurses-dev' changed from 'absent' to '1' [DEBUG ] Refreshing modules... [INFO ] Loading fresh modules for state activity [DEBUG ] LazyLoaded jinja.render [DEBUG ] LazyLoaded yaml.render [INFO ] Completed state [libncurses5-dev] at time 13:21:52.340077 duration_in_ms=5004.833 [DEBUG ] LazyLoaded config.option [DEBUG ] LazyLoaded pkg.install [DEBUG ] LazyLoaded pkg.installed [INFO ] Running state [libnet1] at time 13:21:52.346286 [INFO ] Executing state pkg.installed for libnet1 [DEBUG ] Module DSC: Only available on Windows systems [DEBUG ] Module PSGet: Only available on Windows systems [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. [DEBUG ] Could not LazyLoad pkg.check_db: 'pkg.check_db' is not available. [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. [INFO ] Executing command ['dpkg', '--get-selections', '*'] in directory '/home/sansforensics' [INFO ] Executing command ['systemd-run', '--scope', 'apt-get', '-q', '-y', '-o', 'DPkg::Options::=--force-confold', '-o', 'DPkg::Options::=--force-confdef', 'install', 'libnet1'] in directory '/home/sansforensics' [INFO ] Executing command ['dpkg-query', '--showformat', '${Status} ${Package} ${Version} ${Architecture}\n', '-W'] in directory '/home/sansforensics' [INFO ] Made the following changes: 'libnet1' changed from 'absent' to '1.1.6+dfsg-3' [DEBUG ] Refreshing modules... [INFO ] Loading fresh modules for state activity [DEBUG ] LazyLoaded jinja.render [DEBUG ] LazyLoaded yaml.render [INFO ] Completed state [libnet1] at time 13:21:56.557247 duration_in_ms=4210.962 [DEBUG ] LazyLoaded config.option [DEBUG ] LazyLoaded pkg.install [DEBUG ] LazyLoaded pkg.installed [INFO ] Running state [libolecf] at time 13:21:56.562668 [INFO ] Executing state pkg.installed for libolecf [DEBUG ] Module DSC: Only available on Windows systems [DEBUG ] Module PSGet: Only available on Windows systems [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. [DEBUG ] Could not LazyLoad pkg.check_db: 'pkg.check_db' is not available. [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. [INFO ] Executing command ['dpkg', '--get-selections', '*'] in directory '/home/sansforensics' [INFO ] Executing command ['systemd-run', '--scope', 'apt-get', '-q', '-y', '-o', 'DPkg::Options::=--force-confold', '-o', 'DPkg::Options::=--force-confdef', 'install', 'libolecf'] in directory '/home/sansforensics' [INFO ] Executing command ['dpkg-query', '--showformat', '${Status} ${Package} ${Version} ${Architecture}\n', '-W'] in directory '/home/sansforensics' [INFO ] Made the following changes: 'libolecf' changed from 'absent' to '20161113-1ppa1~xenial' [DEBUG ] Refreshing modules... [INFO ] Loading fresh modules for state activity [DEBUG ] LazyLoaded jinja.render [DEBUG ] LazyLoaded yaml.render [INFO ] Completed state [libolecf] at time 13:22:02.825033 duration_in_ms=6262.364 [DEBUG ] LazyLoaded config.option [DEBUG ] LazyLoaded pkg.install [DEBUG ] LazyLoaded pkg.installed [INFO ] Running state [libparse-win32registry-perl] at time 13:22:02.830800 [INFO ] Executing state pkg.installed for libparse-win32registry-perl [DEBUG ] Module DSC: Only available on Windows systems [DEBUG ] Module PSGet: Only available on Windows systems [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. [DEBUG ] Could not LazyLoad pkg.check_db: 'pkg.check_db' is not available. [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. [INFO ] Executing command ['dpkg', '--get-selections', '*'] in directory '/home/sansforensics' [INFO ] Executing command ['systemd-run', '--scope', 'apt-get', '-q', '-y', '-o', 'DPkg::Options::=--force-confold', '-o', 'DPkg::Options::=--force-confdef', 'install', 'libparse-win32registry-perl'] in directory '/home/sansforensics' [INFO ] Executing command ['dpkg-query', '--showformat', '${Status} ${Package} ${Version} ${Architecture}\n', '-W'] in directory '/home/sansforensics' [INFO ] Made the following changes: 'libparse-win32registry-perl' changed from 'absent' to '1.0-2' [DEBUG ] Refreshing modules... [INFO ] Loading fresh modules for state activity [DEBUG ] LazyLoaded jinja.render [DEBUG ] LazyLoaded yaml.render [INFO ] Completed state [libparse-win32registry-perl] at time 13:22:09.025352 duration_in_ms=6194.551 [DEBUG ] LazyLoaded config.option [DEBUG ] LazyLoaded pkg.install [DEBUG ] LazyLoaded pkg.installed [INFO ] Running state [libpff] at time 13:22:09.030772 [INFO ] Executing state pkg.installed for libpff [DEBUG ] Module DSC: Only available on Windows systems [DEBUG ] Module PSGet: Only available on Windows systems [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. [DEBUG ] Could not LazyLoad pkg.check_db: 'pkg.check_db' is not available. [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. [INFO ] Executing command ['dpkg', '--get-selections', '*'] in directory '/home/sansforensics' [INFO ] Executing command ['systemd-run', '--scope', 'apt-get', '-q', '-y', '-o', 'DPkg::Options::=--force-confold', '-o', 'DPkg::Options::=--force-confdef', 'install', 'libpff'] in directory '/home/sansforensics' [INFO ] Executing command ['dpkg-query', '--showformat', '${Status} ${Package} ${Version} ${Architecture}\n', '-W'] in directory '/home/sansforensics' [INFO ] Made the following changes: 'libpff' changed from 'absent' to '20131029-1ubuntu3' [DEBUG ] Refreshing modules... [INFO ] Loading fresh modules for state activity [DEBUG ] LazyLoaded jinja.render [DEBUG ] LazyLoaded yaml.render [INFO ] Completed state [libpff] at time 13:22:14.630457 duration_in_ms=5599.685 [DEBUG ] LazyLoaded config.option [DEBUG ] LazyLoaded pkg.install [DEBUG ] LazyLoaded pkg.installed [INFO ] Running state [libpff-dev] at time 13:22:14.635815 [INFO ] Executing state pkg.installed for libpff-dev [DEBUG ] Module DSC: Only available on Windows systems [DEBUG ] Module PSGet: Only available on Windows systems [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. [DEBUG ] Could not LazyLoad pkg.check_db: 'pkg.check_db' is not available. [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. [INFO ] Executing command ['dpkg', '--get-selections', '*'] in directory '/home/sansforensics' [INFO ] Executing command ['systemd-run', '--scope', 'apt-get', '-q', '-y', '-o', 'DPkg::Options::=--force-confold', '-o', 'DPkg::Options::=--force-confdef', 'install', 'libpff-dev'] in directory '/home/sansforensics' [INFO ] Executing command ['dpkg-query', '--showformat', '${Status} ${Package} ${Version} ${Architecture}\n', '-W'] in directory '/home/sansforensics' [INFO ] Made the following changes: 'libpff-dev' changed from 'absent' to '20131029-1ubuntu3' [DEBUG ] Refreshing modules... [INFO ] Loading fresh modules for state activity [DEBUG ] LazyLoaded jinja.render [DEBUG ] LazyLoaded yaml.render [INFO ] Completed state [libpff-dev] at time 13:22:21.999494 duration_in_ms=7363.678 [DEBUG ] LazyLoaded config.option [DEBUG ] LazyLoaded pkg.install [DEBUG ] LazyLoaded pkg.installed [INFO ] Running state [libpff-python] at time 13:22:22.004756 [INFO ] Executing state pkg.installed for libpff-python [DEBUG ] Module DSC: Only available on Windows systems [DEBUG ] Module PSGet: Only available on Windows systems [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. [DEBUG ] Could not LazyLoad pkg.check_db: 'pkg.check_db' is not available. [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. [INFO ] Executing command ['dpkg', '--get-selections', '*'] in directory '/home/sansforensics' [INFO ] Executing command ['systemd-run', '--scope', 'apt-get', '-q', '-y', '-o', 'DPkg::Options::=--force-confold', '-o', 'DPkg::Options::=--force-confdef', 'install', 'libpff-python'] in directory '/home/sansforensics' [INFO ] Executing command ['dpkg-query', '--showformat', '${Status} ${Package} ${Version} ${Architecture}\n', '-W'] in directory '/home/sansforensics' [INFO ] Made the following changes: 'libpff-python' changed from 'absent' to '20131029-1ubuntu3' [DEBUG ] Refreshing modules... [INFO ] Loading fresh modules for state activity [DEBUG ] LazyLoaded jinja.render [DEBUG ] LazyLoaded yaml.render [INFO ] Completed state [libpff-python] at time 13:22:26.390946 duration_in_ms=4386.191 [DEBUG ] LazyLoaded config.option [DEBUG ] LazyLoaded pkg.install [DEBUG ] LazyLoaded pkg.installed [INFO ] Running state [libpff-tools] at time 13:22:26.396532 [INFO ] Executing state pkg.installed for libpff-tools [DEBUG ] Module DSC: Only available on Windows systems [DEBUG ] Module PSGet: Only available on Windows systems [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. [DEBUG ] Could not LazyLoad pkg.check_db: 'pkg.check_db' is not available. [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. [INFO ] Executing command ['dpkg', '--get-selections', '*'] in directory '/home/sansforensics' [INFO ] Executing command ['systemd-run', '--scope', 'apt-get', '-q', '-y', '-o', 'DPkg::Options::=--force-confold', '-o', 'DPkg::Options::=--force-confdef', 'install', 'libpff-tools'] in directory '/home/sansforensics' [INFO ] Executing command ['dpkg-query', '--showformat', '${Status} ${Package} ${Version} ${Architecture}\n', '-W'] in directory '/home/sansforensics' [INFO ] Made the following changes: 'libpff-tools' changed from 'absent' to '20131029-1ubuntu3' [DEBUG ] Refreshing modules... [INFO ] Loading fresh modules for state activity [DEBUG ] LazyLoaded jinja.render [DEBUG ] LazyLoaded yaml.render [INFO ] Completed state [libpff-tools] at time 13:22:31.618901 duration_in_ms=5222.37 [DEBUG ] LazyLoaded config.option [DEBUG ] LazyLoaded pkg.install [DEBUG ] LazyLoaded pkg.installed [INFO ] Running state [libregf] at time 13:22:31.624857 [INFO ] Executing state pkg.installed for libregf [DEBUG ] Module DSC: Only available on Windows systems [DEBUG ] Module PSGet: Only available on Windows systems [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. [DEBUG ] Could not LazyLoad pkg.check_db: 'pkg.check_db' is not available. [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. [INFO ] Executing command ['dpkg', '--get-selections', '*'] in directory '/home/sansforensics' [INFO ] Executing command ['systemd-run', '--scope', 'apt-get', '-q', '-y', '-o', 'DPkg::Options::=--force-confold', '-o', 'DPkg::Options::=--force-confdef', 'install', 'libregf'] in directory '/home/sansforensics' [INFO ] Executing command ['dpkg-query', '--showformat', '${Status} ${Package} ${Version} ${Architecture}\n', '-W'] in directory '/home/sansforensics' [INFO ] Made the following changes: 'libregf' changed from 'absent' to '20160424-1ppa1~xenial' [DEBUG ] Refreshing modules... [INFO ] Loading fresh modules for state activity [DEBUG ] LazyLoaded jinja.render [DEBUG ] LazyLoaded yaml.render [INFO ] Completed state [libregf] at time 13:22:36.295154 duration_in_ms=4670.296 [DEBUG ] LazyLoaded config.option [DEBUG ] LazyLoaded pkg.install [DEBUG ] LazyLoaded pkg.installed [INFO ] Running state [libregf-dev] at time 13:22:36.305495 [INFO ] Executing state pkg.installed for libregf-dev [DEBUG ] Module DSC: Only available on Windows systems [DEBUG ] Module PSGet: Only available on Windows systems [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. [DEBUG ] Could not LazyLoad pkg.check_db: 'pkg.check_db' is not available. [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. [INFO ] Executing command ['dpkg', '--get-selections', '*'] in directory '/home/sansforensics' [INFO ] Executing command ['systemd-run', '--scope', 'apt-get', '-q', '-y', '-o', 'DPkg::Options::=--force-confold', '-o', 'DPkg::Options::=--force-confdef', 'install', 'libregf-dev'] in directory '/home/sansforensics' [INFO ] Executing command ['dpkg-query', '--showformat', '${Status} ${Package} ${Version} ${Architecture}\n', '-W'] in directory '/home/sansforensics' [INFO ] Made the following changes: 'libregf-dev' changed from 'absent' to '20160424-1ppa1~xenial' [DEBUG ] Refreshing modules... [INFO ] Loading fresh modules for state activity [DEBUG ] LazyLoaded jinja.render [DEBUG ] LazyLoaded yaml.render [INFO ] Completed state [libregf-dev] at time 13:22:43.106073 duration_in_ms=6800.58 [DEBUG ] LazyLoaded config.option [DEBUG ] LazyLoaded pkg.install [DEBUG ] LazyLoaded pkg.installed [INFO ] Running state [libregf-python] at time 13:22:43.113528 [INFO ] Executing state pkg.installed for libregf-python [DEBUG ] Module DSC: Only available on Windows systems [DEBUG ] Module PSGet: Only available on Windows systems [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. [DEBUG ] Could not LazyLoad pkg.check_db: 'pkg.check_db' is not available. [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. [INFO ] Executing command ['dpkg', '--get-selections', '*'] in directory '/home/sansforensics' [INFO ] Executing command ['systemd-run', '--scope', 'apt-get', '-q', '-y', '-o', 'DPkg::Options::=--force-confold', '-o', 'DPkg::Options::=--force-confdef', 'install', 'libregf-python'] in directory '/home/sansforensics' [INFO ] Executing command ['dpkg-query', '--showformat', '${Status} ${Package} ${Version} ${Architecture}\n', '-W'] in directory '/home/sansforensics' [INFO ] Made the following changes: 'libregf-python' changed from 'absent' to '20160424-1ppa1~xenial' [DEBUG ] Refreshing modules... [INFO ] Loading fresh modules for state activity [DEBUG ] LazyLoaded jinja.render [DEBUG ] LazyLoaded yaml.render [INFO ] Completed state [libregf-python] at time 13:22:47.624178 duration_in_ms=4510.65 [DEBUG ] LazyLoaded config.option [DEBUG ] LazyLoaded pkg.install [DEBUG ] LazyLoaded pkg.installed [INFO ] Running state [libregf-tools] at time 13:22:47.629147 [INFO ] Executing state pkg.installed for libregf-tools [DEBUG ] Module DSC: Only available on Windows systems [DEBUG ] Module PSGet: Only available on Windows systems [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. [DEBUG ] Could not LazyLoad pkg.check_db: 'pkg.check_db' is not available. [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. [INFO ] Executing command ['dpkg', '--get-selections', '*'] in directory '/home/sansforensics' [INFO ] Executing command ['systemd-run', '--scope', 'apt-get', '-q', '-y', '-o', 'DPkg::Options::=--force-confold', '-o', 'DPkg::Options::=--force-confdef', 'install', 'libregf-tools'] in directory '/home/sansforensics' [INFO ] Executing command ['dpkg-query', '--showformat', '${Status} ${Package} ${Version} ${Architecture}\n', '-W'] in directory '/home/sansforensics' [INFO ] Made the following changes: 'libregf-tools' changed from 'absent' to '20160424-1ppa1~xenial' [DEBUG ] Refreshing modules... [INFO ] Loading fresh modules for state activity [DEBUG ] LazyLoaded jinja.render [DEBUG ] LazyLoaded yaml.render [INFO ] Completed state [libregf-tools] at time 13:22:53.001891 duration_in_ms=5372.743 [DEBUG ] LazyLoaded config.option [DEBUG ] LazyLoaded pkg.install [DEBUG ] LazyLoaded pkg.installed [INFO ] Running state [libssl-dev] at time 13:22:53.007479 [INFO ] Executing state pkg.installed for libssl-dev [DEBUG ] Module DSC: Only available on Windows systems [DEBUG ] Module PSGet: Only available on Windows systems [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. [INFO ] Package libssl-dev is already installed [INFO ] Completed state [libssl-dev] at time 13:22:53.341235 duration_in_ms=333.756 [INFO ] Running state [libtext-csv-perl] at time 13:22:53.341406 [INFO ] Executing state pkg.installed for libtext-csv-perl [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. [DEBUG ] Could not LazyLoad pkg.check_db: 'pkg.check_db' is not available. [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. [INFO ] Executing command ['dpkg', '--get-selections', '*'] in directory '/home/sansforensics' [INFO ] Executing command ['systemd-run', '--scope', 'apt-get', '-q', '-y', '-o', 'DPkg::Options::=--force-confold', '-o', 'DPkg::Options::=--force-confdef', 'install', 'libtext-csv-perl'] in directory '/home/sansforensics' [INFO ] Executing command ['dpkg-query', '--showformat', '${Status} ${Package} ${Version} ${Architecture}\n', '-W'] in directory '/home/sansforensics' [INFO ] Made the following changes: 'libtext-csv-xs-perl' changed from 'absent' to '1.21-1' 'libtext-csv-perl' changed from 'absent' to '1.33-1' [DEBUG ] Refreshing modules... [INFO ] Loading fresh modules for state activity [DEBUG ] LazyLoaded jinja.render [DEBUG ] LazyLoaded yaml.render [INFO ] Completed state [libtext-csv-perl] at time 13:22:58.969605 duration_in_ms=5628.199 [DEBUG ] LazyLoaded config.option [DEBUG ] LazyLoaded pkg.install [DEBUG ] LazyLoaded pkg.installed [INFO ] Running state [libvmdk] at time 13:22:58.975030 [INFO ] Executing state pkg.installed for libvmdk [DEBUG ] Module DSC: Only available on Windows systems [DEBUG ] Module PSGet: Only available on Windows systems [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. [DEBUG ] Could not LazyLoad pkg.check_db: 'pkg.check_db' is not available. [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. [INFO ] Executing command ['dpkg', '--get-selections', '*'] in directory '/home/sansforensics' [INFO ] Executing command ['systemd-run', '--scope', 'apt-get', '-q', '-y', '-o', 'DPkg::Options::=--force-confold', '-o', 'DPkg::Options::=--force-confdef', 'install', 'libvmdk'] in directory '/home/sansforensics' [INFO ] Executing command ['dpkg-query', '--showformat', '${Status} ${Package} ${Version} ${Architecture}\n', '-W'] in directory '/home/sansforensics' [INFO ] Made the following changes: 'libvmdk' changed from 'absent' to '20160119-1ppa1~xenial' [DEBUG ] Refreshing modules... [INFO ] Loading fresh modules for state activity [DEBUG ] LazyLoaded jinja.render [DEBUG ] LazyLoaded yaml.render [INFO ] Completed state [libvmdk] at time 13:23:03.864784 duration_in_ms=4889.754 [DEBUG ] LazyLoaded config.option [DEBUG ] LazyLoaded pkg.install [DEBUG ] LazyLoaded pkg.installed [INFO ] Running state [libvshadow] at time 13:23:03.870302 [INFO ] Executing state pkg.installed for libvshadow [DEBUG ] Module DSC: Only available on Windows systems [DEBUG ] Module PSGet: Only available on Windows systems [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. [DEBUG ] Could not LazyLoad pkg.check_db: 'pkg.check_db' is not available. [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. [INFO ] Executing command ['dpkg', '--get-selections', '*'] in directory '/home/sansforensics' [INFO ] Executing command ['systemd-run', '--scope', 'apt-get', '-q', '-y', '-o', 'DPkg::Options::=--force-confold', '-o', 'DPkg::Options::=--force-confdef', 'install', 'libvshadow'] in directory '/home/sansforensics' [INFO ] Executing command ['dpkg-query', '--showformat', '${Status} ${Package} ${Version} ${Architecture}\n', '-W'] in directory '/home/sansforensics' [INFO ] Made the following changes: 'libvshadow' changed from 'absent' to '20161111-1ppa1~xenial' [DEBUG ] Refreshing modules... [INFO ] Loading fresh modules for state activity [DEBUG ] LazyLoaded jinja.render [DEBUG ] LazyLoaded yaml.render [INFO ] Completed state [libvshadow] at time 13:23:08.276448 duration_in_ms=4406.146 [DEBUG ] LazyLoaded config.option [DEBUG ] LazyLoaded pkg.install [DEBUG ] LazyLoaded pkg.installed [INFO ] Running state [libvshadow-dev] at time 13:23:08.282068 [INFO ] Executing state pkg.installed for libvshadow-dev [DEBUG ] Module DSC: Only available on Windows systems [DEBUG ] Module PSGet: Only available on Windows systems [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. [DEBUG ] Could not LazyLoad pkg.check_db: 'pkg.check_db' is not available. [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. [INFO ] Executing command ['dpkg', '--get-selections', '*'] in directory '/home/sansforensics' [INFO ] Executing command ['systemd-run', '--scope', 'apt-get', '-q', '-y', '-o', 'DPkg::Options::=--force-confold', '-o', 'DPkg::Options::=--force-confdef', 'install', 'libvshadow-dev'] in directory '/home/sansforensics' [INFO ] Executing command ['dpkg-query', '--showformat', '${Status} ${Package} ${Version} ${Architecture}\n', '-W'] in directory '/home/sansforensics' [INFO ] Made the following changes: 'libvshadow-dev' changed from 'absent' to '20161111-1ppa1~xenial' [DEBUG ] Refreshing modules... [INFO ] Loading fresh modules for state activity [DEBUG ] LazyLoaded jinja.render [DEBUG ] LazyLoaded yaml.render [INFO ] Completed state [libvshadow-dev] at time 13:23:17.233318 duration_in_ms=8951.249 [DEBUG ] LazyLoaded config.option [DEBUG ] LazyLoaded pkg.install [DEBUG ] LazyLoaded pkg.installed [INFO ] Running state [libvshadow-python] at time 13:23:17.242779 [INFO ] Executing state pkg.installed for libvshadow-python [DEBUG ] Module DSC: Only available on Windows systems [DEBUG ] Module PSGet: Only available on Windows systems [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. [DEBUG ] Could not LazyLoad pkg.check_db: 'pkg.check_db' is not available. [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. [INFO ] Executing command ['dpkg', '--get-selections', '*'] in directory '/home/sansforensics' [INFO ] Executing command ['systemd-run', '--scope', 'apt-get', '-q', '-y', '-o', 'DPkg::Options::=--force-confold', '-o', 'DPkg::Options::=--force-confdef', 'install', 'libvshadow-python'] in directory '/home/sansforensics' [INFO ] Executing command ['dpkg-query', '--showformat', '${Status} ${Package} ${Version} ${Architecture}\n', '-W'] in directory '/home/sansforensics' [INFO ] Made the following changes: 'libvshadow-python' changed from 'absent' to '20161111-1ppa1~xenial' [DEBUG ] Refreshing modules... [INFO ] Loading fresh modules for state activity [DEBUG ] LazyLoaded jinja.render [DEBUG ] LazyLoaded yaml.render [INFO ] Completed state [libvshadow-python] at time 13:23:22.119303 duration_in_ms=4876.525 [DEBUG ] LazyLoaded config.option [DEBUG ] LazyLoaded pkg.install [DEBUG ] LazyLoaded pkg.installed [INFO ] Running state [libvshadow-tools] at time 13:23:22.130555 [INFO ] Executing state pkg.installed for libvshadow-tools [DEBUG ] Module DSC: Only available on Windows systems [DEBUG ] Module PSGet: Only available on Windows systems [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. [DEBUG ] Could not LazyLoad pkg.check_db: 'pkg.check_db' is not available. [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. [INFO ] Executing command ['dpkg', '--get-selections', '*'] in directory '/home/sansforensics' [INFO ] Executing command ['systemd-run', '--scope', 'apt-get', '-q', '-y', '-o', 'DPkg::Options::=--force-confold', '-o', 'DPkg::Options::=--force-confdef', 'install', 'libvshadow-tools'] in directory '/home/sansforensics' [INFO ] Executing command ['dpkg-query', '--showformat', '${Status} ${Package} ${Version} ${Architecture}\n', '-W'] in directory '/home/sansforensics' [INFO ] Made the following changes: 'libvshadow-tools' changed from 'absent' to '20161111-1ppa1~xenial' [DEBUG ] Refreshing modules... [INFO ] Loading fresh modules for state activity [DEBUG ] LazyLoaded jinja.render [DEBUG ] LazyLoaded yaml.render [INFO ] Completed state [libvshadow-tools] at time 13:23:26.969740 duration_in_ms=4839.185 [DEBUG ] LazyLoaded config.option [DEBUG ] LazyLoaded pkg.install [DEBUG ] LazyLoaded pkg.installed [INFO ] Running state [libxml2-dev] at time 13:23:26.975470 [INFO ] Executing state pkg.installed for libxml2-dev [DEBUG ] Module DSC: Only available on Windows systems [DEBUG ] Module PSGet: Only available on Windows systems [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. [DEBUG ] Could not LazyLoad pkg.check_db: 'pkg.check_db' is not available. [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. [INFO ] Executing command ['dpkg', '--get-selections', '*'] in directory '/home/sansforensics' [INFO ] Executing command ['systemd-run', '--scope', 'apt-get', '-q', '-y', '-o', 'DPkg::Options::=--force-confold', '-o', 'DPkg::Options::=--force-confdef', 'install', 'libxml2-dev'] in directory '/home/sansforensics' [INFO ] Executing command ['dpkg-query', '--showformat', '${Status} ${Package} ${Version} ${Architecture}\n', '-W'] in directory '/home/sansforensics' [INFO ] Made the following changes: 'icu-devtools' changed from 'absent' to '55.1-7ubuntu0.2' 'libicu-dev' changed from 'absent' to '55.1-7ubuntu0.2' 'libxml2-dev' changed from 'absent' to '2.9.3+dfsg1-1ubuntu0.2' [DEBUG ] Refreshing modules... [INFO ] Loading fresh modules for state activity [DEBUG ] LazyLoaded jinja.render [DEBUG ] LazyLoaded yaml.render [INFO ] Completed state [libxml2-dev] at time 13:23:51.387954 duration_in_ms=24412.483 [DEBUG ] LazyLoaded config.option [DEBUG ] LazyLoaded pkg.install [DEBUG ] LazyLoaded pkg.installed [INFO ] Running state [libxslt-dev] at time 13:23:51.393376 [INFO ] Executing state pkg.installed for libxslt-dev [DEBUG ] Module DSC: Only available on Windows systems [DEBUG ] Module PSGet: Only available on Windows systems [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. [DEBUG ] Could not LazyLoad pkg.check_db: 'pkg.check_db' is not available. [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. [INFO ] Executing command ['dpkg', '--get-selections', '*'] in directory '/home/sansforensics' [INFO ] Executing command ['systemd-run', '--scope', 'apt-get', '-q', '-y', '-o', 'DPkg::Options::=--force-confold', '-o', 'DPkg::Options::=--force-confdef', 'install', 'libxslt-dev'] in directory '/home/sansforensics' [INFO ] Executing command ['dpkg-query', '--showformat', '${Status} ${Package} ${Version} ${Architecture}\n', '-W'] in directory '/home/sansforensics' [INFO ] Made the following changes: 'libxslt1-dev' changed from 'absent' to '1.1.28-2.1ubuntu0.1' 'libxslt-dev' changed from 'absent' to '1' [DEBUG ] Refreshing modules... [INFO ] Loading fresh modules for state activity [DEBUG ] LazyLoaded jinja.render [DEBUG ] LazyLoaded yaml.render [INFO ] Completed state [libxslt-dev] at time 13:23:58.435043 duration_in_ms=7041.666 [DEBUG ] LazyLoaded config.option [DEBUG ] LazyLoaded pkg.install [DEBUG ] LazyLoaded pkg.installed [INFO ] Running state [md5deep] at time 13:23:58.440467 [INFO ] Executing state pkg.installed for md5deep [DEBUG ] Module DSC: Only available on Windows systems [DEBUG ] Module PSGet: Only available on Windows systems [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. [DEBUG ] Could not LazyLoad pkg.check_db: 'pkg.check_db' is not available. [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. [INFO ] Executing command ['dpkg', '--get-selections', '*'] in directory '/home/sansforensics' [INFO ] Executing command ['systemd-run', '--scope', 'apt-get', '-q', '-y', '-o', 'DPkg::Options::=--force-confold', '-o', 'DPkg::Options::=--force-confdef', 'install', 'md5deep'] in directory '/home/sansforensics' [INFO ] Executing command ['dpkg-query', '--showformat', '${Status} ${Package} ${Version} ${Architecture}\n', '-W'] in directory '/home/sansforensics' [INFO ] Made the following changes: 'md5deep' changed from 'absent' to '4.4-2' 'hashdeep' changed from 'absent' to '4.4-2' [DEBUG ] Refreshing modules... [INFO ] Loading fresh modules for state activity [DEBUG ] LazyLoaded jinja.render [DEBUG ] LazyLoaded yaml.render [INFO ] Completed state [md5deep] at time 13:24:03.393410 duration_in_ms=4952.942 [DEBUG ] LazyLoaded config.option [DEBUG ] LazyLoaded pkg.install [DEBUG ] LazyLoaded pkg.installed [INFO ] Running state [nbd-client] at time 13:24:03.398778 [INFO ] Executing state pkg.installed for nbd-client [DEBUG ] Module DSC: Only available on Windows systems [DEBUG ] Module PSGet: Only available on Windows systems [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. [DEBUG ] Could not LazyLoad pkg.check_db: 'pkg.check_db' is not available. [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. [INFO ] Executing command ['dpkg', '--get-selections', '*'] in directory '/home/sansforensics' [INFO ] Executing command ['systemd-run', '--scope', 'apt-get', '-q', '-y', '-o', 'DPkg::Options::=--force-confold', '-o', 'DPkg::Options::=--force-confdef', 'install', 'nbd-client'] in directory '/home/sansforensics' [INFO ] Executing command ['dpkg-query', '--showformat', '${Status} ${Package} ${Version} ${Architecture}\n', '-W'] in directory '/home/sansforensics' [INFO ] Made the following changes: 'nbd-client' changed from 'absent' to '1:3.13-1' [DEBUG ] Refreshing modules... [INFO ] Loading fresh modules for state activity [DEBUG ] LazyLoaded jinja.render [DEBUG ] LazyLoaded yaml.render [INFO ] Completed state [nbd-client] at time 13:24:24.374107 duration_in_ms=20975.328 [DEBUG ] LazyLoaded config.option [DEBUG ] LazyLoaded pkg.install [DEBUG ] LazyLoaded pkg.installed [INFO ] Running state [nbtscan] at time 13:24:24.379678 [INFO ] Executing state pkg.installed for nbtscan [DEBUG ] Module DSC: Only available on Windows systems [DEBUG ] Module PSGet: Only available on Windows systems [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. [DEBUG ] Could not LazyLoad pkg.check_db: 'pkg.check_db' is not available. [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. [INFO ] Executing command ['dpkg', '--get-selections', '*'] in directory '/home/sansforensics' [INFO ] Executing command ['systemd-run', '--scope', 'apt-get', '-q', '-y', '-o', 'DPkg::Options::=--force-confold', '-o', 'DPkg::Options::=--force-confdef', 'install', 'nbtscan'] in directory '/home/sansforensics' [INFO ] Executing command ['dpkg-query', '--showformat', '${Status} ${Package} ${Version} ${Architecture}\n', '-W'] in directory '/home/sansforensics' [INFO ] Made the following changes: 'nbtscan' changed from 'absent' to '1.5.1-6' [DEBUG ] Refreshing modules... [INFO ] Loading fresh modules for state activity [DEBUG ] LazyLoaded jinja.render [DEBUG ] LazyLoaded yaml.render [INFO ] Completed state [nbtscan] at time 13:24:29.565854 duration_in_ms=5186.175 [DEBUG ] LazyLoaded config.option [DEBUG ] LazyLoaded pkg.install [DEBUG ] LazyLoaded pkg.installed [INFO ] Running state [netcat] at time 13:24:29.572587 [INFO ] Executing state pkg.installed for netcat [DEBUG ] Module DSC: Only available on Windows systems [DEBUG ] Module PSGet: Only available on Windows systems [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. [INFO ] Package netcat is already installed [INFO ] Completed state [netcat] at time 13:24:29.959795 duration_in_ms=387.208 [INFO ] Running state [netpbm] at time 13:24:29.959981 [INFO ] Executing state pkg.installed for netpbm [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. [INFO ] Package netpbm is already installed [INFO ] Completed state [netpbm] at time 13:24:29.965662 duration_in_ms=5.681 [INFO ] Running state [netsed] at time 13:24:29.965829 [INFO ] Executing state pkg.installed for netsed [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. [DEBUG ] Could not LazyLoad pkg.check_db: 'pkg.check_db' is not available. [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. [INFO ] Executing command ['dpkg', '--get-selections', '*'] in directory '/home/sansforensics' [INFO ] Executing command ['systemd-run', '--scope', 'apt-get', '-q', '-y', '-o', 'DPkg::Options::=--force-confold', '-o', 'DPkg::Options::=--force-confdef', 'install', 'netsed'] in directory '/home/sansforensics' [INFO ] Executing command ['dpkg-query', '--showformat', '${Status} ${Package} ${Version} ${Architecture}\n', '-W'] in directory '/home/sansforensics' [INFO ] Made the following changes: 'netsed' changed from 'absent' to '1.2-1' [DEBUG ] Refreshing modules... [INFO ] Loading fresh modules for state activity [DEBUG ] LazyLoaded jinja.render [DEBUG ] LazyLoaded yaml.render [INFO ] Completed state [netsed] at time 13:24:34.236863 duration_in_ms=4271.034 [DEBUG ] LazyLoaded config.option [DEBUG ] LazyLoaded pkg.install [DEBUG ] LazyLoaded pkg.installed [INFO ] Running state [netwox] at time 13:24:34.243313 [INFO ] Executing state pkg.installed for netwox [DEBUG ] Module DSC: Only available on Windows systems [DEBUG ] Module PSGet: Only available on Windows systems [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. [DEBUG ] Could not LazyLoad pkg.check_db: 'pkg.check_db' is not available. [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. [INFO ] Executing command ['dpkg', '--get-selections', '*'] in directory '/home/sansforensics' [INFO ] Executing command ['systemd-run', '--scope', 'apt-get', '-q', '-y', '-o', 'DPkg::Options::=--force-confold', '-o', 'DPkg::Options::=--force-confdef', 'install', 'netwox'] in directory '/home/sansforensics' [INFO ] Executing command ['dpkg-query', '--showformat', '${Status} ${Package} ${Version} ${Architecture}\n', '-W'] in directory '/home/sansforensics' [INFO ] Made the following changes: 'tcl8.5' changed from 'absent' to '8.5.19-1' 'libtcl8.5' changed from 'absent' to '8.5.19-1' 'libtk8.5' changed from 'absent' to '8.5.19-1ubuntu1' 'tk8.5' changed from 'absent' to '8.5.19-1ubuntu1' 'netwag' changed from 'absent' to '5.39.0-1.2' 'netwox' changed from 'absent' to '5.39.0-1.2' [DEBUG ] Refreshing modules... [INFO ] Loading fresh modules for state activity [DEBUG ] LazyLoaded jinja.render [DEBUG ] LazyLoaded yaml.render [INFO ] Completed state [netwox] at time 13:24:43.626642 duration_in_ms=9383.329 [DEBUG ] LazyLoaded config.option [DEBUG ] LazyLoaded pkg.install [DEBUG ] LazyLoaded pkg.installed [INFO ] Running state [nfdump] at time 13:24:43.632135 [INFO ] Executing state pkg.installed for nfdump [DEBUG ] Module DSC: Only available on Windows systems [DEBUG ] Module PSGet: Only available on Windows systems [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. [DEBUG ] Could not LazyLoad pkg.check_db: 'pkg.check_db' is not available. [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. [INFO ] Executing command ['dpkg', '--get-selections', '*'] in directory '/home/sansforensics' [INFO ] Executing command ['systemd-run', '--scope', 'apt-get', '-q', '-y', '-o', 'DPkg::Options::=--force-confold', '-o', 'DPkg::Options::=--force-confdef', 'install', 'nfdump'] in directory '/home/sansforensics' [INFO ] Executing command ['dpkg-query', '--showformat', '${Status} ${Package} ${Version} ${Architecture}\n', '-W'] in directory '/home/sansforensics' [INFO ] Made the following changes: 'nfdump' changed from 'absent' to '1.6.12-0.2' 'librrd4' changed from 'absent' to '1.5.5-4' 'libdbi1' changed from 'absent' to '0.9.0-4' [DEBUG ] Refreshing modules... [INFO ] Loading fresh modules for state activity [DEBUG ] LazyLoaded jinja.render [DEBUG ] LazyLoaded yaml.render [INFO ] Completed state [nfdump] at time 13:24:50.596577 duration_in_ms=6964.441 [DEBUG ] LazyLoaded config.option [DEBUG ] LazyLoaded pkg.install [DEBUG ] LazyLoaded pkg.installed [INFO ] Running state [ngrep] at time 13:24:50.602732 [INFO ] Executing state pkg.installed for ngrep [DEBUG ] Module DSC: Only available on Windows systems [DEBUG ] Module PSGet: Only available on Windows systems [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. [DEBUG ] Could not LazyLoad pkg.check_db: 'pkg.check_db' is not available. [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. [INFO ] Executing command ['dpkg', '--get-selections', '*'] in directory '/home/sansforensics' [INFO ] Executing command ['systemd-run', '--scope', 'apt-get', '-q', '-y', '-o', 'DPkg::Options::=--force-confold', '-o', 'DPkg::Options::=--force-confdef', 'install', 'ngrep'] in directory '/home/sansforensics' [INFO ] Executing command ['dpkg-query', '--showformat', '${Status} ${Package} ${Version} ${Architecture}\n', '-W'] in directory '/home/sansforensics' [INFO ] Made the following changes: 'ngrep' changed from 'absent' to '1.45.ds2-13' [DEBUG ] Refreshing modules... [INFO ] Loading fresh modules for state activity [DEBUG ] LazyLoaded jinja.render [DEBUG ] LazyLoaded yaml.render [INFO ] Completed state [ngrep] at time 13:24:55.368050 duration_in_ms=4765.318 [DEBUG ] LazyLoaded config.option [DEBUG ] LazyLoaded pkg.install [DEBUG ] LazyLoaded pkg.installed [INFO ] Running state [nikto] at time 13:24:55.375088 [INFO ] Executing state pkg.installed for nikto [DEBUG ] Module DSC: Only available on Windows systems [DEBUG ] Module PSGet: Only available on Windows systems [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. [DEBUG ] Could not LazyLoad pkg.check_db: 'pkg.check_db' is not available. [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. [INFO ] Executing command ['dpkg', '--get-selections', '*'] in directory '/home/sansforensics' [INFO ] Executing command ['systemd-run', '--scope', 'apt-get', '-q', '-y', '-o', 'DPkg::Options::=--force-confold', '-o', 'DPkg::Options::=--force-confdef', 'install', 'nikto'] in directory '/home/sansforensics' [INFO ] Executing command ['dpkg-query', '--showformat', '${Status} ${Package} ${Version} ${Architecture}\n', '-W'] in directory '/home/sansforensics' [INFO ] Made the following changes: 'libwhisker2-perl' changed from 'absent' to '2.5-1' 'nikto' changed from 'absent' to '1:2.1.5-1' [DEBUG ] Refreshing modules... [INFO ] Loading fresh modules for state activity [DEBUG ] LazyLoaded jinja.render [DEBUG ] LazyLoaded yaml.render [INFO ] Completed state [nikto] at time 13:25:02.324885 duration_in_ms=6949.796 [DEBUG ] LazyLoaded config.option [DEBUG ] LazyLoaded pkg.install [DEBUG ] LazyLoaded pkg.installed [INFO ] Running state [okular] at time 13:25:02.330557 [INFO ] Executing state pkg.installed for okular [DEBUG ] Module DSC: Only available on Windows systems [DEBUG ] Module PSGet: Only available on Windows systems [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. [DEBUG ] Could not LazyLoad pkg.check_db: 'pkg.check_db' is not available. [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. [INFO ] Executing command ['dpkg', '--get-selections', '*'] in directory '/home/sansforensics' [INFO ] Executing command ['systemd-run', '--scope', 'apt-get', '-q', '-y', '-o', 'DPkg::Options::=--force-confold', '-o', 'DPkg::Options::=--force-confdef', 'install', 'okular'] in directory '/home/sansforensics' [INFO ] Executing command ['dpkg-query', '--showformat', '${Status} ${Package} ${Version} ${Architecture}\n', '-W'] in directory '/home/sansforensics' [INFO ] Made the following changes: 'libkf5package-data' changed from 'absent' to '5.18.0-0ubuntu1' 'libkf5sonnetcore5' changed from 'absent' to '5.18.0-0ubuntu1' 'libqt4-designer' changed from 'absent' to '4:4.8.7+dfsg-5ubuntu2' 'libkactivities6' changed from 'absent' to '4:4.13.3-0ubuntu6' 'ntrack-module-libnl-0' changed from 'absent' to '016-1.3' 'libkf5textwidgets-data' changed from 'absent' to '5.18.0-0ubuntu1' 'libkf5config-bin' changed from 'absent' to '5.18.0-0ubuntu1' 'libnl-route-3-200' changed from 'absent' to '3.2.27-1ubuntu0.16.04.1' 'libkdeui5' changed from 'absent' to '4:4.14.16-0ubuntu3.2' 'libfam0c102' changed from 'absent' to '1' 'libkf5iconthemes-data' changed from 'absent' to '5.18.0-0ubuntu1' 'libktexteditor4' changed from 'absent' to '4:4.14.16-0ubuntu3.2' 'libkexiv2-data' changed from 'absent' to '4:15.08.2-0ubuntu1' 'libqtwebkit4' changed from 'absent' to '2.3.2-0ubuntu11' 'okular' changed from 'absent' to '4:15.12.3-0ubuntu1' 'qml-module-org-kde-kquickcontrols' changed from 'absent' to '5.18.0-0ubuntu1' 'kpackagelauncherqml' changed from 'absent' to '5.18.0-0ubuntu1' 'libkf5notifications5' changed from 'absent' to '5.18.0-0ubuntu1' 'libpolkit-qt-1-1' changed from 'absent' to '0.112.0-4' 'qml-module-org-kde-activities' changed from 'absent' to '5.18.0-0ubuntu1' 'libkatepartinterfaces4' changed from 'absent' to '4:4.14.3-0ubuntu4' 'kate-data' changed from 'absent' to '4:4.14.3-0ubuntu4' 'libxml2-utils' changed from 'absent' to '2.9.3+dfsg1-1ubuntu0.2' 'libkf5idletime5' changed from 'absent' to '5.18.0-0ubuntu1' 'libkf5i18n5' changed from 'absent' to '5.18.0-0ubuntu1' 'libphonon4' changed from 'absent' to '4:4.8.3-0ubuntu3' 'libqt5x11extras5' changed from 'absent' to '5.5.1-3build1' 'qml-module-org-kde-kquickcontrolsaddons' changed from 'absent' to '5.18.0-0ubuntu1' 'libvoikko1v5' changed from 'absent' to '1' 'libkdecore5' changed from 'absent' to '4:4.14.16-0ubuntu3.2' 'libkpty4' changed from 'absent' to '4:4.14.16-0ubuntu3.2' 'libkf5dbusaddons-data' changed from 'absent' to '5.18.0-0ubuntu1' 'icoutils' changed from 'absent' to '0.31.0-3' 'libkf5plasma5' changed from 'absent' to '5.18.0-0ubuntu1.1' 'libkf5xmlgui-data' changed from 'absent' to '5.18.0-0ubuntu1' 'libqca2' changed from 'absent' to '2.1.1-2ubuntu1' 'libkf5waylandclient5' changed from 'absent' to '4:5.5.5-0ubuntu1' 'libkdesu5' changed from 'absent' to '4:4.14.16-0ubuntu3.2' 'kwayland-integration' changed from 'absent' to '4:5.5.5-0ubuntu1' 'libqmobipocket1' changed from 'absent' to '4:15.12.3-0ubuntu1' 'libfam0' changed from 'absent' to '2.7.0-17.1' 'libkjsapi4' changed from 'absent' to '4:4.14.16-0ubuntu3.2' 'libkf5jobwidgets-data' changed from 'absent' to '5.18.0-0ubuntu1' 'libqt5script5' changed from 'absent' to '5.5.1+dfsg-2build1' 'libkf5globalaccel-bin' changed from 'absent' to '5.18.0-0ubuntu1' 'libkf5widgetsaddons5' changed from 'absent' to '5.18.0-0ubuntu1' 'kdoctools' changed from 'absent' to '4:4.14.16-0ubuntu3.2' 'libstreamanalyzer0v5' changed from 'absent' to '0.7.8-2ubuntu1' 'libpolkit-qt5-1-1' changed from 'absent' to '0.112.0-4' 'oxygen5-icon-theme' changed from 'absent' to '5.18.0-0ubuntu1' 'libkf5guiaddons5' changed from 'absent' to '5.18.0-0ubuntu1' 'libsolid4' changed from 'absent' to '4:4.14.16-0ubuntu3.2' 'libntrack0' changed from 'absent' to '016-1.3' 'libkdeclarative5' changed from 'absent' to '4:4.14.16-0ubuntu3.2' 'libqt4-opengl' changed from 'absent' to '4:4.8.7+dfsg-5ubuntu2' 'sonnet-plugins' changed from 'absent' to '5.18.0-0ubuntu1' 'kwayland-data' changed from 'absent' to '4:5.5.5-0ubuntu1' 'kdelibs5-plugins' changed from 'absent' to '4:4.14.16-0ubuntu3.2' 'libkf5iconthemes-bin' changed from 'absent' to '5.18.0-0ubuntu1' 'libkdnssd4' changed from 'absent' to '4:4.14.16-0ubuntu3.2' 'libkhtml5' changed from 'absent' to '4:4.14.16-0ubuntu3.2' 'libkf5style5' changed from 'absent' to '5.18.0-0ubuntu1' 'libqt4-qt3support' changed from 'absent' to '4:4.8.7+dfsg-5ubuntu2' 'libkf5notifications-data' changed from 'absent' to '5.18.0-0ubuntu1' 'libthreadweaver4' changed from 'absent' to '4:4.14.16-0ubuntu3.2' 'fonts-dejavu' changed from 'absent' to '2.35-1' 'libqimageblitz4' changed from 'absent' to '1:0.0.6-4build1' 'libkf5kiocore5' changed from 'absent' to '5.18.0-0ubuntu1.1' 'libxcb-composite0' changed from 'absent' to '1.11.1-1ubuntu1' 'libntrack-qt4-1' changed from 'absent' to '016-1.3' 'libkf5completion5' changed from 'absent' to '5.18.0-0ubuntu1' 'libkf5sonnet5-data' changed from 'absent' to '5.18.0-0ubuntu1' 'oxygen-icon-theme' changed from 'absent' to '5:5.18.0-0ubuntu1' 'libkf5globalaccelprivate5' changed from 'absent' to '5.18.0-0ubuntu1' 'libpoppler-qt4-4' changed from 'absent' to '0.41.0-0ubuntu1.2' 'kde-style-breeze-qt4' changed from 'absent' to '4:5.5.5-0ubuntu1' 'libkf5sonnetui5' changed from 'absent' to '5.18.0-0ubuntu1' 'libkf5config-data' changed from 'absent' to '5.18.0-0ubuntu1' 'libkf5globalaccel5' changed from 'absent' to '5.18.0-0ubuntu1' 'libkio5' changed from 'absent' to '4:4.14.16-0ubuntu3.2' 'plasma-framework' changed from 'absent' to '5.18.0-0ubuntu1.1' 'qml-module-qtquick-privatewidgets' changed from 'absent' to '5.5.1-1ubuntu1' 'libkntlm4' changed from 'absent' to '4:4.14.16-0ubuntu3.2' 'qtwayland5' changed from 'absent' to '5.5.1-2build1' 'libkprintutils4' changed from 'absent' to '4:4.14.16-0ubuntu3.2' 'libkf5archive5' changed from 'absent' to '5.18.0-0ubuntu1' 'libknewstuff3-4' changed from 'absent' to '4:4.14.16-0ubuntu3.2' 'libkf5auth5' changed from 'absent' to '5.18.0-0ubuntu2' 'katepart' changed from 'absent' to '4:4.14.3-0ubuntu4' 'libkf5widgetsaddons-data' changed from 'absent' to '5.18.0-0ubuntu1' 'qml-module-qtquick-dialogs' changed from 'absent' to '5.5.1-1ubuntu1' 'libkf5textwidgets5' changed from 'absent' to '5.18.0-0ubuntu1' 'phonon-backend-gstreamer-common' changed from 'absent' to '4:4.8.2-0ubuntu2' 'libkf5kiowidgets5' changed from 'absent' to '5.18.0-0ubuntu1.1' 'qtscript-abi-5-2-0' changed from 'absent' to '1' 'libqt5quickwidgets5' changed from 'absent' to '5.5.1-2ubuntu6' 'libkf5configwidgets5' changed from 'absent' to '5.18.0-0ubuntu1' 'libqt5waylandclient5' changed from 'absent' to '5.5.1-2build1' 'libkf5itemviews5' changed from 'absent' to '5.18.0-0ubuntu1' 'libssh-gcrypt-4' changed from 'absent' to '0.6.3-4.3' 'libkf5i18n-data' changed from 'absent' to '5.18.0-0ubuntu1' 'libkmediaplayer4' changed from 'absent' to '4:4.14.16-0ubuntu3.2' 'kde-style-breeze' changed from 'absent' to '4:5.5.5-0ubuntu1' 'libkf5service5' changed from 'absent' to '5.18.0-0ubuntu1' 'libplasma3' changed from 'absent' to '4:4.14.16-0ubuntu3.2' 'libkf5completion-data' changed from 'absent' to '5.18.0-0ubuntu1' 'qml-module-qtquick-controls' changed from 'absent' to '5.5.1-1ubuntu1' 'libkf5crash5' changed from 'absent' to '5.18.0-0ubuntu1' 'phonon-backend-gstreamer' changed from 'absent' to '4:4.8.2-0ubuntu2' 'libkf5dbusaddons-bin' changed from 'absent' to '5.18.0-0ubuntu1' 'libdlrestrictions1' changed from 'absent' to '0.15.20~ubuntu4' 'libkdewebkit5' changed from 'absent' to '4:4.14.16-0ubuntu3.2' 'ntrack-module-0' changed from 'absent' to '1' 'libkrosscore4' changed from 'absent' to '4:4.14.16-0ubuntu3.2' 'libkf5service-data' changed from 'absent' to '5.18.0-0ubuntu1' 'kde-runtime' changed from 'absent' to '4:15.12.3-0ubuntu1' 'libkf5xmlgui-bin' changed from 'absent' to '5.18.0-0ubuntu1' 'libkcmutils4' changed from 'absent' to '4:4.14.16-0ubuntu3.2' 'plasma-scriptengine-javascript' changed from 'absent' to '4:15.12.3-0ubuntu1' 'libkf5configgui5' changed from 'absent' to '5.18.0-0ubuntu1' 'kdelibs5-data' changed from 'absent' to '4:4.14.16-0ubuntu3.2' 'libkf5windowsystem5' changed from 'absent' to '5.18.0-0ubuntu1' 'libkde3support4' changed from 'absent' to '4:4.14.16-0ubuntu3.2' 'libkf5auth-data' changed from 'absent' to '5.18.0-0ubuntu2' 'libkxmlrpcclient4' changed from 'absent' to '4:4.14.10-1ubuntu2' 'libqt4-svg' changed from 'absent' to '4:4.8.7+dfsg-5ubuntu2' 'libkf5quickaddons5' changed from 'absent' to '5.18.0-0ubuntu1' 'libvoikko1' changed from 'absent' to '4.0.1-3ubuntu1' 'kpackagetool5' changed from 'absent' to '5.18.0-0ubuntu1' 'libxcb-damage0' changed from 'absent' to '1.11.1-1ubuntu1' 'libkf5codecs-data' changed from 'absent' to '5.18.0-0ubuntu1' 'libkf5globalaccel-data' changed from 'absent' to '5.18.0-0ubuntu1' 'libattica0.4' changed from 'absent' to '0.4.2-2' 'libkf5package5' changed from 'absent' to '5.18.0-0ubuntu1' 'libkexiv2-11v5' changed from 'absent' to '4:15.08.2-0ubuntu1' 'libkfile4' changed from 'absent' to '4:4.14.16-0ubuntu3.2' 'libkf5plasmaquick5' changed from 'absent' to '5.18.0-0ubuntu1.1' 'libkf5coreaddons-data' changed from 'absent' to '5.18.0-0ubuntu1' 'libkf5calendarevents5' changed from 'absent' to '5.18.0-0ubuntu1' 'libkf5jobwidgets5' changed from 'absent' to '5.18.0-0ubuntu1' 'libkf5xmlgui5' changed from 'absent' to '5.18.0-0ubuntu1' 'docbook-xsl' changed from 'absent' to '1.79.1+dfsg-1' 'libphonon4qt5-4' changed from 'absent' to '4:4.8.3-0ubuntu3' 'libkemoticons4' changed from 'absent' to '4:4.14.16-0ubuntu3.2' 'libkf5activities5' changed from 'absent' to '5.18.0-0ubuntu1' 'libkf5itemviews-data' changed from 'absent' to '5.18.0-0ubuntu1' 'libkf5attica5' changed from 'absent' to '5.18.0-0ubuntu1' 'kdelibs-bin' changed from 'absent' to '4:4.14.16-0ubuntu3.2' 'libkf5configcore5' changed from 'absent' to '5.18.0-0ubuntu1' 'libkf5declarative-data' changed from 'absent' to '5.18.0-0ubuntu1' 'libkf5configwidgets-data' changed from 'absent' to '5.18.0-0ubuntu1' 'libkf5codecs5' changed from 'absent' to '5.18.0-0ubuntu1' 'libkf5declarative5' changed from 'absent' to '5.18.0-0ubuntu1' 'kde-runtime-data' changed from 'absent' to '4:15.12.3-0ubuntu1' 'libkf5dbusaddons5' changed from 'absent' to '5.18.0-0ubuntu1' 'libqca2-plugins' changed from 'absent' to '2.1.1-2ubuntu1' 'libkf5service-bin' changed from 'absent' to '5.18.0-0ubuntu1' 'libkparts4' changed from 'absent' to '4:4.14.16-0ubuntu3.2' 'libknotifyconfig4' changed from 'absent' to '4:4.14.16-0ubuntu3.2' 'phonon-backend' changed from 'absent' to '1' 'kactivities' changed from 'absent' to '5.18.0-0ubuntu1' 'libkf5coreaddons5' changed from 'absent' to '5.18.0-0ubuntu1' 'libkf5windowsystem-data' changed from 'absent' to '5.18.0-0ubuntu1' 'libokularcore7' changed from 'absent' to '4:15.12.3-0ubuntu1' 'phonon' changed from 'absent' to '4:4.8.3-0ubuntu3' 'libstreams0v5' changed from 'absent' to '0.7.8-2ubuntu1' 'breeze-icon-theme' changed from 'absent' to '4:5.18.0-0ubuntu1' 'libkf5iconthemes5' changed from 'absent' to '5.18.0-0ubuntu1' 'libkjsembed4' changed from 'absent' to '4:4.14.16-0ubuntu3.2' [DEBUG ] Refreshing modules... [INFO ] Loading fresh modules for state activity [DEBUG ] LazyLoaded jinja.render [DEBUG ] LazyLoaded yaml.render [INFO ] Completed state [okular] at time 13:28:10.909284 duration_in_ms=188578.727 [DEBUG ] LazyLoaded config.option [DEBUG ] LazyLoaded pkg.install [DEBUG ] LazyLoaded pkg.installed [INFO ] Running state [open-iscsi] at time 13:28:10.915147 [INFO ] Executing state pkg.installed for open-iscsi [DEBUG ] Module DSC: Only available on Windows systems [DEBUG ] Module PSGet: Only available on Windows systems [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. [DEBUG ] Could not LazyLoad pkg.check_db: 'pkg.check_db' is not available. [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. [INFO ] Executing command ['dpkg', '--get-selections', '*'] in directory '/home/sansforensics' [INFO ] Executing command ['systemd-run', '--scope', 'apt-get', '-q', '-y', '-o', 'DPkg::Options::=--force-confold', '-o', 'DPkg::Options::=--force-confdef', 'install', 'open-iscsi'] in directory '/home/sansforensics' [INFO ] Executing command ['dpkg-query', '--showformat', '${Status} ${Package} ${Version} ${Architecture}\n', '-W'] in directory '/home/sansforensics' [INFO ] Made the following changes: 'open-iscsi' changed from 'absent' to '2.0.873+git0.3b4b4500-14ubuntu3.3' [DEBUG ] Refreshing modules... [INFO ] Loading fresh modules for state activity [DEBUG ] LazyLoaded jinja.render [DEBUG ] LazyLoaded yaml.render [INFO ] Completed state [open-iscsi] at time 13:29:01.123140 duration_in_ms=50207.993 [DEBUG ] LazyLoaded config.option [DEBUG ] LazyLoaded pkg.install [DEBUG ] LazyLoaded pkg.installed [INFO ] Running state [openjdk-7-jdk] at time 13:29:01.134528 [INFO ] Executing state pkg.installed for openjdk-7-jdk [DEBUG ] Module DSC: Only available on Windows systems [DEBUG ] Module PSGet: Only available on Windows systems [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. [INFO ] Package openjdk-7-jdk is already installed [INFO ] Completed state [openjdk-7-jdk] at time 13:29:01.466352 duration_in_ms=331.824 [INFO ] Running state [ophcrack] at time 13:29:01.466528 [INFO ] Executing state pkg.installed for ophcrack [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. [DEBUG ] Could not LazyLoad pkg.check_db: 'pkg.check_db' is not available. [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. [INFO ] Executing command ['dpkg', '--get-selections', '*'] in directory '/home/sansforensics' [INFO ] Executing command ['systemd-run', '--scope', 'apt-get', '-q', '-y', '-o', 'DPkg::Options::=--force-confold', '-o', 'DPkg::Options::=--force-confdef', 'install', 'ophcrack'] in directory '/home/sansforensics' [INFO ] Executing command ['dpkg-query', '--showformat', '${Status} ${Package} ${Version} ${Architecture}\n', '-W'] in directory '/home/sansforensics' [INFO ] Made the following changes: 'libqwt5-qt4' changed from 'absent' to '5.2.3-1' 'ophcrack' changed from 'absent' to '3.6.0-2' [DEBUG ] Refreshing modules... [INFO ] Loading fresh modules for state activity [DEBUG ] LazyLoaded jinja.render [DEBUG ] LazyLoaded yaml.render [INFO ] Completed state [ophcrack] at time 13:29:07.650591 duration_in_ms=6184.062 [DEBUG ] LazyLoaded config.option [DEBUG ] LazyLoaded pkg.install [DEBUG ] LazyLoaded pkg.installed [INFO ] Running state [ophcrack-cli] at time 13:29:07.657139 [INFO ] Executing state pkg.installed for ophcrack-cli [DEBUG ] Module DSC: Only available on Windows systems [DEBUG ] Module PSGet: Only available on Windows systems [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. [DEBUG ] Could not LazyLoad pkg.check_db: 'pkg.check_db' is not available. [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. [INFO ] Executing command ['dpkg', '--get-selections', '*'] in directory '/home/sansforensics' [INFO ] Executing command ['systemd-run', '--scope', 'apt-get', '-q', '-y', '-o', 'DPkg::Options::=--force-confold', '-o', 'DPkg::Options::=--force-confdef', 'install', 'ophcrack-cli'] in directory '/home/sansforensics' [INFO ] Executing command ['dpkg-query', '--showformat', '${Status} ${Package} ${Version} ${Architecture}\n', '-W'] in directory '/home/sansforensics' [INFO ] Made the following changes: 'ophcrack-cli' changed from 'absent' to '3.6.0-2' [DEBUG ] Refreshing modules... [INFO ] Loading fresh modules for state activity [DEBUG ] LazyLoaded jinja.render [DEBUG ] LazyLoaded yaml.render [INFO ] Completed state [ophcrack-cli] at time 13:29:13.116401 duration_in_ms=5459.262 [DEBUG ] LazyLoaded config.option [DEBUG ] LazyLoaded pkg.install [DEBUG ] LazyLoaded pkg.installed [INFO ] Running state [outguess] at time 13:29:13.122537 [INFO ] Executing state pkg.installed for outguess [DEBUG ] Module DSC: Only available on Windows systems [DEBUG ] Module PSGet: Only available on Windows systems [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. [DEBUG ] Could not LazyLoad pkg.check_db: 'pkg.check_db' is not available. [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. [INFO ] Executing command ['dpkg', '--get-selections', '*'] in directory '/home/sansforensics' [INFO ] Executing command ['systemd-run', '--scope', 'apt-get', '-q', '-y', '-o', 'DPkg::Options::=--force-confold', '-o', 'DPkg::Options::=--force-confdef', 'install', 'outguess'] in directory '/home/sansforensics' [INFO ] Executing command ['dpkg-query', '--showformat', '${Status} ${Package} ${Version} ${Architecture}\n', '-W'] in directory '/home/sansforensics' [INFO ] Made the following changes: 'outguess' changed from 'absent' to '1:0.2-7' [DEBUG ] Refreshing modules... [INFO ] Loading fresh modules for state activity [DEBUG ] LazyLoaded jinja.render [DEBUG ] LazyLoaded yaml.render [INFO ] Completed state [outguess] at time 13:29:18.164567 duration_in_ms=5042.03 [DEBUG ] LazyLoaded config.option [DEBUG ] LazyLoaded pkg.install [DEBUG ] LazyLoaded pkg.installed [INFO ] Running state [p0f] at time 13:29:18.170056 [INFO ] Executing state pkg.installed for p0f [DEBUG ] Module DSC: Only available on Windows systems [DEBUG ] Module PSGet: Only available on Windows systems [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. [DEBUG ] Could not LazyLoad pkg.check_db: 'pkg.check_db' is not available. [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. [INFO ] Executing command ['dpkg', '--get-selections', '*'] in directory '/home/sansforensics' [INFO ] Executing command ['systemd-run', '--scope', 'apt-get', '-q', '-y', '-o', 'DPkg::Options::=--force-confold', '-o', 'DPkg::Options::=--force-confdef', 'install', 'p0f'] in directory '/home/sansforensics' [INFO ] Executing command ['dpkg-query', '--showformat', '${Status} ${Package} ${Version} ${Architecture}\n', '-W'] in directory '/home/sansforensics' [INFO ] Made the following changes: 'p0f' changed from 'absent' to '2.0.8-2' [DEBUG ] Refreshing modules... [INFO ] Loading fresh modules for state activity [DEBUG ] LazyLoaded jinja.render [DEBUG ] LazyLoaded yaml.render [INFO ] Completed state [p0f] at time 13:29:22.515877 duration_in_ms=4345.82 [DEBUG ] LazyLoaded config.option [DEBUG ] LazyLoaded pkg.install [DEBUG ] LazyLoaded pkg.installed [INFO ] Running state [p7zip-full] at time 13:29:22.522641 [INFO ] Executing state pkg.installed for p7zip-full [DEBUG ] Module DSC: Only available on Windows systems [DEBUG ] Module PSGet: Only available on Windows systems [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. [DEBUG ] Could not LazyLoad pkg.check_db: 'pkg.check_db' is not available. [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. [INFO ] Executing command ['dpkg', '--get-selections', '*'] in directory '/home/sansforensics' [INFO ] Executing command ['systemd-run', '--scope', 'apt-get', '-q', '-y', '-o', 'DPkg::Options::=--force-confold', '-o', 'DPkg::Options::=--force-confdef', 'install', 'p7zip-full'] in directory '/home/sansforensics' [INFO ] Executing command ['dpkg-query', '--showformat', '${Status} ${Package} ${Version} ${Architecture}\n', '-W'] in directory '/home/sansforensics' [INFO ] Made the following changes: 'p7zip-full' changed from 'absent' to '9.20.1~dfsg.1-4.2' [DEBUG ] Refreshing modules... [INFO ] Loading fresh modules for state activity [DEBUG ] LazyLoaded jinja.render [DEBUG ] LazyLoaded yaml.render [INFO ] Completed state [p7zip-full] at time 13:29:27.685448 duration_in_ms=5162.807 [DEBUG ] LazyLoaded config.option [DEBUG ] LazyLoaded pkg.install [DEBUG ] LazyLoaded pkg.installed [INFO ] Running state [pdftk] at time 13:29:27.690987 [INFO ] Executing state pkg.installed for pdftk [DEBUG ] Module DSC: Only available on Windows systems [DEBUG ] Module PSGet: Only available on Windows systems [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. [DEBUG ] Could not LazyLoad pkg.check_db: 'pkg.check_db' is not available. [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. [INFO ] Executing command ['dpkg', '--get-selections', '*'] in directory '/home/sansforensics' [INFO ] Executing command ['systemd-run', '--scope', 'apt-get', '-q', '-y', '-o', 'DPkg::Options::=--force-confold', '-o', 'DPkg::Options::=--force-confdef', 'install', 'pdftk'] in directory '/home/sansforensics' [INFO ] Executing command ['dpkg-query', '--showformat', '${Status} ${Package} ${Version} ${Architecture}\n', '-W'] in directory '/home/sansforensics' [INFO ] Made the following changes: 'pdftk' changed from 'absent' to '2.02-4' 'libgcj-common' changed from 'absent' to '1:4.9.3-9ubuntu1' 'gcj-5-jre-lib' changed from 'absent' to '5.4.0-6ubuntu1~16.04.4' 'libgcj16' changed from 'absent' to '5.4.0-6ubuntu1~16.04.4' [DEBUG ] Refreshing modules... [INFO ] Loading fresh modules for state activity [DEBUG ] LazyLoaded jinja.render [DEBUG ] LazyLoaded yaml.render [INFO ] Completed state [pdftk] at time 13:29:40.219976 duration_in_ms=12528.989 [DEBUG ] LazyLoaded config.option [DEBUG ] LazyLoaded pkg.install [DEBUG ] LazyLoaded pkg.installed [INFO ] Running state [pev] at time 13:29:40.225941 [INFO ] Executing state pkg.installed for pev [DEBUG ] Module DSC: Only available on Windows systems [DEBUG ] Module PSGet: Only available on Windows systems [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. [DEBUG ] Could not LazyLoad pkg.check_db: 'pkg.check_db' is not available. [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. [INFO ] Executing command ['dpkg', '--get-selections', '*'] in directory '/home/sansforensics' [INFO ] Executing command ['systemd-run', '--scope', 'apt-get', '-q', '-y', '-o', 'DPkg::Options::=--force-confold', '-o', 'DPkg::Options::=--force-confdef', 'install', 'pev'] in directory '/home/sansforensics' [INFO ] Executing command ['dpkg-query', '--showformat', '${Status} ${Package} ${Version} ${Architecture}\n', '-W'] in directory '/home/sansforensics' [INFO ] Made the following changes: 'pev' changed from 'absent' to '0.40-1' [DEBUG ] Refreshing modules... [INFO ] Loading fresh modules for state activity [DEBUG ] LazyLoaded jinja.render [DEBUG ] LazyLoaded yaml.render [INFO ] Completed state [pev] at time 13:29:45.229446 duration_in_ms=5003.504 [DEBUG ] LazyLoaded config.option [DEBUG ] LazyLoaded pkg.install [DEBUG ] LazyLoaded pkg.installed [INFO ] Running state [phonon] at time 13:29:45.236036 [INFO ] Executing state pkg.installed for phonon [DEBUG ] Module DSC: Only available on Windows systems [DEBUG ] Module PSGet: Only available on Windows systems [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. [INFO ] Package phonon is already installed [INFO ] Completed state [phonon] at time 13:29:45.559587 duration_in_ms=323.551 [INFO ] Running state [pkg-config] at time 13:29:45.559778 [INFO ] Executing state pkg.installed for pkg-config [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. [INFO ] Package pkg-config is already installed [INFO ] Completed state [pkg-config] at time 13:29:45.566115 duration_in_ms=6.337 [DEBUG ] LazyLoaded file.managed [INFO ] Running state [/var/cache/sift/archives/powershell_6.0.0-alpha.13-1ubuntu1.16.04.1_amd64.deb] at time 13:29:45.567585 [INFO ] Executing state file.managed for /var/cache/sift/archives/powershell_6.0.0-alpha.13-1ubuntu1.16.04.1_amd64.deb [DEBUG ] LazyLoaded roots.envs [DEBUG ] Could not LazyLoad roots.init: 'roots.init' is not available. [DEBUG ] Requesting URL https://github.com/Powershell/Powershell/releases/download/v6.0.0-alpha.13/powershell_6.0.0-alpha.13-1ubuntu1.16.04.1_amd64.deb using GET method [DEBUG ] Creating directory: /var/cache/sift/archives [INFO ] File changed: New file [INFO ] Completed state [/var/cache/sift/archives/powershell_6.0.0-alpha.13-1ubuntu1.16.04.1_amd64.deb] at time 13:29:58.917753 duration_in_ms=13350.167 [INFO ] Running state [sift-powershell] at time 13:29:58.920925 [INFO ] Executing state pkg.installed for sift-powershell [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. [INFO ] Executing command ['dpkg', '-I', '/var/cache/sift/archives/powershell_6.0.0-alpha.13-1ubuntu1.16.04.1_amd64.deb'] in directory '/home/sansforensics' [INFO ] Executing command ['dpkg', '--get-selections', '*'] in directory '/home/sansforensics' [INFO ] Executing command ['systemd-run', '--scope', 'dpkg', '-i', '--force-confold', '/var/cache/sift/archives/powershell_6.0.0-alpha.13-1ubuntu1.16.04.1_amd64.deb'] in directory '/home/sansforensics' [INFO ] Executing command ['dpkg-query', '--showformat', '${Status} ${Package} ${Version} ${Architecture}\n', '-W'] in directory '/home/sansforensics' [INFO ] Made the following changes: 'powershell' changed from 'absent' to '6.0.0-alpha.13-1ubuntu1.16.04.1' [DEBUG ] Refreshing modules... [INFO ] Loading fresh modules for state activity [DEBUG ] LazyLoaded jinja.render [DEBUG ] LazyLoaded yaml.render [INFO ] Completed state [sift-powershell] at time 13:30:02.721121 duration_in_ms=3800.195 [DEBUG ] LazyLoaded config.option [DEBUG ] LazyLoaded pkg.install [DEBUG ] LazyLoaded pkg.installed [INFO ] Running state [pv] at time 13:30:02.726427 [INFO ] Executing state pkg.installed for pv [DEBUG ] Module DSC: Only available on Windows systems [DEBUG ] Module PSGet: Only available on Windows systems [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. [DEBUG ] Could not LazyLoad pkg.check_db: 'pkg.check_db' is not available. [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. [INFO ] Executing command ['dpkg', '--get-selections', '*'] in directory '/home/sansforensics' [INFO ] Executing command ['systemd-run', '--scope', 'apt-get', '-q', '-y', '-o', 'DPkg::Options::=--force-confold', '-o', 'DPkg::Options::=--force-confdef', 'install', 'pv'] in directory '/home/sansforensics' [INFO ] Executing command ['dpkg-query', '--showformat', '${Status} ${Package} ${Version} ${Architecture}\n', '-W'] in directory '/home/sansforensics' [INFO ] Made the following changes: 'pv' changed from 'absent' to '1.6.0-1' [DEBUG ] Refreshing modules... [INFO ] Loading fresh modules for state activity [DEBUG ] LazyLoaded jinja.render [DEBUG ] LazyLoaded yaml.render [INFO ] Completed state [pv] at time 13:30:08.528209 duration_in_ms=5801.781 [DEBUG ] LazyLoaded config.option [DEBUG ] LazyLoaded pkg.install [DEBUG ] LazyLoaded pkg.installed [INFO ] Running state [pyew] at time 13:30:08.534717 [INFO ] Executing state pkg.installed for pyew [DEBUG ] Module DSC: Only available on Windows systems [DEBUG ] Module PSGet: Only available on Windows systems [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. [DEBUG ] Could not LazyLoad pkg.check_db: 'pkg.check_db' is not available. [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. [INFO ] Executing command ['dpkg', '--get-selections', '*'] in directory '/home/sansforensics' [INFO ] Executing command ['systemd-run', '--scope', 'apt-get', '-q', '-y', '-o', 'DPkg::Options::=--force-confold', '-o', 'DPkg::Options::=--force-confdef', 'install', 'pyew'] in directory '/home/sansforensics' [INFO ] Executing command ['dpkg-query', '--showformat', '${Status} ${Package} ${Version} ${Architecture}\n', '-W'] in directory '/home/sansforensics' [INFO ] Made the following changes: 'pyew' changed from 'absent' to '2.0-3' 'libdistorm64-1' changed from 'absent' to '1.7.30-1' [DEBUG ] Refreshing modules... [INFO ] Loading fresh modules for state activity [DEBUG ] LazyLoaded jinja.render [DEBUG ] LazyLoaded yaml.render [INFO ] Completed state [pyew] at time 13:30:13.853408 duration_in_ms=5318.691 [DEBUG ] LazyLoaded config.option [DEBUG ] LazyLoaded pkg.install [DEBUG ] LazyLoaded pkg.installed [INFO ] Running state [python] at time 13:30:13.859020 [INFO ] Executing state pkg.installed for python [DEBUG ] Module DSC: Only available on Windows systems [DEBUG ] Module PSGet: Only available on Windows systems [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. [INFO ] Package python is already installed [INFO ] Completed state [python] at time 13:30:14.130785 duration_in_ms=271.765 [INFO ] Running state [python-dev] at time 13:30:14.130956 [INFO ] Executing state pkg.installed for python-dev [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. [DEBUG ] Could not LazyLoad pkg.check_db: 'pkg.check_db' is not available. [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. [INFO ] Executing command ['dpkg', '--get-selections', '*'] in directory '/home/sansforensics' [INFO ] Executing command ['systemd-run', '--scope', 'apt-get', '-q', '-y', '-o', 'DPkg::Options::=--force-confold', '-o', 'DPkg::Options::=--force-confdef', 'install', 'python-dev'] in directory '/home/sansforensics' [INFO ] Executing command ['dpkg-query', '--showformat', '${Status} ${Package} ${Version} ${Architecture}\n', '-W'] in directory '/home/sansforensics' [INFO ] Made the following changes: 'libpython-dev' changed from 'absent' to '2.7.11-1' 'python-dev:any' changed from 'absent' to '1' 'libpython2.7-dev' changed from 'absent' to '2.7.12-1ubuntu0~16.04.1' 'python2.7-dev' changed from 'absent' to '2.7.12-1ubuntu0~16.04.1' 'python-dev' changed from 'absent' to '2.7.11-1' 'libexpat-dev' changed from 'absent' to '1' 'python2.7-dev:any' changed from 'absent' to '1' 'libexpat1-dev' changed from 'absent' to '2.1.0-7ubuntu0.16.04.2' [DEBUG ] Refreshing modules... [INFO ] Loading fresh modules for state activity [DEBUG ] LazyLoaded jinja.render [DEBUG ] LazyLoaded yaml.render [INFO ] Completed state [python-dev] at time 13:31:08.703064 duration_in_ms=54572.107 [DEBUG ] LazyLoaded config.option [DEBUG ] LazyLoaded pkg.install [DEBUG ] LazyLoaded pkg.installed [INFO ] Running state [python-dfvfs] at time 13:31:08.712395 [INFO ] Executing state pkg.installed for python-dfvfs [DEBUG ] Module DSC: Only available on Windows systems [DEBUG ] Module PSGet: Only available on Windows systems [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. [DEBUG ] Could not LazyLoad pkg.check_db: 'pkg.check_db' is not available. [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. [INFO ] Executing command ['dpkg', '--get-selections', '*'] in directory '/home/sansforensics' [INFO ] Executing command ['systemd-run', '--scope', 'apt-get', '-q', '-y', '-o', 'DPkg::Options::=--force-confold', '-o', 'DPkg::Options::=--force-confdef', 'install', 'python-dfvfs=20160108-1ppa1~xenial'] in directory '/home/sansforensics' [INFO ] Executing command ['dpkg-query', '--showformat', '${Status} ${Package} ${Version} ${Architecture}\n', '-W'] in directory '/home/sansforensics' [INFO ] Executing command ['dpkg', '--get-selections', 'python-dfvfs'] in directory '/home/sansforensics' [INFO ] Executing command ['dpkg', '--get-selections', '*'] in directory '/home/sansforensics' [INFO ] Executing command 'dpkg --set-selections' in directory '/home/sansforensics' [DEBUG ] Could not LazyLoad pkg.version_clean: 'pkg.version_clean' is not available. [INFO ] Made the following changes: 'libsmraw' changed from 'absent' to '20160424-1ppa1~xenial' 'libfsntfs' changed from 'absent' to '20160418-1ppa1~xenial' 'libvhdi' changed from 'absent' to '20160424-1ppa1~xenial' 'python-protobuf' changed from 'absent' to '2.6.1-1.3' 'libsmdev-python' changed from 'absent' to '20160320-1ppa1~xenial' 'libsmraw-python' changed from 'absent' to '20160424-1ppa1~xenial' 'libsigscan-python' changed from 'absent' to '20160312-1ppa1~xenial' 'libewf' changed from 'absent' to '20140608-2ppa1~xenial' 'libsmdev' changed from 'absent' to '20160320-1ppa1~xenial' 'python-dfvfs' changed from 'install' to '20160108-1ppa1~xenial hold' 'libqcow' changed from 'absent' to '20160123-1ppa1~xenial' 'libfsntfs-python' changed from 'absent' to '20160418-1ppa1~xenial' 'libvhdi-python' changed from 'absent' to '20160424-1ppa1~xenial' 'python-pytsk3' changed from 'absent' to '20160721-1ppa1~xenial' 'libsigscan' changed from 'absent' to '20160312-1ppa1~xenial' 'libqcow-python' changed from 'absent' to '20160123-1ppa1~xenial' 'libewf-python' changed from 'absent' to '20140608-2ppa1~xenial' [DEBUG ] Refreshing modules... [INFO ] Loading fresh modules for state activity [DEBUG ] LazyLoaded jinja.render [DEBUG ] LazyLoaded yaml.render [INFO ] Completed state [python-dfvfs] at time 13:31:22.961681 duration_in_ms=14249.286 [DEBUG ] LazyLoaded config.option [DEBUG ] LazyLoaded pkg.install [DEBUG ] LazyLoaded pkg.installed [INFO ] Running state [python-flowgrep] at time 13:31:22.968317 [INFO ] Executing state pkg.installed for python-flowgrep [DEBUG ] Module DSC: Only available on Windows systems [DEBUG ] Module PSGet: Only available on Windows systems [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. [DEBUG ] Could not LazyLoad pkg.check_db: 'pkg.check_db' is not available. [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. [INFO ] Executing command ['dpkg', '--get-selections', '*'] in directory '/home/sansforensics' [INFO ] Executing command ['systemd-run', '--scope', 'apt-get', '-q', '-y', '-o', 'DPkg::Options::=--force-confold', '-o', 'DPkg::Options::=--force-confdef', 'install', 'python-flowgrep'] in directory '/home/sansforensics' [INFO ] Executing command ['dpkg-query', '--showformat', '${Status} ${Package} ${Version} ${Architecture}\n', '-W'] in directory '/home/sansforensics' [INFO ] Made the following changes: 'python-flowgrep' changed from 'absent' to '0.9-trusty1' [DEBUG ] Refreshing modules... [INFO ] Loading fresh modules for state activity [DEBUG ] LazyLoaded jinja.render [DEBUG ] LazyLoaded yaml.render [INFO ] Completed state [python-flowgrep] at time 13:31:27.570525 duration_in_ms=4602.209 [DEBUG ] LazyLoaded config.option [DEBUG ] LazyLoaded pkg.install [DEBUG ] LazyLoaded pkg.installed [INFO ] Running state [python-fuse] at time 13:31:27.577277 [INFO ] Executing state pkg.installed for python-fuse [DEBUG ] Module DSC: Only available on Windows systems [DEBUG ] Module PSGet: Only available on Windows systems [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. [DEBUG ] Could not LazyLoad pkg.check_db: 'pkg.check_db' is not available. [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. [INFO ] Executing command ['dpkg', '--get-selections', '*'] in directory '/home/sansforensics' [INFO ] Executing command ['systemd-run', '--scope', 'apt-get', '-q', '-y', '-o', 'DPkg::Options::=--force-confold', '-o', 'DPkg::Options::=--force-confdef', 'install', 'python-fuse'] in directory '/home/sansforensics' [INFO ] Executing command ['dpkg-query', '--showformat', '${Status} ${Package} ${Version} ${Architecture}\n', '-W'] in directory '/home/sansforensics' [INFO ] Made the following changes: 'python-fuse' changed from 'absent' to '2:0.2.1-11' [DEBUG ] Refreshing modules... [INFO ] Loading fresh modules for state activity [DEBUG ] LazyLoaded jinja.render [DEBUG ] LazyLoaded yaml.render [INFO ] Completed state [python-fuse] at time 13:31:31.891315 duration_in_ms=4314.038 [DEBUG ] LazyLoaded config.option [DEBUG ] LazyLoaded pkg.install [DEBUG ] LazyLoaded pkg.installed [INFO ] Running state [python-nids] at time 13:31:31.898747 [INFO ] Executing state pkg.installed for python-nids [DEBUG ] Module DSC: Only available on Windows systems [DEBUG ] Module PSGet: Only available on Windows systems [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. [DEBUG ] Could not LazyLoad pkg.check_db: 'pkg.check_db' is not available. [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. [INFO ] Executing command ['dpkg', '--get-selections', '*'] in directory '/home/sansforensics' [INFO ] Executing command ['systemd-run', '--scope', 'apt-get', '-q', '-y', '-o', 'DPkg::Options::=--force-confold', '-o', 'DPkg::Options::=--force-confdef', 'install', 'python-nids'] in directory '/home/sansforensics' [INFO ] Executing command ['dpkg-query', '--showformat', '${Status} ${Package} ${Version} ${Architecture}\n', '-W'] in directory '/home/sansforensics' [INFO ] Made the following changes: 'python-nids' changed from 'absent' to '0.6.1-1.1' [DEBUG ] Refreshing modules... [INFO ] Loading fresh modules for state activity [DEBUG ] LazyLoaded jinja.render [DEBUG ] LazyLoaded yaml.render [INFO ] Completed state [python-nids] at time 13:31:36.225196 duration_in_ms=4326.449 [DEBUG ] LazyLoaded config.option [DEBUG ] LazyLoaded pkg.install [DEBUG ] LazyLoaded pkg.installed [INFO ] Running state [python-ntdsxtract] at time 13:31:36.231228 [INFO ] Executing state pkg.installed for python-ntdsxtract [DEBUG ] Module DSC: Only available on Windows systems [DEBUG ] Module PSGet: Only available on Windows systems [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. [DEBUG ] Could not LazyLoad pkg.check_db: 'pkg.check_db' is not available. [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. [INFO ] Executing command ['dpkg', '--get-selections', '*'] in directory '/home/sansforensics' [INFO ] Executing command ['systemd-run', '--scope', 'apt-get', '-q', '-y', '-o', 'DPkg::Options::=--force-confold', '-o', 'DPkg::Options::=--force-confdef', 'install', 'python-ntdsxtract'] in directory '/home/sansforensics' [INFO ] Executing command ['dpkg-query', '--showformat', '${Status} ${Package} ${Version} ${Architecture}\n', '-W'] in directory '/home/sansforensics' [INFO ] Made the following changes: 'libesedb' changed from 'absent' to '20160622-1ppa1~xenial' 'python-ntdsxtract' changed from 'absent' to '1.2-beta-trusty1' [DEBUG ] Refreshing modules... [INFO ] Loading fresh modules for state activity [DEBUG ] LazyLoaded jinja.render [DEBUG ] LazyLoaded yaml.render [INFO ] Completed state [python-ntdsxtract] at time 13:31:41.828491 duration_in_ms=5597.263 [DEBUG ] LazyLoaded config.option [DEBUG ] LazyLoaded pkg.install [DEBUG ] LazyLoaded pkg.installed [INFO ] Running state [python-pefile] at time 13:31:41.835143 [INFO ] Executing state pkg.installed for python-pefile [DEBUG ] Module DSC: Only available on Windows systems [DEBUG ] Module PSGet: Only available on Windows systems [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. [DEBUG ] Could not LazyLoad pkg.check_db: 'pkg.check_db' is not available. [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. [INFO ] Executing command ['dpkg', '--get-selections', '*'] in directory '/home/sansforensics' [INFO ] Executing command ['systemd-run', '--scope', 'apt-get', '-q', '-y', '-o', 'DPkg::Options::=--force-confold', '-o', 'DPkg::Options::=--force-confdef', 'install', 'python-pefile'] in directory '/home/sansforensics' [INFO ] Executing command ['dpkg-query', '--showformat', '${Status} ${Package} ${Version} ${Architecture}\n', '-W'] in directory '/home/sansforensics' [INFO ] Made the following changes: 'python-pefile' changed from 'absent' to '1.2.10.139-2' [DEBUG ] Refreshing modules... [INFO ] Loading fresh modules for state activity [DEBUG ] LazyLoaded jinja.render [DEBUG ] LazyLoaded yaml.render [INFO ] Completed state [python-pefile] at time 13:31:46.984802 duration_in_ms=5149.659 [DEBUG ] LazyLoaded config.option [DEBUG ] LazyLoaded pkg.install [DEBUG ] LazyLoaded pkg.installed [INFO ] Running state [python-pip] at time 13:31:46.990617 [INFO ] Executing state pkg.installed for python-pip [DEBUG ] Module DSC: Only available on Windows systems [DEBUG ] Module PSGet: Only available on Windows systems [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. [DEBUG ] Could not LazyLoad pkg.check_db: 'pkg.check_db' is not available. [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. [INFO ] Executing command ['dpkg', '--get-selections', '*'] in directory '/home/sansforensics' [INFO ] Executing command ['systemd-run', '--scope', 'apt-get', '-q', '-y', '-o', 'DPkg::Options::=--force-confold', '-o', 'DPkg::Options::=--force-confdef', 'install', 'python-pip'] in directory '/home/sansforensics' [INFO ] Executing command ['dpkg-query', '--showformat', '${Status} ${Package} ${Version} ${Architecture}\n', '-W'] in directory '/home/sansforensics' [INFO ] Made the following changes: 'python-all-dev' changed from 'absent' to '2.7.11-1' 'python-setuptools' changed from 'absent' to '20.7.0-1' 'libpython-all-dev' changed from 'absent' to '2.7.11-1' 'python-pip' changed from 'absent' to '8.1.1-2ubuntu0.4' 'python-pip-whl' changed from 'absent' to '8.1.1-2ubuntu0.4' 'python-distribute' changed from 'absent' to '1' 'python-all' changed from 'absent' to '2.7.11-1' 'python-wheel' changed from 'absent' to '0.29.0-1' 'python-all:any' changed from 'absent' to '1' 'python-all-dev:any' changed from 'absent' to '1' [DEBUG ] Refreshing modules... [INFO ] Loading fresh modules for state activity [DEBUG ] LazyLoaded jinja.render [DEBUG ] LazyLoaded yaml.render [INFO ] Completed state [python-pip] at time 13:31:55.648431 duration_in_ms=8657.815 [DEBUG ] LazyLoaded config.option [DEBUG ] LazyLoaded pkg.install [DEBUG ] LazyLoaded pkg.installed [INFO ] Running state [python-plaso] at time 13:31:55.660094 [INFO ] Executing state pkg.installed for python-plaso [DEBUG ] Module DSC: Only available on Windows systems [DEBUG ] Module PSGet: Only available on Windows systems [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. [DEBUG ] Could not LazyLoad pkg.check_db: 'pkg.check_db' is not available. [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. [INFO ] Executing command ['dpkg', '--get-selections', '*'] in directory '/home/sansforensics' [INFO ] Executing command ['systemd-run', '--scope', 'apt-get', '-q', '-y', '-o', 'DPkg::Options::=--force-confold', '-o', 'DPkg::Options::=--force-confdef', 'install', 'python-plaso=1.4.0-1ppa3~xenial'] in directory '/home/sansforensics' [INFO ] Executing command ['dpkg-query', '--showformat', '${Status} ${Package} ${Version} ${Architecture}\n', '-W'] in directory '/home/sansforensics' [INFO ] Executing command ['dpkg', '--get-selections', 'python-plaso'] in directory '/home/sansforensics' [INFO ] Executing command ['dpkg', '--get-selections', '*'] in directory '/home/sansforensics' [INFO ] Executing command 'dpkg --set-selections' in directory '/home/sansforensics' [DEBUG ] Could not LazyLoad pkg.version_clean: 'pkg.version_clean' is not available. [INFO ] Made the following changes: 'python-plaso' changed from 'install' to '1.4.0-1ppa3~xenial hold' 'python-ptyprocess' changed from 'absent' to '0.5-1' 'libevt' changed from 'absent' to '20160421-1ppa1~xenial' 'libfvde' changed from 'absent' to '20160801-1ppa1~xenial' 'libmsiecf' changed from 'absent' to '20160904-1ppa1~xenial' 'python-tz' changed from 'absent' to '2016.6.1-1ppa1~xenial' 'liblnk' changed from 'absent' to '20160420-1ppa1~xenial' 'python2.7-pyparsing' changed from 'absent' to '1' 'python-dfdatetime' changed from 'absent' to '20161101-1ppa1~xenial' 'libesedb-python' changed from 'absent' to '20160622-1ppa1~xenial' 'python-funcsigs' changed from 'absent' to '0.4-2' 'libfvde-python' changed from 'absent' to '20160801-1ppa1~xenial' 'python-pyparsing' changed from 'absent' to '2.1.5-1ppa1~xenial' 'python-pbr' changed from 'absent' to '1.8.0-4ubuntu1' 'python-pexpect' changed from 'absent' to '4.0.1-1' 'python-xlsxwriter' changed from 'absent' to '0.9.3-1ppa1~xenial' 'python2.7-construct' changed from 'absent' to '1' 'libmsiecf-python' changed from 'absent' to '20160904-1ppa1~xenial' 'python-decorator' changed from 'absent' to '4.0.6-1' 'python-dumbnet' changed from 'absent' to '1.12-7' 'python-hachoir-core' changed from 'absent' to '1.3.3-4' 'libscca' changed from 'absent' to '20160108-1ppa1~xenial' 'python-dfwinreg' changed from 'absent' to '20160428-1ppa1~xenial' 'python-hachoir-metadata' changed from 'absent' to '1.3.3-2ppa1~xenial' 'python-yara' changed from 'absent' to '3.5.0-1ppa1~xenial' 'liblnk-python' changed from 'absent' to '20160420-1ppa1~xenial' 'libevtx-python' changed from 'absent' to '20160421-1ppa1~xenial' 'python-mock' changed from 'absent' to '1.3.0-2.1ubuntu1' 'libfwsi' changed from 'absent' to '20160110-1ppa1~xenial' 'libscca-python' changed from 'absent' to '20160108-1ppa1~xenial' 'python-construct' changed from 'absent' to '2.5.3-2ppa1~xenial' 'libvmdk-python' changed from 'absent' to '20160119-1ppa1~xenial' 'python-simplegeneric' changed from 'absent' to '0.8.1-1' 'ipython' changed from 'absent' to '2.4.1-1' 'libolecf-python' changed from 'absent' to '20161113-1ppa1~xenial' 'libevtx' changed from 'absent' to '20160421-1ppa1~xenial' 'python-binplist' changed from 'absent' to '0.1.5-2ppa1~xenial' 'python-bencode' changed from 'absent' to '1.0-2ppa1~xenial' 'python-hachoir-parser' changed from 'absent' to '1.3.4-2ppa1~xenial' 'python-psutil' changed from 'absent' to '4.3.1-1ppa1~xenial' 'python-efilter' changed from 'absent' to '1.5-1ppa1~xenial' 'libbde' changed from 'absent' to '20160731-1ppa1~xenial' 'libbde-python' changed from 'absent' to '20160731-1ppa1~xenial' 'python2.7-dumbnet' changed from 'absent' to '1' 'python-artifacts' changed from 'absent' to '20161022-1ppa1~xenial' 'libfwsi-python' changed from 'absent' to '20160110-1ppa1~xenial' 'libevt-python' changed from 'absent' to '20160421-1ppa1~xenial' 'python-dpkt' changed from 'absent' to '1.8.r98-0.1' 'python2.7-yara' changed from 'absent' to '1' [DEBUG ] Refreshing modules... [INFO ] Loading fresh modules for state activity [DEBUG ] LazyLoaded jinja.render [DEBUG ] LazyLoaded yaml.render [INFO ] Completed state [python-plaso] at time 13:32:21.864791 duration_in_ms=26204.697 [DEBUG ] LazyLoaded config.option [DEBUG ] LazyLoaded pkg.install [DEBUG ] LazyLoaded pkg.removed [INFO ] Running state [pytsk3] at time 13:32:21.869985 [INFO ] Executing state pkg.removed for pytsk3 [DEBUG ] Module DSC: Only available on Windows systems [DEBUG ] Module PSGet: Only available on Windows systems [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. [INFO ] All specified packages are already absent [INFO ] Completed state [pytsk3] at time 13:32:22.193556 duration_in_ms=323.571 [INFO ] Running state [python-pytsk3] at time 13:32:22.193716 [INFO ] Executing state pkg.installed for python-pytsk3 [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. [INFO ] Package python-pytsk3 is already installed [INFO ] Completed state [python-pytsk3] at time 13:32:22.198626 duration_in_ms=4.909 [INFO ] Running state [python-qt4] at time 13:32:22.198925 [INFO ] Executing state pkg.installed for python-qt4 [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. [DEBUG ] Could not LazyLoad pkg.check_db: 'pkg.check_db' is not available. [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. [INFO ] Executing command ['dpkg', '--get-selections', '*'] in directory '/home/sansforensics' [INFO ] Executing command ['systemd-run', '--scope', 'apt-get', '-q', '-y', '-o', 'DPkg::Options::=--force-confold', '-o', 'DPkg::Options::=--force-confdef', 'install', 'python-qt4'] in directory '/home/sansforensics' [INFO ] Executing command ['dpkg-query', '--showformat', '${Status} ${Package} ${Version} ${Architecture}\n', '-W'] in directory '/home/sansforensics' [INFO ] Made the following changes: 'sip-api-11.0' changed from 'absent' to '1' 'libqt4-help' changed from 'absent' to '4:4.8.7+dfsg-5ubuntu2' 'sip-api-11.2' changed from 'absent' to '1' 'python-sip' changed from 'absent' to '4.17+dfsg-1build1' 'libqt4-test' changed from 'absent' to '4:4.8.7+dfsg-5ubuntu2' 'libqtassistantclient4' changed from 'absent' to '4.6.3-7' 'libqt4-scripttools' changed from 'absent' to '4:4.8.7+dfsg-5ubuntu2' 'python-qt4' changed from 'absent' to '4.11.4+dfsg-1build4' 'sip-api-11.1' changed from 'absent' to '1' [DEBUG ] Refreshing modules... [INFO ] Loading fresh modules for state activity [DEBUG ] LazyLoaded jinja.render [DEBUG ] LazyLoaded yaml.render [INFO ] Completed state [python-qt4] at time 13:32:32.371338 duration_in_ms=10172.412 [DEBUG ] LazyLoaded config.option [DEBUG ] LazyLoaded pkg.install [DEBUG ] LazyLoaded pkg.installed [INFO ] Running state [python-tk] at time 13:32:32.382470 [INFO ] Executing state pkg.installed for python-tk [DEBUG ] Module DSC: Only available on Windows systems [DEBUG ] Module PSGet: Only available on Windows systems [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. [DEBUG ] Could not LazyLoad pkg.check_db: 'pkg.check_db' is not available. [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. [INFO ] Executing command ['dpkg', '--get-selections', '*'] in directory '/home/sansforensics' [INFO ] Executing command ['systemd-run', '--scope', 'apt-get', '-q', '-y', '-o', 'DPkg::Options::=--force-confold', '-o', 'DPkg::Options::=--force-confdef', 'install', 'python-tk'] in directory '/home/sansforensics' [INFO ] Executing command ['dpkg-query', '--showformat', '${Status} ${Package} ${Version} ${Architecture}\n', '-W'] in directory '/home/sansforensics' [INFO ] Made the following changes: 'python-tk' changed from 'absent' to '2.7.11-2' 'python2.7-tk' changed from 'absent' to '1' [DEBUG ] Refreshing modules... [INFO ] Loading fresh modules for state activity [DEBUG ] LazyLoaded jinja.render [DEBUG ] LazyLoaded yaml.render [INFO ] Completed state [python-tk] at time 13:32:37.239164 duration_in_ms=4856.694 [DEBUG ] LazyLoaded config.option [DEBUG ] LazyLoaded pkg.install [DEBUG ] LazyLoaded pkg.installed [INFO ] Running state [python-virtualenv] at time 13:32:37.244755 [INFO ] Executing state pkg.installed for python-virtualenv [DEBUG ] Module DSC: Only available on Windows systems [DEBUG ] Module PSGet: Only available on Windows systems [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. [DEBUG ] Could not LazyLoad pkg.check_db: 'pkg.check_db' is not available. [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. [INFO ] Executing command ['dpkg', '--get-selections', '*'] in directory '/home/sansforensics' [INFO ] Executing command ['systemd-run', '--scope', 'apt-get', '-q', '-y', '-o', 'DPkg::Options::=--force-confold', '-o', 'DPkg::Options::=--force-confdef', 'install', 'python-virtualenv'] in directory '/home/sansforensics' [INFO ] Executing command ['dpkg-query', '--showformat', '${Status} ${Package} ${Version} ${Architecture}\n', '-W'] in directory '/home/sansforensics' [INFO ] Made the following changes: 'python-virtualenv' changed from 'absent' to '15.0.1+ds-3ubuntu1' 'virtualenv' changed from 'absent' to '15.0.1+ds-3ubuntu1' 'python3-virtualenv' changed from 'absent' to '15.0.1+ds-3ubuntu1' [DEBUG ] Refreshing modules... [INFO ] Loading fresh modules for state activity [DEBUG ] LazyLoaded jinja.render [DEBUG ] LazyLoaded yaml.render [INFO ] Completed state [python-virtualenv] at time 13:32:42.963762 duration_in_ms=5719.006 [DEBUG ] LazyLoaded config.option [DEBUG ] Module DSC: Only available on Windows systems [DEBUG ] Module PSGet: Only available on Windows systems [DEBUG ] Could not LazyLoad boto_datapipeline.create_pipeline: 'boto_datapipeline' __virtual__ returned False: The boto_datapipeline module could not be loaded: boto libraries not found [DEBUG ] lzma module is not available [DEBUG ] Registered VCS backend: git [DEBUG ] Registered VCS backend: hg [DEBUG ] Registered VCS backend: svn [DEBUG ] Registered VCS backend: bzr [DEBUG ] LazyLoaded pip.installed [INFO ] Running state [colorama] at time 13:32:43.563439 [INFO ] Executing state pip.installed for colorama [DEBUG ] Installed pip version: 8.1.1 [INFO ] Executing command '/usr/bin/pip --version' in directory '/home/sansforensics' [DEBUG ] output: pip 8.1.1 from /usr/lib/python2.7/dist-packages (python 2.7) [INFO ] Executing command ['/usr/bin/pip', 'freeze', '--all'] in directory '/home/sansforensics' [DEBUG ] stdout: adium-theme-ubuntu==0.3.4 apsw==3.8.11.1.post1 artifacts==20161022 bencode==1.0 binplist==0.1.5 chardet==2.3.0 construct==2.5.3 cryptography==1.2.3 decorator==4.0.6 dfdatetime==20161101 dfvfs==20160108 dfwinreg==20160428 dpkt==1.8 DSV==1.4.1 dumbnet==1.12 ecdsa==0.13 efilter==1!1.5 enum34==1.1.2 flowgrep==0.9 funcsigs==0.4 fuse-python==0.2.1 futures==3.0.5 hachoir-core==1.3.3 hachoir-metadata==1.3.3 hachoir-parser==1.3.4 idna==2.0 ipaddress==1.0.16 ipython==2.4.1 Jinja2==2.8 Mako==1.0.3 MarkupSafe==0.23 mock==1.3.0 msgpack-python==0.4.6 ndg-httpsclient==0.4.0 ntdsxtract==1.2b0 paramiko==1.16.0 pbr==1.8.0 pefile==1.2.10.post139 pexpect==4.0.1 pip==8.1.1 plaso==1.4.0 protobuf==2.6.1 psutil==4.3.1 ptyprocess==0.5 pyasn1==0.1.9 pycrypto==2.6.1 pycurl==7.43.0 PyMySQL==0.7.2 pynids==0.6.1 pyOpenSSL==0.15.1 pyparsing==2.1.5 pyserial==3.0.1 python-apt==1.1.0b1 python-dateutil==2.4.2 python-systemd==231 pytsk3==20160721 pytz==2016.6.1 PyYAML==3.11 pyzmq==15.2.0 requests==2.9.1 salt==2016.11.6 setuptools==20.7.0 simplegeneric==0.8.1 six==1.10.0 tornado==4.2.1 unity-lens-photos==1.0 urllib3==1.13.1 virtualenv==15.0.1 wheel==0.29.0 wxPython==3.0.2.0 wxPython-common==3.0.2.0 XlsxWriter==0.9.3 yara-python==3.5.0 [DEBUG ] stderr: The directory '/home/sansforensics/.cache/pip/http' or its parent directory is not owned by the current user and the cache has been disabled. Please check the permissions and owner of that directory. If executing pip with sudo, you may want sudo's -H flag. You are using pip version 8.1.1, however version 9.0.1 is available. You should consider upgrading via the 'pip install --upgrade pip' command. [DEBUG ] CLEANUP_REQUIREMENTS: [] [DEBUG ] TRY BLOCK: end of pip.install -- cmd: ['/usr/bin/pip', 'install', 'colorama'], cmd_kwargs: {'runas': None, 'use_vt': False, 'saltenv': 'base'} [INFO ] Executing command ['/usr/bin/pip', 'install', 'colorama'] in directory '/home/sansforensics' [DEBUG ] stdout: Collecting colorama Downloading colorama-0.3.9-py2.py3-none-any.whl Installing collected packages: colorama Successfully installed colorama-0.3.9 [DEBUG ] stderr: The directory '/home/sansforensics/.cache/pip/http' or its parent directory is not owned by the current user and the cache has been disabled. Please check the permissions and owner of that directory. If executing pip with sudo, you may want sudo's -H flag. The directory '/home/sansforensics/.cache/pip' or its parent directory is not owned by the current user and caching wheels has been disabled. check the permissions and owner of that directory. If executing pip with sudo, you may want sudo's -H flag. You are using pip version 8.1.1, however version 9.0.1 is available. You should consider upgrading via the 'pip install --upgrade pip' command. [INFO ] Executing command '/usr/bin/pip --version' in directory '/home/sansforensics' [DEBUG ] output: pip 8.1.1 from /usr/lib/python2.7/dist-packages (python 2.7) [INFO ] Executing command ['/usr/bin/pip', 'freeze', '--all'] in directory '/home/sansforensics' [DEBUG ] stdout: adium-theme-ubuntu==0.3.4 apsw==3.8.11.1.post1 artifacts==20161022 bencode==1.0 binplist==0.1.5 chardet==2.3.0 colorama==0.3.9 construct==2.5.3 cryptography==1.2.3 decorator==4.0.6 dfdatetime==20161101 dfvfs==20160108 dfwinreg==20160428 dpkt==1.8 DSV==1.4.1 dumbnet==1.12 ecdsa==0.13 efilter==1!1.5 enum34==1.1.2 flowgrep==0.9 funcsigs==0.4 fuse-python==0.2.1 futures==3.0.5 hachoir-core==1.3.3 hachoir-metadata==1.3.3 hachoir-parser==1.3.4 idna==2.0 ipaddress==1.0.16 ipython==2.4.1 Jinja2==2.8 Mako==1.0.3 MarkupSafe==0.23 mock==1.3.0 msgpack-python==0.4.6 ndg-httpsclient==0.4.0 ntdsxtract==1.2b0 paramiko==1.16.0 pbr==1.8.0 pefile==1.2.10.post139 pexpect==4.0.1 pip==8.1.1 plaso==1.4.0 protobuf==2.6.1 psutil==4.3.1 ptyprocess==0.5 pyasn1==0.1.9 pycrypto==2.6.1 pycurl==7.43.0 PyMySQL==0.7.2 pynids==0.6.1 pyOpenSSL==0.15.1 pyparsing==2.1.5 pyserial==3.0.1 python-apt==1.1.0b1 python-dateutil==2.4.2 python-systemd==231 pytsk3==20160721 pytz==2016.6.1 PyYAML==3.11 pyzmq==15.2.0 requests==2.9.1 salt==2016.11.6 setuptools==20.7.0 simplegeneric==0.8.1 six==1.10.0 tornado==4.2.1 unity-lens-photos==1.0 urllib3==1.13.1 virtualenv==15.0.1 wheel==0.29.0 wxPython==3.0.2.0 wxPython-common==3.0.2.0 XlsxWriter==0.9.3 yara-python==3.5.0 [DEBUG ] stderr: The directory '/home/sansforensics/.cache/pip/http' or its parent directory is not owned by the current user and the cache has been disabled. Please check the permissions and owner of that directory. If executing pip with sudo, you may want sudo's -H flag. You are using pip version 8.1.1, however version 9.0.1 is available. You should consider upgrading via the 'pip install --upgrade pip' command. [INFO ] {'colorama==0.3.9': 'Installed'} [INFO ] Completed state [colorama] at time 13:32:48.072225 duration_in_ms=4508.782 [INFO ] Running state [construct] at time 13:32:48.077721 [INFO ] Executing state pip.installed for construct [DEBUG ] Installed pip version: 8.1.1 [INFO ] Executing command '/usr/bin/pip --version' in directory '/home/sansforensics' [DEBUG ] output: pip 8.1.1 from /usr/lib/python2.7/dist-packages (python 2.7) [INFO ] Executing command ['/usr/bin/pip', 'freeze', '--all'] in directory '/home/sansforensics' [DEBUG ] stdout: adium-theme-ubuntu==0.3.4 apsw==3.8.11.1.post1 artifacts==20161022 bencode==1.0 binplist==0.1.5 chardet==2.3.0 colorama==0.3.9 construct==2.5.3 cryptography==1.2.3 decorator==4.0.6 dfdatetime==20161101 dfvfs==20160108 dfwinreg==20160428 dpkt==1.8 DSV==1.4.1 dumbnet==1.12 ecdsa==0.13 efilter==1!1.5 enum34==1.1.2 flowgrep==0.9 funcsigs==0.4 fuse-python==0.2.1 futures==3.0.5 hachoir-core==1.3.3 hachoir-metadata==1.3.3 hachoir-parser==1.3.4 idna==2.0 ipaddress==1.0.16 ipython==2.4.1 Jinja2==2.8 Mako==1.0.3 MarkupSafe==0.23 mock==1.3.0 msgpack-python==0.4.6 ndg-httpsclient==0.4.0 ntdsxtract==1.2b0 paramiko==1.16.0 pbr==1.8.0 pefile==1.2.10.post139 pexpect==4.0.1 pip==8.1.1 plaso==1.4.0 protobuf==2.6.1 psutil==4.3.1 ptyprocess==0.5 pyasn1==0.1.9 pycrypto==2.6.1 pycurl==7.43.0 PyMySQL==0.7.2 pynids==0.6.1 pyOpenSSL==0.15.1 pyparsing==2.1.5 pyserial==3.0.1 python-apt==1.1.0b1 python-dateutil==2.4.2 python-systemd==231 pytsk3==20160721 pytz==2016.6.1 PyYAML==3.11 pyzmq==15.2.0 requests==2.9.1 salt==2016.11.6 setuptools==20.7.0 simplegeneric==0.8.1 six==1.10.0 tornado==4.2.1 unity-lens-photos==1.0 urllib3==1.13.1 virtualenv==15.0.1 wheel==0.29.0 wxPython==3.0.2.0 wxPython-common==3.0.2.0 XlsxWriter==0.9.3 yara-python==3.5.0 [DEBUG ] stderr: The directory '/home/sansforensics/.cache/pip/http' or its parent directory is not owned by the current user and the cache has been disabled. Please check the permissions and owner of that directory. If executing pip with sudo, you may want sudo's -H flag. You are using pip version 8.1.1, however version 9.0.1 is available. You should consider upgrading via the 'pip install --upgrade pip' command. [DEBUG ] CLEANUP_REQUIREMENTS: [] [DEBUG ] TRY BLOCK: end of pip.install -- cmd: ['/usr/bin/pip', 'install'], cmd_kwargs: {'runas': None, 'use_vt': False, 'saltenv': 'base'} [INFO ] Executing command ['/usr/bin/pip', 'install'] in directory '/home/sansforensics' [DEBUG ] stderr: The directory '/home/sansforensics/.cache/pip/http' or its parent directory is not owned by the current user and the cache has been disabled. Please check the permissions and owner of that directory. If executing pip with sudo, you may want sudo's -H flag. The directory '/home/sansforensics/.cache/pip' or its parent directory is not owned by the current user and caching wheels has been disabled. check the permissions and owner of that directory. If executing pip with sudo, you may want sudo's -H flag. You must give at least one requirement to install (see "pip help install") You are using pip version 8.1.1, however version 9.0.1 is available. You should consider upgrading via the 'pip install --upgrade pip' command. [INFO ] Python package construct was already installed All packages were successfully installed [INFO ] Completed state [construct] at time 13:32:50.844776 duration_in_ms=2767.054 [INFO ] Running state [dpapick] at time 13:32:50.850870 [INFO ] Executing state pip.installed for dpapick [DEBUG ] Installed pip version: 8.1.1 [INFO ] Executing command '/usr/bin/pip --version' in directory '/home/sansforensics' [DEBUG ] output: pip 8.1.1 from /usr/lib/python2.7/dist-packages (python 2.7) [INFO ] Executing command ['/usr/bin/pip', 'freeze', '--all'] in directory '/home/sansforensics' [DEBUG ] stdout: adium-theme-ubuntu==0.3.4 apsw==3.8.11.1.post1 artifacts==20161022 bencode==1.0 binplist==0.1.5 chardet==2.3.0 colorama==0.3.9 construct==2.5.3 cryptography==1.2.3 decorator==4.0.6 dfdatetime==20161101 dfvfs==20160108 dfwinreg==20160428 dpkt==1.8 DSV==1.4.1 dumbnet==1.12 ecdsa==0.13 efilter==1!1.5 enum34==1.1.2 flowgrep==0.9 funcsigs==0.4 fuse-python==0.2.1 futures==3.0.5 hachoir-core==1.3.3 hachoir-metadata==1.3.3 hachoir-parser==1.3.4 idna==2.0 ipaddress==1.0.16 ipython==2.4.1 Jinja2==2.8 Mako==1.0.3 MarkupSafe==0.23 mock==1.3.0 msgpack-python==0.4.6 ndg-httpsclient==0.4.0 ntdsxtract==1.2b0 paramiko==1.16.0 pbr==1.8.0 pefile==1.2.10.post139 pexpect==4.0.1 pip==8.1.1 plaso==1.4.0 protobuf==2.6.1 psutil==4.3.1 ptyprocess==0.5 pyasn1==0.1.9 pycrypto==2.6.1 pycurl==7.43.0 PyMySQL==0.7.2 pynids==0.6.1 pyOpenSSL==0.15.1 pyparsing==2.1.5 pyserial==3.0.1 python-apt==1.1.0b1 python-dateutil==2.4.2 python-systemd==231 pytsk3==20160721 pytz==2016.6.1 PyYAML==3.11 pyzmq==15.2.0 requests==2.9.1 salt==2016.11.6 setuptools==20.7.0 simplegeneric==0.8.1 six==1.10.0 tornado==4.2.1 unity-lens-photos==1.0 urllib3==1.13.1 virtualenv==15.0.1 wheel==0.29.0 wxPython==3.0.2.0 wxPython-common==3.0.2.0 XlsxWriter==0.9.3 yara-python==3.5.0 [DEBUG ] stderr: The directory '/home/sansforensics/.cache/pip/http' or its parent directory is not owned by the current user and the cache has been disabled. Please check the permissions and owner of that directory. If executing pip with sudo, you may want sudo's -H flag. You are using pip version 8.1.1, however version 9.0.1 is available. You should consider upgrading via the 'pip install --upgrade pip' command. [DEBUG ] CLEANUP_REQUIREMENTS: [] [DEBUG ] TRY BLOCK: end of pip.install -- cmd: ['/usr/bin/pip', 'install', '--upgrade', 'dpapick'], cmd_kwargs: {'runas': None, 'use_vt': False, 'saltenv': 'base'} [INFO ] Executing command ['/usr/bin/pip', 'install', '--upgrade', 'dpapick'] in directory '/home/sansforensics' [DEBUG ] stdout: Collecting dpapick Downloading dpapick-0.3-py2-none-any.whl Collecting python-registry>=1.0.4 (from dpapick) Downloading python-registry-1.0.4.tar.gz Collecting CFPropertyList (from dpapick) Downloading CFPropertyList-0.0.1.tar.gz Collecting M2Crypto>=0.21.1 (from dpapick) Downloading M2Crypto-0.26.0.tar.gz (305kB) Collecting pyasn1>=0.1.7 (from dpapick) Downloading pyasn1-0.2.3-py2.py3-none-any.whl (53kB) Collecting enum34 (from python-registry>=1.0.4->dpapick) Downloading enum34-1.1.6-py2-none-any.whl Collecting typing (from M2Crypto>=0.21.1->dpapick) Downloading typing-3.6.1.tar.gz (66kB) Installing collected packages: enum34, python-registry, CFPropertyList, typing, M2Crypto, pyasn1, dpapick Found existing installation: enum34 1.1.2 Not uninstalling enum34 at /usr/lib/python2.7/dist-packages, outside environment /usr Running setup.py install for python-registry: started Running setup.py install for python-registry: finished with status 'done' Running setup.py install for CFPropertyList: started Running setup.py install for CFPropertyList: finished with status 'done' Running setup.py install for typing: started Running setup.py install for typing: finished with status 'done' Running setup.py install for M2Crypto: started Running setup.py install for M2Crypto: finished with status 'done' Found existing installation: pyasn1 0.1.9 Not uninstalling pyasn1 at /usr/lib/python2.7/dist-packages, outside environment /usr Successfully installed CFPropertyList-0.0.1 M2Crypto-0.26.0 dpapick-0.3 enum34-1.1.6 pyasn1-0.2.3 python-registry-1.0.4 typing-3.6.1 [DEBUG ] stderr: The directory '/home/sansforensics/.cache/pip/http' or its parent directory is not owned by the current user and the cache has been disabled. Please check the permissions and owner of that directory. If executing pip with sudo, you may want sudo's -H flag. The directory '/home/sansforensics/.cache/pip' or its parent directory is not owned by the current user and caching wheels has been disabled. check the permissions and owner of that directory. If executing pip with sudo, you may want sudo's -H flag. You are using pip version 8.1.1, however version 9.0.1 is available. You should consider upgrading via the 'pip install --upgrade pip' command. [INFO ] Executing command '/usr/bin/pip --version' in directory '/home/sansforensics' [DEBUG ] output: pip 8.1.1 from /usr/lib/python2.7/dist-packages (python 2.7) [INFO ] Executing command ['/usr/bin/pip', 'freeze', '--all'] in directory '/home/sansforensics' [DEBUG ] stdout: adium-theme-ubuntu==0.3.4 apsw==3.8.11.1.post1 artifacts==20161022 bencode==1.0 binplist==0.1.5 CFPropertyList==0.0.1 chardet==2.3.0 colorama==0.3.9 construct==2.5.3 cryptography==1.2.3 decorator==4.0.6 dfdatetime==20161101 dfvfs==20160108 dfwinreg==20160428 dpapick==0.3 dpkt==1.8 DSV==1.4.1 dumbnet==1.12 ecdsa==0.13 efilter==1!1.5 enum34==1.1.6 flowgrep==0.9 funcsigs==0.4 fuse-python==0.2.1 futures==3.0.5 hachoir-core==1.3.3 hachoir-metadata==1.3.3 hachoir-parser==1.3.4 idna==2.0 ipaddress==1.0.16 ipython==2.4.1 Jinja2==2.8 M2Crypto==0.26.0 Mako==1.0.3 MarkupSafe==0.23 mock==1.3.0 msgpack-python==0.4.6 ndg-httpsclient==0.4.0 ntdsxtract==1.2b0 paramiko==1.16.0 pbr==1.8.0 pefile==1.2.10.post139 pexpect==4.0.1 pip==8.1.1 plaso==1.4.0 protobuf==2.6.1 psutil==4.3.1 ptyprocess==0.5 pyasn1==0.2.3 pycrypto==2.6.1 pycurl==7.43.0 PyMySQL==0.7.2 pynids==0.6.1 pyOpenSSL==0.15.1 pyparsing==2.1.5 pyserial==3.0.1 python-apt==1.1.0b1 python-dateutil==2.4.2 python-registry==1.0.4 python-systemd==231 pytsk3==20160721 pytz==2016.6.1 PyYAML==3.11 pyzmq==15.2.0 requests==2.9.1 salt==2016.11.6 setuptools==20.7.0 simplegeneric==0.8.1 six==1.10.0 tornado==4.2.1 typing==3.6.1 unity-lens-photos==1.0 urllib3==1.13.1 virtualenv==15.0.1 wheel==0.29.0 wxPython==3.0.2.0 wxPython-common==3.0.2.0 XlsxWriter==0.9.3 yara-python==3.5.0 [DEBUG ] stderr: The directory '/home/sansforensics/.cache/pip/http' or its parent directory is not owned by the current user and the cache has been disabled. Please check the permissions and owner of that directory. If executing pip with sudo, you may want sudo's -H flag. You are using pip version 8.1.1, however version 9.0.1 is available. You should consider upgrading via the 'pip install --upgrade pip' command. [INFO ] {'dpapick==0.3': 'Installed'} [INFO ] Completed state [dpapick] at time 13:33:06.657494 duration_in_ms=15806.623 [INFO ] Running state [distorm3] at time 13:33:06.660991 [INFO ] Executing state pip.installed for distorm3 [DEBUG ] Installed pip version: 8.1.1 [INFO ] Executing command '/usr/bin/pip --version' in directory '/home/sansforensics' [DEBUG ] output: pip 8.1.1 from /usr/lib/python2.7/dist-packages (python 2.7) [INFO ] Executing command ['/usr/bin/pip', 'freeze', '--all'] in directory '/home/sansforensics' [DEBUG ] stdout: adium-theme-ubuntu==0.3.4 apsw==3.8.11.1.post1 artifacts==20161022 bencode==1.0 binplist==0.1.5 CFPropertyList==0.0.1 chardet==2.3.0 colorama==0.3.9 construct==2.5.3 cryptography==1.2.3 decorator==4.0.6 dfdatetime==20161101 dfvfs==20160108 dfwinreg==20160428 dpapick==0.3 dpkt==1.8 DSV==1.4.1 dumbnet==1.12 ecdsa==0.13 efilter==1!1.5 enum34==1.1.6 flowgrep==0.9 funcsigs==0.4 fuse-python==0.2.1 futures==3.0.5 hachoir-core==1.3.3 hachoir-metadata==1.3.3 hachoir-parser==1.3.4 idna==2.0 ipaddress==1.0.16 ipython==2.4.1 Jinja2==2.8 M2Crypto==0.26.0 Mako==1.0.3 MarkupSafe==0.23 mock==1.3.0 msgpack-python==0.4.6 ndg-httpsclient==0.4.0 ntdsxtract==1.2b0 paramiko==1.16.0 pbr==1.8.0 pefile==1.2.10.post139 pexpect==4.0.1 pip==8.1.1 plaso==1.4.0 protobuf==2.6.1 psutil==4.3.1 ptyprocess==0.5 pyasn1==0.2.3 pycrypto==2.6.1 pycurl==7.43.0 PyMySQL==0.7.2 pynids==0.6.1 pyOpenSSL==0.15.1 pyparsing==2.1.5 pyserial==3.0.1 python-apt==1.1.0b1 python-dateutil==2.4.2 python-registry==1.0.4 python-systemd==231 pytsk3==20160721 pytz==2016.6.1 PyYAML==3.11 pyzmq==15.2.0 requests==2.9.1 salt==2016.11.6 setuptools==20.7.0 simplegeneric==0.8.1 six==1.10.0 tornado==4.2.1 typing==3.6.1 unity-lens-photos==1.0 urllib3==1.13.1 virtualenv==15.0.1 wheel==0.29.0 wxPython==3.0.2.0 wxPython-common==3.0.2.0 XlsxWriter==0.9.3 yara-python==3.5.0 [DEBUG ] stderr: The directory '/home/sansforensics/.cache/pip/http' or its parent directory is not owned by the current user and the cache has been disabled. Please check the permissions and owner of that directory. If executing pip with sudo, you may want sudo's -H flag. You are using pip version 8.1.1, however version 9.0.1 is