[DEBUG ] Reading configuration from /etc/salt/minion [DEBUG ] Using cached minion ID from /etc/salt/minion_id: ubuntu # [DEBUG ] Configuration file path: /etc/salt/minion # [WARNING ] Insecure logging configuration detected! Sensitive data may be logged. # [DEBUG ] Reading configuration from /etc/salt/minion # [DEBUG ] Please install 'virt-what' to improve results of the 'virtual' grain. # [DEBUG ] Determining pillar cache # [DEBUG ] LazyLoaded jinja.render # [DEBUG ] LazyLoaded yaml.render # [DEBUG ] LazyLoaded jinja.render # [DEBUG ] LazyLoaded yaml.render # [DEBUG ] LazyLoaded state.apply # [DEBUG ] LazyLoaded saltutil.is_running # [DEBUG ] LazyLoaded grains.get # [DEBUG ] LazyLoaded roots.envs # [DEBUG ] Could not LazyLoad roots.init: 'roots.init' is not available. # [DEBUG ] Updating roots fileserver cache # [INFO ] Loading fresh modules for state activity # [DEBUG ] LazyLoaded jinja.render # [DEBUG ] LazyLoaded yaml.render # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/vm.sls' to resolve 'salt://sift/vm.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/vm.sls' to resolve 'salt://sift/vm.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/vm.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/vm.sls' using 'jinja' renderer: 0.00436091423035 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/vm.sls: include: - sift.repos - sift.packages - sift.python-packages - sift.tools - sift.scripts - sift.config sift-version-file: file.managed: - name: /etc/sift-version - source: salt://VERSION - user: root - group: root - require: - sls: sift.repos - sls: sift.packages - sls: sift.python-packages - sls: sift.tools - sls: sift.scripts - sls: sift.config # [DEBUG ] LazyLoaded config.get # [DEBUG ] Results of YAML rendering: OrderedDict([('include', ['sift.repos', 'sift.packages', 'sift.python-packages', 'sift.tools', 'sift.scripts', 'sift.config']), ('sift-version-file', OrderedDict([('file.managed', [OrderedDict([('name', '/etc/sift-version')]), OrderedDict([('source', 'salt://VERSION')]), OrderedDict([('user', 'root')]), OrderedDict([('group', 'root')]), OrderedDict([('require', [OrderedDict([('sls', 'sift.repos')]), OrderedDict([('sls', 'sift.packages')]), OrderedDict([('sls', 'sift.python-packages')]), OrderedDict([('sls', 'sift.tools')]), OrderedDict([('sls', 'sift.scripts')]), OrderedDict([('sls', 'sift.config')])])])])]))]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/vm.sls' using 'yaml' renderer: 0.0261969566345 # [DEBUG ] Could not find file 'salt://sift/repos.sls' in saltenv 'base' # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/repos/init.sls' to resolve 'salt://sift/repos/init.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/repos/init.sls' to resolve 'salt://sift/repos/init.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/repos/init.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/repos/init.sls' using 'jinja' renderer: 0.000955104827881 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/repos/init.sls: include: - sift.repos.docker - sift.repos.gift - sift.repos.sift - sift.repos.openjdk - sift.repos.ubuntu-multiverse - sift.repos.ubuntu-universe - sift.repos.ubuntu-tweak sift-repos: test.nop: - name: sift-repos - require: - sls: sift.repos.docker - sls: sift.repos.gift - sls: sift.repos.sift - sls: sift.repos.openjdk - sls: sift.repos.ubuntu-multiverse - sls: sift.repos.ubuntu-universe - sls: sift.repos.ubuntu-tweak # [DEBUG ] Results of YAML rendering: OrderedDict([('include', ['sift.repos.docker', 'sift.repos.gift', 'sift.repos.sift', 'sift.repos.openjdk', 'sift.repos.ubuntu-multiverse', 'sift.repos.ubuntu-universe', 'sift.repos.ubuntu-tweak']), ('sift-repos', OrderedDict([('test.nop', [OrderedDict([('name', 'sift-repos')]), OrderedDict([('require', [OrderedDict([('sls', 'sift.repos.docker')]), OrderedDict([('sls', 'sift.repos.gift')]), OrderedDict([('sls', 'sift.repos.sift')]), OrderedDict([('sls', 'sift.repos.openjdk')]), OrderedDict([('sls', 'sift.repos.ubuntu-multiverse')]), OrderedDict([('sls', 'sift.repos.ubuntu-universe')]), OrderedDict([('sls', 'sift.repos.ubuntu-tweak')])])])])]))]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/repos/init.sls' using 'yaml' renderer: 0.00345301628113 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/repos/docker.sls' to resolve 'salt://sift/repos/docker.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/repos/docker.sls' to resolve 'salt://sift/repos/docker.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/repos/docker.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/repos/docker.sls' using 'jinja' renderer: 0.00169515609741 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/repos/docker.sls: include: - ..packages.python-software-properties - ..packages.apt-transport-https sift-docker-repo: pkgrepo.managed: - humanname: Docker - name: deb https://apt.dockerproject.org/repo ubuntu-xenial main - dist: ubuntu-xenial - file: /etc/apt/sources.list.d/docker.list - keyid: 58118E89F3A912897C070ADBF76221572C52609D - keyserver: hkp://p80.pool.sks-keyservers.net:80 - refresh_db: true - require: - pkg: python-software-properties - pkg: apt-transport-https # [DEBUG ] Results of YAML rendering: OrderedDict([('include', ['..packages.python-software-properties', '..packages.apt-transport-https']), ('sift-docker-repo', OrderedDict([('pkgrepo.managed', [OrderedDict([('humanname', 'Docker')]), OrderedDict([('name', 'deb https://apt.dockerproject.org/repo ubuntu-xenial main')]), OrderedDict([('dist', 'ubuntu-xenial')]), OrderedDict([('file', '/etc/apt/sources.list.d/docker.list')]), OrderedDict([('keyid', '58118E89F3A912897C070ADBF76221572C52609D')]), OrderedDict([('keyserver', 'hkp://p80.pool.sks-keyservers.net:80')]), OrderedDict([('refresh_db', True)]), OrderedDict([('require', [OrderedDict([('pkg', 'python-software-properties')]), OrderedDict([('pkg', 'apt-transport-https')])])])])]))]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/repos/docker.sls' using 'yaml' renderer: 0.00356292724609 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/python-software-properties.sls' to resolve 'salt://sift/packages/python-software-properties.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/python-software-properties.sls' to resolve 'salt://sift/packages/python-software-properties.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/python-software-properties.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/python-software-properties.sls' using 'jinja' renderer: 0.000761985778809 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/python-software-properties.sls: python-software-properties: pkg.installed # [DEBUG ] Results of YAML rendering: OrderedDict([('python-software-properties', 'pkg.installed')]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/python-software-properties.sls' using 'yaml' renderer: 0.000535011291504 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/apt-transport-https.sls' to resolve 'salt://sift/packages/apt-transport-https.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/apt-transport-https.sls' to resolve 'salt://sift/packages/apt-transport-https.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/apt-transport-https.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/apt-transport-https.sls' using 'jinja' renderer: 0.00175404548645 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/apt-transport-https.sls: apt-transport-https: pkg.installed # [DEBUG ] Results of YAML rendering: OrderedDict([('apt-transport-https', 'pkg.installed')]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/apt-transport-https.sls' using 'yaml' renderer: 0.00123500823975 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/repos/gift.sls' to resolve 'salt://sift/repos/gift.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/repos/gift.sls' to resolve 'salt://sift/repos/gift.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/repos/gift.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [DEBUG ] LazyLoaded pillar.get # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/repos/gift.sls' using 'jinja' renderer: 0.0298118591309 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/repos/gift.sls: include: - ..packages.python-software-properties sift-gift-dev: pkgrepo.absent: - ppa: gift/dev - require_in: - pkgrepo: sift-gift-repo sift-gift-repo: pkgrepo.managed: - name: gift - ppa: gift/stable - refresh_db: true - require: - pkg: python-software-properties # [DEBUG ] Results of YAML rendering: OrderedDict([('include', ['..packages.python-software-properties']), ('sift-gift-dev', OrderedDict([('pkgrepo.absent', [OrderedDict([('ppa', 'gift/dev')]), OrderedDict([('require_in', [OrderedDict([('pkgrepo', 'sift-gift-repo')])])])])])), ('sift-gift-repo', OrderedDict([('pkgrepo.managed', [OrderedDict([('name', 'gift')]), OrderedDict([('ppa', 'gift/stable')]), OrderedDict([('refresh_db', True)]), OrderedDict([('require', [OrderedDict([('pkg', 'python-software-properties')])])])])]))]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/repos/gift.sls' using 'yaml' renderer: 0.0160579681396 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/repos/sift.sls' to resolve 'salt://sift/repos/sift.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/repos/sift.sls' to resolve 'salt://sift/repos/sift.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/repos/sift.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/repos/sift.sls' using 'jinja' renderer: 0.00382518768311 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/repos/sift.sls: include: - sift.packages.python-software-properties sift-dev: pkgrepo.absent: - ppa: sift/dev - require_in: - pkgrepo: sift-repo sift-repo: pkgrepo.managed: - ppa: sift/stable - refresh_db: true - require: - pkg: python-software-properties # [DEBUG ] Results of YAML rendering: OrderedDict([('include', ['sift.packages.python-software-properties']), ('sift-dev', OrderedDict([('pkgrepo.absent', [OrderedDict([('ppa', 'sift/dev')]), OrderedDict([('require_in', [OrderedDict([('pkgrepo', 'sift-repo')])])])])])), ('sift-repo', OrderedDict([('pkgrepo.managed', [OrderedDict([('ppa', 'sift/stable')]), OrderedDict([('refresh_db', True)]), OrderedDict([('require', [OrderedDict([('pkg', 'python-software-properties')])])])])]))]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/repos/sift.sls' using 'yaml' renderer: 0.004478931427 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/repos/openjdk.sls' to resolve 'salt://sift/repos/openjdk.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/repos/openjdk.sls' to resolve 'salt://sift/repos/openjdk.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/repos/openjdk.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/repos/openjdk.sls' using 'jinja' renderer: 0.000931978225708 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/repos/openjdk.sls: include: - ..packages.python-software-properties openjdk-repo: pkgrepo.managed: - ppa: openjdk-r/ppa - refresh_db: true - require: - pkg: python-software-properties # [DEBUG ] Results of YAML rendering: OrderedDict([('include', ['..packages.python-software-properties']), ('openjdk-repo', OrderedDict([('pkgrepo.managed', [OrderedDict([('ppa', 'openjdk-r/ppa')]), OrderedDict([('refresh_db', True)]), OrderedDict([('require', [OrderedDict([('pkg', 'python-software-properties')])])])])]))]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/repos/openjdk.sls' using 'yaml' renderer: 0.00213408470154 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/repos/ubuntu-multiverse.sls' to resolve 'salt://sift/repos/ubuntu-multiverse.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/repos/ubuntu-multiverse.sls' to resolve 'salt://sift/repos/ubuntu-multiverse.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/repos/ubuntu-multiverse.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/repos/ubuntu-multiverse.sls' using 'jinja' renderer: 0.00155305862427 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/repos/ubuntu-multiverse.sls: sift-multiverse-repo: pkgrepo.managed: - name: deb http://archive.ubuntu.com/ubuntu/ xenial multiverse - refresh_db: true sift-multiverse-repo-security: pkgrepo.managed: - name: deb http://archive.ubuntu.com/ubuntu/ xenial-security multiverse - refresh_db: true # [DEBUG ] Results of YAML rendering: OrderedDict([('sift-multiverse-repo', OrderedDict([('pkgrepo.managed', [OrderedDict([('name', 'deb http://archive.ubuntu.com/ubuntu/ xenial multiverse')]), OrderedDict([('refresh_db', True)])])])), ('sift-multiverse-repo-security', OrderedDict([('pkgrepo.managed', [OrderedDict([('name', 'deb http://archive.ubuntu.com/ubuntu/ xenial-security multiverse')]), OrderedDict([('refresh_db', True)])])]))]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/repos/ubuntu-multiverse.sls' using 'yaml' renderer: 0.00200009346008 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/repos/ubuntu-universe.sls' to resolve 'salt://sift/repos/ubuntu-universe.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/repos/ubuntu-universe.sls' to resolve 'salt://sift/repos/ubuntu-universe.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/repos/ubuntu-universe.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/repos/ubuntu-universe.sls' using 'jinja' renderer: 0.00289607048035 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/repos/ubuntu-universe.sls: sift-universe-repo: pkgrepo.managed: - name: deb http://archive.ubuntu.com/ubuntu/ xenial universe - refresh_db: true # [DEBUG ] Results of YAML rendering: OrderedDict([('sift-universe-repo', OrderedDict([('pkgrepo.managed', [OrderedDict([('name', 'deb http://archive.ubuntu.com/ubuntu/ xenial universe')]), OrderedDict([('refresh_db', True)])])]))]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/repos/ubuntu-universe.sls' using 'yaml' renderer: 0.00161194801331 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/repos/ubuntu-tweak.sls' to resolve 'salt://sift/repos/ubuntu-tweak.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/repos/ubuntu-tweak.sls' to resolve 'salt://sift/repos/ubuntu-tweak.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/repos/ubuntu-tweak.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/repos/ubuntu-tweak.sls' using 'jinja' renderer: 0.00177812576294 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/repos/ubuntu-tweak.sls: ubuntutweak: test.nop: - name: ubuntutweak # [DEBUG ] Results of YAML rendering: OrderedDict([('ubuntutweak', OrderedDict([('test.nop', [OrderedDict([('name', 'ubuntutweak')])])]))]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/repos/ubuntu-tweak.sls' using 'yaml' renderer: 0.000915050506592 # [DEBUG ] Could not find file 'salt://sift/packages.sls' in saltenv 'base' # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/init.sls' to resolve 'salt://sift/packages/init.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/init.sls' to resolve 'salt://sift/packages/init.sls' # [DEBUG ] Fetching file from saltenv 'base', ** attempting ** 'salt://sift/packages/init.sls' # [DEBUG ] No dest file found # [INFO ] Fetching file from saltenv 'base', ** done ** 'sift/packages/init.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/init.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/init.sls' using 'jinja' renderer: 0.00595998764038 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/init.sls: include: - sift.packages.absent - sift.packages.aeskeyfind - sift.packages.afflib-tools - sift.packages.afterglow - sift.packages.aircrack-ng - sift.packages.apache2 - sift.packages.arp-scan - sift.packages.autopsy - sift.packages.bcrypt - sift.packages.bitpim - sift.packages.bitpim-lib - sift.packages.bkhive - sift.packages.bless - sift.packages.blt - sift.packages.build-essential - sift.packages.bulk-extractor - sift.packages.cabextract - sift.packages.ccrypt - sift.packages.cifs-utils - sift.packages.clamav - sift.packages.cmospwd - sift.packages.cryptcat - sift.packages.cryptsetup - sift.packages.curl - sift.packages.dc3dd - sift.packages.dcfldd - sift.packages.dconf-tools - sift.packages.docker-engine - sift.packages.driftnet - sift.packages.dsniff - sift.packages.dumbpig - sift.packages.e2fslibs-dev - sift.packages.ent - sift.packages.epic5 - sift.packages.etherape - sift.packages.ettercap-graphical - sift.packages.exfat-fuse - sift.packages.exfat-utils - sift.packages.exif - sift.packages.extundelete - sift.packages.fdupes - sift.packages.feh - sift.packages.flasm - sift.packages.flex - sift.packages.foremost - sift.packages.g++ - sift.packages.gawk - sift.packages.gcc - sift.packages.gdb - sift.packages.gddrescue - sift.packages.ghex - sift.packages.git - sift.packages.graphviz - sift.packages.gthumb - sift.packages.gzrt - sift.packages.hexedit - sift.packages.htop - sift.packages.hydra - sift.packages.hydra-gtk - sift.packages.ipython - sift.packages.jq - sift.packages.kdiff3 - sift.packages.knocker - sift.packages.kpartx - sift.packages.lft - sift.packages.libafflib-dev - sift.packages.libafflib - sift.packages.libbde - sift.packages.libbde-tools - sift.packages.libesedb - sift.packages.libesedb-tools - sift.packages.libevt - sift.packages.libevt-tools - sift.packages.libevtx - sift.packages.libevtx-tools - sift.packages.libewf - sift.packages.libewf-dev - sift.packages.libewf-python - sift.packages.libewf-tools - sift.packages.libffi-dev - sift.packages.libfuse-dev - sift.packages.libfvde - sift.packages.libfvde-tools - sift.packages.liblightgrep - sift.packages.libmsiecf - sift.packages.libncurses - sift.packages.libnet1 - sift.packages.libolecf - sift.packages.libparse-win32registry-perl - sift.packages.libpff - sift.packages.libpff-dev - sift.packages.libpff-python - sift.packages.libpff-tools - sift.packages.libplist-utils - sift.packages.libregf - sift.packages.libregf-dev - sift.packages.libregf-python - sift.packages.libregf-tools - sift.packages.libssl-dev - sift.packages.libtext-csv-perl - sift.packages.libvmdk - sift.packages.libvshadow - sift.packages.libvshadow-dev - sift.packages.libvshadow-python - sift.packages.libvshadow-tools - sift.packages.libxml2-dev - sift.packages.libxslt-dev - sift.packages.md5deep - sift.packages.nbd-client - sift.packages.nbtscan - sift.packages.netcat - sift.packages.netpbm - sift.packages.netsed - sift.packages.netwox - sift.packages.nfdump - sift.packages.ngrep - sift.packages.nikto - sift.packages.okular - sift.packages.open-iscsi - sift.packages.openjdk - sift.packages.ophcrack - sift.packages.ophcrack-cli - sift.packages.outguess - sift.packages.p0f - sift.packages.p7zip-full - sift.packages.pdftk - sift.packages.perl - sift.packages.pev - sift.packages.phonon - sift.packages.pkg-config - sift.packages.powershell - sift.packages.pv - sift.packages.pyew - sift.packages.pyew - sift.packages.python - sift.packages.python-dev - sift.packages.python-dfvfs - sift.packages.python-flowgrep - sift.packages.python-fuse - sift.packages.python-nids - sift.packages.python-ntdsxtract - sift.packages.python-pefile - sift.packages.python-pip - sift.packages.python-plaso - sift.packages.python-pytsk3 - sift.packages.python-qt4 - sift.packages.python-tk - sift.packages.python-virtualenv - sift.packages.python-volatility - sift.packages.python-yara - sift.packages.qemu - sift.packages.qemu-utils - sift.packages.radare2 - sift.packages.rar - sift.packages.readpst - sift.packages.rsakeyfind - sift.packages.safecopy - sift.packages.samba - sift.packages.samdump2 - sift.packages.scalpel - sift.packages.sleuthkit - sift.packages.socat - sift.packages.ssdeep - sift.packages.ssldump - sift.packages.sslsniff - sift.packages.stunnel4 - sift.packages.system-config-samba - sift.packages.tcl - sift.packages.tcpflow - sift.packages.tcpick - sift.packages.tcpreplay - sift.packages.tcpslice - sift.packages.tcpstat - sift.packages.tcptrace - sift.packages.tcptrack - sift.packages.tcpxtract - sift.packages.testdisk - sift.packages.tofrodos - sift.packages.transmission - sift.packages.unity-control-center - sift.packages.unrar - sift.packages.upx-ucl - sift.packages.vbindiff - sift.packages.vim - sift.packages.virtuoso-minimal - sift.packages.vmfs-tools - sift.packages.winbind - sift.packages.wine - sift.packages.wireshark - sift.packages.xdot - sift.packages.xfsprogs - sift.packages.xmount - sift.packages.xpdf - sift.packages.zenity sift-packages: test.nop: - name: sift-packages - require: - sls: sift.packages.aeskeyfind - sls: sift.packages.afflib-tools - sls: sift.packages.afterglow - sls: sift.packages.aircrack-ng - sls: sift.packages.apache2 - sls: sift.packages.arp-scan - sls: sift.packages.autopsy - sls: sift.packages.bcrypt - sls: sift.packages.bitpim - sls: sift.packages.bitpim-lib - sls: sift.packages.bkhive - sls: sift.packages.bless - sls: sift.packages.blt - sls: sift.packages.build-essential - sls: sift.packages.bulk-extractor - sls: sift.packages.cabextract - sls: sift.packages.ccrypt - sls: sift.packages.cifs-utils - sls: sift.packages.clamav - sls: sift.packages.cmospwd - sls: sift.packages.cryptcat - sls: sift.packages.cryptsetup - sls: sift.packages.curl - sls: sift.packages.dc3dd - sls: sift.packages.dcfldd - sls: sift.packages.dconf-tools - sls: sift.packages.docker-engine - sls: sift.packages.driftnet - sls: sift.packages.dsniff - sls: sift.packages.dumbpig - sls: sift.packages.e2fslibs-dev - sls: sift.packages.ent - sls: sift.packages.epic5 - sls: sift.packages.etherape - sls: sift.packages.ettercap-graphical - sls: sift.packages.exfat-fuse - sls: sift.packages.exfat-utils - sls: sift.packages.exif - sls: sift.packages.extundelete - sls: sift.packages.fdupes - sls: sift.packages.feh - sls: sift.packages.flasm - sls: sift.packages.flex - sls: sift.packages.foremost - sls: sift.packages.g++ - sls: sift.packages.gawk - sls: sift.packages.gcc - sls: sift.packages.gdb - sls: sift.packages.gddrescue - sls: sift.packages.ghex - sls: sift.packages.git - sls: sift.packages.graphviz - sls: sift.packages.gthumb - sls: sift.packages.gzrt - sls: sift.packages.hexedit - sls: sift.packages.htop - sls: sift.packages.hydra - sls: sift.packages.hydra-gtk - sls: sift.packages.ipython - sls: sift.packages.jq - sls: sift.packages.kdiff3 - sls: sift.packages.knocker - sls: sift.packages.kpartx - sls: sift.packages.lft - sls: sift.packages.libafflib-dev - sls: sift.packages.libafflib - sls: sift.packages.libbde - sls: sift.packages.libbde-tools - sls: sift.packages.libesedb - sls: sift.packages.libesedb-tools - sls: sift.packages.libevt - sls: sift.packages.libevt-tools - sls: sift.packages.libevtx - sls: sift.packages.libevtx-tools - sls: sift.packages.libewf - sls: sift.packages.libewf-dev - sls: sift.packages.libewf-python - sls: sift.packages.libewf-tools - sls: sift.packages.libffi-dev - sls: sift.packages.libfuse-dev - sls: sift.packages.libfvde - sls: sift.packages.libfvde-tools - sls: sift.packages.liblightgrep - sls: sift.packages.libmsiecf - sls: sift.packages.libncurses - sls: sift.packages.libnet1 - sls: sift.packages.libolecf - sls: sift.packages.libparse-win32registry-perl - sls: sift.packages.libpff - sls: sift.packages.libpff-dev - sls: sift.packages.libpff-python - sls: sift.packages.libpff-tools - sls: sift.packages.libplist-utils - sls: sift.packages.libregf - sls: sift.packages.libregf-dev - sls: sift.packages.libregf-python - sls: sift.packages.libregf-tools - sls: sift.packages.libssl-dev - sls: sift.packages.libtext-csv-perl - sls: sift.packages.libvmdk - sls: sift.packages.libvshadow - sls: sift.packages.libvshadow-dev - sls: sift.packages.libvshadow-python - sls: sift.packages.libvshadow-tools - sls: sift.packages.libxml2-dev - sls: sift.packages.libxslt-dev - sls: sift.packages.md5deep - sls: sift.packages.nbd-client - sls: sift.packages.nbtscan - sls: sift.packages.netcat - sls: sift.packages.netpbm - sls: sift.packages.netsed - sls: sift.packages.netwox - sls: sift.packages.nfdump - sls: sift.packages.ngrep - sls: sift.packages.nikto - sls: sift.packages.okular - sls: sift.packages.open-iscsi - sls: sift.packages.openjdk - sls: sift.packages.ophcrack - sls: sift.packages.ophcrack-cli - sls: sift.packages.outguess - sls: sift.packages.p0f - sls: sift.packages.p7zip-full - sls: sift.packages.pdftk - sls: sift.packages.perl - sls: sift.packages.pev - sls: sift.packages.phonon - sls: sift.packages.pkg-config - sls: sift.packages.powershell - sls: sift.packages.pv - sls: sift.packages.pyew - sls: sift.packages.pyew - sls: sift.packages.python - sls: sift.packages.python-dev - sls: sift.packages.python-dfvfs - sls: sift.packages.python-flowgrep - sls: sift.packages.python-fuse - sls: sift.packages.python-nids - sls: sift.packages.python-ntdsxtract - sls: sift.packages.python-pefile - sls: sift.packages.python-pip - sls: sift.packages.python-plaso - sls: sift.packages.python-pytsk3 - sls: sift.packages.python-qt4 - sls: sift.packages.python-tk - sls: sift.packages.python-virtualenv - sls: sift.packages.python-volatility - sls: sift.packages.python-yara - sls: sift.packages.qemu - sls: sift.packages.qemu-utils - sls: sift.packages.radare2 - sls: sift.packages.rar - sls: sift.packages.readpst - sls: sift.packages.rsakeyfind - sls: sift.packages.safecopy - sls: sift.packages.samba - sls: sift.packages.samdump2 - sls: sift.packages.scalpel - sls: sift.packages.sleuthkit - sls: sift.packages.socat - sls: sift.packages.ssdeep - sls: sift.packages.ssldump - sls: sift.packages.sslsniff - sls: sift.packages.stunnel4 - sls: sift.packages.system-config-samba - sls: sift.packages.tcl - sls: sift.packages.tcpflow - sls: sift.packages.tcpick - sls: sift.packages.tcpreplay - sls: sift.packages.tcpslice - sls: sift.packages.tcpstat - sls: sift.packages.tcptrace - sls: sift.packages.tcptrack - sls: sift.packages.tcpxtract - sls: sift.packages.testdisk - sls: sift.packages.tofrodos - sls: sift.packages.transmission - sls: sift.packages.unity-control-center - sls: sift.packages.unrar - sls: sift.packages.upx-ucl - sls: sift.packages.vbindiff - sls: sift.packages.vim - sls: sift.packages.virtuoso-minimal - sls: sift.packages.vmfs-tools - sls: sift.packages.winbind - sls: sift.packages.wine - sls: sift.packages.wireshark - sls: sift.packages.xdot - sls: sift.packages.xfsprogs - sls: sift.packages.xmount - sls: sift.packages.xpdf - sls: sift.packages.zenity # [DEBUG ] Results of YAML rendering: OrderedDict([('include', ['sift.packages.absent', 'sift.packages.aeskeyfind', 'sift.packages.afflib-tools', 'sift.packages.afterglow', 'sift.packages.aircrack-ng', 'sift.packages.apache2', 'sift.packages.arp-scan', 'sift.packages.autopsy', 'sift.packages.bcrypt', 'sift.packages.bitpim', 'sift.packages.bitpim-lib', 'sift.packages.bkhive', 'sift.packages.bless', 'sift.packages.blt', 'sift.packages.build-essential', 'sift.packages.bulk-extractor', 'sift.packages.cabextract', 'sift.packages.ccrypt', 'sift.packages.cifs-utils', 'sift.packages.clamav', 'sift.packages.cmospwd', 'sift.packages.cryptcat', 'sift.packages.cryptsetup', 'sift.packages.curl', 'sift.packages.dc3dd', 'sift.packages.dcfldd', 'sift.packages.dconf-tools', 'sift.packages.docker-engine', 'sift.packages.driftnet', 'sift.packages.dsniff', 'sift.packages.dumbpig', 'sift.packages.e2fslibs-dev', 'sift.packages.ent', 'sift.packages.epic5', 'sift.packages.etherape', 'sift.packages.ettercap-graphical', 'sift.packages.exfat-fuse', 'sift.packages.exfat-utils', 'sift.packages.exif', 'sift.packages.extundelete', 'sift.packages.fdupes', 'sift.packages.feh', 'sift.packages.flasm', 'sift.packages.flex', 'sift.packages.foremost', 'sift.packages.g++', 'sift.packages.gawk', 'sift.packages.gcc', 'sift.packages.gdb', 'sift.packages.gddrescue', 'sift.packages.ghex', 'sift.packages.git', 'sift.packages.graphviz', 'sift.packages.gthumb', 'sift.packages.gzrt', 'sift.packages.hexedit', 'sift.packages.htop', 'sift.packages.hydra', 'sift.packages.hydra-gtk', 'sift.packages.ipython', 'sift.packages.jq', 'sift.packages.kdiff3', 'sift.packages.knocker', 'sift.packages.kpartx', 'sift.packages.lft', 'sift.packages.libafflib-dev', 'sift.packages.libafflib', 'sift.packages.libbde', 'sift.packages.libbde-tools', 'sift.packages.libesedb', 'sift.packages.libesedb-tools', 'sift.packages.libevt', 'sift.packages.libevt-tools', 'sift.packages.libevtx', 'sift.packages.libevtx-tools', 'sift.packages.libewf', 'sift.packages.libewf-dev', 'sift.packages.libewf-python', 'sift.packages.libewf-tools', 'sift.packages.libffi-dev', 'sift.packages.libfuse-dev', 'sift.packages.libfvde', 'sift.packages.libfvde-tools', 'sift.packages.liblightgrep', 'sift.packages.libmsiecf', 'sift.packages.libncurses', 'sift.packages.libnet1', 'sift.packages.libolecf', 'sift.packages.libparse-win32registry-perl', 'sift.packages.libpff', 'sift.packages.libpff-dev', 'sift.packages.libpff-python', 'sift.packages.libpff-tools', 'sift.packages.libplist-utils', 'sift.packages.libregf', 'sift.packages.libregf-dev', 'sift.packages.libregf-python', 'sift.packages.libregf-tools', 'sift.packages.libssl-dev', 'sift.packages.libtext-csv-perl', 'sift.packages.libvmdk', 'sift.packages.libvshadow', 'sift.packages.libvshadow-dev', 'sift.packages.libvshadow-python', 'sift.packages.libvshadow-tools', 'sift.packages.libxml2-dev', 'sift.packages.libxslt-dev', 'sift.packages.md5deep', 'sift.packages.nbd-client', 'sift.packages.nbtscan', 'sift.packages.netcat', 'sift.packages.netpbm', 'sift.packages.netsed', 'sift.packages.netwox', 'sift.packages.nfdump', 'sift.packages.ngrep', 'sift.packages.nikto', 'sift.packages.okular', 'sift.packages.open-iscsi', 'sift.packages.openjdk', 'sift.packages.ophcrack', 'sift.packages.ophcrack-cli', 'sift.packages.outguess', 'sift.packages.p0f', 'sift.packages.p7zip-full', 'sift.packages.pdftk', 'sift.packages.perl', 'sift.packages.pev', 'sift.packages.phonon', 'sift.packages.pkg-config', 'sift.packages.powershell', 'sift.packages.pv', 'sift.packages.pyew', 'sift.packages.pyew', 'sift.packages.python', 'sift.packages.python-dev', 'sift.packages.python-dfvfs', 'sift.packages.python-flowgrep', 'sift.packages.python-fuse', 'sift.packages.python-nids', 'sift.packages.python-ntdsxtract', 'sift.packages.python-pefile', 'sift.packages.python-pip', 'sift.packages.python-plaso', 'sift.packages.python-pytsk3', 'sift.packages.python-qt4', 'sift.packages.python-tk', 'sift.packages.python-virtualenv', 'sift.packages.python-volatility', 'sift.packages.python-yara', 'sift.packages.qemu', 'sift.packages.qemu-utils', 'sift.packages.radare2', 'sift.packages.rar', 'sift.packages.readpst', 'sift.packages.rsakeyfind', 'sift.packages.safecopy', 'sift.packages.samba', 'sift.packages.samdump2', 'sift.packages.scalpel', 'sift.packages.sleuthkit', 'sift.packages.socat', 'sift.packages.ssdeep', 'sift.packages.ssldump', 'sift.packages.sslsniff', 'sift.packages.stunnel4', 'sift.packages.system-config-samba', 'sift.packages.tcl', 'sift.packages.tcpflow', 'sift.packages.tcpick', 'sift.packages.tcpreplay', 'sift.packages.tcpslice', 'sift.packages.tcpstat', 'sift.packages.tcptrace', 'sift.packages.tcptrack', 'sift.packages.tcpxtract', 'sift.packages.testdisk', 'sift.packages.tofrodos', 'sift.packages.transmission', 'sift.packages.unity-control-center', 'sift.packages.unrar', 'sift.packages.upx-ucl', 'sift.packages.vbindiff', 'sift.packages.vim', 'sift.packages.virtuoso-minimal', 'sift.packages.vmfs-tools', 'sift.packages.winbind', 'sift.packages.wine', 'sift.packages.wireshark', 'sift.packages.xdot', 'sift.packages.xfsprogs', 'sift.packages.xmount', 'sift.packages.xpdf', 'sift.packages.zenity']), ('sift-packages', OrderedDict([('test.nop', [OrderedDict([('name', 'sift-packages')]), OrderedDict([('require', [OrderedDict([('sls', 'sift.packages.aeskeyfind')]), OrderedDict([('sls', 'sift.packages.afflib-tools')]), OrderedDict([('sls', 'sift.packages.afterglow')]), OrderedDict([('sls', 'sift.packages.aircrack-ng')]), OrderedDict([('sls', 'sift.packages.apache2')]), OrderedDict([('sls', 'sift.packages.arp-scan')]), OrderedDict([('sls', 'sift.packages.autopsy')]), OrderedDict([('sls', 'sift.packages.bcrypt')]), OrderedDict([('sls', 'sift.packages.bitpim')]), OrderedDict([('sls', 'sift.packages.bitpim-lib')]), OrderedDict([('sls', 'sift.packages.bkhive')]), OrderedDict([('sls', 'sift.packages.bless')]), OrderedDict([('sls', 'sift.packages.blt')]), OrderedDict([('sls', 'sift.packages.build-essential')]), OrderedDict([('sls', 'sift.packages.bulk-extractor')]), OrderedDict([('sls', 'sift.packages.cabextract')]), OrderedDict([('sls', 'sift.packages.ccrypt')]), OrderedDict([('sls', 'sift.packages.cifs-utils')]), OrderedDict([('sls', 'sift.packages.clamav')]), OrderedDict([('sls', 'sift.packages.cmospwd')]), OrderedDict([('sls', 'sift.packages.cryptcat')]), OrderedDict([('sls', 'sift.packages.cryptsetup')]), OrderedDict([('sls', 'sift.packages.curl')]), OrderedDict([('sls', 'sift.packages.dc3dd')]), OrderedDict([('sls', 'sift.packages.dcfldd')]), OrderedDict([('sls', 'sift.packages.dconf-tools')]), OrderedDict([('sls', 'sift.packages.docker-engine')]), OrderedDict([('sls', 'sift.packages.driftnet')]), OrderedDict([('sls', 'sift.packages.dsniff')]), OrderedDict([('sls', 'sift.packages.dumbpig')]), OrderedDict([('sls', 'sift.packages.e2fslibs-dev')]), OrderedDict([('sls', 'sift.packages.ent')]), OrderedDict([('sls', 'sift.packages.epic5')]), OrderedDict([('sls', 'sift.packages.etherape')]), OrderedDict([('sls', 'sift.packages.ettercap-graphical')]), OrderedDict([('sls', 'sift.packages.exfat-fuse')]), OrderedDict([('sls', 'sift.packages.exfat-utils')]), OrderedDict([('sls', 'sift.packages.exif')]), OrderedDict([('sls', 'sift.packages.extundelete')]), OrderedDict([('sls', 'sift.packages.fdupes')]), OrderedDict([('sls', 'sift.packages.feh')]), OrderedDict([('sls', 'sift.packages.flasm')]), OrderedDict([('sls', 'sift.packages.flex')]), OrderedDict([('sls', 'sift.packages.foremost')]), OrderedDict([('sls', 'sift.packages.g++')]), OrderedDict([('sls', 'sift.packages.gawk')]), OrderedDict([('sls', 'sift.packages.gcc')]), OrderedDict([('sls', 'sift.packages.gdb')]), OrderedDict([('sls', 'sift.packages.gddrescue')]), OrderedDict([('sls', 'sift.packages.ghex')]), OrderedDict([('sls', 'sift.packages.git')]), OrderedDict([('sls', 'sift.packages.graphviz')]), OrderedDict([('sls', 'sift.packages.gthumb')]), OrderedDict([('sls', 'sift.packages.gzrt')]), OrderedDict([('sls', 'sift.packages.hexedit')]), OrderedDict([('sls', 'sift.packages.htop')]), OrderedDict([('sls', 'sift.packages.hydra')]), OrderedDict([('sls', 'sift.packages.hydra-gtk')]), OrderedDict([('sls', 'sift.packages.ipython')]), OrderedDict([('sls', 'sift.packages.jq')]), OrderedDict([('sls', 'sift.packages.kdiff3')]), OrderedDict([('sls', 'sift.packages.knocker')]), OrderedDict([('sls', 'sift.packages.kpartx')]), OrderedDict([('sls', 'sift.packages.lft')]), OrderedDict([('sls', 'sift.packages.libafflib-dev')]), OrderedDict([('sls', 'sift.packages.libafflib')]), OrderedDict([('sls', 'sift.packages.libbde')]), OrderedDict([('sls', 'sift.packages.libbde-tools')]), OrderedDict([('sls', 'sift.packages.libesedb')]), OrderedDict([('sls', 'sift.packages.libesedb-tools')]), OrderedDict([('sls', 'sift.packages.libevt')]), OrderedDict([('sls', 'sift.packages.libevt-tools')]), OrderedDict([('sls', 'sift.packages.libevtx')]), OrderedDict([('sls', 'sift.packages.libevtx-tools')]), OrderedDict([('sls', 'sift.packages.libewf')]), OrderedDict([('sls', 'sift.packages.libewf-dev')]), OrderedDict([('sls', 'sift.packages.libewf-python')]), OrderedDict([('sls', 'sift.packages.libewf-tools')]), OrderedDict([('sls', 'sift.packages.libffi-dev')]), OrderedDict([('sls', 'sift.packages.libfuse-dev')]), OrderedDict([('sls', 'sift.packages.libfvde')]), OrderedDict([('sls', 'sift.packages.libfvde-tools')]), OrderedDict([('sls', 'sift.packages.liblightgrep')]), OrderedDict([('sls', 'sift.packages.libmsiecf')]), OrderedDict([('sls', 'sift.packages.libncurses')]), OrderedDict([('sls', 'sift.packages.libnet1')]), OrderedDict([('sls', 'sift.packages.libolecf')]), OrderedDict([('sls', 'sift.packages.libparse-win32registry-perl')]), OrderedDict([('sls', 'sift.packages.libpff')]), OrderedDict([('sls', 'sift.packages.libpff-dev')]), OrderedDict([('sls', 'sift.packages.libpff-python')]), OrderedDict([('sls', 'sift.packages.libpff-tools')]), OrderedDict([('sls', 'sift.packages.libplist-utils')]), OrderedDict([('sls', 'sift.packages.libregf')]), OrderedDict([('sls', 'sift.packages.libregf-dev')]), OrderedDict([('sls', 'sift.packages.libregf-python')]), OrderedDict([('sls', 'sift.packages.libregf-tools')]), OrderedDict([('sls', 'sift.packages.libssl-dev')]), OrderedDict([('sls', 'sift.packages.libtext-csv-perl')]), OrderedDict([('sls', 'sift.packages.libvmdk')]), OrderedDict([('sls', 'sift.packages.libvshadow')]), OrderedDict([('sls', 'sift.packages.libvshadow-dev')]), OrderedDict([('sls', 'sift.packages.libvshadow-python')]), OrderedDict([('sls', 'sift.packages.libvshadow-tools')]), OrderedDict([('sls', 'sift.packages.libxml2-dev')]), OrderedDict([('sls', 'sift.packages.libxslt-dev')]), OrderedDict([('sls', 'sift.packages.md5deep')]), OrderedDict([('sls', 'sift.packages.nbd-client')]), OrderedDict([('sls', 'sift.packages.nbtscan')]), OrderedDict([('sls', 'sift.packages.netcat')]), OrderedDict([('sls', 'sift.packages.netpbm')]), OrderedDict([('sls', 'sift.packages.netsed')]), OrderedDict([('sls', 'sift.packages.netwox')]), OrderedDict([('sls', 'sift.packages.nfdump')]), OrderedDict([('sls', 'sift.packages.ngrep')]), OrderedDict([('sls', 'sift.packages.nikto')]), OrderedDict([('sls', 'sift.packages.okular')]), OrderedDict([('sls', 'sift.packages.open-iscsi')]), OrderedDict([('sls', 'sift.packages.openjdk')]), OrderedDict([('sls', 'sift.packages.ophcrack')]), OrderedDict([('sls', 'sift.packages.ophcrack-cli')]), OrderedDict([('sls', 'sift.packages.outguess')]), OrderedDict([('sls', 'sift.packages.p0f')]), OrderedDict([('sls', 'sift.packages.p7zip-full')]), OrderedDict([('sls', 'sift.packages.pdftk')]), OrderedDict([('sls', 'sift.packages.perl')]), OrderedDict([('sls', 'sift.packages.pev')]), OrderedDict([('sls', 'sift.packages.phonon')]), OrderedDict([('sls', 'sift.packages.pkg-config')]), OrderedDict([('sls', 'sift.packages.powershell')]), OrderedDict([('sls', 'sift.packages.pv')]), OrderedDict([('sls', 'sift.packages.pyew')]), OrderedDict([('sls', 'sift.packages.pyew')]), OrderedDict([('sls', 'sift.packages.python')]), OrderedDict([('sls', 'sift.packages.python-dev')]), OrderedDict([('sls', 'sift.packages.python-dfvfs')]), OrderedDict([('sls', 'sift.packages.python-flowgrep')]), OrderedDict([('sls', 'sift.packages.python-fuse')]), OrderedDict([('sls', 'sift.packages.python-nids')]), OrderedDict([('sls', 'sift.packages.python-ntdsxtract')]), OrderedDict([('sls', 'sift.packages.python-pefile')]), OrderedDict([('sls', 'sift.packages.python-pip')]), OrderedDict([('sls', 'sift.packages.python-plaso')]), OrderedDict([('sls', 'sift.packages.python-pytsk3')]), OrderedDict([('sls', 'sift.packages.python-qt4')]), OrderedDict([('sls', 'sift.packages.python-tk')]), OrderedDict([('sls', 'sift.packages.python-virtualenv')]), OrderedDict([('sls', 'sift.packages.python-volatility')]), OrderedDict([('sls', 'sift.packages.python-yara')]), OrderedDict([('sls', 'sift.packages.qemu')]), OrderedDict([('sls', 'sift.packages.qemu-utils')]), OrderedDict([('sls', 'sift.packages.radare2')]), OrderedDict([('sls', 'sift.packages.rar')]), OrderedDict([('sls', 'sift.packages.readpst')]), OrderedDict([('sls', 'sift.packages.rsakeyfind')]), OrderedDict([('sls', 'sift.packages.safecopy')]), OrderedDict([('sls', 'sift.packages.samba')]), OrderedDict([('sls', 'sift.packages.samdump2')]), OrderedDict([('sls', 'sift.packages.scalpel')]), OrderedDict([('sls', 'sift.packages.sleuthkit')]), OrderedDict([('sls', 'sift.packages.socat')]), OrderedDict([('sls', 'sift.packages.ssdeep')]), OrderedDict([('sls', 'sift.packages.ssldump')]), OrderedDict([('sls', 'sift.packages.sslsniff')]), OrderedDict([('sls', 'sift.packages.stunnel4')]), OrderedDict([('sls', 'sift.packages.system-config-samba')]), OrderedDict([('sls', 'sift.packages.tcl')]), OrderedDict([('sls', 'sift.packages.tcpflow')]), OrderedDict([('sls', 'sift.packages.tcpick')]), OrderedDict([('sls', 'sift.packages.tcpreplay')]), OrderedDict([('sls', 'sift.packages.tcpslice')]), OrderedDict([('sls', 'sift.packages.tcpstat')]), OrderedDict([('sls', 'sift.packages.tcptrace')]), OrderedDict([('sls', 'sift.packages.tcptrack')]), OrderedDict([('sls', 'sift.packages.tcpxtract')]), OrderedDict([('sls', 'sift.packages.testdisk')]), OrderedDict([('sls', 'sift.packages.tofrodos')]), OrderedDict([('sls', 'sift.packages.transmission')]), OrderedDict([('sls', 'sift.packages.unity-control-center')]), OrderedDict([('sls', 'sift.packages.unrar')]), OrderedDict([('sls', 'sift.packages.upx-ucl')]), OrderedDict([('sls', 'sift.packages.vbindiff')]), OrderedDict([('sls', 'sift.packages.vim')]), OrderedDict([('sls', 'sift.packages.virtuoso-minimal')]), OrderedDict([('sls', 'sift.packages.vmfs-tools')]), OrderedDict([('sls', 'sift.packages.winbind')]), OrderedDict([('sls', 'sift.packages.wine')]), OrderedDict([('sls', 'sift.packages.wireshark')]), OrderedDict([('sls', 'sift.packages.xdot')]), OrderedDict([('sls', 'sift.packages.xfsprogs')]), OrderedDict([('sls', 'sift.packages.xmount')]), OrderedDict([('sls', 'sift.packages.xpdf')]), OrderedDict([('sls', 'sift.packages.zenity')])])])])]))]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/init.sls' using 'yaml' renderer: 0.0767509937286 # [DEBUG ] Could not find file 'salt://sift/packages/absent.sls' in saltenv 'base' # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/absent/init.sls' to resolve 'salt://sift/packages/absent/init.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/absent/init.sls' to resolve 'salt://sift/packages/absent/init.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/absent/init.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/absent/init.sls' using 'jinja' renderer: 0.000949144363403 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/absent/init.sls: include: - .binplist - .unity-webapps-common # [DEBUG ] Results of YAML rendering: OrderedDict([('include', ['.binplist', '.unity-webapps-common'])]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/absent/init.sls' using 'yaml' renderer: 0.00110816955566 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/absent/binplist.sls' to resolve 'salt://sift/packages/absent/binplist.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/absent/binplist.sls' to resolve 'salt://sift/packages/absent/binplist.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/absent/binplist.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/absent/binplist.sls' using 'jinja' renderer: 0.00115203857422 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/absent/binplist.sls: binplist: pkg.removed # [DEBUG ] Results of YAML rendering: OrderedDict([('binplist', 'pkg.removed')]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/absent/binplist.sls' using 'yaml' renderer: 0.000988006591797 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/absent/unity-webapps-common.sls' to resolve 'salt://sift/packages/absent/unity-webapps-common.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/absent/unity-webapps-common.sls' to resolve 'salt://sift/packages/absent/unity-webapps-common.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/absent/unity-webapps-common.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/absent/unity-webapps-common.sls' using 'jinja' renderer: 0.00088906288147 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/absent/unity-webapps-common.sls: unity-webapps-common: pkg.removed # [DEBUG ] Results of YAML rendering: OrderedDict([('unity-webapps-common', 'pkg.removed')]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/absent/unity-webapps-common.sls' using 'yaml' renderer: 0.000662803649902 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/aeskeyfind.sls' to resolve 'salt://sift/packages/aeskeyfind.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/aeskeyfind.sls' to resolve 'salt://sift/packages/aeskeyfind.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/aeskeyfind.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/aeskeyfind.sls' using 'jinja' renderer: 0.000824928283691 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/aeskeyfind.sls: aeskeyfind: pkg.installed # [DEBUG ] Results of YAML rendering: OrderedDict([('aeskeyfind', 'pkg.installed')]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/aeskeyfind.sls' using 'yaml' renderer: 0.000599145889282 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/afflib-tools.sls' to resolve 'salt://sift/packages/afflib-tools.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/afflib-tools.sls' to resolve 'salt://sift/packages/afflib-tools.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/afflib-tools.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/afflib-tools.sls' using 'jinja' renderer: 0.000785112380981 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/afflib-tools.sls: afflib-tools: pkg.installed # [DEBUG ] Results of YAML rendering: OrderedDict([('afflib-tools', 'pkg.installed')]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/afflib-tools.sls' using 'yaml' renderer: 0.000555038452148 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/afterglow.sls' to resolve 'salt://sift/packages/afterglow.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/afterglow.sls' to resolve 'salt://sift/packages/afterglow.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/afterglow.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/afterglow.sls' using 'jinja' renderer: 0.000839948654175 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/afterglow.sls: include: - sift.repos.sift afterglow: pkg.installed: - required: - pkgrepo: sift-repo # [DEBUG ] Results of YAML rendering: OrderedDict([('include', ['sift.repos.sift']), ('afterglow', OrderedDict([('pkg.installed', [OrderedDict([('required', [OrderedDict([('pkgrepo', 'sift-repo')])])])])]))]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/afterglow.sls' using 'yaml' renderer: 0.00158596038818 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/aircrack-ng.sls' to resolve 'salt://sift/packages/aircrack-ng.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/aircrack-ng.sls' to resolve 'salt://sift/packages/aircrack-ng.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/aircrack-ng.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/aircrack-ng.sls' using 'jinja' renderer: 0.000882148742676 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/aircrack-ng.sls: aircrack-ng: pkg.installed # [DEBUG ] Results of YAML rendering: OrderedDict([('aircrack-ng', 'pkg.installed')]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/aircrack-ng.sls' using 'yaml' renderer: 0.000570774078369 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/apache2.sls' to resolve 'salt://sift/packages/apache2.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/apache2.sls' to resolve 'salt://sift/packages/apache2.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/apache2.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/apache2.sls' using 'jinja' renderer: 0.000744104385376 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/apache2.sls: apache2: pkg.installed # [DEBUG ] Results of YAML rendering: OrderedDict([('apache2', 'pkg.installed')]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/apache2.sls' using 'yaml' renderer: 0.000519037246704 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/arp-scan.sls' to resolve 'salt://sift/packages/arp-scan.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/arp-scan.sls' to resolve 'salt://sift/packages/arp-scan.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/arp-scan.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/arp-scan.sls' using 'jinja' renderer: 0.000756025314331 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/arp-scan.sls: arp-scan: pkg.installed # [DEBUG ] Results of YAML rendering: OrderedDict([('arp-scan', 'pkg.installed')]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/arp-scan.sls' using 'yaml' renderer: 0.000552892684937 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/autopsy.sls' to resolve 'salt://sift/packages/autopsy.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/autopsy.sls' to resolve 'salt://sift/packages/autopsy.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/autopsy.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/autopsy.sls' using 'jinja' renderer: 0.00108599662781 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/autopsy.sls: autopsy: pkg.installed # [DEBUG ] Results of YAML rendering: OrderedDict([('autopsy', 'pkg.installed')]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/autopsy.sls' using 'yaml' renderer: 0.00090503692627 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/bcrypt.sls' to resolve 'salt://sift/packages/bcrypt.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/bcrypt.sls' to resolve 'salt://sift/packages/bcrypt.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/bcrypt.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/bcrypt.sls' using 'jinja' renderer: 0.00103807449341 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/bcrypt.sls: bcrypt: pkg.installed # [DEBUG ] Results of YAML rendering: OrderedDict([('bcrypt', 'pkg.installed')]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/bcrypt.sls' using 'yaml' renderer: 0.000633001327515 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/bitpim.sls' to resolve 'salt://sift/packages/bitpim.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/bitpim.sls' to resolve 'salt://sift/packages/bitpim.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/bitpim.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/bitpim.sls' using 'jinja' renderer: 0.000773191452026 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/bitpim.sls: bitpim: pkg.installed # [DEBUG ] Results of YAML rendering: OrderedDict([('bitpim', 'pkg.installed')]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/bitpim.sls' using 'yaml' renderer: 0.000561952590942 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/bitpim-lib.sls' to resolve 'salt://sift/packages/bitpim-lib.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/bitpim-lib.sls' to resolve 'salt://sift/packages/bitpim-lib.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/bitpim-lib.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/bitpim-lib.sls' using 'jinja' renderer: 0.000846147537231 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/bitpim-lib.sls: bitpim-lib: pkg.installed # [DEBUG ] Results of YAML rendering: OrderedDict([('bitpim-lib', 'pkg.installed')]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/bitpim-lib.sls' using 'yaml' renderer: 0.000578880310059 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/bkhive.sls' to resolve 'salt://sift/packages/bkhive.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/bkhive.sls' to resolve 'salt://sift/packages/bkhive.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/bkhive.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/bkhive.sls' using 'jinja' renderer: 0.00107502937317 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/bkhive.sls: bkhive: pkg.installed # [DEBUG ] Results of YAML rendering: OrderedDict([('bkhive', 'pkg.installed')]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/bkhive.sls' using 'yaml' renderer: 0.000481128692627 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/bless.sls' to resolve 'salt://sift/packages/bless.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/bless.sls' to resolve 'salt://sift/packages/bless.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/bless.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/bless.sls' using 'jinja' renderer: 0.00062894821167 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/bless.sls: bless: pkg.installed # [DEBUG ] Results of YAML rendering: OrderedDict([('bless', 'pkg.installed')]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/bless.sls' using 'yaml' renderer: 0.000488996505737 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/blt.sls' to resolve 'salt://sift/packages/blt.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/blt.sls' to resolve 'salt://sift/packages/blt.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/blt.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/blt.sls' using 'jinja' renderer: 0.00062084197998 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/blt.sls: blt: pkg.installed # [DEBUG ] Results of YAML rendering: OrderedDict([('blt', 'pkg.installed')]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/blt.sls' using 'yaml' renderer: 0.000490188598633 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/build-essential.sls' to resolve 'salt://sift/packages/build-essential.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/build-essential.sls' to resolve 'salt://sift/packages/build-essential.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/build-essential.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/build-essential.sls' using 'jinja' renderer: 0.000657081604004 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/build-essential.sls: build-essential: pkg.installed # [DEBUG ] Results of YAML rendering: OrderedDict([('build-essential', 'pkg.installed')]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/build-essential.sls' using 'yaml' renderer: 0.000514984130859 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/bulk-extractor.sls' to resolve 'salt://sift/packages/bulk-extractor.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/bulk-extractor.sls' to resolve 'salt://sift/packages/bulk-extractor.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/bulk-extractor.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/bulk-extractor.sls' using 'jinja' renderer: 0.000740051269531 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/bulk-extractor.sls: include: - ..repos.sift - ..repos.openjdk bulk-extractor: pkg.installed: - require: - pkgrepo: sift-repo - pkgrepo: openjdk-repo # [DEBUG ] Results of YAML rendering: OrderedDict([('include', ['..repos.sift', '..repos.openjdk']), ('bulk-extractor', OrderedDict([('pkg.installed', [OrderedDict([('require', [OrderedDict([('pkgrepo', 'sift-repo')]), OrderedDict([('pkgrepo', 'openjdk-repo')])])])])]))]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/bulk-extractor.sls' using 'yaml' renderer: 0.00156211853027 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/cabextract.sls' to resolve 'salt://sift/packages/cabextract.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/cabextract.sls' to resolve 'salt://sift/packages/cabextract.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/cabextract.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/cabextract.sls' using 'jinja' renderer: 0.000672817230225 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/cabextract.sls: cabextract: pkg.installed # [DEBUG ] Results of YAML rendering: OrderedDict([('cabextract', 'pkg.installed')]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/cabextract.sls' using 'yaml' renderer: 0.00049901008606 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/ccrypt.sls' to resolve 'salt://sift/packages/ccrypt.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/ccrypt.sls' to resolve 'salt://sift/packages/ccrypt.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/ccrypt.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/ccrypt.sls' using 'jinja' renderer: 0.000741958618164 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/ccrypt.sls: ccrypt: pkg.installed # [DEBUG ] Results of YAML rendering: OrderedDict([('ccrypt', 'pkg.installed')]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/ccrypt.sls' using 'yaml' renderer: 0.000576019287109 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/cifs-utils.sls' to resolve 'salt://sift/packages/cifs-utils.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/cifs-utils.sls' to resolve 'salt://sift/packages/cifs-utils.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/cifs-utils.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/cifs-utils.sls' using 'jinja' renderer: 0.000718832015991 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/cifs-utils.sls: cifs-utils: pkg.installed # [DEBUG ] Results of YAML rendering: OrderedDict([('cifs-utils', 'pkg.installed')]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/cifs-utils.sls' using 'yaml' renderer: 0.00054407119751 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/clamav.sls' to resolve 'salt://sift/packages/clamav.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/clamav.sls' to resolve 'salt://sift/packages/clamav.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/clamav.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/clamav.sls' using 'jinja' renderer: 0.00074315071106 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/clamav.sls: clamav: pkg.installed # [DEBUG ] Results of YAML rendering: OrderedDict([('clamav', 'pkg.installed')]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/clamav.sls' using 'yaml' renderer: 0.000503063201904 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/cmospwd.sls' to resolve 'salt://sift/packages/cmospwd.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/cmospwd.sls' to resolve 'salt://sift/packages/cmospwd.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/cmospwd.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/cmospwd.sls' using 'jinja' renderer: 0.000723123550415 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/cmospwd.sls: cmospwd: pkg.installed # [DEBUG ] Results of YAML rendering: OrderedDict([('cmospwd', 'pkg.installed')]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/cmospwd.sls' using 'yaml' renderer: 0.00128102302551 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/cryptcat.sls' to resolve 'salt://sift/packages/cryptcat.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/cryptcat.sls' to resolve 'salt://sift/packages/cryptcat.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/cryptcat.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/cryptcat.sls' using 'jinja' renderer: 0.00233793258667 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/cryptcat.sls: cryptcat: pkg.installed # [DEBUG ] Results of YAML rendering: OrderedDict([('cryptcat', 'pkg.installed')]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/cryptcat.sls' using 'yaml' renderer: 0.00133895874023 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/cryptsetup.sls' to resolve 'salt://sift/packages/cryptsetup.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/cryptsetup.sls' to resolve 'salt://sift/packages/cryptsetup.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/cryptsetup.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/cryptsetup.sls' using 'jinja' renderer: 0.00170016288757 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/cryptsetup.sls: cryptsetup: pkg.installed # [DEBUG ] Results of YAML rendering: OrderedDict([('cryptsetup', 'pkg.installed')]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/cryptsetup.sls' using 'yaml' renderer: 0.00117087364197 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/curl.sls' to resolve 'salt://sift/packages/curl.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/curl.sls' to resolve 'salt://sift/packages/curl.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/curl.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/curl.sls' using 'jinja' renderer: 0.00175094604492 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/curl.sls: curl: pkg.installed # [DEBUG ] Results of YAML rendering: OrderedDict([('curl', 'pkg.installed')]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/curl.sls' using 'yaml' renderer: 0.00121188163757 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/dc3dd.sls' to resolve 'salt://sift/packages/dc3dd.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/dc3dd.sls' to resolve 'salt://sift/packages/dc3dd.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/dc3dd.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/dc3dd.sls' using 'jinja' renderer: 0.00178408622742 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/dc3dd.sls: dc3dd: pkg.installed # [DEBUG ] Results of YAML rendering: OrderedDict([('dc3dd', 'pkg.installed')]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/dc3dd.sls' using 'yaml' renderer: 0.00114703178406 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/dcfldd.sls' to resolve 'salt://sift/packages/dcfldd.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/dcfldd.sls' to resolve 'salt://sift/packages/dcfldd.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/dcfldd.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/dcfldd.sls' using 'jinja' renderer: 0.00182890892029 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/dcfldd.sls: dcfldd: pkg.installed # [DEBUG ] Results of YAML rendering: OrderedDict([('dcfldd', 'pkg.installed')]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/dcfldd.sls' using 'yaml' renderer: 0.00121784210205 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/dconf-tools.sls' to resolve 'salt://sift/packages/dconf-tools.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/dconf-tools.sls' to resolve 'salt://sift/packages/dconf-tools.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/dconf-tools.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/dconf-tools.sls' using 'jinja' renderer: 0.00171995162964 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/dconf-tools.sls: dconf-tools: pkg.installed # [DEBUG ] Results of YAML rendering: OrderedDict([('dconf-tools', 'pkg.installed')]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/dconf-tools.sls' using 'yaml' renderer: 0.00217199325562 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/docker-engine.sls' to resolve 'salt://sift/packages/docker-engine.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/docker-engine.sls' to resolve 'salt://sift/packages/docker-engine.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/docker-engine.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/docker-engine.sls' using 'jinja' renderer: 0.0011739730835 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/docker-engine.sls: include: - ..repos.docker docker-engine: pkg.installed: - require: - pkgrepo: sift-docker-repo # [DEBUG ] Results of YAML rendering: OrderedDict([('include', ['..repos.docker']), ('docker-engine', OrderedDict([('pkg.installed', [OrderedDict([('require', [OrderedDict([('pkgrepo', 'sift-docker-repo')])])])])]))]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/docker-engine.sls' using 'yaml' renderer: 0.00195384025574 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/driftnet.sls' to resolve 'salt://sift/packages/driftnet.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/driftnet.sls' to resolve 'salt://sift/packages/driftnet.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/driftnet.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/driftnet.sls' using 'jinja' renderer: 0.00102305412292 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/driftnet.sls: driftnet: pkg.installed # [DEBUG ] Results of YAML rendering: OrderedDict([('driftnet', 'pkg.installed')]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/driftnet.sls' using 'yaml' renderer: 0.000730991363525 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/dsniff.sls' to resolve 'salt://sift/packages/dsniff.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/dsniff.sls' to resolve 'salt://sift/packages/dsniff.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/dsniff.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/dsniff.sls' using 'jinja' renderer: 0.00101804733276 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/dsniff.sls: dsniff: pkg.installed # [DEBUG ] Results of YAML rendering: OrderedDict([('dsniff', 'pkg.installed')]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/dsniff.sls' using 'yaml' renderer: 0.000709056854248 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/dumbpig.sls' to resolve 'salt://sift/packages/dumbpig.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/dumbpig.sls' to resolve 'salt://sift/packages/dumbpig.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/dumbpig.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/dumbpig.sls' using 'jinja' renderer: 0.00113320350647 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/dumbpig.sls: dumbpig: pkg.installed # [DEBUG ] Results of YAML rendering: OrderedDict([('dumbpig', 'pkg.installed')]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/dumbpig.sls' using 'yaml' renderer: 0.000782012939453 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/e2fslibs-dev.sls' to resolve 'salt://sift/packages/e2fslibs-dev.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/e2fslibs-dev.sls' to resolve 'salt://sift/packages/e2fslibs-dev.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/e2fslibs-dev.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/e2fslibs-dev.sls' using 'jinja' renderer: 0.00104284286499 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/e2fslibs-dev.sls: e2fslibs-dev: pkg.installed # [DEBUG ] Results of YAML rendering: OrderedDict([('e2fslibs-dev', 'pkg.installed')]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/e2fslibs-dev.sls' using 'yaml' renderer: 0.000755071640015 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/ent.sls' to resolve 'salt://sift/packages/ent.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/ent.sls' to resolve 'salt://sift/packages/ent.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/ent.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/ent.sls' using 'jinja' renderer: 0.000995874404907 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/ent.sls: ent: pkg.installed # [DEBUG ] Results of YAML rendering: OrderedDict([('ent', 'pkg.installed')]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/ent.sls' using 'yaml' renderer: 0.000688076019287 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/epic5.sls' to resolve 'salt://sift/packages/epic5.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/epic5.sls' to resolve 'salt://sift/packages/epic5.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/epic5.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/epic5.sls' using 'jinja' renderer: 0.00116515159607 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/epic5.sls: epic5: pkg.installed # [DEBUG ] Results of YAML rendering: OrderedDict([('epic5', 'pkg.installed')]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/epic5.sls' using 'yaml' renderer: 0.000768899917603 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/etherape.sls' to resolve 'salt://sift/packages/etherape.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/etherape.sls' to resolve 'salt://sift/packages/etherape.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/etherape.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/etherape.sls' using 'jinja' renderer: 0.00102090835571 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/etherape.sls: etherape: pkg.installed # [DEBUG ] Results of YAML rendering: OrderedDict([('etherape', 'pkg.installed')]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/etherape.sls' using 'yaml' renderer: 0.000786066055298 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/ettercap-graphical.sls' to resolve 'salt://sift/packages/ettercap-graphical.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/ettercap-graphical.sls' to resolve 'salt://sift/packages/ettercap-graphical.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/ettercap-graphical.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/ettercap-graphical.sls' using 'jinja' renderer: 0.00103998184204 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/ettercap-graphical.sls: ettercap-graphical: pkg.installed # [DEBUG ] Results of YAML rendering: OrderedDict([('ettercap-graphical', 'pkg.installed')]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/ettercap-graphical.sls' using 'yaml' renderer: 0.000720024108887 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/exfat-fuse.sls' to resolve 'salt://sift/packages/exfat-fuse.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/exfat-fuse.sls' to resolve 'salt://sift/packages/exfat-fuse.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/exfat-fuse.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/exfat-fuse.sls' using 'jinja' renderer: 0.0011568069458 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/exfat-fuse.sls: exfat-fuse: pkg.installed # [DEBUG ] Results of YAML rendering: OrderedDict([('exfat-fuse', 'pkg.installed')]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/exfat-fuse.sls' using 'yaml' renderer: 0.000859022140503 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/exfat-utils.sls' to resolve 'salt://sift/packages/exfat-utils.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/exfat-utils.sls' to resolve 'salt://sift/packages/exfat-utils.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/exfat-utils.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/exfat-utils.sls' using 'jinja' renderer: 0.00113201141357 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/exfat-utils.sls: exfat-utils: pkg.installed # [DEBUG ] Results of YAML rendering: OrderedDict([('exfat-utils', 'pkg.installed')]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/exfat-utils.sls' using 'yaml' renderer: 0.000818014144897 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/exif.sls' to resolve 'salt://sift/packages/exif.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/exif.sls' to resolve 'salt://sift/packages/exif.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/exif.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/exif.sls' using 'jinja' renderer: 0.000968933105469 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/exif.sls: exif: pkg.installed # [DEBUG ] Results of YAML rendering: OrderedDict([('exif', 'pkg.installed')]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/exif.sls' using 'yaml' renderer: 0.000706195831299 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/extundelete.sls' to resolve 'salt://sift/packages/extundelete.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/extundelete.sls' to resolve 'salt://sift/packages/extundelete.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/extundelete.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/extundelete.sls' using 'jinja' renderer: 0.000931978225708 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/extundelete.sls: extundelete: pkg.installed # [DEBUG ] Results of YAML rendering: OrderedDict([('extundelete', 'pkg.installed')]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/extundelete.sls' using 'yaml' renderer: 0.000730037689209 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/fdupes.sls' to resolve 'salt://sift/packages/fdupes.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/fdupes.sls' to resolve 'salt://sift/packages/fdupes.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/fdupes.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/fdupes.sls' using 'jinja' renderer: 0.00114798545837 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/fdupes.sls: fdupes: pkg.installed # [DEBUG ] Results of YAML rendering: OrderedDict([('fdupes', 'pkg.installed')]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/fdupes.sls' using 'yaml' renderer: 0.00078010559082 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/feh.sls' to resolve 'salt://sift/packages/feh.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/feh.sls' to resolve 'salt://sift/packages/feh.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/feh.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/feh.sls' using 'jinja' renderer: 0.000974893569946 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/feh.sls: feh: pkg.installed # [DEBUG ] Results of YAML rendering: OrderedDict([('feh', 'pkg.installed')]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/feh.sls' using 'yaml' renderer: 0.000701189041138 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/flasm.sls' to resolve 'salt://sift/packages/flasm.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/flasm.sls' to resolve 'salt://sift/packages/flasm.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/flasm.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/flasm.sls' using 'jinja' renderer: 0.000966787338257 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/flasm.sls: flasm: pkg.installed # [DEBUG ] Results of YAML rendering: OrderedDict([('flasm', 'pkg.installed')]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/flasm.sls' using 'yaml' renderer: 0.00075101852417 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/flex.sls' to resolve 'salt://sift/packages/flex.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/flex.sls' to resolve 'salt://sift/packages/flex.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/flex.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/flex.sls' using 'jinja' renderer: 0.0015971660614 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/flex.sls: flex: pkg.installed # [DEBUG ] Results of YAML rendering: OrderedDict([('flex', 'pkg.installed')]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/flex.sls' using 'yaml' renderer: 0.000776052474976 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/foremost.sls' to resolve 'salt://sift/packages/foremost.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/foremost.sls' to resolve 'salt://sift/packages/foremost.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/foremost.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/foremost.sls' using 'jinja' renderer: 0.000962018966675 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/foremost.sls: foremost: pkg.installed # [DEBUG ] Results of YAML rendering: OrderedDict([('foremost', 'pkg.installed')]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/foremost.sls' using 'yaml' renderer: 0.000730037689209 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/g++.sls' to resolve 'salt://sift/packages/g++.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/g++.sls' to resolve 'salt://sift/packages/g++.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/g++.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/g++.sls' using 'jinja' renderer: 0.000922918319702 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/g++.sls: g++: pkg.installed # [DEBUG ] Results of YAML rendering: OrderedDict([('g++', 'pkg.installed')]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/g++.sls' using 'yaml' renderer: 0.000705003738403 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/gawk.sls' to resolve 'salt://sift/packages/gawk.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/gawk.sls' to resolve 'salt://sift/packages/gawk.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/gawk.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/gawk.sls' using 'jinja' renderer: 0.000945091247559 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/gawk.sls: gawk: pkg.installed # [DEBUG ] Results of YAML rendering: OrderedDict([('gawk', 'pkg.installed')]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/gawk.sls' using 'yaml' renderer: 0.000706195831299 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/gcc.sls' to resolve 'salt://sift/packages/gcc.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/gcc.sls' to resolve 'salt://sift/packages/gcc.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/gcc.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/gcc.sls' using 'jinja' renderer: 0.00103092193604 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/gcc.sls: gcc: pkg.installed # [DEBUG ] Results of YAML rendering: OrderedDict([('gcc', 'pkg.installed')]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/gcc.sls' using 'yaml' renderer: 0.000701904296875 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/gdb.sls' to resolve 'salt://sift/packages/gdb.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/gdb.sls' to resolve 'salt://sift/packages/gdb.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/gdb.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/gdb.sls' using 'jinja' renderer: 0.000932931900024 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/gdb.sls: gdb: pkg.installed # [DEBUG ] Results of YAML rendering: OrderedDict([('gdb', 'pkg.installed')]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/gdb.sls' using 'yaml' renderer: 0.000701904296875 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/gddrescue.sls' to resolve 'salt://sift/packages/gddrescue.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/gddrescue.sls' to resolve 'salt://sift/packages/gddrescue.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/gddrescue.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/gddrescue.sls' using 'jinja' renderer: 0.00089693069458 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/gddrescue.sls: gddrescue: pkg.installed # [DEBUG ] Results of YAML rendering: OrderedDict([('gddrescue', 'pkg.installed')]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/gddrescue.sls' using 'yaml' renderer: 0.000672817230225 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/ghex.sls' to resolve 'salt://sift/packages/ghex.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/ghex.sls' to resolve 'salt://sift/packages/ghex.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/ghex.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/ghex.sls' using 'jinja' renderer: 0.00110292434692 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/ghex.sls: ghex: pkg.installed # [DEBUG ] Results of YAML rendering: OrderedDict([('ghex', 'pkg.installed')]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/ghex.sls' using 'yaml' renderer: 0.000810146331787 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/git.sls' to resolve 'salt://sift/packages/git.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/git.sls' to resolve 'salt://sift/packages/git.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/git.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/git.sls' using 'jinja' renderer: 0.000985860824585 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/git.sls: git: pkg.installed # [DEBUG ] Results of YAML rendering: OrderedDict([('git', 'pkg.installed')]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/git.sls' using 'yaml' renderer: 0.000702857971191 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/graphviz.sls' to resolve 'salt://sift/packages/graphviz.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/graphviz.sls' to resolve 'salt://sift/packages/graphviz.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/graphviz.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/graphviz.sls' using 'jinja' renderer: 0.000933170318604 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/graphviz.sls: graphviz: pkg.installed # [DEBUG ] Results of YAML rendering: OrderedDict([('graphviz', 'pkg.installed')]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/graphviz.sls' using 'yaml' renderer: 0.000705003738403 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/gthumb.sls' to resolve 'salt://sift/packages/gthumb.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/gthumb.sls' to resolve 'salt://sift/packages/gthumb.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/gthumb.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/gthumb.sls' using 'jinja' renderer: 0.000933885574341 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/gthumb.sls: gthumb: pkg.installed # [DEBUG ] Results of YAML rendering: OrderedDict([('gthumb', 'pkg.installed')]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/gthumb.sls' using 'yaml' renderer: 0.000740051269531 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/gzrt.sls' to resolve 'salt://sift/packages/gzrt.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/gzrt.sls' to resolve 'salt://sift/packages/gzrt.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/gzrt.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/gzrt.sls' using 'jinja' renderer: 0.000997066497803 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/gzrt.sls: gzrt: pkg.installed # [DEBUG ] Results of YAML rendering: OrderedDict([('gzrt', 'pkg.installed')]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/gzrt.sls' using 'yaml' renderer: 0.000935077667236 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/hexedit.sls' to resolve 'salt://sift/packages/hexedit.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/hexedit.sls' to resolve 'salt://sift/packages/hexedit.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/hexedit.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/hexedit.sls' using 'jinja' renderer: 0.000957012176514 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/hexedit.sls: hexedit: pkg.installed # [DEBUG ] Results of YAML rendering: OrderedDict([('hexedit', 'pkg.installed')]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/hexedit.sls' using 'yaml' renderer: 0.000708103179932 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/htop.sls' to resolve 'salt://sift/packages/htop.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/htop.sls' to resolve 'salt://sift/packages/htop.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/htop.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/htop.sls' using 'jinja' renderer: 0.00116395950317 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/htop.sls: htop: pkg.installed # [DEBUG ] Results of YAML rendering: OrderedDict([('htop', 'pkg.installed')]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/htop.sls' using 'yaml' renderer: 0.000808954238892 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/hydra.sls' to resolve 'salt://sift/packages/hydra.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/hydra.sls' to resolve 'salt://sift/packages/hydra.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/hydra.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/hydra.sls' using 'jinja' renderer: 0.000985860824585 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/hydra.sls: hydra: pkg.installed # [DEBUG ] Results of YAML rendering: OrderedDict([('hydra', 'pkg.installed')]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/hydra.sls' using 'yaml' renderer: 0.000724792480469 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/hydra-gtk.sls' to resolve 'salt://sift/packages/hydra-gtk.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/hydra-gtk.sls' to resolve 'salt://sift/packages/hydra-gtk.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/hydra-gtk.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/hydra-gtk.sls' using 'jinja' renderer: 0.000972032546997 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/hydra-gtk.sls: hydra-gtk: pkg.installed # [DEBUG ] Results of YAML rendering: OrderedDict([('hydra-gtk', 'pkg.installed')]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/hydra-gtk.sls' using 'yaml' renderer: 0.000818967819214 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/ipython.sls' to resolve 'salt://sift/packages/ipython.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/ipython.sls' to resolve 'salt://sift/packages/ipython.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/ipython.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/ipython.sls' using 'jinja' renderer: 0.00118899345398 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/ipython.sls: ipython: pkg.installed # [DEBUG ] Results of YAML rendering: OrderedDict([('ipython', 'pkg.installed')]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/ipython.sls' using 'yaml' renderer: 0.000777959823608 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/jq.sls' to resolve 'salt://sift/packages/jq.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/jq.sls' to resolve 'salt://sift/packages/jq.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/jq.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/jq.sls' using 'jinja' renderer: 0.00103998184204 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/jq.sls: jq: pkg.installed: - name: jq # [DEBUG ] Results of YAML rendering: OrderedDict([('jq', OrderedDict([('pkg.installed', [OrderedDict([('name', 'jq')])])]))]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/jq.sls' using 'yaml' renderer: 0.00176095962524 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/kdiff3.sls' to resolve 'salt://sift/packages/kdiff3.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/kdiff3.sls' to resolve 'salt://sift/packages/kdiff3.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/kdiff3.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/kdiff3.sls' using 'jinja' renderer: 0.00113296508789 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/kdiff3.sls: kdiff3: pkg.installed # [DEBUG ] Results of YAML rendering: OrderedDict([('kdiff3', 'pkg.installed')]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/kdiff3.sls' using 'yaml' renderer: 0.00081992149353 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/knocker.sls' to resolve 'salt://sift/packages/knocker.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/knocker.sls' to resolve 'salt://sift/packages/knocker.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/knocker.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/knocker.sls' using 'jinja' renderer: 0.000990867614746 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/knocker.sls: knocker: pkg.installed # [DEBUG ] Results of YAML rendering: OrderedDict([('knocker', 'pkg.installed')]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/knocker.sls' using 'yaml' renderer: 0.000790119171143 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/kpartx.sls' to resolve 'salt://sift/packages/kpartx.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/kpartx.sls' to resolve 'salt://sift/packages/kpartx.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/kpartx.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/kpartx.sls' using 'jinja' renderer: 0.000930070877075 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/kpartx.sls: kpartx: pkg.installed # [DEBUG ] Results of YAML rendering: OrderedDict([('kpartx', 'pkg.installed')]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/kpartx.sls' using 'yaml' renderer: 0.000706911087036 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/lft.sls' to resolve 'salt://sift/packages/lft.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/lft.sls' to resolve 'salt://sift/packages/lft.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/lft.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/lft.sls' using 'jinja' renderer: 0.000968933105469 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/lft.sls: lft: pkg.installed # [DEBUG ] Results of YAML rendering: OrderedDict([('lft', 'pkg.installed')]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/lft.sls' using 'yaml' renderer: 0.00071907043457 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/libafflib-dev.sls' to resolve 'salt://sift/packages/libafflib-dev.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/libafflib-dev.sls' to resolve 'salt://sift/packages/libafflib-dev.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/libafflib-dev.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/libafflib-dev.sls' using 'jinja' renderer: 0.00105381011963 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/libafflib-dev.sls: libafflib-dev: pkg.installed # [DEBUG ] Results of YAML rendering: OrderedDict([('libafflib-dev', 'pkg.installed')]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/libafflib-dev.sls' using 'yaml' renderer: 0.000755071640015 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/libafflib.sls' to resolve 'salt://sift/packages/libafflib.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/libafflib.sls' to resolve 'salt://sift/packages/libafflib.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/libafflib.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/libafflib.sls' using 'jinja' renderer: 0.00295186042786 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/libafflib.sls: libafflib: pkg.installed: - name: libafflib0v5 # [DEBUG ] Results of YAML rendering: OrderedDict([('libafflib', OrderedDict([('pkg.installed', [OrderedDict([('name', 'libafflib0v5')])])]))]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/libafflib.sls' using 'yaml' renderer: 0.00121998786926 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/libbde.sls' to resolve 'salt://sift/packages/libbde.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/libbde.sls' to resolve 'salt://sift/packages/libbde.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/libbde.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/libbde.sls' using 'jinja' renderer: 0.00119090080261 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/libbde.sls: libbde: pkg.installed # [DEBUG ] Results of YAML rendering: OrderedDict([('libbde', 'pkg.installed')]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/libbde.sls' using 'yaml' renderer: 0.000797986984253 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/libbde-tools.sls' to resolve 'salt://sift/packages/libbde-tools.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/libbde-tools.sls' to resolve 'salt://sift/packages/libbde-tools.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/libbde-tools.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/libbde-tools.sls' using 'jinja' renderer: 0.0010290145874 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/libbde-tools.sls: libbde-tools: pkg.installed # [DEBUG ] Results of YAML rendering: OrderedDict([('libbde-tools', 'pkg.installed')]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/libbde-tools.sls' using 'yaml' renderer: 0.000780820846558 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/libesedb.sls' to resolve 'salt://sift/packages/libesedb.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/libesedb.sls' to resolve 'salt://sift/packages/libesedb.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/libesedb.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/libesedb.sls' using 'jinja' renderer: 0.000933885574341 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/libesedb.sls: libesedb: pkg.installed # [DEBUG ] Results of YAML rendering: OrderedDict([('libesedb', 'pkg.installed')]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/libesedb.sls' using 'yaml' renderer: 0.000709056854248 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/libesedb-tools.sls' to resolve 'salt://sift/packages/libesedb-tools.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/libesedb-tools.sls' to resolve 'salt://sift/packages/libesedb-tools.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/libesedb-tools.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/libesedb-tools.sls' using 'jinja' renderer: 0.00102996826172 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/libesedb-tools.sls: libesedb-tools: pkg.installed # [DEBUG ] Results of YAML rendering: OrderedDict([('libesedb-tools', 'pkg.installed')]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/libesedb-tools.sls' using 'yaml' renderer: 0.00105404853821 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/libevt.sls' to resolve 'salt://sift/packages/libevt.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/libevt.sls' to resolve 'salt://sift/packages/libevt.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/libevt.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/libevt.sls' using 'jinja' renderer: 0.00109100341797 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/libevt.sls: libevt: pkg.installed # [DEBUG ] Results of YAML rendering: OrderedDict([('libevt', 'pkg.installed')]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/libevt.sls' using 'yaml' renderer: 0.00078296661377 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/libevt-tools.sls' to resolve 'salt://sift/packages/libevt-tools.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/libevt-tools.sls' to resolve 'salt://sift/packages/libevt-tools.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/libevt-tools.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/libevt-tools.sls' using 'jinja' renderer: 0.00104808807373 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/libevt-tools.sls: libevt-tools: pkg.installed # [DEBUG ] Results of YAML rendering: OrderedDict([('libevt-tools', 'pkg.installed')]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/libevt-tools.sls' using 'yaml' renderer: 0.00075101852417 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/libevtx.sls' to resolve 'salt://sift/packages/libevtx.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/libevtx.sls' to resolve 'salt://sift/packages/libevtx.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/libevtx.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/libevtx.sls' using 'jinja' renderer: 0.00094199180603 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/libevtx.sls: libevtx: pkg.installed # [DEBUG ] Results of YAML rendering: OrderedDict([('libevtx', 'pkg.installed')]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/libevtx.sls' using 'yaml' renderer: 0.000744104385376 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/libevtx-tools.sls' to resolve 'salt://sift/packages/libevtx-tools.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/libevtx-tools.sls' to resolve 'salt://sift/packages/libevtx-tools.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/libevtx-tools.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/libevtx-tools.sls' using 'jinja' renderer: 0.00111413002014 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/libevtx-tools.sls: libevtx-tools: pkg.installed # [DEBUG ] Results of YAML rendering: OrderedDict([('libevtx-tools', 'pkg.installed')]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/libevtx-tools.sls' using 'yaml' renderer: 0.000845193862915 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/libewf.sls' to resolve 'salt://sift/packages/libewf.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/libewf.sls' to resolve 'salt://sift/packages/libewf.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/libewf.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/libewf.sls' using 'jinja' renderer: 0.00282502174377 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/libewf.sls: libewf: pkg.installed # [DEBUG ] Results of YAML rendering: OrderedDict([('libewf', 'pkg.installed')]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/libewf.sls' using 'yaml' renderer: 0.00257205963135 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/libewf-dev.sls' to resolve 'salt://sift/packages/libewf-dev.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/libewf-dev.sls' to resolve 'salt://sift/packages/libewf-dev.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/libewf-dev.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/libewf-dev.sls' using 'jinja' renderer: 0.00303387641907 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/libewf-dev.sls: libewf-dev: pkg.installed # [DEBUG ] Results of YAML rendering: OrderedDict([('libewf-dev', 'pkg.installed')]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/libewf-dev.sls' using 'yaml' renderer: 0.00252294540405 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/libewf-python.sls' to resolve 'salt://sift/packages/libewf-python.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/libewf-python.sls' to resolve 'salt://sift/packages/libewf-python.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/libewf-python.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/libewf-python.sls' using 'jinja' renderer: 0.00395321846008 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/libewf-python.sls: libewf-python: pkg.installed # [DEBUG ] Results of YAML rendering: OrderedDict([('libewf-python', 'pkg.installed')]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/libewf-python.sls' using 'yaml' renderer: 0.00212597846985 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/libewf-tools.sls' to resolve 'salt://sift/packages/libewf-tools.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/libewf-tools.sls' to resolve 'salt://sift/packages/libewf-tools.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/libewf-tools.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/libewf-tools.sls' using 'jinja' renderer: 0.002601146698 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/libewf-tools.sls: libewf-tools: pkg.installed # [DEBUG ] Results of YAML rendering: OrderedDict([('libewf-tools', 'pkg.installed')]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/libewf-tools.sls' using 'yaml' renderer: 0.0019679069519 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/libffi-dev.sls' to resolve 'salt://sift/packages/libffi-dev.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/libffi-dev.sls' to resolve 'salt://sift/packages/libffi-dev.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/libffi-dev.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/libffi-dev.sls' using 'jinja' renderer: 0.00151300430298 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/libffi-dev.sls: libffi-dev: pkg.installed # [DEBUG ] Results of YAML rendering: OrderedDict([('libffi-dev', 'pkg.installed')]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/libffi-dev.sls' using 'yaml' renderer: 0.00109100341797 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/libfuse-dev.sls' to resolve 'salt://sift/packages/libfuse-dev.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/libfuse-dev.sls' to resolve 'salt://sift/packages/libfuse-dev.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/libfuse-dev.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/libfuse-dev.sls' using 'jinja' renderer: 0.00102806091309 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/libfuse-dev.sls: libfuse-dev: pkg.installed # [DEBUG ] Results of YAML rendering: OrderedDict([('libfuse-dev', 'pkg.installed')]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/libfuse-dev.sls' using 'yaml' renderer: 0.000722169876099 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/libfvde.sls' to resolve 'salt://sift/packages/libfvde.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/libfvde.sls' to resolve 'salt://sift/packages/libfvde.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/libfvde.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/libfvde.sls' using 'jinja' renderer: 0.000946044921875 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/libfvde.sls: include: - sift.repos.gift libfvde: pkg.installed: - require: - pkgrepo: sift-gift-repo # [DEBUG ] Results of YAML rendering: OrderedDict([('include', ['sift.repos.gift']), ('libfvde', OrderedDict([('pkg.installed', [OrderedDict([('require', [OrderedDict([('pkgrepo', 'sift-gift-repo')])])])])]))]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/libfvde.sls' using 'yaml' renderer: 0.00157904624939 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/libfvde-tools.sls' to resolve 'salt://sift/packages/libfvde-tools.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/libfvde-tools.sls' to resolve 'salt://sift/packages/libfvde-tools.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/libfvde-tools.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/libfvde-tools.sls' using 'jinja' renderer: 0.000919103622437 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/libfvde-tools.sls: libfvde-tools: pkg.installed # [DEBUG ] Results of YAML rendering: OrderedDict([('libfvde-tools', 'pkg.installed')]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/libfvde-tools.sls' using 'yaml' renderer: 0.000688076019287 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/liblightgrep.sls' to resolve 'salt://sift/packages/liblightgrep.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/liblightgrep.sls' to resolve 'salt://sift/packages/liblightgrep.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/liblightgrep.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/liblightgrep.sls' using 'jinja' renderer: 0.00117611885071 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/liblightgrep.sls: liblightgrep: pkg.installed # [DEBUG ] Results of YAML rendering: OrderedDict([('liblightgrep', 'pkg.installed')]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/liblightgrep.sls' using 'yaml' renderer: 0.000730991363525 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/libmsiecf.sls' to resolve 'salt://sift/packages/libmsiecf.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/libmsiecf.sls' to resolve 'salt://sift/packages/libmsiecf.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/libmsiecf.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/libmsiecf.sls' using 'jinja' renderer: 0.000919103622437 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/libmsiecf.sls: libmsiecf: pkg.installed # [DEBUG ] Results of YAML rendering: OrderedDict([('libmsiecf', 'pkg.installed')]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/libmsiecf.sls' using 'yaml' renderer: 0.00065803527832 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/libncurses.sls' to resolve 'salt://sift/packages/libncurses.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/libncurses.sls' to resolve 'salt://sift/packages/libncurses.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/libncurses.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/libncurses.sls' using 'jinja' renderer: 0.000874996185303 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/libncurses.sls: libncurses: pkg.installed: - name: libncurses5-dev # [DEBUG ] Results of YAML rendering: OrderedDict([('libncurses', OrderedDict([('pkg.installed', [OrderedDict([('name', 'libncurses5-dev')])])]))]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/libncurses.sls' using 'yaml' renderer: 0.00109910964966 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/libnet1.sls' to resolve 'salt://sift/packages/libnet1.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/libnet1.sls' to resolve 'salt://sift/packages/libnet1.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/libnet1.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/libnet1.sls' using 'jinja' renderer: 0.00106191635132 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/libnet1.sls: libnet1: pkg.installed # [DEBUG ] Results of YAML rendering: OrderedDict([('libnet1', 'pkg.installed')]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/libnet1.sls' using 'yaml' renderer: 0.000763893127441 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/libolecf.sls' to resolve 'salt://sift/packages/libolecf.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/libolecf.sls' to resolve 'salt://sift/packages/libolecf.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/libolecf.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/libolecf.sls' using 'jinja' renderer: 0.000883102416992 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/libolecf.sls: libolecf: pkg.installed # [DEBUG ] Results of YAML rendering: OrderedDict([('libolecf', 'pkg.installed')]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/libolecf.sls' using 'yaml' renderer: 0.000622987747192 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/libparse-win32registry-perl.sls' to resolve 'salt://sift/packages/libparse-win32registry-perl.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/libparse-win32registry-perl.sls' to resolve 'salt://sift/packages/libparse-win32registry-perl.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/libparse-win32registry-perl.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/libparse-win32registry-perl.sls' using 'jinja' renderer: 0.000900983810425 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/libparse-win32registry-perl.sls: libparse-win32registry-perl: pkg.installed # [DEBUG ] Results of YAML rendering: OrderedDict([('libparse-win32registry-perl', 'pkg.installed')]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/libparse-win32registry-perl.sls' using 'yaml' renderer: 0.000647068023682 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/libpff.sls' to resolve 'salt://sift/packages/libpff.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/libpff.sls' to resolve 'salt://sift/packages/libpff.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/libpff.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/libpff.sls' using 'jinja' renderer: 0.000917196273804 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/libpff.sls: libpff: pkg.installed # [DEBUG ] Results of YAML rendering: OrderedDict([('libpff', 'pkg.installed')]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/libpff.sls' using 'yaml' renderer: 0.000702857971191 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/libpff-dev.sls' to resolve 'salt://sift/packages/libpff-dev.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/libpff-dev.sls' to resolve 'salt://sift/packages/libpff-dev.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/libpff-dev.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/libpff-dev.sls' using 'jinja' renderer: 0.000939130783081 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/libpff-dev.sls: libpff-dev: pkg.installed # [DEBUG ] Results of YAML rendering: OrderedDict([('libpff-dev', 'pkg.installed')]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/libpff-dev.sls' using 'yaml' renderer: 0.000643968582153 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/libpff-python.sls' to resolve 'salt://sift/packages/libpff-python.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/libpff-python.sls' to resolve 'salt://sift/packages/libpff-python.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/libpff-python.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/libpff-python.sls' using 'jinja' renderer: 0.000881910324097 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/libpff-python.sls: libpff-python: pkg.installed # [DEBUG ] Results of YAML rendering: OrderedDict([('libpff-python', 'pkg.installed')]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/libpff-python.sls' using 'yaml' renderer: 0.000636100769043 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/libpff-tools.sls' to resolve 'salt://sift/packages/libpff-tools.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/libpff-tools.sls' to resolve 'salt://sift/packages/libpff-tools.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/libpff-tools.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/libpff-tools.sls' using 'jinja' renderer: 0.000877141952515 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/libpff-tools.sls: libpff-tools: pkg.installed # [DEBUG ] Results of YAML rendering: OrderedDict([('libpff-tools', 'pkg.installed')]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/libpff-tools.sls' using 'yaml' renderer: 0.000690937042236 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/libplist-utils.sls' to resolve 'salt://sift/packages/libplist-utils.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/libplist-utils.sls' to resolve 'salt://sift/packages/libplist-utils.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/libplist-utils.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/libplist-utils.sls' using 'jinja' renderer: 0.000957012176514 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/libplist-utils.sls: sift-package-libplist-utils: pkg.installed: - name: libplist-utils # [DEBUG ] Results of YAML rendering: OrderedDict([('sift-package-libplist-utils', OrderedDict([('pkg.installed', [OrderedDict([('name', 'libplist-utils')])])]))]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/libplist-utils.sls' using 'yaml' renderer: 0.00120210647583 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/libregf.sls' to resolve 'salt://sift/packages/libregf.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/libregf.sls' to resolve 'salt://sift/packages/libregf.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/libregf.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/libregf.sls' using 'jinja' renderer: 0.000917911529541 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/libregf.sls: libregf: pkg.installed # [DEBUG ] Results of YAML rendering: OrderedDict([('libregf', 'pkg.installed')]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/libregf.sls' using 'yaml' renderer: 0.00061297416687 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/libregf-dev.sls' to resolve 'salt://sift/packages/libregf-dev.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/libregf-dev.sls' to resolve 'salt://sift/packages/libregf-dev.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/libregf-dev.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/libregf-dev.sls' using 'jinja' renderer: 0.000878095626831 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/libregf-dev.sls: libregf-dev: pkg.installed # [DEBUG ] Results of YAML rendering: OrderedDict([('libregf-dev', 'pkg.installed')]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/libregf-dev.sls' using 'yaml' renderer: 0.000637054443359 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/libregf-python.sls' to resolve 'salt://sift/packages/libregf-python.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/libregf-python.sls' to resolve 'salt://sift/packages/libregf-python.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/libregf-python.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/libregf-python.sls' using 'jinja' renderer: 0.00152587890625 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/libregf-python.sls: libregf-python: pkg.installed # [DEBUG ] Results of YAML rendering: OrderedDict([('libregf-python', 'pkg.installed')]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/libregf-python.sls' using 'yaml' renderer: 0.00083589553833 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/libregf-tools.sls' to resolve 'salt://sift/packages/libregf-tools.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/libregf-tools.sls' to resolve 'salt://sift/packages/libregf-tools.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/libregf-tools.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/libregf-tools.sls' using 'jinja' renderer: 0.00265192985535 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/libregf-tools.sls: libregf-tools: pkg.installed # [DEBUG ] Results of YAML rendering: OrderedDict([('libregf-tools', 'pkg.installed')]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/libregf-tools.sls' using 'yaml' renderer: 0.00201892852783 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/libssl-dev.sls' to resolve 'salt://sift/packages/libssl-dev.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/libssl-dev.sls' to resolve 'salt://sift/packages/libssl-dev.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/libssl-dev.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/libssl-dev.sls' using 'jinja' renderer: 0.00171589851379 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/libssl-dev.sls: libssl-dev: pkg.installed # [DEBUG ] Results of YAML rendering: OrderedDict([('libssl-dev', 'pkg.installed')]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/libssl-dev.sls' using 'yaml' renderer: 0.00111603736877 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/libtext-csv-perl.sls' to resolve 'salt://sift/packages/libtext-csv-perl.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/libtext-csv-perl.sls' to resolve 'salt://sift/packages/libtext-csv-perl.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/libtext-csv-perl.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/libtext-csv-perl.sls' using 'jinja' renderer: 0.00146889686584 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/libtext-csv-perl.sls: libtext-csv-perl: pkg.installed # [DEBUG ] Results of YAML rendering: OrderedDict([('libtext-csv-perl', 'pkg.installed')]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/libtext-csv-perl.sls' using 'yaml' renderer: 0.00103807449341 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/libvmdk.sls' to resolve 'salt://sift/packages/libvmdk.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/libvmdk.sls' to resolve 'salt://sift/packages/libvmdk.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/libvmdk.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/libvmdk.sls' using 'jinja' renderer: 0.00150084495544 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/libvmdk.sls: libvmdk: pkg.installed # [DEBUG ] Results of YAML rendering: OrderedDict([('libvmdk', 'pkg.installed')]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/libvmdk.sls' using 'yaml' renderer: 0.00111293792725 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/libvshadow.sls' to resolve 'salt://sift/packages/libvshadow.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/libvshadow.sls' to resolve 'salt://sift/packages/libvshadow.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/libvshadow.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/libvshadow.sls' using 'jinja' renderer: 0.00151705741882 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/libvshadow.sls: libvshadow: pkg.installed # [DEBUG ] Results of YAML rendering: OrderedDict([('libvshadow', 'pkg.installed')]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/libvshadow.sls' using 'yaml' renderer: 0.00108695030212 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/libvshadow-dev.sls' to resolve 'salt://sift/packages/libvshadow-dev.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/libvshadow-dev.sls' to resolve 'salt://sift/packages/libvshadow-dev.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/libvshadow-dev.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/libvshadow-dev.sls' using 'jinja' renderer: 0.00156593322754 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/libvshadow-dev.sls: libvshadow-dev: pkg.installed # [DEBUG ] Results of YAML rendering: OrderedDict([('libvshadow-dev', 'pkg.installed')]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/libvshadow-dev.sls' using 'yaml' renderer: 0.00114893913269 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/libvshadow-python.sls' to resolve 'salt://sift/packages/libvshadow-python.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/libvshadow-python.sls' to resolve 'salt://sift/packages/libvshadow-python.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/libvshadow-python.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/libvshadow-python.sls' using 'jinja' renderer: 0.0014808177948 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/libvshadow-python.sls: libvshadow-python: pkg.installed # [DEBUG ] Results of YAML rendering: OrderedDict([('libvshadow-python', 'pkg.installed')]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/libvshadow-python.sls' using 'yaml' renderer: 0.0011088848114 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/libvshadow-tools.sls' to resolve 'salt://sift/packages/libvshadow-tools.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/libvshadow-tools.sls' to resolve 'salt://sift/packages/libvshadow-tools.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/libvshadow-tools.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/libvshadow-tools.sls' using 'jinja' renderer: 0.00149703025818 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/libvshadow-tools.sls: libvshadow-tools: pkg.installed # [DEBUG ] Results of YAML rendering: OrderedDict([('libvshadow-tools', 'pkg.installed')]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/libvshadow-tools.sls' using 'yaml' renderer: 0.00114703178406 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/libxml2-dev.sls' to resolve 'salt://sift/packages/libxml2-dev.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/libxml2-dev.sls' to resolve 'salt://sift/packages/libxml2-dev.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/libxml2-dev.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/libxml2-dev.sls' using 'jinja' renderer: 0.00143599510193 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/libxml2-dev.sls: libxml2-dev: pkg.installed # [DEBUG ] Results of YAML rendering: OrderedDict([('libxml2-dev', 'pkg.installed')]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/libxml2-dev.sls' using 'yaml' renderer: 0.0010290145874 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/libxslt-dev.sls' to resolve 'salt://sift/packages/libxslt-dev.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/libxslt-dev.sls' to resolve 'salt://sift/packages/libxslt-dev.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/libxslt-dev.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/libxslt-dev.sls' using 'jinja' renderer: 0.00147008895874 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/libxslt-dev.sls: libxslt-dev: pkg.installed # [DEBUG ] Results of YAML rendering: OrderedDict([('libxslt-dev', 'pkg.installed')]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/libxslt-dev.sls' using 'yaml' renderer: 0.00184011459351 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/md5deep.sls' to resolve 'salt://sift/packages/md5deep.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/md5deep.sls' to resolve 'salt://sift/packages/md5deep.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/md5deep.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/md5deep.sls' using 'jinja' renderer: 0.00157403945923 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/md5deep.sls: md5deep: pkg.installed # [DEBUG ] Results of YAML rendering: OrderedDict([('md5deep', 'pkg.installed')]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/md5deep.sls' using 'yaml' renderer: 0.00112795829773 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/nbd-client.sls' to resolve 'salt://sift/packages/nbd-client.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/nbd-client.sls' to resolve 'salt://sift/packages/nbd-client.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/nbd-client.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/nbd-client.sls' using 'jinja' renderer: 0.00146794319153 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/nbd-client.sls: nbd-client: pkg.installed # [DEBUG ] Results of YAML rendering: OrderedDict([('nbd-client', 'pkg.installed')]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/nbd-client.sls' using 'yaml' renderer: 0.00111389160156 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/nbtscan.sls' to resolve 'salt://sift/packages/nbtscan.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/nbtscan.sls' to resolve 'salt://sift/packages/nbtscan.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/nbtscan.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/nbtscan.sls' using 'jinja' renderer: 0.00304007530212 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/nbtscan.sls: nbtscan: pkg.installed # [DEBUG ] Results of YAML rendering: OrderedDict([('nbtscan', 'pkg.installed')]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/nbtscan.sls' using 'yaml' renderer: 0.00203800201416 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/netcat.sls' to resolve 'salt://sift/packages/netcat.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/netcat.sls' to resolve 'salt://sift/packages/netcat.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/netcat.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/netcat.sls' using 'jinja' renderer: 0.00299406051636 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/netcat.sls: netcat: pkg.installed # [DEBUG ] Results of YAML rendering: OrderedDict([('netcat', 'pkg.installed')]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/netcat.sls' using 'yaml' renderer: 0.00199389457703 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/netpbm.sls' to resolve 'salt://sift/packages/netpbm.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/netpbm.sls' to resolve 'salt://sift/packages/netpbm.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/netpbm.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/netpbm.sls' using 'jinja' renderer: 0.00299191474915 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/netpbm.sls: netpbm: pkg.installed # [DEBUG ] Results of YAML rendering: OrderedDict([('netpbm', 'pkg.installed')]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/netpbm.sls' using 'yaml' renderer: 0.00328302383423 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/netsed.sls' to resolve 'salt://sift/packages/netsed.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/netsed.sls' to resolve 'salt://sift/packages/netsed.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/netsed.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/netsed.sls' using 'jinja' renderer: 0.00298190116882 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/netsed.sls: netsed: pkg.installed # [DEBUG ] Results of YAML rendering: OrderedDict([('netsed', 'pkg.installed')]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/netsed.sls' using 'yaml' renderer: 0.00206995010376 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/netwox.sls' to resolve 'salt://sift/packages/netwox.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/netwox.sls' to resolve 'salt://sift/packages/netwox.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/netwox.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/netwox.sls' using 'jinja' renderer: 0.0025999546051 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/netwox.sls: netwox: pkg.installed # [DEBUG ] Results of YAML rendering: OrderedDict([('netwox', 'pkg.installed')]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/netwox.sls' using 'yaml' renderer: 0.00118207931519 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/nfdump.sls' to resolve 'salt://sift/packages/nfdump.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/nfdump.sls' to resolve 'salt://sift/packages/nfdump.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/nfdump.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/nfdump.sls' using 'jinja' renderer: 0.00180411338806 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/nfdump.sls: nfdump: pkg.installed # [DEBUG ] Results of YAML rendering: OrderedDict([('nfdump', 'pkg.installed')]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/nfdump.sls' using 'yaml' renderer: 0.00144910812378 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/ngrep.sls' to resolve 'salt://sift/packages/ngrep.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/ngrep.sls' to resolve 'salt://sift/packages/ngrep.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/ngrep.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/ngrep.sls' using 'jinja' renderer: 0.00169205665588 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/ngrep.sls: ngrep: pkg.installed # [DEBUG ] Results of YAML rendering: OrderedDict([('ngrep', 'pkg.installed')]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/ngrep.sls' using 'yaml' renderer: 0.00123000144958 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/nikto.sls' to resolve 'salt://sift/packages/nikto.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/nikto.sls' to resolve 'salt://sift/packages/nikto.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/nikto.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/nikto.sls' using 'jinja' renderer: 0.00107097625732 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/nikto.sls: include: - sift.repos.ubuntu-multiverse sift-nikto: pkg.installed: - name: nikto - require: - sls: sift.repos.ubuntu-multiverse # [DEBUG ] Results of YAML rendering: OrderedDict([('include', ['sift.repos.ubuntu-multiverse']), ('sift-nikto', OrderedDict([('pkg.installed', [OrderedDict([('name', 'nikto')]), OrderedDict([('require', [OrderedDict([('sls', 'sift.repos.ubuntu-multiverse')])])])])]))]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/nikto.sls' using 'yaml' renderer: 0.00200080871582 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/okular.sls' to resolve 'salt://sift/packages/okular.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/okular.sls' to resolve 'salt://sift/packages/okular.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/okular.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/okular.sls' using 'jinja' renderer: 0.000982999801636 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/okular.sls: okular: pkg.installed # [DEBUG ] Results of YAML rendering: OrderedDict([('okular', 'pkg.installed')]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/okular.sls' using 'yaml' renderer: 0.000703096389771 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/open-iscsi.sls' to resolve 'salt://sift/packages/open-iscsi.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/open-iscsi.sls' to resolve 'salt://sift/packages/open-iscsi.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/open-iscsi.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/open-iscsi.sls' using 'jinja' renderer: 0.000938177108765 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/open-iscsi.sls: open-iscsi: pkg.installed # [DEBUG ] Results of YAML rendering: OrderedDict([('open-iscsi', 'pkg.installed')]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/open-iscsi.sls' using 'yaml' renderer: 0.000667095184326 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/openjdk.sls' to resolve 'salt://sift/packages/openjdk.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/openjdk.sls' to resolve 'salt://sift/packages/openjdk.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/openjdk.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/openjdk.sls' using 'jinja' renderer: 0.00279402732849 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/openjdk.sls: include: - ..repos.openjdk openjdk: pkg.installed: - name: openjdk-7-jdk - require: - pkgrepo: openjdk-repo # [DEBUG ] Results of YAML rendering: OrderedDict([('include', ['..repos.openjdk']), ('openjdk', OrderedDict([('pkg.installed', [OrderedDict([('name', 'openjdk-7-jdk')]), OrderedDict([('require', [OrderedDict([('pkgrepo', 'openjdk-repo')])])])])]))]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/openjdk.sls' using 'yaml' renderer: 0.00185894966125 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/ophcrack.sls' to resolve 'salt://sift/packages/ophcrack.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/ophcrack.sls' to resolve 'salt://sift/packages/ophcrack.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/ophcrack.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/ophcrack.sls' using 'jinja' renderer: 0.00106596946716 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/ophcrack.sls: ophcrack: pkg.installed # [DEBUG ] Results of YAML rendering: OrderedDict([('ophcrack', 'pkg.installed')]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/ophcrack.sls' using 'yaml' renderer: 0.000752210617065 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/ophcrack-cli.sls' to resolve 'salt://sift/packages/ophcrack-cli.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/ophcrack-cli.sls' to resolve 'salt://sift/packages/ophcrack-cli.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/ophcrack-cli.