available. You should consider upgrading via the 'pip install --upgrade pip' command. [DEBUG ] CLEANUP_REQUIREMENTS: [] [DEBUG ] TRY BLOCK: end of pip.install -- cmd: ['/usr/bin/pip', 'install', 'distorm3'], cmd_kwargs: {'runas': None, 'use_vt': False, 'saltenv': 'base'} [INFO ] Executing command ['/usr/bin/pip', 'install', 'distorm3'] in directory '/home/sansforensics' [DEBUG ] stdout: Collecting distorm3 Downloading distorm3-3.3.4.zip (129kB) Installing collected packages: distorm3 Running setup.py install for distorm3: started Running setup.py install for distorm3: finished with status 'done' Successfully installed distorm3-3.3.4 [DEBUG ] stderr: The directory '/home/sansforensics/.cache/pip/http' or its parent directory is not owned by the current user and the cache has been disabled. Please check the permissions and owner of that directory. If executing pip with sudo, you may want sudo's -H flag. The directory '/home/sansforensics/.cache/pip' or its parent directory is not owned by the current user and caching wheels has been disabled. check the permissions and owner of that directory. If executing pip with sudo, you may want sudo's -H flag. You are using pip version 8.1.1, however version 9.0.1 is available. You should consider upgrading via the 'pip install --upgrade pip' command. [INFO ] Executing command '/usr/bin/pip --version' in directory '/home/sansforensics' [DEBUG ] output: pip 8.1.1 from /usr/lib/python2.7/dist-packages (python 2.7) [INFO ] Executing command ['/usr/bin/pip', 'freeze', '--all'] in directory '/home/sansforensics' [DEBUG ] stdout: adium-theme-ubuntu==0.3.4 apsw==3.8.11.1.post1 artifacts==20161022 bencode==1.0 binplist==0.1.5 CFPropertyList==0.0.1 chardet==2.3.0 colorama==0.3.9 construct==2.5.3 cryptography==1.2.3 decorator==4.0.6 dfdatetime==20161101 dfvfs==20160108 dfwinreg==20160428 distorm3==3.3.4 dpapick==0.3 dpkt==1.8 DSV==1.4.1 dumbnet==1.12 ecdsa==0.13 efilter==1!1.5 enum34==1.1.6 flowgrep==0.9 funcsigs==0.4 fuse-python==0.2.1 futures==3.0.5 hachoir-core==1.3.3 hachoir-metadata==1.3.3 hachoir-parser==1.3.4 idna==2.0 ipaddress==1.0.16 ipython==2.4.1 Jinja2==2.8 M2Crypto==0.26.0 Mako==1.0.3 MarkupSafe==0.23 mock==1.3.0 msgpack-python==0.4.6 ndg-httpsclient==0.4.0 ntdsxtract==1.2b0 paramiko==1.16.0 pbr==1.8.0 pefile==1.2.10.post139 pexpect==4.0.1 pip==8.1.1 plaso==1.4.0 protobuf==2.6.1 psutil==4.3.1 ptyprocess==0.5 pyasn1==0.2.3 pycrypto==2.6.1 pycurl==7.43.0 PyMySQL==0.7.2 pynids==0.6.1 pyOpenSSL==0.15.1 pyparsing==2.1.5 pyserial==3.0.1 python-apt==1.1.0b1 python-dateutil==2.4.2 python-registry==1.0.4 python-systemd==231 pytsk3==20160721 pytz==2016.6.1 PyYAML==3.11 pyzmq==15.2.0 requests==2.9.1 salt==2016.11.6 setuptools==20.7.0 simplegeneric==0.8.1 six==1.10.0 tornado==4.2.1 typing==3.6.1 unity-lens-photos==1.0 urllib3==1.13.1 virtualenv==15.0.1 wheel==0.29.0 wxPython==3.0.2.0 wxPython-common==3.0.2.0 XlsxWriter==0.9.3 yara-python==3.5.0 [DEBUG ] stderr: The directory '/home/sansforensics/.cache/pip/http' or its parent directory is not owned by the current user and the cache has been disabled. Please check the permissions and owner of that directory. If executing pip with sudo, you may want sudo's -H flag. You are using pip version 8.1.1, however version 9.0.1 is available. You should consider upgrading via the 'pip install --upgrade pip' command. [INFO ] {'distorm3==3.3.4': 'Installed'} [INFO ] Completed state [distorm3] at time 13:33:12.679843 duration_in_ms=6018.819 [INFO ] Running state [haystack] at time 13:33:12.682483 [INFO ] Executing state pip.installed for haystack [DEBUG ] Installed pip version: 8.1.1 [INFO ] Executing command '/usr/bin/pip --version' in directory '/home/sansforensics' [DEBUG ] output: pip 8.1.1 from /usr/lib/python2.7/dist-packages (python 2.7) [INFO ] Executing command ['/usr/bin/pip', 'freeze', '--all'] in directory '/home/sansforensics' [DEBUG ] stdout: adium-theme-ubuntu==0.3.4 apsw==3.8.11.1.post1 artifacts==20161022 bencode==1.0 binplist==0.1.5 CFPropertyList==0.0.1 chardet==2.3.0 colorama==0.3.9 construct==2.5.3 cryptography==1.2.3 decorator==4.0.6 dfdatetime==20161101 dfvfs==20160108 dfwinreg==20160428 distorm3==3.3.4 dpapick==0.3 dpkt==1.8 DSV==1.4.1 dumbnet==1.12 ecdsa==0.13 efilter==1!1.5 enum34==1.1.6 flowgrep==0.9 funcsigs==0.4 fuse-python==0.2.1 futures==3.0.5 hachoir-core==1.3.3 hachoir-metadata==1.3.3 hachoir-parser==1.3.4 idna==2.0 ipaddress==1.0.16 ipython==2.4.1 Jinja2==2.8 M2Crypto==0.26.0 Mako==1.0.3 MarkupSafe==0.23 mock==1.3.0 msgpack-python==0.4.6 ndg-httpsclient==0.4.0 ntdsxtract==1.2b0 paramiko==1.16.0 pbr==1.8.0 pefile==1.2.10.post139 pexpect==4.0.1 pip==8.1.1 plaso==1.4.0 protobuf==2.6.1 psutil==4.3.1 ptyprocess==0.5 pyasn1==0.2.3 pycrypto==2.6.1 pycurl==7.43.0 PyMySQL==0.7.2 pynids==0.6.1 pyOpenSSL==0.15.1 pyparsing==2.1.5 pyserial==3.0.1 python-apt==1.1.0b1 python-dateutil==2.4.2 python-registry==1.0.4 python-systemd==231 pytsk3==20160721 pytz==2016.6.1 PyYAML==3.11 pyzmq==15.2.0 requests==2.9.1 salt==2016.11.6 setuptools==20.7.0 simplegeneric==0.8.1 six==1.10.0 tornado==4.2.1 typing==3.6.1 unity-lens-photos==1.0 urllib3==1.13.1 virtualenv==15.0.1 wheel==0.29.0 wxPython==3.0.2.0 wxPython-common==3.0.2.0 XlsxWriter==0.9.3 yara-python==3.5.0 [DEBUG ] stderr: The directory '/home/sansforensics/.cache/pip/http' or its parent directory is not owned by the current user and the cache has been disabled. Please check the permissions and owner of that directory. If executing pip with sudo, you may want sudo's -H flag. You are using pip version 8.1.1, however version 9.0.1 is available. You should consider upgrading via the 'pip install --upgrade pip' command. [DEBUG ] CLEANUP_REQUIREMENTS: [] [DEBUG ] TRY BLOCK: end of pip.install -- cmd: ['/usr/bin/pip', 'install', '--upgrade', 'haystack'], cmd_kwargs: {'runas': None, 'use_vt': False, 'saltenv': 'base'} [INFO ] Executing command ['/usr/bin/pip', 'install', '--upgrade', 'haystack'] in directory '/home/sansforensics' [DEBUG ] stdout: Collecting haystack Downloading haystack-0.42-py2.py3-none-any.whl (179kB) Collecting python-ptrace>=0.8.1 (from haystack) Downloading python-ptrace-0.9.2.tar.gz (102kB) Requirement already up-to-date: construct<2.8 in /usr/lib/python2.7/dist-packages (from haystack) Collecting pefile (from haystack) Downloading pefile-2016.3.28.tar.gz (58kB) Requirement already up-to-date: six in /usr/lib/python2.7/dist-packages (from construct<2.8->haystack) Collecting future (from pefile->haystack) Downloading future-0.16.0.tar.gz (824kB) Installing collected packages: python-ptrace, future, pefile, haystack Running setup.py install for python-ptrace: started Running setup.py install for python-ptrace: finished with status 'done' Running setup.py install for future: started Running setup.py install for future: finished with status 'done' Found existing installation: pefile 1.2.10.post139 Not uninstalling pefile at /usr/lib/python2.7/dist-packages, outside environment /usr Running setup.py install for pefile: started Running setup.py install for pefile: finished with status 'done' Successfully installed future-0.16.0 haystack-0.42 pefile-2016.3.28 python-ptrace-0.9.2 [DEBUG ] stderr: The directory '/home/sansforensics/.cache/pip/http' or its parent directory is not owned by the current user and the cache has been disabled. Please check the permissions and owner of that directory. If executing pip with sudo, you may want sudo's -H flag. The directory '/home/sansforensics/.cache/pip' or its parent directory is not owned by the current user and caching wheels has been disabled. check the permissions and owner of that directory. If executing pip with sudo, you may want sudo's -H flag. You are using pip version 8.1.1, however version 9.0.1 is available. You should consider upgrading via the 'pip install --upgrade pip' command. [INFO ] Executing command '/usr/bin/pip --version' in directory '/home/sansforensics' [DEBUG ] output: pip 8.1.1 from /usr/lib/python2.7/dist-packages (python 2.7) [INFO ] Executing command ['/usr/bin/pip', 'freeze', '--all'] in directory '/home/sansforensics' [DEBUG ] stdout: adium-theme-ubuntu==0.3.4 apsw==3.8.11.1.post1 artifacts==20161022 bencode==1.0 binplist==0.1.5 CFPropertyList==0.0.1 chardet==2.3.0 colorama==0.3.9 construct==2.5.3 cryptography==1.2.3 decorator==4.0.6 dfdatetime==20161101 dfvfs==20160108 dfwinreg==20160428 distorm3==3.3.4 dpapick==0.3 dpkt==1.8 DSV==1.4.1 dumbnet==1.12 ecdsa==0.13 efilter==1!1.5 enum34==1.1.6 flowgrep==0.9 funcsigs==0.4 fuse-python==0.2.1 future==0.16.0 futures==3.0.5 hachoir-core==1.3.3 hachoir-metadata==1.3.3 hachoir-parser==1.3.4 haystack==0.42 idna==2.0 ipaddress==1.0.16 ipython==2.4.1 Jinja2==2.8 M2Crypto==0.26.0 Mako==1.0.3 MarkupSafe==0.23 mock==1.3.0 msgpack-python==0.4.6 ndg-httpsclient==0.4.0 ntdsxtract==1.2b0 paramiko==1.16.0 pbr==1.8.0 pefile==2016.3.28 pexpect==4.0.1 pip==8.1.1 plaso==1.4.0 protobuf==2.6.1 psutil==4.3.1 ptyprocess==0.5 pyasn1==0.2.3 pycrypto==2.6.1 pycurl==7.43.0 PyMySQL==0.7.2 pynids==0.6.1 pyOpenSSL==0.15.1 pyparsing==2.1.5 pyserial==3.0.1 python-apt==1.1.0b1 python-dateutil==2.4.2 python-ptrace==0.9.2 python-registry==1.0.4 python-systemd==231 pytsk3==20160721 pytz==2016.6.1 PyYAML==3.11 pyzmq==15.2.0 requests==2.9.1 salt==2016.11.6 setuptools==20.7.0 simplegeneric==0.8.1 six==1.10.0 tornado==4.2.1 typing==3.6.1 unity-lens-photos==1.0 urllib3==1.13.1 virtualenv==15.0.1 wheel==0.29.0 wxPython==3.0.2.0 wxPython-common==3.0.2.0 XlsxWriter==0.9.3 yara-python==3.5.0 [DEBUG ] stderr: The directory '/home/sansforensics/.cache/pip/http' or its parent directory is not owned by the current user and the cache has been disabled. Please check the permissions and owner of that directory. If executing pip with sudo, you may want sudo's -H flag. You are using pip version 8.1.1, however version 9.0.1 is available. You should consider upgrading via the 'pip install --upgrade pip' command. [INFO ] {'haystack==0.42': 'Installed'} [INFO ] Completed state [haystack] at time 13:33:20.724853 duration_in_ms=8042.368 [INFO ] Running state [lxml] at time 13:33:20.731278 [INFO ] Executing state pip.installed for lxml [DEBUG ] Installed pip version: 8.1.1 [INFO ] Executing command '/usr/bin/pip --version' in directory '/home/sansforensics' [DEBUG ] output: pip 8.1.1 from /usr/lib/python2.7/dist-packages (python 2.7) [INFO ] Executing command ['/usr/bin/pip', 'freeze', '--all'] in directory '/home/sansforensics' [DEBUG ] stdout: adium-theme-ubuntu==0.3.4 apsw==3.8.11.1.post1 artifacts==20161022 bencode==1.0 binplist==0.1.5 CFPropertyList==0.0.1 chardet==2.3.0 colorama==0.3.9 construct==2.5.3 cryptography==1.2.3 decorator==4.0.6 dfdatetime==20161101 dfvfs==20160108 dfwinreg==20160428 distorm3==3.3.4 dpapick==0.3 dpkt==1.8 DSV==1.4.1 dumbnet==1.12 ecdsa==0.13 efilter==1!1.5 enum34==1.1.6 flowgrep==0.9 funcsigs==0.4 fuse-python==0.2.1 future==0.16.0 futures==3.0.5 hachoir-core==1.3.3 hachoir-metadata==1.3.3 hachoir-parser==1.3.4 haystack==0.42 idna==2.0 ipaddress==1.0.16 ipython==2.4.1 Jinja2==2.8 M2Crypto==0.26.0 Mako==1.0.3 MarkupSafe==0.23 mock==1.3.0 msgpack-python==0.4.6 ndg-httpsclient==0.4.0 ntdsxtract==1.2b0 paramiko==1.16.0 pbr==1.8.0 pefile==2016.3.28 pexpect==4.0.1 pip==8.1.1 plaso==1.4.0 protobuf==2.6.1 psutil==4.3.1 ptyprocess==0.5 pyasn1==0.2.3 pycrypto==2.6.1 pycurl==7.43.0 PyMySQL==0.7.2 pynids==0.6.1 pyOpenSSL==0.15.1 pyparsing==2.1.5 pyserial==3.0.1 python-apt==1.1.0b1 python-dateutil==2.4.2 python-ptrace==0.9.2 python-registry==1.0.4 python-systemd==231 pytsk3==20160721 pytz==2016.6.1 PyYAML==3.11 pyzmq==15.2.0 requests==2.9.1 salt==2016.11.6 setuptools==20.7.0 simplegeneric==0.8.1 six==1.10.0 tornado==4.2.1 typing==3.6.1 unity-lens-photos==1.0 urllib3==1.13.1 virtualenv==15.0.1 wheel==0.29.0 wxPython==3.0.2.0 wxPython-common==3.0.2.0 XlsxWriter==0.9.3 yara-python==3.5.0 [DEBUG ] stderr: The directory '/home/sansforensics/.cache/pip/http' or its parent directory is not owned by the current user and the cache has been disabled. Please check the permissions and owner of that directory. If executing pip with sudo, you may want sudo's -H flag. You are using pip version 8.1.1, however version 9.0.1 is available. You should consider upgrading via the 'pip install --upgrade pip' command. [DEBUG ] CLEANUP_REQUIREMENTS: [] [DEBUG ] TRY BLOCK: end of pip.install -- cmd: ['/usr/bin/pip', 'install', 'lxml'], cmd_kwargs: {'runas': None, 'use_vt': False, 'saltenv': 'base'} [INFO ] Executing command ['/usr/bin/pip', 'install', 'lxml'] in directory '/home/sansforensics' [DEBUG ] stdout: Collecting lxml Downloading lxml-3.8.0-cp27-cp27mu-manylinux1_x86_64.whl (6.8MB) Installing collected packages: lxml Successfully installed lxml-3.8.0 [DEBUG ] stderr: The directory '/home/sansforensics/.cache/pip/http' or its parent directory is not owned by the current user and the cache has been disabled. Please check the permissions and owner of that directory. If executing pip with sudo, you may want sudo's -H flag. The directory '/home/sansforensics/.cache/pip' or its parent directory is not owned by the current user and caching wheels has been disabled. check the permissions and owner of that directory. If executing pip with sudo, you may want sudo's -H flag. You are using pip version 8.1.1, however version 9.0.1 is available. You should consider upgrading via the 'pip install --upgrade pip' command. [INFO ] Executing command '/usr/bin/pip --version' in directory '/home/sansforensics' [DEBUG ] output: pip 8.1.1 from /usr/lib/python2.7/dist-packages (python 2.7) [INFO ] Executing command ['/usr/bin/pip', 'freeze', '--all'] in directory '/home/sansforensics' [DEBUG ] stdout: adium-theme-ubuntu==0.3.4 apsw==3.8.11.1.post1 artifacts==20161022 bencode==1.0 binplist==0.1.5 CFPropertyList==0.0.1 chardet==2.3.0 colorama==0.3.9 construct==2.5.3 cryptography==1.2.3 decorator==4.0.6 dfdatetime==20161101 dfvfs==20160108 dfwinreg==20160428 distorm3==3.3.4 dpapick==0.3 dpkt==1.8 DSV==1.4.1 dumbnet==1.12 ecdsa==0.13 efilter==1!1.5 enum34==1.1.6 flowgrep==0.9 funcsigs==0.4 fuse-python==0.2.1 future==0.16.0 futures==3.0.5 hachoir-core==1.3.3 hachoir-metadata==1.3.3 hachoir-parser==1.3.4 haystack==0.42 idna==2.0 ipaddress==1.0.16 ipython==2.4.1 Jinja2==2.8 lxml==3.8.0 M2Crypto==0.26.0 Mako==1.0.3 MarkupSafe==0.23 mock==1.3.0 msgpack-python==0.4.6 ndg-httpsclient==0.4.0 ntdsxtract==1.2b0 paramiko==1.16.0 pbr==1.8.0 pefile==2016.3.28 pexpect==4.0.1 pip==8.1.1 plaso==1.4.0 protobuf==2.6.1 psutil==4.3.1 ptyprocess==0.5 pyasn1==0.2.3 pycrypto==2.6.1 pycurl==7.43.0 PyMySQL==0.7.2 pynids==0.6.1 pyOpenSSL==0.15.1 pyparsing==2.1.5 pyserial==3.0.1 python-apt==1.1.0b1 python-dateutil==2.4.2 python-ptrace==0.9.2 python-registry==1.0.4 python-systemd==231 pytsk3==20160721 pytz==2016.6.1 PyYAML==3.11 pyzmq==15.2.0 requests==2.9.1 salt==2016.11.6 setuptools==20.7.0 simplegeneric==0.8.1 six==1.10.0 tornado==4.2.1 typing==3.6.1 unity-lens-photos==1.0 urllib3==1.13.1 virtualenv==15.0.1 wheel==0.29.0 wxPython==3.0.2.0 wxPython-common==3.0.2.0 XlsxWriter==0.9.3 yara-python==3.5.0 [DEBUG ] stderr: The directory '/home/sansforensics/.cache/pip/http' or its parent directory is not owned by the current user and the cache has been disabled. Please check the permissions and owner of that directory. If executing pip with sudo, you may want sudo's -H flag. You are using pip version 8.1.1, however version 9.0.1 is available. You should consider upgrading via the 'pip install --upgrade pip' command. [INFO ] {'lxml==3.8.0': 'Installed'} [INFO ] Completed state [lxml] at time 13:33:27.114682 duration_in_ms=6383.399 [INFO ] Running state [ioc_writer] at time 13:33:27.125863 [INFO ] Executing state pip.installed for ioc_writer [DEBUG ] Installed pip version: 8.1.1 [INFO ] Executing command '/usr/bin/pip --version' in directory '/home/sansforensics' [DEBUG ] output: pip 8.1.1 from /usr/lib/python2.7/dist-packages (python 2.7) [INFO ] Executing command ['/usr/bin/pip', 'freeze', '--all'] in directory '/home/sansforensics' [DEBUG ] stdout: adium-theme-ubuntu==0.3.4 apsw==3.8.11.1.post1 artifacts==20161022 bencode==1.0 binplist==0.1.5 CFPropertyList==0.0.1 chardet==2.3.0 colorama==0.3.9 construct==2.5.3 cryptography==1.2.3 decorator==4.0.6 dfdatetime==20161101 dfvfs==20160108 dfwinreg==20160428 distorm3==3.3.4 dpapick==0.3 dpkt==1.8 DSV==1.4.1 dumbnet==1.12 ecdsa==0.13 efilter==1!1.5 enum34==1.1.6 flowgrep==0.9 funcsigs==0.4 fuse-python==0.2.1 future==0.16.0 futures==3.0.5 hachoir-core==1.3.3 hachoir-metadata==1.3.3 hachoir-parser==1.3.4 haystack==0.42 idna==2.0 ipaddress==1.0.16 ipython==2.4.1 Jinja2==2.8 lxml==3.8.0 M2Crypto==0.26.0 Mako==1.0.3 MarkupSafe==0.23 mock==1.3.0 msgpack-python==0.4.6 ndg-httpsclient==0.4.0 ntdsxtract==1.2b0 paramiko==1.16.0 pbr==1.8.0 pefile==2016.3.28 pexpect==4.0.1 pip==8.1.1 plaso==1.4.0 protobuf==2.6.1 psutil==4.3.1 ptyprocess==0.5 pyasn1==0.2.3 pycrypto==2.6.1 pycurl==7.43.0 PyMySQL==0.7.2 pynids==0.6.1 pyOpenSSL==0.15.1 pyparsing==2.1.5 pyserial==3.0.1 python-apt==1.1.0b1 python-dateutil==2.4.2 python-ptrace==0.9.2 python-registry==1.0.4 python-systemd==231 pytsk3==20160721 pytz==2016.6.1 PyYAML==3.11 pyzmq==15.2.0 requests==2.9.1 salt==2016.11.6 setuptools==20.7.0 simplegeneric==0.8.1 six==1.10.0 tornado==4.2.1 typing==3.6.1 unity-lens-photos==1.0 urllib3==1.13.1 virtualenv==15.0.1 wheel==0.29.0 wxPython==3.0.2.0 wxPython-common==3.0.2.0 XlsxWriter==0.9.3 yara-python==3.5.0 [DEBUG ] stderr: The directory '/home/sansforensics/.cache/pip/http' or its parent directory is not owned by the current user and the cache has been disabled. Please check the permissions and owner of that directory. If executing pip with sudo, you may want sudo's -H flag. You are using pip version 8.1.1, however version 9.0.1 is available. You should consider upgrading via the 'pip install --upgrade pip' command. [DEBUG ] CLEANUP_REQUIREMENTS: [] [DEBUG ] TRY BLOCK: end of pip.install -- cmd: ['/usr/bin/pip', 'install', 'ioc_writer'], cmd_kwargs: {'runas': None, 'use_vt': False, 'saltenv': 'base'} [INFO ] Executing command ['/usr/bin/pip', 'install', 'ioc_writer'] in directory '/home/sansforensics' [DEBUG ] stdout: Collecting ioc_writer Downloading ioc_writer-0.3.3.tar.gz Requirement already satisfied (use --upgrade to upgrade): lxml in /usr/local/lib/python2.7/dist-packages (from ioc_writer) Installing collected packages: ioc-writer Running setup.py install for ioc-writer: started Running setup.py install for ioc-writer: finished with status 'done' Successfully installed ioc-writer-0.3.3 [DEBUG ] stderr: The directory '/home/sansforensics/.cache/pip/http' or its parent directory is not owned by the current user and the cache has been disabled. Please check the permissions and owner of that directory. If executing pip with sudo, you may want sudo's -H flag. The directory '/home/sansforensics/.cache/pip' or its parent directory is not owned by the current user and caching wheels has been disabled. check the permissions and owner of that directory. If executing pip with sudo, you may want sudo's -H flag. You are using pip version 8.1.1, however version 9.0.1 is available. You should consider upgrading via the 'pip install --upgrade pip' command. [INFO ] Executing command '/usr/bin/pip --version' in directory '/home/sansforensics' [DEBUG ] output: pip 8.1.1 from /usr/lib/python2.7/dist-packages (python 2.7) [INFO ] Executing command ['/usr/bin/pip', 'freeze', '--all'] in directory '/home/sansforensics' [DEBUG ] stdout: adium-theme-ubuntu==0.3.4 apsw==3.8.11.1.post1 artifacts==20161022 bencode==1.0 binplist==0.1.5 CFPropertyList==0.0.1 chardet==2.3.0 colorama==0.3.9 construct==2.5.3 cryptography==1.2.3 decorator==4.0.6 dfdatetime==20161101 dfvfs==20160108 dfwinreg==20160428 distorm3==3.3.4 dpapick==0.3 dpkt==1.8 DSV==1.4.1 dumbnet==1.12 ecdsa==0.13 efilter==1!1.5 enum34==1.1.6 flowgrep==0.9 funcsigs==0.4 fuse-python==0.2.1 future==0.16.0 futures==3.0.5 hachoir-core==1.3.3 hachoir-metadata==1.3.3 hachoir-parser==1.3.4 haystack==0.42 idna==2.0 ioc-writer==0.3.3 ipaddress==1.0.16 ipython==2.4.1 Jinja2==2.8 lxml==3.8.0 M2Crypto==0.26.0 Mako==1.0.3 MarkupSafe==0.23 mock==1.3.0 msgpack-python==0.4.6 ndg-httpsclient==0.4.0 ntdsxtract==1.2b0 paramiko==1.16.0 pbr==1.8.0 pefile==2016.3.28 pexpect==4.0.1 pip==8.1.1 plaso==1.4.0 protobuf==2.6.1 psutil==4.3.1 ptyprocess==0.5 pyasn1==0.2.3 pycrypto==2.6.1 pycurl==7.43.0 PyMySQL==0.7.2 pynids==0.6.1 pyOpenSSL==0.15.1 pyparsing==2.1.5 pyserial==3.0.1 python-apt==1.1.0b1 python-dateutil==2.4.2 python-ptrace==0.9.2 python-registry==1.0.4 python-systemd==231 pytsk3==20160721 pytz==2016.6.1 PyYAML==3.11 pyzmq==15.2.0 requests==2.9.1 salt==2016.11.6 setuptools==20.7.0 simplegeneric==0.8.1 six==1.10.0 tornado==4.2.1 typing==3.6.1 unity-lens-photos==1.0 urllib3==1.13.1 virtualenv==15.0.1 wheel==0.29.0 wxPython==3.0.2.0 wxPython-common==3.0.2.0 XlsxWriter==0.9.3 yara-python==3.5.0 [DEBUG ] stderr: The directory '/home/sansforensics/.cache/pip/http' or its parent directory is not owned by the current user and the cache has been disabled. Please check the permissions and owner of that directory. If executing pip with sudo, you may want sudo's -H flag. You are using pip version 8.1.1, however version 9.0.1 is available. You should consider upgrading via the 'pip install --upgrade pip' command. [INFO ] {'ioc-writer==0.3.3': 'Installed'} [INFO ] Completed state [ioc_writer] at time 13:33:32.508204 duration_in_ms=5382.338 [INFO ] Running state [pefile] at time 13:33:32.513355 [INFO ] Executing state pip.installed for pefile [DEBUG ] Installed pip version: 8.1.1 [INFO ] Executing command '/usr/bin/pip --version' in directory '/home/sansforensics' [DEBUG ] output: pip 8.1.1 from /usr/lib/python2.7/dist-packages (python 2.7) [INFO ] Executing command ['/usr/bin/pip', 'freeze', '--all'] in directory '/home/sansforensics' [DEBUG ] stdout: adium-theme-ubuntu==0.3.4 apsw==3.8.11.1.post1 artifacts==20161022 bencode==1.0 binplist==0.1.5 CFPropertyList==0.0.1 chardet==2.3.0 colorama==0.3.9 construct==2.5.3 cryptography==1.2.3 decorator==4.0.6 dfdatetime==20161101 dfvfs==20160108 dfwinreg==20160428 distorm3==3.3.4 dpapick==0.3 dpkt==1.8 DSV==1.4.1 dumbnet==1.12 ecdsa==0.13 efilter==1!1.5 enum34==1.1.6 flowgrep==0.9 funcsigs==0.4 fuse-python==0.2.1 future==0.16.0 futures==3.0.5 hachoir-core==1.3.3 hachoir-metadata==1.3.3 hachoir-parser==1.3.4 haystack==0.42 idna==2.0 ioc-writer==0.3.3 ipaddress==1.0.16 ipython==2.4.1 Jinja2==2.8 lxml==3.8.0 M2Crypto==0.26.0 Mako==1.0.3 MarkupSafe==0.23 mock==1.3.0 msgpack-python==0.4.6 ndg-httpsclient==0.4.0 ntdsxtract==1.2b0 paramiko==1.16.0 pbr==1.8.0 pefile==2016.3.28 pexpect==4.0.1 pip==8.1.1 plaso==1.4.0 protobuf==2.6.1 psutil==4.3.1 ptyprocess==0.5 pyasn1==0.2.3 pycrypto==2.6.1 pycurl==7.43.0 PyMySQL==0.7.2 pynids==0.6.1 pyOpenSSL==0.15.1 pyparsing==2.1.5 pyserial==3.0.1 python-apt==1.1.0b1 python-dateutil==2.4.2 python-ptrace==0.9.2 python-registry==1.0.4 python-systemd==231 pytsk3==20160721 pytz==2016.6.1 PyYAML==3.11 pyzmq==15.2.0 requests==2.9.1 salt==2016.11.6 setuptools==20.7.0 simplegeneric==0.8.1 six==1.10.0 tornado==4.2.1 typing==3.6.1 unity-lens-photos==1.0 urllib3==1.13.1 virtualenv==15.0.1 wheel==0.29.0 wxPython==3.0.2.0 wxPython-common==3.0.2.0 XlsxWriter==0.9.3 yara-python==3.5.0 [DEBUG ] stderr: The directory '/home/sansforensics/.cache/pip/http' or its parent directory is not owned by the current user and the cache has been disabled. Please check the permissions and owner of that directory. If executing pip with sudo, you may want sudo's -H flag. You are using pip version 8.1.1, however version 9.0.1 is available. You should consider upgrading via the 'pip install --upgrade pip' command. [DEBUG ] CLEANUP_REQUIREMENTS: [] [DEBUG ] TRY BLOCK: end of pip.install -- cmd: ['/usr/bin/pip', 'install'], cmd_kwargs: {'runas': None, 'use_vt': False, 'saltenv': 'base'} [INFO ] Executing command ['/usr/bin/pip', 'install'] in directory '/home/sansforensics' [DEBUG ] stderr: The directory '/home/sansforensics/.cache/pip/http' or its parent directory is not owned by the current user and the cache has been disabled. Please check the permissions and owner of that directory. If executing pip with sudo, you may want sudo's -H flag. The directory '/home/sansforensics/.cache/pip' or its parent directory is not owned by the current user and caching wheels has been disabled. check the permissions and owner of that directory. If executing pip with sudo, you may want sudo's -H flag. You must give at least one requirement to install (see "pip help install") You are using pip version 8.1.1, however version 9.0.1 is available. You should consider upgrading via the 'pip install --upgrade pip' command. [INFO ] Python package pefile was already installed All packages were successfully installed [INFO ] Completed state [pefile] at time 13:33:35.118735 duration_in_ms=2605.38 [INFO ] Running state [pycoin] at time 13:33:35.122198 [INFO ] Executing state pip.installed for pycoin [DEBUG ] Installed pip version: 8.1.1 [INFO ] Executing command '/usr/bin/pip --version' in directory '/home/sansforensics' [DEBUG ] output: pip 8.1.1 from /usr/lib/python2.7/dist-packages (python 2.7) [INFO ] Executing command ['/usr/bin/pip', 'freeze', '--all'] in directory '/home/sansforensics' [DEBUG ] stdout: adium-theme-ubuntu==0.3.4 apsw==3.8.11.1.post1 artifacts==20161022 bencode==1.0 binplist==0.1.5 CFPropertyList==0.0.1 chardet==2.3.0 colorama==0.3.9 construct==2.5.3 cryptography==1.2.3 decorator==4.0.6 dfdatetime==20161101 dfvfs==20160108 dfwinreg==20160428 distorm3==3.3.4 dpapick==0.3 dpkt==1.8 DSV==1.4.1 dumbnet==1.12 ecdsa==0.13 efilter==1!1.5 enum34==1.1.6 flowgrep==0.9 funcsigs==0.4 fuse-python==0.2.1 future==0.16.0 futures==3.0.5 hachoir-core==1.3.3 hachoir-metadata==1.3.3 hachoir-parser==1.3.4 haystack==0.42 idna==2.0 ioc-writer==0.3.3 ipaddress==1.0.16 ipython==2.4.1 Jinja2==2.8 lxml==3.8.0 M2Crypto==0.26.0 Mako==1.0.3 MarkupSafe==0.23 mock==1.3.0 msgpack-python==0.4.6 ndg-httpsclient==0.4.0 ntdsxtract==1.2b0 paramiko==1.16.0 pbr==1.8.0 pefile==2016.3.28 pexpect==4.0.1 pip==8.1.1 plaso==1.4.0 protobuf==2.6.1 psutil==4.3.1 ptyprocess==0.5 pyasn1==0.2.3 pycrypto==2.6.1 pycurl==7.43.0 PyMySQL==0.7.2 pynids==0.6.1 pyOpenSSL==0.15.1 pyparsing==2.1.5 pyserial==3.0.1 python-apt==1.1.0b1 python-dateutil==2.4.2 python-ptrace==0.9.2 python-registry==1.0.4 python-systemd==231 pytsk3==20160721 pytz==2016.6.1 PyYAML==3.11 pyzmq==15.2.0 requests==2.9.1 salt==2016.11.6 setuptools==20.7.0 simplegeneric==0.8.1 six==1.10.0 tornado==4.2.1 typing==3.6.1 unity-lens-photos==1.0 urllib3==1.13.1 virtualenv==15.0.1 wheel==0.29.0 wxPython==3.0.2.0 wxPython-common==3.0.2.0 XlsxWriter==0.9.3 yara-python==3.5.0 [DEBUG ] stderr: The directory '/home/sansforensics/.cache/pip/http' or its parent directory is not owned by the current user and the cache has been disabled. Please check the permissions and owner of that directory. If executing pip with sudo, you may want sudo's -H flag. You are using pip version 8.1.1, however version 9.0.1 is available. You should consider upgrading via the 'pip install --upgrade pip' command. [DEBUG ] CLEANUP_REQUIREMENTS: [] [DEBUG ] TRY BLOCK: end of pip.install -- cmd: ['/usr/bin/pip', 'install', '--upgrade', 'pycoin'], cmd_kwargs: {'runas': None, 'use_vt': False, 'saltenv': 'base'} [INFO ] Executing command ['/usr/bin/pip', 'install', '--upgrade', 'pycoin'] in directory '/home/sansforensics' [DEBUG ] stdout: Collecting pycoin Downloading pycoin-0.77.tar.gz (110kB) Installing collected packages: pycoin Running setup.py install for pycoin: started Running setup.py install for pycoin: finished with status 'done' Successfully installed pycoin-0.77 [DEBUG ] stderr: The directory '/home/sansforensics/.cache/pip/http' or its parent directory is not owned by the current user and the cache has been disabled. Please check the permissions and owner of that directory. If executing pip with sudo, you may want sudo's -H flag. The directory '/home/sansforensics/.cache/pip' or its parent directory is not owned by the current user and caching wheels has been disabled. check the permissions and owner of that directory. If executing pip with sudo, you may want sudo's -H flag. You are using pip version 8.1.1, however version 9.0.1 is available. You should consider upgrading via the 'pip install --upgrade pip' command. [INFO ] Executing command '/usr/bin/pip --version' in directory '/home/sansforensics' [DEBUG ] output: pip 8.1.1 from /usr/lib/python2.7/dist-packages (python 2.7) [INFO ] Executing command ['/usr/bin/pip', 'freeze', '--all'] in directory '/home/sansforensics' [DEBUG ] stdout: adium-theme-ubuntu==0.3.4 apsw==3.8.11.1.post1 artifacts==20161022 bencode==1.0 binplist==0.1.5 CFPropertyList==0.0.1 chardet==2.3.0 colorama==0.3.9 construct==2.5.3 cryptography==1.2.3 decorator==4.0.6 dfdatetime==20161101 dfvfs==20160108 dfwinreg==20160428 distorm3==3.3.4 dpapick==0.3 dpkt==1.8 DSV==1.4.1 dumbnet==1.12 ecdsa==0.13 efilter==1!1.5 enum34==1.1.6 flowgrep==0.9 funcsigs==0.4 fuse-python==0.2.1 future==0.16.0 futures==3.0.5 hachoir-core==1.3.3 hachoir-metadata==1.3.3 hachoir-parser==1.3.4 haystack==0.42 idna==2.0 ioc-writer==0.3.3 ipaddress==1.0.16 ipython==2.4.1 Jinja2==2.8 lxml==3.8.0 M2Crypto==0.26.0 Mako==1.0.3 MarkupSafe==0.23 mock==1.3.0 msgpack-python==0.4.6 ndg-httpsclient==0.4.0 ntdsxtract==1.2b0 paramiko==1.16.0 pbr==1.8.0 pefile==2016.3.28 pexpect==4.0.1 pip==8.1.1 plaso==1.4.0 protobuf==2.6.1 psutil==4.3.1 ptyprocess==0.5 pyasn1==0.2.3 pycoin==0.77 pycrypto==2.6.1 pycurl==7.43.0 PyMySQL==0.7.2 pynids==0.6.1 pyOpenSSL==0.15.1 pyparsing==2.1.5 pyserial==3.0.1 python-apt==1.1.0b1 python-dateutil==2.4.2 python-ptrace==0.9.2 python-registry==1.0.4 python-systemd==231 pytsk3==20160721 pytz==2016.6.1 PyYAML==3.11 pyzmq==15.2.0 requests==2.9.1 salt==2016.11.6 setuptools==20.7.0 simplegeneric==0.8.1 six==1.10.0 tornado==4.2.1 typing==3.6.1 unity-lens-photos==1.0 urllib3==1.13.1 virtualenv==15.0.1 wheel==0.29.0 wxPython==3.0.2.0 wxPython-common==3.0.2.0 XlsxWriter==0.9.3 yara-python==3.5.0 [DEBUG ] stderr: The directory '/home/sansforensics/.cache/pip/http' or its parent directory is not owned by the current user and the cache has been disabled. Please check the permissions and owner of that directory. If executing pip with sudo, you may want sudo's -H flag. You are using pip version 8.1.1, however version 9.0.1 is available. You should consider upgrading via the 'pip install --upgrade pip' command. [INFO ] {'pycoin==0.77': 'Installed'} [INFO ] Completed state [pycoin] at time 13:33:40.220140 duration_in_ms=5097.941 [INFO ] Running state [pysocks] at time 13:33:40.223378 [INFO ] Executing state pip.installed for pysocks [DEBUG ] Installed pip version: 8.1.1 [INFO ] Executing command '/usr/bin/pip --version' in directory '/home/sansforensics' [DEBUG ] output: pip 8.1.1 from /usr/lib/python2.7/dist-packages (python 2.7) [INFO ] Executing command ['/usr/bin/pip', 'freeze', '--all'] in directory '/home/sansforensics' [DEBUG ] stdout: adium-theme-ubuntu==0.3.4 apsw==3.8.11.1.post1 artifacts==20161022 bencode==1.0 binplist==0.1.5 CFPropertyList==0.0.1 chardet==2.3.0 colorama==0.3.9 construct==2.5.3 cryptography==1.2.3 decorator==4.0.6 dfdatetime==20161101 dfvfs==20160108 dfwinreg==20160428 distorm3==3.3.4 dpapick==0.3 dpkt==1.8 DSV==1.4.1 dumbnet==1.12 ecdsa==0.13 efilter==1!1.5 enum34==1.1.6 flowgrep==0.9 funcsigs==0.4 fuse-python==0.2.1 future==0.16.0 futures==3.0.5 hachoir-core==1.3.3 hachoir-metadata==1.3.3 hachoir-parser==1.3.4 haystack==0.42 idna==2.0 ioc-writer==0.3.3 ipaddress==1.0.16 ipython==2.4.1 Jinja2==2.8 lxml==3.8.0 M2Crypto==0.26.0 Mako==1.0.3 MarkupSafe==0.23 mock==1.3.0 msgpack-python==0.4.6 ndg-httpsclient==0.4.0 ntdsxtract==1.2b0 paramiko==1.16.0 pbr==1.8.0 pefile==2016.3.28 pexpect==4.0.1 pip==8.1.1 plaso==1.4.0 protobuf==2.6.1 psutil==4.3.1 ptyprocess==0.5 pyasn1==0.2.3 pycoin==0.77 pycrypto==2.6.1 pycurl==7.43.0 PyMySQL==0.7.2 pynids==0.6.1 pyOpenSSL==0.15.1 pyparsing==2.1.5 pyserial==3.0.1 python-apt==1.1.0b1 python-dateutil==2.4.2 python-ptrace==0.9.2 python-registry==1.0.4 python-systemd==231 pytsk3==20160721 pytz==2016.6.1 PyYAML==3.11 pyzmq==15.2.0 requests==2.9.1 salt==2016.11.6 setuptools==20.7.0 simplegeneric==0.8.1 six==1.10.0 tornado==4.2.1 typing==3.6.1 unity-lens-photos==1.0 urllib3==1.13.1 virtualenv==15.0.1 wheel==0.29.0 wxPython==3.0.2.0 wxPython-common==3.0.2.0 XlsxWriter==0.9.3 yara-python==3.5.0 [DEBUG ] stderr: The directory '/home/sansforensics/.cache/pip/http' or its parent directory is not owned by the current user and the cache has been disabled. Please check the permissions and owner of that directory. If executing pip with sudo, you may want sudo's -H flag. You are using pip version 8.1.1, however version 9.0.1 is available. You should consider upgrading via the 'pip install --upgrade pip' command. [DEBUG ] CLEANUP_REQUIREMENTS: [] [DEBUG ] TRY BLOCK: end of pip.install -- cmd: ['/usr/bin/pip', 'install', 'pysocks'], cmd_kwargs: {'runas': None, 'use_vt': False, 'saltenv': 'base'} [INFO ] Executing command ['/usr/bin/pip', 'install', 'pysocks'] in directory '/home/sansforensics' [DEBUG ] stdout: Collecting pysocks Downloading PySocks-1.6.7.tar.gz (282kB) Installing collected packages: pysocks Running setup.py install for pysocks: started Running setup.py install for pysocks: finished with status 'done' Successfully installed pysocks-1.6.7 [DEBUG ] stderr: The directory '/home/sansforensics/.cache/pip/http' or its parent directory is not owned by the current user and the cache has been disabled. Please check the permissions and owner of that directory. If executing pip with sudo, you may want sudo's -H flag. The directory '/home/sansforensics/.cache/pip' or its parent directory is not owned by the current user and caching wheels has been disabled. check the permissions and owner of that directory. If executing pip with sudo, you may want sudo's -H flag. You are using pip version 8.1.1, however version 9.0.1 is available. You should consider upgrading via the 'pip install --upgrade pip' command. [INFO ] Executing command '/usr/bin/pip --version' in directory '/home/sansforensics' [DEBUG ] output: pip 8.1.1 from /usr/lib/python2.7/dist-packages (python 2.7) [INFO ] Executing command ['/usr/bin/pip', 'freeze', '--all'] in directory '/home/sansforensics' [DEBUG ] stdout: adium-theme-ubuntu==0.3.4 apsw==3.8.11.1.post1 artifacts==20161022 bencode==1.0 binplist==0.1.5 CFPropertyList==0.0.1 chardet==2.3.0 colorama==0.3.9 construct==2.5.3 cryptography==1.2.3 decorator==4.0.6 dfdatetime==20161101 dfvfs==20160108 dfwinreg==20160428 distorm3==3.3.4 dpapick==0.3 dpkt==1.8 DSV==1.4.1 dumbnet==1.12 ecdsa==0.13 efilter==1!1.5 enum34==1.1.6 flowgrep==0.9 funcsigs==0.4 fuse-python==0.2.1 future==0.16.0 futures==3.0.5 hachoir-core==1.3.3 hachoir-metadata==1.3.3 hachoir-parser==1.3.4 haystack==0.42 idna==2.0 ioc-writer==0.3.3 ipaddress==1.0.16 ipython==2.4.1 Jinja2==2.8 lxml==3.8.0 M2Crypto==0.26.0 Mako==1.0.3 MarkupSafe==0.23 mock==1.3.0 msgpack-python==0.4.6 ndg-httpsclient==0.4.0 ntdsxtract==1.2b0 paramiko==1.16.0 pbr==1.8.0 pefile==2016.3.28 pexpect==4.0.1 pip==8.1.1 plaso==1.4.0 protobuf==2.6.1 psutil==4.3.1 ptyprocess==0.5 pyasn1==0.2.3 pycoin==0.77 pycrypto==2.6.1 pycurl==7.43.0 PyMySQL==0.7.2 pynids==0.6.1 pyOpenSSL==0.15.1 pyparsing==2.1.5 pyserial==3.0.1 PySocks==1.6.7 python-apt==1.1.0b1 python-dateutil==2.4.2 python-ptrace==0.9.2 python-registry==1.0.4 python-systemd==231 pytsk3==20160721 pytz==2016.6.1 PyYAML==3.11 pyzmq==15.2.0 requests==2.9.1 salt==2016.11.6 setuptools==20.7.0 simplegeneric==0.8.1 six==1.10.0 tornado==4.2.1 typing==3.6.1 unity-lens-photos==1.0 urllib3==1.13.1 virtualenv==15.0.1 wheel==0.29.0 wxPython==3.0.2.0 wxPython-common==3.0.2.0 XlsxWriter==0.9.3 yara-python==3.5.0 [DEBUG ] stderr: The directory '/home/sansforensics/.cache/pip/http' or its parent directory is not owned by the current user and the cache has been disabled. Please check the permissions and owner of that directory. If executing pip with sudo, you may want sudo's -H flag. You are using pip version 8.1.1, however version 9.0.1 is available. You should consider upgrading via the 'pip install --upgrade pip' command. [INFO ] {'PySocks==1.6.7': 'Installed'} [INFO ] Completed state [pysocks] at time 13:33:45.209521 duration_in_ms=4986.141 [INFO ] Running state [simplejson] at time 13:33:45.212746 [INFO ] Executing state pip.installed for simplejson [DEBUG ] Installed pip version: 8.1.1 [INFO ] Executing command '/usr/bin/pip --version' in directory '/home/sansforensics' [DEBUG ] output: pip 8.1.1 from /usr/lib/python2.7/dist-packages (python 2.7) [INFO ] Executing command ['/usr/bin/pip', 'freeze', '--all'] in directory '/home/sansforensics' [DEBUG ] stdout: adium-theme-ubuntu==0.3.4 apsw==3.8.11.1.post1 artifacts==20161022 bencode==1.0 binplist==0.1.5 CFPropertyList==0.0.1 chardet==2.3.0 colorama==0.3.9 construct==2.5.3 cryptography==1.2.3 decorator==4.0.6 dfdatetime==20161101 dfvfs==20160108 dfwinreg==20160428 distorm3==3.3.4 dpapick==0.3 dpkt==1.8 DSV==1.4.1 dumbnet==1.12 ecdsa==0.13 efilter==1!1.5 enum34==1.1.6 flowgrep==0.9 funcsigs==0.4 fuse-python==0.2.1 future==0.16.0 futures==3.0.5 hachoir-core==1.3.3 hachoir-metadata==1.3.3 hachoir-parser==1.3.4 haystack==0.42 idna==2.0 ioc-writer==0.3.3 ipaddress==1.0.16 ipython==2.4.1 Jinja2==2.8 lxml==3.8.0 M2Crypto==0.26.0 Mako==1.0.3 MarkupSafe==0.23 mock==1.3.0 msgpack-python==0.4.6 ndg-httpsclient==0.4.0 ntdsxtract==1.2b0 paramiko==1.16.0 pbr==1.8.0 pefile==2016.3.28 pexpect==4.0.1 pip==8.1.1 plaso==1.4.0 protobuf==2.6.1 psutil==4.3.1 ptyprocess==0.5 pyasn1==0.2.3 pycoin==0.77 pycrypto==2.6.1 pycurl==7.43.0 PyMySQL==0.7.2 pynids==0.6.1 pyOpenSSL==0.15.1 pyparsing==2.1.5 pyserial==3.0.1 PySocks==1.6.7 python-apt==1.1.0b1 python-dateutil==2.4.2 python-ptrace==0.9.2 python-registry==1.0.4 python-systemd==231 pytsk3==20160721 pytz==2016.6.1 PyYAML==3.11 pyzmq==15.2.0 requests==2.9.1 salt==2016.11.6 setuptools==20.7.0 simplegeneric==0.8.1 six==1.10.0 tornado==4.2.1 typing==3.6.1 unity-lens-photos==1.0 urllib3==1.13.1 virtualenv==15.0.1 wheel==0.29.0 wxPython==3.0.2.0 wxPython-common==3.0.2.0 XlsxWriter==0.9.3 yara-python==3.5.0 [DEBUG ] stderr: The directory '/home/sansforensics/.cache/pip/http' or its parent directory is not owned by the current user and the cache has been disabled. Please check the permissions and owner of that directory. If executing pip with sudo, you may want sudo's -H flag. You are using pip version 8.1.1, however version 9.0.1 is available. You should consider upgrading via the 'pip install --upgrade pip' command. [DEBUG ] CLEANUP_REQUIREMENTS: [] [DEBUG ] TRY BLOCK: end of pip.install -- cmd: ['/usr/bin/pip', 'install', '--upgrade', 'simplejson'], cmd_kwargs: {'runas': None, 'use_vt': False, 'saltenv': 'base'} [INFO ] Executing command ['/usr/bin/pip', 'install', '--upgrade', 'simplejson'] in directory '/home/sansforensics' [DEBUG ] stdout: Collecting simplejson Downloading simplejson-3.11.1.tar.gz (78kB) Installing collected packages: simplejson Running setup.py install for simplejson: started Running setup.py install for simplejson: finished with status 'done' Successfully installed simplejson-3.11.1 [DEBUG ] stderr: The directory '/home/sansforensics/.cache/pip/http' or its parent directory is not owned by the current user and the cache has been disabled. Please check the permissions and owner of that directory. If executing pip with sudo, you may want sudo's -H flag. The directory '/home/sansforensics/.cache/pip' or its parent directory is not owned by the current user and caching wheels has been disabled. check the permissions and owner of that directory. If executing pip with sudo, you may want sudo's -H flag. You are using pip version 8.1.1, however version 9.0.1 is available. You should consider upgrading via the 'pip install --upgrade pip' command. [INFO ] Executing command '/usr/bin/pip --version' in directory '/home/sansforensics' [DEBUG ] output: pip 8.1.1 from /usr/lib/python2.7/dist-packages (python 2.7) [INFO ] Executing command ['/usr/bin/pip', 'freeze', '--all'] in directory '/home/sansforensics' [DEBUG ] stdout: adium-theme-ubuntu==0.3.4 apsw==3.8.11.1.post1 artifacts==20161022 bencode==1.0 binplist==0.1.5 CFPropertyList==0.0.1 chardet==2.3.0 colorama==0.3.9 construct==2.5.3 cryptography==1.2.3 decorator==4.0.6 dfdatetime==20161101 dfvfs==20160108 dfwinreg==20160428 distorm3==3.3.4 dpapick==0.3 dpkt==1.8 DSV==1.4.1 dumbnet==1.12 ecdsa==0.13 efilter==1!1.5 enum34==1.1.6 flowgrep==0.9 funcsigs==0.4 fuse-python==0.2.1 future==0.16.0 futures==3.0.5 hachoir-core==1.3.3 hachoir-metadata==1.3.3 hachoir-parser==1.3.4 haystack==0.42 idna==2.0 ioc-writer==0.3.3 ipaddress==1.0.16 ipython==2.4.1 Jinja2==2.8 lxml==3.8.0 M2Crypto==0.26.0 Mako==1.0.3 MarkupSafe==0.23 mock==1.3.0 msgpack-python==0.4.6 ndg-httpsclient==0.4.0 ntdsxtract==1.2b0 paramiko==1.16.0 pbr==1.8.0 pefile==2016.3.28 pexpect==4.0.1 pip==8.1.1 plaso==1.4.0 protobuf==2.6.1 psutil==4.3.1 ptyprocess==0.5 pyasn1==0.2.3 pycoin==0.77 pycrypto==2.6.1 pycurl==7.43.0 PyMySQL==0.7.2 pynids==0.6.1 pyOpenSSL==0.15.1 pyparsing==2.1.5 pyserial==3.0.1 PySocks==1.6.7 python-apt==1.1.0b1 python-dateutil==2.4.2 python-ptrace==0.9.2 python-registry==1.0.4 python-systemd==231 pytsk3==20160721 pytz==2016.6.1 PyYAML==3.11 pyzmq==15.2.0 requests==2.9.1 salt==2016.11.6 setuptools==20.7.0 simplegeneric==0.8.1 simplejson==3.11.1 six==1.10.0 tornado==4.2.1 typing==3.6.1 unity-lens-photos==1.0 urllib3==1.13.1 virtualenv==15.0.1 wheel==0.29.0 wxPython==3.0.2.0 wxPython-common==3.0.2.0 XlsxWriter==0.9.3 yara-python==3.5.0 [DEBUG ] stderr: The directory '/home/sansforensics/.cache/pip/http' or its parent directory is not owned by the current user and the cache has been disabled. Please check the permissions and owner of that directory. If executing pip with sudo, you may want sudo's -H flag. You are using pip version 8.1.1, however version 9.0.1 is available. You should consider upgrading via the 'pip install --upgrade pip' command. [INFO ] {'simplejson==3.11.1': 'Installed'} [INFO ] Completed state [simplejson] at time 13:33:51.219358 duration_in_ms=6006.609 [INFO ] Running state [yara-python] at time 13:33:51.222759 [INFO ] Executing state pip.installed for yara-python [DEBUG ] Installed pip version: 8.1.1 [INFO ] Executing command '/usr/bin/pip --version' in directory '/home/sansforensics' [DEBUG ] output: pip 8.1.1 from /usr/lib/python2.7/dist-packages (python 2.7) [INFO ] Executing command ['/usr/bin/pip', 'freeze', '--all'] in directory '/home/sansforensics' [DEBUG ] stdout: adium-theme-ubuntu==0.3.4 apsw==3.8.11.1.post1 artifacts==20161022 bencode==1.0 binplist==0.1.5 CFPropertyList==0.0.1 chardet==2.3.0 colorama==0.3.9 construct==2.5.3 cryptography==1.2.3 decorator==4.0.6 dfdatetime==20161101 dfvfs==20160108 dfwinreg==20160428 distorm3==3.3.4 dpapick==0.3 dpkt==1.8 DSV==1.4.1 dumbnet==1.12 ecdsa==0.13 efilter==1!1.5 enum34==1.1.6 flowgrep==0.9 funcsigs==0.4 fuse-python==0.2.1 future==0.16.0 futures==3.0.5 hachoir-core==1.3.3 hachoir-metadata==1.3.3 hachoir-parser==1.3.4 haystack==0.42 idna==2.0 ioc-writer==0.3.3 ipaddress==1.0.16 ipython==2.4.1 Jinja2==2.8 lxml==3.8.0 M2Crypto==0.26.0 Mako==1.0.3 MarkupSafe==0.23 mock==1.3.0 msgpack-python==0.4.6 ndg-httpsclient==0.4.0 ntdsxtract==1.2b0 paramiko==1.16.0 pbr==1.8.0 pefile==2016.3.28 pexpect==4.0.1 pip==8.1.1 plaso==1.4.0 protobuf==2.6.1 psutil==4.3.1 ptyprocess==0.5 pyasn1==0.2.3 pycoin==0.77 pycrypto==2.6.1 pycurl==7.43.0 PyMySQL==0.7.2 pynids==0.6.1 pyOpenSSL==0.15.1 pyparsing==2.1.5 pyserial==3.0.1 PySocks==1.6.7 python-apt==1.1.0b1 python-dateutil==2.4.2 python-ptrace==0.9.2 python-registry==1.0.4 python-systemd==231 pytsk3==20160721 pytz==2016.6.1 PyYAML==3.11 pyzmq==15.2.0 requests==2.9.1 salt==2016.11.6 setuptools==20.7.0 simplegeneric==0.8.1 simplejson==3.11.1 six==1.10.0 tornado==4.2.1 typing==3.6.1 unity-lens-photos==1.0 urllib3==1.13.1 virtualenv==15.0.1 wheel==0.29.0 wxPython==3.0.2.0 wxPython-common==3.0.2.0 XlsxWriter==0.9.3 yara-python==3.5.0 [DEBUG ] stderr: The directory '/home/sansforensics/.cache/pip/http' or its parent directory is not owned by the current user and the cache has been disabled. Please check the permissions and owner of that directory. If executing pip with sudo, you may want sudo's -H flag. You are using pip version 8.1.1, however version 9.0.1 is available. You should consider upgrading via the 'pip install --upgrade pip' command. [DEBUG ] CLEANUP_REQUIREMENTS: [] [DEBUG ] TRY BLOCK: end of pip.install -- cmd: ['/usr/bin/pip', 'install', '--upgrade', 'yara-python'], cmd_kwargs: {'runas': None, 'use_vt': False, 'saltenv': 'base'} [INFO ] Executing command ['/usr/bin/pip', 'install', '--upgrade', 'yara-python'] in directory '/home/sansforensics' [DEBUG ] stdout: Collecting yara-python Downloading yara-python-3.6.3.tar.gz (301kB) Installing collected packages: yara-python Found existing installation: yara-python 3.5.0 Not uninstalling yara-python at /usr/lib/python2.7/dist-packages, outside environment /usr Running setup.py install for yara-python: started Running setup.py install for yara-python: finished with status 'done' Successfully installed yara-python-3.6.3 [DEBUG ] stderr: The directory '/home/sansforensics/.cache/pip/http' or its parent directory is not owned by the current user and the cache has been disabled. Please check the permissions and owner of that directory. If executing pip with sudo, you may want sudo's -H flag. The directory '/home/sansforensics/.cache/pip' or its parent directory is not owned by the current user and caching wheels has been disabled. check the permissions and owner of that directory. If executing pip with sudo, you may want sudo's -H flag. You are using pip version 8.1.1, however version 9.0.1 is available. You should consider upgrading via the 'pip install --upgrade pip' command. [INFO ] Executing command '/usr/bin/pip --version' in directory '/home/sansforensics' [DEBUG ] output: pip 8.1.1 from /usr/lib/python2.7/dist-packages (python 2.7) [INFO ] Executing command ['/usr/bin/pip', 'freeze', '--all'] in directory '/home/sansforensics' [DEBUG ] stdout: adium-theme-ubuntu==0.3.4 apsw==3.8.11.1.post1 artifacts==20161022 bencode==1.0 binplist==0.1.5 CFPropertyList==0.0.1 chardet==2.3.0 colorama==0.3.9 construct==2.5.3 cryptography==1.2.3 decorator==4.0.6 dfdatetime==20161101 dfvfs==20160108 dfwinreg==20160428 distorm3==3.3.4 dpapick==0.3 dpkt==1.8 DSV==1.4.1 dumbnet==1.12 ecdsa==0.13 efilter==1!1.5 enum34==1.1.6 flowgrep==0.9 funcsigs==0.4 fuse-python==0.2.1 future==0.16.0 futures==3.0.5 hachoir-core==1.3.3 hachoir-metadata==1.3.3 hachoir-parser==1.3.4 haystack==0.42 idna==2.0 ioc-writer==0.3.3 ipaddress==1.0.16 ipython==2.4.1 Jinja2==2.8 lxml==3.8.0 M2Crypto==0.26.0 Mako==1.0.3 MarkupSafe==0.23 mock==1.3.0 msgpack-python==0.4.6 ndg-httpsclient==0.4.0 ntdsxtract==1.2b0 paramiko==1.16.0 pbr==1.8.0 pefile==2016.3.28 pexpect==4.0.1 pip==8.1.1 plaso==1.4.0 protobuf==2.6.1 psutil==4.3.1 ptyprocess==0.5 pyasn1==0.2.3 pycoin==0.77 pycrypto==2.6.1 pycurl==7.43.0 PyMySQL==0.7.2 pynids==0.6.1 pyOpenSSL==0.15.1 pyparsing==2.1.5 pyserial==3.0.1 PySocks==1.6.7 python-apt==1.1.0b1 python-dateutil==2.4.2 python-ptrace==0.9.2 python-registry==1.0.4 python-systemd==231 pytsk3==20160721 pytz==2016.6.1 PyYAML==3.11 pyzmq==15.2.0 requests==2.9.1 salt==2016.11.6 setuptools==20.7.0 simplegeneric==0.8.1 simplejson==3.11.1 six==1.10.0 tornado==4.2.1 typing==3.6.1 unity-lens-photos==1.0 urllib3==1.13.1 virtualenv==15.0.1 wheel==0.29.0 wxPython==3.0.2.0 wxPython-common==3.0.2.0 XlsxWriter==0.9.3 yara-python==3.6.3 [DEBUG ] stderr: The directory '/home/sansforensics/.cache/pip/http' or its parent directory is not owned by the current user and the cache has been disabled. Please check the permissions and owner of that directory. If executing pip with sudo, you may want sudo's -H flag. You are using pip version 8.1.1, however version 9.0.1 is available. You should consider upgrading via the 'pip install --upgrade pip' command. [INFO ] {'yara-python==3.6.3': 'Installed'} [INFO ] Completed state [yara-python] at time 13:34:05.243651 duration_in_ms=14020.891 [DEBUG ] LazyLoaded pkg.installed [INFO ] Running state [python-volatility] at time 13:34:05.247843 [INFO ] Executing state pkg.installed for python-volatility [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. [DEBUG ] Could not LazyLoad pkg.check_db: 'pkg.check_db' is not available. [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. [INFO ] Executing command ['dpkg', '--get-selections', '*'] in directory '/home/sansforensics' [INFO ] Executing command ['systemd-run', '--scope', 'apt-get', '-q', '-y', '-o', 'DPkg::Options::=--force-confold', '-o', 'DPkg::Options::=--force-confdef', 'install', 'python-volatility'] in directory '/home/sansforensics' [INFO ] Executing command ['dpkg-query', '--showformat', '${Status} ${Package} ${Version} ${Architecture}\n', '-W'] in directory '/home/sansforensics' [INFO ] Made the following changes: 'python-volatility' changed from 'absent' to '2.6-1-xenial1' [DEBUG ] Refreshing modules... [INFO ] Loading fresh modules for state activity [DEBUG ] LazyLoaded jinja.render [DEBUG ] LazyLoaded yaml.render [INFO ] Completed state [python-volatility] at time 13:34:14.079905 duration_in_ms=8832.061 [DEBUG ] LazyLoaded config.option [DEBUG ] LazyLoaded git.version [DEBUG ] LazyLoaded cmd.run_all [INFO ] Executing command ['git', '--version'] in directory '/home/sansforensics' [DEBUG ] stdout: git version 2.7.4 [DEBUG ] LazyLoaded git.latest [INFO ] Running state [https://github.com/volatilityfoundation/community.git] at time 13:34:14.126920 [INFO ] Executing state git.latest for https://github.com/volatilityfoundation/community.git [INFO ] Checking remote revision for https://github.com/volatilityfoundation/community.git [INFO ] Executing command ['git', 'ls-remote', 'https://github.com/volatilityfoundation/community.git'] as user 'root' in directory '/root' mesg: ttyname failed: Inappropriate ioctl for device [DEBUG ] stdout: acc431996b068ebbad79e19b730ddbf3b14d6221 HEAD acc431996b068ebbad79e19b730ddbf3b14d6221 refs/heads/master 8c3145a0496dc4d8ae8a38bd36c718635e386de5 refs/pull/10/head f704f6999558d50efaf2589bdd03fc2d32d34136 refs/pull/11/head e08c850b89d5c46ac57a0a512d844780dc47202b refs/pull/12/head da77fc84e70d954d94116da442b618d6fe08c7e9 refs/pull/13/head ff8ca45598f6246673146a60daf5eadb37abd390 refs/pull/14/head 62240b448964403f5f4767147991ce60bd6f5604 refs/pull/16/head 4c2abbce94761af552ff3a7b21b37f3b3c5551a5 refs/pull/16/merge 3b9413fbf84ed1b0931e1a2a22e291c281cf8aa2 refs/pull/19/head c7f20e4c58a87eae880179a3941280360fad116d refs/pull/2/head f4b9284d65b9962626de3ce427e7ebeed9cde60c refs/pull/3/head b4a46942136136d5d9affc0d38c3eb9425162b04 refs/pull/4/head d42692f7996b7f90c1d1e5ba403bd1015f169e34 refs/pull/5/head 464b8190e1643109e11797312240f0c1908e8f96 refs/pull/6/head e8b569c5bec6f0236bf7de1516f408762feb3c42 refs/pull/7/head 2351c96d03ff0c0926d85f704e0b7b741b6c63c2 refs/pull/8/head 4e3d368948927f975762c454daa449fbc533ea5e refs/pull/9/head [INFO ] Executing command ['git', 'rev-parse', '--show-toplevel'] as user 'root' in directory '/usr/lib/python2.7/dist-packages/volatility/plugins/community' mesg: ttyname failed: Inappropriate ioctl for device [DEBUG ] Target /usr/lib/python2.7/dist-packages/volatility/plugins/community is not found, 'git clone' is required [INFO ] Executing command ['git', 'clone', '--', 'https://github.com/volatilityfoundation/community.git', '/usr/lib/python2.7/dist-packages/volatility/plugins/community'] as user 'root' in directory '/tmp' mesg: ttyname failed: Inappropriate ioctl for device [DEBUG ] stderr: Cloning into '/usr/lib/python2.7/dist-packages/volatility/plugins/community'... [INFO ] Checking local revision for /usr/lib/python2.7/dist-packages/volatility/plugins/community [INFO ] Executing command ['git', 'rev-parse', 'HEAD'] as user 'root' in directory '/usr/lib/python2.7/dist-packages/volatility/plugins/community' mesg: ttyname failed: Inappropriate ioctl for device [DEBUG ] stdout: acc431996b068ebbad79e19b730ddbf3b14d6221 [INFO ] Checking local branch for /usr/lib/python2.7/dist-packages/volatility/plugins/community [INFO ] Executing command ['git', 'rev-parse', '--abbrev-ref', 'HEAD'] as user 'root' in directory '/usr/lib/python2.7/dist-packages/volatility/plugins/community' mesg: ttyname failed: Inappropriate ioctl for device [DEBUG ] stdout: master [INFO ] Executing command ['git', 'rev-parse', '--abbrev-ref', 'master@{upstream}'] as user 'root' in directory '/usr/lib/python2.7/dist-packages/volatility/plugins/community' mesg: ttyname failed: Inappropriate ioctl for device [DEBUG ] stdout: origin/master [INFO ] Executing command ['git', 'rev-parse', 'HEAD'] as user 'root' in directory '/usr/lib/python2.7/dist-packages/volatility/plugins/community' mesg: ttyname failed: Inappropriate ioctl for device [DEBUG ] stdout: acc431996b068ebbad79e19b730ddbf3b14d6221 [INFO ] https://github.com/volatilityfoundation/community.git cloned to /usr/lib/python2.7/dist-packages/volatility/plugins/community [INFO ] {'new': 'https://github.com/volatilityfoundation/community.git => /usr/lib/python2.7/dist-packages/volatility/plugins/community', 'revision': {'new': 'acc431996b068ebbad79e19b730ddbf3b14d6221', 'old': None}} [INFO ] Completed state [https://github.com/volatilityfoundation/community.git] at time 13:34:17.565570 duration_in_ms=3438.644 [DEBUG ] LazyLoaded file.absent [DEBUG ] LazyLoaded composer.install [DEBUG ] Module DSC: Only available on Windows systems [DEBUG ] Module PSGet: Only available on Windows systems [DEBUG ] Could not LazyLoad cyg.list: 'cyg' __virtual__ returned False: Module cyg: module only works on Windows systems. [DEBUG ] LazyLoaded postgres.datadir_init [DEBUG ] LazyLoaded postgres.privileges_grant [DEBUG ] LazyLoaded postgres.create_extension [DEBUG ] LazyLoaded zabbix.host_create [DEBUG ] LazyLoaded dockerng.version [DEBUG ] LazyLoaded win_dns_client.add_dns [DEBUG ] LazyLoaded rdp.enable [DEBUG ] LazyLoaded boto_iam.get_user [DEBUG ] LazyLoaded makeconf.get_var [DEBUG ] LazyLoaded boto_sns.exists [DEBUG ] LazyLoaded memcached.status [DEBUG ] Could not LazyLoad docker.version: 'docker.version' is not available. [DEBUG ] Could not LazyLoad influxdb.db_exists: 'influxdb.db_exists' is not available. [DEBUG ] LazyLoaded win_dacl.add_ace [DEBUG ] Could not LazyLoad influxdb08.db_exists: 'influxdb08.db_exists' is not available. [DEBUG ] LazyLoaded boto_rds.exists [DEBUG ] LazyLoaded kapacitor.version [DEBUG ] LazyLoaded boto_elasticsearch_domain.exists [DEBUG ] LazyLoaded boto_lambda.function_exists [DEBUG ] LazyLoaded boto_asg.exists [DEBUG ] LazyLoaded chocolatey.install [DEBUG ] LazyLoaded quota.report [DEBUG ] LazyLoaded boto_datapipeline.create_pipeline [DEBUG ] LazyLoaded tomcat.status [DEBUG ] LazyLoaded splunk.list_users [DEBUG ] LazyLoaded bower.list [DEBUG ] LazyLoaded boto_vpc.exists [DEBUG ] Could not LazyLoad influxdb08.db_exists: 'influxdb08.db_exists' is not available. [DEBUG ] LazyLoaded postgres.group_create [DEBUG ] LazyLoaded boto_elb.exists [DEBUG ] LazyLoaded zk_concurrency.lock [DEBUG ] LazyLoaded win_snmp.get_agent_settings [DEBUG ] LazyLoaded boto_secgroup.exists [DEBUG ] LazyLoaded zabbix.user_create [DEBUG ] LazyLoaded xmpp.send_msg [DEBUG ] LazyLoaded zabbix.usergroup_create [DEBUG ] LazyLoaded postgres.language_create [DEBUG ] LazyLoaded npm.list [DEBUG ] LazyLoaded splunk_search.get [DEBUG ] LazyLoaded portage_config.get_missing_flags [DEBUG ] LazyLoaded openvswitch.bridge_create [DEBUG ] LazyLoaded win_iis.create_site [DEBUG ] LazyLoaded boto_s3_bucket.exists [DEBUG ] Could not LazyLoad lgpo.set: 'lgpo.set' is not available. [DEBUG ] LazyLoaded postgres.schema_exists [DEBUG ] LazyLoaded boto_dynamodb.exists [DEBUG ] LazyLoaded boto_cloudwatch.get_alarm [DEBUG ] LazyLoaded snapper.diff [DEBUG ] Could not LazyLoad augeas.execute: 'augeas.execute' is not available. [DEBUG ] Could not LazyLoad influxdb.db_exists: 'influxdb.db_exists' is not available. [DEBUG ] LazyLoaded nftables.version [DEBUG ] LazyLoaded github.list_users [DEBUG ] LazyLoaded boto_asg.exists [DEBUG ] LazyLoaded boto_cfn.exists [DEBUG ] LazyLoaded boto_elasticache.exists [DEBUG ] LazyLoaded stormpath.create_account [DEBUG ] LazyLoaded boto_cognitoidentity.describe_identity_pools [DEBUG ] LazyLoaded win_pki.get_stores [DEBUG ] Could not LazyLoad vmadm.create: 'vmadm.create' is not available. [DEBUG ] LazyLoaded keystone.auth [DEBUG ] LazyLoaded pecl.list [DEBUG ] LazyLoaded ifttt.trigger_event [DEBUG ] LazyLoaded boto_iam.role_exists [DEBUG ] LazyLoaded win_path.rehash [DEBUG ] LazyLoaded win_servermanager.install [DEBUG ] LazyLoaded chassis.cmd [DEBUG ] LazyLoaded layman.add [DEBUG ] Could not LazyLoad firewall.get_config: 'firewall.get_config' is not available. [DEBUG ] LazyLoaded mongodb.user_exists [DEBUG ] LazyLoaded monit.summary [DEBUG ] LazyLoaded postgres.user_exists [DEBUG ] LazyLoaded trafficserver.set_config [DEBUG ] LazyLoaded chef.client [DEBUG ] LazyLoaded acme.cert [DEBUG ] LazyLoaded boto_sqs.exists [DEBUG ] LazyLoaded boto_route53.get_record [DEBUG ] LazyLoaded eselect.exec_action [DEBUG ] LazyLoaded virt.node_info [DEBUG ] LazyLoaded boto_kms.describe_key [DEBUG ] Could not LazyLoad elasticsearch.exists: 'elasticsearch.exists' is not available. [DEBUG ] LazyLoaded postgres.cluster_exists [DEBUG ] LazyLoaded lvs.get_rules [DEBUG ] LazyLoaded at.at [DEBUG ] LazyLoaded boto_cloudtrail.exists [DEBUG ] LazyLoaded victorops.create_event [DEBUG ] LazyLoaded postgres.user_exists [DEBUG ] Could not LazyLoad redis.set_key: 'redis.set_key' is not available. [DEBUG ] LazyLoaded boto_ec2.get_key [DEBUG ] LazyLoaded ddns.update [DEBUG ] LazyLoaded zabbix.hostgroup_create [DEBUG ] LazyLoaded boto_iot.policy_exists [DEBUG ] LazyLoaded boto_cloudwatch_event.exists [DEBUG ] LazyLoaded esxi.cmd [DEBUG ] LazyLoaded win_smtp_server.get_server_setting [DEBUG ] LazyLoaded reg.read_value [DEBUG ] LazyLoaded zpool.create [DEBUG ] LazyLoaded openvswitch.port_add [DEBUG ] LazyLoaded lvs.get_rules [DEBUG ] LazyLoaded boto_apigateway.describe_apis [DEBUG ] LazyLoaded glusterfs.list_volumes [DEBUG ] LazyLoaded postgres.tablespace_exists [DEBUG ] LazyLoaded ipset.version [DEBUG ] LazyLoaded cisconso.set_data_value [DEBUG ] LazyLoaded selinux.getenforce [DEBUG ] LazyLoaded nxos.cmd [DEBUG ] Could not LazyLoad file.mod_watch: 'file.mod_watch' is not available. [INFO ] Running state [/usr/lib/python2.7/dist-packages/volatility/plugins/community/AlexanderTarasenko] at time 13:34:18.226656 [INFO ] Executing state file.absent for /usr/lib/python2.7/dist-packages/volatility/plugins/community/AlexanderTarasenko [INFO ] {'removed': '/usr/lib/python2.7/dist-packages/volatility/plugins/community/AlexanderTarasenko'} [INFO ] Completed state [/usr/lib/python2.7/dist-packages/volatility/plugins/community/AlexanderTarasenko] at time 13:34:18.227373 duration_in_ms=0.716 [DEBUG ] Could not LazyLoad file.mod_watch: 'file.mod_watch' is not available. [INFO ] Running state [/usr/lib/python2.7/dist-packages/volatility/plugins/community/MarcinUlikowski] at time 13:34:18.232151 [INFO ] Executing state file.absent for /usr/lib/python2.7/dist-packages/volatility/plugins/community/MarcinUlikowski [INFO ] {'removed': '/usr/lib/python2.7/dist-packages/volatility/plugins/community/MarcinUlikowski'} [INFO ] Completed state [/usr/lib/python2.7/dist-packages/volatility/plugins/community/MarcinUlikowski] at time 13:34:18.232747 duration_in_ms=0.596 [DEBUG ] Could not LazyLoad file.mod_watch: 'file.mod_watch' is not available. [INFO ] Running state [/usr/lib/python2.7/dist-packages/volatility/plugins/community/TyperHalfpop] at time 13:34:18.237403 [INFO ] Executing state file.absent for /usr/lib/python2.7/dist-packages/volatility/plugins/community/TyperHalfpop [INFO ] {'removed': '/usr/lib/python2.7/dist-packages/volatility/plugins/community/TyperHalfpop'} [INFO ] Completed state [/usr/lib/python2.7/dist-packages/volatility/plugins/community/TyperHalfpop] at time 13:34:18.238035 duration_in_ms=0.632 [INFO ] Running state [find /usr/lib/python2.7/dist-packages/volatility/plugins/community/ -name "Lo*cJaquemet" -exec rm -rf {} \;] at time 13:34:18.240461 [INFO ] Executing state cmd.run for find /usr/lib/python2.7/dist-packages/volatility/plugins/community/ -name "Lo*cJaquemet" -exec rm -rf {} \; [INFO ] Executing command 'find /usr/lib/python2.7/dist-packages/volatility/plugins/community/ -name "Lo*cJaquemet" -exec rm -rf {} \;' in directory '/home/sansforensics' [ERROR ] Command 'find /usr/lib/python2.7/dist-packages/volatility/plugins/community/ -name "Lo*cJaquemet" -exec rm -rf {} \;' failed with return code: 1 [ERROR ] stderr: find: '/usr/lib/python2.7/dist-packages/volatility/plugins/community/Lo\303\257cJaquemet': No such file or directory [ERROR ] retcode: 1 [ERROR ] {'pid': 106579, 'retcode': 1, 'stderr': "find: '/usr/lib/python2.7/dist-packages/volatility/plugins/community/Lo\\303\\257cJaquemet': No such file or directory", 'stdout': ''} [INFO ] Completed state [find /usr/lib/python2.7/dist-packages/volatility/plugins/community/ -name "Lo*cJaquemet" -exec rm -rf {} \;] at time 13:34:18.264135 duration_in_ms=23.673 [DEBUG ] Could not LazyLoad file.mod_watch: 'file.mod_watch' is not available. [INFO ] Running state [/usr/lib/python2.7/dist-packages/volatility/plugins/sift/] at time 13:34:18.269999 [INFO ] Executing state file.recurse for /usr/lib/python2.7/dist-packages/volatility/plugins/sift/ [DEBUG ] In saltenv 'base', looking at rel_path 'sift/files/volatility/__init__.py' to resolve 'salt://sift/files/volatility/__init__.py' [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/files/volatility/__init__.py' to resolve 'salt://sift/files/volatility/__init__.py' [DEBUG ] Fetching file from saltenv 'base', ** attempting ** 'salt://sift/files/volatility/__init__.py' [DEBUG ] No dest file found [DEBUG ] In saltenv 'base', we are ** missing ** the file 'sift/files/volatility/__init__.py' [DEBUG ] In saltenv 'base', looking at rel_path 'sift/files/volatility/pstotal.py' to resolve 'salt://sift/files/volatility/pstotal.py' [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/files/volatility/pstotal.py' to resolve 'salt://sift/files/volatility/pstotal.py' [DEBUG ] Fetching file from saltenv 'base', ** attempting ** 'salt://sift/files/volatility/pstotal.py' [DEBUG ] No dest file found [INFO ] Fetching file from saltenv 'base', ** done ** 'sift/files/volatility/pstotal.py' [DEBUG ] In saltenv 'base', looking at rel_path 'sift/files/volatility/sqlite_help.py' to resolve 'salt://sift/files/volatility/sqlite_help.py' [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/files/volatility/sqlite_help.py' to resolve 'salt://sift/files/volatility/sqlite_help.py' [DEBUG ] Fetching file from saltenv 'base', ** attempting ** 'salt://sift/files/volatility/sqlite_help.py' [DEBUG ] No dest file found [INFO ] Fetching file from saltenv 'base', ** done ** 'sift/files/volatility/sqlite_help.py' [INFO ] {u'/usr/lib/python2.7/dist-packages/volatility/plugins/sift/__init__.py': {'diff': 'New file', 'mode': '0644'}, u'/usr/lib/python2.7/dist-packages/volatility/plugins/sift/sqlite_help.py': {'diff': 'New file', 'mode': '0644'}, u'/usr/lib/python2.7/dist-packages/volatility/plugins/sift/pstotal.py': {'diff': 'New file', 'mode': '0644'}} [DEBUG ] Refreshing modules... [INFO ] Loading fresh modules for state activity [DEBUG ] LazyLoaded jinja.render [DEBUG ] LazyLoaded yaml.render [INFO ] Completed state [/usr/lib/python2.7/dist-packages/volatility/plugins/sift/] at time 13:34:18.374795 duration_in_ms=104.795 [DEBUG ] LazyLoaded config.option [DEBUG ] LazyLoaded file.absent [DEBUG ] LazyLoaded composer.install [DEBUG ] Module DSC: Only available on Windows systems [DEBUG ] Module PSGet: Only available on Windows systems [DEBUG ] Could not LazyLoad cyg.list: 'cyg' __virtual__ returned False: Module cyg: module only works on Windows systems. [DEBUG ] LazyLoaded postgres.datadir_init [DEBUG ] LazyLoaded postgres.privileges_grant [DEBUG ] LazyLoaded postgres.create_extension [DEBUG ] LazyLoaded zabbix.host_create [DEBUG ] LazyLoaded dockerng.version [DEBUG ] LazyLoaded win_dns_client.add_dns [DEBUG ] LazyLoaded rdp.enable [DEBUG ] LazyLoaded boto_iam.get_user [DEBUG ] LazyLoaded makeconf.get_var [DEBUG ] LazyLoaded boto_sns.exists [DEBUG ] LazyLoaded memcached.status [DEBUG ] Could not LazyLoad docker.version: 'docker.version' is not available. [DEBUG ] Could not LazyLoad influxdb.db_exists: 'influxdb.db_exists' is not available. [DEBUG ] LazyLoaded win_dacl.add_ace [DEBUG ] Could not LazyLoad influxdb08.db_exists: 'influxdb08.db_exists' is not available. [DEBUG ] LazyLoaded boto_rds.exists [DEBUG ] LazyLoaded kapacitor.version [DEBUG ] LazyLoaded boto_elasticsearch_domain.exists [DEBUG ] LazyLoaded boto_lambda.function_exists [DEBUG ] LazyLoaded boto_asg.exists [DEBUG ] LazyLoaded chocolatey.install [DEBUG ] LazyLoaded quota.report [DEBUG ] LazyLoaded boto_datapipeline.create_pipeline [DEBUG ] LazyLoaded tomcat.status [DEBUG ] LazyLoaded splunk.list_users [DEBUG ] LazyLoaded bower.list [DEBUG ] LazyLoaded boto_vpc.exists [DEBUG ] Could not LazyLoad influxdb08.db_exists: 'influxdb08.db_exists' is not available. [DEBUG ] LazyLoaded postgres.group_create [DEBUG ] LazyLoaded boto_elb.exists [DEBUG ] LazyLoaded zk_concurrency.lock [DEBUG ] LazyLoaded win_snmp.get_agent_settings [DEBUG ] LazyLoaded boto_secgroup.exists [DEBUG ] LazyLoaded zabbix.user_create [DEBUG ] LazyLoaded xmpp.send_msg [DEBUG ] LazyLoaded zabbix.usergroup_create [DEBUG ] LazyLoaded postgres.language_create [DEBUG ] LazyLoaded npm.list [DEBUG ] LazyLoaded splunk_search.get [DEBUG ] LazyLoaded portage_config.get_missing_flags [DEBUG ] LazyLoaded openvswitch.bridge_create [DEBUG ] LazyLoaded win_iis.create_site [DEBUG ] LazyLoaded boto_s3_bucket.exists [DEBUG ] Could not LazyLoad lgpo.set: 'lgpo.set' is not available. [DEBUG ] LazyLoaded postgres.schema_exists [DEBUG ] LazyLoaded boto_dynamodb.exists [DEBUG ] LazyLoaded boto_cloudwatch.get_alarm [DEBUG ] LazyLoaded snapper.diff [DEBUG ] Could not LazyLoad augeas.execute: 'augeas.execute' is not available. [DEBUG ] Could not LazyLoad influxdb.db_exists: 'influxdb.db_exists' is not available. [DEBUG ] LazyLoaded nftables.version [DEBUG ] LazyLoaded github.list_users [DEBUG ] LazyLoaded boto_asg.exists [DEBUG ] LazyLoaded boto_cfn.exists [DEBUG ] LazyLoaded boto_elasticache.exists [DEBUG ] LazyLoaded stormpath.create_account [DEBUG ] LazyLoaded boto_cognitoidentity.describe_identity_pools [DEBUG ] LazyLoaded win_pki.get_stores [DEBUG ] Could not LazyLoad vmadm.create: 'vmadm.create' is not available. [DEBUG ] LazyLoaded keystone.auth [DEBUG ] LazyLoaded pecl.list [DEBUG ] LazyLoaded ifttt.trigger_event [DEBUG ] LazyLoaded boto_iam.role_exists [DEBUG ] LazyLoaded win_path.rehash [DEBUG ] LazyLoaded win_servermanager.install [DEBUG ] LazyLoaded chassis.cmd [DEBUG ] LazyLoaded layman.add [DEBUG ] Could not LazyLoad firewall.get_config: 'firewall.get_config' is not available. [DEBUG ] LazyLoaded mongodb.user_exists [DEBUG ] LazyLoaded monit.summary [DEBUG ] LazyLoaded postgres.user_exists [DEBUG ] LazyLoaded trafficserver.set_config [DEBUG ] LazyLoaded chef.client [DEBUG ] LazyLoaded acme.cert [DEBUG ] LazyLoaded boto_sqs.exists [DEBUG ] LazyLoaded boto_route53.get_record [DEBUG ] LazyLoaded eselect.exec_action [DEBUG ] LazyLoaded virt.node_info [DEBUG ] LazyLoaded boto_kms.describe_key [DEBUG ] Could not LazyLoad elasticsearch.exists: 'elasticsearch.exists' is not available. [DEBUG ] LazyLoaded postgres.cluster_exists [DEBUG ] LazyLoaded lvs.get_rules [DEBUG ] LazyLoaded at.at [DEBUG ] LazyLoaded boto_cloudtrail.exists [DEBUG ] LazyLoaded victorops.create_event [DEBUG ] LazyLoaded postgres.user_exists [DEBUG ] Could not LazyLoad redis.set_key: 'redis.set_key' is not available. [DEBUG ] LazyLoaded boto_ec2.get_key [DEBUG ] LazyLoaded ddns.update [DEBUG ] LazyLoaded zabbix.hostgroup_create [DEBUG ] LazyLoaded boto_iot.policy_exists [DEBUG ] LazyLoaded boto_cloudwatch_event.exists [DEBUG ] LazyLoaded esxi.cmd [DEBUG ] LazyLoaded win_smtp_server.get_server_setting [DEBUG ] LazyLoaded reg.read_value [DEBUG ] LazyLoaded zpool.create [DEBUG ] LazyLoaded openvswitch.port_add [DEBUG ] LazyLoaded lvs.get_rules [DEBUG ] LazyLoaded boto_apigateway.describe_apis [DEBUG ] LazyLoaded glusterfs.list_volumes [DEBUG ] LazyLoaded postgres.tablespace_exists [DEBUG ] LazyLoaded ipset.version [DEBUG ] LazyLoaded cisconso.set_data_value [DEBUG ] LazyLoaded selinux.getenforce [DEBUG ] LazyLoaded nxos.cmd [DEBUG ] Could not LazyLoad file.mod_watch: 'file.mod_watch' is not available. [INFO ] Running state [/usr/lib/python2.7/dist-packages/volatility/plugins/malprocfind.py] at time 13:34:18.763034 [INFO ] Executing state file.absent for /usr/lib/python2.7/dist-packages/volatility/plugins/malprocfind.py [INFO ] File /usr/lib/python2.7/dist-packages/volatility/plugins/malprocfind.py is not present [INFO ] Completed state [/usr/lib/python2.7/dist-packages/volatility/plugins/malprocfind.py] at time 13:34:18.763588 duration_in_ms=0.555 [DEBUG ] Could not LazyLoad file.mod_watch: 'file.mod_watch' is not available. [INFO ] Running state [/usr/lib/python2.7/dist-packages/volatility/plugins/idxparser.py] at time 13:34:18.768266 [INFO ] Executing state file.absent for /usr/lib/python2.7/dist-packages/volatility/plugins/idxparser.py [INFO ] File /usr/lib/python2.7/dist-packages/volatility/plugins/idxparser.py is not present [INFO ] Completed state [/usr/lib/python2.7/dist-packages/volatility/plugins/idxparser.py] at time 13:34:18.768696 duration_in_ms=0.431 [DEBUG ] Could not LazyLoad file.mod_watch: 'file.mod_watch' is not available. [INFO ] Running state [/usr/lib/python2.7/dist-packages/volatility/plugins/chromehistory.py] at time 13:34:18.773120 [INFO ] Executing state file.absent for /usr/lib/python2.7/dist-packages/volatility/plugins/chromehistory.py [INFO ] File /usr/lib/python2.7/dist-packages/volatility/plugins/chromehistory.py is not present [INFO ] Completed state [/usr/lib/python2.7/dist-packages/volatility/plugins/chromehistory.py] at time 13:34:18.773565 duration_in_ms=0.445 [DEBUG ] Could not LazyLoad file.mod_watch: 'file.mod_watch' is not available. [INFO ] Running state [/usr/lib/python2.7/dist-packages/volatility/plugins/mimikatz.py] at time 13:34:18.778442 [INFO ] Executing state file.absent for /usr/lib/python2.7/dist-packages/volatility/plugins/mimikatz.py [INFO ] File /usr/lib/python2.7/dist-packages/volatility/plugins/mimikatz.py is not present [INFO ] Completed state [/usr/lib/python2.7/dist-packages/volatility/plugins/mimikatz.py] at time 13:34:18.779018 duration_in_ms=0.576 [DEBUG ] Could not LazyLoad file.mod_watch: 'file.mod_watch' is not available. [INFO ] Running state [/usr/lib/python2.7/dist-packages/volatility/plugins/openioc_scan.py] at time 13:34:18.783777 [INFO ] Executing state file.absent for /usr/lib/python2.7/dist-packages/volatility/plugins/openioc_scan.py [INFO ] File /usr/lib/python2.7/dist-packages/volatility/plugins/openioc_scan.py is not present [INFO ] Completed state [/usr/lib/python2.7/dist-packages/volatility/plugins/openioc_scan.py] at time 13:34:18.784220 duration_in_ms=0.443 [DEBUG ] Could not LazyLoad file.mod_watch: 'file.mod_watch' is not available. [INFO ] Running state [/usr/lib/python2.7/dist-packages/volatility/plugins/pstotal.py] at time 13:34:18.788575 [INFO ] Executing state file.absent for /usr/lib/python2.7/dist-packages/volatility/plugins/pstotal.py [INFO ] File /usr/lib/python2.7/dist-packages/volatility/plugins/pstotal.py is not present [INFO ] Completed state [/usr/lib/python2.7/dist-packages/volatility/plugins/pstotal.py] at time 13:34:18.789012 duration_in_ms=0.437 [DEBUG ] Could not LazyLoad file.mod_watch: 'file.mod_watch' is not available. [INFO ] Running state [/usr/lib/python2.7/dist-packages/volatility/plugins/firefoxhistory.py] at time 13:34:18.794146 [INFO ] Executing state file.absent for /usr/lib/python2.7/dist-packages/volatility/plugins/firefoxhistory.py [INFO ] File /usr/lib/python2.7/dist-packages/volatility/plugins/firefoxhistory.py is not present [INFO ] Completed state [/usr/lib/python2.7/dist-packages/volatility/plugins/firefoxhistory.py] at time 13:34:18.794970 duration_in_ms=0.824 [DEBUG ] Could not LazyLoad file.mod_watch: 'file.mod_watch' is not available. [INFO ] Running state [/usr/lib/python2.7/dist-packages/volatility/plugins/autoruns.py] at time 13:34:18.799975 [INFO ] Executing state file.absent for /usr/lib/python2.7/dist-packages/volatility/plugins/autoruns.py [INFO ] File /usr/lib/python2.7/dist-packages/volatility/plugins/autoruns.py is not present [INFO ] Completed state [/usr/lib/python2.7/dist-packages/volatility/plugins/autoruns.py] at time 13:34:18.800498 duration_in_ms=0.523 [DEBUG ] Could not LazyLoad file.mod_watch: 'file.mod_watch' is not available. [INFO ] Running state [/usr/lib/python2.7/dist-packages/volatility/plugins/malfinddeep.py] at time 13:34:18.805634 [INFO ] Executing state file.absent for /usr/lib/python2.7/dist-packages/volatility/plugins/malfinddeep.py [INFO ] File /usr/lib/python2.7/dist-packages/volatility/plugins/malfinddeep.py is not present [INFO ] Completed state [/usr/lib/python2.7/dist-packages/volatility/plugins/malfinddeep.py] at time 13:34:18.806352 duration_in_ms=0.719 [DEBUG ] Could not LazyLoad file.mod_watch: 'file.mod_watch' is not available. [INFO ] Running state [/usr/lib/python2.7/dist-packages/volatility/plugins/prefetch.py] at time 13:34:18.811206 [INFO ] Executing state file.absent for /usr/lib/python2.7/dist-packages/volatility/plugins/prefetch.py [INFO ] File /usr/lib/python2.7/dist-packages/volatility/plugins/prefetch.py is not present [INFO ] Completed state [/usr/lib/python2.7/dist-packages/volatility/plugins/prefetch.py] at time 13:34:18.811699 duration_in_ms=0.493 [DEBUG ] Could not LazyLoad file.mod_watch: 'file.mod_watch' is not available. [INFO ] Running state [/usr/lib/python2.7/dist-packages/volatility/plugins/baseline.py] at time 13:34:18.816689 [INFO ] Executing state file.absent for /usr/lib/python2.7/dist-packages/volatility/plugins/baseline.py [INFO ] File /usr/lib/python2.7/dist-packages/volatility/plugins/baseline.py is not present [INFO ] Completed state [/usr/lib/python2.7/dist-packages/volatility/plugins/baseline.py] at time 13:34:18.817131 duration_in_ms=0.442 [DEBUG ] Could not LazyLoad file.mod_watch: 'file.mod_watch' is not available. [INFO ] Running state [/usr/lib/python2.7/dist-packages/volatility/plugins/ssdeepscan.py] at time 13:34:18.821504 [INFO ] Executing state file.absent for /usr/lib/python2.7/dist-packages/volatility/plugins/ssdeepscan.py [INFO ] File /usr/lib/python2.7/dist-packages/volatility/plugins/ssdeepscan.py is not present [INFO ] Completed state [/usr/lib/python2.7/dist-packages/volatility/plugins/ssdeepscan.py] at time 13:34:18.821961 duration_in_ms=0.457 [DEBUG ] Could not LazyLoad file.mod_watch: 'file.mod_watch' is not available. [INFO ] Running state [/usr/lib/python2.7/dist-packages/volatility/plugins/uninstallinfo.py] at time 13:34:18.826350 [INFO ] Executing state file.absent for /usr/lib/python2.7/dist-packages/volatility/plugins/uninstallinfo.py [INFO ] File /usr/lib/python2.7/dist-packages/volatility/plugins/uninstallinfo.py is not present [INFO ] Completed state [/usr/lib/python2.7/dist-packages/volatility/plugins/uninstallinfo.py] at time 13:34:18.826806 duration_in_ms=0.456 [DEBUG ] Could not LazyLoad file.mod_watch: 'file.mod_watch' is not available. [INFO ] Running state [/usr/lib/python2.7/dist-packages/volatility/plugins/trustrecords.py] at time 13:34:18.831494 [INFO ] Executing state file.absent for /usr/lib/python2.7/dist-packages/volatility/plugins/trustrecords.py [INFO ] File /usr/lib/python2.7/dist-packages/volatility/plugins/trustrecords.py is not present [INFO ] Completed state [/usr/lib/python2.7/dist-packages/volatility/plugins/trustrecords.py] at time 13:34:18.831989 duration_in_ms=0.495 [DEBUG ] Could not LazyLoad file.mod_watch: 'file.mod_watch' is not available. [INFO ] Running state [/usr/lib/python2.7/dist-packages/volatility/plugins/usnparser.py] at time 13:34:18.837245 [INFO ] Executing state file.absent for /usr/lib/python2.7/dist-packages/volatility/plugins/usnparser.py [INFO ] File /usr/lib/python2.7/dist-packages/volatility/plugins/usnparser.py is not present [INFO ] Completed state [/usr/lib/python2.7/dist-packages/volatility/plugins/usnparser.py] at time 13:34:18.838386 duration_in_ms=1.14 [DEBUG ] Could not LazyLoad file.mod_watch: 'file.mod_watch' is not available. [INFO ] Running state [/usr/lib/python2.7/dist-packages/volatility/plugins/apihooksdeep.py] at time 13:34:18.844607 [INFO ] Executing state file.absent for /usr/lib/python2.7/dist-packages/volatility/plugins/apihooksdeep.py [INFO ] File /usr/lib/python2.7/dist-packages/volatility/plugins/apihooksdeep.py is not present [INFO ] Completed state [/usr/lib/python2.7/dist-packages/volatility/plugins/apihooksdeep.py] at time 13:34:18.845289 duration_in_ms=0.682 [DEBUG ] Could not LazyLoad file.mod_watch: 'file.mod_watch' is not available. [INFO ] Running state [/usr/lib/python2.7/dist-packages/volatility/plugins/editbox.py] at time 13:34:18.850829 [INFO ] Executing state file.absent for /usr/lib/python2.7/dist-packages/volatility/plugins/editbox.py [INFO ] File /usr/lib/python2.7/dist-packages/volatility/plugins/editbox.py is not present [INFO ] Completed state [/usr/lib/python2.7/dist-packages/volatility/plugins/editbox.py] at time 13:34:18.851507 duration_in_ms=0.679 [DEBUG ] Could not LazyLoad file.mod_watch: 'file.mod_watch' is not available. [INFO ] Running state [/usr/lib/python2.7/dist-packages/volatility/plugins/javarat.py] at time 13:34:18.856619 [INFO ] Executing state file.absent for /usr/lib/python2.7/dist-packages/volatility/plugins/javarat.py [INFO ] File /usr/lib/python2.7/dist-packages/volatility/plugins/javarat.py is not present [INFO ] Completed state [/usr/lib/python2.7/dist-packages/volatility/plugins/javarat.py] at time 13:34:18.857118 duration_in_ms=0.5 [INFO ] Running state [python-yara] at time 13:34:18.857284 [INFO ] Executing state pkg.installed for python-yara [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. [INFO ] Package python-yara is already installed [INFO ] Completed state [python-yara] at time 13:34:18.863478 duration_in_ms=6.193 [INFO ] Running state [qemu] at time 13:34:18.863665 [INFO ] Executing state pkg.installed for qemu [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. [DEBUG ] Could not LazyLoad pkg.check_db: 'pkg.check_db' is not available. [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. [INFO ] Executing command ['dpkg', '--get-selections', '*'] in directory '/home/sansforensics' [INFO ] Executing command ['systemd-run', '--scope', 'apt-get', '-q', '-y', '-o', 'DPkg::Options::=--force-confold', '-o', 'DPkg::Options::=--force-confdef', 'install', 'qemu'] in directory '/home/sansforensics' [INFO ] Executing command ['dpkg-query', '--showformat', '${Status} ${Package} ${Version} ${Architecture}\n', '-W'] in directory '/home/sansforensics' [INFO ] Made the following changes: 'qemu-system-tricore' changed from 'absent' to '1' 'qemu-system-ppc64' changed from 'absent' to '1' 'qemu-system-ppcemb' changed from 'absent' to '1' 'seabios' changed from 'absent' to '1.8.2-1ubuntu1' 'qemu-keymaps' changed from 'absent' to '1' 'qemu-system-microblaze' changed from 'absent' to '1' 'librbd1' changed from 'absent' to '10.2.7-0ubuntu0.16.04.1' 'libaio1' changed from 'absent' to '0.3.110-2' 'libxen-4.6' changed from 'absent' to '4.6.5-0ubuntu1.1' 'libxenstore3.0' changed from 'absent' to '4.6.5-0ubuntu1.1' 'qemu-system-mips' changed from 'absent' to '1:2.5+dfsg-5ubuntu10.14' 'libcacard0' changed from 'absent' to '1:2.5.0-2' 'libsdl1.2debian' changed from 'absent' to '1.2.15+dfsg1-3' 'qemu' changed from 'absent' to '1:2.5+dfsg-5ubuntu10.14' 'libiscsi2' changed from 'absent' to '1.12.0-2' 'libfdt1' changed from 'absent' to '1.4.0+dfsg-2' 'libboost-thread1.58.0' changed from 'absent' to '1.58.0+dfsg-5ubuntu3.1' 'qemu-system-unicore32' changed from 'absent' to '1' 'qemu-system' changed from 'absent' to '1:2.5+dfsg-5ubuntu10.14' 'qemu-system-sh4' changed from 'absent' to '1' 'qemu-system-sh4eb' changed from 'absent' to '1' 'librados2' changed from 'absent' to '10.2.7-0ubuntu0.16.04.1' 'qemu-system-x86' changed from 'absent' to '1:2.5+dfsg-5ubuntu10.14' 'qemu-system-lm32' changed from 'absent' to '1' 'ipxe-qemu' changed from 'absent' to '1.0.0+git-20150424.a25a16d-1ubuntu1' 'libboost-random1.58.0' changed from 'absent' to '1.58.0+dfsg-5ubuntu3.1' 'qemu-system-cris' changed from 'absent' to '1' 'qemu-system-misc' changed from 'absent' to '1:2.5+dfsg-5ubuntu10.14' 'qemu-system-xtensa' changed from 'absent' to '1' 'qemu-block-extra' changed from 'absent' to '1:2.5+dfsg-5ubuntu10.14' 'sharutils' changed from 'absent' to '1:4.15.2-1' 'qemu-system-xtensaeb' changed from 'absent' to '1' 'libspice-server1' changed from 'absent' to '0.12.6-4ubuntu0.2' 'qemu-user' changed from 'absent' to '1:2.5+dfsg-5ubuntu10.14' 'qemu-system-sparc' changed from 'absent' to '1:2.5+dfsg-5ubuntu10.14' 'qemu-utils' changed from 'absent' to '1:2.5+dfsg-5ubuntu10.14' 'qemu-system-mipsel' changed from 'absent' to '1' 'qemu-system-alpha' changed from 'absent' to '1' 'qemu-system-aarch64' changed from 'absent' to '1' 'qemu-system-m68k' changed from 'absent' to '1' 'qemu-system-moxie' changed from 'absent' to '1' 'qemu-system-common' changed from 'absent' to '1:2.5+dfsg-5ubuntu10.14' 'qemu-system-or32' changed from 'absent' to '1' 'qemu-system-i386' changed from 'absent' to '1' 'qemu-user-binfmt' changed from 'absent' to '1:2.5+dfsg-5ubuntu10.14' 'qemu-system-x86-64' changed from 'absent' to '1' 'msr-tools' changed from 'absent' to '1.3-2' 'qemu-system-microblazeel' changed from 'absent' to '1' 'libusbredirparser1' changed from 'absent' to '0.7.1-1' 'qemu-system-mips64' changed from 'absent' to '1' 'qemu-system-mips64el' changed from 'absent' to '1' 'qemu-slof' changed from 'absent' to '20151103+dfsg-1ubuntu1' 'qemu-system-sparc64' changed from 'absent' to '1' 'qemu-system-arm' changed from 'absent' to '1:2.5+dfsg-5ubuntu10.14' 'qemu-system-ppc' changed from 'absent' to '1:2.5+dfsg-5ubuntu10.14' 'cpu-checker' changed from 'absent' to '0.7-0ubuntu7' [DEBUG ] Refreshing modules... [INFO ] Loading fresh modules for state activity [DEBUG ] LazyLoaded jinja.render [DEBUG ] LazyLoaded yaml.render [INFO ] Completed state [qemu] at time 13:35:42.981406 duration_in_ms=84117.74 [DEBUG ] LazyLoaded config.option [DEBUG ] LazyLoaded pkg.install [DEBUG ] LazyLoaded pkg.installed [INFO ] Running state [qemu-utils] at time 13:35:42.987092 [INFO ] Executing state pkg.installed for qemu-utils [DEBUG ] Module DSC: Only available on Windows systems [DEBUG ] Module PSGet: Only available on Windows systems [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. [INFO ] Package qemu-utils is already installed [INFO ] Completed state [qemu-utils] at time 13:35:43.267857 duration_in_ms=280.764 [INFO ] Running state [radare2] at time 13:35:43.268048 [INFO ] Executing state pkg.installed for radare2 [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. [DEBUG ] Could not LazyLoad pkg.check_db: 'pkg.check_db' is not available. [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. [INFO ] Executing command ['dpkg', '--get-selections', '*'] in directory '/home/sansforensics' [INFO ] Executing command ['systemd-run', '--scope', 'apt-get', '-q', '-y', '-o', 'DPkg::Options::=--force-confold', '-o', 'DPkg::Options::=--force-confdef', 'install', 'radare2'] in directory '/home/sansforensics' [INFO ] Executing command ['dpkg-query', '--showformat', '${Status} ${Package} ${Version} ${Architecture}\n', '-W'] in directory '/home/sansforensics' [INFO ] Made the following changes: 'libmagic-dev' changed from 'absent' to '1:5.25-2ubuntu1' 'libradare2-dev' changed from 'absent' to '0.9.6-3.1ubuntu1' 'radare2' changed from 'absent' to '0.9.6-3.1ubuntu1' 'libradare2-common' changed from 'absent' to '0.9.6-3.1ubuntu1' 'libradare2-0.9.6' changed from 'absent' to '0.9.6-3.1ubuntu1' [DEBUG ] Refreshing modules... [INFO ] Loading fresh modules for state activity [DEBUG ] LazyLoaded jinja.render [DEBUG ] LazyLoaded yaml.render [INFO ] Completed state [radare2] at time 13:35:57.366168 duration_in_ms=14098.12 [DEBUG ] LazyLoaded config.option [DEBUG ] LazyLoaded pkg.install [DEBUG ] LazyLoaded pkg.installed [INFO ] Running state [rar] at time 13:35:57.373883 [INFO ] Executing state pkg.installed for rar [DEBUG ] Module DSC: Only available on Windows systems [DEBUG ] Module PSGet: Only available on Windows systems [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. [DEBUG ] Could not LazyLoad pkg.check_db: 'pkg.check_db' is not available. [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. [INFO ] Executing command ['dpkg', '--get-selections', '*'] in directory '/home/sansforensics' [INFO ] Executing command ['systemd-run', '--scope', 'apt-get', '-q', '-y', '-o', 'DPkg::Options::=--force-confold', '-o', 'DPkg::Options::=--force-confdef', 'install', 'rar'] in directory '/home/sansforensics' [INFO ] Executing command ['dpkg-query', '--showformat', '${Status} ${Package} ${Version} ${Architecture}\n', '-W'] in directory '/home/sansforensics' [INFO ] Made the following changes: 'rar' changed from 'absent' to '2:5.3.b2-1' [DEBUG ] Refreshing modules... [INFO ] Loading fresh modules for state activity [DEBUG ] LazyLoaded jinja.render [DEBUG ] LazyLoaded yaml.render [INFO ] Completed state [rar] at time 13:36:03.336373 duration_in_ms=5962.49 [DEBUG ] LazyLoaded config.option [DEBUG ] LazyLoaded pkg.install [DEBUG ] LazyLoaded pkg.installed [INFO ] Running state [readpst] at time 13:36:03.343137 [INFO ] Executing state pkg.installed for readpst [DEBUG ] Module DSC: Only available on Windows systems [DEBUG ] Module PSGet: Only available on Windows systems [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. [DEBUG ] Could not LazyLoad pkg.check_db: 'pkg.check_db' is not available. [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. [INFO ] Executing command ['dpkg', '--get-selections', '*'] in directory '/home/sansforensics' [INFO ] Executing command ['systemd-run', '--scope', 'apt-get', '-q', '-y', '-o', 'DPkg::Options::=--force-confold', '-o', 'DPkg::Options::=--force-confdef', 'install', 'readpst'] in directory '/home/sansforensics' [INFO ] Executing command ['dpkg-query', '--showformat', '${Status} ${Package} ${Version} ${Architecture}\n', '-W'] in directory '/home/sansforensics' [INFO ] Made the following changes: 'libgsf-1-114' changed from 'absent' to '1.14.36-1' 'pst-utils' changed from 'absent' to '0.6.59-1ubuntu1' 'readpst' changed from 'absent' to '0.6.59-1ubuntu1' 'libgsf-1-common' changed from 'absent' to '1.14.36-1' 'libpst4' changed from 'absent' to '0.6.59-1ubuntu1' [DEBUG ] Refreshing modules... [INFO ] Loading fresh modules for state activity [DEBUG ] LazyLoaded jinja.render [DEBUG ] LazyLoaded yaml.render [INFO ] Completed state [readpst] at time 13:36:09.533852 duration_in_ms=6190.733 [DEBUG ] LazyLoaded config.option [DEBUG ] LazyLoaded cmd.run [INFO ] Running state [dpkg --add-architecture i386] at time 13:36:09.535497 [INFO ] Executing state cmd.run for dpkg --add-architecture i386 [DEBUG ] LazyLoaded cmd.retcode [INFO ] Executing command 'dpkg --print-foreign-architectures | grep i386' in directory '/home/sansforensics' [DEBUG ] output: i386 [DEBUG ] Last command return code: 0 [INFO ] unless execution succeeded [INFO ] Completed state [dpkg --add-architecture i386] at time 13:36:09.558733 duration_in_ms=23.234 [DEBUG ] LazyLoaded pkg.install [DEBUG ] LazyLoaded pkg.uptodate [INFO ] Running state [sift-wine-apt-update] at time 13:36:09.567239 [INFO ] Executing state pkg.uptodate for sift-wine-apt-update [INFO ] Executing command ['apt-get', '-q', 'update'] in directory '/home/sansforensics' [INFO ] Executing command ['apt-get', '--just-print', 'dist-upgrade'] in directory '/home/sansforensics' [INFO ] Executing command ['apt-get', '-q', 'update'] in directory '/home/sansforensics' [INFO ] Executing command ['systemd-run', '--scope', 'apt-get', '-q', '-y', '-o', 'DPkg::Options::=--force-confold', '-o', 'DPkg::Options::=--force-confdef', 'upgrade'] in directory '/home/sansforensics' [ERROR ] Command '['systemd-run', '--scope', 'apt-get', '-q', '-y', '-o', 'DPkg::Options::=--force-confold', '-o', 'DPkg::Options::=--force-confdef', 'upgrade']' failed with return code: 100 [ERROR ] stdout: Reading package lists... Building dependency tree... Reading state information... Calculating upgrade... The following packages were automatically installed and are no longer required: libsodium18 libzmq5 python-cffi-backend python-chardet python-cryptography python-enum34 python-idna python-ipaddress python-ndg-httpsclient python-openssl python-pyasn1 python-urllib3 snap-confine Use 'sudo apt autoremove' to remove them. The following packages have been kept back: python-dfvfs python-plaso The following packages will be upgraded: apport apport-gtk libgail-common libgail18 libgtk2.0-0 libgtk2.0-bin libgtk2.0-common libpulse-mainloop-glib0 libpulse0 libpulsedsp libunity-control-center1 pulseaudio pulseaudio-module-bluetooth pulseaudio-module-x11 pulseaudio-utils python-dateutil python-requests python-zmq python3-apport python3-problem-report python3-pyparsing python3-requests python3-xlsxwriter unity-control-center unity-control-center-faces 25 upgraded, 0 newly installed, 0 to remove and 2 not upgraded. Need to get 5983 kB of archives. After this operation, 2961 kB of additional disk space will be used. Get:1 http://ppa.launchpad.net/gift/stable/ubuntu xenial/main amd64 python-dateutil amd64 2.5.3-2ppa1~xenial [189 kB] Get:2 http://us.archive.ubuntu.com/ubuntu xenial-updates/main amd64 python3-problem-report all 2.20.1-0ubuntu2.9 [9786 B] Get:3 http://us.archive.ubuntu.com/ubuntu xenial-updates/main amd64 python3-apport all 2.20.1-0ubuntu2.9 [79.5 kB] Get:4 http://ppa.launchpad.net/gift/stable/ubuntu xenial/main amd64 python-requests all 2.11.1-1ppa1~xenial [356 kB] Get:5 http://us.archive.ubuntu.com/ubuntu xenial-updates/main amd64 apport all 2.20.1-0ubuntu2.9 [120 kB] Get:6 http://us.archive.ubuntu.com/ubuntu xenial-updates/main amd64 apport-gtk all 2.20.1-0ubuntu2.9 [9514 B] Get:7 http://us.archive.ubuntu.com/ubuntu xenial-updates/main amd64 libgtk2.0-common all 2.24.30-1ubuntu1.16.04.1 [123 kB] Get:8 http://ppa.launchpad.net/gift/stable/ubuntu xenial/main amd64 python-zmq amd64 16.0.0-1ppa1~xenial [396 kB] Get:9 http://us.archive.ubuntu.com/ubuntu xenial-updates/main amd64 libgtk2.0-bin amd64 2.24.30-1ubuntu1.16.04.1 [9826 B] Get:10 http://us.archive.ubuntu.com/ubuntu xenial-updates/main amd64 libgail-common amd64 2.24.30-1ubuntu1.16.04.1 [111 kB] Get:11 http://us.archive.ubuntu.com/ubuntu xenial-updates/main amd64 libgail18 amd64 2.24.30-1ubuntu1.16.04.1 [14.2 kB] Get:12 http://ppa.launchpad.net/gift/stable/ubuntu xenial/main amd64 python3-pyparsing all 2.1.5-1ppa1~xenial [69.7 kB] Get:13 http://ppa.launchpad.net/gift/stable/ubuntu xenial/main amd64 python3-requests all 2.11.1-1ppa1~xenial [356 kB] Get:14 http://us.archive.ubuntu.com/ubuntu xenial-updates/main amd64 libgtk2.0-0 amd64 2.24.30-1ubuntu1.16.04.1 [1776 kB] Get:15 http://ppa.launchpad.net/gift/stable/ubuntu xenial/main amd64 python3-xlsxwriter all 0.9.3-1ppa1~xenial [96.0 kB] Get:16 http://us.archive.ubuntu.com/ubuntu xenial-updates/main amd64 libpulsedsp amd64 1:8.0-0ubuntu3.3 [21.1 kB] Get:17 http://us.archive.ubuntu.com/ubuntu xenial-updates/main amd64 pulseaudio-utils amd64 1:8.0-0ubuntu3.3 [50.9 kB] Get:18 http://us.archive.ubuntu.com/ubuntu xenial-updates/main amd64 pulseaudio-module-x11 amd64 1:8.0-0ubuntu3.3 [15.9 kB] Get:19 http://us.archive.ubuntu.com/ubuntu xenial-updates/main amd64 pulseaudio-module-bluetooth amd64 1:8.0-0ubuntu3.3 [58.5 kB] Get:20 http://us.archive.ubuntu.com/ubuntu xenial-updates/main amd64 pulseaudio amd64 1:8.0-0ubuntu3.3 [767 kB] Get:21 http://us.archive.ubuntu.com/ubuntu xenial-updates/main amd64 libpulse-mainloop-glib0 amd64 1:8.0-0ubuntu3.3 [11.5 kB] Get:22 http://us.archive.ubuntu.com/ubuntu xenial-updates/main amd64 libpulse0 amd64 1:8.0-0ubuntu3.3 [249 kB] Get:23 http://us.archive.ubuntu.com/ubuntu xenial-updates/main amd64 libunity-control-center1 amd64 15.04.0+16.04.20170214-0ubuntu1 [81.1 kB] Get:24 http://us.archive.ubuntu.com/ubuntu xenial-updates/main amd64 unity-control-center amd64 15.04.0+16.04.20170214-0ubuntu1 [834 kB] Get:25 http://us.archive.ubuntu.com/ubuntu xenial-updates/main amd64 unity-control-center-faces all 15.04.0+16.04.20170214-0ubuntu1 [180 kB] Fetched 5983 kB in 8s (701 kB/s) (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 254239 files and directories currently installed.) Preparing to unpack .../python3-problem-report_2.20.1-0ubuntu2.9_all.deb ... Unpacking python3-problem-report (2.20.1-0ubuntu2.9) over (2.20.1-0ubuntu2.5) ... Preparing to unpack .../python3-apport_2.20.1-0ubuntu2.9_all.deb ... Unpacking python3-apport (2.20.1-0ubuntu2.9) over (2.20.1-0ubuntu2.5) ... Preparing to unpack .../apport_2.20.1-0ubuntu2.9_all.deb ... Unpacking apport (2.20.1-0ubuntu2.9) over (2.20.1-0ubuntu2.5) ... Preparing to unpack .../apport-gtk_2.20.1-0ubuntu2.9_all.deb ... Unpacking apport-gtk (2.20.1-0ubuntu2.9) over (2.20.1-0ubuntu2.5) ... Preparing to unpack .../libgtk2.0-common_2.24.30-1ubuntu1.16.04.1_all.deb ... Unpacking libgtk2.0-common (2.24.30-1ubuntu1.16.04.1) over (2.24.30-1ubuntu1) ... Preparing to unpack .../libgtk2.0-bin_2.24.30-1ubuntu1.16.04.1_amd64.deb ... Unpacking libgtk2.0-bin (2.24.30-1ubuntu1.16.04.1) over (2.24.30-1ubuntu1) ... Preparing to unpack .../libgail-common_2.24.30-1ubuntu1.16.04.1_amd64.deb ... Unpacking libgail-common:amd64 (2.24.30-1ubuntu1.16.04.1) over (2.24.30-1ubuntu1) ... Preparing to unpack .../libgail18_2.24.30-1ubuntu1.16.04.1_amd64.deb ... Unpacking libgail18:amd64 (2.24.30-1ubuntu1.16.04.1) over (2.24.30-1ubuntu1) ... Preparing to unpack .../libgtk2.0-0_2.24.30-1ubuntu1.16.04.1_amd64.deb ... Unpacking libgtk2.0-0:amd64 (2.24.30-1ubuntu1.16.04.1) over (2.24.30-1ubuntu1) ... Preparing to unpack .../libpulsedsp_1%3a8.0-0ubuntu3.3_amd64.deb ... Unpacking libpulsedsp:amd64 (1:8.0-0ubuntu3.3) over (1:8.0-0ubuntu3.2) ... Preparing to unpack .../pulseaudio-utils_1%3a8.0-0ubuntu3.3_amd64.deb ... Unpacking pulseaudio-utils (1:8.0-0ubuntu3.3) over (1:8.0-0ubuntu3.2) ... Preparing to unpack .../pulseaudio-module-x11_1%3a8.0-0ubuntu3.3_amd64.deb ... Unpacking pulseaudio-module-x11 (1:8.0-0ubuntu3.3) over (1:8.0-0ubuntu3.2) ... Preparing to unpack .../pulseaudio-module-bluetooth_1%3a8.0-0ubuntu3.3_amd64.deb ... Unpacking pulseaudio-module-bluetooth (1:8.0-0ubuntu3.3) over (1:8.0-0ubuntu3.2) ... Preparing to unpack .../pulseaudio_1%3a8.0-0ubuntu3.3_amd64.deb ... Unpacking pulseaudio (1:8.0-0ubuntu3.3) over (1:8.0-0ubuntu3.2) ... Preparing to unpack .../libpulse-mainloop-glib0_1%3a8.0-0ubuntu3.3_amd64.deb ... Unpacking libpulse-mainloop-glib0:amd64 (1:8.0-0ubuntu3.3) over (1:8.0-0ubuntu3.2) ... Preparing to unpack .../libpulse0_1%3a8.0-0ubuntu3.3_amd64.deb ... Unpacking libpulse0:amd64 (1:8.0-0ubuntu3.3) over (1:8.0-0ubuntu3.2) ... Preparing to unpack .../libunity-control-center1_15.04.0+16.04.20170214-0ubuntu1_amd64.deb ... Unpacking libunity-control-center1 (15.04.0+16.04.20170214-0ubuntu1) over (15.04.0+16.04.20160705-0ubuntu1) ... Preparing to unpack .../unity-control-center_15.04.0+16.04.20170214-0ubuntu1_amd64.deb ... Unpacking unity-control-center (15.04.0+16.04.20170214-0ubuntu1) over (15.04.0+16.04.20160705-0ubuntu1) ... Preparing to unpack .../unity-control-center-faces_15.04.0+16.04.20170214-0ubuntu1_all.deb ... Unpacking unity-control-center-faces (15.04.0+16.04.20170214-0ubuntu1) over (15.04.0+16.04.20160705-0ubuntu1) ... Preparing to unpack .../python-dateutil_2.5.3-2ppa1~xenial_amd64.deb ... Unpacking python-dateutil (2.5.3-2ppa1~xenial) over (2.4.2-1) ... Preparing to unpack .../python-requests_2.11.1-1ppa1~xenial_all.deb ... Unpacking python-requests (2.11.1-1ppa1~xenial) over (2.9.1-3) ... Preparing to unpack .../python-zmq_16.0.0-1ppa1~xenial_amd64.deb ... Unpacking python-zmq (16.0.0-1ppa1~xenial) over (15.2.0-0ubuntu4) ... Preparing to unpack .../python3-pyparsing_2.1.5-1ppa1~xenial_all.deb ... Unpacking python3-pyparsing (2.1.5-1ppa1~xenial) over (2.0.3+dfsg1-1ubuntu0.1) ... Preparing to unpack .../python3-requests_2.11.1-1ppa1~xenial_all.deb ... Unpacking python3-requests (2.11.1-1ppa1~xenial) over (2.9.1-3) ... Preparing to unpack .../python3-xlsxwriter_0.9.3-1ppa1~xenial_all.deb ... Unpacking python3-xlsxwriter (0.9.3-1ppa1~xenial) over (0.7.3-1) ... dpkg: error processing archive /var/cache/apt/archives/python3-xlsxwriter_0.9.3-1ppa1~xenial_all.deb (--unpack): trying to overwrite '/usr/bin/vba_extract.py', which is also in package python-xlsxwriter 0.9.3-1ppa1~xenial dpkg-deb: error: subprocess paste was killed by signal (Broken pipe) Processing triggers for ureadahead (0.100.0-19) ... Processing triggers for systemd (229-4ubuntu17) ... Processing triggers for shared-mime-info (1.5-2ubuntu0.1) ... Unknown media type in type 'all/all' Unknown media type in type 'all/allfiles' Processing triggers for hicolor-icon-theme (0.15-0ubuntu1) ... Processing triggers for man-db (2.7.5-1) ... Processing triggers for desktop-file-utils (0.22-1ubuntu5.1) ... Processing triggers for gnome-menus (3.13.3-6ubuntu3.1) ... Processing triggers for bamfdaemon (0.5.3~bzr0+16.04.20160824-0ubuntu1) ... Rebuilding /usr/share/applications/bamf-2.index... Processing triggers for mime-support (3.59ubuntu1) ... Processing triggers for libc-bin (2.23-0ubuntu9) ... /sbin/ldconfig.real: /usr/lib/libpff.so.1 is not a symbolic link Processing triggers for dbus (1.10.6-1ubuntu3.3) ... Errors were encountered while processing: /var/cache/apt/archives/python3-xlsxwriter_0.9.3-1ppa1~xenial_all.deb [ERROR ] stderr: Running scope as unit run-rf6a54785bcbe41f49876c4c9a59dc2a1.scope. E: Sub-process /usr/bin/dpkg returned an error code (1) [ERROR ] retcode: 100 [INFO ] Executing command ['dpkg-query', '--showformat', '${Status} ${Package} ${Version} ${Architecture}\n', '-W'] in directory '/home/sansforensics' [ERROR ] Made the following changes: 'python3-problem-report' changed from '2.20.1-0ubuntu2.5' to 'absent' 'libunity-control-center1' changed from '15.04.0+16.04.20160705-0ubuntu1' to 'absent' 'libpulsedsp' changed from '1:8.0-0ubuntu3.2' to 'absent' 'apport-gtk' changed from '2.20.1-0ubuntu2.5' to 'absent' 'libgtk2.0-bin' changed from '2.24.30-1ubuntu1' to 'absent' 'unity-control-center-datetime' changed from '1' to 'absent' 'python3-requests' changed from '2.9.1-3' to 'absent' 'pulseaudio-utils' changed from '1:8.0-0ubuntu3.2' to 'absent' 'python3-pyparsing' changed from '2.0.3+dfsg1-1ubuntu0.1' to 'absent' 'core-dump-handler' changed from '1' to 'absent' 'apport' changed from '2.20.1-0ubuntu2.5' to 'absent' 'libgtk2.0-common' changed from '2.24.30-1ubuntu1' to 'absent' 'unity-control-center-faces' changed from '15.04.0+16.04.20160705-0ubuntu1' to 'absent' 'gnome-control-center-shared-data' changed from '1' to 'absent' 'libgail-common' changed from '2.24.30-1ubuntu1' to 'absent' 'pulseaudio-module-x11' changed from '1:8.0-0ubuntu3.2' to 'absent' 'python3-apport' changed from '2.20.1-0ubuntu2.5' to 'absent' 'libpulse-mainloop-glib0' changed from '1:8.0-0ubuntu3.2' to 'absent' 'python-dateutil' changed from '2.4.2-1' to 'absent' 'libgtk2.0-0' changed from '2.24.30-1ubuntu1' to 'absent' 'python-zmq' changed from '15.2.0-0ubuntu4' to 'absent' 'libgail18' changed from '2.24.30-1ubuntu1' to 'absent' 'libpulse0' changed from '1:8.0-0ubuntu3.2' to 'absent' 'pulseaudio-module-bluetooth' changed from '1:8.0-0ubuntu3.2' to 'absent' 'unity-control-center' changed from '15.04.0+16.04.20160705-0ubuntu1' to 'absent' 'pulseaudio' changed from '1:8.0-0ubuntu3.2' to 'absent' 'python-requests' changed from '2.9.1-3' to 'absent' 'gnome-control-center-unity' changed from '1' to 'absent' 'gtk2.0-binver-2.10.0' changed from '1' to 'absent' [DEBUG ] Refreshing modules... [INFO ] Loading fresh modules for state activity [DEBUG ] LazyLoaded jinja.render [DEBUG ] LazyLoaded yaml.render [INFO ] Completed state [sift-wine-apt-update] at time 13:36:39.486511 duration_in_ms=29919.272 [DEBUG ] LazyLoaded config.option [DEBUG ] LazyLoaded pkg.install [DEBUG ] LazyLoaded pkg.installed [INFO ] Running state [rsakeyfind] at time 13:36:39.499257 [INFO ] Executing state pkg.installed for rsakeyfind [DEBUG ] Module DSC: Only available on Windows systems [DEBUG ] Module PSGet: Only available on Windows systems [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. [DEBUG ] Could not LazyLoad pkg.check_db: 'pkg.check_db' is not available. [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. [INFO ] Executing command ['dpkg', '--get-selections', '*'] in directory '/home/sansforensics' [INFO ] Executing command ['systemd-run', '--scope', 'apt-get', '-q', '-y', '-o', 'DPkg::Options::=--force-confold', '-o', 'DPkg::Options::=--force-confdef', 'install', 'rsakeyfind'] in directory '/home/sansforensics' [INFO ] Executing command ['dpkg-query', '--showformat', '${Status} ${Package} ${Version} ${Architecture}\n', '-W'] in directory '/home/sansforensics' [INFO ] Made the following changes: 'python3-problem-report' changed from 'absent' to '2.20.1-0ubuntu2.9' 'libunity-control-center1' changed from 'absent' to '15.04.0+16.04.20170214-0ubuntu1' 'gnome-control-center-shared-data' changed from 'absent' to '1' 'python-requests' changed from 'absent' to '2.11.1-1ppa1~xenial' 'libgail-common' changed from 'absent' to '2.24.30-1ubuntu1.16.04.1' 'pulseaudio-module-x11' changed from 'absent' to '1:8.0-0ubuntu3.3' 'python-dateutil' changed from 'absent' to '2.5.3-2ppa1~xenial' 'python3-apport' changed from 'absent' to '2.20.1-0ubuntu2.9' 'libpulse-mainloop-glib0' changed from 'absent' to '1:8.0-0ubuntu3.3' 'core-dump-handler' changed from 'absent' to '1' 'apport-gtk' changed from 'absent' to '2.20.1-0ubuntu2.9' 'libgtk2.0-bin' changed from 'absent' to '2.24.30-1ubuntu1.16.04.1' 'unity-control-center-faces' changed from 'absent' to '15.04.0+16.04.20170214-0ubuntu1' 'libgtk2.0-0' changed from 'absent' to '2.24.30-1ubuntu1.16.04.1' 'python-zmq' changed from 'absent' to '16.0.0-1ppa1~xenial' 'libgail18' changed from 'absent' to '2.24.30-1ubuntu1.16.04.1' 'rsakeyfind' changed from 'absent' to '1:1.0-3' 'libpulse0' changed from 'absent' to '1:8.0-0ubuntu3.3' 'pulseaudio-module-bluetooth' changed from 'absent' to '1:8.0-0ubuntu3.3' 'unity-control-center-datetime' changed from 'absent' to '1' 'unity-control-center' changed from 'absent' to '15.04.0+16.04.20170214-0ubuntu1' 'python3-requests' changed from 'absent' to '2.11.1-1ppa1~xenial' 'pulseaudio-utils' changed from 'absent' to '1:8.0-0ubuntu3.3' 'python3-pyparsing' changed from 'absent' to '2.1.5-1ppa1~xenial' 'pulseaudio' changed from 'absent' to '1:8.0-0ubuntu3.3' 'libpulsedsp' changed from 'absent' to '1:8.0-0ubuntu3.3' 'apport' changed from 'absent' to '2.20.1-0ubuntu2.9' 'libgtk2.0-common' changed from 'absent' to '2.24.30-1ubuntu1.16.04.1' 'gnome-control-center-unity' changed from 'absent' to '1' 'gtk2.0-binver-2.10.0' changed from 'absent' to '1' [DEBUG ] Refreshing modules... [INFO ] Loading fresh modules for state activity [DEBUG ] LazyLoaded jinja.render [DEBUG ] LazyLoaded yaml.render [INFO ] Completed state [rsakeyfind] at time 13:36:47.272321 duration_in_ms=7773.063 [DEBUG ] LazyLoaded config.option [DEBUG ] LazyLoaded pkg.install [DEBUG ] LazyLoaded pkg.installed [INFO ] Running state [safecopy] at time 13:36:47.283271 [INFO ] Executing state pkg.installed for safecopy [DEBUG ] Module DSC: Only available on Windows systems [DEBUG ] Module PSGet: Only available on Windows systems [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. [DEBUG ] Could not LazyLoad pkg.check_db: 'pkg.check_db' is not available. [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. [INFO ] Executing command ['dpkg', '--get-selections', '*'] in directory '/home/sansforensics' [INFO ] Executing command ['systemd-run', '--scope', 'apt-get', '-q', '-y', '-o', 'DPkg::Options::=--force-confold', '-o', 'DPkg::Options::=--force-confdef', 'install', 'safecopy'] in directory '/home/sansforensics' [INFO ] Executing command ['dpkg-query', '--showformat', '${Status} ${Package} ${Version} ${Architecture}\n', '-W'] in directory '/home/sansforensics' [INFO ] Made the following changes: 'safecopy' changed from 'absent' to '1.7-1' [DEBUG ] Refreshing modules... [INFO ] Loading fresh modules for state activity [DEBUG ] LazyLoaded jinja.render [DEBUG ] LazyLoaded yaml.render [INFO ] Completed state [safecopy] at time 13:36:51.861008 duration_in_ms=4577.737 [DEBUG ] LazyLoaded config.option [DEBUG ] LazyLoaded pkg.install [DEBUG ] LazyLoaded pkg.installed [INFO ] Running state [samba] at time 13:36:51.867026 [INFO ] Executing state pkg.installed for samba [DEBUG ] Module DSC: Only available on Windows systems [DEBUG ] Module PSGet: Only available on Windows systems [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. [DEBUG ] Could not LazyLoad pkg.check_db: 'pkg.check_db' is not available. [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. [INFO ] Executing command ['dpkg', '--get-selections', '*'] in directory '/home/sansforensics' [INFO ] Executing command ['systemd-run', '--scope', 'apt-get', '-q', '-y', '-o', 'DPkg::Options::=--force-confold', '-o', 'DPkg::Options::=--force-confdef', 'install', 'samba'] in directory '/home/sansforensics' [INFO ] Executing command ['dpkg-query', '--showformat', '${Status} ${Package} ${Version} ${Architecture}\n', '-W'] in directory '/home/sansforensics' [INFO ] Made the following changes: 'tdb-tools' changed from 'absent' to '1.3.8-2' 'samba' changed from 'absent' to '2:4.3.11+dfsg-0ubuntu0.16.04.8' 'samba-dsdb-modules' changed from 'absent' to '2:4.3.11+dfsg-0ubuntu0.16.04.8' 'attr' changed from 'absent' to '1:2.4.47-2' 'samba-vfs-modules' changed from 'absent' to '2:4.3.11+dfsg-0ubuntu0.16.04.8' 'python-dnspython' changed from 'absent' to '1.12.0-1' [DEBUG ] Refreshing modules... [INFO ] Loading fresh modules for state activity [DEBUG ] LazyLoaded jinja.render [DEBUG ] LazyLoaded yaml.render [INFO ] Completed state [samba] at time 13:37:03.720723 duration_in_ms=11853.697 [DEBUG ] LazyLoaded config.option [DEBUG ] LazyLoaded pkg.install [DEBUG ] LazyLoaded pkg.installed [INFO ] Running state [samdump2] at time 13:37:03.726136 [INFO ] Executing state pkg.installed for samdump2 [DEBUG ] Module DSC: Only available on Windows systems [DEBUG ] Module PSGet: Only available on Windows systems [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. [INFO ] Package samdump2 is already installed [INFO ] Completed state [samdump2] at time 13:37:04.010835 duration_in_ms=284.698 [INFO ] Running state [scalpel] at time 13:37:04.011007 [INFO ] Executing state pkg.installed for scalpel [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. [DEBUG ] Could not LazyLoad pkg.check_db: 'pkg.check_db' is not available. [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. [INFO ] Executing command ['dpkg', '--get-selections', '*'] in directory '/home/sansforensics' [INFO ] Executing command ['systemd-run', '--scope', 'apt-get', '-q', '-y', '-o', 'DPkg::Options::=--force-confold', '-o', 'DPkg::Options::=--force-confdef', 'install', 'scalpel'] in directory '/home/sansforensics' [INFO ] Executing command ['dpkg-query', '--showformat', '${Status} ${Package} ${Version} ${Architecture}\n', '-W'] in directory '/home/sansforensics' [INFO ] Made the following changes: 'scalpel' changed from 'absent' to '1.60-3' [DEBUG ] Refreshing modules... [INFO ] Loading fresh modules for state activity [DEBUG ] LazyLoaded jinja.render [DEBUG ] LazyLoaded yaml.render [INFO ] Completed state [scalpel] at time 13:37:08.090886 duration_in_ms=4079.878 [DEBUG ] LazyLoaded config.option [DEBUG ] LazyLoaded pkg.install [DEBUG ] LazyLoaded pkg.installed [INFO ] Running state [sleuthkit] at time 13:37:08.098109 [INFO ] Executing state pkg.installed for sleuthkit [DEBUG ] Module DSC: Only available on Windows systems [DEBUG ] Module PSGet: Only available on Windows systems [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. [INFO ] Package sleuthkit is already installed [INFO ] Completed state [sleuthkit] at time 13:37:08.527936 duration_in_ms=429.825 [INFO ] Running state [socat] at time 13:37:08.528163 [INFO ] Executing state pkg.installed for socat [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. [DEBUG ] Could not LazyLoad pkg.check_db: 'pkg.check_db' is not available. [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. [INFO ] Executing command ['dpkg', '--get-selections', '*'] in directory '/home/sansforensics' [INFO ] Executing command ['systemd-run', '--scope', 'apt-get', '-q', '-y', '-o', 'DPkg::Options::=--force-confold', '-o', 'DPkg::Options::=--force-confdef', 'install', 'socat'] in directory '/home/sansforensics' [INFO ] Executing command ['dpkg-query', '--showformat', '${Status} ${Package} ${Version} ${Architecture}\n', '-W'] in directory '/home/sansforensics' [INFO ] Made the following changes: 'socat' changed from 'absent' to '1.7.3.1-1' [DEBUG ] Refreshing modules... [INFO ] Loading fresh modules for state activity [DEBUG ] LazyLoaded jinja.render [DEBUG ] LazyLoaded yaml.render [INFO ] Completed state [socat] at time 13:37:13.631927 duration_in_ms=5103.763 [DEBUG ] LazyLoaded config.option [DEBUG ] LazyLoaded pkg.install [DEBUG ] LazyLoaded pkg.installed [INFO ] Running state [ssdeep] at time 13:37:13.637784 [INFO ] Executing state pkg.installed for ssdeep [DEBUG ] Module DSC: Only available on Windows systems [DEBUG ] Module PSGet: Only available on Windows systems [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. [DEBUG ] Could not LazyLoad pkg.check_db: 'pkg.check_db' is not available. [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. [INFO ] Executing command ['dpkg', '--get-selections', '*'] in directory '/home/sansforensics' [INFO ] Executing command ['systemd-run', '--scope', 'apt-get', '-q', '-y', '-o', 'DPkg::Options::=--force-confold', '-o', 'DPkg::Options::=--force-confdef', 'install', 'ssdeep'] in directory '/home/sansforensics' [INFO ] Executing command ['dpkg-query', '--showformat', '${Status} ${Package} ${Version} ${Architecture}\n', '-W'] in directory '/home/sansforensics' [INFO ] Made the following changes: 'ssdeep' changed from 'absent' to '2.13-2' [DEBUG ] Refreshing modules... [INFO ] Loading fresh modules for state activity [DEBUG ] LazyLoaded jinja.render [DEBUG ] LazyLoaded yaml.render [INFO ] Completed state [ssdeep] at time 13:37:17.984081 duration_in_ms=4346.296 [DEBUG ] LazyLoaded config.option [DEBUG ] LazyLoaded pkg.install [DEBUG ] LazyLoaded pkg.installed [INFO ] Running state [ssldump] at time 13:37:17.989991 [INFO ] Executing state pkg.installed for ssldump [DEBUG ] Module DSC: Only available on Windows systems [DEBUG ] Module PSGet: Only available on Windows systems [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. [DEBUG ] Could not LazyLoad pkg.check_db: 'pkg.check_db' is not available. [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. [INFO ] Executing command ['dpkg', '--get-selections', '*'] in directory '/home/sansforensics' [INFO ] Executing command ['systemd-run', '--scope', 'apt-get', '-q', '-y', '-o', 'DPkg::Options::=--force-confold', '-o', 'DPkg::Options::=--force-confdef', 'install', 'ssldump'] in directory '/home/sansforensics' [INFO ] Executing command ['dpkg-query', '--showformat', '${Status} ${Package} ${Version} ${Architecture}\n', '-W'] in directory '/home/sansforensics' [INFO ] Made the following changes: 'ssldump' changed from 'absent' to '0.9b3-4.1ubuntu1' [DEBUG ] Refreshing modules... [INFO ] Loading fresh modules for state activity [DEBUG ] LazyLoaded jinja.render [DEBUG ] LazyLoaded yaml.render [INFO ] Completed state [ssldump] at time 13:37:22.721961 duration_in_ms=4731.971 [DEBUG ] LazyLoaded config.option [DEBUG ] LazyLoaded pkg.install [DEBUG ] LazyLoaded pkg.installed [INFO ] Running state [sslsniff] at time 13:37:22.727672 [INFO ] Executing state pkg.installed for sslsniff [DEBUG ] Module DSC: Only available on Windows systems [DEBUG ] Module PSGet: Only available on Windows systems [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. [DEBUG ] Could not LazyLoad pkg.check_db: 'pkg.check_db' is not available. [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. [INFO ] Executing command ['dpkg', '--get-selections', '*'] in directory '/home/sansforensics' [INFO ] Executing command ['systemd-run', '--scope', 'apt-get', '-q', '-y', '-o', 'DPkg::Options::=--force-confold', '-o', 'DPkg::Options::=--force-confdef', 'install', 'sslsniff'] in directory '/home/sansforensics' [INFO ] Executing command ['dpkg-query', '--showformat', '${Status} ${Package} ${Version} ${Architecture}\n', '-W'] in directory '/home/sansforensics' [INFO ] Made the following changes: 'liblog4cpp5v5' changed from 'absent' to '1.0-4.1' 'sslsniff' changed from 'absent' to '0.8-4.2build1' [DEBUG ] Refreshing modules... [INFO ] Loading fresh modules for state activity [DEBUG ] LazyLoaded jinja.render [DEBUG ] LazyLoaded yaml.render [INFO ] Completed state [sslsniff] at time 13:37:32.688055 duration_in_ms=9960.382 [DEBUG ] LazyLoaded config.option [DEBUG ] LazyLoaded pkg.install [DEBUG ] LazyLoaded pkg.installed [INFO ] Running state [stunnel4] at time 13:37:32.698679 [INFO ] Executing state pkg.installed for stunnel4 [DEBUG ] Module DSC: Only available on Windows systems [DEBUG ] Module PSGet: Only available on Windows systems [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. [DEBUG ] Could not LazyLoad pkg.check_db: 'pkg.check_db' is not available. [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. [INFO ] Executing command ['dpkg', '--get-selections', '*'] in directory '/home/sansforensics' [INFO ] Executing command ['systemd-run', '--scope', 'apt-get', '-q', '-y', '-o', 'DPkg::Options::=--force-confold', '-o', 'DPkg::Options::=--force-confdef', 'install', 'stunnel4'] in directory '/home/sansforensics' [INFO ] Executing command ['dpkg-query', '--showformat', '${Status} ${Package} ${Version} ${Architecture}\n', '-W'] in directory '/home/sansforensics' [INFO ] Made the following changes: 'stunnel' changed from 'absent' to '1' 'stunnel4' changed from 'absent' to '3:5.30-1' [DEBUG ] Refreshing modules... [INFO ] Loading fresh modules for state activity [DEBUG ] LazyLoaded jinja.render [DEBUG ] LazyLoaded yaml.render [INFO ] Completed state [stunnel4] at time 13:37:39.046754 duration_in_ms=6348.075 [DEBUG ] LazyLoaded config.option [DEBUG ] LazyLoaded pkg.install [DEBUG ] LazyLoaded pkg.installed [INFO ] Running state [system-config-samba] at time 13:37:39.052049 [INFO ] Executing state pkg.installed for system-config-samba [DEBUG ] Module DSC: Only available on Windows systems [DEBUG ] Module PSGet: Only available on Windows systems [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. [DEBUG ] Could not LazyLoad pkg.check_db: 'pkg.check_db' is not available. [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. [INFO ] Executing command ['dpkg', '--get-selections', '*'] in directory '/home/sansforensics' [INFO ] Executing command ['systemd-run', '--scope', 'apt-get', '-q', '-y', '-o', 'DPkg::Options::=--force-confold', '-o', 'DPkg::Options::=--force-confdef', 'install', 'system-config-samba'] in directory '/home/sansforensics' [INFO ] Executing command ['dpkg-query', '--showformat', '${Status} ${Package} ${Version} ${Architecture}\n', '-W'] in directory '/home/sansforensics' [INFO ] Made the following changes: 'python-glade2' changed from 'absent' to '2.24.0-4ubuntu1' 'python2.7-gobject' changed from 'absent' to '1' 'python2.7-gobject-2' changed from 'absent' to '1' 'system-config-samba' changed from 'absent' to '1.2.63-0ubuntu6' 'python2.7-cairo' changed from 'absent' to '1' 'python-cairo' changed from 'absent' to '1.8.8-2' 'python2.7-libuser' changed from 'absent' to '1' 'python-gobject-2' changed from 'absent' to '2.28.6-12ubuntu1' 'python-libuser' changed from 'absent' to '1:0.60~dfsg-1.2' 'python-gtk2' changed from 'absent' to '2.24.0-4ubuntu1' 'libuser1' changed from 'absent' to '1:0.60~dfsg-1.2' [DEBUG ] Refreshing modules... [INFO ] Loading fresh modules for state activity [DEBUG ] LazyLoaded jinja.render [DEBUG ] LazyLoaded yaml.render [INFO ] Completed state [system-config-samba] at time 13:37:47.321149 duration_in_ms=8269.1 [DEBUG ] LazyLoaded config.option [DEBUG ] LazyLoaded pkg.install [DEBUG ] LazyLoaded pkg.installed [INFO ] Running state [tcl] at time 13:37:47.327201 [INFO ] Executing state pkg.installed for tcl [DEBUG ] Module DSC: Only available on Windows systems [DEBUG ] Module PSGet: Only available on Windows systems [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. [INFO ] Package tcl is already installed [INFO ] Completed state [tcl] at time 13:37:47.610506 duration_in_ms=283.305 [INFO ] Running state [tcpflow] at time 13:37:47.610668 [INFO ] Executing state pkg.installed for tcpflow [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. [DEBUG ] Could not LazyLoad pkg.check_db: 'pkg.check_db' is not available. [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. [INFO ] Executing command ['dpkg', '--get-selections', '*'] in directory '/home/sansforensics' [INFO ] Executing command ['systemd-run', '--scope', 'apt-get', '-q', '-y', '-o', 'DPkg::Options::=--force-confold', '-o', 'DPkg::Options::=--force-confdef', 'install', 'tcpflow'] in directory '/home/sansforensics' [INFO ] Executing command ['dpkg-query', '--showformat', '${Status} ${Package} ${Version} ${Architecture}\n', '-W'] in directory '/home/sansforensics' [INFO ] Made the following changes: 'libhttp-parser2.1' changed from 'absent' to '2.1-2' 'tcpflow' changed from 'absent' to '1.4.5+repack1-1' [DEBUG ] Refreshing modules... [INFO ] Loading fresh modules for state activity [DEBUG ] LazyLoaded jinja.render [DEBUG ] LazyLoaded yaml.render [INFO ] Completed state [tcpflow] at time 13:37:52.311045 duration_in_ms=4700.376 [DEBUG ] LazyLoaded config.option [DEBUG ] LazyLoaded pkg.install [DEBUG ] LazyLoaded pkg.installed [INFO ] Running state [tcpick] at time 13:37:52.317127 [INFO ] Executing state pkg.installed for tcpick [DEBUG ] Module DSC: Only available on Windows systems [DEBUG ] Module PSGet: Only available on Windows systems [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. [DEBUG ] Could not LazyLoad pkg.check_db: 'pkg.check_db' is not available. [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. [INFO ] Executing command ['dpkg', '--get-selections', '*'] in directory '/home/sansforensics' [INFO ] Executing command ['systemd-run', '--scope', 'apt-get', '-q', '-y', '-o', 'DPkg::Options::=--force-confold', '-o', 'DPkg::Options::=--force-confdef', 'install', 'tcpick'] in directory '/home/sansforensics' [INFO ] Executing command ['dpkg-query', '--showformat', '${Status} ${Package} ${Version} ${Architecture}\n', '-W'] in directory '/home/sansforensics' [INFO ] Made the following changes: 'tcpick' changed from 'absent' to '0.2.1-6.1' [DEBUG ] Refreshing modules... [INFO ] Loading fresh modules for state activity [DEBUG ] LazyLoaded jinja.render [DEBUG ] LazyLoaded yaml.render [INFO ] Completed state [tcpick] at time 13:37:56.472210 duration_in_ms=4155.083 [DEBUG ] LazyLoaded config.option [DEBUG ] LazyLoaded pkg.install [DEBUG ] LazyLoaded pkg.installed [INFO ] Running state [tcpreplay] at time 13:37:56.477994 [INFO ] Executing state pkg.installed for tcpreplay [DEBUG ] Module DSC: Only available on Windows systems [DEBUG ] Module PSGet: Only available on Windows systems [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. [DEBUG ] Could not LazyLoad pkg.check_db: 'pkg.check_db' is not available. [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. [INFO ] Executing command ['dpkg', '--get-selections', '*'] in directory '/home/sansforensics' [INFO ] Executing command ['systemd-run', '--scope', 'apt-get', '-q', '-y', '-o', 'DPkg::Options::=--force-confold', '-o', 'DPkg::Options::=--force-confdef', 'install', 'tcpreplay'] in directory '/home/sansforensics' [INFO ] Executing command ['dpkg-query', '--showformat', '${Status} ${Package} ${Version} ${Architecture}\n', '-W'] in directory '/home/sansforensics' [INFO ] Made the following changes: 'tcpreplay' changed from 'absent' to '3.4.4-2' [DEBUG ] Refreshing modules... [INFO ] Loading fresh modules for state activity [DEBUG ] LazyLoaded jinja.render [DEBUG ] LazyLoaded yaml.render [INFO ] Completed state [tcpreplay] at time 13:38:03.922889 duration_in_ms=7444.894 [DEBUG ] LazyLoaded config.option [DEBUG ] LazyLoaded pkg.install [DEBUG ] LazyLoaded pkg.installed [INFO ] Running state [tcpslice] at time 13:38:03.928445 [INFO ] Executing state pkg.installed for tcpslice [DEBUG ] Module DSC: Only available on Windows systems [DEBUG ] Module PSGet: Only available on Windows systems [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. [DEBUG ] Could not LazyLoad pkg.check_db: 'pkg.check_db' is not available. [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. [INFO ] Executing command ['dpkg', '--get-selections', '*'] in directory '/home/sansforensics' [INFO ] Executing command ['systemd-run', '--scope', 'apt-get', '-q', '-y', '-o', 'DPkg::Options::=--force-confold', '-o', 'DPkg::Options::=--force-confdef', 'install', 'tcpslice'] in directory '/home/sansforensics' [INFO ] Executing command ['dpkg-query', '--showformat', '${Status} ${Package} ${Version} ${Architecture}\n', '-W'] in directory '/home/sansforensics' [INFO ] Made the following changes: 'tcpslice' changed from 'absent' to '1.2a3-4' [DEBUG ] Refreshing modules... [INFO ] Loading fresh modules for state activity [DEBUG ] LazyLoaded jinja.render [DEBUG ] LazyLoaded yaml.render [INFO ] Completed state [tcpslice] at time 13:38:08.655072 duration_in_ms=4726.626 [DEBUG ] LazyLoaded config.option [DEBUG ] LazyLoaded pkg.install [DEBUG ] LazyLoaded pkg.installed [INFO ] Running state [tcpstat] at time 13:38:08.660295 [INFO ] Executing state pkg.installed for tcpstat [DEBUG ] Module DSC: Only available on Windows systems [DEBUG ] Module PSGet: Only available on Windows systems [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. [DEBUG ] Could not LazyLoad pkg.check_db: 'pkg.check_db' is not available. [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. [INFO ] Executing command ['dpkg', '--get-selections', '*'] in directory '/home/sansforensics' [INFO ] Executing command ['systemd-run', '--scope', 'apt-get', '-q', '-y', '-o', 'DPkg::Options::=--force-confold', '-o', 'DPkg::Options::=--force-confdef', 'install', 'tcpstat'] in directory '/home/sansforensics' [INFO ] Executing command ['dpkg-query', '--showformat', '${Status} ${Package} ${Version} ${Architecture}\n', '-W'] in directory '/home/sansforensics' [INFO ] Made the following changes: 'tcpstat' changed from 'absent' to '1.5-8' [DEBUG ] Refreshing modules... [INFO ] Loading fresh modules for state activity [DEBUG ] LazyLoaded jinja.render [DEBUG ] LazyLoaded yaml.render [INFO ] Completed state [tcpstat] at time 13:38:12.781698 duration_in_ms=4121.402 [DEBUG ] LazyLoaded config.option [DEBUG ] LazyLoaded pkg.install [DEBUG ] LazyLoaded pkg.installed [INFO ] Running state [tcptrace] at time 13:38:12.787510 [INFO ] Executing state pkg.installed for tcptrace [DEBUG ] Module DSC: Only available on Windows systems [DEBUG ] Module PSGet: Only available on Windows systems [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. [DEBUG ] Could not LazyLoad pkg.check_db: 'pkg.check_db' is not available. [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. [INFO ] Executing command ['dpkg', '--get-selections', '*'] in directory '/home/sansforensics' [INFO ] Executing command ['systemd-run', '--scope', 'apt-get', '-q', '-y', '-o', 'DPkg::Options::=--force-confold', '-o', 'DPkg::Options::=--force-confdef', 'install', 'tcptrace'] in directory '/home/sansforensics' [INFO ] Executing command ['dpkg-query', '--showformat', '${Status} ${Package} ${Version} ${Architecture}\n', '-W'] in directory '/home/sansforensics' [INFO ] Made the following changes: 'xplot-xplot.org' changed from 'absent' to '0.90.7.1-2' 'tcptrace' changed from 'absent' to '6.6.7-4.1' [DEBUG ] Refreshing modules... [INFO ] Loading fresh modules for state activity [DEBUG ] LazyLoaded jinja.render [DEBUG ] LazyLoaded yaml.render [INFO ] Completed state [tcptrace] at time 13:38:18.511332 duration_in_ms=5723.822 [DEBUG ] LazyLoaded config.option [DEBUG ] LazyLoaded pkg.install [DEBUG ] LazyLoaded pkg.installed [INFO ] Running state [tcptrack] at time 13:38:18.517411 [INFO ] Executing state pkg.installed for tcptrack [DEBUG ] Module DSC: Only available on Windows systems [DEBUG ] Module PSGet: Only available on Windows systems [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. [DEBUG ] Could not LazyLoad pkg.check_db: 'pkg.check_db' is not available. [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. [INFO ] Executing command ['dpkg', '--get-selections', '*'] in directory '/home/sansforensics' [INFO ] Executing command ['systemd-run', '--scope', 'apt-get', '-q', '-y', '-o', 'DPkg::Options::=--force-confold', '-o', 'DPkg::Options::=--force-confdef', 'install', 'tcptrack'] in directory '/home/sansforensics' [INFO ] Executing command ['dpkg-query', '--showformat', '${Status} ${Package} ${Version} ${Architecture}\n', '-W'] in directory '/home/sansforensics' [INFO ] Made the following changes: 'tcptrack' changed from 'absent' to '1.4.2-2' [DEBUG ] Refreshing modules... [INFO ] Loading fresh modules for state activity [DEBUG ] LazyLoaded jinja.render [DEBUG ] LazyLoaded yaml.render [INFO ] Completed state [tcptrack] at time 13:38:23.151829 duration_in_ms=4634.418 [DEBUG ] LazyLoaded config.option [DEBUG ] LazyLoaded pkg.install [DEBUG ] LazyLoaded pkg.installed [INFO ] Running state [tcpxtract] at time 13:38:23.158311 [INFO ] Executing state pkg.installed for tcpxtract [DEBUG ] Module DSC: Only available on Windows systems [DEBUG ] Module PSGet: Only available on Windows systems [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. [DEBUG ] Could not LazyLoad pkg.check_db: 'pkg.check_db' is not available. [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. [INFO ] Executing command ['dpkg', '--get-selections', '*'] in directory '/home/sansforensics' [INFO ] Executing command ['systemd-run', '--scope', 'apt-get', '-q', '-y', '-o', 'DPkg::Options::=--force-confold', '-o', 'DPkg::Options::=--force-confdef', 'install', 'tcpxtract'] in directory '/home/sansforensics' [INFO ] Executing command ['dpkg-query', '--showformat', '${Status} ${Package} ${Version} ${Architecture}\n', '-W'] in directory '/home/sansforensics' [INFO ] Made the following changes: 'tcpxtract' changed from 'absent' to '1.0.1-9' [DEBUG ] Refreshing modules... [INFO ] Loading fresh modules for state activity [DEBUG ] LazyLoaded jinja.render [DEBUG ] LazyLoaded yaml.render [INFO ] Completed state [tcpxtract] at time 13:38:27.902359 duration_in_ms=4744.047 [DEBUG ] LazyLoaded config.option [DEBUG ] LazyLoaded pkg.install [DEBUG ] LazyLoaded pkg.installed [INFO ] Running state [testdisk] at time 13:38:27.908535 [INFO ] Executing state pkg.installed for testdisk [DEBUG ] Module DSC: Only available on Windows systems [DEBUG ] Module PSGet: Only available on Windows systems [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. [DEBUG ] Could not LazyLoad pkg.check_db: 'pkg.check_db' is not available. [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. [INFO ] Executing command ['dpkg', '--get-selections', '*'] in directory '/home/sansforensics' [INFO ] Executing command ['systemd-run', '--scope', 'apt-get', '-q', '-y', '-o', 'DPkg::Options::=--force-confold', '-o', 'DPkg::Options::=--force-confdef', 'install', 'testdisk'] in directory '/home/sansforensics' [INFO ] Executing command ['dpkg-query', '--showformat', '${Status} ${Package} ${Version} ${Architecture}\n', '-W'] in directory '/home/sansforensics' [INFO ] Made the following changes: 'testdisk' changed from 'absent' to '7.0-1' [DEBUG ] Refreshing modules... [INFO ] Loading fresh modules for state activity [DEBUG ] LazyLoaded jinja.render [DEBUG ] LazyLoaded yaml.render [INFO ] Completed state [testdisk] at time 13:38:32.919788 duration_in_ms=5011.253 [DEBUG ] LazyLoaded config.option [DEBUG ] LazyLoaded pkg.install [DEBUG ] LazyLoaded pkg.installed [INFO ] Running state [tofrodos] at time 13:38:32.927813 [INFO ] Executing state pkg.installed for tofrodos [DEBUG ] Module DSC: Only available on Windows systems [DEBUG ] Module PSGet: Only available on Windows systems [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. [DEBUG ] Could not LazyLoad pkg.check_db: 'pkg.check_db' is not available. [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. [INFO ] Executing command ['dpkg', '--get-selections', '*'] in directory '/home/sansforensics' [INFO ] Executing command ['systemd-run', '--scope', 'apt-get', '-q', '-y', '-o', 'DPkg::Options::=--force-confold', '-o', 'DPkg::Options::=--force-confdef', 'install', 'tofrodos'] in directory '/home/sansforensics' [INFO ] Executing command ['dpkg-query', '--showformat', '${Status} ${Package} ${Version} ${Architecture}\n', '-W'] in directory '/home/sansforensics' [INFO ] Made the following changes: 'tofrodos' changed from 'absent' to '1.7.13+ds-2ubuntu1' [DEBUG ] Refreshing modules... [INFO ] Loading fresh modules for state activity [DEBUG ] LazyLoaded jinja.render [DEBUG ] LazyLoaded yaml.render [INFO ] Completed state [tofrodos] at time 13:38:37.804965 duration_in_ms=4877.152 [DEBUG ] LazyLoaded config.option [DEBUG ] LazyLoaded pkg.install [DEBUG ] LazyLoaded pkg.installed [INFO ] Running state [transmission] at time 13:38:37.811372 [INFO ] Executing state pkg.installed for transmission [DEBUG ] Module DSC: Only available on Windows systems [DEBUG ] Module PSGet: Only available on Windows systems [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. [DEBUG ] Could not LazyLoad pkg.check_db: 'pkg.check_db' is not available. [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. [INFO ] Executing command ['dpkg', '--get-selections', '*'] in directory '/home/sansforensics' [INFO ] Executing command ['systemd-run', '--scope', 'apt-get', '-q', '-y', '-o', 'DPkg::Options::=--force-confold', '-o', 'DPkg::Options::=--force-confdef', 'install', 'transmission'] in directory '/home/sansforensics' [INFO ] Executing command ['dpkg-query', '--showformat', '${Status} ${Package} ${Version} ${Architecture}\n', '-W'] in directory '/home/sansforensics' [INFO ] Made the following changes: 'transmission' changed from 'absent' to '2.84-3ubuntu3' [DEBUG ] Refreshing modules... [INFO ] Loading fresh modules for state activity [DEBUG ] LazyLoaded jinja.render [DEBUG ] LazyLoaded yaml.render [INFO ] Completed state [transmission] at time 13:38:42.024856 duration_in_ms=4213.485 [DEBUG ] LazyLoaded config.option [DEBUG ] LazyLoaded pkg.install [DEBUG ] LazyLoaded pkg.installed [INFO ] Running state [unity-control-center] at time 13:38:42.030924 [INFO ] Executing state pkg.installed for unity-control-center [DEBUG ] Module DSC: Only available on Windows systems [DEBUG ] Module PSGet: Only available on Windows systems [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. [INFO ] Package unity-control-center is already installed [INFO ] Completed state [unity-control-center] at time 13:38:42.340352 duration_in_ms=309.428 [INFO ] Running state [unrar] at time 13:38:42.341928 [INFO ] Executing state pkg.installed for unrar [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. [DEBUG ] Could not LazyLoad pkg.check_db: 'pkg.check_db' is not available. [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. [INFO ] Executing command ['dpkg', '--get-selections', '*'] in directory '/home/sansforensics' [INFO ] Executing command ['systemd-run', '--scope', 'apt-get', '-q', '-y', '-o', 'DPkg::Options::=--force-confold', '-o', 'DPkg::Options::=--force-confdef', 'install', 'unrar'] in directory '/home/sansforensics' [INFO ] Executing command ['dpkg-query', '--showformat', '${Status} ${Package} ${Version} ${Architecture}\n', '-W'] in directory '/home/sansforensics' [INFO ] Made the following changes: 'unrar' changed from 'absent' to '1:5.3.2-1' [DEBUG ] Refreshing modules... [INFO ] Loading fresh modules for state activity [DEBUG ] LazyLoaded jinja.render [DEBUG ] LazyLoaded yaml.render [INFO ] Completed state [unrar] at time 13:38:46.397069 duration_in_ms=4055.14 [DEBUG ] LazyLoaded config.option [DEBUG ] LazyLoaded pkg.install [DEBUG ] LazyLoaded pkg.installed [INFO ] Running state [upx-ucl] at time 13:38:46.403120 [INFO ] Executing state pkg.installed for upx-ucl [DEBUG ] Module DSC: Only available on Windows systems [DEBUG ] Module PSGet: Only available on Windows systems [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. [DEBUG ] Could not LazyLoad pkg.check_db: 'pkg.check_db' is not available. [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. [INFO ] Executing command ['dpkg', '--get-selections', '*'] in directory '/home/sansforensics' [INFO ] Executing command ['systemd-run', '--scope', 'apt-get', '-q', '-y', '-o', 'DPkg::Options::=--force-confold', '-o', 'DPkg::Options::=--force-confdef', 'install', 'upx-ucl'] in directory '/home/sansforensics' [INFO ] Executing command ['dpkg-query', '--showformat', '${Status} ${Package} ${Version} ${Architecture}\n', '-W'] in directory '/home/sansforensics' [INFO ] Made the following changes: 'upx-ucl' changed from 'absent' to '3.91-1' 'upx' changed from 'absent' to '1' 'libucl1' changed from 'absent' to '1.03+repack-3' [DEBUG ] Refreshing modules... [INFO ] Loading fresh modules for state activity [DEBUG ] LazyLoaded jinja.render [DEBUG ] LazyLoaded yaml.render [INFO ] Completed state [upx-ucl] at time 13:38:51.568387 duration_in_ms=5165.268 [DEBUG ] LazyLoaded config.option [DEBUG ] LazyLoaded pkg.install [DEBUG ] LazyLoaded pkg.installed [INFO ] Running state [vbindiff] at time 13:38:51.575378 [INFO ] Executing state pkg.installed for vbindiff [DEBUG ] Module DSC: Only available on Windows systems [DEBUG ] Module PSGet: Only available on Windows systems [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. [DEBUG ] Could not LazyLoad pkg.check_db: 'pkg.check_db' is not available. [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. [INFO ] Executing command ['dpkg', '--get-selections', '*'] in directory '/home/sansforensics' [INFO ] Executing command ['systemd-run', '--scope', 'apt-get', '-q', '-y', '-o', 'DPkg::Options::=--force-confold', '-o', 'DPkg::Options::=--force-confdef', 'install', 'vbindiff'] in directory '/home/sansforensics' [INFO ] Executing command ['dpkg-query', '--showformat', '${Status} ${Package} ${Version} ${Architecture}\n', '-W'] in directory '/home/sansforensics' [INFO ] Made the following changes: 'vbindiff' changed from 'absent' to '3.0-beta4-1build1' [DEBUG ] Refreshing modules... [INFO ] Loading fresh modules for state activity [DEBUG ] LazyLoaded jinja.render [DEBUG ] LazyLoaded yaml.render [INFO ] Completed state [vbindiff] at time 13:38:56.104806 duration_in_ms=4529.428 [DEBUG ] LazyLoaded config.option [DEBUG ] LazyLoaded pkg.install [DEBUG ] LazyLoaded pkg.installed [INFO ] Running state [vim] at time 13:38:56.111475 [INFO ] Executing state pkg.installed for vim [DEBUG ] Module DSC: Only available on Windows systems [DEBUG ] Module PSGet: Only available on Windows systems [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. [DEBUG ] Could not LazyLoad pkg.check_db: 'pkg.check_db' is not available. [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. [INFO ] Executing command ['dpkg', '--get-selections', '*'] in directory '/home/sansforensics' [INFO ] Executing command ['systemd-run', '--scope', 'apt-get', '-q', '-y', '-o', 'DPkg::Options::=--force-confold', '-o', 'DPkg::Options::=--force-confdef', 'install', 'vim'] in directory '/home/sansforensics' [INFO ] Executing command ['dpkg-query', '--showformat', '${Status} ${Package} ${Version} ${Architecture}\n', '-W'] in directory '/home/sansforensics' [INFO ] Made the following changes: 'vim-runtime' changed from 'absent' to '2:7.4.1689-3ubuntu1.2' 'vim' changed from 'absent' to '2:7.4.1689-3ubuntu1.2' [DEBUG ] Refreshing modules... [INFO ] Loading fresh modules for state activity [DEBUG ] LazyLoaded jinja.render [DEBUG ] LazyLoaded yaml.render [INFO ] Completed state [vim] at time 13:39:15.236570 duration_in_ms=19125.095 [DEBUG ] LazyLoaded config.option [DEBUG ] LazyLoaded pkg.install [DEBUG ] LazyLoaded pkg.installed [INFO ] Running state [virtuoso-minimal] at time 13:39:15.241251 [INFO ] Executing state pkg.installed for virtuoso-minimal [DEBUG ] Module DSC: Only available on Windows systems [DEBUG ] Module PSGet: Only available on Windows systems [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. [DEBUG ] Could not LazyLoad pkg.check_db: 'pkg.check_db' is not available. [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. [INFO ] Executing command ['dpkg', '--get-selections', '*'] in directory '/home/sansforensics' [INFO ] Executing command ['systemd-run', '--scope', 'apt-get', '-q', '-y', '-o', 'DPkg::Options::=--force-confold', '-o', 'DPkg::Options::=--force-confdef', 'install', 'virtuoso-minimal'] in directory '/home/sansforensics' [INFO ] Executing command ['dpkg-query', '--showformat', '${Status} ${Package} ${Version} ${Architecture}\n', '-W'] in directory '/home/sansforensics' [INFO ] Made the following changes: 'odbcinst' changed from 'absent' to '2.3.1-4.1' 'virtuoso-minimal' changed from 'absent' to '6.1.6+repack-0ubuntu5' 'virtuoso-opensource-6.1-bin' changed from 'absent' to '6.1.6+repack-0ubuntu5' 'odbcinst1debian2' changed from 'absent' to '2.3.1-4.1' 'virtuoso-opensource-6.1-common' changed from 'absent' to '6.1.6+repack-0ubuntu5' 'libvirtodbc0' changed from 'absent' to '6.1.6+repack-0ubuntu5' [DEBUG ] Refreshing modules... [INFO ] Loading fresh modules for state activity [DEBUG ] LazyLoaded jinja.render [DEBUG ] LazyLoaded yaml.render [INFO ] Completed state [virtuoso-minimal] at time 13:39:24.503796 duration_in_ms=9262.545 [DEBUG ] LazyLoaded config.option [DEBUG ] LazyLoaded pkg.install [DEBUG ] LazyLoaded pkg.installed [INFO ] Running state [vmfs-tools] at time 13:39:24.508764 [INFO ] Executing state pkg.installed for vmfs-tools [DEBUG ] Module DSC: Only available on Windows systems [DEBUG ] Module PSGet: Only available on Windows systems [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. [DEBUG ] Could not LazyLoad pkg.check_db: 'pkg.check_db' is not available. [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. [INFO ] Executing command ['dpkg', '--get-selections', '*'] in directory '/home/sansforensics' [INFO ] Executing command ['systemd-run', '--scope', 'apt-get', '-q', '-y', '-o', 'DPkg::Options::=--force-confold', '-o', 'DPkg::Options::=--force-confdef', 'install', 'vmfs-tools'] in directory '/home/sansforensics' [INFO ] Executing command ['dpkg-query', '--showformat', '${Status} ${Package} ${Version} ${Architecture}\n', '-W'] in directory '/home/sansforensics' [INFO ] Made the following changes: 'vmfs-tools' changed from 'absent' to '0.2.5-1' [DEBUG ] Refreshing modules... [INFO ] Loading fresh modules for state activity [DEBUG ] LazyLoaded jinja.render [DEBUG ] LazyLoaded yaml.render [INFO ] Completed state [vmfs-tools] at time 13:39:28.125138 duration_in_ms=3616.373 [DEBUG ] LazyLoaded config.option [DEBUG ] LazyLoaded pkg.install [DEBUG ] LazyLoaded pkg.installed [INFO ] Running state [winbind] at time 13:39:28.129781 [INFO ] Executing state pkg.installed for winbind [DEBUG ] Module DSC: Only available on Windows systems [DEBUG ] Module PSGet: Only available on Windows systems [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. [DEBUG ] Could not LazyLoad pkg.check_db: 'pkg.check_db' is not available. [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. [INFO ] Executing command ['dpkg', '--get-selections', '*'] in directory '/home/sansforensics' [INFO ] Executing command ['systemd-run', '--scope', 'apt-get', '-q', '-y', '-o', 'DPkg::Options::=--force-confold', '-o', 'DPkg::Options::=--force-confdef', 'install', 'winbind'] in directory '/home/sansforensics' [INFO ] Executing command ['dpkg-query', '--showformat', '${Status} ${Package} ${Version} ${Architecture}\n', '-W'] in directory '/home/sansforensics' [INFO ] Made the following changes: 'winbind' changed from 'absent' to '2:4.3.11+dfsg-0ubuntu0.16.04.8' [DEBUG ] Refreshing modules... [INFO ] Loading fresh modules for state activity [DEBUG ] LazyLoaded jinja.render [DEBUG ] LazyLoaded yaml.render [INFO ] Completed state [winbind] at time 13:39:33.092953 duration_in_ms=4963.173 [DEBUG ] LazyLoaded config.option [DEBUG ] LazyLoaded pkg.install [DEBUG ] LazyLoaded pkg.installed [INFO ] Running state [wireshark] at time 13:39:33.097396 [INFO ] Executing state pkg.installed for wireshark [DEBUG ] Module DSC: Only available on Windows systems [DEBUG ] Module PSGet: Only available on Windows systems [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. [DEBUG ] Could not LazyLoad pkg.check_db: 'pkg.check_db' is not available. [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. [INFO ] Executing command ['dpkg', '--get-selections', '*'] in directory '/home/sansforensics' [INFO ] Executing command ['systemd-run', '--scope', 'apt-get', '-q', '-y', '-o', 'DPkg::Options::=--force-confold', '-o', 'DPkg::Options::=--force-confdef', 'install', 'wireshark'] in directory '/home/sansforensics' [INFO ] Executing command ['dpkg-query', '--showformat', '${Status} ${Package} ${Version} ${Architecture}\n', '-W'] in directory '/home/sansforensics' [INFO ] Made the following changes: 'libqgsttools-p1' changed from 'absent' to '5.5.1-4ubuntu2' 'geoip-database-extra' changed from 'absent' to '20160408-1' 'libnghttp2-14' changed from 'absent' to '1.7.1-1' 'wireshark-common' changed from 'absent' to '2.2.6+g32dac6a-2ubuntu0.16.04' 'libwiretap6' changed from 'absent' to '2.2.6+g32dac6a-2ubuntu0.16.04' 'libc-ares2' changed from 'absent' to '1.10.0-3ubuntu0.1' 'libqt5multimedia5-plugins' changed from 'absent' to '5.5.1-4ubuntu2' 'libwscodecs1' changed from 'absent' to '2.2.6+g32dac6a-2ubuntu0.16.04' 'libsmi2ldbl' changed from 'absent' to '0.4.8+dfsg2-11' 'libjs-openlayers' changed from 'absent' to '2.13.1+ds2-2' 'libwireshark-data' changed from 'absent' to '2.2.6+g32dac6a-2ubuntu0.16.04' 'wireshark-qt' changed from 'absent' to '2.2.6+g32dac6a-2ubuntu0.16.04' 'libqt5multimediawidgets5' changed from 'absent' to '5.5.1-4ubuntu2' 'libwsutil7' changed from 'absent' to '2.2.6+g32dac6a-2ubuntu0.16.04' 'libwireshark8' changed from 'absent' to '2.2.6+g32dac6a-2ubuntu0.16.04' 'wireshark' changed from 'absent' to '2.2.6+g32dac6a-2ubuntu0.16.04' [DEBUG ] Refreshing modules... [INFO ] Loading fresh modules for state activity [DEBUG ] LazyLoaded jinja.render [DEBUG ] LazyLoaded yaml.render [INFO ] Completed state [wireshark] at time 13:40:37.936531 duration_in_ms=64839.135 [DEBUG ] LazyLoaded config.option [DEBUG ] LazyLoaded pkg.install [DEBUG ] LazyLoaded pkg.installed [INFO ] Running state [xdot] at time 13:40:37.942120 [INFO ] Executing state pkg.installed for xdot [DEBUG ] Module DSC: Only available on Windows systems [DEBUG ] Module PSGet: Only available on Windows systems [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. [DEBUG ] Could not LazyLoad pkg.check_db: 'pkg.check_db' is not available. [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. [INFO ] Executing command ['dpkg', '--get-selections', '*'] in directory '/home/sansforensics' [INFO ] Executing command ['systemd-run', '--scope', 'apt-get', '-q', '-y', '-o', 'DPkg::Options::=--force-confold', '-o', 'DPkg::Options::=--force-confdef', 'install', 'xdot'] in directory '/home/sansforensics' [INFO ] Executing command ['dpkg-query', '--showformat', '${Status} ${Package} ${Version} ${Architecture}\n', '-W'] in directory '/home/sansforensics' [INFO ] Made the following changes: 'xdot' changed from 'absent' to '0.6-3' 'libpathplan4' changed from 'absent' to '2.38.0-12ubuntu2.1' 'libcgraph6' changed from 'absent' to '2.38.0-12ubuntu2.1' 'libcdt5' changed from 'absent' to '2.38.0-12ubuntu2.1' 'libgvc6' changed from 'absent' to '2.38.0-12ubuntu2.1' 'libgvpr2' changed from 'absent' to '2.38.0-12ubuntu2.1' 'graphviz' changed from 'absent' to '2.38.0-12ubuntu2.1' [DEBUG ] Refreshing modules... [INFO ] Loading fresh modules for state activity [DEBUG ] LazyLoaded jinja.render [DEBUG ] LazyLoaded yaml.render [INFO ] Completed state [xdot] at time 13:40:44.948575 duration_in_ms=7006.455 [DEBUG ] LazyLoaded config.option [DEBUG ] LazyLoaded pkg.install [DEBUG ] LazyLoaded pkg.installed [INFO ] Running state [xfsprogs] at time 13:40:44.954188 [INFO ] Executing state pkg.installed for xfsprogs [DEBUG ] Module DSC: Only available on Windows systems [DEBUG ] Module PSGet: Only available on Windows systems [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. [DEBUG ] Could not LazyLoad pkg.check_db: 'pkg.check_db' is not available. [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. [INFO ] Executing command ['dpkg', '--get-selections', '*'] in directory '/home/sansforensics' [INFO ] Executing command ['systemd-run', '--scope', 'apt-get', '-q', '-y', '-o', 'DPkg::Options::=--force-confold', '-o', 'DPkg::Options::=--force-confdef', 'install', 'xfsprogs'] in directory '/home/sansforensics' [INFO ] Executing command ['dpkg-query', '--showformat', '${Status} ${Package} ${Version} ${Architecture}\n', '-W'] in directory '/home/sansforensics' [INFO ] Made the following changes: 'fsck-backend' changed from 'absent' to '1' 'libreadline5' changed from 'absent' to '5.2+dfsg-3build1' 'xfsprogs' changed from 'absent' to '4.3.0+nmu1ubuntu1' [DEBUG ] Refreshing modules... [INFO ] Loading fresh modules for state activity [DEBUG ] LazyLoaded jinja.render [DEBUG ] LazyLoaded yaml.render [INFO ] Completed state [xfsprogs] at time 13:40:59.275014 duration_in_ms=14320.825 [DEBUG ] LazyLoaded config.option [DEBUG ] LazyLoaded pkg.install [DEBUG ] LazyLoaded pkg.installed [INFO ] Running state [xmount] at time 13:40:59.279586 [INFO ] Executing state pkg.installed for xmount [DEBUG ] Module DSC: Only available on Windows systems [DEBUG ] Module PSGet: Only available on Windows systems [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. [DEBUG ] Could not LazyLoad pkg.check_db: 'pkg.check_db' is not available. [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. [INFO ] Executing command ['dpkg', '--get-selections', '*'] in directory '/home/sansforensics' [INFO ] Executing command ['systemd-run', '--scope', 'apt-get', '-q', '-y', '-o', 'DPkg::Options::=--force-confold', '-o', 'DPkg::Options::=--force-confdef', 'install', 'xmount'] in directory '/home/sansforensics' [INFO ] Executing command ['dpkg-query', '--showformat', '${Status} ${Package} ${Version} ${Architecture}\n', '-W'] in directory '/home/sansforensics' [INFO ] Made the following changes: 'xmount' changed from 'absent' to '0.7.3-1build1' [DEBUG ] Refreshing modules... [INFO ] Loading fresh modules for state activity [DEBUG ] LazyLoaded jinja.render [DEBUG ] LazyLoaded yaml.render [INFO ] Completed state [xmount] at time 13:41:02.688899 duration_in_ms=3409.312 [DEBUG ] LazyLoaded config.option [DEBUG ] LazyLoaded pkg.install [DEBUG ] LazyLoaded pkg.installed [INFO ] Running state [xpdf] at time 13:41:02.694646 [INFO ] Executing state pkg.installed for xpdf [DEBUG ] Module DSC: Only available on Windows systems [DEBUG ] Module PSGet: Only available on Windows systems [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. [DEBUG ] Could not LazyLoad pkg.check_db: 'pkg.check_db' is not available. [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. [INFO ] Executing command ['dpkg', '--get-selections', '*'] in directory '/home/sansforensics' [INFO ] Executing command ['systemd-run', '--scope', 'apt-get', '-q', '-y', '-o', 'DPkg::Options::=--force-confold', '-o', 'DPkg::Options::=--force-confdef', 'install', 'xpdf'] in directory '/home/sansforensics' [INFO ] Executing command ['dpkg-query', '--showformat', '${Status} ${Package} ${Version} ${Architecture}\n', '-W'] in directory '/home/sansforensics' [INFO ] Made the following changes: 'libxm4' changed from 'absent' to '2.3.4-10' 'gsfonts-x11' changed from 'absent' to '0.24' 'xpdf' changed from 'absent' to '3.04-1ubuntu1' 'libmotif-common' changed from 'absent' to '2.3.4-10' [DEBUG ] Refreshing modules... [INFO ] Loading fresh modules for state activity [DEBUG ] LazyLoaded jinja.render [DEBUG ] LazyLoaded yaml.render [INFO ] Completed state [xpdf] at time 13:41:08.808107 duration_in_ms=6113.461 [DEBUG ] LazyLoaded config.option [DEBUG ] LazyLoaded pkg.install [DEBUG ] LazyLoaded pkg.installed [INFO ] Running state [zenity] at time 13:41:08.813083 [INFO ] Executing state pkg.installed for zenity [DEBUG ] Module DSC: Only available on Windows systems [DEBUG ] Module PSGet: Only available on Windows systems [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. [INFO ] Package zenity is already installed [INFO ] Completed state [zenity] at time 13:41:09.144873 duration_in_ms=331.789 [DEBUG ] LazyLoaded test.nop [DEBUG ] LazyLoaded boto_datapipeline.create_pipeline [DEBUG ] LazyLoaded pip.installed [INFO ] Running state [analyzemft] at time 13:41:09.413722 [INFO ] Executing state pip.installed for analyzemft [DEBUG ] Installed pip version: 8.1.1 [INFO ] Executing command '/usr/bin/pip --version' in directory '/home/sansforensics' [DEBUG ] output: pip 8.1.1 from /usr/lib/python2.7/dist-packages (python 2.7) [INFO ] Executing command ['/usr/bin/pip', 'freeze', '--all'] in directory '/home/sansforensics' [DEBUG ] stdout: adium-theme-ubuntu==0.3.4 apsw==3.8.11.1.post1 artifacts==20161022 bencode==1.0 binplist==0.1.5 CFPropertyList==0.0.1 chardet==2.3.0 colorama==0.3.9 construct==2.5.3 cryptography==1.2.3 decorator==4.0.6 dfdatetime==20161101 dfvfs==20160108 dfwinreg==20160428 distorm3==3.3.4 dnspython==1.12.0 dpapick==0.3 dpkt==1.8 DSV==1.4.1 dumbnet==1.12 ecdsa==0.13 efilter==1!1.5 enum34==1.1.6 flowgrep==0.9 funcsigs==0.4 fuse-python==0.2.1 future==0.16.0 futures==3.0.5 hachoir-core==1.3.3 hachoir-metadata==1.3.3 hachoir-parser==1.3.4 haystack==0.42 idna==2.0 ioc-writer==0.3.3 ipaddress==1.0.16 ipython==2.4.1 Jinja2==2.8 lxml==3.8.0 M2Crypto==0.26.0 Mako==1.0.3 MarkupSafe==0.23 mock==1.3.0 msgpack-python==0.4.6 ndg-httpsclient==0.4.0 ntdsxtract==1.2b0 paramiko==1.16.0 pbr==1.8.0 pefile==2016.3.28 pexpect==4.0.1 pip==8.1.1 plaso==1.4.0 protobuf==2.6.1 psutil==4.3.1 ptyprocess==0.5 pyasn1==0.2.3 pycoin==0.77 pycrypto==2.6.1 pycurl==7.43.0 PyMySQL==0.7.2 pynids==0.6.1 pyOpenSSL==0.15.1 pyparsing==2.1.5 pyserial==3.0.1 PySocks==1.6.7 python-apt==1.1.0b1 python-dateutil==2.5.3 python-ptrace==0.9.2 python-registry==1.0.4 python-systemd==231 pytsk3==20160721 pytz==2016.6.1 PyYAML==3.11 pyzmq==16.0.0 requests==2.11.1 salt==2016.11.6 setuptools==20.7.0 simplegeneric==0.8.1 simplejson==3.11.1 six==1.10.0 tornado==4.2.1 typing==3.6.1 unity-lens-photos==1.0 urllib3==1.13.1 virtualenv==15.0.1 volatility==2.6 wheel==0.29.0 wxPython==3.0.2.0 wxPython-common==3.0.2.0 xdot==0.6 XlsxWriter==0.9.3 yara-python==3.6.3 [DEBUG ] stderr: The directory '/home/sansforensics/.cache/pip/http' or its parent directory is not owned by the current user and the cache has been disabled. Please check the permissions and owner of that directory. If executing pip with sudo, you may want sudo's -H flag. You are using pip version 8.1.1, however version 9.0.1 is available. You should consider upgrading via the 'pip install --upgrade pip' command. [DEBUG ] CLEANUP_REQUIREMENTS: [] [DEBUG ] TRY BLOCK: end of pip.install -- cmd: ['/usr/bin/pip', 'install', 'analyzemft'], cmd_kwargs: {'runas': None, 'use_vt': False, 'saltenv': 'base'} [INFO ] Executing command ['/usr/bin/pip', 'install', 'analyzemft'] in directory '/home/sansforensics' [DEBUG ] stdout: Collecting analyzemft Downloading analyzeMFT-2.0.19.tar.gz Installing collected packages: analyzemft Running setup.py install for analyzemft: started Running setup.py install for analyzemft: finished with status 'done' Successfully installed analyzemft-2.0.19 [DEBUG ] stderr: The directory '/home/sansforensics/.cache/pip/http' or its parent directory is not owned by the current user and the cache has been disabled. Please check the permissions and owner of that directory. If executing pip with sudo, you may want sudo's -H flag. The directory '/home/sansforensics/.cache/pip' or its parent directory is not owned by the current user and caching wheels has been disabled. check the permissions and owner of that directory. If executing pip with sudo, you may want sudo's -H flag. You are using pip version 8.1.1, however version 9.0.1 is available. You should consider upgrading via the 'pip install --upgrade pip' command. [INFO ] Executing command '/usr/bin/pip --version' in directory '/home/sansforensics' [DEBUG ] output: pip 8.1.1 from /usr/lib/python2.7/dist-packages (python 2.7) [INFO ] Executing command ['/usr/bin/pip', 'freeze', '--all'] in directory '/home/sansforensics' [DEBUG ] stdout: adium-theme-ubuntu==0.3.4 analyzeMFT==2.0.19 apsw==3.8.11.1.post1 artifacts==20161022 bencode==1.0 binplist==0.1.5 CFPropertyList==0.0.1 chardet==2.3.0 colorama==0.3.9 construct==2.5.3 cryptography==1.2.3 decorator==4.0.6 dfdatetime==20161101 dfvfs==20160108 dfwinreg==20160428 distorm3==3.3.4 dnspython==1.12.0 dpapick==0.3 dpkt==1.8 DSV==1.4.1 dumbnet==1.12 ecdsa==0.13 efilter==1!1.5 enum34==1.1.6 flowgrep==0.9 funcsigs==0.4 fuse-python==0.2.1 future==0.16.0 futures==3.0.5 hachoir-core==1.3.3 hachoir-metadata==1.3.3 hachoir-parser==1.3.4 haystack==0.42 idna==2.0 ioc-writer==0.3.3 ipaddress==1.0.16 ipython==2.4.1 Jinja2==2.8 lxml==3.8.0 M2Crypto==0.26.0 Mako==1.0.3 MarkupSafe==0.23 mock==1.3.0 msgpack-python==0.4.6 ndg-httpsclient==0.4.0 ntdsxtract==1.2b0 paramiko==1.16.0 pbr==1.8.0 pefile==2016.3.28 pexpect==4.0.1 pip==8.1.1 plaso==1.4.0 protobuf==2.6.1 psutil==4.3.1 ptyprocess==0.5 pyasn1==0.2.3 pycoin==0.77 pycrypto==2.6.1 pycurl==7.43.0 PyMySQL==0.7.2 pynids==0.6.1 pyOpenSSL==0.15.1 pyparsing==2.1.5 pyserial==3.0.1 PySocks==1.6.7 python-apt==1.1.0b1 python-dateutil==2.5.3 python-ptrace==0.9.2 python-registry==1.0.4 python-systemd==231 pytsk3==20160721 pytz==2016.6.1 PyYAML==3.11 pyzmq==16.0.0 requests==2.11.1 salt==2016.11.6 setuptools==20.7.0 simplegeneric==0.8.1 simplejson==3.11.1 six==1.10.0 tornado==4.2.1 typing==3.6.1 unity-lens-photos==1.0 urllib3==1.13.1 virtualenv==15.0.1 volatility==2.6 wheel==0.29.0 wxPython==3.0.2.0 wxPython-common==3.0.2.0 xdot==0.6 XlsxWriter==0.9.3 yara-python==3.6.3 [DEBUG ] stderr: The directory '/home/sansforensics/.cache/pip/http' or its parent directory is not owned by the current user and the cache has been disabled. Please check the permissions and owner of that directory. If executing pip with sudo, you may want sudo's -H flag. You are using pip version 8.1.1, however version 9.0.1 is available. You should consider upgrading via the 'pip install --upgrade pip' command. [INFO ] {'analyzeMFT==2.0.19': 'Installed'} [INFO ] Completed state [analyzemft] at time 13:41:13.271891 duration_in_ms=3858.169 [INFO ] Running state [argparse] at time 13:41:13.274913 [INFO ] Executing state pip.installed for argparse [DEBUG ] Installed pip version: 8.1.1 [INFO ] Executing command '/usr/bin/pip --version' in directory '/home/sansforensics' [DEBUG ] output: pip 8.1.1 from /usr/lib/python2.7/dist-packages (python 2.7) [INFO ] Executing command ['/usr/bin/pip', 'freeze', '--all'] in directory '/home/sansforensics' [DEBUG ] stdout: adium-theme-ubuntu==0.3.4 analyzeMFT==2.0.19 apsw==3.8.11.1.post1 artifacts==20161022 bencode==1.0 binplist==0.1.5 CFPropertyList==0.0.1 chardet==2.3.0 colorama==0.3.9 construct==2.5.3 cryptography==1.2.3 decorator==4.0.6 dfdatetime==20161101 dfvfs==20160108 dfwinreg==20160428 distorm3==3.3.4 dnspython==1.12.0 dpapick==0.3 dpkt==1.8 DSV==1.4.1 dumbnet==1.12 ecdsa==0.13 efilter==1!1.5 enum34==1.1.6 flowgrep==0.9 funcsigs==0.4 fuse-python==0.2.1 future==0.16.0 futures==3.0.5 hachoir-core==1.3.3 hachoir-metadata==1.3.3 hachoir-parser==1.3.4 haystack==0.42 idna==2.0 ioc-writer==0.3.3 ipaddress==1.0.16 ipython==2.4.1 Jinja2==2.8 lxml==3.8.0 M2Crypto==0.26.0 Mako==1.0.3 MarkupSafe==0.23 mock==1.3.0 msgpack-python==0.4.6 ndg-httpsclient==0.4.0 ntdsxtract==1.2b0 paramiko==1.16.0 pbr==1.8.0 pefile==2016.3.28 pexpect==4.0.1 pip==8.1.1 plaso==1.4.0 protobuf==2.6.1 psutil==4.3.1 ptyprocess==0.5 pyasn1==0.2.3 pycoin==0.77 pycrypto==2.6.1 pycurl==7.43.0 PyMySQL==0.7.2 pynids==0.6.1 pyOpenSSL==0.15.1 pyparsing==2.1.5 pyserial==3.0.1 PySocks==1.6.7 python-apt==1.1.0b1 python-dateutil==2.5.3 python-ptrace==0.9.2 python-registry==1.0.4 python-systemd==231 pytsk3==20160721 pytz==2016.6.1 PyYAML==3.11 pyzmq==16.0.0 requests==2.11.1 salt==2016.11.6 setuptools==20.7.0 simplegeneric==0.8.1 simplejson==3.11.1 six==1.10.0 tornado==4.2.1 typing==3.6.1 unity-lens-photos==1.0 urllib3==1.13.1 virtualenv==15.0.1 volatility==2.6 wheel==0.29.0 wxPython==3.0.2.0 wxPython-common==3.0.2.0 xdot==0.6 XlsxWriter==0.9.3 yara-python==3.6.3 [DEBUG ] stderr: The directory '/home/sansforensics/.cache/pip/http' or its parent directory is not owned by the current user and the cache has been disabled. Please check the permissions and owner of that directory. If executing pip with sudo, you may want sudo's -H flag. You are using pip version 8.1.1, however version 9.0.1 is available. You should consider upgrading via the 'pip install --upgrade pip' command. [DEBUG ] CLEANUP_REQUIREMENTS: [] [DEBUG ] TRY BLOCK: end of pip.install -- cmd: ['/usr/bin/pip', 'install', 'argparse'], cmd_kwargs: {'runas': None, 'use_vt': False, 'saltenv': 'base'} [INFO ] Executing command ['/usr/bin/pip', 'install', 'argparse'] in directory '/home/sansforensics' [DEBUG ] stdout: Requirement already satisfied (use --upgrade to upgrade): argparse in /usr/lib/python2.7 [DEBUG ] stderr: The directory '/home/sansforensics/.cache/pip/http' or its parent directory is not owned by the current user and the cache has been disabled. Please check the permissions and owner of that directory. If executing pip with sudo, you may want sudo's -H flag. The directory '/home/sansforensics/.cache/pip' or its parent directory is not owned by the current user and caching wheels has been disabled. check the permissions and owner of that directory. If executing pip with sudo, you may want sudo's -H flag. You are using pip version 8.1.1, however version 9.0.1 is available. You should consider upgrading via the 'pip install --upgrade pip' command. [INFO ] Executing command '/usr/bin/pip --version' in directory '/home/sansforensics' [DEBUG ] output: pip 8.1.1 from /usr/lib/python2.7/dist-packages (python 2.7) [INFO ] Executing command ['/usr/bin/pip', 'freeze', '--all'] in directory '/home/sansforensics' [DEBUG ] stdout: adium-theme-ubuntu==0.3.4 analyzeMFT==2.0.19 apsw==3.8.11.1.post1 artifacts==20161022 bencode==1.0 binplist==0.1.5 CFPropertyList==0.0.1 chardet==2.3.0 colorama==0.3.9 construct==2.5.3 cryptography==1.2.3 decorator==4.0.6 dfdatetime==20161101 dfvfs==20160108 dfwinreg==20160428 distorm3==3.3.4 dnspython==1.12.0 dpapick==0.3 dpkt==1.8 DSV==1.4.1 dumbnet==1.12 ecdsa==0.13 efilter==1!1.5 enum34==1.1.6 flowgrep==0.9 funcsigs==0.4 fuse-python==0.2.1 future==0.16.0 futures==3.0.5 hachoir-core==1.3.3 hachoir-metadata==1.3.3 hachoir-parser==1.3.4 haystack==0.42 idna==2.0 ioc-writer==0.3.3 ipaddress==1.0.16 ipython==2.4.1 Jinja2==2.8 lxml==3.8.0 M2Crypto==0.26.0 Mako==1.0.3 MarkupSafe==0.23 mock==1.3.0 msgpack-python==0.4.6 ndg-httpsclient==0.4.0 ntdsxtract==1.2b0 paramiko==1.16.0 pbr==1.8.0 pefile==2016.3.28 pexpect==4.0.1 pip==8.1.1 plaso==1.4.0 protobuf==2.6.1 psutil==4.3.1 ptyprocess==0.5 pyasn1==0.2.3 pycoin==0.77 pycrypto==2.6.1 pycurl==7.43.0 PyMySQL==0.7.2 pynids==0.6.1 pyOpenSSL==0.15.1 pyparsing==2.1.5 pyserial==3.0.1 PySocks==1.6.7 python-apt==1.1.0b1 python-dateutil==2.5.3 python-ptrace==0.9.2 python-registry==1.0.4 python-systemd==231 pytsk3==20160721 pytz==2016.6.1 PyYAML==3.11 pyzmq==16.0.0 requests==2.11.1 salt==2016.11.6 setuptools==20.7.0 simplegeneric==0.8.1 simplejson==3.11.1 six==1.10.0 tornado==4.2.1 typing==3.6.1 unity-lens-photos==1.0 urllib3==1.13.1 virtualenv==15.0.1 volatility==2.6 wheel==0.29.0 wxPython==3.0.2.0 wxPython-common==3.0.2.0 xdot==0.6 XlsxWriter==0.9.3 yara-python==3.6.3 [DEBUG ] stderr: The directory '/home/sansforensics/.cache/pip/http' or its parent directory is not owned by the current user and the cache has been disabled. Please check the permissions and owner of that directory. If executing pip with sudo, you may want sudo's -H flag. You are using pip version 8.1.1, however version 9.0.1 is available. You should consider upgrading via the 'pip install --upgrade pip' command. [INFO ] There was no error installing package 'argparse' although it does not show when calling 'pip.freeze'. [INFO ] Completed state [argparse] at time 13:41:16.581564 duration_in_ms=3306.65 [INFO ] Running state [bitstring] at time 13:41:16.583733 [INFO ] Executing state pip.installed for bitstring [DEBUG ] Installed pip version: 8.1.1 [INFO ] Executing command '/usr/bin/pip --version' in directory '/home/sansforensics' [DEBUG ] output: pip 8.1.1 from /usr/lib/python2.7/dist-packages (python 2.7) [INFO ] Executing command ['/usr/bin/pip', 'freeze', '--all'] in directory '/home/sansforensics' [DEBUG ] stdout: adium-theme-ubuntu==0.3.4 analyzeMFT==2.0.19 apsw==3.8.11.1.post1 artifacts==20161022 bencode==1.0 binplist==0.1.5 CFPropertyList==0.0.1 chardet==2.3.0 colorama==0.3.9 construct==2.5.3 cryptography==1.2.3 decorator==4.0.6 dfdatetime==20161101 dfvfs==20160108 dfwinreg==20160428 distorm3==3.3.4 dnspython==1.12.0 dpapick==0.3 dpkt==1.8 DSV==1.4.1 dumbnet==1.12 ecdsa==0.13 efilter==1!1.5 enum34==1.1.6 flowgrep==0.9 funcsigs==0.4 fuse-python==0.2.1 future==0.16.0 futures==3.0.5 hachoir-core==1.3.3 hachoir-metadata==1.3.3 hachoir-parser==1.3.4 haystack==0.42 idna==2.0 ioc-writer==0.3.3 ipaddress==1.0.16 ipython==2.4.1 Jinja2==2.8 lxml==3.8.0 M2Crypto==0.26.0 Mako==1.0.3 MarkupSafe==0.23 mock==1.3.0 msgpack-python==0.4.6 ndg-httpsclient==0.4.0 ntdsxtract==1.2b0 paramiko==1.16.0 pbr==1.8.0 pefile==2016.3.28 pexpect==4.0.1 pip==8.1.1 plaso==1.4.0 protobuf==2.6.1 psutil==4.3.1 ptyprocess==0.5 pyasn1==0.2.3 pycoin==0.77 pycrypto==2.6.1 pycurl==7.43.0 PyMySQL==0.7.2 pynids==0.6.1 pyOpenSSL==0.15.1 pyparsing==2.1.5 pyserial==3.0.1 PySocks==1.6.7 python-apt==1.1.0b1 python-dateutil==2.5.3 python-ptrace==0.9.2 python-registry==1.0.4 python-systemd==231 pytsk3==20160721 pytz==2016.6.1 PyYAML==3.11 pyzmq==16.0.0 requests==2.11.1 salt==2016.11.6 setuptools==20.7.0 simplegeneric==0.8.1 simplejson==3.11.1 six==1.10.0 tornado==4.2.1 typing==3.6.1 unity-lens-photos==1.0 urllib3==1.13.1 virtualenv==15.0.1 volatility==2.6 wheel==0.29.0 wxPython==3.0.2.0 wxPython-common==3.0.2.0 xdot==0.6 XlsxWriter==0.9.3 yara-python==3.6.3 [DEBUG ] stderr: The directory '/home/sansforensics/.cache/pip/http' or its parent directory is not owned by the current user and the cache has been disabled. Please check the permissions and owner of that directory. If executing pip with sudo, you may want sudo's -H flag. You are using pip version 8.1.1, however version 9.0.1 is available. You should consider upgrading via the 'pip install --upgrade pip' command. [DEBUG ] CLEANUP_REQUIREMENTS: [] [DEBUG ] TRY BLOCK: end of pip.install -- cmd: ['/usr/bin/pip', 'install', 'bitstring'], cmd_kwargs: {'runas': None, 'use_vt': False, 'saltenv': 'base'} [INFO ] Executing command ['/usr/bin/pip', 'install', 'bitstring'] in directory '/home/sansforensics' [DEBUG ] stdout: Collecting bitstring Downloading bitstring-3.1.5.zip (624kB) Installing collected packages: bitstring Running setup.py install for bitstring: started Running setup.py install for bitstring: finished with status 'done' Successfully installed bitstring-3.1.5 [DEBUG ] stderr: The directory '/home/sansforensics/.cache/pip/http' or its parent directory is not owned by the current user and the cache has been disabled. Please check the permissions and owner of that directory. If executing pip with sudo, you may want sudo's -H flag. The directory '/home/sansforensics/.cache/pip' or its parent directory is not owned by the current user and caching wheels has been disabled. check the permissions and owner of that directory. If executing pip with sudo, you may want sudo's -H flag. You are using pip version 8.1.1, however version 9.0.1 is available. You should consider upgrading via the 'pip install --upgrade pip' command. [INFO ] Executing command '/usr/bin/pip --version' in directory '/home/sansforensics' [DEBUG ] output: pip 8.1.1 from /usr/lib/python2.7/dist-packages (python 2.7) [INFO ] Executing command ['/usr/bin/pip', 'freeze', '--all'] in directory '/home/sansforensics' [DEBUG ] stdout: adium-theme-ubuntu==0.3.4 analyzeMFT==2.0.19 apsw==3.8.11.1.post1 artifacts==20161022 bencode==1.0 binplist==0.1.5 bitstring==3.1.5 CFPropertyList==0.0.1 chardet==2.3.0 colorama==0.3.9 construct==2.5.3 cryptography==1.2.3 decorator==4.0.6 dfdatetime==20161101 dfvfs==20160108 dfwinreg==20160428 distorm3==3.3.4 dnspython==1.12.0 dpapick==0.3 dpkt==1.8 DSV==1.4.1 dumbnet==1.12 ecdsa==0.13 efilter==1!1.5 enum34==1.1.6 flowgrep==0.9 funcsigs==0.4 fuse-python==0.2.1 future==0.16.0 futures==3.0.5 hachoir-core==1.3.3 hachoir-metadata==1.3.3 hachoir-parser==1.3.4 haystack==0.42 idna==2.0 ioc-writer==0.3.3 ipaddress==1.0.16 ipython==2.4.1 Jinja2==2.8 lxml==3.8.0 M2Crypto==0.26.0 Mako==1.0.3 MarkupSafe==0.23 mock==1.3.0 msgpack-python==0.4.6 ndg-httpsclient==0.4.0 ntdsxtract==1.2b0 paramiko==1.16.0 pbr==1.8.0 pefile==2016.3.28 pexpect==4.0.1 pip==8.1.1 plaso==1.4.0 protobuf==2.6.1 psutil==4.3.1 ptyprocess==0.5 pyasn1==0.2.3 pycoin==0.77 pycrypto==2.6.1 pycurl==7.43.0 PyMySQL==0.7.2 pynids==0.6.1 pyOpenSSL==0.15.1 pyparsing==2.1.5 pyserial==3.0.1 PySocks==1.6.7 python-apt==1.1.0b1 python-dateutil==2.5.3 python-ptrace==0.9.2 python-registry==1.0.4 python-systemd==231 pytsk3==20160721 pytz==2016.6.1 PyYAML==3.11 pyzmq==16.0.0 requests==2.11.1 salt==2016.11.6 setuptools==20.7.0 simplegeneric==0.8.1 simplejson==3.11.1 six==1.10.0 tornado==4.2.1 typing==3.6.1 unity-lens-photos==1.0 urllib3==1.13.1 virtualenv==15.0.1 volatility==2.6 wheel==0.29.0 wxPython==3.0.2.0 wxPython-common==3.0.2.0 xdot==0.6 XlsxWriter==0.9.3 yara-python==3.6.3 [DEBUG ] stderr: The directory '/home/sansforensics/.cache/pip/http' or its parent directory is not owned by the current user and the cache has been disabled. Please check the permissions and owner of that directory. If executing pip with sudo, you may want sudo's -H flag. You are using pip version 8.1.1, however version 9.0.1 is available. You should consider upgrading via the 'pip install --upgrade pip' command. [INFO ] {'bitstring==3.1.5': 'Installed'} [INFO ] Completed state [bitstring] at time 13:41:20.570962 duration_in_ms=3987.228 [INFO ] Running state [docopt] at time 13:41:20.571186 [INFO ] Executing state pip.installed for docopt [DEBUG ] Installed pip version: 8.1.1 [INFO ] Executing command '/usr/bin/pip --version' in directory '/home/sansforensics' [DEBUG ] output: pip 8.1.1 from /usr/lib/python2.7/dist-packages (python 2.7) [INFO ] Executing command ['/usr/bin/pip', 'freeze', '--all'] in directory '/home/sansforensics' [DEBUG ] stdout: adium-theme-ubuntu==0.3.4 analyzeMFT==2.0.19 apsw==3.8.11.1.post1 artifacts==20161022 bencode==1.0 binplist==0.1.5 bitstring==3.1.5 CFPropertyList==0.0.1 chardet==2.3.0 colorama==0.3.9 construct==2.5.3 cryptography==1.2.3 decorator==4.0.6 dfdatetime==20161101 dfvfs==20160108 dfwinreg==20160428 distorm3==3.3.4 dnspython==1.12.0 dpapick==0.3 dpkt==1.8 DSV==1.4.1 dumbnet==1.12 ecdsa==0.13 efilter==1!1.5 enum34==1.1.6 flowgrep==0.9 funcsigs==0.4 fuse-python==0.2.1 future==0.16.0 futures==3.0.5 hachoir-core==1.3.3 hachoir-metadata==1.3.3 hachoir-parser==1.3.4 haystack==0.42 idna==2.0 ioc-writer==0.3.3 ipaddress==1.0.16 ipython==2.4.1 Jinja2==2.8 lxml==3.8.0 M2Crypto==0.26.0 Mako==1.0.3 MarkupSafe==0.23 mock==1.3.0 msgpack-python==0.4.6 ndg-httpsclient==0.4.0 ntdsxtract==1.2b0 paramiko==1.16.0 pbr==1.8.0 pefile==2016.3.28 pexpect==4.0.1 pip==8.1.1 plaso==1.4.0 protobuf==2.6.1 psutil==4.3.1 ptyprocess==0.5 pyasn1==0.2.3 pycoin==0.77 pycrypto==2.6.1 pycurl==7.43.0 PyMySQL==0.7.2 pynids==0.6.1 pyOpenSSL==0.15.1 pyparsing==2.1.5 pyserial==3.0.1 PySocks==1.6.7 python-apt==1.1.0b1 python-dateutil==2.5.3 python-ptrace==0.9.2 python-registry==1.0.4 python-systemd==231 pytsk3==20160721 pytz==2016.6.1 PyYAML==3.11 pyzmq==16.0.0 requests==2.11.1 salt==2016.11.6 setuptools==20.7.0 simplegeneric==0.8.1 simplejson==3.11.1 six==1.10.0 tornado==4.2.1 typing==3.6.1 unity-lens-photos==1.0 urllib3==1.13.1 virtualenv==15.0.1 volatility==2.6 wheel==0.29.0 wxPython==3.0.2.0 wxPython-common==3.0.2.0 xdot==0.6 XlsxWriter==0.9.3 yara-python==3.6.3 [DEBUG ] stderr: The directory '/home/sansforensics/.cache/pip/http' or its parent directory is not owned by the current user and the cache has been disabled. Please check the permissions and owner of that directory. If executing pip with sudo, you may want sudo's -H flag. You are using pip version 8.1.1, however version 9.0.1 is available. You should consider upgrading via the 'pip install --upgrade pip' command. [DEBUG ] CLEANUP_REQUIREMENTS: [] [DEBUG ] TRY BLOCK: end of pip.install -- cmd: ['/usr/bin/pip', 'install', 'docopt'], cmd_kwargs: {'runas': None, 'use_vt': False, 'saltenv': 'base'} [INFO ] Executing command ['/usr/bin/pip', 'install', 'docopt'] in directory '/home/sansforensics' [DEBUG ] stdout: Collecting docopt Downloading docopt-0.6.2.tar.gz Installing collected packages: docopt Running setup.py install for docopt: started Running setup.py install for docopt: finished with status 'done' Successfully installed docopt-0.6.2 [DEBUG ] stderr: The directory '/home/sansforensics/.cache/pip/http' or its parent directory is not owned by the current user and the cache has been disabled. Please check the permissions and owner of that directory. If executing pip with sudo, you may want sudo's -H flag. The directory '/home/sansforensics/.cache/pip' or its parent directory is not owned by the current user and caching wheels has been disabled. check the permissions and owner of that directory. If executing pip with sudo, you may want sudo's -H flag. You are using pip version 8.1.1, however version 9.0.1 is available. You should consider upgrading via the 'pip install --upgrade pip' command. [INFO ] Executing command '/usr/bin/pip --version' in directory '/home/sansforensics' [DEBUG ] output: pip 8.1.1 from /usr/lib/python2.7/dist-packages (python 2.7) [INFO ] Executing command ['/usr/bin/pip', 'freeze', '--all'] in directory '/home/sansforensics' [DEBUG ] stdout: adium-theme-ubuntu==0.3.4 analyzeMFT==2.0.19 apsw==3.8.11.1.post1 artifacts==20161022 bencode==1.0 binplist==0.1.5 bitstring==3.1.5 CFPropertyList==0.0.1 chardet==2.3.0 colorama==0.3.9 construct==2.5.3 cryptography==1.2.3 decorator==4.0.6 dfdatetime==20161101 dfvfs==20160108 dfwinreg==20160428 distorm3==3.3.4 dnspython==1.12.0 docopt==0.6.2 dpapick==0.3 dpkt==1.8 DSV==1.4.1 dumbnet==1.12 ecdsa==0.13 efilter==1!1.5 enum34==1.1.6 flowgrep==0.9 funcsigs==0.4 fuse-python==0.2.1 future==0.16.0 futures==3.0.5 hachoir-core==1.3.3 hachoir-metadata==1.3.3 hachoir-parser==1.3.4 haystack==0.42 idna==2.0 ioc-writer==0.3.3 ipaddress==1.0.16 ipython==2.4.1 Jinja2==2.8 lxml==3.8.0 M2Crypto==0.26.0 Mako==1.0.3 MarkupSafe==0.23 mock==1.3.0 msgpack-python==0.4.6 ndg-httpsclient==0.4.0 ntdsxtract==1.2b0 paramiko==1.16.0 pbr==1.8.0 pefile==2016.3.28 pexpect==4.0.1 pip==8.1.1 plaso==1.4.0 protobuf==2.6.1 psutil==4.3.1 ptyprocess==0.5 pyasn1==0.2.3 pycoin==0.77 pycrypto==2.6.1 pycurl==7.43.0 PyMySQL==0.7.2 pynids==0.6.1 pyOpenSSL==0.15.1 pyparsing==2.1.5 pyserial==3.0.1 PySocks==1.6.7 python-apt==1.1.0b1 python-dateutil==2.5.3 python-ptrace==0.9.2 python-registry==1.0.4 python-systemd==231 pytsk3==20160721 pytz==2016.6.1 PyYAML==3.11 pyzmq==16.0.0 requests==2.11.1 salt==2016.11.6 setuptools==20.7.0 simplegeneric==0.8.1 simplejson==3.11.1 six==1.10.0 tornado==4.2.1 typing==3.6.1 unity-lens-photos==1.0 urllib3==1.13.1 virtualenv==15.0.1 volatility==2.6 wheel==0.29.0 wxPython==3.0.2.0 wxPython-common==3.0.2.0 xdot==0.6 XlsxWriter==0.9.3 yara-python==3.6.3 [DEBUG ] stderr: The directory '/home/sansforensics/.cache/pip/http' or its parent directory is not owned by the current user and the cache has been disabled. Please check the permissions and owner of that directory. If executing pip with sudo, you may want sudo's -H flag. You are using pip version 8.1.1, however version 9.0.1 is available. You should consider upgrading via the 'pip install --upgrade pip' command. [INFO ] {'docopt==0.6.2': 'Installed'} [INFO ] Completed state [docopt] at time 13:41:29.481044 duration_in_ms=8909.857 [INFO ] Running state [pip] at time 13:41:29.483388 [INFO ] Executing state pip.installed for pip [DEBUG ] Installed pip version: 8.1.1 [INFO ] Executing command '/usr/bin/pip --version' in directory '/home/sansforensics' [DEBUG ] output: pip 8.1.1 from /usr/lib/python2.7/dist-packages (python 2.7) [INFO ] Executing command '/usr/bin/pip --version' in directory '/home/sansforensics' [DEBUG ] output: pip 8.1.1 from /usr/lib/python2.7/dist-packages (python 2.7) [INFO ] Executing command ['/usr/bin/pip', 'freeze', '--all'] in directory '/home/sansforensics' [DEBUG ] stdout: adium-theme-ubuntu==0.3.4 analyzeMFT==2.0.19 apsw==3.8.11.1.post1 artifacts==20161022 bencode==1.0 binplist==0.1.5 bitstring==3.1.5 CFPropertyList==0.0.1 chardet==2.3.0 colorama==0.3.9 construct==2.5.3 cryptography==1.2.3 decorator==4.0.6 dfdatetime==20161101 dfvfs==20160108 dfwinreg==20160428 distorm3==3.3.4 dnspython==1.12.0 docopt==0.6.2 dpapick==0.3 dpkt==1.8 DSV==1.4.1 dumbnet==1.12 ecdsa==0.13 efilter==1!1.5 enum34==1.1.6 flowgrep==0.9 funcsigs==0.4 fuse-python==0.2.1 future==0.16.0 futures==3.0.5 hachoir-core==1.3.3 hachoir-metadata==1.3.3 hachoir-parser==1.3.4 haystack==0.42 idna==2.0 ioc-writer==0.3.3 ipaddress==1.0.16 ipython==2.4.1 Jinja2==2.8 lxml==3.8.0 M2Crypto==0.26.0 Mako==1.0.3 MarkupSafe==0.23 mock==1.3.0 msgpack-python==0.4.6 ndg-httpsclient==0.4.0 ntdsxtract==1.2b0 paramiko==1.16.0 pbr==1.8.0 pefile==2016.3.28 pexpect==4.0.1 pip==8.1.1 plaso==1.4.0 protobuf==2.6.1 psutil==4.3.1 ptyprocess==0.5 pyasn1==0.2.3 pycoin==0.77 pycrypto==2.6.1 pycurl==7.43.0 PyMySQL==0.7.2 pynids==0.6.1 pyOpenSSL==0.15.1 pyparsing==2.1.5 pyserial==3.0.1 PySocks==1.6.7 python-apt==1.1.0b1 python-dateutil==2.5.3 python-ptrace==0.9.2 python-registry==1.0.4 python-systemd==231 pytsk3==20160721 pytz==2016.6.1 PyYAML==3.11 pyzmq==16.0.0 requests==2.11.1 salt==2016.11.6 setuptools==20.7.0 simplegeneric==0.8.1 simplejson==3.11.1 six==1.10.0 tornado==4.2.1 typing==3.6.1 unity-lens-photos==1.0 urllib3==1.13.1 virtualenv==15.0.1 volatility==2.6 wheel==0.29.0 wxPython==3.0.2.0 wxPython-common==3.0.2.0 xdot==0.6 XlsxWriter==0.9.3 yara-python==3.6.3 [DEBUG ] stderr: The directory '/home/sansforensics/.cache/pip/http' or its parent directory is not owned by the current user and the cache has been disabled. Please check the permissions and owner of that directory. If executing pip with sudo, you may want sudo's -H flag. You are using pip version 8.1.1, however version 9.0.1 is available. You should consider upgrading via the 'pip install --upgrade pip' command. [DEBUG ] CLEANUP_REQUIREMENTS: [] [DEBUG ] TRY BLOCK: end of pip.install -- cmd: ['/usr/bin/pip', 'install', '--upgrade', 'pip'], cmd_kwargs: {'runas': None, 'use_vt': False, 'saltenv': 'base'} [INFO ] Executing command ['/usr/bin/pip', 'install', '--upgrade', 'pip'] in directory '/home/sansforensics' [DEBUG ] stdout: Collecting pip Downloading pip-9.0.1-py2.py3-none-any.whl (1.3MB) Installing collected packages: pip Found existing installation: pip 8.1.1 Not uninstalling pip at /usr/lib/python2.7/dist-packages, outside environment /usr Successfully installed pip-9.0.1 [DEBUG ] stderr: The directory '/home/sansforensics/.cache/pip/http' or its parent directory is not owned by the current user and the cache has been disabled. Please check the permissions and owner of that directory. If executing pip with sudo, you may want sudo's -H flag. The directory '/home/sansforensics/.cache/pip' or its parent directory is not owned by the current user and caching wheels has been disabled. check the permissions and owner of that directory. If executing pip with sudo, you may want sudo's -H flag. [INFO ] Executing command '/usr/local/bin/pip2.7 --version' in directory '/home/sansforensics' [DEBUG ] output: pip 9.0.1 from /usr/local/lib/python2.7/dist-packages (python 2.7) [INFO ] Executing command '/usr/local/bin/pip2.7 --version' in directory '/home/sansforensics' [DEBUG ] output: pip 9.0.1 from /usr/local/lib/python2.7/dist-packages (python 2.7) [INFO ] Executing command ['/usr/local/bin/pip2.7', 'freeze', '--all'] in directory '/home/sansforensics' [DEBUG ] stdout: adium-theme-ubuntu==0.3.4 analyzeMFT==2.0.19 apsw==3.8.11.1.post1 artifacts==20161022 bencode==1.0 binplist==0.1.5 bitstring==3.1.5 CFPropertyList==0.0.1 chardet==2.3.0 colorama==0.3.9 construct==2.5.3 cryptography==1.2.3 decorator==4.0.6 dfdatetime==20161101 dfvfs==20160108 dfwinreg==20160428 distorm3==3.3.4 dnspython==1.12.0 docopt==0.6.2 dpapick==0.3 dpkt==1.8 DSV==1.4.1 dumbnet==1.12 ecdsa==0.13 efilter==1!1.5 enum34==1.1.6 flowgrep==0.9 funcsigs==0.4 fuse-python==0.2.1 future==0.16.0 futures==3.0.5 hachoir-core==1.3.3 hachoir-metadata==1.3.3 hachoir-parser==1.3.4 haystack==0.42 idna==2.0 ioc-writer==0.3.3 ipaddress==1.0.16 ipython==2.4.1 Jinja2==2.8 lxml==3.8.0 M2Crypto==0.26.0 Mako==1.0.3 MarkupSafe==0.23 mock==1.3.0 msgpack-python==0.4.6 ndg-httpsclient==0.4.0 ntdsxtract==1.2b0 paramiko==1.16.0 pbr==1.8.0 pefile==2016.3.28 pexpect==4.0.1 pip==9.0.1 plaso==1.4.0 protobuf==2.6.1 psutil==4.3.1 ptyprocess==0.5 pyasn1==0.2.3 pycoin==0.77 pycrypto==2.6.1 pycurl==7.43.0 PyMySQL==0.7.2 pynids==0.6.1 pyOpenSSL==0.15.1 pyparsing==2.1.5 pyserial==3.0.1 PySocks==1.6.7 python-apt==1.1.0b1 python-dateutil==2.5.3 python-ptrace==0.9.2 python-registry==1.0.4 python-systemd==231 pytsk3==20160721 pytz==2016.6.1 PyYAML==3.11 pyzmq==16.0.0 requests==2.11.1 salt==2016.11.6 setuptools==20.7.0 simplegeneric==0.8.1 simplejson==3.11.1 six==1.10.0 tornado==4.2.1 typing==3.6.1 unity-lens-photos==1.0 urllib3==1.13.1 virtualenv==15.0.1 volatility==2.6 wheel==0.29.0 wxPython==3.0.2.0 wxPython-common==3.0.2.0 xdot==0.6 XlsxWriter==0.9.3 yara-python==3.6.3 [DEBUG ] stderr: The directory '/home/sansforensics/.cache/pip/http' or its parent directory is not owned by the current user and the cache has been disabled. Please check the permissions and owner of that directory. If executing pip with sudo, you may want sudo's -H flag. [INFO ] {'pip==9.0.1': 'Installed'} [INFO ] Completed state [pip] at time 13:41:33.984743 duration_in_ms=4501.353 [INFO ] Running state [python-dateutil >= 2.4.2] at time 13:41:33.986898 [INFO ] Executing state pip.installed for python-dateutil >= 2.4.2 [DEBUG ] Installed pip version: 8.1.1 [INFO ] Executing command '/usr/local/bin/pip2.7 --version' in directory '/home/sansforensics' [DEBUG ] output: pip 9.0.1 from /usr/local/lib/python2.7/dist-packages (python 2.7) [INFO ] Executing command ['/usr/local/bin/pip2.7', 'freeze', '--all'] in directory '/home/sansforensics' [DEBUG ] stdout: adium-theme-ubuntu==0.3.4 analyzeMFT==2.0.19 apsw==3.8.11.1.post1 artifacts==20161022 bencode==1.0 binplist==0.1.5 bitstring==3.1.5 CFPropertyList==0.0.1 chardet==2.3.0 colorama==0.3.9 construct==2.5.3 cryptography==1.2.3 decorator==4.0.6 dfdatetime==20161101 dfvfs==20160108 dfwinreg==20160428 distorm3==3.3.4 dnspython==1.12.0 docopt==0.6.2 dpapick==0.3 dpkt==1.8 DSV==1.4.1 dumbnet==1.12 ecdsa==0.13 efilter==1!1.5 enum34==1.1.6 flowgrep==0.9 funcsigs==0.4 fuse-python==0.2.1 future==0.16.0 futures==3.0.5 hachoir-core==1.3.3 hachoir-metadata==1.3.3 hachoir-parser==1.3.4 haystack==0.42 idna==2.0 ioc-writer==0.3.3 ipaddress==1.0.16 ipython==2.4.1 Jinja2==2.8 lxml==3.8.0 M2Crypto==0.26.0 Mako==1.0.3 MarkupSafe==0.23 mock==1.3.0 msgpack-python==0.4.6 ndg-httpsclient==0.4.0 ntdsxtract==1.2b0 paramiko==1.16.0 pbr==1.8.0 pefile==2016.3.28 pexpect==4.0.1 pip==9.0.1 plaso==1.4.0 protobuf==2.6.1 psutil==4.3.1 ptyprocess==0.5 pyasn1==0.2.3 pycoin==0.77 pycrypto==2.6.1 pycurl==7.43.0 PyMySQL==0.7.2 pynids==0.6.1 pyOpenSSL==0.15.1 pyparsing==2.1.5 pyserial==3.0.1 PySocks==1.6.7 python-apt==1.1.0b1 python-dateutil==2.5.3 python-ptrace==0.9.2 python-registry==1.0.4 python-systemd==231 pytsk3==20160721 pytz==2016.6.1 PyYAML==3.11 pyzmq==16.0.0 requests==2.11.1 salt==2016.11.6 setuptools==20.7.0 simplegeneric==0.8.1 simplejson==3.11.1 six==1.10.0 tornado==4.2.1 typing==3.6.1 unity-lens-photos==1.0 urllib3==1.13.1 virtualenv==15.0.1 volatility==2.6 wheel==0.29.0 wxPython==3.0.2.0 wxPython-common==3.0.2.0 xdot==0.6 XlsxWriter==0.9.3 yara-python==3.6.3 [DEBUG ] stderr: The directory '/home/sansforensics/.cache/pip/http' or its parent directory is not owned by the current user and the cache has been disabled. Please check the permissions and owner of that directory. If executing pip with sudo, you may want sudo's -H flag. [DEBUG ] CLEANUP_REQUIREMENTS: [] [DEBUG ] TRY BLOCK: end of pip.install -- cmd: ['/usr/local/bin/pip2.7', 'install'], cmd_kwargs: {'runas': None, 'use_vt': False, 'saltenv': 'base'} [INFO ] Executing command ['/usr/local/bin/pip2.7', 'install'] in directory '/home/sansforensics' [DEBUG ] stderr: The directory '/home/sansforensics/.cache/pip/http' or its parent directory is not owned by the current user and the cache has been disabled. Please check the permissions and owner of that directory. If executing pip with sudo, you may want sudo's -H flag. The directory '/home/sansforensics/.cache/pip' or its parent directory is not owned by the current user and caching wheels has been disabled. check the permissions and owner of that directory. If executing pip with sudo, you may want sudo's -H flag. You must give at least one requirement to install (see "pip help install") [INFO ] Python package python-dateutil >= 2.4.2 was already installed All packages were successfully installed [INFO ] Completed state [python-dateutil >= 2.4.2] at time 13:41:35.140799 duration_in_ms=1153.9 [INFO ] Running state [python-evtx] at time 13:41:35.142922 [INFO ] Executing state pip.installed for python-evtx [DEBUG ] Installed pip version: 8.1.1 [INFO ] Executing command '/usr/local/bin/pip2.7 --version' in directory '/home/sansforensics' [DEBUG ] output: pip 9.0.1 from /usr/local/lib/python2.7/dist-packages (python 2.7) [INFO ] Executing command ['/usr/local/bin/pip2.7', 'freeze', '--all'] in directory '/home/sansforensics' [DEBUG ] stdout: adium-theme-ubuntu==0.3.4 analyzeMFT==2.0.19 apsw==3.8.11.1.post1 artifacts==20161022 bencode==1.0 binplist==0.1.5 bitstring==3.1.5 CFPropertyList==0.0.1 chardet==2.3.0 colorama==0.3.9 construct==2.5.3 cryptography==1.2.3 decorator==4.0.6 dfdatetime==20161101 dfvfs==20160108 dfwinreg==20160428 distorm3==3.3.4 dnspython==1.12.0 docopt==0.6.2 dpapick==0.3 dpkt==1.8 DSV==1.4.1 dumbnet==1.12 ecdsa==0.13 efilter==1!1.5 enum34==1.1.6 flowgrep==0.9 funcsigs==0.4 fuse-python==0.2.1 future==0.16.0 futures==3.0.5 hachoir-core==1.3.3 hachoir-metadata==1.3.3 hachoir-parser==1.3.4 haystack==0.42 idna==2.0 ioc-writer==0.3.3 ipaddress==1.0.16 ipython==2.4.1 Jinja2==2.8 lxml==3.8.0 M2Crypto==0.26.0 Mako==1.0.3 MarkupSafe==0.23 mock==1.3.0 msgpack-python==0.4.6 ndg-httpsclient==0.4.0 ntdsxtract==1.2b0 paramiko==1.16.0 pbr==1.8.0 pefile==2016.3.28 pexpect==4.0.1 pip==9.0.1 plaso==1.4.0 protobuf==2.6.1 psutil==4.3.1 ptyprocess==0.5 pyasn1==0.2.3 pycoin==0.77 pycrypto==2.6.1 pycurl==7.43.0 PyMySQL==0.7.2 pynids==0.6.1 pyOpenSSL==0.15.1 pyparsing==2.1.5 pyserial==3.0.1 PySocks==1.6.7 python-apt==1.1.0b1 python-dateutil==2.5.3 python-ptrace==0.9.2 python-registry==1.0.4 python-systemd==231 pytsk3==20160721 pytz==2016.6.1 PyYAML==3.11 pyzmq==16.0.0 requests==2.11.1 salt==2016.11.6 setuptools==20.7.0 simplegeneric==0.8.1 simplejson==3.11.1 six==1.10.0 tornado==4.2.1 typing==3.6.1 unity-lens-photos==1.0 urllib3==1.13.1 virtualenv==15.0.1 volatility==2.6 wheel==0.29.0 wxPython==3.0.2.0 wxPython-common==3.0.2.0 xdot==0.6 XlsxWriter==0.9.3 yara-python==3.6.3 [DEBUG ] stderr: The directory '/home/sansforensics/.cache/pip/http' or its parent directory is not owned by the current user and the cache has been disabled. Please check the permissions and owner of that directory. If executing pip with sudo, you may want sudo's -H flag. [DEBUG ] CLEANUP_REQUIREMENTS: [] [DEBUG ] TRY BLOCK: end of pip.install -- cmd: ['/usr/local/bin/pip2.7', 'install', 'python-evtx'], cmd_kwargs: {'runas': None, 'use_vt': False, 'saltenv': 'base'} [INFO ] Executing command ['/usr/local/bin/pip2.7', 'install', 'python-evtx'] in directory '/home/sansforensics' [DEBUG ] stdout: Collecting python-evtx Downloading python_evtx-0.6.0-py2-none-any.whl Collecting pytest (from python-evtx) Downloading pytest-3.1.3-py2.py3-none-any.whl (181kB) Collecting hexdump (from python-evtx) Downloading hexdump-3.3.zip Collecting pytest-cov (from python-evtx) Downloading pytest_cov-2.5.1-py2.py3-none-any.whl Requirement already satisfied: six in /usr/lib/python2.7/dist-packages (from python-evtx) Requirement already satisfied: setuptools in /usr/lib/python2.7/dist-packages (from pytest->python-evtx) Collecting py>=1.4.33 (from pytest->python-evtx) Downloading py-1.4.34-py2.py3-none-any.whl (84kB) Collecting coverage>=3.7.1 (from pytest-cov->python-evtx) Downloading coverage-4.4.1-cp27-cp27mu-manylinux1_x86_64.whl (193kB) Installing collected packages: py, pytest, hexdump, coverage, pytest-cov, python-evtx Running setup.py install for hexdump: started Running setup.py install for hexdump: finished with status 'done' Successfully installed coverage-4.4.1 hexdump-3.3 py-1.4.34 pytest-3.1.3 pytest-cov-2.5.1 python-evtx-0.6.0 [DEBUG ] stderr: The directory '/home/sansforensics/.cache/pip/http' or its parent directory is not owned by the current user and the cache has been disabled. Please check the permissions and owner of that directory. If executing pip with sudo, you may want sudo's -H flag. The directory '/home/sansforensics/.cache/pip' or its parent directory is not owned by the current user and caching wheels has been disabled. check the permissions and owner of that directory. If executing pip with sudo, you may want sudo's -H flag. [INFO ] Executing command '/usr/local/bin/pip2.7 --version' in directory '/home/sansforensics' [DEBUG ] output: pip 9.0.1 from /usr/local/lib/python2.7/dist-packages (python 2.7) [INFO ] Executing command ['/usr/local/bin/pip2.7', 'freeze', '--all'] in directory '/home/sansforensics' [DEBUG ] stdout: adium-theme-ubuntu==0.3.4 analyzeMFT==2.0.19 apsw==3.8.11.1.post1 artifacts==20161022 bencode==1.0 binplist==0.1.5 bitstring==3.1.5 CFPropertyList==0.0.1 chardet==2.3.0 colorama==0.3.9 construct==2.5.3 coverage==4.4.1 cryptography==1.2.3 decorator==4.0.6 dfdatetime==20161101 dfvfs==20160108 dfwinreg==20160428 distorm3==3.3.4 dnspython==1.12.0 docopt==0.6.2 dpapick==0.3 dpkt==1.8 DSV==1.4.1 dumbnet==1.12 ecdsa==0.13 efilter==1!1.5 enum34==1.1.6 flowgrep==0.9 funcsigs==0.4 fuse-python==0.2.1 future==0.16.0 futures==3.0.5 hachoir-core==1.3.3 hachoir-metadata==1.3.3 hachoir-parser==1.3.4 haystack==0.42 hexdump==3.3 idna==2.0 ioc-writer==0.3.3 ipaddress==1.0.16 ipython==2.4.1 Jinja2==2.8 lxml==3.8.0 M2Crypto==0.26.0 Mako==1.0.3 MarkupSafe==0.23 mock==1.3.0 msgpack-python==0.4.6 ndg-httpsclient==0.4.0 ntdsxtract==1.2b0 paramiko==1.16.0 pbr==1.8.0 pefile==2016.3.28 pexpect==4.0.1 pip==9.0.1 plaso==1.4.0 protobuf==2.6.1 psutil==4.3.1 ptyprocess==0.5 py==1.4.34 pyasn1==0.2.3 pycoin==0.77 pycrypto==2.6.1 pycurl==7.43.0 PyMySQL==0.7.2 pynids==0.6.1 pyOpenSSL==0.15.1 pyparsing==2.1.5 pyserial==3.0.1 PySocks==1.6.7 pytest==3.1.3 pytest-cov==2.5.1 python-apt==1.1.0b1 python-dateutil==2.5.3 python-evtx==0.6.0 python-ptrace==0.9.2 python-registry==1.0.4 python-systemd==231 pytsk3==20160721 pytz==2016.6.1 PyYAML==3.11 pyzmq==16.0.0 requests==2.11.1 salt==2016.11.6 setuptools==20.7.0 simplegeneric==0.8.1 simplejson==3.11.1 six==1.10.0 tornado==4.2.1 typing==3.6.1 unity-lens-photos==1.0 urllib3==1.13.1 virtualenv==15.0.1 volatility==2.6 wheel==0.29.0 wxPython==3.0.2.0 wxPython-common==3.0.2.0 xdot==0.6 XlsxWriter==0.9.3 yara-python==3.6.3 [DEBUG ] stderr: The directory '/home/sansforensics/.cache/pip/http' or its parent directory is not owned by the current user and the cache has been disabled. Please check the permissions and owner of that directory. If executing pip with sudo, you may want sudo's -H flag. [INFO ] {'python-evtx==0.6.0': 'Installed'} [INFO ] Completed state [python-evtx] at time 13:41:39.064897 duration_in_ms=3921.974 [INFO ] Running state [python-magic] at time 13:41:39.067122 [INFO ] Executing state pip.installed for python-magic [DEBUG ] Installed pip version: 8.1.1 [INFO ] Executing command '/usr/local/bin/pip2.7 --version' in directory '/home/sansforensics' [DEBUG ] output: pip 9.0.1 from /usr/local/lib/python2.7/dist-packages (python 2.7) [INFO ] Executing command ['/usr/local/bin/pip2.7', 'freeze', '--all'] in directory '/home/sansforensics' [DEBUG ] stdout: adium-theme-ubuntu==0.3.4 analyzeMFT==2.0.19 apsw==3.8.11.1.post1 artifacts==20161022 bencode==1.0 binplist==0.1.5 bitstring==3.1.5 CFPropertyList==0.0.1 chardet==2.3.0 colorama==0.3.9 construct==2.5.3 coverage==4.4.1 cryptography==1.2.3 decorator==4.0.6 dfdatetime==20161101 dfvfs==20160108 dfwinreg==20160428 distorm3==3.3.4 dnspython==1.12.0 docopt==0.6.2 dpapick==0.3 dpkt==1.8 DSV==1.4.1 dumbnet==1.12 ecdsa==0.13 efilter==1!1.5 enum34==1.1.6 flowgrep==0.9 funcsigs==0.4 fuse-python==0.2.1 future==0.16.0 futures==3.0.5 hachoir-core==1.3.3 hachoir-metadata==1.3.3 hachoir-parser==1.3.4 haystack==0.42 hexdump==3.3 idna==2.0 ioc-writer==0.3.3 ipaddress==1.0.16 ipython==2.4.1 Jinja2==2.8 lxml==3.8.0 M2Crypto==0.26.0 Mako==1.0.3 MarkupSafe==0.23 mock==1.3.0 msgpack-python==0.4.6 ndg-httpsclient==0.4.0 ntdsxtract==1.2b0 paramiko==1.16.0 pbr==1.8.0 pefile==2016.3.28 pexpect==4.0.1 pip==9.0.1 plaso==1.4.0 protobuf==2.6.1 psutil==4.3.1 ptyprocess==0.5 py==1.4.34 pyasn1==0.2.3 pycoin==0.77 pycrypto==2.6.1 pycurl==7.43.0 PyMySQL==0.7.2 pynids==0.6.1 pyOpenSSL==0.15.1 pyparsing==2.1.5 pyserial==3.0.1 PySocks==1.6.7 pytest==3.1.3 pytest-cov==2.5.1 python-apt==1.1.0b1 python-dateutil==2.5.3 python-evtx==0.6.0 python-ptrace==0.9.2 python-registry==1.0.4 python-systemd==231 pytsk3==20160721 pytz==2016.6.1 PyYAML==3.11 pyzmq==16.0.0 requests==2.11.1 salt==2016.11.6 setuptools==20.7.0 simplegeneric==0.8.1 simplejson==3.11.1 six==1.10.0 tornado==4.2.1 typing==3.6.1 unity-lens-photos==1.0 urllib3==1.13.1 virtualenv==15.0.1 volatility==2.6 wheel==0.29.0 wxPython==3.0.2.0 wxPython-common==3.0.2.0 xdot==0.6 XlsxWriter==0.9.3 yara-python==3.6.3 [DEBUG ] stderr: The directory '/home/sansforensics/.cache/pip/http' or its parent directory is not owned by the current user and the cache has been disabled. Please check the permissions and owner of that directory. If executing pip with sudo, you may want sudo's -H flag. [DEBUG ] CLEANUP_REQUIREMENTS: [] [DEBUG ] TRY BLOCK: end of pip.install -- cmd: ['/usr/local/bin/pip2.7', 'install', 'python-magic'], cmd_kwargs: {'runas': None, 'use_vt': False, 'saltenv': 'base'} [INFO ] Executing command ['/usr/local/bin/pip2.7', 'install', 'python-magic'] in directory '/home/sansforensics' [DEBUG ] stdout: Collecting python-magic Downloading python_magic-0.4.13-py2.py3-none-any.whl Installing collected packages: python-magic Successfully installed python-magic-0.4.13 [DEBUG ] stderr: The directory '/home/sansforensics/.cache/pip/http' or its parent directory is not owned by the current user and the cache has been disabled. Please check the permissions and owner of that directory. If executing pip with sudo, you may want sudo's -H flag. The directory '/home/sansforensics/.cache/pip' or its parent directory is not owned by the current user and caching wheels has been disabled. check the permissions and owner of that directory. If executing pip with sudo, you may want sudo's -H flag. [INFO ] Executing command '/usr/local/bin/pip2.7 --version' in directory '/home/sansforensics' [DEBUG ] output: pip 9.0.1 from /usr/local/lib/python2.7/dist-packages (python 2.7) [INFO ] Executing command ['/usr/local/bin/pip2.7', 'freeze', '--all'] in directory '/home/sansforensics' [DEBUG ] stdout: adium-theme-ubuntu==0.3.4 analyzeMFT==2.0.19 apsw==3.8.11.1.post1 artifacts==20161022 bencode==1.0 binplist==0.1.5 bitstring==3.1.5 CFPropertyList==0.0.1 chardet==2.3.0 colorama==0.3.9 construct==2.5.3 coverage==4.4.1 cryptography==1.2.3 decorator==4.0.6 dfdatetime==20161101 dfvfs==20160108 dfwinreg==20160428 distorm3==3.3.4 dnspython==1.12.0 docopt==0.6.2 dpapick==0.3 dpkt==1.8 DSV==1.4.1 dumbnet==1.12 ecdsa==0.13 efilter==1!1.5 enum34==1.1.6 flowgrep==0.9 funcsigs==0.4 fuse-python==0.2.1 future==0.16.0 futures==3.0.5 hachoir-core==1.3.3 hachoir-metadata==1.3.3 hachoir-parser==1.3.4 haystack==0.42 hexdump==3.3 idna==2.0 ioc-writer==0.3.3 ipaddress==1.0.16 ipython==2.4.1 Jinja2==2.8 lxml==3.8.0 M2Crypto==0.26.0 Mako==1.0.3 MarkupSafe==0.23 mock==1.3.0 msgpack-python==0.4.6 ndg-httpsclient==0.4.0 ntdsxtract==1.2b0 paramiko==1.16.0 pbr==1.8.0 pefile==2016.3.28 pexpect==4.0.1 pip==9.0.1 plaso==1.4.0 protobuf==2.6.1 psutil==4.3.1 ptyprocess==0.5 py==1.4.34 pyasn1==0.2.3 pycoin==0.77 pycrypto==2.6.1 pycurl==7.43.0 PyMySQL==0.7.2 pynids==0.6.1 pyOpenSSL==0.15.1 pyparsing==2.1.5 pyserial==3.0.1 PySocks==1.6.7 pytest==3.1.3 pytest-cov==2.5.1 python-apt==1.1.0b1 python-dateutil==2.5.3 python-evtx==0.6.0 python-magic==0.4.13 python-ptrace==0.9.2 python-registry==1.0.4 python-systemd==231 pytsk3==20160721 pytz==2016.6.1 PyYAML==3.11 pyzmq==16.0.0 requests==2.11.1 salt==2016.11.6 setuptools==20.7.0 simplegeneric==0.8.1 simplejson==3.11.1 six==1.10.0 tornado==4.2.1 typing==3.6.1 unity-lens-photos==1.0 urllib3==1.13.1 virtualenv==15.0.1 volatility==2.6 wheel==0.29.0 wxPython==3.0.2.0 wxPython-common==3.0.2.0 xdot==0.6 XlsxWriter==0.9.3 yara-python==3.6.3 [DEBUG ] stderr: The directory '/home/sansforensics/.cache/pip/http' or its parent directory is not owned by the current user and the cache has been disabled. Please check the permissions and owner of that directory. If executing pip with sudo, you may want sudo's -H flag. [INFO ] {'python-magic==0.4.13': 'Installed'} [INFO ] Completed state [python-magic] at time 13:41:41.247483 duration_in_ms=2180.36 [INFO ] Running state [python-registry] at time 13:41:41.250258 [INFO ] Executing state pip.installed for python-registry [DEBUG ] Installed pip version: 8.1.1 [INFO ] Executing command '/usr/local/bin/pip2.7 --version' in directory '/home/sansforensics' [DEBUG ] output: pip 9.0.1 from /usr/local/lib/python2.7/dist-packages (python 2.7) [INFO ] Executing command ['/usr/local/bin/pip2.7', 'freeze', '--all'] in directory '/home/sansforensics' [DEBUG ] stdout: adium-theme-ubuntu==0.3.4 analyzeMFT==2.0.19 apsw==3.8.11.1.post1 artifacts==20161022 bencode==1.0 binplist==0.1.5 bitstring==3.1.5 CFPropertyList==0.0.1 chardet==2.3.0 colorama==0.3.9 construct==2.5.3 coverage==4.4.1 cryptography==1.2.3 decorator==4.0.6 dfdatetime==20161101 dfvfs==20160108 dfwinreg==20160428 distorm3==3.3.4 dnspython==1.12.0 docopt==0.6.2 dpapick==0.3 dpkt==1.8 DSV==1.4.1 dumbnet==1.12 ecdsa==0.13 efilter==1!1.5 enum34==1.1.6 flowgrep==0.9 funcsigs==0.4 fuse-python==0.2.1 future==0.16.0 futures==3.0.5 hachoir-core==1.3.3 hachoir-metadata==1.3.3 hachoir-parser==1.3.4 haystack==0.42 hexdump==3.3 idna==2.0 ioc-writer==0.3.3 ipaddress==1.0.16 ipython==2.4.1 Jinja2==2.8 lxml==3.8.0 M2Crypto==0.26.0 Mako==1.0.3 MarkupSafe==0.23 mock==1.3.0 msgpack-python==0.4.6 ndg-httpsclient==0.4.0 ntdsxtract==1.2b0 paramiko==1.16.0 pbr==1.8.0 pefile==2016.3.28 pexpect==4.0.1 pip==9.0.1 plaso==1.4.0 protobuf==2.6.1 psutil==4.3.1 ptyprocess==0.5 py==1.4.34 pyasn1==0.2.3 pycoin==0.77 pycrypto==2.6.1 pycurl==7.43.0 PyMySQL==0.7.2 pynids==0.6.1 pyOpenSSL==0.15.1 pyparsing==2.1.5 pyserial==3.0.1 PySocks==1.6.7 pytest==3.1.3 pytest-cov==2.5.1 python-apt==1.1.0b1 python-dateutil==2.5.3 python-evtx==0.6.0 python-magic==0.4.13 python-ptrace==0.9.2 python-registry==1.0.4 python-systemd==231 pytsk3==20160721 pytz==2016.6.1 PyYAML==3.11 pyzmq==16.0.0 requests==2.11.1 salt==2016.11.6 setuptools==20.7.0 simplegeneric==0.8.1 simplejson==3.11.1 six==1.10.0 tornado==4.2.1 typing==3.6.1 unity-lens-photos==1.0 urllib3==1.13.1 virtualenv==15.0.1 volatility==2.6 wheel==0.29.0 wxPython==3.0.2.0 wxPython-common==3.0.2.0 xdot==0.6 XlsxWriter==0.9.3 yara-python==3.6.3 [DEBUG ] stderr: The directory '/home/sansforensics/.cache/pip/http' or its parent directory is not owned by the current user and the cache has been disabled. Please check the permissions and owner of that directory. If executing pip with sudo, you may want sudo's -H flag. [DEBUG ] CLEANUP_REQUIREMENTS: [] [DEBUG ] TRY BLOCK: end of pip.install -- cmd: ['/usr/local/bin/pip2.7', 'install'], cmd_kwargs: {'runas': None, 'use_vt': False, 'saltenv': 'base'} [INFO ] Executing command ['/usr/local/bin/pip2.7', 'install'] in directory '/home/sansforensics' [DEBUG ] stderr: The directory '/home/sansforensics/.cache/pip/http' or its parent directory is not owned by the current user and the cache has been disabled. Please check the permissions and owner of that directory. If executing pip with sudo, you may want sudo's -H flag. The directory '/home/sansforensics/.cache/pip' or its parent directory is not owned by the current user and caching wheels has been disabled. check the permissions and owner of that directory. If executing pip with sudo, you may want sudo's -H flag. You must give at least one requirement to install (see "pip help install") [INFO ] Python package python-registry was already installed All packages were successfully installed [INFO ] Completed state [python-registry] at time 13:41:42.446809 duration_in_ms=1196.549 [INFO ] Running state [setuptools] at time 13:41:42.449045 [INFO ] Executing state pip.installed for setuptools [DEBUG ] Installed pip version: 8.1.1 [INFO ] Executing command '/usr/local/bin/pip2.7 --version' in directory '/home/sansforensics' [DEBUG ] output: pip 9.0.1 from /usr/local/lib/python2.7/dist-packages (python 2.7) [INFO ] Executing command ['/usr/local/bin/pip2.7', 'freeze', '--all'] in directory '/home/sansforensics' [DEBUG ] stdout: adium-theme-ubuntu==0.3.4 analyzeMFT==2.0.19 apsw==3.8.11.1.post1 artifacts==20161022 bencode==1.0 binplist==0.1.5 bitstring==3.1.5 CFPropertyList==0.0.1 chardet==2.3.0 colorama==0.3.9 construct==2.5.3 coverage==4.4.1 cryptography==1.2.3 decorator==4.0.6 dfdatetime==20161101 dfvfs==20160108 dfwinreg==20160428 distorm3==3.3.4 dnspython==1.12.0 docopt==0.6.2 dpapick==0.3 dpkt==1.8 DSV==1.4.1 dumbnet==1.12 ecdsa==0.13 efilter==1!1.5 enum34==1.1.6 flowgrep==0.9 funcsigs==0.4 fuse-python==0.2.1 future==0.16.0 futures==3.0.5 hachoir-core==1.3.3 hachoir-metadata==1.3.3 hachoir-parser==1.3.4 haystack==0.42 hexdump==3.3 idna==2.0 ioc-writer==0.3.3 ipaddress==1.0.16 ipython==2.4.1 Jinja2==2.8 lxml==3.8.0 M2Crypto==0.26.0 Mako==1.0.3 MarkupSafe==0.23 mock==1.3.0 msgpack-python==0.4.6 ndg-httpsclient==0.4.0 ntdsxtract==1.2b0 paramiko==1.16.0 pbr==1.8.0 pefile==2016.3.28 pexpect==4.0.1 pip==9.0.1 plaso==1.4.0 protobuf==2.6.1 psutil==4.3.1 ptyprocess==0.5 py==1.4.34 pyasn1==0.2.3 pycoin==0.77 pycrypto==2.6.1 pycurl==7.43.0 PyMySQL==0.7.2 pynids==0.6.1 pyOpenSSL==0.15.1 pyparsing==2.1.5 pyserial==3.0.1 PySocks==1.6.7 pytest==3.1.3 pytest-cov==2.5.1 python-apt==1.1.0b1 python-dateutil==2.5.3 python-evtx==0.6.0 python-magic==0.4.13 python-ptrace==0.9.2 python-registry==1.0.4 python-systemd==231 pytsk3==20160721 pytz==2016.6.1 PyYAML==3.11 pyzmq==16.0.0 requests==2.11.1 salt==2016.11.6 setuptools==20.7.0 simplegeneric==0.8.1 simplejson==3.11.1 six==1.10.0 tornado==4.2.1 typing==3.6.1 unity-lens-photos==1.0 urllib3==1.13.1 virtualenv==15.0.1 volatility==2.6 wheel==0.29.0 wxPython==3.0.2.0 wxPython-common==3.0.2.0 xdot==0.6 XlsxWriter==0.9.3 yara-python==3.6.3 [DEBUG ] stderr: The directory '/home/sansforensics/.cache/pip/http' or its parent directory is not owned by the current user and the cache has been disabled. Please check the permissions and owner of that directory. If executing pip with sudo, you may want sudo's -H flag. [DEBUG ] CLEANUP_REQUIREMENTS: [] [DEBUG ] TRY BLOCK: end of pip.install -- cmd: ['/usr/local/bin/pip2.7', 'install', '--upgrade', 'setuptools'], cmd_kwargs: {'runas': None, 'use_vt': False, 'saltenv': 'base'} [INFO ] Executing command ['/usr/local/bin/pip2.7', 'install', '--upgrade', 'setuptools'] in directory '/home/sansforensics' [DEBUG ] stdout: Collecting setuptools Downloading setuptools-36.0.1-py2.py3-none-any.whl (476kB) Installing collected packages: setuptools Found existing installation: setuptools 20.7.0 Uninstalling setuptools-20.7.0: Successfully uninstalled setuptools-20.7.0 Successfully installed setuptools-36.0.1 [DEBUG ] stderr: The directory '/home/sansforensics/.cache/pip/http' or its parent directory is not owned by the current user and the cache has been disabled. Please check the permissions and owner of that directory. If executing pip with sudo, you may want sudo's -H flag. The directory '/home/sansforensics/.cache/pip' or its parent directory is not owned by the current user and caching wheels has been disabled. check the permissions and owner of that directory. If executing pip with sudo, you may want sudo's -H flag. [INFO ] Executing command '/usr/local/bin/pip2.7 --version' in directory '/home/sansforensics' [DEBUG ] output: pip 9.0.1 from /usr/local/lib/python2.7/dist-packages (python 2.7) [INFO ] Executing command ['/usr/local/bin/pip2.7', 'freeze', '--all'] in directory '/home/sansforensics' [DEBUG ] stdout: adium-theme-ubuntu==0.3.4 analyzeMFT==2.0.19 apsw==3.8.11.1.post1 artifacts==20161022 bencode==1.0 binplist==0.1.5 bitstring==3.1.5 CFPropertyList==0.0.1 chardet==2.3.0 colorama==0.3.9 construct==2.5.3 coverage==4.4.1 cryptography==1.2.3 decorator==4.0.6 dfdatetime==20161101 dfvfs==20160108 dfwinreg==20160428 distorm3==3.3.4 dnspython==1.12.0 docopt==0.6.2 dpapick==0.3 dpkt==1.8 DSV==1.4.1 dumbnet==1.12 ecdsa==0.13 efilter==1!1.5 enum34==1.1.6 flowgrep==0.9 funcsigs==0.4 fuse-python==0.2.1 future==0.16.0 futures==3.0.5 hachoir-core==1.3.3 hachoir-metadata==1.3.3 hachoir-parser==1.3.4 haystack==0.42 hexdump==3.3 idna==2.0 ioc-writer==0.3.3 ipaddress==1.0.16 ipython==2.4.1 Jinja2==2.8 lxml==3.8.0 M2Crypto==0.26.0 Mako==1.0.3 MarkupSafe==0.23 mock==1.3.0 msgpack-python==0.4.6 ndg-httpsclient==0.4.0 ntdsxtract==1.2b0 paramiko==1.16.0 pbr==1.8.0 pefile==2016.3.28 pexpect==4.0.1 pip==9.0.1 plaso==1.4.0 protobuf==2.6.1 psutil==4.3.1 ptyprocess==0.5 py==1.4.34 pyasn1==0.2.3 pycoin==0.77 pycrypto==2.6.1 pycurl==7.43.0 PyMySQL==0.7.2 pynids==0.6.1 pyOpenSSL==0.15.1 pyparsing==2.1.5 pyserial==3.0.1 PySocks==1.6.7 pytest==3.1.3 pytest-cov==2.5.1 python-apt==1.1.0b1 python-dateutil==2.5.3 python-evtx==0.6.0 python-magic==0.4.13 python-ptrace==0.9.2 python-registry==1.0.4 python-systemd==231 pytsk3==20160721 pytz==2016.6.1 PyYAML==3.11 pyzmq==16.0.0 requests==2.11.1 salt==2016.11.6 setuptools==36.0.1 simplegeneric==0.8.1 simplejson==3.11.1 six==1.10.0 tornado==4.2.1 typing==3.6.1 unity-lens-photos==1.0 urllib3==1.13.1 virtualenv==15.0.1 volatility==2.6 wheel==0.29.0 wxPython==3.0.2.0 wxPython-common==3.0.2.0 xdot==0.6 XlsxWriter==0.9.3 yara-python==3.6.3 [DEBUG ] stderr: The directory '/home/sansforensics/.cache/pip/http' or its parent directory is not owned by the current user and the cache has been disabled. Please check the permissions and owner of that directory. If executing pip with sudo, you may want sudo's -H flag. [INFO ] {'setuptools==36.0.1': 'Installed'} [INFO ] Completed state [setuptools] at time 13:41:45.207277 duration_in_ms=2758.231 [INFO ] Running state [wheel] at time 13:41:45.209350 [INFO ] Executing state pip.installed for wheel [DEBUG ] Installed pip version: 8.1.1 [INFO ] Executing command '/usr/local/bin/pip2.7 --version' in directory '/home/sansforensics' [DEBUG ] output: pip 9.0.1 from /usr/local/lib/python2.7/dist-packages (python 2.7) [INFO ] Executing command ['/usr/local/bin/pip2.7', 'freeze', '--all'] in directory '/home/sansforensics' [DEBUG ] stdout: adium-theme-ubuntu==0.3.4 analyzeMFT==2.0.19 apsw==3.8.11.1.post1 artifacts==20161022 bencode==1.0 binplist==0.1.5 bitstring==3.1.5 CFPropertyList==0.0.1 chardet==2.3.0 colorama==0.3.9 construct==2.5.3 coverage==4.4.1 cryptography==1.2.3 decorator==4.0.6 dfdatetime==20161101 dfvfs==20160108 dfwinreg==20160428 distorm3==3.3.4 dnspython==1.12.0 docopt==0.6.2 dpapick==0.3 dpkt==1.8 DSV==1.4.1 dumbnet==1.12 ecdsa==0.13 efilter==1!1.5 enum34==1.1.6 flowgrep==0.9 funcsigs==0.4 fuse-python==0.2.1 future==0.16.0 futures==3.0.5 hachoir-core==1.3.3 hachoir-metadata==1.3.3 hachoir-parser==1.3.4 haystack==0.42 hexdump==3.3 idna==2.0 ioc-writer==0.3.3 ipaddress==1.0.16 ipython==2.4.1 Jinja2==2.8 lxml==3.8.0 M2Crypto==0.26.0 Mako==1.0.3 MarkupSafe==0.23 mock==1.3.0 msgpack-python==0.4.6 ndg-httpsclient==0.4.0 ntdsxtract==1.2b0 paramiko==1.16.0 pbr==1.8.0 pefile==2016.3.28 pexpect==4.0.1 pip==9.0.1 plaso==1.4.0 protobuf==2.6.1 psutil==4.3.1 ptyprocess==0.5 py==1.4.34 pyasn1==0.2.3 pycoin==0.77 pycrypto==2.6.1 pycurl==7.43.0 PyMySQL==0.7.2 pynids==0.6.1 pyOpenSSL==0.15.1 pyparsing==2.1.5 pyserial==3.0.1 PySocks==1.6.7 pytest==3.1.3 pytest-cov==2.5.1 python-apt==1.1.0b1 python-dateutil==2.5.3 python-evtx==0.6.0 python-magic==0.4.13 python-ptrace==0.9.2 python-registry==1.0.4 python-systemd==231 pytsk3==20160721 pytz==2016.6.1 PyYAML==3.11 pyzmq==16.0.0 requests==2.11.1 salt==2016.11.6 setuptools==36.0.1 simplegeneric==0.8.1 simplejson==3.11.1 six==1.10.0 tornado==4.2.1 typing==3.6.1 unity-lens-photos==1.0 urllib3==1.13.1 virtualenv==15.0.1 volatility==2.6 wheel==0.29.0 wxPython==3.0.2.0 wxPython-common==3.0.2.0 xdot==0.6 XlsxWriter==0.9.3 yara-python==3.6.3 [DEBUG ] stderr: The directory '/home/sansforensics/.cache/pip/http' or its parent directory is not owned by the current user and the cache has been disabled. Please check the permissions and owner of that directory. If executing pip with sudo, you may want sudo's -H flag. [DEBUG ] CLEANUP_REQUIREMENTS: [] [DEBUG ] TRY BLOCK: end of pip.install -- cmd: ['/usr/local/bin/pip2.7', 'install', '--upgrade', 'wheel'], cmd_kwargs: {'runas': None, 'use_vt': False, 'saltenv': 'base'} [INFO ] Executing command ['/usr/local/bin/pip2.7', 'install', '--upgrade', 'wheel'] in directory '/home/sansforensics' [DEBUG ] stdout: Requirement already up-to-date: wheel in /usr/lib/python2.7/dist-packages [DEBUG ] stderr: The directory '/home/sansforensics/.cache/pip/http' or its parent directory is not owned by the current user and the cache has been disabled. Please check the permissions and owner of that directory. If executing pip with sudo, you may want sudo's -H flag. The directory '/home/sansforensics/.cache/pip' or its parent directory is not owned by the current user and caching wheels has been disabled. check the permissions and owner of that directory. If executing pip with sudo, you may want sudo's -H flag. [INFO ] Executing command '/usr/local/bin/pip2.7 --version' in directory '/home/sansforensics' [DEBUG ] output: pip 9.0.1 from /usr/local/lib/python2.7/dist-packages (python 2.7) [INFO ] Executing command ['/usr/local/bin/pip2.7', 'freeze', '--all'] in directory '/home/sansforensics' [DEBUG ] stdout: adium-theme-ubuntu==0.3.4 analyzeMFT==2.0.19 apsw==3.8.11.1.post1 artifacts==20161022 bencode==1.0 binplist==0.1.5 bitstring==3.1.5 CFPropertyList==0.0.1 chardet==2.3.0 colorama==0.3.9 construct==2.5.3 coverage==4.4.1 cryptography==1.2.3 decorator==4.0.6 dfdatetime==20161101 dfvfs==20160108 dfwinreg==20160428 distorm3==3.3.4 dnspython==1.12.0 docopt==0.6.2 dpapick==0.3 dpkt==1.8 DSV==1.4.1 dumbnet==1.12 ecdsa==0.13 efilter==1!1.5 enum34==1.1.6 flowgrep==0.9 funcsigs==0.4 fuse-python==0.2.1 future==0.16.0 futures==3.0.5 hachoir-core==1.3.3 hachoir-metadata==1.3.3 hachoir-parser==1.3.4 haystack==0.42 hexdump==3.3 idna==2.0 ioc-writer==0.3.3 ipaddress==1.0.16 ipython==2.4.1 Jinja2==2.8 lxml==3.8.0 M2Crypto==0.26.0 Mako==1.0.3 MarkupSafe==0.23 mock==1.3.0 msgpack-python==0.4.6 ndg-httpsclient==0.4.0 ntdsxtract==1.2b0 paramiko==1.16.0 pbr==1.8.0 pefile==2016.3.28 pexpect==4.0.1 pip==9.0.1 plaso==1.4.0 protobuf==2.6.1 psutil==4.3.1 ptyprocess==0.5 py==1.4.34 pyasn1==0.2.3 pycoin==0.77 pycrypto==2.6.1 pycurl==7.43.0 PyMySQL==0.7.2 pynids==0.6.1 pyOpenSSL==0.15.1 pyparsing==2.1.5 pyserial==3.0.1 PySocks==1.6.7 pytest==3.1.3 pytest-cov==2.5.1 python-apt==1.1.0b1 python-dateutil==2.5.3 python-evtx==0.6.0 python-magic==0.4.13 python-ptrace==0.9.2 python-registry==1.0.4 python-systemd==231 pytsk3==20160721 pytz==2016.6.1 PyYAML==3.11 pyzmq==16.0.0 requests==2.11.1 salt==2016.11.6 setuptools==36.0.1 simplegeneric==0.8.1 simplejson==3.11.1 six==1.10.0 tornado==4.2.1 typing==3.6.1 unity-lens-photos==1.0 urllib3==1.13.1 virtualenv==15.0.1 volatility==2.6 wheel==0.29.0 wxPython==3.0.2.0 wxPython-common==3.0.2.0 xdot==0.6 XlsxWriter==0.9.3 yara-python==3.6.3 [DEBUG ] stderr: The directory '/home/sansforensics/.cache/pip/http' or its parent directory is not owned by the current user and the cache has been disabled. Please check the permissions and owner of that directory. If executing pip with sudo, you may want sudo's -H flag. [INFO ] All packages were successfully installed [INFO ] Completed state [wheel] at time 13:41:47.245355 duration_in_ms=2036.003 [DEBUG ] LazyLoaded virtualenv.managed [INFO ] Running state [/opt/rekall] at time 13:41:47.248369 [INFO ] Executing state virtualenv.managed for /opt/rekall [INFO ] Executing command ['/usr/bin/virtualenv', '/opt/rekall'] in directory '/home/sansforensics' [DEBUG ] stdout: New python executable in /opt/rekall/bin/python2 Also creating executable in /opt/rekall/bin/python Installing setuptools, pkg_resources, pip, wheel...done. Running virtualenv with interpreter /usr/bin/python2 [INFO ] Executing command '/opt/rekall/bin/python -V' in directory '/home/sansforensics' [DEBUG ] stderr: Python 2.7.12 [INFO ] Executing command '/opt/rekall/bin/pip --version' in directory '/home/sansforensics' [DEBUG ] output: pip 9.0.1 from /opt/rekall/local/lib/python2.7/site-packages (python 2.7) [INFO ] Executing command ['/opt/rekall/bin/pip', 'freeze', '--all'] in directory '/home/sansforensics' [DEBUG ] stdout: pip==9.0.1 pkg-resources==0.0.0 setuptools==36.0.1 wheel==0.30.0a0 [DEBUG ] stderr: The directory '/home/sansforensics/.cache/pip/http' or its parent directory is not owned by the current user and the cache has been disabled. Please check the permissions and owner of that directory. If executing pip with sudo, you may want sudo's -H flag. [DEBUG ] CLEANUP_REQUIREMENTS: [] [DEBUG ] TRY BLOCK: end of pip.install -- cmd: ['/opt/rekall/bin/pip', 'install', 'pip', 'setuptools', 'wheel', 'rekall'], cmd_kwargs: {'runas': None, 'use_vt': False, 'saltenv': 'base', 'env': {'VIRTUAL_ENV': '/opt/rekall'}} [INFO ] Executing command ['/opt/rekall/bin/pip', 'install', 'pip', 'setuptools', 'wheel', 'rekall'] in directory '/home/sansforensics' [DEBUG ] stdout: Requirement already satisfied: pip in /opt/rekall/lib/python2.7/site-packages Requirement already satisfied: setuptools in /opt/rekall/lib/python2.7/site-packages Requirement already satisfied: wheel in /opt/rekall/lib/python2.7/site-packages Collecting rekall Downloading rekall-1.6.0-py2-none-any.whl (1.5MB) Collecting ipython<6.0,>=5.0.0 (from rekall) Downloading ipython-5.4.1-py2-none-any.whl (757kB) Collecting readline; sys_platform != "win32" (from rekall) Downloading readline-6.2.4.1.tar.gz (2.3MB) Collecting rekall-core>=1.5.0 (from rekall) Downloading rekall_core-1.6.0-py2-none-any.whl (1.1MB) Collecting pickleshare (from ipython<6.0,>=5.0.0->rekall) Downloading pickleshare-0.7.4-py2.py3-none-any.whl Collecting simplegeneric>0.8 (from ipython<6.0,>=5.0.0->rekall) Downloading simplegeneric-0.8.1.zip Collecting traitlets>=4.2 (from ipython<6.0,>=5.0.0->rekall) Downloading traitlets-4.3.2-py2.py3-none-any.whl (74kB) Collecting backports.shutil-get-terminal-size; python_version == "2.7" (from ipython<6.0,>=5.0.0->rekall) Downloading backports.shutil_get_terminal_size-1.0.0-py2.py3-none-any.whl Collecting decorator (from ipython<6.0,>=5.0.0->rekall) Downloading decorator-4.0.11-py2.py3-none-any.whl Collecting pygments (from ipython<6.0,>=5.0.0->rekall) Downloading Pygments-2.2.0-py2.py3-none-any.whl (841kB) Collecting pexpect; sys_platform != "win32" (from ipython<6.0,>=5.0.0->rekall) Downloading pexpect-4.2.1-py2.py3-none-any.whl (55kB) Collecting pathlib2; python_version == "2.7" or python_version == "3.3" (from ipython<6.0,>=5.0.0->rekall) Downloading pathlib2-2.3.0-py2.py3-none-any.whl Collecting prompt-toolkit<2.0.0,>=1.0.4 (from ipython<6.0,>=5.0.0->rekall) Downloading prompt_toolkit-1.0.14-py2-none-any.whl (248kB) Collecting psutil<5.0,>=4.0 (from rekall-core>=1.5.0->rekall) Downloading psutil-4.4.2.tar.gz (1.8MB) Collecting pytsk3==20160721 (from rekall-core>=1.5.0->rekall) Downloading pytsk3-20160721.tar.gz (3.0MB) Collecting pyelftools==0.24 (from rekall-core>=1.5.0->rekall) Downloading pyelftools-0.24.tar.gz (411kB) Collecting intervaltree==2.1.0 (from rekall-core>=1.5.0->rekall) Downloading intervaltree-2.1.0.tar.gz Collecting python-dateutil==2.5.3 (from rekall-core>=1.5.0->rekall) Downloading python_dateutil-2.5.3-py2.py3-none-any.whl (201kB) Collecting acora==2.0 (from rekall-core>=1.5.0->rekall) Downloading acora-2.0.tar.gz (166kB) Collecting PyYAML==3.11 (from rekall-core>=1.5.0->rekall) Downloading PyYAML-3.11.zip (371kB) Collecting ipaddr==2.1.11 (from rekall-core>=1.5.0->rekall) Downloading ipaddr-2.1.11.tar.gz Collecting artifacts==20160114 (from rekall-core>=1.5.0->rekall) Downloading artifacts-20160114.tar.gz (43kB) Collecting pycrypto==2.6.1 (from rekall-core>=1.5.0->rekall) Downloading pycrypto-2.6.1.tar.gz (446kB) Collecting pytz==2016.4 (from rekall-core>=1.5.0->rekall) Downloading pytz-2016.4-py2.py3-none-any.whl (480kB) Collecting rekall-capstone==3.0.4.post2 (from rekall-core>=1.5.0->rekall) Downloading rekall-capstone-3.0.4.post2.zip (1.7MB) Collecting efilter==1!1.3 (from rekall-core>=1.5.0->rekall) Downloading efilter-1%211.3-py2-none-any.whl (105kB) Collecting pyaff4<0.30,>=0.24 (from rekall-core>=1.5.0->rekall) Downloading pyaff4-0.24.post3.tar.gz Collecting rekall-yara==3.4.0.1 (from rekall-core>=1.5.0->rekall) Downloading rekall_yara-3.4.0.1.tar.gz (1.1MB) Collecting pyparsing==2.1.5 (from rekall-core>=1.5.0->rekall) Downloading pyparsing-2.1.5-py2.py3-none-any.whl (42kB) Collecting arrow==0.7.0 (from rekall-core>=1.5.0->rekall) Downloading arrow-0.7.0.tar.gz (75kB) Collecting sortedcontainers==1.4.4 (from rekall-core>=1.5.0->rekall) Downloading sortedcontainers-1.4.4.tar.gz Collecting enum34; python_version == "2.7" (from traitlets>=4.2->ipython<6.0,>=5.0.0->rekall) Downloading enum34-1.1.6-py2-none-any.whl Collecting six (from traitlets>=4.2->ipython<6.0,>=5.0.0->rekall) Downloading six-1.10.0-py2.py3-none-any.whl Collecting ipython-genutils (from traitlets>=4.2->ipython<6.0,>=5.0.0->rekall) Downloading ipython_genutils-0.2.0-py2.py3-none-any.whl Collecting ptyprocess>=0.5 (from pexpect; sys_platform != "win32"->ipython<6.0,>=5.0.0->rekall) Downloading ptyprocess-0.5.2-py2.py3-none-any.whl Collecting scandir; python_version < "3.5" (from pathlib2; python_version == "2.7" or python_version == "3.3"->ipython<6.0,>=5.0.0->rekall) Downloading scandir-1.5.tar.gz Collecting wcwidth (from prompt-toolkit<2.0.0,>=1.0.4->ipython<6.0,>=5.0.0->rekall) Downloading wcwidth-0.1.7-py2.py3-none-any.whl Collecting aff4-snappy==0.5 (from pyaff4<0.30,>=0.24->rekall-core>=1.5.0->rekall) Downloading aff4-snappy-0.5.tar.gz (47kB) Collecting rdflib==4.2.1 (from pyaff4<0.30,>=0.24->rekall-core>=1.5.0->rekall) Downloading rdflib-4.2.1.tar.gz (889kB) Collecting isodate (from rdflib==4.2.1->pyaff4<0.30,>=0.24->rekall-core>=1.5.0->rekall) Downloading isodate-0.5.4.tar.gz Collecting SPARQLWrapper (from rdflib==4.2.1->pyaff4<0.30,>=0.24->rekall-core>=1.5.0->rekall) Downloading SPARQLWrapper-1.8.0.zip Collecting html5lib (from rdflib==4.2.1->pyaff4<0.30,>=0.24->rekall-core>=1.5.0->rekall) Downloading html5lib-0.999999999-py2.py3-none-any.whl (112kB) Collecting webencodings (from html5lib->rdflib==4.2.1->pyaff4<0.30,>=0.24->rekall-core>=1.5.0->rekall) Downloading webencodings-0.5.1-py2.py3-none-any.whl Installing collected packages: six, scandir, pathlib2, pickleshare, simplegeneric, enum34, decorator, ipython-genutils, traitlets, backports.shutil-get-terminal-size, pygments, ptyprocess, pexpect, wcwidth, prompt-toolkit, ipython, readline, psutil, pytsk3, pyelftools, sortedcontainers, intervaltree, python-dateutil, acora, PyYAML, ipaddr, artifacts, pycrypto, pytz, rekall-capstone, efilter, aff4-snappy, isodate, pyparsing, SPARQLWrapper, webencodings, html5lib, rdflib, pyaff4, rekall-yara, arrow, rekall-core, rekall Running setup.py install for scandir: started Running setup.py install for scandir: finished with status 'done' Running setup.py install for simplegeneric: started Running setup.py install for simplegeneric: finished with status 'done' Running setup.py install for readline: started Running setup.py install for readline: finished with status 'done' Running setup.py install for psutil: started Running setup.py install for psutil: finished with status 'done' Running setup.py install for pytsk3: started Running setup.py install for pytsk3: finished with status 'done' Running setup.py install for pyelftools: started Running setup.py install for pyelftools: finished with status 'done' Running setup.py install for sortedcontainers: started Running setup.py install for sortedcontainers: finished with status 'done' Running setup.py install for intervaltree: started Running setup.py install for intervaltree: finished with status 'done' Running setup.py install for acora: started Running setup.py install for acora: finished with status 'done' Running setup.py install for PyYAML: started Running setup.py install for PyYAML: finished with status 'done' Running setup.py install for ipaddr: started Running setup.py install for ipaddr: finished with status 'done' Running setup.py install for artifacts: started Running setup.py install for artifacts: finished with status 'done' Running setup.py install for pycrypto: started Running setup.py install for pycrypto: finished with status 'done' Running setup.py install for rekall-capstone: started Running setup.py install for rekall-capstone: finished with status 'done' Running setup.py install for aff4-snappy: started Running setup.py install for aff4-snappy: finished with status 'done' Running setup.py install for isodate: started Running setup.py install for isodate: finished with status 'done' Running setup.py install for SPARQLWrapper: started Running setup.py install for SPARQLWrapper: finished with status 'done' Running setup.py install for rdflib: started Running setup.py install for rdflib: finished with status 'done' Running setup.py install for pyaff4: started Running setup.py install for pyaff4: finished with status 'done' Running setup.py install for rekall-yara: started Running setup.py install for rekall-yara: finished with status 'done' Running setup.py install for arrow: started Running setup.py install for arrow: finished with status 'done' Successfully installed PyYAML-3.11 SPARQLWrapper-1.8.0 acora-2.0 aff4-snappy-0.5 arrow-0.7.0 artifacts-20160114 backports.shutil-get-terminal-size-1.0.0 decorator-4.0.11 efilter-1!1.3 enum34-1.1.6 html5lib-0.999999999 intervaltree-2.1.0 ipaddr-2.1.11 ipython-5.4.1 ipython-genutils-0.2.0 isodate-0.5.4 pathlib2-2.3.0 pexpect-4.2.1 pickleshare-0.7.4 prompt-toolkit-1.0.14 psutil-4.4.2 ptyprocess-0.5.2 pyaff4-0.24.post3 pycrypto-2.6.1 pyelftools-0.24 pygments-2.2.0 pyparsing-2.1.5 python-dateutil-2.5.3 pytsk3-20160721 pytz-2016.4 rdflib-4.2.1 readline-6.2.4.1 rekall-1.6.0 rekall-capstone-3.0.4.post2 rekall-core-1.6.0 rekall-yara-3.4.0.1 scandir-1.5 simplegeneric-0.8.1 six-1.10.0 sortedcontainers-1.4.4 traitlets-4.3.2 wcwidth-0.1.7 webencodings-0.5.1 [DEBUG ] stderr: The directory '/home/sansforensics/.cache/pip/http' or its parent directory is not owned by the current user and the cache has been disabled. Please check the permissions and owner of that directory. If executing pip with sudo, you may want sudo's -H flag. The directory '/home/sansforensics/.cache/pip' or its parent directory is not owned by the current user and caching wheels has been disabled. check the permissions and owner of that directory. If executing pip with sudo, you may want sudo's -H flag. [INFO ] Executing command '/opt/rekall/bin/pip --version' in directory '/home/sansforensics' [DEBUG ] output: pip 9.0.1 from /opt/rekall/local/lib/python2.7/site-packages (python 2.7) [INFO ] Executing command ['/opt/rekall/bin/pip', 'freeze', '--all'] in directory '/home/sansforensics' [DEBUG ] stdout: acora==2.0 aff4-snappy==0.5 arrow==0.7.0 artifacts==20160114 backports.shutil-get-terminal-size==1.0.0 decorator==4.0.11 efilter==1!1.3 enum34==1.1.6 html5lib==0.999999999 intervaltree==2.1.0 ipaddr==2.1.11 ipython==5.4.1 ipython-genutils==0.2.0 isodate==0.5.4 pathlib2==2.3.0 pexpect==4.2.1 pickleshare==0.7.4 pip==9.0.1 pkg-resources==0.0.0 prompt-toolkit==1.0.14 psutil==4.4.2 ptyprocess==0.5.2 pyaff4==0.24.post3 pycrypto==2.6.1 pyelftools==0.24 Pygments==2.2.0 pyparsing==2.1.5 python-dateutil==2.5.3 pytsk3==20160721 pytz==2016.4 PyYAML==3.11 rdflib==4.2.1 readline==6.2.4.1 rekall==1.6.0 rekall-capstone==3.0.4.post2 rekall-core==1.6.0 rekall-yara==3.4.0.1 scandir==1.5 setuptools==36.0.1 simplegeneric==0.8.1 six==1.10.0 sortedcontainers==1.4.4 SPARQLWrapper==1.8.0 traitlets==4.3.2 wcwidth==0.1.7 webencodings==0.5.1 wheel==0.30.0a0 [DEBUG ] stderr: The directory '/home/sansforensics/.cache/pip/http' or its parent directory is not owned by the current user and the cache has been disabled. Please check the permissions and owner of that directory. If executing pip with sudo, you may want sudo's -H flag. [INFO ] {'new': 'Python 2.7.12', 'packages': {'new': ['ipython==5.4.1', 'aff4-snappy==0.5', 'arrow==0.7.0', 'artifacts==20160114', 'readline==6.2.4.1', 'PyYAML==3.11', 'pytz==2016.4', 'pyaff4==0.24.post3', 'backports.shutil-get-terminal-size==1.0.0', 'isodate==0.5.4', 'wcwidth==0.1.7', 'scandir==1.5', 'pickleshare==0.7.4', 'pyelftools==0.24', 'pycrypto==2.6.1', 'intervaltree==2.1.0', 'pyparsing==2.1.5', 'efilter==1!1.3', 'rekall-core==1.6.0', 'decorator==4.0.11', 'psutil==4.4.2', 'pexpect==4.2.1', 'pathlib2==2.3.0', 'webencodings==0.5.1', 'traitlets==4.3.2', 'enum34==1.1.6', 'simplegeneric==0.8.1', 'python-dateutil==2.5.3', 'rdflib==4.2.1', 'acora==2.0', 'rekall-yara==3.4.0.1', 'SPARQLWrapper==1.8.0', 'rekall-capstone==3.0.4.post2', 'six==1.10.0', 'rekall==1.6.0', 'prompt-toolkit==1.0.14', 'ptyprocess==0.5.2', 'ipython-genutils==0.2.0', 'sortedcontainers==1.4.4', 'ipaddr==2.1.11', 'html5lib==0.999999999', 'Pygments==2.2.0', 'pytsk3==20160721'], 'old': ''}} [INFO ] Completed state [/opt/rekall] at time 13:43:39.553636 duration_in_ms=112305.267 [INFO ] Running state [rekall] at time 13:43:39.565533 [INFO ] Executing state pip.installed for rekall [DEBUG ] Installed pip version: 8.1.1 [INFO ] Executing command '/opt/rekall/bin/pip --version' in directory '/home/sansforensics' [DEBUG ] output: pip 9.0.1 from /opt/rekall/local/lib/python2.7/site-packages (python 2.7) [INFO ] Executing command ['/opt/rekall/bin/pip', 'freeze', '--all'] in directory '/home/sansforensics' [DEBUG ] stdout: acora==2.0 aff4-snappy==0.5 arrow==0.7.0 artifacts==20160114 backports.shutil-get-terminal-size==1.0.0 decorator==4.0.11 efilter==1!1.3 enum34==1.1.6 html5lib==0.999999999 intervaltree==2.1.0 ipaddr==2.1.11 ipython==5.4.1 ipython-genutils==0.2.0 isodate==0.5.4 pathlib2==2.3.0 pexpect==4.2.1 pickleshare==0.7.4 pip==9.0.1 pkg-resources==0.0.0 prompt-toolkit==1.0.14 psutil==4.4.2 ptyprocess==0.5.2 pyaff4==0.24.post3 pycrypto==2.6.1 pyelftools==0.24 Pygments==2.2.0 pyparsing==2.1.5 python-dateutil==2.5.3 pytsk3==20160721 pytz==2016.4 PyYAML==3.11 rdflib==4.2.1 readline==6.2.4.1 rekall==1.6.0 rekall-capstone==3.0.4.post2 rekall-core==1.6.0 rekall-yara==3.4.0.1 scandir==1.5 setuptools==36.0.1 simplegeneric==0.8.1 six==1.10.0 sortedcontainers==1.4.4 SPARQLWrapper==1.8.0 traitlets==4.3.2 wcwidth==0.1.7 webencodings==0.5.1 wheel==0.30.0a0 [DEBUG ] stderr: The directory '/home/sansforensics/.cache/pip/http' or its parent directory is not owned by the current user and the cache has been disabled. Please check the permissions and owner of that directory. If executing pip with sudo, you may want sudo's -H flag. [DEBUG ] CLEANUP_REQUIREMENTS: [] [DEBUG ] TRY BLOCK: end of pip.install -- cmd: ['/opt/rekall/bin/pip', 'install'], cmd_kwargs: {'runas': None, 'use_vt': False, 'saltenv': 'base', 'env': {'VIRTUAL_ENV': '/opt/rekall'}} [INFO ] Executing command ['/opt/rekall/bin/pip', 'install'] in directory '/home/sansforensics' [DEBUG ] stderr: The directory '/home/sansforensics/.cache/pip/http' or its parent directory is not owned by the current user and the cache has been disabled. Please check the permissions and owner of that directory. If executing pip with sudo, you may want sudo's -H flag. The directory '/home/sansforensics/.cache/pip' or its parent directory is not owned by the current user and caching wheels has been disabled. check the permissions and owner of that directory. If executing pip with sudo, you may want sudo's -H flag. You must give at least one requirement to install (see "pip help install") [INFO ] Python package rekall was already installed All packages were successfully installed [INFO ] Completed state [rekall] at time 13:43:40.460264 duration_in_ms=894.73 [INFO ] Running state [six] at time 13:43:40.462390 [INFO ] Executing state pip.installed for six [DEBUG ] Installed pip version: 8.1.1 [INFO ] Executing command '/usr/local/bin/pip2.7 --version' in directory '/home/sansforensics' [DEBUG ] output: pip 9.0.1 from /usr/local/lib/python2.7/dist-packages (python 2.7) [INFO ] Executing command ['/usr/local/bin/pip2.7', 'freeze', '--all'] in directory '/home/sansforensics' [DEBUG ] stdout: adium-theme-ubuntu==0.3.4 analyzeMFT==2.0.19 apsw==3.8.11.1.post1 artifacts==20161022 bencode==1.0 binplist==0.1.5 bitstring==3.1.5 CFPropertyList==0.0.1 chardet==2.3.0 colorama==0.3.9 construct==2.5.3 coverage==4.4.1 cryptography==1.2.3 decorator==4.0.6 dfdatetime==20161101 dfvfs==20160108 dfwinreg==20160428 distorm3==3.3.4 dnspython==1.12.0 docopt==0.6.2 dpapick==0.3 dpkt==1.8 DSV==1.4.1 dumbnet==1.12 ecdsa==0.13 efilter==1!1.5 enum34==1.1.6 flowgrep==0.9 funcsigs==0.4 fuse-python==0.2.1 future==0.16.0 futures==3.0.5 hachoir-core==1.3.3 hachoir-metadata==1.3.3 hachoir-parser==1.3.4 haystack==0.42 hexdump==3.3 idna==2.0 ioc-writer==0.3.3 ipaddress==1.0.16 ipython==2.4.1 Jinja2==2.8 lxml==3.8.0 M2Crypto==0.26.0 Mako==1.0.3 MarkupSafe==0.23 mock==1.3.0 msgpack-python==0.4.6 ndg-httpsclient==0.4.0 ntdsxtract==1.2b0 paramiko==1.16.0 pbr==1.8.0 pefile==2016.3.28 pexpect==4.0.1 pip==9.0.1 plaso==1.4.0 protobuf==2.6.1 psutil==4.3.1 ptyprocess==0.5 py==1.4.34 pyasn1==0.2.3 pycoin==0.77 pycrypto==2.6.1 pycurl==7.43.0 PyMySQL==0.7.2 pynids==0.6.1 pyOpenSSL==0.15.1 pyparsing==2.1.5 pyserial==3.0.1 PySocks==1.6.7 pytest==3.1.3 pytest-cov==2.5.1 python-apt==1.1.0b1 python-dateutil==2.5.3 python-evtx==0.6.0 python-magic==0.4.13 python-ptrace==0.9.2 python-registry==1.0.4 python-systemd==231 pytsk3==20160721 pytz==2016.6.1 PyYAML==3.11 pyzmq==16.0.0 requests==2.11.1 salt==2016.11.6 setuptools==36.0.1 simplegeneric==0.8.1 simplejson==3.11.1 six==1.10.0 tornado==4.2.1 typing==3.6.1 unity-lens-photos==1.0 urllib3==1.13.1 virtualenv==15.0.1 volatility==2.6 wheel==0.29.0 wxPython==3.0.2.0 wxPython-common==3.0.2.0 xdot==0.6 XlsxWriter==0.9.3 yara-python==3.6.3 [DEBUG ] stderr: The directory '/home/sansforensics/.cache/pip/http' or its parent directory is not owned by the current user and the cache has been disabled. Please check the permissions and owner of that directory. If executing pip with sudo, you may want sudo's -H flag. [DEBUG ] CLEANUP_REQUIREMENTS: [] [DEBUG ] TRY BLOCK: end of pip.install -- cmd: ['/usr/local/bin/pip2.7', 'install'], cmd_kwargs: {'runas': None, 'use_vt': False, 'saltenv': 'base'} [INFO ] Executing command ['/usr/local/bin/pip2.7', 'install'] in directory '/home/sansforensics' [DEBUG ] stderr: The directory '/home/sansforensics/.cache/pip/http' or its parent directory is not owned by the current user and the cache has been disabled. Please check the permissions and owner of that directory. If executing pip with sudo, you may want sudo's -H flag. The directory '/home/sansforensics/.cache/pip' or its parent directory is not owned by the current user and caching wheels has been disabled. check the permissions and owner of that directory. If executing pip with sudo, you may want sudo's -H flag. You must give at least one requirement to install (see "pip help install") [INFO ] Python package six was already installed All packages were successfully installed [INFO ] Completed state [six] at time 13:43:42.559424 duration_in_ms=2097.032 [INFO ] Running state [stix] at time 13:43:42.563651 [INFO ] Executing state pip.installed for stix [DEBUG ] Installed pip version: 8.1.1 [INFO ] Executing command '/usr/local/bin/pip2.7 --version' in directory '/home/sansforensics' [DEBUG ] output: pip 9.0.1 from /usr/local/lib/python2.7/dist-packages (python 2.7) [INFO ] Executing command ['/usr/local/bin/pip2.7', 'freeze', '--all'] in directory '/home/sansforensics' [DEBUG ] stdout: adium-theme-ubuntu==0.3.4 analyzeMFT==2.0.19 apsw==3.8.11.1.post1 artifacts==20161022 bencode==1.0 binplist==0.1.5 bitstring==3.1.5 CFPropertyList==0.0.1 chardet==2.3.0 colorama==0.3.9 construct==2.5.3 coverage==4.4.1 cryptography==1.2.3 decorator==4.0.6 dfdatetime==20161101 dfvfs==20160108 dfwinreg==20160428 distorm3==3.3.4 dnspython==1.12.0 docopt==0.6.2 dpapick==0.3 dpkt==1.8 DSV==1.4.1 dumbnet==1.12 ecdsa==0.13 efilter==1!1.5 enum34==1.1.6 flowgrep==0.9 funcsigs==0.4 fuse-python==0.2.1 future==0.16.0 futures==3.0.5 hachoir-core==1.3.3 hachoir-metadata==1.3.3 hachoir-parser==1.3.4 haystack==0.42 hexdump==3.3 idna==2.0 ioc-writer==0.3.3 ipaddress==1.0.16 ipython==2.4.1 Jinja2==2.8 lxml==3.8.0 M2Crypto==0.26.0 Mako==1.0.3 MarkupSafe==0.23 mock==1.3.0 msgpack-python==0.4.6 ndg-httpsclient==0.4.0 ntdsxtract==1.2b0 paramiko==1.16.0 pbr==1.8.0 pefile==2016.3.28 pexpect==4.0.1 pip==9.0.1 plaso==1.4.0 protobuf==2.6.1 psutil==4.3.1 ptyprocess==0.5 py==1.4.34 pyasn1==0.2.3 pycoin==0.77 pycrypto==2.6.1 pycurl==7.43.0 PyMySQL==0.7.2 pynids==0.6.1 pyOpenSSL==0.15.1 pyparsing==2.1.5 pyserial==3.0.1 PySocks==1.6.7 pytest==3.1.3 pytest-cov==2.5.1 python-apt==1.1.0b1 python-dateutil==2.5.3 python-evtx==0.6.0 python-magic==0.4.13 python-ptrace==0.9.2 python-registry==1.0.4 python-systemd==231 pytsk3==20160721 pytz==2016.6.1 PyYAML==3.11 pyzmq==16.0.0 requests==2.11.1 salt==2016.11.6 setuptools==36.0.1 simplegeneric==0.8.1 simplejson==3.11.1 six==1.10.0 tornado==4.2.1 typing==3.6.1 unity-lens-photos==1.0 urllib3==1.13.1 virtualenv==15.0.1 volatility==2.6 wheel==0.29.0 wxPython==3.0.2.0 wxPython-common==3.0.2.0 xdot==0.6 XlsxWriter==0.9.3 yara-python==3.6.3 [DEBUG ] stderr: The directory '/home/sansforensics/.cache/pip/http' or its parent directory is not owned by the current user and the cache has been disabled. Please check the permissions and owner of that directory. If executing pip with sudo, you may want sudo's -H flag. [DEBUG ] CLEANUP_REQUIREMENTS: [] [DEBUG ] TRY BLOCK: end of pip.install -- cmd: ['/usr/local/bin/pip2.7', 'install', 'stix'], cmd_kwargs: {'runas': None, 'use_vt': False, 'saltenv': 'base'} [INFO ] Executing command ['/usr/local/bin/pip2.7', 'install', 'stix'] in directory '/home/sansforensics' [DEBUG ] stdout: Collecting stix Downloading stix-1.2.0.4-py2.py3-none-any.whl (289kB) Requirement already satisfied: lxml>=2.3 in /usr/local/lib/python2.7/dist-packages (from stix) Collecting mixbox>=1.0.2 (from stix) Downloading mixbox-1.0.2-py2.py3-none-any.whl (46kB) Requirement already satisfied: python-dateutil in /usr/lib/python2.7/dist-packages (from stix) Collecting cybox<2.1.1.0,>=2.1.0.13.dev1 (from stix) Downloading cybox-2.1.0.14-py2.py3-none-any.whl (724kB) Collecting weakrefmethod>=1.0.3; python_version < "3.4" (from mixbox>=1.0.2->stix) Downloading weakrefmethod-1.0.3.tar.gz Collecting ordered-set (from mixbox>=1.0.2->stix) Downloading ordered-set-2.0.2.tar.gz Requirement already satisfied: six>=1.5 in /usr/lib/python2.7/dist-packages (from python-dateutil->stix) Installing collected packages: weakrefmethod, ordered-set, mixbox, cybox, stix Running setup.py install for weakrefmethod: started Running setup.py install for weakrefmethod: finished with status 'done' Running setup.py install for ordered-set: started Running setup.py install for ordered-set: finished with status 'done' Successfully installed cybox-2.1.0.14 mixbox-1.0.2 ordered-set-2.0.2 stix-1.2.0.4 weakrefmethod-1.0.3 [DEBUG ] stderr: The directory '/home/sansforensics/.cache/pip/http' or its parent directory is not owned by the current user and the cache has been disabled. Please check the permissions and owner of that directory. If executing pip with sudo, you may want sudo's -H flag. The directory '/home/sansforensics/.cache/pip' or its parent directory is not owned by the current user and caching wheels has been disabled. check the permissions and owner of that directory. If executing pip with sudo, you may want sudo's -H flag. [INFO ] Executing command '/usr/local/bin/pip2.7 --version' in directory '/home/sansforensics' [DEBUG ] output: pip 9.0.1 from /usr/local/lib/python2.7/dist-packages (python 2.7) [INFO ] Executing command ['/usr/local/bin/pip2.7', 'freeze', '--all'] in directory '/home/sansforensics' [DEBUG ] stdout: adium-theme-ubuntu==0.3.4 analyzeMFT==2.0.19 apsw==3.8.11.1.post1 artifacts==20161022 bencode==1.0 binplist==0.1.5 bitstring==3.1.5 CFPropertyList==0.0.1 chardet==2.3.0 colorama==0.3.9 construct==2.5.3 coverage==4.4.1 cryptography==1.2.3 cybox==2.1.0.14 decorator==4.0.6 dfdatetime==20161101 dfvfs==20160108 dfwinreg==20160428 distorm3==3.3.4 dnspython==1.12.0 docopt==0.6.2 dpapick==0.3 dpkt==1.8 DSV==1.4.1 dumbnet==1.12 ecdsa==0.13 efilter==1!1.5 enum34==1.1.6 flowgrep==0.9 funcsigs==0.4 fuse-python==0.2.1 future==0.16.0 futures==3.0.5 hachoir-core==1.3.3 hachoir-metadata==1.3.3 hachoir-parser==1.3.4 haystack==0.42 hexdump==3.3 idna==2.0 ioc-writer==0.3.3 ipaddress==1.0.16 ipython==2.4.1 Jinja2==2.8 lxml==3.8.0 M2Crypto==0.26.0 Mako==1.0.3 MarkupSafe==0.23 mixbox==1.0.2 mock==1.3.0 msgpack-python==0.4.6 ndg-httpsclient==0.4.0 ntdsxtract==1.2b0 ordered-set==2.0.2 paramiko==1.16.0 pbr==1.8.0 pefile==2016.3.28 pexpect==4.0.1 pip==9.0.1 plaso==1.4.0 protobuf==2.6.1 psutil==4.3.1 ptyprocess==0.5 py==1.4.34 pyasn1==0.2.3 pycoin==0.77 pycrypto==2.6.1 pycurl==7.43.0 PyMySQL==0.7.2 pynids==0.6.1 pyOpenSSL==0.15.1 pyparsing==2.1.5 pyserial==3.0.1 PySocks==1.6.7 pytest==3.1.3 pytest-cov==2.5.1 python-apt==1.1.0b1 python-dateutil==2.5.3 python-evtx==0.6.0 python-magic==0.4.13 python-ptrace==0.9.2 python-registry==1.0.4 python-systemd==231 pytsk3==20160721 pytz==2016.6.1 PyYAML==3.11 pyzmq==16.0.0 requests==2.11.1 salt==2016.11.6 setuptools==36.0.1 simplegeneric==0.8.1 simplejson==3.11.1 six==1.10.0 stix==1.2.0.4 tornado==4.2.1 typing==3.6.1 unity-lens-photos==1.0 urllib3==1.13.1 virtualenv==15.0.1 volatility==2.6 weakrefmethod==1.0.3 wheel==0.29.0 wxPython==3.0.2.0 wxPython-common==3.0.2.0 xdot==0.6 XlsxWriter==0.9.3 yara-python==3.6.3 [DEBUG ] stderr: The directory '/home/sansforensics/.cache/pip/http' or its parent directory is not owned by the current user and the cache has been disabled. Please check the permissions and owner of that directory. If executing pip with sudo, you may want sudo's -H flag. [INFO ] {'stix==1.2.0.4': 'Installed'} [INFO ] Completed state [stix] at time 13:43:47.443575 duration_in_ms=4879.923 [INFO ] Running state [stix-validator] at time 13:43:47.447254 [INFO ] Executing state pip.installed for stix-validator [DEBUG ] Installed pip version: 8.1.1 [INFO ] Executing command '/usr/local/bin/pip2.7 --version' in directory '/home/sansforensics' [DEBUG ] output: pip 9.0.1 from /usr/local/lib/python2.7/dist-packages (python 2.7) [INFO ] Executing command ['/usr/local/bin/pip2.7', 'freeze', '--all'] in directory '/home/sansforensics' [DEBUG ] stdout: adium-theme-ubuntu==0.3.4 analyzeMFT==2.0.19 apsw==3.8.11.1.post1 artifacts==20161022 bencode==1.0 binplist==0.1.5 bitstring==3.1.5 CFPropertyList==0.0.1 chardet==2.3.0 colorama==0.3.9 construct==2.5.3 coverage==4.4.1 cryptography==1.2.3 cybox==2.1.0.14 decorator==4.0.6 dfdatetime==20161101 dfvfs==20160108 dfwinreg==20160428 distorm3==3.3.4 dnspython==1.12.0 docopt==0.6.2 dpapick==0.3 dpkt==1.8 DSV==1.4.1 dumbnet==1.12 ecdsa==0.13 efilter==1!1.5 enum34==1.1.6 flowgrep==0.9 funcsigs==0.4 fuse-python==0.2.1 future==0.16.0 futures==3.0.5 hachoir-core==1.3.3 hachoir-metadata==1.3.3 hachoir-parser==1.3.4 haystack==0.42 hexdump==3.3 idna==2.0 ioc-writer==0.3.3 ipaddress==1.0.16 ipython==2.4.1 Jinja2==2.8 lxml==3.8.0 M2Crypto==0.26.0 Mako==1.0.3 MarkupSafe==0.23 mixbox==1.0.2 mock==1.3.0 msgpack-python==0.4.6 ndg-httpsclient==0.4.0 ntdsxtract==1.2b0 ordered-set==2.0.2 paramiko==1.16.0 pbr==1.8.0 pefile==2016.3.28 pexpect==4.0.1 pip==9.0.1 plaso==1.4.0 protobuf==2.6.1 psutil==4.3.1 ptyprocess==0.5 py==1.4.34 pyasn1==0.2.3 pycoin==0.77 pycrypto==2.6.1 pycurl==7.43.0 PyMySQL==0.7.2 pynids==0.6.1 pyOpenSSL==0.15.1 pyparsing==2.1.5 pyserial==3.0.1 PySocks==1.6.7 pytest==3.1.3 pytest-cov==2.5.1 python-apt==1.1.0b1 python-dateutil==2.5.3 python-evtx==0.6.0 python-magic==0.4.13 python-ptrace==0.9.2 python-registry==1.0.4 python-systemd==231 pytsk3==20160721 pytz==2016.6.1 PyYAML==3.11 pyzmq==16.0.0 requests==2.11.1 salt==2016.11.6 setuptools==36.0.1 simplegeneric==0.8.1 simplejson==3.11.1 six==1.10.0 stix==1.2.0.4 tornado==4.2.1 typing==3.6.1 unity-lens-photos==1.0 urllib3==1.13.1 virtualenv==15.0.1 volatility==2.6 weakrefmethod==1.0.3 wheel==0.29.0 wxPython==3.0.2.0 wxPython-common==3.0.2.0 xdot==0.6 XlsxWriter==0.9.3 yara-python==3.6.3 [DEBUG ] stderr: The directory '/home/sansforensics/.cache/pip/http' or its parent directory is not owned by the current user and the cache has been disabled. Please check the permissions and owner of that directory. If executing pip with sudo, you may want sudo's -H flag. [DEBUG ] CLEANUP_REQUIREMENTS: [] [DEBUG ] TRY BLOCK: end of pip.install -- cmd: ['/usr/local/bin/pip2.7', 'install', 'stix-validator'], cmd_kwargs: {'runas': None, 'use_vt': False, 'saltenv': 'base'} [INFO ] Executing command ['/usr/local/bin/pip2.7', 'install', 'stix-validator'] in directory '/home/sansforensics' [DEBUG ] stdout: Collecting stix-validator Downloading stix_validator-2.5.0-py2.py3-none-any.whl (3.4MB) Collecting ordereddict (from stix-validator) Downloading ordereddict-1.1.tar.gz Requirement already satisfied: lxml>=3.3.5 in /usr/local/lib/python2.7/dist-packages (from stix-validator) Collecting xlrd>=0.9.2 (from stix-validator) Downloading xlrd-1.0.0.tar.gz (2.6MB) Requirement already satisfied: python-dateutil in /usr/lib/python2.7/dist-packages (from stix-validator) Requirement already satisfied: mixbox>=0.0.11 in /usr/local/lib/python2.7/dist-packages (from stix-validator) Requirement already satisfied: six>=1.5 in /usr/lib/python2.7/dist-packages (from python-dateutil->stix-validator) Requirement already satisfied: weakrefmethod>=1.0.3; python_version < "3.4" in /usr/local/lib/python2.7/dist-packages (from mixbox>=0.0.11->stix-validator) Requirement already satisfied: ordered-set in /usr/local/lib/python2.7/dist-packages (from mixbox>=0.0.11->stix-validator) Installing collected packages: ordereddict, xlrd, stix-validator Running setup.py install for ordereddict: started Running setup.py install for ordereddict: finished with status 'done' Running setup.py install for xlrd: started Running setup.py install for xlrd: finished with status 'done' Successfully installed ordereddict-1.1 stix-validator-2.5.0 xlrd-1.0.0 [DEBUG ] stderr: The directory '/home/sansforensics/.cache/pip/http' or its parent directory is not owned by the current user and the cache has been disabled. Please check the permissions and owner of that directory. If executing pip with sudo, you may want sudo's -H flag. The directory '/home/sansforensics/.cache/pip' or its parent directory is not owned by the current user and caching wheels has been disabled. check the permissions and owner of that directory. If executing pip with sudo, you may want sudo's -H flag. [INFO ] Executing command '/usr/local/bin/pip2.7 --version' in directory '/home/sansforensics' [DEBUG ] output: pip 9.0.1 from /usr/local/lib/python2.7/dist-packages (python 2.7) [INFO ] Executing command ['/usr/local/bin/pip2.7', 'freeze', '--all'] in directory '/home/sansforensics' [DEBUG ] stdout: adium-theme-ubuntu==0.3.4 analyzeMFT==2.0.19 apsw==3.8.11.1.post1 artifacts==20161022 bencode==1.0 binplist==0.1.5 bitstring==3.1.5 CFPropertyList==0.0.1 chardet==2.3.0 colorama==0.3.9 construct==2.5.3 coverage==4.4.1 cryptography==1.2.3 cybox==2.1.0.14 decorator==4.0.6 dfdatetime==20161101 dfvfs==20160108 dfwinreg==20160428 distorm3==3.3.4 dnspython==1.12.0 docopt==0.6.2 dpapick==0.3 dpkt==1.8 DSV==1.4.1 dumbnet==1.12 ecdsa==0.13 efilter==1!1.5 enum34==1.1.6 flowgrep==0.9 funcsigs==0.4 fuse-python==0.2.1 future==0.16.0 futures==3.0.5 hachoir-core==1.3.3 hachoir-metadata==1.3.3 hachoir-parser==1.3.4 haystack==0.42 hexdump==3.3 idna==2.0 ioc-writer==0.3.3 ipaddress==1.0.16 ipython==2.4.1 Jinja2==2.8 lxml==3.8.0 M2Crypto==0.26.0 Mako==1.0.3 MarkupSafe==0.23 mixbox==1.0.2 mock==1.3.0 msgpack-python==0.4.6 ndg-httpsclient==0.4.0 ntdsxtract==1.2b0 ordered-set==2.0.2 ordereddict==1.1 paramiko==1.16.0 pbr==1.8.0 pefile==2016.3.28 pexpect==4.0.1 pip==9.0.1 plaso==1.4.0 protobuf==2.6.1 psutil==4.3.1 ptyprocess==0.5 py==1.4.34 pyasn1==0.2.3 pycoin==0.77 pycrypto==2.6.1 pycurl==7.43.0 PyMySQL==0.7.2 pynids==0.6.1 pyOpenSSL==0.15.1 pyparsing==2.1.5 pyserial==3.0.1 PySocks==1.6.7 pytest==3.1.3 pytest-cov==2.5.1 python-apt==1.1.0b1 python-dateutil==2.5.3 python-evtx==0.6.0 python-magic==0.4.13 python-ptrace==0.9.2 python-registry==1.0.4 python-systemd==231 pytsk3==20160721 pytz==2016.6.1 PyYAML==3.11 pyzmq==16.0.0 requests==2.11.1 salt==2016.11.6 setuptools==36.0.1 simplegeneric==0.8.1 simplejson==3.11.1 six==1.10.0 stix==1.2.0.4 stix-validator==2.5.0 tornado==4.2.1 typing==3.6.1 unity-lens-photos==1.0 urllib3==1.13.1 virtualenv==15.0.1 volatility==2.6 weakrefmethod==1.0.3 wheel==0.29.0 wxPython==3.0.2.0 wxPython-common==3.0.2.0 xdot==0.6 xlrd==1.0.0 XlsxWriter==0.9.3 yara-python==3.6.3 [DEBUG ] stderr: The directory '/home/sansforensics/.cache/pip/http' or its parent directory is not owned by the current user and the cache has been disabled. Please check the permissions and owner of that directory. If executing pip with sudo, you may want sudo's -H flag. [INFO ] {'stix-validator==2.5.0': 'Installed'} [INFO ] Completed state [stix-validator] at time 13:43:53.246949 duration_in_ms=5799.693 [INFO ] Running state [unicodecsv] at time 13:43:53.253658 [INFO ] Executing state pip.installed for unicodecsv [DEBUG ] Installed pip version: 8.1.1 [INFO ] Executing command '/usr/local/bin/pip2.7 --version' in directory '/home/sansforensics' [DEBUG ] output: pip 9.0.1 from /usr/local/lib/python2.7/dist-packages (python 2.7) [INFO ] Executing command ['/usr/local/bin/pip2.7', 'freeze', '--all'] in directory '/home/sansforensics' [DEBUG ] stdout: adium-theme-ubuntu==0.3.4 analyzeMFT==2.0.19 apsw==3.8.11.1.post1 artifacts==20161022 bencode==1.0 binplist==0.1.5 bitstring==3.1.5 CFPropertyList==0.0.1 chardet==2.3.0 colorama==0.3.9 construct==2.5.3 coverage==4.4.1 cryptography==1.2.3 cybox==2.1.0.14 decorator==4.0.6 dfdatetime==20161101 dfvfs==20160108 dfwinreg==20160428 distorm3==3.3.4 dnspython==1.12.0 docopt==0.6.2 dpapick==0.3 dpkt==1.8 DSV==1.4.1 dumbnet==1.12 ecdsa==0.13 efilter==1!1.5 enum34==1.1.6 flowgrep==0.9 funcsigs==0.4 fuse-python==0.2.1 future==0.16.0 futures==3.0.5 hachoir-core==1.3.3 hachoir-metadata==1.3.3 hachoir-parser==1.3.4 haystack==0.42 hexdump==3.3 idna==2.0 ioc-writer==0.3.3 ipaddress==1.0.16 ipython==2.4.1 Jinja2==2.8 lxml==3.8.0 M2Crypto==0.26.0 Mako==1.0.3 MarkupSafe==0.23 mixbox==1.0.2 mock==1.3.0 msgpack-python==0.4.6 ndg-httpsclient==0.4.0 ntdsxtract==1.2b0 ordered-set==2.0.2 ordereddict==1.1 paramiko==1.16.0 pbr==1.8.0 pefile==2016.3.28 pexpect==4.0.1 pip==9.0.1 plaso==1.4.0 protobuf==2.6.1 psutil==4.3.1 ptyprocess==0.5 py==1.4.34 pyasn1==0.2.3 pycoin==0.77 pycrypto==2.6.1 pycurl==7.43.0 PyMySQL==0.7.2 pynids==0.6.1 pyOpenSSL==0.15.1 pyparsing==2.1.5 pyserial==3.0.1 PySocks==1.6.7 pytest==3.1.3 pytest-cov==2.5.1 python-apt==1.1.0b1 python-dateutil==2.5.3 python-evtx==0.6.0 python-magic==0.4.13 python-ptrace==0.9.2 python-registry==1.0.4 python-systemd==231 pytsk3==20160721 pytz==2016.6.1 PyYAML==3.11 pyzmq==16.0.0 requests==2.11.1 salt==2016.11.6 setuptools==36.0.1 simplegeneric==0.8.1 simplejson==3.11.1 six==1.10.0 stix==1.2.0.4 stix-validator==2.5.0 tornado==4.2.1 typing==3.6.1 unity-lens-photos==1.0 urllib3==1.13.1 virtualenv==15.0.1 volatility==2.6 weakrefmethod==1.0.3 wheel==0.29.0 wxPython==3.0.2.0 wxPython-common==3.0.2.0 xdot==0.6 xlrd==1.0.0 XlsxWriter==0.9.3 yara-python==3.6.3 [DEBUG ] stderr: The directory '/home/sansforensics/.cache/pip/http' or its parent directory is not owned by the current user and the cache has been disabled. Please check the permissions and owner of that directory. If executing pip with sudo, you may want sudo's -H flag. [DEBUG ] CLEANUP_REQUIREMENTS: [] [DEBUG ] TRY BLOCK: end of pip.install -- cmd: ['/usr/local/bin/pip2.7', 'install', 'unicodecsv'], cmd_kwargs: {'runas': None, 'use_vt': False, 'saltenv': 'base'} [INFO ] Executing command ['/usr/local/bin/pip2.7', 'install', 'unicodecsv'] in directory '/home/sansforensics' [DEBUG ] stdout: Collecting unicodecsv Downloading unicodecsv-0.14.1.tar.gz Installing collected packages: unicodecsv Running setup.py install for unicodecsv: started Running setup.py install for unicodecsv: finished with status 'done' Successfully installed unicodecsv-0.14.1 [DEBUG ] stderr: The directory '/home/sansforensics/.cache/pip/http' or its parent directory is not owned by the current user and the cache has been disabled. Please check the permissions and owner of that directory. If executing pip with sudo, you may want sudo's -H flag. The directory '/home/sansforensics/.cache/pip' or its parent directory is not owned by the current user and caching wheels has been disabled. check the permissions and owner of that directory. If executing pip with sudo, you may want sudo's -H flag. [INFO ] Executing command '/usr/local/bin/pip2.7 --version' in directory '/home/sansforensics' [DEBUG ] output: pip 9.0.1 from /usr/local/lib/python2.7/dist-packages (python 2.7) [INFO ] Executing command ['/usr/local/bin/pip2.7', 'freeze', '--all'] in directory '/home/sansforensics' [DEBUG ] stdout: adium-theme-ubuntu==0.3.4 analyzeMFT==2.0.19 apsw==3.8.11.1.post1 artifacts==20161022 bencode==1.0 binplist==0.1.5 bitstring==3.1.5 CFPropertyList==0.0.1 chardet==2.3.0 colorama==0.3.9 construct==2.5.3 coverage==4.4.1 cryptography==1.2.3 cybox==2.1.0.14 decorator==4.0.6 dfdatetime==20161101 dfvfs==20160108 dfwinreg==20160428 distorm3==3.3.4 dnspython==1.12.0 docopt==0.6.2 dpapick==0.3 dpkt==1.8 DSV==1.4.1 dumbnet==1.12 ecdsa==0.13 efilter==1!1.5 enum34==1.1.6 flowgrep==0.9 funcsigs==0.4 fuse-python==0.2.1 future==0.16.0 futures==3.0.5 hachoir-core==1.3.3 hachoir-metadata==1.3.3 hachoir-parser==1.3.4 haystack==0.42 hexdump==3.3 idna==2.0 ioc-writer==0.3.3 ipaddress==1.0.16 ipython==2.4.1 Jinja2==2.8 lxml==3.8.0 M2Crypto==0.26.0 Mako==1.0.3 MarkupSafe==0.23 mixbox==1.0.2 mock==1.3.0 msgpack-python==0.4.6 ndg-httpsclient==0.4.0 ntdsxtract==1.2b0 ordered-set==2.0.2 ordereddict==1.1 paramiko==1.16.0 pbr==1.8.0 pefile==2016.3.28 pexpect==4.0.1 pip==9.0.1 plaso==1.4.0 protobuf==2.6.1 psutil==4.3.1 ptyprocess==0.5 py==1.4.34 pyasn1==0.2.3 pycoin==0.77 pycrypto==2.6.1 pycurl==7.43.0 PyMySQL==0.7.2 pynids==0.6.1 pyOpenSSL==0.15.1 pyparsing==2.1.5 pyserial==3.0.1 PySocks==1.6.7 pytest==3.1.3 pytest-cov==2.5.1 python-apt==1.1.0b1 python-dateutil==2.5.3 python-evtx==0.6.0 python-magic==0.4.13 python-ptrace==0.9.2 python-registry==1.0.4 python-systemd==231 pytsk3==20160721 pytz==2016.6.1 PyYAML==3.11 pyzmq==16.0.0 requests==2.11.1 salt==2016.11.6 setuptools==36.0.1 simplegeneric==0.8.1 simplejson==3.11.1 six==1.10.0 stix==1.2.0.4 stix-validator==2.5.0 tornado==4.2.1 typing==3.6.1 unicodecsv==0.14.1 unity-lens-photos==1.0 urllib3==1.13.1 virtualenv==15.0.1 volatility==2.6 weakrefmethod==1.0.3 wheel==0.29.0 wxPython==3.0.2.0 wxPython-common==3.0.2.0 xdot==0.6 xlrd==1.0.0 XlsxWriter==0.9.3 yara-python==3.6.3 [DEBUG ] stderr: The directory '/home/sansforensics/.cache/pip/http' or its parent directory is not owned by the current user and the cache has been disabled. Please check the permissions and owner of that directory. If executing pip with sudo, you may want sudo's -H flag. [INFO ] {'unicodecsv==0.14.1': 'Installed'} [INFO ] Completed state [unicodecsv] at time 13:43:56.031116 duration_in_ms=2777.455 [INFO ] Running state [usnparser] at time 13:43:56.033759 [INFO ] Executing state pip.installed for usnparser [DEBUG ] Installed pip version: 8.1.1 [INFO ] Executing command '/usr/local/bin/pip2.7 --version' in directory '/home/sansforensics' [DEBUG ] output: pip 9.0.1 from /usr/local/lib/python2.7/dist-packages (python 2.7) [INFO ] Executing command ['/usr/local/bin/pip2.7', 'freeze', '--all'] in directory '/home/sansforensics' [DEBUG ] stdout: adium-theme-ubuntu==0.3.4 analyzeMFT==2.0.19 apsw==3.8.11.1.post1 artifacts==20161022 bencode==1.0 binplist==0.1.5 bitstring==3.1.5 CFPropertyList==0.0.1 chardet==2.3.0 colorama==0.3.9 construct==2.5.3 coverage==4.4.1 cryptography==1.2.3 cybox==2.1.0.14 decorator==4.0.6 dfdatetime==20161101 dfvfs==20160108 dfwinreg==20160428 distorm3==3.3.4 dnspython==1.12.0 docopt==0.6.2 dpapick==0.3 dpkt==1.8 DSV==1.4.1 dumbnet==1.12 ecdsa==0.13 efilter==1!1.5 enum34==1.1.6 flowgrep==0.9 funcsigs==0.4 fuse-python==0.2.1 future==0.16.0 futures==3.0.5 hachoir-core==1.3.3 hachoir-metadata==1.3.3 hachoir-parser==1.3.4 haystack==0.42 hexdump==3.3 idna==2.0 ioc-writer==0.3.3 ipaddress==1.0.16 ipython==2.4.1 Jinja2==2.8 lxml==3.8.0 M2Crypto==0.26.0 Mako==1.0.3 MarkupSafe==0.23 mixbox==1.0.2 mock==1.3.0 msgpack-python==0.4.6 ndg-httpsclient==0.4.0 ntdsxtract==1.2b0 ordered-set==2.0.2 ordereddict==1.1 paramiko==1.16.0 pbr==1.8.0 pefile==2016.3.28 pexpect==4.0.1 pip==9.0.1 plaso==1.4.0 protobuf==2.6.1 psutil==4.3.1 ptyprocess==0.5 py==1.4.34 pyasn1==0.2.3 pycoin==0.77 pycrypto==2.6.1 pycurl==7.43.0 PyMySQL==0.7.2 pynids==0.6.1 pyOpenSSL==0.15.1 pyparsing==2.1.5 pyserial==3.0.1 PySocks==1.6.7 pytest==3.1.3 pytest-cov==2.5.1 python-apt==1.1.0b1 python-dateutil==2.5.3 python-evtx==0.6.0 python-magic==0.4.13 python-ptrace==0.9.2 python-registry==1.0.4 python-systemd==231 pytsk3==20160721 pytz==2016.6.1 PyYAML==3.11 pyzmq==16.0.0 requests==2.11.1 salt==2016.11.6 setuptools==36.0.1 simplegeneric==0.8.1 simplejson==3.11.1 six==1.10.0 stix==1.2.0.4 stix-validator==2.5.0 tornado==4.2.1 typing==3.6.1 unicodecsv==0.14.1 unity-lens-photos==1.0 urllib3==1.13.1 virtualenv==15.0.1 volatility==2.6 weakrefmethod==1.0.3 wheel==0.29.0 wxPython==3.0.2.0 wxPython-common==3.0.2.0 xdot==0.6 xlrd==1.0.0 XlsxWriter==0.9.3 yara-python==3.6.3 [DEBUG ] stderr: The directory '/home/sansforensics/.cache/pip/http' or its parent directory is not owned by the current user and the cache has been disabled. Please check the permissions and owner of that directory. If executing pip with sudo, you may want sudo's -H flag. [DEBUG ] CLEANUP_REQUIREMENTS: [] [DEBUG ] TRY BLOCK: end of pip.install -- cmd: ['/usr/local/bin/pip2.7', 'install', 'usnparser'], cmd_kwargs: {'runas': None, 'use_vt': False, 'saltenv': 'base'} [INFO ] Executing command ['/usr/local/bin/pip2.7', 'install', 'usnparser'] in directory '/home/sansforensics' [DEBUG ] stdout: Collecting usnparser Downloading usnparser-4.0.3.tar.gz Installing collected packages: usnparser Running setup.py install for usnparser: started Running setup.py install for usnparser: finished with status 'done' Successfully installed usnparser-4.0.3 [DEBUG ] stderr: The directory '/home/sansforensics/.cache/pip/http' or its parent directory is not owned by the current user and the cache has been disabled. Please check the permissions and owner of that directory. If executing pip with sudo, you may want sudo's -H flag. The directory '/home/sansforensics/.cache/pip' or its parent directory is not owned by the current user and caching wheels has been disabled. check the permissions and owner of that directory. If executing pip with sudo, you may want sudo's -H flag. [INFO ] Executing command '/usr/local/bin/pip2.7 --version' in directory '/home/sansforensics' [DEBUG ] output: pip 9.0.1 from /usr/local/lib/python2.7/dist-packages (python 2.7) [INFO ] Executing command ['/usr/local/bin/pip2.7', 'freeze', '--all'] in directory '/home/sansforensics' [DEBUG ] stdout: adium-theme-ubuntu==0.3.4 analyzeMFT==2.0.19 apsw==3.8.11.1.post1 artifacts==20161022 bencode==1.0 binplist==0.1.5 bitstring==3.1.5 CFPropertyList==0.0.1 chardet==2.3.0 colorama==0.3.9 construct==2.5.3 coverage==4.4.1 cryptography==1.2.3 cybox==2.1.0.14 decorator==4.0.6 dfdatetime==20161101 dfvfs==20160108 dfwinreg==20160428 distorm3==3.3.4 dnspython==1.12.0 docopt==0.6.2 dpapick==0.3 dpkt==1.8 DSV==1.4.1 dumbnet==1.12 ecdsa==0.13 efilter==1!1.5 enum34==1.1.6 flowgrep==0.9 funcsigs==0.4 fuse-python==0.2.1 future==0.16.0 futures==3.0.5 hachoir-core==1.3.3 hachoir-metadata==1.3.3 hachoir-parser==1.3.4 haystack==0.42 hexdump==3.3 idna==2.0 ioc-writer==0.3.3 ipaddress==1.0.16 ipython==2.4.1 Jinja2==2.8 lxml==3.8.0 M2Crypto==0.26.0 Mako==1.0.3 MarkupSafe==0.23 mixbox==1.0.2 mock==1.3.0 msgpack-python==0.4.6 ndg-httpsclient==0.4.0 ntdsxtract==1.2b0 ordered-set==2.0.2 ordereddict==1.1 paramiko==1.16.0 pbr==1.8.0 pefile==2016.3.28 pexpect==4.0.1 pip==9.0.1 plaso==1.4.0 protobuf==2.6.1 psutil==4.3.1 ptyprocess==0.5 py==1.4.34 pyasn1==0.2.3 pycoin==0.77 pycrypto==2.6.1 pycurl==7.43.0 PyMySQL==0.7.2 pynids==0.6.1 pyOpenSSL==0.15.1 pyparsing==2.1.5 pyserial==3.0.1 PySocks==1.6.7 pytest==3.1.3 pytest-cov==2.5.1 python-apt==1.1.0b1 python-dateutil==2.5.3 python-evtx==0.6.0 python-magic==0.4.13 python-ptrace==0.9.2 python-registry==1.0.4 python-systemd==231 pytsk3==20160721 pytz==2016.6.1 PyYAML==3.11 pyzmq==16.0.0 requests==2.11.1 salt==2016.11.6 setuptools==36.0.1 simplegeneric==0.8.1 simplejson==3.11.1 six==1.10.0 stix==1.2.0.4 stix-validator==2.5.0 tornado==4.2.1 typing==3.6.1 unicodecsv==0.14.1 unity-lens-photos==1.0 urllib3==1.13.1 usnparser==4.0.3 virtualenv==15.0.1 volatility==2.6 weakrefmethod==1.0.3 wheel==0.29.0 wxPython==3.0.2.0 wxPython-common==3.0.2.0 xdot==0.6 xlrd==1.0.0 XlsxWriter==0.9.3 yara-python==3.6.3 [DEBUG ] stderr: The directory '/home/sansforensics/.cache/pip/http' or its parent directory is not owned by the current user and the cache has been disabled. Please check the permissions and owner of that directory. If executing pip with sudo, you may want sudo's -H flag. [INFO ] {'usnparser==4.0.3': 'Installed'} [INFO ] Completed state [usnparser] at time 13:43:58.927971 duration_in_ms=2894.21 [INFO ] Running state [windowsprefetch] at time 13:43:58.930137 [INFO ] Executing state pip.installed for windowsprefetch [DEBUG ] Installed pip version: 8.1.1 [INFO ] Executing command '/usr/local/bin/pip2.7 --version' in directory '/home/sansforensics' [DEBUG ] output: pip 9.0.1 from /usr/local/lib/python2.7/dist-packages (python 2.7) [INFO ] Executing command ['/usr/local/bin/pip2.7', 'freeze', '--all'] in directory '/home/sansforensics' [DEBUG ] stdout: adium-theme-ubuntu==0.3.4 analyzeMFT==2.0.19 apsw==3.8.11.1.post1 artifacts==20161022 bencode==1.0 binplist==0.1.5 bitstring==3.1.5 CFPropertyList==0.0.1 chardet==2.3.0 colorama==0.3.9 construct==2.5.3 coverage==4.4.1 cryptography==1.2.3 cybox==2.1.0.14 decorator==4.0.6 dfdatetime==20161101 dfvfs==20160108 dfwinreg==20160428 distorm3==3.3.4 dnspython==1.12.0 docopt==0.6.2 dpapick==0.3 dpkt==1.8 DSV==1.4.1 dumbnet==1.12 ecdsa==0.13 efilter==1!1.5 enum34==1.1.6 flowgrep==0.9 funcsigs==0.4 fuse-python==0.2.1 future==0.16.0 futures==3.0.5 hachoir-core==1.3.3 hachoir-metadata==1.3.3 hachoir-parser==1.3.4 haystack==0.42 hexdump==3.3 idna==2.0 ioc-writer==0.3.3 ipaddress==1.0.16 ipython==2.4.1 Jinja2==2.8 lxml==3.8.0 M2Crypto==0.26.0 Mako==1.0.3 MarkupSafe==0.23 mixbox==1.0.2 mock==1.3.0 msgpack-python==0.4.6 ndg-httpsclient==0.4.0 ntdsxtract==1.2b0 ordered-set==2.0.2 ordereddict==1.1 paramiko==1.16.0 pbr==1.8.0 pefile==2016.3.28 pexpect==4.0.1 pip==9.0.1 plaso==1.4.0 protobuf==2.6.1 psutil==4.3.1 ptyprocess==0.5 py==1.4.34 pyasn1==0.2.3 pycoin==0.77 pycrypto==2.6.1 pycurl==7.43.0 PyMySQL==0.7.2 pynids==0.6.1 pyOpenSSL==0.15.1 pyparsing==2.1.5 pyserial==3.0.1 PySocks==1.6.7 pytest==3.1.3 pytest-cov==2.5.1 python-apt==1.1.0b1 python-dateutil==2.5.3 python-evtx==0.6.0 python-magic==0.4.13 python-ptrace==0.9.2 python-registry==1.0.4 python-systemd==231 pytsk3==20160721 pytz==2016.6.1 PyYAML==3.11 pyzmq==16.0.0 requests==2.11.1 salt==2016.11.6 setuptools==36.0.1 simplegeneric==0.8.1 simplejson==3.11.1 six==1.10.0 stix==1.2.0.4 stix-validator==2.5.0 tornado==4.2.1 typing==3.6.1 unicodecsv==0.14.1 unity-lens-photos==1.0 urllib3==1.13.1 usnparser==4.0.3 virtualenv==15.0.1 volatility==2.6 weakrefmethod==1.0.3 wheel==0.29.0 wxPython==3.0.2.0 wxPython-common==3.0.2.0 xdot==0.6 xlrd==1.0.0 XlsxWriter==0.9.3 yara-python==3.6.3 [DEBUG ] stderr: The directory '/home/sansforensics/.cache/pip/http' or its parent directory is not owned by the current user and the cache has been disabled. Please check the permissions and owner of that directory. If executing pip with sudo, you may want sudo's -H flag. [DEBUG ] CLEANUP_REQUIREMENTS: [] [DEBUG ] TRY BLOCK: end of pip.install -- cmd: ['/usr/local/bin/pip2.7', 'install', 'windowsprefetch'], cmd_kwargs: {'runas': None, 'use_vt': False, 'saltenv': 'base'} [INFO ] Executing command ['/usr/local/bin/pip2.7', 'install', 'windowsprefetch'] in directory '/home/sansforensics' [DEBUG ] stdout: Collecting windowsprefetch Downloading windowsprefetch-3.0.5.tar.gz Installing collected packages: windowsprefetch Running setup.py install for windowsprefetch: started Running setup.py install for windowsprefetch: finished with status 'done' Successfully installed windowsprefetch-3.0.5 [DEBUG ] stderr: The directory '/home/sansforensics/.cache/pip/http' or its parent directory is not owned by the current user and the cache has been disabled. Please check the permissions and owner of that directory. If executing pip with sudo, you may want sudo's -H flag. The directory '/home/sansforensics/.cache/pip' or its parent directory is not owned by the current user and caching wheels has been disabled. check the permissions and owner of that directory. If executing pip with sudo, you may want sudo's -H flag. [INFO ] Executing command '/usr/local/bin/pip2.7 --version' in directory '/home/sansforensics' [DEBUG ] output: pip 9.0.1 from /usr/local/lib/python2.7/dist-packages (python 2.7) [INFO ] Executing command ['/usr/local/bin/pip2.7', 'freeze', '--all'] in directory '/home/sansforensics' [DEBUG ] stdout: adium-theme-ubuntu==0.3.4 analyzeMFT==2.0.19 apsw==3.8.11.1.post1 artifacts==20161022 bencode==1.0 binplist==0.1.5 bitstring==3.1.5 CFPropertyList==0.0.1 chardet==2.3.0 colorama==0.3.9 construct==2.5.3 coverage==4.4.1 cryptography==1.2.3 cybox==2.1.0.14 decorator==4.0.6 dfdatetime==20161101 dfvfs==20160108 dfwinreg==20160428 distorm3==3.3.4 dnspython==1.12.0 docopt==0.6.2 dpapick==0.3 dpkt==1.8 DSV==1.4.1 dumbnet==1.12 ecdsa==0.13 efilter==1!1.5 enum34==1.1.6 flowgrep==0.9 funcsigs==0.4 fuse-python==0.2.1 future==0.16.0 futures==3.0.5 hachoir-core==1.3.3 hachoir-metadata==1.3.3 hachoir-parser==1.3.4 haystack==0.42 hexdump==3.3 idna==2.0 ioc-writer==0.3.3 ipaddress==1.0.16 ipython==2.4.1 Jinja2==2.8 lxml==3.8.0 M2Crypto==0.26.0 Mako==1.0.3 MarkupSafe==0.23 mixbox==1.0.2 mock==1.3.0 msgpack-python==0.4.6 ndg-httpsclient==0.4.0 ntdsxtract==1.2b0 ordered-set==2.0.2 ordereddict==1.1 paramiko==1.16.0 pbr==1.8.0 pefile==2016.3.28 pexpect==4.0.1 pip==9.0.1 plaso==1.4.0 protobuf==2.6.1 psutil==4.3.1 ptyprocess==0.5 py==1.4.34 pyasn1==0.2.3 pycoin==0.77 pycrypto==2.6.1 pycurl==7.43.0 PyMySQL==0.7.2 pynids==0.6.1 pyOpenSSL==0.15.1 pyparsing==2.1.5 pyserial==3.0.1 PySocks==1.6.7 pytest==3.1.3 pytest-cov==2.5.1 python-apt==1.1.0b1 python-dateutil==2.5.3 python-evtx==0.6.0 python-magic==0.4.13 python-ptrace==0.9.2 python-registry==1.0.4 python-systemd==231 pytsk3==20160721 pytz==2016.6.1 PyYAML==3.11 pyzmq==16.0.0 requests==2.11.1 salt==2016.11.6 setuptools==36.0.1 simplegeneric==0.8.1 simplejson==3.11.1 six==1.10.0 stix==1.2.0.4 stix-validator==2.5.0 tornado==4.2.1 typing==3.6.1 unicodecsv==0.14.1 unity-lens-photos==1.0 urllib3==1.13.1 usnparser==4.0.3 virtualenv==15.0.1 volatility==2.6 weakrefmethod==1.0.3 wheel==0.29.0 windowsprefetch==3.0.5 wxPython==3.0.2.0 wxPython-common==3.0.2.0 xdot==0.6 xlrd==1.0.0 XlsxWriter==0.9.3 yara-python==3.6.3 [DEBUG ] stderr: The directory '/home/sansforensics/.cache/pip/http' or its parent directory is not owned by the current user and the cache has been disabled. Please check the permissions and owner of that directory. If executing pip with sudo, you may want sudo's -H flag. [INFO ] {'windowsprefetch==3.0.5': 'Installed'} [INFO ] Completed state [windowsprefetch] at time 13:44:01.955681 duration_in_ms=3025.542 [DEBUG ] LazyLoaded archive.extracted [INFO ] Running state [/usr/local/src/densityscout/densityscout_build_45_linux] at time 13:44:01.986906 [INFO ] Executing state archive.extracted for /usr/local/src/densityscout/densityscout_build_45_linux [DEBUG ] LazyLoaded file.managed [DEBUG ] Requesting URL http://cert.at/static/downloads/software/densityscout/densityscout_build_45_linux.zip using GET method [DEBUG ] file.managed: {'comment': 'File /var/cache/salt/minion/files/base/_static_downloads_software_densityscout_densityscout_build_45_linux.zip updated', 'pchanges': {}, 'changes': {'diff': 'New file', 'mode': '0644'}, 'name': '/var/cache/salt/minion/files/base/_static_downloads_software_densityscout_densityscout_build_45_linux.zip', 'result': True} [DEBUG ] Checking http://cert.at/static/downloads/software/densityscout/densityscout_build_45_linux.zip to see if it is password-protected [DEBUG ] Creating directory: /usr/local/src/densityscout [DEBUG ] Creating directory: /usr/local/src/densityscout/densityscout_build_45_linux [DEBUG ] Extracting /var/cache/salt/minion/files/base/_static_downloads_software_densityscout_densityscout_build_45_linux.zip to /usr/local/src/densityscout/densityscout_build_45_linux/ [DEBUG ] Cleaning cached source file /var/cache/salt/minion/files/base/_static_downloads_software_densityscout_densityscout_build_45_linux.zip [DEBUG ] Cleaning cached source file /var/cache/salt/minion/extrn_files/base/cert.at/static/downloads/software/densityscout/densityscout_build_45_linux.zip [INFO ] {'extracted_files': ['license.txt', 'lin32/densityscout', 'lin64/densityscout'], 'directories_created': ['/usr/local/src/densityscout/densityscout_build_45_linux/']} [INFO ] Completed state [/usr/local/src/densityscout/densityscout_build_45_linux] at time 13:44:04.600995 duration_in_ms=2614.088 [INFO ] Running state [/usr/local/bin/densityscout-build-45] at time 13:44:04.605139 [INFO ] Executing state file.copy for /usr/local/bin/densityscout-build-45 [INFO ] {'/usr/local/bin/densityscout-build-45': '/usr/local/src/densityscout/densityscout_build_45_linux/lin64/densityscout', 'mode': '0755'} [INFO ] Completed state [/usr/local/bin/densityscout-build-45] at time 13:44:04.606995 duration_in_ms=1.856 [INFO ] Running state [/usr/local/bin/densityscout] at time 13:44:04.610583 [INFO ] Executing state file.symlink for /usr/local/bin/densityscout [INFO ] {'new': '/usr/local/bin/densityscout'} [DEBUG ] Refreshing modules... [INFO ] Loading fresh modules for state activity [DEBUG ] LazyLoaded jinja.render [DEBUG ] LazyLoaded yaml.render [INFO ] Completed state [/usr/local/bin/densityscout] at time 13:44:04.645950 duration_in_ms=35.369 [DEBUG ] LazyLoaded config.option [DEBUG ] LazyLoaded file.managed [INFO ] Running state [/usr/local/bin/sift] at time 13:44:04.647959 [INFO ] Executing state file.managed for /usr/local/bin/sift [DEBUG ] LazyLoaded file.source_list [DEBUG ] LazyLoaded cp.is_cached [DEBUG ] Requesting URL https://github.com/sans-dfir/sift-cli/releases/download/v1.5.1/sift-cli-linux using GET method [INFO ] File /usr/local/bin/sift is in the correct state [INFO ] Completed state [/usr/local/bin/sift] at time 13:46:14.729455 duration_in_ms=130081.495 [DEBUG ] LazyLoaded test.nop [INFO ] Running state [sift-tools] at time 13:46:14.735914 [INFO ] Executing state test.nop for sift-tools [INFO ] Success! [INFO ] Completed state [sift-tools] at time 13:46:14.736588 duration_in_ms=0.675 [DEBUG ] LazyLoaded git.version [DEBUG ] LazyLoaded git.latest [INFO ] Running state [https://github.com/cheeky4n6monkey/4n6-scripts.git] at time 13:46:14.747031 [INFO ] Executing state git.latest for https://github.com/cheeky4n6monkey/4n6-scripts.git [INFO ] Checking remote revision for https://github.com/cheeky4n6monkey/4n6-scripts.git [DEBUG ] LazyLoaded cmd.run_all [INFO ] Executing command ['git', 'ls-remote', 'https://github.com/cheeky4n6monkey/4n6-scripts.git'] as user 'root' in directory '/root' mesg: ttyname failed: Inappropriate ioctl for device [DEBUG ] stdout: 16b1f33831d979ba7c57bc229e997c0ac760603c HEAD 16b1f33831d979ba7c57bc229e997c0ac760603c refs/heads/master 15d4884838e40a41ae2dc046e46cf9e823f65156 refs/pull/1/head [INFO ] Executing command ['git', 'rev-parse', '--show-toplevel'] as user 'root' in directory '/usr/local/src/4n6-scripts' mesg: ttyname failed: Inappropriate ioctl for device [DEBUG ] Target /usr/local/src/4n6-scripts is not found, 'git clone' is required [INFO ] Executing command ['git', 'clone', '--', 'https://github.com/cheeky4n6monkey/4n6-scripts.git', '/usr/local/src/4n6-scripts'] as user 'root' in directory '/tmp' mesg: ttyname failed: Inappropriate ioctl for device [DEBUG ] stderr: Cloning into '/usr/local/src/4n6-scripts'... [INFO ] Checking local revision for /usr/local/src/4n6-scripts [INFO ] Executing command ['git', 'rev-parse', 'HEAD'] as user 'root' in directory '/usr/local/src/4n6-scripts' mesg: ttyname failed: Inappropriate ioctl for device [DEBUG ] stdout: 16b1f33831d979ba7c57bc229e997c0ac760603c [INFO ] Checking local branch for /usr/local/src/4n6-scripts [INFO ] Executing command ['git', 'rev-parse', '--abbrev-ref', 'HEAD'] as user 'root' in directory '/usr/local/src/4n6-scripts' mesg: ttyname failed: Inappropriate ioctl for device [DEBUG ] stdout: master [INFO ] Executing command ['git', 'rev-parse', '--abbrev-ref', 'master@{upstream}'] as user 'root' in directory '/usr/local/src/4n6-scripts' mesg: ttyname failed: Inappropriate ioctl for device [DEBUG ] stdout: origin/master [INFO ] Executing command ['git', 'rev-parse', 'HEAD'] as user 'root' in directory '/usr/local/src/4n6-scripts' mesg: ttyname failed: Inappropriate ioctl for device [DEBUG ] stdout: 16b1f33831d979ba7c57bc229e997c0ac760603c [INFO ] https://github.com/cheeky4n6monkey/4n6-scripts.git cloned to /usr/local/src/4n6-scripts [INFO ] {'new': 'https://github.com/cheeky4n6monkey/4n6-scripts.git => /usr/local/src/4n6-scripts', 'revision': {'new': '16b1f33831d979ba7c57bc229e997c0ac760603c', 'old': None}} [INFO ] Completed state [https://github.com/cheeky4n6monkey/4n6-scripts.git] at time 13:46:17.180226 duration_in_ms=2433.194 [DEBUG ] LazyLoaded composer.install [DEBUG ] Module DSC: Only available on Windows systems [DEBUG ] Module PSGet: Only available on Windows systems [DEBUG ] Could not LazyLoad cyg.list: 'cyg' __virtual__ returned False: Module cyg: module only works on Windows systems. [DEBUG ] LazyLoaded postgres.datadir_init [DEBUG ] LazyLoaded postgres.privileges_grant [DEBUG ] LazyLoaded postgres.create_extension [DEBUG ] LazyLoaded zabbix.host_create [DEBUG ] LazyLoaded dockerng.version [DEBUG ] LazyLoaded win_dns_client.add_dns [DEBUG ] LazyLoaded rdp.enable [DEBUG ] LazyLoaded boto_iam.get_user [DEBUG ] LazyLoaded makeconf.get_var [DEBUG ] LazyLoaded boto_sns.exists [DEBUG ] LazyLoaded memcached.status [DEBUG ] Could not LazyLoad docker.version: 'docker.version' is not available. [DEBUG ] Could not LazyLoad influxdb.db_exists: 'influxdb.db_exists' is not available. [DEBUG ] LazyLoaded win_dacl.add_ace [DEBUG ] Could not LazyLoad influxdb08.db_exists: 'influxdb08.db_exists' is not available. [DEBUG ] LazyLoaded boto_rds.exists [DEBUG ] LazyLoaded kapacitor.version [DEBUG ] LazyLoaded boto_elasticsearch_domain.exists [DEBUG ] LazyLoaded boto_lambda.function_exists [DEBUG ] LazyLoaded boto_asg.exists [DEBUG ] LazyLoaded chocolatey.install [DEBUG ] LazyLoaded quota.report [DEBUG ] LazyLoaded boto_datapipeline.create_pipeline [DEBUG ] LazyLoaded tomcat.status [DEBUG ] LazyLoaded splunk.list_users [DEBUG ] LazyLoaded bower.list [DEBUG ] LazyLoaded boto_vpc.exists [DEBUG ] Could not LazyLoad influxdb08.db_exists: 'influxdb08.db_exists' is not available. [DEBUG ] LazyLoaded postgres.group_create [DEBUG ] LazyLoaded boto_elb.exists [DEBUG ] LazyLoaded zk_concurrency.lock [DEBUG ] LazyLoaded win_snmp.get_agent_settings [DEBUG ] LazyLoaded boto_secgroup.exists [DEBUG ] LazyLoaded zabbix.user_create [DEBUG ] LazyLoaded xmpp.send_msg [DEBUG ] LazyLoaded zabbix.usergroup_create [DEBUG ] LazyLoaded postgres.language_create [DEBUG ] LazyLoaded npm.list [DEBUG ] LazyLoaded splunk_search.get [DEBUG ] LazyLoaded portage_config.get_missing_flags [DEBUG ] LazyLoaded openvswitch.bridge_create [DEBUG ] LazyLoaded win_iis.create_site [DEBUG ] LazyLoaded boto_s3_bucket.exists [DEBUG ] Could not LazyLoad lgpo.set: 'lgpo.set' is not available. [DEBUG ] LazyLoaded postgres.schema_exists [DEBUG ] LazyLoaded boto_dynamodb.exists [DEBUG ] LazyLoaded boto_cloudwatch.get_alarm [DEBUG ] LazyLoaded snapper.diff [DEBUG ] Could not LazyLoad augeas.execute: 'augeas.execute' is not available. [DEBUG ] Could not LazyLoad influxdb.db_exists: 'influxdb.db_exists' is not available. [DEBUG ] LazyLoaded nftables.version [DEBUG ] LazyLoaded github.list_users [DEBUG ] LazyLoaded boto_asg.exists [DEBUG ] LazyLoaded boto_cfn.exists [DEBUG ] LazyLoaded boto_elasticache.exists [DEBUG ] LazyLoaded stormpath.create_account [DEBUG ] LazyLoaded boto_cognitoidentity.describe_identity_pools [DEBUG ] LazyLoaded win_pki.get_stores [DEBUG ] Could not LazyLoad vmadm.create: 'vmadm.create' is not available. [DEBUG ] LazyLoaded keystone.auth [DEBUG ] LazyLoaded pecl.list [DEBUG ] LazyLoaded ifttt.trigger_event [DEBUG ] LazyLoaded boto_iam.role_exists [DEBUG ] LazyLoaded win_path.rehash [DEBUG ] LazyLoaded win_servermanager.install [DEBUG ] LazyLoaded chassis.cmd [DEBUG ] LazyLoaded layman.add [DEBUG ] Could not LazyLoad firewall.get_config: 'firewall.get_config' is not available. [DEBUG ] LazyLoaded mongodb.user_exists [DEBUG ] LazyLoaded monit.summary [DEBUG ] LazyLoaded postgres.user_exists [DEBUG ] LazyLoaded trafficserver.set_config [DEBUG ] LazyLoaded chef.client [DEBUG ] LazyLoaded acme.cert [DEBUG ] LazyLoaded boto_sqs.exists [DEBUG ] LazyLoaded boto_route53.get_record [DEBUG ] LazyLoaded eselect.exec_action [DEBUG ] LazyLoaded virt.node_info [DEBUG ] LazyLoaded boto_kms.describe_key [DEBUG ] Could not LazyLoad elasticsearch.exists: 'elasticsearch.exists' is not available. [DEBUG ] LazyLoaded postgres.cluster_exists [DEBUG ] LazyLoaded lvs.get_rules [DEBUG ] LazyLoaded at.at [DEBUG ] LazyLoaded boto_cloudtrail.exists [DEBUG ] LazyLoaded victorops.create_event [DEBUG ] LazyLoaded postgres.user_exists [DEBUG ] Could not LazyLoad redis.set_key: 'redis.set_key' is not available. [DEBUG ] LazyLoaded boto_ec2.get_key [DEBUG ] LazyLoaded zabbix.hostgroup_create [DEBUG ] LazyLoaded boto_iot.policy_exists [DEBUG ] LazyLoaded boto_cloudwatch_event.exists [DEBUG ] LazyLoaded esxi.cmd [DEBUG ] LazyLoaded win_smtp_server.get_server_setting [DEBUG ] LazyLoaded reg.read_value [DEBUG ] LazyLoaded zpool.create [DEBUG ] LazyLoaded openvswitch.port_add [DEBUG ] LazyLoaded lvs.get_rules [DEBUG ] LazyLoaded boto_apigateway.describe_apis [DEBUG ] LazyLoaded glusterfs.list_volumes [DEBUG ] LazyLoaded postgres.tablespace_exists [DEBUG ] LazyLoaded ipset.version [DEBUG ] LazyLoaded cisconso.set_data_value [DEBUG ] LazyLoaded selinux.getenforce [DEBUG ] LazyLoaded nxos.cmd [DEBUG ] Could not LazyLoad file.mod_watch: 'file.mod_watch' is not available. [INFO ] Running state [/usr/local/bin/WP8_AppPerms.py] at time 13:46:17.681324 [INFO ] Executing state file.copy for /usr/local/bin/WP8_AppPerms.py [INFO ] {'/usr/local/bin/WP8_AppPerms.py': '/usr/local/src/4n6-scripts/WP8_AppPerms.py'} [INFO ] Completed state [/usr/local/bin/WP8_AppPerms.py] at time 13:46:17.683850 duration_in_ms=2.526 [DEBUG ] Could not LazyLoad file.mod_watch: 'file.mod_watch' is not available. [INFO ] Running state [/usr/local/bin/bing-bar-parser.pl] at time 13:46:17.690819 [INFO ] Executing state file.copy for /usr/local/bin/bing-bar-parser.pl [INFO ] {'/usr/local/bin/bing-bar-parser.pl': '/usr/local/src/4n6-scripts/bing-bar-parser.pl'} [INFO ] Completed state [/usr/local/bin/bing-bar-parser.pl] at time 13:46:17.693229 duration_in_ms=2.411 [DEBUG ] Could not LazyLoad file.mod_watch: 'file.mod_watch' is not available. [INFO ] Running state [/usr/local/bin/chunkymonkey.py] at time 13:46:17.699697 [INFO ] Executing state file.copy for /usr/local/bin/chunkymonkey.py [INFO ] {'/usr/local/bin/chunkymonkey.py': '/usr/local/src/4n6-scripts/chunkymonkey.py'} [INFO ] Completed state [/usr/local/bin/chunkymonkey.py] at time 13:46:17.701435 duration_in_ms=1.738 [DEBUG ] Could not LazyLoad file.mod_watch: 'file.mod_watch' is not available. [INFO ] Running state [/usr/local/bin/dextract.def] at time 13:46:17.707860 [INFO ] Executing state file.copy for /usr/local/bin/dextract.def [INFO ] {'/usr/local/bin/dextract.def': '/usr/local/src/4n6-scripts/dextract.def'} [INFO ] Completed state [/usr/local/bin/dextract.def] at time 13:46:17.709688 duration_in_ms=1.827 [DEBUG ] Could not LazyLoad file.mod_watch: 'file.mod_watch' is not available. [INFO ] Running state [/usr/local/bin/dextract.py] at time 13:46:17.717804 [INFO ] Executing state file.copy for /usr/local/bin/dextract.py [INFO ] {'/usr/local/bin/dextract.py': '/usr/local/src/4n6-scripts/dextract.py'} [INFO ] Completed state [/usr/local/bin/dextract.py] at time 13:46:17.721105 duration_in_ms=3.301 [DEBUG ] Could not LazyLoad file.mod_watch: 'file.mod_watch' is not available. [INFO ] Running state [/usr/local/bin/docx-font-extractor.pl] at time 13:46:17.728453 [INFO ] Executing state file.copy for /usr/local/bin/docx-font-extractor.pl [INFO ] {'/usr/local/bin/docx-font-extractor.pl': '/usr/local/src/4n6-scripts/docx-font-extractor.pl'} [INFO ] Completed state [/usr/local/bin/docx-font-extractor.pl] at time 13:46:17.730571 duration_in_ms=2.118 [DEBUG ] Could not LazyLoad file.mod_watch: 'file.mod_watch' is not available. [INFO ] Running state [/usr/local/bin/exif2map.pl] at time 13:46:17.737347 [INFO ] Executing state file.copy for /usr/local/bin/exif2map.pl [INFO ] {'/usr/local/bin/exif2map.pl': '/usr/local/src/4n6-scripts/exif2map.pl'} [INFO ] Completed state [/usr/local/bin/exif2map.pl] at time 13:46:17.740712 duration_in_ms=3.365 [DEBUG ] Could not LazyLoad file.mod_watch: 'file.mod_watch' is not available. [INFO ] Running state [/usr/local/bin/fbmsg-extractor.py] at time 13:46:17.747294 [INFO ] Executing state file.copy for /usr/local/bin/fbmsg-extractor.py [INFO ] {'/usr/local/bin/fbmsg-extractor.py': '/usr/local/src/4n6-scripts/fbmsg-extractor.py'} [INFO ] Completed state [/usr/local/bin/fbmsg-extractor.py] at time 13:46:17.749850 duration_in_ms=2.556 [DEBUG ] Could not LazyLoad file.mod_watch: 'file.mod_watch' is not available. [INFO ] Running state [/usr/local/bin/gis4cookie.pl] at time 13:46:17.754912 [INFO ] Executing state file.copy for /usr/local/bin/gis4cookie.pl [INFO ] {'/usr/local/bin/gis4cookie.pl': '/usr/local/src/4n6-scripts/gis4cookie.pl'} [INFO ] Completed state [/usr/local/bin/gis4cookie.pl] at time 13:46:17.757077 duration_in_ms=2.164 [DEBUG ] Could not LazyLoad file.mod_watch: 'file.mod_watch' is not available. [INFO ] Running state [/usr/local/bin/google-ei-time.py] at time 13:46:17.765023 [INFO ] Executing state file.copy for /usr/local/bin/google-ei-time.py [INFO ] {'/usr/local/bin/google-ei-time.py': '/usr/local/src/4n6-scripts/google-ei-time.py'} [INFO ] Completed state [/usr/local/bin/google-ei-time.py] at time 13:46:17.767854 duration_in_ms=2.831 [DEBUG ] Could not LazyLoad file.mod_watch: 'file.mod_watch' is not available. [INFO ] Running state [/usr/local/bin/imgcache-parse-mod.py] at time 13:46:17.776442 [INFO ] Executing state file.copy for /usr/local/bin/imgcache-parse-mod.py [INFO ] {'/usr/local/bin/imgcache-parse-mod.py': '/usr/local/src/4n6-scripts/imgcache-parse-mod.py'} [INFO ] Completed state [/usr/local/bin/imgcache-parse-mod.py] at time 13:46:17.778998 duration_in_ms=2.557 [DEBUG ] Could not LazyLoad file.mod_watch: 'file.mod_watch' is not available. [INFO ] Running state [/usr/local/bin/imgcache-parse.py] at time 13:46:17.786444 [INFO ] Executing state file.copy for /usr/local/bin/imgcache-parse.py [INFO ] {'/usr/local/bin/imgcache-parse.py': '/usr/local/src/4n6-scripts/imgcache-parse.py'} [INFO ] Completed state [/usr/local/bin/imgcache-parse.py] at time 13:46:17.788503 duration_in_ms=2.059 [DEBUG ] Could not LazyLoad file.mod_watch: 'file.mod_watch' is not available. [INFO ] Running state [/usr/local/bin/json-printer.pl] at time 13:46:17.795759 [INFO ] Executing state file.copy for /usr/local/bin/json-printer.pl [INFO ] {'/usr/local/bin/json-printer.pl': '/usr/local/src/4n6-scripts/json-printer.pl'} [INFO ] Completed state [/usr/local/bin/json-printer.pl] at time 13:46:17.797257 duration_in_ms=1.499 [DEBUG ] Could not LazyLoad file.mod_watch: 'file.mod_watch' is not available. [INFO ] Running state [/usr/local/bin/msoffice-pic-extractor.py] at time 13:46:17.804068 [INFO ] Executing state file.copy for /usr/local/bin/msoffice-pic-extractor.py [INFO ] {'/usr/local/bin/msoffice-pic-extractor.py': '/usr/local/src/4n6-scripts/msoffice-pic-extractor.py'} [INFO ] Completed state [/usr/local/bin/msoffice-pic-extractor.py] at time 13:46:17.806949 duration_in_ms=2.882 [DEBUG ] Could not LazyLoad file.mod_watch: 'file.mod_watch' is not available. [INFO ] Running state [/usr/local/bin/plist2db.py] at time 13:46:17.816470 [INFO ] Executing state file.copy for /usr/local/bin/plist2db.py [INFO ] {'/usr/local/bin/plist2db.py': '/usr/local/src/4n6-scripts/plist2db.py'} [INFO ] Completed state [/usr/local/bin/plist2db.py] at time 13:46:17.818345 duration_in_ms=1.876 [DEBUG ] Could not LazyLoad file.mod_watch: 'file.mod_watch' is not available. [INFO ] Running state [/usr/local/bin/print_apk_perms.py] at time 13:46:17.825141 [INFO ] Executing state file.copy for /usr/local/bin/print_apk_perms.py [INFO ] {'/usr/local/bin/print_apk_perms.py': '/usr/local/src/4n6-scripts/print_apk_perms.py'} [INFO ] Completed state [/usr/local/bin/print_apk_perms.py] at time 13:46:17.828116 duration_in_ms=2.975 [DEBUG ] Could not LazyLoad file.mod_watch: 'file.mod_watch' is not available. [INFO ] Running state [/usr/local/bin/s2-cellid2latlong.py] at time 13:46:17.834524 [INFO ] Executing state file.copy for /usr/local/bin/s2-cellid2latlong.py [INFO ] {'/usr/local/bin/s2-cellid2latlong.py': '/usr/local/src/4n6-scripts/s2-cellid2latlong.py'} [INFO ] Completed state [/usr/local/bin/s2-cellid2latlong.py] at time 13:46:17.836709 duration_in_ms=2.185 [DEBUG ] Could not LazyLoad file.mod_watch: 'file.mod_watch' is not available. [INFO ] Running state [/usr/local/bin/s2-latlong2cellid.py] at time 13:46:17.844695 [INFO ] Executing state file.copy for /usr/local/bin/s2-latlong2cellid.py [INFO ] {'/usr/local/bin/s2-latlong2cellid.py': '/usr/local/src/4n6-scripts/s2-latlong2cellid.py'} [INFO ] Completed state [/usr/local/bin/s2-latlong2cellid.py] at time 13:46:17.846199 duration_in_ms=1.505 [DEBUG ] Could not LazyLoad file.mod_watch: 'file.mod_watch' is not available. [INFO ] Running state [/usr/local/bin/sms-grep-sample-config.txt] at time 13:46:17.851974 [INFO ] Executing state file.copy for /usr/local/bin/sms-grep-sample-config.txt [INFO ] {'/usr/local/bin/sms-grep-sample-config.txt': '/usr/local/src/4n6-scripts/sms-grep-sample-config.txt'} [INFO ] Completed state [/usr/local/bin/sms-grep-sample-config.txt] at time 13:46:17.854399 duration_in_ms=2.44 [DEBUG ] Could not LazyLoad file.mod_watch: 'file.mod_watch' is not available. [INFO ] Running state [/usr/local/bin/sms-grep.pl] at time 13:46:17.864192 [INFO ] Executing state file.copy for /usr/local/bin/sms-grep.pl [INFO ] {'/usr/local/bin/sms-grep.pl': '/usr/local/src/4n6-scripts/sms-grep.pl'} [INFO ] Completed state [/usr/local/bin/sms-grep.pl] at time 13:46:17.867151 duration_in_ms=2.969 [DEBUG ] Could not LazyLoad file.mod_watch: 'file.mod_watch' is not available. [INFO ] Running state [/usr/local/bin/sqlite-base64-decode.py] at time 13:46:17.874415 [INFO ] Executing state file.copy for /usr/local/bin/sqlite-base64-decode.py [INFO ] {'/usr/local/bin/sqlite-base64-decode.py': '/usr/local/src/4n6-scripts/sqlite-base64-decode.py'} [INFO ] Completed state [/usr/local/bin/sqlite-base64-decode.py] at time 13:46:17.877202 duration_in_ms=2.788 [DEBUG ] Could not LazyLoad file.mod_watch: 'file.mod_watch' is not available. [INFO ] Running state [/usr/local/bin/sqlite-blob-dumper.py] at time 13:46:17.885109 [INFO ] Executing state file.copy for /usr/local/bin/sqlite-blob-dumper.py [INFO ] {'/usr/local/bin/sqlite-blob-dumper.py': '/usr/local/src/4n6-scripts/sqlite-blob-dumper.py'} [INFO ] Completed state [/usr/local/bin/sqlite-blob-dumper.py] at time 13:46:17.887375 duration_in_ms=2.267 [DEBUG ] Could not LazyLoad file.mod_watch: 'file.mod_watch' is not available. [INFO ] Running state [/usr/local/bin/sqlite-parser.pl] at time 13:46:17.895085 [INFO ] Executing state file.copy for /usr/local/bin/sqlite-parser.pl [INFO ] {'/usr/local/bin/sqlite-parser.pl': '/usr/local/src/4n6-scripts/sqlite-parser.pl'} [INFO ] Completed state [/usr/local/bin/sqlite-parser.pl] at time 13:46:17.896416 duration_in_ms=1.331 [DEBUG ] Could not LazyLoad file.mod_watch: 'file.mod_watch' is not available. [INFO ] Running state [/usr/local/bin/squirrelgripper-README.txt] at time 13:46:17.901487 [INFO ] Executing state file.copy for /usr/local/bin/squirrelgripper-README.txt [INFO ] {'/usr/local/bin/squirrelgripper-README.txt': '/usr/local/src/4n6-scripts/squirrelgripper-README.txt'} [INFO ] Completed state [/usr/local/bin/squirrelgripper-README.txt] at time 13:46:17.904168 duration_in_ms=2.68 [DEBUG ] Could not LazyLoad file.mod_watch: 'file.mod_watch' is not available. [INFO ] Running state [/usr/local/bin/squirrelgripper.pl] at time 13:46:17.911743 [INFO ] Executing state file.copy for /usr/local/bin/squirrelgripper.pl [INFO ] {'/usr/local/bin/squirrelgripper.pl': '/usr/local/src/4n6-scripts/squirrelgripper.pl'} [INFO ] Completed state [/usr/local/bin/squirrelgripper.pl] at time 13:46:17.914278 duration_in_ms=2.535 [DEBUG ] Could not LazyLoad file.mod_watch: 'file.mod_watch' is not available. [INFO ] Running state [/usr/local/bin/timediff32.pl] at time 13:46:17.924348 [INFO ] Executing state file.copy for /usr/local/bin/timediff32.pl [INFO ] {'/usr/local/bin/timediff32.pl': '/usr/local/src/4n6-scripts/timediff32.pl'} [INFO ] Completed state [/usr/local/bin/timediff32.pl] at time 13:46:17.927117 duration_in_ms=2.77 [DEBUG ] Could not LazyLoad file.mod_watch: 'file.mod_watch' is not available. [INFO ] Running state [/usr/local/bin/vmail-db-2-html.pl] at time 13:46:17.935246 [INFO ] Executing state file.copy for /usr/local/bin/vmail-db-2-html.pl [INFO ] {'/usr/local/bin/vmail-db-2-html.pl': '/usr/local/src/4n6-scripts/vmail-db-2-html.pl'} [INFO ] Completed state [/usr/local/bin/vmail-db-2-html.pl] at time 13:46:17.936726 duration_in_ms=1.48 [DEBUG ] Could not LazyLoad file.mod_watch: 'file.mod_watch' is not available. [INFO ] Running state [/usr/local/bin/wp8-1-callhistory.py] at time 13:46:17.944198 [INFO ] Executing state file.copy for /usr/local/bin/wp8-1-callhistory.py [INFO ] {'/usr/local/bin/wp8-1-callhistory.py': '/usr/local/src/4n6-scripts/wp8-1-callhistory.py'} [INFO ] Completed state [/usr/local/bin/wp8-1-callhistory.py] at time 13:46:17.946326 duration_in_ms=2.129 [DEBUG ] Could not LazyLoad file.mod_watch: 'file.mod_watch' is not available. [INFO ] Running state [/usr/local/bin/wp8-1-contacts.py] at time 13:46:17.951497 [INFO ] Executing state file.copy for /usr/local/bin/wp8-1-contacts.py [INFO ] {'/usr/local/bin/wp8-1-contacts.py': '/usr/local/src/4n6-scripts/wp8-1-contacts.py'} [INFO ] Completed state [/usr/local/bin/wp8-1-contacts.py] at time 13:46:17.954465 duration_in_ms=2.969 [DEBUG ] Could not LazyLoad file.mod_watch: 'file.mod_watch' is not available. [INFO ] Running state [/usr/local/bin/wp8-1-mms-filesort.py] at time 13:46:17.962170 [INFO ] Executing state file.copy for /usr/local/bin/wp8-1-mms-filesort.py [INFO ] {'/usr/local/bin/wp8-1-mms-filesort.py': '/usr/local/src/4n6-scripts/wp8-1-mms-filesort.py'} [INFO ] Completed state [/usr/local/bin/wp8-1-mms-filesort.py] at time 13:46:17.964886 duration_in_ms=2.717 [DEBUG ] Could not LazyLoad file.mod_watch: 'file.mod_watch' is not available. [INFO ] Running state [/usr/local/bin/wp8-1-mms.py] at time 13:46:17.970880 [INFO ] Executing state file.copy for /usr/local/bin/wp8-1-mms.py [INFO ] {'/usr/local/bin/wp8-1-mms.py': '/usr/local/src/4n6-scripts/wp8-1-mms.py'} [INFO ] Completed state [/usr/local/bin/wp8-1-mms.py] at time 13:46:17.973059 duration_in_ms=2.179 [DEBUG ] Could not LazyLoad file.mod_watch: 'file.mod_watch' is not available. [INFO ] Running state [/usr/local/bin/wp8-1-sms.py] at time 13:46:17.979360 [INFO ] Executing state file.copy for /usr/local/bin/wp8-1-sms.py [INFO ] {'/usr/local/bin/wp8-1-sms.py': '/usr/local/src/4n6-scripts/wp8-1-sms.py'} [INFO ] Completed state [/usr/local/bin/wp8-1-sms.py] at time 13:46:17.980892 duration_in_ms=1.533 [DEBUG ] Could not LazyLoad file.mod_watch: 'file.mod_watch' is not available. [INFO ] Running state [/usr/local/bin/wp8-callhistory.py] at time 13:46:17.987793 [INFO ] Executing state file.copy for /usr/local/bin/wp8-callhistory.py [INFO ] {'/usr/local/bin/wp8-callhistory.py': '/usr/local/src/4n6-scripts/wp8-callhistory.py'} [INFO ] Completed state [/usr/local/bin/wp8-callhistory.py] at time 13:46:17.989987 duration_in_ms=2.194 [DEBUG ] Could not LazyLoad file.mod_watch: 'file.mod_watch' is not available. [INFO ] Running state [/usr/local/bin/wp8-contacts.py] at time 13:46:17.995546 [INFO ] Executing state file.copy for /usr/local/bin/wp8-contacts.py [INFO ] {'/usr/local/bin/wp8-contacts.py': '/usr/local/src/4n6-scripts/wp8-contacts.py'} [INFO ] Completed state [/usr/local/bin/wp8-contacts.py] at time 13:46:17.998228 duration_in_ms=2.681 [DEBUG ] Could not LazyLoad file.mod_watch: 'file.mod_watch' is not available. [INFO ] Running state [/usr/local/bin/wp8-fb-msg.py] at time 13:46:18.006415 [INFO ] Executing state file.copy for /usr/local/bin/wp8-fb-msg.py [INFO ] {'/usr/local/bin/wp8-fb-msg.py': '/usr/local/src/4n6-scripts/wp8-fb-msg.py'} [INFO ] Completed state [/usr/local/bin/wp8-fb-msg.py] at time 13:46:18.009491 duration_in_ms=3.076 [DEBUG ] Could not LazyLoad file.mod_watch: 'file.mod_watch' is not available. [INFO ] Running state [/usr/local/bin/wp8-sha256-pin-finder.py] at time 13:46:18.015710 [INFO ] Executing state file.copy for /usr/local/bin/wp8-sha256-pin-finder.py [INFO ] {'/usr/local/bin/wp8-sha256-pin-finder.py': '/usr/local/src/4n6-scripts/wp8-sha256-pin-finder.py'} [INFO ] Completed state [/usr/local/bin/wp8-sha256-pin-finder.py] at time 13:46:18.017486 duration_in_ms=1.775 [DEBUG ] Could not LazyLoad file.mod_watch: 'file.mod_watch' is not available. [INFO ] Running state [/usr/local/bin/wp8-sms.py] at time 13:46:18.027880 [INFO ] Executing state file.copy for /usr/local/bin/wp8-sms.py [INFO ] {'/usr/local/bin/wp8-sms.py': '/usr/local/src/4n6-scripts/wp8-sms.py'} [INFO ] Completed state [/usr/local/bin/wp8-sms.py] at time 13:46:18.029894 duration_in_ms=2.016 [DEBUG ] Could not LazyLoad file.mod_watch: 'file.mod_watch' is not available. [INFO ] Running state [/usr/local/bin/wwf-chat-parser.py] at time 13:46:18.034814 [INFO ] Executing state file.copy for /usr/local/bin/wwf-chat-parser.py [INFO ] {'/usr/local/bin/wwf-chat-parser.py': '/usr/local/src/4n6-scripts/wwf-chat-parser.py'} [INFO ] Completed state [/usr/local/bin/wwf-chat-parser.py] at time 13:46:18.036425 duration_in_ms=1.611 [INFO ] Running state [/usr/local/bin/amcache.py] at time 13:46:18.036585 [INFO ] Executing state file.managed for /usr/local/bin/amcache.py [DEBUG ] Requesting URL https://raw.githubusercontent.com/williballenthin/python-registry/1a669eada6f7933798751e0cf482a9eb654c739b/samples/amcache.py using GET method [INFO ] File changed: New file [DEBUG ] Refreshing modules... [INFO ] Loading fresh modules for state activity [DEBUG ] LazyLoaded jinja.render [DEBUG ] LazyLoaded yaml.render [INFO ] Completed state [/usr/local/bin/amcache.py] at time 13:46:18.286761 duration_in_ms=250.175 [DEBUG ] LazyLoaded config.option [DEBUG ] LazyLoaded file.replace [DEBUG ] LazyLoaded composer.install [DEBUG ] Module DSC: Only available on Windows systems [DEBUG ] Module PSGet: Only available on Windows systems [DEBUG ] Could not LazyLoad cyg.list: 'cyg' __virtual__ returned False: Module cyg: module only works on Windows systems. [DEBUG ] LazyLoaded postgres.datadir_init [DEBUG ] LazyLoaded postgres.privileges_grant [DEBUG ] LazyLoaded postgres.create_extension [DEBUG ] LazyLoaded zabbix.host_create [DEBUG ] LazyLoaded dockerng.version [DEBUG ] LazyLoaded win_dns_client.add_dns [DEBUG ] LazyLoaded rdp.enable [DEBUG ] LazyLoaded boto_iam.get_user [DEBUG ] LazyLoaded makeconf.get_var [DEBUG ] LazyLoaded boto_sns.exists [DEBUG ] LazyLoaded memcached.status [DEBUG ] Could not LazyLoad docker.version: 'docker.version' is not available. [DEBUG ] Could not LazyLoad influxdb.db_exists: 'influxdb.db_exists' is not available. [DEBUG ] LazyLoaded win_dacl.add_ace [DEBUG ] Could not LazyLoad influxdb08.db_exists: 'influxdb08.db_exists' is not available. [DEBUG ] LazyLoaded boto_rds.exists [DEBUG ] LazyLoaded kapacitor.version [DEBUG ] LazyLoaded boto_elasticsearch_domain.exists [DEBUG ] LazyLoaded boto_lambda.function_exists [DEBUG ] LazyLoaded boto_asg.exists [DEBUG ] LazyLoaded chocolatey.install [DEBUG ] LazyLoaded quota.report [DEBUG ] LazyLoaded boto_datapipeline.create_pipeline [DEBUG ] LazyLoaded tomcat.status [DEBUG ] LazyLoaded splunk.list_users [DEBUG ] LazyLoaded bower.list [DEBUG ] LazyLoaded boto_vpc.exists [DEBUG ] Could not LazyLoad influxdb08.db_exists: 'influxdb08.db_exists' is not available. [DEBUG ] LazyLoaded postgres.group_create [DEBUG ] LazyLoaded boto_elb.exists [DEBUG ] LazyLoaded zk_concurrency.lock [DEBUG ] LazyLoaded win_snmp.get_agent_settings [DEBUG ] LazyLoaded boto_secgroup.exists [DEBUG ] LazyLoaded zabbix.user_create [DEBUG ] LazyLoaded xmpp.send_msg [DEBUG ] LazyLoaded zabbix.usergroup_create [DEBUG ] LazyLoaded postgres.language_create [DEBUG ] LazyLoaded npm.list [DEBUG ] LazyLoaded splunk_search.get [DEBUG ] LazyLoaded portage_config.get_missing_flags [DEBUG ] LazyLoaded openvswitch.bridge_create [DEBUG ] LazyLoaded win_iis.create_site [DEBUG ] LazyLoaded boto_s3_bucket.exists [DEBUG ] Could not LazyLoad lgpo.set: 'lgpo.set' is not available. [DEBUG ] LazyLoaded postgres.schema_exists [DEBUG ] LazyLoaded boto_dynamodb.exists [DEBUG ] LazyLoaded boto_cloudwatch.get_alarm [DEBUG ] LazyLoaded snapper.diff [DEBUG ] Could not LazyLoad augeas.execute: 'augeas.execute' is not available. [DEBUG ] Could not LazyLoad influxdb.db_exists: 'influxdb.db_exists' is not available. [DEBUG ] LazyLoaded nftables.version [DEBUG ] LazyLoaded github.list_users [DEBUG ] LazyLoaded boto_asg.exists [DEBUG ] LazyLoaded boto_cfn.exists [DEBUG ] LazyLoaded boto_elasticache.exists [DEBUG ] LazyLoaded stormpath.create_account [DEBUG ] LazyLoaded boto_cognitoidentity.describe_identity_pools [DEBUG ] LazyLoaded win_pki.get_stores [DEBUG ] Could not LazyLoad vmadm.create: 'vmadm.create' is not available. [DEBUG ] LazyLoaded keystone.auth [DEBUG ] LazyLoaded pecl.list [DEBUG ] LazyLoaded ifttt.trigger_event [DEBUG ] LazyLoaded boto_iam.role_exists [DEBUG ] LazyLoaded win_path.rehash [DEBUG ] LazyLoaded win_servermanager.install [DEBUG ] LazyLoaded chassis.cmd [DEBUG ] LazyLoaded layman.add [DEBUG ] Could not LazyLoad firewall.get_config: 'firewall.get_config' is not available. [DEBUG ] LazyLoaded mongodb.user_exists [DEBUG ] LazyLoaded monit.summary [DEBUG ] LazyLoaded postgres.user_exists [DEBUG ] LazyLoaded trafficserver.set_config [DEBUG ] LazyLoaded chef.client [DEBUG ] LazyLoaded acme.cert [DEBUG ] LazyLoaded boto_sqs.exists [DEBUG ] LazyLoaded boto_route53.get_record [DEBUG ] LazyLoaded eselect.exec_action [DEBUG ] LazyLoaded virt.node_info [DEBUG ] LazyLoaded boto_kms.describe_key [DEBUG ] Could not LazyLoad elasticsearch.exists: 'elasticsearch.exists' is not available. [DEBUG ] LazyLoaded postgres.cluster_exists [DEBUG ] LazyLoaded lvs.get_rules [DEBUG ] LazyLoaded at.at [DEBUG ] LazyLoaded boto_cloudtrail.exists [DEBUG ] LazyLoaded victorops.create_event [DEBUG ] LazyLoaded postgres.user_exists [DEBUG ] Could not LazyLoad redis.set_key: 'redis.set_key' is not available. [DEBUG ] LazyLoaded boto_ec2.get_key [DEBUG ] LazyLoaded zabbix.hostgroup_create [DEBUG ] LazyLoaded boto_iot.policy_exists [DEBUG ] LazyLoaded boto_cloudwatch_event.exists [DEBUG ] LazyLoaded esxi.cmd [DEBUG ] LazyLoaded win_smtp_server.get_server_setting [DEBUG ] LazyLoaded reg.read_value [DEBUG ] LazyLoaded zpool.create [DEBUG ] LazyLoaded openvswitch.port_add [DEBUG ] LazyLoaded lvs.get_rules [DEBUG ] LazyLoaded boto_apigateway.describe_apis [DEBUG ] LazyLoaded glusterfs.list_volumes [DEBUG ] LazyLoaded postgres.tablespace_exists [DEBUG ] LazyLoaded ipset.version [DEBUG ] LazyLoaded cisconso.set_data_value [DEBUG ] LazyLoaded selinux.getenforce [DEBUG ] LazyLoaded nxos.cmd [DEBUG ] Could not LazyLoad file.mod_watch: 'file.mod_watch' is not available. [INFO ] Running state [/usr/local/bin/amcache.py] at time 13:46:18.811554 [INFO ] Executing state file.replace for /usr/local/bin/amcache.py [INFO ] File changed: --- +++ @@ -1,4 +1,4 @@ -#!/usr/bin/python +#!/usr/bin/env python # This file is part of python-registry. # # Copyright 2015 Will Ballenthin [INFO ] Completed state [/usr/local/bin/amcache.py] at time 13:46:18.817525 duration_in_ms=5.972 [INFO ] Running state [/usr/local/bin/dump-mft-entry.pl] at time 13:46:18.817847 [INFO ] Executing state file.managed for /usr/local/bin/dump-mft-entry.pl [DEBUG ] Requesting URL https://raw.githubusercontent.com/superponible/DFIR/ee681a07a0c32a5ccaea788cd7d012d19872f181/dump_mft_entry.pl using GET method [INFO ] File changed: New file [INFO ] Completed state [/usr/local/bin/dump-mft-entry.pl] at time 13:46:19.044501 duration_in_ms=226.653 [DEBUG ] Could not LazyLoad file.mod_watch: 'file.mod_watch' is not available. [INFO ] Running state [/usr/local/bin/dump-mft-entry.pl] at time 13:46:19.051566 [INFO ] Executing state file.replace for /usr/local/bin/dump-mft-entry.pl [INFO ] File changed: --- +++ @@ -1,4 +1,4 @@ -#!/usr/bin/perl +#!/usr/bin/env perl #------------------------------ #dump_mft_entry.pl [INFO ] Completed state [/usr/local/bin/dump-mft-entry.pl] at time 13:46:19.054181 duration_in_ms=2.615 [INFO ] Running state [/usr/local/bin/imageMounter.py] at time 13:46:19.054468 [INFO ] Executing state file.managed for /usr/local/bin/imageMounter.py [DEBUG ] Requesting URL https://raw.githubusercontent.com/kevthehermit/Scripts/master/imageMounter.py using GET method [INFO ] File changed: New file [DEBUG ] Refreshing modules... [INFO ] Loading fresh modules for state activity [DEBUG ] LazyLoaded jinja.render [DEBUG ] LazyLoaded yaml.render [INFO ] Completed state [/usr/local/bin/imageMounter.py] at time 13:46:19.301574 duration_in_ms=247.105 [DEBUG ] LazyLoaded config.option [DEBUG ] LazyLoaded file.managed [INFO ] Running state [/usr/local/bin/idx_parser.py] at time 13:46:19.303534 [INFO ] Executing state file.managed for /usr/local/bin/idx_parser.py [DEBUG ] LazyLoaded file.source_list [DEBUG ] LazyLoaded cp.is_cached [DEBUG ] Requesting URL https://raw.githubusercontent.com/Rurik/Java_IDX_Parser/master/idx_parser.py using GET method [INFO ] File changed: New file [DEBUG ] Refreshing modules... [INFO ] Loading fresh modules for state activity [DEBUG ] LazyLoaded jinja.render [DEBUG ] LazyLoaded yaml.render [INFO ] Completed state [/usr/local/bin/idx_parser.py] at time 13:46:19.555084 duration_in_ms=251.55 [DEBUG ] LazyLoaded config.option [DEBUG ] LazyLoaded file.managed [INFO ] Running state [/usr/local/bin/jobparser.py] at time 13:46:19.558392 [INFO ] Executing state file.managed for /usr/local/bin/jobparser.py [DEBUG ] LazyLoaded file.source_list [DEBUG ] LazyLoaded cp.is_cached [DEBUG ] Requesting URL https://raw.githubusercontent.com/gleeda/misc-scripts/03a0d9126359c6b4b0b508062d3422bea9b69036/misc_python/jobparser.py using GET method [INFO ] File changed: New file [DEBUG ] Refreshing modules... [INFO ] Loading fresh modules for state activity [DEBUG ] LazyLoaded jinja.render [DEBUG ] LazyLoaded yaml.render [INFO ] Completed state [/usr/local/bin/jobparser.py] at time 13:46:19.828948 duration_in_ms=270.555 [DEBUG ] LazyLoaded config.option [DEBUG ] LazyLoaded git.version [DEBUG ] LazyLoaded git.latest [INFO ] Running state [https://github.com/keydet89/Tools.git] at time 13:46:19.836828 [INFO ] Executing state git.latest for https://github.com/keydet89/Tools.git [INFO ] Checking remote revision for https://github.com/keydet89/Tools.git [DEBUG ] LazyLoaded cmd.run_all [INFO ] Executing command ['git', 'ls-remote', 'https://github.com/keydet89/Tools.git'] as user 'root' in directory '/root' mesg: ttyname failed: Inappropriate ioctl for device [DEBUG ] stdout: 031d06d13189fdb8bd24b75585951b1b5b33aa56 HEAD 031d06d13189fdb8bd24b75585951b1b5b33aa56 refs/heads/master [INFO ] Executing command ['git', 'rev-parse', '--show-toplevel'] as user 'root' in directory '/usr/local/src/keydet-tools' mesg: ttyname failed: Inappropriate ioctl for device [DEBUG ] Target /usr/local/src/keydet-tools is not found, 'git clone' is required [INFO ] Executing command ['git', 'clone', '--', 'https://github.com/keydet89/Tools.git', '/usr/local/src/keydet-tools'] as user 'root' in directory '/tmp' mesg: ttyname failed: Inappropriate ioctl for device [DEBUG ] stderr: Cloning into '/usr/local/src/keydet-tools'... [INFO ] Checking local revision for /usr/local/src/keydet-tools [INFO ] Executing command ['git', 'rev-parse', 'HEAD'] as user 'root' in directory '/usr/local/src/keydet-tools' mesg: ttyname failed: Inappropriate ioctl for device [DEBUG ] stdout: 031d06d13189fdb8bd24b75585951b1b5b33aa56 [INFO ] Checking local branch for /usr/local/src/keydet-tools [INFO ] Executing command ['git', 'rev-parse', '--abbrev-ref', 'HEAD'] as user 'root' in directory '/usr/local/src/keydet-tools' mesg: ttyname failed: Inappropriate ioctl for device [DEBUG ] stdout: master [INFO ] Executing command ['git', 'rev-parse', '--abbrev-ref', 'master@{upstream}'] as user 'root' in directory '/usr/local/src/keydet-tools' mesg: ttyname failed: Inappropriate ioctl for device [DEBUG ] stdout: origin/master [INFO ] Executing command ['git', 'rev-parse', 'HEAD'] as user 'root' in directory '/usr/local/src/keydet-tools' mesg: ttyname failed: Inappropriate ioctl for device [DEBUG ] stdout: 031d06d13189fdb8bd24b75585951b1b5b33aa56 [INFO ] https://github.com/keydet89/Tools.git cloned to /usr/local/src/keydet-tools [INFO ] {'new': 'https://github.com/keydet89/Tools.git => /usr/local/src/keydet-tools', 'revision': {'new': '031d06d13189fdb8bd24b75585951b1b5b33aa56', 'old': None}} [INFO ] Completed state [https://github.com/keydet89/Tools.git] at time 13:46:23.430214 duration_in_ms=3593.385 [DEBUG ] LazyLoaded file.copy [DEBUG ] LazyLoaded composer.install [DEBUG ] Module DSC: Only available on Windows systems [DEBUG ] Module PSGet: Only available on Windows systems [DEBUG ] Could not LazyLoad cyg.list: 'cyg' __virtual__ returned False: Module cyg: module only works on Windows systems. [DEBUG ] LazyLoaded postgres.datadir_init [DEBUG ] LazyLoaded postgres.privileges_grant [DEBUG ] LazyLoaded postgres.create_extension [DEBUG ] LazyLoaded zabbix.host_create [DEBUG ] LazyLoaded dockerng.version [DEBUG ] LazyLoaded win_dns_client.add_dns [DEBUG ] LazyLoaded rdp.enable [DEBUG ] LazyLoaded boto_iam.get_user [DEBUG ] LazyLoaded makeconf.get_var [DEBUG ] LazyLoaded boto_sns.exists [DEBUG ] LazyLoaded memcached.status [DEBUG ] Could not LazyLoad docker.version: 'docker.version' is not available. [DEBUG ] Could not LazyLoad influxdb.db_exists: 'influxdb.db_exists' is not available. [DEBUG ] LazyLoaded win_dacl.add_ace [DEBUG ] Could not LazyLoad influxdb08.db_exists: 'influxdb08.db_exists' is not available. [DEBUG ] LazyLoaded boto_rds.exists [DEBUG ] LazyLoaded kapacitor.version [DEBUG ] LazyLoaded boto_elasticsearch_domain.exists [DEBUG ] LazyLoaded boto_lambda.function_exists [DEBUG ] LazyLoaded boto_asg.exists [DEBUG ] LazyLoaded chocolatey.install [DEBUG ] LazyLoaded quota.report [DEBUG ] LazyLoaded boto_datapipeline.create_pipeline [DEBUG ] LazyLoaded tomcat.status [DEBUG ] LazyLoaded splunk.list_users [DEBUG ] LazyLoaded bower.list [DEBUG ] LazyLoaded boto_vpc.exists [DEBUG ] Could not LazyLoad influxdb08.db_exists: 'influxdb08.db_exists' is not available. [DEBUG ] LazyLoaded postgres.group_create [DEBUG ] LazyLoaded boto_elb.exists [DEBUG ] LazyLoaded zk_concurrency.lock [DEBUG ] LazyLoaded win_snmp.get_agent_settings [DEBUG ] LazyLoaded boto_secgroup.exists [DEBUG ] LazyLoaded zabbix.user_create [DEBUG ] LazyLoaded xmpp.send_msg [DEBUG ] LazyLoaded zabbix.usergroup_create [DEBUG ] LazyLoaded postgres.language_create [DEBUG ] LazyLoaded npm.list [DEBUG ] LazyLoaded splunk_search.get [DEBUG ] LazyLoaded portage_config.get_missing_flags [DEBUG ] LazyLoaded openvswitch.bridge_create [DEBUG ] LazyLoaded win_iis.create_site [DEBUG ] LazyLoaded boto_s3_bucket.exists [DEBUG ] Could not LazyLoad lgpo.set: 'lgpo.set' is not available. [DEBUG ] LazyLoaded postgres.schema_exists [DEBUG ] LazyLoaded boto_dynamodb.exists [DEBUG ] LazyLoaded boto_cloudwatch.get_alarm [DEBUG ] LazyLoaded snapper.diff [DEBUG ] Could not LazyLoad augeas.execute: 'augeas.execute' is not available. [DEBUG ] Could not LazyLoad influxdb.db_exists: 'influxdb.db_exists' is not available. [DEBUG ] LazyLoaded nftables.version [DEBUG ] LazyLoaded github.list_users [DEBUG ] LazyLoaded boto_asg.exists [DEBUG ] LazyLoaded boto_cfn.exists [DEBUG ] LazyLoaded boto_elasticache.exists [DEBUG ] LazyLoaded stormpath.create_account [DEBUG ] LazyLoaded boto_cognitoidentity.describe_identity_pools [DEBUG ] LazyLoaded win_pki.get_stores [DEBUG ] Could not LazyLoad vmadm.create: 'vmadm.create' is not available. [DEBUG ] LazyLoaded keystone.auth [DEBUG ] LazyLoaded pecl.list [DEBUG ] LazyLoaded ifttt.trigger_event [DEBUG ] LazyLoaded boto_iam.role_exists [DEBUG ] LazyLoaded win_path.rehash [DEBUG ] LazyLoaded win_servermanager.install [DEBUG ] LazyLoaded chassis.cmd [DEBUG ] LazyLoaded layman.add [DEBUG ] Could not LazyLoad firewall.get_config: 'firewall.get_config' is not available. [DEBUG ] LazyLoaded mongodb.user_exists [DEBUG ] LazyLoaded monit.summary [DEBUG ] LazyLoaded postgres.user_exists [DEBUG ] LazyLoaded trafficserver.set_config [DEBUG ] LazyLoaded chef.client [DEBUG ] LazyLoaded acme.cert [DEBUG ] LazyLoaded boto_sqs.exists [DEBUG ] LazyLoaded boto_route53.get_record [DEBUG ] LazyLoaded eselect.exec_action [DEBUG ] LazyLoaded virt.node_info [DEBUG ] LazyLoaded boto_kms.describe_key [DEBUG ] Could not LazyLoad elasticsearch.exists: 'elasticsearch.exists' is not available. [DEBUG ] LazyLoaded postgres.cluster_exists [DEBUG ] LazyLoaded lvs.get_rules [DEBUG ] LazyLoaded at.at [DEBUG ] LazyLoaded boto_cloudtrail.exists [DEBUG ] LazyLoaded victorops.create_event [DEBUG ] LazyLoaded postgres.user_exists [DEBUG ] Could not LazyLoad redis.set_key: 'redis.set_key' is not available. [DEBUG ] LazyLoaded boto_ec2.get_key [DEBUG ] LazyLoaded zabbix.hostgroup_create [DEBUG ] LazyLoaded boto_iot.policy_exists [DEBUG ] LazyLoaded boto_cloudwatch_event.exists [DEBUG ] LazyLoaded esxi.cmd [DEBUG ] LazyLoaded win_smtp_server.get_server_setting [DEBUG ] LazyLoaded reg.read_value [DEBUG ] LazyLoaded zpool.create [DEBUG ] LazyLoaded openvswitch.port_add [DEBUG ] LazyLoaded lvs.get_rules [DEBUG ] LazyLoaded boto_apigateway.describe_apis [DEBUG ] LazyLoaded glusterfs.list_volumes [DEBUG ] LazyLoaded postgres.tablespace_exists [DEBUG ] LazyLoaded ipset.version [DEBUG ] LazyLoaded cisconso.set_data_value [DEBUG ] LazyLoaded selinux.getenforce [DEBUG ] LazyLoaded nxos.cmd [DEBUG ] Could not LazyLoad file.mod_watch: 'file.mod_watch' is not available. [INFO ] Running state [/usr/local/bin/bodyfile.pl] at time 13:46:23.835581 [INFO ] Executing state file.copy for /usr/local/bin/bodyfile.pl [INFO ] {'/usr/local/bin/bodyfile.pl': '/usr/local/src/keydet-tools/source/bodyfile.pl'} [INFO ] Completed state [/usr/local/bin/bodyfile.pl] at time 13:46:23.836945 duration_in_ms=1.364 [DEBUG ] Could not LazyLoad file.mod_watch: 'file.mod_watch' is not available. [INFO ] Running state [/usr/local/bin/bodyfile.pl] at time 13:46:23.840736 [INFO ] Executing state file.replace for /usr/local/bin/bodyfile.pl [INFO ] File changed: --- +++ @@ -1,4 +1,4 @@ -#! c:\perl\bin\perl.exe +#!/usr/bin/env perl #----------------------------------------------------------- # open a file produced by the output of TSK's fls.exe, and # translate it into the 5 field timeline format [INFO ] Completed state [/usr/local/bin/bodyfile.pl] at time 13:46:23.842594 duration_in_ms=1.858 [DEBUG ] Could not LazyLoad file.mod_watch: 'file.mod_watch' is not available. [INFO ] Running state [/usr/local/bin/evtparse.pl] at time 13:46:23.846270 [INFO ] Executing state file.copy for /usr/local/bin/evtparse.pl [INFO ] {'/usr/local/bin/evtparse.pl': '/usr/local/src/keydet-tools/source/evtparse.pl'} [INFO ] Completed state [/usr/local/bin/evtparse.pl] at time 13:46:23.847448 duration_in_ms=1.177 [DEBUG ] Could not LazyLoad file.mod_watch: 'file.mod_watch' is not available. [INFO ] Running state [/usr/local/bin/evtparse.pl] at time 13:46:23.852193 [INFO ] Executing state file.replace for /usr/local/bin/evtparse.pl [INFO ] File changed: --- +++ @@ -1,4 +1,4 @@ -#! c:\perl\bin\perl.exe +#!/usr/bin/env perl #--------------------------------------------------------------------- # evtparse.pl - script to parse Windows 2000/XP/2003 Event Log files # Output is in TLN format, goes to STDOUT [INFO ] Completed state [/usr/local/bin/evtparse.pl] at time 13:46:23.855379 duration_in_ms=3.186 [DEBUG ] Could not LazyLoad file.mod_watch: 'file.mod_watch' is not available. [INFO ] Running state [/usr/local/bin/evtrpt.pl] at time 13:46:23.860052 [INFO ] Executing state file.copy for /usr/local/bin/evtrpt.pl [INFO ] {'/usr/local/bin/evtrpt.pl': '/usr/local/src/keydet-tools/source/evtrpt.pl'} [INFO ] Completed state [/usr/local/bin/evtrpt.pl] at time 13:46:23.861770 duration_in_ms=1.717 [DEBUG ] Could not LazyLoad file.mod_watch: 'file.mod_watch' is not available. [INFO ] Running state [/usr/local/bin/evtrpt.pl] at time 13:46:23.866743 [INFO ] Executing state file.replace for /usr/local/bin/evtrpt.pl [INFO ] File changed: --- +++ @@ -1,4 +1,4 @@ -#! c:\perl\bin\perl.exe +#!/usr/bin/env perl #--------------------------------------------------------------------- # evtrpt.pl - script to parse Windows 2000/XP/2003 Event Log files # and generate a report of the contents (event freq, date range, etc.) [INFO ] Completed state [/usr/local/bin/evtrpt.pl] at time 13:46:23.870648 duration_in_ms=3.907 [DEBUG ] Could not LazyLoad file.mod_watch: 'file.mod_watch' is not available. [INFO ] Running state [/usr/local/bin/evtxparse.pl] at time 13:46:23.877184 [INFO ] Executing state file.copy for /usr/local/bin/evtxparse.pl [INFO ] {'/usr/local/bin/evtxparse.pl': '/usr/local/src/keydet-tools/source/evtxparse.pl'} [INFO ] Completed state [/usr/local/bin/evtxparse.pl] at time 13:46:23.880544 duration_in_ms=3.36 [DEBUG ] Could not LazyLoad file.mod_watch: 'file.mod_watch' is not available. [INFO ] Running state [/usr/local/bin/evtxparse.pl] at time 13:46:23.886696 [INFO ] Executing state file.replace for /usr/local/bin/evtxparse.pl [INFO ] File changed: --- +++ @@ -1,4 +1,4 @@ -#! C:\perl\bin\perl.exe +#!/usr/bin/env perl #----------------------------------------------------------- # Parse the output of the following LogParser command: # [INFO ] Completed state [/usr/local/bin/evtxparse.pl] at time 13:46:23.890200 duration_in_ms=3.505 [DEBUG ] Could not LazyLoad file.mod_watch: 'file.mod_watch' is not available. [INFO ] Running state [/usr/local/bin/fb.pl] at time 13:46:23.895785 [INFO ] Executing state file.copy for /usr/local/bin/fb.pl [INFO ] {'/usr/local/bin/fb.pl': '/usr/local/src/keydet-tools/source/fb.pl'} [INFO ] Completed state [/usr/local/bin/fb.pl] at time 13:46:23.898219 duration_in_ms=2.434 [DEBUG ] Could not LazyLoad file.mod_watch: 'file.mod_watch' is not available. [INFO ] Running state [/usr/local/bin/fb.pl] at time 13:46:23.905985 [INFO ] Executing state file.replace for /usr/local/bin/fb.pl [INFO ] File changed: --- +++ @@ -1,4 +1,4 @@ -#! c:\perl\bin\perl.exe +#!/usr/bin/env perl #----------------------------------------------------------- # Script to parse exported Facebook chat messages; export the # individual messages to text (.txt) files in a single directory; [INFO ] Completed state [/usr/local/bin/fb.pl] at time 13:46:23.908997 duration_in_ms=3.001 [DEBUG ] Could not LazyLoad file.mod_watch: 'file.mod_watch' is not available. [INFO ] Running state [/usr/local/bin/ff.pl] at time 13:46:23.916800 [INFO ] Executing state file.copy for /usr/local/bin/ff.pl [INFO ] {'/usr/local/bin/ff.pl': '/usr/local/src/keydet-tools/source/ff.pl'} [INFO ] Completed state [/usr/local/bin/ff.pl] at time 13:46:23.919353 duration_in_ms=2.554 [DEBUG ] Could not LazyLoad file.mod_watch: 'file.mod_watch' is not available. [INFO ] Running state [/usr/local/bin/ff.pl] at time 13:46:23.926265 [INFO ] Executing state file.replace for /usr/local/bin/ff.pl [INFO ] File changed: --- +++ @@ -1,4 +1,4 @@ -#! c:\perl\bin\perl.exe +#!/usr/bin/env perl #----------------------------------------------------------- # Firefox 3 places.sqlite parsing # [INFO ] Completed state [/usr/local/bin/ff.pl] at time 13:46:23.929184 duration_in_ms=2.932 [DEBUG ] Could not LazyLoad file.mod_watch: 'file.mod_watch' is not available. [INFO ] Running state [/usr/local/bin/ff_signons.pl] at time 13:46:23.934032 [INFO ] Executing state file.copy for /usr/local/bin/ff_signons.pl [INFO ] {'/usr/local/bin/ff_signons.pl': '/usr/local/src/keydet-tools/source/ff_signons.pl'} [INFO ] Completed state [/usr/local/bin/ff_signons.pl] at time 13:46:23.935854 duration_in_ms=1.823 [DEBUG ] Could not LazyLoad file.mod_watch: 'file.mod_watch' is not available. [INFO ] Running state [/usr/local/bin/ff_signons.pl] at time 13:46:23.940575 [INFO ] Executing state file.replace for /usr/local/bin/ff_signons.pl [INFO ] File changed: --- +++ @@ -1,4 +1,4 @@ -#! c:\perl\bin\perl.exe +#!/usr/bin/env perl #----------------------------------------------------------- # Firefox 3 signons.sqlite parsing # [INFO ] Completed state [/usr/local/bin/ff_signons.pl] at time 13:46:23.942936 duration_in_ms=2.361 [DEBUG ] Could not LazyLoad file.mod_watch: 'file.mod_watch' is not available. [INFO ] Running state [/usr/local/bin/ftkparse.pl] at time 13:46:23.947408 [INFO ] Executing state file.copy for /usr/local/bin/ftkparse.pl [INFO ] {'/usr/local/bin/ftkparse.pl': '/usr/local/src/keydet-tools/source/ftkparse.pl'} [INFO ] Completed state [/usr/local/bin/ftkparse.pl] at time 13:46:23.948932 duration_in_ms=1.524 [DEBUG ] Could not LazyLoad file.mod_watch: 'file.mod_watch' is not available. [INFO ] Running state [/usr/local/bin/ftkparse.pl] at time 13:46:23.956349 [INFO ] Executing state file.replace for /usr/local/bin/ftkparse.pl [INFO ] File changed: --- +++ @@ -1,4 +1,4 @@ -#! c:\perl\bin\perl.exe +#!/usr/bin/env perl #------------------------------------------------------------- # ftkparse.pl # Parse the .csv output from FTK Imager's "Export Directory Listing..." [INFO ] Completed state [/usr/local/bin/ftkparse.pl] at time 13:46:23.961080 duration_in_ms=4.732 [DEBUG ] Could not LazyLoad file.mod_watch: 'file.mod_watch' is not available. [INFO ] Running state [/usr/local/bin/idx.pl] at time 13:46:23.969847 [INFO ] Executing state file.copy for /usr/local/bin/idx.pl [INFO ] {'/usr/local/bin/idx.pl': '/usr/local/src/keydet-tools/source/idx.pl'} [INFO ] Completed state [/usr/local/bin/idx.pl] at time 13:46:23.972927 duration_in_ms=3.084 [DEBUG ] Could not LazyLoad file.mod_watch: 'file.mod_watch' is not available. [INFO ] Running state [/usr/local/bin/idx.pl] at time 13:46:23.979543 [INFO ] Executing state file.replace for /usr/local/bin/idx.pl [INFO ] File changed: --- +++ @@ -1,4 +1,4 @@ -#! c:\perl\bin\perl.exe +#!/usr/bin/env perl #--------------------------------------------------------------------- # idx.pl - Script to parse Java deployment cache *.idx files # [INFO ] Completed state [/usr/local/bin/idx.pl] at time 13:46:23.983873 duration_in_ms=4.331 [DEBUG ] Could not LazyLoad file.mod_watch: 'file.mod_watch' is not available. [INFO ] Running state [/usr/local/bin/idxparse.pl] at time 13:46:23.990000 [INFO ] Executing state file.copy for /usr/local/bin/idxparse.pl [INFO ] {'/usr/local/bin/idxparse.pl': '/usr/local/src/keydet-tools/source/idxparse.pl'} [INFO ] Completed state [/usr/local/bin/idxparse.pl] at time 13:46:23.992770 duration_in_ms=2.77 [DEBUG ] Could not LazyLoad file.mod_watch: 'file.mod_watch' is not available. [INFO ] Running state [/usr/local/bin/idxparse.pl] at time 13:46:24.002428 [INFO ] Executing state file.replace for /usr/local/bin/idxparse.pl [INFO ] File changed: --- +++ @@ -1,4 +1,4 @@ -#! c:\perl\bin\perl.exe +#!/usr/bin/env perl #--------------------------------------------------------------------- # idxparse.pl - Script to parse Java deployment cache *.idx files # Parse Java deployment cache index (*.idx) files [INFO ] Completed state [/usr/local/bin/idxparse.pl] at time 13:46:24.008239 duration_in_ms=5.81 [DEBUG ] Could not LazyLoad file.mod_watch: 'file.mod_watch' is not available. [INFO ] Running state [/usr/local/bin/jl.pl] at time 13:46:24.016166 [INFO ] Executing state file.copy for /usr/local/bin/jl.pl [INFO ] {'/usr/local/bin/jl.pl': '/usr/local/src/keydet-tools/source/jl.pl'} [INFO ] Completed state [/usr/local/bin/jl.pl] at time 13:46:24.018994 duration_in_ms=2.828 [DEBUG ] Could not LazyLoad file.mod_watch: 'file.mod_watch' is not available. [INFO ] Running state [/usr/local/bin/jl.pl] at time 13:46:24.026937 [INFO ] Executing state file.replace for /usr/local/bin/jl.pl [INFO ] File changed: --- +++ @@ -1,4 +1,4 @@ -#! c:\perl\bin\perl.exe +#!