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/ophcrack-cli.sls' using 'jinja' renderer: 0.000849962234497 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/ophcrack-cli.sls: ophcrack-cli: pkg.installed # [DEBUG ] Results of YAML rendering: OrderedDict([('ophcrack-cli', 'pkg.installed')]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/ophcrack-cli.sls' using 'yaml' renderer: 0.000619888305664 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/outguess.sls' to resolve 'salt://sift/packages/outguess.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/outguess.sls' to resolve 'salt://sift/packages/outguess.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/outguess.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/outguess.sls' using 'jinja' renderer: 0.00092601776123 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/outguess.sls: outguess: pkg.installed # [DEBUG ] Results of YAML rendering: OrderedDict([('outguess', 'pkg.installed')]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/outguess.sls' using 'yaml' renderer: 0.000679016113281 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/p0f.sls' to resolve 'salt://sift/packages/p0f.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/p0f.sls' to resolve 'salt://sift/packages/p0f.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/p0f.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/p0f.sls' using 'jinja' renderer: 0.000875949859619 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/p0f.sls: p0f: pkg.installed # [DEBUG ] Results of YAML rendering: OrderedDict([('p0f', 'pkg.installed')]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/p0f.sls' using 'yaml' renderer: 0.00062894821167 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/p7zip-full.sls' to resolve 'salt://sift/packages/p7zip-full.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/p7zip-full.sls' to resolve 'salt://sift/packages/p7zip-full.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/p7zip-full.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/p7zip-full.sls' using 'jinja' renderer: 0.000859975814819 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/p7zip-full.sls: p7zip-full: pkg.installed # [DEBUG ] Results of YAML rendering: OrderedDict([('p7zip-full', 'pkg.installed')]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/p7zip-full.sls' using 'yaml' renderer: 0.000640869140625 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/pdftk.sls' to resolve 'salt://sift/packages/pdftk.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/pdftk.sls' to resolve 'salt://sift/packages/pdftk.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/pdftk.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/pdftk.sls' using 'jinja' renderer: 0.000863075256348 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/pdftk.sls: pdftk: pkg.installed # [DEBUG ] Results of YAML rendering: OrderedDict([('pdftk', 'pkg.installed')]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/pdftk.sls' using 'yaml' renderer: 0.000740051269531 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/perl.sls' to resolve 'salt://sift/packages/perl.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/perl.sls' to resolve 'salt://sift/packages/perl.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/perl.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/perl.sls' using 'jinja' renderer: 0.00341510772705 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/perl.sls: sift-package-perl: pkg.installed: - name: perl sift-package-perl-cpan-configure: cmd.wait: - name: perl -MCPAN -e 'my $c = "CPAN::HandleConfig"; $c->load(doit => 1, autoconfig => 1); $c->edit(prerequisites_policy => "follow"); $c->edit(build_requires_install_policy => "yes"); $c->commit' - watch: - pkg: sift-package-perl # [DEBUG ] Results of YAML rendering: OrderedDict([('sift-package-perl', OrderedDict([('pkg.installed', [OrderedDict([('name', 'perl')])])])), ('sift-package-perl-cpan-configure', OrderedDict([('cmd.wait', [OrderedDict([('name', 'perl -MCPAN -e \'my $c = "CPAN::HandleConfig"; $c->load(doit => 1, autoconfig => 1); $c->edit(prerequisites_policy => "follow"); $c->edit(build_requires_install_policy => "yes"); $c->commit\'')]), OrderedDict([('watch', [OrderedDict([('pkg', 'sift-package-perl')])])])])]))]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/perl.sls' using 'yaml' renderer: 0.0110518932343 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/pev.sls' to resolve 'salt://sift/packages/pev.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/pev.sls' to resolve 'salt://sift/packages/pev.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/pev.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/pev.sls' using 'jinja' renderer: 0.00310802459717 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/pev.sls: pev: pkg.installed # [DEBUG ] Results of YAML rendering: OrderedDict([('pev', 'pkg.installed')]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/pev.sls' using 'yaml' renderer: 0.00257301330566 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/phonon.sls' to resolve 'salt://sift/packages/phonon.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/phonon.sls' to resolve 'salt://sift/packages/phonon.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/phonon.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/phonon.sls' using 'jinja' renderer: 0.00292611122131 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/phonon.sls: phonon: pkg.installed # [DEBUG ] Results of YAML rendering: OrderedDict([('phonon', 'pkg.installed')]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/phonon.sls' using 'yaml' renderer: 0.00227212905884 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/pkg-config.sls' to resolve 'salt://sift/packages/pkg-config.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/pkg-config.sls' to resolve 'salt://sift/packages/pkg-config.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/pkg-config.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/pkg-config.sls' using 'jinja' renderer: 0.00287008285522 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/pkg-config.sls: pkg-config: pkg.installed # [DEBUG ] Results of YAML rendering: OrderedDict([('pkg-config', 'pkg.installed')]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/pkg-config.sls' using 'yaml' renderer: 0.00294804573059 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/powershell.sls' to resolve 'salt://sift/packages/powershell.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/powershell.sls' to resolve 'salt://sift/packages/powershell.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/powershell.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/powershell.sls' using 'jinja' renderer: 0.0120730400085 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/powershell.sls: sift-powershell-source: file.managed: - name: /var/cache/sift/archives/powershell_6.0.0-alpha.13-1ubuntu1.16.04.1_amd64.deb - source: "https://github.com/Powershell/Powershell/releases/download/v6.0.0-alpha.13/powershell_6.0.0-alpha.13-1ubuntu1.16.04.1_amd64.deb" - source_hash: sha256=719fc2d42486f4fe123156e9b4380929c6dd28cb6ccbf928ba746020c1caea58 - makedirs: True sift-powershell: pkg.installed: - sources: - powershell: /var/cache/sift/archives/powershell_6.0.0-alpha.13-1ubuntu1.16.04.1_amd64.deb - watch: - file: sift-powershell-source # [DEBUG ] Results of YAML rendering: OrderedDict([('sift-powershell-source', OrderedDict([('file.managed', [OrderedDict([('name', '/var/cache/sift/archives/powershell_6.0.0-alpha.13-1ubuntu1.16.04.1_amd64.deb')]), OrderedDict([('source', 'https://github.com/Powershell/Powershell/releases/download/v6.0.0-alpha.13/powershell_6.0.0-alpha.13-1ubuntu1.16.04.1_amd64.deb')]), OrderedDict([('source_hash', 'sha256=719fc2d42486f4fe123156e9b4380929c6dd28cb6ccbf928ba746020c1caea58')]), OrderedDict([('makedirs', True)])])])), ('sift-powershell', OrderedDict([('pkg.installed', [OrderedDict([('sources', [OrderedDict([('powershell', '/var/cache/sift/archives/powershell_6.0.0-alpha.13-1ubuntu1.16.04.1_amd64.deb')])])]), OrderedDict([('watch', [OrderedDict([('file', 'sift-powershell-source')])])])])]))]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/powershell.sls' using 'yaml' renderer: 0.0112800598145 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/pv.sls' to resolve 'salt://sift/packages/pv.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/pv.sls' to resolve 'salt://sift/packages/pv.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/pv.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/pv.sls' using 'jinja' renderer: 0.00271797180176 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/pv.sls: pv: pkg.installed # [DEBUG ] Results of YAML rendering: OrderedDict([('pv', 'pkg.installed')]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/pv.sls' using 'yaml' renderer: 0.00147104263306 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/pyew.sls' to resolve 'salt://sift/packages/pyew.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/pyew.sls' to resolve 'salt://sift/packages/pyew.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/pyew.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/pyew.sls' using 'jinja' renderer: 0.00100302696228 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/pyew.sls: pyew: pkg.installed # [DEBUG ] Results of YAML rendering: OrderedDict([('pyew', 'pkg.installed')]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/pyew.sls' using 'yaml' renderer: 0.000719785690308 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/python.sls' to resolve 'salt://sift/packages/python.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/python.sls' to resolve 'salt://sift/packages/python.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/python.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/python.sls' using 'jinja' renderer: 0.00102019309998 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/python.sls: python: pkg.installed # [DEBUG ] Results of YAML rendering: OrderedDict([('python', 'pkg.installed')]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/python.sls' using 'yaml' renderer: 0.000782012939453 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/python-dev.sls' to resolve 'salt://sift/packages/python-dev.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/python-dev.sls' to resolve 'salt://sift/packages/python-dev.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/python-dev.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/python-dev.sls' using 'jinja' renderer: 0.00103187561035 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/python-dev.sls: python-dev: pkg.installed # [DEBUG ] Results of YAML rendering: OrderedDict([('python-dev', 'pkg.installed')]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/python-dev.sls' using 'yaml' renderer: 0.00074291229248 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/python-dfvfs.sls' to resolve 'salt://sift/packages/python-dfvfs.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/python-dfvfs.sls' to resolve 'salt://sift/packages/python-dfvfs.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/python-dfvfs.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/python-dfvfs.sls' using 'jinja' renderer: 0.00129294395447 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/python-dfvfs.sls: include: - ..repos.sift - ..repos.gift python-dfvfs: pkg.installed: - name: python-dfvfs - version: 20160108-1ppa1~xenial - hold: True - require: - pkgrepo: sift-repo - pkgrepo: sift-gift-repo # [DEBUG ] Results of YAML rendering: OrderedDict([('include', ['..repos.sift', '..repos.gift']), ('python-dfvfs', OrderedDict([('pkg.installed', [OrderedDict([('name', 'python-dfvfs')]), OrderedDict([('version', '20160108-1ppa1~xenial')]), OrderedDict([('hold', True)]), OrderedDict([('require', [OrderedDict([('pkgrepo', 'sift-repo')]), OrderedDict([('pkgrepo', 'sift-gift-repo')])])])])]))]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/python-dfvfs.sls' using 'yaml' renderer: 0.00304388999939 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/python-flowgrep.sls' to resolve 'salt://sift/packages/python-flowgrep.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/python-flowgrep.sls' to resolve 'salt://sift/packages/python-flowgrep.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/python-flowgrep.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/python-flowgrep.sls' using 'jinja' renderer: 0.00104093551636 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/python-flowgrep.sls: python-flowgrep: pkg.installed # [DEBUG ] Results of YAML rendering: OrderedDict([('python-flowgrep', 'pkg.installed')]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/python-flowgrep.sls' using 'yaml' renderer: 0.000715017318726 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/python-fuse.sls' to resolve 'salt://sift/packages/python-fuse.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/python-fuse.sls' to resolve 'salt://sift/packages/python-fuse.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/python-fuse.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/python-fuse.sls' using 'jinja' renderer: 0.000940084457397 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/python-fuse.sls: python-fuse: pkg.installed # [DEBUG ] Results of YAML rendering: OrderedDict([('python-fuse', 'pkg.installed')]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/python-fuse.sls' using 'yaml' renderer: 0.000653982162476 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/python-nids.sls' to resolve 'salt://sift/packages/python-nids.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/python-nids.sls' to resolve 'salt://sift/packages/python-nids.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/python-nids.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/python-nids.sls' using 'jinja' renderer: 0.000843048095703 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/python-nids.sls: python-nids: pkg.installed # [DEBUG ] Results of YAML rendering: OrderedDict([('python-nids', 'pkg.installed')]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/python-nids.sls' using 'yaml' renderer: 0.000591039657593 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/python-ntdsxtract.sls' to resolve 'salt://sift/packages/python-ntdsxtract.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/python-ntdsxtract.sls' to resolve 'salt://sift/packages/python-ntdsxtract.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/python-ntdsxtract.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/python-ntdsxtract.sls' using 'jinja' renderer: 0.00121283531189 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/python-ntdsxtract.sls: python-ntdsxtract: pkg.installed # [DEBUG ] Results of YAML rendering: OrderedDict([('python-ntdsxtract', 'pkg.installed')]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/python-ntdsxtract.sls' using 'yaml' renderer: 0.000568151473999 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/python-pefile.sls' to resolve 'salt://sift/packages/python-pefile.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/python-pefile.sls' to resolve 'salt://sift/packages/python-pefile.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/python-pefile.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/python-pefile.sls' using 'jinja' renderer: 0.000747919082642 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/python-pefile.sls: python-pefile: pkg.installed # [DEBUG ] Results of YAML rendering: OrderedDict([('python-pefile', 'pkg.installed')]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/python-pefile.sls' using 'yaml' renderer: 0.000564098358154 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/python-pip.sls' to resolve 'salt://sift/packages/python-pip.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/python-pip.sls' to resolve 'salt://sift/packages/python-pip.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/python-pip.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/python-pip.sls' using 'jinja' renderer: 0.000805139541626 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/python-pip.sls: include: - .python python-pip: pkg.installed # [DEBUG ] Results of YAML rendering: OrderedDict([('include', ['.python']), ('python-pip', 'pkg.installed')]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/python-pip.sls' using 'yaml' renderer: 0.00089693069458 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/python-plaso.sls' to resolve 'salt://sift/packages/python-plaso.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/python-plaso.sls' to resolve 'salt://sift/packages/python-plaso.sls' # [DEBUG ] Fetching file from saltenv 'base', ** attempting ** 'salt://sift/packages/python-plaso.sls' # [DEBUG ] No dest file found # [INFO ] Fetching file from saltenv 'base', ** done ** 'sift/packages/python-plaso.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/python-plaso.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/python-plaso.sls' using 'jinja' renderer: 0.000988006591797 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/python-plaso.sls: include: - ..repos.sift - ..repos.gift - sift.packages.python-xlsxwriter - sift.packages.python-dfvfs python-plaso: pkg.installed: - name: python-plaso - version: 1.4.0-1ppa3~xenial - hold: True - require: - pkgrepo: sift-repo - pkgrepo: sift-gift-repo - sls: sift.packages.python-xlsxwriter - sls: sift.packages.python-dfvfs # [DEBUG ] Results of YAML rendering: OrderedDict([('include', ['..repos.sift', '..repos.gift', 'sift.packages.python-xlsxwriter', 'sift.packages.python-dfvfs']), ('python-plaso', OrderedDict([('pkg.installed', [OrderedDict([('name', 'python-plaso')]), OrderedDict([('version', '1.4.0-1ppa3~xenial')]), OrderedDict([('hold', True)]), OrderedDict([('require', [OrderedDict([('pkgrepo', 'sift-repo')]), OrderedDict([('pkgrepo', 'sift-gift-repo')]), OrderedDict([('sls', 'sift.packages.python-xlsxwriter')]), OrderedDict([('sls', 'sift.packages.python-dfvfs')])])])])]))]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/python-plaso.sls' using 'yaml' renderer: 0.00290012359619 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/python-xlsxwriter.sls' to resolve 'salt://sift/packages/python-xlsxwriter.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/python-xlsxwriter.sls' to resolve 'salt://sift/packages/python-xlsxwriter.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/python-xlsxwriter.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/python-xlsxwriter.sls' using 'jinja' renderer: 0.000791072845459 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/python-xlsxwriter.sls: sift-python3-xlsxwriter: pkg.removed: - name: python3-xlsxwriter sift-python-xlsxwriter: pkg.installed: - name: python-xlsxwriter # [DEBUG ] Results of YAML rendering: OrderedDict([('sift-python3-xlsxwriter', OrderedDict([('pkg.removed', [OrderedDict([('name', 'python3-xlsxwriter')])])])), ('sift-python-xlsxwriter', OrderedDict([('pkg.installed', [OrderedDict([('name', 'python-xlsxwriter')])])]))]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/python-xlsxwriter.sls' using 'yaml' renderer: 0.00146198272705 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/python-pytsk3.sls' to resolve 'salt://sift/packages/python-pytsk3.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/python-pytsk3.sls' to resolve 'salt://sift/packages/python-pytsk3.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/python-pytsk3.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/python-pytsk3.sls' using 'jinja' renderer: 0.000804901123047 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/python-pytsk3.sls: pytsk3-removed: pkg.removed: - name: pytsk3 pytsk3: pkg.installed: - name: python-pytsk3 - required: - pkg: pytsk3-removed # [DEBUG ] Results of YAML rendering: OrderedDict([('pytsk3-removed', OrderedDict([('pkg.removed', [OrderedDict([('name', 'pytsk3')])])])), ('pytsk3', OrderedDict([('pkg.installed', [OrderedDict([('name', 'python-pytsk3')]), OrderedDict([('required', [OrderedDict([('pkg', 'pytsk3-removed')])])])])]))]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/python-pytsk3.sls' using 'yaml' renderer: 0.00188589096069 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/python-qt4.sls' to resolve 'salt://sift/packages/python-qt4.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/python-qt4.sls' to resolve 'salt://sift/packages/python-qt4.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/python-qt4.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/python-qt4.sls' using 'jinja' renderer: 0.000828981399536 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/python-qt4.sls: python-qt4: pkg.installed # [DEBUG ] Results of YAML rendering: OrderedDict([('python-qt4', 'pkg.installed')]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/python-qt4.sls' using 'yaml' renderer: 0.000552892684937 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/python-tk.sls' to resolve 'salt://sift/packages/python-tk.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/python-tk.sls' to resolve 'salt://sift/packages/python-tk.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/python-tk.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/python-tk.sls' using 'jinja' renderer: 0.000725030899048 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/python-tk.sls: python-tk: pkg.installed # [DEBUG ] Results of YAML rendering: OrderedDict([('python-tk', 'pkg.installed')]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/python-tk.sls' using 'yaml' renderer: 0.000511884689331 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/python-virtualenv.sls' to resolve 'salt://sift/packages/python-virtualenv.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/python-virtualenv.sls' to resolve 'salt://sift/packages/python-virtualenv.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/python-virtualenv.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/python-virtualenv.sls' using 'jinja' renderer: 0.000862121582031 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/python-virtualenv.sls: python-virtualenv: pkg.installed # [DEBUG ] Results of YAML rendering: OrderedDict([('python-virtualenv', 'pkg.installed')]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/python-virtualenv.sls' using 'yaml' renderer: 0.000561952590942 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/python-volatility.sls' to resolve 'salt://sift/packages/python-volatility.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/python-volatility.sls' to resolve 'salt://sift/packages/python-volatility.sls' # [DEBUG ] Fetching file from saltenv 'base', ** attempting ** 'salt://sift/packages/python-volatility.sls' # [DEBUG ] No dest file found # [INFO ] Fetching file from saltenv 'base', ** done ** 'sift/packages/python-volatility.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/python-volatility.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/python-volatility.sls' using 'jinja' renderer: 0.00362300872803 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/python-volatility.sls: include: - ..repos.sift - .git - sift.python-packages.colorama - sift.python-packages.construct - sift.python-packages.dpapick - sift.python-packages.distorm3 - sift.python-packages.haystack - sift.python-packages.ioc_writer - sift.python-packages.lxml - sift.python-packages.pefile - sift.python-packages.pycoin - sift.python-packages.pysocks - sift.python-packages.simplejson - sift.python-packages.yara-python python-volatility: pkg.installed: - name: python-volatility - require: - pkgrepo: sift-repo python-volatility-community-plugins: git.latest: - name: https://github.com/sans-dfir/volatility-plugins-community.git - target: /usr/lib/python2.7/dist-packages/volatility/plugins/community - user: root - rev: master - force_clone: True - require: - pkg: git - pkg: python-volatility - sls: sift.python-packages.colorama - sls: sift.python-packages.construct - sls: sift.python-packages.dpapick - sls: sift.python-packages.distorm3 - sls: sift.python-packages.haystack - sls: sift.python-packages.ioc_writer - sls: sift.python-packages.lxml - sls: sift.python-packages.pefile - sls: sift.python-packages.pycoin - sls: sift.python-packages.pysocks - sls: sift.python-packages.simplejson - sls: sift.python-packages.yara-python python-volatility-sift-plugins: file.recurse: - name: /usr/lib/python2.7/dist-packages/volatility/plugins/sift/ - source: salt://sift/files/volatility - makedirs: True - file_mode: 644 - include_pat: '*.py' - watch: - pkg: python-volatility python-volatility-plugins-malprocfind.py-absent: file.absent: - name: /usr/lib/python2.7/dist-packages/volatility/plugins/malprocfind.py - watch: - pkg: python-volatility python-volatility-plugins-idxparser.py-absent: file.absent: - name: /usr/lib/python2.7/dist-packages/volatility/plugins/idxparser.py - watch: - pkg: python-volatility python-volatility-plugins-chromehistory.py-absent: file.absent: - name: /usr/lib/python2.7/dist-packages/volatility/plugins/chromehistory.py - watch: - pkg: python-volatility python-volatility-plugins-mimikatz.py-absent: file.absent: - name: /usr/lib/python2.7/dist-packages/volatility/plugins/mimikatz.py - watch: - pkg: python-volatility python-volatility-plugins-openioc_scan.py-absent: file.absent: - name: /usr/lib/python2.7/dist-packages/volatility/plugins/openioc_scan.py - watch: - pkg: python-volatility python-volatility-plugins-pstotal.py-absent: file.absent: - name: /usr/lib/python2.7/dist-packages/volatility/plugins/pstotal.py - watch: - pkg: python-volatility python-volatility-plugins-firefoxhistory.py-absent: file.absent: - name: /usr/lib/python2.7/dist-packages/volatility/plugins/firefoxhistory.py - watch: - pkg: python-volatility python-volatility-plugins-autoruns.py-absent: file.absent: - name: /usr/lib/python2.7/dist-packages/volatility/plugins/autoruns.py - watch: - pkg: python-volatility python-volatility-plugins-malfinddeep.py-absent: file.absent: - name: /usr/lib/python2.7/dist-packages/volatility/plugins/malfinddeep.py - watch: - pkg: python-volatility python-volatility-plugins-prefetch.py-absent: file.absent: - name: /usr/lib/python2.7/dist-packages/volatility/plugins/prefetch.py - watch: - pkg: python-volatility python-volatility-plugins-baseline.py-absent: file.absent: - name: /usr/lib/python2.7/dist-packages/volatility/plugins/baseline.py - watch: - pkg: python-volatility python-volatility-plugins-ssdeepscan.py-absent: file.absent: - name: /usr/lib/python2.7/dist-packages/volatility/plugins/ssdeepscan.py - watch: - pkg: python-volatility python-volatility-plugins-uninstallinfo.py-absent: file.absent: - name: /usr/lib/python2.7/dist-packages/volatility/plugins/uninstallinfo.py - watch: - pkg: python-volatility python-volatility-plugins-trustrecords.py-absent: file.absent: - name: /usr/lib/python2.7/dist-packages/volatility/plugins/trustrecords.py - watch: - pkg: python-volatility python-volatility-plugins-usnparser.py-absent: file.absent: - name: /usr/lib/python2.7/dist-packages/volatility/plugins/usnparser.py - watch: - pkg: python-volatility python-volatility-plugins-apihooksdeep.py-absent: file.absent: - name: /usr/lib/python2.7/dist-packages/volatility/plugins/apihooksdeep.py - watch: - pkg: python-volatility python-volatility-plugins-editbox.py-absent: file.absent: - name: /usr/lib/python2.7/dist-packages/volatility/plugins/editbox.py - watch: - pkg: python-volatility python-volatility-plugins-javarat.py-absent: file.absent: - name: /usr/lib/python2.7/dist-packages/volatility/plugins/javarat.py - watch: - pkg: python-volatility # [DEBUG ] Results of YAML rendering: OrderedDict([('include', ['..repos.sift', '.git', 'sift.python-packages.colorama', 'sift.python-packages.construct', 'sift.python-packages.dpapick', 'sift.python-packages.distorm3', 'sift.python-packages.haystack', 'sift.python-packages.ioc_writer', 'sift.python-packages.lxml', 'sift.python-packages.pefile', 'sift.python-packages.pycoin', 'sift.python-packages.pysocks', 'sift.python-packages.simplejson', 'sift.python-packages.yara-python']), ('python-volatility', OrderedDict([('pkg.installed', [OrderedDict([('name', 'python-volatility')]), OrderedDict([('require', [OrderedDict([('pkgrepo', 'sift-repo')])])])])])), ('python-volatility-community-plugins', OrderedDict([('git.latest', [OrderedDict([('name', 'https://github.com/sans-dfir/volatility-plugins-community.git')]), OrderedDict([('target', '/usr/lib/python2.7/dist-packages/volatility/plugins/community')]), OrderedDict([('user', 'root')]), OrderedDict([('rev', 'master')]), OrderedDict([('force_clone', True)]), OrderedDict([('require', [OrderedDict([('pkg', 'git')]), OrderedDict([('pkg', 'python-volatility')]), OrderedDict([('sls', 'sift.python-packages.colorama')]), OrderedDict([('sls', 'sift.python-packages.construct')]), OrderedDict([('sls', 'sift.python-packages.dpapick')]), OrderedDict([('sls', 'sift.python-packages.distorm3')]), OrderedDict([('sls', 'sift.python-packages.haystack')]), OrderedDict([('sls', 'sift.python-packages.ioc_writer')]), OrderedDict([('sls', 'sift.python-packages.lxml')]), OrderedDict([('sls', 'sift.python-packages.pefile')]), OrderedDict([('sls', 'sift.python-packages.pycoin')]), OrderedDict([('sls', 'sift.python-packages.pysocks')]), OrderedDict([('sls', 'sift.python-packages.simplejson')]), OrderedDict([('sls', 'sift.python-packages.yara-python')])])])])])), ('python-volatility-sift-plugins', OrderedDict([('file.recurse', [OrderedDict([('name', '/usr/lib/python2.7/dist-packages/volatility/plugins/sift/')]), OrderedDict([('source', 'salt://sift/files/volatility')]), OrderedDict([('makedirs', True)]), OrderedDict([('file_mode', 644)]), OrderedDict([('include_pat', '*.py')]), OrderedDict([('watch', [OrderedDict([('pkg', 'python-volatility')])])])])])), ('python-volatility-plugins-malprocfind.py-absent', OrderedDict([('file.absent', [OrderedDict([('name', '/usr/lib/python2.7/dist-packages/volatility/plugins/malprocfind.py')]), OrderedDict([('watch', [OrderedDict([('pkg', 'python-volatility')])])])])])), ('python-volatility-plugins-idxparser.py-absent', OrderedDict([('file.absent', [OrderedDict([('name', '/usr/lib/python2.7/dist-packages/volatility/plugins/idxparser.py')]), OrderedDict([('watch', [OrderedDict([('pkg', 'python-volatility')])])])])])), ('python-volatility-plugins-chromehistory.py-absent', OrderedDict([('file.absent', [OrderedDict([('name', '/usr/lib/python2.7/dist-packages/volatility/plugins/chromehistory.py')]), OrderedDict([('watch', [OrderedDict([('pkg', 'python-volatility')])])])])])), ('python-volatility-plugins-mimikatz.py-absent', OrderedDict([('file.absent', [OrderedDict([('name', '/usr/lib/python2.7/dist-packages/volatility/plugins/mimikatz.py')]), OrderedDict([('watch', [OrderedDict([('pkg', 'python-volatility')])])])])])), ('python-volatility-plugins-openioc_scan.py-absent', OrderedDict([('file.absent', [OrderedDict([('name', '/usr/lib/python2.7/dist-packages/volatility/plugins/openioc_scan.py')]), OrderedDict([('watch', [OrderedDict([('pkg', 'python-volatility')])])])])])), ('python-volatility-plugins-pstotal.py-absent', OrderedDict([('file.absent', [OrderedDict([('name', '/usr/lib/python2.7/dist-packages/volatility/plugins/pstotal.py')]), OrderedDict([('watch', [OrderedDict([('pkg', 'python-volatility')])])])])])), ('python-volatility-plugins-firefoxhistory.py-absent', OrderedDict([('file.absent', [OrderedDict([('name', '/usr/lib/python2.7/dist-packages/volatility/plugins/firefoxhistory.py')]), OrderedDict([('watch', [OrderedDict([('pkg', 'python-volatility')])])])])])), ('python-volatility-plugins-autoruns.py-absent', OrderedDict([('file.absent', [OrderedDict([('name', '/usr/lib/python2.7/dist-packages/volatility/plugins/autoruns.py')]), OrderedDict([('watch', [OrderedDict([('pkg', 'python-volatility')])])])])])), ('python-volatility-plugins-malfinddeep.py-absent', OrderedDict([('file.absent', [OrderedDict([('name', '/usr/lib/python2.7/dist-packages/volatility/plugins/malfinddeep.py')]), OrderedDict([('watch', [OrderedDict([('pkg', 'python-volatility')])])])])])), ('python-volatility-plugins-prefetch.py-absent', OrderedDict([('file.absent', [OrderedDict([('name', '/usr/lib/python2.7/dist-packages/volatility/plugins/prefetch.py')]), OrderedDict([('watch', [OrderedDict([('pkg', 'python-volatility')])])])])])), ('python-volatility-plugins-baseline.py-absent', OrderedDict([('file.absent', [OrderedDict([('name', '/usr/lib/python2.7/dist-packages/volatility/plugins/baseline.py')]), OrderedDict([('watch', [OrderedDict([('pkg', 'python-volatility')])])])])])), ('python-volatility-plugins-ssdeepscan.py-absent', OrderedDict([('file.absent', [OrderedDict([('name', '/usr/lib/python2.7/dist-packages/volatility/plugins/ssdeepscan.py')]), OrderedDict([('watch', [OrderedDict([('pkg', 'python-volatility')])])])])])), ('python-volatility-plugins-uninstallinfo.py-absent', OrderedDict([('file.absent', [OrderedDict([('name', '/usr/lib/python2.7/dist-packages/volatility/plugins/uninstallinfo.py')]), OrderedDict([('watch', [OrderedDict([('pkg', 'python-volatility')])])])])])), ('python-volatility-plugins-trustrecords.py-absent', OrderedDict([('file.absent', [OrderedDict([('name', '/usr/lib/python2.7/dist-packages/volatility/plugins/trustrecords.py')]), OrderedDict([('watch', [OrderedDict([('pkg', 'python-volatility')])])])])])), ('python-volatility-plugins-usnparser.py-absent', OrderedDict([('file.absent', [OrderedDict([('name', '/usr/lib/python2.7/dist-packages/volatility/plugins/usnparser.py')]), OrderedDict([('watch', [OrderedDict([('pkg', 'python-volatility')])])])])])), ('python-volatility-plugins-apihooksdeep.py-absent', OrderedDict([('file.absent', [OrderedDict([('name', '/usr/lib/python2.7/dist-packages/volatility/plugins/apihooksdeep.py')]), OrderedDict([('watch', [OrderedDict([('pkg', 'python-volatility')])])])])])), ('python-volatility-plugins-editbox.py-absent', OrderedDict([('file.absent', [OrderedDict([('name', '/usr/lib/python2.7/dist-packages/volatility/plugins/editbox.py')]), OrderedDict([('watch', [OrderedDict([('pkg', 'python-volatility')])])])])])), ('python-volatility-plugins-javarat.py-absent', OrderedDict([('file.absent', [OrderedDict([('name', '/usr/lib/python2.7/dist-packages/volatility/plugins/javarat.py')]), OrderedDict([('watch', [OrderedDict([('pkg', 'python-volatility')])])])])]))]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/python-volatility.sls' using 'yaml' renderer: 0.0316529273987 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/python-packages/colorama.sls' to resolve 'salt://sift/python-packages/colorama.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/python-packages/colorama.sls' to resolve 'salt://sift/python-packages/colorama.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/python-packages/colorama.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/python-packages/colorama.sls' using 'jinja' renderer: 0.000864028930664 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/python-packages/colorama.sls: include: - ..packages.python-pip colorama: pip.installed # [DEBUG ] Results of YAML rendering: OrderedDict([('include', ['..packages.python-pip']), ('colorama', 'pip.installed')]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/python-packages/colorama.sls' using 'yaml' renderer: 0.000821113586426 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/python-packages/construct.sls' to resolve 'salt://sift/python-packages/construct.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/python-packages/construct.sls' to resolve 'salt://sift/python-packages/construct.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/python-packages/construct.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/python-packages/construct.sls' using 'jinja' renderer: 0.000695943832397 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/python-packages/construct.sls: include: - ..packages.python-pip construct: pip.installed: - require: - pkg: python-pip # [DEBUG ] Results of YAML rendering: OrderedDict([('include', ['..packages.python-pip']), ('construct', OrderedDict([('pip.installed', [OrderedDict([('require', [OrderedDict([('pkg', 'python-pip')])])])])]))]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/python-packages/construct.sls' using 'yaml' renderer: 0.00125002861023 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/python-packages/dpapick.sls' to resolve 'salt://sift/python-packages/dpapick.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/python-packages/dpapick.sls' to resolve 'salt://sift/python-packages/dpapick.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/python-packages/dpapick.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/python-packages/dpapick.sls' using 'jinja' renderer: 0.000830173492432 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/python-packages/dpapick.sls: # Note: not included in init.sls, only required by python-volatility include: - ..packages.python-pip - sift.packages.libssl-dev dpapick: pip.installed: - name: dpapick - upgrade: True - require: - pkg: python-pip - sls: sift.packages.libssl-dev # [DEBUG ] Results of YAML rendering: OrderedDict([('include', ['..packages.python-pip', 'sift.packages.libssl-dev']), ('dpapick', OrderedDict([('pip.installed', [OrderedDict([('name', 'dpapick')]), OrderedDict([('upgrade', True)]), OrderedDict([('require', [OrderedDict([('pkg', 'python-pip')]), OrderedDict([('sls', 'sift.packages.libssl-dev')])])])])]))]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/python-packages/dpapick.sls' using 'yaml' renderer: 0.00213503837585 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/python-packages/distorm3.sls' to resolve 'salt://sift/python-packages/distorm3.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/python-packages/distorm3.sls' to resolve 'salt://sift/python-packages/distorm3.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/python-packages/distorm3.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/python-packages/distorm3.sls' using 'jinja' renderer: 0.000834941864014 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/python-packages/distorm3.sls: include: - ..packages.python-pip distorm3: pip.installed: - require: - pkg: python-pip # [DEBUG ] Results of YAML rendering: OrderedDict([('include', ['..packages.python-pip']), ('distorm3', OrderedDict([('pip.installed', [OrderedDict([('require', [OrderedDict([('pkg', 'python-pip')])])])])]))]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/python-packages/distorm3.sls' using 'yaml' renderer: 0.00131607055664 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/python-packages/haystack.sls' to resolve 'salt://sift/python-packages/haystack.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/python-packages/haystack.sls' to resolve 'salt://sift/python-packages/haystack.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/python-packages/haystack.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/python-packages/haystack.sls' using 'jinja' renderer: 0.000743865966797 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/python-packages/haystack.sls: # Note: not included in init.sls, only required by python-volatility include: - ..packages.python-pip haystack: pip.installed: - name: haystack - upgrade: True - require: - pkg: python-pip # [DEBUG ] Results of YAML rendering: OrderedDict([('include', ['..packages.python-pip']), ('haystack', OrderedDict([('pip.installed', [OrderedDict([('name', 'haystack')]), OrderedDict([('upgrade', True)]), OrderedDict([('require', [OrderedDict([('pkg', 'python-pip')])])])])]))]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/python-packages/haystack.sls' using 'yaml' renderer: 0.00170993804932 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/python-packages/ioc_writer.sls' to resolve 'salt://sift/python-packages/ioc_writer.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/python-packages/ioc_writer.sls' to resolve 'salt://sift/python-packages/ioc_writer.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/python-packages/ioc_writer.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/python-packages/ioc_writer.sls' using 'jinja' renderer: 0.00071907043457 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/python-packages/ioc_writer.sls: include: - ..packages.python-pip - .lxml ioc_writer: pip.installed: - require: - pkg: python-pip - pip: lxml # [DEBUG ] Results of YAML rendering: OrderedDict([('include', ['..packages.python-pip', '.lxml']), ('ioc_writer', OrderedDict([('pip.installed', [OrderedDict([('require', [OrderedDict([('pkg', 'python-pip')]), OrderedDict([('pip', 'lxml')])])])])]))]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/python-packages/ioc_writer.sls' using 'yaml' renderer: 0.00151491165161 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/python-packages/lxml.sls' to resolve 'salt://sift/python-packages/lxml.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/python-packages/lxml.sls' to resolve 'salt://sift/python-packages/lxml.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/python-packages/lxml.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/python-packages/lxml.sls' using 'jinja' renderer: 0.00107312202454 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/python-packages/lxml.sls: include: - ..packages.python-pip - ..packages.libxml2-dev - ..packages.libxslt-dev lxml: pip.installed: - require: - pkg: python-pip - pkg: libxml2-dev - pkg: libxslt-dev # [DEBUG ] Results of YAML rendering: OrderedDict([('include', ['..packages.python-pip', '..packages.libxml2-dev', '..packages.libxslt-dev']), ('lxml', OrderedDict([('pip.installed', [OrderedDict([('require', [OrderedDict([('pkg', 'python-pip')]), OrderedDict([('pkg', 'libxml2-dev')]), OrderedDict([('pkg', 'libxslt-dev')])])])])]))]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/python-packages/lxml.sls' using 'yaml' renderer: 0.00195288658142 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/python-packages/pefile.sls' to resolve 'salt://sift/python-packages/pefile.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/python-packages/pefile.sls' to resolve 'salt://sift/python-packages/pefile.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/python-packages/pefile.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/python-packages/pefile.sls' using 'jinja' renderer: 0.000710010528564 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/python-packages/pefile.sls: include: - ..packages.python-pip pefile: pip.installed: - require: - pkg: python-pip # [DEBUG ] Results of YAML rendering: OrderedDict([('include', ['..packages.python-pip']), ('pefile', OrderedDict([('pip.installed', [OrderedDict([('require', [OrderedDict([('pkg', 'python-pip')])])])])]))]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/python-packages/pefile.sls' using 'yaml' renderer: 0.00123882293701 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/python-packages/pycoin.sls' to resolve 'salt://sift/python-packages/pycoin.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/python-packages/pycoin.sls' to resolve 'salt://sift/python-packages/pycoin.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/python-packages/pycoin.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/python-packages/pycoin.sls' using 'jinja' renderer: 0.000699043273926 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/python-packages/pycoin.sls: # Note: not included in init.sls, only required by python-volatility include: - ..packages.python-pip pycoin: pip.installed: - name: pycoin - upgrade: True - require: - pkg: python-pip # [DEBUG ] Results of YAML rendering: OrderedDict([('include', ['..packages.python-pip']), ('pycoin', OrderedDict([('pip.installed', [OrderedDict([('name', 'pycoin')]), OrderedDict([('upgrade', True)]), OrderedDict([('require', [OrderedDict([('pkg', 'python-pip')])])])])]))]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/python-packages/pycoin.sls' using 'yaml' renderer: 0.00212502479553 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/python-packages/pysocks.sls' to resolve 'salt://sift/python-packages/pysocks.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/python-packages/pysocks.sls' to resolve 'salt://sift/python-packages/pysocks.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/python-packages/pysocks.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/python-packages/pysocks.sls' using 'jinja' renderer: 0.000864028930664 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/python-packages/pysocks.sls: include: - ..packages.python-pip pysocks: pip.installed: - name: pysocks - require: - pkg: python-pip # [DEBUG ] Results of YAML rendering: OrderedDict([('include', ['..packages.python-pip']), ('pysocks', OrderedDict([('pip.installed', [OrderedDict([('name', 'pysocks')]), OrderedDict([('require', [OrderedDict([('pkg', 'python-pip')])])])])]))]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/python-packages/pysocks.sls' using 'yaml' renderer: 0.00154709815979 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/python-packages/simplejson.sls' to resolve 'salt://sift/python-packages/simplejson.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/python-packages/simplejson.sls' to resolve 'salt://sift/python-packages/simplejson.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/python-packages/simplejson.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/python-packages/simplejson.sls' using 'jinja' renderer: 0.000768899917603 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/python-packages/simplejson.sls: # Note: not included in init.sls, only required by python-volatility include: - ..packages.python-pip simplejson: pip.installed: - name: simplejson - upgrade: True - require: - pkg: python-pip # [DEBUG ] Results of YAML rendering: OrderedDict([('include', ['..packages.python-pip']), ('simplejson', OrderedDict([('pip.installed', [OrderedDict([('name', 'simplejson')]), OrderedDict([('upgrade', True)]), OrderedDict([('require', [OrderedDict([('pkg', 'python-pip')])])])])]))]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/python-packages/simplejson.sls' using 'yaml' renderer: 0.00173807144165 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/python-packages/yara-python.sls' to resolve 'salt://sift/python-packages/yara-python.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/python-packages/yara-python.sls' to resolve 'salt://sift/python-packages/yara-python.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/python-packages/yara-python.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/python-packages/yara-python.sls' using 'jinja' renderer: 0.000726938247681 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/python-packages/yara-python.sls: # Note: not included in init.sls, only required by python-volatility include: - ..packages.python-pip yara-python: pip.installed: - name: yara-python - upgrade: True - require: - pkg: python-pip # [DEBUG ] Results of YAML rendering: OrderedDict([('include', ['..packages.python-pip']), ('yara-python', OrderedDict([('pip.installed', [OrderedDict([('name', 'yara-python')]), OrderedDict([('upgrade', True)]), OrderedDict([('require', [OrderedDict([('pkg', 'python-pip')])])])])]))]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/python-packages/yara-python.sls' using 'yaml' renderer: 0.00174307823181 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/python-yara.sls' to resolve 'salt://sift/packages/python-yara.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/python-yara.sls' to resolve 'salt://sift/packages/python-yara.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/python-yara.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/python-yara.sls' using 'jinja' renderer: 0.000836133956909 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/python-yara.sls: python-yara: pkg.installed # [DEBUG ] Results of YAML rendering: OrderedDict([('python-yara', 'pkg.installed')]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/python-yara.sls' using 'yaml' renderer: 0.000619888305664 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/qemu.sls' to resolve 'salt://sift/packages/qemu.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/qemu.sls' to resolve 'salt://sift/packages/qemu.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/qemu.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/qemu.sls' using 'jinja' renderer: 0.000704050064087 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/qemu.sls: qemu: pkg.installed # [DEBUG ] Results of YAML rendering: OrderedDict([('qemu', 'pkg.installed')]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/qemu.sls' using 'yaml' renderer: 0.000509023666382 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/qemu-utils.sls' to resolve 'salt://sift/packages/qemu-utils.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/qemu-utils.sls' to resolve 'salt://sift/packages/qemu-utils.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/qemu-utils.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/qemu-utils.sls' using 'jinja' renderer: 0.00065803527832 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/qemu-utils.sls: qemu-utils: pkg.installed # [DEBUG ] Results of YAML rendering: OrderedDict([('qemu-utils', 'pkg.installed')]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/qemu-utils.sls' using 'yaml' renderer: 0.000515937805176 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/radare2.sls' to resolve 'salt://sift/packages/radare2.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/radare2.sls' to resolve 'salt://sift/packages/radare2.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/radare2.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/radare2.sls' using 'jinja' renderer: 0.000673770904541 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/radare2.sls: radare2: pkg.installed # [DEBUG ] Results of YAML rendering: OrderedDict([('radare2', 'pkg.installed')]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/radare2.sls' using 'yaml' renderer: 0.000484943389893 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/rar.sls' to resolve 'salt://sift/packages/rar.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/rar.sls' to resolve 'salt://sift/packages/rar.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/rar.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/rar.sls' using 'jinja' renderer: 0.000702857971191 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/rar.sls: include: - sift.repos.ubuntu-multiverse sift-rar: pkg.installed: - name: rar - require: - sls: sift.repos.ubuntu-multiverse # [DEBUG ] Results of YAML rendering: OrderedDict([('include', ['sift.repos.ubuntu-multiverse']), ('sift-rar', OrderedDict([('pkg.installed', [OrderedDict([('name', 'rar')]), OrderedDict([('require', [OrderedDict([('sls', 'sift.repos.ubuntu-multiverse')])])])])]))]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/rar.sls' using 'yaml' renderer: 0.00229907035828 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/readpst.sls' to resolve 'salt://sift/packages/readpst.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/readpst.sls' to resolve 'salt://sift/packages/readpst.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/readpst.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/readpst.sls' using 'jinja' renderer: 0.000760078430176 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/readpst.sls: readpst: pkg.installed # [DEBUG ] Results of YAML rendering: OrderedDict([('readpst', 'pkg.installed')]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/readpst.sls' using 'yaml' renderer: 0.000504970550537 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/rsakeyfind.sls' to resolve 'salt://sift/packages/rsakeyfind.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/rsakeyfind.sls' to resolve 'salt://sift/packages/rsakeyfind.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/rsakeyfind.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/rsakeyfind.sls' using 'jinja' renderer: 0.00066089630127 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/rsakeyfind.sls: rsakeyfind: pkg.installed # [DEBUG ] Results of YAML rendering: OrderedDict([('rsakeyfind', 'pkg.installed')]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/rsakeyfind.sls' using 'yaml' renderer: 0.00059986114502 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/safecopy.sls' to resolve 'salt://sift/packages/safecopy.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/safecopy.sls' to resolve 'salt://sift/packages/safecopy.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/safecopy.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/safecopy.sls' using 'jinja' renderer: 0.000730991363525 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/safecopy.sls: safecopy: pkg.installed # [DEBUG ] Results of YAML rendering: OrderedDict([('safecopy', 'pkg.installed')]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/safecopy.sls' using 'yaml' renderer: 0.000524997711182 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/samba.sls' to resolve 'salt://sift/packages/samba.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/samba.sls' to resolve 'salt://sift/packages/samba.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/samba.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/samba.sls' using 'jinja' renderer: 0.000658988952637 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/samba.sls: samba: pkg.installed # [DEBUG ] Results of YAML rendering: OrderedDict([('samba', 'pkg.installed')]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/samba.sls' using 'yaml' renderer: 0.000530958175659 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/samdump2.sls' to resolve 'salt://sift/packages/samdump2.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/samdump2.sls' to resolve 'salt://sift/packages/samdump2.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/samdump2.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/samdump2.sls' using 'jinja' renderer: 0.00128197669983 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/samdump2.sls: samdump2: pkg.installed # [DEBUG ] Results of YAML rendering: OrderedDict([('samdump2', 'pkg.installed')]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/samdump2.sls' using 'yaml' renderer: 0.00061821937561 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/scalpel.sls' to resolve 'salt://sift/packages/scalpel.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/scalpel.sls' to resolve 'salt://sift/packages/scalpel.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/scalpel.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/scalpel.sls' using 'jinja' renderer: 0.000678062438965 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/scalpel.sls: scalpel: pkg.installed # [DEBUG ] Results of YAML rendering: OrderedDict([('scalpel', 'pkg.installed')]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/scalpel.sls' using 'yaml' renderer: 0.000478029251099 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/sleuthkit.sls' to resolve 'salt://sift/packages/sleuthkit.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/sleuthkit.sls' to resolve 'salt://sift/packages/sleuthkit.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/sleuthkit.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/sleuthkit.sls' using 'jinja' renderer: 0.000658988952637 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/sleuthkit.sls: sleuthkit: pkg.installed # [DEBUG ] Results of YAML rendering: OrderedDict([('sleuthkit', 'pkg.installed')]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/sleuthkit.sls' using 'yaml' renderer: 0.000502109527588 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/socat.sls' to resolve 'salt://sift/packages/socat.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/socat.sls' to resolve 'salt://sift/packages/socat.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/socat.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/socat.sls' using 'jinja' renderer: 0.000661134719849 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/socat.sls: socat: pkg.installed # [DEBUG ] Results of YAML rendering: OrderedDict([('socat', 'pkg.installed')]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/socat.sls' using 'yaml' renderer: 0.000472784042358 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/ssdeep.sls' to resolve 'salt://sift/packages/ssdeep.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/ssdeep.sls' to resolve 'salt://sift/packages/ssdeep.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/ssdeep.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/ssdeep.sls' using 'jinja' renderer: 0.000895977020264 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/ssdeep.sls: ssdeep: pkg.installed # [DEBUG ] Results of YAML rendering: OrderedDict([('ssdeep', 'pkg.installed')]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/ssdeep.sls' using 'yaml' renderer: 0.00055718421936 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/ssldump.sls' to resolve 'salt://sift/packages/ssldump.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/ssldump.sls' to resolve 'salt://sift/packages/ssldump.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/ssldump.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/ssldump.sls' using 'jinja' renderer: 0.000694036483765 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/ssldump.sls: ssldump: pkg.installed # [DEBUG ] Results of YAML rendering: OrderedDict([('ssldump', 'pkg.installed')]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/ssldump.sls' using 'yaml' renderer: 0.000521898269653 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/sslsniff.sls' to resolve 'salt://sift/packages/sslsniff.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/sslsniff.sls' to resolve 'salt://sift/packages/sslsniff.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/sslsniff.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/sslsniff.sls' using 'jinja' renderer: 0.000695943832397 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/sslsniff.sls: sslsniff: pkg.installed # [DEBUG ] Results of YAML rendering: OrderedDict([('sslsniff', 'pkg.installed')]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/sslsniff.sls' using 'yaml' renderer: 0.00049090385437 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/stunnel4.sls' to resolve 'salt://sift/packages/stunnel4.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/stunnel4.sls' to resolve 'salt://sift/packages/stunnel4.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/stunnel4.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/stunnel4.sls' using 'jinja' renderer: 0.000711917877197 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/stunnel4.sls: stunnel4: pkg.installed # [DEBUG ] Results of YAML rendering: OrderedDict([('stunnel4', 'pkg.installed')]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/stunnel4.sls' using 'yaml' renderer: 0.000524044036865 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/system-config-samba.sls' to resolve 'salt://sift/packages/system-config-samba.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/system-config-samba.sls' to resolve 'salt://sift/packages/system-config-samba.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/system-config-samba.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/system-config-samba.sls' using 'jinja' renderer: 0.000816106796265 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/system-config-samba.sls: system-config-samba: pkg.installed # [DEBUG ] Results of YAML rendering: OrderedDict([('system-config-samba', 'pkg.installed')]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/system-config-samba.sls' using 'yaml' renderer: 0.000640153884888 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/tcl.sls' to resolve 'salt://sift/packages/tcl.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/tcl.sls' to resolve 'salt://sift/packages/tcl.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/tcl.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/tcl.sls' using 'jinja' renderer: 0.000809907913208 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/tcl.sls: tcl: pkg.installed # [DEBUG ] Results of YAML rendering: OrderedDict([('tcl', 'pkg.installed')]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/tcl.sls' using 'yaml' renderer: 0.000561952590942 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/tcpflow.sls' to resolve 'salt://sift/packages/tcpflow.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/tcpflow.sls' to resolve 'salt://sift/packages/tcpflow.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/tcpflow.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/tcpflow.sls' using 'jinja' renderer: 0.00072193145752 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/tcpflow.sls: tcpflow: pkg.installed # [DEBUG ] Results of YAML rendering: OrderedDict([('tcpflow', 'pkg.installed')]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/tcpflow.sls' using 'yaml' renderer: 0.000483989715576 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/tcpick.sls' to resolve 'salt://sift/packages/tcpick.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/tcpick.sls' to resolve 'salt://sift/packages/tcpick.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/tcpick.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/tcpick.sls' using 'jinja' renderer: 0.000693082809448 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/tcpick.sls: tcpick: pkg.installed # [DEBUG ] Results of YAML rendering: OrderedDict([('tcpick', 'pkg.installed')]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/tcpick.sls' using 'yaml' renderer: 0.000521898269653 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/tcpreplay.sls' to resolve 'salt://sift/packages/tcpreplay.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/tcpreplay.sls' to resolve 'salt://sift/packages/tcpreplay.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/tcpreplay.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/tcpreplay.sls' using 'jinja' renderer: 0.000733137130737 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/tcpreplay.sls: tcpreplay: pkg.installed # [DEBUG ] Results of YAML rendering: OrderedDict([('tcpreplay', 'pkg.installed')]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/tcpreplay.sls' using 'yaml' renderer: 0.000514030456543 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/tcpslice.sls' to resolve 'salt://sift/packages/tcpslice.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/tcpslice.sls' to resolve 'salt://sift/packages/tcpslice.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/tcpslice.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/tcpslice.sls' using 'jinja' renderer: 0.000869989395142 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/tcpslice.sls: tcpslice: pkg.installed # [DEBUG ] Results of YAML rendering: OrderedDict([('tcpslice', 'pkg.installed')]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/tcpslice.sls' using 'yaml' renderer: 0.000600099563599 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/tcpstat.sls' to resolve 'salt://sift/packages/tcpstat.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/tcpstat.sls' to resolve 'salt://sift/packages/tcpstat.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/tcpstat.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/tcpstat.sls' using 'jinja' renderer: 0.000773191452026 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/tcpstat.sls: tcpstat: pkg.installed # [DEBUG ] Results of YAML rendering: OrderedDict([('tcpstat', 'pkg.installed')]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/tcpstat.sls' using 'yaml' renderer: 0.000517129898071 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/tcptrace.sls' to resolve 'salt://sift/packages/tcptrace.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/tcptrace.sls' to resolve 'salt://sift/packages/tcptrace.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/tcptrace.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/tcptrace.sls' using 'jinja' renderer: 0.000732898712158 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/tcptrace.sls: tcptrace: pkg.installed # [DEBUG ] Results of YAML rendering: OrderedDict([('tcptrace', 'pkg.installed')]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/tcptrace.sls' using 'yaml' renderer: 0.000554084777832 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/tcptrack.sls' to resolve 'salt://sift/packages/tcptrack.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/tcptrack.sls' to resolve 'salt://sift/packages/tcptrack.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/tcptrack.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/tcptrack.sls' using 'jinja' renderer: 0.000922918319702 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/tcptrack.sls: tcptrack: pkg.installed # [DEBUG ] Results of YAML rendering: OrderedDict([('tcptrack', 'pkg.installed')]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/tcptrack.sls' using 'yaml' renderer: 0.000616073608398 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/tcpxtract.sls' to resolve 'salt://sift/packages/tcpxtract.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/tcpxtract.sls' to resolve 'salt://sift/packages/tcpxtract.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/tcpxtract.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/tcpxtract.sls' using 'jinja' renderer: 0.000898122787476 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/tcpxtract.sls: tcpxtract: pkg.installed # [DEBUG ] Results of YAML rendering: OrderedDict([('tcpxtract', 'pkg.installed')]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/tcpxtract.sls' using 'yaml' renderer: 0.00064492225647 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/testdisk.sls' to resolve 'salt://sift/packages/testdisk.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/testdisk.sls' to resolve 'salt://sift/packages/testdisk.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/testdisk.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/testdisk.sls' using 'jinja' renderer: 0.000735998153687 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/testdisk.sls: testdisk: pkg.installed # [DEBUG ] Results of YAML rendering: OrderedDict([('testdisk', 'pkg.installed')]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/testdisk.sls' using 'yaml' renderer: 0.000515937805176 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/tofrodos.sls' to resolve 'salt://sift/packages/tofrodos.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/tofrodos.sls' to resolve 'salt://sift/packages/tofrodos.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/tofrodos.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/tofrodos.sls' using 'jinja' renderer: 0.000655889511108 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/tofrodos.sls: tofrodos: pkg.installed # [DEBUG ] Results of YAML rendering: OrderedDict([('tofrodos', 'pkg.installed')]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/tofrodos.sls' using 'yaml' renderer: 0.000552892684937 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/transmission.sls' to resolve 'salt://sift/packages/transmission.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/transmission.sls' to resolve 'salt://sift/packages/transmission.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/transmission.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/transmission.sls' using 'jinja' renderer: 0.00121998786926 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/transmission.sls: transmission: pkg.installed # [DEBUG ] Results of YAML rendering: OrderedDict([('transmission', 'pkg.installed')]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/transmission.sls' using 'yaml' renderer: 0.00055718421936 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/unity-control-center.sls' to resolve 'salt://sift/packages/unity-control-center.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/unity-control-center.sls' to resolve 'salt://sift/packages/unity-control-center.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/unity-control-center.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/unity-control-center.sls' using 'jinja' renderer: 0.000799894332886 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/unity-control-center.sls: unity-control-center: pkg.installed # [DEBUG ] Results of YAML rendering: OrderedDict([('unity-control-center', 'pkg.installed')]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/unity-control-center.sls' using 'yaml' renderer: 0.000596046447754 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/unrar.sls' to resolve 'salt://sift/packages/unrar.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/unrar.sls' to resolve 'salt://sift/packages/unrar.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/unrar.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/unrar.sls' using 'jinja' renderer: 0.000783920288086 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/unrar.sls: include: - sift.repos.ubuntu-multiverse sift-unrar: pkg.installed: - name: unrar - require: - sls: sift.repos.ubuntu-multiverse # [DEBUG ] Results of YAML rendering: OrderedDict([('include', ['sift.repos.ubuntu-multiverse']), ('sift-unrar', OrderedDict([('pkg.installed', [OrderedDict([('name', 'unrar')]), OrderedDict([('require', [OrderedDict([('sls', 'sift.repos.ubuntu-multiverse')])])])])]))]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/unrar.sls' using 'yaml' renderer: 0.0014979839325 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/upx-ucl.sls' to resolve 'salt://sift/packages/upx-ucl.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/upx-ucl.sls' to resolve 'salt://sift/packages/upx-ucl.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/upx-ucl.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/upx-ucl.sls' using 'jinja' renderer: 0.000672101974487 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/upx-ucl.sls: upx-ucl: pkg.installed # [DEBUG ] Results of YAML rendering: OrderedDict([('upx-ucl', 'pkg.installed')]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/upx-ucl.sls' using 'yaml' renderer: 0.000545978546143 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/vbindiff.sls' to resolve 'salt://sift/packages/vbindiff.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/vbindiff.sls' to resolve 'salt://sift/packages/vbindiff.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/vbindiff.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/vbindiff.sls' using 'jinja' renderer: 0.000712156295776 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/vbindiff.sls: vbindiff: pkg.installed # [DEBUG ] Results of YAML rendering: OrderedDict([('vbindiff', 'pkg.installed')]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/vbindiff.sls' using 'yaml' renderer: 0.000535011291504 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/vim.sls' to resolve 'salt://sift/packages/vim.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/vim.sls' to resolve 'salt://sift/packages/vim.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/vim.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/vim.sls' using 'jinja' renderer: 0.000833988189697 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/vim.sls: vim: pkg.installed # [DEBUG ] Results of YAML rendering: OrderedDict([('vim', 'pkg.installed')]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/vim.sls' using 'yaml' renderer: 0.000608921051025 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/virtuoso-minimal.sls' to resolve 'salt://sift/packages/virtuoso-minimal.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/virtuoso-minimal.sls' to resolve 'salt://sift/packages/virtuoso-minimal.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/virtuoso-minimal.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/virtuoso-minimal.sls' using 'jinja' renderer: 0.000773191452026 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/virtuoso-minimal.sls: virtuoso-minimal: pkg.installed # [DEBUG ] Results of YAML rendering: OrderedDict([('virtuoso-minimal', 'pkg.installed')]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/virtuoso-minimal.sls' using 'yaml' renderer: 0.000523090362549 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/vmfs-tools.sls' to resolve 'salt://sift/packages/vmfs-tools.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/vmfs-tools.sls' to resolve 'salt://sift/packages/vmfs-tools.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/vmfs-tools.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/vmfs-tools.sls' using 'jinja' renderer: 0.000720977783203 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/vmfs-tools.sls: vmfs-tools: pkg.installed # [DEBUG ] Results of YAML rendering: OrderedDict([('vmfs-tools', 'pkg.installed')]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/vmfs-tools.sls' using 'yaml' renderer: 0.000536918640137 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/winbind.sls' to resolve 'salt://sift/packages/winbind.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/winbind.sls' to resolve 'salt://sift/packages/winbind.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/winbind.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/winbind.sls' using 'jinja' renderer: 0.00075888633728 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/winbind.sls: winbind: pkg.installed # [DEBUG ] Results of YAML rendering: OrderedDict([('winbind', 'pkg.installed')]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/winbind.sls' using 'yaml' renderer: 0.000511884689331 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/wine.sls' to resolve 'salt://sift/packages/wine.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/wine.sls' to resolve 'salt://sift/packages/wine.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/wine.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/wine.sls' using 'jinja' renderer: 0.000842094421387 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/wine.sls: sift-wine-i386-arch: cmd.run: - name: dpkg --add-architecture i386 - unless: dpkg --print-foreign-architectures | grep i386 sift-wine-apt-update: pkg.uptodate: - refresh: True - require: - cmd: sift-wine-i386-arch sift-wine: pkg.installed: - name: wine - require: - pkg: sift-wine-apt-update # [DEBUG ] Results of YAML rendering: OrderedDict([('sift-wine-i386-arch', OrderedDict([('cmd.run', [OrderedDict([('name', 'dpkg --add-architecture i386')]), OrderedDict([('unless', 'dpkg --print-foreign-architectures | grep i386')])])])), ('sift-wine-apt-update', OrderedDict([('pkg.uptodate', [OrderedDict([('refresh', True)]), OrderedDict([('require', [OrderedDict([('cmd', 'sift-wine-i386-arch')])])])])])), ('sift-wine', OrderedDict([('pkg.installed', [OrderedDict([('name', 'wine')]), OrderedDict([('require', [OrderedDict([('pkg', 'sift-wine-apt-update')])])])])]))]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/wine.sls' using 'yaml' renderer: 0.00306797027588 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/wireshark.sls' to resolve 'salt://sift/packages/wireshark.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/wireshark.sls' to resolve 'salt://sift/packages/wireshark.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/wireshark.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/wireshark.sls' using 'jinja' renderer: 0.000782012939453 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/wireshark.sls: wireshark: pkg.installed # [DEBUG ] Results of YAML rendering: OrderedDict([('wireshark', 'pkg.installed')]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/wireshark.sls' using 'yaml' renderer: 0.000524044036865 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/xdot.sls' to resolve 'salt://sift/packages/xdot.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/xdot.sls' to resolve 'salt://sift/packages/xdot.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/xdot.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/xdot.sls' using 'jinja' renderer: 0.000720024108887 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/xdot.sls: xdot: pkg.installed # [DEBUG ] Results of YAML rendering: OrderedDict([('xdot', 'pkg.installed')]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/xdot.sls' using 'yaml' renderer: 0.00049901008606 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/xfsprogs.sls' to resolve 'salt://sift/packages/xfsprogs.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/xfsprogs.sls' to resolve 'salt://sift/packages/xfsprogs.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/xfsprogs.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/xfsprogs.sls' using 'jinja' renderer: 0.000663995742798 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/xfsprogs.sls: xfsprogs: pkg.installed # [DEBUG ] Results of YAML rendering: OrderedDict([('xfsprogs', 'pkg.installed')]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/xfsprogs.sls' using 'yaml' renderer: 0.000581979751587 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/xmount.sls' to resolve 'salt://sift/packages/xmount.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/xmount.sls' to resolve 'salt://sift/packages/xmount.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/xmount.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/xmount.sls' using 'jinja' renderer: 0.000918865203857 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/xmount.sls: xmount: pkg.installed # [DEBUG ] Results of YAML rendering: OrderedDict([('xmount', 'pkg.installed')]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/xmount.sls' using 'yaml' renderer: 0.000556945800781 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/xpdf.sls' to resolve 'salt://sift/packages/xpdf.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/xpdf.sls' to resolve 'salt://sift/packages/xpdf.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/xpdf.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/xpdf.sls' using 'jinja' renderer: 0.00110602378845 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/xpdf.sls: xpdf: pkg.installed # [DEBUG ] Results of YAML rendering: OrderedDict([('xpdf', 'pkg.installed')]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/xpdf.sls' using 'yaml' renderer: 0.000518798828125 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/packages/zenity.sls' to resolve 'salt://sift/packages/zenity.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/packages/zenity.sls' to resolve 'salt://sift/packages/zenity.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/packages/zenity.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/zenity.sls' using 'jinja' renderer: 0.000696897506714 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/packages/zenity.sls: zenity: pkg.installed # [DEBUG ] Results of YAML rendering: OrderedDict([('zenity', 'pkg.installed')]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/packages/zenity.sls' using 'yaml' renderer: 0.000504016876221 # [DEBUG ] Could not find file 'salt://sift/python-packages.sls' in saltenv 'base' # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/python-packages/init.sls' to resolve 'salt://sift/python-packages/init.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/python-packages/init.sls' to resolve 'salt://sift/python-packages/init.sls' # [DEBUG ] Fetching file from saltenv 'base', ** attempting ** 'salt://sift/python-packages/init.sls' # [DEBUG ] No dest file found # [INFO ] Fetching file from saltenv 'base', ** done ** 'sift/python-packages/init.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/python-packages/init.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/python-packages/init.sls' using 'jinja' renderer: 0.00129008293152 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/python-packages/init.sls: include: - sift.python-packages.analyzemft - sift.python-packages.argparse - sift.python-packages.bitstring - sift.python-packages.colorama - sift.python-packages.construct - sift.python-packages.distorm3 - sift.python-packages.docopt - sift.python-packages.geoip2 - sift.python-packages.ioc_writer - sift.python-packages.lxml - sift.python-packages.pefile - sift.python-packages.pip - sift.python-packages.pysocks - sift.python-packages.python-dateutil - sift.python-packages.python-evtx - sift.python-packages.python-magic - sift.python-packages.python-registry - sift.python-packages.rekall - sift.python-packages.setuptools - sift.python-packages.six - sift.python-packages.stix-validator - sift.python-packages.stix - sift.python-packages.timesketch - sift.python-packages.unicodecsv - sift.python-packages.usnparser - sift.python-packages.virustotal-api - sift.python-packages.wheel - sift.python-packages.windowsprefetch sift-python-packages: test.nop: - name: sift-python-packages - require: - sls: sift.python-packages.analyzemft - sls: sift.python-packages.argparse - sls: sift.python-packages.bitstring - sls: sift.python-packages.colorama - sls: sift.python-packages.construct - sls: sift.python-packages.distorm3 - sls: sift.python-packages.docopt - sls: sift.python-packages.geoip2 - sls: sift.python-packages.ioc_writer - sls: sift.python-packages.lxml - sls: sift.python-packages.pefile - sls: sift.python-packages.pip - sls: sift.python-packages.pysocks - sls: sift.python-packages.python-dateutil - sls: sift.python-packages.python-evtx - sls: sift.python-packages.python-magic - sls: sift.python-packages.python-registry - sls: sift.python-packages.rekall - sls: sift.python-packages.setuptools - sls: sift.python-packages.six - sls: sift.python-packages.stix-validator - sls: sift.python-packages.stix - sls: sift.python-packages.timesketch - sls: sift.python-packages.unicodecsv - sls: sift.python-packages.usnparser - sls: sift.python-packages.virustotal-api - sls: sift.python-packages.wheel - sls: sift.python-packages.windowsprefetch # [DEBUG ] Results of YAML rendering: OrderedDict([('include', ['sift.python-packages.analyzemft', 'sift.python-packages.argparse', 'sift.python-packages.bitstring', 'sift.python-packages.colorama', 'sift.python-packages.construct', 'sift.python-packages.distorm3', 'sift.python-packages.docopt', 'sift.python-packages.geoip2', 'sift.python-packages.ioc_writer', 'sift.python-packages.lxml', 'sift.python-packages.pefile', 'sift.python-packages.pip', 'sift.python-packages.pysocks', 'sift.python-packages.python-dateutil', 'sift.python-packages.python-evtx', 'sift.python-packages.python-magic', 'sift.python-packages.python-registry', 'sift.python-packages.rekall', 'sift.python-packages.setuptools', 'sift.python-packages.six', 'sift.python-packages.stix-validator', 'sift.python-packages.stix', 'sift.python-packages.timesketch', 'sift.python-packages.unicodecsv', 'sift.python-packages.usnparser', 'sift.python-packages.virustotal-api', 'sift.python-packages.wheel', 'sift.python-packages.windowsprefetch']), ('sift-python-packages', OrderedDict([('test.nop', [OrderedDict([('name', 'sift-python-packages')]), OrderedDict([('require', [OrderedDict([('sls', 'sift.python-packages.analyzemft')]), OrderedDict([('sls', 'sift.python-packages.argparse')]), OrderedDict([('sls', 'sift.python-packages.bitstring')]), OrderedDict([('sls', 'sift.python-packages.colorama')]), OrderedDict([('sls', 'sift.python-packages.construct')]), OrderedDict([('sls', 'sift.python-packages.distorm3')]), OrderedDict([('sls', 'sift.python-packages.docopt')]), OrderedDict([('sls', 'sift.python-packages.geoip2')]), OrderedDict([('sls', 'sift.python-packages.ioc_writer')]), OrderedDict([('sls', 'sift.python-packages.lxml')]), OrderedDict([('sls', 'sift.python-packages.pefile')]), OrderedDict([('sls', 'sift.python-packages.pip')]), OrderedDict([('sls', 'sift.python-packages.pysocks')]), OrderedDict([('sls', 'sift.python-packages.python-dateutil')]), OrderedDict([('sls', 'sift.python-packages.python-evtx')]), OrderedDict([('sls', 'sift.python-packages.python-magic')]), OrderedDict([('sls', 'sift.python-packages.python-registry')]), OrderedDict([('sls', 'sift.python-packages.rekall')]), OrderedDict([('sls', 'sift.python-packages.setuptools')]), OrderedDict([('sls', 'sift.python-packages.six')]), OrderedDict([('sls', 'sift.python-packages.stix-validator')]), OrderedDict([('sls', 'sift.python-packages.stix')]), OrderedDict([('sls', 'sift.python-packages.timesketch')]), OrderedDict([('sls', 'sift.python-packages.unicodecsv')]), OrderedDict([('sls', 'sift.python-packages.usnparser')]), OrderedDict([('sls', 'sift.python-packages.virustotal-api')]), OrderedDict([('sls', 'sift.python-packages.wheel')]), OrderedDict([('sls', 'sift.python-packages.windowsprefetch')])])])])]))]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/python-packages/init.sls' using 'yaml' renderer: 0.0105638504028 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/python-packages/analyzemft.sls' to resolve 'salt://sift/python-packages/analyzemft.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/python-packages/analyzemft.sls' to resolve 'salt://sift/python-packages/analyzemft.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/python-packages/analyzemft.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/python-packages/analyzemft.sls' using 'jinja' renderer: 0.000838041305542 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/python-packages/analyzemft.sls: include: - ..packages.python-pip analyzemft: pip.installed: - require: - pkg: python-pip # [DEBUG ] Results of YAML rendering: OrderedDict([('include', ['..packages.python-pip']), ('analyzemft', OrderedDict([('pip.installed', [OrderedDict([('require', [OrderedDict([('pkg', 'python-pip')])])])])]))]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/python-packages/analyzemft.sls' using 'yaml' renderer: 0.0013689994812 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/python-packages/argparse.sls' to resolve 'salt://sift/python-packages/argparse.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/python-packages/argparse.sls' to resolve 'salt://sift/python-packages/argparse.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/python-packages/argparse.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/python-packages/argparse.sls' using 'jinja' renderer: 0.000929832458496 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/python-packages/argparse.sls: include: - ..packages.python-pip argparse: pip.installed: - require: - pkg: python-pip # [DEBUG ] Results of YAML rendering: OrderedDict([('include', ['..packages.python-pip']), ('argparse', OrderedDict([('pip.installed', [OrderedDict([('require', [OrderedDict([('pkg', 'python-pip')])])])])]))]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/python-packages/argparse.sls' using 'yaml' renderer: 0.00133609771729 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/python-packages/bitstring.sls' to resolve 'salt://sift/python-packages/bitstring.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/python-packages/bitstring.sls' to resolve 'salt://sift/python-packages/bitstring.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/python-packages/bitstring.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/python-packages/bitstring.sls' using 'jinja' renderer: 0.000756025314331 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/python-packages/bitstring.sls: include: - ..packages.python-pip bitstring: pip.installed: - require: - pkg: python-pip # [DEBUG ] Results of YAML rendering: OrderedDict([('include', ['..packages.python-pip']), ('bitstring', OrderedDict([('pip.installed', [OrderedDict([('require', [OrderedDict([('pkg', 'python-pip')])])])])]))]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/python-packages/bitstring.sls' using 'yaml' renderer: 0.00137400627136 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/python-packages/docopt.sls' to resolve 'salt://sift/python-packages/docopt.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/python-packages/docopt.sls' to resolve 'salt://sift/python-packages/docopt.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/python-packages/docopt.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/python-packages/docopt.sls' using 'jinja' renderer: 0.000740051269531 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/python-packages/docopt.sls: include: - ..packages.python-pip docopt: pip.installed # [DEBUG ] Results of YAML rendering: OrderedDict([('include', ['..packages.python-pip']), ('docopt', 'pip.installed')]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/python-packages/docopt.sls' using 'yaml' renderer: 0.000751972198486 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/python-packages/geoip2.sls' to resolve 'salt://sift/python-packages/geoip2.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/python-packages/geoip2.sls' to resolve 'salt://sift/python-packages/geoip2.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/python-packages/geoip2.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/python-packages/geoip2.sls' using 'jinja' renderer: 0.000702142715454 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/python-packages/geoip2.sls: include: - sift.packages.python-pip sift-pip-geoip2: pip.installed: - name: geoip2 - require: - sls: sift.packages.python-pip # [DEBUG ] Results of YAML rendering: OrderedDict([('include', ['sift.packages.python-pip']), ('sift-pip-geoip2', OrderedDict([('pip.installed', [OrderedDict([('name', 'geoip2')]), OrderedDict([('require', [OrderedDict([('sls', 'sift.packages.python-pip')])])])])]))]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/python-packages/geoip2.sls' using 'yaml' renderer: 0.00152993202209 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/python-packages/pip.sls' to resolve 'salt://sift/python-packages/pip.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/python-packages/pip.sls' to resolve 'salt://sift/python-packages/pip.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/python-packages/pip.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/python-packages/pip.sls' using 'jinja' renderer: 0.000922203063965 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/python-packages/pip.sls: include: - ..packages.python-pip pip: pip.installed: - name: pip - upgrade: True - require: - pkg: python-pip # [DEBUG ] Results of YAML rendering: OrderedDict([('include', ['..packages.python-pip']), ('pip', OrderedDict([('pip.installed', [OrderedDict([('name', 'pip')]), OrderedDict([('upgrade', True)]), OrderedDict([('require', [OrderedDict([('pkg', 'python-pip')])])])])]))]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/python-packages/pip.sls' using 'yaml' renderer: 0.00191807746887 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/python-packages/python-dateutil.sls' to resolve 'salt://sift/python-packages/python-dateutil.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/python-packages/python-dateutil.sls' to resolve 'salt://sift/python-packages/python-dateutil.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/python-packages/python-dateutil.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/python-packages/python-dateutil.sls' using 'jinja' renderer: 0.00084400177002 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/python-packages/python-dateutil.sls: include: - ..packages.python-pip python-dateutil: pip.installed: - name: python-dateutil >= 2.4.2 - require: - pkg: python-pip # [DEBUG ] Results of YAML rendering: OrderedDict([('include', ['..packages.python-pip']), ('python-dateutil', OrderedDict([('pip.installed', [OrderedDict([('name', 'python-dateutil >= 2.4.2')]), OrderedDict([('require', [OrderedDict([('pkg', 'python-pip')])])])])]))]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/python-packages/python-dateutil.sls' using 'yaml' renderer: 0.00152897834778 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/python-packages/python-evtx.sls' to resolve 'salt://sift/python-packages/python-evtx.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/python-packages/python-evtx.sls' to resolve 'salt://sift/python-packages/python-evtx.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/python-packages/python-evtx.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/python-packages/python-evtx.sls' using 'jinja' renderer: 0.000789165496826 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/python-packages/python-evtx.sls: include: - ..packages.python-pip python-evtx: pip.installed: - require: - pkg: python-pip # [DEBUG ] Results of YAML rendering: OrderedDict([('include', ['..packages.python-pip']), ('python-evtx', OrderedDict([('pip.installed', [OrderedDict([('require', [OrderedDict([('pkg', 'python-pip')])])])])]))]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/python-packages/python-evtx.sls' using 'yaml' renderer: 0.00131487846375 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/python-packages/python-magic.sls' to resolve 'salt://sift/python-packages/python-magic.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/python-packages/python-magic.sls' to resolve 'salt://sift/python-packages/python-magic.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/python-packages/python-magic.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/python-packages/python-magic.sls' using 'jinja' renderer: 0.000823020935059 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/python-packages/python-magic.sls: include: - ..packages.python-pip python-magic: pip.installed: - require: - pkg: python-pip # [DEBUG ] Results of YAML rendering: OrderedDict([('include', ['..packages.python-pip']), ('python-magic', OrderedDict([('pip.installed', [OrderedDict([('require', [OrderedDict([('pkg', 'python-pip')])])])])]))]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/python-packages/python-magic.sls' using 'yaml' renderer: 0.00134611129761 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/python-packages/python-registry.sls' to resolve 'salt://sift/python-packages/python-registry.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/python-packages/python-registry.sls' to resolve 'salt://sift/python-packages/python-registry.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/python-packages/python-registry.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/python-packages/python-registry.sls' using 'jinja' renderer: 0.000714778900146 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/python-packages/python-registry.sls: include: - ..packages.python-pip python-registry: pip.installed: - require: - pkg: python-pip # [DEBUG ] Results of YAML rendering: OrderedDict([('include', ['..packages.python-pip']), ('python-registry', OrderedDict([('pip.installed', [OrderedDict([('require', [OrderedDict([('pkg', 'python-pip')])])])])]))]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/python-packages/python-registry.sls' using 'yaml' renderer: 0.00164604187012 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/python-packages/rekall.sls' to resolve 'salt://sift/python-packages/rekall.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/python-packages/rekall.sls' to resolve 'salt://sift/python-packages/rekall.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/python-packages/rekall.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/python-packages/rekall.sls' using 'jinja' renderer: 0.000848054885864 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/python-packages/rekall.sls: include: - ..packages.build-essential - ..packages.python-dev - ..packages.python-pip - ..packages.libncurses - ..packages.python-virtualenv - .setuptools - .wheel rekall-virtualenv: virtualenv.managed: - name: /opt/rekall - pip_pkgs: - pip - setuptools - wheel - rekall - require: - pkg: python-virtualenv rekall: pip.installed: - name: rekall - bin_env: /opt/rekall - require: - pkg: python-dev - pkg: python-pip - pkg: libncurses - pkg: build-essential - pip: setuptools - pip: wheel - virtualenv: rekall-virtualenv # [DEBUG ] Results of YAML rendering: OrderedDict([('include', ['..packages.build-essential', '..packages.python-dev', '..packages.python-pip', '..packages.libncurses', '..packages.python-virtualenv', '.setuptools', '.wheel']), ('rekall-virtualenv', OrderedDict([('virtualenv.managed', [OrderedDict([('name', '/opt/rekall')]), OrderedDict([('pip_pkgs', ['pip', 'setuptools', 'wheel', 'rekall'])]), OrderedDict([('require', [OrderedDict([('pkg', 'python-virtualenv')])])])])])), ('rekall', OrderedDict([('pip.installed', [OrderedDict([('name', 'rekall')]), OrderedDict([('bin_env', '/opt/rekall')]), OrderedDict([('require', [OrderedDict([('pkg', 'python-dev')]), OrderedDict([('pkg', 'python-pip')]), OrderedDict([('pkg', 'libncurses')]), OrderedDict([('pkg', 'build-essential')]), OrderedDict([('pip', 'setuptools')]), OrderedDict([('pip', 'wheel')]), OrderedDict([('virtualenv', 'rekall-virtualenv')])])])])]))]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/python-packages/rekall.sls' using 'yaml' renderer: 0.00481390953064 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/python-packages/setuptools.sls' to resolve 'salt://sift/python-packages/setuptools.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/python-packages/setuptools.sls' to resolve 'salt://sift/python-packages/setuptools.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/python-packages/setuptools.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/python-packages/setuptools.sls' using 'jinja' renderer: 0.000838041305542 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/python-packages/setuptools.sls: include: - ..packages.python-pip setuptools: pip.installed: - name: setuptools - upgrade: True - require: - pkg: python-pip # [DEBUG ] Results of YAML rendering: OrderedDict([('include', ['..packages.python-pip']), ('setuptools', OrderedDict([('pip.installed', [OrderedDict([('name', 'setuptools')]), OrderedDict([('upgrade', True)]), OrderedDict([('require', [OrderedDict([('pkg', 'python-pip')])])])])]))]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/python-packages/setuptools.sls' using 'yaml' renderer: 0.00172090530396 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/python-packages/wheel.sls' to resolve 'salt://sift/python-packages/wheel.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/python-packages/wheel.sls' to resolve 'salt://sift/python-packages/wheel.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/python-packages/wheel.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/python-packages/wheel.sls' using 'jinja' renderer: 0.000699996948242 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/python-packages/wheel.sls: include: - ..packages.python-pip wheel: pip.installed: - name: wheel - upgrade: True - require: - pkg: python-pip # [DEBUG ] Results of YAML rendering: OrderedDict([('include', ['..packages.python-pip']), ('wheel', OrderedDict([('pip.installed', [OrderedDict([('name', 'wheel')]), OrderedDict([('upgrade', True)]), OrderedDict([('require', [OrderedDict([('pkg', 'python-pip')])])])])]))]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/python-packages/wheel.sls' using 'yaml' renderer: 0.00166296958923 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/python-packages/six.sls' to resolve 'salt://sift/python-packages/six.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/python-packages/six.sls' to resolve 'salt://sift/python-packages/six.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/python-packages/six.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/python-packages/six.sls' using 'jinja' renderer: 0.000699043273926 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/python-packages/six.sls: include: - ..packages.python-pip six: pip.installed: - require: - pkg: python-pip # [DEBUG ] Results of YAML rendering: OrderedDict([('include', ['..packages.python-pip']), ('six', OrderedDict([('pip.installed', [OrderedDict([('require', [OrderedDict([('pkg', 'python-pip')])])])])]))]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/python-packages/six.sls' using 'yaml' renderer: 0.00125312805176 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/python-packages/stix-validator.sls' to resolve 'salt://sift/python-packages/stix-validator.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/python-packages/stix-validator.sls' to resolve 'salt://sift/python-packages/stix-validator.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/python-packages/stix-validator.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/python-packages/stix-validator.sls' using 'jinja' renderer: 0.000935792922974 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/python-packages/stix-validator.sls: include: - ..packages.python-pip - .stix stix-validator: pip.installed: - require: - pkg: python-pip - pip: stix # [DEBUG ] Results of YAML rendering: OrderedDict([('include', ['..packages.python-pip', '.stix']), ('stix-validator', OrderedDict([('pip.installed', [OrderedDict([('require', [OrderedDict([('pkg', 'python-pip')]), OrderedDict([('pip', 'stix')])])])])]))]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/python-packages/stix-validator.sls' using 'yaml' renderer: 0.00169491767883 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/python-packages/stix.sls' to resolve 'salt://sift/python-packages/stix.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/python-packages/stix.sls' to resolve 'salt://sift/python-packages/stix.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/python-packages/stix.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/python-packages/stix.sls' using 'jinja' renderer: 0.000814914703369 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/python-packages/stix.sls: include: - ..packages.python-pip - .lxml stix: pip.installed: - require: - pkg: python-pip - pip: lxml # [DEBUG ] Results of YAML rendering: OrderedDict([('include', ['..packages.python-pip', '.lxml']), ('stix', OrderedDict([('pip.installed', [OrderedDict([('require', [OrderedDict([('pkg', 'python-pip')]), OrderedDict([('pip', 'lxml')])])])])]))]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/python-packages/stix.sls' using 'yaml' renderer: 0.00154495239258 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/python-packages/timesketch.sls' to resolve 'salt://sift/python-packages/timesketch.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/python-packages/timesketch.sls' to resolve 'salt://sift/python-packages/timesketch.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/python-packages/timesketch.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/python-packages/timesketch.sls' using 'jinja' renderer: 0.00165319442749 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/python-packages/timesketch.sls: include: - ..packages.python-pip - ..packages.python-dev - ..packages.libffi-dev timesketch: pip.installed: - force_reinstall: False - require: - pkg: python-pip - pkg: python-dev - pkg: libffi-dev # [DEBUG ] Results of YAML rendering: OrderedDict([('include', ['..packages.python-pip', '..packages.python-dev', '..packages.libffi-dev']), ('timesketch', OrderedDict([('pip.installed', [OrderedDict([('force_reinstall', False)]), OrderedDict([('require', [OrderedDict([('pkg', 'python-pip')]), OrderedDict([('pkg', 'python-dev')]), OrderedDict([('pkg', 'libffi-dev')])])])])]))]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/python-packages/timesketch.sls' using 'yaml' renderer: 0.00235295295715 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/python-packages/unicodecsv.sls' to resolve 'salt://sift/python-packages/unicodecsv.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/python-packages/unicodecsv.sls' to resolve 'salt://sift/python-packages/unicodecsv.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/python-packages/unicodecsv.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/python-packages/unicodecsv.sls' using 'jinja' renderer: 0.000814914703369 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/python-packages/unicodecsv.sls: include: - ..packages.python-pip unicodecsv: pip.installed: - require: - pkg: python-pip # [DEBUG ] Results of YAML rendering: OrderedDict([('include', ['..packages.python-pip']), ('unicodecsv', OrderedDict([('pip.installed', [OrderedDict([('require', [OrderedDict([('pkg', 'python-pip')])])])])]))]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/python-packages/unicodecsv.sls' using 'yaml' renderer: 0.00130295753479 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/python-packages/usnparser.sls' to resolve 'salt://sift/python-packages/usnparser.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/python-packages/usnparser.sls' to resolve 'salt://sift/python-packages/usnparser.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/python-packages/usnparser.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/python-packages/usnparser.sls' using 'jinja' renderer: 0.000703096389771 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/python-packages/usnparser.sls: include: - ..packages.python-pip usnparser: pip.installed: - require: - pkg: python-pip # [DEBUG ] Results of YAML rendering: OrderedDict([('include', ['..packages.python-pip']), ('usnparser', OrderedDict([('pip.installed', [OrderedDict([('require', [OrderedDict([('pkg', 'python-pip')])])])])]))]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/python-packages/usnparser.sls' using 'yaml' renderer: 0.0013210773468 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/python-packages/virustotal-api.sls' to resolve 'salt://sift/python-packages/virustotal-api.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/python-packages/virustotal-api.sls' to resolve 'salt://sift/python-packages/virustotal-api.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/python-packages/virustotal-api.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/python-packages/virustotal-api.sls' using 'jinja' renderer: 0.000813007354736 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/python-packages/virustotal-api.sls: include: - sift.packages.python-pip sift-pip-virustotal-api: pip.installed: - name: virustotal-api - require: - sls: sift.packages.python-pip # [DEBUG ] Results of YAML rendering: OrderedDict([('include', ['sift.packages.python-pip']), ('sift-pip-virustotal-api', OrderedDict([('pip.installed', [OrderedDict([('name', 'virustotal-api')]), OrderedDict([('require', [OrderedDict([('sls', 'sift.packages.python-pip')])])])])]))]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/python-packages/virustotal-api.sls' using 'yaml' renderer: 0.00154805183411 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/python-packages/windowsprefetch.sls' to resolve 'salt://sift/python-packages/windowsprefetch.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/python-packages/windowsprefetch.sls' to resolve 'salt://sift/python-packages/windowsprefetch.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/python-packages/windowsprefetch.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/python-packages/windowsprefetch.sls' using 'jinja' renderer: 0.000978946685791 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/python-packages/windowsprefetch.sls: include: - ..packages.python-pip windowsprefetch: pip.installed: - require: - pkg: python-pip # [DEBUG ] Results of YAML rendering: OrderedDict([('include', ['..packages.python-pip']), ('windowsprefetch', OrderedDict([('pip.installed', [OrderedDict([('require', [OrderedDict([('pkg', 'python-pip')])])])])]))]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/python-packages/windowsprefetch.sls' using 'yaml' renderer: 0.00136685371399 # [DEBUG ] Could not find file 'salt://sift/tools.sls' in saltenv 'base' # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/tools/init.sls' to resolve 'salt://sift/tools/init.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/tools/init.sls' to resolve 'salt://sift/tools/init.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/tools/init.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/tools/init.sls' using 'jinja' renderer: 0.00096583366394 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/tools/init.sls: include: - sift.tools.densityscout - sift.tools.sift-cli sift-tools: test.nop: - name: sift-tools - require: - sls: sift.tools.densityscout - sls: sift.tools.sift-cli # [DEBUG ] Results of YAML rendering: OrderedDict([('include', ['sift.tools.densityscout', 'sift.tools.sift-cli']), ('sift-tools', OrderedDict([('test.nop', [OrderedDict([('name', 'sift-tools')]), OrderedDict([('require', [OrderedDict([('sls', 'sift.tools.densityscout')]), OrderedDict([('sls', 'sift.tools.sift-cli')])])])])]))]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/tools/init.sls' using 'yaml' renderer: 0.00192284584045 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/tools/densityscout.sls' to resolve 'salt://sift/tools/densityscout.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/tools/densityscout.sls' to resolve 'salt://sift/tools/densityscout.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/tools/densityscout.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/tools/densityscout.sls' using 'jinja' renderer: 0.00248599052429 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/tools/densityscout.sls: # http://cert.at/static/downloads/software/densityscout/densityscout_build_45_linux.zip sift-tool-densityscout-archive: archive.extracted: - name: /usr/local/src/densityscout/densityscout_build_45_linux - enforce_toplevel: False - source: http://cert.at/static/downloads/software/densityscout/densityscout_build_45_linux.zip - source_hash: sha256=7d49813d407df06529e4b0138d4c0eec725c73bf9e93c0444639c6d409890f2c - if_missing: /usr/local/bin/densityscout-build-45 sift-tool-densityscout-binary: file.copy: - name: /usr/local/bin/densityscout-build-45 - source: /usr/local/src/densityscout/densityscout_build_45_linux/lin64/densityscout - user: root - group: root - mode: 755 - require: - archive: sift-tool-densityscout-archive sift-tool-densityscout-link: file.symlink: - name: /usr/local/bin/densityscout - target: /usr/local/bin/densityscout-build-45 - require: - file: sift-tool-densityscout-binary # [DEBUG ] Results of YAML rendering: OrderedDict([('sift-tool-densityscout-archive', OrderedDict([('archive.extracted', [OrderedDict([('name', '/usr/local/src/densityscout/densityscout_build_45_linux')]), OrderedDict([('enforce_toplevel', False)]), OrderedDict([('source', 'http://cert.at/static/downloads/software/densityscout/densityscout_build_45_linux.zip')]), OrderedDict([('source_hash', 'sha256=7d49813d407df06529e4b0138d4c0eec725c73bf9e93c0444639c6d409890f2c')]), OrderedDict([('if_missing', '/usr/local/bin/densityscout-build-45')])])])), ('sift-tool-densityscout-binary', OrderedDict([('file.copy', [OrderedDict([('name', '/usr/local/bin/densityscout-build-45')]), OrderedDict([('source', '/usr/local/src/densityscout/densityscout_build_45_linux/lin64/densityscout')]), OrderedDict([('user', 'root')]), OrderedDict([('group', 'root')]), OrderedDict([('mode', 755)]), OrderedDict([('require', [OrderedDict([('archive', 'sift-tool-densityscout-archive')])])])])])), ('sift-tool-densityscout-link', OrderedDict([('file.symlink', [OrderedDict([('name', '/usr/local/bin/densityscout')]), OrderedDict([('target', '/usr/local/bin/densityscout-build-45')]), OrderedDict([('require', [OrderedDict([('file', 'sift-tool-densityscout-binary')])])])])]))]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/tools/densityscout.sls' using 'yaml' renderer: 0.00618195533752 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/tools/sift-cli.sls' to resolve 'salt://sift/tools/sift-cli.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/tools/sift-cli.sls' to resolve 'salt://sift/tools/sift-cli.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/tools/sift-cli.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/tools/sift-cli.sls' using 'jinja' renderer: 0.00161695480347 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/tools/sift-cli.sls: sift-tool-sift-cli: file.managed: - name: /usr/local/bin/sift - source: https://github.com/sans-dfir/sift-cli/releases/download/v1.5.1/sift-cli-linux - source_hash: sha256=3847e734a98a842868ecc5488916e1273c8baf6d7a822c46d3f4079ec316566d - mode: 755 # [DEBUG ] Results of YAML rendering: OrderedDict([('sift-tool-sift-cli', OrderedDict([('file.managed', [OrderedDict([('name', '/usr/local/bin/sift')]), OrderedDict([('source', 'https://github.com/sans-dfir/sift-cli/releases/download/v1.5.1/sift-cli-linux')]), OrderedDict([('source_hash', 'sha256=3847e734a98a842868ecc5488916e1273c8baf6d7a822c46d3f4079ec316566d')]), OrderedDict([('mode', 755)])])]))]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/tools/sift-cli.sls' using 'yaml' renderer: 0.00173902511597 # [DEBUG ] Could not find file 'salt://sift/scripts.sls' in saltenv 'base' # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/scripts/init.sls' to resolve 'salt://sift/scripts/init.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/scripts/init.sls' to resolve 'salt://sift/scripts/init.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/scripts/init.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/scripts/init.sls' using 'jinja' renderer: 0.0010929107666 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/scripts/init.sls: include: - sift.scripts.4n6 - sift.scripts.amcache - sift.scripts.dump-mft-entry - sift.scripts.image-mounter - sift.scripts.java-idx-parser - sift.scripts.jobparser - sift.scripts.keydet-tools - sift.scripts.packerid - sift.scripts.page-brute - sift.scripts.parseusn - sift.scripts.pdf-tools - sift.scripts.pe-carver - sift.scripts.pescanner - sift.scripts.regripper - sift.scripts.shim-cache-parser - sift.scripts.sift - sift.scripts.sorter - sift.scripts.sqlparser - sift.scripts.usbdeviceforensics - sift.scripts.virustotal-tools - sift.scripts.vshot sift-scripts: test.nop: - name: sift-scripts - require: - sls: sift.scripts.4n6 - sls: sift.scripts.amcache - sls: sift.scripts.dump-mft-entry - sls: sift.scripts.image-mounter - sls: sift.scripts.java-idx-parser - sls: sift.scripts.jobparser - sls: sift.scripts.keydet-tools - sls: sift.scripts.packerid - sls: sift.scripts.page-brute - sls: sift.scripts.parseusn - sls: sift.scripts.pdf-tools - sls: sift.scripts.pe-carver - sls: sift.scripts.pescanner - sls: sift.scripts.regripper - sls: sift.scripts.shim-cache-parser - sls: sift.scripts.sift - sls: sift.scripts.sorter - sls: sift.scripts.sqlparser - sls: sift.scripts.usbdeviceforensics - sls: sift.scripts.virustotal-tools - sls: sift.scripts.vshot # [DEBUG ] Results of YAML rendering: OrderedDict([('include', ['sift.scripts.4n6', 'sift.scripts.amcache', 'sift.scripts.dump-mft-entry', 'sift.scripts.image-mounter', 'sift.scripts.java-idx-parser', 'sift.scripts.jobparser', 'sift.scripts.keydet-tools', 'sift.scripts.packerid', 'sift.scripts.page-brute', 'sift.scripts.parseusn', 'sift.scripts.pdf-tools', 'sift.scripts.pe-carver', 'sift.scripts.pescanner', 'sift.scripts.regripper', 'sift.scripts.shim-cache-parser', 'sift.scripts.sift', 'sift.scripts.sorter', 'sift.scripts.sqlparser', 'sift.scripts.usbdeviceforensics', 'sift.scripts.virustotal-tools', 'sift.scripts.vshot']), ('sift-scripts', OrderedDict([('test.nop', [OrderedDict([('name', 'sift-scripts')]), OrderedDict([('require', [OrderedDict([('sls', 'sift.scripts.4n6')]), OrderedDict([('sls', 'sift.scripts.amcache')]), OrderedDict([('sls', 'sift.scripts.dump-mft-entry')]), OrderedDict([('sls', 'sift.scripts.image-mounter')]), OrderedDict([('sls', 'sift.scripts.java-idx-parser')]), OrderedDict([('sls', 'sift.scripts.jobparser')]), OrderedDict([('sls', 'sift.scripts.keydet-tools')]), OrderedDict([('sls', 'sift.scripts.packerid')]), OrderedDict([('sls', 'sift.scripts.page-brute')]), OrderedDict([('sls', 'sift.scripts.parseusn')]), OrderedDict([('sls', 'sift.scripts.pdf-tools')]), OrderedDict([('sls', 'sift.scripts.pe-carver')]), OrderedDict([('sls', 'sift.scripts.pescanner')]), OrderedDict([('sls', 'sift.scripts.regripper')]), OrderedDict([('sls', 'sift.scripts.shim-cache-parser')]), OrderedDict([('sls', 'sift.scripts.sift')]), OrderedDict([('sls', 'sift.scripts.sorter')]), OrderedDict([('sls', 'sift.scripts.sqlparser')]), OrderedDict([('sls', 'sift.scripts.usbdeviceforensics')]), OrderedDict([('sls', 'sift.scripts.virustotal-tools')]), OrderedDict([('sls', 'sift.scripts.vshot')])])])])]))]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/scripts/init.sls' using 'yaml' renderer: 0.00877022743225 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/scripts/4n6.sls' to resolve 'salt://sift/scripts/4n6.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/scripts/4n6.sls' to resolve 'salt://sift/scripts/4n6.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/scripts/4n6.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/scripts/4n6.sls' using 'jinja' renderer: 0.00464296340942 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/scripts/4n6.sls: include: - sift.packages.git - sift.packages.python sift-scripts-4n6-git: git.latest: - name: https://github.com/cheeky4n6monkey/4n6-scripts.git - target: /usr/local/src/4n6-scripts - user: root - rev: master - force_clone: True - require: - pkg: git - pkg: python sift-scripts-4n6-WP8_AppPerms.py: file.copy: - name: /usr/local/bin/WP8_AppPerms.py - source: /usr/local/src/4n6-scripts/WP8_AppPerms.py - file_mode: 755 - watch: - git: sift-scripts-4n6-git sift-scripts-4n6-bing-bar-parser.pl: file.copy: - name: /usr/local/bin/bing-bar-parser.pl - source: /usr/local/src/4n6-scripts/bing-bar-parser.pl - file_mode: 755 - watch: - git: sift-scripts-4n6-git sift-scripts-4n6-chunkymonkey.py: file.copy: - name: /usr/local/bin/chunkymonkey.py - source: /usr/local/src/4n6-scripts/chunkymonkey.py - file_mode: 755 - watch: - git: sift-scripts-4n6-git sift-scripts-4n6-dextract.def: file.copy: - name: /usr/local/bin/dextract.def - source: /usr/local/src/4n6-scripts/dextract.def - file_mode: 755 - watch: - git: sift-scripts-4n6-git sift-scripts-4n6-dextract.py: file.copy: - name: /usr/local/bin/dextract.py - source: /usr/local/src/4n6-scripts/dextract.py - file_mode: 755 - watch: - git: sift-scripts-4n6-git sift-scripts-4n6-docx-font-extractor.pl: file.copy: - name: /usr/local/bin/docx-font-extractor.pl - source: /usr/local/src/4n6-scripts/docx-font-extractor.pl - file_mode: 755 - watch: - git: sift-scripts-4n6-git sift-scripts-4n6-exif2map.pl: file.copy: - name: /usr/local/bin/exif2map.pl - source: /usr/local/src/4n6-scripts/exif2map.pl - file_mode: 755 - watch: - git: sift-scripts-4n6-git sift-scripts-4n6-fbmsg-extractor.py: file.copy: - name: /usr/local/bin/fbmsg-extractor.py - source: /usr/local/src/4n6-scripts/fbmsg-extractor.py - file_mode: 755 - watch: - git: sift-scripts-4n6-git sift-scripts-4n6-gis4cookie.pl: file.copy: - name: /usr/local/bin/gis4cookie.pl - source: /usr/local/src/4n6-scripts/gis4cookie.pl - file_mode: 755 - watch: - git: sift-scripts-4n6-git sift-scripts-4n6-google-ei-time.py: file.copy: - name: /usr/local/bin/google-ei-time.py - source: /usr/local/src/4n6-scripts/google-ei-time.py - file_mode: 755 - watch: - git: sift-scripts-4n6-git sift-scripts-4n6-imgcache-parse-mod.py: file.copy: - name: /usr/local/bin/imgcache-parse-mod.py - source: /usr/local/src/4n6-scripts/imgcache-parse-mod.py - file_mode: 755 - watch: - git: sift-scripts-4n6-git sift-scripts-4n6-imgcache-parse.py: file.copy: - name: /usr/local/bin/imgcache-parse.py - source: /usr/local/src/4n6-scripts/imgcache-parse.py - file_mode: 755 - watch: - git: sift-scripts-4n6-git sift-scripts-4n6-json-printer.pl: file.copy: - name: /usr/local/bin/json-printer.pl - source: /usr/local/src/4n6-scripts/json-printer.pl - file_mode: 755 - watch: - git: sift-scripts-4n6-git sift-scripts-4n6-msoffice-pic-extractor.py: file.copy: - name: /usr/local/bin/msoffice-pic-extractor.py - source: /usr/local/src/4n6-scripts/msoffice-pic-extractor.py - file_mode: 755 - watch: - git: sift-scripts-4n6-git sift-scripts-4n6-plist2db.py: file.copy: - name: /usr/local/bin/plist2db.py - source: /usr/local/src/4n6-scripts/plist2db.py - file_mode: 755 - watch: - git: sift-scripts-4n6-git sift-scripts-4n6-print_apk_perms.py: file.copy: - name: /usr/local/bin/print_apk_perms.py - source: /usr/local/src/4n6-scripts/print_apk_perms.py - file_mode: 755 - watch: - git: sift-scripts-4n6-git sift-scripts-4n6-s2-cellid2latlong.py: file.copy: - name: /usr/local/bin/s2-cellid2latlong.py - source: /usr/local/src/4n6-scripts/s2-cellid2latlong.py - file_mode: 755 - watch: - git: sift-scripts-4n6-git sift-scripts-4n6-s2-latlong2cellid.py: file.copy: - name: /usr/local/bin/s2-latlong2cellid.py - source: /usr/local/src/4n6-scripts/s2-latlong2cellid.py - file_mode: 755 - watch: - git: sift-scripts-4n6-git sift-scripts-4n6-sms-grep-sample-config.txt: file.copy: - name: /usr/local/bin/sms-grep-sample-config.txt - source: /usr/local/src/4n6-scripts/sms-grep-sample-config.txt - file_mode: 755 - watch: - git: sift-scripts-4n6-git sift-scripts-4n6-sms-grep.pl: file.copy: - name: /usr/local/bin/sms-grep.pl - source: /usr/local/src/4n6-scripts/sms-grep.pl - file_mode: 755 - watch: - git: sift-scripts-4n6-git sift-scripts-4n6-sqlite-base64-decode.py: file.copy: - name: /usr/local/bin/sqlite-base64-decode.py - source: /usr/local/src/4n6-scripts/sqlite-base64-decode.py - file_mode: 755 - watch: - git: sift-scripts-4n6-git sift-scripts-4n6-sqlite-blob-dumper.py: file.copy: - name: /usr/local/bin/sqlite-blob-dumper.py - source: /usr/local/src/4n6-scripts/sqlite-blob-dumper.py - file_mode: 755 - watch: - git: sift-scripts-4n6-git sift-scripts-4n6-sqlite-parser.pl: file.copy: - name: /usr/local/bin/sqlite-parser.pl - source: /usr/local/src/4n6-scripts/sqlite-parser.pl - file_mode: 755 - watch: - git: sift-scripts-4n6-git sift-scripts-4n6-squirrelgripper-README.txt: file.copy: - name: /usr/local/bin/squirrelgripper-README.txt - source: /usr/local/src/4n6-scripts/squirrelgripper-README.txt - file_mode: 755 - watch: - git: sift-scripts-4n6-git sift-scripts-4n6-squirrelgripper.pl: file.copy: - name: /usr/local/bin/squirrelgripper.pl - source: /usr/local/src/4n6-scripts/squirrelgripper.pl - file_mode: 755 - watch: - git: sift-scripts-4n6-git sift-scripts-4n6-timediff32.pl: file.copy: - name: /usr/local/bin/timediff32.pl - source: /usr/local/src/4n6-scripts/timediff32.pl - file_mode: 755 - watch: - git: sift-scripts-4n6-git sift-scripts-4n6-vmail-db-2-html.pl: file.copy: - name: /usr/local/bin/vmail-db-2-html.pl - source: /usr/local/src/4n6-scripts/vmail-db-2-html.pl - file_mode: 755 - watch: - git: sift-scripts-4n6-git sift-scripts-4n6-wp8-1-callhistory.py: file.copy: - name: /usr/local/bin/wp8-1-callhistory.py - source: /usr/local/src/4n6-scripts/wp8-1-callhistory.py - file_mode: 755 - watch: - git: sift-scripts-4n6-git sift-scripts-4n6-wp8-1-contacts.py: file.copy: - name: /usr/local/bin/wp8-1-contacts.py - source: /usr/local/src/4n6-scripts/wp8-1-contacts.py - file_mode: 755 - watch: - git: sift-scripts-4n6-git sift-scripts-4n6-wp8-1-mms-filesort.py: file.copy: - name: /usr/local/bin/wp8-1-mms-filesort.py - source: /usr/local/src/4n6-scripts/wp8-1-mms-filesort.py - file_mode: 755 - watch: - git: sift-scripts-4n6-git sift-scripts-4n6-wp8-1-mms.py: file.copy: - name: /usr/local/bin/wp8-1-mms.py - source: /usr/local/src/4n6-scripts/wp8-1-mms.py - file_mode: 755 - watch: - git: sift-scripts-4n6-git sift-scripts-4n6-wp8-1-sms.py: file.copy: - name: /usr/local/bin/wp8-1-sms.py - source: /usr/local/src/4n6-scripts/wp8-1-sms.py - file_mode: 755 - watch: - git: sift-scripts-4n6-git sift-scripts-4n6-wp8-callhistory.py: file.copy: - name: /usr/local/bin/wp8-callhistory.py - source: /usr/local/src/4n6-scripts/wp8-callhistory.py - file_mode: 755 - watch: - git: sift-scripts-4n6-git sift-scripts-4n6-wp8-contacts.py: file.copy: - name: /usr/local/bin/wp8-contacts.py - source: /usr/local/src/4n6-scripts/wp8-contacts.py - file_mode: 755 - watch: - git: sift-scripts-4n6-git sift-scripts-4n6-wp8-fb-msg.py: file.copy: - name: /usr/local/bin/wp8-fb-msg.py - source: /usr/local/src/4n6-scripts/wp8-fb-msg.py - file_mode: 755 - watch: - git: sift-scripts-4n6-git sift-scripts-4n6-wp8-sha256-pin-finder.py: file.copy: - name: /usr/local/bin/wp8-sha256-pin-finder.py - source: /usr/local/src/4n6-scripts/wp8-sha256-pin-finder.py - file_mode: 755 - watch: - git: sift-scripts-4n6-git sift-scripts-4n6-wp8-sms.py: file.copy: - name: /usr/local/bin/wp8-sms.py - source: /usr/local/src/4n6-scripts/wp8-sms.py - file_mode: 755 - watch: - git: sift-scripts-4n6-git sift-scripts-4n6-wwf-chat-parser.py: file.copy: - name: /usr/local/bin/wwf-chat-parser.py - source: /usr/local/src/4n6-scripts/wwf-chat-parser.py - file_mode: 755 - watch: - git: sift-scripts-4n6-git # [DEBUG ] Results of YAML rendering: OrderedDict([('include', ['sift.packages.git', 'sift.packages.python']), ('sift-scripts-4n6-git', OrderedDict([('git.latest', [OrderedDict([('name', 'https://github.com/cheeky4n6monkey/4n6-scripts.git')]), OrderedDict([('target', '/usr/local/src/4n6-scripts')]), OrderedDict([('user', 'root')]), OrderedDict([('rev', 'master')]), OrderedDict([('force_clone', True)]), OrderedDict([('require', [OrderedDict([('pkg', 'git')]), OrderedDict([('pkg', 'python')])])])])])), ('sift-scripts-4n6-WP8_AppPerms.py', OrderedDict([('file.copy', [OrderedDict([('name', '/usr/local/bin/WP8_AppPerms.py')]), OrderedDict([('source', '/usr/local/src/4n6-scripts/WP8_AppPerms.py')]), OrderedDict([('file_mode', 755)]), OrderedDict([('watch', [OrderedDict([('git', 'sift-scripts-4n6-git')])])])])])), ('sift-scripts-4n6-bing-bar-parser.pl', OrderedDict([('file.copy', [OrderedDict([('name', '/usr/local/bin/bing-bar-parser.pl')]), OrderedDict([('source', '/usr/local/src/4n6-scripts/bing-bar-parser.pl')]), OrderedDict([('file_mode', 755)]), OrderedDict([('watch', [OrderedDict([('git', 'sift-scripts-4n6-git')])])])])])), ('sift-scripts-4n6-chunkymonkey.py', OrderedDict([('file.copy', [OrderedDict([('name', '/usr/local/bin/chunkymonkey.py')]), OrderedDict([('source', '/usr/local/src/4n6-scripts/chunkymonkey.py')]), OrderedDict([('file_mode', 755)]), OrderedDict([('watch', [OrderedDict([('git', 'sift-scripts-4n6-git')])])])])])), ('sift-scripts-4n6-dextract.def', OrderedDict([('file.copy', [OrderedDict([('name', '/usr/local/bin/dextract.def')]), OrderedDict([('source', '/usr/local/src/4n6-scripts/dextract.def')]), OrderedDict([('file_mode', 755)]), OrderedDict([('watch', [OrderedDict([('git', 'sift-scripts-4n6-git')])])])])])), ('sift-scripts-4n6-dextract.py', OrderedDict([('file.copy', [OrderedDict([('name', '/usr/local/bin/dextract.py')]), OrderedDict([('source', '/usr/local/src/4n6-scripts/dextract.py')]), OrderedDict([('file_mode', 755)]), OrderedDict([('watch', [OrderedDict([('git', 'sift-scripts-4n6-git')])])])])])), ('sift-scripts-4n6-docx-font-extractor.pl', OrderedDict([('file.copy', [OrderedDict([('name', '/usr/local/bin/docx-font-extractor.pl')]), OrderedDict([('source', '/usr/local/src/4n6-scripts/docx-font-extractor.pl')]), OrderedDict([('file_mode', 755)]), OrderedDict([('watch', [OrderedDict([('git', 'sift-scripts-4n6-git')])])])])])), ('sift-scripts-4n6-exif2map.pl', OrderedDict([('file.copy', [OrderedDict([('name', '/usr/local/bin/exif2map.pl')]), OrderedDict([('source', '/usr/local/src/4n6-scripts/exif2map.pl')]), OrderedDict([('file_mode', 755)]), OrderedDict([('watch', [OrderedDict([('git', 'sift-scripts-4n6-git')])])])])])), ('sift-scripts-4n6-fbmsg-extractor.py', OrderedDict([('file.copy', [OrderedDict([('name', '/usr/local/bin/fbmsg-extractor.py')]), OrderedDict([('source', '/usr/local/src/4n6-scripts/fbmsg-extractor.py')]), OrderedDict([('file_mode', 755)]), OrderedDict([('watch', [OrderedDict([('git', 'sift-scripts-4n6-git')])])])])])), ('sift-scripts-4n6-gis4cookie.pl', OrderedDict([('file.copy', [OrderedDict([('name', '/usr/local/bin/gis4cookie.pl')]), OrderedDict([('source', '/usr/local/src/4n6-scripts/gis4cookie.pl')]), OrderedDict([('file_mode', 755)]), OrderedDict([('watch', [OrderedDict([('git', 'sift-scripts-4n6-git')])])])])])), ('sift-scripts-4n6-google-ei-time.py', OrderedDict([('file.copy', [OrderedDict([('name', '/usr/local/bin/google-ei-time.py')]), OrderedDict([('source', '/usr/local/src/4n6-scripts/google-ei-time.py')]), OrderedDict([('file_mode', 755)]), OrderedDict([('watch', [OrderedDict([('git', 'sift-scripts-4n6-git')])])])])])), ('sift-scripts-4n6-imgcache-parse-mod.py', OrderedDict([('file.copy', [OrderedDict([('name', '/usr/local/bin/imgcache-parse-mod.py')]), OrderedDict([('source', '/usr/local/src/4n6-scripts/imgcache-parse-mod.py')]), OrderedDict([('file_mode', 755)]), OrderedDict([('watch', [OrderedDict([('git', 'sift-scripts-4n6-git')])])])])])), ('sift-scripts-4n6-imgcache-parse.py', OrderedDict([('file.copy', [OrderedDict([('name', '/usr/local/bin/imgcache-parse.py')]), OrderedDict([('source', '/usr/local/src/4n6-scripts/imgcache-parse.py')]), OrderedDict([('file_mode', 755)]), OrderedDict([('watch', [OrderedDict([('git', 'sift-scripts-4n6-git')])])])])])), ('sift-scripts-4n6-json-printer.pl', OrderedDict([('file.copy', [OrderedDict([('name', '/usr/local/bin/json-printer.pl')]), OrderedDict([('source', '/usr/local/src/4n6-scripts/json-printer.pl')]), OrderedDict([('file_mode', 755)]), OrderedDict([('watch', [OrderedDict([('git', 'sift-scripts-4n6-git')])])])])])), ('sift-scripts-4n6-msoffice-pic-extractor.py', OrderedDict([('file.copy', [OrderedDict([('name', '/usr/local/bin/msoffice-pic-extractor.py')]), OrderedDict([('source', '/usr/local/src/4n6-scripts/msoffice-pic-extractor.py')]), OrderedDict([('file_mode', 755)]), OrderedDict([('watch', [OrderedDict([('git', 'sift-scripts-4n6-git')])])])])])), ('sift-scripts-4n6-plist2db.py', OrderedDict([('file.copy', [OrderedDict([('name', '/usr/local/bin/plist2db.py')]), OrderedDict([('source', '/usr/local/src/4n6-scripts/plist2db.py')]), OrderedDict([('file_mode', 755)]), OrderedDict([('watch', [OrderedDict([('git', 'sift-scripts-4n6-git')])])])])])), ('sift-scripts-4n6-print_apk_perms.py', OrderedDict([('file.copy', [OrderedDict([('name', '/usr/local/bin/print_apk_perms.py')]), OrderedDict([('source', '/usr/local/src/4n6-scripts/print_apk_perms.py')]), OrderedDict([('file_mode', 755)]), OrderedDict([('watch', [OrderedDict([('git', 'sift-scripts-4n6-git')])])])])])), ('sift-scripts-4n6-s2-cellid2latlong.py', OrderedDict([('file.copy', [OrderedDict([('name', '/usr/local/bin/s2-cellid2latlong.py')]), OrderedDict([('source', '/usr/local/src/4n6-scripts/s2-cellid2latlong.py')]), OrderedDict([('file_mode', 755)]), OrderedDict([('watch', [OrderedDict([('git', 'sift-scripts-4n6-git')])])])])])), ('sift-scripts-4n6-s2-latlong2cellid.py', OrderedDict([('file.copy', [OrderedDict([('name', '/usr/local/bin/s2-latlong2cellid.py')]), OrderedDict([('source', '/usr/local/src/4n6-scripts/s2-latlong2cellid.py')]), OrderedDict([('file_mode', 755)]), OrderedDict([('watch', [OrderedDict([('git', 'sift-scripts-4n6-git')])])])])])), ('sift-scripts-4n6-sms-grep-sample-config.txt', OrderedDict([('file.copy', [OrderedDict([('name', '/usr/local/bin/sms-grep-sample-config.txt')]), OrderedDict([('source', '/usr/local/src/4n6-scripts/sms-grep-sample-config.txt')]), OrderedDict([('file_mode', 755)]), OrderedDict([('watch', [OrderedDict([('git', 'sift-scripts-4n6-git')])])])])])), ('sift-scripts-4n6-sms-grep.pl', OrderedDict([('file.copy', [OrderedDict([('name', '/usr/local/bin/sms-grep.pl')]), OrderedDict([('source', '/usr/local/src/4n6-scripts/sms-grep.pl')]), OrderedDict([('file_mode', 755)]), OrderedDict([('watch', [OrderedDict([('git', 'sift-scripts-4n6-git')])])])])])), ('sift-scripts-4n6-sqlite-base64-decode.py', OrderedDict([('file.copy', [OrderedDict([('name', '/usr/local/bin/sqlite-base64-decode.py')]), OrderedDict([('source', '/usr/local/src/4n6-scripts/sqlite-base64-decode.py')]), OrderedDict([('file_mode', 755)]), OrderedDict([('watch', [OrderedDict([('git', 'sift-scripts-4n6-git')])])])])])), ('sift-scripts-4n6-sqlite-blob-dumper.py', OrderedDict([('file.copy', [OrderedDict([('name', '/usr/local/bin/sqlite-blob-dumper.py')]), OrderedDict([('source', '/usr/local/src/4n6-scripts/sqlite-blob-dumper.py')]), OrderedDict([('file_mode', 755)]), OrderedDict([('watch', [OrderedDict([('git', 'sift-scripts-4n6-git')])])])])])), ('sift-scripts-4n6-sqlite-parser.pl', OrderedDict([('file.copy', [OrderedDict([('name', '/usr/local/bin/sqlite-parser.pl')]), OrderedDict([('source', '/usr/local/src/4n6-scripts/sqlite-parser.pl')]), OrderedDict([('file_mode', 755)]), OrderedDict([('watch', [OrderedDict([('git', 'sift-scripts-4n6-git')])])])])])), ('sift-scripts-4n6-squirrelgripper-README.txt', OrderedDict([('file.copy', [OrderedDict([('name', '/usr/local/bin/squirrelgripper-README.txt')]), OrderedDict([('source', '/usr/local/src/4n6-scripts/squirrelgripper-README.txt')]), OrderedDict([('file_mode', 755)]), OrderedDict([('watch', [OrderedDict([('git', 'sift-scripts-4n6-git')])])])])])), ('sift-scripts-4n6-squirrelgripper.pl', OrderedDict([('file.copy', [OrderedDict([('name', '/usr/local/bin/squirrelgripper.pl')]), OrderedDict([('source', '/usr/local/src/4n6-scripts/squirrelgripper.pl')]), OrderedDict([('file_mode', 755)]), OrderedDict([('watch', [OrderedDict([('git', 'sift-scripts-4n6-git')])])])])])), ('sift-scripts-4n6-timediff32.pl', OrderedDict([('file.copy', [OrderedDict([('name', '/usr/local/bin/timediff32.pl')]), OrderedDict([('source', '/usr/local/src/4n6-scripts/timediff32.pl')]), OrderedDict([('file_mode', 755)]), OrderedDict([('watch', [OrderedDict([('git', 'sift-scripts-4n6-git')])])])])])), ('sift-scripts-4n6-vmail-db-2-html.pl', OrderedDict([('file.copy', [OrderedDict([('name', '/usr/local/bin/vmail-db-2-html.pl')]), OrderedDict([('source', '/usr/local/src/4n6-scripts/vmail-db-2-html.pl')]), OrderedDict([('file_mode', 755)]), OrderedDict([('watch', [OrderedDict([('git', 'sift-scripts-4n6-git')])])])])])), ('sift-scripts-4n6-wp8-1-callhistory.py', OrderedDict([('file.copy', [OrderedDict([('name', '/usr/local/bin/wp8-1-callhistory.py')]), OrderedDict([('source', '/usr/local/src/4n6-scripts/wp8-1-callhistory.py')]), OrderedDict([('file_mode', 755)]), OrderedDict([('watch', [OrderedDict([('git', 'sift-scripts-4n6-git')])])])])])), ('sift-scripts-4n6-wp8-1-contacts.py', OrderedDict([('file.copy', [OrderedDict([('name', '/usr/local/bin/wp8-1-contacts.py')]), OrderedDict([('source', '/usr/local/src/4n6-scripts/wp8-1-contacts.py')]), OrderedDict([('file_mode', 755)]), OrderedDict([('watch', [OrderedDict([('git', 'sift-scripts-4n6-git')])])])])])), ('sift-scripts-4n6-wp8-1-mms-filesort.py', OrderedDict([('file.copy', [OrderedDict([('name', '/usr/local/bin/wp8-1-mms-filesort.py')]), OrderedDict([('source', '/usr/local/src/4n6-scripts/wp8-1-mms-filesort.py')]), OrderedDict([('file_mode', 755)]), OrderedDict([('watch', [OrderedDict([('git', 'sift-scripts-4n6-git')])])])])])), ('sift-scripts-4n6-wp8-1-mms.py', OrderedDict([('file.copy', [OrderedDict([('name', '/usr/local/bin/wp8-1-mms.py')]), OrderedDict([('source', '/usr/local/src/4n6-scripts/wp8-1-mms.py')]), OrderedDict([('file_mode', 755)]), OrderedDict([('watch', [OrderedDict([('git', 'sift-scripts-4n6-git')])])])])])), ('sift-scripts-4n6-wp8-1-sms.py', OrderedDict([('file.copy', [OrderedDict([('name', '/usr/local/bin/wp8-1-sms.py')]), OrderedDict([('source', '/usr/local/src/4n6-scripts/wp8-1-sms.py')]), OrderedDict([('file_mode', 755)]), OrderedDict([('watch', [OrderedDict([('git', 'sift-scripts-4n6-git')])])])])])), ('sift-scripts-4n6-wp8-callhistory.py', OrderedDict([('file.copy', [OrderedDict([('name', '/usr/local/bin/wp8-callhistory.py')]), OrderedDict([('source', '/usr/local/src/4n6-scripts/wp8-callhistory.py')]), OrderedDict([('file_mode', 755)]), OrderedDict([('watch', [OrderedDict([('git', 'sift-scripts-4n6-git')])])])])])), ('sift-scripts-4n6-wp8-contacts.py', OrderedDict([('file.copy', [OrderedDict([('name', '/usr/local/bin/wp8-contacts.py')]), OrderedDict([('source', '/usr/local/src/4n6-scripts/wp8-contacts.py')]), OrderedDict([('file_mode', 755)]), OrderedDict([('watch', [OrderedDict([('git', 'sift-scripts-4n6-git')])])])])])), ('sift-scripts-4n6-wp8-fb-msg.py', OrderedDict([('file.copy', [OrderedDict([('name', '/usr/local/bin/wp8-fb-msg.py')]), OrderedDict([('source', '/usr/local/src/4n6-scripts/wp8-fb-msg.py')]), OrderedDict([('file_mode', 755)]), OrderedDict([('watch', [OrderedDict([('git', 'sift-scripts-4n6-git')])])])])])), ('sift-scripts-4n6-wp8-sha256-pin-finder.py', OrderedDict([('file.copy', [OrderedDict([('name', '/usr/local/bin/wp8-sha256-pin-finder.py')]), OrderedDict([('source', '/usr/local/src/4n6-scripts/wp8-sha256-pin-finder.py')]), OrderedDict([('file_mode', 755)]), OrderedDict([('watch', [OrderedDict([('git', 'sift-scripts-4n6-git')])])])])])), ('sift-scripts-4n6-wp8-sms.py', OrderedDict([('file.copy', [OrderedDict([('name', '/usr/local/bin/wp8-sms.py')]), OrderedDict([('source', '/usr/local/src/4n6-scripts/wp8-sms.py')]), OrderedDict([('file_mode', 755)]), OrderedDict([('watch', [OrderedDict([('git', 'sift-scripts-4n6-git')])])])])])), ('sift-scripts-4n6-wwf-chat-parser.py', OrderedDict([('file.copy', [OrderedDict([('name', '/usr/local/bin/wwf-chat-parser.py')]), OrderedDict([('source', '/usr/local/src/4n6-scripts/wwf-chat-parser.py')]), OrderedDict([('file_mode', 755)]), OrderedDict([('watch', [OrderedDict([('git', 'sift-scripts-4n6-git')])])])])]))]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/scripts/4n6.sls' using 'yaml' renderer: 0.0707528591156 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/scripts/amcache.sls' to resolve 'salt://sift/scripts/amcache.