/usr/bin/env perl #----------------------------------------------------------- # This is a simple script to demonstrate the use of the JumpList.pm # module; outputs in .csv and TLN output [INFO ] Completed state [/usr/local/bin/jl.pl] at time 13:46:24.030261 duration_in_ms=3.324 [DEBUG ] Could not LazyLoad file.mod_watch: 'file.mod_watch' is not available. [INFO ] Running state [/usr/local/bin/jobparse.pl] at time 13:46:24.038034 [INFO ] Executing state file.copy for /usr/local/bin/jobparse.pl [INFO ] {'/usr/local/bin/jobparse.pl': '/usr/local/src/keydet-tools/source/jobparse.pl'} [INFO ] Completed state [/usr/local/bin/jobparse.pl] at time 13:46:24.040225 duration_in_ms=2.192 [DEBUG ] Could not LazyLoad file.mod_watch: 'file.mod_watch' is not available. [INFO ] Running state [/usr/local/bin/jobparse.pl] at time 13:46:24.047507 [INFO ] Executing state file.replace for /usr/local/bin/jobparse.pl [INFO ] File changed: --- +++ @@ -1,4 +1,4 @@ -#! c:\perl\bin\perl.exe +#!/usr/bin/env perl #------------------------------------------------------ # jobparse.pl # Perl script to parse .job file metadata [INFO ] Completed state [/usr/local/bin/jobparse.pl] at time 13:46:24.051137 duration_in_ms=3.631 [DEBUG ] Could not LazyLoad file.mod_watch: 'file.mod_watch' is not available. [INFO ] Running state [/usr/local/bin/lfle.pl] at time 13:46:24.057908 [INFO ] Executing state file.copy for /usr/local/bin/lfle.pl [INFO ] {'/usr/local/bin/lfle.pl': '/usr/local/src/keydet-tools/source/lfle.pl'} [INFO ] Completed state [/usr/local/bin/lfle.pl] at time 13:46:24.059576 duration_in_ms=1.669 [DEBUG ] Could not LazyLoad file.mod_watch: 'file.mod_watch' is not available. [INFO ] Running state [/usr/local/bin/lfle.pl] at time 13:46:24.063912 [INFO ] Executing state file.replace for /usr/local/bin/lfle.pl [INFO ] File changed: --- +++ @@ -1,4 +1,4 @@ -#! c:\perl\bin\perl.exe +#!/usr/bin/env perl #----------------------------------------------------------- # lfle.pl - script to parse EVT records from unstructured data; can be # used to parse unallocated space, pagefile, memory, as well as [INFO ] Completed state [/usr/local/bin/lfle.pl] at time 13:46:24.068677 duration_in_ms=4.764 [DEBUG ] Could not LazyLoad file.mod_watch: 'file.mod_watch' is not available. [INFO ] Running state [/usr/local/bin/lnk.pl] at time 13:46:24.077552 [INFO ] Executing state file.copy for /usr/local/bin/lnk.pl [INFO ] {'/usr/local/bin/lnk.pl': '/usr/local/src/keydet-tools/source/lnk.pl'} [INFO ] Completed state [/usr/local/bin/lnk.pl] at time 13:46:24.080949 duration_in_ms=3.398 [DEBUG ] Could not LazyLoad file.mod_watch: 'file.mod_watch' is not available. [INFO ] Running state [/usr/local/bin/lnk.pl] at time 13:46:24.085256 [INFO ] Executing state file.replace for /usr/local/bin/lnk.pl [INFO ] File changed: --- +++ @@ -1,4 +1,4 @@ -#! c:\perl\bin\perl.exe +#!/usr/bin/env perl #----------------------------------------------------------- # This is a simple script to demonstrate the use of the LNK.pm module. # [INFO ] Completed state [/usr/local/bin/lnk.pl] at time 13:46:24.087202 duration_in_ms=1.946 [DEBUG ] Could not LazyLoad file.mod_watch: 'file.mod_watch' is not available. [INFO ] Running state [/usr/local/bin/mft.pl] at time 13:46:24.093094 [INFO ] Executing state file.copy for /usr/local/bin/mft.pl [INFO ] {'/usr/local/bin/mft.pl': '/usr/local/src/keydet-tools/source/mft.pl'} [INFO ] Completed state [/usr/local/bin/mft.pl] at time 13:46:24.094569 duration_in_ms=1.474 [DEBUG ] Could not LazyLoad file.mod_watch: 'file.mod_watch' is not available. [INFO ] Running state [/usr/local/bin/mft.pl] at time 13:46:24.098620 [INFO ] Executing state file.replace for /usr/local/bin/mft.pl [INFO ] File changed: --- +++ @@ -1,4 +1,4 @@ -#! c:\perl\bin\perl.exe +#!/usr/bin/env perl #----------------------------------------------------------- # Simple $MFT parser # - detects ADSs (prints hex dump if they're resident), and [INFO ] Completed state [/usr/local/bin/mft.pl] at time 13:46:24.102895 duration_in_ms=4.275 [DEBUG ] Could not LazyLoad file.mod_watch: 'file.mod_watch' is not available. [INFO ] Running state [/usr/local/bin/parse.pl] at time 13:46:24.108043 [INFO ] Executing state file.copy for /usr/local/bin/parse.pl [INFO ] {'/usr/local/bin/parse.pl': '/usr/local/src/keydet-tools/source/parse.pl'} [INFO ] Completed state [/usr/local/bin/parse.pl] at time 13:46:24.110286 duration_in_ms=2.242 [DEBUG ] Could not LazyLoad file.mod_watch: 'file.mod_watch' is not available. [INFO ] Running state [/usr/local/bin/parse.pl] at time 13:46:24.236958 [INFO ] Executing state file.replace for /usr/local/bin/parse.pl [INFO ] File changed: --- +++ @@ -1,4 +1,4 @@ -#! c:\perl\bin\perl.exe +#!/usr/bin/env perl #----------------------------------------------------------- # parse.pl - parse an event file containing events in TLN (ie, # 5-field) format; output goes to STDOUT, can redirect to a [INFO ] Completed state [/usr/local/bin/parse.pl] at time 13:46:24.239581 duration_in_ms=2.622 [DEBUG ] Could not LazyLoad file.mod_watch: 'file.mod_watch' is not available. [INFO ] Running state [/usr/local/bin/parsei30.pl] at time 13:46:24.244339 [INFO ] Executing state file.copy for /usr/local/bin/parsei30.pl [INFO ] {'/usr/local/bin/parsei30.pl': '/usr/local/src/keydet-tools/source/parsei30.pl'} [INFO ] Completed state [/usr/local/bin/parsei30.pl] at time 13:46:24.245842 duration_in_ms=1.504 [DEBUG ] Could not LazyLoad file.mod_watch: 'file.mod_watch' is not available. [INFO ] Running state [/usr/local/bin/parsei30.pl] at time 13:46:24.250477 [INFO ] Executing state file.replace for /usr/local/bin/parsei30.pl [INFO ] File changed: --- +++ @@ -1,4 +1,4 @@ -#! c:\perl\bin\perl.exe +#!/usr/bin/env perl #----------------------------------------------------------- # parsei30.pl # [INFO ] Completed state [/usr/local/bin/parsei30.pl] at time 13:46:24.253111 duration_in_ms=2.633 [DEBUG ] Could not LazyLoad file.mod_watch: 'file.mod_watch' is not available. [INFO ] Running state [/usr/local/bin/parseie.pl] at time 13:46:24.259715 [INFO ] Executing state file.copy for /usr/local/bin/parseie.pl [INFO ] {'/usr/local/bin/parseie.pl': '/usr/local/src/keydet-tools/source/parseie.pl'} [INFO ] Completed state [/usr/local/bin/parseie.pl] at time 13:46:24.261639 duration_in_ms=1.924 [DEBUG ] Could not LazyLoad file.mod_watch: 'file.mod_watch' is not available. [INFO ] Running state [/usr/local/bin/parseie.pl] at time 13:46:24.266792 [INFO ] Executing state file.replace for /usr/local/bin/parseie.pl [INFO ] File changed: --- +++ @@ -1,4 +1,4 @@ -#! c:\perl\bin\perl.exe +#!/usr/bin/env perl #------------------------------------------------------------ # parseie.pl - parse IE index.dat file, based on format spec found # in the references [INFO ] Completed state [/usr/local/bin/parseie.pl] at time 13:46:24.270322 duration_in_ms=3.529 [DEBUG ] Could not LazyLoad file.mod_watch: 'file.mod_watch' is not available. [INFO ] Running state [/usr/local/bin/pie.pl] at time 13:46:24.279346 [INFO ] Executing state file.copy for /usr/local/bin/pie.pl [INFO ] {'/usr/local/bin/pie.pl': '/usr/local/src/keydet-tools/source/pie.pl'} [INFO ] Completed state [/usr/local/bin/pie.pl] at time 13:46:24.283259 duration_in_ms=3.913 [DEBUG ] Could not LazyLoad file.mod_watch: 'file.mod_watch' is not available. [INFO ] Running state [/usr/local/bin/pie.pl] at time 13:46:24.289206 [INFO ] Executing state file.replace for /usr/local/bin/pie.pl [INFO ] File changed: --- +++ @@ -1,4 +1,4 @@ -#! c:\perl\bin\perl.exe +#!/usr/bin/env perl #------------------------------------------------------------ # pie.pl - stripped-down version of parseie.pl, used to parse # headers of index.dat file and provide an overview of what's [INFO ] Completed state [/usr/local/bin/pie.pl] at time 13:46:24.292124 duration_in_ms=2.919 [DEBUG ] Could not LazyLoad file.mod_watch: 'file.mod_watch' is not available. [INFO ] Running state [/usr/local/bin/pref.pl] at time 13:46:24.297265 [INFO ] Executing state file.copy for /usr/local/bin/pref.pl [INFO ] {'/usr/local/bin/pref.pl': '/usr/local/src/keydet-tools/source/pref.pl'} [INFO ] Completed state [/usr/local/bin/pref.pl] at time 13:46:24.299066 duration_in_ms=1.801 [DEBUG ] Could not LazyLoad file.mod_watch: 'file.mod_watch' is not available. [INFO ] Running state [/usr/local/bin/pref.pl] at time 13:46:24.303596 [INFO ] Executing state file.replace for /usr/local/bin/pref.pl [INFO ] File changed: --- +++ @@ -1,4 +1,4 @@ -#! c:\perl\bin\perl.exe +#!/usr/bin/env perl #------------------------------------------------------ # pref.pl # Perl script to parse the contents of Windows application prefetch files [INFO ] Completed state [/usr/local/bin/pref.pl] at time 13:46:24.305841 duration_in_ms=2.244 [DEBUG ] Could not LazyLoad file.mod_watch: 'file.mod_watch' is not available. [INFO ] Running state [/usr/local/bin/rawie.pl] at time 13:46:24.310178 [INFO ] Executing state file.copy for /usr/local/bin/rawie.pl [INFO ] {'/usr/local/bin/rawie.pl': '/usr/local/src/keydet-tools/source/rawie.pl'} [INFO ] Completed state [/usr/local/bin/rawie.pl] at time 13:46:24.311514 duration_in_ms=1.336 [DEBUG ] Could not LazyLoad file.mod_watch: 'file.mod_watch' is not available. [INFO ] Running state [/usr/local/bin/rawie.pl] at time 13:46:24.316081 [INFO ] Executing state file.replace for /usr/local/bin/rawie.pl [INFO ] File changed: --- +++ @@ -1,4 +1,4 @@ -#! c:\perl\bin\perl.exe +#!/usr/bin/env perl #----------------------------------------------------------- # rawie.pl # Read IE index.dat on a binary basis, locating URL and REDR [INFO ] Completed state [/usr/local/bin/rawie.pl] at time 13:46:24.319587 duration_in_ms=3.504 [DEBUG ] Could not LazyLoad file.mod_watch: 'file.mod_watch' is not available. [INFO ] Running state [/usr/local/bin/recbin.pl] at time 13:46:24.326480 [INFO ] Executing state file.copy for /usr/local/bin/recbin.pl [INFO ] {'/usr/local/bin/recbin.pl': '/usr/local/src/keydet-tools/source/recbin.pl'} [INFO ] Completed state [/usr/local/bin/recbin.pl] at time 13:46:24.328040 duration_in_ms=1.56 [DEBUG ] Could not LazyLoad file.mod_watch: 'file.mod_watch' is not available. [INFO ] Running state [/usr/local/bin/recbin.pl] at time 13:46:24.333341 [INFO ] Executing state file.replace for /usr/local/bin/recbin.pl [INFO ] File changed: --- +++ @@ -1,4 +1,4 @@ -#! c:\perl\bin\perl.exe +#!/usr/bin/env perl #------------------------------------------------------ # recbin.pl # Perl script to parse the contents of the INFO2 file from [INFO ] Completed state [/usr/local/bin/recbin.pl] at time 13:46:24.336822 duration_in_ms=3.482 [DEBUG ] Could not LazyLoad file.mod_watch: 'file.mod_watch' is not available. [INFO ] Running state [/usr/local/bin/regslack.pl] at time 13:46:24.341830 [INFO ] Executing state file.copy for /usr/local/bin/regslack.pl [INFO ] {'/usr/local/bin/regslack.pl': '/usr/local/src/keydet-tools/source/regslack.pl'} [INFO ] Completed state [/usr/local/bin/regslack.pl] at time 13:46:24.343616 duration_in_ms=1.786 [DEBUG ] Could not LazyLoad file.mod_watch: 'file.mod_watch' is not available. [INFO ] Running state [/usr/local/bin/regslack.pl] at time 13:46:24.348127 [INFO ] Executing state file.replace for /usr/local/bin/regslack.pl [INFO ] File changed: --- +++ @@ -7,7 +7,7 @@ # in partial fulfillment of the requirements # for the degree of Master of Science (IT security) -#!/usr/bin/perl +#!/usr/bin/env perl use strict; use warnings; [INFO ] Completed state [/usr/local/bin/regslack.pl] at time 13:46:24.351030 duration_in_ms=2.902 [DEBUG ] Could not LazyLoad file.mod_watch: 'file.mod_watch' is not available. [INFO ] Running state [/usr/local/bin/regtime.pl] at time 13:46:24.355053 [INFO ] Executing state file.copy for /usr/local/bin/regtime.pl [INFO ] {'/usr/local/bin/regtime.pl': '/usr/local/src/keydet-tools/source/regtime.pl'} [INFO ] Completed state [/usr/local/bin/regtime.pl] at time 13:46:24.356314 duration_in_ms=1.262 [DEBUG ] Could not LazyLoad file.mod_watch: 'file.mod_watch' is not available. [INFO ] Running state [/usr/local/bin/regtime.pl] at time 13:46:24.360893 [INFO ] Executing state file.replace for /usr/local/bin/regtime.pl [INFO ] File changed: --- +++ @@ -1,4 +1,4 @@ -#!c:\perl\bin\perl.exe +#!/usr/bin/env perl #------------------------------------------------------------ # RegTime - tool to traverse a hive file and output the key # LastWrites and names in TLN format [INFO ] Completed state [/usr/local/bin/regtime.pl] at time 13:46:24.363111 duration_in_ms=2.219 [DEBUG ] Could not LazyLoad file.mod_watch: 'file.mod_watch' is not available. [INFO ] Running state [/usr/local/bin/rfc.pl] at time 13:46:24.368262 [INFO ] Executing state file.copy for /usr/local/bin/rfc.pl [INFO ] {'/usr/local/bin/rfc.pl': '/usr/local/src/keydet-tools/source/rfc.pl'} [INFO ] Completed state [/usr/local/bin/rfc.pl] at time 13:46:24.370045 duration_in_ms=1.783 [DEBUG ] Could not LazyLoad file.mod_watch: 'file.mod_watch' is not available. [INFO ] Running state [/usr/local/bin/rfc.pl] at time 13:46:24.377782 [INFO ] Executing state file.replace for /usr/local/bin/rfc.pl [INFO ] File changed: --- +++ @@ -1,4 +1,4 @@ -#! c:\perl\bin\perl.exe +#!/usr/bin/env perl #----------------------------------------------------------- # tool to parse RecentFileCache.bcf files # [INFO ] Completed state [/usr/local/bin/rfc.pl] at time 13:46:24.380435 duration_in_ms=2.655 [DEBUG ] Could not LazyLoad file.mod_watch: 'file.mod_watch' is not available. [INFO ] Running state [/usr/local/bin/rlo.pl] at time 13:46:24.388392 [INFO ] Executing state file.copy for /usr/local/bin/rlo.pl [INFO ] {'/usr/local/bin/rlo.pl': '/usr/local/src/keydet-tools/source/rlo.pl'} [INFO ] Completed state [/usr/local/bin/rlo.pl] at time 13:46:24.390137 duration_in_ms=1.746 [DEBUG ] Could not LazyLoad file.mod_watch: 'file.mod_watch' is not available. [INFO ] Running state [/usr/local/bin/rlo.pl] at time 13:46:24.394948 [INFO ] Executing state file.replace for /usr/local/bin/rlo.pl [INFO ] File changed: --- +++ @@ -1,4 +1,4 @@ -#!c:\perl\bin\perl.exe +#!/usr/bin/env perl #------------------------------------------------------------ # rlo - tool to traverse a hive file, checking for the use of the # Unicode RLO control char in key/value names [INFO ] Completed state [/usr/local/bin/rlo.pl] at time 13:46:24.397197 duration_in_ms=2.249 [DEBUG ] Could not LazyLoad file.mod_watch: 'file.mod_watch' is not available. [INFO ] Running state [/usr/local/bin/tln.pl] at time 13:46:24.401682 [INFO ] Executing state file.copy for /usr/local/bin/tln.pl [INFO ] {'/usr/local/bin/tln.pl': '/usr/local/src/keydet-tools/source/tln.pl'} [INFO ] Completed state [/usr/local/bin/tln.pl] at time 13:46:24.404088 duration_in_ms=2.406 [DEBUG ] Could not LazyLoad file.mod_watch: 'file.mod_watch' is not available. [INFO ] Running state [/usr/local/bin/tln.pl] at time 13:46:24.410895 [INFO ] Executing state file.replace for /usr/local/bin/tln.pl [INFO ] File changed: --- +++ @@ -1,4 +1,4 @@ -#! c:\perl\bin\perl.exe +#!/usr/bin/env perl #----------------------------------------------------------- # tln.pl # GUI code to manually generate timeline events, either to display or [INFO ] Completed state [/usr/local/bin/tln.pl] at time 13:46:24.414703 duration_in_ms=3.808 [DEBUG ] Could not LazyLoad file.mod_watch: 'file.mod_watch' is not available. [INFO ] Running state [/usr/local/bin/usnj.pl] at time 13:46:24.419453 [INFO ] Executing state file.copy for /usr/local/bin/usnj.pl [INFO ] {'/usr/local/bin/usnj.pl': '/usr/local/src/keydet-tools/source/usnj.pl'} [INFO ] Completed state [/usr/local/bin/usnj.pl] at time 13:46:24.421235 duration_in_ms=1.781 [DEBUG ] Could not LazyLoad file.mod_watch: 'file.mod_watch' is not available. [INFO ] Running state [/usr/local/bin/usnj.pl] at time 13:46:24.427619 [INFO ] Executing state file.replace for /usr/local/bin/usnj.pl [INFO ] File changed: --- +++ @@ -1,4 +1,4 @@ -#!C:\perl\bin\perl.exe +#!/usr/bin/env perl #------------------------------------------------------------ # usnj.pl # Parse NTFS UsrJrnl entries (v2 only...see Ref below) [INFO ] Completed state [/usr/local/bin/usnj.pl] at time 13:46:24.431264 duration_in_ms=3.644 [INFO ] Running state [/usr/local/bin/packerid.py] at time 13:46:24.434173 [INFO ] Executing state file.managed for /usr/local/bin/packerid.py [DEBUG ] Requesting URL https://raw.githubusercontent.com/sooshie/packerid/7b2ee6ef57db903bf356fd342c8ca998abdb68cd/packerid.py using GET method [INFO ] File changed: New file [DEBUG ] Refreshing modules... [INFO ] Loading fresh modules for state activity [DEBUG ] LazyLoaded jinja.render [DEBUG ] LazyLoaded yaml.render [INFO ] Completed state [/usr/local/bin/packerid.py] at time 13:46:24.697154 duration_in_ms=262.979 [DEBUG ] LazyLoaded config.option [DEBUG ] LazyLoaded file.replace [DEBUG ] LazyLoaded composer.install [DEBUG ] Module DSC: Only available on Windows systems [DEBUG ] Module PSGet: Only available on Windows systems [DEBUG ] Could not LazyLoad cyg.list: 'cyg' __virtual__ returned False: Module cyg: module only works on Windows systems. [DEBUG ] LazyLoaded postgres.datadir_init [DEBUG ] LazyLoaded postgres.privileges_grant [DEBUG ] LazyLoaded postgres.create_extension [DEBUG ] LazyLoaded zabbix.host_create [DEBUG ] LazyLoaded dockerng.version [DEBUG ] LazyLoaded win_dns_client.add_dns [DEBUG ] LazyLoaded rdp.enable [DEBUG ] LazyLoaded boto_iam.get_user [DEBUG ] LazyLoaded makeconf.get_var [DEBUG ] LazyLoaded boto_sns.exists [DEBUG ] LazyLoaded memcached.status [DEBUG ] Could not LazyLoad docker.version: 'docker.version' is not available. [DEBUG ] Could not LazyLoad influxdb.db_exists: 'influxdb.db_exists' is not available. [DEBUG ] LazyLoaded win_dacl.add_ace [DEBUG ] Could not LazyLoad influxdb08.db_exists: 'influxdb08.db_exists' is not available. [DEBUG ] LazyLoaded boto_rds.exists [DEBUG ] LazyLoaded kapacitor.version [DEBUG ] LazyLoaded boto_elasticsearch_domain.exists [DEBUG ] LazyLoaded boto_lambda.function_exists [DEBUG ] LazyLoaded boto_asg.exists [DEBUG ] LazyLoaded chocolatey.install [DEBUG ] LazyLoaded quota.report [DEBUG ] LazyLoaded boto_datapipeline.create_pipeline [DEBUG ] LazyLoaded tomcat.status [DEBUG ] LazyLoaded splunk.list_users [DEBUG ] LazyLoaded bower.list [DEBUG ] LazyLoaded boto_vpc.exists [DEBUG ] Could not LazyLoad influxdb08.db_exists: 'influxdb08.db_exists' is not available. [DEBUG ] LazyLoaded postgres.group_create [DEBUG ] LazyLoaded boto_elb.exists [DEBUG ] LazyLoaded zk_concurrency.lock [DEBUG ] LazyLoaded win_snmp.get_agent_settings [DEBUG ] LazyLoaded boto_secgroup.exists [DEBUG ] LazyLoaded zabbix.user_create [DEBUG ] LazyLoaded xmpp.send_msg [DEBUG ] LazyLoaded zabbix.usergroup_create [DEBUG ] LazyLoaded postgres.language_create [DEBUG ] LazyLoaded npm.list [DEBUG ] LazyLoaded splunk_search.get [DEBUG ] LazyLoaded portage_config.get_missing_flags [DEBUG ] LazyLoaded openvswitch.bridge_create [DEBUG ] LazyLoaded win_iis.create_site [DEBUG ] LazyLoaded boto_s3_bucket.exists [DEBUG ] Could not LazyLoad lgpo.set: 'lgpo.set' is not available. [DEBUG ] LazyLoaded postgres.schema_exists [DEBUG ] LazyLoaded boto_dynamodb.exists [DEBUG ] LazyLoaded boto_cloudwatch.get_alarm [DEBUG ] LazyLoaded snapper.diff [DEBUG ] Could not LazyLoad augeas.execute: 'augeas.execute' is not available. [DEBUG ] Could not LazyLoad influxdb.db_exists: 'influxdb.db_exists' is not available. [DEBUG ] LazyLoaded nftables.version [DEBUG ] LazyLoaded github.list_users [DEBUG ] LazyLoaded boto_asg.exists [DEBUG ] LazyLoaded boto_cfn.exists [DEBUG ] LazyLoaded boto_elasticache.exists [DEBUG ] LazyLoaded stormpath.create_account [DEBUG ] LazyLoaded boto_cognitoidentity.describe_identity_pools [DEBUG ] LazyLoaded win_pki.get_stores [DEBUG ] Could not LazyLoad vmadm.create: 'vmadm.create' is not available. [DEBUG ] LazyLoaded keystone.auth [DEBUG ] LazyLoaded pecl.list [DEBUG ] LazyLoaded ifttt.trigger_event [DEBUG ] LazyLoaded boto_iam.role_exists [DEBUG ] LazyLoaded win_path.rehash [DEBUG ] LazyLoaded win_servermanager.install [DEBUG ] LazyLoaded chassis.cmd [DEBUG ] LazyLoaded layman.add [DEBUG ] Could not LazyLoad firewall.get_config: 'firewall.get_config' is not available. [DEBUG ] LazyLoaded mongodb.user_exists [DEBUG ] LazyLoaded monit.summary [DEBUG ] LazyLoaded postgres.user_exists [DEBUG ] LazyLoaded trafficserver.set_config [DEBUG ] LazyLoaded chef.client [DEBUG ] LazyLoaded acme.cert [DEBUG ] LazyLoaded boto_sqs.exists [DEBUG ] LazyLoaded boto_route53.get_record [DEBUG ] LazyLoaded eselect.exec_action [DEBUG ] LazyLoaded virt.node_info [DEBUG ] LazyLoaded boto_kms.describe_key [DEBUG ] Could not LazyLoad elasticsearch.exists: 'elasticsearch.exists' is not available. [DEBUG ] LazyLoaded postgres.cluster_exists [DEBUG ] LazyLoaded lvs.get_rules [DEBUG ] LazyLoaded at.at [DEBUG ] LazyLoaded boto_cloudtrail.exists [DEBUG ] LazyLoaded victorops.create_event [DEBUG ] LazyLoaded postgres.user_exists [DEBUG ] Could not LazyLoad redis.set_key: 'redis.set_key' is not available. [DEBUG ] LazyLoaded boto_ec2.get_key [DEBUG ] LazyLoaded zabbix.hostgroup_create [DEBUG ] LazyLoaded boto_iot.policy_exists [DEBUG ] LazyLoaded boto_cloudwatch_event.exists [DEBUG ] LazyLoaded esxi.cmd [DEBUG ] LazyLoaded win_smtp_server.get_server_setting [DEBUG ] LazyLoaded reg.read_value [DEBUG ] LazyLoaded zpool.create [DEBUG ] LazyLoaded openvswitch.port_add [DEBUG ] LazyLoaded lvs.get_rules [DEBUG ] LazyLoaded boto_apigateway.describe_apis [DEBUG ] LazyLoaded glusterfs.list_volumes [DEBUG ] LazyLoaded postgres.tablespace_exists [DEBUG ] LazyLoaded ipset.version [DEBUG ] LazyLoaded cisconso.set_data_value [DEBUG ] LazyLoaded selinux.getenforce [DEBUG ] LazyLoaded nxos.cmd [DEBUG ] Could not LazyLoad file.mod_watch: 'file.mod_watch' is not available. [INFO ] Running state [/usr/local/bin/packerid.py] at time 13:46:25.117068 [INFO ] Executing state file.replace for /usr/local/bin/packerid.py [INFO ] File changed: --- +++ @@ -1,4 +1,4 @@ -#!/usr/local/bin/python +#!/usr/bin/env python # # Author: Jim Clausing # Date: 2009-05-15 [INFO ] Completed state [/usr/local/bin/packerid.py] at time 13:46:25.120032 duration_in_ms=2.964 [INFO ] Running state [/usr/local/bin] at time 13:46:25.120235 [INFO ] Executing state file.recurse for /usr/local/bin [DEBUG ] In saltenv 'base', looking at rel_path 'sift/files/page-brute/page_brute-BETA.py' to resolve 'salt://sift/files/page-brute/page_brute-BETA.py' [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/files/page-brute/page_brute-BETA.py' to resolve 'salt://sift/files/page-brute/page_brute-BETA.py' [DEBUG ] Fetching file from saltenv 'base', ** attempting ** 'salt://sift/files/page-brute/page_brute-BETA.py' [DEBUG ] No dest file found [INFO ] Fetching file from saltenv 'base', ** done ** 'sift/files/page-brute/page_brute-BETA.py' [INFO ] {u'/usr/local/bin/page_brute-BETA.py': {'diff': 'New file', 'mode': '0755'}} [DEBUG ] Refreshing modules... [INFO ] Loading fresh modules for state activity [DEBUG ] LazyLoaded jinja.render [DEBUG ] LazyLoaded yaml.render [INFO ] Completed state [/usr/local/bin] at time 13:46:25.208034 duration_in_ms=87.798 [DEBUG ] LazyLoaded config.option [DEBUG ] LazyLoaded file.managed [INFO ] Running state [/usr/local/bin/parseusn.py] at time 13:46:25.210142 [INFO ] Executing state file.managed for /usr/local/bin/parseusn.py [DEBUG ] LazyLoaded file.source_list [DEBUG ] LazyLoaded cp.is_cached [DEBUG ] Requesting URL https://raw.githubusercontent.com/superponible/DFIR/master/parseusn.py using GET method [INFO ] File changed: New file [DEBUG ] Refreshing modules... [INFO ] Loading fresh modules for state activity [DEBUG ] LazyLoaded jinja.render [DEBUG ] LazyLoaded yaml.render [INFO ] Completed state [/usr/local/bin/parseusn.py] at time 13:46:25.457563 duration_in_ms=247.42 [DEBUG ] LazyLoaded config.option [DEBUG ] LazyLoaded file.recurse [INFO ] Running state [/usr/local/bin] at time 13:46:25.459788 [INFO ] Executing state file.recurse for /usr/local/bin [DEBUG ] LazyLoaded file.source_list [DEBUG ] LazyLoaded cp.list_master [DEBUG ] In saltenv 'base', looking at rel_path 'sift/files/pdf-tools/PDFTemplate.bt' to resolve 'salt://sift/files/pdf-tools/PDFTemplate.bt' [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/files/pdf-tools/PDFTemplate.bt' to resolve 'salt://sift/files/pdf-tools/PDFTemplate.bt' [DEBUG ] Fetching file from saltenv 'base', ** attempting ** 'salt://sift/files/pdf-tools/PDFTemplate.bt' [DEBUG ] No dest file found [INFO ] Fetching file from saltenv 'base', ** done ** 'sift/files/pdf-tools/PDFTemplate.bt' [DEBUG ] In saltenv 'base', looking at rel_path 'sift/files/pdf-tools/mPDF.py' to resolve 'salt://sift/files/pdf-tools/mPDF.py' [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/files/pdf-tools/mPDF.py' to resolve 'salt://sift/files/pdf-tools/mPDF.py' [DEBUG ] Fetching file from saltenv 'base', ** attempting ** 'salt://sift/files/pdf-tools/mPDF.py' [DEBUG ] No dest file found [INFO ] Fetching file from saltenv 'base', ** done ** 'sift/files/pdf-tools/mPDF.py' [DEBUG ] In saltenv 'base', looking at rel_path 'sift/files/pdf-tools/make-pdf-embedded.py' to resolve 'salt://sift/files/pdf-tools/make-pdf-embedded.py' [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/files/pdf-tools/make-pdf-embedded.py' to resolve 'salt://sift/files/pdf-tools/make-pdf-embedded.py' [DEBUG ] Fetching file from saltenv 'base', ** attempting ** 'salt://sift/files/pdf-tools/make-pdf-embedded.py' [DEBUG ] No dest file found [INFO ] Fetching file from saltenv 'base', ** done ** 'sift/files/pdf-tools/make-pdf-embedded.py' [DEBUG ] In saltenv 'base', looking at rel_path 'sift/files/pdf-tools/make-pdf-helloworld.py' to resolve 'salt://sift/files/pdf-tools/make-pdf-helloworld.py' [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/files/pdf-tools/make-pdf-helloworld.py' to resolve 'salt://sift/files/pdf-tools/make-pdf-helloworld.py' [DEBUG ] Fetching file from saltenv 'base', ** attempting ** 'salt://sift/files/pdf-tools/make-pdf-helloworld.py' [DEBUG ] No dest file found [INFO ] Fetching file from saltenv 'base', ** done ** 'sift/files/pdf-tools/make-pdf-helloworld.py' [DEBUG ] In saltenv 'base', looking at rel_path 'sift/files/pdf-tools/make-pdf-javascript.py' to resolve 'salt://sift/files/pdf-tools/make-pdf-javascript.py' [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/files/pdf-tools/make-pdf-javascript.py' to resolve 'salt://sift/files/pdf-tools/make-pdf-javascript.py' [DEBUG ] Fetching file from saltenv 'base', ** attempting ** 'salt://sift/files/pdf-tools/make-pdf-javascript.py' [DEBUG ] No dest file found [INFO ] Fetching file from saltenv 'base', ** done ** 'sift/files/pdf-tools/make-pdf-javascript.py' [DEBUG ] In saltenv 'base', looking at rel_path 'sift/files/pdf-tools/pdf-parser.py' to resolve 'salt://sift/files/pdf-tools/pdf-parser.py' [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/files/pdf-tools/pdf-parser.py' to resolve 'salt://sift/files/pdf-tools/pdf-parser.py' [DEBUG ] Fetching file from saltenv 'base', ** attempting ** 'salt://sift/files/pdf-tools/pdf-parser.py' [DEBUG ] No dest file found [INFO ] Fetching file from saltenv 'base', ** done ** 'sift/files/pdf-tools/pdf-parser.py' [DEBUG ] In saltenv 'base', looking at rel_path 'sift/files/pdf-tools/pdfid.py' to resolve 'salt://sift/files/pdf-tools/pdfid.py' [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/files/pdf-tools/pdfid.py' to resolve 'salt://sift/files/pdf-tools/pdfid.py' [DEBUG ] Fetching file from saltenv 'base', ** attempting ** 'salt://sift/files/pdf-tools/pdfid.py' [DEBUG ] No dest file found [INFO ] Fetching file from saltenv 'base', ** done ** 'sift/files/pdf-tools/pdfid.py' [DEBUG ] In saltenv 'base', looking at rel_path 'sift/files/pdf-tools/plugin_embeddedfile.py' to resolve 'salt://sift/files/pdf-tools/plugin_embeddedfile.py' [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/files/pdf-tools/plugin_embeddedfile.py' to resolve 'salt://sift/files/pdf-tools/plugin_embeddedfile.py' [DEBUG ] Fetching file from saltenv 'base', ** attempting ** 'salt://sift/files/pdf-tools/plugin_embeddedfile.py' [DEBUG ] No dest file found [INFO ] Fetching file from saltenv 'base', ** done ** 'sift/files/pdf-tools/plugin_embeddedfile.py' [DEBUG ] In saltenv 'base', looking at rel_path 'sift/files/pdf-tools/plugin_list' to resolve 'salt://sift/files/pdf-tools/plugin_list' [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/files/pdf-tools/plugin_list' to resolve 'salt://sift/files/pdf-tools/plugin_list' [DEBUG ] Fetching file from saltenv 'base', ** attempting ** 'salt://sift/files/pdf-tools/plugin_list' [DEBUG ] No dest file found [INFO ] Fetching file from saltenv 'base', ** done ** 'sift/files/pdf-tools/plugin_list' [DEBUG ] In saltenv 'base', looking at rel_path 'sift/files/pdf-tools/plugin_nameobfuscation.py' to resolve 'salt://sift/files/pdf-tools/plugin_nameobfuscation.py' [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/files/pdf-tools/plugin_nameobfuscation.py' to resolve 'salt://sift/files/pdf-tools/plugin_nameobfuscation.py' [DEBUG ] Fetching file from saltenv 'base', ** attempting ** 'salt://sift/files/pdf-tools/plugin_nameobfuscation.py' [DEBUG ] No dest file found [INFO ] Fetching file from saltenv 'base', ** done ** 'sift/files/pdf-tools/plugin_nameobfuscation.py' [DEBUG ] In saltenv 'base', looking at rel_path 'sift/files/pdf-tools/plugin_triage.py' to resolve 'salt://sift/files/pdf-tools/plugin_triage.py' [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/files/pdf-tools/plugin_triage.py' to resolve 'salt://sift/files/pdf-tools/plugin_triage.py' [DEBUG ] Fetching file from saltenv 'base', ** attempting ** 'salt://sift/files/pdf-tools/plugin_triage.py' [DEBUG ] No dest file found [INFO ] Fetching file from saltenv 'base', ** done ** 'sift/files/pdf-tools/plugin_triage.py' [INFO ] {u'/usr/local/bin/plugin_embeddedfile.py': {'diff': 'New file', 'mode': '0755'}, u'/usr/local/bin/make-pdf-embedded.py': {'diff': 'New file', 'mode': '0755'}, u'/usr/local/bin/mPDF.py': {'diff': 'New file', 'mode': '0755'}, u'/usr/local/bin/make-pdf-javascript.py': {'diff': 'New file', 'mode': '0755'}, u'/usr/local/bin/pdfid.py': {'diff': 'New file', 'mode': '0755'}, u'/usr/local/bin/plugin_triage.py': {'diff': 'New file', 'mode': '0755'}, u'/usr/local/bin/plugin_list': {'diff': 'New file', 'mode': '0755'}, u'/usr/local/bin/PDFTemplate.bt': {'diff': 'New file', 'mode': '0755'}, u'/usr/local/bin/make-pdf-helloworld.py': {'diff': 'New file', 'mode': '0755'}, u'/usr/local/bin/plugin_nameobfuscation.py': {'diff': 'New file', 'mode': '0755'}, u'/usr/local/bin/pdf-parser.py': {'diff': 'New file', 'mode': '0755'}} [DEBUG ] Refreshing modules... [INFO ] Loading fresh modules for state activity [DEBUG ] LazyLoaded jinja.render [DEBUG ] LazyLoaded yaml.render [INFO ] Completed state [/usr/local/bin] at time 13:46:25.549617 duration_in_ms=89.829 [DEBUG ] LazyLoaded config.option [DEBUG ] LazyLoaded file.managed [INFO ] Running state [/usr/local/bin/pecarve.py] at time 13:46:25.555550 [INFO ] Executing state file.managed for /usr/local/bin/pecarve.py [DEBUG ] LazyLoaded file.source_list [DEBUG ] LazyLoaded cp.is_cached [DEBUG ] Requesting URL https://raw.githubusercontent.com/Rurik/PE_Carver/9026cd2ca4bd0633f9898a93cb798cd19cffc8f6/pe_carve.py using GET method [INFO ] File changed: New file [DEBUG ] Refreshing modules... [INFO ] Loading fresh modules for state activity [DEBUG ] LazyLoaded jinja.render [DEBUG ] LazyLoaded yaml.render [INFO ] Completed state [/usr/local/bin/pecarve.py] at time 13:46:25.796745 duration_in_ms=241.195 [DEBUG ] LazyLoaded config.option [DEBUG ] LazyLoaded file.prepend [DEBUG ] LazyLoaded composer.install [DEBUG ] Module DSC: Only available on Windows systems [DEBUG ] Module PSGet: Only available on Windows systems [DEBUG ] Could not LazyLoad cyg.list: 'cyg' __virtual__ returned False: Module cyg: module only works on Windows systems. [DEBUG ] LazyLoaded postgres.datadir_init [DEBUG ] LazyLoaded postgres.privileges_grant [DEBUG ] LazyLoaded postgres.create_extension [DEBUG ] LazyLoaded zabbix.host_create [DEBUG ] LazyLoaded dockerng.version [DEBUG ] LazyLoaded win_dns_client.add_dns [DEBUG ] LazyLoaded rdp.enable [DEBUG ] LazyLoaded boto_iam.get_user [DEBUG ] LazyLoaded makeconf.get_var [DEBUG ] LazyLoaded boto_sns.exists [DEBUG ] LazyLoaded memcached.status [DEBUG ] Could not LazyLoad docker.version: 'docker.version' is not available. [DEBUG ] Could not LazyLoad influxdb.db_exists: 'influxdb.db_exists' is not available. [DEBUG ] LazyLoaded win_dacl.add_ace [DEBUG ] Could not LazyLoad influxdb08.db_exists: 'influxdb08.db_exists' is not available. [DEBUG ] LazyLoaded boto_rds.exists [DEBUG ] LazyLoaded kapacitor.version [DEBUG ] LazyLoaded boto_elasticsearch_domain.exists [DEBUG ] LazyLoaded boto_lambda.function_exists [DEBUG ] LazyLoaded boto_asg.exists [DEBUG ] LazyLoaded chocolatey.install [DEBUG ] LazyLoaded quota.report [DEBUG ] LazyLoaded boto_datapipeline.create_pipeline [DEBUG ] LazyLoaded tomcat.status [DEBUG ] LazyLoaded splunk.list_users [DEBUG ] LazyLoaded bower.list [DEBUG ] LazyLoaded boto_vpc.exists [DEBUG ] Could not LazyLoad influxdb08.db_exists: 'influxdb08.db_exists' is not available. [DEBUG ] LazyLoaded postgres.group_create [DEBUG ] LazyLoaded boto_elb.exists [DEBUG ] LazyLoaded zk_concurrency.lock [DEBUG ] LazyLoaded win_snmp.get_agent_settings [DEBUG ] LazyLoaded boto_secgroup.exists [DEBUG ] LazyLoaded zabbix.user_create [DEBUG ] LazyLoaded xmpp.send_msg [DEBUG ] LazyLoaded zabbix.usergroup_create [DEBUG ] LazyLoaded postgres.language_create [DEBUG ] LazyLoaded npm.list [DEBUG ] LazyLoaded splunk_search.get [DEBUG ] LazyLoaded portage_config.get_missing_flags [DEBUG ] LazyLoaded openvswitch.bridge_create [DEBUG ] LazyLoaded win_iis.create_site [DEBUG ] LazyLoaded boto_s3_bucket.exists [DEBUG ] Could not LazyLoad lgpo.set: 'lgpo.set' is not available. [DEBUG ] LazyLoaded postgres.schema_exists [DEBUG ] LazyLoaded boto_dynamodb.exists [DEBUG ] LazyLoaded boto_cloudwatch.get_alarm [DEBUG ] LazyLoaded snapper.diff [DEBUG ] Could not LazyLoad augeas.execute: 'augeas.execute' is not available. [DEBUG ] Could not LazyLoad influxdb.db_exists: 'influxdb.db_exists' is not available. [DEBUG ] LazyLoaded nftables.version [DEBUG ] LazyLoaded github.list_users [DEBUG ] LazyLoaded boto_asg.exists [DEBUG ] LazyLoaded boto_cfn.exists [DEBUG ] LazyLoaded boto_elasticache.exists [DEBUG ] LazyLoaded stormpath.create_account [DEBUG ] LazyLoaded boto_cognitoidentity.describe_identity_pools [DEBUG ] LazyLoaded win_pki.get_stores [DEBUG ] Could not LazyLoad vmadm.create: 'vmadm.create' is not available. [DEBUG ] LazyLoaded keystone.auth [DEBUG ] LazyLoaded pecl.list [DEBUG ] LazyLoaded ifttt.trigger_event [DEBUG ] LazyLoaded boto_iam.role_exists [DEBUG ] LazyLoaded win_path.rehash [DEBUG ] LazyLoaded win_servermanager.install [DEBUG ] LazyLoaded chassis.cmd [DEBUG ] LazyLoaded layman.add [DEBUG ] Could not LazyLoad firewall.get_config: 'firewall.get_config' is not available. [DEBUG ] LazyLoaded mongodb.user_exists [DEBUG ] LazyLoaded monit.summary [DEBUG ] LazyLoaded postgres.user_exists [DEBUG ] LazyLoaded trafficserver.set_config [DEBUG ] LazyLoaded chef.client [DEBUG ] LazyLoaded acme.cert [DEBUG ] LazyLoaded boto_sqs.exists [DEBUG ] LazyLoaded boto_route53.get_record [DEBUG ] LazyLoaded eselect.exec_action [DEBUG ] LazyLoaded virt.node_info [DEBUG ] LazyLoaded boto_kms.describe_key [DEBUG ] Could not LazyLoad elasticsearch.exists: 'elasticsearch.exists' is not available. [DEBUG ] LazyLoaded postgres.cluster_exists [DEBUG ] LazyLoaded lvs.get_rules [DEBUG ] LazyLoaded at.at [DEBUG ] LazyLoaded boto_cloudtrail.exists [DEBUG ] LazyLoaded victorops.create_event [DEBUG ] LazyLoaded postgres.user_exists [DEBUG ] Could not LazyLoad redis.set_key: 'redis.set_key' is not available. [DEBUG ] LazyLoaded boto_ec2.get_key [DEBUG ] LazyLoaded zabbix.hostgroup_create [DEBUG ] LazyLoaded boto_iot.policy_exists [DEBUG ] LazyLoaded boto_cloudwatch_event.exists [DEBUG ] LazyLoaded esxi.cmd [DEBUG ] LazyLoaded win_smtp_server.get_server_setting [DEBUG ] LazyLoaded reg.read_value [DEBUG ] LazyLoaded zpool.create [DEBUG ] LazyLoaded openvswitch.port_add [DEBUG ] LazyLoaded lvs.get_rules [DEBUG ] LazyLoaded boto_apigateway.describe_apis [DEBUG ] LazyLoaded glusterfs.list_volumes [DEBUG ] LazyLoaded postgres.tablespace_exists [DEBUG ] LazyLoaded ipset.version [DEBUG ] LazyLoaded cisconso.set_data_value [DEBUG ] LazyLoaded selinux.getenforce [DEBUG ] LazyLoaded nxos.cmd [DEBUG ] Could not LazyLoad file.mod_watch: 'file.mod_watch' is not available. [INFO ] Running state [/usr/local/bin/pecarve.py] at time 13:46:26.233101 [INFO ] Executing state file.prepend for /usr/local/bin/pecarve.py [INFO ] File changed: --- +++ @@ -1,3 +1,4 @@ +#!/usr/bin/env python # PE File Carver # by Brian Baskin (@bbaskin) # [INFO ] Completed state [/usr/local/bin/pecarve.py] at time 13:46:26.236299 duration_in_ms=3.198 [INFO ] Running state [/usr/local/bin/pescanner.py] at time 13:46:26.239711 [INFO ] Executing state file.managed for /usr/local/bin/pescanner.py [DEBUG ] Requesting URL https://raw.githubusercontent.com/hiddenillusion/AnalyzePE/9c76ecbc3ac417bc07439c244f2d5ed19af06578/pescanner.py using GET method [INFO ] File changed: New file [DEBUG ] Refreshing modules... [INFO ] Loading fresh modules for state activity [DEBUG ] LazyLoaded jinja.render [DEBUG ] LazyLoaded yaml.render [INFO ] Completed state [/usr/local/bin/pescanner.py] at time 13:46:26.498125 duration_in_ms=258.415 [DEBUG ] LazyLoaded config.option [DEBUG ] LazyLoaded git.version [DEBUG ] LazyLoaded git.latest [INFO ] Running state [https://github.com/keydet89/RegRipper2.8.git] at time 13:46:26.503781 [INFO ] Executing state git.latest for https://github.com/keydet89/RegRipper2.8.git [INFO ] Checking remote revision for https://github.com/keydet89/RegRipper2.8.git [DEBUG ] LazyLoaded cmd.run_all [INFO ] Executing command ['git', 'ls-remote', 'https://github.com/keydet89/RegRipper2.8.git'] as user 'root' in directory '/root' mesg: ttyname failed: Inappropriate ioctl for device [DEBUG ] stdout: c8f7c46ab7f44ebeefe1faccc293e449bb2ebffe HEAD c8f7c46ab7f44ebeefe1faccc293e449bb2ebffe refs/heads/master 9cbf58519ae9cb755604df6ab77cfdd841e69e27 refs/pull/1/head 9ca74b851ed731a8e3047ab1486979b58d61162a refs/pull/12/head 06df33013a12b5347145520b181d43e926f24e1c refs/pull/16/head 76c779f2050a222c86afdfc91907b373d55f6fbf refs/pull/17/head e7c7a2195aee87a18a95b31af5135778deda10b0 refs/pull/19/head 25e090a0bb654d15f97ef29cd4b29ea32ffb2bc3 refs/pull/2/head 996b93115d119f9fe9967d5060ce8725a72fa40a refs/pull/20/head ca9f223dd8bba48f3b69670373ef41fd9d4f3070 refs/pull/21/head 43a22b01c82f0cdab944304bf14a6de272710299 refs/pull/22/head ff62f725d6dbc8738ca820b007d2ac6b3eec8da1 refs/pull/23/head 78e9325e69059a654e2d423bcd0e19c8d9fd39cc refs/pull/26/head 02790a303272d7ea2f2206edb830846029957907 refs/pull/27/head 5f99eb75cb7a9e9b11582ba2072c23884e7ce228 refs/pull/28/head b24a773ae5fbe3f56b8d9402d304f3758e9a794c refs/pull/29/head 63713a377afc162a2d92c1acdcb8cf084d2e9b5d refs/pull/5/head [INFO ] Executing command ['git', 'rev-parse', '--show-toplevel'] as user 'root' in directory '/usr/local/src/regripper' mesg: ttyname failed: Inappropriate ioctl for device [DEBUG ] Target /usr/local/src/regripper is not found, 'git clone' is required [INFO ] Executing command ['git', 'clone', '--', 'https://github.com/keydet89/RegRipper2.8.git', '/usr/local/src/regripper'] as user 'root' in directory '/tmp' mesg: ttyname failed: Inappropriate ioctl for device [DEBUG ] stderr: Cloning into '/usr/local/src/regripper'... [INFO ] Checking local revision for /usr/local/src/regripper [INFO ] Executing command ['git', 'rev-parse', 'HEAD'] as user 'root' in directory '/usr/local/src/regripper' mesg: ttyname failed: Inappropriate ioctl for device [DEBUG ] stdout: c8f7c46ab7f44ebeefe1faccc293e449bb2ebffe [INFO ] Checking local branch for /usr/local/src/regripper [INFO ] Executing command ['git', 'rev-parse', '--abbrev-ref', 'HEAD'] as user 'root' in directory '/usr/local/src/regripper' mesg: ttyname failed: Inappropriate ioctl for device [DEBUG ] stdout: master [INFO ] Executing command ['git', 'rev-parse', '--abbrev-ref', 'master@{upstream}'] as user 'root' in directory '/usr/local/src/regripper' mesg: ttyname failed: Inappropriate ioctl for device [DEBUG ] stdout: origin/master [INFO ] Executing command ['git', 'rev-parse', 'HEAD'] as user 'root' in directory '/usr/local/src/regripper' mesg: ttyname failed: Inappropriate ioctl for device [DEBUG ] stdout: c8f7c46ab7f44ebeefe1faccc293e449bb2ebffe [INFO ] https://github.com/keydet89/RegRipper2.8.git cloned to /usr/local/src/regripper [INFO ] {'new': 'https://github.com/keydet89/RegRipper2.8.git => /usr/local/src/regripper', 'revision': {'new': 'c8f7c46ab7f44ebeefe1faccc293e449bb2ebffe', 'old': None}} [INFO ] Completed state [https://github.com/keydet89/RegRipper2.8.git] at time 13:46:29.264422 duration_in_ms=2760.639 [DEBUG ] LazyLoaded file.directory [INFO ] Running state [/usr/local/share/regripper] at time 13:46:29.267992 [INFO ] Executing state file.directory for /usr/local/share/regripper [DEBUG ] LazyLoaded file.stats [INFO ] {'/usr/local/share/regripper': 'New Dir'} [INFO ] Completed state [/usr/local/share/regripper] at time 13:46:29.271065 duration_in_ms=3.073 [INFO ] Running state [/usr/local/share/regripper/rip.pl] at time 13:46:29.274902 [INFO ] Executing state file.managed for /usr/local/share/regripper/rip.pl [DEBUG ] LazyLoaded cp.hash_file [DEBUG ] In saltenv 'base', looking at rel_path 'sift/files/regripper/rip.pl' to resolve 'salt://sift/files/regripper/rip.pl' [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/files/regripper/rip.pl' to resolve 'salt://sift/files/regripper/rip.pl' [DEBUG ] Fetching file from saltenv 'base', ** attempting ** 'salt://sift/files/regripper/rip.pl' [DEBUG ] No dest file found [INFO ] Fetching file from saltenv 'base', ** done ** 'sift/files/regripper/rip.pl' [INFO ] File changed: New file [INFO ] Completed state [/usr/local/share/regripper/rip.pl] at time 13:46:29.279731 duration_in_ms=4.829 [INFO ] Running state [/usr/local/share/regripper/plugins] at time 13:46:29.285499 [INFO ] Executing state file.symlink for /usr/local/share/regripper/plugins [DEBUG ] LazyLoaded user.info [INFO ] {'new': '/usr/local/share/regripper/plugins'} [INFO ] Completed state [/usr/local/share/regripper/plugins] at time 13:46:29.291895 duration_in_ms=6.398 [INFO ] Running state [/usr/local/bin/rip.pl] at time 13:46:29.294813 [INFO ] Executing state file.symlink for /usr/local/bin/rip.pl [INFO ] {'new': '/usr/local/bin/rip.pl'} [DEBUG ] Refreshing modules... [INFO ] Loading fresh modules for state activity [DEBUG ] LazyLoaded jinja.render [DEBUG ] LazyLoaded yaml.render [INFO ] Completed state [/usr/local/bin/rip.pl] at time 13:46:29.327239 duration_in_ms=32.427 [DEBUG ] LazyLoaded config.option [DEBUG ] LazyLoaded cmd.wait [INFO ] Running state [grep -R "my %config = (hive" /usr/local/share/regripper/plugins | grep "All" | cut -f1 -d: | xargs -n1 -I{} basename {} | sed 's/.pl$//' > /usr/local/share/regripper/plugins/all] at time 13:46:29.330486 [INFO ] Executing state cmd.wait for grep -R "my %config = (hive" /usr/local/share/regripper/plugins | grep "All" | cut -f1 -d: | xargs -n1 -I{} basename {} | sed 's/.pl$//' > /usr/local/share/regripper/plugins/all [INFO ] No changes made for grep -R "my %config = (hive" /usr/local/share/regripper/plugins | grep "All" | cut -f1 -d: | xargs -n1 -I{} basename {} | sed 's/.pl$//' > /usr/local/share/regripper/plugins/all [INFO ] Completed state [grep -R "my %config = (hive" /usr/local/share/regripper/plugins | grep "All" | cut -f1 -d: | xargs -n1 -I{} basename {} | sed 's/.pl$//' > /usr/local/share/regripper/plugins/all] at time 13:46:29.331080 duration_in_ms=0.593 [INFO ] Running state [grep -R "my %config = (hive" /usr/local/share/regripper/plugins | grep "All" | cut -f1 -d: | xargs -n1 -I{} basename {} | sed 's/.pl$//' > /usr/local/share/regripper/plugins/all] at time 13:46:29.331238 [INFO ] Executing state cmd.mod_watch for grep -R "my %config = (hive" /usr/local/share/regripper/plugins | grep "All" | cut -f1 -d: | xargs -n1 -I{} basename {} | sed 's/.pl$//' > /usr/local/share/regripper/plugins/all [DEBUG ] LazyLoaded cmd.run_all [INFO ] Executing command 'grep -R "my %config = (hive" /usr/local/share/regripper/plugins | grep "All" | cut -f1 -d: | xargs -n1 -I{} basename {} | sed 's/.pl$//' > /usr/local/share/regripper/plugins/all' in directory '/home/sansforensics' [INFO ] {'pid': 19658, 'retcode': 0, 'stderr': '', 'stdout': ''} [INFO ] Completed state [grep -R "my %config = (hive" /usr/local/share/regripper/plugins | grep "All" | cut -f1 -d: | xargs -n1 -I{} basename {} | sed 's/.pl$//' > /usr/local/share/regripper/plugins/all] at time 13:46:29.367123 duration_in_ms=35.883 [INFO ] Running state [grep -R "my %config = (hive" /usr/local/share/regripper/plugins | grep "NTUSER" | cut -f1 -d: | xargs -n1 -I{} basename {} | sed 's/.pl$//' > /usr/local/share/regripper/plugins/ntuser] at time 13:46:29.369734 [INFO ] Executing state cmd.wait for grep -R "my %config = (hive" /usr/local/share/regripper/plugins | grep "NTUSER" | cut -f1 -d: | xargs -n1 -I{} basename {} | sed 's/.pl$//' > /usr/local/share/regripper/plugins/ntuser [INFO ] No changes made for grep -R "my %config = (hive" /usr/local/share/regripper/plugins | grep "NTUSER" | cut -f1 -d: | xargs -n1 -I{} basename {} | sed 's/.pl$//' > /usr/local/share/regripper/plugins/ntuser [INFO ] Completed state [grep -R "my %config = (hive" /usr/local/share/regripper/plugins | grep "NTUSER" | cut -f1 -d: | xargs -n1 -I{} basename {} | sed 's/.pl$//' > /usr/local/share/regripper/plugins/ntuser] at time 13:46:29.370733 duration_in_ms=0.999 [INFO ] Running state [grep -R "my %config = (hive" /usr/local/share/regripper/plugins | grep "NTUSER" | cut -f1 -d: | xargs -n1 -I{} basename {} | sed 's/.pl$//' > /usr/local/share/regripper/plugins/ntuser] at time 13:46:29.370917 [INFO ] Executing state cmd.mod_watch for grep -R "my %config = (hive" /usr/local/share/regripper/plugins | grep "NTUSER" | cut -f1 -d: | xargs -n1 -I{} basename {} | sed 's/.pl$//' > /usr/local/share/regripper/plugins/ntuser [INFO ] Executing command 'grep -R "my %config = (hive" /usr/local/share/regripper/plugins | grep "NTUSER" | cut -f1 -d: | xargs -n1 -I{} basename {} | sed 's/.pl$//' > /usr/local/share/regripper/plugins/ntuser' in directory '/home/sansforensics' [INFO ] {'pid': 19675, 'retcode': 0, 'stderr': '', 'stdout': ''} [INFO ] Completed state [grep -R "my %config = (hive" /usr/local/share/regripper/plugins | grep "NTUSER" | cut -f1 -d: | xargs -n1 -I{} basename {} | sed 's/.pl$//' > /usr/local/share/regripper/plugins/ntuser] at time 13:46:29.488734 duration_in_ms=117.817 [INFO ] Running state [grep -R "my %config = (hive" /usr/local/share/regripper/plugins | grep "USRCLASS" | cut -f1 -d: | xargs -n1 -I{} basename {} | sed 's/.pl$//' > /usr/local/share/regripper/plugins/usrclass] at time 13:46:29.491898 [INFO ] Executing state cmd.wait for grep -R "my %config = (hive" /usr/local/share/regripper/plugins | grep "USRCLASS" | cut -f1 -d: | xargs -n1 -I{} basename {} | sed 's/.pl$//' > /usr/local/share/regripper/plugins/usrclass [INFO ] No changes made for grep -R "my %config = (hive" /usr/local/share/regripper/plugins | grep "USRCLASS" | cut -f1 -d: | xargs -n1 -I{} basename {} | sed 's/.pl$//' > /usr/local/share/regripper/plugins/usrclass [INFO ] Completed state [grep -R "my %config = (hive" /usr/local/share/regripper/plugins | grep "USRCLASS" | cut -f1 -d: | xargs -n1 -I{} basename {} | sed 's/.pl$//' > /usr/local/share/regripper/plugins/usrclass] at time 13:46:29.492654 duration_in_ms=0.756 [INFO ] Running state [grep -R "my %config = (hive" /usr/local/share/regripper/plugins | grep "USRCLASS" | cut -f1 -d: | xargs -n1 -I{} basename {} | sed 's/.pl$//' > /usr/local/share/regripper/plugins/usrclass] at time 13:46:29.492827 [INFO ] Executing state cmd.mod_watch for grep -R "my %config = (hive" /usr/local/share/regripper/plugins | grep "USRCLASS" | cut -f1 -d: | xargs -n1 -I{} basename {} | sed 's/.pl$//' > /usr/local/share/regripper/plugins/usrclass [INFO ] Executing command 'grep -R "my %config = (hive" /usr/local/share/regripper/plugins | grep "USRCLASS" | cut -f1 -d: | xargs -n1 -I{} basename {} | sed 's/.pl$//' > /usr/local/share/regripper/plugins/usrclass' in directory '/home/sansforensics' [INFO ] {'pid': 19836, 'retcode': 0, 'stderr': '', 'stdout': ''} [INFO ] Completed state [grep -R "my %config = (hive" /usr/local/share/regripper/plugins | grep "USRCLASS" | cut -f1 -d: | xargs -n1 -I{} basename {} | sed 's/.pl$//' > /usr/local/share/regripper/plugins/usrclass] at time 13:46:29.533229 duration_in_ms=40.4 [INFO ] Running state [grep -R "my %config = (hive" /usr/local/share/regripper/plugins | grep "SAM" | cut -f1 -d: | xargs -n1 -I{} basename {} | sed 's/.pl$//' > /usr/local/share/regripper/plugins/sam] at time 13:46:29.537703 [INFO ] Executing state cmd.wait for grep -R "my %config = (hive" /usr/local/share/regripper/plugins | grep "SAM" | cut -f1 -d: | xargs -n1 -I{} basename {} | sed 's/.pl$//' > /usr/local/share/regripper/plugins/sam [INFO ] No changes made for grep -R "my %config = (hive" /usr/local/share/regripper/plugins | grep "SAM" | cut -f1 -d: | xargs -n1 -I{} basename {} | sed 's/.pl$//' > /usr/local/share/regripper/plugins/sam [INFO ] Completed state [grep -R "my %config = (hive" /usr/local/share/regripper/plugins | grep "SAM" | cut -f1 -d: | xargs -n1 -I{} basename {} | sed 's/.pl$//' > /usr/local/share/regripper/plugins/sam] at time 13:46:29.538638 duration_in_ms=0.936 [INFO ] Running state [grep -R "my %config = (hive" /usr/local/share/regripper/plugins | grep "SAM" | cut -f1 -d: | xargs -n1 -I{} basename {} | sed 's/.pl$//' > /usr/local/share/regripper/plugins/sam] at time 13:46:29.538991 [INFO ] Executing state cmd.mod_watch for grep -R "my %config = (hive" /usr/local/share/regripper/plugins | grep "SAM" | cut -f1 -d: | xargs -n1 -I{} basename {} | sed 's/.pl$//' > /usr/local/share/regripper/plugins/sam [INFO ] Executing command 'grep -R "my %config = (hive" /usr/local/share/regripper/plugins | grep "SAM" | cut -f1 -d: | xargs -n1 -I{} basename {} | sed 's/.pl$//' > /usr/local/share/regripper/plugins/sam' in directory '/home/sansforensics' [INFO ] {'pid': 19850, 'retcode': 0, 'stderr': '', 'stdout': ''} [INFO ] Completed state [grep -R "my %config = (hive" /usr/local/share/regripper/plugins | grep "SAM" | cut -f1 -d: | xargs -n1 -I{} basename {} | sed 's/.pl$//' > /usr/local/share/regripper/plugins/sam] at time 13:46:29.577722 duration_in_ms=38.73 [INFO ] Running state [grep -R "my %config = (hive" /usr/local/share/regripper/plugins | grep "Security" | cut -f1 -d: | xargs -n1 -I{} basename {} | sed 's/.pl$//' > /usr/local/share/regripper/plugins/security] at time 13:46:29.581892 [INFO ] Executing state cmd.wait for grep -R "my %config = (hive" /usr/local/share/regripper/plugins | grep "Security" | cut -f1 -d: | xargs -n1 -I{} basename {} | sed 's/.pl$//' > /usr/local/share/regripper/plugins/security [INFO ] No changes made for grep -R "my %config = (hive" /usr/local/share/regripper/plugins | grep "Security" | cut -f1 -d: | xargs -n1 -I{} basename {} | sed 's/.pl$//' > /usr/local/share/regripper/plugins/security [INFO ] Completed state [grep -R "my %config = (hive" /usr/local/share/regripper/plugins | grep "Security" | cut -f1 -d: | xargs -n1 -I{} basename {} | sed 's/.pl$//' > /usr/local/share/regripper/plugins/security] at time 13:46:29.582963 duration_in_ms=1.098 [INFO ] Running state [grep -R "my %config = (hive" /usr/local/share/regripper/plugins | grep "Security" | cut -f1 -d: | xargs -n1 -I{} basename {} | sed 's/.pl$//' > /usr/local/share/regripper/plugins/security] at time 13:46:29.583141 [INFO ] Executing state cmd.mod_watch for grep -R "my %config = (hive" /usr/local/share/regripper/plugins | grep "Security" | cut -f1 -d: | xargs -n1 -I{} basename {} | sed 's/.pl$//' > /usr/local/share/regripper/plugins/security [INFO ] Executing command 'grep -R "my %config = (hive" /usr/local/share/regripper/plugins | grep "Security" | cut -f1 -d: | xargs -n1 -I{} basename {} | sed 's/.pl$//' > /usr/local/share/regripper/plugins/security' in directory '/home/sansforensics' [INFO ] {'pid': 19858, 'retcode': 0, 'stderr': '', 'stdout': ''} [INFO ] Completed state [grep -R "my %config = (hive" /usr/local/share/regripper/plugins | grep "Security" | cut -f1 -d: | xargs -n1 -I{} basename {} | sed 's/.pl$//' > /usr/local/share/regripper/plugins/security] at time 13:46:29.618758 duration_in_ms=35.615 [INFO ] Running state [grep -R "my %config = (hive" /usr/local/share/regripper/plugins | grep "Software" | cut -f1 -d: | xargs -n1 -I{} basename {} | sed 's/.pl$//' > /usr/local/share/regripper/plugins/software] at time 13:46:29.623010 [INFO ] Executing state cmd.wait for grep -R "my %config = (hive" /usr/local/share/regripper/plugins | grep "Software" | cut -f1 -d: | xargs -n1 -I{} basename {} | sed 's/.pl$//' > /usr/local/share/regripper/plugins/software [INFO ] No changes made for grep -R "my %config = (hive" /usr/local/share/regripper/plugins | grep "Software" | cut -f1 -d: | xargs -n1 -I{} basename {} | sed 's/.pl$//' > /usr/local/share/regripper/plugins/software [INFO ] Completed state [grep -R "my %config = (hive" /usr/local/share/regripper/plugins | grep "Software" | cut -f1 -d: | xargs -n1 -I{} basename {} | sed 's/.pl$//' > /usr/local/share/regripper/plugins/software] at time 13:46:29.625004 duration_in_ms=1.993 [INFO ] Running state [grep -R "my %config = (hive" /usr/local/share/regripper/plugins | grep "Software" | cut -f1 -d: | xargs -n1 -I{} basename {} | sed 's/.pl$//' > /usr/local/share/regripper/plugins/software] at time 13:46:29.625428 [INFO ] Executing state cmd.mod_watch for grep -R "my %config = (hive" /usr/local/share/regripper/plugins | grep "Software" | cut -f1 -d: | xargs -n1 -I{} basename {} | sed 's/.pl$//' > /usr/local/share/regripper/plugins/software [INFO ] Executing command 'grep -R "my %config = (hive" /usr/local/share/regripper/plugins | grep "Software" | cut -f1 -d: | xargs -n1 -I{} basename {} | sed 's/.pl$//' > /usr/local/share/regripper/plugins/software' in directory '/home/sansforensics' [INFO ] {'pid': 19870, 'retcode': 0, 'stderr': '', 'stdout': ''} [INFO ] Completed state [grep -R "my %config = (hive" /usr/local/share/regripper/plugins | grep "Software" | cut -f1 -d: | xargs -n1 -I{} basename {} | sed 's/.pl$//' > /usr/local/share/regripper/plugins/software] at time 13:46:29.725076 duration_in_ms=99.646 [INFO ] Running state [grep -R "my %config = (hive" /usr/local/share/regripper/plugins | grep "System" | cut -f1 -d: | xargs -n1 -I{} basename {} | sed 's/.pl$//' > /usr/local/share/regripper/plugins/system] at time 13:46:29.735078 [INFO ] Executing state cmd.wait for grep -R "my %config = (hive" /usr/local/share/regripper/plugins | grep "System" | cut -f1 -d: | xargs -n1 -I{} basename {} | sed 's/.pl$//' > /usr/local/share/regripper/plugins/system [INFO ] No changes made for grep -R "my %config = (hive" /usr/local/share/regripper/plugins | grep "System" | cut -f1 -d: | xargs -n1 -I{} basename {} | sed 's/.pl$//' > /usr/local/share/regripper/plugins/system [INFO ] Completed state [grep -R "my %config = (hive" /usr/local/share/regripper/plugins | grep "System" | cut -f1 -d: | xargs -n1 -I{} basename {} | sed 's/.pl$//' > /usr/local/share/regripper/plugins/system] at time 13:46:29.737031 duration_in_ms=1.954 [INFO ] Running state [grep -R "my %config = (hive" /usr/local/share/regripper/plugins | grep "System" | cut -f1 -d: | xargs -n1 -I{} basename {} | sed 's/.pl$//' > /usr/local/share/regripper/plugins/system] at time 13:46:29.737232 [INFO ] Executing state cmd.mod_watch for grep -R "my %config = (hive" /usr/local/share/regripper/plugins | grep "System" | cut -f1 -d: | xargs -n1 -I{} basename {} | sed 's/.pl$//' > /usr/local/share/regripper/plugins/system [INFO ] Executing command 'grep -R "my %config = (hive" /usr/local/share/regripper/plugins | grep "System" | cut -f1 -d: | xargs -n1 -I{} basename {} | sed 's/.pl$//' > /usr/local/share/regripper/plugins/system' in directory '/home/sansforensics' [INFO ] {'pid': 19974, 'retcode': 0, 'stderr': '', 'stdout': ''} [INFO ] Completed state [grep -R "my %config = (hive" /usr/local/share/regripper/plugins | grep "System" | cut -f1 -d: | xargs -n1 -I{} basename {} | sed 's/.pl$//' > /usr/local/share/regripper/plugins/system] at time 13:46:29.818326 duration_in_ms=81.092 [DEBUG ] LazyLoaded file.managed [INFO ] Running state [/usr/local/bin/ShimCacheParser.py] at time 13:46:29.822608 [INFO ] Executing state file.managed for /usr/local/bin/ShimCacheParser.py [DEBUG ] LazyLoaded file.source_list [DEBUG ] LazyLoaded cp.is_cached [DEBUG ] Requesting URL https://raw.githubusercontent.com/mandiant/ShimCacheParser/d7c517af9f3b09b810c5859ee52a6540f3b25855/ShimCacheParser.py using GET method [INFO ] File changed: New file [DEBUG ] Refreshing modules... [INFO ] Loading fresh modules for state activity [DEBUG ] LazyLoaded jinja.render [DEBUG ] LazyLoaded yaml.render [INFO ] Completed state [/usr/local/bin/ShimCacheParser.py] at time 13:46:30.095220 duration_in_ms=272.613 [DEBUG ] LazyLoaded config.option [DEBUG ] LazyLoaded file.prepend [DEBUG ] LazyLoaded composer.install [DEBUG ] Module DSC: Only available on Windows systems [DEBUG ] Module PSGet: Only available on Windows systems [DEBUG ] Could not LazyLoad cyg.list: 'cyg' __virtual__ returned False: Module cyg: module only works on Windows systems. [DEBUG ] LazyLoaded postgres.datadir_init [DEBUG ] LazyLoaded postgres.privileges_grant [DEBUG ] LazyLoaded postgres.create_extension [DEBUG ] LazyLoaded zabbix.host_create [DEBUG ] LazyLoaded dockerng.version [DEBUG ] LazyLoaded win_dns_client.add_dns [DEBUG ] LazyLoaded rdp.enable [DEBUG ] LazyLoaded boto_iam.get_user [DEBUG ] LazyLoaded makeconf.get_var [DEBUG ] LazyLoaded boto_sns.exists [DEBUG ] LazyLoaded memcached.status [DEBUG ] Could not LazyLoad docker.version: 'docker.version' is not available. [DEBUG ] Could not LazyLoad influxdb.db_exists: 'influxdb.db_exists' is not available. [DEBUG ] LazyLoaded win_dacl.add_ace [DEBUG ] Could not LazyLoad influxdb08.db_exists: 'influxdb08.db_exists' is not available. [DEBUG ] LazyLoaded boto_rds.exists [DEBUG ] LazyLoaded kapacitor.version [DEBUG ] LazyLoaded boto_elasticsearch_domain.exists [DEBUG ] LazyLoaded boto_lambda.function_exists [DEBUG ] LazyLoaded boto_asg.exists [DEBUG ] LazyLoaded chocolatey.install [DEBUG ] LazyLoaded quota.report [DEBUG ] LazyLoaded boto_datapipeline.create_pipeline [DEBUG ] LazyLoaded tomcat.status [DEBUG ] LazyLoaded splunk.list_users [DEBUG ] LazyLoaded bower.list [DEBUG ] LazyLoaded boto_vpc.exists [DEBUG ] Could not LazyLoad influxdb08.db_exists: 'influxdb08.db_exists' is not available. [DEBUG ] LazyLoaded postgres.group_create [DEBUG ] LazyLoaded boto_elb.exists [DEBUG ] LazyLoaded zk_concurrency.lock [DEBUG ] LazyLoaded win_snmp.get_agent_settings [DEBUG ] LazyLoaded boto_secgroup.exists [DEBUG ] LazyLoaded zabbix.user_create [DEBUG ] LazyLoaded xmpp.send_msg [DEBUG ] LazyLoaded zabbix.usergroup_create [DEBUG ] LazyLoaded postgres.language_create [DEBUG ] LazyLoaded npm.list [DEBUG ] LazyLoaded splunk_search.get [DEBUG ] LazyLoaded portage_config.get_missing_flags [DEBUG ] LazyLoaded openvswitch.bridge_create [DEBUG ] LazyLoaded win_iis.create_site [DEBUG ] LazyLoaded boto_s3_bucket.exists [DEBUG ] Could not LazyLoad lgpo.set: 'lgpo.set' is not available. [DEBUG ] LazyLoaded postgres.schema_exists [DEBUG ] LazyLoaded boto_dynamodb.exists [DEBUG ] LazyLoaded boto_cloudwatch.get_alarm [DEBUG ] LazyLoaded snapper.diff [DEBUG ] Could not LazyLoad augeas.execute: 'augeas.execute' is not available. [DEBUG ] Could not LazyLoad influxdb.db_exists: 'influxdb.db_exists' is not available. [DEBUG ] LazyLoaded nftables.version [DEBUG ] LazyLoaded github.list_users [DEBUG ] LazyLoaded boto_asg.exists [DEBUG ] LazyLoaded boto_cfn.exists [DEBUG ] LazyLoaded boto_elasticache.exists [DEBUG ] LazyLoaded stormpath.create_account [DEBUG ] LazyLoaded boto_cognitoidentity.describe_identity_pools [DEBUG ] LazyLoaded win_pki.get_stores [DEBUG ] Could not LazyLoad vmadm.create: 'vmadm.create' is not available. [DEBUG ] LazyLoaded keystone.auth [DEBUG ] LazyLoaded pecl.list [DEBUG ] LazyLoaded ifttt.trigger_event [DEBUG ] LazyLoaded boto_iam.role_exists [DEBUG ] LazyLoaded win_path.rehash [DEBUG ] LazyLoaded win_servermanager.install [DEBUG ] LazyLoaded chassis.cmd [DEBUG ] LazyLoaded layman.add [DEBUG ] Could not LazyLoad firewall.get_config: 'firewall.get_config' is not available. [DEBUG ] LazyLoaded mongodb.user_exists [DEBUG ] LazyLoaded monit.summary [DEBUG ] LazyLoaded postgres.user_exists [DEBUG ] LazyLoaded trafficserver.set_config [DEBUG ] LazyLoaded chef.client [DEBUG ] LazyLoaded acme.cert [DEBUG ] LazyLoaded boto_sqs.exists [DEBUG ] LazyLoaded boto_route53.get_record [DEBUG ] LazyLoaded eselect.exec_action [DEBUG ] LazyLoaded virt.node_info [DEBUG ] LazyLoaded boto_kms.describe_key [DEBUG ] Could not LazyLoad elasticsearch.exists: 'elasticsearch.exists' is not available. [DEBUG ] LazyLoaded postgres.cluster_exists [DEBUG ] LazyLoaded lvs.get_rules [DEBUG ] LazyLoaded at.at [DEBUG ] LazyLoaded boto_cloudtrail.exists [DEBUG ] LazyLoaded victorops.create_event [DEBUG ] LazyLoaded postgres.user_exists [DEBUG ] Could not LazyLoad redis.set_key: 'redis.set_key' is not available. [DEBUG ] LazyLoaded boto_ec2.get_key [DEBUG ] LazyLoaded zabbix.hostgroup_create [DEBUG ] LazyLoaded boto_iot.policy_exists [DEBUG ] LazyLoaded boto_cloudwatch_event.exists [DEBUG ] LazyLoaded esxi.cmd [DEBUG ] LazyLoaded win_smtp_server.get_server_setting [DEBUG ] LazyLoaded reg.read_value [DEBUG ] LazyLoaded zpool.create [DEBUG ] LazyLoaded openvswitch.port_add [DEBUG ] LazyLoaded lvs.get_rules [DEBUG ] LazyLoaded boto_apigateway.describe_apis [DEBUG ] LazyLoaded glusterfs.list_volumes [DEBUG ] LazyLoaded postgres.tablespace_exists [DEBUG ] LazyLoaded ipset.version [DEBUG ] LazyLoaded cisconso.set_data_value [DEBUG ] LazyLoaded selinux.getenforce [DEBUG ] LazyLoaded nxos.cmd [DEBUG ] Could not LazyLoad file.mod_watch: 'file.mod_watch' is not available. [INFO ] Running state [/usr/local/bin/ShimCacheParser.py] at time 13:46:30.528608 [INFO ] Executing state file.prepend for /usr/local/bin/ShimCacheParser.py [INFO ] File changed: --- +++ @@ -1,3 +1,4 @@ +#!/usr/bin/env python # ShimCacheParser.py # # Andrew Davis, andrew.davis@mandiant.com [INFO ] Completed state [/usr/local/bin/ShimCacheParser.py] at time 13:46:30.532755 duration_in_ms=4.148 [INFO ] Running state [/usr/share/sift/resources] at time 13:46:30.533022 [INFO ] Executing state file.directory for /usr/share/sift/resources [DEBUG ] Creating directory: /usr/share/sift [INFO ] {'/usr/share/sift/resources': 'New Dir'} [INFO ] Completed state [/usr/share/sift/resources] at time 13:46:30.534623 duration_in_ms=1.602 [INFO ] Running state [/usr/share/sift/images] at time 13:46:30.534872 [INFO ] Executing state file.directory for /usr/share/sift/images [INFO ] {'/usr/share/sift/images': 'New Dir'} [INFO ] Completed state [/usr/share/sift/images] at time 13:46:30.535935 duration_in_ms=1.064 [INFO ] Running state [/usr/share/sift/audio] at time 13:46:30.536130 [INFO ] Executing state file.directory for /usr/share/sift/audio [INFO ] {'/usr/share/sift/audio': 'New Dir'} [INFO ] Completed state [/usr/share/sift/audio] at time 13:46:30.537153 duration_in_ms=1.023 [INFO ] Running state [/usr/share/sift/other] at time 13:46:30.537363 [INFO ] Executing state file.directory for /usr/share/sift/other [INFO ] {'/usr/share/sift/other': 'New Dir'} [INFO ] Completed state [/usr/share/sift/other] at time 13:46:30.538504 duration_in_ms=1.141 [INFO ] Running state [/usr/share/sift/scripts] at time 13:46:30.538674 [INFO ] Executing state file.directory for /usr/share/sift/scripts [INFO ] {'/usr/share/sift/scripts': 'New Dir'} [INFO ] Completed state [/usr/share/sift/scripts] at time 13:46:30.539574 duration_in_ms=0.9 [INFO ] Running state [/usr/share/sift] at time 13:46:30.551545 [INFO ] Executing state file.recurse for /usr/share/sift [DEBUG ] In saltenv 'base', looking at rel_path 'sift/files/sift/audio/doink_doink.mp3' to resolve 'salt://sift/files/sift/audio/doink_doink.mp3' [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/files/sift/audio/doink_doink.mp3' to resolve 'salt://sift/files/sift/audio/doink_doink.mp3' [DEBUG ] Fetching file from saltenv 'base', ** attempting ** 'salt://sift/files/sift/audio/doink_doink.mp3' [DEBUG ] No dest file found [INFO ] Fetching file from saltenv 'base', ** done ** 'sift/files/sift/audio/doink_doink.mp3' [DEBUG ] In saltenv 'base', looking at rel_path 'sift/files/sift/images/dfir_avatar.jpg' to resolve 'salt://sift/files/sift/images/dfir_avatar.jpg' [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/files/sift/images/dfir_avatar.jpg' to resolve 'salt://sift/files/sift/images/dfir_avatar.jpg' [DEBUG ] Fetching file from saltenv 'base', ** attempting ** 'salt://sift/files/sift/images/dfir_avatar.jpg' [DEBUG ] No dest file found [INFO ] Fetching file from saltenv 'base', ** done ** 'sift/files/sift/images/dfir_avatar.jpg' [DEBUG ] In saltenv 'base', looking at rel_path 'sift/files/sift/images/dfir_logo.png' to resolve 'salt://sift/files/sift/images/dfir_logo.png' [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/files/sift/images/dfir_logo.png' to resolve 'salt://sift/files/sift/images/dfir_logo.png' [DEBUG ] Fetching file from saltenv 'base', ** attempting ** 'salt://sift/files/sift/images/dfir_logo.png' [DEBUG ] No dest file found [INFO ] Fetching file from saltenv 'base', ** done ** 'sift/files/sift/images/dfir_logo.png' [DEBUG ] In saltenv 'base', looking at rel_path 'sift/files/sift/images/forensics_blue.jpg' to resolve 'salt://sift/files/sift/images/forensics_blue.jpg' [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/files/sift/images/forensics_blue.jpg' to resolve 'salt://sift/files/sift/images/forensics_blue.jpg' [DEBUG ] Fetching file from saltenv 'base', ** attempting ** 'salt://sift/files/sift/images/forensics_blue.jpg' [DEBUG ] No dest file found [INFO ] Fetching file from saltenv 'base', ** done ** 'sift/files/sift/images/forensics_blue.jpg' [DEBUG ] In saltenv 'base', looking at rel_path 'sift/files/sift/images/login_logo.png' to resolve 'salt://sift/files/sift/images/login_logo.png' [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/files/sift/images/login_logo.png' to resolve 'salt://sift/files/sift/images/login_logo.png' [DEBUG ] Fetching file from saltenv 'base', ** attempting ** 'salt://sift/files/sift/images/login_logo.png' [DEBUG ] No dest file found [INFO ] Fetching file from saltenv 'base', ** done ** 'sift/files/sift/images/login_logo.png' [DEBUG ] In saltenv 'base', looking at rel_path 'sift/files/sift/other/gnome-terminal.desktop' to resolve 'salt://sift/files/sift/other/gnome-terminal.desktop' [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/files/sift/other/gnome-terminal.desktop' to resolve 'salt://sift/files/sift/other/gnome-terminal.desktop' [DEBUG ] Fetching file from saltenv 'base', ** attempting ** 'salt://sift/files/sift/other/gnome-terminal.desktop' [DEBUG ] No dest file found [INFO ] Fetching file from saltenv 'base', ** done ** 'sift/files/sift/other/gnome-terminal.desktop' [DEBUG ] In saltenv 'base', looking at rel_path 'sift/files/sift/resources/Evidence-of-Poster.pdf' to resolve 'salt://sift/files/sift/resources/Evidence-of-Poster.pdf' [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/files/sift/resources/Evidence-of-Poster.pdf' to resolve 'salt://sift/files/sift/resources/Evidence-of-Poster.pdf' [DEBUG ] Fetching file from saltenv 'base', ** attempting ** 'salt://sift/files/sift/resources/Evidence-of-Poster.pdf' [DEBUG ] No dest file found [INFO ] Fetching file from saltenv 'base', ** done ** 'sift/files/sift/resources/Evidence-of-Poster.pdf' [DEBUG ] In saltenv 'base', looking at rel_path 'sift/files/sift/resources/Find-Evil-Poster.pdf' to resolve 'salt://sift/files/sift/resources/Find-Evil-Poster.pdf' [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/files/sift/resources/Find-Evil-Poster.pdf' to resolve 'salt://sift/files/sift/resources/Find-Evil-Poster.pdf' [DEBUG ] Fetching file from saltenv 'base', ** attempting ** 'salt://sift/files/sift/resources/Find-Evil-Poster.pdf' [DEBUG ] No dest file found [INFO ] Fetching file from saltenv 'base', ** done ** 'sift/files/sift/resources/Find-Evil-Poster.pdf' [DEBUG ] In saltenv 'base', looking at rel_path 'sift/files/sift/resources/SANS-DFIR.pdf' to resolve 'salt://sift/files/sift/resources/SANS-DFIR.pdf' [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/files/sift/resources/SANS-DFIR.pdf' to resolve 'salt://sift/files/sift/resources/SANS-DFIR.pdf' [DEBUG ] Fetching file from saltenv 'base', ** attempting ** 'salt://sift/files/sift/resources/SANS-DFIR.pdf' [DEBUG ] No dest file found [INFO ] Fetching file from saltenv 'base', ** done ** 'sift/files/sift/resources/SANS-DFIR.pdf' [DEBUG ] In saltenv 'base', looking at rel_path 'sift/files/sift/resources/Smartphone-Forensics-Poster.pdf' to resolve 'salt://sift/files/sift/resources/Smartphone-Forensics-Poster.pdf' [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/files/sift/resources/Smartphone-Forensics-Poster.pdf' to resolve 'salt://sift/files/sift/resources/Smartphone-Forensics-Poster.pdf' [DEBUG ] Fetching file from saltenv 'base', ** attempting ** 'salt://sift/files/sift/resources/Smartphone-Forensics-Poster.pdf' [DEBUG ] No dest file found [INFO ] Fetching file from saltenv 'base', ** done ** 'sift/files/sift/resources/Smartphone-Forensics-Poster.pdf' [DEBUG ] In saltenv 'base', looking at rel_path 'sift/files/sift/resources/memory-forensics-cheatsheet.pdf' to resolve 'salt://sift/files/sift/resources/memory-forensics-cheatsheet.pdf' [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/files/sift/resources/memory-forensics-cheatsheet.pdf' to resolve 'salt://sift/files/sift/resources/memory-forensics-cheatsheet.pdf' [DEBUG ] Fetching file from saltenv 'base', ** attempting ** 'salt://sift/files/sift/resources/memory-forensics-cheatsheet.pdf' [DEBUG ] No dest file found [INFO ] Fetching file from saltenv 'base', ** done ** 'sift/files/sift/resources/memory-forensics-cheatsheet.pdf' [DEBUG ] In saltenv 'base', looking at rel_path 'sift/files/sift/resources/network-forensics-cheatsheet.pdf' to resolve 'salt://sift/files/sift/resources/network-forensics-cheatsheet.pdf' [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/files/sift/resources/network-forensics-cheatsheet.pdf' to resolve 'salt://sift/files/sift/resources/network-forensics-cheatsheet.pdf' [DEBUG ] Fetching file from saltenv 'base', ** attempting ** 'salt://sift/files/sift/resources/network-forensics-cheatsheet.pdf' [DEBUG ] No dest file found [INFO ] Fetching file from saltenv 'base', ** done ** 'sift/files/sift/resources/network-forensics-cheatsheet.pdf' [DEBUG ] In saltenv 'base', looking at rel_path 'sift/files/sift/resources/sift-cheatsheet.pdf' to resolve 'salt://sift/files/sift/resources/sift-cheatsheet.pdf' [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/files/sift/resources/sift-cheatsheet.pdf' to resolve 'salt://sift/files/sift/resources/sift-cheatsheet.pdf' [DEBUG ] Fetching file from saltenv 'base', ** attempting ** 'salt://sift/files/sift/resources/sift-cheatsheet.pdf' [DEBUG ] No dest file found [INFO ] Fetching file from saltenv 'base', ** done ** 'sift/files/sift/resources/sift-cheatsheet.pdf' [DEBUG ] In saltenv 'base', looking at rel_path 'sift/files/sift/resources/windows-to-unix-cheatsheet.pdf' to resolve 'salt://sift/files/sift/resources/windows-to-unix-cheatsheet.pdf' [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/files/sift/resources/windows-to-unix-cheatsheet.pdf' to resolve 'salt://sift/files/sift/resources/windows-to-unix-cheatsheet.pdf' [DEBUG ] Fetching file from saltenv 'base', ** attempting ** 'salt://sift/files/sift/resources/windows-to-unix-cheatsheet.pdf' [DEBUG ] No dest file found [INFO ] Fetching file from saltenv 'base', ** done ** 'sift/files/sift/resources/windows-to-unix-cheatsheet.pdf' [DEBUG ] In saltenv 'base', looking at rel_path 'sift/files/sift/scripts/update-sift' to resolve 'salt://sift/files/sift/scripts/update-sift' [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/files/sift/scripts/update-sift' to resolve 'salt://sift/files/sift/scripts/update-sift' [DEBUG ] Fetching file from saltenv 'base', ** attempting ** 'salt://sift/files/sift/scripts/update-sift' [DEBUG ] No dest file found [INFO ] Fetching file from saltenv 'base', ** done ** 'sift/files/sift/scripts/update-sift' [INFO ] {u'/usr/share/sift/audio/doink_doink.mp3': {'diff': 'New file', 'mode': '0644'}, u'/usr/share/sift/resources/memory-forensics-cheatsheet.pdf': {'diff': 'New file', 'mode': '0644'}, u'/usr/share/sift/resources/Smartphone-Forensics-Poster.pdf': {'diff': 'New file', 'mode': '0644'}, u'/usr/share/sift/resources/SANS-DFIR.pdf': {'diff': 'New file', 'mode': '0644'}, u'/usr/share/sift/images/dfir_avatar.jpg': {'diff': 'New file', 'mode': '0644'}, u'/usr/share/sift/images/login_logo.png': {'diff': 'New file', 'mode': '0644'}, u'/usr/share/sift/resources/Find-Evil-Poster.pdf': {'diff': 'New file', 'mode': '0644'}, u'/usr/share/sift/images/forensics_blue.jpg': {'diff': 'New file', 'mode': '0644'}, u'/usr/share/sift/images/dfir_logo.png': {'diff': 'New file', 'mode': '0644'}, u'/usr/share/sift/scripts/update-sift': {'diff': 'New file', 'mode': '0644'}, u'/usr/share/sift/resources/Evidence-of-Poster.pdf': {'diff': 'New file', 'mode': '0644'}, u'/usr/share/sift/resources/sift-cheatsheet.pdf': {'diff': 'New file', 'mode': '0644'}, u'/usr/share/sift/resources/windows-to-unix-cheatsheet.pdf': {'diff': 'New file', 'mode': '0644'}, u'/usr/share/sift/other/gnome-terminal.desktop': {'diff': 'New file', 'mode': '0644'}, u'/usr/share/sift/resources/network-forensics-cheatsheet.pdf': {'diff': 'New file', 'mode': '0644'}} [DEBUG ] Refreshing modules... [INFO ] Loading fresh modules for state activity [DEBUG ] LazyLoaded jinja.render [DEBUG ] LazyLoaded yaml.render [INFO ] Completed state [/usr/share/sift] at time 13:46:30.903293 duration_in_ms=351.748 [DEBUG ] LazyLoaded config.option [DEBUG ] LazyLoaded file.directory [INFO ] Running state [/usr/share/tsk/sorter] at time 13:46:30.905545 [INFO ] Executing state file.directory for /usr/share/tsk/sorter [DEBUG ] LazyLoaded file.stats [INFO ] Directory /usr/share/tsk/sorter is in the correct state [INFO ] Completed state [/usr/share/tsk/sorter] at time 13:46:30.910512 duration_in_ms=4.966 [INFO ] Running state [/usr/share/tsk/sorter] at time 13:46:30.912498 [INFO ] Executing state file.recurse for /usr/share/tsk/sorter [DEBUG ] LazyLoaded cp.list_master [DEBUG ] In saltenv 'base', looking at rel_path 'sift/files/sorter/archives.sort' to resolve 'salt://sift/files/sorter/archives.sort' [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/files/sorter/archives.sort' to resolve 'salt://sift/files/sorter/archives.sort' [DEBUG ] Fetching file from saltenv 'base', ** attempting ** 'salt://sift/files/sorter/archives.sort' [DEBUG ] No dest file found [INFO ] Fetching file from saltenv 'base', ** done ** 'sift/files/sorter/archives.sort' [DEBUG ] In saltenv 'base', looking at rel_path 'sift/files/sorter/default.sort' to resolve 'salt://sift/files/sorter/default.sort' [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/files/sorter/default.sort' to resolve 'salt://sift/files/sorter/default.sort' [DEBUG ] Fetching file from saltenv 'base', ** attempting ** 'salt://sift/files/sorter/default.sort' [DEBUG ] No dest file found [INFO ] Fetching file from saltenv 'base', ** done ** 'sift/files/sorter/default.sort' [DEBUG ] In saltenv 'base', looking at rel_path 'sift/files/sorter/exec.sort' to resolve 'salt://sift/files/sorter/exec.sort' [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/files/sorter/exec.sort' to resolve 'salt://sift/files/sorter/exec.sort' [DEBUG ] Fetching file from saltenv 'base', ** attempting ** 'salt://sift/files/sorter/exec.sort' [DEBUG ] No dest file found [INFO ] Fetching file from saltenv 'base', ** done ** 'sift/files/sorter/exec.sort' [DEBUG ] In saltenv 'base', looking at rel_path 'sift/files/sorter/freebsd.sort' to resolve 'salt://sift/files/sorter/freebsd.sort' [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/files/sorter/freebsd.sort' to resolve 'salt://sift/files/sorter/freebsd.sort' [DEBUG ] Fetching file from saltenv 'base', ** attempting ** 'salt://sift/files/sorter/freebsd.sort' [DEBUG ] No dest file found [INFO ] Fetching file from saltenv 'base', ** done ** 'sift/files/sorter/freebsd.sort' [DEBUG ] In saltenv 'base', looking at rel_path 'sift/files/sorter/images.sort' to resolve 'salt://sift/files/sorter/images.sort' [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/files/sorter/images.sort' to resolve 'salt://sift/files/sorter/images.sort' [DEBUG ] Fetching file from saltenv 'base', ** attempting ** 'salt://sift/files/sorter/images.sort' [DEBUG ] No dest file found [INFO ] Fetching file from saltenv 'base', ** done ** 'sift/files/sorter/images.sort' [DEBUG ] In saltenv 'base', looking at rel_path 'sift/files/sorter/images.sort.bak' to resolve 'salt://sift/files/sorter/images.sort.bak' [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/files/sorter/images.sort.bak' to resolve 'salt://sift/files/sorter/images.sort.bak' [DEBUG ] Fetching file from saltenv 'base', ** attempting ** 'salt://sift/files/sorter/images.sort.bak' [DEBUG ] No dest file found [INFO ] Fetching file from saltenv 'base', ** done ** 'sift/files/sorter/images.sort.bak' [DEBUG ] In saltenv 'base', looking at rel_path 'sift/files/sorter/linux.sort' to resolve 'salt://sift/files/sorter/linux.sort' [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/files/sorter/linux.sort' to resolve 'salt://sift/files/sorter/linux.sort' [DEBUG ] Fetching file from saltenv 'base', ** attempting ** 'salt://sift/files/sorter/linux.sort' [DEBUG ] No dest file found [INFO ] Fetching file from saltenv 'base', ** done ** 'sift/files/sorter/linux.sort' [DEBUG ] In saltenv 'base', looking at rel_path 'sift/files/sorter/openbsd.sort' to resolve 'salt://sift/files/sorter/openbsd.sort' [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/files/sorter/openbsd.sort' to resolve 'salt://sift/files/sorter/openbsd.sort' [DEBUG ] Fetching file from saltenv 'base', ** attempting ** 'salt://sift/files/sorter/openbsd.sort' [DEBUG ] No dest file found [INFO ] Fetching file from saltenv 'base', ** done ** 'sift/files/sorter/openbsd.sort' [DEBUG ] In saltenv 'base', looking at rel_path 'sift/files/sorter/solaris.sort' to resolve 'salt://sift/files/sorter/solaris.sort' [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/files/sorter/solaris.sort' to resolve 'salt://sift/files/sorter/solaris.sort' [DEBUG ] Fetching file from saltenv 'base', ** attempting ** 'salt://sift/files/sorter/solaris.sort' [DEBUG ] No dest file found [INFO ] Fetching file from saltenv 'base', ** done ** 'sift/files/sorter/solaris.sort' [DEBUG ] In saltenv 'base', looking at rel_path 'sift/files/sorter/windows.sort' to resolve 'salt://sift/files/sorter/windows.sort' [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/files/sorter/windows.sort' to resolve 'salt://sift/files/sorter/windows.sort' [DEBUG ] Fetching file from saltenv 'base', ** attempting ** 'salt://sift/files/sorter/windows.sort' [DEBUG ] No dest file found [INFO ] Fetching file from saltenv 'base', ** done ** 'sift/files/sorter/windows.sort' [DEBUG ] In saltenv 'base', looking at rel_path 'sift/files/sorter/windows.sort.bak' to resolve 'salt://sift/files/sorter/windows.sort.bak' [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/files/sorter/windows.sort.bak' to resolve 'salt://sift/files/sorter/windows.sort.bak' [DEBUG ] Fetching file from saltenv 'base', ** attempting ** 'salt://sift/files/sorter/windows.sort.bak' [DEBUG ] No dest file found [INFO ] Fetching file from saltenv 'base', ** done ** 'sift/files/sorter/windows.sort.bak' [INFO ] {u'/usr/share/tsk/sorter/windows.sort': {'diff': "--- \n+++ \n@@ -9,103 +9,270 @@\n ##########################################################################\n # Multimedia\n ##########################################################################\n-\n+# Audio\n+category \taudio \tPlaylist\n+# Audio\n+category \taudio \t\tWinamp\n+ext \t\tavs \t\tWinamp plug in\n+category \taudio \t\tWAVE audio\n+ext \t\twav \t\tWAVE audio\n+category \taudio\t \tMicrosoft ASF\n+ext \t\twmv \t\tMicrosoft ASF\n+ext \t\twma \t\tMicrosoft ASF\n+category \taudio \t\tMPEG ADTS\n+ext \t\tWAV \t\tMPEG ADTS, layer I, v1\n+ext \t\twav \t\tMPEG ADTS, layer I, v1\n+category \taudio \t\tAVI\n+ext \t\tavi \t\tAVI\n+category \taudio \t\tPlaylist\n+ext \t\twpl \t\tWindows Media Player Playlist\n+category \tmidi \t\tMIDI\n+ext \t\tmid,rmi \tMIDI\n+category \tMP3 \t\tMP3\n+ext \t\tmp3 \t\tMP3\n+category \tSQLite\t \tSQLite\n # Images\n-category\timages\t\t\ticon resource\n-ext\t\t\tico\t\t\t\tms\\-windows icon resource\n-\n-category images animated cursor\n-ext ani animated cursor\n-\n-# It seems that a lot of ttf files come up as raw G3 data ...\n-# category ignore raw G3 data, byte\\-padded\n-\n-\n-# Audio\n-ext\t\t\twav\t\t\t\tWAVE audio\n-category\taudio\t\t\tWinamp\n-ext\t\t\tavs\t\t\t\tWinamp plug in\n-\n-category audio AVI\n-ext avi AVI\n-\n-\n+category \tJPEG \t\tJPEG image \n+ext \t\tjpg,jpeg,jpe \tJPEG image\n+category \tGIF \t\tGIF image \n+ext \t\tgif \t\tGIF image\n+category\tTIF \t\tTIFF image \n+ext \t\ttif \t\tTIFF image\n+category \tPNG \t\tPNG image \n+ext \t\tpng \t\tPNG image\n+category \tBMP \t\tPC bitmap\n+ext \t\tbmp \t\tPC bitmap\n+category \tFonts \t\tfont\n+ext \t\tttf \t\ttrue type font\n # Video\n-\n-\n+category \tvideo \t\tRealMedia\n+ext \t\trm \t\tRealMedia\n+category \tvideo \t\tMacromedia Flash data\n+ext \t\tswf \t\tMacromedia Flash data\n+category \tICM \t\tMicrosoft ICM Color Profile\n+ext \t\ticm \t\tMicrosoft ICM Color Profile\n ##########################################################################\n # archive & compression\n ##########################################################################\n-# archive\n-category\tarchive\t\tcabinet file data\n-ext\t\t\tcab\t\t\tcabinet file data\n-\n-ext\t\t\twmz\t\t\tZip archive data\n+category \tZIP \t\tZip\n+ext \t\tzip,jar \tZip archive data\n+ext \t\twmz \t\tZip archive data\n+category \tTAR \t\ttar\n+ext \t\ttar \t\ttar archive\n+category \tMSCab \t\tCabinet\n+ext \t\tcab \t\tMicrosoft Cabinet File\n+category \tarchive \tarchive\n+category \tdatabase \tDB\n+ext \t\tdb \t\tBerkeley DB\n+##########################################################################\n # compression\n-\n-\n-\n-\n-##########################################################################\n-# Executables \n-##########################################################################\n-# execs\n-ext\t\t\texe,dll,com,ocx,sys,tlb,drv,cpl,scr,ax\t\tMS\\-DOS executable\n-ext\t\t\t386,acm,flt,fon,lrc,vxd,x32\t\t\tMS\\-DOS executable\n-\n-category\texec\t\t\tWindows PE\n-ext\t\t\texe,dll,com,ocx,sys,wpc,acm,cpl\t\t\tWindows PE\n-\n-ext\t\t\tdll\t\t\t\trelocatable\n-\n-category\texec\t\t\tbatch file\n-ext\t\t\tbat\t\t\t\tbatch file\n-\n+##########################################################################\n+category \tcompress \tcompress\n+ext \t\tgz,tgz gzip \tcompressed data\n+ext \t\tZ \t\tcompress'd data\n+##########################################################################\n+# Executables\n+##########################################################################\n+category \texec \t\tMS\\-DOS executable\n+ext \t\texe,dll,com \tMS\\-DOS executable\n+ext \t\tocx,sys,tlb \tMS\\-DOS executable\n+ext \t\tdrv,cpl,scr \tMS\\-DOS executable\n+ext \t\tax \t\tMS\\-DOS executable\n+ext \t\t386,acm,flt \tMS\\-DOS executable\n+ext \t\tfon,lrc,vxd \tMS\\-DOS executable\n+ext\t\t x32 \t\tMS\\-DOS executable\n+category \texec \t\texecutable MS\\-DOS\n+ext \t\texe \t\tMZ executable MS\\-DOS\n+ext \t\tcom \t\tMZ executable MS\\-DOS\n+category \texec\t \tPE executable MS Windows\n+ext \t\texe,dll,com \tPE executable MS Windows\n+ext \t\tocx,sys,acm \tPE executable MS Windows\n+ext \t\ttlb,drv,scr \tPE executable MS Windows\n+ext \t\tcpl,ax,vdx \tPE executable MS Windows\n+ext \t\tfon,rll,tsp \tPE executable MS Windows\n+category \texec \t\tNE executable MS Windows\n+ext \t\texe,dll,com \tNE executable MS Windows\n+ext \t\tocx,sys,acm \tNE executable MS Windows\n+ext \t\ttlb,drv,scr \tNE executable MS Windows\n+ext \t\tcpl,ax,vxd \tNE executable MS Windows\n+ext \t\tfon,tsp \tNE executable MS Windows\n+category \texec \t\trelocatable\n+ext \t\tdll \t\trelocatable\n+category \texec \t\tbatch file\n+ext \t\tbat \t\tbatch file\n+ext\t\tbat\t\tASCII text\n+ext\t\tbat\t\tASCII English text\n+ext \t\tnt \t\tDOS batch file\n+ext \t\tcmd \t\tDOS batch file\n # source code\n-category\texec\t\tMSVC program database\n-ext\t\t\tpdb\t\t\tMSVC program database\n-\n-\n-\n-\n-\n-##########################################################################\n-# Documents\n-##########################################################################\n-category\tdocuments\tOutlook binary email folder\n-ext\t\t\tpst\t\t\tOutlook binary email folder\n-\n-\n-\n+category \texec \t\tMSVC program database\n+ext \t\tpdb \t\tMSVC program database\n+category \texec \t\t\\sscript\n+##########################################################################\n+# Java\n+category \texec \t\tclass data\n+ext \t\tclass \t\tJava class data\n+##########################################################################\n+category \texec \t\tobject\n+ext \t\to \t\tobject\n+category \texec \t\tpython compiled\n+category \tlnk \t\tMS Windows shortcut\n+ext \t\tlnk \t\tshortcut\n+#########################################################################y\n+# Images\n+category \ticon \t\ticon resource\n+ext\t\tico \t\tms\\-windows icon resource\n+category \tcursor \t\tcursor\n+ext \t\tcur \t\tms\\-cursor\n+ext \t\tani \t\tanimated cursor\n+##########################################################################\n+category \tMSmbox \t\tOutlook binary email folder\n+ext \t\tpst \t\tOutlook binary email folder\n+category \tMSdocs \t\tMicrosoft Office Document\n+ext \t\tdoc,dot,docx \tMicrosoft Office Document\n+ext \t\tmsc,pcb \tMicrosoft Office Document\n+ext \t\tppt,pot,pptx \tMicrosoft Office Document\n+ext \t\txls,xlsx\tMicrosoft Office Document\n+ext \t\tmsi \t\tMicrosoft Office Document\n+category \tMSdocs \t\tMicrosoft Word Document\n+ext \t\tdoc \t\tMicrosoft Word Document\n+category \tMSdocs \t\tconversion doc\n+ext \t\twpc \t\tconversion doc\n+category \tMSdocs \t\tconversion doc\n+category\tMSdocs\t\tMicrosoft Excel Worksheet\n+ext \t\txls,xlt,xlsx \tMicrosoft Excel Worksheet\n+ext \t\tcvs \t\tMicrosoft Excel Worksheet\n+# MS Access DB\n+category \tMSdb \t\tMicrosoft Access Database\n+ext \t\tmdb \t\tMicrosoft Access Database\n+category \tPNF \t\tPNF\n+ext \t\tpnf \t\tPNF\n+ext \t\tPNF \t\tPNF\n+ext \t\tpnf \t\tPNF Windows\n+category \tdocuments \tRich Text Format\n+ext\t\trtf \t\tRich Text Format\n+category \tdocuments \tdocument\n+ext \t\tps,eps \t\tPostScript document\n+category \tInternetExplorer Internet Explorer cache file\n+ext \t\tdat \t\tInternet Explorer cache file\n+# Corel & Word Perfect\n+category \tCoreldocs \tCorel\\/WP\n+ext \t\twpg,wpd,shw \tCorel\\/WP\n+# Lotus\n+category \tLotus \t\tLotus 1\\-2\\-3\n+ext \t\twb2 \t\tLotus 1\\-2\\-3\n+ext \t\twk4 \t\tLotus 1\\-2\\-3\n+# Adobe\n+category \tAdobePDF \tPDF document\n+ext \t\tpdf \t\tPDF document\n+#########################################################################\n+#Unicode\n+#########################################################################\n+category \tunicode \tUniCode\n+ext \t\tmof \t\tMOF,MLF UniCode File\n+ext \t\tmfl \t\tMOF,MLF UniCode File\n+##########################################################################\n+# HTML\n+##########################################################################\n+category \thtml \t\tHTML document text\n+ext \t\thhk \t\tHTML document text\n+ext \t\thtm,hta \tHTML document text\n+ext \t\thtml,css \tHTML document text\n ##########################################################################\n # Text\n ##########################################################################\n-ext\t\t\tini,inf,srg,dep\t\t\tASCII(.*?)text\n-ext\t\t\tini,inf\t\t\t\t\tISO\\-8859(.*?)text\n-\n-\n-\n-\n-\n+category \ttext \t\tASCII(.*?)text\n+ext \t\ttxt \t\tASCII(.*?)text\n+ext \t\tlog \t\tASCII(.*?)text\n+ext \t\th \t\tASCII(.*?)text\n+ext \t\tsh,csh \t\tASCII(.*?)text\n+ext \t\tconf \t\tASCII(.*?)text\n+ext \t\tinc \t\tASCII(.*?)text\n+ext \t\twpl \t\tASCII(.*?)text\n+ext \t\txdr \t\tASCII(.*?)text\n+ext \t\tjs \t\tASCII(.*?)text\n+ext \t\tsam \t\tASCII(.*?)text\n+ext \t\tscf \t\tASCII(.*?)text\n+ext \t\tscp \t\tASCII(.*?)text\n+ext \t\tgpd \t\tASCII(.*?)text\n+ext \t\tdun \t\tASCII(.*?)text\n+ext \t\tisp \t\tASCII(.*?)text\n+ext \t\tXML \t\tASCII(.*?)text\n+ext \t\tDTD \t\tASCII(.*?)text\n+ext \t\treg \t\tASCII(.*?)text\n+ext \t\tasp \t\tASCII(.*?)text\n+ext \t\tvbs \t\tASCII(.*?)text\n+ext \t\txdr \t\tASCII(.*?)text\n+ext \t\txsl \t\tASCII(.*?)text\n+ext \t\tc,cpp,h,js \tASCII(.*?)text\n+ext \t\tmof \t\tASCII(.*?)text\n+ext \t\tsql \t\tASCII(.*?)text\n+ext \t\thtt \t\tASCII(.*?)text\n+ext \t\thxx \t\tASCII(.*?)text\n+ext \t\tcpx \t\tASCII(.*?)text\n+ext \t\tobe \t\tASCII(.*?)text\n+ext \t\tini,inf \tASCII(.*?)text\n+ext \t\tsrg,dep \tASCII(.*?)text\n+ext \t\thtm \t\tASCII(.*?)text\n+ext \t\thtm,css \tASCII(.*?)text\n+ext \t\tcss \t\tASCII(.*?)text\n+category \ttext \t\tcharacter data\n+ext \t\ttxt \t\tcharacter data\n+category \ttext \t\tISO\\-8859(.*?)text\n+ext \t\ttxt \t\tISO\\-8859(.*?)text\n+ext \t\tini \t\tISO\\-8859(.*?)text\n+ext \t\tinf \t\tISO\\-8859(.*?)text\n+category \ttext \t\texported SGML document text\n+ext \t\thtm \t\texported SGML document text\n+category \ttext \t\t\\ssource\n+##########################################################################\n+# INF\n+##########################################################################\n+category \tinf \t\tLisp\n+ext \t\tinf \t\tLisp/Scheme program text\n+##########################################################################\n+# XML\n+##########################################################################\n+category \tXML \t\tXML\n+ext \t\txml \t\tXML Template\n+ext \t\txml \t\tXML Mapping\n+ext \t\txml \t\tXML Document\n+ext \t\txdr \t\tXML document text\n+ext \t\txsl\t\tXML document text\n+ext \t\tmsc \t\tXML document text\n+ext \t\tmanifest\tXML document text\n+ext \t\tdtd\t\tXML document text\n+ext \t\tPolicy \t\tXML document text\n ##########################################################################\n # Other\n ##########################################################################\n+# Disk\n+category \tdisk \t\tboot sector\n+category \tdisk \t\tfilesystem data\n+# Crypto\n+category \tcrypto \t\tPGP\n+ext \t\tasc \t\tPGP armored\n+# Postscript Printer Description\n+category \tsystem \t\tPPD file\n+ext \t\tppd \t\tPPD file\n+# 'file' reports 'data' for all unknown binary files\n+# do not bother with extensions with this\n+category \tdata \t\t^data$\n+# category ignore raw G3 data, byte\\-padded\n+##########################################################################\n # System\n-category\tsystem\t\tHelp Data\n-ext\t\t\thlp\t\t\tWindows Help Data\n-\n-category\tsystem\t\tRegistry file\n-ext\t\t\tdat,log,sav\tRegistry file\n-\n-category\tsystem\t\tms\\-Windows shortcut\n-ext\t\t\tlnk\t\t\tms\\-Windows shortcut\n-\n-category\tsystem\t\tInternet shortcut\n-ext\t\t\turl\t\t\t\tInternet shortcut \n-\n-category\tsystem\t\thyperterm\n-ext\t\t\tht\t\t\t\thyperterm\n-\n-# Image Color Matching Profile\n-category\tsystem\t\tColor Management System\n-ext\t\t\ticm\t\t\tColor Management System\n+category \thelpfiles \tHelp Data\n+ext \t\thlp \t\tWindows Help Data\n+ext \t\tchm \t\tWindows Help File\n+category\thelpfiles\tMS Windows 3.x help file\n+ext\t\thlp\t\tMS Windows 3.x help file\n+category \tregistry\tRegistry file\n+ext \t\tdat\t \tRegistry file\n+category \tlnk\t\tMS\\-Windows shortcut\n+ext \t\tlnk \t\tMS\\-Windows shortcut\n+category \tbrowser \tInternet shortcut\n+ext \t\turl \t\tInternet shortcut\n+category \tsystem \t\thyperterm\n+ext \t\tht \t\thyperterm\n+category \tMOF\t\tLittle-endian UTF-16 Unicode C++ program text\n+ext \t\tmof\t\tLittle-endian UTF-16 Unicode C++ program text\n"}, u'/usr/share/tsk/sorter/archives.sort': {'diff': 'New file', 'mode': '0644'}, u'/usr/share/tsk/sorter/windows.sort.bak': {'diff': 'New file', 'mode': '0644'}, u'/usr/share/tsk/sorter/images.sort.bak': {'diff': 'New file', 'mode': '0644'}, u'/usr/share/tsk/sorter/exec.sort': {'diff': 'New file', 'mode': '0644'}} [DEBUG ] Refreshing modules... [INFO ] Loading fresh modules for state activity [DEBUG ] LazyLoaded jinja.render [DEBUG ] LazyLoaded yaml.render [INFO ] Completed state [/usr/share/tsk/sorter] at time 13:46:31.097595 duration_in_ms=185.096 [DEBUG ] LazyLoaded config.option [DEBUG ] LazyLoaded file.managed [INFO ] Running state [/usr/local/bin/sqlparser.py] at time 13:46:31.099681 [INFO ] Executing state file.managed for /usr/local/bin/sqlparser.py [DEBUG ] LazyLoaded file.source_list [DEBUG ] LazyLoaded cp.is_cached [DEBUG ] Requesting URL https://github.com/mdegrazia/SQLite-Deleted-Records-Parser/releases/download/v.1.1/sqlparse_v1.1.py using GET method [INFO ] File changed: New file [DEBUG ] Refreshing modules... [INFO ] Loading fresh modules for state activity [DEBUG ] LazyLoaded jinja.render [DEBUG ] LazyLoaded yaml.render [INFO ] Completed state [/usr/local/bin/sqlparser.py] at time 13:46:32.133560 duration_in_ms=1033.878 [DEBUG ] LazyLoaded config.option [DEBUG ] LazyLoaded file.prepend [DEBUG ] LazyLoaded composer.install [DEBUG ] Module DSC: Only available on Windows systems [DEBUG ] Module PSGet: Only available on Windows systems [DEBUG ] Could not LazyLoad cyg.list: 'cyg' __virtual__ returned False: Module cyg: module only works on Windows systems. [DEBUG ] LazyLoaded postgres.datadir_init [DEBUG ] LazyLoaded postgres.privileges_grant [DEBUG ] LazyLoaded postgres.create_extension [DEBUG ] LazyLoaded zabbix.host_create [DEBUG ] LazyLoaded dockerng.version [DEBUG ] LazyLoaded win_dns_client.add_dns [DEBUG ] LazyLoaded rdp.enable [DEBUG ] LazyLoaded boto_iam.get_user [DEBUG ] LazyLoaded makeconf.get_var [DEBUG ] LazyLoaded boto_sns.exists [DEBUG ] LazyLoaded memcached.status [DEBUG ] Could not LazyLoad docker.version: 'docker.version' is not available. [DEBUG ] Could not LazyLoad influxdb.db_exists: 'influxdb.db_exists' is not available. [DEBUG ] LazyLoaded win_dacl.add_ace [DEBUG ] Could not LazyLoad influxdb08.db_exists: 'influxdb08.db_exists' is not available. [DEBUG ] LazyLoaded boto_rds.exists [DEBUG ] LazyLoaded kapacitor.version [DEBUG ] LazyLoaded boto_elasticsearch_domain.exists [DEBUG ] LazyLoaded boto_lambda.function_exists [DEBUG ] LazyLoaded boto_asg.exists [DEBUG ] LazyLoaded chocolatey.install [DEBUG ] LazyLoaded quota.report [DEBUG ] LazyLoaded boto_datapipeline.create_pipeline [DEBUG ] LazyLoaded tomcat.status [DEBUG ] LazyLoaded splunk.list_users [DEBUG ] LazyLoaded bower.list [DEBUG ] LazyLoaded boto_vpc.exists [DEBUG ] Could not LazyLoad influxdb08.db_exists: 'influxdb08.db_exists' is not available. [DEBUG ] LazyLoaded postgres.group_create [DEBUG ] LazyLoaded boto_elb.exists [DEBUG ] LazyLoaded zk_concurrency.lock [DEBUG ] LazyLoaded win_snmp.get_agent_settings [DEBUG ] LazyLoaded boto_secgroup.exists [DEBUG ] LazyLoaded zabbix.user_create [DEBUG ] LazyLoaded xmpp.send_msg [DEBUG ] LazyLoaded zabbix.usergroup_create [DEBUG ] LazyLoaded postgres.language_create [DEBUG ] LazyLoaded npm.list [DEBUG ] LazyLoaded splunk_search.get [DEBUG ] LazyLoaded portage_config.get_missing_flags [DEBUG ] LazyLoaded openvswitch.bridge_create [DEBUG ] LazyLoaded win_iis.create_site [DEBUG ] LazyLoaded boto_s3_bucket.exists [DEBUG ] Could not LazyLoad lgpo.set: 'lgpo.set' is not available. [DEBUG ] LazyLoaded postgres.schema_exists [DEBUG ] LazyLoaded boto_dynamodb.exists [DEBUG ] LazyLoaded boto_cloudwatch.get_alarm [DEBUG ] LazyLoaded snapper.diff [DEBUG ] Could not LazyLoad augeas.execute: 'augeas.execute' is not available. [DEBUG ] Could not LazyLoad influxdb.db_exists: 'influxdb.db_exists' is not available. [DEBUG ] LazyLoaded nftables.version [DEBUG ] LazyLoaded github.list_users [DEBUG ] LazyLoaded boto_asg.exists [DEBUG ] LazyLoaded boto_cfn.exists [DEBUG ] LazyLoaded boto_elasticache.exists [DEBUG ] LazyLoaded stormpath.create_account [DEBUG ] LazyLoaded boto_cognitoidentity.describe_identity_pools [DEBUG ] LazyLoaded win_pki.get_stores [DEBUG ] Could not LazyLoad vmadm.create: 'vmadm.create' is not available. [DEBUG ] LazyLoaded keystone.auth [DEBUG ] LazyLoaded pecl.list [DEBUG ] LazyLoaded ifttt.trigger_event [DEBUG ] LazyLoaded boto_iam.role_exists [DEBUG ] LazyLoaded win_path.rehash [DEBUG ] LazyLoaded win_servermanager.install [DEBUG ] LazyLoaded chassis.cmd [DEBUG ] LazyLoaded layman.add [DEBUG ] Could not LazyLoad firewall.get_config: 'firewall.get_config' is not available. [DEBUG ] LazyLoaded mongodb.user_exists [DEBUG ] LazyLoaded monit.summary [DEBUG ] LazyLoaded postgres.user_exists [DEBUG ] LazyLoaded trafficserver.set_config [DEBUG ] LazyLoaded chef.client [DEBUG ] LazyLoaded acme.cert [DEBUG ] LazyLoaded boto_sqs.exists [DEBUG ] LazyLoaded boto_route53.get_record [DEBUG ] LazyLoaded eselect.exec_action [DEBUG ] LazyLoaded virt.node_info [DEBUG ] LazyLoaded boto_kms.describe_key [DEBUG ] Could not LazyLoad elasticsearch.exists: 'elasticsearch.exists' is not available. [DEBUG ] LazyLoaded postgres.cluster_exists [DEBUG ] LazyLoaded lvs.get_rules [DEBUG ] LazyLoaded at.at [DEBUG ] LazyLoaded boto_cloudtrail.exists [DEBUG ] LazyLoaded victorops.create_event [DEBUG ] LazyLoaded postgres.user_exists [DEBUG ] Could not LazyLoad redis.set_key: 'redis.set_key' is not available. [DEBUG ] LazyLoaded boto_ec2.get_key [DEBUG ] LazyLoaded zabbix.hostgroup_create [DEBUG ] LazyLoaded boto_iot.policy_exists [DEBUG ] LazyLoaded boto_cloudwatch_event.exists [DEBUG ] LazyLoaded esxi.cmd [DEBUG ] LazyLoaded win_smtp_server.get_server_setting [DEBUG ] LazyLoaded reg.read_value [DEBUG ] LazyLoaded zpool.create [DEBUG ] LazyLoaded openvswitch.port_add [DEBUG ] LazyLoaded lvs.get_rules [DEBUG ] LazyLoaded boto_apigateway.describe_apis [DEBUG ] LazyLoaded glusterfs.list_volumes [DEBUG ] LazyLoaded postgres.tablespace_exists [DEBUG ] LazyLoaded ipset.version [DEBUG ] LazyLoaded cisconso.set_data_value [DEBUG ] LazyLoaded selinux.getenforce [DEBUG ] LazyLoaded nxos.cmd [DEBUG ] Could not LazyLoad file.mod_watch: 'file.mod_watch' is not available. [INFO ] Running state [/usr/local/bin/sqlparser.py] at time 13:46:32.596323 [INFO ] Executing state file.prepend for /usr/local/bin/sqlparser.py [INFO ] File changed: --- +++ @@ -1,3 +1,4 @@ +#!/usr/bin/env python #sqlparse.py # #This program parses an SQLite3 database for deleted entires and [INFO ] Completed state [/usr/local/bin/sqlparser.py] at time 13:46:32.599535 duration_in_ms=3.212 [INFO ] Running state [/usr/local/bin/usbdeviceforensics.py] at time 13:46:32.599768 [INFO ] Executing state file.managed for /usr/local/bin/usbdeviceforensics.py [DEBUG ] Requesting URL https://raw.githubusercontent.com/woanware/usbdeviceforensics/5a0705d5beca09eab2fd5a47a52240dbc0db5bc9/usbdeviceforensics.py using GET method [INFO ] File changed: New file [DEBUG ] Refreshing modules... [INFO ] Loading fresh modules for state activity [DEBUG ] LazyLoaded jinja.render [DEBUG ] LazyLoaded yaml.render [INFO ] Completed state [/usr/local/bin/usbdeviceforensics.py] at time 13:46:32.857683 duration_in_ms=257.915 [DEBUG ] LazyLoaded config.option [DEBUG ] LazyLoaded file.replace [DEBUG ] LazyLoaded composer.install [DEBUG ] Module DSC: Only available on Windows systems [DEBUG ] Module PSGet: Only available on Windows systems [DEBUG ] Could not LazyLoad cyg.list: 'cyg' __virtual__ returned False: Module cyg: module only works on Windows systems. [DEBUG ] LazyLoaded postgres.datadir_init [DEBUG ] LazyLoaded postgres.privileges_grant [DEBUG ] LazyLoaded postgres.create_extension [DEBUG ] LazyLoaded zabbix.host_create [DEBUG ] LazyLoaded dockerng.version [DEBUG ] LazyLoaded win_dns_client.add_dns [DEBUG ] LazyLoaded rdp.enable [DEBUG ] LazyLoaded boto_iam.get_user [DEBUG ] LazyLoaded makeconf.get_var [DEBUG ] LazyLoaded boto_sns.exists [DEBUG ] LazyLoaded memcached.status [DEBUG ] Could not LazyLoad docker.version: 'docker.version' is not available. [DEBUG ] Could not LazyLoad influxdb.db_exists: 'influxdb.db_exists' is not available. [DEBUG ] LazyLoaded win_dacl.add_ace [DEBUG ] Could not LazyLoad influxdb08.db_exists: 'influxdb08.db_exists' is not available. [DEBUG ] LazyLoaded boto_rds.exists [DEBUG ] LazyLoaded kapacitor.version [DEBUG ] LazyLoaded boto_elasticsearch_domain.exists [DEBUG ] LazyLoaded boto_lambda.function_exists [DEBUG ] LazyLoaded boto_asg.exists [DEBUG ] LazyLoaded chocolatey.install [DEBUG ] LazyLoaded quota.report [DEBUG ] LazyLoaded boto_datapipeline.create_pipeline [DEBUG ] LazyLoaded tomcat.status [DEBUG ] LazyLoaded splunk.list_users [DEBUG ] LazyLoaded bower.list [DEBUG ] LazyLoaded boto_vpc.exists [DEBUG ] Could not LazyLoad influxdb08.db_exists: 'influxdb08.db_exists' is not available. [DEBUG ] LazyLoaded postgres.group_create [DEBUG ] LazyLoaded boto_elb.exists [DEBUG ] LazyLoaded zk_concurrency.lock [DEBUG ] LazyLoaded win_snmp.get_agent_settings [DEBUG ] LazyLoaded boto_secgroup.exists [DEBUG ] LazyLoaded zabbix.user_create [DEBUG ] LazyLoaded xmpp.send_msg [DEBUG ] LazyLoaded zabbix.usergroup_create [DEBUG ] LazyLoaded postgres.language_create [DEBUG ] LazyLoaded npm.list [DEBUG ] LazyLoaded splunk_search.get [DEBUG ] LazyLoaded portage_config.get_missing_flags [DEBUG ] LazyLoaded openvswitch.bridge_create [DEBUG ] LazyLoaded win_iis.create_site [DEBUG ] LazyLoaded boto_s3_bucket.exists [DEBUG ] Could not LazyLoad lgpo.set: 'lgpo.set' is not available. [DEBUG ] LazyLoaded postgres.schema_exists [DEBUG ] LazyLoaded boto_dynamodb.exists [DEBUG ] LazyLoaded boto_cloudwatch.get_alarm [DEBUG ] LazyLoaded snapper.diff [DEBUG ] Could not LazyLoad augeas.execute: 'augeas.execute' is not available. [DEBUG ] Could not LazyLoad influxdb.db_exists: 'influxdb.db_exists' is not available. [DEBUG ] LazyLoaded nftables.version [DEBUG ] LazyLoaded github.list_users [DEBUG ] LazyLoaded boto_asg.exists [DEBUG ] LazyLoaded boto_cfn.exists [DEBUG ] LazyLoaded boto_elasticache.exists [DEBUG ] LazyLoaded stormpath.create_account [DEBUG ] LazyLoaded boto_cognitoidentity.describe_identity_pools [DEBUG ] LazyLoaded win_pki.get_stores [DEBUG ] Could not LazyLoad vmadm.create: 'vmadm.create' is not available. [DEBUG ] LazyLoaded keystone.auth [DEBUG ] LazyLoaded pecl.list [DEBUG ] LazyLoaded ifttt.trigger_event [DEBUG ] LazyLoaded boto_iam.role_exists [DEBUG ] LazyLoaded win_path.rehash [DEBUG ] LazyLoaded win_servermanager.install [DEBUG ] LazyLoaded chassis.cmd [DEBUG ] LazyLoaded layman.add [DEBUG ] Could not LazyLoad firewall.get_config: 'firewall.get_config' is not available. [DEBUG ] LazyLoaded mongodb.user_exists [DEBUG ] LazyLoaded monit.summary [DEBUG ] LazyLoaded postgres.user_exists [DEBUG ] LazyLoaded trafficserver.set_config [DEBUG ] LazyLoaded chef.client [DEBUG ] LazyLoaded acme.cert [DEBUG ] LazyLoaded boto_sqs.exists [DEBUG ] LazyLoaded boto_route53.get_record [DEBUG ] LazyLoaded eselect.exec_action [DEBUG ] LazyLoaded virt.node_info [DEBUG ] LazyLoaded boto_kms.describe_key [DEBUG ] Could not LazyLoad elasticsearch.exists: 'elasticsearch.exists' is not available. [DEBUG ] LazyLoaded postgres.cluster_exists [DEBUG ] LazyLoaded lvs.get_rules [DEBUG ] LazyLoaded at.at [DEBUG ] LazyLoaded boto_cloudtrail.exists [DEBUG ] LazyLoaded victorops.create_event [DEBUG ] LazyLoaded postgres.user_exists [DEBUG ] Could not LazyLoad redis.set_key: 'redis.set_key' is not available. [DEBUG ] LazyLoaded boto_ec2.get_key [DEBUG ] LazyLoaded zabbix.hostgroup_create [DEBUG ] LazyLoaded boto_iot.policy_exists [DEBUG ] LazyLoaded boto_cloudwatch_event.exists [DEBUG ] LazyLoaded esxi.cmd [DEBUG ] LazyLoaded win_smtp_server.get_server_setting [DEBUG ] LazyLoaded reg.read_value [DEBUG ] LazyLoaded zpool.create [DEBUG ] LazyLoaded openvswitch.port_add [DEBUG ] LazyLoaded lvs.get_rules [DEBUG ] LazyLoaded boto_apigateway.describe_apis [DEBUG ] LazyLoaded glusterfs.list_volumes [DEBUG ] LazyLoaded postgres.tablespace_exists [DEBUG ] LazyLoaded ipset.version [DEBUG ] LazyLoaded cisconso.set_data_value [DEBUG ] LazyLoaded selinux.getenforce [DEBUG ] LazyLoaded nxos.cmd [DEBUG ] Could not LazyLoad file.mod_watch: 'file.mod_watch' is not available. [INFO ] Running state [/usr/local/bin/usbdeviceforensics.py] at time 13:46:33.296903 [INFO ] Executing state file.replace for /usr/local/bin/usbdeviceforensics.py [INFO ] File changed: --- +++ @@ -1,4 +1,4 @@ -#!/usr/bin/python +#!/usr/bin/env python # This file is part of usbdeviceforensics. usbdeviceforensics is a python console based port of woanware's # UsbDeviceForensics .Net WinForms GUI application. [INFO ] Completed state [/usr/local/bin/usbdeviceforensics.py] at time 13:46:33.301655 duration_in_ms=4.751 [INFO ] Running state [/usr/local/src/virustotal-search-v0.1.4] at time 13:46:33.301808 [INFO ] Executing state archive.extracted for /usr/local/src/virustotal-search-v0.1.4 [DEBUG ] Requesting URL https://didierstevens.com/files/software/virustotal-search_V0_1_4.zip using GET method [DEBUG ] file.managed: {'comment': 'File /var/cache/salt/minion/files/base/_files_software_virustotal-search_V0_1_4.zip updated', 'pchanges': {}, 'changes': {'diff': 'New file', 'mode': '0644'}, 'name': '/var/cache/salt/minion/files/base/_files_software_virustotal-search_V0_1_4.zip', 'result': True} [DEBUG ] Checking https://didierstevens.com/files/software/virustotal-search_V0_1_4.zip to see if it is password-protected [DEBUG ] Creating directory: /usr/local/src/virustotal-search-v0.1.4 [DEBUG ] Extracting /var/cache/salt/minion/files/base/_files_software_virustotal-search_V0_1_4.zip to /usr/local/src/virustotal-search-v0.1.4/ [DEBUG ] Cleaning cached source file /var/cache/salt/minion/files/base/_files_software_virustotal-search_V0_1_4.zip [DEBUG ] Cleaning cached source file /var/cache/salt/minion/extrn_files/base/didierstevens.com/files/software/virustotal-search_V0_1_4.zip [INFO ] {'extracted_files': ['virustotal-search.py'], 'directories_created': ['/usr/local/src/virustotal-search-v0.1.4/']} [INFO ] Completed state [/usr/local/src/virustotal-search-v0.1.4] at time 13:46:34.172017 duration_in_ms=870.209 [DEBUG ] Could not LazyLoad file.mod_watch: 'file.mod_watch' is not available. [INFO ] Running state [/usr/local/bin/virustotal-search.py] at time 13:46:34.176412 [INFO ] Executing state file.managed for /usr/local/bin/virustotal-search.py [INFO ] File changed: New file [DEBUG ] Refreshing modules... [INFO ] Loading fresh modules for state activity [DEBUG ] LazyLoaded jinja.render [DEBUG ] LazyLoaded yaml.render [INFO ] Completed state [/usr/local/bin/virustotal-search.py] at time 13:46:34.202184 duration_in_ms=25.772 [DEBUG ] LazyLoaded config.option [DEBUG ] LazyLoaded archive.extracted [INFO ] Running state [/usr/local/src/virustotal-submit-v0.0.3] at time 13:46:34.203790 [INFO ] Executing state archive.extracted for /usr/local/src/virustotal-submit-v0.0.3 [DEBUG ] LazyLoaded file.source_list [DEBUG ] LazyLoaded file.managed [DEBUG ] LazyLoaded cp.is_cached [DEBUG ] Requesting URL https://didierstevens.com/files/software/virustotal-submit_V0_0_3.zip using GET method [DEBUG ] file.managed: {'comment': 'File /var/cache/salt/minion/files/base/_files_software_virustotal-submit_V0_0_3.zip updated', 'pchanges': {}, 'changes': {'diff': 'New file', 'mode': '0644'}, 'name': '/var/cache/salt/minion/files/base/_files_software_virustotal-submit_V0_0_3.zip', 'result': True} [DEBUG ] Checking https://didierstevens.com/files/software/virustotal-submit_V0_0_3.zip to see if it is password-protected [DEBUG ] LazyLoaded archive.is_encrypted [DEBUG ] Creating directory: /usr/local/src/virustotal-submit-v0.0.3 [DEBUG ] Extracting /var/cache/salt/minion/files/base/_files_software_virustotal-submit_V0_0_3.zip to /usr/local/src/virustotal-submit-v0.0.3/ [DEBUG ] Cleaning cached source file /var/cache/salt/minion/files/base/_files_software_virustotal-submit_V0_0_3.zip [DEBUG ] Cleaning cached source file /var/cache/salt/minion/extrn_files/base/didierstevens.com/files/software/virustotal-submit_V0_0_3.zip [INFO ] {'extracted_files': ['virustotal-submit.py'], 'directories_created': ['/usr/local/src/virustotal-submit-v0.0.3/']} [INFO ] Completed state [/usr/local/src/virustotal-submit-v0.0.3] at time 13:46:34.917393 duration_in_ms=713.602 [DEBUG ] LazyLoaded composer.install [DEBUG ] Module DSC: Only available on Windows systems [DEBUG ] Module PSGet: Only available on Windows systems [DEBUG ] Could not LazyLoad cyg.list: 'cyg' __virtual__ returned False: Module cyg: module only works on Windows systems. [DEBUG ] LazyLoaded postgres.datadir_init [DEBUG ] LazyLoaded postgres.privileges_grant [DEBUG ] LazyLoaded postgres.create_extension [DEBUG ] LazyLoaded zabbix.host_create [DEBUG ] LazyLoaded dockerng.version [DEBUG ] LazyLoaded win_dns_client.add_dns [DEBUG ] LazyLoaded rdp.enable [DEBUG ] LazyLoaded boto_iam.get_user [DEBUG ] LazyLoaded makeconf.get_var [DEBUG ] LazyLoaded boto_sns.exists [DEBUG ] LazyLoaded memcached.status [DEBUG ] Could not LazyLoad docker.version: 'docker.version' is not available. [DEBUG ] Could not LazyLoad influxdb.db_exists: 'influxdb.db_exists' is not available. [DEBUG ] LazyLoaded win_dacl.add_ace [DEBUG ] Could not LazyLoad influxdb08.db_exists: 'influxdb08.db_exists' is not available. [DEBUG ] LazyLoaded boto_rds.exists [DEBUG ] LazyLoaded kapacitor.version [DEBUG ] LazyLoaded boto_elasticsearch_domain.exists [DEBUG ] LazyLoaded boto_lambda.function_exists [DEBUG ] LazyLoaded boto_asg.exists [DEBUG ] LazyLoaded chocolatey.install [DEBUG ] LazyLoaded quota.report [DEBUG ] LazyLoaded boto_datapipeline.create_pipeline [DEBUG ] LazyLoaded tomcat.status [DEBUG ] LazyLoaded splunk.list_users [DEBUG ] LazyLoaded bower.list [DEBUG ] LazyLoaded boto_vpc.exists [DEBUG ] Could not LazyLoad influxdb08.db_exists: 'influxdb08.db_exists' is not available. [DEBUG ] LazyLoaded postgres.group_create [DEBUG ] LazyLoaded boto_elb.exists [DEBUG ] LazyLoaded zk_concurrency.lock [DEBUG ] LazyLoaded win_snmp.get_agent_settings [DEBUG ] LazyLoaded boto_secgroup.exists [DEBUG ] LazyLoaded zabbix.user_create [DEBUG ] LazyLoaded xmpp.send_msg [DEBUG ] LazyLoaded zabbix.usergroup_create [DEBUG ] LazyLoaded postgres.language_create [DEBUG ] LazyLoaded npm.list [DEBUG ] LazyLoaded splunk_search.get [DEBUG ] LazyLoaded portage_config.get_missing_flags [DEBUG ] LazyLoaded openvswitch.bridge_create [DEBUG ] LazyLoaded win_iis.create_site [DEBUG ] LazyLoaded boto_s3_bucket.exists [DEBUG ] Could not LazyLoad lgpo.set: 'lgpo.set' is not available. [DEBUG ] LazyLoaded postgres.schema_exists [DEBUG ] LazyLoaded boto_dynamodb.exists [DEBUG ] LazyLoaded boto_cloudwatch.get_alarm [DEBUG ] LazyLoaded snapper.diff [DEBUG ] Could not LazyLoad augeas.execute: 'augeas.execute' is not available. [DEBUG ] Could not LazyLoad influxdb.db_exists: 'influxdb.db_exists' is not available. [DEBUG ] LazyLoaded nftables.version [DEBUG ] LazyLoaded github.list_users [DEBUG ] LazyLoaded boto_asg.exists [DEBUG ] LazyLoaded boto_cfn.exists [DEBUG ] LazyLoaded boto_elasticache.exists [DEBUG ] LazyLoaded stormpath.create_account [DEBUG ] LazyLoaded boto_cognitoidentity.describe_identity_pools [DEBUG ] LazyLoaded win_pki.get_stores [DEBUG ] Could not LazyLoad vmadm.create: 'vmadm.create' is not available. [DEBUG ] LazyLoaded keystone.auth [DEBUG ] LazyLoaded pecl.list [DEBUG ] LazyLoaded ifttt.trigger_event [DEBUG ] LazyLoaded boto_iam.role_exists [DEBUG ] LazyLoaded win_path.rehash [DEBUG ] LazyLoaded win_servermanager.install [DEBUG ] LazyLoaded chassis.cmd [DEBUG ] LazyLoaded layman.add [DEBUG ] Could not LazyLoad firewall.get_config: 'firewall.get_config' is not available. [DEBUG ] LazyLoaded mongodb.user_exists [DEBUG ] LazyLoaded monit.summary [DEBUG ] LazyLoaded postgres.user_exists [DEBUG ] LazyLoaded trafficserver.set_config [DEBUG ] LazyLoaded chef.client [DEBUG ] LazyLoaded acme.cert [DEBUG ] LazyLoaded boto_sqs.exists [DEBUG ] LazyLoaded boto_route53.get_record [DEBUG ] LazyLoaded eselect.exec_action [DEBUG ] LazyLoaded virt.node_info [DEBUG ] LazyLoaded boto_kms.describe_key [DEBUG ] Could not LazyLoad elasticsearch.exists: 'elasticsearch.exists' is not available. [DEBUG ] LazyLoaded postgres.cluster_exists [DEBUG ] LazyLoaded lvs.get_rules [DEBUG ] LazyLoaded at.at [DEBUG ] LazyLoaded boto_cloudtrail.exists [DEBUG ] LazyLoaded victorops.create_event [DEBUG ] LazyLoaded postgres.user_exists [DEBUG ] Could not LazyLoad redis.set_key: 'redis.set_key' is not available. [DEBUG ] LazyLoaded boto_ec2.get_key [DEBUG ] LazyLoaded zabbix.hostgroup_create [DEBUG ] LazyLoaded boto_iot.policy_exists [DEBUG ] LazyLoaded boto_cloudwatch_event.exists [DEBUG ] LazyLoaded esxi.cmd [DEBUG ] LazyLoaded win_smtp_server.get_server_setting [DEBUG ] LazyLoaded reg.read_value [DEBUG ] LazyLoaded zpool.create [DEBUG ] LazyLoaded openvswitch.port_add [DEBUG ] LazyLoaded lvs.get_rules [DEBUG ] LazyLoaded boto_apigateway.describe_apis [DEBUG ] LazyLoaded glusterfs.list_volumes [DEBUG ] LazyLoaded postgres.tablespace_exists [DEBUG ] LazyLoaded ipset.version [DEBUG ] LazyLoaded cisconso.set_data_value [DEBUG ] LazyLoaded selinux.getenforce [DEBUG ] LazyLoaded nxos.cmd [DEBUG ] Could not LazyLoad file.mod_watch: 'file.mod_watch' is not available. [INFO ] Running state [/usr/local/bin/virustotal-submit.py] at time 13:46:35.320207 [INFO ] Executing state file.managed for /usr/local/bin/virustotal-submit.py [INFO ] File changed: New file [DEBUG ] Refreshing modules... [INFO ] Loading fresh modules for state activity [DEBUG ] LazyLoaded jinja.render [DEBUG ] LazyLoaded yaml.render [INFO ] Completed state [/usr/local/bin/virustotal-submit.py] at time 13:46:35.353176 duration_in_ms=32.969 [DEBUG ] LazyLoaded config.option [DEBUG ] LazyLoaded file.managed [INFO ] Running state [/usr/local/bin/vshot] at time 13:46:35.359261 [INFO ] Executing state file.managed for /usr/local/bin/vshot [DEBUG ] LazyLoaded file.source_list [DEBUG ] LazyLoaded cp.is_cached [DEBUG ] Requesting URL https://raw.githubusercontent.com/CrowdStrike/Forensics/62d8ae4ed1ca276f2a1ffe251e1750d10538ae52/vshot using GET method [INFO ] File changed: New file [INFO ] Completed state [/usr/local/bin/vshot] at time 13:46:35.586416 duration_in_ms=227.155 [DEBUG ] LazyLoaded test.nop [INFO ] Running state [sift-scripts] at time 13:46:35.618205 [INFO ] Executing state test.nop for sift-scripts [INFO ] Success! [INFO ] Completed state [sift-scripts] at time 13:46:35.619139 duration_in_ms=0.934 [INFO ] Running state [/etc/hostname] at time 13:46:35.619403 [INFO ] Executing state file.managed for /etc/hostname [INFO ] File changed: --- +++ @@ -1 +1 @@ -ubuntu +siftworkstation [INFO ] Completed state [/etc/hostname] at time 13:46:35.621574 duration_in_ms=2.172 [DEBUG ] LazyLoaded cmd.run [INFO ] Running state [hostnamectl set-hostname siftworkstation] at time 13:46:35.622131 [INFO ] Executing state cmd.run for hostnamectl set-hostname siftworkstation [DEBUG ] LazyLoaded cmd.retcode [INFO ] Executing command 'test "siftworkstation" = "$(hostname)"' in directory '/home/sansforensics' [DEBUG ] output: [DEBUG ] Last command return code: 1 [INFO ] Executing command 'hostnamectl set-hostname siftworkstation' in directory '/home/sansforensics' [INFO ] {'pid': 20059, 'retcode': 0, 'stderr': '', 'stdout': ''} [INFO ] Completed state [hostnamectl set-hostname siftworkstation] at time 13:46:35.762265 duration_in_ms=140.133 [DEBUG ] LazyLoaded host.present [INFO ] Running state [siftworkstation] at time 13:46:35.763100 [INFO ] Executing state host.present for siftworkstation [DEBUG ] LazyLoaded hosts.has_pair [INFO ] {'host': 'siftworkstation'} [INFO ] Completed state [siftworkstation] at time 13:46:35.766502 duration_in_ms=3.401 [DEBUG ] LazyLoaded user.present [INFO ] Running state [sansforensics] at time 13:46:35.767109 [INFO ] Executing state user.present for sansforensics [DEBUG ] LazyLoaded shadow.info [DEBUG ] LazyLoaded user.info [INFO ] User sansforensics is present and up to date [INFO ] Completed state [sansforensics] at time 13:46:35.775909 duration_in_ms=8.799 [INFO ] Running state [/home/sansforensics/.bash_aliases] at time 13:46:35.779904 [INFO ] Executing state file.append for /home/sansforensics/.bash_aliases [INFO ] File changed: --- +++ @@ -0,0 +1 @@ +alias mountwin='mount -o ro,loop,show_sys_files,streams_interface=windows' [INFO ] Completed state [/home/sansforensics/.bash_aliases] at time 13:46:35.785351 duration_in_ms=5.447 [INFO ] Running state [/root/.bash_aliases] at time 13:46:35.788543 [INFO ] Executing state file.append for /root/.bash_aliases [INFO ] File changed: --- +++ @@ -0,0 +1 @@ +alias mountwin='mount -o ro,loop,show_sys_files,streams_interface=windows' [INFO ] Completed state [/root/.bash_aliases] at time 13:46:35.791594 duration_in_ms=3.05 [INFO ] Running state [/home/sansforensics/.bashrc] at time 13:46:35.796620 [INFO ] Executing state file.append for /home/sansforensics/.bashrc [INFO ] File changed: --- +++ @@ -115,3 +115,4 @@ . /etc/bash_completion fi fi +set -o noclobber [INFO ] Completed state [/home/sansforensics/.bashrc] at time 13:46:35.801635 duration_in_ms=5.015 [INFO ] Running state [/home/sansforensics/.bashrc] at time 13:46:35.805605 [INFO ] Executing state file.append for /home/sansforensics/.bashrc [INFO ] File changed: --- +++ @@ -116,3 +116,4 @@ fi fi set -o noclobber +export PATH=$PATH:/opt/rekall/bin [INFO ] Completed state [/home/sansforensics/.bashrc] at time 13:46:35.809914 duration_in_ms=4.309 [INFO ] Running state [/root/.bashrc] at time 13:46:35.830176 [INFO ] Executing state file.append for /root/.bashrc [INFO ] File changed: --- +++ @@ -97,3 +97,4 @@ #if [ -f /etc/bash_completion ] && ! shopt -oq posix; then # . /etc/bash_completion #fi +set -o noclobber [INFO ] Completed state [/root/.bashrc] at time 13:46:35.833020 duration_in_ms=2.847 [INFO ] Running state [/home/sansforensics/.config/autostart] at time 13:46:35.836580 [INFO ] Executing state file.directory for /home/sansforensics/.config/autostart [INFO ] {'/home/sansforensics/.config/autostart': 'New Dir'} [INFO ] Completed state [/home/sansforensics/.config/autostart] at time 13:46:35.839677 duration_in_ms=3.097 [INFO ] Running state [/home/sansforensics/Desktop] at time 13:46:35.842355 [INFO ] Executing state file.recurse for /home/sansforensics/Desktop [DEBUG ] In saltenv 'base', looking at rel_path 'sift/files/sift/resources/Evidence-of-Poster.pdf' to resolve 'salt://sift/files/sift/resources/Evidence-of-Poster.pdf' [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/files/sift/resources/Evidence-of-Poster.pdf' to resolve 'salt://sift/files/sift/resources/Evidence-of-Poster.pdf' [DEBUG ] In saltenv 'base', looking at rel_path 'sift/files/sift/resources/Find-Evil-Poster.pdf' to resolve 'salt://sift/files/sift/resources/Find-Evil-Poster.pdf' [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/files/sift/resources/Find-Evil-Poster.pdf' to resolve 'salt://sift/files/sift/resources/Find-Evil-Poster.pdf' [DEBUG ] In saltenv 'base', looking at rel_path 'sift/files/sift/resources/SANS-DFIR.pdf' to resolve 'salt://sift/files/sift/resources/SANS-DFIR.pdf' [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/files/sift/resources/SANS-DFIR.pdf' to resolve 'salt://sift/files/sift/resources/SANS-DFIR.pdf' [DEBUG ] In saltenv 'base', looking at rel_path 'sift/files/sift/resources/Smartphone-Forensics-Poster.pdf' to resolve 'salt://sift/files/sift/resources/Smartphone-Forensics-Poster.pdf' [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/files/sift/resources/Smartphone-Forensics-Poster.pdf' to resolve 'salt://sift/files/sift/resources/Smartphone-Forensics-Poster.pdf' [DEBUG ] In saltenv 'base', looking at rel_path 'sift/files/sift/resources/memory-forensics-cheatsheet.pdf' to resolve 'salt://sift/files/sift/resources/memory-forensics-cheatsheet.pdf' [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/files/sift/resources/memory-forensics-cheatsheet.pdf' to resolve 'salt://sift/files/sift/resources/memory-forensics-cheatsheet.pdf' [DEBUG ] In saltenv 'base', looking at rel_path 'sift/files/sift/resources/network-forensics-cheatsheet.pdf' to resolve 'salt://sift/files/sift/resources/network-forensics-cheatsheet.pdf' [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/files/sift/resources/network-forensics-cheatsheet.pdf' to resolve 'salt://sift/files/sift/resources/network-forensics-cheatsheet.pdf' [DEBUG ] In saltenv 'base', looking at rel_path 'sift/files/sift/resources/sift-cheatsheet.pdf' to resolve 'salt://sift/files/sift/resources/sift-cheatsheet.pdf' [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/files/sift/resources/sift-cheatsheet.pdf' to resolve 'salt://sift/files/sift/resources/sift-cheatsheet.pdf' [DEBUG ] In saltenv 'base', looking at rel_path 'sift/files/sift/resources/windows-to-unix-cheatsheet.pdf' to resolve 'salt://sift/files/sift/resources/windows-to-unix-cheatsheet.pdf' [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/files/sift/resources/windows-to-unix-cheatsheet.pdf' to resolve 'salt://sift/files/sift/resources/windows-to-unix-cheatsheet.pdf' [INFO ] {u'/home/sansforensics/Desktop/memory-forensics-cheatsheet.pdf': {'diff': 'New file', 'mode': '0644'}, u'/home/sansforensics/Desktop/sift-cheatsheet.pdf': {'diff': 'New file', 'mode': '0644'}, u'/home/sansforensics/Desktop/Evidence-of-Poster.pdf': {'diff': 'New file', 'mode': '0644'}, u'/home/sansforensics/Desktop/Find-Evil-Poster.pdf': {'diff': 'New file', 'mode': '0644'}, u'/home/sansforensics/Desktop/SANS-DFIR.pdf': {'diff': 'New file', 'mode': '0644'}, u'/home/sansforensics/Desktop/Smartphone-Forensics-Poster.pdf': {'diff': 'New file', 'mode': '0644'}, u'/home/sansforensics/Desktop/windows-to-unix-cheatsheet.pdf': {'diff': 'New file', 'mode': '0644'}, u'/home/sansforensics/Desktop/network-forensics-cheatsheet.pdf': {'diff': 'New file', 'mode': '0644'}} [DEBUG ] Refreshing modules... [INFO ] Loading fresh modules for state activity [DEBUG ] LazyLoaded jinja.render [DEBUG ] LazyLoaded yaml.render [INFO ] Completed state [/home/sansforensics/Desktop] at time 13:46:36.164548 duration_in_ms=322.192 [DEBUG ] LazyLoaded config.option [DEBUG ] LazyLoaded file.directory [INFO ] Running state [/home/sansforensics/Desktop] at time 13:46:36.170582 [INFO ] Executing state file.directory for /home/sansforensics/Desktop [DEBUG ] LazyLoaded file.stats [INFO ] Directory /home/sansforensics/Desktop is in the correct state [INFO ] Completed state [/home/sansforensics/Desktop] at time 13:46:36.180557 duration_in_ms=9.975 [INFO ] Running state [/home/sansforensics/Desktop/mount_points] at time 13:46:36.187715 [INFO ] Executing state file.symlink for /home/sansforensics/Desktop/mount_points [INFO ] {'new': '/home/sansforensics/Desktop/mount_points'} [INFO ] Completed state [/home/sansforensics/Desktop/mount_points] at time 13:46:36.196641 duration_in_ms=8.925 [INFO ] Running state [/home/sansforensics/Desktop/cases] at time 13:46:36.204919 [INFO ] Executing state file.symlink for /home/sansforensics/Desktop/cases [INFO ] {'new': '/home/sansforensics/Desktop/cases'} [INFO ] Completed state [/home/sansforensics/Desktop/cases] at time 13:46:36.207843 duration_in_ms=2.924 [INFO ] Running state [/usr/share/backgrounds] at time 13:46:36.208158 [INFO ] Executing state file.directory for /usr/share/backgrounds [INFO ] Directory /usr/share/backgrounds is in the correct state [INFO ] Completed state [/usr/share/backgrounds] at time 13:46:36.209319 duration_in_ms=1.161 [INFO ] Running state [/usr/share/backgrounds/warty-final-ubuntu.png] at time 13:46:36.214739 [INFO ] Executing state file.managed for /usr/share/backgrounds/warty-final-ubuntu.png [DEBUG ] LazyLoaded cp.hash_file [DEBUG ] In saltenv 'base', looking at rel_path 'sift/files/sift/images/forensics_blue.jpg' to resolve 'salt://sift/files/sift/images/forensics_blue.jpg' [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/files/sift/images/forensics_blue.jpg' to resolve 'salt://sift/files/sift/images/forensics_blue.jpg' [INFO ] File changed: Replace binary file [INFO ] Completed state [/usr/share/backgrounds/warty-final-ubuntu.png] at time 13:46:36.233661 duration_in_ms=18.922 [INFO ] Running state [/usr/share/unity-greeter] at time 13:46:36.233910 [INFO ] Executing state file.directory for /usr/share/unity-greeter [INFO ] Directory /usr/share/unity-greeter is in the correct state [INFO ] Completed state [/usr/share/unity-greeter] at time 13:46:36.234955 duration_in_ms=1.044 [INFO ] Running state [/usr/share/unity-greeter/logo.png] at time 13:46:36.240316 [INFO ] Executing state file.managed for /usr/share/unity-greeter/logo.png [DEBUG ] In saltenv 'base', looking at rel_path 'sift/files/sift/images/login_logo.png' to resolve 'salt://sift/files/sift/images/login_logo.png' [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/files/sift/images/login_logo.png' to resolve 'salt://sift/files/sift/images/login_logo.png' [INFO ] File changed: Replace binary file [INFO ] Completed state [/usr/share/unity-greeter/logo.png] at time 13:46:36.243247 duration_in_ms=2.932 [INFO ] Running state [/home/sansforensics/.config/autostart/] at time 13:46:36.243388 [INFO ] Executing state file.directory for /home/sansforensics/.config/autostart/ [INFO ] Directory /home/sansforensics/.config/autostart is in the correct state [INFO ] Completed state [/home/sansforensics/.config/autostart/] at time 13:46:36.243917 duration_in_ms=0.529 [INFO ] Running state [/home/sansforensics/.config/autostart/gnome-terminal.desktop] at time 13:46:36.248675 [INFO ] Executing state file.managed for /home/sansforensics/.config/autostart/gnome-terminal.desktop [DEBUG ] In saltenv 'base', looking at rel_path 'sift/files/sift/other/gnome-terminal.desktop' to resolve 'salt://sift/files/sift/other/gnome-terminal.desktop' [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/files/sift/other/gnome-terminal.desktop' to resolve 'salt://sift/files/sift/other/gnome-terminal.desktop' [INFO ] File changed: New file [INFO ] Completed state [/home/sansforensics/.config/autostart/gnome-terminal.desktop] at time 13:46:36.251988 duration_in_ms=3.313 [DEBUG ] LazyLoaded test.nop [INFO ] Running state [sift-config-user] at time 13:46:36.260520 [INFO ] Executing state test.nop for sift-config-user [INFO ] Success! [INFO ] Completed state [sift-config-user] at time 13:46:36.261734 duration_in_ms=1.212 [DEBUG ] LazyLoaded timezone.get_zone [DEBUG ] LazyLoaded timezone.system [INFO ] Running state [Etc/UTC] at time 13:46:36.263434 [INFO ] Executing state timezone.system for Etc/UTC [DEBUG ] LazyLoaded cmd.run_all [INFO ] Executing command ['timedatectl'] in directory '/home/sansforensics' [DEBUG ] stdout: Local time: Mon 2017-07-10 13:46:36 CEST Universal time: Mon 2017-07-10 11:46:36 UTC RTC time: Mon 2017-07-10 11:46:36 Time zone: Europe/Stockholm (CEST, +0200) Network time on: yes NTP synchronized: yes RTC in local TZ: no [INFO ] Executing command ['timedatectl'] in directory '/home/sansforensics' [DEBUG ] stdout: Local time: Mon 2017-07-10 13:46:36 CEST Universal time: Mon 2017-07-10 11:46:36 UTC RTC time: Mon 2017-07-10 11:46:36 Time zone: Europe/Stockholm (CEST, +0200) Network time on: yes NTP synchronized: yes RTC in local TZ: no [INFO ] Executing command 'timedatectl set-timezone Etc/UTC' in directory '/home/sansforensics' [DEBUG ] output: [INFO ] {'timezone': 'Etc/UTC'} [INFO ] Completed state [Etc/UTC] at time 11:46:36.462613 duration_in_ms=199.163 [INFO ] Running state [/cases] at time 11:46:36.466128 [INFO ] Executing state file.directory for /cases [INFO ] {'/cases': 'New Dir'} [INFO ] Completed state [/cases] at time 11:46:36.471721 duration_in_ms=5.594 [INFO ] Running state [/mnt/usb] at time 11:46:36.472026 [INFO ] Executing state file.directory for /mnt/usb [INFO ] {'/mnt/usb': 'New Dir'} [INFO ] Completed state [/mnt/usb] at time 11:46:36.473891 duration_in_ms=1.865 [INFO ] Running state [/mnt/vss] at time 11:46:36.474154 [INFO ] Executing state file.directory for /mnt/vss [INFO ] {'/mnt/vss': 'New Dir'} [INFO ] Completed state [/mnt/vss] at time 11:46:36.475446 duration_in_ms=1.293 [INFO ] Running state [/mnt/shadow] at time 11:46:36.475696 [INFO ] Executing state file.directory for /mnt/shadow [INFO ] {'/mnt/shadow': 'New Dir'} [INFO ] Completed state [/mnt/shadow] at time 11:46:36.477294 duration_in_ms=1.598 [INFO ] Running state [/mnt/windows_mount] at time 11:46:36.477560 [INFO ] Executing state file.directory for /mnt/windows_mount [INFO ] {'/mnt/windows_mount': 'New Dir'} [INFO ] Completed state [/mnt/windows_mount] at time 11:46:36.478941 duration_in_ms=1.381 [INFO ] Running state [/mnt/e01] at time 11:46:36.479178 [INFO ] Executing state file.directory for /mnt/e01 [INFO ] {'/mnt/e01': 'New Dir'} [INFO ] Completed state [/mnt/e01] at time 11:46:36.480240 duration_in_ms=1.063 [INFO ] Running state [/mnt/aff] at time 11:46:36.480453 [INFO ] Executing state file.directory for /mnt/aff [INFO ] {'/mnt/aff': 'New Dir'} [INFO ] Completed state [/mnt/aff] at time 11:46:36.481721 duration_in_ms=1.267 [INFO ] Running state [/mnt/ewf] at time 11:46:36.481944 [INFO ] Executing state file.directory for /mnt/ewf [INFO ] {'/mnt/ewf': 'New Dir'} [INFO ] Completed state [/mnt/ewf] at time 11:46:36.483175 duration_in_ms=1.232 [INFO ] Running state [/mnt/bde] at time 11:46:36.483327 [INFO ] Executing state file.directory for /mnt/bde [INFO ] {'/mnt/bde': 'New Dir'} [INFO ] Completed state [/mnt/bde] at time 11:46:36.484324 duration_in_ms=0.997 [INFO ] Running state [/mnt/iscsi] at time 11:46:36.484492 [INFO ] Executing state file.directory for /mnt/iscsi [INFO ] {'/mnt/iscsi': 'New Dir'} [INFO ] Completed state [/mnt/iscsi] at time 11:46:36.485353 duration_in_ms=0.861 [INFO ] Running state [/mnt/windows_mount1] at time 11:46:36.485482 [INFO ] Executing state file.directory for /mnt/windows_mount1 [INFO ] {'/mnt/windows_mount1': 'New Dir'} [INFO ] Completed state [/mnt/windows_mount1] at time 11:46:36.486348 duration_in_ms=0.866 [INFO ] Running state [/mnt/windows_mount2] at time 11:46:36.486486 [INFO ] Executing state file.directory for /mnt/windows_mount2 [INFO ] {'/mnt/windows_mount2': 'New Dir'} [INFO ] Completed state [/mnt/windows_mount2] at time 11:46:36.487749 duration_in_ms=1.263 [INFO ] Running state [/mnt/windows_mount3] at time 11:46:36.487875 [INFO ] Executing state file.directory for /mnt/windows_mount3 [INFO ] {'/mnt/windows_mount3': 'New Dir'} [INFO ] Completed state [/mnt/windows_mount3] at time 11:46:36.489257 duration_in_ms=1.382 [INFO ] Running state [/mnt/windows_mount4] at time 11:46:36.489432 [INFO ] Executing state file.directory for /mnt/windows_mount4 [INFO ] {'/mnt/windows_mount4': 'New Dir'} [INFO ] Completed state [/mnt/windows_mount4] at time 11:46:36.490895 duration_in_ms=1.463 [INFO ] Running state [/mnt/windows_mount5] at time 11:46:36.491091 [INFO ] Executing state file.directory for /mnt/windows_mount5 [INFO ] {'/mnt/windows_mount5': 'New Dir'} [INFO ] Completed state [/mnt/windows_mount5] at time 11:46:36.492336 duration_in_ms=1.245 [INFO ] Running state [/mnt/shadow/vss1] at time 11:46:36.492552 [INFO ] Executing state file.directory for /mnt/shadow/vss1 [INFO ] {'/mnt/shadow/vss1': 'New Dir'} [INFO ] Completed state [/mnt/shadow/vss1] at time 11:46:36.493940 duration_in_ms=1.388 [INFO ] Running state [/mnt/shadow/vss2] at time 11:46:36.494383 [INFO ] Executing state file.directory for /mnt/shadow/vss2 [INFO ] {'/mnt/shadow/vss2': 'New Dir'} [INFO ] Completed state [/mnt/shadow/vss2] at time 11:46:36.497044 duration_in_ms=2.66 [INFO ] Running state [/mnt/shadow/vss3] at time 11:46:36.497529 [INFO ] Executing state file.directory for /mnt/shadow/vss3 [INFO ] {'/mnt/shadow/vss3': 'New Dir'} [INFO ] Completed state [/mnt/shadow/vss3] at time 11:46:36.499203 duration_in_ms=1.674 [INFO ] Running state [/mnt/shadow/vss4] at time 11:46:36.499422 [INFO ] Executing state file.directory for /mnt/shadow/vss4 [INFO ] {'/mnt/shadow/vss4': 'New Dir'} [INFO ] Completed state [/mnt/shadow/vss4] at time 11:46:36.500825 duration_in_ms=1.403 [INFO ] Running state [/mnt/shadow/vss5] at time 11:46:36.501036 [INFO ] Executing state file.directory for /mnt/shadow/vss5 [INFO ] {'/mnt/shadow/vss5': 'New Dir'} [INFO ] Completed state [/mnt/shadow/vss5] at time 11:46:36.502357 duration_in_ms=1.321 [INFO ] Running state [/mnt/shadow/vss6] at time 11:46:36.502563 [INFO ] Executing state file.directory for /mnt/shadow/vss6 [INFO ] {'/mnt/shadow/vss6': 'New Dir'} [INFO ] Completed state [/mnt/shadow/vss6] at time 11:46:36.503991 duration_in_ms=1.428 [INFO ] Running state [/mnt/shadow/vss7] at time 11:46:36.504206 [INFO ] Executing state file.directory for /mnt/shadow/vss7 [INFO ] {'/mnt/shadow/vss7': 'New Dir'} [INFO ] Completed state [/mnt/shadow/vss7] at time 11:46:36.505479 duration_in_ms=1.273 [INFO ] Running state [/mnt/shadow/vss8] at time 11:46:36.505735 [INFO ] Executing state file.directory for /mnt/shadow/vss8 [INFO ] {'/mnt/shadow/vss8': 'New Dir'} [INFO ] Completed state [/mnt/shadow/vss8] at time 11:46:36.507683 duration_in_ms=1.947 [INFO ] Running state [/mnt/shadow/vss9] at time 11:46:36.507923 [INFO ] Executing state file.directory for /mnt/shadow/vss9 [INFO ] {'/mnt/shadow/vss9': 'New Dir'} [INFO ] Completed state [/mnt/shadow/vss9] at time 11:46:36.509557 duration_in_ms=1.632 [INFO ] Running state [/mnt/shadow/vss10] at time 11:46:36.509922 [INFO ] Executing state file.directory for /mnt/shadow/vss10 [INFO ] {'/mnt/shadow/vss10': 'New Dir'} [INFO ] Completed state [/mnt/shadow/vss10] at time 11:46:36.511217 duration_in_ms=1.295 [INFO ] Running state [/mnt/shadow/vss11] at time 11:46:36.511435 [INFO ] Executing state file.directory for /mnt/shadow/vss11 [INFO ] {'/mnt/shadow/vss11': 'New Dir'} [INFO ] Completed state [/mnt/shadow/vss11] at time 11:46:36.512500 duration_in_ms=1.066 [INFO ] Running state [/mnt/shadow/vss12] at time 11:46:36.512726 [INFO ] Executing state file.directory for /mnt/shadow/vss12 [INFO ] {'/mnt/shadow/vss12': 'New Dir'} [INFO ] Completed state [/mnt/shadow/vss12] at time 11:46:36.513818 duration_in_ms=1.091 [INFO ] Running state [/mnt/shadow/vss13] at time 11:46:36.514033 [INFO ] Executing state file.directory for /mnt/shadow/vss13 [INFO ] {'/mnt/shadow/vss13': 'New Dir'} [INFO ] Completed state [/mnt/shadow/vss13] at time 11:46:36.515276 duration_in_ms=1.243 [INFO ] Running state [/mnt/shadow/vss14] at time 11:46:36.515488 [INFO ] Executing state file.directory for /mnt/shadow/vss14 [INFO ] {'/mnt/shadow/vss14': 'New Dir'} [INFO ] Completed state [/mnt/shadow/vss14] at time 11:46:36.516912 duration_in_ms=1.424 [INFO ] Running state [/mnt/shadow/vss15] at time 11:46:36.517099 [INFO ] Executing state file.directory for /mnt/shadow/vss15 [INFO ] {'/mnt/shadow/vss15': 'New Dir'} [INFO ] Completed state [/mnt/shadow/vss15] at time 11:46:36.518417 duration_in_ms=1.317 [INFO ] Running state [/mnt/shadow/vss16] at time 11:46:36.518598 [INFO ] Executing state file.directory for /mnt/shadow/vss16 [INFO ] {'/mnt/shadow/vss16': 'New Dir'} [INFO ] Completed state [/mnt/shadow/vss16] at time 11:46:36.520278 duration_in_ms=1.679 [INFO ] Running state [/mnt/shadow/vss17] at time 11:46:36.520468 [INFO ] Executing state file.directory for /mnt/shadow/vss17 [INFO ] {'/mnt/shadow/vss17': 'New Dir'} [INFO ] Completed state [/mnt/shadow/vss17] at time 11:46:36.521858 duration_in_ms=1.39 [INFO ] Running state [/mnt/shadow/vss18] at time 11:46:36.522078 [INFO ] Executing state file.directory for /mnt/shadow/vss18 [INFO ] {'/mnt/shadow/vss18': 'New Dir'} [INFO ] Completed state [/mnt/shadow/vss18] at time 11:46:36.523905 duration_in_ms=1.824 [INFO ] Running state [/mnt/shadow/vss19] at time 11:46:36.524266 [INFO ] Executing state file.directory for /mnt/shadow/vss19 [INFO ] {'/mnt/shadow/vss19': 'New Dir'} [INFO ] Completed state [/mnt/shadow/vss19] at time 11:46:36.525959 duration_in_ms=1.694 [INFO ] Running state [/mnt/shadow/vss20] at time 11:46:36.526209 [INFO ] Executing state file.directory for /mnt/shadow/vss20 [INFO ] {'/mnt/shadow/vss20': 'New Dir'} [INFO ] Completed state [/mnt/shadow/vss20] at time 11:46:36.527703 duration_in_ms=1.494 [INFO ] Running state [/mnt/shadow/vss21] at time 11:46:36.527972 [INFO ] Executing state file.directory for /mnt/shadow/vss21 [INFO ] {'/mnt/shadow/vss21': 'New Dir'} [INFO ] Completed state [/mnt/shadow/vss21] at time 11:46:36.529401 duration_in_ms=1.429 [INFO ] Running state [/mnt/shadow/vss22] at time 11:46:36.529609 [INFO ] Executing state file.directory for /mnt/shadow/vss22 [INFO ] {'/mnt/shadow/vss22': 'New Dir'} [INFO ] Completed state [/mnt/shadow/vss22] at time 11:46:36.531054 duration_in_ms=1.445 [INFO ] Running state [/mnt/shadow/vss23] at time 11:46:36.531257 [INFO ] Executing state file.directory for /mnt/shadow/vss23 [INFO ] {'/mnt/shadow/vss23': 'New Dir'} [INFO ] Completed state [/mnt/shadow/vss23] at time 11:46:36.532686 duration_in_ms=1.43 [INFO ] Running state [/mnt/shadow/vss24] at time 11:46:36.532896 [INFO ] Executing state file.directory for /mnt/shadow/vss24 [INFO ] {'/mnt/shadow/vss24': 'New Dir'} [INFO ] Completed state [/mnt/shadow/vss24] at time 11:46:36.534241 duration_in_ms=1.344 [INFO ] Running state [/mnt/shadow/vss25] at time 11:46:36.534451 [INFO ] Executing state file.directory for /mnt/shadow/vss25 [INFO ] {'/mnt/shadow/vss25': 'New Dir'} [INFO ] Completed state [/mnt/shadow/vss25] at time 11:46:36.535723 duration_in_ms=1.272 [INFO ] Running state [/mnt/shadow/vss26] at time 11:46:36.535923 [INFO ] Executing state file.directory for /mnt/shadow/vss26 [INFO ] {'/mnt/shadow/vss26': 'New Dir'} [INFO ] Completed state [/mnt/shadow/vss26] at time 11:46:36.537222 duration_in_ms=1.299 [INFO ] Running state [/mnt/shadow/vss27] at time 11:46:36.537413 [INFO ] Executing state file.directory for /mnt/shadow/vss27 [INFO ] {'/mnt/shadow/vss27': 'New Dir'} [INFO ] Completed state [/mnt/shadow/vss27] at time 11:46:36.538443 duration_in_ms=1.029 [INFO ] Running state [/mnt/shadow/vss28] at time 11:46:36.538653 [INFO ] Executing state file.directory for /mnt/shadow/vss28 [INFO ] {'/mnt/shadow/vss28': 'New Dir'} [INFO ] Completed state [/mnt/shadow/vss28] at time 11:46:36.539704 duration_in_ms=1.051 [INFO ] Running state [/mnt/shadow/vss29] at time 11:46:36.539921 [INFO ] Executing state file.directory for /mnt/shadow/vss29 [INFO ] {'/mnt/shadow/vss29': 'New Dir'} [INFO ] Completed state [/mnt/shadow/vss29] at time 11:46:36.541126 duration_in_ms=1.205 [INFO ] Running state [/mnt/shadow/vss30] at time 11:46:36.541285 [INFO ] Executing state file.directory for /mnt/shadow/vss30 [INFO ] {'/mnt/shadow/vss30': 'New Dir'} [INFO ] Completed state [/mnt/shadow/vss30] at time 11:46:36.542449 duration_in_ms=1.164 [DEBUG ] LazyLoaded service.start [DEBUG ] LazyLoaded service.dead [INFO ] Running state [salt-minion] at time 11:46:36.875895 [INFO ] Executing state service.dead for salt-minion [INFO ] Executing command ['systemctl', 'status', 'salt-minion.service', '-n', '0'] in directory '/home/sansforensics' [DEBUG ] stdout: * salt-minion.service - The Salt Minion Loaded: loaded (/lib/systemd/system/salt-minion.service; enabled; vendor preset: enabled) Active: active (running) since Mon 2017-07-10 11:13:30 UTC; 33min ago Docs: man:salt-minion(1) file:///usr/share/doc/salt/html/contents.html https://docs.saltstack.com/en/latest/contents.html Main PID: 4768 (salt-minion) Tasks: 4 Memory: 104.0K CPU: 100ms CGroup: /system.slice/salt-minion.service |-4768 /usr/bin/python /usr/bin/salt-minion |-4793 /usr/bin/python /usr/bin/salt-minion `-4807 /usr/bin/python /usr/bin/salt-minion [INFO ] Executing command ['systemctl', 'is-active', 'salt-minion.service'] in directory '/home/sansforensics' [DEBUG ] output: active [INFO ] Executing command ['systemctl', 'is-enabled', 'salt-minion.service'] in directory '/home/sansforensics' [DEBUG ] output: enabled [INFO ] Executing command ['systemd-run', '--scope', 'systemctl', 'stop', 'salt-minion.service'] in directory '/home/sansforensics' [DEBUG ] output: Running scope as unit run-r7d66f2f1eaf9495d8179d4b71355b1b4.scope. [INFO ] Executing command ['systemctl', 'is-active', 'salt-minion.service'] in directory '/home/sansforensics' [DEBUG ] output: inactive [INFO ] Executing command ['systemctl', 'is-enabled', 'salt-minion.service'] in directory '/home/sansforensics' [DEBUG ] output: enabled [INFO ] Executing command ['systemctl', 'is-enabled', 'salt-minion.service'] in directory '/home/sansforensics' [DEBUG ] output: enabled [DEBUG ] sysvinit script 'x11-common' found, but systemd unit 'x11-common.service' already exists [DEBUG ] sysvinit script 'networking' found, but systemd unit 'networking.service' already exists [DEBUG ] sysvinit script 'umountfs' found, but systemd unit 'umountfs.service' already exists [DEBUG ] sysvinit script 'network-manager' found, but systemd unit 'network-manager.service' already exists [DEBUG ] sysvinit script 'open-iscsi' found, but systemd unit 'open-iscsi.service' already exists [DEBUG ] sysvinit script 'sendsigs' found, but systemd unit 'sendsigs.service' already exists [DEBUG ] sysvinit script 'killprocs' found, but systemd unit 'killprocs.service' already exists [DEBUG ] sysvinit script 'console-setup' found, but systemd unit 'console-setup.service' already exists [DEBUG ] sysvinit script 'docker' found, but systemd unit 'docker.service' already exists [DEBUG ] sysvinit script 'anacron' found, but systemd unit 'anacron.service' already exists [DEBUG ] sysvinit script 'salt-minion' found, but systemd unit 'salt-minion.service' already exists [DEBUG ] sysvinit script 'samba' found, but systemd unit 'samba.service' already exists [DEBUG ] sysvinit script 'keyboard-setup' found, but systemd unit 'keyboard-setup.service' already exists [DEBUG ] sysvinit script 'cron' found, but systemd unit 'cron.service' already exists [DEBUG ] sysvinit script 'kerneloops' found, but systemd unit 'kerneloops.service' already exists [DEBUG ] sysvinit script 'kmod' found, but systemd unit 'kmod.service' already exists [DEBUG ] sysvinit script 'lightdm' found, but systemd unit 'lightdm.service' already exists [DEBUG ] sysvinit script 'reboot' found, but systemd unit 'reboot.service' already exists [DEBUG ] sysvinit script 'alsa-utils' found, but systemd unit 'alsa-utils.service' already exists [DEBUG ] sysvinit script 'pppd-dns' found, but systemd unit 'pppd-dns.service' already exists [DEBUG ] sysvinit script 'binfmt-support' found, but systemd unit 'binfmt-support.service' already exists [DEBUG ] sysvinit script 'clamav-freshclam' found, but systemd unit 'clamav-freshclam.service' already exists [DEBUG ] sysvinit script 'iscsid' found, but systemd unit 'iscsid.service' already exists [DEBUG ] sysvinit script 'brltty' found, but systemd unit 'brltty.service' already exists [DEBUG ] sysvinit script 'rc.local' found, but systemd unit 'rc.local.service' already exists [DEBUG ] sysvinit script 'urandom' found, but systemd unit 'urandom.service' already exists [DEBUG ] sysvinit script 'saned' found, but systemd unit 'saned.service' already exists [DEBUG ] sysvinit script 'nfdump' found, but systemd unit 'nfdump.service' already exists [DEBUG ] sysvinit script 'single' found, but systemd unit 'single.service' already exists [DEBUG ] sysvinit script 'rcS' found, but systemd unit 'rcS.service' already exists [DEBUG ] sysvinit script 'udev' found, but systemd unit 'udev.service' already exists [DEBUG ] sysvinit script 'rc' found, but systemd unit 'rc.service' already exists [DEBUG ] sysvinit script 'cryptdisks' found, but systemd unit 'cryptdisks.service' already exists [DEBUG ] sysvinit script 'cups' found, but systemd unit 'cups.service' already exists [DEBUG ] sysvinit script 'uuidd' found, but systemd unit 'uuidd.service' already exists [DEBUG ] sysvinit script 'acpid' found, but systemd unit 'acpid.service' already exists [DEBUG ] sysvinit script 'ufw' found, but systemd unit 'ufw.service' already exists [DEBUG ] sysvinit script 'resolvconf' found, but systemd unit 'resolvconf.service' already exists [DEBUG ] sysvinit script 'thermald' found, but systemd unit 'thermald.service' already exists [DEBUG ] sysvinit script 'cups-browsed' found, but systemd unit 'cups-browsed.service' already exists [DEBUG ] sysvinit script 'dns-clean' found, but systemd unit 'dns-clean.service' already exists [DEBUG ] sysvinit script 'umountroot' found, but systemd unit 'umountroot.service' already exists [DEBUG ] sysvinit script 'halt' found, but systemd unit 'halt.service' already exists [DEBUG ] sysvinit script 'dbus' found, but systemd unit 'dbus.service' already exists [DEBUG ] sysvinit script 'cryptdisks-early' found, but systemd unit 'cryptdisks-early.service' already exists [DEBUG ] sysvinit script 'unattended-upgrades' found, but systemd unit 'unattended-upgrades.service' already exists [DEBUG ] sysvinit script 'bluetooth' found, but systemd unit 'bluetooth.service' already exists [DEBUG ] sysvinit script 'whoopsie' found, but systemd unit 'whoopsie.service' already exists [DEBUG ] sysvinit script 'rsyslog' found, but systemd unit 'rsyslog.service' already exists [DEBUG ] sysvinit script 'rsync' found, but systemd unit 'rsync.service' already exists [DEBUG ] sysvinit script 'procps' found, but systemd unit 'procps.service' already exists [DEBUG ] sysvinit script 'avahi-daemon' found, but systemd unit 'avahi-daemon.service' already exists [DEBUG ] sysvinit script 'plymouth-log' found, but systemd unit 'plymouth-log.service' already exists [DEBUG ] sysvinit script 'plymouth' found, but systemd unit 'plymouth.service' already exists [DEBUG ] sysvinit script 'open-vm-tools' found, but systemd unit 'open-vm-tools.service' already exists [INFO ] Executing command ['systemd-run', '--scope', 'systemctl', 'disable', 'salt-minion.service'] in directory '/home/sansforensics' [DEBUG ] output: Running scope as unit run-r705cb3eb670241a3a07b061e2a909763.scope. Synchronizing state of salt-minion.service with SysV init with /lib/systemd/systemd-sysv-install... Executing /lib/systemd/systemd-sysv-install disable salt-minion insserv: warning: current start runlevel(s) (empty) of script `salt-minion' overrides LSB defaults (2 3 4 5). insserv: warning: current stop runlevel(s) (0 1 2 3 4 5 6) of script `salt-minion' overrides LSB defaults (0 1 6). [INFO ] Executing command ['systemctl', 'is-enabled', 'salt-minion.service'] in directory '/home/sansforensics' [DEBUG ] output: disabled [DEBUG ] sysvinit script 'x11-common' found, but systemd unit 'x11-common.service' already exists [DEBUG ] sysvinit script 'networking' found, but systemd unit 'networking.service' already exists [DEBUG ] sysvinit script 'umountfs' found, but systemd unit 'umountfs.service' already exists [DEBUG ] sysvinit script 'network-manager' found, but systemd unit 'network-manager.service' already exists [DEBUG ] sysvinit script 'open-iscsi' found, but systemd unit 'open-iscsi.service' already exists [DEBUG ] sysvinit script 'sendsigs' found, but systemd unit 'sendsigs.service' already exists [DEBUG ] sysvinit script 'killprocs' found, but systemd unit 'killprocs.service' already exists [DEBUG ] sysvinit script 'console-setup' found, but systemd unit 'console-setup.service' already exists [DEBUG ] sysvinit script 'docker' found, but systemd unit 'docker.service' already exists [DEBUG ] sysvinit script 'anacron' found, but systemd unit 'anacron.service' already exists [DEBUG ] sysvinit script 'salt-minion' found, but systemd unit 'salt-minion.service' already exists [DEBUG ] sysvinit script 'samba' found, but systemd unit 'samba.service' already exists [DEBUG ] sysvinit script 'keyboard-setup' found, but systemd unit 'keyboard-setup.service' already exists [DEBUG ] sysvinit script 'cron' found, but systemd unit 'cron.service' already exists [DEBUG ] sysvinit script 'kerneloops' found, but systemd unit 'kerneloops.service' already exists [DEBUG ] sysvinit script 'kmod' found, but systemd unit 'kmod.service' already exists [DEBUG ] sysvinit script 'lightdm' found, but systemd unit 'lightdm.service' already exists [DEBUG ] sysvinit script 'reboot' found, but systemd unit 'reboot.service' already exists [DEBUG ] sysvinit script 'alsa-utils' found, but systemd unit 'alsa-utils.service' already exists [DEBUG ] sysvinit script 'pppd-dns' found, but systemd unit 'pppd-dns.service' already exists [DEBUG ] sysvinit script 'binfmt-support' found, but systemd unit 'binfmt-support.service' already exists [DEBUG ] sysvinit script 'clamav-freshclam' found, but systemd unit 'clamav-freshclam.service' already exists [DEBUG ] sysvinit script 'iscsid' found, but systemd unit 'iscsid.service' already exists [DEBUG ] sysvinit script 'brltty' found, but systemd unit 'brltty.service' already exists [DEBUG ] sysvinit script 'rc.local' found, but systemd unit 'rc.local.service' already exists [DEBUG ] sysvinit script 'urandom' found, but systemd unit 'urandom.service' already exists [DEBUG ] sysvinit script 'saned' found, but systemd unit 'saned.service' already exists [DEBUG ] sysvinit script 'nfdump' found, but systemd unit 'nfdump.service' already exists [DEBUG ] sysvinit script 'single' found, but systemd unit 'single.service' already exists [DEBUG ] sysvinit script 'rcS' found, but systemd unit 'rcS.service' already exists [DEBUG ] sysvinit script 'udev' found, but systemd unit 'udev.service' already exists [DEBUG ] sysvinit script 'rc' found, but systemd unit 'rc.service' already exists [DEBUG ] sysvinit script 'cryptdisks' found, but systemd unit 'cryptdisks.service' already exists [DEBUG ] sysvinit script 'cups' found, but systemd unit 'cups.service' already exists [DEBUG ] sysvinit script 'uuidd' found, but systemd unit 'uuidd.service' already exists [DEBUG ] sysvinit script 'acpid' found, but systemd unit 'acpid.service' already exists [DEBUG ] sysvinit script 'ufw' found, but systemd unit 'ufw.service' already exists [DEBUG ] sysvinit script 'resolvconf' found, but systemd unit 'resolvconf.service' already exists [DEBUG ] sysvinit script 'thermald' found, but systemd unit 'thermald.service' already exists [DEBUG ] sysvinit script 'cups-browsed' found, but systemd unit 'cups-browsed.service' already exists [DEBUG ] sysvinit script 'dns-clean' found, but systemd unit 'dns-clean.service' already exists [DEBUG ] sysvinit script 'umountroot' found, but systemd unit 'umountroot.service' already exists [DEBUG ] sysvinit script 'halt' found, but systemd unit 'halt.service' already exists [DEBUG ] sysvinit script 'dbus' found, but systemd unit 'dbus.service' already exists [DEBUG ] sysvinit script 'cryptdisks-early' found, but systemd unit 'cryptdisks-early.service' already exists [DEBUG ] sysvinit script 'unattended-upgrades' found, but systemd unit 'unattended-upgrades.service' already exists [DEBUG ] sysvinit script 'bluetooth' found, but systemd unit 'bluetooth.service' already exists [DEBUG ] sysvinit script 'whoopsie' found, but systemd unit 'whoopsie.service' already exists [DEBUG ] sysvinit script 'rsyslog' found, but systemd unit 'rsyslog.service' already exists [DEBUG ] sysvinit script 'rsync' found, but systemd unit 'rsync.service' already exists [DEBUG ] sysvinit script 'procps' found, but systemd unit 'procps.service' already exists [DEBUG ] sysvinit script 'avahi-daemon' found, but systemd unit 'avahi-daemon.service' already exists [DEBUG ] sysvinit script 'plymouth-log' found, but systemd unit 'plymouth-log.service' already exists [DEBUG ] sysvinit script 'plymouth' found, but systemd unit 'plymouth.service' already exists [DEBUG ] sysvinit script 'open-vm-tools' found, but systemd unit 'open-vm-tools.service' already exists [INFO ] {'salt-minion': True} [INFO ] Completed state [salt-minion] at time 11:46:38.130005 duration_in_ms=1254.11 [INFO ] Running state [/etc/samba/.sift-samba] at time 11:46:38.130252 [INFO ] Executing state file.managed for /etc/samba/.sift-samba [INFO ] File changed: New file [INFO ] Completed state [/etc/samba/.sift-samba] at time 11:46:38.138292 duration_in_ms=8.04 [DEBUG ] LazyLoaded cyg.list [DEBUG ] Module DSC: Only available on Windows systems [DEBUG ] Module PSGet: Only available on Windows systems [DEBUG ] Could not LazyLoad postgres.datadir_init: 'postgres' __virtual__ returned False: psql was not found [DEBUG ] LazyLoaded postgres.privileges_grant [DEBUG ] LazyLoaded postgres.create_extension [DEBUG ] LazyLoaded zabbix.host_create [DEBUG ] LazyLoaded dockerng.version [DEBUG ] LazyLoaded win_dns_client.add_dns [DEBUG ] LazyLoaded rdp.enable [DEBUG ] LazyLoaded boto_iam.get_user [DEBUG ] LazyLoaded makeconf.get_var [DEBUG ] LazyLoaded boto_sns.exists [DEBUG ] LazyLoaded memcached.status [DEBUG ] Could not LazyLoad docker.version: 'docker.version' is not available. [DEBUG ] Could not LazyLoad influxdb.db_exists: 'influxdb.db_exists' is not available. [DEBUG ] LazyLoaded win_dacl.add_ace [DEBUG ] Could not LazyLoad influxdb08.db_exists: 'influxdb08.db_exists' is not available. [DEBUG ] LazyLoaded boto_rds.exists [DEBUG ] LazyLoaded kapacitor.version [DEBUG ] LazyLoaded boto_elasticsearch_domain.exists [DEBUG ] LazyLoaded boto_lambda.function_exists [DEBUG ] LazyLoaded boto_asg.exists [DEBUG ] LazyLoaded chocolatey.install [DEBUG ] LazyLoaded quota.report [DEBUG ] LazyLoaded boto_datapipeline.create_pipeline [DEBUG ] LazyLoaded tomcat.status [DEBUG ] LazyLoaded splunk.list_users [DEBUG ] LazyLoaded bower.list [DEBUG ] LazyLoaded boto_vpc.exists [DEBUG ] Could not LazyLoad influxdb08.db_exists: 'influxdb08.db_exists' is not available. [DEBUG ] LazyLoaded postgres.group_create [DEBUG ] LazyLoaded boto_elb.exists [DEBUG ] LazyLoaded zk_concurrency.lock [DEBUG ] LazyLoaded win_snmp.get_agent_settings [DEBUG ] LazyLoaded boto_secgroup.exists [DEBUG ] LazyLoaded zabbix.user_create [DEBUG ] LazyLoaded xmpp.send_msg [DEBUG ] LazyLoaded zabbix.usergroup_create [DEBUG ] LazyLoaded postgres.language_create [DEBUG ] LazyLoaded npm.list [DEBUG ] LazyLoaded splunk_search.get [DEBUG ] LazyLoaded portage_config.get_missing_flags [DEBUG ] LazyLoaded openvswitch.bridge_create [DEBUG ] LazyLoaded win_iis.create_site [DEBUG ] LazyLoaded boto_s3_bucket.exists [DEBUG ] Could not LazyLoad lgpo.set: 'lgpo.set' is not available. [DEBUG ] LazyLoaded postgres.schema_exists [DEBUG ] LazyLoaded boto_dynamodb.exists [DEBUG ] LazyLoaded boto_cloudwatch.get_alarm [DEBUG ] LazyLoaded snapper.diff [DEBUG ] Could not LazyLoad augeas.execute: 'augeas.execute' is not available. [DEBUG ] Could not LazyLoad influxdb.db_exists: 'influxdb.db_exists' is not available. [DEBUG ] LazyLoaded nftables.version [DEBUG ] LazyLoaded github.list_users [DEBUG ] LazyLoaded boto_asg.exists [DEBUG ] LazyLoaded boto_cfn.exists [DEBUG ] LazyLoaded boto_elasticache.exists [DEBUG ] LazyLoaded stormpath.create_account [DEBUG ] LazyLoaded boto_cognitoidentity.describe_identity_pools [DEBUG ] LazyLoaded win_pki.get_stores [DEBUG ] Could not LazyLoad vmadm.create: 'vmadm.create' is not available. [DEBUG ] LazyLoaded keystone.auth [DEBUG ] LazyLoaded pecl.list [DEBUG ] LazyLoaded ifttt.trigger_event [DEBUG ] LazyLoaded boto_iam.role_exists [DEBUG ] LazyLoaded win_path.rehash [DEBUG ] LazyLoaded win_servermanager.install [DEBUG ] LazyLoaded chassis.cmd [DEBUG ] LazyLoaded layman.add [DEBUG ] Could not LazyLoad firewall.get_config: 'firewall.get_config' is not available. [DEBUG ] LazyLoaded mongodb.user_exists [DEBUG ] LazyLoaded monit.summary [DEBUG ] LazyLoaded postgres.user_exists [DEBUG ] LazyLoaded trafficserver.set_config [DEBUG ] LazyLoaded chef.client [DEBUG ] LazyLoaded acme.cert [DEBUG ] LazyLoaded boto_sqs.exists [DEBUG ] LazyLoaded boto_route53.get_record [DEBUG ] LazyLoaded eselect.exec_action [DEBUG ] LazyLoaded virt.node_info [DEBUG ] LazyLoaded boto_kms.describe_key [DEBUG ] Could not LazyLoad elasticsearch.exists: 'elasticsearch.exists' is not available. [DEBUG ] LazyLoaded postgres.cluster_exists [DEBUG ] LazyLoaded lvs.get_rules [DEBUG ] LazyLoaded at.at [DEBUG ] LazyLoaded boto_cloudtrail.exists [DEBUG ] LazyLoaded victorops.create_event [DEBUG ] LazyLoaded postgres.user_exists [DEBUG ] Could not LazyLoad redis.set_key: 'redis.set_key' is not available. [DEBUG ] LazyLoaded boto_ec2.get_key [DEBUG ] LazyLoaded zabbix.hostgroup_create [DEBUG ] LazyLoaded boto_iot.policy_exists [DEBUG ] LazyLoaded boto_cloudwatch_event.exists [DEBUG ] LazyLoaded esxi.cmd [DEBUG ] LazyLoaded win_smtp_server.get_server_setting [DEBUG ] LazyLoaded reg.read_value [DEBUG ] LazyLoaded zpool.create [DEBUG ] LazyLoaded openvswitch.port_add [DEBUG ] LazyLoaded lvs.get_rules [DEBUG ] LazyLoaded boto_apigateway.describe_apis [DEBUG ] LazyLoaded glusterfs.list_volumes [DEBUG ] LazyLoaded postgres.tablespace_exists [DEBUG ] LazyLoaded ipset.version [DEBUG ] LazyLoaded cisconso.set_data_value [DEBUG ] LazyLoaded selinux.getenforce [DEBUG ] LazyLoaded nxos.cmd [DEBUG ] Could not LazyLoad file.mod_watch: 'file.mod_watch' is not available. [INFO ] Running state [/etc/samba/smb.conf] at time 11:46:38.546204 [INFO ] Executing state file.managed for /etc/samba/smb.conf [DEBUG ] In saltenv 'base', looking at rel_path 'sift/files/samba/smb.conf' to resolve 'salt://sift/files/samba/smb.conf' [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/files/samba/smb.conf' to resolve 'salt://sift/files/samba/smb.conf' [DEBUG ] Fetching file from saltenv 'base', ** attempting ** 'salt://sift/files/samba/smb.conf' [DEBUG ] No dest file found [INFO ] Fetching file from saltenv 'base', ** done ** 'sift/files/samba/smb.conf' [INFO ] File changed: --- +++ @@ -1,260 +1,25 @@ -# -# Sample configuration file for the Samba suite for Debian GNU/Linux. -# -# -# This is the main Samba configuration file. You should read the -# smb.conf(5) manual page in order to understand the options listed -# here. Samba has a huge number of configurable options most of which -# are not shown in this example -# -# Some options that are often worth tuning have been included as -# commented-out examples in this file. -# - When such options are commented with ";", the proposed setting -# differs from the default Samba behaviour -# - When commented with "#", the proposed setting is the default -# behaviour of Samba but the option is considered important -# enough to be mentioned here -# -# NOTE: Whenever you modify this file you should run the command -# "testparm" to check that you have not made any basic syntactic -# errors. +#======================= Global Settings ===================================== +[global] + workgroup = sans + server string = SIFT WORKSTATION +; netbios name = siftworkstation + security = user + map to guest = bad user + dns proxy = no +; encrypt passwords = yes + guest ok = yes + guest account = sansforensics + name resolve order = host bcast lmhost wins + username map = /etc/samba/smbusers -#======================= Global Settings ======================= +[cases] + path = /cases + writeable = yes +; browseable = yes + guest ok = yes -[global] - -## Browsing/Identification ### - -# Change this to the workgroup/NT-domain name your Samba server will part of - workgroup = WORKGROUP - -# server string is the equivalent of the NT Description field - server string = %h server (Samba, Ubuntu) - -# Windows Internet Name Serving Support Section: -# WINS Support - Tells the NMBD component of Samba to enable its WINS Server -# wins support = no - -# WINS Server - Tells the NMBD components of Samba to be a WINS Client -# Note: Samba can be either a WINS Server, or a WINS Client, but NOT both -; wins server = w.x.y.z - -# This will prevent nmbd to search for NetBIOS names through DNS. - dns proxy = no - -#### Networking #### - -# The specific set of interfaces / networks to bind to -# This can be either the interface name or an IP address/netmask; -# interface names are normally preferred -; interfaces = 127.0.0.0/8 eth0 - -# Only bind to the named interfaces and/or networks; you must use the -# 'interfaces' option above to use this. -# It is recommended that you enable this feature if your Samba machine is -# not protected by a firewall or is a firewall itself. However, this -# option cannot handle dynamic or non-broadcast interfaces correctly. -; bind interfaces only = yes - - - -#### Debugging/Accounting #### - -# This tells Samba to use a separate log file for each machine -# that connects - log file = /var/log/samba/log.%m - -# Cap the size of the individual log files (in KiB). - max log size = 1000 - -# If you want Samba to only log through syslog then set the following -# parameter to 'yes'. -# syslog only = no - -# We want Samba to log a minimum amount of information to syslog. Everything -# should go to /var/log/samba/log.{smbd,nmbd} instead. If you want to log -# through syslog you should set the following parameter to something higher. - syslog = 0 - -# Do something sensible when Samba crashes: mail the admin a backtrace - panic action = /usr/share/samba/panic-action %d - - -####### Authentication ####### - -# Server role. Defines in which mode Samba will operate. Possible -# values are "standalone server", "member server", "classic primary -# domain controller", "classic backup domain controller", "active -# directory domain controller". -# -# Most people will want "standalone sever" or "member server". -# Running as "active directory domain controller" will require first -# running "samba-tool domain provision" to wipe databases and create a -# new domain. - server role = standalone server - -# If you are using encrypted passwords, Samba will need to know what -# password database type you are using. - passdb backend = tdbsam - - obey pam restrictions = yes - -# This boolean parameter controls whether Samba attempts to sync the Unix -# password with the SMB password when the encrypted SMB password in the -# passdb is changed. - unix password sync = yes - -# For Unix password sync to work on a Debian GNU/Linux system, the following -# parameters must be set (thanks to Ian Kahan < for -# sending the correct chat script for the passwd program in Debian Sarge). - passwd program = /usr/bin/passwd %u - passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* . - -# This boolean controls whether PAM will be used for password changes -# when requested by an SMB client instead of the program listed in -# 'passwd program'. The default is 'no'. - pam password change = yes - -# This option controls how unsuccessful authentication attempts are mapped -# to anonymous connections - map to guest = bad user - -########## Domains ########### - -# -# The following settings only takes effect if 'server role = primary -# classic domain controller', 'server role = backup domain controller' -# or 'domain logons' is set -# - -# It specifies the location of the user's -# profile directory from the client point of view) The following -# required a [profiles] share to be setup on the samba server (see -# below) -; logon path = \\%N\profiles\%U -# Another common choice is storing the profile in the user's home directory -# (this is Samba's default) -# logon path = \\%N\%U\profile - -# The following setting only takes effect if 'domain logons' is set -# It specifies the location of a user's home directory (from the client -# point of view) -; logon drive = H: -# logon home = \\%N\%U - -# The following setting only takes effect if 'domain logons' is set -# It specifies the script to run during logon. The script must be stored -# in the [netlogon] share -# NOTE: Must be store in 'DOS' file format convention -; logon script = logon.cmd - -# This allows Unix users to be created on the domain controller via the SAMR -# RPC pipe. The example command creates a user account with a disabled Unix -# password; please adapt to your needs -; add user script = /usr/sbin/adduser --quiet --disabled-password --gecos "" %u - -# This allows machine accounts to be created on the domain controller via the -# SAMR RPC pipe. -# The following assumes a "machines" group exists on the system -; add machine script = /usr/sbin/useradd -g machines -c "%u machine account" -d /var/lib/samba -s /bin/false %u - -# This allows Unix groups to be created on the domain controller via the SAMR -# RPC pipe. -; add group script = /usr/sbin/addgroup --force-badname %g - -############ Misc ############ - -# Using the following line enables you to customise your configuration -# on a per machine basis. The %m gets replaced with the netbios name -# of the machine that is connecting -; include = /home/samba/etc/smb.conf.%m - -# Some defaults for winbind (make sure you're not using the ranges -# for something else.) -; idmap uid = 10000-20000 -; idmap gid = 10000-20000 -; template shell = /bin/bash - -# Setup usershare options to enable non-root users to share folders -# with the net usershare command. - -# Maximum number of usershare. 0 (default) means that usershare is disabled. -; usershare max shares = 100 - -# Allow users who've been granted usershare privileges to create -# public shares, not just authenticated ones - usershare allow guests = yes - -#======================= Share Definitions ======================= - -# Un-comment the following (and tweak the other settings below to suit) -# to enable the default home directory shares. This will share each -# user's home directory as \\server\username -;[homes] -; comment = Home Directories -; browseable = no - -# By default, the home directories are exported read-only. Change the -# next parameter to 'no' if you want to be able to write to them. -; read only = yes - -# File creation mask is set to 0700 for security reasons. If you want to -# create files with group=rw permissions, set next parameter to 0775. -; create mask = 0700 - -# Directory creation mask is set to 0700 for security reasons. If you want to -# create dirs. with group=rw permissions, set next parameter to 0775. -; directory mask = 0700 - -# By default, \\server\username shares can be connected to by anyone -# with access to the samba server. -# Un-comment the following parameter to make sure that only "username" -# can connect to \\server\username -# This might need tweaking when using external authentication schemes -; valid users = %S - -# Un-comment the following and create the netlogon directory for Domain Logons -# (you need to configure Samba to act as a domain controller too.) -;[netlogon] -; comment = Network Logon Service -; path = /home/samba/netlogon -; guest ok = yes -; read only = yes - -# Un-comment the following and create the profiles directory to store -# users profiles (see the "logon path" option above) -# (you need to configure Samba to act as a domain controller too.) -# The path below should be writable by all users so that their -# profile directory may be created the first time they log on -;[profiles] -; comment = Users profiles -; path = /home/samba/profiles -; guest ok = no -; browseable = no -; create mask = 0600 -; directory mask = 0700 - -[printers] - comment = All Printers - browseable = no - path = /var/spool/samba - printable = yes - guest ok = no - read only = yes - create mask = 0700 - -# Windows clients look for this share name as a source of downloadable -# printer drivers -[print$] - comment = Printer Drivers - path = /var/lib/samba/printers - browseable = yes - read only = yes - guest ok = no -# Uncomment to allow remote administration of Windows print drivers. -# You may need to replace 'lpadmin' with the name of the group your -# admin users are members of. -# Please note that you also need to set appropriate Unix permissions -# to the drivers directory for these users to have write rights in it -; write list = root, @lpadmin - +[mnt] + path = /mnt +; writeable = No +; browseable = yes + guest ok = yes [INFO ] Completed state [/etc/samba/smb.conf] at time 11:46:38.556149 duration_in_ms=9.946 [INFO ] Running state [smbd] at time 11:46:38.559908 [INFO ] Executing state service.running for smbd [INFO ] Executing command ['systemctl', 'status', 'smbd.service', '-n', '0'] in directory '/home/sansforensics' [DEBUG ] stdout: * smbd.service - LSB: start Samba SMB/CIFS daemon (smbd) Loaded: loaded (/etc/init.d/smbd; bad; vendor preset: enabled) Active: active (running) since Mon 2017-07-10 11:37:00 UTC; 9min ago Docs: man:systemd-sysv-generator(8) CGroup: /system.slice/smbd.service |-117394 /usr/sbin/smbd -D |-117397 /usr/sbin/smbd -D `-117400 /usr/sbin/smbd -D [INFO ] Executing command ['systemctl', 'is-active', 'smbd.service'] in directory '/home/sansforensics' [DEBUG ] output: active [INFO ] Executing command ['systemctl', 'is-enabled', 'smbd.service'] in directory '/home/sansforensics' [DEBUG ] output: smbd.service is not a native service, redirecting to systemd-sysv-install Executing /lib/systemd/systemd-sysv-install is-enabled smbd enabled [INFO ] The service smbd is already running [INFO ] Completed state [smbd] at time 11:46:38.651168 duration_in_ms=91.259 [INFO ] Running state [smbd] at time 11:46:38.651431 [INFO ] Executing state service.mod_watch for smbd [INFO ] Executing command ['systemctl', 'is-active', 'smbd.service'] in directory '/home/sansforensics' [DEBUG ] output: active [DEBUG ] LazyLoaded service.full_restart [INFO ] Executing command ['systemctl', 'is-enabled', 'smbd.service'] in directory '/home/sansforensics' [DEBUG ] output: smbd.service is not a native service, redirecting to systemd-sysv-install Executing /lib/systemd/systemd-sysv-install is-enabled smbd enabled [DEBUG ] Service 'smbd' is not masked [INFO ] Executing command ['systemd-run', '--scope', 'systemctl', 'restart', 'smbd.service'] in directory '/home/sansforensics' [DEBUG ] output: Running scope as unit run-r80ba344624f54fb8a1cae5b02733926e.scope. [INFO ] {'smbd': True} [INFO ] Completed state [smbd] at time 11:46:40.113756 duration_in_ms=1462.323 [INFO ] Running state [nmbd] at time 11:46:40.120534 [INFO ] Executing state service.running for nmbd [INFO ] Executing command ['systemctl', 'status', 'nmbd.service', '-n', '0'] in directory '/home/sansforensics' [DEBUG ] stdout: * nmbd.service - LSB: start Samba NetBIOS nameserver (nmbd) Loaded: loaded (/etc/init.d/nmbd; bad; vendor preset: enabled) Active: active (running) since Mon 2017-07-10 11:37:00 UTC; 9min ago Docs: man:systemd-sysv-generator(8) Tasks: 1 Memory: 4.4M CPU: 207ms CGroup: /system.slice/nmbd.service `-117483 /usr/sbin/nmbd -D [INFO ] Executing command ['systemctl', 'is-active', 'nmbd.service'] in directory '/home/sansforensics' [DEBUG ] output: active [INFO ] Executing command ['systemctl', 'is-enabled', 'nmbd.service'] in directory '/home/sansforensics' [DEBUG ] output: nmbd.service is not a native service, redirecting to systemd-sysv-install Executing /lib/systemd/systemd-sysv-install is-enabled nmbd enabled [INFO ] The service nmbd is already running [INFO ] Completed state [nmbd] at time 11:46:40.230166 duration_in_ms=109.633 [INFO ] Running state [nmbd] at time 11:46:40.230461 [INFO ] Executing state service.mod_watch for nmbd [INFO ] Executing command ['systemctl', 'is-active', 'nmbd.service'] in directory '/home/sansforensics' [DEBUG ] output: active [DEBUG ] LazyLoaded service.full_restart [INFO ] Executing command ['systemctl', 'is-enabled', 'nmbd.service'] in directory '/home/sansforensics' [DEBUG ] output: nmbd.service is not a native service, redirecting to systemd-sysv-install Executing /lib/systemd/systemd-sysv-install is-enabled nmbd enabled [DEBUG ] Service 'nmbd' is not masked [INFO ] Executing command ['systemd-run', '--scope', 'systemctl', 'restart', 'nmbd.service'] in directory '/home/sansforensics' [DEBUG ] output: Running scope as unit run-r09174fb2230d4fbeb37a5a93a443fb1d.scope. [INFO ] {'nmbd': True} [INFO ] Completed state [nmbd] at time 11:46:41.716495 duration_in_ms=1486.031 [INFO ] Running state [sift-config] at time 11:46:41.733410 [INFO ] Executing state test.nop for sift-config [INFO ] Success! [INFO ] Completed state [sift-config] at time 11:46:41.734315 duration_in_ms=0.906 [DEBUG ] File /var/cache/salt/minion/accumulator/139753592381008 does not exist, no need to cleanup. [DEBUG ] LazyLoaded yaml.output local: archive_|-sift-scripts-virustotal-search-archive_|-/usr/local/src/virustotal-search-v0.1.4_|-extracted: __id__: sift-scripts-virustotal-search-archive __run_num__: 417 changes: directories_created: - /usr/local/src/virustotal-search-v0.1.4/ extracted_files: - virustotal-search.py comment: https://didierstevens.com/files/software/virustotal-search_V0_1_4.zip extracted to /usr/local/src/virustotal-search-v0.1.4/, due to absence of one or more files/dirs duration: 870.209 name: /usr/local/src/virustotal-search-v0.1.4 result: true start_time: '13:46:33.301808' archive_|-sift-scripts-virustotal-submit-archive_|-/usr/local/src/virustotal-submit-v0.0.3_|-extracted: __id__: sift-scripts-virustotal-submit-archive __run_num__: 419 changes: directories_created: - /usr/local/src/virustotal-submit-v0.0.3/ extracted_files: - virustotal-submit.py comment: https://didierstevens.com/files/software/virustotal-submit_V0_0_3.zip extracted to /usr/local/src/virustotal-submit-v0.0.3/, due to absence of one or more files/dirs duration: 713.602 name: /usr/local/src/virustotal-submit-v0.0.3 result: true start_time: '13:46:34.203791' archive_|-sift-tool-densityscout-archive_|-/usr/local/src/densityscout/densityscout_build_45_linux_|-extracted: __id__: sift-tool-densityscout-archive __run_num__: 268 changes: directories_created: - /usr/local/src/densityscout/densityscout_build_45_linux/ extracted_files: - license.txt - lin32/densityscout - lin64/densityscout comment: http://cert.at/static/downloads/software/densityscout/densityscout_build_45_linux.zip extracted to /usr/local/src/densityscout/densityscout_build_45_linux/, due to absence of one or more files/dirs duration: 2614.088 name: /usr/local/src/densityscout/densityscout_build_45_linux result: true start_time: '13:44:01.986907' cmd_|-hostname-set-hostname_|-hostnamectl set-hostname siftworkstation_|-run: __id__: hostname-set-hostname __run_num__: 424 changes: pid: 20059 retcode: 0 stderr: '' stdout: '' comment: Command "hostnamectl set-hostname siftworkstation" run duration: 140.133 name: hostnamectl set-hostname siftworkstation result: true start_time: '13:46:35.622132' ? cmd_|-python-volatility-remove-LoicJaquement-Haystack_|-find /usr/lib/python2.7/dist-packages/volatility/plugins/community/ -name "Lo*cJaquemet" -exec rm -rf {} \;_|-run : __id__: python-volatility-remove-LoicJaquement-Haystack __run_num__: 178 changes: pid: 106579 retcode: 1 stderr: 'find: ''/usr/lib/python2.7/dist-packages/volatility/plugins/community/Lo\303\257cJaquemet'': No such file or directory' stdout: '' comment: Command "find /usr/lib/python2.7/dist-packages/volatility/plugins/community/ -name "Lo*cJaquemet" -exec rm -rf {} \;" run duration: 23.673 name: find /usr/lib/python2.7/dist-packages/volatility/plugins/community/ -name "Lo*cJaquemet" -exec rm -rf {} \; result: false start_time: '13:34:18.240462' ? 'cmd_|-sift-scripts-regripper-plugins-all_|-grep -R "my %config = (hive" /usr/local/share/regripper/plugins | grep "All" | cut -f1 -d: | xargs -n1 -I{} basename {} | sed ''s/.pl$//'' > /usr/local/share/regripper/plugins/all_|-wait' : __id__: sift-scripts-regripper-plugins-all __run_num__: 390 changes: pid: 19658 retcode: 0 stderr: '' stdout: '' comment: 'Command "grep -R "my %config = (hive" /usr/local/share/regripper/plugins | grep "All" | cut -f1 -d: | xargs -n1 -I{} basename {} | sed ''s/.pl$//'' > /usr/local/share/regripper/plugins/all" run' duration: 35.883 name: 'grep -R "my %config = (hive" /usr/local/share/regripper/plugins | grep "All" | cut -f1 -d: | xargs -n1 -I{} basename {} | sed ''s/.pl$//'' > /usr/local/share/regripper/plugins/all' result: true start_time: '13:46:29.331240' ? 'cmd_|-sift-scripts-regripper-plugins-ntuser_|-grep -R "my %config = (hive" /usr/local/share/regripper/plugins | grep "NTUSER" | cut -f1 -d: | xargs -n1 -I{} basename {} | sed ''s/.pl$//'' > /usr/local/share/regripper/plugins/ntuser_|-wait' : __id__: sift-scripts-regripper-plugins-ntuser __run_num__: 392 changes: pid: 19675 retcode: 0 stderr: '' stdout: '' comment: 'Command "grep -R "my %config = (hive" /usr/local/share/regripper/plugins | grep "NTUSER" | cut -f1 -d: | xargs -n1 -I{} basename {} | sed ''s/.pl$//'' > /usr/local/share/regripper/plugins/ntuser" run' duration: 117.817 name: 'grep -R "my %config = (hive" /usr/local/share/regripper/plugins | grep "NTUSER" | cut -f1 -d: | xargs -n1 -I{} basename {} | sed ''s/.pl$//'' > /usr/local/share/regripper/plugins/ntuser' result: true start_time: '13:46:29.370917' ? 'cmd_|-sift-scripts-regripper-plugins-sam_|-grep -R "my %config = (hive" /usr/local/share/regripper/plugins | grep "SAM" | cut -f1 -d: | xargs -n1 -I{} basename {} | sed ''s/.pl$//'' > /usr/local/share/regripper/plugins/sam_|-wait' : __id__: sift-scripts-regripper-plugins-sam __run_num__: 396 changes: pid: 19850 retcode: 0 stderr: '' stdout: '' comment: 'Command "grep -R "my %config = (hive" /usr/local/share/regripper/plugins | grep "SAM" | cut -f1 -d: | xargs -n1 -I{} basename {} | sed ''s/.pl$//'' > /usr/local/share/regripper/plugins/sam" run' duration: 38.73 name: 'grep -R "my %config = (hive" /usr/local/share/regripper/plugins | grep "SAM" | cut -f1 -d: | xargs -n1 -I{} basename {} | sed ''s/.pl$//'' > /usr/local/share/regripper/plugins/sam' result: true start_time: '13:46:29.538992' ? 'cmd_|-sift-scripts-regripper-plugins-security_|-grep -R "my %config = (hive" /usr/local/share/regripper/plugins | grep "Security" | cut -f1 -d: | xargs -n1 -I{} basename {} | sed ''s/.pl$//'' > /usr/local/share/regripper/plugins/security_|-wait' : __id__: sift-scripts-regripper-plugins-security __run_num__: 398 changes: pid: 19858 retcode: 0 stderr: '' stdout: '' comment: 'Command "grep -R "my %config = (hive" /usr/local/share/regripper/plugins | grep "Security" | cut -f1 -d: | xargs -n1 -I{} basename {} | sed ''s/.pl$//'' > /usr/local/share/regripper/plugins/security" run' duration: 35.615 name: 'grep -R "my %config = (hive" /usr/local/share/regripper/plugins | grep "Security" | cut -f1 -d: | xargs -n1 -I{} basename {} | sed ''s/.pl$//'' > /usr/local/share/regripper/plugins/security' result: true start_time: '13:46:29.583143' ? 'cmd_|-sift-scripts-regripper-plugins-software_|-grep -R "my %config = (hive" /usr/local/share/regripper/plugins | grep "Software" | cut -f1 -d: | xargs -n1 -I{} basename {} | sed ''s/.pl$//'' > /usr/local/share/regripper/plugins/software_|-wait' : __id__: sift-scripts-regripper-plugins-software __run_num__: 400 changes: pid: 19870 retcode: 0 stderr: '' stdout: '' comment: 'Command "grep -R "my %config = (hive" /usr/local/share/regripper/plugins | grep "Software" | cut -f1 -d: | xargs -n1 -I{} basename {} | sed ''s/.pl$//'' > /usr/local/share/regripper/plugins/software" run' duration: 99.646 name: 'grep -R "my %config = (hive" /usr/local/share/regripper/plugins | grep "Software" | cut -f1 -d: | xargs -n1 -I{} basename {} | sed ''s/.pl$//'' > /usr/local/share/regripper/plugins/software' result: true start_time: '13:46:29.625430' ? 'cmd_|-sift-scripts-regripper-plugins-system_|-grep -R "my %config = (hive" /usr/local/share/regripper/plugins | grep "System" | cut -f1 -d: | xargs -n1 -I{} basename {} | sed ''s/.pl$//'' > /usr/local/share/regripper/plugins/system_|-wait' : __id__: sift-scripts-regripper-plugins-system __run_num__: 402 changes: pid: 19974 retcode: 0 stderr: '' stdout: '' comment: 'Command "grep -R "my %config = (hive" /usr/local/share/regripper/plugins | grep "System" | cut -f1 -d: | xargs -n1 -I{} basename {} | sed ''s/.pl$//'' > /usr/local/share/regripper/plugins/system" run' duration: 81.092 name: 'grep -R "my %config = (hive" /usr/local/share/regripper/plugins | grep "System" | cut -f1 -d: | xargs -n1 -I{} basename {} | sed ''s/.pl$//'' > /usr/local/share/regripper/plugins/system' result: true start_time: '13:46:29.737234' ? 'cmd_|-sift-scripts-regripper-plugins-usrclass_|-grep -R "my %config = (hive" /usr/local/share/regripper/plugins | grep "USRCLASS" | cut -f1 -d: | xargs -n1 -I{} basename {} | sed ''s/.pl$//'' > /usr/local/share/regripper/plugins/usrclass_|-wait' : __id__: sift-scripts-regripper-plugins-usrclass __run_num__: 394 changes: pid: 19836 retcode: 0 stderr: '' stdout: '' comment: 'Command "grep -R "my %config = (hive" /usr/local/share/regripper/plugins | grep "USRCLASS" | cut -f1 -d: | xargs -n1 -I{} basename {} | sed ''s/.pl$//'' > /usr/local/share/regripper/plugins/usrclass" run' duration: 40.4 name: 'grep -R "my %config = (hive" /usr/local/share/regripper/plugins | grep "USRCLASS" | cut -f1 -d: | xargs -n1 -I{} basename {} | sed ''s/.pl$//'' > /usr/local/share/regripper/plugins/usrclass' result: true start_time: '13:46:29.492829' cmd_|-sift-wine-i386-arch_|-dpkg --add-architecture i386_|-run: __id__: sift-wine-i386-arch __run_num__: 204 changes: {} comment: unless execution succeeded duration: 23.234 name: dpkg --add-architecture i386 result: true skip_watch: true start_time: '13:36:09.535499' file_|-/mnt/aff_|-/mnt/aff_|-directory: __id__: /mnt/aff __run_num__: 451 changes: /mnt/aff: New Dir comment: Directory /mnt/aff updated duration: 1.267 name: /mnt/aff pchanges: /mnt/aff: directory: new result: true start_time: '11:46:36.480454' file_|-/mnt/bde_|-/mnt/bde_|-directory: __id__: /mnt/bde __run_num__: 453 changes: /mnt/bde: New Dir comment: Directory /mnt/bde updated duration: 0.997 name: /mnt/bde pchanges: /mnt/bde: directory: new result: true start_time: '11:46:36.483327' file_|-/mnt/e01_|-/mnt/e01_|-directory: __id__: /mnt/e01 __run_num__: 450 changes: /mnt/e01: New Dir comment: Directory /mnt/e01 updated duration: 1.063 name: /mnt/e01 pchanges: /mnt/e01: directory: new result: true start_time: '11:46:36.479177' file_|-/mnt/ewf_|-/mnt/ewf_|-directory: __id__: /mnt/ewf __run_num__: 452 changes: /mnt/ewf: New Dir comment: Directory /mnt/ewf updated duration: 1.232 name: /mnt/ewf pchanges: /mnt/ewf: directory: new result: true start_time: '11:46:36.481943' file_|-/mnt/iscsi_|-/mnt/iscsi_|-directory: __id__: /mnt/iscsi __run_num__: 454 changes: /mnt/iscsi: New Dir comment: Directory /mnt/iscsi updated duration: 0.861 name: /mnt/iscsi pchanges: /mnt/iscsi: directory: new result: true start_time: '11:46:36.484492' file_|-/mnt/shadow/vss10_|-/mnt/shadow/vss10_|-directory: __id__: /mnt/shadow/vss10 __run_num__: 469 changes: /mnt/shadow/vss10: New Dir comment: Directory /mnt/shadow/vss10 updated duration: 1.295 name: /mnt/shadow/vss10 pchanges: /mnt/shadow/vss10: directory: new result: true start_time: '11:46:36.509922' file_|-/mnt/shadow/vss11_|-/mnt/shadow/vss11_|-directory: __id__: /mnt/shadow/vss11 __run_num__: 470 changes: /mnt/shadow/vss11: New Dir comment: Directory /mnt/shadow/vss11 updated duration: 1.066 name: /mnt/shadow/vss11 pchanges: /mnt/shadow/vss11: directory: new result: true start_time: '11:46:36.511434' file_|-/mnt/shadow/vss12_|-/mnt/shadow/vss12_|-directory: __id__: /mnt/shadow/vss12 __run_num__: 471 changes: /mnt/shadow/vss12: New Dir comment: Directory /mnt/shadow/vss12 updated duration: 1.091 name: /mnt/shadow/vss12 pchanges: /mnt/shadow/vss12: directory: new result: true start_time: '11:46:36.512727' file_|-/mnt/shadow/vss13_|-/mnt/shadow/vss13_|-directory: __id__: /mnt/shadow/vss13 __run_num__: 472 changes: /mnt/shadow/vss13: New Dir comment: Directory /mnt/shadow/vss13 updated duration: 1.243 name: /mnt/shadow/vss13 pchanges: /mnt/shadow/vss13: directory: new result: true start_time: '11:46:36.514033' file_|-/mnt/shadow/vss14_|-/mnt/shadow/vss14_|-directory: __id__: /mnt/shadow/vss14 __run_num__: 473 changes: /mnt/shadow/vss14: New Dir comment: Directory /mnt/shadow/vss14 updated duration: 1.424 name: /mnt/shadow/vss14 pchanges: /mnt/shadow/vss14: directory: new result: true start_time: '11:46:36.515488' file_|-/mnt/shadow/vss15_|-/mnt/shadow/vss15_|-directory: __id__: /mnt/shadow/vss15 __run_num__: 474 changes: /mnt/shadow/vss15: New Dir comment: Directory /mnt/shadow/vss15 updated duration: 1.317 name: /mnt/shadow/vss15 pchanges: /mnt/shadow/vss15: directory: new result: true start_time: '11:46:36.517100' file_|-/mnt/shadow/vss16_|-/mnt/shadow/vss16_|-directory: __id__: /mnt/shadow/vss16 __run_num__: 475 changes: /mnt/shadow/vss16: New Dir comment: Directory /mnt/shadow/vss16 updated duration: 1.679 name: /mnt/shadow/vss16 pchanges: /mnt/shadow/vss16: directory: new result: true start_time: '11:46:36.518599' file_|-/mnt/shadow/vss17_|-/mnt/shadow/vss17_|-directory: __id__: /mnt/shadow/vss17 __run_num__: 476 changes: /mnt/shadow/vss17: New Dir comment: Directory /mnt/shadow/vss17 updated duration: 1.39 name: /mnt/shadow/vss17 pchanges: /mnt/shadow/vss17: directory: new result: true start_time: '11:46:36.520468' file_|-/mnt/shadow/vss18_|-/mnt/shadow/vss18_|-directory: __id__: /mnt/shadow/vss18 __run_num__: 477 changes: /mnt/shadow/vss18: New Dir comment: Directory /mnt/shadow/vss18 updated duration: 1.824 name: /mnt/shadow/vss18 pchanges: /mnt/shadow/vss18: directory: new result: true start_time: '11:46:36.522081' file_|-/mnt/shadow/vss19_|-/mnt/shadow/vss19_|-directory: __id__: /mnt/shadow/vss19 __run_num__: 478 changes: /mnt/shadow/vss19: New Dir comment: Directory /mnt/shadow/vss19 updated duration: 1.694 name: /mnt/shadow/vss19 pchanges: /mnt/shadow/vss19: directory: new result: true start_time: '11:46:36.524265' file_|-/mnt/shadow/vss1_|-/mnt/shadow/vss1_|-directory: __id__: /mnt/shadow/vss1 __run_num__: 460 changes: /mnt/shadow/vss1: New Dir comment: Directory /mnt/shadow/vss1 updated duration: 1.388 name: /mnt/shadow/vss1 pchanges: /mnt/shadow/vss1: directory: new result: true start_time: '11:46:36.492552' file_|-/mnt/shadow/vss20_|-/mnt/shadow/vss20_|-directory: __id__: /mnt/shadow/vss20 __run_num__: 479 changes: /mnt/shadow/vss20: New Dir comment: Directory /mnt/shadow/vss20 updated duration: 1.494 name: /mnt/shadow/vss20 pchanges: /mnt/shadow/vss20: directory: new result: true start_time: '11:46:36.526209' file_|-/mnt/shadow/vss21_|-/mnt/shadow/vss21_|-directory: __id__: /mnt/shadow/vss21 __run_num__: 480 changes: /mnt/shadow/vss21: New Dir comment: Directory /mnt/shadow/vss21 updated duration: 1.429 name: /mnt/shadow/vss21 pchanges: /mnt/shadow/vss21: directory: new result: true start_time: '11:46:36.527972' file_|-/mnt/shadow/vss22_|-/mnt/shadow/vss22_|-directory: __id__: /mnt/shadow/vss22 __run_num__: 481 changes: /mnt/shadow/vss22: New Dir comment: Directory /mnt/shadow/vss22 updated duration: 1.445 name: /mnt/shadow/vss22 pchanges: /mnt/shadow/vss22: directory: new result: true start_time: '11:46:36.529609' file_|-/mnt/shadow/vss23_|-/mnt/shadow/vss23_|-directory: __id__: /mnt/shadow/vss23 __run_num__: 482 changes: /mnt/shadow/vss23: New Dir comment: Directory /mnt/shadow/vss23 updated duration: 1.43 name: /mnt/shadow/vss23 pchanges: /mnt/shadow/vss23: directory: new result: true start_time: '11:46:36.531256' file_|-/mnt/shadow/vss24_|-/mnt/shadow/vss24_|-directory: __id__: /mnt/shadow/vss24 __run_num__: 483 changes: /mnt/shadow/vss24: New Dir comment: Directory /mnt/shadow/vss24 updated duration: 1.344 name: /mnt/shadow/vss24 pchanges: /mnt/shadow/vss24: directory: new result: true start_time: '11:46:36.532897' file_|-/mnt/shadow/vss25_|-/mnt/shadow/vss25_|-directory: __id__: /mnt/shadow/vss25 __run_num__: 484 changes: /mnt/shadow/vss25: New Dir comment: Directory /mnt/shadow/vss25 updated duration: 1.272 name: /mnt/shadow/vss25 pchanges: /mnt/shadow/vss25: directory: new result: true start_time: '11:46:36.534451' file_|-/mnt/shadow/vss26_|-/mnt/shadow/vss26_|-directory: __id__: /mnt/shadow/vss26 __run_num__: 485 changes: /mnt/shadow/vss26: New Dir comment: Directory /mnt/shadow/vss26 updated duration: 1.299 name: /mnt/shadow/vss26 pchanges: /mnt/shadow/vss26: directory: new result: true start_time: '11:46:36.535923' file_|-/mnt/shadow/vss27_|-/mnt/shadow/vss27_|-directory: __id__: /mnt/shadow/vss27 __run_num__: 486 changes: /mnt/shadow/vss27: New Dir comment: Directory /mnt/shadow/vss27 updated duration: 1.029 name: /mnt/shadow/vss27 pchanges: /mnt/shadow/vss27: directory: new result: true start_time: '11:46:36.537414' file_|-/mnt/shadow/vss28_|-/mnt/shadow/vss28_|-directory: __id__: /mnt/shadow/vss28 __run_num__: 487 changes: /mnt/shadow/vss28: New Dir comment: Directory /mnt/shadow/vss28 updated duration: 1.051 name: /mnt/shadow/vss28 pchanges: /mnt/shadow/vss28: directory: new result: true start_time: '11:46:36.538653' file_|-/mnt/shadow/vss29_|-/mnt/shadow/vss29_|-directory: __id__: /mnt/shadow/vss29 __run_num__: 488 changes: /mnt/shadow/vss29: New Dir comment: Directory /mnt/shadow/vss29 updated duration: 1.205 name: /mnt/shadow/vss29 pchanges: /mnt/shadow/vss29: directory: new result: true start_time: '11:46:36.539921' file_|-/mnt/shadow/vss2_|-/mnt/shadow/vss2_|-directory: __id__: /mnt/shadow/vss2 __run_num__: 461 changes: /mnt/shadow/vss2: New Dir comment: Directory /mnt/shadow/vss2 updated duration: 2.66 name: /mnt/shadow/vss2 pchanges: /mnt/shadow/vss2: directory: new result: true start_time: '11:46:36.494384' file_|-/mnt/shadow/vss30_|-/mnt/shadow/vss30_|-directory: __id__: /mnt/shadow/vss30 __run_num__: 489 changes: /mnt/shadow/vss30: New Dir comment: Directory /mnt/shadow/vss30 updated duration: 1.164 name: /mnt/shadow/vss30 pchanges: /mnt/shadow/vss30: directory: new result: true start_time: '11:46:36.541285' file_|-/mnt/shadow/vss3_|-/mnt/shadow/vss3_|-directory: __id__: /mnt/shadow/vss3 __run_num__: 462 changes: /mnt/shadow/vss3: New Dir comment: Directory /mnt/shadow/vss3 updated duration: 1.674 name: /mnt/shadow/vss3 pchanges: /mnt/shadow/vss3: directory: new result: true start_time: '11:46:36.497529' file_|-/mnt/shadow/vss4_|-/mnt/shadow/vss4_|-directory: __id__: /mnt/shadow/vss4 __run_num__: 463 changes: /mnt/shadow/vss4: New Dir comment: Directory /mnt/shadow/vss4 updated duration: 1.403 name: /mnt/shadow/vss4 pchanges: /mnt/shadow/vss4: directory: new result: true start_time: '11:46:36.499422' file_|-/mnt/shadow/vss5_|-/mnt/shadow/vss5_|-directory: __id__: /mnt/shadow/vss5 __run_num__: 464 changes: /mnt/shadow/vss5: New Dir comment: Directory /mnt/shadow/vss5 updated duration: 1.321 name: /mnt/shadow/vss5 pchanges: /mnt/shadow/vss5: directory: new result: true start_time: '11:46:36.501036' file_|-/mnt/shadow/vss6_|-/mnt/shadow/vss6_|-directory: __id__: /mnt/shadow/vss6 __run_num__: 465 changes: /mnt/shadow/vss6: New Dir comment: Directory /mnt/shadow/vss6 updated duration: 1.428 name: /mnt/shadow/vss6 pchanges: /mnt/shadow/vss6: directory: new result: true start_time: '11:46:36.502563' file_|-/mnt/shadow/vss7_|-/mnt/shadow/vss7_|-directory: __id__: /mnt/shadow/vss7 __run_num__: 466 changes: /mnt/shadow/vss7: New Dir comment: Directory /mnt/shadow/vss7 updated duration: 1.273 name: /mnt/shadow/vss7 pchanges: /mnt/shadow/vss7: directory: new result: true start_time: '11:46:36.504206' file_|-/mnt/shadow/vss8_|-/mnt/shadow/vss8_|-directory: __id__: /mnt/shadow/vss8 __run_num__: 467 changes: /mnt/shadow/vss8: New Dir comment: Directory /mnt/shadow/vss8 updated duration: 1.947 name: /mnt/shadow/vss8 pchanges: /mnt/shadow/vss8: directory: new result: true start_time: '11:46:36.505736' file_|-/mnt/shadow/vss9_|-/mnt/shadow/vss9_|-directory: __id__: /mnt/shadow/vss9 __run_num__: 468 changes: /mnt/shadow/vss9: New Dir comment: Directory /mnt/shadow/vss9 updated duration: 1.632 name: /mnt/shadow/vss9 pchanges: /mnt/shadow/vss9: directory: new result: true start_time: '11:46:36.507925' file_|-/mnt/shadow_|-/mnt/shadow_|-directory: __id__: /mnt/shadow __run_num__: 448 changes: /mnt/shadow: New Dir comment: Directory /mnt/shadow updated duration: 1.598 name: /mnt/shadow pchanges: /mnt/shadow: directory: new result: true start_time: '11:46:36.475696' file_|-/mnt/usb_|-/mnt/usb_|-directory: __id__: /mnt/usb __run_num__: 446 changes: /mnt/usb: New Dir comment: Directory /mnt/usb updated duration: 1.865 name: /mnt/usb pchanges: /mnt/usb: directory: new result: true start_time: '11:46:36.472026' file_|-/mnt/vss_|-/mnt/vss_|-directory: __id__: /mnt/vss __run_num__: 447 changes: /mnt/vss: New Dir comment: Directory /mnt/vss updated duration: 1.293 name: /mnt/vss pchanges: /mnt/vss: directory: new result: true start_time: '11:46:36.474153' file_|-/mnt/windows_mount1_|-/mnt/windows_mount1_|-directory: __id__: /mnt/windows_mount1 __run_num__: 455 changes: /mnt/windows_mount1: New Dir comment: Directory /mnt/windows_mount1 updated duration: 0.866 name: /mnt/windows_mount1 pchanges: /mnt/windows_mount1: directory: new result: true start_time: '11:46:36.485482' file_|-/mnt/windows_mount2_|-/mnt/windows_mount2_|-directory: __id__: /mnt/windows_mount2 __run_num__: 456 changes: /mnt/windows_mount2: New Dir comment: Directory /mnt/windows_mount2 updated duration: 1.263 name: /mnt/windows_mount2 pchanges: /mnt/windows_mount2: directory: new result: true start_time: '11:46:36.486486' file_|-/mnt/windows_mount3_|-/mnt/windows_mount3_|-directory: __id__: /mnt/windows_mount3 __run_num__: 457 changes: /mnt/windows_mount3: New Dir comment: Directory /mnt/windows_mount3 updated duration: 1.382 name: /mnt/windows_mount3 pchanges: /mnt/windows_mount3: directory: new result: true start_time: '11:46:36.487875' file_|-/mnt/windows_mount4_|-/mnt/windows_mount4_|-directory: __id__: /mnt/windows_mount4 __run_num__: 458 changes: /mnt/windows_mount4: New Dir comment: Directory /mnt/windows_mount4 updated duration: 1.463 name: /mnt/windows_mount4 pchanges: /mnt/windows_mount4: directory: new result: true start_time: '11:46:36.489432' file_|-/mnt/windows_mount5_|-/mnt/windows_mount5_|-directory: __id__: /mnt/windows_mount5 __run_num__: 459 changes: /mnt/windows_mount5: New Dir comment: Directory /mnt/windows_mount5 updated duration: 1.245 name: /mnt/windows_mount5 pchanges: /mnt/windows_mount5: directory: new result: true start_time: '11:46:36.491091' file_|-/mnt/windows_mount_|-/mnt/windows_mount_|-directory: __id__: /mnt/windows_mount __run_num__: 449 changes: /mnt/windows_mount: New Dir comment: Directory /mnt/windows_mount updated duration: 1.381 name: /mnt/windows_mount pchanges: /mnt/windows_mount: directory: new result: true start_time: '11:46:36.477560' file_|-bash-aliases-user-root_|-/root/.bash_aliases_|-append: __id__: bash-aliases-user-root __run_num__: 428 changes: diff: "--- \n\n+++ \n\n@@ -0,0 +1 @@\n\n+alias mountwin='mount -o ro,loop,show_sys_files,streams_interface=windows'" comment: Appended 1 lines duration: 3.05 name: /root/.bash_aliases pchanges: {} result: true start_time: '13:46:35.788544' file_|-bash-aliases-user-sansforensics_|-/home/sansforensics/.bash_aliases_|-append: __id__: bash-aliases-user-sansforensics __run_num__: 427 changes: diff: "--- \n\n+++ \n\n@@ -0,0 +1 @@\n\n+alias mountwin='mount -o ro,loop,show_sys_files,streams_interface=windows'" comment: Appended 1 lines duration: 5.447 name: /home/sansforensics/.bash_aliases pchanges: {} result: true start_time: '13:46:35.779904' file_|-config-folder-cases_|-/cases_|-directory: __id__: config-folder-cases __run_num__: 445 changes: /cases: New Dir comment: Directory /cases updated duration: 5.594 name: /cases pchanges: /cases: directory: new result: true start_time: '11:46:36.466127' file_|-folders-config-autostart_|-/home/sansforensics/.config/autostart_|-directory: __id__: folders-config-autostart __run_num__: 432 changes: /home/sansforensics/.config/autostart: New Dir comment: Directory /home/sansforensics/.config/autostart updated duration: 3.097 name: /home/sansforensics/.config/autostart pchanges: /home/sansforensics/.config/autostart: directory: new result: true start_time: '13:46:35.836580' file_|-hostname-managed_|-/etc/hostname_|-managed: __id__: hostname-managed __run_num__: 423 changes: diff: "--- \n+++ \n@@ -1 +1 @@\n-ubuntu\n+siftworkstation\n" comment: File /etc/hostname updated duration: 2.172 name: /etc/hostname pchanges: {} result: true start_time: '13:46:35.619402' file_|-pdfs-resource-copy_|-/home/sansforensics/Desktop_|-recurse: __id__: pdfs-resource-copy __run_num__: 433 changes: /home/sansforensics/Desktop/Evidence-of-Poster.pdf: diff: New file mode: '0644' /home/sansforensics/Desktop/Find-Evil-Poster.pdf: diff: New file mode: '0644' /home/sansforensics/Desktop/SANS-DFIR.pdf: diff: New file mode: '0644' /home/sansforensics/Desktop/Smartphone-Forensics-Poster.pdf: diff: New file mode: '0644' /home/sansforensics/Desktop/memory-forensics-cheatsheet.pdf: diff: New file mode: '0644' /home/sansforensics/Desktop/network-forensics-cheatsheet.pdf: diff: New file mode: '0644' /home/sansforensics/Desktop/sift-cheatsheet.pdf: diff: New file mode: '0644' /home/sansforensics/Desktop/windows-to-unix-cheatsheet.pdf: diff: New file mode: '0644' comment: Recursively updated /home/sansforensics/Desktop duration: 322.192 name: /home/sansforensics/Desktop pchanges: {} result: true start_time: '13:46:35.842356' ? file_|-python-volatility-plugins-apihooksdeep.py-absent_|-/usr/lib/python2.7/dist-packages/volatility/plugins/apihooksdeep.py_|-absent : __id__: python-volatility-plugins-apihooksdeep.py-absent __run_num__: 195 changes: {} comment: File /usr/lib/python2.7/dist-packages/volatility/plugins/apihooksdeep.py is not present duration: 0.682 name: /usr/lib/python2.7/dist-packages/volatility/plugins/apihooksdeep.py pchanges: {} result: true start_time: '13:34:18.844607' file_|-python-volatility-plugins-autoruns.py-absent_|-/usr/lib/python2.7/dist-packages/volatility/plugins/autoruns.py_|-absent: __id__: python-volatility-plugins-autoruns.py-absent __run_num__: 187 changes: {} comment: File /usr/lib/python2.7/dist-packages/volatility/plugins/autoruns.py is not present duration: 0.523 name: /usr/lib/python2.7/dist-packages/volatility/plugins/autoruns.py pchanges: {} result: true start_time: '13:34:18.799975' file_|-python-volatility-plugins-baseline.py-absent_|-/usr/lib/python2.7/dist-packages/volatility/plugins/baseline.py_|-absent: __id__: python-volatility-plugins-baseline.py-absent __run_num__: 190 changes: {} comment: File /usr/lib/python2.7/dist-packages/volatility/plugins/baseline.py is not present duration: 0.442 name: /usr/lib/python2.7/dist-packages/volatility/plugins/baseline.py pchanges: {} result: true start_time: '13:34:18.816689' ? file_|-python-volatility-plugins-chromehistory.py-absent_|-/usr/lib/python2.7/dist-packages/volatility/plugins/chromehistory.py_|-absent : __id__: python-volatility-plugins-chromehistory.py-absent __run_num__: 182 changes: {} comment: File /usr/lib/python2.7/dist-packages/volatility/plugins/chromehistory.py is not present duration: 0.445 name: /usr/lib/python2.7/dist-packages/volatility/plugins/chromehistory.py pchanges: {} result: true start_time: '13:34:18.773120' file_|-python-volatility-plugins-editbox.py-absent_|-/usr/lib/python2.7/dist-packages/volatility/plugins/editbox.py_|-absent: __id__: python-volatility-plugins-editbox.py-absent __run_num__: 196 changes: {} comment: File /usr/lib/python2.7/dist-packages/volatility/plugins/editbox.py is not present duration: 0.679 name: /usr/lib/python2.7/dist-packages/volatility/plugins/editbox.py pchanges: {} result: true start_time: '13:34:18.850828' ? file_|-python-volatility-plugins-firefoxhistory.py-absent_|-/usr/lib/python2.7/dist-packages/volatility/plugins/firefoxhistory.py_|-absent : __id__: python-volatility-plugins-firefoxhistory.py-absent __run_num__: 186 changes: {} comment: File /usr/lib/python2.7/dist-packages/volatility/plugins/firefoxhistory.py is not present duration: 0.824 name: /usr/lib/python2.7/dist-packages/volatility/plugins/firefoxhistory.py pchanges: {} result: true start_time: '13:34:18.794146' file_|-python-volatility-plugins-idxparser.py-absent_|-/usr/lib/python2.7/dist-packages/volatility/plugins/idxparser.py_|-absent: __id__: python-volatility-plugins-idxparser.py-absent __run_num__: 181 changes: {} comment: File /usr/lib/python2.7/dist-packages/volatility/plugins/idxparser.py is not present duration: 0.431 name: /usr/lib/python2.7/dist-packages/volatility/plugins/idxparser.py pchanges: {} result: true start_time: '13:34:18.768265' file_|-python-volatility-plugins-javarat.py-absent_|-/usr/lib/python2.7/dist-packages/volatility/plugins/javarat.py_|-absent: __id__: python-volatility-plugins-javarat.py-absent __run_num__: 197 changes: {} comment: File /usr/lib/python2.7/dist-packages/volatility/plugins/javarat.py is not present duration: 0.5 name: /usr/lib/python2.7/dist-packages/volatility/plugins/javarat.py pchanges: {} result: true start_time: '13:34:18.856618' ? file_|-python-volatility-plugins-malfinddeep.py-absent_|-/usr/lib/python2.7/dist-packages/volatility/plugins/malfinddeep.py_|-absent : __id__: python-volatility-plugins-malfinddeep.py-absent __run_num__: 188 changes: {} comment: File /usr/lib/python2.7/dist-packages/volatility/plugins/malfinddeep.py is not present duration: 0.719 name: /usr/lib/python2.7/dist-packages/volatility/plugins/malfinddeep.py pchanges: {} result: true start_time: '13:34:18.805633' ? file_|-python-volatility-plugins-malprocfind.py-absent_|-/usr/lib/python2.7/dist-packages/volatility/plugins/malprocfind.py_|-absent : __id__: python-volatility-plugins-malprocfind.py-absent __run_num__: 180 changes: {} comment: File /usr/lib/python2.7/dist-packages/volatility/plugins/malprocfind.py is not present duration: 0.555 name: /usr/lib/python2.7/dist-packages/volatility/plugins/malprocfind.py pchanges: {} result: true start_time: '13:34:18.763033' file_|-python-volatility-plugins-mimikatz.py-absent_|-/usr/lib/python2.7/dist-packages/volatility/plugins/mimikatz.py_|-absent: __id__: python-volatility-plugins-mimikatz.py-absent __run_num__: 183 changes: {} comment: File /usr/lib/python2.7/dist-packages/volatility/plugins/mimikatz.py is not present duration: 0.576 name: /usr/lib/python2.7/dist-packages/volatility/plugins/mimikatz.py pchanges: {} result: true start_time: '13:34:18.778442' ? file_|-python-volatility-plugins-openioc_scan.py-absent_|-/usr/lib/python2.7/dist-packages/volatility/plugins/openioc_scan.py_|-absent : __id__: python-volatility-plugins-openioc_scan.py-absent __run_num__: 184 changes: {} comment: File /usr/lib/python2.7/dist-packages/volatility/plugins/openioc_scan.py is not present duration: 0.443 name: /usr/lib/python2.7/dist-packages/volatility/plugins/openioc_scan.py pchanges: {} result: true start_time: '13:34:18.783777' file_|-python-volatility-plugins-prefetch.py-absent_|-/usr/lib/python2.7/dist-packages/volatility/plugins/prefetch.py_|-absent: __id__: python-volatility-plugins-prefetch.py-absent __run_num__: 189 changes: {} comment: File /usr/lib/python2.7/dist-packages/volatility/plugins/prefetch.py is not present duration: 0.493 name: /usr/lib/python2.7/dist-packages/volatility/plugins/prefetch.py pchanges: {} result: true start_time: '13:34:18.811206' file_|-python-volatility-plugins-pstotal.py-absent_|-/usr/lib/python2.7/dist-packages/volatility/plugins/pstotal.py_|-absent: __id__: python-volatility-plugins-pstotal.py-absent __run_num__: 185 changes: {} comment: File /usr/lib/python2.7/dist-packages/volatility/plugins/pstotal.py is not present duration: 0.437 name: /usr/lib/python2.7/dist-packages/volatility/plugins/pstotal.py pchanges: {} result: true start_time: '13:34:18.788575' ? file_|-python-volatility-plugins-ssdeepscan.py-absent_|-/usr/lib/python2.7/dist-packages/volatility/plugins/ssdeepscan.py_|-absent : __id__: python-volatility-plugins-ssdeepscan.py-absent __run_num__: 191 changes: {} comment: File /usr/lib/python2.7/dist-packages/volatility/plugins/ssdeepscan.py is not present duration: 0.457 name: /usr/lib/python2.7/dist-packages/volatility/plugins/ssdeepscan.py pchanges: {} result: true start_time: '13:34:18.821504' ? file_|-python-volatility-plugins-trustrecords.py-absent_|-/usr/lib/python2.7/dist-packages/volatility/plugins/trustrecords.py_|-absent : __id__: python-volatility-plugins-trustrecords.py-absent __run_num__: 193 changes: {} comment: File /usr/lib/python2.7/dist-packages/volatility/plugins/trustrecords.py is not present duration: 0.495 name: /usr/lib/python2.7/dist-packages/volatility/plugins/trustrecords.py pchanges: {} result: true start_time: '13:34:18.831494' ? file_|-python-volatility-plugins-uninstallinfo.py-absent_|-/usr/lib/python2.7/dist-packages/volatility/plugins/uninstallinfo.py_|-absent : __id__: python-volatility-plugins-uninstallinfo.py-absent __run_num__: 192 changes: {} comment: File /usr/lib/python2.7/dist-packages/volatility/plugins/uninstallinfo.py is not present duration: 0.456 name: /usr/lib/python2.7/dist-packages/volatility/plugins/uninstallinfo.py pchanges: {} result: true start_time: '13:34:18.826350' file_|-python-volatility-plugins-usnparser.py-absent_|-/usr/lib/python2.7/dist-packages/volatility/plugins/usnparser.py_|-absent: __id__: python-volatility-plugins-usnparser.py-absent __run_num__: 194 changes: {} comment: File /usr/lib/python2.7/dist-packages/volatility/plugins/usnparser.py is not present duration: 1.14 name: /usr/lib/python2.7/dist-packages/volatility/plugins/usnparser.py pchanges: {} result: true start_time: '13:34:18.837246' ? file_|-python-volatility-remove-AlexanderTarasenko_|-/usr/lib/python2.7/dist-packages/volatility/plugins/community/AlexanderTarasenko_|-absent : __id__: python-volatility-remove-AlexanderTarasenko __run_num__: 175 changes: removed: /usr/lib/python2.7/dist-packages/volatility/plugins/community/AlexanderTarasenko comment: Removed directory /usr/lib/python2.7/dist-packages/volatility/plugins/community/AlexanderTarasenko duration: 0.716 name: /usr/lib/python2.7/dist-packages/volatility/plugins/community/AlexanderTarasenko pchanges: removed: /usr/lib/python2.7/dist-packages/volatility/plugins/community/AlexanderTarasenko result: true start_time: '13:34:18.226657' ? file_|-python-volatility-remove-MarcinUlikowski_|-/usr/lib/python2.7/dist-packages/volatility/plugins/community/MarcinUlikowski_|-absent : __id__: python-volatility-remove-MarcinUlikowski __run_num__: 176 changes: removed: /usr/lib/python2.7/dist-packages/volatility/plugins/community/MarcinUlikowski comment: Removed directory /usr/lib/python2.7/dist-packages/volatility/plugins/community/MarcinUlikowski duration: 0.596 name: /usr/lib/python2.7/dist-packages/volatility/plugins/community/MarcinUlikowski pchanges: removed: /usr/lib/python2.7/dist-packages/volatility/plugins/community/MarcinUlikowski result: true start_time: '13:34:18.232151' ? file_|-python-volatility-remove-TyperHalfpop_|-/usr/lib/python2.7/dist-packages/volatility/plugins/community/TyperHalfpop_|-absent : __id__: python-volatility-remove-TyperHalfpop __run_num__: 177 changes: removed: /usr/lib/python2.7/dist-packages/volatility/plugins/community/TyperHalfpop comment: Removed directory /usr/lib/python2.7/dist-packages/volatility/plugins/community/TyperHalfpop duration: 0.632 name: /usr/lib/python2.7/dist-packages/volatility/plugins/community/TyperHalfpop pchanges: removed: /usr/lib/python2.7/dist-packages/volatility/plugins/community/TyperHalfpop result: true start_time: '13:34:18.237403' file_|-python-volatility-sift-plugins_|-/usr/lib/python2.7/dist-packages/volatility/plugins/sift/_|-recurse: __id__: python-volatility-sift-plugins __run_num__: 179 changes: /usr/lib/python2.7/dist-packages/volatility/plugins/sift/__init__.py: diff: New file mode: '0644' /usr/lib/python2.7/dist-packages/volatility/plugins/sift/pstotal.py: diff: New file mode: '0644' /usr/lib/python2.7/dist-packages/volatility/plugins/sift/sqlite_help.py: diff: New file mode: '0644' comment: Recursively updated /usr/lib/python2.7/dist-packages/volatility/plugins/sift/ duration: 104.795 name: /usr/lib/python2.7/dist-packages/volatility/plugins/sift/ pchanges: {} result: true start_time: '13:34:18.270000' file_|-rc-noclobber_|-/home/sansforensics/.bashrc_|-append: __id__: rc-noclobber __run_num__: 429 changes: diff: "--- \n\n+++ \n\n@@ -115,3 +115,4 @@\n\n . /etc/bash_completion\n \ fi\n fi\n+set -o noclobber" comment: Appended 1 lines duration: 5.015 name: /home/sansforensics/.bashrc pchanges: {} result: true start_time: '13:46:35.796620' file_|-rc-root-noclobber_|-/root/.bashrc_|-append: __id__: rc-root-noclobber __run_num__: 431 changes: diff: "--- \n\n+++ \n\n@@ -97,3 +97,4 @@\n\n #if [ -f /etc/bash_completion ] && ! shopt -oq posix; then\n # . /etc/bash_completion\n #fi\n+set -o noclobber" comment: Appended 1 lines duration: 2.847 name: /root/.bashrc pchanges: {} result: true start_time: '13:46:35.830173' file_|-rekall-path_|-/home/sansforensics/.bashrc_|-append: __id__: rekall-path __run_num__: 430 changes: diff: "--- \n\n+++ \n\n@@ -116,3 +116,4 @@\n\n fi\n fi\n set -o noclobber\n+export PATH=$PATH:/opt/rekall/bin" comment: Appended 1 lines duration: 4.309 name: /home/sansforensics/.bashrc pchanges: {} result: true start_time: '13:46:35.805605' file_|-samba-config_|-/etc/samba/smb.conf_|-managed: __id__: samba-config __run_num__: 492 changes: diff: "--- \n+++ \n@@ -1,260 +1,25 @@\n-#\n-# Sample configuration file for the Samba suite for Debian GNU/Linux.\n-#\n-#\n-# This is the main Samba configuration file. You should read the\n-# smb.conf(5) manual page in order to understand the options listed\n-# here. Samba has a huge number of configurable options most of which \n-# are not shown in this example\n-#\n-# Some options that are often worth tuning have been included as\n-# commented-out examples in this file.