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/scripts/amcache.sls' to resolve 'salt://sift/scripts/amcache.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/scripts/amcache.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/scripts/amcache.sls' using 'jinja' renderer: 0.00178503990173 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/scripts/amcache.sls: # Source: https://github.com/williballenthin/python-registry # License: Apache2 - https://github.com/williballenthin/python-registry/blob/master/LICENSE.TXT sift-scripts-amcache: file.managed: - name: /usr/local/bin/amcache.py - source: https://raw.githubusercontent.com/williballenthin/python-registry/1a669eada6f7933798751e0cf482a9eb654c739b/samples/amcache.py - source_hash: sha256=1065c23fdea1fde90e931bf5ccabc93b508bee0f6855a6ef2b3b9fd74495e279 - mode: 755 sift-scripts-amcache-shebang: file.replace: - name: /usr/local/bin/amcache.py - pattern: '#!/usr/bin/python' - repl: '#!/usr/bin/env python' - count: 1 - watch: - file: sift-scripts-amcache # [DEBUG ] Results of YAML rendering: OrderedDict([('sift-scripts-amcache', OrderedDict([('file.managed', [OrderedDict([('name', '/usr/local/bin/amcache.py')]), OrderedDict([('source', 'https://raw.githubusercontent.com/williballenthin/python-registry/1a669eada6f7933798751e0cf482a9eb654c739b/samples/amcache.py')]), OrderedDict([('source_hash', 'sha256=1065c23fdea1fde90e931bf5ccabc93b508bee0f6855a6ef2b3b9fd74495e279')]), OrderedDict([('mode', 755)])])])), ('sift-scripts-amcache-shebang', OrderedDict([('file.replace', [OrderedDict([('name', '/usr/local/bin/amcache.py')]), OrderedDict([('pattern', '#!/usr/bin/python')]), OrderedDict([('repl', '#!/usr/bin/env python')]), OrderedDict([('count', 1)]), OrderedDict([('watch', [OrderedDict([('file', 'sift-scripts-amcache')])])])])]))]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/scripts/amcache.sls' using 'yaml' renderer: 0.00360298156738 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/scripts/dump-mft-entry.sls' to resolve 'salt://sift/scripts/dump-mft-entry.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/scripts/dump-mft-entry.sls' to resolve 'salt://sift/scripts/dump-mft-entry.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/scripts/dump-mft-entry.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/scripts/dump-mft-entry.sls' using 'jinja' renderer: 0.00185394287109 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/scripts/dump-mft-entry.sls: # Source: https://github.com/superponible/DFIR # License: Unknown sift-scripts-dump-mft-entry: file.managed: - name: /usr/local/bin/dump-mft-entry.pl - source: https://raw.githubusercontent.com/superponible/DFIR/ee681a07a0c32a5ccaea788cd7d012d19872f181/dump_mft_entry.pl - source_hash: sha256=7141258a36037653dd377d062350f703b90c99e70c9e3d38f86fcd8c70258e1b - mode: 755 sift-scripts-dump-mft-entry-shebang: file.replace: - name: /usr/local/bin/dump-mft-entry.pl - pattern: '#!/usr/bin/perl' - repl: '#!/usr/bin/env perl' - count: 1 - watch: - file: sift-scripts-dump-mft-entry # [DEBUG ] Results of YAML rendering: OrderedDict([('sift-scripts-dump-mft-entry', OrderedDict([('file.managed', [OrderedDict([('name', '/usr/local/bin/dump-mft-entry.pl')]), OrderedDict([('source', 'https://raw.githubusercontent.com/superponible/DFIR/ee681a07a0c32a5ccaea788cd7d012d19872f181/dump_mft_entry.pl')]), OrderedDict([('source_hash', 'sha256=7141258a36037653dd377d062350f703b90c99e70c9e3d38f86fcd8c70258e1b')]), OrderedDict([('mode', 755)])])])), ('sift-scripts-dump-mft-entry-shebang', OrderedDict([('file.replace', [OrderedDict([('name', '/usr/local/bin/dump-mft-entry.pl')]), OrderedDict([('pattern', '#!/usr/bin/perl')]), OrderedDict([('repl', '#!/usr/bin/env perl')]), OrderedDict([('count', 1)]), OrderedDict([('watch', [OrderedDict([('file', 'sift-scripts-dump-mft-entry')])])])])]))]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/scripts/dump-mft-entry.sls' using 'yaml' renderer: 0.00357389450073 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/scripts/image-mounter.sls' to resolve 'salt://sift/scripts/image-mounter.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/scripts/image-mounter.sls' to resolve 'salt://sift/scripts/image-mounter.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/scripts/image-mounter.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/scripts/image-mounter.sls' using 'jinja' renderer: 0.000907182693481 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/scripts/image-mounter.sls: # Source: https://github.com/kevthehermit/Scripts sift-scripts-image-mounter: file.managed: - name: /usr/local/bin/imageMounter.py - source: https://raw.githubusercontent.com/kevthehermit/Scripts/master/imageMounter.py - source_hash: sha256=7e810482b5aa58f8085a7a03be266c113530145306c73c75ba9956ba83e39151 - mode: 755 # [DEBUG ] Results of YAML rendering: OrderedDict([('sift-scripts-image-mounter', OrderedDict([('file.managed', [OrderedDict([('name', '/usr/local/bin/imageMounter.py')]), OrderedDict([('source', 'https://raw.githubusercontent.com/kevthehermit/Scripts/master/imageMounter.py')]), OrderedDict([('source_hash', 'sha256=7e810482b5aa58f8085a7a03be266c113530145306c73c75ba9956ba83e39151')]), OrderedDict([('mode', 755)])])]))]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/scripts/image-mounter.sls' using 'yaml' renderer: 0.00193095207214 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/scripts/java-idx-parser.sls' to resolve 'salt://sift/scripts/java-idx-parser.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/scripts/java-idx-parser.sls' to resolve 'salt://sift/scripts/java-idx-parser.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/scripts/java-idx-parser.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/scripts/java-idx-parser.sls' using 'jinja' renderer: 0.000992059707642 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/scripts/java-idx-parser.sls: # Source: https://github.com/Rurik/Java_IDX_Parser # License: https://github.com/Rurik/Java_IDX_Parser#copyright-and-license scripts-java-idx-parser: file.managed: - name: /usr/local/bin/idx_parser.py - source: https://raw.githubusercontent.com/Rurik/Java_IDX_Parser/master/idx_parser.py - source_hash: sha256=963d5f38b93016f147295ab6871dcba326c9315ea9402652745ae6290b594f45 - mode: 755 # [DEBUG ] Results of YAML rendering: OrderedDict([('scripts-java-idx-parser', OrderedDict([('file.managed', [OrderedDict([('name', '/usr/local/bin/idx_parser.py')]), OrderedDict([('source', 'https://raw.githubusercontent.com/Rurik/Java_IDX_Parser/master/idx_parser.py')]), OrderedDict([('source_hash', 'sha256=963d5f38b93016f147295ab6871dcba326c9315ea9402652745ae6290b594f45')]), OrderedDict([('mode', 755)])])]))]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/scripts/java-idx-parser.sls' using 'yaml' renderer: 0.00189304351807 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/scripts/jobparser.sls' to resolve 'salt://sift/scripts/jobparser.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/scripts/jobparser.sls' to resolve 'salt://sift/scripts/jobparser.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/scripts/jobparser.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/scripts/jobparser.sls' using 'jinja' renderer: 0.00171494483948 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/scripts/jobparser.sls: # Source: https://github.com/gleeda/misc-scripts # License: GNU GPL sift-scripts-jobparser: file.managed: - name: /usr/local/bin/jobparser.py - source: https://raw.githubusercontent.com/gleeda/misc-scripts/03a0d9126359c6b4b0b508062d3422bea9b69036/misc_python/jobparser.py - source_hash: sha256=a6869e7f0f2f360681ff67a67b65c627b0084ebec25d7a9bb44abe8a1cdfb467 - mode: 755 # [DEBUG ] Results of YAML rendering: OrderedDict([('sift-scripts-jobparser', OrderedDict([('file.managed', [OrderedDict([('name', '/usr/local/bin/jobparser.py')]), OrderedDict([('source', 'https://raw.githubusercontent.com/gleeda/misc-scripts/03a0d9126359c6b4b0b508062d3422bea9b69036/misc_python/jobparser.py')]), OrderedDict([('source_hash', 'sha256=a6869e7f0f2f360681ff67a67b65c627b0084ebec25d7a9bb44abe8a1cdfb467')]), OrderedDict([('mode', 755)])])]))]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/scripts/jobparser.sls' using 'yaml' renderer: 0.00187087059021 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/scripts/keydet-tools.sls' to resolve 'salt://sift/scripts/keydet-tools.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/scripts/keydet-tools.sls' to resolve 'salt://sift/scripts/keydet-tools.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/scripts/keydet-tools.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/scripts/keydet-tools.sls' using 'jinja' renderer: 0.00516700744629 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/scripts/keydet-tools.sls: include: - sift.packages.git sift-scripts-keydet-tools-git: git.latest: - name: https://github.com/keydet89/Tools.git - target: /usr/local/src/keydet-tools - user: root - rev: master - force_clone: True - require: - pkg: git sift-scripts-keydet-tools-bodyfile.pl: file.copy: - name: /usr/local/bin/bodyfile.pl - source: /usr/local/src/keydet-tools/source/bodyfile.pl - file_mode: 755 - watch: - git: sift-scripts-keydet-tools-git sift-scripts-keydet-tools-shebang-bodyfile.pl: file.replace: - name: /usr/local/bin/bodyfile.pl - pattern: '#!(.*)' - repl: '#!/usr/bin/env perl' - count: 1 - watch: - file: sift-scripts-keydet-tools-bodyfile.pl sift-scripts-keydet-tools-evtparse.pl: file.copy: - name: /usr/local/bin/evtparse.pl - source: /usr/local/src/keydet-tools/source/evtparse.pl - file_mode: 755 - watch: - git: sift-scripts-keydet-tools-git sift-scripts-keydet-tools-shebang-evtparse.pl: file.replace: - name: /usr/local/bin/evtparse.pl - pattern: '#!(.*)' - repl: '#!/usr/bin/env perl' - count: 1 - watch: - file: sift-scripts-keydet-tools-evtparse.pl sift-scripts-keydet-tools-evtrpt.pl: file.copy: - name: /usr/local/bin/evtrpt.pl - source: /usr/local/src/keydet-tools/source/evtrpt.pl - file_mode: 755 - watch: - git: sift-scripts-keydet-tools-git sift-scripts-keydet-tools-shebang-evtrpt.pl: file.replace: - name: /usr/local/bin/evtrpt.pl - pattern: '#!(.*)' - repl: '#!/usr/bin/env perl' - count: 1 - watch: - file: sift-scripts-keydet-tools-evtrpt.pl sift-scripts-keydet-tools-evtxparse.pl: file.copy: - name: /usr/local/bin/evtxparse.pl - source: /usr/local/src/keydet-tools/source/evtxparse.pl - file_mode: 755 - watch: - git: sift-scripts-keydet-tools-git sift-scripts-keydet-tools-shebang-evtxparse.pl: file.replace: - name: /usr/local/bin/evtxparse.pl - pattern: '#!(.*)' - repl: '#!/usr/bin/env perl' - count: 1 - watch: - file: sift-scripts-keydet-tools-evtxparse.pl sift-scripts-keydet-tools-fb.pl: file.copy: - name: /usr/local/bin/fb.pl - source: /usr/local/src/keydet-tools/source/fb.pl - file_mode: 755 - watch: - git: sift-scripts-keydet-tools-git sift-scripts-keydet-tools-shebang-fb.pl: file.replace: - name: /usr/local/bin/fb.pl - pattern: '#!(.*)' - repl: '#!/usr/bin/env perl' - count: 1 - watch: - file: sift-scripts-keydet-tools-fb.pl sift-scripts-keydet-tools-ff.pl: file.copy: - name: /usr/local/bin/ff.pl - source: /usr/local/src/keydet-tools/source/ff.pl - file_mode: 755 - watch: - git: sift-scripts-keydet-tools-git sift-scripts-keydet-tools-shebang-ff.pl: file.replace: - name: /usr/local/bin/ff.pl - pattern: '#!(.*)' - repl: '#!/usr/bin/env perl' - count: 1 - watch: - file: sift-scripts-keydet-tools-ff.pl sift-scripts-keydet-tools-ff_signons.pl: file.copy: - name: /usr/local/bin/ff_signons.pl - source: /usr/local/src/keydet-tools/source/ff_signons.pl - file_mode: 755 - watch: - git: sift-scripts-keydet-tools-git sift-scripts-keydet-tools-shebang-ff_signons.pl: file.replace: - name: /usr/local/bin/ff_signons.pl - pattern: '#!(.*)' - repl: '#!/usr/bin/env perl' - count: 1 - watch: - file: sift-scripts-keydet-tools-ff_signons.pl sift-scripts-keydet-tools-ftkparse.pl: file.copy: - name: /usr/local/bin/ftkparse.pl - source: /usr/local/src/keydet-tools/source/ftkparse.pl - file_mode: 755 - watch: - git: sift-scripts-keydet-tools-git sift-scripts-keydet-tools-shebang-ftkparse.pl: file.replace: - name: /usr/local/bin/ftkparse.pl - pattern: '#!(.*)' - repl: '#!/usr/bin/env perl' - count: 1 - watch: - file: sift-scripts-keydet-tools-ftkparse.pl sift-scripts-keydet-tools-idx.pl: file.copy: - name: /usr/local/bin/idx.pl - source: /usr/local/src/keydet-tools/source/idx.pl - file_mode: 755 - watch: - git: sift-scripts-keydet-tools-git sift-scripts-keydet-tools-shebang-idx.pl: file.replace: - name: /usr/local/bin/idx.pl - pattern: '#!(.*)' - repl: '#!/usr/bin/env perl' - count: 1 - watch: - file: sift-scripts-keydet-tools-idx.pl sift-scripts-keydet-tools-idxparse.pl: file.copy: - name: /usr/local/bin/idxparse.pl - source: /usr/local/src/keydet-tools/source/idxparse.pl - file_mode: 755 - watch: - git: sift-scripts-keydet-tools-git sift-scripts-keydet-tools-shebang-idxparse.pl: file.replace: - name: /usr/local/bin/idxparse.pl - pattern: '#!(.*)' - repl: '#!/usr/bin/env perl' - count: 1 - watch: - file: sift-scripts-keydet-tools-idxparse.pl sift-scripts-keydet-tools-jl.pl: file.copy: - name: /usr/local/bin/jl.pl - source: /usr/local/src/keydet-tools/source/jl.pl - file_mode: 755 - watch: - git: sift-scripts-keydet-tools-git sift-scripts-keydet-tools-shebang-jl.pl: file.replace: - name: /usr/local/bin/jl.pl - pattern: '#!(.*)' - repl: '#!/usr/bin/env perl' - count: 1 - watch: - file: sift-scripts-keydet-tools-jl.pl sift-scripts-keydet-tools-jobparse.pl: file.copy: - name: /usr/local/bin/jobparse.pl - source: /usr/local/src/keydet-tools/source/jobparse.pl - file_mode: 755 - watch: - git: sift-scripts-keydet-tools-git sift-scripts-keydet-tools-shebang-jobparse.pl: file.replace: - name: /usr/local/bin/jobparse.pl - pattern: '#!(.*)' - repl: '#!/usr/bin/env perl' - count: 1 - watch: - file: sift-scripts-keydet-tools-jobparse.pl sift-scripts-keydet-tools-lfle.pl: file.copy: - name: /usr/local/bin/lfle.pl - source: /usr/local/src/keydet-tools/source/lfle.pl - file_mode: 755 - watch: - git: sift-scripts-keydet-tools-git sift-scripts-keydet-tools-shebang-lfle.pl: file.replace: - name: /usr/local/bin/lfle.pl - pattern: '#!(.*)' - repl: '#!/usr/bin/env perl' - count: 1 - watch: - file: sift-scripts-keydet-tools-lfle.pl sift-scripts-keydet-tools-lnk.pl: file.copy: - name: /usr/local/bin/lnk.pl - source: /usr/local/src/keydet-tools/source/lnk.pl - file_mode: 755 - watch: - git: sift-scripts-keydet-tools-git sift-scripts-keydet-tools-shebang-lnk.pl: file.replace: - name: /usr/local/bin/lnk.pl - pattern: '#!(.*)' - repl: '#!/usr/bin/env perl' - count: 1 - watch: - file: sift-scripts-keydet-tools-lnk.pl sift-scripts-keydet-tools-mft.pl: file.copy: - name: /usr/local/bin/mft.pl - source: /usr/local/src/keydet-tools/source/mft.pl - file_mode: 755 - watch: - git: sift-scripts-keydet-tools-git sift-scripts-keydet-tools-shebang-mft.pl: file.replace: - name: /usr/local/bin/mft.pl - pattern: '#!(.*)' - repl: '#!/usr/bin/env perl' - count: 1 - watch: - file: sift-scripts-keydet-tools-mft.pl sift-scripts-keydet-tools-parse.pl: file.copy: - name: /usr/local/bin/parse.pl - source: /usr/local/src/keydet-tools/source/parse.pl - file_mode: 755 - watch: - git: sift-scripts-keydet-tools-git sift-scripts-keydet-tools-shebang-parse.pl: file.replace: - name: /usr/local/bin/parse.pl - pattern: '#!(.*)' - repl: '#!/usr/bin/env perl' - count: 1 - watch: - file: sift-scripts-keydet-tools-parse.pl sift-scripts-keydet-tools-parsei30.pl: file.copy: - name: /usr/local/bin/parsei30.pl - source: /usr/local/src/keydet-tools/source/parsei30.pl - file_mode: 755 - watch: - git: sift-scripts-keydet-tools-git sift-scripts-keydet-tools-shebang-parsei30.pl: file.replace: - name: /usr/local/bin/parsei30.pl - pattern: '#!(.*)' - repl: '#!/usr/bin/env perl' - count: 1 - watch: - file: sift-scripts-keydet-tools-parsei30.pl sift-scripts-keydet-tools-parseie.pl: file.copy: - name: /usr/local/bin/parseie.pl - source: /usr/local/src/keydet-tools/source/parseie.pl - file_mode: 755 - watch: - git: sift-scripts-keydet-tools-git sift-scripts-keydet-tools-shebang-parseie.pl: file.replace: - name: /usr/local/bin/parseie.pl - pattern: '#!(.*)' - repl: '#!/usr/bin/env perl' - count: 1 - watch: - file: sift-scripts-keydet-tools-parseie.pl sift-scripts-keydet-tools-pie.pl: file.copy: - name: /usr/local/bin/pie.pl - source: /usr/local/src/keydet-tools/source/pie.pl - file_mode: 755 - watch: - git: sift-scripts-keydet-tools-git sift-scripts-keydet-tools-shebang-pie.pl: file.replace: - name: /usr/local/bin/pie.pl - pattern: '#!(.*)' - repl: '#!/usr/bin/env perl' - count: 1 - watch: - file: sift-scripts-keydet-tools-pie.pl sift-scripts-keydet-tools-pref.pl: file.copy: - name: /usr/local/bin/pref.pl - source: /usr/local/src/keydet-tools/source/pref.pl - file_mode: 755 - watch: - git: sift-scripts-keydet-tools-git sift-scripts-keydet-tools-shebang-pref.pl: file.replace: - name: /usr/local/bin/pref.pl - pattern: '#!(.*)' - repl: '#!/usr/bin/env perl' - count: 1 - watch: - file: sift-scripts-keydet-tools-pref.pl sift-scripts-keydet-tools-rawie.pl: file.copy: - name: /usr/local/bin/rawie.pl - source: /usr/local/src/keydet-tools/source/rawie.pl - file_mode: 755 - watch: - git: sift-scripts-keydet-tools-git sift-scripts-keydet-tools-shebang-rawie.pl: file.replace: - name: /usr/local/bin/rawie.pl - pattern: '#!(.*)' - repl: '#!/usr/bin/env perl' - count: 1 - watch: - file: sift-scripts-keydet-tools-rawie.pl sift-scripts-keydet-tools-recbin.pl: file.copy: - name: /usr/local/bin/recbin.pl - source: /usr/local/src/keydet-tools/source/recbin.pl - file_mode: 755 - watch: - git: sift-scripts-keydet-tools-git sift-scripts-keydet-tools-shebang-recbin.pl: file.replace: - name: /usr/local/bin/recbin.pl - pattern: '#!(.*)' - repl: '#!/usr/bin/env perl' - count: 1 - watch: - file: sift-scripts-keydet-tools-recbin.pl sift-scripts-keydet-tools-regslack.pl: file.copy: - name: /usr/local/bin/regslack.pl - source: /usr/local/src/keydet-tools/source/regslack.pl - file_mode: 755 - watch: - git: sift-scripts-keydet-tools-git sift-scripts-keydet-tools-shebang-regslack.pl: file.replace: - name: /usr/local/bin/regslack.pl - pattern: '#!(.*)' - repl: '#!/usr/bin/env perl' - count: 1 - watch: - file: sift-scripts-keydet-tools-regslack.pl sift-scripts-keydet-tools-regtime.pl: file.copy: - name: /usr/local/bin/regtime.pl - source: /usr/local/src/keydet-tools/source/regtime.pl - file_mode: 755 - watch: - git: sift-scripts-keydet-tools-git sift-scripts-keydet-tools-shebang-regtime.pl: file.replace: - name: /usr/local/bin/regtime.pl - pattern: '#!(.*)' - repl: '#!/usr/bin/env perl' - count: 1 - watch: - file: sift-scripts-keydet-tools-regtime.pl sift-scripts-keydet-tools-rfc.pl: file.copy: - name: /usr/local/bin/rfc.pl - source: /usr/local/src/keydet-tools/source/rfc.pl - file_mode: 755 - watch: - git: sift-scripts-keydet-tools-git sift-scripts-keydet-tools-shebang-rfc.pl: file.replace: - name: /usr/local/bin/rfc.pl - pattern: '#!(.*)' - repl: '#!/usr/bin/env perl' - count: 1 - watch: - file: sift-scripts-keydet-tools-rfc.pl sift-scripts-keydet-tools-rlo.pl: file.copy: - name: /usr/local/bin/rlo.pl - source: /usr/local/src/keydet-tools/source/rlo.pl - file_mode: 755 - watch: - git: sift-scripts-keydet-tools-git sift-scripts-keydet-tools-shebang-rlo.pl: file.replace: - name: /usr/local/bin/rlo.pl - pattern: '#!(.*)' - repl: '#!/usr/bin/env perl' - count: 1 - watch: - file: sift-scripts-keydet-tools-rlo.pl sift-scripts-keydet-tools-tln.pl: file.copy: - name: /usr/local/bin/tln.pl - source: /usr/local/src/keydet-tools/source/tln.pl - file_mode: 755 - watch: - git: sift-scripts-keydet-tools-git sift-scripts-keydet-tools-shebang-tln.pl: file.replace: - name: /usr/local/bin/tln.pl - pattern: '#!(.*)' - repl: '#!/usr/bin/env perl' - count: 1 - watch: - file: sift-scripts-keydet-tools-tln.pl sift-scripts-keydet-tools-usnj.pl: file.copy: - name: /usr/local/bin/usnj.pl - source: /usr/local/src/keydet-tools/source/usnj.pl - file_mode: 755 - watch: - git: sift-scripts-keydet-tools-git sift-scripts-keydet-tools-shebang-usnj.pl: file.replace: - name: /usr/local/bin/usnj.pl - pattern: '#!(.*)' - repl: '#!/usr/bin/env perl' - count: 1 - watch: - file: sift-scripts-keydet-tools-usnj.pl # [DEBUG ] Results of YAML rendering: OrderedDict([('include', ['sift.packages.git']), ('sift-scripts-keydet-tools-git', OrderedDict([('git.latest', [OrderedDict([('name', 'https://github.com/keydet89/Tools.git')]), OrderedDict([('target', '/usr/local/src/keydet-tools')]), OrderedDict([('user', 'root')]), OrderedDict([('rev', 'master')]), OrderedDict([('force_clone', True)]), OrderedDict([('require', [OrderedDict([('pkg', 'git')])])])])])), ('sift-scripts-keydet-tools-bodyfile.pl', OrderedDict([('file.copy', [OrderedDict([('name', '/usr/local/bin/bodyfile.pl')]), OrderedDict([('source', '/usr/local/src/keydet-tools/source/bodyfile.pl')]), OrderedDict([('file_mode', 755)]), OrderedDict([('watch', [OrderedDict([('git', 'sift-scripts-keydet-tools-git')])])])])])), ('sift-scripts-keydet-tools-shebang-bodyfile.pl', OrderedDict([('file.replace', [OrderedDict([('name', '/usr/local/bin/bodyfile.pl')]), OrderedDict([('pattern', '#!(.*)')]), OrderedDict([('repl', '#!/usr/bin/env perl')]), OrderedDict([('count', 1)]), OrderedDict([('watch', [OrderedDict([('file', 'sift-scripts-keydet-tools-bodyfile.pl')])])])])])), ('sift-scripts-keydet-tools-evtparse.pl', OrderedDict([('file.copy', [OrderedDict([('name', '/usr/local/bin/evtparse.pl')]), OrderedDict([('source', '/usr/local/src/keydet-tools/source/evtparse.pl')]), OrderedDict([('file_mode', 755)]), OrderedDict([('watch', [OrderedDict([('git', 'sift-scripts-keydet-tools-git')])])])])])), ('sift-scripts-keydet-tools-shebang-evtparse.pl', OrderedDict([('file.replace', [OrderedDict([('name', '/usr/local/bin/evtparse.pl')]), OrderedDict([('pattern', '#!(.*)')]), OrderedDict([('repl', '#!/usr/bin/env perl')]), OrderedDict([('count', 1)]), OrderedDict([('watch', [OrderedDict([('file', 'sift-scripts-keydet-tools-evtparse.pl')])])])])])), ('sift-scripts-keydet-tools-evtrpt.pl', OrderedDict([('file.copy', [OrderedDict([('name', '/usr/local/bin/evtrpt.pl')]), OrderedDict([('source', '/usr/local/src/keydet-tools/source/evtrpt.pl')]), OrderedDict([('file_mode', 755)]), OrderedDict([('watch', [OrderedDict([('git', 'sift-scripts-keydet-tools-git')])])])])])), ('sift-scripts-keydet-tools-shebang-evtrpt.pl', OrderedDict([('file.replace', [OrderedDict([('name', '/usr/local/bin/evtrpt.pl')]), OrderedDict([('pattern', '#!(.*)')]), OrderedDict([('repl', '#!/usr/bin/env perl')]), OrderedDict([('count', 1)]), OrderedDict([('watch', [OrderedDict([('file', 'sift-scripts-keydet-tools-evtrpt.pl')])])])])])), ('sift-scripts-keydet-tools-evtxparse.pl', OrderedDict([('file.copy', [OrderedDict([('name', '/usr/local/bin/evtxparse.pl')]), OrderedDict([('source', '/usr/local/src/keydet-tools/source/evtxparse.pl')]), OrderedDict([('file_mode', 755)]), OrderedDict([('watch', [OrderedDict([('git', 'sift-scripts-keydet-tools-git')])])])])])), ('sift-scripts-keydet-tools-shebang-evtxparse.pl', OrderedDict([('file.replace', [OrderedDict([('name', '/usr/local/bin/evtxparse.pl')]), OrderedDict([('pattern', '#!(.*)')]), OrderedDict([('repl', '#!/usr/bin/env perl')]), OrderedDict([('count', 1)]), OrderedDict([('watch', [OrderedDict([('file', 'sift-scripts-keydet-tools-evtxparse.pl')])])])])])), ('sift-scripts-keydet-tools-fb.pl', OrderedDict([('file.copy', [OrderedDict([('name', '/usr/local/bin/fb.pl')]), OrderedDict([('source', '/usr/local/src/keydet-tools/source/fb.pl')]), OrderedDict([('file_mode', 755)]), OrderedDict([('watch', [OrderedDict([('git', 'sift-scripts-keydet-tools-git')])])])])])), ('sift-scripts-keydet-tools-shebang-fb.pl', OrderedDict([('file.replace', [OrderedDict([('name', '/usr/local/bin/fb.pl')]), OrderedDict([('pattern', '#!(.*)')]), OrderedDict([('repl', '#!/usr/bin/env perl')]), OrderedDict([('count', 1)]), OrderedDict([('watch', [OrderedDict([('file', 'sift-scripts-keydet-tools-fb.pl')])])])])])), ('sift-scripts-keydet-tools-ff.pl', OrderedDict([('file.copy', [OrderedDict([('name', '/usr/local/bin/ff.pl')]), OrderedDict([('source', '/usr/local/src/keydet-tools/source/ff.pl')]), OrderedDict([('file_mode', 755)]), OrderedDict([('watch', [OrderedDict([('git', 'sift-scripts-keydet-tools-git')])])])])])), ('sift-scripts-keydet-tools-shebang-ff.pl', OrderedDict([('file.replace', [OrderedDict([('name', '/usr/local/bin/ff.pl')]), OrderedDict([('pattern', '#!(.*)')]), OrderedDict([('repl', '#!/usr/bin/env perl')]), OrderedDict([('count', 1)]), OrderedDict([('watch', [OrderedDict([('file', 'sift-scripts-keydet-tools-ff.pl')])])])])])), ('sift-scripts-keydet-tools-ff_signons.pl', OrderedDict([('file.copy', [OrderedDict([('name', '/usr/local/bin/ff_signons.pl')]), OrderedDict([('source', '/usr/local/src/keydet-tools/source/ff_signons.pl')]), OrderedDict([('file_mode', 755)]), OrderedDict([('watch', [OrderedDict([('git', 'sift-scripts-keydet-tools-git')])])])])])), ('sift-scripts-keydet-tools-shebang-ff_signons.pl', OrderedDict([('file.replace', [OrderedDict([('name', '/usr/local/bin/ff_signons.pl')]), OrderedDict([('pattern', '#!(.*)')]), OrderedDict([('repl', '#!/usr/bin/env perl')]), OrderedDict([('count', 1)]), OrderedDict([('watch', [OrderedDict([('file', 'sift-scripts-keydet-tools-ff_signons.pl')])])])])])), ('sift-scripts-keydet-tools-ftkparse.pl', OrderedDict([('file.copy', [OrderedDict([('name', '/usr/local/bin/ftkparse.pl')]), OrderedDict([('source', '/usr/local/src/keydet-tools/source/ftkparse.pl')]), OrderedDict([('file_mode', 755)]), OrderedDict([('watch', [OrderedDict([('git', 'sift-scripts-keydet-tools-git')])])])])])), ('sift-scripts-keydet-tools-shebang-ftkparse.pl', OrderedDict([('file.replace', [OrderedDict([('name', '/usr/local/bin/ftkparse.pl')]), OrderedDict([('pattern', '#!(.*)')]), OrderedDict([('repl', '#!/usr/bin/env perl')]), OrderedDict([('count', 1)]), OrderedDict([('watch', [OrderedDict([('file', 'sift-scripts-keydet-tools-ftkparse.pl')])])])])])), ('sift-scripts-keydet-tools-idx.pl', OrderedDict([('file.copy', [OrderedDict([('name', '/usr/local/bin/idx.pl')]), OrderedDict([('source', '/usr/local/src/keydet-tools/source/idx.pl')]), OrderedDict([('file_mode', 755)]), OrderedDict([('watch', [OrderedDict([('git', 'sift-scripts-keydet-tools-git')])])])])])), ('sift-scripts-keydet-tools-shebang-idx.pl', OrderedDict([('file.replace', [OrderedDict([('name', '/usr/local/bin/idx.pl')]), OrderedDict([('pattern', '#!(.*)')]), OrderedDict([('repl', '#!/usr/bin/env perl')]), OrderedDict([('count', 1)]), OrderedDict([('watch', [OrderedDict([('file', 'sift-scripts-keydet-tools-idx.pl')])])])])])), ('sift-scripts-keydet-tools-idxparse.pl', OrderedDict([('file.copy', [OrderedDict([('name', '/usr/local/bin/idxparse.pl')]), OrderedDict([('source', '/usr/local/src/keydet-tools/source/idxparse.pl')]), OrderedDict([('file_mode', 755)]), OrderedDict([('watch', [OrderedDict([('git', 'sift-scripts-keydet-tools-git')])])])])])), ('sift-scripts-keydet-tools-shebang-idxparse.pl', OrderedDict([('file.replace', [OrderedDict([('name', '/usr/local/bin/idxparse.pl')]), OrderedDict([('pattern', '#!(.*)')]), OrderedDict([('repl', '#!/usr/bin/env perl')]), OrderedDict([('count', 1)]), OrderedDict([('watch', [OrderedDict([('file', 'sift-scripts-keydet-tools-idxparse.pl')])])])])])), ('sift-scripts-keydet-tools-jl.pl', OrderedDict([('file.copy', [OrderedDict([('name', '/usr/local/bin/jl.pl')]), OrderedDict([('source', '/usr/local/src/keydet-tools/source/jl.pl')]), OrderedDict([('file_mode', 755)]), OrderedDict([('watch', [OrderedDict([('git', 'sift-scripts-keydet-tools-git')])])])])])), ('sift-scripts-keydet-tools-shebang-jl.pl', OrderedDict([('file.replace', [OrderedDict([('name', '/usr/local/bin/jl.pl')]), OrderedDict([('pattern', '#!(.*)')]), OrderedDict([('repl', '#!/usr/bin/env perl')]), OrderedDict([('count', 1)]), OrderedDict([('watch', [OrderedDict([('file', 'sift-scripts-keydet-tools-jl.pl')])])])])])), ('sift-scripts-keydet-tools-jobparse.pl', OrderedDict([('file.copy', [OrderedDict([('name', '/usr/local/bin/jobparse.pl')]), OrderedDict([('source', '/usr/local/src/keydet-tools/source/jobparse.pl')]), OrderedDict([('file_mode', 755)]), OrderedDict([('watch', [OrderedDict([('git', 'sift-scripts-keydet-tools-git')])])])])])), ('sift-scripts-keydet-tools-shebang-jobparse.pl', OrderedDict([('file.replace', [OrderedDict([('name', '/usr/local/bin/jobparse.pl')]), OrderedDict([('pattern', '#!(.*)')]), OrderedDict([('repl', '#!/usr/bin/env perl')]), OrderedDict([('count', 1)]), OrderedDict([('watch', [OrderedDict([('file', 'sift-scripts-keydet-tools-jobparse.pl')])])])])])), ('sift-scripts-keydet-tools-lfle.pl', OrderedDict([('file.copy', [OrderedDict([('name', '/usr/local/bin/lfle.pl')]), OrderedDict([('source', '/usr/local/src/keydet-tools/source/lfle.pl')]), OrderedDict([('file_mode', 755)]), OrderedDict([('watch', [OrderedDict([('git', 'sift-scripts-keydet-tools-git')])])])])])), ('sift-scripts-keydet-tools-shebang-lfle.pl', OrderedDict([('file.replace', [OrderedDict([('name', '/usr/local/bin/lfle.pl')]), OrderedDict([('pattern', '#!(.*)')]), OrderedDict([('repl', '#!/usr/bin/env perl')]), OrderedDict([('count', 1)]), OrderedDict([('watch', [OrderedDict([('file', 'sift-scripts-keydet-tools-lfle.pl')])])])])])), ('sift-scripts-keydet-tools-lnk.pl', OrderedDict([('file.copy', [OrderedDict([('name', '/usr/local/bin/lnk.pl')]), OrderedDict([('source', '/usr/local/src/keydet-tools/source/lnk.pl')]), OrderedDict([('file_mode', 755)]), OrderedDict([('watch', [OrderedDict([('git', 'sift-scripts-keydet-tools-git')])])])])])), ('sift-scripts-keydet-tools-shebang-lnk.pl', OrderedDict([('file.replace', [OrderedDict([('name', '/usr/local/bin/lnk.pl')]), OrderedDict([('pattern', '#!(.*)')]), OrderedDict([('repl', '#!/usr/bin/env perl')]), OrderedDict([('count', 1)]), OrderedDict([('watch', [OrderedDict([('file', 'sift-scripts-keydet-tools-lnk.pl')])])])])])), ('sift-scripts-keydet-tools-mft.pl', OrderedDict([('file.copy', [OrderedDict([('name', '/usr/local/bin/mft.pl')]), OrderedDict([('source', '/usr/local/src/keydet-tools/source/mft.pl')]), OrderedDict([('file_mode', 755)]), OrderedDict([('watch', [OrderedDict([('git', 'sift-scripts-keydet-tools-git')])])])])])), ('sift-scripts-keydet-tools-shebang-mft.pl', OrderedDict([('file.replace', [OrderedDict([('name', '/usr/local/bin/mft.pl')]), OrderedDict([('pattern', '#!(.*)')]), OrderedDict([('repl', '#!/usr/bin/env perl')]), OrderedDict([('count', 1)]), OrderedDict([('watch', [OrderedDict([('file', 'sift-scripts-keydet-tools-mft.pl')])])])])])), ('sift-scripts-keydet-tools-parse.pl', OrderedDict([('file.copy', [OrderedDict([('name', '/usr/local/bin/parse.pl')]), OrderedDict([('source', '/usr/local/src/keydet-tools/source/parse.pl')]), OrderedDict([('file_mode', 755)]), OrderedDict([('watch', [OrderedDict([('git', 'sift-scripts-keydet-tools-git')])])])])])), ('sift-scripts-keydet-tools-shebang-parse.pl', OrderedDict([('file.replace', [OrderedDict([('name', '/usr/local/bin/parse.pl')]), OrderedDict([('pattern', '#!(.*)')]), OrderedDict([('repl', '#!/usr/bin/env perl')]), OrderedDict([('count', 1)]), OrderedDict([('watch', [OrderedDict([('file', 'sift-scripts-keydet-tools-parse.pl')])])])])])), ('sift-scripts-keydet-tools-parsei30.pl', OrderedDict([('file.copy', [OrderedDict([('name', '/usr/local/bin/parsei30.pl')]), OrderedDict([('source', '/usr/local/src/keydet-tools/source/parsei30.pl')]), OrderedDict([('file_mode', 755)]), OrderedDict([('watch', [OrderedDict([('git', 'sift-scripts-keydet-tools-git')])])])])])), ('sift-scripts-keydet-tools-shebang-parsei30.pl', OrderedDict([('file.replace', [OrderedDict([('name', '/usr/local/bin/parsei30.pl')]), OrderedDict([('pattern', '#!(.*)')]), OrderedDict([('repl', '#!/usr/bin/env perl')]), OrderedDict([('count', 1)]), OrderedDict([('watch', [OrderedDict([('file', 'sift-scripts-keydet-tools-parsei30.pl')])])])])])), ('sift-scripts-keydet-tools-parseie.pl', OrderedDict([('file.copy', [OrderedDict([('name', '/usr/local/bin/parseie.pl')]), OrderedDict([('source', '/usr/local/src/keydet-tools/source/parseie.pl')]), OrderedDict([('file_mode', 755)]), OrderedDict([('watch', [OrderedDict([('git', 'sift-scripts-keydet-tools-git')])])])])])), ('sift-scripts-keydet-tools-shebang-parseie.pl', OrderedDict([('file.replace', [OrderedDict([('name', '/usr/local/bin/parseie.pl')]), OrderedDict([('pattern', '#!(.*)')]), OrderedDict([('repl', '#!/usr/bin/env perl')]), OrderedDict([('count', 1)]), OrderedDict([('watch', [OrderedDict([('file', 'sift-scripts-keydet-tools-parseie.pl')])])])])])), ('sift-scripts-keydet-tools-pie.pl', OrderedDict([('file.copy', [OrderedDict([('name', '/usr/local/bin/pie.pl')]), OrderedDict([('source', '/usr/local/src/keydet-tools/source/pie.pl')]), OrderedDict([('file_mode', 755)]), OrderedDict([('watch', [OrderedDict([('git', 'sift-scripts-keydet-tools-git')])])])])])), ('sift-scripts-keydet-tools-shebang-pie.pl', OrderedDict([('file.replace', [OrderedDict([('name', '/usr/local/bin/pie.pl')]), OrderedDict([('pattern', '#!(.*)')]), OrderedDict([('repl', '#!/usr/bin/env perl')]), OrderedDict([('count', 1)]), OrderedDict([('watch', [OrderedDict([('file', 'sift-scripts-keydet-tools-pie.pl')])])])])])), ('sift-scripts-keydet-tools-pref.pl', OrderedDict([('file.copy', [OrderedDict([('name', '/usr/local/bin/pref.pl')]), OrderedDict([('source', '/usr/local/src/keydet-tools/source/pref.pl')]), OrderedDict([('file_mode', 755)]), OrderedDict([('watch', [OrderedDict([('git', 'sift-scripts-keydet-tools-git')])])])])])), ('sift-scripts-keydet-tools-shebang-pref.pl', OrderedDict([('file.replace', [OrderedDict([('name', '/usr/local/bin/pref.pl')]), OrderedDict([('pattern', '#!(.*)')]), OrderedDict([('repl', '#!/usr/bin/env perl')]), OrderedDict([('count', 1)]), OrderedDict([('watch', [OrderedDict([('file', 'sift-scripts-keydet-tools-pref.pl')])])])])])), ('sift-scripts-keydet-tools-rawie.pl', OrderedDict([('file.copy', [OrderedDict([('name', '/usr/local/bin/rawie.pl')]), OrderedDict([('source', '/usr/local/src/keydet-tools/source/rawie.pl')]), OrderedDict([('file_mode', 755)]), OrderedDict([('watch', [OrderedDict([('git', 'sift-scripts-keydet-tools-git')])])])])])), ('sift-scripts-keydet-tools-shebang-rawie.pl', OrderedDict([('file.replace', [OrderedDict([('name', '/usr/local/bin/rawie.pl')]), OrderedDict([('pattern', '#!(.*)')]), OrderedDict([('repl', '#!/usr/bin/env perl')]), OrderedDict([('count', 1)]), OrderedDict([('watch', [OrderedDict([('file', 'sift-scripts-keydet-tools-rawie.pl')])])])])])), ('sift-scripts-keydet-tools-recbin.pl', OrderedDict([('file.copy', [OrderedDict([('name', '/usr/local/bin/recbin.pl')]), OrderedDict([('source', '/usr/local/src/keydet-tools/source/recbin.pl')]), OrderedDict([('file_mode', 755)]), OrderedDict([('watch', [OrderedDict([('git', 'sift-scripts-keydet-tools-git')])])])])])), ('sift-scripts-keydet-tools-shebang-recbin.pl', OrderedDict([('file.replace', [OrderedDict([('name', '/usr/local/bin/recbin.pl')]), OrderedDict([('pattern', '#!(.*)')]), OrderedDict([('repl', '#!/usr/bin/env perl')]), OrderedDict([('count', 1)]), OrderedDict([('watch', [OrderedDict([('file', 'sift-scripts-keydet-tools-recbin.pl')])])])])])), ('sift-scripts-keydet-tools-regslack.pl', OrderedDict([('file.copy', [OrderedDict([('name', '/usr/local/bin/regslack.pl')]), OrderedDict([('source', '/usr/local/src/keydet-tools/source/regslack.pl')]), OrderedDict([('file_mode', 755)]), OrderedDict([('watch', [OrderedDict([('git', 'sift-scripts-keydet-tools-git')])])])])])), ('sift-scripts-keydet-tools-shebang-regslack.pl', OrderedDict([('file.replace', [OrderedDict([('name', '/usr/local/bin/regslack.pl')]), OrderedDict([('pattern', '#!(.*)')]), OrderedDict([('repl', '#!/usr/bin/env perl')]), OrderedDict([('count', 1)]), OrderedDict([('watch', [OrderedDict([('file', 'sift-scripts-keydet-tools-regslack.pl')])])])])])), ('sift-scripts-keydet-tools-regtime.pl', OrderedDict([('file.copy', [OrderedDict([('name', '/usr/local/bin/regtime.pl')]), OrderedDict([('source', '/usr/local/src/keydet-tools/source/regtime.pl')]), OrderedDict([('file_mode', 755)]), OrderedDict([('watch', [OrderedDict([('git', 'sift-scripts-keydet-tools-git')])])])])])), ('sift-scripts-keydet-tools-shebang-regtime.pl', OrderedDict([('file.replace', [OrderedDict([('name', '/usr/local/bin/regtime.pl')]), OrderedDict([('pattern', '#!(.*)')]), OrderedDict([('repl', '#!/usr/bin/env perl')]), OrderedDict([('count', 1)]), OrderedDict([('watch', [OrderedDict([('file', 'sift-scripts-keydet-tools-regtime.pl')])])])])])), ('sift-scripts-keydet-tools-rfc.pl', OrderedDict([('file.copy', [OrderedDict([('name', '/usr/local/bin/rfc.pl')]), OrderedDict([('source', '/usr/local/src/keydet-tools/source/rfc.pl')]), OrderedDict([('file_mode', 755)]), OrderedDict([('watch', [OrderedDict([('git', 'sift-scripts-keydet-tools-git')])])])])])), ('sift-scripts-keydet-tools-shebang-rfc.pl', OrderedDict([('file.replace', [OrderedDict([('name', '/usr/local/bin/rfc.pl')]), OrderedDict([('pattern', '#!(.*)')]), OrderedDict([('repl', '#!/usr/bin/env perl')]), OrderedDict([('count', 1)]), OrderedDict([('watch', [OrderedDict([('file', 'sift-scripts-keydet-tools-rfc.pl')])])])])])), ('sift-scripts-keydet-tools-rlo.pl', OrderedDict([('file.copy', [OrderedDict([('name', '/usr/local/bin/rlo.pl')]), OrderedDict([('source', '/usr/local/src/keydet-tools/source/rlo.pl')]), OrderedDict([('file_mode', 755)]), OrderedDict([('watch', [OrderedDict([('git', 'sift-scripts-keydet-tools-git')])])])])])), ('sift-scripts-keydet-tools-shebang-rlo.pl', OrderedDict([('file.replace', [OrderedDict([('name', '/usr/local/bin/rlo.pl')]), OrderedDict([('pattern', '#!(.*)')]), OrderedDict([('repl', '#!/usr/bin/env perl')]), OrderedDict([('count', 1)]), OrderedDict([('watch', [OrderedDict([('file', 'sift-scripts-keydet-tools-rlo.pl')])])])])])), ('sift-scripts-keydet-tools-tln.pl', OrderedDict([('file.copy', [OrderedDict([('name', '/usr/local/bin/tln.pl')]), OrderedDict([('source', '/usr/local/src/keydet-tools/source/tln.pl')]), OrderedDict([('file_mode', 755)]), OrderedDict([('watch', [OrderedDict([('git', 'sift-scripts-keydet-tools-git')])])])])])), ('sift-scripts-keydet-tools-shebang-tln.pl', OrderedDict([('file.replace', [OrderedDict([('name', '/usr/local/bin/tln.pl')]), OrderedDict([('pattern', '#!(.*)')]), OrderedDict([('repl', '#!/usr/bin/env perl')]), OrderedDict([('count', 1)]), OrderedDict([('watch', [OrderedDict([('file', 'sift-scripts-keydet-tools-tln.pl')])])])])])), ('sift-scripts-keydet-tools-usnj.pl', OrderedDict([('file.copy', [OrderedDict([('name', '/usr/local/bin/usnj.pl')]), OrderedDict([('source', '/usr/local/src/keydet-tools/source/usnj.pl')]), OrderedDict([('file_mode', 755)]), OrderedDict([('watch', [OrderedDict([('git', 'sift-scripts-keydet-tools-git')])])])])])), ('sift-scripts-keydet-tools-shebang-usnj.pl', OrderedDict([('file.replace', [OrderedDict([('name', '/usr/local/bin/usnj.pl')]), OrderedDict([('pattern', '#!(.*)')]), OrderedDict([('repl', '#!/usr/bin/env perl')]), OrderedDict([('count', 1)]), OrderedDict([('watch', [OrderedDict([('file', 'sift-scripts-keydet-tools-usnj.pl')])])])])]))]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/scripts/keydet-tools.sls' using 'yaml' renderer: 0.11203122139 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/scripts/packerid.sls' to resolve 'salt://sift/scripts/packerid.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/scripts/packerid.sls' to resolve 'salt://sift/scripts/packerid.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/scripts/packerid.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/scripts/packerid.sls' using 'jinja' renderer: 0.00183296203613 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/scripts/packerid.sls: include: - sift.packages.python - sift.python-packages.pefile # Source: https://github.com/sooshie/packerid # License: Unknown sift-scripts-packerid: file.managed: - name: /usr/local/bin/packerid.py - source: https://raw.githubusercontent.com/sooshie/packerid/7b2ee6ef57db903bf356fd342c8ca998abdb68cd/packerid.py - source_hash: sha256=be589d4cbe70ecdc3424a6da48d8fc24630d51a6ebf92e5328b36e39423eb038 - mode: 755 - require: - sls: sift.packages.python - sls: sift.python-packages.pefile sift-scripts-packerid-shebang: file.replace: - name: /usr/local/bin/packerid.py - pattern: '#!/usr/local/bin/python' - repl: '#!/usr/bin/env python' - count: 1 - watch: - file: sift-scripts-packerid # [DEBUG ] Results of YAML rendering: OrderedDict([('include', ['sift.packages.python', 'sift.python-packages.pefile']), ('sift-scripts-packerid', OrderedDict([('file.managed', [OrderedDict([('name', '/usr/local/bin/packerid.py')]), OrderedDict([('source', 'https://raw.githubusercontent.com/sooshie/packerid/7b2ee6ef57db903bf356fd342c8ca998abdb68cd/packerid.py')]), OrderedDict([('source_hash', 'sha256=be589d4cbe70ecdc3424a6da48d8fc24630d51a6ebf92e5328b36e39423eb038')]), OrderedDict([('mode', 755)]), OrderedDict([('require', [OrderedDict([('sls', 'sift.packages.python')]), OrderedDict([('sls', 'sift.python-packages.pefile')])])])])])), ('sift-scripts-packerid-shebang', OrderedDict([('file.replace', [OrderedDict([('name', '/usr/local/bin/packerid.py')]), OrderedDict([('pattern', '#!/usr/local/bin/python')]), OrderedDict([('repl', '#!/usr/bin/env python')]), OrderedDict([('count', 1)]), OrderedDict([('watch', [OrderedDict([('file', 'sift-scripts-packerid')])])])])]))]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/scripts/packerid.sls' using 'yaml' renderer: 0.00498700141907 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/scripts/page-brute.sls' to resolve 'salt://sift/scripts/page-brute.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/scripts/page-brute.sls' to resolve 'salt://sift/scripts/page-brute.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/scripts/page-brute.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/scripts/page-brute.sls' using 'jinja' renderer: 0.000855922698975 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/scripts/page-brute.sls: scripts-page-brute: file.recurse: - name: /usr/local/bin - source: salt://sift/files/page-brute - file_mode: 755 - include_pat: '*.py' # [DEBUG ] Results of YAML rendering: OrderedDict([('scripts-page-brute', OrderedDict([('file.recurse', [OrderedDict([('name', '/usr/local/bin')]), OrderedDict([('source', 'salt://sift/files/page-brute')]), OrderedDict([('file_mode', 755)]), OrderedDict([('include_pat', '*.py')])])]))]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/scripts/page-brute.sls' using 'yaml' renderer: 0.00226306915283 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/scripts/parseusn.sls' to resolve 'salt://sift/scripts/parseusn.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/scripts/parseusn.sls' to resolve 'salt://sift/scripts/parseusn.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/scripts/parseusn.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/scripts/parseusn.sls' using 'jinja' renderer: 0.00177216529846 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/scripts/parseusn.sls: include: - sift.packages.python # Source: https://github.com/superponible/DFIR/ # License: MIT Open Source License (http://opensource.org/licenses/mit-license.php) sift-scripts-parseusn: file.managed: - name: /usr/local/bin/parseusn.py - source: https://raw.githubusercontent.com/superponible/DFIR/master/parseusn.py - source_hash: sha256=4540eba4cdddcb0eab1bc21ccea6a6ab7c010936909bb233807dc9bf4189ab10 - mode: 755 # [DEBUG ] Results of YAML rendering: OrderedDict([('include', ['sift.packages.python']), ('sift-scripts-parseusn', OrderedDict([('file.managed', [OrderedDict([('name', '/usr/local/bin/parseusn.py')]), OrderedDict([('source', 'https://raw.githubusercontent.com/superponible/DFIR/master/parseusn.py')]), OrderedDict([('source_hash', 'sha256=4540eba4cdddcb0eab1bc21ccea6a6ab7c010936909bb233807dc9bf4189ab10')]), OrderedDict([('mode', 755)])])]))]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/scripts/parseusn.sls' using 'yaml' renderer: 0.0020649433136 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/scripts/pdf-tools.sls' to resolve 'salt://sift/scripts/pdf-tools.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/scripts/pdf-tools.sls' to resolve 'salt://sift/scripts/pdf-tools.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/scripts/pdf-tools.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/scripts/pdf-tools.sls' using 'jinja' renderer: 0.000757217407227 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/scripts/pdf-tools.sls: scripts-pdf-tools: file.recurse: - name: /usr/local/bin - source: salt://sift/files/pdf-tools - file_mode: 755 # [DEBUG ] Results of YAML rendering: OrderedDict([('scripts-pdf-tools', OrderedDict([('file.recurse', [OrderedDict([('name', '/usr/local/bin')]), OrderedDict([('source', 'salt://sift/files/pdf-tools')]), OrderedDict([('file_mode', 755)])])]))]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/scripts/pdf-tools.sls' using 'yaml' renderer: 0.0013439655304 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/scripts/pe-carver.sls' to resolve 'salt://sift/scripts/pe-carver.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/scripts/pe-carver.sls' to resolve 'salt://sift/scripts/pe-carver.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/scripts/pe-carver.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/scripts/pe-carver.sls' using 'jinja' renderer: 0.00183796882629 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/scripts/pe-carver.sls: include: - sift.python-packages.bitstring - sift.python-packages.pefile # Source: https://github.com/Rurik/PE_Carver # License: No Specified sift-scripts-pecarve: file.managed: - name: /usr/local/bin/pecarve.py - source: https://raw.githubusercontent.com/Rurik/PE_Carver/9026cd2ca4bd0633f9898a93cb798cd19cffc8f6/pe_carve.py - source_hash: sha256=6b245decadde4652ff6d1e2b24f6496dd252bee4bf57e7c934fbb9c9f21df849 - mode: 755 - require: - sls: sift.python-packages.bitstring - sls: sift.python-packages.pefile sift-scripts-pecarve-shebang: file.prepend: - name: /usr/local/bin/pecarve.py - text: '#!/usr/bin/env python' - watch: - file: sift-scripts-pecarve # [DEBUG ] Results of YAML rendering: OrderedDict([('include', ['sift.python-packages.bitstring', 'sift.python-packages.pefile']), ('sift-scripts-pecarve', OrderedDict([('file.managed', [OrderedDict([('name', '/usr/local/bin/pecarve.py')]), OrderedDict([('source', 'https://raw.githubusercontent.com/Rurik/PE_Carver/9026cd2ca4bd0633f9898a93cb798cd19cffc8f6/pe_carve.py')]), OrderedDict([('source_hash', 'sha256=6b245decadde4652ff6d1e2b24f6496dd252bee4bf57e7c934fbb9c9f21df849')]), OrderedDict([('mode', 755)]), OrderedDict([('require', [OrderedDict([('sls', 'sift.python-packages.bitstring')]), OrderedDict([('sls', 'sift.python-packages.pefile')])])])])])), ('sift-scripts-pecarve-shebang', OrderedDict([('file.prepend', [OrderedDict([('name', '/usr/local/bin/pecarve.py')]), OrderedDict([('text', '#!/usr/bin/env python')]), OrderedDict([('watch', [OrderedDict([('file', 'sift-scripts-pecarve')])])])])]))]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/scripts/pe-carver.sls' using 'yaml' renderer: 0.00480699539185 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/scripts/pescanner.sls' to resolve 'salt://sift/scripts/pescanner.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/scripts/pescanner.sls' to resolve 'salt://sift/scripts/pescanner.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/scripts/pescanner.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/scripts/pescanner.sls' using 'jinja' renderer: 0.00174689292908 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/scripts/pescanner.sls: include: - sift.python-packages.pefile # Source: https://github.com/hiddenillusion/AnalyzePE/ # License: Unknown sift-scripts-pescanner: file.managed: - name: /usr/local/bin/pescanner.py - source: https://raw.githubusercontent.com/hiddenillusion/AnalyzePE/9c76ecbc3ac417bc07439c244f2d5ed19af06578/pescanner.py - source_hash: sha256=0c4e2a8916df3de0bde67ef47543db6f6068b267fa2b665667a52bc6002e6529 - mode: 755 - require: - pip: pefile # [DEBUG ] Results of YAML rendering: OrderedDict([('include', ['sift.python-packages.pefile']), ('sift-scripts-pescanner', OrderedDict([('file.managed', [OrderedDict([('name', '/usr/local/bin/pescanner.py')]), OrderedDict([('source', 'https://raw.githubusercontent.com/hiddenillusion/AnalyzePE/9c76ecbc3ac417bc07439c244f2d5ed19af06578/pescanner.py')]), OrderedDict([('source_hash', 'sha256=0c4e2a8916df3de0bde67ef47543db6f6068b267fa2b665667a52bc6002e6529')]), OrderedDict([('mode', 755)]), OrderedDict([('require', [OrderedDict([('pip', 'pefile')])])])])]))]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/scripts/pescanner.sls' using 'yaml' renderer: 0.00259709358215 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/scripts/regripper.sls' to resolve 'salt://sift/scripts/regripper.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/scripts/regripper.sls' to resolve 'salt://sift/scripts/regripper.sls' # [DEBUG ] Fetching file from saltenv 'base', ** attempting ** 'salt://sift/scripts/regripper.sls' # [DEBUG ] No dest file found # [INFO ] Fetching file from saltenv 'base', ** done ** 'sift/scripts/regripper.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/scripts/regripper.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/scripts/regripper.sls' using 'jinja' renderer: 0.00200295448303 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/scripts/regripper.sls: include: - sift.packages.git - sift.packages.libparse-win32registry-perl sift-scripts-regripper-git: git.latest: - name: https://github.com/keydet89/RegRipper2.8.git - target: /usr/local/src/regripper - user: root - rev: master - force_clone: True - force_reset: True - require: - pkg: git sift-scripts-regripper-directory: file.directory: - name: /usr/local/share/regripper - makedirs: True - file_mode: 644 - require: - git: sift-scripts-regripper-git sift-scripts-regripper-binary: file.managed: - name: /usr/local/share/regripper/rip.pl - source: salt://sift/files/regripper/rip.pl - mode: 755 - require: - git: sift-scripts-regripper-git - pkg: libparse-win32registry-perl sift-scripts-regripper-plugins-symlink: file.symlink: - name: /usr/local/share/regripper/plugins - target: /usr/local/src/regripper/plugins - require: - git: sift-scripts-regripper-git - file: sift-scripts-regripper-directory sift-scripts-regripper-binary-symlink: file.symlink: - name: /usr/local/bin/rip.pl - target: /usr/local/share/regripper/rip.pl - mode: 755 - require: - file: sift-scripts-regripper-binary sift-scripts-regripper-plugins-all: cmd.wait: - name: "grep -R \"my %config = (hive\" /usr/local/share/regripper/plugins | grep \"All\" | cut -f1 -d: | xargs -n1 -I{} basename {} | sed 's/.pl$//' > /usr/local/share/regripper/plugins/all" - watch: - git: sift-scripts-regripper-git sift-scripts-regripper-plugins-ntuser: cmd.wait: - name: "grep -R \"my %config = (hive\" /usr/local/share/regripper/plugins | grep \"NTUSER\" | cut -f1 -d: | xargs -n1 -I{} basename {} | sed 's/.pl$//' > /usr/local/share/regripper/plugins/ntuser" - watch: - git: sift-scripts-regripper-git sift-scripts-regripper-plugins-usrclass: cmd.wait: - name: "grep -R \"my %config = (hive\" /usr/local/share/regripper/plugins | grep \"USRCLASS\" | cut -f1 -d: | xargs -n1 -I{} basename {} | sed 's/.pl$//' > /usr/local/share/regripper/plugins/usrclass" - watch: - git: sift-scripts-regripper-git sift-scripts-regripper-plugins-sam: cmd.wait: - name: "grep -R \"my %config = (hive\" /usr/local/share/regripper/plugins | grep \"SAM\" | cut -f1 -d: | xargs -n1 -I{} basename {} | sed 's/.pl$//' > /usr/local/share/regripper/plugins/sam" - watch: - git: sift-scripts-regripper-git sift-scripts-regripper-plugins-security: cmd.wait: - name: "grep -R \"my %config = (hive\" /usr/local/share/regripper/plugins | grep \"Security\" | cut -f1 -d: | xargs -n1 -I{} basename {} | sed 's/.pl$//' > /usr/local/share/regripper/plugins/security" - watch: - git: sift-scripts-regripper-git sift-scripts-regripper-plugins-software: cmd.wait: - name: "grep -R \"my %config = (hive\" /usr/local/share/regripper/plugins | grep \"Software\" | cut -f1 -d: | xargs -n1 -I{} basename {} | sed 's/.pl$//' > /usr/local/share/regripper/plugins/software" - watch: - git: sift-scripts-regripper-git sift-scripts-regripper-plugins-system: cmd.wait: - name: "grep -R \"my %config = (hive\" /usr/local/share/regripper/plugins | grep \"System\" | cut -f1 -d: | xargs -n1 -I{} basename {} | sed 's/.pl$//' > /usr/local/share/regripper/plugins/system" - watch: - git: sift-scripts-regripper-git # [DEBUG ] Results of YAML rendering: OrderedDict([('include', ['sift.packages.git', 'sift.packages.libparse-win32registry-perl']), ('sift-scripts-regripper-git', OrderedDict([('git.latest', [OrderedDict([('name', 'https://github.com/keydet89/RegRipper2.8.git')]), OrderedDict([('target', '/usr/local/src/regripper')]), OrderedDict([('user', 'root')]), OrderedDict([('rev', 'master')]), OrderedDict([('force_clone', True)]), OrderedDict([('force_reset', True)]), OrderedDict([('require', [OrderedDict([('pkg', 'git')])])])])])), ('sift-scripts-regripper-directory', OrderedDict([('file.directory', [OrderedDict([('name', '/usr/local/share/regripper')]), OrderedDict([('makedirs', True)]), OrderedDict([('file_mode', 644)]), OrderedDict([('require', [OrderedDict([('git', 'sift-scripts-regripper-git')])])])])])), ('sift-scripts-regripper-binary', OrderedDict([('file.managed', [OrderedDict([('name', '/usr/local/share/regripper/rip.pl')]), OrderedDict([('source', 'salt://sift/files/regripper/rip.pl')]), OrderedDict([('mode', 755)]), OrderedDict([('require', [OrderedDict([('git', 'sift-scripts-regripper-git')]), OrderedDict([('pkg', 'libparse-win32registry-perl')])])])])])), ('sift-scripts-regripper-plugins-symlink', OrderedDict([('file.symlink', [OrderedDict([('name', '/usr/local/share/regripper/plugins')]), OrderedDict([('target', '/usr/local/src/regripper/plugins')]), OrderedDict([('require', [OrderedDict([('git', 'sift-scripts-regripper-git')]), OrderedDict([('file', 'sift-scripts-regripper-directory')])])])])])), ('sift-scripts-regripper-binary-symlink', OrderedDict([('file.symlink', [OrderedDict([('name', '/usr/local/bin/rip.pl')]), OrderedDict([('target', '/usr/local/share/regripper/rip.pl')]), OrderedDict([('mode', 755)]), OrderedDict([('require', [OrderedDict([('file', 'sift-scripts-regripper-binary')])])])])])), ('sift-scripts-regripper-plugins-all', OrderedDict([('cmd.wait', [OrderedDict([('name', 'grep -R "my %config = (hive" /usr/local/share/regripper/plugins | grep "All" | cut -f1 -d: | xargs -n1 -I{} basename {} | sed \'s/.pl$//\' > /usr/local/share/regripper/plugins/all')]), OrderedDict([('watch', [OrderedDict([('git', 'sift-scripts-regripper-git')])])])])])), ('sift-scripts-regripper-plugins-ntuser', OrderedDict([('cmd.wait', [OrderedDict([('name', 'grep -R "my %config = (hive" /usr/local/share/regripper/plugins | grep "NTUSER" | cut -f1 -d: | xargs -n1 -I{} basename {} | sed \'s/.pl$//\' > /usr/local/share/regripper/plugins/ntuser')]), OrderedDict([('watch', [OrderedDict([('git', 'sift-scripts-regripper-git')])])])])])), ('sift-scripts-regripper-plugins-usrclass', OrderedDict([('cmd.wait', [OrderedDict([('name', 'grep -R "my %config = (hive" /usr/local/share/regripper/plugins | grep "USRCLASS" | cut -f1 -d: | xargs -n1 -I{} basename {} | sed \'s/.pl$//\' > /usr/local/share/regripper/plugins/usrclass')]), OrderedDict([('watch', [OrderedDict([('git', 'sift-scripts-regripper-git')])])])])])), ('sift-scripts-regripper-plugins-sam', OrderedDict([('cmd.wait', [OrderedDict([('name', 'grep -R "my %config = (hive" /usr/local/share/regripper/plugins | grep "SAM" | cut -f1 -d: | xargs -n1 -I{} basename {} | sed \'s/.pl$//\' > /usr/local/share/regripper/plugins/sam')]), OrderedDict([('watch', [OrderedDict([('git', 'sift-scripts-regripper-git')])])])])])), ('sift-scripts-regripper-plugins-security', OrderedDict([('cmd.wait', [OrderedDict([('name', 'grep -R "my %config = (hive" /usr/local/share/regripper/plugins | grep "Security" | cut -f1 -d: | xargs -n1 -I{} basename {} | sed \'s/.pl$//\' > /usr/local/share/regripper/plugins/security')]), OrderedDict([('watch', [OrderedDict([('git', 'sift-scripts-regripper-git')])])])])])), ('sift-scripts-regripper-plugins-software', OrderedDict([('cmd.wait', [OrderedDict([('name', 'grep -R "my %config = (hive" /usr/local/share/regripper/plugins | grep "Software" | cut -f1 -d: | xargs -n1 -I{} basename {} | sed \'s/.pl$//\' > /usr/local/share/regripper/plugins/software')]), OrderedDict([('watch', [OrderedDict([('git', 'sift-scripts-regripper-git')])])])])])), ('sift-scripts-regripper-plugins-system', OrderedDict([('cmd.wait', [OrderedDict([('name', 'grep -R "my %config = (hive" /usr/local/share/regripper/plugins | grep "System" | cut -f1 -d: | xargs -n1 -I{} basename {} | sed \'s/.pl$//\' > /usr/local/share/regripper/plugins/system')]), OrderedDict([('watch', [OrderedDict([('git', 'sift-scripts-regripper-git')])])])])]))]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/scripts/regripper.sls' using 'yaml' renderer: 0.0185120105743 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/scripts/shim-cache-parser.sls' to resolve 'salt://sift/scripts/shim-cache-parser.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/scripts/shim-cache-parser.sls' to resolve 'salt://sift/scripts/shim-cache-parser.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/scripts/shim-cache-parser.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/scripts/shim-cache-parser.sls' using 'jinja' renderer: 0.00248908996582 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/scripts/shim-cache-parser.sls: include: - sift.python-packages.python-registry # Source: https://github.com/mandiant/ShimCacheParser # License: Apache 2 (https://github.com/mandiant/ShimCacheParser/blob/master/LICENSE) sift-scripts-shim-cache-parser: file.managed: - name: /usr/local/bin/ShimCacheParser.py - source: https://raw.githubusercontent.com/mandiant/ShimCacheParser/d7c517af9f3b09b810c5859ee52a6540f3b25855/ShimCacheParser.py - source_hash: sha256=61e75e485c0efc862e7b1c7746a493ca944afcf3e96512fb864706089f89d9aa - mode: 755 - require: - sls: sift.python-packages.python-registry sift-scripts-shim-cache-parser-shebang: file.prepend: - name: /usr/local/bin/ShimCacheParser.py - text: '#!/usr/bin/env python' - watch: - file: sift-scripts-shim-cache-parser # [DEBUG ] Results of YAML rendering: OrderedDict([('include', ['sift.python-packages.python-registry']), ('sift-scripts-shim-cache-parser', OrderedDict([('file.managed', [OrderedDict([('name', '/usr/local/bin/ShimCacheParser.py')]), OrderedDict([('source', 'https://raw.githubusercontent.com/mandiant/ShimCacheParser/d7c517af9f3b09b810c5859ee52a6540f3b25855/ShimCacheParser.py')]), OrderedDict([('source_hash', 'sha256=61e75e485c0efc862e7b1c7746a493ca944afcf3e96512fb864706089f89d9aa')]), OrderedDict([('mode', 755)]), OrderedDict([('require', [OrderedDict([('sls', 'sift.python-packages.python-registry')])])])])])), ('sift-scripts-shim-cache-parser-shebang', OrderedDict([('file.prepend', [OrderedDict([('name', '/usr/local/bin/ShimCacheParser.py')]), OrderedDict([('text', '#!/usr/bin/env python')]), OrderedDict([('watch', [OrderedDict([('file', 'sift-scripts-shim-cache-parser')])])])])]))]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/scripts/shim-cache-parser.sls' using 'yaml' renderer: 0.00381708145142 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/scripts/sift.sls' to resolve 'salt://sift/scripts/sift.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/scripts/sift.sls' to resolve 'salt://sift/scripts/sift.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/scripts/sift.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/scripts/sift.sls' using 'jinja' renderer: 0.00321507453918 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/scripts/sift.sls: scripts-sift-resources-resources: file.directory: - name: /usr/share/sift/resources - user: root - group: root - makedirs: true - require_in: - file: sift-resources scripts-sift-resources-images: file.directory: - name: /usr/share/sift/images - user: root - group: root - makedirs: true - require_in: - file: sift-resources scripts-sift-resources-audio: file.directory: - name: /usr/share/sift/audio - user: root - group: root - makedirs: true - require_in: - file: sift-resources scripts-sift-resources-other: file.directory: - name: /usr/share/sift/other - user: root - group: root - makedirs: true - require_in: - file: sift-resources scripts-sift-resources-scripts: file.directory: - name: /usr/share/sift/scripts - user: root - group: root - makedirs: true - require_in: - file: sift-resources sift-resources: file.recurse: - name: /usr/share/sift - source: salt://sift/files/sift # [DEBUG ] Results of YAML rendering: OrderedDict([('scripts-sift-resources-resources', OrderedDict([('file.directory', [OrderedDict([('name', '/usr/share/sift/resources')]), OrderedDict([('user', 'root')]), OrderedDict([('group', 'root')]), OrderedDict([('makedirs', True)]), OrderedDict([('require_in', [OrderedDict([('file', 'sift-resources')])])])])])), ('scripts-sift-resources-images', OrderedDict([('file.directory', [OrderedDict([('name', '/usr/share/sift/images')]), OrderedDict([('user', 'root')]), OrderedDict([('group', 'root')]), OrderedDict([('makedirs', True)]), OrderedDict([('require_in', [OrderedDict([('file', 'sift-resources')])])])])])), ('scripts-sift-resources-audio', OrderedDict([('file.directory', [OrderedDict([('name', '/usr/share/sift/audio')]), OrderedDict([('user', 'root')]), OrderedDict([('group', 'root')]), OrderedDict([('makedirs', True)]), OrderedDict([('require_in', [OrderedDict([('file', 'sift-resources')])])])])])), ('scripts-sift-resources-other', OrderedDict([('file.directory', [OrderedDict([('name', '/usr/share/sift/other')]), OrderedDict([('user', 'root')]), OrderedDict([('group', 'root')]), OrderedDict([('makedirs', True)]), OrderedDict([('require_in', [OrderedDict([('file', 'sift-resources')])])])])])), ('scripts-sift-resources-scripts', OrderedDict([('file.directory', [OrderedDict([('name', '/usr/share/sift/scripts')]), OrderedDict([('user', 'root')]), OrderedDict([('group', 'root')]), OrderedDict([('makedirs', True)]), OrderedDict([('require_in', [OrderedDict([('file', 'sift-resources')])])])])])), ('sift-resources', OrderedDict([('file.recurse', [OrderedDict([('name', '/usr/share/sift')]), OrderedDict([('source', 'salt://sift/files/sift')])])]))]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/scripts/sift.sls' using 'yaml' renderer: 0.0200400352478 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/scripts/sorter.sls' to resolve 'salt://sift/scripts/sorter.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/scripts/sorter.sls' to resolve 'salt://sift/scripts/sorter.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/scripts/sorter.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/scripts/sorter.sls' using 'jinja' renderer: 0.000938177108765 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/scripts/sorter.sls: scripts-sorter-directory: file.directory: - name: /usr/share/tsk/sorter - makedirs: true scripts-sorter-files: file.recurse: - name: /usr/share/tsk/sorter - source: salt://sift/files/sorter - file_mode: 644 - require: - file: scripts-sorter-directory # [DEBUG ] Results of YAML rendering: OrderedDict([('scripts-sorter-directory', OrderedDict([('file.directory', [OrderedDict([('name', '/usr/share/tsk/sorter')]), OrderedDict([('makedirs', True)])])])), ('scripts-sorter-files', OrderedDict([('file.recurse', [OrderedDict([('name', '/usr/share/tsk/sorter')]), OrderedDict([('source', 'salt://sift/files/sorter')]), OrderedDict([('file_mode', 644)]), OrderedDict([('require', [OrderedDict([('file', 'scripts-sorter-directory')])])])])]))]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/scripts/sorter.sls' using 'yaml' renderer: 0.00260400772095 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/scripts/sqlparser.sls' to resolve 'salt://sift/scripts/sqlparser.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/scripts/sqlparser.sls' to resolve 'salt://sift/scripts/sqlparser.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/scripts/sqlparser.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/scripts/sqlparser.sls' using 'jinja' renderer: 0.00157189369202 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/scripts/sqlparser.sls: # Source: https://github.com/mdegrazia/SQLite-Deleted-Records-Parser # License: Not Specified sift-scripts-sqlparser: file.managed: - name: /usr/local/bin/sqlparser.py - source: https://github.com/mdegrazia/SQLite-Deleted-Records-Parser/releases/download/v.1.1/sqlparse_v1.1.py - source_hash: sha256=0bb28498141380821d5adc43cc3557ce6a96aeb8a33c414a48e3ccc2a1aad8c9 - mode: 755 sift-scripts-sqlparser-shebang: file.prepend: - name: /usr/local/bin/sqlparser.py - text: '#!/usr/bin/env python' - watch: - file: sift-scripts-sqlparser # [DEBUG ] Results of YAML rendering: OrderedDict([('sift-scripts-sqlparser', OrderedDict([('file.managed', [OrderedDict([('name', '/usr/local/bin/sqlparser.py')]), OrderedDict([('source', 'https://github.com/mdegrazia/SQLite-Deleted-Records-Parser/releases/download/v.1.1/sqlparse_v1.1.py')]), OrderedDict([('source_hash', 'sha256=0bb28498141380821d5adc43cc3557ce6a96aeb8a33c414a48e3ccc2a1aad8c9')]), OrderedDict([('mode', 755)])])])), ('sift-scripts-sqlparser-shebang', OrderedDict([('file.prepend', [OrderedDict([('name', '/usr/local/bin/sqlparser.py')]), OrderedDict([('text', '#!/usr/bin/env python')]), OrderedDict([('watch', [OrderedDict([('file', 'sift-scripts-sqlparser')])])])])]))]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/scripts/sqlparser.sls' using 'yaml' renderer: 0.00306487083435 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/scripts/usbdeviceforensics.sls' to resolve 'salt://sift/scripts/usbdeviceforensics.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/scripts/usbdeviceforensics.sls' to resolve 'salt://sift/scripts/usbdeviceforensics.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/scripts/usbdeviceforensics.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/scripts/usbdeviceforensics.sls' using 'jinja' renderer: 0.00181698799133 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/scripts/usbdeviceforensics.sls: # Source: https://github.com/woanware/usbdeviceforensics # License: Unknown sift-scripts-usbdeviceforensics: file.managed: - name: /usr/local/bin/usbdeviceforensics.py - source: https://raw.githubusercontent.com/woanware/usbdeviceforensics/5a0705d5beca09eab2fd5a47a52240dbc0db5bc9/usbdeviceforensics.py - source_hash: sha256=cc643ae2ccd7b772f6d8a2abaa0e9dd33514c60328c5bc3b7d60bb69398b9637 - mode: 755 sift-scripts-usbdeviceforensics-shebang: file.replace: - name: /usr/local/bin/usbdeviceforensics.py - pattern: '#!/usr/bin/python' - repl: '#!/usr/bin/env python' - count: 1 - watch: - file: sift-scripts-usbdeviceforensics # [DEBUG ] Results of YAML rendering: OrderedDict([('sift-scripts-usbdeviceforensics', OrderedDict([('file.managed', [OrderedDict([('name', '/usr/local/bin/usbdeviceforensics.py')]), OrderedDict([('source', 'https://raw.githubusercontent.com/woanware/usbdeviceforensics/5a0705d5beca09eab2fd5a47a52240dbc0db5bc9/usbdeviceforensics.py')]), OrderedDict([('source_hash', 'sha256=cc643ae2ccd7b772f6d8a2abaa0e9dd33514c60328c5bc3b7d60bb69398b9637')]), OrderedDict([('mode', 755)])])])), ('sift-scripts-usbdeviceforensics-shebang', OrderedDict([('file.replace', [OrderedDict([('name', '/usr/local/bin/usbdeviceforensics.py')]), OrderedDict([('pattern', '#!/usr/bin/python')]), OrderedDict([('repl', '#!/usr/bin/env python')]), OrderedDict([('count', 1)]), OrderedDict([('watch', [OrderedDict([('file', 'sift-scripts-usbdeviceforensics')])])])])]))]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/scripts/usbdeviceforensics.sls' using 'yaml' renderer: 0.00354313850403 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/scripts/virustotal-tools.sls' to resolve 'salt://sift/scripts/virustotal-tools.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/scripts/virustotal-tools.sls' to resolve 'salt://sift/scripts/virustotal-tools.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/scripts/virustotal-tools.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/scripts/virustotal-tools.sls' using 'jinja' renderer: 0.00147485733032 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/scripts/virustotal-tools.sls: # Source: https://blog.didierstevens.com/programs/virustotal-tools/ # License: Unknown, No Copyright sift-scripts-virustotal-search-archive: archive.extracted: - name: /usr/local/src/virustotal-search-v0.1.4 - source: https://didierstevens.com/files/software/virustotal-search_V0_1_4.zip - source_hash: sha256=8c033b3c46767590c54c191aeedc0162b3b8ccde0d7b75841a6552ca9de76044 - enforce_toplevel: False sift-scripts-virustotal-search-script: file.managed: - name: /usr/local/bin/virustotal-search.py - source: /usr/local/src/virustotal-search-v0.1.4/virustotal-search.py - mode: 755 - watch: - archive: sift-scripts-virustotal-search-archive sift-scripts-virustotal-submit-archive: archive.extracted: - name: /usr/local/src/virustotal-submit-v0.0.3 - source: https://didierstevens.com/files/software/virustotal-submit_V0_0_3.zip - source_hash: sha256=37cce3e8469de097912cb23bac6b909c9c7f5a5cee09c9279d32bdb9d6e23bcc - enforce_toplevel: False sift-scripts-virustotal-submit-script: file.managed: - name: /usr/local/bin/virustotal-submit.py - source: /usr/local/src/virustotal-submit-v0.0.3/virustotal-submit.py - mode: 755 - watch: - archive: sift-scripts-virustotal-submit-archive # [DEBUG ] Results of YAML rendering: OrderedDict([('sift-scripts-virustotal-search-archive', OrderedDict([('archive.extracted', [OrderedDict([('name', '/usr/local/src/virustotal-search-v0.1.4')]), OrderedDict([('source', 'https://didierstevens.com/files/software/virustotal-search_V0_1_4.zip')]), OrderedDict([('source_hash', 'sha256=8c033b3c46767590c54c191aeedc0162b3b8ccde0d7b75841a6552ca9de76044')]), OrderedDict([('enforce_toplevel', False)])])])), ('sift-scripts-virustotal-search-script', OrderedDict([('file.managed', [OrderedDict([('name', '/usr/local/bin/virustotal-search.py')]), OrderedDict([('source', '/usr/local/src/virustotal-search-v0.1.4/virustotal-search.py')]), OrderedDict([('mode', 755)]), OrderedDict([('watch', [OrderedDict([('archive', 'sift-scripts-virustotal-search-archive')])])])])])), ('sift-scripts-virustotal-submit-archive', OrderedDict([('archive.extracted', [OrderedDict([('name', '/usr/local/src/virustotal-submit-v0.0.3')]), OrderedDict([('source', 'https://didierstevens.com/files/software/virustotal-submit_V0_0_3.zip')]), OrderedDict([('source_hash', 'sha256=37cce3e8469de097912cb23bac6b909c9c7f5a5cee09c9279d32bdb9d6e23bcc')]), OrderedDict([('enforce_toplevel', False)])])])), ('sift-scripts-virustotal-submit-script', OrderedDict([('file.managed', [OrderedDict([('name', '/usr/local/bin/virustotal-submit.py')]), OrderedDict([('source', '/usr/local/src/virustotal-submit-v0.0.3/virustotal-submit.py')]), OrderedDict([('mode', 755)]), OrderedDict([('watch', [OrderedDict([('archive', 'sift-scripts-virustotal-submit-archive')])])])])]))]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/scripts/virustotal-tools.sls' using 'yaml' renderer: 0.00802421569824 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/scripts/vshot.sls' to resolve 'salt://sift/scripts/vshot.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/scripts/vshot.sls' to resolve 'salt://sift/scripts/vshot.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/scripts/vshot.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/scripts/vshot.sls' using 'jinja' renderer: 0.00301289558411 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/scripts/vshot.sls: include: - sift.packages.bulk-extractor - sift.packages.python-volatility # Source: https://github.com/williballenthin/python-registry # License: Apache2 - https://github.com/williballenthin/python-registry/blob/master/LICENSE.TXT sift-scripts-vshot: file.managed: - name: /usr/local/bin/vshot - source: https://raw.githubusercontent.com/CrowdStrike/Forensics/62d8ae4ed1ca276f2a1ffe251e1750d10538ae52/vshot - source_hash: sha256=590fb825df2d17f2e83fcbf1a578f39d8c7bd38017d85edfb250c0fb92db8b3a - mode: 755 - require: - pkg: python-volatility - pkg: bulk-extractor # [DEBUG ] Results of YAML rendering: OrderedDict([('include', ['sift.packages.bulk-extractor', 'sift.packages.python-volatility']), ('sift-scripts-vshot', OrderedDict([('file.managed', [OrderedDict([('name', '/usr/local/bin/vshot')]), OrderedDict([('source', 'https://raw.githubusercontent.com/CrowdStrike/Forensics/62d8ae4ed1ca276f2a1ffe251e1750d10538ae52/vshot')]), OrderedDict([('source_hash', 'sha256=590fb825df2d17f2e83fcbf1a578f39d8c7bd38017d85edfb250c0fb92db8b3a')]), OrderedDict([('mode', 755)]), OrderedDict([('require', [OrderedDict([('pkg', 'python-volatility')]), OrderedDict([('pkg', 'bulk-extractor')])])])])]))]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/scripts/vshot.sls' using 'yaml' renderer: 0.00329113006592 # [DEBUG ] Could not find file 'salt://sift/config.sls' in saltenv 'base' # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/config/init.sls' to resolve 'salt://sift/config/init.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/config/init.sls' to resolve 'salt://sift/config/init.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/config/init.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/config/init.sls' using 'jinja' renderer: 0.000947952270508 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/config/init.sls: include: - sift.config.hostname - sift.config.user - sift.config.timezone - sift.config.folders - sift.config.salt-minion - sift.config.samba #- .symlinks sift-config: test.nop: - name: sift-config - require: - sls: sift.config.hostname - sls: sift.config.user - sls: sift.config.timezone - sls: sift.config.folders - sls: sift.config.salt-minion - sls: sift.config.samba # [DEBUG ] Results of YAML rendering: OrderedDict([('include', ['sift.config.hostname', 'sift.config.user', 'sift.config.timezone', 'sift.config.folders', 'sift.config.salt-minion', 'sift.config.samba']), ('sift-config', OrderedDict([('test.nop', [OrderedDict([('name', 'sift-config')]), OrderedDict([('require', [OrderedDict([('sls', 'sift.config.hostname')]), OrderedDict([('sls', 'sift.config.user')]), OrderedDict([('sls', 'sift.config.timezone')]), OrderedDict([('sls', 'sift.config.folders')]), OrderedDict([('sls', 'sift.config.salt-minion')]), OrderedDict([('sls', 'sift.config.samba')])])])])]))]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/config/init.sls' using 'yaml' renderer: 0.00312900543213 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/config/hostname.sls' to resolve 'salt://sift/config/hostname.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/config/hostname.sls' to resolve 'salt://sift/config/hostname.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/config/hostname.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/config/hostname.sls' using 'jinja' renderer: 0.00552988052368 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/config/hostname.sls: hostname-managed: file.managed: - name: /etc/hostname - contents: siftworkstation - backup: false hostname-set-hostname: cmd.run: - name: hostnamectl set-hostname siftworkstation - unless: test "siftworkstation" = "$(hostname)" hostname-set-hosts: host.present: - name: siftworkstation - ip: 127.0.0.1 # [DEBUG ] Results of YAML rendering: OrderedDict([('hostname-managed', OrderedDict([('file.managed', [OrderedDict([('name', '/etc/hostname')]), OrderedDict([('contents', 'siftworkstation')]), OrderedDict([('backup', False)])])])), ('hostname-set-hostname', OrderedDict([('cmd.run', [OrderedDict([('name', 'hostnamectl set-hostname siftworkstation')]), OrderedDict([('unless', 'test "siftworkstation" = "$(hostname)"')])])])), ('hostname-set-hosts', OrderedDict([('host.present', [OrderedDict([('name', 'siftworkstation')]), OrderedDict([('ip', '127.0.0.1')])])]))]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/config/hostname.sls' using 'yaml' renderer: 0.00340008735657 # [DEBUG ] Could not find file 'salt://sift/config/user.sls' in saltenv 'base' # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/config/user/init.sls' to resolve 'salt://sift/config/user/init.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/config/user/init.sls' to resolve 'salt://sift/config/user/init.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/config/user/init.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/config/user/init.sls' using 'jinja' renderer: 0.00103497505188 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/config/user/init.sls: include: - sift.config.user.user - sift.config.user.bash-aliases - sift.config.user.bash-rc - sift.config.user.folders - sift.config.user.pdfs - sift.config.user.symlinks - sift.config.user.theme sift-config-user: test.nop: - name: sift-config-user - require: - sls: sift.config.user.user - sls: sift.config.user.bash-aliases - sls: sift.config.user.bash-rc - sls: sift.config.user.folders - sls: sift.config.user.pdfs - sls: sift.config.user.symlinks - sls: sift.config.user.theme # [DEBUG ] Results of YAML rendering: OrderedDict([('include', ['sift.config.user.user', 'sift.config.user.bash-aliases', 'sift.config.user.bash-rc', 'sift.config.user.folders', 'sift.config.user.pdfs', 'sift.config.user.symlinks', 'sift.config.user.theme']), ('sift-config-user', OrderedDict([('test.nop', [OrderedDict([('name', 'sift-config-user')]), OrderedDict([('require', [OrderedDict([('sls', 'sift.config.user.user')]), OrderedDict([('sls', 'sift.config.user.bash-aliases')]), OrderedDict([('sls', 'sift.config.user.bash-rc')]), OrderedDict([('sls', 'sift.config.user.folders')]), OrderedDict([('sls', 'sift.config.user.pdfs')]), OrderedDict([('sls', 'sift.config.user.symlinks')]), OrderedDict([('sls', 'sift.config.user.theme')])])])])]))]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/config/user/init.sls' using 'yaml' renderer: 0.00396013259888 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/config/user/user.sls' to resolve 'salt://sift/config/user/user.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/config/user/user.sls' to resolve 'salt://sift/config/user/user.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/config/user/user.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [DEBUG ] LazyLoaded user.list_users # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/config/user/user.sls' using 'jinja' renderer: 0.0171949863434 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/config/user/user.sls: sift-user-sansforensics: user.present: - name: sansforensics - home: /home/sansforensics # [DEBUG ] Results of YAML rendering: OrderedDict([('sift-user-sansforensics', OrderedDict([('user.present', [OrderedDict([('name', 'sansforensics')]), OrderedDict([('home', '/home/sansforensics')])])]))]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/config/user/user.sls' using 'yaml' renderer: 0.00145292282104 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/config/user/bash-aliases.sls' to resolve 'salt://sift/config/user/bash-aliases.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/config/user/bash-aliases.sls' to resolve 'salt://sift/config/user/bash-aliases.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/config/user/bash-aliases.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/config/user/bash-aliases.sls' using 'jinja' renderer: 0.00214195251465 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/config/user/bash-aliases.sls: include: - .user bash-aliases-user-sansforensics: file.append: - name: /home/sansforensics/.bash_aliases - text: "alias mountwin='mount -o ro,loop,show_sys_files,streams_interface=windows'" - require: - user: sift-user-sansforensics bash-aliases-user-root: file.append: - name: /root/.bash_aliases - text: "alias mountwin='mount -o ro,loop,show_sys_files,streams_interface=windows'" - require: - file: bash-aliases-user-sansforensics # [DEBUG ] Results of YAML rendering: OrderedDict([('include', ['.user']), ('bash-aliases-user-sansforensics', OrderedDict([('file.append', [OrderedDict([('name', '/home/sansforensics/.bash_aliases')]), OrderedDict([('text', "alias mountwin='mount -o ro,loop,show_sys_files,streams_interface=windows'")]), OrderedDict([('require', [OrderedDict([('user', 'sift-user-sansforensics')])])])])])), ('bash-aliases-user-root', OrderedDict([('file.append', [OrderedDict([('name', '/root/.bash_aliases')]), OrderedDict([('text', "alias mountwin='mount -o ro,loop,show_sys_files,streams_interface=windows'")]), OrderedDict([('require', [OrderedDict([('file', 'bash-aliases-user-sansforensics')])])])])]))]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/config/user/bash-aliases.sls' using 'yaml' renderer: 0.00312900543213 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/config/user/bash-rc.sls' to resolve 'salt://sift/config/user/bash-rc.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/config/user/bash-rc.sls' to resolve 'salt://sift/config/user/bash-rc.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/config/user/bash-rc.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/config/user/bash-rc.sls' using 'jinja' renderer: 0.00245213508606 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/config/user/bash-rc.sls: include: - .user rc-noclobber: file.append: - name: /home/sansforensics/.bashrc - text: 'set -o noclobber' - require: - user: sift-user-sansforensics rekall-path: file.append: - name: /home/sansforensics/.bashrc - text: 'export PATH=$PATH:/opt/rekall/bin' - require: - user: sift-user-sansforensics rc-root-noclobber: file.append: - name: /root/.bashrc - text: 'set -o noclobber' - require: - file: rekall-path # [DEBUG ] Results of YAML rendering: OrderedDict([('include', ['.user']), ('rc-noclobber', OrderedDict([('file.append', [OrderedDict([('name', '/home/sansforensics/.bashrc')]), OrderedDict([('text', 'set -o noclobber')]), OrderedDict([('require', [OrderedDict([('user', 'sift-user-sansforensics')])])])])])), ('rekall-path', OrderedDict([('file.append', [OrderedDict([('name', '/home/sansforensics/.bashrc')]), OrderedDict([('text', 'export PATH=$PATH:/opt/rekall/bin')]), OrderedDict([('require', [OrderedDict([('user', 'sift-user-sansforensics')])])])])])), ('rc-root-noclobber', OrderedDict([('file.append', [OrderedDict([('name', '/root/.bashrc')]), OrderedDict([('text', 'set -o noclobber')]), OrderedDict([('require', [OrderedDict([('file', 'rekall-path')])])])])]))]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/config/user/bash-rc.sls' using 'yaml' renderer: 0.00424695014954 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/config/user/folders.sls' to resolve 'salt://sift/config/user/folders.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/config/user/folders.sls' to resolve 'salt://sift/config/user/folders.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/config/user/folders.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/config/user/folders.sls' using 'jinja' renderer: 0.00204396247864 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/config/user/folders.sls: include: - .user folders-config-autostart: file.directory: - name: /home/sansforensics/.config/autostart - user: sansforensics - group: sansforensics - makedirs: True - require: - user: sift-user-sansforensics # [DEBUG ] Results of YAML rendering: OrderedDict([('include', ['.user']), ('folders-config-autostart', OrderedDict([('file.directory', [OrderedDict([('name', '/home/sansforensics/.config/autostart')]), OrderedDict([('user', 'sansforensics')]), OrderedDict([('group', 'sansforensics')]), OrderedDict([('makedirs', True)]), OrderedDict([('require', [OrderedDict([('user', 'sift-user-sansforensics')])])])])]))]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/config/user/folders.sls' using 'yaml' renderer: 0.00232911109924 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/config/user/pdfs.sls' to resolve 'salt://sift/config/user/pdfs.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/config/user/pdfs.sls' to resolve 'salt://sift/config/user/pdfs.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/config/user/pdfs.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/config/user/pdfs.sls' using 'jinja' renderer: 0.00264883041382 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/config/user/pdfs.sls: include: - .user pdfs-resource-copy: file.recurse: - name: /home/sansforensics/Desktop - source: salt://sift/files/sift/resources - include_pat: '*.pdf' - require: - user: sift-user-sansforensics # [DEBUG ] Results of YAML rendering: OrderedDict([('include', ['.user']), ('pdfs-resource-copy', OrderedDict([('file.recurse', [OrderedDict([('name', '/home/sansforensics/Desktop')]), OrderedDict([('source', 'salt://sift/files/sift/resources')]), OrderedDict([('include_pat', '*.pdf')]), OrderedDict([('require', [OrderedDict([('user', 'sift-user-sansforensics')])])])])]))]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/config/user/pdfs.sls' using 'yaml' renderer: 0.0022120475769 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/config/user/symlinks.sls' to resolve 'salt://sift/config/user/symlinks.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/config/user/symlinks.sls' to resolve 'salt://sift/config/user/symlinks.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/config/user/symlinks.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/config/user/symlinks.sls' using 'jinja' renderer: 0.00386714935303 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/config/user/symlinks.sls: include: - .user symlinks-user-desktop-directory: file.directory: - name: /home/sansforensics/Desktop - require: - user: sift-user-sansforensics symlinks-mount-points: file.symlink: - name: /home/sansforensics/Desktop/mount_points - target: /mnt - user: sansforensics - group: sansforensics - require: - file: symlinks-user-desktop-directory - user: sift-user-sansforensics symlinks-cases: file.symlink: - name: /home/sansforensics/Desktop/cases - target: /cases - user: sansforensics - group: sansforensics - require: - file: symlinks-user-desktop-directory - user: sift-user-sansforensics # [DEBUG ] Results of YAML rendering: OrderedDict([('include', ['.user']), ('symlinks-user-desktop-directory', OrderedDict([('file.directory', [OrderedDict([('name', '/home/sansforensics/Desktop')]), OrderedDict([('require', [OrderedDict([('user', 'sift-user-sansforensics')])])])])])), ('symlinks-mount-points', OrderedDict([('file.symlink', [OrderedDict([('name', '/home/sansforensics/Desktop/mount_points')]), OrderedDict([('target', '/mnt')]), OrderedDict([('user', 'sansforensics')]), OrderedDict([('group', 'sansforensics')]), OrderedDict([('require', [OrderedDict([('file', 'symlinks-user-desktop-directory')]), OrderedDict([('user', 'sift-user-sansforensics')])])])])])), ('symlinks-cases', OrderedDict([('file.symlink', [OrderedDict([('name', '/home/sansforensics/Desktop/cases')]), OrderedDict([('target', '/cases')]), OrderedDict([('user', 'sansforensics')]), OrderedDict([('group', 'sansforensics')]), OrderedDict([('require', [OrderedDict([('file', 'symlinks-user-desktop-directory')]), OrderedDict([('user', 'sift-user-sansforensics')])])])])]))]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/config/user/symlinks.sls' using 'yaml' renderer: 0.00635886192322 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/config/user/theme.sls' to resolve 'salt://sift/config/user/theme.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/config/user/theme.sls' to resolve 'salt://sift/config/user/theme.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/config/user/theme.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/config/user/theme.sls' using 'jinja' renderer: 0.00495195388794 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/config/user/theme.sls: include: - .user theme-set-background-directory: file.directory: - name: /usr/share/backgrounds - makedirs: True theme-set-background: file.managed: - name: /usr/share/backgrounds/warty-final-ubuntu.png - source: salt://sift/files/sift/images/forensics_blue.jpg - replace: True - require: - file: theme-set-background-directory - user: sift-user-sansforensics theme-set-unity-logo-directory: file.directory: - name: /usr/share/unity-greeter - makedirs: True theme-set-unity-logo: file.managed: - name: /usr/share/unity-greeter/logo.png - source: salt://sift/files/sift/images/login_logo.png - replace: True - require: - file: theme-set-unity-logo-directory - user: sift-user-sansforensics theme-manage-autostart: file.directory: - name: /home/sansforensics/.config/autostart/ - makedirs: True theme-manage-gnome-terminal: file.managed: - name: /home/sansforensics/.config/autostart/gnome-terminal.desktop - source: salt://sift/files/sift/other/gnome-terminal.desktop - replace: True - require: - file: theme-manage-autostart - user: sift-user-sansforensics # [DEBUG ] Results of YAML rendering: OrderedDict([('include', ['.user']), ('theme-set-background-directory', OrderedDict([('file.directory', [OrderedDict([('name', '/usr/share/backgrounds')]), OrderedDict([('makedirs', True)])])])), ('theme-set-background', OrderedDict([('file.managed', [OrderedDict([('name', '/usr/share/backgrounds/warty-final-ubuntu.png')]), OrderedDict([('source', 'salt://sift/files/sift/images/forensics_blue.jpg')]), OrderedDict([('replace', True)]), OrderedDict([('require', [OrderedDict([('file', 'theme-set-background-directory')]), OrderedDict([('user', 'sift-user-sansforensics')])])])])])), ('theme-set-unity-logo-directory', OrderedDict([('file.directory', [OrderedDict([('name', '/usr/share/unity-greeter')]), OrderedDict([('makedirs', True)])])])), ('theme-set-unity-logo', OrderedDict([('file.managed', [OrderedDict([('name', '/usr/share/unity-greeter/logo.png')]), OrderedDict([('source', 'salt://sift/files/sift/images/login_logo.png')]), OrderedDict([('replace', True)]), OrderedDict([('require', [OrderedDict([('file', 'theme-set-unity-logo-directory')]), OrderedDict([('user', 'sift-user-sansforensics')])])])])])), ('theme-manage-autostart', OrderedDict([('file.directory', [OrderedDict([('name', '/home/sansforensics/.config/autostart/')]), OrderedDict([('makedirs', True)])])])), ('theme-manage-gnome-terminal', OrderedDict([('file.managed', [OrderedDict([('name', '/home/sansforensics/.config/autostart/gnome-terminal.desktop')]), OrderedDict([('source', 'salt://sift/files/sift/other/gnome-terminal.desktop')]), OrderedDict([('replace', True)]), OrderedDict([('require', [OrderedDict([('file', 'theme-manage-autostart')]), OrderedDict([('user', 'sift-user-sansforensics')])])])])]))]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/config/user/theme.sls' using 'yaml' renderer: 0.00835490226746 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/config/timezone.sls' to resolve 'salt://sift/config/timezone.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/config/timezone.sls' to resolve 'salt://sift/config/timezone.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/config/timezone.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/config/timezone.sls' using 'jinja' renderer: 0.00212001800537 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/config/timezone.sls: Etc/UTC: timezone.system # [DEBUG ] Results of YAML rendering: OrderedDict([('Etc/UTC', 'timezone.system')]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/config/timezone.sls' using 'yaml' renderer: 0.000657081604004 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/config/folders.sls' to resolve 'salt://sift/config/folders.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/config/folders.sls' to resolve 'salt://sift/config/folders.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/config/folders.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/config/folders.sls' using 'jinja' renderer: 0.00474500656128 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/config/folders.sls: include: - .user config-folder-cases: file.directory: - name: /cases - user: sansforensics - group: root - makedirs: true - dir_mode: 775 - require: - user: sift-user-sansforensics /mnt/usb: file.directory: - user: root - group: root - makedirs: true /mnt/vss: file.directory: - user: root - group: root - makedirs: true /mnt/shadow: file.directory: - user: root - group: root - makedirs: true /mnt/windows_mount: file.directory: - user: root - group: root - makedirs: true /mnt/e01: file.directory: - user: root - group: root - makedirs: true /mnt/aff: file.directory: - user: root - group: root - makedirs: true /mnt/ewf: file.directory: - user: root - group: root - makedirs: true /mnt/bde: file.directory: - user: root - group: root - makedirs: true /mnt/iscsi: file.directory: - user: root - group: root - makedirs: true /mnt/windows_mount1: file.directory: - user: root - group: root - makedirs: true /mnt/windows_mount2: file.directory: - user: root - group: root - makedirs: true /mnt/windows_mount3: file.directory: - user: root - group: root - makedirs: true /mnt/windows_mount4: file.directory: - user: root - group: root - makedirs: true /mnt/windows_mount5: file.directory: - user: root - group: root - makedirs: true /mnt/shadow/vss1: file.directory: - user: root - group: root - makedirs: true /mnt/shadow/vss2: file.directory: - user: root - group: root - makedirs: true /mnt/shadow/vss3: file.directory: - user: root - group: root - makedirs: true /mnt/shadow/vss4: file.directory: - user: root - group: root - makedirs: true /mnt/shadow/vss5: file.directory: - user: root - group: root - makedirs: true /mnt/shadow/vss6: file.directory: - user: root - group: root - makedirs: true /mnt/shadow/vss7: file.directory: - user: root - group: root - makedirs: true /mnt/shadow/vss8: file.directory: - user: root - group: root - makedirs: true /mnt/shadow/vss9: file.directory: - user: root - group: root - makedirs: true /mnt/shadow/vss10: file.directory: - user: root - group: root - makedirs: true /mnt/shadow/vss11: file.directory: - user: root - group: root - makedirs: true /mnt/shadow/vss12: file.directory: - user: root - group: root - makedirs: true /mnt/shadow/vss13: file.directory: - user: root - group: root - makedirs: true /mnt/shadow/vss14: file.directory: - user: root - group: root - makedirs: true /mnt/shadow/vss15: file.directory: - user: root - group: root - makedirs: true /mnt/shadow/vss16: file.directory: - user: root - group: root - makedirs: true /mnt/shadow/vss17: file.directory: - user: root - group: root - makedirs: true /mnt/shadow/vss18: file.directory: - user: root - group: root - makedirs: true /mnt/shadow/vss19: file.directory: - user: root - group: root - makedirs: true /mnt/shadow/vss20: file.directory: - user: root - group: root - makedirs: true /mnt/shadow/vss21: file.directory: - user: root - group: root - makedirs: true /mnt/shadow/vss22: file.directory: - user: root - group: root - makedirs: true /mnt/shadow/vss23: file.directory: - user: root - group: root - makedirs: true /mnt/shadow/vss24: file.directory: - user: root - group: root - makedirs: true /mnt/shadow/vss25: file.directory: - user: root - group: root - makedirs: true /mnt/shadow/vss26: file.directory: - user: root - group: root - makedirs: true /mnt/shadow/vss27: file.directory: - user: root - group: root - makedirs: true /mnt/shadow/vss28: file.directory: - user: root - group: root - makedirs: true /mnt/shadow/vss29: file.directory: - user: root - group: root - makedirs: true /mnt/shadow/vss30: file.directory: - user: root - group: root - makedirs: true # [DEBUG ] Results of YAML rendering: OrderedDict([('include', ['.user']), ('config-folder-cases', OrderedDict([('file.directory', [OrderedDict([('name', '/cases')]), OrderedDict([('user', 'sansforensics')]), OrderedDict([('group', 'root')]), OrderedDict([('makedirs', True)]), OrderedDict([('dir_mode', 775)]), OrderedDict([('require', [OrderedDict([('user', 'sift-user-sansforensics')])])])])])), ('/mnt/usb', OrderedDict([('file.directory', [OrderedDict([('user', 'root')]), OrderedDict([('group', 'root')]), OrderedDict([('makedirs', True)])])])), ('/mnt/vss', OrderedDict([('file.directory', [OrderedDict([('user', 'root')]), OrderedDict([('group', 'root')]), OrderedDict([('makedirs', True)])])])), ('/mnt/shadow', OrderedDict([('file.directory', [OrderedDict([('user', 'root')]), OrderedDict([('group', 'root')]), OrderedDict([('makedirs', True)])])])), ('/mnt/windows_mount', OrderedDict([('file.directory', [OrderedDict([('user', 'root')]), OrderedDict([('group', 'root')]), OrderedDict([('makedirs', True)])])])), ('/mnt/e01', OrderedDict([('file.directory', [OrderedDict([('user', 'root')]), OrderedDict([('group', 'root')]), OrderedDict([('makedirs', True)])])])), ('/mnt/aff', OrderedDict([('file.directory', [OrderedDict([('user', 'root')]), OrderedDict([('group', 'root')]), OrderedDict([('makedirs', True)])])])), ('/mnt/ewf', OrderedDict([('file.directory', [OrderedDict([('user', 'root')]), OrderedDict([('group', 'root')]), OrderedDict([('makedirs', True)])])])), ('/mnt/bde', OrderedDict([('file.directory', [OrderedDict([('user', 'root')]), OrderedDict([('group', 'root')]), OrderedDict([('makedirs', True)])])])), ('/mnt/iscsi', OrderedDict([('file.directory', [OrderedDict([('user', 'root')]), OrderedDict([('group', 'root')]), OrderedDict([('makedirs', True)])])])), ('/mnt/windows_mount1', OrderedDict([('file.directory', [OrderedDict([('user', 'root')]), OrderedDict([('group', 'root')]), OrderedDict([('makedirs', True)])])])), ('/mnt/windows_mount2', OrderedDict([('file.directory', [OrderedDict([('user', 'root')]), OrderedDict([('group', 'root')]), OrderedDict([('makedirs', True)])])])), ('/mnt/windows_mount3', OrderedDict([('file.directory', [OrderedDict([('user', 'root')]), OrderedDict([('group', 'root')]), OrderedDict([('makedirs', True)])])])), ('/mnt/windows_mount4', OrderedDict([('file.directory', [OrderedDict([('user', 'root')]), OrderedDict([('group', 'root')]), OrderedDict([('makedirs', True)])])])), ('/mnt/windows_mount5', OrderedDict([('file.directory', [OrderedDict([('user', 'root')]), OrderedDict([('group', 'root')]), OrderedDict([('makedirs', True)])])])), ('/mnt/shadow/vss1', OrderedDict([('file.directory', [OrderedDict([('user', 'root')]), OrderedDict([('group', 'root')]), OrderedDict([('makedirs', True)])])])), ('/mnt/shadow/vss2', OrderedDict([('file.directory', [OrderedDict([('user', 'root')]), OrderedDict([('group', 'root')]), OrderedDict([('makedirs', True)])])])), ('/mnt/shadow/vss3', OrderedDict([('file.directory', [OrderedDict([('user', 'root')]), OrderedDict([('group', 'root')]), OrderedDict([('makedirs', True)])])])), ('/mnt/shadow/vss4', OrderedDict([('file.directory', [OrderedDict([('user', 'root')]), OrderedDict([('group', 'root')]), OrderedDict([('makedirs', True)])])])), ('/mnt/shadow/vss5', OrderedDict([('file.directory', [OrderedDict([('user', 'root')]), OrderedDict([('group', 'root')]), OrderedDict([('makedirs', True)])])])), ('/mnt/shadow/vss6', OrderedDict([('file.directory', [OrderedDict([('user', 'root')]), OrderedDict([('group', 'root')]), OrderedDict([('makedirs', True)])])])), ('/mnt/shadow/vss7', OrderedDict([('file.directory', [OrderedDict([('user', 'root')]), OrderedDict([('group', 'root')]), OrderedDict([('makedirs', True)])])])), ('/mnt/shadow/vss8', OrderedDict([('file.directory', [OrderedDict([('user', 'root')]), OrderedDict([('group', 'root')]), OrderedDict([('makedirs', True)])])])), ('/mnt/shadow/vss9', OrderedDict([('file.directory', [OrderedDict([('user', 'root')]), OrderedDict([('group', 'root')]), OrderedDict([('makedirs', True)])])])), ('/mnt/shadow/vss10', OrderedDict([('file.directory', [OrderedDict([('user', 'root')]), OrderedDict([('group', 'root')]), OrderedDict([('makedirs', True)])])])), ('/mnt/shadow/vss11', OrderedDict([('file.directory', [OrderedDict([('user', 'root')]), OrderedDict([('group', 'root')]), OrderedDict([('makedirs', True)])])])), ('/mnt/shadow/vss12', OrderedDict([('file.directory', [OrderedDict([('user', 'root')]), OrderedDict([('group', 'root')]), OrderedDict([('makedirs', True)])])])), ('/mnt/shadow/vss13', OrderedDict([('file.directory', [OrderedDict([('user', 'root')]), OrderedDict([('group', 'root')]), OrderedDict([('makedirs', True)])])])), ('/mnt/shadow/vss14', OrderedDict([('file.directory', [OrderedDict([('user', 'root')]), OrderedDict([('group', 'root')]), OrderedDict([('makedirs', True)])])])), ('/mnt/shadow/vss15', OrderedDict([('file.directory', [OrderedDict([('user', 'root')]), OrderedDict([('group', 'root')]), OrderedDict([('makedirs', True)])])])), ('/mnt/shadow/vss16', OrderedDict([('file.directory', [OrderedDict([('user', 'root')]), OrderedDict([('group', 'root')]), OrderedDict([('makedirs', True)])])])), ('/mnt/shadow/vss17', OrderedDict([('file.directory', [OrderedDict([('user', 'root')]), OrderedDict([('group', 'root')]), OrderedDict([('makedirs', True)])])])), ('/mnt/shadow/vss18', OrderedDict([('file.directory', [OrderedDict([('user', 'root')]), OrderedDict([('group', 'root')]), OrderedDict([('makedirs', True)])])])), ('/mnt/shadow/vss19', OrderedDict([('file.directory', [OrderedDict([('user', 'root')]), OrderedDict([('group', 'root')]), OrderedDict([('makedirs', True)])])])), ('/mnt/shadow/vss20', OrderedDict([('file.directory', [OrderedDict([('user', 'root')]), OrderedDict([('group', 'root')]), OrderedDict([('makedirs', True)])])])), ('/mnt/shadow/vss21', OrderedDict([('file.directory', [OrderedDict([('user', 'root')]), OrderedDict([('group', 'root')]), OrderedDict([('makedirs', True)])])])), ('/mnt/shadow/vss22', OrderedDict([('file.directory', [OrderedDict([('user', 'root')]), OrderedDict([('group', 'root')]), OrderedDict([('makedirs', True)])])])), ('/mnt/shadow/vss23', OrderedDict([('file.directory', [OrderedDict([('user', 'root')]), OrderedDict([('group', 'root')]), OrderedDict([('makedirs', True)])])])), ('/mnt/shadow/vss24', OrderedDict([('file.directory', [OrderedDict([('user', 'root')]), OrderedDict([('group', 'root')]), OrderedDict([('makedirs', True)])])])), ('/mnt/shadow/vss25', OrderedDict([('file.directory', [OrderedDict([('user', 'root')]), OrderedDict([('group', 'root')]), OrderedDict([('makedirs', True)])])])), ('/mnt/shadow/vss26', OrderedDict([('file.directory', [OrderedDict([('user', 'root')]), OrderedDict([('group', 'root')]), OrderedDict([('makedirs', True)])])])), ('/mnt/shadow/vss27', OrderedDict([('file.directory', [OrderedDict([('user', 'root')]), OrderedDict([('group', 'root')]), OrderedDict([('makedirs', True)])])])), ('/mnt/shadow/vss28', OrderedDict([('file.directory', [OrderedDict([('user', 'root')]), OrderedDict([('group', 'root')]), OrderedDict([('makedirs', True)])])])), ('/mnt/shadow/vss29', OrderedDict([('file.directory', [OrderedDict([('user', 'root')]), OrderedDict([('group', 'root')]), OrderedDict([('makedirs', True)])])])), ('/mnt/shadow/vss30', OrderedDict([('file.directory', [OrderedDict([('user', 'root')]), OrderedDict([('group', 'root')]), OrderedDict([('makedirs', True)])])]))]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/config/folders.sls' using 'yaml' renderer: 0.0736448764801 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/config/salt-minion.sls' to resolve 'salt://sift/config/salt-minion.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/config/salt-minion.sls' to resolve 'salt://sift/config/salt-minion.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/config/salt-minion.