\n-# - When such options are commented with \";\", the proposed setting\n-# differs from the default Samba behaviour\n-# - When commented with \"#\", the proposed setting is the default\n-# behaviour of Samba but the option is considered important\n-# enough to be mentioned here\n-#\n-# NOTE: Whenever you modify this file you should run the command\n-# \"testparm\" to check that you have not made any basic syntactic \n-# errors. \n+#======================= Global Settings ===================================== \n+[global]\n+\tworkgroup = sans\n+\tserver string = SIFT WORKSTATION\n+;\tnetbios name = siftworkstation\n+\tsecurity = user\n+\tmap to guest = bad user\n+\tdns proxy = no\n+;\tencrypt passwords = yes\n+\tguest ok = yes\n+\tguest account = sansforensics\n+\tname resolve order = host bcast lmhost wins\n+\tusername map = /etc/samba/smbusers\n \n-#======================= Global Settings =======================\n+[cases]\n+\tpath = /cases\n+\twriteable = yes\n+;\tbrowseable = yes\n+\tguest ok = yes\n \n-[global]\n-\n-## Browsing/Identification ###\n-\n-# Change this to the workgroup/NT-domain name your Samba server will part of\n- workgroup = WORKGROUP\n-\n-# server string is the equivalent of the NT Description field\n-\tserver string = %h server (Samba, Ubuntu)\n-\n-# Windows Internet Name Serving Support Section:\n-# WINS Support - Tells the NMBD component of Samba to enable its WINS Server\n-# wins support = no\n-\n-# WINS Server - Tells the NMBD components of Samba to be a WINS Client\n-# Note: Samba can be either a WINS Server, or a WINS Client, but NOT both\n-; wins server = w.x.y.z\n-\n-# This will prevent nmbd to search for NetBIOS names through DNS.\n- dns proxy = no\n-\n-#### Networking ####\n-\n-# The specific set of interfaces / networks to bind to\n-# This can be either the interface name or an IP address/netmask;\n-# interface names are normally preferred\n-; \ interfaces = 127.0.0.0/8 eth0\n-\n-# Only bind to the named interfaces and/or networks; you must use the\n-# 'interfaces' option above to use this.\n-# It is recommended that you enable this feature if your Samba machine is\n-# not protected by a firewall or is a firewall itself. However, this\n-# option cannot handle dynamic or non-broadcast interfaces correctly.\n-; bind interfaces only = yes\n-\n-\n-\n-#### Debugging/Accounting ####\n-\n-# This tells Samba to use a separate log file for each machine\n-# that connects\n- log file = /var/log/samba/log.%m\n-\n-# Cap the size of the individual log files (in KiB).\n- max log size = 1000\n-\n-# If you want Samba to only log through syslog then set the following\n-# parameter to 'yes'.\n-# syslog only = no\n-\n-# We want Samba to log a minimum amount of information to syslog. Everything\n-# should go to /var/log/samba/log.{smbd,nmbd} instead. If you want to log\n-# through syslog you should set the following parameter to something higher.\n- syslog = 0\n-\n-# Do something sensible when Samba crashes: mail the admin a backtrace\n- panic action = /usr/share/samba/panic-action %d\n-\n-\n-####### Authentication #######\n-\n-# Server role. Defines in which mode Samba will operate. Possible\n-# values are \"standalone server\", \"member server\", \"classic primary\n-# domain controller\", \"classic backup domain controller\", \"active\n-# directory domain controller\". \n-#\n-# Most people will want \"standalone sever\" or \"member server\".\n-# Running as \"active directory domain controller\" will require first\n-# running \"samba-tool domain provision\" to wipe databases and create a\n-# new domain.\n- server role = standalone server\n-\n-# If you are using encrypted passwords, Samba will need to know what\n-# password database type you are using. \n- passdb backend = tdbsam\n-\n- \ obey pam restrictions = yes\n-\n-# This boolean parameter controls whether Samba attempts to sync the Unix\n-# password with the SMB password when the encrypted SMB password in the\n-# passdb is changed.\n- unix password sync = yes\n-\n-# For Unix password sync to work on a Debian GNU/Linux system, the following\n-# parameters must be set (thanks to Ian Kahan < for\n-# sending the correct chat script for the passwd program in Debian Sarge).\n- \ passwd program = /usr/bin/passwd %u\n- passwd chat = *Enter\\snew\\s*\\spassword:* %n\\n *Retype\\snew\\s*\\spassword:* %n\\n *password\\supdated\\ssuccessfully* .\n-\n-# This boolean controls whether PAM will be used for password changes\n-# when requested by an SMB client instead of the program listed in\n-# 'passwd program'. The default is 'no'.\n- pam password change = yes\n-\n-# This option controls how unsuccessful authentication attempts are mapped\n-# to anonymous connections\n- map to guest = bad user\n-\n-########## Domains ###########\n-\n-#\n-# The following settings only takes effect if 'server role = primary\n-# classic domain controller', 'server role = backup domain controller'\n-# or 'domain logons' is set \n-#\n-\n-# It specifies the location of the user's\n-# profile directory from the client point of view) The following\n-# required a [profiles] share to be setup on the samba server (see\n-# below)\n-; \ logon path = \\\\%N\\profiles\\%U\n-# Another common choice is storing the profile in the user's home directory\n-# (this is Samba's default)\n-# \ logon path = \\\\%N\\%U\\profile\n-\n-# The following setting only takes effect if 'domain logons' is set\n-# It specifies the location of a user's home directory (from the client\n-# point of view)\n-; logon drive = H:\n-# \ logon home = \\\\%N\\%U\n-\n-# The following setting only takes effect if 'domain logons' is set\n-# It specifies the script to run during logon. The script must be stored\n-# in the [netlogon] share\n-# NOTE: Must be store in 'DOS' file format convention\n-; logon script = logon.cmd\n-\n-# This allows Unix users to be created on the domain controller via the SAMR\n-# RPC pipe. The example command creates a user account with a disabled Unix\n-# password; please adapt to your needs\n-; add user script = /usr/sbin/adduser --quiet --disabled-password --gecos \"\" %u\n-\n-# This allows machine accounts to be created on the domain controller via the \n-# SAMR RPC pipe. \n-# The following assumes a \"machines\" group exists on the system\n-; add machine script = /usr/sbin/useradd -g machines -c \"%u machine account\" -d /var/lib/samba -s /bin/false %u\n-\n-# This allows Unix groups to be created on the domain controller via the SAMR\n-# RPC pipe. \n-; add group script = /usr/sbin/addgroup --force-badname %g\n-\n-############ Misc ############\n-\n-# Using the following line enables you to customise your configuration\n-# on a per machine basis. The %m gets replaced with the netbios name\n-# of the machine that is connecting\n-; \ include = /home/samba/etc/smb.conf.%m\n-\n-# Some defaults for winbind (make sure you're not using the ranges\n-# for something else.)\n-; idmap uid = 10000-20000\n-; idmap gid = 10000-20000\n-; template shell = /bin/bash\n-\n-# Setup usershare options to enable non-root users to share folders\n-# with the net usershare command.\n-\n-# Maximum number of usershare. 0 (default) means that usershare is disabled.\n-; usershare max shares = 100\n-\n-# Allow users who've been granted usershare privileges to create\n-# public shares, not just authenticated ones\n- usershare allow guests = yes\n-\n-#======================= Share Definitions =======================\n-\n-# Un-comment the following (and tweak the other settings below to suit)\n-# to enable the default home directory shares. This will share each\n-# user's home directory as \\\\server\\username\n-;[homes]\n-; \ comment = Home Directories\n-; browseable = no\n-\n-# By default, the home directories are exported read-only. Change the\n-# next parameter to 'no' if you want to be able to write to them.\n-; read only = yes\n-\n-# File creation mask is set to 0700 for security reasons. If you want to\n-# create files with group=rw permissions, set next parameter to 0775.\n-; create mask = 0700\n-\n-# Directory creation mask is set to 0700 for security reasons. If you want to\n-# create dirs. with group=rw permissions, set next parameter to 0775.\n-; directory mask = 0700\n-\n-# By default, \\\\server\\username shares can be connected to by anyone\n-# with access to the samba server.\n-# Un-comment the following parameter to make sure that only \"username\"\n-# can connect to \\\\server\\username\n-# This might need tweaking when using external authentication schemes\n-; valid users = %S\n-\n-# Un-comment the following and create the netlogon directory for Domain Logons\n-# (you need to configure Samba to act as a domain controller too.)\n-;[netlogon]\n-; comment = Network Logon Service\n-; path = /home/samba/netlogon\n-; guest ok = yes\n-; read only = yes\n-\n-# Un-comment the following and create the profiles directory to store\n-# users profiles (see the \"logon path\" option above)\n-# (you need to configure Samba to act as a domain controller too.)\n-# The path below should be writable by all users so that their\n-# profile directory may be created the first time they log on\n-;[profiles]\n-; comment = Users profiles\n-; path = /home/samba/profiles\n-; guest ok = no\n-; browseable = no\n-; create mask = 0600\n-; directory mask = 0700\n-\n-[printers]\n- \ comment = All Printers\n- browseable = no\n- path = /var/spool/samba\n- \ printable = yes\n- guest ok = no\n- read only = yes\n- create mask = 0700\n-\n-# Windows clients look for this share name as a source of downloadable\n-# printer drivers\n-[print$]\n- comment = Printer Drivers\n- path = /var/lib/samba/printers\n- \ browseable = yes\n- read only = yes\n- guest ok = no\n-# Uncomment to allow remote administration of Windows print drivers.\n-# You may need to replace 'lpadmin' with the name of the group your\n-# admin users are members of.\n-# Please note that you also need to set appropriate Unix permissions\n-# to the drivers directory for these users to have write rights in it\n-; write list = root, @lpadmin\n-\n+[mnt]\n+\tpath = /mnt\n+;\twriteable = No\n+;\tbrowseable = yes\n+\tguest ok = yes\n" comment: File /etc/samba/smb.conf updated duration: 9.946 name: /etc/samba/smb.conf pchanges: {} result: true start_time: '11:46:38.546203' file_|-scripts-java-idx-parser_|-/usr/local/bin/idx_parser.py_|-managed: __id__: scripts-java-idx-parser __run_num__: 317 changes: diff: New file mode: '0755' comment: File /usr/local/bin/idx_parser.py updated duration: 251.55 name: /usr/local/bin/idx_parser.py pchanges: {} result: true start_time: '13:46:19.303534' file_|-scripts-page-brute_|-/usr/local/bin_|-recurse: __id__: scripts-page-brute __run_num__: 378 changes: /usr/local/bin/page_brute-BETA.py: diff: New file mode: '0755' comment: Recursively updated /usr/local/bin duration: 87.798 name: /usr/local/bin pchanges: {} result: true start_time: '13:46:25.120236' file_|-scripts-pdf-tools_|-/usr/local/bin_|-recurse: __id__: scripts-pdf-tools __run_num__: 380 changes: /usr/local/bin/PDFTemplate.bt: diff: New file mode: '0755' /usr/local/bin/mPDF.py: diff: New file mode: '0755' /usr/local/bin/make-pdf-embedded.py: diff: New file mode: '0755' /usr/local/bin/make-pdf-helloworld.py: diff: New file mode: '0755' /usr/local/bin/make-pdf-javascript.py: diff: New file mode: '0755' /usr/local/bin/pdf-parser.py: diff: New file mode: '0755' /usr/local/bin/pdfid.py: diff: New file mode: '0755' /usr/local/bin/plugin_embeddedfile.py: diff: New file mode: '0755' /usr/local/bin/plugin_list: diff: New file mode: '0755' /usr/local/bin/plugin_nameobfuscation.py: diff: New file mode: '0755' /usr/local/bin/plugin_triage.py: diff: New file mode: '0755' comment: Recursively updated /usr/local/bin duration: 89.829 name: /usr/local/bin pchanges: {} result: true start_time: '13:46:25.459788' file_|-scripts-sift-resources-audio_|-/usr/share/sift/audio_|-directory: __id__: scripts-sift-resources-audio __run_num__: 407 changes: /usr/share/sift/audio: New Dir comment: Directory /usr/share/sift/audio updated duration: 1.023 name: /usr/share/sift/audio pchanges: /usr/share/sift/audio: directory: new result: true start_time: '13:46:30.536130' file_|-scripts-sift-resources-images_|-/usr/share/sift/images_|-directory: __id__: scripts-sift-resources-images __run_num__: 406 changes: /usr/share/sift/images: New Dir comment: Directory /usr/share/sift/images updated duration: 1.064 name: /usr/share/sift/images pchanges: /usr/share/sift/images: directory: new result: true start_time: '13:46:30.534871' file_|-scripts-sift-resources-other_|-/usr/share/sift/other_|-directory: __id__: scripts-sift-resources-other __run_num__: 408 changes: /usr/share/sift/other: New Dir comment: Directory /usr/share/sift/other updated duration: 1.141 name: /usr/share/sift/other pchanges: /usr/share/sift/other: directory: new result: true start_time: '13:46:30.537363' file_|-scripts-sift-resources-resources_|-/usr/share/sift/resources_|-directory: __id__: scripts-sift-resources-resources __run_num__: 405 changes: /usr/share/sift/resources: New Dir comment: Directory /usr/share/sift/resources updated duration: 1.602 name: /usr/share/sift/resources pchanges: /usr/share/sift/resources: directory: new result: true start_time: '13:46:30.533021' file_|-scripts-sift-resources-scripts_|-/usr/share/sift/scripts_|-directory: __id__: scripts-sift-resources-scripts __run_num__: 409 changes: /usr/share/sift/scripts: New Dir comment: Directory /usr/share/sift/scripts updated duration: 0.9 name: /usr/share/sift/scripts pchanges: /usr/share/sift/scripts: directory: new result: true start_time: '13:46:30.538674' file_|-scripts-sorter-directory_|-/usr/share/tsk/sorter_|-directory: __id__: scripts-sorter-directory __run_num__: 411 changes: {} comment: Directory /usr/share/tsk/sorter is in the correct state duration: 4.966 name: /usr/share/tsk/sorter pchanges: {} result: true start_time: '13:46:30.905546' file_|-scripts-sorter-files_|-/usr/share/tsk/sorter_|-recurse: __id__: scripts-sorter-files __run_num__: 412 changes: /usr/share/tsk/sorter/archives.sort: diff: New file mode: '0644' /usr/share/tsk/sorter/exec.sort: diff: New file mode: '0644' /usr/share/tsk/sorter/images.sort.bak: diff: New file mode: '0644' /usr/share/tsk/sorter/windows.sort: diff: "--- \n+++ \n@@ -9,103 +9,270 @@\n ##########################################################################\n # Multimedia\n ##########################################################################\n-\n+# Audio\n+category \taudio \tPlaylist\n+# Audio\n+category \taudio \t\tWinamp\n+ext \t\tavs \t\tWinamp plug in\n+category \taudio \t\tWAVE audio\n+ext \t\twav \t\tWAVE audio\n+category \taudio\t \tMicrosoft ASF\n+ext \t\twmv \t\tMicrosoft ASF\n+ext \t\twma \t\tMicrosoft ASF\n+category \taudio \t\tMPEG ADTS\n+ext \t\tWAV \t\tMPEG ADTS, layer I, v1\n+ext \t\twav \t\tMPEG ADTS, layer I, v1\n+category \taudio \t\tAVI\n+ext \t\tavi \t\tAVI\n+category \taudio \t\tPlaylist\n+ext \t\twpl \t\tWindows Media Player Playlist\n+category \tmidi \t\tMIDI\n+ext \t\tmid,rmi \tMIDI\n+category \tMP3 \t\tMP3\n+ext \t\tmp3 \t\tMP3\n+category \tSQLite\t \tSQLite\n # Images\n-category\timages\t\t\ticon resource\n-ext\t\t\tico\t\t\t\tms\\-windows icon resource\n-\n-category images animated cursor\n-ext ani \ animated cursor\n-\n-# It seems that a lot of ttf files come up as raw G3 data ...\n-# category ignore raw G3 data, byte\\-padded\n-\n-\n-# Audio\n-ext\t\t\twav\t\t\t\tWAVE audio\n-category\taudio\t\t\tWinamp\n-ext\t\t\tavs\t\t\t\tWinamp plug in\n-\n-category audio AVI\n-ext avi AVI\n-\n-\n+category \tJPEG \t\tJPEG image \n+ext \t\tjpg,jpeg,jpe \tJPEG image\n+category \tGIF \t\tGIF image \n+ext \t\tgif \t\tGIF image\n+category\tTIF \t\tTIFF image \n+ext \t\ttif \t\tTIFF image\n+category \tPNG \t\tPNG image \n+ext \t\tpng \t\tPNG image\n+category \tBMP \t\tPC bitmap\n+ext \t\tbmp \t\tPC bitmap\n+category \tFonts \t\tfont\n+ext \t\tttf \t\ttrue type font\n # Video\n-\n-\n+category \tvideo \t\tRealMedia\n+ext \t\trm \t\tRealMedia\n+category \tvideo \t\tMacromedia Flash data\n+ext \t\tswf \t\tMacromedia Flash data\n+category \tICM \t\tMicrosoft ICM Color Profile\n+ext \t\ticm \t\tMicrosoft ICM Color Profile\n ##########################################################################\n # archive & compression\n ##########################################################################\n-# archive\n-category\tarchive\t\tcabinet file data\n-ext\t\t\tcab\t\t\tcabinet file data\n-\n-ext\t\t\twmz\t\t\tZip archive data\n+category \tZIP \t\tZip\n+ext \t\tzip,jar \tZip archive data\n+ext \t\twmz \t\tZip archive data\n+category \tTAR \t\ttar\n+ext \t\ttar \t\ttar archive\n+category \tMSCab \t\tCabinet\n+ext \t\tcab \t\tMicrosoft Cabinet File\n+category \tarchive \tarchive\n+category \tdatabase \tDB\n+ext \t\tdb \t\tBerkeley DB\n+##########################################################################\n # compression\n-\n-\n-\n-\n-##########################################################################\n-# Executables \n-##########################################################################\n-# execs\n-ext\t\t\texe,dll,com,ocx,sys,tlb,drv,cpl,scr,ax\t\tMS\\-DOS executable\n-ext\t\t\t386,acm,flt,fon,lrc,vxd,x32\t\t\tMS\\-DOS executable\n-\n-category\texec\t\t\tWindows PE\n-ext\t\t\texe,dll,com,ocx,sys,wpc,acm,cpl\t\t\tWindows PE\n-\n-ext\t\t\tdll\t\t\t\trelocatable\n-\n-category\texec\t\t\tbatch file\n-ext\t\t\tbat\t\t\t\tbatch file\n-\n+##########################################################################\n+category \tcompress \tcompress\n+ext \t\tgz,tgz gzip \tcompressed data\n+ext \t\tZ \t\tcompress'd data\n+##########################################################################\n+# Executables\n+##########################################################################\n+category \texec \t\tMS\\-DOS executable\n+ext \t\texe,dll,com \tMS\\-DOS executable\n+ext \t\tocx,sys,tlb \tMS\\-DOS executable\n+ext \t\tdrv,cpl,scr \tMS\\-DOS executable\n+ext \t\tax \t\tMS\\-DOS executable\n+ext \t\t386,acm,flt \tMS\\-DOS executable\n+ext \t\tfon,lrc,vxd \tMS\\-DOS executable\n+ext\t\t x32 \t\tMS\\-DOS executable\n+category \texec \t\texecutable MS\\-DOS\n+ext \t\texe \t\tMZ executable MS\\-DOS\n+ext \t\tcom \t\tMZ executable MS\\-DOS\n+category \texec\t \tPE executable MS Windows\n+ext \t\texe,dll,com \tPE executable MS Windows\n+ext \t\tocx,sys,acm \tPE executable MS Windows\n+ext \t\ttlb,drv,scr \tPE executable MS Windows\n+ext \t\tcpl,ax,vdx \tPE executable MS Windows\n+ext \t\tfon,rll,tsp \tPE executable MS Windows\n+category \texec \t\tNE executable MS Windows\n+ext \t\texe,dll,com \tNE executable MS Windows\n+ext \t\tocx,sys,acm \tNE executable MS Windows\n+ext \t\ttlb,drv,scr \tNE executable MS Windows\n+ext \t\tcpl,ax,vxd \tNE executable MS Windows\n+ext \t\tfon,tsp \tNE executable MS Windows\n+category \texec \t\trelocatable\n+ext \t\tdll \t\trelocatable\n+category \texec \t\tbatch file\n+ext \t\tbat \t\tbatch file\n+ext\t\tbat\t\tASCII text\n+ext\t\tbat\t\tASCII English text\n+ext \t\tnt \t\tDOS batch file\n+ext \t\tcmd \t\tDOS batch file\n # source code\n-category\texec\t\tMSVC program database\n-ext\t\t\tpdb\t\t\tMSVC program database\n-\n-\n-\n-\n-\n-##########################################################################\n-# Documents\n-##########################################################################\n-category\tdocuments\tOutlook binary email folder\n-ext\t\t\tpst\t\t\tOutlook binary email folder\n-\n-\n-\n+category \texec \t\tMSVC program database\n+ext \t\tpdb \t\tMSVC program database\n+category \texec \t\t\\sscript\n+##########################################################################\n+# Java\n+category \texec \t\tclass data\n+ext \t\tclass \t\tJava class data\n+##########################################################################\n+category \texec \t\tobject\n+ext \t\to \t\tobject\n+category \texec \t\tpython compiled\n+category \tlnk \t\tMS Windows shortcut\n+ext \t\tlnk \t\tshortcut\n+#########################################################################y\n+# Images\n+category \ticon \t\ticon resource\n+ext\t\tico \t\tms\\-windows icon resource\n+category \tcursor \t\tcursor\n+ext \t\tcur \t\tms\\-cursor\n+ext \t\tani \t\tanimated cursor\n+##########################################################################\n+category \tMSmbox \t\tOutlook binary email folder\n+ext \t\tpst \t\tOutlook binary email folder\n+category \tMSdocs \t\tMicrosoft Office Document\n+ext \t\tdoc,dot,docx \tMicrosoft Office Document\n+ext \t\tmsc,pcb \tMicrosoft Office Document\n+ext \t\tppt,pot,pptx \tMicrosoft Office Document\n+ext \t\txls,xlsx\tMicrosoft Office Document\n+ext \t\tmsi \t\tMicrosoft Office Document\n+category \tMSdocs \t\tMicrosoft Word Document\n+ext \t\tdoc \t\tMicrosoft Word Document\n+category \tMSdocs \t\tconversion doc\n+ext \t\twpc \t\tconversion doc\n+category \tMSdocs \t\tconversion doc\n+category\tMSdocs\t\tMicrosoft Excel Worksheet\n+ext \t\txls,xlt,xlsx \tMicrosoft Excel Worksheet\n+ext \t\tcvs \t\tMicrosoft Excel Worksheet\n+# MS Access DB\n+category \tMSdb \t\tMicrosoft Access Database\n+ext \t\tmdb \t\tMicrosoft Access Database\n+category \tPNF \t\tPNF\n+ext \t\tpnf \t\tPNF\n+ext \t\tPNF \t\tPNF\n+ext \t\tpnf \t\tPNF Windows\n+category \tdocuments \tRich Text Format\n+ext\t\trtf \t\tRich Text Format\n+category \tdocuments \tdocument\n+ext \t\tps,eps \t\tPostScript document\n+category \tInternetExplorer Internet Explorer cache file\n+ext \t\tdat \t\tInternet Explorer cache file\n+# Corel & Word Perfect\n+category \tCoreldocs \tCorel\\/WP\n+ext \t\twpg,wpd,shw \tCorel\\/WP\n+# Lotus\n+category \tLotus \t\tLotus 1\\-2\\-3\n+ext \t\twb2 \t\tLotus 1\\-2\\-3\n+ext \t\twk4 \t\tLotus 1\\-2\\-3\n+# Adobe\n+category \tAdobePDF \tPDF document\n+ext \t\tpdf \t\tPDF document\n+#########################################################################\n+#Unicode\n+#########################################################################\n+category \tunicode \tUniCode\n+ext \t\tmof \t\tMOF,MLF UniCode File\n+ext \t\tmfl \t\tMOF,MLF UniCode File\n+##########################################################################\n+# HTML\n+##########################################################################\n+category \thtml \t\tHTML document text\n+ext \t\thhk \t\tHTML document text\n+ext \t\thtm,hta \tHTML document text\n+ext \t\thtml,css \tHTML document text\n ##########################################################################\n # Text\n ##########################################################################\n-ext\t\t\tini,inf,srg,dep\t\t\tASCII(.*?)text\n-ext\t\t\tini,inf\t\t\t\t\tISO\\-8859(.*?)text\n-\n-\n-\n-\n-\n+category \ttext \t\tASCII(.*?)text\n+ext \t\ttxt \t\tASCII(.*?)text\n+ext \t\tlog \t\tASCII(.*?)text\n+ext \t\th \t\tASCII(.*?)text\n+ext \t\tsh,csh \t\tASCII(.*?)text\n+ext \t\tconf \t\tASCII(.*?)text\n+ext \t\tinc \t\tASCII(.*?)text\n+ext \t\twpl \t\tASCII(.*?)text\n+ext \t\txdr \t\tASCII(.*?)text\n+ext \t\tjs \t\tASCII(.*?)text\n+ext \t\tsam \t\tASCII(.*?)text\n+ext \t\tscf \t\tASCII(.*?)text\n+ext \t\tscp \t\tASCII(.*?)text\n+ext \t\tgpd \t\tASCII(.*?)text\n+ext \t\tdun \t\tASCII(.*?)text\n+ext \t\tisp \t\tASCII(.*?)text\n+ext \t\tXML \t\tASCII(.*?)text\n+ext \t\tDTD \t\tASCII(.*?)text\n+ext \t\treg \t\tASCII(.*?)text\n+ext \t\tasp \t\tASCII(.*?)text\n+ext \t\tvbs \t\tASCII(.*?)text\n+ext \t\txdr \t\tASCII(.*?)text\n+ext \t\txsl \t\tASCII(.*?)text\n+ext \t\tc,cpp,h,js \tASCII(.*?)text\n+ext \t\tmof \t\tASCII(.*?)text\n+ext \t\tsql \t\tASCII(.*?)text\n+ext \t\thtt \t\tASCII(.*?)text\n+ext \t\thxx \t\tASCII(.*?)text\n+ext \t\tcpx \t\tASCII(.*?)text\n+ext \t\tobe \t\tASCII(.*?)text\n+ext \t\tini,inf \tASCII(.*?)text\n+ext \t\tsrg,dep \tASCII(.*?)text\n+ext \t\thtm \t\tASCII(.*?)text\n+ext \t\thtm,css \tASCII(.*?)text\n+ext \t\tcss \t\tASCII(.*?)text\n+category \ttext \t\tcharacter data\n+ext \t\ttxt \t\tcharacter data\n+category \ttext \t\tISO\\-8859(.*?)text\n+ext \t\ttxt \t\tISO\\-8859(.*?)text\n+ext \t\tini \t\tISO\\-8859(.*?)text\n+ext \t\tinf \t\tISO\\-8859(.*?)text\n+category \ttext \t\texported SGML document text\n+ext \t\thtm \t\texported SGML document text\n+category \ttext \t\t\\ssource\n+##########################################################################\n+# INF\n+##########################################################################\n+category \tinf \t\tLisp\n+ext \t\tinf \t\tLisp/Scheme program text\n+##########################################################################\n+# XML\n+##########################################################################\n+category \tXML \t\tXML\n+ext \t\txml \t\tXML Template\n+ext \t\txml \t\tXML Mapping\n+ext \t\txml \t\tXML Document\n+ext \t\txdr \t\tXML document text\n+ext \t\txsl\t\tXML document text\n+ext \t\tmsc \t\tXML document text\n+ext \t\tmanifest\tXML document text\n+ext \t\tdtd\t\tXML document text\n+ext \t\tPolicy \t\tXML document text\n ##########################################################################\n # Other\n ##########################################################################\n+# Disk\n+category \tdisk \t\tboot sector\n+category \tdisk \t\tfilesystem data\n+# Crypto\n+category \tcrypto \t\tPGP\n+ext \t\tasc \t\tPGP armored\n+# Postscript Printer Description\n+category \tsystem \t\tPPD file\n+ext \t\tppd \t\tPPD file\n+# 'file' reports 'data' for all unknown binary files\n+# do not bother with extensions with this\n+category \tdata \t\t^data$\n+# category ignore raw G3 data, byte\\-padded\n+##########################################################################\n # System\n-category\tsystem\t\tHelp Data\n-ext\t\t\thlp\t\t\tWindows Help Data\n-\n-category\tsystem\t\tRegistry file\n-ext\t\t\tdat,log,sav\tRegistry file\n-\n-category\tsystem\t\tms\\-Windows shortcut\n-ext\t\t\tlnk\t\t\tms\\-Windows shortcut\n-\n-category\tsystem\t\tInternet shortcut\n-ext\t\t\turl\t\t\t\tInternet shortcut \n-\n-category\tsystem\t\thyperterm\n-ext\t\t\tht\t\t\t\thyperterm\n-\n-# Image Color Matching Profile\n-category\tsystem\t\tColor Management System\n-ext\t\t\ticm\t\t\tColor Management System\n+category \thelpfiles \tHelp Data\n+ext \t\thlp \t\tWindows Help Data\n+ext \t\tchm \t\tWindows Help File\n+category\thelpfiles\tMS Windows 3.x help file\n+ext\t\thlp\t\tMS Windows 3.x help file\n+category \tregistry\tRegistry file\n+ext \t\tdat\t \tRegistry file\n+category \tlnk\t\tMS\\-Windows shortcut\n+ext \t\tlnk \t\tMS\\-Windows shortcut\n+category \tbrowser \tInternet shortcut\n+ext \t\turl \t\tInternet shortcut\n+category \tsystem \t\thyperterm\n+ext \t\tht \t\thyperterm\n+category \tMOF\t\tLittle-endian UTF-16 Unicode C++ program text\n+ext \t\tmof\t\tLittle-endian UTF-16 Unicode C++ program text\n" /usr/share/tsk/sorter/windows.sort.bak: diff: New file mode: '0644' comment: Recursively updated /usr/share/tsk/sorter duration: 185.096 name: /usr/share/tsk/sorter pchanges: {} result: true start_time: '13:46:30.912499' file_|-sift-powershell-source_|-/var/cache/sift/archives/powershell_6.0.0-alpha.13-1ubuntu1.16.04.1_amd64.deb_|-managed: __id__: sift-powershell-source __run_num__: 142 changes: diff: New file mode: '0644' comment: File /var/cache/sift/archives/powershell_6.0.0-alpha.13-1ubuntu1.16.04.1_amd64.deb updated duration: 13350.167 name: /var/cache/sift/archives/powershell_6.0.0-alpha.13-1ubuntu1.16.04.1_amd64.deb pchanges: {} result: true start_time: '13:29:45.567586' file_|-sift-resources_|-/usr/share/sift_|-recurse: __id__: sift-resources __run_num__: 410 changes: /usr/share/sift/audio/doink_doink.mp3: diff: New file mode: '0644' /usr/share/sift/images/dfir_avatar.jpg: diff: New file mode: '0644' /usr/share/sift/images/dfir_logo.png: diff: New file mode: '0644' /usr/share/sift/images/forensics_blue.jpg: diff: New file mode: '0644' /usr/share/sift/images/login_logo.png: diff: New file mode: '0644' /usr/share/sift/other/gnome-terminal.desktop: diff: New file mode: '0644' /usr/share/sift/resources/Evidence-of-Poster.pdf: diff: New file mode: '0644' /usr/share/sift/resources/Find-Evil-Poster.pdf: diff: New file mode: '0644' /usr/share/sift/resources/SANS-DFIR.pdf: diff: New file mode: '0644' /usr/share/sift/resources/Smartphone-Forensics-Poster.pdf: diff: New file mode: '0644' /usr/share/sift/resources/memory-forensics-cheatsheet.pdf: diff: New file mode: '0644' /usr/share/sift/resources/network-forensics-cheatsheet.pdf: diff: New file mode: '0644' /usr/share/sift/resources/sift-cheatsheet.pdf: diff: New file mode: '0644' /usr/share/sift/resources/windows-to-unix-cheatsheet.pdf: diff: New file mode: '0644' /usr/share/sift/scripts/update-sift: diff: New file mode: '0644' comment: Recursively updated /usr/share/sift duration: 351.748 name: /usr/share/sift pchanges: {} result: true start_time: '13:46:30.551545' file_|-sift-samba-initial_|-/etc/samba/.sift-samba_|-managed: __id__: sift-samba-initial __run_num__: 491 changes: diff: New file comment: File /etc/samba/.sift-samba updated duration: 8.04 name: /etc/samba/.sift-samba pchanges: {} result: true start_time: '11:46:38.130252' file_|-sift-scripts-4n6-WP8_AppPerms.py_|-/usr/local/bin/WP8_AppPerms.py_|-copy: __id__: sift-scripts-4n6-WP8_AppPerms.py __run_num__: 274 changes: /usr/local/bin/WP8_AppPerms.py: /usr/local/src/4n6-scripts/WP8_AppPerms.py comment: Copied "/usr/local/src/4n6-scripts/WP8_AppPerms.py" to "/usr/local/bin/WP8_AppPerms.py" duration: 2.526 name: /usr/local/bin/WP8_AppPerms.py result: true start_time: '13:46:17.681324' file_|-sift-scripts-4n6-bing-bar-parser.pl_|-/usr/local/bin/bing-bar-parser.pl_|-copy: __id__: sift-scripts-4n6-bing-bar-parser.pl __run_num__: 275 changes: /usr/local/bin/bing-bar-parser.pl: /usr/local/src/4n6-scripts/bing-bar-parser.pl comment: Copied "/usr/local/src/4n6-scripts/bing-bar-parser.pl" to "/usr/local/bin/bing-bar-parser.pl" duration: 2.411 name: /usr/local/bin/bing-bar-parser.pl result: true start_time: '13:46:17.690818' file_|-sift-scripts-4n6-chunkymonkey.py_|-/usr/local/bin/chunkymonkey.py_|-copy: __id__: sift-scripts-4n6-chunkymonkey.py __run_num__: 276 changes: /usr/local/bin/chunkymonkey.py: /usr/local/src/4n6-scripts/chunkymonkey.py comment: Copied "/usr/local/src/4n6-scripts/chunkymonkey.py" to "/usr/local/bin/chunkymonkey.py" duration: 1.738 name: /usr/local/bin/chunkymonkey.py result: true start_time: '13:46:17.699697' file_|-sift-scripts-4n6-dextract.def_|-/usr/local/bin/dextract.def_|-copy: __id__: sift-scripts-4n6-dextract.def __run_num__: 277 changes: /usr/local/bin/dextract.def: /usr/local/src/4n6-scripts/dextract.def comment: Copied "/usr/local/src/4n6-scripts/dextract.def" to "/usr/local/bin/dextract.def" duration: 1.827 name: /usr/local/bin/dextract.def result: true start_time: '13:46:17.707861' file_|-sift-scripts-4n6-dextract.py_|-/usr/local/bin/dextract.py_|-copy: __id__: sift-scripts-4n6-dextract.py __run_num__: 278 changes: /usr/local/bin/dextract.py: /usr/local/src/4n6-scripts/dextract.py comment: Copied "/usr/local/src/4n6-scripts/dextract.py" to "/usr/local/bin/dextract.py" duration: 3.301 name: /usr/local/bin/dextract.py result: true start_time: '13:46:17.717804' file_|-sift-scripts-4n6-docx-font-extractor.pl_|-/usr/local/bin/docx-font-extractor.pl_|-copy: __id__: sift-scripts-4n6-docx-font-extractor.pl __run_num__: 279 changes: /usr/local/bin/docx-font-extractor.pl: /usr/local/src/4n6-scripts/docx-font-extractor.pl comment: Copied "/usr/local/src/4n6-scripts/docx-font-extractor.pl" to "/usr/local/bin/docx-font-extractor.pl" duration: 2.118 name: /usr/local/bin/docx-font-extractor.pl result: true start_time: '13:46:17.728453' file_|-sift-scripts-4n6-exif2map.pl_|-/usr/local/bin/exif2map.pl_|-copy: __id__: sift-scripts-4n6-exif2map.pl __run_num__: 280 changes: /usr/local/bin/exif2map.pl: /usr/local/src/4n6-scripts/exif2map.pl comment: Copied "/usr/local/src/4n6-scripts/exif2map.pl" to "/usr/local/bin/exif2map.pl" duration: 3.365 name: /usr/local/bin/exif2map.pl result: true start_time: '13:46:17.737347' file_|-sift-scripts-4n6-fbmsg-extractor.py_|-/usr/local/bin/fbmsg-extractor.py_|-copy: __id__: sift-scripts-4n6-fbmsg-extractor.py __run_num__: 281 changes: /usr/local/bin/fbmsg-extractor.py: /usr/local/src/4n6-scripts/fbmsg-extractor.py comment: Copied "/usr/local/src/4n6-scripts/fbmsg-extractor.py" to "/usr/local/bin/fbmsg-extractor.py" duration: 2.556 name: /usr/local/bin/fbmsg-extractor.py result: true start_time: '13:46:17.747294' file_|-sift-scripts-4n6-gis4cookie.pl_|-/usr/local/bin/gis4cookie.pl_|-copy: __id__: sift-scripts-4n6-gis4cookie.pl __run_num__: 282 changes: /usr/local/bin/gis4cookie.pl: /usr/local/src/4n6-scripts/gis4cookie.pl comment: Copied "/usr/local/src/4n6-scripts/gis4cookie.pl" to "/usr/local/bin/gis4cookie.pl" duration: 2.164 name: /usr/local/bin/gis4cookie.pl result: true start_time: '13:46:17.754913' file_|-sift-scripts-4n6-google-ei-time.py_|-/usr/local/bin/google-ei-time.py_|-copy: __id__: sift-scripts-4n6-google-ei-time.py __run_num__: 283 changes: /usr/local/bin/google-ei-time.py: /usr/local/src/4n6-scripts/google-ei-time.py comment: Copied "/usr/local/src/4n6-scripts/google-ei-time.py" to "/usr/local/bin/google-ei-time.py" duration: 2.831 name: /usr/local/bin/google-ei-time.py result: true start_time: '13:46:17.765023' file_|-sift-scripts-4n6-imgcache-parse-mod.py_|-/usr/local/bin/imgcache-parse-mod.py_|-copy: __id__: sift-scripts-4n6-imgcache-parse-mod.py __run_num__: 284 changes: /usr/local/bin/imgcache-parse-mod.py: /usr/local/src/4n6-scripts/imgcache-parse-mod.py comment: Copied "/usr/local/src/4n6-scripts/imgcache-parse-mod.py" to "/usr/local/bin/imgcache-parse-mod.py" duration: 2.557 name: /usr/local/bin/imgcache-parse-mod.py result: true start_time: '13:46:17.776441' file_|-sift-scripts-4n6-imgcache-parse.py_|-/usr/local/bin/imgcache-parse.py_|-copy: __id__: sift-scripts-4n6-imgcache-parse.py __run_num__: 285 changes: /usr/local/bin/imgcache-parse.py: /usr/local/src/4n6-scripts/imgcache-parse.py comment: Copied "/usr/local/src/4n6-scripts/imgcache-parse.py" to "/usr/local/bin/imgcache-parse.py" duration: 2.059 name: /usr/local/bin/imgcache-parse.py result: true start_time: '13:46:17.786444' file_|-sift-scripts-4n6-json-printer.pl_|-/usr/local/bin/json-printer.pl_|-copy: __id__: sift-scripts-4n6-json-printer.pl __run_num__: 286 changes: /usr/local/bin/json-printer.pl: /usr/local/src/4n6-scripts/json-printer.pl comment: Copied "/usr/local/src/4n6-scripts/json-printer.pl" to "/usr/local/bin/json-printer.pl" duration: 1.499 name: /usr/local/bin/json-printer.pl result: true start_time: '13:46:17.795758' file_|-sift-scripts-4n6-msoffice-pic-extractor.py_|-/usr/local/bin/msoffice-pic-extractor.py_|-copy: __id__: sift-scripts-4n6-msoffice-pic-extractor.py __run_num__: 287 changes: /usr/local/bin/msoffice-pic-extractor.py: /usr/local/src/4n6-scripts/msoffice-pic-extractor.py comment: Copied "/usr/local/src/4n6-scripts/msoffice-pic-extractor.py" to "/usr/local/bin/msoffice-pic-extractor.py" duration: 2.882 name: /usr/local/bin/msoffice-pic-extractor.py result: true start_time: '13:46:17.804067' file_|-sift-scripts-4n6-plist2db.py_|-/usr/local/bin/plist2db.py_|-copy: __id__: sift-scripts-4n6-plist2db.py __run_num__: 288 changes: /usr/local/bin/plist2db.py: /usr/local/src/4n6-scripts/plist2db.py comment: Copied "/usr/local/src/4n6-scripts/plist2db.py" to "/usr/local/bin/plist2db.py" duration: 1.876 name: /usr/local/bin/plist2db.py result: true start_time: '13:46:17.816469' file_|-sift-scripts-4n6-print_apk_perms.py_|-/usr/local/bin/print_apk_perms.py_|-copy: __id__: sift-scripts-4n6-print_apk_perms.py __run_num__: 289 changes: /usr/local/bin/print_apk_perms.py: /usr/local/src/4n6-scripts/print_apk_perms.py comment: Copied "/usr/local/src/4n6-scripts/print_apk_perms.py" to "/usr/local/bin/print_apk_perms.py" duration: 2.975 name: /usr/local/bin/print_apk_perms.py result: true start_time: '13:46:17.825141' file_|-sift-scripts-4n6-s2-cellid2latlong.py_|-/usr/local/bin/s2-cellid2latlong.py_|-copy: __id__: sift-scripts-4n6-s2-cellid2latlong.py __run_num__: 290 changes: /usr/local/bin/s2-cellid2latlong.py: /usr/local/src/4n6-scripts/s2-cellid2latlong.py comment: Copied "/usr/local/src/4n6-scripts/s2-cellid2latlong.py" to "/usr/local/bin/s2-cellid2latlong.py" duration: 2.185 name: /usr/local/bin/s2-cellid2latlong.py result: true start_time: '13:46:17.834524' file_|-sift-scripts-4n6-s2-latlong2cellid.py_|-/usr/local/bin/s2-latlong2cellid.py_|-copy: __id__: sift-scripts-4n6-s2-latlong2cellid.py __run_num__: 291 changes: /usr/local/bin/s2-latlong2cellid.py: /usr/local/src/4n6-scripts/s2-latlong2cellid.py comment: Copied "/usr/local/src/4n6-scripts/s2-latlong2cellid.py" to "/usr/local/bin/s2-latlong2cellid.py" duration: 1.505 name: /usr/local/bin/s2-latlong2cellid.py result: true start_time: '13:46:17.844694' file_|-sift-scripts-4n6-sms-grep-sample-config.txt_|-/usr/local/bin/sms-grep-sample-config.txt_|-copy: __id__: sift-scripts-4n6-sms-grep-sample-config.txt __run_num__: 292 changes: /usr/local/bin/sms-grep-sample-config.txt: /usr/local/src/4n6-scripts/sms-grep-sample-config.txt comment: Copied "/usr/local/src/4n6-scripts/sms-grep-sample-config.txt" to "/usr/local/bin/sms-grep-sample-config.txt" duration: 2.44 name: /usr/local/bin/sms-grep-sample-config.txt result: true start_time: '13:46:17.851959' file_|-sift-scripts-4n6-sms-grep.pl_|-/usr/local/bin/sms-grep.pl_|-copy: __id__: sift-scripts-4n6-sms-grep.pl __run_num__: 293 changes: /usr/local/bin/sms-grep.pl: /usr/local/src/4n6-scripts/sms-grep.pl comment: Copied "/usr/local/src/4n6-scripts/sms-grep.pl" to "/usr/local/bin/sms-grep.pl" duration: 2.969 name: /usr/local/bin/sms-grep.pl result: true start_time: '13:46:17.864182' file_|-sift-scripts-4n6-sqlite-base64-decode.py_|-/usr/local/bin/sqlite-base64-decode.py_|-copy: __id__: sift-scripts-4n6-sqlite-base64-decode.py __run_num__: 294 changes: /usr/local/bin/sqlite-base64-decode.py: /usr/local/src/4n6-scripts/sqlite-base64-decode.py comment: Copied "/usr/local/src/4n6-scripts/sqlite-base64-decode.py" to "/usr/local/bin/sqlite-base64-decode.py" duration: 2.788 name: /usr/local/bin/sqlite-base64-decode.py result: true start_time: '13:46:17.874414' file_|-sift-scripts-4n6-sqlite-blob-dumper.py_|-/usr/local/bin/sqlite-blob-dumper.py_|-copy: __id__: sift-scripts-4n6-sqlite-blob-dumper.py __run_num__: 295 changes: /usr/local/bin/sqlite-blob-dumper.py: /usr/local/src/4n6-scripts/sqlite-blob-dumper.py comment: Copied "/usr/local/src/4n6-scripts/sqlite-blob-dumper.py" to "/usr/local/bin/sqlite-blob-dumper.py" duration: 2.267 name: /usr/local/bin/sqlite-blob-dumper.py result: true start_time: '13:46:17.885108' file_|-sift-scripts-4n6-sqlite-parser.pl_|-/usr/local/bin/sqlite-parser.pl_|-copy: __id__: sift-scripts-4n6-sqlite-parser.pl __run_num__: 296 changes: /usr/local/bin/sqlite-parser.pl: /usr/local/src/4n6-scripts/sqlite-parser.pl comment: Copied "/usr/local/src/4n6-scripts/sqlite-parser.pl" to "/usr/local/bin/sqlite-parser.pl" duration: 1.331 name: /usr/local/bin/sqlite-parser.pl result: true start_time: '13:46:17.895085' file_|-sift-scripts-4n6-squirrelgripper-README.txt_|-/usr/local/bin/squirrelgripper-README.txt_|-copy: __id__: sift-scripts-4n6-squirrelgripper-README.txt __run_num__: 297 changes: /usr/local/bin/squirrelgripper-README.txt: /usr/local/src/4n6-scripts/squirrelgripper-README.txt comment: Copied "/usr/local/src/4n6-scripts/squirrelgripper-README.txt" to "/usr/local/bin/squirrelgripper-README.txt" duration: 2.68 name: /usr/local/bin/squirrelgripper-README.txt result: true start_time: '13:46:17.901488' file_|-sift-scripts-4n6-squirrelgripper.pl_|-/usr/local/bin/squirrelgripper.pl_|-copy: __id__: sift-scripts-4n6-squirrelgripper.pl __run_num__: 298 changes: /usr/local/bin/squirrelgripper.pl: /usr/local/src/4n6-scripts/squirrelgripper.pl comment: Copied "/usr/local/src/4n6-scripts/squirrelgripper.pl" to "/usr/local/bin/squirrelgripper.pl" duration: 2.535 name: /usr/local/bin/squirrelgripper.pl result: true start_time: '13:46:17.911743' file_|-sift-scripts-4n6-timediff32.pl_|-/usr/local/bin/timediff32.pl_|-copy: __id__: sift-scripts-4n6-timediff32.pl __run_num__: 299 changes: /usr/local/bin/timediff32.pl: /usr/local/src/4n6-scripts/timediff32.pl comment: Copied "/usr/local/src/4n6-scripts/timediff32.pl" to "/usr/local/bin/timediff32.pl" duration: 2.77 name: /usr/local/bin/timediff32.pl result: true start_time: '13:46:17.924347' file_|-sift-scripts-4n6-vmail-db-2-html.pl_|-/usr/local/bin/vmail-db-2-html.pl_|-copy: __id__: sift-scripts-4n6-vmail-db-2-html.pl __run_num__: 300 changes: /usr/local/bin/vmail-db-2-html.pl: /usr/local/src/4n6-scripts/vmail-db-2-html.pl comment: Copied "/usr/local/src/4n6-scripts/vmail-db-2-html.pl" to "/usr/local/bin/vmail-db-2-html.pl" duration: 1.48 name: /usr/local/bin/vmail-db-2-html.pl result: true start_time: '13:46:17.935246' file_|-sift-scripts-4n6-wp8-1-callhistory.py_|-/usr/local/bin/wp8-1-callhistory.py_|-copy: __id__: sift-scripts-4n6-wp8-1-callhistory.py __run_num__: 301 changes: /usr/local/bin/wp8-1-callhistory.py: /usr/local/src/4n6-scripts/wp8-1-callhistory.py comment: Copied "/usr/local/src/4n6-scripts/wp8-1-callhistory.py" to "/usr/local/bin/wp8-1-callhistory.py" duration: 2.129 name: /usr/local/bin/wp8-1-callhistory.py result: true start_time: '13:46:17.944197' file_|-sift-scripts-4n6-wp8-1-contacts.py_|-/usr/local/bin/wp8-1-contacts.py_|-copy: __id__: sift-scripts-4n6-wp8-1-contacts.py __run_num__: 302 changes: /usr/local/bin/wp8-1-contacts.py: /usr/local/src/4n6-scripts/wp8-1-contacts.py comment: Copied "/usr/local/src/4n6-scripts/wp8-1-contacts.py" to "/usr/local/bin/wp8-1-contacts.py" duration: 2.969 name: /usr/local/bin/wp8-1-contacts.py result: true start_time: '13:46:17.951496' file_|-sift-scripts-4n6-wp8-1-mms-filesort.py_|-/usr/local/bin/wp8-1-mms-filesort.py_|-copy: __id__: sift-scripts-4n6-wp8-1-mms-filesort.py __run_num__: 303 changes: /usr/local/bin/wp8-1-mms-filesort.py: /usr/local/src/4n6-scripts/wp8-1-mms-filesort.py comment: Copied "/usr/local/src/4n6-scripts/wp8-1-mms-filesort.py" to "/usr/local/bin/wp8-1-mms-filesort.py" duration: 2.717 name: /usr/local/bin/wp8-1-mms-filesort.py result: true start_time: '13:46:17.962169' file_|-sift-scripts-4n6-wp8-1-mms.py_|-/usr/local/bin/wp8-1-mms.py_|-copy: __id__: sift-scripts-4n6-wp8-1-mms.py __run_num__: 304 changes: /usr/local/bin/wp8-1-mms.py: /usr/local/src/4n6-scripts/wp8-1-mms.py comment: Copied "/usr/local/src/4n6-scripts/wp8-1-mms.py" to "/usr/local/bin/wp8-1-mms.py" duration: 2.179 name: /usr/local/bin/wp8-1-mms.py result: true start_time: '13:46:17.970880' file_|-sift-scripts-4n6-wp8-1-sms.py_|-/usr/local/bin/wp8-1-sms.py_|-copy: __id__: sift-scripts-4n6-wp8-1-sms.py __run_num__: 305 changes: /usr/local/bin/wp8-1-sms.py: /usr/local/src/4n6-scripts/wp8-1-sms.py comment: Copied "/usr/local/src/4n6-scripts/wp8-1-sms.py" to "/usr/local/bin/wp8-1-sms.py" duration: 1.533 name: /usr/local/bin/wp8-1-sms.py result: true start_time: '13:46:17.979359' file_|-sift-scripts-4n6-wp8-callhistory.py_|-/usr/local/bin/wp8-callhistory.py_|-copy: __id__: sift-scripts-4n6-wp8-callhistory.py __run_num__: 306 changes: /usr/local/bin/wp8-callhistory.py: /usr/local/src/4n6-scripts/wp8-callhistory.py comment: Copied "/usr/local/src/4n6-scripts/wp8-callhistory.py" to "/usr/local/bin/wp8-callhistory.py" duration: 2.194 name: /usr/local/bin/wp8-callhistory.py result: true start_time: '13:46:17.987793' file_|-sift-scripts-4n6-wp8-contacts.py_|-/usr/local/bin/wp8-contacts.py_|-copy: __id__: sift-scripts-4n6-wp8-contacts.py __run_num__: 307 changes: /usr/local/bin/wp8-contacts.py: /usr/local/src/4n6-scripts/wp8-contacts.py comment: Copied "/usr/local/src/4n6-scripts/wp8-contacts.py" to "/usr/local/bin/wp8-contacts.py" duration: 2.681 name: /usr/local/bin/wp8-contacts.py result: true start_time: '13:46:17.995547' file_|-sift-scripts-4n6-wp8-fb-msg.py_|-/usr/local/bin/wp8-fb-msg.py_|-copy: __id__: sift-scripts-4n6-wp8-fb-msg.py __run_num__: 308 changes: /usr/local/bin/wp8-fb-msg.py: /usr/local/src/4n6-scripts/wp8-fb-msg.py comment: Copied "/usr/local/src/4n6-scripts/wp8-fb-msg.py" to "/usr/local/bin/wp8-fb-msg.py" duration: 3.076 name: /usr/local/bin/wp8-fb-msg.py result: true start_time: '13:46:18.006415' file_|-sift-scripts-4n6-wp8-sha256-pin-finder.py_|-/usr/local/bin/wp8-sha256-pin-finder.py_|-copy: __id__: sift-scripts-4n6-wp8-sha256-pin-finder.py __run_num__: 309 changes: /usr/local/bin/wp8-sha256-pin-finder.py: /usr/local/src/4n6-scripts/wp8-sha256-pin-finder.py comment: Copied "/usr/local/src/4n6-scripts/wp8-sha256-pin-finder.py" to "/usr/local/bin/wp8-sha256-pin-finder.py" duration: 1.775 name: /usr/local/bin/wp8-sha256-pin-finder.py result: true start_time: '13:46:18.015711' file_|-sift-scripts-4n6-wp8-sms.py_|-/usr/local/bin/wp8-sms.py_|-copy: __id__: sift-scripts-4n6-wp8-sms.py __run_num__: 310 changes: /usr/local/bin/wp8-sms.py: /usr/local/src/4n6-scripts/wp8-sms.py comment: Copied "/usr/local/src/4n6-scripts/wp8-sms.py" to "/usr/local/bin/wp8-sms.py" duration: 2.016 name: /usr/local/bin/wp8-sms.py result: true start_time: '13:46:18.027878' file_|-sift-scripts-4n6-wwf-chat-parser.py_|-/usr/local/bin/wwf-chat-parser.py_|-copy: __id__: sift-scripts-4n6-wwf-chat-parser.py __run_num__: 311 changes: /usr/local/bin/wwf-chat-parser.py: /usr/local/src/4n6-scripts/wwf-chat-parser.py comment: Copied "/usr/local/src/4n6-scripts/wwf-chat-parser.py" to "/usr/local/bin/wwf-chat-parser.py" duration: 1.611 name: /usr/local/bin/wwf-chat-parser.py result: true start_time: '13:46:18.034814' file_|-sift-scripts-amcache-shebang_|-/usr/local/bin/amcache.py_|-replace: __id__: sift-scripts-amcache-shebang __run_num__: 313 changes: diff: "--- \n+++ \n@@ -1,4 +1,4 @@\n-#!/usr/bin/python\n+#!/usr/bin/env python\n # This file is part of python-registry.\n #\n # Copyright 2015 Will Ballenthin \n" comment: Changes were made duration: 5.972 name: /usr/local/bin/amcache.py pchanges: diff: "--- \n+++ \n@@ -1,4 +1,4 @@\n-#!/usr/bin/python\n+#!/usr/bin/env python\n # This file is part of python-registry.\n #\n # Copyright 2015 Will Ballenthin \n" result: true start_time: '13:46:18.811553' file_|-sift-scripts-amcache_|-/usr/local/bin/amcache.py_|-managed: __id__: sift-scripts-amcache __run_num__: 312 changes: diff: New file mode: '0755' comment: File /usr/local/bin/amcache.py updated duration: 250.175 name: /usr/local/bin/amcache.py pchanges: {} result: true start_time: '13:46:18.036586' file_|-sift-scripts-dump-mft-entry-shebang_|-/usr/local/bin/dump-mft-entry.pl_|-replace: __id__: sift-scripts-dump-mft-entry-shebang __run_num__: 315 changes: diff: "--- \n+++ \n@@ -1,4 +1,4 @@\n-#!/usr/bin/perl\n+#!/usr/bin/env perl\n \n #------------------------------\n #dump_mft_entry.pl\n" comment: Changes were made duration: 2.615 name: /usr/local/bin/dump-mft-entry.pl pchanges: diff: "--- \n+++ \n@@ -1,4 +1,4 @@\n-#!/usr/bin/perl\n+#!/usr/bin/env perl\n \n #------------------------------\n #dump_mft_entry.pl\n" result: true start_time: '13:46:19.051566' file_|-sift-scripts-dump-mft-entry_|-/usr/local/bin/dump-mft-entry.pl_|-managed: __id__: sift-scripts-dump-mft-entry __run_num__: 314 changes: diff: New file mode: '0755' comment: File /usr/local/bin/dump-mft-entry.pl updated duration: 226.653 name: /usr/local/bin/dump-mft-entry.pl pchanges: {} result: true start_time: '13:46:18.817848' file_|-sift-scripts-image-mounter_|-/usr/local/bin/imageMounter.py_|-managed: __id__: sift-scripts-image-mounter __run_num__: 316 changes: diff: New file mode: '0755' comment: File /usr/local/bin/imageMounter.py updated duration: 247.105 name: /usr/local/bin/imageMounter.py pchanges: {} result: true start_time: '13:46:19.054469' file_|-sift-scripts-jobparser_|-/usr/local/bin/jobparser.py_|-managed: __id__: sift-scripts-jobparser __run_num__: 318 changes: diff: New file mode: '0755' comment: File /usr/local/bin/jobparser.py updated duration: 270.555 name: /usr/local/bin/jobparser.py pchanges: {} result: true start_time: '13:46:19.558393' file_|-sift-scripts-keydet-tools-bodyfile.pl_|-/usr/local/bin/bodyfile.pl_|-copy: __id__: sift-scripts-keydet-tools-bodyfile.pl __run_num__: 320 changes: /usr/local/bin/bodyfile.pl: /usr/local/src/keydet-tools/source/bodyfile.pl comment: Copied "/usr/local/src/keydet-tools/source/bodyfile.pl" to "/usr/local/bin/bodyfile.pl" duration: 1.364 name: /usr/local/bin/bodyfile.pl result: true start_time: '13:46:23.835581' file_|-sift-scripts-keydet-tools-evtparse.pl_|-/usr/local/bin/evtparse.pl_|-copy: __id__: sift-scripts-keydet-tools-evtparse.pl __run_num__: 322 changes: /usr/local/bin/evtparse.pl: /usr/local/src/keydet-tools/source/evtparse.pl comment: Copied "/usr/local/src/keydet-tools/source/evtparse.pl" to "/usr/local/bin/evtparse.pl" duration: 1.177 name: /usr/local/bin/evtparse.pl result: true start_time: '13:46:23.846271' file_|-sift-scripts-keydet-tools-evtrpt.pl_|-/usr/local/bin/evtrpt.pl_|-copy: __id__: sift-scripts-keydet-tools-evtrpt.pl __run_num__: 324 changes: /usr/local/bin/evtrpt.pl: /usr/local/src/keydet-tools/source/evtrpt.pl comment: Copied "/usr/local/src/keydet-tools/source/evtrpt.pl" to "/usr/local/bin/evtrpt.pl" duration: 1.717 name: /usr/local/bin/evtrpt.pl result: true start_time: '13:46:23.860053' file_|-sift-scripts-keydet-tools-evtxparse.pl_|-/usr/local/bin/evtxparse.pl_|-copy: __id__: sift-scripts-keydet-tools-evtxparse.pl __run_num__: 326 changes: /usr/local/bin/evtxparse.pl: /usr/local/src/keydet-tools/source/evtxparse.pl comment: Copied "/usr/local/src/keydet-tools/source/evtxparse.pl" to "/usr/local/bin/evtxparse.pl" duration: 3.36 name: /usr/local/bin/evtxparse.pl result: true start_time: '13:46:23.877184' file_|-sift-scripts-keydet-tools-fb.pl_|-/usr/local/bin/fb.pl_|-copy: __id__: sift-scripts-keydet-tools-fb.pl __run_num__: 328 changes: /usr/local/bin/fb.pl: /usr/local/src/keydet-tools/source/fb.pl comment: Copied "/usr/local/src/keydet-tools/source/fb.pl" to "/usr/local/bin/fb.pl" duration: 2.434 name: /usr/local/bin/fb.pl result: true start_time: '13:46:23.895785' file_|-sift-scripts-keydet-tools-ff.pl_|-/usr/local/bin/ff.pl_|-copy: __id__: sift-scripts-keydet-tools-ff.pl __run_num__: 330 changes: /usr/local/bin/ff.pl: /usr/local/src/keydet-tools/source/ff.pl comment: Copied "/usr/local/src/keydet-tools/source/ff.pl" to "/usr/local/bin/ff.pl" duration: 2.554 name: /usr/local/bin/ff.pl result: true start_time: '13:46:23.916799' file_|-sift-scripts-keydet-tools-ff_signons.pl_|-/usr/local/bin/ff_signons.pl_|-copy: __id__: sift-scripts-keydet-tools-ff_signons.pl __run_num__: 332 changes: /usr/local/bin/ff_signons.pl: /usr/local/src/keydet-tools/source/ff_signons.pl comment: Copied "/usr/local/src/keydet-tools/source/ff_signons.pl" to "/usr/local/bin/ff_signons.pl" duration: 1.823 name: /usr/local/bin/ff_signons.pl result: true start_time: '13:46:23.934031' file_|-sift-scripts-keydet-tools-ftkparse.pl_|-/usr/local/bin/ftkparse.pl_|-copy: __id__: sift-scripts-keydet-tools-ftkparse.pl __run_num__: 334 changes: /usr/local/bin/ftkparse.pl: /usr/local/src/keydet-tools/source/ftkparse.pl comment: Copied "/usr/local/src/keydet-tools/source/ftkparse.pl" to "/usr/local/bin/ftkparse.pl" duration: 1.524 name: /usr/local/bin/ftkparse.pl result: true start_time: '13:46:23.947408' file_|-sift-scripts-keydet-tools-idx.pl_|-/usr/local/bin/idx.pl_|-copy: __id__: sift-scripts-keydet-tools-idx.pl __run_num__: 336 changes: /usr/local/bin/idx.pl: /usr/local/src/keydet-tools/source/idx.pl comment: Copied "/usr/local/src/keydet-tools/source/idx.pl" to "/usr/local/bin/idx.pl" duration: 3.084 name: /usr/local/bin/idx.pl result: true start_time: '13:46:23.969843' file_|-sift-scripts-keydet-tools-idxparse.pl_|-/usr/local/bin/idxparse.pl_|-copy: __id__: sift-scripts-keydet-tools-idxparse.pl __run_num__: 338 changes: /usr/local/bin/idxparse.pl: /usr/local/src/keydet-tools/source/idxparse.pl comment: Copied "/usr/local/src/keydet-tools/source/idxparse.pl" to "/usr/local/bin/idxparse.pl" duration: 2.77 name: /usr/local/bin/idxparse.pl result: true start_time: '13:46:23.990000' file_|-sift-scripts-keydet-tools-jl.pl_|-/usr/local/bin/jl.pl_|-copy: __id__: sift-scripts-keydet-tools-jl.pl __run_num__: 340 changes: /usr/local/bin/jl.pl: /usr/local/src/keydet-tools/source/jl.pl comment: Copied "/usr/local/src/keydet-tools/source/jl.pl" to "/usr/local/bin/jl.pl" duration: 2.828 name: /usr/local/bin/jl.pl result: true start_time: '13:46:24.016166' file_|-sift-scripts-keydet-tools-jobparse.pl_|-/usr/local/bin/jobparse.pl_|-copy: __id__: sift-scripts-keydet-tools-jobparse.pl __run_num__: 342 changes: /usr/local/bin/jobparse.pl: /usr/local/src/keydet-tools/source/jobparse.pl comment: Copied "/usr/local/src/keydet-tools/source/jobparse.pl" to "/usr/local/bin/jobparse.pl" duration: 2.192 name: /usr/local/bin/jobparse.pl result: true start_time: '13:46:24.038033' file_|-sift-scripts-keydet-tools-lfle.pl_|-/usr/local/bin/lfle.pl_|-copy: __id__: sift-scripts-keydet-tools-lfle.pl __run_num__: 344 changes: /usr/local/bin/lfle.pl: /usr/local/src/keydet-tools/source/lfle.pl comment: Copied "/usr/local/src/keydet-tools/source/lfle.pl" to "/usr/local/bin/lfle.pl" duration: 1.669 name: /usr/local/bin/lfle.pl result: true start_time: '13:46:24.057907' file_|-sift-scripts-keydet-tools-lnk.pl_|-/usr/local/bin/lnk.pl_|-copy: __id__: sift-scripts-keydet-tools-lnk.pl __run_num__: 346 changes: /usr/local/bin/lnk.pl: /usr/local/src/keydet-tools/source/lnk.pl comment: Copied "/usr/local/src/keydet-tools/source/lnk.pl" to "/usr/local/bin/lnk.pl" duration: 3.398 name: /usr/local/bin/lnk.pl result: true start_time: '13:46:24.077551' file_|-sift-scripts-keydet-tools-mft.pl_|-/usr/local/bin/mft.pl_|-copy: __id__: sift-scripts-keydet-tools-mft.pl __run_num__: 348 changes: /usr/local/bin/mft.pl: /usr/local/src/keydet-tools/source/mft.pl comment: Copied "/usr/local/src/keydet-tools/source/mft.pl" to "/usr/local/bin/mft.pl" duration: 1.474 name: /usr/local/bin/mft.pl result: true start_time: '13:46:24.093095' file_|-sift-scripts-keydet-tools-parse.pl_|-/usr/local/bin/parse.pl_|-copy: __id__: sift-scripts-keydet-tools-parse.pl __run_num__: 350 changes: /usr/local/bin/parse.pl: /usr/local/src/keydet-tools/source/parse.pl comment: Copied "/usr/local/src/keydet-tools/source/parse.pl" to "/usr/local/bin/parse.pl" duration: 2.242 name: /usr/local/bin/parse.pl result: true start_time: '13:46:24.108044' file_|-sift-scripts-keydet-tools-parsei30.pl_|-/usr/local/bin/parsei30.pl_|-copy: __id__: sift-scripts-keydet-tools-parsei30.pl __run_num__: 352 changes: /usr/local/bin/parsei30.pl: /usr/local/src/keydet-tools/source/parsei30.pl comment: Copied "/usr/local/src/keydet-tools/source/parsei30.pl" to "/usr/local/bin/parsei30.pl" duration: 1.504 name: /usr/local/bin/parsei30.pl result: true start_time: '13:46:24.244338' file_|-sift-scripts-keydet-tools-parseie.pl_|-/usr/local/bin/parseie.pl_|-copy: __id__: sift-scripts-keydet-tools-parseie.pl __run_num__: 354 changes: /usr/local/bin/parseie.pl: /usr/local/src/keydet-tools/source/parseie.pl comment: Copied "/usr/local/src/keydet-tools/source/parseie.pl" to "/usr/local/bin/parseie.pl" duration: 1.924 name: /usr/local/bin/parseie.pl result: true start_time: '13:46:24.259715' file_|-sift-scripts-keydet-tools-pie.pl_|-/usr/local/bin/pie.pl_|-copy: __id__: sift-scripts-keydet-tools-pie.pl __run_num__: 356 changes: /usr/local/bin/pie.pl: /usr/local/src/keydet-tools/source/pie.pl comment: Copied "/usr/local/src/keydet-tools/source/pie.pl" to "/usr/local/bin/pie.pl" duration: 3.913 name: /usr/local/bin/pie.pl result: true start_time: '13:46:24.279346' file_|-sift-scripts-keydet-tools-pref.pl_|-/usr/local/bin/pref.pl_|-copy: __id__: sift-scripts-keydet-tools-pref.pl __run_num__: 358 changes: /usr/local/bin/pref.pl: /usr/local/src/keydet-tools/source/pref.pl comment: Copied "/usr/local/src/keydet-tools/source/pref.pl" to "/usr/local/bin/pref.pl" duration: 1.801 name: /usr/local/bin/pref.pl result: true start_time: '13:46:24.297265' file_|-sift-scripts-keydet-tools-rawie.pl_|-/usr/local/bin/rawie.pl_|-copy: __id__: sift-scripts-keydet-tools-rawie.pl __run_num__: 360 changes: /usr/local/bin/rawie.pl: /usr/local/src/keydet-tools/source/rawie.pl comment: Copied "/usr/local/src/keydet-tools/source/rawie.pl" to "/usr/local/bin/rawie.pl" duration: 1.336 name: /usr/local/bin/rawie.pl result: true start_time: '13:46:24.310178' file_|-sift-scripts-keydet-tools-recbin.pl_|-/usr/local/bin/recbin.pl_|-copy: __id__: sift-scripts-keydet-tools-recbin.pl __run_num__: 362 changes: /usr/local/bin/recbin.pl: /usr/local/src/keydet-tools/source/recbin.pl comment: Copied "/usr/local/src/keydet-tools/source/recbin.pl" to "/usr/local/bin/recbin.pl" duration: 1.56 name: /usr/local/bin/recbin.pl result: true start_time: '13:46:24.326480' file_|-sift-scripts-keydet-tools-regslack.pl_|-/usr/local/bin/regslack.pl_|-copy: __id__: sift-scripts-keydet-tools-regslack.pl __run_num__: 364 changes: /usr/local/bin/regslack.pl: /usr/local/src/keydet-tools/source/regslack.pl comment: Copied "/usr/local/src/keydet-tools/source/regslack.pl" to "/usr/local/bin/regslack.pl" duration: 1.786 name: /usr/local/bin/regslack.pl result: true start_time: '13:46:24.341830' file_|-sift-scripts-keydet-tools-regtime.pl_|-/usr/local/bin/regtime.pl_|-copy: __id__: sift-scripts-keydet-tools-regtime.pl __run_num__: 366 changes: /usr/local/bin/regtime.pl: /usr/local/src/keydet-tools/source/regtime.pl comment: Copied "/usr/local/src/keydet-tools/source/regtime.pl" to "/usr/local/bin/regtime.pl" duration: 1.262 name: /usr/local/bin/regtime.pl result: true start_time: '13:46:24.355052' file_|-sift-scripts-keydet-tools-rfc.pl_|-/usr/local/bin/rfc.pl_|-copy: __id__: sift-scripts-keydet-tools-rfc.pl __run_num__: 368 changes: /usr/local/bin/rfc.pl: /usr/local/src/keydet-tools/source/rfc.pl comment: Copied "/usr/local/src/keydet-tools/source/rfc.pl" to "/usr/local/bin/rfc.pl" duration: 1.783 name: /usr/local/bin/rfc.pl result: true start_time: '13:46:24.368262' file_|-sift-scripts-keydet-tools-rlo.pl_|-/usr/local/bin/rlo.pl_|-copy: __id__: sift-scripts-keydet-tools-rlo.pl __run_num__: 370 changes: /usr/local/bin/rlo.pl: /usr/local/src/keydet-tools/source/rlo.pl comment: Copied "/usr/local/src/keydet-tools/source/rlo.pl" to "/usr/local/bin/rlo.pl" duration: 1.746 name: /usr/local/bin/rlo.pl result: true start_time: '13:46:24.388391' file_|-sift-scripts-keydet-tools-shebang-bodyfile.pl_|-/usr/local/bin/bodyfile.pl_|-replace: __id__: sift-scripts-keydet-tools-shebang-bodyfile.pl __run_num__: 321 changes: diff: "--- \n+++ \n@@ -1,4 +1,4 @@\n-#! c:\\perl\\bin\\perl.exe\n+#!/usr/bin/env perl\n #-----------------------------------------------------------\n # open a file produced by the output of TSK's fls.exe, and \n # translate it into the 5 field timeline format\n" comment: Changes were made duration: 1.858 name: /usr/local/bin/bodyfile.pl pchanges: diff: "--- \n+++ \n@@ -1,4 +1,4 @@\n-#! c:\\perl\\bin\\perl.exe\n+#!/usr/bin/env perl\n #-----------------------------------------------------------\n # open a file produced by the output of TSK's fls.exe, and \n # translate it into the 5 field timeline format\n" result: true start_time: '13:46:23.840736' file_|-sift-scripts-keydet-tools-shebang-evtparse.pl_|-/usr/local/bin/evtparse.pl_|-replace: __id__: sift-scripts-keydet-tools-shebang-evtparse.pl __run_num__: 323 changes: diff: "--- \n+++ \n@@ -1,4 +1,4 @@\n-#! c:\\perl\\bin\\perl.exe\n+#!/usr/bin/env perl\n #---------------------------------------------------------------------\n # evtparse.pl - script to parse Windows 2000/XP/2003 Event Log files\n # Output is in TLN format, goes to STDOUT\n" comment: Changes were made duration: 3.186 name: /usr/local/bin/evtparse.pl pchanges: diff: "--- \n+++ \n@@ -1,4 +1,4 @@\n-#! c:\\perl\\bin\\perl.exe\n+#!/usr/bin/env perl\n #---------------------------------------------------------------------\n # evtparse.pl - script to parse Windows 2000/XP/2003 Event Log files\n # Output is in TLN format, goes to STDOUT\n" result: true start_time: '13:46:23.852193' file_|-sift-scripts-keydet-tools-shebang-evtrpt.pl_|-/usr/local/bin/evtrpt.pl_|-replace: __id__: sift-scripts-keydet-tools-shebang-evtrpt.pl __run_num__: 325 changes: diff: "--- \n+++ \n@@ -1,4 +1,4 @@\n-#! c:\\perl\\bin\\perl.exe\n+#!/usr/bin/env perl\n #---------------------------------------------------------------------\n # evtrpt.pl - script to parse Windows 2000/XP/2003 Event Log files\n # and generate a report of the contents (event freq, date range, etc.)\n" comment: Changes were made duration: 3.907 name: /usr/local/bin/evtrpt.pl pchanges: diff: "--- \n+++ \n@@ -1,4 +1,4 @@\n-#! c:\\perl\\bin\\perl.exe\n+#!/usr/bin/env perl\n #---------------------------------------------------------------------\n # evtrpt.pl - script to parse Windows 2000/XP/2003 Event Log files\n # and generate a report of the contents (event freq, date range, etc.)\n" result: true start_time: '13:46:23.866741' file_|-sift-scripts-keydet-tools-shebang-evtxparse.pl_|-/usr/local/bin/evtxparse.pl_|-replace: __id__: sift-scripts-keydet-tools-shebang-evtxparse.pl __run_num__: 327 changes: diff: "--- \n+++ \n@@ -1,4 +1,4 @@\n-#! C:\\perl\\bin\\perl.exe\n+#!/usr/bin/env perl\n #-----------------------------------------------------------\n # Parse the output of the following LogParser command:\n #\n" comment: Changes were made duration: 3.505 name: /usr/local/bin/evtxparse.pl pchanges: diff: "--- \n+++ \n@@ -1,4 +1,4 @@\n-#! C:\\perl\\bin\\perl.exe\n+#!/usr/bin/env perl\n #-----------------------------------------------------------\n # Parse the output of the following LogParser command:\n #\n" result: true start_time: '13:46:23.886695' file_|-sift-scripts-keydet-tools-shebang-fb.pl_|-/usr/local/bin/fb.pl_|-replace: __id__: sift-scripts-keydet-tools-shebang-fb.pl __run_num__: 329 changes: diff: "--- \n+++ \n@@ -1,4 +1,4 @@\n-#! c:\\perl\\bin\\perl.exe\n+#!/usr/bin/env perl\n #-----------------------------------------------------------\n # Script to parse exported Facebook chat messages; export the \n # individual messages to text (.txt) files in a single directory;\n" comment: Changes were made duration: 3.001 name: /usr/local/bin/fb.pl pchanges: diff: "--- \n+++ \n@@ -1,4 +1,4 @@\n-#! c:\\perl\\bin\\perl.exe\n+#!/usr/bin/env perl\n #-----------------------------------------------------------\n # Script to parse exported Facebook chat messages; export the \n # individual messages to text (.txt) files in a single directory;\n" result: true start_time: '13:46:23.905996' file_|-sift-scripts-keydet-tools-shebang-ff.pl_|-/usr/local/bin/ff.pl_|-replace: __id__: sift-scripts-keydet-tools-shebang-ff.pl __run_num__: 331 changes: diff: "--- \n+++ \n@@ -1,4 +1,4 @@\n-#! c:\\perl\\bin\\perl.exe\n+#!/usr/bin/env perl\n #-----------------------------------------------------------\n # Firefox 3 places.sqlite parsing\n #\n" comment: Changes were made duration: 2.932 name: /usr/local/bin/ff.pl pchanges: diff: "--- \n+++ \n@@ -1,4 +1,4 @@\n-#! c:\\perl\\bin\\perl.exe\n+#!/usr/bin/env perl\n #-----------------------------------------------------------\n # Firefox 3 places.sqlite parsing\n #\n" result: true start_time: '13:46:23.926252' file_|-sift-scripts-keydet-tools-shebang-ff_signons.pl_|-/usr/local/bin/ff_signons.pl_|-replace: __id__: sift-scripts-keydet-tools-shebang-ff_signons.pl __run_num__: 333 changes: diff: "--- \n+++ \n@@ -1,4 +1,4 @@\n-#! c:\\perl\\bin\\perl.exe\n+#!/usr/bin/env perl\n #-----------------------------------------------------------\n # Firefox 3 signons.sqlite parsing\n #\n" comment: Changes were made duration: 2.361 name: /usr/local/bin/ff_signons.pl pchanges: diff: "--- \n+++ \n@@ -1,4 +1,4 @@\n-#! c:\\perl\\bin\\perl.exe\n+#!/usr/bin/env perl\n #-----------------------------------------------------------\n # Firefox 3 signons.sqlite parsing\n #\n" result: true start_time: '13:46:23.940575' file_|-sift-scripts-keydet-tools-shebang-ftkparse.pl_|-/usr/local/bin/ftkparse.pl_|-replace: __id__: sift-scripts-keydet-tools-shebang-ftkparse.pl __run_num__: 335 changes: diff: "--- \n+++ \n@@ -1,4 +1,4 @@\n-#! c:\\perl\\bin\\perl.exe\n+#!/usr/bin/env perl\n #-------------------------------------------------------------\n # ftkparse.pl\n # Parse the .csv output from FTK Imager's \"Export Directory Listing...\"\n" comment: Changes were made duration: 4.732 name: /usr/local/bin/ftkparse.pl pchanges: diff: "--- \n+++ \n@@ -1,4 +1,4 @@\n-#! c:\\perl\\bin\\perl.exe\n+#!/usr/bin/env perl\n #-------------------------------------------------------------\n # ftkparse.pl\n # Parse the .csv output from FTK Imager's \"Export Directory Listing...\"\n" result: true start_time: '13:46:23.956348' file_|-sift-scripts-keydet-tools-shebang-idx.pl_|-/usr/local/bin/idx.pl_|-replace: __id__: sift-scripts-keydet-tools-shebang-idx.pl __run_num__: 337 changes: diff: "--- \n+++ \n@@ -1,4 +1,4 @@\n-#! c:\\perl\\bin\\perl.exe\n+#!/usr/bin/env perl\n #---------------------------------------------------------------------\n # idx.pl - Script to parse Java deployment cache *.idx files\n #\n" comment: Changes were made duration: 4.331 name: /usr/local/bin/idx.pl pchanges: diff: "--- \n+++ \n@@ -1,4 +1,4 @@\n-#! c:\\perl\\bin\\perl.exe\n+#!/usr/bin/env perl\n #---------------------------------------------------------------------\n # idx.pl - Script to parse Java deployment cache *.idx files\n #\n" result: true start_time: '13:46:23.979542' file_|-sift-scripts-keydet-tools-shebang-idxparse.pl_|-/usr/local/bin/idxparse.pl_|-replace: __id__: sift-scripts-keydet-tools-shebang-idxparse.pl __run_num__: 339 changes: diff: "--- \n+++ \n@@ -1,4 +1,4 @@\n-#! c:\\perl\\bin\\perl.exe\n+#!/usr/bin/env perl\n #---------------------------------------------------------------------\n # idxparse.pl - Script to parse Java deployment cache *.idx files\n # Parse Java deployment cache index (*.idx) files\n" comment: Changes were made duration: 5.81 name: /usr/local/bin/idxparse.pl pchanges: diff: "--- \n+++ \n@@ -1,4 +1,4 @@\n-#! c:\\perl\\bin\\perl.exe\n+#!/usr/bin/env perl\n #---------------------------------------------------------------------\n # idxparse.pl - Script to parse Java deployment cache *.idx files\n # Parse Java deployment cache index (*.idx) files\n" result: true start_time: '13:46:24.002429' file_|-sift-scripts-keydet-tools-shebang-jl.pl_|-/usr/local/bin/jl.pl_|-replace: __id__: sift-scripts-keydet-tools-shebang-jl.pl __run_num__: 341 changes: diff: "--- \n+++ \n@@ -1,4 +1,4 @@\n-#! c:\\perl\\bin\\perl.exe\n+#!/usr/bin/env perl\n #-----------------------------------------------------------\n # This is a simple script to demonstrate the use of the JumpList.pm\n # module; outputs in .csv and TLN output\n" comment: Changes were made duration: 3.324 name: /usr/local/bin/jl.pl pchanges: diff: "--- \n+++ \n@@ -1,4 +1,4 @@\n-#! c:\\perl\\bin\\perl.exe\n+#!/usr/bin/env perl\n #-----------------------------------------------------------\n # This is a simple script to demonstrate the use of the JumpList.pm\n # module; outputs in .csv and TLN output\n" result: true start_time: '13:46:24.026937' file_|-sift-scripts-keydet-tools-shebang-jobparse.pl_|-/usr/local/bin/jobparse.pl_|-replace: __id__: sift-scripts-keydet-tools-shebang-jobparse.pl __run_num__: 343 changes: diff: "--- \n+++ \n@@ -1,4 +1,4 @@\n-#! c:\\perl\\bin\\perl.exe\n+#!/usr/bin/env perl\n #------------------------------------------------------\n # jobparse.pl\n # Perl script to parse .job file metadata\n" comment: Changes were made duration: 3.631 name: /usr/local/bin/jobparse.pl pchanges: diff: "--- \n+++ \n@@ -1,4 +1,4 @@\n-#! c:\\perl\\bin\\perl.exe\n+#!/usr/bin/env perl\n #------------------------------------------------------\n # jobparse.pl\n # Perl script to parse .job file metadata\n" result: true start_time: '13:46:24.047506' file_|-sift-scripts-keydet-tools-shebang-lfle.pl_|-/usr/local/bin/lfle.pl_|-replace: __id__: sift-scripts-keydet-tools-shebang-lfle.pl __run_num__: 345 changes: diff: "--- \n+++ \n@@ -1,4 +1,4 @@\n-#! c:\\perl\\bin\\perl.exe\n+#!/usr/bin/env perl\n #-----------------------------------------------------------\n # lfle.pl - script to parse EVT records from unstructured data; can be\n # used to parse unallocated space, pagefile, memory, as well as\n" comment: Changes were made duration: 4.764 name: /usr/local/bin/lfle.pl pchanges: diff: "--- \n+++ \n@@ -1,4 +1,4 @@\n-#! c:\\perl\\bin\\perl.exe\n+#!/usr/bin/env perl\n #-----------------------------------------------------------\n # lfle.pl - script to parse EVT records from unstructured data; can be\n # used to parse unallocated space, pagefile, memory, as well as\n" result: true start_time: '13:46:24.063913' file_|-sift-scripts-keydet-tools-shebang-lnk.pl_|-/usr/local/bin/lnk.pl_|-replace: __id__: sift-scripts-keydet-tools-shebang-lnk.pl __run_num__: 347 changes: diff: "--- \n+++ \n@@ -1,4 +1,4 @@\n-#! c:\\perl\\bin\\perl.exe\n+#!/usr/bin/env perl\n #-----------------------------------------------------------\n # This is a simple script to demonstrate the use of the LNK.pm module.\n #\n" comment: Changes were made duration: 1.946 name: /usr/local/bin/lnk.pl pchanges: diff: "--- \n+++ \n@@ -1,4 +1,4 @@\n-#! c:\\perl\\bin\\perl.exe\n+#!/usr/bin/env perl\n #-----------------------------------------------------------\n # This is a simple script to demonstrate the use of the LNK.pm module.\n #\n" result: true start_time: '13:46:24.085256' file_|-sift-scripts-keydet-tools-shebang-mft.pl_|-/usr/local/bin/mft.pl_|-replace: __id__: sift-scripts-keydet-tools-shebang-mft.pl __run_num__: 349 changes: diff: "--- \n+++ \n@@ -1,4 +1,4 @@\n-#! c:\\perl\\bin\\perl.exe\n+#!/usr/bin/env perl\n #-----------------------------------------------------------\n # Simple $MFT parser \n # - detects ADSs (prints hex dump if they're resident), and\n" comment: Changes were made duration: 4.275 name: /usr/local/bin/mft.pl pchanges: diff: "--- \n+++ \n@@ -1,4 +1,4 @@\n-#! c:\\perl\\bin\\perl.exe\n+#!/usr/bin/env perl\n #-----------------------------------------------------------\n # Simple $MFT parser \n # - detects ADSs (prints hex dump if they're resident), and\n" result: true start_time: '13:46:24.098620' file_|-sift-scripts-keydet-tools-shebang-parse.pl_|-/usr/local/bin/parse.pl_|-replace: __id__: sift-scripts-keydet-tools-shebang-parse.pl __run_num__: 351 changes: diff: "--- \n+++ \n@@ -1,4 +1,4 @@\n-#! c:\\perl\\bin\\perl.exe\n+#!/usr/bin/env perl\n #-----------------------------------------------------------\n # parse.pl - parse an event file containing events in TLN (ie,\n # 5-field) format; output goes to STDOUT, can redirect to a \n" comment: Changes were made duration: 2.622 name: /usr/local/bin/parse.pl pchanges: diff: "--- \n+++ \n@@ -1,4 +1,4 @@\n-#! c:\\perl\\bin\\perl.exe\n+#!/usr/bin/env perl\n #-----------------------------------------------------------\n # parse.pl - parse an event file containing events in TLN (ie,\n # 5-field) format; output goes to STDOUT, can redirect to a \n" result: true start_time: '13:46:24.236959' file_|-sift-scripts-keydet-tools-shebang-parsei30.pl_|-/usr/local/bin/parsei30.pl_|-replace: __id__: sift-scripts-keydet-tools-shebang-parsei30.pl __run_num__: 353 changes: diff: "--- \n+++ \n@@ -1,4 +1,4 @@\n-#! c:\\perl\\bin\\perl.exe\n+#!/usr/bin/env perl\n #-----------------------------------------------------------\n # parsei30.pl\n # \n" comment: Changes were made duration: 2.633 name: /usr/local/bin/parsei30.pl pchanges: diff: "--- \n+++ \n@@ -1,4 +1,4 @@\n-#! c:\\perl\\bin\\perl.exe\n+#!/usr/bin/env perl\n #-----------------------------------------------------------\n # parsei30.pl\n # \n" result: true start_time: '13:46:24.250478' file_|-sift-scripts-keydet-tools-shebang-parseie.pl_|-/usr/local/bin/parseie.pl_|-replace: __id__: sift-scripts-keydet-tools-shebang-parseie.pl __run_num__: 355 changes: diff: "--- \n+++ \n@@ -1,4 +1,4 @@\n-#! c:\\perl\\bin\\perl.exe\n+#!/usr/bin/env perl\n #------------------------------------------------------------\n # parseie.pl - parse IE index.dat file, based on format spec found\n # in the references\n" comment: Changes were made duration: 3.529 name: /usr/local/bin/parseie.pl pchanges: diff: "--- \n+++ \n@@ -1,4 +1,4 @@\n-#! c:\\perl\\bin\\perl.exe\n+#!/usr/bin/env perl\n #------------------------------------------------------------\n # parseie.pl - parse IE index.dat file, based on format spec found\n # in the references\n" result: true start_time: '13:46:24.266793' file_|-sift-scripts-keydet-tools-shebang-pie.pl_|-/usr/local/bin/pie.pl_|-replace: __id__: sift-scripts-keydet-tools-shebang-pie.pl __run_num__: 357 changes: diff: "--- \n+++ \n@@ -1,4 +1,4 @@\n-#! c:\\perl\\bin\\perl.exe\n+#!/usr/bin/env perl\n #------------------------------------------------------------\n # pie.pl - stripped-down version of parseie.pl, used to parse\n # headers of index.dat file and provide an overview of what's \n" comment: Changes were made duration: 2.919 name: /usr/local/bin/pie.pl pchanges: diff: "--- \n+++ \n@@ -1,4 +1,4 @@\n-#! c:\\perl\\bin\\perl.exe\n+#!/usr/bin/env perl\n #------------------------------------------------------------\n # pie.pl - stripped-down version of parseie.pl, used to parse\n # headers of index.dat file and provide an overview of what's \n" result: true start_time: '13:46:24.289205' file_|-sift-scripts-keydet-tools-shebang-pref.pl_|-/usr/local/bin/pref.pl_|-replace: __id__: sift-scripts-keydet-tools-shebang-pref.pl __run_num__: 359 changes: diff: "--- \n+++ \n@@ -1,4 +1,4 @@\n-#! c:\\perl\\bin\\perl.exe\n+#!/usr/bin/env perl\n #------------------------------------------------------\n # pref.pl\n # Perl script to parse the contents of Windows application prefetch files\n" comment: Changes were made duration: 2.244 name: /usr/local/bin/pref.pl pchanges: diff: "--- \n+++ \n@@ -1,4 +1,4 @@\n-#! c:\\perl\\bin\\perl.exe\n+#!/usr/bin/env perl\n #------------------------------------------------------\n # pref.pl\n # Perl script to parse the contents of Windows application prefetch files\n" result: true start_time: '13:46:24.303597' file_|-sift-scripts-keydet-tools-shebang-rawie.pl_|-/usr/local/bin/rawie.pl_|-replace: __id__: sift-scripts-keydet-tools-shebang-rawie.pl __run_num__: 361 changes: diff: "--- \n+++ \n@@ -1,4 +1,4 @@\n-#! c:\\perl\\bin\\perl.exe\n+#!/usr/bin/env perl\n #-----------------------------------------------------------\n # rawie.pl\n # Read IE index.dat on a binary basis, locating URL and REDR\n" comment: Changes were made duration: 3.504 name: /usr/local/bin/rawie.pl pchanges: diff: "--- \n+++ \n@@ -1,4 +1,4 @@\n-#! c:\\perl\\bin\\perl.exe\n+#!/usr/bin/env perl\n #-----------------------------------------------------------\n # rawie.pl\n # Read IE index.dat on a binary basis, locating URL and REDR\n" result: true start_time: '13:46:24.316083' file_|-sift-scripts-keydet-tools-shebang-recbin.pl_|-/usr/local/bin/recbin.pl_|-replace: __id__: sift-scripts-keydet-tools-shebang-recbin.pl __run_num__: 363 changes: diff: "--- \n+++ \n@@ -1,4 +1,4 @@\n-#! c:\\perl\\bin\\perl.exe\n+#!/usr/bin/env perl\n #------------------------------------------------------\n # recbin.pl\n # Perl script to parse the contents of the INFO2 file from\n" comment: Changes were made duration: 3.482 name: /usr/local/bin/recbin.pl pchanges: diff: "--- \n+++ \n@@ -1,4 +1,4 @@\n-#! c:\\perl\\bin\\perl.exe\n+#!/usr/bin/env perl\n #------------------------------------------------------\n # recbin.pl\n # Perl script to parse the contents of the INFO2 file from\n" result: true start_time: '13:46:24.333340' file_|-sift-scripts-keydet-tools-shebang-regslack.pl_|-/usr/local/bin/regslack.pl_|-replace: __id__: sift-scripts-keydet-tools-shebang-regslack.pl __run_num__: 365 changes: diff: "--- \n+++ \n@@ -7,7 +7,7 @@\n # in partial fulfillment of the requirements\n # for the degree of Master of Science (IT security)\n \n-#!/usr/bin/perl\n+#!/usr/bin/env perl\n \n use strict;\n use warnings;\n" comment: Changes were made duration: 2.902 name: /usr/local/bin/regslack.pl pchanges: diff: "--- \n+++ \n@@ -7,7 +7,7 @@\n # in partial fulfillment of the requirements\n # for the degree of Master of Science (IT security)\n \n-#!/usr/bin/perl\n+#!/usr/bin/env perl\n \n use strict;\n use warnings;\n" result: true start_time: '13:46:24.348128' file_|-sift-scripts-keydet-tools-shebang-regtime.pl_|-/usr/local/bin/regtime.pl_|-replace: __id__: sift-scripts-keydet-tools-shebang-regtime.pl __run_num__: 367 changes: diff: "--- \n+++ \n@@ -1,4 +1,4 @@\n-#!c:\\perl\\bin\\perl.exe \n+#!/usr/bin/env perl\n #------------------------------------------------------------\n # RegTime - tool to traverse a hive file and output the key\n # LastWrites and names in TLN format\n" comment: Changes were made duration: 2.219 name: /usr/local/bin/regtime.pl pchanges: diff: "--- \n+++ \n@@ -1,4 +1,4 @@\n-#!c:\\perl\\bin\\perl.exe \n+#!/usr/bin/env perl\n #------------------------------------------------------------\n # RegTime - tool to traverse a hive file and output the key\n # LastWrites and names in TLN format\n" result: true start_time: '13:46:24.360892' file_|-sift-scripts-keydet-tools-shebang-rfc.pl_|-/usr/local/bin/rfc.pl_|-replace: __id__: sift-scripts-keydet-tools-shebang-rfc.pl __run_num__: 369 changes: diff: "--- \n+++ \n@@ -1,4 +1,4 @@\n-#! c:\\perl\\bin\\perl.exe\n+#!/usr/bin/env perl\n #-----------------------------------------------------------\n # tool to parse RecentFileCache.bcf files\n #\n" comment: Changes were made duration: 2.655 name: /usr/local/bin/rfc.pl pchanges: diff: "--- \n+++ \n@@ -1,4 +1,4 @@\n-#! c:\\perl\\bin\\perl.exe\n+#!/usr/bin/env perl\n #-----------------------------------------------------------\n # tool to parse RecentFileCache.bcf files\n #\n" result: true start_time: '13:46:24.377780' file_|-sift-scripts-keydet-tools-shebang-rlo.pl_|-/usr/local/bin/rlo.pl_|-replace: __id__: sift-scripts-keydet-tools-shebang-rlo.pl __run_num__: 371 changes: diff: "--- \n+++ \n@@ -1,4 +1,4 @@\n-#!c:\\perl\\bin\\perl.exe \n+#!/usr/bin/env perl\n #------------------------------------------------------------\n # rlo - tool to traverse a hive file, checking for the use of the\n # Unicode RLO control char in key/value names\n" comment: Changes were made duration: 2.249 name: /usr/local/bin/rlo.pl pchanges: diff: "--- \n+++ \n@@ -1,4 +1,4 @@\n-#!c:\\perl\\bin\\perl.exe \n+#!/usr/bin/env perl\n #------------------------------------------------------------\n # rlo - tool to traverse a hive file, checking for the use of the\n # Unicode RLO control char in key/value names\n" result: true start_time: '13:46:24.394948' file_|-sift-scripts-keydet-tools-shebang-tln.pl_|-/usr/local/bin/tln.pl_|-replace: __id__: sift-scripts-keydet-tools-shebang-tln.pl __run_num__: 373 changes: diff: "--- \n+++ \n@@ -1,4 +1,4 @@\n-#! c:\\perl\\bin\\perl.exe\n+#!/usr/bin/env perl\n #-----------------------------------------------------------\n # tln.pl\n # GUI code to manually generate timeline events, either to display or\n" comment: Changes were made duration: 3.808 name: /usr/local/bin/tln.pl pchanges: diff: "--- \n+++ \n@@ -1,4 +1,4 @@\n-#! c:\\perl\\bin\\perl.exe\n+#!/usr/bin/env perl\n #-----------------------------------------------------------\n # tln.pl\n # GUI code to manually generate timeline events, either to display or\n" result: true start_time: '13:46:24.410895' file_|-sift-scripts-keydet-tools-shebang-usnj.pl_|-/usr/local/bin/usnj.pl_|-replace: __id__: sift-scripts-keydet-tools-shebang-usnj.pl __run_num__: 375 changes: diff: "--- \n+++ \n@@ -1,4 +1,4 @@\n-#!C:\\perl\\bin\\perl.exe \n+#!/usr/bin/env perl\n #------------------------------------------------------------\n # usnj.pl\n # Parse NTFS UsrJrnl entries (v2 only...see Ref below)\n" comment: Changes were made duration: 3.644 name: /usr/local/bin/usnj.pl pchanges: diff: "--- \n+++ \n@@ -1,4 +1,4 @@\n-#!C:\\perl\\bin\\perl.exe \n+#!/usr/bin/env perl\n #------------------------------------------------------------\n # usnj.pl\n # Parse NTFS UsrJrnl entries (v2 only...see Ref below)\n" result: true start_time: '13:46:24.427620' file_|-sift-scripts-keydet-tools-tln.pl_|-/usr/local/bin/tln.pl_|-copy: __id__: sift-scripts-keydet-tools-tln.pl __run_num__: 372 changes: /usr/local/bin/tln.pl: /usr/local/src/keydet-tools/source/tln.pl comment: Copied "/usr/local/src/keydet-tools/source/tln.pl" to "/usr/local/bin/tln.pl" duration: 2.406 name: /usr/local/bin/tln.pl result: true start_time: '13:46:24.401682' file_|-sift-scripts-keydet-tools-usnj.pl_|-/usr/local/bin/usnj.pl_|-copy: __id__: sift-scripts-keydet-tools-usnj.pl __run_num__: 374 changes: /usr/local/bin/usnj.pl: /usr/local/src/keydet-tools/source/usnj.pl comment: Copied "/usr/local/src/keydet-tools/source/usnj.pl" to "/usr/local/bin/usnj.pl" duration: 1.781 name: /usr/local/bin/usnj.pl result: true start_time: '13:46:24.419454' file_|-sift-scripts-packerid-shebang_|-/usr/local/bin/packerid.py_|-replace: __id__: sift-scripts-packerid-shebang __run_num__: 377 changes: diff: "--- \n+++ \n@@ -1,4 +1,4 @@\n-#!/usr/local/bin/python\n+#!/usr/bin/env python\n #\n # Author: Jim Clausing\n # Date: 2009-05-15\n" comment: Changes were made duration: 2.964 name: /usr/local/bin/packerid.py pchanges: diff: "--- \n+++ \n@@ -1,4 +1,4 @@\n-#!/usr/local/bin/python\n+#!/usr/bin/env python\n #\n # Author: Jim Clausing\n # Date: 2009-05-15\n" result: true start_time: '13:46:25.117068' file_|-sift-scripts-packerid_|-/usr/local/bin/packerid.py_|-managed: __id__: sift-scripts-packerid __run_num__: 376 changes: diff: New file mode: '0755' comment: File /usr/local/bin/packerid.py updated duration: 262.979 name: /usr/local/bin/packerid.py pchanges: {} result: true start_time: '13:46:24.434175' file_|-sift-scripts-parseusn_|-/usr/local/bin/parseusn.py_|-managed: __id__: sift-scripts-parseusn __run_num__: 379 changes: diff: New file mode: '0755' comment: File /usr/local/bin/parseusn.py updated duration: 247.42 name: /usr/local/bin/parseusn.py pchanges: {} result: true start_time: '13:46:25.210143' file_|-sift-scripts-pecarve-shebang_|-/usr/local/bin/pecarve.py_|-prepend: __id__: sift-scripts-pecarve-shebang __run_num__: 382 changes: diff: "--- \n+++ \n@@ -1,3 +1,4 @@\n+#!/usr/bin/env python\n # PE File Carver\n # by Brian Baskin (@bbaskin)\n # \n" comment: Prepended 1 lines duration: 3.198 name: /usr/local/bin/pecarve.py pchanges: {} result: true start_time: '13:46:26.233101' file_|-sift-scripts-pecarve_|-/usr/local/bin/pecarve.py_|-managed: __id__: sift-scripts-pecarve __run_num__: 381 changes: diff: New file mode: '0755' comment: File /usr/local/bin/pecarve.py updated duration: 241.195 name: /usr/local/bin/pecarve.py pchanges: {} result: true start_time: '13:46:25.555550' file_|-sift-scripts-pescanner_|-/usr/local/bin/pescanner.py_|-managed: __id__: sift-scripts-pescanner __run_num__: 383 changes: diff: New file mode: '0755' comment: File /usr/local/bin/pescanner.py updated duration: 258.415 name: /usr/local/bin/pescanner.py pchanges: {} result: true start_time: '13:46:26.239710' file_|-sift-scripts-regripper-binary-symlink_|-/usr/local/bin/rip.pl_|-symlink: __id__: sift-scripts-regripper-binary-symlink __run_num__: 388 changes: new: /usr/local/bin/rip.pl comment: Created new symlink /usr/local/bin/rip.pl -> /usr/local/share/regripper/rip.pl duration: 32.427 name: /usr/local/bin/rip.pl pchanges: new: /usr/local/bin/rip.pl result: true start_time: '13:46:29.294812' file_|-sift-scripts-regripper-binary_|-/usr/local/share/regripper/rip.pl_|-managed: __id__: sift-scripts-regripper-binary __run_num__: 386 changes: diff: New file mode: '0755' comment: File /usr/local/share/regripper/rip.pl updated duration: 4.829 name: /usr/local/share/regripper/rip.pl pchanges: {} result: true start_time: '13:46:29.274902' file_|-sift-scripts-regripper-directory_|-/usr/local/share/regripper_|-directory: __id__: sift-scripts-regripper-directory __run_num__: 385 changes: /usr/local/share/regripper: New Dir comment: Directory /usr/local/share/regripper updated duration: 3.073 name: /usr/local/share/regripper pchanges: /usr/local/share/regripper: directory: new result: true start_time: '13:46:29.267992' file_|-sift-scripts-regripper-plugins-symlink_|-/usr/local/share/regripper/plugins_|-symlink: __id__: sift-scripts-regripper-plugins-symlink __run_num__: 387 changes: new: /usr/local/share/regripper/plugins comment: Created new symlink /usr/local/share/regripper/plugins -> /usr/local/src/regripper/plugins duration: 6.398 name: /usr/local/share/regripper/plugins pchanges: new: /usr/local/share/regripper/plugins result: true start_time: '13:46:29.285497' file_|-sift-scripts-shim-cache-parser-shebang_|-/usr/local/bin/ShimCacheParser.py_|-prepend: __id__: sift-scripts-shim-cache-parser-shebang __run_num__: 404 changes: diff: "--- \n+++ \n@@ -1,3 +1,4 @@\n+#!/usr/bin/env python\n # ShimCacheParser.py\r\n #\r\n # Andrew Davis, andrew.davis@mandiant.com\r\n" comment: Prepended 1 lines duration: 4.148 name: /usr/local/bin/ShimCacheParser.py pchanges: {} result: true start_time: '13:46:30.528607' file_|-sift-scripts-shim-cache-parser_|-/usr/local/bin/ShimCacheParser.py_|-managed: __id__: sift-scripts-shim-cache-parser __run_num__: 403 changes: diff: New file mode: '0755' comment: File /usr/local/bin/ShimCacheParser.py updated duration: 272.613 name: /usr/local/bin/ShimCacheParser.py pchanges: {} result: true start_time: '13:46:29.822607' file_|-sift-scripts-sqlparser-shebang_|-/usr/local/bin/sqlparser.py_|-prepend: __id__: sift-scripts-sqlparser-shebang __run_num__: 414 changes: diff: "--- \n+++ \n@@ -1,3 +1,4 @@\n+#!/usr/bin/env python\n #sqlparse.py\n #\n #This program parses an SQLite3 database for deleted entires and\n" comment: Prepended 1 lines duration: 3.212 name: /usr/local/bin/sqlparser.py pchanges: {} result: true start_time: '13:46:32.596323' file_|-sift-scripts-sqlparser_|-/usr/local/bin/sqlparser.py_|-managed: __id__: sift-scripts-sqlparser __run_num__: 413 changes: diff: New file mode: '0755' comment: File /usr/local/bin/sqlparser.py updated duration: 1033.878 name: /usr/local/bin/sqlparser.py pchanges: {} result: true start_time: '13:46:31.099682' file_|-sift-scripts-usbdeviceforensics-shebang_|-/usr/local/bin/usbdeviceforensics.py_|-replace: __id__: sift-scripts-usbdeviceforensics-shebang __run_num__: 416 changes: diff: "--- \n+++ \n@@ -1,4 +1,4 @@\n-#!/usr/bin/python\n+#!/usr/bin/env python\n \n # This file is part of usbdeviceforensics. usbdeviceforensics is a python console based port of woanware's\n # UsbDeviceForensics .Net WinForms GUI application.\n" comment: Changes were made duration: 4.751 name: /usr/local/bin/usbdeviceforensics.py pchanges: diff: "--- \n+++ \n@@ -1,4 +1,4 @@\n-#!/usr/bin/python\n+#!/usr/bin/env python\n \n # This file is part of usbdeviceforensics. usbdeviceforensics is a python console based port of woanware's\n # UsbDeviceForensics .Net WinForms GUI application.\n" result: true start_time: '13:46:33.296904' file_|-sift-scripts-usbdeviceforensics_|-/usr/local/bin/usbdeviceforensics.py_|-managed: __id__: sift-scripts-usbdeviceforensics __run_num__: 415 changes: diff: New file mode: '0755' comment: File /usr/local/bin/usbdeviceforensics.py updated duration: 257.915 name: /usr/local/bin/usbdeviceforensics.py pchanges: {} result: true start_time: '13:46:32.599768' file_|-sift-scripts-virustotal-search-script_|-/usr/local/bin/virustotal-search.py_|-managed: __id__: sift-scripts-virustotal-search-script __run_num__: 418 changes: diff: New file mode: '0755' comment: File /usr/local/bin/virustotal-search.py updated duration: 25.772 name: /usr/local/bin/virustotal-search.py pchanges: {} result: true start_time: '13:46:34.176412' file_|-sift-scripts-virustotal-submit-script_|-/usr/local/bin/virustotal-submit.py_|-managed: __id__: sift-scripts-virustotal-submit-script __run_num__: 420 changes: diff: New file mode: '0755' comment: File /usr/local/bin/virustotal-submit.py updated duration: 32.969 name: /usr/local/bin/virustotal-submit.py pchanges: {} result: true start_time: '13:46:35.320207' file_|-sift-scripts-vshot_|-/usr/local/bin/vshot_|-managed: __id__: sift-scripts-vshot __run_num__: 421 changes: diff: New file mode: '0755' comment: File /usr/local/bin/vshot updated duration: 227.155 name: /usr/local/bin/vshot pchanges: {} result: true start_time: '13:46:35.359261' file_|-sift-tool-densityscout-binary_|-/usr/local/bin/densityscout-build-45_|-copy: __id__: sift-tool-densityscout-binary __run_num__: 269 changes: /usr/local/bin/densityscout-build-45: /usr/local/src/densityscout/densityscout_build_45_linux/lin64/densityscout mode: '0755' comment: Copied "/usr/local/src/densityscout/densityscout_build_45_linux/lin64/densityscout" to "/usr/local/bin/densityscout-build-45" duration: 1.856 name: /usr/local/bin/densityscout-build-45 result: true start_time: '13:44:04.605139' file_|-sift-tool-densityscout-link_|-/usr/local/bin/densityscout_|-symlink: __id__: sift-tool-densityscout-link __run_num__: 270 changes: new: /usr/local/bin/densityscout comment: Created new symlink /usr/local/bin/densityscout -> /usr/local/bin/densityscout-build-45 duration: 35.369 name: /usr/local/bin/densityscout pchanges: new: /usr/local/bin/densityscout result: true start_time: '13:44:04.610581' file_|-sift-tool-sift-cli_|-/usr/local/bin/sift_|-managed: __id__: sift-tool-sift-cli __run_num__: 271 changes: {} comment: File /usr/local/bin/sift is in the correct state duration: 130081.495 name: /usr/local/bin/sift pchanges: {} result: true start_time: '13:44:04.647960' file_|-sift-version-file_|-/etc/sift-version_|-managed: __run_num__: 498 __sls__: sift.vm changes: {} comment: 'One or more requisite failed: sift.python-packages.sift-python-packages, sift.packages.sift-packages' result: false file_|-symlinks-cases_|-/home/sansforensics/Desktop/cases_|-symlink: __id__: symlinks-cases __run_num__: 436 changes: new: /home/sansforensics/Desktop/cases comment: Created new symlink /home/sansforensics/Desktop/cases -> /cases duration: 2.924 name: /home/sansforensics/Desktop/cases pchanges: new: /home/sansforensics/Desktop/cases result: true start_time: '13:46:36.204919' file_|-symlinks-mount-points_|-/home/sansforensics/Desktop/mount_points_|-symlink: __id__: symlinks-mount-points __run_num__: 435 changes: new: /home/sansforensics/Desktop/mount_points comment: Created new symlink /home/sansforensics/Desktop/mount_points -> /mnt duration: 8.925 name: /home/sansforensics/Desktop/mount_points pchanges: new: /home/sansforensics/Desktop/mount_points result: true start_time: '13:46:36.187716' file_|-symlinks-user-desktop-directory_|-/home/sansforensics/Desktop_|-directory: __id__: symlinks-user-desktop-directory __run_num__: 434 changes: {} comment: Directory /home/sansforensics/Desktop is in the correct state duration: 9.975 name: /home/sansforensics/Desktop pchanges: {} result: true start_time: '13:46:36.170582' file_|-theme-manage-autostart_|-/home/sansforensics/.config/autostart/_|-directory: __id__: theme-manage-autostart __run_num__: 441 changes: {} comment: Directory /home/sansforensics/.config/autostart is in the correct state duration: 0.529 name: /home/sansforensics/.config/autostart/ pchanges: {} result: true start_time: '13:46:36.243388' file_|-theme-manage-gnome-terminal_|-/home/sansforensics/.config/autostart/gnome-terminal.desktop_|-managed: __id__: theme-manage-gnome-terminal __run_num__: 442 changes: diff: New file mode: '0644' comment: File /home/sansforensics/.config/autostart/gnome-terminal.desktop updated duration: 3.313 name: /home/sansforensics/.config/autostart/gnome-terminal.desktop pchanges: {} result: true start_time: '13:46:36.248675' file_|-theme-set-background-directory_|-/usr/share/backgrounds_|-directory: __id__: theme-set-background-directory __run_num__: 437 changes: {} comment: Directory /usr/share/backgrounds is in the correct state duration: 1.161 name: /usr/share/backgrounds pchanges: {} result: true start_time: '13:46:36.208158' file_|-theme-set-background_|-/usr/share/backgrounds/warty-final-ubuntu.png_|-managed: __id__: theme-set-background __run_num__: 438 changes: diff: Replace binary file comment: File /usr/share/backgrounds/warty-final-ubuntu.png updated duration: 18.922 name: /usr/share/backgrounds/warty-final-ubuntu.png pchanges: {} result: true start_time: '13:46:36.214739' file_|-theme-set-unity-logo-directory_|-/usr/share/unity-greeter_|-directory: __id__: theme-set-unity-logo-directory __run_num__: 439 changes: {} comment: Directory /usr/share/unity-greeter is in the correct state duration: 1.044 name: /usr/share/unity-greeter pchanges: {} result: true start_time: '13:46:36.233911' file_|-theme-set-unity-logo_|-/usr/share/unity-greeter/logo.png_|-managed: __id__: theme-set-unity-logo __run_num__: 440 changes: diff: Replace binary file comment: File /usr/share/unity-greeter/logo.png updated duration: 2.932 name: /usr/share/unity-greeter/logo.png pchanges: {} result: true start_time: '13:46:36.240315' git_|-python-volatility-community-plugins_|-https://github.com/volatilityfoundation/community.git_|-latest: __id__: python-volatility-community-plugins __run_num__: 174 changes: new: https://github.com/volatilityfoundation/community.git => /usr/lib/python2.7/dist-packages/volatility/plugins/community revision: new: acc431996b068ebbad79e19b730ddbf3b14d6221 old: null comment: https://github.com/volatilityfoundation/community.git cloned to /usr/lib/python2.7/dist-packages/volatility/plugins/community duration: 3438.644 name: https://github.com/volatilityfoundation/community.git result: true start_time: '13:34:14.126926' git_|-sift-scripts-4n6-git_|-https://github.com/cheeky4n6monkey/4n6-scripts.git_|-latest: __id__: sift-scripts-4n6-git __run_num__: 273 changes: new: https://github.com/cheeky4n6monkey/4n6-scripts.git => /usr/local/src/4n6-scripts revision: new: 16b1f33831d979ba7c57bc229e997c0ac760603c old: null comment: https://github.com/cheeky4n6monkey/4n6-scripts.git cloned to /usr/local/src/4n6-scripts duration: 2433.194 name: https://github.com/cheeky4n6monkey/4n6-scripts.git result: true start_time: '13:46:14.747032' git_|-sift-scripts-keydet-tools-git_|-https://github.com/keydet89/Tools.git_|-latest: __id__: sift-scripts-keydet-tools-git __run_num__: 319 changes: new: https://github.com/keydet89/Tools.git => /usr/local/src/keydet-tools revision: new: 031d06d13189fdb8bd24b75585951b1b5b33aa56 old: null comment: https://github.com/keydet89/Tools.git cloned to /usr/local/src/keydet-tools duration: 3593.385 name: https://github.com/keydet89/Tools.git result: true start_time: '13:46:19.836829' git_|-sift-scripts-regripper-git_|-https://github.com/keydet89/RegRipper2.8.git_|-latest: __id__: sift-scripts-regripper-git __run_num__: 384 changes: new: https://github.com/keydet89/RegRipper2.8.git => /usr/local/src/regripper revision: new: c8f7c46ab7f44ebeefe1faccc293e449bb2ebffe old: null comment: https://github.com/keydet89/RegRipper2.8.git cloned to /usr/local/src/regripper duration: 2760.639 name: https://github.com/keydet89/RegRipper2.8.git result: true start_time: '13:46:26.503783' host_|-hostname-set-hosts_|-siftworkstation_|-present: __id__: hostname-set-hosts __run_num__: 425 changes: host: siftworkstation comment: Added host siftworkstation (127.0.0.1) duration: 3.401 name: siftworkstation result: true start_time: '13:46:35.763101' pip_|-analyzemft_|-analyzemft_|-installed: __id__: analyzemft __run_num__: 247 changes: analyzeMFT==2.0.19: Installed comment: All packages were successfully installed duration: 3858.169 name: analyzemft result: true start_time: '13:41:09.413722' pip_|-argparse_|-argparse_|-installed: __id__: argparse __run_num__: 248 changes: {} comment: There was no error installing package 'argparse' although it does not show when calling 'pip.freeze'. duration: 3306.65 name: argparse result: true start_time: '13:41:13.274914' pip_|-bitstring_|-bitstring_|-installed: __id__: bitstring __run_num__: 249 changes: bitstring==3.1.5: Installed comment: All packages were successfully installed duration: 3987.228 name: bitstring result: true start_time: '13:41:16.583734' pip_|-colorama_|-colorama_|-installed: __id__: colorama __run_num__: 161 changes: colorama==0.3.9: Installed comment: All packages were successfully installed duration: 4508.782 name: colorama result: true start_time: '13:32:43.563443' pip_|-construct_|-construct_|-installed: __id__: construct __run_num__: 162 changes: {} comment: 'Python package construct was already installed All packages were successfully installed' duration: 2767.054 name: construct result: true start_time: '13:32:48.077722' pip_|-distorm3_|-distorm3_|-installed: __id__: distorm3 __run_num__: 164 changes: distorm3==3.3.4: Installed comment: All packages were successfully installed duration: 6018.819 name: distorm3 result: true start_time: '13:33:06.661024' pip_|-docopt_|-docopt_|-installed: __id__: docopt __run_num__: 250 changes: docopt==0.6.2: Installed comment: All packages were successfully installed duration: 8909.857 name: docopt result: true start_time: '13:41:20.571187' pip_|-dpapick_|-dpapick_|-installed: __id__: dpapick __run_num__: 163 changes: dpapick==0.3: Installed comment: All packages were successfully installed duration: 15806.623 name: dpapick result: true start_time: '13:32:50.850871' pip_|-haystack_|-haystack_|-installed: __id__: haystack __run_num__: 165 changes: haystack==0.42: Installed comment: All packages were successfully installed duration: 8042.368 name: haystack result: true start_time: '13:33:12.682485' pip_|-ioc_writer_|-ioc_writer_|-installed: __id__: ioc_writer __run_num__: 167 changes: ioc-writer==0.3.3: Installed comment: All packages were successfully installed duration: 5382.338 name: ioc_writer result: true start_time: '13:33:27.125866' pip_|-lxml_|-lxml_|-installed: __id__: lxml __run_num__: 166 changes: lxml==3.8.0: Installed comment: All packages were successfully installed duration: 6383.399 name: lxml result: true start_time: '13:33:20.731283' pip_|-pefile_|-pefile_|-installed: __id__: pefile __run_num__: 168 changes: {} comment: 'Python package pefile was already installed All packages were successfully installed' duration: 2605.38 name: pefile result: true start_time: '13:33:32.513355' pip_|-pip_|-pip_|-installed: __id__: pip __run_num__: 251 changes: pip==9.0.1: Installed comment: All packages were successfully installed duration: 4501.353 name: pip result: true start_time: '13:41:29.483390' pip_|-pycoin_|-pycoin_|-installed: __id__: pycoin __run_num__: 169 changes: pycoin==0.77: Installed comment: All packages were successfully installed duration: 5097.941 name: pycoin result: true start_time: '13:33:35.122199' pip_|-pysocks_|-pysocks_|-installed: __id__: pysocks __run_num__: 170 changes: PySocks==1.6.7: Installed comment: All packages were successfully installed duration: 4986.141 name: pysocks result: true start_time: '13:33:40.223380' pip_|-python-dateutil_|-python-dateutil >= 2.4.2_|-installed: __id__: python-dateutil __run_num__: 252 changes: {} comment: 'Python package python-dateutil >= 2.4.2 was already installed All packages were successfully installed' duration: 1153.9 name: python-dateutil >= 2.4.2 result: true start_time: '13:41:33.986899' pip_|-python-evtx_|-python-evtx_|-installed: __id__: python-evtx __run_num__: 253 changes: python-evtx==0.6.0: Installed comment: All packages were successfully installed duration: 3921.974 name: python-evtx result: true start_time: '13:41:35.142923' pip_|-python-magic_|-python-magic_|-installed: __id__: python-magic __run_num__: 254 changes: python-magic==0.4.13: Installed comment: All packages were successfully installed duration: 2180.36 name: python-magic result: true start_time: '13:41:39.067123' pip_|-python-registry_|-python-registry_|-installed: __id__: python-registry __run_num__: 255 changes: {} comment: 'Python package python-registry was already installed All packages were successfully installed' duration: 1196.549 name: python-registry result: true start_time: '13:41:41.250260' pip_|-rekall_|-rekall_|-installed: __id__: rekall __run_num__: 259 changes: {} comment: 'Python package rekall was already installed All packages were successfully installed' duration: 894.73 name: rekall result: true start_time: '13:43:39.565534' pip_|-setuptools_|-setuptools_|-installed: __id__: setuptools __run_num__: 256 changes: setuptools==36.0.1: Installed comment: All packages were successfully installed duration: 2758.231 name: setuptools result: true start_time: '13:41:42.449046' pip_|-simplejson_|-simplejson_|-installed: __id__: simplejson __run_num__: 171 changes: simplejson==3.11.1: Installed comment: All packages were successfully installed duration: 6006.609 name: simplejson result: true start_time: '13:33:45.212749' pip_|-six_|-six_|-installed: __id__: six __run_num__: 260 changes: {} comment: 'Python package six was already installed All packages were successfully installed' duration: 2097.032 name: six result: true start_time: '13:43:40.462392' pip_|-stix-validator_|-stix-validator_|-installed: __id__: stix-validator __run_num__: 262 changes: stix-validator==2.5.0: Installed comment: All packages were successfully installed duration: 5799.693 name: stix-validator result: true start_time: '13:43:47.447256' pip_|-stix_|-stix_|-installed: __id__: stix __run_num__: 261 changes: stix==1.2.0.4: Installed comment: All packages were successfully installed duration: 4879.923 name: stix result: true start_time: '13:43:42.563652' pip_|-timesketch_|-timesketch_|-installed: __run_num__: 263 __sls__: sift.python-packages.timesketch changes: {} comment: 'One or more requisite failed: sift.packages.libffi-dev.libffi-dev' result: false pip_|-unicodecsv_|-unicodecsv_|-installed: __id__: unicodecsv __run_num__: 264 changes: unicodecsv==0.14.1: Installed comment: All packages were successfully installed duration: 2777.455 name: unicodecsv result: true start_time: '13:43:53.253661' pip_|-usnparser_|-usnparser_|-installed: __id__: usnparser __run_num__: 265 changes: usnparser==4.0.3: Installed comment: All packages were successfully installed duration: 2894.21 name: usnparser result: true start_time: '13:43:56.033761' pip_|-wheel_|-wheel_|-installed: __id__: wheel __run_num__: 257 changes: {} comment: All packages were successfully installed duration: 2036.003 name: wheel result: true start_time: '13:41:45.209352' pip_|-windowsprefetch_|-windowsprefetch_|-installed: __id__: windowsprefetch __run_num__: 266 changes: windowsprefetch==3.0.5: Installed comment: All packages were successfully installed duration: 3025.542 name: windowsprefetch result: true start_time: '13:43:58.930139' pip_|-yara-python_|-yara-python_|-installed: __id__: yara-python __run_num__: 172 changes: yara-python==3.6.3: Installed comment: All packages were successfully installed duration: 14020.891 name: yara-python result: true start_time: '13:33:51.222760' pkg_|-aeskeyfind_|-aeskeyfind_|-installed: __id__: aeskeyfind __run_num__: 15 changes: aeskeyfind: new: 1:1.0-3 old: '' comment: 'The following packages were installed/updated: aeskeyfind' duration: 3984.328 name: aeskeyfind result: true start_time: '13:15:23.202167' pkg_|-afflib-tools_|-afflib-tools_|-installed: __id__: afflib-tools __run_num__: 16 changes: afflib-tools: new: 3.7.7-3 old: '' libafflib0v5: new: 3.7.7-3 old: '' comment: 'The following packages were installed/updated: afflib-tools' duration: 5056.554 name: afflib-tools result: true start_time: '13:15:27.192368' pkg_|-afterglow_|-afterglow_|-installed: __id__: afterglow __run_num__: 17 changes: afterglow: new: 1.6.4-trusy1 old: '' comment: 'The following packages were installed/updated: afterglow' duration: 3900.496 name: afterglow result: true start_time: '13:15:32.254554' pkg_|-aircrack-ng_|-aircrack-ng_|-installed: __id__: aircrack-ng __run_num__: 18 changes: aircrack-ng: new: 1:1.2-0~beta3-4 old: '' ieee-data: new: '20150531.1' old: '' comment: 'The following packages were installed/updated: aircrack-ng' duration: 7313.956 name: aircrack-ng result: true start_time: '13:15:36.160881' pkg_|-apache2_|-apache2_|-installed: __id__: apache2 __run_num__: 19 changes: apache2: new: 2.4.18-2ubuntu3.3 old: '' apache2-api-20120211: new: '1' old: '' apache2-bin: new: 2.4.18-2ubuntu3.3 old: '' apache2-data: new: 2.4.18-2ubuntu3.3 old: '' apache2-utils: new: 2.4.18-2ubuntu3.3 old: '' httpd: new: '1' old: '' httpd-cgi: new: '1' old: '' libapr1: new: 1.5.2-3 old: '' libaprutil1: new: 1.5.4-1build1 old: '' libaprutil1-dbd-sqlite3: new: 1.5.4-1build1 old: '' libaprutil1-ldap: new: 1.5.4-1build1 old: '' liblua5.1-0: new: 5.1.5-8ubuntu1 old: '' comment: 'The following packages were installed/updated: apache2' duration: 11466.957 name: apache2 result: true start_time: '13:15:43.481430' pkg_|-apt-transport-https_|-apt-transport-https_|-installed: __id__: apt-transport-https __run_num__: 1 changes: {} comment: Package apt-transport-https is already installed duration: 323.643 name: apt-transport-https result: true start_time: '13:13:51.427574' pkg_|-arp-scan_|-arp-scan_|-installed: __id__: arp-scan __run_num__: 20 changes: arp-scan: new: 1.8.1-2ubuntu1 old: '' comment: 'The following packages were installed/updated: arp-scan' duration: 4725.449 name: arp-scan result: true start_time: '13:15:54.954016' pkg_|-autopsy_|-autopsy_|-installed: __id__: autopsy __run_num__: 21 changes: autopsy: new: 2.24-1.1 old: '' libbfio1: new: 20160108-1 old: '' libewf2: new: 20140608-6 old: '' libtsk: new: 4.2.0-13sift1~xenial old: '' sleuthkit: new: 4.2.0-13sift1~xenial old: '' comment: 'The following packages were installed/updated: autopsy' duration: 15528.049 name: autopsy result: true start_time: '13:15:59.685018' pkg_|-bcrypt_|-bcrypt_|-installed: __id__: bcrypt __run_num__: 22 changes: bcrypt: new: 1.1-8.1 old: '' comment: 'The following packages were installed/updated: bcrypt' duration: 4535.41 name: bcrypt result: true start_time: '13:16:15.218642' pkg_|-binplist_|-binplist_|-removed: __id__: binplist __run_num__: 13 changes: {} comment: All specified packages are already absent duration: 10.34 name: binplist result: true start_time: '13:15:20.064673' pkg_|-bitpim-lib_|-bitpim-lib_|-installed: __id__: bitpim-lib __run_num__: 24 changes: {} comment: Package bitpim-lib is already installed duration: 257.237 name: bitpim-lib result: true start_time: '13:16:52.691624' pkg_|-bitpim_|-bitpim_|-installed: __id__: bitpim __run_num__: 23 changes: bitpim: new: 1.0.7+sift5~xenial old: '' bitpim-lib: new: 1.0.7+sift5~xenial old: '' libwxbase3.0-0v5: new: 3.0.2+dfsg-1.3ubuntu0.1 old: '' libwxgtk3.0-0v5: new: 3.0.2+dfsg-1.3ubuntu0.1 old: '' python-apsw: new: 3.8.11.1-r1-1build1 old: '' python-dsv: new: 1.4.1-3 old: '' python-ecdsa: new: 0.13-2 old: '' python-paramiko: new: 1.16.0-1 old: '' python-serial: new: 3.0.1-1 old: '' python-wxgtk3.0: new: 3.0.2.0+dfsg-1build1 old: '' python-wxversion: new: 3.0.2.0+dfsg-1build1 old: '' python2.7-dsv: new: '1' old: '' python2.7-paramiko: new: '1' old: '' python2.7-wxgtk3.0: new: '1' old: '' comment: 'The following packages were installed/updated: bitpim' duration: 32926.727 name: bitpim result: true start_time: '13:16:19.759213' pkg_|-bkhive_|-bkhive_|-installed: __id__: bkhive __run_num__: 25 changes: bkhive: new: 3.0.0-3 old: '' samdump2: new: 3.0.0-3 old: '' comment: 'The following packages were installed/updated: bkhive' duration: 4203.45 name: bkhive result: true start_time: '13:16:52.949031' pkg_|-bless_|-bless_|-installed: __id__: bless __run_num__: 26 changes: binfmt-support: new: 2.1.6-1 old: '' bless: new: 0.6.0-51sift1~trusty old: '' ca-certificates-mono: new: 4.2.1.102+dfsg2-7ubuntu4 old: '' cli-common: new: 0.9+nmu1 old: '' cli-runtime: new: '1' old: '' cli-virtual-machine: new: '1' old: '' docbk-xml: new: '1' old: '' docbook-xml: new: 4.5-7.3 old: '' global-assembly-cache-tool: new: '1' old: '' libgdiplus: new: 4.2-1ubuntu1 old: '' libgif7: new: 5.1.4-0.3~16.04 old: '' libglade2-0: new: 1:2.6.4-2 old: '' libglade2.0-cil: new: 2.12.10-6 old: '' libglib2.0-cil: new: 2.12.10-6 old: '' libgtk2.0-cil: new: 2.12.10-6 old: '' libmono-cairo4.0-cil: new: 4.2.1.102+dfsg2-7ubuntu4 old: '' libmono-corlib4.5-cil: new: 4.2.1.102+dfsg2-7ubuntu4 old: '' libmono-i18n-west4.0-cil: new: 4.2.1.102+dfsg2-7ubuntu4 old: '' libmono-i18n4.0-cil: new: 4.2.1.102+dfsg2-7ubuntu4 old: '' libmono-posix4.0-cil: new: 4.2.1.102+dfsg2-7ubuntu4 old: '' libmono-security4.0-cil: new: 4.2.1.102+dfsg2-7ubuntu4 old: '' libmono-system-configuration4.0-cil: new: 4.2.1.102+dfsg2-7ubuntu4 old: '' libmono-system-drawing4.0-cil: new: 4.2.1.102+dfsg2-7ubuntu4 old: '' libmono-system-security4.0-cil: new: 4.2.1.102+dfsg2-7ubuntu4 old: '' libmono-system-xml4.0-cil: new: 4.2.1.102+dfsg2-7ubuntu4 old: '' libmono-system4.0-cil: new: 4.2.1.102+dfsg2-7ubuntu4 old: '' librarian0: new: 0.8.1-6 old: '' mono-4.0-gac: new: 4.2.1.102+dfsg2-7ubuntu4 old: '' mono-gac: new: 4.2.1.102+dfsg2-7ubuntu4 old: '' mono-runtime: new: 4.2.1.102+dfsg2-7ubuntu4 old: '' mono-runtime-common: new: 4.2.1.102+dfsg2-7ubuntu4 old: '' mono-runtime-sgen: new: 4.2.1.102+dfsg2-7ubuntu4 old: '' rarian-compat: new: 0.8.1-6 old: '' scrollkeeper: new: '1' old: '' sgml-data: new: 2.0.10 old: '' comment: 'The following packages were installed/updated: bless' duration: 33996.359 name: bless result: true start_time: '13:16:57.158174' pkg_|-blt_|-blt_|-installed: __id__: blt __run_num__: 27 changes: blt: new: 2.5.3+dfsg-3 old: '' tk8.6-blt2.5: new: 2.5.3+dfsg-3 old: '' comment: 'The following packages were installed/updated: blt' duration: 5392.71 name: blt result: true start_time: '13:17:31.160235' pkg_|-build-essential_|-build-essential_|-installed: __id__: build-essential __run_num__: 28 changes: {} comment: Package build-essential is already installed duration: 259.305 name: build-essential result: true start_time: '13:17:36.558376' pkg_|-bulk-extractor_|-bulk-extractor_|-installed: __id__: bulk-extractor __run_num__: 29 changes: bulk-extractor: new: 1.5.5-trusty2 old: '' ca-certificates-java: new: '20160321' old: '' flex: new: 2.6.0-11 old: '' fonts-dejavu-extra: new: 2.35-1 old: '' java-common: new: 0.56ubuntu2 old: '' libatk-wrapper-java: new: 0.33.3-6 old: '' libatk-wrapper-java-jni: new: 0.33.3-6 old: '' libbfio-dev: new: 20160108-1 old: '' libbonobo2-0: new: 2.32.1-3 old: '' libbonobo2-common: new: 2.32.1-3 old: '' libewf-dev: new: 20140608-6 old: '' libfl-dev: new: 2.6.0-11 old: '' libgnome-2-0: new: 2.32.1-5ubuntu1 old: '' libgnome2-common: new: 2.32.1-5ubuntu1 old: '' libgnomevfs2-0: new: 1:2.24.4-6.1ubuntu1 old: '' libgnomevfs2-common: new: 1:2.24.4-6.1ubuntu1 old: '' libice-dev: new: 2:1.0.9-1 old: '' liblightgrep: new: 1.2.1-trusty1 old: '' liborbit-2-0: new: 1:2.14.19-1build1 old: '' libpthread-stubs0-dev: new: 0.3-4 old: '' libsctp1: new: 1.0.16+dfsg-3 old: '' libsigsegv2: new: 2.10-4 old: '' libsm-dev: new: 2:1.2.2-1 old: '' libssl-dev: new: 1.0.2g-1ubuntu4.8 old: '' libssl-doc: new: 1.0.2g-1ubuntu4.8 old: '' libx11-dev: new: 2:1.6.3-1ubuntu2 old: '' libx11-doc: new: 2:1.6.3-1ubuntu2 old: '' libxau-dev: new: 1:1.0.8-1 old: '' libxcb1-dev: new: 1.11.1-1ubuntu1 old: '' libxdmcp-dev: new: 1:1.1.2-1.1 old: '' libxt-dev: new: 1:1.1.5-0ubuntu1 old: '' libz-dev: new: '1' old: '' m4: new: 1.4.17-5 old: '' openjdk-7-jdk: new: 7u95-2.6.4-3 old: '' openjdk-7-jre: new: 7u95-2.6.4-3 old: '' openjdk-7-jre-headless: new: 7u95-2.6.4-3 old: '' x11proto-core-dev: new: 7.0.28-2ubuntu1 old: '' x11proto-input-dev: new: 2.3.1-1 old: '' x11proto-kb-dev: new: 1.0.7-0ubuntu1 old: '' xorg-sgml-doctools: new: 1:1.11-1 old: '' xtrans-dev: new: 1.3.5-1 old: '' zlib1g-dev: new: 1:1.2.8.dfsg-2ubuntu4.1 old: '' comment: 'The following packages were installed/updated: bulk-extractor' duration: 125882.733 name: bulk-extractor result: true start_time: '13:17:36.822121' pkg_|-cabextract_|-cabextract_|-installed: __id__: cabextract __run_num__: 30 changes: cabextract: new: 1.6-1 old: '' comment: 'The following packages were installed/updated: cabextract' duration: 4789.958 name: cabextract result: true start_time: '13:19:42.710581' pkg_|-ccrypt_|-ccrypt_|-installed: __id__: ccrypt __run_num__: 31 changes: ccrypt: new: 1.10-4 old: '' comment: 'The following packages were installed/updated: ccrypt' duration: 4639.068 name: ccrypt result: true start_time: '13:19:47.506927' pkg_|-cifs-utils_|-cifs-utils_|-installed: __id__: cifs-utils __run_num__: 32 changes: cifs-utils: new: 2:6.4-1ubuntu1.1 old: '' keyutils: new: 1.5.9-8ubuntu1 old: '' python-ldb: new: 2:1.1.24-1ubuntu3 old: '' python-samba: new: 2:4.3.11+dfsg-0ubuntu0.16.04.8 old: '' python-tdb: new: 1.3.8-2 old: '' python2.7-ldb: new: '1' old: '' python2.7-samba: new: '1' old: '' python2.7-tdb: new: '1' old: '' samba-common: new: 2:4.3.11+dfsg-0ubuntu0.16.04.8 old: '' samba-common-bin: new: 2:4.3.11+dfsg-0ubuntu0.16.04.8 old: '' comment: 'The following packages were installed/updated: cifs-utils' duration: 9706.501 name: cifs-utils result: true start_time: '13:19:52.151373' pkg_|-clamav_|-clamav_|-installed: __id__: clamav __run_num__: 33 changes: clamav: new: 0.99.2+dfsg-0ubuntu0.16.04.1 old: '' clamav-base: new: 0.99.2+dfsg-0ubuntu0.16.04.1 old: '' clamav-data: new: '1' old: '' clamav-freshclam: new: 0.99.2+dfsg-0ubuntu0.16.04.1 old: '' libclamav7: new: 0.99.2+dfsg-0ubuntu0.16.04.1 old: '' libllvm3.6v5: new: 1:3.6.2-3ubuntu2 old: '' comment: 'The following packages were installed/updated: clamav' duration: 23519.246 name: clamav result: true start_time: '13:20:01.863486' pkg_|-cmospwd_|-cmospwd_|-installed: __id__: cmospwd __run_num__: 34 changes: cmospwd: new: 5.0+dfsg-2 old: '' comment: 'The following packages were installed/updated: cmospwd' duration: 5096.061 name: cmospwd result: true start_time: '13:20:25.388237' pkg_|-cryptcat_|-cryptcat_|-installed: __id__: cryptcat __run_num__: 35 changes: cryptcat: new: 20031202-4 old: '' comment: 'The following packages were installed/updated: cryptcat' duration: 4669.478 name: cryptcat result: true start_time: '13:20:30.491664' pkg_|-cryptsetup_|-cryptsetup_|-installed: __id__: cryptsetup __run_num__: 36 changes: cryptsetup: new: 2:1.6.6-5ubuntu2 old: '' cryptsetup-bin: new: 2:1.6.6-5ubuntu2 old: '' cryptsetup-luks: new: '1' old: '' dmsetup: new: 2:1.02.110-1ubuntu10 old: '' comment: 'The following packages were installed/updated: cryptsetup' duration: 19977.085 name: cryptsetup result: true start_time: '13:20:35.168629' pkg_|-curl_|-curl_|-installed: __id__: curl __run_num__: 37 changes: curl: new: 7.47.0-1ubuntu2.2 old: '' comment: 'The following packages were installed/updated: curl' duration: 4756.61 name: curl result: true start_time: '13:20:55.151534' pkg_|-dc3dd_|-dc3dd_|-installed: __id__: dc3dd __run_num__: 38 changes: dc3dd: new: 7.2.641-3 old: '' comment: 'The following packages were installed/updated: dc3dd' duration: 4915.001 name: dc3dd result: true start_time: '13:20:59.914051' pkg_|-dcfldd_|-dcfldd_|-installed: __id__: dcfldd __run_num__: 39 changes: dcfldd: new: 1.3.4.1-9 old: '' comment: 'The following packages were installed/updated: dcfldd' duration: 4516.852 name: dcfldd result: true start_time: '13:21:04.835471' pkg_|-dconf-tools_|-dconf-tools_|-installed: __id__: dconf-tools __run_num__: 40 changes: dconf-editor: new: 3.18.2-1 old: '' dconf-tools: new: 0.24.0-2 old: '' comment: 'The following packages were installed/updated: dconf-tools' duration: 5925.275 name: dconf-tools result: true start_time: '13:21:09.358026' pkg_|-docker-engine_|-docker-engine_|-installed: __id__: docker-engine __run_num__: 41 changes: aufs-tools: new: 1:3.2+20130722-1.1ubuntu1 old: '' cgroupfs-mount: new: '1.2' old: '' docker-engine: new: 17.05.0~ce-0~ubuntu-xenial old: '' git: new: 1:2.7.4-0ubuntu1.1 old: '' git-completion: new: '1' old: '' git-core: new: '1' old: '' git-man: new: 1:2.7.4-0ubuntu1.1 old: '' liberror-perl: new: 0.17-1.2 old: '' comment: 'The following packages were installed/updated: docker-engine' duration: 19821.559 name: docker-engine result: true start_time: '13:21:15.290752' pkg_|-driftnet_|-driftnet_|-installed: __id__: driftnet __run_num__: 42 changes: {} comment: "Problem encountered installing package(s). Additional info follows:\n\nerrors:\n \ - Running scope as unit run-rd791eb01d76f47c7b2913e42fd965bef.scope.