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/config/salt-minion.sls' using 'jinja' renderer: 0.00149011611938 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/config/salt-minion.sls: salt-minion: service.dead: - name: salt-minion - enable: False # [DEBUG ] Results of YAML rendering: OrderedDict([('salt-minion', OrderedDict([('service.dead', [OrderedDict([('name', 'salt-minion')]), OrderedDict([('enable', False)])])]))]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/config/salt-minion.sls' using 'yaml' renderer: 0.0013439655304 # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/config/samba.sls' to resolve 'salt://sift/config/samba.sls' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/config/samba.sls' to resolve 'salt://sift/config/samba.sls' # [DEBUG ] Fetching file from saltenv 'base', ** attempting ** 'salt://sift/config/samba.sls' # [DEBUG ] No dest file found # [INFO ] Fetching file from saltenv 'base', ** done ** 'sift/config/samba.sls' # [DEBUG ] compile template: /var/cache/salt/minion/files/base/sift/config/samba.sls # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/config/samba.sls' using 'jinja' renderer: 0.00193810462952 # [DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/sift/config/samba.sls: include: - ..packages.samba sift-samba-global-config: file.managed: - name: /etc/samba/smb.conf - source: salt://sift/files/samba/smb.conf - template: jinja - context: user: sansforensics - require: - pkg: samba samba-service-smbd: service.running: - name: smbd - watch: - file: sift-samba-global-config samba-service-nmbd: service.running: - name: nmbd - watch: - file: sift-samba-global-config # [DEBUG ] Results of YAML rendering: OrderedDict([('include', ['..packages.samba']), ('sift-samba-global-config', OrderedDict([('file.managed', [OrderedDict([('name', '/etc/samba/smb.conf')]), OrderedDict([('source', 'salt://sift/files/samba/smb.conf')]), OrderedDict([('template', 'jinja')]), OrderedDict([('context', OrderedDict([('user', 'sansforensics')]))]), OrderedDict([('require', [OrderedDict([('pkg', 'samba')])])])])])), ('samba-service-smbd', OrderedDict([('service.running', [OrderedDict([('name', 'smbd')]), OrderedDict([('watch', [OrderedDict([('file', 'sift-samba-global-config')])])])])])), ('samba-service-nmbd', OrderedDict([('service.running', [OrderedDict([('name', 'nmbd')]), OrderedDict([('watch', [OrderedDict([('file', 'sift-samba-global-config')])])])])]))]) # [PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/sift/config/samba.sls' using 'yaml' renderer: 0.00513195991516 # [DEBUG ] LazyLoaded pkg.install # [DEBUG ] LazyLoaded pkg.installed # [DEBUG ] Module DSC: Only available on Windows systems # [DEBUG ] Module PSGet: Only available on Windows systems # [DEBUG ] Could not LazyLoad pkg.ex_mod_init: 'pkg.ex_mod_init' is not available. # [INFO ] Running state [python-software-properties] at time 14:12:25.467174 # [INFO ] Executing state pkg.installed for [python-software-properties] # [INFO ] Executing command ['dpkg-query', '--showformat', '${Status} ${Package} ${Version} ${Architecture}', '-W'] in directory '/home/sansforensics' # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] Package python-software-properties is already installed # [INFO ] Completed state [python-software-properties] at time 14:12:26.263585 duration_in_ms=796.411 # [INFO ] Running state [apt-transport-https] at time 14:12:26.263790 # [INFO ] Executing state pkg.installed for [apt-transport-https] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] Package apt-transport-https is already installed # [INFO ] Completed state [apt-transport-https] at time 14:12:26.269466 duration_in_ms=5.676 # [DEBUG ] LazyLoaded pkgrepo.managed # [INFO ] Running state [deb https://apt.dockerproject.org/repo ubuntu-xenial main] at time 14:12:26.282803 # [INFO ] Executing state pkgrepo.managed for [deb https://apt.dockerproject.org/repo ubuntu-xenial main] # [INFO ] Package repo 'deb https://apt.dockerproject.org/repo ubuntu-xenial main' already configured # [INFO ] Completed state [deb https://apt.dockerproject.org/repo ubuntu-xenial main] at time 14:12:26.350619 duration_in_ms=67.815 # [INFO ] Running state [sift-gift-dev] at time 14:12:26.350810 # [INFO ] Executing state pkgrepo.absent for [sift-gift-dev] # [INFO ] Package repo ppa:gift/dev is absent # [INFO ] Completed state [sift-gift-dev] at time 14:12:26.849348 duration_in_ms=498.536 # [INFO ] Running state [gift] at time 14:12:26.853145 # [INFO ] Executing state pkgrepo.managed for [gift] # [INFO ] Configured package repo 'gift' # [INFO ] Completed state [gift] at time 14:12:28.349720 duration_in_ms=1496.575 # [INFO ] Running state [sift-dev] at time 14:12:28.349919 # [INFO ] Executing state pkgrepo.absent for [sift-dev] # [INFO ] Package repo ppa:sift/dev is absent # [INFO ] Completed state [sift-dev] at time 14:12:28.705189 duration_in_ms=355.268 # [INFO ] Running state [sift-repo] at time 14:12:28.709130 # [INFO ] Executing state pkgrepo.managed for [sift-repo] # [INFO ] Configured package repo 'sift-repo' # [INFO ] Completed state [sift-repo] at time 14:12:30.375522 duration_in_ms=1666.392 # [INFO ] Running state [openjdk-repo] at time 14:12:30.378236 # [INFO ] Executing state pkgrepo.managed for [openjdk-repo] # [INFO ] Configured package repo 'openjdk-repo' # [INFO ] Completed state [openjdk-repo] at time 14:12:32.419543 duration_in_ms=2041.306 # [INFO ] Running state [deb http://archive.ubuntu.com/ubuntu/ xenial multiverse] at time 14:12:32.419721 # [INFO ] Executing state pkgrepo.managed for [deb http://archive.ubuntu.com/ubuntu/ xenial multiverse] # [INFO ] Package repo 'deb http://archive.ubuntu.com/ubuntu/ xenial multiverse' already configured # [INFO ] Completed state [deb http://archive.ubuntu.com/ubuntu/ xenial multiverse] at time 14:12:32.461266 duration_in_ms=41.544 # [INFO ] Running state [deb http://archive.ubuntu.com/ubuntu/ xenial-security multiverse] at time 14:12:32.461461 # [INFO ] Executing state pkgrepo.managed for [deb http://archive.ubuntu.com/ubuntu/ xenial-security multiverse] # [INFO ] Package repo 'deb http://archive.ubuntu.com/ubuntu/ xenial-security multiverse' already configured # [INFO ] Completed state [deb http://archive.ubuntu.com/ubuntu/ xenial-security multiverse] at time 14:12:32.499919 duration_in_ms=38.458 # [INFO ] Running state [deb http://archive.ubuntu.com/ubuntu/ xenial universe] at time 14:12:32.500093 # [INFO ] Executing state pkgrepo.managed for [deb http://archive.ubuntu.com/ubuntu/ xenial universe] # [INFO ] Package repo 'deb http://archive.ubuntu.com/ubuntu/ xenial universe' already configured # [INFO ] Completed state [deb http://archive.ubuntu.com/ubuntu/ xenial universe] at time 14:12:32.538918 duration_in_ms=38.824 # [DEBUG ] LazyLoaded test.nop # [INFO ] Running state [ubuntutweak] at time 14:12:32.546961 # [INFO ] Executing state test.nop for [ubuntutweak] # [INFO ] Success! # [INFO ] Completed state [ubuntutweak] at time 14:12:32.547381 duration_in_ms=0.42 # [INFO ] Running state [sift-repos] at time 14:12:32.557560 # [INFO ] Executing state test.nop for [sift-repos] # [INFO ] Success! # [INFO ] Completed state [sift-repos] at time 14:12:32.558205 duration_in_ms=0.647 # [INFO ] Running state [binplist] at time 14:12:32.558357 # [INFO ] Executing state pkg.removed for [binplist] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] All specified packages are already absent # [INFO ] Completed state [binplist] at time 14:12:32.569914 duration_in_ms=11.557 # [INFO ] Running state [unity-webapps-common] at time 14:12:32.570179 # [INFO ] Executing state pkg.removed for [unity-webapps-common] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] All specified packages are already absent # [INFO ] Completed state [unity-webapps-common] at time 14:12:32.581547 duration_in_ms=11.368 # [INFO ] Running state [aeskeyfind] at time 14:12:32.581709 # [INFO ] Executing state pkg.installed for [aeskeyfind] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] Package aeskeyfind is already installed # [INFO ] Completed state [aeskeyfind] at time 14:12:32.588053 duration_in_ms=6.343 # [INFO ] Running state [afflib-tools] at time 14:12:32.588266 # [INFO ] Executing state pkg.installed for [afflib-tools] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] Package afflib-tools is already installed # [INFO ] Completed state [afflib-tools] at time 14:12:32.594625 duration_in_ms=6.358 # [INFO ] Running state [afterglow] at time 14:12:32.594799 # [INFO ] Executing state pkg.installed for [afterglow] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] Package afterglow is already installed # [INFO ] Completed state [afterglow] at time 14:12:32.600155 duration_in_ms=5.355 # [INFO ] Running state [aircrack-ng] at time 14:12:32.600312 # [INFO ] Executing state pkg.installed for [aircrack-ng] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] Package aircrack-ng is already installed # [INFO ] Completed state [aircrack-ng] at time 14:12:32.605727 duration_in_ms=5.414 # [INFO ] Running state [apache2] at time 14:12:32.605899 # [INFO ] Executing state pkg.installed for [apache2] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] Package apache2 is already installed # [INFO ] Completed state [apache2] at time 14:12:32.611680 duration_in_ms=5.78 # [INFO ] Running state [arp-scan] at time 14:12:32.611860 # [INFO ] Executing state pkg.installed for [arp-scan] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] Package arp-scan is already installed # [INFO ] Completed state [arp-scan] at time 14:12:32.617916 duration_in_ms=6.056 # [INFO ] Running state [autopsy] at time 14:12:32.618114 # [INFO ] Executing state pkg.installed for [autopsy] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] Package autopsy is already installed # [INFO ] Completed state [autopsy] at time 14:12:32.623897 duration_in_ms=5.783 # [INFO ] Running state [bcrypt] at time 14:12:32.624214 # [INFO ] Executing state pkg.installed for [bcrypt] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] Package bcrypt is already installed # [INFO ] Completed state [bcrypt] at time 14:12:32.630096 duration_in_ms=5.882 # [INFO ] Running state [bitpim] at time 14:12:32.630263 # [INFO ] Executing state pkg.installed for [bitpim] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] Package bitpim is already installed # [INFO ] Completed state [bitpim] at time 14:12:32.635705 duration_in_ms=5.443 # [INFO ] Running state [bitpim-lib] at time 14:12:32.635832 # [INFO ] Executing state pkg.installed for [bitpim-lib] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] Package bitpim-lib is already installed # [INFO ] Completed state [bitpim-lib] at time 14:12:32.641080 duration_in_ms=5.248 # [INFO ] Running state [bkhive] at time 14:12:32.641319 # [INFO ] Executing state pkg.installed for [bkhive] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] Package bkhive is already installed # [INFO ] Completed state [bkhive] at time 14:12:32.646826 duration_in_ms=5.507 # [INFO ] Running state [bless] at time 14:12:32.647000 # [INFO ] Executing state pkg.installed for [bless] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] Package bless is already installed # [INFO ] Completed state [bless] at time 14:12:32.652854 duration_in_ms=5.853 # [INFO ] Running state [blt] at time 14:12:32.653042 # [INFO ] Executing state pkg.installed for [blt] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] Package blt is already installed # [INFO ] Completed state [blt] at time 14:12:32.659124 duration_in_ms=6.081 # [INFO ] Running state [build-essential] at time 14:12:32.659298 # [INFO ] Executing state pkg.installed for [build-essential] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] Package build-essential is already installed # [INFO ] Completed state [build-essential] at time 14:12:32.665996 duration_in_ms=6.697 # [INFO ] Running state [bulk-extractor] at time 14:12:32.670134 # [INFO ] Executing state pkg.installed for [bulk-extractor] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] Package bulk-extractor is already installed # [INFO ] Completed state [bulk-extractor] at time 14:12:32.675826 duration_in_ms=5.691 # [INFO ] Running state [cabextract] at time 14:12:32.676010 # [INFO ] Executing state pkg.installed for [cabextract] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] Package cabextract is already installed # [INFO ] Completed state [cabextract] at time 14:12:32.681674 duration_in_ms=5.662 # [INFO ] Running state [ccrypt] at time 14:12:32.681935 # [INFO ] Executing state pkg.installed for [ccrypt] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] Package ccrypt is already installed # [INFO ] Completed state [ccrypt] at time 14:12:32.688028 duration_in_ms=6.092 # [INFO ] Running state [cifs-utils] at time 14:12:32.688193 # [INFO ] Executing state pkg.installed for [cifs-utils] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] Package cifs-utils is already installed # [INFO ] Completed state [cifs-utils] at time 14:12:32.694245 duration_in_ms=6.051 # [INFO ] Running state [clamav] at time 14:12:32.694391 # [INFO ] Executing state pkg.installed for [clamav] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] Package clamav is already installed # [INFO ] Completed state [clamav] at time 14:12:32.699713 duration_in_ms=5.323 # [INFO ] Running state [cmospwd] at time 14:12:32.699847 # [INFO ] Executing state pkg.installed for [cmospwd] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] Package cmospwd is already installed # [INFO ] Completed state [cmospwd] at time 14:12:32.705185 duration_in_ms=5.338 # [INFO ] Running state [cryptcat] at time 14:12:32.705335 # [INFO ] Executing state pkg.installed for [cryptcat] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] Package cryptcat is already installed # [INFO ] Completed state [cryptcat] at time 14:12:32.711019 duration_in_ms=5.684 # [INFO ] Running state [cryptsetup] at time 14:12:32.711168 # [INFO ] Executing state pkg.installed for [cryptsetup] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] Package cryptsetup is already installed # [INFO ] Completed state [cryptsetup] at time 14:12:32.716685 duration_in_ms=5.517 # [INFO ] Running state [curl] at time 14:12:32.716868 # [INFO ] Executing state pkg.installed for [curl] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] Package curl is already installed # [INFO ] Completed state [curl] at time 14:12:32.723138 duration_in_ms=6.27 # [INFO ] Running state [dc3dd] at time 14:12:32.723315 # [INFO ] Executing state pkg.installed for [dc3dd] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] Package dc3dd is already installed # [INFO ] Completed state [dc3dd] at time 14:12:32.729025 duration_in_ms=5.709 # [INFO ] Running state [dcfldd] at time 14:12:32.729163 # [INFO ] Executing state pkg.installed for [dcfldd] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] Package dcfldd is already installed # [INFO ] Completed state [dcfldd] at time 14:12:32.734048 duration_in_ms=4.884 # [INFO ] Running state [dconf-tools] at time 14:12:32.734176 # [INFO ] Executing state pkg.installed for [dconf-tools] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] Package dconf-tools is already installed # [INFO ] Completed state [dconf-tools] at time 14:12:32.741334 duration_in_ms=7.158 # [INFO ] Running state [docker-engine] at time 14:12:32.744339 # [INFO ] Executing state pkg.installed for [docker-engine] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] Package docker-engine is already installed # [INFO ] Completed state [docker-engine] at time 14:12:32.750800 duration_in_ms=6.461 # [INFO ] Running state [driftnet] at time 14:12:32.750991 # [INFO ] Executing state pkg.installed for [driftnet] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] Package driftnet is already installed # [INFO ] Completed state [driftnet] at time 14:12:32.757455 duration_in_ms=6.464 # [INFO ] Running state [dsniff] at time 14:12:32.757754 # [INFO ] Executing state pkg.installed for [dsniff] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] Package dsniff is already installed # [INFO ] Completed state [dsniff] at time 14:12:32.763483 duration_in_ms=5.729 # [INFO ] Running state [dumbpig] at time 14:12:32.763655 # [INFO ] Executing state pkg.installed for [dumbpig] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] Package dumbpig is already installed # [INFO ] Completed state [dumbpig] at time 14:12:32.769810 duration_in_ms=6.155 # [INFO ] Running state [e2fslibs-dev] at time 14:12:32.770006 # [INFO ] Executing state pkg.installed for [e2fslibs-dev] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] Package e2fslibs-dev is already installed # [INFO ] Completed state [e2fslibs-dev] at time 14:12:32.775849 duration_in_ms=5.843 # [INFO ] Running state [ent] at time 14:12:32.776080 # [INFO ] Executing state pkg.installed for [ent] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] Package ent is already installed # [INFO ] Completed state [ent] at time 14:12:32.781893 duration_in_ms=5.812 # [INFO ] Running state [epic5] at time 14:12:32.782072 # [INFO ] Executing state pkg.installed for [epic5] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] Package epic5 is already installed # [INFO ] Completed state [epic5] at time 14:12:32.788547 duration_in_ms=6.474 # [INFO ] Running state [etherape] at time 14:12:32.788725 # [INFO ] Executing state pkg.installed for [etherape] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] Package etherape is already installed # [INFO ] Completed state [etherape] at time 14:12:32.796003 duration_in_ms=7.276 # [INFO ] Running state [ettercap-graphical] at time 14:12:32.796181 # [INFO ] Executing state pkg.installed for [ettercap-graphical] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] Package ettercap-graphical is already installed # [INFO ] Completed state [ettercap-graphical] at time 14:12:32.802948 duration_in_ms=6.767 # [INFO ] Running state [exfat-fuse] at time 14:12:32.803131 # [INFO ] Executing state pkg.installed for [exfat-fuse] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] Package exfat-fuse is already installed # [INFO ] Completed state [exfat-fuse] at time 14:12:32.810278 duration_in_ms=7.146 # [INFO ] Running state [exfat-utils] at time 14:12:32.810430 # [INFO ] Executing state pkg.installed for [exfat-utils] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] Package exfat-utils is already installed # [INFO ] Completed state [exfat-utils] at time 14:12:32.816124 duration_in_ms=5.695 # [INFO ] Running state [exif] at time 14:12:32.816395 # [INFO ] Executing state pkg.installed for [exif] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] Package exif is already installed # [INFO ] Completed state [exif] at time 14:12:32.822754 duration_in_ms=6.359 # [INFO ] Running state [extundelete] at time 14:12:32.822911 # [INFO ] Executing state pkg.installed for [extundelete] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] Package extundelete is already installed # [INFO ] Completed state [extundelete] at time 14:12:32.829132 duration_in_ms=6.221 # [INFO ] Running state [fdupes] at time 14:12:32.829330 # [INFO ] Executing state pkg.installed for [fdupes] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] Package fdupes is already installed # [INFO ] Completed state [fdupes] at time 14:12:32.835229 duration_in_ms=5.898 # [INFO ] Running state [feh] at time 14:12:32.835434 # [INFO ] Executing state pkg.installed for [feh] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] Package feh is already installed # [INFO ] Completed state [feh] at time 14:12:32.841639 duration_in_ms=6.218 # [INFO ] Running state [flasm] at time 14:12:32.841823 # [INFO ] Executing state pkg.installed for [flasm] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] Package flasm is already installed # [INFO ] Completed state [flasm] at time 14:12:32.847237 duration_in_ms=5.413 # [INFO ] Running state [flex] at time 14:12:32.847410 # [INFO ] Executing state pkg.installed for [flex] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] Package flex is already installed # [INFO ] Completed state [flex] at time 14:12:32.853066 duration_in_ms=5.655 # [INFO ] Running state [foremost] at time 14:12:32.853239 # [INFO ] Executing state pkg.installed for [foremost] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] Package foremost is already installed # [INFO ] Completed state [foremost] at time 14:12:32.859108 duration_in_ms=5.868 # [INFO ] Running state [g++] at time 14:12:32.859260 # [INFO ] Executing state pkg.installed for [g++] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] Package g++ is already installed # [INFO ] Completed state [g++] at time 14:12:32.864651 duration_in_ms=5.391 # [INFO ] Running state [gawk] at time 14:12:32.864813 # [INFO ] Executing state pkg.installed for [gawk] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] Package gawk is already installed # [INFO ] Completed state [gawk] at time 14:12:32.870570 duration_in_ms=5.755 # [INFO ] Running state [gcc] at time 14:12:32.870745 # [INFO ] Executing state pkg.installed for [gcc] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] Package gcc is already installed # [INFO ] Completed state [gcc] at time 14:12:32.876683 duration_in_ms=5.937 # [INFO ] Running state [gdb] at time 14:12:32.876850 # [INFO ] Executing state pkg.installed for [gdb] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] Package gdb is already installed # [INFO ] Completed state [gdb] at time 14:12:32.882970 duration_in_ms=6.12 # [INFO ] Running state [gddrescue] at time 14:12:32.883144 # [INFO ] Executing state pkg.installed for [gddrescue] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] Package gddrescue is already installed # [INFO ] Completed state [gddrescue] at time 14:12:32.888969 duration_in_ms=5.824 # [INFO ] Running state [ghex] at time 14:12:32.889154 # [INFO ] Executing state pkg.installed for [ghex] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] Package ghex is already installed # [INFO ] Completed state [ghex] at time 14:12:32.894543 duration_in_ms=5.388 # [INFO ] Running state [git] at time 14:12:32.894751 # [INFO ] Executing state pkg.installed for [git] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] Package git is already installed # [INFO ] Completed state [git] at time 14:12:32.900590 duration_in_ms=5.838 # [INFO ] Running state [graphviz] at time 14:12:32.900759 # [INFO ] Executing state pkg.installed for [graphviz] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] Package graphviz is already installed # [INFO ] Completed state [graphviz] at time 14:12:32.906073 duration_in_ms=5.313 # [INFO ] Running state [gthumb] at time 14:12:32.906248 # [INFO ] Executing state pkg.installed for [gthumb] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] Package gthumb is already installed # [INFO ] Completed state [gthumb] at time 14:12:32.911403 duration_in_ms=5.154 # [INFO ] Running state [gzrt] at time 14:12:32.911557 # [INFO ] Executing state pkg.installed for [gzrt] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] Package gzrt is already installed # [INFO ] Completed state [gzrt] at time 14:12:32.918504 duration_in_ms=6.946 # [INFO ] Running state [hexedit] at time 14:12:32.918702 # [INFO ] Executing state pkg.installed for [hexedit] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] Package hexedit is already installed # [INFO ] Completed state [hexedit] at time 14:12:32.926180 duration_in_ms=7.476 # [INFO ] Running state [htop] at time 14:12:32.926398 # [INFO ] Executing state pkg.installed for [htop] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] Package htop is already installed # [INFO ] Completed state [htop] at time 14:12:32.933330 duration_in_ms=6.932 # [INFO ] Running state [hydra] at time 14:12:32.933509 # [INFO ] Executing state pkg.installed for [hydra] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] Package hydra is already installed # [INFO ] Completed state [hydra] at time 14:12:32.939746 duration_in_ms=6.237 # [INFO ] Running state [hydra-gtk] at time 14:12:32.940005 # [INFO ] Executing state pkg.installed for [hydra-gtk] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] Package hydra-gtk is already installed # [INFO ] Completed state [hydra-gtk] at time 14:12:32.945502 duration_in_ms=5.495 # [INFO ] Running state [ipython] at time 14:12:32.945652 # [INFO ] Executing state pkg.installed for [ipython] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] Package ipython is already installed # [INFO ] Completed state [ipython] at time 14:12:32.951091 duration_in_ms=5.438 # [INFO ] Running state [jq] at time 14:12:32.951232 # [INFO ] Executing state pkg.installed for [jq] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] Package jq is already installed # [INFO ] Completed state [jq] at time 14:12:32.956272 duration_in_ms=5.04 # [INFO ] Running state [kdiff3] at time 14:12:32.956450 # [INFO ] Executing state pkg.installed for [kdiff3] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] Package kdiff3 is already installed # [INFO ] Completed state [kdiff3] at time 14:12:32.962274 duration_in_ms=5.824 # [INFO ] Running state [knocker] at time 14:12:32.962452 # [INFO ] Executing state pkg.installed for [knocker] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] Package knocker is already installed # [INFO ] Completed state [knocker] at time 14:12:32.967659 duration_in_ms=5.206 # [INFO ] Running state [kpartx] at time 14:12:32.967851 # [INFO ] Executing state pkg.installed for [kpartx] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] Package kpartx is already installed # [INFO ] Completed state [kpartx] at time 14:12:32.973776 duration_in_ms=5.923 # [INFO ] Running state [lft] at time 14:12:32.973972 # [INFO ] Executing state pkg.installed for [lft] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] Package lft is already installed # [INFO ] Completed state [lft] at time 14:12:32.979452 duration_in_ms=5.479 # [INFO ] Running state [libafflib-dev] at time 14:12:32.979820 # [INFO ] Executing state pkg.installed for [libafflib-dev] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] Package libafflib-dev is already installed # [INFO ] Completed state [libafflib-dev] at time 14:12:32.984955 duration_in_ms=5.135 # [INFO ] Running state [libafflib0v5] at time 14:12:32.985107 # [INFO ] Executing state pkg.installed for [libafflib0v5] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] Package libafflib0v5 is already installed # [INFO ] Completed state [libafflib0v5] at time 14:12:32.990367 duration_in_ms=5.26 # [INFO ] Running state [libbde] at time 14:12:32.990545 # [INFO ] Executing state pkg.installed for [libbde] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] Package libbde is already installed # [INFO ] Completed state [libbde] at time 14:12:32.995522 duration_in_ms=4.977 # [INFO ] Running state [libbde-tools] at time 14:12:32.995655 # [INFO ] Executing state pkg.installed for [libbde-tools] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] Package libbde-tools is already installed # [INFO ] Completed state [libbde-tools] at time 14:12:33.000737 duration_in_ms=5.082 # [INFO ] Running state [libesedb] at time 14:12:33.000905 # [INFO ] Executing state pkg.installed for [libesedb] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] Package libesedb is already installed # [INFO ] Completed state [libesedb] at time 14:12:33.006883 duration_in_ms=5.978 # [INFO ] Running state [libesedb-tools] at time 14:12:33.007067 # [INFO ] Executing state pkg.installed for [libesedb-tools] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] Package libesedb-tools is already installed # [INFO ] Completed state [libesedb-tools] at time 14:12:33.012613 duration_in_ms=5.545 # [INFO ] Running state [libevt] at time 14:12:33.012779 # [INFO ] Executing state pkg.installed for [libevt] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] Package libevt is already installed # [INFO ] Completed state [libevt] at time 14:12:33.018419 duration_in_ms=5.628 # [INFO ] Running state [libevt-tools] at time 14:12:33.018584 # [INFO ] Executing state pkg.installed for [libevt-tools] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] Package libevt-tools is already installed # [INFO ] Completed state [libevt-tools] at time 14:12:33.024357 duration_in_ms=5.773 # [INFO ] Running state [libevtx] at time 14:12:33.024546 # [INFO ] Executing state pkg.installed for [libevtx] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] Package libevtx is already installed # [INFO ] Completed state [libevtx] at time 14:12:33.029519 duration_in_ms=4.972 # [INFO ] Running state [libevtx-tools] at time 14:12:33.029685 # [INFO ] Executing state pkg.installed for [libevtx-tools] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] Package libevtx-tools is already installed # [INFO ] Completed state [libevtx-tools] at time 14:12:33.035712 duration_in_ms=6.027 # [INFO ] Running state [libewf] at time 14:12:33.035849 # [INFO ] Executing state pkg.installed for [libewf] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] Package libewf is already installed # [INFO ] Completed state [libewf] at time 14:12:33.041097 duration_in_ms=5.247 # [INFO ] Running state [libewf-dev] at time 14:12:33.041270 # [INFO ] Executing state pkg.installed for [libewf-dev] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] Package libewf-dev is already installed # [INFO ] Completed state [libewf-dev] at time 14:12:33.047189 duration_in_ms=5.918 # [INFO ] Running state [libewf-python] at time 14:12:33.047350 # [INFO ] Executing state pkg.installed for [libewf-python] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] Package libewf-python is already installed # [INFO ] Completed state [libewf-python] at time 14:12:33.053610 duration_in_ms=6.26 # [INFO ] Running state [libewf-tools] at time 14:12:33.053862 # [INFO ] Executing state pkg.installed for [libewf-tools] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] Package libewf-tools is already installed # [INFO ] Completed state [libewf-tools] at time 14:12:33.059495 duration_in_ms=5.633 # [INFO ] Running state [libffi-dev] at time 14:12:33.059655 # [INFO ] Executing state pkg.installed for [libffi-dev] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] Package libffi-dev is already installed # [INFO ] Completed state [libffi-dev] at time 14:12:33.066025 duration_in_ms=6.368 # [INFO ] Running state [libfuse-dev] at time 14:12:33.066226 # [INFO ] Executing state pkg.installed for [libfuse-dev] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] Package libfuse-dev is already installed # [INFO ] Completed state [libfuse-dev] at time 14:12:33.072458 duration_in_ms=6.23 # [INFO ] Running state [libfvde] at time 14:12:33.074789 # [INFO ] Executing state pkg.installed for [libfvde] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] Package libfvde is already installed # [INFO ] Completed state [libfvde] at time 14:12:33.080744 duration_in_ms=5.955 # [INFO ] Running state [libfvde-tools] at time 14:12:33.080911 # [INFO ] Executing state pkg.installed for [libfvde-tools] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] Package libfvde-tools is already installed # [INFO ] Completed state [libfvde-tools] at time 14:12:33.086748 duration_in_ms=5.835 # [INFO ] Running state [liblightgrep] at time 14:12:33.086991 # [INFO ] Executing state pkg.installed for [liblightgrep] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] Package liblightgrep is already installed # [INFO ] Completed state [liblightgrep] at time 14:12:33.093166 duration_in_ms=6.174 # [INFO ] Running state [libmsiecf] at time 14:12:33.093339 # [INFO ] Executing state pkg.installed for [libmsiecf] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] Package libmsiecf is already installed # [INFO ] Completed state [libmsiecf] at time 14:12:33.099784 duration_in_ms=6.444 # [INFO ] Running state [libncurses5-dev] at time 14:12:33.100012 # [INFO ] Executing state pkg.installed for [libncurses5-dev] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] Package libncurses5-dev is already installed # [INFO ] Completed state [libncurses5-dev] at time 14:12:33.105889 duration_in_ms=5.877 # [INFO ] Running state [libnet1] at time 14:12:33.106106 # [INFO ] Executing state pkg.installed for [libnet1] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] Package libnet1 is already installed # [INFO ] Completed state [libnet1] at time 14:12:33.111815 duration_in_ms=5.709 # [INFO ] Running state [libolecf] at time 14:12:33.111999 # [INFO ] Executing state pkg.installed for [libolecf] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] Package libolecf is already installed # [INFO ] Completed state [libolecf] at time 14:12:33.117137 duration_in_ms=5.137 # [INFO ] Running state [libparse-win32registry-perl] at time 14:12:33.117273 # [INFO ] Executing state pkg.installed for [libparse-win32registry-perl] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] Package libparse-win32registry-perl is already installed # [INFO ] Completed state [libparse-win32registry-perl] at time 14:12:33.122685 duration_in_ms=5.411 # [INFO ] Running state [libpff] at time 14:12:33.122844 # [INFO ] Executing state pkg.installed for [libpff] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] Package libpff is already installed # [INFO ] Completed state [libpff] at time 14:12:33.128097 duration_in_ms=5.252 # [INFO ] Running state [libpff-dev] at time 14:12:33.128239 # [INFO ] Executing state pkg.installed for [libpff-dev] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] Package libpff-dev is already installed # [INFO ] Completed state [libpff-dev] at time 14:12:33.133851 duration_in_ms=5.611 # [INFO ] Running state [libpff-python] at time 14:12:33.134025 # [INFO ] Executing state pkg.installed for [libpff-python] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] Package libpff-python is already installed # [INFO ] Completed state [libpff-python] at time 14:12:33.139330 duration_in_ms=5.304 # [INFO ] Running state [libpff-tools] at time 14:12:33.139512 # [INFO ] Executing state pkg.installed for [libpff-tools] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] Package libpff-tools is already installed # [INFO ] Completed state [libpff-tools] at time 14:12:33.145007 duration_in_ms=5.495 # [INFO ] Running state [libplist-utils] at time 14:12:33.145173 # [INFO ] Executing state pkg.installed for [libplist-utils] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] Package libplist-utils is already installed # [INFO ] Completed state [libplist-utils] at time 14:12:33.150845 duration_in_ms=5.671 # [INFO ] Running state [libregf] at time 14:12:33.151022 # [INFO ] Executing state pkg.installed for [libregf] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] Package libregf is already installed # [INFO ] Completed state [libregf] at time 14:12:33.157331 duration_in_ms=6.309 # [INFO ] Running state [libregf-dev] at time 14:12:33.157509 # [INFO ] Executing state pkg.installed for [libregf-dev] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] Package libregf-dev is already installed # [INFO ] Completed state [libregf-dev] at time 14:12:33.162721 duration_in_ms=5.212 # [INFO ] Running state [libregf-python] at time 14:12:33.162854 # [INFO ] Executing state pkg.installed for [libregf-python] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] Package libregf-python is already installed # [INFO ] Completed state [libregf-python] at time 14:12:33.167707 duration_in_ms=4.853 # [INFO ] Running state [libregf-tools] at time 14:12:33.167836 # [INFO ] Executing state pkg.installed for [libregf-tools] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] Package libregf-tools is already installed # [INFO ] Completed state [libregf-tools] at time 14:12:33.173472 duration_in_ms=5.635 # [INFO ] Running state [libssl-dev] at time 14:12:33.173643 # [INFO ] Executing state pkg.installed for [libssl-dev] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] Package libssl-dev is already installed # [INFO ] Completed state [libssl-dev] at time 14:12:33.179162 duration_in_ms=5.518 # [INFO ] Running state [libtext-csv-perl] at time 14:12:33.179338 # [INFO ] Executing state pkg.installed for [libtext-csv-perl] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] Package libtext-csv-perl is already installed # [INFO ] Completed state [libtext-csv-perl] at time 14:12:33.185127 duration_in_ms=5.788 # [INFO ] Running state [libvmdk] at time 14:12:33.185292 # [INFO ] Executing state pkg.installed for [libvmdk] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] Package libvmdk is already installed # [INFO ] Completed state [libvmdk] at time 14:12:33.190947 duration_in_ms=5.654 # [INFO ] Running state [libvshadow] at time 14:12:33.191120 # [INFO ] Executing state pkg.installed for [libvshadow] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] Package libvshadow is already installed # [INFO ] Completed state [libvshadow] at time 14:12:33.196698 duration_in_ms=5.578 # [INFO ] Running state [libvshadow-dev] at time 14:12:33.196859 # [INFO ] Executing state pkg.installed for [libvshadow-dev] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] Package libvshadow-dev is already installed # [INFO ] Completed state [libvshadow-dev] at time 14:12:33.201998 duration_in_ms=5.139 # [INFO ] Running state [libvshadow-python] at time 14:12:33.202120 # [INFO ] Executing state pkg.installed for [libvshadow-python] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] Package libvshadow-python is already installed # [INFO ] Completed state [libvshadow-python] at time 14:12:33.207291 duration_in_ms=5.171 # [INFO ] Running state [libvshadow-tools] at time 14:12:33.207468 # [INFO ] Executing state pkg.installed for [libvshadow-tools] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] Package libvshadow-tools is already installed # [INFO ] Completed state [libvshadow-tools] at time 14:12:33.212703 duration_in_ms=5.233 # [INFO ] Running state [libxml2-dev] at time 14:12:33.212848 # [INFO ] Executing state pkg.installed for [libxml2-dev] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] Package libxml2-dev is already installed # [INFO ] Completed state [libxml2-dev] at time 14:12:33.218423 duration_in_ms=5.573 # [INFO ] Running state [libxslt-dev] at time 14:12:33.218580 # [INFO ] Executing state pkg.installed for [libxslt-dev] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] Package libxslt-dev is already installed # [INFO ] Completed state [libxslt-dev] at time 14:12:33.224012 duration_in_ms=5.432 # [INFO ] Running state [md5deep] at time 14:12:33.224204 # [INFO ] Executing state pkg.installed for [md5deep] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] Package md5deep is already installed # [INFO ] Completed state [md5deep] at time 14:12:33.229895 duration_in_ms=5.691 # [INFO ] Running state [nbd-client] at time 14:12:33.230053 # [INFO ] Executing state pkg.installed for [nbd-client] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] Package nbd-client is already installed # [INFO ] Completed state [nbd-client] at time 14:12:33.235337 duration_in_ms=5.284 # [INFO ] Running state [nbtscan] at time 14:12:33.235534 # [INFO ] Executing state pkg.installed for [nbtscan] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] Package nbtscan is already installed # [INFO ] Completed state [nbtscan] at time 14:12:33.240470 duration_in_ms=4.935 # [INFO ] Running state [netcat] at time 14:12:33.240630 # [INFO ] Executing state pkg.installed for [netcat] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] Package netcat is already installed # [INFO ] Completed state [netcat] at time 14:12:33.245913 duration_in_ms=5.283 # [INFO ] Running state [netpbm] at time 14:12:33.246049 # [INFO ] Executing state pkg.installed for [netpbm] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] Package netpbm is already installed # [INFO ] Completed state [netpbm] at time 14:12:33.250800 duration_in_ms=4.751 # [INFO ] Running state [netsed] at time 14:12:33.250955 # [INFO ] Executing state pkg.installed for [netsed] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] Package netsed is already installed # [INFO ] Completed state [netsed] at time 14:12:33.256119 duration_in_ms=5.163 # [INFO ] Running state [netwox] at time 14:12:33.256302 # [INFO ] Executing state pkg.installed for [netwox] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] Package netwox is already installed # [INFO ] Completed state [netwox] at time 14:12:33.263068 duration_in_ms=6.765 # [INFO ] Running state [nfdump] at time 14:12:33.263221 # [INFO ] Executing state pkg.installed for [nfdump] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] Package nfdump is already installed # [INFO ] Completed state [nfdump] at time 14:12:33.268553 duration_in_ms=5.331 # [INFO ] Running state [ngrep] at time 14:12:33.268725 # [INFO ] Executing state pkg.installed for [ngrep] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] Package ngrep is already installed # [INFO ] Completed state [ngrep] at time 14:12:33.335554 duration_in_ms=66.827 # [INFO ] Running state [nikto] at time 14:12:33.337056 # [INFO ] Executing state pkg.installed for [nikto] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] Package nikto is already installed # [INFO ] Completed state [nikto] at time 14:12:33.342481 duration_in_ms=5.425 # [INFO ] Running state [okular] at time 14:12:33.342622 # [INFO ] Executing state pkg.installed for [okular] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] Package okular is already installed # [INFO ] Completed state [okular] at time 14:12:33.347886 duration_in_ms=5.263 # [INFO ] Running state [open-iscsi] at time 14:12:33.348091 # [INFO ] Executing state pkg.installed for [open-iscsi] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] Package open-iscsi is already installed # [INFO ] Completed state [open-iscsi] at time 14:12:33.354230 duration_in_ms=6.138 # [INFO ] Running state [openjdk-7-jdk] at time 14:12:33.356676 # [INFO ] Executing state pkg.installed for [openjdk-7-jdk] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] Package openjdk-7-jdk is already installed # [INFO ] Completed state [openjdk-7-jdk] at time 14:12:33.362434 duration_in_ms=5.757 # [INFO ] Running state [ophcrack] at time 14:12:33.362621 # [INFO ] Executing state pkg.installed for [ophcrack] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] Package ophcrack is already installed # [INFO ] Completed state [ophcrack] at time 14:12:33.368655 duration_in_ms=6.034 # [INFO ] Running state [ophcrack-cli] at time 14:12:33.368843 # [INFO ] Executing state pkg.installed for [ophcrack-cli] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] Package ophcrack-cli is already installed # [INFO ] Completed state [ophcrack-cli] at time 14:12:33.374270 duration_in_ms=5.427 # [INFO ] Running state [outguess] at time 14:12:33.374436 # [INFO ] Executing state pkg.installed for [outguess] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] Package outguess is already installed # [INFO ] Completed state [outguess] at time 14:12:33.379306 duration_in_ms=4.87 # [INFO ] Running state [p0f] at time 14:12:33.379457 # [INFO ] Executing state pkg.installed for [p0f] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] Package p0f is already installed # [INFO ] Completed state [p0f] at time 14:12:33.384542 duration_in_ms=5.085 # [INFO ] Running state [p7zip-full] at time 14:12:33.384672 # [INFO ] Executing state pkg.installed for [p7zip-full] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] Package p7zip-full is already installed # [INFO ] Completed state [p7zip-full] at time 14:12:33.390035 duration_in_ms=5.363 # [INFO ] Running state [pdftk] at time 14:12:33.390212 # [INFO ] Executing state pkg.installed for [pdftk] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] Package pdftk is already installed # [INFO ] Completed state [pdftk] at time 14:12:33.395525 duration_in_ms=5.313 # [INFO ] Running state [perl] at time 14:12:33.395703 # [INFO ] Executing state pkg.installed for [perl] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] Package perl is already installed # [INFO ] Completed state [perl] at time 14:12:33.401396 duration_in_ms=5.692 # [DEBUG ] LazyLoaded cmd.wait # [INFO ] Running state [perl -MCPAN -e 'my $c = "CPAN::HandleConfig"; $c->load(doit => 1, autoconfig => 1); $c->edit(prerequisites_policy => "follow"); $c->edit(build_requires_install_policy => "yes"); $c->commit'] at time 14:12:33.412199 # [INFO ] Executing state cmd.wait for [perl -MCPAN -e 'my $c = "CPAN::HandleConfig"; $c->load(doit => 1, autoconfig => 1); $c->edit(prerequisites_policy => "follow"); $c->edit(build_requires_install_policy => "yes"); $c->commit'] # [INFO ] No changes made for perl -MCPAN -e 'my $c = "CPAN::HandleConfig"; $c->load(doit => 1, autoconfig => 1); $c->edit(prerequisites_policy => "follow"); $c->edit(build_requires_install_policy => "yes"); $c->commit' # [INFO ] Completed state [perl -MCPAN -e 'my $c = "CPAN::HandleConfig"; $c->load(doit => 1, autoconfig => 1); $c->edit(prerequisites_policy => "follow"); $c->edit(build_requires_install_policy => "yes"); $c->commit'] at time 14:12:33.412845 duration_in_ms=0.646 # [INFO ] Running state [pev] at time 14:12:33.413011 # [INFO ] Executing state pkg.installed for [pev] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] Package pev is already installed # [INFO ] Completed state [pev] at time 14:12:33.419012 duration_in_ms=6.001 # [INFO ] Running state [phonon] at time 14:12:33.419171 # [INFO ] Executing state pkg.installed for [phonon] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] Package phonon is already installed # [INFO ] Completed state [phonon] at time 14:12:33.425294 duration_in_ms=6.122 # [INFO ] Running state [pkg-config] at time 14:12:33.425465 # [INFO ] Executing state pkg.installed for [pkg-config] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] Package pkg-config is already installed # [INFO ] Completed state [pkg-config] at time 14:12:33.430837 duration_in_ms=5.372 # [DEBUG ] LazyLoaded file.managed # [INFO ] Running state [/var/cache/sift/archives/powershell_6.0.0-alpha.13-1ubuntu1.16.04.1_amd64.deb] at time 14:12:33.434173 # [INFO ] Executing state file.managed for [/var/cache/sift/archives/powershell_6.0.0-alpha.13-1ubuntu1.16.04.1_amd64.deb] # [DEBUG ] LazyLoaded roots.envs # [DEBUG ] Could not LazyLoad roots.init: 'roots.init' is not available. # [DEBUG ] Requesting URL https://github.com/Powershell/Powershell/releases/download/v6.0.0-alpha.13/powershell_6.0.0-alpha.13-1ubuntu1.16.04.1_amd64.deb using GET method # [INFO ] File /var/cache/sift/archives/powershell_6.0.0-alpha.13-1ubuntu1.16.04.1_amd64.deb is in the correct state # [INFO ] Completed state [/var/cache/sift/archives/powershell_6.0.0-alpha.13-1ubuntu1.16.04.1_amd64.deb] at time 14:12:45.171637 duration_in_ms=11737.464 # [INFO ] Running state [sift-powershell] at time 14:12:45.174130 # [INFO ] Executing state pkg.installed for [sift-powershell] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] Executing command ['dpkg', '-I', '/var/cache/sift/archives/powershell_6.0.0-alpha.13-1ubuntu1.16.04.1_amd64.deb'] in directory '/home/sansforensics' # [INFO ] All specified packages are already installed # [INFO ] Completed state [sift-powershell] at time 14:12:45.280869 duration_in_ms=106.739 # [INFO ] Running state [pv] at time 14:12:45.281220 # [INFO ] Executing state pkg.installed for [pv] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] Package pv is already installed # [INFO ] Completed state [pv] at time 14:12:45.289004 duration_in_ms=7.783 # [INFO ] Running state [pyew] at time 14:12:45.289154 # [INFO ] Executing state pkg.installed for [pyew] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] Package pyew is already installed # [INFO ] Completed state [pyew] at time 14:12:45.294098 duration_in_ms=4.944 # [INFO ] Running state [python] at time 14:12:45.294232 # [INFO ] Executing state pkg.installed for [python] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] Package python is already installed # [INFO ] Completed state [python] at time 14:12:45.300480 duration_in_ms=6.247 # [INFO ] Running state [python-dev] at time 14:12:45.300641 # [INFO ] Executing state pkg.installed for [python-dev] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] Package python-dev is already installed # [INFO ] Completed state [python-dev] at time 14:12:45.306339 duration_in_ms=5.697 # [INFO ] Running state [python-dfvfs] at time 14:12:45.310593 # [INFO ] Executing state pkg.installed for [python-dfvfs] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] Executing command ['dpkg', '--get-selections', 'python-dfvfs'] in directory '/home/sansforensics' # [INFO ] Version 20160108-1ppa1~xenial of package 'python-dfvfs' is already installed. Package python-dfvfs is already set to be held. # [INFO ] Completed state [python-dfvfs] at time 14:12:45.438768 duration_in_ms=128.175 # [INFO ] Running state [python-flowgrep] at time 14:12:45.439010 # [INFO ] Executing state pkg.installed for [python-flowgrep] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] Package python-flowgrep is already installed # [INFO ] Completed state [python-flowgrep] at time 14:12:45.445428 duration_in_ms=6.418 # [INFO ] Running state [python-fuse] at time 14:12:45.445563 # [INFO ] Executing state pkg.installed for [python-fuse] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] Package python-fuse is already installed # [INFO ] Completed state [python-fuse] at time 14:12:45.450733 duration_in_ms=5.168 # [INFO ] Running state [python-nids] at time 14:12:45.450893 # [INFO ] Executing state pkg.installed for [python-nids] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] Package python-nids is already installed # [INFO ] Completed state [python-nids] at time 14:12:45.456380 duration_in_ms=5.485 # [INFO ] Running state [python-ntdsxtract] at time 14:12:45.456529 # [INFO ] Executing state pkg.installed for [python-ntdsxtract] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] Package python-ntdsxtract is already installed # [INFO ] Completed state [python-ntdsxtract] at time 14:12:45.462126 duration_in_ms=5.597 # [INFO ] Running state [python-pefile] at time 14:12:45.462300 # [INFO ] Executing state pkg.installed for [python-pefile] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] Package python-pefile is already installed # [INFO ] Completed state [python-pefile] at time 14:12:45.470437 duration_in_ms=8.136 # [INFO ] Running state [python-pip] at time 14:12:45.470601 # [INFO ] Executing state pkg.installed for [python-pip] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] Package python-pip is already installed # [INFO ] Completed state [python-pip] at time 14:12:45.476608 duration_in_ms=6.006 # [INFO ] Running state [python3-xlsxwriter] at time 14:12:45.476851 # [INFO ] Executing state pkg.removed for [python3-xlsxwriter] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] All specified packages are already absent # [INFO ] Completed state [python3-xlsxwriter] at time 14:12:45.488080 duration_in_ms=11.229 # [INFO ] Running state [python-xlsxwriter] at time 14:12:45.488360 # [INFO ] Executing state pkg.installed for [python-xlsxwriter] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] Package python-xlsxwriter is already installed # [INFO ] Completed state [python-xlsxwriter] at time 14:12:45.494150 duration_in_ms=5.789 # [INFO ] Running state [python-plaso] at time 14:12:45.501523 # [INFO ] Executing state pkg.installed for [python-plaso] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] Executing command ['dpkg', '--get-selections', 'python-plaso'] in directory '/home/sansforensics' # [INFO ] Version 1.4.0-1ppa3~xenial of package 'python-plaso' is already installed. Package python-plaso is already set to be held. # [INFO ] Completed state [python-plaso] at time 14:12:45.626254 duration_in_ms=124.73 # [INFO ] Running state [pytsk3] at time 14:12:45.626513 # [INFO ] Executing state pkg.removed for [pytsk3] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] All specified packages are already absent # [INFO ] Completed state [pytsk3] at time 14:12:45.636919 duration_in_ms=10.406 # [INFO ] Running state [python-pytsk3] at time 14:12:45.637114 # [INFO ] Executing state pkg.installed for [python-pytsk3] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] Package python-pytsk3 is already installed # [INFO ] Completed state [python-pytsk3] at time 14:12:45.642769 duration_in_ms=5.655 # [INFO ] Running state [python-qt4] at time 14:12:45.642932 # [INFO ] Executing state pkg.installed for [python-qt4] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] Package python-qt4 is already installed # [INFO ] Completed state [python-qt4] at time 14:12:45.650203 duration_in_ms=7.271 # [INFO ] Running state [python-tk] at time 14:12:45.650383 # [INFO ] Executing state pkg.installed for [python-tk] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] Package python-tk is already installed # [INFO ] Completed state [python-tk] at time 14:12:45.655552 duration_in_ms=5.168 # [INFO ] Running state [python-virtualenv] at time 14:12:45.655716 # [INFO ] Executing state pkg.installed for [python-virtualenv] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] Package python-virtualenv is already installed # [INFO ] Completed state [python-virtualenv] at time 14:12:45.661467 duration_in_ms=5.75 # [DEBUG ] LazyLoaded boto_datapipeline.create_pipeline # [DEBUG ] lzma module is not available # [DEBUG ] Registered VCS backend: git # [DEBUG ] Registered VCS backend: hg # [DEBUG ] Registered VCS backend: svn # [DEBUG ] Registered VCS backend: bzr # [DEBUG ] LazyLoaded pip.installed # [INFO ] Running state [colorama] at time 14:12:46.335227 # [INFO ] Executing state pip.installed for [colorama] # [DEBUG ] Installed pip version: 9.0.1 # [INFO ] Executing command '/usr/local/bin/pip2.7 --version' in directory '/home/sansforensics' # [DEBUG ] output: pip 9.0.1 from /usr/local/lib/python2.7/dist-packages (python 2.7) # [INFO ] Executing command ['/usr/local/bin/pip2.7', 'freeze', '--all'] in directory '/home/sansforensics' # [DEBUG ] stdout: adium-theme-ubuntu==0.3.4 alembic==0.9.3 amqp==2.1.4 analyzeMFT==2.0.19 aniso8601==1.2.1 apsw==3.8.11.1.post1 artifacts==20161022 bcrypt==3.1.3 bencode==1.0 billiard==3.5.0.2 binplist==0.1.5 bitstring==3.1.5 blinker==1.4 celery==4.0.2 cffi==1.10.0 CFPropertyList==0.0.1 click==6.7 colorama==0.3.9 construct==2.5.3 coverage==4.4.1 cybox==2.1.0.14 decorator==4.0.6 dfdatetime==20161101 dfvfs==20160108 dfwinreg==20160428 distorm3==3.3.4 dnspython==1.12.0 docopt==0.6.2 dpapick==0.3 dpkt==1.8 DSV==1.4.1 dumbnet==1.12 ecdsa==0.13 efilter==1!1.5 elasticsearch==5.4.0 enum34==1.1.6 Flask==0.12.2 Flask-Bcrypt==0.7.1 Flask-Login==0.4.0 Flask-Migrate==2.0.4 Flask-RESTful==0.3.6 Flask-Script==2.0.5 Flask-SQLAlchemy==2.2 Flask-WTF==0.14.2 flowgrep==0.9 funcsigs==0.4 fuse-python==0.2.1 future==0.16.0 futures==3.0.5 geoip2==2.5.0 hachoir-core==1.3.3 hachoir-metadata==1.3.3 hachoir-parser==1.3.4 haystack==0.42 hexdump==3.3 ioc-writer==0.3.3 ipaddress==1.0.18 ipython==2.4.1 itsdangerous==0.24 Jinja2==2.8 kombu==4.0.2 lxml==3.8.0 M2Crypto==0.26.0 Mako==1.0.3 MarkupSafe==0.23 maxminddb==1.3.0 mixbox==1.0.2 mock==1.3.0 msgpack-python==0.4.6 ntdsxtract==1.2b0 ordered-set==2.0.2 ordereddict==1.1 paramiko==1.16.0 pbr==1.8.0 pefile==2017.9.3 pexpect==4.0.1 pip==9.0.1 plaso==1.4.0 protobuf==2.6.1 psutil==4.3.1 ptyprocess==0.5 py==1.4.34 pyasn1==0.3.3 pycoin==0.77 pycparser==2.18 pycrypto==2.6.1 pycurl==7.43.0 PyMySQL==0.7.2 pynids==0.6.1 pyparsing==2.1.5 pyserial==3.0.1 PySocks==1.6.7 pytest==3.1.3 pytest-cov==2.5.1 python-apt==1.1.0b1 python-dateutil==2.5.3 python-editor==1.0.3 python-evtx==0.6.0 python-magic==0.4.13 python-ptrace==0.9.2 python-registry==1.0.4 python-systemd==231 pytsk3==20160721 pytz==2016.6.1 PyYAML==3.11 pyzmq==16.0.0 redis==2.10.5 requests==2.11.1 salt==2017.7.1 setuptools==36.4.0 simplegeneric==0.8.1 simplejson==3.11.1 six==1.10.0 SQLAlchemy==1.1.11 stix==1.2.0.4 stix-validator==2.5.0 timesketch==2016.11 tornado==4.2.1 typing==3.6.2 unicodecsv==0.14.1 unity-lens-photos==1.0 usnparser==4.0.3 vine==1.1.3 virtualenv==15.0.1 virustotal-api==1.1.7 volatility==2.6 weakrefmethod==1.0.3 Werkzeug==0.12.2 wheel==0.29.0 windowsprefetch==3.0.5 WTForms==2.1 wxPython==3.0.2.0 wxPython-common==3.0.2.0 xdot==0.6 xlrd==1.0.0 XlsxWriter==0.9.3 yara-python==3.6.3 # [DEBUG ] stderr: The directory '/home/sansforensics/.cache/pip/http' or its parent directory is not owned by the current user and the cache has been disabled. Please check the permissions and owner of that directory. If executing pip with sudo, you may want sudo's -H flag. # [DEBUG ] CLEANUP_REQUIREMENTS: [] # [DEBUG ] TRY BLOCK: end of pip.install -- cmd: ['/usr/local/bin/pip2.7', 'install'], cmd_kwargs: {'runas': None, 'use_vt': False, 'saltenv': 'base'} # [INFO ] Executing command ['/usr/local/bin/pip2.7', 'install'] in directory '/home/sansforensics' # [DEBUG ] stderr: The directory '/home/sansforensics/.cache/pip/http' or its parent directory is not owned by the current user and the cache has been disabled. Please check the permissions and owner of that directory. If executing pip with sudo, you may want sudo's -H flag. The directory '/home/sansforensics/.cache/pip' or its parent directory is not owned by the current user and caching wheels has been disabled. check the permissions and owner of that directory. If executing pip with sudo, you may want sudo's -H flag. You must give at least one requirement to install (see "pip help install") # [INFO ] Python package colorama was already installed All packages were successfully installed # [INFO ] Completed state [colorama] at time 14:12:48.617943 duration_in_ms=2282.716 # [INFO ] Running state [construct] at time 14:12:48.623811 # [INFO ] Executing state pip.installed for [construct] # [DEBUG ] Installed pip version: 9.0.1 # [INFO ] Executing command '/usr/local/bin/pip2.7 --version' in directory '/home/sansforensics' # [DEBUG ] output: pip 9.0.1 from /usr/local/lib/python2.7/dist-packages (python 2.7) # [INFO ] Executing command ['/usr/local/bin/pip2.7', 'freeze', '--all'] in directory '/home/sansforensics' # [DEBUG ] stdout: adium-theme-ubuntu==0.3.4 alembic==0.9.3 amqp==2.1.4 analyzeMFT==2.0.19 aniso8601==1.2.1 apsw==3.8.11.1.post1 artifacts==20161022 bcrypt==3.1.3 bencode==1.0 billiard==3.5.0.2 binplist==0.1.5 bitstring==3.1.5 blinker==1.4 celery==4.0.2 cffi==1.10.0 CFPropertyList==0.0.1 click==6.7 colorama==0.3.9 construct==2.5.3 coverage==4.4.1 cybox==2.1.0.14 decorator==4.0.6 dfdatetime==20161101 dfvfs==20160108 dfwinreg==20160428 distorm3==3.3.4 dnspython==1.12.0 docopt==0.6.2 dpapick==0.3 dpkt==1.8 DSV==1.4.1 dumbnet==1.12 ecdsa==0.13 efilter==1!1.5 elasticsearch==5.4.0 enum34==1.1.6 Flask==0.12.2 Flask-Bcrypt==0.7.1 Flask-Login==0.4.0 Flask-Migrate==2.0.4 Flask-RESTful==0.3.6 Flask-Script==2.0.5 Flask-SQLAlchemy==2.2 Flask-WTF==0.14.2 flowgrep==0.9 funcsigs==0.4 fuse-python==0.2.1 future==0.16.0 futures==3.0.5 geoip2==2.5.0 hachoir-core==1.3.3 hachoir-metadata==1.3.3 hachoir-parser==1.3.4 haystack==0.42 hexdump==3.3 ioc-writer==0.3.3 ipaddress==1.0.18 ipython==2.4.1 itsdangerous==0.24 Jinja2==2.8 kombu==4.0.2 lxml==3.8.0 M2Crypto==0.26.0 Mako==1.0.3 MarkupSafe==0.23 maxminddb==1.3.0 mixbox==1.0.2 mock==1.3.0 msgpack-python==0.4.6 ntdsxtract==1.2b0 ordered-set==2.0.2 ordereddict==1.1 paramiko==1.16.0 pbr==1.8.0 pefile==2017.9.3 pexpect==4.0.1 pip==9.0.1 plaso==1.4.0 protobuf==2.6.1 psutil==4.3.1 ptyprocess==0.5 py==1.4.34 pyasn1==0.3.3 pycoin==0.77 pycparser==2.18 pycrypto==2.6.1 pycurl==7.43.0 PyMySQL==0.7.2 pynids==0.6.1 pyparsing==2.1.5 pyserial==3.0.1 PySocks==1.6.7 pytest==3.1.3 pytest-cov==2.5.1 python-apt==1.1.0b1 python-dateutil==2.5.3 python-editor==1.0.3 python-evtx==0.6.0 python-magic==0.4.13 python-ptrace==0.9.2 python-registry==1.0.4 python-systemd==231 pytsk3==20160721 pytz==2016.6.1 PyYAML==3.11 pyzmq==16.0.0 redis==2.10.5 requests==2.11.1 salt==2017.7.1 setuptools==36.4.0 simplegeneric==0.8.1 simplejson==3.11.1 six==1.10.0 SQLAlchemy==1.1.11 stix==1.2.0.4 stix-validator==2.5.0 timesketch==2016.11 tornado==4.2.1 typing==3.6.2 unicodecsv==0.14.1 unity-lens-photos==1.0 usnparser==4.0.3 vine==1.1.3 virtualenv==15.0.1 virustotal-api==1.1.7 volatility==2.6 weakrefmethod==1.0.3 Werkzeug==0.12.2 wheel==0.29.0 windowsprefetch==3.0.5 WTForms==2.1 wxPython==3.0.2.0 wxPython-common==3.0.2.0 xdot==0.6 xlrd==1.0.0 XlsxWriter==0.9.3 yara-python==3.6.3 # [DEBUG ] stderr: The directory '/home/sansforensics/.cache/pip/http' or its parent directory is not owned by the current user and the cache has been disabled. Please check the permissions and owner of that directory. If executing pip with sudo, you may want sudo's -H flag. # [DEBUG ] CLEANUP_REQUIREMENTS: [] # [DEBUG ] TRY BLOCK: end of pip.install -- cmd: ['/usr/local/bin/pip2.7', 'install'], cmd_kwargs: {'runas': None, 'use_vt': False, 'saltenv': 'base'} # [INFO ] Executing command ['/usr/local/bin/pip2.7', 'install'] in directory '/home/sansforensics' # [DEBUG ] stderr: The directory '/home/sansforensics/.cache/pip/http' or its parent directory is not owned by the current user and the cache has been disabled. Please check the permissions and owner of that directory. If executing pip with sudo, you may want sudo's -H flag. The directory '/home/sansforensics/.cache/pip' or its parent directory is not owned by the current user and caching wheels has been disabled. check the permissions and owner of that directory. If executing pip with sudo, you may want sudo's -H flag. You must give at least one requirement to install (see "pip help install") # [INFO ] Python package construct was already installed All packages were successfully installed # [INFO ] Completed state [construct] at time 14:12:50.574207 duration_in_ms=1950.393 # [INFO ] Running state [dpapick] at time 14:12:50.584441 # [INFO ] Executing state pip.installed for [dpapick] # [DEBUG ] Installed pip version: 9.0.1 # [INFO ] Executing command '/usr/local/bin/pip2.7 --version' in directory '/home/sansforensics' # [DEBUG ] output: pip 9.0.1 from /usr/local/lib/python2.7/dist-packages (python 2.7) # [INFO ] Executing command ['/usr/local/bin/pip2.7', 'freeze', '--all'] in directory '/home/sansforensics' # [DEBUG ] stdout: adium-theme-ubuntu==0.3.4 alembic==0.9.3 amqp==2.1.4 analyzeMFT==2.0.19 aniso8601==1.2.1 apsw==3.8.11.1.post1 artifacts==20161022 bcrypt==3.1.3 bencode==1.0 billiard==3.5.0.2 binplist==0.1.5 bitstring==3.1.5 blinker==1.4 celery==4.0.2 cffi==1.10.0 CFPropertyList==0.0.1 click==6.7 colorama==0.3.9 construct==2.5.3 coverage==4.4.1 cybox==2.1.0.14 decorator==4.0.6 dfdatetime==20161101 dfvfs==20160108 dfwinreg==20160428 distorm3==3.3.4 dnspython==1.12.0 docopt==0.6.2 dpapick==0.3 dpkt==1.8 DSV==1.4.1 dumbnet==1.12 ecdsa==0.13 efilter==1!1.5 elasticsearch==5.4.0 enum34==1.1.6 Flask==0.12.2 Flask-Bcrypt==0.7.1 Flask-Login==0.4.0 Flask-Migrate==2.0.4 Flask-RESTful==0.3.6 Flask-Script==2.0.5 Flask-SQLAlchemy==2.2 Flask-WTF==0.14.2 flowgrep==0.9 funcsigs==0.4 fuse-python==0.2.1 future==0.16.0 futures==3.0.5 geoip2==2.5.0 hachoir-core==1.3.3 hachoir-metadata==1.3.3 hachoir-parser==1.3.4 haystack==0.42 hexdump==3.3 ioc-writer==0.3.3 ipaddress==1.0.18 ipython==2.4.1 itsdangerous==0.24 Jinja2==2.8 kombu==4.0.2 lxml==3.8.0 M2Crypto==0.26.0 Mako==1.0.3 MarkupSafe==0.23 maxminddb==1.3.0 mixbox==1.0.2 mock==1.3.0 msgpack-python==0.4.6 ntdsxtract==1.2b0 ordered-set==2.0.2 ordereddict==1.1 paramiko==1.16.0 pbr==1.8.0 pefile==2017.9.3 pexpect==4.0.1 pip==9.0.1 plaso==1.4.0 protobuf==2.6.1 psutil==4.3.1 ptyprocess==0.5 py==1.4.34 pyasn1==0.3.3 pycoin==0.77 pycparser==2.18 pycrypto==2.6.1 pycurl==7.43.0 PyMySQL==0.7.2 pynids==0.6.1 pyparsing==2.1.5 pyserial==3.0.1 PySocks==1.6.7 pytest==3.1.3 pytest-cov==2.5.1 python-apt==1.1.0b1 python-dateutil==2.5.3 python-editor==1.0.3 python-evtx==0.6.0 python-magic==0.4.13 python-ptrace==0.9.2 python-registry==1.0.4 python-systemd==231 pytsk3==20160721 pytz==2016.6.1 PyYAML==3.11 pyzmq==16.0.0 redis==2.10.5 requests==2.11.1 salt==2017.7.1 setuptools==36.4.0 simplegeneric==0.8.1 simplejson==3.11.1 six==1.10.0 SQLAlchemy==1.1.11 stix==1.2.0.4 stix-validator==2.5.0 timesketch==2016.11 tornado==4.2.1 typing==3.6.2 unicodecsv==0.14.1 unity-lens-photos==1.0 usnparser==4.0.3 vine==1.1.3 virtualenv==15.0.1 virustotal-api==1.1.7 volatility==2.6 weakrefmethod==1.0.3 Werkzeug==0.12.2 wheel==0.29.0 windowsprefetch==3.0.5 WTForms==2.1 wxPython==3.0.2.0 wxPython-common==3.0.2.0 xdot==0.6 xlrd==1.0.0 XlsxWriter==0.9.3 yara-python==3.6.3 # [DEBUG ] stderr: The directory '/home/sansforensics/.cache/pip/http' or its parent directory is not owned by the current user and the cache has been disabled. Please check the permissions and owner of that directory. If executing pip with sudo, you may want sudo's -H flag. # [DEBUG ] CLEANUP_REQUIREMENTS: [] # [DEBUG ] TRY BLOCK: end of pip.install -- cmd: ['/usr/local/bin/pip2.7', 'install', '--upgrade', 'dpapick'], cmd_kwargs: {'runas': None, 'use_vt': False, 'saltenv': 'base'} # [INFO ] Executing command ['/usr/local/bin/pip2.7', 'install', '--upgrade', 'dpapick'] in directory '/home/sansforensics' # [DEBUG ] stdout: Requirement already up-to-date: dpapick in /usr/local/lib/python2.7/dist-packages Requirement already up-to-date: python-registry>=1.0.4 in /usr/local/lib/python2.7/dist-packages (from dpapick) Requirement already up-to-date: CFPropertyList in /usr/local/lib/python2.7/dist-packages (from dpapick) Requirement already up-to-date: M2Crypto>=0.21.1 in /usr/local/lib/python2.7/dist-packages (from dpapick) Collecting pyasn1>=0.1.7 (from dpapick) Downloading pyasn1-0.3.4-py2.py3-none-any.whl (63kB) Requirement already up-to-date: enum34 in /usr/local/lib/python2.7/dist-packages (from python-registry>=1.0.4->dpapick) Requirement already up-to-date: typing in /usr/local/lib/python2.7/dist-packages (from M2Crypto>=0.21.1->dpapick) Installing collected packages: pyasn1 Found existing installation: pyasn1 0.3.3 Uninstalling pyasn1-0.3.3: Successfully uninstalled pyasn1-0.3.3 Successfully installed pyasn1-0.3.4 # [DEBUG ] stderr: The directory '/home/sansforensics/.cache/pip/http' or its parent directory is not owned by the current user and the cache has been disabled. Please check the permissions and owner of that directory. If executing pip with sudo, you may want sudo's -H flag. The directory '/home/sansforensics/.cache/pip' or its parent directory is not owned by the current user and caching wheels has been disabled. check the permissions and owner of that directory. If executing pip with sudo, you may want sudo's -H flag. # [INFO ] Executing command '/usr/local/bin/pip2.7 --version' in directory '/home/sansforensics' # [DEBUG ] output: pip 9.0.1 from /usr/local/lib/python2.7/dist-packages (python 2.7) # [INFO ] Executing command ['/usr/local/bin/pip2.7', 'freeze', '--all'] in directory '/home/sansforensics' # [DEBUG ] stdout: adium-theme-ubuntu==0.3.4 alembic==0.9.3 amqp==2.1.4 analyzeMFT==2.0.19 aniso8601==1.2.1 apsw==3.8.11.1.post1 artifacts==20161022 bcrypt==3.1.3 bencode==1.0 billiard==3.5.0.2 binplist==0.1.5 bitstring==3.1.5 blinker==1.4 celery==4.0.2 cffi==1.10.0 CFPropertyList==0.0.1 click==6.7 colorama==0.3.9 construct==2.5.3 coverage==4.4.1 cybox==2.1.0.14 decorator==4.0.6 dfdatetime==20161101 dfvfs==20160108 dfwinreg==20160428 distorm3==3.3.4 dnspython==1.12.0 docopt==0.6.2 dpapick==0.3 dpkt==1.8 DSV==1.4.1 dumbnet==1.12 ecdsa==0.13 efilter==1!1.5 elasticsearch==5.4.0 enum34==1.1.6 Flask==0.12.2 Flask-Bcrypt==0.7.1 Flask-Login==0.4.0 Flask-Migrate==2.0.4 Flask-RESTful==0.3.6 Flask-Script==2.0.5 Flask-SQLAlchemy==2.2 Flask-WTF==0.14.2 flowgrep==0.9 funcsigs==0.4 fuse-python==0.2.1 future==0.16.0 futures==3.0.5 geoip2==2.5.0 hachoir-core==1.3.3 hachoir-metadata==1.3.3 hachoir-parser==1.3.4 haystack==0.42 hexdump==3.3 ioc-writer==0.3.3 ipaddress==1.0.18 ipython==2.4.1 itsdangerous==0.24 Jinja2==2.8 kombu==4.0.2 lxml==3.8.0 M2Crypto==0.26.0 Mako==1.0.3 MarkupSafe==0.23 maxminddb==1.3.0 mixbox==1.0.2 mock==1.3.0 msgpack-python==0.4.6 ntdsxtract==1.2b0 ordered-set==2.0.2 ordereddict==1.1 paramiko==1.16.0 pbr==1.8.0 pefile==2017.9.3 pexpect==4.0.1 pip==9.0.1 plaso==1.4.0 protobuf==2.6.1 psutil==4.3.1 ptyprocess==0.5 py==1.4.34 pyasn1==0.3.4 pycoin==0.77 pycparser==2.18 pycrypto==2.6.1 pycurl==7.43.0 PyMySQL==0.7.2 pynids==0.6.1 pyparsing==2.1.5 pyserial==3.0.1 PySocks==1.6.7 pytest==3.1.3 pytest-cov==2.5.1 python-apt==1.1.0b1 python-dateutil==2.5.3 python-editor==1.0.3 python-evtx==0.6.0 python-magic==0.4.13 python-ptrace==0.9.2 python-registry==1.0.4 python-systemd==231 pytsk3==20160721 pytz==2016.6.1 PyYAML==3.11 pyzmq==16.0.0 redis==2.10.5 requests==2.11.1 salt==2017.7.1 setuptools==36.4.0 simplegeneric==0.8.1 simplejson==3.11.1 six==1.10.0 SQLAlchemy==1.1.11 stix==1.2.0.4 stix-validator==2.5.0 timesketch==2016.11 tornado==4.2.1 typing==3.6.2 unicodecsv==0.14.1 unity-lens-photos==1.0 usnparser==4.0.3 vine==1.1.3 virtualenv==15.0.1 virustotal-api==1.1.7 volatility==2.6 weakrefmethod==1.0.3 Werkzeug==0.12.2 wheel==0.29.0 windowsprefetch==3.0.5 WTForms==2.1 wxPython==3.0.2.0 wxPython-common==3.0.2.0 xdot==0.6 xlrd==1.0.0 XlsxWriter==0.9.3 yara-python==3.6.3 # [DEBUG ] stderr: The directory '/home/sansforensics/.cache/pip/http' or its parent directory is not owned by the current user and the cache has been disabled. Please check the permissions and owner of that directory. If executing pip with sudo, you may want sudo's -H flag. # [INFO ] All packages were successfully installed # [INFO ] Completed state [dpapick] at time 14:12:54.460146 duration_in_ms=3875.704 # [INFO ] Running state [distorm3] at time 14:12:54.465814 # [INFO ] Executing state pip.installed for [distorm3] # [DEBUG ] Installed pip version: 9.0.1 # [INFO ] Executing command '/usr/local/bin/pip2.7 --version' in directory '/home/sansforensics' # [DEBUG ] output: pip 9.0.1 from /usr/local/lib/python2.7/dist-packages (python 2.7) # [INFO ] Executing command ['/usr/local/bin/pip2.7', 'freeze', '--all'] in directory '/home/sansforensics' # [DEBUG ] stdout: adium-theme-ubuntu==0.3.4 alembic==0.9.3 amqp==2.1.4 analyzeMFT==2.0.19 aniso8601==1.2.1 apsw==3.8.11.1.post1 artifacts==20161022 bcrypt==3.1.3 bencode==1.0 billiard==3.5.0.2 binplist==0.1.5 bitstring==3.1.5 blinker==1.4 celery==4.0.2 cffi==1.10.0 CFPropertyList==0.0.1 click==6.7 colorama==0.3.9 construct==2.5.3 coverage==4.4.1 cybox==2.1.0.14 decorator==4.0.6 dfdatetime==20161101 dfvfs==20160108 dfwinreg==20160428 distorm3==3.3.4 dnspython==1.12.0 docopt==0.6.2 dpapick==0.3 dpkt==1.8 DSV==1.4.1 dumbnet==1.12 ecdsa==0.13 efilter==1!1.5 elasticsearch==5.4.0 enum34==1.1.6 Flask==0.12.2 Flask-Bcrypt==0.7.1 Flask-Login==0.4.0 Flask-Migrate==2.0.4 Flask-RESTful==0.3.6 Flask-Script==2.0.5 Flask-SQLAlchemy==2.2 Flask-WTF==0.14.2 flowgrep==0.9 funcsigs==0.4 fuse-python==0.2.1 future==0.16.0 futures==3.0.5 geoip2==2.5.0 hachoir-core==1.3.3 hachoir-metadata==1.3.3 hachoir-parser==1.3.4 haystack==0.42 hexdump==3.3 ioc-writer==0.3.3 ipaddress==1.0.18 ipython==2.4.1 itsdangerous==0.24 Jinja2==2.8 kombu==4.0.2 lxml==3.8.0 M2Crypto==0.26.0 Mako==1.0.3 MarkupSafe==0.23 maxminddb==1.3.0 mixbox==1.0.2 mock==1.3.0 msgpack-python==0.4.6 ntdsxtract==1.2b0 ordered-set==2.0.2 ordereddict==1.1 paramiko==1.16.0 pbr==1.8.0 pefile==2017.9.3 pexpect==4.0.1 pip==9.0.1 plaso==1.4.0 protobuf==2.6.1 psutil==4.3.1 ptyprocess==0.5 py==1.4.34 pyasn1==0.3.4 pycoin==0.77 pycparser==2.18 pycrypto==2.6.1 pycurl==7.43.0 PyMySQL==0.7.2 pynids==0.6.1 pyparsing==2.1.5 pyserial==3.0.1 PySocks==1.6.7 pytest==3.1.3 pytest-cov==2.5.1 python-apt==1.1.0b1 python-dateutil==2.5.3 python-editor==1.0.3 python-evtx==0.6.0 python-magic==0.4.13 python-ptrace==0.9.2 python-registry==1.0.4 python-systemd==231 pytsk3==20160721 pytz==2016.6.1 PyYAML==3.11 pyzmq==16.0.0 redis==2.10.5 requests==2.11.1 salt==2017.7.1 setuptools==36.4.0 simplegeneric==0.8.1 simplejson==3.11.1 six==1.10.0 SQLAlchemy==1.1.11 stix==1.2.0.4 stix-validator==2.5.0 timesketch==2016.11 tornado==4.2.1 typing==3.6.2 unicodecsv==0.14.1 unity-lens-photos==1.0 usnparser==4.0.3 vine==1.1.3 virtualenv==15.0.1 virustotal-api==1.1.7 volatility==2.6 weakrefmethod==1.0.3 Werkzeug==0.12.2 wheel==0.29.0 windowsprefetch==3.0.5 WTForms==2.1 wxPython==3.0.2.0 wxPython-common==3.0.2.0 xdot==0.6 xlrd==1.0.0 XlsxWriter==0.9.3 yara-python==3.6.3 # [DEBUG ] stderr: The directory '/home/sansforensics/.cache/pip/http' or its parent directory is not owned by the current user and the cache has been disabled. Please check the permissions and owner of that directory. If executing pip with sudo, you may want sudo's -H flag. # [DEBUG ] CLEANUP_REQUIREMENTS: [] # [DEBUG ] TRY BLOCK: end of pip.install -- cmd: ['/usr/local/bin/pip2.7', 'install'], cmd_kwargs: {'runas': None, 'use_vt': False, 'saltenv': 'base'} # [INFO ] Executing command ['/usr/local/bin/pip2.7', 'install'] in directory '/home/sansforensics' # [DEBUG ] stderr: The directory '/home/sansforensics/.cache/pip/http' or its parent directory is not owned by the current user and the cache has been disabled. Please check the permissions and owner of that directory. If executing pip with sudo, you may want sudo's -H flag. The directory '/home/sansforensics/.cache/pip' or its parent directory is not owned by the current user and caching wheels has been disabled. check the permissions and owner of that directory. If executing pip with sudo, you may want sudo's -H flag. You must give at least one requirement to install (see "pip help install") # [INFO ] Python package distorm3 was already installed All packages were successfully installed # [INFO ] Completed state [distorm3] at time 14:12:56.369952 duration_in_ms=1904.14 # [INFO ] Running state [haystack] at time 14:12:56.373050 # [INFO ] Executing state pip.installed for [haystack] # [DEBUG ] Installed pip version: 9.0.1 # [INFO ] Executing command '/usr/local/bin/pip2.7 --version' in directory '/home/sansforensics' # [DEBUG ] output: pip 9.0.1 from /usr/local/lib/python2.7/dist-packages (python 2.7) # [INFO ] Executing command ['/usr/local/bin/pip2.7', 'freeze', '--all'] in directory '/home/sansforensics' # [DEBUG ] stdout: adium-theme-ubuntu==0.3.4 alembic==0.9.3 amqp==2.1.4 analyzeMFT==2.0.19 aniso8601==1.2.1 apsw==3.8.11.1.post1 artifacts==20161022 bcrypt==3.1.3 bencode==1.0 billiard==3.5.0.2 binplist==0.1.5 bitstring==3.1.5 blinker==1.4 celery==4.0.2 cffi==1.10.0 CFPropertyList==0.0.1 click==6.7 colorama==0.3.9 construct==2.5.3 coverage==4.4.1 cybox==2.1.0.14 decorator==4.0.6 dfdatetime==20161101 dfvfs==20160108 dfwinreg==20160428 distorm3==3.3.4 dnspython==1.12.0 docopt==0.6.2 dpapick==0.3 dpkt==1.8 DSV==1.4.1 dumbnet==1.12 ecdsa==0.13 efilter==1!1.5 elasticsearch==5.4.0 enum34==1.1.6 Flask==0.12.2 Flask-Bcrypt==0.7.1 Flask-Login==0.4.0 Flask-Migrate==2.0.4 Flask-RESTful==0.3.6 Flask-Script==2.0.5 Flask-SQLAlchemy==2.2 Flask-WTF==0.14.2 flowgrep==0.9 funcsigs==0.4 fuse-python==0.2.1 future==0.16.0 futures==3.0.5 geoip2==2.5.0 hachoir-core==1.3.3 hachoir-metadata==1.3.3 hachoir-parser==1.3.4 haystack==0.42 hexdump==3.3 ioc-writer==0.3.3 ipaddress==1.0.18 ipython==2.4.1 itsdangerous==0.24 Jinja2==2.8 kombu==4.0.2 lxml==3.8.0 M2Crypto==0.26.0 Mako==1.0.3 MarkupSafe==0.23 maxminddb==1.3.0 mixbox==1.0.2 mock==1.3.0 msgpack-python==0.4.6 ntdsxtract==1.2b0 ordered-set==2.0.2 ordereddict==1.1 paramiko==1.16.0 pbr==1.8.0 pefile==2017.9.3 pexpect==4.0.1 pip==9.0.1 plaso==1.4.0 protobuf==2.6.1 psutil==4.3.1 ptyprocess==0.5 py==1.4.34 pyasn1==0.3.4 pycoin==0.77 pycparser==2.18 pycrypto==2.6.1 pycurl==7.43.0 PyMySQL==0.7.2 pynids==0.6.1 pyparsing==2.1.5 pyserial==3.0.1 PySocks==1.6.7 pytest==3.1.3 pytest-cov==2.5.1 python-apt==1.1.0b1 python-dateutil==2.5.3 python-editor==1.0.3 python-evtx==0.6.0 python-magic==0.4.13 python-ptrace==0.9.2 python-registry==1.0.4 python-systemd==231 pytsk3==20160721 pytz==2016.6.1 PyYAML==3.11 pyzmq==16.0.0 redis==2.10.5 requests==2.11.1 salt==2017.7.1 setuptools==36.4.0 simplegeneric==0.8.1 simplejson==3.11.1 six==1.10.0 SQLAlchemy==1.1.11 stix==1.2.0.4 stix-validator==2.5.0 timesketch==2016.11 tornado==4.2.1 typing==3.6.2 unicodecsv==0.14.1 unity-lens-photos==1.0 usnparser==4.0.3 vine==1.1.3 virtualenv==15.0.1 virustotal-api==1.1.7 volatility==2.6 weakrefmethod==1.0.3 Werkzeug==0.12.2 wheel==0.29.0 windowsprefetch==3.0.5 WTForms==2.1 wxPython==3.0.2.0 wxPython-common==3.0.2.0 xdot==0.6 xlrd==1.0.0 XlsxWriter==0.9.3 yara-python==3.6.3 # [DEBUG ] stderr: The directory '/home/sansforensics/.cache/pip/http' or its parent directory is not owned by the current user and the cache has been disabled. Please check the permissions and owner of that directory. If executing pip with sudo, you may want sudo's -H flag. # [DEBUG ] CLEANUP_REQUIREMENTS: [] # [DEBUG ] TRY BLOCK: end of pip.install -- cmd: ['/usr/local/bin/pip2.7', 'install', '--upgrade', 'haystack'], cmd_kwargs: {'runas': None, 'use_vt': False, 'saltenv': 'base'} # [INFO ] Executing command ['/usr/local/bin/pip2.7', 'install', '--upgrade', 'haystack'] in directory '/home/sansforensics' # [DEBUG ] stdout: Requirement already up-to-date: haystack in /usr/local/lib/python2.7/dist-packages Requirement already up-to-date: python-ptrace>=0.8.1 in /usr/local/lib/python2.7/dist-packages (from haystack) Requirement already up-to-date: construct<2.8 in /usr/lib/python2.7/dist-packages (from haystack) Requirement already up-to-date: pefile in /usr/local/lib/python2.7/dist-packages (from haystack) Requirement already up-to-date: six in /usr/lib/python2.7/dist-packages (from construct<2.8->haystack) Requirement already up-to-date: future in /usr/local/lib/python2.7/dist-packages (from pefile->haystack) # [DEBUG ] stderr: The directory '/home/sansforensics/.cache/pip/http' or its parent directory is not owned by the current user and the cache has been disabled. Please check the permissions and owner of that directory. If executing pip with sudo, you may want sudo's -H flag. The directory '/home/sansforensics/.cache/pip' or its parent directory is not owned by the current user and caching wheels has been disabled. check the permissions and owner of that directory. If executing pip with sudo, you may want sudo's -H flag. # [INFO ] Executing command '/usr/local/bin/pip2.7 --version' in directory '/home/sansforensics' # [DEBUG ] output: pip 9.0.1 from /usr/local/lib/python2.7/dist-packages (python 2.7) # [INFO ] Executing command ['/usr/local/bin/pip2.7', 'freeze', '--all'] in directory '/home/sansforensics' # [DEBUG ] stdout: adium-theme-ubuntu==0.3.4 alembic==0.9.3 amqp==2.1.4 analyzeMFT==2.0.19 aniso8601==1.2.1 apsw==3.8.11.1.post1 artifacts==20161022 bcrypt==3.1.3 bencode==1.0 billiard==3.5.0.2 binplist==0.1.5 bitstring==3.1.5 blinker==1.4 celery==4.0.2 cffi==1.10.0 CFPropertyList==0.0.1 click==6.7 colorama==0.3.9 construct==2.5.3 coverage==4.4.1 cybox==2.1.0.14 decorator==4.0.6 dfdatetime==20161101 dfvfs==20160108 dfwinreg==20160428 distorm3==3.3.4 dnspython==1.12.0 docopt==0.6.2 dpapick==0.3 dpkt==1.8 DSV==1.4.1 dumbnet==1.12 ecdsa==0.13 efilter==1!1.5 elasticsearch==5.4.0 enum34==1.1.6 Flask==0.12.2 Flask-Bcrypt==0.7.1 Flask-Login==0.4.0 Flask-Migrate==2.0.4 Flask-RESTful==0.3.6 Flask-Script==2.0.5 Flask-SQLAlchemy==2.2 Flask-WTF==0.14.2 flowgrep==0.9 funcsigs==0.4 fuse-python==0.2.1 future==0.16.0 futures==3.0.5 geoip2==2.5.0 hachoir-core==1.3.3 hachoir-metadata==1.3.3 hachoir-parser==1.3.4 haystack==0.42 hexdump==3.3 ioc-writer==0.3.3 ipaddress==1.0.18 ipython==2.4.1 itsdangerous==0.24 Jinja2==2.8 kombu==4.0.2 lxml==3.8.0 M2Crypto==0.26.0 Mako==1.0.3 MarkupSafe==0.23 maxminddb==1.3.0 mixbox==1.0.2 mock==1.3.0 msgpack-python==0.4.6 ntdsxtract==1.2b0 ordered-set==2.0.2 ordereddict==1.1 paramiko==1.16.0 pbr==1.8.0 pefile==2017.9.3 pexpect==4.0.1 pip==9.0.1 plaso==1.4.0 protobuf==2.6.1 psutil==4.3.1 ptyprocess==0.5 py==1.4.34 pyasn1==0.3.4 pycoin==0.77 pycparser==2.18 pycrypto==2.6.1 pycurl==7.43.0 PyMySQL==0.7.2 pynids==0.6.1 pyparsing==2.1.5 pyserial==3.0.1 PySocks==1.6.7 pytest==3.1.3 pytest-cov==2.5.1 python-apt==1.1.0b1 python-dateutil==2.5.3 python-editor==1.0.3 python-evtx==0.6.0 python-magic==0.4.13 python-ptrace==0.9.2 python-registry==1.0.4 python-systemd==231 pytsk3==20160721 pytz==2016.6.1 PyYAML==3.11 pyzmq==16.0.0 redis==2.10.5 requests==2.11.1 salt==2017.7.1 setuptools==36.4.0 simplegeneric==0.8.1 simplejson==3.11.1 six==1.10.0 SQLAlchemy==1.1.11 stix==1.2.0.4 stix-validator==2.5.0 timesketch==2016.11 tornado==4.2.1 typing==3.6.2 unicodecsv==0.14.1 unity-lens-photos==1.0 usnparser==4.0.3 vine==1.1.3 virtualenv==15.0.1 virustotal-api==1.1.7 volatility==2.6 weakrefmethod==1.0.3 Werkzeug==0.12.2 wheel==0.29.0 windowsprefetch==3.0.5 WTForms==2.1 wxPython==3.0.2.0 wxPython-common==3.0.2.0 xdot==0.6 xlrd==1.0.0 XlsxWriter==0.9.3 yara-python==3.6.3 # [DEBUG ] stderr: The directory '/home/sansforensics/.cache/pip/http' or its parent directory is not owned by the current user and the cache has been disabled. Please check the permissions and owner of that directory. If executing pip with sudo, you may want sudo's -H flag. # [INFO ] All packages were successfully installed # [INFO ] Completed state [haystack] at time 14:13:00.077971 duration_in_ms=3704.918 # [INFO ] Running state [lxml] at time 14:13:00.104783 # [INFO ] Executing state pip.installed for [lxml] # [DEBUG ] Installed pip version: 9.0.1 # [INFO ] Executing command '/usr/local/bin/pip2.7 --version' in directory '/home/sansforensics' # [DEBUG ] output: pip 9.0.1 from /usr/local/lib/python2.7/dist-packages (python 2.7) # [INFO ] Executing command ['/usr/local/bin/pip2.7', 'freeze', '--all'] in directory '/home/sansforensics' # [DEBUG ] stdout: adium-theme-ubuntu==0.3.4 alembic==0.9.3 amqp==2.1.4 analyzeMFT==2.0.19 aniso8601==1.2.1 apsw==3.8.11.1.post1 artifacts==20161022 bcrypt==3.1.3 bencode==1.0 billiard==3.5.0.2 binplist==0.1.5 bitstring==3.1.5 blinker==1.4 celery==4.0.2 cffi==1.10.0 CFPropertyList==0.0.1 click==6.7 colorama==0.3.9 construct==2.5.3 coverage==4.4.1 cybox==2.1.0.14 decorator==4.0.6 dfdatetime==20161101 dfvfs==20160108 dfwinreg==20160428 distorm3==3.3.4 dnspython==1.12.0 docopt==0.6.2 dpapick==0.3 dpkt==1.8 DSV==1.4.1 dumbnet==1.12 ecdsa==0.13 efilter==1!1.5 elasticsearch==5.4.0 enum34==1.1.6 Flask==0.12.2 Flask-Bcrypt==0.7.1 Flask-Login==0.4.0 Flask-Migrate==2.0.4 Flask-RESTful==0.3.6 Flask-Script==2.0.5 Flask-SQLAlchemy==2.2 Flask-WTF==0.14.2 flowgrep==0.9 funcsigs==0.4 fuse-python==0.2.1 future==0.16.0 futures==3.0.5 geoip2==2.5.0 hachoir-core==1.3.3 hachoir-metadata==1.3.3 hachoir-parser==1.3.4 haystack==0.42 hexdump==3.3 ioc-writer==0.3.3 ipaddress==1.0.18 ipython==2.4.1 itsdangerous==0.24 Jinja2==2.8 kombu==4.0.2 lxml==3.8.0 M2Crypto==0.26.0 Mako==1.0.3 MarkupSafe==0.23 maxminddb==1.3.0 mixbox==1.0.2 mock==1.3.0 msgpack-python==0.4.6 ntdsxtract==1.2b0 ordered-set==2.0.2 ordereddict==1.1 paramiko==1.16.0 pbr==1.8.0 pefile==2017.9.3 pexpect==4.0.1 pip==9.0.1 plaso==1.4.0 protobuf==2.6.1 psutil==4.3.1 ptyprocess==0.5 py==1.4.34 pyasn1==0.3.4 pycoin==0.77 pycparser==2.18 pycrypto==2.6.1 pycurl==7.43.0 PyMySQL==0.7.2 pynids==0.6.1 pyparsing==2.1.5 pyserial==3.0.1 PySocks==1.6.7 pytest==3.1.3 pytest-cov==2.5.1 python-apt==1.1.0b1 python-dateutil==2.5.3 python-editor==1.0.3 python-evtx==0.6.0 python-magic==0.4.13 python-ptrace==0.9.2 python-registry==1.0.4 python-systemd==231 pytsk3==20160721 pytz==2016.6.1 PyYAML==3.11 pyzmq==16.0.0 redis==2.10.5 requests==2.11.1 salt==2017.7.1 setuptools==36.4.0 simplegeneric==0.8.1 simplejson==3.11.1 six==1.10.0 SQLAlchemy==1.1.11 stix==1.2.0.4 stix-validator==2.5.0 timesketch==2016.11 tornado==4.2.1 typing==3.6.2 unicodecsv==0.14.1 unity-lens-photos==1.0 usnparser==4.0.3 vine==1.1.3 virtualenv==15.0.1 virustotal-api==1.1.7 volatility==2.6 weakrefmethod==1.0.3 Werkzeug==0.12.2 wheel==0.29.0 windowsprefetch==3.0.5 WTForms==2.1 wxPython==3.0.2.0 wxPython-common==3.0.2.0 xdot==0.6 xlrd==1.0.0 XlsxWriter==0.9.3 yara-python==3.6.3 # [DEBUG ] stderr: The directory '/home/sansforensics/.cache/pip/http' or its parent directory is not owned by the current user and the cache has been disabled. Please check the permissions and owner of that directory. If executing pip with sudo, you may want sudo's -H flag. # [DEBUG ] CLEANUP_REQUIREMENTS: [] # [DEBUG ] TRY BLOCK: end of pip.install -- cmd: ['/usr/local/bin/pip2.7', 'install'], cmd_kwargs: {'runas': None, 'use_vt': False, 'saltenv': 'base'} # [INFO ] Executing command ['/usr/local/bin/pip2.7', 'install'] in directory '/home/sansforensics' # [DEBUG ] stderr: The directory '/home/sansforensics/.cache/pip/http' or its parent directory is not owned by the current user and the cache has been disabled. Please check the permissions and owner of that directory. If executing pip with sudo, you may want sudo's -H flag. The directory '/home/sansforensics/.cache/pip' or its parent directory is not owned by the current user and caching wheels has been disabled. check the permissions and owner of that directory. If executing pip with sudo, you may want sudo's -H flag. You must give at least one requirement to install (see "pip help install") # [INFO ] Python package lxml was already installed All packages were successfully installed # [INFO ] Completed state [lxml] at time 14:13:02.498653 duration_in_ms=2393.872 # [INFO ] Running state [ioc_writer] at time 14:13:02.504292 # [INFO ] Executing state pip.installed for [ioc_writer] # [DEBUG ] Installed pip version: 9.0.1 # [INFO ] Executing command '/usr/local/bin/pip2.7 --version' in directory '/home/sansforensics' # [DEBUG ] output: pip 9.0.1 from /usr/local/lib/python2.7/dist-packages (python 2.7) # [INFO ] Executing command ['/usr/local/bin/pip2.7', 'freeze', '--all'] in directory '/home/sansforensics' # [DEBUG ] stdout: adium-theme-ubuntu==0.3.4 alembic==0.9.3 amqp==2.1.4 analyzeMFT==2.0.19 aniso8601==1.2.1 apsw==3.8.11.1.post1 artifacts==20161022 bcrypt==3.1.3 bencode==1.0 billiard==3.5.0.2 binplist==0.1.5 bitstring==3.1.5 blinker==1.4 celery==4.0.2 cffi==1.10.0 CFPropertyList==0.0.1 click==6.7 colorama==0.3.9 construct==2.5.3 coverage==4.4.1 cybox==2.1.0.14 decorator==4.0.6 dfdatetime==20161101 dfvfs==20160108 dfwinreg==20160428 distorm3==3.3.4 dnspython==1.12.0 docopt==0.6.2 dpapick==0.3 dpkt==1.8 DSV==1.4.1 dumbnet==1.12 ecdsa==0.13 efilter==1!1.5 elasticsearch==5.4.0 enum34==1.1.6 Flask==0.12.2 Flask-Bcrypt==0.7.1 Flask-Login==0.4.0 Flask-Migrate==2.0.4 Flask-RESTful==0.3.6 Flask-Script==2.0.5 Flask-SQLAlchemy==2.2 Flask-WTF==0.14.2 flowgrep==0.9 funcsigs==0.4 fuse-python==0.2.1 future==0.16.0 futures==3.0.5 geoip2==2.5.0 hachoir-core==1.3.3 hachoir-metadata==1.3.3 hachoir-parser==1.3.4 haystack==0.42 hexdump==3.3 ioc-writer==0.3.3 ipaddress==1.0.18 ipython==2.4.1 itsdangerous==0.24 Jinja2==2.8 kombu==4.0.2 lxml==3.8.0 M2Crypto==0.26.0 Mako==1.0.3 MarkupSafe==0.23 maxminddb==1.3.0 mixbox==1.0.2 mock==1.3.0 msgpack-python==0.4.6 ntdsxtract==1.2b0 ordered-set==2.0.2 ordereddict==1.1 paramiko==1.16.0 pbr==1.8.0 pefile==2017.9.3 pexpect==4.0.1 pip==9.0.1 plaso==1.4.0 protobuf==2.6.1 psutil==4.3.1 ptyprocess==0.5 py==1.4.34 pyasn1==0.3.4 pycoin==0.77 pycparser==2.18 pycrypto==2.6.1 pycurl==7.43.0 PyMySQL==0.7.2 pynids==0.6.1 pyparsing==2.1.5 pyserial==3.0.1 PySocks==1.6.7 pytest==3.1.3 pytest-cov==2.5.1 python-apt==1.1.0b1 python-dateutil==2.5.3 python-editor==1.0.3 python-evtx==0.6.0 python-magic==0.4.13 python-ptrace==0.9.2 python-registry==1.0.4 python-systemd==231 pytsk3==20160721 pytz==2016.6.1 PyYAML==3.11 pyzmq==16.0.0 redis==2.10.5 requests==2.11.1 salt==2017.7.1 setuptools==36.4.0 simplegeneric==0.8.1 simplejson==3.11.1 six==1.10.0 SQLAlchemy==1.1.11 stix==1.2.0.4 stix-validator==2.5.0 timesketch==2016.11 tornado==4.2.1 typing==3.6.2 unicodecsv==0.14.1 unity-lens-photos==1.0 usnparser==4.0.3 vine==1.1.3 virtualenv==15.0.1 virustotal-api==1.1.7 volatility==2.6 weakrefmethod==1.0.3 Werkzeug==0.12.2 wheel==0.29.0 windowsprefetch==3.0.5 WTForms==2.1 wxPython==3.0.2.0 wxPython-common==3.0.2.0 xdot==0.6 xlrd==1.0.0 XlsxWriter==0.9.3 yara-python==3.6.3 # [DEBUG ] stderr: The directory '/home/sansforensics/.cache/pip/http' or its parent directory is not owned by the current user and the cache has been disabled. Please check the permissions and owner of that directory. If executing pip with sudo, you may want sudo's -H flag. # [DEBUG ] CLEANUP_REQUIREMENTS: [] # [DEBUG ] TRY BLOCK: end of pip.install -- cmd: ['/usr/local/bin/pip2.7', 'install'], cmd_kwargs: {'runas': None, 'use_vt': False, 'saltenv': 'base'} # [INFO ] Executing command ['/usr/local/bin/pip2.7', 'install'] in directory '/home/sansforensics' # [DEBUG ] stderr: The directory '/home/sansforensics/.cache/pip/http' or its parent directory is not owned by the current user and the cache has been disabled. Please check the permissions and owner of that directory. If executing pip with sudo, you may want sudo's -H flag. The directory '/home/sansforensics/.cache/pip' or its parent directory is not owned by the current user and caching wheels has been disabled. check the permissions and owner of that directory. If executing pip with sudo, you may want sudo's -H flag. You must give at least one requirement to install (see "pip help install") # [INFO ] Python package ioc_writer was already installed All packages were successfully installed # [INFO ] Completed state [ioc_writer] at time 14:13:05.025434 duration_in_ms=2521.141 # [INFO ] Running state [pefile] at time 14:13:05.029672 # [INFO ] Executing state pip.installed for [pefile] # [DEBUG ] Installed pip version: 9.0.1 # [INFO ] Executing command '/usr/local/bin/pip2.7 --version' in directory '/home/sansforensics' # [DEBUG ] output: pip 9.0.1 from /usr/local/lib/python2.7/dist-packages (python 2.7) # [INFO ] Executing command ['/usr/local/bin/pip2.7', 'freeze', '--all'] in directory '/home/sansforensics' # [DEBUG ] stdout: adium-theme-ubuntu==0.3.4 alembic==0.9.3 amqp==2.1.4 analyzeMFT==2.0.19 aniso8601==1.2.1 apsw==3.8.11.1.post1 artifacts==20161022 bcrypt==3.1.3 bencode==1.0 billiard==3.5.0.2 binplist==0.1.5 bitstring==3.1.5 blinker==1.4 celery==4.0.2 cffi==1.10.0 CFPropertyList==0.0.1 click==6.7 colorama==0.3.9 construct==2.5.3 coverage==4.4.1 cybox==2.1.0.14 decorator==4.0.6 dfdatetime==20161101 dfvfs==20160108 dfwinreg==20160428 distorm3==3.3.4 dnspython==1.12.0 docopt==0.6.2 dpapick==0.3 dpkt==1.8 DSV==1.4.1 dumbnet==1.12 ecdsa==0.13 efilter==1!1.5 elasticsearch==5.4.0 enum34==1.1.6 Flask==0.12.2 Flask-Bcrypt==0.7.1 Flask-Login==0.4.0 Flask-Migrate==2.0.4 Flask-RESTful==0.3.6 Flask-Script==2.0.5 Flask-SQLAlchemy==2.2 Flask-WTF==0.14.2 flowgrep==0.9 funcsigs==0.4 fuse-python==0.2.1 future==0.16.0 futures==3.0.5 geoip2==2.5.0 hachoir-core==1.3.3 hachoir-metadata==1.3.3 hachoir-parser==1.3.4 haystack==0.42 hexdump==3.3 ioc-writer==0.3.3 ipaddress==1.0.18 ipython==2.4.1 itsdangerous==0.24 Jinja2==2.8 kombu==4.0.2 lxml==3.8.0 M2Crypto==0.26.0 Mako==1.0.3 MarkupSafe==0.23 maxminddb==1.3.0 mixbox==1.0.2 mock==1.3.0 msgpack-python==0.4.6 ntdsxtract==1.2b0 ordered-set==2.0.2 ordereddict==1.1 paramiko==1.16.0 pbr==1.8.0 pefile==2017.9.3 pexpect==4.0.1 pip==9.0.1 plaso==1.4.0 protobuf==2.6.1 psutil==4.3.1 ptyprocess==0.5 py==1.4.34 pyasn1==0.3.4 pycoin==0.77 pycparser==2.18 pycrypto==2.6.1 pycurl==7.43.0 PyMySQL==0.7.2 pynids==0.6.1 pyparsing==2.1.5 pyserial==3.0.1 PySocks==1.6.7 pytest==3.1.3 pytest-cov==2.5.1 python-apt==1.1.0b1 python-dateutil==2.5.3 python-editor==1.0.3 python-evtx==0.6.0 python-magic==0.4.13 python-ptrace==0.9.2 python-registry==1.0.4 python-systemd==231 pytsk3==20160721 pytz==2016.6.1 PyYAML==3.11 pyzmq==16.0.0 redis==2.10.5 requests==2.11.1 salt==2017.7.1 setuptools==36.4.0 simplegeneric==0.8.1 simplejson==3.11.1 six==1.10.0 SQLAlchemy==1.1.11 stix==1.2.0.4 stix-validator==2.5.0 timesketch==2016.11 tornado==4.2.1 typing==3.6.2 unicodecsv==0.14.1 unity-lens-photos==1.0 usnparser==4.0.3 vine==1.1.3 virtualenv==15.0.1 virustotal-api==1.1.7 volatility==2.6 weakrefmethod==1.0.3 Werkzeug==0.12.2 wheel==0.29.0 windowsprefetch==3.0.5 WTForms==2.1 wxPython==3.0.2.0 wxPython-common==3.0.2.0 xdot==0.6 xlrd==1.0.0 XlsxWriter==0.9.3 yara-python==3.6.3 # [DEBUG ] stderr: The directory '/home/sansforensics/.cache/pip/http' or its parent directory is not owned by the current user and the cache has been disabled. Please check the permissions and owner of that directory. If executing pip with sudo, you may want sudo's -H flag. # [DEBUG ] CLEANUP_REQUIREMENTS: [] # [DEBUG ] TRY BLOCK: end of pip.install -- cmd: ['/usr/local/bin/pip2.7', 'install'], cmd_kwargs: {'runas': None, 'use_vt': False, 'saltenv': 'base'} # [INFO ] Executing command ['/usr/local/bin/pip2.7', 'install'] in directory '/home/sansforensics' # [DEBUG ] stderr: The directory '/home/sansforensics/.cache/pip/http' or its parent directory is not owned by the current user and the cache has been disabled. Please check the permissions and owner of that directory. If executing pip with sudo, you may want sudo's -H flag. The directory '/home/sansforensics/.cache/pip' or its parent directory is not owned by the current user and caching wheels has been disabled. check the permissions and owner of that directory. If executing pip with sudo, you may want sudo's -H flag. You must give at least one requirement to install (see "pip help install") # [INFO ] Python package pefile was already installed All packages were successfully installed # [INFO ] Completed state [pefile] at time 14:13:07.071981 duration_in_ms=2042.308 # [INFO ] Running state [pycoin] at time 14:13:07.077800 # [INFO ] Executing state pip.installed for [pycoin] # [DEBUG ] Installed pip version: 9.0.1 # [INFO ] Executing command '/usr/local/bin/pip2.7 --version' in directory '/home/sansforensics' # [DEBUG ] output: pip 9.0.1 from /usr/local/lib/python2.7/dist-packages (python 2.7) # [INFO ] Executing command ['/usr/local/bin/pip2.7', 'freeze', '--all'] in directory '/home/sansforensics' # [DEBUG ] stdout: adium-theme-ubuntu==0.3.4 alembic==0.9.3 amqp==2.1.4 analyzeMFT==2.0.19 aniso8601==1.2.1 apsw==3.8.11.1.post1 artifacts==20161022 bcrypt==3.1.3 bencode==1.0 billiard==3.5.0.2 binplist==0.1.5 bitstring==3.1.5 blinker==1.4 celery==4.0.2 cffi==1.10.0 CFPropertyList==0.0.1 click==6.7 colorama==0.3.9 construct==2.5.3 coverage==4.4.1 cybox==2.1.0.14 decorator==4.0.6 dfdatetime==20161101 dfvfs==20160108 dfwinreg==20160428 distorm3==3.3.4 dnspython==1.12.0 docopt==0.6.2 dpapick==0.3 dpkt==1.8 DSV==1.4.1 dumbnet==1.12 ecdsa==0.13 efilter==1!1.5 elasticsearch==5.4.0 enum34==1.1.6 Flask==0.12.2 Flask-Bcrypt==0.7.1 Flask-Login==0.4.0 Flask-Migrate==2.0.4 Flask-RESTful==0.3.6 Flask-Script==2.0.5 Flask-SQLAlchemy==2.2 Flask-WTF==0.14.2 flowgrep==0.9 funcsigs==0.4 fuse-python==0.2.1 future==0.16.0 futures==3.0.5 geoip2==2.5.0 hachoir-core==1.3.3 hachoir-metadata==1.3.3 hachoir-parser==1.3.4 haystack==0.42 hexdump==3.3 ioc-writer==0.3.3 ipaddress==1.0.18 ipython==2.4.1 itsdangerous==0.24 Jinja2==2.8 kombu==4.0.2 lxml==3.8.0 M2Crypto==0.26.0 Mako==1.0.3 MarkupSafe==0.23 maxminddb==1.3.0 mixbox==1.0.2 mock==1.3.0 msgpack-python==0.4.6 ntdsxtract==1.2b0 ordered-set==2.0.2 ordereddict==1.1 paramiko==1.16.0 pbr==1.8.0 pefile==2017.9.3 pexpect==4.0.1 pip==9.0.1 plaso==1.4.0 protobuf==2.6.1 psutil==4.3.1 ptyprocess==0.5 py==1.4.34 pyasn1==0.3.4 pycoin==0.77 pycparser==2.18 pycrypto==2.6.1 pycurl==7.43.0 PyMySQL==0.7.2 pynids==0.6.1 pyparsing==2.1.5 pyserial==3.0.1 PySocks==1.6.7 pytest==3.1.3 pytest-cov==2.5.1 python-apt==1.1.0b1 python-dateutil==2.5.3 python-editor==1.0.3 python-evtx==0.6.0 python-magic==0.4.13 python-ptrace==0.9.2 python-registry==1.0.4 python-systemd==231 pytsk3==20160721 pytz==2016.6.1 PyYAML==3.11 pyzmq==16.0.0 redis==2.10.5 requests==2.11.1 salt==2017.7.1 setuptools==36.4.0 simplegeneric==0.8.1 simplejson==3.11.1 six==1.10.0 SQLAlchemy==1.1.11 stix==1.2.0.4 stix-validator==2.5.0 timesketch==2016.11 tornado==4.2.1 typing==3.6.2 unicodecsv==0.14.1 unity-lens-photos==1.0 usnparser==4.0.3 vine==1.1.3 virtualenv==15.0.1 virustotal-api==1.1.7 volatility==2.6 weakrefmethod==1.0.3 Werkzeug==0.12.2 wheel==0.29.0 windowsprefetch==3.0.5 WTForms==2.1 wxPython==3.0.2.0 wxPython-common==3.0.2.0 xdot==0.6 xlrd==1.0.0 XlsxWriter==0.9.3 yara-python==3.6.3 # [DEBUG ] stderr: The directory '/home/sansforensics/.cache/pip/http' or its parent directory is not owned by the current user and the cache has been disabled. Please check the permissions and owner of that directory. If executing pip with sudo, you may want sudo's -H flag. # [DEBUG ] CLEANUP_REQUIREMENTS: [] # [DEBUG ] TRY BLOCK: end of pip.install -- cmd: ['/usr/local/bin/pip2.7', 'install', '--upgrade', 'pycoin'], cmd_kwargs: {'runas': None, 'use_vt': False, 'saltenv': 'base'} # [INFO ] Executing command ['/usr/local/bin/pip2.7', 'install', '--upgrade', 'pycoin'] in directory '/home/sansforensics' # [DEBUG ] stdout: Requirement already up-to-date: pycoin in /usr/local/lib/python2.7/dist-packages # [DEBUG ] stderr: The directory '/home/sansforensics/.cache/pip/http' or its parent directory is not owned by the current user and the cache has been disabled. Please check the permissions and owner of that directory. If executing pip with sudo, you may want sudo's -H flag. The directory '/home/sansforensics/.cache/pip' or its parent directory is not owned by the current user and caching wheels has been disabled. check the permissions and owner of that directory. If executing pip with sudo, you may want sudo's -H flag. # [INFO ] Executing command '/usr/local/bin/pip2.7 --version' in directory '/home/sansforensics' # [DEBUG ] output: pip 9.0.1 from /usr/local/lib/python2.7/dist-packages (python 2.7) # [INFO ] Executing command ['/usr/local/bin/pip2.7', 'freeze', '--all'] in directory '/home/sansforensics' # [DEBUG ] stdout: adium-theme-ubuntu==0.3.4 alembic==0.9.3 amqp==2.1.4 analyzeMFT==2.0.19 aniso8601==1.2.1 apsw==3.8.11.1.post1 artifacts==20161022 bcrypt==3.1.3 bencode==1.0 billiard==3.5.0.2 binplist==0.1.5 bitstring==3.1.5 blinker==1.4 celery==4.0.2 cffi==1.10.0 CFPropertyList==0.0.1 click==6.7 colorama==0.3.9 construct==2.5.3 coverage==4.4.1 cybox==2.1.0.14 decorator==4.0.6 dfdatetime==20161101 dfvfs==20160108 dfwinreg==20160428 distorm3==3.3.4 dnspython==1.12.0 docopt==0.6.2 dpapick==0.3 dpkt==1.8 DSV==1.4.1 dumbnet==1.12 ecdsa==0.13 efilter==1!1.5 elasticsearch==5.4.0 enum34==1.1.6 Flask==0.12.2 Flask-Bcrypt==0.7.1 Flask-Login==0.4.0 Flask-Migrate==2.0.4 Flask-RESTful==0.3.6 Flask-Script==2.0.5 Flask-SQLAlchemy==2.2 Flask-WTF==0.14.2 flowgrep==0.9 funcsigs==0.4 fuse-python==0.2.1 future==0.16.0 futures==3.0.5 geoip2==2.5.0 hachoir-core==1.3.3 hachoir-metadata==1.3.3 hachoir-parser==1.3.4 haystack==0.42 hexdump==3.3 ioc-writer==0.3.3 ipaddress==1.0.18 ipython==2.4.1 itsdangerous==0.24 Jinja2==2.8 kombu==4.0.2 lxml==3.8.0 M2Crypto==0.26.0 Mako==1.0.3 MarkupSafe==0.23 maxminddb==1.3.0 mixbox==1.0.2 mock==1.3.0 msgpack-python==0.4.6 ntdsxtract==1.2b0 ordered-set==2.0.2 ordereddict==1.1 paramiko==1.16.0 pbr==1.8.0 pefile==2017.9.3 pexpect==4.0.1 pip==9.0.1 plaso==1.4.0 protobuf==2.6.1 psutil==4.3.1 ptyprocess==0.5 py==1.4.34 pyasn1==0.3.4 pycoin==0.77 pycparser==2.18 pycrypto==2.6.1 pycurl==7.43.0 PyMySQL==0.7.2 pynids==0.6.1 pyparsing==2.1.5 pyserial==3.0.1 PySocks==1.6.7 pytest==3.1.3 pytest-cov==2.5.1 python-apt==1.1.0b1 python-dateutil==2.5.3 python-editor==1.0.3 python-evtx==0.6.0 python-magic==0.4.13 python-ptrace==0.9.2 python-registry==1.0.4 python-systemd==231 pytsk3==20160721 pytz==2016.6.1 PyYAML==3.11 pyzmq==16.0.0 redis==2.10.5 requests==2.11.1 salt==2017.7.1 setuptools==36.4.0 simplegeneric==0.8.1 simplejson==3.11.1 six==1.10.0 SQLAlchemy==1.1.11 stix==1.2.0.4 stix-validator==2.5.0 timesketch==2016.11 tornado==4.2.1 typing==3.6.2 unicodecsv==0.14.1 unity-lens-photos==1.0 usnparser==4.0.3 vine==1.1.3 virtualenv==15.0.1 virustotal-api==1.1.7 volatility==2.6 weakrefmethod==1.0.3 Werkzeug==0.12.2 wheel==0.29.0 windowsprefetch==3.0.5 WTForms==2.1 wxPython==3.0.2.0 wxPython-common==3.0.2.0 xdot==0.6 xlrd==1.0.0 XlsxWriter==0.9.3 yara-python==3.6.3 # [DEBUG ] stderr: The directory '/home/sansforensics/.cache/pip/http' or its parent directory is not owned by the current user and the cache has been disabled. Please check the permissions and owner of that directory. If executing pip with sudo, you may want sudo's -H flag. # [INFO ] All packages were successfully installed # [INFO ] Completed state [pycoin] at time 14:13:10.341252 duration_in_ms=3263.452 # [INFO ] Running state [pysocks] at time 14:13:10.344961 # [INFO ] Executing state pip.installed for [pysocks] # [DEBUG ] Installed pip version: 9.0.1 # [INFO ] Executing command '/usr/local/bin/pip2.7 --version' in directory '/home/sansforensics' # [DEBUG ] output: pip 9.0.1 from /usr/local/lib/python2.7/dist-packages (python 2.7) # [INFO ] Executing command ['/usr/local/bin/pip2.7', 'freeze', '--all'] in directory '/home/sansforensics' # [DEBUG ] stdout: adium-theme-ubuntu==0.3.4 alembic==0.9.3 amqp==2.1.4 analyzeMFT==2.0.19 aniso8601==1.2.1 apsw==3.8.11.1.post1 artifacts==20161022 bcrypt==3.1.3 bencode==1.0 billiard==3.5.0.2 binplist==0.1.5 bitstring==3.1.5 blinker==1.4 celery==4.0.2 cffi==1.10.0 CFPropertyList==0.0.1 click==6.7 colorama==0.3.9 construct==2.5.3 coverage==4.4.1 cybox==2.1.0.14 decorator==4.0.6 dfdatetime==20161101 dfvfs==20160108 dfwinreg==20160428 distorm3==3.3.4 dnspython==1.12.0 docopt==0.6.2 dpapick==0.3 dpkt==1.8 DSV==1.4.1 dumbnet==1.12 ecdsa==0.13 efilter==1!1.5 elasticsearch==5.4.0 enum34==1.1.6 Flask==0.12.2 Flask-Bcrypt==0.7.1 Flask-Login==0.4.0 Flask-Migrate==2.0.4 Flask-RESTful==0.3.6 Flask-Script==2.0.5 Flask-SQLAlchemy==2.2 Flask-WTF==0.14.2 flowgrep==0.9 funcsigs==0.4 fuse-python==0.2.1 future==0.16.0 futures==3.0.5 geoip2==2.5.0 hachoir-core==1.3.3 hachoir-metadata==1.3.3 hachoir-parser==1.3.4 haystack==0.42 hexdump==3.3 ioc-writer==0.3.3 ipaddress==1.0.18 ipython==2.4.1 itsdangerous==0.24 Jinja2==2.8 kombu==4.0.2 lxml==3.8.0 M2Crypto==0.26.0 Mako==1.0.3 MarkupSafe==0.23 maxminddb==1.3.0 mixbox==1.0.2 mock==1.3.0 msgpack-python==0.4.6 ntdsxtract==1.2b0 ordered-set==2.0.2 ordereddict==1.1 paramiko==1.16.0 pbr==1.8.0 pefile==2017.9.3 pexpect==4.0.1 pip==9.0.1 plaso==1.4.0 protobuf==2.6.1 psutil==4.3.1 ptyprocess==0.5 py==1.4.34 pyasn1==0.3.4 pycoin==0.77 pycparser==2.18 pycrypto==2.6.1 pycurl==7.43.0 PyMySQL==0.7.2 pynids==0.6.1 pyparsing==2.1.5 pyserial==3.0.1 PySocks==1.6.7 pytest==3.1.3 pytest-cov==2.5.1 python-apt==1.1.0b1 python-dateutil==2.5.3 python-editor==1.0.3 python-evtx==0.6.0 python-magic==0.4.13 python-ptrace==0.9.2 python-registry==1.0.4 python-systemd==231 pytsk3==20160721 pytz==2016.6.1 PyYAML==3.11 pyzmq==16.0.0 redis==2.10.5 requests==2.11.1 salt==2017.7.1 setuptools==36.4.0 simplegeneric==0.8.1 simplejson==3.11.1 six==1.10.0 SQLAlchemy==1.1.11 stix==1.2.0.4 stix-validator==2.5.0 timesketch==2016.11 tornado==4.2.1 typing==3.6.2 unicodecsv==0.14.1 unity-lens-photos==1.0 usnparser==4.0.3 vine==1.1.3 virtualenv==15.0.1 virustotal-api==1.1.7 volatility==2.6 weakrefmethod==1.0.3 Werkzeug==0.12.2 wheel==0.29.0 windowsprefetch==3.0.5 WTForms==2.1 wxPython==3.0.2.0 wxPython-common==3.0.2.0 xdot==0.6 xlrd==1.0.0 XlsxWriter==0.9.3 yara-python==3.6.3 # [DEBUG ] stderr: The directory '/home/sansforensics/.cache/pip/http' or its parent directory is not owned by the current user and the cache has been disabled. Please check the permissions and owner of that directory. If executing pip with sudo, you may want sudo's -H flag. # [DEBUG ] CLEANUP_REQUIREMENTS: [] # [DEBUG ] TRY BLOCK: end of pip.install -- cmd: ['/usr/local/bin/pip2.7', 'install'], cmd_kwargs: {'runas': None, 'use_vt': False, 'saltenv': 'base'} # [INFO ] Executing command ['/usr/local/bin/pip2.7', 'install'] in directory '/home/sansforensics' # [DEBUG ] stderr: The directory '/home/sansforensics/.cache/pip/http' or its parent directory is not owned by the current user and the cache has been disabled. Please check the permissions and owner of that directory. If executing pip with sudo, you may want sudo's -H flag. The directory '/home/sansforensics/.cache/pip' or its parent directory is not owned by the current user and caching wheels has been disabled. check the permissions and owner of that directory. If executing pip with sudo, you may want sudo's -H flag. You must give at least one requirement to install (see "pip help install") # [INFO ] Python package pysocks was already installed All packages were successfully installed # [INFO ] Completed state [pysocks] at time 14:13:12.300229 duration_in_ms=1955.268 # [INFO ] Running state [simplejson] at time 14:13:12.303130 # [INFO ] Executing state pip.installed for [simplejson] # [DEBUG ] Installed pip version: 9.0.1 # [INFO ] Executing command '/usr/local/bin/pip2.7 --version' in directory '/home/sansforensics' # [DEBUG ] output: pip 9.0.1 from /usr/local/lib/python2.7/dist-packages (python 2.7) # [INFO ] Executing command ['/usr/local/bin/pip2.7', 'freeze', '--all'] in directory '/home/sansforensics' # [DEBUG ] stdout: adium-theme-ubuntu==0.3.4 alembic==0.9.3 amqp==2.1.4 analyzeMFT==2.0.19 aniso8601==1.2.1 apsw==3.8.11.1.post1 artifacts==20161022 bcrypt==3.1.3 bencode==1.0 billiard==3.5.0.2 binplist==0.1.5 bitstring==3.1.5 blinker==1.4 celery==4.0.2 cffi==1.10.0 CFPropertyList==0.0.1 click==6.7 colorama==0.3.9 construct==2.5.3 coverage==4.4.1 cybox==2.1.0.14 decorator==4.0.6 dfdatetime==20161101 dfvfs==20160108 dfwinreg==20160428 distorm3==3.3.4 dnspython==1.12.0 docopt==0.6.2 dpapick==0.3 dpkt==1.8 DSV==1.4.1 dumbnet==1.12 ecdsa==0.13 efilter==1!1.5 elasticsearch==5.4.0 enum34==1.1.6 Flask==0.12.2 Flask-Bcrypt==0.7.1 Flask-Login==0.4.0 Flask-Migrate==2.0.4 Flask-RESTful==0.3.6 Flask-Script==2.0.5 Flask-SQLAlchemy==2.2 Flask-WTF==0.14.2 flowgrep==0.9 funcsigs==0.4 fuse-python==0.2.1 future==0.16.0 futures==3.0.5 geoip2==2.5.0 hachoir-core==1.3.3 hachoir-metadata==1.3.3 hachoir-parser==1.3.4 haystack==0.42 hexdump==3.3 ioc-writer==0.3.3 ipaddress==1.0.18 ipython==2.4.1 itsdangerous==0.24 Jinja2==2.8 kombu==4.0.2 lxml==3.8.0 M2Crypto==0.26.0 Mako==1.0.3 MarkupSafe==0.23 maxminddb==1.3.0 mixbox==1.0.2 mock==1.3.0 msgpack-python==0.4.6 ntdsxtract==1.2b0 ordered-set==2.0.2 ordereddict==1.1 paramiko==1.16.0 pbr==1.8.0 pefile==2017.9.3 pexpect==4.0.1 pip==9.0.1 plaso==1.4.0 protobuf==2.6.1 psutil==4.3.1 ptyprocess==0.5 py==1.4.34 pyasn1==0.3.4 pycoin==0.77 pycparser==2.18 pycrypto==2.6.1 pycurl==7.43.0 PyMySQL==0.7.2 pynids==0.6.1 pyparsing==2.1.5 pyserial==3.0.1 PySocks==1.6.7 pytest==3.1.3 pytest-cov==2.5.1 python-apt==1.1.0b1 python-dateutil==2.5.3 python-editor==1.0.3 python-evtx==0.6.0 python-magic==0.4.13 python-ptrace==0.9.2 python-registry==1.0.4 python-systemd==231 pytsk3==20160721 pytz==2016.6.1 PyYAML==3.11 pyzmq==16.0.0 redis==2.10.5 requests==2.11.1 salt==2017.7.1 setuptools==36.4.0 simplegeneric==0.8.1 simplejson==3.11.1 six==1.10.0 SQLAlchemy==1.1.11 stix==1.2.0.4 stix-validator==2.5.0 timesketch==2016.11 tornado==4.2.1 typing==3.6.2 unicodecsv==0.14.1 unity-lens-photos==1.0 usnparser==4.0.3 vine==1.1.3 virtualenv==15.0.1 virustotal-api==1.1.7 volatility==2.6 weakrefmethod==1.0.3 Werkzeug==0.12.2 wheel==0.29.0 windowsprefetch==3.0.5 WTForms==2.1 wxPython==3.0.2.0 wxPython-common==3.0.2.0 xdot==0.6 xlrd==1.0.0 XlsxWriter==0.9.3 yara-python==3.6.3 # [DEBUG ] stderr: The directory '/home/sansforensics/.cache/pip/http' or its parent directory is not owned by the current user and the cache has been disabled. Please check the permissions and owner of that directory. If executing pip with sudo, you may want sudo's -H flag. # [DEBUG ] CLEANUP_REQUIREMENTS: [] # [DEBUG ] TRY BLOCK: end of pip.install -- cmd: ['/usr/local/bin/pip2.7', 'install', '--upgrade', 'simplejson'], cmd_kwargs: {'runas': None, 'use_vt': False, 'saltenv': 'base'} # [INFO ] Executing command ['/usr/local/bin/pip2.7', 'install', '--upgrade', 'simplejson'] in directory '/home/sansforensics' # [DEBUG ] stdout: Requirement already up-to-date: simplejson in /usr/local/lib/python2.7/dist-packages # [DEBUG ] stderr: The directory '/home/sansforensics/.cache/pip/http' or its parent directory is not owned by the current user and the cache has been disabled. Please check the permissions and owner of that directory. If executing pip with sudo, you may want sudo's -H flag. The directory '/home/sansforensics/.cache/pip' or its parent directory is not owned by the current user and caching wheels has been disabled. check the permissions and owner of that directory. If executing pip with sudo, you may want sudo's -H flag. # [INFO ] Executing command '/usr/local/bin/pip2.7 --version' in directory '/home/sansforensics' # [DEBUG ] output: pip 9.0.1 from /usr/local/lib/python2.7/dist-packages (python 2.7) # [INFO ] Executing command ['/usr/local/bin/pip2.7', 'freeze', '--all'] in directory '/home/sansforensics' # [DEBUG ] stdout: adium-theme-ubuntu==0.3.4 alembic==0.9.3 amqp==2.1.4 analyzeMFT==2.0.19 aniso8601==1.2.1 apsw==3.8.11.1.post1 artifacts==20161022 bcrypt==3.1.3 bencode==1.0 billiard==3.5.0.2 binplist==0.1.5 bitstring==3.1.5 blinker==1.4 celery==4.0.2 cffi==1.10.0 CFPropertyList==0.0.1 click==6.7 colorama==0.3.9 construct==2.5.3 coverage==4.4.1 cybox==2.1.0.14 decorator==4.0.6 dfdatetime==20161101 dfvfs==20160108 dfwinreg==20160428 distorm3==3.3.4 dnspython==1.12.0 docopt==0.6.2 dpapick==0.3 dpkt==1.8 DSV==1.4.1 dumbnet==1.12 ecdsa==0.13 efilter==1!1.5 elasticsearch==5.4.0 enum34==1.1.6 Flask==0.12.2 Flask-Bcrypt==0.7.1 Flask-Login==0.4.0 Flask-Migrate==2.0.4 Flask-RESTful==0.3.6 Flask-Script==2.0.5 Flask-SQLAlchemy==2.2 Flask-WTF==0.14.2 flowgrep==0.9 funcsigs==0.4 fuse-python==0.2.1 future==0.16.0 futures==3.0.5 geoip2==2.5.0 hachoir-core==1.3.3 hachoir-metadata==1.3.3 hachoir-parser==1.3.4 haystack==0.42 hexdump==3.3 ioc-writer==0.3.3 ipaddress==1.0.18 ipython==2.4.1 itsdangerous==0.24 Jinja2==2.8 kombu==4.0.2 lxml==3.8.0 M2Crypto==0.26.0 Mako==1.0.3 MarkupSafe==0.23 maxminddb==1.3.0 mixbox==1.0.2 mock==1.3.0 msgpack-python==0.4.6 ntdsxtract==1.2b0 ordered-set==2.0.2 ordereddict==1.1 paramiko==1.16.0 pbr==1.8.0 pefile==2017.9.3 pexpect==4.0.1 pip==9.0.1 plaso==1.4.0 protobuf==2.6.1 psutil==4.3.1 ptyprocess==0.5 py==1.4.34 pyasn1==0.3.4 pycoin==0.77 pycparser==2.18 pycrypto==2.6.1 pycurl==7.43.0 PyMySQL==0.7.2 pynids==0.6.1 pyparsing==2.1.5 pyserial==3.0.1 PySocks==1.6.7 pytest==3.1.3 pytest-cov==2.5.1 python-apt==1.1.0b1 python-dateutil==2.5.3 python-editor==1.0.3 python-evtx==0.6.0 python-magic==0.4.13 python-ptrace==0.9.2 python-registry==1.0.4 python-systemd==231 pytsk3==20160721 pytz==2016.6.1 PyYAML==3.11 pyzmq==16.0.0 redis==2.10.5 requests==2.11.1 salt==2017.7.1 setuptools==36.4.0 simplegeneric==0.8.1 simplejson==3.11.1 six==1.10.0 SQLAlchemy==1.1.11 stix==1.2.0.4 stix-validator==2.5.0 timesketch==2016.11 tornado==4.2.1 typing==3.6.2 unicodecsv==0.14.1 unity-lens-photos==1.0 usnparser==4.0.3 vine==1.1.3 virtualenv==15.0.1 virustotal-api==1.1.7 volatility==2.6 weakrefmethod==1.0.3 Werkzeug==0.12.2 wheel==0.29.0 windowsprefetch==3.0.5 WTForms==2.1 wxPython==3.0.2.0 wxPython-common==3.0.2.0 xdot==0.6 xlrd==1.0.0 XlsxWriter==0.9.3 yara-python==3.6.3 # [DEBUG ] stderr: The directory '/home/sansforensics/.cache/pip/http' or its parent directory is not owned by the current user and the cache has been disabled. Please check the permissions and owner of that directory. If executing pip with sudo, you may want sudo's -H flag. # [INFO ] All packages were successfully installed # [INFO ] Completed state [simplejson] at time 14:13:15.649981 duration_in_ms=3346.85 # [INFO ] Running state [yara-python] at time 14:13:15.655615 # [INFO ] Executing state pip.installed for [yara-python] # [DEBUG ] Installed pip version: 9.0.1 # [INFO ] Executing command '/usr/local/bin/pip2.7 --version' in directory '/home/sansforensics' # [DEBUG ] output: pip 9.0.1 from /usr/local/lib/python2.7/dist-packages (python 2.7) # [INFO ] Executing command ['/usr/local/bin/pip2.7', 'freeze', '--all'] in directory '/home/sansforensics' # [DEBUG ] stdout: adium-theme-ubuntu==0.3.4 alembic==0.9.3 amqp==2.1.4 analyzeMFT==2.0.19 aniso8601==1.2.1 apsw==3.8.11.1.post1 artifacts==20161022 bcrypt==3.1.3 bencode==1.0 billiard==3.5.0.2 binplist==0.1.5 bitstring==3.1.5 blinker==1.4 celery==4.0.2 cffi==1.10.0 CFPropertyList==0.0.1 click==6.7 colorama==0.3.9 construct==2.5.3 coverage==4.4.1 cybox==2.1.0.14 decorator==4.0.6 dfdatetime==20161101 dfvfs==20160108 dfwinreg==20160428 distorm3==3.3.4 dnspython==1.12.0 docopt==0.6.2 dpapick==0.3 dpkt==1.8 DSV==1.4.1 dumbnet==1.12 ecdsa==0.13 efilter==1!1.5 elasticsearch==5.4.0 enum34==1.1.6 Flask==0.12.2 Flask-Bcrypt==0.7.1 Flask-Login==0.4.0 Flask-Migrate==2.0.4 Flask-RESTful==0.3.6 Flask-Script==2.0.5 Flask-SQLAlchemy==2.2 Flask-WTF==0.14.2 flowgrep==0.9 funcsigs==0.4 fuse-python==0.2.1 future==0.16.0 futures==3.0.5 geoip2==2.5.0 hachoir-core==1.3.3 hachoir-metadata==1.3.3 hachoir-parser==1.3.4 haystack==0.42 hexdump==3.3 ioc-writer==0.3.3 ipaddress==1.0.18 ipython==2.4.1 itsdangerous==0.24 Jinja2==2.8 kombu==4.0.2 lxml==3.8.0 M2Crypto==0.26.0 Mako==1.0.3 MarkupSafe==0.23 maxminddb==1.3.0 mixbox==1.0.2 mock==1.3.0 msgpack-python==0.4.6 ntdsxtract==1.2b0 ordered-set==2.0.2 ordereddict==1.1 paramiko==1.16.0 pbr==1.8.0 pefile==2017.9.3 pexpect==4.0.1 pip==9.0.1 plaso==1.4.0 protobuf==2.6.1 psutil==4.3.1 ptyprocess==0.5 py==1.4.34 pyasn1==0.3.4 pycoin==0.77 pycparser==2.18 pycrypto==2.6.1 pycurl==7.43.0 PyMySQL==0.7.2 pynids==0.6.1 pyparsing==2.1.5 pyserial==3.0.1 PySocks==1.6.7 pytest==3.1.3 pytest-cov==2.5.1 python-apt==1.1.0b1 python-dateutil==2.5.3 python-editor==1.0.3 python-evtx==0.6.0 python-magic==0.4.13 python-ptrace==0.9.2 python-registry==1.0.4 python-systemd==231 pytsk3==20160721 pytz==2016.6.1 PyYAML==3.11 pyzmq==16.0.0 redis==2.10.5 requests==2.11.1 salt==2017.7.1 setuptools==36.4.0 simplegeneric==0.8.1 simplejson==3.11.1 six==1.10.0 SQLAlchemy==1.1.11 stix==1.2.0.4 stix-validator==2.5.0 timesketch==2016.11 tornado==4.2.1 typing==3.6.2 unicodecsv==0.14.1 unity-lens-photos==1.0 usnparser==4.0.3 vine==1.1.3 virtualenv==15.0.1 virustotal-api==1.1.7 volatility==2.6 weakrefmethod==1.0.3 Werkzeug==0.12.2 wheel==0.29.0 windowsprefetch==3.0.5 WTForms==2.1 wxPython==3.0.2.0 wxPython-common==3.0.2.0 xdot==0.6 xlrd==1.0.0 XlsxWriter==0.9.3 yara-python==3.6.3 # [DEBUG ] stderr: The directory '/home/sansforensics/.cache/pip/http' or its parent directory is not owned by the current user and the cache has been disabled. Please check the permissions and owner of that directory. If executing pip with sudo, you may want sudo's -H flag. # [DEBUG ] CLEANUP_REQUIREMENTS: [] # [DEBUG ] TRY BLOCK: end of pip.install -- cmd: ['/usr/local/bin/pip2.7', 'install', '--upgrade', 'yara-python'], cmd_kwargs: {'runas': None, 'use_vt': False, 'saltenv': 'base'} # [INFO ] Executing command ['/usr/local/bin/pip2.7', 'install', '--upgrade', 'yara-python'] in directory '/home/sansforensics' # [DEBUG ] stdout: Requirement already up-to-date: yara-python in /usr/local/lib/python2.7/dist-packages # [DEBUG ] stderr: The directory '/home/sansforensics/.cache/pip/http' or its parent directory is not owned by the current user and the cache has been disabled. Please check the permissions and owner of that directory. If executing pip with sudo, you may want sudo's -H flag. The directory '/home/sansforensics/.cache/pip' or its parent directory is not owned by the current user and caching wheels has been disabled. check the permissions and owner of that directory. If executing pip with sudo, you may want sudo's -H flag. # [INFO ] Executing command '/usr/local/bin/pip2.7 --version' in directory '/home/sansforensics' # [DEBUG ] output: pip 9.0.1 from /usr/local/lib/python2.7/dist-packages (python 2.7) # [INFO ] Executing command ['/usr/local/bin/pip2.7', 'freeze', '--all'] in directory '/home/sansforensics' # [DEBUG ] stdout: adium-theme-ubuntu==0.3.4 alembic==0.9.3 amqp==2.1.4 analyzeMFT==2.0.19 aniso8601==1.2.1 apsw==3.8.11.1.post1 artifacts==20161022 bcrypt==3.1.3 bencode==1.0 billiard==3.5.0.2 binplist==0.1.5 bitstring==3.1.5 blinker==1.4 celery==4.0.2 cffi==1.10.0 CFPropertyList==0.0.1 click==6.7 colorama==0.3.9 construct==2.5.3 coverage==4.4.1 cybox==2.1.0.14 decorator==4.0.6 dfdatetime==20161101 dfvfs==20160108 dfwinreg==20160428 distorm3==3.3.4 dnspython==1.12.0 docopt==0.6.2 dpapick==0.3 dpkt==1.8 DSV==1.4.1 dumbnet==1.12 ecdsa==0.13 efilter==1!1.5 elasticsearch==5.4.0 enum34==1.1.6 Flask==0.12.2 Flask-Bcrypt==0.7.1 Flask-Login==0.4.0 Flask-Migrate==2.0.4 Flask-RESTful==0.3.6 Flask-Script==2.0.5 Flask-SQLAlchemy==2.2 Flask-WTF==0.14.2 flowgrep==0.9 funcsigs==0.4 fuse-python==0.2.1 future==0.16.0 futures==3.0.5 geoip2==2.5.0 hachoir-core==1.3.3 hachoir-metadata==1.3.3 hachoir-parser==1.3.4 haystack==0.42 hexdump==3.3 ioc-writer==0.3.3 ipaddress==1.0.18 ipython==2.4.1 itsdangerous==0.24 Jinja2==2.8 kombu==4.0.2 lxml==3.8.0 M2Crypto==0.26.0 Mako==1.0.3 MarkupSafe==0.23 maxminddb==1.3.0 mixbox==1.0.2 mock==1.3.0 msgpack-python==0.4.6 ntdsxtract==1.2b0 ordered-set==2.0.2 ordereddict==1.1 paramiko==1.16.0 pbr==1.8.0 pefile==2017.9.3 pexpect==4.0.1 pip==9.0.1 plaso==1.4.0 protobuf==2.6.1 psutil==4.3.1 ptyprocess==0.5 py==1.4.34 pyasn1==0.3.4 pycoin==0.77 pycparser==2.18 pycrypto==2.6.1 pycurl==7.43.0 PyMySQL==0.7.2 pynids==0.6.1 pyparsing==2.1.5 pyserial==3.0.1 PySocks==1.6.7 pytest==3.1.3 pytest-cov==2.5.1 python-apt==1.1.0b1 python-dateutil==2.5.3 python-editor==1.0.3 python-evtx==0.6.0 python-magic==0.4.13 python-ptrace==0.9.2 python-registry==1.0.4 python-systemd==231 pytsk3==20160721 pytz==2016.6.1 PyYAML==3.11 pyzmq==16.0.0 redis==2.10.5 requests==2.11.1 salt==2017.7.1 setuptools==36.4.0 simplegeneric==0.8.1 simplejson==3.11.1 six==1.10.0 SQLAlchemy==1.1.11 stix==1.2.0.4 stix-validator==2.5.0 timesketch==2016.11 tornado==4.2.1 typing==3.6.2 unicodecsv==0.14.1 unity-lens-photos==1.0 usnparser==4.0.3 vine==1.1.3 virtualenv==15.0.1 virustotal-api==1.1.7 volatility==2.6 weakrefmethod==1.0.3 Werkzeug==0.12.2 wheel==0.29.0 windowsprefetch==3.0.5 WTForms==2.1 wxPython==3.0.2.0 wxPython-common==3.0.2.0 xdot==0.6 xlrd==1.0.0 XlsxWriter==0.9.3 yara-python==3.6.3 # [DEBUG ] stderr: The directory '/home/sansforensics/.cache/pip/http' or its parent directory is not owned by the current user and the cache has been disabled. Please check the permissions and owner of that directory. If executing pip with sudo, you may want sudo's -H flag. # [INFO ] All packages were successfully installed # [INFO ] Completed state [yara-python] at time 14:13:19.046541 duration_in_ms=3390.927 # [INFO ] Running state [python-volatility] at time 14:13:19.049802 # [INFO ] Executing state pkg.installed for [python-volatility] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] Package python-volatility is already installed # [INFO ] Completed state [python-volatility] at time 14:13:19.057364 duration_in_ms=7.561 # [INFO ] Executing command ['git', '--version'] in directory '/home/sansforensics' # [DEBUG ] stdout: git version 2.7.4 # [DEBUG ] LazyLoaded git.latest # [INFO ] Running state [https://github.com/sans-dfir/volatility-plugins-community.git] at time 14:13:19.194146 # [INFO ] Executing state git.latest for [https://github.com/sans-dfir/volatility-plugins-community.git] # [INFO ] Checking remote revision for https://github.com/sans-dfir/volatility-plugins-community.git # [INFO ] Executing command ['git', 'ls-remote', 'https://github.com/sans-dfir/volatility-plugins-community.git'] as user 'root' in directory '/root' mesg: ttyname failed: Inappropriate ioctl for device # [DEBUG ] stdout: aef986cda5f8b70a8a9cce56445eeaa0880aa83b HEAD aef986cda5f8b70a8a9cce56445eeaa0880aa83b refs/heads/master # [INFO ] Executing command ['git', 'for-each-ref', '--format', '%(refname:short)', 'refs/heads/'] as user 'root' in directory '/usr/lib/python2.7/dist-packages/volatility/plugins/community' mesg: ttyname failed: Inappropriate ioctl for device # [DEBUG ] stdout: master # [INFO ] Executing command ['git', 'for-each-ref', '--format', '%(refname:short)', 'refs/tags/'] as user 'root' in directory '/usr/lib/python2.7/dist-packages/volatility/plugins/community' mesg: ttyname failed: Inappropriate ioctl for device # [INFO ] Checking local revision for /usr/lib/python2.7/dist-packages/volatility/plugins/community # [INFO ] Executing command ['git', 'rev-parse', 'HEAD'] as user 'root' in directory '/usr/lib/python2.7/dist-packages/volatility/plugins/community' mesg: ttyname failed: Inappropriate ioctl for device # [DEBUG ] stdout: acc431996b068ebbad79e19b730ddbf3b14d6221 # [INFO ] Checking local branch for /usr/lib/python2.7/dist-packages/volatility/plugins/community # [INFO ] Executing command ['git', 'rev-parse', '--abbrev-ref', 'HEAD'] as user 'root' in directory '/usr/lib/python2.7/dist-packages/volatility/plugins/community' mesg: ttyname failed: Inappropriate ioctl for device # [DEBUG ] stdout: master # [INFO ] Executing command ['git', 'remote', '--verbose'] as user 'root' in directory '/usr/lib/python2.7/dist-packages/volatility/plugins/community' mesg: ttyname failed: Inappropriate ioctl for device # [DEBUG ] stdout: origin https://github.com/volatilityfoundation/community.git (fetch) origin https://github.com/volatilityfoundation/community.git (push) # [INFO ] Executing command ['git', 'diff', 'HEAD'] as user 'root' in directory '/usr/lib/python2.7/dist-packages/volatility/plugins/community' mesg: ttyname failed: Inappropriate ioctl for device # [DEBUG ] stdout: diff --git a/AlexanderTarasenko/README.md b/AlexanderTarasenko/README.md deleted file mode 100644 index 8af6e2a..0000000 --- a/AlexanderTarasenko/README.md +++ /dev/null @@ -1,2 +0,0 @@ -Author: Alexander Tarasenko - diff --git a/AlexanderTarasenko/__init__.py b/AlexanderTarasenko/__init__.py deleted file mode 100644 index 8b13789..0000000 --- a/AlexanderTarasenko/__init__.py +++ /dev/null @@ -1 +0,0 @@ - diff --git a/AlexanderTarasenko/windbg.py b/AlexanderTarasenko/windbg.py deleted file mode 100755 index d6712cc..0000000 --- a/AlexanderTarasenko/windbg.py +++ /dev/null @@ -1,67 +0,0 @@ -import volatility.addrspace as addrspace -import volatility.registry as registry -import volatility.obj as obj -import pykd - -class PykdAddressSpace(addrspace.BaseAddressSpace): - - ''' - Windbg address space - ''' - order = 10 - - def __init__(self, base, config, *args, **kwargs): - - self.as_assert(base == None) - self.as_assert(config.LOCATION=='windbg') - self.as_assert(pykd.isKernelDebugging()) - self.dtb = pykd.reg('cr3') - self.nt = pykd.module('nt') - config.KDBG = self.nt.KdCopyDataBlock - self.pageSize = pykd.pageSize() - self.lowPage = pykd.ptrMWord(self.nt.MmLowestPhysicalPage) - self.highPage = pykd.ptrMWord(self.nt.MmHighestPhysicalPage) - self.spaces = [ ( self.lowPage*self.pageSize, (self.highPage -self.lowPage )*self.pageSize) ] - - super(PykdAddressSpace,self).__init__(base,config) - - self.name = "WinDBG Address Space" - - def is_valid_profile(self, profile): - - systemVer = pykd.getSystemVersion() - minor = 3 if systemVer.buildNumber == 9600 else systemVer.win32Minor #fix for minor version for windows 8.1 - - return profile.metadata.get('os', 'Unknown').lower() == 'windows' and \ - profile.metadata.get('memory_model', '32bit') == ( '64bit' if pykd.is64bitSystem() else '32bit' ) and \ - profile.metadata.get('major', 0) == systemVer.win32Major and \ - profile.metadata.get('minor', 0) == minor - - - def read(self, offset, length): - try: - return pykd.loadChars(offset,length,phyAddr=True) - except pykd.MemoryException: - return None - - def zread(self, offset, length): - try: - return pykd.loadChars(offset,length,phyAddr=True) - except pykd.MemoryException: - return '\x00'*length - - def get_address_range(self): - return [ self.lowPage*self.pageSize,(self.highPage + 1)*self.pageSize - 1] - - def get_available_addresses(self): - - for space in self.spaces: - yield space - - def is_valid_address(self, addr): - try: - pykd.loadChars(addr,1,phyAddr=True) - return True - except pykd.MemoryException: - return False - diff --git "a/Lo\303\257cJaquemet/README.md" "b/Lo\303\257cJaquemet/README.md" deleted file mode 100644 index dfddd04..0000000 --- "a/Lo\303\257cJaquemet/README.md" +++ /dev/null @@ -1,208 +0,0 @@ - -The submission should include - - * the source code, - * memory sample demonstrating the capabilities - * description of how the extension is used - * a write up describing the motivation for the work - * why it should win the contest - * a signed "Individual Contributor License Agreement" (please request a copy prior to your submission). - -If you submit multiple plugins, please specify if they should be evaluated as an individual or multiple entries - -Source Code -=========== - -1. https://github.com/trolldbois/volatility_plugins -2. pip install haystack # https://github.com/trolldbois/python-haystack/ -3. pip install ctypeslib2 # https://github.com/trolldbois/ctypeslib -4. pip install python-Levenshtein # - -Memory sample -============= - -The example below are based on - - * zeus.img image from http://malwarecookbook.googlecode.com/svn-history/r26/trunk/17/1/zeus.vmem.zip - * http://secondlookforensics.com/linux-memory-images/centos-6.3-x86_64-LiveDVD-clean.mem.bz2 - -Usage -===== - -1. Install volatility as per instructions -2. `git clone https://github.com/trolldbois/volatility_plugins.git` -3. `vol.py --plugins=volatility_plugins/src/ -f haystack -p -r -c ` - -Plugins: - - * haystackheap: optimised plugin to search for HEAP. please use the constraints file as indicated. - * haystacksearch: generic search for record in all memory space (very slow) - * haystackallocated: search for record in allocated memory chunks only (somewhat experimental) - * haystackshow: load and show the value of a record if loaded from a specific address - * haystackreverse: reverse all allocated structure to file and guesstimate the field type of each structure. - * haystackreversestrings: reverse all strings from allocated memory. - - -For example, to search for all records that could ba a WinXP x86 Heaps in the zeus.vmem image process 1668 and 856: - - zeus.img image from http://malwarecookbook.googlecode.com/svn-history/r26/trunk/17/1/zeus.vmem.zip - -We will use haystackheap to print out the PID and the address of HEAPs. This is a search not using the PEB, -but only the constraints that a HEAP should have. - - $ vol.py --plugins=src -f ~/outputs/vol/zeus.vmem haystackheap -r haystack.allocators.win32.winxp_32.HEAP -c examples/winxpheap.constraints -p 1668 - - ************************************************************************ - Pid: 1668 - Record HEAP at 0x250000 - Record HEAP at 0x150000 - Record HEAP at 0x3f0000 - Record HEAP at 0xba0000 - Record HEAP at 0xb70000 - Record HEAP at 0x1620000 - Record HEAP at 0x1eb0000 - Record HEAP at 0x1ec0000 - Record HEAP at 0x7f6f0000 - -Now we use different set of constraint on the values of the HEAP fields. Surprising fantom HEAP appears. - - $ vol.py --plugins=src -f ~/outputs/vol/zeus.vmem haystackheap -r haystack.allocators.win32.winxp_32.HEAP -c examples/winxpheap-relaxed.constraints -p 1668 - - ************************************************************************ - Pid: 1668 - Record HEAP at 0x250000 - Record HEAP at 0x150000 - Record HEAP at 0x3f0000 - **Record HEAP at 0x730000** - **Record HEAP at 0x860000** - Record HEAP at 0xba0000 - Record HEAP at 0xb70000 - Record HEAP at 0x1620000 - Record HEAP at 0x1eb0000 - Record HEAP at 0x1ec0000 - **Record HEAP at 0x5d09d000** - **Record HEAP at 0x769f7000** - Record HEAP at 0x7f6f0000 - -You can now compare the content of these HEAPs to better understand why ? (this is a fictitious useless scenario) - - $ vol.py --plugins=src -f ~/outputs/vol/zeus.vmem haystackshow -r haystack.allocators.win32.winxp_32.HEAP -p 1668 -a 0x1eb0000 - - ************************************************************************ - Pid: 1668 - Record HEAP at 0x1eb0000 - Record content: - [# --------------- 0x0 - { # - "Entry": { # - [..] - "Signature": 4009750271L, # c_uint - "Flags": 4098L, # c_uint - [..] - "Segments": [ - 0x01eb0640, - 0x01fc0000, - [..] - "LockVariable": 0x01eb0608, - "CommitRoutine": 0x00000000, - "FrontEndHeap": 0x01eb0688, - "FrontHeapLockCount": 0, # c_ushort - "FrontEndHeapType": 1, # c_ubyte - "LastSegmentIndex": 1, # c_ubyte - }] - -and a phantom one: - - $ vol.py --plugins=src -f ~/outputs/vol/zeus.vmem haystackshow -r haystack.allocators.win32.winxp_32.HEAP -p 1668 -a 0x730000 - - ************************************************************************ - Pid: 1668 - Record HEAP at 0x730000 - Record content: - [# --------------- 0x0 - { # - "Entry": { # - [..] - "Signature": 4009750271L, # c_uint - "Flags": 9L, # c_uint - [..] - "Segments": [ - 0xbc5d0608, - [..] - "LockVariable": 0x00000000, - "CommitRoutine": 0xbf8b810a, - "FrontEndHeap": 0x00000000, - "FrontHeapLockCount": 0, # c_ushort - "FrontEndHeapType": 0, # c_ubyte - "LastSegmentIndex": 0, # c_ubyte - }] - -Now this can be applied to any type of records in a process memory. - -The haystackallocated plugin should accelerate searches for record present in allocated memory chunks. -The plugin work for windows XP and 7, 32 and 64 bits. Not perfect for Linux images as some bugs exists. - -If you want to search for more that just HEAP structures provided by haystack or in this repository, -you can use ctypeslib to generate your own structures from your favorite C headers. - -You might want to look at https://github.com/trolldbois/ctypeslib to produce your own records. -Keep in mind you might want to generate ctypes for a different architecture than your own. - -For example, to list all OpenSSL cipher session context records from a process - - $ vol.py --plugins=volatility_plugins/src -f somelinux.img -r examples.records_openssl_32.struct_evp_cipher_ctx_st -c examples/openssl.constraints - - -And finally , if you are adventurous, you can try to reverse a process' memory: - - $ vol.py --plugins=src -f ~/outputs/vol/zeus.vmem haystackreverse -p 856 - - [..] - -You will find a few folders named zeus.vmem_856/ with the produce of the reverse in there. - -Interesting files are named headers_values.py - -Based on that a lot of plugins can be made, like a strings extractor. -HaystackReverseStrings is an string extractor. -But instead of parsing the whole memory dumps, it only looks at strings contained into the process -valid memory allocations. - - - $ vol.py --plugins=src -f ~/outputs/vol/zeus.vmem haystackreversestrings -p 856 - - ************************************************************************ - Pid: 856 - 856,0xbf000,0x8 bytes,u'\x...0\n' - 856,0x92020,0x30 bytes,u'C:\\WINDOWS\\setupapi.log\x00' - 856,0xa4028,0x54 bytes,u'Network Location Awareness (NLA) Namespace' - 856,0xb408c,0xac bytes,u'MSAFD NetBIOS [\\Device\\NetBT_Tcpip_{AD92BA6E-D818-40B8-BC01-D4D8A59937A1}] SEQPACKET 2' - 856,0xb428c,0x22 bytes,'%SystemRoot%\sys...m32\mswsock.dll' - [..] - -Motivation for this work -======================== - -These plugins are an interface between the Volatility framework and the haystack framework. - -While Volatility establishes a forensic framework to analyse a system's RAM, the haystack framework is intended to -analyse a process's RAM, allowing a analyst to search for defined structures in a process's memory. - -Most process's memory are composed from a graph of record, linked by pointers fields. The limited space value of these -fields and others constraints allows for the haystack framework to easily identify all instances of -a record type in memory. - - -Why it should win the contest -============================= - -These plugins are an opening of the next level of forensics, into a process's structured memory. - -They open the way to the possibility of searching in memory for a new type of signature. -Not signatures that are bytes-based. -But signatures that are representing the graph that results from memory allocation by malware. - -Plus it also pretty easy to extract SSL session keys, passphrases, binary data as long as the record types are known. - -So this integration and plugins are also a basis for future plugins to easily 'search' for structures, without to have -to guess the location of such records. The records type themselves are usually sufficient. \ No newline at end of file diff --git "a/Lo\303\257cJaquemet/__init__.py" "b/Lo\303\257cJaquemet/__init__.py" deleted file mode 100644 index 8b13789..0000000 --- "a/Lo\303\257cJaquemet/__init__.py" +++ /dev/null @@ -1 +0,0 @@ - diff --git "a/Lo\303\257cJaquemet/vol_haystack.py" "b/Lo\303\257cJaquemet/vol_haystack.py" deleted file mode 100755 index efddcf7..0000000 --- "a/Lo\303\257cJaquemet/vol_haystack.py" +++ /dev/null @@ -1,300 +0,0 @@ -""" -Plugin to find records using the haystack library. - -python vol.py --plugins=contrib/plugins -f ... - -""" - -import sys -from haystack import target -from haystack import api -from haystack import constraints - -from haystack.mappings import base -from haystack.mappings import vol as hvol -from haystack.search import searcher - -import os -import volatility.plugins.taskmods as taskmods - - -class Haystack(taskmods.DllList): - """ - Search for a record in all the memory space. - """ - - my_name = '' - - def _do_haystack(self, task): - pid = task.UniqueProcessId - my_mappings = [] - # get the mappings - address_space = task.get_process_address_space() - for vad in task.VadRoot.traverse(): - # print type(vad) - if vad is None: - continue - offset = vad.obj_offset - start = vad.Start - end = vad.End - tag = vad.Tag - flags = str(vad.u.VadFlags) - perms = hvol.PERMS_PROTECTION[vad.u.VadFlags.Protection.v() & 7] - pathname = '' - if vad.u.VadFlags.PrivateMemory == 1 or not vad.ControlArea: - pathname = '' - elif vad.FileObject: - pathname = str(vad.FileObject.FileName or '') - - pmap = hvol.VolatilityProcessMappingA( - address_space, - start, - end, - permissions=perms, - pathname=pathname) - - my_mappings.append(pmap) - # now build the memory_handler - - # get the platform - profile = None - my_target = None - if 'WinXP' in self.config.PROFILE: - profile = 'winxp' - elif 'Win7' in self.config.PROFILE: - profile = 'win7' - else: - raise ValueError('Profile %s not supported' % self.config.PROFILE) - - if 'x86' in self.config.PROFILE: - my_target = target.TargetPlatform.make_target_win_32(profile) - elif 'x64' in self.config.PROFILE: - my_target = target.TargetPlatform.make_target_win_64(profile) - - # create a memory handler - dumpname = '%s_%d' % (self.config.LOCATION.split('/')[-1],pid) - memory_handler = base.MemoryHandler(my_mappings, my_target, dumpname) - - for res in self.make_results(pid, memory_handler): - yield res - - def make_results(self, pid, memory_handler): - raise NotImplementedError('Implement me') - - -class HaystackSearch(Haystack): - """ - Search for a record in all the memory space. - """ - def __init__(self, config, *args, **kwargs): - self.config = config - taskmods.DllList.__init__(self, config, *args, **kwargs) - config.add_option('RECORD_NAME', short_option='r', default= None, - help='Search for this record type', - action='store', type='str') - config.add_option('CONSTRAINT_FILE', short_option='c', default= None, - help='Using this constraint file', - action='store', type='str') - - def _init_haystack(self): - self.my_name = self.config.PROFILE - # get the structure name and type - self.modulename, sep, self.classname = self.config.RECORD_NAME.rpartition('.') - # parse the constraint file - if self.config.CONSTRAINT_FILE: - handler = constraints.ConstraintsConfigHandler() - self.my_constraints = handler.read(self.config.CONSTRAINT_FILE) - else: - self.my_constraints = None - return - - def make_results(self, pid, memory_handler): - # import the record class in the haystack model - # we need pwd in path - sys.path.append(os.getcwd()) - module = memory_handler.get_model().import_module(self.modulename) - struct_type = getattr(module, self.classname) - for res in self.make_search_results(memory_handler, struct_type, self.my_constraints): - yield pid, res - - def make_search_results(self, memory_handler, struct_type, my_constraints): - # do the search - # do not use the haystack HEAP parsing capabilities - ## PROD - use API - results = api.search_record(memory_handler, struct_type, my_constraints, extended_search=True) - # output handling - ret = api.output_to_python(memory_handler, results) - for instance, addr in ret: - yield addr - - #def generator(self, data): - # self._init_haystack() - # for task in data: - # yield self._search(task) - - def calculate(self): - self._init_haystack() - tasks = taskmods.DllList.calculate(self) - results = [] - for task in tasks: - results.extend([(pid, addr) for pid, addr in self._do_haystack(task)]) - return results - - def render_text(self, outfd, data): - prevpid= None - for pid, addr in data: - if pid != prevpid: - outfd.write("*" * 72 + "\n") - outfd.write("Pid: {0:6}\n".format(pid)) - prevpid = pid - outfd.write('Record %s at 0x%x\n' % (self.classname, addr)) - -# def unified_output(self, data): -# # blank header in case there is no shimcache data -# return TreeGrid([("PID", int), ("Address", int) -# ], self.generator(data)) - - -class HaystackHeap(HaystackSearch): - """ - Search for a record in an optimised way, suitable for windows HEAP search. - """ - def make_search_results(self, memory_handler, struct_type, my_constraints): - ## DEBUG - use optimised search space for HEAP - my_searcher = searcher.AnyOffsetRecordSearcher(memory_handler, my_constraints) - for mapping in memory_handler.get_mappings(): - res = my_searcher._search_in(mapping, struct_type, nb=1, align=0x1000) - if res: - instance, addr = api.output_to_python(memory_handler, res)[0] - yield addr - ## use direct load - # results = api.load_record(memory_handler, struct_type, 0x150000, load_constraints=None) - - -class HaystackAllocated(HaystackSearch): - """ - Search for a record only in allocated memory chunks. - """ - def make_search_results(self, memory_handler, struct_type, my_constraints): - # do the search - # USE the haystack HEAP parsing capabilities - ## PROD - use API - results = api.search_record(memory_handler, struct_type, my_constraints, extended_search=False) - # output handling - ret = api.output_to_python(memory_handler, results) - for instance, addr in ret: - yield addr - - -class HaystackShow(HaystackSearch): - """ - Show the record value - """ - def __init__(self, config, *args, **kwargs): - HaystackSearch.__init__(self, config, *args, **kwargs) - config.add_option('ADDRESS', short_option='a', default= None, - help='Using this address (hex) to load the record', - action='store', type='str') - - def make_search_results(self, memory_handler, struct_type, my_constraints): - addr = int(self.config.ADDRESS, 16) - results = api.load_record(memory_handler, struct_type, addr, load_constraints=my_constraints) - instance = api.output_to_string(memory_handler, [results]) - yield (instance, addr) - - def render_text(self, outfd, data): - for pid, (instance, addr) in data: - outfd.write("*" * 72 + "\n") - outfd.write("Pid: {0:6}\n".format(pid)) - outfd.write('Record %s at 0x%x\n' % (self.classname, addr)) - outfd.write('Record content:\n') - outfd.write(instance) - - -def _print(x): - print x - - -class HaystackReverse(Haystack): - """ - Reverse all the allocated records of a process memory. - - You will need numpy. - """ - def __init__(self, config, *args, **kwargs): - self.config = config - taskmods.DllList.__init__(self, config, *args, **kwargs) - - def make_results(self, pid, memory_handler): - from haystack.reverse import config - from haystack.reverse import api - - finder = memory_handler.get_heap_finder() - dumpname = memory_handler.get_name() - if not os.access(dumpname, os.F_OK): - os.mkdir(dumpname) - - api.reverse_instances(memory_handler) - - process_context = memory_handler.get_reverse_context() - for i, heap in enumerate(finder.get_heap_mappings()): - heap_addr = heap.get_marked_heap_address() - ctx = process_context.get_context_for_heap(heap) - # get the name of the interesting text output for the user. - outdirname = ctx.get_filename_cache_headers() - #config.get_cache_filename(config.CACHE_GENERATED_PY_HEADERS_VALUES, - # ctx.dumpname, - # ctx._heap_start) - yield (pid, heap_addr, outdirname) - - def calculate(self): - tasks = taskmods.DllList.calculate(self) - - results = [] - for task in tasks: - results.extend([res for res in self._do_haystack(task)]) - return results - - def render_text(self, outfd, data): - prevpid= None - for pid, heap_addr, filename in data: - if pid != prevpid: - outfd.write("*" * 72 + "\n") - outfd.write("Pid: {0:6}\n".format(pid)) - prevpid = pid - outfd.write('Heap at 0x%x was reversed in %s\n' % (heap_addr, filename)) - - -class HaystackReverseStrings(HaystackReverse): - """ - Reverse all the strings in allocated chunks of a process memory. - """ - def __init__(self, config, *args, **kwargs): - self.config = config - HaystackReverse.__init__(self, config, *args, **kwargs) - - def make_results(self, pid, memory_handler): - # create all contextes - for x in super(HaystackReverseStrings, self).make_results(pid, memory_handler): - pass - - process_context = memory_handler.get_reverse_context() - # look at each record in each structure for strings - for ctx in process_context.list_contextes(): - for record in ctx.listStructures(): - for field in record.get_fields(): - addr = record.address + field.offset - if field.is_string(): - maxlen = len(field) - value = record.get_value_for_field(field, maxlen+10) - yield (pid, addr, maxlen, value) - - def render_text(self, outfd, data): - prevpid= None - for pid, addr, length, _string in data: - if pid != prevpid: - outfd.write("*" * 72 + "\n") - outfd.write("Pid: {0:6}\n".format(pid)) - outfd.write("Pid, address, size, string") - prevpid = pid - outfd.write('%d,0x%x,0x%x bytes,%s\n' % (pid, addr, length, _string)) diff --git a/MarcinUlikowski/README.md b/MarcinUlikowski/README.md deleted file mode 100755 index c1e7444..0000000 --- a/MarcinUlikowski/README.md +++ /dev/null @@ -1,76 +0,0 @@ -Volatility plugin: bitlocker -============================ - -This plugin finds and extracts BitLocker Full Volume Encryption Key (FVEK) -which can be used to decrypt BitLocker volumes. - -Currently only Windows Vista/7 memory images are supported. - - -Example use case ----------------- - -Evidence #1: John's computer HDD binary image: John_HDD.dd - -Evidence #2: John's computer memory dump: John_Win7SP1x64.raw - -1) Determine the offset of encrypted BitLocker volume. In the following example -it's the second NTFS partition starting from sector 718848. Note the "-FVE-FS-" -signature. - -``` -$ mmls John_HDD.dd -DOS Partition Table -Offset Sector: 0 -Units are in 512-byte sectors - - Slot Start End Length Description -00: Meta 0000000000 0000000000 0000000001 Primary Table (#0) -01: ----- 0000000000 0000002047 0000002048 Unallocated -02: 00:00 0000002048 0000718847 0000716800 NTFS (0x07) -03: 00:01 0000718848 0031455231 0030736384 NTFS (0x07) -04: ----- 0031455232 0031457279 0000002048 Unallocated -$ -$ hexdump -C -s $((718848*512)) -n 16 John_HDD.dd -15f00000 eb 58 90 2d 46 56 45 2d 46 53 2d 00 02 08 00 00 |.X.-FVE-FS-.....| -15f00010 -``` - -2) Use bitlocker plugin to extract FVEK. It's convenient to use optional -argument *--dump-dir* in order to specify the directory in which cipher ID -(first 2 bytes) and FVEK (64 bytes) will be saved. - -``` -$ export VOLATILITY_LOCATION=file://./John_Win7SP1x64.raw -$ export VOLATILITY_PROFILE=Win7SP1x64 -$ -$ python vol.py bitlocker --dump-dir ./keys -Volatility Foundation Volatility Framework 2.5 - -Cipher: AES-128 + Elephant diffuser (0x8000) -FVEK: 2140c8afcbb835127b3b5b97fdcc8b846b7d97fba0c5a2e9dbfef97e263272fa4543af87702c4cee4252eaaa0b7fdc2a96c54aace6e90642a4bbece8afc430c2 -FVEK dumped to: ./keys/0xfa80018fe8c0.fvek - -``` - -3) Use extracted FVEK to decrypt the volume using dislocker in FUSE mode. - -``` -$ sudo dislocker-fuse -V John_HDD.dd -k ./keys/0xfa80018fe8c0.fvek -o $((718848*512)) -- /mnt/ntfs -$ -$ sudo mount -o loop,ro /mnt/ntfs/dislocker-file /mnt/clear -$ -$ ls -lh /mnt/clear -total 730M -lrwxrwxrwx 2 root root 60 Jul 14 2009 Documents and Settings -> /mnt/clear/Users --rwxrwxrwx 1 root root 730M Nov 4 09:39 pagefile.sys -drwxrwxrwx 1 root root 0 Jul 13 2009 PerfLogs -drwxrwxrwx 1 root root 4.0K Nov 4 09:58 ProgramData -drwxrwxrwx 1 root root 4.0K Apr 12 2011 Program Files -drwxrwxrwx 1 root root 4.0K Nov 4 07:01 Program Files (x86) -drwxrwxrwx 1 root root 0 Nov 4 07:04 Recovery -drwxrwxrwx 1 root root 0 Nov 4 09:57 $Recycle.Bin -drwxrwxrwx 1 root root 4.0K Nov 4 07:05 System Volume Information -drwxrwxrwx 1 root root 4.0K Nov 4 09:56 Users -drwxrwxrwx 1 root root 24K Nov 4 09:58 Windows -``` diff --git a/MarcinUlikowski/__init__.py b/MarcinUlikowski/__init__.py deleted file mode 100644 index 8b13789..0000000 --- a/MarcinUlikowski/__init__.py +++ /dev/null @@ -1 +0,0 @@ - diff --git a/MarcinUlikowski/bitlocker.py b/MarcinUlikowski/bitlocker.py deleted file mode 100755 index 385131a..0000000 --- a/MarcinUlikowski/bitlocker.py +++ /dev/null @@ -1,120 +0,0 @@ -# Volatility plugin: bitlocker -# -# Author: -# Marcin Ulikowski -# -# Based on the research by: -# Jesse Kornblum -# -# Special thanks: -# Piotr Chmylkowski -# Romain Coltel -# -# This plugin is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; either version 2 of the License, or -# (at your option) any later version. -# -# This plugin is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this plugin. If not, see . - - -import os -import volatility.plugins.common as common -import volatility.utils as utils -import volatility.obj as obj -import volatility.poolscan as poolscan -import volatility.debug as debug - - -class bitlocker(common.AbstractWindowsCommand): - '''Extracts BitLocker FVEK (Full Volume Encryption Key)''' - - def __init__(self, config, *args, **kwargs): - common.AbstractWindowsCommand.__init__(self, config, *args, **kwargs) - config.add_option('DUMP-DIR', default = None, help = 'Directory in which to dump cipher ID + FVEK pair') - - @staticmethod - def is_valid_profile(profile): - return (profile.metadata.get('major', 0) == 6 and profile.metadata.get('minor', 0) in [0, 1]) - - def calculate(self): - POOLSIZE_X86_AESDIFF = 976 - POOLSIZE_X86_AESONLY = 504 - POOLSIZE_X64_AESDIFF = 1008 - POOLSIZE_X64_AESONLY = 528 - - OFFSET_DB = { - POOLSIZE_X86_AESDIFF: { - 'CID': 24, - 'FVEK1': 32, - 'FVEK2': 504 - }, - POOLSIZE_X86_AESONLY: { - 'CID': 24, - 'FVEK1': 32, - 'FVEK2': 336 - }, - POOLSIZE_X64_AESDIFF: { - 'CID': 44, - 'FVEK1': 48, - 'FVEK2': 528 - }, - POOLSIZE_X64_AESONLY: { - 'CID': 44, - 'FVEK1': 48, - 'FVEK2': 480 - }, - } - - addr_space = utils.load_as(self._config) - - scanner = poolscan.SinglePoolScanner() - scanner.checks = [ - ('PoolTagCheck', dict(tag = 'FVEc')), - ('CheckPoolSize', dict(condition = lambda x: x in list(OFFSET_DB.keys()))), - ] - - for addr in scanner.scan(addr_space): - pool = obj.Object('_POOL_HEADER', offset = addr, vm = addr_space) - - pool_alignment = obj.VolMagic(pool.obj_vm).PoolAlignment.v() - pool_size = int(pool.BlockSize * pool_alignment) - - cid = addr_space.zread(addr + OFFSET_DB[pool_size]['CID'], 2) - fvek1 = addr_space.zread(addr + OFFSET_DB[pool_size]['FVEK1'], 32) - fvek2 = addr_space.zread(addr + OFFSET_DB[pool_size]['FVEK2'], 32) - - if ord(cid[1]) == 0x80 and ord(cid[0]) <= 0x03: - fvek = fvek1 + fvek2 - yield pool, cid, fvek - - def cipher(self, id): - return { - 0x00: 'AES-128 + Elephant diffuser', - 0x01: 'AES-256 + Elephant diffuser', - 0x02: 'AES-128', - 0x03: 'AES-256' - }.get(id, 'UNKNOWN') - - def render_text(self, outfd, data): - for pool, cid, fvek in data: - debug.debug('FVEc pool found @ {0:#010x}\n'.format(pool.obj_offset)) - - outfd.write('\nCipher: {0} (0x{1:02x}{2:02x})\n'.format(self.cipher(ord(cid[0])), ord(cid[1]), ord(cid[0]))) - outfd.write('FVEK: {}\n'.format(''.join('{:02x}'.format(ord(i)) for i in fvek))) - - if self._config.DUMP_DIR: - full_path = os.path.join(self._config.DUMP_DIR, '{0:#010x}.fvek'.format(pool.obj_offset)) - - with open(full_path, "wb") as fvek_file: - fvek_file.write(cid + fvek) - - outfd.write('FVEK dumped to: {}\n'.format(full_path)) - - outfd.write('\n') diff --git a/TyperHalfpop/README.md b/TyperHalfpop/README.md deleted file mode 100644 index 0407597..0000000 --- a/TyperHalfpop/README.md +++ /dev/null @@ -1,3 +0,0 @@ -Author: Tyler Halfpop - -See https://github.com/tylerph3 for updates and licensing information. \ No newline at end of file diff --git a/TyperHalfpop/__init__.py b/TyperHalfpop/__init__.py deleted file mode 100644 index 8b13789..0000000 --- a/TyperHalfpop/__init__.py +++ /dev/null @@ -1 +0,0 @@ - diff --git a/TyperHalfpop/findevilinfo.py b/TyperHalfpop/findevilinfo.py deleted file mode 100644 index 1e8e981..0000000 --- a/TyperHalfpop/findevilinfo.py +++ /dev/null @@ -1,168 +0,0 @@ -# findevilinfo -__author__ = "Tyler Halfpop" -__version__ = "0.1" -__license__ = "MIT" - -# Yara Rules Directory -YARA_RULES_DIR = "INSERT_YARA_RULES_DIR_HERE" - -# VirusTotal API -# https://www.virustotal.com/en/user//apikey/ -VT_API_KEY = "INSERT_VT_API_KEY_HERE" -VT_URL = "https://www.virustotal.com/vtapi/v2/file/report" -VT_SLEEP = 0 - -import os -import sys -import pefile -import ssl -import json -import urllib -import urllib2 -import math -import yara -import re -from hashlib import sha256 -from time import sleep - -def get_hash(input_file): - """ Return sha256 hash of input file - """ - with open(input_file, "rb") as open_file: - return sha256(open_file.read()).hexdigest() - -def get_VT_verdict(file_hash): - """ Gets the VirusTotal number of hits from VirusTotal example - https://www.virustotal.com/en/documentation/public-api/#getting-file-scans - """ - try: - parameters = {"resource": file_hash, "apikey": VT_API_KEY} - data = urllib.urlencode(parameters) - req = urllib2.Request(VT_URL, data) - response = urllib2.urlopen(req) - json_object = response.read() - response_dict = json.loads(json_object) - verdict = "{} / {}".format(response_dict.get("positives", {}), - response_dict.get("total", {})) - sleep(VT_SLEEP) - if verdict == "{} / {}": - return "Not in VT" - return verdict - except Exception as e: - print "Exception: {}".format(e) - -def check_signed(input_file): - """ Check if a PE file is signed using pefile adapted from disitool by Didier Stevens - https://blog.didierstevens.com/programs/disitool/ - """ - try: - pe = pefile.PE(input_file) - addr = pe.OPTIONAL_HEADER.DATA_DIRECTORY[pefile.DIRECTORY_ENTRY['IMAGE_DIRECTORY_ENTRY_SECURITY']].VirtualAddress - if addr == 0: - return "Unsigned" - return "Signed" - except: - return "Error" - -def get_entropy(input_file): - """ Gets the entropy of file from Ero Carrerra's Blog - http://blog.dkbza.org/2007/05/scanning-data-for-entropy-anomalies.html - """ - try: - with open(input_file, "rb") as open_file: - data = open_file.read() - if not data: - return 0 - entropy = 0 - for x in range(256): - p_x = float(data.count(chr(x)))/len(data) - if p_x > 0: - entropy += - p_x*math.log(p_x, 2) - return entropy - except: - return "Error" - -def carve(input_file): - """Carve PE files from segments adapted from Alexander Hanel's blog - https://hooked-on-mnemonics.blogspot.com/2013/01/pe-carvpy.html - """ - with open(input_file, "rb") as mem_dump: - c = 1 - # For each address that contains MZ - for y in [tmp.start() for tmp in re.finditer('\x4d\x5a',mem_dump.read())]: - mem_dump.seek(y) - try: - pe = pefile.PE(data=mem_dump.read()) - except: - continue - # Determine file ext - if pe.is_dll() == True: - ext = 'dll' - elif pe.is_driver() == True: - ext = 'sys' - elif pe.is_exe() == True: - ext = 'exe' - else: - ext = 'bin' - - print "Carving {} at {}".format(ext, hex(y)) - - with open(input_file + "_" + str(c) + '.' + ext, 'wb') as out: - out.write(pe.trim()) - - c += 1 - ext = '' - mem_dump.seek(0) - pe.close() - -class YaraClass: - """Walks rule dir, compiling and testing rules, and scans files. - """ - def __init__(self): - """YaraClass initialization that sets verbose, scan and yara directory - """ - try: - self.yara_dir = YARA_RULES_DIR - self.verbose = False - self.compile() - except Exception as e: - print "Init Compile Exception: {}".format(e) - - def compile(self): - """Walks rule dir, tests rules, and compiles them for scanning. - """ - try: - all_rules = {} - for root, directories, files in os.walk(self.yara_dir): - for file in files: - if "yar" in os.path.splitext(file)[1]: - rule_case = os.path.join(root, file) - if self.test_rule(rule_case): - all_rules[file] = rule_case - self.rules = yara.compile(filepaths=all_rules) - except Exception as e: - print "Compile Exception: {}".format(e) - - def test_rule(self, test_case): - """Tests rules to make sure they are valid before using them. If verbose is set will print the invalid rules. - """ - try: - yara.compile(filepath=test_case) - return True - except: - if self.verbose: - print "{} is an invalid rule".format(test_case) - return False - - def scan(self, scan_file): - """Scan method that uses compiled rules to scan a file - """ - try: - matched_rules = [] - matches = self.rules.match(scan_file) - for i in matches: - matched_rules.append(i) - return matched_rules - except Exception as e: - print "Scan Exception: {}".format(e) - return "ERROR" diff --git a/TyperHalfpop/findevilmem.py b/TyperHalfpop/findevilmem.py deleted file mode 100644 index b54dd99..0000000 --- a/TyperHalfpop/findevilmem.py +++ /dev/null @@ -1,94 +0,0 @@ -# findevilmem -__author__ = "Tyler Halfpop" -__version__ = "0.1" -__license__ = "MIT" - -import os -import sys - -import volatility.debug as debug -import volatility.conf as conf -import volatility.utils as utils -import volatility.plugins.taskmods as taskmods - -import findevilinfo - -class findEvilMem(taskmods.MemDump): - """Find potential known bad in memory - """ - - def __init__(self, config, *args, **kwargs): - taskmods.MemDump.__init__(self, config, *args, **kwargs) - self._config.DUMP_DIR = os.getcwd() + os.sep + "dump_tmp" - if not os.path.exists(self._config.DUMP_DIR): - os.mkdir(self._config.DUMP_DIR) - print "Creating Dump Dir {}".format(str(self._config.DUMP_DIR)) - else: - print "Dump Dir Already Exists {}".format(str(self._config.DUMP_DIR)) - - def render_text(self, outfd, data): - """ Dump process memory and check for bad - https://github.com/volatilityfoundation/volatility/blob/master/volatility/plugins/taskmods.py - """ - - # Compile Yara Rules if configured - if findevilinfo.YARA_RULES_DIR != "INSERT_YARA_RULES_DIR_HERE": - outfd.write("Compiling Yara Rules\n") - ys = findevilinfo.YaraClass() - - # render_text from taskmods - for pid, task, pagedata in data: - task_space = task.get_process_address_space() - output_file = os.path.join(self._config.DUMP_DIR, str(pid) + ".dmp") - outfd.write("Writing {0} [{1:6}] to {2}.dmp\n".format(task.ImageFileName, pid, str(pid))) - f = open(output_file, 'wb') - if pagedata: - for p in pagedata: - data = task_space.read(p[0], p[1]) - if data == None: - if self._config.verbose: - outfd.write("Memory Not Accessible: Virtual Address: 0x{0:x} Size: 0x{1:x}\n".format(p[0], p[1])) - else: - f.write(data) - findevilinfo.carve(output_file) - else: - outfd.write("Unable to read pages for task.\n") - f.close() - - self.table_header(outfd, - [("Name", "20"), - ("Hash", "64"), - ("Verdict", "10"), - ("Signed", "8"), - ("Entropy", "12"), - ("Yara", ""),]) - - # Walk dump_tmp dir get hash, signed, entropy, vt verdict, yara - try: - for root, directories, files in os.walk(self._config.DUMP_DIR): - for file in files: - dumped_file = os.path.join(root,file) - file_hash = findevilinfo.get_hash(dumped_file) - signed = findevilinfo.check_signed(dumped_file) - entropy = findevilinfo.get_entropy(dumped_file) - - if findevilinfo.VT_API_KEY == "INSERT_VT_API_KEY_HERE": - verdict = "NO_API_KEY" - else: - verdict = findevilinfo.get_VT_verdict(file_hash) - - if findevilinfo.YARA_RULES_DIR == "INSERT_YARA_RULES_DIR_HERE": - yara_hits = "NO_YARA_RULES_DIR" - else: - yara_hits = ys.scan(dumped_file) - - self.table_row(outfd, - file, - file_hash, - verdict, - signed, - entropy, - yara_hits) - - except Exception as e: - print "Exception: {}".format(e) diff --git a/TyperHalfpop/findevilproc.py b/TyperHalfpop/findevilproc.py deleted file mode 100644 index 4af32f1..0000000 --- a/TyperHalfpop/findevilproc.py +++ /dev/null @@ -1,89 +0,0 @@ -# findevilproc -__author__ = "Tyler Halfpop" -__version__ = "0.1" -__license__ = "MIT" - -import os -import sys - -import volatility.debug as debug -import volatility.conf as conf -import volatility.utils as utils -import volatility.plugins.procdump as procdump -import volatility.plugins.taskmods as taskmods - -import findevilinfo - -class findEvilProc(procdump.ProcDump): - """ Find potential known bad processes - """ - - def __init__(self, config, *args, **kwargs): - procdump.ProcDump.__init__(self, config, *args, **kwargs) - self._config.DUMP_DIR = os.getcwd() + os.sep + "dump_tmp" - if not os.path.exists(self._config.DUMP_DIR): - os.mkdir(self._config.DUMP_DIR) - print "Creating Dump Dir {}".format(str(self._config.DUMP_DIR)) - else: - print "Dump Dir Already Exists {}".format(str(self._config.DUMP_DIR)) - - def render_text(self, outfd, data): - """ Dump processes and check for known bad - https://github.com/volatilityfoundation/volatility/blob/master/volatility/plugins/procdump.py - """ - - # Compile Yara Rules if configured - if findevilinfo.YARA_RULES_DIR != "INSERT_YARA_RULES_DIR_HERE": - ys = findevilinfo.YaraClass() - - # render_text from procdump - self.table_header(outfd, - [("Name", "20"), - ("Result", "25"), - ("Hash", "64"), - ("Verdict", "10"), - ("Signed", "8"), - ("Entropy", "12"), - ("Yara", ""),]) - - for task in data: - task_space = task.get_process_address_space() - if task_space == None: - result = "Error: Cannot acquire process AS" - elif task.Peb == None: - # we must use m() here, because any other attempt to - # reference task.Peb will try to instantiate the _PEB - result = "Error: PEB at {0:#x} is unavailable (possibly due to paging)".format(task.m('Peb')) - elif task_space.vtop(task.Peb.ImageBaseAddress) == None: - result = "Error: ImageBaseAddress at {0:#x} is unavailable (possibly due to paging)".format(task.Peb.ImageBaseAddress) - else: - dump_file = "executable." + str(task.UniqueProcessId) + ".exe" - result = self.dump_pe(task_space, - task.Peb.ImageBaseAddress, - dump_file) - - # Full path of dumped file, get hash, VT, signed, entropy, yara - dumped_file = "{}{}{}".format(self._config.DUMP_DIR, os.sep, dump_file) - - file_hash = findevilinfo.get_hash(dumped_file) - signed = findevilinfo.check_signed(dumped_file) - entropy = findevilinfo.get_entropy(dumped_file) - - if findevilinfo.VT_API_KEY == "INSERT_VT_API_KEY_HERE": - verdict = "NO_API_KEY" - else: - verdict = findevilinfo.get_VT_verdict(file_hash) - - if findevilinfo.YARA_RULES_DIR == "INSERT_YARA_RULES_DIR_HERE": - yara_hits = "NO_YARA_RULES_DIR" - else: - yara_hits = ys.scan(dumped_file) - - self.table_row(outfd, - task.ImageFileName, - result, - file_hash, - verdict, - signed, - entropy, - yara_hits) # [INFO ] Executing command ['git', 'rev-parse', 'aef986cda5f8b70a8a9cce56445eeaa0880aa83b^{commit}'] as user 'root' in directory '/usr/lib/python2.7/dist-packages/volatility/plugins/community' mesg: ttyname failed: Inappropriate ioctl for device # [DEBUG ] stdout: aef986cda5f8b70a8a9cce56445eeaa0880aa83b^{commit} # [DEBUG ] stderr: fatal: ambiguous argument 'aef986cda5f8b70a8a9cce56445eeaa0880aa83b^{commit}': unknown revision or path not in the working tree. Use '--' to separate paths from revisions, like this: 'git [...] -- [...]' # [DEBUG ] retcode: 128 # [ERROR ] Repository would be updated from acc4319 to aef986c, but there are uncommitted changes. Set 'force_reset' to True to force this update and discard these changes. # [INFO ] Completed state [https://github.com/sans-dfir/volatility-plugins-community.git] at time 14:13:21.356361 duration_in_ms=2162.217 # [DEBUG ] LazyLoaded acme.cert # [DEBUG ] LazyLoaded at.at # [DEBUG ] Could not LazyLoad augeas.execute: 'augeas.execute' is not available. # [DEBUG ] LazyLoaded boto3_elasticache.cache_cluster_exists # [DEBUG ] LazyLoaded boto3_route53.find_hosted_zone # [DEBUG ] LazyLoaded boto_apigateway.describe_apis # [DEBUG ] LazyLoaded boto_asg.exists # [DEBUG ] LazyLoaded boto_cfn.exists # [DEBUG ] LazyLoaded boto_cloudtrail.exists # [DEBUG ] LazyLoaded boto_cloudwatch.get_alarm # [DEBUG ] LazyLoaded boto_cloudwatch_event.exists # [DEBUG ] LazyLoaded boto_cognitoidentity.describe_identity_pools # [DEBUG ] LazyLoaded boto_dynamodb.exists # [DEBUG ] LazyLoaded boto_ec2.get_key # [DEBUG ] LazyLoaded boto_elasticache.exists # [DEBUG ] LazyLoaded boto_elasticsearch_domain.exists # [DEBUG ] LazyLoaded boto_elb.exists # [DEBUG ] LazyLoaded boto_elbv2.target_group_exists # [DEBUG ] LazyLoaded boto_iam.get_user # [DEBUG ] LazyLoaded boto_iam.role_exists # [DEBUG ] LazyLoaded boto_iot.policy_exists # [DEBUG ] LazyLoaded boto_kinesis.exists # [DEBUG ] LazyLoaded boto_kms.describe_key # [DEBUG ] LazyLoaded boto_lambda.function_exists # [DEBUG ] LazyLoaded boto_asg.exists # [DEBUG ] LazyLoaded boto_rds.exists # [DEBUG ] LazyLoaded boto_route53.get_record # [DEBUG ] LazyLoaded boto_s3_bucket.exists # [DEBUG ] LazyLoaded boto_secgroup.exists # [DEBUG ] LazyLoaded boto_sns.exists # [DEBUG ] LazyLoaded boto_sqs.exists # [DEBUG ] LazyLoaded boto_vpc.exists # [DEBUG ] LazyLoaded bower.list # [DEBUG ] LazyLoaded chef.client # [DEBUG ] LazyLoaded chocolatey.install # [DEBUG ] LazyLoaded cisconso.set_data_value # [DEBUG ] LazyLoaded cyg.list # [DEBUG ] LazyLoaded chassis.cmd # [DEBUG ] Could not LazyLoad docker.version: 'docker.version' is not available. # [DEBUG ] Could not LazyLoad docker.version: 'docker.version' is not available. # [DEBUG ] Could not LazyLoad docker.version: 'docker.version' is not available. # [DEBUG ] Could not LazyLoad docker.version: 'docker.version' is not available. # [DEBUG ] Could not LazyLoad docker.version: 'docker.version' is not available. # [DEBUG ] LazyLoaded eselect.exec_action # [DEBUG ] LazyLoaded esxi.cmd # [DEBUG ] LazyLoaded github.list_users # [DEBUG ] LazyLoaded glusterfs.list_volumes # [DEBUG ] LazyLoaded elasticsearch.exists # [DEBUG ] LazyLoaded icinga2.generate_ticket # [DEBUG ] LazyLoaded ifttt.trigger_event # [DEBUG ] Could not LazyLoad influxdb08.db_exists: 'influxdb08.db_exists' is not available. # [DEBUG ] Could not LazyLoad influxdb08.db_exists: 'influxdb08.db_exists' is not available. # [DEBUG ] Could not LazyLoad influxdb.db_exists: 'influxdb.db_exists' is not available. # [DEBUG ] Could not LazyLoad influxdb.db_exists: 'influxdb.db_exists' is not available. # [DEBUG ] Could not LazyLoad influxdb.db_exists: 'influxdb.db_exists' is not available. # [DEBUG ] Could not LazyLoad influxdb.db_exists: 'influxdb.db_exists' is not available. # [DEBUG ] LazyLoaded ipset.version # [DEBUG ] LazyLoaded kapacitor.version # [DEBUG ] LazyLoaded keystone.auth # [DEBUG ] LazyLoaded kubernetes.ping # [DEBUG ] LazyLoaded layman.add # [DEBUG ] LazyLoaded lvs.get_rules # [DEBUG ] LazyLoaded lvs.get_rules # [DEBUG ] LazyLoaded makeconf.get_var # [DEBUG ] LazyLoaded memcached.status # [DEBUG ] LazyLoaded mongodb.user_exists # [DEBUG ] LazyLoaded monit.summary # [DEBUG ] LazyLoaded nftables.version # [DEBUG ] LazyLoaded npm.list # [DEBUG ] LazyLoaded nxos.cmd # [DEBUG ] LazyLoaded openvswitch.bridge_create # [DEBUG ] LazyLoaded openvswitch.port_add # [DEBUG ] LazyLoaded pecl.list # [DEBUG ] LazyLoaded portage_config.get_missing_flags # [DEBUG ] LazyLoaded postgres.cluster_exists # [DEBUG ] LazyLoaded postgres.user_exists # [DEBUG ] LazyLoaded postgres.create_extension # [DEBUG ] LazyLoaded postgres.group_create # [DEBUG ] LazyLoaded postgres.datadir_init # [DEBUG ] LazyLoaded postgres.language_create # [DEBUG ] LazyLoaded postgres.privileges_grant # [DEBUG ] LazyLoaded postgres.schema_exists # [DEBUG ] LazyLoaded postgres.tablespace_exists # [DEBUG ] LazyLoaded postgres.user_exists # [DEBUG ] LazyLoaded quota.report # [DEBUG ] Could not LazyLoad rbac.profile_list: 'rbac.profile_list' is not available. # [DEBUG ] LazyLoaded rdp.enable # [DEBUG ] LazyLoaded reg.read_value # [DEBUG ] LazyLoaded selinux.getenforce # [DEBUG ] Could not LazyLoad vmadm.create: 'vmadm.create' is not available. # [DEBUG ] LazyLoaded snapper.diff # [DEBUG ] LazyLoaded splunk.list_users # [DEBUG ] LazyLoaded splunk_search.get # [DEBUG ] LazyLoaded stormpath.create_account # [DEBUG ] LazyLoaded tls.cert_info # [DEBUG ] LazyLoaded tomcat.status # [DEBUG ] LazyLoaded trafficserver.set_config # [DEBUG ] LazyLoaded victorops.create_event # [DEBUG ] LazyLoaded virt.node_info # [DEBUG ] LazyLoaded win_dacl.add_ace # [DEBUG ] LazyLoaded win_dns_client.add_dns # [DEBUG ] Could not LazyLoad firewall.get_config: 'firewall.get_config' is not available. # [DEBUG ] LazyLoaded win_iis.create_site # [DEBUG ] Could not LazyLoad lgpo.set: 'lgpo.set' is not available. # [DEBUG ] LazyLoaded win_path.rehash # [DEBUG ] LazyLoaded win_pki.get_stores # [DEBUG ] LazyLoaded win_servermanager.install # [DEBUG ] LazyLoaded win_smtp_server.get_server_setting # [DEBUG ] LazyLoaded win_snmp.get_agent_settings # [DEBUG ] LazyLoaded xmpp.send_msg # [DEBUG ] LazyLoaded zabbix.host_create # [DEBUG ] LazyLoaded zabbix.hostgroup_create # [DEBUG ] LazyLoaded zabbix.mediatype_create # [DEBUG ] LazyLoaded zabbix.user_create # [DEBUG ] LazyLoaded zabbix.usergroup_create # [DEBUG ] LazyLoaded zk_concurrency.lock # [DEBUG ] LazyLoaded zonecfg.create # [DEBUG ] LazyLoaded zpool.create # [DEBUG ] Could not LazyLoad file.mod_watch: 'file.mod_watch' is not available. # [INFO ] Running state [/usr/lib/python2.7/dist-packages/volatility/plugins/sift/] at time 14:13:21.929861 # [INFO ] Executing state file.recurse for [/usr/lib/python2.7/dist-packages/volatility/plugins/sift/] # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/files/volatility/sqlite_help.py' to resolve 'salt://sift/files/volatility/sqlite_help.py' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/files/volatility/sqlite_help.py' to resolve 'salt://sift/files/volatility/sqlite_help.py' # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/files/volatility/pstotal.py' to resolve 'salt://sift/files/volatility/pstotal.py' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/files/volatility/pstotal.py' to resolve 'salt://sift/files/volatility/pstotal.py' # [DEBUG ] Fetching file from saltenv 'base', ** attempting ** 'salt://sift/files/volatility/pstotal.py' # [DEBUG ] No dest file found # [INFO ] Fetching file from saltenv 'base', ** done ** 'sift/files/volatility/pstotal.py' # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/files/volatility/__init__.py' to resolve 'salt://sift/files/volatility/__init__.py' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/files/volatility/__init__.py' to resolve 'salt://sift/files/volatility/__init__.py' # [INFO ] {u'/usr/lib/python2.7/dist-packages/volatility/plugins/sift/pstotal.py': {'diff': "--- \n+++ \n@@ -50,7 +50,7 @@\n def __init__(self, config,*args, **kwargs):\n common.AbstractWindowsCommand.__init__(self, config, *args, **kwargs)\n config.add_option('SHORT', short_option = 'S', default = False, help = 'Interesting processes only', action = 'store_true')\n- config.add_option('CMD', short_option = 'C', default = False, help = 'Display process command line. All {} removed', action = 'store_true')\n+ config.add_option('CMD', short_option = 'c', default = False, help = 'Display process command line. All {} removed', action = 'store_true')\n config.add_option('PATH', short_option = 'P', default = False, help = 'Display process image path', action = 'store_true')\n \n def render_text(self, outfd, data):\n"}} # [DEBUG ] Refreshing modules... # [INFO ] Loading fresh modules for state activity # [DEBUG ] LazyLoaded jinja.render # [DEBUG ] LazyLoaded yaml.render # [INFO ] Completed state [/usr/lib/python2.7/dist-packages/volatility/plugins/sift/] at time 14:13:22.078802 duration_in_ms=148.94 # [DEBUG ] LazyLoaded config.option # [DEBUG ] LazyLoaded file.absent # [DEBUG ] Module DSC: Only available on Windows systems # [DEBUG ] Module PSGet: Only available on Windows systems # [DEBUG ] Could not LazyLoad acme.cert: 'acme' __virtual__ returned False: The ACME execution module cannot be loaded: letsencrypt-auto not installed. # [DEBUG ] LazyLoaded at.at # [DEBUG ] Could not LazyLoad augeas.execute: 'augeas.execute' is not available. # [DEBUG ] LazyLoaded boto3_elasticache.cache_cluster_exists # [DEBUG ] LazyLoaded boto3_route53.find_hosted_zone # [DEBUG ] LazyLoaded boto_apigateway.describe_apis # [DEBUG ] LazyLoaded boto_asg.exists # [DEBUG ] LazyLoaded boto_cfn.exists # [DEBUG ] LazyLoaded boto_cloudtrail.exists # [DEBUG ] LazyLoaded boto_cloudwatch.get_alarm # [DEBUG ] LazyLoaded boto_cloudwatch_event.exists # [DEBUG ] LazyLoaded boto_cognitoidentity.describe_identity_pools # [DEBUG ] LazyLoaded boto_datapipeline.create_pipeline # [DEBUG ] LazyLoaded boto_dynamodb.exists # [DEBUG ] LazyLoaded boto_ec2.get_key # [DEBUG ] LazyLoaded boto_elasticache.exists # [DEBUG ] LazyLoaded boto_elasticsearch_domain.exists # [DEBUG ] LazyLoaded boto_elb.exists # [DEBUG ] LazyLoaded boto_elbv2.target_group_exists # [DEBUG ] LazyLoaded boto_iam.get_user # [DEBUG ] LazyLoaded boto_iam.role_exists # [DEBUG ] LazyLoaded boto_iot.policy_exists # [DEBUG ] LazyLoaded boto_kinesis.exists # [DEBUG ] LazyLoaded boto_kms.describe_key # [DEBUG ] LazyLoaded boto_lambda.function_exists # [DEBUG ] LazyLoaded boto_asg.exists # [DEBUG ] LazyLoaded boto_rds.exists # [DEBUG ] LazyLoaded boto_route53.get_record # [DEBUG ] LazyLoaded boto_s3_bucket.exists # [DEBUG ] LazyLoaded boto_secgroup.exists # [DEBUG ] LazyLoaded boto_sns.exists # [DEBUG ] LazyLoaded boto_sqs.exists # [DEBUG ] LazyLoaded boto_vpc.exists # [DEBUG ] LazyLoaded bower.list # [DEBUG ] LazyLoaded chef.client # [DEBUG ] LazyLoaded chocolatey.install # [DEBUG ] LazyLoaded cisconso.set_data_value # [DEBUG ] LazyLoaded cyg.list # [DEBUG ] LazyLoaded chassis.cmd # [DEBUG ] Could not LazyLoad docker.version: 'docker.version' is not available. # [DEBUG ] Could not LazyLoad docker.version: 'docker.version' is not available. # [DEBUG ] Could not LazyLoad docker.version: 'docker.version' is not available. # [DEBUG ] Could not LazyLoad docker.version: 'docker.version' is not available. # [DEBUG ] Could not LazyLoad docker.version: 'docker.version' is not available. # [DEBUG ] LazyLoaded eselect.exec_action # [DEBUG ] LazyLoaded esxi.cmd # [DEBUG ] LazyLoaded github.list_users # [DEBUG ] LazyLoaded glusterfs.list_volumes # [DEBUG ] LazyLoaded elasticsearch.exists # [DEBUG ] LazyLoaded icinga2.generate_ticket # [DEBUG ] LazyLoaded ifttt.trigger_event # [DEBUG ] Could not LazyLoad influxdb08.db_exists: 'influxdb08.db_exists' is not available. # [DEBUG ] Could not LazyLoad influxdb08.db_exists: 'influxdb08.db_exists' is not available. # [DEBUG ] Could not LazyLoad influxdb.db_exists: 'influxdb.db_exists' is not available. # [DEBUG ] Could not LazyLoad influxdb.db_exists: 'influxdb.db_exists' is not available. # [DEBUG ] Could not LazyLoad influxdb.db_exists: 'influxdb.db_exists' is not available. # [DEBUG ] Could not LazyLoad influxdb.db_exists: 'influxdb.db_exists' is not available. # [DEBUG ] LazyLoaded ipset.version # [DEBUG ] LazyLoaded kapacitor.version # [DEBUG ] LazyLoaded keystone.auth # [DEBUG ] LazyLoaded kubernetes.ping # [DEBUG ] LazyLoaded layman.add # [DEBUG ] LazyLoaded lvs.get_rules # [DEBUG ] LazyLoaded lvs.get_rules # [DEBUG ] LazyLoaded makeconf.get_var # [DEBUG ] LazyLoaded memcached.status # [DEBUG ] LazyLoaded mongodb.user_exists # [DEBUG ] LazyLoaded monit.summary # [DEBUG ] LazyLoaded nftables.version # [DEBUG ] LazyLoaded npm.list # [DEBUG ] LazyLoaded nxos.cmd # [DEBUG ] LazyLoaded openvswitch.bridge_create # [DEBUG ] LazyLoaded openvswitch.port_add # [DEBUG ] LazyLoaded pecl.list # [DEBUG ] LazyLoaded portage_config.get_missing_flags # [DEBUG ] LazyLoaded postgres.cluster_exists # [DEBUG ] LazyLoaded postgres.user_exists # [DEBUG ] LazyLoaded postgres.create_extension # [DEBUG ] LazyLoaded postgres.group_create # [DEBUG ] LazyLoaded postgres.datadir_init # [DEBUG ] LazyLoaded postgres.language_create # [DEBUG ] LazyLoaded postgres.privileges_grant # [DEBUG ] LazyLoaded postgres.schema_exists # [DEBUG ] LazyLoaded postgres.tablespace_exists # [DEBUG ] LazyLoaded postgres.user_exists # [DEBUG ] LazyLoaded quota.report # [DEBUG ] Could not LazyLoad rbac.profile_list: 'rbac.profile_list' is not available. # [DEBUG ] LazyLoaded rdp.enable # [DEBUG ] LazyLoaded reg.read_value # [DEBUG ] LazyLoaded selinux.getenforce # [DEBUG ] Could not LazyLoad vmadm.create: 'vmadm.create' is not available. # [DEBUG ] LazyLoaded snapper.diff # [DEBUG ] LazyLoaded splunk.list_users # [DEBUG ] LazyLoaded splunk_search.get # [DEBUG ] LazyLoaded stormpath.create_account # [DEBUG ] LazyLoaded tls.cert_info # [DEBUG ] LazyLoaded tomcat.status # [DEBUG ] LazyLoaded trafficserver.set_config # [DEBUG ] LazyLoaded victorops.create_event # [DEBUG ] LazyLoaded virt.node_info # [DEBUG ] LazyLoaded win_dacl.add_ace # [DEBUG ] LazyLoaded win_dns_client.add_dns # [DEBUG ] Could not LazyLoad firewall.get_config: 'firewall.get_config' is not available. # [DEBUG ] LazyLoaded win_iis.create_site # [DEBUG ] Could not LazyLoad lgpo.set: 'lgpo.set' is not available. # [DEBUG ] LazyLoaded win_path.rehash # [DEBUG ] LazyLoaded win_pki.get_stores # [DEBUG ] LazyLoaded win_servermanager.install # [DEBUG ] LazyLoaded win_smtp_server.get_server_setting # [DEBUG ] LazyLoaded win_snmp.get_agent_settings # [DEBUG ] LazyLoaded xmpp.send_msg # [DEBUG ] LazyLoaded zabbix.host_create # [DEBUG ] LazyLoaded zabbix.hostgroup_create # [DEBUG ] LazyLoaded zabbix.mediatype_create # [DEBUG ] LazyLoaded zabbix.user_create # [DEBUG ] LazyLoaded zabbix.usergroup_create # [DEBUG ] LazyLoaded zk_concurrency.lock # [DEBUG ] LazyLoaded zonecfg.create # [DEBUG ] LazyLoaded zpool.create # [DEBUG ] Could not LazyLoad file.mod_watch: 'file.mod_watch' is not available. # [INFO ] Running state [/usr/lib/python2.7/dist-packages/volatility/plugins/malprocfind.py] at time 14:13:22.829653 # [INFO ] Executing state file.absent for [/usr/lib/python2.7/dist-packages/volatility/plugins/malprocfind.py] # [INFO ] File /usr/lib/python2.7/dist-packages/volatility/plugins/malprocfind.py is not present # [INFO ] Completed state [/usr/lib/python2.7/dist-packages/volatility/plugins/malprocfind.py] at time 14:13:22.830293 duration_in_ms=0.64 # [DEBUG ] Could not LazyLoad file.mod_watch: 'file.mod_watch' is not available. # [INFO ] Running state [/usr/lib/python2.7/dist-packages/volatility/plugins/idxparser.py] at time 14:13:22.835244 # [INFO ] Executing state file.absent for [/usr/lib/python2.7/dist-packages/volatility/plugins/idxparser.py] # [INFO ] File /usr/lib/python2.7/dist-packages/volatility/plugins/idxparser.py is not present # [INFO ] Completed state [/usr/lib/python2.7/dist-packages/volatility/plugins/idxparser.py] at time 14:13:22.835700 duration_in_ms=0.456 # [DEBUG ] Could not LazyLoad file.mod_watch: 'file.mod_watch' is not available. # [INFO ] Running state [/usr/lib/python2.7/dist-packages/volatility/plugins/chromehistory.py] at time 14:13:22.840932 # [INFO ] Executing state file.absent for [/usr/lib/python2.7/dist-packages/volatility/plugins/chromehistory.py] # [INFO ] File /usr/lib/python2.7/dist-packages/volatility/plugins/chromehistory.py is not present # [INFO ] Completed state [/usr/lib/python2.7/dist-packages/volatility/plugins/chromehistory.py] at time 14:13:22.841496 duration_in_ms=0.564 # [DEBUG ] Could not LazyLoad file.mod_watch: 'file.mod_watch' is not available. # [INFO ] Running state [/usr/lib/python2.7/dist-packages/volatility/plugins/mimikatz.py] at time 14:13:22.846627 # [INFO ] Executing state file.absent for [/usr/lib/python2.7/dist-packages/volatility/plugins/mimikatz.py] # [INFO ] File /usr/lib/python2.7/dist-packages/volatility/plugins/mimikatz.py is not present # [INFO ] Completed state [/usr/lib/python2.7/dist-packages/volatility/plugins/mimikatz.py] at time 14:13:22.847464 duration_in_ms=0.836 # [DEBUG ] Could not LazyLoad file.mod_watch: 'file.mod_watch' is not available. # [INFO ] Running state [/usr/lib/python2.7/dist-packages/volatility/plugins/openioc_scan.py] at time 14:13:22.853062 # [INFO ] Executing state file.absent for [/usr/lib/python2.7/dist-packages/volatility/plugins/openioc_scan.py] # [INFO ] File /usr/lib/python2.7/dist-packages/volatility/plugins/openioc_scan.py is not present # [INFO ] Completed state [/usr/lib/python2.7/dist-packages/volatility/plugins/openioc_scan.py] at time 14:13:22.854003 duration_in_ms=0.942 # [DEBUG ] Could not LazyLoad file.mod_watch: 'file.mod_watch' is not available. # [INFO ] Running state [/usr/lib/python2.7/dist-packages/volatility/plugins/pstotal.py] at time 14:13:22.859486 # [INFO ] Executing state file.absent for [/usr/lib/python2.7/dist-packages/volatility/plugins/pstotal.py] # [INFO ] File /usr/lib/python2.7/dist-packages/volatility/plugins/pstotal.py is not present # [INFO ] Completed state [/usr/lib/python2.7/dist-packages/volatility/plugins/pstotal.py] at time 14:13:22.860015 duration_in_ms=0.529 # [DEBUG ] Could not LazyLoad file.mod_watch: 'file.mod_watch' is not available. # [INFO ] Running state [/usr/lib/python2.7/dist-packages/volatility/plugins/firefoxhistory.py] at time 14:13:22.865229 # [INFO ] Executing state file.absent for [/usr/lib/python2.7/dist-packages/volatility/plugins/firefoxhistory.py] # [INFO ] File /usr/lib/python2.7/dist-packages/volatility/plugins/firefoxhistory.py is not present # [INFO ] Completed state [/usr/lib/python2.7/dist-packages/volatility/plugins/firefoxhistory.py] at time 14:13:22.865963 duration_in_ms=0.734 # [DEBUG ] Could not LazyLoad file.mod_watch: 'file.mod_watch' is not available. # [INFO ] Running state [/usr/lib/python2.7/dist-packages/volatility/plugins/autoruns.py] at time 14:13:22.871932 # [INFO ] Executing state file.absent for [/usr/lib/python2.7/dist-packages/volatility/plugins/autoruns.py] # [INFO ] File /usr/lib/python2.7/dist-packages/volatility/plugins/autoruns.py is not present # [INFO ] Completed state [/usr/lib/python2.7/dist-packages/volatility/plugins/autoruns.py] at time 14:13:22.872893 duration_in_ms=0.962 # [DEBUG ] Could not LazyLoad file.mod_watch: 'file.mod_watch' is not available. # [INFO ] Running state [/usr/lib/python2.7/dist-packages/volatility/plugins/malfinddeep.py] at time 14:13:22.878464 # [INFO ] Executing state file.absent for [/usr/lib/python2.7/dist-packages/volatility/plugins/malfinddeep.py] # [INFO ] File /usr/lib/python2.7/dist-packages/volatility/plugins/malfinddeep.py is not present # [INFO ] Completed state [/usr/lib/python2.7/dist-packages/volatility/plugins/malfinddeep.py] at time 14:13:22.879085 duration_in_ms=0.622 # [DEBUG ] Could not LazyLoad file.mod_watch: 'file.mod_watch' is not available. # [INFO ] Running state [/usr/lib/python2.7/dist-packages/volatility/plugins/prefetch.py] at time 14:13:22.884150 # [INFO ] Executing state file.absent for [/usr/lib/python2.7/dist-packages/volatility/plugins/prefetch.py] # [INFO ] File /usr/lib/python2.7/dist-packages/volatility/plugins/prefetch.py is not present # [INFO ] Completed state [/usr/lib/python2.7/dist-packages/volatility/plugins/prefetch.py] at time 14:13:22.884759 duration_in_ms=0.61 # [DEBUG ] Could not LazyLoad file.mod_watch: 'file.mod_watch' is not available. # [INFO ] Running state [/usr/lib/python2.7/dist-packages/volatility/plugins/baseline.py] at time 14:13:22.890857 # [INFO ] Executing state file.absent for [/usr/lib/python2.7/dist-packages/volatility/plugins/baseline.py] # [INFO ] File /usr/lib/python2.7/dist-packages/volatility/plugins/baseline.py is not present # [INFO ] Completed state [/usr/lib/python2.7/dist-packages/volatility/plugins/baseline.py] at time 14:13:22.891428 duration_in_ms=0.572 # [DEBUG ] Could not LazyLoad file.mod_watch: 'file.mod_watch' is not available. # [INFO ] Running state [/usr/lib/python2.7/dist-packages/volatility/plugins/ssdeepscan.py] at time 14:13:22.896371 # [INFO ] Executing state file.absent for [/usr/lib/python2.7/dist-packages/volatility/plugins/ssdeepscan.py] # [INFO ] File /usr/lib/python2.7/dist-packages/volatility/plugins/ssdeepscan.py is not present # [INFO ] Completed state [/usr/lib/python2.7/dist-packages/volatility/plugins/ssdeepscan.py] at time 14:13:22.896867 duration_in_ms=0.496 # [DEBUG ] Could not LazyLoad file.mod_watch: 'file.mod_watch' is not available. # [INFO ] Running state [/usr/lib/python2.7/dist-packages/volatility/plugins/uninstallinfo.py] at time 14:13:22.901814 # [INFO ] Executing state file.absent for [/usr/lib/python2.7/dist-packages/volatility/plugins/uninstallinfo.py] # [INFO ] File /usr/lib/python2.7/dist-packages/volatility/plugins/uninstallinfo.py is not present # [INFO ] Completed state [/usr/lib/python2.7/dist-packages/volatility/plugins/uninstallinfo.py] at time 14:13:22.902319 duration_in_ms=0.505 # [DEBUG ] Could not LazyLoad file.mod_watch: 'file.mod_watch' is not available. # [INFO ] Running state [/usr/lib/python2.7/dist-packages/volatility/plugins/trustrecords.py] at time 14:13:22.909094 # [INFO ] Executing state file.absent for [/usr/lib/python2.7/dist-packages/volatility/plugins/trustrecords.py] # [INFO ] File /usr/lib/python2.7/dist-packages/volatility/plugins/trustrecords.py is not present # [INFO ] Completed state [/usr/lib/python2.7/dist-packages/volatility/plugins/trustrecords.py] at time 14:13:22.910030 duration_in_ms=0.936 # [DEBUG ] Could not LazyLoad file.mod_watch: 'file.mod_watch' is not available. # [INFO ] Running state [/usr/lib/python2.7/dist-packages/volatility/plugins/usnparser.py] at time 14:13:22.915463 # [INFO ] Executing state file.absent for [/usr/lib/python2.7/dist-packages/volatility/plugins/usnparser.py] # [INFO ] File /usr/lib/python2.7/dist-packages/volatility/plugins/usnparser.py is not present # [INFO ] Completed state [/usr/lib/python2.7/dist-packages/volatility/plugins/usnparser.py] at time 14:13:22.916339 duration_in_ms=0.876 # [DEBUG ] Could not LazyLoad file.mod_watch: 'file.mod_watch' is not available. # [INFO ] Running state [/usr/lib/python2.7/dist-packages/volatility/plugins/apihooksdeep.py] at time 14:13:22.922579 # [INFO ] Executing state file.absent for [/usr/lib/python2.7/dist-packages/volatility/plugins/apihooksdeep.py] # [INFO ] File /usr/lib/python2.7/dist-packages/volatility/plugins/apihooksdeep.py is not present # [INFO ] Completed state [/usr/lib/python2.7/dist-packages/volatility/plugins/apihooksdeep.py] at time 14:13:22.923280 duration_in_ms=0.701 # [DEBUG ] Could not LazyLoad file.mod_watch: 'file.mod_watch' is not available. # [INFO ] Running state [/usr/lib/python2.7/dist-packages/volatility/plugins/editbox.py] at time 14:13:22.928614 # [INFO ] Executing state file.absent for [/usr/lib/python2.7/dist-packages/volatility/plugins/editbox.py] # [INFO ] File /usr/lib/python2.7/dist-packages/volatility/plugins/editbox.py is not present # [INFO ] Completed state [/usr/lib/python2.7/dist-packages/volatility/plugins/editbox.py] at time 14:13:22.929166 duration_in_ms=0.553 # [DEBUG ] Could not LazyLoad file.mod_watch: 'file.mod_watch' is not available. # [INFO ] Running state [/usr/lib/python2.7/dist-packages/volatility/plugins/javarat.py] at time 14:13:22.934086 # [INFO ] Executing state file.absent for [/usr/lib/python2.7/dist-packages/volatility/plugins/javarat.py] # [INFO ] File /usr/lib/python2.7/dist-packages/volatility/plugins/javarat.py is not present # [INFO ] Completed state [/usr/lib/python2.7/dist-packages/volatility/plugins/javarat.py] at time 14:13:22.934605 duration_in_ms=0.519 # [INFO ] Running state [python-yara] at time 14:13:22.934740 # [INFO ] Executing state pkg.installed for [python-yara] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] Package python-yara is already installed # [INFO ] Completed state [python-yara] at time 14:13:22.942270 duration_in_ms=7.529 # [INFO ] Running state [qemu] at time 14:13:22.942450 # [INFO ] Executing state pkg.installed for [qemu] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] Package qemu is already installed # [INFO ] Completed state [qemu] at time 14:13:22.947401 duration_in_ms=4.951 # [INFO ] Running state [qemu-utils] at time 14:13:22.947544 # [INFO ] Executing state pkg.installed for [qemu-utils] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] Package qemu-utils is already installed # [INFO ] Completed state [qemu-utils] at time 14:13:22.953226 duration_in_ms=5.682 # [INFO ] Running state [radare2] at time 14:13:22.953422 # [INFO ] Executing state pkg.installed for [radare2] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] Package radare2 is already installed # [INFO ] Completed state [radare2] at time 14:13:22.960788 duration_in_ms=7.364 # [INFO ] Running state [rar] at time 14:13:22.962462 # [INFO ] Executing state pkg.installed for [rar] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] Package rar is already installed # [INFO ] Completed state [rar] at time 14:13:22.969004 duration_in_ms=6.542 # [INFO ] Running state [readpst] at time 14:13:22.969240 # [INFO ] Executing state pkg.installed for [readpst] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] Package readpst is already installed # [INFO ] Completed state [readpst] at time 14:13:22.975920 duration_in_ms=6.68 # [INFO ] Running state [rsakeyfind] at time 14:13:22.976111 # [INFO ] Executing state pkg.installed for [rsakeyfind] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] Package rsakeyfind is already installed # [INFO ] Completed state [rsakeyfind] at time 14:13:22.981566 duration_in_ms=5.454 # [INFO ] Running state [safecopy] at time 14:13:22.981729 # [INFO ] Executing state pkg.installed for [safecopy] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] Package safecopy is already installed # [INFO ] Completed state [safecopy] at time 14:13:22.987279 duration_in_ms=5.549 # [INFO ] Running state [samba] at time 14:13:22.987539 # [INFO ] Executing state pkg.installed for [samba] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] Package samba is already installed # [INFO ] Completed state [samba] at time 14:13:22.993150 duration_in_ms=5.611 # [INFO ] Running state [samdump2] at time 14:13:22.993298 # [INFO ] Executing state pkg.installed for [samdump2] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] Package samdump2 is already installed # [INFO ] Completed state [samdump2] at time 14:13:22.998634 duration_in_ms=5.335 # [INFO ] Running state [scalpel] at time 14:13:22.998829 # [INFO ] Executing state pkg.installed for [scalpel] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] Package scalpel is already installed # [INFO ] Completed state [scalpel] at time 14:13:23.005020 duration_in_ms=6.191 # [INFO ] Running state [sleuthkit] at time 14:13:23.005192 # [INFO ] Executing state pkg.installed for [sleuthkit] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] Package sleuthkit is already installed # [INFO ] Completed state [sleuthkit] at time 14:13:23.010915 duration_in_ms=5.722 # [INFO ] Running state [socat] at time 14:13:23.011107 # [INFO ] Executing state pkg.installed for [socat] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] Package socat is already installed # [INFO ] Completed state [socat] at time 14:13:23.016631 duration_in_ms=5.524 # [INFO ] Running state [ssdeep] at time 14:13:23.016787 # [INFO ] Executing state pkg.installed for [ssdeep] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] Package ssdeep is already installed # [INFO ] Completed state [ssdeep] at time 14:13:23.022334 duration_in_ms=5.546 # [INFO ] Running state [ssldump] at time 14:13:23.022517 # [INFO ] Executing state pkg.installed for [ssldump] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] Package ssldump is already installed # [INFO ] Completed state [ssldump] at time 14:13:23.027507 duration_in_ms=4.99 # [INFO ] Running state [sslsniff] at time 14:13:23.027654 # [INFO ] Executing state pkg.installed for [sslsniff] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] Package sslsniff is already installed # [INFO ] Completed state [sslsniff] at time 14:13:23.032797 duration_in_ms=5.142 # [INFO ] Running state [stunnel4] at time 14:13:23.032934 # [INFO ] Executing state pkg.installed for [stunnel4] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] Package stunnel4 is already installed # [INFO ] Completed state [stunnel4] at time 14:13:23.037882 duration_in_ms=4.948 # [INFO ] Running state [system-config-samba] at time 14:13:23.038046 # [INFO ] Executing state pkg.installed for [system-config-samba] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] Package system-config-samba is already installed # [INFO ] Completed state [system-config-samba] at time 14:13:23.044004 duration_in_ms=5.958 # [INFO ] Running state [tcl] at time 14:13:23.044221 # [INFO ] Executing state pkg.installed for [tcl] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] Package tcl is already installed # [INFO ] Completed state [tcl] at time 14:13:23.049880 duration_in_ms=5.659 # [INFO ] Running state [tcpflow] at time 14:13:23.050049 # [INFO ] Executing state pkg.installed for [tcpflow] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] Package tcpflow is already installed # [INFO ] Completed state [tcpflow] at time 14:13:23.056701 duration_in_ms=6.651 # [INFO ] Running state [tcpick] at time 14:13:23.056895 # [INFO ] Executing state pkg.installed for [tcpick] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] Package tcpick is already installed # [INFO ] Completed state [tcpick] at time 14:13:23.063340 duration_in_ms=6.445 # [INFO ] Running state [tcpreplay] at time 14:13:23.063509 # [INFO ] Executing state pkg.installed for [tcpreplay] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] Package tcpreplay is already installed # [INFO ] Completed state [tcpreplay] at time 14:13:23.068899 duration_in_ms=5.39 # [INFO ] Running state [tcpslice] at time 14:13:23.069040 # [INFO ] Executing state pkg.installed for [tcpslice] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] Package tcpslice is already installed # [INFO ] Completed state [tcpslice] at time 14:13:23.074034 duration_in_ms=4.994 # [INFO ] Running state [tcpstat] at time 14:13:23.074186 # [INFO ] Executing state pkg.installed for [tcpstat] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] Package tcpstat is already installed # [INFO ] Completed state [tcpstat] at time 14:13:23.079464 duration_in_ms=5.277 # [INFO ] Running state [tcptrace] at time 14:13:23.079610 # [INFO ] Executing state pkg.installed for [tcptrace] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] Package tcptrace is already installed # [INFO ] Completed state [tcptrace] at time 14:13:23.084531 duration_in_ms=4.921 # [INFO ] Running state [tcptrack] at time 14:13:23.084673 # [INFO ] Executing state pkg.installed for [tcptrack] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] Package tcptrack is already installed # [INFO ] Completed state [tcptrack] at time 14:13:23.090660 duration_in_ms=5.987 # [INFO ] Running state [tcpxtract] at time 14:13:23.090848 # [INFO ] Executing state pkg.installed for [tcpxtract] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] Package tcpxtract is already installed # [INFO ] Completed state [tcpxtract] at time 14:13:23.096502 duration_in_ms=5.653 # [INFO ] Running state [testdisk] at time 14:13:23.096683 # [INFO ] Executing state pkg.installed for [testdisk] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] Package testdisk is already installed # [INFO ] Completed state [testdisk] at time 14:13:23.102181 duration_in_ms=5.497 # [INFO ] Running state [tofrodos] at time 14:13:23.102366 # [INFO ] Executing state pkg.installed for [tofrodos] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] Package tofrodos is already installed # [INFO ] Completed state [tofrodos] at time 14:13:23.108062 duration_in_ms=5.695 # [INFO ] Running state [transmission] at time 14:13:23.108224 # [INFO ] Executing state pkg.installed for [transmission] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] Package transmission is already installed # [INFO ] Completed state [transmission] at time 14:13:23.113369 duration_in_ms=5.145 # [INFO ] Running state [unity-control-center] at time 14:13:23.113541 # [INFO ] Executing state pkg.installed for [unity-control-center] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] Package unity-control-center is already installed # [INFO ] Completed state [unity-control-center] at time 14:13:23.118689 duration_in_ms=5.148 # [INFO ] Running state [unrar] at time 14:13:23.120250 # [INFO ] Executing state pkg.installed for [unrar] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] Package unrar is already installed # [INFO ] Completed state [unrar] at time 14:13:23.125652 duration_in_ms=5.402 # [INFO ] Running state [upx-ucl] at time 14:13:23.125808 # [INFO ] Executing state pkg.installed for [upx-ucl] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] Package upx-ucl is already installed # [INFO ] Completed state [upx-ucl] at time 14:13:23.130936 duration_in_ms=5.127 # [INFO ] Running state [vbindiff] at time 14:13:23.131144 # [INFO ] Executing state pkg.installed for [vbindiff] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] Package vbindiff is already installed # [INFO ] Completed state [vbindiff] at time 14:13:23.137050 duration_in_ms=5.904 # [INFO ] Running state [vim] at time 14:13:23.137247 # [INFO ] Executing state pkg.installed for [vim] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] Package vim is already installed # [INFO ] Completed state [vim] at time 14:13:23.143436 duration_in_ms=6.189 # [INFO ] Running state [virtuoso-minimal] at time 14:13:23.143608 # [INFO ] Executing state pkg.installed for [virtuoso-minimal] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] Package virtuoso-minimal is already installed # [INFO ] Completed state [virtuoso-minimal] at time 14:13:23.149416 duration_in_ms=5.808 # [INFO ] Running state [vmfs-tools] at time 14:13:23.149580 # [INFO ] Executing state pkg.installed for [vmfs-tools] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] Package vmfs-tools is already installed # [INFO ] Completed state [vmfs-tools] at time 14:13:23.155727 duration_in_ms=6.147 # [INFO ] Running state [winbind] at time 14:13:23.155920 # [INFO ] Executing state pkg.installed for [winbind] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] Package winbind is already installed # [INFO ] Completed state [winbind] at time 14:13:23.160966 duration_in_ms=5.046 # [INFO ] Running state [dpkg --add-architecture i386] at time 14:13:23.161099 # [INFO ] Executing state cmd.run for [dpkg --add-architecture i386] # [INFO ] Executing command 'dpkg --print-foreign-architectures | grep i386' in directory '/home/sansforensics' # [DEBUG ] output: i386 # [DEBUG ] Last command return code: 0 # [INFO ] unless execution succeeded # [INFO ] Completed state [dpkg --add-architecture i386] at time 14:13:23.253380 duration_in_ms=92.28 # [INFO ] Running state [sift-wine-apt-update] at time 14:13:23.256347 # [INFO ] Executing state pkg.uptodate for [sift-wine-apt-update] # [INFO ] Executing command ['apt-get', '-q', 'update'] in directory '/home/sansforensics' # [INFO ] Executing command ['apt-get', '--just-print', 'dist-upgrade'] in directory '/home/sansforensics' # [INFO ] Executing command ['apt-get', '-q', 'update'] in directory '/home/sansforensics' # [INFO ] Executing command ['systemd-run', '--scope', 'apt-get', '-q', '-y', '-o', 'DPkg::Options::=--force-confold', '-o', 'DPkg::Options::=--force-confdef', 'upgrade'] in directory '/home/sansforensics' # [INFO ] Executing command ['dpkg-query', '--showformat', '${Status} ${Package} ${Version} ${Architecture}', '-W'] in directory '/home/sansforensics' # [INFO ] Made the following changes: 'snapd-login-service' changed from '1.2-0ubuntu1.1~xenial' to '1.13-0ubuntu0.16.04.1' 'libpackagekit-glib2-16' changed from '0.8.17-4ubuntu6~gcc5.4ubuntu1.1' to '0.8.17-4ubuntu6~gcc5.4ubuntu1.2' 'ubuntu-core-launcher' changed from '2.26.10' to '2.27.5' 'gir1.2-packagekitglib-1.0' changed from '0.8.17-4ubuntu6~gcc5.4ubuntu1.1' to '0.8.17-4ubuntu6~gcc5.4ubuntu1.2' 'linux-firmware' changed from '1.157.11' to '1.157.12' 'libsnapd-glib1' changed from '1.2-0ubuntu1.1~xenial' to '1.13-0ubuntu0.16.04.1' 'snapd' changed from '2.26.10' to '2.27.5' # [DEBUG ] Refreshing modules... # [INFO ] Loading fresh modules for state activity # [DEBUG ] LazyLoaded jinja.render # [DEBUG ] LazyLoaded yaml.render # [INFO ] Completed state [sift-wine-apt-update] at time 14:15:58.094352 duration_in_ms=154838.005 # [DEBUG ] LazyLoaded config.option # [DEBUG ] LazyLoaded pkg.install # [DEBUG ] LazyLoaded pkg.installed # [INFO ] Running state [wine] at time 14:15:58.101446 # [INFO ] Executing state pkg.installed for [wine] # [DEBUG ] Module DSC: Only available on Windows systems # [DEBUG ] Module PSGet: Only available on Windows systems # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] Package wine is already installed # [INFO ] Completed state [wine] at time 14:15:58.734697 duration_in_ms=633.25 # [INFO ] Running state [wireshark] at time 14:15:58.734911 # [INFO ] Executing state pkg.installed for [wireshark] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] Package wireshark is already installed # [INFO ] Completed state [wireshark] at time 14:15:58.740711 duration_in_ms=5.799 # [INFO ] Running state [xdot] at time 14:15:58.740849 # [INFO ] Executing state pkg.installed for [xdot] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] Package xdot is already installed # [INFO ] Completed state [xdot] at time 14:15:58.746290 duration_in_ms=5.441 # [INFO ] Running state [xfsprogs] at time 14:15:58.746449 # [INFO ] Executing state pkg.installed for [xfsprogs] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] Package xfsprogs is already installed # [INFO ] Completed state [xfsprogs] at time 14:15:58.752364 duration_in_ms=5.915 # [INFO ] Running state [xmount] at time 14:15:58.752558 # [INFO ] Executing state pkg.installed for [xmount] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] Package xmount is already installed # [INFO ] Completed state [xmount] at time 14:15:58.757957 duration_in_ms=5.399 # [INFO ] Running state [xpdf] at time 14:15:58.758156 # [INFO ] Executing state pkg.installed for [xpdf] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] Package xpdf is already installed # [INFO ] Completed state [xpdf] at time 14:15:58.763781 duration_in_ms=5.623 # [INFO ] Running state [zenity] at time 14:15:58.763985 # [INFO ] Executing state pkg.installed for [zenity] # [DEBUG ] Could not LazyLoad pkg.normalize_name: 'pkg.normalize_name' is not available. # [INFO ] Package zenity is already installed # [INFO ] Completed state [zenity] at time 14:15:58.770239 duration_in_ms=6.254 # [DEBUG ] LazyLoaded test.nop # [DEBUG ] LazyLoaded boto_datapipeline.create_pipeline # [DEBUG ] LazyLoaded pip.installed # [INFO ] Running state [analyzemft] at time 14:15:59.030673 # [INFO ] Executing state pip.installed for [analyzemft] # [DEBUG ] Installed pip version: 9.0.1 # [INFO ] Executing command '/usr/local/bin/pip2.7 --version' in directory '/home/sansforensics' # [DEBUG ] output: pip 9.0.1 from /usr/local/lib/python2.7/dist-packages (python 2.7) # [INFO ] Executing command ['/usr/local/bin/pip2.7', 'freeze', '--all'] in directory '/home/sansforensics' # [DEBUG ] stdout: adium-theme-ubuntu==0.3.4 alembic==0.9.3 amqp==2.1.4 analyzeMFT==2.0.19 aniso8601==1.2.1 apsw==3.8.11.1.post1 artifacts==20161022 bcrypt==3.1.3 bencode==1.0 billiard==3.5.0.2 binplist==0.1.5 bitstring==3.1.5 blinker==1.4 celery==4.0.2 cffi==1.10.0 CFPropertyList==0.0.1 click==6.7 colorama==0.3.9 construct==2.5.3 coverage==4.4.1 cybox==2.1.0.14 decorator==4.0.6 dfdatetime==20161101 dfvfs==20160108 dfwinreg==20160428 distorm3==3.3.4 dnspython==1.12.0 docopt==0.6.2 dpapick==0.3 dpkt==1.8 DSV==1.4.1 dumbnet==1.12 ecdsa==0.13 efilter==1!1.5 elasticsearch==5.4.0 enum34==1.1.6 Flask==0.12.2 Flask-Bcrypt==0.7.1 Flask-Login==0.4.0 Flask-Migrate==2.0.4 Flask-RESTful==0.3.6 Flask-Script==2.0.5 Flask-SQLAlchemy==2.2 Flask-WTF==0.14.2 flowgrep==0.9 funcsigs==0.4 fuse-python==0.2.1 future==0.16.0 futures==3.0.5 geoip2==2.5.0 hachoir-core==1.3.3 hachoir-metadata==1.3.3 hachoir-parser==1.3.4 haystack==0.42 hexdump==3.3 ioc-writer==0.3.3 ipaddress==1.0.18 ipython==2.4.1 itsdangerous==0.24 Jinja2==2.8 kombu==4.0.2 lxml==3.8.0 M2Crypto==0.26.0 Mako==1.0.3 MarkupSafe==0.23 maxminddb==1.3.0 mixbox==1.0.2 mock==1.3.0 msgpack-python==0.4.6 ntdsxtract==1.2b0 ordered-set==2.0.2 ordereddict==1.1 paramiko==1.16.0 pbr==1.8.0 pefile==2017.9.3 pexpect==4.0.1 pip==9.0.1 plaso==1.4.0 protobuf==2.6.1 psutil==4.3.1 ptyprocess==0.5 py==1.4.34 pyasn1==0.3.4 pycoin==0.77 pycparser==2.18 pycrypto==2.6.1 pycurl==7.43.0 PyMySQL==0.7.2 pynids==0.6.1 pyparsing==2.1.5 pyserial==3.0.1 PySocks==1.6.7 pytest==3.1.3 pytest-cov==2.5.1 python-apt==1.1.0b1 python-dateutil==2.5.3 python-editor==1.0.3 python-evtx==0.6.0 python-magic==0.4.13 python-ptrace==0.9.2 python-registry==1.0.4 python-systemd==231 pytsk3==20160721 pytz==2016.6.1 PyYAML==3.11 pyzmq==16.0.0 redis==2.10.5 requests==2.11.1 salt==2017.7.1 setuptools==36.4.0 simplegeneric==0.8.1 simplejson==3.11.1 six==1.10.0 SQLAlchemy==1.1.11 stix==1.2.0.4 stix-validator==2.5.0 timesketch==2016.11 tornado==4.2.1 typing==3.6.2 unicodecsv==0.14.1 unity-lens-photos==1.0 usnparser==4.0.3 vine==1.1.3 virtualenv==15.0.1 virustotal-api==1.1.7 volatility==2.6 weakrefmethod==1.0.3 Werkzeug==0.12.2 wheel==0.29.0 windowsprefetch==3.0.5 WTForms==2.1 wxPython==3.0.2.0 wxPython-common==3.0.2.0 xdot==0.6 xlrd==1.0.0 XlsxWriter==0.9.3 yara-python==3.6.3 # [DEBUG ] stderr: The directory '/home/sansforensics/.cache/pip/http' or its parent directory is not owned by the current user and the cache has been disabled. Please check the permissions and owner of that directory. If executing pip with sudo, you may want sudo's -H flag. # [DEBUG ] CLEANUP_REQUIREMENTS: [] # [DEBUG ] TRY BLOCK: end of pip.install -- cmd: ['/usr/local/bin/pip2.7', 'install'], cmd_kwargs: {'runas': None, 'use_vt': False, 'saltenv': 'base'} # [INFO ] Executing command ['/usr/local/bin/pip2.7', 'install'] in directory '/home/sansforensics' # [DEBUG ] stderr: The directory '/home/sansforensics/.cache/pip/http' or its parent directory is not owned by the current user and the cache has been disabled. Please check the permissions and owner of that directory. If executing pip with sudo, you may want sudo's -H flag. The directory '/home/sansforensics/.cache/pip' or its parent directory is not owned by the current user and caching wheels has been disabled. check the permissions and owner of that directory. If executing pip with sudo, you may want sudo's -H flag. You must give at least one requirement to install (see "pip help install") # [INFO ] Python package analyzemft was already installed All packages were successfully installed # [INFO ] Completed state [analyzemft] at time 14:16:00.962297 duration_in_ms=1931.623 # [INFO ] Running state [argparse] at time 14:16:00.966235 # [INFO ] Executing state pip.installed for [argparse] # [DEBUG ] Installed pip version: 9.0.1 # [INFO ] Executing command '/usr/local/bin/pip2.7 --version' in directory '/home/sansforensics' # [DEBUG ] output: pip 9.0.1 from /usr/local/lib/python2.7/dist-packages (python 2.7) # [INFO ] Executing command ['/usr/local/bin/pip2.7', 'freeze', '--all'] in directory '/home/sansforensics' # [DEBUG ] stdout: adium-theme-ubuntu==0.3.4 alembic==0.9.3 amqp==2.1.4 analyzeMFT==2.0.19 aniso8601==1.2.1 apsw==3.8.11.1.post1 artifacts==20161022 bcrypt==3.1.3 bencode==1.0 billiard==3.5.0.2 binplist==0.1.5 bitstring==3.1.5 blinker==1.4 celery==4.0.2 cffi==1.10.0 CFPropertyList==0.0.1 click==6.7 colorama==0.3.9 construct==2.5.3 coverage==4.4.1 cybox==2.1.0.14 decorator==4.0.6 dfdatetime==20161101 dfvfs==20160108 dfwinreg==20160428 distorm3==3.3.4 dnspython==1.12.0 docopt==0.6.2 dpapick==0.3 dpkt==1.8 DSV==1.4.1 dumbnet==1.12 ecdsa==0.13 efilter==1!1.5 elasticsearch==5.4.0 enum34==1.1.6 Flask==0.12.2 Flask-Bcrypt==0.7.1 Flask-Login==0.4.0 Flask-Migrate==2.0.4 Flask-RESTful==0.3.6 Flask-Script==2.0.5 Flask-SQLAlchemy==2.2 Flask-WTF==0.14.2 flowgrep==0.9 funcsigs==0.4 fuse-python==0.2.1 future==0.16.0 futures==3.0.5 geoip2==2.5.0 hachoir-core==1.3.3 hachoir-metadata==1.3.3 hachoir-parser==1.3.4 haystack==0.42 hexdump==3.3 ioc-writer==0.3.3 ipaddress==1.0.18 ipython==2.4.1 itsdangerous==0.24 Jinja2==2.8 kombu==4.0.2 lxml==3.8.0 M2Crypto==0.26.0 Mako==1.0.3 MarkupSafe==0.23 maxminddb==1.3.0 mixbox==1.0.2 mock==1.3.0 msgpack-python==0.4.6 ntdsxtract==1.2b0 ordered-set==2.0.2 ordereddict==1.1 paramiko==1.16.0 pbr==1.8.0 pefile==2017.9.3 pexpect==4.0.1 pip==9.0.1 plaso==1.4.0 protobuf==2.6.1 psutil==4.3.1 ptyprocess==0.5 py==1.4.34 pyasn1==0.3.4 pycoin==0.77 pycparser==2.18 pycrypto==2.6.1 pycurl==7.43.0 PyMySQL==0.7.2 pynids==0.6.1 pyparsing==2.1.5 pyserial==3.0.1 PySocks==1.6.7 pytest==3.1.3 pytest-cov==2.5.1 python-apt==1.1.0b1 python-dateutil==2.5.3 python-editor==1.0.3 python-evtx==0.6.0 python-magic==0.4.13 python-ptrace==0.9.2 python-registry==1.0.4 python-systemd==231 pytsk3==20160721 pytz==2016.6.1 PyYAML==3.11 pyzmq==16.0.0 redis==2.10.5 requests==2.11.1 salt==2017.7.1 setuptools==36.4.0 simplegeneric==0.8.1 simplejson==3.11.1 six==1.10.0 SQLAlchemy==1.1.11 stix==1.2.0.4 stix-validator==2.5.0 timesketch==2016.11 tornado==4.2.1 typing==3.6.2 unicodecsv==0.14.1 unity-lens-photos==1.0 usnparser==4.0.3 vine==1.1.3 virtualenv==15.0.1 virustotal-api==1.1.7 volatility==2.6 weakrefmethod==1.0.3 Werkzeug==0.12.2 wheel==0.29.0 windowsprefetch==3.0.5 WTForms==2.1 wxPython==3.0.2.0 wxPython-common==3.0.2.0 xdot==0.6 xlrd==1.0.0 XlsxWriter==0.9.3 yara-python==3.6.3 # [DEBUG ] stderr: The directory '/home/sansforensics/.cache/pip/http' or its parent directory is not owned by the current user and the cache has been disabled. Please check the permissions and owner of that directory. If executing pip with sudo, you may want sudo's -H flag. # [DEBUG ] CLEANUP_REQUIREMENTS: [] # [DEBUG ] TRY BLOCK: end of pip.install -- cmd: ['/usr/local/bin/pip2.7', 'install', 'argparse'], cmd_kwargs: {'runas': None, 'use_vt': False, 'saltenv': 'base'} # [INFO ] Executing command ['/usr/local/bin/pip2.7', 'install', 'argparse'] in directory '/home/sansforensics' # [DEBUG ] stdout: Requirement already satisfied: argparse in /usr/lib/python2.7 # [DEBUG ] stderr: The directory '/home/sansforensics/.cache/pip/http' or its parent directory is not owned by the current user and the cache has been disabled. Please check the permissions and owner of that directory. If executing pip with sudo, you may want sudo's -H flag. The directory '/home/sansforensics/.cache/pip' or its parent directory is not owned by the current user and caching wheels has been disabled. check the permissions and owner of that directory. If executing pip with sudo, you may want sudo's -H flag. # [INFO ] Executing command '/usr/local/bin/pip2.7 --version' in directory '/home/sansforensics' # [DEBUG ] output: pip 9.0.1 from /usr/local/lib/python2.7/dist-packages (python 2.7) # [INFO ] Executing command ['/usr/local/bin/pip2.7', 'freeze', '--all'] in directory '/home/sansforensics' # [DEBUG ] stdout: adium-theme-ubuntu==0.3.4 alembic==0.9.3 amqp==2.1.4 analyzeMFT==2.0.19 aniso8601==1.2.1 apsw==3.8.11.1.post1 artifacts==20161022 bcrypt==3.1.3 bencode==1.0 billiard==3.5.0.2 binplist==0.1.5 bitstring==3.1.5 blinker==1.4 celery==4.0.2 cffi==1.10.0 CFPropertyList==0.0.1 click==6.7 colorama==0.3.9 construct==2.5.3 coverage==4.4.1 cybox==2.1.0.14 decorator==4.0.6 dfdatetime==20161101 dfvfs==20160108 dfwinreg==20160428 distorm3==3.3.4 dnspython==1.12.0 docopt==0.6.2 dpapick==0.3 dpkt==1.8 DSV==1.4.1 dumbnet==1.12 ecdsa==0.13 efilter==1!1.5 elasticsearch==5.4.0 enum34==1.1.6 Flask==0.12.2 Flask-Bcrypt==0.7.1 Flask-Login==0.4.0 Flask-Migrate==2.0.4 Flask-RESTful==0.3.6 Flask-Script==2.0.5 Flask-SQLAlchemy==2.2 Flask-WTF==0.14.2 flowgrep==0.9 funcsigs==0.4 fuse-python==0.2.1 future==0.16.0 futures==3.0.5 geoip2==2.5.0 hachoir-core==1.3.3 hachoir-metadata==1.3.3 hachoir-parser==1.3.4 haystack==0.42 hexdump==3.3 ioc-writer==0.3.3 ipaddress==1.0.18 ipython==2.4.1 itsdangerous==0.24 Jinja2==2.8 kombu==4.0.2 lxml==3.8.0 M2Crypto==0.26.0 Mako==1.0.3 MarkupSafe==0.23 maxminddb==1.3.0 mixbox==1.0.2 mock==1.3.0 msgpack-python==0.4.6 ntdsxtract==1.2b0 ordered-set==2.0.2 ordereddict==1.1 paramiko==1.16.0 pbr==1.8.0 pefile==2017.9.3 pexpect==4.0.1 pip==9.0.1 plaso==1.4.0 protobuf==2.6.1 psutil==4.3.1 ptyprocess==0.5 py==1.4.34 pyasn1==0.3.4 pycoin==0.77 pycparser==2.18 pycrypto==2.6.1 pycurl==7.43.0 PyMySQL==0.7.2 pynids==0.6.1 pyparsing==2.1.5 pyserial==3.0.1 PySocks==1.6.7 pytest==3.1.3 pytest-cov==2.5.1 python-apt==1.1.0b1 python-dateutil==2.5.3 python-editor==1.0.3 python-evtx==0.6.0 python-magic==0.4.13 python-ptrace==0.9.2 python-registry==1.0.4 python-systemd==231 pytsk3==20160721 pytz==2016.6.1 PyYAML==3.11 pyzmq==16.0.0 redis==2.10.5 requests==2.11.1 salt==2017.7.1 setuptools==36.4.0 simplegeneric==0.8.1 simplejson==3.11.1 six==1.10.0 SQLAlchemy==1.1.11 stix==1.2.0.4 stix-validator==2.5.0 timesketch==2016.11 tornado==4.2.1 typing==3.6.2 unicodecsv==0.14.1 unity-lens-photos==1.0 usnparser==4.0.3 vine==1.1.3 virtualenv==15.0.1 virustotal-api==1.1.7 volatility==2.6 weakrefmethod==1.0.3 Werkzeug==0.12.2 wheel==0.29.0 windowsprefetch==3.0.5 WTForms==2.1 wxPython==3.0.2.0 wxPython-common==3.0.2.0 xdot==0.6 xlrd==1.0.0 XlsxWriter==0.9.3 yara-python==3.6.3 # [DEBUG ] stderr: The directory '/home/sansforensics/.cache/pip/http' or its parent directory is not owned by the current user and the cache has been disabled. Please check the permissions and owner of that directory. If executing pip with sudo, you may want sudo's -H flag. # [INFO ] There was no error installing package 'argparse' although it does not show when calling 'pip.freeze'. # [INFO ] Completed state [argparse] at time 14:16:04.195947 duration_in_ms=3229.712 # [INFO ] Running state [bitstring] at time 14:16:04.199967 # [INFO ] Executing state pip.installed for [bitstring] # [DEBUG ] Installed pip version: 9.0.1 # [INFO ] Executing command '/usr/local/bin/pip2.7 --version' in directory '/home/sansforensics' # [DEBUG ] output: pip 9.0.1 from /usr/local/lib/python2.7/dist-packages (python 2.7) # [INFO ] Executing command ['/usr/local/bin/pip2.7', 'freeze', '--all'] in directory '/home/sansforensics' # [DEBUG ] stdout: adium-theme-ubuntu==0.3.4 alembic==0.9.3 amqp==2.1.4 analyzeMFT==2.0.19 aniso8601==1.2.1 apsw==3.8.11.1.post1 artifacts==20161022 bcrypt==3.1.3 bencode==1.0 billiard==3.5.0.2 binplist==0.1.5 bitstring==3.1.5 blinker==1.4 celery==4.0.2 cffi==1.10.0 CFPropertyList==0.0.1 click==6.7 colorama==0.3.9 construct==2.5.3 coverage==4.4.1 cybox==2.1.0.14 decorator==4.0.6 dfdatetime==20161101 dfvfs==20160108 dfwinreg==20160428 distorm3==3.3.4 dnspython==1.12.0 docopt==0.6.2 dpapick==0.3 dpkt==1.8 DSV==1.4.1 dumbnet==1.12 ecdsa==0.13 efilter==1!1.5 elasticsearch==5.4.0 enum34==1.1.6 Flask==0.12.2 Flask-Bcrypt==0.7.1 Flask-Login==0.4.0 Flask-Migrate==2.0.4 Flask-RESTful==0.3.6 Flask-Script==2.0.5 Flask-SQLAlchemy==2.2 Flask-WTF==0.14.2 flowgrep==0.9 funcsigs==0.4 fuse-python==0.2.1 future==0.16.0 futures==3.0.5 geoip2==2.5.0 hachoir-core==1.3.3 hachoir-metadata==1.3.3 hachoir-parser==1.3.4 haystack==0.42 hexdump==3.3 ioc-writer==0.3.3 ipaddress==1.0.18 ipython==2.4.1 itsdangerous==0.24 Jinja2==2.8 kombu==4.0.2 lxml==3.8.0 M2Crypto==0.26.0 Mako==1.0.3 MarkupSafe==0.23 maxminddb==1.3.0 mixbox==1.0.2 mock==1.3.0 msgpack-python==0.4.6 ntdsxtract==1.2b0 ordered-set==2.0.2 ordereddict==1.1 paramiko==1.16.0 pbr==1.8.0 pefile==2017.9.3 pexpect==4.0.1 pip==9.0.1 plaso==1.4.0 protobuf==2.6.1 psutil==4.3.1 ptyprocess==0.5 py==1.4.34 pyasn1==0.3.4 pycoin==0.77 pycparser==2.18 pycrypto==2.6.1 pycurl==7.43.0 PyMySQL==0.7.2 pynids==0.6.1 pyparsing==2.1.5 pyserial==3.0.1 PySocks==1.6.7 pytest==3.1.3 pytest-cov==2.5.1 python-apt==1.1.0b1 python-dateutil==2.5.3 python-editor==1.0.3 python-evtx==0.6.0 python-magic==0.4.13 python-ptrace==0.9.2 python-registry==1.0.4 python-systemd==231 pytsk3==20160721 pytz==2016.6.1 PyYAML==3.11 pyzmq==16.0.0 redis==2.10.5 requests==2.11.1 salt==2017.7.1 setuptools==36.4.0 simplegeneric==0.8.1 simplejson==3.11.1 six==1.10.0 SQLAlchemy==1.1.11 stix==1.2.0.4 stix-validator==2.5.0 timesketch==2016.11 tornado==4.2.1 typing==3.6.2 unicodecsv==0.14.1 unity-lens-photos==1.0 usnparser==4.0.3 vine==1.1.3 virtualenv==15.0.1 virustotal-api==1.1.7 volatility==2.6 weakrefmethod==1.0.3 Werkzeug==0.12.2 wheel==0.29.0 windowsprefetch==3.0.5 WTForms==2.1 wxPython==3.0.2.0 wxPython-common==3.0.2.0 xdot==0.6 xlrd==1.0.0 XlsxWriter==0.9.3 yara-python==3.6.3 # [DEBUG ] stderr: The directory '/home/sansforensics/.cache/pip/http' or its parent directory is not owned by the current user and the cache has been disabled. Please check the permissions and owner of that directory. If executing pip with sudo, you may want sudo's -H flag. # [DEBUG ] CLEANUP_REQUIREMENTS: [] # [DEBUG ] TRY BLOCK: end of pip.install -- cmd: ['/usr/local/bin/pip2.7', 'install'], cmd_kwargs: {'runas': None, 'use_vt': False, 'saltenv': 'base'} # [INFO ] Executing command ['/usr/local/bin/pip2.7', 'install'] in directory '/home/sansforensics' # [DEBUG ] stderr: The directory '/home/sansforensics/.cache/pip/http' or its parent directory is not owned by the current user and the cache has been disabled. Please check the permissions and owner of that directory. If executing pip with sudo, you may want sudo's -H flag. The directory '/home/sansforensics/.cache/pip' or its parent directory is not owned by the current user and caching wheels has been disabled. check the permissions and owner of that directory. If executing pip with sudo, you may want sudo's -H flag. You must give at least one requirement to install (see "pip help install") # [INFO ] Python package bitstring was already installed All packages were successfully installed # [INFO ] Completed state [bitstring] at time 14:16:06.239560 duration_in_ms=2039.594 # [INFO ] Running state [docopt] at time 14:16:06.239846 # [INFO ] Executing state pip.installed for [docopt] # [DEBUG ] Installed pip version: 9.0.1 # [INFO ] Executing command '/usr/local/bin/pip2.7 --version' in directory '/home/sansforensics' # [DEBUG ] output: pip 9.0.1 from /usr/local/lib/python2.7/dist-packages (python 2.7) # [INFO ] Executing command ['/usr/local/bin/pip2.7', 'freeze', '--all'] in directory '/home/sansforensics' # [DEBUG ] stdout: adium-theme-ubuntu==0.3.4 alembic==0.9.3 amqp==2.1.4 analyzeMFT==2.0.19 aniso8601==1.2.1 apsw==3.8.11.1.post1 artifacts==20161022 bcrypt==3.1.3 bencode==1.0 billiard==3.5.0.2 binplist==0.1.5 bitstring==3.1.5 blinker==1.4 celery==4.0.2 cffi==1.10.0 CFPropertyList==0.0.1 click==6.7 colorama==0.3.9 construct==2.5.3 coverage==4.4.1 cybox==2.1.0.14 decorator==4.0.6 dfdatetime==20161101 dfvfs==20160108 dfwinreg==20160428 distorm3==3.3.4 dnspython==1.12.0 docopt==0.6.2 dpapick==0.3 dpkt==1.8 DSV==1.4.1 dumbnet==1.12 ecdsa==0.13 efilter==1!1.5 elasticsearch==5.4.0 enum34==1.1.6 Flask==0.12.2 Flask-Bcrypt==0.7.1 Flask-Login==0.4.0 Flask-Migrate==2.0.4 Flask-RESTful==0.3.6 Flask-Script==2.0.5 Flask-SQLAlchemy==2.2 Flask-WTF==0.14.2 flowgrep==0.9 funcsigs==0.4 fuse-python==0.2.1 future==0.16.0 futures==3.0.5 geoip2==2.5.0 hachoir-core==1.3.3 hachoir-metadata==1.3.3 hachoir-parser==1.3.4 haystack==0.42 hexdump==3.3 ioc-writer==0.3.3 ipaddress==1.0.18 ipython==2.4.1 itsdangerous==0.24 Jinja2==2.8 kombu==4.0.2 lxml==3.8.0 M2Crypto==0.26.0 Mako==1.0.3 MarkupSafe==0.23 maxminddb==1.3.0 mixbox==1.0.2 mock==1.3.0 msgpack-python==0.4.6 ntdsxtract==1.2b0 ordered-set==2.0.2 ordereddict==1.1 paramiko==1.16.0 pbr==1.8.0 pefile==2017.9.3 pexpect==4.0.1 pip==9.0.1 plaso==1.4.0 protobuf==2.6.1 psutil==4.3.1 ptyprocess==0.5 py==1.4.34 pyasn1==0.3.4 pycoin==0.77 pycparser==2.18 pycrypto==2.6.1 pycurl==7.43.0 PyMySQL==0.7.2 pynids==0.6.1 pyparsing==2.1.5 pyserial==3.0.1 PySocks==1.6.7 pytest==3.1.3 pytest-cov==2.5.1 python-apt==1.1.0b1 python-dateutil==2.5.3 python-editor==1.0.3 python-evtx==0.6.0 python-magic==0.4.13 python-ptrace==0.9.2 python-registry==1.0.4 python-systemd==231 pytsk3==20160721 pytz==2016.6.1 PyYAML==3.11 pyzmq==16.0.0 redis==2.10.5 requests==2.11.1 salt==2017.7.1 setuptools==36.4.0 simplegeneric==0.8.1 simplejson==3.11.1 six==1.10.0 SQLAlchemy==1.1.11 stix==1.2.0.4 stix-validator==2.5.0 timesketch==2016.11 tornado==4.2.1 typing==3.6.2 unicodecsv==0.14.1 unity-lens-photos==1.0 usnparser==4.0.3 vine==1.1.3 virtualenv==15.0.1 virustotal-api==1.1.7 volatility==2.6 weakrefmethod==1.0.3 Werkzeug==0.12.2 wheel==0.29.0 windowsprefetch==3.0.5 WTForms==2.1 wxPython==3.0.2.0 wxPython-common==3.0.2.0 xdot==0.6 xlrd==1.0.0 XlsxWriter==0.9.3 yara-python==3.6.3 # [DEBUG ] stderr: The directory '/home/sansforensics/.cache/pip/http' or its parent directory is not owned by the current user and the cache has been disabled. Please check the permissions and owner of that directory. If executing pip with sudo, you may want sudo's -H flag. # [DEBUG ] CLEANUP_REQUIREMENTS: [] # [DEBUG ] TRY BLOCK: end of pip.install -- cmd: ['/usr/local/bin/pip2.7', 'install'], cmd_kwargs: {'runas': None, 'use_vt': False, 'saltenv': 'base'} # [INFO ] Executing command ['/usr/local/bin/pip2.7', 'install'] in directory '/home/sansforensics' # [DEBUG ] stderr: The directory '/home/sansforensics/.cache/pip/http' or its parent directory is not owned by the current user and the cache has been disabled. Please check the permissions and owner of that directory. If executing pip with sudo, you may want sudo's -H flag. The directory '/home/sansforensics/.cache/pip' or its parent directory is not owned by the current user and caching wheels has been disabled. check the permissions and owner of that directory. If executing pip with sudo, you may want sudo's -H flag. You must give at least one requirement to install (see "pip help install") # [INFO ] Python package docopt was already installed All packages were successfully installed # [INFO ] Completed state [docopt] at time 14:16:08.163505 duration_in_ms=1923.658 # [INFO ] Running state [geoip2] at time 14:16:08.166648 # [INFO ] Executing state pip.installed for [geoip2] # [DEBUG ] Installed pip version: 9.0.1 # [INFO ] Executing command '/usr/local/bin/pip2.7 --version' in directory '/home/sansforensics' # [DEBUG ] output: pip 9.0.1 from /usr/local/lib/python2.7/dist-packages (python 2.7) # [INFO ] Executing command ['/usr/local/bin/pip2.7', 'freeze', '--all'] in directory '/home/sansforensics' # [DEBUG ] stdout: adium-theme-ubuntu==0.3.4 alembic==0.9.3 amqp==2.1.4 analyzeMFT==2.0.19 aniso8601==1.2.1 apsw==3.8.11.1.post1 artifacts==20161022 bcrypt==3.1.3 bencode==1.0 billiard==3.5.0.2 binplist==0.1.5 bitstring==3.1.5 blinker==1.4 celery==4.0.2 cffi==1.10.0 CFPropertyList==0.0.1 click==6.7 colorama==0.3.9 construct==2.5.3 coverage==4.4.1 cybox==2.1.0.14 decorator==4.0.6 dfdatetime==20161101 dfvfs==20160108 dfwinreg==20160428 distorm3==3.3.4 dnspython==1.12.0 docopt==0.6.2 dpapick==0.3 dpkt==1.8 DSV==1.4.1 dumbnet==1.12 ecdsa==0.13 efilter==1!1.5 elasticsearch==5.4.0 enum34==1.1.6 Flask==0.12.2 Flask-Bcrypt==0.7.1 Flask-Login==0.4.0 Flask-Migrate==2.0.4 Flask-RESTful==0.3.6 Flask-Script==2.0.5 Flask-SQLAlchemy==2.2 Flask-WTF==0.14.2 flowgrep==0.9 funcsigs==0.4 fuse-python==0.2.1 future==0.16.0 futures==3.0.5 geoip2==2.5.0 hachoir-core==1.3.3 hachoir-metadata==1.3.3 hachoir-parser==1.3.4 haystack==0.42 hexdump==3.3 ioc-writer==0.3.3 ipaddress==1.0.18 ipython==2.4.1 itsdangerous==0.24 Jinja2==2.8 kombu==4.0.2 lxml==3.8.0 M2Crypto==0.26.0 Mako==1.0.3 MarkupSafe==0.23 maxminddb==1.3.0 mixbox==1.0.2 mock==1.3.0 msgpack-python==0.4.6 ntdsxtract==1.2b0 ordered-set==2.0.2 ordereddict==1.1 paramiko==1.16.0 pbr==1.8.0 pefile==2017.9.3 pexpect==4.0.1 pip==9.0.1 plaso==1.4.0 protobuf==2.6.1 psutil==4.3.1 ptyprocess==0.5 py==1.4.34 pyasn1==0.3.4 pycoin==0.77 pycparser==2.18 pycrypto==2.6.1 pycurl==7.43.0 PyMySQL==0.7.2 pynids==0.6.1 pyparsing==2.1.5 pyserial==3.0.1 PySocks==1.6.7 pytest==3.1.3 pytest-cov==2.5.1 python-apt==1.1.0b1 python-dateutil==2.5.3 python-editor==1.0.3 python-evtx==0.6.0 python-magic==0.4.13 python-ptrace==0.9.2 python-registry==1.0.4 python-systemd==231 pytsk3==20160721 pytz==2016.6.1 PyYAML==3.11 pyzmq==16.0.0 redis==2.10.5 requests==2.11.1 salt==2017.7.1 setuptools==36.4.0 simplegeneric==0.8.1 simplejson==3.11.1 six==1.10.0 SQLAlchemy==1.1.11 stix==1.2.0.4 stix-validator==2.5.0 timesketch==2016.11 tornado==4.2.1 typing==3.6.2 unicodecsv==0.14.1 unity-lens-photos==1.0 usnparser==4.0.3 vine==1.1.3 virtualenv==15.0.1 virustotal-api==1.1.7 volatility==2.6 weakrefmethod==1.0.3 Werkzeug==0.12.2 wheel==0.29.0 windowsprefetch==3.0.5 WTForms==2.1 wxPython==3.0.2.0 wxPython-common==3.0.2.0 xdot==0.6 xlrd==1.0.0 XlsxWriter==0.9.3 yara-python==3.6.3 # [DEBUG ] stderr: The directory '/home/sansforensics/.cache/pip/http' or its parent directory is not owned by the current user and the cache has been disabled. Please check the permissions and owner of that directory. If executing pip with sudo, you may want sudo's -H flag. # [DEBUG ] CLEANUP_REQUIREMENTS: [] # [DEBUG ] TRY BLOCK: end of pip.install -- cmd: ['/usr/local/bin/pip2.7', 'install'], cmd_kwargs: {'runas': None, 'use_vt': False, 'saltenv': 'base'} # [INFO ] Executing command ['/usr/local/bin/pip2.7', 'install'] in directory '/home/sansforensics' # [DEBUG ] stderr: The directory '/home/sansforensics/.cache/pip/http' or its parent directory is not owned by the current user and the cache has been disabled. Please check the permissions and owner of that directory. If executing pip with sudo, you may want sudo's -H flag. The directory '/home/sansforensics/.cache/pip' or its parent directory is not owned by the current user and caching wheels has been disabled. check the permissions and owner of that directory. If executing pip with sudo, you may want sudo's -H flag. You must give at least one requirement to install (see "pip help install") # [INFO ] Python package geoip2 was already installed All packages were successfully installed # [INFO ] Completed state [geoip2] at time 14:16:10.145150 duration_in_ms=1978.5 # [INFO ] Running state [pip] at time 14:16:10.150844 # [INFO ] Executing state pip.installed for [pip] # [DEBUG ] Installed pip version: 9.0.1 # [INFO ] Executing command '/usr/local/bin/pip2.7 --version' in directory '/home/sansforensics' # [DEBUG ] output: pip 9.0.1 from /usr/local/lib/python2.7/dist-packages (python 2.7) # [INFO ] Executing command '/usr/local/bin/pip2.7 --version' in directory '/home/sansforensics' # [DEBUG ] output: pip 9.0.1 from /usr/local/lib/python2.7/dist-packages (python 2.7) # [INFO ] Executing command ['/usr/local/bin/pip2.7', 'freeze', '--all'] in directory '/home/sansforensics' # [DEBUG ] stdout: adium-theme-ubuntu==0.3.4 alembic==0.9.3 amqp==2.1.4 analyzeMFT==2.0.19 aniso8601==1.2.1 apsw==3.8.11.1.post1 artifacts==20161022 bcrypt==3.1.3 bencode==1.0 billiard==3.5.0.2 binplist==0.1.5 bitstring==3.1.5 blinker==1.4 celery==4.0.2 cffi==1.10.0 CFPropertyList==0.0.1 click==6.7 colorama==0.3.9 construct==2.5.3 coverage==4.4.1 cybox==2.1.0.14 decorator==4.0.6 dfdatetime==20161101 dfvfs==20160108 dfwinreg==20160428 distorm3==3.3.4 dnspython==1.12.0 docopt==0.6.2 dpapick==0.3 dpkt==1.8 DSV==1.4.1 dumbnet==1.12 ecdsa==0.13 efilter==1!1.5 elasticsearch==5.4.0 enum34==1.1.6 Flask==0.12.2 Flask-Bcrypt==0.7.1 Flask-Login==0.4.0 Flask-Migrate==2.0.4 Flask-RESTful==0.3.6 Flask-Script==2.0.5 Flask-SQLAlchemy==2.2 Flask-WTF==0.14.2 flowgrep==0.9 funcsigs==0.4 fuse-python==0.2.1 future==0.16.0 futures==3.0.5 geoip2==2.5.0 hachoir-core==1.3.3 hachoir-metadata==1.3.3 hachoir-parser==1.3.4 haystack==0.42 hexdump==3.3 ioc-writer==0.3.3 ipaddress==1.0.18 ipython==2.4.1 itsdangerous==0.24 Jinja2==2.8 kombu==4.0.2 lxml==3.8.0 M2Crypto==0.26.0 Mako==1.0.3 MarkupSafe==0.23 maxminddb==1.3.0 mixbox==1.0.2 mock==1.3.0 msgpack-python==0.4.6 ntdsxtract==1.2b0 ordered-set==2.0.2 ordereddict==1.1 paramiko==1.16.0 pbr==1.8.0 pefile==2017.9.3 pexpect==4.0.1 pip==9.0.1 plaso==1.4.0 protobuf==2.6.1 psutil==4.3.1 ptyprocess==0.5 py==1.4.34 pyasn1==0.3.4 pycoin==0.77 pycparser==2.18 pycrypto==2.6.1 pycurl==7.43.0 PyMySQL==0.7.2 pynids==0.6.1 pyparsing==2.1.5 pyserial==3.0.1 PySocks==1.6.7 pytest==3.1.3 pytest-cov==2.5.1 python-apt==1.1.0b1 python-dateutil==2.5.3 python-editor==1.0.3 python-evtx==0.6.0 python-magic==0.4.13 python-ptrace==0.9.2 python-registry==1.0.4 python-systemd==231 pytsk3==20160721 pytz==2016.6.1 PyYAML==3.11 pyzmq==16.0.0 redis==2.10.5 requests==2.11.1 salt==2017.7.1 setuptools==36.4.0 simplegeneric==0.8.1 simplejson==3.11.1 six==1.10.0 SQLAlchemy==1.1.11 stix==1.2.0.4 stix-validator==2.5.0 timesketch==2016.11 tornado==4.2.1 typing==3.6.2 unicodecsv==0.14.1 unity-lens-photos==1.0 usnparser==4.0.3 vine==1.1.3 virtualenv==15.0.1 virustotal-api==1.1.7 volatility==2.6 weakrefmethod==1.0.3 Werkzeug==0.12.2 wheel==0.29.0 windowsprefetch==3.0.5 WTForms==2.1 wxPython==3.0.2.0 wxPython-common==3.0.2.0 xdot==0.6 xlrd==1.0.0 XlsxWriter==0.9.3 yara-python==3.6.3 # [DEBUG ] stderr: The directory '/home/sansforensics/.cache/pip/http' or its parent directory is not owned by the current user and the cache has been disabled. Please check the permissions and owner of that directory. If executing pip with sudo, you may want sudo's -H flag. # [DEBUG ] CLEANUP_REQUIREMENTS: [] # [DEBUG ] TRY BLOCK: end of pip.install -- cmd: ['/usr/local/bin/pip2.7', 'install', '--upgrade', 'pip'], cmd_kwargs: {'runas': None, 'use_vt': False, 'saltenv': 'base'} # [INFO ] Executing command ['/usr/local/bin/pip2.7', 'install', '--upgrade', 'pip'] in directory '/home/sansforensics' # [DEBUG ] stdout: Requirement already up-to-date: pip in /usr/local/lib/python2.7/dist-packages # [DEBUG ] stderr: The directory '/home/sansforensics/.cache/pip/http' or its parent directory is not owned by the current user and the cache has been disabled. Please check the permissions and owner of that directory. If executing pip with sudo, you may want sudo's -H flag. The directory '/home/sansforensics/.cache/pip' or its parent directory is not owned by the current user and caching wheels has been disabled. check the permissions and owner of that directory. If executing pip with sudo, you may want sudo's -H flag. # [INFO ] Executing command '/usr/local/bin/pip2.7 --version' in directory '/home/sansforensics' # [DEBUG ] output: pip 9.0.1 from /usr/local/lib/python2.7/dist-packages (python 2.7) # [INFO ] Executing command '/usr/local/bin/pip2.7 --version' in directory '/home/sansforensics' # [DEBUG ] output: pip 9.0.1 from /usr/local/lib/python2.7/dist-packages (python 2.7) # [INFO ] Executing command ['/usr/local/bin/pip2.7', 'freeze', '--all'] in directory '/home/sansforensics' # [DEBUG ] stdout: adium-theme-ubuntu==0.3.4 alembic==0.9.3 amqp==2.1.4 analyzeMFT==2.0.19 aniso8601==1.2.1 apsw==3.8.11.1.post1 artifacts==20161022 bcrypt==3.1.3 bencode==1.0 billiard==3.5.0.2 binplist==0.1.5 bitstring==3.1.5 blinker==1.4 celery==4.0.2 cffi==1.10.0 CFPropertyList==0.0.1 click==6.7 colorama==0.3.9 construct==2.5.3 coverage==4.4.1 cybox==2.1.0.14 decorator==4.0.6 dfdatetime==20161101 dfvfs==20160108 dfwinreg==20160428 distorm3==3.3.4 dnspython==1.12.0 docopt==0.6.2 dpapick==0.3 dpkt==1.8 DSV==1.4.1 dumbnet==1.12 ecdsa==0.13 efilter==1!1.5 elasticsearch==5.4.0 enum34==1.1.6 Flask==0.12.2 Flask-Bcrypt==0.7.1 Flask-Login==0.4.0 Flask-Migrate==2.0.4 Flask-RESTful==0.3.6 Flask-Script==2.0.5 Flask-SQLAlchemy==2.2 Flask-WTF==0.14.2 flowgrep==0.9 funcsigs==0.4 fuse-python==0.2.1 future==0.16.0 futures==3.0.5 geoip2==2.5.0 hachoir-core==1.3.3 hachoir-metadata==1.3.3 hachoir-parser==1.3.4 haystack==0.42 hexdump==3.3 ioc-writer==0.3.3 ipaddress==1.0.18 ipython==2.4.1 itsdangerous==0.24 Jinja2==2.8 kombu==4.0.2 lxml==3.8.0 M2Crypto==0.26.0 Mako==1.0.3 MarkupSafe==0.23 maxminddb==1.3.0 mixbox==1.0.2 mock==1.3.0 msgpack-python==0.4.6 ntdsxtract==1.2b0 ordered-set==2.0.2 ordereddict==1.1 paramiko==1.16.0 pbr==1.8.0 pefile==2017.9.3 pexpect==4.0.1 pip==9.0.1 plaso==1.4.0 protobuf==2.6.1 psutil==4.3.1 ptyprocess==0.5 py==1.4.34 pyasn1==0.3.4 pycoin==0.77 pycparser==2.18 pycrypto==2.6.1 pycurl==7.43.0 PyMySQL==0.7.2 pynids==0.6.1 pyparsing==2.1.5 pyserial==3.0.1 PySocks==1.6.7 pytest==3.1.3 pytest-cov==2.5.1 python-apt==1.1.0b1 python-dateutil==2.5.3 python-editor==1.0.3 python-evtx==0.6.0 python-magic==0.4.13 python-ptrace==0.9.2 python-registry==1.0.4 python-systemd==231 pytsk3==20160721 pytz==2016.6.1 PyYAML==3.11 pyzmq==16.0.0 redis==2.10.5 requests==2.11.1 salt==2017.7.1 setuptools==36.4.0 simplegeneric==0.8.1 simplejson==3.11.1 six==1.10.0 SQLAlchemy==1.1.11 stix==1.2.0.4 stix-validator==2.5.0 timesketch==2016.11 tornado==4.2.1 typing==3.6.2 unicodecsv==0.14.1 unity-lens-photos==1.0 usnparser==4.0.3 vine==1.1.3 virtualenv==15.0.1 virustotal-api==1.1.7 volatility==2.6 weakrefmethod==1.0.3 Werkzeug==0.12.2 wheel==0.29.0 windowsprefetch==3.0.5 WTForms==2.1 wxPython==3.0.2.0 wxPython-common==3.0.2.0 xdot==0.6 xlrd==1.0.0 XlsxWriter==0.9.3 yara-python==3.6.3 # [DEBUG ] stderr: The directory '/home/sansforensics/.cache/pip/http' or its parent directory is not owned by the current user and the cache has been disabled. Please check the permissions and owner of that directory. If executing pip with sudo, you may want sudo's -H flag. # [INFO ] All packages were successfully installed # [INFO ] Completed state [pip] at time 14:16:14.326227 duration_in_ms=4175.382 # [INFO ] Running state [python-dateutil >= 2.4.2] at time 14:16:14.331818 # [INFO ] Executing state pip.installed for [python-dateutil >= 2.4.2] # [DEBUG ] Installed pip version: 9.0.1 # [INFO ] Executing command '/usr/local/bin/pip2.7 --version' in directory '/home/sansforensics' # [DEBUG ] output: pip 9.0.1 from /usr/local/lib/python2.7/dist-packages (python 2.7) # [INFO ] Executing command ['/usr/local/bin/pip2.7', 'freeze', '--all'] in directory '/home/sansforensics' # [DEBUG ] stdout: adium-theme-ubuntu==0.3.4 alembic==0.9.3 amqp==2.1.4 analyzeMFT==2.0.19 aniso8601==1.2.1 apsw==3.8.11.1.post1 artifacts==20161022 bcrypt==3.1.3 bencode==1.0 billiard==3.5.0.2 binplist==0.1.5 bitstring==3.1.5 blinker==1.4 celery==4.0.2 cffi==1.10.0 CFPropertyList==0.0.1 click==6.7 colorama==0.3.9 construct==2.5.3 coverage==4.4.1 cybox==2.1.0.14 decorator==4.0.6 dfdatetime==20161101 dfvfs==20160108 dfwinreg==20160428 distorm3==3.3.4 dnspython==1.12.0 docopt==0.6.2 dpapick==0.3 dpkt==1.8 DSV==1.4.1 dumbnet==1.12 ecdsa==0.13 efilter==1!1.5 elasticsearch==5.4.0 enum34==1.1.6 Flask==0.12.2 Flask-Bcrypt==0.7.1 Flask-Login==0.4.0 Flask-Migrate==2.0.4 Flask-RESTful==0.3.6 Flask-Script==2.0.5 Flask-SQLAlchemy==2.2 Flask-WTF==0.14.2 flowgrep==0.9 funcsigs==0.4 fuse-python==0.2.1 future==0.16.0 futures==3.0.5 geoip2==2.5.0 hachoir-core==1.3.3 hachoir-metadata==1.3.3 hachoir-parser==1.3.4 haystack==0.42 hexdump==3.3 ioc-writer==0.3.3 ipaddress==1.0.18 ipython==2.4.1 itsdangerous==0.24 Jinja2==2.8 kombu==4.0.2 lxml==3.8.0 M2Crypto==0.26.0 Mako==1.0.3 MarkupSafe==0.23 maxminddb==1.3.0 mixbox==1.0.2 mock==1.3.0 msgpack-python==0.4.6 ntdsxtract==1.2b0 ordered-set==2.0.2 ordereddict==1.1 paramiko==1.16.0 pbr==1.8.0 pefile==2017.9.3 pexpect==4.0.1 pip==9.0.1 plaso==1.4.0 protobuf==2.6.1 psutil==4.3.1 ptyprocess==0.5 py==1.4.34 pyasn1==0.3.4 pycoin==0.77 pycparser==2.18 pycrypto==2.6.1 pycurl==7.43.0 PyMySQL==0.7.2 pynids==0.6.1 pyparsing==2.1.5 pyserial==3.0.1 PySocks==1.6.7 pytest==3.1.3 pytest-cov==2.5.1 python-apt==1.1.0b1 python-dateutil==2.5.3 python-editor==1.0.3 python-evtx==0.6.0 python-magic==0.4.13 python-ptrace==0.9.2 python-registry==1.0.4 python-systemd==231 pytsk3==20160721 pytz==2016.6.1 PyYAML==3.11 pyzmq==16.0.0 redis==2.10.5 requests==2.11.1 salt==2017.7.1 setuptools==36.4.0 simplegeneric==0.8.1 simplejson==3.11.1 six==1.10.0 SQLAlchemy==1.1.11 stix==1.2.0.4 stix-validator==2.5.0 timesketch==2016.11 tornado==4.2.1 typing==3.6.2 unicodecsv==0.14.1 unity-lens-photos==1.0 usnparser==4.0.3 vine==1.1.3 virtualenv==15.0.1 virustotal-api==1.1.7 volatility==2.6 weakrefmethod==1.0.3 Werkzeug==0.12.2 wheel==0.29.0 windowsprefetch==3.0.5 WTForms==2.1 wxPython==3.0.2.0 wxPython-common==3.0.2.0 xdot==0.6 xlrd==1.0.0 XlsxWriter==0.9.3 yara-python==3.6.3 # [DEBUG ] stderr: The directory '/home/sansforensics/.cache/pip/http' or its parent directory is not owned by the current user and the cache has been disabled. Please check the permissions and owner of that directory. If executing pip with sudo, you may want sudo's -H flag. # [DEBUG ] CLEANUP_REQUIREMENTS: [] # [DEBUG ] TRY BLOCK: end of pip.install -- cmd: ['/usr/local/bin/pip2.7', 'install'], cmd_kwargs: {'runas': None, 'use_vt': False, 'saltenv': 'base'} # [INFO ] Executing command ['/usr/local/bin/pip2.7', 'install'] in directory '/home/sansforensics' # [DEBUG ] stderr: The directory '/home/sansforensics/.cache/pip/http' or its parent directory is not owned by the current user and the cache has been disabled. Please check the permissions and owner of that directory. If executing pip with sudo, you may want sudo's -H flag. The directory '/home/sansforensics/.cache/pip' or its parent directory is not owned by the current user and caching wheels has been disabled. check the permissions and owner of that directory. If executing pip with sudo, you may want sudo's -H flag. You must give at least one requirement to install (see "pip help install") # [INFO ] Python package python-dateutil >= 2.4.2 was already installed All packages were successfully installed # [INFO ] Completed state [python-dateutil >= 2.4.2] at time 14:16:16.298927 duration_in_ms=1967.11 # [INFO ] Running state [python-evtx] at time 14:16:16.302804 # [INFO ] Executing state pip.installed for [python-evtx] # [DEBUG ] Installed pip version: 9.0.1 # [INFO ] Executing command '/usr/local/bin/pip2.7 --version' in directory '/home/sansforensics' # [DEBUG ] output: pip 9.0.1 from /usr/local/lib/python2.7/dist-packages (python 2.7) # [INFO ] Executing command ['/usr/local/bin/pip2.7', 'freeze', '--all'] in directory '/home/sansforensics' # [DEBUG ] stdout: adium-theme-ubuntu==0.3.4 alembic==0.9.3 amqp==2.1.4 analyzeMFT==2.0.19 aniso8601==1.2.1 apsw==3.8.11.1.post1 artifacts==20161022 bcrypt==3.1.3 bencode==1.0 billiard==3.5.0.2 binplist==0.1.5 bitstring==3.1.5 blinker==1.4 celery==4.0.2 cffi==1.10.0 CFPropertyList==0.0.1 click==6.7 colorama==0.3.9 construct==2.5.3 coverage==4.4.1 cybox==2.1.0.14 decorator==4.0.6 dfdatetime==20161101 dfvfs==20160108 dfwinreg==20160428 distorm3==3.3.4 dnspython==1.12.0 docopt==0.6.2 dpapick==0.3 dpkt==1.8 DSV==1.4.1 dumbnet==1.12 ecdsa==0.13 efilter==1!1.5 elasticsearch==5.4.0 enum34==1.1.6 Flask==0.12.2 Flask-Bcrypt==0.7.1 Flask-Login==0.4.0 Flask-Migrate==2.0.4 Flask-RESTful==0.3.6 Flask-Script==2.0.5 Flask-SQLAlchemy==2.2 Flask-WTF==0.14.2 flowgrep==0.9 funcsigs==0.4 fuse-python==0.2.1 future==0.16.0 futures==3.0.5 geoip2==2.5.0 hachoir-core==1.3.3 hachoir-metadata==1.3.3 hachoir-parser==1.3.4 haystack==0.42 hexdump==3.3 ioc-writer==0.3.3 ipaddress==1.0.18 ipython==2.4.1 itsdangerous==0.24 Jinja2==2.8 kombu==4.0.2 lxml==3.8.0 M2Crypto==0.26.0 Mako==1.0.3 MarkupSafe==0.23 maxminddb==1.3.0 mixbox==1.0.2 mock==1.3.0 msgpack-python==0.4.6 ntdsxtract==1.2b0 ordered-set==2.0.2 ordereddict==1.1 paramiko==1.16.0 pbr==1.8.0 pefile==2017.9.3 pexpect==4.0.1 pip==9.0.1 plaso==1.4.0 protobuf==2.6.1 psutil==4.3.1 ptyprocess==0.5 py==1.4.34 pyasn1==0.3.4 pycoin==0.77 pycparser==2.18 pycrypto==2.6.1 pycurl==7.43.0 PyMySQL==0.7.2 pynids==0.6.1 pyparsing==2.1.5 pyserial==3.0.1 PySocks==1.6.7 pytest==3.1.3 pytest-cov==2.5.1 python-apt==1.1.0b1 python-dateutil==2.5.3 python-editor==1.0.3 python-evtx==0.6.0 python-magic==0.4.13 python-ptrace==0.9.2 python-registry==1.0.4 python-systemd==231 pytsk3==20160721 pytz==2016.6.1 PyYAML==3.11 pyzmq==16.0.0 redis==2.10.5 requests==2.11.1 salt==2017.7.1 setuptools==36.4.0 simplegeneric==0.8.1 simplejson==3.11.1 six==1.10.0 SQLAlchemy==1.1.11 stix==1.2.0.4 stix-validator==2.5.0 timesketch==2016.11 tornado==4.2.1 typing==3.6.2 unicodecsv==0.14.1 unity-lens-photos==1.0 usnparser==4.0.3 vine==1.1.3 virtualenv==15.0.1 virustotal-api==1.1.7 volatility==2.6 weakrefmethod==1.0.3 Werkzeug==0.12.2 wheel==0.29.0 windowsprefetch==3.0.5 WTForms==2.1 wxPython==3.0.2.0 wxPython-common==3.0.2.0 xdot==0.6 xlrd==1.0.0 XlsxWriter==0.9.3 yara-python==3.6.3 # [DEBUG ] stderr: The directory '/home/sansforensics/.cache/pip/http' or its parent directory is not owned by the current user and the cache has been disabled. Please check the permissions and owner of that directory. If executing pip with sudo, you may want sudo's -H flag. # [DEBUG ] CLEANUP_REQUIREMENTS: [] # [DEBUG ] TRY BLOCK: end of pip.install -- cmd: ['/usr/local/bin/pip2.7', 'install'], cmd_kwargs: {'runas': None, 'use_vt': False, 'saltenv': 'base'} # [INFO ] Executing command ['/usr/local/bin/pip2.7', 'install'] in directory '/home/sansforensics' # [DEBUG ] stderr: The directory '/home/sansforensics/.cache/pip/http' or its parent directory is not owned by the current user and the cache has been disabled. Please check the permissions and owner of that directory. If executing pip with sudo, you may want sudo's -H flag. The directory '/home/sansforensics/.cache/pip' or its parent directory is not owned by the current user and caching wheels has been disabled. check the permissions and owner of that directory. If executing pip with sudo, you may want sudo's -H flag. You must give at least one requirement to install (see "pip help install") # [INFO ] Python package python-evtx was already installed All packages were successfully installed # [INFO ] Completed state [python-evtx] at time 14:16:18.130331 duration_in_ms=1827.526 # [INFO ] Running state [python-magic] at time 14:16:18.133129 # [INFO ] Executing state pip.installed for [python-magic] # [DEBUG ] Installed pip version: 9.0.1 # [INFO ] Executing command '/usr/local/bin/pip2.7 --version' in directory '/home/sansforensics' # [DEBUG ] output: pip 9.0.1 from /usr/local/lib/python2.7/dist-packages (python 2.7) # [INFO ] Executing command ['/usr/local/bin/pip2.7', 'freeze', '--all'] in directory '/home/sansforensics' # [DEBUG ] stdout: adium-theme-ubuntu==0.3.4 alembic==0.9.3 amqp==2.1.4 analyzeMFT==2.0.19 aniso8601==1.2.1 apsw==3.8.11.1.post1 artifacts==20161022 bcrypt==3.1.3 bencode==1.0 billiard==3.5.0.2 binplist==0.1.5 bitstring==3.1.5 blinker==1.4 celery==4.0.2 cffi==1.10.0 CFPropertyList==0.0.1 click==6.7 colorama==0.3.9 construct==2.5.3 coverage==4.4.1 cybox==2.1.0.14 decorator==4.0.6 dfdatetime==20161101 dfvfs==20160108 dfwinreg==20160428 distorm3==3.3.4 dnspython==1.12.0 docopt==0.6.2 dpapick==0.3 dpkt==1.8 DSV==1.4.1 dumbnet==1.12 ecdsa==0.13 efilter==1!1.5 elasticsearch==5.4.0 enum34==1.1.6 Flask==0.12.2 Flask-Bcrypt==0.7.1 Flask-Login==0.4.0 Flask-Migrate==2.0.4 Flask-RESTful==0.3.6 Flask-Script==2.0.5 Flask-SQLAlchemy==2.2 Flask-WTF==0.14.2 flowgrep==0.9 funcsigs==0.4 fuse-python==0.2.1 future==0.16.0 futures==3.0.5 geoip2==2.5.0 hachoir-core==1.3.3 hachoir-metadata==1.3.3 hachoir-parser==1.3.4 haystack==0.42 hexdump==3.3 ioc-writer==0.3.3 ipaddress==1.0.18 ipython==2.4.1 itsdangerous==0.24 Jinja2==2.8 kombu==4.0.2 lxml==3.8.0 M2Crypto==0.26.0 Mako==1.0.3 MarkupSafe==0.23 maxminddb==1.3.0 mixbox==1.0.2 mock==1.3.0 msgpack-python==0.4.6 ntdsxtract==1.2b0 ordered-set==2.0.2 ordereddict==1.1 paramiko==1.16.0 pbr==1.8.0 pefile==2017.9.3 pexpect==4.0.1 pip==9.0.1 plaso==1.4.0 protobuf==2.6.1 psutil==4.3.1 ptyprocess==0.5 py==1.4.34 pyasn1==0.3.4 pycoin==0.77 pycparser==2.18 pycrypto==2.6.1 pycurl==7.43.0 PyMySQL==0.7.2 pynids==0.6.1 pyparsing==2.1.5 pyserial==3.0.1 PySocks==1.6.7 pytest==3.1.3 pytest-cov==2.5.1 python-apt==1.1.0b1 python-dateutil==2.5.3 python-editor==1.0.3 python-evtx==0.6.0 python-magic==0.4.13 python-ptrace==0.9.2 python-registry==1.0.4 python-systemd==231 pytsk3==20160721 pytz==2016.6.1 PyYAML==3.11 pyzmq==16.0.0 redis==2.10.5 requests==2.11.1 salt==2017.7.1 setuptools==36.4.0 simplegeneric==0.8.1 simplejson==3.11.1 six==1.10.0 SQLAlchemy==1.1.11 stix==1.2.0.4 stix-validator==2.5.0 timesketch==2016.11 tornado==4.2.1 typing==3.6.2 unicodecsv==0.14.1 unity-lens-photos==1.0 usnparser==4.0.3 vine==1.1.3 virtualenv==15.0.1 virustotal-api==1.1.7 volatility==2.6 weakrefmethod==1.0.3 Werkzeug==0.12.2 wheel==0.29.0 windowsprefetch==3.0.5 WTForms==2.1 wxPython==3.0.2.0 wxPython-common==3.0.2.0 xdot==0.6 xlrd==1.0.0 XlsxWriter==0.9.3 yara-python==3.6.3 # [DEBUG ] stderr: The directory '/home/sansforensics/.cache/pip/http' or its parent directory is not owned by the current user and the cache has been disabled. Please check the permissions and owner of that directory. If executing pip with sudo, you may want sudo's -H flag. # [DEBUG ] CLEANUP_REQUIREMENTS: [] # [DEBUG ] TRY BLOCK: end of pip.install -- cmd: ['/usr/local/bin/pip2.7', 'install'], cmd_kwargs: {'runas': None, 'use_vt': False, 'saltenv': 'base'} # [INFO ] Executing command ['/usr/local/bin/pip2.7', 'install'] in directory '/home/sansforensics' # [DEBUG ] stderr: The directory '/home/sansforensics/.cache/pip/http' or its parent directory is not owned by the current user and the cache has been disabled. Please check the permissions and owner of that directory. If executing pip with sudo, you may want sudo's -H flag. The directory '/home/sansforensics/.cache/pip' or its parent directory is not owned by the current user and caching wheels has been disabled. check the permissions and owner of that directory. If executing pip with sudo, you may want sudo's -H flag. You must give at least one requirement to install (see "pip help install") # [INFO ] Python package python-magic was already installed All packages were successfully installed # [INFO ] Completed state [python-magic] at time 14:16:20.113866 duration_in_ms=1980.733 # [INFO ] Running state [python-registry] at time 14:16:20.119616 # [INFO ] Executing state pip.installed for [python-registry] # [DEBUG ] Installed pip version: 9.0.1 # [INFO ] Executing command '/usr/local/bin/pip2.7 --version' in directory '/home/sansforensics' # [DEBUG ] output: pip 9.0.1 from /usr/local/lib/python2.7/dist-packages (python 2.7) # [INFO ] Executing command ['/usr/local/bin/pip2.7', 'freeze', '--all'] in directory '/home/sansforensics' # [DEBUG ] stdout: adium-theme-ubuntu==0.3.4 alembic==0.9.3 amqp==2.1.4 analyzeMFT==2.0.19 aniso8601==1.2.1 apsw==3.8.11.1.post1 artifacts==20161022 bcrypt==3.1.3 bencode==1.0 billiard==3.5.0.2 binplist==0.1.5 bitstring==3.1.5 blinker==1.4 celery==4.0.2 cffi==1.10.0 CFPropertyList==0.0.1 click==6.7 colorama==0.3.9 construct==2.5.3 coverage==4.4.1 cybox==2.1.0.14 decorator==4.0.6 dfdatetime==20161101 dfvfs==20160108 dfwinreg==20160428 distorm3==3.3.4 dnspython==1.12.0 docopt==0.6.2 dpapick==0.3 dpkt==1.8 DSV==1.4.1 dumbnet==1.12 ecdsa==0.13 efilter==1!1.5 elasticsearch==5.4.0 enum34==1.1.6 Flask==0.12.2 Flask-Bcrypt==0.7.1 Flask-Login==0.4.0 Flask-Migrate==2.0.4 Flask-RESTful==0.3.6 Flask-Script==2.0.5 Flask-SQLAlchemy==2.2 Flask-WTF==0.14.2 flowgrep==0.9 funcsigs==0.4 fuse-python==0.2.1 future==0.16.0 futures==3.0.5 geoip2==2.5.0 hachoir-core==1.3.3 hachoir-metadata==1.3.3 hachoir-parser==1.3.4 haystack==0.42 hexdump==3.3 ioc-writer==0.3.3 ipaddress==1.0.18 ipython==2.4.1 itsdangerous==0.24 Jinja2==2.8 kombu==4.0.2 lxml==3.8.0 M2Crypto==0.26.0 Mako==1.0.3 MarkupSafe==0.23 maxminddb==1.3.0 mixbox==1.0.2 mock==1.3.0 msgpack-python==0.4.6 ntdsxtract==1.2b0 ordered-set==2.0.2 ordereddict==1.1 paramiko==1.16.0 pbr==1.8.0 pefile==2017.9.3 pexpect==4.0.1 pip==9.0.1 plaso==1.4.0 protobuf==2.6.1 psutil==4.3.1 ptyprocess==0.5 py==1.4.34 pyasn1==0.3.4 pycoin==0.77 pycparser==2.18 pycrypto==2.6.1 pycurl==7.43.0 PyMySQL==0.7.2 pynids==0.6.1 pyparsing==2.1.5 pyserial==3.0.1 PySocks==1.6.7 pytest==3.1.3 pytest-cov==2.5.1 python-apt==1.1.0b1 python-dateutil==2.5.3 python-editor==1.0.3 python-evtx==0.6.0 python-magic==0.4.13 python-ptrace==0.9.2 python-registry==1.0.4 python-systemd==231 pytsk3==20160721 pytz==2016.6.1 PyYAML==3.11 pyzmq==16.0.0 redis==2.10.5 requests==2.11.1 salt==2017.7.1 setuptools==36.4.0 simplegeneric==0.8.1 simplejson==3.11.1 six==1.10.0 SQLAlchemy==1.1.11 stix==1.2.0.4 stix-validator==2.5.0 timesketch==2016.11 tornado==4.2.1 typing==3.6.2 unicodecsv==0.14.1 unity-lens-photos==1.0 usnparser==4.0.3 vine==1.1.3 virtualenv==15.0.1 virustotal-api==1.1.7 volatility==2.6 weakrefmethod==1.0.3 Werkzeug==0.12.2 wheel==0.29.0 windowsprefetch==3.0.5 WTForms==2.1 wxPython==3.0.2.0 wxPython-common==3.0.2.0 xdot==0.6 xlrd==1.0.0 XlsxWriter==0.9.3 yara-python==3.6.3 # [DEBUG ] stderr: The directory '/home/sansforensics/.cache/pip/http' or its parent directory is not owned by the current user and the cache has been disabled. Please check the permissions and owner of that directory. If executing pip with sudo, you may want sudo's -H flag. # [DEBUG ] CLEANUP_REQUIREMENTS: [] # [DEBUG ] TRY BLOCK: end of pip.install -- cmd: ['/usr/local/bin/pip2.7', 'install'], cmd_kwargs: {'runas': None, 'use_vt': False, 'saltenv': 'base'} # [INFO ] Executing command ['/usr/local/bin/pip2.7', 'install'] in directory '/home/sansforensics' # [DEBUG ] stderr: The directory '/home/sansforensics/.cache/pip/http' or its parent directory is not owned by the current user and the cache has been disabled. Please check the permissions and owner of that directory. If executing pip with sudo, you may want sudo's -H flag. The directory '/home/sansforensics/.cache/pip' or its parent directory is not owned by the current user and caching wheels has been disabled. check the permissions and owner of that directory. If executing pip with sudo, you may want sudo's -H flag. You must give at least one requirement to install (see "pip help install") # [INFO ] Python package python-registry was already installed All packages were successfully installed # [INFO ] Completed state [python-registry] at time 14:16:22.120766 duration_in_ms=2001.15 # [INFO ] Running state [setuptools] at time 14:16:22.124559 # [INFO ] Executing state pip.installed for [setuptools] # [DEBUG ] Installed pip version: 9.0.1 # [INFO ] Executing command '/usr/local/bin/pip2.7 --version' in directory '/home/sansforensics' # [DEBUG ] output: pip 9.0.1 from /usr/local/lib/python2.7/dist-packages (python 2.7) # [INFO ] Executing command ['/usr/local/bin/pip2.7', 'freeze', '--all'] in directory '/home/sansforensics' # [DEBUG ] stdout: adium-theme-ubuntu==0.3.4 alembic==0.9.3 amqp==2.1.4 analyzeMFT==2.0.19 aniso8601==1.2.1 apsw==3.8.11.1.post1 artifacts==20161022 bcrypt==3.1.3 bencode==1.0 billiard==3.5.0.2 binplist==0.1.5 bitstring==3.1.5 blinker==1.4 celery==4.0.2 cffi==1.10.0 CFPropertyList==0.0.1 click==6.7 colorama==0.3.9 construct==2.5.3 coverage==4.4.1 cybox==2.1.0.14 decorator==4.0.6 dfdatetime==20161101 dfvfs==20160108 dfwinreg==20160428 distorm3==3.3.4 dnspython==1.12.0 docopt==0.6.2 dpapick==0.3 dpkt==1.8 DSV==1.4.1 dumbnet==1.12 ecdsa==0.13 efilter==1!1.5 elasticsearch==5.4.0 enum34==1.1.6 Flask==0.12.2 Flask-Bcrypt==0.7.1 Flask-Login==0.4.0 Flask-Migrate==2.0.4 Flask-RESTful==0.3.6 Flask-Script==2.0.5 Flask-SQLAlchemy==2.2 Flask-WTF==0.14.2 flowgrep==0.9 funcsigs==0.4 fuse-python==0.2.1 future==0.16.0 futures==3.0.5 geoip2==2.5.0 hachoir-core==1.3.3 hachoir-metadata==1.3.3 hachoir-parser==1.3.4 haystack==0.42 hexdump==3.3 ioc-writer==0.3.3 ipaddress==1.0.18 ipython==2.4.1 itsdangerous==0.24 Jinja2==2.8 kombu==4.0.2 lxml==3.8.0 M2Crypto==0.26.0 Mako==1.0.3 MarkupSafe==0.23 maxminddb==1.3.0 mixbox==1.0.2 mock==1.3.0 msgpack-python==0.4.6 ntdsxtract==1.2b0 ordered-set==2.0.2 ordereddict==1.1 paramiko==1.16.0 pbr==1.8.0 pefile==2017.9.3 pexpect==4.0.1 pip==9.0.1 plaso==1.4.0 protobuf==2.6.1 psutil==4.3.1 ptyprocess==0.5 py==1.4.34 pyasn1==0.3.4 pycoin==0.77 pycparser==2.18 pycrypto==2.6.1 pycurl==7.43.0 PyMySQL==0.7.2 pynids==0.6.1 pyparsing==2.1.5 pyserial==3.0.1 PySocks==1.6.7 pytest==3.1.3 pytest-cov==2.5.1 python-apt==1.1.0b1 python-dateutil==2.5.3 python-editor==1.0.3 python-evtx==0.6.0 python-magic==0.4.13 python-ptrace==0.9.2 python-registry==1.0.4 python-systemd==231 pytsk3==20160721 pytz==2016.6.1 PyYAML==3.11 pyzmq==16.0.0 redis==2.10.5 requests==2.11.1 salt==2017.7.1 setuptools==36.4.0 simplegeneric==0.8.1 simplejson==3.11.1 six==1.10.0 SQLAlchemy==1.1.11 stix==1.2.0.4 stix-validator==2.5.0 timesketch==2016.11 tornado==4.2.1 typing==3.6.2 unicodecsv==0.14.1 unity-lens-photos==1.0 usnparser==4.0.3 vine==1.1.3 virtualenv==15.0.1 virustotal-api==1.1.7 volatility==2.6 weakrefmethod==1.0.3 Werkzeug==0.12.2 wheel==0.29.0 windowsprefetch==3.0.5 WTForms==2.1 wxPython==3.0.2.0 wxPython-common==3.0.2.0 xdot==0.6 xlrd==1.0.0 XlsxWriter==0.9.3 yara-python==3.6.3 # [DEBUG ] stderr: The directory '/home/sansforensics/.cache/pip/http' or its parent directory is not owned by the current user and the cache has been disabled. Please check the permissions and owner of that directory. If executing pip with sudo, you may want sudo's -H flag. # [DEBUG ] CLEANUP_REQUIREMENTS: [] # [DEBUG ] TRY BLOCK: end of pip.install -- cmd: ['/usr/local/bin/pip2.7', 'install', '--upgrade', 'setuptools'], cmd_kwargs: {'runas': None, 'use_vt': False, 'saltenv': 'base'} # [INFO ] Executing command ['/usr/local/bin/pip2.7', 'install', '--upgrade', 'setuptools'] in directory '/home/sansforensics' # [DEBUG ] stdout: Requirement already up-to-date: setuptools in /usr/local/lib/python2.7/dist-packages # [DEBUG ] stderr: The directory '/home/sansforensics/.cache/pip/http' or its parent directory is not owned by the current user and the cache has been disabled. Please check the permissions and owner of that directory. If executing pip with sudo, you may want sudo's -H flag. The directory '/home/sansforensics/.cache/pip' or its parent directory is not owned by the current user and caching wheels has been disabled. check the permissions and owner of that directory. If executing pip with sudo, you may want sudo's -H flag. # [INFO ] Executing command '/usr/local/bin/pip2.7 --version' in directory '/home/sansforensics' # [DEBUG ] output: pip 9.0.1 from /usr/local/lib/python2.7/dist-packages (python 2.7) # [INFO ] Executing command ['/usr/local/bin/pip2.7', 'freeze', '--all'] in directory '/home/sansforensics' # [DEBUG ] stdout: adium-theme-ubuntu==0.3.4 alembic==0.9.3 amqp==2.1.4 analyzeMFT==2.0.19 aniso8601==1.2.1 apsw==3.8.11.1.post1 artifacts==20161022 bcrypt==3.1.3 bencode==1.0 billiard==3.5.0.2 binplist==0.1.5 bitstring==3.1.5 blinker==1.4 celery==4.0.2 cffi==1.10.0 CFPropertyList==0.0.1 click==6.7 colorama==0.3.9 construct==2.5.3 coverage==4.4.1 cybox==2.1.0.14 decorator==4.0.6 dfdatetime==20161101 dfvfs==20160108 dfwinreg==20160428 distorm3==3.3.4 dnspython==1.12.0 docopt==0.6.2 dpapick==0.3 dpkt==1.8 DSV==1.4.1 dumbnet==1.12 ecdsa==0.13 efilter==1!1.5 elasticsearch==5.4.0 enum34==1.1.6 Flask==0.12.2 Flask-Bcrypt==0.7.1 Flask-Login==0.4.0 Flask-Migrate==2.0.4 Flask-RESTful==0.3.6 Flask-Script==2.0.5 Flask-SQLAlchemy==2.2 Flask-WTF==0.14.2 flowgrep==0.9 funcsigs==0.4 fuse-python==0.2.1 future==0.16.0 futures==3.0.5 geoip2==2.5.0 hachoir-core==1.3.3 hachoir-metadata==1.3.3 hachoir-parser==1.3.4 haystack==0.42 hexdump==3.3 ioc-writer==0.3.3 ipaddress==1.0.18 ipython==2.4.1 itsdangerous==0.24 Jinja2==2.8 kombu==4.0.2 lxml==3.8.0 M2Crypto==0.26.0 Mako==1.0.3 MarkupSafe==0.23 maxminddb==1.3.0 mixbox==1.0.2 mock==1.3.0 msgpack-python==0.4.6 ntdsxtract==1.2b0 ordered-set==2.0.2 ordereddict==1.1 paramiko==1.16.0 pbr==1.8.0 pefile==2017.9.3 pexpect==4.0.1 pip==9.0.1 plaso==1.4.0 protobuf==2.6.1 psutil==4.3.1 ptyprocess==0.5 py==1.4.34 pyasn1==0.3.4 pycoin==0.77 pycparser==2.18 pycrypto==2.6.1 pycurl==7.43.0 PyMySQL==0.7.2 pynids==0.6.1 pyparsing==2.1.5 pyserial==3.0.1 PySocks==1.6.7 pytest==3.1.3 pytest-cov==2.5.1 python-apt==1.1.0b1 python-dateutil==2.5.3 python-editor==1.0.3 python-evtx==0.6.0 python-magic==0.4.13 python-ptrace==0.9.2 python-registry==1.0.4 python-systemd==231 pytsk3==20160721 pytz==2016.6.1 PyYAML==3.11 pyzmq==16.0.0 redis==2.10.5 requests==2.11.1 salt==2017.7.1 setuptools==36.4.0 simplegeneric==0.8.1 simplejson==3.11.1 six==1.10.0 SQLAlchemy==1.1.11 stix==1.2.0.4 stix-validator==2.5.0 timesketch==2016.11 tornado==4.2.1 typing==3.6.2 unicodecsv==0.14.1 unity-lens-photos==1.0 usnparser==4.0.3 vine==1.1.3 virtualenv==15.0.1 virustotal-api==1.1.7 volatility==2.6 weakrefmethod==1.0.3 Werkzeug==0.12.2 wheel==0.29.0 windowsprefetch==3.0.5 WTForms==2.1 wxPython==3.0.2.0 wxPython-common==3.0.2.0 xdot==0.6 xlrd==1.0.0 XlsxWriter==0.9.3 yara-python==3.6.3 # [DEBUG ] stderr: The directory '/home/sansforensics/.cache/pip/http' or its parent directory is not owned by the current user and the cache has been disabled. Please check the permissions and owner of that directory. If executing pip with sudo, you may want sudo's -H flag. # [INFO ] All packages were successfully installed # [INFO ] Completed state [setuptools] at time 14:16:25.839077 duration_in_ms=3714.518 # [INFO ] Running state [wheel] at time 14:16:25.842484 # [INFO ] Executing state pip.installed for [wheel] # [DEBUG ] Installed pip version: 9.0.1 # [INFO ] Executing command '/usr/local/bin/pip2.7 --version' in directory '/home/sansforensics' # [DEBUG ] output: pip 9.0.1 from /usr/local/lib/python2.7/dist-packages (python 2.7) # [INFO ] Executing command ['/usr/local/bin/pip2.7', 'freeze', '--all'] in directory '/home/sansforensics' # [DEBUG ] stdout: adium-theme-ubuntu==0.3.4 alembic==0.9.3 amqp==2.1.4 analyzeMFT==2.0.19 aniso8601==1.2.1 apsw==3.8.11.1.post1 artifacts==20161022 bcrypt==3.1.3 bencode==1.0 billiard==3.5.0.2 binplist==0.1.5 bitstring==3.1.5 blinker==1.4 celery==4.0.2 cffi==1.10.0 CFPropertyList==0.0.1 click==6.7 colorama==0.3.9 construct==2.5.3 coverage==4.4.1 cybox==2.1.0.14 decorator==4.0.6 dfdatetime==20161101 dfvfs==20160108 dfwinreg==20160428 distorm3==3.3.4 dnspython==1.12.0 docopt==0.6.2 dpapick==0.3 dpkt==1.8 DSV==1.4.1 dumbnet==1.12 ecdsa==0.13 efilter==1!1.5 elasticsearch==5.4.0 enum34==1.1.6 Flask==0.12.2 Flask-Bcrypt==0.7.1 Flask-Login==0.4.0 Flask-Migrate==2.0.4 Flask-RESTful==0.3.6 Flask-Script==2.0.5 Flask-SQLAlchemy==2.2 Flask-WTF==0.14.2 flowgrep==0.9 funcsigs==0.4 fuse-python==0.2.1 future==0.16.0 futures==3.0.5 geoip2==2.5.0 hachoir-core==1.3.3 hachoir-metadata==1.3.3 hachoir-parser==1.3.4 haystack==0.42 hexdump==3.3 ioc-writer==0.3.3 ipaddress==1.0.18 ipython==2.4.1 itsdangerous==0.24 Jinja2==2.8 kombu==4.0.2 lxml==3.8.0 M2Crypto==0.26.0 Mako==1.0.3 MarkupSafe==0.23 maxminddb==1.3.0 mixbox==1.0.2 mock==1.3.0 msgpack-python==0.4.6 ntdsxtract==1.2b0 ordered-set==2.0.2 ordereddict==1.1 paramiko==1.16.0 pbr==1.8.0 pefile==2017.9.3 pexpect==4.0.1 pip==9.0.1 plaso==1.4.0 protobuf==2.6.1 psutil==4.3.1 ptyprocess==0.5 py==1.4.34 pyasn1==0.3.4 pycoin==0.77 pycparser==2.18 pycrypto==2.6.1 pycurl==7.43.0 PyMySQL==0.7.2 pynids==0.6.1 pyparsing==2.1.5 pyserial==3.0.1 PySocks==1.6.7 pytest==3.1.3 pytest-cov==2.5.1 python-apt==1.1.0b1 python-dateutil==2.5.3 python-editor==1.0.3 python-evtx==0.6.0 python-magic==0.4.13 python-ptrace==0.9.2 python-registry==1.0.4 python-systemd==231 pytsk3==20160721 pytz==2016.6.1 PyYAML==3.11 pyzmq==16.0.0 redis==2.10.5 requests==2.11.1 salt==2017.7.1 setuptools==36.4.0 simplegeneric==0.8.1 simplejson==3.11.1 six==1.10.0 SQLAlchemy==1.1.11 stix==1.2.0.4 stix-validator==2.5.0 timesketch==2016.11 tornado==4.2.1 typing==3.6.2 unicodecsv==0.14.1 unity-lens-photos==1.0 usnparser==4.0.3 vine==1.1.3 virtualenv==15.0.1 virustotal-api==1.1.7 volatility==2.6 weakrefmethod==1.0.3 Werkzeug==0.12.2 wheel==0.29.0 windowsprefetch==3.0.5 WTForms==2.1 wxPython==3.0.2.0 wxPython-common==3.0.2.0 xdot==0.6 xlrd==1.0.0 XlsxWriter==0.9.3 yara-python==3.6.3 # [DEBUG ] stderr: The directory '/home/sansforensics/.cache/pip/http' or its parent directory is not owned by the current user and the cache has been disabled. Please check the permissions and owner of that directory. If executing pip with sudo, you may want sudo's -H flag. # [DEBUG ] CLEANUP_REQUIREMENTS: [] # [DEBUG ] TRY BLOCK: end of pip.install -- cmd: ['/usr/local/bin/pip2.7', 'install', '--upgrade', 'wheel'], cmd_kwargs: {'runas': None, 'use_vt': False, 'saltenv': 'base'} # [INFO ] Executing command ['/usr/local/bin/pip2.7', 'install', '--upgrade', 'wheel'] in directory '/home/sansforensics' # [DEBUG ] stdout: Requirement already up-to-date: wheel in /usr/lib/python2.7/dist-packages # [DEBUG ] stderr: The directory '/home/sansforensics/.cache/pip/http' or its parent directory is not owned by the current user and the cache has been disabled. Please check the permissions and owner of that directory. If executing pip with sudo, you may want sudo's -H flag. The directory '/home/sansforensics/.cache/pip' or its parent directory is not owned by the current user and caching wheels has been disabled. check the permissions and owner of that directory. If executing pip with sudo, you may want sudo's -H flag. # [INFO ] Executing command '/usr/local/bin/pip2.7 --version' in directory '/home/sansforensics' # [DEBUG ] output: pip 9.0.1 from /usr/local/lib/python2.7/dist-packages (python 2.7) # [INFO ] Executing command ['/usr/local/bin/pip2.7', 'freeze', '--all'] in directory '/home/sansforensics' # [DEBUG ] stdout: adium-theme-ubuntu==0.3.4 alembic==0.9.3 amqp==2.1.4 analyzeMFT==2.0.19 aniso8601==1.2.1 apsw==3.8.11.1.post1 artifacts==20161022 bcrypt==3.1.3 bencode==1.0 billiard==3.5.0.2 binplist==0.1.5 bitstring==3.1.5 blinker==1.4 celery==4.0.2 cffi==1.10.0 CFPropertyList==0.0.1 click==6.7 colorama==0.3.9 construct==2.5.3 coverage==4.4.1 cybox==2.1.0.14 decorator==4.0.6 dfdatetime==20161101 dfvfs==20160108 dfwinreg==20160428 distorm3==3.3.4 dnspython==1.12.0 docopt==0.6.2 dpapick==0.3 dpkt==1.8 DSV==1.4.1 dumbnet==1.12 ecdsa==0.13 efilter==1!1.5 elasticsearch==5.4.0 enum34==1.1.6 Flask==0.12.2 Flask-Bcrypt==0.7.1 Flask-Login==0.4.0 Flask-Migrate==2.0.4 Flask-RESTful==0.3.6 Flask-Script==2.0.5 Flask-SQLAlchemy==2.2 Flask-WTF==0.14.2 flowgrep==0.9 funcsigs==0.4 fuse-python==0.2.1 future==0.16.0 futures==3.0.5 geoip2==2.5.0 hachoir-core==1.3.3 hachoir-metadata==1.3.3 hachoir-parser==1.3.4 haystack==0.42 hexdump==3.3 ioc-writer==0.3.3 ipaddress==1.0.18 ipython==2.4.1 itsdangerous==0.24 Jinja2==2.8 kombu==4.0.2 lxml==3.8.0 M2Crypto==0.26.0 Mako==1.0.3 MarkupSafe==0.23 maxminddb==1.3.0 mixbox==1.0.2 mock==1.3.0 msgpack-python==0.4.6 ntdsxtract==1.2b0 ordered-set==2.0.2 ordereddict==1.1 paramiko==1.16.0 pbr==1.8.0 pefile==2017.9.3 pexpect==4.0.1 pip==9.0.1 plaso==1.4.0 protobuf==2.6.1 psutil==4.3.1 ptyprocess==0.5 py==1.4.34 pyasn1==0.3.4 pycoin==0.77 pycparser==2.18 pycrypto==2.6.1 pycurl==7.43.0 PyMySQL==0.7.2 pynids==0.6.1 pyparsing==2.1.5 pyserial==3.0.1 PySocks==1.6.7 pytest==3.1.3 pytest-cov==2.5.1 python-apt==1.1.0b1 python-dateutil==2.5.3 python-editor==1.0.3 python-evtx==0.6.0 python-magic==0.4.13 python-ptrace==0.9.2 python-registry==1.0.4 python-systemd==231 pytsk3==20160721 pytz==2016.6.1 PyYAML==3.11 pyzmq==16.0.0 redis==2.10.5 requests==2.11.1 salt==2017.7.1 setuptools==36.4.0 simplegeneric==0.8.1 simplejson==3.11.1 six==1.10.0 SQLAlchemy==1.1.11 stix==1.2.0.4 stix-validator==2.5.0 timesketch==2016.11 tornado==4.2.1 typing==3.6.2 unicodecsv==0.14.1 unity-lens-photos==1.0 usnparser==4.0.3 vine==1.1.3 virtualenv==15.0.1 virustotal-api==1.1.7 volatility==2.6 weakrefmethod==1.0.3 Werkzeug==0.12.2 wheel==0.29.0 windowsprefetch==3.0.5 WTForms==2.1 wxPython==3.0.2.0 wxPython-common==3.0.2.0 xdot==0.6 xlrd==1.0.0 XlsxWriter==0.9.3 yara-python==3.6.3 # [DEBUG ] stderr: The directory '/home/sansforensics/.cache/pip/http' or its parent directory is not owned by the current user and the cache has been disabled. Please check the permissions and owner of that directory. If executing pip with sudo, you may want sudo's -H flag. # [INFO ] All packages were successfully installed # [INFO ] Completed state [wheel] at time 14:16:29.185597 duration_in_ms=3343.112 # [DEBUG ] LazyLoaded virtualenv.managed # [INFO ] Running state [/opt/rekall] at time 14:16:29.189509 # [INFO ] Executing state virtualenv.managed for [/opt/rekall] # [INFO ] Executing command '/opt/rekall/bin/pip --version' in directory '/home/sansforensics' # [DEBUG ] output: pip 9.0.1 from /opt/rekall/local/lib/python2.7/site-packages (python 2.7) # [INFO ] Executing command ['/opt/rekall/bin/pip', 'freeze', '--all'] in directory '/home/sansforensics' # [DEBUG ] stdout: acora==2.0 aff4-snappy==0.5 arrow==0.7.0 artifacts==20160114 backports.shutil-get-terminal-size==1.0.0 decorator==4.0.11 efilter==1!1.3 enum34==1.1.6 html5lib==0.999999999 intervaltree==2.1.0 ipaddr==2.1.11 ipython==5.4.1 ipython-genutils==0.2.0 isodate==0.5.4 pathlib2==2.3.0 pexpect==4.2.1 pickleshare==0.7.4 pip==9.0.1 pkg-resources==0.0.0 prompt-toolkit==1.0.14 psutil==4.4.2 ptyprocess==0.5.2 pyaff4==0.24.post3 pycrypto==2.6.1 pyelftools==0.24 Pygments==2.2.0 pyparsing==2.1.5 python-dateutil==2.5.3 pytsk3==20160721 pytz==2016.4 PyYAML==3.11 rdflib==4.2.1 readline==6.2.4.1 rekall==1.6.0 rekall-capstone==3.0.4.post2 rekall-core==1.6.0 rekall-yara==3.4.0.1 scandir==1.5 setuptools==36.0.1 simplegeneric==0.8.1 six==1.10.0 sortedcontainers==1.4.4 SPARQLWrapper==1.8.0 traitlets==4.3.2 wcwidth==0.1.7 webencodings==0.5.1 wheel==0.30.0a0 # [DEBUG ] stderr: The directory '/home/sansforensics/.cache/pip/http' or its parent directory is not owned by the current user and the cache has been disabled. Please check the permissions and owner of that directory. If executing pip with sudo, you may want sudo's -H flag. # [DEBUG ] CLEANUP_REQUIREMENTS: [] # [DEBUG ] TRY BLOCK: end of pip.install -- cmd: ['/opt/rekall/bin/pip', 'install', 'pip', 'setuptools', 'wheel', 'rekall'], cmd_kwargs: {'runas': None, 'use_vt': False, 'saltenv': 'base', 'env': {'VIRTUAL_ENV': '/opt/rekall'}} # [INFO ] Executing command ['/opt/rekall/bin/pip', 'install', 'pip', 'setuptools', 'wheel', 'rekall'] in directory '/home/sansforensics' # [DEBUG ] stdout: Requirement already satisfied: pip in /opt/rekall/lib/python2.7/site-packages Requirement already satisfied: setuptools in /opt/rekall/lib/python2.7/site-packages Requirement already satisfied: wheel in /opt/rekall/lib/python2.7/site-packages Requirement already satisfied: rekall in /opt/rekall/lib/python2.7/site-packages Requirement already satisfied: ipython<6.0,>=5.0.0 in /opt/rekall/lib/python2.7/site-packages (from rekall) Requirement already satisfied: readline; sys_platform != "win32" in /opt/rekall/lib/python2.7/site-packages (from rekall) Requirement already satisfied: rekall-core>=1.5.0 in /opt/rekall/lib/python2.7/site-packages (from rekall) Requirement already satisfied: pickleshare in /opt/rekall/lib/python2.7/site-packages (from ipython<6.0,>=5.0.0->rekall) Requirement already satisfied: simplegeneric>0.8 in /opt/rekall/lib/python2.7/site-packages (from ipython<6.0,>=5.0.0->rekall) Requirement already satisfied: traitlets>=4.2 in /opt/rekall/lib/python2.7/site-packages (from ipython<6.0,>=5.0.0->rekall) Requirement already satisfied: backports.shutil-get-terminal-size; python_version == "2.7" in /opt/rekall/lib/python2.7/site-packages (from ipython<6.0,>=5.0.0->rekall) Requirement already satisfied: decorator in /opt/rekall/lib/python2.7/site-packages (from ipython<6.0,>=5.0.0->rekall) Requirement already satisfied: pygments in /opt/rekall/lib/python2.7/site-packages (from ipython<6.0,>=5.0.0->rekall) Requirement already satisfied: pexpect; sys_platform != "win32" in /opt/rekall/lib/python2.7/site-packages (from ipython<6.0,>=5.0.0->rekall) Requirement already satisfied: pathlib2; python_version == "2.7" or python_version == "3.3" in /opt/rekall/lib/python2.7/site-packages (from ipython<6.0,>=5.0.0->rekall) Requirement already satisfied: prompt-toolkit<2.0.0,>=1.0.4 in /opt/rekall/lib/python2.7/site-packages (from ipython<6.0,>=5.0.0->rekall) Requirement already satisfied: psutil<5.0,>=4.0 in /opt/rekall/lib/python2.7/site-packages (from rekall-core>=1.5.0->rekall) Requirement already satisfied: pytsk3==20160721 in /opt/rekall/lib/python2.7/site-packages (from rekall-core>=1.5.0->rekall) Requirement already satisfied: pyelftools==0.24 in /opt/rekall/lib/python2.7/site-packages (from rekall-core>=1.5.0->rekall) Requirement already satisfied: intervaltree==2.1.0 in /opt/rekall/lib/python2.7/site-packages (from rekall-core>=1.5.0->rekall) Requirement already satisfied: python-dateutil==2.5.3 in /opt/rekall/lib/python2.7/site-packages (from rekall-core>=1.5.0->rekall) Requirement already satisfied: acora==2.0 in /opt/rekall/lib/python2.7/site-packages (from rekall-core>=1.5.0->rekall) Requirement already satisfied: PyYAML==3.11 in /opt/rekall/lib/python2.7/site-packages (from rekall-core>=1.5.0->rekall) Requirement already satisfied: ipaddr==2.1.11 in /opt/rekall/lib/python2.7/site-packages (from rekall-core>=1.5.0->rekall) Requirement already satisfied: artifacts==20160114 in /opt/rekall/lib/python2.7/site-packages (from rekall-core>=1.5.0->rekall) Requirement already satisfied: pycrypto==2.6.1 in /opt/rekall/lib/python2.7/site-packages (from rekall-core>=1.5.0->rekall) Requirement already satisfied: pytz==2016.4 in /opt/rekall/lib/python2.7/site-packages (from rekall-core>=1.5.0->rekall) Requirement already satisfied: rekall-capstone==3.0.4.post2 in /opt/rekall/lib/python2.7/site-packages (from rekall-core>=1.5.0->rekall) Requirement already satisfied: efilter==1!1.3 in /opt/rekall/lib/python2.7/site-packages (from rekall-core>=1.5.0->rekall) Requirement already satisfied: pyaff4<0.30,>=0.24 in /opt/rekall/lib/python2.7/site-packages (from rekall-core>=1.5.0->rekall) Requirement already satisfied: rekall-yara==3.4.0.1 in /opt/rekall/lib/python2.7/site-packages (from rekall-core>=1.5.0->rekall) Requirement already satisfied: pyparsing==2.1.5 in /opt/rekall/lib/python2.7/site-packages (from rekall-core>=1.5.0->rekall) Requirement already satisfied: arrow==0.7.0 in /opt/rekall/lib/python2.7/site-packages (from rekall-core>=1.5.0->rekall) Requirement already satisfied: sortedcontainers==1.4.4 in /opt/rekall/lib/python2.7/site-packages (from rekall-core>=1.5.0->rekall) Requirement already satisfied: enum34; python_version == "2.7" in /opt/rekall/lib/python2.7/site-packages (from traitlets>=4.2->ipython<6.0,>=5.0.0->rekall) Requirement already satisfied: six in /opt/rekall/lib/python2.7/site-packages (from traitlets>=4.2->ipython<6.0,>=5.0.0->rekall) Requirement already satisfied: ipython-genutils in /opt/rekall/lib/python2.7/site-packages (from traitlets>=4.2->ipython<6.0,>=5.0.0->rekall) Requirement already satisfied: ptyprocess>=0.5 in /opt/rekall/lib/python2.7/site-packages (from pexpect; sys_platform != "win32"->ipython<6.0,>=5.0.0->rekall) Requirement already satisfied: scandir; python_version < "3.5" in /opt/rekall/lib/python2.7/site-packages (from pathlib2; python_version == "2.7" or python_version == "3.3"->ipython<6.0,>=5.0.0->rekall) Requirement already satisfied: wcwidth in /opt/rekall/lib/python2.7/site-packages (from prompt-toolkit<2.0.0,>=1.0.4->ipython<6.0,>=5.0.0->rekall) Requirement already satisfied: aff4-snappy==0.5 in /opt/rekall/lib/python2.7/site-packages (from pyaff4<0.30,>=0.24->rekall-core>=1.5.0->rekall) Requirement already satisfied: rdflib==4.2.1 in /opt/rekall/lib/python2.7/site-packages (from pyaff4<0.30,>=0.24->rekall-core>=1.5.0->rekall) Requirement already satisfied: isodate in /opt/rekall/lib/python2.7/site-packages (from rdflib==4.2.1->pyaff4<0.30,>=0.24->rekall-core>=1.5.0->rekall) Requirement already satisfied: SPARQLWrapper in /opt/rekall/lib/python2.7/site-packages (from rdflib==4.2.1->pyaff4<0.30,>=0.24->rekall-core>=1.5.0->rekall) Requirement already satisfied: html5lib in /opt/rekall/lib/python2.7/site-packages (from rdflib==4.2.1->pyaff4<0.30,>=0.24->rekall-core>=1.5.0->rekall) Requirement already satisfied: webencodings in /opt/rekall/lib/python2.7/site-packages (from html5lib->rdflib==4.2.1->pyaff4<0.30,>=0.24->rekall-core>=1.5.0->rekall) # [DEBUG ] stderr: The directory '/home/sansforensics/.cache/pip/http' or its parent directory is not owned by the current user and the cache has been disabled. Please check the permissions and owner of that directory. If executing pip with sudo, you may want sudo's -H flag. The directory '/home/sansforensics/.cache/pip' or its parent directory is not owned by the current user and caching wheels has been disabled. check the permissions and owner of that directory. If executing pip with sudo, you may want sudo's -H flag. # [INFO ] Executing command '/opt/rekall/bin/pip --version' in directory '/home/sansforensics' # [DEBUG ] output: pip 9.0.1 from /opt/rekall/local/lib/python2.7/site-packages (python 2.7) # [INFO ] Executing command ['/opt/rekall/bin/pip', 'freeze', '--all'] in directory '/home/sansforensics' # [DEBUG ] stdout: acora==2.0 aff4-snappy==0.5 arrow==0.7.0 artifacts==20160114 backports.shutil-get-terminal-size==1.0.0 decorator==4.0.11 efilter==1!1.3 enum34==1.1.6 html5lib==0.999999999 intervaltree==2.1.0 ipaddr==2.1.11 ipython==5.4.1 ipython-genutils==0.2.0 isodate==0.5.4 pathlib2==2.3.0 pexpect==4.2.1 pickleshare==0.7.4 pip==9.0.1 pkg-resources==0.0.0 prompt-toolkit==1.0.14 psutil==4.4.2 ptyprocess==0.5.2 pyaff4==0.24.post3 pycrypto==2.6.1 pyelftools==0.24 Pygments==2.2.0 pyparsing==2.1.5 python-dateutil==2.5.3 pytsk3==20160721 pytz==2016.4 PyYAML==3.11 rdflib==4.2.1 readline==6.2.4.1 rekall==1.6.0 rekall-capstone==3.0.4.post2 rekall-core==1.6.0 rekall-yara==3.4.0.1 scandir==1.5 setuptools==36.0.1 simplegeneric==0.8.1 six==1.10.0 sortedcontainers==1.4.4 SPARQLWrapper==1.8.0 traitlets==4.3.2 wcwidth==0.1.7 webencodings==0.5.1 wheel==0.30.0a0 # [DEBUG ] stderr: The directory '/home/sansforensics/.cache/pip/http' or its parent directory is not owned by the current user and the cache has been disabled. Please check the permissions and owner of that directory. If executing pip with sudo, you may want sudo's -H flag. # [INFO ] virtualenv exists # [INFO ] Completed state [/opt/rekall] at time 14:16:32.383709 duration_in_ms=3194.201 # [INFO ] Running state [rekall] at time 14:16:32.398673 # [INFO ] Executing state pip.installed for [rekall] # [DEBUG ] Installed pip version: 9.0.1 # [INFO ] Executing command '/opt/rekall/bin/pip --version' in directory '/home/sansforensics' # [DEBUG ] output: pip 9.0.1 from /opt/rekall/local/lib/python2.7/site-packages (python 2.7) # [INFO ] Executing command ['/opt/rekall/bin/pip', 'freeze', '--all'] in directory '/home/sansforensics' # [DEBUG ] stdout: acora==2.0 aff4-snappy==0.5 arrow==0.7.0 artifacts==20160114 backports.shutil-get-terminal-size==1.0.0 decorator==4.0.11 efilter==1!1.3 enum34==1.1.6 html5lib==0.999999999 intervaltree==2.1.0 ipaddr==2.1.11 ipython==5.4.1 ipython-genutils==0.2.0 isodate==0.5.4 pathlib2==2.3.0 pexpect==4.2.1 pickleshare==0.7.4 pip==9.0.1 pkg-resources==0.0.0 prompt-toolkit==1.0.14 psutil==4.4.2 ptyprocess==0.5.2 pyaff4==0.24.post3 pycrypto==2.6.1 pyelftools==0.24 Pygments==2.2.0 pyparsing==2.1.5 python-dateutil==2.5.3 pytsk3==20160721 pytz==2016.4 PyYAML==3.11 rdflib==4.2.1 readline==6.2.4.1 rekall==1.6.0 rekall-capstone==3.0.4.post2 rekall-core==1.6.0 rekall-yara==3.4.0.1 scandir==1.5 setuptools==36.0.1 simplegeneric==0.8.1 six==1.10.0 sortedcontainers==1.4.4 SPARQLWrapper==1.8.0 traitlets==4.3.2 wcwidth==0.1.7 webencodings==0.5.1 wheel==0.30.0a0 # [DEBUG ] stderr: The directory '/home/sansforensics/.cache/pip/http' or its parent directory is not owned by the current user and the cache has been disabled. Please check the permissions and owner of that directory. If executing pip with sudo, you may want sudo's -H flag. # [DEBUG ] CLEANUP_REQUIREMENTS: [] # [DEBUG ] TRY BLOCK: end of pip.install -- cmd: ['/opt/rekall/bin/pip', 'install'], cmd_kwargs: {'runas': None, 'use_vt': False, 'saltenv': 'base', 'env': {'VIRTUAL_ENV': '/opt/rekall'}} # [INFO ] Executing command ['/opt/rekall/bin/pip', 'install'] in directory '/home/sansforensics' # [DEBUG ] stderr: The directory '/home/sansforensics/.cache/pip/http' or its parent directory is not owned by the current user and the cache has been disabled. Please check the permissions and owner of that directory. If executing pip with sudo, you may want sudo's -H flag. The directory '/home/sansforensics/.cache/pip' or its parent directory is not owned by the current user and caching wheels has been disabled. check the permissions and owner of that directory. If executing pip with sudo, you may want sudo's -H flag. You must give at least one requirement to install (see "pip help install") # [INFO ] Python package rekall was already installed All packages were successfully installed # [INFO ] Completed state [rekall] at time 14:16:33.750051 duration_in_ms=1351.378 # [INFO ] Running state [six] at time 14:16:33.752915 # [INFO ] Executing state pip.installed for [six] # [DEBUG ] Installed pip version: 9.0.1 # [INFO ] Executing command '/usr/local/bin/pip2.7 --version' in directory '/home/sansforensics' # [DEBUG ] output: pip 9.0.1 from /usr/local/lib/python2.7/dist-packages (python 2.7) # [INFO ] Executing command ['/usr/local/bin/pip2.7', 'freeze', '--all'] in directory '/home/sansforensics' # [DEBUG ] stdout: adium-theme-ubuntu==0.3.4 alembic==0.9.3 amqp==2.1.4 analyzeMFT==2.0.19 aniso8601==1.2.1 apsw==3.8.11.1.post1 artifacts==20161022 bcrypt==3.1.3 bencode==1.0 billiard==3.5.0.2 binplist==0.1.5 bitstring==3.1.5 blinker==1.4 celery==4.0.2 cffi==1.10.0 CFPropertyList==0.0.1 click==6.7 colorama==0.3.9 construct==2.5.3 coverage==4.4.1 cybox==2.1.0.14 decorator==4.0.6 dfdatetime==20161101 dfvfs==20160108 dfwinreg==20160428 distorm3==3.3.4 dnspython==1.12.0 docopt==0.6.2 dpapick==0.3 dpkt==1.8 DSV==1.4.1 dumbnet==1.12 ecdsa==0.13 efilter==1!1.5 elasticsearch==5.4.0 enum34==1.1.6 Flask==0.12.2 Flask-Bcrypt==0.7.1 Flask-Login==0.4.0 Flask-Migrate==2.0.4 Flask-RESTful==0.3.6 Flask-Script==2.0.5 Flask-SQLAlchemy==2.2 Flask-WTF==0.14.2 flowgrep==0.9 funcsigs==0.4 fuse-python==0.2.1 future==0.16.0 futures==3.0.5 geoip2==2.5.0 hachoir-core==1.3.3 hachoir-metadata==1.3.3 hachoir-parser==1.3.4 haystack==0.42 hexdump==3.3 ioc-writer==0.3.3 ipaddress==1.0.18 ipython==2.4.1 itsdangerous==0.24 Jinja2==2.8 kombu==4.0.2 lxml==3.8.0 M2Crypto==0.26.0 Mako==1.0.3 MarkupSafe==0.23 maxminddb==1.3.0 mixbox==1.0.2 mock==1.3.0 msgpack-python==0.4.6 ntdsxtract==1.2b0 ordered-set==2.0.2 ordereddict==1.1 paramiko==1.16.0 pbr==1.8.0 pefile==2017.9.3 pexpect==4.0.1 pip==9.0.1 plaso==1.4.0 protobuf==2.6.1 psutil==4.3.1 ptyprocess==0.5 py==1.4.34 pyasn1==0.3.4 pycoin==0.77 pycparser==2.18 pycrypto==2.6.1 pycurl==7.43.0 PyMySQL==0.7.2 pynids==0.6.1 pyparsing==2.1.5 pyserial==3.0.1 PySocks==1.6.7 pytest==3.1.3 pytest-cov==2.5.1 python-apt==1.1.0b1 python-dateutil==2.5.3 python-editor==1.0.3 python-evtx==0.6.0 python-magic==0.4.13 python-ptrace==0.9.2 python-registry==1.0.4 python-systemd==231 pytsk3==20160721 pytz==2016.6.1 PyYAML==3.11 pyzmq==16.0.0 redis==2.10.5 requests==2.11.1 salt==2017.7.1 setuptools==36.4.0 simplegeneric==0.8.1 simplejson==3.11.1 six==1.10.0 SQLAlchemy==1.1.11 stix==1.2.0.4 stix-validator==2.5.0 timesketch==2016.11 tornado==4.2.1 typing==3.6.2 unicodecsv==0.14.1 unity-lens-photos==1.0 usnparser==4.0.3 vine==1.1.3 virtualenv==15.0.1 virustotal-api==1.1.7 volatility==2.6 weakrefmethod==1.0.3 Werkzeug==0.12.2 wheel==0.29.0 windowsprefetch==3.0.5 WTForms==2.1 wxPython==3.0.2.0 wxPython-common==3.0.2.0 xdot==0.6 xlrd==1.0.0 XlsxWriter==0.9.3 yara-python==3.6.3 # [DEBUG ] stderr: The directory '/home/sansforensics/.cache/pip/http' or its parent directory is not owned by the current user and the cache has been disabled. Please check the permissions and owner of that directory. If executing pip with sudo, you may want sudo's -H flag. # [DEBUG ] CLEANUP_REQUIREMENTS: [] # [DEBUG ] TRY BLOCK: end of pip.install -- cmd: ['/usr/local/bin/pip2.7', 'install'], cmd_kwargs: {'runas': None, 'use_vt': False, 'saltenv': 'base'} # [INFO ] Executing command ['/usr/local/bin/pip2.7', 'install'] in directory '/home/sansforensics' # [DEBUG ] stderr: The directory '/home/sansforensics/.cache/pip/http' or its parent directory is not owned by the current user and the cache has been disabled. Please check the permissions and owner of that directory. If executing pip with sudo, you may want sudo's -H flag. The directory '/home/sansforensics/.cache/pip' or its parent directory is not owned by the current user and caching wheels has been disabled. check the permissions and owner of that directory. If executing pip with sudo, you may want sudo's -H flag. You must give at least one requirement to install (see "pip help install") # [INFO ] Python package six was already installed All packages were successfully installed # [INFO ] Completed state [six] at time 14:16:35.763427 duration_in_ms=2010.512 # [INFO ] Running state [stix] at time 14:16:35.768668 # [INFO ] Executing state pip.installed for [stix] # [DEBUG ] Installed pip version: 9.0.1 # [INFO ] Executing command '/usr/local/bin/pip2.7 --version' in directory '/home/sansforensics' # [DEBUG ] output: pip 9.0.1 from /usr/local/lib/python2.7/dist-packages (python 2.7) # [INFO ] Executing command ['/usr/local/bin/pip2.7', 'freeze', '--all'] in directory '/home/sansforensics' # [DEBUG ] stdout: adium-theme-ubuntu==0.3.4 alembic==0.9.3 amqp==2.1.4 analyzeMFT==2.0.19 aniso8601==1.2.1 apsw==3.8.11.1.post1 artifacts==20161022 bcrypt==3.1.3 bencode==1.0 billiard==3.5.0.2 binplist==0.1.5 bitstring==3.1.5 blinker==1.4 celery==4.0.2 cffi==1.10.0 CFPropertyList==0.0.1 click==6.7 colorama==0.3.9 construct==2.5.3 coverage==4.4.1 cybox==2.1.0.14 decorator==4.0.6 dfdatetime==20161101 dfvfs==20160108 dfwinreg==20160428 distorm3==3.3.4 dnspython==1.12.0 docopt==0.6.2 dpapick==0.3 dpkt==1.8 DSV==1.4.1 dumbnet==1.12 ecdsa==0.13 efilter==1!1.5 elasticsearch==5.4.0 enum34==1.1.6 Flask==0.12.2 Flask-Bcrypt==0.7.1 Flask-Login==0.4.0 Flask-Migrate==2.0.4 Flask-RESTful==0.3.6 Flask-Script==2.0.5 Flask-SQLAlchemy==2.2 Flask-WTF==0.14.2 flowgrep==0.9 funcsigs==0.4 fuse-python==0.2.1 future==0.16.0 futures==3.0.5 geoip2==2.5.0 hachoir-core==1.3.3 hachoir-metadata==1.3.3 hachoir-parser==1.3.4 haystack==0.42 hexdump==3.3 ioc-writer==0.3.3 ipaddress==1.0.18 ipython==2.4.1 itsdangerous==0.24 Jinja2==2.8 kombu==4.0.2 lxml==3.8.0 M2Crypto==0.26.0 Mako==1.0.3 MarkupSafe==0.23 maxminddb==1.3.0 mixbox==1.0.2 mock==1.3.0 msgpack-python==0.4.6 ntdsxtract==1.2b0 ordered-set==2.0.2 ordereddict==1.1 paramiko==1.16.0 pbr==1.8.0 pefile==2017.9.3 pexpect==4.0.1 pip==9.0.1 plaso==1.4.0 protobuf==2.6.1 psutil==4.3.1 ptyprocess==0.5 py==1.4.34 pyasn1==0.3.4 pycoin==0.77 pycparser==2.18 pycrypto==2.6.1 pycurl==7.43.0 PyMySQL==0.7.2 pynids==0.6.1 pyparsing==2.1.5 pyserial==3.0.1 PySocks==1.6.7 pytest==3.1.3 pytest-cov==2.5.1 python-apt==1.1.0b1 python-dateutil==2.5.3 python-editor==1.0.3 python-evtx==0.6.0 python-magic==0.4.13 python-ptrace==0.9.2 python-registry==1.0.4 python-systemd==231 pytsk3==20160721 pytz==2016.6.1 PyYAML==3.11 pyzmq==16.0.0 redis==2.10.5 requests==2.11.1 salt==2017.7.1 setuptools==36.4.0 simplegeneric==0.8.1 simplejson==3.11.1 six==1.10.0 SQLAlchemy==1.1.11 stix==1.2.0.4 stix-validator==2.5.0 timesketch==2016.11 tornado==4.2.1 typing==3.6.2 unicodecsv==0.14.1 unity-lens-photos==1.0 usnparser==4.0.3 vine==1.1.3 virtualenv==15.0.1 virustotal-api==1.1.7 volatility==2.6 weakrefmethod==1.0.3 Werkzeug==0.12.2 wheel==0.29.0 windowsprefetch==3.0.5 WTForms==2.1 wxPython==3.0.2.0 wxPython-common==3.0.2.0 xdot==0.6 xlrd==1.0.0 XlsxWriter==0.9.3 yara-python==3.6.3 # [DEBUG ] stderr: The directory '/home/sansforensics/.cache/pip/http' or its parent directory is not owned by the current user and the cache has been disabled. Please check the permissions and owner of that directory. If executing pip with sudo, you may want sudo's -H flag. # [DEBUG ] CLEANUP_REQUIREMENTS: [] # [DEBUG ] TRY BLOCK: end of pip.install -- cmd: ['/usr/local/bin/pip2.7', 'install'], cmd_kwargs: {'runas': None, 'use_vt': False, 'saltenv': 'base'} # [INFO ] Executing command ['/usr/local/bin/pip2.7', 'install'] in directory '/home/sansforensics' # [DEBUG ] stderr: The directory '/home/sansforensics/.cache/pip/http' or its parent directory is not owned by the current user and the cache has been disabled. Please check the permissions and owner of that directory. If executing pip with sudo, you may want sudo's -H flag. The directory '/home/sansforensics/.cache/pip' or its parent directory is not owned by the current user and caching wheels has been disabled. check the permissions and owner of that directory. If executing pip with sudo, you may want sudo's -H flag. You must give at least one requirement to install (see "pip help install") # [INFO ] Python package stix was already installed All packages were successfully installed # [INFO ] Completed state [stix] at time 14:16:37.677416 duration_in_ms=1908.749 # [INFO ] Running state [stix-validator] at time 14:16:37.682751 # [INFO ] Executing state pip.installed for [stix-validator] # [DEBUG ] Installed pip version: 9.0.1 # [INFO ] Executing command '/usr/local/bin/pip2.7 --version' in directory '/home/sansforensics' # [DEBUG ] output: pip 9.0.1 from /usr/local/lib/python2.7/dist-packages (python 2.7) # [INFO ] Executing command ['/usr/local/bin/pip2.7', 'freeze', '--all'] in directory '/home/sansforensics' # [DEBUG ] stdout: adium-theme-ubuntu==0.3.4 alembic==0.9.3 amqp==2.1.4 analyzeMFT==2.0.19 aniso8601==1.2.1 apsw==3.8.11.1.post1 artifacts==20161022 bcrypt==3.1.3 bencode==1.0 billiard==3.5.0.2 binplist==0.1.5 bitstring==3.1.5 blinker==1.4 celery==4.0.2 cffi==1.10.0 CFPropertyList==0.0.1 click==6.7 colorama==0.3.9 construct==2.5.3 coverage==4.4.1 cybox==2.1.0.14 decorator==4.0.6 dfdatetime==20161101 dfvfs==20160108 dfwinreg==20160428 distorm3==3.3.4 dnspython==1.12.0 docopt==0.6.2 dpapick==0.3 dpkt==1.8 DSV==1.4.1 dumbnet==1.12 ecdsa==0.13 efilter==1!1.5 elasticsearch==5.4.0 enum34==1.1.6 Flask==0.12.2 Flask-Bcrypt==0.7.1 Flask-Login==0.4.0 Flask-Migrate==2.0.4 Flask-RESTful==0.3.6 Flask-Script==2.0.5 Flask-SQLAlchemy==2.2 Flask-WTF==0.14.2 flowgrep==0.9 funcsigs==0.4 fuse-python==0.2.1 future==0.16.0 futures==3.0.5 geoip2==2.5.0 hachoir-core==1.3.3 hachoir-metadata==1.3.3 hachoir-parser==1.3.4 haystack==0.42 hexdump==3.3 ioc-writer==0.3.3 ipaddress==1.0.18 ipython==2.4.1 itsdangerous==0.24 Jinja2==2.8 kombu==4.0.2 lxml==3.8.0 M2Crypto==0.26.0 Mako==1.0.3 MarkupSafe==0.23 maxminddb==1.3.0 mixbox==1.0.2 mock==1.3.0 msgpack-python==0.4.6 ntdsxtract==1.2b0 ordered-set==2.0.2 ordereddict==1.1 paramiko==1.16.0 pbr==1.8.0 pefile==2017.9.3 pexpect==4.0.1 pip==9.0.1 plaso==1.4.0 protobuf==2.6.1 psutil==4.3.1 ptyprocess==0.5 py==1.4.34 pyasn1==0.3.4 pycoin==0.77 pycparser==2.18 pycrypto==2.6.1 pycurl==7.43.0 PyMySQL==0.7.2 pynids==0.6.1 pyparsing==2.1.5 pyserial==3.0.1 PySocks==1.6.7 pytest==3.1.3 pytest-cov==2.5.1 python-apt==1.1.0b1 python-dateutil==2.5.3 python-editor==1.0.3 python-evtx==0.6.0 python-magic==0.4.13 python-ptrace==0.9.2 python-registry==1.0.4 python-systemd==231 pytsk3==20160721 pytz==2016.6.1 PyYAML==3.11 pyzmq==16.0.0 redis==2.10.5 requests==2.11.1 salt==2017.7.1 setuptools==36.4.0 simplegeneric==0.8.1 simplejson==3.11.1 six==1.10.0 SQLAlchemy==1.1.11 stix==1.2.0.4 stix-validator==2.5.0 timesketch==2016.11 tornado==4.2.1 typing==3.6.2 unicodecsv==0.14.1 unity-lens-photos==1.0 usnparser==4.0.3 vine==1.1.3 virtualenv==15.0.1 virustotal-api==1.1.7 volatility==2.6 weakrefmethod==1.0.3 Werkzeug==0.12.2 wheel==0.29.0 windowsprefetch==3.0.5 WTForms==2.1 wxPython==3.0.2.0 wxPython-common==3.0.2.0 xdot==0.6 xlrd==1.0.0 XlsxWriter==0.9.3 yara-python==3.6.3 # [DEBUG ] stderr: The directory '/home/sansforensics/.cache/pip/http' or its parent directory is not owned by the current user and the cache has been disabled. Please check the permissions and owner of that directory. If executing pip with sudo, you may want sudo's -H flag. # [DEBUG ] CLEANUP_REQUIREMENTS: [] # [DEBUG ] TRY BLOCK: end of pip.install -- cmd: ['/usr/local/bin/pip2.7', 'install'], cmd_kwargs: {'runas': None, 'use_vt': False, 'saltenv': 'base'} # [INFO ] Executing command ['/usr/local/bin/pip2.7', 'install'] in directory '/home/sansforensics' # [DEBUG ] stderr: The directory '/home/sansforensics/.cache/pip/http' or its parent directory is not owned by the current user and the cache has been disabled. Please check the permissions and owner of that directory. If executing pip with sudo, you may want sudo's -H flag. The directory '/home/sansforensics/.cache/pip' or its parent directory is not owned by the current user and caching wheels has been disabled. check the permissions and owner of that directory. If executing pip with sudo, you may want sudo's -H flag. You must give at least one requirement to install (see "pip help install") # [INFO ] Python package stix-validator was already installed All packages were successfully installed # [INFO ] Completed state [stix-validator] at time 14:16:39.752961 duration_in_ms=2070.209 # [INFO ] Running state [timesketch] at time 14:16:39.762463 # [INFO ] Executing state pip.installed for [timesketch] # [DEBUG ] Installed pip version: 9.0.1 # [INFO ] Executing command '/usr/local/bin/pip2.7 --version' in directory '/home/sansforensics' # [DEBUG ] output: pip 9.0.1 from /usr/local/lib/python2.7/dist-packages (python 2.7) # [INFO ] Executing command ['/usr/local/bin/pip2.7', 'freeze', '--all'] in directory '/home/sansforensics' # [DEBUG ] stdout: adium-theme-ubuntu==0.3.4 alembic==0.9.3 amqp==2.1.4 analyzeMFT==2.0.19 aniso8601==1.2.1 apsw==3.8.11.1.post1 artifacts==20161022 bcrypt==3.1.3 bencode==1.0 billiard==3.5.0.2 binplist==0.1.5 bitstring==3.1.5 blinker==1.4 celery==4.0.2 cffi==1.10.0 CFPropertyList==0.0.1 click==6.7 colorama==0.3.9 construct==2.5.3 coverage==4.4.1 cybox==2.1.0.14 decorator==4.0.6 dfdatetime==20161101 dfvfs==20160108 dfwinreg==20160428 distorm3==3.3.4 dnspython==1.12.0 docopt==0.6.2 dpapick==0.3 dpkt==1.8 DSV==1.4.1 dumbnet==1.12 ecdsa==0.13 efilter==1!1.5 elasticsearch==5.4.0 enum34==1.1.6 Flask==0.12.2 Flask-Bcrypt==0.7.1 Flask-Login==0.4.0 Flask-Migrate==2.0.4 Flask-RESTful==0.3.6 Flask-Script==2.0.5 Flask-SQLAlchemy==2.2 Flask-WTF==0.14.2 flowgrep==0.9 funcsigs==0.4 fuse-python==0.2.1 future==0.16.0 futures==3.0.5 geoip2==2.5.0 hachoir-core==1.3.3 hachoir-metadata==1.3.3 hachoir-parser==1.3.4 haystack==0.42 hexdump==3.3 ioc-writer==0.3.3 ipaddress==1.0.18 ipython==2.4.1 itsdangerous==0.24 Jinja2==2.8 kombu==4.0.2 lxml==3.8.0 M2Crypto==0.26.0 Mako==1.0.3 MarkupSafe==0.23 maxminddb==1.3.0 mixbox==1.0.2 mock==1.3.0 msgpack-python==0.4.6 ntdsxtract==1.2b0 ordered-set==2.0.2 ordereddict==1.1 paramiko==1.16.0 pbr==1.8.0 pefile==2017.9.3 pexpect==4.0.1 pip==9.0.1 plaso==1.4.0 protobuf==2.6.1 psutil==4.3.1 ptyprocess==0.5 py==1.4.34 pyasn1==0.3.4 pycoin==0.77 pycparser==2.18 pycrypto==2.6.1 pycurl==7.43.0 PyMySQL==0.7.2 pynids==0.6.1 pyparsing==2.1.5 pyserial==3.0.1 PySocks==1.6.7 pytest==3.1.3 pytest-cov==2.5.1 python-apt==1.1.0b1 python-dateutil==2.5.3 python-editor==1.0.3 python-evtx==0.6.0 python-magic==0.4.13 python-ptrace==0.9.2 python-registry==1.0.4 python-systemd==231 pytsk3==20160721 pytz==2016.6.1 PyYAML==3.11 pyzmq==16.0.0 redis==2.10.5 requests==2.11.1 salt==2017.7.1 setuptools==36.4.0 simplegeneric==0.8.1 simplejson==3.11.1 six==1.10.0 SQLAlchemy==1.1.11 stix==1.2.0.4 stix-validator==2.5.0 timesketch==2016.11 tornado==4.2.1 typing==3.6.2 unicodecsv==0.14.1 unity-lens-photos==1.0 usnparser==4.0.3 vine==1.1.3 virtualenv==15.0.1 virustotal-api==1.1.7 volatility==2.6 weakrefmethod==1.0.3 Werkzeug==0.12.2 wheel==0.29.0 windowsprefetch==3.0.5 WTForms==2.1 wxPython==3.0.2.0 wxPython-common==3.0.2.0 xdot==0.6 xlrd==1.0.0 XlsxWriter==0.9.3 yara-python==3.6.3 # [DEBUG ] stderr: The directory '/home/sansforensics/.cache/pip/http' or its parent directory is not owned by the current user and the cache has been disabled. Please check the permissions and owner of that directory. If executing pip with sudo, you may want sudo's -H flag. # [DEBUG ] CLEANUP_REQUIREMENTS: [] # [DEBUG ] TRY BLOCK: end of pip.install -- cmd: ['/usr/local/bin/pip2.7', 'install'], cmd_kwargs: {'runas': None, 'use_vt': False, 'saltenv': 'base'} # [INFO ] Executing command ['/usr/local/bin/pip2.7', 'install'] in directory '/home/sansforensics' # [DEBUG ] stderr: The directory '/home/sansforensics/.cache/pip/http' or its parent directory is not owned by the current user and the cache has been disabled. Please check the permissions and owner of that directory. If executing pip with sudo, you may want sudo's -H flag. The directory '/home/sansforensics/.cache/pip' or its parent directory is not owned by the current user and caching wheels has been disabled. check the permissions and owner of that directory. If executing pip with sudo, you may want sudo's -H flag. You must give at least one requirement to install (see "pip help install") # [INFO ] Python package timesketch was already installed All packages were successfully installed # [INFO ] Completed state [timesketch] at time 14:16:41.610009 duration_in_ms=1847.546 # [INFO ] Running state [unicodecsv] at time 14:16:41.612822 # [INFO ] Executing state pip.installed for [unicodecsv] # [DEBUG ] Installed pip version: 9.0.1 # [INFO ] Executing command '/usr/local/bin/pip2.7 --version' in directory '/home/sansforensics' # [DEBUG ] output: pip 9.0.1 from /usr/local/lib/python2.7/dist-packages (python 2.7) # [INFO ] Executing command ['/usr/local/bin/pip2.7', 'freeze', '--all'] in directory '/home/sansforensics' # [DEBUG ] stdout: adium-theme-ubuntu==0.3.4 alembic==0.9.3 amqp==2.1.4 analyzeMFT==2.0.19 aniso8601==1.2.1 apsw==3.8.11.1.post1 artifacts==20161022 bcrypt==3.1.3 bencode==1.0 billiard==3.5.0.2 binplist==0.1.5 bitstring==3.1.5 blinker==1.4 celery==4.0.2 cffi==1.10.0 CFPropertyList==0.0.1 click==6.7 colorama==0.3.9 construct==2.5.3 coverage==4.4.1 cybox==2.1.0.14 decorator==4.0.6 dfdatetime==20161101 dfvfs==20160108 dfwinreg==20160428 distorm3==3.3.4 dnspython==1.12.0 docopt==0.6.2 dpapick==0.3 dpkt==1.8 DSV==1.4.1 dumbnet==1.12 ecdsa==0.13 efilter==1!1.5 elasticsearch==5.4.0 enum34==1.1.6 Flask==0.12.2 Flask-Bcrypt==0.7.1 Flask-Login==0.4.0 Flask-Migrate==2.0.4 Flask-RESTful==0.3.6 Flask-Script==2.0.5 Flask-SQLAlchemy==2.2 Flask-WTF==0.14.2 flowgrep==0.9 funcsigs==0.4 fuse-python==0.2.1 future==0.16.0 futures==3.0.5 geoip2==2.5.0 hachoir-core==1.3.3 hachoir-metadata==1.3.3 hachoir-parser==1.3.4 haystack==0.42 hexdump==3.3 ioc-writer==0.3.3 ipaddress==1.0.18 ipython==2.4.1 itsdangerous==0.24 Jinja2==2.8 kombu==4.0.2 lxml==3.8.0 M2Crypto==0.26.0 Mako==1.0.3 MarkupSafe==0.23 maxminddb==1.3.0 mixbox==1.0.2 mock==1.3.0 msgpack-python==0.4.6 ntdsxtract==1.2b0 ordered-set==2.0.2 ordereddict==1.1 paramiko==1.16.0 pbr==1.8.0 pefile==2017.9.3 pexpect==4.0.1 pip==9.0.1 plaso==1.4.0 protobuf==2.6.1 psutil==4.3.1 ptyprocess==0.5 py==1.4.34 pyasn1==0.3.4 pycoin==0.77 pycparser==2.18 pycrypto==2.6.1 pycurl==7.43.0 PyMySQL==0.7.2 pynids==0.6.1 pyparsing==2.1.5 pyserial==3.0.1 PySocks==1.6.7 pytest==3.1.3 pytest-cov==2.5.1 python-apt==1.1.0b1 python-dateutil==2.5.3 python-editor==1.0.3 python-evtx==0.6.0 python-magic==0.4.13 python-ptrace==0.9.2 python-registry==1.0.4 python-systemd==231 pytsk3==20160721 pytz==2016.6.1 PyYAML==3.11 pyzmq==16.0.0 redis==2.10.5 requests==2.11.1 salt==2017.7.1 setuptools==36.4.0 simplegeneric==0.8.1 simplejson==3.11.1 six==1.10.0 SQLAlchemy==1.1.11 stix==1.2.0.4 stix-validator==2.5.0 timesketch==2016.11 tornado==4.2.1 typing==3.6.2 unicodecsv==0.14.1 unity-lens-photos==1.0 usnparser==4.0.3 vine==1.1.3 virtualenv==15.0.1 virustotal-api==1.1.7 volatility==2.6 weakrefmethod==1.0.3 Werkzeug==0.12.2 wheel==0.29.0 windowsprefetch==3.0.5 WTForms==2.1 wxPython==3.0.2.0 wxPython-common==3.0.2.0 xdot==0.6 xlrd==1.0.0 XlsxWriter==0.9.3 yara-python==3.6.3 # [DEBUG ] stderr: The directory '/home/sansforensics/.cache/pip/http' or its parent directory is not owned by the current user and the cache has been disabled. Please check the permissions and owner of that directory. If executing pip with sudo, you may want sudo's -H flag. # [DEBUG ] CLEANUP_REQUIREMENTS: [] # [DEBUG ] TRY BLOCK: end of pip.install -- cmd: ['/usr/local/bin/pip2.7', 'install'], cmd_kwargs: {'runas': None, 'use_vt': False, 'saltenv': 'base'} # [INFO ] Executing command ['/usr/local/bin/pip2.7', 'install'] in directory '/home/sansforensics' # [DEBUG ] stderr: The directory '/home/sansforensics/.cache/pip/http' or its parent directory is not owned by the current user and the cache has been disabled. Please check the permissions and owner of that directory. If executing pip with sudo, you may want sudo's -H flag. The directory '/home/sansforensics/.cache/pip' or its parent directory is not owned by the current user and caching wheels has been disabled. check the permissions and owner of that directory. If executing pip with sudo, you may want sudo's -H flag. You must give at least one requirement to install (see "pip help install") # [INFO ] Python package unicodecsv was already installed All packages were successfully installed # [INFO ] Completed state [unicodecsv] at time 14:16:43.517286 duration_in_ms=1904.464 # [INFO ] Running state [usnparser] at time 14:16:43.520391 # [INFO ] Executing state pip.installed for [usnparser] # [DEBUG ] Installed pip version: 9.0.1 # [INFO ] Executing command '/usr/local/bin/pip2.7 --version' in directory '/home/sansforensics' # [DEBUG ] output: pip 9.0.1 from /usr/local/lib/python2.7/dist-packages (python 2.7) # [INFO ] Executing command ['/usr/local/bin/pip2.7', 'freeze', '--all'] in directory '/home/sansforensics' # [DEBUG ] stdout: adium-theme-ubuntu==0.3.4 alembic==0.9.3 amqp==2.1.4 analyzeMFT==2.0.19 aniso8601==1.2.1 apsw==3.8.11.1.post1 artifacts==20161022 bcrypt==3.1.3 bencode==1.0 billiard==3.5.0.2 binplist==0.1.5 bitstring==3.1.5 blinker==1.4 celery==4.0.2 cffi==1.10.0 CFPropertyList==0.0.1 click==6.7 colorama==0.3.9 construct==2.5.3 coverage==4.4.1 cybox==2.1.0.14 decorator==4.0.6 dfdatetime==20161101 dfvfs==20160108 dfwinreg==20160428 distorm3==3.3.4 dnspython==1.12.0 docopt==0.6.2 dpapick==0.3 dpkt==1.8 DSV==1.4.1 dumbnet==1.12 ecdsa==0.13 efilter==1!1.5 elasticsearch==5.4.0 enum34==1.1.6 Flask==0.12.2 Flask-Bcrypt==0.7.1 Flask-Login==0.4.0 Flask-Migrate==2.0.4 Flask-RESTful==0.3.6 Flask-Script==2.0.5 Flask-SQLAlchemy==2.2 Flask-WTF==0.14.2 flowgrep==0.9 funcsigs==0.4 fuse-python==0.2.1 future==0.16.0 futures==3.0.5 geoip2==2.5.0 hachoir-core==1.3.3 hachoir-metadata==1.3.3 hachoir-parser==1.3.4 haystack==0.42 hexdump==3.3 ioc-writer==0.3.3 ipaddress==1.0.18 ipython==2.4.1 itsdangerous==0.24 Jinja2==2.8 kombu==4.0.2 lxml==3.8.0 M2Crypto==0.26.0 Mako==1.0.3 MarkupSafe==0.23 maxminddb==1.3.0 mixbox==1.0.2 mock==1.3.0 msgpack-python==0.4.6 ntdsxtract==1.2b0 ordered-set==2.0.2 ordereddict==1.1 paramiko==1.16.0 pbr==1.8.0 pefile==2017.9.3 pexpect==4.0.1 pip==9.0.1 plaso==1.4.0 protobuf==2.6.1 psutil==4.3.1 ptyprocess==0.5 py==1.4.34 pyasn1==0.3.4 pycoin==0.77 pycparser==2.18 pycrypto==2.6.1 pycurl==7.43.0 PyMySQL==0.7.2 pynids==0.6.1 pyparsing==2.1.5 pyserial==3.0.1 PySocks==1.6.7 pytest==3.1.3 pytest-cov==2.5.1 python-apt==1.1.0b1 python-dateutil==2.5.3 python-editor==1.0.3 python-evtx==0.6.0 python-magic==0.4.13 python-ptrace==0.9.2 python-registry==1.0.4 python-systemd==231 pytsk3==20160721 pytz==2016.6.1 PyYAML==3.11 pyzmq==16.0.0 redis==2.10.5 requests==2.11.1 salt==2017.7.1 setuptools==36.4.0 simplegeneric==0.8.1 simplejson==3.11.1 six==1.10.0 SQLAlchemy==1.1.11 stix==1.2.0.4 stix-validator==2.5.0 timesketch==2016.11 tornado==4.2.1 typing==3.6.2 unicodecsv==0.14.1 unity-lens-photos==1.0 usnparser==4.0.3 vine==1.1.3 virtualenv==15.0.1 virustotal-api==1.1.7 volatility==2.6 weakrefmethod==1.0.3 Werkzeug==0.12.2 wheel==0.29.0 windowsprefetch==3.0.5 WTForms==2.1 wxPython==3.0.2.0 wxPython-common==3.0.2.0 xdot==0.6 xlrd==1.0.0 XlsxWriter==0.9.3 yara-python==3.6.3 # [DEBUG ] stderr: The directory '/home/sansforensics/.cache/pip/http' or its parent directory is not owned by the current user and the cache has been disabled. Please check the permissions and owner of that directory. If executing pip with sudo, you may want sudo's -H flag. # [DEBUG ] CLEANUP_REQUIREMENTS: [] # [DEBUG ] TRY BLOCK: end of pip.install -- cmd: ['/usr/local/bin/pip2.7', 'install'], cmd_kwargs: {'runas': None, 'use_vt': False, 'saltenv': 'base'} # [INFO ] Executing command ['/usr/local/bin/pip2.7', 'install'] in directory '/home/sansforensics' # [DEBUG ] stderr: The directory '/home/sansforensics/.cache/pip/http' or its parent directory is not owned by the current user and the cache has been disabled. Please check the permissions and owner of that directory. If executing pip with sudo, you may want sudo's -H flag. The directory '/home/sansforensics/.cache/pip' or its parent directory is not owned by the current user and caching wheels has been disabled. check the permissions and owner of that directory. If executing pip with sudo, you may want sudo's -H flag. You must give at least one requirement to install (see "pip help install") # [INFO ] Python package usnparser was already installed All packages were successfully installed # [INFO ] Completed state [usnparser] at time 14:16:45.489962 duration_in_ms=1969.57 # [INFO ] Running state [virustotal-api] at time 14:16:45.492979 # [INFO ] Executing state pip.installed for [virustotal-api] # [DEBUG ] Installed pip version: 9.0.1 # [INFO ] Executing command '/usr/local/bin/pip2.7 --version' in directory '/home/sansforensics' # [DEBUG ] output: pip 9.0.1 from /usr/local/lib/python2.7/dist-packages (python 2.7) # [INFO ] Executing command ['/usr/local/bin/pip2.7', 'freeze', '--all'] in directory '/home/sansforensics' # [DEBUG ] stdout: adium-theme-ubuntu==0.3.4 alembic==0.9.3 amqp==2.1.4 analyzeMFT==2.0.19 aniso8601==1.2.1 apsw==3.8.11.1.post1 artifacts==20161022 bcrypt==3.1.3 bencode==1.0 billiard==3.5.0.2 binplist==0.1.5 bitstring==3.1.5 blinker==1.4 celery==4.0.2 cffi==1.10.0 CFPropertyList==0.0.1 click==6.7 colorama==0.3.9 construct==2.5.3 coverage==4.4.1 cybox==2.1.0.14 decorator==4.0.6 dfdatetime==20161101 dfvfs==20160108 dfwinreg==20160428 distorm3==3.3.4 dnspython==1.12.0 docopt==0.6.2 dpapick==0.3 dpkt==1.8 DSV==1.4.1 dumbnet==1.12 ecdsa==0.13 efilter==1!1.5 elasticsearch==5.4.0 enum34==1.1.6 Flask==0.12.2 Flask-Bcrypt==0.7.1 Flask-Login==0.4.0 Flask-Migrate==2.0.4 Flask-RESTful==0.3.6 Flask-Script==2.0.5 Flask-SQLAlchemy==2.2 Flask-WTF==0.14.2 flowgrep==0.9 funcsigs==0.4 fuse-python==0.2.1 future==0.16.0 futures==3.0.5 geoip2==2.5.0 hachoir-core==1.3.3 hachoir-metadata==1.3.3 hachoir-parser==1.3.4 haystack==0.42 hexdump==3.3 ioc-writer==0.3.3 ipaddress==1.0.18 ipython==2.4.1 itsdangerous==0.24 Jinja2==2.8 kombu==4.0.2 lxml==3.8.0 M2Crypto==0.26.0 Mako==1.0.3 MarkupSafe==0.23 maxminddb==1.3.0 mixbox==1.0.2 mock==1.3.0 msgpack-python==0.4.6 ntdsxtract==1.2b0 ordered-set==2.0.2 ordereddict==1.1 paramiko==1.16.0 pbr==1.8.0 pefile==2017.9.3 pexpect==4.0.1 pip==9.0.1 plaso==1.4.0 protobuf==2.6.1 psutil==4.3.1 ptyprocess==0.5 py==1.4.34 pyasn1==0.3.4 pycoin==0.77 pycparser==2.18 pycrypto==2.6.1 pycurl==7.43.0 PyMySQL==0.7.2 pynids==0.6.1 pyparsing==2.1.5 pyserial==3.0.1 PySocks==1.6.7 pytest==3.1.3 pytest-cov==2.5.1 python-apt==1.1.0b1 python-dateutil==2.5.3 python-editor==1.0.3 python-evtx==0.6.0 python-magic==0.4.13 python-ptrace==0.9.2 python-registry==1.0.4 python-systemd==231 pytsk3==20160721 pytz==2016.6.1 PyYAML==3.11 pyzmq==16.0.0 redis==2.10.5 requests==2.11.1 salt==2017.7.1 setuptools==36.4.0 simplegeneric==0.8.1 simplejson==3.11.1 six==1.10.0 SQLAlchemy==1.1.11 stix==1.2.0.4 stix-validator==2.5.0 timesketch==2016.11 tornado==4.2.1 typing==3.6.2 unicodecsv==0.14.1 unity-lens-photos==1.0 usnparser==4.0.3 vine==1.1.3 virtualenv==15.0.1 virustotal-api==1.1.7 volatility==2.6 weakrefmethod==1.0.3 Werkzeug==0.12.2 wheel==0.29.0 windowsprefetch==3.0.5 WTForms==2.1 wxPython==3.0.2.0 wxPython-common==3.0.2.0 xdot==0.6 xlrd==1.0.0 XlsxWriter==0.9.3 yara-python==3.6.3 # [DEBUG ] stderr: The directory '/home/sansforensics/.cache/pip/http' or its parent directory is not owned by the current user and the cache has been disabled. Please check the permissions and owner of that directory. If executing pip with sudo, you may want sudo's -H flag. # [DEBUG ] CLEANUP_REQUIREMENTS: [] # [DEBUG ] TRY BLOCK: end of pip.install -- cmd: ['/usr/local/bin/pip2.7', 'install'], cmd_kwargs: {'runas': None, 'use_vt': False, 'saltenv': 'base'} # [INFO ] Executing command ['/usr/local/bin/pip2.7', 'install'] in directory '/home/sansforensics' # [DEBUG ] stderr: The directory '/home/sansforensics/.cache/pip/http' or its parent directory is not owned by the current user and the cache has been disabled. Please check the permissions and owner of that directory. If executing pip with sudo, you may want sudo's -H flag. The directory '/home/sansforensics/.cache/pip' or its parent directory is not owned by the current user and caching wheels has been disabled. check the permissions and owner of that directory. If executing pip with sudo, you may want sudo's -H flag. You must give at least one requirement to install (see "pip help install") # [INFO ] Python package virustotal-api was already installed All packages were successfully installed # [INFO ] Completed state [virustotal-api] at time 14:16:47.449033 duration_in_ms=1956.052 # [INFO ] Running state [windowsprefetch] at time 14:16:47.453632 # [INFO ] Executing state pip.installed for [windowsprefetch] # [DEBUG ] Installed pip version: 9.0.1 # [INFO ] Executing command '/usr/local/bin/pip2.7 --version' in directory '/home/sansforensics' # [DEBUG ] output: pip 9.0.1 from /usr/local/lib/python2.7/dist-packages (python 2.7) # [INFO ] Executing command ['/usr/local/bin/pip2.7', 'freeze', '--all'] in directory '/home/sansforensics' # [DEBUG ] stdout: adium-theme-ubuntu==0.3.4 alembic==0.9.3 amqp==2.1.4 analyzeMFT==2.0.19 aniso8601==1.2.1 apsw==3.8.11.1.post1 artifacts==20161022 bcrypt==3.1.3 bencode==1.0 billiard==3.5.0.2 binplist==0.1.5 bitstring==3.1.5 blinker==1.4 celery==4.0.2 cffi==1.10.0 CFPropertyList==0.0.1 click==6.7 colorama==0.3.9 construct==2.5.3 coverage==4.4.1 cybox==2.1.0.14 decorator==4.0.6 dfdatetime==20161101 dfvfs==20160108 dfwinreg==20160428 distorm3==3.3.4 dnspython==1.12.0 docopt==0.6.2 dpapick==0.3 dpkt==1.8 DSV==1.4.1 dumbnet==1.12 ecdsa==0.13 efilter==1!1.5 elasticsearch==5.4.0 enum34==1.1.6 Flask==0.12.2 Flask-Bcrypt==0.7.1 Flask-Login==0.4.0 Flask-Migrate==2.0.4 Flask-RESTful==0.3.6 Flask-Script==2.0.5 Flask-SQLAlchemy==2.2 Flask-WTF==0.14.2 flowgrep==0.9 funcsigs==0.4 fuse-python==0.2.1 future==0.16.0 futures==3.0.5 geoip2==2.5.0 hachoir-core==1.3.3 hachoir-metadata==1.3.3 hachoir-parser==1.3.4 haystack==0.42 hexdump==3.3 ioc-writer==0.3.3 ipaddress==1.0.18 ipython==2.4.1 itsdangerous==0.24 Jinja2==2.8 kombu==4.0.2 lxml==3.8.0 M2Crypto==0.26.0 Mako==1.0.3 MarkupSafe==0.23 maxminddb==1.3.0 mixbox==1.0.2 mock==1.3.0 msgpack-python==0.4.6 ntdsxtract==1.2b0 ordered-set==2.0.2 ordereddict==1.1 paramiko==1.16.0 pbr==1.8.0 pefile==2017.9.3 pexpect==4.0.1 pip==9.0.1 plaso==1.4.0 protobuf==2.6.1 psutil==4.3.1 ptyprocess==0.5 py==1.4.34 pyasn1==0.3.4 pycoin==0.77 pycparser==2.18 pycrypto==2.6.1 pycurl==7.43.0 PyMySQL==0.7.2 pynids==0.6.1 pyparsing==2.1.5 pyserial==3.0.1 PySocks==1.6.7 pytest==3.1.3 pytest-cov==2.5.1 python-apt==1.1.0b1 python-dateutil==2.5.3 python-editor==1.0.3 python-evtx==0.6.0 python-magic==0.4.13 python-ptrace==0.9.2 python-registry==1.0.4 python-systemd==231 pytsk3==20160721 pytz==2016.6.1 PyYAML==3.11 pyzmq==16.0.0 redis==2.10.5 requests==2.11.1 salt==2017.7.1 setuptools==36.4.0 simplegeneric==0.8.1 simplejson==3.11.1 six==1.10.0 SQLAlchemy==1.1.11 stix==1.2.0.4 stix-validator==2.5.0 timesketch==2016.11 tornado==4.2.1 typing==3.6.2 unicodecsv==0.14.1 unity-lens-photos==1.0 usnparser==4.0.3 vine==1.1.3 virtualenv==15.0.1 virustotal-api==1.1.7 volatility==2.6 weakrefmethod==1.0.3 Werkzeug==0.12.2 wheel==0.29.0 windowsprefetch==3.0.5 WTForms==2.1 wxPython==3.0.2.0 wxPython-common==3.0.2.0 xdot==0.6 xlrd==1.0.0 XlsxWriter==0.9.3 yara-python==3.6.3 # [DEBUG ] stderr: The directory '/home/sansforensics/.cache/pip/http' or its parent directory is not owned by the current user and the cache has been disabled. Please check the permissions and owner of that directory. If executing pip with sudo, you may want sudo's -H flag. # [DEBUG ] CLEANUP_REQUIREMENTS: [] # [DEBUG ] TRY BLOCK: end of pip.install -- cmd: ['/usr/local/bin/pip2.7', 'install'], cmd_kwargs: {'runas': None, 'use_vt': False, 'saltenv': 'base'} # [INFO ] Executing command ['/usr/local/bin/pip2.7', 'install'] in directory '/home/sansforensics' # [DEBUG ] stderr: The directory '/home/sansforensics/.cache/pip/http' or its parent directory is not owned by the current user and the cache has been disabled. Please check the permissions and owner of that directory. If executing pip with sudo, you may want sudo's -H flag. The directory '/home/sansforensics/.cache/pip' or its parent directory is not owned by the current user and caching wheels has been disabled. check the permissions and owner of that directory. If executing pip with sudo, you may want sudo's -H flag. You must give at least one requirement to install (see "pip help install") # [INFO ] Python package windowsprefetch was already installed All packages were successfully installed # [INFO ] Completed state [windowsprefetch] at time 14:16:49.418614 duration_in_ms=1964.982 # [INFO ] Running state [sift-python-packages] at time 14:16:49.483143 # [INFO ] Executing state test.nop for [sift-python-packages] # [INFO ] Success! # [INFO ] Completed state [sift-python-packages] at time 14:16:49.483991 duration_in_ms=0.848 # [DEBUG ] LazyLoaded archive.extracted # [INFO ] Running state [/usr/local/src/densityscout/densityscout_build_45_linux] at time 14:16:49.485123 # [INFO ] Executing state archive.extracted for [/usr/local/src/densityscout/densityscout_build_45_linux] # [DEBUG ] LazyLoaded file.managed # [DEBUG ] Requesting URL http://cert.at/static/downloads/software/densityscout/densityscout_build_45_linux.zip using GET method # [DEBUG ] file.managed: {'comment': 'File /var/cache/salt/minion/files/base/_static_downloads_software_densityscout_densityscout_build_45_linux.zip updated', 'pchanges': {}, 'changes': {'diff': 'New file', 'mode': '0644'}, 'name': '/var/cache/salt/minion/files/base/_static_downloads_software_densityscout_densityscout_build_45_linux.zip', 'result': True} # [DEBUG ] Checking http://cert.at/static/downloads/software/densityscout/densityscout_build_45_linux.zip to see if it is password-protected # [DEBUG ] Cleaning cached source file /var/cache/salt/minion/files/base/_static_downloads_software_densityscout_densityscout_build_45_linux.zip # [INFO ] /usr/local/bin/densityscout-build-45 exists # [INFO ] Completed state [/usr/local/src/densityscout/densityscout_build_45_linux] at time 14:16:49.823621 duration_in_ms=338.493 # [INFO ] Running state [/usr/local/bin/densityscout-build-45] at time 14:16:49.834288 # [INFO ] Executing state file.copy for [/usr/local/bin/densityscout-build-45] # [INFO ] The target file "/usr/local/bin/densityscout-build-45" exists and will not be overwritten # [INFO ] Completed state [/usr/local/bin/densityscout-build-45] at time 14:16:49.838180 duration_in_ms=3.892 # [INFO ] Running state [/usr/local/bin/densityscout] at time 14:16:49.847318 # [INFO ] Executing state file.symlink for [/usr/local/bin/densityscout] # [INFO ] Symlink /usr/local/bin/densityscout is present and owned by root:root # [INFO ] Completed state [/usr/local/bin/densityscout] at time 14:16:49.856632 duration_in_ms=9.314 # [INFO ] Running state [/usr/local/bin/sift] at time 14:16:49.857574 # [INFO ] Executing state file.managed for [/usr/local/bin/sift] # [DEBUG ] Requesting URL https://github.com/sans-dfir/sift-cli/releases/download/v1.5.1/sift-cli-linux using GET method # [INFO ] File /usr/local/bin/sift is in the correct state # [INFO ] Completed state [/usr/local/bin/sift] at time 14:17:18.933524 duration_in_ms=29075.954 # [INFO ] Running state [sift-tools] at time 14:17:18.936709 # [INFO ] Executing state test.nop for [sift-tools] # [INFO ] Success! # [INFO ] Completed state [sift-tools] at time 14:17:18.937239 duration_in_ms=0.53 # [DEBUG ] LazyLoaded git.latest # [INFO ] Running state [https://github.com/cheeky4n6monkey/4n6-scripts.git] at time 14:17:18.943085 # [INFO ] Executing state git.latest for [https://github.com/cheeky4n6monkey/4n6-scripts.git] # [INFO ] Checking remote revision for https://github.com/cheeky4n6monkey/4n6-scripts.git # [INFO ] Executing command ['git', 'ls-remote', 'https://github.com/cheeky4n6monkey/4n6-scripts.git'] as user 'root' in directory '/root' mesg: ttyname failed: Inappropriate ioctl for device # [DEBUG ] stdout: 0e19ada8e4334d18af095cc271a12b71b2baa3d1 HEAD 0e19ada8e4334d18af095cc271a12b71b2baa3d1 refs/heads/master 15d4884838e40a41ae2dc046e46cf9e823f65156 refs/pull/1/head # [INFO ] Executing command ['git', 'for-each-ref', '--format', '%(refname:short)', 'refs/heads/'] as user 'root' in directory '/usr/local/src/4n6-scripts' mesg: ttyname failed: Inappropriate ioctl for device # [DEBUG ] stdout: master # [INFO ] Executing command ['git', 'for-each-ref', '--format', '%(refname:short)', 'refs/tags/'] as user 'root' in directory '/usr/local/src/4n6-scripts' mesg: ttyname failed: Inappropriate ioctl for device # [INFO ] Checking local revision for /usr/local/src/4n6-scripts # [INFO ] Executing command ['git', 'rev-parse', 'HEAD'] as user 'root' in directory '/usr/local/src/4n6-scripts' mesg: ttyname failed: Inappropriate ioctl for device # [DEBUG ] stdout: 0e19ada8e4334d18af095cc271a12b71b2baa3d1 # [INFO ] Checking local branch for /usr/local/src/4n6-scripts # [INFO ] Executing command ['git', 'rev-parse', '--abbrev-ref', 'HEAD'] as user 'root' in directory '/usr/local/src/4n6-scripts' mesg: ttyname failed: Inappropriate ioctl for device # [DEBUG ] stdout: master # [INFO ] Executing command ['git', 'remote', '--verbose'] as user 'root' in directory '/usr/local/src/4n6-scripts' mesg: ttyname failed: Inappropriate ioctl for device # [DEBUG ] stdout: origin https://github.com/cheeky4n6monkey/4n6-scripts.git (fetch) origin https://github.com/cheeky4n6monkey/4n6-scripts.git (push) # [INFO ] Executing command ['git', 'diff', 'HEAD'] as user 'root' in directory '/usr/local/src/4n6-scripts' mesg: ttyname failed: Inappropriate ioctl for device # [INFO ] Executing command ['git', 'rev-parse', '0e19ada8e4334d18af095cc271a12b71b2baa3d1^{commit}'] as user 'root' in directory '/usr/local/src/4n6-scripts' mesg: ttyname failed: Inappropriate ioctl for device # [DEBUG ] stdout: 0e19ada8e4334d18af095cc271a12b71b2baa3d1 # [INFO ] Executing command ['git', 'rev-parse', 'origin/master'] as user 'root' in directory '/usr/local/src/4n6-scripts' mesg: ttyname failed: Inappropriate ioctl for device # [DEBUG ] stdout: 0e19ada8e4334d18af095cc271a12b71b2baa3d1 # [INFO ] Executing command ['git', 'merge-base', '--is-ancestor', '0e19ada8e4334d18af095cc271a12b71b2baa3d1', '0e19ada8e4334d18af095cc271a12b71b2baa3d1'] as user 'root' in directory '/usr/local/src/4n6-scripts' mesg: ttyname failed: Inappropriate ioctl for device # [INFO ] Executing command ['git', 'rev-parse', '--abbrev-ref', 'master@{upstream}'] as user 'root' in directory '/usr/local/src/4n6-scripts' mesg: ttyname failed: Inappropriate ioctl for device # [DEBUG ] stdout: origin/master # [INFO ] Executing command ['git', 'rev-parse', 'HEAD'] as user 'root' in directory '/usr/local/src/4n6-scripts' mesg: ttyname failed: Inappropriate ioctl for device # [DEBUG ] stdout: 0e19ada8e4334d18af095cc271a12b71b2baa3d1 # [INFO ] Repository /usr/local/src/4n6-scripts is up-to-date # [INFO ] Completed state [https://github.com/cheeky4n6monkey/4n6-scripts.git] at time 14:17:21.454999 duration_in_ms=2511.915 # [DEBUG ] LazyLoaded acme.cert # [DEBUG ] LazyLoaded at.at # [DEBUG ] Could not LazyLoad augeas.execute: 'augeas.execute' is not available. # [DEBUG ] LazyLoaded boto3_elasticache.cache_cluster_exists # [DEBUG ] LazyLoaded boto3_route53.find_hosted_zone # [DEBUG ] LazyLoaded boto_apigateway.describe_apis # [DEBUG ] LazyLoaded boto_asg.exists # [DEBUG ] LazyLoaded boto_cfn.exists # [DEBUG ] LazyLoaded boto_cloudtrail.exists # [DEBUG ] LazyLoaded boto_cloudwatch.get_alarm # [DEBUG ] LazyLoaded boto_cloudwatch_event.exists # [DEBUG ] LazyLoaded boto_cognitoidentity.describe_identity_pools # [DEBUG ] LazyLoaded boto_dynamodb.exists # [DEBUG ] LazyLoaded boto_ec2.get_key # [DEBUG ] LazyLoaded boto_elasticache.exists # [DEBUG ] LazyLoaded boto_elasticsearch_domain.exists # [DEBUG ] LazyLoaded boto_elb.exists # [DEBUG ] LazyLoaded boto_elbv2.target_group_exists # [DEBUG ] LazyLoaded boto_iam.get_user # [DEBUG ] LazyLoaded boto_iam.role_exists # [DEBUG ] LazyLoaded boto_iot.policy_exists # [DEBUG ] LazyLoaded boto_kinesis.exists # [DEBUG ] LazyLoaded boto_kms.describe_key # [DEBUG ] LazyLoaded boto_lambda.function_exists # [DEBUG ] LazyLoaded boto_asg.exists # [DEBUG ] LazyLoaded boto_rds.exists # [DEBUG ] LazyLoaded boto_route53.get_record # [DEBUG ] LazyLoaded boto_s3_bucket.exists # [DEBUG ] LazyLoaded boto_secgroup.exists # [DEBUG ] LazyLoaded boto_sns.exists # [DEBUG ] LazyLoaded boto_sqs.exists # [DEBUG ] LazyLoaded boto_vpc.exists # [DEBUG ] LazyLoaded bower.list # [DEBUG ] LazyLoaded chef.client # [DEBUG ] LazyLoaded chocolatey.install # [DEBUG ] LazyLoaded cisconso.set_data_value # [DEBUG ] LazyLoaded cyg.list # [DEBUG ] LazyLoaded chassis.cmd # [DEBUG ] Could not LazyLoad docker.version: 'docker.version' is not available. # [DEBUG ] Could not LazyLoad docker.version: 'docker.version' is not available. # [DEBUG ] Could not LazyLoad docker.version: 'docker.version' is not available. # [DEBUG ] Could not LazyLoad docker.version: 'docker.version' is not available. # [DEBUG ] Could not LazyLoad docker.version: 'docker.version' is not available. # [DEBUG ] LazyLoaded eselect.exec_action # [DEBUG ] LazyLoaded esxi.cmd # [DEBUG ] LazyLoaded github.list_users # [DEBUG ] LazyLoaded glusterfs.list_volumes # [DEBUG ] LazyLoaded elasticsearch.exists # [DEBUG ] LazyLoaded icinga2.generate_ticket # [DEBUG ] LazyLoaded ifttt.trigger_event # [DEBUG ] Could not LazyLoad influxdb08.db_exists: 'influxdb08.db_exists' is not available. # [DEBUG ] Could not LazyLoad influxdb08.db_exists: 'influxdb08.db_exists' is not available. # [DEBUG ] Could not LazyLoad influxdb.db_exists: 'influxdb.db_exists' is not available. # [DEBUG ] Could not LazyLoad influxdb.db_exists: 'influxdb.db_exists' is not available. # [DEBUG ] Could not LazyLoad influxdb.db_exists: 'influxdb.db_exists' is not available. # [DEBUG ] Could not LazyLoad influxdb.db_exists: 'influxdb.db_exists' is not available. # [DEBUG ] LazyLoaded ipset.version # [DEBUG ] LazyLoaded kapacitor.version # [DEBUG ] LazyLoaded keystone.auth # [DEBUG ] LazyLoaded kubernetes.ping # [DEBUG ] LazyLoaded layman.add # [DEBUG ] LazyLoaded lvs.get_rules # [DEBUG ] LazyLoaded lvs.get_rules # [DEBUG ] LazyLoaded makeconf.get_var # [DEBUG ] LazyLoaded memcached.status # [DEBUG ] LazyLoaded mongodb.user_exists # [DEBUG ] LazyLoaded monit.summary # [DEBUG ] LazyLoaded nftables.version # [DEBUG ] LazyLoaded npm.list # [DEBUG ] LazyLoaded nxos.cmd # [DEBUG ] LazyLoaded openvswitch.bridge_create # [DEBUG ] LazyLoaded openvswitch.port_add # [DEBUG ] LazyLoaded pecl.list # [DEBUG ] LazyLoaded portage_config.get_missing_flags # [DEBUG ] LazyLoaded postgres.cluster_exists # [DEBUG ] LazyLoaded postgres.user_exists # [DEBUG ] LazyLoaded postgres.create_extension # [DEBUG ] LazyLoaded postgres.group_create # [DEBUG ] LazyLoaded postgres.datadir_init # [DEBUG ] LazyLoaded postgres.language_create # [DEBUG ] LazyLoaded postgres.privileges_grant # [DEBUG ] LazyLoaded postgres.schema_exists # [DEBUG ] LazyLoaded postgres.tablespace_exists # [DEBUG ] LazyLoaded postgres.user_exists # [DEBUG ] LazyLoaded quota.report # [DEBUG ] Could not LazyLoad rbac.profile_list: 'rbac.profile_list' is not available. # [DEBUG ] LazyLoaded rdp.enable # [DEBUG ] LazyLoaded reg.read_value # [DEBUG ] LazyLoaded selinux.getenforce # [DEBUG ] Could not LazyLoad vmadm.create: 'vmadm.create' is not available. # [DEBUG ] LazyLoaded snapper.diff # [DEBUG ] LazyLoaded splunk.list_users # [DEBUG ] LazyLoaded splunk_search.get # [DEBUG ] LazyLoaded stormpath.create_account # [DEBUG ] LazyLoaded tls.cert_info # [DEBUG ] LazyLoaded tomcat.status # [DEBUG ] LazyLoaded trafficserver.set_config # [DEBUG ] LazyLoaded victorops.create_event # [DEBUG ] LazyLoaded virt.node_info # [DEBUG ] LazyLoaded win_dacl.add_ace # [DEBUG ] LazyLoaded win_dns_client.add_dns # [DEBUG ] Could not LazyLoad firewall.get_config: 'firewall.get_config' is not available. # [DEBUG ] LazyLoaded win_iis.create_site # [DEBUG ] Could not LazyLoad lgpo.set: 'lgpo.set' is not available. # [DEBUG ] LazyLoaded win_path.rehash # [DEBUG ] LazyLoaded win_pki.get_stores # [DEBUG ] LazyLoaded win_servermanager.install # [DEBUG ] LazyLoaded win_smtp_server.get_server_setting # [DEBUG ] LazyLoaded win_snmp.get_agent_settings # [DEBUG ] LazyLoaded xmpp.send_msg # [DEBUG ] LazyLoaded zabbix.host_create # [DEBUG ] LazyLoaded zabbix.hostgroup_create # [DEBUG ] LazyLoaded zabbix.mediatype_create # [DEBUG ] LazyLoaded zabbix.user_create # [DEBUG ] LazyLoaded zabbix.usergroup_create # [DEBUG ] LazyLoaded zk_concurrency.lock # [DEBUG ] LazyLoaded zonecfg.create # [DEBUG ] LazyLoaded zpool.create # [DEBUG ] Could not LazyLoad file.mod_watch: 'file.mod_watch' is not available. # [INFO ] Running state [/usr/local/bin/WP8_AppPerms.py] at time 14:17:21.634558 # [INFO ] Executing state file.copy for [/usr/local/bin/WP8_AppPerms.py] # [INFO ] The target file "/usr/local/bin/WP8_AppPerms.py" exists and will not be overwritten # [INFO ] Completed state [/usr/local/bin/WP8_AppPerms.py] at time 14:17:21.638866 duration_in_ms=4.308 # [DEBUG ] Could not LazyLoad file.mod_watch: 'file.mod_watch' is not available. # [INFO ] Running state [/usr/local/bin/bing-bar-parser.pl] at time 14:17:21.644459 # [INFO ] Executing state file.copy for [/usr/local/bin/bing-bar-parser.pl] # [INFO ] The target file "/usr/local/bin/bing-bar-parser.pl" exists and will not be overwritten # [INFO ] Completed state [/usr/local/bin/bing-bar-parser.pl] at time 14:17:21.645744 duration_in_ms=1.287 # [DEBUG ] Could not LazyLoad file.mod_watch: 'file.mod_watch' is not available. # [INFO ] Running state [/usr/local/bin/chunkymonkey.py] at time 14:17:21.650921 # [INFO ] Executing state file.copy for [/usr/local/bin/chunkymonkey.py] # [INFO ] The target file "/usr/local/bin/chunkymonkey.py" exists and will not be overwritten # [INFO ] Completed state [/usr/local/bin/chunkymonkey.py] at time 14:17:21.652208 duration_in_ms=1.287 # [DEBUG ] Could not LazyLoad file.mod_watch: 'file.mod_watch' is not available. # [INFO ] Running state [/usr/local/bin/dextract.def] at time 14:17:21.658504 # [INFO ] Executing state file.copy for [/usr/local/bin/dextract.def] # [INFO ] The target file "/usr/local/bin/dextract.def" exists and will not be overwritten # [INFO ] Completed state [/usr/local/bin/dextract.def] at time 14:17:21.659899 duration_in_ms=1.396 # [DEBUG ] Could not LazyLoad file.mod_watch: 'file.mod_watch' is not available. # [INFO ] Running state [/usr/local/bin/dextract.py] at time 14:17:21.665309 # [INFO ] Executing state file.copy for [/usr/local/bin/dextract.py] # [INFO ] The target file "/usr/local/bin/dextract.py" exists and will not be overwritten # [INFO ] Completed state [/usr/local/bin/dextract.py] at time 14:17:21.666888 duration_in_ms=1.58 # [DEBUG ] Could not LazyLoad file.mod_watch: 'file.mod_watch' is not available. # [INFO ] Running state [/usr/local/bin/docx-font-extractor.pl] at time 14:17:21.673032 # [INFO ] Executing state file.copy for [/usr/local/bin/docx-font-extractor.pl] # [INFO ] The target file "/usr/local/bin/docx-font-extractor.pl" exists and will not be overwritten # [INFO ] Completed state [/usr/local/bin/docx-font-extractor.pl] at time 14:17:21.675179 duration_in_ms=2.149 # [DEBUG ] Could not LazyLoad file.mod_watch: 'file.mod_watch' is not available. # [INFO ] Running state [/usr/local/bin/exif2map.pl] at time 14:17:21.680867 # [INFO ] Executing state file.copy for [/usr/local/bin/exif2map.pl] # [INFO ] The target file "/usr/local/bin/exif2map.pl" exists and will not be overwritten # [INFO ] Completed state [/usr/local/bin/exif2map.pl] at time 14:17:21.682232 duration_in_ms=1.366 # [DEBUG ] Could not LazyLoad file.mod_watch: 'file.mod_watch' is not available. # [INFO ] Running state [/usr/local/bin/fbmsg-extractor.py] at time 14:17:21.688041 # [INFO ] Executing state file.copy for [/usr/local/bin/fbmsg-extractor.py] # [INFO ] The target file "/usr/local/bin/fbmsg-extractor.py" exists and will not be overwritten # [INFO ] Completed state [/usr/local/bin/fbmsg-extractor.py] at time 14:17:21.690019 duration_in_ms=1.979 # [DEBUG ] Could not LazyLoad file.mod_watch: 'file.mod_watch' is not available. # [INFO ] Running state [/usr/local/bin/gis4cookie.pl] at time 14:17:21.695818 # [INFO ] Executing state file.copy for [/usr/local/bin/gis4cookie.pl] # [INFO ] The target file "/usr/local/bin/gis4cookie.pl" exists and will not be overwritten # [INFO ] Completed state [/usr/local/bin/gis4cookie.pl] at time 14:17:21.697089 duration_in_ms=1.272 # [DEBUG ] Could not LazyLoad file.mod_watch: 'file.mod_watch' is not available. # [INFO ] Running state [/usr/local/bin/google-ei-time.py] at time 14:17:21.702118 # [INFO ] Executing state file.copy for [/usr/local/bin/google-ei-time.py] # [INFO ] The target file "/usr/local/bin/google-ei-time.py" exists and will not be overwritten # [INFO ] Completed state [/usr/local/bin/google-ei-time.py] at time 14:17:21.703728 duration_in_ms=1.611 # [DEBUG ] Could not LazyLoad file.mod_watch: 'file.mod_watch' is not available. # [INFO ] Running state [/usr/local/bin/imgcache-parse-mod.py] at time 14:17:21.709502 # [INFO ] Executing state file.copy for [/usr/local/bin/imgcache-parse-mod.py] # [INFO ] The target file "/usr/local/bin/imgcache-parse-mod.py" exists and will not be overwritten # [INFO ] Completed state [/usr/local/bin/imgcache-parse-mod.py] at time 14:17:21.711635 duration_in_ms=2.134 # [DEBUG ] Could not LazyLoad file.mod_watch: 'file.mod_watch' is not available. # [INFO ] Running state [/usr/local/bin/imgcache-parse.py] at time 14:17:21.717218 # [INFO ] Executing state file.copy for [/usr/local/bin/imgcache-parse.py] # [INFO ] The target file "/usr/local/bin/imgcache-parse.py" exists and will not be overwritten # [INFO ] Completed state [/usr/local/bin/imgcache-parse.py] at time 14:17:21.718838 duration_in_ms=1.621 # [DEBUG ] Could not LazyLoad file.mod_watch: 'file.mod_watch' is not available. # [INFO ] Running state [/usr/local/bin/json-printer.pl] at time 14:17:21.725381 # [INFO ] Executing state file.copy for [/usr/local/bin/json-printer.pl] # [INFO ] The target file "/usr/local/bin/json-printer.pl" exists and will not be overwritten # [INFO ] Completed state [/usr/local/bin/json-printer.pl] at time 14:17:21.726950 duration_in_ms=1.569 # [DEBUG ] Could not LazyLoad file.mod_watch: 'file.mod_watch' is not available. # [INFO ] Running state [/usr/local/bin/msoffice-pic-extractor.py] at time 14:17:21.732586 # [INFO ] Executing state file.copy for [/usr/local/bin/msoffice-pic-extractor.py] # [INFO ] The target file "/usr/local/bin/msoffice-pic-extractor.py" exists and will not be overwritten # [INFO ] Completed state [/usr/local/bin/msoffice-pic-extractor.py] at time 14:17:21.733967 duration_in_ms=1.381 # [DEBUG ] Could not LazyLoad file.mod_watch: 'file.mod_watch' is not available. # [INFO ] Running state [/usr/local/bin/plist2db.py] at time 14:17:21.740161 # [INFO ] Executing state file.copy for [/usr/local/bin/plist2db.py] # [INFO ] The target file "/usr/local/bin/plist2db.py" exists and will not be overwritten # [INFO ] Completed state [/usr/local/bin/plist2db.py] at time 14:17:21.741862 duration_in_ms=1.701 # [DEBUG ] Could not LazyLoad file.mod_watch: 'file.mod_watch' is not available. # [INFO ] Running state [/usr/local/bin/print_apk_perms.py] at time 14:17:21.747258 # [INFO ] Executing state file.copy for [/usr/local/bin/print_apk_perms.py] # [INFO ] The target file "/usr/local/bin/print_apk_perms.py" exists and will not be overwritten # [INFO ] Completed state [/usr/local/bin/print_apk_perms.py] at time 14:17:21.748596 duration_in_ms=1.338 # [DEBUG ] Could not LazyLoad file.mod_watch: 'file.mod_watch' is not available. # [INFO ] Running state [/usr/local/bin/s2-cellid2latlong.py] at time 14:17:21.754402 # [INFO ] Executing state file.copy for [/usr/local/bin/s2-cellid2latlong.py] # [INFO ] The target file "/usr/local/bin/s2-cellid2latlong.py" exists and will not be overwritten # [INFO ] Completed state [/usr/local/bin/s2-cellid2latlong.py] at time 14:17:21.756443 duration_in_ms=2.042 # [DEBUG ] Could not LazyLoad file.mod_watch: 'file.mod_watch' is not available. # [INFO ] Running state [/usr/local/bin/s2-latlong2cellid.py] at time 14:17:21.762800 # [INFO ] Executing state file.copy for [/usr/local/bin/s2-latlong2cellid.py] # [INFO ] The target file "/usr/local/bin/s2-latlong2cellid.py" exists and will not be overwritten # [INFO ] Completed state [/usr/local/bin/s2-latlong2cellid.py] at time 14:17:21.764434 duration_in_ms=1.634 # [DEBUG ] Could not LazyLoad file.mod_watch: 'file.mod_watch' is not available. # [INFO ] Running state [/usr/local/bin/sms-grep-sample-config.txt] at time 14:17:21.770914 # [INFO ] Executing state file.copy for [/usr/local/bin/sms-grep-sample-config.txt] # [INFO ] The target file "/usr/local/bin/sms-grep-sample-config.txt" exists and will not be overwritten # [INFO ] Completed state [/usr/local/bin/sms-grep-sample-config.txt] at time 14:17:21.772875 duration_in_ms=1.96 # [DEBUG ] Could not LazyLoad file.mod_watch: 'file.mod_watch' is not available. # [INFO ] Running state [/usr/local/bin/sms-grep.pl] at time 14:17:21.778517 # [INFO ] Executing state file.copy for [/usr/local/bin/sms-grep.pl] # [INFO ] The target file "/usr/local/bin/sms-grep.pl" exists and will not be overwritten # [INFO ] Completed state [/usr/local/bin/sms-grep.pl] at time 14:17:21.779868 duration_in_ms=1.351 # [DEBUG ] Could not LazyLoad file.mod_watch: 'file.mod_watch' is not available. # [INFO ] Running state [/usr/local/bin/sqlite-base64-decode.py] at time 14:17:21.785805 # [INFO ] Executing state file.copy for [/usr/local/bin/sqlite-base64-decode.py] # [INFO ] The target file "/usr/local/bin/sqlite-base64-decode.py" exists and will not be overwritten # [INFO ] Completed state [/usr/local/bin/sqlite-base64-decode.py] at time 14:17:21.787742 duration_in_ms=1.937 # [DEBUG ] Could not LazyLoad file.mod_watch: 'file.mod_watch' is not available. # [INFO ] Running state [/usr/local/bin/sqlite-blob-dumper.py] at time 14:17:21.793552 # [INFO ] Executing state file.copy for [/usr/local/bin/sqlite-blob-dumper.py] # [INFO ] The target file "/usr/local/bin/sqlite-blob-dumper.py" exists and will not be overwritten # [INFO ] Completed state [/usr/local/bin/sqlite-blob-dumper.py] at time 14:17:21.794926 duration_in_ms=1.373 # [DEBUG ] Could not LazyLoad file.mod_watch: 'file.mod_watch' is not available. # [INFO ] Running state [/usr/local/bin/sqlite-parser.pl] at time 14:17:21.800687 # [INFO ] Executing state file.copy for [/usr/local/bin/sqlite-parser.pl] # [INFO ] The target file "/usr/local/bin/sqlite-parser.pl" exists and will not be overwritten # [INFO ] Completed state [/usr/local/bin/sqlite-parser.pl] at time 14:17:21.802322 duration_in_ms=1.635 # [DEBUG ] Could not LazyLoad file.mod_watch: 'file.mod_watch' is not available. # [INFO ] Running state [/usr/local/bin/squirrelgripper-README.txt] at time 14:17:21.809012 # [INFO ] Executing state file.copy for [/usr/local/bin/squirrelgripper-README.txt] # [INFO ] The target file "/usr/local/bin/squirrelgripper-README.txt" exists and will not be overwritten # [INFO ] Completed state [/usr/local/bin/squirrelgripper-README.txt] at time 14:17:21.810829 duration_in_ms=1.817 # [DEBUG ] Could not LazyLoad file.mod_watch: 'file.mod_watch' is not available. # [INFO ] Running state [/usr/local/bin/squirrelgripper.pl] at time 14:17:21.816648 # [INFO ] Executing state file.copy for [/usr/local/bin/squirrelgripper.pl] # [INFO ] The target file "/usr/local/bin/squirrelgripper.pl" exists and will not be overwritten # [INFO ] Completed state [/usr/local/bin/squirrelgripper.pl] at time 14:17:21.818102 duration_in_ms=1.454 # [DEBUG ] Could not LazyLoad file.mod_watch: 'file.mod_watch' is not available. # [INFO ] Running state [/usr/local/bin/timediff32.pl] at time 14:17:21.824230 # [INFO ] Executing state file.copy for [/usr/local/bin/timediff32.pl] # [INFO ] The target file "/usr/local/bin/timediff32.pl" exists and will not be overwritten # [INFO ] Completed state [/usr/local/bin/timediff32.pl] at time 14:17:21.826180 duration_in_ms=1.95 # [DEBUG ] Could not LazyLoad file.mod_watch: 'file.mod_watch' is not available. # [INFO ] Running state [/usr/local/bin/vmail-db-2-html.pl] at time 14:17:21.831252 # [INFO ] Executing state file.copy for [/usr/local/bin/vmail-db-2-html.pl] # [INFO ] The target file "/usr/local/bin/vmail-db-2-html.pl" exists and will not be overwritten # [INFO ] Completed state [/usr/local/bin/vmail-db-2-html.pl] at time 14:17:21.832398 duration_in_ms=1.146 # [DEBUG ] Could not LazyLoad file.mod_watch: 'file.mod_watch' is not available. # [INFO ] Running state [/usr/local/bin/wp8-1-callhistory.py] at time 14:17:21.837942 # [INFO ] Executing state file.copy for [/usr/local/bin/wp8-1-callhistory.py] # [INFO ] The target file "/usr/local/bin/wp8-1-callhistory.py" exists and will not be overwritten # [INFO ] Completed state [/usr/local/bin/wp8-1-callhistory.py] at time 14:17:21.839892 duration_in_ms=1.95 # [DEBUG ] Could not LazyLoad file.mod_watch: 'file.mod_watch' is not available. # [INFO ] Running state [/usr/local/bin/wp8-1-contacts.py] at time 14:17:21.848475 # [INFO ] Executing state file.copy for [/usr/local/bin/wp8-1-contacts.py] # [INFO ] The target file "/usr/local/bin/wp8-1-contacts.py" exists and will not be overwritten # [INFO ] Completed state [/usr/local/bin/wp8-1-contacts.py] at time 14:17:21.849726 duration_in_ms=1.252 # [DEBUG ] Could not LazyLoad file.mod_watch: 'file.mod_watch' is not available. # [INFO ] Running state [/usr/local/bin/wp8-1-mms-filesort.py] at time 14:17:21.857719 # [INFO ] Executing state file.copy for [/usr/local/bin/wp8-1-mms-filesort.py] # [INFO ] The target file "/usr/local/bin/wp8-1-mms-filesort.py" exists and will not be overwritten # [INFO ] Completed state [/usr/local/bin/wp8-1-mms-filesort.py] at time 14:17:21.859275 duration_in_ms=1.556 # [DEBUG ] Could not LazyLoad file.mod_watch: 'file.mod_watch' is not available. # [INFO ] Running state [/usr/local/bin/wp8-1-mms.py] at time 14:17:21.865037 # [INFO ] Executing state file.copy for [/usr/local/bin/wp8-1-mms.py] # [INFO ] The target file "/usr/local/bin/wp8-1-mms.py" exists and will not be overwritten # [INFO ] Completed state [/usr/local/bin/wp8-1-mms.py] at time 14:17:21.867978 duration_in_ms=2.941 # [DEBUG ] Could not LazyLoad file.mod_watch: 'file.mod_watch' is not available. # [INFO ] Running state [/usr/local/bin/wp8-1-sms.py] at time 14:17:21.873895 # [INFO ] Executing state file.copy for [/usr/local/bin/wp8-1-sms.py] # [INFO ] The target file "/usr/local/bin/wp8-1-sms.py" exists and will not be overwritten # [INFO ] Completed state [/usr/local/bin/wp8-1-sms.py] at time 14:17:21.875461 duration_in_ms=1.567 # [DEBUG ] Could not LazyLoad file.mod_watch: 'file.mod_watch' is not available. # [INFO ] Running state [/usr/local/bin/wp8-callhistory.py] at time 14:17:21.880666 # [INFO ] Executing state file.copy for [/usr/local/bin/wp8-callhistory.py] # [INFO ] The target file "/usr/local/bin/wp8-callhistory.py" exists and will not be overwritten # [INFO ] Completed state [/usr/local/bin/wp8-callhistory.py] at time 14:17:21.881892 duration_in_ms=1.226 # [DEBUG ] Could not LazyLoad file.mod_watch: 'file.mod_watch' is not available. # [INFO ] Running state [/usr/local/bin/wp8-contacts.py] at time 14:17:21.887943 # [INFO ] Executing state file.copy for [/usr/local/bin/wp8-contacts.py] # [INFO ] The target file "/usr/local/bin/wp8-contacts.py" exists and will not be overwritten # [INFO ] Completed state [/usr/local/bin/wp8-contacts.py] at time 14:17:21.889790 duration_in_ms=1.846 # [DEBUG ] Could not LazyLoad file.mod_watch: 'file.mod_watch' is not available. # [INFO ] Running state [/usr/local/bin/wp8-fb-msg.py] at time 14:17:21.896002 # [INFO ] Executing state file.copy for [/usr/local/bin/wp8-fb-msg.py] # [INFO ] The target file "/usr/local/bin/wp8-fb-msg.py" exists and will not be overwritten # [INFO ] Completed state [/usr/local/bin/wp8-fb-msg.py] at time 14:17:21.897475 duration_in_ms=1.473 # [DEBUG ] Could not LazyLoad file.mod_watch: 'file.mod_watch' is not available. # [INFO ] Running state [/usr/local/bin/wp8-sha256-pin-finder.py] at time 14:17:21.903715 # [INFO ] Executing state file.copy for [/usr/local/bin/wp8-sha256-pin-finder.py] # [INFO ] The target file "/usr/local/bin/wp8-sha256-pin-finder.py" exists and will not be overwritten # [INFO ] Completed state [/usr/local/bin/wp8-sha256-pin-finder.py] at time 14:17:21.906020 duration_in_ms=2.304 # [DEBUG ] Could not LazyLoad file.mod_watch: 'file.mod_watch' is not available. # [INFO ] Running state [/usr/local/bin/wp8-sms.py] at time 14:17:21.911902 # [INFO ] Executing state file.copy for [/usr/local/bin/wp8-sms.py] # [INFO ] The target file "/usr/local/bin/wp8-sms.py" exists and will not be overwritten # [INFO ] Completed state [/usr/local/bin/wp8-sms.py] at time 14:17:21.913298 duration_in_ms=1.397 # [DEBUG ] Could not LazyLoad file.mod_watch: 'file.mod_watch' is not available. # [INFO ] Running state [/usr/local/bin/wwf-chat-parser.py] at time 14:17:21.918518 # [INFO ] Executing state file.copy for [/usr/local/bin/wwf-chat-parser.py] # [INFO ] The target file "/usr/local/bin/wwf-chat-parser.py" exists and will not be overwritten # [INFO ] Completed state [/usr/local/bin/wwf-chat-parser.py] at time 14:17:21.920075 duration_in_ms=1.557 # [INFO ] Running state [/usr/local/bin/amcache.py] at time 14:17:21.920242 # [INFO ] Executing state file.managed for [/usr/local/bin/amcache.py] # [DEBUG ] Requesting URL https://raw.githubusercontent.com/williballenthin/python-registry/1a669eada6f7933798751e0cf482a9eb654c739b/samples/amcache.py using GET method # [INFO ] File changed: --- +++ @@ -1,4 +1,4 @@ -#!/usr/bin/env python +#!/usr/bin/python # This file is part of python-registry. # # Copyright 2015 Will Ballenthin # [DEBUG ] Refreshing modules... # [INFO ] Loading fresh modules for state activity # [DEBUG ] LazyLoaded jinja.render # [DEBUG ] LazyLoaded yaml.render # [INFO ] Completed state [/usr/local/bin/amcache.py] at time 14:17:22.279851 duration_in_ms=359.608 # [DEBUG ] LazyLoaded config.option # [DEBUG ] LazyLoaded file.replace # [DEBUG ] Module DSC: Only available on Windows systems # [DEBUG ] Module PSGet: Only available on Windows systems # [DEBUG ] Could not LazyLoad acme.cert: 'acme' __virtual__ returned False: The ACME execution module cannot be loaded: letsencrypt-auto not installed. # [DEBUG ] LazyLoaded at.at # [DEBUG ] Could not LazyLoad augeas.execute: 'augeas.execute' is not available. # [DEBUG ] LazyLoaded boto3_elasticache.cache_cluster_exists # [DEBUG ] LazyLoaded boto3_route53.find_hosted_zone # [DEBUG ] LazyLoaded boto_apigateway.describe_apis # [DEBUG ] LazyLoaded boto_asg.exists # [DEBUG ] LazyLoaded boto_cfn.exists # [DEBUG ] LazyLoaded boto_cloudtrail.exists # [DEBUG ] LazyLoaded boto_cloudwatch.get_alarm # [DEBUG ] LazyLoaded boto_cloudwatch_event.exists # [DEBUG ] LazyLoaded boto_cognitoidentity.describe_identity_pools # [DEBUG ] LazyLoaded boto_datapipeline.create_pipeline # [DEBUG ] LazyLoaded boto_dynamodb.exists # [DEBUG ] LazyLoaded boto_ec2.get_key # [DEBUG ] LazyLoaded boto_elasticache.exists # [DEBUG ] LazyLoaded boto_elasticsearch_domain.exists # [DEBUG ] LazyLoaded boto_elb.exists # [DEBUG ] LazyLoaded boto_elbv2.target_group_exists # [DEBUG ] LazyLoaded boto_iam.get_user # [DEBUG ] LazyLoaded boto_iam.role_exists # [DEBUG ] LazyLoaded boto_iot.policy_exists # [DEBUG ] LazyLoaded boto_kinesis.exists # [DEBUG ] LazyLoaded boto_kms.describe_key # [DEBUG ] LazyLoaded boto_lambda.function_exists # [DEBUG ] LazyLoaded boto_asg.exists # [DEBUG ] LazyLoaded boto_rds.exists # [DEBUG ] LazyLoaded boto_route53.get_record # [DEBUG ] LazyLoaded boto_s3_bucket.exists # [DEBUG ] LazyLoaded boto_secgroup.exists # [DEBUG ] LazyLoaded boto_sns.exists # [DEBUG ] LazyLoaded boto_sqs.exists # [DEBUG ] LazyLoaded boto_vpc.exists # [DEBUG ] LazyLoaded bower.list # [DEBUG ] LazyLoaded chef.client # [DEBUG ] LazyLoaded chocolatey.install # [DEBUG ] LazyLoaded cisconso.set_data_value # [DEBUG ] LazyLoaded cyg.list # [DEBUG ] LazyLoaded chassis.cmd # [DEBUG ] Could not LazyLoad docker.version: 'docker.version' is not available. # [DEBUG ] Could not LazyLoad docker.version: 'docker.version' is not available. # [DEBUG ] Could not LazyLoad docker.version: 'docker.version' is not available. # [DEBUG ] Could not LazyLoad docker.version: 'docker.version' is not available. # [DEBUG ] Could not LazyLoad docker.version: 'docker.version' is not available. # [DEBUG ] LazyLoaded eselect.exec_action # [DEBUG ] LazyLoaded esxi.cmd # [DEBUG ] LazyLoaded github.list_users # [DEBUG ] LazyLoaded glusterfs.list_volumes # [DEBUG ] LazyLoaded elasticsearch.exists # [DEBUG ] LazyLoaded icinga2.generate_ticket # [DEBUG ] LazyLoaded ifttt.trigger_event # [DEBUG ] Could not LazyLoad influxdb08.db_exists: 'influxdb08.db_exists' is not available. # [DEBUG ] Could not LazyLoad influxdb08.db_exists: 'influxdb08.db_exists' is not available. # [DEBUG ] Could not LazyLoad influxdb.db_exists: 'influxdb.db_exists' is not available. # [DEBUG ] Could not LazyLoad influxdb.db_exists: 'influxdb.db_exists' is not available. # [DEBUG ] Could not LazyLoad influxdb.db_exists: 'influxdb.db_exists' is not available. # [DEBUG ] Could not LazyLoad influxdb.db_exists: 'influxdb.db_exists' is not available. # [DEBUG ] LazyLoaded ipset.version # [DEBUG ] LazyLoaded kapacitor.version # [DEBUG ] LazyLoaded keystone.auth # [DEBUG ] LazyLoaded kubernetes.ping # [DEBUG ] LazyLoaded layman.add # [DEBUG ] LazyLoaded lvs.get_rules # [DEBUG ] LazyLoaded lvs.get_rules # [DEBUG ] LazyLoaded makeconf.get_var # [DEBUG ] LazyLoaded memcached.status # [DEBUG ] LazyLoaded mongodb.user_exists # [DEBUG ] LazyLoaded monit.summary # [DEBUG ] LazyLoaded nftables.version # [DEBUG ] LazyLoaded npm.list # [DEBUG ] LazyLoaded nxos.cmd # [DEBUG ] LazyLoaded openvswitch.bridge_create # [DEBUG ] LazyLoaded openvswitch.port_add # [DEBUG ] LazyLoaded pecl.list # [DEBUG ] LazyLoaded portage_config.get_missing_flags # [DEBUG ] LazyLoaded postgres.cluster_exists # [DEBUG ] LazyLoaded postgres.user_exists # [DEBUG ] LazyLoaded postgres.create_extension # [DEBUG ] LazyLoaded postgres.group_create # [DEBUG ] LazyLoaded postgres.datadir_init # [DEBUG ] LazyLoaded postgres.language_create # [DEBUG ] LazyLoaded postgres.privileges_grant # [DEBUG ] LazyLoaded postgres.schema_exists # [DEBUG ] LazyLoaded postgres.tablespace_exists # [DEBUG ] LazyLoaded postgres.user_exists # [DEBUG ] LazyLoaded quota.report # [DEBUG ] Could not LazyLoad rbac.profile_list: 'rbac.profile_list' is not available. # [DEBUG ] LazyLoaded rdp.enable # [DEBUG ] LazyLoaded reg.read_value # [DEBUG ] LazyLoaded selinux.getenforce # [DEBUG ] Could not LazyLoad vmadm.create: 'vmadm.create' is not available. # [DEBUG ] LazyLoaded snapper.diff # [DEBUG ] LazyLoaded splunk.list_users # [DEBUG ] LazyLoaded splunk_search.get # [DEBUG ] LazyLoaded stormpath.create_account # [DEBUG ] LazyLoaded tls.cert_info # [DEBUG ] LazyLoaded tomcat.status # [DEBUG ] LazyLoaded trafficserver.set_config # [DEBUG ] LazyLoaded victorops.create_event # [DEBUG ] LazyLoaded virt.node_info # [DEBUG ] LazyLoaded win_dacl.add_ace # [DEBUG ] LazyLoaded win_dns_client.add_dns # [DEBUG ] Could not LazyLoad firewall.get_config: 'firewall.get_config' is not available. # [DEBUG ] LazyLoaded win_iis.create_site # [DEBUG ] Could not LazyLoad lgpo.set: 'lgpo.set' is not available. # [DEBUG ] LazyLoaded win_path.rehash # [DEBUG ] LazyLoaded win_pki.get_stores # [DEBUG ] LazyLoaded win_servermanager.install # [DEBUG ] LazyLoaded win_smtp_server.get_server_setting # [DEBUG ] LazyLoaded win_snmp.get_agent_settings # [DEBUG ] LazyLoaded xmpp.send_msg # [DEBUG ] LazyLoaded zabbix.host_create # [DEBUG ] LazyLoaded zabbix.hostgroup_create # [DEBUG ] LazyLoaded zabbix.mediatype_create # [DEBUG ] LazyLoaded zabbix.user_create # [DEBUG ] LazyLoaded zabbix.usergroup_create # [DEBUG ] LazyLoaded zk_concurrency.lock # [DEBUG ] LazyLoaded zonecfg.create # [DEBUG ] LazyLoaded zpool.create # [DEBUG ] Could not LazyLoad file.mod_watch: 'file.mod_watch' is not available. # [INFO ] Running state [/usr/local/bin/amcache.py] at time 14:17:23.075030 # [INFO ] Executing state file.replace for [/usr/local/bin/amcache.py] # [INFO ] File changed: --- +++ @@ -1,4 +1,4 @@ -#!/usr/bin/python +#!/usr/bin/env python # This file is part of python-registry. # # Copyright 2015 Will Ballenthin # [INFO ] Completed state [/usr/local/bin/amcache.py] at time 14:17:23.079788 duration_in_ms=4.759 # [INFO ] Running state [/usr/local/bin/dump-mft-entry.pl] at time 14:17:23.079957 # [INFO ] Executing state file.managed for [/usr/local/bin/dump-mft-entry.pl] # [DEBUG ] Requesting URL https://raw.githubusercontent.com/superponible/DFIR/ee681a07a0c32a5ccaea788cd7d012d19872f181/dump_mft_entry.pl using GET method # [INFO ] File changed: --- +++ @@ -1,4 +1,4 @@ -#!/usr/bin/env perl +#!/usr/bin/perl #------------------------------ #dump_mft_entry.pl # [INFO ] Completed state [/usr/local/bin/dump-mft-entry.pl] at time 14:17:23.302950 duration_in_ms=222.992 # [DEBUG ] Could not LazyLoad file.mod_watch: 'file.mod_watch' is not available. # [INFO ] Running state [/usr/local/bin/dump-mft-entry.pl] at time 14:17:23.320264 # [INFO ] Executing state file.replace for [/usr/local/bin/dump-mft-entry.pl] # [INFO ] File changed: --- +++ @@ -1,4 +1,4 @@ -#!/usr/bin/perl +#!/usr/bin/env perl #------------------------------ #dump_mft_entry.pl # [INFO ] Completed state [/usr/local/bin/dump-mft-entry.pl] at time 14:17:23.328103 duration_in_ms=7.84 # [INFO ] Running state [/usr/local/bin/imageMounter.py] at time 14:17:23.328488 # [INFO ] Executing state file.managed for [/usr/local/bin/imageMounter.py] # [DEBUG ] Requesting URL https://raw.githubusercontent.com/kevthehermit/Scripts/master/imageMounter.py using GET method # [INFO ] File /usr/local/bin/imageMounter.py is in the correct state # [INFO ] Completed state [/usr/local/bin/imageMounter.py] at time 14:17:23.563908 duration_in_ms=235.417 # [INFO ] Running state [/usr/local/bin/idx_parser.py] at time 14:17:23.564467 # [INFO ] Executing state file.managed for [/usr/local/bin/idx_parser.py] # [DEBUG ] Requesting URL https://raw.githubusercontent.com/Rurik/Java_IDX_Parser/master/idx_parser.py using GET method # [INFO ] File /usr/local/bin/idx_parser.py is in the correct state # [INFO ] Completed state [/usr/local/bin/idx_parser.py] at time 14:17:23.835317 duration_in_ms=270.849 # [INFO ] Running state [/usr/local/bin/jobparser.py] at time 14:17:23.836060 # [INFO ] Executing state file.managed for [/usr/local/bin/jobparser.py] # [DEBUG ] Requesting URL https://raw.githubusercontent.com/gleeda/misc-scripts/03a0d9126359c6b4b0b508062d3422bea9b69036/misc_python/jobparser.py using GET method # [INFO ] File /usr/local/bin/jobparser.py is in the correct state # [INFO ] Completed state [/usr/local/bin/jobparser.py] at time 14:17:24.083299 duration_in_ms=247.24 # [INFO ] Running state [https://github.com/keydet89/Tools.git] at time 14:17:24.088005 # [INFO ] Executing state git.latest for [https://github.com/keydet89/Tools.git] # [INFO ] Checking remote revision for https://github.com/keydet89/Tools.git # [INFO ] Executing command ['git', 'ls-remote', 'https://github.com/keydet89/Tools.git'] as user 'root' in directory '/root' mesg: ttyname failed: Inappropriate ioctl for device # [DEBUG ] stdout: 031d06d13189fdb8bd24b75585951b1b5b33aa56 HEAD 031d06d13189fdb8bd24b75585951b1b5b33aa56 refs/heads/master # [INFO ] Executing command ['git', 'for-each-ref', '--format', '%(refname:short)', 'refs/heads/'] as user 'root' in directory '/usr/local/src/keydet-tools' mesg: ttyname failed: Inappropriate ioctl for device # [DEBUG ] stdout: master # [INFO ] Executing command ['git', 'for-each-ref', '--format', '%(refname:short)', 'refs/tags/'] as user 'root' in directory '/usr/local/src/keydet-tools' mesg: ttyname failed: Inappropriate ioctl for device # [INFO ] Checking local revision for /usr/local/src/keydet-tools # [INFO ] Executing command ['git', 'rev-parse', 'HEAD'] as user 'root' in directory '/usr/local/src/keydet-tools' mesg: ttyname failed: Inappropriate ioctl for device # [DEBUG ] stdout: 031d06d13189fdb8bd24b75585951b1b5b33aa56 # [INFO ] Checking local branch for /usr/local/src/keydet-tools # [INFO ] Executing command ['git', 'rev-parse', '--abbrev-ref', 'HEAD'] as user 'root' in directory '/usr/local/src/keydet-tools' mesg: ttyname failed: Inappropriate ioctl for device # [DEBUG ] stdout: master # [INFO ] Executing command ['git', 'remote', '--verbose'] as user 'root' in directory '/usr/local/src/keydet-tools' mesg: ttyname failed: Inappropriate ioctl for device # [DEBUG ] stdout: origin https://github.com/keydet89/Tools.git (fetch) origin https://github.com/keydet89/Tools.git (push) # [INFO ] Executing command ['git', 'diff', 'HEAD'] as user 'root' in directory '/usr/local/src/keydet-tools' mesg: ttyname failed: Inappropriate ioctl for device # [INFO ] Executing command ['git', 'rev-parse', '031d06d13189fdb8bd24b75585951b1b5b33aa56^{commit}'] as user 'root' in directory '/usr/local/src/keydet-tools' mesg: ttyname failed: Inappropriate ioctl for device # [DEBUG ] stdout: 031d06d13189fdb8bd24b75585951b1b5b33aa56 # [INFO ] Executing command ['git', 'rev-parse', 'origin/master'] as user 'root' in directory '/usr/local/src/keydet-tools' mesg: ttyname failed: Inappropriate ioctl for device # [DEBUG ] stdout: 031d06d13189fdb8bd24b75585951b1b5b33aa56 # [INFO ] Executing command ['git', 'merge-base', '--is-ancestor', '031d06d13189fdb8bd24b75585951b1b5b33aa56', '031d06d13189fdb8bd24b75585951b1b5b33aa56'] as user 'root' in directory '/usr/local/src/keydet-tools' mesg: ttyname failed: Inappropriate ioctl for device # [INFO ] Executing command ['git', 'rev-parse', '--abbrev-ref', 'master@{upstream}'] as user 'root' in directory '/usr/local/src/keydet-tools' mesg: ttyname failed: Inappropriate ioctl for device # [DEBUG ] stdout: origin/master # [INFO ] Executing command ['git', 'rev-parse', 'HEAD'] as user 'root' in directory '/usr/local/src/keydet-tools' mesg: ttyname failed: Inappropriate ioctl for device # [DEBUG ] stdout: 031d06d13189fdb8bd24b75585951b1b5b33aa56 # [INFO ] Repository /usr/local/src/keydet-tools is up-to-date # [INFO ] Completed state [https://github.com/keydet89/Tools.git] at time 14:17:27.156354 duration_in_ms=3068.35 # [DEBUG ] Could not LazyLoad file.mod_watch: 'file.mod_watch' is not available. # [INFO ] Running state [/usr/local/bin/bodyfile.pl] at time 14:17:27.163356 # [INFO ] Executing state file.copy for [/usr/local/bin/bodyfile.pl] # [INFO ] The target file "/usr/local/bin/bodyfile.pl" exists and will not be overwritten # [INFO ] Completed state [/usr/local/bin/bodyfile.pl] at time 14:17:27.164925 duration_in_ms=1.57 # [DEBUG ] Could not LazyLoad file.mod_watch: 'file.mod_watch' is not available. # [INFO ] Running state [/usr/local/bin/bodyfile.pl] at time 14:17:27.170838 # [INFO ] Executing state file.replace for [/usr/local/bin/bodyfile.pl] # [INFO ] No changes needed to be made # [INFO ] Completed state [/usr/local/bin/bodyfile.pl] at time 14:17:27.180695 duration_in_ms=9.857 # [DEBUG ] Could not LazyLoad file.mod_watch: 'file.mod_watch' is not available. # [INFO ] Running state [/usr/local/bin/evtparse.pl] at time 14:17:27.186967 # [INFO ] Executing state file.copy for [/usr/local/bin/evtparse.pl] # [INFO ] The target file "/usr/local/bin/evtparse.pl" exists and will not be overwritten # [INFO ] Completed state [/usr/local/bin/evtparse.pl] at time 14:17:27.188859 duration_in_ms=1.892 # [DEBUG ] Could not LazyLoad file.mod_watch: 'file.mod_watch' is not available. # [INFO ] Running state [/usr/local/bin/evtparse.pl] at time 14:17:27.197126 # [INFO ] Executing state file.replace for [/usr/local/bin/evtparse.pl] # [INFO ] No changes needed to be made # [INFO ] Completed state [/usr/local/bin/evtparse.pl] at time 14:17:27.201514 duration_in_ms=4.388 # [DEBUG ] Could not LazyLoad file.mod_watch: 'file.mod_watch' is not available. # [INFO ] Running state [/usr/local/bin/evtrpt.pl] at time 14:17:27.208324 # [INFO ] Executing state file.copy for [/usr/local/bin/evtrpt.pl] # [INFO ] The target file "/usr/local/bin/evtrpt.pl" exists and will not be overwritten # [INFO ] Completed state [/usr/local/bin/evtrpt.pl] at time 14:17:27.209880 duration_in_ms=1.556 # [DEBUG ] Could not LazyLoad file.mod_watch: 'file.mod_watch' is not available. # [INFO ] Running state [/usr/local/bin/evtrpt.pl] at time 14:17:27.216019 # [INFO ] Executing state file.replace for [/usr/local/bin/evtrpt.pl] # [INFO ] No changes needed to be made # [INFO ] Completed state [/usr/local/bin/evtrpt.pl] at time 14:17:27.220334 duration_in_ms=4.316 # [DEBUG ] Could not LazyLoad file.mod_watch: 'file.mod_watch' is not available. # [INFO ] Running state [/usr/local/bin/evtxparse.pl] at time 14:17:27.226765 # [INFO ] Executing state file.copy for [/usr/local/bin/evtxparse.pl] # [INFO ] The target file "/usr/local/bin/evtxparse.pl" exists and will not be overwritten # [INFO ] Completed state [/usr/local/bin/evtxparse.pl] at time 14:17:27.228416 duration_in_ms=1.652 # [DEBUG ] Could not LazyLoad file.mod_watch: 'file.mod_watch' is not available. # [INFO ] Running state [/usr/local/bin/evtxparse.pl] at time 14:17:27.233943 # [INFO ] Executing state file.replace for [/usr/local/bin/evtxparse.pl] # [INFO ] No changes needed to be made # [INFO ] Completed state [/usr/local/bin/evtxparse.pl] at time 14:17:27.237850 duration_in_ms=3.908 # [DEBUG ] Could not LazyLoad file.mod_watch: 'file.mod_watch' is not available. # [INFO ] Running state [/usr/local/bin/fb.pl] at time 14:17:27.243890 # [INFO ] Executing state file.copy for [/usr/local/bin/fb.pl] # [INFO ] The target file "/usr/local/bin/fb.pl" exists and will not be overwritten # [INFO ] Completed state [/usr/local/bin/fb.pl] at time 14:17:27.245321 duration_in_ms=1.431 # [DEBUG ] Could not LazyLoad file.mod_watch: 'file.mod_watch' is not available. # [INFO ] Running state [/usr/local/bin/fb.pl] at time 14:17:27.251922 # [INFO ] Executing state file.replace for [/usr/local/bin/fb.pl] # [INFO ] No changes needed to be made # [INFO ] Completed state [/usr/local/bin/fb.pl] at time 14:17:27.256274 duration_in_ms=4.351 # [DEBUG ] Could not LazyLoad file.mod_watch: 'file.mod_watch' is not available. # [INFO ] Running state [/usr/local/bin/ff.pl] at time 14:17:27.262346 # [INFO ] Executing state file.copy for [/usr/local/bin/ff.pl] # [INFO ] The target file "/usr/local/bin/ff.pl" exists and will not be overwritten # [INFO ] Completed state [/usr/local/bin/ff.pl] at time 14:17:27.263685 duration_in_ms=1.34 # [DEBUG ] Could not LazyLoad file.mod_watch: 'file.mod_watch' is not available. # [INFO ] Running state [/usr/local/bin/ff.pl] at time 14:17:27.272617 # [INFO ] Executing state file.replace for [/usr/local/bin/ff.pl] # [INFO ] No changes needed to be made # [INFO ] Completed state [/usr/local/bin/ff.pl] at time 14:17:27.276006 duration_in_ms=3.389 # [DEBUG ] Could not LazyLoad file.mod_watch: 'file.mod_watch' is not available. # [INFO ] Running state [/usr/local/bin/ff_signons.pl] at time 14:17:27.281807 # [INFO ] Executing state file.copy for [/usr/local/bin/ff_signons.pl] # [INFO ] The target file "/usr/local/bin/ff_signons.pl" exists and will not be overwritten # [INFO ] Completed state [/usr/local/bin/ff_signons.pl] at time 14:17:27.283648 duration_in_ms=1.841 # [DEBUG ] Could not LazyLoad file.mod_watch: 'file.mod_watch' is not available. # [INFO ] Running state [/usr/local/bin/ff_signons.pl] at time 14:17:27.289711 # [INFO ] Executing state file.replace for [/usr/local/bin/ff_signons.pl] # [INFO ] No changes needed to be made # [INFO ] Completed state [/usr/local/bin/ff_signons.pl] at time 14:17:27.293710 duration_in_ms=3.999 # [DEBUG ] Could not LazyLoad file.mod_watch: 'file.mod_watch' is not available. # [INFO ] Running state [/usr/local/bin/ftkparse.pl] at time 14:17:27.300843 # [INFO ] Executing state file.copy for [/usr/local/bin/ftkparse.pl] # [INFO ] The target file "/usr/local/bin/ftkparse.pl" exists and will not be overwritten # [INFO ] Completed state [/usr/local/bin/ftkparse.pl] at time 14:17:27.302376 duration_in_ms=1.534 # [DEBUG ] Could not LazyLoad file.mod_watch: 'file.mod_watch' is not available. # [INFO ] Running state [/usr/local/bin/ftkparse.pl] at time 14:17:27.308494 # [INFO ] Executing state file.replace for [/usr/local/bin/ftkparse.pl] # [INFO ] No changes needed to be made # [INFO ] Completed state [/usr/local/bin/ftkparse.pl] at time 14:17:27.311510 duration_in_ms=3.017 # [DEBUG ] Could not LazyLoad file.mod_watch: 'file.mod_watch' is not available. # [INFO ] Running state [/usr/local/bin/idx.pl] at time 14:17:27.317661 # [INFO ] Executing state file.copy for [/usr/local/bin/idx.pl] # [INFO ] The target file "/usr/local/bin/idx.pl" exists and will not be overwritten # [INFO ] Completed state [/usr/local/bin/idx.pl] at time 14:17:27.319660 duration_in_ms=2.0 # [DEBUG ] Could not LazyLoad file.mod_watch: 'file.mod_watch' is not available. # [INFO ] Running state [/usr/local/bin/idx.pl] at time 14:17:27.325720 # [INFO ] Executing state file.replace for [/usr/local/bin/idx.pl] # [INFO ] No changes needed to be made # [INFO ] Completed state [/usr/local/bin/idx.pl] at time 14:17:27.331582 duration_in_ms=5.861 # [DEBUG ] Could not LazyLoad file.mod_watch: 'file.mod_watch' is not available. # [INFO ] Running state [/usr/local/bin/idxparse.pl] at time 14:17:27.337337 # [INFO ] Executing state file.copy for [/usr/local/bin/idxparse.pl] # [INFO ] The target file "/usr/local/bin/idxparse.pl" exists and will not be overwritten # [INFO ] Completed state [/usr/local/bin/idxparse.pl] at time 14:17:27.339250 duration_in_ms=1.913 # [DEBUG ] Could not LazyLoad file.mod_watch: 'file.mod_watch' is not available. # [INFO ] Running state [/usr/local/bin/idxparse.pl] at time 14:17:27.345588 # [INFO ] Executing state file.replace for [/usr/local/bin/idxparse.pl] # [INFO ] No changes needed to be made # [INFO ] Completed state [/usr/local/bin/idxparse.pl] at time 14:17:27.349781 duration_in_ms=4.193 # [DEBUG ] Could not LazyLoad file.mod_watch: 'file.mod_watch' is not available. # [INFO ] Running state [/usr/local/bin/jl.pl] at time 14:17:27.355620 # [INFO ] Executing state file.copy for [/usr/local/bin/jl.pl] # [INFO ] The target file "/usr/local/bin/jl.pl" exists and will not be overwritten # [INFO ] Completed state [/usr/local/bin/jl.pl] at time 14:17:27.357338 duration_in_ms=1.719 # [DEBUG ] Could not LazyLoad file.mod_watch: 'file.mod_watch' is not available. # [INFO ] Running state [/usr/local/bin/jl.pl] at time 14:17:27.363147 # [INFO ] Executing state file.replace for [/usr/local/bin/jl.pl] # [INFO ] No changes needed to be made # [INFO ] Completed state [/usr/local/bin/jl.pl] at time 14:17:27.366591 duration_in_ms=3.445 # [DEBUG ] Could not LazyLoad file.mod_watch: 'file.mod_watch' is not available. # [INFO ] Running state [/usr/local/bin/jobparse.pl] at time 14:17:27.371994 # [INFO ] Executing state file.copy for [/usr/local/bin/jobparse.pl] # [INFO ] The target file "/usr/local/bin/jobparse.pl" exists and will not be overwritten # [INFO ] Completed state [/usr/local/bin/jobparse.pl] at time 14:17:27.373439 duration_in_ms=1.446 # [DEBUG ] Could not LazyLoad file.mod_watch: 'file.mod_watch' is not available. # [INFO ] Running state [/usr/local/bin/jobparse.pl] at time 14:17:27.383452 # [INFO ] Executing state file.replace for [/usr/local/bin/jobparse.pl] # [INFO ] No changes needed to be made # [INFO ] Completed state [/usr/local/bin/jobparse.pl] at time 14:17:27.390069 duration_in_ms=6.618 # [DEBUG ] Could not LazyLoad file.mod_watch: 'file.mod_watch' is not available. # [INFO ] Running state [/usr/local/bin/lfle.pl] at time 14:17:27.396656 # [INFO ] Executing state file.copy for [/usr/local/bin/lfle.pl] # [INFO ] The target file "/usr/local/bin/lfle.pl" exists and will not be overwritten # [INFO ] Completed state [/usr/local/bin/lfle.pl] at time 14:17:27.398255 duration_in_ms=1.598 # [DEBUG ] Could not LazyLoad file.mod_watch: 'file.mod_watch' is not available. # [INFO ] Running state [/usr/local/bin/lfle.pl] at time 14:17:27.404761 # [INFO ] Executing state file.replace for [/usr/local/bin/lfle.pl] # [INFO ] No changes needed to be made # [INFO ] Completed state [/usr/local/bin/lfle.pl] at time 14:17:27.409916 duration_in_ms=5.156 # [DEBUG ] Could not LazyLoad file.mod_watch: 'file.mod_watch' is not available. # [INFO ] Running state [/usr/local/bin/lnk.pl] at time 14:17:27.415746 # [INFO ] Executing state file.copy for [/usr/local/bin/lnk.pl] # [INFO ] The target file "/usr/local/bin/lnk.pl" exists and will not be overwritten # [INFO ] Completed state [/usr/local/bin/lnk.pl] at time 14:17:27.417136 duration_in_ms=1.39 # [DEBUG ] Could not LazyLoad file.mod_watch: 'file.mod_watch' is not available. # [INFO ] Running state [/usr/local/bin/lnk.pl] at time 14:17:27.423427 # [INFO ] Executing state file.replace for [/usr/local/bin/lnk.pl] # [INFO ] No changes needed to be made # [INFO ] Completed state [/usr/local/bin/lnk.pl] at time 14:17:27.427677 duration_in_ms=4.25 # [DEBUG ] Could not LazyLoad file.mod_watch: 'file.mod_watch' is not available. # [INFO ] Running state [/usr/local/bin/mft.pl] at time 14:17:27.433604 # [INFO ] Executing state file.copy for [/usr/local/bin/mft.pl] # [INFO ] The target file "/usr/local/bin/mft.pl" exists and will not be overwritten # [INFO ] Completed state [/usr/local/bin/mft.pl] at time 14:17:27.435104 duration_in_ms=1.501 # [DEBUG ] Could not LazyLoad file.mod_watch: 'file.mod_watch' is not available. # [INFO ] Running state [/usr/local/bin/mft.pl] at time 14:17:27.441600 # [INFO ] Executing state file.replace for [/usr/local/bin/mft.pl] # [INFO ] No changes needed to be made # [INFO ] Completed state [/usr/local/bin/mft.pl] at time 14:17:27.446564 duration_in_ms=4.966 # [DEBUG ] Could not LazyLoad file.mod_watch: 'file.mod_watch' is not available. # [INFO ] Running state [/usr/local/bin/parse.pl] at time 14:17:27.451723 # [INFO ] Executing state file.copy for [/usr/local/bin/parse.pl] # [INFO ] The target file "/usr/local/bin/parse.pl" exists and will not be overwritten # [INFO ] Completed state [/usr/local/bin/parse.pl] at time 14:17:27.452966 duration_in_ms=1.244 # [DEBUG ] Could not LazyLoad file.mod_watch: 'file.mod_watch' is not available. # [INFO ] Running state [/usr/local/bin/parse.pl] at time 14:17:27.458405 # [INFO ] Executing state file.replace for [/usr/local/bin/parse.pl] # [INFO ] No changes needed to be made # [INFO ] Completed state [/usr/local/bin/parse.pl] at time 14:17:27.462194 duration_in_ms=3.789 # [DEBUG ] Could not LazyLoad file.mod_watch: 'file.mod_watch' is not available. # [INFO ] Running state [/usr/local/bin/parsei30.pl] at time 14:17:27.468071 # [INFO ] Executing state file.copy for [/usr/local/bin/parsei30.pl] # [INFO ] The target file "/usr/local/bin/parsei30.pl" exists and will not be overwritten # [INFO ] Completed state [/usr/local/bin/parsei30.pl] at time 14:17:27.469664 duration_in_ms=1.593 # [DEBUG ] Could not LazyLoad file.mod_watch: 'file.mod_watch' is not available. # [INFO ] Running state [/usr/local/bin/parsei30.pl] at time 14:17:27.475627 # [INFO ] Executing state file.replace for [/usr/local/bin/parsei30.pl] # [INFO ] No changes needed to be made # [INFO ] Completed state [/usr/local/bin/parsei30.pl] at time 14:17:27.480812 duration_in_ms=5.185 # [DEBUG ] Could not LazyLoad file.mod_watch: 'file.mod_watch' is not available. # [INFO ] Running state [/usr/local/bin/parseie.pl] at time 14:17:27.486539 # [INFO ] Executing state file.copy for [/usr/local/bin/parseie.pl] # [INFO ] The target file "/usr/local/bin/parseie.pl" exists and will not be overwritten # [INFO ] Completed state [/usr/local/bin/parseie.pl] at time 14:17:27.488155 duration_in_ms=1.616 # [DEBUG ] Could not LazyLoad file.mod_watch: 'file.mod_watch' is not available. # [INFO ] Running state [/usr/local/bin/parseie.pl] at time 14:17:27.494128 # [INFO ] Executing state file.replace for [/usr/local/bin/parseie.pl] # [INFO ] No changes needed to be made # [INFO ] Completed state [/usr/local/bin/parseie.pl] at time 14:17:27.497977 duration_in_ms=3.85 # [DEBUG ] Could not LazyLoad file.mod_watch: 'file.mod_watch' is not available. # [INFO ] Running state [/usr/local/bin/pie.pl] at time 14:17:27.503300 # [INFO ] Executing state file.copy for [/usr/local/bin/pie.pl] # [INFO ] The target file "/usr/local/bin/pie.pl" exists and will not be overwritten # [INFO ] Completed state [/usr/local/bin/pie.pl] at time 14:17:27.504510 duration_in_ms=1.21 # [DEBUG ] Could not LazyLoad file.mod_watch: 'file.mod_watch' is not available. # [INFO ] Running state [/usr/local/bin/pie.pl] at time 14:17:27.510804 # [INFO ] Executing state file.replace for [/usr/local/bin/pie.pl] # [INFO ] No changes needed to be made # [INFO ] Completed state [/usr/local/bin/pie.pl] at time 14:17:27.514211 duration_in_ms=3.408 # [DEBUG ] Could not LazyLoad file.mod_watch: 'file.mod_watch' is not available. # [INFO ] Running state [/usr/local/bin/pref.pl] at time 14:17:27.519785 # [INFO ] Executing state file.copy for [/usr/local/bin/pref.pl] # [INFO ] The target file "/usr/local/bin/pref.pl" exists and will not be overwritten # [INFO ] Completed state [/usr/local/bin/pref.pl] at time 14:17:27.521176 duration_in_ms=1.391 # [DEBUG ] Could not LazyLoad file.mod_watch: 'file.mod_watch' is not available. # [INFO ] Running state [/usr/local/bin/pref.pl] at time 14:17:27.529615 # [INFO ] Executing state file.replace for [/usr/local/bin/pref.pl] # [INFO ] No changes needed to be made # [INFO ] Completed state [/usr/local/bin/pref.pl] at time 14:17:27.534918 duration_in_ms=5.303 # [DEBUG ] Could not LazyLoad file.mod_watch: 'file.mod_watch' is not available. # [INFO ] Running state [/usr/local/bin/rawie.pl] at time 14:17:27.540269 # [INFO ] Executing state file.copy for [/usr/local/bin/rawie.pl] # [INFO ] The target file "/usr/local/bin/rawie.pl" exists and will not be overwritten # [INFO ] Completed state [/usr/local/bin/rawie.pl] at time 14:17:27.542341 duration_in_ms=2.071 # [DEBUG ] Could not LazyLoad file.mod_watch: 'file.mod_watch' is not available. # [INFO ] Running state [/usr/local/bin/rawie.pl] at time 14:17:27.548645 # [INFO ] Executing state file.replace for [/usr/local/bin/rawie.pl] # [INFO ] No changes needed to be made # [INFO ] Completed state [/usr/local/bin/rawie.pl] at time 14:17:27.552989 duration_in_ms=4.344 # [DEBUG ] Could not LazyLoad file.mod_watch: 'file.mod_watch' is not available. # [INFO ] Running state [/usr/local/bin/recbin.pl] at time 14:17:27.558882 # [INFO ] Executing state file.copy for [/usr/local/bin/recbin.pl] # [INFO ] The target file "/usr/local/bin/recbin.pl" exists and will not be overwritten # [INFO ] Completed state [/usr/local/bin/recbin.pl] at time 14:17:27.562150 duration_in_ms=3.269 # [DEBUG ] Could not LazyLoad file.mod_watch: 'file.mod_watch' is not available. # [INFO ] Running state [/usr/local/bin/recbin.pl] at time 14:17:27.572513 # [INFO ] Executing state file.replace for [/usr/local/bin/recbin.pl] # [INFO ] No changes needed to be made # [INFO ] Completed state [/usr/local/bin/recbin.pl] at time 14:17:27.577290 duration_in_ms=4.752 # [DEBUG ] Could not LazyLoad file.mod_watch: 'file.mod_watch' is not available. # [INFO ] Running state [/usr/local/bin/regslack.pl] at time 14:17:27.585219 # [INFO ] Executing state file.copy for [/usr/local/bin/regslack.pl] # [INFO ] The target file "/usr/local/bin/regslack.pl" exists and will not be overwritten # [INFO ] Completed state [/usr/local/bin/regslack.pl] at time 14:17:27.586646 duration_in_ms=1.427 # [DEBUG ] Could not LazyLoad file.mod_watch: 'file.mod_watch' is not available. # [INFO ] Running state [/usr/local/bin/regslack.pl] at time 14:17:27.593075 # [INFO ] Executing state file.replace for [/usr/local/bin/regslack.pl] # [INFO ] No changes needed to be made # [INFO ] Completed state [/usr/local/bin/regslack.pl] at time 14:17:27.597534 duration_in_ms=4.459 # [DEBUG ] Could not LazyLoad file.mod_watch: 'file.mod_watch' is not available. # [INFO ] Running state [/usr/local/bin/regtime.pl] at time 14:17:27.605233 # [INFO ] Executing state file.copy for [/usr/local/bin/regtime.pl] # [INFO ] The target file "/usr/local/bin/regtime.pl" exists and will not be overwritten # [INFO ] Completed state [/usr/local/bin/regtime.pl] at time 14:17:27.608153 duration_in_ms=2.92 # [DEBUG ] Could not LazyLoad file.mod_watch: 'file.mod_watch' is not available. # [INFO ] Running state [/usr/local/bin/regtime.pl] at time 14:17:27.621130 # [INFO ] Executing state file.replace for [/usr/local/bin/regtime.pl] # [INFO ] No changes needed to be made # [INFO ] Completed state [/usr/local/bin/regtime.pl] at time 14:17:27.625613 duration_in_ms=4.483 # [DEBUG ] Could not LazyLoad file.mod_watch: 'file.mod_watch' is not available. # [INFO ] Running state [/usr/local/bin/rfc.pl] at time 14:17:27.631729 # [INFO ] Executing state file.copy for [/usr/local/bin/rfc.pl] # [INFO ] The target file "/usr/local/bin/rfc.pl" exists and will not be overwritten # [INFO ] Completed state [/usr/local/bin/rfc.pl] at time 14:17:27.633436 duration_in_ms=1.707 # [DEBUG ] Could not LazyLoad file.mod_watch: 'file.mod_watch' is not available. # [INFO ] Running state [/usr/local/bin/rfc.pl] at time 14:17:27.639709 # [INFO ] Executing state file.replace for [/usr/local/bin/rfc.pl] # [INFO ] No changes needed to be made # [INFO ] Completed state [/usr/local/bin/rfc.pl] at time 14:17:27.643705 duration_in_ms=3.997 # [DEBUG ] Could not LazyLoad file.mod_watch: 'file.mod_watch' is not available. # [INFO ] Running state [/usr/local/bin/rlo.pl] at time 14:17:27.651114 # [INFO ] Executing state file.copy for [/usr/local/bin/rlo.pl] # [INFO ] The target file "/usr/local/bin/rlo.pl" exists and will not be overwritten # [INFO ] Completed state [/usr/local/bin/rlo.pl] at time 14:17:27.652475 duration_in_ms=1.361 # [DEBUG ] Could not LazyLoad file.mod_watch: 'file.mod_watch' is not available. # [INFO ] Running state [/usr/local/bin/rlo.pl] at time 14:17:27.657862 # [INFO ] Executing state file.replace for [/usr/local/bin/rlo.pl] # [INFO ] No changes needed to be made # [INFO ] Completed state [/usr/local/bin/rlo.pl] at time 14:17:27.662637 duration_in_ms=4.774 # [DEBUG ] Could not LazyLoad file.mod_watch: 'file.mod_watch' is not available. # [INFO ] Running state [/usr/local/bin/tln.pl] at time 14:17:27.668189 # [INFO ] Executing state file.copy for [/usr/local/bin/tln.pl] # [INFO ] The target file "/usr/local/bin/tln.pl" exists and will not be overwritten # [INFO ] Completed state [/usr/local/bin/tln.pl] at time 14:17:27.669777 duration_in_ms=1.588 # [DEBUG ] Could not LazyLoad file.mod_watch: 'file.mod_watch' is not available. # [INFO ] Running state [/usr/local/bin/tln.pl] at time 14:17:27.675791 # [INFO ] Executing state file.replace for [/usr/local/bin/tln.pl] # [INFO ] No changes needed to be made # [INFO ] Completed state [/usr/local/bin/tln.pl] at time 14:17:27.680060 duration_in_ms=4.268 # [DEBUG ] Could not LazyLoad file.mod_watch: 'file.mod_watch' is not available. # [INFO ] Running state [/usr/local/bin/usnj.pl] at time 14:17:27.687037 # [INFO ] Executing state file.copy for [/usr/local/bin/usnj.pl] # [INFO ] The target file "/usr/local/bin/usnj.pl" exists and will not be overwritten # [INFO ] Completed state [/usr/local/bin/usnj.pl] at time 14:17:27.688902 duration_in_ms=1.866 # [DEBUG ] Could not LazyLoad file.mod_watch: 'file.mod_watch' is not available. # [INFO ] Running state [/usr/local/bin/usnj.pl] at time 14:17:27.694922 # [INFO ] Executing state file.replace for [/usr/local/bin/usnj.pl] # [INFO ] No changes needed to be made # [INFO ] Completed state [/usr/local/bin/usnj.pl] at time 14:17:27.698992 duration_in_ms=4.071 # [INFO ] Running state [/usr/local/bin/packerid.py] at time 14:17:27.702159 # [INFO ] Executing state file.managed for [/usr/local/bin/packerid.py] # [DEBUG ] Requesting URL https://raw.githubusercontent.com/sooshie/packerid/7b2ee6ef57db903bf356fd342c8ca998abdb68cd/packerid.py using GET method # [INFO ] File changed: --- +++ @@ -1,4 +1,4 @@ -#!/usr/bin/env python +#!/usr/local/bin/python # # Author: Jim Clausing # Date: 2009-05-15 # [DEBUG ] Refreshing modules... # [INFO ] Loading fresh modules for state activity # [DEBUG ] LazyLoaded jinja.render # [DEBUG ] LazyLoaded yaml.render # [INFO ] Completed state [/usr/local/bin/packerid.py] at time 14:17:27.989140 duration_in_ms=286.981 # [DEBUG ] LazyLoaded config.option # [DEBUG ] LazyLoaded file.replace # [DEBUG ] Module DSC: Only available on Windows systems # [DEBUG ] Module PSGet: Only available on Windows systems # [DEBUG ] Could not LazyLoad acme.cert: 'acme' __virtual__ returned False: The ACME execution module cannot be loaded: letsencrypt-auto not installed. # [DEBUG ] LazyLoaded at.at # [DEBUG ] Could not LazyLoad augeas.execute: 'augeas.execute' is not available. # [DEBUG ] LazyLoaded boto3_elasticache.cache_cluster_exists # [DEBUG ] LazyLoaded boto3_route53.find_hosted_zone # [DEBUG ] LazyLoaded boto_apigateway.describe_apis # [DEBUG ] LazyLoaded boto_asg.exists # [DEBUG ] LazyLoaded boto_cfn.exists # [DEBUG ] LazyLoaded boto_cloudtrail.exists # [DEBUG ] LazyLoaded boto_cloudwatch.get_alarm # [DEBUG ] LazyLoaded boto_cloudwatch_event.exists # [DEBUG ] LazyLoaded boto_cognitoidentity.describe_identity_pools # [DEBUG ] LazyLoaded boto_datapipeline.create_pipeline # [DEBUG ] LazyLoaded boto_dynamodb.exists # [DEBUG ] LazyLoaded boto_ec2.get_key # [DEBUG ] LazyLoaded boto_elasticache.exists # [DEBUG ] LazyLoaded boto_elasticsearch_domain.exists # [DEBUG ] LazyLoaded boto_elb.exists # [DEBUG ] LazyLoaded boto_elbv2.target_group_exists # [DEBUG ] LazyLoaded boto_iam.get_user # [DEBUG ] LazyLoaded boto_iam.role_exists # [DEBUG ] LazyLoaded boto_iot.policy_exists # [DEBUG ] LazyLoaded boto_kinesis.exists # [DEBUG ] LazyLoaded boto_kms.describe_key # [DEBUG ] LazyLoaded boto_lambda.function_exists # [DEBUG ] LazyLoaded boto_asg.exists # [DEBUG ] LazyLoaded boto_rds.exists # [DEBUG ] LazyLoaded boto_route53.get_record # [DEBUG ] LazyLoaded boto_s3_bucket.exists # [DEBUG ] LazyLoaded boto_secgroup.exists # [DEBUG ] LazyLoaded boto_sns.exists # [DEBUG ] LazyLoaded boto_sqs.exists # [DEBUG ] LazyLoaded boto_vpc.exists # [DEBUG ] LazyLoaded bower.list # [DEBUG ] LazyLoaded chef.client # [DEBUG ] LazyLoaded chocolatey.install # [DEBUG ] LazyLoaded cisconso.set_data_value # [DEBUG ] LazyLoaded cyg.list # [DEBUG ] LazyLoaded chassis.cmd # [DEBUG ] Could not LazyLoad docker.version: 'docker.version' is not available. # [DEBUG ] Could not LazyLoad docker.version: 'docker.version' is not available. # [DEBUG ] Could not LazyLoad docker.version: 'docker.version' is not available. # [DEBUG ] Could not LazyLoad docker.version: 'docker.version' is not available. # [DEBUG ] Could not LazyLoad docker.version: 'docker.version' is not available. # [DEBUG ] LazyLoaded eselect.exec_action # [DEBUG ] LazyLoaded esxi.cmd # [DEBUG ] LazyLoaded github.list_users # [DEBUG ] LazyLoaded glusterfs.list_volumes # [DEBUG ] LazyLoaded elasticsearch.exists # [DEBUG ] LazyLoaded icinga2.generate_ticket # [DEBUG ] LazyLoaded ifttt.trigger_event # [DEBUG ] Could not LazyLoad influxdb08.db_exists: 'influxdb08.db_exists' is not available. # [DEBUG ] Could not LazyLoad influxdb08.db_exists: 'influxdb08.db_exists' is not available. # [DEBUG ] Could not LazyLoad influxdb.db_exists: 'influxdb.db_exists' is not available. # [DEBUG ] Could not LazyLoad influxdb.db_exists: 'influxdb.db_exists' is not available. # [DEBUG ] Could not LazyLoad influxdb.db_exists: 'influxdb.db_exists' is not available. # [DEBUG ] Could not LazyLoad influxdb.db_exists: 'influxdb.db_exists' is not available. # [DEBUG ] LazyLoaded ipset.version # [DEBUG ] LazyLoaded kapacitor.version # [DEBUG ] LazyLoaded keystone.auth # [DEBUG ] LazyLoaded kubernetes.ping # [DEBUG ] LazyLoaded layman.add # [DEBUG ] LazyLoaded lvs.get_rules # [DEBUG ] LazyLoaded lvs.get_rules # [DEBUG ] LazyLoaded makeconf.get_var # [DEBUG ] LazyLoaded memcached.status # [DEBUG ] LazyLoaded mongodb.user_exists # [DEBUG ] LazyLoaded monit.summary # [DEBUG ] LazyLoaded nftables.version # [DEBUG ] LazyLoaded npm.list # [DEBUG ] LazyLoaded nxos.cmd # [DEBUG ] LazyLoaded openvswitch.bridge_create # [DEBUG ] LazyLoaded openvswitch.port_add # [DEBUG ] LazyLoaded pecl.list # [DEBUG ] LazyLoaded portage_config.get_missing_flags # [DEBUG ] LazyLoaded postgres.cluster_exists # [DEBUG ] LazyLoaded postgres.user_exists # [DEBUG ] LazyLoaded postgres.create_extension # [DEBUG ] LazyLoaded postgres.group_create # [DEBUG ] LazyLoaded postgres.datadir_init # [DEBUG ] LazyLoaded postgres.language_create # [DEBUG ] LazyLoaded postgres.privileges_grant # [DEBUG ] LazyLoaded postgres.schema_exists # [DEBUG ] LazyLoaded postgres.tablespace_exists # [DEBUG ] LazyLoaded postgres.user_exists # [DEBUG ] LazyLoaded quota.report # [DEBUG ] Could not LazyLoad rbac.profile_list: 'rbac.profile_list' is not available. # [DEBUG ] LazyLoaded rdp.enable # [DEBUG ] LazyLoaded reg.read_value # [DEBUG ] LazyLoaded selinux.getenforce # [DEBUG ] Could not LazyLoad vmadm.create: 'vmadm.create' is not available. # [DEBUG ] LazyLoaded snapper.diff # [DEBUG ] LazyLoaded splunk.list_users # [DEBUG ] LazyLoaded splunk_search.get # [DEBUG ] LazyLoaded stormpath.create_account # [DEBUG ] LazyLoaded tls.cert_info # [DEBUG ] LazyLoaded tomcat.status # [DEBUG ] LazyLoaded trafficserver.set_config # [DEBUG ] LazyLoaded victorops.create_event # [DEBUG ] LazyLoaded virt.node_info # [DEBUG ] LazyLoaded win_dacl.add_ace # [DEBUG ] LazyLoaded win_dns_client.add_dns # [DEBUG ] Could not LazyLoad firewall.get_config: 'firewall.get_config' is not available. # [DEBUG ] LazyLoaded win_iis.create_site # [DEBUG ] Could not LazyLoad lgpo.set: 'lgpo.set' is not available. # [DEBUG ] LazyLoaded win_path.rehash # [DEBUG ] LazyLoaded win_pki.get_stores # [DEBUG ] LazyLoaded win_servermanager.install # [DEBUG ] LazyLoaded win_smtp_server.get_server_setting # [DEBUG ] LazyLoaded win_snmp.get_agent_settings # [DEBUG ] LazyLoaded xmpp.send_msg # [DEBUG ] LazyLoaded zabbix.host_create # [DEBUG ] LazyLoaded zabbix.hostgroup_create # [DEBUG ] LazyLoaded zabbix.mediatype_create # [DEBUG ] LazyLoaded zabbix.user_create # [DEBUG ] LazyLoaded zabbix.usergroup_create # [DEBUG ] LazyLoaded zk_concurrency.lock # [DEBUG ] LazyLoaded zonecfg.create # [DEBUG ] LazyLoaded zpool.create # [DEBUG ] Could not LazyLoad file.mod_watch: 'file.mod_watch' is not available. # [INFO ] Running state [/usr/local/bin/packerid.py] at time 14:17:28.831819 # [INFO ] Executing state file.replace for [/usr/local/bin/packerid.py] # [INFO ] File changed: --- +++ @@ -1,4 +1,4 @@ -#!/usr/local/bin/python +#!/usr/bin/env python # # Author: Jim Clausing # Date: 2009-05-15 # [INFO ] Completed state [/usr/local/bin/packerid.py] at time 14:17:28.835585 duration_in_ms=3.766 # [INFO ] Running state [/usr/local/bin] at time 14:17:28.835889 # [INFO ] Executing state file.recurse for [/usr/local/bin] # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/files/page-brute/page_brute-BETA.py' to resolve 'salt://sift/files/page-brute/page_brute-BETA.py' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/files/page-brute/page_brute-BETA.py' to resolve 'salt://sift/files/page-brute/page_brute-BETA.py' # [INFO ] The directory /usr/local/bin is in the correct state # [INFO ] Completed state [/usr/local/bin] at time 14:17:28.917086 duration_in_ms=81.197 # [INFO ] Running state [/usr/local/bin/parseusn.py] at time 14:17:28.917253 # [INFO ] Executing state file.managed for [/usr/local/bin/parseusn.py] # [DEBUG ] Requesting URL https://raw.githubusercontent.com/superponible/DFIR/master/parseusn.py using GET method # [INFO ] File /usr/local/bin/parseusn.py is in the correct state # [INFO ] Completed state [/usr/local/bin/parseusn.py] at time 14:17:29.165849 duration_in_ms=248.592 # [INFO ] Running state [/usr/local/bin] at time 14:17:29.166338 # [INFO ] Executing state file.recurse for [/usr/local/bin] # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/files/pdf-tools/plugin_list' to resolve 'salt://sift/files/pdf-tools/plugin_list' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/files/pdf-tools/plugin_list' to resolve 'salt://sift/files/pdf-tools/plugin_list' # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/files/pdf-tools/plugin_nameobfuscation.py' to resolve 'salt://sift/files/pdf-tools/plugin_nameobfuscation.py' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/files/pdf-tools/plugin_nameobfuscation.py' to resolve 'salt://sift/files/pdf-tools/plugin_nameobfuscation.py' # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/files/pdf-tools/PDFTemplate.bt' to resolve 'salt://sift/files/pdf-tools/PDFTemplate.bt' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/files/pdf-tools/PDFTemplate.bt' to resolve 'salt://sift/files/pdf-tools/PDFTemplate.bt' # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/files/pdf-tools/make-pdf-embedded.py' to resolve 'salt://sift/files/pdf-tools/make-pdf-embedded.py' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/files/pdf-tools/make-pdf-embedded.py' to resolve 'salt://sift/files/pdf-tools/make-pdf-embedded.py' # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/files/pdf-tools/pdf-parser.py' to resolve 'salt://sift/files/pdf-tools/pdf-parser.py' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/files/pdf-tools/pdf-parser.py' to resolve 'salt://sift/files/pdf-tools/pdf-parser.py' # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/files/pdf-tools/plugin_embeddedfile.py' to resolve 'salt://sift/files/pdf-tools/plugin_embeddedfile.py' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/files/pdf-tools/plugin_embeddedfile.py' to resolve 'salt://sift/files/pdf-tools/plugin_embeddedfile.py' # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/files/pdf-tools/make-pdf-helloworld.py' to resolve 'salt://sift/files/pdf-tools/make-pdf-helloworld.py' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/files/pdf-tools/make-pdf-helloworld.py' to resolve 'salt://sift/files/pdf-tools/make-pdf-helloworld.py' # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/files/pdf-tools/mPDF.py' to resolve 'salt://sift/files/pdf-tools/mPDF.py' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/files/pdf-tools/mPDF.py' to resolve 'salt://sift/files/pdf-tools/mPDF.py' # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/files/pdf-tools/plugin_triage.py' to resolve 'salt://sift/files/pdf-tools/plugin_triage.py' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/files/pdf-tools/plugin_triage.py' to resolve 'salt://sift/files/pdf-tools/plugin_triage.py' # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/files/pdf-tools/make-pdf-javascript.py' to resolve 'salt://sift/files/pdf-tools/make-pdf-javascript.py' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/files/pdf-tools/make-pdf-javascript.py' to resolve 'salt://sift/files/pdf-tools/make-pdf-javascript.py' # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/files/pdf-tools/pdfid.py' to resolve 'salt://sift/files/pdf-tools/pdfid.py' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/files/pdf-tools/pdfid.py' to resolve 'salt://sift/files/pdf-tools/pdfid.py' # [INFO ] The directory /usr/local/bin is in the correct state # [INFO ] Completed state [/usr/local/bin] at time 14:17:29.334201 duration_in_ms=167.864 # [INFO ] Running state [/usr/local/bin/pecarve.py] at time 14:17:29.339289 # [INFO ] Executing state file.managed for [/usr/local/bin/pecarve.py] # [DEBUG ] Requesting URL https://raw.githubusercontent.com/Rurik/PE_Carver/9026cd2ca4bd0633f9898a93cb798cd19cffc8f6/pe_carve.py using GET method # [INFO ] File changed: --- +++ @@ -1,4 +1,3 @@ -#!/usr/bin/env python # PE File Carver # by Brian Baskin (@bbaskin) # # [DEBUG ] Refreshing modules... # [INFO ] Loading fresh modules for state activity # [DEBUG ] LazyLoaded jinja.render # [DEBUG ] LazyLoaded yaml.render # [INFO ] Completed state [/usr/local/bin/pecarve.py] at time 14:17:29.597567 duration_in_ms=258.278 # [DEBUG ] LazyLoaded config.option # [DEBUG ] LazyLoaded file.prepend # [DEBUG ] Module DSC: Only available on Windows systems # [DEBUG ] Module PSGet: Only available on Windows systems # [DEBUG ] Could not LazyLoad acme.cert: 'acme' __virtual__ returned False: The ACME execution module cannot be loaded: letsencrypt-auto not installed. # [DEBUG ] LazyLoaded at.at # [DEBUG ] Could not LazyLoad augeas.execute: 'augeas.execute' is not available. # [DEBUG ] LazyLoaded boto3_elasticache.cache_cluster_exists # [DEBUG ] LazyLoaded boto3_route53.find_hosted_zone # [DEBUG ] LazyLoaded boto_apigateway.describe_apis # [DEBUG ] LazyLoaded boto_asg.exists # [DEBUG ] LazyLoaded boto_cfn.exists # [DEBUG ] LazyLoaded boto_cloudtrail.exists # [DEBUG ] LazyLoaded boto_cloudwatch.get_alarm # [DEBUG ] LazyLoaded boto_cloudwatch_event.exists # [DEBUG ] LazyLoaded boto_cognitoidentity.describe_identity_pools # [DEBUG ] LazyLoaded boto_datapipeline.create_pipeline # [DEBUG ] LazyLoaded boto_dynamodb.exists # [DEBUG ] LazyLoaded boto_ec2.get_key # [DEBUG ] LazyLoaded boto_elasticache.exists # [DEBUG ] LazyLoaded boto_elasticsearch_domain.exists # [DEBUG ] LazyLoaded boto_elb.exists # [DEBUG ] LazyLoaded boto_elbv2.target_group_exists # [DEBUG ] LazyLoaded boto_iam.get_user # [DEBUG ] LazyLoaded boto_iam.role_exists # [DEBUG ] LazyLoaded boto_iot.policy_exists # [DEBUG ] LazyLoaded boto_kinesis.exists # [DEBUG ] LazyLoaded boto_kms.describe_key # [DEBUG ] LazyLoaded boto_lambda.function_exists # [DEBUG ] LazyLoaded boto_asg.exists # [DEBUG ] LazyLoaded boto_rds.exists # [DEBUG ] LazyLoaded boto_route53.get_record # [DEBUG ] LazyLoaded boto_s3_bucket.exists # [DEBUG ] LazyLoaded boto_secgroup.exists # [DEBUG ] LazyLoaded boto_sns.exists # [DEBUG ] LazyLoaded boto_sqs.exists # [DEBUG ] LazyLoaded boto_vpc.exists # [DEBUG ] LazyLoaded bower.list # [DEBUG ] LazyLoaded chef.client # [DEBUG ] LazyLoaded chocolatey.install # [DEBUG ] LazyLoaded cisconso.set_data_value # [DEBUG ] LazyLoaded cyg.list # [DEBUG ] LazyLoaded chassis.cmd # [DEBUG ] Could not LazyLoad docker.version: 'docker.version' is not available. # [DEBUG ] Could not LazyLoad docker.version: 'docker.version' is not available. # [DEBUG ] Could not LazyLoad docker.version: 'docker.version' is not available. # [DEBUG ] Could not LazyLoad docker.version: 'docker.version' is not available. # [DEBUG ] Could not LazyLoad docker.version: 'docker.version' is not available. # [DEBUG ] LazyLoaded eselect.exec_action # [DEBUG ] LazyLoaded esxi.cmd # [DEBUG ] LazyLoaded github.list_users # [DEBUG ] LazyLoaded glusterfs.list_volumes # [DEBUG ] LazyLoaded elasticsearch.exists # [DEBUG ] LazyLoaded icinga2.generate_ticket # [DEBUG ] LazyLoaded ifttt.trigger_event # [DEBUG ] Could not LazyLoad influxdb08.db_exists: 'influxdb08.db_exists' is not available. # [DEBUG ] Could not LazyLoad influxdb08.db_exists: 'influxdb08.db_exists' is not available. # [DEBUG ] Could not LazyLoad influxdb.db_exists: 'influxdb.db_exists' is not available. # [DEBUG ] Could not LazyLoad influxdb.db_exists: 'influxdb.db_exists' is not available. # [DEBUG ] Could not LazyLoad influxdb.db_exists: 'influxdb.db_exists' is not available. # [DEBUG ] Could not LazyLoad influxdb.db_exists: 'influxdb.db_exists' is not available. # [DEBUG ] LazyLoaded ipset.version # [DEBUG ] LazyLoaded kapacitor.version # [DEBUG ] LazyLoaded keystone.auth # [DEBUG ] LazyLoaded kubernetes.ping # [DEBUG ] LazyLoaded layman.add # [DEBUG ] LazyLoaded lvs.get_rules # [DEBUG ] LazyLoaded lvs.get_rules # [DEBUG ] LazyLoaded makeconf.get_var # [DEBUG ] LazyLoaded memcached.status # [DEBUG ] LazyLoaded mongodb.user_exists # [DEBUG ] LazyLoaded monit.summary # [DEBUG ] LazyLoaded nftables.version # [DEBUG ] LazyLoaded npm.list # [DEBUG ] LazyLoaded nxos.cmd # [DEBUG ] LazyLoaded openvswitch.bridge_create # [DEBUG ] LazyLoaded openvswitch.port_add # [DEBUG ] LazyLoaded pecl.list # [DEBUG ] LazyLoaded portage_config.get_missing_flags # [DEBUG ] LazyLoaded postgres.cluster_exists # [DEBUG ] LazyLoaded postgres.user_exists # [DEBUG ] LazyLoaded postgres.create_extension # [DEBUG ] LazyLoaded postgres.group_create # [DEBUG ] LazyLoaded postgres.datadir_init # [DEBUG ] LazyLoaded postgres.language_create # [DEBUG ] LazyLoaded postgres.privileges_grant # [DEBUG ] LazyLoaded postgres.schema_exists # [DEBUG ] LazyLoaded postgres.tablespace_exists # [DEBUG ] LazyLoaded postgres.user_exists # [DEBUG ] LazyLoaded quota.report # [DEBUG ] Could not LazyLoad rbac.profile_list: 'rbac.profile_list' is not available. # [DEBUG ] LazyLoaded rdp.enable # [DEBUG ] LazyLoaded reg.read_value # [DEBUG ] LazyLoaded selinux.getenforce # [DEBUG ] Could not LazyLoad vmadm.create: 'vmadm.create' is not available. # [DEBUG ] LazyLoaded snapper.diff # [DEBUG ] LazyLoaded splunk.list_users # [DEBUG ] LazyLoaded splunk_search.get # [DEBUG ] LazyLoaded stormpath.create_account # [DEBUG ] LazyLoaded tls.cert_info # [DEBUG ] LazyLoaded tomcat.status # [DEBUG ] LazyLoaded trafficserver.set_config # [DEBUG ] LazyLoaded victorops.create_event # [DEBUG ] LazyLoaded virt.node_info # [DEBUG ] LazyLoaded win_dacl.add_ace # [DEBUG ] LazyLoaded win_dns_client.add_dns # [DEBUG ] Could not LazyLoad firewall.get_config: 'firewall.get_config' is not available. # [DEBUG ] LazyLoaded win_iis.create_site # [DEBUG ] Could not LazyLoad lgpo.set: 'lgpo.set' is not available. # [DEBUG ] LazyLoaded win_path.rehash # [DEBUG ] LazyLoaded win_pki.get_stores # [DEBUG ] LazyLoaded win_servermanager.install # [DEBUG ] LazyLoaded win_smtp_server.get_server_setting # [DEBUG ] LazyLoaded win_snmp.get_agent_settings # [DEBUG ] LazyLoaded xmpp.send_msg # [DEBUG ] LazyLoaded zabbix.host_create # [DEBUG ] LazyLoaded zabbix.hostgroup_create # [DEBUG ] LazyLoaded zabbix.mediatype_create # [DEBUG ] LazyLoaded zabbix.user_create # [DEBUG ] LazyLoaded zabbix.usergroup_create # [DEBUG ] LazyLoaded zk_concurrency.lock # [DEBUG ] LazyLoaded zonecfg.create # [DEBUG ] LazyLoaded zpool.create # [DEBUG ] Could not LazyLoad file.mod_watch: 'file.mod_watch' is not available. # [INFO ] Running state [/usr/local/bin/pecarve.py] at time 14:17:30.366360 # [INFO ] Executing state file.prepend for [/usr/local/bin/pecarve.py] # [INFO ] File changed: --- +++ @@ -1,3 +1,4 @@ +#!