\n E: Could not get lock /var/lib/dpkg/lock - open (11: Resource temporarily unavailable)\n \ E: Unable to lock the administration directory (/var/lib/dpkg/), is another process using it?" duration: 521.003 name: driftnet result: false start_time: '13:21:35.117991' pkg_|-dsniff_|-dsniff_|-installed: __id__: dsniff __run_num__: 43 changes: {} comment: "Problem encountered installing package(s). Additional info follows:\n\nerrors:\n \ - Running scope as unit run-r0449a242f023401c8547159a02cefc88.scope.\n E: Could not get lock /var/lib/dpkg/lock - open (11: Resource temporarily unavailable)\n \ E: Unable to lock the administration directory (/var/lib/dpkg/), is another process using it?" duration: 204.104 name: dsniff result: false start_time: '13:21:35.639230' pkg_|-dumbpig_|-dumbpig_|-installed: __id__: dumbpig __run_num__: 44 changes: {} comment: "Problem encountered installing package(s). Additional info follows:\n\nerrors:\n \ - Running scope as unit run-r2214e0b637a84a5186e9a64118800ba4.scope.\n E: Could not get lock /var/lib/dpkg/lock - open (11: Resource temporarily unavailable)\n \ E: Unable to lock the administration directory (/var/lib/dpkg/), is another process using it?" duration: 220.992 name: dumbpig result: false start_time: '13:21:35.843596' pkg_|-e2fslibs-dev_|-e2fslibs-dev_|-installed: __id__: e2fslibs-dev __run_num__: 45 changes: {} comment: "Problem encountered installing package(s). Additional info follows:\n\nerrors:\n \ - Running scope as unit run-r1b6c9a058bfa4ac6a59b4284dd527be3.scope.\n E: Could not get lock /var/lib/dpkg/lock - open (11: Resource temporarily unavailable)\n \ E: Unable to lock the administration directory (/var/lib/dpkg/), is another process using it?" duration: 223.368 name: e2fslibs-dev result: false start_time: '13:21:36.065055' pkg_|-ent_|-ent_|-installed: __id__: ent __run_num__: 46 changes: {} comment: "Problem encountered installing package(s). Additional info follows:\n\nerrors:\n \ - Running scope as unit run-r6391bd4001324d968a280e5e559b7e72.scope.\n E: Could not get lock /var/lib/dpkg/lock - open (11: Resource temporarily unavailable)\n \ E: Unable to lock the administration directory (/var/lib/dpkg/), is another process using it?" duration: 231.021 name: ent result: false start_time: '13:21:36.288704' pkg_|-epic5_|-epic5_|-installed: __id__: epic5 __run_num__: 47 changes: {} comment: "Problem encountered installing package(s). Additional info follows:\n\nerrors:\n \ - Running scope as unit run-r416b25b2dd79465489894d5e734398e5.scope.\n E: Could not get lock /var/lib/dpkg/lock - open (11: Resource temporarily unavailable)\n \ E: Unable to lock the administration directory (/var/lib/dpkg/), is another process using it?" duration: 213.383 name: epic5 result: false start_time: '13:21:36.519978' pkg_|-etherape_|-etherape_|-installed: __id__: etherape __run_num__: 48 changes: {} comment: "Problem encountered installing package(s). Additional info follows:\n\nerrors:\n \ - Running scope as unit run-r6e9cbfe304654ae1beb71a8af5adfd7a.scope.\n E: Could not get lock /var/lib/dpkg/lock - open (11: Resource temporarily unavailable)\n \ E: Unable to lock the administration directory (/var/lib/dpkg/), is another process using it?" duration: 246.094 name: etherape result: false start_time: '13:21:36.733575' pkg_|-ettercap-graphical_|-ettercap-graphical_|-installed: __id__: ettercap-graphical __run_num__: 49 changes: {} comment: "Problem encountered installing package(s). Additional info follows:\n\nerrors:\n \ - Running scope as unit run-r36f7696d7974431186a4bdc628fbb425.scope.\n E: Could not get lock /var/lib/dpkg/lock - open (11: Resource temporarily unavailable)\n \ E: Unable to lock the administration directory (/var/lib/dpkg/), is another process using it?" duration: 245.943 name: ettercap-graphical result: false start_time: '13:21:36.979880' pkg_|-exfat-fuse_|-exfat-fuse_|-installed: __id__: exfat-fuse __run_num__: 50 changes: {} comment: "Problem encountered installing package(s). Additional info follows:\n\nerrors:\n \ - Running scope as unit run-r82d894ea79cc4984a9c08fbd3663f6c3.scope.\n E: Could not get lock /var/lib/dpkg/lock - open (11: Resource temporarily unavailable)\n \ E: Unable to lock the administration directory (/var/lib/dpkg/), is another process using it?" duration: 308.746 name: exfat-fuse result: false start_time: '13:21:37.226067' pkg_|-exfat-utils_|-exfat-utils_|-installed: __id__: exfat-utils __run_num__: 51 changes: {} comment: "Problem encountered installing package(s). Additional info follows:\n\nerrors:\n \ - Running scope as unit run-ra4e446c981904fafa7a1406793f87cbb.scope.\n E: Could not get lock /var/lib/dpkg/lock - open (11: Resource temporarily unavailable)\n \ E: Unable to lock the administration directory (/var/lib/dpkg/), is another process using it?" duration: 289.368 name: exfat-utils result: false start_time: '13:21:37.535059' pkg_|-exif_|-exif_|-installed: __id__: exif __run_num__: 52 changes: {} comment: "Problem encountered installing package(s). Additional info follows:\n\nerrors:\n \ - Running scope as unit run-rff3f0db17be44b4986ccd8efa279095f.scope.\n E: Could not get lock /var/lib/dpkg/lock - open (11: Resource temporarily unavailable)\n \ E: Unable to lock the administration directory (/var/lib/dpkg/), is another process using it?" duration: 241.474 name: exif result: false start_time: '13:21:37.824716' pkg_|-extundelete_|-extundelete_|-installed: __id__: extundelete __run_num__: 53 changes: {} comment: "Problem encountered installing package(s). Additional info follows:\n\nerrors:\n \ - Running scope as unit run-rf6d7ed835dd0464ea590b5e8c7eb6d52.scope.\n E: Could not get lock /var/lib/dpkg/lock - open (11: Resource temporarily unavailable)\n \ E: Unable to lock the administration directory (/var/lib/dpkg/), is another process using it?" duration: 335.215 name: extundelete result: false start_time: '13:21:38.066441' pkg_|-fdupes_|-fdupes_|-installed: __id__: fdupes __run_num__: 54 changes: {} comment: "Problem encountered installing package(s). Additional info follows:\n\nerrors:\n \ - Running scope as unit run-r59dafdc2a8f64a0fadb9a876b129b4c0.scope.\n E: Could not get lock /var/lib/dpkg/lock - open (11: Resource temporarily unavailable)\n \ E: Unable to lock the administration directory (/var/lib/dpkg/), is another process using it?" duration: 355.657 name: fdupes result: false start_time: '13:21:38.401874' pkg_|-feh_|-feh_|-installed: __id__: feh __run_num__: 55 changes: {} comment: "Problem encountered installing package(s). Additional info follows:\n\nerrors:\n \ - Running scope as unit run-r6f51d7f27f2243dc94a3511b6019d47d.scope.\n E: Could not get lock /var/lib/dpkg/lock - open (11: Resource temporarily unavailable)\n \ E: Unable to lock the administration directory (/var/lib/dpkg/), is another process using it?" duration: 194.569 name: feh result: false start_time: '13:21:38.757718' pkg_|-flasm_|-flasm_|-installed: __id__: flasm __run_num__: 56 changes: {} comment: "Problem encountered installing package(s). Additional info follows:\n\nerrors:\n \ - Running scope as unit run-r9bd35477dd534bb18a5d56fb9f01630d.scope.\n E: Could not get lock /var/lib/dpkg/lock - open (11: Resource temporarily unavailable)\n \ E: Unable to lock the administration directory (/var/lib/dpkg/), is another process using it?" duration: 269.76 name: flasm result: false start_time: '13:21:38.952501' pkg_|-flex_|-flex_|-installed: __id__: flex __run_num__: 57 changes: {} comment: Package flex is already installed duration: 9.361 name: flex result: true start_time: '13:21:39.222822' pkg_|-foremost_|-foremost_|-installed: __id__: foremost __run_num__: 58 changes: {} comment: "Problem encountered installing package(s). Additional info follows:\n\nerrors:\n \ - Running scope as unit run-ra40f8278485e45578ca567e0d4e77789.scope.\n E: Could not get lock /var/lib/dpkg/lock - open (11: Resource temporarily unavailable)\n \ E: Unable to lock the administration directory (/var/lib/dpkg/), is another process using it?" duration: 304.612 name: foremost result: false start_time: '13:21:39.232382' pkg_|-g++_|-g++_|-installed: __id__: g++ __run_num__: 59 changes: {} comment: Package g++ is already installed duration: 5.596 name: g++ result: true start_time: '13:21:39.537178' pkg_|-gawk_|-gawk_|-installed: __id__: gawk __run_num__: 60 changes: {} comment: "Problem encountered installing package(s). Additional info follows:\n\nerrors:\n \ - Running scope as unit run-r9e89c481f80042dcabb0a35fe817885e.scope.\n E: Could not get lock /var/lib/dpkg/lock - open (11: Resource temporarily unavailable)\n \ E: Unable to lock the administration directory (/var/lib/dpkg/), is another process using it?" duration: 297.323 name: gawk result: false start_time: '13:21:39.542972' pkg_|-gcc_|-gcc_|-installed: __id__: gcc __run_num__: 61 changes: {} comment: Package gcc is already installed duration: 6.609 name: gcc result: true start_time: '13:21:39.840569' pkg_|-gdb_|-gdb_|-installed: __id__: gdb __run_num__: 62 changes: {} comment: Package gdb is already installed duration: 7.124 name: gdb result: true start_time: '13:21:39.847426' pkg_|-gddrescue_|-gddrescue_|-installed: __id__: gddrescue __run_num__: 63 changes: {} comment: "Problem encountered installing package(s). Additional info follows:\n\nerrors:\n \ - Running scope as unit run-rb89d0166b383446daeff5949168e2219.scope.\n E: Could not get lock /var/lib/dpkg/lock - open (11: Resource temporarily unavailable)\n \ E: Unable to lock the administration directory (/var/lib/dpkg/), is another process using it?" duration: 268.152 name: gddrescue result: false start_time: '13:21:39.854770' pkg_|-ghex_|-ghex_|-installed: __id__: ghex __run_num__: 64 changes: {} comment: "Problem encountered installing package(s). Additional info follows:\n\nerrors:\n \ - Running scope as unit run-r9ff94fd45f3442bea562ed47acfe3c3a.scope.\n E: Could not get lock /var/lib/dpkg/lock - open (11: Resource temporarily unavailable)\n \ E: Unable to lock the administration directory (/var/lib/dpkg/), is another process using it?" duration: 197.745 name: ghex result: false start_time: '13:21:40.123113' pkg_|-git_|-git_|-installed: __id__: git __run_num__: 65 changes: {} comment: Package git is already installed duration: 5.204 name: git result: true start_time: '13:21:40.321063' pkg_|-graphviz_|-graphviz_|-installed: __id__: graphviz __run_num__: 66 changes: {} comment: "Problem encountered installing package(s). Additional info follows:\n\nerrors:\n \ - Running scope as unit run-r3163647bceff465e902db87ca0f2d745.scope.\n E: Could not get lock /var/lib/dpkg/lock - open (11: Resource temporarily unavailable)\n \ E: Unable to lock the administration directory (/var/lib/dpkg/), is another process using it?" duration: 256.931 name: graphviz result: false start_time: '13:21:40.326420' pkg_|-gthumb_|-gthumb_|-installed: __id__: gthumb __run_num__: 67 changes: {} comment: "Problem encountered installing package(s). Additional info follows:\n\nerrors:\n \ - Running scope as unit run-r4721a3e918354f058b2c633108d26580.scope.\n E: Could not get lock /var/lib/dpkg/lock - open (11: Resource temporarily unavailable)\n \ E: Unable to lock the administration directory (/var/lib/dpkg/), is another process using it?" duration: 284.628 name: gthumb result: false start_time: '13:21:40.583573' pkg_|-gzrt_|-gzrt_|-installed: __id__: gzrt __run_num__: 68 changes: {} comment: "Problem encountered installing package(s). Additional info follows:\n\nerrors:\n \ - Running scope as unit run-r1ecb06f5e0964eab89316930ebb05a0d.scope.\n E: Could not get lock /var/lib/dpkg/lock - open (11: Resource temporarily unavailable)\n \ E: Unable to lock the administration directory (/var/lib/dpkg/), is another process using it?" duration: 260.97 name: gzrt result: false start_time: '13:21:40.868528' pkg_|-hexedit_|-hexedit_|-installed: __id__: hexedit __run_num__: 69 changes: {} comment: "Problem encountered installing package(s). Additional info follows:\n\nerrors:\n \ - Running scope as unit run-r7415a7ad5c364a12a9a525432d49f423.scope.\n E: Could not get lock /var/lib/dpkg/lock - open (11: Resource temporarily unavailable)\n \ E: Unable to lock the administration directory (/var/lib/dpkg/), is another process using it?" duration: 262.237 name: hexedit result: false start_time: '13:21:41.129709' pkg_|-htop_|-htop_|-installed: __id__: htop __run_num__: 70 changes: {} comment: "Problem encountered installing package(s). Additional info follows:\n\nerrors:\n \ - Running scope as unit run-r18da6cf3b7704e7b86cedbafca527678.scope.\n E: Could not get lock /var/lib/dpkg/lock - open (11: Resource temporarily unavailable)\n \ E: Unable to lock the administration directory (/var/lib/dpkg/), is another process using it?" duration: 216.056 name: htop result: false start_time: '13:21:41.392160' pkg_|-hydra-gtk_|-hydra-gtk_|-installed: __id__: hydra-gtk __run_num__: 72 changes: {} comment: "Problem encountered installing package(s). Additional info follows:\n\nerrors:\n \ - Running scope as unit run-r161dacfc7994480ebe626fe5e1cf3c49.scope.\n E: Could not get lock /var/lib/dpkg/lock - open (11: Resource temporarily unavailable)\n \ E: Unable to lock the administration directory (/var/lib/dpkg/), is another process using it?" duration: 217.836 name: hydra-gtk result: false start_time: '13:21:41.814659' pkg_|-hydra_|-hydra_|-installed: __id__: hydra __run_num__: 71 changes: {} comment: "Problem encountered installing package(s). Additional info follows:\n\nerrors:\n \ - Running scope as unit run-ra7e9dab027f94f678b5dbace9e276850.scope.\n E: Could not get lock /var/lib/dpkg/lock - open (11: Resource temporarily unavailable)\n \ E: Unable to lock the administration directory (/var/lib/dpkg/), is another process using it?" duration: 205.947 name: hydra result: false start_time: '13:21:41.608431' pkg_|-ipython_|-ipython_|-installed: __id__: ipython __run_num__: 73 changes: {} comment: "Problem encountered installing package(s). Additional info follows:\n\nerrors:\n \ - Running scope as unit run-rc3cd796cff024533bd2de35290d67e1e.scope.\n E: Could not get lock /var/lib/dpkg/lock - open (11: Resource temporarily unavailable)\n \ E: Unable to lock the administration directory (/var/lib/dpkg/), is another process using it?" duration: 212.063 name: ipython result: false start_time: '13:21:42.032776' pkg_|-jq_|-jq_|-installed: __id__: jq __run_num__: 74 changes: {} comment: "Problem encountered installing package(s). Additional info follows:\n\nerrors:\n \ - Running scope as unit run-r52deacc44e0c4cebb5c9cb9a887db922.scope.\n E: Could not get lock /var/lib/dpkg/lock - open (11: Resource temporarily unavailable)\n \ E: Unable to lock the administration directory (/var/lib/dpkg/), is another process using it?" duration: 223.22 name: jq result: false start_time: '13:21:42.245130' pkg_|-kdiff3_|-kdiff3_|-installed: __id__: kdiff3 __run_num__: 75 changes: {} comment: "Problem encountered installing package(s). Additional info follows:\n\nerrors:\n \ - Running scope as unit run-r7005486e867d41ae8651986679c061b3.scope.\n E: Could not get lock /var/lib/dpkg/lock - open (11: Resource temporarily unavailable)\n \ E: Unable to lock the administration directory (/var/lib/dpkg/), is another process using it?" duration: 216.776 name: kdiff3 result: false start_time: '13:21:42.468646' pkg_|-knocker_|-knocker_|-installed: __id__: knocker __run_num__: 76 changes: {} comment: "Problem encountered installing package(s). Additional info follows:\n\nerrors:\n \ - Running scope as unit run-r2e74c50020044e9b807e637ab8eefa51.scope.\n E: Could not get lock /var/lib/dpkg/lock - open (11: Resource temporarily unavailable)\n \ E: Unable to lock the administration directory (/var/lib/dpkg/), is another process using it?" duration: 220.585 name: knocker result: false start_time: '13:21:42.685681' pkg_|-kpartx_|-kpartx_|-installed: __id__: kpartx __run_num__: 77 changes: {} comment: "Problem encountered installing package(s). Additional info follows:\n\nerrors:\n \ - Running scope as unit run-rc1870786cab44ec5b48d564153c64bef.scope.\n E: Could not get lock /var/lib/dpkg/lock - open (11: Resource temporarily unavailable)\n \ E: Unable to lock the administration directory (/var/lib/dpkg/), is another process using it?" duration: 287.863 name: kpartx result: false start_time: '13:21:42.906457' pkg_|-lft_|-lft_|-installed: __id__: lft __run_num__: 78 changes: {} comment: "Problem encountered installing package(s). Additional info follows:\n\nerrors:\n \ - Running scope as unit run-rfe6088b42f0e49b6be3e5645be983c4e.scope.\n E: Could not get lock /var/lib/dpkg/lock - open (11: Resource temporarily unavailable)\n \ E: Unable to lock the administration directory (/var/lib/dpkg/), is another process using it?" duration: 223.065 name: lft result: false start_time: '13:21:43.194559' pkg_|-libafflib-dev_|-libafflib-dev_|-installed: __id__: libafflib-dev __run_num__: 79 changes: {} comment: "Problem encountered installing package(s). Additional info follows:\n\nerrors:\n \ - Running scope as unit run-rfbeedd18e76e488aa42603d69367a78f.scope.\n E: Could not get lock /var/lib/dpkg/lock - open (11: Resource temporarily unavailable)\n \ E: Unable to lock the administration directory (/var/lib/dpkg/), is another process using it?" duration: 208.723 name: libafflib-dev result: false start_time: '13:21:43.417881' pkg_|-libafflib_|-libafflib0v5_|-installed: __id__: libafflib __run_num__: 80 changes: {} comment: Package libafflib0v5 is already installed duration: 5.326 name: libafflib0v5 result: true start_time: '13:21:43.626827' pkg_|-libbde-tools_|-libbde-tools_|-installed: __id__: libbde-tools __run_num__: 82 changes: {} comment: "Problem encountered installing package(s). Additional info follows:\n\nerrors:\n \ - Running scope as unit run-rdac25b3feb6d450cab4d06e535769d9a.scope.\n E: Could not get lock /var/lib/dpkg/lock - open (11: Resource temporarily unavailable)\n \ E: Unable to lock the administration directory (/var/lib/dpkg/), is another process using it?" duration: 218.005 name: libbde-tools result: false start_time: '13:21:43.851249' pkg_|-libbde_|-libbde_|-installed: __id__: libbde __run_num__: 81 changes: {} comment: "Problem encountered installing package(s). Additional info follows:\n\nerrors:\n \ - Running scope as unit run-r893c549dca474e479bda426f82a44f87.scope.\n E: Could not get lock /var/lib/dpkg/lock - open (11: Resource temporarily unavailable)\n \ E: Unable to lock the administration directory (/var/lib/dpkg/), is another process using it?" duration: 218.687 name: libbde result: false start_time: '13:21:43.632287' pkg_|-libesedb-tools_|-libesedb-tools_|-installed: __id__: libesedb-tools __run_num__: 84 changes: {} comment: "Problem encountered installing package(s). Additional info follows:\n\nerrors:\n \ - Running scope as unit run-rafc4b6ee312145a29db9665ebe14213d.scope.\n E: Could not get lock /var/lib/dpkg/lock - open (11: Resource temporarily unavailable)\n \ E: Unable to lock the administration directory (/var/lib/dpkg/), is another process using it?" duration: 232.101 name: libesedb-tools result: false start_time: '13:21:44.295072' pkg_|-libesedb_|-libesedb_|-installed: __id__: libesedb __run_num__: 83 changes: {} comment: "Problem encountered installing package(s). Additional info follows:\n\nerrors:\n \ - Running scope as unit run-rf2f41ad07aba4fabbdfafba5908908a9.scope.\n E: Could not get lock /var/lib/dpkg/lock - open (11: Resource temporarily unavailable)\n \ E: Unable to lock the administration directory (/var/lib/dpkg/), is another process using it?" duration: 225.29 name: libesedb result: false start_time: '13:21:44.069513' pkg_|-libevt-tools_|-libevt-tools_|-installed: __id__: libevt-tools __run_num__: 86 changes: {} comment: "Problem encountered installing package(s). Additional info follows:\n\nerrors:\n \ - Running scope as unit run-re89de3998a7046559cb95c7998de3c9d.scope.\n E: Could not get lock /var/lib/dpkg/lock - open (11: Resource temporarily unavailable)\n \ E: Unable to lock the administration directory (/var/lib/dpkg/), is another process using it?" duration: 203.079 name: libevt-tools result: false start_time: '13:21:44.745472' pkg_|-libevt_|-libevt_|-installed: __id__: libevt __run_num__: 85 changes: {} comment: "Problem encountered installing package(s). Additional info follows:\n\nerrors:\n \ - Running scope as unit run-rde123efb1b7a4988bc03acc883743191.scope.\n E: Could not get lock /var/lib/dpkg/lock - open (11: Resource temporarily unavailable)\n \ E: Unable to lock the administration directory (/var/lib/dpkg/), is another process using it?" duration: 217.814 name: libevt result: false start_time: '13:21:44.527437' pkg_|-libevtx-tools_|-libevtx-tools_|-installed: __id__: libevtx-tools __run_num__: 88 changes: {} comment: "Problem encountered installing package(s). Additional info follows:\n\nerrors:\n \ - Running scope as unit run-ra5ee951447dd4720b622e174199ab16d.scope.\n E: Could not get lock /var/lib/dpkg/lock - open (11: Resource temporarily unavailable)\n \ E: Unable to lock the administration directory (/var/lib/dpkg/), is another process using it?" duration: 221.602 name: libevtx-tools result: false start_time: '13:21:45.179231' pkg_|-libevtx_|-libevtx_|-installed: __id__: libevtx __run_num__: 87 changes: {} comment: "Problem encountered installing package(s). Additional info follows:\n\nerrors:\n \ - Running scope as unit run-rab510286c38e433bb98a9e7ffd70cfbb.scope.\n E: Could not get lock /var/lib/dpkg/lock - open (11: Resource temporarily unavailable)\n \ E: Unable to lock the administration directory (/var/lib/dpkg/), is another process using it?" duration: 230.19 name: libevtx result: false start_time: '13:21:44.948842' pkg_|-libewf-dev_|-libewf-dev_|-installed: __id__: libewf-dev __run_num__: 90 changes: {} comment: Package libewf-dev is already installed duration: 10.487 name: libewf-dev result: true start_time: '13:21:45.615795' pkg_|-libewf-python_|-libewf-python_|-installed: __id__: libewf-python __run_num__: 91 changes: {} comment: "Problem encountered installing package(s). Additional info follows:\n\nerrors:\n \ - Running scope as unit run-r4c1d19bff9ae43dba77b9f9e743ce3ca.scope.\n E: Could not get lock /var/lib/dpkg/lock - open (11: Resource temporarily unavailable)\n \ E: Unable to lock the administration directory (/var/lib/dpkg/), is another process using it?" duration: 217.4 name: libewf-python result: false start_time: '13:21:45.626596' pkg_|-libewf-tools_|-libewf-tools_|-installed: __id__: libewf-tools __run_num__: 92 changes: {} comment: "Problem encountered installing package(s). Additional info follows:\n\nerrors:\n \ - Running scope as unit run-r81e3d20d80844a95954e3953c90e47df.scope.\n E: Could not get lock /var/lib/dpkg/lock - open (11: Resource temporarily unavailable)\n \ E: Unable to lock the administration directory (/var/lib/dpkg/), is another process using it?" duration: 205.553 name: libewf-tools result: false start_time: '13:21:45.844261' pkg_|-libewf_|-libewf_|-installed: __id__: libewf __run_num__: 89 changes: {} comment: "Problem encountered installing package(s). Additional info follows:\n\nerrors:\n \ - Running scope as unit run-r33755e096392479392060515453da747.scope.\n E: Could not get lock /var/lib/dpkg/lock - open (11: Resource temporarily unavailable)\n \ E: Unable to lock the administration directory (/var/lib/dpkg/), is another process using it?" duration: 214.33 name: libewf result: false start_time: '13:21:45.401119' pkg_|-libffi-dev_|-libffi-dev_|-installed: __id__: libffi-dev __run_num__: 93 changes: {} comment: "Problem encountered installing package(s). Additional info follows:\n\nerrors:\n \ - Running scope as unit run-r550bb6ced15044d5894fe4dac2dedb90.scope.\n E: Could not get lock /var/lib/dpkg/lock - open (11: Resource temporarily unavailable)\n \ E: Unable to lock the administration directory (/var/lib/dpkg/), is another process using it?" duration: 217.506 name: libffi-dev result: false start_time: '13:21:46.050031' pkg_|-libfuse-dev_|-libfuse-dev_|-installed: __id__: libfuse-dev __run_num__: 94 changes: {} comment: "Problem encountered installing package(s). Additional info follows:\n\nerrors:\n \ - Running scope as unit run-ra58f8a5f89fc42cf911f01398472b445.scope.\n E: Could not get lock /var/lib/dpkg/lock - open (11: Resource temporarily unavailable)\n \ E: Unable to lock the administration directory (/var/lib/dpkg/), is another process using it?" duration: 372.639 name: libfuse-dev result: false start_time: '13:21:46.267788' pkg_|-libfvde-tools_|-libfvde-tools_|-installed: __id__: libfvde-tools __run_num__: 96 changes: {} comment: "Problem encountered installing package(s). Additional info follows:\n\nerrors:\n \ - Running scope as unit run-rb70665e6c0cb42aea25e505df556f39f.scope.\n E: Could not get lock /var/lib/dpkg/lock - open (11: Resource temporarily unavailable)\n \ E: Unable to lock the administration directory (/var/lib/dpkg/), is another process using it?" duration: 198.804 name: libfvde-tools result: false start_time: '13:21:46.908069' pkg_|-libfvde_|-libfvde_|-installed: __id__: libfvde __run_num__: 95 changes: {} comment: "Problem encountered installing package(s). Additional info follows:\n\nerrors:\n \ - Running scope as unit run-rfb44e5835db54ae0abf756873ad4067b.scope.\n E: Could not get lock /var/lib/dpkg/lock - open (11: Resource temporarily unavailable)\n \ E: Unable to lock the administration directory (/var/lib/dpkg/), is another process using it?" duration: 263.661 name: libfvde result: false start_time: '13:21:46.644212' pkg_|-liblightgrep_|-liblightgrep_|-installed: __id__: liblightgrep __run_num__: 97 changes: {} comment: Package liblightgrep is already installed duration: 4.974 name: liblightgrep result: true start_time: '13:21:47.107079' pkg_|-libmsiecf_|-libmsiecf_|-installed: __id__: libmsiecf __run_num__: 98 changes: {} comment: "Problem encountered installing package(s). Additional info follows:\n\nerrors:\n \ - Running scope as unit run-rcd7c8ca7703a4084a6ca445babe21d61.scope.\n E: Could not get lock /var/lib/dpkg/lock - open (11: Resource temporarily unavailable)\n \ E: Unable to lock the administration directory (/var/lib/dpkg/), is another process using it?" duration: 222.758 name: libmsiecf result: false start_time: '13:21:47.112188' pkg_|-libncurses_|-libncurses5-dev_|-installed: __id__: libncurses __run_num__: 99 changes: libncurses-dev: new: '1' old: '' libncurses5-dev: new: 6.0+20160213-1ubuntu1 old: '' libtinfo-dev: new: 6.0+20160213-1ubuntu1 old: '' ncurses-dev: new: '1' old: '' comment: 'The following packages were installed/updated: libncurses5-dev' duration: 5004.833 name: libncurses5-dev result: true start_time: '13:21:47.335244' pkg_|-libnet1_|-libnet1_|-installed: __id__: libnet1 __run_num__: 100 changes: libnet1: new: 1.1.6+dfsg-3 old: '' comment: 'The following packages were installed/updated: libnet1' duration: 4210.962 name: libnet1 result: true start_time: '13:21:52.346285' pkg_|-libolecf_|-libolecf_|-installed: __id__: libolecf __run_num__: 101 changes: libolecf: new: 20161113-1ppa1~xenial old: '' comment: 'The following packages were installed/updated: libolecf' duration: 6262.364 name: libolecf result: true start_time: '13:21:56.562669' pkg_|-libparse-win32registry-perl_|-libparse-win32registry-perl_|-installed: __id__: libparse-win32registry-perl __run_num__: 102 changes: libparse-win32registry-perl: new: 1.0-2 old: '' comment: 1 targeted package was installed/updated. duration: 6194.551 name: libparse-win32registry-perl result: true start_time: '13:22:02.830801' pkg_|-libpff-dev_|-libpff-dev_|-installed: __id__: libpff-dev __run_num__: 104 changes: libpff-dev: new: 20131029-1ubuntu3 old: '' comment: 'The following packages were installed/updated: libpff-dev' duration: 7363.678 name: libpff-dev result: true start_time: '13:22:14.635816' pkg_|-libpff-python_|-libpff-python_|-installed: __id__: libpff-python __run_num__: 105 changes: libpff-python: new: 20131029-1ubuntu3 old: '' comment: 'The following packages were installed/updated: libpff-python' duration: 4386.191 name: libpff-python result: true start_time: '13:22:22.004755' pkg_|-libpff-tools_|-libpff-tools_|-installed: __id__: libpff-tools __run_num__: 106 changes: libpff-tools: new: 20131029-1ubuntu3 old: '' comment: 'The following packages were installed/updated: libpff-tools' duration: 5222.37 name: libpff-tools result: true start_time: '13:22:26.396531' pkg_|-libpff_|-libpff_|-installed: __id__: libpff __run_num__: 103 changes: libpff: new: 20131029-1ubuntu3 old: '' comment: 'The following packages were installed/updated: libpff' duration: 5599.685 name: libpff result: true start_time: '13:22:09.030772' pkg_|-libregf-dev_|-libregf-dev_|-installed: __id__: libregf-dev __run_num__: 108 changes: libregf-dev: new: 20160424-1ppa1~xenial old: '' comment: 'The following packages were installed/updated: libregf-dev' duration: 6800.58 name: libregf-dev result: true start_time: '13:22:36.305493' pkg_|-libregf-python_|-libregf-python_|-installed: __id__: libregf-python __run_num__: 109 changes: libregf-python: new: 20160424-1ppa1~xenial old: '' comment: 'The following packages were installed/updated: libregf-python' duration: 4510.65 name: libregf-python result: true start_time: '13:22:43.113528' pkg_|-libregf-tools_|-libregf-tools_|-installed: __id__: libregf-tools __run_num__: 110 changes: libregf-tools: new: 20160424-1ppa1~xenial old: '' comment: 'The following packages were installed/updated: libregf-tools' duration: 5372.743 name: libregf-tools result: true start_time: '13:22:47.629148' pkg_|-libregf_|-libregf_|-installed: __id__: libregf __run_num__: 107 changes: libregf: new: 20160424-1ppa1~xenial old: '' comment: 'The following packages were installed/updated: libregf' duration: 4670.296 name: libregf result: true start_time: '13:22:31.624858' pkg_|-libssl-dev_|-libssl-dev_|-installed: __id__: libssl-dev __run_num__: 111 changes: {} comment: Package libssl-dev is already installed duration: 333.756 name: libssl-dev result: true start_time: '13:22:53.007479' pkg_|-libtext-csv-perl_|-libtext-csv-perl_|-installed: __id__: libtext-csv-perl __run_num__: 112 changes: libtext-csv-perl: new: 1.33-1 old: '' libtext-csv-xs-perl: new: 1.21-1 old: '' comment: 'The following packages were installed/updated: libtext-csv-perl' duration: 5628.199 name: libtext-csv-perl result: true start_time: '13:22:53.341406' pkg_|-libvmdk_|-libvmdk_|-installed: __id__: libvmdk __run_num__: 113 changes: libvmdk: new: 20160119-1ppa1~xenial old: '' comment: 'The following packages were installed/updated: libvmdk' duration: 4889.754 name: libvmdk result: true start_time: '13:22:58.975030' pkg_|-libvshadow-dev_|-libvshadow-dev_|-installed: __id__: libvshadow-dev __run_num__: 115 changes: libvshadow-dev: new: 20161111-1ppa1~xenial old: '' comment: 'The following packages were installed/updated: libvshadow-dev' duration: 8951.249 name: libvshadow-dev result: true start_time: '13:23:08.282069' pkg_|-libvshadow-python_|-libvshadow-python_|-installed: __id__: libvshadow-python __run_num__: 116 changes: libvshadow-python: new: 20161111-1ppa1~xenial old: '' comment: 'The following packages were installed/updated: libvshadow-python' duration: 4876.525 name: libvshadow-python result: true start_time: '13:23:17.242778' pkg_|-libvshadow-tools_|-libvshadow-tools_|-installed: __id__: libvshadow-tools __run_num__: 117 changes: libvshadow-tools: new: 20161111-1ppa1~xenial old: '' comment: 'The following packages were installed/updated: libvshadow-tools' duration: 4839.185 name: libvshadow-tools result: true start_time: '13:23:22.130555' pkg_|-libvshadow_|-libvshadow_|-installed: __id__: libvshadow __run_num__: 114 changes: libvshadow: new: 20161111-1ppa1~xenial old: '' comment: 'The following packages were installed/updated: libvshadow' duration: 4406.146 name: libvshadow result: true start_time: '13:23:03.870302' pkg_|-libxml2-dev_|-libxml2-dev_|-installed: __id__: libxml2-dev __run_num__: 118 changes: icu-devtools: new: 55.1-7ubuntu0.2 old: '' libicu-dev: new: 55.1-7ubuntu0.2 old: '' libxml2-dev: new: 2.9.3+dfsg1-1ubuntu0.2 old: '' comment: 'The following packages were installed/updated: libxml2-dev' duration: 24412.483 name: libxml2-dev result: true start_time: '13:23:26.975471' pkg_|-libxslt-dev_|-libxslt-dev_|-installed: __id__: libxslt-dev __run_num__: 119 changes: libxslt-dev: new: '1' old: '' libxslt1-dev: new: 1.1.28-2.1ubuntu0.1 old: '' comment: 'The following packages were installed/updated: libxslt-dev' duration: 7041.666 name: libxslt-dev result: true start_time: '13:23:51.393377' pkg_|-md5deep_|-md5deep_|-installed: __id__: md5deep __run_num__: 120 changes: hashdeep: new: 4.4-2 old: '' md5deep: new: 4.4-2 old: '' comment: 'The following packages were installed/updated: md5deep' duration: 4952.942 name: md5deep result: true start_time: '13:23:58.440468' pkg_|-nbd-client_|-nbd-client_|-installed: __id__: nbd-client __run_num__: 121 changes: nbd-client: new: 1:3.13-1 old: '' comment: 'The following packages were installed/updated: nbd-client' duration: 20975.328 name: nbd-client result: true start_time: '13:24:03.398779' pkg_|-nbtscan_|-nbtscan_|-installed: __id__: nbtscan __run_num__: 122 changes: nbtscan: new: 1.5.1-6 old: '' comment: 'The following packages were installed/updated: nbtscan' duration: 5186.175 name: nbtscan result: true start_time: '13:24:24.379679' pkg_|-netcat_|-netcat_|-installed: __id__: netcat __run_num__: 123 changes: {} comment: Package netcat is already installed duration: 387.208 name: netcat result: true start_time: '13:24:29.572587' pkg_|-netpbm_|-netpbm_|-installed: __id__: netpbm __run_num__: 124 changes: {} comment: Package netpbm is already installed duration: 5.681 name: netpbm result: true start_time: '13:24:29.959981' pkg_|-netsed_|-netsed_|-installed: __id__: netsed __run_num__: 125 changes: netsed: new: 1.2-1 old: '' comment: 'The following packages were installed/updated: netsed' duration: 4271.034 name: netsed result: true start_time: '13:24:29.965829' pkg_|-netwox_|-netwox_|-installed: __id__: netwox __run_num__: 126 changes: libtcl8.5: new: 8.5.19-1 old: '' libtk8.5: new: 8.5.19-1ubuntu1 old: '' netwag: new: 5.39.0-1.2 old: '' netwox: new: 5.39.0-1.2 old: '' tcl8.5: new: 8.5.19-1 old: '' tk8.5: new: 8.5.19-1ubuntu1 old: '' comment: 'The following packages were installed/updated: netwox' duration: 9383.329 name: netwox result: true start_time: '13:24:34.243313' pkg_|-nfdump_|-nfdump_|-installed: __id__: nfdump __run_num__: 127 changes: libdbi1: new: 0.9.0-4 old: '' librrd4: new: 1.5.5-4 old: '' nfdump: new: 1.6.12-0.2 old: '' comment: 'The following packages were installed/updated: nfdump' duration: 6964.441 name: nfdump result: true start_time: '13:24:43.632136' pkg_|-ngrep_|-ngrep_|-installed: __id__: ngrep __run_num__: 128 changes: ngrep: new: 1.45.ds2-13 old: '' comment: 'The following packages were installed/updated: ngrep' duration: 4765.318 name: ngrep result: true start_time: '13:24:50.602732' pkg_|-okular_|-okular_|-installed: __id__: okular __run_num__: 130 changes: breeze-icon-theme: new: 4:5.18.0-0ubuntu1 old: '' docbook-xsl: new: 1.79.1+dfsg-1 old: '' fonts-dejavu: new: 2.35-1 old: '' icoutils: new: 0.31.0-3 old: '' kactivities: new: 5.18.0-0ubuntu1 old: '' kate-data: new: 4:4.14.3-0ubuntu4 old: '' katepart: new: 4:4.14.3-0ubuntu4 old: '' kde-runtime: new: 4:15.12.3-0ubuntu1 old: '' kde-runtime-data: new: 4:15.12.3-0ubuntu1 old: '' kde-style-breeze: new: 4:5.5.5-0ubuntu1 old: '' kde-style-breeze-qt4: new: 4:5.5.5-0ubuntu1 old: '' kdelibs-bin: new: 4:4.14.16-0ubuntu3.2 old: '' kdelibs5-data: new: 4:4.14.16-0ubuntu3.2 old: '' kdelibs5-plugins: new: 4:4.14.16-0ubuntu3.2 old: '' kdoctools: new: 4:4.14.16-0ubuntu3.2 old: '' kpackagelauncherqml: new: 5.18.0-0ubuntu1 old: '' kpackagetool5: new: 5.18.0-0ubuntu1 old: '' kwayland-data: new: 4:5.5.5-0ubuntu1 old: '' kwayland-integration: new: 4:5.5.5-0ubuntu1 old: '' libattica0.4: new: 0.4.2-2 old: '' libdlrestrictions1: new: 0.15.20~ubuntu4 old: '' libfam0: new: 2.7.0-17.1 old: '' libfam0c102: new: '1' old: '' libkactivities6: new: 4:4.13.3-0ubuntu6 old: '' libkatepartinterfaces4: new: 4:4.14.3-0ubuntu4 old: '' libkcmutils4: new: 4:4.14.16-0ubuntu3.2 old: '' libkde3support4: new: 4:4.14.16-0ubuntu3.2 old: '' libkdeclarative5: new: 4:4.14.16-0ubuntu3.2 old: '' libkdecore5: new: 4:4.14.16-0ubuntu3.2 old: '' libkdesu5: new: 4:4.14.16-0ubuntu3.2 old: '' libkdeui5: new: 4:4.14.16-0ubuntu3.2 old: '' libkdewebkit5: new: 4:4.14.16-0ubuntu3.2 old: '' libkdnssd4: new: 4:4.14.16-0ubuntu3.2 old: '' libkemoticons4: new: 4:4.14.16-0ubuntu3.2 old: '' libkexiv2-11v5: new: 4:15.08.2-0ubuntu1 old: '' libkexiv2-data: new: 4:15.08.2-0ubuntu1 old: '' libkf5activities5: new: 5.18.0-0ubuntu1 old: '' libkf5archive5: new: 5.18.0-0ubuntu1 old: '' libkf5attica5: new: 5.18.0-0ubuntu1 old: '' libkf5auth-data: new: 5.18.0-0ubuntu2 old: '' libkf5auth5: new: 5.18.0-0ubuntu2 old: '' libkf5calendarevents5: new: 5.18.0-0ubuntu1 old: '' libkf5codecs-data: new: 5.18.0-0ubuntu1 old: '' libkf5codecs5: new: 5.18.0-0ubuntu1 old: '' libkf5completion-data: new: 5.18.0-0ubuntu1 old: '' libkf5completion5: new: 5.18.0-0ubuntu1 old: '' libkf5config-bin: new: 5.18.0-0ubuntu1 old: '' libkf5config-data: new: 5.18.0-0ubuntu1 old: '' libkf5configcore5: new: 5.18.0-0ubuntu1 old: '' libkf5configgui5: new: 5.18.0-0ubuntu1 old: '' libkf5configwidgets-data: new: 5.18.0-0ubuntu1 old: '' libkf5configwidgets5: new: 5.18.0-0ubuntu1 old: '' libkf5coreaddons-data: new: 5.18.0-0ubuntu1 old: '' libkf5coreaddons5: new: 5.18.0-0ubuntu1 old: '' libkf5crash5: new: 5.18.0-0ubuntu1 old: '' libkf5dbusaddons-bin: new: 5.18.0-0ubuntu1 old: '' libkf5dbusaddons-data: new: 5.18.0-0ubuntu1 old: '' libkf5dbusaddons5: new: 5.18.0-0ubuntu1 old: '' libkf5declarative-data: new: 5.18.0-0ubuntu1 old: '' libkf5declarative5: new: 5.18.0-0ubuntu1 old: '' libkf5globalaccel-bin: new: 5.18.0-0ubuntu1 old: '' libkf5globalaccel-data: new: 5.18.0-0ubuntu1 old: '' libkf5globalaccel5: new: 5.18.0-0ubuntu1 old: '' libkf5globalaccelprivate5: new: 5.18.0-0ubuntu1 old: '' libkf5guiaddons5: new: 5.18.0-0ubuntu1 old: '' libkf5i18n-data: new: 5.18.0-0ubuntu1 old: '' libkf5i18n5: new: 5.18.0-0ubuntu1 old: '' libkf5iconthemes-bin: new: 5.18.0-0ubuntu1 old: '' libkf5iconthemes-data: new: 5.18.0-0ubuntu1 old: '' libkf5iconthemes5: new: 5.18.0-0ubuntu1 old: '' libkf5idletime5: new: 5.18.0-0ubuntu1 old: '' libkf5itemviews-data: new: 5.18.0-0ubuntu1 old: '' libkf5itemviews5: new: 5.18.0-0ubuntu1 old: '' libkf5jobwidgets-data: new: 5.18.0-0ubuntu1 old: '' libkf5jobwidgets5: new: 5.18.0-0ubuntu1 old: '' libkf5kiocore5: new: 5.18.0-0ubuntu1.1 old: '' libkf5kiowidgets5: new: 5.18.0-0ubuntu1.1 old: '' libkf5notifications-data: new: 5.18.0-0ubuntu1 old: '' libkf5notifications5: new: 5.18.0-0ubuntu1 old: '' libkf5package-data: new: 5.18.0-0ubuntu1 old: '' libkf5package5: new: 5.18.0-0ubuntu1 old: '' libkf5plasma5: new: 5.18.0-0ubuntu1.1 old: '' libkf5plasmaquick5: new: 5.18.0-0ubuntu1.1 old: '' libkf5quickaddons5: new: 5.18.0-0ubuntu1 old: '' libkf5service-bin: new: 5.18.0-0ubuntu1 old: '' libkf5service-data: new: 5.18.0-0ubuntu1 old: '' libkf5service5: new: 5.18.0-0ubuntu1 old: '' libkf5sonnet5-data: new: 5.18.0-0ubuntu1 old: '' libkf5sonnetcore5: new: 5.18.0-0ubuntu1 old: '' libkf5sonnetui5: new: 5.18.0-0ubuntu1 old: '' libkf5style5: new: 5.18.0-0ubuntu1 old: '' libkf5textwidgets-data: new: 5.18.0-0ubuntu1 old: '' libkf5textwidgets5: new: 5.18.0-0ubuntu1 old: '' libkf5waylandclient5: new: 4:5.5.5-0ubuntu1 old: '' libkf5widgetsaddons-data: new: 5.18.0-0ubuntu1 old: '' libkf5widgetsaddons5: new: 5.18.0-0ubuntu1 old: '' libkf5windowsystem-data: new: 5.18.0-0ubuntu1 old: '' libkf5windowsystem5: new: 5.18.0-0ubuntu1 old: '' libkf5xmlgui-bin: new: 5.18.0-0ubuntu1 old: '' libkf5xmlgui-data: new: 5.18.0-0ubuntu1 old: '' libkf5xmlgui5: new: 5.18.0-0ubuntu1 old: '' libkfile4: new: 4:4.14.16-0ubuntu3.2 old: '' libkhtml5: new: 4:4.14.16-0ubuntu3.2 old: '' libkio5: new: 4:4.14.16-0ubuntu3.2 old: '' libkjsapi4: new: 4:4.14.16-0ubuntu3.2 old: '' libkjsembed4: new: 4:4.14.16-0ubuntu3.2 old: '' libkmediaplayer4: new: 4:4.14.16-0ubuntu3.2 old: '' libknewstuff3-4: new: 4:4.14.16-0ubuntu3.2 old: '' libknotifyconfig4: new: 4:4.14.16-0ubuntu3.2 old: '' libkntlm4: new: 4:4.14.16-0ubuntu3.2 old: '' libkparts4: new: 4:4.14.16-0ubuntu3.2 old: '' libkprintutils4: new: 4:4.14.16-0ubuntu3.2 old: '' libkpty4: new: 4:4.14.16-0ubuntu3.2 old: '' libkrosscore4: new: 4:4.14.16-0ubuntu3.2 old: '' libktexteditor4: new: 4:4.14.16-0ubuntu3.2 old: '' libkxmlrpcclient4: new: 4:4.14.10-1ubuntu2 old: '' libnl-route-3-200: new: 3.2.27-1ubuntu0.16.04.1 old: '' libntrack-qt4-1: new: 016-1.3 old: '' libntrack0: new: 016-1.3 old: '' libokularcore7: new: 4:15.12.3-0ubuntu1 old: '' libphonon4: new: 4:4.8.3-0ubuntu3 old: '' libphonon4qt5-4: new: 4:4.8.3-0ubuntu3 old: '' libplasma3: new: 4:4.14.16-0ubuntu3.2 old: '' libpolkit-qt-1-1: new: 0.112.0-4 old: '' libpolkit-qt5-1-1: new: 0.112.0-4 old: '' libpoppler-qt4-4: new: 0.41.0-0ubuntu1.2 old: '' libqca2: new: 2.1.1-2ubuntu1 old: '' libqca2-plugins: new: 2.1.1-2ubuntu1 old: '' libqimageblitz4: new: 1:0.0.6-4build1 old: '' libqmobipocket1: new: 4:15.12.3-0ubuntu1 old: '' libqt4-designer: new: 4:4.8.7+dfsg-5ubuntu2 old: '' libqt4-opengl: new: 4:4.8.7+dfsg-5ubuntu2 old: '' libqt4-qt3support: new: 4:4.8.7+dfsg-5ubuntu2 old: '' libqt4-svg: new: 4:4.8.7+dfsg-5ubuntu2 old: '' libqt5quickwidgets5: new: 5.5.1-2ubuntu6 old: '' libqt5script5: new: 5.5.1+dfsg-2build1 old: '' libqt5waylandclient5: new: 5.5.1-2build1 old: '' libqt5x11extras5: new: 5.5.1-3build1 old: '' libqtwebkit4: new: 2.3.2-0ubuntu11 old: '' libsolid4: new: 4:4.14.16-0ubuntu3.2 old: '' libssh-gcrypt-4: new: 0.6.3-4.3 old: '' libstreamanalyzer0v5: new: 0.7.8-2ubuntu1 old: '' libstreams0v5: new: 0.7.8-2ubuntu1 old: '' libthreadweaver4: new: 4:4.14.16-0ubuntu3.2 old: '' libvoikko1: new: 4.0.1-3ubuntu1 old: '' libvoikko1v5: new: '1' old: '' libxcb-composite0: new: 1.11.1-1ubuntu1 old: '' libxcb-damage0: new: 1.11.1-1ubuntu1 old: '' libxml2-utils: new: 2.9.3+dfsg1-1ubuntu0.2 old: '' ntrack-module-0: new: '1' old: '' ntrack-module-libnl-0: new: 016-1.3 old: '' okular: new: 4:15.12.3-0ubuntu1 old: '' oxygen-icon-theme: new: 5:5.18.0-0ubuntu1 old: '' oxygen5-icon-theme: new: 5.18.0-0ubuntu1 old: '' phonon: new: 4:4.8.3-0ubuntu3 old: '' phonon-backend: new: '1' old: '' phonon-backend-gstreamer: new: 4:4.8.2-0ubuntu2 old: '' phonon-backend-gstreamer-common: new: 4:4.8.2-0ubuntu2 old: '' plasma-framework: new: 5.18.0-0ubuntu1.1 old: '' plasma-scriptengine-javascript: new: 4:15.12.3-0ubuntu1 old: '' qml-module-org-kde-activities: new: 5.18.0-0ubuntu1 old: '' qml-module-org-kde-kquickcontrols: new: 5.18.0-0ubuntu1 old: '' qml-module-org-kde-kquickcontrolsaddons: new: 5.18.0-0ubuntu1 old: '' qml-module-qtquick-controls: new: 5.5.1-1ubuntu1 old: '' qml-module-qtquick-dialogs: new: 5.5.1-1ubuntu1 old: '' qml-module-qtquick-privatewidgets: new: 5.5.1-1ubuntu1 old: '' qtscript-abi-5-2-0: new: '1' old: '' qtwayland5: new: 5.5.1-2build1 old: '' sonnet-plugins: new: 5.18.0-0ubuntu1 old: '' comment: 'The following packages were installed/updated: okular' duration: 188578.727 name: okular result: true start_time: '13:25:02.330557' pkg_|-open-iscsi_|-open-iscsi_|-installed: __id__: open-iscsi __run_num__: 131 changes: open-iscsi: new: 2.0.873+git0.3b4b4500-14ubuntu3.3 old: '' comment: 'The following packages were installed/updated: open-iscsi' duration: 50207.993 name: open-iscsi result: true start_time: '13:28:10.915147' pkg_|-openjdk_|-openjdk-7-jdk_|-installed: __id__: openjdk __run_num__: 132 changes: {} comment: Package openjdk-7-jdk is already installed duration: 331.824 name: openjdk-7-jdk result: true start_time: '13:29:01.134528' pkg_|-ophcrack-cli_|-ophcrack-cli_|-installed: __id__: ophcrack-cli __run_num__: 134 changes: ophcrack-cli: new: 3.6.0-2 old: '' comment: 'The following packages were installed/updated: ophcrack-cli' duration: 5459.262 name: ophcrack-cli result: true start_time: '13:29:07.657139' pkg_|-ophcrack_|-ophcrack_|-installed: __id__: ophcrack __run_num__: 133 changes: libqwt5-qt4: new: 5.2.3-1 old: '' ophcrack: new: 3.6.0-2 old: '' comment: 'The following packages were installed/updated: ophcrack' duration: 6184.062 name: ophcrack result: true start_time: '13:29:01.466529' pkg_|-outguess_|-outguess_|-installed: __id__: outguess __run_num__: 135 changes: outguess: new: 1:0.2-7 old: '' comment: 'The following packages were installed/updated: outguess' duration: 5042.03 name: outguess result: true start_time: '13:29:13.122537' pkg_|-p0f_|-p0f_|-installed: __id__: p0f __run_num__: 136 changes: p0f: new: 2.0.8-2 old: '' comment: 'The following packages were installed/updated: p0f' duration: 4345.82 name: p0f result: true start_time: '13:29:18.170057' pkg_|-p7zip-full_|-p7zip-full_|-installed: __id__: p7zip-full __run_num__: 137 changes: p7zip-full: new: 9.20.1~dfsg.1-4.2 old: '' comment: 'The following packages were installed/updated: p7zip-full' duration: 5162.807 name: p7zip-full result: true start_time: '13:29:22.522641' pkg_|-pdftk_|-pdftk_|-installed: __id__: pdftk __run_num__: 138 changes: gcj-5-jre-lib: new: 5.4.0-6ubuntu1~16.04.4 old: '' libgcj-common: new: 1:4.9.3-9ubuntu1 old: '' libgcj16: new: 5.4.0-6ubuntu1~16.04.4 old: '' pdftk: new: 2.02-4 old: '' comment: 'The following packages were installed/updated: pdftk' duration: 12528.989 name: pdftk result: true start_time: '13:29:27.690987' pkg_|-pev_|-pev_|-installed: __id__: pev __run_num__: 139 changes: pev: new: 0.40-1 old: '' comment: 'The following packages were installed/updated: pev' duration: 5003.504 name: pev result: true start_time: '13:29:40.225942' pkg_|-phonon_|-phonon_|-installed: __id__: phonon __run_num__: 140 changes: {} comment: Package phonon is already installed duration: 323.551 name: phonon result: true start_time: '13:29:45.236036' pkg_|-pkg-config_|-pkg-config_|-installed: __id__: pkg-config __run_num__: 141 changes: {} comment: Package pkg-config is already installed duration: 6.337 name: pkg-config result: true start_time: '13:29:45.559778' pkg_|-pv_|-pv_|-installed: __id__: pv __run_num__: 144 changes: pv: new: 1.6.0-1 old: '' comment: 'The following packages were installed/updated: pv' duration: 5801.781 name: pv result: true start_time: '13:30:02.726428' pkg_|-pyew_|-pyew_|-installed: __id__: pyew __run_num__: 145 changes: libdistorm64-1: new: 1.7.30-1 old: '' pyew: new: 2.0-3 old: '' comment: 'The following packages were installed/updated: pyew' duration: 5318.691 name: pyew result: true start_time: '13:30:08.534717' pkg_|-python-dev_|-python-dev_|-installed: __id__: python-dev __run_num__: 147 changes: libexpat-dev: new: '1' old: '' libexpat1-dev: new: 2.1.0-7ubuntu0.16.04.2 old: '' libpython-dev: new: 2.7.11-1 old: '' libpython2.7-dev: new: 2.7.12-1ubuntu0~16.04.1 old: '' python-dev: new: 2.7.11-1 old: '' python-dev:any: new: '1' old: '' python2.7-dev: new: 2.7.12-1ubuntu0~16.04.1 old: '' python2.7-dev:any: new: '1' old: '' comment: 'The following packages were installed/updated: python-dev' duration: 54572.107 name: python-dev result: true start_time: '13:30:14.130957' pkg_|-python-dfvfs_|-python-dfvfs_|-installed: __id__: python-dfvfs __run_num__: 148 changes: libewf: new: 20140608-2ppa1~xenial old: '' libewf-python: new: 20140608-2ppa1~xenial old: '' libfsntfs: new: 20160418-1ppa1~xenial old: '' libfsntfs-python: new: 20160418-1ppa1~xenial old: '' libqcow: new: 20160123-1ppa1~xenial old: '' libqcow-python: new: 20160123-1ppa1~xenial old: '' libsigscan: new: 20160312-1ppa1~xenial old: '' libsigscan-python: new: 20160312-1ppa1~xenial old: '' libsmdev: new: 20160320-1ppa1~xenial old: '' libsmdev-python: new: 20160320-1ppa1~xenial old: '' libsmraw: new: 20160424-1ppa1~xenial old: '' libsmraw-python: new: 20160424-1ppa1~xenial old: '' libvhdi: new: 20160424-1ppa1~xenial old: '' libvhdi-python: new: 20160424-1ppa1~xenial old: '' python-dfvfs: new: '20160108-1ppa1~xenial hold' old: install python-protobuf: new: 2.6.1-1.3 old: '' python-pytsk3: new: 20160721-1ppa1~xenial old: '' comment: '1 targeted package was installed/updated. Package python-dfvfs is now being held.' duration: 14249.286 name: python-dfvfs result: true start_time: '13:31:08.712395' pkg_|-python-flowgrep_|-python-flowgrep_|-installed: __id__: python-flowgrep __run_num__: 149 changes: python-flowgrep: new: 0.9-trusty1 old: '' comment: 'The following packages were installed/updated: python-flowgrep' duration: 4602.209 name: python-flowgrep result: true start_time: '13:31:22.968316' pkg_|-python-fuse_|-python-fuse_|-installed: __id__: python-fuse __run_num__: 150 changes: python-fuse: new: 2:0.2.1-11 old: '' comment: 'The following packages were installed/updated: python-fuse' duration: 4314.038 name: python-fuse result: true start_time: '13:31:27.577277' pkg_|-python-nids_|-python-nids_|-installed: __id__: python-nids __run_num__: 151 changes: python-nids: new: 0.6.1-1.1 old: '' comment: 'The following packages were installed/updated: python-nids' duration: 4326.449 name: python-nids result: true start_time: '13:31:31.898747' pkg_|-python-ntdsxtract_|-python-ntdsxtract_|-installed: __id__: python-ntdsxtract __run_num__: 152 changes: libesedb: new: 20160622-1ppa1~xenial old: '' python-ntdsxtract: new: 1.2-beta-trusty1 old: '' comment: 'The following packages were installed/updated: python-ntdsxtract' duration: 5597.263 name: python-ntdsxtract result: true start_time: '13:31:36.231228' pkg_|-python-pefile_|-python-pefile_|-installed: __id__: python-pefile __run_num__: 153 changes: python-pefile: new: 1.2.10.139-2 old: '' comment: 'The following packages were installed/updated: python-pefile' duration: 5149.659 name: python-pefile result: true start_time: '13:31:41.835143' pkg_|-python-pip_|-python-pip_|-installed: __id__: python-pip __run_num__: 154 changes: libpython-all-dev: new: 2.7.11-1 old: '' python-all: new: 2.7.11-1 old: '' python-all-dev: new: 2.7.11-1 old: '' python-all-dev:any: new: '1' old: '' python-all:any: new: '1' old: '' python-distribute: new: '1' old: '' python-pip: new: 8.1.1-2ubuntu0.4 old: '' python-pip-whl: new: 8.1.1-2ubuntu0.4 old: '' python-setuptools: new: 20.7.0-1 old: '' python-wheel: new: 0.29.0-1 old: '' comment: 'The following packages were installed/updated: python-pip' duration: 8657.815 name: python-pip result: true start_time: '13:31:46.990616' pkg_|-python-plaso_|-python-plaso_|-installed: __id__: python-plaso __run_num__: 155 changes: ipython: new: 2.4.1-1 old: '' libbde: new: 20160731-1ppa1~xenial old: '' libbde-python: new: 20160731-1ppa1~xenial old: '' libesedb-python: new: 20160622-1ppa1~xenial old: '' libevt: new: 20160421-1ppa1~xenial old: '' libevt-python: new: 20160421-1ppa1~xenial old: '' libevtx: new: 20160421-1ppa1~xenial old: '' libevtx-python: new: 20160421-1ppa1~xenial old: '' libfvde: new: 20160801-1ppa1~xenial old: '' libfvde-python: new: 20160801-1ppa1~xenial old: '' libfwsi: new: 20160110-1ppa1~xenial old: '' libfwsi-python: new: 20160110-1ppa1~xenial old: '' liblnk: new: 20160420-1ppa1~xenial old: '' liblnk-python: new: 20160420-1ppa1~xenial old: '' libmsiecf: new: 20160904-1ppa1~xenial old: '' libmsiecf-python: new: 20160904-1ppa1~xenial old: '' libolecf-python: new: 20161113-1ppa1~xenial old: '' libscca: new: 20160108-1ppa1~xenial old: '' libscca-python: new: 20160108-1ppa1~xenial old: '' libvmdk-python: new: 20160119-1ppa1~xenial old: '' python-artifacts: new: 20161022-1ppa1~xenial old: '' python-bencode: new: 1.0-2ppa1~xenial old: '' python-binplist: new: 0.1.5-2ppa1~xenial old: '' python-construct: new: 2.5.3-2ppa1~xenial old: '' python-decorator: new: 4.0.6-1 old: '' python-dfdatetime: new: 20161101-1ppa1~xenial old: '' python-dfwinreg: new: 20160428-1ppa1~xenial old: '' python-dpkt: new: 1.8.r98-0.1 old: '' python-dumbnet: new: 1.12-7 old: '' python-efilter: new: 1.5-1ppa1~xenial old: '' python-funcsigs: new: 0.4-2 old: '' python-hachoir-core: new: 1.3.3-4 old: '' python-hachoir-metadata: new: 1.3.3-2ppa1~xenial old: '' python-hachoir-parser: new: 1.3.4-2ppa1~xenial old: '' python-mock: new: 1.3.0-2.1ubuntu1 old: '' python-pbr: new: 1.8.0-4ubuntu1 old: '' python-pexpect: new: 4.0.1-1 old: '' python-plaso: new: '1.4.0-1ppa3~xenial hold' old: install python-psutil: new: 4.3.1-1ppa1~xenial old: '' python-ptyprocess: new: 0.5-1 old: '' python-pyparsing: new: 2.1.5-1ppa1~xenial old: '' python-simplegeneric: new: 0.8.1-1 old: '' python-tz: new: 2016.6.1-1ppa1~xenial old: '' python-xlsxwriter: new: 0.9.3-1ppa1~xenial old: '' python-yara: new: 3.5.0-1ppa1~xenial old: '' python2.7-construct: new: '1' old: '' python2.7-dumbnet: new: '1' old: '' python2.7-pyparsing: new: '1' old: '' python2.7-yara: new: '1' old: '' comment: '1 targeted package was installed/updated. Package python-plaso is now being held.' duration: 26204.697 name: python-plaso result: true start_time: '13:31:55.660094' pkg_|-python-qt4_|-python-qt4_|-installed: __id__: python-qt4 __run_num__: 158 changes: libqt4-help: new: 4:4.8.7+dfsg-5ubuntu2 old: '' libqt4-scripttools: new: 4:4.8.7+dfsg-5ubuntu2 old: '' libqt4-test: new: 4:4.8.7+dfsg-5ubuntu2 old: '' libqtassistantclient4: new: 4.6.3-7 old: '' python-qt4: new: 4.11.4+dfsg-1build4 old: '' python-sip: new: 4.17+dfsg-1build1 old: '' sip-api-11.0: new: '1' old: '' sip-api-11.1: new: '1' old: '' sip-api-11.2: new: '1' old: '' comment: 'The following packages were installed/updated: python-qt4' duration: 10172.412 name: python-qt4 result: true start_time: '13:32:22.198926' pkg_|-python-software-properties_|-python-software-properties_|-installed: __id__: python-software-properties __run_num__: 0 changes: python-software-properties: new: 0.96.20.7 old: '' comment: 1 targeted package was installed/updated. duration: 7006.71 name: python-software-properties result: true start_time: '13:13:44.352551' pkg_|-python-tk_|-python-tk_|-installed: __id__: python-tk __run_num__: 159 changes: python-tk: new: 2.7.11-2 old: '' python2.7-tk: new: '1' old: '' comment: 'The following packages were installed/updated: python-tk' duration: 4856.694 name: python-tk result: true start_time: '13:32:32.382470' pkg_|-python-virtualenv_|-python-virtualenv_|-installed: __id__: python-virtualenv __run_num__: 160 changes: python-virtualenv: new: 15.0.1+ds-3ubuntu1 old: '' python3-virtualenv: new: 15.0.1+ds-3ubuntu1 old: '' virtualenv: new: 15.0.1+ds-3ubuntu1 old: '' comment: 'The following packages were installed/updated: python-virtualenv' duration: 5719.006 name: python-virtualenv result: true start_time: '13:32:37.244756' pkg_|-python-volatility_|-python-volatility_|-installed: __id__: python-volatility __run_num__: 173 changes: python-volatility: new: 2.6-1-xenial1 old: '' comment: 'The following packages were installed/updated: python-volatility' duration: 8832.061 name: python-volatility result: true start_time: '13:34:05.247844' pkg_|-python-yara_|-python-yara_|-installed: __id__: python-yara __run_num__: 198 changes: {} comment: Package python-yara is already installed duration: 6.193 name: python-yara result: true start_time: '13:34:18.857285' pkg_|-python_|-python_|-installed: __id__: python __run_num__: 146 changes: {} comment: Package python is already installed duration: 271.765 name: python result: true start_time: '13:30:13.859020' pkg_|-pytsk3-removed_|-pytsk3_|-removed: __id__: pytsk3-removed __run_num__: 156 changes: {} comment: All specified packages are already absent duration: 323.571 name: pytsk3 result: true start_time: '13:32:21.869985' pkg_|-pytsk3_|-python-pytsk3_|-installed: __id__: pytsk3 __run_num__: 157 changes: {} comment: Package python-pytsk3 is already installed duration: 4.909 name: python-pytsk3 result: true start_time: '13:32:22.193717' pkg_|-qemu-utils_|-qemu-utils_|-installed: __id__: qemu-utils __run_num__: 200 changes: {} comment: Package qemu-utils is already installed duration: 280.764 name: qemu-utils result: true start_time: '13:35:42.987093' pkg_|-qemu_|-qemu_|-installed: __id__: qemu __run_num__: 199 changes: cpu-checker: new: 0.7-0ubuntu7 old: '' ipxe-qemu: new: 1.0.0+git-20150424.a25a16d-1ubuntu1 old: '' libaio1: new: 0.3.110-2 old: '' libboost-random1.58.0: new: 1.58.0+dfsg-5ubuntu3.1 old: '' libboost-thread1.58.0: new: 1.58.0+dfsg-5ubuntu3.1 old: '' libcacard0: new: 1:2.5.0-2 old: '' libfdt1: new: 1.4.0+dfsg-2 old: '' libiscsi2: new: 1.12.0-2 old: '' librados2: new: 10.2.7-0ubuntu0.16.04.1 old: '' librbd1: new: 10.2.7-0ubuntu0.16.04.1 old: '' libsdl1.2debian: new: 1.2.15+dfsg1-3 old: '' libspice-server1: new: 0.12.6-4ubuntu0.2 old: '' libusbredirparser1: new: 0.7.1-1 old: '' libxen-4.6: new: 4.6.5-0ubuntu1.1 old: '' libxenstore3.0: new: 4.6.5-0ubuntu1.1 old: '' msr-tools: new: 1.3-2 old: '' qemu: new: 1:2.5+dfsg-5ubuntu10.14 old: '' qemu-block-extra: new: 1:2.5+dfsg-5ubuntu10.14 old: '' qemu-keymaps: new: '1' old: '' qemu-slof: new: 20151103+dfsg-1ubuntu1 old: '' qemu-system: new: 1:2.5+dfsg-5ubuntu10.14 old: '' qemu-system-aarch64: new: '1' old: '' qemu-system-alpha: new: '1' old: '' qemu-system-arm: new: 1:2.5+dfsg-5ubuntu10.14 old: '' qemu-system-common: new: 1:2.5+dfsg-5ubuntu10.14 old: '' qemu-system-cris: new: '1' old: '' qemu-system-i386: new: '1' old: '' qemu-system-lm32: new: '1' old: '' qemu-system-m68k: new: '1' old: '' qemu-system-microblaze: new: '1' old: '' qemu-system-microblazeel: new: '1' old: '' qemu-system-mips: new: 1:2.5+dfsg-5ubuntu10.14 old: '' qemu-system-mips64: new: '1' old: '' qemu-system-mips64el: new: '1' old: '' qemu-system-mipsel: new: '1' old: '' qemu-system-misc: new: 1:2.5+dfsg-5ubuntu10.14 old: '' qemu-system-moxie: new: '1' old: '' qemu-system-or32: new: '1' old: '' qemu-system-ppc: new: 1:2.5+dfsg-5ubuntu10.14 old: '' qemu-system-ppc64: new: '1' old: '' qemu-system-ppcemb: new: '1' old: '' qemu-system-sh4: new: '1' old: '' qemu-system-sh4eb: new: '1' old: '' qemu-system-sparc: new: 1:2.5+dfsg-5ubuntu10.14 old: '' qemu-system-sparc64: new: '1' old: '' qemu-system-tricore: new: '1' old: '' qemu-system-unicore32: new: '1' old: '' qemu-system-x86: new: 1:2.5+dfsg-5ubuntu10.14 old: '' qemu-system-x86-64: new: '1' old: '' qemu-system-xtensa: new: '1' old: '' qemu-system-xtensaeb: new: '1' old: '' qemu-user: new: 1:2.5+dfsg-5ubuntu10.14 old: '' qemu-user-binfmt: new: 1:2.5+dfsg-5ubuntu10.14 old: '' qemu-utils: new: 1:2.5+dfsg-5ubuntu10.14 old: '' seabios: new: 1.8.2-1ubuntu1 old: '' sharutils: new: 1:4.15.2-1 old: '' comment: 'The following packages were installed/updated: qemu' duration: 84117.74 name: qemu result: true start_time: '13:34:18.863666' pkg_|-radare2_|-radare2_|-installed: __id__: radare2 __run_num__: 201 changes: libmagic-dev: new: 1:5.25-2ubuntu1 old: '' libradare2-0.9.6: new: 0.9.6-3.1ubuntu1 old: '' libradare2-common: new: 0.9.6-3.1ubuntu1 old: '' libradare2-dev: new: 0.9.6-3.1ubuntu1 old: '' radare2: new: 0.9.6-3.1ubuntu1 old: '' comment: 'The following packages were installed/updated: radare2' duration: 14098.12 name: radare2 result: true start_time: '13:35:43.268048' pkg_|-readpst_|-readpst_|-installed: __id__: readpst __run_num__: 203 changes: libgsf-1-114: new: 1.14.36-1 old: '' libgsf-1-common: new: 1.14.36-1 old: '' libpst4: new: 0.6.59-1ubuntu1 old: '' pst-utils: new: 0.6.59-1ubuntu1 old: '' readpst: new: 0.6.59-1ubuntu1 old: '' comment: 'The following packages were installed/updated: readpst' duration: 6190.733 name: readpst result: true start_time: '13:36:03.343119' pkg_|-rsakeyfind_|-rsakeyfind_|-installed: __id__: rsakeyfind __run_num__: 208 changes: apport: new: 2.20.1-0ubuntu2.9 old: '' apport-gtk: new: 2.20.1-0ubuntu2.9 old: '' core-dump-handler: new: '1' old: '' gnome-control-center-shared-data: new: '1' old: '' gnome-control-center-unity: new: '1' old: '' gtk2.0-binver-2.10.0: new: '1' old: '' libgail-common: new: 2.24.30-1ubuntu1.16.04.1 old: '' libgail18: new: 2.24.30-1ubuntu1.16.04.1 old: '' libgtk2.0-0: new: 2.24.30-1ubuntu1.16.04.1 old: '' libgtk2.0-bin: new: 2.24.30-1ubuntu1.16.04.1 old: '' libgtk2.0-common: new: 2.24.30-1ubuntu1.16.04.1 old: '' libpulse-mainloop-glib0: new: 1:8.0-0ubuntu3.3 old: '' libpulse0: new: 1:8.0-0ubuntu3.3 old: '' libpulsedsp: new: 1:8.0-0ubuntu3.3 old: '' libunity-control-center1: new: 15.04.0+16.04.20170214-0ubuntu1 old: '' pulseaudio: new: 1:8.0-0ubuntu3.3 old: '' pulseaudio-module-bluetooth: new: 1:8.0-0ubuntu3.3 old: '' pulseaudio-module-x11: new: 1:8.0-0ubuntu3.3 old: '' pulseaudio-utils: new: 1:8.0-0ubuntu3.3 old: '' python-dateutil: new: 2.5.3-2ppa1~xenial old: '' python-requests: new: 2.11.1-1ppa1~xenial old: '' python-zmq: new: 16.0.0-1ppa1~xenial old: '' python3-apport: new: 2.20.1-0ubuntu2.9 old: '' python3-problem-report: new: 2.20.1-0ubuntu2.9 old: '' python3-pyparsing: new: 2.1.5-1ppa1~xenial old: '' python3-requests: new: 2.11.1-1ppa1~xenial old: '' rsakeyfind: new: 1:1.0-3 old: '' unity-control-center: new: 15.04.0+16.04.20170214-0ubuntu1 old: '' unity-control-center-datetime: new: '1' old: '' unity-control-center-faces: new: 15.04.0+16.04.20170214-0ubuntu1 old: '' comment: 'The following packages were installed/updated: rsakeyfind' duration: 7773.063 name: rsakeyfind result: true start_time: '13:36:39.499258' pkg_|-safecopy_|-safecopy_|-installed: __id__: safecopy __run_num__: 209 changes: safecopy: new: 1.7-1 old: '' comment: 'The following packages were installed/updated: safecopy' duration: 4577.737 name: safecopy result: true start_time: '13:36:47.283271' pkg_|-samba_|-samba_|-installed: __id__: samba __run_num__: 210 changes: attr: new: 1:2.4.47-2 old: '' python-dnspython: new: 1.12.0-1 old: '' samba: new: 2:4.3.11+dfsg-0ubuntu0.16.04.8 old: '' samba-dsdb-modules: new: 2:4.3.11+dfsg-0ubuntu0.16.04.8 old: '' samba-vfs-modules: new: 2:4.3.11+dfsg-0ubuntu0.16.04.8 old: '' tdb-tools: new: 1.3.8-2 old: '' comment: 'The following packages were installed/updated: samba' duration: 11853.697 name: samba result: true start_time: '13:36:51.867026' pkg_|-samdump2_|-samdump2_|-installed: __id__: samdump2 __run_num__: 211 changes: {} comment: Package samdump2 is already installed duration: 284.698 name: samdump2 result: true start_time: '13:37:03.726137' pkg_|-scalpel_|-scalpel_|-installed: __id__: scalpel __run_num__: 212 changes: scalpel: new: 1.60-3 old: '' comment: 'The following packages were installed/updated: scalpel' duration: 4079.878 name: scalpel result: true start_time: '13:37:04.011008' pkg_|-sift-nikto_|-nikto_|-installed: __id__: sift-nikto __run_num__: 129 changes: libwhisker2-perl: new: 2.5-1 old: '' nikto: new: 1:2.1.5-1 old: '' comment: 'The following packages were installed/updated: nikto' duration: 6949.796 name: nikto result: true start_time: '13:24:55.375089' pkg_|-sift-powershell_|-sift-powershell_|-installed: __id__: sift-powershell __run_num__: 143 changes: powershell: new: 6.0.0-alpha.13-1ubuntu1.16.04.1 old: '' comment: 'The following packages were installed/updated: powershell' duration: 3800.195 name: sift-powershell result: true start_time: '13:29:58.920926' pkg_|-sift-rar_|-rar_|-installed: __id__: sift-rar __run_num__: 202 changes: rar: new: 2:5.3.b2-1 old: '' comment: 'The following packages were installed/updated: rar' duration: 5962.49 name: rar result: true start_time: '13:35:57.373883' pkg_|-sift-regripper_|-regripper_|-installed: __run_num__: 207 __sls__: sift.packages.regripper changes: {} comment: 'One or more requisite failed: sift.packages.wine.sift-wine, sift.packages.wine.sift-wine-apt-update' result: false pkg_|-sift-unrar_|-unrar_|-installed: __id__: sift-unrar __run_num__: 233 changes: unrar: new: 1:5.3.2-1 old: '' comment: 'The following packages were installed/updated: unrar' duration: 4055.14 name: unrar result: true start_time: '13:38:42.341929' pkg_|-sift-wine-apt-update_|-sift-wine-apt-update_|-uptodate: __id__: sift-wine-apt-update __run_num__: 205 changes: apport: new: '' old: 2.20.1-0ubuntu2.5 apport-gtk: new: '' old: 2.20.1-0ubuntu2.5 core-dump-handler: new: '' old: '1' gnome-control-center-shared-data: new: '' old: '1' gnome-control-center-unity: new: '' old: '1' gtk2.0-binver-2.10.0: new: '' old: '1' libgail-common: new: '' old: 2.24.30-1ubuntu1 libgail18: new: '' old: 2.24.30-1ubuntu1 libgtk2.0-0: new: '' old: 2.24.30-1ubuntu1 libgtk2.0-bin: new: '' old: 2.24.30-1ubuntu1 libgtk2.0-common: new: '' old: 2.24.30-1ubuntu1 libpulse-mainloop-glib0: new: '' old: 1:8.0-0ubuntu3.2 libpulse0: new: '' old: 1:8.0-0ubuntu3.2 libpulsedsp: new: '' old: 1:8.0-0ubuntu3.2 libunity-control-center1: new: '' old: 15.04.0+16.04.20160705-0ubuntu1 pulseaudio: new: '' old: 1:8.0-0ubuntu3.2 pulseaudio-module-bluetooth: new: '' old: 1:8.0-0ubuntu3.2 pulseaudio-module-x11: new: '' old: 1:8.0-0ubuntu3.2 pulseaudio-utils: new: '' old: 1:8.0-0ubuntu3.2 python-dateutil: new: '' old: 2.4.2-1 python-requests: new: '' old: 2.9.1-3 python-zmq: new: '' old: 15.2.0-0ubuntu4 python3-apport: new: '' old: 2.20.1-0ubuntu2.5 python3-problem-report: new: '' old: 2.20.1-0ubuntu2.5 python3-pyparsing: new: '' old: 2.0.3+dfsg1-1ubuntu0.1 python3-requests: new: '' old: 2.9.1-3 unity-control-center: new: '' old: 15.04.0+16.04.20160705-0ubuntu1 unity-control-center-datetime: new: '' old: '1' unity-control-center-faces: new: '' old: 15.04.0+16.04.20160705-0ubuntu1 comment: "Problem encountered upgrading packages. Additional info follows:\n\nresult:\n \ ----------\n pid:\n 113644\n retcode:\n 100\n stderr:\n \ Running scope as unit run-rf6a54785bcbe41f49876c4c9a59dc2a1.scope.\n \ E: Sub-process /usr/bin/dpkg returned an error code (1)\n stdout:\n \ Reading package lists...\n Building dependency tree...\n Reading state information...\n Calculating upgrade...\n The following packages were automatically installed and are no longer required:\n libsodium18 libzmq5 python-cffi-backend python-chardet python-cryptography\n python-enum34 python-idna python-ipaddress python-ndg-httpsclient\n python-openssl python-pyasn1 python-urllib3 snap-confine\n Use 'sudo apt autoremove' to remove them.\n The following packages have been kept back:\n python-dfvfs python-plaso\n The following packages will be upgraded:\n apport apport-gtk libgail-common libgail18 libgtk2.0-0 libgtk2.0-bin\n libgtk2.0-common libpulse-mainloop-glib0 libpulse0 libpulsedsp\n libunity-control-center1 pulseaudio pulseaudio-module-bluetooth\n pulseaudio-module-x11 pulseaudio-utils python-dateutil python-requests\n python-zmq python3-apport python3-problem-report python3-pyparsing\n python3-requests python3-xlsxwriter unity-control-center\n \ unity-control-center-faces\n 25 upgraded, 0 newly installed, 0 to remove and 2 not upgraded.\n Need to get 5983 kB of archives.\n \ After this operation, 2961 kB of additional disk space will be used.\n \ Get:1 http://ppa.launchpad.net/gift/stable/ubuntu xenial/main amd64 python-dateutil amd64 2.5.3-2ppa1~xenial [189 kB]\n Get:2 http://us.archive.ubuntu.com/ubuntu xenial-updates/main amd64 python3-problem-report all 2.20.1-0ubuntu2.9 [9786 B]\n Get:3 http://us.archive.ubuntu.com/ubuntu xenial-updates/main amd64 python3-apport all 2.20.1-0ubuntu2.9 [79.5 kB]\n Get:4 http://ppa.launchpad.net/gift/stable/ubuntu xenial/main amd64 python-requests all 2.11.1-1ppa1~xenial [356 kB]\n Get:5 http://us.archive.ubuntu.com/ubuntu xenial-updates/main amd64 apport all 2.20.1-0ubuntu2.9 [120 kB]\n Get:6 http://us.archive.ubuntu.com/ubuntu xenial-updates/main amd64 apport-gtk all 2.20.1-0ubuntu2.9 [9514 B]\n Get:7 http://us.archive.ubuntu.com/ubuntu xenial-updates/main amd64 libgtk2.0-common all 2.24.30-1ubuntu1.16.04.1 [123 kB]\n Get:8 http://ppa.launchpad.net/gift/stable/ubuntu xenial/main amd64 python-zmq amd64 16.0.0-1ppa1~xenial [396 kB]\n Get:9 http://us.archive.ubuntu.com/ubuntu xenial-updates/main amd64 libgtk2.0-bin amd64 2.24.30-1ubuntu1.16.04.1 [9826 B]\n Get:10 http://us.archive.ubuntu.com/ubuntu xenial-updates/main amd64 libgail-common amd64 2.24.30-1ubuntu1.16.04.1 [111 kB]\n Get:11 http://us.archive.ubuntu.com/ubuntu xenial-updates/main amd64 libgail18 amd64 2.24.30-1ubuntu1.16.04.1 [14.2 kB]\n \ Get:12 http://ppa.launchpad.net/gift/stable/ubuntu xenial/main amd64 python3-pyparsing all 2.1.5-1ppa1~xenial [69.7 kB]\n Get:13 http://ppa.launchpad.net/gift/stable/ubuntu xenial/main amd64 python3-requests all 2.11.1-1ppa1~xenial [356 kB]\n Get:14 http://us.archive.ubuntu.com/ubuntu xenial-updates/main amd64 libgtk2.0-0 amd64 2.24.30-1ubuntu1.16.04.1 [1776 kB]\n Get:15 http://ppa.launchpad.net/gift/stable/ubuntu xenial/main amd64 python3-xlsxwriter all 0.9.3-1ppa1~xenial [96.0 kB]\n Get:16 http://us.archive.ubuntu.com/ubuntu xenial-updates/main amd64 libpulsedsp amd64 1:8.0-0ubuntu3.3 [21.1 kB]\n Get:17 http://us.archive.ubuntu.com/ubuntu xenial-updates/main amd64 pulseaudio-utils amd64 1:8.0-0ubuntu3.3 [50.9 kB]\n \ Get:18 http://us.archive.ubuntu.com/ubuntu xenial-updates/main amd64 pulseaudio-module-x11 amd64 1:8.0-0ubuntu3.3 [15.9 kB]\n Get:19 http://us.archive.ubuntu.com/ubuntu xenial-updates/main amd64 pulseaudio-module-bluetooth amd64 1:8.0-0ubuntu3.3 [58.5 kB]\n Get:20 http://us.archive.ubuntu.com/ubuntu xenial-updates/main amd64 pulseaudio amd64 1:8.0-0ubuntu3.3 [767 kB]\n Get:21 http://us.archive.ubuntu.com/ubuntu xenial-updates/main amd64 libpulse-mainloop-glib0 amd64 1:8.0-0ubuntu3.3 [11.5 kB]\n Get:22 http://us.archive.ubuntu.com/ubuntu xenial-updates/main amd64 libpulse0 amd64 1:8.0-0ubuntu3.3 [249 kB]\n Get:23 http://us.archive.ubuntu.com/ubuntu xenial-updates/main amd64 libunity-control-center1 amd64 15.04.0+16.04.20170214-0ubuntu1 [81.1 kB]\n Get:24 http://us.archive.ubuntu.com/ubuntu xenial-updates/main amd64 unity-control-center amd64 15.04.0+16.04.20170214-0ubuntu1 [834 kB]\n \ Get:25 http://us.archive.ubuntu.com/ubuntu xenial-updates/main amd64 unity-control-center-faces all 15.04.0+16.04.20170214-0ubuntu1 [180 kB]\n Fetched 5983 kB in 8s (701 kB/s)\n (Reading database ... \n (Reading database ... 5%\n (Reading database ... 10%\n (Reading database ... 15%\n \ (Reading database ... 20%\n (Reading database ... 25%\n (Reading database ... 30%\n (Reading database ... 35%\n (Reading database ... 40%\n (Reading database ... 45%\n (Reading database ... 50%\n \ (Reading database ... 55%\n (Reading database ... 60%\n (Reading database ... 65%\n (Reading database ... 70%\n (Reading database ... 75%\n (Reading database ... 80%\n (Reading database ... 85%\n \ (Reading database ... 90%\n (Reading database ... 95%\n (Reading database ... 100%\n (Reading database ... 254239 files and directories currently installed.)\n Preparing to unpack .../python3-problem-report_2.20.1-0ubuntu2.9_all.deb ...\n Unpacking python3-problem-report (2.20.1-0ubuntu2.9) over (2.20.1-0ubuntu2.5) ...\n Preparing to unpack .../python3-apport_2.20.1-0ubuntu2.9_all.deb ...\n Unpacking python3-apport (2.20.1-0ubuntu2.9) over (2.20.1-0ubuntu2.5) ...\n Preparing to unpack .../apport_2.20.1-0ubuntu2.9_all.deb ...\n \ Unpacking apport (2.20.1-0ubuntu2.9) over (2.20.1-0ubuntu2.5) ...\n \ Preparing to unpack .../apport-gtk_2.20.1-0ubuntu2.9_all.deb ...\n Unpacking apport-gtk (2.20.1-0ubuntu2.9) over (2.20.1-0ubuntu2.5) ...\n Preparing to unpack .../libgtk2.0-common_2.24.30-1ubuntu1.16.04.1_all.deb ...\n Unpacking libgtk2.0-common (2.24.30-1ubuntu1.16.04.1) over (2.24.30-1ubuntu1) ...\n Preparing to unpack .../libgtk2.0-bin_2.24.30-1ubuntu1.16.04.1_amd64.deb ...\n Unpacking libgtk2.0-bin (2.24.30-1ubuntu1.16.04.1) over (2.24.30-1ubuntu1) ...\n Preparing to unpack .../libgail-common_2.24.30-1ubuntu1.16.04.1_amd64.deb ...\n Unpacking libgail-common:amd64 (2.24.30-1ubuntu1.16.04.1) over (2.24.30-1ubuntu1) ...\n \ Preparing to unpack .../libgail18_2.24.30-1ubuntu1.16.04.1_amd64.deb ...\n Unpacking libgail18:amd64 (2.24.30-1ubuntu1.16.04.1) over (2.24.30-1ubuntu1) ...\n Preparing to unpack .../libgtk2.0-0_2.24.30-1ubuntu1.16.04.1_amd64.deb ...\n Unpacking libgtk2.0-0:amd64 (2.24.30-1ubuntu1.16.04.1) over (2.24.30-1ubuntu1) ...\n Preparing to unpack .../libpulsedsp_1%3a8.0-0ubuntu3.3_amd64.deb ...\n Unpacking libpulsedsp:amd64 (1:8.0-0ubuntu3.3) over (1:8.0-0ubuntu3.2) ...\n Preparing to unpack .../pulseaudio-utils_1%3a8.0-0ubuntu3.3_amd64.deb ...\n Unpacking pulseaudio-utils (1:8.0-0ubuntu3.3) over (1:8.0-0ubuntu3.2) ...\n Preparing to unpack .../pulseaudio-module-x11_1%3a8.0-0ubuntu3.3_amd64.deb ...\n Unpacking pulseaudio-module-x11 (1:8.0-0ubuntu3.3) over (1:8.0-0ubuntu3.2) ...\n Preparing to unpack .../pulseaudio-module-bluetooth_1%3a8.0-0ubuntu3.3_amd64.deb ...\n Unpacking pulseaudio-module-bluetooth (1:8.0-0ubuntu3.3) over (1:8.0-0ubuntu3.2) ...\n Preparing to unpack .../pulseaudio_1%3a8.0-0ubuntu3.3_amd64.deb ...\n Unpacking pulseaudio (1:8.0-0ubuntu3.3) over (1:8.0-0ubuntu3.2) ...\n Preparing to unpack .../libpulse-mainloop-glib0_1%3a8.0-0ubuntu3.3_amd64.deb ...\n Unpacking libpulse-mainloop-glib0:amd64 (1:8.0-0ubuntu3.3) over (1:8.0-0ubuntu3.2) ...\n Preparing to unpack .../libpulse0_1%3a8.0-0ubuntu3.3_amd64.deb ...\n Unpacking libpulse0:amd64 (1:8.0-0ubuntu3.3) over (1:8.0-0ubuntu3.2) ...\n Preparing to unpack .../libunity-control-center1_15.04.0+16.04.20170214-0ubuntu1_amd64.deb ...\n Unpacking libunity-control-center1 (15.04.0+16.04.20170214-0ubuntu1) over (15.04.0+16.04.20160705-0ubuntu1) ...\n Preparing to unpack .../unity-control-center_15.04.0+16.04.20170214-0ubuntu1_amd64.deb ...\n Unpacking unity-control-center (15.04.0+16.04.20170214-0ubuntu1) over (15.04.0+16.04.20160705-0ubuntu1) ...\n Preparing to unpack .../unity-control-center-faces_15.04.0+16.04.20170214-0ubuntu1_all.deb ...\n Unpacking unity-control-center-faces (15.04.0+16.04.20170214-0ubuntu1) over (15.04.0+16.04.20160705-0ubuntu1) ...\n Preparing to unpack .../python-dateutil_2.5.3-2ppa1~xenial_amd64.deb ...\n Unpacking python-dateutil (2.5.3-2ppa1~xenial) over (2.4.2-1) ...\n \ Preparing to unpack .../python-requests_2.11.1-1ppa1~xenial_all.deb ...\n Unpacking python-requests (2.11.1-1ppa1~xenial) over (2.9.1-3) ...\n Preparing to unpack .../python-zmq_16.0.0-1ppa1~xenial_amd64.deb ...\n Unpacking python-zmq (16.0.0-1ppa1~xenial) over (15.2.0-0ubuntu4) ...\n Preparing to unpack .../python3-pyparsing_2.1.5-1ppa1~xenial_all.deb ...\n Unpacking python3-pyparsing (2.1.5-1ppa1~xenial) over (2.0.3+dfsg1-1ubuntu0.1) ...\n Preparing to unpack .../python3-requests_2.11.1-1ppa1~xenial_all.deb ...\n Unpacking python3-requests (2.11.1-1ppa1~xenial) over (2.9.1-3) ...\n Preparing to unpack .../python3-xlsxwriter_0.9.3-1ppa1~xenial_all.deb ...\n Unpacking python3-xlsxwriter (0.9.3-1ppa1~xenial) over (0.7.3-1) ...\n dpkg: error processing archive /var/cache/apt/archives/python3-xlsxwriter_0.9.3-1ppa1~xenial_all.deb (--unpack):\n trying to overwrite '/usr/bin/vba_extract.py', which is also in package python-xlsxwriter 0.9.3-1ppa1~xenial\n dpkg-deb: error: subprocess paste was killed by signal (Broken pipe)\n Processing triggers for ureadahead (0.100.0-19) ...\n Processing triggers for systemd (229-4ubuntu17) ...\n Processing triggers for shared-mime-info (1.5-2ubuntu0.1) ...\n \ Unknown media type in type 'all/all'\n Unknown media type in type 'all/allfiles'\n Processing triggers for hicolor-icon-theme (0.15-0ubuntu1) ...\n Processing triggers for man-db (2.7.5-1) ...\n Processing triggers for desktop-file-utils (0.22-1ubuntu5.1) ...\n Processing triggers for gnome-menus (3.13.3-6ubuntu3.1) ...\n Processing triggers for bamfdaemon (0.5.3~bzr0+16.04.20160824-0ubuntu1) ...\n Rebuilding /usr/share/applications/bamf-2.index...\n \ Processing triggers for mime-support (3.59ubuntu1) ...\n Processing triggers for libc-bin (2.23-0ubuntu9) ...\n /sbin/ldconfig.real: /usr/lib/libpff.so.1 is not a symbolic link\n \n Processing triggers for dbus (1.10.6-1ubuntu3.3) ...\n Errors were encountered while processing:\n /var/cache/apt/archives/python3-xlsxwriter_0.9.3-1ppa1~xenial_all.deb" duration: 29919.272 name: sift-wine-apt-update result: false start_time: '13:36:09.567239' pkg_|-sift-wine_|-wine_|-installed: __run_num__: 206 __sls__: sift.packages.wine changes: {} comment: 'One or more requisite failed: sift.packages.wine.sift-wine-apt-update' result: false pkg_|-sleuthkit_|-sleuthkit_|-installed: __id__: sleuthkit __run_num__: 213 changes: {} comment: Package sleuthkit is already installed duration: 429.825 name: sleuthkit result: true start_time: '13:37:08.098111' pkg_|-socat_|-socat_|-installed: __id__: socat __run_num__: 214 changes: socat: new: 1.7.3.1-1 old: '' comment: 'The following packages were installed/updated: socat' duration: 5103.763 name: socat result: true start_time: '13:37:08.528164' pkg_|-ssdeep_|-ssdeep_|-installed: __id__: ssdeep __run_num__: 215 changes: ssdeep: new: 2.13-2 old: '' comment: 'The following packages were installed/updated: ssdeep' duration: 4346.296 name: ssdeep result: true start_time: '13:37:13.637785' pkg_|-ssldump_|-ssldump_|-installed: __id__: ssldump __run_num__: 216 changes: ssldump: new: 0.9b3-4.1ubuntu1 old: '' comment: 'The following packages were installed/updated: ssldump' duration: 4731.971 name: ssldump result: true start_time: '13:37:17.989990' pkg_|-sslsniff_|-sslsniff_|-installed: __id__: sslsniff __run_num__: 217 changes: liblog4cpp5v5: new: 1.0-4.1 old: '' sslsniff: new: 0.8-4.2build1 old: '' comment: 'The following packages were installed/updated: sslsniff' duration: 9960.382 name: sslsniff result: true start_time: '13:37:22.727673' pkg_|-stunnel4_|-stunnel4_|-installed: __id__: stunnel4 __run_num__: 218 changes: stunnel: new: '1' old: '' stunnel4: new: 3:5.30-1 old: '' comment: 'The following packages were installed/updated: stunnel4' duration: 6348.075 name: stunnel4 result: true start_time: '13:37:32.698679' pkg_|-system-config-samba_|-system-config-samba_|-installed: __id__: system-config-samba __run_num__: 219 changes: libuser1: new: 1:0.60~dfsg-1.2 old: '' python-cairo: new: 1.8.8-2 old: '' python-glade2: new: 2.24.0-4ubuntu1 old: '' python-gobject-2: new: 2.28.6-12ubuntu1 old: '' python-gtk2: new: 2.24.0-4ubuntu1 old: '' python-libuser: new: 1:0.60~dfsg-1.2 old: '' python2.7-cairo: new: '1' old: '' python2.7-gobject: new: '1' old: '' python2.7-gobject-2: new: '1' old: '' python2.7-libuser: new: '1' old: '' system-config-samba: new: 1.2.63-0ubuntu6 old: '' comment: 'The following packages were installed/updated: system-config-samba' duration: 8269.1 name: system-config-samba result: true start_time: '13:37:39.052049' pkg_|-tcl_|-tcl_|-installed: __id__: tcl __run_num__: 220 changes: {} comment: Package tcl is already installed duration: 283.305 name: tcl result: true start_time: '13:37:47.327201' pkg_|-tcpflow_|-tcpflow_|-installed: __id__: tcpflow __run_num__: 221 changes: libhttp-parser2.1: new: 2.1-2 old: '' tcpflow: new: 1.4.5+repack1-1 old: '' comment: 'The following packages were installed/updated: tcpflow' duration: 4700.376 name: tcpflow result: true start_time: '13:37:47.610669' pkg_|-tcpick_|-tcpick_|-installed: __id__: tcpick __run_num__: 222 changes: tcpick: new: 0.2.1-6.1 old: '' comment: 'The following packages were installed/updated: tcpick' duration: 4155.083 name: tcpick result: true start_time: '13:37:52.317127' pkg_|-tcpreplay_|-tcpreplay_|-installed: __id__: tcpreplay __run_num__: 223 changes: tcpreplay: new: 3.4.4-2 old: '' comment: 'The following packages were installed/updated: tcpreplay' duration: 7444.894 name: tcpreplay result: true start_time: '13:37:56.477995' pkg_|-tcpslice_|-tcpslice_|-installed: __id__: tcpslice __run_num__: 224 changes: tcpslice: new: 1.2a3-4 old: '' comment: 'The following packages were installed/updated: tcpslice' duration: 4726.626 name: tcpslice result: true start_time: '13:38:03.928446' pkg_|-tcpstat_|-tcpstat_|-installed: __id__: tcpstat __run_num__: 225 changes: tcpstat: new: 1.5-8 old: '' comment: 'The following packages were installed/updated: tcpstat' duration: 4121.402 name: tcpstat result: true start_time: '13:38:08.660296' pkg_|-tcptrace_|-tcptrace_|-installed: __id__: tcptrace __run_num__: 226 changes: tcptrace: new: 6.6.7-4.1 old: '' xplot-xplot.org: new: 0.90.7.1-2 old: '' comment: 'The following packages were installed/updated: tcptrace' duration: 5723.822 name: tcptrace result: true start_time: '13:38:12.787510' pkg_|-tcptrack_|-tcptrack_|-installed: __id__: tcptrack __run_num__: 227 changes: tcptrack: new: 1.4.2-2 old: '' comment: 'The following packages were installed/updated: tcptrack' duration: 4634.418 name: tcptrack result: true start_time: '13:38:18.517411' pkg_|-tcpxtract_|-tcpxtract_|-installed: __id__: tcpxtract __run_num__: 228 changes: tcpxtract: new: 1.0.1-9 old: '' comment: 'The following packages were installed/updated: tcpxtract' duration: 4744.047 name: tcpxtract result: true start_time: '13:38:23.158312' pkg_|-testdisk_|-testdisk_|-installed: __id__: testdisk __run_num__: 229 changes: testdisk: new: 7.0-1 old: '' comment: 'The following packages were installed/updated: testdisk' duration: 5011.253 name: testdisk result: true start_time: '13:38:27.908535' pkg_|-tofrodos_|-tofrodos_|-installed: __id__: tofrodos __run_num__: 230 changes: tofrodos: new: 1.7.13+ds-2ubuntu1 old: '' comment: 'The following packages were installed/updated: tofrodos' duration: 4877.152 name: tofrodos result: true start_time: '13:38:32.927813' pkg_|-transmission_|-transmission_|-installed: __id__: transmission __run_num__: 231 changes: transmission: new: 2.84-3ubuntu3 old: '' comment: 'The following packages were installed/updated: transmission' duration: 4213.485 name: transmission result: true start_time: '13:38:37.811371' pkg_|-unity-control-center_|-unity-control-center_|-installed: __id__: unity-control-center __run_num__: 232 changes: {} comment: Package unity-control-center is already installed duration: 309.428 name: unity-control-center result: true start_time: '13:38:42.030924' pkg_|-unity-webapps-common_|-unity-webapps-common_|-removed: __id__: unity-webapps-common __run_num__: 14 changes: unity-webapps-common: new: '' old: 2.4.17+15.10.20150616-0ubuntu2 comment: All targeted packages were removed. duration: 3121.083 name: unity-webapps-common result: true start_time: '13:15:20.075173' pkg_|-upx-ucl_|-upx-ucl_|-installed: __id__: upx-ucl __run_num__: 234 changes: libucl1: new: 1.03+repack-3 old: '' upx: new: '1' old: '' upx-ucl: new: 3.91-1 old: '' comment: 'The following packages were installed/updated: upx-ucl' duration: 5165.268 name: upx-ucl result: true start_time: '13:38:46.403119' pkg_|-vbindiff_|-vbindiff_|-installed: __id__: vbindiff __run_num__: 235 changes: vbindiff: new: 3.0-beta4-1build1 old: '' comment: 'The following packages were installed/updated: vbindiff' duration: 4529.428 name: vbindiff result: true start_time: '13:38:51.575378' pkg_|-vim_|-vim_|-installed: __id__: vim __run_num__: 236 changes: vim: new: 2:7.4.1689-3ubuntu1.2 old: '' vim-runtime: new: 2:7.4.1689-3ubuntu1.2 old: '' comment: 'The following packages were installed/updated: vim' duration: 19125.095 name: vim result: true start_time: '13:38:56.111475' pkg_|-virtuoso-minimal_|-virtuoso-minimal_|-installed: __id__: virtuoso-minimal __run_num__: 237 changes: libvirtodbc0: new: 6.1.6+repack-0ubuntu5 old: '' odbcinst: new: 2.3.1-4.1 old: '' odbcinst1debian2: new: 2.3.1-4.1 old: '' virtuoso-minimal: new: 6.1.6+repack-0ubuntu5 old: '' virtuoso-opensource-6.1-bin: new: 6.1.6+repack-0ubuntu5 old: '' virtuoso-opensource-6.1-common: new: 6.1.6+repack-0ubuntu5 old: '' comment: 'The following packages were installed/updated: virtuoso-minimal' duration: 9262.545 name: virtuoso-minimal result: true start_time: '13:39:15.241251' pkg_|-vmfs-tools_|-vmfs-tools_|-installed: __id__: vmfs-tools __run_num__: 238 changes: vmfs-tools: new: 0.2.5-1 old: '' comment: 'The following packages were installed/updated: vmfs-tools' duration: 3616.373 name: vmfs-tools result: true start_time: '13:39:24.508765' pkg_|-winbind_|-winbind_|-installed: __id__: winbind __run_num__: 239 changes: winbind: new: 2:4.3.11+dfsg-0ubuntu0.16.04.8 old: '' comment: 'The following packages were installed/updated: winbind' duration: 4963.173 name: winbind result: true start_time: '13:39:28.129780' pkg_|-wireshark_|-wireshark_|-installed: __id__: wireshark __run_num__: 240 changes: geoip-database-extra: new: 20160408-1 old: '' libc-ares2: new: 1.10.0-3ubuntu0.1 old: '' libjs-openlayers: new: 2.13.1+ds2-2 old: '' libnghttp2-14: new: 1.7.1-1 old: '' libqgsttools-p1: new: 5.5.1-4ubuntu2 old: '' libqt5multimedia5-plugins: new: 5.5.1-4ubuntu2 old: '' libqt5multimediawidgets5: new: 5.5.1-4ubuntu2 old: '' libsmi2ldbl: new: 0.4.8+dfsg2-11 old: '' libwireshark-data: new: 2.2.6+g32dac6a-2ubuntu0.16.04 old: '' libwireshark8: new: 2.2.6+g32dac6a-2ubuntu0.16.04 old: '' libwiretap6: new: 2.2.6+g32dac6a-2ubuntu0.16.04 old: '' libwscodecs1: new: 2.2.6+g32dac6a-2ubuntu0.16.04 old: '' libwsutil7: new: 2.2.6+g32dac6a-2ubuntu0.16.04 old: '' wireshark: new: 2.2.6+g32dac6a-2ubuntu0.16.04 old: '' wireshark-common: new: 2.2.6+g32dac6a-2ubuntu0.16.04 old: '' wireshark-qt: new: 2.2.6+g32dac6a-2ubuntu0.16.04 old: '' comment: 'The following packages were installed/updated: wireshark' duration: 64839.135 name: wireshark result: true start_time: '13:39:33.097396' pkg_|-xdot_|-xdot_|-installed: __id__: xdot __run_num__: 241 changes: graphviz: new: 2.38.0-12ubuntu2.1 old: '' libcdt5: new: 2.38.0-12ubuntu2.1 old: '' libcgraph6: new: 2.38.0-12ubuntu2.1 old: '' libgvc6: new: 2.38.0-12ubuntu2.1 old: '' libgvpr2: new: 2.38.0-12ubuntu2.1 old: '' libpathplan4: new: 2.38.0-12ubuntu2.1 old: '' xdot: new: 0.6-3 old: '' comment: 'The following packages were installed/updated: xdot' duration: 7006.455 name: xdot result: true start_time: '13:40:37.942120' pkg_|-xfsprogs_|-xfsprogs_|-installed: __id__: xfsprogs __run_num__: 242 changes: fsck-backend: new: '1' old: '' libreadline5: new: 5.2+dfsg-3build1 old: '' xfsprogs: new: 4.3.0+nmu1ubuntu1 old: '' comment: 'The following packages were installed/updated: xfsprogs' duration: 14320.825 name: xfsprogs result: true start_time: '13:40:44.954189' pkg_|-xmount_|-xmount_|-installed: __id__: xmount __run_num__: 243 changes: xmount: new: 0.7.3-1build1 old: '' comment: 'The following packages were installed/updated: xmount' duration: 3409.312 name: xmount result: true start_time: '13:40:59.279587' pkg_|-xpdf_|-xpdf_|-installed: __id__: xpdf __run_num__: 244 changes: gsfonts-x11: new: '0.24' old: '' libmotif-common: new: 2.3.4-10 old: '' libxm4: new: 2.3.4-10 old: '' xpdf: new: 3.04-1ubuntu1 old: '' comment: 'The following packages were installed/updated: xpdf' duration: 6113.461 name: xpdf result: true start_time: '13:41:02.694646' pkg_|-zenity_|-zenity_|-installed: __id__: zenity __run_num__: 245 changes: {} comment: Package zenity is already installed duration: 331.789 name: zenity result: true start_time: '13:41:08.813084' pkgrepo_|-openjdk-repo_|-openjdk-repo_|-managed: __id__: openjdk-repo __run_num__: 7 changes: repo: ppa:openjdk-r/ppa comment: Configured package repo 'openjdk-repo' duration: 9250.904 name: openjdk-repo result: true start_time: '13:14:20.173685' pkgrepo_|-sift-dev_|-sift-dev_|-absent: __id__: sift-dev __run_num__: 5 changes: {} comment: Package repo ppa:sift/dev is absent duration: 566.82 name: sift-dev result: true start_time: '13:14:10.143281' pkgrepo_|-sift-docker-repo_|-deb https://apt.dockerproject.org/repo ubuntu-xenial main_|-managed: __id__: sift-docker-repo __run_num__: 2 changes: repo: deb https://apt.dockerproject.org/repo ubuntu-xenial main comment: Configured package repo 'deb https://apt.dockerproject.org/repo ubuntu-xenial main' duration: 8108.019 name: deb https://apt.dockerproject.org/repo ubuntu-xenial main result: true start_time: '13:13:51.756813' pkgrepo_|-sift-gift-dev_|-sift-gift-dev_|-absent: __id__: sift-gift-dev __run_num__: 3 changes: {} comment: Package repo ppa:gift/dev is absent duration: 628.638 name: sift-gift-dev result: true start_time: '13:13:59.865239' pkgrepo_|-sift-gift-repo_|-gift_|-managed: __id__: sift-gift-repo __run_num__: 4 changes: repo: ppa:gift/stable comment: Configured package repo 'gift' duration: 9642.699 name: gift result: true start_time: '13:14:00.500412' pkgrepo_|-sift-multiverse-repo-security_|-deb http://archive.ubuntu.com/ubuntu/ xenial-security multiverse_|-managed: __id__: sift-multiverse-repo-security __run_num__: 9 changes: repo: deb http://archive.ubuntu.com/ubuntu xenial-security multiverse comment: Configured package repo 'deb http://archive.ubuntu.com/ubuntu/ xenial-security multiverse' duration: 8901.786 name: deb http://archive.ubuntu.com/ubuntu/ xenial-security multiverse result: true start_time: '13:14:39.193185' pkgrepo_|-sift-multiverse-repo_|-deb http://archive.ubuntu.com/ubuntu/ xenial multiverse_|-managed: __id__: sift-multiverse-repo __run_num__: 8 changes: repo: deb http://archive.ubuntu.com/ubuntu xenial multiverse comment: Configured package repo 'deb http://archive.ubuntu.com/ubuntu/ xenial multiverse' duration: 9768.105 name: deb http://archive.ubuntu.com/ubuntu/ xenial multiverse result: true start_time: '13:14:29.424864' pkgrepo_|-sift-repo_|-sift-repo_|-managed: __id__: sift-repo __run_num__: 6 changes: repo: ppa:sift/stable comment: Configured package repo 'sift-repo' duration: 9454.37 name: sift-repo result: true start_time: '13:14:10.716194' pkgrepo_|-sift-universe-repo_|-deb http://archive.ubuntu.com/ubuntu/ xenial universe_|-managed: __id__: sift-universe-repo __run_num__: 10 changes: repo: deb http://archive.ubuntu.com/ubuntu xenial universe comment: Configured package repo 'deb http://archive.ubuntu.com/ubuntu/ xenial universe' duration: 31955.347 name: deb http://archive.ubuntu.com/ubuntu/ xenial universe result: true start_time: '13:14:48.096237' service_|-salt-minion_|-salt-minion_|-dead: __id__: salt-minion __run_num__: 490 changes: salt-minion: true comment: Service salt-minion has been disabled, and is dead duration: 1254.11 name: salt-minion result: true start_time: '11:46:36.875895' service_|-samba-service-nmbd_|-nmbd_|-running: __id__: samba-service-nmbd __run_num__: 496 changes: nmbd: true comment: Service restarted duration: 1486.031 name: nmbd result: true start_time: '11:46:40.230464' service_|-samba-service-smbd_|-smbd_|-running: __id__: samba-service-smbd __run_num__: 494 changes: smbd: true comment: Service restarted duration: 1462.323 name: smbd result: true start_time: '11:46:38.651433' test_|-sift-config-user_|-sift-config-user_|-nop: __id__: sift-config-user __run_num__: 443 changes: {} comment: Success! duration: 1.212 name: sift-config-user result: true start_time: '13:46:36.260522' test_|-sift-config_|-sift-config_|-nop: __id__: sift-config __run_num__: 497 changes: {} comment: Success! duration: 0.906 name: sift-config result: true start_time: '11:46:41.733409' test_|-sift-packages_|-sift-packages_|-nop: __run_num__: 246 __sls__: sift.packages changes: {} comment: 'One or more requisite failed: sift.packages.gawk.gawk, sift.packages.kdiff3.kdiff3, sift.packages.ipython.ipython, sift.packages.kpartx.kpartx, sift.packages.exfat-fuse.exfat-fuse, sift.packages.libmsiecf.libmsiecf, sift.packages.flasm.flasm, sift.packages.fdupes.fdupes, sift.packages.python-volatility.python-volatility-remove-LoicJaquement-Haystack, sift.packages.dumbpig.dumbpig, sift.packages.libevt.libevt, sift.packages.etherape.etherape, sift.packages.hydra.hydra, sift.packages.regripper.sift-regripper, sift.packages.wine.sift-wine-apt-update, sift.packages.libesedb.libesedb, sift.packages.e2fslibs-dev.e2fslibs-dev, sift.packages.extundelete.extundelete, sift.packages.libafflib-dev.libafflib-dev, sift.packages.libevt-tools.libevt-tools, sift.packages.jq.jq, sift.packages.libevtx.libevtx, sift.packages.foremost.foremost, sift.packages.driftnet.driftnet, sift.packages.ent.ent, sift.packages.libfvde-tools.libfvde-tools, sift.packages.exif.exif, sift.packages.wine.sift-wine, sift.packages.ettercap-graphical.ettercap-graphical, sift.packages.libewf-python.libewf-python, sift.packages.hydra-gtk.hydra-gtk, sift.packages.libewf-tools.libewf-tools, sift.packages.knocker.knocker, sift.packages.libesedb-tools.libesedb-tools, sift.packages.epic5.epic5, sift.packages.libevtx-tools.libevtx-tools, sift.packages.hexedit.hexedit, sift.packages.feh.feh, sift.packages.libbde-tools.libbde-tools, sift.packages.htop.htop, sift.packages.libfuse-dev.libfuse-dev, sift.packages.libfvde.libfvde, sift.packages.lft.lft, sift.packages.exfat-utils.exfat-utils, sift.packages.libbde.libbde, sift.packages.gddrescue.gddrescue, sift.packages.gzrt.gzrt, sift.packages.ghex.ghex, sift.packages.dsniff.dsniff, sift.packages.graphviz.graphviz, sift.packages.gthumb.gthumb, sift.packages.libffi-dev.libffi-dev, sift.packages.libewf.libewf' result: false test_|-sift-python-packages_|-sift-python-packages_|-nop: __run_num__: 267 __sls__: sift.python-packages changes: {} comment: 'One or more requisite failed: sift.python-packages.timesketch.timesketch' result: false test_|-sift-repos_|-sift-repos_|-nop: __id__: sift-repos __run_num__: 12 changes: {} comment: Success! duration: 0.5 name: sift-repos result: true start_time: '13:15:20.064041' test_|-sift-scripts_|-sift-scripts_|-nop: __id__: sift-scripts __run_num__: 422 changes: {} comment: Success! duration: 0.934 name: sift-scripts result: true start_time: '13:46:35.618205' test_|-sift-tools_|-sift-tools_|-nop: __id__: sift-tools __run_num__: 272 changes: {} comment: Success! duration: 0.675 name: sift-tools result: true start_time: '13:46:14.735913' test_|-ubuntutweak_|-ubuntutweak_|-nop: __id__: ubuntutweak __run_num__: 11 changes: {} comment: Success! duration: 0.542 name: ubuntutweak result: true start_time: '13:15:20.052996' timezone_|-Etc/UTC_|-Etc/UTC_|-system: __id__: Etc/UTC __run_num__: 444 changes: timezone: Etc/UTC comment: Set timezone Etc/UTC duration: 199.163 name: Etc/UTC result: true start_time: '11:46:36.263450' user_|-sift-user-sansforensics_|-sansforensics_|-present: __id__: sift-user-sansforensics __run_num__: 426 changes: {} comment: User sansforensics is present and up to date duration: 8.799 name: sansforensics result: true start_time: '13:46:35.767110' virtualenv_|-rekall-virtualenv_|-/opt/rekall_|-managed: __id__: rekall-virtualenv __run_num__: 258 changes: new: Python 2.7.12 packages: new: - ipython==5.4.1 - aff4-snappy==0.5 - arrow==0.7.0 - artifacts==20160114 - readline==6.2.4.1 - PyYAML==3.11 - pytz==2016.4 - pyaff4==0.24.post3 - backports.shutil-get-terminal-size==1.0.0 - isodate==0.5.4 - wcwidth==0.1.7 - scandir==1.5 - pickleshare==0.7.4 - pyelftools==0.24 - pycrypto==2.6.1 - intervaltree==2.1.0 - pyparsing==2.1.5 - efilter==1!1.3 - rekall-core==1.6.0 - decorator==4.0.11 - psutil==4.4.2 - pexpect==4.2.1 - pathlib2==2.3.0 - webencodings==0.5.1 - traitlets==4.3.2 - enum34==1.1.6 - simplegeneric==0.8.1 - python-dateutil==2.5.3 - rdflib==4.2.1 - acora==2.0 - rekall-yara==3.4.0.1 - SPARQLWrapper==1.8.0 - rekall-capstone==3.0.4.post2 - six==1.10.0 - rekall==1.6.0 - prompt-toolkit==1.0.14 - ptyprocess==0.5.2 - ipython-genutils==0.2.0 - sortedcontainers==1.4.4 - ipaddr==2.1.11 - html5lib==0.999999999 - Pygments==2.2.0 - pytsk3==20160721 old: '' comment: Created new virtualenv duration: 112305.267 name: /opt/rekall result: true start_time: '13:41:47.248369'