/usr/bin/env python # PE File Carver # by Brian Baskin (@bbaskin) # # [INFO ] Completed state [/usr/local/bin/pecarve.py] at time 14:17:30.368928 duration_in_ms=2.568 # [INFO ] Running state [/usr/local/bin/pescanner.py] at time 14:17:30.371651 # [INFO ] Executing state file.managed for [/usr/local/bin/pescanner.py] # [DEBUG ] Requesting URL https://raw.githubusercontent.com/hiddenillusion/AnalyzePE/9c76ecbc3ac417bc07439c244f2d5ed19af06578/pescanner.py using GET method # [INFO ] File /usr/local/bin/pescanner.py is in the correct state # [INFO ] Completed state [/usr/local/bin/pescanner.py] at time 14:17:30.860184 duration_in_ms=488.53 # [INFO ] Running state [https://github.com/keydet89/RegRipper2.8.git] at time 14:17:30.869330 # [INFO ] Executing state git.latest for [https://github.com/keydet89/RegRipper2.8.git] # [INFO ] Checking remote revision for https://github.com/keydet89/RegRipper2.8.git # [INFO ] Executing command ['git', 'ls-remote', 'https://github.com/keydet89/RegRipper2.8.git'] as user 'root' in directory '/root' mesg: ttyname failed: Inappropriate ioctl for device # [DEBUG ] stdout: c65c823d2c8371a9f0702248ab22d506ea0a2678 HEAD c65c823d2c8371a9f0702248ab22d506ea0a2678 refs/heads/master 9cbf58519ae9cb755604df6ab77cfdd841e69e27 refs/pull/1/head 9ca74b851ed731a8e3047ab1486979b58d61162a refs/pull/12/head 06df33013a12b5347145520b181d43e926f24e1c refs/pull/16/head 76c779f2050a222c86afdfc91907b373d55f6fbf refs/pull/17/head e7c7a2195aee87a18a95b31af5135778deda10b0 refs/pull/19/head 25e090a0bb654d15f97ef29cd4b29ea32ffb2bc3 refs/pull/2/head 996b93115d119f9fe9967d5060ce8725a72fa40a refs/pull/20/head ca9f223dd8bba48f3b69670373ef41fd9d4f3070 refs/pull/21/head 43a22b01c82f0cdab944304bf14a6de272710299 refs/pull/22/head ff62f725d6dbc8738ca820b007d2ac6b3eec8da1 refs/pull/23/head 78e9325e69059a654e2d423bcd0e19c8d9fd39cc refs/pull/26/head 02790a303272d7ea2f2206edb830846029957907 refs/pull/27/head 5f99eb75cb7a9e9b11582ba2072c23884e7ce228 refs/pull/28/head b24a773ae5fbe3f56b8d9402d304f3758e9a794c refs/pull/29/head 329e4b69f150ecaf5c764cdb4b008a15431a4eec refs/pull/31/head a3fd0f874665fb890b0b674887ac920f5a8c8faf refs/pull/31/merge 63713a377afc162a2d92c1acdcb8cf084d2e9b5d refs/pull/5/head # [INFO ] Executing command ['git', 'for-each-ref', '--format', '%(refname:short)', 'refs/heads/'] as user 'root' in directory '/usr/local/src/regripper' mesg: ttyname failed: Inappropriate ioctl for device # [DEBUG ] stdout: master # [INFO ] Executing command ['git', 'for-each-ref', '--format', '%(refname:short)', 'refs/tags/'] as user 'root' in directory '/usr/local/src/regripper' mesg: ttyname failed: Inappropriate ioctl for device # [INFO ] Checking local revision for /usr/local/src/regripper # [INFO ] Executing command ['git', 'rev-parse', 'HEAD'] as user 'root' in directory '/usr/local/src/regripper' mesg: ttyname failed: Inappropriate ioctl for device # [DEBUG ] stdout: c65c823d2c8371a9f0702248ab22d506ea0a2678 # [INFO ] Checking local branch for /usr/local/src/regripper # [INFO ] Executing command ['git', 'rev-parse', '--abbrev-ref', 'HEAD'] as user 'root' in directory '/usr/local/src/regripper' mesg: ttyname failed: Inappropriate ioctl for device # [DEBUG ] stdout: master # [INFO ] Executing command ['git', 'remote', '--verbose'] as user 'root' in directory '/usr/local/src/regripper' mesg: ttyname failed: Inappropriate ioctl for device # [DEBUG ] stdout: origin https://github.com/keydet89/RegRipper2.8.git (fetch) origin https://github.com/keydet89/RegRipper2.8.git (push) # [INFO ] Executing command ['git', 'diff', 'HEAD'] as user 'root' in directory '/usr/local/src/regripper' mesg: ttyname failed: Inappropriate ioctl for device # [DEBUG ] stdout: diff --git a/plugins/all b/plugins/all index 57843dc..cc5a815 100644 --- a/plugins/all +++ b/plugins/all @@ -1,17 +1,11 @@ -# 20161213 *ALL* Plugins that apply on any HIVES, alphabetical order +sizes baseline -del -del_tln -fileless findexes -installedcomp -installer -malware -null regtime +malware +del_tln regtime_tln rlo -sizes -uninstall -uninstall_tln -wallpaper +del +fileless +null diff --git a/plugins/ntuser b/plugins/ntuser index 72c8ed7..561a01c 100644 --- a/plugins/ntuser +++ b/plugins/ntuser @@ -1,159 +1,155 @@ -# 20170415 *ALL* Plugins that apply on NTUSER hive, alphabetical order -acmru -adoberdr +vnchooksapplicationprefs +policies_u +iejava +warcraft3 +typedurlstime_tln +clampitm +startmenuinternetapps_cu +recentdocs_tln +winvnc +decaf +osversion_tln +liveContactsGUID +vncviewer ahaha -aim -aports -appcompatflags -applets -applets_tln -appspecific +yahoo_cu +userinfo +fileexts ares -arpcache -attachmgr -attachmgr_tln +runmru_tln +sevenzip +typedurls_tln +mndmru +putty +officedocs2010 +userlocsvc +ntusernetwork +profiler +wordwheelquery +snapshot_viewer +load +mpmru +typedpaths_tln +kankan +identities +reveton +mndmru_tln autoendtasks +userassist_tln +user_win +winlogon_u +tsclient_tln +outlook2 +rdphint +cmdproc_tln +gthist autorun -bitbucket_user -brisv -cached -cached_tln +winscp +aports +acmru +oisc +sysinternals +reading_locations +skype +vista_bitbucket cain -ccleaner -cdstaginginfo -clampi -clampitm cmdproc -cmdproc_tln -comdlg32 -compdesc -controlpanel -cortana -cpldontload -ddo -decaf -dependency_walker -domains +startpage +rootkit_revealer +typedpaths +muicache +inprocserver environment -fileexts +adoberdr +itempos filehistory -foxitrdr -gpohist -gpohist_tln -gthist -gtwhitelist -haven_and_hearth -identities -iejava -ie_main -ie_settings -ie_zones -inprocserver +vmware_vsphere_client internet_explorer_cu -internet_settings_cu -itempos -javafx -kankan -knowndev +user_run latentbot -listsoft -liveContactsGUID -load -logonusername -menuorder +startup +printers +aim +javafx +typedurls +mp3 mixer +attachmgr +userassist +applets +cached_tln +ddo +printermru mixer_tln -mmc -mmc_tln -mmo -mndmru -mndmru_tln +brisv +odysseus mp2 -mp3 -mpmru -mspaper -muicache -muicache_tln -nero +controlpanel +listsoft +shellbags_xp +proxysettings +logonusername +foxitrdr +osversion +ie_zones +compdesc +ccleaner netassist -ntusernetwork -odysseus -officedocs -officedocs2010 -officedocs2010_tln -oisc +urun_tln +unreadmail +appspecific +winrar_tln +ie_settings +cpldontload +attachmgr_tln +domains +tsclient +uninstall_tln +trustrecords olsearch -osversion -osversion_tln +gpohist_tln outlook -outlook2 -policies_u -printermru -printers -privoxy -profiler -proxysettings +sysinternals_tln +gtwhitelist publishingwizard -putty -putty_sessions -rdphint -reading_locations +shellfolders +dependency_walker +privoxy +cached +vawtrak +comdlg32 +haven_and_hearth realplayer6 -realvnc +mmc_tln +ie_main +knowndev +nero +trustrecords_tln +arpcache +bitbucket_user +mmo +muicache_tln +gpohist +mspaper +runmru recentdocs +cdstaginginfo +winrar2 +uninstall +officedocs +internet_settings_cu recentdocs_timeline -recentdocs_tln -reveton -rootkit_revealer -runmru -runmru_tln -sevenzip -shc -shellbags_xp -shellfolders -skype -snapshot_viewer -ssh_host_keys -startmenuinternetapps_cu -startpage -startup -sysinternals -sysinternals_tln -trustrecords -trustrecords_tln -tsclient -tsclient_tln -typedpaths -typedpaths_tln -typedurls +clampi +applets_tln +officedocs2010_tln typedurlstime -typedurlstime_tln -typedurls_tln -uninstall -uninstall_tln -unreadmail -urun_tln -userassist -userassist_tln -userinfo -userlocsvc -user_run -user_win -vawtrak -vista_bitbucket +realvnc vmplayer -vmware_vsphere_client -vnchooksapplicationprefs -vncviewer +winzip +putty_sessions +menuorder +mmc +appcompatflags +shc wallpaper -warcraft3 -winlogon_u winrar -winrar2 -winrar_tln -winscp -winscp_sessions -winvnc -winzip -wordwheelquery -yahoo_cu diff --git a/plugins/sam b/plugins/sam index f91679f..c6b3571 100644 --- a/plugins/sam +++ b/plugins/sam @@ -1,3 +1,2 @@ -# 20161213 *ALL* Plugins that apply on SAM hive, alphabetical order samparse -samparse_ltn +samparse_tln diff --git a/plugins/security b/plugins/security index 628ca1c..75cd6c2 100644 --- a/plugins/security +++ b/plugins/security @@ -1,8 +1,6 @@ -# 20161213 *ALL* Plugins that apply on SECURITY hive, alphabetical order auditpol -auditpol_xp -lsasecrets -polacdms secrets +auditpol_xp secrets_tln -securityproviders +polacdms +lsasecrets diff --git a/plugins/software b/plugins/software index 67f8673..fc1f6a9 100644 --- a/plugins/software +++ b/plugins/software @@ -1,102 +1,99 @@ -# 20170415 *ALL* Plugins that apply on SOFTWARE hive, alphabetical order -ahaha -appcompatflags -appinitdlls -apppaths -apppaths_tln +wbem +ie_version +logmein_tln +winnt_cv +tracing_tln assoc -at -at_tln -audiodev -banner +volinfocache bho -bitbucket -btconfig -clsid -cmd_shell -cmd_shell_tln -codeid -ctrlpnl -dcom +port_dev +msis +ahaha defbrowser dfrg -direct -direct_tln -disablesr -drivers32 -drwatson -emdmgmt -esent -etos -gauss -gpohist -gpohist_tln -handler -ie_version -ie_zones -imagefile -init_dlls -inprocserver -installedcomp -installer -javasoft -kankan -kb950582 +mrt landesk -landesk_tln -lastloggedon -lazyshell -licenses -logmein -logmein_tln +codeid +drivers32 macaddr -mrt -msis -netsh -networkcards +regback networklist -networklist_tln +winlogon_tln +winbackup +kankan +soft_run +installedcomp +cmd_shell_tln networkuid -opencandy -port_dev +shellexec +shellext +direct +svchost +tracing product +netsh +inprocserver +banner +spp_clients profilelist -psscript -regback -removdev -renocide schedagent -secctr -sfc -shellexec -shellext -shelloverlay +ctrlpnl snapshot -soft_run -spp_clients -sql_lastconnect -srun_tln -ssid -startmenuinternetapps_lm -susclient -svchost +licenses +secctr systemindex -teamviewer -tracing -tracing_tln -trappoll -uac -uninstall -uninstall_tln +gauss +logmein +at_tln urlzone +uac +updates +renocide +etos +apppaths +imagefile +opencandy +ie_zones +lazyshell +winlogon virut -volinfocache -wbem -winbackup +handler +uninstall_tln +javasoft +networklist_tln +gpohist_tln +win_cv +trappoll +apppaths_tln +appinitdlls +bitbucket +removdev +shelloverlay +audiodev +lastloggedon +emdmgmt +esent +drwatson +srun_tln +sfc +installer +dcom +psscript +direct_tln +gpohist +landesk_tln +uninstall winevt -winlogon -winlogon_tln -winnt_cv +ssid +sql_lastconnect +btconfig +clsid +cmd_shell +susclient +kb950582 +networkcards +disablesr +at +appcompatflags winver -win_cv -yahoo_lm +init_dlls diff --git a/plugins/system b/plugins/system index c3840b7..da7db37 100644 --- a/plugins/system +++ b/plugins/system @@ -1,71 +1,69 @@ -# 20170415 *ALL* Plugins that apply on SYSTEM hive, alphabetical order -appcertdlls -appcompatcache -appcompatcache_tln -auditfail -backuprestore -bthport -comfoo -compname -crashcontrol +svc +usbstor3 ddm -devclass -diag_sr -disablelastaccess -dllsearch -dnschanger -eventlog eventlogs -fw_config -hibernate -ide -imagedev -kbdcrash -legacy -legacy_tln -lsa_packages -mountdev mountdev2 -netsvcs -network -nic -nic2 -nic_mst2 -nolmhash -pagefile -pending -phdet -prefetch +shimcache_tln +appcompatcache processor_architecture -productpolicy -producttype -profiler -rdpnla -rdpport +lsa_packages +pending regin remoteaccess -routes -safeboot -securityproviders +rdpport +rdpnla +network +profiler +angelfire services -shares -shimcache -shimcache_tln -shutdown -shutdowncount -stillimage -svc -svcdll +timezone +appcertdlls +kbdcrash +appcompatcache_tln +auditfail svc_plus -svc_tln -systemindex termcert -termserv -timezone +comfoo +nic2 +ide usb -usbdevices -usbstor +legacy_tln usbstor2 -usbstor3 +hibernate +svc_tln +bthport +legacy +shimcache +dllsearch wpdbusenum +nolmhash +safeboot +netsvcs +routes +mountdev +eventlog +usbstor +diag_sr +devclass +svcdll +disablelastaccess +termserv +nic +productpolicy +crashcontrol +pagefile +dnschanger +shutdown +backuprestore +producttype +shutdowncount xpedition +fw_config +compname +usbdevices +securityproviders +phdet +nic_mst2 +stillimage +imagedev +shares diff --git a/plugins/usrclass b/plugins/usrclass index d954280..7977b61 100644 --- a/plugins/usrclass +++ b/plugins/usrclass @@ -1,8 +1,8 @@ -# 20170415 *ALL* Plugins that apply on USRCLASS hive, alphabetical order -cmd_shell_u -inprocserver muicache -muicache_tln -photos +inprocserver +shellbags_test +cmd_shell_u shellbags shellbags_tln +muicache_tln +photos # [DEBUG ] /usr/local/src/regripper is up-to-date, but with local changes. Since 'force_reset' is enabled, these local changes will be reset. # [INFO ] Executing command ['git', 'rev-parse', 'c65c823d2c8371a9f0702248ab22d506ea0a2678^{commit}'] as user 'root' in directory '/usr/local/src/regripper' mesg: ttyname failed: Inappropriate ioctl for device # [DEBUG ] stdout: c65c823d2c8371a9f0702248ab22d506ea0a2678 # [INFO ] Executing command ['git', 'rev-parse', 'origin/master'] as user 'root' in directory '/usr/local/src/regripper' mesg: ttyname failed: Inappropriate ioctl for device # [DEBUG ] stdout: c65c823d2c8371a9f0702248ab22d506ea0a2678 # [INFO ] Executing command ['git', 'rev-parse', '--abbrev-ref', 'master@{upstream}'] as user 'root' in directory '/usr/local/src/regripper' mesg: ttyname failed: Inappropriate ioctl for device # [DEBUG ] stdout: origin/master # [INFO ] Executing command ['git', 'reset', '--hard', 'c65c823d2c8371a9f0702248ab22d506ea0a2678'] as user 'root' in directory '/usr/local/src/regripper' mesg: ttyname failed: Inappropriate ioctl for device # [DEBUG ] stdout: HEAD is now at c65c823 New plugin # [INFO ] Executing command ['git', 'rev-parse', 'HEAD'] as user 'root' in directory '/usr/local/src/regripper' mesg: ttyname failed: Inappropriate ioctl for device # [DEBUG ] stdout: c65c823d2c8371a9f0702248ab22d506ea0a2678 # [INFO ] {'forced update': True} # [INFO ] Completed state [https://github.com/keydet89/RegRipper2.8.git] at time 14:17:33.517942 duration_in_ms=2648.614 # [INFO ] Running state [/usr/local/share/regripper] at time 14:17:33.521094 # [INFO ] Executing state file.directory for [/usr/local/share/regripper] # [INFO ] Directory /usr/local/share/regripper is in the correct state Directory /usr/local/share/regripper updated # [INFO ] Completed state [/usr/local/share/regripper] at time 14:17:33.522108 duration_in_ms=1.013 # [INFO ] Running state [/usr/local/share/regripper/rip.pl] at time 14:17:33.526377 # [INFO ] Executing state file.managed for [/usr/local/share/regripper/rip.pl] # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/files/regripper/rip.pl' to resolve 'salt://sift/files/regripper/rip.pl' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/files/regripper/rip.pl' to resolve 'salt://sift/files/regripper/rip.pl' # [INFO ] File /usr/local/share/regripper/rip.pl is in the correct state # [INFO ] Completed state [/usr/local/share/regripper/rip.pl] at time 14:17:33.538566 duration_in_ms=12.188 # [INFO ] Running state [/usr/local/share/regripper/plugins] at time 14:17:33.543196 # [INFO ] Executing state file.symlink for [/usr/local/share/regripper/plugins] # [INFO ] Symlink /usr/local/share/regripper/plugins is present and owned by root:root # [INFO ] Completed state [/usr/local/share/regripper/plugins] at time 14:17:33.545044 duration_in_ms=1.848 # [INFO ] Running state [/usr/local/bin/rip.pl] at time 14:17:33.547751 # [INFO ] Executing state file.symlink for [/usr/local/bin/rip.pl] # [INFO ] Symlink /usr/local/bin/rip.pl is present and owned by root:root # [INFO ] Completed state [/usr/local/bin/rip.pl] at time 14:17:33.549868 duration_in_ms=2.117 # [INFO ] Running state [grep -R "my %config = (hive" /usr/local/share/regripper/plugins | grep "All" | cut -f1 -d: | xargs -n1 -I{} basename {} | sed 's/.pl$//' > /usr/local/share/regripper/plugins/all] at time 14:17:33.552633 # [INFO ] Executing state cmd.wait for [grep -R "my %config = (hive" /usr/local/share/regripper/plugins | grep "All" | cut -f1 -d: | xargs -n1 -I{} basename {} | sed 's/.pl$//' > /usr/local/share/regripper/plugins/all] # [INFO ] No changes made for grep -R "my %config = (hive" /usr/local/share/regripper/plugins | grep "All" | cut -f1 -d: | xargs -n1 -I{} basename {} | sed 's/.pl$//' > /usr/local/share/regripper/plugins/all # [INFO ] Completed state [grep -R "my %config = (hive" /usr/local/share/regripper/plugins | grep "All" | cut -f1 -d: | xargs -n1 -I{} basename {} | sed 's/.pl$//' > /usr/local/share/regripper/plugins/all] at time 14:17:33.553566 duration_in_ms=0.933 # [INFO ] Running state [grep -R "my %config = (hive" /usr/local/share/regripper/plugins | grep "All" | cut -f1 -d: | xargs -n1 -I{} basename {} | sed 's/.pl$//' > /usr/local/share/regripper/plugins/all] at time 14:17:33.553730 # [INFO ] Executing state cmd.mod_watch for [grep -R "my %config = (hive" /usr/local/share/regripper/plugins | grep "All" | cut -f1 -d: | xargs -n1 -I{} basename {} | sed 's/.pl$//' > /usr/local/share/regripper/plugins/all] # [INFO ] Executing command 'grep -R "my %config = (hive" /usr/local/share/regripper/plugins | grep "All" | cut -f1 -d: | xargs -n1 -I{} basename {} | sed 's/.pl$//' > /usr/local/share/regripper/plugins/all' in directory '/home/sansforensics' # [INFO ] {'pid': 20941, 'retcode': 0, 'stderr': '', 'stdout': ''} # [INFO ] Completed state [grep -R "my %config = (hive" /usr/local/share/regripper/plugins | grep "All" | cut -f1 -d: | xargs -n1 -I{} basename {} | sed 's/.pl$//' > /usr/local/share/regripper/plugins/all] at time 14:17:33.893149 duration_in_ms=339.417 # [INFO ] Running state [grep -R "my %config = (hive" /usr/local/share/regripper/plugins | grep "NTUSER" | cut -f1 -d: | xargs -n1 -I{} basename {} | sed 's/.pl$//' > /usr/local/share/regripper/plugins/ntuser] at time 14:17:33.901903 # [INFO ] Executing state cmd.wait for [grep -R "my %config = (hive" /usr/local/share/regripper/plugins | grep "NTUSER" | cut -f1 -d: | xargs -n1 -I{} basename {} | sed 's/.pl$//' > /usr/local/share/regripper/plugins/ntuser] # [INFO ] No changes made for grep -R "my %config = (hive" /usr/local/share/regripper/plugins | grep "NTUSER" | cut -f1 -d: | xargs -n1 -I{} basename {} | sed 's/.pl$//' > /usr/local/share/regripper/plugins/ntuser # [INFO ] Completed state [grep -R "my %config = (hive" /usr/local/share/regripper/plugins | grep "NTUSER" | cut -f1 -d: | xargs -n1 -I{} basename {} | sed 's/.pl$//' > /usr/local/share/regripper/plugins/ntuser] at time 14:17:33.904058 duration_in_ms=2.156 # [INFO ] Running state [grep -R "my %config = (hive" /usr/local/share/regripper/plugins | grep "NTUSER" | cut -f1 -d: | xargs -n1 -I{} basename {} | sed 's/.pl$//' > /usr/local/share/regripper/plugins/ntuser] at time 14:17:33.904601 # [INFO ] Executing state cmd.mod_watch for [grep -R "my %config = (hive" /usr/local/share/regripper/plugins | grep "NTUSER" | cut -f1 -d: | xargs -n1 -I{} basename {} | sed 's/.pl$//' > /usr/local/share/regripper/plugins/ntuser] # [INFO ] Executing command 'grep -R "my %config = (hive" /usr/local/share/regripper/plugins | grep "NTUSER" | cut -f1 -d: | xargs -n1 -I{} basename {} | sed 's/.pl$//' > /usr/local/share/regripper/plugins/ntuser' in directory '/home/sansforensics' # [INFO ] {'pid': 20958, 'retcode': 0, 'stderr': '', 'stdout': ''} # [INFO ] Completed state [grep -R "my %config = (hive" /usr/local/share/regripper/plugins | grep "NTUSER" | cut -f1 -d: | xargs -n1 -I{} basename {} | sed 's/.pl$//' > /usr/local/share/regripper/plugins/ntuser] at time 14:17:34.341249 duration_in_ms=436.648 # [INFO ] Running state [grep -R "my %config = (hive" /usr/local/share/regripper/plugins | grep "USRCLASS" | cut -f1 -d: | xargs -n1 -I{} basename {} | sed 's/.pl$//' > /usr/local/share/regripper/plugins/usrclass] at time 14:17:34.355201 # [INFO ] Executing state cmd.wait for [grep -R "my %config = (hive" /usr/local/share/regripper/plugins | grep "USRCLASS" | cut -f1 -d: | xargs -n1 -I{} basename {} | sed 's/.pl$//' > /usr/local/share/regripper/plugins/usrclass] # [INFO ] No changes made for grep -R "my %config = (hive" /usr/local/share/regripper/plugins | grep "USRCLASS" | cut -f1 -d: | xargs -n1 -I{} basename {} | sed 's/.pl$//' > /usr/local/share/regripper/plugins/usrclass # [INFO ] Completed state [grep -R "my %config = (hive" /usr/local/share/regripper/plugins | grep "USRCLASS" | cut -f1 -d: | xargs -n1 -I{} basename {} | sed 's/.pl$//' > /usr/local/share/regripper/plugins/usrclass] at time 14:17:34.365673 duration_in_ms=10.471 # [INFO ] Running state [grep -R "my %config = (hive" /usr/local/share/regripper/plugins | grep "USRCLASS" | cut -f1 -d: | xargs -n1 -I{} basename {} | sed 's/.pl$//' > /usr/local/share/regripper/plugins/usrclass] at time 14:17:34.366707 # [INFO ] Executing state cmd.mod_watch for [grep -R "my %config = (hive" /usr/local/share/regripper/plugins | grep "USRCLASS" | cut -f1 -d: | xargs -n1 -I{} basename {} | sed 's/.pl$//' > /usr/local/share/regripper/plugins/usrclass] # [INFO ] Executing command 'grep -R "my %config = (hive" /usr/local/share/regripper/plugins | grep "USRCLASS" | cut -f1 -d: | xargs -n1 -I{} basename {} | sed 's/.pl$//' > /usr/local/share/regripper/plugins/usrclass' in directory '/home/sansforensics' # [INFO ] {'pid': 21119, 'retcode': 0, 'stderr': '', 'stdout': ''} # [INFO ] Completed state [grep -R "my %config = (hive" /usr/local/share/regripper/plugins | grep "USRCLASS" | cut -f1 -d: | xargs -n1 -I{} basename {} | sed 's/.pl$//' > /usr/local/share/regripper/plugins/usrclass] at time 14:17:34.501671 duration_in_ms=134.968 # [INFO ] Running state [grep -R "my %config = (hive" /usr/local/share/regripper/plugins | grep "SAM" | cut -f1 -d: | xargs -n1 -I{} basename {} | sed 's/.pl$//' > /usr/local/share/regripper/plugins/sam] at time 14:17:34.504735 # [INFO ] Executing state cmd.wait for [grep -R "my %config = (hive" /usr/local/share/regripper/plugins | grep "SAM" | cut -f1 -d: | xargs -n1 -I{} basename {} | sed 's/.pl$//' > /usr/local/share/regripper/plugins/sam] # [INFO ] No changes made for grep -R "my %config = (hive" /usr/local/share/regripper/plugins | grep "SAM" | cut -f1 -d: | xargs -n1 -I{} basename {} | sed 's/.pl$//' > /usr/local/share/regripper/plugins/sam # [INFO ] Completed state [grep -R "my %config = (hive" /usr/local/share/regripper/plugins | grep "SAM" | cut -f1 -d: | xargs -n1 -I{} basename {} | sed 's/.pl$//' > /usr/local/share/regripper/plugins/sam] at time 14:17:34.505436 duration_in_ms=0.701 # [INFO ] Running state [grep -R "my %config = (hive" /usr/local/share/regripper/plugins | grep "SAM" | cut -f1 -d: | xargs -n1 -I{} basename {} | sed 's/.pl$//' > /usr/local/share/regripper/plugins/sam] at time 14:17:34.505574 # [INFO ] Executing state cmd.mod_watch for [grep -R "my %config = (hive" /usr/local/share/regripper/plugins | grep "SAM" | cut -f1 -d: | xargs -n1 -I{} basename {} | sed 's/.pl$//' > /usr/local/share/regripper/plugins/sam] # [INFO ] Executing command 'grep -R "my %config = (hive" /usr/local/share/regripper/plugins | grep "SAM" | cut -f1 -d: | xargs -n1 -I{} basename {} | sed 's/.pl$//' > /usr/local/share/regripper/plugins/sam' in directory '/home/sansforensics' # [INFO ] {'pid': 21133, 'retcode': 0, 'stderr': '', 'stdout': ''} # [INFO ] Completed state [grep -R "my %config = (hive" /usr/local/share/regripper/plugins | grep "SAM" | cut -f1 -d: | xargs -n1 -I{} basename {} | sed 's/.pl$//' > /usr/local/share/regripper/plugins/sam] at time 14:17:34.679561 duration_in_ms=173.986 # [INFO ] Running state [grep -R "my %config = (hive" /usr/local/share/regripper/plugins | grep "Security" | cut -f1 -d: | xargs -n1 -I{} basename {} | sed 's/.pl$//' > /usr/local/share/regripper/plugins/security] at time 14:17:34.682700 # [INFO ] Executing state cmd.wait for [grep -R "my %config = (hive" /usr/local/share/regripper/plugins | grep "Security" | cut -f1 -d: | xargs -n1 -I{} basename {} | sed 's/.pl$//' > /usr/local/share/regripper/plugins/security] # [INFO ] No changes made for grep -R "my %config = (hive" /usr/local/share/regripper/plugins | grep "Security" | cut -f1 -d: | xargs -n1 -I{} basename {} | sed 's/.pl$//' > /usr/local/share/regripper/plugins/security # [INFO ] Completed state [grep -R "my %config = (hive" /usr/local/share/regripper/plugins | grep "Security" | cut -f1 -d: | xargs -n1 -I{} basename {} | sed 's/.pl$//' > /usr/local/share/regripper/plugins/security] at time 14:17:34.683468 duration_in_ms=0.768 # [INFO ] Running state [grep -R "my %config = (hive" /usr/local/share/regripper/plugins | grep "Security" | cut -f1 -d: | xargs -n1 -I{} basename {} | sed 's/.pl$//' > /usr/local/share/regripper/plugins/security] at time 14:17:34.683610 # [INFO ] Executing state cmd.mod_watch for [grep -R "my %config = (hive" /usr/local/share/regripper/plugins | grep "Security" | cut -f1 -d: | xargs -n1 -I{} basename {} | sed 's/.pl$//' > /usr/local/share/regripper/plugins/security] # [INFO ] Executing command 'grep -R "my %config = (hive" /usr/local/share/regripper/plugins | grep "Security" | cut -f1 -d: | xargs -n1 -I{} basename {} | sed 's/.pl$//' > /usr/local/share/regripper/plugins/security' in directory '/home/sansforensics' # [INFO ] {'pid': 21141, 'retcode': 0, 'stderr': '', 'stdout': ''} # [INFO ] Completed state [grep -R "my %config = (hive" /usr/local/share/regripper/plugins | grep "Security" | cut -f1 -d: | xargs -n1 -I{} basename {} | sed 's/.pl$//' > /usr/local/share/regripper/plugins/security] at time 14:17:34.827081 duration_in_ms=143.469 # [INFO ] Running state [grep -R "my %config = (hive" /usr/local/share/regripper/plugins | grep "Software" | cut -f1 -d: | xargs -n1 -I{} basename {} | sed 's/.pl$//' > /usr/local/share/regripper/plugins/software] at time 14:17:34.830106 # [INFO ] Executing state cmd.wait for [grep -R "my %config = (hive" /usr/local/share/regripper/plugins | grep "Software" | cut -f1 -d: | xargs -n1 -I{} basename {} | sed 's/.pl$//' > /usr/local/share/regripper/plugins/software] # [INFO ] No changes made for grep -R "my %config = (hive" /usr/local/share/regripper/plugins | grep "Software" | cut -f1 -d: | xargs -n1 -I{} basename {} | sed 's/.pl$//' > /usr/local/share/regripper/plugins/software # [INFO ] Completed state [grep -R "my %config = (hive" /usr/local/share/regripper/plugins | grep "Software" | cut -f1 -d: | xargs -n1 -I{} basename {} | sed 's/.pl$//' > /usr/local/share/regripper/plugins/software] at time 14:17:34.830806 duration_in_ms=0.7 # [INFO ] Running state [grep -R "my %config = (hive" /usr/local/share/regripper/plugins | grep "Software" | cut -f1 -d: | xargs -n1 -I{} basename {} | sed 's/.pl$//' > /usr/local/share/regripper/plugins/software] at time 14:17:34.830946 # [INFO ] Executing state cmd.mod_watch for [grep -R "my %config = (hive" /usr/local/share/regripper/plugins | grep "Software" | cut -f1 -d: | xargs -n1 -I{} basename {} | sed 's/.pl$//' > /usr/local/share/regripper/plugins/software] # [INFO ] Executing command 'grep -R "my %config = (hive" /usr/local/share/regripper/plugins | grep "Software" | cut -f1 -d: | xargs -n1 -I{} basename {} | sed 's/.pl$//' > /usr/local/share/regripper/plugins/software' in directory '/home/sansforensics' # [INFO ] {'pid': 21153, 'retcode': 0, 'stderr': '', 'stdout': ''} # [INFO ] Completed state [grep -R "my %config = (hive" /usr/local/share/regripper/plugins | grep "Software" | cut -f1 -d: | xargs -n1 -I{} basename {} | sed 's/.pl$//' > /usr/local/share/regripper/plugins/software] at time 14:17:35.045780 duration_in_ms=214.831 # [INFO ] Running state [grep -R "my %config = (hive" /usr/local/share/regripper/plugins | grep "System" | cut -f1 -d: | xargs -n1 -I{} basename {} | sed 's/.pl$//' > /usr/local/share/regripper/plugins/system] at time 14:17:35.054957 # [INFO ] Executing state cmd.wait for [grep -R "my %config = (hive" /usr/local/share/regripper/plugins | grep "System" | cut -f1 -d: | xargs -n1 -I{} basename {} | sed 's/.pl$//' > /usr/local/share/regripper/plugins/system] # [INFO ] No changes made for grep -R "my %config = (hive" /usr/local/share/regripper/plugins | grep "System" | cut -f1 -d: | xargs -n1 -I{} basename {} | sed 's/.pl$//' > /usr/local/share/regripper/plugins/system # [INFO ] Completed state [grep -R "my %config = (hive" /usr/local/share/regripper/plugins | grep "System" | cut -f1 -d: | xargs -n1 -I{} basename {} | sed 's/.pl$//' > /usr/local/share/regripper/plugins/system] at time 14:17:35.057001 duration_in_ms=2.044 # [INFO ] Running state [grep -R "my %config = (hive" /usr/local/share/regripper/plugins | grep "System" | cut -f1 -d: | xargs -n1 -I{} basename {} | sed 's/.pl$//' > /usr/local/share/regripper/plugins/system] at time 14:17:35.057467 # [INFO ] Executing state cmd.mod_watch for [grep -R "my %config = (hive" /usr/local/share/regripper/plugins | grep "System" | cut -f1 -d: | xargs -n1 -I{} basename {} | sed 's/.pl$//' > /usr/local/share/regripper/plugins/system] # [INFO ] Executing command 'grep -R "my %config = (hive" /usr/local/share/regripper/plugins | grep "System" | cut -f1 -d: | xargs -n1 -I{} basename {} | sed 's/.pl$//' > /usr/local/share/regripper/plugins/system' in directory '/home/sansforensics' # [INFO ] {'pid': 21258, 'retcode': 0, 'stderr': '', 'stdout': ''} # [INFO ] Completed state [grep -R "my %config = (hive" /usr/local/share/regripper/plugins | grep "System" | cut -f1 -d: | xargs -n1 -I{} basename {} | sed 's/.pl$//' > /usr/local/share/regripper/plugins/system] at time 14:17:35.265326 duration_in_ms=207.86 # [INFO ] Running state [/usr/local/bin/ShimCacheParser.py] at time 14:17:35.271317 # [INFO ] Executing state file.managed for [/usr/local/bin/ShimCacheParser.py] # [DEBUG ] Requesting URL https://raw.githubusercontent.com/mandiant/ShimCacheParser/d7c517af9f3b09b810c5859ee52a6540f3b25855/ShimCacheParser.py using GET method # [INFO ] File changed: --- +++ @@ -1,4 +1,3 @@ -#!/usr/bin/env python # ShimCacheParser.py # # Andrew Davis, andrew.davis@mandiant.com # [DEBUG ] Refreshing modules... # [INFO ] Loading fresh modules for state activity # [DEBUG ] LazyLoaded jinja.render # [DEBUG ] LazyLoaded yaml.render # [INFO ] Completed state [/usr/local/bin/ShimCacheParser.py] at time 14:17:35.622213 duration_in_ms=350.896 # [DEBUG ] LazyLoaded config.option # [DEBUG ] LazyLoaded file.prepend # [DEBUG ] Module DSC: Only available on Windows systems # [DEBUG ] Module PSGet: Only available on Windows systems # [DEBUG ] Could not LazyLoad acme.cert: 'acme' __virtual__ returned False: The ACME execution module cannot be loaded: letsencrypt-auto not installed. # [DEBUG ] LazyLoaded at.at # [DEBUG ] Could not LazyLoad augeas.execute: 'augeas.execute' is not available. # [DEBUG ] LazyLoaded boto3_elasticache.cache_cluster_exists # [DEBUG ] LazyLoaded boto3_route53.find_hosted_zone # [DEBUG ] LazyLoaded boto_apigateway.describe_apis # [DEBUG ] LazyLoaded boto_asg.exists # [DEBUG ] LazyLoaded boto_cfn.exists # [DEBUG ] LazyLoaded boto_cloudtrail.exists # [DEBUG ] LazyLoaded boto_cloudwatch.get_alarm # [DEBUG ] LazyLoaded boto_cloudwatch_event.exists # [DEBUG ] LazyLoaded boto_cognitoidentity.describe_identity_pools # [DEBUG ] LazyLoaded boto_datapipeline.create_pipeline # [DEBUG ] LazyLoaded boto_dynamodb.exists # [DEBUG ] LazyLoaded boto_ec2.get_key # [DEBUG ] LazyLoaded boto_elasticache.exists # [DEBUG ] LazyLoaded boto_elasticsearch_domain.exists # [DEBUG ] LazyLoaded boto_elb.exists # [DEBUG ] LazyLoaded boto_elbv2.target_group_exists # [DEBUG ] LazyLoaded boto_iam.get_user # [DEBUG ] LazyLoaded boto_iam.role_exists # [DEBUG ] LazyLoaded boto_iot.policy_exists # [DEBUG ] LazyLoaded boto_kinesis.exists # [DEBUG ] LazyLoaded boto_kms.describe_key # [DEBUG ] LazyLoaded boto_lambda.function_exists # [DEBUG ] LazyLoaded boto_asg.exists # [DEBUG ] LazyLoaded boto_rds.exists # [DEBUG ] LazyLoaded boto_route53.get_record # [DEBUG ] LazyLoaded boto_s3_bucket.exists # [DEBUG ] LazyLoaded boto_secgroup.exists # [DEBUG ] LazyLoaded boto_sns.exists # [DEBUG ] LazyLoaded boto_sqs.exists # [DEBUG ] LazyLoaded boto_vpc.exists # [DEBUG ] LazyLoaded bower.list # [DEBUG ] LazyLoaded chef.client # [DEBUG ] LazyLoaded chocolatey.install # [DEBUG ] LazyLoaded cisconso.set_data_value # [DEBUG ] LazyLoaded cyg.list # [DEBUG ] LazyLoaded chassis.cmd # [DEBUG ] Could not LazyLoad docker.version: 'docker.version' is not available. # [DEBUG ] Could not LazyLoad docker.version: 'docker.version' is not available. # [DEBUG ] Could not LazyLoad docker.version: 'docker.version' is not available. # [DEBUG ] Could not LazyLoad docker.version: 'docker.version' is not available. # [DEBUG ] Could not LazyLoad docker.version: 'docker.version' is not available. # [DEBUG ] LazyLoaded eselect.exec_action # [DEBUG ] LazyLoaded esxi.cmd # [DEBUG ] LazyLoaded github.list_users # [DEBUG ] LazyLoaded glusterfs.list_volumes # [DEBUG ] LazyLoaded elasticsearch.exists # [DEBUG ] LazyLoaded icinga2.generate_ticket # [DEBUG ] LazyLoaded ifttt.trigger_event # [DEBUG ] Could not LazyLoad influxdb08.db_exists: 'influxdb08.db_exists' is not available. # [DEBUG ] Could not LazyLoad influxdb08.db_exists: 'influxdb08.db_exists' is not available. # [DEBUG ] Could not LazyLoad influxdb.db_exists: 'influxdb.db_exists' is not available. # [DEBUG ] Could not LazyLoad influxdb.db_exists: 'influxdb.db_exists' is not available. # [DEBUG ] Could not LazyLoad influxdb.db_exists: 'influxdb.db_exists' is not available. # [DEBUG ] Could not LazyLoad influxdb.db_exists: 'influxdb.db_exists' is not available. # [DEBUG ] LazyLoaded ipset.version # [DEBUG ] LazyLoaded kapacitor.version # [DEBUG ] LazyLoaded keystone.auth # [DEBUG ] LazyLoaded kubernetes.ping # [DEBUG ] LazyLoaded layman.add # [DEBUG ] LazyLoaded lvs.get_rules # [DEBUG ] LazyLoaded lvs.get_rules # [DEBUG ] LazyLoaded makeconf.get_var # [DEBUG ] LazyLoaded memcached.status # [DEBUG ] LazyLoaded mongodb.user_exists # [DEBUG ] LazyLoaded monit.summary # [DEBUG ] LazyLoaded nftables.version # [DEBUG ] LazyLoaded npm.list # [DEBUG ] LazyLoaded nxos.cmd # [DEBUG ] LazyLoaded openvswitch.bridge_create # [DEBUG ] LazyLoaded openvswitch.port_add # [DEBUG ] LazyLoaded pecl.list # [DEBUG ] LazyLoaded portage_config.get_missing_flags # [DEBUG ] LazyLoaded postgres.cluster_exists # [DEBUG ] LazyLoaded postgres.user_exists # [DEBUG ] LazyLoaded postgres.create_extension # [DEBUG ] LazyLoaded postgres.group_create # [DEBUG ] LazyLoaded postgres.datadir_init # [DEBUG ] LazyLoaded postgres.language_create # [DEBUG ] LazyLoaded postgres.privileges_grant # [DEBUG ] LazyLoaded postgres.schema_exists # [DEBUG ] LazyLoaded postgres.tablespace_exists # [DEBUG ] LazyLoaded postgres.user_exists # [DEBUG ] LazyLoaded quota.report # [DEBUG ] Could not LazyLoad rbac.profile_list: 'rbac.profile_list' is not available. # [DEBUG ] LazyLoaded rdp.enable # [DEBUG ] LazyLoaded reg.read_value # [DEBUG ] LazyLoaded selinux.getenforce # [DEBUG ] Could not LazyLoad vmadm.create: 'vmadm.create' is not available. # [DEBUG ] LazyLoaded snapper.diff # [DEBUG ] LazyLoaded splunk.list_users # [DEBUG ] LazyLoaded splunk_search.get # [DEBUG ] LazyLoaded stormpath.create_account # [DEBUG ] LazyLoaded tls.cert_info # [DEBUG ] LazyLoaded tomcat.status # [DEBUG ] LazyLoaded trafficserver.set_config # [DEBUG ] LazyLoaded victorops.create_event # [DEBUG ] LazyLoaded virt.node_info # [DEBUG ] LazyLoaded win_dacl.add_ace # [DEBUG ] LazyLoaded win_dns_client.add_dns # [DEBUG ] Could not LazyLoad firewall.get_config: 'firewall.get_config' is not available. # [DEBUG ] LazyLoaded win_iis.create_site # [DEBUG ] Could not LazyLoad lgpo.set: 'lgpo.set' is not available. # [DEBUG ] LazyLoaded win_path.rehash # [DEBUG ] LazyLoaded win_pki.get_stores # [DEBUG ] LazyLoaded win_servermanager.install # [DEBUG ] LazyLoaded win_smtp_server.get_server_setting # [DEBUG ] LazyLoaded win_snmp.get_agent_settings # [DEBUG ] LazyLoaded xmpp.send_msg # [DEBUG ] LazyLoaded zabbix.host_create # [DEBUG ] LazyLoaded zabbix.hostgroup_create # [DEBUG ] LazyLoaded zabbix.mediatype_create # [DEBUG ] LazyLoaded zabbix.user_create # [DEBUG ] LazyLoaded zabbix.usergroup_create # [DEBUG ] LazyLoaded zk_concurrency.lock # [DEBUG ] LazyLoaded zonecfg.create # [DEBUG ] LazyLoaded zpool.create # [DEBUG ] Could not LazyLoad file.mod_watch: 'file.mod_watch' is not available. # [INFO ] Running state [/usr/local/bin/ShimCacheParser.py] at time 14:17:36.354758 # [INFO ] Executing state file.prepend for [/usr/local/bin/ShimCacheParser.py] # [INFO ] File changed: --- +++ @@ -1,3 +1,4 @@ +#!/usr/bin/env python # ShimCacheParser.py # # Andrew Davis, andrew.davis@mandiant.com # [INFO ] Completed state [/usr/local/bin/ShimCacheParser.py] at time 14:17:36.359327 duration_in_ms=4.568 # [INFO ] Running state [/usr/share/sift/resources] at time 14:17:36.359513 # [INFO ] Executing state file.directory for [/usr/share/sift/resources] # [INFO ] Directory /usr/share/sift/resources is in the correct state Directory /usr/share/sift/resources updated # [INFO ] Completed state [/usr/share/sift/resources] at time 14:17:36.360438 duration_in_ms=0.925 # [INFO ] Running state [/usr/share/sift/images] at time 14:17:36.360589 # [INFO ] Executing state file.directory for [/usr/share/sift/images] # [INFO ] Directory /usr/share/sift/images is in the correct state Directory /usr/share/sift/images updated # [INFO ] Completed state [/usr/share/sift/images] at time 14:17:36.361398 duration_in_ms=0.809 # [INFO ] Running state [/usr/share/sift/audio] at time 14:17:36.361565 # [INFO ] Executing state file.directory for [/usr/share/sift/audio] # [INFO ] Directory /usr/share/sift/audio is in the correct state Directory /usr/share/sift/audio updated # [INFO ] Completed state [/usr/share/sift/audio] at time 14:17:36.362386 duration_in_ms=0.821 # [INFO ] Running state [/usr/share/sift/other] at time 14:17:36.362539 # [INFO ] Executing state file.directory for [/usr/share/sift/other] # [INFO ] Directory /usr/share/sift/other is in the correct state Directory /usr/share/sift/other updated # [INFO ] Completed state [/usr/share/sift/other] at time 14:17:36.363374 duration_in_ms=0.835 # [INFO ] Running state [/usr/share/sift/scripts] at time 14:17:36.363523 # [INFO ] Executing state file.directory for [/usr/share/sift/scripts] # [INFO ] Directory /usr/share/sift/scripts is in the correct state Directory /usr/share/sift/scripts updated # [INFO ] Completed state [/usr/share/sift/scripts] at time 14:17:36.364534 duration_in_ms=1.01 # [INFO ] Running state [/usr/share/sift] at time 14:17:36.373615 # [INFO ] Executing state file.recurse for [/usr/share/sift] # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/files/sift/images/dfir_avatar.jpg' to resolve 'salt://sift/files/sift/images/dfir_avatar.jpg' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/files/sift/images/dfir_avatar.jpg' to resolve 'salt://sift/files/sift/images/dfir_avatar.jpg' # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/files/sift/resources/Find-Evil-Poster.pdf' to resolve 'salt://sift/files/sift/resources/Find-Evil-Poster.pdf' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/files/sift/resources/Find-Evil-Poster.pdf' to resolve 'salt://sift/files/sift/resources/Find-Evil-Poster.pdf' # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/files/sift/resources/sift-cheatsheet.pdf' to resolve 'salt://sift/files/sift/resources/sift-cheatsheet.pdf' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/files/sift/resources/sift-cheatsheet.pdf' to resolve 'salt://sift/files/sift/resources/sift-cheatsheet.pdf' # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/files/sift/resources/Evidence-of-Poster.pdf' to resolve 'salt://sift/files/sift/resources/Evidence-of-Poster.pdf' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/files/sift/resources/Evidence-of-Poster.pdf' to resolve 'salt://sift/files/sift/resources/Evidence-of-Poster.pdf' # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/files/sift/resources/SANS-DFIR.pdf' to resolve 'salt://sift/files/sift/resources/SANS-DFIR.pdf' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/files/sift/resources/SANS-DFIR.pdf' to resolve 'salt://sift/files/sift/resources/SANS-DFIR.pdf' # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/files/sift/audio/doink_doink.mp3' to resolve 'salt://sift/files/sift/audio/doink_doink.mp3' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/files/sift/audio/doink_doink.mp3' to resolve 'salt://sift/files/sift/audio/doink_doink.mp3' # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/files/sift/resources/network-forensics-cheatsheet.pdf' to resolve 'salt://sift/files/sift/resources/network-forensics-cheatsheet.pdf' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/files/sift/resources/network-forensics-cheatsheet.pdf' to resolve 'salt://sift/files/sift/resources/network-forensics-cheatsheet.pdf' # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/files/sift/images/dfir_logo.png' to resolve 'salt://sift/files/sift/images/dfir_logo.png' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/files/sift/images/dfir_logo.png' to resolve 'salt://sift/files/sift/images/dfir_logo.png' # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/files/sift/scripts/update-sift' to resolve 'salt://sift/files/sift/scripts/update-sift' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/files/sift/scripts/update-sift' to resolve 'salt://sift/files/sift/scripts/update-sift' # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/files/sift/resources/windows-to-unix-cheatsheet.pdf' to resolve 'salt://sift/files/sift/resources/windows-to-unix-cheatsheet.pdf' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/files/sift/resources/windows-to-unix-cheatsheet.pdf' to resolve 'salt://sift/files/sift/resources/windows-to-unix-cheatsheet.pdf' # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/files/sift/resources/memory-forensics-cheatsheet.pdf' to resolve 'salt://sift/files/sift/resources/memory-forensics-cheatsheet.pdf' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/files/sift/resources/memory-forensics-cheatsheet.pdf' to resolve 'salt://sift/files/sift/resources/memory-forensics-cheatsheet.pdf' # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/files/sift/images/forensics_blue.jpg' to resolve 'salt://sift/files/sift/images/forensics_blue.jpg' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/files/sift/images/forensics_blue.jpg' to resolve 'salt://sift/files/sift/images/forensics_blue.jpg' # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/files/sift/resources/Smartphone-Forensics-Poster.pdf' to resolve 'salt://sift/files/sift/resources/Smartphone-Forensics-Poster.pdf' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/files/sift/resources/Smartphone-Forensics-Poster.pdf' to resolve 'salt://sift/files/sift/resources/Smartphone-Forensics-Poster.pdf' # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/files/sift/other/gnome-terminal.desktop' to resolve 'salt://sift/files/sift/other/gnome-terminal.desktop' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/files/sift/other/gnome-terminal.desktop' to resolve 'salt://sift/files/sift/other/gnome-terminal.desktop' # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/files/sift/images/login_logo.png' to resolve 'salt://sift/files/sift/images/login_logo.png' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/files/sift/images/login_logo.png' to resolve 'salt://sift/files/sift/images/login_logo.png' # [INFO ] The directory /usr/share/sift is in the correct state # [INFO ] Completed state [/usr/share/sift] at time 14:17:36.852997 duration_in_ms=479.383 # [INFO ] Running state [/usr/share/tsk/sorter] at time 14:17:36.853191 # [INFO ] Executing state file.directory for [/usr/share/tsk/sorter] # [INFO ] Directory /usr/share/tsk/sorter is in the correct state Directory /usr/share/tsk/sorter updated # [INFO ] Completed state [/usr/share/tsk/sorter] at time 14:17:36.854044 duration_in_ms=0.852 # [INFO ] Running state [/usr/share/tsk/sorter] at time 14:17:36.856808 # [INFO ] Executing state file.recurse for [/usr/share/tsk/sorter] # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/files/sorter/windows.sort' to resolve 'salt://sift/files/sorter/windows.sort' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/files/sorter/windows.sort' to resolve 'salt://sift/files/sorter/windows.sort' # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/files/sorter/default.sort' to resolve 'salt://sift/files/sorter/default.sort' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/files/sorter/default.sort' to resolve 'salt://sift/files/sorter/default.sort' # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/files/sorter/images.sort.bak' to resolve 'salt://sift/files/sorter/images.sort.bak' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/files/sorter/images.sort.bak' to resolve 'salt://sift/files/sorter/images.sort.bak' # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/files/sorter/freebsd.sort' to resolve 'salt://sift/files/sorter/freebsd.sort' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/files/sorter/freebsd.sort' to resolve 'salt://sift/files/sorter/freebsd.sort' # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/files/sorter/openbsd.sort' to resolve 'salt://sift/files/sorter/openbsd.sort' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/files/sorter/openbsd.sort' to resolve 'salt://sift/files/sorter/openbsd.sort' # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/files/sorter/linux.sort' to resolve 'salt://sift/files/sorter/linux.sort' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/files/sorter/linux.sort' to resolve 'salt://sift/files/sorter/linux.sort' # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/files/sorter/solaris.sort' to resolve 'salt://sift/files/sorter/solaris.sort' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/files/sorter/solaris.sort' to resolve 'salt://sift/files/sorter/solaris.sort' # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/files/sorter/windows.sort.bak' to resolve 'salt://sift/files/sorter/windows.sort.bak' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/files/sorter/windows.sort.bak' to resolve 'salt://sift/files/sorter/windows.sort.bak' # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/files/sorter/images.sort' to resolve 'salt://sift/files/sorter/images.sort' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/files/sorter/images.sort' to resolve 'salt://sift/files/sorter/images.sort' # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/files/sorter/archives.sort' to resolve 'salt://sift/files/sorter/archives.sort' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/files/sorter/archives.sort' to resolve 'salt://sift/files/sorter/archives.sort' # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/files/sorter/exec.sort' to resolve 'salt://sift/files/sorter/exec.sort' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/files/sorter/exec.sort' to resolve 'salt://sift/files/sorter/exec.sort' # [INFO ] The directory /usr/share/tsk/sorter is in the correct state # [INFO ] Completed state [/usr/share/tsk/sorter] at time 14:17:36.996268 duration_in_ms=139.461 # [INFO ] Running state [/usr/local/bin/sqlparser.py] at time 14:17:36.996443 # [INFO ] Executing state file.managed for [/usr/local/bin/sqlparser.py] # [DEBUG ] Requesting URL https://github.com/mdegrazia/SQLite-Deleted-Records-Parser/releases/download/v.1.1/sqlparse_v1.1.py using GET method # [INFO ] File changed: --- +++ @@ -1,4 +1,3 @@ -#!/usr/bin/env python #sqlparse.py # #This program parses an SQLite3 database for deleted entires and # [DEBUG ] Refreshing modules... # [INFO ] Loading fresh modules for state activity # [DEBUG ] LazyLoaded jinja.render # [DEBUG ] LazyLoaded yaml.render # [INFO ] Completed state [/usr/local/bin/sqlparser.py] at time 14:17:38.395000 duration_in_ms=1398.556 # [DEBUG ] LazyLoaded config.option # [DEBUG ] LazyLoaded file.prepend # [DEBUG ] Module DSC: Only available on Windows systems # [DEBUG ] Module PSGet: Only available on Windows systems # [DEBUG ] Could not LazyLoad acme.cert: 'acme' __virtual__ returned False: The ACME execution module cannot be loaded: letsencrypt-auto not installed. # [DEBUG ] LazyLoaded at.at # [DEBUG ] Could not LazyLoad augeas.execute: 'augeas.execute' is not available. # [DEBUG ] LazyLoaded boto3_elasticache.cache_cluster_exists # [DEBUG ] LazyLoaded boto3_route53.find_hosted_zone # [DEBUG ] LazyLoaded boto_apigateway.describe_apis # [DEBUG ] LazyLoaded boto_asg.exists # [DEBUG ] LazyLoaded boto_cfn.exists # [DEBUG ] LazyLoaded boto_cloudtrail.exists # [DEBUG ] LazyLoaded boto_cloudwatch.get_alarm # [DEBUG ] LazyLoaded boto_cloudwatch_event.exists # [DEBUG ] LazyLoaded boto_cognitoidentity.describe_identity_pools # [DEBUG ] LazyLoaded boto_datapipeline.create_pipeline # [DEBUG ] LazyLoaded boto_dynamodb.exists # [DEBUG ] LazyLoaded boto_ec2.get_key # [DEBUG ] LazyLoaded boto_elasticache.exists # [DEBUG ] LazyLoaded boto_elasticsearch_domain.exists # [DEBUG ] LazyLoaded boto_elb.exists # [DEBUG ] LazyLoaded boto_elbv2.target_group_exists # [DEBUG ] LazyLoaded boto_iam.get_user # [DEBUG ] LazyLoaded boto_iam.role_exists # [DEBUG ] LazyLoaded boto_iot.policy_exists # [DEBUG ] LazyLoaded boto_kinesis.exists # [DEBUG ] LazyLoaded boto_kms.describe_key # [DEBUG ] LazyLoaded boto_lambda.function_exists # [DEBUG ] LazyLoaded boto_asg.exists # [DEBUG ] LazyLoaded boto_rds.exists # [DEBUG ] LazyLoaded boto_route53.get_record # [DEBUG ] LazyLoaded boto_s3_bucket.exists # [DEBUG ] LazyLoaded boto_secgroup.exists # [DEBUG ] LazyLoaded boto_sns.exists # [DEBUG ] LazyLoaded boto_sqs.exists # [DEBUG ] LazyLoaded boto_vpc.exists # [DEBUG ] LazyLoaded bower.list # [DEBUG ] LazyLoaded chef.client # [DEBUG ] LazyLoaded chocolatey.install # [DEBUG ] LazyLoaded cisconso.set_data_value # [DEBUG ] LazyLoaded cyg.list # [DEBUG ] LazyLoaded chassis.cmd # [DEBUG ] Could not LazyLoad docker.version: 'docker.version' is not available. # [DEBUG ] Could not LazyLoad docker.version: 'docker.version' is not available. # [DEBUG ] Could not LazyLoad docker.version: 'docker.version' is not available. # [DEBUG ] Could not LazyLoad docker.version: 'docker.version' is not available. # [DEBUG ] Could not LazyLoad docker.version: 'docker.version' is not available. # [DEBUG ] LazyLoaded eselect.exec_action # [DEBUG ] LazyLoaded esxi.cmd # [DEBUG ] LazyLoaded github.list_users # [DEBUG ] LazyLoaded glusterfs.list_volumes # [DEBUG ] LazyLoaded elasticsearch.exists # [DEBUG ] LazyLoaded icinga2.generate_ticket # [DEBUG ] LazyLoaded ifttt.trigger_event # [DEBUG ] Could not LazyLoad influxdb08.db_exists: 'influxdb08.db_exists' is not available. # [DEBUG ] Could not LazyLoad influxdb08.db_exists: 'influxdb08.db_exists' is not available. # [DEBUG ] Could not LazyLoad influxdb.db_exists: 'influxdb.db_exists' is not available. # [DEBUG ] Could not LazyLoad influxdb.db_exists: 'influxdb.db_exists' is not available. # [DEBUG ] Could not LazyLoad influxdb.db_exists: 'influxdb.db_exists' is not available. # [DEBUG ] Could not LazyLoad influxdb.db_exists: 'influxdb.db_exists' is not available. # [DEBUG ] LazyLoaded ipset.version # [DEBUG ] LazyLoaded kapacitor.version # [DEBUG ] LazyLoaded keystone.auth # [DEBUG ] LazyLoaded kubernetes.ping # [DEBUG ] LazyLoaded layman.add # [DEBUG ] LazyLoaded lvs.get_rules # [DEBUG ] LazyLoaded lvs.get_rules # [DEBUG ] LazyLoaded makeconf.get_var # [DEBUG ] LazyLoaded memcached.status # [DEBUG ] LazyLoaded mongodb.user_exists # [DEBUG ] LazyLoaded monit.summary # [DEBUG ] LazyLoaded nftables.version # [DEBUG ] LazyLoaded npm.list # [DEBUG ] LazyLoaded nxos.cmd # [DEBUG ] LazyLoaded openvswitch.bridge_create # [DEBUG ] LazyLoaded openvswitch.port_add # [DEBUG ] LazyLoaded pecl.list # [DEBUG ] LazyLoaded portage_config.get_missing_flags # [DEBUG ] LazyLoaded postgres.cluster_exists # [DEBUG ] LazyLoaded postgres.user_exists # [DEBUG ] LazyLoaded postgres.create_extension # [DEBUG ] LazyLoaded postgres.group_create # [DEBUG ] LazyLoaded postgres.datadir_init # [DEBUG ] LazyLoaded postgres.language_create # [DEBUG ] LazyLoaded postgres.privileges_grant # [DEBUG ] LazyLoaded postgres.schema_exists # [DEBUG ] LazyLoaded postgres.tablespace_exists # [DEBUG ] LazyLoaded postgres.user_exists # [DEBUG ] LazyLoaded quota.report # [DEBUG ] Could not LazyLoad rbac.profile_list: 'rbac.profile_list' is not available. # [DEBUG ] LazyLoaded rdp.enable # [DEBUG ] LazyLoaded reg.read_value # [DEBUG ] LazyLoaded selinux.getenforce # [DEBUG ] Could not LazyLoad vmadm.create: 'vmadm.create' is not available. # [DEBUG ] LazyLoaded snapper.diff # [DEBUG ] LazyLoaded splunk.list_users # [DEBUG ] LazyLoaded splunk_search.get # [DEBUG ] LazyLoaded stormpath.create_account # [DEBUG ] LazyLoaded tls.cert_info # [DEBUG ] LazyLoaded tomcat.status # [DEBUG ] LazyLoaded trafficserver.set_config # [DEBUG ] LazyLoaded victorops.create_event # [DEBUG ] LazyLoaded virt.node_info # [DEBUG ] LazyLoaded win_dacl.add_ace # [DEBUG ] LazyLoaded win_dns_client.add_dns # [DEBUG ] Could not LazyLoad firewall.get_config: 'firewall.get_config' is not available. # [DEBUG ] LazyLoaded win_iis.create_site # [DEBUG ] Could not LazyLoad lgpo.set: 'lgpo.set' is not available. # [DEBUG ] LazyLoaded win_path.rehash # [DEBUG ] LazyLoaded win_pki.get_stores # [DEBUG ] LazyLoaded win_servermanager.install # [DEBUG ] LazyLoaded win_smtp_server.get_server_setting # [DEBUG ] LazyLoaded win_snmp.get_agent_settings # [DEBUG ] LazyLoaded xmpp.send_msg # [DEBUG ] LazyLoaded zabbix.host_create # [DEBUG ] LazyLoaded zabbix.hostgroup_create # [DEBUG ] LazyLoaded zabbix.mediatype_create # [DEBUG ] LazyLoaded zabbix.user_create # [DEBUG ] LazyLoaded zabbix.usergroup_create # [DEBUG ] LazyLoaded zk_concurrency.lock # [DEBUG ] LazyLoaded zonecfg.create # [DEBUG ] LazyLoaded zpool.create # [DEBUG ] Could not LazyLoad file.mod_watch: 'file.mod_watch' is not available. # [INFO ] Running state [/usr/local/bin/sqlparser.py] at time 14:17:39.115388 # [INFO ] Executing state file.prepend for [/usr/local/bin/sqlparser.py] # [INFO ] File changed: --- +++ @@ -1,3 +1,4 @@ +#!/usr/bin/env python #sqlparse.py # #This program parses an SQLite3 database for deleted entires and # [INFO ] Completed state [/usr/local/bin/sqlparser.py] at time 14:17:39.117830 duration_in_ms=2.442 # [INFO ] Running state [/usr/local/bin/usbdeviceforensics.py] at time 14:17:39.118004 # [INFO ] Executing state file.managed for [/usr/local/bin/usbdeviceforensics.py] # [DEBUG ] Requesting URL https://raw.githubusercontent.com/woanware/usbdeviceforensics/5a0705d5beca09eab2fd5a47a52240dbc0db5bc9/usbdeviceforensics.py using GET method # [INFO ] File changed: --- +++ @@ -1,4 +1,4 @@ -#!/usr/bin/env python +#!/usr/bin/python # This file is part of usbdeviceforensics. usbdeviceforensics is a python console based port of woanware's # UsbDeviceForensics .Net WinForms GUI application. # [DEBUG ] Refreshing modules... # [INFO ] Loading fresh modules for state activity # [DEBUG ] LazyLoaded jinja.render # [DEBUG ] LazyLoaded yaml.render # [INFO ] Completed state [/usr/local/bin/usbdeviceforensics.py] at time 14:17:39.590374 duration_in_ms=472.369 # [DEBUG ] LazyLoaded config.option # [DEBUG ] LazyLoaded file.replace # [DEBUG ] Module DSC: Only available on Windows systems # [DEBUG ] Module PSGet: Only available on Windows systems # [DEBUG ] Could not LazyLoad acme.cert: 'acme' __virtual__ returned False: The ACME execution module cannot be loaded: letsencrypt-auto not installed. # [DEBUG ] LazyLoaded at.at # [DEBUG ] Could not LazyLoad augeas.execute: 'augeas.execute' is not available. # [DEBUG ] LazyLoaded boto3_elasticache.cache_cluster_exists # [DEBUG ] LazyLoaded boto3_route53.find_hosted_zone # [DEBUG ] LazyLoaded boto_apigateway.describe_apis # [DEBUG ] LazyLoaded boto_asg.exists # [DEBUG ] LazyLoaded boto_cfn.exists # [DEBUG ] LazyLoaded boto_cloudtrail.exists # [DEBUG ] LazyLoaded boto_cloudwatch.get_alarm # [DEBUG ] LazyLoaded boto_cloudwatch_event.exists # [DEBUG ] LazyLoaded boto_cognitoidentity.describe_identity_pools # [DEBUG ] LazyLoaded boto_datapipeline.create_pipeline # [DEBUG ] LazyLoaded boto_dynamodb.exists # [DEBUG ] LazyLoaded boto_ec2.get_key # [DEBUG ] LazyLoaded boto_elasticache.exists # [DEBUG ] LazyLoaded boto_elasticsearch_domain.exists # [DEBUG ] LazyLoaded boto_elb.exists # [DEBUG ] LazyLoaded boto_elbv2.target_group_exists # [DEBUG ] LazyLoaded boto_iam.get_user # [DEBUG ] LazyLoaded boto_iam.role_exists # [DEBUG ] LazyLoaded boto_iot.policy_exists # [DEBUG ] LazyLoaded boto_kinesis.exists # [DEBUG ] LazyLoaded boto_kms.describe_key # [DEBUG ] LazyLoaded boto_lambda.function_exists # [DEBUG ] LazyLoaded boto_asg.exists # [DEBUG ] LazyLoaded boto_rds.exists # [DEBUG ] LazyLoaded boto_route53.get_record # [DEBUG ] LazyLoaded boto_s3_bucket.exists # [DEBUG ] LazyLoaded boto_secgroup.exists # [DEBUG ] LazyLoaded boto_sns.exists # [DEBUG ] LazyLoaded boto_sqs.exists # [DEBUG ] LazyLoaded boto_vpc.exists # [DEBUG ] LazyLoaded bower.list # [DEBUG ] LazyLoaded chef.client # [DEBUG ] LazyLoaded chocolatey.install # [DEBUG ] LazyLoaded cisconso.set_data_value # [DEBUG ] LazyLoaded cyg.list # [DEBUG ] LazyLoaded chassis.cmd # [DEBUG ] Could not LazyLoad docker.version: 'docker.version' is not available. # [DEBUG ] Could not LazyLoad docker.version: 'docker.version' is not available. # [DEBUG ] Could not LazyLoad docker.version: 'docker.version' is not available. # [DEBUG ] Could not LazyLoad docker.version: 'docker.version' is not available. # [DEBUG ] Could not LazyLoad docker.version: 'docker.version' is not available. # [DEBUG ] LazyLoaded eselect.exec_action # [DEBUG ] LazyLoaded esxi.cmd # [DEBUG ] LazyLoaded github.list_users # [DEBUG ] LazyLoaded glusterfs.list_volumes # [DEBUG ] LazyLoaded elasticsearch.exists # [DEBUG ] LazyLoaded icinga2.generate_ticket # [DEBUG ] LazyLoaded ifttt.trigger_event # [DEBUG ] Could not LazyLoad influxdb08.db_exists: 'influxdb08.db_exists' is not available. # [DEBUG ] Could not LazyLoad influxdb08.db_exists: 'influxdb08.db_exists' is not available. # [DEBUG ] Could not LazyLoad influxdb.db_exists: 'influxdb.db_exists' is not available. # [DEBUG ] Could not LazyLoad influxdb.db_exists: 'influxdb.db_exists' is not available. # [DEBUG ] Could not LazyLoad influxdb.db_exists: 'influxdb.db_exists' is not available. # [DEBUG ] Could not LazyLoad influxdb.db_exists: 'influxdb.db_exists' is not available. # [DEBUG ] LazyLoaded ipset.version # [DEBUG ] LazyLoaded kapacitor.version # [DEBUG ] LazyLoaded keystone.auth # [DEBUG ] LazyLoaded kubernetes.ping # [DEBUG ] LazyLoaded layman.add # [DEBUG ] LazyLoaded lvs.get_rules # [DEBUG ] LazyLoaded lvs.get_rules # [DEBUG ] LazyLoaded makeconf.get_var # [DEBUG ] LazyLoaded memcached.status # [DEBUG ] LazyLoaded mongodb.user_exists # [DEBUG ] LazyLoaded monit.summary # [DEBUG ] LazyLoaded nftables.version # [DEBUG ] LazyLoaded npm.list # [DEBUG ] LazyLoaded nxos.cmd # [DEBUG ] LazyLoaded openvswitch.bridge_create # [DEBUG ] LazyLoaded openvswitch.port_add # [DEBUG ] LazyLoaded pecl.list # [DEBUG ] LazyLoaded portage_config.get_missing_flags # [DEBUG ] LazyLoaded postgres.cluster_exists # [DEBUG ] LazyLoaded postgres.user_exists # [DEBUG ] LazyLoaded postgres.create_extension # [DEBUG ] LazyLoaded postgres.group_create # [DEBUG ] LazyLoaded postgres.datadir_init # [DEBUG ] LazyLoaded postgres.language_create # [DEBUG ] LazyLoaded postgres.privileges_grant # [DEBUG ] LazyLoaded postgres.schema_exists # [DEBUG ] LazyLoaded postgres.tablespace_exists # [DEBUG ] LazyLoaded postgres.user_exists # [DEBUG ] LazyLoaded quota.report # [DEBUG ] Could not LazyLoad rbac.profile_list: 'rbac.profile_list' is not available. # [DEBUG ] LazyLoaded rdp.enable # [DEBUG ] LazyLoaded reg.read_value # [DEBUG ] LazyLoaded selinux.getenforce # [DEBUG ] Could not LazyLoad vmadm.create: 'vmadm.create' is not available. # [DEBUG ] LazyLoaded snapper.diff # [DEBUG ] LazyLoaded splunk.list_users # [DEBUG ] LazyLoaded splunk_search.get # [DEBUG ] LazyLoaded stormpath.create_account # [DEBUG ] LazyLoaded tls.cert_info # [DEBUG ] LazyLoaded tomcat.status # [DEBUG ] LazyLoaded trafficserver.set_config # [DEBUG ] LazyLoaded victorops.create_event # [DEBUG ] LazyLoaded virt.node_info # [DEBUG ] LazyLoaded win_dacl.add_ace # [DEBUG ] LazyLoaded win_dns_client.add_dns # [DEBUG ] Could not LazyLoad firewall.get_config: 'firewall.get_config' is not available. # [DEBUG ] LazyLoaded win_iis.create_site # [DEBUG ] Could not LazyLoad lgpo.set: 'lgpo.set' is not available. # [DEBUG ] LazyLoaded win_path.rehash # [DEBUG ] LazyLoaded win_pki.get_stores # [DEBUG ] LazyLoaded win_servermanager.install # [DEBUG ] LazyLoaded win_smtp_server.get_server_setting # [DEBUG ] LazyLoaded win_snmp.get_agent_settings # [DEBUG ] LazyLoaded xmpp.send_msg # [DEBUG ] LazyLoaded zabbix.host_create # [DEBUG ] LazyLoaded zabbix.hostgroup_create # [DEBUG ] LazyLoaded zabbix.mediatype_create # [DEBUG ] LazyLoaded zabbix.user_create # [DEBUG ] LazyLoaded zabbix.usergroup_create # [DEBUG ] LazyLoaded zk_concurrency.lock # [DEBUG ] LazyLoaded zonecfg.create # [DEBUG ] LazyLoaded zpool.create # [DEBUG ] Could not LazyLoad file.mod_watch: 'file.mod_watch' is not available. # [INFO ] Running state [/usr/local/bin/usbdeviceforensics.py] at time 14:17:40.312791 # [INFO ] Executing state file.replace for [/usr/local/bin/usbdeviceforensics.py] # [INFO ] File changed: --- +++ @@ -1,4 +1,4 @@ -#!/usr/bin/python +#!/usr/bin/env python # This file is part of usbdeviceforensics. usbdeviceforensics is a python console based port of woanware's # UsbDeviceForensics .Net WinForms GUI application. # [INFO ] Completed state [/usr/local/bin/usbdeviceforensics.py] at time 14:17:40.318596 duration_in_ms=5.806 # [INFO ] Running state [/usr/local/src/virustotal-search-v0.1.4] at time 14:17:40.318761 # [INFO ] Executing state archive.extracted for [/usr/local/src/virustotal-search-v0.1.4] # [DEBUG ] Requesting URL https://didierstevens.com/files/software/virustotal-search_V0_1_4.zip using GET method # [DEBUG ] file.managed: {'comment': 'File /var/cache/salt/minion/files/base/_files_software_virustotal-search_V0_1_4.zip updated', 'pchanges': {}, 'changes': {'diff': 'New file', 'mode': '0644'}, 'name': '/var/cache/salt/minion/files/base/_files_software_virustotal-search_V0_1_4.zip', 'result': True} # [DEBUG ] Checking https://didierstevens.com/files/software/virustotal-search_V0_1_4.zip to see if it is password-protected # [DEBUG ] Cleaning cached source file /var/cache/salt/minion/files/base/_files_software_virustotal-search_V0_1_4.zip # [INFO ] All files in archive are already present # [INFO ] Completed state [/usr/local/src/virustotal-search-v0.1.4] at time 14:17:41.226880 duration_in_ms=908.115 # [DEBUG ] Could not LazyLoad file.mod_watch: 'file.mod_watch' is not available. # [INFO ] Running state [/usr/local/bin/virustotal-search.py] at time 14:17:41.247002 # [INFO ] Executing state file.managed for [/usr/local/bin/virustotal-search.py] # [INFO ] File /usr/local/bin/virustotal-search.py is in the correct state # [INFO ] Completed state [/usr/local/bin/virustotal-search.py] at time 14:17:41.253345 duration_in_ms=6.346 # [INFO ] Running state [/usr/local/src/virustotal-submit-v0.0.3] at time 14:17:41.253678 # [INFO ] Executing state archive.extracted for [/usr/local/src/virustotal-submit-v0.0.3] # [DEBUG ] Requesting URL https://didierstevens.com/files/software/virustotal-submit_V0_0_3.zip using GET method # [DEBUG ] file.managed: {'comment': 'File /var/cache/salt/minion/files/base/_files_software_virustotal-submit_V0_0_3.zip updated', 'pchanges': {}, 'changes': {'diff': 'New file', 'mode': '0644'}, 'name': '/var/cache/salt/minion/files/base/_files_software_virustotal-submit_V0_0_3.zip', 'result': True} # [DEBUG ] Checking https://didierstevens.com/files/software/virustotal-submit_V0_0_3.zip to see if it is password-protected # [DEBUG ] Cleaning cached source file /var/cache/salt/minion/files/base/_files_software_virustotal-submit_V0_0_3.zip # [INFO ] All files in archive are already present # [INFO ] Completed state [/usr/local/src/virustotal-submit-v0.0.3] at time 14:17:41.987736 duration_in_ms=734.056 # [DEBUG ] Could not LazyLoad file.mod_watch: 'file.mod_watch' is not available. # [INFO ] Running state [/usr/local/bin/virustotal-submit.py] at time 14:17:42.007167 # [INFO ] Executing state file.managed for [/usr/local/bin/virustotal-submit.py] # [INFO ] File /usr/local/bin/virustotal-submit.py is in the correct state # [INFO ] Completed state [/usr/local/bin/virustotal-submit.py] at time 14:17:42.011272 duration_in_ms=4.105 # [INFO ] Running state [/usr/local/bin/vshot] at time 14:17:42.021146 # [INFO ] Executing state file.managed for [/usr/local/bin/vshot] # [DEBUG ] Requesting URL https://raw.githubusercontent.com/CrowdStrike/Forensics/62d8ae4ed1ca276f2a1ffe251e1750d10538ae52/vshot using GET method # [INFO ] File /usr/local/bin/vshot is in the correct state # [INFO ] Completed state [/usr/local/bin/vshot] at time 14:17:42.298864 duration_in_ms=277.719 # [INFO ] Running state [sift-scripts] at time 14:17:42.327551 # [INFO ] Executing state test.nop for [sift-scripts] # [INFO ] Success! # [INFO ] Completed state [sift-scripts] at time 14:17:42.328152 duration_in_ms=0.601 # [INFO ] Running state [/etc/hostname] at time 14:17:42.328453 # [INFO ] Executing state file.managed for [/etc/hostname] # [INFO ] File /etc/hostname is in the correct state # [INFO ] Completed state [/etc/hostname] at time 14:17:42.329782 duration_in_ms=1.329 # [INFO ] Running state [hostnamectl set-hostname siftworkstation] at time 14:17:42.329932 # [INFO ] Executing state cmd.run for [hostnamectl set-hostname siftworkstation] # [INFO ] Executing command 'test "siftworkstation" = "$(hostname)"' in directory '/home/sansforensics' # [DEBUG ] output: # [DEBUG ] Last command return code: 0 # [INFO ] unless execution succeeded # [INFO ] Completed state [hostnamectl set-hostname siftworkstation] at time 14:17:42.427489 duration_in_ms=97.557 # [INFO ] Running state [siftworkstation] at time 14:17:42.427753 # [INFO ] Executing state host.present for [siftworkstation] # [INFO ] Host siftworkstation (127.0.0.1) already present # [INFO ] Completed state [siftworkstation] at time 14:17:42.428605 duration_in_ms=0.852 # [INFO ] Running state [sansforensics] at time 14:17:42.428751 # [INFO ] Executing state user.present for [sansforensics] # [INFO ] User sansforensics is present and up to date # [INFO ] Completed state [sansforensics] at time 14:17:42.430201 duration_in_ms=1.449 # [INFO ] Running state [/home/sansforensics/.bash_aliases] at time 14:17:42.433200 # [INFO ] Executing state file.append for [/home/sansforensics/.bash_aliases] # [INFO ] File /home/sansforensics/.bash_aliases is in correct state # [INFO ] Completed state [/home/sansforensics/.bash_aliases] at time 14:17:42.435597 duration_in_ms=2.396 # [INFO ] Running state [/root/.bash_aliases] at time 14:17:42.439152 # [INFO ] Executing state file.append for [/root/.bash_aliases] # [INFO ] File /root/.bash_aliases is in correct state # [INFO ] Completed state [/root/.bash_aliases] at time 14:17:42.441044 duration_in_ms=1.893 # [INFO ] Running state [/home/sansforensics/.bashrc] at time 14:17:42.443659 # [INFO ] Executing state file.append for [/home/sansforensics/.bashrc] # [INFO ] File /home/sansforensics/.bashrc is in correct state # [INFO ] Completed state [/home/sansforensics/.bashrc] at time 14:17:42.445731 duration_in_ms=2.071 # [INFO ] Running state [/home/sansforensics/.bashrc] at time 14:17:42.448295 # [INFO ] Executing state file.append for [/home/sansforensics/.bashrc] # [INFO ] File /home/sansforensics/.bashrc is in correct state # [INFO ] Completed state [/home/sansforensics/.bashrc] at time 14:17:42.450049 duration_in_ms=1.755 # [INFO ] Running state [/root/.bashrc] at time 14:17:42.452554 # [INFO ] Executing state file.append for [/root/.bashrc] # [INFO ] File /root/.bashrc is in correct state # [INFO ] Completed state [/root/.bashrc] at time 14:17:42.453918 duration_in_ms=1.364 # [INFO ] Running state [/home/sansforensics/.config/autostart] at time 14:17:42.456352 # [INFO ] Executing state file.directory for [/home/sansforensics/.config/autostart] # [INFO ] Directory /home/sansforensics/.config/autostart is in the correct state Directory /home/sansforensics/.config/autostart updated # [INFO ] Completed state [/home/sansforensics/.config/autostart] at time 14:17:42.457784 duration_in_ms=1.431 # [INFO ] Running state [/home/sansforensics/Desktop] at time 14:17:42.460873 # [INFO ] Executing state file.recurse for [/home/sansforensics/Desktop] # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/files/sift/resources/Find-Evil-Poster.pdf' to resolve 'salt://sift/files/sift/resources/Find-Evil-Poster.pdf' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/files/sift/resources/Find-Evil-Poster.pdf' to resolve 'salt://sift/files/sift/resources/Find-Evil-Poster.pdf' # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/files/sift/resources/memory-forensics-cheatsheet.pdf' to resolve 'salt://sift/files/sift/resources/memory-forensics-cheatsheet.pdf' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/files/sift/resources/memory-forensics-cheatsheet.pdf' to resolve 'salt://sift/files/sift/resources/memory-forensics-cheatsheet.pdf' # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/files/sift/resources/SANS-DFIR.pdf' to resolve 'salt://sift/files/sift/resources/SANS-DFIR.pdf' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/files/sift/resources/SANS-DFIR.pdf' to resolve 'salt://sift/files/sift/resources/SANS-DFIR.pdf' # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/files/sift/resources/network-forensics-cheatsheet.pdf' to resolve 'salt://sift/files/sift/resources/network-forensics-cheatsheet.pdf' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/files/sift/resources/network-forensics-cheatsheet.pdf' to resolve 'salt://sift/files/sift/resources/network-forensics-cheatsheet.pdf' # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/files/sift/resources/Smartphone-Forensics-Poster.pdf' to resolve 'salt://sift/files/sift/resources/Smartphone-Forensics-Poster.pdf' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/files/sift/resources/Smartphone-Forensics-Poster.pdf' to resolve 'salt://sift/files/sift/resources/Smartphone-Forensics-Poster.pdf' # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/files/sift/resources/Evidence-of-Poster.pdf' to resolve 'salt://sift/files/sift/resources/Evidence-of-Poster.pdf' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/files/sift/resources/Evidence-of-Poster.pdf' to resolve 'salt://sift/files/sift/resources/Evidence-of-Poster.pdf' # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/files/sift/resources/sift-cheatsheet.pdf' to resolve 'salt://sift/files/sift/resources/sift-cheatsheet.pdf' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/files/sift/resources/sift-cheatsheet.pdf' to resolve 'salt://sift/files/sift/resources/sift-cheatsheet.pdf' # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/files/sift/resources/windows-to-unix-cheatsheet.pdf' to resolve 'salt://sift/files/sift/resources/windows-to-unix-cheatsheet.pdf' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/files/sift/resources/windows-to-unix-cheatsheet.pdf' to resolve 'salt://sift/files/sift/resources/windows-to-unix-cheatsheet.pdf' # [INFO ] The directory /home/sansforensics/Desktop is in the correct state # [INFO ] Completed state [/home/sansforensics/Desktop] at time 14:17:42.835302 duration_in_ms=374.428 # [INFO ] Running state [/home/sansforensics/Desktop] at time 14:17:42.838982 # [INFO ] Executing state file.directory for [/home/sansforensics/Desktop] # [INFO ] Directory /home/sansforensics/Desktop is in the correct state Directory /home/sansforensics/Desktop updated # [INFO ] Completed state [/home/sansforensics/Desktop] at time 14:17:42.840119 duration_in_ms=1.137 # [INFO ] Running state [/home/sansforensics/Desktop/mount_points] at time 14:17:42.845434 # [INFO ] Executing state file.symlink for [/home/sansforensics/Desktop/mount_points] # [INFO ] Symlink /home/sansforensics/Desktop/mount_points is present and owned by sansforensics:sansforensics # [INFO ] Completed state [/home/sansforensics/Desktop/mount_points] at time 14:17:42.846744 duration_in_ms=1.31 # [INFO ] Running state [/home/sansforensics/Desktop/cases] at time 14:17:42.851837 # [INFO ] Executing state file.symlink for [/home/sansforensics/Desktop/cases] # [INFO ] Symlink /home/sansforensics/Desktop/cases is present and owned by sansforensics:sansforensics # [INFO ] Completed state [/home/sansforensics/Desktop/cases] at time 14:17:42.853853 duration_in_ms=2.016 # [INFO ] Running state [/usr/share/backgrounds] at time 14:17:42.854111 # [INFO ] Executing state file.directory for [/usr/share/backgrounds] # [INFO ] Directory /usr/share/backgrounds is in the correct state Directory /usr/share/backgrounds updated # [INFO ] Completed state [/usr/share/backgrounds] at time 14:17:42.855056 duration_in_ms=0.945 # [INFO ] Running state [/usr/share/backgrounds/warty-final-ubuntu.png] at time 14:17:42.860657 # [INFO ] Executing state file.managed for [/usr/share/backgrounds/warty-final-ubuntu.png] # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/files/sift/images/forensics_blue.jpg' to resolve 'salt://sift/files/sift/images/forensics_blue.jpg' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/files/sift/images/forensics_blue.jpg' to resolve 'salt://sift/files/sift/images/forensics_blue.jpg' # [INFO ] File /usr/share/backgrounds/warty-final-ubuntu.png is in the correct state # [INFO ] Completed state [/usr/share/backgrounds/warty-final-ubuntu.png] at time 14:17:42.864532 duration_in_ms=3.875 # [INFO ] Running state [/usr/share/unity-greeter] at time 14:17:42.864755 # [INFO ] Executing state file.directory for [/usr/share/unity-greeter] # [INFO ] Directory /usr/share/unity-greeter is in the correct state Directory /usr/share/unity-greeter updated # [INFO ] Completed state [/usr/share/unity-greeter] at time 14:17:42.865653 duration_in_ms=0.898 # [INFO ] Running state [/usr/share/unity-greeter/logo.png] at time 14:17:42.872315 # [INFO ] Executing state file.managed for [/usr/share/unity-greeter/logo.png] # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/files/sift/images/login_logo.png' to resolve 'salt://sift/files/sift/images/login_logo.png' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/files/sift/images/login_logo.png' to resolve 'salt://sift/files/sift/images/login_logo.png' # [INFO ] File /usr/share/unity-greeter/logo.png is in the correct state # [INFO ] Completed state [/usr/share/unity-greeter/logo.png] at time 14:17:42.875764 duration_in_ms=3.449 # [INFO ] Running state [/home/sansforensics/.config/autostart/] at time 14:17:42.875976 # [INFO ] Executing state file.directory for [/home/sansforensics/.config/autostart/] # [INFO ] Directory /home/sansforensics/.config/autostart is in the correct state Directory /home/sansforensics/.config/autostart updated # [INFO ] Completed state [/home/sansforensics/.config/autostart/] at time 14:17:42.876962 duration_in_ms=0.985 # [INFO ] Running state [/home/sansforensics/.config/autostart/gnome-terminal.desktop] at time 14:17:42.881836 # [INFO ] Executing state file.managed for [/home/sansforensics/.config/autostart/gnome-terminal.desktop] # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/files/sift/other/gnome-terminal.desktop' to resolve 'salt://sift/files/sift/other/gnome-terminal.desktop' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/files/sift/other/gnome-terminal.desktop' to resolve 'salt://sift/files/sift/other/gnome-terminal.desktop' # [INFO ] File /home/sansforensics/.config/autostart/gnome-terminal.desktop is in the correct state # [INFO ] Completed state [/home/sansforensics/.config/autostart/gnome-terminal.desktop] at time 14:17:42.885046 duration_in_ms=3.21 # [INFO ] Running state [sift-config-user] at time 14:17:42.895121 # [INFO ] Executing state test.nop for [sift-config-user] # [INFO ] Success! # [INFO ] Completed state [sift-config-user] at time 14:17:42.895754 duration_in_ms=0.633 # [INFO ] Running state [Etc/UTC] at time 14:17:42.895918 # [INFO ] Executing state timezone.system for [Etc/UTC] # [INFO ] Executing command ['timedatectl'] in directory '/home/sansforensics' # [DEBUG ] stdout: Local time: Thu 2017-09-07 14:17:43 UTC Universal time: Thu 2017-09-07 14:17:43 UTC RTC time: Thu 2017-09-07 14:17:42 Time zone: Etc/UTC (UTC, +0000) Network time on: yes NTP synchronized: yes RTC in local TZ: no # [INFO ] Timezone Etc/UTC already set, UTC already set to Etc/UTC # [INFO ] Completed state [Etc/UTC] at time 14:17:43.115201 duration_in_ms=219.28 # [INFO ] Running state [/cases] at time 14:17:43.122896 # [INFO ] Executing state file.directory for [/cases] # [INFO ] Directory /cases is in the correct state Directory /cases updated # [INFO ] Completed state [/cases] at time 14:17:43.126261 duration_in_ms=3.364 # [INFO ] Running state [/mnt/usb] at time 14:17:43.126742 # [INFO ] Executing state file.directory for [/mnt/usb] # [INFO ] Directory /mnt/usb is in the correct state Directory /mnt/usb updated # [INFO ] Completed state [/mnt/usb] at time 14:17:43.130549 duration_in_ms=3.805 # [INFO ] Running state [/mnt/vss] at time 14:17:43.131461 # [INFO ] Executing state file.directory for [/mnt/vss] # [INFO ] Directory /mnt/vss is in the correct state Directory /mnt/vss updated # [INFO ] Completed state [/mnt/vss] at time 14:17:43.135277 duration_in_ms=3.816 # [INFO ] Running state [/mnt/shadow] at time 14:17:43.135907 # [INFO ] Executing state file.directory for [/mnt/shadow] # [INFO ] Directory /mnt/shadow is in the correct state Directory /mnt/shadow updated # [INFO ] Completed state [/mnt/shadow] at time 14:17:43.139914 duration_in_ms=4.007 # [INFO ] Running state [/mnt/windows_mount] at time 14:17:43.140282 # [INFO ] Executing state file.directory for [/mnt/windows_mount] # [INFO ] Directory /mnt/windows_mount is in the correct state Directory /mnt/windows_mount updated # [INFO ] Completed state [/mnt/windows_mount] at time 14:17:43.142822 duration_in_ms=2.539 # [INFO ] Running state [/mnt/e01] at time 14:17:43.143254 # [INFO ] Executing state file.directory for [/mnt/e01] # [INFO ] Directory /mnt/e01 is in the correct state Directory /mnt/e01 updated # [INFO ] Completed state [/mnt/e01] at time 14:17:43.146313 duration_in_ms=3.059 # [INFO ] Running state [/mnt/aff] at time 14:17:43.146748 # [INFO ] Executing state file.directory for [/mnt/aff] # [INFO ] Directory /mnt/aff is in the correct state Directory /mnt/aff updated # [INFO ] Completed state [/mnt/aff] at time 14:17:43.149097 duration_in_ms=2.349 # [INFO ] Running state [/mnt/ewf] at time 14:17:43.149360 # [INFO ] Executing state file.directory for [/mnt/ewf] # [INFO ] Directory /mnt/ewf is in the correct state Directory /mnt/ewf updated # [INFO ] Completed state [/mnt/ewf] at time 14:17:43.151079 duration_in_ms=1.719 # [INFO ] Running state [/mnt/bde] at time 14:17:43.151332 # [INFO ] Executing state file.directory for [/mnt/bde] # [INFO ] Directory /mnt/bde is in the correct state Directory /mnt/bde updated # [INFO ] Completed state [/mnt/bde] at time 14:17:43.152927 duration_in_ms=1.594 # [INFO ] Running state [/mnt/iscsi] at time 14:17:43.153173 # [INFO ] Executing state file.directory for [/mnt/iscsi] # [INFO ] Directory /mnt/iscsi is in the correct state Directory /mnt/iscsi updated # [INFO ] Completed state [/mnt/iscsi] at time 14:17:43.154969 duration_in_ms=1.795 # [INFO ] Running state [/mnt/windows_mount1] at time 14:17:43.155286 # [INFO ] Executing state file.directory for [/mnt/windows_mount1] # [INFO ] Directory /mnt/windows_mount1 is in the correct state Directory /mnt/windows_mount1 updated # [INFO ] Completed state [/mnt/windows_mount1] at time 14:17:43.156926 duration_in_ms=1.638 # [INFO ] Running state [/mnt/windows_mount2] at time 14:17:43.157201 # [INFO ] Executing state file.directory for [/mnt/windows_mount2] # [INFO ] Directory /mnt/windows_mount2 is in the correct state Directory /mnt/windows_mount2 updated # [INFO ] Completed state [/mnt/windows_mount2] at time 14:17:43.159676 duration_in_ms=2.474 # [INFO ] Running state [/mnt/windows_mount3] at time 14:17:43.160244 # [INFO ] Executing state file.directory for [/mnt/windows_mount3] # [INFO ] Directory /mnt/windows_mount3 is in the correct state Directory /mnt/windows_mount3 updated # [INFO ] Completed state [/mnt/windows_mount3] at time 14:17:43.161933 duration_in_ms=1.69 # [INFO ] Running state [/mnt/windows_mount4] at time 14:17:43.162191 # [INFO ] Executing state file.directory for [/mnt/windows_mount4] # [INFO ] Directory /mnt/windows_mount4 is in the correct state Directory /mnt/windows_mount4 updated # [INFO ] Completed state [/mnt/windows_mount4] at time 14:17:43.163819 duration_in_ms=1.663 # [INFO ] Running state [/mnt/windows_mount5] at time 14:17:43.164184 # [INFO ] Executing state file.directory for [/mnt/windows_mount5] # [INFO ] Directory /mnt/windows_mount5 is in the correct state Directory /mnt/windows_mount5 updated # [INFO ] Completed state [/mnt/windows_mount5] at time 14:17:43.165732 duration_in_ms=1.547 # [INFO ] Running state [/mnt/shadow/vss1] at time 14:17:43.165952 # [INFO ] Executing state file.directory for [/mnt/shadow/vss1] # [INFO ] Directory /mnt/shadow/vss1 is in the correct state Directory /mnt/shadow/vss1 updated # [INFO ] Completed state [/mnt/shadow/vss1] at time 14:17:43.167435 duration_in_ms=1.483 # [INFO ] Running state [/mnt/shadow/vss2] at time 14:17:43.167757 # [INFO ] Executing state file.directory for [/mnt/shadow/vss2] # [INFO ] Directory /mnt/shadow/vss2 is in the correct state Directory /mnt/shadow/vss2 updated # [INFO ] Completed state [/mnt/shadow/vss2] at time 14:17:43.170104 duration_in_ms=2.346 # [INFO ] Running state [/mnt/shadow/vss3] at time 14:17:43.170551 # [INFO ] Executing state file.directory for [/mnt/shadow/vss3] # [INFO ] Directory /mnt/shadow/vss3 is in the correct state Directory /mnt/shadow/vss3 updated # [INFO ] Completed state [/mnt/shadow/vss3] at time 14:17:43.173227 duration_in_ms=2.675 # [INFO ] Running state [/mnt/shadow/vss4] at time 14:17:43.173866 # [INFO ] Executing state file.directory for [/mnt/shadow/vss4] # [INFO ] Directory /mnt/shadow/vss4 is in the correct state Directory /mnt/shadow/vss4 updated # [INFO ] Completed state [/mnt/shadow/vss4] at time 14:17:43.176857 duration_in_ms=3.019 # [INFO ] Running state [/mnt/shadow/vss5] at time 14:17:43.177256 # [INFO ] Executing state file.directory for [/mnt/shadow/vss5] # [INFO ] Directory /mnt/shadow/vss5 is in the correct state Directory /mnt/shadow/vss5 updated # [INFO ] Completed state [/mnt/shadow/vss5] at time 14:17:43.179745 duration_in_ms=2.49 # [INFO ] Running state [/mnt/shadow/vss6] at time 14:17:43.180149 # [INFO ] Executing state file.directory for [/mnt/shadow/vss6] # [INFO ] Directory /mnt/shadow/vss6 is in the correct state Directory /mnt/shadow/vss6 updated # [INFO ] Completed state [/mnt/shadow/vss6] at time 14:17:43.181993 duration_in_ms=1.843 # [INFO ] Running state [/mnt/shadow/vss7] at time 14:17:43.182229 # [INFO ] Executing state file.directory for [/mnt/shadow/vss7] # [INFO ] Directory /mnt/shadow/vss7 is in the correct state Directory /mnt/shadow/vss7 updated # [INFO ] Completed state [/mnt/shadow/vss7] at time 14:17:43.183991 duration_in_ms=1.761 # [INFO ] Running state [/mnt/shadow/vss8] at time 14:17:43.184237 # [INFO ] Executing state file.directory for [/mnt/shadow/vss8] # [INFO ] Directory /mnt/shadow/vss8 is in the correct state Directory /mnt/shadow/vss8 updated # [INFO ] Completed state [/mnt/shadow/vss8] at time 14:17:43.185713 duration_in_ms=1.476 # [INFO ] Running state [/mnt/shadow/vss9] at time 14:17:43.185942 # [INFO ] Executing state file.directory for [/mnt/shadow/vss9] # [INFO ] Directory /mnt/shadow/vss9 is in the correct state Directory /mnt/shadow/vss9 updated # [INFO ] Completed state [/mnt/shadow/vss9] at time 14:17:43.187509 duration_in_ms=1.567 # [INFO ] Running state [/mnt/shadow/vss10] at time 14:17:43.187934 # [INFO ] Executing state file.directory for [/mnt/shadow/vss10] # [INFO ] Directory /mnt/shadow/vss10 is in the correct state Directory /mnt/shadow/vss10 updated # [INFO ] Completed state [/mnt/shadow/vss10] at time 14:17:43.189647 duration_in_ms=1.713 # [INFO ] Running state [/mnt/shadow/vss11] at time 14:17:43.189901 # [INFO ] Executing state file.directory for [/mnt/shadow/vss11] # [INFO ] Directory /mnt/shadow/vss11 is in the correct state Directory /mnt/shadow/vss11 updated # [INFO ] Completed state [/mnt/shadow/vss11] at time 14:17:43.191456 duration_in_ms=1.555 # [INFO ] Running state [/mnt/shadow/vss12] at time 14:17:43.191722 # [INFO ] Executing state file.directory for [/mnt/shadow/vss12] # [INFO ] Directory /mnt/shadow/vss12 is in the correct state Directory /mnt/shadow/vss12 updated # [INFO ] Completed state [/mnt/shadow/vss12] at time 14:17:43.193409 duration_in_ms=1.686 # [INFO ] Running state [/mnt/shadow/vss13] at time 14:17:43.193665 # [INFO ] Executing state file.directory for [/mnt/shadow/vss13] # [INFO ] Directory /mnt/shadow/vss13 is in the correct state Directory /mnt/shadow/vss13 updated # [INFO ] Completed state [/mnt/shadow/vss13] at time 14:17:43.195250 duration_in_ms=1.585 # [INFO ] Running state [/mnt/shadow/vss14] at time 14:17:43.195572 # [INFO ] Executing state file.directory for [/mnt/shadow/vss14] # [INFO ] Directory /mnt/shadow/vss14 is in the correct state Directory /mnt/shadow/vss14 updated # [INFO ] Completed state [/mnt/shadow/vss14] at time 14:17:43.197152 duration_in_ms=1.58 # [INFO ] Running state [/mnt/shadow/vss15] at time 14:17:43.197399 # [INFO ] Executing state file.directory for [/mnt/shadow/vss15] # [INFO ] Directory /mnt/shadow/vss15 is in the correct state Directory /mnt/shadow/vss15 updated # [INFO ] Completed state [/mnt/shadow/vss15] at time 14:17:43.198788 duration_in_ms=1.389 # [INFO ] Running state [/mnt/shadow/vss16] at time 14:17:43.199010 # [INFO ] Executing state file.directory for [/mnt/shadow/vss16] # [INFO ] Directory /mnt/shadow/vss16 is in the correct state Directory /mnt/shadow/vss16 updated # [INFO ] Completed state [/mnt/shadow/vss16] at time 14:17:43.200366 duration_in_ms=1.356 # [INFO ] Running state [/mnt/shadow/vss17] at time 14:17:43.200605 # [INFO ] Executing state file.directory for [/mnt/shadow/vss17] # [INFO ] Directory /mnt/shadow/vss17 is in the correct state Directory /mnt/shadow/vss17 updated # [INFO ] Completed state [/mnt/shadow/vss17] at time 14:17:43.201948 duration_in_ms=1.358 # [INFO ] Running state [/mnt/shadow/vss18] at time 14:17:43.202169 # [INFO ] Executing state file.directory for [/mnt/shadow/vss18] # [INFO ] Directory /mnt/shadow/vss18 is in the correct state Directory /mnt/shadow/vss18 updated # [INFO ] Completed state [/mnt/shadow/vss18] at time 14:17:43.203467 duration_in_ms=1.297 # [INFO ] Running state [/mnt/shadow/vss19] at time 14:17:43.203707 # [INFO ] Executing state file.directory for [/mnt/shadow/vss19] # [INFO ] Directory /mnt/shadow/vss19 is in the correct state Directory /mnt/shadow/vss19 updated # [INFO ] Completed state [/mnt/shadow/vss19] at time 14:17:43.205187 duration_in_ms=1.479 # [INFO ] Running state [/mnt/shadow/vss20] at time 14:17:43.205436 # [INFO ] Executing state file.directory for [/mnt/shadow/vss20] # [INFO ] Directory /mnt/shadow/vss20 is in the correct state Directory /mnt/shadow/vss20 updated # [INFO ] Completed state [/mnt/shadow/vss20] at time 14:17:43.206806 duration_in_ms=1.369 # [INFO ] Running state [/mnt/shadow/vss21] at time 14:17:43.207044 # [INFO ] Executing state file.directory for [/mnt/shadow/vss21] # [INFO ] Directory /mnt/shadow/vss21 is in the correct state Directory /mnt/shadow/vss21 updated # [INFO ] Completed state [/mnt/shadow/vss21] at time 14:17:43.208524 duration_in_ms=1.479 # [INFO ] Running state [/mnt/shadow/vss22] at time 14:17:43.208842 # [INFO ] Executing state file.directory for [/mnt/shadow/vss22] # [INFO ] Directory /mnt/shadow/vss22 is in the correct state Directory /mnt/shadow/vss22 updated # [INFO ] Completed state [/mnt/shadow/vss22] at time 14:17:43.210596 duration_in_ms=1.754 # [INFO ] Running state [/mnt/shadow/vss23] at time 14:17:43.210898 # [INFO ] Executing state file.directory for [/mnt/shadow/vss23] # [INFO ] Directory /mnt/shadow/vss23 is in the correct state Directory /mnt/shadow/vss23 updated # [INFO ] Completed state [/mnt/shadow/vss23] at time 14:17:43.212892 duration_in_ms=1.993 # [INFO ] Running state [/mnt/shadow/vss24] at time 14:17:43.213191 # [INFO ] Executing state file.directory for [/mnt/shadow/vss24] # [INFO ] Directory /mnt/shadow/vss24 is in the correct state Directory /mnt/shadow/vss24 updated # [INFO ] Completed state [/mnt/shadow/vss24] at time 14:17:43.214794 duration_in_ms=1.603 # [INFO ] Running state [/mnt/shadow/vss25] at time 14:17:43.215032 # [INFO ] Executing state file.directory for [/mnt/shadow/vss25] # [INFO ] Directory /mnt/shadow/vss25 is in the correct state Directory /mnt/shadow/vss25 updated # [INFO ] Completed state [/mnt/shadow/vss25] at time 14:17:43.216518 duration_in_ms=1.486 # [INFO ] Running state [/mnt/shadow/vss26] at time 14:17:43.216754 # [INFO ] Executing state file.directory for [/mnt/shadow/vss26] # [INFO ] Directory /mnt/shadow/vss26 is in the correct state Directory /mnt/shadow/vss26 updated # [INFO ] Completed state [/mnt/shadow/vss26] at time 14:17:43.218190 duration_in_ms=1.435 # [INFO ] Running state [/mnt/shadow/vss27] at time 14:17:43.218422 # [INFO ] Executing state file.directory for [/mnt/shadow/vss27] # [INFO ] Directory /mnt/shadow/vss27 is in the correct state Directory /mnt/shadow/vss27 updated # [INFO ] Completed state [/mnt/shadow/vss27] at time 14:17:43.220237 duration_in_ms=1.815 # [INFO ] Running state [/mnt/shadow/vss28] at time 14:17:43.220512 # [INFO ] Executing state file.directory for [/mnt/shadow/vss28] # [INFO ] Directory /mnt/shadow/vss28 is in the correct state Directory /mnt/shadow/vss28 updated # [INFO ] Completed state [/mnt/shadow/vss28] at time 14:17:43.222136 duration_in_ms=1.623 # [INFO ] Running state [/mnt/shadow/vss29] at time 14:17:43.222383 # [INFO ] Executing state file.directory for [/mnt/shadow/vss29] # [INFO ] Directory /mnt/shadow/vss29 is in the correct state Directory /mnt/shadow/vss29 updated # [INFO ] Completed state [/mnt/shadow/vss29] at time 14:17:43.223876 duration_in_ms=1.492 # [INFO ] Running state [/mnt/shadow/vss30] at time 14:17:43.224133 # [INFO ] Executing state file.directory for [/mnt/shadow/vss30] # [INFO ] Directory /mnt/shadow/vss30 is in the correct state Directory /mnt/shadow/vss30 updated # [INFO ] Completed state [/mnt/shadow/vss30] at time 14:17:43.225492 duration_in_ms=1.359 # [INFO ] Running state [salt-minion] at time 14:17:43.225765 # [INFO ] Executing state service.dead for [salt-minion] # [INFO ] Executing command ['systemctl', 'status', 'salt-minion.service', '-n', '0'] in directory '/home/sansforensics' # [DEBUG ] stdout: * salt-minion.service - The Salt Minion Loaded: loaded (/lib/systemd/system/salt-minion.service; disabled; vendor preset: enabled) Active: inactive (dead) Docs: man:salt-minion(1) file:///usr/share/doc/salt/html/contents.html https://docs.saltstack.com/en/latest/contents.html # [DEBUG ] retcode: 3 # [INFO ] Executing command ['systemctl', 'is-active', 'salt-minion.service'] in directory '/home/sansforensics' # [DEBUG ] output: inactive # [INFO ] Executing command ['systemctl', 'is-enabled', 'salt-minion.service'] in directory '/home/sansforensics' # [DEBUG ] output: disabled # [DEBUG ] sysvinit script 'x11-common' found, but systemd unit 'x11-common.service' already exists # [DEBUG ] sysvinit script 'networking' found, but systemd unit 'networking.service' already exists # [DEBUG ] sysvinit script 'umountfs' found, but systemd unit 'umountfs.service' already exists # [DEBUG ] sysvinit script 'network-manager' found, but systemd unit 'network-manager.service' already exists # [DEBUG ] sysvinit script 'open-iscsi' found, but systemd unit 'open-iscsi.service' already exists # [DEBUG ] sysvinit script 'sendsigs' found, but systemd unit 'sendsigs.service' already exists # [DEBUG ] sysvinit script 'killprocs' found, but systemd unit 'killprocs.service' already exists # [DEBUG ] sysvinit script 'console-setup' found, but systemd unit 'console-setup.service' already exists # [DEBUG ] sysvinit script 'docker' found, but systemd unit 'docker.service' already exists # [DEBUG ] sysvinit script 'anacron' found, but systemd unit 'anacron.service' already exists # [DEBUG ] sysvinit script 'salt-minion' found, but systemd unit 'salt-minion.service' already exists # [DEBUG ] sysvinit script 'samba' found, but systemd unit 'samba.service' already exists # [DEBUG ] sysvinit script 'keyboard-setup' found, but systemd unit 'keyboard-setup.service' already exists # [DEBUG ] sysvinit script 'cron' found, but systemd unit 'cron.service' already exists # [DEBUG ] sysvinit script 'kerneloops' found, but systemd unit 'kerneloops.service' already exists # [DEBUG ] sysvinit script 'kmod' found, but systemd unit 'kmod.service' already exists # [DEBUG ] sysvinit script 'lightdm' found, but systemd unit 'lightdm.service' already exists # [DEBUG ] sysvinit script 'reboot' found, but systemd unit 'reboot.service' already exists # [DEBUG ] sysvinit script 'alsa-utils' found, but systemd unit 'alsa-utils.service' already exists # [DEBUG ] sysvinit script 'pppd-dns' found, but systemd unit 'pppd-dns.service' already exists # [DEBUG ] sysvinit script 'binfmt-support' found, but systemd unit 'binfmt-support.service' already exists # [DEBUG ] sysvinit script 'clamav-freshclam' found, but systemd unit 'clamav-freshclam.service' already exists # [DEBUG ] sysvinit script 'iscsid' found, but systemd unit 'iscsid.service' already exists # [DEBUG ] sysvinit script 'brltty' found, but systemd unit 'brltty.service' already exists # [DEBUG ] sysvinit script 'rc.local' found, but systemd unit 'rc.local.service' already exists # [DEBUG ] sysvinit script 'urandom' found, but systemd unit 'urandom.service' already exists # [DEBUG ] sysvinit script 'saned' found, but systemd unit 'saned.service' already exists # [DEBUG ] sysvinit script 'nfdump' found, but systemd unit 'nfdump.service' already exists # [DEBUG ] sysvinit script 'single' found, but systemd unit 'single.service' already exists # [DEBUG ] sysvinit script 'rcS' found, but systemd unit 'rcS.service' already exists # [DEBUG ] sysvinit script 'udev' found, but systemd unit 'udev.service' already exists # [DEBUG ] sysvinit script 'rc' found, but systemd unit 'rc.service' already exists # [DEBUG ] sysvinit script 'cryptdisks' found, but systemd unit 'cryptdisks.service' already exists # [DEBUG ] sysvinit script 'cups' found, but systemd unit 'cups.service' already exists # [DEBUG ] sysvinit script 'uuidd' found, but systemd unit 'uuidd.service' already exists # [DEBUG ] sysvinit script 'acpid' found, but systemd unit 'acpid.service' already exists # [DEBUG ] sysvinit script 'ufw' found, but systemd unit 'ufw.service' already exists # [DEBUG ] sysvinit script 'resolvconf' found, but systemd unit 'resolvconf.service' already exists # [DEBUG ] sysvinit script 'thermald' found, but systemd unit 'thermald.service' already exists # [DEBUG ] sysvinit script 'cups-browsed' found, but systemd unit 'cups-browsed.service' already exists # [DEBUG ] sysvinit script 'dns-clean' found, but systemd unit 'dns-clean.service' already exists # [DEBUG ] sysvinit script 'umountroot' found, but systemd unit 'umountroot.service' already exists # [DEBUG ] sysvinit script 'halt' found, but systemd unit 'halt.service' already exists # [DEBUG ] sysvinit script 'dbus' found, but systemd unit 'dbus.service' already exists # [DEBUG ] sysvinit script 'cryptdisks-early' found, but systemd unit 'cryptdisks-early.service' already exists # [DEBUG ] sysvinit script 'unattended-upgrades' found, but systemd unit 'unattended-upgrades.service' already exists # [DEBUG ] sysvinit script 'bluetooth' found, but systemd unit 'bluetooth.service' already exists # [DEBUG ] sysvinit script 'whoopsie' found, but systemd unit 'whoopsie.service' already exists # [DEBUG ] sysvinit script 'rsyslog' found, but systemd unit 'rsyslog.service' already exists # [DEBUG ] sysvinit script 'rsync' found, but systemd unit 'rsync.service' already exists # [DEBUG ] sysvinit script 'procps' found, but systemd unit 'procps.service' already exists # [DEBUG ] sysvinit script 'avahi-daemon' found, but systemd unit 'avahi-daemon.service' already exists # [DEBUG ] sysvinit script 'plymouth-log' found, but systemd unit 'plymouth-log.service' already exists # [DEBUG ] sysvinit script 'plymouth' found, but systemd unit 'plymouth.service' already exists # [DEBUG ] sysvinit script 'open-vm-tools' found, but systemd unit 'open-vm-tools.service' already exists # [INFO ] The service salt-minion is already dead # [INFO ] Completed state [salt-minion] at time 14:17:43.557057 duration_in_ms=331.293 # [INFO ] Running state [/etc/samba/smb.conf] at time 14:17:43.560148 # [INFO ] Executing state file.managed for [/etc/samba/smb.conf] # [DEBUG ] In saltenv 'base', looking at rel_path 'sift/files/samba/smb.conf' to resolve 'salt://sift/files/samba/smb.conf' # [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/sift/files/samba/smb.conf' to resolve 'salt://sift/files/samba/smb.conf' # [DEBUG ] Fetching file from saltenv 'base', ** attempting ** 'salt://sift/files/samba/smb.conf' # [DEBUG ] No dest file found # [INFO ] Fetching file from saltenv 'base', ** done ** 'sift/files/samba/smb.conf' # [DEBUG ] Jinja search path: ['/var/cache/salt/minion/files/base'] # [INFO ] File changed: --- +++ @@ -1,25 +1,25 @@ -#======================= Global Settings ===================================== [global] - workgroup = sans - server string = SIFT WORKSTATION -; netbios name = siftworkstation - security = user - map to guest = bad user - dns proxy = no -; encrypt passwords = yes - guest ok = yes - guest account = sansforensics - name resolve order = host bcast lmhost wins - username map = /etc/samba/smbusers +workgroup = SANS +server string = SIFT WORKSTATION +netbios name = SIFTWORKSTATION +security = USER +map to guest = Bad User +dns proxy = no +name resolve order = host bcast lmhost wins +include = /etc/samba/smb-%L.conf +guest account = sansforensics [cases] - path = /cases - writeable = yes -; browseable = yes - guest ok = yes +path = /cases +browseable = yes +writeable = yes +guest ok = yes +inherit owner = yes +create mask = 744 +inherit permissions = yes [mnt] - path = /mnt -; writeable = No -; browseable = yes - guest ok = yes +path = /mnt +browseable = yes +read only = yes + # [INFO ] Completed state [/etc/samba/smb.conf] at time 14:17:43.584151 duration_in_ms=24.003 # [INFO ] Running state [smbd] at time 14:17:43.586867 # [INFO ] Executing state service.running for [smbd] # [INFO ] Executing command ['systemctl', 'status', 'smbd.service', '-n', '0'] in directory '/home/sansforensics' # [DEBUG ] stdout: * smbd.service - LSB: start Samba SMB/CIFS daemon (smbd) Loaded: loaded (/etc/init.d/smbd; bad; vendor preset: enabled) Active: active (running) since Thu 2017-09-07 14:11:06 UTC; 6min ago Docs: man:systemd-sysv-generator(8) Tasks: 3 Memory: 10.9M CPU: 241ms CGroup: /system.slice/smbd.service |-2879 /usr/sbin/smbd -D |-2889 /usr/sbin/smbd -D `-2897 /usr/sbin/smbd -D # [INFO ] Executing command ['systemctl', 'is-active', 'smbd.service'] in directory '/home/sansforensics' # [DEBUG ] output: active # [INFO ] Executing command ['systemctl', 'is-enabled', 'smbd.service'] in directory '/home/sansforensics' # [DEBUG ] output: smbd.service is not a native service, redirecting to systemd-sysv-install Executing /lib/systemd/systemd-sysv-install is-enabled smbd enabled # [INFO ] The service smbd is already running # [INFO ] Completed state [smbd] at time 14:17:43.862409 duration_in_ms=275.541 # [INFO ] Running state [smbd] at time 14:17:43.862585 # [INFO ] Executing state service.mod_watch for [smbd] # [INFO ] Executing command ['systemctl', 'is-active', 'smbd.service'] in directory '/home/sansforensics' # [DEBUG ] output: active # [DEBUG ] LazyLoaded service.full_restart # [INFO ] Executing command ['systemd-run', '--scope', 'systemctl', 'restart', 'smbd.service'] in directory '/home/sansforensics' # [DEBUG ] stderr: Running scope as unit run-r73532115fe0e4a8384ea59c016001c8a.scope. # [INFO ] {'smbd': True} # [INFO ] Completed state [smbd] at time 14:17:45.306287 duration_in_ms=1443.701 # [INFO ] Running state [nmbd] at time 14:17:45.311077 # [INFO ] Executing state service.running for [nmbd] # [INFO ] Executing command ['systemctl', 'status', 'nmbd.service', '-n', '0'] in directory '/home/sansforensics' # [DEBUG ] stdout: * nmbd.service - LSB: start Samba NetBIOS nameserver (nmbd) Loaded: loaded (/etc/init.d/nmbd; bad; vendor preset: enabled) Active: active (running) since Thu 2017-09-07 14:11:05 UTC; 6min ago Docs: man:systemd-sysv-generator(8) Tasks: 1 Memory: 14.2M CPU: 1.308s CGroup: /system.slice/nmbd.service `-2846 /usr/sbin/nmbd -D # [INFO ] Executing command ['systemctl', 'is-active', 'nmbd.service'] in directory '/home/sansforensics' # [DEBUG ] output: active # [INFO ] Executing command ['systemctl', 'is-enabled', 'nmbd.service'] in directory '/home/sansforensics' # [DEBUG ] output: nmbd.service is not a native service, redirecting to systemd-sysv-install Executing /lib/systemd/systemd-sysv-install is-enabled nmbd enabled # [INFO ] The service nmbd is already running # [INFO ] Completed state [nmbd] at time 14:17:45.608165 duration_in_ms=297.088 # [INFO ] Running state [nmbd] at time 14:17:45.608341 # [INFO ] Executing state service.mod_watch for [nmbd] # [INFO ] Executing command ['systemctl', 'is-active', 'nmbd.service'] in directory '/home/sansforensics' # [DEBUG ] output: active # [DEBUG ] LazyLoaded service.full_restart # [INFO ] Executing command ['systemd-run', '--scope', 'systemctl', 'restart', 'nmbd.service'] in directory '/home/sansforensics' # [DEBUG ] stderr: Running scope as unit run-r0307389a526642d3b25076bd526ca2ff.scope. # [INFO ] {'nmbd': True} # [INFO ] Completed state [nmbd] at time 14:17:47.066961 duration_in_ms=1458.616 # [INFO ] Running state [sift-config] at time 14:17:47.093766 # [INFO ] Executing state test.nop for [sift-config] # [INFO ] Success! # [INFO ] Completed state [sift-config] at time 14:17:47.095503 duration_in_ms=1.738 # [DEBUG ] File /var/cache/salt/minion/accumulator/139799486066640 does not exist, no need to cleanup. # [DEBUG ] LazyLoaded yaml.output local: archive_|-sift-scripts-virustotal-search-archive_|-/usr/local/src/virustotal-search-v0.1.4_|-extracted: __id__: sift-scripts-virustotal-search-archive __run_num__: 419 __sls__: sift.scripts.virustotal-tools changes: {} comment: All files in archive are already present duration: 908.115 name: /usr/local/src/virustotal-search-v0.1.4 result: true start_time: '14:17:40.318765' archive_|-sift-scripts-virustotal-submit-archive_|-/usr/local/src/virustotal-submit-v0.0.3_|-extracted: __id__: sift-scripts-virustotal-submit-archive __run_num__: 421 __sls__: sift.scripts.virustotal-tools changes: {} comment: All files in archive are already present duration: 734.056 name: /usr/local/src/virustotal-submit-v0.0.3 result: true start_time: '14:17:41.253680' archive_|-sift-tool-densityscout-archive_|-/usr/local/src/densityscout/densityscout_build_45_linux_|-extracted: __id__: sift-tool-densityscout-archive __run_num__: 270 __sls__: sift.tools.densityscout changes: {} comment: /usr/local/bin/densityscout-build-45 exists duration: 338.493 name: /usr/local/src/densityscout/densityscout_build_45_linux result: true start_time: '14:16:49.485128' cmd_|-hostname-set-hostname_|-hostnamectl set-hostname siftworkstation_|-run: __id__: hostname-set-hostname __run_num__: 426 __sls__: sift.config.hostname changes: {} comment: unless execution succeeded duration: 97.557 name: hostnamectl set-hostname siftworkstation result: true skip_watch: true start_time: '14:17:42.329932' ? cmd_|-sift-package-perl-cpan-configure_|-perl -MCPAN -e 'my $c = "CPAN::HandleConfig"; $c->load(doit => 1, autoconfig => 1); $c->edit(prerequisites_policy => "follow"); $c->edit(build_requires_install_policy => "yes"); $c->commit'_|-wait : __id__: sift-package-perl-cpan-configure __run_num__: 141 __sls__: sift.packages.perl changes: {} comment: '' duration: 0.646 name: perl -MCPAN -e 'my $c = "CPAN::HandleConfig"; $c->load(doit => 1, autoconfig => 1); $c->edit(prerequisites_policy => "follow"); $c->edit(build_requires_install_policy => "yes"); $c->commit' result: true start_time: '14:12:33.412199' ? 'cmd_|-sift-scripts-regripper-plugins-all_|-grep -R "my %config = (hive" /usr/local/share/regripper/plugins | grep "All" | cut -f1 -d: | xargs -n1 -I{} basename {} | sed ''s/.pl$//'' > /usr/local/share/regripper/plugins/all_|-wait' : __id__: sift-scripts-regripper-plugins-all __run_num__: 392 __sls__: sift.scripts.regripper changes: pid: 20941 retcode: 0 stderr: '' stdout: '' comment: 'Command "grep -R "my %config = (hive" /usr/local/share/regripper/plugins | grep "All" | cut -f1 -d: | xargs -n1 -I{} basename {} | sed ''s/.pl$//'' > /usr/local/share/regripper/plugins/all" run' duration: 339.417 name: 'grep -R "my %config = (hive" /usr/local/share/regripper/plugins | grep "All" | cut -f1 -d: | xargs -n1 -I{} basename {} | sed ''s/.pl$//'' > /usr/local/share/regripper/plugins/all' result: true start_time: '14:17:33.553732' ? 'cmd_|-sift-scripts-regripper-plugins-ntuser_|-grep -R "my %config = (hive" /usr/local/share/regripper/plugins | grep "NTUSER" | cut -f1 -d: | xargs -n1 -I{} basename {} | sed ''s/.pl$//'' > /usr/local/share/regripper/plugins/ntuser_|-wait' : __id__: sift-scripts-regripper-plugins-ntuser __run_num__: 394 __sls__: sift.scripts.regripper changes: pid: 20958 retcode: 0 stderr: '' stdout: '' comment: 'Command "grep -R "my %config = (hive" /usr/local/share/regripper/plugins | grep "NTUSER" | cut -f1 -d: | xargs -n1 -I{} basename {} | sed ''s/.pl$//'' > /usr/local/share/regripper/plugins/ntuser" run' duration: 436.648 name: 'grep -R "my %config = (hive" /usr/local/share/regripper/plugins | grep "NTUSER" | cut -f1 -d: | xargs -n1 -I{} basename {} | sed ''s/.pl$//'' > /usr/local/share/regripper/plugins/ntuser' result: true start_time: '14:17:33.904601' ? 'cmd_|-sift-scripts-regripper-plugins-sam_|-grep -R "my %config = (hive" /usr/local/share/regripper/plugins | grep "SAM" | cut -f1 -d: | xargs -n1 -I{} basename {} | sed ''s/.pl$//'' > /usr/local/share/regripper/plugins/sam_|-wait' : __id__: sift-scripts-regripper-plugins-sam __run_num__: 398 __sls__: sift.scripts.regripper changes: pid: 21133 retcode: 0 stderr: '' stdout: '' comment: 'Command "grep -R "my %config = (hive" /usr/local/share/regripper/plugins | grep "SAM" | cut -f1 -d: | xargs -n1 -I{} basename {} | sed ''s/.pl$//'' > /usr/local/share/regripper/plugins/sam" run' duration: 173.986 name: 'grep -R "my %config = (hive" /usr/local/share/regripper/plugins | grep "SAM" | cut -f1 -d: | xargs -n1 -I{} basename {} | sed ''s/.pl$//'' > /usr/local/share/regripper/plugins/sam' result: true start_time: '14:17:34.505575' ? 'cmd_|-sift-scripts-regripper-plugins-security_|-grep -R "my %config = (hive" /usr/local/share/regripper/plugins | grep "Security" | cut -f1 -d: | xargs -n1 -I{} basename {} | sed ''s/.pl$//'' > /usr/local/share/regripper/plugins/security_|-wait' : __id__: sift-scripts-regripper-plugins-security __run_num__: 400 __sls__: sift.scripts.regripper changes: pid: 21141 retcode: 0 stderr: '' stdout: '' comment: 'Command "grep -R "my %config = (hive" /usr/local/share/regripper/plugins | grep "Security" | cut -f1 -d: | xargs -n1 -I{} basename {} | sed ''s/.pl$//'' > /usr/local/share/regripper/plugins/security" run' duration: 143.469 name: 'grep -R "my %config = (hive" /usr/local/share/regripper/plugins | grep "Security" | cut -f1 -d: | xargs -n1 -I{} basename {} | sed ''s/.pl$//'' > /usr/local/share/regripper/plugins/security' result: true start_time: '14:17:34.683612' ? 'cmd_|-sift-scripts-regripper-plugins-software_|-grep -R "my %config = (hive" /usr/local/share/regripper/plugins | grep "Software" | cut -f1 -d: | xargs -n1 -I{} basename {} | sed ''s/.pl$//'' > /usr/local/share/regripper/plugins/software_|-wait' : __id__: sift-scripts-regripper-plugins-software __run_num__: 402 __sls__: sift.scripts.regripper changes: pid: 21153 retcode: 0 stderr: '' stdout: '' comment: 'Command "grep -R "my %config = (hive" /usr/local/share/regripper/plugins | grep "Software" | cut -f1 -d: | xargs -n1 -I{} basename {} | sed ''s/.pl$//'' > /usr/local/share/regripper/plugins/software" run' duration: 214.831 name: 'grep -R "my %config = (hive" /usr/local/share/regripper/plugins | grep "Software" | cut -f1 -d: | xargs -n1 -I{} basename {} | sed ''s/.pl$//'' > /usr/local/share/regripper/plugins/software' result: true start_time: '14:17:34.830949' ? 'cmd_|-sift-scripts-regripper-plugins-system_|-grep -R "my %config = (hive" /usr/local/share/regripper/plugins | grep "System" | cut -f1 -d: | xargs -n1 -I{} basename {} | sed ''s/.pl$//'' > /usr/local/share/regripper/plugins/system_|-wait' : __id__: sift-scripts-regripper-plugins-system __run_num__: 404 __sls__: sift.scripts.regripper changes: pid: 21258 retcode: 0 stderr: '' stdout: '' comment: 'Command "grep -R "my %config = (hive" /usr/local/share/regripper/plugins | grep "System" | cut -f1 -d: | xargs -n1 -I{} basename {} | sed ''s/.pl$//'' > /usr/local/share/regripper/plugins/system" run' duration: 207.86 name: 'grep -R "my %config = (hive" /usr/local/share/regripper/plugins | grep "System" | cut -f1 -d: | xargs -n1 -I{} basename {} | sed ''s/.pl$//'' > /usr/local/share/regripper/plugins/system' result: true start_time: '14:17:35.057466' ? 'cmd_|-sift-scripts-regripper-plugins-usrclass_|-grep -R "my %config = (hive" /usr/local/share/regripper/plugins | grep "USRCLASS" | cut -f1 -d: | xargs -n1 -I{} basename {} | sed ''s/.pl$//'' > /usr/local/share/regripper/plugins/usrclass_|-wait' : __id__: sift-scripts-regripper-plugins-usrclass __run_num__: 396 __sls__: sift.scripts.regripper changes: pid: 21119 retcode: 0 stderr: '' stdout: '' comment: 'Command "grep -R "my %config = (hive" /usr/local/share/regripper/plugins | grep "USRCLASS" | cut -f1 -d: | xargs -n1 -I{} basename {} | sed ''s/.pl$//'' > /usr/local/share/regripper/plugins/usrclass" run' duration: 134.968 name: 'grep -R "my %config = (hive" /usr/local/share/regripper/plugins | grep "USRCLASS" | cut -f1 -d: | xargs -n1 -I{} basename {} | sed ''s/.pl$//'' > /usr/local/share/regripper/plugins/usrclass' result: true start_time: '14:17:34.366703' cmd_|-sift-wine-i386-arch_|-dpkg --add-architecture i386_|-run: __id__: sift-wine-i386-arch __run_num__: 237 __sls__: sift.packages.wine changes: {} comment: unless execution succeeded duration: 92.28 name: dpkg --add-architecture i386 result: true skip_watch: true start_time: '14:13:23.161100' file_|-/mnt/aff_|-/mnt/aff_|-directory: __id__: /mnt/aff __run_num__: 453 __sls__: sift.config.folders changes: {} comment: 'Directory /mnt/aff is in the correct state Directory /mnt/aff updated' duration: 2.349 name: /mnt/aff pchanges: {} result: true start_time: '14:17:43.146748' file_|-/mnt/bde_|-/mnt/bde_|-directory: __id__: /mnt/bde __run_num__: 455 __sls__: sift.config.folders changes: {} comment: 'Directory /mnt/bde is in the correct state Directory /mnt/bde updated' duration: 1.594 name: /mnt/bde pchanges: {} result: true start_time: '14:17:43.151333' file_|-/mnt/e01_|-/mnt/e01_|-directory: __id__: /mnt/e01 __run_num__: 452 __sls__: sift.config.folders changes: {} comment: 'Directory /mnt/e01 is in the correct state Directory /mnt/e01 updated' duration: 3.059 name: /mnt/e01 pchanges: {} result: true start_time: '14:17:43.143254' file_|-/mnt/ewf_|-/mnt/ewf_|-directory: __id__: /mnt/ewf __run_num__: 454 __sls__: sift.config.folders changes: {} comment: 'Directory /mnt/ewf is in the correct state Directory /mnt/ewf updated' duration: 1.719 name: /mnt/ewf pchanges: {} result: true start_time: '14:17:43.149360' file_|-/mnt/iscsi_|-/mnt/iscsi_|-directory: __id__: /mnt/iscsi __run_num__: 456 __sls__: sift.config.folders changes: {} comment: 'Directory /mnt/iscsi is in the correct state Directory /mnt/iscsi updated' duration: 1.795 name: /mnt/iscsi pchanges: {} result: true start_time: '14:17:43.153174' file_|-/mnt/shadow/vss10_|-/mnt/shadow/vss10_|-directory: __id__: /mnt/shadow/vss10 __run_num__: 471 __sls__: sift.config.folders changes: {} comment: 'Directory /mnt/shadow/vss10 is in the correct state Directory /mnt/shadow/vss10 updated' duration: 1.713 name: /mnt/shadow/vss10 pchanges: {} result: true start_time: '14:17:43.187934' file_|-/mnt/shadow/vss11_|-/mnt/shadow/vss11_|-directory: __id__: /mnt/shadow/vss11 __run_num__: 472 __sls__: sift.config.folders changes: {} comment: 'Directory /mnt/shadow/vss11 is in the correct state Directory /mnt/shadow/vss11 updated' duration: 1.555 name: /mnt/shadow/vss11 pchanges: {} result: true start_time: '14:17:43.189901' file_|-/mnt/shadow/vss12_|-/mnt/shadow/vss12_|-directory: __id__: /mnt/shadow/vss12 __run_num__: 473 __sls__: sift.config.folders changes: {} comment: 'Directory /mnt/shadow/vss12 is in the correct state Directory /mnt/shadow/vss12 updated' duration: 1.686 name: /mnt/shadow/vss12 pchanges: {} result: true start_time: '14:17:43.191723' file_|-/mnt/shadow/vss13_|-/mnt/shadow/vss13_|-directory: __id__: /mnt/shadow/vss13 __run_num__: 474 __sls__: sift.config.folders changes: {} comment: 'Directory /mnt/shadow/vss13 is in the correct state Directory /mnt/shadow/vss13 updated' duration: 1.585 name: /mnt/shadow/vss13 pchanges: {} result: true start_time: '14:17:43.193665' file_|-/mnt/shadow/vss14_|-/mnt/shadow/vss14_|-directory: __id__: /mnt/shadow/vss14 __run_num__: 475 __sls__: sift.config.folders changes: {} comment: 'Directory /mnt/shadow/vss14 is in the correct state Directory /mnt/shadow/vss14 updated' duration: 1.58 name: /mnt/shadow/vss14 pchanges: {} result: true start_time: '14:17:43.195572' file_|-/mnt/shadow/vss15_|-/mnt/shadow/vss15_|-directory: __id__: /mnt/shadow/vss15 __run_num__: 476 __sls__: sift.config.folders changes: {} comment: 'Directory /mnt/shadow/vss15 is in the correct state Directory /mnt/shadow/vss15 updated' duration: 1.389 name: /mnt/shadow/vss15 pchanges: {} result: true start_time: '14:17:43.197399' file_|-/mnt/shadow/vss16_|-/mnt/shadow/vss16_|-directory: __id__: /mnt/shadow/vss16 __run_num__: 477 __sls__: sift.config.folders changes: {} comment: 'Directory /mnt/shadow/vss16 is in the correct state Directory /mnt/shadow/vss16 updated' duration: 1.356 name: /mnt/shadow/vss16 pchanges: {} result: true start_time: '14:17:43.199010' file_|-/mnt/shadow/vss17_|-/mnt/shadow/vss17_|-directory: __id__: /mnt/shadow/vss17 __run_num__: 478 __sls__: sift.config.folders changes: {} comment: 'Directory /mnt/shadow/vss17 is in the correct state Directory /mnt/shadow/vss17 updated' duration: 1.358 name: /mnt/shadow/vss17 pchanges: {} result: true start_time: '14:17:43.200590' file_|-/mnt/shadow/vss18_|-/mnt/shadow/vss18_|-directory: __id__: /mnt/shadow/vss18 __run_num__: 479 __sls__: sift.config.folders changes: {} comment: 'Directory /mnt/shadow/vss18 is in the correct state Directory /mnt/shadow/vss18 updated' duration: 1.297 name: /mnt/shadow/vss18 pchanges: {} result: true start_time: '14:17:43.202170' file_|-/mnt/shadow/vss19_|-/mnt/shadow/vss19_|-directory: __id__: /mnt/shadow/vss19 __run_num__: 480 __sls__: sift.config.folders changes: {} comment: 'Directory /mnt/shadow/vss19 is in the correct state Directory /mnt/shadow/vss19 updated' duration: 1.479 name: /mnt/shadow/vss19 pchanges: {} result: true start_time: '14:17:43.203708' file_|-/mnt/shadow/vss1_|-/mnt/shadow/vss1_|-directory: __id__: /mnt/shadow/vss1 __run_num__: 462 __sls__: sift.config.folders changes: {} comment: 'Directory /mnt/shadow/vss1 is in the correct state Directory /mnt/shadow/vss1 updated' duration: 1.483 name: /mnt/shadow/vss1 pchanges: {} result: true start_time: '14:17:43.165952' file_|-/mnt/shadow/vss20_|-/mnt/shadow/vss20_|-directory: __id__: /mnt/shadow/vss20 __run_num__: 481 __sls__: sift.config.folders changes: {} comment: 'Directory /mnt/shadow/vss20 is in the correct state Directory /mnt/shadow/vss20 updated' duration: 1.369 name: /mnt/shadow/vss20 pchanges: {} result: true start_time: '14:17:43.205437' file_|-/mnt/shadow/vss21_|-/mnt/shadow/vss21_|-directory: __id__: /mnt/shadow/vss21 __run_num__: 482 __sls__: sift.config.folders changes: {} comment: 'Directory /mnt/shadow/vss21 is in the correct state Directory /mnt/shadow/vss21 updated' duration: 1.479 name: /mnt/shadow/vss21 pchanges: {} result: true start_time: '14:17:43.207045' file_|-/mnt/shadow/vss22_|-/mnt/shadow/vss22_|-directory: __id__: /mnt/shadow/vss22 __run_num__: 483 __sls__: sift.config.folders changes: {} comment: 'Directory /mnt/shadow/vss22 is in the correct state Directory /mnt/shadow/vss22 updated' duration: 1.754 name: /mnt/shadow/vss22 pchanges: {} result: true start_time: '14:17:43.208842' file_|-/mnt/shadow/vss23_|-/mnt/shadow/vss23_|-directory: __id__: /mnt/shadow/vss23 __run_num__: 484 __sls__: sift.config.folders changes: {} comment: 'Directory /mnt/shadow/vss23 is in the correct state Directory /mnt/shadow/vss23 updated' duration: 1.993 name: /mnt/shadow/vss23 pchanges: {} result: true start_time: '14:17:43.210899' file_|-/mnt/shadow/vss24_|-/mnt/shadow/vss24_|-directory: __id__: /mnt/shadow/vss24 __run_num__: 485 __sls__: sift.config.folders changes: {} comment: 'Directory /mnt/shadow/vss24 is in the correct state Directory /mnt/shadow/vss24 updated' duration: 1.603 name: /mnt/shadow/vss24 pchanges: {} result: true start_time: '14:17:43.213191' file_|-/mnt/shadow/vss25_|-/mnt/shadow/vss25_|-directory: __id__: /mnt/shadow/vss25 __run_num__: 486 __sls__: sift.config.folders changes: {} comment: 'Directory /mnt/shadow/vss25 is in the correct state Directory /mnt/shadow/vss25 updated' duration: 1.486 name: /mnt/shadow/vss25 pchanges: {} result: true start_time: '14:17:43.215032' file_|-/mnt/shadow/vss26_|-/mnt/shadow/vss26_|-directory: __id__: /mnt/shadow/vss26 __run_num__: 487 __sls__: sift.config.folders changes: {} comment: 'Directory /mnt/shadow/vss26 is in the correct state Directory /mnt/shadow/vss26 updated' duration: 1.435 name: /mnt/shadow/vss26 pchanges: {} result: true start_time: '14:17:43.216755' file_|-/mnt/shadow/vss27_|-/mnt/shadow/vss27_|-directory: __id__: /mnt/shadow/vss27 __run_num__: 488 __sls__: sift.config.folders changes: {} comment: 'Directory /mnt/shadow/vss27 is in the correct state Directory /mnt/shadow/vss27 updated' duration: 1.815 name: /mnt/shadow/vss27 pchanges: {} result: true start_time: '14:17:43.218422' file_|-/mnt/shadow/vss28_|-/mnt/shadow/vss28_|-directory: __id__: /mnt/shadow/vss28 __run_num__: 489 __sls__: sift.config.folders changes: {} comment: 'Directory /mnt/shadow/vss28 is in the correct state Directory /mnt/shadow/vss28 updated' duration: 1.623 name: /mnt/shadow/vss28 pchanges: {} result: true start_time: '14:17:43.220513' file_|-/mnt/shadow/vss29_|-/mnt/shadow/vss29_|-directory: __id__: /mnt/shadow/vss29 __run_num__: 490 __sls__: sift.config.folders changes: {} comment: 'Directory /mnt/shadow/vss29 is in the correct state Directory /mnt/shadow/vss29 updated' duration: 1.492 name: /mnt/shadow/vss29 pchanges: {} result: true start_time: '14:17:43.222384' file_|-/mnt/shadow/vss2_|-/mnt/shadow/vss2_|-directory: __id__: /mnt/shadow/vss2 __run_num__: 463 __sls__: sift.config.folders changes: {} comment: 'Directory /mnt/shadow/vss2 is in the correct state Directory /mnt/shadow/vss2 updated' duration: 2.346 name: /mnt/shadow/vss2 pchanges: {} result: true start_time: '14:17:43.167758' file_|-/mnt/shadow/vss30_|-/mnt/shadow/vss30_|-directory: __id__: /mnt/shadow/vss30 __run_num__: 491 __sls__: sift.config.folders changes: {} comment: 'Directory /mnt/shadow/vss30 is in the correct state Directory /mnt/shadow/vss30 updated' duration: 1.359 name: /mnt/shadow/vss30 pchanges: {} result: true start_time: '14:17:43.224133' file_|-/mnt/shadow/vss3_|-/mnt/shadow/vss3_|-directory: __id__: /mnt/shadow/vss3 __run_num__: 464 __sls__: sift.config.folders changes: {} comment: 'Directory /mnt/shadow/vss3 is in the correct state Directory /mnt/shadow/vss3 updated' duration: 2.675 name: /mnt/shadow/vss3 pchanges: {} result: true start_time: '14:17:43.170552' file_|-/mnt/shadow/vss4_|-/mnt/shadow/vss4_|-directory: __id__: /mnt/shadow/vss4 __run_num__: 465 __sls__: sift.config.folders changes: {} comment: 'Directory /mnt/shadow/vss4 is in the correct state Directory /mnt/shadow/vss4 updated' duration: 3.019 name: /mnt/shadow/vss4 pchanges: {} result: true start_time: '14:17:43.173838' file_|-/mnt/shadow/vss5_|-/mnt/shadow/vss5_|-directory: __id__: /mnt/shadow/vss5 __run_num__: 466 __sls__: sift.config.folders changes: {} comment: 'Directory /mnt/shadow/vss5 is in the correct state Directory /mnt/shadow/vss5 updated' duration: 2.49 name: /mnt/shadow/vss5 pchanges: {} result: true start_time: '14:17:43.177255' file_|-/mnt/shadow/vss6_|-/mnt/shadow/vss6_|-directory: __id__: /mnt/shadow/vss6 __run_num__: 467 __sls__: sift.config.folders changes: {} comment: 'Directory /mnt/shadow/vss6 is in the correct state Directory /mnt/shadow/vss6 updated' duration: 1.843 name: /mnt/shadow/vss6 pchanges: {} result: true start_time: '14:17:43.180150' file_|-/mnt/shadow/vss7_|-/mnt/shadow/vss7_|-directory: __id__: /mnt/shadow/vss7 __run_num__: 468 __sls__: sift.config.folders changes: {} comment: 'Directory /mnt/shadow/vss7 is in the correct state Directory /mnt/shadow/vss7 updated' duration: 1.761 name: /mnt/shadow/vss7 pchanges: {} result: true start_time: '14:17:43.182230' file_|-/mnt/shadow/vss8_|-/mnt/shadow/vss8_|-directory: __id__: /mnt/shadow/vss8 __run_num__: 469 __sls__: sift.config.folders changes: {} comment: 'Directory /mnt/shadow/vss8 is in the correct state Directory /mnt/shadow/vss8 updated' duration: 1.476 name: /mnt/shadow/vss8 pchanges: {} result: true start_time: '14:17:43.184237' file_|-/mnt/shadow/vss9_|-/mnt/shadow/vss9_|-directory: __id__: /mnt/shadow/vss9 __run_num__: 470 __sls__: sift.config.folders changes: {} comment: 'Directory /mnt/shadow/vss9 is in the correct state Directory /mnt/shadow/vss9 updated' duration: 1.567 name: /mnt/shadow/vss9 pchanges: {} result: true start_time: '14:17:43.185942' file_|-/mnt/shadow_|-/mnt/shadow_|-directory: __id__: /mnt/shadow __run_num__: 450 __sls__: sift.config.folders changes: {} comment: 'Directory /mnt/shadow is in the correct state Directory /mnt/shadow updated' duration: 4.007 name: /mnt/shadow pchanges: {} result: true start_time: '14:17:43.135907' file_|-/mnt/usb_|-/mnt/usb_|-directory: __id__: /mnt/usb __run_num__: 448 __sls__: sift.config.folders changes: {} comment: 'Directory /mnt/usb is in the correct state Directory /mnt/usb updated' duration: 3.805 name: /mnt/usb pchanges: {} result: true start_time: '14:17:43.126744' file_|-/mnt/vss_|-/mnt/vss_|-directory: __id__: /mnt/vss __run_num__: 449 __sls__: sift.config.folders changes: {} comment: 'Directory /mnt/vss is in the correct state Directory /mnt/vss updated' duration: 3.816 name: /mnt/vss pchanges: {} result: true start_time: '14:17:43.131461' file_|-/mnt/windows_mount1_|-/mnt/windows_mount1_|-directory: __id__: /mnt/windows_mount1 __run_num__: 457 __sls__: sift.config.folders changes: {} comment: 'Directory /mnt/windows_mount1 is in the correct state Directory /mnt/windows_mount1 updated' duration: 1.638 name: /mnt/windows_mount1 pchanges: {} result: true start_time: '14:17:43.155288' file_|-/mnt/windows_mount2_|-/mnt/windows_mount2_|-directory: __id__: /mnt/windows_mount2 __run_num__: 458 __sls__: sift.config.folders changes: {} comment: 'Directory /mnt/windows_mount2 is in the correct state Directory /mnt/windows_mount2 updated' duration: 2.474 name: /mnt/windows_mount2 pchanges: {} result: true start_time: '14:17:43.157202' file_|-/mnt/windows_mount3_|-/mnt/windows_mount3_|-directory: __id__: /mnt/windows_mount3 __run_num__: 459 __sls__: sift.config.folders changes: {} comment: 'Directory /mnt/windows_mount3 is in the correct state Directory /mnt/windows_mount3 updated' duration: 1.69 name: /mnt/windows_mount3 pchanges: {} result: true start_time: '14:17:43.160243' file_|-/mnt/windows_mount4_|-/mnt/windows_mount4_|-directory: __id__: /mnt/windows_mount4 __run_num__: 460 __sls__: sift.config.folders changes: {} comment: 'Directory /mnt/windows_mount4 is in the correct state Directory /mnt/windows_mount4 updated' duration: 1.663 name: /mnt/windows_mount4 pchanges: {} result: true start_time: '14:17:43.162156' file_|-/mnt/windows_mount5_|-/mnt/windows_mount5_|-directory: __id__: /mnt/windows_mount5 __run_num__: 461 __sls__: sift.config.folders changes: {} comment: 'Directory /mnt/windows_mount5 is in the correct state Directory /mnt/windows_mount5 updated' duration: 1.547 name: /mnt/windows_mount5 pchanges: {} result: true start_time: '14:17:43.164185' file_|-/mnt/windows_mount_|-/mnt/windows_mount_|-directory: __id__: /mnt/windows_mount __run_num__: 451 __sls__: sift.config.folders changes: {} comment: 'Directory /mnt/windows_mount is in the correct state Directory /mnt/windows_mount updated' duration: 2.539 name: /mnt/windows_mount pchanges: {} result: true start_time: '14:17:43.140283' file_|-bash-aliases-user-root_|-/root/.bash_aliases_|-append: __id__: bash-aliases-user-root __run_num__: 430 __sls__: sift.config.user.bash-aliases changes: {} comment: File /root/.bash_aliases is in correct state duration: 1.893 name: /root/.bash_aliases pchanges: {} result: true start_time: '14:17:42.439151' file_|-bash-aliases-user-sansforensics_|-/home/sansforensics/.bash_aliases_|-append: __id__: bash-aliases-user-sansforensics __run_num__: 429 __sls__: sift.config.user.bash-aliases changes: {} comment: File /home/sansforensics/.bash_aliases is in correct state duration: 2.396 name: /home/sansforensics/.bash_aliases pchanges: {} result: true start_time: '14:17:42.433201' file_|-config-folder-cases_|-/cases_|-directory: __id__: config-folder-cases __run_num__: 447 __sls__: sift.config.folders changes: {} comment: 'Directory /cases is in the correct state Directory /cases updated' duration: 3.364 name: /cases pchanges: {} result: true start_time: '14:17:43.122897' file_|-folders-config-autostart_|-/home/sansforensics/.config/autostart_|-directory: __id__: folders-config-autostart __run_num__: 434 __sls__: sift.config.user.folders changes: {} comment: 'Directory /home/sansforensics/.config/autostart is in the correct state Directory /home/sansforensics/.config/autostart updated' duration: 1.431 name: /home/sansforensics/.config/autostart pchanges: {} result: true start_time: '14:17:42.456353' file_|-hostname-managed_|-/etc/hostname_|-managed: __id__: hostname-managed __run_num__: 425 __sls__: sift.config.hostname changes: {} comment: File /etc/hostname is in the correct state duration: 1.329 name: /etc/hostname pchanges: {} result: true start_time: '14:17:42.328453' file_|-pdfs-resource-copy_|-/home/sansforensics/Desktop_|-recurse: __id__: pdfs-resource-copy __run_num__: 435 __sls__: sift.config.user.pdfs changes: {} comment: The directory /home/sansforensics/Desktop is in the correct state duration: 374.428 name: /home/sansforensics/Desktop pchanges: {} result: true start_time: '14:17:42.460874' ? file_|-python-volatility-plugins-apihooksdeep.py-absent_|-/usr/lib/python2.7/dist-packages/volatility/plugins/apihooksdeep.py_|-absent : __id__: python-volatility-plugins-apihooksdeep.py-absent __run_num__: 196 __sls__: sift.packages.python-volatility changes: {} comment: File /usr/lib/python2.7/dist-packages/volatility/plugins/apihooksdeep.py is not present duration: 0.701 name: /usr/lib/python2.7/dist-packages/volatility/plugins/apihooksdeep.py pchanges: {} result: true start_time: '14:13:22.922579' file_|-python-volatility-plugins-autoruns.py-absent_|-/usr/lib/python2.7/dist-packages/volatility/plugins/autoruns.py_|-absent: __id__: python-volatility-plugins-autoruns.py-absent __run_num__: 188 __sls__: sift.packages.python-volatility changes: {} comment: File /usr/lib/python2.7/dist-packages/volatility/plugins/autoruns.py is not present duration: 0.962 name: /usr/lib/python2.7/dist-packages/volatility/plugins/autoruns.py pchanges: {} result: true start_time: '14:13:22.871931' file_|-python-volatility-plugins-baseline.py-absent_|-/usr/lib/python2.7/dist-packages/volatility/plugins/baseline.py_|-absent: __id__: python-volatility-plugins-baseline.py-absent __run_num__: 191 __sls__: sift.packages.python-volatility changes: {} comment: File /usr/lib/python2.7/dist-packages/volatility/plugins/baseline.py is not present duration: 0.572 name: /usr/lib/python2.7/dist-packages/volatility/plugins/baseline.py pchanges: {} result: true start_time: '14:13:22.890856' ? file_|-python-volatility-plugins-chromehistory.py-absent_|-/usr/lib/python2.7/dist-packages/volatility/plugins/chromehistory.py_|-absent : __id__: python-volatility-plugins-chromehistory.py-absent __run_num__: 183 __sls__: sift.packages.python-volatility changes: {} comment: File /usr/lib/python2.7/dist-packages/volatility/plugins/chromehistory.py is not present duration: 0.564 name: /usr/lib/python2.7/dist-packages/volatility/plugins/chromehistory.py pchanges: {} result: true start_time: '14:13:22.840932' file_|-python-volatility-plugins-editbox.py-absent_|-/usr/lib/python2.7/dist-packages/volatility/plugins/editbox.py_|-absent: __id__: python-volatility-plugins-editbox.py-absent __run_num__: 197 __sls__: sift.packages.python-volatility changes: {} comment: File /usr/lib/python2.7/dist-packages/volatility/plugins/editbox.py is not present duration: 0.553 name: /usr/lib/python2.7/dist-packages/volatility/plugins/editbox.py pchanges: {} result: true start_time: '14:13:22.928613' ? file_|-python-volatility-plugins-firefoxhistory.py-absent_|-/usr/lib/python2.7/dist-packages/volatility/plugins/firefoxhistory.py_|-absent : __id__: python-volatility-plugins-firefoxhistory.py-absent __run_num__: 187 __sls__: sift.packages.python-volatility changes: {} comment: File /usr/lib/python2.7/dist-packages/volatility/plugins/firefoxhistory.py is not present duration: 0.734 name: /usr/lib/python2.7/dist-packages/volatility/plugins/firefoxhistory.py pchanges: {} result: true start_time: '14:13:22.865229' file_|-python-volatility-plugins-idxparser.py-absent_|-/usr/lib/python2.7/dist-packages/volatility/plugins/idxparser.py_|-absent: __id__: python-volatility-plugins-idxparser.py-absent __run_num__: 182 __sls__: sift.packages.python-volatility changes: {} comment: File /usr/lib/python2.7/dist-packages/volatility/plugins/idxparser.py is not present duration: 0.456 name: /usr/lib/python2.7/dist-packages/volatility/plugins/idxparser.py pchanges: {} result: true start_time: '14:13:22.835244' file_|-python-volatility-plugins-javarat.py-absent_|-/usr/lib/python2.7/dist-packages/volatility/plugins/javarat.py_|-absent: __id__: python-volatility-plugins-javarat.py-absent __run_num__: 198 __sls__: sift.packages.python-volatility changes: {} comment: File /usr/lib/python2.7/dist-packages/volatility/plugins/javarat.py is not present duration: 0.519 name: /usr/lib/python2.7/dist-packages/volatility/plugins/javarat.py pchanges: {} result: true start_time: '14:13:22.934086' ? file_|-python-volatility-plugins-malfinddeep.py-absent_|-/usr/lib/python2.7/dist-packages/volatility/plugins/malfinddeep.py_|-absent : __id__: python-volatility-plugins-malfinddeep.py-absent __run_num__: 189 __sls__: sift.packages.python-volatility changes: {} comment: File /usr/lib/python2.7/dist-packages/volatility/plugins/malfinddeep.py is not present duration: 0.622 name: /usr/lib/python2.7/dist-packages/volatility/plugins/malfinddeep.py pchanges: {} result: true start_time: '14:13:22.878463' ? file_|-python-volatility-plugins-malprocfind.py-absent_|-/usr/lib/python2.7/dist-packages/volatility/plugins/malprocfind.py_|-absent : __id__: python-volatility-plugins-malprocfind.py-absent __run_num__: 181 __sls__: sift.packages.python-volatility changes: {} comment: File /usr/lib/python2.7/dist-packages/volatility/plugins/malprocfind.py is not present duration: 0.64 name: /usr/lib/python2.7/dist-packages/volatility/plugins/malprocfind.py pchanges: {} result: true start_time: '14:13:22.829653' file_|-python-volatility-plugins-mimikatz.py-absent_|-/usr/lib/python2.7/dist-packages/volatility/plugins/mimikatz.py_|-absent: __id__: python-volatility-plugins-mimikatz.py-absent __run_num__: 184 __sls__: sift.packages.python-volatility changes: {} comment: File /usr/lib/python2.7/dist-packages/volatility/plugins/mimikatz.py is not present duration: 0.836 name: /usr/lib/python2.7/dist-packages/volatility/plugins/mimikatz.py pchanges: {} result: true start_time: '14:13:22.846628' ? file_|-python-volatility-plugins-openioc_scan.py-absent_|-/usr/lib/python2.7/dist-packages/volatility/plugins/openioc_scan.py_|-absent : __id__: python-volatility-plugins-openioc_scan.py-absent __run_num__: 185 __sls__: sift.packages.python-volatility changes: {} comment: File /usr/lib/python2.7/dist-packages/volatility/plugins/openioc_scan.py is not present duration: 0.942 name: /usr/lib/python2.7/dist-packages/volatility/plugins/openioc_scan.py pchanges: {} result: true start_time: '14:13:22.853061' file_|-python-volatility-plugins-prefetch.py-absent_|-/usr/lib/python2.7/dist-packages/volatility/plugins/prefetch.py_|-absent: __id__: python-volatility-plugins-prefetch.py-absent __run_num__: 190 __sls__: sift.packages.python-volatility changes: {} comment: File /usr/lib/python2.7/dist-packages/volatility/plugins/prefetch.py is not present duration: 0.61 name: /usr/lib/python2.7/dist-packages/volatility/plugins/prefetch.py pchanges: {} result: true start_time: '14:13:22.884149' file_|-python-volatility-plugins-pstotal.py-absent_|-/usr/lib/python2.7/dist-packages/volatility/plugins/pstotal.py_|-absent: __id__: python-volatility-plugins-pstotal.py-absent __run_num__: 186 __sls__: sift.packages.python-volatility changes: {} comment: File /usr/lib/python2.7/dist-packages/volatility/plugins/pstotal.py is not present duration: 0.529 name: /usr/lib/python2.7/dist-packages/volatility/plugins/pstotal.py pchanges: {} result: true start_time: '14:13:22.859486' ? file_|-python-volatility-plugins-ssdeepscan.py-absent_|-/usr/lib/python2.7/dist-packages/volatility/plugins/ssdeepscan.py_|-absent : __id__: python-volatility-plugins-ssdeepscan.py-absent __run_num__: 192 __sls__: sift.packages.python-volatility changes: {} comment: File /usr/lib/python2.7/dist-packages/volatility/plugins/ssdeepscan.py is not present duration: 0.496 name: /usr/lib/python2.7/dist-packages/volatility/plugins/ssdeepscan.py pchanges: {} result: true start_time: '14:13:22.896371' ? file_|-python-volatility-plugins-trustrecords.py-absent_|-/usr/lib/python2.7/dist-packages/volatility/plugins/trustrecords.py_|-absent : __id__: python-volatility-plugins-trustrecords.py-absent __run_num__: 194 __sls__: sift.packages.python-volatility changes: {} comment: File /usr/lib/python2.7/dist-packages/volatility/plugins/trustrecords.py is not present duration: 0.936 name: /usr/lib/python2.7/dist-packages/volatility/plugins/trustrecords.py pchanges: {} result: true start_time: '14:13:22.909094' ? file_|-python-volatility-plugins-uninstallinfo.py-absent_|-/usr/lib/python2.7/dist-packages/volatility/plugins/uninstallinfo.py_|-absent : __id__: python-volatility-plugins-uninstallinfo.py-absent __run_num__: 193 __sls__: sift.packages.python-volatility changes: {} comment: File /usr/lib/python2.7/dist-packages/volatility/plugins/uninstallinfo.py is not present duration: 0.505 name: /usr/lib/python2.7/dist-packages/volatility/plugins/uninstallinfo.py pchanges: {} result: true start_time: '14:13:22.901814' file_|-python-volatility-plugins-usnparser.py-absent_|-/usr/lib/python2.7/dist-packages/volatility/plugins/usnparser.py_|-absent: __id__: python-volatility-plugins-usnparser.py-absent __run_num__: 195 __sls__: sift.packages.python-volatility changes: {} comment: File /usr/lib/python2.7/dist-packages/volatility/plugins/usnparser.py is not present duration: 0.876 name: /usr/lib/python2.7/dist-packages/volatility/plugins/usnparser.py pchanges: {} result: true start_time: '14:13:22.915463' file_|-python-volatility-sift-plugins_|-/usr/lib/python2.7/dist-packages/volatility/plugins/sift/_|-recurse: __id__: python-volatility-sift-plugins __run_num__: 180 __sls__: sift.packages.python-volatility changes: /usr/lib/python2.7/dist-packages/volatility/plugins/sift/pstotal.py: diff: "--- \n+++ \n@@ -50,7 +50,7 @@\n def __init__(self, config,*args, **kwargs):\n common.AbstractWindowsCommand.__init__(self, config, *args, **kwargs)\n config.add_option('SHORT', short_option = 'S', default = False, help = 'Interesting processes only', action = 'store_true')\n- \ config.add_option('CMD', short_option = 'C', default = False, help = 'Display process command line. All {} removed', action = 'store_true')\n+ \ config.add_option('CMD', short_option = 'c', default = False, help = 'Display process command line. All {} removed', action = 'store_true')\n \ config.add_option('PATH', short_option = 'P', default = False, help = 'Display process image path', action = 'store_true')\n \n def render_text(self, outfd, data):\n" comment: Recursively updated /usr/lib/python2.7/dist-packages/volatility/plugins/sift/ duration: 148.94 name: /usr/lib/python2.7/dist-packages/volatility/plugins/sift/ pchanges: {} result: true start_time: '14:13:21.929862' file_|-rc-noclobber_|-/home/sansforensics/.bashrc_|-append: __id__: rc-noclobber __run_num__: 431 __sls__: sift.config.user.bash-rc changes: {} comment: File /home/sansforensics/.bashrc is in correct state duration: 2.071 name: /home/sansforensics/.bashrc pchanges: {} result: true start_time: '14:17:42.443660' file_|-rc-root-noclobber_|-/root/.bashrc_|-append: __id__: rc-root-noclobber __run_num__: 433 __sls__: sift.config.user.bash-rc changes: {} comment: File /root/.bashrc is in correct state duration: 1.364 name: /root/.bashrc pchanges: {} result: true start_time: '14:17:42.452554' file_|-rekall-path_|-/home/sansforensics/.bashrc_|-append: __id__: rekall-path __run_num__: 432 __sls__: sift.config.user.bash-rc changes: {} comment: File /home/sansforensics/.bashrc is in correct state duration: 1.755 name: /home/sansforensics/.bashrc pchanges: {} result: true start_time: '14:17:42.448294' file_|-scripts-java-idx-parser_|-/usr/local/bin/idx_parser.py_|-managed: __id__: scripts-java-idx-parser __run_num__: 319 __sls__: sift.scripts.java-idx-parser changes: {} comment: File /usr/local/bin/idx_parser.py is in the correct state duration: 270.849 name: /usr/local/bin/idx_parser.py pchanges: {} result: true start_time: '14:17:23.564468' file_|-scripts-page-brute_|-/usr/local/bin_|-recurse: __id__: scripts-page-brute __run_num__: 380 __sls__: sift.scripts.page-brute changes: {} comment: The directory /usr/local/bin is in the correct state duration: 81.197 name: /usr/local/bin pchanges: {} result: true start_time: '14:17:28.835889' file_|-scripts-pdf-tools_|-/usr/local/bin_|-recurse: __id__: scripts-pdf-tools __run_num__: 382 __sls__: sift.scripts.pdf-tools changes: {} comment: The directory /usr/local/bin is in the correct state duration: 167.864 name: /usr/local/bin pchanges: {} result: true start_time: '14:17:29.166337' file_|-scripts-sift-resources-audio_|-/usr/share/sift/audio_|-directory: __id__: scripts-sift-resources-audio __run_num__: 409 __sls__: sift.scripts.sift changes: {} comment: 'Directory /usr/share/sift/audio is in the correct state Directory /usr/share/sift/audio updated' duration: 0.821 name: /usr/share/sift/audio pchanges: {} result: true start_time: '14:17:36.361565' file_|-scripts-sift-resources-images_|-/usr/share/sift/images_|-directory: __id__: scripts-sift-resources-images __run_num__: 408 __sls__: sift.scripts.sift changes: {} comment: 'Directory /usr/share/sift/images is in the correct state Directory /usr/share/sift/images updated' duration: 0.809 name: /usr/share/sift/images pchanges: {} result: true start_time: '14:17:36.360589' file_|-scripts-sift-resources-other_|-/usr/share/sift/other_|-directory: __id__: scripts-sift-resources-other __run_num__: 410 __sls__: sift.scripts.sift changes: {} comment: 'Directory /usr/share/sift/other is in the correct state Directory /usr/share/sift/other updated' duration: 0.835 name: /usr/share/sift/other pchanges: {} result: true start_time: '14:17:36.362539' file_|-scripts-sift-resources-resources_|-/usr/share/sift/resources_|-directory: __id__: scripts-sift-resources-resources __run_num__: 407 __sls__: sift.scripts.sift changes: {} comment: 'Directory /usr/share/sift/resources is in the correct state Directory /usr/share/sift/resources updated' duration: 0.925 name: /usr/share/sift/resources pchanges: {} result: true start_time: '14:17:36.359513' file_|-scripts-sift-resources-scripts_|-/usr/share/sift/scripts_|-directory: __id__: scripts-sift-resources-scripts __run_num__: 411 __sls__: sift.scripts.sift changes: {} comment: 'Directory /usr/share/sift/scripts is in the correct state Directory /usr/share/sift/scripts updated' duration: 1.01 name: /usr/share/sift/scripts pchanges: {} result: true start_time: '14:17:36.363524' file_|-scripts-sorter-directory_|-/usr/share/tsk/sorter_|-directory: __id__: scripts-sorter-directory __run_num__: 413 __sls__: sift.scripts.sorter changes: {} comment: 'Directory /usr/share/tsk/sorter is in the correct state Directory /usr/share/tsk/sorter updated' duration: 0.852 name: /usr/share/tsk/sorter pchanges: {} result: true start_time: '14:17:36.853192' file_|-scripts-sorter-files_|-/usr/share/tsk/sorter_|-recurse: __id__: scripts-sorter-files __run_num__: 414 __sls__: sift.scripts.sorter changes: {} comment: The directory /usr/share/tsk/sorter is in the correct state duration: 139.461 name: /usr/share/tsk/sorter pchanges: {} result: true start_time: '14:17:36.856807' file_|-sift-powershell-source_|-/var/cache/sift/archives/powershell_6.0.0-alpha.13-1ubuntu1.16.04.1_amd64.deb_|-managed: __id__: sift-powershell-source __run_num__: 145 __sls__: sift.packages.powershell changes: {} comment: File /var/cache/sift/archives/powershell_6.0.0-alpha.13-1ubuntu1.16.04.1_amd64.deb is in the correct state duration: 11737.464 name: /var/cache/sift/archives/powershell_6.0.0-alpha.13-1ubuntu1.16.04.1_amd64.deb pchanges: {} result: true start_time: '14:12:33.434173' file_|-sift-resources_|-/usr/share/sift_|-recurse: __id__: sift-resources __run_num__: 412 __sls__: sift.scripts.sift changes: {} comment: The directory /usr/share/sift is in the correct state duration: 479.383 name: /usr/share/sift pchanges: {} result: true start_time: '14:17:36.373614' file_|-sift-samba-global-config_|-/etc/samba/smb.conf_|-managed: __id__: sift-samba-global-config __run_num__: 493 __sls__: sift.config.samba changes: diff: "--- \n+++ \n@@ -1,25 +1,25 @@\n-#======================= Global Settings ===================================== \n [global]\n-\tworkgroup = sans\n-\tserver string = SIFT WORKSTATION\n-;\tnetbios name = siftworkstation\n-\tsecurity = user\n-\tmap to guest = bad user\n-\tdns proxy = no\n-;\tencrypt passwords = yes\n-\tguest ok = yes\n-\tguest account = sansforensics\n-\tname resolve order = host bcast lmhost wins\n-\tusername map = /etc/samba/smbusers\n+workgroup = SANS \n+server string = SIFT WORKSTATION\n+netbios name = SIFTWORKSTATION\n+security = USER\n+map to guest = Bad User \n+dns proxy = no\n+name resolve order = host bcast lmhost wins\n+include = /etc/samba/smb-%L.conf\n+guest account = sansforensics\n \n [cases]\n-\tpath = /cases\n-\twriteable = yes\n-;\tbrowseable = yes\n-\tguest ok = yes\n+path = /cases\n+browseable = yes\n+writeable = yes\n+guest ok = yes\n+inherit owner = yes\n+create mask = 744\n+inherit permissions = yes\n \n [mnt]\n-\tpath = /mnt\n-;\twriteable = No\n-;\tbrowseable = yes\n-\tguest ok = yes\n+path = /mnt\n+browseable = yes\n+read only = yes\n+\n" comment: File /etc/samba/smb.conf updated duration: 24.003 name: /etc/samba/smb.conf pchanges: {} result: true start_time: '14:17:43.560148' file_|-sift-scripts-4n6-WP8_AppPerms.py_|-/usr/local/bin/WP8_AppPerms.py_|-copy: __id__: sift-scripts-4n6-WP8_AppPerms.py __run_num__: 276 __sls__: sift.scripts.4n6 changes: {} comment: The target file "/usr/local/bin/WP8_AppPerms.py" exists and will not be overwritten duration: 4.308 name: /usr/local/bin/WP8_AppPerms.py result: true start_time: '14:17:21.634558' file_|-sift-scripts-4n6-bing-bar-parser.pl_|-/usr/local/bin/bing-bar-parser.pl_|-copy: __id__: sift-scripts-4n6-bing-bar-parser.pl __run_num__: 277 __sls__: sift.scripts.4n6 changes: {} comment: The target file "/usr/local/bin/bing-bar-parser.pl" exists and will not be overwritten duration: 1.287 name: /usr/local/bin/bing-bar-parser.pl result: true start_time: '14:17:21.644457' file_|-sift-scripts-4n6-chunkymonkey.py_|-/usr/local/bin/chunkymonkey.py_|-copy: __id__: sift-scripts-4n6-chunkymonkey.py __run_num__: 278 __sls__: sift.scripts.4n6 changes: {} comment: The target file "/usr/local/bin/chunkymonkey.py" exists and will not be overwritten duration: 1.287 name: /usr/local/bin/chunkymonkey.py result: true start_time: '14:17:21.650921' file_|-sift-scripts-4n6-dextract.def_|-/usr/local/bin/dextract.def_|-copy: __id__: sift-scripts-4n6-dextract.def __run_num__: 279 __sls__: sift.scripts.4n6 changes: {} comment: The target file "/usr/local/bin/dextract.def" exists and will not be overwritten duration: 1.396 name: /usr/local/bin/dextract.def result: true start_time: '14:17:21.658503' file_|-sift-scripts-4n6-dextract.py_|-/usr/local/bin/dextract.py_|-copy: __id__: sift-scripts-4n6-dextract.py __run_num__: 280 __sls__: sift.scripts.4n6 changes: {} comment: The target file "/usr/local/bin/dextract.py" exists and will not be overwritten duration: 1.58 name: /usr/local/bin/dextract.py result: true start_time: '14:17:21.665308' file_|-sift-scripts-4n6-docx-font-extractor.pl_|-/usr/local/bin/docx-font-extractor.pl_|-copy: __id__: sift-scripts-4n6-docx-font-extractor.pl __run_num__: 281 __sls__: sift.scripts.4n6 changes: {} comment: The target file "/usr/local/bin/docx-font-extractor.pl" exists and will not be overwritten duration: 2.149 name: /usr/local/bin/docx-font-extractor.pl result: true start_time: '14:17:21.673030' file_|-sift-scripts-4n6-exif2map.pl_|-/usr/local/bin/exif2map.pl_|-copy: __id__: sift-scripts-4n6-exif2map.pl __run_num__: 282 __sls__: sift.scripts.4n6 changes: {} comment: The target file "/usr/local/bin/exif2map.pl" exists and will not be overwritten duration: 1.366 name: /usr/local/bin/exif2map.pl result: true start_time: '14:17:21.680866' file_|-sift-scripts-4n6-fbmsg-extractor.py_|-/usr/local/bin/fbmsg-extractor.py_|-copy: __id__: sift-scripts-4n6-fbmsg-extractor.py __run_num__: 283 __sls__: sift.scripts.4n6 changes: {} comment: The target file "/usr/local/bin/fbmsg-extractor.py" exists and will not be overwritten duration: 1.979 name: /usr/local/bin/fbmsg-extractor.py result: true start_time: '14:17:21.688040' file_|-sift-scripts-4n6-gis4cookie.pl_|-/usr/local/bin/gis4cookie.pl_|-copy: __id__: sift-scripts-4n6-gis4cookie.pl __run_num__: 284 __sls__: sift.scripts.4n6 changes: {} comment: The target file "/usr/local/bin/gis4cookie.pl" exists and will not be overwritten duration: 1.272 name: /usr/local/bin/gis4cookie.pl result: true start_time: '14:17:21.695817' file_|-sift-scripts-4n6-google-ei-time.py_|-/usr/local/bin/google-ei-time.py_|-copy: __id__: sift-scripts-4n6-google-ei-time.py __run_num__: 285 __sls__: sift.scripts.4n6 changes: {} comment: The target file "/usr/local/bin/google-ei-time.py" exists and will not be overwritten duration: 1.611 name: /usr/local/bin/google-ei-time.py result: true start_time: '14:17:21.702117' file_|-sift-scripts-4n6-imgcache-parse-mod.py_|-/usr/local/bin/imgcache-parse-mod.py_|-copy: __id__: sift-scripts-4n6-imgcache-parse-mod.py __run_num__: 286 __sls__: sift.scripts.4n6 changes: {} comment: The target file "/usr/local/bin/imgcache-parse-mod.py" exists and will not be overwritten duration: 2.134 name: /usr/local/bin/imgcache-parse-mod.py result: true start_time: '14:17:21.709501' file_|-sift-scripts-4n6-imgcache-parse.py_|-/usr/local/bin/imgcache-parse.py_|-copy: __id__: sift-scripts-4n6-imgcache-parse.py __run_num__: 287 __sls__: sift.scripts.4n6 changes: {} comment: The target file "/usr/local/bin/imgcache-parse.py" exists and will not be overwritten duration: 1.621 name: /usr/local/bin/imgcache-parse.py result: true start_time: '14:17:21.717217' file_|-sift-scripts-4n6-json-printer.pl_|-/usr/local/bin/json-printer.pl_|-copy: __id__: sift-scripts-4n6-json-printer.pl __run_num__: 288 __sls__: sift.scripts.4n6 changes: {} comment: The target file "/usr/local/bin/json-printer.pl" exists and will not be overwritten duration: 1.569 name: /usr/local/bin/json-printer.pl result: true start_time: '14:17:21.725381' file_|-sift-scripts-4n6-msoffice-pic-extractor.py_|-/usr/local/bin/msoffice-pic-extractor.py_|-copy: __id__: sift-scripts-4n6-msoffice-pic-extractor.py __run_num__: 289 __sls__: sift.scripts.4n6 changes: {} comment: The target file "/usr/local/bin/msoffice-pic-extractor.py" exists and will not be overwritten duration: 1.381 name: /usr/local/bin/msoffice-pic-extractor.py result: true start_time: '14:17:21.732586' file_|-sift-scripts-4n6-plist2db.py_|-/usr/local/bin/plist2db.py_|-copy: __id__: sift-scripts-4n6-plist2db.py __run_num__: 290 __sls__: sift.scripts.4n6 changes: {} comment: The target file "/usr/local/bin/plist2db.py" exists and will not be overwritten duration: 1.701 name: /usr/local/bin/plist2db.py result: true start_time: '14:17:21.740161' file_|-sift-scripts-4n6-print_apk_perms.py_|-/usr/local/bin/print_apk_perms.py_|-copy: __id__: sift-scripts-4n6-print_apk_perms.py __run_num__: 291 __sls__: sift.scripts.4n6 changes: {} comment: The target file "/usr/local/bin/print_apk_perms.py" exists and will not be overwritten duration: 1.338 name: /usr/local/bin/print_apk_perms.py result: true start_time: '14:17:21.747258' file_|-sift-scripts-4n6-s2-cellid2latlong.py_|-/usr/local/bin/s2-cellid2latlong.py_|-copy: __id__: sift-scripts-4n6-s2-cellid2latlong.py __run_num__: 292 __sls__: sift.scripts.4n6 changes: {} comment: The target file "/usr/local/bin/s2-cellid2latlong.py" exists and will not be overwritten duration: 2.042 name: /usr/local/bin/s2-cellid2latlong.py result: true start_time: '14:17:21.754401' file_|-sift-scripts-4n6-s2-latlong2cellid.py_|-/usr/local/bin/s2-latlong2cellid.py_|-copy: __id__: sift-scripts-4n6-s2-latlong2cellid.py __run_num__: 293 __sls__: sift.scripts.4n6 changes: {} comment: The target file "/usr/local/bin/s2-latlong2cellid.py" exists and will not be overwritten duration: 1.634 name: /usr/local/bin/s2-latlong2cellid.py result: true start_time: '14:17:21.762800' file_|-sift-scripts-4n6-sms-grep-sample-config.txt_|-/usr/local/bin/sms-grep-sample-config.txt_|-copy: __id__: sift-scripts-4n6-sms-grep-sample-config.txt __run_num__: 294 __sls__: sift.scripts.4n6 changes: {} comment: The target file "/usr/local/bin/sms-grep-sample-config.txt" exists and will not be overwritten duration: 1.96 name: /usr/local/bin/sms-grep-sample-config.txt result: true start_time: '14:17:21.770915' file_|-sift-scripts-4n6-sms-grep.pl_|-/usr/local/bin/sms-grep.pl_|-copy: __id__: sift-scripts-4n6-sms-grep.pl __run_num__: 295 __sls__: sift.scripts.4n6 changes: {} comment: The target file "/usr/local/bin/sms-grep.pl" exists and will not be overwritten duration: 1.351 name: /usr/local/bin/sms-grep.pl result: true start_time: '14:17:21.778517' file_|-sift-scripts-4n6-sqlite-base64-decode.py_|-/usr/local/bin/sqlite-base64-decode.py_|-copy: __id__: sift-scripts-4n6-sqlite-base64-decode.py __run_num__: 296 __sls__: sift.scripts.4n6 changes: {} comment: The target file "/usr/local/bin/sqlite-base64-decode.py" exists and will not be overwritten duration: 1.937 name: /usr/local/bin/sqlite-base64-decode.py result: true start_time: '14:17:21.785805' file_|-sift-scripts-4n6-sqlite-blob-dumper.py_|-/usr/local/bin/sqlite-blob-dumper.py_|-copy: __id__: sift-scripts-4n6-sqlite-blob-dumper.py __run_num__: 297 __sls__: sift.scripts.4n6 changes: {} comment: The target file "/usr/local/bin/sqlite-blob-dumper.py" exists and will not be overwritten duration: 1.373 name: /usr/local/bin/sqlite-blob-dumper.py result: true start_time: '14:17:21.793553' file_|-sift-scripts-4n6-sqlite-parser.pl_|-/usr/local/bin/sqlite-parser.pl_|-copy: __id__: sift-scripts-4n6-sqlite-parser.pl __run_num__: 298 __sls__: sift.scripts.4n6 changes: {} comment: The target file "/usr/local/bin/sqlite-parser.pl" exists and will not be overwritten duration: 1.635 name: /usr/local/bin/sqlite-parser.pl result: true start_time: '14:17:21.800687' file_|-sift-scripts-4n6-squirrelgripper-README.txt_|-/usr/local/bin/squirrelgripper-README.txt_|-copy: __id__: sift-scripts-4n6-squirrelgripper-README.txt __run_num__: 299 __sls__: sift.scripts.4n6 changes: {} comment: The target file "/usr/local/bin/squirrelgripper-README.txt" exists and will not be overwritten duration: 1.817 name: /usr/local/bin/squirrelgripper-README.txt result: true start_time: '14:17:21.809012' file_|-sift-scripts-4n6-squirrelgripper.pl_|-/usr/local/bin/squirrelgripper.pl_|-copy: __id__: sift-scripts-4n6-squirrelgripper.pl __run_num__: 300 __sls__: sift.scripts.4n6 changes: {} comment: The target file "/usr/local/bin/squirrelgripper.pl" exists and will not be overwritten duration: 1.454 name: /usr/local/bin/squirrelgripper.pl result: true start_time: '14:17:21.816648' file_|-sift-scripts-4n6-timediff32.pl_|-/usr/local/bin/timediff32.pl_|-copy: __id__: sift-scripts-4n6-timediff32.pl __run_num__: 301 __sls__: sift.scripts.4n6 changes: {} comment: The target file "/usr/local/bin/timediff32.pl" exists and will not be overwritten duration: 1.95 name: /usr/local/bin/timediff32.pl result: true start_time: '14:17:21.824230' file_|-sift-scripts-4n6-vmail-db-2-html.pl_|-/usr/local/bin/vmail-db-2-html.pl_|-copy: __id__: sift-scripts-4n6-vmail-db-2-html.pl __run_num__: 302 __sls__: sift.scripts.4n6 changes: {} comment: The target file "/usr/local/bin/vmail-db-2-html.pl" exists and will not be overwritten duration: 1.146 name: /usr/local/bin/vmail-db-2-html.pl result: true start_time: '14:17:21.831252' file_|-sift-scripts-4n6-wp8-1-callhistory.py_|-/usr/local/bin/wp8-1-callhistory.py_|-copy: __id__: sift-scripts-4n6-wp8-1-callhistory.py __run_num__: 303 __sls__: sift.scripts.4n6 changes: {} comment: The target file "/usr/local/bin/wp8-1-callhistory.py" exists and will not be overwritten duration: 1.95 name: /usr/local/bin/wp8-1-callhistory.py result: true start_time: '14:17:21.837942' file_|-sift-scripts-4n6-wp8-1-contacts.py_|-/usr/local/bin/wp8-1-contacts.py_|-copy: __id__: sift-scripts-4n6-wp8-1-contacts.py __run_num__: 304 __sls__: sift.scripts.4n6 changes: {} comment: The target file "/usr/local/bin/wp8-1-contacts.py" exists and will not be overwritten duration: 1.252 name: /usr/local/bin/wp8-1-contacts.py result: true start_time: '14:17:21.848474' file_|-sift-scripts-4n6-wp8-1-mms-filesort.py_|-/usr/local/bin/wp8-1-mms-filesort.py_|-copy: __id__: sift-scripts-4n6-wp8-1-mms-filesort.py __run_num__: 305 __sls__: sift.scripts.4n6 changes: {} comment: The target file "/usr/local/bin/wp8-1-mms-filesort.py" exists and will not be overwritten duration: 1.556 name: /usr/local/bin/wp8-1-mms-filesort.py result: true start_time: '14:17:21.857719' file_|-sift-scripts-4n6-wp8-1-mms.py_|-/usr/local/bin/wp8-1-mms.py_|-copy: __id__: sift-scripts-4n6-wp8-1-mms.py __run_num__: 306 __sls__: sift.scripts.4n6 changes: {} comment: The target file "/usr/local/bin/wp8-1-mms.py" exists and will not be overwritten duration: 2.941 name: /usr/local/bin/wp8-1-mms.py result: true start_time: '14:17:21.865037' file_|-sift-scripts-4n6-wp8-1-sms.py_|-/usr/local/bin/wp8-1-sms.py_|-copy: __id__: sift-scripts-4n6-wp8-1-sms.py __run_num__: 307 __sls__: sift.scripts.4n6 changes: {} comment: The target file "/usr/local/bin/wp8-1-sms.py" exists and will not be overwritten duration: 1.567 name: /usr/local/bin/wp8-1-sms.py result: true start_time: '14:17:21.873894' file_|-sift-scripts-4n6-wp8-callhistory.py_|-/usr/local/bin/wp8-callhistory.py_|-copy: __id__: sift-scripts-4n6-wp8-callhistory.py __run_num__: 308 __sls__: sift.scripts.4n6 changes: {} comment: The target file "/usr/local/bin/wp8-callhistory.py" exists and will not be overwritten duration: 1.226 name: /usr/local/bin/wp8-callhistory.py result: true start_time: '14:17:21.880666' file_|-sift-scripts-4n6-wp8-contacts.py_|-/usr/local/bin/wp8-contacts.py_|-copy: __id__: sift-scripts-4n6-wp8-contacts.py __run_num__: 309 __sls__: sift.scripts.4n6 changes: {} comment: The target file "/usr/local/bin/wp8-contacts.py" exists and will not be overwritten duration: 1.846 name: /usr/local/bin/wp8-contacts.py result: true start_time: '14:17:21.887944' file_|-sift-scripts-4n6-wp8-fb-msg.py_|-/usr/local/bin/wp8-fb-msg.py_|-copy: __id__: sift-scripts-4n6-wp8-fb-msg.py __run_num__: 310 __sls__: sift.scripts.4n6 changes: {} comment: The target file "/usr/local/bin/wp8-fb-msg.py" exists and will not be overwritten duration: 1.473 name: /usr/local/bin/wp8-fb-msg.py result: true start_time: '14:17:21.896002' file_|-sift-scripts-4n6-wp8-sha256-pin-finder.py_|-/usr/local/bin/wp8-sha256-pin-finder.py_|-copy: __id__: sift-scripts-4n6-wp8-sha256-pin-finder.py __run_num__: 311 __sls__: sift.scripts.4n6 changes: {} comment: The target file "/usr/local/bin/wp8-sha256-pin-finder.py" exists and will not be overwritten duration: 2.304 name: /usr/local/bin/wp8-sha256-pin-finder.py result: true start_time: '14:17:21.903716' file_|-sift-scripts-4n6-wp8-sms.py_|-/usr/local/bin/wp8-sms.py_|-copy: __id__: sift-scripts-4n6-wp8-sms.py __run_num__: 312 __sls__: sift.scripts.4n6 changes: {} comment: The target file "/usr/local/bin/wp8-sms.py" exists and will not be overwritten duration: 1.397 name: /usr/local/bin/wp8-sms.py result: true start_time: '14:17:21.911901' file_|-sift-scripts-4n6-wwf-chat-parser.py_|-/usr/local/bin/wwf-chat-parser.py_|-copy: __id__: sift-scripts-4n6-wwf-chat-parser.py __run_num__: 313 __sls__: sift.scripts.4n6 changes: {} comment: The target file "/usr/local/bin/wwf-chat-parser.py" exists and will not be overwritten duration: 1.557 name: /usr/local/bin/wwf-chat-parser.py result: true start_time: '14:17:21.918518' file_|-sift-scripts-amcache-shebang_|-/usr/local/bin/amcache.py_|-replace: __id__: sift-scripts-amcache-shebang __run_num__: 315 __sls__: sift.scripts.amcache changes: diff: "--- \n+++ \n@@ -1,4 +1,4 @@\n-#!/usr/bin/python\n+#!/usr/bin/env python\n # This file is part of python-registry.\n #\n # Copyright 2015 Will Ballenthin \n" comment: Changes were made duration: 4.759 name: /usr/local/bin/amcache.py pchanges: diff: "--- \n+++ \n@@ -1,4 +1,4 @@\n-#!/usr/bin/python\n+#!/usr/bin/env python\n # This file is part of python-registry.\n #\n # Copyright 2015 Will Ballenthin \n" result: true start_time: '14:17:23.075029' file_|-sift-scripts-amcache_|-/usr/local/bin/amcache.py_|-managed: __id__: sift-scripts-amcache __run_num__: 314 __sls__: sift.scripts.amcache changes: diff: "--- \n+++ \n@@ -1,4 +1,4 @@\n-#!/usr/bin/env python\n+#!/usr/bin/python\n # This file is part of python-registry.\n #\n # Copyright 2015 Will Ballenthin \n" comment: File /usr/local/bin/amcache.py updated duration: 359.608 name: /usr/local/bin/amcache.py pchanges: {} result: true start_time: '14:17:21.920243' file_|-sift-scripts-dump-mft-entry-shebang_|-/usr/local/bin/dump-mft-entry.pl_|-replace: __id__: sift-scripts-dump-mft-entry-shebang __run_num__: 317 __sls__: sift.scripts.dump-mft-entry changes: diff: "--- \n+++ \n@@ -1,4 +1,4 @@\n-#!/usr/bin/perl\n+#!/usr/bin/env perl\n \n #------------------------------\n #dump_mft_entry.pl\n" comment: Changes were made duration: 7.84 name: /usr/local/bin/dump-mft-entry.pl pchanges: diff: "--- \n+++ \n@@ -1,4 +1,4 @@\n-#!/usr/bin/perl\n+#!/usr/bin/env perl\n \n #------------------------------\n #dump_mft_entry.pl\n" result: true start_time: '14:17:23.320263' file_|-sift-scripts-dump-mft-entry_|-/usr/local/bin/dump-mft-entry.pl_|-managed: __id__: sift-scripts-dump-mft-entry __run_num__: 316 __sls__: sift.scripts.dump-mft-entry changes: diff: "--- \n+++ \n@@ -1,4 +1,4 @@\n-#!/usr/bin/env perl\n+#!/usr/bin/perl\n \n #------------------------------\n #dump_mft_entry.pl\n" comment: File /usr/local/bin/dump-mft-entry.pl updated duration: 222.992 name: /usr/local/bin/dump-mft-entry.pl pchanges: {} result: true start_time: '14:17:23.079958' file_|-sift-scripts-image-mounter_|-/usr/local/bin/imageMounter.py_|-managed: __id__: sift-scripts-image-mounter __run_num__: 318 __sls__: sift.scripts.image-mounter changes: {} comment: File /usr/local/bin/imageMounter.py is in the correct state duration: 235.417 name: /usr/local/bin/imageMounter.py pchanges: {} result: true start_time: '14:17:23.328491' file_|-sift-scripts-jobparser_|-/usr/local/bin/jobparser.py_|-managed: __id__: sift-scripts-jobparser __run_num__: 320 __sls__: sift.scripts.jobparser changes: {} comment: File /usr/local/bin/jobparser.py is in the correct state duration: 247.24 name: /usr/local/bin/jobparser.py pchanges: {} result: true start_time: '14:17:23.836059' file_|-sift-scripts-keydet-tools-bodyfile.pl_|-/usr/local/bin/bodyfile.pl_|-copy: __id__: sift-scripts-keydet-tools-bodyfile.pl __run_num__: 322 __sls__: sift.scripts.keydet-tools changes: {} comment: The target file "/usr/local/bin/bodyfile.pl" exists and will not be overwritten duration: 1.57 name: /usr/local/bin/bodyfile.pl result: true start_time: '14:17:27.163355' file_|-sift-scripts-keydet-tools-evtparse.pl_|-/usr/local/bin/evtparse.pl_|-copy: __id__: sift-scripts-keydet-tools-evtparse.pl __run_num__: 324 __sls__: sift.scripts.keydet-tools changes: {} comment: The target file "/usr/local/bin/evtparse.pl" exists and will not be overwritten duration: 1.892 name: /usr/local/bin/evtparse.pl result: true start_time: '14:17:27.186967' file_|-sift-scripts-keydet-tools-evtrpt.pl_|-/usr/local/bin/evtrpt.pl_|-copy: __id__: sift-scripts-keydet-tools-evtrpt.pl __run_num__: 326 __sls__: sift.scripts.keydet-tools changes: {} comment: The target file "/usr/local/bin/evtrpt.pl" exists and will not be overwritten duration: 1.556 name: /usr/local/bin/evtrpt.pl result: true start_time: '14:17:27.208324' file_|-sift-scripts-keydet-tools-evtxparse.pl_|-/usr/local/bin/evtxparse.pl_|-copy: __id__: sift-scripts-keydet-tools-evtxparse.pl __run_num__: 328 __sls__: sift.scripts.keydet-tools changes: {} comment: The target file "/usr/local/bin/evtxparse.pl" exists and will not be overwritten duration: 1.652 name: /usr/local/bin/evtxparse.pl result: true start_time: '14:17:27.226764' file_|-sift-scripts-keydet-tools-fb.pl_|-/usr/local/bin/fb.pl_|-copy: __id__: sift-scripts-keydet-tools-fb.pl __run_num__: 330 __sls__: sift.scripts.keydet-tools changes: {} comment: The target file "/usr/local/bin/fb.pl" exists and will not be overwritten duration: 1.431 name: /usr/local/bin/fb.pl result: true start_time: '14:17:27.243890' file_|-sift-scripts-keydet-tools-ff.pl_|-/usr/local/bin/ff.pl_|-copy: __id__: sift-scripts-keydet-tools-ff.pl __run_num__: 332 __sls__: sift.scripts.keydet-tools changes: {} comment: The target file "/usr/local/bin/ff.pl" exists and will not be overwritten duration: 1.34 name: /usr/local/bin/ff.pl result: true start_time: '14:17:27.262345' file_|-sift-scripts-keydet-tools-ff_signons.pl_|-/usr/local/bin/ff_signons.pl_|-copy: __id__: sift-scripts-keydet-tools-ff_signons.pl __run_num__: 334 __sls__: sift.scripts.keydet-tools changes: {} comment: The target file "/usr/local/bin/ff_signons.pl" exists and will not be overwritten duration: 1.841 name: /usr/local/bin/ff_signons.pl result: true start_time: '14:17:27.281807' file_|-sift-scripts-keydet-tools-ftkparse.pl_|-/usr/local/bin/ftkparse.pl_|-copy: __id__: sift-scripts-keydet-tools-ftkparse.pl __run_num__: 336 __sls__: sift.scripts.keydet-tools changes: {} comment: The target file "/usr/local/bin/ftkparse.pl" exists and will not be overwritten duration: 1.534 name: /usr/local/bin/ftkparse.pl result: true start_time: '14:17:27.300842' file_|-sift-scripts-keydet-tools-idx.pl_|-/usr/local/bin/idx.pl_|-copy: __id__: sift-scripts-keydet-tools-idx.pl __run_num__: 338 __sls__: sift.scripts.keydet-tools changes: {} comment: The target file "/usr/local/bin/idx.pl" exists and will not be overwritten duration: 2.0 name: /usr/local/bin/idx.pl result: true start_time: '14:17:27.317660' file_|-sift-scripts-keydet-tools-idxparse.pl_|-/usr/local/bin/idxparse.pl_|-copy: __id__: sift-scripts-keydet-tools-idxparse.pl __run_num__: 340 __sls__: sift.scripts.keydet-tools changes: {} comment: The target file "/usr/local/bin/idxparse.pl" exists and will not be overwritten duration: 1.913 name: /usr/local/bin/idxparse.pl result: true start_time: '14:17:27.337337' file_|-sift-scripts-keydet-tools-jl.pl_|-/usr/local/bin/jl.pl_|-copy: __id__: sift-scripts-keydet-tools-jl.pl __run_num__: 342 __sls__: sift.scripts.keydet-tools changes: {} comment: The target file "/usr/local/bin/jl.pl" exists and will not be overwritten duration: 1.719 name: /usr/local/bin/jl.pl result: true start_time: '14:17:27.355619' file_|-sift-scripts-keydet-tools-jobparse.pl_|-/usr/local/bin/jobparse.pl_|-copy: __id__: sift-scripts-keydet-tools-jobparse.pl __run_num__: 344 __sls__: sift.scripts.keydet-tools changes: {} comment: The target file "/usr/local/bin/jobparse.pl" exists and will not be overwritten duration: 1.446 name: /usr/local/bin/jobparse.pl result: true start_time: '14:17:27.371993' file_|-sift-scripts-keydet-tools-lfle.pl_|-/usr/local/bin/lfle.pl_|-copy: __id__: sift-scripts-keydet-tools-lfle.pl __run_num__: 346 __sls__: sift.scripts.keydet-tools changes: {} comment: The target file "/usr/local/bin/lfle.pl" exists and will not be overwritten duration: 1.598 name: /usr/local/bin/lfle.pl result: true start_time: '14:17:27.396657' file_|-sift-scripts-keydet-tools-lnk.pl_|-/usr/local/bin/lnk.pl_|-copy: __id__: sift-scripts-keydet-tools-lnk.pl __run_num__: 348 __sls__: sift.scripts.keydet-tools changes: {} comment: The target file "/usr/local/bin/lnk.pl" exists and will not be overwritten duration: 1.39 name: /usr/local/bin/lnk.pl result: true start_time: '14:17:27.415746' file_|-sift-scripts-keydet-tools-mft.pl_|-/usr/local/bin/mft.pl_|-copy: __id__: sift-scripts-keydet-tools-mft.pl __run_num__: 350 __sls__: sift.scripts.keydet-tools changes: {} comment: The target file "/usr/local/bin/mft.pl" exists and will not be overwritten duration: 1.501 name: /usr/local/bin/mft.pl result: true start_time: '14:17:27.433603' file_|-sift-scripts-keydet-tools-parse.pl_|-/usr/local/bin/parse.pl_|-copy: __id__: sift-scripts-keydet-tools-parse.pl __run_num__: 352 __sls__: sift.scripts.keydet-tools changes: {} comment: The target file "/usr/local/bin/parse.pl" exists and will not be overwritten duration: 1.244 name: /usr/local/bin/parse.pl result: true start_time: '14:17:27.451722' file_|-sift-scripts-keydet-tools-parsei30.pl_|-/usr/local/bin/parsei30.pl_|-copy: __id__: sift-scripts-keydet-tools-parsei30.pl __run_num__: 354 __sls__: sift.scripts.keydet-tools changes: {} comment: The target file "/usr/local/bin/parsei30.pl" exists and will not be overwritten duration: 1.593 name: /usr/local/bin/parsei30.pl result: true start_time: '14:17:27.468071' file_|-sift-scripts-keydet-tools-parseie.pl_|-/usr/local/bin/parseie.pl_|-copy: __id__: sift-scripts-keydet-tools-parseie.pl __run_num__: 356 __sls__: sift.scripts.keydet-tools changes: {} comment: The target file "/usr/local/bin/parseie.pl" exists and will not be overwritten duration: 1.616 name: /usr/local/bin/parseie.pl result: true start_time: '14:17:27.486539' file_|-sift-scripts-keydet-tools-pie.pl_|-/usr/local/bin/pie.pl_|-copy: __id__: sift-scripts-keydet-tools-pie.pl __run_num__: 358 __sls__: sift.scripts.keydet-tools changes: {} comment: The target file "/usr/local/bin/pie.pl" exists and will not be overwritten duration: 1.21 name: /usr/local/bin/pie.pl result: true start_time: '14:17:27.503300' file_|-sift-scripts-keydet-tools-pref.pl_|-/usr/local/bin/pref.pl_|-copy: __id__: sift-scripts-keydet-tools-pref.pl __run_num__: 360 __sls__: sift.scripts.keydet-tools changes: {} comment: The target file "/usr/local/bin/pref.pl" exists and will not be overwritten duration: 1.391 name: /usr/local/bin/pref.pl result: true start_time: '14:17:27.519785' file_|-sift-scripts-keydet-tools-rawie.pl_|-/usr/local/bin/rawie.pl_|-copy: __id__: sift-scripts-keydet-tools-rawie.pl __run_num__: 362 __sls__: sift.scripts.keydet-tools changes: {} comment: The target file "/usr/local/bin/rawie.pl" exists and will not be overwritten duration: 2.071 name: /usr/local/bin/rawie.pl result: true start_time: '14:17:27.540270' file_|-sift-scripts-keydet-tools-recbin.pl_|-/usr/local/bin/recbin.pl_|-copy: __id__: sift-scripts-keydet-tools-recbin.pl __run_num__: 364 __sls__: sift.scripts.keydet-tools changes: {} comment: The target file "/usr/local/bin/recbin.pl" exists and will not be overwritten duration: 3.269 name: /usr/local/bin/recbin.pl result: true start_time: '14:17:27.558881' file_|-sift-scripts-keydet-tools-regslack.pl_|-/usr/local/bin/regslack.pl_|-copy: __id__: sift-scripts-keydet-tools-regslack.pl __run_num__: 366 __sls__: sift.scripts.keydet-tools changes: {} comment: The target file "/usr/local/bin/regslack.pl" exists and will not be overwritten duration: 1.427 name: /usr/local/bin/regslack.pl result: true start_time: '14:17:27.585219' file_|-sift-scripts-keydet-tools-regtime.pl_|-/usr/local/bin/regtime.pl_|-copy: __id__: sift-scripts-keydet-tools-regtime.pl __run_num__: 368 __sls__: sift.scripts.keydet-tools changes: {} comment: The target file "/usr/local/bin/regtime.pl" exists and will not be overwritten duration: 2.92 name: /usr/local/bin/regtime.pl result: true start_time: '14:17:27.605233' file_|-sift-scripts-keydet-tools-rfc.pl_|-/usr/local/bin/rfc.pl_|-copy: __id__: sift-scripts-keydet-tools-rfc.pl __run_num__: 370 __sls__: sift.scripts.keydet-tools changes: {} comment: The target file "/usr/local/bin/rfc.pl" exists and will not be overwritten duration: 1.707 name: /usr/local/bin/rfc.pl result: true start_time: '14:17:27.631729' file_|-sift-scripts-keydet-tools-rlo.pl_|-/usr/local/bin/rlo.pl_|-copy: __id__: sift-scripts-keydet-tools-rlo.pl __run_num__: 372 __sls__: sift.scripts.keydet-tools changes: {} comment: The target file "/usr/local/bin/rlo.pl" exists and will not be overwritten duration: 1.361 name: /usr/local/bin/rlo.pl result: true start_time: '14:17:27.651114' file_|-sift-scripts-keydet-tools-shebang-bodyfile.pl_|-/usr/local/bin/bodyfile.pl_|-replace: __id__: sift-scripts-keydet-tools-shebang-bodyfile.pl __run_num__: 323 __sls__: sift.scripts.keydet-tools changes: {} comment: No changes needed to be made duration: 9.857 name: /usr/local/bin/bodyfile.pl pchanges: {} result: true start_time: '14:17:27.170838' file_|-sift-scripts-keydet-tools-shebang-evtparse.pl_|-/usr/local/bin/evtparse.pl_|-replace: __id__: sift-scripts-keydet-tools-shebang-evtparse.pl __run_num__: 325 __sls__: sift.scripts.keydet-tools changes: {} comment: No changes needed to be made duration: 4.388 name: /usr/local/bin/evtparse.pl pchanges: {} result: true start_time: '14:17:27.197126' file_|-sift-scripts-keydet-tools-shebang-evtrpt.pl_|-/usr/local/bin/evtrpt.pl_|-replace: __id__: sift-scripts-keydet-tools-shebang-evtrpt.pl __run_num__: 327 __sls__: sift.scripts.keydet-tools changes: {} comment: No changes needed to be made duration: 4.316 name: /usr/local/bin/evtrpt.pl pchanges: {} result: true start_time: '14:17:27.216018' file_|-sift-scripts-keydet-tools-shebang-evtxparse.pl_|-/usr/local/bin/evtxparse.pl_|-replace: __id__: sift-scripts-keydet-tools-shebang-evtxparse.pl __run_num__: 329 __sls__: sift.scripts.keydet-tools changes: {} comment: No changes needed to be made duration: 3.908 name: /usr/local/bin/evtxparse.pl pchanges: {} result: true start_time: '14:17:27.233942' file_|-sift-scripts-keydet-tools-shebang-fb.pl_|-/usr/local/bin/fb.pl_|-replace: __id__: sift-scripts-keydet-tools-shebang-fb.pl __run_num__: 331 __sls__: sift.scripts.keydet-tools changes: {} comment: No changes needed to be made duration: 4.351 name: /usr/local/bin/fb.pl pchanges: {} result: true start_time: '14:17:27.251923' file_|-sift-scripts-keydet-tools-shebang-ff.pl_|-/usr/local/bin/ff.pl_|-replace: __id__: sift-scripts-keydet-tools-shebang-ff.pl __run_num__: 333 __sls__: sift.scripts.keydet-tools changes: {} comment: No changes needed to be made duration: 3.389 name: /usr/local/bin/ff.pl pchanges: {} result: true start_time: '14:17:27.272617' file_|-sift-scripts-keydet-tools-shebang-ff_signons.pl_|-/usr/local/bin/ff_signons.pl_|-replace: __id__: sift-scripts-keydet-tools-shebang-ff_signons.pl __run_num__: 335 __sls__: sift.scripts.keydet-tools changes: {} comment: No changes needed to be made duration: 3.999 name: /usr/local/bin/ff_signons.pl pchanges: {} result: true start_time: '14:17:27.289711' file_|-sift-scripts-keydet-tools-shebang-ftkparse.pl_|-/usr/local/bin/ftkparse.pl_|-replace: __id__: sift-scripts-keydet-tools-shebang-ftkparse.pl __run_num__: 337 __sls__: sift.scripts.keydet-tools changes: {} comment: No changes needed to be made duration: 3.017 name: /usr/local/bin/ftkparse.pl pchanges: {} result: true start_time: '14:17:27.308493' file_|-sift-scripts-keydet-tools-shebang-idx.pl_|-/usr/local/bin/idx.pl_|-replace: __id__: sift-scripts-keydet-tools-shebang-idx.pl __run_num__: 339 __sls__: sift.scripts.keydet-tools changes: {} comment: No changes needed to be made duration: 5.861 name: /usr/local/bin/idx.pl pchanges: {} result: true start_time: '14:17:27.325721' file_|-sift-scripts-keydet-tools-shebang-idxparse.pl_|-/usr/local/bin/idxparse.pl_|-replace: __id__: sift-scripts-keydet-tools-shebang-idxparse.pl __run_num__: 341 __sls__: sift.scripts.keydet-tools changes: {} comment: No changes needed to be made duration: 4.193 name: /usr/local/bin/idxparse.pl pchanges: {} result: true start_time: '14:17:27.345588' file_|-sift-scripts-keydet-tools-shebang-jl.pl_|-/usr/local/bin/jl.pl_|-replace: __id__: sift-scripts-keydet-tools-shebang-jl.pl __run_num__: 343 __sls__: sift.scripts.keydet-tools changes: {} comment: No changes needed to be made duration: 3.445 name: /usr/local/bin/jl.pl pchanges: {} result: true start_time: '14:17:27.363146' file_|-sift-scripts-keydet-tools-shebang-jobparse.pl_|-/usr/local/bin/jobparse.pl_|-replace: __id__: sift-scripts-keydet-tools-shebang-jobparse.pl __run_num__: 345 __sls__: sift.scripts.keydet-tools changes: {} comment: No changes needed to be made duration: 6.618 name: /usr/local/bin/jobparse.pl pchanges: {} result: true start_time: '14:17:27.383451' file_|-sift-scripts-keydet-tools-shebang-lfle.pl_|-/usr/local/bin/lfle.pl_|-replace: __id__: sift-scripts-keydet-tools-shebang-lfle.pl __run_num__: 347 __sls__: sift.scripts.keydet-tools changes: {} comment: No changes needed to be made duration: 5.156 name: /usr/local/bin/lfle.pl pchanges: {} result: true start_time: '14:17:27.404760' file_|-sift-scripts-keydet-tools-shebang-lnk.pl_|-/usr/local/bin/lnk.pl_|-replace: __id__: sift-scripts-keydet-tools-shebang-lnk.pl __run_num__: 349 __sls__: sift.scripts.keydet-tools changes: {} comment: No changes needed to be made duration: 4.25 name: /usr/local/bin/lnk.pl pchanges: {} result: true start_time: '14:17:27.423427' file_|-sift-scripts-keydet-tools-shebang-mft.pl_|-/usr/local/bin/mft.pl_|-replace: __id__: sift-scripts-keydet-tools-shebang-mft.pl __run_num__: 351 __sls__: sift.scripts.keydet-tools changes: {} comment: No changes needed to be made duration: 4.966 name: /usr/local/bin/mft.pl pchanges: {} result: true start_time: '14:17:27.441598' file_|-sift-scripts-keydet-tools-shebang-parse.pl_|-/usr/local/bin/parse.pl_|-replace: __id__: sift-scripts-keydet-tools-shebang-parse.pl __run_num__: 353 __sls__: sift.scripts.keydet-tools changes: {} comment: No changes needed to be made duration: 3.789 name: /usr/local/bin/parse.pl pchanges: {} result: true start_time: '14:17:27.458405' file_|-sift-scripts-keydet-tools-shebang-parsei30.pl_|-/usr/local/bin/parsei30.pl_|-replace: __id__: sift-scripts-keydet-tools-shebang-parsei30.pl __run_num__: 355 __sls__: sift.scripts.keydet-tools changes: {} comment: No changes needed to be made duration: 5.185 name: /usr/local/bin/parsei30.pl pchanges: {} result: true start_time: '14:17:27.475627' file_|-sift-scripts-keydet-tools-shebang-parseie.pl_|-/usr/local/bin/parseie.pl_|-replace: __id__: sift-scripts-keydet-tools-shebang-parseie.pl __run_num__: 357 __sls__: sift.scripts.keydet-tools changes: {} comment: No changes needed to be made duration: 3.85 name: /usr/local/bin/parseie.pl pchanges: {} result: true start_time: '14:17:27.494127' file_|-sift-scripts-keydet-tools-shebang-pie.pl_|-/usr/local/bin/pie.pl_|-replace: __id__: sift-scripts-keydet-tools-shebang-pie.pl __run_num__: 359 __sls__: sift.scripts.keydet-tools changes: {} comment: No changes needed to be made duration: 3.408 name: /usr/local/bin/pie.pl pchanges: {} result: true start_time: '14:17:27.510803' file_|-sift-scripts-keydet-tools-shebang-pref.pl_|-/usr/local/bin/pref.pl_|-replace: __id__: sift-scripts-keydet-tools-shebang-pref.pl __run_num__: 361 __sls__: sift.scripts.keydet-tools changes: {} comment: No changes needed to be made duration: 5.303 name: /usr/local/bin/pref.pl pchanges: {} result: true start_time: '14:17:27.529615' file_|-sift-scripts-keydet-tools-shebang-rawie.pl_|-/usr/local/bin/rawie.pl_|-replace: __id__: sift-scripts-keydet-tools-shebang-rawie.pl __run_num__: 363 __sls__: sift.scripts.keydet-tools changes: {} comment: No changes needed to be made duration: 4.344 name: /usr/local/bin/rawie.pl pchanges: {} result: true start_time: '14:17:27.548645' file_|-sift-scripts-keydet-tools-shebang-recbin.pl_|-/usr/local/bin/recbin.pl_|-replace: __id__: sift-scripts-keydet-tools-shebang-recbin.pl __run_num__: 365 __sls__: sift.scripts.keydet-tools changes: {} comment: No changes needed to be made duration: 4.752 name: /usr/local/bin/recbin.pl pchanges: {} result: true start_time: '14:17:27.572538' file_|-sift-scripts-keydet-tools-shebang-regslack.pl_|-/usr/local/bin/regslack.pl_|-replace: __id__: sift-scripts-keydet-tools-shebang-regslack.pl __run_num__: 367 __sls__: sift.scripts.keydet-tools changes: {} comment: No changes needed to be made duration: 4.459 name: /usr/local/bin/regslack.pl pchanges: {} result: true start_time: '14:17:27.593075' file_|-sift-scripts-keydet-tools-shebang-regtime.pl_|-/usr/local/bin/regtime.pl_|-replace: __id__: sift-scripts-keydet-tools-shebang-regtime.pl __run_num__: 369 __sls__: sift.scripts.keydet-tools changes: {} comment: No changes needed to be made duration: 4.483 name: /usr/local/bin/regtime.pl pchanges: {} result: true start_time: '14:17:27.621130' file_|-sift-scripts-keydet-tools-shebang-rfc.pl_|-/usr/local/bin/rfc.pl_|-replace: __id__: sift-scripts-keydet-tools-shebang-rfc.pl __run_num__: 371 __sls__: sift.scripts.keydet-tools changes: {} comment: No changes needed to be made duration: 3.997 name: /usr/local/bin/rfc.pl pchanges: {} result: true start_time: '14:17:27.639708' file_|-sift-scripts-keydet-tools-shebang-rlo.pl_|-/usr/local/bin/rlo.pl_|-replace: __id__: sift-scripts-keydet-tools-shebang-rlo.pl __run_num__: 373 __sls__: sift.scripts.keydet-tools changes: {} comment: No changes needed to be made duration: 4.774 name: /usr/local/bin/rlo.pl pchanges: {} result: true start_time: '14:17:27.657863' file_|-sift-scripts-keydet-tools-shebang-tln.pl_|-/usr/local/bin/tln.pl_|-replace: __id__: sift-scripts-keydet-tools-shebang-tln.pl __run_num__: 375 __sls__: sift.scripts.keydet-tools changes: {} comment: No changes needed to be made duration: 4.268 name: /usr/local/bin/tln.pl pchanges: {} result: true start_time: '14:17:27.675792' file_|-sift-scripts-keydet-tools-shebang-usnj.pl_|-/usr/local/bin/usnj.pl_|-replace: __id__: sift-scripts-keydet-tools-shebang-usnj.pl __run_num__: 377 __sls__: sift.scripts.keydet-tools changes: {} comment: No changes needed to be made duration: 4.071 name: /usr/local/bin/usnj.pl pchanges: {} result: true start_time: '14:17:27.694921' file_|-sift-scripts-keydet-tools-tln.pl_|-/usr/local/bin/tln.pl_|-copy: __id__: sift-scripts-keydet-tools-tln.pl __run_num__: 374 __sls__: sift.scripts.keydet-tools changes: {} comment: The target file "/usr/local/bin/tln.pl" exists and will not be overwritten duration: 1.588 name: /usr/local/bin/tln.pl result: true start_time: '14:17:27.668189' file_|-sift-scripts-keydet-tools-usnj.pl_|-/usr/local/bin/usnj.pl_|-copy: __id__: sift-scripts-keydet-tools-usnj.pl __run_num__: 376 __sls__: sift.scripts.keydet-tools changes: {} comment: The target file "/usr/local/bin/usnj.pl" exists and will not be overwritten duration: 1.866 name: /usr/local/bin/usnj.pl result: true start_time: '14:17:27.687036' file_|-sift-scripts-packerid-shebang_|-/usr/local/bin/packerid.py_|-replace: __id__: sift-scripts-packerid-shebang __run_num__: 379 __sls__: sift.scripts.packerid changes: diff: "--- \n+++ \n@@ -1,4 +1,4 @@\n-#!/usr/local/bin/python\n+#!/usr/bin/env python\n #\n # Author: Jim Clausing\n # Date: 2009-05-15\n" comment: Changes were made duration: 3.766 name: /usr/local/bin/packerid.py pchanges: diff: "--- \n+++ \n@@ -1,4 +1,4 @@\n-#!/usr/local/bin/python\n+#!/usr/bin/env python\n #\n # Author: Jim Clausing\n # Date: 2009-05-15\n" result: true start_time: '14:17:28.831819' file_|-sift-scripts-packerid_|-/usr/local/bin/packerid.py_|-managed: __id__: sift-scripts-packerid __run_num__: 378 __sls__: sift.scripts.packerid changes: diff: "--- \n+++ \n@@ -1,4 +1,4 @@\n-#!/usr/bin/env python\n+#!/usr/local/bin/python\n #\n # Author: Jim Clausing\n # Date: 2009-05-15\n" comment: File /usr/local/bin/packerid.py updated duration: 286.981 name: /usr/local/bin/packerid.py pchanges: {} result: true start_time: '14:17:27.702159' file_|-sift-scripts-parseusn_|-/usr/local/bin/parseusn.py_|-managed: __id__: sift-scripts-parseusn __run_num__: 381 __sls__: sift.scripts.parseusn changes: {} comment: File /usr/local/bin/parseusn.py is in the correct state duration: 248.592 name: /usr/local/bin/parseusn.py pchanges: {} result: true start_time: '14:17:28.917257' file_|-sift-scripts-pecarve-shebang_|-/usr/local/bin/pecarve.py_|-prepend: __id__: sift-scripts-pecarve-shebang __run_num__: 384 __sls__: sift.scripts.pe-carver changes: diff: "--- \n+++ \n@@ -1,3 +1,4 @@\n+#!/usr/bin/env python\n # PE File Carver\n # by Brian Baskin (@bbaskin)\n # \n" comment: Prepended 1 lines duration: 2.568 name: /usr/local/bin/pecarve.py pchanges: {} result: true start_time: '14:17:30.366360' file_|-sift-scripts-pecarve_|-/usr/local/bin/pecarve.py_|-managed: __id__: sift-scripts-pecarve __run_num__: 383 __sls__: sift.scripts.pe-carver changes: diff: "--- \n+++ \n@@ -1,4 +1,3 @@\n-#!/usr/bin/env python\n # PE File Carver\n # by Brian Baskin (@bbaskin)\n # \n" comment: File /usr/local/bin/pecarve.py updated duration: 258.278 name: /usr/local/bin/pecarve.py pchanges: {} result: true start_time: '14:17:29.339289' file_|-sift-scripts-pescanner_|-/usr/local/bin/pescanner.py_|-managed: __id__: sift-scripts-pescanner __run_num__: 385 __sls__: sift.scripts.pescanner changes: {} comment: File /usr/local/bin/pescanner.py is in the correct state duration: 488.53 name: /usr/local/bin/pescanner.py pchanges: {} result: true start_time: '14:17:30.371654' file_|-sift-scripts-regripper-binary-symlink_|-/usr/local/bin/rip.pl_|-symlink: __id__: sift-scripts-regripper-binary-symlink __run_num__: 390 __sls__: sift.scripts.regripper changes: {} comment: Symlink /usr/local/bin/rip.pl is present and owned by root:root duration: 2.117 name: /usr/local/bin/rip.pl pchanges: {} result: true start_time: '14:17:33.547751' file_|-sift-scripts-regripper-binary_|-/usr/local/share/regripper/rip.pl_|-managed: __id__: sift-scripts-regripper-binary __run_num__: 388 __sls__: sift.scripts.regripper changes: {} comment: File /usr/local/share/regripper/rip.pl is in the correct state duration: 12.188 name: /usr/local/share/regripper/rip.pl pchanges: {} result: true start_time: '14:17:33.526378' file_|-sift-scripts-regripper-directory_|-/usr/local/share/regripper_|-directory: __id__: sift-scripts-regripper-directory __run_num__: 387 __sls__: sift.scripts.regripper changes: {} comment: 'Directory /usr/local/share/regripper is in the correct state Directory /usr/local/share/regripper updated' duration: 1.013 name: /usr/local/share/regripper pchanges: {} result: true start_time: '14:17:33.521095' file_|-sift-scripts-regripper-plugins-symlink_|-/usr/local/share/regripper/plugins_|-symlink: __id__: sift-scripts-regripper-plugins-symlink __run_num__: 389 __sls__: sift.scripts.regripper changes: {} comment: Symlink /usr/local/share/regripper/plugins is present and owned by root:root duration: 1.848 name: /usr/local/share/regripper/plugins pchanges: {} result: true start_time: '14:17:33.543196' file_|-sift-scripts-shim-cache-parser-shebang_|-/usr/local/bin/ShimCacheParser.py_|-prepend: __id__: sift-scripts-shim-cache-parser-shebang __run_num__: 406 __sls__: sift.scripts.shim-cache-parser changes: diff: "--- \n+++ \n@@ -1,3 +1,4 @@\n+#!/usr/bin/env python\n # ShimCacheParser.py\r\n #\r\n # Andrew Davis, andrew.davis@mandiant.com\r\n" comment: Prepended 1 lines duration: 4.568 name: /usr/local/bin/ShimCacheParser.py pchanges: {} result: true start_time: '14:17:36.354759' file_|-sift-scripts-shim-cache-parser_|-/usr/local/bin/ShimCacheParser.py_|-managed: __id__: sift-scripts-shim-cache-parser __run_num__: 405 __sls__: sift.scripts.shim-cache-parser changes: diff: "--- \n+++ \n@@ -1,4 +1,3 @@\n-#!/usr/bin/env python\n # ShimCacheParser.py\r\n #\r\n # Andrew Davis, andrew.davis@mandiant.com\r\n" comment: File /usr/local/bin/ShimCacheParser.py updated duration: 350.896 name: /usr/local/bin/ShimCacheParser.py pchanges: {} result: true start_time: '14:17:35.271317' file_|-sift-scripts-sqlparser-shebang_|-/usr/local/bin/sqlparser.py_|-prepend: __id__: sift-scripts-sqlparser-shebang __run_num__: 416 __sls__: sift.scripts.sqlparser changes: diff: "--- \n+++ \n@@ -1,3 +1,4 @@\n+#!/usr/bin/env python\n #sqlparse.py\n #\n #This program parses an SQLite3 database for deleted entires and\n" comment: Prepended 1 lines duration: 2.442 name: /usr/local/bin/sqlparser.py pchanges: {} result: true start_time: '14:17:39.115388' file_|-sift-scripts-sqlparser_|-/usr/local/bin/sqlparser.py_|-managed: __id__: sift-scripts-sqlparser __run_num__: 415 __sls__: sift.scripts.sqlparser changes: diff: "--- \n+++ \n@@ -1,4 +1,3 @@\n-#!/usr/bin/env python\n #sqlparse.py\n #\n #This program parses an SQLite3 database for deleted entires and\n" comment: File /usr/local/bin/sqlparser.py updated duration: 1398.556 name: /usr/local/bin/sqlparser.py pchanges: {} result: true start_time: '14:17:36.996444' file_|-sift-scripts-usbdeviceforensics-shebang_|-/usr/local/bin/usbdeviceforensics.py_|-replace: __id__: sift-scripts-usbdeviceforensics-shebang __run_num__: 418 __sls__: sift.scripts.usbdeviceforensics changes: diff: "--- \n+++ \n@@ -1,4 +1,4 @@\n-#!/usr/bin/python\n+#!/usr/bin/env python\n \n # This file is part of usbdeviceforensics. usbdeviceforensics is a python console based port of woanware's\n # UsbDeviceForensics .Net WinForms GUI application.\n" comment: Changes were made duration: 5.806 name: /usr/local/bin/usbdeviceforensics.py pchanges: diff: "--- \n+++ \n@@ -1,4 +1,4 @@\n-#!/usr/bin/python\n+#!/usr/bin/env python\n \n # This file is part of usbdeviceforensics. usbdeviceforensics is a python console based port of woanware's\n # UsbDeviceForensics .Net WinForms GUI application.\n" result: true start_time: '14:17:40.312790' file_|-sift-scripts-usbdeviceforensics_|-/usr/local/bin/usbdeviceforensics.py_|-managed: __id__: sift-scripts-usbdeviceforensics __run_num__: 417 __sls__: sift.scripts.usbdeviceforensics changes: diff: "--- \n+++ \n@@ -1,4 +1,4 @@\n-#!/usr/bin/env python\n+#!/usr/bin/python\n \n # This file is part of usbdeviceforensics. usbdeviceforensics is a python console based port of woanware's\n # UsbDeviceForensics .Net WinForms GUI application.\n" comment: File /usr/local/bin/usbdeviceforensics.py updated duration: 472.369 name: /usr/local/bin/usbdeviceforensics.py pchanges: {} result: true start_time: '14:17:39.118005' file_|-sift-scripts-virustotal-search-script_|-/usr/local/bin/virustotal-search.py_|-managed: __id__: sift-scripts-virustotal-search-script __run_num__: 420 __sls__: sift.scripts.virustotal-tools changes: {} comment: File /usr/local/bin/virustotal-search.py is in the correct state duration: 6.346 name: /usr/local/bin/virustotal-search.py pchanges: {} result: true start_time: '14:17:41.246999' file_|-sift-scripts-virustotal-submit-script_|-/usr/local/bin/virustotal-submit.py_|-managed: __id__: sift-scripts-virustotal-submit-script __run_num__: 422 __sls__: sift.scripts.virustotal-tools changes: {} comment: File /usr/local/bin/virustotal-submit.py is in the correct state duration: 4.105 name: /usr/local/bin/virustotal-submit.py pchanges: {} result: true start_time: '14:17:42.007167' file_|-sift-scripts-vshot_|-/usr/local/bin/vshot_|-managed: __id__: sift-scripts-vshot __run_num__: 423 __sls__: sift.scripts.vshot changes: {} comment: File /usr/local/bin/vshot is in the correct state duration: 277.719 name: /usr/local/bin/vshot pchanges: {} result: true start_time: '14:17:42.021145' file_|-sift-tool-densityscout-binary_|-/usr/local/bin/densityscout-build-45_|-copy: __id__: sift-tool-densityscout-binary __run_num__: 271 __sls__: sift.tools.densityscout changes: {} comment: The target file "/usr/local/bin/densityscout-build-45" exists and will not be overwritten duration: 3.892 name: /usr/local/bin/densityscout-build-45 result: true start_time: '14:16:49.834288' file_|-sift-tool-densityscout-link_|-/usr/local/bin/densityscout_|-symlink: __id__: sift-tool-densityscout-link __run_num__: 272 __sls__: sift.tools.densityscout changes: {} comment: Symlink /usr/local/bin/densityscout is present and owned by root:root duration: 9.314 name: /usr/local/bin/densityscout pchanges: {} result: true start_time: '14:16:49.847318' file_|-sift-tool-sift-cli_|-/usr/local/bin/sift_|-managed: __id__: sift-tool-sift-cli __run_num__: 273 __sls__: sift.tools.sift-cli changes: {} comment: File /usr/local/bin/sift is in the correct state duration: 29075.954 name: /usr/local/bin/sift pchanges: {} result: true start_time: '14:16:49.857570' file_|-sift-version-file_|-/etc/sift-version_|-managed: __run_num__: 499 __sls__: sift.vm changes: {} comment: 'One or more requisite failed: sift.packages.sift-packages' result: false file_|-symlinks-cases_|-/home/sansforensics/Desktop/cases_|-symlink: __id__: symlinks-cases __run_num__: 438 __sls__: sift.config.user.symlinks changes: {} comment: Symlink /home/sansforensics/Desktop/cases is present and owned by sansforensics:sansforensics duration: 2.016 name: /home/sansforensics/Desktop/cases pchanges: {} result: true start_time: '14:17:42.851837' file_|-symlinks-mount-points_|-/home/sansforensics/Desktop/mount_points_|-symlink: __id__: symlinks-mount-points __run_num__: 437 __sls__: sift.config.user.symlinks changes: {} comment: Symlink /home/sansforensics/Desktop/mount_points is present and owned by sansforensics:sansforensics duration: 1.31 name: /home/sansforensics/Desktop/mount_points pchanges: {} result: true start_time: '14:17:42.845434' file_|-symlinks-user-desktop-directory_|-/home/sansforensics/Desktop_|-directory: __id__: symlinks-user-desktop-directory __run_num__: 436 __sls__: sift.config.user.symlinks changes: {} comment: 'Directory /home/sansforensics/Desktop is in the correct state Directory /home/sansforensics/Desktop updated' duration: 1.137 name: /home/sansforensics/Desktop pchanges: {} result: true start_time: '14:17:42.838982' file_|-theme-manage-autostart_|-/home/sansforensics/.config/autostart/_|-directory: __id__: theme-manage-autostart __run_num__: 443 __sls__: sift.config.user.theme changes: {} comment: 'Directory /home/sansforensics/.config/autostart is in the correct state Directory /home/sansforensics/.config/autostart updated' duration: 0.985 name: /home/sansforensics/.config/autostart/ pchanges: {} result: true start_time: '14:17:42.875977' file_|-theme-manage-gnome-terminal_|-/home/sansforensics/.config/autostart/gnome-terminal.desktop_|-managed: __id__: theme-manage-gnome-terminal __run_num__: 444 __sls__: sift.config.user.theme changes: {} comment: File /home/sansforensics/.config/autostart/gnome-terminal.desktop is in the correct state duration: 3.21 name: /home/sansforensics/.config/autostart/gnome-terminal.desktop pchanges: {} result: true start_time: '14:17:42.881836' file_|-theme-set-background-directory_|-/usr/share/backgrounds_|-directory: __id__: theme-set-background-directory __run_num__: 439 __sls__: sift.config.user.theme changes: {} comment: 'Directory /usr/share/backgrounds is in the correct state Directory /usr/share/backgrounds updated' duration: 0.945 name: /usr/share/backgrounds pchanges: {} result: true start_time: '14:17:42.854111' file_|-theme-set-background_|-/usr/share/backgrounds/warty-final-ubuntu.png_|-managed: __id__: theme-set-background __run_num__: 440 __sls__: sift.config.user.theme changes: {} comment: File /usr/share/backgrounds/warty-final-ubuntu.png is in the correct state duration: 3.875 name: /usr/share/backgrounds/warty-final-ubuntu.png pchanges: {} result: true start_time: '14:17:42.860657' file_|-theme-set-unity-logo-directory_|-/usr/share/unity-greeter_|-directory: __id__: theme-set-unity-logo-directory __run_num__: 441 __sls__: sift.config.user.theme changes: {} comment: 'Directory /usr/share/unity-greeter is in the correct state Directory /usr/share/unity-greeter updated' duration: 0.898 name: /usr/share/unity-greeter pchanges: {} result: true start_time: '14:17:42.864755' file_|-theme-set-unity-logo_|-/usr/share/unity-greeter/logo.png_|-managed: __id__: theme-set-unity-logo __run_num__: 442 __sls__: sift.config.user.theme changes: {} comment: File /usr/share/unity-greeter/logo.png is in the correct state duration: 3.449 name: /usr/share/unity-greeter/logo.png pchanges: {} result: true start_time: '14:17:42.872315' git_|-python-volatility-community-plugins_|-https://github.com/sans-dfir/volatility-plugins-community.git_|-latest: __id__: python-volatility-community-plugins __run_num__: 179 __sls__: sift.packages.python-volatility changes: {} comment: Repository would be updated from acc4319 to aef986c, but there are uncommitted changes. Set 'force_reset' to True to force this update and discard these changes. duration: 2162.217 name: https://github.com/sans-dfir/volatility-plugins-community.git result: false start_time: '14:13:19.194144' git_|-sift-scripts-4n6-git_|-https://github.com/cheeky4n6monkey/4n6-scripts.git_|-latest: __id__: sift-scripts-4n6-git __run_num__: 275 __sls__: sift.scripts.4n6 changes: {} comment: Repository /usr/local/src/4n6-scripts is up-to-date duration: 2511.915 name: https://github.com/cheeky4n6monkey/4n6-scripts.git result: true start_time: '14:17:18.943084' git_|-sift-scripts-keydet-tools-git_|-https://github.com/keydet89/Tools.git_|-latest: __id__: sift-scripts-keydet-tools-git __run_num__: 321 __sls__: sift.scripts.keydet-tools changes: {} comment: Repository /usr/local/src/keydet-tools is up-to-date duration: 3068.35 name: https://github.com/keydet89/Tools.git result: true start_time: '14:17:24.088004' git_|-sift-scripts-regripper-git_|-https://github.com/keydet89/RegRipper2.8.git_|-latest: __id__: sift-scripts-regripper-git __run_num__: 386 __sls__: sift.scripts.regripper changes: forced update: true comment: 'Repository /usr/local/src/regripper is up-to-date Changes made: Local changes were discarded. Repository was hard-reset to origin/master (c65c823).' duration: 2648.614 name: https://github.com/keydet89/RegRipper2.8.git result: true start_time: '14:17:30.869328' host_|-hostname-set-hosts_|-siftworkstation_|-present: __id__: hostname-set-hosts __run_num__: 427 __sls__: sift.config.hostname changes: {} comment: Host siftworkstation (127.0.0.1) already present duration: 0.852 name: siftworkstation result: true start_time: '14:17:42.427753' pip_|-analyzemft_|-analyzemft_|-installed: __id__: analyzemft __run_num__: 247 __sls__: sift.python-packages.analyzemft changes: {} comment: 'Python package analyzemft was already installed All packages were successfully installed' duration: 1931.623 name: analyzemft result: true start_time: '14:15:59.030674' pip_|-argparse_|-argparse_|-installed: __id__: argparse __run_num__: 248 __sls__: sift.python-packages.argparse changes: {} comment: There was no error installing package 'argparse' although it does not show when calling 'pip.freeze'. duration: 3229.712 name: argparse result: true start_time: '14:16:00.966235' pip_|-bitstring_|-bitstring_|-installed: __id__: bitstring __run_num__: 249 __sls__: sift.python-packages.bitstring changes: {} comment: 'Python package bitstring was already installed All packages were successfully installed' duration: 2039.594 name: bitstring result: true start_time: '14:16:04.199966' pip_|-colorama_|-colorama_|-installed: __id__: colorama __run_num__: 166 __sls__: sift.python-packages.colorama changes: {} comment: 'Python package colorama was already installed All packages were successfully installed' duration: 2282.716 name: colorama result: true start_time: '14:12:46.335227' pip_|-construct_|-construct_|-installed: __id__: construct __run_num__: 167 __sls__: sift.python-packages.construct changes: {} comment: 'Python package construct was already installed All packages were successfully installed' duration: 1950.393 name: construct result: true start_time: '14:12:48.623814' pip_|-distorm3_|-distorm3_|-installed: __id__: distorm3 __run_num__: 169 __sls__: sift.python-packages.distorm3 changes: {} comment: 'Python package distorm3 was already installed All packages were successfully installed' duration: 1904.14 name: distorm3 result: true start_time: '14:12:54.465812' pip_|-docopt_|-docopt_|-installed: __id__: docopt __run_num__: 250 __sls__: sift.python-packages.docopt changes: {} comment: 'Python package docopt was already installed All packages were successfully installed' duration: 1923.658 name: docopt result: true start_time: '14:16:06.239847' pip_|-dpapick_|-dpapick_|-installed: __id__: dpapick __run_num__: 168 __sls__: sift.python-packages.dpapick changes: {} comment: All packages were successfully installed duration: 3875.704 name: dpapick result: true start_time: '14:12:50.584442' pip_|-haystack_|-haystack_|-installed: __id__: haystack __run_num__: 170 __sls__: sift.python-packages.haystack changes: {} comment: All packages were successfully installed duration: 3704.918 name: haystack result: true start_time: '14:12:56.373053' pip_|-ioc_writer_|-ioc_writer_|-installed: __id__: ioc_writer __run_num__: 172 __sls__: sift.python-packages.ioc_writer changes: {} comment: 'Python package ioc_writer was already installed All packages were successfully installed' duration: 2521.141 name: ioc_writer result: true start_time: '14:13:02.504293' pip_|-lxml_|-lxml_|-installed: __id__: lxml __run_num__: 171 __sls__: sift.python-packages.lxml changes: {} comment: 'Python package lxml was already installed All packages were successfully installed' duration: 2393.872 name: lxml result: true start_time: '14:13:00.104781' pip_|-pefile_|-pefile_|-installed: __id__: pefile __run_num__: 173 __sls__: sift.python-packages.pefile changes: {} comment: 'Python package pefile was already installed All packages were successfully installed' duration: 2042.308 name: pefile result: true start_time: '14:13:05.029673' pip_|-pip_|-pip_|-installed: __id__: pip __run_num__: 252 __sls__: sift.python-packages.pip changes: {} comment: All packages were successfully installed duration: 4175.382 name: pip result: true start_time: '14:16:10.150845' pip_|-pycoin_|-pycoin_|-installed: __id__: pycoin __run_num__: 174 __sls__: sift.python-packages.pycoin changes: {} comment: All packages were successfully installed duration: 3263.452 name: pycoin result: true start_time: '14:13:07.077800' pip_|-pysocks_|-pysocks_|-installed: __id__: pysocks __run_num__: 175 __sls__: sift.python-packages.pysocks changes: {} comment: 'Python package pysocks was already installed All packages were successfully installed' duration: 1955.268 name: pysocks result: true start_time: '14:13:10.344961' pip_|-python-dateutil_|-python-dateutil >= 2.4.2_|-installed: __id__: python-dateutil __run_num__: 253 __sls__: sift.python-packages.python-dateutil changes: {} comment: 'Python package python-dateutil >= 2.4.2 was already installed All packages were successfully installed' duration: 1967.11 name: python-dateutil >= 2.4.2 result: true start_time: '14:16:14.331817' pip_|-python-evtx_|-python-evtx_|-installed: __id__: python-evtx __run_num__: 254 __sls__: sift.python-packages.python-evtx changes: {} comment: 'Python package python-evtx was already installed All packages were successfully installed' duration: 1827.526 name: python-evtx result: true start_time: '14:16:16.302805' pip_|-python-magic_|-python-magic_|-installed: __id__: python-magic __run_num__: 255 __sls__: sift.python-packages.python-magic changes: {} comment: 'Python package python-magic was already installed All packages were successfully installed' duration: 1980.733 name: python-magic result: true start_time: '14:16:18.133133' pip_|-python-registry_|-python-registry_|-installed: __id__: python-registry __run_num__: 256 __sls__: sift.python-packages.python-registry changes: {} comment: 'Python package python-registry was already installed All packages were successfully installed' duration: 2001.15 name: python-registry result: true start_time: '14:16:20.119616' pip_|-rekall_|-rekall_|-installed: __id__: rekall __run_num__: 260 __sls__: sift.python-packages.rekall changes: {} comment: 'Python package rekall was already installed All packages were successfully installed' duration: 1351.378 name: rekall result: true start_time: '14:16:32.398673' pip_|-setuptools_|-setuptools_|-installed: __id__: setuptools __run_num__: 257 __sls__: sift.python-packages.setuptools changes: {} comment: All packages were successfully installed duration: 3714.518 name: setuptools result: true start_time: '14:16:22.124559' pip_|-sift-pip-geoip2_|-geoip2_|-installed: __id__: sift-pip-geoip2 __run_num__: 251 __sls__: sift.python-packages.geoip2 changes: {} comment: 'Python package geoip2 was already installed All packages were successfully installed' duration: 1978.5 name: geoip2 result: true start_time: '14:16:08.166650' pip_|-sift-pip-virustotal-api_|-virustotal-api_|-installed: __id__: sift-pip-virustotal-api __run_num__: 267 __sls__: sift.python-packages.virustotal-api changes: {} comment: 'Python package virustotal-api was already installed All packages were successfully installed' duration: 1956.052 name: virustotal-api result: true start_time: '14:16:45.492981' pip_|-simplejson_|-simplejson_|-installed: __id__: simplejson __run_num__: 176 __sls__: sift.python-packages.simplejson changes: {} comment: All packages were successfully installed duration: 3346.85 name: simplejson result: true start_time: '14:13:12.303131' pip_|-six_|-six_|-installed: __id__: six __run_num__: 261 __sls__: sift.python-packages.six changes: {} comment: 'Python package six was already installed All packages were successfully installed' duration: 2010.512 name: six result: true start_time: '14:16:33.752915' pip_|-stix-validator_|-stix-validator_|-installed: __id__: stix-validator __run_num__: 263 __sls__: sift.python-packages.stix-validator changes: {} comment: 'Python package stix-validator was already installed All packages were successfully installed' duration: 2070.209 name: stix-validator result: true start_time: '14:16:37.682752' pip_|-stix_|-stix_|-installed: __id__: stix __run_num__: 262 __sls__: sift.python-packages.stix changes: {} comment: 'Python package stix was already installed All packages were successfully installed' duration: 1908.749 name: stix result: true start_time: '14:16:35.768667' pip_|-timesketch_|-timesketch_|-installed: __id__: timesketch __run_num__: 264 __sls__: sift.python-packages.timesketch changes: {} comment: 'Python package timesketch was already installed All packages were successfully installed' duration: 1847.546 name: timesketch result: true start_time: '14:16:39.762463' pip_|-unicodecsv_|-unicodecsv_|-installed: __id__: unicodecsv __run_num__: 265 __sls__: sift.python-packages.unicodecsv changes: {} comment: 'Python package unicodecsv was already installed All packages were successfully installed' duration: 1904.464 name: unicodecsv result: true start_time: '14:16:41.612822' pip_|-usnparser_|-usnparser_|-installed: __id__: usnparser __run_num__: 266 __sls__: sift.python-packages.usnparser changes: {} comment: 'Python package usnparser was already installed All packages were successfully installed' duration: 1969.57 name: usnparser result: true start_time: '14:16:43.520392' pip_|-wheel_|-wheel_|-installed: __id__: wheel __run_num__: 258 __sls__: sift.python-packages.wheel changes: {} comment: All packages were successfully installed duration: 3343.112 name: wheel result: true start_time: '14:16:25.842485' pip_|-windowsprefetch_|-windowsprefetch_|-installed: __id__: windowsprefetch __run_num__: 268 __sls__: sift.python-packages.windowsprefetch changes: {} comment: 'Python package windowsprefetch was already installed All packages were successfully installed' duration: 1964.982 name: windowsprefetch result: true start_time: '14:16:47.453632' pip_|-yara-python_|-yara-python_|-installed: __id__: yara-python __run_num__: 177 __sls__: sift.python-packages.yara-python changes: {} comment: All packages were successfully installed duration: 3390.927 name: yara-python result: true start_time: '14:13:15.655614' pkg_|-aeskeyfind_|-aeskeyfind_|-installed: __id__: aeskeyfind __run_num__: 15 __sls__: sift.packages.aeskeyfind changes: {} comment: Package aeskeyfind is already installed duration: 6.343 name: aeskeyfind result: true start_time: '14:12:32.581710' pkg_|-afflib-tools_|-afflib-tools_|-installed: __id__: afflib-tools __run_num__: 16 __sls__: sift.packages.afflib-tools changes: {} comment: Package afflib-tools is already installed duration: 6.358 name: afflib-tools result: true start_time: '14:12:32.588267' pkg_|-afterglow_|-afterglow_|-installed: __id__: afterglow __run_num__: 17 __sls__: sift.packages.afterglow changes: {} comment: Package afterglow is already installed duration: 5.355 name: afterglow result: true start_time: '14:12:32.594800' pkg_|-aircrack-ng_|-aircrack-ng_|-installed: __id__: aircrack-ng __run_num__: 18 __sls__: sift.packages.aircrack-ng changes: {} comment: Package aircrack-ng is already installed duration: 5.414 name: aircrack-ng result: true start_time: '14:12:32.600313' pkg_|-apache2_|-apache2_|-installed: __id__: apache2 __run_num__: 19 __sls__: sift.packages.apache2 changes: {} comment: Package apache2 is already installed duration: 5.78 name: apache2 result: true start_time: '14:12:32.605900' pkg_|-apt-transport-https_|-apt-transport-https_|-installed: __id__: apt-transport-https __run_num__: 1 __sls__: sift.packages.apt-transport-https changes: {} comment: Package apt-transport-https is already installed duration: 5.676 name: apt-transport-https result: true start_time: '14:12:26.263790' pkg_|-arp-scan_|-arp-scan_|-installed: __id__: arp-scan __run_num__: 20 __sls__: sift.packages.arp-scan changes: {} comment: Package arp-scan is already installed duration: 6.056 name: arp-scan result: true start_time: '14:12:32.611860' pkg_|-autopsy_|-autopsy_|-installed: __id__: autopsy __run_num__: 21 __sls__: sift.packages.autopsy changes: {} comment: Package autopsy is already installed duration: 5.783 name: autopsy result: true start_time: '14:12:32.618114' pkg_|-bcrypt_|-bcrypt_|-installed: __id__: bcrypt __run_num__: 22 __sls__: sift.packages.bcrypt changes: {} comment: Package bcrypt is already installed duration: 5.882 name: bcrypt result: true start_time: '14:12:32.624214' pkg_|-binplist_|-binplist_|-removed: __id__: binplist __run_num__: 13 __sls__: sift.packages.absent.binplist changes: {} comment: All specified packages are already absent duration: 11.557 name: binplist result: true start_time: '14:12:32.558357' pkg_|-bitpim-lib_|-bitpim-lib_|-installed: __id__: bitpim-lib __run_num__: 24 __sls__: sift.packages.bitpim-lib changes: {} comment: Package bitpim-lib is already installed duration: 5.248 name: bitpim-lib result: true start_time: '14:12:32.635832' pkg_|-bitpim_|-bitpim_|-installed: __id__: bitpim __run_num__: 23 __sls__: sift.packages.bitpim changes: {} comment: Package bitpim is already installed duration: 5.443 name: bitpim result: true start_time: '14:12:32.630262' pkg_|-bkhive_|-bkhive_|-installed: __id__: bkhive __run_num__: 25 __sls__: sift.packages.bkhive changes: {} comment: Package bkhive is already installed duration: 5.507 name: bkhive result: true start_time: '14:12:32.641319' pkg_|-bless_|-bless_|-installed: __id__: bless __run_num__: 26 __sls__: sift.packages.bless changes: {} comment: Package bless is already installed duration: 5.853 name: bless result: true start_time: '14:12:32.647001' pkg_|-blt_|-blt_|-installed: __id__: blt __run_num__: 27 __sls__: sift.packages.blt changes: {} comment: Package blt is already installed duration: 6.081 name: blt result: true start_time: '14:12:32.653043' pkg_|-build-essential_|-build-essential_|-installed: __id__: build-essential __run_num__: 28 __sls__: sift.packages.build-essential changes: {} comment: Package build-essential is already installed duration: 6.697 name: build-essential result: true start_time: '14:12:32.659299' pkg_|-bulk-extractor_|-bulk-extractor_|-installed: __id__: bulk-extractor __run_num__: 29 __sls__: sift.packages.bulk-extractor changes: {} comment: Package bulk-extractor is already installed duration: 5.691 name: bulk-extractor result: true start_time: '14:12:32.670135' pkg_|-cabextract_|-cabextract_|-installed: __id__: cabextract __run_num__: 30 __sls__: sift.packages.cabextract changes: {} comment: Package cabextract is already installed duration: 5.662 name: cabextract result: true start_time: '14:12:32.676012' pkg_|-ccrypt_|-ccrypt_|-installed: __id__: ccrypt __run_num__: 31 __sls__: sift.packages.ccrypt changes: {} comment: Package ccrypt is already installed duration: 6.092 name: ccrypt result: true start_time: '14:12:32.681936' pkg_|-cifs-utils_|-cifs-utils_|-installed: __id__: cifs-utils __run_num__: 32 __sls__: sift.packages.cifs-utils changes: {} comment: Package cifs-utils is already installed duration: 6.051 name: cifs-utils result: true start_time: '14:12:32.688194' pkg_|-clamav_|-clamav_|-installed: __id__: clamav __run_num__: 33 __sls__: sift.packages.clamav changes: {} comment: Package clamav is already installed duration: 5.323 name: clamav result: true start_time: '14:12:32.694390' pkg_|-cmospwd_|-cmospwd_|-installed: __id__: cmospwd __run_num__: 34 __sls__: sift.packages.cmospwd changes: {} comment: Package cmospwd is already installed duration: 5.338 name: cmospwd result: true start_time: '14:12:32.699847' pkg_|-cryptcat_|-cryptcat_|-installed: __id__: cryptcat __run_num__: 35 __sls__: sift.packages.cryptcat changes: {} comment: Package cryptcat is already installed duration: 5.684 name: cryptcat result: true start_time: '14:12:32.705335' pkg_|-cryptsetup_|-cryptsetup_|-installed: __id__: cryptsetup __run_num__: 36 __sls__: sift.packages.cryptsetup changes: {} comment: Package cryptsetup is already installed duration: 5.517 name: cryptsetup result: true start_time: '14:12:32.711168' pkg_|-curl_|-curl_|-installed: __id__: curl __run_num__: 37 __sls__: sift.packages.curl changes: {} comment: Package curl is already installed duration: 6.27 name: curl result: true start_time: '14:12:32.716868' pkg_|-dc3dd_|-dc3dd_|-installed: __id__: dc3dd __run_num__: 38 __sls__: sift.packages.dc3dd changes: {} comment: Package dc3dd is already installed duration: 5.709 name: dc3dd result: true start_time: '14:12:32.723316' pkg_|-dcfldd_|-dcfldd_|-installed: __id__: dcfldd __run_num__: 39 __sls__: sift.packages.dcfldd changes: {} comment: Package dcfldd is already installed duration: 4.884 name: dcfldd result: true start_time: '14:12:32.729164' pkg_|-dconf-tools_|-dconf-tools_|-installed: __id__: dconf-tools __run_num__: 40 __sls__: sift.packages.dconf-tools changes: {} comment: Package dconf-tools is already installed duration: 7.158 name: dconf-tools result: true start_time: '14:12:32.734176' pkg_|-docker-engine_|-docker-engine_|-installed: __id__: docker-engine __run_num__: 41 __sls__: sift.packages.docker-engine changes: {} comment: Package docker-engine is already installed duration: 6.461 name: docker-engine result: true start_time: '14:12:32.744339' pkg_|-driftnet_|-driftnet_|-installed: __id__: driftnet __run_num__: 42 __sls__: sift.packages.driftnet changes: {} comment: Package driftnet is already installed duration: 6.464 name: driftnet result: true start_time: '14:12:32.750991' pkg_|-dsniff_|-dsniff_|-installed: __id__: dsniff __run_num__: 43 __sls__: sift.packages.dsniff changes: {} comment: Package dsniff is already installed duration: 5.729 name: dsniff result: true start_time: '14:12:32.757754' pkg_|-dumbpig_|-dumbpig_|-installed: __id__: dumbpig __run_num__: 44 __sls__: sift.packages.dumbpig changes: {} comment: Package dumbpig is already installed duration: 6.155 name: dumbpig result: true start_time: '14:12:32.763655' pkg_|-e2fslibs-dev_|-e2fslibs-dev_|-installed: __id__: e2fslibs-dev __run_num__: 45 __sls__: sift.packages.e2fslibs-dev changes: {} comment: Package e2fslibs-dev is already installed duration: 5.843 name: e2fslibs-dev result: true start_time: '14:12:32.770006' pkg_|-ent_|-ent_|-installed: __id__: ent __run_num__: 46 __sls__: sift.packages.ent changes: {} comment: Package ent is already installed duration: 5.812 name: ent result: true start_time: '14:12:32.776081' pkg_|-epic5_|-epic5_|-installed: __id__: epic5 __run_num__: 47 __sls__: sift.packages.epic5 changes: {} comment: Package epic5 is already installed duration: 6.474 name: epic5 result: true start_time: '14:12:32.782073' pkg_|-etherape_|-etherape_|-installed: __id__: etherape __run_num__: 48 __sls__: sift.packages.etherape changes: {} comment: Package etherape is already installed duration: 7.276 name: etherape result: true start_time: '14:12:32.788727' pkg_|-ettercap-graphical_|-ettercap-graphical_|-installed: __id__: ettercap-graphical __run_num__: 49 __sls__: sift.packages.ettercap-graphical changes: {} comment: Package ettercap-graphical is already installed duration: 6.767 name: ettercap-graphical result: true start_time: '14:12:32.796181' pkg_|-exfat-fuse_|-exfat-fuse_|-installed: __id__: exfat-fuse __run_num__: 50 __sls__: sift.packages.exfat-fuse changes: {} comment: Package exfat-fuse is already installed duration: 7.146 name: exfat-fuse result: true start_time: '14:12:32.803132' pkg_|-exfat-utils_|-exfat-utils_|-installed: __id__: exfat-utils __run_num__: 51 __sls__: sift.packages.exfat-utils changes: {} comment: Package exfat-utils is already installed duration: 5.695 name: exfat-utils result: true start_time: '14:12:32.810429' pkg_|-exif_|-exif_|-installed: __id__: exif __run_num__: 52 __sls__: sift.packages.exif changes: {} comment: Package exif is already installed duration: 6.359 name: exif result: true start_time: '14:12:32.816395' pkg_|-extundelete_|-extundelete_|-installed: __id__: extundelete __run_num__: 53 __sls__: sift.packages.extundelete changes: {} comment: Package extundelete is already installed duration: 6.221 name: extundelete result: true start_time: '14:12:32.822911' pkg_|-fdupes_|-fdupes_|-installed: __id__: fdupes __run_num__: 54 __sls__: sift.packages.fdupes changes: {} comment: Package fdupes is already installed duration: 5.898 name: fdupes result: true start_time: '14:12:32.829331' pkg_|-feh_|-feh_|-installed: __id__: feh __run_num__: 55 __sls__: sift.packages.feh changes: {} comment: Package feh is already installed duration: 6.218 name: feh result: true start_time: '14:12:32.835421' pkg_|-flasm_|-flasm_|-installed: __id__: flasm __run_num__: 56 __sls__: sift.packages.flasm changes: {} comment: Package flasm is already installed duration: 5.413 name: flasm result: true start_time: '14:12:32.841824' pkg_|-flex_|-flex_|-installed: __id__: flex __run_num__: 57 __sls__: sift.packages.flex changes: {} comment: Package flex is already installed duration: 5.655 name: flex result: true start_time: '14:12:32.847411' pkg_|-foremost_|-foremost_|-installed: __id__: foremost __run_num__: 58 __sls__: sift.packages.foremost changes: {} comment: Package foremost is already installed duration: 5.868 name: foremost result: true start_time: '14:12:32.853240' pkg_|-g++_|-g++_|-installed: __id__: g++ __run_num__: 59 __sls__: sift.packages.g++ changes: {} comment: Package g++ is already installed duration: 5.391 name: g++ result: true start_time: '14:12:32.859260' pkg_|-gawk_|-gawk_|-installed: __id__: gawk __run_num__: 60 __sls__: sift.packages.gawk changes: {} comment: Package gawk is already installed duration: 5.755 name: gawk result: true start_time: '14:12:32.864815' pkg_|-gcc_|-gcc_|-installed: __id__: gcc __run_num__: 61 __sls__: sift.packages.gcc changes: {} comment: Package gcc is already installed duration: 5.937 name: gcc result: true start_time: '14:12:32.870746' pkg_|-gdb_|-gdb_|-installed: __id__: gdb __run_num__: 62 __sls__: sift.packages.gdb changes: {} comment: Package gdb is already installed duration: 6.12 name: gdb result: true start_time: '14:12:32.876850' pkg_|-gddrescue_|-gddrescue_|-installed: __id__: gddrescue __run_num__: 63 __sls__: sift.packages.gddrescue changes: {} comment: Package gddrescue is already installed duration: 5.824 name: gddrescue result: true start_time: '14:12:32.883145' pkg_|-ghex_|-ghex_|-installed: __id__: ghex __run_num__: 64 __sls__: sift.packages.ghex changes: {} comment: Package ghex is already installed duration: 5.388 name: ghex result: true start_time: '14:12:32.889155' pkg_|-git_|-git_|-installed: __id__: git __run_num__: 65 __sls__: sift.packages.git changes: {} comment: Package git is already installed duration: 5.838 name: git result: true start_time: '14:12:32.894752' pkg_|-graphviz_|-graphviz_|-installed: __id__: graphviz __run_num__: 66 __sls__: sift.packages.graphviz changes: {} comment: Package graphviz is already installed duration: 5.313 name: graphviz result: true start_time: '14:12:32.900760' pkg_|-gthumb_|-gthumb_|-installed: __id__: gthumb __run_num__: 67 __sls__: sift.packages.gthumb changes: {} comment: Package gthumb is already installed duration: 5.154 name: gthumb result: true start_time: '14:12:32.906249' pkg_|-gzrt_|-gzrt_|-installed: __id__: gzrt __run_num__: 68 __sls__: sift.packages.gzrt changes: {} comment: Package gzrt is already installed duration: 6.946 name: gzrt result: true start_time: '14:12:32.911558' pkg_|-hexedit_|-hexedit_|-installed: __id__: hexedit __run_num__: 69 __sls__: sift.packages.hexedit changes: {} comment: Package hexedit is already installed duration: 7.476 name: hexedit result: true start_time: '14:12:32.918704' pkg_|-htop_|-htop_|-installed: __id__: htop __run_num__: 70 __sls__: sift.packages.htop changes: {} comment: Package htop is already installed duration: 6.932 name: htop result: true start_time: '14:12:32.926398' pkg_|-hydra-gtk_|-hydra-gtk_|-installed: __id__: hydra-gtk __run_num__: 72 __sls__: sift.packages.hydra-gtk changes: {} comment: Package hydra-gtk is already installed duration: 5.495 name: hydra-gtk result: true start_time: '14:12:32.940007' pkg_|-hydra_|-hydra_|-installed: __id__: hydra __run_num__: 71 __sls__: sift.packages.hydra changes: {} comment: Package hydra is already installed duration: 6.237 name: hydra result: true start_time: '14:12:32.933509' pkg_|-ipython_|-ipython_|-installed: __id__: ipython __run_num__: 73 __sls__: sift.packages.ipython changes: {} comment: Package ipython is already installed duration: 5.438 name: ipython result: true start_time: '14:12:32.945653' pkg_|-jq_|-jq_|-installed: __id__: jq __run_num__: 74 __sls__: sift.packages.jq changes: {} comment: Package jq is already installed duration: 5.04 name: jq result: true start_time: '14:12:32.951232' pkg_|-kdiff3_|-kdiff3_|-installed: __id__: kdiff3 __run_num__: 75 __sls__: sift.packages.kdiff3 changes: {} comment: Package kdiff3 is already installed duration: 5.824 name: kdiff3 result: true start_time: '14:12:32.956450' pkg_|-knocker_|-knocker_|-installed: __id__: knocker __run_num__: 76 __sls__: sift.packages.knocker changes: {} comment: Package knocker is already installed duration: 5.206 name: knocker result: true start_time: '14:12:32.962453' pkg_|-kpartx_|-kpartx_|-installed: __id__: kpartx __run_num__: 77 __sls__: sift.packages.kpartx changes: {} comment: Package kpartx is already installed duration: 5.923 name: kpartx result: true start_time: '14:12:32.967853' pkg_|-lft_|-lft_|-installed: __id__: lft __run_num__: 78 __sls__: sift.packages.lft changes: {} comment: Package lft is already installed duration: 5.479 name: lft result: true start_time: '14:12:32.973973' pkg_|-libafflib-dev_|-libafflib-dev_|-installed: __id__: libafflib-dev __run_num__: 79 __sls__: sift.packages.libafflib-dev changes: {} comment: Package libafflib-dev is already installed duration: 5.135 name: libafflib-dev result: true start_time: '14:12:32.979820' pkg_|-libafflib_|-libafflib0v5_|-installed: __id__: libafflib __run_num__: 80 __sls__: sift.packages.libafflib changes: {} comment: Package libafflib0v5 is already installed duration: 5.26 name: libafflib0v5 result: true start_time: '14:12:32.985107' pkg_|-libbde-tools_|-libbde-tools_|-installed: __id__: libbde-tools __run_num__: 82 __sls__: sift.packages.libbde-tools changes: {} comment: Package libbde-tools is already installed duration: 5.082 name: libbde-tools result: true start_time: '14:12:32.995655' pkg_|-libbde_|-libbde_|-installed: __id__: libbde __run_num__: 81 __sls__: sift.packages.libbde changes: {} comment: Package libbde is already installed duration: 4.977 name: libbde result: true start_time: '14:12:32.990545' pkg_|-libesedb-tools_|-libesedb-tools_|-installed: __id__: libesedb-tools __run_num__: 84 __sls__: sift.packages.libesedb-tools changes: {} comment: Package libesedb-tools is already installed duration: 5.545 name: libesedb-tools result: true start_time: '14:12:33.007068' pkg_|-libesedb_|-libesedb_|-installed: __id__: libesedb __run_num__: 83 __sls__: sift.packages.libesedb changes: {} comment: Package libesedb is already installed duration: 5.978 name: libesedb result: true start_time: '14:12:33.000905' pkg_|-libevt-tools_|-libevt-tools_|-installed: __id__: libevt-tools __run_num__: 86 __sls__: sift.packages.libevt-tools changes: {} comment: Package libevt-tools is already installed duration: 5.773 name: libevt-tools result: true start_time: '14:12:33.018584' pkg_|-libevt_|-libevt_|-installed: __id__: libevt __run_num__: 85 __sls__: sift.packages.libevt changes: {} comment: Package libevt is already installed duration: 5.628 name: libevt result: true start_time: '14:12:33.012791' pkg_|-libevtx-tools_|-libevtx-tools_|-installed: __id__: libevtx-tools __run_num__: 88 __sls__: sift.packages.libevtx-tools changes: {} comment: Package libevtx-tools is already installed duration: 6.027 name: libevtx-tools result: true start_time: '14:12:33.029685' pkg_|-libevtx_|-libevtx_|-installed: __id__: libevtx __run_num__: 87 __sls__: sift.packages.libevtx changes: {} comment: Package libevtx is already installed duration: 4.972 name: libevtx result: true start_time: '14:12:33.024547' pkg_|-libewf-dev_|-libewf-dev_|-installed: __id__: libewf-dev __run_num__: 90 __sls__: sift.packages.libewf-dev changes: {} comment: Package libewf-dev is already installed duration: 5.918 name: libewf-dev result: true start_time: '14:12:33.041271' pkg_|-libewf-python_|-libewf-python_|-installed: __id__: libewf-python __run_num__: 91 __sls__: sift.packages.libewf-python changes: {} comment: Package libewf-python is already installed duration: 6.26 name: libewf-python result: true start_time: '14:12:33.047350' pkg_|-libewf-tools_|-libewf-tools_|-installed: __id__: libewf-tools __run_num__: 92 __sls__: sift.packages.libewf-tools changes: {} comment: Package libewf-tools is already installed duration: 5.633 name: libewf-tools result: true start_time: '14:12:33.053862' pkg_|-libewf_|-libewf_|-installed: __id__: libewf __run_num__: 89 __sls__: sift.packages.libewf changes: {} comment: Package libewf is already installed duration: 5.247 name: libewf result: true start_time: '14:12:33.035850' pkg_|-libffi-dev_|-libffi-dev_|-installed: __id__: libffi-dev __run_num__: 93 __sls__: sift.packages.libffi-dev changes: {} comment: Package libffi-dev is already installed duration: 6.368 name: libffi-dev result: true start_time: '14:12:33.059657' pkg_|-libfuse-dev_|-libfuse-dev_|-installed: __id__: libfuse-dev __run_num__: 94 __sls__: sift.packages.libfuse-dev changes: {} comment: Package libfuse-dev is already installed duration: 6.23 name: libfuse-dev result: true start_time: '14:12:33.066228' pkg_|-libfvde-tools_|-libfvde-tools_|-installed: __id__: libfvde-tools __run_num__: 96 __sls__: sift.packages.libfvde-tools changes: {} comment: Package libfvde-tools is already installed duration: 5.835 name: libfvde-tools result: true start_time: '14:12:33.080913' pkg_|-libfvde_|-libfvde_|-installed: __id__: libfvde __run_num__: 95 __sls__: sift.packages.libfvde changes: {} comment: Package libfvde is already installed duration: 5.955 name: libfvde result: true start_time: '14:12:33.074789' pkg_|-liblightgrep_|-liblightgrep_|-installed: __id__: liblightgrep __run_num__: 97 __sls__: sift.packages.liblightgrep changes: {} comment: Package liblightgrep is already installed duration: 6.174 name: liblightgrep result: true start_time: '14:12:33.086992' pkg_|-libmsiecf_|-libmsiecf_|-installed: __id__: libmsiecf __run_num__: 98 __sls__: sift.packages.libmsiecf changes: {} comment: Package libmsiecf is already installed duration: 6.444 name: libmsiecf result: true start_time: '14:12:33.093340' pkg_|-libncurses_|-libncurses5-dev_|-installed: __id__: libncurses __run_num__: 99 __sls__: sift.packages.libncurses changes: {} comment: Package libncurses5-dev is already installed duration: 5.877 name: libncurses5-dev result: true start_time: '14:12:33.100012' pkg_|-libnet1_|-libnet1_|-installed: __id__: libnet1 __run_num__: 100 __sls__: sift.packages.libnet1 changes: {} comment: Package libnet1 is already installed duration: 5.709 name: libnet1 result: true start_time: '14:12:33.106106' pkg_|-libolecf_|-libolecf_|-installed: __id__: libolecf __run_num__: 101 __sls__: sift.packages.libolecf changes: {} comment: Package libolecf is already installed duration: 5.137 name: libolecf result: true start_time: '14:12:33.112000' pkg_|-libparse-win32registry-perl_|-libparse-win32registry-perl_|-installed: __id__: libparse-win32registry-perl __run_num__: 102 __sls__: sift.packages.libparse-win32registry-perl changes: {} comment: Package libparse-win32registry-perl is already installed duration: 5.411 name: libparse-win32registry-perl result: true start_time: '14:12:33.117274' pkg_|-libpff-dev_|-libpff-dev_|-installed: __id__: libpff-dev __run_num__: 104 __sls__: sift.packages.libpff-dev changes: {} comment: Package libpff-dev is already installed duration: 5.611 name: libpff-dev result: true start_time: '14:12:33.128240' pkg_|-libpff-python_|-libpff-python_|-installed: __id__: libpff-python __run_num__: 105 __sls__: sift.packages.libpff-python changes: {} comment: Package libpff-python is already installed duration: 5.304 name: libpff-python result: true start_time: '14:12:33.134026' pkg_|-libpff-tools_|-libpff-tools_|-installed: __id__: libpff-tools __run_num__: 106 __sls__: sift.packages.libpff-tools changes: {} comment: Package libpff-tools is already installed duration: 5.495 name: libpff-tools result: true start_time: '14:12:33.139512' pkg_|-libpff_|-libpff_|-installed: __id__: libpff __run_num__: 103 __sls__: sift.packages.libpff changes: {} comment: Package libpff is already installed duration: 5.252 name: libpff result: true start_time: '14:12:33.122845' pkg_|-libregf-dev_|-libregf-dev_|-installed: __id__: libregf-dev __run_num__: 109 __sls__: sift.packages.libregf-dev changes: {} comment: Package libregf-dev is already installed duration: 5.212 name: libregf-dev result: true start_time: '14:12:33.157509' pkg_|-libregf-python_|-libregf-python_|-installed: __id__: libregf-python __run_num__: 110 __sls__: sift.packages.libregf-python changes: {} comment: Package libregf-python is already installed duration: 4.853 name: libregf-python result: true start_time: '14:12:33.162854' pkg_|-libregf-tools_|-libregf-tools_|-installed: __id__: libregf-tools __run_num__: 111 __sls__: sift.packages.libregf-tools changes: {} comment: Package libregf-tools is already installed duration: 5.635 name: libregf-tools result: true start_time: '14:12:33.167837' pkg_|-libregf_|-libregf_|-installed: __id__: libregf __run_num__: 108 __sls__: sift.packages.libregf changes: {} comment: Package libregf is already installed duration: 6.309 name: libregf result: true start_time: '14:12:33.151022' pkg_|-libssl-dev_|-libssl-dev_|-installed: __id__: libssl-dev __run_num__: 112 __sls__: sift.packages.libssl-dev changes: {} comment: Package libssl-dev is already installed duration: 5.518 name: libssl-dev result: true start_time: '14:12:33.173644' pkg_|-libtext-csv-perl_|-libtext-csv-perl_|-installed: __id__: libtext-csv-perl __run_num__: 113 __sls__: sift.packages.libtext-csv-perl changes: {} comment: Package libtext-csv-perl is already installed duration: 5.788 name: libtext-csv-perl result: true start_time: '14:12:33.179339' pkg_|-libvmdk_|-libvmdk_|-installed: __id__: libvmdk __run_num__: 114 __sls__: sift.packages.libvmdk changes: {} comment: Package libvmdk is already installed duration: 5.654 name: libvmdk result: true start_time: '14:12:33.185293' pkg_|-libvshadow-dev_|-libvshadow-dev_|-installed: __id__: libvshadow-dev __run_num__: 116 __sls__: sift.packages.libvshadow-dev changes: {} comment: Package libvshadow-dev is already installed duration: 5.139 name: libvshadow-dev result: true start_time: '14:12:33.196859' pkg_|-libvshadow-python_|-libvshadow-python_|-installed: __id__: libvshadow-python __run_num__: 117 __sls__: sift.packages.libvshadow-python changes: {} comment: Package libvshadow-python is already installed duration: 5.171 name: libvshadow-python result: true start_time: '14:12:33.202120' pkg_|-libvshadow-tools_|-libvshadow-tools_|-installed: __id__: libvshadow-tools __run_num__: 118 __sls__: sift.packages.libvshadow-tools changes: {} comment: Package libvshadow-tools is already installed duration: 5.233 name: libvshadow-tools result: true start_time: '14:12:33.207470' pkg_|-libvshadow_|-libvshadow_|-installed: __id__: libvshadow __run_num__: 115 __sls__: sift.packages.libvshadow changes: {} comment: Package libvshadow is already installed duration: 5.578 name: libvshadow result: true start_time: '14:12:33.191120' pkg_|-libxml2-dev_|-libxml2-dev_|-installed: __id__: libxml2-dev __run_num__: 119 __sls__: sift.packages.libxml2-dev changes: {} comment: Package libxml2-dev is already installed duration: 5.573 name: libxml2-dev result: true start_time: '14:12:33.212850' pkg_|-libxslt-dev_|-libxslt-dev_|-installed: __id__: libxslt-dev __run_num__: 120 __sls__: sift.packages.libxslt-dev changes: {} comment: Package libxslt-dev is already installed duration: 5.432 name: libxslt-dev result: true start_time: '14:12:33.218580' pkg_|-md5deep_|-md5deep_|-installed: __id__: md5deep __run_num__: 121 __sls__: sift.packages.md5deep changes: {} comment: Package md5deep is already installed duration: 5.691 name: md5deep result: true start_time: '14:12:33.224204' pkg_|-nbd-client_|-nbd-client_|-installed: __id__: nbd-client __run_num__: 122 __sls__: sift.packages.nbd-client changes: {} comment: Package nbd-client is already installed duration: 5.284 name: nbd-client result: true start_time: '14:12:33.230053' pkg_|-nbtscan_|-nbtscan_|-installed: __id__: nbtscan __run_num__: 123 __sls__: sift.packages.nbtscan changes: {} comment: Package nbtscan is already installed duration: 4.935 name: nbtscan result: true start_time: '14:12:33.235535' pkg_|-netcat_|-netcat_|-installed: __id__: netcat __run_num__: 124 __sls__: sift.packages.netcat changes: {} comment: Package netcat is already installed duration: 5.283 name: netcat result: true start_time: '14:12:33.240630' pkg_|-netpbm_|-netpbm_|-installed: __id__: netpbm __run_num__: 125 __sls__: sift.packages.netpbm changes: {} comment: Package netpbm is already installed duration: 4.751 name: netpbm result: true start_time: '14:12:33.246049' pkg_|-netsed_|-netsed_|-installed: __id__: netsed __run_num__: 126 __sls__: sift.packages.netsed changes: {} comment: Package netsed is already installed duration: 5.163 name: netsed result: true start_time: '14:12:33.250956' pkg_|-netwox_|-netwox_|-installed: __id__: netwox __run_num__: 127 __sls__: sift.packages.netwox changes: {} comment: Package netwox is already installed duration: 6.765 name: netwox result: true start_time: '14:12:33.256303' pkg_|-nfdump_|-nfdump_|-installed: __id__: nfdump __run_num__: 128 __sls__: sift.packages.nfdump changes: {} comment: Package nfdump is already installed duration: 5.331 name: nfdump result: true start_time: '14:12:33.263222' pkg_|-ngrep_|-ngrep_|-installed: __id__: ngrep __run_num__: 129 __sls__: sift.packages.ngrep changes: {} comment: Package ngrep is already installed duration: 66.827 name: ngrep result: true start_time: '14:12:33.268727' pkg_|-okular_|-okular_|-installed: __id__: okular __run_num__: 131 __sls__: sift.packages.okular changes: {} comment: Package okular is already installed duration: 5.263 name: okular result: true start_time: '14:12:33.342623' pkg_|-open-iscsi_|-open-iscsi_|-installed: __id__: open-iscsi __run_num__: 132 __sls__: sift.packages.open-iscsi changes: {} comment: Package open-iscsi is already installed duration: 6.138 name: open-iscsi result: true start_time: '14:12:33.348092' pkg_|-openjdk_|-openjdk-7-jdk_|-installed: __id__: openjdk __run_num__: 133 __sls__: sift.packages.openjdk changes: {} comment: Package openjdk-7-jdk is already installed duration: 5.757 name: openjdk-7-jdk result: true start_time: '14:12:33.356677' pkg_|-ophcrack-cli_|-ophcrack-cli_|-installed: __id__: ophcrack-cli __run_num__: 135 __sls__: sift.packages.ophcrack-cli changes: {} comment: Package ophcrack-cli is already installed duration: 5.427 name: ophcrack-cli result: true start_time: '14:12:33.368843' pkg_|-ophcrack_|-ophcrack_|-installed: __id__: ophcrack __run_num__: 134 __sls__: sift.packages.ophcrack changes: {} comment: Package ophcrack is already installed duration: 6.034 name: ophcrack result: true start_time: '14:12:33.362621' pkg_|-outguess_|-outguess_|-installed: __id__: outguess __run_num__: 136 __sls__: sift.packages.outguess changes: {} comment: Package outguess is already installed duration: 4.87 name: outguess result: true start_time: '14:12:33.374436' pkg_|-p0f_|-p0f_|-installed: __id__: p0f __run_num__: 137 __sls__: sift.packages.p0f changes: {} comment: Package p0f is already installed duration: 5.085 name: p0f result: true start_time: '14:12:33.379457' pkg_|-p7zip-full_|-p7zip-full_|-installed: __id__: p7zip-full __run_num__: 138 __sls__: sift.packages.p7zip-full changes: {} comment: Package p7zip-full is already installed duration: 5.363 name: p7zip-full result: true start_time: '14:12:33.384672' pkg_|-pdftk_|-pdftk_|-installed: __id__: pdftk __run_num__: 139 __sls__: sift.packages.pdftk changes: {} comment: Package pdftk is already installed duration: 5.313 name: pdftk result: true start_time: '14:12:33.390212' pkg_|-pev_|-pev_|-installed: __id__: pev __run_num__: 142 __sls__: sift.packages.pev changes: {} comment: Package pev is already installed duration: 6.001 name: pev result: true start_time: '14:12:33.413011' pkg_|-phonon_|-phonon_|-installed: __id__: phonon __run_num__: 143 __sls__: sift.packages.phonon changes: {} comment: Package phonon is already installed duration: 6.122 name: phonon result: true start_time: '14:12:33.419172' pkg_|-pkg-config_|-pkg-config_|-installed: __id__: pkg-config __run_num__: 144 __sls__: sift.packages.pkg-config changes: {} comment: Package pkg-config is already installed duration: 5.372 name: pkg-config result: true start_time: '14:12:33.425465' pkg_|-pv_|-pv_|-installed: __id__: pv __run_num__: 147 __sls__: sift.packages.pv changes: {} comment: Package pv is already installed duration: 7.783 name: pv result: true start_time: '14:12:45.281221' pkg_|-pyew_|-pyew_|-installed: __id__: pyew __run_num__: 148 __sls__: sift.packages.pyew changes: {} comment: Package pyew is already installed duration: 4.944 name: pyew result: true start_time: '14:12:45.289154' pkg_|-python-dev_|-python-dev_|-installed: __id__: python-dev __run_num__: 150 __sls__: sift.packages.python-dev changes: {} comment: Package python-dev is already installed duration: 5.697 name: python-dev result: true start_time: '14:12:45.300642' pkg_|-python-dfvfs_|-python-dfvfs_|-installed: __id__: python-dfvfs __run_num__: 151 __sls__: sift.packages.python-dfvfs changes: {} comment: 'Version 20160108-1ppa1~xenial of package ''python-dfvfs'' is already installed. Package python-dfvfs is already set to be held.' duration: 128.175 name: python-dfvfs result: true start_time: '14:12:45.310593' pkg_|-python-flowgrep_|-python-flowgrep_|-installed: __id__: python-flowgrep __run_num__: 152 __sls__: sift.packages.python-flowgrep changes: {} comment: Package python-flowgrep is already installed duration: 6.418 name: python-flowgrep result: true start_time: '14:12:45.439010' pkg_|-python-fuse_|-python-fuse_|-installed: __id__: python-fuse __run_num__: 153 __sls__: sift.packages.python-fuse changes: {} comment: Package python-fuse is already installed duration: 5.168 name: python-fuse result: true start_time: '14:12:45.445565' pkg_|-python-nids_|-python-nids_|-installed: __id__: python-nids __run_num__: 154 __sls__: sift.packages.python-nids changes: {} comment: Package python-nids is already installed duration: 5.485 name: python-nids result: true start_time: '14:12:45.450895' pkg_|-python-ntdsxtract_|-python-ntdsxtract_|-installed: __id__: python-ntdsxtract __run_num__: 155 __sls__: sift.packages.python-ntdsxtract changes: {} comment: Package python-ntdsxtract is already installed duration: 5.597 name: python-ntdsxtract result: true start_time: '14:12:45.456529' pkg_|-python-pefile_|-python-pefile_|-installed: __id__: python-pefile __run_num__: 156 __sls__: sift.packages.python-pefile changes: {} comment: Package python-pefile is already installed duration: 8.136 name: python-pefile result: true start_time: '14:12:45.462301' pkg_|-python-pip_|-python-pip_|-installed: __id__: python-pip __run_num__: 157 __sls__: sift.packages.python-pip changes: {} comment: Package python-pip is already installed duration: 6.006 name: python-pip result: true start_time: '14:12:45.470602' pkg_|-python-plaso_|-python-plaso_|-installed: __id__: python-plaso __run_num__: 160 __sls__: sift.packages.python-plaso changes: {} comment: 'Version 1.4.0-1ppa3~xenial of package ''python-plaso'' is already installed. Package python-plaso is already set to be held.' duration: 124.73 name: python-plaso result: true start_time: '14:12:45.501524' pkg_|-python-qt4_|-python-qt4_|-installed: __id__: python-qt4 __run_num__: 163 __sls__: sift.packages.python-qt4 changes: {} comment: Package python-qt4 is already installed duration: 7.271 name: python-qt4 result: true start_time: '14:12:45.642932' pkg_|-python-software-properties_|-python-software-properties_|-installed: __id__: python-software-properties __run_num__: 0 __sls__: sift.packages.python-software-properties changes: {} comment: Package python-software-properties is already installed duration: 796.411 name: python-software-properties result: true start_time: '14:12:25.467174' pkg_|-python-tk_|-python-tk_|-installed: __id__: python-tk __run_num__: 164 __sls__: sift.packages.python-tk changes: {} comment: Package python-tk is already installed duration: 5.168 name: python-tk result: true start_time: '14:12:45.650384' pkg_|-python-virtualenv_|-python-virtualenv_|-installed: __id__: python-virtualenv __run_num__: 165 __sls__: sift.packages.python-virtualenv changes: {} comment: Package python-virtualenv is already installed duration: 5.75 name: python-virtualenv result: true start_time: '14:12:45.655717' pkg_|-python-volatility_|-python-volatility_|-installed: __id__: python-volatility __run_num__: 178 __sls__: sift.packages.python-volatility changes: {} comment: Package python-volatility is already installed duration: 7.561 name: python-volatility result: true start_time: '14:13:19.049803' pkg_|-python-yara_|-python-yara_|-installed: __id__: python-yara __run_num__: 199 __sls__: sift.packages.python-yara changes: {} comment: Package python-yara is already installed duration: 7.529 name: python-yara result: true start_time: '14:13:22.934741' pkg_|-python_|-python_|-installed: __id__: python __run_num__: 149 __sls__: sift.packages.python changes: {} comment: Package python is already installed duration: 6.247 name: python result: true start_time: '14:12:45.294233' pkg_|-pytsk3-removed_|-pytsk3_|-removed: __id__: pytsk3-removed __run_num__: 161 __sls__: sift.packages.python-pytsk3 changes: {} comment: All specified packages are already absent duration: 10.406 name: pytsk3 result: true start_time: '14:12:45.626513' pkg_|-pytsk3_|-python-pytsk3_|-installed: __id__: pytsk3 __run_num__: 162 __sls__: sift.packages.python-pytsk3 changes: {} comment: Package python-pytsk3 is already installed duration: 5.655 name: python-pytsk3 result: true start_time: '14:12:45.637114' pkg_|-qemu-utils_|-qemu-utils_|-installed: __id__: qemu-utils __run_num__: 201 __sls__: sift.packages.qemu-utils changes: {} comment: Package qemu-utils is already installed duration: 5.682 name: qemu-utils result: true start_time: '14:13:22.947544' pkg_|-qemu_|-qemu_|-installed: __id__: qemu __run_num__: 200 __sls__: sift.packages.qemu changes: {} comment: Package qemu is already installed duration: 4.951 name: qemu result: true start_time: '14:13:22.942450' pkg_|-radare2_|-radare2_|-installed: __id__: radare2 __run_num__: 202 __sls__: sift.packages.radare2 changes: {} comment: Package radare2 is already installed duration: 7.364 name: radare2 result: true start_time: '14:13:22.953424' pkg_|-readpst_|-readpst_|-installed: __id__: readpst __run_num__: 204 __sls__: sift.packages.readpst changes: {} comment: Package readpst is already installed duration: 6.68 name: readpst result: true start_time: '14:13:22.969240' pkg_|-rsakeyfind_|-rsakeyfind_|-installed: __id__: rsakeyfind __run_num__: 205 __sls__: sift.packages.rsakeyfind changes: {} comment: Package rsakeyfind is already installed duration: 5.454 name: rsakeyfind result: true start_time: '14:13:22.976112' pkg_|-safecopy_|-safecopy_|-installed: __id__: safecopy __run_num__: 206 __sls__: sift.packages.safecopy changes: {} comment: Package safecopy is already installed duration: 5.549 name: safecopy result: true start_time: '14:13:22.981730' pkg_|-samba_|-samba_|-installed: __id__: samba __run_num__: 207 __sls__: sift.packages.samba changes: {} comment: Package samba is already installed duration: 5.611 name: samba result: true start_time: '14:13:22.987539' pkg_|-samdump2_|-samdump2_|-installed: __id__: samdump2 __run_num__: 208 __sls__: sift.packages.samdump2 changes: {} comment: Package samdump2 is already installed duration: 5.335 name: samdump2 result: true start_time: '14:13:22.993299' pkg_|-scalpel_|-scalpel_|-installed: __id__: scalpel __run_num__: 209 __sls__: sift.packages.scalpel changes: {} comment: Package scalpel is already installed duration: 6.191 name: scalpel result: true start_time: '14:13:22.998829' pkg_|-sift-nikto_|-nikto_|-installed: __id__: sift-nikto __run_num__: 130 __sls__: sift.packages.nikto changes: {} comment: Package nikto is already installed duration: 5.425 name: nikto result: true start_time: '14:12:33.337056' pkg_|-sift-package-libplist-utils_|-libplist-utils_|-installed: __id__: sift-package-libplist-utils __run_num__: 107 __sls__: sift.packages.libplist-utils changes: {} comment: Package libplist-utils is already installed duration: 5.671 name: libplist-utils result: true start_time: '14:12:33.145174' pkg_|-sift-package-perl_|-perl_|-installed: __id__: sift-package-perl __run_num__: 140 __sls__: sift.packages.perl changes: {} comment: Package perl is already installed duration: 5.692 name: perl result: true start_time: '14:12:33.395704' pkg_|-sift-powershell_|-sift-powershell_|-installed: __id__: sift-powershell __run_num__: 146 __sls__: sift.packages.powershell changes: {} comment: All specified packages are already installed duration: 106.739 name: sift-powershell result: true start_time: '14:12:45.174130' pkg_|-sift-python-xlsxwriter_|-python-xlsxwriter_|-installed: __id__: sift-python-xlsxwriter __run_num__: 159 __sls__: sift.packages.python-xlsxwriter changes: {} comment: Package python-xlsxwriter is already installed duration: 5.789 name: python-xlsxwriter result: true start_time: '14:12:45.488361' pkg_|-sift-python3-xlsxwriter_|-python3-xlsxwriter_|-removed: __id__: sift-python3-xlsxwriter __run_num__: 158 __sls__: sift.packages.python-xlsxwriter changes: {} comment: All specified packages are already absent duration: 11.229 name: python3-xlsxwriter result: true start_time: '14:12:45.476851' pkg_|-sift-rar_|-rar_|-installed: __id__: sift-rar __run_num__: 203 __sls__: sift.packages.rar changes: {} comment: Package rar is already installed duration: 6.542 name: rar result: true start_time: '14:13:22.962462' pkg_|-sift-unrar_|-unrar_|-installed: __id__: sift-unrar __run_num__: 230 __sls__: sift.packages.unrar changes: {} comment: Package unrar is already installed duration: 5.402 name: unrar result: true start_time: '14:13:23.120250' pkg_|-sift-wine-apt-update_|-sift-wine-apt-update_|-uptodate: __id__: sift-wine-apt-update __run_num__: 238 __sls__: sift.packages.wine changes: gir1.2-packagekitglib-1.0: new: 0.8.17-4ubuntu6~gcc5.4ubuntu1.2 old: 0.8.17-4ubuntu6~gcc5.4ubuntu1.1 libpackagekit-glib2-16: new: 0.8.17-4ubuntu6~gcc5.4ubuntu1.2 old: 0.8.17-4ubuntu6~gcc5.4ubuntu1.1 libsnapd-glib1: new: 1.13-0ubuntu0.16.04.1 old: 1.2-0ubuntu1.1~xenial linux-firmware: new: 1.157.12 old: 1.157.11 snapd: new: 2.27.5 old: 2.26.10 snapd-login-service: new: 1.13-0ubuntu0.16.04.1 old: 1.2-0ubuntu1.1~xenial ubuntu-core-launcher: new: 2.27.5 old: 2.26.10 comment: Upgrade ran successfully duration: 154838.005 name: sift-wine-apt-update result: true start_time: '14:13:23.256347' pkg_|-sift-wine_|-wine_|-installed: __id__: sift-wine __run_num__: 239 __sls__: sift.packages.wine changes: {} comment: Package wine is already installed duration: 633.25 name: wine result: true start_time: '14:15:58.101447' pkg_|-sleuthkit_|-sleuthkit_|-installed: __id__: sleuthkit __run_num__: 210 __sls__: sift.packages.sleuthkit changes: {} comment: Package sleuthkit is already installed duration: 5.722 name: sleuthkit result: true start_time: '14:13:23.005193' pkg_|-socat_|-socat_|-installed: __id__: socat __run_num__: 211 __sls__: sift.packages.socat changes: {} comment: Package socat is already installed duration: 5.524 name: socat result: true start_time: '14:13:23.011107' pkg_|-ssdeep_|-ssdeep_|-installed: __id__: ssdeep __run_num__: 212 __sls__: sift.packages.ssdeep changes: {} comment: Package ssdeep is already installed duration: 5.546 name: ssdeep result: true start_time: '14:13:23.016788' pkg_|-ssldump_|-ssldump_|-installed: __id__: ssldump __run_num__: 213 __sls__: sift.packages.ssldump changes: {} comment: Package ssldump is already installed duration: 4.99 name: ssldump result: true start_time: '14:13:23.022517' pkg_|-sslsniff_|-sslsniff_|-installed: __id__: sslsniff __run_num__: 214 __sls__: sift.packages.sslsniff changes: {} comment: Package sslsniff is already installed duration: 5.142 name: sslsniff result: true start_time: '14:13:23.027655' pkg_|-stunnel4_|-stunnel4_|-installed: __id__: stunnel4 __run_num__: 215 __sls__: sift.packages.stunnel4 changes: {} comment: Package stunnel4 is already installed duration: 4.948 name: stunnel4 result: true start_time: '14:13:23.032934' pkg_|-system-config-samba_|-system-config-samba_|-installed: __id__: system-config-samba __run_num__: 216 __sls__: sift.packages.system-config-samba changes: {} comment: Package system-config-samba is already installed duration: 5.958 name: system-config-samba result: true start_time: '14:13:23.038046' pkg_|-tcl_|-tcl_|-installed: __id__: tcl __run_num__: 217 __sls__: sift.packages.tcl changes: {} comment: Package tcl is already installed duration: 5.659 name: tcl result: true start_time: '14:13:23.044221' pkg_|-tcpflow_|-tcpflow_|-installed: __id__: tcpflow __run_num__: 218 __sls__: sift.packages.tcpflow changes: {} comment: Package tcpflow is already installed duration: 6.651 name: tcpflow result: true start_time: '14:13:23.050050' pkg_|-tcpick_|-tcpick_|-installed: __id__: tcpick __run_num__: 219 __sls__: sift.packages.tcpick changes: {} comment: Package tcpick is already installed duration: 6.445 name: tcpick result: true start_time: '14:13:23.056895' pkg_|-tcpreplay_|-tcpreplay_|-installed: __id__: tcpreplay __run_num__: 220 __sls__: sift.packages.tcpreplay changes: {} comment: Package tcpreplay is already installed duration: 5.39 name: tcpreplay result: true start_time: '14:13:23.063509' pkg_|-tcpslice_|-tcpslice_|-installed: __id__: tcpslice __run_num__: 221 __sls__: sift.packages.tcpslice changes: {} comment: Package tcpslice is already installed duration: 4.994 name: tcpslice result: true start_time: '14:13:23.069040' pkg_|-tcpstat_|-tcpstat_|-installed: __id__: tcpstat __run_num__: 222 __sls__: sift.packages.tcpstat changes: {} comment: Package tcpstat is already installed duration: 5.277 name: tcpstat result: true start_time: '14:13:23.074187' pkg_|-tcptrace_|-tcptrace_|-installed: __id__: tcptrace __run_num__: 223 __sls__: sift.packages.tcptrace changes: {} comment: Package tcptrace is already installed duration: 4.921 name: tcptrace result: true start_time: '14:13:23.079610' pkg_|-tcptrack_|-tcptrack_|-installed: __id__: tcptrack __run_num__: 224 __sls__: sift.packages.tcptrack changes: {} comment: Package tcptrack is already installed duration: 5.987 name: tcptrack result: true start_time: '14:13:23.084673' pkg_|-tcpxtract_|-tcpxtract_|-installed: __id__: tcpxtract __run_num__: 225 __sls__: sift.packages.tcpxtract changes: {} comment: Package tcpxtract is already installed duration: 5.653 name: tcpxtract result: true start_time: '14:13:23.090849' pkg_|-testdisk_|-testdisk_|-installed: __id__: testdisk __run_num__: 226 __sls__: sift.packages.testdisk changes: {} comment: Package testdisk is already installed duration: 5.497 name: testdisk result: true start_time: '14:13:23.096684' pkg_|-tofrodos_|-tofrodos_|-installed: __id__: tofrodos __run_num__: 227 __sls__: sift.packages.tofrodos changes: {} comment: Package tofrodos is already installed duration: 5.695 name: tofrodos result: true start_time: '14:13:23.102367' pkg_|-transmission_|-transmission_|-installed: __id__: transmission __run_num__: 228 __sls__: sift.packages.transmission changes: {} comment: Package transmission is already installed duration: 5.145 name: transmission result: true start_time: '14:13:23.108224' pkg_|-unity-control-center_|-unity-control-center_|-installed: __id__: unity-control-center __run_num__: 229 __sls__: sift.packages.unity-control-center changes: {} comment: Package unity-control-center is already installed duration: 5.148 name: unity-control-center result: true start_time: '14:13:23.113541' pkg_|-unity-webapps-common_|-unity-webapps-common_|-removed: __id__: unity-webapps-common __run_num__: 14 __sls__: sift.packages.absent.unity-webapps-common changes: {} comment: All specified packages are already absent duration: 11.368 name: unity-webapps-common result: true start_time: '14:12:32.570179' pkg_|-upx-ucl_|-upx-ucl_|-installed: __id__: upx-ucl __run_num__: 231 __sls__: sift.packages.upx-ucl changes: {} comment: Package upx-ucl is already installed duration: 5.127 name: upx-ucl result: true start_time: '14:13:23.125809' pkg_|-vbindiff_|-vbindiff_|-installed: __id__: vbindiff __run_num__: 232 __sls__: sift.packages.vbindiff changes: {} comment: Package vbindiff is already installed duration: 5.904 name: vbindiff result: true start_time: '14:13:23.131146' pkg_|-vim_|-vim_|-installed: __id__: vim __run_num__: 233 __sls__: sift.packages.vim changes: {} comment: Package vim is already installed duration: 6.189 name: vim result: true start_time: '14:13:23.137247' pkg_|-virtuoso-minimal_|-virtuoso-minimal_|-installed: __id__: virtuoso-minimal __run_num__: 234 __sls__: sift.packages.virtuoso-minimal changes: {} comment: Package virtuoso-minimal is already installed duration: 5.808 name: virtuoso-minimal result: true start_time: '14:13:23.143608' pkg_|-vmfs-tools_|-vmfs-tools_|-installed: __id__: vmfs-tools __run_num__: 235 __sls__: sift.packages.vmfs-tools changes: {} comment: Package vmfs-tools is already installed duration: 6.147 name: vmfs-tools result: true start_time: '14:13:23.149580' pkg_|-winbind_|-winbind_|-installed: __id__: winbind __run_num__: 236 __sls__: sift.packages.winbind changes: {} comment: Package winbind is already installed duration: 5.046 name: winbind result: true start_time: '14:13:23.155920' pkg_|-wireshark_|-wireshark_|-installed: __id__: wireshark __run_num__: 240 __sls__: sift.packages.wireshark changes: {} comment: Package wireshark is already installed duration: 5.799 name: wireshark result: true start_time: '14:15:58.734912' pkg_|-xdot_|-xdot_|-installed: __id__: xdot __run_num__: 241 __sls__: sift.packages.xdot changes: {} comment: Package xdot is already installed duration: 5.441 name: xdot result: true start_time: '14:15:58.740849' pkg_|-xfsprogs_|-xfsprogs_|-installed: __id__: xfsprogs __run_num__: 242 __sls__: sift.packages.xfsprogs changes: {} comment: Package xfsprogs is already installed duration: 5.915 name: xfsprogs result: true start_time: '14:15:58.746449' pkg_|-xmount_|-xmount_|-installed: __id__: xmount __run_num__: 243 __sls__: sift.packages.xmount changes: {} comment: Package xmount is already installed duration: 5.399 name: xmount result: true start_time: '14:15:58.752558' pkg_|-xpdf_|-xpdf_|-installed: __id__: xpdf __run_num__: 244 __sls__: sift.packages.xpdf changes: {} comment: Package xpdf is already installed duration: 5.623 name: xpdf result: true start_time: '14:15:58.758158' pkg_|-zenity_|-zenity_|-installed: __id__: zenity __run_num__: 245 __sls__: sift.packages.zenity changes: {} comment: Package zenity is already installed duration: 6.254 name: zenity result: true start_time: '14:15:58.763985' pkgrepo_|-openjdk-repo_|-openjdk-repo_|-managed: __id__: openjdk-repo __run_num__: 7 __sls__: sift.repos.openjdk changes: {} comment: Configured package repo 'openjdk-repo' duration: 2041.306 name: openjdk-repo result: true start_time: '14:12:30.378237' pkgrepo_|-sift-dev_|-sift-dev_|-absent: __id__: sift-dev __run_num__: 5 __sls__: sift.repos.sift changes: {} comment: Package repo ppa:sift/dev is absent duration: 355.268 name: sift-dev result: true start_time: '14:12:28.349921' pkgrepo_|-sift-docker-repo_|-deb https://apt.dockerproject.org/repo ubuntu-xenial main_|-managed: __id__: sift-docker-repo __run_num__: 2 __sls__: sift.repos.docker changes: {} comment: Package repo 'deb https://apt.dockerproject.org/repo ubuntu-xenial main' already configured duration: 67.815 name: deb https://apt.dockerproject.org/repo ubuntu-xenial main result: true start_time: '14:12:26.282804' pkgrepo_|-sift-gift-dev_|-sift-gift-dev_|-absent: __id__: sift-gift-dev __run_num__: 3 __sls__: sift.repos.gift changes: {} comment: Package repo ppa:gift/dev is absent duration: 498.536 name: sift-gift-dev result: true start_time: '14:12:26.350812' pkgrepo_|-sift-gift-repo_|-gift_|-managed: __id__: sift-gift-repo __run_num__: 4 __sls__: sift.repos.gift changes: {} comment: Configured package repo 'gift' duration: 1496.575 name: gift result: true start_time: '14:12:26.853145' pkgrepo_|-sift-multiverse-repo-security_|-deb http://archive.ubuntu.com/ubuntu/ xenial-security multiverse_|-managed: __id__: sift-multiverse-repo-security __run_num__: 9 __sls__: sift.repos.ubuntu-multiverse changes: {} comment: Package repo 'deb http://archive.ubuntu.com/ubuntu/ xenial-security multiverse' already configured duration: 38.458 name: deb http://archive.ubuntu.com/ubuntu/ xenial-security multiverse result: true start_time: '14:12:32.461461' pkgrepo_|-sift-multiverse-repo_|-deb http://archive.ubuntu.com/ubuntu/ xenial multiverse_|-managed: __id__: sift-multiverse-repo __run_num__: 8 __sls__: sift.repos.ubuntu-multiverse changes: {} comment: Package repo 'deb http://archive.ubuntu.com/ubuntu/ xenial multiverse' already configured duration: 41.544 name: deb http://archive.ubuntu.com/ubuntu/ xenial multiverse result: true start_time: '14:12:32.419722' pkgrepo_|-sift-repo_|-sift-repo_|-managed: __id__: sift-repo __run_num__: 6 __sls__: sift.repos.sift changes: {} comment: Configured package repo 'sift-repo' duration: 1666.392 name: sift-repo result: true start_time: '14:12:28.709130' pkgrepo_|-sift-universe-repo_|-deb http://archive.ubuntu.com/ubuntu/ xenial universe_|-managed: __id__: sift-universe-repo __run_num__: 10 __sls__: sift.repos.ubuntu-universe changes: {} comment: Package repo 'deb http://archive.ubuntu.com/ubuntu/ xenial universe' already configured duration: 38.824 name: deb http://archive.ubuntu.com/ubuntu/ xenial universe result: true start_time: '14:12:32.500094' service_|-salt-minion_|-salt-minion_|-dead: __id__: salt-minion __run_num__: 492 __sls__: sift.config.salt-minion changes: {} comment: The service salt-minion is already dead duration: 331.293 name: salt-minion result: true start_time: '14:17:43.225764' service_|-samba-service-nmbd_|-nmbd_|-running: __id__: samba-service-nmbd __run_num__: 497 __sls__: sift.config.samba changes: nmbd: true comment: Service restarted duration: 1458.616 name: nmbd result: true start_time: '14:17:45.608345' service_|-samba-service-smbd_|-smbd_|-running: __id__: samba-service-smbd __run_num__: 495 __sls__: sift.config.samba changes: smbd: true comment: Service restarted duration: 1443.701 name: smbd result: true start_time: '14:17:43.862586' test_|-sift-config-user_|-sift-config-user_|-nop: __id__: sift-config-user __run_num__: 445 __sls__: sift.config.user changes: {} comment: Success! duration: 0.633 name: sift-config-user result: true start_time: '14:17:42.895121' test_|-sift-config_|-sift-config_|-nop: __id__: sift-config __run_num__: 498 __sls__: sift.config changes: {} comment: Success! duration: 1.738 name: sift-config result: true start_time: '14:17:47.093765' test_|-sift-packages_|-sift-packages_|-nop: __run_num__: 246 __sls__: sift.packages changes: {} comment: 'One or more requisite failed: sift.packages.python-volatility.python-volatility-community-plugins' result: false test_|-sift-python-packages_|-sift-python-packages_|-nop: __id__: sift-python-packages __run_num__: 269 __sls__: sift.python-packages changes: {} comment: Success! duration: 0.848 name: sift-python-packages result: true start_time: '14:16:49.483143' test_|-sift-repos_|-sift-repos_|-nop: __id__: sift-repos __run_num__: 12 __sls__: sift.repos changes: {} comment: Success! duration: 0.647 name: sift-repos result: true start_time: '14:12:32.557558' test_|-sift-scripts_|-sift-scripts_|-nop: __id__: sift-scripts __run_num__: 424 __sls__: sift.scripts changes: {} comment: Success! duration: 0.601 name: sift-scripts result: true start_time: '14:17:42.327551' test_|-sift-tools_|-sift-tools_|-nop: __id__: sift-tools __run_num__: 274 __sls__: sift.tools changes: {} comment: Success! duration: 0.53 name: sift-tools result: true start_time: '14:17:18.936709' test_|-ubuntutweak_|-ubuntutweak_|-nop: __id__: ubuntutweak __run_num__: 11 __sls__: sift.repos.ubuntu-tweak changes: {} comment: Success! duration: 0.42 name: ubuntutweak result: true start_time: '14:12:32.546961' timezone_|-Etc/UTC_|-Etc/UTC_|-system: __id__: Etc/UTC __run_num__: 446 __sls__: sift.config.timezone changes: {} comment: Timezone Etc/UTC already set, UTC already set to Etc/UTC duration: 219.28 name: Etc/UTC result: true start_time: '14:17:42.895921' user_|-sift-user-sansforensics_|-sansforensics_|-present: __id__: sift-user-sansforensics __run_num__: 428 __sls__: sift.config.user.user changes: {} comment: User sansforensics is present and up to date duration: 1.449 name: sansforensics result: true start_time: '14:17:42.428752' virtualenv_|-rekall-virtualenv_|-/opt/rekall_|-managed: __id__: rekall-virtualenv __run_num__: 259 __sls__: sift.python-packages.rekall changes: {} comment: virtualenv exists duration: 3194.201 name: /opt/rekall result: true start_time: '14:16:29.189508'